vmiller/Digital-Dabei-Hamburg-Job-Manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0c9ebb9e89ae4e8c7b6fb96661f5dc7c0127eeff
Digital-Dabei-Hamburg-Job-M…/.planning/phases/01-foundation-setup/01-03-SUMMARY.md
Viktor Miller d41fd500d5 docs(01-03): complete roles and fields plan 
Tasks completed: 2/2
- Register ddhh_provider role with restricted capabilities
- Register ACF field group for job_offer metadata

SUMMARY: .planning/phases/01-foundation-setup/01-03-SUMMARY.md
2026-01-14 19:02:58 +09:00

4.8 KiB
Raw Blame History

phase, plan, subsystem, tags, requires, provides, affects, tech-stack, key-files, key-decisions, issues-created, metrics
phase plan subsystem tags requires provides affects tech-stack key-files key-decisions issues-created metrics
01-foundation-setup 03 auth
acf
roles
capabilities
wordpress
01-02
provider-role
job-metadata-fields
02-form-submission
added patterns
capability-based-access-control
acf-local-fields
created modified
includes/class-roles.php
includes/class-acf-fields.php
includes/class-activator.php
includes/class-deactivator.php
includes/class-ddhh-job-manager.php
Jobs submit to pending status (admin approval required)
German field labels for v1
Logo stored as image ID (not URL)
Deactivation reason field conditional on non-published status
duration completed
3 min 2026-01-14

Phase 1 Plan 3: Roles & Fields Summary

Provider role and ACF field group for job metadata registered

Accomplishments

  • Custom role 'ddhh_provider' (Anbieter) with job-only capabilities
  • ACF field group 'Job Details' with 6 metadata fields
  • Proper capability restrictions (no posts/pages access, no publishing)
  • Logo upload support via upload_files capability
  • Role registration integrated with plugin activation/deactivation

Files Created/Modified

Created:

  • includes/class-roles.php - Role registration and cleanup (DDHH_JM_Roles class)
  • includes/class-acf-fields.php - ACF field group definition (DDHH_JM_ACF_Fields class)

Modified:

  • includes/class-activator.php - Added DDHH_JM_Roles::add_roles() call
  • includes/class-deactivator.php - Added DDHH_JM_Roles::remove_roles() call
  • includes/class-ddhh-job-manager.php - Hooked ACF fields to 'acf/init' action

Technical Details

Provider Role Capabilities

The ddhh_provider role has been configured with restricted capabilities:

Granted:

  • read - Basic WordPress access
  • edit_job_offers - Can edit own job offers
  • delete_job_offers - Can delete own job offers
  • upload_files - Required for logo uploads

Explicitly Denied:

  • publish_job_offers - Jobs go to pending for admin approval
  • edit_others_job_offers - Cannot edit others' jobs
  • edit_posts, edit_pages - No access to regular content
  • manage_categories, manage_options - No admin functions

ACF Fields Structure

Field group targets post_type == 'job_offer':

  1. job_location (text, required) - Standort
  2. job_type (select, required) - Art
    • Choices: Vollzeit, Teilzeit, Ehrenamt
  3. job_deadline (date_picker, optional) - Bewerbungsfrist
    • Return format: Y-m-d
    • Display format: d.m.Y (German)
  4. job_contact_email (email, required) - Kontakt-E-Mail
  5. job_logo (image, optional) - Logo
    • Return format: id (attachment ID)
    • Preview size: thumbnail
  6. job_deactivation_reason (textarea, optional) - Deaktivierungsgrund (intern)
    • Conditional logic: Only shows when post_status != 'publish'
    • For admin use when deactivating jobs

Decisions Made

  1. Jobs submit to pending status - Providers cannot publish directly (publish_job_offers: false). This enforces admin approval workflow as specified in PROJECT.md core value.

  2. German field labels - Per PROJECT.md: German only for v1. Labels use German terms: Standort, Art, Bewerbungsfrist, Kontakt-E-Mail, Logo.

  3. Logo as image ID (not URL) - Using return_format: 'id' for better media library integration. Allows access to all image sizes and metadata.

  4. Deactivation reason field conditional - Uses ACF conditional logic to show job_deactivation_reason only when post is not published. Keeps admin interface clean for active jobs.

  5. Capability-based isolation - Used custom capability_type 'job_offer' (from 01-02) combined with explicit denials to ensure providers cannot access posts/pages even if WordPress roles are modified.

Commits

  • Task 1: 79b1389 - feat(01-03): register ddhh_provider role with restricted capabilities
  • Task 2: c8fdf39 - feat(01-03): register ACF field group for job_offer metadata

Verification

All verification criteria met:

  • Provider role exists with correct capabilities
  • Provider CANNOT edit regular posts/pages (edit_posts: false, edit_pages: false)
  • Provider CAN upload files (upload_files: true) for logos
  • ACF fields will appear on job_offer edit screen (hooked to acf/init)
  • Required fields marked as required (job_location, job_type, job_contact_email)

Issues Encountered

None

Next Phase Readiness

Phase 1 complete - all 3 plans done:

  • 01-01: Plugin foundation (completed)
  • 01-02: Custom post type 'job_offer' (completed)
  • 01-03: Roles & ACF fields (completed)

Ready for Phase 2: Form submission with Formidable Forms. The foundation is in place:

  • Custom post type registered with correct capabilities
  • Provider role ready for assignment
  • ACF fields ready to receive data from form submissions

No blockers or concerns.

Next Step

Phase 1 complete. Ready for Phase 2 (Form Submission).

Reference in New Issue View Git Blame Copy Permalink