From 9fbdbd0cf398de4085679effe336313c1a0731b8 Mon Sep 17 00:00:00 2001 From: Corentin JOGUET Date: Thu, 7 May 2026 23:05:51 +0200 Subject: [PATCH] =?UTF-8?q?docs(session):=20RECAP=20fin=20session=202026-0?= =?UTF-8?q?5-07=20=E2=80=94=20pivot=20Notion-like=20+=20R1=20+=20R2.x=20li?= =?UTF-8?q?vres?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../fast-app/formation-hub/SESSION-RESUME.md | 72 ++++++++++++++++++- 1 file changed, 71 insertions(+), 1 deletion(-) diff --git a/_byan-output/fast-app/formation-hub/SESSION-RESUME.md b/_byan-output/fast-app/formation-hub/SESSION-RESUME.md index 1b97453..95354d6 100644 --- a/_byan-output/fast-app/formation-hub/SESSION-RESUME.md +++ b/_byan-output/fast-app/formation-hub/SESSION-RESUME.md @@ -1,4 +1,74 @@ -# SESSION RESUME — formation-hub Acadenice (last update 2026-05-07 R2.3b) +# SESSION RESUME — formation-hub Acadenice (last update 2026-05-07 fin de session, post R2.3b) + +## RECAP SESSION 2026-05-07 (lecture obligatoire post-/compact) + +### Pivot strategique majeur acte +DocAdenice n'est plus un outil metier formation-hub mais un **produit Notion-like generique**. Le bridge a ete refactor (R1) pour supprimer l'ontologie metier (Personne/Formation/Bloc/Module/Attribution/Client/Projet/Tache/Intervention) au profit de routes generiques `/api/v1/tables/*`. Le metier formation-hub vit dans `examples/acadenice-formation-hub/`. + +### Memoire perso a jour +- `feedback_no_mvp.md` : Corentin refuse les MVP / shortcuts. Production-like des le jour 1. +- `user_role.md` : ancien conseil "MVP first" marque OBSOLETE. +- `MEMORY.md` index cree. + +### Etat des chantiers (commits, ordres chronologique de la session) + +**Bridge formation-hub (`bridge/`, push origin+selfhost)** : +``` +a79c51e R2.3b bridge accepte JWT HMAC DocAdenice via DOCMOST_APP_SECRET +2ed73fa R1 refactor proxy generique style Notion +0cf6533 Bloc 5 rate limit + cache invalidation cote writes +571f5c3 Bloc 4 OIDC-ready (Authentik JWKS + service tokens) +8b42cbc chore docmost upstream clone + rename setup +022b1ee Bloc 7 webhooks Baserow + Docmost stub (HMAC + idempotence) +c4f087b Bloc 6 tests integration adapters via testcontainers +``` +Bridge state : 292/292 tests verts, coverage globale 89.54% lines, 3 sources d'auth Bearer (brg_*, RS256 Authentik, HS256 DocAdenice). + +**Fork DocAdenice (`docmost/`, gitignored, branche `acadenice/main`, local-only)** : +``` +4d8bd25 R2.3a /api/acadenice/permissions/me + frontend hook React Query propre +022add9 R2.2 frontend pages settings RBAC (PermissionMatrix, sidebar, i18n FR+EN) +bcd8611 R2.1 backend RBAC dynamique (catalogue 22 perms, 5 roles seed, JWT enrichi) +06c46f7 fix scopes Authentik (groups dans profile, pas un scope standard) +07d0b66 Bloc 4b OIDC client Authentik via openid-client v6.8.2 +efa2644 rebrand DocAdenice (titres + emails, identifiants techniques KEEP) +``` + +### Ce qui marche end-to-end (en local) +- Bridge expose `/api/v1/tables/*` (CRUD generique Baserow) +- Frontend DocAdenice `/settings/roles` + matrix permissions + assignation users +- JWT DocAdenice enrichi avec `acadenice_permissions[]` au sign +- Bridge consume le claim direct (pas de mapping) +- 3 modes auth Bearer cohabitent + +### Catalogue 22 permissions atomiques (en code TS, fork) +``` +pages:read|write|delete|share, space:read|create|write|delete|invite, +tables:list|create|write|delete, rows:read|write|delete, +attachments:upload|delete, users:invite|write|delete, roles:manage, admin:* +``` + +### 5 roles classiques pre-seed (`is_system_role=true`) +Owner=`admin:*`, Admin=tout sauf `*:delete` et `roles:manage`, Editor, Member, Guest. + +### Suite immediate : R3 — Tiptap node-views Notion-like (4 sous-blocs) +- **R3.1** database-view inline (embed une table/kanban/calendar Baserow dans une page) +- **R3.2** backlinks bidirec (page A reference B → B liste les references entrantes) +- **R3.3** slash commands custom (declarer ses propres `/foo` extensibles) +- **R3.4** dual editor (code raw markdown + WYSIWYG) + +### TODO connus non bloquants +- Hook `WorkspaceService.create` pour seed live RBAC (actuellement seed au prochain boot) +- Audit log mutations role/assignation +- Mapping group sync OIDC -> acadenice_role (sync user.groups Authentik vers acadenice_user_role) +- Pagination liste roles (assume < 100 / workspace) +- Section "Members" dans page detail role +- Endpoint admin debug `GET /permissions/me/effective?for=` + +### Push pending au fork +Quand un fork remote `acadenice` sera cree (Forgejo ou GitHub fork), push toute la branche `acadenice/main` du repo `docmost/` sur ce remote. Aujourd'hui les commits sont local-only. + +--- ## CHANGELOG R2.3b — Bridge accepte JWT HMAC DocAdenice (mode local sans Authentik)