Automattic\WooCommerce\Api\Infrastructure

ResolverHelpers::build_authorization_errorpublic staticWC 1.0

Build the GraphQL error to throw when an authorization check fails.

Distinguishes the two HTTP-correct shapes:

  • UNAUTHORIZED (401) when the principal is anonymous — the caller
    could plausibly fix it by authenticating, so the response invites
    re-auth.
    • FORBIDDEN (403) otherwise — the principal is recognised but
      isn't allowed; re-authenticating wouldn't help.

The "anonymous" check is opt-in by convention: the principal's is_authenticated(): bool method, when present, decides. Principals that don't define it fall through to FORBIDDEN — generated resolvers still emit a coded error, just without the 401/403 distinction.

Used for class-level denials (operation-level "you cannot call this query/mutation"). For field-level denials that should carry a structured subject payload (type / field / attribute), see {@see self::build_field_authorization_error()}.

Method of the class: ResolverHelpers{}

No Hooks.

Returns

null. Nothing (null).

Usage

$result = ResolverHelpers::build_authorization_error( $principal ): Error;
$principal(object) (required)
The resolved request principal.

ResolverHelpers::build_authorization_error() code WC 10.9.1

public static function build_authorization_error( object $principal ): Error {
	$is_anonymous = method_exists( $principal, 'is_authenticated' ) && ! $principal->is_authenticated();
	return new Error(
		$is_anonymous ? 'Authentication required.' : 'You do not have permission to perform this action.',
		extensions: array( 'code' => $is_anonymous ? 'UNAUTHORIZED' : 'FORBIDDEN' )
	);
}