ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
upskill-event-manager/docs/TRAINER-ANNOUNCEMENTS-SPEC.md
Ben c20b461e7d feat: Implement secure Trainer Announcements system with comprehensive features 
This commit introduces a complete announcement management system for HVAC trainers
with enterprise-grade security, performance optimization, and email notifications.

## Core Features
- Custom post type for trainer announcements with categories and tags
- Role-based permissions (master trainers can create/edit, all trainers can read)
- AJAX-powered admin interface with real-time updates
- Modal popup viewing for announcements on frontend
- Automated email notifications when announcements are published
- Google Drive integration for training resources

## Security Enhancements
- Fixed critical capability mapping bug preventing proper permission checks
- Added content disclosure protection for draft/private announcements
- Fixed XSS vulnerabilities with proper output escaping and sanitization
- Implemented permission checks on all AJAX endpoints
- Added rate limiting to prevent abuse (30 requests/minute)
- Email validation before sending notifications

## Performance Optimizations
- Implemented intelligent caching for user queries (5-minute TTL)
- Added cache versioning for announcement lists (2-minute TTL)
- Automatic cache invalidation on content changes
- Batch email processing to prevent timeouts (50 emails per batch)
- Retry mechanism for failed email sends (max 3 attempts)

## Technical Implementation
- Singleton pattern for all manager classes
- WordPress coding standards compliance
- Proper nonce verification on all AJAX requests
- Comprehensive error handling and logging
- Mobile-responsive UI with smooth animations
- WCAG accessibility compliance

## Components Added
- 6 PHP classes for modular architecture
- 2 page templates (master announcements, trainer resources)
- Admin and frontend JavaScript with jQuery integration
- Comprehensive CSS for both admin and frontend
- Email notification system with HTML templates
- Complete documentation and implementation plans

This system provides a secure, scalable foundation for trainer communications
while following WordPress best practices and maintaining high code quality.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-20 13:34:15 -03:00

9.1 KiB
Raw Blame History

Trainer Announcements System Specification

Overview

A comprehensive announcement system enabling Master Trainers to communicate important updates to all HVAC Trainers through a dedicated post type, management interface, and automated email notifications.

1. Custom Post Type: Trainer Announcements

Post Type Configuration

  • Name: hvac_announcement
  • Labels: Trainer Announcements (plural), Trainer Announcement (singular)
  • Capabilities: Custom capability set to restrict access
  • Public: False (not publicly queryable)
  • Show in REST: True (for Gutenberg support)
  • Menu Icon: dashicons-megaphone

Post Type Features

  • Title
  • Editor (rich content with Gutenberg blocks)
  • Featured Image
  • Author
  • Publish Date/Time
  • Post Status (draft, published, private)
  • Custom Taxonomies:
    • Announcement Categories (hvac_announcement_category)
    • Announcement Tags (hvac_announcement_tag)

Permissions Model

  • Create/Edit/Delete: Only users with hvac_master_trainer role
  • Read: Users with hvac_trainer OR hvac_master_trainer roles
  • Custom Capabilities:
    • create_hvac_announcements
    • edit_hvac_announcements
    • delete_hvac_announcements
    • read_hvac_announcements
    • publish_hvac_announcements

2. Master Trainer Announcements Management Page

URL Structure

  • Path: /master-trainer/announcements/
  • Template: templates/page-master-announcements.php
  • Page Slug: master-announcements

Interface Components

Announcements Table

  • Columns:
    • Title (linked to edit modal)
    • Status (Draft/Published/Private)
    • Categories
    • Author
    • Date Published
    • Actions (Edit, Delete, View)
  • Features:
    • Sortable columns
    • Status filters (All, Published, Draft)
    • Bulk actions
    • Pagination (20 per page)
    • Search functionality

Add Announcement Modal

  • Trigger: "Add New Announcement" button
  • Form Fields:
    • Title (required, text input)
    • Content (TinyMCE editor with Gutenberg blocks)
    • Publish Date/Time (datetime picker, defaults to now)
    • Status (dropdown: draft, published, private)
    • Categories (multi-select or checkboxes)
    • Tags (comma-separated text input)
    • Featured Image (WordPress media uploader)
  • Actions:
    • Save as Draft
    • Publish
    • Cancel

Edit Announcement Modal

  • Trigger: Edit action in table or title click
  • Form Fields: Same as Add modal, pre-populated with existing data
  • Additional Actions:
    • Update
    • Move to Trash
    • Cancel

AJAX Implementation

  • Endpoints:
    • hvac_get_announcements - Fetch paginated announcements
    • hvac_create_announcement - Create new announcement
    • hvac_update_announcement - Update existing announcement
    • hvac_delete_announcement - Delete announcement
    • hvac_get_announcement - Get single announcement for editing
  • Security: Nonce verification, capability checks

3. Trainer Resources Page

URL Structure

  • Path: /trainer/resources/
  • Template: templates/page-trainer-resources.php
  • Page Slug: trainer-resources

Page Components

Announcements Section

  • Block Type: UAGB Post Timeline block
  • Configuration: 
    <!-- wp:uagb/post-timeline {
  "timelinAlignmentTablet":"left",
  "timelinAlignmentMobile":"left",
  "dateFontSizeType":"px",
  "dateFontSize":12,
  "block_id":"d9c6878e",
  "post_type":"hvac_announcement",
  "posts_per_page":10,
  "order":"desc",
  "orderby":"date"
} /-->
  • Display: Latest 10 announcements with load more functionality
  • Fields Shown: Title, excerpt, date, featured image thumbnail

Google Drive Section

  • Title: "Training Resources Library"
  • Implementation: Embedded iframe
  • URL: https://drive.google.com/drive/folders/16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG?usp=drive_link
  • Iframe Attributes:
    • Width: 100%
    • Height: 600px minimum
    • Responsive sizing
    • Border: none
    • Allow: fullscreen

Access Control

  • Verify user has hvac_trainer or hvac_master_trainer role
  • Redirect unauthorized users to login

4. Navigation Menu Updates

Master Trainer Navigation

  • Parent Menu: Trainer Management (existing)
  • New Item: "Announcements"
    • Position: After "Trainer Performance"
    • URL: /master-trainer/announcements/
    • Icon: megaphone or announcement icon

Trainer Navigation

  • Parent Menu: Main navigation
  • New Item: "Resources"
    • Position: After "Training Leads" (under Profile)
    • URL: /trainer/resources/
    • Icon: folder or resource icon

Implementation

  • Update HVAC_Menu_System::get_trainer_menu_items()
  • Update HVAC_Menu_System::get_master_trainer_menu_items()
  • Maintain existing dropdown structure and mobile responsiveness

5. Email Notification System

Trigger

  • On announcement status change to "published"
  • Only for new publications (not updates to published posts)

Recipients

  • All users with hvac_trainer OR hvac_master_trainer roles
  • Exclude users with status: disabled, deactivated, or pending
  • Use batch processing for large recipient lists (50 per batch)

Email Template

Subject Line

Upskill HVAC Trainer Announcement: [announcement_title]

HTML Template Structure

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Trainer Announcement</title>
</head>
<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">
    <div style="max-width: 600px; margin: 0 auto; padding: 20px;">
        <!-- Header -->
        <div style="background: #003366; color: white; padding: 20px; text-align: center;">
            <h1>Upskill HVAC Trainer Announcement</h1>
        </div>
        
        <!-- Content -->
        <div style="padding: 30px; background: #ffffff; border: 1px solid #e0e0e0;">
            <h2>[announcement_title]</h2>
            <p style="color: #666; font-size: 14px;">Posted on [publish_date]</p>
            
            <!-- Featured Image (if exists) -->
            [featured_image]
            
            <!-- Announcement Content -->
            <div style="margin-top: 20px;">
                [announcement_content]
            </div>
            
            <!-- Categories/Tags (if exists) -->
            <div style="margin-top: 20px; padding-top: 20px; border-top: 1px solid #e0e0e0;">
                [categories_tags]
            </div>
        </div>
        
        <!-- Footer -->
        <div style="padding: 20px; background: #f5f5f5; text-align: center; font-size: 12px; color: #666;">
            <p>You received this email because you are registered as an HVAC Trainer.</p>
            <p><a href="[site_url]/trainer/resources/">View all announcements</a></p>
        </div>
    </div>
</body>
</html>

Implementation Details

  • Use WordPress wp_mail() with HTML headers
  • Queue emails using Action Scheduler or WP-Cron
  • Log email sends for audit trail
  • Handle failures with retry mechanism (max 3 attempts)
  • Provide admin interface to view email send status

6. Database Schema

Custom Tables

None required - uses WordPress post and postmeta tables

Meta Keys

  • _hvac_announcement_email_sent - Boolean, tracks if email was sent
  • _hvac_announcement_email_recipients - Serialized array of recipient IDs
  • _hvac_announcement_email_send_date - Timestamp of email send

7. Security Considerations

  • All AJAX endpoints require nonce verification
  • Strict capability checks before any CRUD operations
  • Sanitize all user inputs (title, content, tags)
  • Escape all outputs
  • Validate featured image uploads
  • Rate limiting on email sends (max 1 per minute per announcement)
  • XSS protection in rich content editor

8. Performance Optimizations

  • Cache announcement queries using WordPress transients
  • Lazy load announcements in timeline
  • Paginate announcement lists (20 per page)
  • Queue email sends asynchronously
  • Optimize featured images (max 1200px width)
  • Use WordPress REST API for modal operations

9. Testing Requirements

Unit Tests

  • Custom post type registration
  • Capability assignments
  • AJAX endpoint security
  • Email queue processing
  • Menu item visibility

E2E Tests (Playwright)

  • Create announcement as master trainer
  • Edit existing announcement
  • Delete announcement
  • View announcements as trainer
  • Access control (non-trainer rejection)
  • Email notification delivery
  • Navigation menu updates
  • Resources page Google Drive embed

10. Migration & Deployment

Activation Steps

  1. Register custom post type
  2. Add capabilities to roles
  3. Create required pages
  4. Flush rewrite rules
  5. Initialize email queue tables

Rollback Plan

  1. Deactivate announcement features
  2. Hide menu items
  3. Preserve announcement data
  4. Stop email queue processing

11. Future Enhancements

  • Announcement scheduling (auto-publish at future date)
  • Email open/click tracking
  • Announcement comments/feedback system
  • Rich media attachments (PDFs, videos)
  • Announcement importance levels (urgent, normal, low)
  • Trainer preferences for email frequency
  • Mobile app push notifications
  • Multi-language support
  • Announcement templates for common topics