- Added HVAC_Role_Manager class with role/permission management - Implemented test cases in HVAC_Role_Manager_Test.php - Created API documentation in docs/role-manager-api.md - Updated testing improvement plan with progress - Added design decisions to memory-bank/decisionLog.md Includes: - Role creation/deletion methods - Permission management system - Role conflict detection - Permission inheritance logic - Comprehensive test coverage
		
			
				
	
	
		
			276 lines
		
	
	
		
			No EOL
		
	
	
		
			7 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			276 lines
		
	
	
		
			No EOL
		
	
	
		
			7 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # HVAC Role Manager API Documentation
 | |
| 
 | |
| ## Overview
 | |
| 
 | |
| The HVAC Role Manager is a comprehensive WordPress role management system that provides advanced capabilities for role creation, inheritance, and conflict detection. It seamlessly integrates with The Events Calendar (TEC) and supports complex permission hierarchies.
 | |
| 
 | |
| ### Key Features
 | |
| - Role creation and management
 | |
| - Multiple role inheritance
 | |
| - Capability conflict detection
 | |
| - Transaction-based role operations
 | |
| - TEC capability integration
 | |
| - Core WordPress role protection
 | |
| 
 | |
| ### Prerequisites
 | |
| - WordPress 5.0 or higher
 | |
| - The Events Calendar (for TEC-specific capabilities)
 | |
| 
 | |
| ## API Reference
 | |
| 
 | |
| ### Role Management
 | |
| 
 | |
| #### create_role()
 | |
| ```php
 | |
| /**
 | |
|  * Creates a new WordPress role with specified capabilities
 | |
|  *
 | |
|  * @param string $role_name     Unique identifier for the role
 | |
|  * @param string $display_name  Human-readable name for the role
 | |
|  * @param array  $capabilities  Array of capabilities (key: capability name, value: boolean)
 | |
|  * @param array  $parent_roles  Optional. Array of parent role names to inherit from
 | |
|  * @return bool True on success, false on failure
 | |
|  * @throws InvalidArgumentException If role name/display name is empty or role exists
 | |
|  */
 | |
| public function create_role(
 | |
|     string $role_name,
 | |
|     string $display_name,
 | |
|     array $capabilities,
 | |
|     array $parent_roles = []
 | |
| ): bool
 | |
| ```
 | |
| 
 | |
| Example:
 | |
| ```php
 | |
| try {
 | |
|     $role_manager->create_role(
 | |
|         'event_coordinator',
 | |
|         'Event Coordinator',
 | |
|         ['edit_posts' => true, 'publish_tribe_events' => true],
 | |
|         ['editor']  // Inherit from editor role
 | |
|     );
 | |
| } catch (InvalidArgumentException $e) {
 | |
|     // Handle error
 | |
| }
 | |
| ```
 | |
| 
 | |
| #### delete_role()
 | |
| ```php
 | |
| /**
 | |
|  * Deletes a WordPress role if it's not a core role
 | |
|  *
 | |
|  * @param string $role_name Role identifier to delete
 | |
|  * @return bool True on success, false on failure
 | |
|  * @throws InvalidArgumentException If attempting to delete a core role
 | |
|  */
 | |
| public function delete_role(string $role_name): bool
 | |
| ```
 | |
| 
 | |
| Example:
 | |
| ```php
 | |
| try {
 | |
|     $role_manager->delete_role('event_coordinator');
 | |
| } catch (InvalidArgumentException $e) {
 | |
|     // Handle error (e.g., attempting to delete core role)
 | |
| }
 | |
| ```
 | |
| 
 | |
| ### Capability Management
 | |
| 
 | |
| #### add_capabilities()
 | |
| ```php
 | |
| /**
 | |
|  * Adds capabilities to an existing role
 | |
|  *
 | |
|  * @param string $role_name    Role identifier
 | |
|  * @param array  $capabilities Array of capability names to add
 | |
|  * @return bool True on success, false on failure
 | |
|  */
 | |
| public function add_capabilities(string $role_name, array $capabilities): bool
 | |
| ```
 | |
| 
 | |
| Example:
 | |
| ```php
 | |
| $new_caps = ['new_cap_1', 'new_cap_2'];
 | |
| $result = $role_manager->add_capabilities('event_coordinator', $new_caps);
 | |
| ```
 | |
| 
 | |
| #### remove_capabilities()
 | |
| ```php
 | |
| /**
 | |
|  * Removes capabilities from an existing role
 | |
|  *
 | |
|  * @param string $role_name    Role identifier
 | |
|  * @param array  $capabilities Array of capability names to remove
 | |
|  * @return bool True on success, false on failure
 | |
|  */
 | |
| public function remove_capabilities(string $role_name, array $capabilities): bool
 | |
| ```
 | |
| 
 | |
| Example:
 | |
| ```php
 | |
| $result = $role_manager->remove_capabilities('event_coordinator', ['new_cap_1']);
 | |
| ```
 | |
| 
 | |
| ### Role Verification
 | |
| 
 | |
| #### role_exists()
 | |
| ```php
 | |
| /**
 | |
|  * Checks if a role exists
 | |
|  *
 | |
|  * @param string $role_name Role identifier to check
 | |
|  * @return bool True if role exists, false otherwise
 | |
|  */
 | |
| public function role_exists(string $role_name): bool
 | |
| ```
 | |
| 
 | |
| #### get_role_capabilities()
 | |
| ```php
 | |
| /**
 | |
|  * Retrieves all capabilities for a role
 | |
|  *
 | |
|  * @param string $role_name Role identifier
 | |
|  * @return array Array of capabilities (key: capability name, value: boolean)
 | |
|  */
 | |
| public function get_role_capabilities(string $role_name): array
 | |
| ```
 | |
| 
 | |
| ### Conflict Detection
 | |
| 
 | |
| #### detect_role_conflicts()
 | |
| ```php
 | |
| /**
 | |
|  * Detects capability conflicts between roles
 | |
|  *
 | |
|  * @param array $role_names Array of role names to check for conflicts
 | |
|  * @return array Array of conflict information
 | |
|  */
 | |
| public function detect_role_conflicts(array $role_names): array
 | |
| ```
 | |
| 
 | |
| Example:
 | |
| ```php
 | |
| $conflicts = $role_manager->detect_role_conflicts(['role_1', 'role_2']);
 | |
| if (!empty($conflicts)) {
 | |
|     // Handle conflicts
 | |
| }
 | |
| ```
 | |
| 
 | |
| ## Advanced Concepts
 | |
| 
 | |
| ### Role Inheritance
 | |
| The Role Manager supports multiple role inheritance, allowing roles to inherit capabilities from multiple parent roles. This creates a flexible permission hierarchy that can model complex organizational structures.
 | |
| 
 | |
| ```php
 | |
| // Create a role that inherits from multiple parents
 | |
| $role_manager->create_role(
 | |
|     'senior_coordinator',
 | |
|     'Senior Event Coordinator',
 | |
|     ['manage_options' => true],
 | |
|     ['event_coordinator', 'content_manager']
 | |
| );
 | |
| ```
 | |
| 
 | |
| ### Transaction Roles
 | |
| Transaction roles are temporary roles used during specific operations. They are automatically cleaned up to prevent role pollution.
 | |
| 
 | |
| ```php
 | |
| // Clean up transaction roles
 | |
| $role_manager->cleanup_transaction_roles();
 | |
| ```
 | |
| 
 | |
| ### Security Best Practices
 | |
| 1. **Core Role Protection**
 | |
|    - Never modify WordPress core roles directly
 | |
|    - Use role inheritance instead of modifying core roles
 | |
|    - Always check for core role status before deletion
 | |
| 
 | |
| 2. **Capability Validation**
 | |
|    - Validate all capability names before assignment
 | |
|    - Use WordPress capability constants where available
 | |
|    - Check for capability conflicts in multi-role scenarios
 | |
| 
 | |
| 3. **Error Handling**
 | |
|    - Always wrap role operations in try-catch blocks
 | |
|    - Validate input parameters thoroughly
 | |
|    - Handle cleanup operations in catch blocks
 | |
| 
 | |
| ## Integration Examples
 | |
| 
 | |
| ### Basic Role Management
 | |
| ```php
 | |
| try {
 | |
|     // Create a basic role
 | |
|     $role_manager->create_role(
 | |
|         'basic_user',
 | |
|         'Basic User',
 | |
|         ['read' => true]
 | |
|     );
 | |
| 
 | |
|     // Add capabilities
 | |
|     $role_manager->add_capabilities('basic_user', ['edit_posts']);
 | |
| 
 | |
|     // Verify capabilities
 | |
|     $caps = $role_manager->get_role_capabilities('basic_user');
 | |
|     
 | |
|     // Clean up when done
 | |
|     $role_manager->delete_role('basic_user');
 | |
| } catch (Exception $e) {
 | |
|     // Handle errors
 | |
| }
 | |
| ```
 | |
| 
 | |
| ### TEC Integration
 | |
| ```php
 | |
| // Create an event manager role
 | |
| $role_manager->create_role(
 | |
|     'event_manager',
 | |
|     'Event Manager',
 | |
|     [
 | |
|         'read' => true,
 | |
|         'publish_tribe_events' => true,
 | |
|         'edit_tribe_events' => true,
 | |
|         'delete_tribe_events' => true,
 | |
|         'manage_tribe_event_settings' => false
 | |
|     ]
 | |
| );
 | |
| ```
 | |
| 
 | |
| ## Testing & Development
 | |
| 
 | |
| ### Unit Testing
 | |
| The Role Manager includes a comprehensive test suite. Run tests using:
 | |
| ```bash
 | |
| phpunit tests/HVAC_Role_Manager_Test.php
 | |
| ```
 | |
| 
 | |
| ### Test Environment Setup
 | |
| 1. Ensure WordPress test environment is configured
 | |
| 2. Verify TEC is properly installed
 | |
| 3. Run the test suite
 | |
| 4. Check test coverage
 | |
| 
 | |
| ### Contributing Guidelines
 | |
| 1. Follow WordPress coding standards
 | |
| 2. Add unit tests for new features
 | |
| 3. Document all changes
 | |
| 4. Test thoroughly before submitting
 | |
| 
 | |
| ## Troubleshooting
 | |
| 
 | |
| ### Common Issues
 | |
| 1. **Role Creation Fails**
 | |
|    - Check for duplicate role names
 | |
|    - Verify capability format
 | |
|    - Ensure parent roles exist
 | |
| 
 | |
| 2. **Capability Conflicts**
 | |
|    - Use detect_role_conflicts()
 | |
|    - Check inheritance chain
 | |
|    - Verify capability assignments
 | |
| 
 | |
| 3. **Core Role Protection**
 | |
|    - Cannot delete core roles
 | |
|    - Use role inheritance instead
 | |
|    - Check role status before operations |