remove optinal fields and capabilities

Author: jorgefilipecosta

src/wp-includes/abilities/class-wp-users-abilities.php

@@ -80,24 +80,19 @@ private static function get_user_input_schema(): array {
 				array( 'required' => array( 'email' ) ),
 			),
 			'properties'           => array(
-				'id'                   => array(
+				'email'    => array(
+					'type'        => 'string',
+					'format'      => 'email',
+					'description' => __( 'User email address.' ),
+				),
+				'id'       => array(
 					'type'        => 'integer',
 					'description' => __( 'User ID.' ),
 				),
-				'username'             => array(
+				'username' => array(
 					'type'        => 'string',
 					'description' => __( 'User login name.' ),
 				),
-				'email'                => array(
-					'type'        => 'string',
-					'format'      => 'email',
-					'description' => __( 'User email address.' ),
-				),
-				'include_capabilities' => array(
-					'type'        => 'boolean',
-					'description' => __( 'Whether to include the user capabilities in the response.' ),
-					'default'     => false,
-				),
 			),
 			'additionalProperties' => false,
 		);
@@ -163,10 +158,6 @@ private static function get_user_output_schema(): array {
 			),
 			'properties'           => array(
 				'avatar_urls'     => $avatar_urls_schema,
-				'capabilities'    => array(
-					'type'        => 'object',
-					'description' => __( 'All capabilities assigned to the user. Only included if include_capabilities is true and the current user can view them.' ),
-				),
 				'description'     => array(
 					'type'        => 'string',
 					'description' => __( 'Description of the user.' ),
@@ -236,24 +227,6 @@ private static function get_user_output_schema(): array {
 		);
 	}
 
-	/**
-	 * Normalizes capabilities into an object with boolean values.
-	 *
-	 * @since 7.0.0
-	 *
-	 * @param mixed $capabilities Capabilities map.
-	 * @return object Normalized capabilities.
-	 */
-	private static function normalize_capabilities( $capabilities ): object {
-		$normalized = array();
-
-		foreach ( (array) $capabilities as $capability => $granted ) {
-			$normalized[ (string) $capability ] = rest_sanitize_boolean( $granted );
-		}
-
-		return (object) $normalized;
-	}
-
 	/**
 	 * Normalizes a list of values into an array of strings.
 	 *
@@ -337,8 +310,7 @@ public static function check_get_user_permission( array $input = array() ): bool
 	 * @return array<string, mixed>|WP_Error The user data or error.
 	 */
 	public static function execute_get_user( array $input = array() ) {
-		$input                = is_array( $input ) ? $input : array();
-		$include_capabilities = array_key_exists( 'include_capabilities', $input ) ? rest_sanitize_boolean( $input['include_capabilities'] ) : false;
+		$input = is_array( $input ) ? $input : array();
 
 		$user = self::find_user( $input );
 
@@ -377,10 +349,6 @@ public static function execute_get_user( array $input = array() ) {
 			$result['roles'] = self::normalize_string_list( $user->roles );
 		}
 
-		if ( $include_capabilities && $can_view_sensitive_user_fields ) {
-			$result['capabilities'] = self::normalize_capabilities( $user->allcaps );
-		}
-
 		return $result;
 	}
 }

tests/phpunit/tests/abilities-api/wpRegisterCoreAbilities.php

@@ -154,45 +154,6 @@ public function test_core_get_current_user_info_returns_user_data(): void {
 		$this->assertSame( get_userdata( $user_id )->display_name, $result['display_name'] );
 	}
 
-	/**
-	 * Tests boolean-like include_capabilities values for the get-user ability.
-	 * @ticket 64146
-	 */
-	public function test_core_get_user_include_capabilities_accepts_boolean_like_values(): void {
-		$user_id = self::factory()->user->create( array( 'role' => 'subscriber' ) );
-
-		wp_set_current_user( $user_id );
-
-		$ability = wp_get_ability( 'core/get-user' );
-
-		$result = $ability->execute(
-			array(
-				'id'                   => $user_id,
-				'include_capabilities' => '1',
-			)
-		);
-		$this->assertIsArray( $result );
-		$this->assertArrayHasKey( 'capabilities', $result );
-
-		$result = $ability->execute(
-			array(
-				'id'                   => $user_id,
-				'include_capabilities' => 1,
-			)
-		);
-		$this->assertIsArray( $result );
-		$this->assertArrayHasKey( 'capabilities', $result );
-
-		$result = $ability->execute(
-			array(
-				'id'                   => $user_id,
-				'include_capabilities' => '0',
-			)
-		);
-		$this->assertIsArray( $result );
-		$this->assertArrayNotHasKey( 'capabilities', $result );
-	}
-
 	/**
 	 * Tests get-user output is normalized to the declared schema types.
 	 * @ticket 64146
@@ -202,23 +163,11 @@ public function test_core_get_user_output_is_normalized_to_schema_types(): void
 
 		wp_set_current_user( $user_id );
 
-		$ability        = wp_get_ability( 'core/get-user' );
-		$capability_key = $GLOBALS['wpdb']->get_blog_prefix() . 'capabilities';
-		update_user_meta(
-			$user_id,
-			$capability_key,
-			array(
-				'subscriber'                 => true,
-				'custom_capability_flag'     => '1',
-				'custom_capability_disabled' => '0',
-			)
-		);
-		clean_user_cache( $user_id );
+		$ability = wp_get_ability( 'core/get-user' );
 
 		$result = $ability->execute(
 			array(
-				'id'                   => $user_id,
-				'include_capabilities' => 1,
+				'id' => $user_id,
 			)
 		);
 
@@ -247,14 +196,6 @@ public function test_core_get_user_output_is_normalized_to_schema_types(): void
 		foreach ( $result['avatar_urls'] as $avatar_url ) {
 			$this->assertIsString( $avatar_url );
 		}
-
-		$this->assertIsObject( $result['capabilities'] );
-		$this->assertObjectHasProperty( 'custom_capability_flag', $result['capabilities'] );
-		$this->assertObjectHasProperty( 'custom_capability_disabled', $result['capabilities'] );
-		$this->assertIsBool( $result['capabilities']->custom_capability_flag );
-		$this->assertIsBool( $result['capabilities']->custom_capability_disabled );
-		$this->assertTrue( $result['capabilities']->custom_capability_flag );
-		$this->assertFalse( $result['capabilities']->custom_capability_disabled );
 	}
 
 	/**