User profile photo and access : Ajout des photos de profil, profils publics, administration, contrôle d'accès et pages d'erreur#39
Merged
Conversation
…le page — `.actions` is removed in favor of a simple `.logout-form`, and `.back-link` remains the only navigation link. HTML is simplified and CSS cleaned up and reduced
…rs/<username>. Author names link to these profiles, sensitive fields are restricted to owners or admins, backend adds username lookup and a profile view, templates update author links and visibility rules, CSS adjusts author styling and tests cover profile access and link presence
…Introduces `avatar_file_id` across the account layers, adds a POST /api/profile/photo upload endpoint with FileService, updates the profile template with avatar display and upload UI, includes a new migration, updates ORM and repository code and adds tests for upload handling and avatar persistence
…file_id` through the comment domain model, tree‑building logic, DTOs and templates so each comment can display the author's profile photo, falling back to an initial when absent. CSS adds comment‑avatar styles and tests cover avatar presence, absence and nested tree propagation
…author_avatar_file_id` through the article stack so list and detail views can show the author’s profile photo, with an initial fallback. Templates add avatar images, CSS updates author styling and tests cover both avatar cases
… plain text with no hover. The template replaces the link with a `<span>` for deleted/anonymous authors and CSS removes hover effects inside `.comment-deleted`
… a POST /profile/photo/delete endpoint with CSRF‑protected form, updates backend to accept nullable `avatar_file_id`, adds the Flask removal handler, updates the profile template and CSS for the remove button, extends JS for deletion and adds corresponding tests
…e page mobile layout. Introduces an admin‑only /admin/users table with full hexagonal support, improves profile actions with a flex layout and mobile stacking and standardizes avatar button width and line‑height. Tests cover admin access and get_all behavior
…on to primary action. The Upload Photo button loses its secondary style and becomes the main filled button, while Remove Photo stays as the secondary outline action
…When a user uploads a new profile photo, the previous avatar file is removed from storage to avoid orphaned records. The new upload is unaffected, failures only trigger a logged warning. Tests verify that re‑uploading replaces the old avatar correctly
… photo lifecycle. Covers uploading a new avatar (old file removed, account updated), then removing it (avatar_file_id cleared, file deleted). Implemented in `TestProfilePhoto` within `test_account_integration.py`
…er-compose.yml`. Replaces deprecated `flyway/flyway:11` images with `flyway/flyway:12` for both prod and test services to restore availability and keep migrations functional
…it page is blocked by combining an ownership check (only admins or the article’s author can open the edit form) with `Cache‑Control: no-store` on all HTML pages to prevent cached edit views from reappearing via the back button. Uploaded files keep immutable caching. Tests validate access control and caching behavior
…dmin user list. It filters table rows instantly by username or email (case‑insensitive) using a small JS script, with no server calls. Template gains the search input and script tag, CSS adds search bar styling, and a new `user-search.js` handles real‑time filtering
… and 500. A single `error.html` template renders the code, message and home link, with `.error-card` styling. Flask registers three handlers via `_error_page()`. Integration tests confirm the 403 page uses the custom layout
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Contexte global de la branche
Cette PR ajoute la gestion complète des photos de profil (upload, affichage, suppression), les pages de profil public, une page d'administration, le contrôle d'accès sur l'édition et des pages d'erreur personnalisées.
Détail des changements
1. Pages de profil public
2. Photos de profil
3. Commentaires anonymes
4. Page d'administration
5. Contrôle d'accès
6. Pages d'erreur
7. Infrastructure