docs: AI guideline

Màj du footer sur mobile

.env.example

@@ -0,0 +1,18 @@
+HTTPS=off
+SITH_DEBUG=true
+
+# This is not the real key used in prod
+SECRET_KEY=(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2
+
+# comment the sqlite line and uncomment the postgres one to switch the dbms
+DATABASE_URL=sqlite:///db.sqlite3
+#DATABASE_URL=postgres://user:password@127.0.0.1:5432/sith
+
+REDIS_PORT=7963
+CACHE_URL=redis://127.0.0.1:${REDIS_PORT}/0
+TASK_BROKER_URL=redis://127.0.0.1:${REDIS_PORT}/1
+
+# Used to select which other services to run alongside
+# manage.py, pytest and runserver
+PROCFILE_STATIC=Procfile.static
+PROCFILE_SERVICE=Procfile.service

.envrc

@@ -1,14 +1,6 @@
-if [[ ! -f pyproject.toml ]]; then
-  log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.'
+if [[ ! -d .venv ]]; then
+  log_error 'No .venv folder found. Use `uv sync` to create one first.'
   exit 2
 fi
 
-local VENV=$(poetry env list --full-path | cut -d' ' -f1)
-if [[ -z $VENV || ! -d $VENV/bin ]]; then
-  log_error 'No poetry virtual environment found. Use `poetry install` to create one first.'
-  exit 2
-fi
-
-export VIRTUAL_ENV=$VENV
-export POETRY_ACTIVE=1
-PATH_add "$VENV/bin"
+. .venv/bin/activate

.github/actions/compile_messages/action.yml

@@ -1,8 +0,0 @@
-name: "Compile messages"
-description: "Compile the gettext translation messages"
-runs:
-  using: composite
-  steps:
-      - name: Setup project
-        run: poetry run ./manage.py compilemessages
-        shell: bash

.github/actions/setup_project/action.yml

@@ -1,51 +1,65 @@
 name: "Setup project"
 description: "Setup Python and Poetry"
+inputs:
+  full:
+    description: > 
+      If true, do a full setup, else install
+      only python, uv and non-xapian python deps
+    required: false
+    default: "false"
 runs:
   using: composite
   steps:
     - name: Install apt packages
-      uses: awalsh128/cache-apt-pkgs-action@latest
+      if: ${{ inputs.full == 'true' }}
+      uses: awalsh128/cache-apt-pkgs-action@v1.4.3
       with:
         packages: gettext
         version: 1.0  # increment to reset cache
 
-    - name: Set up python
+    - name: Install Redis
+      if: ${{ inputs.full == 'true' }}
+      uses: shogo82148/actions-setup-redis@v1
+      with:
+        redis-version: "7.x"
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        version: "0.5.14"
+        enable-cache: true
+        cache-dependency-glob: "uv.lock"
+
+    - name: "Set up Python"
       uses: actions/setup-python@v5
       with:
-        python-version: "3.12"
+        python-version-file: ".python-version"
 
-    - name: Load cached Poetry installation
-      id: cached-poetry
-      uses: actions/cache@v3
+    - name: Restore cached virtualenv
+      uses: actions/cache/restore@v4
       with:
-        path: ~/.local
-        key: poetry-3  # increment to reset cache
-
-    - name: Install Poetry
-      if: steps.cached-poetry.outputs.cache-hit != 'true'
-      shell: bash
-      run: curl -sSL https://install.python-poetry.org | python3 -
-
-    - name: Check pyproject.toml syntax
-      shell: bash
-      run: poetry check
-
-    - name: Load cached dependencies
-      uses: actions/cache@v3
-      with:
-        path: ~/.cache/pypoetry
-        key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-poetry-
+        key: venv-${{ runner.os }}-${{ hashFiles('.python-version') }}-${{ hashFiles('pyproject.toml') }}-${{ env.CACHE_SUFFIX }}
+        path: .venv
 
     - name: Install dependencies
-      run: poetry install --with docs,tests
+      run: uv sync
       shell: bash
 
-    - name: Install xapian
-      run: poetry run ./manage.py install_xapian
+    - name: Install Xapian
+      if: ${{ inputs.full == 'true' }}
+      run: uv run ./manage.py install_xapian
       shell: bash
 
+    # compiling xapian accounts for almost the entirety of the virtualenv setup,
+    # so we save the virtual environment only on workflows where it has been installed
+    - name: Save cached virtualenv
+      if: ${{ inputs.full == 'true' }}
+      uses: actions/cache/save@v4
+      with:
+        key: venv-${{ runner.os }}-${{ hashFiles('.python-version') }}-${{ hashFiles('pyproject.toml') }}-${{ env.CACHE_SUFFIX }}
+        path: .venv
+
     - name: Compile gettext messages
-      run: poetry run ./manage.py compilemessages
+      if: ${{ inputs.full == 'true' }}
+      run: uv run ./manage.py compilemessages
       shell: bash

.github/actions/setup_xapian/action.yml

@@ -1,10 +0,0 @@
-name: "Setup xapian"
-description: "Setup the xapian indexes"
-runs:
-  using: composite
-  steps:
-    - name: Setup xapian index
-      run: |
-        mkdir -p /dev/shm/search_indexes
-        ln -s /dev/shm/search_indexes sith/search_indexes
-      shell: bash

.github/workflows/ci.yml

@@ -7,6 +7,12 @@ on:
     branches: [master, taiste]
   workflow_dispatch:
 
+env:
+  SECRET_KEY: notTheRealOne
+  DATABASE_URL: sqlite:///db.sqlite3
+  CACHE_URL: redis://127.0.0.1:6379/0
+  TASK_BROKER_URL: redis://127.0.0.1:6379/1
+
 jobs:
   pre-commit:
     name: Launch pre-commits checks (ruff)
@@ -14,6 +20,8 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - uses: actions/setup-python@v5
+      with:
+        python-version-file: ".python-version"
     - uses: pre-commit/action@v3.0.1
       with:
         extra_args: --all-files
@@ -24,21 +32,24 @@ jobs:
     strategy:
       fail-fast: false  # don't interrupt the other test processes
       matrix:
-        pytest-mark: [slow, not slow]
+        pytest-mark: [not slow]
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
       - uses: ./.github/actions/setup_project
-      - uses: ./.github/actions/setup_xapian
-      - uses: ./.github/actions/compile_messages
+        with:
+          full: true
+        env:
+          # To avoid race conditions on environment cache
+          CACHE_SUFFIX: ${{ matrix.pytest-mark }}
       - name: Run tests
-        run: poetry run coverage run -m pytest -m "${{ matrix.pytest-mark }}"
+        run: uv run coverage run -m pytest -m "${{ matrix.pytest-mark }}"
       - name: Generate coverage report
         run: |
-          poetry run coverage report
-          poetry run coverage html
+          uv run coverage report
+          uv run coverage html
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: coverage-report
+          name: coverage-report-${{ matrix.pytest-mark }}
           path: coverage_report

.github/workflows/deploy.yml

@@ -37,11 +37,29 @@ jobs:
 
           git fetch
           git reset --hard origin/master
-          poetry install --with prod --without docs,tests
+          uv sync --group prod
           npm install
-          poetry run ./manage.py install_xapian
-          poetry run ./manage.py migrate
-          poetry run ./manage.py collectstatic --clear --noinput
-          poetry run ./manage.py compilemessages
+          uv run ./manage.py install_xapian
+          uv run ./manage.py migrate
+          uv run ./manage.py collectstatic --clear --noinput
+          uv run ./manage.py compilemessages
 
           sudo systemctl restart uwsgi
+  
+  sentry:
+    runs-on: ubuntu-latest
+    environment: production
+    timeout-minutes: 30
+    needs: deployment
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Sentry Release
+        uses: getsentry/action-release@v1.7.0
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+          SENTRY_URL: ${{ secrets.SENTRY_URL }}
+        with:
+          environment: production

.github/workflows/deploy_docs.yml

@@ -2,7 +2,7 @@ name: deploy_docs
 on:
   push:
     branches:
-      - master
+      - taiste
 permissions:
   contents: write
 jobs:
@@ -18,4 +18,4 @@ jobs:
           path: .cache
           restore-keys: |
             mkdocs-material-
-      - run: poetry run mkdocs gh-deploy --force
+      - run: uv run mkdocs gh-deploy --force

.github/workflows/taiste.yml

@@ -36,11 +36,11 @@ jobs:
 
           git fetch
           git reset --hard origin/taiste
-          poetry install --with prod --without docs,tests
+          uv sync --group prod
           npm install
-          poetry run ./manage.py install_xapian
-          poetry run ./manage.py migrate
-          poetry run ./manage.py collectstatic --clear --noinput
-          poetry run ./manage.py compilemessages
+          uv run ./manage.py install_xapian
+          uv run ./manage.py migrate
+          uv run ./manage.py collectstatic --clear --noinput
+          uv run ./manage.py compilemessages
 
           sudo systemctl restart uwsgi

.gitignore

@@ -8,7 +8,7 @@ pyrightconfig.json
 dist/
 .vscode/
 .idea/
-env/
+.venv/
 doc/html
 data/
 galaxy/test_galaxy_state.json
@@ -18,6 +18,14 @@ sith/search_indexes/
 .coverage
 coverage_report/
 node_modules/
+.env
+*.pid
 
 # compiled documentation
 site/
+
+### Redis ###
+
+# Ignore redis binary dump (dump.rdb) files
+
+*.rdb

.npmrc

@@ -0,0 +1 @@
+@jsr:registry=https://npm.jsr.io

.pre-commit-config.yaml

@@ -1,20 +1,20 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.6.9
+    rev: v0.11.13
     hooks:
-      - id: ruff  # just check the code, and print the errors
-      - id: ruff  # actually fix the fixable errors, but print nothing
+      - id: ruff-check  # just check the code, and print the errors
+      - id: ruff-check  # actually fix the fixable errors, but print nothing
         args: ["--fix", "--silent"]
       # Run the formatter.
       - id: ruff-format
   - repo: https://github.com/biomejs/pre-commit
-    rev: "v0.1.0"  # Use the sha / tag you want to point at
+    rev: v0.6.1
     hooks:
       - id: biome-check
-        additional_dependencies: ["@biomejs/biome@1.9.3"]
+        additional_dependencies: ["@biomejs/biome@1.9.4"]
   - repo: https://github.com/rtts/djhtml
-    rev: 3.0.6
+    rev: 3.0.7
     hooks:
       - id: djhtml
         name: format templates

.python-version

@@ -0,0 +1 @@
+3.12

Procfile.service

@@ -0,0 +1,2 @@
+redis: redis-server --port $REDIS_PORT
+celery: uv run celery -A sith worker --beat -l INFO

Procfile.static

@@ -0,0 +1 @@
+bundler: npm run serve

accounting/__init__.py

@@ -1,14 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#

accounting/admin.py

@@ -1,36 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from django.contrib import admin
-
-from accounting.models import (
-    AccountingType,
-    BankAccount,
-    ClubAccount,
-    Company,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-
-admin.site.register(BankAccount)
-admin.site.register(ClubAccount)
-admin.site.register(GeneralJournal)
-admin.site.register(AccountingType)
-admin.site.register(SimplifiedAccountingType)
-admin.site.register(Operation)
-admin.site.register(Label)
-admin.site.register(Company)

accounting/api.py

@@ -1,23 +0,0 @@
-from typing import Annotated
-
-from annotated_types import MinLen
-from ninja_extra import ControllerBase, api_controller, paginate, route
-from ninja_extra.pagination import PageNumberPaginationExtra
-from ninja_extra.schemas import PaginatedResponseSchema
-
-from accounting.models import ClubAccount, Company
-from accounting.schemas import ClubAccountSchema, CompanySchema
-from core.api_permissions import CanAccessLookup
-
-
-@api_controller("/lookup", permissions=[CanAccessLookup])
-class AccountingController(ControllerBase):
-    @route.get("/club-account", response=PaginatedResponseSchema[ClubAccountSchema])
-    @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_club_account(self, search: Annotated[str, MinLen(1)]):
-        return ClubAccount.objects.filter(name__icontains=search).values()
-
-    @route.get("/company", response=PaginatedResponseSchema[CompanySchema])
-    @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_company(self, search: Annotated[str, MinLen(1)]):
-        return Company.objects.filter(name__icontains=search).values()

accounting/migrations/0001_initial.py

@@ -1,280 +0,0 @@
-from __future__ import unicode_literals
-
-import django.core.validators
-import django.db.models.deletion
-from django.db import migrations, models
-
-import accounting.models
-
-
-class Migration(migrations.Migration):
-    dependencies = []
-
-    operations = [
-        migrations.CreateModel(
-            name="AccountingType",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                (
-                    "code",
-                    models.CharField(
-                        max_length=16,
-                        verbose_name="code",
-                        validators=[
-                            django.core.validators.RegexValidator(
-                                "^[0-9]*$",
-                                "An accounting type code contains only numbers",
-                            )
-                        ],
-                    ),
-                ),
-                ("label", models.CharField(max_length=128, verbose_name="label")),
-                (
-                    "movement_type",
-                    models.CharField(
-                        choices=[
-                            ("CREDIT", "Credit"),
-                            ("DEBIT", "Debit"),
-                            ("NEUTRAL", "Neutral"),
-                        ],
-                        max_length=12,
-                        verbose_name="movement type",
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "accounting type",
-                "ordering": ["movement_type", "code"],
-            },
-        ),
-        migrations.CreateModel(
-            name="BankAccount",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=30, verbose_name="name")),
-                (
-                    "iban",
-                    models.CharField(max_length=255, blank=True, verbose_name="iban"),
-                ),
-                (
-                    "number",
-                    models.CharField(
-                        max_length=255, blank=True, verbose_name="account number"
-                    ),
-                ),
-            ],
-            options={"verbose_name": "Bank account", "ordering": ["club", "name"]},
-        ),
-        migrations.CreateModel(
-            name="ClubAccount",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=30, verbose_name="name")),
-            ],
-            options={
-                "verbose_name": "Club account",
-                "ordering": ["bank_account", "name"],
-            },
-        ),
-        migrations.CreateModel(
-            name="Company",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=60, verbose_name="name")),
-            ],
-            options={"verbose_name": "company"},
-        ),
-        migrations.CreateModel(
-            name="GeneralJournal",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("start_date", models.DateField(verbose_name="start date")),
-                (
-                    "end_date",
-                    models.DateField(
-                        null=True, verbose_name="end date", default=None, blank=True
-                    ),
-                ),
-                ("name", models.CharField(max_length=40, verbose_name="name")),
-                (
-                    "closed",
-                    models.BooleanField(verbose_name="is closed", default=False),
-                ),
-                (
-                    "amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2,
-                        default=0,
-                        verbose_name="amount",
-                        max_digits=12,
-                    ),
-                ),
-                (
-                    "effective_amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2,
-                        default=0,
-                        verbose_name="effective_amount",
-                        max_digits=12,
-                    ),
-                ),
-            ],
-            options={"verbose_name": "General journal", "ordering": ["-start_date"]},
-        ),
-        migrations.CreateModel(
-            name="Operation",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("number", models.IntegerField(verbose_name="number")),
-                (
-                    "amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2, max_digits=12, verbose_name="amount"
-                    ),
-                ),
-                ("date", models.DateField(verbose_name="date")),
-                ("remark", models.CharField(max_length=128, verbose_name="comment")),
-                (
-                    "mode",
-                    models.CharField(
-                        choices=[
-                            ("CHECK", "Check"),
-                            ("CASH", "Cash"),
-                            ("TRANSFERT", "Transfert"),
-                            ("CARD", "Credit card"),
-                        ],
-                        max_length=255,
-                        verbose_name="payment method",
-                    ),
-                ),
-                (
-                    "cheque_number",
-                    models.CharField(
-                        max_length=32,
-                        null=True,
-                        verbose_name="cheque number",
-                        default="",
-                        blank=True,
-                    ),
-                ),
-                ("done", models.BooleanField(verbose_name="is done", default=False)),
-                (
-                    "target_type",
-                    models.CharField(
-                        choices=[
-                            ("USER", "User"),
-                            ("CLUB", "Club"),
-                            ("ACCOUNT", "Account"),
-                            ("COMPANY", "Company"),
-                            ("OTHER", "Other"),
-                        ],
-                        max_length=10,
-                        verbose_name="target type",
-                    ),
-                ),
-                (
-                    "target_id",
-                    models.IntegerField(
-                        null=True, verbose_name="target id", blank=True
-                    ),
-                ),
-                (
-                    "target_label",
-                    models.CharField(
-                        max_length=32,
-                        blank=True,
-                        verbose_name="target label",
-                        default="",
-                    ),
-                ),
-                (
-                    "accounting_type",
-                    models.ForeignKey(
-                        null=True,
-                        related_name="operations",
-                        verbose_name="accounting type",
-                        to="accounting.AccountingType",
-                        blank=True,
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-            options={"ordering": ["-number"]},
-        ),
-        migrations.CreateModel(
-            name="SimplifiedAccountingType",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("label", models.CharField(max_length=128, verbose_name="label")),
-                (
-                    "accounting_type",
-                    models.ForeignKey(
-                        verbose_name="simplified accounting types",
-                        to="accounting.AccountingType",
-                        related_name="simplified_types",
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "simplified type",
-                "ordering": ["accounting_type__movement_type", "accounting_type__code"],
-            },
-        ),
-    ]

accounting/migrations/0002_auto_20160824_2152.py

@@ -1,105 +0,0 @@
-from __future__ import unicode_literals
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("club", "0001_initial"),
-        ("accounting", "0001_initial"),
-        ("core", "0001_initial"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="operation",
-            name="invoice",
-            field=models.ForeignKey(
-                null=True,
-                related_name="operations",
-                verbose_name="invoice",
-                to="core.SithFile",
-                blank=True,
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="journal",
-            field=models.ForeignKey(
-                verbose_name="journal",
-                to="accounting.GeneralJournal",
-                related_name="operations",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="linked_operation",
-            field=models.OneToOneField(
-                on_delete=django.db.models.deletion.CASCADE,
-                blank=True,
-                to="accounting.Operation",
-                null=True,
-                related_name="operation_linked_to",
-                verbose_name="linked operation",
-                default=None,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="simpleaccounting_type",
-            field=models.ForeignKey(
-                null=True,
-                related_name="operations",
-                verbose_name="simple type",
-                to="accounting.SimplifiedAccountingType",
-                blank=True,
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="generaljournal",
-            name="club_account",
-            field=models.ForeignKey(
-                verbose_name="club account",
-                to="accounting.ClubAccount",
-                related_name="journals",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="clubaccount",
-            name="bank_account",
-            field=models.ForeignKey(
-                verbose_name="bank account",
-                to="accounting.BankAccount",
-                related_name="club_accounts",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="clubaccount",
-            name="club",
-            field=models.ForeignKey(
-                verbose_name="club",
-                to="club.Club",
-                related_name="club_account",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="bankaccount",
-            name="club",
-            field=models.ForeignKey(
-                verbose_name="club",
-                to="club.Club",
-                related_name="bank_accounts",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AlterUniqueTogether(
-            name="operation", unique_together={("number", "journal")}
-        ),
-    ]

accounting/migrations/0003_auto_20160824_2203.py

@@ -1,48 +0,0 @@
-from __future__ import unicode_literals
-
-import phonenumber_field.modelfields
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0002_auto_20160824_2152")]
-
-    operations = [
-        migrations.AddField(
-            model_name="company",
-            name="city",
-            field=models.CharField(blank=True, verbose_name="city", max_length=60),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="country",
-            field=models.CharField(blank=True, verbose_name="country", max_length=32),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="email",
-            field=models.EmailField(blank=True, verbose_name="email", max_length=254),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="phone",
-            field=phonenumber_field.modelfields.PhoneNumberField(
-                blank=True, verbose_name="phone", max_length=128
-            ),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="postcode",
-            field=models.CharField(blank=True, verbose_name="postcode", max_length=10),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="street",
-            field=models.CharField(blank=True, verbose_name="street", max_length=60),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="website",
-            field=models.CharField(blank=True, verbose_name="website", max_length=64),
-        ),
-    ]

accounting/migrations/0004_auto_20161005_1505.py

@@ -1,50 +0,0 @@
-from __future__ import unicode_literals
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0003_auto_20160824_2203")]
-
-    operations = [
-        migrations.CreateModel(
-            name="Label",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        verbose_name="ID",
-                        primary_key=True,
-                        auto_created=True,
-                        serialize=False,
-                    ),
-                ),
-                ("name", models.CharField(max_length=64, verbose_name="label")),
-                (
-                    "club_account",
-                    models.ForeignKey(
-                        related_name="labels",
-                        verbose_name="club account",
-                        to="accounting.ClubAccount",
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="label",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="operations",
-                null=True,
-                blank=True,
-                verbose_name="label",
-                to="accounting.Label",
-            ),
-        ),
-        migrations.AlterUniqueTogether(
-            name="label", unique_together={("name", "club_account")}
-        ),
-    ]

accounting/migrations/0005_auto_20170324_0917.py

@@ -1,17 +0,0 @@
-from __future__ import unicode_literals
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0004_auto_20161005_1505")]
-
-    operations = [
-        migrations.AlterField(
-            model_name="operation",
-            name="remark",
-            field=models.CharField(
-                null=True, max_length=128, blank=True, verbose_name="comment"
-            ),
-        )
-    ]

accounting/models.py

@@ -1,520 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from decimal import Decimal
-
-from django.conf import settings
-from django.core import validators
-from django.core.exceptions import ValidationError
-from django.db import models
-from django.template import defaultfilters
-from django.urls import reverse
-from django.utils.translation import gettext_lazy as _
-from phonenumber_field.modelfields import PhoneNumberField
-
-from club.models import Club
-from core.models import SithFile, User
-
-
-class CurrencyField(models.DecimalField):
-    """Custom database field used for currency."""
-
-    def __init__(self, *args, **kwargs):
-        kwargs["max_digits"] = 12
-        kwargs["decimal_places"] = 2
-        super().__init__(*args, **kwargs)
-
-    def to_python(self, value):
-        try:
-            return super().to_python(value).quantize(Decimal("0.01"))
-        except AttributeError:
-            return None
-
-
-if settings.TESTING:
-    from model_bakery import baker
-
-    baker.generators.add(
-        CurrencyField,
-        lambda: baker.random_gen.gen_decimal(max_digits=8, decimal_places=2),
-    )
-else:  # pragma: no cover
-    # baker is only used in tests, so we don't need coverage for this part
-    pass
-
-
-# Accounting classes
-
-
-class Company(models.Model):
-    name = models.CharField(_("name"), max_length=60)
-    street = models.CharField(_("street"), max_length=60, blank=True)
-    city = models.CharField(_("city"), max_length=60, blank=True)
-    postcode = models.CharField(_("postcode"), max_length=10, blank=True)
-    country = models.CharField(_("country"), max_length=32, blank=True)
-    phone = PhoneNumberField(_("phone"), blank=True)
-    email = models.EmailField(_("email"), blank=True)
-    website = models.CharField(_("website"), max_length=64, blank=True)
-
-    class Meta:
-        verbose_name = _("company")
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:co_edit", kwargs={"co_id": self.id})
-
-    def get_display_name(self):
-        return self.name
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        return user.memberships.filter(
-            end_date=None, club__role=settings.SITH_CLUB_ROLES_ID["Treasurer"]
-        ).exists()
-
-    def can_be_viewed_by(self, user):
-        """Check if that object can be viewed by the given user."""
-        return user.memberships.filter(
-            end_date=None, club__role_gte=settings.SITH_CLUB_ROLES_ID["Treasurer"]
-        ).exists()
-
-
-class BankAccount(models.Model):
-    name = models.CharField(_("name"), max_length=30)
-    iban = models.CharField(_("iban"), max_length=255, blank=True)
-    number = models.CharField(_("account number"), max_length=255, blank=True)
-    club = models.ForeignKey(
-        Club,
-        related_name="bank_accounts",
-        verbose_name=_("club"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("Bank account")
-        ordering = ["club", "name"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:bank_details", kwargs={"b_account_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        m = self.club.get_membership_for(user)
-        return m is not None and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-
-class ClubAccount(models.Model):
-    name = models.CharField(_("name"), max_length=30)
-    club = models.ForeignKey(
-        Club,
-        related_name="club_account",
-        verbose_name=_("club"),
-        on_delete=models.CASCADE,
-    )
-    bank_account = models.ForeignKey(
-        BankAccount,
-        related_name="club_accounts",
-        verbose_name=_("bank account"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("Club account")
-        ordering = ["bank_account", "name"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:club_details", kwargs={"c_account_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        m = self.club.get_membership_for(user)
-        return m and m.role == settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def can_be_viewed_by(self, user):
-        """Check if that object can be viewed by the given user."""
-        m = self.club.get_membership_for(user)
-        return m and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def has_open_journal(self):
-        return self.journals.filter(closed=False).exists()
-
-    def get_open_journal(self):
-        return self.journals.filter(closed=False).first()
-
-    def get_display_name(self):
-        return _("%(club_account)s on %(bank_account)s") % {
-            "club_account": self.name,
-            "bank_account": self.bank_account,
-        }
-
-
-class GeneralJournal(models.Model):
-    """Class storing all the operations for a period of time."""
-
-    start_date = models.DateField(_("start date"))
-    end_date = models.DateField(_("end date"), null=True, blank=True, default=None)
-    name = models.CharField(_("name"), max_length=40)
-    closed = models.BooleanField(_("is closed"), default=False)
-    club_account = models.ForeignKey(
-        ClubAccount,
-        related_name="journals",
-        null=False,
-        verbose_name=_("club account"),
-        on_delete=models.CASCADE,
-    )
-    amount = CurrencyField(_("amount"), default=0)
-    effective_amount = CurrencyField(_("effective_amount"), default=0)
-
-    class Meta:
-        verbose_name = _("General journal")
-        ordering = ["-start_date"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:journal_details", kwargs={"j_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_viewed_by(self, user):
-        return self.club_account.can_be_viewed_by(user)
-
-    def update_amounts(self):
-        self.amount = 0
-        self.effective_amount = 0
-        for o in self.operations.all():
-            if o.accounting_type.movement_type == "CREDIT":
-                if o.done:
-                    self.effective_amount += o.amount
-                self.amount += o.amount
-            else:
-                if o.done:
-                    self.effective_amount -= o.amount
-                self.amount -= o.amount
-        self.save()
-
-
-class Operation(models.Model):
-    """An operation is a line in the journal, a debit or a credit."""
-
-    number = models.IntegerField(_("number"))
-    journal = models.ForeignKey(
-        GeneralJournal,
-        related_name="operations",
-        null=False,
-        verbose_name=_("journal"),
-        on_delete=models.CASCADE,
-    )
-    amount = CurrencyField(_("amount"))
-    date = models.DateField(_("date"))
-    remark = models.CharField(_("comment"), max_length=128, null=True, blank=True)
-    mode = models.CharField(
-        _("payment method"),
-        max_length=255,
-        choices=settings.SITH_ACCOUNTING_PAYMENT_METHOD,
-    )
-    cheque_number = models.CharField(
-        _("cheque number"), max_length=32, default="", null=True, blank=True
-    )
-    invoice = models.ForeignKey(
-        SithFile,
-        related_name="operations",
-        verbose_name=_("invoice"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    done = models.BooleanField(_("is done"), default=False)
-    simpleaccounting_type = models.ForeignKey(
-        "SimplifiedAccountingType",
-        related_name="operations",
-        verbose_name=_("simple type"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    accounting_type = models.ForeignKey(
-        "AccountingType",
-        related_name="operations",
-        verbose_name=_("accounting type"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    label = models.ForeignKey(
-        "Label",
-        related_name="operations",
-        verbose_name=_("label"),
-        null=True,
-        blank=True,
-        on_delete=models.SET_NULL,
-    )
-    target_type = models.CharField(
-        _("target type"),
-        max_length=10,
-        choices=[
-            ("USER", _("User")),
-            ("CLUB", _("Club")),
-            ("ACCOUNT", _("Account")),
-            ("COMPANY", _("Company")),
-            ("OTHER", _("Other")),
-        ],
-    )
-    target_id = models.IntegerField(_("target id"), null=True, blank=True)
-    target_label = models.CharField(
-        _("target label"), max_length=32, default="", blank=True
-    )
-    linked_operation = models.OneToOneField(
-        "self",
-        related_name="operation_linked_to",
-        verbose_name=_("linked operation"),
-        null=True,
-        blank=True,
-        default=None,
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        unique_together = ("number", "journal")
-        ordering = ["-number"]
-
-    def __str__(self):
-        return f"{self.amount} € | {self.date} | {self.accounting_type} | {self.done}"
-
-    def save(self, *args, **kwargs):
-        if self.number is None:
-            self.number = self.journal.operations.count() + 1
-        super().save(*args, **kwargs)
-        self.journal.update_amounts()
-
-    def get_absolute_url(self):
-        return reverse("accounting:journal_details", kwargs={"j_id": self.journal.id})
-
-    def __getattribute__(self, attr):
-        if attr == "target":
-            return self.get_target()
-        else:
-            return object.__getattribute__(self, attr)
-
-    def clean(self):
-        super().clean()
-        if self.date is None:
-            raise ValidationError(_("The date must be set."))
-        elif self.date < self.journal.start_date:
-            raise ValidationError(
-                _(
-                    """The date can not be before the start date of the journal, which is
-%(start_date)s."""
-                )
-                % {
-                    "start_date": defaultfilters.date(
-                        self.journal.start_date, settings.DATE_FORMAT
-                    )
-                }
-            )
-        if self.target_type != "OTHER" and self.get_target() is None:
-            raise ValidationError(_("Target does not exists"))
-        if self.target_type == "OTHER" and self.target_label == "":
-            raise ValidationError(
-                _("Please add a target label if you set no existing target")
-            )
-        if not self.accounting_type and not self.simpleaccounting_type:
-            raise ValidationError(
-                _(
-                    "You need to provide ether a simplified accounting type or a standard accounting type"
-                )
-            )
-        if self.simpleaccounting_type:
-            self.accounting_type = self.simpleaccounting_type.accounting_type
-
-    @property
-    def target(self):
-        return self.get_target()
-
-    def get_target(self):
-        tar = None
-        if self.target_type == "USER":
-            tar = User.objects.filter(id=self.target_id).first()
-        elif self.target_type == "CLUB":
-            tar = Club.objects.filter(id=self.target_id).first()
-        elif self.target_type == "ACCOUNT":
-            tar = ClubAccount.objects.filter(id=self.target_id).first()
-        elif self.target_type == "COMPANY":
-            tar = Company.objects.filter(id=self.target_id).first()
-        return tar
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        if self.journal.closed:
-            return False
-        m = self.journal.club_account.club.get_membership_for(user)
-        return m is not None and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        if self.journal.closed:
-            return False
-        m = self.journal.club_account.club.get_membership_for(user)
-        return m is not None and m.role == settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-
-class AccountingType(models.Model):
-    """Accounting types.
-
-    Those are numbers used in accounting to classify operations
-    """
-
-    code = models.CharField(
-        _("code"),
-        max_length=16,
-        validators=[
-            validators.RegexValidator(
-                r"^[0-9]*$", _("An accounting type code contains only numbers")
-            )
-        ],
-    )
-    label = models.CharField(_("label"), max_length=128)
-    movement_type = models.CharField(
-        _("movement type"),
-        choices=[
-            ("CREDIT", _("Credit")),
-            ("DEBIT", _("Debit")),
-            ("NEUTRAL", _("Neutral")),
-        ],
-        max_length=12,
-    )
-
-    class Meta:
-        verbose_name = _("accounting type")
-        ordering = ["movement_type", "code"]
-
-    def __str__(self):
-        return self.code + " - " + self.get_movement_type_display() + " - " + self.label
-
-    def get_absolute_url(self):
-        return reverse("accounting:type_list")
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-
-class SimplifiedAccountingType(models.Model):
-    """Simplified version of `AccountingType`."""
-
-    label = models.CharField(_("label"), max_length=128)
-    accounting_type = models.ForeignKey(
-        AccountingType,
-        related_name="simplified_types",
-        verbose_name=_("simplified accounting types"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("simplified type")
-        ordering = ["accounting_type__movement_type", "accounting_type__code"]
-
-    def __str__(self):
-        return (
-            f"{self.get_movement_type_display()} "
-            f"- {self.accounting_type.code} - {self.label}"
-        )
-
-    def get_absolute_url(self):
-        return reverse("accounting:simple_type_list")
-
-    @property
-    def movement_type(self):
-        return self.accounting_type.movement_type
-
-    def get_movement_type_display(self):
-        return self.accounting_type.get_movement_type_display()
-
-
-class Label(models.Model):
-    """Label allow a club to sort its operations."""
-
-    name = models.CharField(_("label"), max_length=64)
-    club_account = models.ForeignKey(
-        ClubAccount,
-        related_name="labels",
-        verbose_name=_("club account"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        unique_together = ("name", "club_account")
-
-    def __str__(self):
-        return "%s (%s)" % (self.name, self.club_account.name)
-
-    def get_absolute_url(self):
-        return reverse(
-            "accounting:label_list", kwargs={"clubaccount_id": self.club_account.id}
-        )
-
-    def is_owned_by(self, user):
-        if user.is_anonymous:
-            return False
-        return self.club_account.is_owned_by(user)
-
-    def can_be_edited_by(self, user):
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_viewed_by(self, user):
-        return self.club_account.can_be_viewed_by(user)

accounting/schemas.py

@@ -1,15 +0,0 @@
-from ninja import ModelSchema
-
-from accounting.models import ClubAccount, Company
-
-
-class ClubAccountSchema(ModelSchema):
-    class Meta:
-        model = ClubAccount
-        fields = ["id", "name"]
-
-
-class CompanySchema(ModelSchema):
-    class Meta:
-        model = Company
-        fields = ["id", "name"]

accounting/static/bundled/accounting/components/ajax-select-index.ts

@@ -1,60 +0,0 @@
-import { AjaxSelect } from "#core:core/components/ajax-select-base";
-import { registerComponent } from "#core:utils/web-components";
-import type { TomOption } from "tom-select/dist/types/types";
-import type { escape_html } from "tom-select/dist/types/utils";
-import {
-  type ClubAccountSchema,
-  type CompanySchema,
-  accountingSearchClubAccount,
-  accountingSearchCompany,
-} from "#openapi";
-
-@registerComponent("club-account-ajax-select")
-export class ClubAccountAjaxSelect extends AjaxSelect {
-  protected valueField = "id";
-  protected labelField = "name";
-  protected searchField = ["code", "name"];
-
-  protected async search(query: string): Promise<TomOption[]> {
-    const resp = await accountingSearchClubAccount({ query: { search: query } });
-    if (resp.data) {
-      return resp.data.results;
-    }
-    return [];
-  }
-
-  protected renderOption(item: ClubAccountSchema, sanitize: typeof escape_html) {
-    return `<div class="select-item">
-            <span class="select-item-text">${sanitize(item.name)}</span>
-          </div>`;
-  }
-
-  protected renderItem(item: ClubAccountSchema, sanitize: typeof escape_html) {
-    return `<span>${sanitize(item.name)}</span>`;
-  }
-}
-
-@registerComponent("company-ajax-select")
-export class CompanyAjaxSelect extends AjaxSelect {
-  protected valueField = "id";
-  protected labelField = "name";
-  protected searchField = ["code", "name"];
-
-  protected async search(query: string): Promise<TomOption[]> {
-    const resp = await accountingSearchCompany({ query: { search: query } });
-    if (resp.data) {
-      return resp.data.results;
-    }
-    return [];
-  }
-
-  protected renderOption(item: CompanySchema, sanitize: typeof escape_html) {
-    return `<div class="select-item">
-            <span class="select-item-text">${sanitize(item.name)}</span>
-          </div>`;
-  }
-
-  protected renderItem(item: CompanySchema, sanitize: typeof escape_html) {
-    return `<span>${sanitize(item.name)}</span>`;
-  }
-}

accounting/templates/accounting/accountingtype_list.jinja

@@ -1,27 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Accounting type list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {% trans %}Accounting types{% endtrans %}
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:type_new') }}">{% trans %}New accounting type{% endtrans %}</a></p>
-    {% if accountingtype_list %}
-      <h3>{% trans %}Accounting type list{% endtrans %}</h3>
-      <ul>
-        {% for a in accountingtype_list  %}
-          <li><a href="{{ url('accounting:type_edit', type_id=a.id) }}">{{ a }}</a></li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no types in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-

accounting/templates/accounting/bank_account_details.jinja

@@ -1,38 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Bank account: {% endtrans %}{{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {{ object.name }}
-    </p>
-    <hr>
-    <h2>{% trans %}Bank account: {% endtrans %}{{ object.name }}</h2>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and not object.club_accounts.exists() %}
-      <a href="{{ url('accounting:bank_delete', b_account_id=object.id) }}">{% trans %}Delete{% endtrans %}</a>
-    {% endif %}
-    <h4>{% trans %}Infos{% endtrans %}</h4>
-    <ul>
-      <li><strong>{% trans %}IBAN: {% endtrans %}</strong>{{ object.iban }}</li>
-      <li><strong>{% trans %}Number: {% endtrans %}</strong>{{ object.number }}</li>
-    </ul>
-    <p><a href="{{ url('accounting:club_new') }}?parent={{ object.id }}">{% trans %}New club account{% endtrans %}</a></p>
-    <ul>
-      {% for c in object.club_accounts.all() %}
-        <li><a href="{{ url('accounting:club_details', c_account_id=c.id) }}">{{ c }}</a>
-          - <a href="{{ url('accounting:club_edit', c_account_id=c.id) }}">{% trans %}Edit{% endtrans %}</a>
-          {% if c.journals.count() == 0 %}
-            - <a href="{{ url('accounting:club_delete', c_account_id=c.id) }}">{% trans %}Delete{% endtrans %}</a>
-          {% endif %}
-        </li>
-      {% endfor %}
-    </ul>
-  </div>
-{% endblock %}
-
-
-

accounting/templates/accounting/bank_account_list.jinja

@@ -1,33 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Bank account list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <h4>
-      {% trans %}Accounting{% endtrans %}
-    </h4>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:simple_type_list') }}">{% trans %}Manage simplified types{% endtrans %}</a></p>
-      <p><a href="{{ url('accounting:type_list') }}">{% trans %}Manage accounting types{% endtrans %}</a></p>
-      <p><a href="{{ url('accounting:bank_new') }}">{% trans %}New bank account{% endtrans %}</a></p>
-    {% endif %}
-    {% if bankaccount_list %}
-      <h3>{% trans %}Bank account list{% endtrans %}</h3>
-      <ul>
-        {% for a in object_list  %}
-          <li><a href="{{ url('accounting:bank_details', b_account_id=a.id) }}">{{ a }}</a>
-            - <a href="{{ url('accounting:bank_edit', b_account_id=a.id) }}">{% trans %}Edit{% endtrans %}</a>
-          </li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no accounts in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-
-
-

accounting/templates/accounting/club_account_details.jinja

@@ -1,68 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Club account:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.bank_account.id) }}">{{object.bank_account }}</a> >
-      {{ object }}
-    </p>
-    <hr>
-    <h2>{% trans %}Club account:{% endtrans %} {{ object.name }}</h2>
-    {% if user.is_root and not object.journals.exists() %}
-      <a href="{{ url('accounting:club_delete', c_account_id=object.id) }}">{% trans %}Delete{% endtrans %}</a>
-    {% endif %}
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:label_new') }}?parent={{ object.id }}">{% trans %}New label{% endtrans %}</a></p>
-    {% endif %}
-    <p><a href="{{ url('accounting:label_list', clubaccount_id=object.id) }}">{% trans %}Label list{% endtrans %}</a></p>
-    {% if not object.has_open_journal() %}
-      <p><a href="{{ url('accounting:journal_new') }}?parent={{ object.id }}">{% trans %}New journal{% endtrans %}</a></p>
-    {% else %}
-      <p>{% trans %}You can not create new journal while you still have one opened{% endtrans %}</p>
-    {% endif %}
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Name{% endtrans %}</td>
-          <td>{% trans %}Start{% endtrans %}</td>
-          <td>{% trans %}End{% endtrans %}</td>
-          <td>{% trans %}Amount{% endtrans %}</td>
-          <td>{% trans %}Effective amount{% endtrans %}</td>
-          <td>{% trans %}Closed{% endtrans %}</td>
-          <td>{% trans %}Actions{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for j in object.journals.all() %}
-          <tr>
-            <td>{{ j.name }}</td>
-            <td>{{ j.start_date }}</td>
-            {% if j.end_date %}
-              <td>{{ j.end_date }}</td>
-            {% else %}
-              <td> - </td>
-            {% endif %}
-            <td>{{ j.amount }} €</td>
-            <td>{{ j.effective_amount }} €</td>
-            {% if j.closed %}
-              <td>{% trans %}Yes{% endtrans %}</td>
-            {% else %}
-              <td>{% trans %}No{% endtrans %}</td>
-            {% endif %}
-            <td> <a href="{{ url('accounting:journal_details', j_id=j.id) }}">{% trans %}View{% endtrans %}</a>
-              <a href="{{ url('accounting:journal_edit', j_id=j.id) }}">{% trans %}Edit{% endtrans %}</a>
-              {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and j.operations.count() == 0 %}
-                <a href="{{ url('accounting:journal_delete', j_id=j.id) }}">{% trans %}Delete{% endtrans %}</a>
-              {% endif %}
-            </td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-  </div>
-{% endblock %}

accounting/templates/accounting/co_list.jinja

@@ -1,30 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Company list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    {% if user.is_root
-    or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-    %}
-    <p><a href="{{ url('accounting:co_new') }}">{% trans %}Create new company{% endtrans %}</a></p>
-{% endif %}
-<br/>
-<table>
-  <thead>
-    <tr>
-      <td>{% trans %}Companies{% endtrans %}</td>
-    </tr>
-  </thead>
-  <tbody>
-    {% for o in object_list %}
-      <tr>
-        <td><a href="{{ url('accounting:co_edit', co_id=o.id) }}">{{ o.get_display_name() }}</a></td>
-      </tr>
-    {% endfor %}
-  </tbody>
-</table>
-</div>
-{% endblock %}

accounting/templates/accounting/journal_details.jinja

@@ -1,103 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.club_account.bank_account.id) }}">{{object.club_account.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.club_account.id) }}">{{ object.club_account }}</a> >
-      {{ object.name }}
-    </p>
-    <hr>
-    <h2>{% trans %}General journal:{% endtrans %} {{ object.name }}</h2>
-    <p><a href="{{ url('accounting:label_new') }}?parent={{ object.club_account.id }}">{% trans %}New label{% endtrans %}</a></p>
-    <p><a href="{{ url('accounting:label_list', clubaccount_id=object.club_account.id) }}">{% trans %}Label list{% endtrans %}</a></p>
-    <p><a href="{{ url('accounting:co_list') }}">{% trans %}Company list{% endtrans %}</a></p>
-    <p><strong>{% trans %}Amount: {% endtrans %}</strong>{{ object.amount }} € -
-      <strong>{% trans %}Effective amount: {% endtrans %}</strong>{{ object.effective_amount }} €</p>
-    {% if object.closed %}
-      <p>{% trans %}Journal is closed, you can not create operation{% endtrans %}</p>
-    {% else %}
-      <p><a href="{{ url('accounting:op_new', j_id=object.id) }}">{% trans %}New operation{% endtrans %}</a></p>
-      </br>
-    {% endif %}
-    <div class="journal-table">
-      <table>
-        <thead>
-          <tr>
-            <td>{% trans %}Nb{% endtrans %}</td>
-            <td>{% trans %}Date{% endtrans %}</td>
-            <td>{% trans %}Label{% endtrans %}</td>
-            <td>{% trans %}Amount{% endtrans %}</td>
-            <td>{% trans %}Payment mode{% endtrans %}</td>
-            <td>{% trans %}Target{% endtrans %}</td>
-            <td>{% trans %}Code{% endtrans %}</td>
-            <td>{% trans %}Nature{% endtrans %}</td>
-            <td>{% trans %}Done{% endtrans %}</td>
-            <td>{% trans %}Comment{% endtrans %}</td>
-            <td>{% trans %}File{% endtrans %}</td>
-            <td>{% trans %}Actions{% endtrans %}</td>
-            <td>{% trans %}PDF{% endtrans %}</td>
-          </tr>
-        </thead>
-        <tbody>
-          {% for o in object.operations.all() %}
-            <tr>
-              <td>{{ o.number }}</td>
-              <td>{{ o.date }}</td>
-              <td>{{ o.label or "" }}</td>
-              {% if o.accounting_type.movement_type == "DEBIT" %}
-                <td class="neg-amount">&nbsp;{{ o.amount }}&nbsp;€</td>
-              {% else %}
-                <td class="pos-amount">&nbsp;{{ o.amount }}&nbsp;€</td>
-              {% endif %}
-              <td>{{ o.get_mode_display() }}</td>
-              {% if o.target_type == "OTHER" %}
-                <td>{{ o.target_label }}</td>
-              {% else %}
-                <td><a href="{{ o.target.get_absolute_url() }}">{{ o.target.get_display_name() }}</a></td>
-              {% endif %}
-              <td>{{ o.accounting_type.code }}</td>
-              <td>{{ o.accounting_type.label }}</td>
-              {% if o.done %}
-                <td>{% trans %}Yes{% endtrans %}</td>
-              {% else %}
-                <td>{% trans %}No{% endtrans %}</td>
-              {% endif %}
-              <td>{{ o.remark }}
-                {% if not o.linked_operation and o.target_type == "ACCOUNT" and not o.target.has_open_journal() %}
-                  <p><strong>
-                    {% trans %}Warning: this operation has no linked operation because the targeted club account has no opened journal.{% endtrans %}
-                  </strong></p>
-                  <p><strong>
-                    {% trans url=o.target.get_absolute_url() %}Open a journal in <a href="{{ url }}">this club account</a>, then save this operation again to make the linked operation.{% endtrans %}
-                  </strong></p>
-                {% endif %}
-              </td>
-              {% if o.invoice %}
-                <td><a href="{{ url('core:download', file_id=o.invoice.id) }}">{{ o.invoice.name }}</a></td>
-              {% else %}
-                <td>-</td>
-              {% endif %}
-              <td>
-                {%
-                if o.journal.club_account.bank_account.name not in ["AE TI", "TI"]
-                or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-                %}
-                {% if not o.journal.closed %}
-                  <a href="{{ url('accounting:op_edit', op_id=o.id) }}">{% trans %}Edit{% endtrans %}</a>
-                {% endif %}
-          {% endif %}
-        </td>
-        <td><a href="{{ url('accounting:op_pdf', op_id=o.id) }}">{% trans %}Generate{% endtrans %}</a></td>
-      </tr>
-{% endfor %}
-</tbody>
-</table>
-</div>
-</div>
-{% endblock %}

accounting/templates/accounting/journal_statement_accounting.jinja

@@ -1,33 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-
-{% block content %}
-  <div id="accounting">
-    <h3>{% trans %}Accounting statement: {% endtrans %} {{ object.name }}</h3>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Operation type{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in statement.items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p><strong>{% trans %}Amount: {% endtrans %}</strong>{{ "%.2f" % object.amount }} €</p>
-    <p><strong>{% trans %}Effective amount: {% endtrans %}</strong>{{ "%.2f" %object.effective_amount }} €</p>
-  </div>
-{% endblock %}

accounting/templates/accounting/journal_statement_nature.jinja

@@ -1,57 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% macro display_tables(dict) %}
-  <div id="accounting">
-    <h6>{% trans %}Credit{% endtrans %}</h6>
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Nature of operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in dict['CREDIT'].items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-    {% trans %}Total: {% endtrans %}{{ "%.2f" % dict['CREDIT_sum'] }}
-
-    <h6>{% trans %}Debit{% endtrans %}</h6>
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Nature of operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in dict['DEBIT'].items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-    {% trans %}Total: {% endtrans %}{{ "%.2f" % dict['DEBIT_sum'] }}
-{% endmacro %}
-
-{% block content %}
-  <h3>{% trans %}Statement by nature: {% endtrans %} {{ object.name }}</h3>
-
-  {% for k,v in statement.items() %}
-    <h4 style="background: lightblue; padding: 4px;">{{ k }} : {{ "%.2f" % (v['CREDIT_sum'] - v['DEBIT_sum']) }}</h4>
-    {{ display_tables(v) }}
-    <hr>
-  {% endfor %}
-  </div>
-{% endblock %}

accounting/templates/accounting/journal_statement_person.jinja

@@ -1,68 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-
-{% block content %}
-  <div id="accounting">
-    <h3>{% trans %}Statement by person: {% endtrans %} {{ object.name }}</h3>
-
-    <h4>{% trans %}Credit{% endtrans %}</h4>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Target of the operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for key in credit_statement.keys() %}
-          <tr>
-            {% if key.target_type == "OTHER" %}
-              <td>{{ o.target_label }}</td>
-            {% elif key %}
-              <td><a href="{{ key.get_absolute_url() }}">{{ key.get_display_name() }}</a></td>
-            {% else %}
-              <td></td>
-            {% endif %}
-            <td>{{ "%.2f" % credit_statement[key] }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p>Total : {{ "%.2f" % total_credit }}</p>
-
-    <h4>{% trans %}Debit{% endtrans %}</h4>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Target of the operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for key in debit_statement.keys() %}
-          <tr>
-            {% if key.target_type == "OTHER" %}
-              <td>{{ o.target_label }}</td>
-            {% elif key %}
-              <td><a href="{{ key.get_absolute_url() }}">{{ key.get_display_name() }}</a></td>
-            {% else %}
-              <td></td>
-            {% endif %}
-            <td>{{ "%.2f" % debit_statement[key] }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p>Total : {{ "%.2f" % total_debit }}</p>
-  </div>
-{% endblock %}

accounting/templates/accounting/label_list.jinja

@@ -1,36 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Label list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.bank_account.id) }}">{{object.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.id) }}">{{ object }}</a>
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:club_details', c_account_id=object.id) }}">{% trans %}Back to club account{% endtrans %}</a></p>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:label_new') }}?parent={{ object.id }}">{% trans %}New label{% endtrans %}</a></p>
-    {% endif %}
-    {% if object.labels.all() %}
-      <h3>{% trans %}Label list{% endtrans %}</h3>
-      <ul>
-        {% for l in object.labels.all()  %}
-          <li><a href="{{ url('accounting:label_edit', label_id=l.id) }}">{{ l }}</a>
-            {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-              -
-              <a href="{{ url('accounting:label_delete', label_id=l.id) }}">{% trans %}Delete{% endtrans %}</a>
-            {% endif %}
-          </li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no label in this club account.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-

accounting/templates/accounting/operation_edit.jinja

@@ -1,123 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Edit operation{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.club_account.bank_account.id) }}">{{object.club_account.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.club_account.id) }}">{{ object.club_account }}</a> >
-      <a href="{{ url('accounting:journal_details', j_id=object.id) }}">{{ object.name }}</a> >
-      {% trans %}Edit operation{% endtrans %}
-    </p>
-    <hr>
-    <h2>{% trans %}Edit operation{% endtrans %}</h2>
-    <form action="" method="post">
-      {% csrf_token %}
-      {{ form.non_field_errors() }}
-      {{ form.journal }}
-      {{ form.target_id }}
-      <p>{{ form.amount.errors }}<label for="{{ form.amount.name }}">{{ form.amount.label }}</label> {{ form.amount }}</p>
-      <p>{{ form.remark.errors }}<label for="{{ form.remark.name }}">{{ form.remark.label }}</label> {{ form.remark }}</p>
-      <br />
-      <strong>{% trans %}Warning: if you select <em>Account</em>, the opposite operation will be created in the target account. If you don't want that, select <em>Club</em> instead of <em>Account</em>.{% endtrans %}</strong>
-      <p>{{ form.target_type.errors }}<label for="{{ form.target_type.name }}">{{ form.target_type.label }}</label> {{ form.target_type }}</p>
-      {{ form.user }}
-      {{ form.club }}
-      {{ form.club_account }}
-      {{ form.company }}
-      {{ form.target_label }}
-      <span id="id_need_link_full"><label>{{ form.need_link.label }}</label> {{ form.need_link }}</span>
-      <p>{{ form.date.errors }}<label for="{{ form.date.name }}">{{ form.date.label }}</label> {{ form.date }}</p>
-      <p>{{ form.mode.errors }}<label for="{{ form.mode.name }}">{{ form.mode.label }}</label> {{ form.mode }}</p>
-      <p>{{ form.cheque_number.errors }}<label for="{{ form.cheque_number.name }}">{{ form.cheque_number.label }}</label> {{
-        form.cheque_number }}</p>
-      <p>{{ form.invoice.errors }}<label for="{{ form.invoice.name }}">{{ form.invoice.label }}</label> {{ form.invoice }}</p>
-      <p>{{ form.simpleaccounting_type.errors }}<label for="{{ form.simpleaccounting_type.name }}">{{
-        form.simpleaccounting_type.label }}</label> {{ form.simpleaccounting_type }}</p>
-      <p>{{ form.accounting_type.errors }}<label for="{{ form.accounting_type.name }}">{{ form.accounting_type.label }}</label> {{
-        form.accounting_type }}</p>
-      <p>{{ form.label.errors }}<label for="{{ form.label.name }}">{{ form.label.label }}</label> {{ form.label }}</p>
-      <p>{{ form.done.errors }}<label for="{{ form.done.name }}">{{ form.done.label }}</label> {{ form.done }}</p>
-      {% if form.instance.linked_operation %}
-        {% set obj = form.instance.linked_operation %}
-        <p><strong>{% trans %}Linked operation:{% endtrans %}</strong><br>
-          <a href="{{ url('accounting:bank_details', b_account_id=obj.journal.club_account.bank_account.id) }}">
-            {{obj.journal.club_account.bank_account }}</a> >
-          <a href="{{ url('accounting:club_details', c_account_id=obj.journal.club_account.id) }}">{{ obj.journal.club_account }}</a> >
-          <a href="{{ url('accounting:journal_details', j_id=obj.journal.id) }}">{{ obj.journal }}</a> >
-          n°{{ obj.number }}
-        </p>
-      {% endif %}
-      <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
-    </form>
-{% endblock %}
-
-{% block script %}
-  {{ super() }}
-  <script>
-    $( function() {
-      var target_type = $('#id_target_type');
-      var user = $('user-ajax-select');
-      var club = $('club-ajax-select');
-      var club_account = $('club-account-ajax-select');
-      var company = $('company-ajax-select');
-      var other = $('#id_target_label');
-      var need_link = $('#id_need_link_full');
-      function update_targets () {
-        if (target_type.val() == "USER") {
-          console.log(user);
-          user.show();
-          club.hide();
-          club_account.hide();
-          company.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "ACCOUNT") {
-          club_account.show();
-          need_link.show();
-          user.hide();
-          club.hide();
-          company.hide();
-          other.hide();
-        } else if (target_type.val() == "CLUB") {
-          club.show();
-          user.hide();
-          club_account.hide();
-          company.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "COMPANY") {
-          company.show();
-          user.hide();
-          club_account.hide();
-          club.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "OTHER") {
-          other.show();
-          user.hide();
-          club.hide();
-          club_account.hide();
-          company.hide();
-          need_link.hide();
-        } else {
-          company.hide();
-          user.hide();
-          club_account.hide();
-          club.hide();
-          other.hide();
-          need_link.hide();
-        }
-      }
-      update_targets();
-      target_type.change(update_targets);
-    } );
-  </script>
-  </div>
-{% endblock %}
-
-

accounting/templates/accounting/simplifiedaccountingtype_list.jinja

@@ -1,27 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Simplified type list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {% trans %}Simplified types{% endtrans %}
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:simple_type_new') }}">{% trans %}New simplified type{% endtrans %}</a></p>
-    {% if simplifiedaccountingtype_list %}
-      <h3>{% trans %}Simplified type list{% endtrans %}</h3>
-      <ul>
-        {% for a in simplifiedaccountingtype_list  %}
-          <li><a href="{{ url('accounting:simple_type_edit', type_id=a.id) }}">{{ a }}</a></li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no types in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-

accounting/tests.py

@@ -1,293 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from datetime import date, timedelta
-
-from django.test import TestCase
-from django.urls import reverse
-
-from accounting.models import (
-    AccountingType,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-from core.models import User
-
-
-class TestRefoundAccount(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.skia = User.objects.get(username="skia")
-        # reffil skia's account
-        cls.skia.customer.amount = 800
-        cls.skia.customer.save()
-        cls.refound_account_url = reverse("accounting:refound_account")
-
-    def test_permission_denied(self):
-        self.client.force_login(User.objects.get(username="guy"))
-        response_post = self.client.post(
-            self.refound_account_url, {"user": self.skia.id}
-        )
-        response_get = self.client.get(self.refound_account_url)
-        assert response_get.status_code == 403
-        assert response_post.status_code == 403
-
-    def test_root_granteed(self):
-        self.client.force_login(User.objects.get(username="root"))
-        response = self.client.post(self.refound_account_url, {"user": self.skia.id})
-        self.assertRedirects(response, self.refound_account_url)
-        self.skia.refresh_from_db()
-        response = self.client.get(self.refound_account_url)
-        assert response.status_code == 200
-        assert '<form action="" method="post">' in str(response.content)
-        assert self.skia.customer.amount == 0
-
-    def test_comptable_granteed(self):
-        self.client.force_login(User.objects.get(username="comptable"))
-        response = self.client.post(self.refound_account_url, {"user": self.skia.id})
-        self.assertRedirects(response, self.refound_account_url)
-        self.skia.refresh_from_db()
-        response = self.client.get(self.refound_account_url)
-        assert response.status_code == 200
-        assert '<form action="" method="post">' in str(response.content)
-        assert self.skia.customer.amount == 0
-
-
-class TestJournal(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.journal = GeneralJournal.objects.get(id=1)
-
-    def test_permission_granted(self):
-        self.client.force_login(User.objects.get(username="comptable"))
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-
-        assert response_get.status_code == 200
-        assert "<td>M\\xc3\\xa9thode de paiement</td>" in str(response_get.content)
-
-    def test_permission_not_granted(self):
-        self.client.force_login(User.objects.get(username="skia"))
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-
-        assert response_get.status_code == 403
-        assert "<td>M\xc3\xa9thode de paiement</td>" not in str(response_get.content)
-
-
-class TestOperation(TestCase):
-    def setUp(self):
-        self.tomorrow_formatted = (date.today() + timedelta(days=1)).strftime(
-            "%d/%m/%Y"
-        )
-        self.journal = GeneralJournal.objects.filter(id=1).first()
-        self.skia = User.objects.filter(username="skia").first()
-        at = AccountingType(
-            code="443", label="Ce code n'existe pas", movement_type="CREDIT"
-        )
-        at.save()
-        label = Label.objects.create(club_account=self.journal.club_account, name="bob")
-        self.client.force_login(User.objects.get(username="comptable"))
-        self.op1 = Operation(
-            journal=self.journal,
-            date=date.today(),
-            amount=1,
-            remark="Test bilan",
-            mode="CASH",
-            done=True,
-            label=label,
-            accounting_type=at,
-            target_type="USER",
-            target_id=self.skia.id,
-        )
-        self.op1.save()
-        self.op2 = Operation(
-            journal=self.journal,
-            date=date.today(),
-            amount=2,
-            remark="Test bilan",
-            mode="CASH",
-            done=True,
-            label=label,
-            accounting_type=at,
-            target_type="USER",
-            target_id=self.skia.id,
-        )
-        self.op2.save()
-
-    def test_new_operation(self):
-        at = AccountingType.objects.get(code="604")
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de la nuit",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": at.id,
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertFalse(response.status_code == 403)
-        self.assertTrue(
-            self.journal.operations.filter(
-                target_label="Le fantome de la nuit"
-            ).exists()
-        )
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-        self.assertTrue("<td>Le fantome de la nuit</td>" in str(response_get.content))
-
-    def test_bad_new_operation(self):
-        AccountingType.objects.get(code="604")
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de la nuit",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": "",
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertTrue(
-            "Vous devez fournir soit un type comptable simplifi\\xc3\\xa9 ou un type comptable standard"
-            in str(response.content)
-        )
-
-    def test_new_operation_not_authorized(self):
-        self.client.force_login(self.skia)
-        at = AccountingType.objects.filter(code="604").first()
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome du jour",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": at.id,
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertTrue(response.status_code == 403)
-        self.assertFalse(
-            self.journal.operations.filter(target_label="Le fantome du jour").exists()
-        )
-
-    def test__operation_simple_accounting(self):
-        sat = SimplifiedAccountingType.objects.all().first()
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 23,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de l'aurore",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": sat.id,
-                "accounting_type": "",
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertFalse(response.status_code == 403)
-        self.assertTrue(self.journal.operations.filter(amount=23).exists())
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-        self.assertTrue(
-            "<td>Le fantome de l&#39;aurore</td>" in str(response_get.content)
-        )
-        self.assertTrue(
-            self.journal.operations.filter(amount=23)
-            .values("accounting_type")
-            .first()["accounting_type"]
-            == AccountingType.objects.filter(code=6).values("id").first()["id"]
-        )
-
-    def test_nature_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_nature_statement", args=[self.journal.id])
-        )
-        self.assertContains(response, "bob (Troll Penché) : 3.00", status_code=200)
-
-    def test_person_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_person_statement", args=[self.journal.id])
-        )
-        self.assertContains(response, "Total : 5575.72", status_code=200)
-        self.assertContains(response, "Total : 71.42")
-        content = response.content.decode()
-        self.assertInHTML(
-            """<td><a href="/user/1/">S&#39; Kia</a></td><td>3.00</td>""", content
-        )
-        self.assertInHTML(
-            """<td><a href="/user/1/">S&#39; Kia</a></td><td>823.00</td>""", content
-        )
-
-    def test_accounting_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_accounting_statement", args=[self.journal.id])
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            """
-            <tr>
-                <td>443 - Crédit - Ce code n&#39;existe pas</td>
-                <td>3.00</td>
-            </tr>""",
-            response.content.decode(),
-        )
-        self.assertContains(
-            response,
-            """
-    <p><strong>Montant : </strong>-5504.30 €</p>
-    <p><strong>Montant effectif: </strong>-5504.30 €</p>""",
-        )

accounting/urls.py

@@ -1,173 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from django.urls import path
-
-from accounting.views import (
-    AccountingTypeCreateView,
-    AccountingTypeEditView,
-    AccountingTypeListView,
-    BankAccountCreateView,
-    BankAccountDeleteView,
-    BankAccountDetailView,
-    BankAccountEditView,
-    BankAccountListView,
-    ClubAccountCreateView,
-    ClubAccountDeleteView,
-    ClubAccountDetailView,
-    ClubAccountEditView,
-    CompanyCreateView,
-    CompanyEditView,
-    CompanyListView,
-    JournalAccountingStatementView,
-    JournalCreateView,
-    JournalDeleteView,
-    JournalDetailView,
-    JournalEditView,
-    JournalNatureStatementView,
-    JournalPersonStatementView,
-    LabelCreateView,
-    LabelDeleteView,
-    LabelEditView,
-    LabelListView,
-    OperationCreateView,
-    OperationEditView,
-    OperationPDFView,
-    RefoundAccountView,
-    SimplifiedAccountingTypeCreateView,
-    SimplifiedAccountingTypeEditView,
-    SimplifiedAccountingTypeListView,
-)
-
-urlpatterns = [
-    # Accounting types
-    path(
-        "simple_type/",
-        SimplifiedAccountingTypeListView.as_view(),
-        name="simple_type_list",
-    ),
-    path(
-        "simple_type/create/",
-        SimplifiedAccountingTypeCreateView.as_view(),
-        name="simple_type_new",
-    ),
-    path(
-        "simple_type/<int:type_id>/edit/",
-        SimplifiedAccountingTypeEditView.as_view(),
-        name="simple_type_edit",
-    ),
-    # Accounting types
-    path("type/", AccountingTypeListView.as_view(), name="type_list"),
-    path("type/create/", AccountingTypeCreateView.as_view(), name="type_new"),
-    path(
-        "type/<int:type_id>/edit/",
-        AccountingTypeEditView.as_view(),
-        name="type_edit",
-    ),
-    # Bank accounts
-    path("", BankAccountListView.as_view(), name="bank_list"),
-    path("bank/create", BankAccountCreateView.as_view(), name="bank_new"),
-    path(
-        "bank/<int:b_account_id>/",
-        BankAccountDetailView.as_view(),
-        name="bank_details",
-    ),
-    path(
-        "bank/<int:b_account_id>/edit/",
-        BankAccountEditView.as_view(),
-        name="bank_edit",
-    ),
-    path(
-        "bank/<int:b_account_id>/delete/",
-        BankAccountDeleteView.as_view(),
-        name="bank_delete",
-    ),
-    # Club accounts
-    path("club/create/", ClubAccountCreateView.as_view(), name="club_new"),
-    path(
-        "club/<int:c_account_id>/",
-        ClubAccountDetailView.as_view(),
-        name="club_details",
-    ),
-    path(
-        "club/<int:c_account_id>/edit/",
-        ClubAccountEditView.as_view(),
-        name="club_edit",
-    ),
-    path(
-        "club/<int:c_account_id>/delete/",
-        ClubAccountDeleteView.as_view(),
-        name="club_delete",
-    ),
-    # Journals
-    path("journal/create/", JournalCreateView.as_view(), name="journal_new"),
-    path(
-        "journal/<int:j_id>/",
-        JournalDetailView.as_view(),
-        name="journal_details",
-    ),
-    path(
-        "journal/<int:j_id>/edit/",
-        JournalEditView.as_view(),
-        name="journal_edit",
-    ),
-    path(
-        "journal/<int:j_id>/delete/",
-        JournalDeleteView.as_view(),
-        name="journal_delete",
-    ),
-    path(
-        "journal/<int:j_id>/statement/nature/",
-        JournalNatureStatementView.as_view(),
-        name="journal_nature_statement",
-    ),
-    path(
-        "journal/<int:j_id>/statement/person/",
-        JournalPersonStatementView.as_view(),
-        name="journal_person_statement",
-    ),
-    path(
-        "journal/<int:j_id>/statement/accounting/",
-        JournalAccountingStatementView.as_view(),
-        name="journal_accounting_statement",
-    ),
-    # Operations
-    path(
-        "operation/create/<int:j_id>/",
-        OperationCreateView.as_view(),
-        name="op_new",
-    ),
-    path("operation/<int:op_id>/", OperationEditView.as_view(), name="op_edit"),
-    path("operation/<int:op_id>/pdf/", OperationPDFView.as_view(), name="op_pdf"),
-    # Companies
-    path("company/list/", CompanyListView.as_view(), name="co_list"),
-    path("company/create/", CompanyCreateView.as_view(), name="co_new"),
-    path("company/<int:co_id>/", CompanyEditView.as_view(), name="co_edit"),
-    # Labels
-    path("label/new/", LabelCreateView.as_view(), name="label_new"),
-    path(
-        "label/<int:clubaccount_id>/",
-        LabelListView.as_view(),
-        name="label_list",
-    ),
-    path("label/<int:label_id>/edit/", LabelEditView.as_view(), name="label_edit"),
-    path(
-        "label/<int:label_id>/delete/",
-        LabelDeleteView.as_view(),
-        name="label_delete",
-    ),
-    # User account
-    path("refound/account/", RefoundAccountView.as_view(), name="refound_account"),
-]

accounting/views.py

@@ -1,901 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-import collections
-
-from django import forms
-from django.conf import settings
-from django.core.exceptions import PermissionDenied, ValidationError
-from django.db import transaction
-from django.db.models import Sum
-from django.forms import HiddenInput
-from django.forms.models import modelform_factory
-from django.http import HttpResponse
-from django.urls import reverse, reverse_lazy
-from django.utils.translation import gettext_lazy as _
-from django.views.generic import DetailView, ListView
-from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateView
-
-from accounting.models import (
-    AccountingType,
-    BankAccount,
-    ClubAccount,
-    Company,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-from accounting.widgets.select import (
-    AutoCompleteSelectClubAccount,
-    AutoCompleteSelectCompany,
-)
-from club.models import Club
-from club.widgets.select import AutoCompleteSelectClub
-from core.models import User
-from core.views import (
-    CanCreateMixin,
-    CanEditMixin,
-    CanEditPropMixin,
-    CanViewMixin,
-    TabedViewMixin,
-)
-from core.views.forms import SelectDate, SelectFile
-from core.views.widgets.select import AutoCompleteSelectUser
-from counter.models import Counter, Product, Selling
-
-# Main accounting view
-
-
-class BankAccountListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = BankAccount
-    template_name = "accounting/bank_account_list.jinja"
-    ordering = ["name"]
-
-
-# Simplified accounting types
-
-
-class SimplifiedAccountingTypeListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = SimplifiedAccountingType
-    template_name = "accounting/simplifiedaccountingtype_list.jinja"
-
-
-class SimplifiedAccountingTypeEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = SimplifiedAccountingType
-    pk_url_kwarg = "type_id"
-    fields = ["label", "accounting_type"]
-    template_name = "core/edit.jinja"
-
-
-class SimplifiedAccountingTypeCreateView(CanCreateMixin, CreateView):
-    """Create an accounting type (for the admins)."""
-
-    model = SimplifiedAccountingType
-    fields = ["label", "accounting_type"]
-    template_name = "core/create.jinja"
-
-
-# Accounting types
-
-
-class AccountingTypeListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = AccountingType
-    template_name = "accounting/accountingtype_list.jinja"
-
-
-class AccountingTypeEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = AccountingType
-    pk_url_kwarg = "type_id"
-    fields = ["code", "label", "movement_type"]
-    template_name = "core/edit.jinja"
-
-
-class AccountingTypeCreateView(CanCreateMixin, CreateView):
-    """Create an accounting type (for the admins)."""
-
-    model = AccountingType
-    fields = ["code", "label", "movement_type"]
-    template_name = "core/create.jinja"
-
-
-# BankAccount views
-
-
-class BankAccountEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    fields = ["name", "iban", "number", "club"]
-    template_name = "core/edit.jinja"
-
-
-class BankAccountDetailView(CanViewMixin, DetailView):
-    """A detail view, listing every club account."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    template_name = "accounting/bank_account_details.jinja"
-
-
-class BankAccountCreateView(CanCreateMixin, CreateView):
-    """Create a bank account (for the admins)."""
-
-    model = BankAccount
-    fields = ["name", "club", "iban", "number"]
-    template_name = "core/create.jinja"
-
-
-class BankAccountDeleteView(
-    CanEditPropMixin, DeleteView
-):  # TODO change Delete to Close
-    """Delete a bank account (for the admins)."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:bank_list")
-
-
-# ClubAccount views
-
-
-class ClubAccountEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    fields = ["name", "club", "bank_account"]
-    template_name = "core/edit.jinja"
-
-
-class ClubAccountDetailView(CanViewMixin, DetailView):
-    """A detail view, listing every journal."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    template_name = "accounting/club_account_details.jinja"
-
-
-class ClubAccountCreateView(CanCreateMixin, CreateView):
-    """Create a club account (for the admins)."""
-
-    model = ClubAccount
-    fields = ["name", "club", "bank_account"]
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = BankAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["bank_account"] = obj.id
-        return ret
-
-
-class ClubAccountDeleteView(
-    CanEditPropMixin, DeleteView
-):  # TODO change Delete to Close
-    """Delete a club account (for the admins)."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:bank_list")
-
-
-# Journal views
-
-
-class JournalTabsMixin(TabedViewMixin):
-    def get_tabs_title(self):
-        return _("Journal")
-
-    def get_list_of_tabs(self):
-        tab_list = []
-        tab_list.append(
-            {
-                "url": reverse(
-                    "accounting:journal_details", kwargs={"j_id": self.object.id}
-                ),
-                "slug": "journal",
-                "name": _("Journal"),
-            }
-        )
-        tab_list.append(
-            {
-                "url": reverse(
-                    "accounting:journal_nature_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "nature_statement",
-                "name": _("Statement by nature"),
-            }
-        )
-        tab_list.append(
-            {
-                "url": reverse(
-                    "accounting:journal_person_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "person_statement",
-                "name": _("Statement by person"),
-            }
-        )
-        tab_list.append(
-            {
-                "url": reverse(
-                    "accounting:journal_accounting_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "accounting_statement",
-                "name": _("Accounting statement"),
-            }
-        )
-        return tab_list
-
-
-class JournalCreateView(CanCreateMixin, CreateView):
-    """Create a general journal."""
-
-    model = GeneralJournal
-    form_class = modelform_factory(
-        GeneralJournal,
-        fields=["name", "start_date", "club_account"],
-        widgets={"start_date": SelectDate},
-    )
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = ClubAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["club_account"] = obj.id
-        return ret
-
-
-class JournalDetailView(JournalTabsMixin, CanViewMixin, DetailView):
-    """A detail view, listing every operation."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_details.jinja"
-    current_tab = "journal"
-
-
-class JournalEditView(CanEditMixin, UpdateView):
-    """Update a general journal."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    fields = ["name", "start_date", "end_date", "club_account", "closed"]
-    template_name = "core/edit.jinja"
-
-
-class JournalDeleteView(CanEditPropMixin, DeleteView):
-    """Delete a club account (for the admins)."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:club_details")
-
-    def dispatch(self, request, *args, **kwargs):
-        self.object = self.get_object()
-        if self.object.operations.count() == 0:
-            return super().dispatch(request, *args, **kwargs)
-        else:
-            raise PermissionDenied
-
-
-# Operation views
-
-
-class OperationForm(forms.ModelForm):
-    class Meta:
-        model = Operation
-        fields = [
-            "amount",
-            "remark",
-            "journal",
-            "target_type",
-            "target_id",
-            "target_label",
-            "date",
-            "mode",
-            "cheque_number",
-            "invoice",
-            "simpleaccounting_type",
-            "accounting_type",
-            "label",
-            "done",
-        ]
-        widgets = {
-            "journal": HiddenInput,
-            "target_id": HiddenInput,
-            "date": SelectDate,
-            "invoice": SelectFile,
-        }
-
-    user = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectUser,
-        queryset=User.objects.all(),
-    )
-    club_account = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectClubAccount,
-        queryset=ClubAccount.objects.all(),
-    )
-    club = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectClub,
-        queryset=Club.objects.all(),
-    )
-    company = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectCompany,
-        queryset=Company.objects.all(),
-    )
-    need_link = forms.BooleanField(
-        label=_("Link this operation to the target account"),
-        required=False,
-        initial=False,
-    )
-
-    def __init__(self, *args, **kwargs):
-        club_account = kwargs.pop("club_account", None)
-        super().__init__(*args, **kwargs)
-        if club_account:
-            self.fields["label"].queryset = club_account.labels.order_by("name").all()
-        if self.instance.target_type == "USER":
-            self.fields["user"].initial = self.instance.target_id
-        elif self.instance.target_type == "ACCOUNT":
-            self.fields["club_account"].initial = self.instance.target_id
-        elif self.instance.target_type == "CLUB":
-            self.fields["club"].initial = self.instance.target_id
-        elif self.instance.target_type == "COMPANY":
-            self.fields["company"].initial = self.instance.target_id
-
-    def clean(self):
-        self.cleaned_data = super().clean()
-        if "target_type" in self.cleaned_data:
-            if (
-                self.cleaned_data.get("user") is None
-                and self.cleaned_data.get("club") is None
-                and self.cleaned_data.get("club_account") is None
-                and self.cleaned_data.get("company") is None
-                and self.cleaned_data.get("target_label") == ""
-            ):
-                self.add_error(
-                    "target_type", ValidationError(_("The target must be set."))
-                )
-            else:
-                if self.cleaned_data["target_type"] == "USER":
-                    self.cleaned_data["target_id"] = self.cleaned_data["user"].id
-                elif self.cleaned_data["target_type"] == "ACCOUNT":
-                    self.cleaned_data["target_id"] = self.cleaned_data[
-                        "club_account"
-                    ].id
-                elif self.cleaned_data["target_type"] == "CLUB":
-                    self.cleaned_data["target_id"] = self.cleaned_data["club"].id
-                elif self.cleaned_data["target_type"] == "COMPANY":
-                    self.cleaned_data["target_id"] = self.cleaned_data["company"].id
-
-        if self.cleaned_data.get("amount") is None:
-            self.add_error("amount", ValidationError(_("The amount must be set.")))
-
-        return self.cleaned_data
-
-    def save(self):
-        ret = super().save()
-        if (
-            self.instance.target_type == "ACCOUNT"
-            and not self.instance.linked_operation
-            and self.instance.target.has_open_journal()
-            and self.cleaned_data["need_link"]
-        ):
-            inst = self.instance
-            club_account = inst.target
-            acc_type = (
-                AccountingType.objects.exclude(movement_type="NEUTRAL")
-                .exclude(movement_type=inst.accounting_type.movement_type)
-                .order_by("code")
-                .first()
-            )  # Select a random opposite accounting type
-            op = Operation(
-                journal=club_account.get_open_journal(),
-                amount=inst.amount,
-                date=inst.date,
-                remark=inst.remark,
-                mode=inst.mode,
-                cheque_number=inst.cheque_number,
-                invoice=inst.invoice,
-                done=False,  # Has to be checked by hand
-                simpleaccounting_type=None,
-                accounting_type=acc_type,
-                target_type="ACCOUNT",
-                target_id=inst.journal.club_account.id,
-                target_label="",
-                linked_operation=inst,
-            )
-            op.save()
-            self.instance.linked_operation = op
-            self.save()
-        return ret
-
-
-class OperationCreateView(CanCreateMixin, CreateView):
-    """Create an operation."""
-
-    model = Operation
-    form_class = OperationForm
-    template_name = "accounting/operation_edit.jinja"
-
-    def get_form(self, form_class=None):
-        self.journal = GeneralJournal.objects.filter(id=self.kwargs["j_id"]).first()
-        ca = self.journal.club_account if self.journal else None
-        return self.form_class(club_account=ca, **self.get_form_kwargs())
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if self.journal is not None:
-            ret["journal"] = self.journal.id
-        return ret
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        if self.journal:
-            kwargs["object"] = self.journal
-        return kwargs
-
-
-class OperationEditView(CanEditMixin, UpdateView):
-    """An edit view, working as detail for the moment."""
-
-    model = Operation
-    pk_url_kwarg = "op_id"
-    form_class = OperationForm
-    template_name = "accounting/operation_edit.jinja"
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["object"] = self.object.journal
-        return kwargs
-
-
-class OperationPDFView(CanViewMixin, DetailView):
-    """Display the PDF of a given operation."""
-
-    model = Operation
-    pk_url_kwarg = "op_id"
-
-    def get(self, request, *args, **kwargs):
-        from reportlab.lib import colors
-        from reportlab.lib.pagesizes import letter
-        from reportlab.lib.units import cm
-        from reportlab.lib.utils import ImageReader
-        from reportlab.pdfbase import pdfmetrics
-        from reportlab.pdfbase.ttfonts import TTFont
-        from reportlab.pdfgen import canvas
-        from reportlab.platypus import Table, TableStyle
-
-        pdfmetrics.registerFont(TTFont("DejaVu", "DejaVuSerif.ttf"))
-
-        self.object = self.get_object()
-        amount = self.object.amount
-        remark = self.object.remark
-        nature = self.object.accounting_type.movement_type
-        num = self.object.number
-        date = self.object.date
-        mode = self.object.mode
-        club_name = self.object.journal.club_account.name
-        ti = self.object.journal.name
-        op_label = self.object.label
-        club_address = self.object.journal.club_account.club.address
-        id_op = self.object.id
-
-        if self.object.target_type == "OTHER":
-            target = self.object.target_label
-        else:
-            target = self.object.target.get_display_name()
-
-        response = HttpResponse(content_type="application/pdf")
-        response["Content-Disposition"] = 'filename="op-%d(%s_on_%s).pdf"' % (
-            num,
-            ti,
-            club_name,
-        )
-        p = canvas.Canvas(response)
-
-        p.setFont("DejaVu", 12)
-
-        p.setTitle("%s %d" % (_("Operation"), num))
-        width, height = letter
-        im = ImageReader("core/static/core/img/logo.jpg")
-        iw, ih = im.getSize()
-        p.drawImage(im, 40, height - 50, width=iw / 2, height=ih / 2)
-
-        labelStr = [["%s %s - %s %s" % (_("Journal"), ti, _("Operation"), num)]]
-
-        label = Table(labelStr, colWidths=[150], rowHeights=[20])
-
-        label.setStyle(TableStyle([("ALIGN", (0, 0), (-1, -1), "RIGHT")]))
-        w, h = label.wrapOn(label, 0, 0)
-        label.drawOn(p, width - 180, height)
-
-        p.drawString(
-            90, height - 100, _("Financial proof: ") + "OP%010d" % (id_op)
-        )  # Justificatif du libellé
-        p.drawString(
-            90, height - 130, _("Club: %(club_name)s") % ({"club_name": club_name})
-        )
-        p.drawString(
-            90,
-            height - 160,
-            _("Label: %(op_label)s")
-            % {"op_label": op_label if op_label is not None else ""},
-        )
-        p.drawString(90, height - 190, _("Date: %(date)s") % {"date": date})
-
-        data = []
-
-        data += [
-            ["%s" % (_("Credit").upper() if nature == "CREDIT" else _("Debit").upper())]
-        ]
-
-        data += [[_("Amount: %(amount).2f €") % {"amount": amount}]]
-
-        payment_mode = ""
-        for m in settings.SITH_ACCOUNTING_PAYMENT_METHOD:
-            if m[0] == mode:
-                payment_mode += "[\u00d7]"
-            else:
-                payment_mode += "[  ]"
-            payment_mode += " %s\n" % (m[1])
-
-        data += [[payment_mode]]
-
-        data += [
-            [
-                "%s : %s"
-                % (_("Debtor") if nature == "CREDIT" else _("Creditor"), target),
-                "",
-            ]
-        ]
-
-        data += [["%s \n%s" % (_("Comment:"), remark)]]
-
-        t = Table(
-            data, colWidths=[(width - 90 * 2) / 2] * 2, rowHeights=[20, 20, 70, 20, 80]
-        )
-        t.setStyle(
-            TableStyle(
-                [
-                    ("ALIGN", (0, 0), (-1, -1), "CENTER"),
-                    ("VALIGN", (-2, -1), (-1, -1), "TOP"),
-                    ("VALIGN", (0, 0), (-1, -2), "MIDDLE"),
-                    ("INNERGRID", (0, 0), (-1, -1), 0.25, colors.black),
-                    ("SPAN", (0, 0), (1, 0)),  # line DEBIT/CREDIT
-                    ("SPAN", (0, 1), (1, 1)),  # line amount
-                    ("SPAN", (-2, -1), (-1, -1)),  # line comment
-                    ("SPAN", (0, -2), (-1, -2)),  # line creditor/debtor
-                    ("SPAN", (0, 2), (1, 2)),  # line payment_mode
-                    ("ALIGN", (0, 2), (1, 2), "LEFT"),  # line payment_mode
-                    ("ALIGN", (-2, -1), (-1, -1), "LEFT"),
-                    ("BOX", (0, 0), (-1, -1), 0.25, colors.black),
-                ]
-            )
-        )
-
-        signature = []
-        signature += [[_("Signature:")]]
-
-        tSig = Table(signature, colWidths=[(width - 90 * 2)], rowHeights=[80])
-        tSig.setStyle(
-            TableStyle(
-                [
-                    ("VALIGN", (0, 0), (-1, -1), "TOP"),
-                    ("BOX", (0, 0), (-1, -1), 0.25, colors.black),
-                ]
-            )
-        )
-
-        w, h = tSig.wrapOn(p, 0, 0)
-        tSig.drawOn(p, 90, 200)
-
-        w, h = t.wrapOn(p, 0, 0)
-
-        t.drawOn(p, 90, 350)
-
-        p.drawCentredString(10.5 * cm, 2 * cm, club_name)
-        p.drawCentredString(10.5 * cm, 1 * cm, club_address)
-
-        p.showPage()
-        p.save()
-        return response
-
-
-class JournalNatureStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Display a statement sorted by labels."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_nature.jinja"
-    current_tab = "nature_statement"
-
-    def statement(self, queryset, movement_type):
-        ret = collections.OrderedDict()
-        statement = collections.OrderedDict()
-        total_sum = 0
-        for sat in [
-            None,
-            *list(SimplifiedAccountingType.objects.order_by("label")),
-        ]:
-            amount = queryset.filter(
-                accounting_type__movement_type=movement_type, simpleaccounting_type=sat
-            ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-            label = sat.label if sat is not None else ""
-            if amount:
-                total_sum += amount
-                statement[label] = amount
-        ret[movement_type] = statement
-        ret[movement_type + "_sum"] = total_sum
-        return ret
-
-    def big_statement(self):
-        label_list = (
-            self.object.operations.order_by("label").values_list("label").distinct()
-        )
-        labels = Label.objects.filter(id__in=label_list).all()
-        statement = collections.OrderedDict()
-        gen_statement = collections.OrderedDict()
-        no_label_statement = collections.OrderedDict()
-        gen_statement.update(self.statement(self.object.operations.all(), "CREDIT"))
-        gen_statement.update(self.statement(self.object.operations.all(), "DEBIT"))
-        statement[_("General statement")] = gen_statement
-        no_label_statement.update(
-            self.statement(self.object.operations.filter(label=None).all(), "CREDIT")
-        )
-        no_label_statement.update(
-            self.statement(self.object.operations.filter(label=None).all(), "DEBIT")
-        )
-        statement[_("No label operations")] = no_label_statement
-        for label in labels:
-            l_stmt = collections.OrderedDict()
-            journals = self.object.operations.filter(label=label).all()
-            l_stmt.update(self.statement(journals, "CREDIT"))
-            l_stmt.update(self.statement(journals, "DEBIT"))
-            statement[label] = l_stmt
-        return statement
-
-    def get_context_data(self, **kwargs):
-        """Add infos to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["statement"] = self.big_statement()
-        return kwargs
-
-
-class JournalPersonStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Calculate a dictionary with operation target and sum of operations."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_person.jinja"
-    current_tab = "person_statement"
-
-    def sum_by_target(self, target_id, target_type, movement_type):
-        return self.object.operations.filter(
-            accounting_type__movement_type=movement_type,
-            target_id=target_id,
-            target_type=target_type,
-        ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-
-    def statement(self, movement_type):
-        statement = collections.OrderedDict()
-        for op in (
-            self.object.operations.filter(accounting_type__movement_type=movement_type)
-            .order_by("target_type", "target_id")
-            .distinct()
-        ):
-            statement[op.target] = self.sum_by_target(
-                op.target_id, op.target_type, movement_type
-            )
-        return statement
-
-    def total(self, movement_type):
-        return sum(self.statement(movement_type).values())
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["credit_statement"] = self.statement("CREDIT")
-        kwargs["debit_statement"] = self.statement("DEBIT")
-        kwargs["total_credit"] = self.total("CREDIT")
-        kwargs["total_debit"] = self.total("DEBIT")
-        return kwargs
-
-
-class JournalAccountingStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Calculate a dictionary with operation type and sum of operations."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_accounting.jinja"
-    current_tab = "accounting_statement"
-
-    def statement(self):
-        statement = collections.OrderedDict()
-        for at in AccountingType.objects.order_by("code").all():
-            sum_by_type = self.object.operations.filter(
-                accounting_type__code__startswith=at.code
-            ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-            if sum_by_type:
-                statement[at] = sum_by_type
-        return statement
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["statement"] = self.statement()
-        return kwargs
-
-
-# Company views
-
-
-class CompanyListView(CanViewMixin, ListView):
-    model = Company
-    template_name = "accounting/co_list.jinja"
-
-
-class CompanyCreateView(CanCreateMixin, CreateView):
-    """Create a company."""
-
-    model = Company
-    fields = ["name"]
-    template_name = "core/create.jinja"
-    success_url = reverse_lazy("accounting:co_list")
-
-
-class CompanyEditView(CanCreateMixin, UpdateView):
-    """Edit a company."""
-
-    model = Company
-    pk_url_kwarg = "co_id"
-    fields = ["name"]
-    template_name = "core/edit.jinja"
-    success_url = reverse_lazy("accounting:co_list")
-
-
-# Label views
-
-
-class LabelListView(CanViewMixin, DetailView):
-    model = ClubAccount
-    pk_url_kwarg = "clubaccount_id"
-    template_name = "accounting/label_list.jinja"
-
-
-class LabelCreateView(
-    CanCreateMixin, CreateView
-):  # FIXME we need to check the rights before creating the object
-    model = Label
-    form_class = modelform_factory(
-        Label, fields=["name", "club_account"], widgets={"club_account": HiddenInput}
-    )
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = ClubAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["club_account"] = obj.id
-        return ret
-
-
-class LabelEditView(CanEditMixin, UpdateView):
-    model = Label
-    pk_url_kwarg = "label_id"
-    fields = ["name"]
-    template_name = "core/edit.jinja"
-
-
-class LabelDeleteView(CanEditMixin, DeleteView):
-    model = Label
-    pk_url_kwarg = "label_id"
-    template_name = "core/delete_confirm.jinja"
-
-    def get_success_url(self):
-        return self.object.get_absolute_url()
-
-
-class CloseCustomerAccountForm(forms.Form):
-    user = forms.ModelChoiceField(
-        label=_("Refound this account"),
-        help_text=None,
-        required=True,
-        widget=AutoCompleteSelectUser,
-        queryset=User.objects.all(),
-    )
-
-
-class RefoundAccountView(FormView):
-    """Create a selling with the same amount than the current user money."""
-
-    template_name = "accounting/refound_account.jinja"
-    form_class = CloseCustomerAccountForm
-
-    def permission(self, user):
-        if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        else:
-            raise PermissionDenied
-
-    def dispatch(self, request, *arg, **kwargs):
-        res = super().dispatch(request, *arg, **kwargs)
-        if self.permission(request.user):
-            return res
-
-    def post(self, request, *arg, **kwargs):
-        self.operator = request.user
-        if self.permission(request.user):
-            return super().post(self, request, *arg, **kwargs)
-
-    def form_valid(self, form):
-        self.customer = form.cleaned_data["user"]
-        self.create_selling()
-        return super().form_valid(form)
-
-    def get_success_url(self):
-        return reverse("accounting:refound_account")
-
-    def create_selling(self):
-        with transaction.atomic():
-            uprice = self.customer.customer.amount
-            refound_club_counter = Counter.objects.get(
-                id=settings.SITH_COUNTER_REFOUND_ID
-            )
-            refound_club = refound_club_counter.club
-            s = Selling(
-                label=_("Refound account"),
-                unit_price=uprice,
-                quantity=1,
-                seller=self.operator,
-                customer=self.customer.customer,
-                club=refound_club,
-                counter=refound_club_counter,
-                product=Product.objects.get(id=settings.SITH_PRODUCT_REFOUND_ID),
-            )
-            s.save()

accounting/widgets/select.py

@@ -1,39 +0,0 @@
-from pydantic import TypeAdapter
-
-from accounting.models import ClubAccount, Company
-from accounting.schemas import ClubAccountSchema, CompanySchema
-from core.views.widgets.select import AutoCompleteSelect, AutoCompleteSelectMultiple
-
-_js = ["bundled/accounting/components/ajax-select-index.ts"]
-
-
-class AutoCompleteSelectClubAccount(AutoCompleteSelect):
-    component_name = "club-account-ajax-select"
-    model = ClubAccount
-    adapter = TypeAdapter(list[ClubAccountSchema])
-
-    js = _js
-
-
-class AutoCompleteSelectMultipleClubAccount(AutoCompleteSelectMultiple):
-    component_name = "club-account-ajax-select"
-    model = ClubAccount
-    adapter = TypeAdapter(list[ClubAccountSchema])
-
-    js = _js
-
-
-class AutoCompleteSelectCompany(AutoCompleteSelect):
-    component_name = "company-ajax-select"
-    model = Company
-    adapter = TypeAdapter(list[CompanySchema])
-
-    js = _js
-
-
-class AutoCompleteSelectMultipleCompany(AutoCompleteSelectMultiple):
-    component_name = "company-ajax-select"
-    model = Company
-    adapter = TypeAdapter(list[CompanySchema])
-
-    js = _js

antispam/forms.py

@@ -1,5 +1,3 @@
-import re
-
 from django import forms
 from django.core.validators import EmailValidator
 from django.utils.translation import gettext_lazy as _
@@ -7,12 +5,18 @@ from django.utils.translation import gettext_lazy as _
 from antispam.models import ToxicDomain
 
 
+class AntiSpamEmailValidator(EmailValidator):
+    def __call__(self, value: str):
+        super().__call__(value)
+        domain_part = value.rsplit("@", 1)[1]
+        if ToxicDomain.objects.filter(domain=domain_part).exists():
+            raise forms.ValidationError(_("Email domain is not allowed."))
+
+
+validate_antispam_email = AntiSpamEmailValidator()
+
+
 class AntiSpamEmailField(forms.EmailField):
     """An email field that email addresses with a known toxic domain."""
 
-    def run_validators(self, value: str):
-        super().run_validators(value)
-        # Domain part should exist since email validation is guaranteed to run first
-        domain = re.search(EmailValidator.domain_regex, value)
-        if ToxicDomain.objects.filter(domain=domain[0]).exists():
-            raise forms.ValidationError(_("Email domain is not allowed."))
+    default_validators = [validate_antispam_email]

antispam/management/commands/update_spam_database.py

@@ -34,7 +34,7 @@ class Command(BaseCommand):
                     f"Source {provider} responded with code {res.status_code}"
                 )
                 continue
-            domains |= set(res.content.decode().splitlines())
+            domains |= set(res.text.splitlines())
         return domains
 
     def _update_domains(self, domains: set[str]):

api/admin.py

@@ -0,0 +1,55 @@
+from django.contrib import admin, messages
+from django.db.models import QuerySet
+from django.http import HttpRequest
+from django.utils.translation import gettext_lazy as _
+
+from api.hashers import generate_key
+from api.models import ApiClient, ApiKey
+
+
+@admin.register(ApiClient)
+class ApiClientAdmin(admin.ModelAdmin):
+    list_display = ("name", "owner", "created_at", "updated_at")
+    search_fields = (
+        "name",
+        "owner__first_name",
+        "owner__last_name",
+        "owner__nick_name",
+    )
+    autocomplete_fields = ("owner", "groups", "client_permissions")
+
+
+@admin.register(ApiKey)
+class ApiKeyAdmin(admin.ModelAdmin):
+    list_display = ("name", "client", "created_at", "revoked")
+    list_filter = ("revoked",)
+    date_hierarchy = "created_at"
+
+    readonly_fields = ("prefix", "hashed_key")
+    actions = ("revoke_keys",)
+
+    def save_model(self, request: HttpRequest, obj: ApiKey, form, change):
+        if not change:
+            key, hashed = generate_key()
+            obj.prefix = key[: ApiKey.PREFIX_LENGTH]
+            obj.hashed_key = hashed
+            self.message_user(
+                request,
+                _(
+                    "The API key for %(name)s is: %(key)s. "
+                    "Please store it somewhere safe: "
+                    "you will not be able to see it again."
+                )
+                % {"name": obj.name, "key": key},
+                level=messages.WARNING,
+            )
+        return super().save_model(request, obj, form, change)
+
+    def get_readonly_fields(self, request, obj: ApiKey | None = None):
+        if obj is None or obj.revoked:
+            return ["revoked", *self.readonly_fields]
+        return self.readonly_fields
+
+    @admin.action(description=_("Revoke selected API keys"))
+    def revoke_keys(self, _request: HttpRequest, queryset: QuerySet[ApiKey]):
+        queryset.update(revoked=True)

api/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ApiConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "api"

api/auth.py

@@ -0,0 +1,20 @@
+from django.http import HttpRequest
+from ninja.security import APIKeyHeader
+
+from api.hashers import get_hasher
+from api.models import ApiClient, ApiKey
+
+
+class ApiKeyAuth(APIKeyHeader):
+    param_name = "X-APIKey"
+
+    def authenticate(self, request: HttpRequest, key: str | None) -> ApiClient | None:
+        if not key or len(key) != ApiKey.KEY_LENGTH:
+            return None
+        hasher = get_hasher()
+        hashed_key = hasher.encode(key)
+        try:
+            key_obj = ApiKey.objects.get(revoked=False, hashed_key=hashed_key)
+        except ApiKey.DoesNotExist:
+            return None
+        return key_obj.client

api/hashers.py

@@ -0,0 +1,43 @@
+import functools
+import hashlib
+import secrets
+
+from django.contrib.auth.hashers import BasePasswordHasher
+from django.utils.crypto import constant_time_compare
+
+
+class Sha512ApiKeyHasher(BasePasswordHasher):
+    """
+    An API key hasher using the sha256 algorithm.
+
+    This hasher shouldn't be used in Django's `PASSWORD_HASHERS` setting.
+    It is insecure for use in hashing passwords, but is safe for hashing
+    high entropy, randomly generated API keys.
+    """
+
+    algorithm = "sha512"
+
+    def salt(self) -> str:
+        # No need for a salt on a high entropy key.
+        return ""
+
+    def encode(self, password: str, salt: str = "") -> str:
+        hashed = hashlib.sha512(password.encode()).hexdigest()
+        return f"{self.algorithm}$${hashed}"
+
+    def verify(self, password: str, encoded: str) -> bool:
+        encoded_2 = self.encode(password, "")
+        return constant_time_compare(encoded, encoded_2)
+
+
+@functools.cache
+def get_hasher():
+    return Sha512ApiKeyHasher()
+
+
+def generate_key() -> tuple[str, str]:
+    """Generate a [key, hash] couple."""
+    # this will result in key with a length of 72
+    key = str(secrets.token_urlsafe(54))
+    hasher = get_hasher()
+    return key, hasher.encode(key)

api/migrations/0001_initial.py

@@ -0,0 +1,113 @@
+# Generated by Django 5.2 on 2025-06-01 08:53
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        ("auth", "0012_alter_user_first_name_max_length"),
+        ("core", "0046_permissionrights"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ApiClient",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("name", models.CharField(max_length=64, verbose_name="name")),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                (
+                    "client_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this api client.",
+                        related_name="clients",
+                        to="auth.permission",
+                        verbose_name="client permissions",
+                    ),
+                ),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        related_name="api_clients",
+                        to="core.group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "owner",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="api_clients",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="owner",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "api client",
+                "verbose_name_plural": "api clients",
+            },
+        ),
+        migrations.CreateModel(
+            name="ApiKey",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("name", models.CharField(blank=True, default="", verbose_name="name")),
+                (
+                    "prefix",
+                    models.CharField(
+                        editable=False, max_length=5, verbose_name="prefix"
+                    ),
+                ),
+                (
+                    "hashed_key",
+                    models.CharField(
+                        db_index=True,
+                        editable=False,
+                        max_length=136,
+                        verbose_name="hashed key",
+                    ),
+                ),
+                ("revoked", models.BooleanField(default=False, verbose_name="revoked")),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                (
+                    "client",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="api_keys",
+                        to="api.apiclient",
+                        verbose_name="api client",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "api key",
+                "verbose_name_plural": "api keys",
+                "permissions": [("revoke_apikey", "Revoke API keys")],
+            },
+        ),
+    ]

api/models.py

@@ -0,0 +1,94 @@
+from typing import Iterable
+
+from django.contrib.auth.models import Permission
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+from django.utils.translation import pgettext_lazy
+
+from core.models import Group, User
+
+
+class ApiClient(models.Model):
+    name = models.CharField(_("name"), max_length=64)
+    owner = models.ForeignKey(
+        User,
+        verbose_name=_("owner"),
+        related_name="api_clients",
+        on_delete=models.CASCADE,
+    )
+    groups = models.ManyToManyField(
+        Group, verbose_name=_("groups"), related_name="api_clients", blank=True
+    )
+    client_permissions = models.ManyToManyField(
+        Permission,
+        verbose_name=_("client permissions"),
+        blank=True,
+        help_text=_("Specific permissions for this api client."),
+        related_name="clients",
+    )
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    _perm_cache: set[str] | None = None
+
+    class Meta:
+        verbose_name = _("api client")
+        verbose_name_plural = _("api clients")
+
+    def __str__(self):
+        return self.name
+
+    def has_perm(self, perm: str):
+        """Return True if the client has the specified permission."""
+
+        if self._perm_cache is None:
+            group_permissions = (
+                Permission.objects.filter(group__group__in=self.groups.all())
+                .values_list("content_type__app_label", "codename")
+                .order_by()
+            )
+            client_permissions = self.client_permissions.values_list(
+                "content_type__app_label", "codename"
+            ).order_by()
+            self._perm_cache = {
+                f"{content_type}.{name}"
+                for content_type, name in (*group_permissions, *client_permissions)
+            }
+        return perm in self._perm_cache
+
+    def has_perms(self, perm_list):
+        """
+        Return True if the client has each of the specified permissions. If
+        object is passed, check if the client has all required perms for it.
+        """
+        if not isinstance(perm_list, Iterable) or isinstance(perm_list, str):
+            raise ValueError("perm_list must be an iterable of permissions.")
+        return all(self.has_perm(perm) for perm in perm_list)
+
+
+class ApiKey(models.Model):
+    PREFIX_LENGTH = 5
+    KEY_LENGTH = 72
+    HASHED_KEY_LENGTH = 136
+
+    name = models.CharField(_("name"), blank=True, default="")
+    prefix = models.CharField(_("prefix"), max_length=PREFIX_LENGTH, editable=False)
+    hashed_key = models.CharField(
+        _("hashed key"), max_length=HASHED_KEY_LENGTH, db_index=True, editable=False
+    )
+    client = models.ForeignKey(
+        ApiClient,
+        verbose_name=_("api client"),
+        related_name="api_keys",
+        on_delete=models.CASCADE,
+    )
+    revoked = models.BooleanField(pgettext_lazy("api key", "revoked"), default=False)
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    class Meta:
+        verbose_name = _("api key")
+        verbose_name_plural = _("api keys")
+        permissions = [("revoke_apikey", "Revoke API keys")]
+
+    def __str__(self):
+        return f"{self.name} ({self.prefix}***)"

api/permissions.py

@@ -3,7 +3,8 @@
 Some permissions are global (like `IsInGroup` or `IsRoot`),
 and some others are per-object (like `CanView` or `CanEdit`).
 
-Examples:
+Example:
+    ```python
     # restrict all the routes of this controller
     # to subscribed users
     @api_controller("/foo", permissions=[IsSubscriber])
@@ -33,10 +34,14 @@ Examples:
         ]
         def bar_delete(self, bar_id: int):
             # ...
+    ```
 """
 
-from typing import Any
+import operator
+from functools import reduce
+from typing import Any, Callable
 
+from django.contrib.auth.models import Permission
 from django.http import HttpRequest
 from ninja_extra import ControllerBase
 from ninja_extra.permissions import BasePermission
@@ -54,6 +59,60 @@ class IsInGroup(BasePermission):
         return request.user.is_in_group(pk=self._group_pk)
 
 
+class HasPerm(BasePermission):
+    """Check that the user has the required perm.
+
+    If multiple perms are given, a comparer function can also be passed,
+    in order to change the way perms are checked.
+
+    Example:
+        ```python
+        @api_controller("/foo")
+        class FooController(ControllerBase):
+            # this route will require both permissions
+            @route.put("/foo", permissions=[HasPerm(["foo.change_foo", "foo.add_foo"])]
+            def foo(self): ...
+
+            # This route will require at least one of the perm,
+            # but it's not mandatory to have all of them
+            @route.put(
+                "/bar",
+                permissions=[HasPerm(["foo.change_bar", "foo.add_bar"], op=operator.or_)],
+            )
+            def bar(self): ...
+        ```
+    """
+
+    def __init__(
+        self,
+        perms: str | Permission | list[str | Permission],
+        op: Callable[[bool, bool], bool] = operator.and_,
+    ):
+        """
+        Args:
+            perms: a permission or a list of permissions the user must have
+            op: An operator to combine multiple permissions (in most cases,
+                it will be either `operator.and_` or `operator.or_`)
+        """
+        super().__init__()
+        if not isinstance(perms, (list, tuple, set)):
+            perms = [perms]
+        self._operator = op
+        self._perms = perms
+
+    def has_permission(self, request: HttpRequest, controller: ControllerBase) -> bool:
+        # if the request has the `auth` property,
+        # it means that the user has been explicitly authenticated
+        # using a django-ninja authentication backend
+        # (whether it is SessionAuth or ApiKeyAuth).
+        # If not, this authentication has not been done, but the user may
+        # still be implicitly authenticated through AuthenticationMiddleware
+        user = request.auth if hasattr(request, "auth") else request.user
+        # `user` may either be a `core.User` or an `api.ApiClient` ;
+        # they are not the same model, but they both implement the `has_perm` method
+        return reduce(self._operator, (user.has_perm(p) for p in self._perms))
+
+
 class IsRoot(BasePermission):
     """Check that the user is root."""
 
@@ -135,4 +194,4 @@ class IsLoggedInCounter(BasePermission):
         return Counter.objects.filter(token=token).exists()
 
 
-CanAccessLookup = IsOldSubscriber | IsRoot | IsLoggedInCounter
+CanAccessLookup = IsLoggedInCounter | HasPerm("core.access_lookup")

api/tests/test_api_key.py

@@ -0,0 +1,29 @@
+import pytest
+from django.test import RequestFactory
+from model_bakery import baker
+
+from api.auth import ApiKeyAuth
+from api.hashers import generate_key
+from api.models import ApiClient, ApiKey
+
+
+@pytest.mark.django_db
+def test_api_key_auth():
+    key, hashed = generate_key()
+    client = baker.make(ApiClient)
+    baker.make(ApiKey, client=client, hashed_key=hashed)
+    auth = ApiKeyAuth()
+
+    assert auth.authenticate(RequestFactory().get(""), key) == client
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    ("key", "hashed"), [(generate_key()[0], generate_key()[1]), (generate_key()[0], "")]
+)
+def test_api_key_auth_invalid(key, hashed):
+    client = baker.make(ApiClient)
+    baker.make(ApiKey, client=client, hashed_key=hashed)
+    auth = ApiKeyAuth()
+
+    assert auth.authenticate(RequestFactory().get(""), key) is None

api/urls.py

@@ -0,0 +1,10 @@
+from ninja_extra import NinjaExtraAPI
+
+api = NinjaExtraAPI(
+    title="PICON",
+    description="Portail Interactif de Communication avec les Outils Numériques",
+    version="0.2.0",
+    urls_namespace="api",
+    csrf=True,
+)
+api.auto_discover_controllers()

club/admin.py

@@ -19,7 +19,15 @@ from club.models import Club, Membership
 
 @admin.register(Club)
 class ClubAdmin(admin.ModelAdmin):
-    list_display = ("name", "unix_name", "parent", "is_active")
+    list_display = ("name", "slug_name", "parent", "is_active")
+    search_fields = ("name", "slug_name")
+    autocomplete_fields = (
+        "parent",
+        "board_group",
+        "members_group",
+        "home",
+        "page",
+    )
 
 
 @admin.register(Membership)

club/api.py

@@ -1,22 +1,42 @@
 from typing import Annotated
 
 from annotated_types import MinLen
+from django.db.models import Prefetch
+from ninja.security import SessionAuth
 from ninja_extra import ControllerBase, api_controller, paginate, route
 from ninja_extra.pagination import PageNumberPaginationExtra
 from ninja_extra.schemas import PaginatedResponseSchema
 
-from club.models import Club
-from club.schemas import ClubSchema
-from core.api_permissions import CanAccessLookup
+from api.auth import ApiKeyAuth
+from api.permissions import CanAccessLookup, HasPerm
+from club.models import Club, Membership
+from club.schemas import ClubSchema, SimpleClubSchema
 
 
 @api_controller("/club")
 class ClubController(ControllerBase):
     @route.get(
         "/search",
-        response=PaginatedResponseSchema[ClubSchema],
+        response=PaginatedResponseSchema[SimpleClubSchema],
+        auth=[SessionAuth(), ApiKeyAuth()],
         permissions=[CanAccessLookup],
+        url_name="search_club",
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
     def search_club(self, search: Annotated[str, MinLen(1)]):
         return Club.objects.filter(name__icontains=search).values()
+
+    @route.get(
+        "/{int:club_id}",
+        response=ClubSchema,
+        auth=[SessionAuth(), ApiKeyAuth()],
+        permissions=[HasPerm("club.view_club")],
+        url_name="fetch_club",
+    )
+    def fetch_club(self, club_id: int):
+        prefetch = Prefetch(
+            "members", queryset=Membership.objects.ongoing().select_related("user")
+        )
+        return self.get_object_or_exception(
+            Club.objects.prefetch_related(prefetch), id=club_id
+        )

club/forms.py

@@ -24,23 +24,32 @@
 
 from django import forms
 from django.conf import settings
+from django.db.models import Exists, OuterRef, Q
+from django.db.models.functions import Lower
 from django.utils.translation import gettext_lazy as _
 
 from club.models import Club, Mailing, MailingSubscription, Membership
 from core.models import User
 from core.views.forms import SelectDate, SelectDateTime
-from core.views.widgets.select import AutoCompleteSelectMultipleUser
-from counter.models import Counter
+from core.views.widgets.ajax_select import AutoCompleteSelectMultipleUser
+from counter.models import Counter, Selling
 
 
 class ClubEditForm(forms.ModelForm):
+    error_css_class = "error"
+    required_css_class = "required"
+
     class Meta:
         model = Club
         fields = ["address", "logo", "short_description"]
+        widgets = {"short_description": forms.Textarea()}
 
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields["short_description"].widget = forms.Textarea()
+
+class ClubAdminEditForm(ClubEditForm):
+    admin_fields = ["name", "parent", "is_active"]
+
+    class Meta(ClubEditForm.Meta):
+        fields = ["name", "parent", "is_active", *ClubEditForm.Meta.fields]
 
 
 class MailingForm(forms.Form):
@@ -152,12 +161,21 @@ class SellingsForm(forms.Form):
         label=_("End date"), widget=SelectDateTime, required=False
     )
 
-    counters = forms.ModelMultipleChoiceField(
-        Counter.objects.order_by("name").all(), label=_("Counter"), required=False
-    )
-
     def __init__(self, club, *args, **kwargs):
         super().__init__(*args, **kwargs)
+        # postgres struggles really hard with a single query having three WHERE conditions,
+        # but deals perfectly fine with UNION of multiple queryset with their own WHERE clause,
+        # so we do this to get the ids, which we use to build another queryset that can be used by django.
+        club_sales_subquery = Selling.objects.filter(counter=OuterRef("pk"), club=club)
+        ids = (
+            Counter.objects.filter(Q(club=club) | Q(products__club=club))
+            .union(Counter.objects.filter(Exists(club_sales_subquery)))
+            .values_list("id", flat=True)
+        )
+        counters_qs = Counter.objects.filter(id__in=ids).order_by(Lower("name"))
+        self.fields["counters"] = forms.ModelMultipleChoiceField(
+            counters_qs, label=_("Counter"), required=False
+        )
         self.fields["products"] = forms.ModelMultipleChoiceField(
             club.products.order_by("name").filter(archived=False).all(),
             label=_("Products"),
@@ -189,9 +207,7 @@ class ClubMemberForm(forms.Form):
         self.request_user = kwargs.pop("request_user")
         self.club_members = kwargs.pop("club_members", None)
         if not self.club_members:
-            self.club_members = (
-                self.club.members.filter(end_date=None).order_by("-role").all()
-            )
+            self.club_members = self.club.members.ongoing().order_by("-role").all()
         self.request_user_membership = self.club.get_membership_for(self.request_user)
         super().__init__(*args, **kwargs)
 

club/migrations/0010_auto_20170912_2028.py

@@ -3,19 +3,6 @@ from __future__ import unicode_literals
 import django.db.models.deletion
 from django.db import migrations, models
 
-from club.models import Club
-from core.operations import PsqlRunOnly
-
-
-def generate_club_pages(apps, schema_editor):
-    def recursive_generate_club_page(club):
-        club.make_page()
-        for child in Club.objects.filter(parent=club).all():
-            recursive_generate_club_page(child)
-
-    for club in Club.objects.filter(parent=None).all():
-        recursive_generate_club_page(club)
-
 
 class Migration(migrations.Migration):
     dependencies = [("core", "0024_auto_20170906_1317"), ("club", "0010_club_logo")]
@@ -48,11 +35,4 @@ class Migration(migrations.Migration):
                 null=True,
             ),
         ),
-        PsqlRunOnly(
-            "SET CONSTRAINTS ALL IMMEDIATE", reverse_sql=migrations.RunSQL.noop
-        ),
-        migrations.RunPython(generate_club_pages),
-        PsqlRunOnly(
-            migrations.RunSQL.noop, reverse_sql="SET CONSTRAINTS ALL IMMEDIATE"
-        ),
     ]

club/migrations/0011_auto_20180426_2013.py

@@ -1,10 +1,9 @@
 from __future__ import unicode_literals
 
 import django.db.models.deletion
+from django.conf import settings
 from django.db import migrations, models
 
-import club.models
-
 
 class Migration(migrations.Migration):
     dependencies = [("club", "0010_auto_20170912_2028")]
@@ -15,7 +14,7 @@ class Migration(migrations.Migration):
             name="owner_group",
             field=models.ForeignKey(
                 on_delete=django.db.models.deletion.CASCADE,
-                default=club.models.get_default_owner_group,
+                default=lambda: settings.SITH_ROOT_USER_ID,
                 related_name="owned_club",
                 to="core.Group",
             ),

club/migrations/0012_club_board_group_club_members_group.py

@@ -0,0 +1,106 @@
+# Generated by Django 4.2.16 on 2024-11-20 17:08
+
+import django.db.models.deletion
+import django.db.models.functions.datetime
+from django.conf import settings
+from django.db import migrations, models
+from django.db.migrations.state import StateApps
+from django.db.models import Q
+from django.utils.timezone import localdate
+
+
+def migrate_meta_groups(apps: StateApps, schema_editor):
+    """Attach the existing meta groups to the clubs.
+
+    Until now, the meta groups were not attached to the clubs,
+    nor to the users.
+    This creates actual foreign relationships between the clubs
+    and theirs groups and the users and theirs groups.
+
+    Warnings:
+        When the meta groups associated with the clubs aren't found,
+        they are created.
+        Thus the migration shouldn't fail, and all the clubs will
+        have their groups.
+        However, there will probably be some groups that have
+        not been found but exist nonetheless,
+        so there will be duplicates and dangling groups.
+        There must be a manual cleanup after this migration.
+    """
+    Group = apps.get_model("core", "Group")
+    Club = apps.get_model("club", "Club")
+
+    meta_groups = Group.objects.filter(is_meta=True)
+    clubs = list(Club.objects.all())
+    for club in clubs:
+        club.board_group = meta_groups.get_or_create(
+            name=club.unix_name + settings.SITH_BOARD_SUFFIX,
+            defaults={"is_meta": True},
+        )[0]
+        club.members_group = meta_groups.get_or_create(
+            name=club.unix_name + settings.SITH_MEMBER_SUFFIX,
+            defaults={"is_meta": True},
+        )[0]
+        club.save()
+        club.refresh_from_db()
+        memberships = club.members.filter(
+            Q(end_date=None) | Q(end_date__gt=localdate())
+        ).select_related("user")
+        club.members_group.users.set([m.user for m in memberships])
+        club.board_group.users.set(
+            [
+                m.user
+                for m in memberships.filter(role__gt=settings.SITH_MAXIMUM_FREE_ROLE)
+            ]
+        )
+
+
+# steps of the migration :
+# - Create a nullable field for the board group and the member group
+# - Edit those new fields to make them point to currently existing meta groups
+# - When this data migration is done, make the fields non-nullable
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0040_alter_user_options_user_user_permissions_and_more"),
+        ("club", "0011_auto_20180426_2013"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="club",
+            name="edit_groups",
+        ),
+        migrations.RemoveField(
+            model_name="club",
+            name="owner_group",
+        ),
+        migrations.RemoveField(
+            model_name="club",
+            name="view_groups",
+        ),
+        migrations.AddField(
+            model_name="club",
+            name="board_group",
+            field=models.OneToOneField(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="club_board",
+                to="core.group",
+            ),
+        ),
+        migrations.AddField(
+            model_name="club",
+            name="members_group",
+            field=models.OneToOneField(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="club",
+                to="core.group",
+            ),
+        ),
+        migrations.RunPython(
+            migrate_meta_groups, reverse_code=migrations.RunPython.noop, elidable=True
+        ),
+    ]

club/migrations/0013_alter_club_board_group_alter_club_members_group_and_more.py

@@ -0,0 +1,36 @@
+# Generated by Django 4.2.17 on 2025-01-04 16:46
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("club", "0012_club_board_group_club_members_group")]
+
+    operations = [
+        migrations.AlterField(
+            model_name="club",
+            name="board_group",
+            field=models.OneToOneField(
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="club_board",
+                to="core.group",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="members_group",
+            field=models.OneToOneField(
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="club",
+                to="core.group",
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="membership",
+            constraint=models.CheckConstraint(
+                check=models.Q(("end_date__gte", models.F("start_date"))),
+                name="end_after_start",
+            ),
+        ),
+    ]

club/migrations/0014_alter_club_options_rename_unix_name_club_slug_name_and_more.py

@@ -0,0 +1,75 @@
+# Generated by Django 4.2.17 on 2025-02-28 20:34
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+import core.fields
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0044_alter_userban_options"),
+        ("club", "0013_alter_club_board_group_alter_club_members_group_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(name="club", options={"ordering": ["name"]}),
+        migrations.RenameField(
+            model_name="club",
+            old_name="unix_name",
+            new_name="slug_name",
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="name",
+            field=models.CharField(unique=True, max_length=64, verbose_name="name"),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="slug_name",
+            field=models.SlugField(
+                editable=False, max_length=30, unique=True, verbose_name="slug name"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="id",
+            field=models.AutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="logo",
+            field=core.fields.ResizedImageField(
+                blank=True,
+                force_format="WEBP",
+                height=200,
+                null=True,
+                upload_to="club_logos",
+                verbose_name="logo",
+                width=200,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="page",
+            field=models.OneToOneField(
+                blank=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="club",
+                to="core.page",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="short_description",
+            field=models.CharField(
+                blank=True,
+                default="",
+                help_text="A summary of what your club does. This will be displayed on the club list page.",
+                max_length=1000,
+                verbose_name="short description",
+            ),
+        ),
+    ]

club/models.py

@@ -23,75 +23,56 @@
 #
 from __future__ import annotations
 
-from typing import Self
+from typing import Iterable, Self
 
 from django.conf import settings
-from django.core import validators
 from django.core.cache import cache
 from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.core.validators import RegexValidator, validate_email
 from django.db import models, transaction
-from django.db.models import Q
+from django.db.models import Exists, F, OuterRef, Q
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.functional import cached_property
+from django.utils.text import slugify
 from django.utils.timezone import localdate
 from django.utils.translation import gettext_lazy as _
 
-from core.models import Group, MetaGroup, Notification, Page, RealGroup, SithFile, User
-
-# Create your models here.
-
-
-# This function prevents generating migration upon settings change
-def get_default_owner_group():
-    return settings.SITH_GROUP_ROOT_ID
+from core.fields import ResizedImageField
+from core.models import Group, Notification, Page, SithFile, User
 
 
 class Club(models.Model):
     """The Club class, made as a tree to allow nice tidy organization."""
 
-    id = models.AutoField(primary_key=True, db_index=True)
-    name = models.CharField(_("name"), max_length=64)
+    name = models.CharField(_("name"), unique=True, max_length=64)
     parent = models.ForeignKey(
         "Club", related_name="children", null=True, blank=True, on_delete=models.CASCADE
     )
-    unix_name = models.CharField(
-        _("unix name"),
-        max_length=30,
-        unique=True,
-        validators=[
-            validators.RegexValidator(
-                r"^[a-z0-9][a-z0-9._-]*[a-z0-9]$",
-                _(
-                    "Enter a valid unix name. This value may contain only "
-                    "letters, numbers ./-/_ characters."
-                ),
-            )
-        ],
-        error_messages={"unique": _("A club with that unix name already exists.")},
+    slug_name = models.SlugField(
+        _("slug name"), max_length=30, unique=True, editable=False
     )
-    logo = models.ImageField(
-        upload_to="club_logos", verbose_name=_("logo"), null=True, blank=True
+    logo = ResizedImageField(
+        upload_to="club_logos",
+        verbose_name=_("logo"),
+        null=True,
+        blank=True,
+        force_format="WEBP",
+        height=200,
+        width=200,
     )
     is_active = models.BooleanField(_("is active"), default=True)
     short_description = models.CharField(
-        _("short description"), max_length=1000, default="", blank=True, null=True
+        _("short description"),
+        max_length=1000,
+        default="",
+        blank=True,
+        help_text=_(
+            "A summary of what your club does. "
+            "This will be displayed on the club list page."
+        ),
     )
     address = models.CharField(_("address"), max_length=254)
-
-    owner_group = models.ForeignKey(
-        Group,
-        related_name="owned_club",
-        default=get_default_owner_group,
-        on_delete=models.CASCADE,
-    )
-    edit_groups = models.ManyToManyField(
-        Group, related_name="editable_club", blank=True
-    )
-    view_groups = models.ManyToManyField(
-        Group, related_name="viewable_club", blank=True
-    )
     home = models.OneToOneField(
         SithFile,
         related_name="home_of_club",
@@ -101,42 +82,53 @@ class Club(models.Model):
         on_delete=models.SET_NULL,
     )
     page = models.OneToOneField(
-        Page, related_name="club", blank=True, null=True, on_delete=models.CASCADE
+        Page, related_name="club", blank=True, on_delete=models.CASCADE
+    )
+    members_group = models.OneToOneField(
+        Group, related_name="club", on_delete=models.PROTECT
+    )
+    board_group = models.OneToOneField(
+        Group, related_name="club_board", on_delete=models.PROTECT
     )
 
     class Meta:
-        ordering = ["name", "unix_name"]
+        ordering = ["name"]
 
     def __str__(self):
         return self.name
 
     @transaction.atomic()
     def save(self, *args, **kwargs):
-        old = Club.objects.filter(id=self.id).first()
-        creation = old is None
-        if not creation and old.unix_name != self.unix_name:
-            self._change_unixname(self.unix_name)
-        super().save(*args, **kwargs)
+        creation = self._state.adding
+        if (slug := slugify(self.name)[:30]) != self.slug_name:
+            self.slug_name = slug
+        if not creation:
+            db_club = Club.objects.get(id=self.id)
+            if self.name != db_club.name:
+                self.home.name = self.slug_name
+                self.home.save()
+            if self.name != db_club.name:
+                self.board_group.name = f"{self.name} - Bureau"
+                self.board_group.save()
+                self.members_group.name = f"{self.name} - Membres"
+                self.members_group.save()
         if creation:
-            board = MetaGroup(name=self.unix_name + settings.SITH_BOARD_SUFFIX)
-            board.save()
-            member = MetaGroup(name=self.unix_name + settings.SITH_MEMBER_SUFFIX)
-            member.save()
-            subscribers = Group.objects.filter(
-                name=settings.SITH_MAIN_MEMBERS_GROUP
-            ).first()
+            self.board_group = Group.objects.create(
+                name=f"{self.name} - Bureau", is_manually_manageable=False
+            )
+            self.members_group = Group.objects.create(
+                name=f"{self.name} - Membres", is_manually_manageable=False
+            )
             self.make_home()
-            self.home.edit_groups.set([board])
-            self.home.view_groups.set([member, subscribers])
-            self.home.save()
         self.make_page()
-        cache.set(f"sith_club_{self.unix_name}", self)
+        super().save(*args, **kwargs)
 
     def get_absolute_url(self):
         return reverse("club:club_view", kwargs={"club_id": self.id})
 
     @cached_property
-    def president(self):
+    def president(self) -> Membership | None:
+        """Fetch the membership of the current president of this club."""
         return self.members.filter(
             role=settings.SITH_CLUB_ROLES_ID["President"], end_date=None
         ).first()
@@ -154,94 +146,63 @@ class Club(models.Model):
     def clean(self):
         self.check_loop()
 
-    def _change_unixname(self, old_name, new_name):
-        c = Club.objects.filter(unix_name=new_name).first()
-        if c is None:
-            # Update all the groups names
-            Group.objects.filter(name=old_name).update(name=new_name)
-            Group.objects.filter(name=old_name + settings.SITH_BOARD_SUFFIX).update(
-                name=new_name + settings.SITH_BOARD_SUFFIX
-            )
-            Group.objects.filter(name=old_name + settings.SITH_MEMBER_SUFFIX).update(
-                name=new_name + settings.SITH_MEMBER_SUFFIX
-            )
+    def make_home(self) -> None:
+        if self.home:
+            return
+        home_root = SithFile.objects.get(parent=None, name="clubs")
+        root = User.objects.get(id=settings.SITH_ROOT_USER_ID)
+        self.home = SithFile.objects.create(
+            parent=home_root, name=self.slug_name, owner=root
+        )
 
-            if self.home:
-                self.home.name = new_name
-                self.home.save()
-
-        else:
-            raise ValidationError(_("A club with that unix_name already exists"))
-
-    def make_home(self):
-        if not self.home:
-            home_root = SithFile.objects.filter(parent=None, name="clubs").first()
-            root = User.objects.filter(username="root").first()
-            if home_root and root:
-                home = SithFile(parent=home_root, name=self.unix_name, owner=root)
-                home.save()
-                self.home = home
-                self.save()
-
-    def make_page(self):
-        root = User.objects.filter(username="root").first()
-        if not self.page:
-            club_root = Page.objects.filter(name=settings.SITH_CLUB_ROOT_PAGE).first()
-            if root and club_root:
-                public = Group.objects.filter(id=settings.SITH_GROUP_PUBLIC_ID).first()
-                p = Page(name=self.unix_name)
-                p.parent = club_root
-                p.save(force_lock=True)
-                if public:
-                    p.view_groups.add(public)
-                p.save(force_lock=True)
-                if self.parent and self.parent.page:
-                    p.parent = self.parent.page
-                self.page = p
-                self.save()
-        elif self.page and self.page.name != self.unix_name:
-            self.page.unset_lock()
-            self.page.name = self.unix_name
-            self.page.save(force_lock=True)
-        elif (
-            self.page
-            and self.parent
-            and self.parent.page
-            and self.page.parent != self.parent.page
-        ):
-            self.page.unset_lock()
+    def make_page(self) -> None:
+        page_name = self.slug_name
+        if not self.page_id:
+            # Club.page is a OneToOneField, so if we are inside this condition
+            # then self._meta.state.adding is True.
+            club_root = Page.objects.get(name=settings.SITH_CLUB_ROOT_PAGE)
+            public = Group.objects.get(id=settings.SITH_GROUP_PUBLIC_ID)
+            p = Page(name=page_name, parent=club_root)
+            p.save(force_lock=True)
+            p.view_groups.add(public)
+            if self.parent and self.parent.page_id:
+                p.parent_id = self.parent.page_id
+            self.page = p
+            return
+        self.page.unset_lock()
+        if self.page.name != page_name:
+            self.page.name = page_name
+        elif self.parent and self.parent.page and self.page.parent != self.parent.page:
             self.page.parent = self.parent.page
-            self.page.save(force_lock=True)
+        self.page.save(force_lock=True)
 
-    def delete(self, *args, **kwargs):
+    def delete(self, *args, **kwargs) -> tuple[int, dict[str, int]]:
         # Invalidate the cache of this club and of its memberships
         for membership in self.members.ongoing().select_related("user"):
             cache.delete(f"membership_{self.id}_{membership.user.id}")
-        cache.delete(f"sith_club_{self.unix_name}")
-        super().delete(*args, **kwargs)
+        self.board_group.delete()
+        self.members_group.delete()
+        return super().delete(*args, **kwargs)
 
-    def get_display_name(self):
+    def get_display_name(self) -> str:
         return self.name
 
-    def is_owned_by(self, user):
+    def is_owned_by(self, user: User) -> bool:
         """Method to see if that object can be super edited by the given user."""
         if user.is_anonymous:
             return False
-        return user.is_board_member
+        return user.is_root or user.is_board_member
 
-    def get_full_logo_url(self):
-        return "https://%s%s" % (settings.SITH_URL, self.logo.url)
+    def get_full_logo_url(self) -> str:
+        return f"https://{settings.SITH_URL}{self.logo.url}"
 
-    def can_be_edited_by(self, user):
+    def can_be_edited_by(self, user: User) -> bool:
         """Method to see if that object can be edited by the given user."""
         return self.has_rights_in_club(user)
 
-    def can_be_viewed_by(self, user):
+    def can_be_viewed_by(self, user: User) -> bool:
         """Method to see if that object can be seen by the given user."""
-        sub = User.objects.filter(pk=user.pk).first()
-        if sub is None:
-            return False
-        return sub.was_subscribed
+        return user.was_subscribed
 
     def get_membership_for(self, user: User) -> Membership | None:
         """Return the current membership the given user.
@@ -262,9 +223,8 @@ class Club(models.Model):
                 cache.set(f"membership_{self.id}_{user.id}", membership)
         return membership
 
-    def has_rights_in_club(self, user):
-        m = self.get_membership_for(user)
-        return m is not None and m.role > settings.SITH_MAXIMUM_FREE_ROLE
+    def has_rights_in_club(self, user: User) -> bool:
+        return user.is_in_group(pk=self.board_group_id)
 
 
 class MembershipQuerySet(models.QuerySet):
@@ -283,42 +243,65 @@ class MembershipQuerySet(models.QuerySet):
         """
         return self.filter(role__gt=settings.SITH_MAXIMUM_FREE_ROLE)
 
-    def update(self, **kwargs):
-        """Refresh the cache for the elements of the queryset.
+    def update(self, **kwargs) -> int:
+        """Refresh the cache and edit group ownership.
 
-        Besides that, does the same job as a regular update method.
+        Update the cache, when necessary, remove
+        users from club groups they are no more in
+        and add them in the club groups they should be in.
 
-        Be aware that this adds a db query to retrieve the updated objects
+        Be aware that this adds three db queries :
+        one to retrieve the updated memberships,
+        one to perform group removal and one to perform
+        group attribution.
         """
         nb_rows = super().update(**kwargs)
-        if nb_rows > 0:
-            # if at least a row was affected, refresh the cache
-            for membership in self.all():
-                if membership.end_date is not None:
-                    cache.set(
-                        f"membership_{membership.club_id}_{membership.user_id}",
-                        "not_member",
-                    )
-                else:
-                    cache.set(
-                        f"membership_{membership.club_id}_{membership.user_id}",
-                        membership,
-                    )
+        if nb_rows == 0:
+            # if no row was affected, no need to refresh the cache
+            return 0
 
-    def delete(self):
+        cache_memberships = {}
+        memberships = set(self.select_related("club"))
+        # delete all User-Group relations and recreate the necessary ones
+        # It's more concise to write and more reliable
+        Membership._remove_club_groups(memberships)
+        Membership._add_club_groups(memberships)
+        for member in memberships:
+            cache_key = f"membership_{member.club_id}_{member.user_id}"
+            if member.end_date is None:
+                cache_memberships[cache_key] = member
+            else:
+                cache_memberships[cache_key] = "not_member"
+        cache.set_many(cache_memberships)
+        return nb_rows
+
+    def delete(self) -> tuple[int, dict[str, int]]:
         """Work just like the default Django's delete() method,
         but add a cache invalidation for the elements of the queryset
-        before the deletion.
+        before the deletion,
+        and a removal of the user from the club groups.
 
-        Be aware that this adds a db query to retrieve the deleted element.
-        As this first query take place before the deletion operation,
-        it will be performed even if the deletion fails.
+        Be aware that this adds some db queries :
+
+        - 1 to retrieve the deleted elements in order to perform
+          post-delete operations.
+          As we can't know if a delete will affect rows or not,
+          this query will always happen
+        - 1 query to remove the users from the club groups.
+          If the delete operation affected no row,
+          this query won't happen.
         """
-        ids = list(self.values_list("club_id", "user_id"))
-        nb_rows, _ = super().delete()
+        memberships = set(self.all())
+        nb_rows, rows_counts = super().delete()
         if nb_rows > 0:
-            for club_id, user_id in ids:
-                cache.set(f"membership_{club_id}_{user_id}", "not_member")
+            Membership._remove_club_groups(memberships)
+            cache.set_many(
+                {
+                    f"membership_{m.club_id}_{m.user_id}": "not_member"
+                    for m in memberships
+                }
+            )
+        return nb_rows, rows_counts
 
 
 class Membership(models.Model):
@@ -361,6 +344,13 @@ class Membership(models.Model):
 
     objects = MembershipQuerySet.as_manager()
 
+    class Meta:
+        constraints = [
+            models.CheckConstraint(
+                check=Q(end_date__gte=F("start_date")), name="end_after_start"
+            ),
+        ]
+
     def __str__(self):
         return (
             f"{self.club.name} - {self.user.username} "
@@ -370,7 +360,14 @@ class Membership(models.Model):
 
     def save(self, *args, **kwargs):
         super().save(*args, **kwargs)
+        # a save may either be an update or a creation
+        # and may result in either an ongoing or an ended membership.
+        # It could also be a retrogradation from the board to being a simple member.
+        # To avoid problems, the user is removed from the club groups beforehand ;
+        # he will be added back if necessary
+        self._remove_club_groups([self])
         if self.end_date is None:
+            self._add_club_groups([self])
             cache.set(f"membership_{self.club_id}_{self.user_id}", self)
         else:
             cache.set(f"membership_{self.club_id}_{self.user_id}", "not_member")
@@ -378,11 +375,11 @@ class Membership(models.Model):
     def get_absolute_url(self):
         return reverse("club:club_members", kwargs={"club_id": self.club_id})
 
-    def is_owned_by(self, user):
+    def is_owned_by(self, user: User) -> bool:
         """Method to see if that object can be super edited by the given user."""
         if user.is_anonymous:
             return False
-        return user.is_board_member
+        return user.is_root or user.is_board_member
 
     def can_be_edited_by(self, user: User) -> bool:
         """Check if that object can be edited by the given user."""
@@ -392,9 +389,91 @@ class Membership(models.Model):
         return membership is not None and membership.role >= self.role
 
     def delete(self, *args, **kwargs):
+        self._remove_club_groups([self])
         super().delete(*args, **kwargs)
         cache.delete(f"membership_{self.club_id}_{self.user_id}")
 
+    @staticmethod
+    def _remove_club_groups(
+        memberships: Iterable[Membership],
+    ) -> tuple[int, dict[str, int]]:
+        """Remove users of those memberships from the club groups.
+
+        For example, if a user is in the Troll club board,
+        he is in the board group and the members group of the Troll.
+        After calling this function, he will be in neither.
+
+        Returns:
+            The result of the deletion queryset.
+
+        Warnings:
+            If this function isn't used in combination
+            with an actual deletion of the memberships,
+            it will result in an inconsistent state,
+            where users will be in the clubs, without
+            having the associated rights.
+        """
+        clubs = {m.club_id for m in memberships}
+        users = {m.user_id for m in memberships}
+        groups = Group.objects.filter(Q(club__in=clubs) | Q(club_board__in=clubs))
+        return User.groups.through.objects.filter(
+            Q(group__in=groups) & Q(user__in=users)
+        ).delete()
+
+    @staticmethod
+    def _add_club_groups(
+        memberships: Iterable[Membership],
+    ) -> list[User.groups.through]:
+        """Add users of those memberships to the club groups.
+
+        For example, if a user just joined the Troll club board,
+        he will be added in both the members group and the board group
+        of the club.
+
+        Returns:
+            The created User-Group relations.
+
+        Warnings:
+            If this function isn't used in combination
+            with an actual update/creation of the memberships,
+            it will result in an inconsistent state,
+            where users will have the rights associated to the
+            club, without actually being part of it.
+        """
+        # only active membership (i.e. `end_date=None`)
+        # grant the attribution of club groups.
+        memberships = [m for m in memberships if m.end_date is None]
+        if not memberships:
+            return []
+
+        if sum(1 for m in memberships if not hasattr(m, "club")) > 1:
+            # if more than one membership hasn't its `club` attribute set
+            # it's less expensive to reload the whole query with
+            # a select_related than perform a distinct query
+            # to fetch each club.
+            ids = {m.id for m in memberships}
+            memberships = list(
+                Membership.objects.filter(id__in=ids).select_related("club")
+            )
+        club_groups = []
+        for membership in memberships:
+            club_groups.append(
+                User.groups.through(
+                    user_id=membership.user_id,
+                    group_id=membership.club.members_group_id,
+                )
+            )
+            if membership.role > settings.SITH_MAXIMUM_FREE_ROLE:
+                club_groups.append(
+                    User.groups.through(
+                        user_id=membership.user_id,
+                        group_id=membership.club.board_group_id,
+                    )
+                )
+        return User.groups.through.objects.bulk_create(
+            club_groups, ignore_conflicts=True
+        )
+
 
 class Mailing(models.Model):
     """A Mailing list for a club.
@@ -438,19 +517,18 @@ class Mailing(models.Model):
 
     def save(self, *args, **kwargs):
         if not self.is_moderated:
-            for user in (
-                RealGroup.objects.filter(id=settings.SITH_GROUP_COM_ADMIN_ID)
-                .first()
-                .users.all()
+            unread_notif_subquery = Notification.objects.filter(
+                user=OuterRef("pk"), type="MAILING_MODERATION", viewed=False
+            )
+            for user in User.objects.filter(
+                ~Exists(unread_notif_subquery),
+                groups__id__in=[settings.SITH_GROUP_COM_ADMIN_ID],
             ):
-                if not user.notifications.filter(
-                    type="MAILING_MODERATION", viewed=False
-                ).exists():
-                    Notification(
-                        user=user,
-                        url=reverse("com:mailing_admin"),
-                        type="MAILING_MODERATION",
-                    ).save(*args, **kwargs)
+                Notification(
+                    user=user,
+                    url=reverse("com:mailing_admin"),
+                    type="MAILING_MODERATION",
+                ).save(*args, **kwargs)
         super().save(*args, **kwargs)
 
     def clean(self):

club/schemas.py

@@ -1,9 +1,40 @@
 from ninja import ModelSchema
 
-from club.models import Club
+from club.models import Club, Membership
+from core.schemas import SimpleUserSchema
+
+
+class SimpleClubSchema(ModelSchema):
+    class Meta:
+        model = Club
+        fields = ["id", "name"]
+
+
+class ClubProfileSchema(ModelSchema):
+    """The infos needed to display a simple club profile."""
+
+    class Meta:
+        model = Club
+        fields = ["id", "name", "logo"]
+
+    url: str
+
+    @staticmethod
+    def resolve_url(obj: Club) -> str:
+        return obj.get_absolute_url()
+
+
+class ClubMemberSchema(ModelSchema):
+    class Meta:
+        model = Membership
+        fields = ["start_date", "end_date", "role", "description"]
+
+    user: SimpleUserSchema
 
 
 class ClubSchema(ModelSchema):
     class Meta:
         model = Club
-        fields = ["id", "name"]
+        fields = ["id", "name", "logo", "is_active", "short_description", "address"]
+
+    members: list[ClubMemberSchema]

club/templates/club/club_detail.jinja

@@ -4,7 +4,7 @@
 {% block content %}
   <div id="club_detail">
     {% if club.logo %}
-      <div class="club_logo"><img src="{{ club.logo.url }}" alt="{{ club.unix_name }}"></div>
+      <div class="club_logo"><img src="{{ club.logo.url }}" alt="{{ club.name }}"></div>
     {% endif %}
     {% if page_revision %}
       {{ page_revision|markdown }}

club/templates/club/club_members.jinja

@@ -11,7 +11,7 @@
         {{ select_all_checkbox("users_old") }}
         <p></p>
       {% endif %}
-      <table>
+      <table id="club_members_table">
         <thead>
           <tr>
             <td>{% trans %}User{% endtrans %}</td>

club/templates/club/club_tools.jinja

@@ -16,30 +16,13 @@
     </ul>
     <h4>{% trans %}Counters:{% endtrans %}</h4>
     <ul>
-      {% if object.unix_name == settings.SITH_LAUNDERETTE_MANAGER['unix_name'] %}
-        {% for l in Launderette.objects.all() %}
-          <li><a href="{{ url('launderette:main_click', launderette_id=l.id) }}">{{ l }}</a></li>
-        {% endfor %}
-      {% elif object.counters.filter(type="OFFICE")|count > 0 %}
-        {% for c in object.counters.filter(type="OFFICE") %}
-          <li>{{ c }}:
-            <a href="{{ url('counter:details', counter_id=c.id) }}">View</a>
-            <a href="{{ url('counter:admin', counter_id=c.id) }}">Edit</a>
-          </li>
-        {% endfor %}
-      {% endif %}
+      {% for c in object.counters.filter(type="OFFICE") %}
+        <li>{{ c }}:
+          <a href="{{ url('counter:details', counter_id=c.id) }}">View</a>
+          <a href="{{ url('counter:admin', counter_id=c.id) }}">Edit</a>
+        </li>
+      {% endfor %}
     </ul>
-    {% if object.club_account.exists() %}
-      <h4>{% trans %}Accounting: {% endtrans %}</h4>
-      <ul>
-        {% for ca in object.club_account.all() %}
-          <li><a href="{{ url('accounting:club_details', c_account_id=ca.id) }}">{{ ca.get_display_name() }}</a></li>
-        {% endfor %}
-      </ul>
-    {% endif %}
-    {% if object.unix_name == settings.SITH_LAUNDERETTE_MANAGER['unix_name'] %}
-      <li><a href="{{ url('launderette:launderette_list') }}">{% trans %}Manage launderettes{% endtrans %}</a></li>
-    {% endif %}
   </div>
 {% endblock %}
 

club/templates/club/edit_club.jinja

@@ -0,0 +1,54 @@
+{% extends "core/base.jinja" %}
+
+{% block title %}
+  {% trans name=object %}Edit {{ name }}{% endtrans %}
+{% endblock %}
+
+{% block content %}
+  <h2>{% trans name=object %}Edit {{ name }}{% endtrans %}</h2>
+
+  <form action="" method="post" enctype="multipart/form-data">
+    {% csrf_token %}
+
+    {{ form.non_field_errors() }}
+
+    {% if form.admin_fields %}
+      {# If the user is admin, display the admin fields,
+         and explicitly separate them from the non-admin ones,
+         with some help text.
+         Non-admin users will only see the regular form fields,
+         so they don't need thoses explanations #}
+      <h3>{% trans %}Club properties{% endtrans %}</h3>
+      <p class="helptext">
+        {% trans trimmed %}
+          The following form fields are linked to the core properties of a club.
+          Only admin users can see and edit them.
+        {% endtrans %}
+      </p>
+      <fieldset class="required margin-bottom">
+        {% for field_name in form.admin_fields %}
+          {% set field = form[field_name] %}
+          <div class="form-group">
+            {{ field.errors }}
+            {{ field.label_tag() }}
+            {{ field }}
+          </div>
+          {# Remove the the admin fields from the form.
+             The remaining non-admin fields will be rendered
+             at once with a simple {{ form.as_p() }} #}
+          {% set _ = form.fields.pop(field_name) %}
+        {% endfor %}
+      </fieldset>
+
+      <h3>{% trans %}Club informations{% endtrans %}</h3>
+      <p class="helptext">
+        {% trans trimmed %}
+          The following form fields are linked to the basic description of a club.
+          All board members of this club can see and edit them.
+        {% endtrans %}
+      </p>
+    {% endif %}
+    {{ form.as_p() }}
+    <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
+  </form>
+{% endblock content %}

club/templates/club/stats.jinja

@@ -1,49 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Club stats{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  {% if club_list %}
-    <h3>{% trans %}Club stats{% endtrans %}</h3>
-    <form action="" method="GET">
-      {% csrf_token %}
-      <p>
-        <select name="branch">
-          {% for b in settings.SITH_PROFILE_DEPARTMENTS %}
-            <option value="{{ b[0] }}">{{ b[0] }}</option>
-          {% endfor %}
-        </select>
-      </p>
-      <p><input type="submit" value="{% trans %}Show{% endtrans %}" /></p>
-    </form>
-    <table>
-      <thead>
-        <tr>
-          <td>Club</td>
-          <td>Member number</td>
-          <td>Old member number</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for c in club_list.order_by('id') %}
-          {% set members = c.members.all() %}
-          {% if request.GET['branch'] %}
-            {% set members = members.filter(user__department=request.GET['branch']) %}
-          {% endif %}
-          <tr>
-            <td>{{ c.get_display_name() }}</td>
-            <td>{{ members.filter(end_date=None, role__gt=settings.SITH_MAXIMUM_FREE_ROLE).count() }}</td>
-            <td>{{ members.exclude(end_date=None, role__gt=settings.SITH_MAXIMUM_FREE_ROLE).count() }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-  {% else %}
-    {% trans %}There is no club in this website.{% endtrans %}
-  {% endif %}
-{% endblock %}
-
-
-

club/tests.py

@@ -1,855 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-from datetime import timedelta
-
-from django.conf import settings
-from django.core.cache import cache
-from django.test import TestCase
-from django.urls import reverse
-from django.utils import timezone
-from django.utils.timezone import localdate, localtime, now
-from django.utils.translation import gettext as _
-
-from club.forms import MailingForm
-from club.models import Club, Mailing, Membership
-from core.baker_recipes import subscriber_user
-from core.models import AnonymousUser, User
-from sith.settings import SITH_BAR_MANAGER, SITH_MAIN_CLUB_ID
-
-
-class TestClub(TestCase):
-    """Set up data for test cases related to clubs and membership.
-
-    The generated dataset is the one created by the populate command,
-    plus the following modifications :
-
-    - `self.club` is a dummy club recreated for each test
-    - `self.club` has two board members : skia (role 3) and comptable (role 10)
-    - `self.club` has one regular member : richard
-    - `self.club` has one former member : sli (who had role 2)
-    - None of the `self.club` members are in the AE club.
-    """
-
-    @classmethod
-    def setUpTestData(cls):
-        # subscribed users - initial members
-        cls.skia = User.objects.get(username="skia")
-        # by default, Skia is in the AE, which creates side effect
-        cls.skia.memberships.all().delete()
-        cls.richard = User.objects.get(username="rbatsbak")
-        cls.comptable = User.objects.get(username="comptable")
-        cls.sli = User.objects.get(username="sli")
-        cls.root = User.objects.get(username="root")
-
-        # subscribed users - not initial members
-        cls.krophil = User.objects.get(username="krophil")
-        cls.subscriber = User.objects.get(username="subscriber")
-
-        # old subscriber
-        cls.old_subscriber = User.objects.get(username="old_subscriber")
-
-        # not subscribed
-        cls.public = User.objects.get(username="public")
-
-        cls.ae = Club.objects.filter(pk=SITH_MAIN_CLUB_ID)[0]
-        cls.club = Club.objects.create(
-            name="Fake Club",
-            unix_name="fake-club",
-            address="5 rue de la République, 90000 Belfort",
-        )
-        cls.members_url = reverse("club:club_members", kwargs={"club_id": cls.club.id})
-        a_month_ago = now() - timedelta(days=30)
-        yesterday = now() - timedelta(days=1)
-        Membership.objects.create(
-            club=cls.club, user=cls.skia, start_date=a_month_ago, role=3
-        )
-        Membership.objects.create(club=cls.club, user=cls.richard, role=1)
-        Membership.objects.create(
-            club=cls.club, user=cls.comptable, start_date=a_month_ago, role=10
-        )
-
-        # sli was a member but isn't anymore
-        Membership.objects.create(
-            club=cls.club,
-            user=cls.sli,
-            start_date=a_month_ago,
-            end_date=yesterday,
-            role=2,
-        )
-
-    def setUp(self):
-        cache.clear()
-
-
-class TestMembershipQuerySet(TestClub):
-    def test_ongoing(self):
-        """Test that the ongoing queryset method returns the memberships that
-        are not ended.
-        """
-        current_members = list(self.club.members.ongoing().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-            self.richard.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert current_members == expected
-
-    def test_ongoing_with_membership_ending_today(self):
-        """Test that a membership ending the present day is considered as ended."""
-        today = localdate()
-        self.richard.memberships.filter(club=self.club).update(end_date=today)
-        current_members = list(self.club.members.ongoing().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert current_members == expected
-
-    def test_board(self):
-        """Test that the board queryset method returns the memberships
-        of user in the club board.
-        """
-        board_members = list(self.club.members.board().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-            # sli is no more member, but he was in the board
-            self.sli.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert board_members == expected
-
-    def test_ongoing_board(self):
-        """Test that combining ongoing and board returns users
-        who are currently board members of the club.
-        """
-        members = list(self.club.members.ongoing().board().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert members == expected
-
-    def test_update_invalidate_cache(self):
-        """Test that the `update` queryset method properly invalidate cache."""
-        mem_skia = self.skia.memberships.get(club=self.club)
-        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
-        self.skia.memberships.update(end_date=localtime(now()).date())
-        assert (
-            cache.get(f"membership_{mem_skia.club_id}_{mem_skia.user_id}")
-            == "not_member"
-        )
-
-        mem_richard = self.richard.memberships.get(club=self.club)
-        cache.set(
-            f"membership_{mem_richard.club_id}_{mem_richard.user_id}", mem_richard
-        )
-        self.richard.memberships.update(role=5)
-        new_mem = self.richard.memberships.get(club=self.club)
-        assert new_mem != "not_member"
-        assert new_mem.role == 5
-
-    def test_delete_invalidate_cache(self):
-        """Test that the `delete` queryset properly invalidate cache."""
-        mem_skia = self.skia.memberships.get(club=self.club)
-        mem_comptable = self.comptable.memberships.get(club=self.club)
-        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
-        cache.set(
-            f"membership_{mem_comptable.club_id}_{mem_comptable.user_id}", mem_comptable
-        )
-
-        # should delete the subscriptions of skia and comptable
-        self.club.members.ongoing().board().delete()
-
-        for membership in (mem_skia, mem_comptable):
-            cached_mem = cache.get(
-                f"membership_{membership.club_id}_{membership.user_id}"
-            )
-            assert cached_mem == "not_member"
-
-
-class TestClubModel(TestClub):
-    def assert_membership_started_today(self, user: User, role: int):
-        """Assert that the given membership is active and started today."""
-        membership = user.memberships.ongoing().filter(club=self.club).first()
-        assert membership is not None
-        assert localtime(now()).date() == membership.start_date
-        assert membership.end_date is None
-        assert membership.role == role
-        assert membership.club.get_membership_for(user) == membership
-        member_group = self.club.unix_name + settings.SITH_MEMBER_SUFFIX
-        board_group = self.club.unix_name + settings.SITH_BOARD_SUFFIX
-        assert user.is_in_group(name=member_group)
-        assert user.is_in_group(name=board_group)
-
-    def assert_membership_ended_today(self, user: User):
-        """Assert that the given user have a membership which ended today."""
-        today = localtime(now()).date()
-        assert user.memberships.filter(club=self.club, end_date=today).exists()
-        assert self.club.get_membership_for(user) is None
-
-    def test_access_unauthorized(self):
-        """Test that users who never subscribed and anonymous users
-        cannot see the page.
-        """
-        response = self.client.post(self.members_url)
-        assert response.status_code == 403
-
-        self.client.force_login(self.public)
-        response = self.client.post(self.members_url)
-        assert response.status_code == 403
-
-    def test_display(self):
-        """Test that a GET request return a page where the requested
-        information are displayed.
-        """
-        self.client.force_login(self.skia)
-        response = self.client.get(self.members_url)
-        assert response.status_code == 200
-        expected_html = (
-            "<table><thead><tr>"
-            "<td>Utilisateur</td><td>Rôle</td><td>Description</td>"
-            "<td>Depuis</td><td>Marquer comme ancien</td>"
-            "</tr></thead><tbody>"
-        )
-        memberships = self.club.members.ongoing().order_by("-role")
-        input_id = 0
-        for membership in memberships.select_related("user"):
-            user = membership.user
-            expected_html += (
-                f"<tr><td><a href=\"{reverse('core:user_profile', args=[user.id])}\">"
-                f"{user.get_display_name()}</a></td>"
-                f"<td>{settings.SITH_CLUB_ROLES[membership.role]}</td>"
-                f"<td>{membership.description}</td>"
-                f"<td>{membership.start_date}</td><td>"
-            )
-            if membership.role <= 3:  # 3 is the role of skia
-                expected_html += (
-                    '<input type="checkbox" name="users_old" '
-                    f'value="{user.id}" '
-                    f'id="id_users_old_{input_id}">'
-                )
-                input_id += 1
-            expected_html += "</td></tr>"
-        expected_html += "</tbody></table>"
-        self.assertInHTML(expected_html, response.content.decode())
-
-    def test_root_add_one_club_member(self):
-        """Test that root users can add members to clubs, one at a time."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": [self.subscriber.id], "role": 3},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.subscriber.refresh_from_db()
-        self.assert_membership_started_today(self.subscriber, role=3)
-
-    def test_root_add_multiple_club_member(self):
-        """Test that root users can add multiple members at once to clubs."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {
-                "users": (self.subscriber.id, self.krophil.id),
-                "role": 3,
-            },
-        )
-        self.assertRedirects(response, self.members_url)
-        self.subscriber.refresh_from_db()
-        self.assert_membership_started_today(self.subscriber, role=3)
-        self.assert_membership_started_today(self.krophil, role=3)
-
-    def test_add_unauthorized_members(self):
-        """Test that users who are not currently subscribed
-        cannot be members of clubs.
-        """
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.public.id, "role": 1},
-        )
-        assert not self.public.memberships.filter(club=self.club).exists()
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-
-        response = self.client.post(
-            self.members_url,
-            {"users": self.old_subscriber.id, "role": 1},
-        )
-        assert not self.public.memberships.filter(club=self.club).exists()
-        assert self.club.get_membership_for(self.public) is None
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-
-    def test_add_members_already_members(self):
-        """Test that users who are already members of a club
-        cannot be added again to this club.
-        """
-        self.client.force_login(self.root)
-        current_membership = self.skia.memberships.ongoing().get(club=self.club)
-        nb_memberships = self.skia.memberships.count()
-        self.client.post(
-            self.members_url,
-            {"users": self.skia.id, "role": current_membership.role + 1},
-        )
-        self.skia.refresh_from_db()
-        assert nb_memberships == self.skia.memberships.count()
-        new_membership = self.skia.memberships.ongoing().get(club=self.club)
-        assert current_membership == new_membership
-        assert self.club.get_membership_for(self.skia) == new_membership
-
-    def test_add_not_existing_users(self):
-        """Test that not existing users cannot be added in clubs.
-        If one user in the request is invalid, no membership creation at all
-        can take place.
-        """
-        self.client.force_login(self.root)
-        nb_memberships = self.club.members.count()
-        response = self.client.post(
-            self.members_url,
-            {"users": [9999], "role": 1},
-        )
-        assert response.status_code == 200
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-        self.club.refresh_from_db()
-        assert self.club.members.count() == nb_memberships
-        response = self.client.post(
-            self.members_url,
-            {
-                "users": (self.subscriber.id, 9999),
-                "start_date": "12/06/2016",
-                "role": 3,
-            },
-        )
-        assert response.status_code == 200
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-        self.club.refresh_from_db()
-        assert self.club.members.count() == nb_memberships
-
-    def test_president_add_members(self):
-        """Test that the president of the club can add members."""
-        president = self.club.members.get(role=10).user
-        nb_club_membership = self.club.members.count()
-        nb_subscriber_memberships = self.subscriber.memberships.count()
-        self.client.force_login(president)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "role": 9},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.club.refresh_from_db()
-        self.subscriber.refresh_from_db()
-        assert self.club.members.count() == nb_club_membership + 1
-        assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
-        self.assert_membership_started_today(self.subscriber, role=9)
-
-    def test_add_member_greater_role(self):
-        """Test that a member of the club member cannot create
-        a membership with a greater role than its own.
-        """
-        self.client.force_login(self.skia)
-        nb_memberships = self.club.members.count()
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "role": 10},
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            "<li>Vous n'avez pas la permission de faire cela</li>",
-            response.content.decode(),
-        )
-        self.club.refresh_from_db()
-        assert nb_memberships == self.club.members.count()
-        assert not self.subscriber.memberships.filter(club=self.club).exists()
-
-    def test_add_member_without_role(self):
-        """Test that trying to add members without specifying their role fails."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "start_date": "12/06/2016"},
-        )
-        assert (
-            '<ul class="errorlist"><li>Vous devez choisir un r'
-            in response.content.decode()
-        )
-
-    def test_end_membership_self(self):
-        """Test that a member can end its own membership."""
-        self.client.force_login(self.skia)
-        self.client.post(
-            self.members_url,
-            {"users_old": self.skia.id},
-        )
-        self.skia.refresh_from_db()
-        self.assert_membership_ended_today(self.skia)
-
-    def test_end_membership_lower_role(self):
-        """Test that board members of the club can end memberships
-        of users with lower roles.
-        """
-        # remainder : skia has role 3, comptable has role 10, richard has role 1
-        self.client.force_login(self.skia)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": self.richard.id},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.club.refresh_from_db()
-        self.assert_membership_ended_today(self.richard)
-
-    def test_end_membership_higher_role(self):
-        """Test that board members of the club cannot end memberships
-        of users with higher roles.
-        """
-        membership = self.comptable.memberships.filter(club=self.club).first()
-        self.client.force_login(self.skia)
-        self.client.post(
-            self.members_url,
-            {"users_old": self.comptable.id},
-        )
-        self.club.refresh_from_db()
-        new_membership = self.club.get_membership_for(self.comptable)
-        assert new_membership is not None
-        assert new_membership == membership
-
-        membership = self.comptable.memberships.filter(club=self.club).first()
-        assert membership.end_date is None
-
-    def test_end_membership_as_main_club_board(self):
-        """Test that board members of the main club can end the membership
-        of anyone.
-        """
-        # make subscriber a board member
-        subscriber = subscriber_user.make()
-        Membership.objects.create(club=self.ae, user=subscriber, role=3)
-
-        nb_memberships = self.club.members.ongoing().count()
-        self.client.force_login(subscriber)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": self.comptable.id},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.assert_membership_ended_today(self.comptable)
-        assert self.club.members.ongoing().count() == nb_memberships - 1
-
-    def test_end_membership_as_root(self):
-        """Test that root users can end the membership of anyone."""
-        nb_memberships = self.club.members.ongoing().count()
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": [self.comptable.id]},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.assert_membership_ended_today(self.comptable)
-        assert self.club.members.ongoing().count() == nb_memberships - 1
-
-    def test_end_membership_as_foreigner(self):
-        """Test that users who are not in this club cannot end its memberships."""
-        nb_memberships = self.club.members.count()
-        membership = self.richard.memberships.filter(club=self.club).first()
-        self.client.force_login(self.subscriber)
-        self.client.post(
-            self.members_url,
-            {"users_old": [self.richard.id]},
-        )
-        # nothing should have changed
-        new_mem = self.club.get_membership_for(self.richard)
-        assert self.club.members.count() == nb_memberships
-        assert membership == new_mem
-
-    def test_delete_remove_from_meta_group(self):
-        """Test that when a club is deleted, all its members are removed from the
-        associated metagroup.
-        """
-        memberships = self.club.members.select_related("user")
-        users = [membership.user for membership in memberships]
-        meta_group = self.club.unix_name + settings.SITH_MEMBER_SUFFIX
-
-        self.club.delete()
-        for user in users:
-            assert not user.is_in_group(name=meta_group)
-
-    def test_add_to_meta_group(self):
-        """Test that when a membership begins, the user is added to the meta group."""
-        group_members = self.club.unix_name + settings.SITH_MEMBER_SUFFIX
-        board_members = self.club.unix_name + settings.SITH_BOARD_SUFFIX
-        assert not self.subscriber.is_in_group(name=group_members)
-        assert not self.subscriber.is_in_group(name=board_members)
-        Membership.objects.create(club=self.club, user=self.subscriber, role=3)
-        assert self.subscriber.is_in_group(name=group_members)
-        assert self.subscriber.is_in_group(name=board_members)
-
-    def test_remove_from_meta_group(self):
-        """Test that when a membership ends, the user is removed from meta group."""
-        group_members = self.club.unix_name + settings.SITH_MEMBER_SUFFIX
-        board_members = self.club.unix_name + settings.SITH_BOARD_SUFFIX
-        assert self.comptable.is_in_group(name=group_members)
-        assert self.comptable.is_in_group(name=board_members)
-        self.comptable.memberships.update(end_date=localtime(now()))
-        assert not self.comptable.is_in_group(name=group_members)
-        assert not self.comptable.is_in_group(name=board_members)
-
-    def test_club_owner(self):
-        """Test that a club is owned only by board members of the main club."""
-        anonymous = AnonymousUser()
-        assert not self.club.is_owned_by(anonymous)
-        assert not self.club.is_owned_by(self.subscriber)
-
-        # make sli a board member
-        self.sli.memberships.all().delete()
-        Membership(club=self.ae, user=self.sli, role=3).save()
-        assert self.club.is_owned_by(self.sli)
-
-
-class TestMailingForm(TestCase):
-    """Perform validation tests for MailingForm."""
-
-    @classmethod
-    def setUpTestData(cls):
-        cls.skia = User.objects.get(username="skia")
-        cls.rbatsbak = User.objects.get(username="rbatsbak")
-        cls.krophil = User.objects.get(username="krophil")
-        cls.comunity = User.objects.get(username="comunity")
-        cls.root = User.objects.get(username="root")
-        cls.bdf = Club.objects.get(unix_name=SITH_BAR_MANAGER["unix_name"])
-        cls.mail_url = reverse("club:mailing", kwargs={"club_id": cls.bdf.id})
-
-    def setUp(self):
-        Membership(
-            user=self.rbatsbak,
-            club=self.bdf,
-            start_date=timezone.now(),
-            role=settings.SITH_CLUB_ROLES_ID["Board member"],
-        ).save()
-
-    def test_mailing_list_add_no_moderation(self):
-        # Test with Communication admin
-        self.client.force_login(self.comunity)
-        response = self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "foyer"},
-        )
-        self.assertRedirects(response, self.mail_url)
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "Liste de diffusion foyer@utbm.fr" in response.content.decode()
-
-        # Test with Root
-        self.client.force_login(self.root)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "Liste de diffusion mde@utbm.fr" in response.content.decode()
-
-    def test_mailing_list_add_moderation(self):
-        self.client.force_login(self.rbatsbak)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "Liste de diffusion mde@utbm.fr" not in content
-        assert "<p>Listes de diffusions en attente de modération</p>" in content
-        assert "<li>mde@utbm.fr" in content
-
-    def test_mailing_list_forbidden(self):
-        # With anonymous user
-        response = self.client.get(self.mail_url)
-        self.assertContains(response, "", status_code=403)
-
-        # With user not in club
-        self.client.force_login(self.krophil)
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 403
-
-    def test_add_new_subscription_fail_not_moderated(self):
-        self.client.force_login(self.rbatsbak)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.skia.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "skia@git.an" not in response.content.decode()
-
-    def test_add_new_subscription_success(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        # Add single user
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.skia.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "skia@git.an" in response.content.decode()
-
-        # Add multiple users
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": (self.comunity.id, self.rbatsbak.id),
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-
-        # Add arbitrary email
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_email": "arbitrary@git.an",
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-        assert "arbitrary@git.an" in content
-
-        # Add user and arbitrary email
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_email": "more.arbitrary@git.an",
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-        assert "arbitrary@git.an" in content
-        assert "more.arbitrary@git.an" in content
-        assert "krophil@git.an" in content
-
-    def test_add_new_subscription_fail_form_errors(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        # Neither email or email is specified
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code
-        self.assertInHTML(
-            _("You must specify at least an user or an email address"),
-            response.content.decode(),
-        )
-
-        # No mailing specified
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-            },
-        )
-        assert response.status_code == 200
-        assert _("This field is required") in response.content.decode()
-
-        # One of the selected users doesn't exist
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": [789],
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("You must specify at least an user or an email address"),
-            response.content.decode(),
-        )
-
-        # An user has no email address
-        self.krophil.email = ""
-        self.krophil.save()
-
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("One of the selected users doesn't have an email address"),
-            response.content.decode(),
-        )
-
-        self.krophil.email = "krophil@git.an"
-        self.krophil.save()
-
-        # An user is added twice
-
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("This email is already suscribed in this mailing"),
-            response.content.decode(),
-        )
-
-    def test_remove_subscription_success(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        mde = Mailing.objects.get(email="mde")
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": (
-                    self.comunity.id,
-                    self.rbatsbak.id,
-                    self.krophil.id,
-                ),
-                "subscription_mailing": mde.id,
-            },
-        )
-
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" in content
-        assert "richard@git.an" in content
-        assert "krophil@git.an" in content
-
-        # Delete one user
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
-                "removal_%d" % mde.id: mde.subscriptions.get(user=self.krophil).id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" in content
-        assert "richard@git.an" in content
-        assert "krophil@git.an" not in content
-
-        # Delete multiple users
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
-                "removal_%d" % mde.id: [
-                    user.id
-                    for user in mde.subscriptions.filter(
-                        user__in=[self.rbatsbak, self.comunity]
-                    ).all()
-                ],
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" not in content
-        assert "richard@git.an" not in content
-        assert "krophil@git.an" not in content
-
-
-class TestClubSellingView(TestCase):
-    """Perform basics tests to ensure that the page is available."""
-
-    @classmethod
-    def setUpTestData(cls):
-        cls.ae = Club.objects.get(unix_name="ae")
-        cls.skia = User.objects.get(username="skia")
-
-    def test_page_not_internal_error(self):
-        """Test that the page does not return and internal error."""
-        self.client.force_login(self.skia)
-        response = self.client.get(
-            reverse("club:club_sellings", kwargs={"club_id": self.ae.id})
-        )
-        assert response.status_code == 200

club/tests/base.py

@@ -0,0 +1,60 @@
+from datetime import timedelta
+
+from django.conf import settings
+from django.core.cache import cache
+from django.test import TestCase
+from django.urls import reverse
+from django.utils.timezone import now
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+
+from club.models import Club, Membership
+from core.baker_recipes import old_subscriber_user, subscriber_user
+from core.models import User
+
+
+class TestClub(TestCase):
+    """Set up data for test cases related to clubs and membership.
+
+    The generated dataset is the one created by the populate command,
+    plus the following modifications :
+
+    - `self.club` is a dummy club
+    - `self.club` has two board members :
+       simple_board_member (role 3) and president (role 10)
+    - `self.club` has one regular member : richard
+    - `self.club` has one former member : sli (who had role 2)
+    - None of the `self.club` members are in the AE club.
+    """
+
+    @classmethod
+    def setUpTestData(cls):
+        # subscribed users - initial members
+        cls.president, cls.simple_board_member = subscriber_user.make(_quantity=2)
+        cls.richard = User.objects.get(username="rbatsbak")
+        cls.sli = User.objects.get(username="sli")
+        cls.root = baker.make(User, is_superuser=True)
+        cls.old_subscriber = old_subscriber_user.make()
+        cls.public = baker.make(User)
+
+        # subscribed users - not initial member
+        cls.krophil = User.objects.get(username="krophil")
+        cls.subscriber = subscriber_user.make()
+
+        cls.ae = Club.objects.get(pk=settings.SITH_MAIN_CLUB_ID)
+        cls.club = baker.make(Club)
+        cls.members_url = reverse("club:club_members", kwargs={"club_id": cls.club.id})
+        a_month_ago = now() - timedelta(days=30)
+        yesterday = now() - timedelta(days=1)
+        membership_recipe = Recipe(Membership, club=cls.club)
+        membership_recipe.make(
+            user=cls.simple_board_member, start_date=a_month_ago, role=3
+        )
+        membership_recipe.make(user=cls.richard, role=1)
+        membership_recipe.make(user=cls.president, start_date=a_month_ago, role=10)
+        membership_recipe.make(  # sli was a member but isn't anymore
+            user=cls.sli, start_date=a_month_ago, end_date=yesterday, role=2
+        )
+
+    def setUp(self):
+        cache.clear()

club/tests/test_club_controller.py

@@ -0,0 +1,43 @@
+from datetime import date, timedelta
+
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+from pytest_django.asserts import assertNumQueries
+
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+class TestFetchClub:
+    @pytest.fixture()
+    def club(self):
+        club = baker.make(Club)
+        last_month = date.today() - timedelta(days=30)
+        yesterday = date.today() - timedelta(days=1)
+        membership_recipe = Recipe(Membership, club=club, start_date=last_month)
+        membership_recipe.make(end_date=None, _quantity=10, _bulk_create=True)
+        membership_recipe.make(end_date=yesterday, _quantity=10, _bulk_create=True)
+        return club
+
+    def test_fetch_club_members(self, client: Client, club: Club):
+        user = subscriber_user.make()
+        client.force_login(user)
+        res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
+        assert res.status_code == 200
+        member_ids = {member["user"]["id"] for member in res.json()["members"]}
+        assert member_ids == set(
+            club.members.ongoing().values_list("user_id", flat=True)
+        )
+
+    def test_fetch_club_nb_queries(self, client: Client, club: Club):
+        user = subscriber_user.make()
+        client.force_login(user)
+        with assertNumQueries(6):
+            # - 4 queries for authentication
+            # - 2 queries for the actual data
+            res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
+            assert res.status_code == 200

club/tests/test_edit.py

@@ -0,0 +1,38 @@
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from pytest_django.asserts import assertRedirects
+
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+def test_club_board_member_cannot_edit_club_properties(client: Client):
+    user = subscriber_user.make()
+    club = baker.make(Club, name="old name", is_active=True, address="old address")
+    baker.make(Membership, club=club, user=user, role=7)
+    client.force_login(user)
+    res = client.post(
+        reverse("club:club_edit", kwargs={"club_id": club.id}),
+        {"name": "new name", "is_active": False, "address": "new address"},
+    )
+    # The request should success,
+    # but admin-only fields shouldn't be taken into account
+    assertRedirects(res, club.get_absolute_url())
+    club.refresh_from_db()
+    assert club.name == "old name"
+    assert club.is_active
+    assert club.address == "new address"
+
+
+@pytest.mark.django_db
+def test_edit_club_page_doesnt_crash(client: Client):
+    """crash test for club:club_edit"""
+    club = baker.make(Club)
+    user = subscriber_user.make()
+    baker.make(Membership, club=club, user=user, role=3)
+    client.force_login(user)
+    res = client.get(reverse("club:club_edit", kwargs={"club_id": club.id}))
+    assert res.status_code == 200

club/tests/test_mailing.py

@@ -0,0 +1,327 @@
+from django.conf import settings
+from django.test import TestCase
+from django.urls import reverse
+from django.utils import timezone
+from django.utils.translation import gettext as _
+
+from club.forms import MailingForm
+from club.models import Club, Mailing, Membership
+from core.models import User
+
+
+class TestMailingForm(TestCase):
+    """Perform validation tests for MailingForm."""
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.skia = User.objects.get(username="skia")
+        cls.rbatsbak = User.objects.get(username="rbatsbak")
+        cls.krophil = User.objects.get(username="krophil")
+        cls.comunity = User.objects.get(username="comunity")
+        cls.root = User.objects.get(username="root")
+        cls.club = Club.objects.get(id=settings.SITH_PDF_CLUB_ID)
+        cls.mail_url = reverse("club:mailing", kwargs={"club_id": cls.club.id})
+        Membership(
+            user=cls.rbatsbak,
+            club=cls.club,
+            start_date=timezone.now(),
+            role=settings.SITH_CLUB_ROLES_ID["Board member"],
+        ).save()
+
+    def test_mailing_list_add_no_moderation(self):
+        # Test with Communication admin
+        self.client.force_login(self.comunity)
+        response = self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "foyer"},
+        )
+        self.assertRedirects(response, self.mail_url)
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "Liste de diffusion foyer@utbm.fr" in response.text
+
+        # Test with Root
+        self.client.force_login(self.root)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "Liste de diffusion mde@utbm.fr" in response.text
+
+    def test_mailing_list_add_moderation(self):
+        self.client.force_login(self.rbatsbak)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "Liste de diffusion mde@utbm.fr" not in content
+        assert "<p>Listes de diffusions en attente de modération</p>" in content
+        assert "<li>mde@utbm.fr" in content
+
+    def test_mailing_list_forbidden(self):
+        # With anonymous user
+        response = self.client.get(self.mail_url)
+        self.assertContains(response, "", status_code=403)
+
+        # With user not in club
+        self.client.force_login(self.krophil)
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 403
+
+    def test_add_new_subscription_fail_not_moderated(self):
+        self.client.force_login(self.rbatsbak)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.skia.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "skia@git.an" not in response.text
+
+    def test_add_new_subscription_success(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        # Add single user
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.skia.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "skia@git.an" in response.text
+
+        # Add multiple users
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": (self.comunity.id, self.rbatsbak.id),
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+
+        # Add arbitrary email
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_email": "arbitrary@git.an",
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+        assert "arbitrary@git.an" in content
+
+        # Add user and arbitrary email
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_email": "more.arbitrary@git.an",
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+        assert "arbitrary@git.an" in content
+        assert "more.arbitrary@git.an" in content
+        assert "krophil@git.an" in content
+
+    def test_add_new_subscription_fail_form_errors(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        # Neither email or email is specified
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code
+        self.assertInHTML(
+            _("You must specify at least an user or an email address"),
+            response.text,
+        )
+
+        # No mailing specified
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+            },
+        )
+        assert response.status_code == 200
+        assert _("This field is required") in response.text
+
+        # One of the selected users doesn't exist
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": [789],
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("You must specify at least an user or an email address"),
+            response.text,
+        )
+
+        # An user has no email address
+        self.krophil.email = ""
+        self.krophil.save()
+
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("One of the selected users doesn't have an email address"),
+            response.text,
+        )
+
+        self.krophil.email = "krophil@git.an"
+        self.krophil.save()
+
+        # An user is added twice
+
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("This email is already suscribed in this mailing"),
+            response.text,
+        )
+
+    def test_remove_subscription_success(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        mde = Mailing.objects.get(email="mde")
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": (
+                    self.comunity.id,
+                    self.rbatsbak.id,
+                    self.krophil.id,
+                ),
+                "subscription_mailing": mde.id,
+            },
+        )
+
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" in content
+        assert "richard@git.an" in content
+        assert "krophil@git.an" in content
+
+        # Delete one user
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
+                "removal_%d" % mde.id: mde.subscriptions.get(user=self.krophil).id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" in content
+        assert "richard@git.an" in content
+        assert "krophil@git.an" not in content
+
+        # Delete multiple users
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
+                "removal_%d" % mde.id: [
+                    user.id
+                    for user in mde.subscriptions.filter(
+                        user__in=[self.rbatsbak, self.comunity]
+                    ).all()
+                ],
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" not in content
+        assert "richard@git.an" not in content
+        assert "krophil@git.an" not in content

club/tests/test_membership.py

@@ -0,0 +1,492 @@
+from bs4 import BeautifulSoup
+from django.conf import settings
+from django.core.cache import cache
+from django.db.models import Max
+from django.urls import reverse
+from django.utils.timezone import localdate, localtime, now
+from model_bakery import baker
+
+from club.forms import ClubMemberForm
+from club.models import Membership
+from club.tests.base import TestClub
+from core.baker_recipes import subscriber_user
+from core.models import AnonymousUser, User
+
+
+class TestMembershipQuerySet(TestClub):
+    def test_ongoing(self):
+        """Test that the ongoing queryset method returns the memberships that
+        are not ended.
+        """
+        current_members = list(self.club.members.ongoing().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+            self.richard.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert current_members == expected
+
+    def test_ongoing_with_membership_ending_today(self):
+        """Test that a membership ending the present day is considered as ended."""
+        today = localdate()
+        self.richard.memberships.filter(club=self.club).update(end_date=today)
+        current_members = list(self.club.members.ongoing().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert current_members == expected
+
+    def test_board(self):
+        """Test that the board queryset method returns the memberships
+        of user in the club board.
+        """
+        board_members = list(self.club.members.board().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+            # sli is no more member, but he was in the board
+            self.sli.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert board_members == expected
+
+    def test_ongoing_board(self):
+        """Test that combining ongoing and board returns users
+        who are currently board members of the club.
+        """
+        members = list(self.club.members.ongoing().board().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert members == expected
+
+    def test_update_invalidate_cache(self):
+        """Test that the `update` queryset method properly invalidate cache."""
+        mem_skia = self.simple_board_member.memberships.get(club=self.club)
+        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
+        self.simple_board_member.memberships.update(end_date=localtime(now()).date())
+        assert (
+            cache.get(f"membership_{mem_skia.club_id}_{mem_skia.user_id}")
+            == "not_member"
+        )
+
+        mem_richard = self.richard.memberships.get(club=self.club)
+        cache.set(
+            f"membership_{mem_richard.club_id}_{mem_richard.user_id}", mem_richard
+        )
+        self.richard.memberships.update(role=5)
+        new_mem = self.richard.memberships.get(club=self.club)
+        assert new_mem != "not_member"
+        assert new_mem.role == 5
+
+    def test_update_change_club_groups(self):
+        """Test that `update` set the user groups accordingly."""
+        user = baker.make(User)
+        membership = baker.make(Membership, end_date=None, user=user, role=5)
+        members_group = membership.club.members_group
+        board_group = membership.club.board_group
+        assert user.groups.contains(members_group)
+        assert user.groups.contains(board_group)
+
+        user.memberships.update(role=1)  # from board to simple member
+        assert user.groups.contains(members_group)
+        assert not user.groups.contains(board_group)
+
+        user.memberships.update(role=5)  # from member to board
+        assert user.groups.contains(members_group)
+        assert user.groups.contains(board_group)
+
+        user.memberships.update(end_date=localdate())  # end the membership
+        assert not user.groups.contains(members_group)
+        assert not user.groups.contains(board_group)
+
+    def test_delete_invalidate_cache(self):
+        """Test that the `delete` queryset properly invalidate cache."""
+        mem_skia = self.simple_board_member.memberships.get(club=self.club)
+        mem_comptable = self.president.memberships.get(club=self.club)
+        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
+        cache.set(
+            f"membership_{mem_comptable.club_id}_{mem_comptable.user_id}", mem_comptable
+        )
+
+        # should delete the subscriptions of simple_board_member and president
+        self.club.members.ongoing().board().delete()
+
+        for membership in (mem_skia, mem_comptable):
+            cached_mem = cache.get(
+                f"membership_{membership.club_id}_{membership.user_id}"
+            )
+            assert cached_mem == "not_member"
+
+    def test_delete_remove_from_groups(self):
+        """Test that `delete` removes from club groups"""
+        user = baker.make(User)
+        memberships = baker.make(Membership, role=iter([1, 5]), user=user, _quantity=2)
+        club_groups = {
+            memberships[0].club.members_group,
+            memberships[1].club.members_group,
+            memberships[1].club.board_group,
+        }
+        assert set(user.groups.all()).issuperset(club_groups)
+        user.memberships.all().delete()
+        assert set(user.groups.all()).isdisjoint(club_groups)
+
+
+class TestMembership(TestClub):
+    def assert_membership_started_today(self, user: User, role: int):
+        """Assert that the given membership is active and started today."""
+        membership = user.memberships.ongoing().filter(club=self.club).first()
+        assert membership is not None
+        assert localtime(now()).date() == membership.start_date
+        assert membership.end_date is None
+        assert membership.role == role
+        assert membership.club.get_membership_for(user) == membership
+        assert user.is_in_group(pk=self.club.members_group_id)
+        assert user.is_in_group(pk=self.club.board_group_id)
+
+    def assert_membership_ended_today(self, user: User):
+        """Assert that the given user have a membership which ended today."""
+        today = localtime(now()).date()
+        assert user.memberships.filter(club=self.club, end_date=today).exists()
+        assert self.club.get_membership_for(user) is None
+
+    def test_access_unauthorized(self):
+        """Test that users who never subscribed and anonymous users
+        cannot see the page.
+        """
+        response = self.client.post(self.members_url)
+        assert response.status_code == 403
+
+        self.client.force_login(self.public)
+        response = self.client.post(self.members_url)
+        assert response.status_code == 403
+
+    def test_display(self):
+        """Test that a GET request return a page where the requested
+        information are displayed.
+        """
+        self.client.force_login(self.simple_board_member)
+        response = self.client.get(self.members_url)
+        assert response.status_code == 200
+        soup = BeautifulSoup(response.text, "lxml")
+        table = soup.find("table", id="club_members_table")
+        assert [r.text for r in table.find("thead").find_all("td")] == [
+            "Utilisateur",
+            "Rôle",
+            "Description",
+            "Depuis",
+            "Marquer comme ancien",
+        ]
+        rows = table.find("tbody").find_all("tr")
+        memberships = self.club.members.ongoing().order_by("-role")
+        for row, membership in zip(
+            rows, memberships.select_related("user"), strict=False
+        ):
+            user = membership.user
+            user_url = reverse("core:user_profile", args=[user.id])
+            cols = row.find_all("td")
+            user_link = cols[0].find("a")
+            assert user_link.attrs["href"] == user_url
+            assert user_link.text == user.get_display_name()
+            assert cols[1].text == settings.SITH_CLUB_ROLES[membership.role]
+            assert cols[2].text == membership.description
+            assert cols[3].text == str(membership.start_date)
+
+            if membership.role <= 3:  # 3 is the role of simple_board_member
+                form_input = cols[4].find("input")
+                expected_attrs = {
+                    "type": "checkbox",
+                    "name": "users_old",
+                    "value": str(user.id),
+                }
+                assert form_input.attrs.items() >= expected_attrs.items()
+            else:
+                assert cols[4].find_all() == []
+
+    def test_root_add_one_club_member(self):
+        """Test that root users can add members to clubs, one at a time."""
+        self.client.force_login(self.root)
+        response = self.client.post(
+            self.members_url,
+            {"users": [self.subscriber.id], "role": 3},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.subscriber.refresh_from_db()
+        self.assert_membership_started_today(self.subscriber, role=3)
+
+    def test_root_add_multiple_club_member(self):
+        """Test that root users can add multiple members at once to clubs."""
+        self.client.force_login(self.root)
+        response = self.client.post(
+            self.members_url,
+            {
+                "users": (self.subscriber.id, self.krophil.id),
+                "role": 3,
+            },
+        )
+        self.assertRedirects(response, self.members_url)
+        self.subscriber.refresh_from_db()
+        self.assert_membership_started_today(self.subscriber, role=3)
+        self.assert_membership_started_today(self.krophil, role=3)
+
+    def test_add_unauthorized_members(self):
+        """Test that users who are not currently subscribed
+        cannot be members of clubs.
+        """
+        for user in self.public, self.old_subscriber:
+            form = ClubMemberForm(
+                data={"users": [user.id], "role": 1},
+                request_user=self.root,
+                club=self.club,
+            )
+
+            assert not form.is_valid()
+            assert form.errors == {
+                "users": [
+                    "L'utilisateur doit être cotisant pour faire partie d'un club"
+                ]
+            }
+
+    def test_add_members_already_members(self):
+        """Test that users who are already members of a club
+        cannot be added again to this club.
+        """
+        self.client.force_login(self.root)
+        current_membership = self.simple_board_member.memberships.ongoing().get(
+            club=self.club
+        )
+        nb_memberships = self.simple_board_member.memberships.count()
+        self.client.post(
+            self.members_url,
+            {"users": self.simple_board_member.id, "role": current_membership.role + 1},
+        )
+        self.simple_board_member.refresh_from_db()
+        assert nb_memberships == self.simple_board_member.memberships.count()
+        new_membership = self.simple_board_member.memberships.ongoing().get(
+            club=self.club
+        )
+        assert current_membership == new_membership
+        assert self.club.get_membership_for(self.simple_board_member) == new_membership
+
+    def test_add_not_existing_users(self):
+        """Test that not existing users cannot be added in clubs.
+        If one user in the request is invalid, no membership creation at all
+        can take place.
+        """
+        nb_memberships = self.club.members.count()
+        max_id = User.objects.aggregate(id=Max("id"))["id"]
+        for members in [max_id + 1], [max_id + 1, self.subscriber.id]:
+            form = ClubMemberForm(
+                data={"users": members, "role": 1},
+                request_user=self.root,
+                club=self.club,
+            )
+            assert not form.is_valid()
+            assert form.errors == {
+                "users": [
+                    "Sélectionnez un choix valide. "
+                    f"{max_id + 1} n\u2019en fait pas partie."
+                ]
+            }
+        self.club.refresh_from_db()
+        assert self.club.members.count() == nb_memberships
+
+    def test_president_add_members(self):
+        """Test that the president of the club can add members."""
+        president = self.club.members.get(role=10).user
+        nb_club_membership = self.club.members.count()
+        nb_subscriber_memberships = self.subscriber.memberships.count()
+        self.client.force_login(president)
+        response = self.client.post(
+            self.members_url,
+            {"users": self.subscriber.id, "role": 9},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.club.refresh_from_db()
+        self.subscriber.refresh_from_db()
+        assert self.club.members.count() == nb_club_membership + 1
+        assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
+        self.assert_membership_started_today(self.subscriber, role=9)
+
+    def test_add_member_greater_role(self):
+        """Test that a member of the club member cannot create
+        a membership with a greater role than its own.
+        """
+        form = ClubMemberForm(
+            data={"users": [self.subscriber.id], "role": 10},
+            request_user=self.simple_board_member,
+            club=self.club,
+        )
+        nb_memberships = self.club.members.count()
+
+        assert not form.is_valid()
+        assert form.errors == {
+            "__all__": ["Vous n'avez pas la permission de faire cela"]
+        }
+        self.club.refresh_from_db()
+        assert nb_memberships == self.club.members.count()
+        assert not self.subscriber.memberships.filter(club=self.club).exists()
+
+    def test_add_member_without_role(self):
+        """Test that trying to add members without specifying their role fails."""
+        self.client.force_login(self.root)
+        form = ClubMemberForm(
+            data={"users": [self.subscriber.id]},
+            request_user=self.simple_board_member,
+            club=self.club,
+        )
+
+        assert not form.is_valid()
+        assert form.errors == {"role": ["Vous devez choisir un rôle"]}
+
+    def test_end_membership_self(self):
+        """Test that a member can end its own membership."""
+        self.client.force_login(self.simple_board_member)
+        self.client.post(
+            self.members_url,
+            {"users_old": self.simple_board_member.id},
+        )
+        self.simple_board_member.refresh_from_db()
+        self.assert_membership_ended_today(self.simple_board_member)
+
+    def test_end_membership_lower_role(self):
+        """Test that board members of the club can end memberships
+        of users with lower roles.
+        """
+        # remainder : simple_board_member has role 3, president has role 10, richard has role 1
+        self.client.force_login(self.simple_board_member)
+        response = self.client.post(
+            self.members_url,
+            {"users_old": self.richard.id},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.club.refresh_from_db()
+        self.assert_membership_ended_today(self.richard)
+
+    def test_end_membership_higher_role(self):
+        """Test that board members of the club cannot end memberships
+        of users with higher roles.
+        """
+        membership = self.president.memberships.filter(club=self.club).first()
+        self.client.force_login(self.simple_board_member)
+        self.client.post(
+            self.members_url,
+            {"users_old": self.president.id},
+        )
+        self.club.refresh_from_db()
+        new_membership = self.club.get_membership_for(self.president)
+        assert new_membership is not None
+        assert new_membership == membership
+
+        membership = self.president.memberships.filter(club=self.club).first()
+        assert membership.end_date is None
+
+    def test_end_membership_as_main_club_board(self):
+        """Test that board members of the main club can end the membership
+        of anyone.
+        """
+        # make subscriber a board member
+        subscriber = subscriber_user.make()
+        Membership.objects.create(club=self.ae, user=subscriber, role=3)
+
+        nb_memberships = self.club.members.ongoing().count()
+        self.client.force_login(subscriber)
+        response = self.client.post(
+            self.members_url,
+            {"users_old": self.president.id},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.assert_membership_ended_today(self.president)
+        assert self.club.members.ongoing().count() == nb_memberships - 1
+
+    def test_end_membership_as_root(self):
+        """Test that root users can end the membership of anyone."""
+        nb_memberships = self.club.members.ongoing().count()
+        self.client.force_login(self.root)
+        response = self.client.post(
+            self.members_url,
+            {"users_old": [self.president.id]},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.assert_membership_ended_today(self.president)
+        assert self.club.members.ongoing().count() == nb_memberships - 1
+
+    def test_end_membership_as_foreigner(self):
+        """Test that users who are not in this club cannot end its memberships."""
+        nb_memberships = self.club.members.count()
+        membership = self.richard.memberships.filter(club=self.club).first()
+        self.client.force_login(self.subscriber)
+        self.client.post(
+            self.members_url,
+            {"users_old": [self.richard.id]},
+        )
+        # nothing should have changed
+        new_mem = self.club.get_membership_for(self.richard)
+        assert self.club.members.count() == nb_memberships
+        assert membership == new_mem
+
+    def test_remove_from_club_group(self):
+        """Test that when a membership ends, the user is removed from club groups."""
+        user = baker.make(User)
+        baker.make(Membership, user=user, club=self.club, end_date=None, role=3)
+        assert user.groups.contains(self.club.members_group)
+        assert user.groups.contains(self.club.board_group)
+        user.memberships.update(end_date=localdate())
+        assert not user.groups.contains(self.club.members_group)
+        assert not user.groups.contains(self.club.board_group)
+
+    def test_add_to_club_group(self):
+        """Test that when a membership begins, the user is added to the club group."""
+        assert not self.subscriber.groups.contains(self.club.members_group)
+        assert not self.subscriber.groups.contains(self.club.board_group)
+        baker.make(Membership, club=self.club, user=self.subscriber, role=3)
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert self.subscriber.groups.contains(self.club.board_group)
+
+    def test_change_position_in_club(self):
+        """Test that when moving from board to members, club group change"""
+        membership = baker.make(
+            Membership, club=self.club, user=self.subscriber, role=3
+        )
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert self.subscriber.groups.contains(self.club.board_group)
+        membership.role = 1
+        membership.save()
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert not self.subscriber.groups.contains(self.club.board_group)
+
+    def test_club_owner(self):
+        """Test that a club is owned only by board members of the main club."""
+        anonymous = AnonymousUser()
+        assert not self.club.is_owned_by(anonymous)
+        assert not self.club.is_owned_by(self.subscriber)
+
+        # make sli a board member
+        self.sli.memberships.all().delete()
+        Membership(club=self.ae, user=self.sli, role=3).save()
+        assert self.club.is_owned_by(self.sli)
+
+    def test_change_club_name(self):
+        """Test that changing the club name doesn't break things."""
+        members_group = self.club.members_group
+        board_group = self.club.board_group
+        initial_members = set(members_group.users.values_list("id", flat=True))
+        initial_board = set(board_group.users.values_list("id", flat=True))
+        self.club.name = "something else"
+        self.club.save()
+        self.club.refresh_from_db()
+
+        # The names should have changed, but not the ids nor the group members
+        assert self.club.members_group.name == "something else - Membres"
+        assert self.club.board_group.name == "something else - Bureau"
+        assert self.club.members_group.id == members_group.id
+        assert self.club.board_group.id == board_group.id
+        new_members = set(self.club.members_group.users.values_list("id", flat=True))
+        new_board = set(self.club.board_group.users.values_list("id", flat=True))
+        assert new_members == initial_members
+        assert new_board == initial_board

club/tests/test_page.py

@@ -0,0 +1,39 @@
+import pytest
+from bs4 import BeautifulSoup
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from pytest_django.asserts import assertHTMLEqual
+
+from club.models import Club
+from core.markdown import markdown
+from core.models import PageRev, User
+
+
+@pytest.mark.django_db
+def test_page_display_on_club_main_page(client: Client):
+    """Test the club Page is properly displayed on the club main view"""
+    club = baker.make(Club)
+    content = "# foo\nLorem ipsum dolor sit amet"
+    baker.make(PageRev, page=club.page, revision=1, content=content)
+    client.force_login(baker.make(User))
+    res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
+
+    assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(id="club_detail").find(class_="markdown")
+    assertHTMLEqual(detail_html.decode_contents(), markdown(content))
+
+
+@pytest.mark.django_db
+def test_club_main_page_without_content(client: Client):
+    """Test the club view works, even if the club page is empty"""
+    club = baker.make(Club)
+    club.page.revisions.all().delete()
+    client.force_login(baker.make(User))
+    res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
+
+    assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(id="club_detail")
+    assert detail_html.find_all("markdown") == []

club/tests/test_sales.py

@@ -0,0 +1,38 @@
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+
+from club.forms import SellingsForm
+from club.models import Club
+from core.models import User
+from counter.baker_recipes import product_recipe, sale_recipe
+from counter.models import Counter, Customer
+
+
+@pytest.mark.django_db
+def test_sales_page_doesnt_crash(client: Client):
+    club = baker.make(Club)
+    admin = baker.make(User, is_superuser=True)
+    client.force_login(admin)
+    response = client.get(reverse("club:club_sellings", kwargs={"club_id": club.id}))
+    assert response.status_code == 200
+
+
+@pytest.mark.django_db
+def test_sales_form_counter_filter():
+    """Test that counters are properly filtered in SellingsForm"""
+    club = baker.make(Club)
+    counters = baker.make(
+        Counter, _quantity=5, _bulk_create=True, name=iter(["Z", "a", "B", "e", "f"])
+    )
+    counters[0].club = club
+    counters[0].save()
+    sale_recipe.make(
+        counter=counters[1], club=club, unit_price=0, customer=baker.make(Customer)
+    )
+    product_recipe.make(counters=[counters[2]], club=club)
+
+    form = SellingsForm(club)
+    form_counters = list(form.fields["counters"].queryset)
+    assert form_counters == [counters[1], counters[2], counters[0]]

club/urls.py

@@ -26,7 +26,6 @@ from django.urls import path
 
 from club.views import (
     ClubCreateView,
-    ClubEditPropView,
     ClubEditView,
     ClubListView,
     ClubMailingView,
@@ -37,7 +36,6 @@ from club.views import (
     ClubRevView,
     ClubSellingCSVView,
     ClubSellingView,
-    ClubStatView,
     ClubToolsView,
     ClubView,
     MailingAutoGenerationView,
@@ -54,7 +52,6 @@ from club.views import (
 urlpatterns = [
     path("", ClubListView.as_view(), name="club_list"),
     path("new/", ClubCreateView.as_view(), name="club_new"),
-    path("stats/", ClubStatView.as_view(), name="club_stats"),
     path("<int:club_id>/", ClubView.as_view(), name="club_view"),
     path(
         "<int:club_id>/rev/<int:rev_id>/", ClubRevView.as_view(), name="club_view_rev"
@@ -72,7 +69,6 @@ urlpatterns = [
     path(
         "<int:club_id>/sellings/csv/", ClubSellingCSVView.as_view(), name="sellings_csv"
     ),
-    path("<int:club_id>/prop/", ClubEditPropView.as_view(), name="club_prop"),
     path("<int:club_id>/tools/", ClubToolsView.as_view(), name="tools"),
     path("<int:club_id>/mailing/", ClubMailingView.as_view(), name="mailing"),
     path(

club/views.py

@@ -25,6 +25,7 @@
 import csv
 
 from django.conf import settings
+from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
 from django.core.paginator import InvalidPage, Paginator
 from django.db.models import Sum
@@ -36,12 +37,19 @@ from django.http import (
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
+from django.utils.functional import cached_property
 from django.utils.translation import gettext as _t
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import DetailView, ListView, TemplateView, View
+from django.views.generic import DetailView, ListView, View
 from django.views.generic.edit import CreateView, DeleteView, UpdateView
 
-from club.forms import ClubEditForm, ClubMemberForm, MailingForm, SellingsForm
+from club.forms import (
+    ClubAdminEditForm,
+    ClubEditForm,
+    ClubMemberForm,
+    MailingForm,
+    SellingsForm,
+)
 from club.models import Club, Mailing, MailingSubscription, Membership
 from com.views import (
     PosterCreateBaseView,
@@ -49,17 +57,10 @@ from com.views import (
     PosterEditBaseView,
     PosterListBaseView,
 )
+from core.auth.mixins import CanCreateMixin, CanEditMixin, CanViewMixin
 from core.models import PageRev
-from core.views import (
-    CanCreateMixin,
-    CanEditMixin,
-    CanEditPropMixin,
-    CanViewMixin,
-    DetailFormView,
-    PageEditViewBase,
-    TabedViewMixin,
-    UserIsRootMixin,
-)
+from core.views import DetailFormView, PageEditViewBase
+from core.views.mixins import TabedViewMixin
 from counter.models import Selling
 
 
@@ -71,32 +72,31 @@ class ClubTabsMixin(TabedViewMixin):
         return self.object.get_display_name()
 
     def get_list_of_tabs(self):
-        tab_list = []
-        tab_list.append(
+        tab_list = [
             {
                 "url": reverse("club:club_view", kwargs={"club_id": self.object.id}),
                 "slug": "infos",
                 "name": _("Infos"),
             }
-        )
+        ]
         if self.request.user.can_view(self.object):
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_members", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "members",
-                    "name": _("Members"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_old_members", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "elderlies",
-                    "name": _("Old members"),
-                }
+            tab_list.extend(
+                [
+                    {
+                        "url": reverse(
+                            "club:club_members", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "members",
+                        "name": _("Members"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:club_old_members", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "elderlies",
+                        "name": _("Old members"),
+                    },
+                ]
             )
         if self.object.page:
             tab_list.append(
@@ -109,21 +109,23 @@ class ClubTabsMixin(TabedViewMixin):
                 }
             )
         if self.request.user.can_edit(self.object):
-            tab_list.append(
-                {
-                    "url": reverse("club:tools", kwargs={"club_id": self.object.id}),
-                    "slug": "tools",
-                    "name": _("Tools"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_edit", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "edit",
-                    "name": _("Edit"),
-                }
+            tab_list.extend(
+                [
+                    {
+                        "url": reverse(
+                            "club:tools", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "tools",
+                        "name": _("Tools"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:club_edit", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "edit",
+                        "name": _("Edit"),
+                    },
+                ]
             )
             if self.object.page and self.request.user.can_edit(self.object.page):
                 tab_list.append(
@@ -136,40 +138,30 @@ class ClubTabsMixin(TabedViewMixin):
                         "name": _("Edit club page"),
                     }
                 )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_sellings", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "sellings",
-                    "name": _("Sellings"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse("club:mailing", kwargs={"club_id": self.object.id}),
-                    "slug": "mailing",
-                    "name": _("Mailing list"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:poster_list", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "posters",
-                    "name": _("Posters list"),
-                }
-            )
-        if self.request.user.is_owner(self.object):
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_prop", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "props",
-                    "name": _("Props"),
-                }
+            tab_list.extend(
+                [
+                    {
+                        "url": reverse(
+                            "club:club_sellings", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "sellings",
+                        "name": _("Sellings"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:mailing", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "mailing",
+                        "name": _("Mailing list"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:poster_list", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "posters",
+                        "name": _("Posters list"),
+                    },
+                ]
             )
         return tab_list
 
@@ -191,8 +183,12 @@ class ClubView(ClubTabsMixin, DetailView):
 
     def get_context_data(self, **kwargs):
         kwargs = super().get_context_data(**kwargs)
-        if self.object.page and self.object.page.revisions.exists():
-            kwargs["page_revision"] = self.object.page.revisions.last().content
+        kwargs["page_revision"] = (
+            PageRev.objects.filter(page_id=self.object.page_id)
+            .order_by("-date")
+            .values_list("content", flat=True)
+            .first()
+        )
         return kwargs
 
 
@@ -255,15 +251,19 @@ class ClubMembersView(ClubTabsMixin, CanViewMixin, DetailFormView):
     template_name = "club/club_members.jinja"
     current_tab = "members"
 
+    @cached_property
+    def members(self) -> list[Membership]:
+        return list(self.object.members.ongoing().order_by("-role"))
+
     def get_form_kwargs(self):
         kwargs = super().get_form_kwargs()
         kwargs["request_user"] = self.request.user
-        kwargs["club"] = self.get_object()
+        kwargs["club"] = self.object
         kwargs["club_members"] = self.members
         return kwargs
 
-    def get_context_data(self, *args, **kwargs):
-        kwargs = super().get_context_data(*args, **kwargs)
+    def get_context_data(self, **kwargs):
+        kwargs = super().get_context_data(**kwargs)
         kwargs["members"] = self.members
         return kwargs
 
@@ -275,21 +275,15 @@ class ClubMembersView(ClubTabsMixin, CanViewMixin, DetailFormView):
         users = data.pop("users", [])
         users_old = data.pop("users_old", [])
         for user in users:
-            Membership(club=self.get_object(), user=user, **data).save()
+            Membership(club=self.object, user=user, **data).save()
         for user in users_old:
-            membership = self.get_object().get_membership_for(user)
+            membership = self.object.get_membership_for(user)
             membership.end_date = timezone.now()
             membership.save()
         return resp
 
-    def dispatch(self, request, *args, **kwargs):
-        self.members = self.get_object().members.ongoing().order_by("-role")
-        return super().dispatch(request, *args, **kwargs)
-
     def get_success_url(self, **kwargs):
-        return reverse_lazy(
-            "club:club_members", kwargs={"club_id": self.get_object().id}
-        )
+        return self.request.path
 
 
 class ClubOldMembersView(ClubTabsMixin, CanViewMixin, DetailView):
@@ -456,32 +450,33 @@ class ClubSellingCSVView(ClubSellingView):
 
 
 class ClubEditView(ClubTabsMixin, CanEditMixin, UpdateView):
-    """Edit a Club's main informations (for the club's members)."""
+    """Edit a Club.
+
+    Regular club board members will be able to edit the main infos
+    (like the logo and the description).
+    Admins will also be able to edit the club properties
+    (like the name and the parent club).
+    """
 
     model = Club
     pk_url_kwarg = "club_id"
-    form_class = ClubEditForm
-    template_name = "core/edit.jinja"
+    template_name = "club/edit_club.jinja"
     current_tab = "edit"
 
-
-class ClubEditPropView(ClubTabsMixin, CanEditPropMixin, UpdateView):
-    """Edit the properties of a Club object (for the Sith admins)."""
-
-    model = Club
-    pk_url_kwarg = "club_id"
-    fields = ["name", "unix_name", "parent", "is_active"]
-    template_name = "core/edit.jinja"
-    current_tab = "props"
+    def get_form_class(self):
+        if self.object.is_owned_by(self.request.user):
+            return ClubAdminEditForm
+        return ClubEditForm
 
 
-class ClubCreateView(CanCreateMixin, CreateView):
+class ClubCreateView(PermissionRequiredMixin, CreateView):
     """Create a club (for the Sith admin)."""
 
     model = Club
     pk_url_kwarg = "club_id"
-    fields = ["name", "unix_name", "parent"]
-    template_name = "core/edit.jinja"
+    fields = ["name", "parent"]
+    template_name = "core/create.jinja"
+    permission_required = "club.add_club"
 
 
 class MembershipSetOldView(CanEditMixin, DetailView):
@@ -513,26 +508,18 @@ class MembershipSetOldView(CanEditMixin, DetailView):
         )
 
 
-class MembershipDeleteView(UserIsRootMixin, DeleteView):
+class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
     """Delete a membership (for admins only)."""
 
     model = Membership
     pk_url_kwarg = "membership_id"
     template_name = "core/delete_confirm.jinja"
+    permission_required = "club.delete_membership"
 
     def get_success_url(self):
         return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})
 
 
-class ClubStatView(TemplateView):
-    template_name = "club/stats.jinja"
-
-    def get_context_data(self, **kwargs):
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["club_list"] = Club.objects.all()
-        return kwargs
-
-
 class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
     """A list of mailing for a given club."""
 
@@ -544,26 +531,19 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
 
     def get_form_kwargs(self):
         kwargs = super().get_form_kwargs()
-        kwargs["club_id"] = self.get_object().id
+        kwargs["club_id"] = self.object.id
         kwargs["user_id"] = self.request.user.id
-        kwargs["mailings"] = self.mailings
+        kwargs["mailings"] = self.object.mailings.all()
         return kwargs
 
-    def dispatch(self, request, *args, **kwargs):
-        self.mailings = Mailing.objects.filter(club_id=self.get_object().id).all()
-        return super().dispatch(request, *args, **kwargs)
-
     def get_context_data(self, **kwargs):
         kwargs = super().get_context_data(**kwargs)
-        kwargs["club"] = self.get_object()
+        mailings = list(self.object.mailings.all())
+        kwargs["club"] = self.object
         kwargs["user"] = self.request.user
-        kwargs["mailings"] = self.mailings
-        kwargs["mailings_moderated"] = (
-            kwargs["mailings"].exclude(is_moderated=False).all()
-        )
-        kwargs["mailings_not_moderated"] = (
-            kwargs["mailings"].exclude(is_moderated=True).all()
-        )
+        kwargs["mailings"] = mailings
+        kwargs["mailings_moderated"] = [m for m in mailings if m.is_moderated]
+        kwargs["mailings_not_moderated"] = [m for m in mailings if not m.is_moderated]
         kwargs["form_actions"] = {
             "NEW_MALING": self.form_class.ACTION_NEW_MAILING,
             "NEW_SUBSCRIPTION": self.form_class.ACTION_NEW_SUBSCRIPTION,
@@ -574,7 +554,7 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
     def add_new_mailing(self, cleaned_data) -> ValidationError | None:
         """Create a new mailing list from the form."""
         mailing = Mailing(
-            club=self.get_object(),
+            club=self.object,
             email=cleaned_data["mailing_email"],
             moderator=self.request.user,
             is_moderated=False,
@@ -651,7 +631,7 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
         return resp
 
     def get_success_url(self, **kwargs):
-        return reverse_lazy("club:mailing", kwargs={"club_id": self.get_object().id})
+        return reverse("club:mailing", kwargs={"club_id": self.object.id})
 
 
 class MailingDeleteView(CanEditMixin, DeleteView):

club/widgets/ajax_select.py

@@ -1,8 +1,11 @@
 from pydantic import TypeAdapter
 
 from club.models import Club
-from club.schemas import ClubSchema
-from core.views.widgets.select import AutoCompleteSelect, AutoCompleteSelectMultiple
+from club.schemas import SimpleClubSchema
+from core.views.widgets.ajax_select import (
+    AutoCompleteSelect,
+    AutoCompleteSelectMultiple,
+)
 
 _js = ["bundled/club/components/ajax-select-index.ts"]
 
@@ -10,7 +13,7 @@ _js = ["bundled/club/components/ajax-select-index.ts"]
 class AutoCompleteSelectClub(AutoCompleteSelect):
     component_name = "club-ajax-select"
     model = Club
-    adapter = TypeAdapter(list[ClubSchema])
+    adapter = TypeAdapter(list[SimpleClubSchema])
 
     js = _js
 
@@ -18,6 +21,6 @@ class AutoCompleteSelectClub(AutoCompleteSelect):
 class AutoCompleteSelectMultipleClub(AutoCompleteSelectMultiple):
     component_name = "club-ajax-select"
     model = Club
-    adapter = TypeAdapter(list[ClubSchema])
+    adapter = TypeAdapter(list[SimpleClubSchema])
 
     js = _js

com/admin.py

@@ -13,17 +13,25 @@
 #
 #
 from django.contrib import admin
+from django.contrib.admin import TabularInline
 from haystack.admin import SearchModelAdmin
 
-from com.models import News, Poster, Screen, Sith, Weekmail
+from com.models import News, NewsDate, Poster, Screen, Sith, Weekmail
+
+
+class NewsDateInline(TabularInline):
+    model = NewsDate
+    extra = 0
 
 
 @admin.register(News)
 class NewsAdmin(SearchModelAdmin):
-    list_display = ("title", "type", "club", "author")
+    list_display = ("title", "club", "author")
     search_fields = ("title", "summary", "content")
     autocomplete_fields = ("author", "moderator")
 
+    inlines = [NewsDateInline]
+
 
 @admin.register(Poster)
 class PosterAdmin(SearchModelAdmin):

com/api.py

@@ -0,0 +1,90 @@
+from typing import Literal
+
+from django.http import HttpResponse
+from django.utils.cache import add_never_cache_headers
+from ninja import Query
+from ninja_extra import ControllerBase, api_controller, paginate, route
+from ninja_extra.pagination import PageNumberPaginationExtra
+from ninja_extra.permissions import IsAuthenticated
+from ninja_extra.schemas import PaginatedResponseSchema
+
+from api.permissions import HasPerm
+from com.ics_calendar import IcsCalendar
+from com.models import News, NewsDate
+from com.schemas import NewsDateFilterSchema, NewsDateSchema
+from core.views.files import send_raw_file
+
+
+@api_controller("/calendar")
+class CalendarController(ControllerBase):
+    @route.get("/internal.ics", url_name="calendar_internal")
+    def calendar_internal(self):
+        response = send_raw_file(IcsCalendar.get_internal())
+        add_never_cache_headers(response)
+        return response
+
+    @route.get(
+        "/unpublished.ics",
+        permissions=[IsAuthenticated],
+        url_name="calendar_unpublished",
+    )
+    def calendar_unpublished(self):
+        response = HttpResponse(
+            IcsCalendar.get_unpublished(self.context.request.user),
+            content_type="text/calendar",
+        )
+        add_never_cache_headers(response)
+        return response
+
+
+@api_controller("/news")
+class NewsController(ControllerBase):
+    @route.patch(
+        "/{int:news_id}/publish",
+        permissions=[HasPerm("com.moderate_news")],
+        url_name="moderate_news",
+    )
+    def publish_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        if not news.is_published:
+            news.is_published = True
+            news.moderator = self.context.request.user
+            news.save()
+
+    @route.patch(
+        "/{int:news_id}/unpublish",
+        permissions=[HasPerm("com.moderate_news")],
+        url_name="unpublish_news",
+    )
+    def unpublish_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        if news.is_published:
+            news.is_published = False
+            news.moderator = self.context.request.user
+            news.save()
+
+    @route.delete(
+        "/{int:news_id}",
+        permissions=[HasPerm("com.delete_news")],
+        url_name="delete_news",
+    )
+    def delete_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        news.delete()
+
+    @route.get(
+        "/date",
+        url_name="fetch_news_dates",
+        response=PaginatedResponseSchema[NewsDateSchema],
+    )
+    @paginate(PageNumberPaginationExtra, page_size=50)
+    def fetch_news_dates(
+        self,
+        filters: Query[NewsDateFilterSchema],
+        text_format: Literal["md", "html"] = "md",
+    ):
+        return filters.filter(
+            NewsDate.objects.viewable_by(self.context.request.user)
+            .order_by("start_date")
+            .select_related("news", "news__club")
+        )

com/apps.py

@@ -0,0 +1,9 @@
+from django.apps import AppConfig
+
+
+class ComConfig(AppConfig):
+    name = "com"
+    verbose_name = "News and communication"
+
+    def ready(self):
+        import com.signals  # noqa F401

com/forms.py

@@ -0,0 +1,193 @@
+from datetime import date
+
+from dateutil.relativedelta import relativedelta
+from django import forms
+from django.db.models import Exists, OuterRef
+from django.forms import CheckboxInput
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+
+from club.models import Club
+from club.widgets.ajax_select import AutoCompleteSelectClub
+from com.models import News, NewsDate, Poster
+from core.models import User
+from core.utils import get_end_of_semester
+from core.views.forms import SelectDateTime
+from core.views.widgets.markdown import MarkdownInput
+
+
+class PosterForm(forms.ModelForm):
+    class Meta:
+        model = Poster
+        fields = [
+            "name",
+            "file",
+            "club",
+            "screens",
+            "date_begin",
+            "date_end",
+            "display_time",
+        ]
+        widgets = {"screens": forms.CheckboxSelectMultiple}
+        help_texts = {"file": _("Format: 16:9 | Resolution: 1920x1080")}
+
+    date_begin = forms.DateTimeField(
+        label=_("Start date"),
+        widget=SelectDateTime,
+        required=True,
+        initial=timezone.now().strftime("%Y-%m-%d %H:%M:%S"),
+    )
+    date_end = forms.DateTimeField(
+        label=_("End date"), widget=SelectDateTime, required=False
+    )
+
+    def __init__(self, *args, **kwargs):
+        self.user = kwargs.pop("user", None)
+        super().__init__(*args, **kwargs)
+        if self.user and not self.user.is_com_admin:
+            self.fields["club"].queryset = Club.objects.filter(
+                id__in=self.user.clubs_with_rights
+            )
+            self.fields.pop("display_time")
+
+
+class NewsDateForm(forms.ModelForm):
+    """Form to select the dates of an event."""
+
+    required_css_class = "required"
+
+    class Meta:
+        model = NewsDate
+        fields = ["start_date", "end_date"]
+        widgets = {"start_date": SelectDateTime, "end_date": SelectDateTime}
+
+    is_weekly = forms.BooleanField(
+        label=_("Weekly event"),
+        help_text=_("Weekly events will occur each week for a specified timespan."),
+        widget=CheckboxInput(attrs={"class": "switch"}),
+        initial=False,
+        required=False,
+    )
+    occurrence_choices = [
+        *[(str(i), _("%d times") % i) for i in range(2, 7)],
+        ("SEMESTER_END", _("Until the end of the semester")),
+    ]
+    occurrences = forms.ChoiceField(
+        label=_("Occurrences"),
+        help_text=_("How much times should the event occur (including the first one)"),
+        choices=occurrence_choices,
+        initial="SEMESTER_END",
+        required=False,
+    )
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.label_suffix = ""
+
+    @classmethod
+    def get_occurrences(cls, number: int) -> tuple[str, str] | None:
+        """Find the occurrence choice corresponding to numeric number of occurrences."""
+        if number < 2:
+            # If only 0 or 1 date, there cannot be weekly events
+            return None
+        # occurrences have all a numeric value, except "SEMESTER_END"
+        str_num = str(number)
+        occurrences = next((c for c in cls.occurrence_choices if c[0] == str_num), None)
+        if occurrences:
+            return occurrences
+        return next((c for c in cls.occurrence_choices if c[0] == "SEMESTER_END"), None)
+
+    def save(self, commit: bool = True, *, news: News):  # noqa FBT001
+        # the base save method contains some checks we want to run
+        # before doing our own logic
+        super().save(commit=False)
+        # delete existing dates before creating new ones
+        news.dates.all().delete()
+        if not self.cleaned_data.get("is_weekly"):
+            self.instance.news = news
+            return super().save(commit=commit)
+
+        dates: list[NewsDate] = [self.instance]
+        occurrences = self.cleaned_data.get("occurrences")
+        start = self.instance.start_date
+        end = self.instance.end_date
+        if occurrences[0].isdigit():
+            nb_occurrences = int(occurrences[0])
+        else:  # to the end of the semester
+            start_date = date(start.year, start.month, start.day)
+            nb_occurrences = (get_end_of_semester(start_date) - start_date).days // 7
+        dates.extend(
+            [
+                NewsDate(
+                    start_date=start + relativedelta(weeks=i),
+                    end_date=end + relativedelta(weeks=i),
+                )
+                for i in range(1, nb_occurrences)
+            ]
+        )
+        for d in dates:
+            d.news = news
+        if not commit:
+            return dates
+        return NewsDate.objects.bulk_create(dates)
+
+
+class NewsForm(forms.ModelForm):
+    """Form to create or edit news."""
+
+    error_css_class = "error"
+    required_css_class = "required"
+
+    class Meta:
+        model = News
+        fields = ["title", "club", "summary", "content"]
+        widgets = {
+            "author": forms.HiddenInput,
+            "summary": MarkdownInput,
+            "content": MarkdownInput,
+        }
+
+    auto_publish = forms.BooleanField(
+        label=_("Auto publication"),
+        widget=CheckboxInput(attrs={"class": "switch"}),
+        required=False,
+    )
+
+    def __init__(self, *args, author: User, date_form: NewsDateForm, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.author = author
+        self.date_form = date_form
+        self.label_suffix = ""
+        # if the author is an admin, he/she can choose any club,
+        # otherwise, only clubs for which he/she is a board member can be selected
+        if author.is_root or author.is_com_admin:
+            self.fields["club"] = forms.ModelChoiceField(
+                queryset=Club.objects.all(), widget=AutoCompleteSelectClub
+            )
+        else:
+            active_memberships = author.memberships.board().ongoing()
+            self.fields["club"] = forms.ModelChoiceField(
+                queryset=Club.objects.filter(
+                    Exists(active_memberships.filter(club=OuterRef("pk")))
+                )
+            )
+
+    def is_valid(self):
+        return super().is_valid() and self.date_form.is_valid()
+
+    def full_clean(self):
+        super().full_clean()
+        self.date_form.full_clean()
+
+    def save(self, commit: bool = True):  # noqa FBT001
+        self.instance.author = self.author
+        if (self.author.is_com_admin or self.author.is_root) and (
+            self.cleaned_data.get("auto_publish") is True
+        ):
+            self.instance.is_published = True
+            self.instance.moderator = self.author
+        else:
+            self.instance.is_published = False
+        created_news = super().save(commit=commit)
+        self.date_form.save(commit=commit, news=created_news)
+        return created_news

com/ics_calendar.py

@@ -0,0 +1,76 @@
+from pathlib import Path
+
+from dateutil.relativedelta import relativedelta
+from django.conf import settings
+from django.contrib.sites.models import Site
+from django.contrib.syndication.views import add_domain
+from django.db.models import F, QuerySet
+from django.http import HttpRequest
+from django.urls import reverse
+from django.utils import timezone
+from ical.calendar import Calendar
+from ical.calendar_stream import IcsCalendarStream
+from ical.event import Event
+
+from com.models import NewsDate
+from core.models import User
+
+
+def as_absolute_url(url: str, request: HttpRequest | None = None) -> str:
+    return add_domain(
+        Site.objects.get_current(request=request),
+        url,
+        secure=request.is_secure() if request is not None else settings.HTTPS,
+    )
+
+
+class IcsCalendar:
+    _CACHE_FOLDER: Path = settings.MEDIA_ROOT / "com" / "calendars"
+    _INTERNAL_CALENDAR = _CACHE_FOLDER / "internal.ics"
+
+    @classmethod
+    def get_internal(cls) -> Path:
+        if not cls._INTERNAL_CALENDAR.exists():
+            return cls.make_internal()
+        return cls._INTERNAL_CALENDAR
+
+    @classmethod
+    def make_internal(cls) -> Path:
+        # Updated through a post_save signal on News in com.signals
+        # Create a file so we can offload the download to the reverse proxy if available
+        cls._CACHE_FOLDER.mkdir(parents=True, exist_ok=True)
+        with open(cls._INTERNAL_CALENDAR, "wb") as f:
+            _ = f.write(
+                cls.ics_from_queryset(
+                    NewsDate.objects.filter(
+                        news__is_published=True,
+                        end_date__gte=timezone.now() - (relativedelta(months=6)),
+                    )
+                )
+            )
+        return cls._INTERNAL_CALENDAR
+
+    @classmethod
+    def get_unpublished(cls, user: User) -> bytes:
+        return cls.ics_from_queryset(
+            NewsDate.objects.viewable_by(user).filter(
+                news__is_published=False,
+                end_date__gte=timezone.now() - (relativedelta(months=6)),
+            ),
+        )
+
+    @classmethod
+    def ics_from_queryset(cls, queryset: QuerySet[NewsDate]) -> bytes:
+        calendar = Calendar()
+        for news_date in queryset.annotate(news_title=F("news__title")):
+            event = Event(
+                summary=news_date.news_title,
+                start=news_date.start_date,
+                end=news_date.end_date,
+                url=as_absolute_url(
+                    reverse("com:news_detail", kwargs={"news_id": news_date.news.id})
+                ),
+            )
+            calendar.events.append(event)
+
+        return IcsCalendarStream.calendar_to_ics(calendar).encode("utf-8")

com/migrations/0007_alter_news_club_alter_news_content_and_more.py

@@ -0,0 +1,56 @@
+# Generated by Django 4.2.17 on 2024-12-16 14:51
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("club", "0011_auto_20180426_2013"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("com", "0006_remove_sith_index_page"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="news",
+            name="club",
+            field=models.ForeignKey(
+                help_text="The club which organizes the event.",
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="news",
+                to="club.club",
+                verbose_name="club",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="news",
+            name="content",
+            field=models.TextField(
+                blank=True,
+                default="",
+                help_text="A more detailed and exhaustive description of the event.",
+                verbose_name="content",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="news",
+            name="moderator",
+            field=models.ForeignKey(
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="moderated_news",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="moderator",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="news",
+            name="summary",
+            field=models.TextField(
+                help_text="A description of the event (what is the activity ? is there an associated clic ? is there a inscription form ?)",
+                verbose_name="summary",
+            ),
+        ),
+    ]

com/migrations/0008_alter_news_options_alter_newsdate_options_and_more.py

@@ -0,0 +1,61 @@
+# Generated by Django 4.2.17 on 2025-01-06 21:52
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("com", "0007_alter_news_club_alter_news_content_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="news",
+            options={
+                "verbose_name": "news",
+                "permissions": [
+                    ("moderate_news", "Can moderate news"),
+                    ("view_unmoderated_news", "Can view non-moderated news"),
+                ],
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="newsdate",
+            options={"verbose_name": "news date", "verbose_name_plural": "news dates"},
+        ),
+        migrations.AlterModelOptions(
+            name="poster",
+            options={"permissions": [("moderate_poster", "Can moderate poster")]},
+        ),
+        migrations.RemoveField(model_name="news", name="type"),
+        migrations.AlterField(
+            model_name="news",
+            name="author",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="owned_news",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="author",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="newsdate",
+            name="end_date",
+            field=models.DateTimeField(verbose_name="end_date"),
+        ),
+        migrations.AlterField(
+            model_name="newsdate",
+            name="start_date",
+            field=models.DateTimeField(verbose_name="start_date"),
+        ),
+        migrations.AddConstraint(
+            model_name="newsdate",
+            constraint=models.CheckConstraint(
+                check=models.Q(("end_date__gte", models.F("start_date"))),
+                name="news_date_end_date_after_start_date",
+            ),
+        ),
+    ]

com/migrations/0009_remove_news_is_moderated_news_is_published.py

@@ -0,0 +1,16 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("com", "0008_alter_news_options_alter_newsdate_options_and_more")]
+
+    operations = [
+        migrations.RenameField(
+            model_name="news", old_name="is_moderated", new_name="is_published"
+        ),
+        migrations.AlterField(
+            model_name="news",
+            name="is_published",
+            field=models.BooleanField(default=False, verbose_name="is published"),
+        ),
+    ]

com/models.py

@@ -17,16 +17,17 @@
 # details.
 #
 # You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
+# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
+from typing import Self
 
 from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.core.mail import EmailMultiAlternatives
 from django.db import models, transaction
-from django.db.models import Q
+from django.db.models import F, Q
 from django.shortcuts import render
 from django.templatetags.static import static
 from django.urls import reverse
@@ -34,7 +35,7 @@ from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
 from club.models import Club
-from core.models import Notification, Preferences, RealGroup, User
+from core.models import Notification, Preferences, User
 
 
 class Sith(models.Model):
@@ -53,57 +54,87 @@ class Sith(models.Model):
         return user.is_com_admin
 
 
-NEWS_TYPES = [
-    ("NOTICE", _("Notice")),
-    ("EVENT", _("Event")),
-    ("WEEKLY", _("Weekly")),
-    ("CALL", _("Call")),
-]
+class NewsQuerySet(models.QuerySet):
+    def moderated(self) -> Self:
+        return self.filter(is_published=True)
+
+    def viewable_by(self, user: User) -> Self:
+        """Filter news that the given user can view.
+
+        If the user has the `com.view_unmoderated_news` permission,
+        all news are viewable.
+        Else the viewable news are those that are either moderated
+        or authored by the user.
+        """
+        if user.has_perm("com.view_unmoderated_news"):
+            return self
+        q_filter = Q(is_published=True)
+        if user.is_authenticated:
+            q_filter |= Q(author_id=user.id)
+        return self.filter(q_filter)
 
 
 class News(models.Model):
-    """The news class."""
+    """News about club events."""
 
     title = models.CharField(_("title"), max_length=64)
-    summary = models.TextField(_("summary"))
-    content = models.TextField(_("content"))
-    type = models.CharField(
-        _("type"), max_length=16, choices=NEWS_TYPES, default="EVENT"
+    summary = models.TextField(
+        _("summary"),
+        help_text=_(
+            "A description of the event (what is the activity ? "
+            "is there an associated clic ? is there a inscription form ?)"
+        ),
+    )
+    content = models.TextField(
+        _("content"),
+        blank=True,
+        default="",
+        help_text=_("A more detailed and exhaustive description of the event."),
     )
     club = models.ForeignKey(
-        Club, related_name="news", verbose_name=_("club"), on_delete=models.CASCADE
+        Club,
+        related_name="news",
+        verbose_name=_("club"),
+        on_delete=models.CASCADE,
+        help_text=_("The club which organizes the event."),
     )
     author = models.ForeignKey(
         User,
         related_name="owned_news",
         verbose_name=_("author"),
-        on_delete=models.CASCADE,
+        on_delete=models.PROTECT,
     )
-    is_moderated = models.BooleanField(_("is moderated"), default=False)
+    is_published = models.BooleanField(_("is published"), default=False)
     moderator = models.ForeignKey(
         User,
         related_name="moderated_news",
         verbose_name=_("moderator"),
         null=True,
-        on_delete=models.CASCADE,
+        on_delete=models.SET_NULL,
     )
 
+    objects = NewsQuerySet.as_manager()
+
+    class Meta:
+        verbose_name = _("news")
+        permissions = [
+            ("moderate_news", "Can moderate news"),
+            ("view_unmoderated_news", "Can view non-moderated news"),
+        ]
+
     def __str__(self):
-        return "%s: %s" % (self.type, self.title)
+        return self.title
 
     def save(self, *args, **kwargs):
         super().save(*args, **kwargs)
-        for u in (
-            RealGroup.objects.filter(id=settings.SITH_GROUP_COM_ADMIN_ID)
-            .first()
-            .users.all()
+        if self.is_published:
+            return
+        for user in User.objects.filter(
+            groups__id__in=[settings.SITH_GROUP_COM_ADMIN_ID]
         ):
-            Notification(
-                user=u,
-                url=reverse("com:news_admin_list"),
-                type="NEWS_MODERATION",
-                param="1",
-            ).save()
+            Notification.objects.create(
+                user=user, url=reverse("com:news_admin_list"), type="NEWS_MODERATION"
+            )
 
     def get_absolute_url(self):
         return reverse("com:news_detail", kwargs={"news_id": self.id})
@@ -116,35 +147,53 @@ class News(models.Model):
             return False
         return user.is_com_admin or user == self.author
 
-    def can_be_edited_by(self, user):
-        return user.is_com_admin
-
-    def can_be_viewed_by(self, user):
-        return self.is_moderated or user.is_com_admin
-
-
-def news_notification_callback(notif):
-    count = (
-        News.objects.filter(
-            Q(dates__start_date__gt=timezone.now(), is_moderated=False)
-            | Q(type="NOTICE", is_moderated=False)
+    def can_be_edited_by(self, user: User):
+        return user.is_authenticated and (
+            self.author_id == user.id or user.has_perm("com.change_news")
         )
-        .distinct()
-        .count()
-    )
+
+    def can_be_viewed_by(self, user: User):
+        return (
+            self.is_published
+            or user.has_perm("com.view_unmoderated_news")
+            or (user.is_authenticated and self.author_id == user.id)
+        )
+
+
+def news_notification_callback(notif: Notification):
+    # the NewsDate linked to the News
+    # which creation triggered this callback may not exist yet,
+    # so it's important to filter by "not past date" rather than by "future date"
+    count = News.objects.filter(
+        ~Q(dates__start_date__gt=timezone.now()), is_published=False
+    ).count()
     if count:
         notif.viewed = False
-        notif.param = "%s" % count
-        notif.date = timezone.now()
+        notif.param = str(count)
     else:
         notif.viewed = True
 
 
-class NewsDate(models.Model):
-    """A date class, useful for weekly events, or for events that just have no date.
+class NewsDateQuerySet(models.QuerySet):
+    def viewable_by(self, user: User) -> Self:
+        """Filter the event dates that the given user can view.
 
-    This class allows more flexibilty managing the dates related to a news, particularly when this news is weekly, since
-    we don't have to make copies
+        - If the can view non moderated news, he can view all news dates
+        - else, he can view the dates of news that are either
+          authored by him or moderated.
+        """
+        if user.has_perm("com.view_unmoderated_news"):
+            return self
+        q_filter = Q(news__is_published=True)
+        if user.is_authenticated:
+            q_filter |= Q(news__author_id=user.id)
+        return self.filter(q_filter)
+
+
+class NewsDate(models.Model):
+    """A date associated with news.
+
+    A [News][com.models.News] can have multiple dates, for example if it is a recurring event.
     """
 
     news = models.ForeignKey(
@@ -153,11 +202,23 @@ class NewsDate(models.Model):
         verbose_name=_("news_date"),
         on_delete=models.CASCADE,
     )
-    start_date = models.DateTimeField(_("start_date"), null=True, blank=True)
-    end_date = models.DateTimeField(_("end_date"), null=True, blank=True)
+    start_date = models.DateTimeField(_("start_date"))
+    end_date = models.DateTimeField(_("end_date"))
+
+    objects = NewsDateQuerySet.as_manager()
+
+    class Meta:
+        verbose_name = _("news date")
+        verbose_name_plural = _("news dates")
+        constraints = [
+            models.CheckConstraint(
+                check=Q(end_date__gte=F("start_date")),
+                name="news_date_end_date_after_start_date",
+            )
+        ]
 
     def __str__(self):
-        return "%s: %s - %s" % (self.news.title, self.start_date, self.end_date)
+        return f"{self.news.title}: {self.start_date} - {self.end_date}"
 
 
 class Weekmail(models.Model):
@@ -316,21 +377,22 @@ class Poster(models.Model):
         on_delete=models.CASCADE,
     )
 
+    class Meta:
+        permissions = [("moderate_poster", "Can moderate poster")]
+
     def __str__(self):
         return self.name
 
     def save(self, *args, **kwargs):
         if not self.is_moderated:
-            for u in (
-                RealGroup.objects.filter(id=settings.SITH_GROUP_COM_ADMIN_ID)
-                .first()
-                .users.all()
+            for user in User.objects.filter(
+                groups__id__in=[settings.SITH_GROUP_COM_ADMIN_ID]
             ):
-                Notification(
-                    user=u,
+                Notification.objects.create(
+                    user=user,
                     url=reverse("com:poster_moderate_list"),
                     type="POSTER_MODERATION",
-                ).save()
+                )
         return super().save(*args, **kwargs)
 
     def clean(self, *args, **kwargs):

com/schemas.py

@@ -0,0 +1,58 @@
+from datetime import datetime
+
+from ninja import FilterSchema, ModelSchema
+from ninja_extra import service_resolver
+from ninja_extra.context import RouteContext
+from pydantic import Field
+
+from club.schemas import ClubProfileSchema
+from com.models import News, NewsDate
+from core.markdown import markdown
+
+
+class NewsDateFilterSchema(FilterSchema):
+    before: datetime | None = Field(None, q="end_date__lt")
+    after: datetime | None = Field(None, q="start_date__gt")
+    club_id: int | None = Field(None, q="news__club_id")
+    news_id: int | None = None
+    is_published: bool | None = Field(None, q="news__is_published")
+    title: str | None = Field(None, q="news__title__icontains")
+
+
+class NewsSchema(ModelSchema):
+    class Meta:
+        model = News
+        fields = ["id", "title", "summary", "is_published"]
+
+    club: ClubProfileSchema
+    url: str
+
+    @staticmethod
+    def resolve_summary(obj: News) -> str:
+        # if this is returned from a route that allows the
+        # user to choose the text format (md or html)
+        # and the user chose "html", convert the markdown to html
+        context: RouteContext = service_resolver(RouteContext)
+        if context.kwargs.get("text_format", "") == "html":
+            return markdown(obj.summary)
+        return obj.summary
+
+    @staticmethod
+    def resolve_url(obj: News) -> str:
+        return obj.get_absolute_url()
+
+
+class NewsDateSchema(ModelSchema):
+    """Basic infos about an event occurrence.
+
+    Warning:
+        This uses [NewsSchema][], which itself
+        uses [ClubProfileSchema][club.schemas.ClubProfileSchema].
+        Don't forget the appropriated `select_related`.
+    """
+
+    class Meta:
+        model = NewsDate
+        fields = ["id", "start_date", "end_date"]
+
+    news: NewsSchema

com/signals.py

@@ -0,0 +1,10 @@
+from django.db.models.signals import post_delete, post_save
+from django.dispatch import receiver
+
+from com.ics_calendar import IcsCalendar
+from com.models import News
+
+
+@receiver([post_save, post_delete], sender=News, dispatch_uid="update_internal_ics")
+def update_internal_ics(*args, **kwargs):
+    _ = IcsCalendar.make_internal()

com/static/bundled/com/components/ics-calendar-index.ts

@@ -0,0 +1,375 @@
+import { makeUrl } from "#core:utils/api";
+import { inheritHtmlElement, registerComponent } from "#core:utils/web-components";
+import { Calendar, type EventClickArg } from "@fullcalendar/core";
+import type { EventImpl } from "@fullcalendar/core/internal";
+import enLocale from "@fullcalendar/core/locales/en-gb";
+import frLocale from "@fullcalendar/core/locales/fr";
+import dayGridPlugin from "@fullcalendar/daygrid";
+import iCalendarPlugin from "@fullcalendar/icalendar";
+import listPlugin from "@fullcalendar/list";
+import { type HTMLTemplateResult, html, render } from "lit-html";
+import {
+  calendarCalendarInternal,
+  calendarCalendarUnpublished,
+  newsDeleteNews,
+  newsPublishNews,
+  newsUnpublishNews,
+} from "#openapi";
+
+@registerComponent("ics-calendar")
+export class IcsCalendar extends inheritHtmlElement("div") {
+  static observedAttributes = ["locale", "can_moderate", "can_delete", "ics-help-url"];
+  private calendar: Calendar;
+  private locale = "en";
+  private canModerate = false;
+  private canDelete = false;
+  private helpUrl = "";
+
+  attributeChangedCallback(name: string, _oldValue?: string, newValue?: string) {
+    if (name === "locale") {
+      this.locale = newValue;
+    }
+    if (name === "can_moderate") {
+      this.canModerate = newValue.toLowerCase() === "true";
+    }
+    if (name === "can_delete") {
+      this.canDelete = newValue.toLowerCase() === "true";
+    }
+
+    if (name === "ics-help-url") {
+      this.helpUrl = newValue;
+    }
+  }
+
+  isMobile() {
+    return window.innerWidth < 765;
+  }
+
+  currentView() {
+    // Get view type based on viewport
+    return this.isMobile() ? "listMonth" : "dayGridMonth";
+  }
+
+  currentFooterToolbar() {
+    if (this.isMobile()) {
+      return {
+        start: "",
+        center: "getCalendarLink helpButton",
+        end: "",
+      };
+    }
+    return { start: "getCalendarLink helpButton", center: "", end: "" };
+  }
+
+  currentHeaderToolbar() {
+    if (this.isMobile()) {
+      return {
+        left: "prev,next",
+        center: "title",
+        right: "",
+      };
+    }
+    return {
+      left: "prev,next today",
+      center: "title",
+      right: "dayGridMonth,dayGridWeek,dayGridDay",
+    };
+  }
+
+  formatDate(date: Date) {
+    return new Intl.DateTimeFormat(this.locale, {
+      dateStyle: "medium",
+      timeStyle: "short",
+    }).format(date);
+  }
+
+  getNewsId(event: EventImpl) {
+    return Number.parseInt(
+      event.url
+        .toString()
+        .split("/")
+        .filter((s) => s) // Remove blank characters
+        .pop(),
+    );
+  }
+
+  refreshEvents() {
+    this.click(); // Remove focus from popup
+    this.calendar.refetchEvents();
+  }
+
+  async publishNews(id: number) {
+    await newsPublishNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-publish", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async unpublishNews(id: number) {
+    await newsUnpublishNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-unpublish", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async deleteNews(id: number) {
+    await newsDeleteNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-delete", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async getEventSources() {
+    return [
+      {
+        url: `${await makeUrl(calendarCalendarInternal)}`,
+        format: "ics",
+        className: "internal",
+        cache: false,
+      },
+      {
+        url: `${await makeUrl(calendarCalendarUnpublished)}`,
+        format: "ics",
+        color: "red",
+        className: "unpublished",
+        cache: false,
+      },
+    ];
+  }
+
+  createEventDetailPopup(event: EventClickArg) {
+    // Delete previous popup
+    const oldPopup = document.getElementById("event-details");
+    if (oldPopup !== null) {
+      oldPopup.remove();
+    }
+
+    const makePopupInfo = (info: HTMLTemplateResult, iconClass: string) => {
+      return html`
+        <div class="event-details-row">
+          <i class="event-detail-row-icon fa-xl ${iconClass}"></i>
+          ${info}
+        </div>
+      `;
+    };
+
+    const makePopupTitle = (event: EventImpl) => {
+      const row = html`
+        <div>
+          <h4 class="event-details-row-content">
+            ${event.title}
+          </h4>
+          <span class="event-details-row-content">
+            ${this.formatDate(event.start)} - ${this.formatDate(event.end)}
+          </span>
+        </div>
+      `;
+      return makePopupInfo(
+        row,
+        "fa-solid fa-calendar-days fa-xl event-detail-row-icon",
+      );
+    };
+
+    const makePopupLocation = (event: EventImpl) => {
+      if (event.extendedProps.location === null) {
+        return null;
+      }
+      const info = html`
+        <div>
+          ${event.extendedProps.location}
+        </div>
+      `;
+      return makePopupInfo(info, "fa-solid fa-location-dot");
+    };
+
+    const makePopupUrl = (event: EventImpl) => {
+      if (event.url === "") {
+        return null;
+      }
+      const url = html`<a href="${event.url}">${gettext("More info")}</a>`;
+      return makePopupInfo(url, "fa-solid fa-link");
+    };
+
+    const makePopupTools = (event: EventImpl) => {
+      if (!(this.canDelete || this.canModerate)) {
+        return null;
+      }
+      const newsId = this.getNewsId(event);
+      const buttons = [] as HTMLTemplateResult[];
+
+      if (this.canModerate) {
+        if (event.source.internalEventSource.ui.classNames.includes("unpublished")) {
+          const button = html`
+            <button class="btn btn-green" @click="${() => this.publishNews(newsId)}">
+              <i class="fa fa-check"></i>${gettext("Publish")}
+            </button>
+          `;
+          buttons.push(button);
+        } else {
+          const button = html`
+            <button class="btn btn-orange" @click="${() => this.unpublishNews(newsId)}">
+              <i class="fa fa-times"></i>${gettext("Unpublish")}
+            </button>
+          `;
+          buttons.push(button);
+        }
+      }
+      if (this.canDelete) {
+        const button = html`
+          <button class="btn btn-red" @click="${() => this.deleteNews(newsId)}">
+            <i class="fa fa-trash-can"></i>${gettext("Delete")}
+          </button>
+        `;
+        buttons.push(button);
+      }
+
+      return makePopupInfo(html`<div>${buttons}</div>`, "fa-solid fa-toolbox");
+    };
+
+    // Create new popup
+    const infos = [] as HTMLTemplateResult[];
+    infos.push(makePopupTitle(event.event));
+
+    const location = makePopupLocation(event.event);
+    if (location !== null) {
+      infos.push(location);
+    }
+
+    const url = makePopupUrl(event.event);
+    if (url !== null) {
+      infos.push(url);
+    }
+
+    const tools = makePopupTools(event.event);
+    if (tools !== null) {
+      infos.push(tools);
+    }
+
+    const popup = document.createElement("div");
+    popup.setAttribute("id", "event-details");
+    render(html`<div class="event-details-container">${infos}</div>`, popup);
+
+    // We can't just add the element relative to the one we want to appear under
+    // Otherwise, it either gets clipped by the boundaries of the calendar or resize cells
+    // Here, we create a popup outside the calendar that follows the clicked element
+    this.node.appendChild(popup);
+    const follow = (node: HTMLElement) => {
+      const rect = node.getBoundingClientRect();
+      popup.setAttribute(
+        "style",
+        `top: calc(${rect.top + window.scrollY}px + ${rect.height}px); left: ${rect.left + window.scrollX}px;`,
+      );
+    };
+    follow(event.el);
+    window.addEventListener("resize", () => {
+      follow(event.el);
+    });
+  }
+
+  async connectedCallback() {
+    super.connectedCallback();
+    this.calendar = new Calendar(this.node, {
+      plugins: [dayGridPlugin, iCalendarPlugin, listPlugin],
+      locales: [frLocale, enLocale],
+      customButtons: {
+        getCalendarLink: {
+          text: gettext("Copy calendar link"),
+          click: async (event: Event) => {
+            const button = event.target as HTMLButtonElement;
+            button.classList.add("text-copy");
+            button.setAttribute("tooltip-class", "calendar-copy-tooltip");
+            if (!button.hasAttribute("tooltip-position")) {
+              button.setAttribute("tooltip-position", "top");
+            }
+            if (button.classList.contains("text-copied")) {
+              button.classList.remove("text-copied");
+            }
+            button.setAttribute("tooltip", gettext("Link copied"));
+            navigator.clipboard.writeText(
+              new URL(
+                await makeUrl(calendarCalendarInternal),
+                window.location.origin,
+              ).toString(),
+            );
+            setTimeout(() => {
+              button.setAttribute("tooltip-class", "calendar-copy-tooltip text-copied");
+              button.classList.remove("text-copied");
+              button.classList.add("text-copied");
+              button.classList.remove("text-copy");
+            }, 1500);
+          },
+        },
+        helpButton: {
+          text: "?",
+          hint: gettext("How to use calendar link"),
+          click: () => {
+            if (this.helpUrl) {
+              window.open(this.helpUrl, "_blank");
+            }
+          },
+        },
+      },
+      height: "auto",
+      locale: this.locale,
+      initialView: this.currentView(),
+      headerToolbar: this.currentHeaderToolbar(),
+      footerToolbar: this.currentFooterToolbar(),
+      eventSources: await this.getEventSources(),
+      lazyFetching: false,
+      windowResize: () => {
+        this.calendar.changeView(this.currentView());
+        this.calendar.setOption("headerToolbar", this.currentHeaderToolbar());
+        this.calendar.setOption("footerToolbar", this.currentFooterToolbar());
+      },
+      eventClick: (event) => {
+        // Avoid our popup to be deleted because we clicked outside of it
+        event.jsEvent.stopPropagation();
+        // Don't auto-follow events URLs
+        event.jsEvent.preventDefault();
+        this.createEventDetailPopup(event);
+      },
+    });
+    this.calendar.render();
+
+    window.addEventListener("click", (event: MouseEvent) => {
+      // Auto close popups when clicking outside of it
+      const popup = document.getElementById("event-details");
+      if (popup !== null && !popup.contains(event.target as Node)) {
+        popup.remove();
+      }
+    });
+  }
+}

com/static/bundled/com/moderation-alert-index.ts

@@ -0,0 +1,81 @@
+import { exportToHtml } from "#core:utils/globals";
+import { newsDeleteNews, newsFetchNewsDates, newsPublishNews } from "#openapi";
+
+// This will be used in jinja templates,
+// so we cannot use real enums as those are purely an abstraction of Typescript
+const AlertState = {
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  PENDING: 1,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  PUBLISHED: 2,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  DELETED: 3,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  DISPLAYED: 4, // When published at page generation
+};
+exportToHtml("AlertState", AlertState);
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("moderationAlert", (newsId: number) => ({
+    state: AlertState.PENDING,
+    newsId: newsId as number,
+    loading: false,
+
+    async publishNews() {
+      this.loading = true;
+      // biome-ignore lint/style/useNamingConvention: api is snake case
+      await newsPublishNews({ path: { news_id: this.newsId } });
+      this.state = AlertState.PUBLISHED;
+      this.$dispatch("news-moderated", { newsId: this.newsId, state: this.state });
+      this.loading = false;
+    },
+
+    async deleteNews() {
+      this.loading = true;
+      // biome-ignore lint/style/useNamingConvention: api is snake case
+      await newsDeleteNews({ path: { news_id: this.newsId } });
+      this.state = AlertState.DELETED;
+      this.$dispatch("news-moderated", { newsId: this.newsId, state: this.state });
+      this.loading = false;
+    },
+
+    /**
+     * Event receiver for when news dates are moderated.
+     *
+     * If the moderated date is linked to the same news
+     * as the one this moderation alert is attached to,
+     * then set the alert state to the same as the moderated one.
+     */
+    dispatchModeration(event: CustomEvent) {
+      if (event.detail.newsId === this.newsId) {
+        this.state = event.detail.state;
+      }
+    },
+
+    /**
+     * Query the server to know the number of news dates that would be moderated
+     * if this one is moderated.
+     */
+    async nbToPublish(): Promise<number> {
+      // What we want here is the count attribute of the response.
+      // We don't care about the actual results,
+      // so we ask for the minimum page size possible.
+      const response = await newsFetchNewsDates({
+        // biome-ignore lint/style/useNamingConvention: api is snake-case
+        query: { news_id: this.newsId, page: 1, page_size: 1 },
+      });
+      return response.data.count;
+    },
+
+    weeklyEventWarningMessage(nbEvents: number): string {
+      return interpolate(
+        gettext(
+          "This event will take place every week for %s weeks. " +
+            "If you publish or delete this event, " +
+            "it will also be published (or deleted) for the following weeks.",
+        ),
+        [nbEvents],
+      );
+    },
+  }));
+});

com/static/bundled/com/upcoming-news-loader-index.ts

@@ -0,0 +1,71 @@
+import { type NewsDateSchema, newsFetchNewsDates } from "#openapi";
+
+interface ParsedNewsDateSchema extends Omit<NewsDateSchema, "start_date" | "end_date"> {
+  // biome-ignore lint/style/useNamingConvention: api is snake_case
+  start_date: Date;
+  // biome-ignore lint/style/useNamingConvention: api is snake_case
+  end_date: Date;
+}
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("upcomingNewsLoader", (startDate: Date, locale: string) => ({
+    startDate: startDate,
+    currentPage: 1,
+    pageSize: 6,
+    hasNext: true,
+    loading: false,
+    newsDates: [] as NewsDateSchema[],
+    dateFormat: new Intl.DateTimeFormat(locale, {
+      dateStyle: "medium",
+      timeStyle: "short",
+    }),
+
+    async loadMore() {
+      this.loading = true;
+      const response = await newsFetchNewsDates({
+        query: {
+          after: this.startDate.toISOString(),
+          // biome-ignore lint/style/useNamingConvention: api is snake_case
+          text_format: "html",
+          page: this.currentPage,
+          // biome-ignore lint/style/useNamingConvention: api is snake_case
+          page_size: this.pageSize,
+        },
+      });
+      if (response.response.status === 404) {
+        this.hasNext = false;
+      } else if (response.data.next === null) {
+        this.newsDates.push(...response.data.results);
+        this.hasNext = false;
+      } else {
+        this.newsDates.push(...response.data.results);
+        this.currentPage += 1;
+      }
+      this.loading = false;
+    },
+
+    groupedDates(): Record<string, NewsDateSchema[]> {
+      return this.newsDates
+        .map(
+          (date: NewsDateSchema): ParsedNewsDateSchema => ({
+            ...date,
+            // biome-ignore lint/style/useNamingConvention: api is snake_case
+            start_date: new Date(date.start_date),
+            // biome-ignore lint/style/useNamingConvention: api is snake_case
+            end_date: new Date(date.end_date),
+          }),
+        )
+        .reduce(
+          (acc: Record<string, ParsedNewsDateSchema[]>, date: ParsedNewsDateSchema) => {
+            const key = date.start_date.toDateString();
+            if (!acc[key]) {
+              acc[key] = [];
+            }
+            acc[key].push(date);
+            return acc;
+          },
+          {},
+        );
+    },
+  }));
+});

com/static/com/components/ics-calendar.scss

@@ -0,0 +1,149 @@
+@import "core/static/core/colors";
+@import "core/static/core/tooltips";
+
+
+:root {
+  --fc-button-border-color: #fff;
+  --fc-button-hover-border-color: #fff;
+  --fc-button-active-border-color: #fff;
+  --fc-button-text-color: #fff;
+  --fc-button-bg-color: #1a78b3;
+  --fc-button-active-bg-color: #15608F;
+  --fc-button-hover-bg-color: #15608F;
+  --fc-today-bg-color: rgba(26, 120, 179, 0.1);
+  --fc-border-color: #DDDDDD;
+  --event-details-background-color: white;
+  --event-details-padding: 20px;
+  --event-details-border: 1px solid #EEEEEE;
+  --event-details-border-radius: 4px;
+  --event-details-box-shadow: 0px 6px 20px 4px rgb(0 0 0 / 16%);
+  --event-details-max-width: 600px;
+}
+
+ics-calendar {
+  border: none;
+  box-shadow: none;
+
+  #event-details {
+    z-index: 10;
+    max-width: 1151px;
+    position: absolute;
+
+    .event-details-container {
+      display: flex;
+      color: black;
+      flex-direction: column;
+      min-width: 200px;
+      max-width: var(--event-details-max-width);
+      padding: var(--event-details-padding);
+      border: var(--event-details-border);
+      border-radius: var(--event-details-border-radius);
+      background-color: var(--event-details-background-color);
+      box-shadow: var(--event-details-box-shadow);
+      gap: 20px;
+    }
+
+    .event-detail-row-icon {
+      margin-left: 10px;
+      margin-right: 20px;
+      align-content: center;
+      align-self: center;
+    }
+
+    .event-details-row {
+      display: flex;
+      align-items: start;
+    }
+
+    .event-details-row-content {
+      display: flex;
+      align-items: start;
+      flex-direction: row;
+      background-color: var(--event-details-background-color);
+      margin-top: 0px;
+      margin-bottom: 4px;
+    }
+  }
+
+  a.fc-col-header-cell-cushion,
+  a.fc-col-header-cell-cushion:hover {
+    color: black;
+  }
+
+  a.fc-daygrid-day-number,
+  a.fc-daygrid-day-number:hover {
+    color: rgb(34, 34, 34);
+  }
+
+  td {
+    overflow: visible; // Show events on multiple days
+  }
+
+  //Reset from style.scss
+  table {
+    box-shadow: none;
+    border-radius: 0px;
+    -moz-border-radius: 0px;
+    margin: 0px;
+  }
+
+  // Reset from style.scss
+  thead {
+    background-color: white;
+    color: black;
+  }
+
+  // Reset from style.scss
+  tbody>tr {
+    &:nth-child(even):not(.highlight) {
+      background: white;
+    }
+  }
+
+  .fc .fc-toolbar.fc-footer-toolbar {
+    margin-bottom: 0.5em;
+  }
+
+  button.text-copy,
+  button.text-copy:focus,
+  button.text-copy:hover {
+    background-color: #67AE6E !important;
+    transition: 500ms ease-in;
+  }
+
+  button.text-copied,
+  button.text-copied:focus,
+  button.text-copied:hover {
+    transition: 500ms ease-out;
+  }
+
+  .fc .fc-getCalendarLink-button {
+    margin-right: 0.5rem;
+  }
+
+  .fc .fc-helpButton-button {
+    border-radius: 70%;
+    padding-left: 0.5rem;
+    padding-right: 0.5rem;
+    background-color: rgba(0, 0, 0, 0.8);
+    transition: 100ms ease-out;
+    width: 30px;
+    height: 30px;
+    font-size: 11px;
+  }
+
+
+  .fc .fc-helpButton-button:hover {
+    background-color: rgba(20, 20, 20, 0.6);
+  }
+}
+
+.tooltip.calendar-copy-tooltip {
+  opacity: 1;
+  transition: opacity 500ms ease-in;
+}
+
+.tooltip.calendar-copy-tooltip.text-copied {
+  opacity: 0;
+  transition: opacity 500ms ease-out;
+}

com/static/com/css/news-detail.scss

@@ -0,0 +1,61 @@
+@import "core/static/core/colors";
+
+#news_details {
+  display: inline-block;
+  margin-top: 20px;
+  padding: 0.4em;
+  width: 80%;
+  background: $white-color;
+
+  h4 {
+    margin-top: 1em;
+    text-transform: uppercase;
+  }
+
+  .club_logo {
+    display: inline-block;
+    text-align: center;
+    width: 19%;
+    float: left;
+    min-width: 15em;
+    margin: 0;
+
+    img {
+      max-height: 15em;
+      max-width: 12em;
+      display: block;
+      margin: 0 auto;
+      margin-bottom: 10px;
+    }
+  }
+
+  .share_button {
+    border: none;
+    color: white;
+    padding: 0.5em 1em;
+    text-align: center;
+    text-decoration: none;
+    font-size: 1.2em;
+    border-radius: 2px;
+    float: right;
+    display: block;
+    margin-left: 0.3em;
+
+    &:hover {
+      color: lightgrey;
+    }
+  }
+
+  .facebook {
+    background: $faceblue;
+  }
+
+  .twitter {
+    background: $twitblue;
+  }
+
+  .news_meta {
+    margin-top: 10em;
+    font-size: small;
+  }
+}

com/static/com/css/news-list.scss

@@ -0,0 +1,225 @@
+@import "core/static/core/colors";
+@import "core/static/core/devices";
+
+#news {
+  display: flex;
+
+  @media (max-width: 800px) {
+    flex-direction: column;
+  }
+
+  #news_admin {
+    margin-bottom: 1em;
+  }
+
+  #right_column {
+    flex: 20%;
+    margin: 3.2px;
+
+    display: inline-block;
+    vertical-align: top;
+  }
+
+  #left_column {
+    flex: 79%;
+    margin: 0.2em;
+  }
+
+  h3 {
+    background: $second-color;
+    box-shadow: $shadow-color 1px 1px 1px;
+    padding: 0.4em;
+    margin: 0 0 0.5em 0;
+    text-transform: uppercase;
+    font-size: 17px;
+
+    &:not(:first-of-type) {
+      margin: 2em 0 1em 0;
+    }
+
+    .feed {
+      float: right;
+      color: #f26522;
+    }
+  }
+
+  @media screen and (max-width: $small-devices) {
+
+    #left_column,
+    #right_column {
+      flex: 100%;
+    }
+  }
+
+  /* UPCOMING EVENTS */
+
+  #upcoming-events {
+    max-height: 600px;
+    overflow-y: scroll;
+    overflow-x: clip;
+
+    #load-more-news-button {
+      text-align: center;
+
+      button {
+        width: 150px;
+      }
+    }
+  }
+
+  /* LINKS/BIRTHDAYS */
+  #links,
+  #birthdays {
+    display: block;
+    width: 100%;
+    background: white;
+    font-size: 70%;
+    margin-bottom: 1em;
+
+    h3 {
+      margin-bottom: 0;
+    }
+
+    #links_content {
+      overflow: auto;
+      box-shadow: $shadow-color 1px 1px 1px;
+      height: 20em;
+
+      h4 {
+        margin-left: 5px;
+      }
+
+      ul {
+        list-style: none;
+        margin-left: 0;
+
+        li {
+          margin: 10px;
+
+          .fa-facebook {
+            color: $faceblue;
+          }
+
+          .fa-discord {
+            color: $discordblurple;
+          }
+
+          .fa-square-instagram::before {
+            background: $instagradient;
+            background-clip: text;
+            -webkit-text-fill-color: transparent;
+          }
+
+          i {
+            width: 25px;
+            text-align: center;
+          }
+        }
+      }
+
+    }
+
+    #birthdays_content {
+      ul.birthdays_year {
+        margin: 0;
+        list-style-type: none;
+        font-weight: bold;
+
+        >li {
+          padding: 0.5em;
+
+          &:nth-child(even) {
+            background: $secondary-neutral-light-color;
+          }
+        }
+
+        ul {
+          margin: 0;
+          margin-left: 1em;
+          list-style-type: square;
+          list-style-position: inside;
+          font-weight: normal;
+        }
+      }
+    }
+  }
+
+  /* END AGENDA/BIRTHDAYS */
+
+  /* EVENTS TODAY AND NEXT FEW DAYS */
+  .news_events_group {
+    box-shadow: $shadow-color 1px 1px 1px;
+    margin-left: 1em;
+    margin-bottom: 0.5em;
+
+    .news_events_group_date {
+      display: table-cell;
+      padding: 0.6em;
+      vertical-align: middle;
+      background: $primary-neutral-dark-color;
+      color: $white-color;
+      text-transform: uppercase;
+      text-align: center;
+      font-weight: bold;
+      font-family: monospace;
+      font-size: 1.4em;
+      border-radius: 7px 0 0 7px;
+
+      div {
+        margin: 0 auto;
+
+        .day {
+          font-size: 1.5em;
+        }
+      }
+    }
+
+    .news_events_group_items {
+      display: table-cell;
+      width: 100%;
+
+      .news_event:nth-of-type(odd) {
+        background: white;
+      }
+
+      .news_event:nth-of-type(even) {
+        background: $primary-neutral-light-color;
+      }
+
+      .news_event {
+        display: flex;
+        flex-direction: column;
+        gap: .5em;
+        padding: 1em;
+
+        header {
+          img {
+            height: 75px;
+          }
+
+          .header_content {
+            display: flex;
+            flex-direction: column;
+            justify-content: center;
+            gap: .2rem;
+
+            h4 {
+              margin-top: 0;
+              text-transform: uppercase;
+            }
+          }
+        }
+      }
+    }
+  }
+
+  /* END EVENTS TODAY AND NEXT FEW DAYS */
+
+  .news_empty {
+    margin-left: 1em;
+  }
+
+  .news_date {
+    color: grey;
+  }
+}