mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
27e1b6828d
Requirements: - parametres.php toggle: 'restricted_files_enabled' enables/disables the feature - Public TFE page: when enabled + access_type=Interne, hides files, shows French restriction message + access request form (metadata/synopsis still visible) - ERG emails (@erg.school / @erg.be): auto-approve, send 24h access link immediately - External emails: show justification textarea, create pending request, notify admin - Admin panel /admin/file-access.php: approve/reject requests with optional notes, sends access email on approval (linked from admin nav with pending count badge) Security: - One-time 24h email tokens (used_at + is_valid=0 on first click) - Token redeemed via POST /validate-access (GET shows confirmation page only) - Long-lived 30-day browser session in file_access_sessions table - Cookie: HttpOnly + Secure + SameSite=Strict - CSRF on all mutations, rate limiting on request submission - Audit trail: IP, UA, event, timestamp in file_access_audit Bug fixes: - admin/file-access.php: $vars never extract()ed → page was blank - Template had self-contained head/footer includes (double-include) - Admin approval URL used $requestId instead of $request['thesis_id'] - App::boot() now starts session so CSRF token works on public pages - Dispatcher routes /validate-access and /request-access through front controller
Database Documentation
Complete documentation for the Post-ERG thesis database.
📚 Available Documentation
1. DATABASE_SPECIFICATION.md ⭐
Complete technical specification - 25KB comprehensive document
Contents:
- Complete table definitions with all columns
- Entity relationship diagrams
- Junction table specifications
- Lookup table values
- Business rules and workflows
- Sample queries and use cases
- Instructions for requesting schema changes
Use when: You need complete technical details about the database structure.
2. QUICK_SCHEMA_REFERENCE.md 🚀
Quick reference guide - 5KB at-a-glance reference
Contents:
- Table summary
- Key relationships diagram
- Core fields reference
- Predefined lookup values
- Common SQL queries
- Constraint summary
Use when: You need quick lookup or common query examples.
3. schema.sql 💾
The actual SQL schema - Executable SQL file
Contents:
- Complete CREATE TABLE statements
- Indexes and triggers
- Predefined data (orientations, AP programs, etc.)
- Views for common queries
Use when: Setting up or resetting the database.
🚀 Quick Start
View Database Schema
# Read the quick reference
cat database/QUICK_SCHEMA_REFERENCE.md
# Or full specification
cat database/DATABASE_SPECIFICATION.md
Initialize Database
# Create test database from schema
just init-test-db
# Create with sample data
just create-fixtures
Query Database
# Open SQLite prompt
just query-db
# Show specific thesis
just show-thesis 42
📝 Making Schema Changes
Step 1: Document Your Request
Format:
**Table:** [table_name]
**Change Type:** [add/modify/remove]
**What:** [description]
**Why:** [reason/use case]
**Example Data:** [samples]
Step 2: Specify Details
For new columns:
- Column name
- Data type (TEXT, INTEGER, BOOLEAN, DATETIME)
- NULL/NOT NULL
- Default value
- Indexes needed?
For new tables:
- Table name
- All columns
- Relationships to existing tables
- Sample data
Step 3: Provide Context
Include:
- Use case scenario
- Who will use it?
- How will it be displayed?
- Any constraints?
Example Request
**Table:** theses
**Change Type:** add column
**What:** Add column to track if thesis won an award
**Why:** Need to highlight award-winning theses on homepage
**Column Name:** has_award
**Data Type:** BOOLEAN
**Default:** 0 (false)
**Example:** 1 for "Prix du Jury 2025" winner
🗂️ Database Structure Overview
┌─────────────┐
│ theses │ ◄── Main table (500+ records/year)
└──────┬──────┘
│
├──► authors (via thesis_authors)
├──► supervisors (via thesis_supervisors)
├──► keywords (via thesis_keywords)
├──► languages (via thesis_languages)
├──► formats (via thesis_formats)
├──► thesis_files (attachments)
│
└──► Lookup tables:
• orientations
• ap_programs
• finality_types
• access_types
• license_types
📊 Key Statistics
- Core tables: 3 (theses, authors, supervisors)
- Junction tables: 5 (many-to-many relationships)
- Lookup tables: 7 (predefined values)
- Support tables: 2 (files, pages)
- Views: 2 (full data, public only)
- Indexes: 11 (for performance)
- Triggers: 4 (auto-update timestamps)
🔍 Common Scenarios
Scenario 1: Student Submits Thesis
- Create record in
theses(is_published=0) - Add author to
authors, link viathesis_authors - Add supervisor(s) to
supervisors, link viathesis_supervisors - Set
orientation_id,ap_program_id,finality_id - Upload file to
thesis_files - Add keywords via
thesis_keywords - Set
submitted_attimestamp
Scenario 2: Admin Publishes Thesis
- Verify all required fields present
- Set
defense_date - Set
jury_points - Optional: add
context_note - Set
is_published = 1 - Set
published_at = CURRENT_TIMESTAMP
Scenario 3: Public User Searches
Query v_theses_public view with filters:
- By year
- By orientation
- By keyword
- By author name
- Full-text search in title/synopsis
🛠️ Development Workflow
Local Development
- Use
posterg.dbfor development - Create via
just init-db - Test queries before deployment
📞 Need Help?
- Quick lookup → Read
QUICK_SCHEMA_REFERENCE.md - Complete details → Read
DATABASE_SPECIFICATION.md - Schema changes → Follow format in this README
- SQL examples → Check
QUICK_SCHEMA_REFERENCE.md