This middleware checks if the currently logged-in WordPress user has a specified capability and will throw a 403 HTTPExcetion if that's not the case.

composer require snicco/wp-capability-middleware

This middleware should be added on a per-route basis.

If the currently authenticated WordPress user does not have the specified capability this middleware will throw an exception. Otherwise, the next middleware will be called.

use Snicco\Middleware\WPCap\AuthorizeWPCap;

$configurator->get('route1', '/route1', SomeController::class)
             ->middleware(AuthorizeWPCap::class.':manage_options');

// Optionally, a resource ID can be specified.
$configurator->get('route1', '/route1', SomeController::class)
             ->middleware(AuthorizeWPCap::class.':edit_post,1');

This repository is a read-only split of the development repo of the Snicco project.

This is how you can contribute.

Please report issues in the Snicco monorepo.

If you discover a security vulnerability, please follow our disclosure procedure.