From 79b13895fc527c1b3ea1fc59b28e41663b4f3965 Mon Sep 17 00:00:00 2001
From: Viktor Miller <viktor.miller@vihais.com>
Date: Wed, 14 Jan 2026 19:00:50 +0900
Subject: [PATCH] feat(01-03): register ddhh_provider role with restricted
 capabilities

- Add DDHH_JM_Roles class with add_roles() and remove_roles() methods
- Role 'ddhh_provider' (Anbieter) can edit/delete own job_offers only
- Jobs go to pending status (publish_job_offers: false)
- No access to regular posts/pages (edit_posts/edit_pages: false)
- Can upload files for logos
- Integrated with Activator and Deactivator hooks
---
 includes/class-activator.php   |  3 ++
 includes/class-deactivator.php |  3 ++
 includes/class-roles.php       | 62 ++++++++++++++++++++++++++++++++++
 3 files changed, 68 insertions(+)
 create mode 100644 includes/class-roles.php

diff --git a/includes/class-activator.php b/includes/class-activator.php
index 6a6f1ba..e647c3f 100644
--- a/includes/class-activator.php
+++ b/includes/class-activator.php
@@ -30,6 +30,9 @@ class DDHH_JM_Activator {
 		// Store plugin version
 		update_option( 'ddhh_jm_version', DDHH_JM_VERSION );
 
+		// Register custom roles
+		DDHH_JM_Roles::add_roles();
+
 		// Set flag to flush rewrite rules on next init
 		set_transient( 'ddhh_jm_flush_rewrite_rules', 1, 60 );
 	}
diff --git a/includes/class-deactivator.php b/includes/class-deactivator.php
index 8ae569c..f64494f 100644
--- a/includes/class-deactivator.php
+++ b/includes/class-deactivator.php
@@ -17,6 +17,9 @@ class DDHH_JM_Deactivator {
 	 * Deactivation logic
 	 */
 	public static function deactivate() {
+		// Remove custom roles
+		DDHH_JM_Roles::remove_roles();
+
 		// Flush rewrite rules
 		flush_rewrite_rules();
 	}
diff --git a/includes/class-roles.php b/includes/class-roles.php
new file mode 100644
index 0000000..d3e688a
--- /dev/null
+++ b/includes/class-roles.php
@@ -0,0 +1,62 @@
+<?php
+/**
+ * User roles handler
+ *
+ * @package DDHH_Job_Manager
+ */
+
+// Exit if accessed directly.
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Handles custom user roles
+ */
+class DDHH_JM_Roles {
+
+	/**
+	 * Add custom roles
+	 * Called on plugin activation
+	 */
+	public static function add_roles() {
+		// Register ddhh_provider role
+		add_role(
+			'ddhh_provider',
+			__( 'Anbieter', 'ddhh-job-manager' ),
+			array(
+				// Basic WordPress access
+				'read'                   => true,
+
+				// Job offer capabilities (own only)
+				'edit_job_offers'        => true,
+				'delete_job_offers'      => true,
+				'upload_files'           => true,
+
+				// Explicitly deny publishing (jobs go to pending for admin approval)
+				'publish_job_offers'     => false,
+
+				// Explicitly deny editing others' content
+				'edit_others_job_offers' => false,
+
+				// Explicitly deny access to regular posts/pages
+				'edit_posts'             => false,
+				'edit_pages'             => false,
+				'edit_others_posts'      => false,
+				'edit_others_pages'      => false,
+				'publish_posts'          => false,
+				'publish_pages'          => false,
+
+				// Explicitly deny admin functions
+				'manage_categories'      => false,
+				'manage_options'         => false,
+			)
+		);
+	}
+
+	/**
+	 * Remove custom roles
+	 * Called on plugin deactivation
+	 */
+	public static function remove_roles() {
+		remove_role( 'ddhh_provider' );
+	}
+}