WooCommerce Code Reference

Principal
in package

Default principal class for the WooCommerce dual code+GraphQL API.

Plugins that authenticate against something other than WordPress users must ship their own principal class at <plugin-api-namespace>\Infrastructure\... together with a matching PrincipalResolver. Plugins that build on WP-user auth can either use this class directly (no resolver needed; the controller falls back to new Principal( wp_get_current_user() )) or extend it to add their own fields.

Table of Contents

__construct()  : mixed
Constructor.
can_introspect()  : bool
Whether this principal may run GraphQL schema introspection on the endpoint.
can_use_debug_mode()  : bool
Whether this principal may activate GraphQL debug mode on the endpoint.
is_authenticated()  : bool
Whether the underlying WP user is authenticated.

Methods

__construct()

Constructor.

public __construct(WP_User $user) : mixed
Parameters
$user : WP_User

The WordPress user behind the request. For anonymous requests this is a WP_User with ID === 0, as returned by {@see}.

Return values
mixed

can_introspect()

Whether this principal may run GraphQL schema introspection on the endpoint.

public can_introspect() : bool

Implementing can_introspect() is opt-in for plugin principal classes, a principal that doesn't define it is denied by default. Plugins building authenticated endpoints should make an explicit decision per principal model rather than inheriting an introspection policy by accident.

Return values
bool

can_use_debug_mode()

Whether this principal may activate GraphQL debug mode on the endpoint.

public can_use_debug_mode() : bool

Implementing can_use_debug_mode() is opt-in for plugin principal classes, a principal that doesn't define it is denied by default. Plugins building authenticated endpoints should make an explicit decision per principal model rather than inheriting a debug mode policy by accident.

Note that this method's outcome is necessary but not sufficient for debug mode to be active: the controller also requires the request to carry _debug=1. The decision can be overridden by the woocommerce_graphql_can_use_debug_mode filter.

Return values
bool

is_authenticated()

Whether the underlying WP user is authenticated.

public is_authenticated() : bool

Convenience for $principal->user->ID > 0, the canonical anonymous marker in WordPress. Use this in authorize() / execute() bodies that need to distinguish anonymous from authenticated callers.

Return values
bool