Fix #4 v2: decouple contact_interne from contact_visible in ThesisCreateController

validateAndSanitise() no longer cross-contaminates: - contact_interne overwrote mail, which then copied to contact_visible - Fixed: contactInterne from contact_interne (admin) or confirmation_email (student) - Fixed: contactVisible from contact_visible (admin) or mail (student) - Fixed: submit() uses contactInterne as author email, not mail
2026-06-25 16:19:19 +02:00 · 2026-06-09 19:35:33 +02:00
parent 1490c99268
commit 317547ac93
4 changed files with 51 additions and 12 deletions
--- a/app/src/Controllers/ThesisCreateController.php
+++ b/app/src/Controllers/ThesisCreateController.php
@@ -125,11 +125,13 @@ class ThesisCreateController
        }

        // ── 2. Build author entries (alphabetically sorted) ───────────────────
+        // The first author's email is contact_interne (private, for confirmation emails).
+        // contact_visible is stored on the thesis row, decoupled from the author email.
        $authorEntries = [];
        foreach ($data['authorNames'] as $i => $name) {
            $authorEntries[] = [
                'name'         => $name,
-                'email'        => $i === 0 ? ($data['mail'] ?: null) : null,
+                'email'        => $i === 0 ? ($data['contactInterne'] ?: null) : null,
                'show_contact' => $i === 0 ? $data['showContact'] : false,
            ];
        }
@@ -305,19 +307,22 @@ class ThesisCreateController
            throw new Exception("Le champ 'Auteur·ice(s)' est requis.");
        }

-        // contact_interne (backoffice) takes precedence over mail (tfe-info fieldset)
+        // contact_interne: private email (backoffice field in admin mode,
+        // confirmation_email field in student mode). Stored as the first
+        // author's email — NOT as contact_visible.
        $contactInterne = trim($post['contact_interne'] ?? '');
-        $mail = !empty($post['mail']) ? $this->sanitiseString($post['mail']) : '';
-        if ($contactInterne !== '') {
-            $mail = $contactInterne;
+        if ($contactInterne === '' && !$adminMode) {
+            $contactInterne = trim($post['confirmation_email'] ?? '');
        }
-        // contact_visible: what appears publicly on the TFE page
-        // In admin mode: from contact_visible field. In student mode: from mail field.
+        // contact_visible: public-facing contact shown on the TFE page.
+        // Admin mode: from the dedicated contact_visible field.
+        // Student mode: from the mail field (labeled "Contact visible" in fieldset-tfe-info).
+        // These two concepts (contact_interne and contact_visible) are fully decoupled.
        $contactVisible = trim($post['contact_visible'] ?? '');
-        if ($contactVisible === '' && $mail !== '') {
-            $contactVisible = $mail;
+        if ($contactVisible === '') {
+            $contactVisible = trim($post['mail'] ?? '');
        }
-        // showContact for backwards compat
+        // showContact: whether to show the contact publicly
        if (array_key_exists('contact_public', $post)) {
            $showContact = !empty($post['contact_public']);
        } else {
@@ -533,7 +538,7 @@ class ThesisCreateController

        return compact(
            'authorNames',
-            'mail',
+            'contactInterne',
            'contactVisible',
            'showContact',
            'annee',