Merge pull request #1315 from ae-utbm/taiste

Product history, formula management, test election
Merge pull request #1293 from ae-utbm/taiste
2026-03-14 15:45:02 +00:00 · 2026-03-12 11:33:45 +01:00 · 2026-02-13 15:25:04 +01:00
14 changed files with 1353 additions and 807 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -24,9 +24,6 @@ node_modules/
 # compiled documentation
 site/

-# rollup-bundle-visualizer report
-.bundle-size-report.html
-
 ### Redis ###

 # Ignore redis binary dump (dump.rdb) files
--- a/biome.json
+++ b/biome.json
@@ -7,7 +7,7 @@
  },
  "files": {
    "ignoreUnknown": false,
-    "includes": ["**/static/**", "vite.config.mts"]
+    "includes": ["**/static/**"]
  },
  "formatter": {
    "enabled": true,
--- a/com/views.py
+++ b/com/views.py
@@ -244,8 +244,9 @@ class NewsListView(TemplateView):
            .filter(
                date_of_birth__month=localdate().month,
                date_of_birth__day=localdate().day,
-                role__in=["STUDENT", "FORMER STUDENT"],
+                is_viewable=True,
            )
+            .filter(role__in=["STUDENT", "FORMER STUDENT"])
            .order_by("-date_of_birth"),
            key=lambda u: u.date_of_birth.year,
        )
--- a/core/admin.py
+++ b/core/admin.py
@@ -63,7 +63,6 @@ class UserAdmin(admin.ModelAdmin):
        "scrub_pict",
        "user_permissions",
        "groups",
-        "whitelisted_users",
    )
    inlines = (UserBanInline,)
    search_fields = ["first_name", "last_name", "username"]
--- a/core/migrations/0049_user_whitelisted_users.py
+++ b/core/migrations/0049_user_whitelisted_users.py
@@ -1,24 +0,0 @@
-# Generated by Django 5.2.12 on 2026-03-14 08:39
-
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("core", "0048_alter_user_options")]
-
-    operations = [
-        migrations.AddField(
-            model_name="user",
-            name="whitelisted_users",
-            field=models.ManyToManyField(
-                help_text=(
-                    "If this profile is hidden, "
-                    "the users in this list will still be able to see it."
-                ),
-                related_name="visible_by_whitelist",
-                to=settings.AUTH_USER_MODEL,
-                verbose_name="whitelisted users",
-            ),
-        ),
-    ]
--- a/core/models.py
+++ b/core/models.py
@@ -131,7 +131,7 @@ class UserQuerySet(models.QuerySet):
        if user.has_perm("core.view_hidden_user"):
            return self
        if user.has_perm("core.view_user"):
-            return self.filter(Q(is_viewable=True) | Q(whitelisted_users=user))
+            return self.filter(is_viewable=True)
        if user.is_anonymous:
            return self.none()
        return self.filter(id=user.id)
@@ -279,15 +279,6 @@ class User(AbstractUser):
        ),
        default=True,
    )
-    whitelisted_users = models.ManyToManyField(
-        "User",
-        related_name="visible_by_whitelist",
-        verbose_name=_("whitelisted users"),
-        help_text=_(
-            "If this profile is hidden, "
-            "the users in this list will still be able to see it."
-        ),
-    )
    godfathers = models.ManyToManyField("User", related_name="godchildren", blank=True)

    objects = CustomUserManager()
@@ -576,31 +567,10 @@ class User(AbstractUser):
        return user.is_root or user.is_board_member

    def can_be_viewed_by(self, user: User) -> bool:
-        """Check if the given user can be viewed by this user.
-
-        Given users A and B. A can be viewed by B if :
-
-        - A and B are the same user
-        - or B has the permission to view hidden users
-        - or B can view users in general and A didn't hide its profile
-        - or B is in A's whitelist.
-        """
-
-        def is_in_whitelist(u: User):
-            if (
-                hasattr(self, "_prefetched_objects_cache")
-                and "whitelisted_users" in self._prefetched_objects_cache
-            ):
-                return u in self.whitelisted_users.all()
-            return self.whitelisted_users.contains(u)
-
        return (
            user.id == self.id
            or user.has_perm("core.view_hidden_user")
-            or (
-                user.has_perm("core.view_user")
-                and (self.is_viewable or is_in_whitelist(user))
-            )
+            or (user.has_perm("core.view_user") and self.is_viewable)
        )

    def get_mini_item(self):
--- a/core/static/bundled/core/components/nfc-input-index.ts
+++ b/core/static/bundled/core/components/nfc-input-index.ts
@@ -26,6 +26,7 @@ export class NfcInput extends inheritHtmlElement("input") {
        window.alert(gettext("Unsupported NFC card"));
      });

+      // biome-ignore lint/correctness/noUndeclaredVariables: browser API
      ndef.addEventListener("reading", (event: NDEFReadingEvent) => {
        this.removeAttribute("scan");
        this.node.value = event.serialNumber.replace(/:/g, "").toUpperCase();
--- a/core/tests/test_user.py
+++ b/core/tests/test_user.py
@@ -399,12 +399,13 @@ class TestUserQuerySetViewableBy:
        return [
            baker.make(User),
            subscriber_user.make(),
-            *subscriber_user.make(is_viewable=False, _quantity=2),
+            subscriber_user.make(is_viewable=False),
        ]

    def test_admin_user(self, users: list[User]):
        user = baker.make(
-            User, user_permissions=[Permission.objects.get(codename="view_hidden_user")]
+            User,
+            user_permissions=[Permission.objects.get(codename="view_hidden_user")],
        )
        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
        assert set(viewable) == set(users)
@@ -417,12 +418,6 @@ class TestUserQuerySetViewableBy:
        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
        assert set(viewable) == {users[0], users[1]}

-    def test_whitelist(self, users: list[User]):
-        user = subscriber_user.make()
-        users[3].whitelisted_users.add(user)
-        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
-        assert set(viewable) == {users[0], users[1], users[3]}
-
    @pytest.mark.parametrize("user_factory", [lambda: baker.make(User), AnonymousUser])
    def test_not_subscriber(self, users: list[User], user_factory):
        user = user_factory()
--- a/core/urls.py
+++ b/core/urls.py
@@ -69,6 +69,7 @@ from core.views import (
    UserCreationView,
    UserGodfathersTreeView,
    UserGodfathersView,
+    UserListView,
    UserMeRedirect,
    UserMiniView,
    UserPreferencesView,
@@ -135,6 +136,7 @@ urlpatterns = [
        "group/<int:group_id>/detail/", GroupTemplateView.as_view(), name="group_detail"
    ),
    # User views
+    path("user/", UserListView.as_view(), name="user_list"),
    path(
        "user/me/<path:remaining_path>/",
        UserMeRedirect.as_view(),
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -48,6 +48,7 @@ from django.views.generic import (
    CreateView,
    DeleteView,
    DetailView,
+    ListView,
    RedirectView,
    TemplateView,
 )
@@ -403,6 +404,13 @@ class UserMiniView(CanViewMixin, DetailView):
    template_name = "core/user_mini.jinja"


+class UserListView(ListView, CanEditPropMixin):
+    """Displays the user list."""
+
+    model = User
+    template_name = "core/user_list.jinja"
+
+
 # FIXME: the edit_once fields aren't displayed to the user (as expected).
 #  However, if the user re-add them manually in the form, they are saved.
 class UserUpdateProfileView(UserTabsMixin, CanEditMixin, UpdateView):
--- a/election/templates/election/election_detail.jinja
+++ b/election/templates/election/election_detail.jinja
@@ -146,7 +146,7 @@
                          <label for="{{ input_id }}">
                        {%- endif %}
                        <figure>
-                          {%- if user.can_view(candidature.user) %}
+                          {%- if user.is_viewable %}
                            {% if candidature.user.profile_pict %}
                              <img class="candidate__picture" src="{{ candidature.user.profile_pict.get_download_url() }}" alt="{% trans %}Profile{% endtrans %}">
                            {% else %}
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -8,6 +8,8 @@
    "compile-dev": "vite build --mode development",
    "serve": "vite build --mode development --watch --minify false",
    "openapi": "openapi-ts",
+    "analyse-dev": "vite-bundle-visualizer --mode development",
+    "analyse-prod": "vite-bundle-visualizer --mode production",
    "check": "tsc && biome check --write"
  },
  "keywords": [],
@@ -33,9 +35,10 @@
    "@types/cytoscape-cxtmenu": "^3.4.5",
    "@types/cytoscape-klay": "^3.1.5",
    "@types/js-cookie": "^3.0.6",
-    "rollup-plugin-visualizer": "^7.0.1",
    "typescript": "^5.9.3",
-    "vite": "^8.0.0"
+    "vite": "^7.3.1",
+    "vite-bundle-visualizer": "^1.2.1",
+    "vite-plugin-static-copy": "^3.2.0"
  },
  "dependencies": {
    "@alpinejs/sort": "^3.15.8",
--- a/vite.config.mts
+++ b/vite.config.mts
@@ -1,17 +1,14 @@
+// biome-ignore lint/correctness/noNodejsModules: this is backend side
 import { parse, resolve } from "node:path";
 import inject from "@rollup/plugin-inject";
 import { glob } from "glob";
-import { visualizer } from "rollup-plugin-visualizer";
-import {
-  type AliasOptions,
-  defineConfig,
-  type PluginOption,
-  type Rollup,
-  type UserConfig,
-} from "vite";
+import type { Rollup } from "vite";
+import { type AliasOptions, defineConfig, type UserConfig } from "vite";
 import tsconfig from "./tsconfig.json";

 const outDir = resolve(__dirname, "./staticfiles/generated/bundled");
+const vendored = resolve(outDir, "vendored");
+const nodeModules = resolve(__dirname, "node_modules");
 const collectedFiles = glob.sync(
  "./!(static)/static/bundled/**/*?(-)index.?(m)[j|t]s?(x)",
 );
@@ -45,6 +42,7 @@ function getRelativeAssetPath(path: string): string {
  return relativePath.join("/");
 }

+// biome-ignore lint/style/noDefaultExport: this is recommended by documentation
 export default defineConfig((config: UserConfig) => {
  return {
    base: "/static/bundled/",
@@ -88,7 +86,6 @@ export default defineConfig((config: UserConfig) => {
        Alpine: "alpinejs",
        htmx: "htmx.org",
      }),
-      visualizer({ filename: ".bundle-size-report.html" }) as PluginOption,
    ],
  } satisfies UserConfig;
 });
Author	SHA1	Message	Date
Titouan	173311c1d5	Merge pull request #1315 from ae-utbm/taiste Product history, formula management, test election	2026-03-12 11:33:45 +01:00
thomas girod	2995823d6e	Merge pull request #1293 from ae-utbm/taiste Refactors, updates and db optimisations	2026-02-13 15:25:04 +01:00