admin: replace header 'Ajouter un TFE' nav link with toolbar button

2026-05-07 03:29:19 +02:00 · 2026-04-16 11:50:59 +02:00
parent c4705f6265
commit 150099dc3c
12 changed files with 1166 additions and 76 deletions
--- a/public/admin/actions/student-access.php
+++ b/public/admin/actions/student-access.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * Student-access link actions (create, toggle, set_password, delete).
+ */
+require_once __DIR__ . '/../../../config/bootstrap.php';
+require_once __DIR__ . '/../../../src/AdminAuth.php';
+require_once __DIR__ . '/../../../src/ShareLink.php';
+
+App::adminGuard();
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST'
+    || !isset($_POST['csrf_token'], $_SESSION['csrf_token'])
+    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
+    http_response_code(403);
+    exit('CSRF token invalide.');
+}
+
+$action = $_POST['action'] ?? '';
+$id     = isset($_POST['id']) ? intval($_POST['id']) : 0;
+$shareLink = ShareLink::make();
+
+switch ($action) {
+    case 'create':
+        $password   = !empty($_POST['password']) ? trim($_POST['password']) : null;
+        $expiresRaw = !empty($_POST['expires_at']) ? trim($_POST['expires_at']) : null;
+        $expiresAt  = null;
+        if ($expiresRaw) {
+            // datetime-local gives "YYYY-MM-DDTHH:MM"
+            $expiresAt = date('Y-m-d H:i:s', strtotime($expiresRaw));
+            if ($expiresAt <= date('Y-m-d H:i:s')) {
+                App::redirect('/admin/student-access.php', error: "La date d'expiration doit être dans le futur.");
+            }
+        }
+        $shareLink->create(1, $password, $expiresAt);
+        App::redirect('/admin/student-access.php', success: 'Lien d\'accès créé.');
+        break;
+
+    case 'toggle':
+        if ($id > 0) {
+            $shareLink->toggleActive($id);
+            App::redirect('/admin/student-access.php', success: 'Statut du lien modifié.');
+        } else {
+            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
+        }
+        break;
+
+    case 'set_password':
+        if ($id > 0) {
+            $password = isset($_POST['password']) && $_POST['password'] !== '' ? trim($_POST['password']) : null;
+            $shareLink->setPassword($id, $password);
+            App::redirect('/admin/student-access.php', success: 'Mot de passe mis à jour.');
+        } else {
+            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
+        }
+        break;
+
+    case 'delete':
+        if ($id > 0) {
+            $shareLink->delete($id);
+            App::redirect('/admin/student-access.php', success: 'Lien supprimé.');
+        } else {
+            App::redirect('/admin/student-access.php', error: 'Lien introuvable.');
+        }
+        break;
+
+    default:
+        App::redirect('/admin/student-access.php', error: 'Action inconnue.');
+        break;
+}