When you define a service and its functions in services.php
, you could define capabilities in two separates places :
- In the service itself, in a requiredcapability
key
- In each functions, in a capabilities
key (which is a list of comma-sepearated capabilities)
But, by testing and reading the code, the second way (declaration by functions) have no effect. The capabilities are displayed in the frontend interface of the webservice, but there is no verification. You *have* to test the capabilities in your function's code.
The capability (a single one) declared at the service level is the only one actually checked.
First question : is my understanding correct ?
So, it means that you define a capability toward a group of functions (meaning, the service). But you could not define different capabilities at each function level (say, you could have a capability to see a data, and another one to delete this data, with two functions in the same service) .
Second question : is that correct.
Third question : is this plan to change ? Because I don't see the point having to code the capabilities at two different places.