From e0876da97c5adf96f312bd1c40dd6ef669a082b2 Mon Sep 17 00:00:00 2001 From: Sangu Manideep Reddy Date: Thu, 9 Apr 2026 15:23:51 +0530 Subject: [PATCH] Registered a new Ability of Get User info --- src/wp-includes/abilities.php | 216 ++++++++++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) diff --git a/src/wp-includes/abilities.php b/src/wp-includes/abilities.php index 4c6db1ed830e0..c4372c2007329 100644 --- a/src/wp-includes/abilities.php +++ b/src/wp-includes/abilities.php @@ -196,6 +196,222 @@ function wp_register_core_abilities(): void { ) ); + wp_register_ability( + 'core/get-user', + array( + 'label' => __( 'Get User' ), + 'description' => __( 'Returns profile data for a specific user looked up by ID, username, or email. Users can view their own record; viewing others requires the list_users capability.' ), + 'category' => $category_user, + 'input_schema' => array( + 'type' => 'object', + 'oneOf' => array( + array( + 'required' => array( 'id' ), + 'properties' => array( + 'id' => array( + 'type' => 'integer', + 'description' => __( 'The user ID.' ), + 'minimum' => 1, + ), + ), + ), + array( + 'required' => array( 'username' ), + 'properties' => array( + 'username' => array( + 'type' => 'string', + 'description' => __( 'The user login name.' ), + ), + ), + ), + array( + 'required' => array( 'email' ), + 'properties' => array( + 'email' => array( + 'type' => 'string', + 'description' => __( 'The user email address.' ), + ), + ), + ), + ), + 'properties' => array( + 'id' => array( + 'type' => 'integer', + 'description' => __( 'The user ID.' ), + 'minimum' => 1, + ), + 'username' => array( + 'type' => 'string', + 'description' => __( 'The user login name.' ), + ), + 'email' => array( + 'type' => 'string', + 'description' => __( 'The user email address.' ), + ), + 'include_capabilities' => array( + 'type' => 'boolean', + 'description' => __( 'Whether to include the user\'s capabilities in the response.' ), + 'default' => false, + ), + ), + 'additionalProperties' => false, + ), + 'output_schema' => array( + 'type' => 'object', + 'required' => array( 'id', 'username', 'email', 'display_name', 'first_name', 'last_name', 'nickname', 'description', 'url', 'link', 'slug', 'registered_date', 'roles', 'locale', 'avatar_urls' ), + 'properties' => array( + 'id' => array( + 'type' => 'integer', + 'description' => __( 'The user ID.' ), + ), + 'username' => array( + 'type' => 'string', + 'description' => __( 'The login username for the user.' ), + ), + 'email' => array( + 'type' => 'string', + 'description' => __( 'The email address for the user.' ), + ), + 'display_name' => array( + 'type' => 'string', + 'description' => __( 'The display name for the user.' ), + ), + 'first_name' => array( + 'type' => 'string', + 'description' => __( 'The first name for the user.' ), + ), + 'last_name' => array( + 'type' => 'string', + 'description' => __( 'The last name for the user.' ), + ), + 'nickname' => array( + 'type' => 'string', + 'description' => __( 'The nickname for the user.' ), + ), + 'description' => array( + 'type' => 'string', + 'description' => __( 'The biographical description for the user.' ), + ), + 'url' => array( + 'type' => 'string', + 'description' => __( 'The URL of the user\'s website.' ), + ), + 'link' => array( + 'type' => 'string', + 'description' => __( 'The URL to the user\'s author archive page.' ), + ), + 'slug' => array( + 'type' => 'string', + 'description' => __( 'The URL-friendly slug for the user.' ), + ), + 'registered_date' => array( + 'type' => 'string', + 'description' => __( 'The date the user was registered, as a UTC ISO 8601 date string.' ), + ), + 'roles' => array( + 'type' => 'array', + 'description' => __( 'The roles assigned to the user.' ), + 'items' => array( + 'type' => 'string', + ), + ), + 'locale' => array( + 'type' => 'string', + 'description' => __( 'The locale for the user.' ), + ), + 'avatar_urls' => array( + 'type' => 'object', + 'description' => __( 'Avatar URLs for the user, keyed by size in pixels.' ), + 'additionalProperties' => array( + 'type' => 'string', + ), + ), + 'capabilities' => array( + 'type' => 'object', + 'description' => __( 'All capabilities assigned to the user. Only present when include_capabilities is true.' ), + 'additionalProperties' => array( + 'type' => 'boolean', + ), + ), + ), + 'additionalProperties' => false, + ), + 'execute_callback' => static function ( $input = array() ) { + $input = is_array( $input ) ? $input : array(); + $user = null; + + if ( isset( $input['id'] ) ) { + $user = get_user_by( 'id', $input['id'] ); + } elseif ( isset( $input['username'] ) ) { + $user = get_user_by( 'login', $input['username'] ); + } elseif ( isset( $input['email'] ) ) { + $user = get_user_by( 'email', $input['email'] ); + } + + if ( ! $user instanceof WP_User ) { + return new WP_Error( 'user_not_found', __( 'No user was found matching the provided identifier.' ), array( 'status' => 404 ) ); + } + + $data = array( + 'id' => $user->ID, + 'username' => $user->user_login, + 'email' => $user->user_email, + 'display_name' => $user->display_name, + 'first_name' => $user->first_name, + 'last_name' => $user->last_name, + 'nickname' => $user->nickname, + 'description' => $user->description, + 'url' => $user->user_url, + 'link' => get_author_posts_url( $user->ID, $user->user_nicename ), + 'slug' => $user->user_nicename, + 'registered_date' => gmdate( 'Y-m-d\TH:i:s\Z', strtotime( $user->user_registered ) ), + 'roles' => array_values( $user->roles ), + 'locale' => get_user_locale( $user ), + 'avatar_urls' => rest_get_avatar_urls( $user ), + ); + + if ( ! empty( $input['include_capabilities'] ) ) { + $data['capabilities'] = $user->allcaps; + } + + return $data; + }, + 'permission_callback' => static function ( $input = array() ): bool { + if ( ! is_user_logged_in() ) { + return false; + } + + $input = is_array( $input ) ? $input : array(); + + // Determine the target user from the input identifiers. + $requested_user = null; + if ( isset( $input['id'] ) ) { + $requested_user = get_user_by( 'id', $input['id'] ); + } elseif ( isset( $input['username'] ) ) { + $requested_user = get_user_by( 'login', $input['username'] ); + } elseif ( isset( $input['email'] ) ) { + $requested_user = get_user_by( 'email', $input['email'] ); + } + + // Users may always view their own record. + if ( $requested_user instanceof WP_User && get_current_user_id() === $requested_user->ID ) { + return true; + } + + // Viewing any other user requires list_users. + return current_user_can( 'list_users' ); + }, + 'meta' => array( + 'annotations' => array( + 'readonly' => true, + 'destructive' => false, + 'idempotent' => true, + ), + 'show_in_rest' => true, + ), + ) + ); + wp_register_ability( 'core/get-environment-info', array(