reolver level field filtering

Author: jorgefilipecosta

src/wp-includes/abilities/class-wp-users-abilities.php

@@ -88,11 +88,11 @@ private static function get_user_input_schema(): array {
 					'type'        => 'string',
 					'description' => __( 'User login name.' ),
 				),
-					'email'                => array(
-						'type'        => 'string',
-						'format'      => 'email',
-						'description' => __( 'User email address.' ),
-					),
+				'email'                => array(
+					'type'        => 'string',
+					'format'      => 'email',
+					'description' => __( 'User email address.' ),
+				),
 				'include_capabilities' => array(
 					'type'        => 'boolean',
 					'description' => __( 'Whether to include the user capabilities in the response.' ),
@@ -103,6 +103,30 @@ private static function get_user_input_schema(): array {
 		);
 	}
 
+	/**
+	 * Determines whether sensitive fields can be returned for a user.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @param WP_User $user The target user.
+	 * @return bool Whether sensitive fields can be returned.
+	 */
+	private static function can_view_sensitive_user_fields( WP_User $user ): bool {
+		return get_current_user_id() === $user->ID || current_user_can( 'edit_user', $user->ID );
+	}
+
+	/**
+	 * Determines whether roles can be returned for a user.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @param WP_User $user The target user.
+	 * @return bool Whether roles can be returned.
+	 */
+	private static function can_view_user_roles( WP_User $user ): bool {
+		return current_user_can( 'list_users' ) || current_user_can( 'edit_user', $user->ID );
+	}
+
 	/**
 	 * Gets the output schema for the get-user ability.
 	 *
@@ -137,12 +161,12 @@ private static function get_user_output_schema(): array {
 				'id',
 				'username',
 			),
-			'properties'           => array(
-				'avatar_urls'     => $avatar_urls_schema,
-				'capabilities'    => array(
-					'type'        => 'object',
-					'description' => __( 'All capabilities assigned to the user. Only included if include_capabilities is true.' ),
-				),
+				'properties'           => array(
+					'avatar_urls'     => $avatar_urls_schema,
+					'capabilities'    => array(
+						'type'        => 'object',
+						'description' => __( 'All capabilities assigned to the user. Only included if include_capabilities is true and the current user can view them.' ),
+					),
 				'description'     => array(
 					'type'        => 'string',
 					'description' => __( 'Description of the user.' ),
@@ -187,13 +211,13 @@ private static function get_user_output_schema(): array {
 					'format'      => 'date-time',
 					'description' => __( 'Registration date for the user in ISO 8601 format.' ),
 				),
-				'roles'           => array(
-					'type'        => 'array',
-					'description' => __( 'Roles assigned to the user.' ),
-					'items'       => array(
-						'type' => 'string',
+					'roles'           => array(
+						'type'        => 'array',
+						'description' => __( 'Roles assigned to the user when the current user can view them.' ),
+						'items'       => array(
+							'type' => 'string',
+						),
 					),
-				),
 				'slug'            => array(
 					'type'        => 'string',
 					'description' => __( 'An alphanumeric identifier for the user.' ),
@@ -284,25 +308,33 @@ public static function execute_get_user( array $input = array() ) {
 			return new WP_Error( 'user_not_found', __( 'User not found.' ), array( 'status' => 404 ) );
 		}
 
+		$can_view_sensitive_user_fields = self::can_view_sensitive_user_fields( $user );
+
 		$result = array(
-			'id'              => $user->ID,
-			'username'        => $user->user_login,
-			'email'           => $user->user_email,
-			'display_name'    => $user->display_name,
-			'first_name'      => $user->first_name,
-			'last_name'       => $user->last_name,
-			'nickname'        => $user->nickname,
-			'description'     => $user->description,
-			'url'             => $user->user_url,
-			'link'            => get_author_posts_url( $user->ID, $user->user_nicename ),
-			'slug'            => $user->user_nicename,
-			'registered_date' => gmdate( 'c', strtotime( $user->user_registered ) ),
-			'roles'           => array_values( $user->roles ),
-			'locale'          => get_user_locale( $user ),
-			'avatar_urls'     => rest_get_avatar_urls( $user ),
+			'id'           => $user->ID,
+			'display_name' => $user->display_name,
+			'description'  => $user->description,
+			'url'          => $user->user_url,
+			'link'         => get_author_posts_url( $user->ID, $user->user_nicename ),
+			'slug'         => $user->user_nicename,
+			'avatar_urls'  => rest_get_avatar_urls( $user ),
 		);
 
-		if ( $include_capabilities ) {
+		if ( $can_view_sensitive_user_fields ) {
+			$result['username']        = $user->user_login;
+			$result['email']           = $user->user_email;
+			$result['first_name']      = $user->first_name;
+			$result['last_name']       = $user->last_name;
+			$result['nickname']        = $user->nickname;
+			$result['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) );
+			$result['locale']          = get_user_locale( $user );
+		}
+
+		if ( self::can_view_user_roles( $user ) ) {
+			$result['roles'] = array_values( $user->roles );
+		}
+
+		if ( $include_capabilities && $can_view_sensitive_user_fields ) {
 			$result['capabilities'] = (object) $user->allcaps;
 		}