From 4bc4d18f7bfe2983b04beb8301b0bfcb303bdcde Mon Sep 17 00:00:00 2001 From: Viktor Miller Date: Thu, 29 Jan 2026 12:16:58 +0900 Subject: [PATCH] docs(07-03): create comprehensive deployment checklist - Server requirements (PHP, WordPress, memory limits) - Required plugins (ACF Pro, Formidable Forms Pro, Elementor Pro, WP Mail SMTP) - Plugin configuration (ACF fields, Formidable forms F1-F5, Elementor templates) - Email configuration (SMTP setup, notification testing) - Access control verification (pages, redirects) - User roles and capabilities (ddhh_provider role) - Action Scheduler monitoring (pending/complete/failed actions) - Testing checklist (provider/mentor/admin flows from Phase 7) - Security checklist (HTTPS, ownership validation, CSRF protection) - Performance considerations (caching, query optimization) - Backup strategy (pre-deployment, rollback plan) - Post-deployment verification (smoke tests, functional tests, monitoring) - Known issues documented (4 minor UX issues from Phase 7 testing) File: .planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md --- .../07-testing-polish/DEPLOYMENT-CHECKLIST.md | 312 ++++++++++++++++++ 1 file changed, 312 insertions(+) create mode 100644 .planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md diff --git a/.planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md b/.planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md new file mode 100644 index 0000000..e22da03 --- /dev/null +++ b/.planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md @@ -0,0 +1,312 @@ +# Digital Dabei Job Manager - Deployment Checklist + +This checklist ensures the plugin is ready for production deployment and all requirements are met. + +## 1. Server Requirements + +- [ ] **PHP Version:** 7.4 or higher (8.0+ recommended) +- [ ] **WordPress Version:** 6.0 or higher +- [ ] **PHP Memory Limit:** 256M minimum (512M recommended for Action Scheduler) +- [ ] **Max Execution Time:** 60 seconds minimum +- [ ] **HTTPS Enabled:** SSL certificate installed and active +- [ ] **WP Cron:** Enabled (required for Action Scheduler) +- [ ] **File Upload Limits:** 10MB minimum for logo uploads + +## 2. Required Plugins + +### Core Dependencies +- [ ] **Advanced Custom Fields (ACF) Pro:** License activated, all field groups imported +- [ ] **Formidable Forms Pro:** License activated, all forms (F1-F5) created +- [ ] **Elementor Pro:** License activated, templates configured +- [ ] **WP Mail SMTP:** Installed and configured for production email delivery + +### Formidable Forms Add-ons +- [ ] Formidable Pro +- [ ] Form Action Automation (for post creation) +- [ ] User Registration Add-on (for provider registration) + +## 3. Plugin Configuration + +### ACF Field Groups +- [ ] **Job Details** field group exists + - [ ] `job_location` (text field) + - [ ] `job_type` (select: Vollzeit, Teilzeit, Minijob, Freelance/Projekt) + - [ ] `job_deadline` (date picker, return format: Ymd) + - [ ] `job_contact_email` (email field) +- [ ] **Job Deactivation** field group exists + - [ ] `deactivation_reason` (textarea) + - [ ] `deactivation_date` (date picker) +- [ ] **Job Metadata** field group exists + - [ ] `submission_date` (date picker, readonly) +- [ ] All field groups assigned to `job_offer` post type +- [ ] German labels display correctly in admin + +### Formidable Forms (F1-F5) +- [ ] **F1: Provider Registration** (form key: `provider_registration`) + - [ ] Creates user with `ddhh_provider` role + - [ ] Required fields: email, password, Anbieter Name + - [ ] Auto-login after registration action configured + - [ ] Redirect to dashboard after registration +- [ ] **F2: Job Submission** (form key: `job_submission`) + - [ ] Creates `job_offer` post with `pending` status + - [ ] Maps all fields to ACF (title, content, location, type, deadline, contact email) + - [ ] Logo upload field (stores as attachment) + - [ ] Redirect to dashboard after submission +- [ ] **F3: Job Edit** (form key: `job_edit`) + - [ ] Loads existing job data via URL parameter + - [ ] Ownership validation via `frm_validate_entry` hook + - [ ] Preserves submission date on update + - [ ] Resets status to `pending` after edit +- [ ] **F4: Job Deactivation** (form key: `job_deactivation`) + - [ ] Loads existing job data via URL parameter + - [ ] Ownership validation + - [ ] Sets status to `draft` + - [ ] Captures deactivation reason in ACF field +- [ ] **F5: Job Application** (form key: `job_application`) + - [ ] Pre-fills mentor email if logged in + - [ ] Sends application to provider's contact email + - [ ] Stays on job detail page after submission + +### Elementor Templates +- [ ] Job archive page (`/jobangebote/`) configured with Loop Grid +- [ ] Single job template displays ACF fields dynamically +- [ ] Contact form modal displays on single job pages +- [ ] Templates use German labels and formatting + +### User Notification Opt-in +- [ ] Mentor users can opt-in to job notifications +- [ ] User meta key: `ddhh_jm_notification_optin` (value: 'yes') +- [ ] Opt-in setting accessible via profile/account page + +## 4. Email Configuration + +### WP Mail SMTP Production Setup +- [ ] SMTP provider configured (Gmail, SendGrid, AWS SES, etc.) +- [ ] SMTP credentials entered and tested +- [ ] "From Email" set to verified sender address +- [ ] "From Name" set appropriately (e.g., "Digital Dabei Hamburg") +- [ ] Test email sent successfully from WP Mail SMTP settings + +### Email Verification +- [ ] **Admin email** (WordPress Settings → General) is correct +- [ ] Admin receives test notification emails +- [ ] Provider receives test notification emails +- [ ] Mentor receives test notification emails +- [ ] Email templates display correctly (HTML formatting) +- [ ] German text displays correctly (no character encoding issues) + +### Notification Testing +- [ ] Job submission triggers admin notification +- [ ] Job edit triggers admin notification with change summary +- [ ] Job deactivation triggers admin notification with reason +- [ ] Job publish triggers mentor notification (async batches) +- [ ] Job application triggers provider notification +- [ ] All email links are clickable and work correctly + +## 5. Access Control + +### Required Pages +- [ ] `/anbieter-login/` page exists with login/registration forms +- [ ] `/anbieter-dashboard/` page exists with `[ddhh_provider_dashboard]` shortcode +- [ ] Page IDs stored in options: `ddhh_jm_login_page_id`, `ddhh_jm_dashboard_page_id` +- [ ] Pages are published and accessible + +### Redirect Testing +- [ ] Providers attempting WP-Admin access redirected to dashboard +- [ ] Exception: `profile.php` accessible for providers +- [ ] Exception: `admin-ajax.php` accessible for AJAX +- [ ] Non-logged-in users accessing dashboard redirected to login page +- [ ] Non-logged-in users accessing job archive redirected to login page +- [ ] Non-logged-in users accessing single job redirected to login page + +## 6. User Roles & Capabilities + +### ddhh_provider Role +- [ ] Role exists in WordPress +- [ ] Capabilities configured: + - [ ] `read` (can access WordPress) + - [ ] `edit_job_offers` (can edit their own jobs) + - [ ] `delete_job_offers` (can delete their own jobs) + - [ ] `read_job_offer` (can read published jobs) + - [ ] No `publish_job_offers` capability (enforces pending status) + +### Test Users +- [ ] Test provider account created and can log in +- [ ] Test mentor account (subscriber role) created and can log in +- [ ] Test admin account can access all features +- [ ] Provider can only edit/delete their own jobs (not others') +- [ ] Provider cannot access WP-Admin (except profile.php) + +## 7. Action Scheduler + +### Verification +- [ ] Visit: `/wp-admin/tools.php?page=action-scheduler` +- [ ] Action Scheduler page loads without errors +- [ ] WP Cron is running (check via WP-Cron Control plugin or server cron) +- [ ] Alternative: Server cron configured to trigger `wp-cron.php` every 5 minutes + +### Monitoring +- [ ] Check "Pending" tab for queued email batches +- [ ] Check "Complete" tab for successfully processed batches +- [ ] Check "Failed" tab for errors (should be empty) +- [ ] Review logs for "Scheduled X notification batches" messages +- [ ] Review logs for "Processed notification batch" messages +- [ ] No PHP errors or warnings in error logs + +### Performance +- [ ] Email batches process in chunks of 50 users (rate limiting) +- [ ] No timeout errors during batch processing +- [ ] Batch actions complete within reasonable time (< 30 seconds per batch) + +## 8. Testing Checklist + +### Provider Flow (See Plan 07-01) +- [ ] Registration creates provider account successfully +- [ ] Auto-login after registration works +- [ ] Redirect to dashboard after registration works +- [ ] Job submission creates pending post with all fields +- [ ] Logo upload and display works +- [ ] Dashboard displays submitted jobs with correct status +- [ ] Edit form loads job data correctly +- [ ] Edit saves changes and resets status to pending +- [ ] Deactivation sets status to draft and captures reason +- [ ] Provider can view their own jobs in dashboard +- [ ] Logout functionality available + +### Mentor Flow (See Plan 07-02) +- [ ] Job archive displays published jobs only +- [ ] Login required to access job archive +- [ ] Single job page displays all details correctly +- [ ] Contact form modal displays on single job pages +- [ ] Application form submits successfully +- [ ] Provider receives application notification +- [ ] Notification opt-in preference saves correctly +- [ ] Opted-in mentors receive job publish notifications + +### Admin Flow (See Plan 07-03) +- [ ] Admin job list displays custom columns (Eingereicht am, Standort, Art) +- [ ] Custom columns are sortable +- [ ] Pending jobs visible in admin list +- [ ] Admin can change status from pending to published +- [ ] Admin can reject jobs (set to draft) +- [ ] Admin receives submission notification with edit link +- [ ] Admin receives edit notification with change summary +- [ ] Admin receives deactivation notification with reason +- [ ] Email links are clickable and work correctly + +## 9. Security Checklist + +- [ ] **HTTPS Enabled:** All pages served over SSL +- [ ] **User Enumeration:** Blocked via security plugin or .htaccess +- [ ] **File Upload Restrictions:** Only image files allowed for logos +- [ ] **Ownership Validation:** Forms validate user owns job before editing/deactivation +- [ ] **Capability Checks:** All admin functions check user capabilities +- [ ] **Nonce Verification:** Formidable forms use nonces for CSRF protection +- [ ] **SQL Injection:** All queries use prepared statements (WordPress core) +- [ ] **XSS Protection:** All output escaped via `esc_html()`, `esc_url()`, etc. +- [ ] **Password Strength:** WordPress default password strength enforced +- [ ] **Admin Access:** Providers cannot access WP-Admin backend + +## 10. Performance + +- [ ] **Query Optimization:** Custom columns use efficient queries (no N+1 issues) +- [ ] **Image Optimization:** Logos auto-cropped to 200x200px on upload +- [ ] **Caching:** Object caching enabled if high traffic expected (Redis, Memcached) +- [ ] **CDN:** Consider CDN for static assets if high traffic +- [ ] **Database Indexes:** ACF meta keys indexed for fast sorting +- [ ] **Action Scheduler Cleanup:** Old completed actions cleaned up regularly (90-day retention) + +## 11. Backup Strategy + +### Pre-Deployment +- [ ] **Full Database Backup:** Export complete database before plugin activation +- [ ] **File System Backup:** Backup entire WordPress installation +- [ ] **Test Restore:** Verify backup can be restored successfully +- [ ] **Backup Storage:** Store backups in secure, offsite location + +### Rollback Plan +- [ ] Document rollback procedure (deactivate plugin, restore database) +- [ ] Identify rollback trigger criteria (critical bugs, data loss) +- [ ] Assign rollback decision authority (who can authorize rollback) +- [ ] Test rollback procedure in staging environment + +## 12. Post-Deployment Verification + +### Smoke Tests (Within 1 hour) +- [ ] WordPress admin loads without errors +- [ ] Plugin appears in active plugins list +- [ ] Job archive page loads +- [ ] Single job page loads +- [ ] Provider login page loads +- [ ] Provider dashboard loads +- [ ] No fatal PHP errors in error logs + +### Functional Tests (Within 24 hours) +- [ ] Provider registration creates account +- [ ] Job submission creates pending post +- [ ] Admin receives submission notification +- [ ] Admin can publish job +- [ ] Mentors receive publish notification (check Action Scheduler) +- [ ] Mentor can apply to job +- [ ] Provider receives application notification +- [ ] Job edit works correctly +- [ ] Job deactivation works correctly + +### Monitoring (First 7 days) +- [ ] Monitor error logs daily for PHP warnings/errors +- [ ] Check Action Scheduler for failed actions daily +- [ ] Review email delivery logs for bounces/failures +- [ ] Monitor server performance (CPU, memory, database queries) +- [ ] Collect user feedback on any issues or confusion +- [ ] Track job submission rate and mentor engagement + +## Issues Found During Testing + +### Known Issues (Phase 7 Testing) + +**Issue 1: No logout option on /anbieter-login/ page** +- **Severity:** Low (UX improvement) +- **Impact:** Minor confusion for logged-in providers +- **Status:** Documented, recommended fix for future update + +**Issue 2: Admin submission email missing job description** +- **Severity:** Medium (reduces notification usefulness) +- **Impact:** Admin must click through to WP-Admin to read description +- **Status:** Documented, recommended fix for future update + +**Issue 3: Deactivation reason not displayed in admin notification** +- **Severity:** Medium (reduces business intelligence) +- **Impact:** Admin loses visibility into deactivation reasons via email +- **Status:** Documented, recommended fix for future update + +**Issue 4: Admin email edit links not clickable** +- **Severity:** Medium (reduces notification usefulness) +- **Impact:** Admin cannot click edit link, must copy/paste URL +- **Status:** Documented, recommended fix for future update + +## Support Resources + +- **Plugin Documentation:** `.planning/PROJECT.md`, `CLAUDE.md` +- **Test Results:** `.planning/phases/07-testing-polish/` (07-01, 07-02, 07-03 summaries) +- **Architecture Reference:** `CLAUDE.md` (subsystems, workflows, hooks) +- **Action Scheduler Docs:** https://actionscheduler.org/ +- **ACF Documentation:** https://www.advancedcustomfields.com/resources/ +- **Formidable Forms Docs:** https://formidableforms.com/knowledgebase/ + +## Sign-Off + +- [ ] **Technical Review:** All checklist items verified by developer +- [ ] **QA Testing:** All user flows tested end-to-end +- [ ] **Stakeholder Approval:** Product owner approves deployment +- [ ] **Deployment Window:** Scheduled deployment time confirmed +- [ ] **Team Notification:** All stakeholders notified of deployment + +**Deployment Date:** _________________ + +**Deployed By:** _________________ + +**Verified By:** _________________ + +--- + +**Status:** Ready for production deployment with 4 minor UX issues documented for future updates.