restrict wordpress multisite subscribers access to content on sites they aren't assigned to

Question

We have a Wordpress mutlisite. We have value added resellers that have been approved as Wordpress users and are assigned - as subscribers - to specific sites where they can access marketing materials no one else can access. I have confirmed this in the Wordpress Network Admin (tab) -> Users (tab). We have two sites with separate marketing materials and each user is only assigned to one site.

To access the marketing materials the users go to a partner page and there is a button with a link that takes them to the marketing page. The link in the button is dynamically generated based on if the person is a logged in user or not. If they are a logged in user, then the link goes to the marketing page, if not, then the link goes to the register/sign-in page.

We recently discovered logged-in users could access the marketing materials on BOTH sites regardless of which site they are assigned to. Currently the only people who can't get to the marketing materials page are people who aren't logged in.

If I understand the code, all it does is check if there is a logged in user on the page - then give them a link, in the button, for the marketing page.

We use Advanced Custom Fields to grab information from different fields on the pages to help create the two links we need to chose between for the button. Here is the php to set the link that is inserted:

$portal_left_link  = get_field( 'portal_left_link' ); // the link for the marketing page

$register_global = get_field( 'register_login_link', 'option' ); // trying to find this value
$register_override = get_field( 'register_url_override' ); // trying to find this value

$register_login_link = ( ! empty( $register_override ) ) ? $register_override : $register_global; // not sure yet what this does
$register_login_link .= '?redirect_to=' . $portal_left_link; // concatenates a redirect for the (button) link to the portal page to be carried over to the register/sign-in page for when the user needs signs-in

$left_link = is_user_logged_in() ? $portal_left_link : $register_login_link; // i think this says if the user is logged in then give them the portal link, otherwise give them the register/sign-in link

And the button the code is pulled into:

<a href="<?php echo esc_url( $left_link ); ?>" class="btn">Login</a>

What I need is code that checks:

• if there is a logged in user;
• what site the user is assigned to;
• does the site the user is on match the site the user is assigned to;
• if all the these statements are a match, then insert a link to the marketing page.
• Otherwise, insert a link to the register/sign-in page.

Answer 1

You can check if a user is a member of a site with this method:

https://codex.wordpress.org/Function_Reference/is_user_member_of_blog

So your code could look something like this:

$portal_left_link = get_field( 'portal_left_link' ); // the link for the marketing page
if (is_user_logged_in() && is_user_member_of_blog()) // check if the user is logged in and a member of the blog
{
    $left_link = $portal_left_link;
    $left_link_text = "Go To Marketing Page";
}
else
{
    $register_global = get_field( 'register_login_link', 'option' ); // trying to find this value
    $register_override = get_field( 'register_url_override' ); // trying to find this value
    $register_login_link = ( ! empty( $register_override ) ) ? $register_override : $register_global; // not sure yet what this does
    $register_login_link .= '?redirect_to=' . $portal_left_link; // concatenates a redirect for the (button) link to the portal page to be carried over to the register/sign-in page for when the user needs signs-in
    $left_link = $register_login_link;
    $left_link_text = "Login";
}
// code for button
<a href="<?php echo esc_url( $left_link ); ?>" class="btn"><?php echo $left_link_text; ?></a>