feat: fix file deletion on save + trash policy + documents/ prefix + relink browser

1. note_intention: Delete old file only when a genuinely new upload arrives (32-char hex file_id), not when the FilePond pool preserves an existing file by sending its DB integer ID. Previously the DB integer ID triggered $hasNewNote=true, which deleted the existing note_intention from disk+DB, then handleFilePondSingleFile couldn't re-process it because the regex requires a hex pattern. Same fix applied to cover. 2. All file deletions now use deleteThesisFileToTrash() which renames files to tmp/_trash/ instead of unlinking. The trash preserves original filenames prefixed with DB id for traceability. Skips website URLs and PeerTube refs (no disk file). 3. Storage prefix changed from theses/ to documents/ to reflect that the folder holds all document types (determined by file_type in DB). MediaController visibility gate supports both prefixes for backward compat with existing files. 4. File browser + relink feature for orphaned files: - /admin/fragments/file-browser.php — HTMX tree browser for storage/documents/ and storage/theses/ - /admin/actions/filepond/relink.php — POST endpoint that inserts a thesis_files row pointing to existing on-disk file - Per-pool "📂 Relier" buttons (edit mode only) - JS: XamxamOpenFileBrowser / XamxamRelinkFile with FilePond integration - CSS: .relink-modal dialog + .file-browser tree styles
2026-06-25 16:19:19 +02:00 · 2026-05-13 14:58:15 +02:00
parent 6f7a02244f
commit 79eddf5d5a
30 changed files with 191580 additions and 187 deletions
--- a/app/public/admin/actions/filepond/relink.php
+++ b/app/public/admin/actions/filepond/relink.php
@@ -0,0 +1,120 @@
+<?php
+/**
+ * Relink endpoint — attach an orphaned on-disk file to a thesis.
+ *
+ * POST /admin/actions/filepond/relink.php
+ * Body: JSON { thesis_id: 123, file_path: "documents/2025/FOLDER/file.pdf",
+ *              file_name: "file.pdf", file_size: 12345, mime_type: "application/pdf",
+ *              queue_type: "tfe", file_type: "main" }
+ *
+ * Inserts a thesis_files row pointing to the existing on-disk file.
+ * The file is NOT copied or moved — it stays where it is.
+ */
+require_once __DIR__ . '/../../../../bootstrap.php';
+require_once __DIR__ . '/../../../../src/AdminAuth.php';
+AdminAuth::requireLogin();
+
+// CSRF via header
+$csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+if (!isset($_SESSION['csrf_token'])
+    || !hash_equals($_SESSION['csrf_token'], $csrfHeader)) {
+    http_response_code(403);
+    die('Token CSRF invalide.');
+}
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    die('Méthode non autorisée.');
+}
+
+$body = json_decode(file_get_contents('php://input'), true);
+if (!is_array($body)) {
+    http_response_code(400);
+    die('JSON invalide.');
+}
+
+$thesisId  = filter_var($body['thesis_id'] ?? '', FILTER_VALIDATE_INT);
+$filePath  = trim($body['file_path'] ?? '');
+$fileName  = trim($body['file_name'] ?? basename($filePath));
+$fileSize  = (int)($body['file_size'] ?? 0);
+$fileType  = trim($body['file_type'] ?? '');
+$queueType = trim($body['queue_type'] ?? '');
+$mimeType  = trim($body['mime_type'] ?? 'application/octet-stream');
+
+if (!$thesisId || $filePath === '') {
+    http_response_code(400);
+    die('Paramètres invalides (thesis_id + file_path requis).');
+}
+
+// Security: only allow paths under documents/ or theses/
+if (!preg_match('#^(documents|theses)/#', $filePath)) {
+    http_response_code(403);
+    die('Chemin de fichier non autorisé.');
+}
+
+$absPath = STORAGE_ROOT . '/' . $filePath;
+$realPath = realpath($absPath);
+$realStorage = realpath(STORAGE_ROOT);
+
+if ($realPath === false || !str_starts_with($realPath, $realStorage)) {
+    http_response_code(404);
+    die('Fichier introuvable ou chemin interdit.');
+}
+
+if (!is_file($realPath)) {
+    http_response_code(404);
+    die('Le chemin ne pointe pas vers un fichier.');
+}
+
+// Detect MIME if not provided
+if ($mimeType === 'application/octet-stream') {
+    $finfo = new finfo(FILEINFO_MIME_TYPE);
+    $mimeType = $finfo->file($realPath);
+}
+
+// Map queue_type to file_type if not explicitly given
+if ($fileType === '') {
+    $fileTypeMap = [
+        'cover'          => 'cover',
+        'note_intention' => 'note_intention',
+        'tfe'            => 'main',
+        'annexe'         => 'annex',
+    ];
+    $fileType = $fileTypeMap[$queueType] ?? 'main';
+}
+
+require_once APP_ROOT . '/src/Database.php';
+$db = Database::getInstance();
+
+// Check if this file is already linked to this thesis (avoid duplicate)
+$pdo = $db->getConnection();
+$stmt = $pdo->prepare('SELECT id FROM thesis_files WHERE thesis_id = ? AND file_path = ?');
+$stmt->execute([$thesisId, $filePath]);
+if ($stmt->fetch()) {
+    http_response_code(409);
+    die('Ce fichier est déjà lié à ce TFE.');
+}
+
+$db->insertThesisFile(
+    $thesisId,
+    $fileType,
+    $filePath,
+    $fileName,
+    $fileSize,
+    $mimeType,
+    null,
+    null
+);
+
+// Get the new file's ID
+$newId = $pdo->lastInsertId();
+
+error_log("[relink] thesis_id=$thesisId file_path=$filePath file_type=$fileType new_id=$newId");
+
+header('Content-Type: application/json');
+echo json_encode([
+    'ok'      => true,
+    'id'      => (int)$newId,
+    'message' => 'Fichier relié avec succès.',
+]);
+exit;