PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
79eddf5d5a0256f0eb2116917ec47c4bc8eb94e1
xamxam/TODO.md
Pontoporeia 79eddf5d5a feat: fix file deletion on save + trash policy + documents/ prefix + relink browser 
1. note_intention: Delete old file only when a genuinely new upload arrives
   (32-char hex file_id), not when the FilePond pool preserves an existing
   file by sending its DB integer ID.  Previously the DB integer ID
   triggered $hasNewNote=true, which deleted the existing note_intention
   from disk+DB, then handleFilePondSingleFile couldn't re-process it
   because the regex requires a hex pattern.  Same fix applied to cover.

2. All file deletions now use deleteThesisFileToTrash() which renames
   files to tmp/_trash/ instead of unlinking.  The trash preserves
   original filenames prefixed with DB id for traceability.  Skips
   website URLs and PeerTube refs (no disk file).

3. Storage prefix changed from theses/ to documents/ to reflect that
   the folder holds all document types (determined by file_type in DB).
   MediaController visibility gate supports both prefixes for backward
   compat with existing files.

4. File browser + relink feature for orphaned files:
   - /admin/fragments/file-browser.php — HTMX tree browser for
     storage/documents/ and storage/theses/
   - /admin/actions/filepond/relink.php — POST endpoint that inserts
     a thesis_files row pointing to existing on-disk file
   - Per-pool "📂 Relier" buttons (edit mode only)
   - JS: XamxamOpenFileBrowser / XamxamRelinkFile with FilePond integration
   - CSS: .relink-modal dialog + .file-browser tree styles
2026-05-19 00:08:06 +02:00

8.1 KiB
Raw Blame History

Current tasks

Save fixes (files disappearing on edit/terminer)

  • Fix: note_intention deleted on save — handleFilePondSingleFile treats existing DB id as new upload, deletes existing, then can't re-process (integer vs hex mismatch)
  • Fix: cover removal now uses trash, same hex-vs-integer guard as note_intention
  • Fix: all file deletions now route through deleteThesisFileToTrash (renames to tmp/_trash instead of unlinking)

Storage restructure

  • Move storage root from theses/ to documents/ (ThesisFileHandler, ThesisEditController, ThesisCreateController, MediaController)
  • MediaController: support both theses/ and documents/ prefixes for visibility gate
  • Migration: rename existing theses/ directories to documents/ on disk and update DB paths

Relink feature

  • Backend: endpoint to browse documents/ directory (file-browser.php with HTMX tree)
  • Backend: endpoint to relink an existing file to a thesis (relink.php inserts thesis_files row)
  • Frontend: modal with folder browser, triggered by a "Relier" button next to each FilePond pool
  • JS: integrate relink button into FilePond UI (XamxamOpenFileBrowser + XamxamRelinkFile)
  • CSS: .relink-modal + .file-browser styles in form.css

Trash policy

  • FilePond remove moves to tmp/_trash (already implemented in handleRemove)

  • Fix: partage FilePond asks admin password — shared handler + separate partage endpoints with share_active session gate

  • Fix: mots-clé HTMX search — restored tag-search-fragment.php logic lost during fragment architecture refactor

  • Generalize pill-search: single fragment endpoint (type=tag|language|supervisor), deduplicate tag & language backends, add jury autocomplete (promoteur·ice interne/externe ULB, lecteur·ice interne/externe)

  • Deploy: just deploy (includes new partage/actions/filepond/ + FilepondHandler.php)

  • Fix: language pill-search showing mots-clé results — form field name collision; replaced hidden inputs with scoped hx-vals; fixed exclude logic per type

  • Add Créer button to jury supervisor autocomplete (removed guard in pill-search-fragment.php)

  • Fix: UNIQUE constraint on authors.email — findOrCreateAuthor now checks for existing author by email before inserting; prevents crash when two authors share an email

Current tasks

  • Mandatory auto-generated passwords on share links (no custom passwords, regenerate-only in edit, rate limit on password gate)
  • .gitignore / .ignore: exclude *.db-wal and *.db-shm
  • CSS: FilePond pool file block border yellow → green on upload complete
  • Move shared fichiers-fragment.php from partage/ to templates/partials/form/ and update all links
  • Remove Écriture and Image format types (migration 035 + schema seed + query filter)
  • FilePond image previews: use site light colors (--bg-secondary, --text-secondary, --accent-green, --error)
  • Edit mode: remove custom file preview list above FilePond pools; use FilePond pools for preexisting files
  • Cover + note_intention: add data-existing-files to their FilePond inputs (per-queue-type JSON arrays)
  • Remove upload-progress bar at bottom (FilePond handles its own progress)
  • Remove upload-progress.js from edit/add/partage page extraJs arrays

FilePond Refactor — Merge video/audio into TFE pool

  • A. fichiers-fragment.php — Remove separate video/audio pools, merge into TFE; include PeerTube in data-existing-files
  • B. file-upload-filepond.js — Remove peertube_video/peertube_audio/video/audio from QUEUE_CONFIG, remove acceptedFileTypesPeerTube, remove data-peertube-active logic
  • C. process.php — When queue_type=tfe and video/audio + PeerTube enabled, upload to PeerTube, return peertube:UUID
  • D. load.php — Handle peertube DB files: return placeholder SVG blob
  • E. form.php — Include PeerTube files in existingFilesJsonForTfe for edit mode
  • F. ThesisEditController.php — Remove separate video/audio/peertube_* handleFilePondQueueFiles calls; also legacy $_FILES path
  • G. ThesisCreateController.php — Same as F

HTMX Fragment Architecture Reorganization

  • Create shared templates _licence.php and _format-website.php in templates/partials/form/
  • Create src/FragmentRenderer.php helper
  • Create public/admin/fragments/ and public/partage/fragments/ subdirectories
  • Create thin fragment endpoint files (auth + data prep + render shared template)
  • Update all hx-post references in templates to point to new fragments/ paths
  • Update partage/index.php routing for new fragments
  • Keep old fragment files as thin delegates to new fragments/ for backward compat
  • Update nginx config for partage fragment PHP handling

Maintenance mode + partage fragment fix

  • bootstrap.php: add /partage as allowed path prefix in maintenance gate
  • SystemController.php: update maintenance detail message
  • admin/parametres.php: always-visible accessibility table (Normal vs Maintenance)
  • admin.css: .param-access-table styles (border-radius via overflow:hidden, green/secondary colours)
  • partage/index.php: fix fragment routing — $slug was 'fragments' but check used str_starts_with($slug, 'fragments/'), causing HTMX fragments to redirect to / (main page)
  • Deploy: just deploy + just deploy-nginx

Previous items

  • Step 1 — Build 4 PHP endpoints (process.php, revert.php, load.php, remove.php)
  • Step 2 — Update ThesisFileHandler to accept file_ids instead of $_FILES
  • Step 3 — Update file-upload-filepond.js (async server model + all fixes)
  • Step 4 — Update templates (data-queue-type on all inputs, data-existing-files in edit)
  • Step 5 — Update upload-progress.js (new collectFileNames, pending-uploads guard)
  • Step 6 — QA / integration testing
  • Step 7 — Cleanup: remove transition flags, remove INPUT_ID_TO_TYPE

CSP & Deploy Fixes (May 2026)

  • Track vendor JS files in jj (they were moved to vendor/ but never jj file tracked)
  • Add script-src 'self' 'unsafe-inline' to main CSP header (public pages use inline scripts + onclick handlers)
  • Add storage/tmp/filepond/* to .gitignore + rsync exclude, with .gitkeep
  • Deploy: just deploy to sync vendor JS files + updated CSP + .gitkeep to server

improvements_postlaunch — Année verrouillable dans partage + correction ID

Implémentation

1. Schema: ajouter locked_year aux share_links

  • Database::runMigrations(): ALTER TABLE share_links ADD COLUMN locked_year INTEGER
  • app/storage/schema.sql: ajouter la colonne

2. ShareLink model: lire/écrire locked_year

  • ShareLink::create(): accepter et stocker locked_year
  • ShareLink::update(): accepter et stocker locked_year
  • findBySlug() retourne déjà SELECT *, donc locked_year remonte automatiquement

3. Admin UI — Dialog de création de lien

  • Ajouter champ "Année académique verrouillée" dans create-dialog (acces.php)
  • Ajouter champ dans edit-dialog (acces.php)

4. Admin UI — Liste des liens

  • Afficher colonne "Année" dans le tableau des liens (acces.php)

5. Admin actions (acces-etudiante.php)

  • Lire locked_year depuis $_POST dans action 'create' et 'update'
  • Passer au ShareLink model

6. Partage — Formulaire

  • partage/index.php (renderShareLinkForm): lire locked_year depuis le lien
  • fieldset-academic.php: quand $lockedYear est défini → hidden input + span "Année académique verrouillée : YYYY" + explication; quand null → comportement actuel
  • ThesisCreateController::validateAndSanitise(): respecter locked_year si présent dans POST (priorité sur $_POST['année'])

7. Admin edit.php — Forcer l'identifiant

  • Ajouter un champ "Identifiant" en lecture seule mais avec un bouton "Regénérer"
  • ThesisEditController: ajouter méthode regenerateIdentifier() qui reconstruit YYYY-NNN avec MAX+1 sur la nouvelle année
  • Database: méthode regenerateThesisIdentifier(int $thesisId, int $year) — met à jour identifier basé sur l'année dans un SELECT FOR UPDATE
  • Attention: renommer les dossiers de fichiers sur disque si l'identifiant change
Reference in New Issue View Git Blame Copy Permalink