feat: implement SQLite backup & data integrity plan (Phases 2-4)

2026-06-25 16:19:19 +02:00 · 2026-05-11 01:08:46 +02:00
parent c0163ca4d5
commit 926659087f
18 changed files with 683 additions and 151 deletions
--- a/app/public/admin/actions/corbeille.php
+++ b/app/public/admin/actions/corbeille.php
@@ -0,0 +1,60 @@
+<?php
+require_once __DIR__ . '/../../../bootstrap.php';
+require_once __DIR__ . '/../../../src/AdminAuth.php';
+error_log('[corbeille.php] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | action=' . ($_POST['action'] ?? 'none'));
+
+AdminAuth::requireLogin();
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST'
+    || !isset($_POST['csrf_token'], $_SESSION['csrf_token'])
+    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
+    http_response_code(403);
+    die("Accès refusé.");
+}
+
+require_once __DIR__ . '/../../../src/Database.php';
+require_once __DIR__ . '/../../../src/AdminLogger.php';
+require_once __DIR__ . '/../../../src/ErrorHandler.php';
+
+try {
+    $db     = new Database();
+    $logger = AdminLogger::make();
+    $action = $_POST['action'] ?? '';
+
+    switch ($action) {
+        case 'restore':
+            $thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
+            if (!$thesisId) throw new Exception("ID invalide.");
+            $db->restoreThesis($thesisId);
+            $logger->logPublish(true, [$thesisId]); // log restore as an admin action
+            App::flash('success', "TFE restauré avec succès.");
+            break;
+
+        case 'hard_delete':
+            $thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
+            if (!$thesisId) throw new Exception("ID invalide.");
+            $db->hardDeleteThesis($thesisId);
+            $logger->logDelete([$thesisId]);
+            App::flash('success', "TFE définitivement supprimé.");
+            break;
+
+        case 'empty_trash':
+            $trashed = $db->getTrashedTheses();
+            foreach ($trashed as $t) {
+                $db->hardDeleteThesis((int)$t['id']);
+                $logger->logDelete([(int)$t['id']]);
+            }
+            App::flash('success', "Corbeille vidée (" . count($trashed) . " TFE supprimés définitivement).");
+            break;
+
+        default:
+            throw new Exception("Action inconnue.");
+    }
+} catch (Exception $e) {
+    ErrorHandler::log('corbeille', $e);
+    App::flash('error', ErrorHandler::userMessage($e));
+}
+
+$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+header('Location: /admin/index.php?tab=trash');
+exit;
--- a/app/public/admin/actions/settings.php
+++ b/app/public/admin/actions/settings.php
@@ -22,6 +22,8 @@ $isHxRequest = (isset($_SERVER['HTTP_HX_REQUEST']) && $_SERVER['HTTP_HX_REQUEST'
 $section = $_POST['section'] ?? '';

 if ($section === 'formulaire') {
+    // hx-include targets the wrapper div, so all checkboxes in the fieldset
+    // are submitted together — including unchecked ones (absent from POST).
    $allowed = [
        'access_type_libre_enabled',
        'access_type_interne_enabled',
--- a/app/public/admin/index.php
+++ b/app/public/admin/index.php
@@ -398,7 +398,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['csv_file'])) {
                            $langName = strtolower($langName);
                            if ($langName === '') continue;
                            // Lookup case-insensitively; insert if missing (stored lowercase).
-                            $s = $importPdo->prepare("SELECT id FROM languages WHERE LOWER(name) = LOWER(?)");
+                            $s = $importPdo->prepare("SELECT id FROM languages WHERE LOWER(name) = LOWER(?) AND deleted_at IS NULL");
                            $s->execute([$langName]);
                            $r = $s->fetch();
                            $langId = $r ? (int)$r['id'] : null;
@@ -470,6 +470,9 @@ try {
    $years        = $db->getAllYears();
    $orientations = $db->getAllOrientations();
    $apPrograms   = $db->getAllAPPrograms();
+    $trashCount   = $db->countTrashedTheses();
+    $tab          = $_GET['tab'] ?? 'list';
+    $trashedTheses = ($tab === 'trash') ? $db->getTrashedTheses() : [];
 } catch (Exception $e) {
    error_log("Error loading theses list: " . $e->getMessage());
    die("Erreur lors du chargement de la liste.");
@@ -478,11 +481,19 @@ try {
 $isHtmx = ($_SERVER['HTTP_HX_REQUEST'] ?? '') === 'true';
 $isAdmin = true; $bodyClass = 'admin-body';
 if ($isHtmx) {
-    include APP_ROOT . '/templates/admin/index-table.php';
+    if ($tab === 'trash') {
+        include APP_ROOT . '/templates/admin/index-trash.php';
+    } else {
+        include APP_ROOT . '/templates/admin/index-table.php';
+    }
 } else {
    require_once APP_ROOT . '/templates/head.php';
    include APP_ROOT . '/templates/header.php';
-    include APP_ROOT . '/templates/admin/index.php';
+    if ($tab === 'trash') {
+        include APP_ROOT . '/templates/admin/index-trash.php';
+    } else {
+        include APP_ROOT . '/templates/admin/index.php';
+    }
    require_once APP_ROOT . '/templates/admin/footer.php';
 }