Changeset 61032

Timestamp:

10/21/2025 01:50:11 PM (8 weeks ago)

Author:

gziolo

Message:

Abilities API: Introduce server-side registry and REST API endpoints

Feature proposal at ​https://make.wordpress.org/ai/2025/07/17/abilities-api/.
Project developed in ​https://github.com/WordPress/abilities-api.

Introduces a new Abilities API that allows WordPress plugins and themes to register and execute custom abilities with built-in permission checking, input/output validation via JSON Schema, and REST API integration.

## Public Functions

### Ability Management

• wp_register_ability( string $name, array $args ): ?WP_Ability - Registers a new ability (must be called on wp_abilities_api_init hook)
• wp_unregister_ability( string $name ): ?WP_Ability - Unregisters an ability
• wp_has_ability( string $name ): bool - Checks if an ability is registered
• wp_get_ability( string $name ): ?WP_Ability - Retrieves a registered ability
• wp_get_abilities(): array - Retrieves all registered abilities

### Ability Category Management

• wp_register_ability_category( string $slug, array $args ): ?WP_Ability_Category - Registers an ability category (must be called on wp_abilities_api_categories_init hook)
• wp_unregister_ability_category( string $slug ): ?WP_Ability_Category - Unregisters an ability category
• wp_has_ability_category( string $slug ): bool - Checks if an ability category is registered
• wp_get_ability_category( string $slug ): ?WP_Ability_Category - Retrieves a registered ability category
• wp_get_ability_categories(): array - Retrieves all registered ability categories

## Public Classes

• WP_Ability - Encapsulates ability properties and methods (execute, check_permission, validate_input, etc.)
• WP_Ability_Category - Encapsulates ability category properties
• WP_Abilities_Registry - Manages ability registration and lookup (private, accessed via functions)
• WP_Ability_Categories_Registry - Manages ability category registration (private, accessed via functions)
• WP_REST_Abilities_V1_List_Controller - REST controller for listing abilities
• WP_REST_Abilities_V1_Run_Controller - REST controller for executing abilities

## REST API Endpoints

### Namespace: wp-abilities/v1

#### List Abilities

• GET /wp-abilities/v1/abilities - Retrieve all registered abilities
  • Query parameters: page, per_page, category

#### Get Single Ability

• GET /wp-abilities/v1/abilities/(?P<name>[a-zA-Z0-9\-\/]+) - Retrieve a specific ability by name

#### Execute Ability

• GET|POST|DELETE /wp-abilities/v1/abilities/(?P<name>[a-zA-Z0-9\-\/]+)/run - Execute an ability
  • Supports multiple HTTP methods based on ability annotations
  • Validates input against ability's input schema
  • Validates output against ability's output schema
  • Performs permission checks via ability's permission callback

## Hooks

### Actions

• wp_abilities_api_categories_init - Fired when ability categories registry is initialized (register categories here)
• wp_abilities_api_init - Fired when abilities registry is initialized (register abilities here)
• wp_before_execute_ability - Fired before an ability gets executed, after input validation and permissions check

• wp_after_execute_ability - Fires immediately after an ability finished executing

### Filters

• wp_register_ability_category_args - Filters ability category arguments before registration
• wp_register_ability_args - Filters ability arguments before registration

Developed in ​https://github.com/WordPress/wordpress-develop/pull/9410.

Props gziolo, jorbin, justlevine, westonruter, jason_the_adams, flixos90, karmatosed, timothyblynjacobs.
Fixes #64098.

Location:

trunk

Files:

• src/wp-includes/abilities-api (added)
• src/wp-includes/abilities-api.php (added)
• src/wp-includes/abilities-api/class-wp-abilities-registry.php (added)
• src/wp-includes/abilities-api/class-wp-ability-categories-registry.php (added)
• src/wp-includes/abilities-api/class-wp-ability-category.php (added)
• src/wp-includes/abilities-api/class-wp-ability.php (added)
• src/wp-includes/rest-api.php (modified) (1 diff)
• src/wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-list-controller.php (added)
• src/wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php (added)
• src/wp-settings.php (modified) (2 diffs)
• tests/phpunit/tests/abilities-api (added)
• tests/phpunit/tests/abilities-api/wpAbilitiesRegistry.php (added)
• tests/phpunit/tests/abilities-api/wpAbility.php (added)
• tests/phpunit/tests/abilities-api/wpAbilityCategoryRegistry.php (added)
• tests/phpunit/tests/abilities-api/wpRegisterAbility.php (added)
• tests/phpunit/tests/abilities-api/wpRegisterAbilityCategory.php (added)
• tests/phpunit/tests/rest-api/rest-schema-setup.php (modified) (2 diffs)
• tests/phpunit/tests/rest-api/wpRestAbilitiesV1ListController.php (added)
• tests/phpunit/tests/rest-api/wpRestAbilitiesV1RunController.php (added)
• tests/qunit/fixtures/wp-api-generated.js (modified) (2 diffs)

trunk/src/wp-includes/rest-api.php

@@ -484 +484 @@
     $font_collections_controller = new WP_REST_Font_Collections_Controller();
     $font_collections_controller->register_routes();
+
+    // Abilities.
+    $abilities_run_controller  = new WP_REST_Abilities_V1_Run_Controller();
+    $abilities_run_controller->register_routes();
+    $abilities_list_controller = new WP_REST_Abilities_V1_List_Controller();
+    $abilities_list_controller->register_routes();
 }
 

trunk/src/wp-settings.php

@@ -286 +286 @@
 require ABSPATH . WPINC . '/admin-bar.php';
 require ABSPATH . WPINC . '/class-wp-application-passwords.php';
+require ABSPATH . WPINC . '/abilities-api/class-wp-ability-category.php';
+require ABSPATH . WPINC . '/abilities-api/class-wp-ability-categories-registry.php';
+require ABSPATH . WPINC . '/abilities-api/class-wp-ability.php';
+require ABSPATH . WPINC . '/abilities-api/class-wp-abilities-registry.php';
+require ABSPATH . WPINC . '/abilities-api.php';
 require ABSPATH . WPINC . '/rest-api.php';
 require ABSPATH . WPINC . '/rest-api/class-wp-rest-server.php';
@@ -332 +337 @@
 require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-font-faces-controller.php';
 require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-font-collections-controller.php';
+require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-abilities-v1-list-controller.php';
+require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php';
 require ABSPATH . WPINC . '/rest-api/fields/class-wp-rest-meta-fields.php';
 require ABSPATH . WPINC . '/rest-api/fields/class-wp-rest-comment-meta-fields.php';

trunk/tests/phpunit/tests/rest-api/rest-schema-setup.php

@@ -204 +204 @@
             '/wp/v2/font-families/(?P<font_family_id>[\d]+)/font-faces/(?P<id>[\d]+)',
             '/wp/v2/font-families/(?P<id>[\d]+)',
+            '/wp-abilities/v1',
+            '/wp-abilities/v1/abilities/(?P<name>[a-zA-Z0-9\-\/]+?)/run',
+            '/wp-abilities/v1/abilities/(?P<name>[a-zA-Z0-9\-\/]+)',
+            '/wp-abilities/v1/abilities',
         );
 
@@ -214 +218 @@
             preg_match( '#^/oembed/1\.0(/.+)?$#', $route ) ||
             preg_match( '#^/wp/v2(/.+)?$#', $route ) ||
-            preg_match( '#^/wp-site-health/v1(/.+)?$#', $route )
+            preg_match( '#^/wp-site-health/v1(/.+)?$#', $route ) ||
+            preg_match( '#^/wp-abilities/v1(/.+)?$#', $route )
         );
     }

trunk/tests/qunit/fixtures/wp-api-generated.js

@@ -20 +20 @@
         "wp/v2",
         "wp-site-health/v1",
-        "wp-block-editor/v1"
+        "wp-block-editor/v1",
+        "wp-abilities/v1"
     ],
     "authentication": {
@@ -13482 +13483 @@
                 }
             ]
+        },
+        "/wp-abilities/v1": {
+            "namespace": "wp-abilities/v1",
+            "methods": [
+                "GET"
+            ],
+            "endpoints": [
+                {
+                    "methods": [
+                        "GET"
+                    ],
+                    "args": {
+                        "namespace": {
+                            "default": "wp-abilities/v1",
+                            "required": false
+                        },
+                        "context": {
+                            "default": "view",
+                            "required": false
+                        }
+                    }
+                }
+            ],
+            "_links": {
+                "self": [
+                    {
+                        "href": "http://example.org/index.php?rest_route=/wp-abilities/v1"
+                    }
+                ]
+            }
+        },
+        "/wp-abilities/v1/abilities/(?P<name>[a-zA-Z0-9\\-\\/]+?)/run": {
+            "namespace": "wp-abilities/v1",
+            "methods": [
+                "GET",
+                "POST",
+                "PUT",
+                "PATCH",
+                "DELETE"
+            ],
+            "endpoints": [
+                {
+                    "methods": [
+                        "GET",
+                        "POST",
+                        "PUT",
+                        "PATCH",
+                        "DELETE"
+                    ],
+                    "args": {
+                        "name": {
+                            "description": "Unique identifier for the ability.",
+                            "type": "string",
+                            "pattern": "^[a-zA-Z0-9\\-\\/]+$",
+                            "required": false
+                        },
+                        "input": {
+                            "description": "Input parameters for the ability execution.",
+                            "type": [
+                                "integer",
+                                "number",
+                                "boolean",
+                                "string",
+                                "array",
+                                "object",
+                                "null"
+                            ],
+                            "default": null,
+                            "required": false
+                        }
+                    }
+                }
+            ]
+        },
+        "/wp-abilities/v1/abilities": {
+            "namespace": "wp-abilities/v1",
+            "methods": [
+                "GET"
+            ],
+            "endpoints": [
+                {
+                    "methods": [
+                        "GET"
+                    ],
+                    "args": {
+                        "context": {
+                            "description": "Scope under which the request is made; determines fields present in response.",
+                            "type": "string",
+                            "enum": [
+                                "view",
+                                "embed",
+                                "edit"
+                            ],
+                            "default": "view",
+                            "required": false
+                        },
+                        "page": {
+                            "description": "Current page of the collection.",
+                            "type": "integer",
+                            "default": 1,
+                            "minimum": 1,
+                            "required": false
+                        },
+                        "per_page": {
+                            "description": "Maximum number of items to be returned in result set.",
+                            "type": "integer",
+                            "default": 50,
+                            "minimum": 1,
+                            "maximum": 100,
+                            "required": false
+                        },
+                        "category": {
+                            "description": "Limit results to abilities in specific ability category.",
+                            "type": "string",
+                            "required": false
+                        }
+                    }
+                }
+            ],
+            "_links": {
+                "self": [
+                    {
+                        "href": "http://example.org/index.php?rest_route=/wp-abilities/v1/abilities"
+                    }
+                ]
+            }
+        },
+        "/wp-abilities/v1/abilities/(?P<name>[a-zA-Z0-9\\-\\/]+)": {
+            "namespace": "wp-abilities/v1",
+            "methods": [
+                "GET"
+            ],
+            "endpoints": [
+                {
+                    "methods": [
+                        "GET"
+                    ],
+                    "args": {
+                        "name": {
+                            "description": "Unique identifier for the ability.",
+                            "type": "string",
+                            "pattern": "^[a-zA-Z0-9\\-\\/]+$",
+                            "required": false
+                        }
+                    }
+                }
+            ]
         }
     },