Skip to content

feat: admin Dashboard with analytics overview#327

Merged
iftakharul-islam merged 7 commits into
weDevsOfficial:developfrom
arifulhoque7:feature/admin-dashboard
Jul 16, 2026
Merged

feat: admin Dashboard with analytics overview#327
iftakharul-islam merged 7 commits into
weDevsOfficial:developfrom
arifulhoque7:feature/admin-dashboard

Conversation

@arifulhoque7

@arifulhoque7 arifulhoque7 commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Admin Dashboard (free)

New Dashboard page in the weDocs admin (#/dashboard + submenu), in the weDocs React idiom.

  • Stat cards: total docs, articles, total views, helpful rate
  • Popular Docs (by views) + Most Helpful Docs (net-positive only)
  • Recently Updated table
  • includes/Analytics.php: per-doc view counter (wedocs_views meta, deduped 6h, skips editors) + REST GET /wp/v2/docs/dashboard-stats
  • Pro slot via the wedocs_dashboard_pro_section filter (hidden when Pro inactive)

Pairs with the Pro PR in wedocs-pro (Advanced Analytics section).

Ref: weDevsOfficial/wedocs-pro#340

Summary by CodeRabbit

  • New Features
    • Added an admin dashboard showing documentation stats, including top “Popular” and “Most Helpful” items, recent updates, and an optional Pro analytics section.
    • Added a “Dashboard” submenu item for quicker admin access.
    • Introduced dashboard analytics tracking for doc views and a new dashboard stats API to power the UI.
  • Bug Fixes
    • Improved dashboard loading, error handling, and empty-state messaging for better reliability when statistics aren’t available.

Adds a new Dashboard page to the weDocs admin (route #/dashboard + submenu):
- Stat cards: total docs, articles, total views, helpful rate
- Popular Docs (by views) and Most Helpful Docs (net-positive only)
- Recently Updated table
- A Pro slot rendered via the wedocs_dashboard_pro_section filter
  (hidden when Pro is inactive)

Backend (includes/Analytics.php):
- Lightweight per-doc view counter (wedocs_views meta) on single doc views,
  deduped 6h per visitor, skips users who can edit the doc
- REST GET /wp/v2/docs/dashboard-stats with aggregated counts, views,
  helpful votes, popular/most-helpful/recent lists
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@iftakharul-islam, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 39 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: db11b09e-7b47-4128-abba-9dba61468bdf

📥 Commits

Reviewing files that changed from the base of the PR and between abe313a and 595c5f8.

📒 Files selected for processing (2)
  • includes/Analytics.php
  • src/components/Dashboard/index.js

Walkthrough

Adds server-side document view tracking and aggregated dashboard statistics through a REST endpoint. A new React dashboard fetches and displays those statistics, with admin submenu and hash-router integration plus a Pro analytics extension slot.

Changes

Analytics Dashboard Feature

Layer / File(s) Summary
Analytics tracking and REST endpoint
includes/Analytics.php
Adds de-duplicated document view counting and a permission-protected wp/v2/docs/dashboard-stats REST route.
Dashboard statistics aggregation
includes/Analytics.php
Computes document counts, views, helpful votes, popular and helpful documents, recent documents, and contributors.
Plugin and route wiring
wedocs.php, includes/Admin/Menu.php, src/components/App.js
Registers Analytics, adds the Dashboard submenu, and maps the dashboard hash route to the React component.
Dashboard display components
src/components/Dashboard/StatCard.js, src/components/Dashboard/ProAnalytics.js
Adds reusable statistic cards and conditionally injects Pro content through a WordPress filter.
Dashboard data loading and presentation
src/components/Dashboard/index.js
Fetches statistics and renders loading, error, summary, popular, helpful, recent, and Pro analytics sections.

Estimated code review effort: 4 (Complex) | ~60 minutes

Possibly related PRs

Suggested reviewers: iftakharul-islam

Poem

🐇 Views and votes now neatly flow,
Dashboard cards begin to glow,
Popular docs hop to the top,
Helpful answers never stop,
Pro analytics waits in its stall.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately summarizes the main change: an admin Dashboard with analytics overview.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@includes/Analytics.php`:
- Around line 162-173: The helpful totals in Analytics::get_helpful_totals() are
counting all docs regardless of status, which makes them inconsistent with the
rest of the published-only dashboard metrics. Update the positive and negative
aggregate queries to join the same published-doc filter used by the other
analytics queries, so they only sum meta for docs where the post status is
published. Keep the change scoped to the existing positive/negative queries in
includes/Analytics.php.
- Around line 72-73: The view counter update in Analytics::incrementViews is not
atomic, so concurrent requests can overwrite each other and lose increments.
Update the logic around get_post_meta and update_post_meta to use an atomic
increment strategy (for example, a single SQL-level update or a
lock/compare-and-swap flow) so each view is counted once even under simultaneous
first-time hits.
- Around line 48-65: The bot exclusion promised in the docs view counter is
missing, so crawlers can still increment wedocs_views in maybe_count_view(). Add
a bot-detection guard in Analytics::maybe_count_view() before the view is
counted, alongside the existing singular/preview/feed and edit-cap checks, and
make sure it returns early for known crawler traffic before the de-dupe and
increment logic runs.
- Around line 64-66: The visitor fingerprint used in Analytics.php is built with
plain MD5 from IP and user agent, which should be replaced with a salted HMAC
for the transient key. Update the logic in the visitor-key generation path (the
get_visitor_ip() / user-agent hashing block that builds $visitor and $key) to
derive the fingerprint with a secret application salt or keyed HMAC while
preserving the same de-duplication behavior. Keep the key format in the same
place where the transient name is assembled, but ensure the identifier is no
longer a reusable raw hash of IP + user agent.

In `@src/components/Dashboard/index.js`:
- Around line 232-245: The icon-only action links in Dashboard/index.js use only
title attributes, so they may be announced as unlabeled links; update the two
anchor elements in the doc action area (the Edit and View links) to include
accessible names via aria-label or hidden sr-only text while keeping the
existing PencilSquareIcon and link behavior unchanged.
🪄 Autofix (Beta)

❌ Autofix failed (check again to retry)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3eb65775-e717-43f8-bc19-ce6ca5fc6a6e

📥 Commits

Reviewing files that changed from the base of the PR and between dd786d1 and 36b7549.

📒 Files selected for processing (7)
  • includes/Admin/Menu.php
  • includes/Analytics.php
  • src/components/App.js
  • src/components/Dashboard/ProAnalytics.js
  • src/components/Dashboard/StatCard.js
  • src/components/Dashboard/index.js
  • wedocs.php

Comment thread includes/Analytics.php
Comment thread includes/Analytics.php
Comment on lines +64 to +66
$user_agent = isset( $_SERVER['HTTP_USER_AGENT'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ) : '';
$visitor = md5( $this->get_visitor_ip() . $user_agent );
$key = 'wedocs_view_' . $post_id . '_' . $visitor;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the target file and nearby usage.
git ls-files includes/Analytics.php
wc -l includes/Analytics.php
cat -n includes/Analytics.php | sed -n '1,180p'

# Find related visitor-key/transient usage.
rg -n "get_visitor_ip|HTTP_USER_AGENT|md5\\(|hash_hmac|wedocs_view_" includes

Repository: weDevsOfficial/wedocs-plugin

Length of output: 8403


Use a salted HMAC for the transient key. The current key hashes IP + user agent with plain MD5, which is deterministic and easier to correlate if the options table is exposed; a keyed HMAC keeps the same de-dupe behavior without exposing a reusable visitor fingerprint.

🧰 Tools
🪛 ast-grep (0.44.0)

[error] 64-64: Do not use a weak hash algorithm
Context: md5( $this->get_visitor_ip() . $user_agent )
Note: [CWE-328] Use of Weak Hash.

(weak-hash-algorithm)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@includes/Analytics.php` around lines 64 - 66, The visitor fingerprint used in
Analytics.php is built with plain MD5 from IP and user agent, which should be
replaced with a salted HMAC for the transient key. Update the logic in the
visitor-key generation path (the get_visitor_ip() / user-agent hashing block
that builds $visitor and $key) to derive the fingerprint with a secret
application salt or keyed HMAC while preserving the same de-duplication
behavior. Keep the key format in the same place where the transient name is
assembled, but ensure the identifier is no longer a reusable raw hash of IP +
user agent.

Source: Linters/SAST tools

Comment thread includes/Analytics.php Outdated
Comment thread includes/Analytics.php
Comment thread src/components/Dashboard/index.js
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

An unexpected error occurred while generating fixes: Not Found - https://docs.github.com/rest/git/refs#get-a-reference

iftakharul-islam and others added 3 commits July 16, 2026 16:37
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@iftakharul-islam
iftakharul-islam merged commit c85663d into weDevsOfficial:develop Jul 16, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants