Align ability callers and callbacks with core WP_Ability contract #999
Description
Problem
All 573+ ability callbacks return ['success' => false, 'error' => '...'] arrays instead of WP_Error. Core's WP_Ability::execute() pipeline returns WP_Error for input validation failures, permission denials, and output validation failures. Most callers only handle one convention or the other — ~48 handlers in data-machine alone will crash if an ability returns WP_Error.
This is a network-wide problem affecting 9 plugins.
Network-wide audit
| Plugin | Ability registrations | wp_get_ability() calls |
function_exists guards |
'success' => false returns |
Issue |
|---|---|---|---|---|---|
| data-machine | 100+ | 30+ | 4 | 573+ | This issue |
| data-machine-socials | 43 | 101 | 54 | 316+ | #105 |
| data-machine-events | 31 | 6 | 2 | 45 | #186 |
| data-machine-code | 23 | 17 | 2 | 68 | #9 |
| extrachill-api | 0 | 47 | 4 | 0 | Extra-Chill/extrachill-api#17 |
| extrachill-events | 16 | 9 | 2 | 2 | Extra-Chill/extrachill-events#61 |
| extrachill-cli | 0 | 39 | 2 | 0 | Extra-Chill/extrachill-cli#10 |
| extrachill-community | 0 | 5 | 3 | 0 | Extra-Chill/extrachill-community#20 |
| extrachill-multisite | 1 | 1 | 1 | 2 | Extra-Chill/extrachill-multisite#6 |
| extrachill-users | 25 | 7 | 0 | 0 | ✅ Clean — already uses WP_Error |
Totals: ~240 registrations, ~260 calls, ~72 function_exists guards, ~1,000+ legacy error returns
Plugins not affected
- extrachill-users — already returns
WP_Errorfrom callbacks. Zero'success' => false. The model for everyone else. - extrachill-seo, extrachill-analytics — providers only, no consumers
- extrachill-blog, extrachill-content-blocks, extrachill-contact, extrachill-shop — no ability usage
- data-machine-editor, data-machine-frontend-chat — no ability calls
Migration plan
Phase 1: Safety (prevent crashes) — no behavior change
Add is_wp_error() checks to all callers before they touch $result['success'].
Phase 2: Adopt execute_ability() pattern in REST layer
Port the Chat.php::execute_ability() helper to all REST controllers. ~1,500-2,000 lines removed across the network.
Phase 3: Migrate ability callbacks to return WP_Error
Follow extrachill-users as the reference implementation.
Phase 4: Remove function_exists guards
Replace all 72 guards with direct wp_get_ability() calls. WP 6.9 is our minimum.
Phase 5: Remove legacy array bridge
Once all abilities return WP_Error, remove the ['success' => false] shim from execute_ability() and all callers.
Reference implementation
data-machine/inc/Api/Chat/Chat.php::execute_ability() (merged in PR #1000).
extrachill-users ability callbacks (already return WP_Error).