Implement TFE file access restriction feature (complete)

Requirements: - parametres.php toggle: 'restricted_files_enabled' enables/disables the feature - Public TFE page: when enabled + access_type=Interne, hides files, shows French restriction message + access request form (metadata/synopsis still visible) - ERG emails (@erg.school / @erg.be): auto-approve, send 24h access link immediately - External emails: show justification textarea, create pending request, notify admin - Admin panel /admin/file-access.php: approve/reject requests with optional notes, sends access email on approval (linked from admin nav with pending count badge) Security: - One-time 24h email tokens (used_at + is_valid=0 on first click) - Token redeemed via POST /validate-access (GET shows confirmation page only) - Long-lived 30-day browser session in file_access_sessions table - Cookie: HttpOnly + Secure + SameSite=Strict - CSRF on all mutations, rate limiting on request submission - Audit trail: IP, UA, event, timestamp in file_access_audit Bug fixes: - admin/file-access.php: $vars never extract()ed → page was blank - Template had self-contained head/footer includes (double-include) - Admin approval URL used $requestId instead of $request['thesis_id'] - App::boot() now starts session so CSRF token works on public pages - Dispatcher routes /validate-access and /request-access through front controller
2026-05-06 19:19:19 +02:00 · 2026-04-27 20:12:43 +02:00
parent 5c776dd39e
commit 27e1b6828d
21 changed files with 6256 additions and 15 deletions
--- a/app/migrations/applied/002_add_file_access_restriction.sql
+++ b/app/migrations/applied/002_add_file_access_restriction.sql
@@ -0,0 +1,71 @@
+-- ============================================================================
+-- FILE ACCESS RESTRICTION SYSTEM
+-- ============================================================================
+-- Add support for restricting attached files on TFEs with email-based access
+-- requests and cookie-based validation.
+-- ============================================================================
+
+-- Add new site setting for enabling/disabling file access restriction
+INSERT OR IGNORE INTO site_settings (key, value) VALUES
+    ('restricted_files_enabled', '0');
+
+-- ============================================================================
+-- FILE ACCESS REQUESTS TABLE
+-- ============================================================================
+-- Stores requests from users wanting access to restricted TFE files.
+-- Supports approval workflow: pending → approved/rejected
+-- ============================================================================
+
+CREATE TABLE IF NOT EXISTS file_access_requests (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    thesis_id       INTEGER NOT NULL,
+    email           TEXT    NOT NULL,
+    justification   TEXT,
+    status          TEXT    NOT NULL DEFAULT 'pending'
+                        CHECK(status IN ('pending', 'approved', 'rejected')),
+    admin_notes     TEXT,
+    created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+    approved_at     DATETIME,
+    approved_by_admin_id INTEGER,
+    FOREIGN KEY (thesis_id) REFERENCES theses(id) ON DELETE CASCADE
+);
+
+-- Index for efficient lookup by thesis and email
+CREATE INDEX IF NOT EXISTS idx_file_access_requests_thesis_id 
+    ON file_access_requests(thesis_id);
+
+CREATE INDEX IF NOT EXISTS idx_file_access_requests_email 
+    ON file_access_requests(email);
+
+CREATE INDEX IF NOT EXISTS idx_file_access_requests_status 
+    ON file_access_requests(status);
+
+-- ============================================================================
+-- FILE ACCESS TOKENS TABLE
+-- ============================================================================
+-- Stores tokens for cookie-based access validation.
+-- Each token is unique, time-limited, and linked to a specific request.
+-- ============================================================================
+
+CREATE TABLE IF NOT EXISTS file_access_tokens (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    request_id      INTEGER NOT NULL,
+    token           TEXT    NOT NULL UNIQUE,
+    expires_at      DATETIME NOT NULL,
+    created_at      DATETIME DEFAULT CURRENT_TIMESTAMP,
+    is_valid        INTEGER NOT NULL DEFAULT 1,
+    FOREIGN KEY (request_id) REFERENCES file_access_requests(id) ON DELETE CASCADE
+);
+
+-- Index for token lookup (most common query)
+CREATE INDEX IF NOT EXISTS idx_file_access_tokens_token 
+    ON file_access_tokens(token);
+
+-- Index for cleanup of expired tokens
+CREATE INDEX IF NOT EXISTS idx_file_access_tokens_expires_at 
+    ON file_access_tokens(expires_at);
+
+-- ============================================================================
+-- SAMPLE DATA FOR TESTING (optional, remove in production if not needed)
+-- ============================================================================
+-- No sample data needed - system starts with restriction disabled by default.