PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 08:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
95fcbc919a44180e22104dd2d6c2e055ebc4ca0d
xamxam/TODO.md
Pontoporeia 95fcbc919a Remove required from all admin add/edit form inputs 
- Skip required-field validation for orientation/ap/finality/licence/jury in admin add+edit
2026-05-13 17:59:13 +02:00

5.7 KiB
Raw Blame History

XAMXAM TODO

Completed

  • TDD analysis + new test suites

    • Bug fixed: SearchController::handleSearch()$coverMap undefined variable + never populated for search results
    • ShareLinkTest (13 tests) — generateSlug, all validateLink branches, verifyPassword, incrementUsage, objet_restriction
    • PureLogicTest (31 tests) — TfeController helpers (meta, OG image, jury split, captions), ThesisCreateController helpers (autofocus, detectFileType, authorSlug), ThesisEditController::buildFileSizeInfo, ExportController CSV column consistency, SearchController coverMap regression
    • Private helpers promoted to protected in TfeController, ThesisCreateController, ThesisEditController to enable subclass-based testing without reflection

  • Form save audit + TDD

    • createThesis() missing duration_pages/duration_minutes columns — fixed
    • ThesisCreateController not passing raw page/minute values to createThesis() — fixed (durationPages, durationMinutes extracted and passed)
    • FormSaveTest.php — 14 red-green tests covering create+edit round-trips for all fields

  • Language form improvements

    • Add Néerlandais as default language option (schema + migration 017)
    • language_autre conditionally required via HTMX fragment (replaced custom JS)
    • language_autre saved via getOrCreateLanguage() in both create and edit controllers
    • formData['languages'] wired in edit.php so checkboxes are pre-checked
    • duration_pages/duration_minutes saved in updateThesis() and read back in getThesisRawFields()
    • beforeunload-guard applied to add and partage forms too

  • Audit + fix direct PHP URL references blocked by nginx catch-all deny all

    • /request-access.php fetch in tfe.php/request-access
    • /media.php?path= in form.php (×2) and admin/recapitulatif.php/media?path=

  • Fix 403 on /language-autre-fragment.php from edit.php

    • Root cause: standalone root-level PHP file blocked by nginx catch-all deny all
    • Moved logic to partage/language-autre-fragment.php (shared include)
    • Added route /partage/language-autre-fragment in partage/index.php
    • Added admin/language-autre-fragment.php (AdminAuth gated, includes shared logic)
    • form.php picks URL based on $mode (partage vs admin)
    • Deleted public/language-autre-fragment.php; nginx unchanged

  • Merge banner images into cover images

    • Migration 016: copy storage/banners/*storage/covers/, insert thesis_files cover records, clear banner_path, remove banners dir
    • Remove banner fieldset from edit form (form.php)
    • Remove banner fieldset from student submission form (fieldset-files.php: rename to couverture)
    • Update ThesisEditController::save() — remove banner upload/removal logic
    • Update ThesisCreateController::submit() — remove handleBannerUpload call
    • Update Database::handleCoverUpload() — add webp support, raise limit to 20 MB
    • Remove Database::setBannerPath(), handleBannerUpload(), getThesisBannerPath()
    • Update Database::deleteThesis() / bulkDeleteTheses() — remove banner file cleanup
    • HomeController: batch-load covers for all items, remove banner_path fallback
    • SearchController::handleSearch(): batch-load covers, pass $coverMap to view
    • SearchController::handleStudentPreview(): load covers, pass $coverMap to partial
    • TfeController::resolveOgImage(): use cover file_type instead of banner_path
    • home.php: use only $coverMap (no banner_path fallback)
    • search.php: show cover thumbnail on result cards
    • student-preview.php: use $coverMap instead of banner_path
    • Migration applied and file moved to applied/

  • Remove required from all form inputs in admin add/edit

    • Introduced $adminMode flag in form.php (true when $mode is 'add' or 'edit')
    • Hidden "champs obligatoires" note in admin mode
    • All $required = true callers in form.php, fieldset-tfe-info.php, fieldset-academic.php, fieldset-licence-explanation.php, fieldset-files.php changed to !$adminMode
    • Hardcoded required HTML attributes in fieldset-tfe-info.php (synopsis, objet radios), fieldset-licence-explanation.php (access type radios), jury-fieldset.php (promoteur, lecteurs interne/externe) gated on !$adminMode
    • Dynamic JS ulbInput.required in jury fieldset also gated
    • Remove server-side validation for orientation, ap, finality, licence, jury roles in ThesisEditController::save() — admins can save partial records
    • Same for ThesisCreateController::submit(): added $adminMode param, pass true from admin/actions/formulaire.php

  • Encrypt SMTP password at rest (AES-256-GCM)

    • app/.env — holds APP_KEY (base64, 32 bytes); added to .gitignore
    • src/Crypto.phpencrypt() / decrypt() / isEncrypted() via OpenSSL AES-256-GCM
    • SmtpRelay::getSettings() — decrypts password after DB fetch
    • SmtpRelay::updateSettings() — encrypts password before DB write
    • parametres.php template — password field no longer pre-filled (ciphertext never sent to browser)
    • Migration 018_encrypt_smtp_password.php — encrypted existing plaintext in DB; moved to applied/
    • justfiledeploy calls deploy-env (uploads .env only if remote doesn't exist yet)
    • justfiledeploy-env recipe: safe upload with guards
    • justfilereencrypt-password recipe: rotates APP_KEY on remote DB
    • scripts/reencrypt-smtp-password.php — decrypts with old key, re-encrypts with new key, updates .env
Reference in New Issue View Git Blame Copy Permalink