Your problems are
- you’re testing
if($user->ID){, i.e. does the b2b_account user object we’ve found have an ID. Which it always will. You probably meant to compare it to$ID. - you need to
return truein the success case, i.e. after your for loop if you didn’t find the user.
However
- you’re ignoring the
$allowparameter. You could end withreturn $allowinstead, but it would make more sense to not even do the restricted group check if a previous filter left$allow = falseor returned a WP_Error - it would make more sense to me to fetch the current groups for the user and see if b2b_account is included, rather than fetch all b2b_account users and check against that list of IDs.
So I’d suggest
add_filter( 'allow_password_reset', 'filter_function_name_2698', 10, 2 );
function filter_function_name_2698( $allow, $ID ) {
if ( ( ! $allow ) || is_wp_error( $allow ) ) {
// Rejected by a previous filter
return $allow;
}
// Read the user's roles
$user_data = get_userdata( $ID );
if ( $user_data ) {
$user_roles = $user_data->roles;
if ( $user_roles && in_array( 'b2b_account', $user_roles, true ) ) {
// b2b_accounts may not reset passwords
return false;
}
}
// else user doesn't exist
return true;
}
(using the role check code from here, plus an extra probably-not-necessary null check)