You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 21, 2025. It is now read-only.
/** * Determines if the feature is eligible to run. * * @since 0.1.0 * @return bool True if the feature is eligible, false otherwise. */publicfunctionis_eligible() {
if ( ! is_callable( $this->is_eligible ) ) {
returntrue;
}
returncall_user_func( $this->is_eligible );
}
The rest endpoints currently expose features even if permission_callbacks for that feature will fail.
This might be documented as the expected behavior, but it results in poor UX, where a client will receive information about a feature, that will always fail.
I can see checking the permission_callback being an issue for rest_alias routes, since the rest controllers might be relying on the WP_Request_Object being passed into that callback. And of course, the request to /wp/v2/features is not the same request as when the feature is run.
Both of these feel wrong. Maybe each feature should have a mandatory permission callback, even if it just superficially validates for rest_alias routes?
The rest endpoints currently expose features even if permission_callbacks for that feature will fail.
This might be documented as the expected behavior, but it results in poor UX, where a client will receive information about a feature, that will always fail.
I can see checking the permission_callback being an issue for
rest_aliasroutes, since the rest controllers might be relying on theWP_Request_Objectbeing passed into that callback. And of course, the request to/wp/v2/featuresis not the same request as when the feature is run.Both of these feel wrong. Maybe each feature should have a mandatory permission callback, even if it just superficially validates for
rest_aliasroutes?