Add: Get user ability.

[jorgefilipecosta]

Part of: WordPress/ai#40
Inspired by the work on https://github.com/galatanovidiu/mcp-adapter-implementation-example/tree/experiment/layerd-mcp-tools/includes/Abilities by @galatanovidiu.
cc: @JasonTheAdams, @justlevine

Summary

This PR adds a core/get-user ability to the WordPress Abilities API. This ability returns comprehensive profile details for a user by ID, login, or email, providing more data than the existing core/get-user-info ability.

Organization

Following the pattern established in #10665 and #10747, this PR adds a new class WP_Users_Abilities in src/wp-includes/abilities/class-wp-users-abilities.php. The class is organized into:

• Initialization: register() method that registers all user-related abilities
• Schema Building: get_user_input_schema() and get_user_output_schema() define the ability's interface
• Ability Registration: register_get_user() registers the ability with schemas and callbacks
• Permission Check: check_get_user_permission() validates access (logged in required, can view own profile, needs list_users to view others)
• Execution: execute_get_user() retrieves and returns user data

Key Features

• Returns 15 user fields by default: id, username, email, display_name, first_name, last_name, nickname, description, url, link, slug, registered_date, roles, locale, avatar_urls
• Required input: at least one of id, login, or email to identify the user
• Optional include_capabilities parameter to include all user capabilities
• Permission check: users must be logged in, can view their own profile, require list_users capability to view other users
• Exposed via REST API (show_in_rest: true)

Test plan

• Open http://localhost:6888/site-wp-dev-1/wp-admin/post-new.php
• Open the browser console and run the following examples:

// Get user by ID
await wp.apiFetch({
  path: '/wp-abilities/v1/abilities/core/get-user/run',
  method: 'POST',
  data: { input: { id: 1 } }
});

• Verify user with ID 1 is returned with all 15 fields (id, username, email, display_name, first_name, last_name, nickname, description, url, link, slug, registered_date, roles, locale, avatar_urls)

// Get user by login
await wp.apiFetch({
  path: '/wp-abilities/v1/abilities/core/get-user/run',
  method: 'POST',
  data: { input: { login: 'admin' } }
});

• Verify user with login 'admin' is returned

// Get user by email
await wp.apiFetch({
  path: '/wp-abilities/v1/abilities/core/get-user/run',
  method: 'POST',
  data: { input: { email: 'admin@example.com' } }
});

• Verify user with matching email is returned

// Check the ability schema
await wp.apiFetch({
  path: '/wp-abilities/v1/abilities/core/get-user',
  method: 'GET'
});

• Verify the input schema includes id, login, email, and include_capabilities properties
• Verify the output schema documents all fields with types and descriptions

// Test missing identifier error
await wp.apiFetch({
  path: '/wp-abilities/v1/abilities/core/get-user/run',
  method: 'POST',
  data: { input: {} }
});

• Verify error is returned when no identifier (id, login, or email) is provided

• Test permission check: Verify non-logged-in users cannot access the ability

• Test permission check: Verify non-admin users can only view their own user info

• Test permission check: Verify users with list_users capability can view any user

[github-actions]

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

• The Plugin and Theme Directories cannot be accessed within Playground.
• All changes will be lost when closing a tab with a Playground instance.
• All changes will be lost when refreshing the page.
• A fresh instance is created each time the link below is clicked.
• Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
  it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props jorgefilipecosta.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.