From b3e4f7ae0a7583b2a8924b120b12169a3d78e88c Mon Sep 17 00:00:00 2001 From: Jorge Costa Date: Tue, 9 Jun 2026 17:55:53 +0100 Subject: [PATCH 1/5] Add a core/settings ability Add the core/settings ability, matching the equivalent WordPress core change. Read-only; returns settings flagged show_in_abilities as a flat name => value map, filterable by group or by name, gated on manage_options. The Settings class is kept near-identical to core's WP_Settings_Abilities and registers at priority 11, unregistering any core-provided copy first so the plugin wins when both are present. A generic Show_In_Abilities component seeds the show_in_abilities flag onto a curated set of core settings so the ability returns data on a stock site. Includes a Playwright e2e spec that drives the ability through the @wordpress/abilities client. Keeps the output schema free of unsupported formats and per-property defaults so the client-side validator accepts it and does not inject defaults into filtered results. --- includes/Abilities/Settings/Settings.php | 328 ++++++++++++++++++ includes/Abilities/Show_In_Abilities.php | 104 ++++++ includes/Main.php | 7 + .../Abilities/Settings/SettingsTest.php | 254 ++++++++++++++ .../Abilities/Show_In_AbilitiesTest.php | 131 +++++++ .../e2e/specs/abilities/core-settings.spec.js | 106 ++++++ 6 files changed, 930 insertions(+) create mode 100644 includes/Abilities/Settings/Settings.php create mode 100644 includes/Abilities/Show_In_Abilities.php create mode 100644 tests/Integration/Includes/Abilities/Settings/SettingsTest.php create mode 100644 tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php create mode 100644 tests/e2e/specs/abilities/core-settings.spec.js diff --git a/includes/Abilities/Settings/Settings.php b/includes/Abilities/Settings/Settings.php new file mode 100644 index 000000000..e90ee932f --- /dev/null +++ b/includes/Abilities/Settings/Settings.php @@ -0,0 +1,328 @@ + esc_html__( 'Site', 'ai' ), + 'description' => esc_html__( 'Abilities that retrieve or modify site information and settings.', 'ai' ), + ) + ); + } + + /** + * Registers all settings abilities. + * + * Must run on the `wp_abilities_api_init` hook. + * + * @since 1.1.0 + */ + public static function register(): void { + self::register_get_settings(); + + /* + * A future write-oriented ability can be registered here, reusing the shared + * helpers below (get_exposed_settings(), value_schema(), cast_value()): + * + * self::register_manage_settings(); + */ + } + + /** + * Registers the read-only `core/settings` ability. + * + * @since 1.1.0 + */ + public static function register_get_settings(): void { + // Plugin: unregister any core-provided copy first so the plugin's version wins. + if ( wp_has_ability( 'core/settings' ) ) { + wp_unregister_ability( 'core/settings' ); + } + + $settings = self::get_exposed_settings(); + $groups = array_values( array_unique( array_filter( wp_list_pluck( $settings, 'group' ) ) ) ); + $slugs = array_keys( $settings ); + $properties = array(); + foreach ( $settings as $exposed_name => $setting ) { + $properties[ $exposed_name ] = $setting['schema']; + } + + wp_register_ability( + 'core/settings', + array( + 'label' => esc_html__( 'Get Settings', 'ai' ), + 'description' => esc_html__( 'Returns WordPress settings as a flat map of setting name to value. By default returns all settings exposed to abilities, or optionally a subset filtered by settings group or by setting name.', 'ai' ), + 'category' => self::CATEGORY, + 'input_schema' => self::get_settings_input_schema( $groups, $slugs ), + 'output_schema' => array( + 'type' => 'object', + 'description' => esc_html__( 'A map of setting name to its current value.', 'ai' ), + 'properties' => $properties, + 'additionalProperties' => false, + ), + 'execute_callback' => array( self::class, 'execute_get_settings' ), + 'permission_callback' => array( self::class, 'has_permission' ), + 'meta' => array( + 'annotations' => array( + 'readonly' => true, + 'destructive' => false, + 'idempotent' => true, + ), + 'show_in_rest' => true, + ), + ) + ); + } + + /** + * Executes the `core/settings` ability. + * + * @since 1.1.0 + * + * @param mixed $input Optional. The ability input. Default empty array. + * @return array Map of exposed setting name to current value. + */ + public static function execute_get_settings( $input = array() ): array { + $input = is_array( $input ) ? $input : array(); + + $settings = self::get_exposed_settings(); + $group = isset( $input['group'] ) ? (string) $input['group'] : ''; + $slugs = isset( $input['slugs'] ) && is_array( $input['slugs'] ) ? $input['slugs'] : array(); + + $result = array(); + foreach ( $settings as $exposed_name => $setting ) { + if ( '' !== $group && $setting['group'] !== $group ) { + continue; + } + if ( ! empty( $slugs ) && ! in_array( $exposed_name, $slugs, true ) ) { + continue; + } + + $type = isset( $setting['schema']['type'] ) ? (string) $setting['schema']['type'] : 'string'; + $value = get_option( $setting['option'], $setting['default'] ); + + $result[ $exposed_name ] = self::cast_value( $value, $type ); + } + + return $result; + } + + /** + * Checks whether the current user may use the settings abilities. + * + * @since 1.1.0 + * + * @return bool True if the current user can manage options. + */ + public static function has_permission(): bool { + return current_user_can( 'manage_options' ); + } + + /** + * Builds the input schema for the get ability: filter by group XOR by name. + * + * @since 1.1.0 + * + * @param string[] $groups Available settings groups. + * @param string[] $slugs Available exposed setting names. + * @return array The input JSON Schema. + */ + protected static function get_settings_input_schema( array $groups, array $slugs ): array { + return array( + 'type' => 'object', + 'default' => array(), + // Filter by group OR by name, but not both at once. + 'oneOf' => array( + array( + 'title' => esc_html__( 'All settings', 'ai' ), + 'type' => 'object', + 'additionalProperties' => false, + ), + array( + 'title' => esc_html__( 'Filter by group', 'ai' ), + 'type' => 'object', + 'required' => array( 'group' ), + 'properties' => array( + 'group' => array( + 'type' => 'string', + 'enum' => $groups, + 'description' => esc_html__( 'Return only settings that belong to this settings group.', 'ai' ), + ), + ), + 'additionalProperties' => false, + ), + array( + 'title' => esc_html__( 'Filter by name', 'ai' ), + 'type' => 'object', + 'required' => array( 'slugs' ), + 'properties' => array( + 'slugs' => array( + 'type' => 'array', + 'items' => array( + 'type' => 'string', + 'enum' => $slugs, + ), + 'description' => esc_html__( 'Return only the settings with these names.', 'ai' ), + ), + ), + 'additionalProperties' => false, + ), + ), + ); + } + + /** + * Returns the settings exposed through the Abilities API. + * + * Reads {@see get_registered_settings()} and keeps only settings flagged with a truthy + * `show_in_abilities` argument. Each entry is keyed by its exposed name and carries the + * underlying option name, the settings group, the registration default, and a JSON Schema + * describing the value. + * + * @since 1.1.0 + * + * @return array}> Settings keyed by exposed name. + */ + protected static function get_exposed_settings(): array { + $settings = array(); + + foreach ( get_registered_settings() as $option_name => $args ) { + $show = $args['show_in_abilities'] ?? false; + if ( empty( $show ) ) { + continue; + } + + $option_name = (string) $option_name; + $exposed_name = is_array( $show ) && ! empty( $show['name'] ) ? (string) $show['name'] : $option_name; + + $settings[ $exposed_name ] = array( + 'option' => $option_name, + 'group' => isset( $args['group'] ) ? (string) $args['group'] : '', + 'default' => array_key_exists( 'default', $args ) ? $args['default'] : false, + 'schema' => self::value_schema( $args, $show ), + ); + } + + return $settings; + } + + /** + * Builds the JSON Schema describing a single setting's value. + * + * @since 1.1.0 + * + * @param array $args The setting registration arguments. + * @param bool|array $show The setting's `show_in_abilities` value. + * @return array The value JSON Schema. + */ + protected static function value_schema( array $args, $show ): array { + $schema = array( + 'type' => isset( $args['type'] ) ? (string) $args['type'] : 'string', + ); + if ( ! empty( $args['label'] ) ) { + $schema['title'] = $args['label']; + } + if ( ! empty( $args['description'] ) ) { + $schema['description'] = $args['description']; + } + if ( is_array( $show ) && isset( $show['schema'] ) && is_array( $show['schema'] ) ) { + $schema = array_merge( $schema, $show['schema'] ); + } + + return $schema; + } + + /** + * Casts a stored option value to the type declared in its settings registration. + * + * @since 1.1.0 + * + * @param mixed $value The raw option value. + * @param string $type The registered setting type. + * @return mixed The value cast to the declared type. + */ + protected static function cast_value( $value, string $type ) { + switch ( $type ) { + case 'boolean': + return (bool) $value; + case 'integer': + return (int) $value; + case 'number': + return (float) $value; + case 'array': + case 'object': + return is_array( $value ) ? $value : array(); + default: + return is_scalar( $value ) ? (string) $value : $value; + } + } +} diff --git a/includes/Abilities/Show_In_Abilities.php b/includes/Abilities/Show_In_Abilities.php new file mode 100644 index 000000000..1e5955027 --- /dev/null +++ b/includes/Abilities/Show_In_Abilities.php @@ -0,0 +1,104 @@ + $args The setting registration arguments. + * @param array $defaults The default registration arguments. + * @param string $option_group The settings group. + * @param string $option_name The option name. + * @return array The (possibly amended) registration arguments. + */ + public static function mark_setting( array $args, array $defaults, string $option_group, string $option_name ): array { + $settings = self::settings_map(); + + if ( isset( $settings[ $option_name ] ) && empty( $args['show_in_abilities'] ) ) { + $args['show_in_abilities'] = $settings[ $option_name ]; + } + + return $args; + } + + /** + * Returns the curated core settings to expose, keyed by option name. + * + * The value is whatever `show_in_abilities` should contain: `true`, or an array with + * optional `name` and `schema` keys (mirroring the `show_in_rest` shape). This matches + * the set marked natively by the core `core/settings` implementation. + * + * @since 1.1.0 + * + * @return array> Settings map keyed by option name. + */ + public static function settings_map(): array { + return array( + // General. + 'blogname' => true, + 'blogdescription' => true, + 'siteurl' => true, + 'admin_email' => array( 'schema' => array( 'format' => 'email' ) ), + 'timezone_string' => true, + 'date_format' => true, + 'time_format' => true, + 'start_of_week' => true, + 'WPLANG' => true, + // Writing. + 'use_smilies' => true, + 'default_category' => true, + 'default_post_format' => true, + // Reading. + 'posts_per_page' => true, + 'show_on_front' => true, + 'page_on_front' => true, + 'page_for_posts' => true, + // Discussion. + 'default_ping_status' => array( 'schema' => array( 'enum' => array( 'open', 'closed' ) ) ), + 'default_comment_status' => array( 'schema' => array( 'enum' => array( 'open', 'closed' ) ) ), + ); + } +} diff --git a/includes/Main.php b/includes/Main.php index 23bbf5184..2dda218a5 100644 --- a/includes/Main.php +++ b/includes/Main.php @@ -11,6 +11,8 @@ namespace WordPress\AI; +use WordPress\AI\Abilities\Settings\Settings as Settings_Ability; +use WordPress\AI\Abilities\Show_In_Abilities; use WordPress\AI\Abilities\Utilities\Posts; use WordPress\AI\Admin\Activation; use WordPress\AI\Admin\Dashboard\Dashboard_Widgets; @@ -129,6 +131,11 @@ public function initialize_features(): void { // Register our post-related WordPress Abilities. ( new Posts() )->register(); + + // Expose curated core objects to the Abilities API, then register the + // `core/settings` ability (overriding any core-provided copy). + Show_In_Abilities::register(); + Settings_Ability::init(); } catch ( \Throwable $e ) { _doing_it_wrong( __METHOD__, diff --git a/tests/Integration/Includes/Abilities/Settings/SettingsTest.php b/tests/Integration/Includes/Abilities/Settings/SettingsTest.php new file mode 100644 index 000000000..16b8fed54 --- /dev/null +++ b/tests/Integration/Includes/Abilities/Settings/SettingsTest.php @@ -0,0 +1,254 @@ +ensure_site_category(); + } + + /** + * Tear down test case. + * + * @since 1.1.0 + */ + public function tearDown(): void { + if ( wp_has_ability( 'core/settings' ) ) { + wp_unregister_ability( 'core/settings' ); + } + + remove_filter( 'register_setting_args', array( Show_In_Abilities::class, 'mark_setting' ), 10 ); + wp_set_current_user( 0 ); + + parent::tearDown(); + } + + /** + * Ensures the `site` ability category exists for the ability to attach to. + * + * @since 1.1.0 + */ + private function ensure_site_category(): void { + if ( wp_has_ability_category( 'site' ) ) { + return; + } + + global $wp_current_filter; + $wp_current_filter[] = 'wp_abilities_api_categories_init'; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited -- Faking the action context to register within it. + try { + wp_register_ability_category( + 'site', + array( + 'label' => 'Site', + 'description' => 'Site.', + ) + ); + } finally { + array_pop( $wp_current_filter ); + } + } + + /** + * Registers the plugin's core/settings ability inside a faked init action. + * + * @since 1.1.0 + */ + private function register_ability(): void { + global $wp_current_filter; + $wp_current_filter[] = 'wp_abilities_api_init'; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited -- Faking the action context to register within it. + try { + Settings::register(); + } finally { + array_pop( $wp_current_filter ); + } + } + + /** + * Logs in as an administrator so the ability's permission check passes. + * + * @since 1.1.0 + */ + private function become_admin(): void { + wp_set_current_user( self::factory()->user->create( array( 'role' => 'administrator' ) ) ); + } + + /** + * The ability is registered in the `site` category and flagged read-only. + * + * @since 1.1.0 + */ + public function test_registers_core_settings_ability(): void { + $this->register_ability(); + + $ability = wp_get_ability( 'core/settings' ); + + $this->assertNotNull( $ability ); + $this->assertSame( 'core/settings', $ability->get_name() ); + $this->assertSame( 'site', $ability->get_category() ); + + $annotations = $ability->get_meta_item( 'annotations', array() ); + $this->assertTrue( $annotations['readonly'] ); + } + + /** + * When core already provides core/settings, the plugin's version replaces it. + * + * @since 1.1.0 + */ + public function test_override_replaces_existing_core_settings(): void { + // Simulate a core-provided ability with a different (minimal) shape. + global $wp_current_filter; + $wp_current_filter[] = 'wp_abilities_api_init'; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited -- Faking the action context to register within it. + try { + wp_register_ability( + 'core/settings', + array( + 'label' => 'Core Provided', + 'description' => 'Core provided settings ability.', + 'category' => 'site', + 'execute_callback' => static function (): array { + return array(); + }, + 'permission_callback' => '__return_true', + ) + ); + } finally { + array_pop( $wp_current_filter ); + } + + $this->assertSame( 'Core Provided', wp_get_ability( 'core/settings' )->get_label() ); + + $this->register_ability(); + + $ability = wp_get_ability( 'core/settings' ); + $this->assertSame( 'Get Settings', $ability->get_label() ); + // The plugin's shape uses a mutually-exclusive oneOf input schema. + $this->assertArrayHasKey( 'oneOf', $ability->get_input_schema() ); + } + + /** + * The input schema exposes mutually exclusive `group` and `slugs` filters. + * + * @since 1.1.0 + */ + public function test_input_schema_is_one_of_group_or_slugs(): void { + $this->register_ability(); + + $schema = wp_get_ability( 'core/settings' )->get_input_schema(); + + $this->assertCount( 3, $schema['oneOf'] ); + $this->assertContains( 'reading', $schema['oneOf'][1]['properties']['group']['enum'] ); + $this->assertContains( 'blogname', $schema['oneOf'][2]['properties']['slugs']['items']['enum'] ); + } + + /** + * Without input the ability returns a flat map of correctly typed setting values. + * + * @since 1.1.0 + */ + public function test_returns_flat_typed_values(): void { + $this->become_admin(); + $this->register_ability(); + + update_option( 'blogname', 'My Test Site' ); + update_option( 'posts_per_page', 7 ); + update_option( 'use_smilies', '1' ); + + $result = wp_get_ability( 'core/settings' )->execute( array() ); + + $this->assertIsArray( $result ); + $this->assertSame( 'My Test Site', $result['blogname'] ); + $this->assertSame( 7, $result['posts_per_page'] ); + $this->assertTrue( $result['use_smilies'] ); + } + + /** + * The `group` filter narrows the response to a single settings group. + * + * @since 1.1.0 + */ + public function test_filters_by_group(): void { + $this->become_admin(); + $this->register_ability(); + + $result = wp_get_ability( 'core/settings' )->execute( array( 'group' => 'reading' ) ); + + $this->assertArrayHasKey( 'posts_per_page', $result ); + $this->assertArrayNotHasKey( 'blogname', $result ); + } + + /** + * The `slugs` filter narrows the response to the requested setting names. + * + * @since 1.1.0 + */ + public function test_filters_by_slugs(): void { + $this->become_admin(); + $this->register_ability(); + + $result = wp_get_ability( 'core/settings' )->execute( array( 'slugs' => array( 'blogname', 'posts_per_page' ) ) ); + + $this->assertSame( array( 'blogname', 'posts_per_page' ), array_keys( $result ) ); + } + + /** + * Supplying both `group` and `slugs` violates the `oneOf` and is rejected. + * + * @since 1.1.0 + */ + public function test_rejects_group_and_slugs_together(): void { + $this->become_admin(); + $this->register_ability(); + + $result = wp_get_ability( 'core/settings' )->execute( + array( + 'group' => 'reading', + 'slugs' => array( 'blogname' ), + ) + ); + + $this->assertWPError( $result ); + $this->assertSame( 'ability_invalid_input', $result->get_error_code() ); + } + + /** + * Users without `manage_options` cannot run the ability. + * + * @since 1.1.0 + */ + public function test_requires_manage_options(): void { + wp_set_current_user( self::factory()->user->create( array( 'role' => 'subscriber' ) ) ); + $this->register_ability(); + + $result = wp_get_ability( 'core/settings' )->execute( array() ); + + $this->assertWPError( $result ); + $this->assertSame( 'ability_invalid_permissions', $result->get_error_code() ); + } +} diff --git a/tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php b/tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php new file mode 100644 index 000000000..c08131010 --- /dev/null +++ b/tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php @@ -0,0 +1,131 @@ + + */ + private $registered_options = array(); + + /** + * Set up test case. + * + * @since 1.1.0 + */ + public function setUp(): void { + parent::setUp(); + + Show_In_Abilities::register(); + } + + /** + * Tear down test case. + * + * @since 1.1.0 + */ + public function tearDown(): void { + remove_filter( 'register_setting_args', array( Show_In_Abilities::class, 'mark_setting' ), 10 ); + + foreach ( $this->registered_options as $option ) { + unregister_setting( 'group', $option ); + } + $this->registered_options = array(); + + parent::tearDown(); + } + + /** + * Registers a setting and tracks it for cleanup. + * + * @since 1.1.0 + * + * @param string $group The settings group. + * @param string $option The option name. + * @param array $args The registration arguments. + */ + private function register_setting( string $group, string $option, array $args ): void { + $this->registered_options[] = $option; + register_setting( $group, $option, $args ); + } + + /** + * A curated setting is flagged with `show_in_abilities => true`. + * + * @since 1.1.0 + */ + public function test_marks_curated_boolean_setting(): void { + $this->register_setting( 'general', 'blogname', array( 'type' => 'string' ) ); + + $settings = get_registered_settings(); + + $this->assertTrue( $settings['blogname']['show_in_abilities'] ); + } + + /** + * A curated setting that maps to an array value receives that array verbatim. + * + * @since 1.1.0 + */ + public function test_marks_curated_array_setting(): void { + $this->register_setting( 'discussion', 'default_comment_status', array( 'type' => 'string' ) ); + + $settings = get_registered_settings(); + + $this->assertSame( + array( 'schema' => array( 'enum' => array( 'open', 'closed' ) ) ), + $settings['default_comment_status']['show_in_abilities'] + ); + } + + /** + * A setting that is not in the curated map is left untouched. + * + * @since 1.1.0 + */ + public function test_does_not_mark_uncurated_setting(): void { + $this->register_setting( 'general', 'wpai_not_curated_option', array( 'type' => 'string' ) ); + + $settings = get_registered_settings(); + + $this->assertTrue( empty( $settings['wpai_not_curated_option']['show_in_abilities'] ) ); + } + + /** + * An explicit `show_in_abilities` value already on the setting is preserved. + * + * @since 1.1.0 + */ + public function test_respects_existing_value(): void { + $this->register_setting( + 'general', + 'blogname', + array( + 'type' => 'string', + 'show_in_abilities' => array( 'name' => 'custom_title' ), + ) + ); + + $settings = get_registered_settings(); + + $this->assertSame( array( 'name' => 'custom_title' ), $settings['blogname']['show_in_abilities'] ); + } +} diff --git a/tests/e2e/specs/abilities/core-settings.spec.js b/tests/e2e/specs/abilities/core-settings.spec.js new file mode 100644 index 000000000..3e70f81ea --- /dev/null +++ b/tests/e2e/specs/abilities/core-settings.spec.js @@ -0,0 +1,106 @@ +/** + * WordPress dependencies + */ +const { test, expect } = require( '@wordpress/e2e-test-utils-playwright' ); + +/** + * Runs the `core/settings` ability through the client-side Abilities API + * (`@wordpress/abilities`), exactly as a consumer would in the browser. + * + * Mirrors the plugin's own import sequence: wait for `@wordpress/core-abilities` + * to be ready, then call `executeAbility` from `@wordpress/abilities`. When the + * client modules are not enqueued (e.g. a WordPress build without the client-side + * Abilities API), returns `{ unavailable: true }` so the test can skip. + * + * @param {import('@playwright/test').Page} page The Playwright page. + * @param {Object} input The ability input. + * @return {Promise} `{ unavailable }`, `{ ok: true, result }`, or `{ ok: false, code }`. + */ +async function runCoreSettings( page, input ) { + return page.evaluate( async ( abilityInput ) => { + let api; + try { + const core = await import( '@wordpress/core-abilities' ); + if ( core && core.ready ) { + await core.ready; + } + api = await import( '@wordpress/abilities' ); + } catch { + api = window.wp && window.wp.abilities; + } + + if ( ! api || typeof api.executeAbility !== 'function' ) { + return { unavailable: true }; + } + + try { + const result = await api.executeAbility( + 'core/settings', + abilityInput + ); + return { ok: true, result }; + } catch ( e ) { + return { ok: false, code: e && e.code ? e.code : null }; + } + }, input ); +} + +const SKIP_REASON = + 'The @wordpress/abilities client is not enqueued in this environment.'; + +test.describe( 'core/settings ability (client-side Abilities API)', () => { + test.beforeEach( async ( { admin } ) => { + // Load wp-admin so the Abilities API client modules and REST nonce are available. + await admin.visitAdminPage( 'index.php' ); + } ); + + test( 'returns a flat, correctly typed map of settings', async ( { + page, + } ) => { + const outcome = await runCoreSettings( page, {} ); + test.skip( outcome.unavailable === true, SKIP_REASON ); + + expect( outcome.ok ).toBe( true ); + // Flat map keyed by setting name (not grouped/nested). + expect( typeof outcome.result.blogname ).toBe( 'string' ); + expect( typeof outcome.result.posts_per_page ).toBe( 'number' ); + expect( typeof outcome.result.use_smilies ).toBe( 'boolean' ); + } ); + + test( 'filters by group', async ( { page } ) => { + const outcome = await runCoreSettings( page, { group: 'reading' } ); + test.skip( outcome.unavailable === true, SKIP_REASON ); + + expect( outcome.ok ).toBe( true ); + expect( outcome.result ).toHaveProperty( 'posts_per_page' ); + // Settings from other groups (and schema defaults) must not leak in. + expect( outcome.result ).not.toHaveProperty( 'blogname' ); + expect( outcome.result ).not.toHaveProperty( 'use_smilies' ); + } ); + + test( 'filters by slugs', async ( { page } ) => { + const outcome = await runCoreSettings( page, { + slugs: [ 'blogname', 'posts_per_page' ], + } ); + test.skip( outcome.unavailable === true, SKIP_REASON ); + + expect( outcome.ok ).toBe( true ); + expect( Object.keys( outcome.result ).sort() ).toEqual( [ + 'blogname', + 'posts_per_page', + ] ); + } ); + + test( 'rejects group and slugs together (mutually exclusive)', async ( { + page, + } ) => { + const outcome = await runCoreSettings( page, { + group: 'reading', + slugs: [ 'blogname' ], + } ); + test.skip( outcome.unavailable === true, SKIP_REASON ); + + expect( outcome.ok ).toBe( false ); + expect( outcome.code ).toBe( 'ability_invalid_input' ); + } ); +} ); From a4310138931e8910b803f810988cfbfaea16f735 Mon Sep 17 00:00:00 2001 From: Jorge Costa Date: Mon, 15 Jun 2026 20:15:27 +0100 Subject: [PATCH 2/5] Run the core/settings client-side e2e from the editor with an experiment enabled The @wordpress/abilities client modules are only added to the editor's import map when an AI experiment is enabled (its script declares them as module_dependencies). Enable Excerpt Generation and drive the test from a new post instead of skipping when the client is unavailable. --- .../e2e/specs/abilities/core-settings.spec.js | 68 ++++++++++--------- 1 file changed, 37 insertions(+), 31 deletions(-) diff --git a/tests/e2e/specs/abilities/core-settings.spec.js b/tests/e2e/specs/abilities/core-settings.spec.js index 3e70f81ea..69a90d3b5 100644 --- a/tests/e2e/specs/abilities/core-settings.spec.js +++ b/tests/e2e/specs/abilities/core-settings.spec.js @@ -4,37 +4,41 @@ const { test, expect } = require( '@wordpress/e2e-test-utils-playwright' ); /** - * Runs the `core/settings` ability through the client-side Abilities API - * (`@wordpress/abilities`), exactly as a consumer would in the browser. + * Internal dependencies + */ +const { + enableExperiment, + enableExperiments, +} = require( '../../utils/helpers' ); + +/** + * Runs the `core/settings` ability through the client-side Abilities API, exactly + * as a consumer would in the browser. * - * Mirrors the plugin's own import sequence: wait for `@wordpress/core-abilities` - * to be ready, then call `executeAbility` from `@wordpress/abilities`. When the - * client modules are not enqueued (e.g. a WordPress build without the client-side - * Abilities API), returns `{ unavailable: true }` so the test can skip. + * Mirrors the plugin's own sequence in `src/utils/run-ability.ts`: importing + * `@wordpress/core-abilities` initializes the client store (WordPress core's build + * runs `initialize()` on load and exports the resulting `ready` promise), so we + * await `ready` before calling `executeAbility` from `@wordpress/abilities`. + * + * The client modules are only present in the page's import map once an AI experiment + * is enabled in the block editor (it declares them as `module_dependencies`), which is + * set up in `beforeEach`. * * @param {import('@playwright/test').Page} page The Playwright page. * @param {Object} input The ability input. - * @return {Promise} `{ unavailable }`, `{ ok: true, result }`, or `{ ok: false, code }`. + * @return {Promise} `{ ok: true, result }` or `{ ok: false, code }`. */ async function runCoreSettings( page, input ) { return page.evaluate( async ( abilityInput ) => { - let api; - try { - const core = await import( '@wordpress/core-abilities' ); - if ( core && core.ready ) { - await core.ready; - } - api = await import( '@wordpress/abilities' ); - } catch { - api = window.wp && window.wp.abilities; + const { ready } = await import( '@wordpress/core-abilities' ); + if ( ready ) { + await ready; } - if ( ! api || typeof api.executeAbility !== 'function' ) { - return { unavailable: true }; - } + const { executeAbility } = await import( '@wordpress/abilities' ); try { - const result = await api.executeAbility( + const result = await executeAbility( 'core/settings', abilityInput ); @@ -45,20 +49,25 @@ async function runCoreSettings( page, input ) { }, input ); } -const SKIP_REASON = - 'The @wordpress/abilities client is not enqueued in this environment.'; - test.describe( 'core/settings ability (client-side Abilities API)', () => { - test.beforeEach( async ( { admin } ) => { - // Load wp-admin so the Abilities API client modules and REST nonce are available. - await admin.visitAdminPage( 'index.php' ); + test.beforeEach( async ( { admin, page } ) => { + // Enabling an experiment loads its block-editor script, which declares the + // `@wordpress/abilities` + `@wordpress/core-abilities` modules as dependencies + // and so adds them to the editor's import map. + await enableExperiments( admin, page ); + await enableExperiment( admin, page, 'Excerpt Generation' ); + + // Run from the block editor, where the abilities client modules are available. + await admin.createNewPost( { + postType: 'post', + title: 'core/settings ability test', + } ); } ); test( 'returns a flat, correctly typed map of settings', async ( { page, } ) => { const outcome = await runCoreSettings( page, {} ); - test.skip( outcome.unavailable === true, SKIP_REASON ); expect( outcome.ok ).toBe( true ); // Flat map keyed by setting name (not grouped/nested). @@ -69,11 +78,10 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { test( 'filters by group', async ( { page } ) => { const outcome = await runCoreSettings( page, { group: 'reading' } ); - test.skip( outcome.unavailable === true, SKIP_REASON ); expect( outcome.ok ).toBe( true ); expect( outcome.result ).toHaveProperty( 'posts_per_page' ); - // Settings from other groups (and schema defaults) must not leak in. + // Settings from other groups must not leak in. expect( outcome.result ).not.toHaveProperty( 'blogname' ); expect( outcome.result ).not.toHaveProperty( 'use_smilies' ); } ); @@ -82,7 +90,6 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { const outcome = await runCoreSettings( page, { slugs: [ 'blogname', 'posts_per_page' ], } ); - test.skip( outcome.unavailable === true, SKIP_REASON ); expect( outcome.ok ).toBe( true ); expect( Object.keys( outcome.result ).sort() ).toEqual( [ @@ -98,7 +105,6 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { group: 'reading', slugs: [ 'blogname' ], } ); - test.skip( outcome.unavailable === true, SKIP_REASON ); expect( outcome.ok ).toBe( false ); expect( outcome.code ).toBe( 'ability_invalid_input' ); From 7a2f0a0697b47ea4bc6ee643450bdaedcce7cff0 Mon Sep 17 00:00:00 2001 From: Jorge Costa Date: Mon, 15 Jun 2026 20:30:44 +0100 Subject: [PATCH 3/5] Rename the core/settings 'slugs' input to 'settings' 'settings' reads more naturally than 'slugs' for an ability about settings: executeAbility( 'core/settings', { settings: [ 'blogname' ] } ). --- includes/Abilities/Settings/Settings.php | 26 +++++++++---------- .../Abilities/Settings/SettingsTest.php | 20 +++++++------- .../e2e/specs/abilities/core-settings.spec.js | 8 +++--- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/includes/Abilities/Settings/Settings.php b/includes/Abilities/Settings/Settings.php index e90ee932f..028f9f7f0 100644 --- a/includes/Abilities/Settings/Settings.php +++ b/includes/Abilities/Settings/Settings.php @@ -108,10 +108,10 @@ public static function register_get_settings(): void { wp_unregister_ability( 'core/settings' ); } - $settings = self::get_exposed_settings(); - $groups = array_values( array_unique( array_filter( wp_list_pluck( $settings, 'group' ) ) ) ); - $slugs = array_keys( $settings ); - $properties = array(); + $settings = self::get_exposed_settings(); + $groups = array_values( array_unique( array_filter( wp_list_pluck( $settings, 'group' ) ) ) ); + $setting_names = array_keys( $settings ); + $properties = array(); foreach ( $settings as $exposed_name => $setting ) { $properties[ $exposed_name ] = $setting['schema']; } @@ -122,7 +122,7 @@ public static function register_get_settings(): void { 'label' => esc_html__( 'Get Settings', 'ai' ), 'description' => esc_html__( 'Returns WordPress settings as a flat map of setting name to value. By default returns all settings exposed to abilities, or optionally a subset filtered by settings group or by setting name.', 'ai' ), 'category' => self::CATEGORY, - 'input_schema' => self::get_settings_input_schema( $groups, $slugs ), + 'input_schema' => self::get_settings_input_schema( $groups, $setting_names ), 'output_schema' => array( 'type' => 'object', 'description' => esc_html__( 'A map of setting name to its current value.', 'ai' ), @@ -156,14 +156,14 @@ public static function execute_get_settings( $input = array() ): array { $settings = self::get_exposed_settings(); $group = isset( $input['group'] ) ? (string) $input['group'] : ''; - $slugs = isset( $input['slugs'] ) && is_array( $input['slugs'] ) ? $input['slugs'] : array(); + $names = isset( $input['settings'] ) && is_array( $input['settings'] ) ? $input['settings'] : array(); $result = array(); foreach ( $settings as $exposed_name => $setting ) { if ( '' !== $group && $setting['group'] !== $group ) { continue; } - if ( ! empty( $slugs ) && ! in_array( $exposed_name, $slugs, true ) ) { + if ( ! empty( $names ) && ! in_array( $exposed_name, $names, true ) ) { continue; } @@ -192,11 +192,11 @@ public static function has_permission(): bool { * * @since 1.1.0 * - * @param string[] $groups Available settings groups. - * @param string[] $slugs Available exposed setting names. + * @param string[] $groups Available settings groups. + * @param string[] $setting_names Available exposed setting names. * @return array The input JSON Schema. */ - protected static function get_settings_input_schema( array $groups, array $slugs ): array { + protected static function get_settings_input_schema( array $groups, array $setting_names ): array { return array( 'type' => 'object', 'default' => array(), @@ -223,13 +223,13 @@ protected static function get_settings_input_schema( array $groups, array $slugs array( 'title' => esc_html__( 'Filter by name', 'ai' ), 'type' => 'object', - 'required' => array( 'slugs' ), + 'required' => array( 'settings' ), 'properties' => array( - 'slugs' => array( + 'settings' => array( 'type' => 'array', 'items' => array( 'type' => 'string', - 'enum' => $slugs, + 'enum' => $setting_names, ), 'description' => esc_html__( 'Return only the settings with these names.', 'ai' ), ), diff --git a/tests/Integration/Includes/Abilities/Settings/SettingsTest.php b/tests/Integration/Includes/Abilities/Settings/SettingsTest.php index 16b8fed54..9adcd144c 100644 --- a/tests/Integration/Includes/Abilities/Settings/SettingsTest.php +++ b/tests/Integration/Includes/Abilities/Settings/SettingsTest.php @@ -153,18 +153,18 @@ public function test_override_replaces_existing_core_settings(): void { } /** - * The input schema exposes mutually exclusive `group` and `slugs` filters. + * The input schema exposes mutually exclusive `group` and `settings` filters. * * @since 1.1.0 */ - public function test_input_schema_is_one_of_group_or_slugs(): void { + public function test_input_schema_is_one_of_group_or_settings(): void { $this->register_ability(); $schema = wp_get_ability( 'core/settings' )->get_input_schema(); $this->assertCount( 3, $schema['oneOf'] ); $this->assertContains( 'reading', $schema['oneOf'][1]['properties']['group']['enum'] ); - $this->assertContains( 'blogname', $schema['oneOf'][2]['properties']['slugs']['items']['enum'] ); + $this->assertContains( 'blogname', $schema['oneOf'][2]['properties']['settings']['items']['enum'] ); } /** @@ -204,32 +204,32 @@ public function test_filters_by_group(): void { } /** - * The `slugs` filter narrows the response to the requested setting names. + * The `settings` filter narrows the response to the requested setting names. * * @since 1.1.0 */ - public function test_filters_by_slugs(): void { + public function test_filters_by_settings(): void { $this->become_admin(); $this->register_ability(); - $result = wp_get_ability( 'core/settings' )->execute( array( 'slugs' => array( 'blogname', 'posts_per_page' ) ) ); + $result = wp_get_ability( 'core/settings' )->execute( array( 'settings' => array( 'blogname', 'posts_per_page' ) ) ); $this->assertSame( array( 'blogname', 'posts_per_page' ), array_keys( $result ) ); } /** - * Supplying both `group` and `slugs` violates the `oneOf` and is rejected. + * Supplying both `group` and `settings` violates the `oneOf` and is rejected. * * @since 1.1.0 */ - public function test_rejects_group_and_slugs_together(): void { + public function test_rejects_group_and_settings_together(): void { $this->become_admin(); $this->register_ability(); $result = wp_get_ability( 'core/settings' )->execute( array( - 'group' => 'reading', - 'slugs' => array( 'blogname' ), + 'group' => 'reading', + 'settings' => array( 'blogname' ), ) ); diff --git a/tests/e2e/specs/abilities/core-settings.spec.js b/tests/e2e/specs/abilities/core-settings.spec.js index 69a90d3b5..97a9cde4d 100644 --- a/tests/e2e/specs/abilities/core-settings.spec.js +++ b/tests/e2e/specs/abilities/core-settings.spec.js @@ -86,9 +86,9 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { expect( outcome.result ).not.toHaveProperty( 'use_smilies' ); } ); - test( 'filters by slugs', async ( { page } ) => { + test( 'filters by settings', async ( { page } ) => { const outcome = await runCoreSettings( page, { - slugs: [ 'blogname', 'posts_per_page' ], + settings: [ 'blogname', 'posts_per_page' ], } ); expect( outcome.ok ).toBe( true ); @@ -98,12 +98,12 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { ] ); } ); - test( 'rejects group and slugs together (mutually exclusive)', async ( { + test( 'rejects group and settings together (mutually exclusive)', async ( { page, } ) => { const outcome = await runCoreSettings( page, { group: 'reading', - slugs: [ 'blogname' ], + settings: [ 'blogname' ], } ); expect( outcome.ok ).toBe( false ); From 8970d2d99e3d4534341d976b0e94a7ff15531508 Mon Sep 17 00:00:00 2001 From: Jorge Costa Date: Mon, 15 Jun 2026 20:39:57 +0100 Subject: [PATCH 4/5] Test that core/settings exposes settings registered by other plugins Add an e2e sample plugin that registers a setting with show_in_abilities, map it in .wp-env.test.json, and assert the core/settings ability returns it. --- .wp-env.test.json | 1 + .../e2e-sample-settings.php | 30 +++++++++++++++++++ .../e2e/specs/abilities/core-settings.spec.js | 15 ++++++++++ 3 files changed, 46 insertions(+) create mode 100644 tests/e2e-sample-settings/e2e-sample-settings.php diff --git a/.wp-env.test.json b/.wp-env.test.json index fb5b624ff..1e50bf8d5 100644 --- a/.wp-env.test.json +++ b/.wp-env.test.json @@ -6,6 +6,7 @@ "plugins": [ ".", "./tests/e2e-request-mocking", + "./tests/e2e-sample-settings", "https://downloads.wordpress.org/plugin/ai-provider-for-google.zip", "https://downloads.wordpress.org/plugin/ai-provider-for-openai.zip" ], diff --git a/tests/e2e-sample-settings/e2e-sample-settings.php b/tests/e2e-sample-settings/e2e-sample-settings.php new file mode 100644 index 000000000..09eaf3942 --- /dev/null +++ b/tests/e2e-sample-settings/e2e-sample-settings.php @@ -0,0 +1,30 @@ + 'string', + 'label' => 'AI E2E Sample Setting', + 'description' => 'A sample setting exposed to the Abilities API for end-to-end testing.', + 'show_in_abilities' => true, + 'default' => 'sample-default', + ) + ); + } +); diff --git a/tests/e2e/specs/abilities/core-settings.spec.js b/tests/e2e/specs/abilities/core-settings.spec.js index 97a9cde4d..b67c0816c 100644 --- a/tests/e2e/specs/abilities/core-settings.spec.js +++ b/tests/e2e/specs/abilities/core-settings.spec.js @@ -109,4 +109,19 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { expect( outcome.ok ).toBe( false ); expect( outcome.code ).toBe( 'ability_invalid_input' ); } ); + + test( 'exposes a setting registered by another active plugin', async ( { + page, + } ) => { + // Registered by the `e2e-sample-settings` plugin (mapped in .wp-env.test.json) + // with `show_in_abilities` and a default of `sample-default`. + const outcome = await runCoreSettings( page, { + settings: [ 'ai_e2e_sample_setting' ], + } ); + + expect( outcome.ok ).toBe( true ); + expect( outcome.result ).toEqual( { + ai_e2e_sample_setting: 'sample-default', + } ); + } ); } ); From 66c05ed857fd7a704186e66161ff24f04ef5c84d Mon Sep 17 00:00:00 2001 From: Jorge Costa Date: Wed, 17 Jun 2026 14:03:24 +0100 Subject: [PATCH 5/5] Address review feedback on the core/settings ability - Simplify the input schema: replace the group-XOR-name `oneOf` with optional, combinable `group` and `fields` filters (rename `settings` -> `fields`, matching core/get-site-info). Default to an empty object so the type:object schema default serializes as {}. - Memoize the exposed settings so the input/output schema and execute() derive from a single walk of get_registered_settings(). - Cast object-typed values to objects so they serialize as {} (not []) and satisfy the output schema validated by execute(). - Drop the redundant `site` ability-category fallback (core registers it and the plugin requires WP 7.0). - Use __() instead of esc_html__() for ability strings, and @since x.x.x per CONTRIBUTING.md. - Harden value handling so the new code passes PHPStan at the strictest level. - Tests: assert keys order-insensitively and cover combined group+fields filtering. --- includes/Abilities/Settings/Settings.php | 177 ++++++++---------- includes/Abilities/Show_In_Abilities.php | 10 +- .../Abilities/Settings/SettingsTest.php | 63 ++++--- .../Abilities/Show_In_AbilitiesTest.php | 18 +- .../e2e/specs/abilities/core-settings.spec.js | 16 +- 5 files changed, 134 insertions(+), 150 deletions(-) diff --git a/includes/Abilities/Settings/Settings.php b/includes/Abilities/Settings/Settings.php index 028f9f7f0..3ee0e6efb 100644 --- a/includes/Abilities/Settings/Settings.php +++ b/includes/Abilities/Settings/Settings.php @@ -4,7 +4,7 @@ * * @package WordPress\AI * - * @since 1.1.0 + * @since x.x.x */ declare( strict_types=1 ); @@ -24,67 +24,53 @@ * * This class is kept almost identical to the WordPress core class `WP_Settings_Abilities` * so the two implementations stay in sync. Differences from the core class are marked with - * `// Plugin:` comments. Additionally, all user-facing strings use esc_html__() with the - * 'ai' text domain rather than core's __(). + * `// Plugin:` comments. Additionally, all user-facing strings use the 'ai' text domain. * * @internal This class should not be used outside the plugin and there is no guarantee of backwards compatibility. * - * @since 1.1.0 + * @since x.x.x */ class Settings { /** * The ability category used for settings abilities. * - * @since 1.1.0 + * @since x.x.x * @var string */ public const CATEGORY = 'site'; + /** + * Settings exposed through the Abilities API, computed once at registration. + * + * Plugin: cached so the input/output schema and the executed result derive from the exact + * same structure, and {@see get_registered_settings()} is only walked once per request. + * + * @since x.x.x + * @var array}>|null + */ + private static $exposed_settings = null; + /** * Hooks the ability into the Abilities API. * * Plugin: this method has no equivalent in the core class. In core, register() is * invoked directly from wp_register_core_abilities() (already on the * `wp_abilities_api_init` hook). The plugin instead hooks register() slightly later - * (priority 11) so it can override any core-provided copy, and registers the category - * as a fallback in case core has not. + * (priority 11) so it can override any core-provided copy. * - * @since 1.1.0 + * @since x.x.x */ public static function init(): void { - add_action( 'wp_abilities_api_categories_init', array( self::class, 'register_category' ), 11 ); add_action( 'wp_abilities_api_init', array( self::class, 'register' ), 11 ); } - /** - * Registers the `site` ability category if it is not already registered. - * - * Plugin: this method has no equivalent in the core class; core relies on - * wp_register_core_ability_categories() to register the `site` category. - * - * @since 1.1.0 - */ - public static function register_category(): void { - if ( wp_has_ability_category( self::CATEGORY ) ) { - return; - } - - wp_register_ability_category( - self::CATEGORY, - array( - 'label' => esc_html__( 'Site', 'ai' ), - 'description' => esc_html__( 'Abilities that retrieve or modify site information and settings.', 'ai' ), - ) - ); - } - /** * Registers all settings abilities. * * Must run on the `wp_abilities_api_init` hook. * - * @since 1.1.0 + * @since x.x.x */ public static function register(): void { self::register_get_settings(); @@ -100,7 +86,7 @@ public static function register(): void { /** * Registers the read-only `core/settings` ability. * - * @since 1.1.0 + * @since x.x.x */ public static function register_get_settings(): void { // Plugin: unregister any core-provided copy first so the plugin's version wins. @@ -108,24 +94,31 @@ public static function register_get_settings(): void { wp_unregister_ability( 'core/settings' ); } - $settings = self::get_exposed_settings(); - $groups = array_values( array_unique( array_filter( wp_list_pluck( $settings, 'group' ) ) ) ); - $setting_names = array_keys( $settings ); - $properties = array(); + // Compute once; execute_get_settings() reuses this exact structure. + self::$exposed_settings = self::get_exposed_settings(); + + $settings = self::$exposed_settings; + $field_names = array_keys( $settings ); + $groups = array(); + $properties = array(); foreach ( $settings as $exposed_name => $setting ) { $properties[ $exposed_name ] = $setting['schema']; + if ( '' === $setting['group'] || in_array( $setting['group'], $groups, true ) ) { + continue; + } + $groups[] = $setting['group']; } wp_register_ability( 'core/settings', array( - 'label' => esc_html__( 'Get Settings', 'ai' ), - 'description' => esc_html__( 'Returns WordPress settings as a flat map of setting name to value. By default returns all settings exposed to abilities, or optionally a subset filtered by settings group or by setting name.', 'ai' ), + 'label' => __( 'Get Settings', 'ai' ), + 'description' => __( 'Returns WordPress settings as a flat map of setting name to value. By default returns all settings exposed to abilities, or optionally a subset filtered by settings group, by setting name, or both.', 'ai' ), 'category' => self::CATEGORY, - 'input_schema' => self::get_settings_input_schema( $groups, $setting_names ), + 'input_schema' => self::get_settings_input_schema( $groups, $field_names ), 'output_schema' => array( 'type' => 'object', - 'description' => esc_html__( 'A map of setting name to its current value.', 'ai' ), + 'description' => __( 'A map of setting name to its current value.', 'ai' ), 'properties' => $properties, 'additionalProperties' => false, ), @@ -146,7 +139,7 @@ public static function register_get_settings(): void { /** * Executes the `core/settings` ability. * - * @since 1.1.0 + * @since x.x.x * * @param mixed $input Optional. The ability input. Default empty array. * @return array Map of exposed setting name to current value. @@ -154,20 +147,20 @@ public static function register_get_settings(): void { public static function execute_get_settings( $input = array() ): array { $input = is_array( $input ) ? $input : array(); - $settings = self::get_exposed_settings(); - $group = isset( $input['group'] ) ? (string) $input['group'] : ''; - $names = isset( $input['settings'] ) && is_array( $input['settings'] ) ? $input['settings'] : array(); + $settings = self::$exposed_settings ?? self::get_exposed_settings(); + $group = isset( $input['group'] ) && is_string( $input['group'] ) ? $input['group'] : ''; + $fields = isset( $input['fields'] ) && is_array( $input['fields'] ) ? $input['fields'] : array(); $result = array(); foreach ( $settings as $exposed_name => $setting ) { if ( '' !== $group && $setting['group'] !== $group ) { continue; } - if ( ! empty( $names ) && ! in_array( $exposed_name, $names, true ) ) { + if ( ! empty( $fields ) && ! in_array( $exposed_name, $fields, true ) ) { continue; } - $type = isset( $setting['schema']['type'] ) ? (string) $setting['schema']['type'] : 'string'; + $type = isset( $setting['schema']['type'] ) && is_string( $setting['schema']['type'] ) ? $setting['schema']['type'] : 'string'; $value = get_option( $setting['option'], $setting['default'] ); $result[ $exposed_name ] = self::cast_value( $value, $type ); @@ -179,7 +172,7 @@ public static function execute_get_settings( $input = array() ): array { /** * Checks whether the current user may use the settings abilities. * - * @since 1.1.0 + * @since x.x.x * * @return bool True if the current user can manage options. */ @@ -188,55 +181,38 @@ public static function has_permission(): bool { } /** - * Builds the input schema for the get ability: filter by group XOR by name. + * Builds the input schema for the get ability: optional filters by group and/or name. * - * @since 1.1.0 + * Both `group` and `fields` are optional; supplying both narrows the response to their + * intersection, and supplying neither returns every exposed setting. * - * @param string[] $groups Available settings groups. - * @param string[] $setting_names Available exposed setting names. + * @since x.x.x + * + * @param string[] $groups Available settings groups. + * @param string[] $field_names Available exposed setting names. * @return array The input JSON Schema. */ - protected static function get_settings_input_schema( array $groups, array $setting_names ): array { + protected static function get_settings_input_schema( array $groups, array $field_names ): array { return array( - 'type' => 'object', - 'default' => array(), - // Filter by group OR by name, but not both at once. - 'oneOf' => array( - array( - 'title' => esc_html__( 'All settings', 'ai' ), - 'type' => 'object', - 'additionalProperties' => false, + 'type' => 'object', + // Object (not array()) so the serialized schema default is {}, consistent with type:object. + 'default' => (object) array(), + 'properties' => array( + 'group' => array( + 'type' => 'string', + 'enum' => $groups, + 'description' => __( 'Return only settings that belong to this settings group.', 'ai' ), ), - array( - 'title' => esc_html__( 'Filter by group', 'ai' ), - 'type' => 'object', - 'required' => array( 'group' ), - 'properties' => array( - 'group' => array( - 'type' => 'string', - 'enum' => $groups, - 'description' => esc_html__( 'Return only settings that belong to this settings group.', 'ai' ), - ), + 'fields' => array( + 'type' => 'array', + 'items' => array( + 'type' => 'string', + 'enum' => $field_names, ), - 'additionalProperties' => false, - ), - array( - 'title' => esc_html__( 'Filter by name', 'ai' ), - 'type' => 'object', - 'required' => array( 'settings' ), - 'properties' => array( - 'settings' => array( - 'type' => 'array', - 'items' => array( - 'type' => 'string', - 'enum' => $setting_names, - ), - 'description' => esc_html__( 'Return only the settings with these names.', 'ai' ), - ), - ), - 'additionalProperties' => false, + 'description' => __( 'Return only the settings with these names.', 'ai' ), ), ), + 'additionalProperties' => false, ); } @@ -248,7 +224,7 @@ protected static function get_settings_input_schema( array $groups, array $setti * underlying option name, the settings group, the registration default, and a JSON Schema * describing the value. * - * @since 1.1.0 + * @since x.x.x * * @return array}> Settings keyed by exposed name. */ @@ -262,11 +238,11 @@ protected static function get_exposed_settings(): array { } $option_name = (string) $option_name; - $exposed_name = is_array( $show ) && ! empty( $show['name'] ) ? (string) $show['name'] : $option_name; + $exposed_name = is_array( $show ) && isset( $show['name'] ) && is_string( $show['name'] ) && '' !== $show['name'] ? $show['name'] : $option_name; $settings[ $exposed_name ] = array( 'option' => $option_name, - 'group' => isset( $args['group'] ) ? (string) $args['group'] : '', + 'group' => isset( $args['group'] ) && is_string( $args['group'] ) ? $args['group'] : '', 'default' => array_key_exists( 'default', $args ) ? $args['default'] : false, 'schema' => self::value_schema( $args, $show ), ); @@ -278,7 +254,7 @@ protected static function get_exposed_settings(): array { /** * Builds the JSON Schema describing a single setting's value. * - * @since 1.1.0 + * @since x.x.x * * @param array $args The setting registration arguments. * @param bool|array $show The setting's `show_in_abilities` value. @@ -286,7 +262,7 @@ protected static function get_exposed_settings(): array { */ protected static function value_schema( array $args, $show ): array { $schema = array( - 'type' => isset( $args['type'] ) ? (string) $args['type'] : 'string', + 'type' => isset( $args['type'] ) && is_string( $args['type'] ) ? $args['type'] : 'string', ); if ( ! empty( $args['label'] ) ) { $schema['title'] = $args['label']; @@ -295,7 +271,9 @@ protected static function value_schema( array $args, $show ): array { $schema['description'] = $args['description']; } if ( is_array( $show ) && isset( $show['schema'] ) && is_array( $show['schema'] ) ) { - $schema = array_merge( $schema, $show['schema'] ); + /** @var array $show_schema */ + $show_schema = $show['schema']; + $schema = array_merge( $schema, $show_schema ); } return $schema; @@ -304,7 +282,7 @@ protected static function value_schema( array $args, $show ): array { /** * Casts a stored option value to the type declared in its settings registration. * - * @since 1.1.0 + * @since x.x.x * * @param mixed $value The raw option value. * @param string $type The registered setting type. @@ -315,12 +293,15 @@ protected static function cast_value( $value, string $type ) { case 'boolean': return (bool) $value; case 'integer': - return (int) $value; + return is_scalar( $value ) ? (int) $value : 0; case 'number': - return (float) $value; + return is_scalar( $value ) ? (float) $value : 0.0; case 'array': - case 'object': return is_array( $value ) ? $value : array(); + case 'object': + // Cast to object so an empty/non-array value serializes as {} (not []) and + // satisfies the `object` output schema validated by execute(). + return (object) ( is_array( $value ) ? $value : array() ); default: return is_scalar( $value ) ? (string) $value : $value; } diff --git a/includes/Abilities/Show_In_Abilities.php b/includes/Abilities/Show_In_Abilities.php index 1e5955027..5e9015fc4 100644 --- a/includes/Abilities/Show_In_Abilities.php +++ b/includes/Abilities/Show_In_Abilities.php @@ -4,7 +4,7 @@ * * @package WordPress\AI * - * @since 1.1.0 + * @since x.x.x */ declare( strict_types=1 ); @@ -27,14 +27,14 @@ * * @internal This class should not be used outside the plugin and there is no guarantee of backwards compatibility. * - * @since 1.1.0 + * @since x.x.x */ class Show_In_Abilities { /** * Registers the hooks that mark core objects as exposed to abilities. * - * @since 1.1.0 + * @since x.x.x */ public static function register(): void { add_filter( 'register_setting_args', array( self::class, 'mark_setting' ), 10, 4 ); @@ -46,7 +46,7 @@ public static function register(): void { * Respects an explicit `show_in_abilities` value already present on the setting (for * example once core ships it natively), only filling it in when absent. * - * @since 1.1.0 + * @since x.x.x * * @param array $args The setting registration arguments. * @param array $defaults The default registration arguments. @@ -71,7 +71,7 @@ public static function mark_setting( array $args, array $defaults, string $optio * optional `name` and `schema` keys (mirroring the `show_in_rest` shape). This matches * the set marked natively by the core `core/settings` implementation. * - * @since 1.1.0 + * @since x.x.x * * @return array> Settings map keyed by option name. */ diff --git a/tests/Integration/Includes/Abilities/Settings/SettingsTest.php b/tests/Integration/Includes/Abilities/Settings/SettingsTest.php index 9adcd144c..9d853ccf5 100644 --- a/tests/Integration/Includes/Abilities/Settings/SettingsTest.php +++ b/tests/Integration/Includes/Abilities/Settings/SettingsTest.php @@ -14,14 +14,14 @@ /** * Settings ability test case. * - * @since 1.1.0 + * @since x.x.x */ class SettingsTest extends WP_UnitTestCase { /** * Set up test case. * - * @since 1.1.0 + * @since x.x.x */ public function setUp(): void { parent::setUp(); @@ -36,7 +36,7 @@ public function setUp(): void { /** * Tear down test case. * - * @since 1.1.0 + * @since x.x.x */ public function tearDown(): void { if ( wp_has_ability( 'core/settings' ) ) { @@ -52,7 +52,7 @@ public function tearDown(): void { /** * Ensures the `site` ability category exists for the ability to attach to. * - * @since 1.1.0 + * @since x.x.x */ private function ensure_site_category(): void { if ( wp_has_ability_category( 'site' ) ) { @@ -77,7 +77,7 @@ private function ensure_site_category(): void { /** * Registers the plugin's core/settings ability inside a faked init action. * - * @since 1.1.0 + * @since x.x.x */ private function register_ability(): void { global $wp_current_filter; @@ -92,7 +92,7 @@ private function register_ability(): void { /** * Logs in as an administrator so the ability's permission check passes. * - * @since 1.1.0 + * @since x.x.x */ private function become_admin(): void { wp_set_current_user( self::factory()->user->create( array( 'role' => 'administrator' ) ) ); @@ -101,7 +101,7 @@ private function become_admin(): void { /** * The ability is registered in the `site` category and flagged read-only. * - * @since 1.1.0 + * @since x.x.x */ public function test_registers_core_settings_ability(): void { $this->register_ability(); @@ -119,7 +119,7 @@ public function test_registers_core_settings_ability(): void { /** * When core already provides core/settings, the plugin's version replaces it. * - * @since 1.1.0 + * @since x.x.x */ public function test_override_replaces_existing_core_settings(): void { // Simulate a core-provided ability with a different (minimal) shape. @@ -148,29 +148,29 @@ public function test_override_replaces_existing_core_settings(): void { $ability = wp_get_ability( 'core/settings' ); $this->assertSame( 'Get Settings', $ability->get_label() ); - // The plugin's shape uses a mutually-exclusive oneOf input schema. - $this->assertArrayHasKey( 'oneOf', $ability->get_input_schema() ); + // The plugin's shape exposes optional `group` and `fields` filters. + $this->assertArrayHasKey( 'fields', $ability->get_input_schema()['properties'] ); } /** - * The input schema exposes mutually exclusive `group` and `settings` filters. + * The input schema exposes optional `group` and `fields` filters. * - * @since 1.1.0 + * @since x.x.x */ - public function test_input_schema_is_one_of_group_or_settings(): void { + public function test_input_schema_exposes_group_and_fields_filters(): void { $this->register_ability(); $schema = wp_get_ability( 'core/settings' )->get_input_schema(); - $this->assertCount( 3, $schema['oneOf'] ); - $this->assertContains( 'reading', $schema['oneOf'][1]['properties']['group']['enum'] ); - $this->assertContains( 'blogname', $schema['oneOf'][2]['properties']['settings']['items']['enum'] ); + $this->assertArrayNotHasKey( 'oneOf', $schema ); + $this->assertContains( 'reading', $schema['properties']['group']['enum'] ); + $this->assertContains( 'blogname', $schema['properties']['fields']['items']['enum'] ); } /** * Without input the ability returns a flat map of correctly typed setting values. * - * @since 1.1.0 + * @since x.x.x */ public function test_returns_flat_typed_values(): void { $this->become_admin(); @@ -191,7 +191,7 @@ public function test_returns_flat_typed_values(): void { /** * The `group` filter narrows the response to a single settings group. * - * @since 1.1.0 + * @since x.x.x */ public function test_filters_by_group(): void { $this->become_admin(); @@ -204,43 +204,44 @@ public function test_filters_by_group(): void { } /** - * The `settings` filter narrows the response to the requested setting names. + * The `fields` filter narrows the response to the requested setting names. * - * @since 1.1.0 + * @since x.x.x */ - public function test_filters_by_settings(): void { + public function test_filters_by_fields(): void { $this->become_admin(); $this->register_ability(); - $result = wp_get_ability( 'core/settings' )->execute( array( 'settings' => array( 'blogname', 'posts_per_page' ) ) ); + $result = wp_get_ability( 'core/settings' )->execute( array( 'fields' => array( 'blogname', 'posts_per_page' ) ) ); - $this->assertSame( array( 'blogname', 'posts_per_page' ), array_keys( $result ) ); + $this->assertEqualSets( array( 'blogname', 'posts_per_page' ), array_keys( $result ) ); } /** - * Supplying both `group` and `settings` violates the `oneOf` and is rejected. + * Supplying both `group` and `fields` narrows the response to their intersection. * - * @since 1.1.0 + * @since x.x.x */ - public function test_rejects_group_and_settings_together(): void { + public function test_combines_group_and_fields_filters(): void { $this->become_admin(); $this->register_ability(); + // `blogname` is in the `general` group and `posts_per_page` in `reading`; only the + // latter satisfies both filters. $result = wp_get_ability( 'core/settings' )->execute( array( - 'group' => 'reading', - 'settings' => array( 'blogname' ), + 'group' => 'reading', + 'fields' => array( 'blogname', 'posts_per_page' ), ) ); - $this->assertWPError( $result ); - $this->assertSame( 'ability_invalid_input', $result->get_error_code() ); + $this->assertEqualSets( array( 'posts_per_page' ), array_keys( $result ) ); } /** * Users without `manage_options` cannot run the ability. * - * @since 1.1.0 + * @since x.x.x */ public function test_requires_manage_options(): void { wp_set_current_user( self::factory()->user->create( array( 'role' => 'subscriber' ) ) ); diff --git a/tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php b/tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php index c08131010..f1e163900 100644 --- a/tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php +++ b/tests/Integration/Includes/Abilities/Show_In_AbilitiesTest.php @@ -13,14 +13,14 @@ /** * Show_In_Abilities test case. * - * @since 1.1.0 + * @since x.x.x */ class Show_In_AbilitiesTest extends WP_UnitTestCase { /** * Option names registered during a test, cleaned up on tear down. * - * @since 1.1.0 + * @since x.x.x * * @var array */ @@ -29,7 +29,7 @@ class Show_In_AbilitiesTest extends WP_UnitTestCase { /** * Set up test case. * - * @since 1.1.0 + * @since x.x.x */ public function setUp(): void { parent::setUp(); @@ -40,7 +40,7 @@ public function setUp(): void { /** * Tear down test case. * - * @since 1.1.0 + * @since x.x.x */ public function tearDown(): void { remove_filter( 'register_setting_args', array( Show_In_Abilities::class, 'mark_setting' ), 10 ); @@ -56,7 +56,7 @@ public function tearDown(): void { /** * Registers a setting and tracks it for cleanup. * - * @since 1.1.0 + * @since x.x.x * * @param string $group The settings group. * @param string $option The option name. @@ -70,7 +70,7 @@ private function register_setting( string $group, string $option, array $args ): /** * A curated setting is flagged with `show_in_abilities => true`. * - * @since 1.1.0 + * @since x.x.x */ public function test_marks_curated_boolean_setting(): void { $this->register_setting( 'general', 'blogname', array( 'type' => 'string' ) ); @@ -83,7 +83,7 @@ public function test_marks_curated_boolean_setting(): void { /** * A curated setting that maps to an array value receives that array verbatim. * - * @since 1.1.0 + * @since x.x.x */ public function test_marks_curated_array_setting(): void { $this->register_setting( 'discussion', 'default_comment_status', array( 'type' => 'string' ) ); @@ -99,7 +99,7 @@ public function test_marks_curated_array_setting(): void { /** * A setting that is not in the curated map is left untouched. * - * @since 1.1.0 + * @since x.x.x */ public function test_does_not_mark_uncurated_setting(): void { $this->register_setting( 'general', 'wpai_not_curated_option', array( 'type' => 'string' ) ); @@ -112,7 +112,7 @@ public function test_does_not_mark_uncurated_setting(): void { /** * An explicit `show_in_abilities` value already on the setting is preserved. * - * @since 1.1.0 + * @since x.x.x */ public function test_respects_existing_value(): void { $this->register_setting( diff --git a/tests/e2e/specs/abilities/core-settings.spec.js b/tests/e2e/specs/abilities/core-settings.spec.js index b67c0816c..2027362a9 100644 --- a/tests/e2e/specs/abilities/core-settings.spec.js +++ b/tests/e2e/specs/abilities/core-settings.spec.js @@ -86,9 +86,9 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { expect( outcome.result ).not.toHaveProperty( 'use_smilies' ); } ); - test( 'filters by settings', async ( { page } ) => { + test( 'filters by fields', async ( { page } ) => { const outcome = await runCoreSettings( page, { - settings: [ 'blogname', 'posts_per_page' ], + fields: [ 'blogname', 'posts_per_page' ], } ); expect( outcome.ok ).toBe( true ); @@ -98,16 +98,18 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { ] ); } ); - test( 'rejects group and settings together (mutually exclusive)', async ( { + test( 'combines group and fields filters (intersection)', async ( { page, } ) => { + // `blogname` is in the `general` group and `posts_per_page` in `reading`; only the + // latter satisfies both filters. const outcome = await runCoreSettings( page, { group: 'reading', - settings: [ 'blogname' ], + fields: [ 'blogname', 'posts_per_page' ], } ); - expect( outcome.ok ).toBe( false ); - expect( outcome.code ).toBe( 'ability_invalid_input' ); + expect( outcome.ok ).toBe( true ); + expect( Object.keys( outcome.result ) ).toEqual( [ 'posts_per_page' ] ); } ); test( 'exposes a setting registered by another active plugin', async ( { @@ -116,7 +118,7 @@ test.describe( 'core/settings ability (client-side Abilities API)', () => { // Registered by the `e2e-sample-settings` plugin (mapped in .wp-env.test.json) // with `show_in_abilities` and a default of `sample-default`. const outcome = await runCoreSettings( page, { - settings: [ 'ai_e2e_sample_setting' ], + fields: [ 'ai_e2e_sample_setting' ], } ); expect( outcome.ok ).toBe( true );