[UPDATE] Update redis requirement from <8.0.0,>=5.3.0 to >=7.4.0,<8.0.0

Updates the requirements on [redis](https://github.com/redis/redis-py) to permit the latest version. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v5.3.0...v7.4.0) --- updated-dependencies: - dependency-name: redis dependency-version: 7.4.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
2026-04-24 12:13:11 +00:00 · 2026-04-13 08:40:19 +00:00
10 changed files with 35 additions and 245 deletions
@@ -16,7 +16,7 @@
 # details.
 #
 # You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
@@ -110,9 +110,7 @@ class Command(BaseCommand):
        p.save(force_lock=True)
        club_root = SithFile.objects.create(name="clubs", owner=root)
-        sas = SithFile.objects.create(
+        sas = SithFile.objects.create(name="SAS", owner=root)
            name="SAS", owner=root, id=settings.SITH_SAS_ROOT_DIR_ID
        )
        main_club = Club.objects.create(
            id=1, name="AE", address="6 Boulevard Anatole France, 90000 Belfort"
        )
@@ -131,9 +131,7 @@ class UserQuerySet(models.QuerySet):
        if user.has_perm("core.view_hidden_user"):
            return self
        if user.has_perm("core.view_user"):
-            return self.filter(
+            return self.filter(Q(is_viewable=True) | Q(whitelisted_users=user))
                Q(is_viewable=True) | Q(whitelisted_users=user) | Q(pk=user.pk)
            )
        if user.is_anonymous:
            return self.none()
        return self.filter(id=user.id)
@@ -886,10 +884,8 @@ class SithFile(models.Model):
        return self.get_parent_path() + "/" + self.name
    def save(self, *args, **kwargs):
-        sas_id = settings.SITH_SAS_ROOT_DIR_ID
+        sas = SithFile.objects.filter(id=settings.SITH_SAS_ROOT_DIR_ID).first()
-        self.is_in_sas = self.id == sas_id or any(
+        self.is_in_sas = sas in self.get_parent_list() or self == sas
            p.id == sas_id for p in self.get_parent_list()
        )
        adding = self._state.adding
        super().save(*args, **kwargs)
        if adding:
@@ -344,14 +344,3 @@ def test_quick_upload_image(
    assert (
        parsed["name"] == Path(file.name).stem[: QuickUploadImage.IMAGE_NAME_SIZE - 1]
    )
@pytest.mark.django_db
 def test_populated_sas_is_in_sas():
    """Test that, in the data generated by the populate command,
    the SAS has value is_in_sas=True.
    If it's not the case, it has no incidence in prod, but it's annoying
    in dev and may cause misunderstandings.
    """
    assert SithFile.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID).is_in_sas
@@ -410,20 +410,12 @@ class TestUserQuerySetViewableBy:
        assert set(viewable) == set(users)
    @pytest.mark.parametrize(
-        "user_factory",
+        "user_factory", [old_subscriber_user.make, subscriber_user.make]
        [
            old_subscriber_user.make,
            lambda: old_subscriber_user.make(is_viewable=False),
            subscriber_user.make,
            lambda: subscriber_user.make(is_viewable=False),
        ],
    )
-    def test_can_search(self, users: list[User], user_factory):
+    def test_subscriber(self, users: list[User], user_factory):
        user = user_factory()
-        viewable = User.objects.filter(
+        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
-            id__in=[u.id for u in [*users, user]]
+        assert set(viewable) == {users[0], users[1]}
        ).viewable_by(user)
        assert set(viewable) == {user, users[0], users[1]}
    def test_whitelist(self, users: list[User]):
        user = subscriber_user.make()
@@ -44,7 +44,7 @@ dependencies = [
    "django-honeypot>=1.3.0,<2",
    "pydantic-extra-types>=2.11.0,<3.0.0",
    "ical>=11.1.0,<12",
-    "redis[hiredis]>=5.3.0,<8.0.0",
+    "redis[hiredis]>=7.4.0,<8.0.0",
    "environs[django]>=14.5.0,<15.0.0",
    "requests>=2.32.5,<3.0.0",
    "honcho>=2.0.0",
@@ -1,22 +1,16 @@
-from pathlib import Path
+from typing import Any
 from typing import TYPE_CHECKING, Any
 from django import forms
 from django.core.exceptions import ValidationError
 from django.utils.translation import gettext_lazy as _
 from PIL import Image
 from core.models import User
 from core.utils import resize_image
 from core.views import MultipleImageField
 from core.views.forms import SelectDate
 from core.views.widgets.ajax_select import AutoCompleteSelectMultipleGroup
 from sas.models import Album, Picture, PictureModerationRequest
 from sas.widgets.ajax_select import AutoCompleteSelectAlbum
 if TYPE_CHECKING:
    from django.db.models.fields.files import FieldFile
 class AlbumCreateForm(forms.ModelForm):
    class Meta:
@@ -55,29 +49,14 @@ class AlbumEditForm(forms.ModelForm):
    class Meta:
        model = Album
        fields = ["name", "date", "file", "parent", "edit_groups"]
-        widgets = {"edit_groups": AutoCompleteSelectMultipleGroup, "date": SelectDate}
+        widgets = {
            "parent": AutoCompleteSelectAlbum,
            "edit_groups": AutoCompleteSelectMultipleGroup,
        }
    name = forms.CharField(max_length=Album.NAME_MAX_LENGTH, label=_("file name"))
    date = forms.DateField(label=_("Date"), widget=SelectDate, required=True)
    recursive = forms.BooleanField(label=_("Apply rights recursively"), required=False)
    parent = forms.ModelChoiceField(
        Album.objects.all(), required=True, widget=AutoCompleteSelectAlbum
    )
    def clean_file(self):
        # if a file was given in the form, resize it
        f: FieldFile = self.cleaned_data["file"]
        if self.errors or not f or "file" not in self.changed_data:
            return f
        f.file = resize_image(Image.open(f.file), 200, "WEBP")
        return f
    def save(self, commit=True):  # noqa: FBT002
        if self.instance.file:
            self.instance.file.name = str(Path(self.instance.name) / "thumb.webp")
        self.instance = super().save(commit=commit)
        if not self.instance.file:
            self.instance.generate_thumbnail()
        return self.instance
 class PictureModerationRequestForm(forms.ModelForm):
@@ -110,7 +110,7 @@ class Picture(SasFile):
    def get_absolute_url(self):
        return reverse("sas:picture", kwargs={"picture_id": self.id})
-    def generate_thumbnails(self):
+    def generate_thumbnails(self, *, overwrite=False):
        im = Image.open(BytesIO(self.file.read()))
        with contextlib.suppress(Exception):
            im = exif_auto_rotate(im)
@@ -126,6 +126,10 @@ class Picture(SasFile):
        file = resize_image(im, max(im.size), extension, optimize=False)
        thumb = resize_image(im, 200, "webp")
        compressed = resize_image(im, 1200, "webp")
        if overwrite:
            self.file.delete()
            self.thumbnail.delete()
            self.compressed.delete()
        new_extension_name = str(Path(self.name).with_suffix(".webp"))
        self.file = file
        self.file.name = self.name
@@ -241,15 +245,17 @@ class Album(SasFile):
        return reverse("sas:album_preview", kwargs={"album_id": self.id})
    def generate_thumbnail(self):
-        p = self.children_pictures.order_by("?").first() or (
+        p = (
-            self.children_albums.exclude(Q(file=None) | Q(file=""))
+            self.children_pictures.order_by("?").first()
            or self.children_albums.exclude(file=None)
            .exclude(file="")
            .order_by("?")
            .first()
        )
        if p and p.file:
            image = resize_image(Image.open(BytesIO(p.file.read())), 200, "webp")
            self.file = image
-            self.file.name = str(Path(self.name) / "thumb.webp")
+            self.file.name = f"{self.name}/thumb.webp"
            self.save()
@@ -2,19 +2,19 @@
  <a href="{{ url('sas:album', album_id=a.id) }}">
    {% if a.file %}
      {% set img = a.get_download_url() %}
-      {% set alt = a.name %}
+      {% set src = a.name %}
    {% elif a.children.filter(is_folder=False, is_moderated=True).exists() %}
      {% set picture = a.children.filter(is_folder=False).first().as_picture %}
      {% set img = picture.get_download_thumb_url()  %}
-      {% set alt = picture.name %}
+      {% set src = picture.name %}
    {% else %}
      {% set img = static('core/img/sas.jpg') %}
-      {% set alt = "sas.jpg" %}
+      {% set src = "sas.jpg" %}
    {% endif %}
    <div
      class="album{% if not a.is_moderated %} not_moderated{% endif %}"
    >
-      <img src="{{ img }}" alt="{{ alt }}" loading="lazy" />
+      <img src="{{ img }}" alt="{{ src }}" loading="lazy" />
      {% if not a.is_moderated %}
        <div class="overlay">&nbsp;</div>
        <div class="text">{% trans %}To be moderated{% endtrans %}</div>
@@ -20,14 +20,12 @@ from django.conf import settings
 from django.core.cache import cache
 from django.test import Client, TestCase
 from django.urls import reverse
 from django.utils.timezone import localdate
 from model_bakery import baker
 from pytest_django.asserts import assertHTMLEqual, assertInHTML, assertRedirects
 from core.baker_recipes import old_subscriber_user, subscriber_user
 from core.models import Group, User
 from sas.baker_recipes import picture_recipe
 from sas.forms import AlbumEditForm
 from sas.models import Album, Picture
 # Create your tests here.
@@ -66,25 +64,6 @@ def test_main_page_no_form_for_regular_users(client: Client):
    assert len(forms) == 0
@pytest.mark.django_db
 def test_main_page_displayed_albums(client: Client):
    """Test that the right data is displayed on the SAS main page"""
    sas = Album.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID)
    Album.objects.exclude(id=sas.id).delete()
    album_a = baker.make(Album, parent=sas, is_moderated=True)
    album_b = baker.make(Album, parent=album_a, is_moderated=True)
    album_c = baker.make(Album, parent=sas, is_moderated=True)
    baker.make(Album, parent=sas, is_moderated=False)
    client.force_login(subscriber_user.make())
    res = client.get(reverse("sas:main"))
    # album_b is not a direct child of the SAS, so it shouldn't be displayed
    # in the categories, but it should appear in the latest albums.
    # album_d isn't moderated, so it shouldn't appear at all for a simple user.
    # Also, the SAS itself shouldn't be listed in the albums.
    assert res.context_data["latest"] == [album_c, album_b, album_a]
    assert res.context_data["categories"] == [album_a, album_c]
@pytest.mark.django_db
 def test_main_page_content_anonymous(client: Client):
    """Test that public users see only an incentive to login"""
@@ -110,15 +89,6 @@ def test_album_access_non_subscriber(client: Client):
    assert res.status_code == 200
@pytest.mark.django_db
 def test_accessing_sas_from_album_view_is_404(client: Client):
    """Test that trying to see the SAS with a regular album view isn't allowed."""
    res = client.get(
        reverse("sas:album", kwargs={"album_id": settings.SITH_SAS_ROOT_DIR_ID})
    )
    assert res.status_code == 404
@pytest.mark.django_db
 class TestAlbumUpload:
    @staticmethod
@@ -163,140 +133,6 @@ class TestAlbumUpload:
        assert not album.children.exists()
@pytest.mark.django_db
 class TestAlbumEdit:
    @pytest.fixture
    def sas_root(self) -> Album:
        return Album.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID)
    @pytest.fixture
    def album(self) -> Album:
        return baker.make(
            Album, parent_id=settings.SITH_SAS_ROOT_DIR_ID, is_moderated=True
        )
    @pytest.mark.parametrize(
        "user",
        [None, lambda: baker.make(User), subscriber_user.make],
    )
    def test_permission_denied(
        self,
        client: Client,
        album: Album,
        user: Callable[[], User] | None,
    ):
        if user:
            client.force_login(user())
        url = reverse("sas:album_edit", kwargs={"album_id": album.pk})
        response = client.get(url)
        assert response.status_code == 403
        response = client.post(url)
        assert response.status_code == 403
    def test_sas_root_read_only(self, client: Client, sas_root: Album):
        moderator = baker.make(
            User, groups=[Group.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
        )
        client.force_login(moderator)
        url = reverse("sas:album_edit", kwargs={"album_id": sas_root.pk})
        response = client.get(url)
        assert response.status_code == 404
        response = client.post(url)
        assert response.status_code == 404
    @pytest.mark.parametrize(
        ("excluded", "is_valid"),
        [
            ("name", False),
            ("date", False),
            ("file", True),
            ("parent", False),
            ("edit_groups", True),
            ("recursive", True),
        ],
    )
    def test_form_required(self, album: Album, excluded: str, is_valid: bool):  # noqa: FBT001
        data = {
            "name": album.name[: Album.NAME_MAX_LENGTH],
            "parent": baker.make(Album, parent=album.parent, is_moderated=True).pk,
            "date": localdate().strftime("%Y-%m-%d"),
            "file": "/random/path",
            "edit_groups": [settings.SITH_GROUP_SAS_ADMIN_ID],
            "recursive": False,
        }
        del data[excluded]
        assert AlbumEditForm(data=data).is_valid() == is_valid
    def test_form_album_name(self, album: Album):
        data = {
            "name": album.name[: Album.NAME_MAX_LENGTH],
            "parent": album.pk,
            "date": localdate().strftime("%Y-%m-%d"),
        }
        assert AlbumEditForm(data=data).is_valid()
        data["name"] = album.name[: Album.NAME_MAX_LENGTH + 1]
        assert not AlbumEditForm(data=data).is_valid()
    def test_update_recursive_parent(self, client: Client, album: Album):
        client.force_login(baker.make(User, is_superuser=True))
        payload = {
            "name": album.name[: Album.NAME_MAX_LENGTH],
            "parent": album.pk,
            "date": localdate().strftime("%Y-%m-%d"),
        }
        response = client.post(
            reverse("sas:album_edit", kwargs={"album_id": album.pk}), payload
        )
        assertInHTML("<li>Boucle dans l'arborescence des dossiers</li>", response.text)
        assert response.status_code == 200
    @pytest.mark.parametrize(
        "user",
        [
            lambda: baker.make(User, is_superuser=True),
            lambda: baker.make(
                User, groups=[Group.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
            ),
        ],
    )
    @pytest.mark.parametrize(
        "parent",
        [
            lambda: baker.make(
                Album, parent_id=settings.SITH_SAS_ROOT_DIR_ID, is_moderated=True
            ),
            lambda: Album.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID),
        ],
    )
    def test_update(
        self,
        client: Client,
        album: Album,
        sas_root: Album,
        user: Callable[[], User],
        parent: Callable[[], Album],
    ):
        client.force_login(user())
        expected_redirect = reverse("sas:album", kwargs={"album_id": album.pk})
        payload = {
            "name": album.name[: Album.NAME_MAX_LENGTH],
            "parent": parent().id,
            "date": localdate().strftime("%Y-%m-%d"),
            "recursive": False,
        }
        response = client.post(
            reverse("sas:album_edit", kwargs={"album_id": album.pk}), payload
        )
        assertRedirects(response, expected_redirect)
        album.refresh_from_db()
        assert album.name == payload["name"]
        assert album.parent.id == payload["parent"]
        assert localdate(album.date) == localdate()
 class TestSasModeration(TestCase):
    @classmethod
    def setUpTestData(cls):
@@ -16,7 +16,6 @@ from typing import Any
 from django.conf import settings
 from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.core.exceptions import PermissionDenied
 from django.db.models import Count, OuterRef, Subquery
 from django.http import Http404, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, redirect
@@ -86,9 +85,7 @@ class SASMainView(UseFragmentsMixin, TemplateView):
        kwargs["categories"] = list(
            albums_qs.filter(parent_id=settings.SITH_SAS_ROOT_DIR_ID).order_by("id")
        )
-        kwargs["latest"] = list(
+        kwargs["latest"] = list(albums_qs.order_by("-id")[:5])
            albums_qs.exclude(id=settings.SITH_SAS_ROOT_DIR_ID).order_by("-id")[:5]
        )
        return kwargs
@@ -129,9 +126,6 @@ def send_thumb(request, picture_id):
 class AlbumView(CanViewMixin, UseFragmentsMixin, DetailView):
    model = Album
    # exclude the SAS from the album accessible with this view
    # the SAS can be viewed only with SASMainView
    queryset = Album.objects.exclude(id=settings.SITH_SAS_ROOT_DIR_ID)
    pk_url_kwarg = "album_id"
    template_name = "sas/album.jinja"
@@ -153,9 +147,10 @@ class AlbumView(CanViewMixin, UseFragmentsMixin, DetailView):
    def post(self, request, *args, **kwargs):
        self.object = self.get_object()
-        if not request.user.can_edit(self.object):
+        if not self.object.file:
-            raise PermissionDenied
+            self.object.generate_thumbnail()
-        FileView.handle_clipboard(request, self.object)
+        if request.user.can_edit(self.object):  # Handle the copy-paste functions
            FileView.handle_clipboard(request, self.object)
        return HttpResponseRedirect(self.request.path)
    def get_fragment_data(self) -> dict[str, dict[str, Any]]:
@@ -267,7 +262,6 @@ class PictureAskRemovalView(CanViewMixin, DetailView, FormView):
 class AlbumEditView(CanEditMixin, UpdateView):
    model = Album
    queryset = Album.objects.exclude(id=settings.SITH_SAS_ROOT_DIR_ID)
    form_class = AlbumEditForm
    template_name = "core/edit.jinja"
    pk_url_kwarg = "album_id"