Changeset 60915

Timestamp:

10/08/2025 07:59:28 PM (2 days ago)

Author:

spacedmonkey

Message:

Users: Lazy load user capabilities in WP_User object.

Convert the WP_User object properties caps, roles, and allcaps to protected, and introduce lazy loading for capabilities. These properties are now populated only when first accessed.

The existing magic methods (get, set, and unset) have been updated to maintain backward compatibility, ensuring that reading or modifying these formerly public properties continues to work as expected.

Ensure that these properties are initialised when calling remove_all_caps(), remove_cap(), has_cap(), add_role(), and set_role() methods.

Props spacedmonkey, flixos90, peterwilsoncc, mukesh27, westonruter, swissspidy, prettyboymp.
Fixes #58001.

Location:

trunk

Files:

• src/wp-includes/class-wp-user.php (modified) (18 diffs)
• tests/phpunit/tests/user/capabilities.php (modified) (2 diffs)
• tests/phpunit/tests/user/multisite.php (modified) (2 diffs)
• tests/phpunit/tests/user/query.php (modified) (2 diffs)

trunk/src/wp-includes/class-wp-user.php

@@ -38 +38 @@
  * @property string $syntax_highlighting
  * @property string $use_ssl
+ * @property array<string, bool> $caps
+ * @property string[] $roles
+ * @property array<string, bool> $allcaps
  */
 #[AllowDynamicProperties]
@@ -61 +64 @@
      *
      * @since 2.0.0
-     * @var bool[] Array of key/value pairs where keys represent a capability name
-     *             and boolean values represent whether the user has that capability.
-     */
-    public $caps = array();
+     * @var array<string, bool>|null Array of key/value pairs where keys represent a capability name
+     *                               and boolean values represent whether the user has that capability.
+     */
+    protected $caps = null;
 
     /**
@@ -80 +83 @@
      * @var string[]
      */
-    public $roles = array();
+    protected $roles = array();
 
     /**
@@ -86 +89 @@
      *
      * @since 2.0.0
-     * @var bool[] Array of key/value pairs where keys represent a capability name
-     *             and boolean values represent whether the user has that capability.
-     */
-    public $allcaps = array();
+     * @var array<string, bool> Array of key/value pairs where keys represent a capability name
+     *                          and boolean values represent whether the user has that capability.
+     */
+    protected $allcaps = array();
 
     /**
@@ -289 +292 @@
         }
 
+        if ( in_array( $key, array( 'caps', 'allcaps', 'roles' ), true ) ) {
+            return true;
+        }
+
         if ( isset( $this->data->$key ) ) {
             return true;
@@ -320 +327 @@
             );
             return $this->ID;
+        }
+
+        if ( in_array( $key, array( 'caps', 'allcaps', 'roles' ), true ) ) {
+            $this->load_capability_data();
+            return $this->$key;
         }
 
@@ -364 +376 @@
         }
 
+        // Ensure capability data is loaded before setting related properties.
+        if ( in_array( $key, array( 'caps', 'allcaps', 'roles' ), true ) ) {
+            $this->load_capability_data();
+            $this->$key = $value;
+            return;
+        }
+
         $this->data->$key = $value;
     }
@@ -387 +406 @@
         }
 
+        if ( in_array( $key, array( 'caps', 'allcaps', 'roles' ), true ) ) {
+            $this->$key = null;
+        }
+
         if ( isset( $this->data->$key ) ) {
             unset( $this->data->$key );
@@ -515 +538 @@
 
         $wp_roles = wp_roles();
+
+        // Edge case: In case someone calls this method before lazy initialization, we need to initialize on demand.
+        if ( ! isset( $this->caps ) ) {
+            $this->caps = $this->get_caps_data();
+        }
 
         // Filter out caps that are not role names and assign to $this->roles.
@@ -549 +577 @@
             return;
         }
+        $this->load_capability_data();
 
         if ( in_array( $role, $this->roles, true ) ) {
@@ -578 +607 @@
      */
     public function remove_role( $role ) {
+        $this->load_capability_data();
         if ( ! in_array( $role, $this->roles, true ) ) {
             return;
@@ -610 +640 @@
      */
     public function set_role( $role ) {
+        $this->load_capability_data();
         if ( 1 === count( $this->roles ) && current( $this->roles ) === $role ) {
             return;
@@ -711 +742 @@
      */
     public function add_cap( $cap, $grant = true ) {
+        $this->load_capability_data();
         $this->caps[ $cap ] = $grant;
         update_user_meta( $this->ID, $this->cap_key, $this->caps );
@@ -725 +757 @@
      */
     public function remove_cap( $cap ) {
+        $this->load_capability_data();
         if ( ! isset( $this->caps[ $cap ] ) ) {
             return;
@@ -743 +776 @@
     public function remove_all_caps() {
         global $wpdb;
-        $this->caps = array();
+        $this->caps = null;
         delete_user_meta( $this->ID, $this->cap_key );
         delete_user_meta( $this->ID, $wpdb->get_blog_prefix() . 'user_level' );
-        $this->get_role_caps();
+        $this->load_capability_data();
     }
 
@@ -777 +810 @@
      */
     public function has_cap( $cap, ...$args ) {
+        $this->load_capability_data();
+
         if ( is_numeric( $cap ) ) {
             _deprecated_argument( __FUNCTION__, '2.0.0', __( 'Usage of user levels is deprecated. Use capabilities instead.' ) );
@@ -878 +913 @@
 
         $this->cap_key = $wpdb->get_blog_prefix( $this->site_id ) . 'capabilities';
-
-        $this->caps = $this->get_caps_data();
-
-        $this->get_role_caps();
+        $this->caps    = null;
     }
 
@@ -912 +944 @@
         return $caps;
     }
+
+    /**
+     * Loads capability data if it has not been loaded yet.
+     *
+     * @since 6.9.0
+     */
+    private function load_capability_data() {
+        if ( isset( $this->caps ) ) {
+            return;
+        }
+        $this->caps = $this->get_caps_data();
+        $this->get_role_caps();
+    }
 }

trunk/tests/phpunit/tests/user/capabilities.php

@@ -994 +994 @@
 
     /**
+     * Test adding capabilities, roles, and allcaps manually to a user.
+     *
+     * @ticket 58001
+     *
+     * @dataProvider data_add_user_properties_manually
+     *
+     * @param string $property_name  The property name to set.
+     * @param array  $property_value The property value to set.
+     * @param bool   $check_null     Whether to check that the property is null after unsetting it.
+     */
+    public function test_add_user_properties_manually( $property_name, $property_value, $check_null ) {
+        $id                     = self::factory()->user->create();
+        $user                   = new WP_User( $id );
+        $user->{$property_name} = $property_value;
+
+        $this->assertSameSets( $property_value, $user->{$property_name}, "User property {$property_name} was not set correctly." );
+        unset( $user->{$property_name} );
+        if ( $check_null ) {
+            $this->assertNull( $user->{$property_name}, "User property {$property_name} should be null after unsetting it." );
+        }
+    }
+
+    /**
+     * Data provider for test_add_user_properties_manually.
+     *
+     * @return array<string, array{0:string,1:array}>
+     */
+    public function data_add_user_properties_manually() {
+        return array(
+            'caps'    => array( 'caps', array( 'foo' => true ), false ),
+            'roles'   => array( 'roles', array( 'foo' => true ), true ),
+            'allcaps' => array( 'allcaps', array( 'foo' => true ), true ),
+        );
+    }
+
+    /**
      * Test add_role with implied capabilities grant successfully grants capabilities.
      *
@@ -1099 +1135 @@
         $this->flush_roles();
         $this->assertFalse( $wp_roles->is_role( $role_name ) );
+    }
+
+    /**
+     * @ticket 58001
+     */
+    public function test_get_role_caps() {
+        $id_1   = self::$users['contributor']->ID;
+        $user_1 = new WP_User( $id_1 );
+
+        $role_caps = $user_1->get_role_caps();
+        $this->assertIsArray( $role_caps, 'User role capabilities should be an array' );
+        $this->assertArrayHasKey( 'edit_posts', $role_caps, 'User role capabilities should contain the edit_posts capability' );
+    }
+
+    /**
+     * @ticket 58001
+     */
+    public function test_user_lazy_capabilities() {
+        $id_1   = self::$users['contributor']->ID;
+        $user_1 = new WP_User( $id_1 );
+
+        $this->assertTrue( isset( $user_1->roles ), 'User roles should be set' );
+        $this->assertTrue( isset( $user_1->allcaps ), 'User all capabilities should be set' );
+        $this->assertTrue( isset( $user_1->caps ), 'User capabilities should be set' );
+        $this->assertIsArray( $user_1->roles, 'User roles should be an array' );
+        $this->assertSame( array( 'contributor' ), $user_1->roles, 'User roles should match' );
+        $this->assertIsArray( $user_1->allcaps, 'User allcaps should be an array' );
+        $this->assertIsArray( $user_1->caps, 'User caps should be an array' );
+
+        $caps = $this->getAllCapsAndRoles();
+        foreach ( $caps as $cap => $roles ) {
+            if ( in_array( 'contributor', $roles, true ) ) {
+                $this->assertTrue( $user_1->has_cap( $cap ), "User should have the {$cap} capability" );
+            }
+        }
     }
 

trunk/tests/phpunit/tests/user/multisite.php

@@ -370 +370 @@
         switch_to_blog( $site_id );
         $user = get_user_by( 'id', $user_id );
+        $this->assertContains( 'subscriber', $user->roles, 'User should have subscriber role' );
         restore_current_blog();
 
@@ -375 +376 @@
         wpmu_delete_user( $user_id );
 
-        $this->assertContains( 'subscriber', $user->roles );
+        $this->assertContains( 'subscriber', $user->roles, 'User should still have subscriber role' );
     }
 

trunk/tests/phpunit/tests/user/query.php

@@ -163 +163 @@
         add_filter( 'update_user_metadata_cache', array( $filter, 'filter' ), 10, 2 );
 
-        new WP_User_Query(
+        $query = new WP_User_Query(
             array(
                 'include' => self::$author_ids,
@@ -169 +169 @@
             )
         );
+
+        $users = $query->get_results();
+        foreach ( $users as $user ) {
+            $this->assertIsArray( $user->roles );
+            foreach ( $user->roles as $role ) {
+                $this->assertIsString( $role );
+            }
+        }
 
         $args      = $filter->get_args();