Permissions And Capabilities

Check player permissions, command sources, and host-provided capabilities.

In this section

Related section pages:

Player Permissions

ctx.Permissions() exposes runtime permission checks for online players and command sources. Player grants are stored on the player entity permissions property and synced through entity metadata.

player-permissions.go

permissions := ctx.Permissions()if err := permissions.GrantPlayer("p1", "arena.join", "arena.admin.*"); err != nil {	return err}if permissions.PlayerCan("p1", "arena.admin.kick") {	_ = ctx.Gameplay().Players().Resolve("p1")}if err := permissions.RevokePlayer("p1", "arena.admin.*"); err != nil {	return err}

The matcher supports *, exact names, and prefix wildcards such as arena.admin.*.

Command Sources

Commands can declare a permission and still perform explicit source checks in the executor when the command has a narrower runtime rule.

command-source.go

ctx.RegisterCommand(command.New("arena").	Permission("arena.join").	Executor(func(_ context.Context, cmd command.Context) (command.Result, error) {		if !ctx.Permissions().SourceCan(cmd.Source, "arena.join") {			return command.Result{}, fmt.Errorf("missing permission")		}		return command.Result{Messages: []string{"joined"}}, nil	}))

Capabilities

Host capabilities are optional guardrails for plugin hosts. Empty ManagerConfig.Capabilities keeps compatibility mode and allows every capability. If the host configures a capability list, HasCapability and RequireCapability enforce it.

capabilities.go

if err := ctx.RequireCapability("world.query"); err != nil {	return err}if ctx.HasCapability("forms") {	// Register form-heavy commands.}