nodebb-plugin-equipment-calendar 0.4.1 → 0.5.0

package/library.js

@@ -25,6 +25,10 @@ const DEFAULT_SETTINGS = {
   notifyGroup: 'administrators',
   // JSON array of items: [{ "id": "cam1", "name": "Caméra A", "priceCents": 5000, "location": "Stock A", "active": true }]
   itemsJson: '[]',
+  itemsSource: 'manual',
+  ha_itemsFormType: '',
+  ha_itemsFormSlug: '',
+  ha_locationMapJson: '{}',
   // HelloAsso
   ha_clientId: '',
   ha_clientSecret: '',
@@ -38,6 +42,109 @@ const DEFAULT_SETTINGS = {
   showRequesterToAll: '0', // 0/1
 };
 
+
+function parseLocationMap(locationMapJson) {
+  try {
+    const obj = JSON.parse(locationMapJson || '{}');
+    return (obj && typeof obj === 'object') ? obj : {};
+  } catch (e) {
+    return {};
+  }
+}
+
+let haTokenCache = null; // { accessToken, refreshToken, expMs }
+
+async function getHelloAssoAccessToken(settings) {
+  const now = Date.now();
+  if (haTokenCache && haTokenCache.accessToken && haTokenCache.expMs && now < haTokenCache.expMs - 30_000) {
+    return haTokenCache.accessToken;
+  }
+
+  const tokenKey = 'equipmentCalendar:ha:token';
+  let stored = null;
+  try {
+    stored = await db.getObject(tokenKey);
+  } catch (e) {}
+
+  // If refresh token exists and not expired locally, try refresh flow first
+  const canRefresh = stored && stored.refresh_token;
+  const useRefresh = canRefresh && stored.refresh_expires_at && now < parseInt(stored.refresh_expires_at, 10);
+
+  const formBody = new URLSearchParams();
+  if (useRefresh) {
+    formBody.set('grant_type', 'refresh_token');
+    formBody.set('refresh_token', stored.refresh_token);
+  } else {
+    formBody.set('grant_type', 'client_credentials');
+    formBody.set('client_id', String(settings.ha_clientId || ''));
+    formBody.set('client_secret', String(settings.ha_clientSecret || ''));
+  }
+
+  const resp = await fetch('https://api.helloasso.com/oauth2/token', {
+    method: 'POST',
+    headers: { 'content-type': 'application/x-www-form-urlencoded' },
+    body: formBody.toString(),
+  });
+  if (!resp.ok) {
+    const t = await resp.text();
+    throw new Error(`HelloAsso token error: ${resp.status} ${t}`);
+  }
+  const json = await resp.json();
+  const accessToken = json.access_token;
+  const refreshToken = json.refresh_token;
+
+  const expiresIn = parseInt(json.expires_in, 10) || 0;
+  const expMs = now + (expiresIn * 1000);
+
+  // Per docs, refresh token is valid ~30 days and rotates; keep a conservative expiry (29 days)
+  const refreshExpMs = now + (29 * 24 * 60 * 60 * 1000);
+
+  haTokenCache = { accessToken, refreshToken, expMs };
+
+  try {
+    await db.setObject(tokenKey, {
+      refresh_token: refreshToken || stored && stored.refresh_token || '',
+      refresh_expires_at: String(refreshExpMs),
+    });
+  } catch (e) {}
+
+  return accessToken;
+}
+
+async function fetchHelloAssoItems(settings) {
+  const org = String(settings.ha_organizationSlug || '').trim();
+  const formType = String(settings.ha_itemsFormType || '').trim();
+  const formSlug = String(settings.ha_itemsFormSlug || '').trim();
+  if (!org || !formType || !formSlug) return [];
+
+  const cacheKey = `equipmentCalendar:ha:items:${org}:${formType}:${formSlug}`;
+  const cache = await db.getObject(cacheKey);
+  const now = Date.now();
+  if (cache && cache.payload && cache.expiresAt && now < parseInt(cache.expiresAt, 10)) {
+    try {
+      return JSON.parse(cache.payload);
+    } catch (e) {}
+  }
+
+  const token = await getHelloAssoAccessToken(settings);
+  const url = `https://api.helloasso.com/v5/organizations/${encodeURIComponent(org)}/forms/${encodeURIComponent(formType)}/${encodeURIComponent(formSlug)}/items`;
+  const resp = await fetch(url, { headers: { authorization: `Bearer ${token}` } });
+  if (!resp.ok) {
+    const t = await resp.text();
+    throw new Error(`HelloAsso items error: ${resp.status} ${t}`);
+  }
+  const json = await resp.json();
+  // API responses are usually { data: [...] } but keep it flexible
+  const list = Array.isArray(json) ? json : (Array.isArray(json.data) ? json.data : []);
+
+  // cache 15 minutes
+  try {
+    await db.setObject(cacheKey, { payload: JSON.stringify(list), expiresAt: String(now + 15 * 60 * 1000) });
+  } catch (e) {}
+
+  return list;
+}
+
 function parseItems(itemsJson) {
   try {
     const arr = JSON.parse(itemsJson || '[]');
@@ -54,6 +161,36 @@ function parseItems(itemsJson) {
   }
 }
 
+async function getActiveItems(settings) {
+  const source = String(settings.itemsSource || 'manual');
+  if (source === 'helloasso') {
+    const rawItems = await fetchHelloAssoItems(settings);
+    const locMap = parseLocationMap(settings.ha_locationMapJson);
+    return (rawItems || []).map((it) => {
+      const id = String(it.id || it.itemId || it.reference || it.slug || it.name || '').trim();
+      const name = String(it.name || it.label || it.title || id).trim();
+      // Price handling is not displayed in the public calendar, keep a field if you want later
+      const price =
+        (it.price && (it.price.value || it.price.amount)) ||
+        (it.amount && (it.amount.value || it.amount)) ||
+        it.price;
+      const priceCents = typeof price === 'number' ? price : 0;
+
+      return {
+        id: id || name,
+        name,
+        location: String(locMap[id] || ''),
+        priceCents,
+        active: true,
+        source: 'helloasso',
+      };
+    }).filter(i => i.id);
+  }
+
+  // manual
+  return parseItems(settings.itemsJson).filter(i => i.active);
+}
+
 async function getSettings() {
   const settings = await meta.settings.get(SETTINGS_KEY);
   return { ...DEFAULT_SETTINGS, ...(settings || {}) };
@@ -74,6 +211,8 @@ function statusBlocksItem(status) {
   return ['pending', 'approved_waiting_payment', 'paid_validated'].includes(status);
 }
 
+
+
 async function saveReservation(res) {
   await db.setObject(resKey(res.id), res);
   await db.sortedSetAdd(itemIndexKey(res.itemId), res.startMs, res.id);
@@ -312,8 +451,14 @@ plugin.init = async function (params) {
   // Admin (ACP) routes
   if (mid && mid.admin) {
     router.get('/admin/plugins/equipment-calendar', middleware.applyCSRF, mid.admin.buildHeader, renderAdminPage);
+    router.get('/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, mid.admin.buildHeader, renderAdminReservationsPage);
+    router.get('/api/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, renderAdminReservationsPage);
     router.get('/api/admin/plugins/equipment-calendar', middleware.applyCSRF, renderAdminPage);
     router.post('/admin/plugins/equipment-calendar/save', middleware.applyCSRF, handleAdminSave);
+    router.post('/admin/plugins/equipment-calendar/purge', middleware.applyCSRF, handleAdminPurge);
+    router.post('/admin/plugins/equipment-calendar/reservations/:rid/approve', middleware.applyCSRF, handleAdminApprove);
+    router.post('/admin/plugins/equipment-calendar/reservations/:rid/reject', middleware.applyCSRF, handleAdminReject);
+    router.post('/admin/plugins/equipment-calendar/reservations/:rid/delete', middleware.applyCSRF, handleAdminDelete);
   }
 
   // Convenience alias (optional): /calendar -> /equipment/calendar
@@ -394,15 +539,143 @@ plugin.addAdminNavigation = async function (header) {
 plugin.addAdminRoutes = async function (params) {
   const { router, middleware: mid } = params;
   router.get('/admin/plugins/equipment-calendar', middleware.applyCSRF, mid.admin.buildHeader, renderAdminPage);
+    router.get('/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, mid.admin.buildHeader, renderAdminReservationsPage);
+    router.get('/api/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, renderAdminReservationsPage);
   router.get('/api/admin/plugins/equipment-calendar', middleware.applyCSRF, renderAdminPage);
 };
 
+
+async function renderAdminReservationsPage(req, res) {
+  if (!(await ensureIsAdmin(req, res))) return;
+
+  const settings = await getSettings();
+  const items = await getActiveItems(settings);
+  const itemById = {};
+  items.forEach(it => { itemById[it.id] = it; });
+
+  const status = String(req.query.status || ''); // optional filter
+  const itemId = String(req.query.itemId || ''); // optional filter
+  const q = String(req.query.q || '').trim();    // search rid/user/notes
+
+  const page = Math.max(1, parseInt(req.query.page, 10) || 1);
+  const perPage = Math.min(100, Math.max(10, parseInt(req.query.perPage, 10) || 50));
+
+  const allRids = await db.getSortedSetRevRange('equipmentCalendar:reservations', 0, -1);
+  const totalAll = allRids.length;
+
+  const rows = [];
+  for (const rid of allRids) {
+    // eslint-disable-next-line no-await-in-loop
+    const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
+    if (!r || !r.rid) continue;
+
+    if (status && String(r.status) !== status) continue;
+    if (itemId && String(r.itemId) !== itemId) continue;
+
+    const notes = String(r.notesUser || '');
+    const ridStr = String(r.rid || rid);
+    if (q) {
+      const hay = (ridStr + ' ' + String(r.uid || '') + ' ' + notes).toLowerCase();
+      if (!hay.includes(q.toLowerCase())) continue;
+    }
+
+    const startMs = parseInt(r.startMs, 10) || 0;
+    const endMs = parseInt(r.endMs, 10) || 0;
+    const createdAt = parseInt(r.createdAt, 10) || 0;
+
+    rows.push({
+      rid: ridStr,
+      itemId: String(r.itemId || ''),
+      itemName: (itemById[String(r.itemId || '')] && itemById[String(r.itemId || '')].name) || String(r.itemId || ''),
+      uid: String(r.uid || ''),
+      status: String(r.status || ''),
+      start: startMs ? new Date(startMs).toISOString() : '',
+      end: endMs ? new Date(endMs).toISOString() : '',
+      createdAt: createdAt ? new Date(createdAt).toISOString() : '',
+      notesUser: notes,
+    });
+  }
+
+  const total = rows.length;
+  const totalPages = Math.max(1, Math.ceil(total / perPage));
+  const safePage = Math.min(page, totalPages);
+  const startIndex = (safePage - 1) * perPage;
+  const pageRows = rows.slice(startIndex, startIndex + perPage);
+
+  const itemOptions = [{ id: '', name: 'Tous' }].concat(items.map(i => ({ id: i.id, name: i.name })));
+  const statusOptions = [
+    { id: '', name: 'Tous' },
+    { id: 'pending', name: 'pending' },
+    { id: 'approved', name: 'approved' },
+    { id: 'paid', name: 'paid' },
+    { id: 'rejected', name: 'rejected' },
+    { id: 'cancelled', name: 'cancelled' },
+  ];
+
+  res.render('admin/plugins/equipment-calendar-reservations', {
+    title: 'Equipment Calendar - Réservations',
+    settings,
+    rows: pageRows,
+    hasRows: pageRows.length > 0,
+    itemOptions: itemOptions.map(o => ({ ...o, selected: o.id === itemId })),
+    statusOptions: statusOptions.map(o => ({ ...o, selected: o.id === status })),
+    q,
+    page: safePage,
+    perPage,
+    total,
+    totalAll,
+    totalPages,
+    prevPage: safePage > 1 ? safePage - 1 : 0,
+    nextPage: safePage < totalPages ? safePage + 1 : 0,
+    actionBase: '/admin/plugins/equipment-calendar/reservations',
+  });
+}
+
+async function handleAdminApprove(req, res) {
+  if (!(await ensureIsAdmin(req, res))) return;
+  const rid = String(req.params.rid || '').trim();
+  if (!rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
+
+  const key = `equipmentCalendar:reservation:${rid}`;
+  const r = await db.getObject(key);
+  if (!r || !r.rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
+
+  r.status = 'approved';
+  await db.setObject(key, r);
+
+  return res.redirect('/admin/plugins/equipment-calendar/reservations?updated=1');
+}
+
+async function handleAdminReject(req, res) {
+  if (!(await ensureIsAdmin(req, res))) return;
+  const rid = String(req.params.rid || '').trim();
+  if (!rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
+
+  const key = `equipmentCalendar:reservation:${rid}`;
+  const r = await db.getObject(key);
+  if (!r || !r.rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
+
+  r.status = 'rejected';
+  await db.setObject(key, r);
+
+  return res.redirect('/admin/plugins/equipment-calendar/reservations?updated=1');
+}
+
+async function handleAdminDelete(req, res) {
+  if (!(await ensureIsAdmin(req, res))) return;
+  const rid = String(req.params.rid || '').trim();
+  if (!rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
+  await deleteReservation(rid);
+  return res.redirect('/admin/plugins/equipment-calendar/reservations?updated=1');
+}
+
 async function renderAdminPage(req, res) {
   const settings = await getSettings();
   res.render('admin/plugins/equipment-calendar', {
     title: 'Equipment Calendar',
     settings,
     saved: req.query && String(req.query.saved || '') === '1',
+    purged: req.query && parseInt(req.query.purged, 10) || 0,
     view_dayGridMonth: (settings.defaultView || 'dayGridMonth') === 'dayGridMonth',
     view_timeGridWeek: (settings.defaultView || '') === 'timeGridWeek',
     view_timeGridDay: (settings.defaultView || '') === 'timeGridDay',
@@ -413,7 +686,7 @@ async function renderAdminPage(req, res) {
 // --- Calendar page ---
 async function renderCalendarPage(req, res) {
   const settings = await getSettings();
-  const items = parseItems(settings.itemsJson).filter(i => i.active);
+  const items = await getActiveItems(settings);
 
   const tz = settings.timezone || 'Europe/Paris';
 
@@ -494,6 +767,79 @@ async function renderCalendarPage(req, res) {
 
 
 // --- Approvals page ---
+
+
+
+async function notifyApprovers(reservations, settings) {
+  const groupName = (settings.notifyGroup || settings.approverGroup || 'administrators').trim();
+  if (!groupName) return;
+
+  const rid = reservations[0] && (reservations[0].rid || reservations[0].id) || '';
+  const path = '/equipment/approvals';
+
+  // In-app notification (NodeBB notifications)
+  try {
+    const Notifications = require.main.require('./src/notifications');
+    const notif = await Notifications.create({
+      bodyShort: 'Nouvelle demande de réservation',
+      bodyLong: 'Une nouvelle demande de réservation est en attente de validation.',
+      nid: 'equipment-calendar:' + rid,
+      path,
+    });
+    if (Notifications.pushGroup) {
+      await Notifications.pushGroup(notif, groupName);
+    }
+  } catch (e) {
+    // ignore
+  }
+
+  // Direct email to members of notifyGroup (uses NodeBB Emailer + your SMTP/emailer plugin)
+  try {
+    const Emailer = require.main.require('./src/emailer');
+    const uids = await groups.getMembers(groupName, 0, -1);
+    if (!uids || !uids.length) return;
+
+    // Build a short summary
+    const items = await getActiveItems(await getSettings());
+    const nameById = {};
+    items.forEach(i => { nameById[i.id] = i.name; });
+
+    const start = new Date(reservations[0].startMs).toISOString();
+    const end = new Date(reservations[0].endMs).toISOString();
+    const itemList = reservations.map(r => nameById[r.itemId] || r.itemId).join(', ');
+
+    // Use a core template ('notification') that exists in NodeBB installs
+    // Params vary a bit by version; we provide common fields.
+    const params = {
+      subject: '[Réservation] Nouvelle demande en attente',
+      intro: 'Une nouvelle demande de réservation a été créée.',
+      body: `Matériel: ${itemList}\nDébut: ${start}\nFin: ${end}\nVoir: ${path}`,
+      notification_url: path,
+      url: path,
+      // Some templates use "site_title" etc but NodeBB will inject globals
+    };
+
+    for (const uid of uids) {
+      // eslint-disable-next-line no-await-in-loop
+      const email = await user.getUserField(uid, 'email');
+      if (!email) continue;
+
+      // eslint-disable-next-line no-await-in-loop
+      const lang = (await user.getUserField(uid, 'language')) || 'fr';
+      if (Emailer.sendToEmail) {
+        // eslint-disable-next-line no-await-in-loop
+        await Emailer.sendToEmail('notification', email, lang, params);
+      } else if (Emailer.send) {
+        // Some NodeBB versions use Emailer.send(template, uid/email, params)
+        // eslint-disable-next-line no-await-in-loop
+        await Emailer.send('notification', uid, params);
+      }
+    }
+  } catch (e) {
+    // ignore email errors to not block reservation flow
+  }
+}
+
 async function renderApprovalsPage(req, res) {
   const settings = await getSettings();
   const ok = req.uid ? await canApprove(req.uid, settings) : false;
@@ -542,6 +888,36 @@ async function renderApprovalsPage(req, res) {
 }
 
 // --- Actions ---
+
+async function createReservationForItem(req, res, settings, itemId, startMs, endMs, notesUser) {
+  const items = await getActiveItems(settings);
+  const item = items.find(i => i.id === itemId);
+  if (!item) {
+    throw new Error('Unknown item: ' + itemId);
+  }
+  // Reject if overlaps any blocking reservation
+  const overlapsBlocking = await hasOverlap(itemId, startMs, endMs);
+  if (overlapsBlocking) {
+    const err = new Error('Item not available: ' + itemId);
+    err.code = 'ITEM_UNAVAILABLE';
+    throw err;
+  }
+  const rid = generateId();
+  const data = {
+    id: rid,
+    rid,
+    itemId,
+    uid: req.uid,
+    startMs,
+    endMs,
+    status: 'pending',
+    notesUser: notesUser || '',
+    createdAt: Date.now(),
+  };
+  await saveReservation(data);
+  return data;
+}
+
 async function handleCreateReservation(req, res) {
   try {
     const settings = await getSettings();
@@ -549,8 +925,12 @@ async function handleCreateReservation(req, res) {
       return helpers.notAllowed(req, res);
     }
 
-    const items = parseItems(settings.itemsJson).filter(i => i.active);
-    const itemId = String(req.body.itemId || '').trim();
+    const items = await getActiveItems(settings);
+    const itemIdsRaw = String(req.body.itemIds || req.body.itemId || '').trim();
+  const itemIds = itemIdsRaw.split(',').map(s => s.trim()).filter(Boolean);
+  if (!itemIds.length) {
+    return res.status(400).send('itemId required');
+  }
     const item = items.find(i => i.id === itemId);
     if (!item) return res.status(400).send('Invalid item');
 
@@ -685,6 +1065,86 @@ async function handleRejectReservation(req, res) {
 }
 
 
+
+
+async function ensureIsAdmin(req, res) {
+  const isAdmin = req.uid ? await groups.isMember(req.uid, 'administrators') : false;
+  if (!isAdmin) {
+    helpers.notAllowed(req, res);
+    return false;
+  }
+  return true;
+}
+
+async function deleteReservation(rid) {
+  const key = `equipmentCalendar:reservation:${rid}`;
+  const data = await db.getObject(key);
+  if (data && data.itemId) {
+    await db.sortedSetRemove(`equipmentCalendar:item:${data.itemId}:reservations`, rid);
+  }
+  await db.delete(key);
+  await db.sortedSetRemove('equipmentCalendar:reservations', rid);
+}
+
+async function handleAdminPurge(req, res) {
+  try {
+    const isAdmin = req.uid ? await groups.isMember(req.uid, 'administrators') : false;
+    if (!isAdmin) {
+      return helpers.notAllowed(req, res);
+    }
+
+    const mode = String(req.body.mode || 'nonblocking'); // nonblocking|olderThan|all
+    const olderThanDays = parseInt(req.body.olderThanDays, 10);
+
+    // Load all reservation ids
+    const rids = await db.getSortedSetRange('equipmentCalendar:reservations', 0, -1);
+    let deleted = 0;
+
+    const now = Date.now();
+    for (const rid of rids) {
+      // eslint-disable-next-line no-await-in-loop
+      const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
+      if (!r || !r.rid) {
+        // eslint-disable-next-line no-await-in-loop
+        await db.sortedSetRemove('equipmentCalendar:reservations', rid);
+        continue;
+      }
+
+      const status = String(r.status || '');
+      const createdAt = parseInt(r.createdAt, 10) || 0;
+      const startMs = parseInt(r.startMs, 10) || 0;
+      const endMs = parseInt(r.endMs, 10) || 0;
+
+      let shouldDelete = false;
+
+      if (mode === 'all') {
+        shouldDelete = true;
+      } else if (mode === 'olderThan') {
+        const days = Number.isFinite(olderThanDays) ? olderThanDays : 0;
+        if (days > 0) {
+          const cutoff = now - days * 24 * 60 * 60 * 1000;
+          // use createdAt if present, otherwise startMs
+          const t = createdAt || startMs || endMs;
+          shouldDelete = t > 0 && t < cutoff;
+        }
+      } else {
+        // nonblocking cleanup: delete rejected/cancelled only
+        shouldDelete = (status === 'rejected' || status === 'cancelled');
+      }
+
+      if (shouldDelete) {
+        // eslint-disable-next-line no-await-in-loop
+        await deleteReservation(rid);
+        deleted++;
+      }
+    }
+
+    return res.redirect(`/admin/plugins/equipment-calendar?saved=1&purged=${deleted}`);
+  } catch (e) {
+    return res.status(500).send(e.message || 'error');
+  }
+}
+
 async function handleAdminSave(req, res) {
   try {
     // Simple admin check (avoid relying on client-side require/settings)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-equipment-calendar",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "Equipment reservation calendar for NodeBB (FullCalendar, approvals, HelloAsso payments)",
   "main": "library.js",
   "scripts": {

package/plugin.json

@@ -26,6 +26,6 @@
   "scripts": [
     "public/js/client.js"
   ],
-  "version": "0.2.5",
+  "version": "0.3.1",
   "minver": "4.7.1"
 }

package/public/js/client.js

@@ -39,7 +39,7 @@
 
     const startInput = form.querySelector('input[name="start"]');
     const endInput = form.querySelector('input[name="end"]');
-    const itemInput = form.querySelector('input[name="itemId"]');
+    const itemInput = form.querySelector('input[name="itemIds"]');
     const notesInput = form.querySelector('input[name="notesUser"]');
 
     if (startInput) startInput.value = startISO;
@@ -84,8 +84,8 @@
         <input class="form-control" type="text" value="${fmt(endDate)}" readonly>
       </div>
       <div class="mb-3">
-        <label class="form-label">Matériel</label>
-        <select class="form-select" id="ec-modal-item">
+        <label class="form-label">Matériel (Ctrl/Cmd pour multi-sélection)</label>
+        <select class="form-select" id="ec-modal-item" multiple size="6">
           ${optionsHtml}
         </select>
       </div>
@@ -116,9 +116,13 @@
           callback: function () {
             const itemEl = document.getElementById('ec-modal-item');
             const notesEl = document.getElementById('ec-modal-notes');
-            const itemId = itemEl ? itemEl.value : available[0].id;
+            let ids = [];
+            if (itemEl && itemEl.options) {
+              for (const opt of itemEl.options) { if (opt.selected) ids.push(opt.value); }
+            }
+            if (!ids.length) ids = [available[0].id];
             const notes = notesEl ? notesEl.value : '';
-            submitReservation(startDate.toISOString(), endDate.toISOString(), itemId, notes);
+            submitReservation(startDate.toISOString(), endDate.toISOString(), ids.join(','), notes);
           }
         }
       }

package/public/templates/admin/plugins/equipment-calendar-reservations.tpl

@@ -0,0 +1,104 @@
+<div class="acp-page-container">
+  <div class="d-flex align-items-center justify-content-between flex-wrap gap-2">
+    <h1 class="mb-0">Equipment Calendar</h1>
+    <div class="btn-group">
+      <a class="btn btn-outline-secondary" href="/admin/plugins/equipment-calendar">Paramètres</a>
+      <a class="btn btn-secondary active" href="/admin/plugins/equipment-calendar/reservations">Réservations</a>
+    </div>
+  </div>
+
+  <form method="get" action="/admin/plugins/equipment-calendar/reservations" class="card card-body mt-3 mb-3">
+    <div class="row g-2 align-items-end">
+      <div class="col-md-3">
+        <label class="form-label">Statut</label>
+        <select class="form-select" name="status">
+          {{{ each statusOptions }}}
+            <option value="{statusOptions.id}" {{{ if statusOptions.selected }}}selected{{{ end }}}>{statusOptions.name}</option>
+          {{{ end }}}
+        </select>
+      </div>
+      <div class="col-md-4">
+        <label class="form-label">Matériel</label>
+        <select class="form-select" name="itemId">
+          {{{ each itemOptions }}}
+            <option value="{itemOptions.id}" {{{ if itemOptions.selected }}}selected{{{ end }}}>{itemOptions.name}</option>
+          {{{ end }}}
+        </select>
+      </div>
+      <div class="col-md-3">
+        <label class="form-label">Recherche</label>
+        <input class="form-control" name="q" value="{q}" placeholder="rid, uid, note">
+      </div>
+      <div class="col-md-2">
+        <button class="btn btn-primary w-100" type="submit">Filtrer</button>
+      </div>
+    </div>
+  </form>
+
+  <div class="text-muted small mb-2">
+    Total (filtré) : <strong>{total}</strong> — Total (global) : <strong>{totalAll}</strong>
+  </div>
+
+  {{{ if hasRows }}}
+  <div class="table-responsive">
+    <table class="table table-striped align-middle">
+      <thead>
+        <tr>
+          <th>RID</th>
+          <th>Matériel</th>
+          <th>UID</th>
+          <th>Début</th>
+          <th>Fin</th>
+          <th>Statut</th>
+          <th>Créé</th>
+          <th>Note</th>
+          <th>Actions</th>
+        </tr>
+      </thead>
+      <tbody>
+        {{{ each rows }}}
+        <tr>
+          <td><code>{rows.rid}</code></td>
+          <td>{rows.itemName}</td>
+          <td>{rows.uid}</td>
+          <td><small>{rows.start}</small></td>
+          <td><small>{rows.end}</small></td>
+          <td><code>{rows.status}</code></td>
+          <td><small>{rows.createdAt}</small></td>
+          <td><small>{rows.notesUser}</small></td>
+          <td class="text-nowrap">
+            <form method="post" action="/admin/plugins/equipment-calendar/reservations/{rows.rid}/approve" class="d-inline">
+              <input type="hidden" name="_csrf" value="{config.csrf_token}">
+              <button class="btn btn-sm btn-success" type="submit">Approve</button>
+            </form>
+            <form method="post" action="/admin/plugins/equipment-calendar/reservations/{rows.rid}/reject" class="d-inline ms-1">
+              <input type="hidden" name="_csrf" value="{config.csrf_token}">
+              <button class="btn btn-sm btn-warning" type="submit">Reject</button>
+            </form>
+            <form method="post" action="/admin/plugins/equipment-calendar/reservations/{rows.rid}/delete" class="d-inline ms-1" onsubmit="return confirm('Supprimer définitivement ?');">
+              <input type="hidden" name="_csrf" value="{config.csrf_token}">
+              <button class="btn btn-sm btn-danger" type="submit">Delete</button>
+            </form>
+          </td>
+        </tr>
+        {{{ end }}}
+      </tbody>
+    </table>
+  </div>
+
+  <div class="d-flex justify-content-between align-items-center mt-3">
+    <div>Page {page} / {totalPages}</div>
+    <div class="btn-group">
+      {{{ if prevPage }}}
+      <a class="btn btn-outline-secondary" href="/admin/plugins/equipment-calendar/reservations?page={prevPage}&perPage={perPage}">Précédent</a>
+      {{{ end }}}
+      {{{ if nextPage }}}
+      <a class="btn btn-outline-secondary" href="/admin/plugins/equipment-calendar/reservations?page={nextPage}&perPage={perPage}">Suivant</a>
+      {{{ end }}}
+    </div>
+  </div>
+
+  {{{ else }}}
+    <div class="alert alert-info">Aucune réservation trouvée.</div>
+  {{{ end }}}
+</div>

package/public/templates/admin/plugins/equipment-calendar.tpl

@@ -1,5 +1,11 @@
 <div class="acp-page-container">
-  <h1>Equipment Calendar</h1>
+  <div class="d-flex align-items-center justify-content-between flex-wrap gap-2">
+  <h1 class="mb-0">Equipment Calendar</h1>
+  <div class="btn-group">
+    <a class="btn btn-secondary active" href="/admin/plugins/equipment-calendar">Paramètres</a>
+    <a class="btn btn-outline-secondary" href="/admin/plugins/equipment-calendar/reservations">Réservations</a>
+  </div>
+</div>
 
   {{{ if saved }}}
   <div class="alert alert-success">Paramètres enregistrés.</div>
@@ -49,7 +55,33 @@
 
     <div class="card card-body mb-3">
       <h5>Matériel</h5>
-      <textarea name="itemsJson" class="form-control" rows="10">{settings.itemsJson}</textarea>
+      <div class="mb-3">
+        <label class="form-label">Source</label>
+        <select class="form-select" name="itemsSource">
+          <option value="manual">Manuel (JSON)</option>
+          <option value="helloasso">HelloAsso (articles d’un formulaire)</option>
+        </select>
+        <div class="form-text">Si HelloAsso est choisi, la liste du matériel est récupérée via l’API HelloAsso (items d’un formulaire).</div>
+      </div>
+
+      <div class="mb-3">
+        <label class="form-label">HelloAsso formType (ex: shop, event, membership, donation)</label>
+        <input class="form-control" name="ha_itemsFormType" value="{settings.ha_itemsFormType}">
+      </div>
+      <div class="mb-3">
+        <label class="form-label">HelloAsso formSlug</label>
+        <input class="form-control" name="ha_itemsFormSlug" value="{settings.ha_itemsFormSlug}">
+      </div>
+      <div class="mb-3">
+        <label class="form-label">Mapping lieux (JSON) par id d’article HelloAsso</label>
+        <textarea class="form-control" rows="4" name="ha_locationMapJson">{settings.ha_locationMapJson}</textarea>
+        <div class="form-text">Ex: { "12345": "Local A", "67890": "Local B" }</div>
+      </div>
+
+      <div class="mb-3">
+        <label class="form-label">Matériel manuel (JSON) — utilisé uniquement si Source=Manuel</label>
+        <textarea name="itemsJson" class="form-control" rows="10">{settings.itemsJson}</textarea>
+      </div>
     </div>
 
     <div class="card card-body mb-3">
@@ -74,7 +106,47 @@
       <div class="mb-3"><label class="form-label">Timezone</label><input name="timezone" class="form-control" value="{settings.timezone}"></div>
     </div>
 
+    
+    <div class="card card-body mb-3">
+      <h5>Purge</h5>
+      <p class="text-muted mb-2">Supprime des réservations de la base (action irréversible).</p>
+
+      <div class="d-flex flex-wrap gap-2">
+        <button type="submit" class="btn btn-outline-danger" formaction="/admin/plugins/equipment-calendar/purge" formmethod="post" name="mode" value="nonblocking"
+          onclick="return confirm('Supprimer toutes les réservations refusées/annulées ?');">
+          Purger refusées/annulées
+        </button>
+
+        <div class="d-flex align-items-center gap-2">
+          <input class="form-control" style="max-width: 140px" type="number" min="1" name="olderThanDays" placeholder="Jours">
+          <button type="submit" class="btn btn-outline-danger" formaction="/admin/plugins/equipment-calendar/purge" formmethod="post" name="mode" value="olderThan"
+            onclick="return confirm('Supprimer les réservations plus anciennes que N jours ?');">
+            Purger plus anciennes que…
+          </button>
+        </div>
+
+        <button type="submit" class="btn btn-danger" formaction="/admin/plugins/equipment-calendar/purge" formmethod="post" name="mode" value="all"
+          onclick="return confirm('⚠️ Supprimer TOUTES les réservations ?');">
+          Tout purger
+        </button>
+      </div>
+
+      {{{ if purged }}}
+      <div class="alert alert-success mt-3">Purge effectuée : {purged} réservation(s) supprimée(s).</div>
+      <script>
+      (function () {
+        try {
+          if (window.app && window.app.alertSuccess) {
+            window.app.alertSuccess('Purge effectuée : {purged} réservation(s) supprimée(s).');
+          }
+        } catch (e) {}
+      }());
+      </script>
+      {{{ end }}}
+    </div>
+
     <button id="ec-save" class="btn btn-primary" type="button">Sauvegarder</button>
+
   </form>
 </div>
 

package/public/templates/equipment-calendar/calendar.tpl

@@ -18,7 +18,7 @@
     <input type="hidden" name="_csrf" value="{config.csrf_token}">
     <input type="hidden" name="start" value="">
     <input type="hidden" name="end" value="">
-    <input type="hidden" name="itemId" value="">
+    <input type="hidden" name="itemIds" value="">
     <input type="hidden" name="notesUser" value="">
   </form>
 </div>