68a2690b98
test(e2e): parcours admin Playwright + fix cookie Secure conditionnel (ADR-0010) ( #46 )
CI / secret-scan (push) Successful in 10s
CI / php-lint (push) Successful in 20s
CI / static-tests (push) Successful in 43s
CI / js-tests (push) Successful in 24s
CI / auto-merge (push) Has been skipped
2026-06-17 17:07:35 +02:00
aef6174b5b
test(e2e): parcours borne Playwright (conteneur, stack jetable) ( #45 )
CI / secret-scan (push) Successful in 10s
CI / php-lint (push) Successful in 25s
CI / js-tests (push) Successful in 30s
CI / static-tests (push) Successful in 47s
CI / auto-merge (push) Has been skipped
2026-06-17 16:38:33 +02:00
d880f2512a
feat(admin): RBAC - matrice roles/permissions + roles custom (PIN+audit diff) (P3) ( #39 )
CI / php-lint (push) Successful in 21s
CI / js-tests (push) Successful in 21s
CI / secret-scan (push) Successful in 10s
CI / static-tests (push) Successful in 44s
CI / auto-merge (push) Has been skipped
2026-06-17 14:25:42 +02:00
e430f54d85
feat(admin): gestion des comptes back-office (CRUD users + RGPD, PIN+audit) (P3) ( #38 )
CI / js-tests (push) Successful in 19s
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 45s
CI / auto-merge (push) Has been skipped
2026-06-17 13:49:02 +02:00
9c2844c116
feat(admin): tableau de bord statistiques (catalogue + sante stock RG-T21) (P3) ( #37 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 44s
CI / js-tests (push) Successful in 18s
CI / auto-merge (push) Has been skipped
2026-06-17 12:37:58 +02:00
1ecd78324c
feat(borne): modale allergenes generale (14 INCO) sur carte et fiche + harnais tests JS (P3) ( #36 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 18s
CI / static-tests (push) Successful in 42s
CI / js-tests (push) Successful in 18s
CI / auto-merge (push) Has been skipped
2026-06-17 12:10:46 +02:00
ed392d4c14
feat(admin): recettes produit - composition product_ingredient + dispo calculee RG-T21 (P3, ferme #27 ) ( #35 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 17s
CI / static-tests (push) Successful in 39s
CI / auto-merge (push) Has been skipped
2026-06-17 11:29:07 +02:00
1f4b9478ca
feat(admin): stock ingredients - CRUD, restock, inventaire PIN, mouvements (P3, mlt 8.8 + domaine 9) ( #34 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 21s
CI / static-tests (push) Successful in 39s
CI / auto-merge (push) Has been skipped
2026-06-17 11:11:31 +02:00
0666a22562
fix(admin): conflits HTTP 409 au lieu de 422 (delete FK-bloque + course unicite) ( #33 )
CI / secret-scan (push) Successful in 10s
CI / php-lint (push) Successful in 21s
CI / static-tests (push) Successful in 53s
CI / auto-merge (push) Has been skipped
2026-06-17 10:11:28 +02:00
c2a4854083
feat(admin): CRUD menus composes avec slots (P3, mlt 8.4-8.6) ( #32 )
CI / secret-scan (push) Successful in 9s
CI / php-lint (push) Successful in 22s
CI / static-tests (push) Successful in 48s
CI / auto-merge (push) Has been skipped
2026-06-16 15:39:09 +02:00
7d24714d9b
docs(borne): clarifie le repli JSON statique (fige, divergent de la DB) ( #31 )
CI / secret-scan (push) Successful in 12s
CI / php-lint (push) Successful in 27s
CI / static-tests (push) Successful in 50s
CI / auto-merge (push) Has been skipped
2026-06-16 14:21:53 +02:00
05da325d05
fix(admin): chemin d'echec PIN atomique (pin.failed + throttle dans 1 transaction) ( #30 )
CI / secret-scan (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
2026-06-16 14:21:50 +02:00
2cc499dc71
fix(admin): lien decouvrable vers la page de definition du PIN ( #28 )
CI / secret-scan (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
2026-06-16 14:21:42 +02:00
c284c840d0
fix(admin): retire les liens de nav vers des pages non construites ( #23 )
CI / secret-scan (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
CI / php-lint (push) Has been cancelled
2026-06-16 14:21:35 +02:00
8ce1dc21de
docs(catalogue): contrat exact des FK a la suppression produit ( #27 )
CI / secret-scan (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
CI / php-lint (push) Has been cancelled
2026-06-16 14:21:27 +02:00
656c7a2f3d
fix(auth): retire le bouton mort PASSWORD_ALGO (argon2id fixe dans le code) ( #29 )
CI / secret-scan (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
2026-06-16 14:21:09 +02:00
6557dd9c6c
fix(auth): leurre anti-enumeration sur la demande de reset ( #26 )
CI / secret-scan (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
2026-06-16 14:20:59 +02:00
9ddb4ccb27
fix(kiosk): escape data-derived strings in innerHTML (RG-T15) ( #20 )
CI / secret-scan (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
2026-06-16 14:20:50 +02:00
ee14186a19
fix(admin): remove stale unauthenticated static admin mockups ( #19 )
CI / secret-scan (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
2026-06-16 14:20:45 +02:00
ad5203d3fc
feat(admin): throttle du PIN d action sensible par acteur (RG-T22) ( #18 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 20s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
2026-06-16 00:06:33 +02:00
2756fb4080
feat(admin): CRUD produits avec PIN conditionnel et audit ( #17 )
CI / secret-scan (push) Successful in 12s
CI / php-lint (push) Successful in 22s
CI / static-tests (push) Successful in 36s
CI / auto-merge (push) Has been skipped
2026-06-15 22:35:50 +02:00
f63ac9873c
feat: PIN self-service P3 (/admin/profile/pin) ( #16 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 18s
CI / static-tests (push) Successful in 35s
CI / auto-merge (push) Has been skipped
2026-06-15 22:04:14 +02:00
8290ceabc4
feat: CRUD categories P3 (rendu serveur, garde + CSRF + validation) ( #15 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 18s
CI / static-tests (push) Successful in 27s
CI / auto-merge (push) Has been skipped
2026-06-15 21:45:31 +02:00
2bc22ab5c8
feat: shell back-office P3 (pages rendues serveur + garde) ( #14 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
2026-06-15 21:25:06 +02:00
7c35f8e2dc
feat: PIN d action sensible P2 (PinVerifier RG-T13) ( #13 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
2026-06-15 21:00:11 +02:00
f979a2339e
feat: RBAC P2 (autorisation par permission + garde de session + /api/me) ( #12 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 33s
CI / auto-merge (push) Has been skipped
2026-06-15 20:45:19 +02:00
1b0b20c12d
feat: authentification back-office P2 (login/logout/reset, throttle, audit) ( #11 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 17s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
2026-06-15 20:18:59 +02:00
c8f5370cfd
refactor(core): src/app structure + fix auto-merge label gate ( #10 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
2026-06-15 17:01:10 +02:00
Imugiii
8c93b26ec0
feat(core): from-scratch PHP MVC skeleton (autoloader/config/PDO/router/front controller) + PHPUnit/PHPStan + composer-less CI
2026-06-15 14:13:49 +00:00
Imugiii
a3eae01906
Merge pull request #6 from AcadeNice/feat/p3-admin-shell
...
feat(admin): admin back-office visual shell (P3 scaffold)
2026-06-04 17:28:31 +02:00
Imugiii
17b792acfa
feat(admin): vanilla JS for dropdowns, sortable tables, inline search
2026-05-09 09:27:51 +00:00
Imugiii
199d926903
feat(admin): orders, kitchen view, users pages with realistic placeholders
2026-05-09 09:27:48 +00:00
Imugiii
447cc598f6
feat(admin): catalogue page with tabs categories/products/menus
2026-05-09 09:27:45 +00:00
Imugiii
b9a5414c37
feat(admin): dashboard with KPI cards and recent orders table
2026-05-09 09:27:42 +00:00
Imugiii
0b028e534b
feat(admin): admin design system CSS (palette, typography, components)
2026-05-09 09:27:40 +00:00
Imugiii
6f07238569
feat(admin): scaffold login screen and admin layout shell (sidebar, topbar)
2026-05-09 09:27:38 +00:00
Imugiii
c9fafd1c78
feat(front): render menu composition breakdown in cart lines with supplement total
2026-05-09 09:18:56 +00:00
Imugiii
e64adb60d3
feat(front): add menu composer multi-step logic and burger pre-selection
2026-05-09 09:18:49 +00:00
Imugiii
ad0b59a668
feat(front): extend cart state for menu composition with size supplements
2026-05-09 09:18:47 +00:00
Imugiii
6db68da0f9
feat(front): add menu composer modal HTML structure and CSS
2026-05-09 09:18:42 +00:00
Imugiii
6a7e772646
feat(front): extend CSS design system for P5 new screens
...
Adds components (sections 7-13 in style.css):
- Shared: .btn, .mode-badge, .cart-badge, .site-header__cart
- products page: .products-grid, .product-card (3-col grid)
- product detail: .product-detail, skeleton animation, composition block
- cart: .cart-line, .qty-btn, .cart-summary
- payment: .payment-choice with inline SVG icons
- confirmation: .confirmation-banner with check animation
All new components reuse existing design tokens; no new palette entries.
2026-05-09 07:59:50 +00:00
Imugiii
0d83512a4f
feat(front): payment selection and order confirmation pages
...
payment.html - card / cash choice with inline SVG icons; both simulate payment (MVP)
confirmation.html - order number WK-<base36 timestamp>, cart cleared on load,
new-order button resets flow to index.html
2026-05-09 07:59:45 +00:00
Imugiii
c517b16569
feat(front): cart page with quantity controls and TVA breakdown
...
Displays line items with - / + controls and delete button.
TVA 10% (restauration FR 2024, simplified).
TODO in P3: verify rate with accountant (sur-place vs a-emporter + product type).
Abandon button clears cart and returns to categories.
2026-05-09 07:59:40 +00:00
Imugiii
cd6e05c353
feat(front): products list and product detail pages
...
products.html - dynamic grid from ?category=<id>, JS fetch from data/produits.json
product.html - detail view; menus show fixed composition note (MVP: no selection)
Both pages: cart badge, mode badge, keyboard/RGAA accessible cards
2026-05-09 07:59:35 +00:00
Imugiii
43b6e7a309
feat(front): vanilla JS state management, data loader, and nav helpers
...
state.js - cart (localStorage) + mode + price formatting in centimes
data.js - fetch wrapper over static JSON with in-memory cache; P4 swap points marked
nav.js - mode badge injection and cart count badge across pages
2026-05-09 07:59:31 +00:00
Imugiii
6f5daca679
feat(front): copy school JSON sources to public/data for static fetch fallback
...
Normalizes produits.json:
- Prix converted from float EUR to integer centimes
- Image paths rewritten to match actual filesystem (lowercase, dashes)
- Added type field ('produit'|'menu') on each entry
- Added slug field to categories.json
In P4, swap fetch URLs in assets/js/data.js (marked with TODO comments).
2026-05-09 07:59:26 +00:00
Imugiii
71c863d2b2
feat(front): borne welcome screen and category list scaffold using school assets
...
- Welcome screen (index.html): background photo, white card, Sur Place / A Emporter
choice buttons with verified school illustrations; pure HTML <a> navigation, no JS
- Category grid (categories.html): 9 categories from categories.json rendered as 3-col
card grid with verified category images; stub links to products.html?category=<id>
- Design system CSS (assets/css/style.css): CSS custom properties for brand yellow
#FFC72C, spacing scale, border-radius, shadows extracted from maquette PDF;
BEM-style component classes; WCAG AA focus-visible rings; kiosk portrait 1080px primary
2026-05-09 07:12:55 +00:00
Imugiii
b8f7d35064
feat(stubs): unblock 403 with kiosk and admin index pages, plus FastCGI fixes
...
Three changes bundled because the stubs surfaced two pre-existing infra bugs
that had never been hit (the smoke test only exercised PHP via 'docker exec',
not via the full Apache->PHP-FPM FastCGI path).
- src/public/borne/index.html : minimal HTML stub for the kiosk vhost
(200 OK with the imported logo)
- src/public/admin/index.php : minimal PHP stub that proves the full
FastCGI chain works end-to-end (renders PHP_VERSION + current timestamp)
- docker/apache/vhost.conf : add 'DirectoryIndex index.php index.html' on
the admin vhost. Without it, hitting / returned 403 because the default
Apache DirectoryIndex is index.html only, and the existing RewriteRule
did not apply to the directory request (\!-d cond was false).
- docker/php-fpm/www.conf : comment out 'listen.allowed_clients = any'.
PHP-FPM 8.3 rejects 'any' with 'Wrong IP address' and ends up dropping
every connection from Apache. With the directive absent, all connections
are accepted, which is acceptable in our isolated Docker network.
2026-04-30 13:07:12 +00:00
Imugiii
24e733bcbc
chore(assets): import school source data and normalize visual assets
...
- docs/merise/_sources/ : raw JSON sources (categories + produits)
preserved unchanged for jury traceability, plus provenance note
documenting 7 typos in image refs and gaps to address at the MCD
phase (no FK, float prices, missing menu composition, etc.)
- docs/design/ : Figma maquette PDF (renamed without accent) plus
README pointing to the live Figma URL
- src/public/borne/assets/images/ : 71 visual assets (53 produits +
9 categories + 9 UI) normalized to kebab-case lowercase to avoid
the case-sensitive Linux pitfall in Docker production
The 'wacdo' naming from the school brief is preserved only inside
docs/merise/_sources/ for traceability. The rest of the project keeps
the canonical 'Wakdo' naming.
TODO P1: rename cheesecake-choconuts-m&m-s.png (the & breaks URLs
without percent-encoding); will be fixed during seed normalization.
2026-04-30 12:43:14 +00:00
