Fix link-once and script-once not triggering when another one disappears

Merge pull request #1324 from ae-utbm/eurock
Eurock
2026-03-26 21:39:42 +00:00 · 2026-03-26 16:05:05 +01:00 · 2026-03-25 13:20:38 +01:00 · 2026-03-24 14:32:30 +01:00 · 2026-03-24 14:19:10 +01:00 · 2026-03-23 23:21:30 +01:00
45 changed files with 2200 additions and 1983 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -24,6 +24,9 @@ node_modules/
 # compiled documentation
 site/

+# rollup-bundle-visualizer report
+.bundle-size-report.html
+
 ### Redis ###

 # Ignore redis binary dump (dump.rdb) files
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,7 +1,7 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    # Ruff version.
-    rev: v0.15.0
+    rev: v0.15.5
    hooks:
      - id: ruff-check  # just check the code, and print the errors
      - id: ruff-check  # actually fix the fixable errors, but print nothing
@@ -12,7 +12,7 @@ repos:
    rev: v0.6.1
    hooks:
      - id: biome-check
-        additional_dependencies: ["@biomejs/biome@2.3.14"]
+        additional_dependencies: ["@biomejs/biome@2.4.6"]
  - repo: https://github.com/rtts/djhtml
    rev: 3.0.10
    hooks:
--- a/biome.json
+++ b/biome.json
@@ -7,7 +7,7 @@
  },
  "files": {
    "ignoreUnknown": false,
-    "includes": ["**/static/**"]
+    "includes": ["**/static/**", "vite.config.mts"]
  },
  "formatter": {
    "enabled": true,
--- a/com/views.py
+++ b/com/views.py
@@ -244,9 +244,8 @@ class NewsListView(TemplateView):
            .filter(
                date_of_birth__month=localdate().month,
                date_of_birth__day=localdate().day,
-                is_viewable=True,
+                role__in=["STUDENT", "FORMER STUDENT"],
            )
-            .filter(role__in=["STUDENT", "FORMER STUDENT"])
            .order_by("-date_of_birth"),
            key=lambda u: u.date_of_birth.year,
        )
--- a/core/admin.py
+++ b/core/admin.py
@@ -63,6 +63,7 @@ class UserAdmin(admin.ModelAdmin):
        "scrub_pict",
        "user_permissions",
        "groups",
+        "whitelisted_users",
    )
    inlines = (UserBanInline,)
    search_fields = ["first_name", "last_name", "username"]
--- a/core/management/commands/populate.py
+++ b/core/management/commands/populate.py
@@ -116,7 +116,11 @@ class Command(BaseCommand):
        )
        main_club.board_group.permissions.add(
            *Permission.objects.filter(
-                codename__in=["view_subscription", "add_subscription"]
+                codename__in=[
+                    "view_subscription",
+                    "add_subscription",
+                    "view_hidden_user",
+                ]
            )
        )
        bar_club = Club.objects.create(
--- a/core/migrations/0049_user_whitelisted_users.py
+++ b/core/migrations/0049_user_whitelisted_users.py
@@ -0,0 +1,37 @@
+# Generated by Django 5.2.12 on 2026-03-14 08:39
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("core", "0048_alter_user_options")]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="whitelisted_users",
+            field=models.ManyToManyField(
+                blank=True,
+                help_text=(
+                    "Even if this profile is hidden, "
+                    "the users in this list will still be able to see it."
+                ),
+                related_name="visible_by_whitelist",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="whitelisted users",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="preferences",
+            name="show_my_stats",
+            field=models.BooleanField(
+                default=False,
+                help_text=(
+                    "Allow subscribers (or whitelisted users "
+                    "if your profile is hidden) to access your AE account stats."
+                ),
+                verbose_name="show your stats to others",
+            ),
+        ),
+    ]
--- a/core/models.py
+++ b/core/models.py
@@ -131,7 +131,7 @@ class UserQuerySet(models.QuerySet):
        if user.has_perm("core.view_hidden_user"):
            return self
        if user.has_perm("core.view_user"):
-            return self.filter(is_viewable=True)
+            return self.filter(Q(is_viewable=True) | Q(whitelisted_users=user))
        if user.is_anonymous:
            return self.none()
        return self.filter(id=user.id)
@@ -279,6 +279,16 @@ class User(AbstractUser):
        ),
        default=True,
    )
+    whitelisted_users = models.ManyToManyField(
+        "User",
+        related_name="visible_by_whitelist",
+        verbose_name=_("whitelisted users"),
+        help_text=_(
+            "Even if this profile is hidden, "
+            "the users in this list will still be able to see it."
+        ),
+        blank=True,
+    )
    godfathers = models.ManyToManyField("User", related_name="godchildren", blank=True)

    objects = CustomUserManager()
@@ -518,7 +528,7 @@ class User(AbstractUser):
        self.username = user_name
        return user_name

-    def is_owner(self, obj):
+    def is_owner(self, obj: models.Model):
        """Determine if the object is owned by the user."""
        if hasattr(obj, "is_owned_by") and obj.is_owned_by(self):
            return True
@@ -526,7 +536,7 @@ class User(AbstractUser):
            return True
        return self.is_root

-    def can_edit(self, obj):
+    def can_edit(self, obj: models.Model):
        """Determine if the object can be edited by the user."""
        if hasattr(obj, "can_be_edited_by") and obj.can_be_edited_by(self):
            return True
@@ -540,11 +550,9 @@ class User(AbstractUser):
                pks = list(obj.edit_groups.values_list("id", flat=True))
            if any(self.is_in_group(pk=pk) for pk in pks):
                return True
-        if isinstance(obj, User) and obj == self:
-            return True
        return self.is_owner(obj)

-    def can_view(self, obj):
+    def can_view(self, obj: models.Model):
        """Determine if the object can be viewed by the user."""
        if hasattr(obj, "can_be_viewed_by") and obj.can_be_viewed_by(self):
            return True
@@ -563,14 +571,35 @@ class User(AbstractUser):
                return True
        return self.can_edit(obj)

-    def can_be_edited_by(self, user):
-        return user.is_root or user.is_board_member
+    def can_be_edited_by(self, user: User):
+        return user == self or user.is_root or user.is_board_member

    def can_be_viewed_by(self, user: User) -> bool:
+        """Check if the given user can be viewed by this user.
+
+        Given users A and B. A can be viewed by B if :
+
+        - A and B are the same user
+        - or B has the permission to view hidden users
+        - or B can view users in general and A didn't hide its profile
+        - or B is in A's whitelist.
+        """
+
+        def is_in_whitelist(u: User):
+            if (
+                hasattr(self, "_prefetched_objects_cache")
+                and "whitelisted_users" in self._prefetched_objects_cache
+            ):
+                return u in self.whitelisted_users.all()
+            return self.whitelisted_users.contains(u)
+
        return (
            user.id == self.id
            or user.has_perm("core.view_hidden_user")
-            or (user.has_perm("core.view_user") and self.is_viewable)
+            or (
+                user.has_perm("core.view_user")
+                and (self.is_viewable or is_in_whitelist(user))
+            )
        )

    def get_mini_item(self):
@@ -750,7 +779,14 @@ class Preferences(models.Model):
        User, related_name="_preferences", on_delete=models.CASCADE
    )
    receive_weekmail = models.BooleanField(_("receive the Weekmail"), default=False)
-    show_my_stats = models.BooleanField(_("show your stats to others"), default=False)
+    show_my_stats = models.BooleanField(
+        _("show your stats to others"),
+        help_text=_(
+            "Allow subscribers (or whitelisted users "
+            "if your profile is hidden) to access your AE account stats."
+        ),
+        default=False,
+    )
    notify_on_click = models.BooleanField(
        _("get a notification for every click"), default=False
    )
--- a/core/static/bundled/core/components/include-index.ts
+++ b/core/static/bundled/core/components/include-index.ts
@@ -6,14 +6,36 @@ import { inheritHtmlElement, registerComponent } from "#core:utils/web-component
 **/
@registerComponent("link-once")
 export class LinkOnce extends inheritHtmlElement("link") {
-  connectedCallback() {
-    super.connectedCallback(false);
+  refresh() {
+    this.clearNode();
+
    // We get href from node.attributes instead of node.href to avoid getting the domain part
    const href = this.node.attributes.getNamedItem("href").nodeValue;
    if (document.querySelectorAll(`link[href='${href}']`).length === 0) {
      this.appendChild(this.node);
    }
  }
+
+  clearNode() {
+    while (this.firstChild) {
+      this.removeChild(this.lastChild);
+    }
+  }
+
+  connectedCallback() {
+    super.connectedCallback(false);
+    this.refresh();
+  }
+
+  disconnectedCallback() {
+    this.clearNode();
+
+    // This re-triggers link-once elements that still exists and suppressed
+    // themeselves once it gets removed from the page
+    for (const link of document.getElementsByTagName("link-once")) {
+      (link as LinkOnce).refresh();
+    }
+  }
 }

 /**
@@ -22,12 +44,34 @@ export class LinkOnce extends inheritHtmlElement("link") {
 **/
@registerComponent("script-once")
 export class ScriptOnce extends inheritHtmlElement("script") {
-  connectedCallback() {
-    super.connectedCallback(false);
+  refresh() {
+    this.clearNode();
+
    // We get src from node.attributes instead of node.src to avoid getting the domain part
    const src = this.node.attributes.getNamedItem("src").nodeValue;
    if (document.querySelectorAll(`script[src='${src}']`).length === 0) {
      this.appendChild(this.node);
    }
  }
+
+  clearNode() {
+    while (this.firstChild) {
+      this.removeChild(this.lastChild);
+    }
+  }
+
+  connectedCallback() {
+    super.connectedCallback(false);
+    this.refresh();
+  }
+
+  disconnectedCallback() {
+    this.clearNode();
+
+    // This re-triggers script-once elements that still exists and suppressed
+    // themeselves once it gets removed from the page
+    for (const link of document.getElementsByTagName("script-once")) {
+      (link as LinkOnce).refresh();
+    }
+  }
 }
--- a/core/static/bundled/core/components/nfc-input-index.ts
+++ b/core/static/bundled/core/components/nfc-input-index.ts
@@ -26,7 +26,6 @@ export class NfcInput extends inheritHtmlElement("input") {
        window.alert(gettext("Unsupported NFC card"));
      });

-      // biome-ignore lint/correctness/noUndeclaredVariables: browser API
      ndef.addEventListener("reading", (event: NDEFReadingEvent) => {
        this.removeAttribute("scan");
        this.node.value = event.serialNumber.replace(/:/g, "").toUpperCase();
--- a/core/static/core/base.css
+++ b/core/static/core/base.css
@@ -115,7 +115,6 @@ blockquote:before,
 blockquote:after,
 q:before,
 q:after {
-  content: "";
  content: none;
 }
 table {
--- a/core/static/core/forms.scss
+++ b/core/static/core/forms.scss
@@ -157,6 +157,7 @@ form {
    margin-bottom: .25rem;
    font-size: 80%;
    display: block;
+    max-width: calc(100% - calc(var(--nf-input-size) * 2))
  }

  fieldset {
--- a/core/static/user/user_edit.scss
+++ b/core/static/user/user_edit.scss
@@ -5,17 +5,6 @@
 }

 .profile {
-  &-visible {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: 5px;
-    padding-top: 10px;
-    input[type="checkbox"]+label {
-      max-width: unset;
-    }
-  }
-
  &-pictures {
    box-sizing: border-box;
    display: flex;
--- a/core/static/user/user_preferences.scss
+++ b/core/static/user/user_preferences.scss
@@ -19,28 +19,6 @@
      }
    }
  }
-
-  &-cards,
-  &-trombi {
-    >p {
-      display: flex;
-      flex-direction: column;
-      align-items: flex-start;
-      text-align: justify;
-      gap: 5px;
-      margin: 0;
-
-      >input,
-      >select {
-        min-width: 300px;
-      }
-    }
-  }
-
-  &-submit-btn {
-    margin-top: 10px !important;
-    max-width: 100px;
-  }
 }

 .justify {
--- a/core/templates/core/base/notifications.jinja
+++ b/core/templates/core/base/notifications.jinja
@@ -1,14 +1,11 @@
 <div id="quick-notifications"
     x-data="{
             messages: [
-             {% if messages %}
-               {% for message in messages %}
-                 {
-                 tag: '{{ message.tags }}',
-                 text: '{{ message }}',
-                 },
-               {% endfor %}
-             {% endif %}
+             {%- for message in messages -%}
+               {%- if not message.extra_tags -%}
+                 { tag: '{{ message.tags }}', text: '{{ message }}' },
+               {%- endif -%}
+             {%- endfor -%}
             ]
             }"
     @quick-notification-add="(e) => messages.push(e?.detail)"
--- a/core/templates/core/fragment/user_visibility.jinja
+++ b/core/templates/core/fragment/user_visibility.jinja
@@ -0,0 +1,33 @@
+<form
+  hx-post="{{ url("core:user_visibility_fragment", user_id=form.instance.id) }}"
+  hx-disabled-elt="find input[type='submit']"
+  hx-swap="outerHTML" x-data="{ isViewable: {{ form.is_viewable.value()|tojson }} }"
+>
+  {% for message in messages %}
+    {% if message.extra_tags=="visibility" %}
+      <div class="alert alert-success">
+        {{ message }}
+      </div>
+    {% endif %}
+  {% endfor %}
+  {% csrf_token %}
+  {{ form.non_field_errors() }}
+  <fieldset class="form-group">
+    {{ form.is_viewable|add_attr("x-model=isViewable") }}
+    {{ form.is_viewable.label_tag() }}
+    <span class="helptext">{{ form.is_viewable.help_text }}</span>
+    {{ form.is_viewable.errors }}
+  </fieldset>
+  <fieldset class="form-group" x-show="!isViewable">
+    {{ form.whitelisted_users.as_field_group() }}
+  </fieldset>
+  <fieldset class="form-group">
+    {{ form.show_my_stats }}
+    {{ form.show_my_stats.label_tag() }}
+    <span class="helptext">
+      {{ form.show_my_stats.help_text }}
+    </span>
+    {{ form.show_my_stats.errors }}
+  </fieldset>
+  <input type="submit" class="btn btn-blue" value="{% trans %}Save{% endtrans %}">
+</form>
--- a/core/templates/core/user_edit.jinja
+++ b/core/templates/core/user_edit.jinja
@@ -147,18 +147,7 @@
      {%- endfor -%}
    </div>

-    {# Checkboxes #}
-    <div class="profile-visible">
-      <div class="row">
-        {{ form.is_viewable }}
-        {{ form.is_viewable.label_tag() }}
-      </div>
-      <span class="helptext">
-        {{ form.is_viewable.help_text }}
-      </span>
-    </div>
    <div class="final-actions">
-
      {%- if form.instance == user -%}
        <p>
          <a href="{{ url('core:password_change') }}">{%- trans -%}Change my password{%- endtrans -%}</a>
@@ -170,7 +159,6 @@
          </a>
        </p>
      {%- endif -%}
-
      <p>
        <input type="submit" value="{%- trans -%}Update{%- endtrans -%}" />
      </p>
--- a/core/templates/core/user_preferences.jinja
+++ b/core/templates/core/user_preferences.jinja
@@ -11,30 +11,22 @@
 {% block content %}
  <div class="main">
    <h2>{% trans %}Preferences{% endtrans %}</h2>
-    <h3>{% trans %}General{% endtrans %}</h3>
-    <form class="form form-general" action="" method="post" enctype="multipart/form-data">
-      {% csrf_token %}
-      {{ form.as_p() }}
-      <input class="form-submit-btn" type="submit" value="{% trans %}Save{% endtrans %}" />
-    </form>
-
-    <h3>{% trans %}Trombi{% endtrans %}</h3>
-
-    {% if trombi_form %}
-      <form class="form form-trombi" action="{{ url('trombi:user_tools') }}" method="post" enctype="multipart/form-data">
-        {% csrf_token %}
-        {{ trombi_form.as_p() }}
-        <input class="form-submit-btn" type="submit" value="{% trans %}Save{% endtrans %}" />
-      </form>
-
-    {% else %}
-      <p>{% trans trombi=profile.trombi_user.trombi %}You already choose to be in that Trombi: {{ trombi }}.{% endtrans %}
    <br />
-        <a href="{{ url('trombi:user_tools') }}">{% trans %}Go to my Trombi tools{% endtrans %}</a>
-      </p>
-    {% endif %}
+    <h3>{% trans %}Notifications{% endtrans %}</h3>
+    <form action="" method="post" enctype="multipart/form-data">
+      {% csrf_token %}
+      <div class="form form-general">
+        {{ form.as_p() }}
+      </div>
+      <input class="btn btn-blue" type="submit" value="{% trans %}Save{% endtrans %}" />
+    </form>

+    <br />
+    <h3>{% trans %}Visibility{% endtrans %}</h3>

+    {{ user_visibility_fragment }}
+
+    <br />
    {% if student_card_fragment %}
      <h3>{% trans %}Student card{% endtrans %}</h3>
      {{ student_card_fragment }}
@@ -43,5 +35,21 @@
          add a student card yourself, you'll need a NFC reader. We store the UID of the card which is 14 characters long.{% endtrans %}
      </p>
    {% endif %}
+
+    <br />
+    <h3>{% trans %}Trombi{% endtrans %}</h3>
+
+    {% if trombi_form %}
+      <form action="{{ url('trombi:user_tools') }}" method="post" enctype="multipart/form-data">
+        {% csrf_token %}
+        {{ trombi_form.as_p() }}
+        <input class="btn btn-blue" type="submit" value="{% trans %}Save{% endtrans %}" />
+      </form>
+    {% else %}
+      <p>{% trans trombi=profile.trombi_user.trombi %}You already choose to be in that Trombi: {{ trombi }}.{% endtrans %}
+        <br />
+        <a href="{{ url('trombi:user_tools') }}">{% trans %}Go to my Trombi tools{% endtrans %}</a>
+      </p>
+    {% endif %}
  </div>
 {% endblock %}
--- a/core/tests/test_user.py
+++ b/core/tests/test_user.py
@@ -399,13 +399,12 @@ class TestUserQuerySetViewableBy:
        return [
            baker.make(User),
            subscriber_user.make(),
-            subscriber_user.make(is_viewable=False),
+            *subscriber_user.make(is_viewable=False, _quantity=2),
        ]

    def test_admin_user(self, users: list[User]):
        user = baker.make(
-            User,
-            user_permissions=[Permission.objects.get(codename="view_hidden_user")],
+            User, user_permissions=[Permission.objects.get(codename="view_hidden_user")]
        )
        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
        assert set(viewable) == set(users)
@@ -418,6 +417,12 @@ class TestUserQuerySetViewableBy:
        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
        assert set(viewable) == {users[0], users[1]}

+    def test_whitelist(self, users: list[User]):
+        user = subscriber_user.make()
+        users[3].whitelisted_users.add(user)
+        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
+        assert set(viewable) == {users[0], users[1], users[3]}
+
    @pytest.mark.parametrize("user_factory", [lambda: baker.make(User), AnonymousUser])
    def test_not_subscriber(self, users: list[User], user_factory):
        user = user_factory()
--- a/core/urls.py
+++ b/core/urls.py
@@ -69,7 +69,6 @@ from core.views import (
    UserCreationView,
    UserGodfathersTreeView,
    UserGodfathersView,
-    UserListView,
    UserMeRedirect,
    UserMiniView,
    UserPreferencesView,
@@ -78,6 +77,7 @@ from core.views import (
    UserUpdateGroupView,
    UserUpdateProfileView,
    UserView,
+    UserVisibilityFormFragment,
    delete_user_godfather,
    logout,
    notification,
@@ -136,7 +136,11 @@ urlpatterns = [
        "group/<int:group_id>/detail/", GroupTemplateView.as_view(), name="group_detail"
    ),
    # User views
-    path("user/", UserListView.as_view(), name="user_list"),
+    path(
+        "fragment/user/<int:user_id>/",
+        UserVisibilityFormFragment.as_view(),
+        name="user_visibility_fragment",
+    ),
    path(
        "user/me/<path:remaining_path>/",
        UserMeRedirect.as_view(),
--- a/core/views/forms.py
+++ b/core/views/forms.py
@@ -48,12 +48,13 @@ from phonenumber_field.widgets import RegionalPhoneNumberWidget
 from PIL import Image

 from antispam.forms import AntiSpamEmailField
-from core.models import Gift, Group, Page, PageRev, SithFile, User
+from core.models import Gift, Group, Page, PageRev, Preferences, SithFile, User
 from core.utils import resize_image
 from core.views.widgets.ajax_select import (
    AutoCompleteSelect,
    AutoCompleteSelectGroup,
    AutoCompleteSelectMultipleGroup,
+    AutoCompleteSelectMultipleUser,
    AutoCompleteSelectUser,
 )
 from core.views.widgets.markdown import MarkdownInput
@@ -179,7 +180,6 @@ class UserProfileForm(forms.ModelForm):
            "school",
            "promo",
            "forum_signature",
-            "is_viewable",
        ]
        widgets = {
            "date_of_birth": SelectDate,
@@ -264,6 +264,38 @@ class UserProfileForm(forms.ModelForm):
        self._post_clean()


+class UserVisibilityForm(forms.ModelForm):
+    class Meta:
+        model = User
+        fields = ["is_viewable", "whitelisted_users"]
+        widgets = {
+            "is_viewable": forms.CheckboxInput(attrs={"class": "switch"}),
+            "whitelisted_users": AutoCompleteSelectMultipleUser,
+        }
+
+    __preferences_fields = forms.fields_for_model(
+        Preferences,
+        ["show_my_stats"],
+        widgets={"show_my_stats": forms.CheckboxInput(attrs={"class": "switch"})},
+    )
+    show_my_stats = __preferences_fields["show_my_stats"]
+
+    def __init__(
+        self, *args, initial: dict | None = None, instance: User | None = None, **kwargs
+    ):
+        if instance:
+            initial = initial or {}
+            initial["show_my_stats"] = instance.preferences.show_my_stats
+        super().__init__(*args, initial=initial, instance=instance, **kwargs)
+
+    def save(self, commit=True) -> User:  # noqa: FBT002
+        instance = super().save(commit=commit)
+        if commit:
+            instance.preferences.show_my_stats = self.cleaned_data["show_my_stats"]
+            instance.preferences.save()
+        return instance
+
+
 class UserGroupsForm(forms.ModelForm):
    error_css_class = "error"
    required_css_class = "required"
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -28,10 +28,12 @@ from datetime import timedelta
 from operator import itemgetter
 from smtplib import SMTPException

+from django.contrib import messages
 from django.contrib.auth import login, views
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import PasswordChangeForm, SetPasswordForm
 from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
+from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import PermissionDenied
 from django.db.models import DateField, F, QuerySet, Sum
 from django.db.models.functions import Trunc
@@ -48,7 +50,6 @@ from django.views.generic import (
    CreateView,
    DeleteView,
    DetailView,
-    ListView,
    RedirectView,
    TemplateView,
 )
@@ -65,8 +66,9 @@ from core.views.forms import (
    UserGodfathersForm,
    UserGroupsForm,
    UserProfileForm,
+    UserVisibilityForm,
 )
-from core.views.mixins import TabedViewMixin, UseFragmentsMixin
+from core.views.mixins import FragmentMixin, TabedViewMixin, UseFragmentsMixin
 from counter.models import Refilling, Selling
 from eboutic.models import Invoice
 from trombi.views import UserTrombiForm
@@ -248,14 +250,15 @@ class UserTabsMixin(TabedViewMixin):
                    "name": _("Groups"),
                }
            )
-        if (
+        can_view_account = (
            hasattr(user, "customer")
            and user.customer
            and (
                user == self.request.user
                or self.request.user.has_perm("counter.view_customer")
            )
-        ):
+        )
+        if can_view_account or user.preferences.show_my_stats:
            tab_list.append(
                {
                    "url": reverse("core:user_stats", kwargs={"user_id": user.id}),
@@ -263,6 +266,7 @@ class UserTabsMixin(TabedViewMixin):
                    "name": _("Stats"),
                }
            )
+        if can_view_account:
            tab_list.append(
                {
                    "url": reverse("core:user_account", kwargs={"user_id": user.id}),
@@ -349,7 +353,7 @@ class UserGodfathersTreeView(UserTabsMixin, CanViewMixin, DetailView):
        return kwargs


-class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
+class UserStatsView(UserTabsMixin, UserPassesTestMixin, DetailView):
    """Display a user's stats."""

    model = User
@@ -357,15 +361,20 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
    context_object_name = "profile"
    template_name = "core/user_stats.jinja"
    current_tab = "stats"
-    queryset = User.objects.exclude(customer=None).select_related("customer")
+    queryset = User.objects.exclude(customer=None).select_related(
+        "customer", "_preferences"
+    )

-    def dispatch(self, request, *arg, **kwargs):
-        profile = self.get_object()
-        if not (
-            profile == request.user or request.user.has_perm("counter.view_customer")
-        ):
-            raise PermissionDenied
-        return super().dispatch(request, *arg, **kwargs)
+    def test_func(self):
+        profile: User = self.get_object()
+        return (
+            profile == self.request.user
+            or self.request.user.has_perm("counter.view_customer")
+            or (
+                self.request.user.can_view(profile)
+                and profile.preferences.show_my_stats
+            )
+        )

    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
@@ -404,13 +413,6 @@ class UserMiniView(CanViewMixin, DetailView):
    template_name = "core/user_mini.jinja"


-class UserListView(ListView, CanEditPropMixin):
-    """Displays the user list."""
-
-    model = User
-    template_name = "core/user_list.jinja"
-
-
 # FIXME: the edit_once fields aren't displayed to the user (as expected).
 #  However, if the user re-add them manually in the form, they are saved.
 class UserUpdateProfileView(UserTabsMixin, CanEditMixin, UpdateView):
@@ -468,6 +470,30 @@ class UserClubView(UserTabsMixin, CanViewMixin, DetailView):
    current_tab = "clubs"


+class UserVisibilityFormFragment(FragmentMixin, SuccessMessageMixin, UpdateView):
+    model = User
+    form_class = UserVisibilityForm
+    template_name = "core/fragment/user_visibility.jinja"
+    pk_url_kwarg = "user_id"
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {"label_suffix": ""}
+
+    def form_valid(self, form):
+        response = super().form_valid(form)
+        messages.success(
+            self.request, _("Visibility parameters updated."), extra_tags="visibility"
+        )
+        return response
+
+    def render_fragment(self, request, **kwargs) -> SafeString:
+        self.object = kwargs.get("user")
+        return super().render_fragment(request, **kwargs)
+
+    def get_success_url(self, **kwargs):
+        return self.request.path
+
+
 class UserPreferencesView(UserTabsMixin, UseFragmentsMixin, CanEditMixin, UpdateView):
    """Edit a user's preferences."""

@@ -481,7 +507,10 @@ class UserPreferencesView(UserTabsMixin, UseFragmentsMixin, CanEditMixin, Update
    current_tab = "prefs"

    def get_form_kwargs(self):
-        return super().get_form_kwargs() | {"instance": self.object.preferences}
+        return super().get_form_kwargs() | {
+            "instance": self.object.preferences,
+            "label_suffix": "",
+        }

    def get_success_url(self):
        return self.request.path
@@ -491,6 +520,9 @@ class UserPreferencesView(UserTabsMixin, UseFragmentsMixin, CanEditMixin, Update
        from counter.views.student_card import StudentCardFormFragment

        res = super().get_fragment_context_data()
+        res["user_visibility_fragment"] = UserVisibilityFormFragment.as_fragment()(
+            self.request, user=self.object
+        )
        if hasattr(self.object, "customer"):
            res["student_card_fragment"] = StudentCardFormFragment.as_fragment()(
                self.request, customer=self.object.customer
--- a/counter/forms.py
+++ b/counter/forms.py
@@ -5,6 +5,7 @@ from datetime import date, datetime, timezone

 from dateutil.relativedelta import relativedelta
 from django import forms
+from django.core.exceptions import ValidationError
 from django.core.validators import MaxValueValidator
 from django.db.models import Exists, OuterRef, Q
 from django.forms import BaseModelFormSet
@@ -15,7 +16,7 @@ from phonenumber_field.widgets import RegionalPhoneNumberWidget

 from club.models import Club
 from club.widgets.ajax_select import AutoCompleteSelectClub
-from core.models import User
+from core.models import User, UserQuerySet
 from core.views.forms import (
    FutureDateTimeField,
    NFCTextInput,
@@ -32,6 +33,7 @@ from core.views.widgets.ajax_select import (
 from counter.models import (
    BillingInfo,
    Counter,
+    CounterSellers,
    Customer,
    Eticket,
    InvoiceCall,
@@ -170,14 +172,39 @@ class RefillForm(forms.ModelForm):
 class CounterEditForm(forms.ModelForm):
    class Meta:
        model = Counter
-        fields = ["sellers", "products"]
-        widgets = {"sellers": AutoCompleteSelectMultipleUser}
+        fields = ["products"]
+
+    sellers_regular = forms.ModelMultipleChoiceField(
+        label=_("Regular barmen"),
+        help_text=_(
+            "Barmen having regular permanences "
+            "or frequently giving a hand throughout the semester."
+        ),
+        queryset=User.objects.all(),
+        widget=AutoCompleteSelectMultipleUser,
+        required=False,
+    )
+    sellers_temporary = forms.ModelMultipleChoiceField(
+        label=_("Temporary barmen"),
+        help_text=_(
+            "Barmen who will be there only for a limited period (e.g. for one evening)"
+        ),
+        queryset=User.objects.all(),
+        widget=AutoCompleteSelectMultipleUser,
+        required=False,
+    )
+    field_order = ["sellers_regular", "sellers_temporary", "products"]

    def __init__(self, *args, user: User, instance: Counter, **kwargs):
        super().__init__(*args, instance=instance, **kwargs)
+        # if the user is an admin, he will have access to all products,
+        # else only to active products owned by the counter's club
+        # or already on the counter
        if user.has_perm("counter.change_counter"):
            self.fields["products"].widget = AutoCompleteSelectMultipleProduct()
        else:
+            # updating the queryset of the field also updates the choices of
+            # the widget, so it's important to set the queryset after the widget
            self.fields["products"].widget = AutoCompleteSelectMultiple()
            self.fields["products"].queryset = Product.objects.filter(
                Q(club_id=instance.club_id) | Q(counters=instance), archived=False
@@ -186,6 +213,61 @@ class CounterEditForm(forms.ModelForm):
                "If you want to add a product that is not owned by "
                "your club to this counter, you should ask an admin."
            )
+        self.fields["sellers_regular"].initial = self.instance.sellers.filter(
+            countersellers__is_regular=True
+        ).all()
+        self.fields["sellers_temporary"].initial = self.instance.sellers.filter(
+            countersellers__is_regular=False
+        ).all()
+
+    def clean(self):
+        regular: UserQuerySet = self.cleaned_data["sellers_regular"]
+        temporary: UserQuerySet = self.cleaned_data["sellers_temporary"]
+        duplicates = list(regular.intersection(temporary))
+        if duplicates:
+            raise ValidationError(
+                _(
+                    "A user cannot be a regular and a temporary barman "
+                    "at the same time, "
+                    "but the following users have been defined as both : %(users)s"
+                )
+                % {"users": ", ".join([u.get_display_name() for u in duplicates])}
+            )
+        return self.cleaned_data
+
+    def save_sellers(self):
+        sellers = []
+        for users, is_regular in (
+            (self.cleaned_data["sellers_regular"], True),
+            (self.cleaned_data["sellers_temporary"], False),
+        ):
+            sellers.extend(
+                [
+                    CounterSellers(counter=self.instance, user=u, is_regular=is_regular)
+                    for u in users
+                ]
+            )
+        # start by deleting removed CounterSellers objects
+        user_ids = [seller.user.id for seller in sellers]
+        CounterSellers.objects.filter(
+            ~Q(user_id__in=user_ids), counter=self.instance
+        ).delete()
+
+        # then create or update the new barmen
+        CounterSellers.objects.bulk_create(
+            sellers,
+            update_conflicts=True,
+            update_fields=["is_regular"],
+            unique_fields=["user", "counter"],
+        )
+
+    def save(self, commit=True):  # noqa: FBT002
+        self.instance = super().save(commit=commit)
+        if commit and any(
+            key in self.changed_data for key in ("sellers_regular", "sellers_temporary")
+        ):
+            self.save_sellers()
+        return self.instance


 class ScheduledProductActionForm(forms.ModelForm):
--- a/counter/migrations/0038_countersellers.py
+++ b/counter/migrations/0038_countersellers.py
@@ -0,0 +1,88 @@
+# Generated by Django 5.2.11 on 2026-03-04 15:26
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("counter", "0037_productformula"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        # cf. https://docs.djangoproject.com/fr/stable/howto/writing-migrations/#changing-a-manytomanyfield-to-use-a-through-model
+        migrations.SeparateDatabaseAndState(
+            database_operations=[
+                migrations.RunSQL(
+                    sql="ALTER TABLE counter_counter_sellers RENAME TO counter_countersellers",
+                    reverse_sql="ALTER TABLE counter_countersellers RENAME TO counter_counter_sellers",
+                ),
+            ],
+            state_operations=[
+                migrations.CreateModel(
+                    name="CounterSellers",
+                    fields=[
+                        (
+                            "id",
+                            models.AutoField(
+                                auto_created=True,
+                                primary_key=True,
+                                serialize=False,
+                                verbose_name="ID",
+                            ),
+                        ),
+                        (
+                            "counter",
+                            models.ForeignKey(
+                                on_delete=django.db.models.deletion.CASCADE,
+                                to="counter.counter",
+                            ),
+                        ),
+                        (
+                            "user",
+                            models.ForeignKey(
+                                on_delete=django.db.models.deletion.CASCADE,
+                                to=settings.AUTH_USER_MODEL,
+                            ),
+                        ),
+                    ],
+                    options={
+                        "constraints": [
+                            models.UniqueConstraint(
+                                fields=("counter", "user"),
+                                name="counter_counter_sellers_counter_id_subscriber_id_key",
+                            )
+                        ],
+                    },
+                ),
+                migrations.AlterField(
+                    model_name="counter",
+                    name="sellers",
+                    field=models.ManyToManyField(
+                        blank=True,
+                        related_name="counters",
+                        through="counter.CounterSellers",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="sellers",
+                    ),
+                ),
+            ],
+        ),
+        migrations.AddField(
+            model_name="countersellers",
+            name="created_at",
+            field=models.DateTimeField(
+                auto_now_add=True,
+                default=django.utils.timezone.now,
+                verbose_name="created at",
+            ),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name="countersellers",
+            name="is_regular",
+            field=models.BooleanField(default=False, verbose_name="regular barman"),
+        ),
+    ]
--- a/counter/models.py
+++ b/counter/models.py
@@ -551,7 +551,11 @@ class Counter(models.Model):
        choices=[("BAR", _("Bar")), ("OFFICE", _("Office")), ("EBOUTIC", _("Eboutic"))],
    )
    sellers = models.ManyToManyField(
-        User, verbose_name=_("sellers"), related_name="counters", blank=True
+        User,
+        verbose_name=_("sellers"),
+        related_name="counters",
+        blank=True,
+        through="CounterSellers",
    )
    edit_groups = models.ManyToManyField(
        Group, related_name="editable_counters", blank=True
@@ -743,6 +747,26 @@ class Counter(models.Model):
        ]


+class CounterSellers(models.Model):
+    """Custom through model for the counter-sellers M2M relationship."""
+
+    counter = models.ForeignKey(Counter, on_delete=models.CASCADE)
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    is_regular = models.BooleanField(_("regular barman"), default=False)
+    created_at = models.DateTimeField(_("created at"), auto_now_add=True)
+
+    class Meta:
+        constraints = [
+            models.UniqueConstraint(
+                fields=["counter", "user"],
+                name="counter_counter_sellers_counter_id_subscriber_id_key",
+            )
+        ]
+
+    def __str__(self):
+        return f"counter {self.counter_id} - user {self.user_id}"
+
+
 class RefillingQuerySet(models.QuerySet):
    def annotate_total(self) -> Self:
        """Annotate the Queryset with the total amount.
--- a/counter/static/bundled/counter/counter-click-index.ts
+++ b/counter/static/bundled/counter/counter-click-index.ts
@@ -64,7 +64,7 @@ document.addEventListener("alpine:init", () => {

    checkFormulas() {
      const products = new Set(
-        Object.keys(this.basket).map((i: string) => Number.parseInt(i)),
+        Object.keys(this.basket).map((i: string) => Number.parseInt(i, 10)),
      );
      const formula: ProductFormula = config.formulas.find((f: ProductFormula) => {
        return f.products.every((p: number) => products.has(p));
--- a/counter/tests/test_counter_admin.py
+++ b/counter/tests/test_counter_admin.py
@@ -1,13 +1,132 @@
+from django.conf import settings
 from django.contrib.auth.models import Permission
 from django.test import TestCase
+from django.urls import reverse
 from model_bakery import baker

 from club.models import Membership
 from core.baker_recipes import subscriber_user
-from core.models import User
+from core.models import Group, User
 from counter.baker_recipes import product_recipe
 from counter.forms import CounterEditForm
-from counter.models import Counter
+from counter.models import Counter, CounterSellers
+
+
+class TestEditCounterSellers(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.counter = baker.make(Counter, type="BAR")
+        cls.products = product_recipe.make(_quantity=2, _bulk_create=True)
+        cls.counter.products.add(*cls.products)
+        users = subscriber_user.make(_quantity=6, _bulk_create=True)
+        cls.regular_barmen = users[:2]
+        cls.tmp_barmen = users[2:4]
+        cls.not_barmen = users[4:]
+        CounterSellers.objects.bulk_create(
+            [
+                *baker.prepare(
+                    CounterSellers,
+                    counter=cls.counter,
+                    user=iter(cls.regular_barmen),
+                    is_regular=True,
+                    _quantity=len(cls.regular_barmen),
+                ),
+                *baker.prepare(
+                    CounterSellers,
+                    counter=cls.counter,
+                    user=iter(cls.tmp_barmen),
+                    is_regular=False,
+                    _quantity=len(cls.tmp_barmen),
+                ),
+            ]
+        )
+        cls.operator = baker.make(
+            User, groups=[Group.objects.get(id=settings.SITH_GROUP_COUNTER_ADMIN_ID)]
+        )
+
+    def test_view_ok(self):
+        url = reverse("counter:admin", kwargs={"counter_id": self.counter.id})
+        self.client.force_login(self.operator)
+        res = self.client.get(url)
+        assert res.status_code == 200
+        res = self.client.post(
+            url,
+            data={
+                "sellers_regular": [u.id for u in self.regular_barmen],
+                "sellers_temporary": [u.id for u in self.tmp_barmen],
+                "products": [p.id for p in self.products],
+            },
+        )
+        self.assertRedirects(res, url)
+
+    def test_add_barmen(self):
+        form = CounterEditForm(
+            data={
+                "sellers_regular": [*self.regular_barmen, self.not_barmen[0]],
+                "sellers_temporary": [*self.tmp_barmen, self.not_barmen[1]],
+                "products": self.products,
+            },
+            instance=self.counter,
+            user=self.operator,
+        )
+        assert form.is_valid()
+        form.save()
+        assert set(self.counter.sellers.filter(countersellers__is_regular=True)) == {
+            *self.regular_barmen,
+            self.not_barmen[0],
+        }
+        assert set(self.counter.sellers.filter(countersellers__is_regular=False)) == {
+            *self.tmp_barmen,
+            self.not_barmen[1],
+        }
+
+    def test_barman_change_status(self):
+        """Test when a barman goes from temporary to regular"""
+        form = CounterEditForm(
+            data={
+                "sellers_regular": [*self.regular_barmen, self.tmp_barmen[0]],
+                "sellers_temporary": [*self.tmp_barmen[1:]],
+                "products": self.products,
+            },
+            instance=self.counter,
+            user=self.operator,
+        )
+        assert form.is_valid()
+        form.save()
+        assert set(self.counter.sellers.filter(countersellers__is_regular=True)) == {
+            *self.regular_barmen,
+            self.tmp_barmen[0],
+        }
+        assert set(
+            self.counter.sellers.filter(countersellers__is_regular=False)
+        ) == set(self.tmp_barmen[1:])
+
+    def test_barman_duplicate(self):
+        """Test that a barman cannot be regular and temporary at the same time."""
+        form = CounterEditForm(
+            data={
+                "sellers_regular": [*self.regular_barmen, self.not_barmen[0]],
+                "sellers_temporary": [*self.tmp_barmen, self.not_barmen[0]],
+                "products": self.products,
+            },
+            instance=self.counter,
+            user=self.operator,
+        )
+        assert not form.is_valid()
+        assert form.errors == {
+            "__all__": [
+                "Un utilisateur ne peut pas être un barman "
+                "régulier et temporaire en même temps, "
+                "mais les utilisateurs suivants ont été définis "
+                f"comme les deux : {self.not_barmen[0].get_display_name()}"
+            ],
+        }
+        assert set(self.counter.sellers.filter(countersellers__is_regular=True)) == set(
+            self.regular_barmen
+        )
+        assert set(
+            self.counter.sellers.filter(countersellers__is_regular=False)
+        ) == set(self.tmp_barmen)


 class TestEditCounterProducts(TestCase):
--- a/counter/views/admin.py
+++ b/counter/views/admin.py
@@ -16,6 +16,7 @@ from datetime import datetime, timedelta

 from django.conf import settings
 from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
+from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.forms import CheckboxSelectMultiple
@@ -58,7 +59,9 @@ class CounterListView(CounterAdminTabsMixin, CanViewMixin, ListView):
    current_tab = "counters"


-class CounterEditView(CounterAdminTabsMixin, UserPassesTestMixin, UpdateView):
+class CounterEditView(
+    CounterAdminTabsMixin, UserPassesTestMixin, SuccessMessageMixin, UpdateView
+):
    """Edit a counter's main informations (for the counter's manager)."""

    model = Counter
@@ -66,6 +69,7 @@ class CounterEditView(CounterAdminTabsMixin, UserPassesTestMixin, UpdateView):
    pk_url_kwarg = "counter_id"
    template_name = "core/edit.jinja"
    current_tab = "counters"
+    success_message = _("Counter update done")

    def test_func(self):
        if self.request.user.has_perm("counter.change_counter"):
--- a/eboutic/templates/eboutic/eboutic_main.jinja
+++ b/eboutic/templates/eboutic/eboutic_main.jinja
@@ -116,6 +116,56 @@
          </span>
        </div>
      {% endif %}
+      <section>
+        <div class="category-header">
+          <h3 class="margin-bottom">{% trans %}Eurockéennes 2025 partnership{% endtrans %}</h3>
+          {% if user.is_subscribed %}
+            <div id="eurock-partner" style="
+                                            min-height: 600px;
+                                            background-color: lightgrey;
+                                            display: flex;
+                                            justify-content: center;
+                                            align-items: center;
+                                            flex-direction: column;
+                                            gap: 10px;
+                                           ">
+              <p style="text-align: center;">
+                {% trans trimmed %}
+                  Our partner uses Weezevent to sell tickets.
+                  Weezevent may collect user info according to
+                  its own privacy policy.
+                  By clicking the accept button you consent to
+                  their terms of services.
+                {% endtrans %}
+              </p>
+
+              <a href="https://weezevent.com/fr/politique-de-confidentialite/">{% trans %}Privacy policy{% endtrans %}</a>
+
+              <button
+                hx-get="{{ url("eboutic:eurock") }}"
+                hx-target="#eurock-partner"
+                hx-swap="outerHTML"
+                hx-trigger="click, load[document.cookie.includes('weezevent_accept=true')]"
+                @htmx:after-request="document.cookie = 'weezevent_accept=true'"
+              >{% trans %}Accept{% endtrans %}
+              </button>
+            </div>
+          {% else %}
+            <p>
+              {%- trans trimmed %}
+                You must be subscribed to benefit from the partnership with the Eurockéennes.
+              {% endtrans -%}
+            </p>
+            <p>
+              {%- trans trimmed %}
+                This partnership offers a discount of up to 33%
+                on tickets for Friday, Saturday and Sunday,
+                as well as the 3-day package from Friday to Sunday.
+              {% endtrans -%}
+            </p>
+          {% endif %}
+        </div>
+      </section>
      {% for priority_groups in products|groupby('order') %}
        {% for category, items in priority_groups.list|groupby('category') %}
          {% if items|count > 0 %}
--- a/eboutic/templates/eboutic/eurock_fragment.jinja
+++ b/eboutic/templates/eboutic/eurock_fragment.jinja
@@ -0,0 +1,16 @@
+<a title="Logiciel billetterie en ligne"
+   href="https://www.weezevent.com?c=sys_widget"
+   class="weezevent-widget-integration"
+   target="_blank"
+   data-src="https://widget.weezevent.com/ticket/8aaba226-f7a3-4192-a64e-72ff8f5b35b7?id_evenement=1419869&locale=fr-FR&code=28747"
+   data-width="650"
+   data-height="600"
+   data-resize="1"
+   data-nopb="0"
+   data-type="neo"
+   data-width_auto="1"
+   data-noscroll="0"
+   data-id="1419869">
+  Billetterie Weezevent
+</a>
+<script type="text/javascript" src="https://widget.weezevent.com/weez.js"  async defer></script>
--- a/eboutic/templates/eboutic/eurok_fragment.jinja
+++ b/eboutic/templates/eboutic/eurok_fragment.jinja
@@ -1,17 +0,0 @@
-<a
-  title="Logiciel billetterie en ligne"
-  href="https://widget.weezevent.com/ticket/6ef65533-f5b0-4571-9d21-1f1bc63921f0?id_evenement=1211855&locale=fr-FR&code=34146"
-  class="weezevent-widget-integration"
-  target="_blank"
-  data-src="https://widget.weezevent.com/ticket/6ef65533-f5b0-4571-9d21-1f1bc63921f0?id_evenement=1211855&locale=fr-FR&code=34146"
-  data-width="650"
-  data-height="600"
-  data-resize="1"
-  data-nopb="0"
-  data-type="neo"
-  data-width_auto="1"
-  data-noscroll="0"
-  data-id="1211855">
-  Billetterie Weezevent
-</a>
-<script type="text/javascript" src="https://widget.weezevent.com/weez.js" async defer></script>
--- a/eboutic/urls.py
+++ b/eboutic/urls.py
@@ -31,6 +31,7 @@ from eboutic.views import (
    EbouticMainView,
    EbouticPayWithSith,
    EtransactionAutoAnswer,
+    EurockPartnerFragment,
    payment_result,
 )

@@ -50,4 +51,5 @@ urlpatterns = [
        EtransactionAutoAnswer.as_view(),
        name="etransation_autoanswer",
    ),
+    path("eurock/", EurockPartnerFragment.as_view(), name="eurock"),
 ]
--- a/eboutic/views.py
+++ b/eboutic/views.py
@@ -42,11 +42,11 @@ from django.shortcuts import redirect, render
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.http import require_GET
-from django.views.generic import DetailView, FormView, UpdateView, View
+from django.views.generic import DetailView, FormView, TemplateView, UpdateView, View
 from django.views.generic.edit import SingleObjectMixin
 from django_countries.fields import Country

-from core.auth.mixins import CanViewMixin
+from core.auth.mixins import CanViewMixin, IsSubscriberMixin
 from core.views.mixins import FragmentMixin, UseFragmentsMixin
 from counter.forms import BaseBasketForm, BasketProductForm, BillingInfoForm
 from counter.models import (
@@ -350,3 +350,7 @@ class EtransactionAutoAnswer(View):
            return HttpResponse(
                "Payment failed with error: " + request.GET["Error"], status=202
            )
+
+
+class EurockPartnerFragment(IsSubscriberMixin, TemplateView):
+    template_name = "eboutic/eurock_fragment.jinja"
--- a/election/templates/election/election_detail.jinja
+++ b/election/templates/election/election_detail.jinja
@@ -146,7 +146,7 @@
                          <label for="{{ input_id }}">
                        {%- endif %}
                        <figure>
-                          {%- if user.is_viewable %}
+                          {%- if user.can_view(candidature.user) %}
                            {% if candidature.user.profile_pict %}
                              <img class="candidate__picture" src="{{ candidature.user.profile_pict.get_download_url() }}" alt="{% trans %}Profile{% endtrans %}">
                            {% else %}
--- a/election/tests.py
+++ b/election/tests.py
@@ -6,6 +6,8 @@ from django.test import Client, TestCase
 from django.urls import reverse
 from django.utils.timezone import now
 from model_bakery import baker
+from model_bakery.recipe import Recipe
+from pytest_django.asserts import assertRedirects

 from core.baker_recipes import subscriber_user
 from core.models import Group, User
@@ -52,6 +54,102 @@ class TestElectionUpdateView(TestElection):
        assert response.status_code == 403


+class TestElectionForm(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.election = baker.make(Election, end_date=now() + timedelta(days=1))
+        cls.group = baker.make(Group)
+        cls.election.vote_groups.add(cls.group)
+        cls.election.edit_groups.add(cls.group)
+        lists = baker.make(
+            ElectionList, election=cls.election, _quantity=2, _bulk_create=True
+        )
+        cls.roles = baker.make(
+            Role, election=cls.election, _quantity=2, _bulk_create=True
+        )
+        users = baker.make(User, _quantity=4, _bulk_create=True)
+        recipe = Recipe(Candidature)
+        cls.cand = [
+            recipe.prepare(role=cls.roles[0], user=users[0], election_list=lists[0]),
+            recipe.prepare(role=cls.roles[0], user=users[1], election_list=lists[1]),
+            recipe.prepare(role=cls.roles[1], user=users[2], election_list=lists[0]),
+            recipe.prepare(role=cls.roles[1], user=users[3], election_list=lists[1]),
+        ]
+        Candidature.objects.bulk_create(cls.cand)
+        cls.vote_url = reverse("election:vote", kwargs={"election_id": cls.election.id})
+        cls.detail_url = reverse(
+            "election:detail", kwargs={"election_id": cls.election.id}
+        )
+
+    def test_election_good_form(self):
+        postes = (self.roles[0].title, self.roles[1].title)
+        votes = [
+            {postes[0]: "", postes[1]: str(self.cand[2].id)},
+            {postes[0]: "", postes[1]: ""},
+            {postes[0]: str(self.cand[0].id), postes[1]: str(self.cand[2].id)},
+            {postes[0]: str(self.cand[0].id), postes[1]: str(self.cand[3].id)},
+        ]
+        voters = subscriber_user.make(_quantity=len(votes), _bulk_create=True)
+        self.group.users.set(voters)
+
+        for voter, vote in zip(voters, votes, strict=True):
+            assert self.election.can_vote(voter)
+            self.client.force_login(voter)
+            response = self.client.post(self.vote_url, data=vote)
+            assertRedirects(response, self.detail_url)
+
+        assert set(self.election.voters.all()) == set(voters)
+        assert self.election.results == {
+            postes[0]: {
+                self.cand[0].user.username: {"percent": 50.0, "vote": 2},
+                self.cand[1].user.username: {"percent": 0.0, "vote": 0},
+                "blank vote": {"percent": 50.0, "vote": 2},
+                "total vote": 4,
+            },
+            postes[1]: {
+                self.cand[2].user.username: {"percent": 50.0, "vote": 2},
+                self.cand[3].user.username: {"percent": 25.0, "vote": 1},
+                "blank vote": {"percent": 25.0, "vote": 1},
+                "total vote": 4,
+            },
+        }
+
+    def test_election_bad_form(self):
+        postes = (self.roles[0].title, self.roles[1].title)
+
+        votes = [
+            {postes[0]: "", postes[1]: str(self.cand[0].id)},  # wrong candidate
+            {postes[0]: ""},
+            {
+                postes[0]: "0123456789",  # unknow users
+                postes[1]: str(subscriber_user.make().id),  # not a candidate
+            },
+            {},
+        ]
+        voters = subscriber_user.make(_quantity=len(votes), _bulk_create=True)
+        self.group.users.set(voters)
+
+        for voter, vote in zip(voters, votes, strict=True):
+            self.client.force_login(voter)
+            response = self.client.post(self.vote_url, data=vote)
+            assertRedirects(response, self.detail_url)
+
+        assert self.election.results == {
+            postes[0]: {
+                self.cand[0].user.username: {"percent": 0.0, "vote": 0},
+                self.cand[1].user.username: {"percent": 0.0, "vote": 0},
+                "blank vote": {"percent": 100.0, "vote": 2},
+                "total vote": 2,
+            },
+            postes[1]: {
+                self.cand[2].user.username: {"percent": 0.0, "vote": 0},
+                self.cand[3].user.username: {"percent": 0.0, "vote": 0},
+                "blank vote": {"percent": 100.0, "vote": 2},
+                "total vote": 2,
+            },
+        }
+
+
@pytest.mark.django_db
 def test_election_create_list_permission(client: Client):
    election = baker.make(Election, end_candidature=now() + timedelta(hours=1))
--- a/locale/fr/LC_MESSAGES/django.po
+++ b/locale/fr/LC_MESSAGES/django.po
@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-03-07 15:47+0100\n"
+"POT-Creation-Date: 2026-03-23 22:21+0100\n"
 "PO-Revision-Date: 2016-07-18\n"
 "Last-Translator: Maréchal <thomas.girod@utbm.fr\n"
 "Language-Team: AE info <ae.info@utbm.fr>\n"
@@ -551,8 +551,9 @@ msgstr ""
 #: com/templates/com/news_edit.jinja com/templates/com/poster_edit.jinja
 #: com/templates/com/screen_edit.jinja com/templates/com/weekmail.jinja
 #: core/templates/core/create.jinja core/templates/core/edit.jinja
-#: core/templates/core/file_edit.jinja core/templates/core/page/edit.jinja
-#: core/templates/core/page/prop.jinja
+#: core/templates/core/file_edit.jinja
+#: core/templates/core/fragment/user_visibility.jinja
+#: core/templates/core/page/edit.jinja core/templates/core/page/prop.jinja
 #: core/templates/core/user_godfathers.jinja
 #: core/templates/core/user_godfathers_tree.jinja
 #: core/templates/core/user_preferences.jinja
@@ -1547,6 +1548,18 @@ msgid ""
 msgstr ""
 "Si vous désactivez cette option, seuls les admins pourront voir votre profil."

+#: core/models.py
+msgid "whitelisted users"
+msgstr "utilisateurs whitelistés"
+
+#: core/models.py
+msgid ""
+"Even if this profile is hidden, the users in this list will still be able to "
+"see it."
+msgstr ""
+"Même si ce profil est caché, les utilisateurs sur cette liste pourront "
+"toujours le voir."
+
 #: core/models.py
 msgid "A user with that username already exists"
 msgstr "Un utilisateur de ce nom d'utilisateur existe déjà"
@@ -1603,6 +1616,14 @@ msgstr "recevoir le Weekmail"
 msgid "show your stats to others"
 msgstr "montrez vos statistiques aux autres"

+#: core/models.py
+msgid ""
+"Allow subscribers (or whitelisted users if your profile is hidden) to access "
+"your AE account stats."
+msgstr ""
+"Autorise les cotisants (ou les personnes whitelistées, si votre profil est "
+"caché) à accéder aux statistiques de votre compte AE"
+
 #: core/models.py
 msgid "get a notification for every click"
 msgstr "avoir une notification pour chaque click"
@@ -2612,21 +2633,12 @@ msgid "Preferences"
 msgstr "Préférences"

 #: core/templates/core/user_preferences.jinja
-msgid "General"
-msgstr "Général"
-
-#: core/templates/core/user_preferences.jinja trombi/views.py
-msgid "Trombi"
-msgstr "Trombi"
+msgid "Notifications"
+msgstr "Notifications"

 #: core/templates/core/user_preferences.jinja
-#, python-format
-msgid "You already choose to be in that Trombi: %(trombi)s."
-msgstr "Vous avez déjà choisi ce Trombi: %(trombi)s."
-
-#: core/templates/core/user_preferences.jinja
-msgid "Go to my Trombi tools"
-msgstr "Allez à mes outils de Trombi"
+msgid "Visibility"
+msgstr "Visibilité"

 #: core/templates/core/user_preferences.jinja
 #: counter/templates/counter/counter_click.jinja
@@ -2645,6 +2657,19 @@ msgstr ""
 "aurez besoin d'un lecteur NFC. Nous enregistrons l'UID de la carte qui fait "
 "14 caractères de long."

+#: core/templates/core/user_preferences.jinja trombi/views.py
+msgid "Trombi"
+msgstr "Trombi"
+
+#: core/templates/core/user_preferences.jinja
+#, python-format
+msgid "You already choose to be in that Trombi: %(trombi)s."
+msgstr "Vous avez déjà choisi ce Trombi: %(trombi)s."
+
+#: core/templates/core/user_preferences.jinja
+msgid "Go to my Trombi tools"
+msgstr "Allez à mes outils de Trombi"
+
 #: core/templates/core/user_stats.jinja
 #, python-format
 msgid "%(user_name)s's stats"
@@ -2925,6 +2950,10 @@ msgstr "Photos"
 msgid "Account"
 msgstr "Compte"

+#: core/views/user.py
+msgid "Visibility parameters updated."
+msgstr "Paramètres de visibilité mis à jour."
+
 #: counter/apps.py counter/models.py
 msgid "counter"
 msgstr "comptoir"
@@ -2937,6 +2966,29 @@ msgstr "Cet UID est invalide"
 msgid "User not found"
 msgstr "Utilisateur non trouvé"

+#: counter/forms.py
+msgid "Regular barmen"
+msgstr "Barmen réguliers"
+
+#: counter/forms.py
+msgid ""
+"Barmen having regular permanences or frequently giving a hand throughout the "
+"semester."
+msgstr ""
+"Les barmen assurant des permanences régulières ou donnant régulièrement un "
+"coup de main au cours du semestre."
+
+#: counter/forms.py
+msgid "Temporary barmen"
+msgstr "Barmen temporaires"
+
+#: counter/forms.py
+msgid ""
+"Barmen who will be there only for a limited period (e.g. for one evening)"
+msgstr ""
+"Les barmen qui seront là uniquement pour une durée limitée (par exemple, le "
+"temps d'une soirée)"
+
 #: counter/forms.py
 msgid ""
 "If you want to add a product that is not owned by your club to this counter, "
@@ -2945,6 +2997,16 @@ msgstr ""
 "Si vous souhaitez ajouter sur ce comptoir un produit qui n'appartient pas à "
 "votre club, vous devriez demander à un admin."

+#: counter/forms.py
+#, python-format
+msgid ""
+"A user cannot be a regular and a temporary barman at the same time, but the "
+"following users have been defined as both : %(users)s"
+msgstr ""
+"Un utilisateur ne peut pas être un barman régulier et temporaire en même "
+"temps, mais les utilisateurs suivants ont été définis comme les deux : "
+"%(users)s"
+
 #: counter/forms.py
 msgid "Date and time of action"
 msgstr "Date et heure de l'action"
@@ -3193,6 +3255,10 @@ msgstr "vendeurs"
 msgid "token"
 msgstr "jeton"

+#: counter/models.py
+msgid "regular barman"
+msgstr "barman régulier"
+
 #: counter/models.py sith/settings.py
 msgid "Credit card"
 msgstr "Carte bancaire"
@@ -3905,6 +3971,10 @@ msgstr "Temps"
 msgid "Top 100 barman %(counter_name)s (all semesters)"
 msgstr "Top 100 barman %(counter_name)s (tous les semestres)"

+#: counter/views/admin.py
+msgid "Counter update done"
+msgstr "Mise à jour du comptoir effectuée"
+
 #: counter/views/admin.py
 #, python-format
 msgid "%(formula)s (formula)"
@@ -5253,8 +5323,6 @@ msgid "One day"
 msgstr "Un jour"

 #: sith/settings.py
-#, fuzzy
-#| msgid "GA staff member"
 msgid "GA staff member"
 msgstr "Membre staff GA"

@@ -5799,3 +5867,39 @@ msgstr "Vous ne pouvez plus écrire de commentaires, la date est passée."
 #, python-format
 msgid "Maximum characters: %(max_length)s"
 msgstr "Nombre de caractères max: %(max_length)s"
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid "Eurockéennes 2025 partnership"
+msgstr "Partenariat Eurockéennes 2025"
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid ""
+"Our partner uses Weezevent to sell tickets. Weezevent may collect user info "
+"according to its own privacy policy. By clicking the accept button you "
+"consent to their terms of services."
+msgstr ""
+"Notre partenaire utilises Wezevent pour vendre ses billets. Weezevent peut "
+"collecter des informations utilisateur conformément à sa propre politique de "
+"confidentialité. En cliquant sur le bouton d'acceptation vous consentez à "
+"leurs termes de service."
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid "Privacy policy"
+msgstr "Politique de confidentialité"
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid ""
+"You must be subscribed to benefit from the partnership with the Eurockéennes."
+msgstr ""
+"Vous devez être cotisant pour bénéficier du partenariat avec les "
+"Eurockéennes."
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+#, python-format
+msgid ""
+"This partnership offers a discount of up to 33%% on tickets for Friday, "
+"Saturday and Sunday, as well as the 3-day package from Friday to Sunday."
+msgstr ""
+"Ce partenariat permet de profiter d'une réduction jusqu'à 33%% sur les "
+"billets du vendredi, du samedi et du dimanche, ainsi qu'au forfait 3 jours, "
+"du vendredi au dimanche."
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -8,8 +8,6 @@
    "compile-dev": "vite build --mode development",
    "serve": "vite build --mode development --watch --minify false",
    "openapi": "openapi-ts",
-    "analyse-dev": "vite-bundle-visualizer --mode development",
-    "analyse-prod": "vite-bundle-visualizer --mode production",
    "check": "tsc && biome check --write"
  },
  "keywords": [],
@@ -28,29 +26,28 @@
  "devDependencies": {
    "@babel/core": "^7.29.0",
    "@babel/preset-env": "^7.29.0",
-    "@biomejs/biome": "^2.3.14",
-    "@hey-api/openapi-ts": "^0.92.4",
+    "@biomejs/biome": "^2.4.6",
+    "@hey-api/openapi-ts": "^0.94.0",
    "@rollup/plugin-inject": "^5.0.5",
    "@types/alpinejs": "^3.13.11",
    "@types/cytoscape-cxtmenu": "^3.4.5",
    "@types/cytoscape-klay": "^3.1.5",
    "@types/js-cookie": "^3.0.6",
+    "rollup-plugin-visualizer": "^7.0.1",
    "typescript": "^5.9.3",
-    "vite": "^7.3.1",
-    "vite-bundle-visualizer": "^1.2.1",
-    "vite-plugin-static-copy": "^3.2.0"
+    "vite": "^8.0.0"
  },
  "dependencies": {
    "@alpinejs/sort": "^3.15.8",
    "@arendjr/text-clipper": "npm:@jsr/arendjr__text-clipper@^3.0.0",
-    "@floating-ui/dom": "^1.7.5",
+    "@floating-ui/dom": "^1.7.6",
    "@fortawesome/fontawesome-free": "^7.2.0",
    "@fullcalendar/core": "^6.1.20",
    "@fullcalendar/daygrid": "^6.1.20",
    "@fullcalendar/icalendar": "^6.1.20",
    "@fullcalendar/list": "^6.1.20",
-    "@sentry/browser": "^10.38.0",
-    "@zip.js/zip.js": "^2.8.20",
+    "@sentry/browser": "^10.43.0",
+    "@zip.js/zip.js": "^2.8.23",
    "3d-force-graph": "^1.79.1",
    "alpinejs": "^3.15.8",
    "chart.js": "^4.5.1",
@@ -60,14 +57,14 @@
    "cytoscape-klay": "^3.1.4",
    "d3-force-3d": "^3.0.6",
    "easymde": "^2.20.0",
-    "glob": "^13.0.2",
+    "glob": "^13.0.6",
    "html2canvas": "^1.4.1",
    "htmx.org": "^2.0.8",
    "js-cookie": "^3.0.5",
    "lit-html": "^3.3.2",
    "native-file-system-adapter": "^3.0.1",
-    "three": "^0.182.0",
+    "three": "^0.183.2",
    "three-spritetext": "^1.10.0",
-    "tom-select": "^2.5.1"
+    "tom-select": "^2.5.2"
  }
 }
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -19,7 +19,7 @@ authors = [
 license = { text = "GPL-3.0-only" }
 requires-python = "<4.0,>=3.12"
 dependencies = [
-    "django>=5.2.11,<6.0.0",
+    "django>=5.2.12,<6.0.0",
    "django-ninja>=1.5.3,<6.0.0",
    "django-ninja-extra>=0.31.0",
    "Pillow>=12.1.1,<13.0.0",
@@ -27,15 +27,15 @@ dependencies = [
    "django-jinja<3.0.0,>=2.11.0",
    "cryptography>=46.0.5,<47.0.0",
    "django-phonenumber-field>=8.4.0,<9.0.0",
-    "phonenumbers>=9.0.23,<10.0.0",
-    "reportlab>=4.4.9,<5.0.0",
+    "phonenumbers>=9.0.25,<10.0.0",
+    "reportlab>=4.4.10,<5.0.0",
    "django-haystack<4.0.0,>=3.3.0",
    "xapian-haystack<4.0.0,>=3.1.0",
    "libsass<1.0.0,>=0.23.0",
    "django-ordered-model<4.0.0,>=3.7.4",
    "django-simple-captcha<1.0.0,>=0.6.3",
    "python-dateutil<3.0.0.0,>=2.9.0.post0",
-    "sentry-sdk>=2.52.0,<3.0.0",
+    "sentry-sdk>=2.54.0,<3.0.0",
    "jinja2<4.0.0,>=3.1.6",
    "django-countries>=8.2.0,<9.0.0",
    "dict2xml>=1.7.8,<2.0.0",
@@ -51,7 +51,7 @@ dependencies = [
    "psutil>=7.2.2,<8.0.0",
    "celery[redis]>=5.6.2,<7",
    "django-celery-results>=2.5.1",
-    "django-celery-beat>=2.7.0",
+    "django-celery-beat>=2.9.0",
 ]

 [project.urls]
@@ -60,31 +60,31 @@ documentation = "https://sith-ae.readthedocs.io/"

 [dependency-groups]
 prod = [
-    "psycopg[c]>=3.3.2,<4.0.0",
+    "psycopg[c]>=3.3.3,<4.0.0",
 ]
 dev = [
    "django-debug-toolbar>=6.2.0,<7",
-    "ipython>=9.10.0,<10.0.0",
+    "ipython>=9.11.0,<10.0.0",
    "pre-commit>=4.5.1,<5.0.0",
-    "ruff>=0.15.0,<1.0.0",
+    "ruff>=0.15.5,<1.0.0",
    "djhtml>=3.0.10,<4.0.0",
-    "faker>=40.4.0,<41.0.0",
+    "faker>=40.8.0,<41.0.0",
    "rjsmin>=1.2.5,<2.0.0",
 ]
 tests = [
    "freezegun>=1.5.5,<2.0.0",
    "pytest>=9.0.2,<10.0.0",
    "pytest-cov>=7.0.0,<8.0.0",
-    "pytest-django<5.0.0,>=4.10.0",
-    "model-bakery<2.0.0,>=1.23.2",
+    "pytest-django<5.0.0,>=4.12.0",
+    "model-bakery<2.0.0,>=1.23.3",
    "beautifulsoup4>=4.14.3,<5",
    "lxml>=6.0.2,<7",
 ]
 docs = [
    "mkdocs<2.0.0,>=1.6.1",
-    "mkdocs-material>=9.7.1,<10.0.0",
+    "mkdocs-material>=9.7.5,<10.0.0",
    "mkdocstrings>=1.0.3,<2.0.0",
-    "mkdocstrings-python>=2.0.2,<3.0.0",
+    "mkdocstrings-python>=2.0.3,<3.0.0",
    "mkdocs-include-markdown-plugin>=7.2.1,<8.0.0",
 ]

--- a/sas/models.py
+++ b/sas/models.py
@@ -270,7 +270,11 @@ class PeoplePictureRelationQuerySet(models.QuerySet):
        if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID):
            return self
        if user.was_subscribed:
-            return self.filter(Q(user_id=user.id) | Q(user__is_viewable=True))
+            return self.filter(
+                Q(user_id=user.id)
+                | Q(user__is_viewable=True)
+                | Q(user__whitelisted_users=user)
+            )
        return self.filter(user_id=user.id)


--- a/sas/static/bundled/sas/viewer-index.ts
+++ b/sas/static/bundled/sas/viewer-index.ts
@@ -1,7 +1,6 @@
 import type TomSelect from "tom-select";
 import type { UserAjaxSelect } from "#core:core/components/ajax-select-index.ts";
 import { paginated } from "#core:utils/api.ts";
-import { exportToHtml } from "#core:utils/globals.ts";
 import { History } from "#core:utils/history.ts";
 import {
  type IdentifiedUserSchema,
--- a/sith/settings.py
+++ b/sith/settings.py
@@ -355,7 +355,6 @@ SITH_TWITTER = "@ae_utbm"
 # AE configuration
 SITH_MAIN_CLUB_ID = env.int("SITH_MAIN_CLUB_ID", default=1)
 SITH_PDF_CLUB_ID = env.int("SITH_PDF_CLUB_ID", default=2)
-SITH_LAUNDERETTE_CLUB_ID = env.int("SITH_LAUNDERETTE_CLUB_ID", default=84)

 # Main root for club pages
 SITH_CLUB_ROOT_PAGE = "clubs"
@@ -483,13 +482,6 @@ SITH_LOG_OPERATION_TYPE = [

 SITH_PEDAGOGY_UTBM_API = "https://extranet1.utbm.fr/gpedago/api/guide"

-SITH_ECOCUP_CONS = env.int("SITH_ECOCUP_CONS", default=1151)
-
-SITH_ECOCUP_DECO = env.int("SITH_ECOCUP_DECO", default=1152)
-
-# The limit is the maximum difference between cons and deco possible for a customer
-SITH_ECOCUP_LIMIT = 3
-
 # Defines pagination for cash summary
 SITH_COUNTER_CASH_SUMMARY_LENGTH = 50

@@ -512,7 +504,6 @@ SITH_PRODUCT_SUBSCRIPTION_ONE_SEMESTER = env.int(
 SITH_PRODUCT_SUBSCRIPTION_TWO_SEMESTERS = env.int(
    "SITH_PRODUCT_SUBSCRIPTION_TWO_SEMESTERS", default=2
 )
-SITH_PRODUCTTYPE_SUBSCRIPTION = env.int("SITH_PRODUCTTYPE_SUBSCRIPTION", default=2)

 # Number of weeks before the end of a subscription when the subscriber can resubscribe
 SITH_SUBSCRIPTION_END = 10
--- a/subscription/templates/subscription/subscription.jinja
+++ b/subscription/templates/subscription/subscription.jinja
@@ -6,14 +6,8 @@
  {% trans %}New subscription{% endtrans %}
 {% endblock %}

-{# The following statics are bundled with our autocomplete select.
-   However, if one tries to swap a form by another, then the urls in script-once
-   and link-once disappear.
-   So we give them here.
-   If the aforementioned bug is resolved, you can remove this. #}
 {% block additional_js %}
  <script type="module" src="{{ static('bundled/core/components/tabs-index.ts') }}"></script>
-  <script type="module" src="{{ static("bundled/core/components/ajax-select-index.ts") }}"></script>
  <script
    type="module"
    src="{{ static("bundled/subscription/creation-form-existing-user-index.ts") }}"
@@ -21,8 +15,6 @@
 {% endblock %}
 {% block additional_css %}
  <link rel="stylesheet" href="{{ static("core/components/tabs.scss") }}">
-  <link rel="stylesheet" href="{{ static("bundled/core/components/ajax-select-index.css") }}">
-  <link rel="stylesheet" href="{{ static("core/components/ajax-select.scss") }}">
  <link rel="stylesheet" href="{{ static("subscription/css/subscription.scss") }}">
 {% endblock %}

--- a/uv.lock
+++ b/uv.lock
--- a/vite.config.mts
+++ b/vite.config.mts
@@ -1,14 +1,17 @@
-// biome-ignore lint/correctness/noNodejsModules: this is backend side
 import { parse, resolve } from "node:path";
 import inject from "@rollup/plugin-inject";
 import { glob } from "glob";
-import type { Rollup } from "vite";
-import { type AliasOptions, defineConfig, type UserConfig } from "vite";
+import { visualizer } from "rollup-plugin-visualizer";
+import {
+  type AliasOptions,
+  defineConfig,
+  type PluginOption,
+  type Rollup,
+  type UserConfig,
+} from "vite";
 import tsconfig from "./tsconfig.json";

 const outDir = resolve(__dirname, "./staticfiles/generated/bundled");
-const vendored = resolve(outDir, "vendored");
-const nodeModules = resolve(__dirname, "node_modules");
 const collectedFiles = glob.sync(
  "./!(static)/static/bundled/**/*?(-)index.?(m)[j|t]s?(x)",
 );
@@ -42,7 +45,6 @@ function getRelativeAssetPath(path: string): string {
  return relativePath.join("/");
 }

-// biome-ignore lint/style/noDefaultExport: this is recommended by documentation
 export default defineConfig((config: UserConfig) => {
  return {
    base: "/static/bundled/",
@@ -86,6 +88,7 @@ export default defineConfig((config: UserConfig) => {
        Alpine: "alpinejs",
        htmx: "htmx.org",
      }),
+      visualizer({ filename: ".bundle-size-report.html" }) as PluginOption,
    ],
  } satisfies UserConfig;
 });
Author	SHA1	Message	Date
Sli	d26a154870	Fix link-once and script-once not triggering when another one disappears	2026-03-26 16:05:05 +01:00
Titouan	182cdbe590	Merge pull request #1324 from ae-utbm/eurock Eurock	2026-03-25 13:20:38 +01:00
TitouanDor	ac33a5e6b2	run pre-commit	2026-03-24 14:32:30 +01:00
TitouanDor	068bb9ab83	add widget eurock	2026-03-24 14:19:10 +01:00
thomas girod	f9910c3360	Merge pull request #1320 from ae-utbm/user-whitelist feat: whitelist for user visibility	2026-03-23 23:21:30 +01:00
imperosol	f0f8cc5604	add permission to AE board to see hidden users in populate	2026-03-23 23:03:53 +01:00
imperosol	2a8e810ad0	always show the show_my_stats input	2026-03-23 23:03:53 +01:00
imperosol	739a1bba47	Use whitelist for picture identifications	2026-03-23 23:03:53 +01:00
imperosol	180852a598	add explanation comment	2026-03-23 23:03:53 +01:00
imperosol	c3989a0016	add translations	2026-03-23 23:03:53 +01:00
imperosol	435c8f9612	include visibility settings in the user preferences page	2026-03-23 23:03:53 +01:00
imperosol	3d7f57b8da	feat: whitelist for user visibility	2026-03-23 23:03:53 +01:00
thomas girod	ffa0b94408	Merge pull request #1319 from ae-utbm/show-my-stats show user stats to subscribers if show_my_stats is enabled	2026-03-20 13:49:48 +01:00
thomas girod	22a1f4ba07	Merge pull request #1317 from ae-utbm/remove-settings remove unused settings	2026-03-20 13:47:22 +01:00
TitouanDor	76396cdeb0	add partnership with eurock in eboutic	2026-03-16 16:07:25 +01:00
imperosol	1c0b89bfc7	show user stats to subscribers if show_my_stats is enabled	2026-03-14 16:23:56 +01:00
thomas girod	d374ea9651	Merge pull request #1318 from ae-utbm/vite upgrade to vite 8	2026-03-13 09:48:42 +01:00
imperosol	10a4e71b7a	upgrade to vite 8 FASTER FASTER FASTER FASTER FASTER FASTER	2026-03-13 09:46:12 +01:00
imperosol	f1a60e589a	remove unused settings	2026-03-12 10:26:40 +01:00
thomas girod	00acda7ba3	Merge pull request #1316 from ae-utbm/update-deps Update deps	2026-03-12 08:32:13 +01:00
imperosol	1686a9da87	update JS deps	2026-03-11 22:41:51 +01:00
imperosol	83255945c4	update python deps	2026-03-11 22:30:36 +01:00
thomas girod	b4a6b6961b	Merge pull request #1307 from ae-utbm/counter-sellers Counter sellers	2026-03-11 18:09:49 +01:00
thomas girod	0f0702825e	Merge pull request #1281 from ae-utbm/test_election add test_election_form	2026-03-10 19:42:02 +01:00
imperosol	b74b1ac691	refactor TestElectionForm	2026-03-10 19:39:40 +01:00
TitouanDor	33d4a99a2c	move form test into a class TestElectionForm	2026-03-10 19:39:40 +01:00
TitouanDor	c154b311c3	add test with wrong data form	2026-03-10 19:39:40 +01:00
TitouanDor	fb8da93c68	add test_election_form	2026-03-10 19:39:40 +01:00
imperosol	4f84ec09d7	add tests	2026-03-10 19:26:05 +01:00
imperosol	7e649b40c5	add translation	2026-03-10 19:26:05 +01:00
imperosol	78c373f84e	differentiate regular and temporary barmen on the counter edit view	2026-03-09 16:04:46 +01:00
imperosol	a7c8b318bd	add fields to CounterSellers	2026-03-09 16:04:46 +01:00
imperosol	1701ab5f33	feat: custom through model for `Counter.sellers`	2026-03-09 16:04:46 +01:00