snicco/wp-capability-middleware

Provides a middleware for snicco/http-routing that uses the WP capability system.

v2.0.0-beta.9 2024-09-07 14:27 UTC

README

codecov Psalm Type-Coverage Psalm level PhpMetrics - Static Analysis PHP-Versions

This middleware checks if the currently logged-in WordPress user has a specified capability and will throw a 403 HTTPExcetion if that's not the case.

Installation

composer require snicco/wp-capability-middleware

Usage

This middleware should be added on a per-route basis.

If the currently authenticated WordPress user does not have the specified capability this middleware will throw an exception. Otherwise, the next middleware will be called.

use Snicco\Middleware\WPCap\AuthorizeWPCap;

$configurator->get('route1', '/route1', SomeController::class)
             ->middleware(AuthorizeWPCap::class.':manage_options');

// Optionally, a resource ID can be specified.
$configurator->get('route1', '/route1', SomeController::class)
             ->middleware(AuthorizeWPCap::class.':edit_post,1');

Contributing

This repository is a read-only split of the development repo of the Snicco project.

This is how you can contribute.

Reporting issues and sending pull requests

Please report issues in the Snicco monorepo.

Security

If you discover a security vulnerability, please follow our disclosure procedure.