mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
ae6d9b86b3
- admin/index.php: alert() → no-selection dialog; confirm() bulk actions → bulk-confirm/bulk-delete dialogs; confirm() single delete → delete-thesis dialog; removed redundant confirm on Dépublier (reversible action) - admin/tags.php: confirm() merge/delete → merge-tag/delete-tag dialogs - admin/acces-etudiante.php: confirm() delete link → delete-link dialog - admin/acces.php: confirm() archive link → archive-link dialog - admin/parametres.php: confirm() maintenance/delete-all → enable-maintenance/delete-all-tfe dialogs; admin password confirm() kept with TODO comment - admin/account.php: admin password confirm() kept with TODO comment - admin.css: add .admin-dialog--sm, .admin-dialog__alert, .admin-dialog__footer styles
53 lines
4.4 KiB
Markdown
53 lines
4.4 KiB
Markdown
# XAMXAM TODO
|
|
|
|
## Duplicate TFE submission prevention (fixes)
|
|
- [x] `DuplicateThesisException` — typed exception carrying existing thesis metadata
|
|
- [x] `Database::findDuplicateThesis()` — year + author + normalised-title matching (exact, prefix, Levenshtein ≤10%)
|
|
- [x] `ThesisCreateController::submit()` — calls duplicate check before any DB write, throws `DuplicateThesisException`
|
|
- [x] `AppLogger::logDuplicate()` — dedicated log action (`status: duplicate`) for audit trail
|
|
- [x] `App::flash/consumeFlash` — extended to support `warning` type alongside `error`/`success`
|
|
- [x] `admin/actions/formulaire.php` — catches `DuplicateThesisException` separately; logs it; flashes HTML warning with link to existing thesis; repopulates form
|
|
- [x] `partage/index.php` — same catch block; plain-text warning (no admin link) surfaced on the student form via `flash-warning` banner; form repopulated
|
|
- [x] `toast.php` — renders `toast--warning` block
|
|
- [x] `admin.css` — `.toast--warning` style + link colour
|
|
- [x] `form.css` — `.flash-warning` style (partage form)
|
|
|
|
## Admin audit logging
|
|
- [x] `AdminLogger` class — JSON-lines to `/var/log/xamxam.log` (prod) or `storage/logs/admin.log` (dev), mirrors to `admin_audit_log` DB table
|
|
- [x] `admin_audit_log` DB table — created in schema + migrated
|
|
- [x] `share_links.is_archived` column — archive replaces delete; stats preserved
|
|
- [x] `ShareLink::archive()` — new method; `toggleActive` returns new state; `listActive()` / `listArchived()` split; `validateLink` blocks archived slugs
|
|
- [x] `actions/acces-etudiante.php` — delete→archive, all actions logged (create, toggle, set_password, archive)
|
|
- [x] `actions/publish.php` — publish/unpublish logged
|
|
- [x] `actions/delete.php` — delete / bulk-delete / delete-all logged
|
|
- [x] `actions/visibility.php` — visibility changes logged
|
|
- [x] `actions/export-csv.php` — CSV export logged
|
|
- [x] `actions/export-db.php` — DB export logged
|
|
- [x] `actions/edit.php` — TFE edit logged
|
|
- [x] `actions/formulaire.php` — TFE add from admin logged
|
|
- [x] `actions/tag.php` — rename/merge/delete logged
|
|
- [x] `actions/page.php` — static page edits logged
|
|
- [x] `actions/apropos.php` — à-propos edits logged
|
|
- [x] `actions/form-help.php` — form structure edits logged
|
|
- [x] `actions/access-request.php` — approve/reject logged
|
|
- [x] `actions/maintenance.php` — maintenance on/off logged
|
|
- [x] `actions/settings.php` — formulaire toggles, objet types, SMTP update logged
|
|
- [x] `actions/smtp-test.php` — SMTP test logged
|
|
- [x] `templates/admin/acces.php` — archive button, archived links collapsible section
|
|
- [x] `scripts/setup-server.sh` — provision `/var/log/xamxam.log` with correct ownership
|
|
|
|
## Replace browser dialogs with `<dialog>` modals
|
|
- [x] `admin/index.php` — `alert()` (no selection) → `<dialog id="no-selection-dialog">`; `confirm()` bulk publish/unpublish → `<dialog id="bulk-confirm-dialog">`; `confirm()` bulk delete → `<dialog id="bulk-delete-dialog">`; `confirm()` single delete → `<dialog id="delete-thesis-dialog">`; inline `confirm()` on Dépublier button removed (no confirmation needed for reversible action)
|
|
- [x] `admin/tags.php` — `confirm()` merge → `<dialog id="merge-tag-dialog">`; `confirm()` delete → `<dialog id="delete-tag-dialog">`
|
|
- [x] `admin/acces-etudiante.php` — `confirm()` delete link → `<dialog id="delete-link-dialog">`
|
|
- [x] `admin/acces.php` — `confirm()` archive link → `<dialog id="archive-link-dialog">`
|
|
- [x] `admin/parametres.php` — `confirm()` enable maintenance → `<dialog id="enable-maintenance-dialog">`; `confirm()` delete all TFE → `<dialog id="delete-all-tfe-dialog">`; admin password `confirm()` kept with `TODO` comment
|
|
- [x] `admin/account.php` — admin password `confirm()` kept with `TODO` comment
|
|
- [x] `admin.css` — added `.admin-dialog--sm`, `.admin-dialog__alert`, `.admin-dialog__footer` styles
|
|
|
|
## Duplicate warning display fixes
|
|
- [x] `toast-fragment.php` — 204 guard now also checks `warning`; warning was silently discarded before
|
|
- [x] `partage/index.php` — warning stored as plain text (no pre-escaping); `htmlspecialchars()` applied once at render; was double-encoded before
|
|
- [x] `partage/index.php` — `flash-warning` div gets `id` + `tabindex=-1`; inline JS scrolls and focuses it on load
|
|
- [x] `admin/footer.php` — `htmx:afterSettle` listener focuses `.toast--warning` after HTMX injects the toast fragment
|