mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
Implement TFE file access restriction feature (complete)
Requirements: - parametres.php toggle: 'restricted_files_enabled' enables/disables the feature - Public TFE page: when enabled + access_type=Interne, hides files, shows French restriction message + access request form (metadata/synopsis still visible) - ERG emails (@erg.school / @erg.be): auto-approve, send 24h access link immediately - External emails: show justification textarea, create pending request, notify admin - Admin panel /admin/file-access.php: approve/reject requests with optional notes, sends access email on approval (linked from admin nav with pending count badge) Security: - One-time 24h email tokens (used_at + is_valid=0 on first click) - Token redeemed via POST /validate-access (GET shows confirmation page only) - Long-lived 30-day browser session in file_access_sessions table - Cookie: HttpOnly + Secure + SameSite=Strict - CSRF on all mutations, rate limiting on request submission - Audit trail: IP, UA, event, timestamp in file_access_audit Bug fixes: - admin/file-access.php: $vars never extract()ed → page was blank - Template had self-contained head/footer includes (double-include) - Admin approval URL used $requestId instead of $request['thesis_id'] - App::boot() now starts session so CSRF token works on public pages - Dispatcher routes /validate-access and /request-access through front controller
This commit is contained in:
Pontoporeia
@@ -167,6 +167,116 @@ aside figcaption {
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
/* ============================================================
|
||||
RESTRICTED ACCESS UI
|
||||
============================================================ */
|
||||
.tfe-restricted-access {
|
||||
background: var(--surface);
|
||||
border: 1px solid var(--border);
|
||||
border-radius: 8px;
|
||||
padding: var(--space-m);
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: var(--space-m);
|
||||
}
|
||||
|
||||
.tfe-restricted-message {
|
||||
font-size: var(--step--1);
|
||||
color: var(--text-secondary);
|
||||
line-height: 1.6;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.tfe-restricted-message strong {
|
||||
color: var(--text-primary);
|
||||
display: block;
|
||||
margin-bottom: var(--space-3xs);
|
||||
font-size: var(--step-0);
|
||||
}
|
||||
|
||||
.tfe-access-request-form {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: var(--space-s);
|
||||
}
|
||||
|
||||
.tfe-access-request-form .form-group {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: var(--space-3xs);
|
||||
}
|
||||
|
||||
.tfe-access-request-form label {
|
||||
font-size: var(--step--1);
|
||||
font-weight: 600;
|
||||
color: var(--text-primary);
|
||||
}
|
||||
|
||||
.tfe-access-request-form input[type="email"],
|
||||
.tfe-access-request-form textarea {
|
||||
font-family: inherit;
|
||||
font-size: var(--step--1);
|
||||
padding: var(--space-2xs) var(--space-3xs);
|
||||
border: 1px solid var(--border);
|
||||
border-radius: 4px;
|
||||
background: var(--background);
|
||||
color: var(--text-primary);
|
||||
transition: border-color 0.2s;
|
||||
}
|
||||
|
||||
.tfe-access-request-form input[type="email"]:focus,
|
||||
.tfe-access-request-form textarea:focus {
|
||||
outline: none;
|
||||
border-color: var(--accent);
|
||||
}
|
||||
|
||||
.tfe-access-request-form textarea {
|
||||
resize: vertical;
|
||||
min-height: 80px;
|
||||
}
|
||||
|
||||
.tfe-btn-request-access {
|
||||
font-family: inherit;
|
||||
font-size: var(--step--1);
|
||||
font-weight: 600;
|
||||
padding: var(--space-2xs) var(--space-s);
|
||||
background: var(--accent);
|
||||
color: white;
|
||||
border: none;
|
||||
border-radius: 4px;
|
||||
cursor: pointer;
|
||||
transition: background 0.2s, opacity 0.2s;
|
||||
margin-top: var(--space-3xs);
|
||||
}
|
||||
|
||||
.tfe-btn-request-access:hover:not(:disabled) {
|
||||
background: var(--accent-dark);
|
||||
}
|
||||
|
||||
.tfe-btn-request-access:disabled {
|
||||
opacity: 0.6;
|
||||
cursor: not-allowed;
|
||||
}
|
||||
|
||||
.tfe-access-message {
|
||||
font-size: var(--step--1);
|
||||
padding: var(--space-2xs);
|
||||
border-radius: 4px;
|
||||
margin-top: var(--space-3xs);
|
||||
}
|
||||
|
||||
.tfe-access-success {
|
||||
background: #f0fff4;
|
||||
border: 1px solid #48bb78;
|
||||
color: #22543d;
|
||||
}
|
||||
|
||||
.tfe-access-error {
|
||||
background: #fff5f5;
|
||||
border: 1px solid #fc8181;
|
||||
color: #742a2a;
|
||||
}
|
||||
|
||||
/* Responsive */
|
||||
@media (max-width: 900px) {
|
||||
.tfe-layout {
|
||||
|
||||
Reference in New Issue
Block a user