RequiredCapability
in package
Declares a WordPress capability required to execute a query or mutation, or to read an output field, or to set an input field on a mutation.
This attribute is repeatable: apply it multiple times to require several capabilities (logical AND).
Mutually exclusive with #[PublicAccess] at the class level. At the field
level a #[PublicAccess] placement on the same property is a build
warning and is treated as a no-op.
Targets: class (query/mutation/output type) and property (output field, input field, or trait-declared property). Trait-declared properties carry the attribute onto every implementing class through PHP's reflection.
Table of Contents
- __construct() : mixed
- Constructor.
- authorize() : bool
- Decide whether the given principal holds the required capability.
Methods
__construct()
Constructor.
public
__construct(string $capability) : mixed
Parameters
- $capability : string
-
A WordPress capability slug (e.g. 'manage_woocommerce').
Return values
mixed —authorize()
Decide whether the given principal holds the required capability.
public
authorize(Principal $principal) : bool
Reads the WordPress user from the principal wrapper and delegates to
{@see}. Anonymous principals (the WP user has ID === 0)
never hold any capability, so the check returns false naturally.
Parameters
- $principal : Principal
-
The resolved request principal.
