- Add baseline input[type="checkbox"] and input[type="radio"] styling
in common.css (accent-color, size, cursor, flex-shrink)
- Give select a solid background (var(--bg-primary)) and its own focus rule
- Remove now-redundant checkbox accent-color/size from
.admin-checkbox-label (form.css) and .param-checkbox (admin.css)
- Simplify .search-filter-select (repertoire.css) to inherit common
select defaults (border, background, arrow icon)
- Keep all layout-specific classes in form.css and admin.css intact
- Add baseline input[type="checkbox"] and input[type="radio"] styling
in common.css (accent-color, size, cursor, flex-shrink)
- Give select its own rule block with same shape as text inputs
(transparent background, same padding/border/radius/focus)
- Remove now-redundant checkbox accent-color/size from
.admin-checkbox-label (form.css) and .param-checkbox (admin.css)
- Simplify .search-filter-select (repertoire.css) to inherit common
select defaults
- Keep all layout-specific classes in form.css and admin.css intact
- Remove bottom-border/border-radius:0 overrides from .admin-form,
.admin-inline-form, .param-form, and .param-grid inputs/selects
- Change required-field indicator from border-bottom-style to
border-style: dashed to work with full-border approach
- Update param-grid aria-invalid from border-bottom-color to border-color
- All text inputs, selects, and textareas now inherit the full-border
style from common.css (border, border-radius, padding, focus ring)
- .password-gate input[password]: remove redundant padding override
- .retry-email-form input[email]: remove redundant border/border-radius/
padding/box-sizing, keep only font-size (larger) and width
- .tfe-access-request-form input/textarea: remove broken references to
undefined vars (--border, --background, --accent), now inherit from
common.css. Remove redundant focus rule.
- .fhb-name-input: strip redundant padding/border/radius/font-size/font
- .admin-inline-form input/select: strip redundant font-size
- .param-checkbox: remove font-size (inherits from body)
- .param-checkbox small: remove redundant color + font-size (common.css small already sets both)
- .param-note: remove font-size
- .param-account-status: remove font-size
- .param-smtp-test-row label: remove display:block + font-size (common.css label)
- .param-smtp-status: remove font-size
- .param-grid label: remove font-size
- Remove .param-form legend padding override (now inherits common.css legend)
- Remove .param-danger-zone legend padding override
- Remove .param-export-zone legend padding override
- Remove .param-fieldset-inline legend entirely (only rule was padding)
- Remove .licence-explanation legend entirely (all properties identical to common.css legend)
- All fieldsets now consistently use common.css fieldset padding
(0 var(--space-m) var(--space-m) var(--space-m))
- The common.css fieldset has padding-top: 0, which leaves checkboxes
and other content tight against the legend. Add var(--space-s) top
padding so the first content row has proper spacing from the legend.
Requirements:
- parametres.php toggle: 'restricted_files_enabled' enables/disables the feature
- Public TFE page: when enabled + access_type=Interne, hides files, shows French
restriction message + access request form (metadata/synopsis still visible)
- ERG emails (@erg.school / @erg.be): auto-approve, send 24h access link immediately
- External emails: show justification textarea, create pending request, notify admin
- Admin panel /admin/file-access.php: approve/reject requests with optional notes,
sends access email on approval (linked from admin nav with pending count badge)
Security:
- One-time 24h email tokens (used_at + is_valid=0 on first click)
- Token redeemed via POST /validate-access (GET shows confirmation page only)
- Long-lived 30-day browser session in file_access_sessions table
- Cookie: HttpOnly + Secure + SameSite=Strict
- CSRF on all mutations, rate limiting on request submission
- Audit trail: IP, UA, event, timestamp in file_access_audit
Bug fixes:
- admin/file-access.php: $vars never extract()ed → page was blank
- Template had self-contained head/footer includes (double-include)
- Admin approval URL used $requestId instead of $request['thesis_id']
- App::boot() now starts session so CSRF token works on public pages
- Dispatcher routes /validate-access and /request-access through front controller
