PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
37111eaac45246c9e798f1b8397ee0654f9f0a19
xamxam/app/public/admin/actions/visibility.php
Pontoporeia ca5983075d feat: admin audit logging across all admin actions 
- AdminLogger: JSON-lines → /var/log/xamxam.log (prod) / storage/logs/admin.log (dev)
  + best-effort DB mirror to admin_audit_log table
- DB: admin_audit_log table, share_links.is_archived column
- ShareLink: archive() replaces delete(), toggleActive() returns new state,
  listActive()/listArchived() split, validateLink blocks archived slugs
- All action handlers wired: publish, unpublish, visibility, delete, csv/db export,
  tfe add/edit, tags, pages, apropos, form-help, access-request, maintenance,
  settings (formulaire toggles, objet types, smtp update), smtp-test
- acces.php: archive button replaces delete; collapsible archived links section
- setup-server.sh: provision /var/log/xamxam.log (www-data:xamxam 640)
2026-05-05 11:04:52 +02:00

61 lines
2.0 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
AdminAuth::requireLogin();
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
App::flash('error', "Erreur de sécurité : token invalide.");
header('Location: /admin/');
exit;
}
require_once __DIR__ . '/../../../src/Database.php';
require_once __DIR__ . '/../../../src/AdminLogger.php';
$action = $_POST['action'] ?? ''; // 'set_visibility'
$accessTypeId = filter_var($_POST['access_type_id'] ?? '', FILTER_VALIDATE_INT) ?: null;
$isBulk = !empty($_POST['bulk']);
$validAccess = [null, 1, 2, 3];
if (!in_array($accessTypeId, $validAccess, true)) {
App::flash('error', "Valeur de visibilité invalide.");
header('Location: /admin/');
exit;
}
try {
$db = new Database();
$logger = AdminLogger::make();
if ($isBulk) {
$ids = array_filter(array_map('intval', $_POST['selected_theses'] ?? []), fn($id) => $id > 0);
if (empty($ids)) {
App::flash('error', "Aucun TFE sélectionné.");
header('Location: /admin/');
exit;
}
$db->bulkSetVisibility($ids, $accessTypeId);
$logger->logVisibility($accessTypeId, array_values($ids));
App::flash('success', count($ids) . " TFE(s) mis à jour.");
} else {
$thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
if (!$thesisId) {
App::flash('error', "ID invalide.");
header('Location: /admin/');
exit;
}
$db->setVisibility($thesisId, $accessTypeId);
$logger->logVisibility($accessTypeId, [$thesisId]);
App::flash('success', "Visibilité mise à jour.");
}
} catch (Exception $e) {
error_log("visibility.php error: " . $e->getMessage());
App::flash('error', "Erreur : " . $e->getMessage());
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/');
exit;
Reference in New Issue View Git Blame Copy Permalink