docs(02): create phase 2 plans
Phase 02: Provider Registration & Auth - 4 plans created - 8 total tasks defined - Ready for execution Plans: - 02-01: Formidable registration form with auto-login - 02-02: Combined login/registration page - 02-03: Provider dashboard template - 02-04: Access control and redirects
This commit is contained in:
134
.planning/phases/02-provider-registration-auth/02-04-PLAN.md
Normal file
134
.planning/phases/02-provider-registration-auth/02-04-PLAN.md
Normal file
@@ -0,0 +1,134 @@
|
||||
---
|
||||
phase: 02-provider-registration-auth
|
||||
plan: 04
|
||||
type: execute
|
||||
depends_on: ["02-03"]
|
||||
files_modified: [includes/class-access-control.php]
|
||||
---
|
||||
|
||||
<objective>
|
||||
Implement access control and redirects for provider role.
|
||||
|
||||
Purpose: Prevent providers from accessing WP-Admin (except profile) and protect dashboard page.
|
||||
Output: Access control hooks that enforce provider restrictions per PROJECT.md requirements.
|
||||
</objective>
|
||||
|
||||
<execution_context>
|
||||
~/.claude/get-shit-done/workflows/execute-plan.md
|
||||
./summary.md
|
||||
</execution_context>
|
||||
|
||||
<context>
|
||||
@.planning/PROJECT.md
|
||||
@.planning/ROADMAP.md
|
||||
@.planning/phases/01-foundation-setup/01-03-SUMMARY.md
|
||||
@.planning/phases/02-provider-registration-auth/02-03-SUMMARY.md
|
||||
|
||||
**From PROJECT.md:**
|
||||
- Constraint: "Providers: restricted capabilities, no WP-Admin access except profile"
|
||||
- Core value: Admin moderation is the trust layer
|
||||
|
||||
**From Phase 1:**
|
||||
- Provider role `ddhh_provider` exists with no admin capabilities
|
||||
|
||||
**From 02-03:**
|
||||
- Dashboard page exists at /anbieter-dashboard/
|
||||
</context>
|
||||
|
||||
<tasks>
|
||||
|
||||
<task type="auto">
|
||||
<name>Task 1: Redirect providers away from WP-Admin</name>
|
||||
<files>includes/class-access-control.php</files>
|
||||
<action>
|
||||
Create `includes/class-access-control.php` with static method setup_hooks():
|
||||
|
||||
Hook into 'admin_init' action:
|
||||
- Check if current user has role 'ddhh_provider' (use wp_get_current_user()->roles)
|
||||
- If ddhh_provider AND not accessing profile.php or admin-ajax.php:
|
||||
- Get dashboard page URL: get_permalink(get_option('ddhh_jm_dashboard_page_id'))
|
||||
- Redirect using wp_redirect($dashboard_url) and exit
|
||||
- Allow profile.php (providers can edit their profile)
|
||||
- Allow admin-ajax.php (needed for AJAX requests from frontend)
|
||||
|
||||
Hook this to 'init' action in main class.
|
||||
|
||||
DO NOT block all admin access - allow profile.php so providers can change their password and email.
|
||||
DO NOT redirect on AJAX requests (admin-ajax.php must remain accessible).
|
||||
</action>
|
||||
<verify>Provider user accessing wp-admin/ gets redirected to /anbieter-dashboard/, but wp-admin/profile.php remains accessible</verify>
|
||||
<done>WP-Admin redirect implemented, profile access preserved, dashboard redirect functional</done>
|
||||
</task>
|
||||
|
||||
<task type="auto">
|
||||
<name>Task 2: Protect dashboard page (logged-in providers only)</name>
|
||||
<files>includes/class-access-control.php</files>
|
||||
<action>
|
||||
In class-access-control.php, add static method protect_dashboard():
|
||||
|
||||
Hook into 'template_redirect' action:
|
||||
- Check if current page is dashboard page (using get_option('ddhh_jm_dashboard_page_id'))
|
||||
- If yes:
|
||||
- Check if user is logged in: is_user_logged_in()
|
||||
- Check if user has ddhh_provider role
|
||||
- If NOT logged in OR NOT ddhh_provider: redirect to login page (get_option('ddhh_jm_login_page_id'))
|
||||
|
||||
This ensures only logged-in providers can access the dashboard.
|
||||
|
||||
DO NOT use wp_die() - use wp_redirect() to login page with a friendly redirect flow.
|
||||
</action>
|
||||
<verify>Non-logged-in users accessing /anbieter-dashboard/ get redirected to /anbieter-login/, logged-in providers see dashboard</verify>
|
||||
<done>Dashboard protected, only providers can access, redirects to login page if unauthorized</done>
|
||||
</task>
|
||||
|
||||
</tasks>
|
||||
|
||||
<verification>
|
||||
Before declaring plan complete:
|
||||
- [ ] Provider accessing wp-admin/ gets redirected to dashboard
|
||||
- [ ] Provider CAN access wp-admin/profile.php
|
||||
- [ ] Non-logged-in users accessing dashboard get redirected to login
|
||||
- [ ] Logged-in providers CAN access dashboard
|
||||
- [ ] Admin users are not affected by redirects
|
||||
</verification>
|
||||
|
||||
<success_criteria>
|
||||
|
||||
- All tasks completed
|
||||
- Provider role properly restricted from WP-Admin
|
||||
- Dashboard protected and accessible only to providers
|
||||
- Profile access preserved for providers
|
||||
- Phase 2 complete - ready for Phase 3 (job submission forms)
|
||||
</success_criteria>
|
||||
|
||||
<output>
|
||||
After completion, create `.planning/phases/02-provider-registration-auth/02-04-SUMMARY.md`:
|
||||
|
||||
# Phase 2 Plan 4: Access Control & Redirects Summary
|
||||
|
||||
**Access control enforcing provider restrictions and dashboard protection**
|
||||
|
||||
## Accomplishments
|
||||
|
||||
- WP-Admin redirect for providers (except profile.php)
|
||||
- Dashboard page protection (logged-in providers only)
|
||||
- Login redirect for unauthorized dashboard access
|
||||
- Profile access preserved for providers
|
||||
|
||||
## Files Created/Modified
|
||||
|
||||
- `includes/class-access-control.php` - Redirect hooks and protection logic
|
||||
- `includes/class-ddhh-job-manager.php` - Hook access control setup
|
||||
|
||||
## Decisions Made
|
||||
|
||||
[Document redirect approach, exceptions made]
|
||||
|
||||
## Issues Encountered
|
||||
|
||||
[Problems and resolutions, or "None"]
|
||||
|
||||
## Next Step
|
||||
|
||||
Phase 2 complete. Ready for Phase 3 (Job Management Core).
|
||||
</output>
|
||||
Reference in New Issue
Block a user