- Removed 'Supprimer tous les TFE' danger zone from parametres (template, dialog,
backend handler, Database::deleteAllTheses(), AdminLogger method)
- Moved Formulaire section (access type toggles, restricted files) from parametres
to contenus under new h2 'Paramètres du Formulaire'
- Moved Types de travaux from parametres to contenus as sub-section under
Paramètres du Formulaire
- Existing 'Structure du formulaire' section now a sub-heading (h3) under
Paramètres du Formulaire in contenus
- Sub-sections: Restrictions d'accès aux fichiers, Degré d'ouverture,
Types de travaux, Structure du Formulaire
- Added siteSettings query to contenus controller
Mirrors the mots-clé tag-search system: dropdown suggestions from
existing languages via HTMX, pill display with bin-icon remove buttons,
'Créer' option for new languages. Replaces the plain text input.
- New partial: templates/partials/form/language-search.php
- New fragment: public/partage/language-search-fragment.php
- Admin wrapper: public/admin/language-search-fragment.php
- Updated language-autre-fragment to return just the required asterisk indicator
- Updated both controllers to handle language_autre as array (pill-based)
with backward-compatible string path
- Updated edit form to compute selectedOtherLanguages from DB
- Registered new route in partage/index.php
- Fix CSV importer: split comma-separated language column into individual entries
- Add htmx active search to admin index, title line-clamp, predefined languages only in checkboxes
- Admin index: filter form now uses htmx triggers (input delay:300ms on search,
change on selects) to actively search without page reload
- Sort links include hx-push-url for back-button support
- Added loading indicator bar (.admin-search-indicator)
- Title column: line-clamp at 2 lines with overflow hidden, native title attr
tooltip for full text
- Language checkboxes now show only 3 predefined languages (Français, Anglais,
Néerlandais); all others go via the Autre langue search component
- Added Database::getPredefinedLanguages() and excluded predefined from
language-search-fragment suggestions
- Included hidden sort/dir inputs in table-wrap so sort state preserved across
filter changes
- Fix language-search: block 'Créer' for predefined languages in dropdown
The 'Créer' option in the language-search dropdown now also checks against the
predefined set (français, anglais, néerlandais) to avoid offering creation of
languages that already exist as checkboxes.
- Add baseline input[type="checkbox"] and input[type="radio"] styling
in common.css (accent-color, size, cursor, flex-shrink)
- Give select a solid background (var(--bg-primary)) and its own focus rule
- Remove now-redundant checkbox accent-color/size from
.admin-checkbox-label (form.css) and .param-checkbox (admin.css)
- Simplify .search-filter-select (repertoire.css) to inherit common
select defaults (border, background, arrow icon)
- Keep all layout-specific classes in form.css and admin.css intact
- Add baseline input[type="checkbox"] and input[type="radio"] styling
in common.css (accent-color, size, cursor, flex-shrink)
- Give select its own rule block with same shape as text inputs
(transparent background, same padding/border/radius/focus)
- Remove now-redundant checkbox accent-color/size from
.admin-checkbox-label (form.css) and .param-checkbox (admin.css)
- Simplify .search-filter-select (repertoire.css) to inherit common
select defaults
- Keep all layout-specific classes in form.css and admin.css intact
- Remove bottom-border/border-radius:0 overrides from .admin-form,
.admin-inline-form, .param-form, and .param-grid inputs/selects
- Change required-field indicator from border-bottom-style to
border-style: dashed to work with full-border approach
- Update param-grid aria-invalid from border-bottom-color to border-color
- All text inputs, selects, and textareas now inherit the full-border
style from common.css (border, border-radius, padding, focus ring)
- .password-gate input[password]: remove redundant padding override
- .retry-email-form input[email]: remove redundant border/border-radius/
padding/box-sizing, keep only font-size (larger) and width
- .tfe-access-request-form input/textarea: remove broken references to
undefined vars (--border, --background, --accent), now inherit from
common.css. Remove redundant focus rule.
- .fhb-name-input: strip redundant padding/border/radius/font-size/font
- .admin-inline-form input/select: strip redundant font-size
- .param-checkbox: remove font-size (inherits from body)
- .param-checkbox small: remove redundant color + font-size (common.css small already sets both)
- .param-note: remove font-size
- .param-account-status: remove font-size
- .param-smtp-test-row label: remove display:block + font-size (common.css label)
- .param-smtp-status: remove font-size
- .param-grid label: remove font-size
- Remove .param-form legend padding override (now inherits common.css legend)
- Remove .param-danger-zone legend padding override
- Remove .param-export-zone legend padding override
- Remove .param-fieldset-inline legend entirely (only rule was padding)
- Remove .licence-explanation legend entirely (all properties identical to common.css legend)
- All fieldsets now consistently use common.css fieldset padding
(0 var(--space-m) var(--space-m) var(--space-m))
- The common.css fieldset has padding-top: 0, which leaves checkboxes
and other content tight against the legend. Add var(--space-s) top
padding so the first content row has proper spacing from the legend.
Requirements:
- parametres.php toggle: 'restricted_files_enabled' enables/disables the feature
- Public TFE page: when enabled + access_type=Interne, hides files, shows French
restriction message + access request form (metadata/synopsis still visible)
- ERG emails (@erg.school / @erg.be): auto-approve, send 24h access link immediately
- External emails: show justification textarea, create pending request, notify admin
- Admin panel /admin/file-access.php: approve/reject requests with optional notes,
sends access email on approval (linked from admin nav with pending count badge)
Security:
- One-time 24h email tokens (used_at + is_valid=0 on first click)
- Token redeemed via POST /validate-access (GET shows confirmation page only)
- Long-lived 30-day browser session in file_access_sessions table
- Cookie: HttpOnly + Secure + SameSite=Strict
- CSRF on all mutations, rate limiting on request submission
- Audit trail: IP, UA, event, timestamp in file_access_audit
Bug fixes:
- admin/file-access.php: $vars never extract()ed → page was blank
- Template had self-contained head/footer includes (double-include)
- Admin approval URL used $requestId instead of $request['thesis_id']
- App::boot() now starts session so CSRF token works on public pages
- Dispatcher routes /validate-access and /request-access through front controller
