refactor: encapsulate thesis creation SQL in Database::createThesis()

Move the raw identifier-generation query and the INSERT INTO theses / INSERT INTO thesis_authors statements out of formulaire.php into two new Database methods: generateThesisIdentifier(int $year): string – counts existing theses for the year inside the open transaction so concurrent workers cannot produce duplicate YYYY-NNN identifiers. createThesis(array $data): int – generates the identifier, INSERTs the thesis row, links the author via thesis_authors (author_order=1), returns the new thesis ID. getThesisIdentifier(int $id): string – fetches the stored identifier for a thesis ID; used by formulaire.php to reconstruct the upload path (storage/theses/YYYY/YYYY-NNN/). formulaire.php now calls $db->createThesis([…]) + $db->getThesisIdentifier() and no longer holds any raw PDO queries for the core thesis insert. The $pdo local variable (previously $db->getPDO()) is removed entirely. All four test suites (Unit, RateLimit, Integration, Security) pass.
2026-05-06 19:19:19 +02:00 · 2026-03-28 13:52:43 +01:00
parent 2ec5a7f38f
commit 61ac3c002d
5 changed files with 95 additions and 41 deletions
--- a/public/admin/actions/formulaire.php
+++ b/public/admin/actions/formulaire.php
@@ -41,8 +41,6 @@ function validate_required($value, $fieldName) {
 try {
    // Initialize database connection
    $db = new Database();
-    $pdo = $db->getPDO();
-
    // Begin transaction - all or nothing
    $db->beginTransaction();

@@ -140,44 +138,22 @@ try {
    $authorId = $db->findOrCreateAuthor($auteurName, $mail);
    error_log("Author ID: $authorId");

-    // ===== INSERT THESIS RECORD =====
-
-    // Generate unique identifier (YYYY-NNN format)
-    $stmt = $pdo->prepare("SELECT COUNT(*) as count FROM theses WHERE year = ?");
-    $stmt->execute([$annee]);
-    $count = $stmt->fetch()['count'] + 1;
-    $identifier = sprintf("%d-%03d", $annee, $count);
-
-    $stmt = $pdo->prepare("
-        INSERT INTO theses (
-            identifier, title, subtitle, year,
-            orientation_id, ap_program_id, finality_id,
-            synopsis, file_size_info,
-            baiu_link, license_id,
-            submitted_at
-        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP)
-    ");
-
-    $stmt->execute([
-        $identifier,
-        $titre,
-        !empty($subtitle) ? $subtitle : null,
-        $annee,
-        $orientationId,
-        $apProgramId,
-        $finalityId,
-        $synopsis,
-        !empty($durationInfo) ? $durationInfo : null,
-        !empty($lien) ? $lien : null,
-        $licenseId
+    // ===== INSERT THESIS RECORD + LINK AUTHOR =====
+    $thesisId = $db->createThesis([
+        'year'          => $annee,
+        'orientation_id'  => $orientationId,
+        'ap_program_id'   => $apProgramId,
+        'finality_id'     => $finalityId,
+        'title'           => $titre,
+        'subtitle'        => $subtitle,
+        'synopsis'        => $synopsis,
+        'file_size_info'  => $durationInfo,
+        'baiu_link'       => $lien,
+        'license_id'      => $licenseId,
+        'author_id'       => $authorId,
    ]);
-
-    $thesisId = $pdo->lastInsertId();
-    error_log("Thesis ID: $thesisId");
-
-    // ===== LINK AUTHOR TO THESIS =====
-    $stmt = $pdo->prepare("INSERT INTO thesis_authors (thesis_id, author_id, author_order) VALUES (?, ?, 1)");
-    $stmt->execute([$thesisId, $authorId]);
+    $identifier = $db->getThesisIdentifier($thesisId);
+    error_log("Thesis ID: $thesisId (identifier: $identifier)");

    // ===== LINK JURY TO THESIS =====
    $db->setThesisJury($thesisId, $juryMembers);