admin: merge acces-etudiante+file-access into acces.php, absorb system.php into parametres.php

2026-05-06 11:09:18 +02:00 · 2026-04-29 21:18:25 +02:00
parent 670a38f30d
commit b5189c0d08
11 changed files with 684 additions and 209 deletions
--- a/TODO.md
+++ b/TODO.md
@@ -1,82 +1,10 @@
 # TODO

-## TFE Public Page — File Display
+## Admin area cleanup

- [x] Replace `<embed>` with `<iframe>` for PDF display (better cross-browser support)
- [x] Exclude `cover` file_type from public files loop (covers are banners, not content)
- [x] Move `App::boot()` in Dispatcher to after direct-response matching (no session on media requests)
-
-## SMTP Relay — bad greeting fix
-
- [x] Fix `$read()` loop: use `!== false` so empty lines don't terminate early; check `timed_out` meta
- [x] Add SSL stream context (`verify_peer=false`) to `stream_socket_client` to avoid CA bundle failures
- [x] Improve "bad greeting" error: distinguish timeout vs garbage response in log message
-
-## Bug Fixes
-
- [x] Fix `RateLimit::check()` called statically in `request-access.php` — replaced with `(new RateLimit(3, 600))->checkKey($rateLimitKey)`
-
-## Dev / Debug Fixes
-
- [x] Fix `serve` recipe: show all PHP output (errors, logs) except static assets/connection noise
- [x] Fix `STORAGE_ROOT` — use local `app/storage/` in dev (cli-server), `/var/www/posterg/storage` in prod
- [x] Create `app/storage/covers/` and `app/storage/theses/` with `.gitkeep`
- [x] Add gitignore rules for uploaded files in dev storage dirs
- [x] Fix `error_log` path in `formulaire.php` (was relative, now absolute)
- [x] Fix CSRF debug: log both tokens on mismatch
- [x] Fix undefined `$redirect` on success path in `formulaire.php`
-
-## Deploy — Preserve Remote Data
-
- [x] Exclude `storage/posterg.db` from rsync (not sent locally, not deleted remotely)
- [x] Exclude `storage/theses/` from rsync (not sent locally, not deleted remotely)
- [x] Exclude `storage/covers/` from rsync (not sent locally, not deleted remotely)
-
-## Deploy — Rename deploy path to /var/www/xamxam
-
- [x] Update rsync destination in `justfile` (`deploy`, `deploy-db` recipes)
- [x] Update all `/var/www/posterg` paths in `scripts/deploy-server.sh`
- [x] Update `root` directive in `nginx/posterg.conf`
- [x] Update `STORAGE_ROOT` production path in `app/bootstrap.php`
-
-## Form Help Blocks (student-facing explanatory text)
-
- [x] Migration `004_add_form_help_blocks.sql` — `form_help_blocks` table with 8 seeded keys
- [x] `Database` methods: `getFormHelpBlock`, `setFormHelpBlock`, `getAllFormHelpBlocks`, `FORM_HELP_KEYS`, `FORM_HELP_LABELS`
- [x] `actions/form-help.php` — CSRF-validated save handler
- [x] `actions/page.php` — CSRF-validated save handler for static pages (was missing)
- [x] `contenus.php` controller — load `$formHelpBlocks`, add CSRF token
- [x] `contenus-edit.php` controller — handle `?form_block=<key>` route
- [x] `templates/admin/contenus.php` — flash messages + form help blocks table with edit links
- [x] `templates/admin/contenus-edit.php` — `form_help` edit branch with OverType Markdown editor
- [x] `templates/partials/form/form-help-block.php` — renders Markdown block via Parsedown (safe mode), silent on empty
- [x] `partage/index.php` — load all blocks once, inject at all 8 positions (replaced TODO comments)
- [x] `form.css` — `.form-help-block` styled with accent left-border
- [x] `admin.css` — `.muted` utility class
-
-## Centralise Form Templates
-
- [x] Extract shared fieldset partials: `fieldset-tfe-info.php`, `fieldset-academic.php`, `fieldset-files.php`, `fieldset-metadata.php`, `fieldset-licence-explanation.php`
- [x] Refactor `templates/admin/add.php` to use shared partials
- [x] Refactor `templates/admin/edit.php` to use shared partials (with edit-mode callable adapters)
- [x] Refactor `partage/index.php` `renderShareLinkForm()` to use shared partials
- [x] Add TODO comments in `partage/index.php` for student-facing explanations (intro block, per-fieldset notes, email note)
-
-## File Display in Forms & Recaps
-
- [x] Add live file preview to `file-field.php` partial (`data-preview` attribute + `.file-preview-list` container)
- [x] Write `file-preview.js` — renders thumbnails for images, emoji icons for PDFs/videos/zips, filename + size
- [x] Load `file-preview.js` in `admin/add.php` via `$extraJs`
- [x] Load `file-preview.js` in `admin/edit.php` via `$extraJs`
- [x] Load `file-preview.js` in `partage/index.php` (self-contained HTML, direct `<script>` tag)
- [x] Support `$extraJs` in `head.php`
- [x] Add `data-preview` + preview container to edit template's cover/banner/files inputs (not using partial)
- [x] Enhance `admin/recapitulatif.php` template — image thumbnails, clickable filenames, type badges, file size, date
- [x] Rewrite `partage/recapitulatif.php` — full recap with thesis metadata + uploaded files list (thumbnails for images, icons for others)
- [x] Add CSS: `.file-preview-list`, `.fp-item`, `.fp-thumb`, `.fp-icon`, `.fp-meta`, `.fp-name`, `.fp-size`
- [x] Add CSS: `.recap-file-list`, `.recap-file-item`, `.recap-file-thumb`, `.recap-file-icon`, `.recap-file-meta`, `.recap-file-type-badge`, `.recap-file-date`
- [x] Add CSS: `.partage-recap`, `.recap-section`, `.recap-dl` for partage recap layout
-
-## Bug Fixes (2026-04-29)
-
- [x] Fix parse error in `Database.php` line 2005 — escaped apostrophe in `d'introduction`
+- [x] Combine `acces-etudiante.php` + `file-access.php` into `acces.php` (two `<section>` blocks)
+- [x] Move `system.php` content into `parametres.php` (system section + logs section)
+- [x] Use `<section>` for sections, `<fieldset>` only where form fields are present
+- [x] Redirect legacy URLs (acces-etudiante.php, file-access.php, system.php) with 301
+- [x] Update action redirects to point to new pages
+- [x] Update admin nav header (merged 3 items → 2)