[UPDATE] Update ical requirement from <12,>=11.1.0 to >=11.1.0,<13

Updates the requirements on [ical](https://github.com/allenporter/ical) to permit the latest version.
- [Release notes](https://github.com/allenporter/ical/releases)
- [Commits](https://github.com/allenporter/ical/compare/11.1.0...12.0.0)

---
updated-dependencies:
- dependency-name: ical
  dependency-version: 12.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

api/hashers.py

@@ -8,7 +8,7 @@ from django.utils.crypto import constant_time_compare
 
 class Sha512ApiKeyHasher(BasePasswordHasher):
     """
-    An API key hasher using the sha512 algorithm.
+    An API key hasher using the sha256 algorithm.
 
     This hasher shouldn't be used in Django's `PASSWORD_HASHERS` setting.
     It is insecure for use in hashing passwords, but is safe for hashing

club/schemas.py

@@ -1,16 +1,18 @@
 from typing import Annotated
 
+from annotated_types import MinLen
 from django.db.models import Q
-from ninja import FilterLookup, FilterSchema, ModelSchema
+from ninja import Field, FilterSchema, ModelSchema
 
 from club.models import Club, Membership
-from core.schemas import NonEmptyStr, SimpleUserSchema
+from core.schemas import SimpleUserSchema
 
 
 class ClubSearchFilterSchema(FilterSchema):
-    search: Annotated[NonEmptyStr | None, FilterLookup("name__icontains")] = None
+    search: Annotated[str, MinLen(1)] | None = Field(None, q="name__icontains")
     is_active: bool | None = None
     parent_id: int | None = None
+    parent_name: str | None = Field(None, q="parent__name__icontains")
     exclude_ids: set[int] | None = None
 
     def filter_exclude_ids(self, value: set[int] | None):

club/tests/test_membership.py

@@ -7,7 +7,7 @@ from django.conf import settings
 from django.contrib.auth.models import Permission
 from django.core.cache import cache
 from django.db.models import Max
-from django.test import Client, TestCase
+from django.test import TestCase
 from django.urls import reverse
 from django.utils.timezone import localdate, localtime, now
 from model_bakery import baker
@@ -532,35 +532,6 @@ class TestMembership(TestClub):
         assert new_board == initial_board
 
 
-@pytest.mark.django_db
-def test_membership_set_old(client: Client):
-    membership = baker.make(Membership, end_date=None, user=(subscriber_user.make()))
-    client.force_login(membership.user)
-    response = client.post(
-        reverse("club:membership_set_old", kwargs={"membership_id": membership.id})
-    )
-    assertRedirects(
-        response, reverse("core:user_clubs", kwargs={"user_id": membership.user_id})
-    )
-    membership.refresh_from_db()
-    assert membership.end_date == localdate()
-
-
-@pytest.mark.django_db
-def test_membership_delete(client: Client):
-    user = baker.make(User, is_superuser=True)
-    membership = baker.make(Membership)
-    client.force_login(user)
-    url = reverse("club:membership_delete", kwargs={"membership_id": membership.id})
-    response = client.get(url)
-    assert response.status_code == 200
-    response = client.post(url)
-    assertRedirects(
-        response, reverse("core:user_clubs", kwargs={"user_id": membership.user_id})
-    )
-    assert not Membership.objects.filter(id=membership.id).exists()
-
-
 @pytest.mark.django_db
 class TestJoinClub:
     @pytest.fixture(autouse=True)

club/views.py

@@ -34,7 +34,7 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
 from django.core.paginator import InvalidPage, Paginator
 from django.db.models import F, Q, Sum
-from django.http import Http404, StreamingHttpResponse
+from django.http import Http404, HttpResponseRedirect, StreamingHttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
@@ -43,7 +43,6 @@ from django.utils.timezone import now
 from django.utils.translation import gettext
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DetailView, ListView, View
-from django.views.generic.detail import SingleObjectMixin
 from django.views.generic.edit import CreateView, DeleteView, UpdateView
 
 from club.forms import (
@@ -545,17 +544,33 @@ class ClubCreateView(PermissionRequiredMixin, CreateView):
     permission_required = "club.add_club"
 
 
-class MembershipSetOldView(CanEditMixin, SingleObjectMixin, View):
-    """Set a membership as being old."""
+class MembershipSetOldView(CanEditMixin, DetailView):
+    """Set a membership as beeing old."""
 
     model = Membership
     pk_url_kwarg = "membership_id"
 
-    def post(self, *_args, **_kwargs):
+    def get(self, request, *args, **kwargs):
         self.object = self.get_object()
         self.object.end_date = timezone.now()
         self.object.save()
-        return redirect("core:user_clubs", user_id=self.object.user_id)
+        return HttpResponseRedirect(
+            reverse(
+                "club:club_members",
+                args=self.args,
+                kwargs={"club_id": self.object.club.id},
+            )
+        )
+
+    def post(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        return HttpResponseRedirect(
+            reverse(
+                "club:club_members",
+                args=self.args,
+                kwargs={"club_id": self.object.club.id},
+            )
+        )
 
 
 class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
@@ -567,7 +582,7 @@ class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
     permission_required = "club.delete_membership"
 
     def get_success_url(self):
-        return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user_id})
+        return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})
 
 
 class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):

com/schemas.py

@@ -1,9 +1,9 @@
 from datetime import datetime
-from typing import Annotated
 
-from ninja import FilterLookup, FilterSchema, ModelSchema
+from ninja import FilterSchema, ModelSchema
 from ninja_extra import service_resolver
 from ninja_extra.context import RouteContext
+from pydantic import Field
 
 from club.schemas import ClubProfileSchema
 from com.models import News, NewsDate
@@ -11,12 +11,12 @@ from core.markdown import markdown
 
 
 class NewsDateFilterSchema(FilterSchema):
-    before: Annotated[datetime | None, FilterLookup("end_date__lt")] = None
-    after: Annotated[datetime | None, FilterLookup("start_date__gt")] = None
-    club_id: Annotated[int | None, FilterLookup("news__club_id")] = None
+    before: datetime | None = Field(None, q="end_date__lt")
+    after: datetime | None = Field(None, q="start_date__gt")
+    club_id: int | None = Field(None, q="news__club_id")
     news_id: int | None = None
-    is_published: Annotated[bool | None, FilterLookup("news__is_published")] = None
-    title: Annotated[str | None, FilterLookup("news__title__icontains")] = None
+    is_published: bool | None = Field(None, q="news__is_published")
+    title: str | None = Field(None, q="news__title__icontains")
 
 
 class NewsSchema(ModelSchema):

com/tests/test_api.py

@@ -1,3 +1,4 @@
+from dataclasses import dataclass
 from datetime import timedelta
 from pathlib import Path
 
@@ -17,6 +18,16 @@ from core.markdown import markdown
 from core.models import User
 
 
+@dataclass
+class MockResponse:
+    ok: bool
+    value: str
+
+    @property
+    def content(self):
+        return self.value.encode("utf8")
+
+
 def accel_redirect_to_file(response: HttpResponse) -> Path | None:
     redirect = Path(response.headers.get("X-Accel-Redirect", ""))
     if not redirect.is_relative_to(Path("/") / settings.MEDIA_ROOT.stem):

core/api.py

@@ -1,6 +1,6 @@
 from typing import Annotated, Any, Literal
 
-from annotated_types import Ge, Le, MinLen
+import annotated_types
 from django.conf import settings
 from django.db.models import F
 from django.http import HttpResponse
@@ -28,7 +28,6 @@ from core.schemas import (
     UserSchema,
 )
 from core.templatetags.renderer import markdown
-from counter.utils import is_logged_in_counter
 
 
 @api_controller("/markdown")
@@ -73,7 +72,7 @@ class MailingListController(ControllerBase):
 
 @api_controller("/user")
 class UserController(ControllerBase):
-    @route.get("", response=list[UserProfileSchema])
+    @route.get("", response=list[UserProfileSchema], permissions=[CanAccessLookup])
     def fetch_profiles(self, pks: Query[set[int]]):
         return User.objects.viewable_by(self.context.request.user).filter(pk__in=pks)
 
@@ -86,18 +85,15 @@ class UserController(ControllerBase):
         "/search",
         response=PaginatedResponseSchema[UserProfileSchema],
         url_name="search_users",
-        # logged in barmen aren't authenticated stricto sensu, so no auth here
-        auth=None,
+        permissions=[CanAccessLookup],
     )
     @paginate(PageNumberPaginationExtra, page_size=20)
     def search_users(self, filters: Query[UserFilterSchema]):
-        qs = User.objects
-        # the logged in barmen can see all users (even the hidden one),
-        # because they have a temporary administrative function during
-        # which they may have to deal with hidden users
-        if not is_logged_in_counter(self.context.request):
-            qs = qs.viewable_by(self.context.request.user)
-        return filters.filter(qs.order_by(F("last_login").desc(nulls_last=True)))
+        return filters.filter(
+            User.objects.viewable_by(self.context.request.user).order_by(
+                F("last_login").desc(nulls_last=True)
+            )
+        )
 
 
 @api_controller("/file")
@@ -109,7 +105,7 @@ class SithFileController(ControllerBase):
         permissions=[CanAccessLookup],
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_files(self, search: Annotated[str, MinLen(1)]):
+    def search_files(self, search: Annotated[str, annotated_types.MinLen(1)]):
         return SithFile.objects.filter(is_in_sas=False).filter(name__icontains=search)
 
 
@@ -122,11 +118,11 @@ class GroupController(ControllerBase):
         permissions=[CanAccessLookup],
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_group(self, search: Annotated[str, MinLen(1)]):
+    def search_group(self, search: Annotated[str, annotated_types.MinLen(1)]):
         return Group.objects.filter(name__icontains=search).values()
 
 
-DepthValue = Annotated[int, Ge(0), Le(10)]
+DepthValue = Annotated[int, annotated_types.Ge(0), annotated_types.Le(10)]
 DEFAULT_DEPTH = 4
 
 

core/models.py

@@ -23,13 +23,12 @@
 #
 from __future__ import annotations
 
-import difflib
 import string
 import unicodedata
 from datetime import timedelta
 from io import BytesIO
 from pathlib import Path
-from typing import TYPE_CHECKING, Final, Self
+from typing import TYPE_CHECKING, Self
 from uuid import uuid4
 
 from django.conf import settings
@@ -1345,9 +1344,6 @@ class PageRev(models.Model):
     The content is in PageRev.title and PageRev.content .
     """
 
-    MERGE_TIME_THRESHOLD: Final[timedelta] = timedelta(minutes=20)
-    MERGE_DIFF_THRESHOLD: Final[float] = 0.2
-
     revision = models.IntegerField(_("revision"))
     title = models.CharField(_("page title"), max_length=255, blank=True)
     content = models.TextField(_("page content"), blank=True)
@@ -1389,32 +1385,6 @@ class PageRev(models.Model):
     def is_owned_by(self, user: User) -> bool:
         return any(g.id == self.page.owner_group_id for g in user.cached_groups)
 
-    def similarity_ratio(self, text: str) -> float:
-        """Similarity ratio between this revision's content and the given text.
-
-        The result is a float in [0; 1], 0 meaning the contents are entirely different,
-        and 1 they are strictly the same.
-        """
-        # cf. https://docs.python.org/3/library/difflib.html#difflib.SequenceMatcher.ratio
-        return difflib.SequenceMatcher(None, self.content, text).quick_ratio()
-
-    def should_merge(self, other: Self) -> bool:
-        """Return True if `other` should be merged into `self`, else False.
-
-        It's considered the other revision should be merged into this one if :
-
-        - it was made less than 20 minutes after
-        - by the same author
-        - with a similarity ratio higher than 80%
-        """
-        return (
-            not self._state.adding  # cannot merge if the original rev doesn't exist
-            and self.author == other.author
-            and (other.date - self.date) < self.MERGE_TIME_THRESHOLD
-            and (not other._state.adding or other.revision == self.revision + 1)
-            and self.similarity_ratio(other.content) >= (1 - other.MERGE_DIFF_THRESHOLD)
-        )
-
 
 def get_notification_types():
     return settings.SITH_NOTIFICATIONS

core/schemas.py

@@ -15,8 +15,6 @@ from pydantic_core.core_schema import ValidationInfo
 from core.models import Group, QuickUploadImage, SithFile, User
 from core.utils import is_image
 
-NonEmptyStr = Annotated[str, MinLen(1)]
-
 
 class UploadedImage(UploadedFile):
     @classmethod

core/static/core/colors.scss

@@ -21,8 +21,6 @@ $secondary-neutral-dark-color: hsl(40, 57.6%, 17%);
 
 $white-color: hsl(219.6, 20.8%, 98%);
 $black-color: hsl(0, 0%, 17%);
-$red-text-color: #eb2f06;
-$hovered-red-text-color: #ff4d4d;
 
 $faceblue: hsl(221, 44%, 41%);
 $twitblue: hsl(206, 82%, 63%);

core/static/core/forms.scss

@@ -745,32 +745,4 @@ form {
     background-repeat: no-repeat;
     background-size: var(--nf-input-size);
   }
-
-  &.no-margin {
-    margin:0;
-  }
-
-  // a submit input that should look like a regular <a>
-  input[type="submit"], button {
-    &.link-like {
-      color: $primary-dark-color;
-      &:hover {
-        color: $primary-light-color;
-      }
-
-      &.link-red {
-        color: $red-text-color;
-        &:hover {
-          color: $hovered-red-text-color;
-        }
-      }
-      font-weight: normal;
-      font-size: 100%;
-      margin: auto;
-      background: none;
-      border: none;
-      cursor: pointer;
-      padding: 0;
-    }
-  }
 }

core/static/core/header.scss

@@ -5,6 +5,9 @@ $text-color: white;
 
 $background-color-hovered: #283747;
 
+$red-text-color: #eb2f06;
+$hovered-red-text-color: #ff4d4d;
+
 .header {
   box-sizing: border-box;
   background-color: $deepblue;
@@ -248,15 +251,12 @@ $background-color-hovered: #283747;
               justify-content: flex-start;
             }
 
-            a {
-              color: $text-color;
-            }
-
             a,
             button {
               font-size: 100%;
               margin: 0;
               text-align: right;
+              color: $text-color;
               margin-top: auto;
 
               &:hover {
@@ -268,6 +268,19 @@ $background-color-hovered: #283747;
               margin: 0;
               display: inline;
             }
+
+            #logout-form button {
+              color: $red-text-color;
+
+              &:hover {
+                color: $hovered-red-text-color;
+              }
+
+              background: none;
+              border: none;
+              cursor: pointer;
+              padding: 0;
+            }
           }
         }
       }

core/static/core/style.scss

@@ -519,6 +519,7 @@ th {
 td {
   margin: 5px;
   border-collapse: collapse;
+  vertical-align: top;
   overflow: hidden;
   text-overflow: ellipsis;
 

core/templates/core/base/header.jinja

@@ -61,9 +61,7 @@
               <a href="{{ url('core:user_tools') }}">{% trans %}Tools{% endtrans %}</a>
               <form id="logout-form" method="post" action="{{ url("core:logout") }}">
                 {% csrf_token %}
-                <button type="submit" class="link-like link-red">
-                  {% trans %}Logout{% endtrans %}
-                </button>
+                <button type="submit">{% trans %}Logout{% endtrans %}</button>
               </form>
             </div>
           </div>

core/templates/core/search.jinja

@@ -9,17 +9,19 @@
 {% block content %}
   <h4>{% trans %}Users{% endtrans %}</h4>
   <ul>
-    {% for user in users %}
+    {% for i in result.users %}
+      {% if user.can_view(i) %}
         <li>
-        {{ user_link_with_pict(user) }}
+          {{ user_link_with_pict(i) }}
         </li>
+      {% endif %}
     {% endfor %}
   </ul>
   <h4>{% trans %}Clubs{% endtrans %}</h4>
   <ul>
-    {% for club in clubs %}
+    {% for i in result.clubs %}
       <li>
-        <a href="{{ url("club:club_view", club_id=club.id) }}">{{ club }}</a>
+        <a href="{{ url("club:club_view", club_id=i.id) }}">{{ i }}</a>
       </li>
     {% endfor %}
   </ul>

core/templates/core/user_clubs.jinja

@@ -17,9 +17,7 @@
         <td>{% trans %}Description{% endtrans %}</td>
         <td>{% trans %}Since{% endtrans %}</td>
         <td></td>
-        {% if user.has_perm("club.delete_membership") %}
         <td></td>
-        {% endif %}
       </tr>
     </thead>
     <tbody>
@@ -30,16 +28,7 @@
           <td>{{ m.description }}</td>
           <td>{{ m.start_date }}</td>
           {% if m.can_be_edited_by(user) %}
-            <td>
-              <form
-                method="post"
-                action="{{ url('club:membership_set_old', membership_id=m.id) }}"
-                class="no-margin"
-              >
-                {% csrf_token %}
-                <input type="submit" class="link-like" value="{% trans %}Mark as old{% endtrans %}" />
-              </form>
-            </td>
+            <td><a href="{{ url('club:membership_set_old', membership_id=m.id) }}">{% trans %}Mark as old{% endtrans %}</a></td>
           {% endif %}
           {% if user.has_perm("club.delete_membership") %}
             <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
@@ -59,9 +48,7 @@
         <td>{% trans %}Description{% endtrans %}</td>
         <td>{% trans %}From{% endtrans %}</td>
         <td>{% trans %}To{% endtrans %}</td>
-        {% if user.has_perm("club.delete_membership") %}
-          <td></td>
-        {% endif %}
+
       </tr>
     </thead>
     <tbody>

core/tests/test_core.py

@@ -35,7 +35,6 @@ from pytest_django.asserts import assertInHTML, assertRedirects
 
 from antispam.models import ToxicDomain
 from club.models import Club, Membership
-from core.baker_recipes import subscriber_user
 from core.markdown import markdown
 from core.models import AnonymousUser, Group, Page, User, validate_promo
 from core.utils import get_last_promo, get_semester_code, get_start_of_semester
@@ -552,10 +551,3 @@ def test_allow_fragment_mixin():
     assert not TestAllowFragmentView.as_view()(request)
     request.headers = {"HX-Request": True, **base_headers}
     assert TestAllowFragmentView.as_view()(request)
-
-
-@pytest.mark.django_db
-def test_search_view(client: Client):
-    client.force_login(subscriber_user.make())
-    response = client.get(reverse("core:search", query={"query": "foo"}))
-    assert response.status_code == 200

core/tests/test_notification.py

@@ -1,64 +0,0 @@
-from datetime import timedelta
-from operator import attrgetter
-
-import pytest
-from bs4 import BeautifulSoup
-from django.test import Client, TestCase
-from django.urls import reverse
-from django.utils.timezone import now
-from model_bakery import baker, seq
-from pytest_django.asserts import assertRedirects
-
-from core.baker_recipes import subscriber_user
-from core.models import Notification
-
-
-@pytest.mark.django_db
-class TestNotificationList(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.user = subscriber_user.make()
-        url = reverse("core:user_profile", kwargs={"user_id": cls.user.id})
-        cls.notifs = baker.make(
-            Notification,
-            user=cls.user,
-            url=url,
-            viewed=False,
-            date=seq(now() - timedelta(days=1), timedelta(hours=1)),
-            _quantity=10,
-            _bulk_create=True,
-        )
-
-    def test_list(self):
-        self.client.force_login(self.user)
-        response = self.client.get(reverse("core:notification_list"))
-        assert response.status_code == 200
-        soup = BeautifulSoup(response.text, "lxml")
-        ul = soup.find("ul", id="notifications")
-        elements = list(ul.find_all("li"))
-        assert len(elements) == len(self.notifs)
-        notifs = sorted(self.notifs, key=attrgetter("date"), reverse=True)
-        for element, notif in zip(elements, notifs, strict=True):
-            assert element.find("a")["href"] == reverse(
-                "core:notification", kwargs={"notif_id": notif.id}
-            )
-
-    def test_read_all(self):
-        self.client.force_login(self.user)
-        response = self.client.get(
-            reverse("core:notification_list", query={"read_all": None})
-        )
-        assert response.status_code == 200
-        assert not self.user.notifications.filter(viewed=True).exists()
-
-
-@pytest.mark.django_db
-def test_notification_redirect(client: Client):
-    user = subscriber_user.make()
-    url = reverse("core:user_profile", kwargs={"user_id": user.id})
-    notif = baker.make(Notification, user=user, url=url, viewed=False)
-    client.force_login(user)
-    response = client.get(reverse("core:notification", kwargs={"notif_id": notif.id}))
-    assertRedirects(response, url)
-    notif.refresh_from_db()
-    assert notif.viewed is True

core/tests/test_user.py

@@ -1,5 +1,4 @@
 from datetime import timedelta
-from unittest import mock
 
 import pytest
 from django.conf import settings
@@ -24,7 +23,6 @@ from core.models import AnonymousUser, Group, User
 from core.views import UserTabsMixin
 from counter.baker_recipes import sale_recipe
 from counter.models import Counter, Customer, Refilling, Selling
-from counter.utils import is_logged_in_counter
 from eboutic.models import Invoice, InvoiceItem
 
 
@@ -62,9 +60,7 @@ class TestSearchUsersAPI(TestSearchUsers):
         """Test that users are ordered by last login date."""
         self.client.force_login(subscriber_user.make())
 
-        response = self.client.get(
-            reverse("api:search_users", query={"search": "First"})
-        )
+        response = self.client.get(reverse("api:search_users") + "?search=First")
         assert response.status_code == 200
         assert response.json()["count"] == 11
         # The users are ordered by last login date, so we need to reverse the list
@@ -73,7 +69,7 @@ class TestSearchUsersAPI(TestSearchUsers):
         ]
 
     def test_search_case_insensitive(self):
-        """Test that the search is case-insensitive."""
+        """Test that the search is case insensitive."""
         self.client.force_login(subscriber_user.make())
 
         expected = [u.id for u in self.users[::-1]]
@@ -86,19 +82,14 @@ class TestSearchUsersAPI(TestSearchUsers):
             assert [r["id"] for r in response.json()["results"]] == expected
 
     def test_search_nick_name(self):
-        """Test that the search can be done on the nickname."""
-        # hidden users should not be in the final result,
-        # even when the nickname matches
-        self.users[10].is_viewable = False
-        self.users[10].save()
+        """Test that the search can be done on the nick name."""
         self.client.force_login(subscriber_user.make())
 
         # this should return users with nicknames Nick11, Nick10 and Nick1
-        response = self.client.get(
-            reverse("api:search_users", query={"search": "Nick1"})
-        )
+        response = self.client.get(reverse("api:search_users") + "?search=Nick1")
         assert response.status_code == 200
         assert [r["id"] for r in response.json()["results"]] == [
+            self.users[10].id,
             self.users[9].id,
             self.users[0].id,
         ]
@@ -110,25 +101,10 @@ class TestSearchUsersAPI(TestSearchUsers):
         self.client.force_login(subscriber_user.make())
 
         # this should return users with first names First1 and First10
-        response = self.client.get(reverse("api:search_users", query={"search": "bél"}))
+        response = self.client.get(reverse("api:search_users") + "?search=bél")
         assert response.status_code == 200
         assert [r["id"] for r in response.json()["results"]] == [belix.id]
 
-    @mock.create_autospec(is_logged_in_counter, return_value=True)
-    def test_search_as_barman(self):
-        # barmen should also see hidden users
-        self.users[10].is_viewable = False
-        self.users[10].save()
-        response = self.client.get(
-            reverse("api:search_users", query={"search": "Nick1"})
-        )
-        assert response.status_code == 200
-        assert [r["id"] for r in response.json()["results"]] == [
-            self.users[10].id,
-            self.users[9].id,
-            self.users[0].id,
-        ]
-
 
 class TestSearchUsersView(TestSearchUsers):
     """Test the search user view (`GET /search`)."""

core/urls.py

@@ -24,7 +24,6 @@
 from django.urls import path, re_path, register_converter
 from django.views.generic import RedirectView
 
-from com.views import NewsListView
 from core.converters import (
     BooleanStringConverter,
     FourDigitYearConverter,
@@ -54,7 +53,6 @@ from core.views import (
     PagePropView,
     PageRevView,
     PageView,
-    SearchView,
     SithLoginView,
     SithPasswordChangeDoneView,
     SithPasswordChangeView,
@@ -78,9 +76,13 @@ from core.views import (
     UserUpdateProfileView,
     UserView,
     delete_user_godfather,
+    index,
     logout,
     notification,
     password_root_change,
+    search_json,
+    search_user_json,
+    search_view,
     send_file,
 )
 
@@ -89,11 +91,13 @@ register_converter(TwoDigitMonthConverter, "mm")
 register_converter(BooleanStringConverter, "bool")
 
 urlpatterns = [
-    path("", NewsListView.as_view(), name="index"),
+    path("", index, name="index"),
     path("notifications/", NotificationList.as_view(), name="notification_list"),
     path("notification/<int:notif_id>/", notification, name="notification"),
     # Search
-    path("search/", SearchView.as_view(), name="search"),
+    path("search/", search_view, name="search"),
+    path("search_json/", search_json, name="search_json"),
+    path("search_user/", search_user_json, name="search_user"),
     # Login and co
     path("login/", SithLoginView.as_view(), name="login"),
     path("logout/", logout, name="logout"),

core/views/forms.py

@@ -20,9 +20,9 @@
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
+import difflib
 import re
-from copy import copy
-from datetime import date, datetime
+from datetime import date, datetime, timedelta
 from io import BytesIO
 
 from captcha.fields import CaptchaField
@@ -390,11 +390,14 @@ class PageRevisionForm(forms.ModelForm):
 
         - less than 20 minutes ago
         - by the same author
-        - with a similarity ratio higher than 80%
+        - with a diff ratio higher than 20%
 
         then the latter will be edited and the new revision won't be created.
     """
 
+    TIME_THRESHOLD = timedelta(minutes=20)
+    DIFF_THRESHOLD = 0.2
+
     class Meta:
         model = PageRev
         fields = ["title", "content"]
@@ -406,11 +409,21 @@ class PageRevisionForm(forms.ModelForm):
         super().__init__(*args, instance=instance, **kwargs)
         self.author = author
         self.page = page
-        self.initial_obj: PageRev = copy(self.instance)
+        self.initial_content = instance.content if instance else ""
+
+    def diff_ratio(self, new_str: str) -> float:
+        return difflib.SequenceMatcher(
+            None, self.initial_content, new_str
+        ).quick_ratio()
 
     def save(self, commit=True):  # noqa FBT002
         revision: PageRev = self.instance
-        if not self.initial_obj.should_merge(self.instance):
+        if (
+            revision._state.adding
+            or revision.author != self.author
+            or revision.date + self.TIME_THRESHOLD < now()
+            or self.diff_ratio(revision.content) < (1 - self.DIFF_THRESHOLD)
+        ):
             revision.author = self.author
             revision.page = self.page
             revision.id = None  # if id is None, Django will create a new record

core/views/index.py

@@ -22,49 +22,106 @@
 #
 #
 
+import json
+
 from django.conf import settings
-from django.contrib.auth.mixins import LoginRequiredMixin
-from django.db.models import F
+from django.contrib.auth.decorators import login_required
+from django.core import serializers
 from django.db.models.query import QuerySet
-from django.http import HttpRequest
-from django.shortcuts import get_object_or_404, redirect
-from django.views.generic import ListView, TemplateView
+from django.http import JsonResponse
+from django.shortcuts import redirect, render
+from django.utils import html
+from django.utils.text import slugify
+from django.views.generic import ListView
+from haystack.query import SearchQuerySet
 
 from club.models import Club
 from core.models import Notification, User
-from core.schemas import UserFilterSchema
 
 
-class NotificationList(LoginRequiredMixin, ListView):
+def index(request, context=None):
+    from com.views import NewsListView
+
+    return NewsListView.as_view()(request)
+
+
+class NotificationList(ListView):
     model = Notification
     template_name = "core/notification_list.jinja"
 
     def get_queryset(self) -> QuerySet[Notification]:
+        if self.request.user.is_anonymous:
+            return Notification.objects.none()
+        # TODO: Bulk update in django 2.2
         if "see_all" in self.request.GET:
             self.request.user.notifications.filter(viewed=False).update(viewed=True)
         return self.request.user.notifications.order_by("-date")[:20]
 
 
-def notification(request: HttpRequest, notif_id: int):
-    notif = get_object_or_404(Notification, id=notif_id)
+def notification(request, notif_id):
+    notif = Notification.objects.filter(id=notif_id).first()
+    if notif:
         if notif.type not in settings.SITH_PERMANENT_NOTIFICATIONS:
             notif.viewed = True
         else:
             notif.callback()
         notif.save()
         return redirect(notif.url)
+    return redirect("/")
 
 
-class SearchView(LoginRequiredMixin, TemplateView):
-    template_name = "core/search.jinja"
-
-    def get_context_data(self, **kwargs):
-        users, clubs = [], []
-        if query := self.request.GET.get("query"):
-            users = list(
-                UserFilterSchema(search=query)
-                .filter(User.objects.viewable_by(self.request.user))
-                .order_by(F("last_login").desc(nulls_last=True))
+def search_user(query):
+    try:
+        # slugify turns everything into ascii and every whitespace into -
+        # it ends by removing duplicate - (so ' - ' will turn into '-')
+        # replace('-', ' ') because search is whitespace based
+        query = slugify(query).replace("-", " ")
+        # TODO: is this necessary?
+        query = html.escape(query)
+        res = (
+            SearchQuerySet()
+            .models(User)
+            .autocomplete(auto=query)
+            .order_by("-last_login")
+            .load_all()[:20]
         )
-            clubs = list(Club.objects.filter(name__icontains=query)[:5])
-        return super().get_context_data(**kwargs) | {"users": users, "clubs": clubs}
+        return [r.object for r in res]
+    except TypeError:
+        return []
+
+
+def search_club(query, *, as_json=False):
+    clubs = []
+    if query:
+        clubs = Club.objects.filter(name__icontains=query).all()
+        clubs = clubs[:5]
+        if as_json:
+            # Re-loads json to avoid double encoding by JsonResponse, but still benefit from serializers
+            clubs = json.loads(serializers.serialize("json", clubs, fields=("name")))
+        else:
+            clubs = list(clubs)
+    return clubs
+
+
+@login_required
+def search_view(request):
+    result = {
+        "users": search_user(request.GET.get("query", "")),
+        "clubs": search_club(request.GET.get("query", "")),
+    }
+    return render(request, "core/search.jinja", context={"result": result})
+
+
+@login_required
+def search_user_json(request):
+    result = {"users": search_user(request.GET.get("query", ""))}
+    return JsonResponse(result)
+
+
+@login_required
+def search_json(request):
+    result = {
+        "users": search_user(request.GET.get("query", "")),
+        "clubs": search_club(request.GET.get("query", ""), as_json=True),
+    }
+    return JsonResponse(result)

counter/forms.py

@@ -1,7 +1,7 @@
 import json
 import math
 import uuid
-from datetime import date, datetime, timezone
+from datetime import date
 
 from dateutil.relativedelta import relativedelta
 from django import forms
@@ -235,19 +235,6 @@ class ScheduledProductActionForm(forms.ModelForm):
         )
         return super().clean()
 
-    def set_product(self, product: Product):
-        """Set the product to which this form's instance is linked.
-
-        When this form is linked to a ProductForm in the case of a product's creation,
-        the product doesn't exist yet, so saving this form as is will result
-        in having `{"product_id": null}` in the action kwargs.
-        For the creation to be useful, it may be needed to inject the newly created
-        product into this form, before saving the latter.
-        """
-        self.product = product
-        kwargs = json.loads(self.instance.kwargs) | {"product_id": self.product.id}
-        self.instance.kwargs = json.dumps(kwargs)
-
 
 class BaseScheduledProductActionFormSet(BaseModelFormSet):
     def __init__(self, *args, product: Product, **kwargs):
@@ -334,19 +321,11 @@ class ProductForm(forms.ModelForm):
     def is_valid(self):
         return super().is_valid() and self.action_formset.is_valid()
 
-    def save(self, *args, **kwargs) -> Product:
-        product = super().save(*args, **kwargs)
-        product.counters.set(self.cleaned_data["counters"])
-        for form in self.action_formset:
-            # if it's a creation, the product given in the formset
-            # wasn't a persisted instance.
-            # So if we tried to persist the scheduled actions in the current state,
-            # they would be linked to no product, thus be completely useless
-            # To make it work, we have to replace
-            # the initial product with a persisted one
-            form.set_product(product)
+    def save(self, *args, **kwargs):
+        ret = super().save(*args, **kwargs)
+        self.instance.counters.set(self.cleaned_data["counters"])
         self.action_formset.save()
-        return product
+        return ret
 
 
 class ReturnableProductForm(forms.ModelForm):
@@ -390,6 +369,7 @@ class EticketForm(forms.ModelForm):
 class CloseCustomerAccountForm(forms.Form):
     user = forms.ModelChoiceField(
         label=_("Refound this account"),
+        help_text=None,
         required=True,
         widget=AutoCompleteSelectUser,
         queryset=User.objects.all(),
@@ -509,14 +489,13 @@ class InvoiceCallForm(forms.Form):
     def __init__(self, *args, month: date, **kwargs):
         super().__init__(*args, **kwargs)
         self.month = month
-        month_start = datetime(month.year, month.month, month.day, tzinfo=timezone.utc)
         self.clubs = list(
             Club.objects.filter(
                 Exists(
                     Selling.objects.filter(
                         club=OuterRef("pk"),
-                        date__gte=month_start,
-                        date__lte=month_start + relativedelta(months=1),
+                        date__gte=month,
+                        date__lte=month + relativedelta(months=1),
                     )
                 )
             ).annotate(

counter/schemas.py

@@ -1,12 +1,13 @@
 from datetime import datetime
 from typing import Annotated, Self
 
+from annotated_types import MinLen
 from django.urls import reverse
-from ninja import FilterLookup, FilterSchema, ModelSchema, Schema
+from ninja import Field, FilterSchema, ModelSchema, Schema
 from pydantic import model_validator
 
 from club.schemas import SimpleClubSchema
-from core.schemas import GroupSchema, NonEmptyStr, SimpleUserSchema
+from core.schemas import GroupSchema, SimpleUserSchema
 from counter.models import Counter, Product, ProductType
 
 
@@ -20,7 +21,7 @@ class CounterSchema(ModelSchema):
 
 
 class CounterFilterSchema(FilterSchema):
-    search: Annotated[NonEmptyStr | None, FilterLookup("name__icontains")] = None
+    search: Annotated[str, MinLen(1)] = Field(None, q="name__icontains")
 
 
 class SimplifiedCounterSchema(ModelSchema):
@@ -92,18 +93,18 @@ class ProductSchema(ModelSchema):
 
 
 class ProductFilterSchema(FilterSchema):
-    search: Annotated[
-        NonEmptyStr | None, FilterLookup(["name__icontains", "code__icontains"])
-    ] = None
-    is_archived: Annotated[bool | None, FilterLookup("archived")] = None
-    buying_groups: Annotated[set[int] | None, FilterLookup("buying_groups__in")] = None
-    product_type: Annotated[set[int] | None, FilterLookup("product_type__in")] = None
-    club: Annotated[set[int] | None, FilterLookup("club__in")] = None
-    counter: Annotated[set[int] | None, FilterLookup("counters__in")] = None
+    search: Annotated[str, MinLen(1)] | None = Field(
+        None, q=["name__icontains", "code__icontains"]
+    )
+    is_archived: bool | None = Field(None, q="archived")
+    buying_groups: set[int] | None = Field(None, q="buying_groups__in")
+    product_type: set[int] | None = Field(None, q="product_type__in")
+    club: set[int] | None = Field(None, q="club__in")
+    counter: set[int] | None = Field(None, q="counters__in")
 
 
 class SaleFilterSchema(FilterSchema):
-    before: Annotated[datetime | None, FilterLookup("date__lt")] = None
-    after: Annotated[datetime | None, FilterLookup("date__gt")] = None
-    counters: Annotated[set[int] | None, FilterLookup("counter__in")] = None
-    products: Annotated[set[int] | None, FilterLookup("product__in")] = None
+    before: datetime | None = Field(None, q="date__lt")
+    after: datetime | None = Field(None, q="date__gt")
+    counters: set[int] | None = Field(None, q="counter__in")
+    products: set[int] | None = Field(None, q="product__in")

counter/tests/test_auto_actions.py

@@ -11,12 +11,8 @@ from model_bakery import baker
 
 from core.models import Group, User
 from counter.baker_recipes import counter_recipe, product_recipe
-from counter.forms import (
-    ProductForm,
-    ScheduledProductActionForm,
-    ScheduledProductActionFormSet,
-)
-from counter.models import Product, ScheduledProductAction
+from counter.forms import ScheduledProductActionForm, ScheduledProductActionFormSet
+from counter.models import ScheduledProductAction
 
 
 @pytest.mark.django_db
@@ -38,39 +34,6 @@ def test_edit_product(client: Client):
     assert res.status_code == 200
 
 
-@pytest.mark.django_db
-def test_create_actions_alongside_product():
-    """The form should work when the product and the actions are created alongside."""
-    # non-persisted instance
-    product: Product = product_recipe.prepare(_save_related=True)
-    trigger_at = now() + timedelta(minutes=10)
-    form = ProductForm(
-        data={
-            "name": "foo",
-            "description": "bar",
-            "product_type": product.product_type_id,
-            "club": product.club_id,
-            "code": "FOO",
-            "purchase_price": 1.0,
-            "selling_price": 1.0,
-            "special_selling_price": 1.0,
-            "limit_age": 0,
-            "form-TOTAL_FORMS": "2",
-            "form-INITIAL_FORMS": "0",
-            "form-0-task": "counter.tasks.archive_product",
-            "form-0-trigger_at": trigger_at,
-        },
-    )
-    assert form.is_valid()
-    product = form.save()
-    action = ScheduledProductAction.objects.last()
-    assert action.clocked.clocked_time == trigger_at
-    assert action.enabled is True
-    assert action.one_off is True
-    assert action.task == "counter.tasks.archive_product"
-    assert action.kwargs == json.dumps({"product_id": product.id})
-
-
 @pytest.mark.django_db
 class TestProductActionForm:
     def test_single_form_archive(self):

counter/tests/test_invoices.py

@@ -6,7 +6,7 @@ from django.contrib.auth.models import Permission
 from django.core.exceptions import ValidationError
 from django.test import Client
 from django.urls import reverse
-from django.utils.timezone import now
+from django.utils.timezone import localdate
 from model_bakery import baker
 from pytest_django.asserts import assertRedirects
 
@@ -57,7 +57,7 @@ def test_invoice_call_view(client: Client, query: dict | None):
 @pytest.mark.django_db
 def test_invoice_call_form():
     Selling.objects.all().delete()
-    month = now() - relativedelta(months=1)
+    month = localdate() - relativedelta(months=1)
     clubs = baker.make(Club, _quantity=2)
     recipe = sale_recipe.extend(date=month, customer=baker.make(Customer, amount=10000))
     recipe.make(club=clubs[0], quantity=2, unit_price=200)

counter/views/admin.py

@@ -12,7 +12,7 @@
 # OR WITHIN THE LOCAL FILE "LICENSE"
 #
 #
-from datetime import datetime, timedelta
+from datetime import timedelta
 
 from django.conf import settings
 from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
@@ -23,7 +23,6 @@ from django.forms.models import modelform_factory
 from django.shortcuts import get_object_or_404
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
-from django.utils.timezone import get_current_timezone
 from django.utils.translation import gettext as _
 from django.views.generic import DetailView, ListView, TemplateView
 from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateView
@@ -286,13 +285,7 @@ class CounterStatView(PermissionRequiredMixin, DetailView):
     def get_context_data(self, **kwargs):
         """Add stats to the context."""
         counter: Counter = self.object
-        start_date = get_start_of_semester()
-        semester_start = datetime(
-            start_date.year,
-            start_date.month,
-            start_date.day,
-            tzinfo=get_current_timezone(),
-        )
+        semester_start = get_start_of_semester()
         office_hours = counter.get_top_barmen()
         kwargs = super().get_context_data(**kwargs)
         kwargs.update(

counter/views/invoice.py

@@ -12,7 +12,7 @@
 # OR WITHIN THE LOCAL FILE "LICENSE"
 #
 #
-from datetime import datetime, timezone
+from datetime import datetime
 from urllib.parse import urlencode
 
 from dateutil.relativedelta import relativedelta
@@ -63,8 +63,7 @@ class InvoiceCallView(
         """Add sums to the context."""
         kwargs = super().get_context_data(**kwargs)
         kwargs["months"] = Selling.objects.datetimes("date", "month", order="DESC")
-        month = self.get_month()
-        start_date = datetime(month.year, month.month, month.day, tzinfo=timezone.utc)
+        start_date = self.get_month()
         end_date = start_date + relativedelta(months=1)
 
         kwargs["sum_cb"] = Refilling.objects.filter(

matmat/views.py

@@ -24,7 +24,6 @@ from ast import literal_eval
 from enum import Enum
 
 from django import forms
-from django.db.models import F
 from django.http.response import HttpResponseRedirect
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
@@ -35,7 +34,7 @@ from phonenumber_field.widgets import RegionalPhoneNumberWidget
 
 from core.auth.mixins import FormerSubscriberMixin
 from core.models import User
-from core.schemas import UserFilterSchema
+from core.views import search_user
 from core.views.forms import SelectDate
 
 # Enum to select search type
@@ -127,13 +126,11 @@ class SearchFormListView(FormerSubscriberMixin, SingleObjectMixin, ListView):
                 q = q.filter(phone=self.valid_form["phone"]).all()
             elif self.search_type == SearchType.QUICK:
                 if self.valid_form["quick"].strip():
-                    q = list(
-                        UserFilterSchema(search=self.valid_form["quick"])
-                        .filter(User.objects.viewable_by(self.request.user))
-                        .order_by(F("last_login").desc(nulls_last=True))
-                    )
+                    q = search_user(self.valid_form["quick"])
                 else:
                     q = []
+                if not self.can_see_hidden and len(q) > 0:
+                    q = [user for user in q if user.is_viewable]
             else:
                 search_dict = {}
                 for key, value in self.valid_form.items():

pedagogy/schemas.py

@@ -1,9 +1,9 @@
-from typing import Annotated, Literal
+from typing import Literal
 
 from django.db.models import Q
 from django.utils import html
 from haystack.query import SearchQuerySet
-from ninja import FilterLookup, FilterSchema, ModelSchema, Schema
+from ninja import FilterSchema, ModelSchema, Schema
 from pydantic import AliasPath, ConfigDict, Field, TypeAdapter
 from pydantic.alias_generators import to_camel
 
@@ -114,14 +114,13 @@ class UvSchema(ModelSchema):
 
 
 class UvFilterSchema(FilterSchema):
-    search: Annotated[str | None, FilterLookup("code__icontains")] = None
+    search: str | None = Field(None, q="code__icontains")
     semester: set[Literal["AUTUMN", "SPRING"]] | None = None
-    credit_type: Annotated[
-        set[Literal["CS", "TM", "EC", "OM", "QC"]] | None,
-        FilterLookup("credit_type__in"),
-    ] = None
+    credit_type: set[Literal["CS", "TM", "EC", "OM", "QC"]] | None = Field(
+        None, q="credit_type__in"
+    )
     language: str = "FR"
-    department: Annotated[set[str] | None, FilterLookup("department__in")] = None
+    department: set[str] | None = Field(None, q="department__in")
 
     def filter_search(self, value: str | None) -> Q:
         """Special filter for the search text.

pyproject.toml

@@ -20,8 +20,8 @@ license = { text = "GPL-3.0-only" }
 requires-python = "<4.0,>=3.12"
 dependencies = [
     "django>=5.2.8,<6.0.0",
-    "django-ninja>=1.5.0,<6.0.0",
-    "django-ninja-extra>=0.30.6",
+    "django-ninja>=1.4.5,<2.0.0",
+    "django-ninja-extra>=0.30.2,<1.0.0",
     "Pillow>=12.0.0,<13.0.0",
     "mistune>=3.1.4,<4.0.0",
     "django-jinja<3.0.0,>=2.11.0",
@@ -43,7 +43,7 @@ dependencies = [
     "tomli>=2.3.0,<3.0.0",
     "django-honeypot>=1.3.0,<2",
     "pydantic-extra-types>=2.10.6,<3.0.0",
-    "ical>=11.1.0,<12",
+    "ical>=11.1.0,<13",
     "redis[hiredis]<7,>=5.3.0",
     "environs[django]>=14.5.0,<15.0.0",
     "requests>=2.32.5,<3.0.0",

sas/schemas.py

@@ -2,19 +2,20 @@ from datetime import datetime
 from pathlib import Path
 from typing import Annotated
 
+from annotated_types import MinLen
 from django.urls import reverse
-from ninja import FilterLookup, FilterSchema, ModelSchema, Schema
+from ninja import FilterSchema, ModelSchema, Schema
 from pydantic import Field, NonNegativeInt
 
-from core.schemas import NonEmptyStr, SimpleUserSchema, UserProfileSchema
+from core.schemas import SimpleUserSchema, UserProfileSchema
 from sas.models import Album, Picture, PictureModerationRequest
 
 
 class AlbumFilterSchema(FilterSchema):
-    search: Annotated[NonEmptyStr | None, FilterLookup("name__icontains")] = None
-    before_date: Annotated[datetime | None, FilterLookup("event_date__lte")] = None
-    after_date: Annotated[datetime | None, FilterLookup("event_date__gte")] = None
-    parent_id: Annotated[int | None, FilterLookup("parent_id")] = None
+    search: Annotated[str, MinLen(1)] | None = Field(None, q="name__icontains")
+    before_date: datetime | None = Field(None, q="event_date__lte")
+    after_date: datetime | None = Field(None, q="event_date__gte")
+    parent_id: int | None = Field(None, q="parent_id")
 
 
 class SimpleAlbumSchema(ModelSchema):
@@ -59,12 +60,10 @@ class AlbumAutocompleteSchema(ModelSchema):
 
 
 class PictureFilterSchema(FilterSchema):
-    before_date: Annotated[datetime | None, FilterLookup("date__lte")] = None
-    after_date: Annotated[datetime | None, FilterLookup("date__gte")] = None
-    users_identified: Annotated[
-        set[int] | None, FilterLookup("people__user_id__in")
-    ] = None
-    album_id: Annotated[int | None, FilterLookup("parent_id")] = None
+    before_date: datetime | None = Field(None, q="date__lte")
+    after_date: datetime | None = Field(None, q="date__gte")
+    users_identified: set[int] | None = Field(None, q="people__user_id__in")
+    album_id: int | None = Field(None, q="parent_id")
 
 
 class PictureSchema(ModelSchema):

sith/settings.py

@@ -216,7 +216,7 @@ TEMPLATES = [
         },
     },
 ]
-
+FORM_RENDERER = "django.forms.renderers.DjangoDivFormRenderer"
 
 HAYSTACK_CONNECTIONS = {
     "default": {