[UPDATE] Update celery requirement from <7,>=5.6.2 to >=5.6.3,<7

Updates the requirements on [celery](https://github.com/celery/celery) to permit the latest version.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/v5.6.3/Changelog.rst)
- [Commits](https://github.com/celery/celery/compare/v5.6.2...v5.6.3)

---
updated-dependencies:
- dependency-name: celery
  dependency-version: 5.6.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

core/management/commands/populate.py

@@ -16,7 +16,7 @@
 # details.
 #
 # You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
@@ -110,9 +110,7 @@ class Command(BaseCommand):
         p.save(force_lock=True)
 
         club_root = SithFile.objects.create(name="clubs", owner=root)
-        sas = SithFile.objects.create(
-            name="SAS", owner=root, id=settings.SITH_SAS_ROOT_DIR_ID
-        )
+        sas = SithFile.objects.create(name="SAS", owner=root)
         main_club = Club.objects.create(
             id=1, name="AE", address="6 Boulevard Anatole France, 90000 Belfort"
         )

core/models.py

@@ -131,9 +131,7 @@ class UserQuerySet(models.QuerySet):
         if user.has_perm("core.view_hidden_user"):
             return self
         if user.has_perm("core.view_user"):
-            return self.filter(
-                Q(is_viewable=True) | Q(whitelisted_users=user) | Q(pk=user.pk)
-            )
+            return self.filter(Q(is_viewable=True) | Q(whitelisted_users=user))
         if user.is_anonymous:
             return self.none()
         return self.filter(id=user.id)
@@ -886,10 +884,8 @@ class SithFile(models.Model):
         return self.get_parent_path() + "/" + self.name
 
     def save(self, *args, **kwargs):
-        sas_id = settings.SITH_SAS_ROOT_DIR_ID
-        self.is_in_sas = self.id == sas_id or any(
-            p.id == sas_id for p in self.get_parent_list()
-        )
+        sas = SithFile.objects.filter(id=settings.SITH_SAS_ROOT_DIR_ID).first()
+        self.is_in_sas = sas in self.get_parent_list() or self == sas
         adding = self._state.adding
         super().save(*args, **kwargs)
         if adding:

core/templates/core/base/notifications.jinja

@@ -1,13 +1,13 @@
 <div id="quick-notifications"
-     x-data='{
+     x-data="{
              messages: [
              {%- for message in messages -%}
                {%- if not message.extra_tags -%}
-                 { tag: {{ message.tags|string|tojson }}, text: {{ message|string|tojson }} },
+                 { tag: '{{ message.tags }}', text: '{{ message }}' },
                {%- endif -%}
              {%- endfor -%}
              ]
-             }'
+             }"
      @quick-notification-add="(e) => messages.push(e?.detail)"
      @quick-notification-delete="messages = []">
   <template x-for="(message, index) in messages">

core/tests/test_files.py

@@ -344,14 +344,3 @@ def test_quick_upload_image(
     assert (
         parsed["name"] == Path(file.name).stem[: QuickUploadImage.IMAGE_NAME_SIZE - 1]
     )
-
-
-@pytest.mark.django_db
-def test_populated_sas_is_in_sas():
-    """Test that, in the data generated by the populate command,
-    the SAS has value is_in_sas=True.
-
-    If it's not the case, it has no incidence in prod, but it's annoying
-    in dev and may cause misunderstandings.
-    """
-    assert SithFile.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID).is_in_sas

core/tests/test_user.py

@@ -410,20 +410,12 @@ class TestUserQuerySetViewableBy:
         assert set(viewable) == set(users)
 
     @pytest.mark.parametrize(
-        "user_factory",
-        [
-            old_subscriber_user.make,
-            lambda: old_subscriber_user.make(is_viewable=False),
-            subscriber_user.make,
-            lambda: subscriber_user.make(is_viewable=False),
-        ],
+        "user_factory", [old_subscriber_user.make, subscriber_user.make]
     )
-    def test_can_search(self, users: list[User], user_factory):
+    def test_subscriber(self, users: list[User], user_factory):
         user = user_factory()
-        viewable = User.objects.filter(
-            id__in=[u.id for u in [*users, user]]
-        ).viewable_by(user)
-        assert set(viewable) == {user, users[0], users[1]}
+        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
+        assert set(viewable) == {users[0], users[1]}
 
     def test_whitelist(self, users: list[User]):
         user = subscriber_user.make()

locale/fr/LC_MESSAGES/django.po

@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-25 01:00+0200\n"
+"POT-Creation-Date: 2026-03-23 22:21+0100\n"
 "PO-Revision-Date: 2016-07-18\n"
 "Last-Translator: Maréchal <thomas.girod@utbm.fr\n"
 "Language-Team: AE info <ae.info@utbm.fr>\n"
@@ -181,22 +181,6 @@ msgstr "Vous devez être cotisant pour faire partie d'un club"
 msgid "You are already a member of this club"
 msgstr "Vous êtes déjà membre de ce club."
 
-#: club/forms.py
-msgid "Club status"
-msgstr "État du club"
-
-#: club/forms.py
-msgid "Active"
-msgstr "Actif"
-
-#: club/forms.py
-msgid "Inactive"
-msgstr "Inactif"
-
-#: club/forms.py
-msgid "All clubs"
-msgstr "Tous les clubs"
-
 #: club/models.py
 msgid "slug name"
 msgstr "nom slug"
@@ -317,22 +301,37 @@ msgstr "Cet email est déjà abonné à cette mailing"
 msgid "Unregistered user"
 msgstr "Utilisateur non enregistré"
 
-#: club/templates/club/club_list.jinja
-msgid "The list of all clubs existing at UTBM."
-msgstr "La liste de tous les clubs existants à l'UTBM"
-
 #: club/templates/club/club_list.jinja
 msgid "Club list"
 msgstr "Liste des clubs"
 
+#: club/templates/club/club_list.jinja
+msgid "The list of all clubs existing at UTBM."
+msgstr "La liste de tous les clubs existants à l'UTBM"
+
 #: club/templates/club/club_list.jinja
 msgid "Filters"
 msgstr "Filtres"
 
-#: club/templates/club/club_list.jinja core/templates/core/base/header.jinja
-#: forum/templates/forum/macros.jinja matmat/templates/matmat/search_form.jinja
-msgid "Search"
-msgstr "Recherche"
+#: club/templates/club/club_list.jinja
+msgid "Name"
+msgstr "Nom"
+
+#: club/templates/club/club_list.jinja
+msgid "Club state"
+msgstr "Etat du club"
+
+#: club/templates/club/club_list.jinja
+msgid "Active"
+msgstr "Actif"
+
+#: club/templates/club/club_list.jinja
+msgid "Inactive"
+msgstr "Inactif"
+
+#: club/templates/club/club_list.jinja
+msgid "All clubs"
+msgstr "Tous les clubs"
 
 #: club/templates/club/club_list.jinja core/templates/core/user_tools.jinja
 msgid "New club"
@@ -1864,6 +1863,11 @@ msgstr "Connexion"
 msgid "Register"
 msgstr "Inscription"
 
+#: core/templates/core/base/header.jinja forum/templates/forum/macros.jinja
+#: matmat/templates/matmat/search_form.jinja
+msgid "Search"
+msgstr "Recherche"
+
 #: core/templates/core/base/header.jinja
 msgid "Logout"
 msgstr "Déconnexion"
@@ -4208,47 +4212,6 @@ msgstr ""
 msgid "this page"
 msgstr "cette page"
 
-#: eboutic/templates/eboutic/eboutic_main.jinja
-msgid "Eurockéennes 2025 partnership"
-msgstr "Partenariat Eurockéennes 2025"
-
-#: eboutic/templates/eboutic/eboutic_main.jinja
-msgid ""
-"Our partner uses Weezevent to sell tickets. Weezevent may collect user info "
-"according to its own privacy policy. By clicking the accept button you "
-"consent to their terms of services."
-msgstr ""
-"Notre partenaire utilises Wezevent pour vendre ses billets. Weezevent peut "
-"collecter des informations utilisateur conformément à sa propre politique de "
-"confidentialité. En cliquant sur le bouton d'acceptation vous consentez à "
-"leurs termes de service."
-
-#: eboutic/templates/eboutic/eboutic_main.jinja
-msgid "Privacy policy"
-msgstr "Politique de confidentialité"
-
-#: eboutic/templates/eboutic/eboutic_main.jinja
-#: trombi/templates/trombi/comment_moderation.jinja
-msgid "Accept"
-msgstr "Accepter"
-
-#: eboutic/templates/eboutic/eboutic_main.jinja
-msgid ""
-"You must be subscribed to benefit from the partnership with the Eurockéennes."
-msgstr ""
-"Vous devez être cotisant pour bénéficier du partenariat avec les "
-"Eurockéennes."
-
-#: eboutic/templates/eboutic/eboutic_main.jinja
-#, python-format
-msgid ""
-"This partnership offers a discount of up to 33%% on tickets for Friday, "
-"Saturday and Sunday, as well as the 3-day package from Friday to Sunday."
-msgstr ""
-"Ce partenariat permet de profiter d'une réduction jusqu'à 33%% sur les "
-"billets du vendredi, du samedi et du dimanche, ainsi qu'au forfait 3 jours, "
-"du vendredi au dimanche."
-
 #: eboutic/templates/eboutic/eboutic_main.jinja
 msgid "There are no items available for sale"
 msgstr "Aucun article n'est disponible à la vente"
@@ -5022,14 +4985,6 @@ msgstr "Envoyer les images"
 msgid "You already requested moderation for this picture."
 msgstr "Vous avez déjà déposé une demande de retrait pour cette photo."
 
-#: sas/forms.py
-msgid "Left"
-msgstr ""
-
-#: sas/forms.py
-msgid "Right"
-msgstr "Droite"
-
 #: sas/models.py
 msgid "picture"
 msgstr "photo"
@@ -5151,14 +5106,6 @@ msgstr "Photos de %(user_name)s"
 msgid "Download all my pictures"
 msgstr "Télécharger toutes mes photos"
 
-#: sas/views.py
-msgid ""
-"Newly rotated image might not be immediately displayed due to your web "
-"browser's cache"
-msgstr ""
-"Les images nouvellements pivotées peuvent ne pas s'afficher immédiatement "
-"à cause du cache de votre navigateur internet"
-
 #: sith/settings.py
 msgid "English"
 msgstr "Anglais"
@@ -5691,6 +5638,10 @@ msgstr "fin"
 msgid "Moderate Trombi comments"
 msgstr "Modérer les commentaires du Trombi"
 
+#: trombi/templates/trombi/comment_moderation.jinja
+msgid "Accept"
+msgstr "Accepter"
+
 #: trombi/templates/trombi/comment_moderation.jinja
 msgid "Reject"
 msgstr "Refuser"
@@ -5932,3 +5883,39 @@ msgstr "Vous ne pouvez plus écrire de commentaires, la date est passée."
 #, python-format
 msgid "Maximum characters: %(max_length)s"
 msgstr "Nombre de caractères max: %(max_length)s"
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid "Eurockéennes 2025 partnership"
+msgstr "Partenariat Eurockéennes 2025"
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid ""
+"Our partner uses Weezevent to sell tickets. Weezevent may collect user info "
+"according to its own privacy policy. By clicking the accept button you "
+"consent to their terms of services."
+msgstr ""
+"Notre partenaire utilises Wezevent pour vendre ses billets. Weezevent peut "
+"collecter des informations utilisateur conformément à sa propre politique de "
+"confidentialité. En cliquant sur le bouton d'acceptation vous consentez à "
+"leurs termes de service."
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid "Privacy policy"
+msgstr "Politique de confidentialité"
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+msgid ""
+"You must be subscribed to benefit from the partnership with the Eurockéennes."
+msgstr ""
+"Vous devez être cotisant pour bénéficier du partenariat avec les "
+"Eurockéennes."
+
+#: eboutic/templates/eboutic/eboutic_main.jinja
+#, python-format
+msgid ""
+"This partnership offers a discount of up to 33%% on tickets for Friday, "
+"Saturday and Sunday, as well as the 3-day package from Friday to Sunday."
+msgstr ""
+"Ce partenariat permet de profiter d'une réduction jusqu'à 33%% sur les "
+"billets du vendredi, du samedi et du dimanche, ainsi qu'au forfait 3 jours, "
+"du vendredi au dimanche."

pyproject.toml

@@ -49,7 +49,7 @@ dependencies = [
     "requests>=2.32.5,<3.0.0",
     "honcho>=2.0.0",
     "psutil>=7.2.2,<8.0.0",
-    "celery[redis]>=5.6.2,<7",
+    "celery[redis]>=5.6.3,<7",
     "django-celery-results>=2.5.1",
     "django-celery-beat>=2.9.0",
 ]

sas/forms.py

@@ -50,15 +50,13 @@ class AlbumEditForm(forms.ModelForm):
         model = Album
         fields = ["name", "date", "file", "parent", "edit_groups"]
         widgets = {
+            "parent": AutoCompleteSelectAlbum,
             "edit_groups": AutoCompleteSelectMultipleGroup,
         }
 
     name = forms.CharField(max_length=Album.NAME_MAX_LENGTH, label=_("file name"))
     date = forms.DateField(label=_("Date"), widget=SelectDate, required=True)
     recursive = forms.BooleanField(label=_("Apply rights recursively"), required=False)
-    parent = forms.ModelChoiceField(
-        Album.objects.all(), required=True, widget=AutoCompleteSelectAlbum
-    )
 
 
 class PictureModerationRequestForm(forms.ModelForm):
@@ -90,10 +88,3 @@ class PictureModerationRequestForm(forms.ModelForm):
         self.instance.author = self.user
         self.instance.picture = self.picture
         return super().save(commit)
-
-
-class PictureRotationForm(forms.Form):
-    picture = forms.ModelChoiceField(Picture.objects.all(), required=True)
-    direction = forms.ChoiceField(
-        choices=[("LEFT", _("Left")), ("RIGHT", _("Right"))], required=True
-    )

sas/models.py

@@ -139,20 +139,20 @@ class Picture(SasFile):
         self.compressed.name = new_extension_name
 
     def rotate(self, degree):
-        im = Image.open(BytesIO(self.file.read()))
-        self.file.seek(0)
-        with open(self.file.path, "r+b") as f:
+        for attr in ["file", "compressed", "thumbnail"]:
+            name = self.__getattribute__(attr).name
+            with open(settings.MEDIA_ROOT / name, "r+b") as file:
+                if file:
+                    im = Image.open(BytesIO(file.read()))
+                    file.seek(0)
                     im = im.rotate(degree, expand=True)
                     im.save(
-                fp=f,
+                        fp=file,
                         format=self.mime_type.split("/")[-1].upper(),
                         quality=90,
                         optimize=True,
                         progressive=True,
                     )
-        self.file.seek(0)
-        self.generate_thumbnails(overwrite=True)
-        self.save()
 
     def get_next(self):
         if self.is_moderated:

sas/static/sas/css/picture.scss

@@ -134,7 +134,7 @@
           --loading-size: 20px
         }
 
-        @media (min-width: 700px) and (max-width: 1000px) {
+        @media (max-width: 1000px) {
           max-width: calc(50% - 5px);
         }
 
@@ -191,9 +191,7 @@
     }
 
     >form {
-
-      input,
-      .ts-wrapper {
+      input, .ts-wrapper {
         min-width: 100%;
         max-width: 100%;
         margin: 5px;
@@ -203,65 +201,57 @@
   }
 }
 
-#pict .general {
+.general {
   display: flex;
   flex-direction: row;
-  gap: 3em;
-  justify-content: space-evenly;
+  gap: 20px;
 
   @media (max-width: 1000px) {
-    gap: 1em;
     flex-direction: column;
   }
 
-  .infos,
-  .tools {
-    flex: 1;
+  >.infos {
     display: flex;
     flex-direction: column;
-    gap: .5em;
+    width: 50%;
 
-    @media (min-width: 700px) {
-      max-width: 350px;
-    }
-  }
-
-  .infos>div,
-  .tools>div>div {
-    display: flex;
-    flex-direction: column;
-    gap: .35em;
-  }
-
-  .tools>div,
-  >.infos>div>div {
+    >div>div {
       display: flex;
       flex-direction: row;
       justify-content: space-between;
+
+      >*:first-child {
+        min-width: 150px;
+
+        @media (max-width: 1000px) {
+          min-width: auto;
+        }
+      }
+    }
   }
 
   >.tools {
-    flex: 1;
-
-    >div>div {
-
-      >form {
-        margin: 0;
-        padding: 0;
     display: flex;
-      }
+    flex-direction: column;
+    width: 50%;
 
-      >a.btn,
-      >form>button {
+    >div {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+
+      >div {
+        >a.button {
+          box-sizing: border-box;
           background-color: $primary-neutral-light-color;
           display: flex;
           justify-content: center;
           align-items: center;
-        padding: 0;
+          padding: 10px;
           color: black;
+          border-radius: 5px;
           width: 40px;
           height: 40px;
-        font-size: 20px;
 
           &:hover {
             background-color: #aaa;
@@ -278,9 +268,9 @@
 
         &.buttons {
           display: flex;
-        flex-direction: row;
           gap: 5px;
         }
       }
     }
+  }
 }

sas/templates/sas/main.jinja

@@ -12,17 +12,6 @@
   {% trans %}See all the photos taken during events organised by the AE.{% endtrans %}
 {%- endblock %}
 
-{% block metatags %}
-  <meta property="og:url" content="{{ request.build_absolute_uri() }}" />
-  <meta property="og:type" content="website" />
-  <meta property="og:title" content="Stock à souvenirs" />
-  <meta
-    property="og:description"
-    content="Retrouvez toutes les photos prises durant les événements organisés par l'AE."
-  />
-  <meta property="og:image" content="{{ request.build_absolute_uri(static("core/img/logo_no_text.png")) }}" />
-{% endblock %}
-
 {% set is_sas_admin = user.is_root or user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID) %}
 
 {% from "sas/macros.jinja" import display_album %}

sas/templates/sas/picture.jinja

@@ -118,35 +118,15 @@
                 <a class="text" :href="currentPicture.full_size_url">
                   {% trans %}HD version{% endtrans %}
                 </a>
-                <a class="text danger " :href="currentPicture.report_url">
+                <br>
+                <a class="text danger" :href="currentPicture.report_url">
                   {% trans %}Ask for removal{% endtrans %}
                 </a>
               </div>
-              <div class="buttons"
-              >
-                <a
-                  class="btn btn-no-text"
-                  :href="currentPicture.edit_url"
-                  x-show="{{ user.has_perm("sas.change_sasfile")|tojson }} || currentPicture.owner.id === {{ user.id }}"
-                >
-                  <i class="fa-regular fa-pen-to-square edit-action"></i>
-                </a>
-                <form method="post" action="{{ url("sas:picture_rotate") }}"
-                      x-show="{{ user.has_perm("sas.change_sasfile")|tojson}}"
-                >
-                  {% csrf_token %}
-                  <input type="hidden" name="picture" :value="currentPicture.id">
-                  <input type="hidden" name="direction" value="LEFT">
-                  <button><i class="fa-solid fa-rotate-left"></i></button>
-                </form>
-                <form method="post" action="{{ url("sas:picture_rotate") }}"
-                      x-show="{{ user.has_perm("sas.change_sasfile")|tojson}}"
-                >
-                  {% csrf_token %}
-                  <input type="hidden" name="picture" :value="currentPicture.id">
-                  <input type="hidden" name="direction" value="RIGHT">
-                  <button><i class="fa-solid fa-rotate-right"></i></button>
-                </form>
+              <div class="buttons">
+                <a class="button" :href="currentPicture.edit_url"><i class="fa-regular fa-pen-to-square edit-action"></i></a>
+                <a class="button" href="?rotate_left"><i class="fa-solid fa-rotate-left"></i></a>
+                <a class="button" href="?rotate_right"><i class="fa-solid fa-rotate-right"></i></a>
               </div>
             </div>
           </div>

sas/tests/test_views.py

@@ -12,25 +12,20 @@
 # OR WITHIN THE LOCAL FILE "LICENSE"
 #
 #
-from io import BytesIO
 from typing import Callable
 
 import pytest
 from bs4 import BeautifulSoup
 from django.conf import settings
 from django.core.cache import cache
-from django.core.files.base import ContentFile
 from django.test import Client, TestCase
 from django.urls import reverse
-from django.utils.timezone import localdate
 from model_bakery import baker
-from PIL import Image
 from pytest_django.asserts import assertHTMLEqual, assertInHTML, assertRedirects
 
 from core.baker_recipes import old_subscriber_user, subscriber_user
 from core.models import Group, User
 from sas.baker_recipes import picture_recipe
-from sas.forms import AlbumEditForm
 from sas.models import Album, Picture
 
 # Create your tests here.
@@ -69,25 +64,6 @@ def test_main_page_no_form_for_regular_users(client: Client):
     assert len(forms) == 0
 
 
-@pytest.mark.django_db
-def test_main_page_displayed_albums(client: Client):
-    """Test that the right data is displayed on the SAS main page"""
-    sas = Album.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID)
-    Album.objects.exclude(id=sas.id).delete()
-    album_a = baker.make(Album, parent=sas, is_moderated=True)
-    album_b = baker.make(Album, parent=album_a, is_moderated=True)
-    album_c = baker.make(Album, parent=sas, is_moderated=True)
-    baker.make(Album, parent=sas, is_moderated=False)
-    client.force_login(subscriber_user.make())
-    res = client.get(reverse("sas:main"))
-    # album_b is not a direct child of the SAS, so it shouldn't be displayed
-    # in the categories, but it should appear in the latest albums.
-    # album_d isn't moderated, so it shouldn't appear at all for a simple user.
-    # Also, the SAS itself shouldn't be listed in the albums.
-    assert res.context_data["latest"] == [album_c, album_b, album_a]
-    assert res.context_data["categories"] == [album_a, album_c]
-
-
 @pytest.mark.django_db
 def test_main_page_content_anonymous(client: Client):
     """Test that public users see only an incentive to login"""
@@ -113,15 +89,6 @@ def test_album_access_non_subscriber(client: Client):
     assert res.status_code == 200
 
 
-@pytest.mark.django_db
-def test_accessing_sas_from_album_view_is_404(client: Client):
-    """Test that trying to see the SAS with a regular album view isn't allowed."""
-    res = client.get(
-        reverse("sas:album", kwargs={"album_id": settings.SITH_SAS_ROOT_DIR_ID})
-    )
-    assert res.status_code == 404
-
-
 @pytest.mark.django_db
 class TestAlbumUpload:
     @staticmethod
@@ -166,227 +133,6 @@ class TestAlbumUpload:
         assert not album.children.exists()
 
 
-@pytest.mark.django_db
-class TestAlbumEdit:
-    @pytest.fixture
-    def sas_root(self) -> Album:
-        return Album.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID)
-
-    @pytest.fixture
-    def album(self) -> Album:
-        return baker.make(
-            Album, parent_id=settings.SITH_SAS_ROOT_DIR_ID, is_moderated=True
-        )
-
-    @pytest.mark.parametrize(
-        "user",
-        [None, lambda: baker.make(User), subscriber_user.make],
-    )
-    def test_permission_denied(
-        self,
-        client: Client,
-        album: Album,
-        user: Callable[[], User] | None,
-    ):
-        if user:
-            client.force_login(user())
-
-        url = reverse("sas:album_edit", kwargs={"album_id": album.pk})
-        response = client.get(url)
-        assert response.status_code == 403
-        response = client.post(url)
-        assert response.status_code == 403
-
-    def test_sas_root_read_only(self, client: Client, sas_root: Album):
-        moderator = baker.make(
-            User, groups=[Group.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
-        )
-        client.force_login(moderator)
-        url = reverse("sas:album_edit", kwargs={"album_id": sas_root.pk})
-        response = client.get(url)
-        assert response.status_code == 404
-        response = client.post(url)
-        assert response.status_code == 404
-
-    @pytest.mark.parametrize(
-        ("excluded", "is_valid"),
-        [
-            ("name", False),
-            ("date", False),
-            ("file", True),
-            ("parent", False),
-            ("edit_groups", True),
-            ("recursive", True),
-        ],
-    )
-    def test_form_required(self, album: Album, excluded: str, is_valid: bool):  # noqa: FBT001
-        data = {
-            "name": album.name[: Album.NAME_MAX_LENGTH],
-            "parent": baker.make(Album, parent=album.parent, is_moderated=True).pk,
-            "date": localdate().strftime("%Y-%m-%d"),
-            "file": "/random/path",
-            "edit_groups": [settings.SITH_GROUP_SAS_ADMIN_ID],
-            "recursive": False,
-        }
-        del data[excluded]
-        assert AlbumEditForm(data=data).is_valid() == is_valid
-
-    def test_form_album_name(self, album: Album):
-        data = {
-            "name": album.name[: Album.NAME_MAX_LENGTH],
-            "parent": album.pk,
-            "date": localdate().strftime("%Y-%m-%d"),
-        }
-        assert AlbumEditForm(data=data).is_valid()
-
-        data["name"] = album.name[: Album.NAME_MAX_LENGTH + 1]
-        assert not AlbumEditForm(data=data).is_valid()
-
-    def test_update_recursive_parent(self, client: Client, album: Album):
-        client.force_login(baker.make(User, is_superuser=True))
-
-        payload = {
-            "name": album.name[: Album.NAME_MAX_LENGTH],
-            "parent": album.pk,
-            "date": localdate().strftime("%Y-%m-%d"),
-        }
-        response = client.post(
-            reverse("sas:album_edit", kwargs={"album_id": album.pk}), payload
-        )
-        assertInHTML("<li>Boucle dans l'arborescence des dossiers</li>", response.text)
-        assert response.status_code == 200
-
-    @pytest.mark.parametrize(
-        "user",
-        [
-            lambda: baker.make(User, is_superuser=True),
-            lambda: baker.make(
-                User, groups=[Group.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
-            ),
-        ],
-    )
-    @pytest.mark.parametrize(
-        "parent",
-        [
-            lambda: baker.make(
-                Album, parent_id=settings.SITH_SAS_ROOT_DIR_ID, is_moderated=True
-            ),
-            lambda: Album.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID),
-        ],
-    )
-    def test_update(
-        self,
-        client: Client,
-        album: Album,
-        sas_root: Album,
-        user: Callable[[], User],
-        parent: Callable[[], Album],
-    ):
-        client.force_login(user())
-        expected_redirect = reverse("sas:album", kwargs={"album_id": album.pk})
-        payload = {
-            "name": album.name[: Album.NAME_MAX_LENGTH],
-            "parent": parent().id,
-            "date": localdate().strftime("%Y-%m-%d"),
-            "recursive": False,
-        }
-        response = client.post(
-            reverse("sas:album_edit", kwargs={"album_id": album.pk}), payload
-        )
-        assertRedirects(response, expected_redirect)
-        album.refresh_from_db()
-        assert album.name == payload["name"]
-        assert album.parent.id == payload["parent"]
-        assert localdate(album.date) == localdate()
-
-
-@pytest.mark.django_db
-class TestPictureRotation:
-    @pytest.fixture
-    def picture(self) -> Picture:
-        # Creating a fake image from scratch is painful
-        # One of the base image in the test set is good enough
-        return Picture.objects.get(name="sli.jpg")
-
-    def load_image(self, file: ContentFile) -> Image.Image:
-        file.seek(0)
-        im = Image.open(BytesIO(file.read()))
-        file.seek(0)
-        return im
-
-    @pytest.mark.parametrize(
-        "user",
-        [
-            None,
-            lambda: baker.make(User),
-            subscriber_user.make,
-            old_subscriber_user.make,
-        ],
-    )
-    def test_permission_denied(
-        self,
-        client: Client,
-        picture: Picture,
-        user: Callable[[], User] | None,
-    ):
-        if user:
-            client.force_login(user())
-
-        payload = {
-            "picture": picture.pk,
-            "direction": "LEFT",
-        }
-        url = reverse("sas:picture_rotate")
-        response = client.post(url, payload)
-        if user:
-            assert response.status_code == 403
-        else:
-            assertRedirects(
-                response,
-                reverse(
-                    "core:login",
-                    query={
-                        "next": url,
-                    },
-                ),
-            )
-
-    @pytest.mark.parametrize(
-        "user",
-        [
-            lambda: baker.make(User, is_superuser=True),
-            lambda: baker.make(
-                User, groups=[Group.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
-            ),
-        ],
-    )
-    def test_rotation(
-        self,
-        client: Client,
-        picture: Picture,
-        user: Callable[[], User],
-    ):
-        client.force_login(user())
-
-        payload = {
-            "picture": picture.pk,
-            "direction": "LEFT",
-        }
-        response = client.post(reverse("sas:picture_rotate"), payload)
-        assertRedirects(
-            response, reverse("sas:picture", kwargs={"picture_id": picture.pk})
-        )
-
-        payload = {
-            "picture": picture.pk,
-            "direction": "RIGHT",
-        }
-        response = client.post(reverse("sas:picture_rotate"), payload)
-        assertRedirects(
-            response, reverse("sas:picture", kwargs={"picture_id": picture.pk})
-        )
-
-
 class TestSasModeration(TestCase):
     @classmethod
     def setUpTestData(cls):

sas/urls.py

@@ -22,7 +22,6 @@ from sas.views import (
     ModerationView,
     PictureAskRemovalView,
     PictureEditView,
-    PictureRotateView,
     PictureView,
     SASMainView,
     UserPicturesView,
@@ -53,7 +52,6 @@ urlpatterns = [
         send_compressed,
         name="download_compressed",
     ),
-    path("picture/rotate", PictureRotateView.as_view(), name="picture_rotate"),
     path("picture/<int:picture_id>/download/thumb/", send_thumb, name="download_thumb"),
     path(
         "user/<int:user_id>/pictures/", UserPicturesView.as_view(), name="user_pictures"

sas/views.py

@@ -15,14 +15,12 @@
 from typing import Any
 
 from django.conf import settings
-from django.contrib import messages
 from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.db.models import Count, OuterRef, Subquery
 from django.http import Http404, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.safestring import SafeString
-from django.utils.translation import gettext_lazy as _
 from django.views.generic import CreateView, DetailView, TemplateView
 from django.views.generic.edit import FormView, UpdateView
 
@@ -37,7 +35,6 @@ from sas.forms import (
     AlbumEditForm,
     PictureEditForm,
     PictureModerationRequestForm,
-    PictureRotationForm,
     PictureUploadForm,
 )
 from sas.models import Album, PeoplePictureRelation, Picture
@@ -88,9 +85,7 @@ class SASMainView(UseFragmentsMixin, TemplateView):
         kwargs["categories"] = list(
             albums_qs.filter(parent_id=settings.SITH_SAS_ROOT_DIR_ID).order_by("id")
         )
-        kwargs["latest"] = list(
-            albums_qs.exclude(id=settings.SITH_SAS_ROOT_DIR_ID).order_by("-id")[:5]
-        )
+        kwargs["latest"] = list(albums_qs.order_by("-id")[:5])
         return kwargs
 
 
@@ -99,39 +94,20 @@ class PictureView(CanViewMixin, DetailView):
     pk_url_kwarg = "picture_id"
     template_name = "sas/picture.jinja"
 
+    def get(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        if "rotate_right" in request.GET:
+            self.object.rotate(270)
+        if "rotate_left" in request.GET:
+            self.object.rotate(90)
+        return super().get(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         return super().get_context_data(**kwargs) | {
             "album": Album.objects.get(children=self.object)
         }
 
 
-class PictureRotateView(PermissionRequiredMixin, FormView):
-    form_class = PictureRotationForm
-    template_name = "core/edit.jinja"
-    permission_required = "sas.moderate_sasfile"
-
-    def form_valid(self, form: PictureRotationForm):
-        angles = {"RIGHT": 270, "LEFT": 90}
-        cleaned = form.clean()
-        cleaned["picture"].rotate(angles[cleaned["direction"]])
-        self._success_url = reverse(
-            "sas:picture",
-            kwargs={
-                "picture_id": cleaned["picture"].pk,
-            },
-        )
-        messages.warning(
-            self.request,
-            _(
-                "Newly rotated image might not be immediately displayed due to your web browser's cache"
-            ),
-        )
-        return super().form_valid(form)
-
-    def get_success_url(self):
-        return self._success_url
-
-
 def send_album(request, album_id):
     return send_file(request, album_id, Album)
 
@@ -150,9 +126,6 @@ def send_thumb(request, picture_id):
 
 class AlbumView(CanViewMixin, UseFragmentsMixin, DetailView):
     model = Album
-    # exclude the SAS from the album accessible with this view
-    # the SAS can be viewed only with SASMainView
-    queryset = Album.objects.exclude(id=settings.SITH_SAS_ROOT_DIR_ID)
     pk_url_kwarg = "album_id"
     template_name = "sas/album.jinja"
 
@@ -289,7 +262,6 @@ class PictureAskRemovalView(CanViewMixin, DetailView, FormView):
 
 class AlbumEditView(CanEditMixin, UpdateView):
     model = Album
-    queryset = Album.objects.exclude(id=settings.SITH_SAS_ROOT_DIR_ID)
     form_class = AlbumEditForm
     template_name = "core/edit.jinja"
     pk_url_kwarg = "album_id"