snicco / wp-capability-middleware

Provides a middleware for snicco/http-routing that uses the WP capability system.

Maintainers

Details

github.com/snicco/wp-capability-middleware

v2.0.0-beta.9 2024-09-07 14:27 UTC

Requires

Requires (Dev)

phpunit/phpunit: ^9.5.13
snicco/http-routing-testing: ^2.0

Suggests

None

Provides

None

Conflicts

snicco/better-wp-cache: <2.0.0-beta.9
snicco/better-wp-cache-bundle: <2.0.0-beta.9
snicco/better-wp-cli: <2.0.0-beta.9
snicco/better-wp-cli-testing: <2.0.0-beta.9
snicco/better-wp-hooks: <2.0.0-beta.9
snicco/better-wp-hooks-bundle: <2.0.0-beta.9
snicco/better-wp-mail: <2.0.0-beta.9
snicco/better-wp-mail-bundle: <2.0.0-beta.9
snicco/better-wp-mail-testing: <2.0.0-beta.9
snicco/better-wpdb: <2.0.0-beta.9
snicco/better-wpdb-bundle: <2.0.0-beta.9
snicco/blade-bridge: <2.0.0-beta.9
snicco/blade-bundle: <2.0.0-beta.9
snicco/content-negotiation-middleware: <2.0.0-beta.9
snicco/debug-bundle: <2.0.0-beta.9
snicco/default-headers-middleware: <2.0.0-beta.9
snicco/eloquent: <2.0.0-beta.9
snicco/encryption-bundle: <2.0.0-beta.9
snicco/event-dispatcher: <2.0.0-beta.9
snicco/event-dispatcher-testing: <2.0.0-beta.9
snicco/guests-only-middleware: <1.0.0
snicco/http-routing-bundle: <2.0.0-beta.9
snicco/http-routing-testing: <2.0.0-beta.9
snicco/https-only-middleware: <2.0.0-beta.9
snicco/illuminate-container-bridge: <2.0.0-beta.9
snicco/kernel: <2.0.0-beta.9
snicco/kernel-testing: <2.0.0-beta.9
snicco/method-override-middleware: <2.0.0-beta.9
snicco/minimal-logger: <2.0.0-beta.9
snicco/must-match-route-middleware: <2.0.0-beta.9
snicco/no-robots-middleware: <2.0.0-beta.9
snicco/open-redirect-protection-middleware: <2.0.0-beta.9
snicco/payload-middleware: <2.0.0-beta.9
snicco/pimple-bridge: <2.0.0-beta.9
snicco/psr7-error-handler: <1.0.0
snicco/redirect-middleware: <2.0.0-beta.9
snicco/session: <2.0.0-beta.9
snicco/session-bundle: <2.0.0-beta.9
snicco/session-psr16-bridge: <2.0.0-beta.9
snicco/session-testing: <2.0.0-beta.9
snicco/session-wp-bridge: <2.0.0-beta.9
snicco/share-cookies-middleware: <2.0.0-beta.9
snicco/signed-url: <2.0.0-beta.9
snicco/signed-url-psr15-bridge: <2.0.0-beta.9
snicco/signed-url-psr16-bridge: <2.0.0-beta.9
snicco/signed-url-testing: <2.0.0-beta.9
snicco/signed-url-wp-bridge: <2.0.0-beta.9
snicco/str-arr: <2.0.0-beta.9
snicco/templating: <2.0.0-beta.9
snicco/templating-bundle: <2.0.0-beta.9
snicco/testable-clock: <2.0.0-beta.9
snicco/testing-bundle: <2.0.0-beta.9
snicco/trailing-slash-middleware: <2.0.0-beta.9
snicco/wp-auth-only-middleware: <2.0.0-beta.9
snicco/wp-guests-only-middleware: <2.0.0-beta.9
snicco/wp-nonce-middleware: <2.0.0-beta.9

Replaces

None

LGPL-3.0-only 0ddf683f7a9ba4a45ee96aff7a57e4bd2ba5cc09

Calvin Alkan <calvin.woop@snicco.de>

This package is auto-updated.

Last update: 2024-11-07 14:55:44 UTC

README

This middleware checks if the currently logged-in WordPress user has a specified capability and will throw a 403 HTTPExcetion if that's not the case.

Installation

composer require snicco/wp-capability-middleware

Usage

This middleware should be added on a per-route basis.

If the currently authenticated WordPress user does not have the specified capability this middleware will throw an exception. Otherwise, the next middleware will be called.

use Snicco\Middleware\WPCap\AuthorizeWPCap;

$configurator->get('route1', '/route1', SomeController::class)
             ->middleware(AuthorizeWPCap::class.':manage_options');

// Optionally, a resource ID can be specified.
$configurator->get('route1', '/route1', SomeController::class)
             ->middleware(AuthorizeWPCap::class.':edit_post,1');

Contributing

This repository is a read-only split of the development repo of the Snicco project.

This is how you can contribute.

Reporting issues and sending pull requests

Please report issues in the Snicco monorepo.

Security

If you discover a security vulnerability, please follow our disclosure procedure.