PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rework contenus-edit: auto-save, OverType toolbar, dynamic sidebar links

Browse Source 
- Auto-save: new autosave.js with 1.5s debounce, watches all forms with
  data-autosave, POSTs to form action with Accept: application/json, shows
  saving/saved/error status indicator
- All action handlers (page.php, apropos.php, form-help.php) now detect
  JSON Accept header and return {success, csrf_token} or {error} responses
- OverType toolbar enabled (toolbar:true) on all three markdown editors
  (page, about_page, form_help)
- Sidebar links: replaced fixed erg_site_url / source_code_url rows with
  dynamic sidebar_links array of {label, url} objects. Add/remove via JS.
  Fallback migration reads legacy keys if sidebar_links is empty.
- Updated AboutController and about.php template to render dynamic links
- Updated apropos.css: unified .apropos-toc-link replacing .apropos-toc-erg
  and .apropos-toc-source
- New CSS: autosave-status states, sidebar-link-row layout
- Removed all Enregistrer + Annuler buttons — auto-save and h1 back-arrow
  make them redundant
This commit is contained in:
Pontoporeia
2026-06-09 17:10:49 +02:00
parent a45a2c9ac4
commit c4a550f9d1
13 changed files with 441 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
app/public/admin/actions/apropos.php
View File

@@ -1,25 +1,45 @@
<?php
/**
* Save handler for apropos contacts.
* Structure: groups[] with role, each having entries[] of {text, url, email}.
* Save handler for apropos contacts, sidebar links, and URL-based keys.
* Supports:
* - contacts: groups[] with role, each having entries[] of {text, url, email}
* - sidebar_links: links[] of {label, url}
* - Legacy URL keys: erg_site_url, source_code_url (single url field)
*/
require_once __DIR__ . "/../../../bootstrap.php";
require_once __DIR__ . '/../../../src/AdminAuth.php';
error_log('[apropos.php] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | key=' . ($_POST['apropos_key'] ?? 'none') . ' | post_keys=' . implode(',', array_keys($_POST)));
AdminAuth::requireLogin();
$isAjax = !empty($_SERVER['HTTP_ACCEPT']) && str_contains($_SERVER['HTTP_ACCEPT'], 'application/json');
// CSRF check
if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
die("Erreur de sécurité : token invalide.");
if ($isAjax) {
http_response_code(403);
header('Content-Type: application/json');
echo json_encode(['error' => 'Erreur de sécurité : token invalide.']);
} else {
die("Erreur de sécurité : token invalide.");
}
exit;
}
$urlKeys = ['erg_site_url', 'source_code_url'];
$groupKeys = ['contacts'];
$allowedKeys = array_merge($urlKeys, $groupKeys);
$linkListKeys = ['sidebar_links'];
$allowedKeys = array_merge($urlKeys, $groupKeys, $linkListKeys);
$aproposKey = $_POST['apropos_key'] ?? '';
if (!in_array($aproposKey, $allowedKeys)) {
die("Clé invalide.");
if ($isAjax) {
http_response_code(400);
header('Content-Type: application/json');
echo json_encode(['error' => 'Clé invalide.']);
} else {
die("Clé invalide.");
}
exit;
}
require_once __DIR__ . '/../../../src/Database.php';
@@ -30,12 +50,40 @@ try {
$db = new Database();
if (in_array($aproposKey, $urlKeys)) {
// ── URL-based keys (sidebar links) ──
// ── URL-based keys (legacy sidebar links) ──
$url = trim($_POST['url'] ?? '');
if ($url !== '' && !filter_var($url, FILTER_VALIDATE_URL)) {
die("URL invalide.");
if ($isAjax) {
http_response_code(400);
header('Content-Type: application/json');
echo json_encode(['error' => 'URL invalide.']);
} else {
die("URL invalide.");
}
exit;
}
$db->saveAproposContent($aproposKey, $url);
} elseif (in_array($aproposKey, $linkListKeys)) {
// ── Sidebar links list ──
$links = $_POST['links'] ?? [];
$cleaned = [];
foreach ($links as $link) {
$label = trim($link['label'] ?? '');
$url = trim($link['url'] ?? '');
if ($label === '') continue;
if ($url !== '' && !filter_var($url, FILTER_VALIDATE_URL)) {
if ($isAjax) {
http_response_code(400);
header('Content-Type: application/json');
echo json_encode(['error' => 'URL invalide: ' . htmlspecialchars($label)]);
} else {
die("URL invalide: " . htmlspecialchars($label));
}
exit;
}
$cleaned[] = ['label' => $label, 'url' => $url];
}
$db->saveAproposContent($aproposKey, $cleaned);
} else {
// ── Group-based keys (contacts) ──
$groups = $_POST['groups'] ?? [];
@@ -61,18 +109,43 @@ try {
}
if (empty($cleaned)) {
die("Au moins un groupe avec des entrées est requis.");
if ($isAjax) {
http_response_code(400);
header('Content-Type: application/json');
echo json_encode(['error' => 'Au moins un groupe avec des entrées est requis.']);
} else {
die("Au moins un groupe avec des entrées est requis.");
}
exit;
}
$db->saveAproposContent($aproposKey, $cleaned);
}
AdminLogger::make()->logAproposEdit($aproposKey);
App::flash('success', "Contenu « $aproposKey » mis à jour avec succès.");
if ($isAjax) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Content-Type: application/json');
echo json_encode([
'success' => true,
'csrf_token' => $_SESSION['csrf_token'],
]);
} else {
App::flash('success', "Contenu « $aproposKey » mis à jour avec succès.");
header('Location: /admin/contenus.php');
}
} catch (Exception $e) {
ErrorHandler::log('apropos', $e);
die('Erreur lors de la sauvegarde : ' . htmlspecialchars(ErrorHandler::userMessage($e)));
$msg = 'Erreur lors de la sauvegarde : ' . htmlspecialchars(ErrorHandler::userMessage($e));
if ($isAjax) {
http_response_code(500);
header('Content-Type: application/json');
echo json_encode(['error' => $msg]);
} else {
die($msg);
}
exit;
}
header('Location: /admin/contenus.php');
exit;