PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor + feat: unify format/fichiers HTMX fragment, reorder format types, add file constraints, fix admin auth

Browse Source 
* **Unified Format + Fichiers into a single HTMX fragment**

  * Introduced `app/public/partage/fichiers-fragment.php` as shared dynamic block returning both format checkboxes and adaptive “Fichiers” fieldset
  * Logic adapts inputs based on selected formats:

    * no selection / upload formats → standard file inputs
    * “Site web” → URL fields only
    * “Site web + upload” → file inputs + URL sub-fieldset
  * Added admin wrapper: `app/public/admin/fichiers-fragment.php` (gated via `admin_mode=1`)
  * Added `app/public/admin/format-website-fragment.php` for edit-mode website URL toggling
  * Wired route `/partage/fichiers-fragment` in `app/public/partage/index.php`
  * Refactored `form.php` (add/edit partage) to use single `#format-fichiers-block` instead of separate fragments
  * Edit mode format checkboxes now target `format-website-fragment.php` → `#edit-website-url-fieldset`
  * Added `$hxInclude` support in `checkbox-list.php` for configurable HTMX includes

* **Format system migration + ordering**

  * Migration `020_format_types_sort_and_rename.sql`:

    * added `sort_order` column to `format_types`
    * inserted new format **Image**
    * defined ordering: Écriture · Image · Audio · Vidéo · Site web · Performance · Objet éditorial · Installation · Autre
  * `Database.php`: format queries now use `ORDER BY sort_order, id`
  * `fichiers-fragment.php`:

    * uses ordered format list
    * resolves Image/Vidéo/Audio by name
    * introduces `$hasImage` flag
    * preserves `admin_mode` across HTMX requests

* **File constraints and UX updates**

  * Enforced **100 MB PDF limit**

    * `ThesisCreateController`: `MAX_PDF_SIZE = 100MB` for PDFs only
    * `ThesisEditController`: same PDF-specific constraint applied
    * Other file types remain capped at 500 MB
  * Updated UI hints in `fichiers-fragment.php` and edit form:

    * explicitly mention 100 MB PDF limit
    * added reference to `bentopdf.com` for compression guidance
  * `file-field.php`: added `$hintRaw` to allow HTML rendering in hints

* **Admin authentication fix**

  * Fixed missing auth in admin fragments
  * Added `require_once AdminAuth.php`
  * Replaced direct usage with `AdminAuth::requireLogin()`
  * Applied consistent pattern with existing fragment authentication approach

* **Migrations included**

  * `019_add_ecriture_format.sql`
  * `020_format_types_sort_and_rename.sql`

* **Files affected**

  * Controllers: `ThesisCreateController`, `ThesisEditController`
  * DB layer: `Database.php`
  * Public fragments: `partage/fichiers-fragment.php`, `admin/fichiers-fragment.php`, `admin/format-website-fragment.php`
  * Templates: `form.php`, `checkbox-list.php`, `file-field.php`
  * Routing: `partage/index.php`
  * Misc: `TODO.md`

This consolidates format normalization, HTMX UI simplification, file validation rules, and admin stability fixes into a single coherent system update.
This commit is contained in:
Pontoporeia
2026-05-08 13:03:18 +02:00
parent 7e35bba530
commit e6829994b6
13 changed files with 390 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/public/admin/fichiers-fragment.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
/**
* fichiers-fragment.php (admin)
*
* Admin-gated HTMX fragment: returns the combined Format(s) + Fichiers block
* for the admin add/edit forms. Wraps the shared logic in fichiers-fragment.php
* after enforcing authentication.
*/
require_once __DIR__ . '/../../bootstrap.php';
require_once __DIR__ . '/../../src/AdminAuth.php';
App::boot();
AdminAuth::requireLogin();
$_POST['admin_mode'] = '1';
require_once __DIR__ . '/../partage/fichiers-fragment.php';

57
app/public/admin/format-website-fragment.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
/**
* format-website-fragment.php (admin)
*
* Admin-gated HTMX fragment: returns the Site web URL fieldset for the
* admin edit form when "Site web" is among the selected format checkboxes.
* Uses id="edit-website-url-fieldset" to avoid collision with the partage form.
*/
require_once __DIR__ . '/../../bootstrap.php';
require_once __DIR__ . '/../../src/AdminAuth.php';
App::boot();
AdminAuth::requireLogin();
$db = Database::getInstance()->getConnection();
$stmt = $db->prepare('SELECT id FROM format_types WHERE name = ? LIMIT 1');
$stmt->execute(['Site web']);
$websiteFormatId = $stmt->fetchColumn();
if (!$websiteFormatId) {
echo '<fieldset id="edit-website-url-fieldset" style="display:none"></fieldset>';
exit;
}
$selectedFormats = isset($_POST['formats']) && is_array($_POST['formats'])
? array_map('intval', $_POST['formats'])
: [];
if (!in_array((int)$websiteFormatId, $selectedFormats, true)) {
echo '<fieldset id="edit-website-url-fieldset" style="display:none"></fieldset>';
exit;
}
$websiteUrl = htmlspecialchars($_POST['website_url'] ?? '');
$websiteLabel = htmlspecialchars($_POST['website_label'] ?? '');
?>
<fieldset id="edit-website-url-fieldset">
<legend>Site web</legend>
<div class="admin-form-group">
<label for="website_url">URL du site :</label>
<div class="admin-file-input">
<input type="url" id="website_url" name="website_url"
value="<?= $websiteUrl ?>"
placeholder="https://mon-tfe.erg.be">
<small>Si le TFE est un site web, entrez son URL ici. Il sera affiché comme un site embarqué sur la page du TFE.</small>
</div>
</div>
<div class="admin-form-group">
<label for="website_label">Légende :</label>
<input type="text" id="website_label" name="website_label"
value="<?= $websiteLabel ?>"
placeholder="Description du site (optionnel)"
class="admin-file-label-input"
style="max-width:400px;">
</div>
</fieldset>

205
app/public/partage/fichiers-fragment.php Normal file
View File

@@ -0,0 +1,205 @@
<?php
/**
* fichiers-fragment.php (partage & admin)
*
* HTMX fragment: returns the combined Format(s) + Fichiers block.
* Called on every format checkbox change so the Fichiers fieldset adapts.
*
* Fixed inputs (always present):
* 1. Image de couverture (optional)
* 2. Note d'intention (PDF, required unless adminMode)
* 3. TFE — multi-file upload (required unless adminMode)
*
* Format-specific extra inputs (appended after the fixed three):
* - Site web → URL + label fields
* - Vidéo → TODO: PeerTube upload (notice shown)
* - Audio → TODO: PeerTube upload (notice shown)
* - (all others: Écriture, Performance, Objet éditorial, Installation, Autre)
* → no extra input needed beyond the standard TFE file upload
*
* Expected POST:
* formats[] — array of selected format_type IDs
* website_url — current value (repopulation)
* website_label — current value (repopulation)
* admin_mode — '1' for admin context (removes required attrs)
*/
$db = Database::getInstance()->getConnection();
// Load all format types in display order
$allFormats = $db->query('SELECT id, name FROM format_types ORDER BY sort_order, id')
->fetchAll(PDO::FETCH_ASSOC);
// Build name→id map for format logic
$formatIdByName = [];
foreach ($allFormats as $f) {
$formatIdByName[$f['name']] = (int)$f['id'];
}
$siteWebId = $formatIdByName['Site web'] ?? null;
$videoId = $formatIdByName['Vidéo'] ?? null;
$audioId = $formatIdByName['Audio'] ?? null;
$imageId = $formatIdByName['Image'] ?? null;
$selectedFormats = isset($_POST['formats']) && is_array($_POST['formats'])
? array_map('intval', $_POST['formats'])
: [];
$adminMode = ($_POST['admin_mode'] ?? '0') === '1';
$hasSiteWeb = $siteWebId && in_array($siteWebId, $selectedFormats, true);
$hasVideo = $videoId && in_array($videoId, $selectedFormats, true);
$hasAudio = $audioId && in_array($audioId, $selectedFormats, true);
$hasImage = $imageId && in_array($imageId, $selectedFormats, true);
// Show standard file inputs unless *only* Site web is selected
$hasNonWebFormat = !empty(array_filter(
$selectedFormats,
fn($id) => $id !== $siteWebId
));
$showUploadBlock = $hasNonWebFormat || !$hasSiteWeb;
$websiteUrl = htmlspecialchars($_POST['website_url'] ?? '');
$websiteLabel = htmlspecialchars($_POST['website_label'] ?? '');
$hxPost = $adminMode ? '/admin/fichiers-fragment.php' : '/partage/fichiers-fragment';
?>
<div id="format-fichiers-block">
<input type="hidden" name="admin_mode" value="<?= $adminMode ? '1' : '0' ?>">
<!-- ═══════════════════ Format(s) ═══════════════════ -->
<fieldset>
<legend>Format(s)</legend>
<div>
<span class="admin-row-label">Format(s) du TFE :<?= !$adminMode ? ' <span class="asterisk">*</span>' : '' ?></span>
<fieldset class="admin-checkbox-group"
<?= !$adminMode ? 'required aria-required="true"' : '' ?>
hx-post="<?= htmlspecialchars($hxPost) ?>"
hx-target="#format-fichiers-block"
hx-trigger="change"
hx-include="this, [name='website_url'], [name='website_label'], [name='admin_mode']"
hx-swap="outerHTML">
<legend class="sr-only">Format(s) du TFE</legend>
<ul>
<?php foreach ($allFormats as $opt): ?>
<li>
<label class="admin-checkbox-label">
<input type="checkbox"
name="formats[]"
value="<?= htmlspecialchars((string)$opt['id']) ?>"
<?= in_array((int)$opt['id'], $selectedFormats, true) ? 'checked' : '' ?>>
<?= htmlspecialchars($opt['name']) ?>
</label>
</li>
<?php endforeach; ?>
</ul>
</fieldset>
</div>
</fieldset>
<!-- ═══════════════════ Fichiers ═══════════════════ -->
<fieldset>
<legend>Fichiers</legend>
<!-- ── 1. Couverture (always) ── -->
<?php
$name = 'couverture';
$label = 'Image de couverture (optionnel) :';
$accept = 'image/jpeg,image/png,image/webp';
$hint = 'JPG, PNG ou WEBP. Format 4:3 recommandé. Max 20 MB.';
$required = false;
include APP_ROOT . '/templates/partials/form/file-field.php';
?>
<!-- ── 2. Note d'intention (always) ── -->
<?php
$name = 'note_intention';
$label = 'Note d\'intention :';
$accept = '.pdf';
$hint = 'PDF uniquement. Max 100 MB. Si votre fichier est trop lourd, compressez-le avec <a href="https://www.bentopdf.com" target="_blank" rel="noopener">bentopdf.com</a>.';
$hintRaw = true; // allow the <a> tag through
$required = !$adminMode;
include APP_ROOT . '/templates/partials/form/file-field.php';
?>
<!-- ── 3. TFE (always) ── -->
<div class="admin-form-group admin-files-fieldgroup">
<label>TFE<?= !$adminMode ? ' <span class="asterisk">*</span>' : '' ?> :</label>
<div class="admin-file-input">
<input type="file" id="tfe-files-input"
name="files[]" multiple
accept=".pdf,.jpg,.jpeg,.png,.gif,.webp,.zip,.tar,.gz"
class="tfe-file-picker">
<small class="admin-file-hint">
PDF (max 100 MB) · Images (JPG/PNG/GIF/WEBP) · Archives ZIP/TAR (max 500 MB).
PDFs trop lourds ? <a href="https://www.bentopdf.com" target="_blank" rel="noopener">bentopdf.com</a>
</small>
<ul id="tfe-file-queue" class="tfe-file-queue sortable-list"
aria-label="Fichiers sélectionnés (réordonnable)"></ul>
<p id="tfe-file-queue-empty" class="tfe-queue-empty">Aucun fichier sélectionné.</p>
</div>
</div>
<!-- ── Format-specific extras ── -->
<?php if ($hasSiteWeb): ?>
<!-- Site web -->
<fieldset class="fichiers-format-extra" id="fichiers-website">
<legend>Site web</legend>
<div class="admin-form-group">
<label for="website_url">URL du site :</label>
<div class="admin-file-input">
<input type="url" id="website_url" name="website_url"
value="<?= $websiteUrl ?>"
placeholder="https://mon-tfe.erg.be">
<small>Le TFE sera affiché comme un site embarqué sur sa page publique.</small>
</div>
</div>
<div class="admin-form-group">
<label for="website_label">Légende :</label>
<input type="text" id="website_label" name="website_label"
value="<?= $websiteLabel ?>"
placeholder="Description du site (optionnel)"
class="admin-file-label-input"
style="max-width:400px;">
</div>
</fieldset>
<?php endif; ?>
<?php if ($hasVideo): ?>
<!-- Vidéo — TODO: PeerTube -->
<fieldset class="fichiers-format-extra" id="fichiers-video">
<legend>Vidéo</legend>
<div class="admin-form-group fichiers-todo-notice">
<p>
🚧 <strong>À venir :</strong> l'upload vidéo sera géré directement via l'API PeerTube.
La vidéo sera hébergée sur l'instance PeerTube de l'école et intégrée
comme lecteur embarqué sur la page du TFE.
</p>
<p class="fichiers-todo-workaround">
En attendant, déposez votre vidéo dans le champ TFE ci-dessus (ZIP si besoin).
</p>
</div>
</fieldset>
<?php endif; ?>
<?php if ($hasAudio): ?>
<!-- Audio — TODO: PeerTube -->
<fieldset class="fichiers-format-extra" id="fichiers-audio">
<legend>Audio</legend>
<div class="admin-form-group fichiers-todo-notice">
<p>
🚧 <strong>À venir :</strong> l'upload audio sera géré via l'API PeerTube.
Le fichier audio sera hébergé sur l'instance PeerTube de l'école et
intégré comme lecteur embarqué sur la page du TFE.
</p>
<p class="fichiers-todo-workaround">
En attendant, déposez votre fichier audio dans le champ TFE ci-dessus (ZIP si besoin).
</p>
</div>
</fieldset>
<?php endif; ?>
</fieldset><!-- /Fichiers -->
</div><!-- #format-fichiers-block -->

9
app/public/partage/index.php
View File

@@ -28,13 +28,20 @@ if ($slug === 'language-autre-fragment' && $_SERVER['REQUEST_METHOD'] === 'POST'
exit;
}
// Special route: /partage/format-website-fragment (HTMX fragment, no auth needed)
// Special route: /partage/format-website-fragment (HTMX fragment, legacy — kept for safety)
if ($slug === 'format-website-fragment' && $_SERVER['REQUEST_METHOD'] === 'POST') {
App::boot();
require_once __DIR__ . '/format-website-fragment.php';
exit;
}
// Special route: /partage/fichiers-fragment (HTMX fragment — format-aware fichiers block)
if ($slug === 'fichiers-fragment' && $_SERVER['REQUEST_METHOD'] === 'POST') {
App::boot();
require_once __DIR__ . '/fichiers-fragment.php';
exit;
}
// Special route: /partage/recapitulatif?id=N
if ($slug === 'recapitulatif' || $slug === 'recapitulatif.php') {
App::boot();