HEX
Server: nginx
System: Linux pool195-106-36.bur.atomicsites.net 6.12.57+deb12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.57-1~bpo12+1 (2025-11-17) x86_64
User: (0)
PHP: 8.3.32
Disabled: pcntl_fork
Upload Files
File: /wordpress/plugins/wp-cloud-client/1.1.3/src/Multisite/SuperAdminManager.php
<?php

declare(strict_types=1);

namespace VPlugins\WPCloudClient\Multisite;

use WP_User;

/**
 * SSO-driven super admin grant/revoke for multisite.
 *
 * On every WordPress login the `wpcc_is_super_admin` user meta flag is read
 * and used to decide whether to grant or revoke WordPress super admin status.
 *
 * The flag is written by the portal via the one_click_login action before it
 * hands back the login URL. This ensures the super admin state is always
 * consistent with the platform's role assignment.
 *
 * Revocation only occurs when the meta key was explicitly set by the platform.
 * Users promoted to super admin manually (no meta key) are never touched,
 * preventing accidental privilege loss on installations not yet using SSO.
 */
final class SuperAdminManager {

	/**
	 * User meta key that stores the platform's super admin decision.
	 */
	public const META_KEY = 'wpcc_is_super_admin';

	/**
	 * Register WordPress hooks.
	 *
	 * @return void
	 */
	public function register(): void {
		add_action( 'wp_login', [ $this, 'onLogin' ], 10, 2 );
	}

	/**
	 * Sync WordPress super admin status from the platform flag on login.
	 *
	 * Hooked to: wp_login
	 *
	 * @param string  $userLogin The user's login name (unused).
	 * @param WP_User $user      The authenticated user object.
	 * @return void
	 */
	public function onLogin( string $userLogin, WP_User $user ): void { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.Found
		if ( ! is_multisite() ) {
			return;
		}

		$userId  = (int) $user->ID;
		$metaRaw = get_user_meta( $userId, self::META_KEY, true );

		/**
		 * Filter the super admin decision for an SSO login.
		 *
		 * Return true to grant super admin, false to revoke. The default value
		 * is derived from the `wpcc_is_super_admin` user meta flag written by
		 * the portal's one_click_login action.
		 *
		 * @param bool    $isSuperAdmin Whether the platform wants this user to be super admin.
		 * @param WP_User $user         The user being logged in.
		 */
		$isSuperAdmin = (bool) apply_filters( 'wpcc_user_is_super_admin', ! empty( $metaRaw ), $user );

		if ( $isSuperAdmin && ! is_super_admin( $userId ) ) {
			grant_super_admin( $userId );
			return;
		}

		// Only revoke if the platform has explicitly set the flag to false.
		// Absence of the meta key means the platform has no opinion — leave the
		// user's super admin status untouched.
		$flagExists = metadata_exists( 'user', $userId, self::META_KEY );

		if ( ! $isSuperAdmin && $flagExists && is_super_admin( $userId ) ) {
			revoke_super_admin( $userId );
		}
	}

	/**
	 * Persist the platform's super admin decision as user meta.
	 *
	 * Intended to be called from the one_click_login flow before the login
	 * URL is handed back to the portal.
	 *
	 * @param int  $userId       The WordPress user ID.
	 * @param bool $isSuperAdmin Whether the user should be super admin.
	 * @return void
	 */
	public static function setFlag( int $userId, bool $isSuperAdmin ): void {
		update_user_meta( $userId, self::META_KEY, $isSuperAdmin ? '1' : '0' );
	}
}