PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
41eebf8a02f2316171d3e9cc82c3f74ebccc909f
xamxam/TODO.md

142 lines
9.2 KiB
Markdown
Raw Blame History

# Current tasks
## Commit history cleanup
- [x] Squash 177→98 commits by merging similar/iterative fixes and immediate follow-ups
- [x] Resolve 206k lines of nested jj conflict markers in acces.php
- [x] Update commit descriptions for squashed groups
## acces.php conflict marker cleanup
- [x] Remove 206k lines of nested jj conflict markers from acces.php (resolved from clean nzllwsxo base)
- [x] Restore missing features: create-result dialog, locked_year field, auto-generated password UI, file restrictions section, admin TOC wrapper
## Save fixes (files disappearing on edit/terminer)
- [x] Fix: note_intention deleted on save — handleFilePondSingleFile treats existing DB id as new upload, deletes existing, then can't re-process (integer vs hex mismatch)
- [x] Fix: cover removal now uses trash, same hex-vs-integer guard as note_intention
- [x] Fix: all file deletions now route through deleteThesisFileToTrash (renames to tmp/_trash instead of unlinking)
## Storage restructure
- [x] Move storage root from theses/ to documents/ (ThesisFileHandler, ThesisEditController, ThesisCreateController, MediaController)
- [x] MediaController: support both theses/ and documents/ prefixes for visibility gate
- [ ] Migration: rename existing theses/ directories to documents/ on disk and update DB paths
## Relink feature
- [x] Backend: endpoint to browse documents/ directory (file-browser.php with HTMX tree)
- [x] Backend: endpoint to relink an existing file to a thesis (relink.php inserts thesis_files row)
- [x] Frontend: modal with folder browser, triggered by a "Relier" button next to each FilePond pool
- [x] JS: integrate relink button into FilePond UI (XamxamOpenFileBrowser + XamxamRelinkFile)
- [x] CSS: .relink-modal + .file-browser styles in form.css
- [x] Fix: relinked file not appearing in FilePond pool — add file metadata to addFile() options and extensive diag logging
- [ ] Migration: rename existing theses/ directories to documents/ on disk and update DB paths
## Trash policy
- [x] FilePond remove moves to tmp/_trash (already implemented in handleRemove)
- [x] Fix: partage FilePond asks admin password — shared handler + separate partage endpoints with share_active session gate
- [x] Fix: mots-clé HTMX search — restored tag-search-fragment.php logic lost during fragment architecture refactor
- [x] Generalize pill-search: single fragment endpoint (type=tag|language|supervisor), deduplicate tag & language backends, add jury autocomplete (promoteur·ice interne/externe ULB, lecteur·ice interne/externe)
- [x] Deploy: just deploy (includes new partage/actions/filepond/ + FilepondHandler.php)
- [x] Fix: language pill-search showing mots-clé results — form field name collision; replaced hidden inputs with scoped hx-vals; fixed exclude logic per type
- [x] Add Créer button to jury supervisor autocomplete (removed guard in pill-search-fragment.php)
- [x] Fix: UNIQUE constraint on authors.email — findOrCreateAuthor now checks for existing author by email before inserting; prevents crash when two authors share an email
# Current tasks
- [x] Mandatory auto-generated passwords on share links (no custom passwords, regenerate-only in edit, rate limit on password gate)
- [x] .gitignore / .ignore: exclude *.db-wal and *.db-shm
- [x] CSS: FilePond pool file block border yellow → green on upload complete
- [x] Move shared fichiers-fragment.php from partage/ to templates/partials/form/ and update all links
- [x] Remove Écriture and Image format types (migration 035 + schema seed + query filter)
- [x] FilePond image previews: use site light colors (--bg-secondary, --text-secondary, --accent-green, --error)
- [x] Edit mode: remove custom file preview list above FilePond pools; use FilePond pools for preexisting files
- [x] Cover + note_intention: add data-existing-files to their FilePond inputs (per-queue-type JSON arrays)
- [x] Remove upload-progress bar at bottom (FilePond handles its own progress)
- [x] Remove upload-progress.js from edit/add/partage page extraJs arrays
# FilePond Refactor — Merge video/audio into TFE pool
- [x] A. `fichiers-fragment.php` — Remove separate video/audio pools, merge into TFE; include PeerTube in data-existing-files
- [x] B. `file-upload-filepond.js` — Remove peertube_video/peertube_audio/video/audio from QUEUE_CONFIG, remove acceptedFileTypesPeerTube, remove data-peertube-active logic
- [x] C. `process.php` — When queue_type=tfe and video/audio + PeerTube enabled, upload to PeerTube, return peertube:UUID
- [x] D. `load.php` — Handle peertube DB files: return placeholder SVG blob
- [x] E. `form.php` — Include PeerTube files in existingFilesJsonForTfe for edit mode
- [x] F. `ThesisEditController.php` — Remove separate video/audio/peertube_* handleFilePondQueueFiles calls; also legacy $_FILES path
- [x] G. `ThesisCreateController.php` — Same as F
# HTMX Fragment Architecture Reorganization
- [x] Create shared templates `_licence.php` and `_format-website.php` in `templates/partials/form/`
- [x] Create `src/FragmentRenderer.php` helper
- [x] Create `public/admin/fragments/` and `public/partage/fragments/` subdirectories
- [x] Create thin fragment endpoint files (auth + data prep + render shared template)
- [x] Update all hx-post references in templates to point to new `fragments/` paths
- [x] Update `partage/index.php` routing for new fragments
- [x] Keep old fragment files as thin delegates to new `fragments/` for backward compat
- [x] Update nginx config for partage fragment PHP handling
# Maintenance mode + partage fragment fix
- [x] `bootstrap.php`: add `/partage` as allowed path prefix in maintenance gate
- [x] `SystemController.php`: update maintenance detail message
- [x] `admin/parametres.php`: always-visible accessibility table (Normal vs Maintenance)
- [x] `admin.css`: `.param-access-table` styles (border-radius via overflow:hidden, green/secondary colours)
- [x] `partage/index.php`: fix fragment routing — `$slug` was `'fragments'` but check used `str_starts_with($slug, 'fragments/')`, causing HTMX fragments to redirect to / (main page)
- [x] Deploy: `just deploy` + `just deploy-nginx`
## File browser fixes
- [x] Fix: top-folder navigation regex doesn't match bare `documents`/`theses` (requires trailing slash)
- [x] Replace emoji icons (📁📄) with proper SVG icons (folder, pdf, file-archive, text-file)
- [x] Fix relink endpoint: always return JSON (even on errors), guard finfo class, add diagnostic logging
- [x] Fix JS relink error handler to parse JSON error responses
## Previous items
- [x] Step 1 — Build 4 PHP endpoints (process.php, revert.php, load.php, remove.php)
- [x] Step 2 — Update ThesisFileHandler to accept file_ids instead of $_FILES
- [x] Step 3 — Update file-upload-filepond.js (async server model + all fixes)
- [x] Step 4 — Update templates (data-queue-type on all inputs, data-existing-files in edit)
- [x] Step 5 — Update upload-progress.js (new collectFileNames, pending-uploads guard)
- [ ] Step 6 — QA / integration testing
- [ ] Step 7 — Cleanup: remove transition flags, remove INPUT_ID_TO_TYPE
# CSP & Deploy Fixes (May 2026)
- [x] Track vendor JS files in jj (they were moved to vendor/ but never `jj file track`ed)
- [x] Add `script-src 'self' 'unsafe-inline'` to main CSP header (public pages use inline scripts + onclick handlers)
- [x] Add `storage/tmp/filepond/*` to .gitignore + rsync exclude, with .gitkeep
- [ ] Deploy: `just deploy` to sync vendor JS files + updated CSP + .gitkeep to server
# improvements_postlaunch — Année verrouillable dans partage + correction ID
## Implémentation
### 1. Schema: ajouter locked_year aux share_links
- [ ] `Database::runMigrations()`: ALTER TABLE share_links ADD COLUMN locked_year INTEGER
- [ ] `app/storage/schema.sql`: ajouter la colonne
### 2. ShareLink model: lire/écrire locked_year
- [ ] `ShareLink::create()`: accepter et stocker locked_year
- [ ] `ShareLink::update()`: accepter et stocker locked_year
- [ ] `findBySlug()` retourne déjà SELECT *, donc locked_year remonte automatiquement
### 3. Admin UI — Dialog de création de lien
- [ ] Ajouter champ "Année académique verrouillée" dans create-dialog (acces.php)
- [ ] Ajouter champ dans edit-dialog (acces.php)
### 4. Admin UI — Liste des liens
- [ ] Afficher colonne "Année" dans le tableau des liens (acces.php)
### 5. Admin actions (acces-etudiante.php)
- [ ] Lire locked_year depuis $_POST dans action 'create' et 'update'
- [ ] Passer au ShareLink model
### 6. Partage — Formulaire
- [ ] `partage/index.php` (`renderShareLinkForm`): lire locked_year depuis le lien
- [ ] `fieldset-academic.php`: quand $lockedYear est défini → hidden input + span "Année académique verrouillée : YYYY" + explication; quand null → comportement actuel
- [ ] `ThesisCreateController::validateAndSanitise()`: respecter locked_year si présent dans POST (priorité sur $_POST['année'])
### 7. Admin edit.php — Forcer l'identifiant
- [ ] Ajouter un champ "Identifiant" en lecture seule mais avec un bouton "Regénérer"
- [ ] `ThesisEditController`: ajouter méthode `regenerateIdentifier()` qui reconstruit YYYY-NNN avec MAX+1 sur la nouvelle année
- [ ] `Database`: méthode `regenerateThesisIdentifier(int $thesisId, int $year)` — met à jour identifier basé sur l'année dans un SELECT FOR UPDATE
- [ ] Attention: renommer les dossiers de fichiers sur disque si l'identifiant change
Reference in New Issue View Git Blame Copy Permalink