refactor: core/views/index.py

Fix warnings

api/hashers.py

@@ -8,7 +8,7 @@ from django.utils.crypto import constant_time_compare
 
 class Sha512ApiKeyHasher(BasePasswordHasher):
     """
-    An API key hasher using the sha256 algorithm.
+    An API key hasher using the sha512 algorithm.
 
     This hasher shouldn't be used in Django's `PASSWORD_HASHERS` setting.
     It is insecure for use in hashing passwords, but is safe for hashing

club/schemas.py

@@ -1,18 +1,16 @@
 from typing import Annotated
 
-from annotated_types import MinLen
 from django.db.models import Q
-from ninja import Field, FilterSchema, ModelSchema
+from ninja import FilterLookup, FilterSchema, ModelSchema
 
 from club.models import Club, Membership
-from core.schemas import SimpleUserSchema
+from core.schemas import NonEmptyStr, SimpleUserSchema
 
 
 class ClubSearchFilterSchema(FilterSchema):
-    search: Annotated[str, MinLen(1)] | None = Field(None, q="name__icontains")
+    search: Annotated[NonEmptyStr | None, FilterLookup("name__icontains")] = None
     is_active: bool | None = None
     parent_id: int | None = None
-    parent_name: str | None = Field(None, q="parent__name__icontains")
     exclude_ids: set[int] | None = None
 
     def filter_exclude_ids(self, value: set[int] | None):

club/tests/test_membership.py

@@ -7,7 +7,7 @@ from django.conf import settings
 from django.contrib.auth.models import Permission
 from django.core.cache import cache
 from django.db.models import Max
-from django.test import TestCase
+from django.test import Client, TestCase
 from django.urls import reverse
 from django.utils.timezone import localdate, localtime, now
 from model_bakery import baker
@@ -532,6 +532,35 @@ class TestMembership(TestClub):
         assert new_board == initial_board
 
 
+@pytest.mark.django_db
+def test_membership_set_old(client: Client):
+    membership = baker.make(Membership, end_date=None, user=(subscriber_user.make()))
+    client.force_login(membership.user)
+    response = client.post(
+        reverse("club:membership_set_old", kwargs={"membership_id": membership.id})
+    )
+    assertRedirects(
+        response, reverse("core:user_clubs", kwargs={"user_id": membership.user_id})
+    )
+    membership.refresh_from_db()
+    assert membership.end_date == localdate()
+
+
+@pytest.mark.django_db
+def test_membership_delete(client: Client):
+    user = baker.make(User, is_superuser=True)
+    membership = baker.make(Membership)
+    client.force_login(user)
+    url = reverse("club:membership_delete", kwargs={"membership_id": membership.id})
+    response = client.get(url)
+    assert response.status_code == 200
+    response = client.post(url)
+    assertRedirects(
+        response, reverse("core:user_clubs", kwargs={"user_id": membership.user_id})
+    )
+    assert not Membership.objects.filter(id=membership.id).exists()
+
+
 @pytest.mark.django_db
 class TestJoinClub:
     @pytest.fixture(autouse=True)

club/views.py

@@ -34,7 +34,7 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
 from django.core.paginator import InvalidPage, Paginator
 from django.db.models import F, Q, Sum
-from django.http import Http404, HttpResponseRedirect, StreamingHttpResponse
+from django.http import Http404, StreamingHttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
@@ -43,6 +43,7 @@ from django.utils.timezone import now
 from django.utils.translation import gettext
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DetailView, ListView, View
+from django.views.generic.detail import SingleObjectMixin
 from django.views.generic.edit import CreateView, DeleteView, UpdateView
 
 from club.forms import (
@@ -544,33 +545,17 @@ class ClubCreateView(PermissionRequiredMixin, CreateView):
     permission_required = "club.add_club"
 
 
-class MembershipSetOldView(CanEditMixin, DetailView):
-    """Set a membership as beeing old."""
+class MembershipSetOldView(CanEditMixin, SingleObjectMixin, View):
+    """Set a membership as being old."""
 
     model = Membership
     pk_url_kwarg = "membership_id"
 
-    def get(self, request, *args, **kwargs):
+    def post(self, *_args, **_kwargs):
         self.object = self.get_object()
         self.object.end_date = timezone.now()
         self.object.save()
-        return HttpResponseRedirect(
-            reverse(
-                "club:club_members",
-                args=self.args,
-                kwargs={"club_id": self.object.club.id},
-            )
-        )
-
-    def post(self, request, *args, **kwargs):
-        self.object = self.get_object()
-        return HttpResponseRedirect(
-            reverse(
-                "club:club_members",
-                args=self.args,
-                kwargs={"club_id": self.object.club.id},
-            )
-        )
+        return redirect("core:user_clubs", user_id=self.object.user_id)
 
 
 class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
@@ -582,7 +567,7 @@ class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
     permission_required = "club.delete_membership"
 
     def get_success_url(self):
-        return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})
+        return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user_id})
 
 
 class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):

com/schemas.py

@@ -1,9 +1,9 @@
 from datetime import datetime
+from typing import Annotated
 
-from ninja import FilterSchema, ModelSchema
+from ninja import FilterLookup, FilterSchema, ModelSchema
 from ninja_extra import service_resolver
 from ninja_extra.context import RouteContext
-from pydantic import Field
 
 from club.schemas import ClubProfileSchema
 from com.models import News, NewsDate
@@ -11,12 +11,12 @@ from core.markdown import markdown
 
 
 class NewsDateFilterSchema(FilterSchema):
-    before: datetime | None = Field(None, q="end_date__lt")
-    after: datetime | None = Field(None, q="start_date__gt")
-    club_id: int | None = Field(None, q="news__club_id")
+    before: Annotated[datetime | None, FilterLookup("end_date__lt")] = None
+    after: Annotated[datetime | None, FilterLookup("start_date__gt")] = None
+    club_id: Annotated[int | None, FilterLookup("news__club_id")] = None
     news_id: int | None = None
-    is_published: bool | None = Field(None, q="news__is_published")
-    title: str | None = Field(None, q="news__title__icontains")
+    is_published: Annotated[bool | None, FilterLookup("news__is_published")] = None
+    title: Annotated[str | None, FilterLookup("news__title__icontains")] = None
 
 
 class NewsSchema(ModelSchema):

com/tests/test_api.py

@@ -1,4 +1,3 @@
-from dataclasses import dataclass
 from datetime import timedelta
 from pathlib import Path
 
@@ -18,16 +17,6 @@ from core.markdown import markdown
 from core.models import User
 
 
-@dataclass
-class MockResponse:
-    ok: bool
-    value: str
-
-    @property
-    def content(self):
-        return self.value.encode("utf8")
-
-
 def accel_redirect_to_file(response: HttpResponse) -> Path | None:
     redirect = Path(response.headers.get("X-Accel-Redirect", ""))
     if not redirect.is_relative_to(Path("/") / settings.MEDIA_ROOT.stem):

core/api.py

@@ -1,6 +1,6 @@
 from typing import Annotated, Any, Literal
 
-import annotated_types
+from annotated_types import Ge, Le, MinLen
 from django.conf import settings
 from django.db.models import F
 from django.http import HttpResponse
@@ -28,6 +28,7 @@ from core.schemas import (
     UserSchema,
 )
 from core.templatetags.renderer import markdown
+from counter.utils import is_logged_in_counter
 
 
 @api_controller("/markdown")
@@ -72,7 +73,7 @@ class MailingListController(ControllerBase):
 
 @api_controller("/user")
 class UserController(ControllerBase):
-    @route.get("", response=list[UserProfileSchema], permissions=[CanAccessLookup])
+    @route.get("", response=list[UserProfileSchema])
     def fetch_profiles(self, pks: Query[set[int]]):
         return User.objects.viewable_by(self.context.request.user).filter(pk__in=pks)
 
@@ -85,15 +86,18 @@ class UserController(ControllerBase):
         "/search",
         response=PaginatedResponseSchema[UserProfileSchema],
         url_name="search_users",
-        permissions=[CanAccessLookup],
+        # logged in barmen aren't authenticated stricto sensu, so no auth here
+        auth=None,
     )
     @paginate(PageNumberPaginationExtra, page_size=20)
     def search_users(self, filters: Query[UserFilterSchema]):
-        return filters.filter(
-            User.objects.viewable_by(self.context.request.user).order_by(
-                F("last_login").desc(nulls_last=True)
-            )
-        )
+        qs = User.objects
+        # the logged in barmen can see all users (even the hidden one),
+        # because they have a temporary administrative function during
+        # which they may have to deal with hidden users
+        if not is_logged_in_counter(self.context.request):
+            qs = qs.viewable_by(self.context.request.user)
+        return filters.filter(qs.order_by(F("last_login").desc(nulls_last=True)))
 
 
 @api_controller("/file")
@@ -105,7 +109,7 @@ class SithFileController(ControllerBase):
         permissions=[CanAccessLookup],
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_files(self, search: Annotated[str, annotated_types.MinLen(1)]):
+    def search_files(self, search: Annotated[str, MinLen(1)]):
         return SithFile.objects.filter(is_in_sas=False).filter(name__icontains=search)
 
 
@@ -118,11 +122,11 @@ class GroupController(ControllerBase):
         permissions=[CanAccessLookup],
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_group(self, search: Annotated[str, annotated_types.MinLen(1)]):
+    def search_group(self, search: Annotated[str, MinLen(1)]):
         return Group.objects.filter(name__icontains=search).values()
 
 
-DepthValue = Annotated[int, annotated_types.Ge(0), annotated_types.Le(10)]
+DepthValue = Annotated[int, Ge(0), Le(10)]
 DEFAULT_DEPTH = 4
 
 

core/models.py

@@ -23,12 +23,13 @@
 #
 from __future__ import annotations
 
+import difflib
 import string
 import unicodedata
 from datetime import timedelta
 from io import BytesIO
 from pathlib import Path
-from typing import TYPE_CHECKING, Self
+from typing import TYPE_CHECKING, Final, Self
 from uuid import uuid4
 
 from django.conf import settings
@@ -1344,6 +1345,9 @@ class PageRev(models.Model):
     The content is in PageRev.title and PageRev.content .
     """
 
+    MERGE_TIME_THRESHOLD: Final[timedelta] = timedelta(minutes=20)
+    MERGE_DIFF_THRESHOLD: Final[float] = 0.2
+
     revision = models.IntegerField(_("revision"))
     title = models.CharField(_("page title"), max_length=255, blank=True)
     content = models.TextField(_("page content"), blank=True)
@@ -1385,6 +1389,32 @@ class PageRev(models.Model):
     def is_owned_by(self, user: User) -> bool:
         return any(g.id == self.page.owner_group_id for g in user.cached_groups)
 
+    def similarity_ratio(self, text: str) -> float:
+        """Similarity ratio between this revision's content and the given text.
+
+        The result is a float in [0; 1], 0 meaning the contents are entirely different,
+        and 1 they are strictly the same.
+        """
+        # cf. https://docs.python.org/3/library/difflib.html#difflib.SequenceMatcher.ratio
+        return difflib.SequenceMatcher(None, self.content, text).quick_ratio()
+
+    def should_merge(self, other: Self) -> bool:
+        """Return True if `other` should be merged into `self`, else False.
+
+        It's considered the other revision should be merged into this one if :
+
+        - it was made less than 20 minutes after
+        - by the same author
+        - with a similarity ratio higher than 80%
+        """
+        return (
+            not self._state.adding  # cannot merge if the original rev doesn't exist
+            and self.author == other.author
+            and (other.date - self.date) < self.MERGE_TIME_THRESHOLD
+            and (not other._state.adding or other.revision == self.revision + 1)
+            and self.similarity_ratio(other.content) >= (1 - other.MERGE_DIFF_THRESHOLD)
+        )
+
 
 def get_notification_types():
     return settings.SITH_NOTIFICATIONS

core/schemas.py

@@ -15,6 +15,8 @@ from pydantic_core.core_schema import ValidationInfo
 from core.models import Group, QuickUploadImage, SithFile, User
 from core.utils import is_image
 
+NonEmptyStr = Annotated[str, MinLen(1)]
+
 
 class UploadedImage(UploadedFile):
     @classmethod

core/static/core/colors.scss

@@ -21,6 +21,8 @@ $secondary-neutral-dark-color: hsl(40, 57.6%, 17%);
 
 $white-color: hsl(219.6, 20.8%, 98%);
 $black-color: hsl(0, 0%, 17%);
+$red-text-color: #eb2f06;
+$hovered-red-text-color: #ff4d4d;
 
 $faceblue: hsl(221, 44%, 41%);
 $twitblue: hsl(206, 82%, 63%);

core/static/core/forms.scss

@@ -745,4 +745,32 @@ form {
     background-repeat: no-repeat;
     background-size: var(--nf-input-size);
   }
+
+  &.no-margin {
+    margin:0;
+  }
+
+  // a submit input that should look like a regular <a>
+  input[type="submit"], button {
+    &.link-like {
+      color: $primary-dark-color;
+      &:hover {
+        color: $primary-light-color;
+      }
+
+      &.link-red {
+        color: $red-text-color;
+        &:hover {
+          color: $hovered-red-text-color;
+        }
+      }
+      font-weight: normal;
+      font-size: 100%;
+      margin: auto;
+      background: none;
+      border: none;
+      cursor: pointer;
+      padding: 0;
+    }
+  }
 }

core/static/core/header.scss

@@ -5,9 +5,6 @@ $text-color: white;
 
 $background-color-hovered: #283747;
 
-$red-text-color: #eb2f06;
-$hovered-red-text-color: #ff4d4d;
-
 .header {
   box-sizing: border-box;
   background-color: $deepblue;
@@ -251,12 +248,15 @@ $hovered-red-text-color: #ff4d4d;
               justify-content: flex-start;
             }
 
+            a {
+              color: $text-color;
+            }
+
             a,
             button {
               font-size: 100%;
               margin: 0;
               text-align: right;
-              color: $text-color;
               margin-top: auto;
 
               &:hover {
@@ -268,19 +268,6 @@ $hovered-red-text-color: #ff4d4d;
               margin: 0;
               display: inline;
             }
-
-            #logout-form button {
-              color: $red-text-color;
-
-              &:hover {
-                color: $hovered-red-text-color;
-              }
-
-              background: none;
-              border: none;
-              cursor: pointer;
-              padding: 0;
-            }
           }
         }
       }

core/static/core/style.scss

@@ -519,7 +519,6 @@ th {
 td {
   margin: 5px;
   border-collapse: collapse;
-  vertical-align: top;
   overflow: hidden;
   text-overflow: ellipsis;
 

core/templates/core/base/header.jinja

@@ -61,7 +61,9 @@
               <a href="{{ url('core:user_tools') }}">{% trans %}Tools{% endtrans %}</a>
               <form id="logout-form" method="post" action="{{ url("core:logout") }}">
                 {% csrf_token %}
-                <button type="submit">{% trans %}Logout{% endtrans %}</button>
+                <button type="submit" class="link-like link-red">
+                  {% trans %}Logout{% endtrans %}
+                </button>
               </form>
             </div>
           </div>

core/templates/core/search.jinja

@@ -9,19 +9,17 @@
 {% block content %}
   <h4>{% trans %}Users{% endtrans %}</h4>
   <ul>
-    {% for i in result.users %}
-      {% if user.can_view(i) %}
-        <li>
-          {{ user_link_with_pict(i) }}
-        </li>
-      {% endif %}
+    {% for user in users %}
+      <li>
+        {{ user_link_with_pict(user) }}
+      </li>
     {% endfor %}
   </ul>
   <h4>{% trans %}Clubs{% endtrans %}</h4>
   <ul>
-    {% for i in result.clubs %}
+    {% for club in clubs %}
       <li>
-        <a href="{{ url("club:club_view", club_id=i.id) }}">{{ i }}</a>
+        <a href="{{ url("club:club_view", club_id=club.id) }}">{{ club }}</a>
       </li>
     {% endfor %}
   </ul>

core/templates/core/user_clubs.jinja

@@ -17,7 +17,9 @@
         <td>{% trans %}Description{% endtrans %}</td>
         <td>{% trans %}Since{% endtrans %}</td>
         <td></td>
-        <td></td>
+        {% if user.has_perm("club.delete_membership") %}
+          <td></td>
+        {% endif %}
       </tr>
     </thead>
     <tbody>
@@ -28,7 +30,16 @@
           <td>{{ m.description }}</td>
           <td>{{ m.start_date }}</td>
           {% if m.can_be_edited_by(user) %}
-            <td><a href="{{ url('club:membership_set_old', membership_id=m.id) }}">{% trans %}Mark as old{% endtrans %}</a></td>
+            <td>
+              <form
+                method="post"
+                action="{{ url('club:membership_set_old', membership_id=m.id) }}"
+                class="no-margin"
+              >
+                {% csrf_token %}
+                <input type="submit" class="link-like" value="{% trans %}Mark as old{% endtrans %}" />
+              </form>
+            </td>
           {% endif %}
           {% if user.has_perm("club.delete_membership") %}
             <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
@@ -48,7 +59,9 @@
         <td>{% trans %}Description{% endtrans %}</td>
         <td>{% trans %}From{% endtrans %}</td>
         <td>{% trans %}To{% endtrans %}</td>
-
+        {% if user.has_perm("club.delete_membership") %}
+          <td></td>
+        {% endif %}
       </tr>
     </thead>
     <tbody>

core/tests/test_core.py

@@ -35,6 +35,7 @@ from pytest_django.asserts import assertInHTML, assertRedirects
 
 from antispam.models import ToxicDomain
 from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
 from core.markdown import markdown
 from core.models import AnonymousUser, Group, Page, User, validate_promo
 from core.utils import get_last_promo, get_semester_code, get_start_of_semester
@@ -551,3 +552,10 @@ def test_allow_fragment_mixin():
     assert not TestAllowFragmentView.as_view()(request)
     request.headers = {"HX-Request": True, **base_headers}
     assert TestAllowFragmentView.as_view()(request)
+
+
+@pytest.mark.django_db
+def test_search_view(client: Client):
+    client.force_login(subscriber_user.make())
+    response = client.get(reverse("core:search", query={"query": "foo"}))
+    assert response.status_code == 200

core/tests/test_notification.py

@@ -0,0 +1,64 @@
+from datetime import timedelta
+from operator import attrgetter
+
+import pytest
+from bs4 import BeautifulSoup
+from django.test import Client, TestCase
+from django.urls import reverse
+from django.utils.timezone import now
+from model_bakery import baker, seq
+from pytest_django.asserts import assertRedirects
+
+from core.baker_recipes import subscriber_user
+from core.models import Notification
+
+
+@pytest.mark.django_db
+class TestNotificationList(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = subscriber_user.make()
+        url = reverse("core:user_profile", kwargs={"user_id": cls.user.id})
+        cls.notifs = baker.make(
+            Notification,
+            user=cls.user,
+            url=url,
+            viewed=False,
+            date=seq(now() - timedelta(days=1), timedelta(hours=1)),
+            _quantity=10,
+            _bulk_create=True,
+        )
+
+    def test_list(self):
+        self.client.force_login(self.user)
+        response = self.client.get(reverse("core:notification_list"))
+        assert response.status_code == 200
+        soup = BeautifulSoup(response.text, "lxml")
+        ul = soup.find("ul", id="notifications")
+        elements = list(ul.find_all("li"))
+        assert len(elements) == len(self.notifs)
+        notifs = sorted(self.notifs, key=attrgetter("date"), reverse=True)
+        for element, notif in zip(elements, notifs, strict=True):
+            assert element.find("a")["href"] == reverse(
+                "core:notification", kwargs={"notif_id": notif.id}
+            )
+
+    def test_read_all(self):
+        self.client.force_login(self.user)
+        response = self.client.get(
+            reverse("core:notification_list", query={"read_all": None})
+        )
+        assert response.status_code == 200
+        assert not self.user.notifications.filter(viewed=True).exists()
+
+
+@pytest.mark.django_db
+def test_notification_redirect(client: Client):
+    user = subscriber_user.make()
+    url = reverse("core:user_profile", kwargs={"user_id": user.id})
+    notif = baker.make(Notification, user=user, url=url, viewed=False)
+    client.force_login(user)
+    response = client.get(reverse("core:notification", kwargs={"notif_id": notif.id}))
+    assertRedirects(response, url)
+    notif.refresh_from_db()
+    assert notif.viewed is True

core/tests/test_user.py

@@ -1,4 +1,5 @@
 from datetime import timedelta
+from unittest import mock
 
 import pytest
 from django.conf import settings
@@ -23,6 +24,7 @@ from core.models import AnonymousUser, Group, User
 from core.views import UserTabsMixin
 from counter.baker_recipes import sale_recipe
 from counter.models import Counter, Customer, Refilling, Selling
+from counter.utils import is_logged_in_counter
 from eboutic.models import Invoice, InvoiceItem
 
 
@@ -60,7 +62,9 @@ class TestSearchUsersAPI(TestSearchUsers):
         """Test that users are ordered by last login date."""
         self.client.force_login(subscriber_user.make())
 
-        response = self.client.get(reverse("api:search_users") + "?search=First")
+        response = self.client.get(
+            reverse("api:search_users", query={"search": "First"})
+        )
         assert response.status_code == 200
         assert response.json()["count"] == 11
         # The users are ordered by last login date, so we need to reverse the list
@@ -69,7 +73,7 @@ class TestSearchUsersAPI(TestSearchUsers):
         ]
 
     def test_search_case_insensitive(self):
-        """Test that the search is case insensitive."""
+        """Test that the search is case-insensitive."""
         self.client.force_login(subscriber_user.make())
 
         expected = [u.id for u in self.users[::-1]]
@@ -82,14 +86,19 @@ class TestSearchUsersAPI(TestSearchUsers):
             assert [r["id"] for r in response.json()["results"]] == expected
 
     def test_search_nick_name(self):
-        """Test that the search can be done on the nick name."""
+        """Test that the search can be done on the nickname."""
+        # hidden users should not be in the final result,
+        # even when the nickname matches
+        self.users[10].is_viewable = False
+        self.users[10].save()
         self.client.force_login(subscriber_user.make())
 
         # this should return users with nicknames Nick11, Nick10 and Nick1
-        response = self.client.get(reverse("api:search_users") + "?search=Nick1")
+        response = self.client.get(
+            reverse("api:search_users", query={"search": "Nick1"})
+        )
         assert response.status_code == 200
         assert [r["id"] for r in response.json()["results"]] == [
-            self.users[10].id,
             self.users[9].id,
             self.users[0].id,
         ]
@@ -101,10 +110,25 @@ class TestSearchUsersAPI(TestSearchUsers):
         self.client.force_login(subscriber_user.make())
 
         # this should return users with first names First1 and First10
-        response = self.client.get(reverse("api:search_users") + "?search=bél")
+        response = self.client.get(reverse("api:search_users", query={"search": "bél"}))
         assert response.status_code == 200
         assert [r["id"] for r in response.json()["results"]] == [belix.id]
 
+    @mock.create_autospec(is_logged_in_counter, return_value=True)
+    def test_search_as_barman(self):
+        # barmen should also see hidden users
+        self.users[10].is_viewable = False
+        self.users[10].save()
+        response = self.client.get(
+            reverse("api:search_users", query={"search": "Nick1"})
+        )
+        assert response.status_code == 200
+        assert [r["id"] for r in response.json()["results"]] == [
+            self.users[10].id,
+            self.users[9].id,
+            self.users[0].id,
+        ]
+
 
 class TestSearchUsersView(TestSearchUsers):
     """Test the search user view (`GET /search`)."""

core/urls.py

@@ -24,6 +24,7 @@
 from django.urls import path, re_path, register_converter
 from django.views.generic import RedirectView
 
+from com.views import NewsListView
 from core.converters import (
     BooleanStringConverter,
     FourDigitYearConverter,
@@ -53,6 +54,7 @@ from core.views import (
     PagePropView,
     PageRevView,
     PageView,
+    SearchView,
     SithLoginView,
     SithPasswordChangeDoneView,
     SithPasswordChangeView,
@@ -76,13 +78,9 @@ from core.views import (
     UserUpdateProfileView,
     UserView,
     delete_user_godfather,
-    index,
     logout,
     notification,
     password_root_change,
-    search_json,
-    search_user_json,
-    search_view,
     send_file,
 )
 
@@ -91,13 +89,11 @@ register_converter(TwoDigitMonthConverter, "mm")
 register_converter(BooleanStringConverter, "bool")
 
 urlpatterns = [
-    path("", index, name="index"),
+    path("", NewsListView.as_view(), name="index"),
     path("notifications/", NotificationList.as_view(), name="notification_list"),
     path("notification/<int:notif_id>/", notification, name="notification"),
     # Search
-    path("search/", search_view, name="search"),
-    path("search_json/", search_json, name="search_json"),
-    path("search_user/", search_user_json, name="search_user"),
+    path("search/", SearchView.as_view(), name="search"),
     # Login and co
     path("login/", SithLoginView.as_view(), name="login"),
     path("logout/", logout, name="logout"),

core/views/forms.py

@@ -20,9 +20,9 @@
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
-import difflib
 import re
-from datetime import date, datetime, timedelta
+from copy import copy
+from datetime import date, datetime
 from io import BytesIO
 
 from captcha.fields import CaptchaField
@@ -390,14 +390,11 @@ class PageRevisionForm(forms.ModelForm):
 
         - less than 20 minutes ago
         - by the same author
-        - with a diff ratio higher than 20%
+        - with a similarity ratio higher than 80%
 
         then the latter will be edited and the new revision won't be created.
     """
 
-    TIME_THRESHOLD = timedelta(minutes=20)
-    DIFF_THRESHOLD = 0.2
-
     class Meta:
         model = PageRev
         fields = ["title", "content"]
@@ -409,21 +406,11 @@ class PageRevisionForm(forms.ModelForm):
         super().__init__(*args, instance=instance, **kwargs)
         self.author = author
         self.page = page
-        self.initial_content = instance.content if instance else ""
-
-    def diff_ratio(self, new_str: str) -> float:
-        return difflib.SequenceMatcher(
-            None, self.initial_content, new_str
-        ).quick_ratio()
+        self.initial_obj: PageRev = copy(self.instance)
 
     def save(self, commit=True):  # noqa FBT002
         revision: PageRev = self.instance
-        if (
-            revision._state.adding
-            or revision.author != self.author
-            or revision.date + self.TIME_THRESHOLD < now()
-            or self.diff_ratio(revision.content) < (1 - self.DIFF_THRESHOLD)
-        ):
+        if not self.initial_obj.should_merge(self.instance):
             revision.author = self.author
             revision.page = self.page
             revision.id = None  # if id is None, Django will create a new record

core/views/index.py

@@ -22,106 +22,49 @@
 #
 #
 
-import json
-
 from django.conf import settings
-from django.contrib.auth.decorators import login_required
-from django.core import serializers
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.db.models import F
 from django.db.models.query import QuerySet
-from django.http import JsonResponse
-from django.shortcuts import redirect, render
-from django.utils import html
-from django.utils.text import slugify
-from django.views.generic import ListView
-from haystack.query import SearchQuerySet
+from django.http import HttpRequest
+from django.shortcuts import get_object_or_404, redirect
+from django.views.generic import ListView, TemplateView
 
 from club.models import Club
 from core.models import Notification, User
+from core.schemas import UserFilterSchema
 
 
-def index(request, context=None):
-    from com.views import NewsListView
-
-    return NewsListView.as_view()(request)
-
-
-class NotificationList(ListView):
+class NotificationList(LoginRequiredMixin, ListView):
     model = Notification
     template_name = "core/notification_list.jinja"
 
     def get_queryset(self) -> QuerySet[Notification]:
-        if self.request.user.is_anonymous:
-            return Notification.objects.none()
-        # TODO: Bulk update in django 2.2
         if "see_all" in self.request.GET:
             self.request.user.notifications.filter(viewed=False).update(viewed=True)
         return self.request.user.notifications.order_by("-date")[:20]
 
 
-def notification(request, notif_id):
-    notif = Notification.objects.filter(id=notif_id).first()
-    if notif:
-        if notif.type not in settings.SITH_PERMANENT_NOTIFICATIONS:
-            notif.viewed = True
-        else:
-            notif.callback()
-        notif.save()
-        return redirect(notif.url)
-    return redirect("/")
+def notification(request: HttpRequest, notif_id: int):
+    notif = get_object_or_404(Notification, id=notif_id)
+    if notif.type not in settings.SITH_PERMANENT_NOTIFICATIONS:
+        notif.viewed = True
+    else:
+        notif.callback()
+    notif.save()
+    return redirect(notif.url)
 
 
-def search_user(query):
-    try:
-        # slugify turns everything into ascii and every whitespace into -
-        # it ends by removing duplicate - (so ' - ' will turn into '-')
-        # replace('-', ' ') because search is whitespace based
-        query = slugify(query).replace("-", " ")
-        # TODO: is this necessary?
-        query = html.escape(query)
-        res = (
-            SearchQuerySet()
-            .models(User)
-            .autocomplete(auto=query)
-            .order_by("-last_login")
-            .load_all()[:20]
-        )
-        return [r.object for r in res]
-    except TypeError:
-        return []
+class SearchView(LoginRequiredMixin, TemplateView):
+    template_name = "core/search.jinja"
 
-
-def search_club(query, *, as_json=False):
-    clubs = []
-    if query:
-        clubs = Club.objects.filter(name__icontains=query).all()
-        clubs = clubs[:5]
-        if as_json:
-            # Re-loads json to avoid double encoding by JsonResponse, but still benefit from serializers
-            clubs = json.loads(serializers.serialize("json", clubs, fields=("name")))
-        else:
-            clubs = list(clubs)
-    return clubs
-
-
-@login_required
-def search_view(request):
-    result = {
-        "users": search_user(request.GET.get("query", "")),
-        "clubs": search_club(request.GET.get("query", "")),
-    }
-    return render(request, "core/search.jinja", context={"result": result})
-
-
-@login_required
-def search_user_json(request):
-    result = {"users": search_user(request.GET.get("query", ""))}
-    return JsonResponse(result)
-
-
-@login_required
-def search_json(request):
-    result = {
-        "users": search_user(request.GET.get("query", "")),
-        "clubs": search_club(request.GET.get("query", ""), as_json=True),
-    }
-    return JsonResponse(result)
+    def get_context_data(self, **kwargs):
+        users, clubs = [], []
+        if query := self.request.GET.get("query"):
+            users = list(
+                UserFilterSchema(search=query)
+                .filter(User.objects.viewable_by(self.request.user))
+                .order_by(F("last_login").desc(nulls_last=True))
+            )
+            clubs = list(Club.objects.filter(name__icontains=query)[:5])
+        return super().get_context_data(**kwargs) | {"users": users, "clubs": clubs}

counter/forms.py

@@ -1,7 +1,7 @@
 import json
 import math
 import uuid
-from datetime import date
+from datetime import date, datetime, timezone
 
 from dateutil.relativedelta import relativedelta
 from django import forms
@@ -235,6 +235,19 @@ class ScheduledProductActionForm(forms.ModelForm):
         )
         return super().clean()
 
+    def set_product(self, product: Product):
+        """Set the product to which this form's instance is linked.
+
+        When this form is linked to a ProductForm in the case of a product's creation,
+        the product doesn't exist yet, so saving this form as is will result
+        in having `{"product_id": null}` in the action kwargs.
+        For the creation to be useful, it may be needed to inject the newly created
+        product into this form, before saving the latter.
+        """
+        self.product = product
+        kwargs = json.loads(self.instance.kwargs) | {"product_id": self.product.id}
+        self.instance.kwargs = json.dumps(kwargs)
+
 
 class BaseScheduledProductActionFormSet(BaseModelFormSet):
     def __init__(self, *args, product: Product, **kwargs):
@@ -321,11 +334,19 @@ class ProductForm(forms.ModelForm):
     def is_valid(self):
         return super().is_valid() and self.action_formset.is_valid()
 
-    def save(self, *args, **kwargs):
-        ret = super().save(*args, **kwargs)
-        self.instance.counters.set(self.cleaned_data["counters"])
+    def save(self, *args, **kwargs) -> Product:
+        product = super().save(*args, **kwargs)
+        product.counters.set(self.cleaned_data["counters"])
+        for form in self.action_formset:
+            # if it's a creation, the product given in the formset
+            # wasn't a persisted instance.
+            # So if we tried to persist the scheduled actions in the current state,
+            # they would be linked to no product, thus be completely useless
+            # To make it work, we have to replace
+            # the initial product with a persisted one
+            form.set_product(product)
         self.action_formset.save()
-        return ret
+        return product
 
 
 class ReturnableProductForm(forms.ModelForm):
@@ -369,7 +390,6 @@ class EticketForm(forms.ModelForm):
 class CloseCustomerAccountForm(forms.Form):
     user = forms.ModelChoiceField(
         label=_("Refound this account"),
-        help_text=None,
         required=True,
         widget=AutoCompleteSelectUser,
         queryset=User.objects.all(),
@@ -489,13 +509,14 @@ class InvoiceCallForm(forms.Form):
     def __init__(self, *args, month: date, **kwargs):
         super().__init__(*args, **kwargs)
         self.month = month
+        month_start = datetime(month.year, month.month, month.day, tzinfo=timezone.utc)
         self.clubs = list(
             Club.objects.filter(
                 Exists(
                     Selling.objects.filter(
                         club=OuterRef("pk"),
-                        date__gte=month,
-                        date__lte=month + relativedelta(months=1),
+                        date__gte=month_start,
+                        date__lte=month_start + relativedelta(months=1),
                     )
                 )
             ).annotate(

counter/schemas.py

@@ -1,13 +1,12 @@
 from datetime import datetime
 from typing import Annotated, Self
 
-from annotated_types import MinLen
 from django.urls import reverse
-from ninja import Field, FilterSchema, ModelSchema, Schema
+from ninja import FilterLookup, FilterSchema, ModelSchema, Schema
 from pydantic import model_validator
 
 from club.schemas import SimpleClubSchema
-from core.schemas import GroupSchema, SimpleUserSchema
+from core.schemas import GroupSchema, NonEmptyStr, SimpleUserSchema
 from counter.models import Counter, Product, ProductType
 
 
@@ -21,7 +20,7 @@ class CounterSchema(ModelSchema):
 
 
 class CounterFilterSchema(FilterSchema):
-    search: Annotated[str, MinLen(1)] = Field(None, q="name__icontains")
+    search: Annotated[NonEmptyStr | None, FilterLookup("name__icontains")] = None
 
 
 class SimplifiedCounterSchema(ModelSchema):
@@ -93,18 +92,18 @@ class ProductSchema(ModelSchema):
 
 
 class ProductFilterSchema(FilterSchema):
-    search: Annotated[str, MinLen(1)] | None = Field(
-        None, q=["name__icontains", "code__icontains"]
-    )
-    is_archived: bool | None = Field(None, q="archived")
-    buying_groups: set[int] | None = Field(None, q="buying_groups__in")
-    product_type: set[int] | None = Field(None, q="product_type__in")
-    club: set[int] | None = Field(None, q="club__in")
-    counter: set[int] | None = Field(None, q="counters__in")
+    search: Annotated[
+        NonEmptyStr | None, FilterLookup(["name__icontains", "code__icontains"])
+    ] = None
+    is_archived: Annotated[bool | None, FilterLookup("archived")] = None
+    buying_groups: Annotated[set[int] | None, FilterLookup("buying_groups__in")] = None
+    product_type: Annotated[set[int] | None, FilterLookup("product_type__in")] = None
+    club: Annotated[set[int] | None, FilterLookup("club__in")] = None
+    counter: Annotated[set[int] | None, FilterLookup("counters__in")] = None
 
 
 class SaleFilterSchema(FilterSchema):
-    before: datetime | None = Field(None, q="date__lt")
-    after: datetime | None = Field(None, q="date__gt")
-    counters: set[int] | None = Field(None, q="counter__in")
-    products: set[int] | None = Field(None, q="product__in")
+    before: Annotated[datetime | None, FilterLookup("date__lt")] = None
+    after: Annotated[datetime | None, FilterLookup("date__gt")] = None
+    counters: Annotated[set[int] | None, FilterLookup("counter__in")] = None
+    products: Annotated[set[int] | None, FilterLookup("product__in")] = None

counter/tests/test_auto_actions.py

@@ -11,8 +11,12 @@ from model_bakery import baker
 
 from core.models import Group, User
 from counter.baker_recipes import counter_recipe, product_recipe
-from counter.forms import ScheduledProductActionForm, ScheduledProductActionFormSet
-from counter.models import ScheduledProductAction
+from counter.forms import (
+    ProductForm,
+    ScheduledProductActionForm,
+    ScheduledProductActionFormSet,
+)
+from counter.models import Product, ScheduledProductAction
 
 
 @pytest.mark.django_db
@@ -34,6 +38,39 @@ def test_edit_product(client: Client):
     assert res.status_code == 200
 
 
+@pytest.mark.django_db
+def test_create_actions_alongside_product():
+    """The form should work when the product and the actions are created alongside."""
+    # non-persisted instance
+    product: Product = product_recipe.prepare(_save_related=True)
+    trigger_at = now() + timedelta(minutes=10)
+    form = ProductForm(
+        data={
+            "name": "foo",
+            "description": "bar",
+            "product_type": product.product_type_id,
+            "club": product.club_id,
+            "code": "FOO",
+            "purchase_price": 1.0,
+            "selling_price": 1.0,
+            "special_selling_price": 1.0,
+            "limit_age": 0,
+            "form-TOTAL_FORMS": "2",
+            "form-INITIAL_FORMS": "0",
+            "form-0-task": "counter.tasks.archive_product",
+            "form-0-trigger_at": trigger_at,
+        },
+    )
+    assert form.is_valid()
+    product = form.save()
+    action = ScheduledProductAction.objects.last()
+    assert action.clocked.clocked_time == trigger_at
+    assert action.enabled is True
+    assert action.one_off is True
+    assert action.task == "counter.tasks.archive_product"
+    assert action.kwargs == json.dumps({"product_id": product.id})
+
+
 @pytest.mark.django_db
 class TestProductActionForm:
     def test_single_form_archive(self):

counter/tests/test_invoices.py

@@ -6,7 +6,7 @@ from django.contrib.auth.models import Permission
 from django.core.exceptions import ValidationError
 from django.test import Client
 from django.urls import reverse
-from django.utils.timezone import localdate
+from django.utils.timezone import now
 from model_bakery import baker
 from pytest_django.asserts import assertRedirects
 
@@ -57,7 +57,7 @@ def test_invoice_call_view(client: Client, query: dict | None):
 @pytest.mark.django_db
 def test_invoice_call_form():
     Selling.objects.all().delete()
-    month = localdate() - relativedelta(months=1)
+    month = now() - relativedelta(months=1)
     clubs = baker.make(Club, _quantity=2)
     recipe = sale_recipe.extend(date=month, customer=baker.make(Customer, amount=10000))
     recipe.make(club=clubs[0], quantity=2, unit_price=200)

counter/views/admin.py

@@ -12,7 +12,7 @@
 # OR WITHIN THE LOCAL FILE "LICENSE"
 #
 #
-from datetime import timedelta
+from datetime import datetime, timedelta
 
 from django.conf import settings
 from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
@@ -23,6 +23,7 @@ from django.forms.models import modelform_factory
 from django.shortcuts import get_object_or_404
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
+from django.utils.timezone import get_current_timezone
 from django.utils.translation import gettext as _
 from django.views.generic import DetailView, ListView, TemplateView
 from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateView
@@ -285,7 +286,13 @@ class CounterStatView(PermissionRequiredMixin, DetailView):
     def get_context_data(self, **kwargs):
         """Add stats to the context."""
         counter: Counter = self.object
-        semester_start = get_start_of_semester()
+        start_date = get_start_of_semester()
+        semester_start = datetime(
+            start_date.year,
+            start_date.month,
+            start_date.day,
+            tzinfo=get_current_timezone(),
+        )
         office_hours = counter.get_top_barmen()
         kwargs = super().get_context_data(**kwargs)
         kwargs.update(

counter/views/invoice.py

@@ -12,7 +12,7 @@
 # OR WITHIN THE LOCAL FILE "LICENSE"
 #
 #
-from datetime import datetime
+from datetime import datetime, timezone
 from urllib.parse import urlencode
 
 from dateutil.relativedelta import relativedelta
@@ -63,7 +63,8 @@ class InvoiceCallView(
         """Add sums to the context."""
         kwargs = super().get_context_data(**kwargs)
         kwargs["months"] = Selling.objects.datetimes("date", "month", order="DESC")
-        start_date = self.get_month()
+        month = self.get_month()
+        start_date = datetime(month.year, month.month, month.day, tzinfo=timezone.utc)
         end_date = start_date + relativedelta(months=1)
 
         kwargs["sum_cb"] = Refilling.objects.filter(

matmat/views.py

@@ -24,6 +24,7 @@ from ast import literal_eval
 from enum import Enum
 
 from django import forms
+from django.db.models import F
 from django.http.response import HttpResponseRedirect
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
@@ -34,7 +35,7 @@ from phonenumber_field.widgets import RegionalPhoneNumberWidget
 
 from core.auth.mixins import FormerSubscriberMixin
 from core.models import User
-from core.views import search_user
+from core.schemas import UserFilterSchema
 from core.views.forms import SelectDate
 
 # Enum to select search type
@@ -126,11 +127,13 @@ class SearchFormListView(FormerSubscriberMixin, SingleObjectMixin, ListView):
                 q = q.filter(phone=self.valid_form["phone"]).all()
             elif self.search_type == SearchType.QUICK:
                 if self.valid_form["quick"].strip():
-                    q = search_user(self.valid_form["quick"])
+                    q = list(
+                        UserFilterSchema(search=self.valid_form["quick"])
+                        .filter(User.objects.viewable_by(self.request.user))
+                        .order_by(F("last_login").desc(nulls_last=True))
+                    )
                 else:
                     q = []
-                if not self.can_see_hidden and len(q) > 0:
-                    q = [user for user in q if user.is_viewable]
             else:
                 search_dict = {}
                 for key, value in self.valid_form.items():

pedagogy/schemas.py

@@ -1,9 +1,9 @@
-from typing import Literal
+from typing import Annotated, Literal
 
 from django.db.models import Q
 from django.utils import html
 from haystack.query import SearchQuerySet
-from ninja import FilterSchema, ModelSchema, Schema
+from ninja import FilterLookup, FilterSchema, ModelSchema, Schema
 from pydantic import AliasPath, ConfigDict, Field, TypeAdapter
 from pydantic.alias_generators import to_camel
 
@@ -114,13 +114,14 @@ class UvSchema(ModelSchema):
 
 
 class UvFilterSchema(FilterSchema):
-    search: str | None = Field(None, q="code__icontains")
+    search: Annotated[str | None, FilterLookup("code__icontains")] = None
     semester: set[Literal["AUTUMN", "SPRING"]] | None = None
-    credit_type: set[Literal["CS", "TM", "EC", "OM", "QC"]] | None = Field(
-        None, q="credit_type__in"
-    )
+    credit_type: Annotated[
+        set[Literal["CS", "TM", "EC", "OM", "QC"]] | None,
+        FilterLookup("credit_type__in"),
+    ] = None
     language: str = "FR"
-    department: set[str] | None = Field(None, q="department__in")
+    department: Annotated[set[str] | None, FilterLookup("department__in")] = None
 
     def filter_search(self, value: str | None) -> Q:
         """Special filter for the search text.

pyproject.toml

@@ -20,8 +20,8 @@ license = { text = "GPL-3.0-only" }
 requires-python = "<4.0,>=3.12"
 dependencies = [
     "django>=5.2.8,<6.0.0",
-    "django-ninja>=1.4.5,<2.0.0",
-    "django-ninja-extra>=0.30.2,<1.0.0",
+    "django-ninja>=1.5.0,<6.0.0",
+    "django-ninja-extra>=0.30.6",
     "Pillow>=12.0.0,<13.0.0",
     "mistune>=3.1.4,<4.0.0",
     "django-jinja<3.0.0,>=2.11.0",
@@ -68,7 +68,7 @@ dev = [
     "pre-commit>=4.3.0,<5.0.0",
     "ruff>=0.14.4,<1.0.0",
     "djhtml>=3.0.10,<4.0.0",
-    "faker>=37.12.0,<39.0.0",
+    "faker>=37.12.0,<38.0.0",
     "rjsmin>=1.2.5,<2.0.0",
 ]
 tests = [

sas/schemas.py

@@ -2,20 +2,19 @@ from datetime import datetime
 from pathlib import Path
 from typing import Annotated
 
-from annotated_types import MinLen
 from django.urls import reverse
-from ninja import FilterSchema, ModelSchema, Schema
+from ninja import FilterLookup, FilterSchema, ModelSchema, Schema
 from pydantic import Field, NonNegativeInt
 
-from core.schemas import SimpleUserSchema, UserProfileSchema
+from core.schemas import NonEmptyStr, SimpleUserSchema, UserProfileSchema
 from sas.models import Album, Picture, PictureModerationRequest
 
 
 class AlbumFilterSchema(FilterSchema):
-    search: Annotated[str, MinLen(1)] | None = Field(None, q="name__icontains")
-    before_date: datetime | None = Field(None, q="event_date__lte")
-    after_date: datetime | None = Field(None, q="event_date__gte")
-    parent_id: int | None = Field(None, q="parent_id")
+    search: Annotated[NonEmptyStr | None, FilterLookup("name__icontains")] = None
+    before_date: Annotated[datetime | None, FilterLookup("event_date__lte")] = None
+    after_date: Annotated[datetime | None, FilterLookup("event_date__gte")] = None
+    parent_id: Annotated[int | None, FilterLookup("parent_id")] = None
 
 
 class SimpleAlbumSchema(ModelSchema):
@@ -60,10 +59,12 @@ class AlbumAutocompleteSchema(ModelSchema):
 
 
 class PictureFilterSchema(FilterSchema):
-    before_date: datetime | None = Field(None, q="date__lte")
-    after_date: datetime | None = Field(None, q="date__gte")
-    users_identified: set[int] | None = Field(None, q="people__user_id__in")
-    album_id: int | None = Field(None, q="parent_id")
+    before_date: Annotated[datetime | None, FilterLookup("date__lte")] = None
+    after_date: Annotated[datetime | None, FilterLookup("date__gte")] = None
+    users_identified: Annotated[
+        set[int] | None, FilterLookup("people__user_id__in")
+    ] = None
+    album_id: Annotated[int | None, FilterLookup("parent_id")] = None
 
 
 class PictureSchema(ModelSchema):

sith/settings.py

@@ -216,7 +216,7 @@ TEMPLATES = [
         },
     },
 ]
-FORM_RENDERER = "django.forms.renderers.DjangoDivFormRenderer"
+
 
 HAYSTACK_CONNECTIONS = {
     "default": {