Performance: Prime product caches and add targetHints in REST API v4 orders

[mikejolley]

Submission Review Guidelines:

• I have followed the WooCommerce Contributing Guidelines and the WordPress Coding Standards.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have reviewed my code for security best practices.
• Following the above guidelines will result in quick merges and clear and detailed feedback when appropriate.

Changes proposed in this Pull Request:

Extracted from #63440 for smaller review scope. This PR contains the REST API v4 Orders controller changes only:

1. targetHints on self links — Adds allow hints to the self link in order responses so clients can determine permitted HTTP methods (GET/PUT/POST/PATCH/DELETE vs GET-only) without making an OPTIONS preflight request.

2. Prime product caches in get_items() — Before serializing orders in a collection response, collects all product and variation IDs from line items and primes their post caches in a single batch call to _prime_post_caches(). This eliminates N+1 queries when resolving product data during order serialization.

How to test the changes in this Pull Request:

1. Create several orders with product line items.
2. Make a GET request to /wp-json/wc/v4/orders as an admin user.
3. Verify the response includes targetHints in the _links.self object with allow: ["GET", "PUT", "POST", "PATCH", "DELETE"].
4. Make the same request as a user without edit_shop_orders capability.
5. Verify targetHints shows allow: ["GET"] only.
6. Enable query logging (e.g. Query Monitor) and confirm product data is fetched in a single batch query rather than per-order.

Testing that has already taken place:

Code review and manual inspection. Changes are extracted directly from the tested PR #63440.

Milestone

• Automatically assign milestone for the next WooCommerce version

Note: Check the box above to have the milestone automatically assigned when merged.
Alternatively (e.g. for point releases), manually assign the appropriate milestone.

Changelog entry

• Automatically create a changelog entry from the details below.
• This Pull Request does not require a changelog entry. (Comment required below)

Changelog entry was created manually.

[github-actions]

Testing Guidelines

Hi @jorgeatorres ,

Apart from reviewing the code changes, please make sure to review the testing instructions (Guide) and verify that relevant tests (E2E, Unit, Integration, etc.) have been added or updated as needed.

Reminder: PR reviewers are required to document testing performed. This includes:

• 🖼️ Screenshots or screen recordings.
• 📝 List of functionality tested / steps followed.
• 🌐 Site details (environment attributes such as hosting type, plugins, theme, store size, store age, and relevant settings).
• 🔍 Any analysis performed, such as assessing potential impacts on environment attributes and other plugins, conducting performance profiling, or using LLM/AI-based analysis.

⚠️ Within the testing details you provide, please ensure that no sensitive information (such as API keys, passwords, user data, etc.) is included in this public issue.

[github-actions]

Test using WordPress Playground

The changes in this pull request can be previewed and tested using a WordPress Playground instance.
WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Test this pull request with WordPress Playground.

Note that this URL is valid for 30 days from when this comment was last updated. You can update it by closing/reopening the PR or pushing a new commit.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds performance optimizations to the REST API v4 orders endpoint by introducing cache priming for products and adding targetHints metadata. These changes reduce N+1 queries during serialization by pre-fetching product caches and providing HTTP method hints in REST responses.

Changes

Cohort / File(s)	Summary
Changelog Entry plugins/woocommerce/changelog/rest-api-v4-orders-cache-priming	New changelog entry documenting the cache priming and targetHints performance improvement.
Orders Controller plugins/woocommerce/src/Internal/RestApi/Routes/V4/Orders/Controller.php	Added targetHints field to the self link in prepare_links conditionally allowing multiple HTTP methods based on user permissions. Implemented cache priming in get_items by collecting and deduplicating product/variation IDs from results, then calling _prime_post_caches to prevent N+1 queries.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and clearly summarizes the main changes: priming product caches and adding targetHints to REST API v4 orders for performance improvement.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description check	✅ Passed	The PR description clearly outlines the two specific changes (targetHints and cache priming), explains the reasoning, and provides testing instructions aligned with the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch performance/rest-api-v4-product-cache-priming

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/woocommerce/src/Internal/RestApi/Routes/V4/Orders/Controller.php`:
- Around line 205-206: The targetHints.allow value currently uses a blanket
current_user_can('edit_shop_orders') check which may differ from per-method,
per-item permission checks; update the code that builds the response (the array
containing 'href' and 'targetHints') to compute allowed HTTP methods by calling
the same item-specific permission checks used by the route (e.g.,
wc_rest_check_post_permissions(...) or the equivalent per-method checks) for
each method (GET, PUT, POST, PATCH, DELETE) against $item (use $item->get_id())
and include only the methods that pass in targetHints.allow instead of the
single current_user_can call; ensure you call the same permission helper used by
the route so clients see the exact methods accepted for that specific item.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 60716585-9b92-471e-a197-61556a5df27c

📥 Commits

Reviewing files that changed from the base of the PR and between d24999a and 5c39456.

📒 Files selected for processing (2)

• plugins/woocommerce/changelog/rest-api-v4-orders-cache-priming
• plugins/woocommerce/src/Internal/RestApi/Routes/V4/Orders/Controller.php

[jorgeatorres]

LGTM. Thanks @mikejolley!

Just noting that this doesn't fully remove N + 1 in the call chain: despite image_id being cached thanks to the priming here, OrderItemSchema::get_image() also calls wp_get_attachment_url() which queries the db for the attachment post and its metadata (so 2 queries per product). I don't think we can be certain that all possible N + 1's are covered, but might be something to look into next if needed.