Skip to main content
All notable changes to this project are documented here. The format follows Keep a Changelog and the project adheres to Semantic Versioning.

3.0.0 — 2026-02-19

Added

  • Dynamic Validation and Connection Engine:
    • 100% dynamic Integration Hub for connecting multiple APIs and managing tokens and credentials.
    • Validation rule generator in the admin UI.
    • Interactive UI in the Form Builder for mapping rule variables to form fields.
    • Rules evaluated dynamically in RulesEngine via JSON Path evaluation.

Fixed

  • Universal Webhooks: Resolved a bug in OrderDataBuilder.php that prevented reading the webhook-send configuration for products without an assigned flow. Webhooks now operate and send globally regardless of product type.
This is a major release. The following items are breaking changes or significant removals.

Removed

  • CEP hardcodes: Removed all CEP-API-specific coupled logic from the Rules Engine and OAuth managers, making the system 100% agnostic.
  • Cleaned up pre-release version history to initialize this major release to Stage.

2.5.0 — 2026-02-19

Added

  • Role Management System: New full functionality for creating and managing the UTB Product Manager custom role.
    • Admin page: UTB Builder → Roles & Permisos (visible to administrators only).
    • Create, update, and delete the custom role with plugin capabilities.
    • Assign and remove users from the role.
    • View list of users with the active role.
    • Automatic menu hiding: users with this role only see plugin and WooCommerce menus.
  • Custom plugin capabilities:
    • utb_manage_settings — Dashboard and general configuration.
    • utb_manage_flows — Assign flows to products.
    • utb_view_webhooks — View and manage webhooks.
    • utb_manage_programs — Manage CEP programs.
    • utb_manage_certificates — Manage certificates.
    • utb_view_orders — View order metadata.
  • PermissionsHelper class: Helper functions for flexible permission validation.
    • Methods: can_manage_settings(), can_manage_flows(), can_view_webhooks(), etc.
    • Backward compatibility: administrators retain full access automatically.
  • WooCommerce permissions included for the role:
    • Products: read_product, edit_product, edit_products, edit_published_products.
    • Orders: read_shop_order, edit_shop_order, edit_shop_orders, edit_others_shop_orders.
    • Restricted: cannot publish or delete products/orders.

Changed

  • Admin menus now use custom capabilities instead of only manage_options:
    • Dashboard → utb_manage_settings
    • Assign Flows → utb_manage_flows
    • Webhooks → utb_view_webhooks
    • Order Metadata → utb_view_orders
    • Inscription Logs → utb_view_orders
    • Data Sources → manage_options (admin only)
    • Roles & Permissions → manage_options (admin only)
  • Permission validation: All admin pages now use PermissionsHelper to verify access.

Documentation

  • docs/roles-system.md: Complete guide to the roles system including capabilities, usage instructions, troubleshooting, and code examples.

Files created

  • includes/admin/pages/RolesManagerPage.php (400+ lines)
  • includes/utils/PermissionsHelper.php (80 lines)
  • docs/roles-system.md (250 lines)

Files modified

  • includes/admin/AdminRouter.php — Menus with capabilities + hide-menus hook.
  • includes/admin/ajax/FormBuilderAjax.php — AJAX permission validation.
  • includes/admin/pages/DashboardPage.php
  • includes/admin/pages/FlowAssignmentPage.php
  • includes/admin/pages/WebhooksPage.php
  • includes/admin/pages/OrderMetadataPage.php

2.4.2.5 — 2026-02-18

Fixed

Critical fix: CEP program price was not displaying due to jQuery animation style conflicts.
  • CEP price display: Resolved an issue where the program price did not appear visually due to residual jQuery styles (visibility: hidden, height: 0px) blocking the animation.
    • Solution: Force direct display with inline !important styles to override any jQuery animation block.
    • Impact: Price now appears immediately when a program is selected.
Critical security fix: Debug mode was accessible without authentication.
  • Debug system security: Added permission validation for debug mode.
    • Only authenticated users with Administrator or Editor role can activate debug.
    • Anonymous users or users without permission cannot activate debug even if they know the URL.
    • Activation: add #debug or ?debug=1 to the product URL (requires WordPress login).
    • If a user without permissions attempts to activate debug, it is silently ignored.

Removed

  • Mass cleanup of deprecated files (19 .md files, 3 test files). Retained: README.md, CHANGELOG.md, CONTRIBUTING.md, PROJECT_STATUS.md, UTB_HANDOVER_README.md, ROADMAP_CONEXION.md.

Technical notes

  • cep-flow.js: Price display uses attr('style', '...!important') instead of .slideDown() to avoid jQuery animation conflicts.
  • CEPFlow.php: Backend validates current_user_can('manage_options') or current_user_can('edit_posts') before allowing debug.
  • cep-debug.js: JavaScript checks window.UTB_CEP.debug_allowed before activating debug mode.

2.4.2 — 2026-02-18

Fixed

  • CEP program selector: Added .off('change') before registering the event to prevent conflicts with external theme scripts that were blocking the price update.
  • Duplicate validation message: Removed duplicate “Diligencia el formulario…” message in the “Programa Académico” section (the same message already exists at the top of the form).

Changed

  • Simplified Webhooks UI: Removed the confusing “Integration Type” selector (Webhook / REST API / Both).
    • Reason: The REST API is always active (requires only UTB_API_KEY in wp-config.php) and is not “activated” per product.
    • Change: Each product now has only an ON/OFF toggle for automatic webhooks.
    • REST API info: Added a collapsible <details> element per product showing the endpoint, API Key, filters, and link to docs.

Technical notes

  • REST API: /wp-json/utb/v1/orders — Global, always active, authenticated with X-UTB-API-Key.
  • Webhooks: Optional per-product configuration (automatic notifications).
  • Not modified: document validation, discount calculation, AJAX logic, or backend endpoints.

2.4.0 — 2026-02-18

Added — REST API and Webhooks

  • Full REST API with namespace utb/v1:
    • GET /wp-json/utb/v1/orders — Order list with filters and pagination.
    • GET /wp-json/utb/v1/orders/{id} — Specific order with complete data.
    • Authentication with API Key (X-UTB-API-Key header).
    • Secure hash comparison (prevents timing attacks).
  • Automatic webhooks on order completion:
    • Automatic POST when woocommerce_order_status_completed fires.
    • Retry logic: 3 attempts (delays: 5s, 15s, 60s).
    • wp_utb_webhook_logs table for audit trail.
    • HMAC signature for integrity validation.
    • Per-product configuration via _utb_order_metadata.
  • Pagination and filters:
    • per_page (default 50, max 100)
    • page (pagination)
    • status (pending, completed, etc.)
    • flow_id (utb_cep_programs, utb_certificados_academicos)
    • date_from / date_to (YYYY-MM-DD)
  • OrderDataBuilder — Data enrichment:
    • Complete JSON with order, customer, and items.
    • program_details enriched from the database.
    • uploaded_files with secure URLs.
    • form_submission with all form fields.
  • OrderWebhookSender — Automatic sending:
    • Hook on order completion.
    • Scheduled events for retries.
    • Complete logging of successes and failures.
  • Optional API logging (UTB_API_LOGGING constant):
    • Logs successful accesses to WP_CONTENT_DIR/utb-api-access.log.
    • Logs failed auth attempts to WP_CONTENT_DIR/utb-api-failed-auth.log.

Fixed

Critical fix: WordPress REST API was returning 404 on Apache due to missing mod_rewrite rules.
  • .htaccess missing rewrite rules: WordPress REST API was returning 404.
    • Added mod_rewrite rules manually.
    • Critical line: RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  • Plugin version updated to 2.4.0 (was showing 1.0.0 in the header and constant).

Technical

  • Namespace UTB\ProductBuilder\API added to the Autoloader.
  • Table wp_utb_webhook_logs added to the DB schema.
  • Plugin::init_webhooks() for automatic registration.
  • OrderWebhookController extends WP_REST_Controller.
  • wp_schedule_single_event for scheduled retries.
  • Hash comparison with hash_equals() to prevent timing attacks.
  • HMAC signing with wp_salt('auth') or UTB_WEBHOOK_SECRET.

Testing

  • 9 automated tests with test_api.sh: namespace registered, auth without API Key (401), auth with API Key (200), pagination (per_page, page), filters (status, flow_id, dates), combined filters, valid JSON responses — all passing.

Unreleased

In development

  • Admin UI for visual product management.
  • Drag-and-drop form editor.
  • Reusable template system.
  • Dashboard with metrics.

1.0.0-beta — 2026-02-05

Added

  • Dynamic flow system (AbstractFlow, FlowRegistry).
  • CertificadosFlow with JSON-driven rendering.
  • CEPFlow with JSON-driven rendering.
  • FormConfigManager for configuration management.
  • Data repositories (CertificatesRepository, ProgramsRepository, etc.).
  • Database schema with 6 tables.
  • Dynamic pricing system.
  • Server-side validations.
  • Basic conditional logic.
  • Migration script for Certificates.
  • Fixes for database column mapping.
  • Version control on GitHub.

Fixed

  • Incorrect mapping of tiempo_expedicion and descripcion columns.
  • Certificate quantity validation (now validates slug patterns only).
  • Price AJAX returns price field correctly.
  • Conversion of NULL to empty string in data-* attributes.

Technical

  • Organized folder structure (admin/, core/, data/, flows/).
  • PSR-4 Autoloader.
  • Repository pattern for data access.
  • Abstract classes for extensibility.
  • UTB\* namespace to avoid conflicts.

Build docs developers (and LLMs) love

Get started for freeTalk to us