UI/UX tweaks

Dynamic club roles

.github/actions/setup_project/action.yml

@@ -12,7 +12,7 @@ runs:
   steps:
     - name: Install apt packages
       if: ${{ inputs.full == 'true' }}
-      uses: awalsh128/cache-apt-pkgs-action@v1.4.3
+      uses: awalsh128/cache-apt-pkgs-action@v1.6.0
       with:
         packages: gettext
         version: 1.0  # increment to reset cache
@@ -23,26 +23,29 @@ runs:
       with:
         redis-version: "7.x"
 
-    - name: Install uv
-      uses: astral-sh/setup-uv@v5
-      with:
-        version: "0.5.14"
-        enable-cache: true
-        cache-dependency-glob: "uv.lock"
-
     - name: "Set up Python"
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version-file: ".python-version"
 
-    - name: Restore cached virtualenv
-      uses: actions/cache/restore@v4
+    - name: Install uv
+      uses: astral-sh/setup-uv@v8.1.0
+      with:
+        version: "0.11.8"
+        enable-cache: false
+        cache-dependency-glob: "uv.lock"
+
+    - name: Restore cached virtualenv
+      uses: actions/cache@v5
       with:
-        key: venv-${{ runner.os }}-${{ hashFiles('.python-version') }}-${{ hashFiles('pyproject.toml') }}-${{ env.CACHE_SUFFIX }}
         path: .venv
+        key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
+        restore-keys: |
+          uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
+          uv-${{ runner.os }}
 
     - name: Install dependencies
-      run: uv sync
+      run: uv sync --locked
       shell: bash
 
     - name: Install Xapian
@@ -50,15 +53,6 @@ runs:
       run: uv run ./manage.py install_xapian
       shell: bash
 
-    # compiling xapian accounts for almost the entirety of the virtualenv setup,
-    # so we save the virtual environment only on workflows where it has been installed
-    - name: Save cached virtualenv
-      if: ${{ inputs.full == 'true' }}
-      uses: actions/cache/save@v4
-      with:
-        key: venv-${{ runner.os }}-${{ hashFiles('.python-version') }}-${{ hashFiles('pyproject.toml') }}-${{ env.CACHE_SUFFIX }}
-        path: .venv
-
     - name: Compile gettext messages
       if: ${{ inputs.full == 'true' }}
       run: uv run ./manage.py compilemessages

.github/workflows/ci.yml

@@ -18,8 +18,8 @@ jobs:
     name: Launch pre-commits checks (ruff)
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - uses: actions/checkout@v6
+    - uses: actions/setup-python@v6
       with:
         python-version-file: ".python-version"
     - uses: pre-commit/action@v3.0.1
@@ -35,7 +35,7 @@ jobs:
         pytest-mark: [not slow]
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - uses: ./.github/actions/setup_project
         with:
           full: true
@@ -49,7 +49,7 @@ jobs:
           uv run coverage report
           uv run coverage html
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: coverage-report-${{ matrix.pytest-mark }}
           path: coverage_report

.github/workflows/deploy.yml

@@ -14,7 +14,7 @@ jobs:
   
     steps:
     - name: SSH Remote Commands
-      uses: appleboy/ssh-action@v1.1.0
+      uses: appleboy/ssh-action@v1.2.5
       with:
         # Proxy
         proxy_host : ${{secrets.PROXY_HOST}}
@@ -29,8 +29,6 @@ jobs:
         username : ${{secrets.USER}}
         key: ${{secrets.KEY}}
 
-        script_stop: true
-
         # See https://github.com/ae-utbm/sith/wiki/GitHub-Actions#deployment-action
         script: |
           cd ${{secrets.SITH_PATH}}

.github/workflows/deploy_docs.yml

@@ -9,10 +9,10 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: ./.github/actions/setup_project
       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
-      - uses: actions/cache@v3
+      - uses: actions/cache@v5
         with:
           key: mkdocs-material-${{ env.cache_id }}
           path: .cache

.github/workflows/taiste.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
     - name: SSH Remote Commands
-      uses: appleboy/ssh-action@v1.1.0
+      uses: appleboy/ssh-action@v1.2.5
       with:
         # Proxy
         proxy_host : ${{secrets.PROXY_HOST}}
@@ -28,8 +28,6 @@ jobs:
         username : ${{secrets.USER}}
         key: ${{secrets.KEY}}
 
-        script_stop: true
-
         # See https://github.com/ae-utbm/sith/wiki/GitHub-Actions#deployment-action
         script: |
           cd ${{secrets.SITH_PATH}}

.gitignore

@@ -24,6 +24,9 @@ node_modules/
 # compiled documentation
 site/
 
+# rollup-bundle-visualizer report
+.bundle-size-report.html
+
 ### Redis ###
 
 # Ignore redis binary dump (dump.rdb) files

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.15.0
+    rev: v0.15.5
     hooks:
       - id: ruff-check  # just check the code, and print the errors
       - id: ruff-check  # actually fix the fixable errors, but print nothing
@@ -12,7 +12,7 @@ repos:
     rev: v0.6.1
     hooks:
       - id: biome-check
-        additional_dependencies: ["@biomejs/biome@2.3.14"]
+        additional_dependencies: ["@biomejs/biome@2.4.6"]
   - repo: https://github.com/rtts/djhtml
     rev: 3.0.10
     hooks:

biome.json

@@ -7,7 +7,7 @@
   },
   "files": {
     "ignoreUnknown": false,
-    "includes": ["**/static/**"]
+    "includes": ["**/static/**", "vite.config.mts"]
   },
   "formatter": {
     "enabled": true,

club/admin.py

@@ -13,8 +13,10 @@
 #
 #
 from django.contrib import admin
+from django.forms.models import ModelForm
+from django.http import HttpRequest
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 
 
 @admin.register(Club)
@@ -29,6 +31,31 @@ class ClubAdmin(admin.ModelAdmin):
         "page",
     )
 
+    def save_model(
+        self,
+        request: HttpRequest,
+        obj: Club,
+        form: ModelForm,
+        change: bool,  # noqa: FBT001
+    ):
+        super().save_model(request, obj, form, change)
+        if not change:
+            obj.create_default_roles()
+
+
+@admin.register(ClubRole)
+class ClubRoleAdmin(admin.ModelAdmin):
+    list_display = ("name", "club", "is_board", "is_presidency")
+    search_fields = ("name",)
+    autocomplete_fields = ("club",)
+    list_select_related = ("club",)
+    list_filter = (
+        "is_board",
+        "is_presidency",
+        ("club", admin.RelatedOnlyFieldListFilter),
+    )
+    show_facets = admin.ModelAdmin.show_facets.ALWAYS
+
 
 @admin.register(Membership)
 class MembershipAdmin(admin.ModelAdmin):

club/api.py

@@ -6,9 +6,15 @@ from ninja_extra.pagination import PageNumberPaginationExtra
 from ninja_extra.schemas import PaginatedResponseSchema
 
 from api.auth import ApiKeyAuth
-from api.permissions import CanAccessLookup, HasPerm
+from api.permissions import CanView, HasPerm
 from club.models import Club, Membership
-from club.schemas import ClubSchema, ClubSearchFilterSchema, SimpleClubSchema
+from club.schemas import (
+    ClubSchema,
+    ClubSearchFilterSchema,
+    SimpleClubSchema,
+    UserMembershipSchema,
+)
+from core.models import User
 
 
 @api_controller("/club")
@@ -16,13 +22,11 @@ class ClubController(ControllerBase):
     @route.get(
         "/search",
         response=PaginatedResponseSchema[SimpleClubSchema],
-        auth=[ApiKeyAuth(), SessionAuth()],
-        permissions=[CanAccessLookup],
         url_name="search_club",
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
     def search_club(self, filters: Query[ClubSearchFilterSchema]):
-        return filters.filter(Club.objects.all())
+        return filters.filter(Club.objects.order_by("name")).values()
 
     @route.get(
         "/{int:club_id}",
@@ -33,8 +37,28 @@ class ClubController(ControllerBase):
     )
     def fetch_club(self, club_id: int):
         prefetch = Prefetch(
-            "members", queryset=Membership.objects.ongoing().select_related("user")
+            "members",
+            queryset=Membership.objects.ongoing().select_related("user", "role"),
         )
         return self.get_object_or_exception(
             Club.objects.prefetch_related(prefetch), id=club_id
         )
+
+
+@api_controller("/user/{int:user_id}/club")
+class UserClubController(ControllerBase):
+    @route.get(
+        "",
+        response=list[UserMembershipSchema],
+        auth=[ApiKeyAuth(), SessionAuth()],
+        permissions=[CanView],
+        url_name="fetch_user_clubs",
+    )
+    def fetch_user_clubs(self, user_id: int):
+        """Get all the active memberships of the given user."""
+        user = self.get_object_or_exception(User, id=user_id)
+        return (
+            Membership.objects.ongoing()
+            .filter(user=user)
+            .select_related("club", "user", "role")
+        )

club/forms.py

@@ -23,13 +23,12 @@
 #
 
 from django import forms
-from django.conf import settings
-from django.db.models import Exists, OuterRef, Q
+from django.db.models import Exists, OuterRef, Q, QuerySet
 from django.db.models.functions import Lower
 from django.utils.functional import cached_property
 from django.utils.translation import gettext_lazy as _
 
-from club.models import Club, Mailing, MailingSubscription, Membership
+from club.models import Club, ClubRole, Mailing, MailingSubscription, Membership
 from core.models import User
 from core.views.forms import SelectDateTime
 from core.views.widgets.ajax_select import (
@@ -215,9 +214,7 @@ class ClubOldMemberForm(forms.Form):
 
     def __init__(self, *args, user: User, club: Club, **kwargs):
         super().__init__(*args, **kwargs)
-        self.fields["members_old"].queryset = (
-            Membership.objects.ongoing().filter(club=club).editable_by(user)
-        )
+        self.fields["members_old"].queryset = club.members.ongoing().editable_by(user)
 
 
 class ClubMemberForm(forms.ModelForm):
@@ -235,19 +232,14 @@ class ClubMemberForm(forms.ModelForm):
         self.request_user = request_user
         self.request_user_membership = self.club.get_membership_for(self.request_user)
         super().__init__(*args, **kwargs)
-        self.fields["role"].required = True
-        self.fields["role"].choices = [
-            (value, name)
-            for value, name in settings.SITH_CLUB_ROLES.items()
-            if value <= self.max_available_role
-        ]
+        self.fields["role"].queryset = self.available_roles
         self.instance.club = club
 
     @property
-    def max_available_role(self):
-        """The greatest role that will be obtainable with this form."""
+    def available_roles(self) -> QuerySet[ClubRole]:
+        """The roles that will be obtainable with this form."""
         # this is unreachable, because it will be overridden by subclasses
-        return -1  # pragma: no cover
+        return ClubRole.objects.none()  # pragma: no cover
 
 
 class ClubAddMemberForm(ClubMemberForm):
@@ -258,21 +250,22 @@ class ClubAddMemberForm(ClubMemberForm):
         widgets = {"user": AutoCompleteSelectUser}
 
     @cached_property
-    def max_available_role(self):
-        """The greatest role that will be obtainable with this form.
+    def available_roles(self):
+        """The roles that will be obtainable with this form.
 
         Admins and the club president can attribute any role.
         Board members can attribute roles lower than their own.
         Other users cannot attribute roles with this form
         """
+        qs = self.club.roles.filter(is_active=True)
         if self.request_user.has_perm("club.add_membership"):
-            return settings.SITH_CLUB_ROLES_ID["President"]
+            return qs.all()
         membership = self.request_user_membership
-        if membership is None or membership.role <= settings.SITH_MAXIMUM_FREE_ROLE:
-            return -1
-        if membership.role == settings.SITH_CLUB_ROLES_ID["President"]:
-            return membership.role
-        return membership.role - 1
+        if membership is None or not membership.role.is_board:
+            return ClubRole.objects.none()
+        if membership.role.is_presidency:
+            return qs.all()
+        return qs.above_instance(membership.role)
 
     def clean_user(self):
         """Check that the user is not trying to add a user already in the club.
@@ -296,13 +289,11 @@ class JoinClubForm(ClubMemberForm):
 
     def __init__(self, *args, club: Club, request_user: User, **kwargs):
         super().__init__(*args, club=club, request_user=request_user, **kwargs)
-        # this form doesn't manage the user who will join the club,
-        # so we must set this here to avoid errors
         self.instance.user = self.request_user
 
     @cached_property
-    def max_available_role(self):
-        return settings.SITH_MAXIMUM_FREE_ROLE
+    def available_roles(self):
+        return self.club.roles.filter(is_board=False, is_active=True)
 
     def clean(self):
         """Check that the user is subscribed and isn't already in the club."""
@@ -315,3 +306,88 @@ class JoinClubForm(ClubMemberForm):
                 _("You are already a member of this club"), code="invalid"
             )
         return super().clean()
+
+
+class ClubSearchForm(forms.ModelForm):
+    class Meta:
+        model = Club
+        fields = ["name"]
+        widgets = {"name": forms.SearchInput(attrs={"autocomplete": "off"})}
+
+    club_status = forms.NullBooleanField(
+        label=_("Club status"),
+        widget=forms.RadioSelect(
+            choices=[(True, _("Active")), (False, _("Inactive")), ("", _("All clubs"))],
+        ),
+        initial=True,
+    )
+
+    def __init__(self, *args, data: dict | None = None, **kwargs):
+        super().__init__(*args, data=data, **kwargs)
+        if data is not None and "club_status" not in data:
+            # if the key is missing, it is considered as None,
+            # even though we want the default True value to be applied in such a case
+            # so we enforce it.
+            self.fields["club_status"].value = True
+        self.fields["name"].required = False
+
+
+class ClubRoleForm(forms.ModelForm):
+    error_css_class = "error"
+    required_css_class = "required"
+
+    class Meta:
+        model = ClubRole
+        fields = ["name", "description", "is_presidency", "is_board", "is_active"]
+        widgets = {
+            "is_presidency": forms.HiddenInput(),
+            "is_board": forms.HiddenInput(),
+            "is_active": forms.CheckboxInput(attrs={"class": "switch"}),
+        }
+
+    def clean(self):
+        cleaned_data = super().clean()
+        if "ORDER" in cleaned_data:
+            self.instance.order = cleaned_data["ORDER"] - 1
+        return cleaned_data
+
+
+class ClubRoleCreateForm(forms.ModelForm):
+    """Form to create a club role.
+
+    Notes:
+        For UX purposes, users are not meant to fill `is_presidency`
+        and `is_board`, so those values are required by the form constructor
+        in order to initialize the instance properly.
+    """
+
+    error_css_class = "error"
+    required_css_class = "required"
+
+    class Meta:
+        model = ClubRole
+        fields = ["name", "description"]
+
+    def __init__(
+        self, *args, club: Club, is_presidency: bool, is_board: bool, **kwargs
+    ):
+        super().__init__(*args, **kwargs)
+        self.instance.club = club
+        self.instance.is_presidency = is_presidency
+        self.instance.is_board = is_board
+
+
+class ClubRoleBaseFormSet(forms.BaseInlineFormSet):
+    ordering_widget = forms.HiddenInput()
+
+
+ClubRoleFormSet = forms.inlineformset_factory(
+    Club,
+    ClubRole,
+    ClubRoleForm,
+    ClubRoleBaseFormSet,
+    can_delete=False,
+    can_order=True,
+    edit_only=True,
+    extra=0,
+)

club/migrations/0012_club_board_group_club_members_group.py

@@ -2,12 +2,15 @@
 
 import django.db.models.deletion
 import django.db.models.functions.datetime
-from django.conf import settings
 from django.db import migrations, models
 from django.db.migrations.state import StateApps
 from django.db.models import Q
 from django.utils.timezone import localdate
 
+# Before the club role rework, the maximum free role
+# was the hardcoded highest non-board role
+MAXIMUM_FREE_ROLE = 1
+
 
 def migrate_meta_groups(apps: StateApps, schema_editor):
     """Attach the existing meta groups to the clubs.
@@ -46,10 +49,7 @@ def migrate_meta_groups(apps: StateApps, schema_editor):
         ).select_related("user")
         club.members_group.users.set([m.user for m in memberships])
         club.board_group.users.set(
-            [
-                m.user
-                for m in memberships.filter(role__gt=settings.SITH_MAXIMUM_FREE_ROLE)
-            ]
+            [m.user for m in memberships.filter(role__gt=MAXIMUM_FREE_ROLE)]
         )
 
 

club/migrations/0015_clubrole_alter_membership_role.py

@@ -0,0 +1,161 @@
+# Generated by Django 5.2.3 on 2025-06-21 21:59
+
+import django.db.models.deletion
+from django.db import migrations, models
+from django.db.migrations.state import StateApps
+from django.db.models import Case, When
+
+PRESIDENCY_ROLES = [10, 9]
+MAXIMUM_FREE_ROLE = 1
+SITH_CLUB_ROLES = {
+    10: "Président⸱e",
+    9: "Vice-Président⸱e",
+    7: "Trésorier⸱e",
+    5: "Responsable communication",
+    4: "Secrétaire",
+    3: "Responsable info",
+    2: "Membre du bureau",
+    1: "Membre actif⸱ve",
+    0: "Curieux⸱euse",
+}
+
+
+def migrate_roles(apps: StateApps, schema_editor):
+    ClubRole = apps.get_model("club", "ClubRole")
+    Membership = apps.get_model("club", "Membership")
+
+    updates = []
+    for club_id, role in Membership.objects.values_list("club", "role").distinct():
+        new_role = ClubRole.objects.create(
+            name=SITH_CLUB_ROLES[role],
+            is_board=role > MAXIMUM_FREE_ROLE,
+            is_presidency=role in PRESIDENCY_ROLES,
+            club_id=club_id,
+            order=max(SITH_CLUB_ROLES) - role,
+        )
+        updates.append(When(role=role, then=new_role.id))
+    # all updates must happen at the same time
+    # otherwise, the 10 first created ClubRole would be
+    # re-modified after their initial creation, and it would
+    # result in an incoherent state.
+    # To avoid that, all updates are wrapped in a single giant Case(When) statement
+    # cf. https://docs.djangoproject.com/fr/stable/ref/models/conditional-expressions/#conditional-update
+    Membership.objects.update(role=Case(*updates))
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("club", "0014_alter_club_options_rename_unix_name_club_slug_name_and_more"),
+        ("core", "0047_alter_notification_date_alter_notification_type"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="club",
+            name="page",
+            field=models.OneToOneField(
+                blank=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="club",
+                to="core.page",
+            ),
+        ),
+        migrations.CreateModel(
+            name="ClubRole",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "order",
+                    models.PositiveIntegerField(
+                        db_index=True, editable=False, verbose_name="order"
+                    ),
+                ),
+                (
+                    "club",
+                    models.ForeignKey(
+                        help_text="The club with which this role is associated",
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="roles",
+                        to="club.club",
+                        verbose_name="club",
+                    ),
+                ),
+                ("name", models.CharField(max_length=50, verbose_name="name")),
+                (
+                    "description",
+                    models.TextField(
+                        default="", blank=True, verbose_name="description"
+                    ),
+                ),
+                (
+                    "is_board",
+                    models.BooleanField(default=False, verbose_name="Board role"),
+                ),
+                (
+                    "is_presidency",
+                    models.BooleanField(default=False, verbose_name="Presidency role"),
+                ),
+                (
+                    "is_active",
+                    models.BooleanField(
+                        default=True,
+                        help_text=(
+                            "If the role is inactive, people joining the club "
+                            "won't be able to get it."
+                        ),
+                        verbose_name="is active",
+                    ),
+                ),
+            ],
+            options={
+                "ordering": ("order",),
+                "verbose_name": "club role",
+                "verbose_name_plural": "club roles",
+            },
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="board_group",
+            field=models.OneToOneField(
+                editable=False,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="club_board",
+                to="core.group",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="members_group",
+            field=models.OneToOneField(
+                editable=False,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="club",
+                to="core.group",
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="clubrole",
+            constraint=models.CheckConstraint(
+                condition=models.Q(
+                    ("is_presidency", False), ("is_board", True), _connector="OR"
+                ),
+                name="clubrole_presidency_implies_board",
+                violation_error_message=(
+                    "A role cannot be in the presidency while not being in the board"
+                ),
+            ),
+        ),
+        migrations.RunPython(migrate_roles, migrations.RunPython.noop),
+        # because Postgres migrations run in a single transaction,
+        # we cannot change the actual values of Membership.role
+        # and apply the FOREIGN KEY constraint in the same migration.
+        # The constraint is created in the next migration
+    ]

club/migrations/0016_clubrole_alter_membership_role.py

@@ -0,0 +1,25 @@
+# Generated by Django 5.2.3 on 2025-09-27 09:57
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("club", "0015_clubrole_alter_membership_role")]
+
+    operations = [
+        # because Postgres migrations run in a single transaction,
+        # we cannot change the actual values of Membership.role
+        # and apply the FOREIGN KEY constraint in the same migration.
+        # The data migration was made in the previous migration.
+        migrations.AlterField(
+            model_name="membership",
+            name="role",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="members",
+                to="club.clubrole",
+                verbose_name="role",
+            ),
+        ),
+    ]

club/models.py

@@ -28,15 +28,15 @@ from typing import Iterable, Self
 from django.conf import settings
 from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.core.validators import RegexValidator, validate_email
-from django.db import models, transaction
-from django.db.models import Exists, F, OuterRef, Q, Value
-from django.db.models.functions import Greatest
+from django.db import ProgrammingError, models, transaction
+from django.db.models import Exists, F, OuterRef, Q
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.functional import cached_property
 from django.utils.text import slugify
 from django.utils.timezone import localdate
 from django.utils.translation import gettext_lazy as _
+from ordered_model.models import OrderedModel
 
 from core.fields import ResizedImageField
 from core.models import Group, Notification, Page, SithFile, User
@@ -89,13 +89,13 @@ class Club(models.Model):
         on_delete=models.SET_NULL,
     )
     page = models.OneToOneField(
-        Page, related_name="club", blank=True, on_delete=models.CASCADE
+        Page, related_name="club", blank=True, on_delete=models.PROTECT
     )
     members_group = models.OneToOneField(
-        Group, related_name="club", on_delete=models.PROTECT
+        Group, related_name="club", on_delete=models.PROTECT, editable=False
     )
     board_group = models.OneToOneField(
-        Group, related_name="club_board", on_delete=models.PROTECT
+        Group, related_name="club_board", on_delete=models.PROTECT, editable=False
     )
 
     objects = ClubQuerySet.as_manager()
@@ -138,9 +138,7 @@ class Club(models.Model):
     @cached_property
     def president(self) -> Membership | None:
         """Fetch the membership of the current president of this club."""
-        return self.members.filter(
-            role=settings.SITH_CLUB_ROLES_ID["President"], end_date=None
-        ).first()
+        return self.members.filter(end_date=None).order_by("role__order").first()
 
     def check_loop(self):
         """Raise a validation error when a loop is found within the parent list."""
@@ -185,6 +183,40 @@ class Club(models.Model):
             self.page.parent = self.parent.page
         self.page.save(force_lock=True)
 
+    def create_default_roles(self):
+        """Create some roles that should exist by default for this club.
+
+        The created roles are : president, treasurer, active member and curious.
+
+        Warnings:
+            When calling this method, no club must exist yet for this club.
+        """
+        if self.roles.exists():
+            raise ProgrammingError(
+                "Default roles can be created only for clubs "
+                "that don't have associated roles yet"
+            )
+        # The names are written in French, because there is no gettext involved
+        # for strings stored in database, and the majority of users are french.
+        roles = [
+            ClubRole(name="Président⸱e", is_board=True, is_presidency=True),
+            ClubRole(name="Trésorier⸱e", is_board=True, is_presidency=False),
+            ClubRole(name="Membre actif⸱ve", is_board=False, is_presidency=False),
+            ClubRole(
+                name="Curieux⸱euse",
+                description=(
+                    "Les gens qui suivent l'activité "
+                    "du club sans forcément y participer"
+                ),
+                is_board=False,
+                is_presidency=False,
+            ),
+        ]
+        for i, role in enumerate(roles):
+            role.club = self
+            role.order = i
+        ClubRole.objects.bulk_create(roles)
+
     def delete(self, *args, **kwargs) -> tuple[int, dict[str, int]]:
         self.board_group.delete()
         self.members_group.delete()
@@ -206,9 +238,20 @@ class Club(models.Model):
         """Method to see if that object can be edited by the given user."""
         return self.has_rights_in_club(user)
 
+    def can_roles_be_edited_by(self, user: User) -> bool:
+        """Return True if the given user can edit the roles of this club"""
+        return user.is_authenticated and (
+            user.has_perm("club.change_clubrole")
+            or self.members.ongoing()
+            .filter(user=user, role__is_presidency=True)
+            .exists()
+        )
+
     @cached_property
     def current_members(self) -> list[Membership]:
-        return list(self.members.ongoing().select_related("user").order_by("-role"))
+        return list(
+            self.members.ongoing().select_related("user", "role").order_by("-role")
+        )
 
     def get_membership_for(self, user: User) -> Membership | None:
         """Return the current membership of the given user."""
@@ -220,6 +263,95 @@ class Club(models.Model):
         return user.is_in_group(pk=self.board_group_id)
 
 
+class ClubRole(OrderedModel):
+    club = models.ForeignKey(
+        Club,
+        verbose_name=_("club"),
+        help_text=_("The club with which this role is associated"),
+        related_name="roles",
+        on_delete=models.CASCADE,
+    )
+    name = models.CharField(_("name"), max_length=50)
+    description = models.TextField(_("description"), blank=True, default="")
+    is_board = models.BooleanField(_("Board role"), default=False)
+    is_presidency = models.BooleanField(_("Presidency role"), default=False)
+    is_active = models.BooleanField(
+        _("is active"),
+        default=True,
+        help_text=_(
+            "If the role is inactive, people joining the club won't be able to get it."
+        ),
+    )
+
+    order_with_respect_to = "club"
+
+    class Meta(OrderedModel.Meta):
+        verbose_name = _("club role")
+        verbose_name_plural = _("club roles")
+        constraints = [
+            # presidency IMPLIES board <=> NOT presidency OR board
+            # cf. MT1 :)
+            models.CheckConstraint(
+                condition=Q(is_presidency=False) | Q(is_board=True),
+                name="clubrole_presidency_implies_board",
+                violation_error_message=_(
+                    "A role cannot be in the presidency while not being in the board"
+                ),
+            )
+        ]
+
+    def __str__(self):
+        return self.name
+
+    def get_display_name(self):
+        return f"{self.name} - {self.club.name}"
+
+    def clean(self):
+        errors = []
+        roles = list(self.club.roles.all())
+        if (
+            self.is_board
+            and self.order
+            and any(r.order < self.order and not r.is_board for r in roles)
+        ):
+            errors.append(
+                ValidationError(
+                    _("Role %(role)s cannot be placed below a member role")
+                    % {"role": self.name}
+                )
+            )
+        if (
+            self.is_presidency
+            and self.order
+            and any(r.order < self.order and not r.is_presidency for r in roles)
+        ):
+            errors.append(
+                ValidationError(
+                    _("Role %(role)s cannot be placed below a non-presidency role")
+                    % {"role": self.name}
+                )
+            )
+        if errors:
+            raise ValidationError(errors)
+        return super().clean()
+
+    def save(self, *args, **kwargs):
+        auto_order = self.order is None and self.is_board
+        if not auto_order:
+            super().save(*args, **kwargs)
+            return
+        # get the role that should be placed after the role we are dealing with.
+        # So, if this is role is presidency, get the first board role ;
+        # if it is a board role, get the first member role ;
+        # and if it is a member role, get nothing (OrderedModel.save will
+        # automatically put it in the last position anyway)
+        filters = {"is_board": self.is_presidency, "is_presidency": False}
+        next_role = self.club.roles.filter(**filters).order_by("order").first()
+        super().save(*args, **kwargs)
+        if next_role:
+            self.above(next_role)
+
+
 class MembershipQuerySet(models.QuerySet):
     def ongoing(self) -> Self:
         """Filter all memberships which are not finished yet."""
@@ -232,9 +364,10 @@ class MembershipQuerySet(models.QuerySet):
         are included, even if there are no more members.
 
         If you want to get the users who are currently in the board,
-        mind combining this with the `ongoing` queryset method
+        mind combining this with the [MembershipQuerySet.ongoing][]
+        queryset method
         """
-        return self.filter(role__gt=settings.SITH_MAXIMUM_FREE_ROLE)
+        return self.filter(role__is_board=True)
 
     def editable_by(self, user: User) -> Self:
         """Filter Memberships that this user can edit.
@@ -257,21 +390,16 @@ class MembershipQuerySet(models.QuerySet):
         """
         if user.has_perm("club.change_membership"):
             return self.all()
-        return self.filter(
+        return self.ongoing().filter(
             Q(user=user)
             | Exists(
-                Membership.objects.filter(
-                    Q(
-                        role__gt=Greatest(
-                            OuterRef("role"), Value(settings.SITH_MAXIMUM_FREE_ROLE)
-                        )
-                    ),
+                Membership.objects.ongoing().filter(
                     user=user,
-                    end_date=None,
                     club=OuterRef("club"),
+                    role__is_board=True,
+                    role__order__lt=OuterRef("role__order"),
                 )
-            ),
-            end_date=None,
+            )
         )
 
     def update(self, **kwargs) -> int:
@@ -341,10 +469,11 @@ class Membership(models.Model):
     )
     start_date = models.DateField(_("start date"), default=timezone.now)
     end_date = models.DateField(_("end date"), null=True, blank=True)
-    role = models.IntegerField(
-        _("role"),
-        choices=sorted(settings.SITH_CLUB_ROLES.items()),
-        default=sorted(settings.SITH_CLUB_ROLES.items())[0][0],
+    role = models.ForeignKey(
+        ClubRole,
+        verbose_name=_("role"),
+        related_name="members",
+        on_delete=models.PROTECT,
     )
     description = models.CharField(
         _("description"), max_length=128, null=False, blank=True
@@ -362,7 +491,7 @@ class Membership(models.Model):
     def __str__(self):
         return (
             f"{self.club.name} - {self.user.username} "
-            f"- {settings.SITH_CLUB_ROLES[self.role]} "
+            f"- {self.role.name} "
             f"- {str(_('past member')) if self.end_date is not None else ''}"
         )
 
@@ -391,7 +520,11 @@ class Membership(models.Model):
         if user.is_root or user.is_board_member:
             return True
         membership = self.club.get_membership_for(user)
-        return membership is not None and membership.role >= self.role
+        if not membership:
+            return False
+        return membership.user_id == user.id or (
+            membership.is_board and membership.role.order < self.role.order
+        )
 
     def delete(self, *args, **kwargs):
         self._remove_club_groups([self])
@@ -467,7 +600,7 @@ class Membership(models.Model):
                     group_id=membership.club.members_group_id,
                 )
             )
-            if membership.role > settings.SITH_MAXIMUM_FREE_ROLE:
+            if membership.role.is_board:
                 club_groups.append(
                     User.groups.through(
                         user_id=membership.user_id,

club/schemas.py

@@ -3,7 +3,7 @@ from typing import Annotated
 from django.db.models import Q
 from ninja import FilterLookup, FilterSchema, ModelSchema
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from core.schemas import NonEmptyStr, SimpleUserSchema
 
 
@@ -30,7 +30,7 @@ class ClubProfileSchema(ModelSchema):
 
     class Meta:
         model = Club
-        fields = ["id", "name", "logo"]
+        fields = ["id", "name", "logo", "is_active", "short_description"]
 
     url: str
 
@@ -39,12 +39,21 @@ class ClubProfileSchema(ModelSchema):
         return obj.get_absolute_url()
 
 
+class ClubRoleSchema(ModelSchema):
+    class Meta:
+        model = ClubRole
+        fields = ["id", "name", "is_presidency", "is_board"]
+
+
 class ClubMemberSchema(ModelSchema):
+    """A schema to represent all memberships in a club."""
+
     class Meta:
         model = Membership
-        fields = ["start_date", "end_date", "role", "description"]
+        fields = ["start_date", "end_date", "description"]
 
     user: SimpleUserSchema
+    role: ClubRoleSchema
 
 
 class ClubSchema(ModelSchema):
@@ -53,3 +62,14 @@ class ClubSchema(ModelSchema):
         fields = ["id", "name", "logo", "is_active", "short_description", "address"]
 
     members: list[ClubMemberSchema]
+
+
+class UserMembershipSchema(ModelSchema):
+    """A schema to represent the active club memberships of a user."""
+
+    class Meta:
+        model = Membership
+        fields = ["id", "start_date", "description"]
+
+    club: SimpleClubSchema
+    role: ClubRoleSchema

club/static/bundled/club/role-list-index.ts

@@ -0,0 +1,61 @@
+import type { AlpineComponent } from "alpinejs";
+
+interface RoleGroupData {
+  isBoard: boolean;
+  isPresidency: boolean;
+  roleId: number;
+}
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("clubRoleList", (config: { userRoleId: number | null }) => ({
+    confirmOnSubmit: false,
+
+    /**
+     * Edit relevant item data after it has been moved by x-sort
+     */
+    reorder(item: AlpineComponent<RoleGroupData>, conf: RoleGroupData) {
+      item.isBoard = conf.isBoard;
+      item.isPresidency = conf.isPresidency;
+      // if the user has moved its own role outside the presidency,
+      // submitting the form will require a confirmation
+      this.confirmOnSubmit = config.userRoleId === item.roleId && !item.isPresidency;
+      this.resetOrder();
+    },
+    /**
+     * Reset the value of the ORDER input of all items in the list.
+     * This is to be called after any reordering operation, in order to make sure
+     * that the order that will be saved is coherent with what is displayed.
+     */
+    resetOrder() {
+      // When moving items with x-sort, the only information we truly have is
+      // the end position in the target group, not the previous position nor
+      // the position in the global list.
+      // To overcome this, we loop through an enumeration of all inputs
+      // that are in the form `roles-X-ORDER` and sequentially set the value of the field.
+      const inputs = document.querySelectorAll<HTMLInputElement>(
+        "input[name^='roles'][name$='ORDER']",
+      );
+      for (const [i, elem] of inputs.entries()) {
+        elem.value = (i + 1).toString();
+      }
+    },
+
+    /**
+     * If the user moved its role out of the presidency, ask a confirmation
+     * before submitting the form
+     */
+    confirmSubmission(event: SubmitEvent) {
+      if (
+        this.confirmOnSubmit &&
+        !confirm(
+          gettext(
+            "You're going to remove your own role from the presidency. " +
+              "You may lock yourself out of this page. Do you want to continue ? ",
+          ),
+        )
+      ) {
+        event.preventDefault();
+      }
+    },
+  }));
+});

club/static/club/list.scss

@@ -0,0 +1,47 @@
+#club-list {
+  display: flex;
+  flex-direction: column;
+  gap: 2em;
+  padding: 2em;
+
+  .card {
+    display: block;
+    background-color: unset;
+
+    .club-image {
+      float: left;
+      margin-right: 2rem;
+      margin-bottom: .5rem;
+      width: 150px;
+      height: 150px;
+      border-radius: 10%;
+      background-color: rgba(173, 173, 173, 0.2);
+
+      @media screen and (max-width: 500px) {
+        width: 100px;
+        height: 100px;
+      }
+    }
+
+    i.club-image {
+      display: flex;
+      flex-direction: column;
+      justify-content: center;
+      color: black;
+    }
+
+    .content {
+      display: block;
+      text-align: justify;
+
+      h4 {
+        margin-top: 0;
+        margin-right: .5rem;
+      }
+
+      p {
+        font-size: 100%;
+      }
+    }
+  }
+}

club/static/club/roles.scss

@@ -0,0 +1,7 @@
+.fa-grip-vertical {
+  display: flex;
+  flex-direction: column;
+  justify-content: center;
+  cursor: pointer;
+  margin-right: .5em;
+}

club/templates/club/club_detail.jinja

@@ -26,10 +26,9 @@
     {% if club.logo %}
       <div class="club_logo"><img src="{{ club.logo.url }}" alt="{{ club.name }}"></div>
     {% endif %}
+    <h3>{{ club.name }}</h3>
     {% if page_revision %}
       {{ page_revision|markdown }}
-    {% else %}
-      <h3>{{ club.name }}</h3>
     {% endif %}
   </div>
 {% endblock %}

club/templates/club/club_list.jinja

@@ -1,52 +1,76 @@
-{% extends "core/base.jinja" %}
+{% if is_fragment %}
+  {% extends "core/base_fragment.jinja" %}
 
-{% block title -%}
-  {% trans %}Club list{% endtrans %}
-{%- endblock %}
+  {# Don't display tabs and errors #}
+  {% block tabs %}
+  {% endblock %}
+  {% block errors %}
+  {% endblock %}
+{% else %}
+  {% extends "core/base.jinja" %}
+  {% block additional_css %}
+    <link rel="stylesheet" href="{{ static("club/list.scss") }}">
+  {% endblock %}
+  {% block description -%}
+    {% trans %}The list of all clubs existing at UTBM.{% endtrans %}
+  {%- endblock %}
+  {% block title -%}
+    {% trans %}Club list{% endtrans %}
+  {%- endblock %}
+{% endif %}
 
-{% block description -%}
-  {% trans %}The list of all clubs existing at UTBM.{% endtrans %}
-{%- endblock %}
-
-{% macro display_club(club) -%}
-
-  {% if club.is_active or user.is_root %}
-
-    <li><a href="{{ url('club:club_view', club_id=club.id) }}">{{ club.name }}</a>
-
-      {% if not club.is_active %}
-        ({% trans %}inactive{% endtrans %})
-      {% endif %}
-
-      {% if club.president %} - <a href="{{ url('core:user_profile', user_id=club.president.user.id) }}">{{ club.president.user }}</a>{% endif %}
-      {% if club.short_description %}<p>{{ club.short_description|markdown }}</p>{% endif %}
-
-  {% endif %}
-
-  {%- if club.children.all()|length != 0 %}
-    <ul>
-      {%- for c in club.children.order_by('name').prefetch_related("children") %}
-        {{ display_club(c) }}
-      {%- endfor %}
-    </ul>
-  {%- endif -%}
-  </li>
-{%- endmacro %}
+{% from "core/macros.jinja" import paginate_htmx %}
 
 {% block content %}
-  {% if user.is_root %}
-    <p><a href="{{ url('club:club_new') }}">{% trans %}New club{% endtrans %}</a></p>
-  {% endif %}
-  {% if club_list %}
+  <main>
+    <h3>{% trans %}Filters{% endtrans %}</h3>
+    <form
+      id="club-list-filters"
+      hx-get="{{ url("club:club_list") }}"
+      hx-target="#content"
+      hx-swap="outerHtml"
+      hx-push-url="true"
+    >
+      <div class="row gap-4x">
+        {{ form }}
+      </div>
+      <button type="submit" class="btn btn-blue margin-bottom">
+        <i class="fa fa-magnifying-glass"></i>{% trans %}Search{% endtrans %}
+      </button>
+    </form>
     <h3>{% trans %}Club list{% endtrans %}</h3>
-    <ul>
-      {%- for club in club_list %}
-        {{ display_club(club) }}
-      {%- endfor %}
-    </ul>
-  {% else %}
-    {% trans %}There is no club in this website.{% endtrans %}
-  {% endif %}
+    {% if user.has_perm("club.add_club") %}
+      <br>
+      <a href="{{ url('club:club_new') }}" class="btn btn-blue">
+        <i class="fa fa-plus"></i> {% trans %}New club{% endtrans %}
+      </a>
+    {% endif %}
+    <section class="aria-busy-grow" id="club-list">
+      {% for club in object_list %}
+        <div class="card">
+          {% set club_url = club.get_absolute_url() %}
+          <a href="{{ club_url }}">
+            {% if club.logo %}
+              <img class="club-image" src="{{ club.logo.url }}" alt="logo {{ club.name }}">
+            {% else %}
+              <i class="fa-regular fa-image fa-4x club-image"></i>
+            {% endif %}
+          </a>
+          <div class="content">
+            <a href="{{ club_url }}">
+              <h4>
+                {{ club.name }} {% if not club.is_active %}({% trans %}inactive{% endtrans %}){% endif %}
+              </h4>
+            </a>
+            {{ club.short_description|markdown }}
+          </div>
+        </div>
+      {% endfor %}
+    </section>
+    {% if is_paginated %}
+      {{ paginate_htmx(request, page_obj, paginator) }}
+    {% endif %}
+  </main>
 {% endblock %}
 
 

club/templates/club/club_members.jinja

@@ -1,11 +1,7 @@
 {% extends "core/base.jinja" %}
 {% from 'core/macros.jinja' import user_profile_link, select_all_checkbox %}
 
-{% block additional_js %}
-  <script type="module" src="{{ static("bundled/core/components/ajax-select-index.ts") }}"></script>
-{% endblock %}
 {% block additional_css %}
-  <link rel="stylesheet" href="{{ static("bundled/core/components/ajax-select-index.css") }}">
   <link rel="stylesheet" href="{{ static("club/members.scss") }}">
 {% endblock %}
 
@@ -16,6 +12,15 @@
 
   <h2>{% trans %}Club members{% endtrans %}</h2>
 
+  {% if club.can_roles_be_edited_by(user) %}
+    <a
+      href="{{ url("club:club_roles", club_id=object.id) }}"
+      class="btn btn-blue margin-bottom"
+    >
+      <i class="fa fa-users-gear"></i> {% trans %}Manage roles{% endtrans %}
+    </a>
+  {% endif %}
+
   {% if add_member_fragment %}
     <br />
     {{ add_member_fragment }}
@@ -45,7 +50,7 @@
           {% for m in members %}
             <tr>
               <td>{{ user_profile_link(m.user) }}</td>
-              <td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
+              <td>{{ m.role.name }}</td>
               <td>{{ m.description }}</td>
               <td>{{ m.start_date }}</td>
               {%- if can_end_membership -%}

club/templates/club/club_old_members.jinja

@@ -17,7 +17,7 @@
       {% for member in old_members %}
         <tr>
           <td>{{ user_profile_link(member.user) }}</td>
-          <td>{{ settings.SITH_CLUB_ROLES[member.role] }}</td>
+          <td>{{ member.role.name }}</td>
           <td>{{ member.description }}</td>
           <td>{{ member.start_date }}</td>
           <td>{{ member.end_date }}</td>

club/templates/club/club_roles.jinja

@@ -0,0 +1,172 @@
+{% extends "core/base.jinja" %}
+
+{% block additional_js %}
+  <script type="module" src="{{ static("bundled/club/role-list-index.ts") }}" xmlns="http://www.w3.org/1999/html"></script>
+{% endblock %}
+
+{% block additional_css %}
+  <link rel="stylesheet" href="{{ static("club/roles.scss") }}">
+{% endblock %}
+
+{% macro display_subform(subform) %}
+  <div
+    class="row"
+    x-data="{
+            isPresidency: {{ subform.is_presidency.value()|lower }},
+            isBoard: {{ subform.is_board.value()|lower }},
+            roleId: {{ subform.id.value() }},
+            }"
+    x-sort:item="$data"
+  >
+    {# hidden fields #}
+    {{ subform.ORDER }}
+    {{ subform.id }}
+    {{ subform.club }}
+    {{ subform.is_presidency|add_attr("x-model=isPresidency") }}
+    {{ subform.is_board|add_attr("x-model=isBoard") }}
+    <i class="fa fa-grip-vertical" x-sort:handle></i>
+    <details class="accordion grow" {% if subform.errors %}open{% endif %}>
+      <summary>
+        {{ subform.name.value() }}
+        {% if not subform.instance.is_active -%}
+          ({% trans %}inactive{% endtrans %})
+        {%- endif %}
+      </summary>
+      <div class="accordion-content">
+        {{ subform.non_field_errors() }}
+        <div class="form-group">
+          {{ subform.name.as_field_group() }}
+        </div>
+        <div class="form-group">
+          {{ subform.description.as_field_group() }}
+        </div>
+        <div class="form-group">
+          <div>
+            {{ subform.is_active }}
+            {{ subform.is_active.label_tag() }}
+          </div>
+          <span class="helptext">
+            {{ subform.is_active.help_text }}
+          </span>
+        </div>
+      </div>
+    </details>
+  </div>
+{% endmacro %}
+
+{% block content %}
+  <p>
+    {% trans trimmed %}
+      Roles give rights on the club.
+      Higher roles grant more rights, and the members having them are displayed higher
+      in the club members list.
+    {% endtrans %}
+  </p>
+  <p>
+    {% trans trimmed %}
+      On this page, you can edit their name and description, as well as their order.
+      You can also drag roles from a category to another
+      (e.g. a board role can be made into a presidency role).
+    {% endtrans %}
+  </p>
+  <form
+    method="post"
+    x-data="clubRoleList({ userRoleId: {{ user_role or "null" }} })"
+    @submit="confirmSubmission"
+  >
+    {% csrf_token %}
+    {{ form.management_form }}
+    {{ form.non_form_errors() }}
+    <h3>{% trans %}Presidency{% endtrans %}</h3>
+    <a class="btn btn-grey margin-bottom" href="{{ url("club:new_role_president", club_id=club.id) }}">
+      <i class="fa fa-plus"></i> {% trans %}add role{% endtrans %}
+    </a>
+    <details class="clickable margin-bottom">
+      <summary>{% trans %}Help{% endtrans %}</summary>
+      {# The style we use for markdown rendering is quite nice for what we want to display,
+         so we are just gonna reuse it. #}
+      <div class="markdown">
+        <p>{% trans %}Users with a presidency role can :{% endtrans %}</p>
+        <ul>
+          <li>{% trans %}create new club roles and edit existing ones{% endtrans %}</li>
+          <li>{% trans %}manage the club counters{% endtrans %}</li>
+          <li>{% trans %}add new members with any active role and end any membership{% endtrans %}</li>
+        </ul>
+        <p>{% trans %}They also have all the rights of the club board.{% endtrans %}</p>
+      </div>
+    </details>
+    <div
+      x-sort="reorder($item, { isBoard: true, isPresidency: true })"
+      x-sort:group="roles"
+    >
+      {% for subform in form %}
+        {% if subform.is_presidency.value() %}
+          {{ display_subform(subform) }}
+        {% endif %}
+      {% endfor %}
+    </div>
+    <br>
+    <h3>{% trans %}Board{% endtrans %}</h3>
+    <a class="btn btn-grey margin-bottom" href="{{ url("club:new_role_board", club_id=club.id) }}">
+      <i class="fa fa-plus"></i> {% trans %}add role{% endtrans %}
+    </a>
+    <details class="clickable margin-bottom">
+      <summary>{% trans %}Help{% endtrans %}</summary>
+      <div class="markdown">
+        <p>
+          {% trans trimmed %}
+            Board members can do most administrative actions in the club, including :
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>{% trans %}manage the club posters{% endtrans %}</li>
+          <li>{% trans %}create news for the club{% endtrans %}</li>
+          <li>{% trans %}click users on the club's counters{% endtrans %}</li>
+          <li>
+            {% trans trimmed %}
+              add new members and end active memberships
+              for roles that are lower than their own.
+            {% endtrans %}
+          </li>
+        </ul>
+      </div>
+    </details>
+    <div
+      x-sort="reorder($item, { isBoard: true, isPresidency: false })"
+      x-sort:group="roles"
+    >
+      {% for subform in form %}
+        {% if subform.is_board.value() and not subform.is_presidency.value() %}
+          {{ display_subform(subform) }}
+        {% endif %}
+      {% endfor %}
+    </div>
+    <br>
+    <h3>{% trans %}Members{% endtrans %}</h3>
+    <a class="btn btn-grey margin-bottom" href="{{ url("club:new_role_member", club_id=club.id) }}">
+      <i class="fa fa-plus"></i> {% trans %}add role{% endtrans %}
+    </a>
+    <details class="clickable margin-bottom">
+      <summary>{% trans %}Help{% endtrans %}</summary>
+      <div class="markdown">
+        <p>{% trans %}Simple members cannot perform administrative actions.{% endtrans %}</p>
+      </div>
+    </details>
+    <div
+      x-sort="reorder($item, { isBoard: false, isPresidency: false })"
+      x-sort:group="roles"
+    >
+      {% for subform in form %}
+        {% if not subform.is_board.value() %}
+          {{ display_subform(subform) }}
+        {% endif %}
+      {% endfor %}
+    </div>
+    <br>
+    <p>
+      <button type="submit" class="btn btn-blue">
+        <i class="fa fa-check"></i>{% trans %}Save{% endtrans %}
+      </button>
+    </p>
+  </form>
+{% endblock content %}

club/templates/club/club_tools.jinja

@@ -1,12 +1,7 @@
 {% extends "core/base.jinja" %}
-{% from "reservation/macros.jinja" import room_detail %}
-
-{% block additional_css %}
-  <link rel="stylesheet" href="{{ static("core/components/card.scss") }}">
-{% endblock %}
 
 {% block content %}
-  <h3>{% trans %}Club tools{% endtrans %} ({{ club.name }})</h3>
+  <h3>{% trans %}Club tools{% endtrans %}</h3>
   <div>
     <h4>{% trans %}Communication:{% endtrans %}</h4>
     <ul>
@@ -20,44 +15,22 @@
           {% trans %}Post in the Weekmail{% endtrans %}
         </a>
       </li>
+      {% if object.can_roles_be_edited_by(user) %}
+        <li><a href="{{ url("club:club_roles", club_id=object.id) }}"></a></li>
+      {% endif %}
       {% if object.trombi %}
-        <li>
-          <a href="{{ url('trombi:detail', trombi_id=object.trombi.id) }}">
-            {% trans %}Edit Trombi{% endtrans %}</a>
-        </li>
+        <li> <a href="{{ url('trombi:detail', trombi_id=object.trombi.id) }}">{% trans %}Edit Trombi{% endtrans %}</a></li>
       {% else %}
-        <li><a href="{{ url('trombi:create', club_id=object.id) }}">{% trans %}New Trombi{% endtrans %}</a></li>
-        <li><a href="{{ url('club:poster_list', club_id=object.id) }}">{% trans %}Posters{% endtrans %}</a></li>
+        <li> <a href="{{ url('trombi:create', club_id=object.id) }}">{% trans %}New Trombi{% endtrans %}</a></li>
+        <li> <a href="{{ url('club:poster_list', club_id=object.id) }}">{% trans %}Posters{% endtrans %}</a></li>
       {% endif %}
     </ul>
-    <h4>{% trans %}Reservable rooms{% endtrans %}</h4>
-    <a
-      href="{{ url("reservation:room_create") }}?club={{ object.id }}"
-      class="btn btn-blue"
-    >
-      {% trans %}Add a room{% endtrans %}
-    </a>
-    {%- if reservable_rooms|length > 0 -%}
-      <ul class="card-group">
-        {%- for room in reservable_rooms -%}
-          {{ room_detail(
-          room,
-          can_edit=user.can_edit(room),
-          can_delete=request.user.has_perm("reservation.delete_room")
-          ) }}
-        {%- endfor -%}
-      </ul>
-    {%- else -%}
-      <p>
-        {% trans %}This club manages no reservable room{% endtrans %}
-      </p>
-    {%- endif -%}
     <h4>{% trans %}Counters:{% endtrans %}</h4>
     <ul>
-      {% for counter in counters %}
-        <li>{{ counter }}:
-          <a href="{{ url('counter:details', counter_id=counter.id) }}">View</a>
-          <a href="{{ url('counter:admin', counter_id=counter.id) }}">Edit</a>
+      {% for c in object.counters.filter(type="OFFICE") %}
+        <li>{{ c }}:
+          <a href="{{ url('counter:details', counter_id=c.id) }}">View</a>
+          <a href="{{ url('counter:admin', counter_id=c.id) }}">Edit</a>
         </li>
       {% endfor %}
     </ul>

club/tests/base.py

@@ -8,7 +8,7 @@ from django.utils.timezone import now
 from model_bakery import baker
 from model_bakery.recipe import Recipe
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from core.baker_recipes import old_subscriber_user, subscriber_user
 from core.models import User
 
@@ -43,6 +43,11 @@ class TestClub(TestCase):
 
         cls.ae = Club.objects.get(pk=settings.SITH_MAIN_CLUB_ID)
         cls.club = baker.make(Club)
+        cls.president_role = baker.make(
+            ClubRole, club=cls.club, is_board=True, is_presidency=True, order=0
+        )
+        cls.board_role = baker.make(ClubRole, club=cls.club, is_board=True, order=1)
+        cls.member_role = baker.make(ClubRole, club=cls.club, order=2)
         cls.new_members_url = reverse(
             "club:club_new_members", kwargs={"club_id": cls.club.id}
         )
@@ -51,12 +56,17 @@ class TestClub(TestCase):
         yesterday = now() - timedelta(days=1)
         membership_recipe = Recipe(Membership, club=cls.club)
         membership_recipe.make(
-            user=cls.simple_board_member, start_date=a_month_ago, role=3
+            user=cls.simple_board_member, start_date=a_month_ago, role=cls.board_role
+        )
+        membership_recipe.make(user=cls.richard, role=cls.member_role)
+        membership_recipe.make(
+            user=cls.president, start_date=a_month_ago, role=cls.president_role
         )
-        membership_recipe.make(user=cls.richard, role=1)
-        membership_recipe.make(user=cls.president, start_date=a_month_ago, role=10)
         membership_recipe.make(  # sli was a member but isn't anymore
-            user=cls.sli, start_date=a_month_ago, end_date=yesterday, role=2
+            user=cls.sli,
+            start_date=a_month_ago,
+            end_date=yesterday,
+            role=cls.board_role,
         )
 
     def setUp(self):

club/tests/test_club.py

@@ -1,12 +1,18 @@
 from datetime import timedelta
 
 import pytest
+from django.conf import settings
+from django.db import ProgrammingError
+from django.test import Client
+from django.urls import reverse
 from django.utils.timezone import localdate
 from model_bakery import baker
 from model_bakery.recipe import Recipe
+from pytest_django.asserts import assertRedirects
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from core.baker_recipes import subscriber_user
+from core.models import User
 
 
 @pytest.mark.django_db
@@ -16,12 +22,106 @@ def test_club_queryset_having_board_member():
     membership_recipe = Recipe(
         Membership, user=user, start_date=localdate() - timedelta(days=3)
     )
-    membership_recipe.make(club=clubs[0], role=1)
-    membership_recipe.make(club=clubs[1], role=3)
-    membership_recipe.make(club=clubs[2], role=7)
     membership_recipe.make(
-        club=clubs[3], role=3, end_date=localdate() - timedelta(days=1)
+        club=clubs[0], role=baker.make(ClubRole, club=clubs[0], is_board=False)
+    )
+    membership_recipe.make(
+        club=clubs[1], role=baker.make(ClubRole, club=clubs[1], is_board=True)
+    )
+    membership_recipe.make(
+        club=clubs[2], role=baker.make(ClubRole, club=clubs[2], is_board=True)
+    )
+    membership_recipe.make(
+        club=clubs[3],
+        role=baker.make(ClubRole, club=clubs[3], is_board=True),
+        end_date=localdate() - timedelta(days=1),
     )
 
     club_ids = Club.objects.having_board_member(user).values_list("id", flat=True)
     assert set(club_ids) == {clubs[1].id, clubs[2].id}
+
+
+@pytest.mark.parametrize("nb_additional_clubs", [10, 30])
+@pytest.mark.parametrize("is_fragment", [True, False])
+@pytest.mark.django_db
+def test_club_list(client: Client, nb_additional_clubs: int, is_fragment):
+    client.force_login(baker.make(User))
+    baker.make(Club, _quantity=nb_additional_clubs)
+    headers = {"HX-Request": True} if is_fragment else {}
+    res = client.get(reverse("club:club_list"), headers=headers)
+    assert res.status_code == 200
+
+
+def assert_club_created(club_name: str):
+    club = Club.objects.last()
+    assert club.name == club_name
+    assert club.board_group.name == f"{club_name} - Bureau"
+    assert club.members_group.name == f"{club_name} - Membres"
+    # default roles should be added on club creation,
+    # whether the creation happens on the admin site or on the user site
+    assert list(club.roles.values("name", "is_presidency", "is_board")) == [
+        {"name": "Président⸱e", "is_presidency": True, "is_board": True},
+        {"name": "Trésorier⸱e", "is_presidency": False, "is_board": True},
+        {"name": "Membre actif⸱ve", "is_presidency": False, "is_board": False},
+        {"name": "Curieux⸱euse", "is_presidency": False, "is_board": False},
+    ]
+
+
+@pytest.mark.django_db
+def test_create_view(admin_client: Client):
+    """Test that the club creation view works well"""
+    res = admin_client.get(reverse("club:club_new"))
+    assert res.status_code == 200
+    res = admin_client.post(
+        reverse("club:club_new"),
+        data={"name": "foo", "parent": settings.SITH_MAIN_CLUB_ID},
+    )
+    club = Club.objects.last()
+    assertRedirects(res, club.get_absolute_url())
+    assert_club_created("foo")
+
+
+@pytest.mark.django_db
+def test_default_roles_for_club_with_roles_fails():
+    """Test that an Error is raised if trying to create
+    default roles for a club that already has roles.
+    """
+    club = baker.make(Club)
+    baker.make(ClubRole, club=club)
+    with pytest.raises(ProgrammingError):
+        club.create_default_roles()
+
+
+@pytest.mark.django_db
+class TestAdminInterface:
+    def test_create(self, admin_client: Client):
+        """Test the creation of a club via the admin interface."""
+        res = admin_client.post(
+            reverse("admin:club_club_add"),
+            data={
+                "name": "foo",
+                "parent": settings.SITH_MAIN_CLUB_ID,
+                "address": "Rome",
+            },
+        )
+        assertRedirects(res, reverse("admin:club_club_changelist"))
+        assert_club_created("foo")
+
+    def test_change(self, admin_client: Client):
+        """Test the edition of a club via the admin interface."""
+        club = baker.make(Club)
+        res = admin_client.post(
+            reverse("admin:club_club_change", kwargs={"object_id": club.id}),
+            data={
+                "name": "foo",
+                "page": club.page_id,
+                "home": club.home_id,
+                "address": club.address,
+            },
+        )
+        assertRedirects(res, reverse("admin:club_club_changelist"))
+        club.refresh_from_db()
+        assert club.name == "foo"
+        # Club roles shouldn't be modified when editing the club on the admin interface
+        # This club had no roles beforehand, therefore it shouldn't have roles now.
+        assert not club.roles.exists()

club/tests/test_club_controller.py

@@ -1,6 +1,7 @@
 from datetime import date, timedelta
 
 import pytest
+from django.conf import settings
 from django.contrib.auth.models import Permission
 from django.test import Client, TestCase
 from django.urls import reverse
@@ -8,7 +9,7 @@ from model_bakery import baker
 from model_bakery.recipe import Recipe
 from pytest_django.asserts import assertNumQueries
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from core.baker_recipes import subscriber_user
 from core.models import Group, Page, User
 
@@ -26,8 +27,10 @@ class TestClubSearch(TestCase):
                 "id", flat=True
             )
         )
-        Page.objects.exclude(club=None).delete()
+        Membership.objects.all().delete()
+        ClubRole.objects.all().delete()
         Club.objects.all().delete()
+        Page.objects.exclude(name=settings.SITH_CLUB_ROOT_PAGE).delete()
         Group.objects.filter(id__in=groups).delete()
 
         cls.clubs = baker.make(

club/tests/test_clubrole.py

@@ -0,0 +1,253 @@
+from collections.abc import Callable
+
+import pytest
+from django.contrib.auth.models import Permission
+from django.test import Client, TestCase
+from django.urls import reverse
+from model_bakery import baker, seq
+from model_bakery.recipe import Recipe
+from pytest_django.asserts import assertRedirects
+
+from club.forms import ClubRoleFormSet
+from club.models import Club, ClubRole, Membership
+from core.baker_recipes import subscriber_user
+from core.models import AnonymousUser, User
+
+
+def make_club():
+    # unittest-style tests cannot use fixture, so we create a function
+    # that will be callable either by a pytest fixture or inside
+    # a TestCase.setUpTestData method.
+    club = baker.make(Club)
+    recipe = Recipe(ClubRole, club=club, name=seq("role "))
+    recipe.make(
+        is_board=iter([True, True, False]),
+        is_presidency=iter([True, False, False]),
+        order=iter([0, 1, 2]),
+        _quantity=3,
+        _bulk_create=True,
+    )
+    return club
+
+
+@pytest.fixture
+def club(db):
+    """A club with a presidency role, a board role and a member role"""
+    return make_club()
+
+
+@pytest.mark.django_db
+def test_order_auto(club):
+    """Test that newly created roles are put in the right place."""
+    roles = list(club.roles.all())
+    # create new roles one by one (like they will be in prod)
+    # each new role should be placed at the end of its category
+    recipe = Recipe(ClubRole, club=club, name=seq("new role "))
+    role_a = recipe.make(is_board=True, is_presidency=True, order=None)
+    role_b = recipe.make(is_board=True, is_presidency=False, order=None)
+    role_c = recipe.make(is_board=False, is_presidency=False, order=None)
+    assert list(club.roles.order_by("order")) == [
+        roles[0],
+        role_a,
+        roles[1],
+        role_b,
+        roles[2],
+        role_c,
+    ]
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    ("user_factory", "is_allowed"),
+    [
+        (
+            lambda club: baker.make(
+                User,
+                user_permissions=[Permission.objects.get(codename="change_clubrole")],
+            ),
+            True,
+        ),
+        (  # user with presidency roles can edit the club roles
+            lambda club: subscriber_user.make(
+                memberships=[
+                    baker.make(
+                        Membership,
+                        club=club,
+                        role=club.roles.filter(is_presidency=True).first(),
+                    )
+                ]
+            ),
+            True,
+        ),
+        (  # user in the board but not in the presidency cannot edit roles
+            lambda club: subscriber_user.make(
+                memberships=[
+                    baker.make(
+                        Membership,
+                        club=club,
+                        role=club.roles.filter(
+                            is_presidency=False, is_board=True
+                        ).first(),
+                    )
+                ]
+            ),
+            False,
+        ),
+        (lambda _: AnonymousUser(), False),
+    ],
+)
+def test_can_roles_be_edited_by(
+    club: Club, user_factory: Callable[[Club], User], is_allowed
+):
+    """Test that `Club.can_roles_be_edited_by` return the right value"""
+    user = user_factory(club)
+    assert club.can_roles_be_edited_by(user) == is_allowed
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    ["route", "is_presidency", "is_board"],
+    [
+        ("club:new_role_president", True, True),
+        ("club:new_role_board", False, True),
+        ("club:new_role_member", False, False),
+    ],
+)
+def test_create_role_view(client: Client, route: str, is_presidency, is_board):
+    """Test that the role creation views work."""
+    club = baker.make(Club)
+    role = baker.make(ClubRole, club=club, is_presidency=True, is_board=True)
+    user = subscriber_user.make()
+    baker.make(Membership, club=club, role=role, user=user, end_date=None)
+    url = reverse(route, kwargs={"club_id": club.id})
+    client.force_login(user)
+
+    res = client.get(url)
+    assert res.status_code == 200
+
+    res = client.post(url, data={"name": "foo"})
+    assertRedirects(res, reverse("club:club_roles", kwargs={"club_id": club.id}))
+    new_role = club.roles.last()
+    assert new_role.name == "foo"
+    assert new_role.is_presidency == is_presidency
+    assert new_role.is_board == is_board
+
+
+class TestClubRoleUpdate(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.club = make_club()
+        cls.roles = list(cls.club.roles.all())
+        cls.user = subscriber_user.make()
+        baker.make(
+            Membership, club=cls.club, role=cls.roles[0], user=cls.user, end_date=None
+        )
+        cls.url = reverse("club:club_roles", kwargs={"club_id": cls.club.id})
+        cls.redirect_url = reverse("club:club_members", kwargs={"club_id": cls.club.id})
+
+    def setUp(self):
+        self.payload = {
+            "roles-TOTAL_FORMS": 3,
+            "roles-INITIAL_FORMS": 3,
+            "roles-MIN_NUM_FORMS": 0,
+            "roles-MAX_NUM_FORMS": 1000,
+            "roles-0-ORDER": 1,
+            "roles-0-id": self.roles[0].id,
+            "roles-0-club": self.club.id,
+            "roles-0-is_presidency": True,
+            "roles-0-is_board": True,
+            "roles-0-name": self.roles[0].name,
+            "roles-0-description": self.roles[0].description,
+            "roles-0-is_active": True,
+            "roles-1-ORDER": 2,
+            "roles-1-id": self.roles[1].id,
+            "roles-1-club": self.club.id,
+            "roles-1-is_presidency": False,
+            "roles-1-is_board": True,
+            "roles-1-name": self.roles[1].name,
+            "roles-1-description": self.roles[1].description,
+            "roles-1-is_active": True,
+            "roles-2-ORDER": 3,
+            "roles-2-id": self.roles[2].id,
+            "roles-2-club": self.club.id,
+            "roles-2-is_presidency": False,
+            "roles-2-is_board": False,
+            "roles-2-name": self.roles[2].name,
+            "roles-2-description": self.roles[2].description,
+            "roles-2-is_active": True,
+        }
+
+    def test_view_ok(self):
+        """Basic test to check that the view works."""
+        self.client.force_login(self.user)
+        res = self.client.get(self.url)
+        assert res.status_code == 200
+        self.payload["roles-2-name"] = "foo"
+        res = self.client.post(self.url, data=self.payload)
+        assertRedirects(res, self.redirect_url)
+        self.roles[2].refresh_from_db()
+        assert self.roles[2].name == "foo"
+
+    def test_incoherent_order(self):
+        """Test that placing a member role over a board role fails."""
+        self.payload["roles-0-ORDER"] = 4
+        formset = ClubRoleFormSet(data=self.payload, instance=self.club)
+        assert not formset.is_valid()
+        assert formset.errors == [
+            {
+                "__all__": [
+                    f"Le rôle {self.roles[0].name} ne peut pas "
+                    "être placé en-dessous d'un rôle de membre.",
+                    f"Le rôle {self.roles[0].name} ne peut pas être placé "
+                    "en-dessous d'un rôle qui n'est pas de la présidence.",
+                ]
+            },
+            {},
+            {},
+        ]
+
+    def test_change_order_ok(self):
+        """Test that changing order the intended way works"""
+        self.payload["roles-1-ORDER"] = 3
+        self.payload["roles-1-is_board"] = False
+        self.payload["roles-2-ORDER"] = 2
+        formset = ClubRoleFormSet(data=self.payload, instance=self.club)
+        assert formset.is_valid()
+        formset.save()
+        assert list(self.club.roles.order_by("order")) == [
+            self.roles[0],
+            self.roles[2],
+            self.roles[1],
+        ]
+        self.roles[1].refresh_from_db()
+        assert not self.roles[1].is_board
+
+    def test_non_board_presidency_is_forbidden(self):
+        """Test that a role cannot be in the presidency without being in the board."""
+        self.payload["roles-0-is_board"] = False
+        formset = ClubRoleFormSet(data=self.payload, instance=self.club)
+        assert not formset.is_valid()
+        assert formset.errors == [
+            {
+                "__all__": [
+                    "Un rôle ne peut pas appartenir à la présidence sans être dans le bureau",
+                ]
+            },
+            {},
+            {},
+        ]
+
+    def test_president_moves_itself_out_of_the_presidency(self):
+        """Test that if the user moves its own role out of the presidency,
+        then it's redirected to another page and loses access to the update page."""
+        self.payload["roles-0-is_presidency"] = False
+        self.client.force_login(self.user)
+        res = self.client.post(self.url, data=self.payload)
+        assertRedirects(res, self.redirect_url)
+        # When the user clicked that button, it still had the right to update roles,
+        # so the modification should be applied
+        self.roles[0].refresh_from_db()
+        assert self.roles[0].is_presidency is False
+
+        res = self.client.get(self.url)
+        assert res.status_code == 403

club/tests/test_edit.py

@@ -4,7 +4,7 @@ from django.urls import reverse
 from model_bakery import baker
 from pytest_django.asserts import assertRedirects
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from core.baker_recipes import subscriber_user
 
 
@@ -12,7 +12,12 @@ from core.baker_recipes import subscriber_user
 def test_club_board_member_cannot_edit_club_properties(client: Client):
     user = subscriber_user.make()
     club = baker.make(Club, name="old name", is_active=True, address="old address")
-    baker.make(Membership, club=club, user=user, role=7)
+    baker.make(
+        Membership,
+        club=club,
+        user=user,
+        role=baker.make(ClubRole, club=club, is_board=True),
+    )
     client.force_login(user)
     res = client.post(
         reverse("club:club_edit", kwargs={"club_id": club.id}),
@@ -32,7 +37,12 @@ def test_edit_club_page_doesnt_crash(client: Client):
     """crash test for club:club_edit"""
     club = baker.make(Club)
     user = subscriber_user.make()
-    baker.make(Membership, club=club, user=user, role=3)
+    baker.make(
+        Membership,
+        club=club,
+        user=user,
+        role=baker.make(ClubRole, club=club, is_board=True),
+    )
     client.force_login(user)
     res = client.get(reverse("club:club_edit", kwargs={"club_id": club.id}))
     assert res.status_code == 200

club/tests/test_mailing.py

@@ -3,9 +3,10 @@ from django.test import TestCase
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.translation import gettext as _
+from model_bakery import baker
 
 from club.forms import MailingForm
-from club.models import Club, Mailing, Membership
+from club.models import Club, ClubRole, Mailing, Membership
 from core.models import User
 
 
@@ -25,7 +26,7 @@ class TestMailingForm(TestCase):
             user=cls.rbatsbak,
             club=cls.club,
             start_date=timezone.now(),
-            role=settings.SITH_CLUB_ROLES_ID["Board member"],
+            role=baker.make(ClubRole, club=cls.club, is_board=True),
         ).save()
 
     def test_mailing_list_add_no_moderation(self):

club/tests/test_membership.py

@@ -1,20 +1,20 @@
+import itertools
 from collections.abc import Callable
 from datetime import timedelta
 
 import pytest
 from bs4 import BeautifulSoup
-from django.conf import settings
 from django.contrib.auth.models import Permission
 from django.core.cache import cache
 from django.db.models import Max
 from django.test import Client, TestCase
 from django.urls import reverse
 from django.utils.timezone import localdate, localtime, now
-from model_bakery import baker
+from model_bakery import baker, seq
 from pytest_django.asserts import assertRedirects
 
 from club.forms import ClubAddMemberForm, JoinClubForm
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from club.tests.base import TestClub
 from core.baker_recipes import subscriber_user
 from core.models import AnonymousUser, User
@@ -75,17 +75,22 @@ class TestMembershipQuerySet(TestClub):
     def test_update_change_club_groups(self):
         """Test that `update` set the user groups accordingly."""
         user = baker.make(User)
-        membership = baker.make(Membership, end_date=None, user=user, role=5)
+        board_role, member_role = baker.make(
+            ClubRole, is_board=iter([True, False]), _quantity=2, _bulk_create=True
+        )
+        membership = baker.make(
+            Membership, end_date=None, user=user, role=board_role, club=board_role.club
+        )
         members_group = membership.club.members_group
         board_group = membership.club.board_group
         assert user.groups.contains(members_group)
         assert user.groups.contains(board_group)
 
-        user.memberships.update(role=1)  # from board to simple member
+        user.memberships.update(role=member_role)  # from board to simple member
         assert user.groups.contains(members_group)
         assert not user.groups.contains(board_group)
 
-        user.memberships.update(role=5)  # from member to board
+        user.memberships.update(role=board_role)  # from member to board
         assert user.groups.contains(members_group)
         assert user.groups.contains(board_group)
 
@@ -96,7 +101,17 @@ class TestMembershipQuerySet(TestClub):
     def test_delete_remove_from_groups(self):
         """Test that `delete` removes from club groups"""
         user = baker.make(User)
-        memberships = baker.make(Membership, role=iter([1, 5]), user=user, _quantity=2)
+        club = baker.make(Club)
+        roles = baker.make(
+            ClubRole,
+            is_board=iter([False, True]),
+            club=club,
+            _quantity=2,
+            _bulk_create=True,
+        )
+        memberships = baker.make(
+            Membership, club=club, role=iter(roles), user=user, _quantity=2
+        )
         club_groups = {
             memberships[0].club.members_group,
             memberships[1].club.members_group,
@@ -112,13 +127,20 @@ class TestMembershipEditableBy(TestCase):
     def setUpTestData(cls):
         Membership.objects.all().delete()
         cls.club_a, cls.club_b = baker.make(Club, _quantity=2)
+        roles = baker.make(
+            ClubRole,
+            is_presidency=itertools.cycle([True, False, False, False]),
+            is_board=itertools.cycle([True, True, True, False]),
+            order=itertools.cycle(range(4)),
+            club=iter(
+                [*itertools.repeat(cls.club_a, 4), *itertools.repeat(cls.club_b, 4)]
+            ),
+            _quantity=8,
+            _bulk_create=True,
+        )
         cls.memberships = [
-            *baker.make(
-                Membership, role=iter([7, 3, 3, 1]), club=cls.club_a, _quantity=4
-            ),
-            *baker.make(
-                Membership, role=iter([7, 3, 3, 1]), club=cls.club_b, _quantity=4
-            ),
+            *baker.make(Membership, role=iter(roles[:4]), club=cls.club_a, _quantity=4),
+            *baker.make(Membership, role=iter(roles[4:]), club=cls.club_b, _quantity=4),
         ]
 
     def test_admin_user(self):
@@ -140,7 +162,7 @@ class TestMembershipEditableBy(TestCase):
 
 
 class TestMembership(TestClub):
-    def assert_membership_started_today(self, user: User, role: int):
+    def assert_membership_started_today(self, user: User, role: ClubRole):
         """Assert that the given membership is active and started today."""
         membership = user.memberships.ongoing().filter(club=self.club).first()
         assert membership is not None
@@ -189,21 +211,27 @@ class TestMembership(TestClub):
             "Marquer comme ancien",
         ]
         rows = table.find("tbody").find_all("tr")
-        memberships = self.club.members.ongoing().order_by("-role")
-        for row, membership in zip(
-            rows, memberships.select_related("user"), strict=False
-        ):
+        memberships = (
+            self.club.members.ongoing()
+            .order_by("role__order")
+            .select_related("user", "role")
+        )
+        user_role = ClubRole.objects.get(members__user=self.simple_board_member)
+        for row, membership in zip(rows, memberships, strict=False):
             user = membership.user
             user_url = reverse("core:user_profile", args=[user.id])
             cols = row.find_all("td")
             user_link = cols[0].find("a")
             assert user_link.attrs["href"] == user_url
             assert user_link.text == user.get_display_name()
-            assert cols[1].text == settings.SITH_CLUB_ROLES[membership.role]
+            assert cols[1].text == membership.role.name
             assert cols[2].text == membership.description
             assert cols[3].text == str(membership.start_date)
 
-            if membership.role < 3 or membership.user_id == self.simple_board_member.id:
+            if (
+                membership.role.order > user_role.order
+                or membership.user_id == self.simple_board_member.id
+            ):
                 # 3 is the role of simple_board_member
                 form_input = cols[4].find("input")
                 expected_attrs = {
@@ -219,14 +247,15 @@ class TestMembership(TestClub):
         """Test that root users can add members to clubs"""
         self.client.force_login(self.root)
         response = self.client.post(
-            self.new_members_url, {"user": self.subscriber.id, "role": 3}
+            self.new_members_url,
+            {"user": self.subscriber.id, "role": self.board_role.id},
         )
         assert response.status_code == 200
         assert response.headers.get("HX-Redirect", "") == reverse(
             "club:club_members", kwargs={"club_id": self.club.id}
         )
         self.subscriber.refresh_from_db()
-        self.assert_membership_started_today(self.subscriber, role=3)
+        self.assert_membership_started_today(self.subscriber, role=self.board_role)
 
     def test_add_unauthorized_members(self):
         """Test that users who are not currently subscribed
@@ -234,7 +263,7 @@ class TestMembership(TestClub):
         """
         for user in self.public, self.old_subscriber:
             form = ClubAddMemberForm(
-                data={"user": user.id, "role": 1},
+                data={"user": user.id, "role": self.member_role},
                 request_user=self.root,
                 club=self.club,
             )
@@ -255,7 +284,7 @@ class TestMembership(TestClub):
         nb_memberships = self.simple_board_member.memberships.count()
         self.client.post(
             self.members_url,
-            {"users": self.simple_board_member.id, "role": current_membership.role + 1},
+            {"users": self.simple_board_member.id, "role": self.member_role},
         )
         self.simple_board_member.refresh_from_db()
         assert nb_memberships == self.simple_board_member.memberships.count()
@@ -274,7 +303,7 @@ class TestMembership(TestClub):
         max_id = User.objects.aggregate(id=Max("id"))["id"]
         for members in [max_id + 1], [max_id + 1, self.subscriber.id]:
             form = ClubAddMemberForm(
-                data={"user": members, "role": 1},
+                data={"user": members, "role": self.member_role},
                 request_user=self.root,
                 club=self.club,
             )
@@ -290,12 +319,13 @@ class TestMembership(TestClub):
 
     def test_president_add_members(self):
         """Test that the president of the club can add members."""
-        president = self.club.members.get(role=10).user
+        president = self.club.members.get(role=self.president_role).user
         nb_club_membership = self.club.members.count()
         nb_subscriber_memberships = self.subscriber.memberships.count()
         self.client.force_login(president)
         response = self.client.post(
-            self.new_members_url, {"user": self.subscriber.id, "role": 9}
+            self.new_members_url,
+            {"user": self.subscriber.id, "role": self.president_role.id},
         )
         assert response.status_code == 200
         assert response.headers.get("HX-Redirect", "") == reverse(
@@ -305,14 +335,17 @@ class TestMembership(TestClub):
         self.subscriber.refresh_from_db()
         assert self.club.members.count() == nb_club_membership + 1
         assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
-        self.assert_membership_started_today(self.subscriber, role=9)
+        self.assert_membership_started_today(self.subscriber, role=self.president_role)
 
     def test_add_member_greater_role(self):
         """Test that a member of the club member cannot create
         a membership with a greater role than its own.
         """
+        user_role = self.simple_board_member.memberships.first().role
+        other_role = baker.make(ClubRole, club=user_role.club, is_board=True)
+        other_role.above(user_role)
         form = ClubAddMemberForm(
-            data={"user": self.subscriber.id, "role": 10},
+            data={"user": self.subscriber.id, "role": other_role.id},
             request_user=self.simple_board_member,
             club=self.club,
         )
@@ -320,7 +353,10 @@ class TestMembership(TestClub):
 
         assert not form.is_valid()
         assert form.errors == {
-            "role": ["Sélectionnez un choix valide. 10 n\u2019en fait pas partie."]
+            "role": [
+                "Sélectionnez un choix valide. "
+                "Ce choix ne fait pas partie de ceux disponibles."
+            ]
         }
         self.club.refresh_from_db()
         assert nb_memberships == self.club.members.count()
@@ -336,8 +372,9 @@ class TestMembership(TestClub):
         assert form.errors == {"role": ["Ce champ est obligatoire."]}
 
     def test_add_member_already_there(self):
+        role = ClubRole.objects.get(members__user=self.simple_board_member)
         form = ClubAddMemberForm(
-            data={"user": self.simple_board_member, "role": 3},
+            data={"user": self.simple_board_member, "role": role.id},
             request_user=self.root,
             club=self.club,
         )
@@ -348,22 +385,27 @@ class TestMembership(TestClub):
 
     def test_add_other_member_forbidden(self):
         non_member = subscriber_user.make()
-        simple_member = baker.make(Membership, club=self.club, role=1).user
+        simple_member = baker.make(
+            Membership, club=self.club, role=self.member_role
+        ).user
         for user in non_member, simple_member:
             form = ClubAddMemberForm(
-                data={"user": subscriber_user.make(), "role": 1},
+                data={"user": subscriber_user.make(), "role": self.member_role.id},
                 request_user=user,
                 club=self.club,
             )
             assert not form.is_valid()
             assert form.errors == {
-                "role": ["Sélectionnez un choix valide. 1 n\u2019en fait pas partie."]
+                "role": [
+                    "Sélectionnez un choix valide. "
+                    "Ce choix ne fait pas partie de ceux disponibles."
+                ]
             }
 
     def test_simple_members_dont_see_form_anymore(self):
         """Test that simple club members don't see the form to add members"""
         user = subscriber_user.make()
-        baker.make(Membership, club=self.club, user=user, role=1)
+        baker.make(Membership, club=self.club, user=user, role=self.member_role)
         self.client.force_login(user)
         res = self.client.get(self.members_url)
         assert res.status_code == 200
@@ -382,9 +424,10 @@ class TestMembership(TestClub):
         """Test that board members of the club can end memberships
         of users with lower roles.
         """
-        # reminder : simple_board_member has role 3
         self.client.force_login(self.simple_board_member)
-        membership = baker.make(Membership, club=self.club, role=2, end_date=None)
+        role = baker.make(ClubRole, club=self.club, is_board=True)
+        role.below(self.board_role)
+        membership = baker.make(Membership, club=self.club, role=role)
         response = self.client.post(self.members_url, {"members_old": [membership.id]})
         self.assertRedirects(response, self.members_url)
         self.club.refresh_from_db()
@@ -394,7 +437,9 @@ class TestMembership(TestClub):
         """Test that board members of the club cannot end memberships
         of users with higher roles.
         """
-        membership = self.president.memberships.filter(club=self.club).first()
+        membership = self.president.memberships.filter(
+            club=self.club, end_date=None
+        ).first()
         self.client.force_login(self.simple_board_member)
         self.client.post(self.members_url, {"members_old": [membership.id]})
         self.club.refresh_from_db()
@@ -436,7 +481,9 @@ class TestMembership(TestClub):
     def test_remove_from_club_group(self):
         """Test that when a membership ends, the user is removed from club groups."""
         user = baker.make(User)
-        baker.make(Membership, user=user, club=self.club, end_date=None, role=3)
+        baker.make(
+            Membership, user=user, club=self.club, end_date=None, role=self.board_role
+        )
         assert user.groups.contains(self.club.members_group)
         assert user.groups.contains(self.club.board_group)
         user.memberships.update(end_date=localdate())
@@ -447,18 +494,20 @@ class TestMembership(TestClub):
         """Test that when a membership begins, the user is added to the club group."""
         assert not self.subscriber.groups.contains(self.club.members_group)
         assert not self.subscriber.groups.contains(self.club.board_group)
-        baker.make(Membership, club=self.club, user=self.subscriber, role=3)
+        baker.make(
+            Membership, club=self.club, user=self.subscriber, role=self.board_role
+        )
         assert self.subscriber.groups.contains(self.club.members_group)
         assert self.subscriber.groups.contains(self.club.board_group)
 
     def test_change_position_in_club(self):
         """Test that when moving from board to members, club group change"""
         membership = baker.make(
-            Membership, club=self.club, user=self.subscriber, role=3
+            Membership, club=self.club, user=self.subscriber, role=self.board_role
         )
         assert self.subscriber.groups.contains(self.club.members_group)
         assert self.subscriber.groups.contains(self.club.board_group)
-        membership.role = 1
+        membership.role = self.member_role
         membership.save()
         assert self.subscriber.groups.contains(self.club.members_group)
         assert not self.subscriber.groups.contains(self.club.board_group)
@@ -471,7 +520,11 @@ class TestMembership(TestClub):
 
         # make sli a board member
         self.sli.memberships.all().delete()
-        Membership(club=self.ae, user=self.sli, role=3).save()
+        Membership(
+            club=self.ae,
+            user=self.sli,
+            role=baker.make(ClubRole, club=self.ae, is_board=True),
+        ).save()
         assert self.club.is_owned_by(self.sli)
 
     def test_change_club_name(self):
@@ -497,7 +550,7 @@ class TestMembership(TestClub):
 
 @pytest.mark.django_db
 def test_membership_set_old(client: Client):
-    membership = baker.make(Membership, end_date=None, user=(subscriber_user.make()))
+    membership = baker.make(Membership, end_date=None, user=subscriber_user.make())
     client.force_login(membership.user)
     response = client.post(
         reverse("club:membership_set_old", kwargs={"membership_id": membership.id})
@@ -524,6 +577,50 @@ def test_membership_delete(client: Client):
     assert not Membership.objects.filter(id=membership.id).exists()
 
 
+@pytest.mark.django_db
+class TestAddMemberForm(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.club = baker.make(Club)
+        cls.roles = baker.make(
+            ClubRole,
+            club=cls.club,
+            is_board=iter([True, True, True, True, False, False]),
+            is_presidency=iter([True, True, False, False, False, False]),
+            order=seq(0),
+            _quantity=6,
+            _bulk_create=True,
+        )
+        cls.roles[-1].is_active = False
+        cls.roles[-1].save()
+
+    def test_admin(self):
+        """Test that admin users can give any active role."""
+        user = baker.make(
+            User, user_permissions=[Permission.objects.get(codename="add_membership")]
+        )
+        form = ClubAddMemberForm(request_user=user, club=self.club)
+        assert list(form.fields["role"].queryset) == self.roles[:-1]
+
+    def test_president(self):
+        """Test that someone with a presidency role can give any active role."""
+        user = baker.make(Membership, club=self.club, role=self.roles[0]).user
+        form = ClubAddMemberForm(request_user=user, club=self.club)
+        assert list(form.fields["role"].queryset) == self.roles[:-1]
+
+    def test_board_member(self):
+        """Test that someone with a board role can give lower active role."""
+        user = baker.make(Membership, club=self.club, role=self.roles[2]).user
+        form = ClubAddMemberForm(request_user=user, club=self.club)
+        assert list(form.fields["role"].queryset) == self.roles[3:-1]
+
+    def test_simple_member(self):
+        """Test that someone with a non-board role cannot give roles."""
+        user = baker.make(Membership, club=self.club, role=self.roles[4]).user
+        form = ClubAddMemberForm(request_user=user, club=self.club)
+        assert list(form.fields["role"].queryset) == []
+
+
 @pytest.mark.django_db
 class TestJoinClub:
     @pytest.fixture(autouse=True)
@@ -531,55 +628,64 @@ class TestJoinClub:
         cache.clear()
 
     @pytest.mark.parametrize(
-        ("user_factory", "role", "errors"),
+        ("user_factory", "board_role", "errors"),
         [
             (
                 subscriber_user.make,
-                2,
+                True,
                 {
                     "role": [
-                        "Sélectionnez un choix valide. 2 n\u2019en fait pas partie."
+                        "Sélectionnez un choix valide. "
+                        "Ce choix ne fait pas partie de ceux disponibles."
                     ]
                 },
             ),
             (
                 lambda: baker.make(User),
-                1,
+                False,
                 {"__all__": ["Vous devez être cotisant pour faire partie d'un club"]},
             ),
         ],
     )
     def test_join_club_errors(
-        self, user_factory: Callable[[], User], role: int, errors: dict
+        self, user_factory: Callable[[], User], board_role, errors: dict
     ):
         club = baker.make(Club)
         user = user_factory()
-        form = JoinClubForm(club=club, request_user=user, data={"role": role})
+        role = baker.make(ClubRole, club=club, is_board=board_role)
+        form = JoinClubForm(club=club, request_user=user, data={"role": role.id})
         assert not form.is_valid()
         assert form.errors == errors
 
     def test_user_already_in_club(self):
-        club = baker.make(Club)
         user = subscriber_user.make()
-        baker.make(Membership, user=user, club=club)
-        form = JoinClubForm(club=club, request_user=user, data={"role": 1})
+        role = baker.make(ClubRole, is_board=False)
+        baker.make(Membership, user=user, club=role.club)
+        form = JoinClubForm(club=role.club, request_user=user, data={"role": role.id})
         assert not form.is_valid()
         assert form.errors == {"__all__": ["Vous êtes déjà membre de ce club."]}
 
     def test_ok(self):
-        club = baker.make(Club)
         user = subscriber_user.make()
-        form = JoinClubForm(club=club, request_user=user, data={"role": 1})
+        role = baker.make(ClubRole, is_board=False)
+        form = JoinClubForm(club=role.club, request_user=user, data={"role": role.id})
         assert form.is_valid()
         form.save()
-        assert Membership.objects.ongoing().filter(user=user, club=club).exists()
+        assert Membership.objects.ongoing().filter(user=user, club=role.club).exists()
 
 
 class TestOldMembersView(TestCase):
     @classmethod
     def setUpTestData(cls):
         club = baker.make(Club)
-        roles = [1, 1, 1, 2, 2, 4, 4, 5, 7, 9, 10]
+        roles = baker.make(
+            ClubRole,
+            club=club,
+            is_board=itertools.cycle([True, True, False]),
+            order=seq(0),
+            _quantity=10,
+            _bulk_create=True,
+        )
         cls.memberships = baker.make(
             Membership,
             role=iter(roles),
@@ -604,3 +710,11 @@ class TestOldMembersView(TestCase):
         self.client.force_login(baker.make(User))
         res = self.client.get(self.url)
         assert res.status_code == 403
+
+    def test_context_data(self):
+        # mark a membership as not ended, to make sure it is excluded from the result
+        self.memberships[0].end_date = None
+        self.memberships[0].save()
+        self.client.force_login(subscriber_user.make())
+        res = self.client.get(self.url)
+        assert list(res.context_data.get("old_members")) == self.memberships[1:]

club/tests/test_page.py

@@ -5,7 +5,7 @@ from django.urls import reverse
 from model_bakery import baker
 from pytest_django.asserts import assertHTMLEqual, assertRedirects
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from core.baker_recipes import subscriber_user
 from core.markdown import markdown
 from core.models import PageRev, User
@@ -59,7 +59,12 @@ def test_page_revision(client: Client):
 def test_edit_page(client: Client):
     club = baker.make(Club)
     user = subscriber_user.make()
-    baker.make(Membership, user=user, club=club, role=3)
+    baker.make(
+        Membership,
+        user=user,
+        club=club,
+        role=baker.make(ClubRole, club=club, is_board=True),
+    )
     client.force_login(user)
     url = reverse("club:club_edit_page", kwargs={"club_id": club.id})
     content = "# foo\nLorem ipsum dolor sit amet"

club/tests/test_user_club_controller.py

@@ -0,0 +1,53 @@
+from datetime import timedelta
+
+from django.test import TestCase
+from django.urls import reverse
+from django.utils.timezone import localdate
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+
+from club.models import Club, ClubRole, Membership
+from club.schemas import UserMembershipSchema
+from core.baker_recipes import subscriber_user
+from core.models import Page
+
+
+class TestFetchClub(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = subscriber_user.make()
+        pages = baker.make(Page, _quantity=3, _bulk_create=True)
+        clubs = baker.make(Club, page=iter(pages), _quantity=3, _bulk_create=True)
+        recipe = Recipe(
+            Membership,
+            user=cls.user,
+            start_date=localdate() - timedelta(days=2),
+            role=baker.make(ClubRole),
+        )
+        cls.members = Membership.objects.bulk_create(
+            [
+                recipe.prepare(club=clubs[0]),
+                recipe.prepare(club=clubs[1], end_date=localdate() - timedelta(days=1)),
+                recipe.prepare(club=clubs[1]),
+            ]
+        )
+
+    def test_fetch_memberships(self):
+        self.client.force_login(subscriber_user.make())
+        res = self.client.get(
+            reverse("api:fetch_user_clubs", kwargs={"user_id": self.user.id})
+        )
+        assert res.status_code == 200
+        assert [UserMembershipSchema.model_validate(m) for m in res.json()] == [
+            UserMembershipSchema.from_orm(m) for m in (self.members[0], self.members[2])
+        ]
+
+    def test_fetch_club_nb_queries(self):
+        self.client.force_login(subscriber_user.make())
+        with self.assertNumQueries(6):
+            # - 5 queries for authentication
+            # - 1 query for the actual data
+            res = self.client.get(
+                reverse("api:fetch_user_clubs", kwargs={"user_id": self.user.id})
+            )
+            assert res.status_code == 200

club/urls.py

@@ -35,6 +35,10 @@ from club.views import (
     ClubPageEditView,
     ClubPageHistView,
     ClubRevView,
+    ClubRoleBoardCreateView,
+    ClubRoleMemberCreateView,
+    ClubRolePresidencyCreateView,
+    ClubRoleUpdateView,
     ClubSellingCSVView,
     ClubSellingView,
     ClubToolsView,
@@ -71,6 +75,22 @@ urlpatterns = [
         ClubOldMembersView.as_view(),
         name="club_old_members",
     ),
+    path("<int:club_id>/role/", ClubRoleUpdateView.as_view(), name="club_roles"),
+    path(
+        "<int:club_id>/role/new/president/",
+        ClubRolePresidencyCreateView.as_view(),
+        name="new_role_president",
+    ),
+    path(
+        "<int:club_id>/role/new/board/",
+        ClubRoleBoardCreateView.as_view(),
+        name="new_role_board",
+    ),
+    path(
+        "<int:club_id>/role/new/member/",
+        ClubRoleMemberCreateView.as_view(),
+        name="new_role_member",
+    ),
     path("<int:club_id>/sellings/", ClubSellingView.as_view(), name="club_sellings"),
     path(
         "<int:club_id>/sellings/csv/", ClubSellingCSVView.as_view(), name="sellings_csv"

club/views.py

@@ -28,8 +28,11 @@ import csv
 import itertools
 from typing import TYPE_CHECKING, Any
 
-from django.conf import settings
-from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
+from django.contrib.auth.mixins import (
+    LoginRequiredMixin,
+    PermissionRequiredMixin,
+    UserPassesTestMixin,
+)
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
 from django.core.paginator import InvalidPage, Paginator
@@ -44,18 +47,26 @@ from django.utils.translation import gettext
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DetailView, ListView, View
 from django.views.generic.detail import SingleObjectMixin
-from django.views.generic.edit import CreateView, DeleteView, UpdateView
+from django.views.generic.edit import (
+    CreateView,
+    DeleteView,
+    FormMixin,
+    UpdateView,
+)
 
 from club.forms import (
     ClubAddMemberForm,
     ClubAdminEditForm,
     ClubEditForm,
     ClubOldMemberForm,
+    ClubRoleCreateForm,
+    ClubRoleFormSet,
+    ClubSearchForm,
     JoinClubForm,
     MailingForm,
     SellingsForm,
 )
-from club.models import Club, Mailing, MailingSubscription, Membership
+from club.models import Club, ClubRole, Mailing, MailingSubscription, Membership
 from com.models import Poster
 from com.views import (
     PosterCreateBaseView,
@@ -66,7 +77,12 @@ from com.views import (
 from core.auth.mixins import CanEditMixin, PermissionOrClubBoardRequiredMixin
 from core.models import Page, PageRev
 from core.views import BasePageEditView, DetailFormView, UseFragmentsMixin
-from core.views.mixins import FragmentMixin, FragmentRenderer, TabedViewMixin
+from core.views.mixins import (
+    AllowFragment,
+    FragmentMixin,
+    FragmentRenderer,
+    TabedViewMixin,
+)
 from counter.models import Selling
 
 if TYPE_CHECKING:
@@ -180,15 +196,41 @@ class ClubTabsMixin(TabedViewMixin):
         return tab_list
 
 
-class ClubListView(ListView):
-    """List the Clubs."""
+class ClubListView(AllowFragment, FormMixin, ListView):
+    """List the clubs of the AE, with a form to perform basic search.
+
+    Notes:
+        This view is fully public, because we want to advertise as much as possible
+        the cultural life of the AE.
+        In accordance with that matter, searching and listing the clubs is done
+        entirely server-side (no AlpineJS involved) ;
+        this is done this way in order to be sure the page is the most accessible
+        and SEO-friendly possible, even if it makes the UX slightly less smooth.
+    """
 
-    model = Club
     template_name = "club/club_list.jinja"
-    queryset = (
-        Club.objects.filter(parent=None).order_by("name").prefetch_related("children")
-    )
-    context_object_name = "club_list"
+    form_class = ClubSearchForm
+    queryset = Club.objects.order_by("name")
+    paginate_by = 20
+
+    def get_form_kwargs(self):
+        res = super().get_form_kwargs()
+        if self.request.method == "GET":
+            res |= {"data": self.request.GET, "initial": self.request.GET}
+        return res
+
+    def get_queryset(self):
+        form: ClubSearchForm = self.get_form()
+        qs = self.queryset
+        if not form.is_bound:
+            return qs.filter(is_active=True)
+        if not form.is_valid():
+            return qs.none()
+        if name := form.cleaned_data.get("name"):
+            qs = qs.filter(name__icontains=name)
+        if (is_active := form.cleaned_data.get("club_status")) is not None:
+            qs = qs.filter(is_active=is_active)
+        return qs
 
 
 class ClubView(ClubTabsMixin, DetailView):
@@ -260,12 +302,6 @@ class ClubToolsView(ClubTabsMixin, CanEditMixin, DetailView):
     template_name = "club/club_tools.jinja"
     current_tab = "tools"
 
-    def get_context_data(self, **kwargs):
-        return super().get_context_data(**kwargs) | {
-            "reservable_rooms": list(self.object.reservable_rooms.all()),
-            "counters": list(self.object.counters.filter(type="OFFICE")),
-        }
-
 
 class ClubAddMembersFragment(
     FragmentMixin, PermissionRequiredMixin, SuccessMessageMixin, CreateView
@@ -324,7 +360,7 @@ class ClubMembersView(
         membership = self.object.get_membership_for(self.request.user)
         if (
             membership
-            and membership.role <= settings.SITH_MAXIMUM_FREE_ROLE
+            and not membership.role.is_board
             and not self.request.user.has_perm("club.add_membership")
         ):
             # Simple club members won't see the form anymore.
@@ -349,8 +385,8 @@ class ClubMembersView(
         kwargs["members"] = list(
             self.object.members.ongoing()
             .annotate(is_editable=Q(id__in=editable))
-            .order_by("-role")
-            .select_related("user")
+            .order_by("role__order")
+            .select_related("user", "role")
         )
         kwargs["can_end_membership"] = len(editable) > 0
         return kwargs
@@ -378,12 +414,125 @@ class ClubOldMembersView(ClubTabsMixin, PermissionRequiredMixin, DetailView):
         return super().get_context_data(**kwargs) | {
             "old_members": (
                 self.object.members.exclude(end_date=None)
-                .order_by("-role", "description", "-end_date")
-                .select_related("user")
+                .order_by("role__order", "description", "-end_date")
+                .select_related("user", "role")
             )
         }
 
 
+class ClubRoleUpdateView(
+    ClubTabsMixin, UserPassesTestMixin, SuccessMessageMixin, UpdateView
+):
+    form_class = ClubRoleFormSet
+    model = Club
+    template_name = "club/club_roles.jinja"
+    pk_url_kwarg = "club_id"
+    current_tab = "members"
+    success_message = _("Club roles updated")
+
+    @cached_property
+    def club(self) -> Club:
+        return self.get_object()
+
+    def test_func(self):
+        return self.club.can_roles_be_edited_by(self.request.user)
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {"form_kwargs": {"label_suffix": ""}}
+
+    def get_success_url(self):
+        return reverse("club:club_members", kwargs={"club_id": self.club.id})
+
+    def get_context_data(self, **kwargs):
+        return super().get_context_data(**kwargs) | {
+            "user_role": ClubRole.objects.filter(
+                club=self.club,
+                members__user=self.request.user,
+                members__end_date=None,
+            )
+            .values_list("id", flat=True)
+            .first()
+        }
+
+
+class ClubRoleBaseCreateView(UserPassesTestMixin, SuccessMessageMixin, CreateView):
+    """View to create a new Club Role, using [][club.forms.ClubRoleCreateForm].
+
+    This view isn't meant to be called directly, but rather subclassed for each
+    type of role that can exist :
+
+    - `[ClubRolePresidencyCreateView][club.views.ClubRolePresidencyCreateView]`
+      to create a presidency role
+    - `[ClubRoleBoardCreateView][club.views.ClubRoleBoardCreateView]`
+      to create a board role
+    - `[ClubRoleMemberCreateView][club.views.ClubRoleMemberCreateView]`
+      to create a member role
+
+    Each subclass have to override the following variables :
+
+    - `is_presidency` and `is_board`, indicating what type of role
+      the view creates.
+    - `role_description`, which is the title of the page, indication
+       the user what kind of role is being created.
+
+    This way, we are making sure the correct type of role will
+    be created, without bothering the user with the implementation details.
+    """
+
+    form_class = ClubRoleCreateForm
+    model = ClubRole
+    template_name = "core/create.jinja"
+    success_message = _("Role %(name)s created")
+    role_description = ""
+    is_presidency: bool
+    is_board: bool
+
+    @cached_property
+    def club(self):
+        return get_object_or_404(Club, id=self.kwargs["club_id"])
+
+    def test_func(self):
+        return self.request.user.is_authenticated and (
+            self.request.user.has_perm("club.add_clubrole")
+            or self.club.members.filter(
+                user=self.request.user, role__is_presidency=True
+            ).exists()
+        )
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {
+            "club": self.club,
+            "is_presidency": self.is_presidency,
+            "is_board": self.is_board,
+        }
+
+    def get_context_data(self, **kwargs):
+        return super().get_context_data(**kwargs) | {
+            "object_name": self.role_description
+        }
+
+    def get_success_url(self):
+        return reverse("club:club_roles", kwargs={"club_id": self.club.id})
+
+
+class ClubRolePresidencyCreateView(ClubRoleBaseCreateView):
+    is_presidency = True
+    is_board = True
+    role_description = _("club role \u2013 presidency")
+
+
+class ClubRoleBoardCreateView(ClubRoleBaseCreateView):
+    is_presidency = False
+    is_board = True
+    role_description = _("club role \u2013 board")
+
+
+class ClubRoleMemberCreateView(ClubRoleBaseCreateView):
+    is_presidency = False
+    is_board = False
+    role_description = _("club role \u2013 member")
+
+
 class ClubSellingView(ClubTabsMixin, CanEditMixin, DetailFormView):
     """Sales of a club."""
 
@@ -550,6 +699,11 @@ class ClubCreateView(PermissionRequiredMixin, CreateView):
     template_name = "core/create.jinja"
     permission_required = "club.add_club"
 
+    def form_valid(self, form):
+        res = super().form_valid(form)
+        self.object.create_default_roles()
+        return res
+
 
 class MembershipSetOldView(CanEditMixin, SingleObjectMixin, View):
     """Set a membership as being old."""
@@ -730,9 +884,7 @@ class MailingAutoGenerationView(View):
     def get(self, request, *args, **kwargs):
         club = self.mailing.club
         self.mailing.subscriptions.all().delete()
-        members = club.members.filter(
-            role__gte=settings.SITH_CLUB_ROLES_ID["Board member"]
-        ).exclude(end_date__lte=timezone.now())
+        members = club.members.ongoing().filter(role__is_board=True)
         for member in members.all():
             MailingSubscription(user=member.user, mailing=self.mailing).save()
         return redirect("club:mailing", club_id=club.id)

com/static/com/components/ics-calendar.scss

@@ -16,76 +16,16 @@
   --event-details-padding: 20px;
   --event-details-border: 1px solid #EEEEEE;
   --event-details-border-radius: 4px;
-  --event-details-box-shadow: 0 6px 20px 4px rgb(0 0 0 / 16%);
+  --event-details-box-shadow: 0px 6px 20px 4px rgb(0 0 0 / 16%);
   --event-details-max-width: 600px;
   --event-recurring-internal-color: #6f69cd;
   --event-recurring-unpublished-color: orange;
 }
 
-ics-calendar,
-room-scheduler {
+ics-calendar {
   border: none;
   box-shadow: none;
 
-  a.fc-col-header-cell-cushion,
-  a.fc-col-header-cell-cushion:hover {
-    color: black;
-  }
-
-  a.fc-daygrid-day-number,
-  a.fc-daygrid-day-number:hover {
-    color: rgb(34, 34, 34);
-  }
-
-  td {
-    overflow: visible; // Show events on multiple days
-  }
-
-  td, th {
-    text-align: unset;
-  }
-
-  //Reset from style.scss
-  table {
-    box-shadow: none;
-    border-radius: 0;
-    -moz-border-radius: 0;
-    margin: 0;
-  }
-
-  // Reset from style.scss
-  thead {
-    background-color: white;
-    color: black;
-  }
-
-  // Reset from style.scss
-  tbody > tr {
-    &:nth-child(even):not(.highlight) {
-      background: white;
-    }
-  }
-
-  .fc .fc-toolbar.fc-footer-toolbar {
-    margin-bottom: 0.5em;
-  }
-
-  button.text-copy,
-  button.text-copy:focus,
-  button.text-copy:hover {
-    background-color: #67AE6E !important;
-    transition: 500ms ease-in;
-  }
-
-  button.text-copied,
-  button.text-copied:focus,
-  button.text-copied:hover {
-    transition: 500ms ease-out;
-  }
-
-}
-
-ics-calendar {
   #event-details {
     z-index: 10;
     max-width: 1151px;
@@ -122,60 +62,82 @@ ics-calendar {
       align-items: start;
       flex-direction: row;
       background-color: var(--event-details-background-color);
-      margin-top: 0;
+      margin-top: 0px;
       margin-bottom: 4px;
     }
   }
-}
 
-// Reset from style.scss
-thead {
-  background-color: white;
-  color: black;
-}
-
-// Reset from style.scss
-tbody > tr {
-  &:nth-child(even):not(.highlight) {
-    background: white;
+  a.fc-col-header-cell-cushion,
+  a.fc-col-header-cell-cushion:hover {
+    color: black;
   }
-}
 
-.fc .fc-toolbar.fc-footer-toolbar {
-  margin-bottom: 0.5em;
-}
+  a.fc-daygrid-day-number,
+  a.fc-daygrid-day-number:hover {
+    color: rgb(34, 34, 34);
+  }
 
-button.text-copy,
-button.text-copy:focus,
-button.text-copy:hover {
-  background-color: #67AE6E !important;
-  transition: 500ms ease-in;
-}
+  td {
+    overflow: visible; // Show events on multiple days
+  }
 
-button.text-copied,
-button.text-copied:focus,
-button.text-copied:hover {
-  transition: 500ms ease-out;
-}
+  //Reset from style.scss
+  table {
+    box-shadow: none;
+    border-radius: 0px;
+    -moz-border-radius: 0px;
+    margin: 0px;
+  }
 
-.fc .fc-getCalendarLink-button {
-  margin-right: 0.5rem;
-}
+  // Reset from style.scss
+  thead {
+    background-color: white;
+    color: black;
+  }
 
-.fc .fc-helpButton-button {
-  border-radius: 70%;
-  padding-left: 0.5rem;
-  padding-right: 0.5rem;
-  background-color: rgba(0, 0, 0, 0.8);
-  transition: 100ms ease-out;
-  width: 30px;
-  height: 30px;
-  font-size: 11px;
-}
+  // Reset from style.scss
+  tbody>tr {
+    &:nth-child(even):not(.highlight) {
+      background: white;
+    }
+  }
+
+  .fc .fc-toolbar.fc-footer-toolbar {
+    margin-bottom: 0.5em;
+  }
+
+  button.text-copy,
+  button.text-copy:focus,
+  button.text-copy:hover {
+    background-color: #67AE6E !important;
+    transition: 500ms ease-in;
+  }
+
+  button.text-copied,
+  button.text-copied:focus,
+  button.text-copied:hover {
+    transition: 500ms ease-out;
+  }
+
+  .fc .fc-getCalendarLink-button {
+    margin-right: 0.5rem;
+  }
+
+  .fc .fc-helpButton-button {
+    border-radius: 70%;
+    padding-left: 0.5rem;
+    padding-right: 0.5rem;
+    background-color: rgba(0, 0, 0, 0.8);
+    transition: 100ms ease-out;
+    width: 30px;
+    height: 30px;
+    font-size: 11px;
+  }
 
 
-.fc .fc-helpButton-button:hover {
-  background-color: rgba(20, 20, 20, 0.6);
+  .fc .fc-helpButton-button:hover {
+    background-color: rgba(20, 20, 20, 0.6);
+  }
 }
 
 .tooltip.calendar-copy-tooltip {

com/static/com/css/news-list.scss

@@ -3,6 +3,7 @@
 
 #news {
   display: flex;
+  gap: 1em;
 
   @media (max-width: 800px) {
     flex-direction: column;
@@ -26,12 +27,14 @@
   }
 
   h3 {
-    background: $second-color;
-    box-shadow: $shadow-color 1px 1px 1px;
-    padding: 0.4em;
+    --box-shadow: rgb(60 64 67 / 30%) 0 1px 3px 0, rgb(60 64 67 / 15%) 0 3px 7px 2px;
+    background: lighten($second-color, 5%);
+    box-shadow: var(--box-shadow);
+    padding: .75rem;
     margin: 0 0 0.5em 0;
     text-transform: uppercase;
     font-size: 17px;
+    border-radius: 10px;
 
     &:not(:first-of-type) {
       margin: 2em 0 1em 0;
@@ -39,12 +42,11 @@
 
     .feed {
       float: right;
-      color: #f26522;
+      color: #e25512;
     }
   }
 
   @media screen and (max-width: $small-devices) {
-
     #left_column,
     #right_column {
       flex: 100%;
@@ -57,6 +59,7 @@
     max-height: 600px;
     overflow-y: scroll;
     overflow-x: clip;
+    margin-top: 1em;
 
     #load-more-news-button {
       text-align: center;
@@ -76,14 +79,11 @@
     font-size: 70%;
     margin-bottom: 1em;
 
-    h3 {
-      margin-bottom: 0;
-    }
-
     #links_content {
+      overflow: auto;
       box-shadow: $shadow-color 1px 1px 1px;
       min-height: 20em;
-      padding-bottom: 1em;
+      padding: 1em;
 
       h4 {
         margin-left: 5px;
@@ -120,6 +120,8 @@
     }
 
     #birthdays_content {
+      box-shadow: $shadow-color 1px 1px 1px;
+      padding: 1em;
       ul.birthdays_year {
         margin: 0;
         list-style-type: none;
@@ -134,8 +136,7 @@
         }
 
         ul {
-          margin: 0;
-          margin-left: 1em;
+          margin: .5em 0 0 1em;
           list-style-type: square;
           list-style-position: inside;
           font-weight: normal;
@@ -149,9 +150,13 @@
   /* EVENTS TODAY AND NEXT FEW DAYS */
   .news_events_group {
     box-shadow: $shadow-color 1px 1px 1px;
-    margin-left: 1em;
+    margin-left: 0;
     margin-bottom: 0.5em;
 
+    @media screen and (max-width: $small-devices) {
+      margin-left: 3px;
+    }
+
     .news_events_group_date {
       display: table-cell;
       padding: 0.6em;

com/templates/com/news_list.jinja

@@ -1,11 +1,9 @@
 {% extends "core/base.jinja" %}
 {% from "com/macros.jinja" import news_moderation_alert %}
 
-{% block title %}AE UTBM{% endblock %}
-
 {% block additional_css %}
   <link rel="stylesheet" href="{{ static('com/css/news-list.scss') }}">
-  <link rel="stylesheet" href="{{ static('core/components/calendar.scss') }}">
+  <link rel="stylesheet" href="{{ static('com/components/ics-calendar.scss') }}">
 
   {# Atom feed discovery, not really css but also goes there #}
   <link rel="alternate" type="application/rss+xml" title="{% trans %}News feed{% endtrans %}" href="{{ url("com:news_feed") }}">
@@ -25,7 +23,7 @@
         <a target="#" href="{{ url("com:news_feed") }}"><i class="fa fa-rss feed"></i></a>
       </h3>
       {% if user.is_authenticated and (user.is_com_admin or user.memberships.board().ongoing().exists()) %}
-        <a class="btn btn-blue margin-bottom" href="{{ url("com:news_new") }}">
+        <a class="btn btn-blue" href="{{ url("com:news_new") }}">
           <i class="fa fa-plus"></i>
           {% trans %}Create news{% endtrans %}
         </a>
@@ -215,12 +213,6 @@
               <i class="fa-solid fa-magnifying-glass fa-xl"></i>
               <a href="{{ url("matmat:search") }}">{% trans %}Matmatronch{% endtrans %}</a>
             </li>
-            {% if user.has_perm("reservation.view_reservationslot") %}
-              <li>
-                <i class="fa-solid fa-thumbtack fa-xl"></i>
-                <a href="{{ url("reservation:main") }}">{% trans %}Room reservation{% endtrans %}</a>
-              </li>
-            {% endif %}
             <li>
               <i class="fa-solid fa-check-to-slot fa-xl"></i>
               <a href="{{ url("election:list") }}">{% trans %}Elections{% endtrans %}</a>

com/tests/test_notifications.py

@@ -7,7 +7,7 @@ from model_bakery import baker
 
 from com.models import News, NewsDate
 from core.baker_recipes import subscriber_user
-from core.models import Group, Notification, User
+from core.models import Group, Notification, SithFile, User
 
 
 @pytest.mark.django_db
@@ -18,6 +18,7 @@ def test_notification_created():
     past_news = baker.make(News, is_published=False)
     baker.make(NewsDate, news=past_news, start_date=now() - timedelta(days=1))
     com_admin_group = Group.objects.get(pk=settings.SITH_GROUP_COM_ADMIN_ID)
+    SithFile.objects.filter(owner__in=com_admin_group.users.all()).delete()
     com_admin_group.users.all().delete()
     Notification.objects.all().delete()
     com_admin = baker.make(User, groups=[com_admin_group])

com/tests/test_views.py

@@ -28,7 +28,7 @@ from django.utils.translation import gettext as _
 from model_bakery import baker
 from pytest_django.asserts import assertNumQueries, assertRedirects
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from com.models import News, NewsDate, Poster, Sith, Weekmail, WeekmailArticle
 from core.baker_recipes import subscriber_user
 from core.models import AnonymousUser, Group, User
@@ -214,7 +214,8 @@ class TestNewsCreation(TestCase):
     def setUpTestData(cls):
         cls.club = baker.make(Club)
         cls.user = subscriber_user.make()
-        baker.make(Membership, user=cls.user, club=cls.club, role=5)
+        role = baker.make(ClubRole, club=cls.club, is_board=True)
+        baker.make(Membership, user=cls.user, club=cls.club, role=role)
 
     def setUp(self):
         self.client.force_login(self.user)

com/views.py

@@ -244,9 +244,8 @@ class NewsListView(TemplateView):
             .filter(
                 date_of_birth__month=localdate().month,
                 date_of_birth__day=localdate().day,
-                is_viewable=True,
+                role__in=["STUDENT", "FORMER STUDENT"],
             )
-            .filter(role__in=["STUDENT", "FORMER STUDENT"])
             .order_by("-date_of_birth"),
             key=lambda u: u.date_of_birth.year,
         )
@@ -504,7 +503,7 @@ class WeekmailArticleCreateView(CreateView):
         self.object = form.instance
         form.is_valid()  # Valid a first time to populate club field
         m = form.instance.club.get_membership_for(request.user)
-        if m is None or m.role <= settings.SITH_MAXIMUM_FREE_ROLE:
+        if m is None or not m.role.is_board:
             form.add_error(
                 "club",
                 ValidationError(

core/admin.py

@@ -63,6 +63,7 @@ class UserAdmin(admin.ModelAdmin):
         "scrub_pict",
         "user_permissions",
         "groups",
+        "whitelisted_users",
     )
     inlines = (UserBanInline,)
     search_fields = ["first_name", "last_name", "username"]

core/api.py

@@ -123,7 +123,7 @@ class GroupController(ControllerBase):
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
     def search_group(self, search: Annotated[str, MinLen(1)]):
-        return Group.objects.filter(name__icontains=search).values()
+        return Group.objects.filter(name__icontains=search).order_by("name").values()
 
 
 DepthValue = Annotated[int, Ge(0), Le(10)]

core/auth/mixins.py

@@ -307,6 +307,7 @@ class PermissionOrClubBoardRequiredMixin(PermissionRequiredMixin):
             return False
         if super().has_permission():
             return True
-        return self.club is not None and any(
-            g.id == self.club.board_group_id for g in self.request.user.cached_groups
+        return (
+            self.club is not None
+            and self.club.board_group_id in self.request.user.all_groups
         )

core/baker_recipes.py

@@ -4,9 +4,9 @@ from dateutil.relativedelta import relativedelta
 from django.conf import settings
 from django.utils.timezone import localdate, now
 from model_bakery import seq
-from model_bakery.recipe import Recipe, related
+from model_bakery.recipe import Recipe, foreign_key, related
 
-from club.models import Membership
+from club.models import ClubRole, Membership
 from core.models import Group, User
 from subscription.models import Subscription
 
@@ -52,7 +52,9 @@ ae_board_membership = Recipe(
     Membership,
     start_date=now() - timedelta(days=30),
     club_id=settings.SITH_MAIN_CLUB_ID,
-    role=settings.SITH_CLUB_ROLES_ID["Board member"],
+    role=foreign_key(
+        Recipe(ClubRole, club_id=settings.SITH_MAIN_CLUB_ID, is_board=True)
+    ),
 )
 
 board_user = Recipe(

core/management/commands/install_xapian.py

@@ -39,12 +39,16 @@ class Command(BaseCommand):
             return None
         return xapian.version_string()
 
-    def _desired_version(self) -> str:
+    def _desired_version(self) -> tuple[str, str, str]:
         with open(
             Path(__file__).parent.parent.parent.parent / "pyproject.toml", "rb"
         ) as f:
             pyproject = tomli.load(f)
-            return pyproject["tool"]["xapian"]["version"]
+            return (
+                pyproject["tool"]["xapian"]["version"],
+                pyproject["tool"]["xapian"]["core-sha256"],
+                pyproject["tool"]["xapian"]["bindings-sha256"],
+            )
 
     def handle(self, *args, force: bool, **options):
         if not os.environ.get("VIRTUAL_ENV", None):
@@ -53,7 +57,7 @@ class Command(BaseCommand):
             )
             return
 
-        desired = self._desired_version()
+        desired, core_checksum, bindings_checksum = self._desired_version()
         if desired == self._current_version():
             if not force:
                 self.stdout.write(
@@ -65,7 +69,12 @@ class Command(BaseCommand):
             f"Installing xapian version {desired} at {os.environ['VIRTUAL_ENV']}"
         )
         subprocess.run(
-            [str(Path(__file__).parent / "install_xapian.sh"), desired],
+            [
+                str(Path(__file__).parent / "install_xapian.sh"),
+                desired,
+                core_checksum,
+                bindings_checksum,
+            ],
             env=dict(os.environ),
             check=True,
         )

core/management/commands/install_xapian.sh

@@ -1,7 +1,11 @@
 #!/usr/bin/env bash
 # Originates from https://gist.github.com/jorgecarleitao/ab6246c86c936b9c55fd
 # first argument of the script is Xapian version (e.g. 1.2.19)
+# second argument of the script is core sha256
+# second argument of the script is binding sha256
 VERSION="$1"
+CORE_SHA256="$2"
+BINDINGS_SHA256="$3"
 
 # Cleanup env vars for auto discovery mechanism
 unset CPATH
@@ -21,9 +25,15 @@ BINDINGS=xapian-bindings-$VERSION
 
 # download
 echo "Downloading source..."
-curl -O "https://oligarchy.co.uk/xapian/$VERSION/${CORE}.tar.xz"
+curl -O "https://oligarchy.co.uk/xapian/$VERSION/${CORE}.tar.xz" || exit 1
+
+echo "${CORE_SHA256}  ${CORE}.tar.xz" | sha256sum -c - || exit 1
+
 curl -O "https://oligarchy.co.uk/xapian/$VERSION/${BINDINGS}.tar.xz"
 
+echo "${BINDINGS_SHA256}  ${BINDINGS}.tar.xz" | sha256sum -c - || exit 1
+
+
 # extract
 echo "Extracting source..."
 tar xf "${CORE}.tar.xz"

core/management/commands/populate.py

@@ -16,7 +16,7 @@
 # details.
 #
 # You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
+# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
@@ -36,12 +36,19 @@ from django.utils import timezone
 from django.utils.timezone import localdate
 from PIL import Image
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from com.ics_calendar import IcsCalendar
 from com.models import News, NewsDate, Sith, Weekmail
 from core.models import BanGroup, Group, Page, PageRev, SithFile, User
 from core.utils import resize_image
-from counter.models import Counter, Product, ProductType, ReturnableProduct, StudentCard
+from counter.models import (
+    Counter,
+    Price,
+    Product,
+    ProductType,
+    ReturnableProduct,
+    StudentCard,
+)
 from election.models import Candidature, Election, ElectionList, Role
 from forum.models import Forum
 from pedagogy.models import UE
@@ -62,6 +69,13 @@ class PopulatedGroups(NamedTuple):
     campus_admin: Group
 
 
+class PopulatedClubs(NamedTuple):
+    ae: Club
+    troll: Club
+    pdf: Club
+    refound: Club
+
+
 class Command(BaseCommand):
     ROOT_PATH: ClassVar[Path] = Path(__file__).parent.parent.parent.parent
     SAS_FIXTURE_PATH: ClassVar[Path] = (
@@ -110,29 +124,19 @@ class Command(BaseCommand):
         p.save(force_lock=True)
 
         club_root = SithFile.objects.create(name="clubs", owner=root)
-        sas = SithFile.objects.create(name="SAS", owner=root)
-        main_club = Club.objects.create(
-            id=1, name="AE", address="6 Boulevard Anatole France, 90000 Belfort"
-        )
-        main_club.board_group.permissions.add(
-            *Permission.objects.filter(
-                codename__in=["view_subscription", "add_subscription"]
-            )
-        )
-        bar_club = Club.objects.create(
-            id=settings.SITH_PDF_CLUB_ID,
-            name="PdF",
-            address="6 Boulevard Anatole France, 90000 Belfort",
+        sas = SithFile.objects.create(
+            name="SAS", owner=root, id=settings.SITH_SAS_ROOT_DIR_ID
         )
+        clubs = self._create_clubs()
 
         self.reset_index("club")
         for bar_id, bar_name in settings.SITH_COUNTER_BARS:
-            Counter(id=bar_id, name=bar_name, club=bar_club, type="BAR").save()
+            Counter(id=bar_id, name=bar_name, club=clubs.pdf, type="BAR").save()
         self.reset_index("counter")
         counters = [
-            Counter(name="Eboutic", club=main_club, type="EBOUTIC"),
-            Counter(name="AE", club=main_club, type="OFFICE"),
-            Counter(name="Vidage comptes AE", club=main_club, type="OFFICE"),
+            Counter(name="Eboutic", club=clubs.ae, type="EBOUTIC"),
+            Counter(name="AE", club=clubs.ae, type="OFFICE"),
+            Counter(name="Vidage comptes AE", club=clubs.ae, type="OFFICE"),
         ]
         Counter.objects.bulk_create(counters)
         bar_groups = []
@@ -315,178 +319,55 @@ class Command(BaseCommand):
         self._create_subscription(tutu)
         StudentCard(uid="9A89B82018B0A0", customer=sli.customer).save()
 
-        # Clubs
-        Club.objects.create(
-            name="Bibo'UT", address="46 de la Boustifaille", parent=main_club
+        Membership.objects.create(
+            user=skia, club=clubs.ae, role=clubs.ae.roles.get(name="Respo Info")
         )
-        guyut = Club.objects.create(
-            name="Guy'UT", address="42 de la Boustifaille", parent=main_club
-        )
-        Club.objects.create(name="Woenzel'UT", address="Woenzel", parent=guyut)
-        troll = Club.objects.create(
-            name="Troll Penché", address="Terre Du Milieu", parent=main_club
-        )
-        refound = Club.objects.create(
-            name="Carte AE", address="Jamais imprimée", parent=main_club
-        )
-
-        Membership.objects.create(user=skia, club=main_club, role=3)
         Membership.objects.create(
             user=comunity,
-            club=bar_club,
+            club=clubs.pdf,
             start_date=localdate(),
-            role=settings.SITH_CLUB_ROLES_ID["Board member"],
+            role=clubs.pdf.roles.get(name="Membre du bureau"),
         )
         Membership.objects.create(
             user=sli,
-            club=troll,
-            role=9,
+            club=clubs.troll,
+            role=clubs.troll.roles.get(name="Vice-Président⸱e"),
             description="Padawan Troll",
             start_date=localdate() - timedelta(days=17),
         )
         Membership.objects.create(
             user=krophil,
-            club=troll,
-            role=10,
+            club=clubs.troll,
+            role=clubs.troll.roles.get(name="Président⸱e"),
             description="Maitre Troll",
             start_date=localdate() - timedelta(days=200),
         )
         Membership.objects.create(
             user=skia,
-            club=troll,
-            role=2,
+            club=clubs.troll,
+            role=clubs.troll.roles.get(name="Membre du bureau"),
             description="Grand Ancien Troll",
             start_date=localdate() - timedelta(days=400),
             end_date=localdate() - timedelta(days=86),
         )
         Membership.objects.create(
             user=richard,
-            club=troll,
-            role=2,
+            club=clubs.troll,
+            role=clubs.troll.roles.get(name="Membre du bureau"),
             description="",
             start_date=localdate() - timedelta(days=200),
             end_date=localdate() - timedelta(days=100),
         )
 
-        p = ProductType.objects.create(name="Bières bouteilles")
-        c = ProductType.objects.create(name="Cotisations")
-        r = ProductType.objects.create(name="Rechargements")
-        verre = ProductType.objects.create(name="Verre")
-        cotis = Product.objects.create(
-            name="Cotis 1 semestre",
-            code="1SCOTIZ",
-            product_type=c,
-            purchase_price="15",
-            selling_price="15",
-            special_selling_price="15",
-            club=main_club,
-        )
-        cotis2 = Product.objects.create(
-            name="Cotis 2 semestres",
-            code="2SCOTIZ",
-            product_type=c,
-            purchase_price="28",
-            selling_price="28",
-            special_selling_price="28",
-            club=main_club,
-        )
-        refill = Product.objects.create(
-            name="Rechargement 15 €",
-            code="15REFILL",
-            product_type=r,
-            purchase_price="15",
-            selling_price="15",
-            special_selling_price="15",
-            club=main_club,
-        )
-        barb = Product.objects.create(
-            name="Barbar",
-            code="BARB",
-            product_type=p,
-            purchase_price="1.50",
-            selling_price="1.7",
-            special_selling_price="1.6",
-            club=main_club,
-            limit_age=18,
-        )
-        cble = Product.objects.create(
-            name="Chimay Bleue",
-            code="CBLE",
-            product_type=p,
-            purchase_price="1.50",
-            selling_price="1.7",
-            special_selling_price="1.6",
-            club=main_club,
-            limit_age=18,
-        )
-        cons = Product.objects.create(
-            name="Consigne Eco-cup",
-            code="CONS",
-            product_type=verre,
-            purchase_price="1",
-            selling_price="1",
-            special_selling_price="1",
-            club=main_club,
-        )
-        dcons = Product.objects.create(
-            name="Déconsigne Eco-cup",
-            code="DECO",
-            product_type=verre,
-            purchase_price="-1",
-            selling_price="-1",
-            special_selling_price="-1",
-            club=main_club,
-        )
-        cors = Product.objects.create(
-            name="Corsendonk",
-            code="CORS",
-            product_type=p,
-            purchase_price="1.50",
-            selling_price="1.7",
-            special_selling_price="1.6",
-            club=main_club,
-            limit_age=18,
-        )
-        carolus = Product.objects.create(
-            name="Carolus",
-            code="CARO",
-            product_type=p,
-            purchase_price="1.50",
-            selling_price="1.7",
-            special_selling_price="1.6",
-            club=main_club,
-            limit_age=18,
-        )
-        Product.objects.create(
-            name="remboursement",
-            code="REMBOURS",
-            purchase_price="0",
-            selling_price="0",
-            special_selling_price="0",
-            club=refound,
-        )
-        groups.subscribers.products.add(
-            cotis, cotis2, refill, barb, cble, cors, carolus
-        )
-        groups.old_subscribers.products.add(cotis, cotis2)
+        self._create_products(groups, clubs)
 
-        mde = Counter.objects.get(name="MDE")
-        mde.products.add(barb, cble, cons, dcons)
-
-        eboutic = Counter.objects.get(name="Eboutic")
-        eboutic.products.add(barb, cotis, cotis2, refill)
-
-        Counter.objects.create(name="Carte AE", club=refound, type="OFFICE")
-
-        ReturnableProduct.objects.create(
-            product=cons, returned_product=dcons, max_return=3
-        )
+        Counter.objects.create(name="Carte AE", club=clubs.refound, type="OFFICE")
 
         # Add barman to counter
         Counter.sellers.through.objects.bulk_create(
             [
-                Counter.sellers.through(counter_id=2, user=krophil),
-                Counter.sellers.through(counter=mde, user=skia),
+                Counter.sellers.through(counter_id=1, user=skia),  # MDE
+                Counter.sellers.through(counter_id=2, user=krophil),  # Foyer
             ]
         )
 
@@ -500,7 +381,7 @@ class Command(BaseCommand):
             end_date="7942-06-12 10:28:45+01",
         )
         el.view_groups.add(groups.public)
-        el.edit_groups.add(main_club.board_group)
+        el.edit_groups.add(clubs.ae.board_group)
         el.candidature_groups.add(groups.subscribers)
         el.vote_groups.add(groups.subscribers)
         liste = ElectionList.objects.create(title="Candidature Libre", election=el)
@@ -573,7 +454,7 @@ class Command(BaseCommand):
             title="Apero barman",
             summary="Viens boire un coup avec les barmans",
             content="Glou glou glou glou glou glou glou",
-            club=bar_club,
+            club=clubs.pdf,
             author=subscriber,
             is_published=True,
             moderator=skia,
@@ -591,7 +472,7 @@ class Command(BaseCommand):
             content=(
                 "Viens donc t'enjailler avec les autres barmans aux frais du BdF! \\o/"
             ),
-            club=bar_club,
+            club=clubs.pdf,
             author=subscriber,
             is_published=True,
             moderator=skia,
@@ -607,7 +488,7 @@ class Command(BaseCommand):
             title="Repas fromager",
             summary="Wien manger du l'bon fromeug'",
             content="Fô viendre mangey d'la bonne fondue!",
-            club=bar_club,
+            club=clubs.pdf,
             author=subscriber,
             is_published=True,
             moderator=skia,
@@ -623,7 +504,7 @@ class Command(BaseCommand):
             title="SdF",
             summary="Enjoy la fin des finaux!",
             content="Viens faire la fête avec tout plein de gens!",
-            club=bar_club,
+            club=clubs.pdf,
             author=subscriber,
             is_published=True,
             moderator=skia,
@@ -641,7 +522,7 @@ class Command(BaseCommand):
             summary="Viens jouer!",
             content="Rejoins la fine équipe du Troll Penché et viens "
             "t'amuser le Vendredi soir!",
-            club=troll,
+            club=clubs.troll,
             author=subscriber,
             is_published=True,
             moderator=skia,
@@ -719,8 +600,7 @@ class Command(BaseCommand):
                     )
                     pict.file.name = p.name
                     pict.full_clean()
-                    pict.generate_thumbnails()
-                    pict.save()
+                    pict.generate_thumbnails(save=True)
 
         img_skia = Picture.objects.get(name="skia.jpg")
         img_sli = Picture.objects.get(name="sli.jpg")
@@ -742,6 +622,129 @@ class Command(BaseCommand):
             ]
         )
 
+    def _create_products(self, groups: PopulatedGroups, clubs: PopulatedClubs):
+        beers_type, cotis_type, refill_type, verre_type = (
+            ProductType.objects.bulk_create(
+                [
+                    ProductType(name="Bières bouteilles"),
+                    ProductType(name="Cotisations"),
+                    ProductType(name="Rechargements"),
+                    ProductType(name="Verre"),
+                ]
+            )
+        )
+        cotis = Product.objects.create(
+            name="Cotis 1 semestre",
+            code="1SCOTIZ",
+            product_type=cotis_type,
+            purchase_price=15,
+            club=clubs.ae,
+        )
+        cotis2 = Product.objects.create(
+            name="Cotis 2 semestres",
+            code="2SCOTIZ",
+            product_type=cotis_type,
+            purchase_price="28",
+            club=clubs.ae,
+        )
+        refill = Product.objects.create(
+            name="Rechargement 15 €",
+            code="15REFILL",
+            product_type=refill_type,
+            purchase_price=15,
+            club=clubs.ae,
+        )
+        barb = Product.objects.create(
+            name="Barbar",
+            code="BARB",
+            product_type=beers_type,
+            purchase_price="1.50",
+            club=clubs.pdf,
+            limit_age=18,
+        )
+        cble = Product.objects.create(
+            name="Chimay Bleue",
+            code="CBLE",
+            product_type=beers_type,
+            purchase_price="1.50",
+            club=clubs.pdf,
+            limit_age=18,
+        )
+        cons = Product.objects.create(
+            name="Consigne Eco-cup",
+            code="CONS",
+            product_type=verre_type,
+            purchase_price="1",
+            club=clubs.pdf,
+        )
+        dcons = Product.objects.create(
+            name="Déconsigne Eco-cup",
+            code="DECO",
+            product_type=verre_type,
+            purchase_price="-1",
+            club=clubs.pdf,
+        )
+        cors = Product.objects.create(
+            name="Corsendonk",
+            code="CORS",
+            product_type=beers_type,
+            purchase_price="1.50",
+            club=clubs.pdf,
+            limit_age=18,
+        )
+        carolus = Product.objects.create(
+            name="Carolus",
+            code="CARO",
+            product_type=beers_type,
+            purchase_price="1.50",
+            club=clubs.pdf,
+            limit_age=18,
+        )
+        Product.objects.create(
+            name="remboursement",
+            code="REMBOURS",
+            purchase_price=0,
+            club=clubs.refound,
+        )
+        ReturnableProduct.objects.create(
+            product=cons, returned_product=dcons, max_return=3
+        )
+        mde = Counter.objects.get(name="MDE")
+        mde.products.add(barb, cble, cons, dcons)
+        eboutic = Counter.objects.get(name="Eboutic")
+        eboutic.products.add(barb, cotis, cotis2, refill)
+
+        cotis, cotis2, refill, barb, cble, cors, carolus, cons, dcons = (
+            Price.objects.bulk_create(
+                [
+                    Price(product=cotis, amount=15),
+                    Price(product=cotis2, amount=28),
+                    Price(product=refill, amount=15),
+                    Price(product=barb, amount=1.7),
+                    Price(product=cble, amount=1.7),
+                    Price(product=cors, amount=1.7),
+                    Price(product=carolus, amount=1.7),
+                    Price(product=cons, amount=1),
+                    Price(product=dcons, amount=-1),
+                ]
+            )
+        )
+        Price.groups.through.objects.bulk_create(
+            [
+                Price.groups.through(price=cotis, group=groups.subscribers),
+                Price.groups.through(price=cotis2, group=groups.subscribers),
+                Price.groups.through(price=refill, group=groups.subscribers),
+                Price.groups.through(price=barb, group=groups.subscribers),
+                Price.groups.through(price=cble, group=groups.subscribers),
+                Price.groups.through(price=cors, group=groups.subscribers),
+                Price.groups.through(price=carolus, group=groups.subscribers),
+                Price.groups.through(price=cotis, group=groups.old_subscribers),
+                Price.groups.through(price=cotis2, group=groups.old_subscribers),
+                Price.groups.through(price=cons, group=groups.old_subscribers),
+                Price.groups.through(price=dcons, group=groups.old_subscribers),
+            ]
+        )
+
     def _create_profile_pict(self, user: User):
         path = self.SAS_FIXTURE_PATH / "Family" / f"{user.username}.jpg"
         file = resize_image(Image.open(path), 400, "WEBP")
@@ -778,6 +781,57 @@ class Command(BaseCommand):
         )
         s.save()
 
+    def _create_clubs(self) -> PopulatedClubs:
+        ae = Club.objects.create(
+            id=1, name="AE", address="6 Boulevard Anatole France, 90000 Belfort"
+        )
+        ae.board_group.permissions.add(
+            *Permission.objects.filter(
+                codename__in=[
+                    "view_subscription",
+                    "add_subscription",
+                    "add_membership",
+                    "view_hidden_user",
+                ]
+            )
+        )
+        pdf = Club.objects.create(
+            id=settings.SITH_PDF_CLUB_ID,
+            name="PdF",
+            address="6 Boulevard Anatole France, 90000 Belfort",
+        )
+        troll = Club.objects.create(
+            name="Troll Penché", address="Terre Du Milieu", parent=ae
+        )
+        refound = Club.objects.create(
+            name="Carte AE", address="Jamais imprimée", parent=ae
+        )
+        roles = []
+        presidency_roles = ["Président⸱e", "Vice-Président⸱e"]
+        board_roles = [
+            "Trésorier⸱e",
+            "Secrétaire",
+            "Respo Info",
+            "Respo Com",
+            "Membre du bureau",
+        ]
+        simple_roles = ["Membre actif⸱ve", "Curieux⸱euse"]
+        for club in ae, pdf, troll, refound:
+            for i, role in enumerate(presidency_roles):
+                roles.append(
+                    ClubRole(
+                        club=club, order=i, name=role, is_presidency=True, is_board=True
+                    )
+                )
+            for i, role in enumerate(board_roles, start=len(presidency_roles)):
+                roles.append(ClubRole(club=club, order=i, name=role, is_board=True))
+            for i, role in enumerate(
+                simple_roles, start=len(presidency_roles) + len(board_roles)
+            ):
+                roles.append(ClubRole(club=club, order=i, name=role))
+        ClubRole.objects.bulk_create(roles)
+        return PopulatedClubs(ae=ae, troll=troll, pdf=pdf, refound=refound)
+
     def _create_groups(self) -> PopulatedGroups:
         perms = Permission.objects.all()
 
@@ -790,11 +844,7 @@ class Command(BaseCommand):
 
         subscribers = Group.objects.create(name="Cotisants")
         subscribers.permissions.add(
-            *list(
-                perms.filter(
-                    codename__in=["add_news", "add_uecomment", "view_reservationslot"]
-                )
-            )
+            *list(perms.filter(codename__in=["add_news", "add_uecomment"]))
         )
         old_subscribers = Group.objects.create(name="Anciens cotisants")
         old_subscribers.permissions.add(

core/management/commands/populate_more.py

@@ -1,7 +1,6 @@
 import random
 from datetime import date, timedelta
 from datetime import timezone as tz
-from math import ceil
 from typing import Iterator
 
 from dateutil.relativedelta import relativedelta
@@ -12,12 +11,13 @@ from django.db.models import Count, Exists, Min, OuterRef, Subquery
 from django.utils.timezone import localdate, make_aware, now
 from faker import Faker
 
-from club.models import Club, Membership
+from club.models import Club, ClubRole, Membership
 from core.models import Group, User, UserBan
 from counter.models import (
     Counter,
     Customer,
     Permanency,
+    Price,
     Product,
     ProductType,
     Refilling,
@@ -25,7 +25,6 @@ from counter.models import (
 )
 from forum.models import Forum, ForumMessage, ForumTopic
 from pedagogy.models import UE
-from reservation.models import ReservationSlot, Room
 from subscription.models import Subscription
 
 
@@ -43,20 +42,45 @@ class Command(BaseCommand):
         self.stdout.write("Creating users...")
         users = self.create_users()
         self.create_bans(random.sample(users, k=len(users) // 200))  # 0.5% of users
-        # len(subscribers) is approximately 480
         subscribers = random.sample(users, k=int(0.8 * len(users)))
         self.stdout.write("Creating subscriptions...")
         self.create_subscriptions(subscribers)
         self.stdout.write("Creating club memberships...")
-        self.create_club_memberships(subscribers)
-        self.stdout.write("Creating rooms and reservation...")
-        self.create_resources_and_reservations(random.sample(subscribers, k=40))
+        users_qs = User.objects.filter(id__in=[s.id for s in subscribers])
+        subscribers_now = list(
+            users_qs.annotate(
+                filter=Exists(
+                    Subscription.objects.filter(
+                        member_id=OuterRef("pk"), subscription_end__gte=now()
+                    )
+                )
+            )
+        )
+        old_subscribers = list(
+            users_qs.annotate(
+                filter=Exists(
+                    Subscription.objects.filter(
+                        member_id=OuterRef("pk"), subscription_end__lt=now()
+                    )
+                )
+            )
+        )
+        self.make_club(
+            Club.objects.get(id=settings.SITH_MAIN_CLUB_ID),
+            random.sample(subscribers_now, k=min(30, len(subscribers_now))),
+            random.sample(old_subscribers, k=min(60, len(old_subscribers))),
+        )
+        self.make_club(
+            Club.objects.get(name="Troll Penché"),
+            random.sample(subscribers_now, k=min(20, len(subscribers_now))),
+            random.sample(old_subscribers, k=min(80, len(old_subscribers))),
+        )
         self.stdout.write("Creating uvs...")
         self.create_ues()
         self.stdout.write("Creating products...")
         self.create_products()
         self.stdout.write("Creating sales and refills...")
-        sellers = list(User.objects.order_by("?")[:100])
+        sellers = random.sample(list(User.objects.all()), 100)
         self.create_sales(sellers)
         self.stdout.write("Creating permanences...")
         self.create_permanences(sellers)
@@ -149,20 +173,25 @@ class Command(BaseCommand):
         Customer.objects.bulk_create(customers, ignore_conflicts=True)
 
     def make_club(self, club: Club, members: list[User], old_members: list[User]):
-        def zip_roles(users: list[User]) -> Iterator[tuple[User, int]]:
-            roles = iter(sorted(settings.SITH_CLUB_ROLES.keys(), reverse=True))
+        roles: list[ClubRole] = list(club.roles.all())
+
+        def zip_roles(users: list[User]) -> Iterator[tuple[User, ClubRole]]:
+            important_roles = [r for r in roles if r.is_board]
+            important_roles.sort(key=lambda r: r.order)
+            simple_board_role = important_roles.pop()
+            member_roles = [r for r in roles if not r.is_board]
             user_idx = 0
-            while (role := next(roles)) > 2:
+            for _role in important_roles:
                 # one member for each major role
-                yield users[user_idx], role
+                yield users[user_idx], _role
                 user_idx += 1
             for _ in range(int(0.3 * (len(users) - user_idx))):
                 # 30% of the remaining in the board
-                yield users[user_idx], 2
+                yield users[user_idx], simple_board_role
                 user_idx += 1
             for remaining in users[user_idx + 1 :]:
                 # everything else is a simple member
-                yield remaining, 1
+                yield remaining, random.choices(member_roles, weights=(0.8, 0.2))[0]
 
         memberships = []
         old_members = old_members.copy()
@@ -174,114 +203,18 @@ class Command(BaseCommand):
                     start_date=start,
                     end_date=self.faker.past_date(start),
                     user=old,
-                    role=random.choice(list(settings.SITH_CLUB_ROLES.keys())),
+                    role=random.choice(roles),
                     club=club,
                 )
             )
         for member, role in zip_roles(members):
             start = self.faker.past_date("-1y")
             memberships.append(
-                Membership(
-                    start_date=start,
-                    user=member,
-                    role=role,
-                    club=club,
-                )
+                Membership(start_date=start, user=member, role=role, club=club)
             )
         memberships = Membership.objects.bulk_create(memberships)
         Membership._add_club_groups(memberships)
 
-    def create_club_memberships(self, users: list[User]):
-        users_qs = User.objects.filter(id__in=[s.id for s in users])
-        subscribers_now = list(
-            users_qs.annotate(
-                filter=Exists(
-                    Subscription.objects.filter(
-                        member_id=OuterRef("pk"), subscription_end__gte=now()
-                    )
-                )
-            )
-        )
-        old_subscribers = list(
-            users_qs.annotate(
-                filter=Exists(
-                    Subscription.objects.filter(
-                        member_id=OuterRef("pk"), subscription_end__lt=now()
-                    )
-                )
-            )
-        )
-        self.make_club(
-            Club.objects.get(id=settings.SITH_MAIN_CLUB_ID),
-            random.sample(subscribers_now, k=min(30, len(subscribers_now))),
-            random.sample(old_subscribers, k=min(60, len(old_subscribers))),
-        )
-        self.make_club(
-            Club.objects.get(name="Troll Penché"),
-            random.sample(subscribers_now, k=min(20, len(subscribers_now))),
-            random.sample(old_subscribers, k=min(80, len(old_subscribers))),
-        )
-
-    def create_resources_and_reservations(self, users: list[User]):
-        """Generate reservable rooms and reservations slots for those rooms.
-
-        Contrary to the other data generator,
-        this one generates more data than what is expected on the real db.
-        """
-        ae = Club.objects.get(id=settings.SITH_MAIN_CLUB_ID)
-        pdf = Club.objects.get(id=settings.SITH_PDF_CLUB_ID)
-        troll = Club.objects.get(name="Troll Penché")
-        rooms = [
-            Room(
-                name=name,
-                club=club,
-                location=location,
-                description=self.faker.text(100),
-            )
-            for name, club, location in [
-                ("Champi", ae, "BELFORT"),
-                ("Muzik", ae, "BELFORT"),
-                ("Pôle Tech", ae, "BELFORT"),
-                ("Jolly", troll, "BELFORT"),
-                ("Cookut", pdf, "BELFORT"),
-                ("Lucky", pdf, "BELFORT"),
-                ("Potards", pdf, "SEVENANS"),
-                ("Bureau AE", ae, "SEVENANS"),
-            ]
-        ]
-        rooms = Room.objects.bulk_create(rooms)
-        reservations = []
-        for room in rooms:
-            # how much people use this room.
-            # The higher the number, the more reservations exist,
-            # the smaller the interval between two slot is,
-            # and the more future reservations have already been made ahead of time
-            affluence = random.randint(2, 6)
-            slot_start = make_aware(self.faker.past_datetime("-5y").replace(minute=0))
-            generate_until = make_aware(
-                self.faker.future_datetime(timedelta(days=1) * affluence**2)
-            )
-            while slot_start < generate_until:
-                if slot_start.hour < 8:
-                    # if a reservation would start in the middle of the night
-                    # make it start the next morning instead
-                    slot_start += timedelta(hours=10 - slot_start.hour)
-                duration = timedelta(minutes=15) * (1 + int(random.gammavariate(3, 2)))
-                reservations.append(
-                    ReservationSlot(
-                        room=room,
-                        author=random.choice(users),
-                        start_at=slot_start,
-                        end_at=slot_start + duration,
-                        created_at=slot_start - self.faker.time_delta("+7d"),
-                    )
-                )
-                slot_start += duration + (
-                    timedelta(minutes=15) * ceil(random.expovariate(affluence / 192))
-                )
-        reservations.sort(key=lambda slot: slot.created_at)
-        ReservationSlot.objects.bulk_create(reservations)
-
     def create_ues(self):
         root = User.objects.get(username="root")
         categories = ["CS", "TM", "OM", "QC", "EC"]
@@ -346,6 +279,7 @@ class Command(BaseCommand):
         # 2/3 of the products are owned by AE
         clubs = [ae, ae, ae, ae, ae, ae, *other_clubs]
         products = []
+        prices = []
         buying_groups = []
         selling_places = []
         for _ in range(200):
@@ -356,25 +290,28 @@ class Command(BaseCommand):
                 product_type=random.choice(categories),
                 code="".join(self.faker.random_letters(length=random.randint(4, 8))),
                 purchase_price=price,
-                selling_price=price,
-                special_selling_price=price - min(0.5, price),
                 club=random.choice(clubs),
                 limit_age=0 if random.random() > 0.2 else 18,
-                archived=bool(random.random() > 0.7),
+                archived=self.faker.boolean(60),
             )
             products.append(product)
-            # there will be products without buying groups
-            # but there are also such products in the real database
-            buying_groups.extend(
-                Product.buying_groups.through(product=product, group=group)
-                for group in random.sample(groups, k=random.randint(0, 3))
-            )
+            for i in range(random.randint(0, 3)):
+                product_price = Price(
+                    amount=price, product=product, is_always_shown=self.faker.boolean()
+                )
+                # prices for non-subscribers will be higher than for subscribers
+                price *= 1.2
+                prices.append(product_price)
+                buying_groups.append(
+                    Price.groups.through(price=product_price, group=groups[i])
+                )
             selling_places.extend(
                 Counter.products.through(counter=counter, product=product)
                 for counter in random.sample(counters, random.randint(0, 4))
             )
         Product.objects.bulk_create(products)
-        Product.buying_groups.through.objects.bulk_create(buying_groups)
+        Price.objects.bulk_create(prices)
+        Price.groups.through.objects.bulk_create(buying_groups)
         Counter.products.through.objects.bulk_create(selling_places)
 
     def create_sales(self, sellers: list[User]):
@@ -388,7 +325,7 @@ class Command(BaseCommand):
                 )
             )
         )
-        products = list(Product.objects.all())
+        prices = list(Price.objects.select_related("product").all())
         counters = list(
             Counter.objects.filter(name__in=["Foyer", "MDE", "La Gommette"])
         )
@@ -398,14 +335,14 @@ class Command(BaseCommand):
             # the longer the customer has existed, the higher the mean of nb_products
             mu = 5 + (now().year - customer.since.year) * 2
             nb_sales = max(0, int(random.normalvariate(mu=mu, sigma=mu * 5)))
-            favoured_products = random.sample(products, k=(random.randint(1, 5)))
+            favoured_prices = random.sample(prices, k=(random.randint(1, 5)))
             favoured_counter = random.choice(counters)
             this_customer_sales = []
             for _ in range(nb_sales):
-                product = (
-                    random.choice(favoured_products)
+                price = (
+                    random.choice(favoured_prices)
                     if random.random() > 0.7
-                    else random.choice(products)
+                    else random.choice(prices)
                 )
                 counter = (
                     favoured_counter
@@ -414,11 +351,11 @@ class Command(BaseCommand):
                 )
                 this_customer_sales.append(
                     Selling(
-                        product=product,
+                        product=price.product,
                         counter=counter,
-                        club_id=product.club_id,
+                        club_id=price.product.club_id,
                         quantity=random.randint(1, 5),
-                        unit_price=product.selling_price,
+                        unit_price=price.amount,
                         seller=random.choice(sellers),
                         customer=customer,
                         date=make_aware(
@@ -478,7 +415,7 @@ class Command(BaseCommand):
         Permanency.objects.bulk_create(perms)
 
     def create_forums(self):
-        forumers = list(User.objects.order_by("?")[:100])
+        forumers = random.sample(list(User.objects.all()), 100)
         most_actives = random.sample(forumers, 10)
         categories = list(Forum.objects.filter(is_category=True))
         new_forums = [
@@ -496,7 +433,7 @@ class Command(BaseCommand):
             for _ in range(100)
         ]
         ForumTopic.objects.bulk_create(new_topics)
-        topics = list(ForumTopic.objects.values_list("id", flat=True))
+        topics = list(ForumTopic.objects.all())
 
         def get_author():
             if random.random() > 0.5:
@@ -504,7 +441,7 @@ class Command(BaseCommand):
             return random.choice(forumers)
 
         messages = []
-        for topic_id in topics:
+        for t in topics:
             nb_messages = max(1, int(random.normalvariate(mu=90, sigma=50)))
             dates = sorted(
                 [
@@ -516,7 +453,7 @@ class Command(BaseCommand):
             messages.extend(
                 [
                     ForumMessage(
-                        topic_id=topic_id,
+                        topic=t,
                         author=get_author(),
                         date=d,
                         message="\n\n".join(

core/migrations/0049_user_whitelisted_users.py

@@ -0,0 +1,37 @@
+# Generated by Django 5.2.12 on 2026-03-14 08:39
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("core", "0048_alter_user_options")]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="whitelisted_users",
+            field=models.ManyToManyField(
+                blank=True,
+                help_text=(
+                    "Even if this profile is hidden, "
+                    "the users in this list will still be able to see it."
+                ),
+                related_name="visible_by_whitelist",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="whitelisted users",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="preferences",
+            name="show_my_stats",
+            field=models.BooleanField(
+                default=False,
+                help_text=(
+                    "Allow subscribers (or whitelisted users "
+                    "if your profile is hidden) to access your AE account stats."
+                ),
+                verbose_name="show your stats to others",
+            ),
+        ),
+    ]

core/migrations/0050_alter_sithfile_moderator.py

@@ -0,0 +1,47 @@
+# Generated by Django 5.2.12 on 2026-05-01 08:59
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+from django.db.migrations.state import StateApps
+from django.db.models import F
+
+
+def set_updated_at(apps: StateApps, schema_editor):
+    SithFile = apps.get_model("core", "SithFile")
+    SithFile.objects.update(updated_at=F("date"))
+
+
+class Migration(migrations.Migration):
+    dependencies = [("core", "0049_user_whitelisted_users")]
+
+    operations = [
+        migrations.AlterField(
+            model_name="sithfile",
+            name="moderator",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="moderated_files",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="sithfile",
+            name="owner",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="owned_files",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AddField(
+            model_name="sithfile",
+            name="updated_at",
+            field=models.DateTimeField(auto_now=True, verbose_name="updated at"),
+        ),
+        migrations.RunPython(set_updated_at, reverse_code=migrations.RunPython.noop),
+    ]

core/models.py

@@ -131,7 +131,9 @@ class UserQuerySet(models.QuerySet):
         if user.has_perm("core.view_hidden_user"):
             return self
         if user.has_perm("core.view_user"):
-            return self.filter(is_viewable=True)
+            return self.filter(
+                Q(is_viewable=True) | Q(whitelisted_users=user) | Q(pk=user.pk)
+            )
         if user.is_anonymous:
             return self.none()
         return self.filter(id=user.id)
@@ -279,6 +281,16 @@ class User(AbstractUser):
         ),
         default=True,
     )
+    whitelisted_users = models.ManyToManyField(
+        "User",
+        related_name="visible_by_whitelist",
+        verbose_name=_("whitelisted users"),
+        help_text=_(
+            "Even if this profile is hidden, "
+            "the users in this list will still be able to see it."
+        ),
+        blank=True,
+    )
     godfathers = models.ManyToManyField("User", related_name="godchildren", blank=True)
 
     objects = CustomUserManager()
@@ -356,23 +368,27 @@ class User(AbstractUser):
         )
         if group_id is None:
             return False
-        if group_id == settings.SITH_GROUP_SUBSCRIBERS_ID:
-            return self.is_subscribed
-        if group_id == settings.SITH_GROUP_ROOT_ID:
-            return self.is_root
-        return any(g.id == group_id for g in self.cached_groups)
+        return group_id in self.all_groups
 
     @cached_property
-    def cached_groups(self) -> list[Group]:
+    def all_groups(self) -> dict[int, Group]:
         """Get the list of groups this user is in."""
-        return list(self.groups.all())
+        additional_groups = []
+        if self.is_subscribed:
+            additional_groups.append(settings.SITH_GROUP_SUBSCRIBERS_ID)
+        if self.is_superuser:
+            additional_groups.append(settings.SITH_GROUP_ROOT_ID)
+        qs = self.groups.all()
+        if additional_groups:
+            # This is somewhat counter-intuitive, but this query runs way faster with
+            # a UNION rather than a OR (in average, 0.25ms vs 14ms).
+            # For the why, cf. https://dba.stackexchange.com/questions/293836/why-is-an-or-statement-slower-than-union
+            qs = qs.union(Group.objects.filter(id__in=additional_groups))
+        return {g.id: g for g in qs}
 
     @cached_property
     def is_root(self) -> bool:
-        if self.is_superuser:
-            return True
-        root_id = settings.SITH_GROUP_ROOT_ID
-        return any(g.id == root_id for g in self.cached_groups)
+        return self.is_superuser or settings.SITH_GROUP_ROOT_ID in self.all_groups
 
     @cached_property
     def is_board_member(self) -> bool:
@@ -514,7 +530,7 @@ class User(AbstractUser):
         self.username = user_name
         return user_name
 
-    def is_owner(self, obj):
+    def is_owner(self, obj: models.Model):
         """Determine if the object is owned by the user."""
         if hasattr(obj, "is_owned_by") and obj.is_owned_by(self):
             return True
@@ -522,7 +538,7 @@ class User(AbstractUser):
             return True
         return self.is_root
 
-    def can_edit(self, obj):
+    def can_edit(self, obj: models.Model):
         """Determine if the object can be edited by the user."""
         if hasattr(obj, "can_be_edited_by") and obj.can_be_edited_by(self):
             return True
@@ -536,11 +552,9 @@ class User(AbstractUser):
                 pks = list(obj.edit_groups.values_list("id", flat=True))
             if any(self.is_in_group(pk=pk) for pk in pks):
                 return True
-        if isinstance(obj, User) and obj == self:
-            return True
         return self.is_owner(obj)
 
-    def can_view(self, obj):
+    def can_view(self, obj: models.Model):
         """Determine if the object can be viewed by the user."""
         if hasattr(obj, "can_be_viewed_by") and obj.can_be_viewed_by(self):
             return True
@@ -559,14 +573,35 @@ class User(AbstractUser):
                 return True
         return self.can_edit(obj)
 
-    def can_be_edited_by(self, user):
-        return user.is_root or user.is_board_member
+    def can_be_edited_by(self, user: User):
+        return user == self or user.is_root or user.is_board_member
 
     def can_be_viewed_by(self, user: User) -> bool:
+        """Check if the given user can be viewed by this user.
+
+        Given users A and B. A can be viewed by B if :
+
+        - A and B are the same user
+        - or B has the permission to view hidden users
+        - or B can view users in general and A didn't hide its profile
+        - or B is in A's whitelist.
+        """
+
+        def is_in_whitelist(u: User):
+            if (
+                hasattr(self, "_prefetched_objects_cache")
+                and "whitelisted_users" in self._prefetched_objects_cache
+            ):
+                return u in self.whitelisted_users.all()
+            return self.whitelisted_users.contains(u)
+
         return (
             user.id == self.id
             or user.has_perm("core.view_hidden_user")
-            or (user.has_perm("core.view_user") and self.is_viewable)
+            or (
+                user.has_perm("core.view_user")
+                and (self.is_viewable or is_in_whitelist(user))
+            )
         )
 
     def get_mini_item(self):
@@ -746,7 +781,14 @@ class Preferences(models.Model):
         User, related_name="_preferences", on_delete=models.CASCADE
     )
     receive_weekmail = models.BooleanField(_("receive the Weekmail"), default=False)
-    show_my_stats = models.BooleanField(_("show your stats to others"), default=False)
+    show_my_stats = models.BooleanField(
+        _("show your stats to others"),
+        help_text=_(
+            "Allow subscribers (or whitelisted users "
+            "if your profile is hidden) to access your AE account stats."
+        ),
+        default=False,
+    )
     notify_on_click = models.BooleanField(
         _("get a notification for every click"), default=False
     )
@@ -811,7 +853,7 @@ class SithFile(models.Model):
         User,
         related_name="owned_files",
         verbose_name=_("owner"),
-        on_delete=models.CASCADE,
+        on_delete=models.PROTECT,
     )
     edit_groups = models.ManyToManyField(
         Group, related_name="editable_files", verbose_name=_("edit group"), blank=True
@@ -823,6 +865,7 @@ class SithFile(models.Model):
     mime_type = models.CharField(_("mime type"), max_length=30)
     size = models.IntegerField(_("size"), default=0)
     date = models.DateTimeField(_("date"), default=timezone.now)
+    updated_at = models.DateTimeField(_("updated at"), auto_now=True)
     is_moderated = models.BooleanField(_("is moderated"), default=False)
     moderator = models.ForeignKey(
         User,
@@ -830,7 +873,7 @@ class SithFile(models.Model):
         verbose_name=_("owner"),
         null=True,
         blank=True,
-        on_delete=models.CASCADE,
+        on_delete=models.SET_NULL,
     )
     asked_for_removal = models.BooleanField(_("asked for removal"), default=False)
     is_in_sas = models.BooleanField(
@@ -844,8 +887,10 @@ class SithFile(models.Model):
         return self.get_parent_path() + "/" + self.name
 
     def save(self, *args, **kwargs):
-        sas = SithFile.objects.filter(id=settings.SITH_SAS_ROOT_DIR_ID).first()
-        self.is_in_sas = sas in self.get_parent_list() or self == sas
+        sas_id = settings.SITH_SAS_ROOT_DIR_ID
+        self.is_in_sas = self.id == sas_id or any(
+            p.id == sas_id for p in self.get_parent_list()
+        )
         adding = self._state.adding
         super().save(*args, **kwargs)
         if adding:
@@ -1099,10 +1144,7 @@ class PageQuerySet(models.QuerySet):
             return self.filter(view_groups=settings.SITH_GROUP_PUBLIC_ID)
         if user.has_perm("core.view_page"):
             return self.all()
-        groups_ids = [g.id for g in user.cached_groups]
-        if user.is_subscribed:
-            groups_ids.append(settings.SITH_GROUP_SUBSCRIBERS_ID)
-        return self.filter(view_groups__in=groups_ids)
+        return self.filter(view_groups__in=user.all_groups)
 
 
 # This function prevents generating migration upon settings change
@@ -1376,7 +1418,7 @@ class PageRev(models.Model):
         return self.page.can_be_edited_by(user)
 
     def is_owned_by(self, user: User) -> bool:
-        return any(g.id == self.page.owner_group_id for g in user.cached_groups)
+        return self.page.owner_group_id in user.all_groups
 
     def similarity_ratio(self, text: str) -> float:
         """Similarity ratio between this revision's content and the given text.

core/static/bundled/alpine-index.js

@@ -1,10 +1,9 @@
-import { morph } from "@alpinejs/morph";
 import sort from "@alpinejs/sort";
 import Alpine from "alpinejs";
 import { limitedChoices } from "#core:alpine/limited-choices.ts";
 import { alpinePlugin as notificationPlugin } from "#core:utils/notifications.ts";
 
-Alpine.plugin([sort, morph, limitedChoices]);
+Alpine.plugin([sort, limitedChoices]);
 Alpine.magic("notifications", notificationPlugin);
 window.Alpine = Alpine;
 

core/static/bundled/core/components/include-index.ts

@@ -1,18 +1,136 @@
-import { inheritHtmlElement, registerComponent } from "#core:utils/web-components.ts";
+import {
+  type InheritedHtmlElement,
+  inheritHtmlElement,
+  registerComponent,
+} from "#core:utils/web-components.ts";
+
+/**
+ * ElementOnce web components
+ *
+ * Those elements ensures that their content is always included only once on a document
+ * They are compatible with elements that are not managed with our Web Components
+ **/
+export interface ElementOnce<K extends keyof HTMLElementTagNameMap>
+  extends InheritedHtmlElement<K> {
+  getElementQuerySelector(): string;
+  refresh(): void;
+}
+
+/**
+ * Create an abstract class for ElementOnce types Web Components
+ **/
+export function elementOnce<K extends keyof HTMLElementTagNameMap>(tagName: K) {
+  abstract class ElementOnceImpl
+    extends inheritHtmlElement(tagName)
+    implements ElementOnce<K>
+  {
+    abstract getElementQuerySelector(): string;
+
+    clearNode() {
+      while (this.firstChild) {
+        this.removeChild(this.lastChild);
+      }
+    }
+
+    refresh() {
+      this.clearNode();
+      if (document.querySelectorAll(this.getElementQuerySelector()).length === 0) {
+        this.appendChild(this.node);
+      }
+    }
+
+    connectedCallback() {
+      super.connectedCallback(false);
+      this.refresh();
+    }
+
+    disconnectedCallback() {
+      // The MutationObserver can't see web components being removed
+      // It also can't see if something is removed inside after the component gets deleted
+      // We need to manually clear the containing node to trigger the observer
+      this.clearNode();
+    }
+  }
+  return ElementOnceImpl;
+}
+
+// Set of ElementOnce type components to refresh with the observer
+const registeredComponents: Set<string> = new Set();
+
+/**
+ * Helper to register ElementOnce types Web Components
+ * It's a wrapper around registerComponent that registers that component on
+ * a MutationObserver that activates a refresh on them when elements are removed
+ *
+ * You are not supposed to unregister an element
+ **/
+export function registerElementOnce(name: string, options?: ElementDefinitionOptions) {
+  registeredComponents.add(name);
+  return registerComponent(name, options);
+}
+
+// Refresh all ElementOnce components on the document based on the tag name of the removed element
+const refreshElement = <
+  T extends keyof HTMLElementTagNameMap,
+  K extends keyof HTMLElementTagNameMap,
+>(
+  components: HTMLCollectionOf<ElementOnce<T>>,
+  removedTagName: K,
+) => {
+  for (const element of components) {
+    // We can't guess if an element is compatible before we get one
+    // We exit the function completely if it's not compatible
+    if (element.inheritedTagName.toUpperCase() !== removedTagName.toUpperCase()) {
+      return;
+    }
+
+    element.refresh();
+  }
+};
+
+// Since we need to pause the observer, we make an helper to start it with consistent arguments
+const startObserver = (observer: MutationObserver) => {
+  observer.observe(document, {
+    // We want to also listen for elements contained in the header (eg: link)
+    subtree: true,
+    childList: true,
+  });
+};
+
+// Refresh ElementOnce components when changes happens
+const observer = new MutationObserver((mutations: MutationRecord[]) => {
+  // To avoid infinite recursion, we need to pause the observer while manipulation nodes
+  observer.disconnect();
+  for (const mutation of mutations) {
+    for (const node of mutation.removedNodes) {
+      if (node.nodeType !== node.ELEMENT_NODE) {
+        continue;
+      }
+      for (const registered of registeredComponents) {
+        refreshElement(
+          document.getElementsByTagName(registered) as HTMLCollectionOf<
+            ElementOnce<"html"> // The specific tag doesn't really matter
+          >,
+          (node as HTMLElement).tagName as keyof HTMLElementTagNameMap,
+        );
+      }
+    }
+  }
+  // We then resume the observer
+  startObserver(observer);
+});
+
+startObserver(observer);
 
 /**
  * Web component used to import css files only once
  * If called multiple times or the file was already imported, it does nothing
  **/
-@registerComponent("link-once")
-export class LinkOnce extends inheritHtmlElement("link") {
-  connectedCallback() {
-    super.connectedCallback(false);
+@registerElementOnce("link-once")
+export class LinkOnce extends elementOnce("link") {
+  getElementQuerySelector(): string {
     // We get href from node.attributes instead of node.href to avoid getting the domain part
-    const href = this.node.attributes.getNamedItem("href").nodeValue;
-    if (document.querySelectorAll(`link[href='${href}']`).length === 0) {
-      this.appendChild(this.node);
-    }
+    return `link[href='${this.node.attributes.getNamedItem("href").nodeValue}']`;
   }
 }
 
@@ -20,14 +138,10 @@ export class LinkOnce extends inheritHtmlElement("link") {
  * Web component used to import javascript files only once
  * If called multiple times or the file was already imported, it does nothing
  **/
-@registerComponent("script-once")
+@registerElementOnce("script-once")
 export class ScriptOnce extends inheritHtmlElement("script") {
-  connectedCallback() {
-    super.connectedCallback(false);
-    // We get src from node.attributes instead of node.src to avoid getting the domain part
-    const src = this.node.attributes.getNamedItem("src").nodeValue;
-    if (document.querySelectorAll(`script[src='${src}']`).length === 0) {
-      this.appendChild(this.node);
-    }
+  getElementQuerySelector(): string {
+    // We get href from node.attributes instead of node.src to avoid getting the domain part
+    return `script[src='${this.node.attributes.getNamedItem("src").nodeValue}']`;
   }
 }

core/static/bundled/core/components/nfc-input-index.ts

@@ -26,7 +26,6 @@ export class NfcInput extends inheritHtmlElement("input") {
         window.alert(gettext("Unsupported NFC card"));
       });
 
-      // biome-ignore lint/correctness/noUndeclaredVariables: browser API
       ndef.addEventListener("reading", (event: NDEFReadingEvent) => {
         this.removeAttribute("scan");
         this.node.value = event.serialNumber.replace(/:/g, "").toUpperCase();

core/static/bundled/core/components/tabs-index.ts

@@ -28,7 +28,7 @@ export class Tab extends HTMLElement {
     return html`
     	<button
 	    	role="tab"
-	    	?aria-selected=${this.active}
+	    	?aria-selected="${this.active}"
     		class="tab-header clickable ${this.active ? "active" : ""}"
     		@click="${() => this.setActive(true)}"
     	>
@@ -40,7 +40,7 @@ export class Tab extends HTMLElement {
     return html`
     	<section
     		class="tab-section"
-    		?hidden=${!this.active}
+    		?hidden="${!this.active}"
     	>
 	    	${unsafeHTML(this.getContentHtml())}
 	    </section>

core/static/bundled/core/dynamic-formset-index.ts

@@ -0,0 +1,77 @@
+interface Config {
+  /**
+   * The prefix of the formset, in case it has been changed.
+   * See https://docs.djangoproject.com/fr/stable/topics/forms/formsets/#customizing-a-formset-s-prefix
+   */
+  prefix?: string;
+}
+
+// biome-ignore lint/style/useNamingConvention: It's the DOM API naming
+type HTMLFormInputElement = HTMLInputElement | HTMLSelectElement | HTMLTextAreaElement;
+
+document.addEventListener("alpine:init", () => {
+  /**
+   * Alpine data element to allow the dynamic addition of forms to a formset.
+   *
+   * To use this, you need :
+   * - an HTML element containing the existing forms, noted by `x-ref="formContainer"`
+   * - a template containing the empty form
+   *   (that you can obtain jinja-side with `{{ formset.empty_form }}`),
+   *   noted by `x-ref="formTemplate"`
+   * - a button with `@click="addForm"`
+   * - you may also have one or more buttons with `@click="removeForm(element)"`,
+   *   where `element` is the HTML element containing the form.
+   *
+   * For an example of how this is used, you can have a look to
+   * `counter/templates/counter/product_form.jinja`
+   */
+  Alpine.data("dynamicFormSet", (config?: Config) => ({
+    init() {
+      this.formContainer = this.$refs.formContainer as HTMLElement;
+      this.nbForms = this.formContainer.children.length as number;
+      this.template = this.$refs.formTemplate as HTMLTemplateElement;
+      const prefix = config?.prefix ?? "form";
+      this.$root
+        .querySelector(`#id_${prefix}-TOTAL_FORMS`)
+        .setAttribute(":value", "nbForms");
+    },
+
+    addForm() {
+      this.formContainer.appendChild(document.importNode(this.template.content, true));
+      const newForm = this.formContainer.lastElementChild;
+      const inputs: NodeListOf<HTMLFormInputElement> = newForm.querySelectorAll(
+        "input, select, textarea",
+      );
+      for (const el of inputs) {
+        el.name = el.name.replace("__prefix__", this.nbForms.toString());
+        el.id = el.id.replace("__prefix__", this.nbForms.toString());
+      }
+      const labels: NodeListOf<HTMLLabelElement> = newForm.querySelectorAll("label");
+      for (const el of labels) {
+        el.htmlFor = el.htmlFor.replace("__prefix__", this.nbForms.toString());
+      }
+      inputs[0].focus();
+      this.nbForms += 1;
+    },
+
+    removeForm(container: HTMLDivElement) {
+      container.remove();
+      this.nbForms -= 1;
+      // adjust the id of remaining forms
+      for (let i = 0; i < this.nbForms; i++) {
+        const form: HTMLDivElement = this.formContainer.children[i];
+        const inputs: NodeListOf<HTMLFormInputElement> = form.querySelectorAll(
+          "input, select, textarea",
+        );
+        for (const el of inputs) {
+          el.name = el.name.replace(/\d+/, i.toString());
+          el.id = el.id.replace(/\d+/, i.toString());
+        }
+        const labels: NodeListOf<HTMLLabelElement> = form.querySelectorAll("label");
+        for (const el of labels) {
+          el.htmlFor = el.htmlFor.replace(/\d+/, i.toString());
+        }
+      }
+    },
+  }));
+});

core/static/bundled/htmx-index.js

@@ -1,5 +1,4 @@
 import htmx from "htmx.org";
-import "htmx-ext-alpine-morph";
 
 document.body.addEventListener("htmx:beforeRequest", (event) => {
   event.detail.target.ariaBusy = true;

core/static/bundled/utils/web-components.ts

@@ -23,10 +23,17 @@ export function registerComponent(name: string, options?: ElementDefinitionOptio
  * The technique is to:
  *  create a new web component
  *  create the desired type inside
- *  pass all attributes to the child component
+ *  move all attributes to the child component
  *  store is at as `node` inside the parent
- *
- * Since we can't use the generic type to instantiate the node, we create a generator function
+ **/
+export interface InheritedHtmlElement<K extends keyof HTMLElementTagNameMap>
+  extends HTMLElement {
+  readonly inheritedTagName: K;
+  node: HTMLElementTagNameMap[K];
+}
+
+/**
+ * Generator function that creates an InheritedHtmlElement compatible class
  *
  * ```js
  * class MyClass extends inheritHtmlElement("select") {
@@ -35,11 +42,24 @@ export function registerComponent(name: string, options?: ElementDefinitionOptio
  * ```
  **/
 export function inheritHtmlElement<K extends keyof HTMLElementTagNameMap>(tagName: K) {
-  return class Inherited extends HTMLElement {
-    protected node: HTMLElementTagNameMap[K];
+  return class InheritedHtmlElementImpl
+    extends HTMLElement
+    implements InheritedHtmlElement<K>
+  {
+    readonly inheritedTagName = tagName;
+    private readonly initializedAttribute = "component-initialized";
+    node: HTMLElementTagNameMap[K];
 
     connectedCallback(autoAddNode?: boolean) {
-      this.node = document.createElement(tagName);
+      // When nesting inherited elements, we might trigger the wrapping twice
+      // To avoid this, we tag a created element as initialized
+      // We then skip the initialization step and grab the inner content as the node
+      if (this.hasAttribute(this.initializedAttribute)) {
+        this.node = this.firstChild as HTMLElementTagNameMap[K];
+        return;
+      }
+
+      this.node = document.createElement(this.inheritedTagName);
       const attributes: Attr[] = []; // We need to make a copy to delete while iterating
       for (const attr of this.attributes) {
         if (attr.name in this.node) {
@@ -47,6 +67,12 @@ export function inheritHtmlElement<K extends keyof HTMLElementTagNameMap>(tagNam
         }
       }
 
+      this.setAttribute(this.initializedAttribute, "");
+
+      // We move compatible attributes to the child element
+      // This avoids weird inconsistencies between attributes
+      // when we manipulate the dom in the future
+      // This is especially important when using attribute based reactivity
       for (const attr of attributes) {
         this.removeAttributeNode(attr);
         this.node.setAttributeNode(attr);

core/static/core/accordion.scss

@@ -53,7 +53,7 @@ details.accordion>.accordion-content {
     opacity: 0;
 
     @supports (max-height: calc-size(max-content, size)) {
-      max-height: 0px;
+      max-height: 0;
     }
   }
 
@@ -71,11 +71,12 @@ details.accordion>.accordion-content {
   }
 }
 
-// ::details-content isn't available on firefox yet
+// ::details-content is available on firefox only since september 2025
+// (and wasn't available when this code was initially written)
 // we use .accordion-content as a workaround
 // But we need to use ::details-content for chrome because it's
 // not working correctly otherwise
-// it only happen in chrome, not safari or firefox
+// it only happens in chrome, not safari or firefox
 // Note: `selector` is not supported by scss so we comment it out to
 // avoid compiling it and sending it straight to the css
 // This is a trick that comes from here :

core/static/core/base.css

@@ -115,7 +115,6 @@ blockquote:before,
 blockquote:after,
 q:before,
 q:after {
-  content: "";
   content: none;
 }
 table {

core/static/core/components/card.scss

@@ -16,13 +16,6 @@
   }
 }
 
-.card-group {
-  display: flex;
-  gap: 15px;
-  margin-bottom: 30px;
-  flex-wrap: wrap;
-}
-
 .card {
   background-color: $primary-neutral-light-color;
   border-radius: 5px;
@@ -99,23 +92,13 @@
   }
 
   @media screen and (max-width: 765px) {
-    @include row-layout;
+    @include row-layout
   }
 
   // When combined with card, card-row display the card in a row layout,
   // whatever the size of the screen.
   &.card-row {
-    @include row-layout;
-
-    &.card-row-m {
-      //width: 50%;
-      max-width: 50%;
-    }
-
-    &.card-row-s {
-      //width: 33%;
-      max-width: 33%;
-    }
+    @include row-layout
   }
 }
 

core/static/core/forms.scss

@@ -157,6 +157,7 @@ form {
     margin-bottom: .25rem;
     font-size: 80%;
     display: block;
+    max-width: calc(100% - calc(var(--nf-input-size) * 2))
   }
 
   fieldset {

core/static/core/style.scss

@@ -271,7 +271,7 @@ body {
 
   /*--------------------------------CONTENT------------------------------*/
   #content {
-    padding: 1em 1%;
+    padding: 1.5em 3%;
     box-shadow: $shadow-color 0 5px 10px;
     background: $white-color;
     overflow: auto;

core/static/core/tooltips.scss

@@ -10,9 +10,10 @@
   border-radius: 5px;
   padding: 5px 10px;
   position: absolute;
+  white-space: nowrap;
   opacity: 0;
   transition: opacity 500ms ease-out;
-  width: max-content;
+
   white-space: normal;
 
   left: 0;

core/static/user/user_edit.scss

@@ -5,17 +5,6 @@
 }
 
 .profile {
-  &-visible {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: 5px;
-    padding-top: 10px;
-    input[type="checkbox"]+label {
-      max-width: unset;
-    }
-  }
-
   &-pictures {
     box-sizing: border-box;
     display: flex;

core/static/user/user_preferences.scss

@@ -19,28 +19,6 @@
       }
     }
   }
-
-  &-cards,
-  &-trombi {
-    >p {
-      display: flex;
-      flex-direction: column;
-      align-items: flex-start;
-      text-align: justify;
-      gap: 5px;
-      margin: 0;
-
-      >input,
-      >select {
-        min-width: 300px;
-      }
-    }
-  }
-
-  &-submit-btn {
-    margin-top: 10px !important;
-    max-width: 100px;
-  }
 }
 
 .justify {

core/templates/core/base.jinja

@@ -35,8 +35,8 @@
       <noscript><link rel="stylesheet" href="{{ static('bundled/fontawesome-index.css') }}"></noscript>
 
       <script src="{{ url('javascript-catalog') }}"></script>
-      <script type="module" src={{ static("bundled/core/navbar-index.ts") }}></script>
-      <script type="module" src={{ static("bundled/core/components/include-index.ts") }}></script>
+      <script type="module" src="{{ static("bundled/core/navbar-index.ts") }}"></script>
+      <script type="module" src="{{ static("bundled/core/components/include-index.ts") }}"></script>
       <script type="module" src="{{ static('bundled/alpine-index.js') }}"></script>
       <script type="module" src="{{ static('bundled/htmx-index.js') }}"></script>
       <script type="module" src="{{ static('bundled/country-flags-index.ts') }}"></script>

core/templates/core/base/navbar.jinja

@@ -5,9 +5,8 @@
     <details name="navbar" class="menu">
       <summary class="head">{% trans %}Associations & Clubs{% endtrans %}</summary>
       <ul class="content">
-        <li><a href="{{ url('core:page', page_name='ae') }}">{% trans %}AE{% endtrans %}</a></li>
-        <li><a href="{{ url('core:page', page_name='clubs') }}">{% trans %}AE's clubs{% endtrans %}</a></li>
-        <li><a href="{{ url('core:page', page_name='utbm-associations') }}">{% trans %}Others UTBM's Associations{% endtrans %}</a></li>
+        <li><a href="{{ url("core:page", page_name="ae") }}">{% trans %}AE{% endtrans %}</a></li>
+        <li><a href="{{ url("club:club_list") }}">{% trans %}AE's clubs{% endtrans %}</a></li>
       </ul>
     </details>
     <details name="navbar" class="menu">

core/templates/core/base/notifications.jinja

@@ -1,16 +1,13 @@
 <div id="quick-notifications"
-     x-data="{
+     x-data='{
              messages: [
-             {% if messages %}
-               {% for message in messages %}
-                 {
-                 tag: '{{ message.tags }}',
-                 text: '{{ message }}',
-                 },
-               {% endfor %}
-             {% endif %}
+             {%- for message in messages -%}
+               {%- if not message.extra_tags -%}
+                 { tag: {{ message.tags|string|tojson }}, text: {{ message|string|tojson }} },
+               {%- endif -%}
+             {%- endfor -%}
              ]
-             }"
+             }'
      @quick-notification-add="(e) => messages.push(e?.detail)"
      @quick-notification-delete="messages = []">
   <template x-for="(message, index) in messages">

core/templates/core/create.jinja

@@ -1,11 +1,18 @@
 {% extends "core/base.jinja" %}
 
+{# if the template context has the `object_name` variable,
+   then this one will be used in the page title,
+   instead of the result of `str(object)` #}
+{% if not object_name %}
+  {% set object_name=form.instance.__class__._meta.verbose_name %}
+{% endif %}
+
 {% block title %}
-  {% trans name=form.instance.__class__._meta.verbose_name %}Create {{ name }}{% endtrans %}
+  {% trans name=object_name %}Create {{ name }}{% endtrans %}
 {% endblock %}
 
 {% block content %}
-  <h2>{% trans name=form.instance.__class__._meta.verbose_name %}Create {{ name }}{% endtrans %}</h2>
+  <h2>{% trans name=object_name %}Create {{ name }}{% endtrans %}</h2>
   <form action="" method="post" enctype="multipart/form-data">
     {% csrf_token %}
     {{ form.as_p() }}

core/templates/core/file_moderation.jinja

@@ -33,7 +33,8 @@
           <a href="{{ url("core:file_detail", file_id=f.id) }}">{{ f.name }}</a><br/>
           {% trans %}Full name: {% endtrans %}{{ f.get_parent_path()+'/'+f.name }}<br/>
           {% trans %}Owner: {% endtrans %}{{ f.owner.get_display_name() }}<br/>
-          {% trans %}Date: {% endtrans %}{{ f.date|date(DATE_FORMAT) }} {{ f.date|time(TIME_FORMAT) }}<br/>
+          {% trans %}Date: {% endtrans %}
+          {{ f.date|date(DATE_FORMAT) }} {{ f.date|time(TIME_FORMAT) }}<br/>
         </p>
         <p><button
           hx-get="{{ url('core:file_moderate', file_id=f.id) }}"
@@ -48,6 +49,6 @@
           >{% trans %}Delete{% endtrans %}</button></p>
       </div>
     {% endfor %}
-    {{ paginate_htmx(page_obj, paginator) }}
+    {{ paginate_htmx(request, page_obj, paginator) }}
   </div>
 {% endblock %}

core/templates/core/fragment/user_visibility.jinja

@@ -0,0 +1,33 @@
+<form
+  hx-post="{{ url("core:user_visibility_fragment", user_id=form.instance.id) }}"
+  hx-disabled-elt="find input[type='submit']"
+  hx-swap="outerHTML" x-data="{ isViewable: {{ form.is_viewable.value()|tojson }} }"
+>
+  {% for message in messages %}
+    {% if message.extra_tags=="visibility" %}
+      <div class="alert alert-success">
+        {{ message }}
+      </div>
+    {% endif %}
+  {% endfor %}
+  {% csrf_token %}
+  {{ form.non_field_errors() }}
+  <fieldset class="form-group">
+    {{ form.is_viewable|add_attr("x-model=isViewable") }}
+    {{ form.is_viewable.label_tag() }}
+    <span class="helptext">{{ form.is_viewable.help_text }}</span>
+    {{ form.is_viewable.errors }}
+  </fieldset>
+  <fieldset class="form-group" x-show="!isViewable" x-transition x-cloak>
+    {{ form.whitelisted_users.as_field_group() }}
+  </fieldset>
+  <fieldset class="form-group">
+    {{ form.show_my_stats }}
+    {{ form.show_my_stats.label_tag() }}
+    <span class="helptext">
+      {{ form.show_my_stats.help_text }}
+    </span>
+    {{ form.show_my_stats.errors }}
+  </fieldset>
+  <input type="submit" class="btn btn-blue" value="{% trans %}Save{% endtrans %}">
+</form>

core/templates/core/macros.jinja

@@ -118,20 +118,21 @@
   </nav>
 {% endmacro %}
 
-{% macro paginate_jinja(current_page, paginator) %}
+{% macro paginate_jinja(request, current_page, paginator) %}
     {# Add pagination buttons for pages without Alpine.
 
     This must be coupled with a view that handles pagination
     with the Django Paginator object.
 
     Parameters:
+        request (django.http.request.HttpRequest): the current django request
         current_page (django.core.paginator.Page): the current page object
         paginator (django.core.paginator.Paginator): the paginator object
     #}
-  {{ paginate_server_side(current_page, paginator, False) }}
+  {{ paginate_server_side(request, current_page, paginator, "") }}
 {% endmacro %}
 
-{% macro paginate_htmx(current_page, paginator) %}
+{% macro paginate_htmx(request, current_page, paginator, htmx_target="#content") %}
     {# Add pagination buttons for pages without Alpine but supporting fragments.
 
     This must be coupled with a view that handles pagination
@@ -140,24 +141,26 @@
     The replaced fragment will be #content so make sure you are calling this macro inside your content block.
 
     Parameters:
+        request (django.http.request.HttpRequest): the current django request
         current_page (django.core.paginator.Page): the current page object
         paginator (django.core.paginator.Paginator): the paginator object
+        htmx_target (string): htmx target selector (default '#content')
     #}
-  {{ paginate_server_side(current_page, paginator, True) }}
+  {{ paginate_server_side(request, current_page, paginator, htmx_target) }}
 {% endmacro %}
 
-{% macro paginate_server_side(current_page, paginator, use_htmx) %}
+{% macro paginate_server_side(request, current_page, paginator, htmx_target) %}
   <nav class="pagination">
     {% if current_page.has_previous() %}
       <a
-        {% if use_htmx -%}
-          hx-get="?{{ querystring(page=current_page.previous_page_number()) }}"
+        {% if htmx_target -%}
+          hx-get="?{{ querystring(request, page=current_page.previous_page_number()) }}"
           hx-swap="innerHTML"
-          hx-target="#content"
+          hx-target="{{ htmx_target }}"
           hx-push-url="true"
           hx-trigger="click, keyup[key=='ArrowLeft'] from:body"
         {%- else -%}
-          href="?{{ querystring(page=current_page.previous_page_number()) }}"
+          href="?{{ querystring(request, page=current_page.previous_page_number()) }}"
         {%- endif -%}
       >
         <button>
@@ -174,13 +177,13 @@
         <strong>{{ paginator.ELLIPSIS }}</strong>
       {% else %}
         <a
-          {% if use_htmx -%}
-            hx-get="?{{ querystring(page=i) }}"
+          {% if htmx_target -%}
+            hx-get="?{{ querystring(request, page=i) }}"
             hx-swap="innerHTML"
-            hx-target="#content"
+            hx-target="{{ htmx_target }}"
             hx-push-url="true"
           {%- else -%}
-            href="?{{ querystring(page=i) }}"
+            href="?{{ querystring(request, page=i) }}"
           {%- endif -%}
         >
           <button>{{ i }}</button>
@@ -189,14 +192,14 @@
     {% endfor %}
     {% if current_page.has_next() %}
       <a
-        {% if use_htmx -%}
-          hx-get="?{{querystring(page=current_page.next_page_number())}}"
+        {% if htmx_target -%}
+          hx-get="?{{querystring(request, page=current_page.next_page_number())}}"
           hx-swap="innerHTML"
-          hx-target="#content"
+          hx-target="{{ htmx_target }}"
           hx-push-url="true"
           hx-trigger="click, keyup[key=='ArrowRight'] from:body"
         {%- else -%}
-          href="?{{querystring(page=current_page.next_page_number())}}"
+          href="?{{querystring(request, page=current_page.next_page_number())}}"
         {%- endif -%}
       ><button>
         <i class="fa fa-caret-right"></i>
@@ -247,15 +250,8 @@
 {% endmacro %}
 
 
-{% macro querystring() %}
-  {%- for key, values in request.GET.lists() -%}
-    {%- if key not in kwargs -%}
-      {%- for value in values -%}
-        {{ key }}={{ value }}&amp;
-      {%- endfor -%}
-    {%- endif -%}
-  {%- endfor -%}
-  {%- for key, value in kwargs.items() -%}
-    {{ key }}={{ value }}&amp;
-  {%- endfor -%}
+{% macro querystring(request) %}
+  {%- set qs = request.GET.copy() -%}
+  {%- do qs.update(kwargs) -%}
+  {{- qs | urlencode -}}
 {% endmacro %}

core/templates/core/user_clubs.jinja

@@ -23,10 +23,10 @@
       </tr>
     </thead>
     <tbody>
-      {% for m in profile.memberships.filter(end_date=None).all() %}
+      {% for m in profile.memberships.ongoing().select_related("role") %}
         <tr>
           <td><a href="{{ url('club:club_members', club_id=m.club.id) }}">{{ m.club }}</a></td>
-          <td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
+          <td>{{ m.role.name }}</td>
           <td>{{ m.description }}</td>
           <td>{{ m.start_date }}</td>
           {% if m.can_be_edited_by(user) %}
@@ -65,10 +65,10 @@
       </tr>
     </thead>
     <tbody>
-      {% for m in profile.memberships.exclude(end_date=None).all() %}
+      {% for m in profile.memberships.exclude(end_date=None).select_related("role") %}
         <tr>
           <td><a href="{{ url('club:club_members', club_id=m.club.id) }}">{{ m.club }}</a></td>
-          <td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
+          <td>{{ m.role.name }}</td>
           <td>{{ m.description }}</td>
           <td>{{ m.start_date }}</td>
           <td>{{ m.end_date }}</td>

core/templates/core/user_edit.jinja

@@ -147,18 +147,7 @@
       {%- endfor -%}
     </div>
 
-    {# Checkboxes #}
-    <div class="profile-visible">
-      <div class="row">
-        {{ form.is_viewable }}
-        {{ form.is_viewable.label_tag() }}
-      </div>
-      <span class="helptext">
-        {{ form.is_viewable.help_text }}
-      </span>
-    </div>
     <div class="final-actions">
-
       {%- if form.instance == user -%}
         <p>
           <a href="{{ url('core:password_change') }}">{%- trans -%}Change my password{%- endtrans -%}</a>
@@ -170,7 +159,6 @@
           </a>
         </p>
       {%- endif -%}
-
       <p>
         <input type="submit" value="{%- trans -%}Update{%- endtrans -%}" />
       </p>

core/templates/core/user_preferences.jinja

@@ -11,30 +11,22 @@
 {% block content %}
   <div class="main">
     <h2>{% trans %}Preferences{% endtrans %}</h2>
-    <h3>{% trans %}General{% endtrans %}</h3>
-    <form class="form form-general" action="" method="post" enctype="multipart/form-data">
+    <br />
+    <h3>{% trans %}Notifications{% endtrans %}</h3>
+    <form action="" method="post" enctype="multipart/form-data">
       {% csrf_token %}
-      {{ form.as_p() }}
-      <input class="form-submit-btn" type="submit" value="{% trans %}Save{% endtrans %}" />
+      <div class="form form-general">
+        {{ form.as_p() }}
+      </div>
+      <input class="btn btn-blue" type="submit" value="{% trans %}Save{% endtrans %}" />
     </form>
 
-    <h3>{% trans %}Trombi{% endtrans %}</h3>
-
-    {% if trombi_form %}
-      <form class="form form-trombi" action="{{ url('trombi:user_tools') }}" method="post" enctype="multipart/form-data">
-        {% csrf_token %}
-        {{ trombi_form.as_p() }}
-        <input class="form-submit-btn" type="submit" value="{% trans %}Save{% endtrans %}" />
-      </form>
-
-    {% else %}
-      <p>{% trans trombi=profile.trombi_user.trombi %}You already choose to be in that Trombi: {{ trombi }}.{% endtrans %}
-        <br />
-        <a href="{{ url('trombi:user_tools') }}">{% trans %}Go to my Trombi tools{% endtrans %}</a>
-      </p>
-    {% endif %}
+    <br />
+    <h3>{% trans %}Visibility{% endtrans %}</h3>
 
+    {{ user_visibility_fragment }}
 
+    <br />
     {% if student_card_fragment %}
       <h3>{% trans %}Student card{% endtrans %}</h3>
       {{ student_card_fragment }}
@@ -43,5 +35,21 @@
           add a student card yourself, you'll need a NFC reader. We store the UID of the card which is 14 characters long.{% endtrans %}
       </p>
     {% endif %}
+
+    <br />
+    <h3>{% trans %}Trombi{% endtrans %}</h3>
+
+    {% if trombi_form %}
+      <form action="{{ url('trombi:user_tools') }}" method="post" enctype="multipart/form-data">
+        {% csrf_token %}
+        {{ trombi_form.as_p() }}
+        <input class="btn btn-blue" type="submit" value="{% trans %}Save{% endtrans %}" />
+      </form>
+    {% else %}
+      <p>{% trans trombi=profile.trombi_user.trombi %}You already choose to be in that Trombi: {{ trombi }}.{% endtrans %}
+        <br />
+        <a href="{{ url('trombi:user_tools') }}">{% trans %}Go to my Trombi tools{% endtrans %}</a>
+      </p>
+    {% endif %}
   </div>
 {% endblock %}

core/templates/core/widgets/autocomplete_select.jinja

@@ -3,7 +3,7 @@
     <script-once type="module" src="{{ js }}"></script-once>
   {% endfor %}
   {% for css in statics.css %}
-    <link-once rel="stylesheet" type="text/css" href="{{ css }}" defer></link-once>
+    <link-once rel="stylesheet" type="text/css" href="{{ css }}"></link-once>
   {% endfor %}
 
   <{{ component }} name="{{ widget.name }}" {% include "django/forms/widgets/attrs.html" %}>

core/tests/test_core.py

@@ -418,16 +418,16 @@ class TestUserIsInGroup(TestCase):
         group_in = baker.make(Group)
         self.public_user.groups.add(group_in)
 
-        # clear the cached property `User.cached_groups`
-        self.public_user.__dict__.pop("cached_groups", None)
+        # clear the cached property `User.all_groups`
+        self.public_user.__dict__.pop("all_groups", None)
         # Test when the user is in the group
-        with self.assertNumQueries(1):
+        with self.assertNumQueries(2):
             self.public_user.is_in_group(pk=group_in.id)
         with self.assertNumQueries(0):
             self.public_user.is_in_group(pk=group_in.id)
 
         group_not_in = baker.make(Group)
-        self.public_user.__dict__.pop("cached_groups", None)
+        self.public_user.__dict__.pop("all_groups", None)
         # Test when the user is not in the group
         with self.assertNumQueries(1):
             self.public_user.is_in_group(pk=group_not_in.id)

core/tests/test_files.py

@@ -344,3 +344,14 @@ def test_quick_upload_image(
     assert (
         parsed["name"] == Path(file.name).stem[: QuickUploadImage.IMAGE_NAME_SIZE - 1]
     )
+
+
+@pytest.mark.django_db
+def test_populated_sas_is_in_sas():
+    """Test that, in the data generated by the populate command,
+    the SAS has value is_in_sas=True.
+
+    If it's not the case, it has no incidence in prod, but it's annoying
+    in dev and may cause misunderstandings.
+    """
+    assert SithFile.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID).is_in_sas

core/tests/test_page.py

@@ -11,7 +11,7 @@ from django.utils.timezone import now
 from model_bakery import baker
 from pytest_django.asserts import assertHTMLEqual, assertRedirects
 
-from club.models import Club
+from club.models import Club, Membership
 from core.baker_recipes import board_user, subscriber_user
 from core.markdown import markdown
 from core.models import AnonymousUser, Page, PageRev, User
@@ -122,6 +122,9 @@ def test_page_revision_club_redirection(client: Client):
 @pytest.mark.django_db
 def test_viewable_by():
     # remove existing pages to prevent side effect
+    # club pages are protected, so we must delete clubs first
+    Membership.objects.all().delete()
+    Club.objects.all().delete()
     Page.objects.all().delete()
     view_groups = [
         [settings.SITH_GROUP_PUBLIC_ID],

core/tests/test_user.py

@@ -21,7 +21,7 @@ from core.baker_recipes import (
     subscriber_user,
     very_old_subscriber_user,
 )
-from core.models import AnonymousUser, Group, User
+from core.models import AnonymousUser, Group, SithFile, User
 from core.views import UserTabsMixin
 from counter.baker_recipes import sale_recipe
 from counter.models import Counter, Customer, Permanency, Refilling, Selling
@@ -34,6 +34,7 @@ class TestSearchUsers(TestCase):
     def setUpTestData(cls):
         # News.author has on_delete=PROTECT, so news must be deleted beforehand
         News.objects.all().delete()
+        SithFile.objects.all().delete()
         User.objects.all().delete()
         user_recipe = Recipe(
             User,
@@ -213,9 +214,9 @@ def test_user_invoice_with_multiple_items():
     """Test that annotate_total() works when invoices contain multiple items."""
     user: User = subscriber_user.make()
     item_recipe = Recipe(InvoiceItem, invoice=foreign_key(Recipe(Invoice, user=user)))
-    item_recipe.make(_quantity=3, quantity=1, product_unit_price=5)
-    item_recipe.make(_quantity=1, quantity=1, product_unit_price=5)
-    item_recipe.make(_quantity=2, quantity=1, product_unit_price=iter([5, 8]))
+    item_recipe.make(_quantity=3, quantity=1, unit_price=5)
+    item_recipe.make(_quantity=1, quantity=1, unit_price=5)
+    item_recipe.make(_quantity=2, quantity=1, unit_price=iter([5, 8]))
     res = list(
         Invoice.objects.filter(user=user)
         .annotate_total()
@@ -399,24 +400,37 @@ class TestUserQuerySetViewableBy:
         return [
             baker.make(User),
             subscriber_user.make(),
-            subscriber_user.make(is_viewable=False),
+            *subscriber_user.make(is_viewable=False, _quantity=2),
         ]
 
     def test_admin_user(self, users: list[User]):
         user = baker.make(
-            User,
-            user_permissions=[Permission.objects.get(codename="view_hidden_user")],
+            User, user_permissions=[Permission.objects.get(codename="view_hidden_user")]
         )
         viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
         assert set(viewable) == set(users)
 
     @pytest.mark.parametrize(
-        "user_factory", [old_subscriber_user.make, subscriber_user.make]
+        "user_factory",
+        [
+            old_subscriber_user.make,
+            lambda: old_subscriber_user.make(is_viewable=False),
+            subscriber_user.make,
+            lambda: subscriber_user.make(is_viewable=False),
+        ],
     )
-    def test_subscriber(self, users: list[User], user_factory):
+    def test_can_search(self, users: list[User], user_factory):
         user = user_factory()
+        viewable = User.objects.filter(
+            id__in=[u.id for u in [*users, user]]
+        ).viewable_by(user)
+        assert set(viewable) == {user, users[0], users[1]}
+
+    def test_whitelist(self, users: list[User]):
+        user = subscriber_user.make()
+        users[3].whitelisted_users.add(user)
         viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
-        assert set(viewable) == {users[0], users[1]}
+        assert set(viewable) == {users[0], users[1], users[3]}
 
     @pytest.mark.parametrize("user_factory", [lambda: baker.make(User), AnonymousUser])
     def test_not_subscriber(self, users: list[User], user_factory):

core/urls.py

@@ -69,7 +69,6 @@ from core.views import (
     UserCreationView,
     UserGodfathersTreeView,
     UserGodfathersView,
-    UserListView,
     UserMeRedirect,
     UserMiniView,
     UserPreferencesView,
@@ -78,6 +77,7 @@ from core.views import (
     UserUpdateGroupView,
     UserUpdateProfileView,
     UserView,
+    UserVisibilityFormFragment,
     delete_user_godfather,
     logout,
     notification,
@@ -136,7 +136,11 @@ urlpatterns = [
         "group/<int:group_id>/detail/", GroupTemplateView.as_view(), name="group_detail"
     ),
     # User views
-    path("user/", UserListView.as_view(), name="user_list"),
+    path(
+        "fragment/user/<int:user_id>/",
+        UserVisibilityFormFragment.as_view(),
+        name="user_visibility_fragment",
+    ),
     path(
         "user/me/<path:remaining_path>/",
         UserMeRedirect.as_view(),

core/utils.py

@@ -25,7 +25,6 @@ from django.core.files.base import ContentFile
 from django.core.files.uploadedfile import UploadedFile
 from django.http import HttpRequest
 from django.utils.timezone import localdate
-from PIL import ExifTags
 from PIL.Image import Image, Resampling
 
 RED_PIXEL_PNG: Final[bytes] = (
@@ -178,22 +177,6 @@ def resize_image_explicit(
     return ContentFile(content.getvalue())
 
 
-def exif_auto_rotate(image):
-    for orientation in ExifTags.TAGS:
-        if ExifTags.TAGS[orientation] == "Orientation":
-            break
-    exif = dict(image._getexif().items())
-
-    if exif[orientation] == 3:
-        image = image.rotate(180, expand=True)
-    elif exif[orientation] == 6:
-        image = image.rotate(270, expand=True)
-    elif exif[orientation] == 8:
-        image = image.rotate(90, expand=True)
-
-    return image
-
-
 def get_client_ip(request: HttpRequest) -> str | None:
     headers = (
         "X_FORWARDED_FOR",  # Common header for proxies

core/views/forms.py

@@ -40,19 +40,21 @@ from django.forms import (
     DateInput,
     DateTimeInput,
     TextInput,
+    Widget,
 )
-from django.utils.timezone import localtime, now
+from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from phonenumber_field.widgets import RegionalPhoneNumberWidget
 from PIL import Image
 
 from antispam.forms import AntiSpamEmailField
-from core.models import Gift, Group, Page, PageRev, SithFile, User
+from core.models import Gift, Group, Page, PageRev, Preferences, SithFile, User
 from core.utils import resize_image
 from core.views.widgets.ajax_select import (
     AutoCompleteSelect,
     AutoCompleteSelectGroup,
     AutoCompleteSelectMultipleGroup,
+    AutoCompleteSelectMultipleUser,
     AutoCompleteSelectUser,
 )
 from core.views.widgets.markdown import MarkdownInput
@@ -99,8 +101,8 @@ class FutureDateTimeField(forms.DateTimeField):
 
     default_validators = [validate_future_timestamp]
 
-    def widget_attrs(self, widget: forms.Widget) -> dict[str, str]:
-        return {"min": widget.format_value(localtime())}
+    def widget_attrs(self, widget: Widget) -> dict[str, str]:
+        return {"min": widget.format_value(now())}
 
 
 # Forms
@@ -178,7 +180,6 @@ class UserProfileForm(forms.ModelForm):
             "school",
             "promo",
             "forum_signature",
-            "is_viewable",
         ]
         widgets = {
             "date_of_birth": SelectDate,
@@ -263,6 +264,38 @@ class UserProfileForm(forms.ModelForm):
         self._post_clean()
 
 
+class UserVisibilityForm(forms.ModelForm):
+    class Meta:
+        model = User
+        fields = ["is_viewable", "whitelisted_users"]
+        widgets = {
+            "is_viewable": forms.CheckboxInput(attrs={"class": "switch"}),
+            "whitelisted_users": AutoCompleteSelectMultipleUser,
+        }
+
+    __preferences_fields = forms.fields_for_model(
+        Preferences,
+        ["show_my_stats"],
+        widgets={"show_my_stats": forms.CheckboxInput(attrs={"class": "switch"})},
+    )
+    show_my_stats = __preferences_fields["show_my_stats"]
+
+    def __init__(
+        self, *args, initial: dict | None = None, instance: User | None = None, **kwargs
+    ):
+        if instance:
+            initial = initial or {}
+            initial["show_my_stats"] = instance.preferences.show_my_stats
+        super().__init__(*args, initial=initial, instance=instance, **kwargs)
+
+    def save(self, commit=True) -> User:  # noqa: FBT002
+        instance = super().save(commit=commit)
+        if commit:
+            instance.preferences.show_my_stats = self.cleaned_data["show_my_stats"]
+            instance.preferences.save()
+        return instance
+
+
 class UserGroupsForm(forms.ModelForm):
     error_css_class = "error"
     required_css_class = "required"

core/views/mixins.py

@@ -78,7 +78,7 @@ class FragmentMixin(TemplateResponseMixin, ContextMixin):
             return render(
                 request,
                 "app/template.jinja",
-                context={"fragment": fragment(request)}
+                context={"fragment": fragment(request)
             }
 
         # in urls.py

core/views/user.py

@@ -28,10 +28,12 @@ from datetime import timedelta
 from operator import itemgetter
 from smtplib import SMTPException
 
+from django.contrib import messages
 from django.contrib.auth import login, views
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import PasswordChangeForm, SetPasswordForm
 from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
+from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import PermissionDenied
 from django.db.models import DateField, F, QuerySet, Sum
 from django.db.models.functions import Trunc
@@ -48,7 +50,6 @@ from django.views.generic import (
     CreateView,
     DeleteView,
     DetailView,
-    ListView,
     RedirectView,
     TemplateView,
 )
@@ -65,8 +66,9 @@ from core.views.forms import (
     UserGodfathersForm,
     UserGroupsForm,
     UserProfileForm,
+    UserVisibilityForm,
 )
-from core.views.mixins import TabedViewMixin, UseFragmentsMixin
+from core.views.mixins import FragmentMixin, TabedViewMixin, UseFragmentsMixin
 from counter.models import Refilling, Selling
 from eboutic.models import Invoice
 from trombi.views import UserTrombiForm
@@ -248,14 +250,15 @@ class UserTabsMixin(TabedViewMixin):
                     "name": _("Groups"),
                 }
             )
-        if (
+        can_view_account = (
             hasattr(user, "customer")
             and user.customer
             and (
                 user == self.request.user
                 or self.request.user.has_perm("counter.view_customer")
             )
-        ):
+        )
+        if can_view_account or user.preferences.show_my_stats:
             tab_list.append(
                 {
                     "url": reverse("core:user_stats", kwargs={"user_id": user.id}),
@@ -263,6 +266,7 @@ class UserTabsMixin(TabedViewMixin):
                     "name": _("Stats"),
                 }
             )
+        if can_view_account:
             tab_list.append(
                 {
                     "url": reverse("core:user_account", kwargs={"user_id": user.id}),
@@ -349,7 +353,7 @@ class UserGodfathersTreeView(UserTabsMixin, CanViewMixin, DetailView):
         return kwargs
 
 
-class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
+class UserStatsView(UserTabsMixin, UserPassesTestMixin, DetailView):
     """Display a user's stats."""
 
     model = User
@@ -357,15 +361,20 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
     context_object_name = "profile"
     template_name = "core/user_stats.jinja"
     current_tab = "stats"
-    queryset = User.objects.exclude(customer=None).select_related("customer")
+    queryset = User.objects.exclude(customer=None).select_related(
+        "customer", "_preferences"
+    )
 
-    def dispatch(self, request, *arg, **kwargs):
-        profile = self.get_object()
-        if not (
-            profile == request.user or request.user.has_perm("counter.view_customer")
-        ):
-            raise PermissionDenied
-        return super().dispatch(request, *arg, **kwargs)
+    def test_func(self):
+        profile: User = self.get_object()
+        return (
+            profile == self.request.user
+            or self.request.user.has_perm("counter.view_customer")
+            or (
+                self.request.user.can_view(profile)
+                and profile.preferences.show_my_stats
+            )
+        )
 
     def get_context_data(self, **kwargs):
         kwargs = super().get_context_data(**kwargs)
@@ -404,13 +413,6 @@ class UserMiniView(CanViewMixin, DetailView):
     template_name = "core/user_mini.jinja"
 
 
-class UserListView(ListView, CanEditPropMixin):
-    """Displays the user list."""
-
-    model = User
-    template_name = "core/user_list.jinja"
-
-
 # FIXME: the edit_once fields aren't displayed to the user (as expected).
 #  However, if the user re-add them manually in the form, they are saved.
 class UserUpdateProfileView(UserTabsMixin, CanEditMixin, UpdateView):
@@ -468,6 +470,30 @@ class UserClubView(UserTabsMixin, CanViewMixin, DetailView):
     current_tab = "clubs"
 
 
+class UserVisibilityFormFragment(FragmentMixin, SuccessMessageMixin, UpdateView):
+    model = User
+    form_class = UserVisibilityForm
+    template_name = "core/fragment/user_visibility.jinja"
+    pk_url_kwarg = "user_id"
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {"label_suffix": ""}
+
+    def form_valid(self, form):
+        response = super().form_valid(form)
+        messages.success(
+            self.request, _("Visibility parameters updated."), extra_tags="visibility"
+        )
+        return response
+
+    def render_fragment(self, request, **kwargs) -> SafeString:
+        self.object = kwargs.get("user")
+        return super().render_fragment(request, **kwargs)
+
+    def get_success_url(self, **kwargs):
+        return self.request.path
+
+
 class UserPreferencesView(UserTabsMixin, UseFragmentsMixin, CanEditMixin, UpdateView):
     """Edit a user's preferences."""
 
@@ -481,7 +507,10 @@ class UserPreferencesView(UserTabsMixin, UseFragmentsMixin, CanEditMixin, Update
     current_tab = "prefs"
 
     def get_form_kwargs(self):
-        return super().get_form_kwargs() | {"instance": self.object.preferences}
+        return super().get_form_kwargs() | {
+            "instance": self.object.preferences,
+            "label_suffix": "",
+        }
 
     def get_success_url(self):
         return self.request.path
@@ -491,6 +520,9 @@ class UserPreferencesView(UserTabsMixin, UseFragmentsMixin, CanEditMixin, Update
         from counter.views.student_card import StudentCardFormFragment
 
         res = super().get_fragment_context_data()
+        res["user_visibility_fragment"] = UserVisibilityFormFragment.as_fragment()(
+            self.request, user=self.object
+        )
         if hasattr(self.object, "customer"):
             res["student_card_fragment"] = StudentCardFormFragment.as_fragment()(
                 self.request, customer=self.object.customer

counter/admin.py

@@ -24,6 +24,7 @@ from counter.models import (
     Eticket,
     InvoiceCall,
     Permanency,
+    Price,
     Product,
     ProductType,
     Refilling,
@@ -32,19 +33,24 @@ from counter.models import (
 )
 
 
+class PriceInline(admin.TabularInline):
+    model = Price
+    autocomplete_fields = ("groups",)
+
+
 @admin.register(Product)
 class ProductAdmin(SearchModelAdmin):
     list_display = (
         "name",
         "code",
         "product_type",
-        "selling_price",
         "archived",
         "created_at",
         "updated_at",
     )
     list_select_related = ("product_type",)
     search_fields = ("name", "code")
+    inlines = [PriceInline]
 
 
 @admin.register(ReturnableProduct)

counter/api.py

@@ -101,13 +101,9 @@ class ProductController(ControllerBase):
         """Get the detailed information about the products."""
         return filters.filter(
             Product.objects.select_related("club")
-            .prefetch_related("buying_groups")
+            .prefetch_related("prices", "prices__groups")
             .select_related("product_type")
-            .order_by(
-                F("product_type__order").asc(nulls_last=True),
-                "product_type",
-                "name",
-            )
+            .order_by(F("product_type__order").asc(nulls_last=True), "name")
         )
 
 

counter/baker_recipes.py

@@ -2,10 +2,11 @@ from model_bakery.recipe import Recipe, foreign_key
 
 from club.models import Club
 from core.models import User
-from counter.models import Counter, Product, Refilling, Selling
+from counter.models import Counter, Price, Product, Refilling, Selling
 
 counter_recipe = Recipe(Counter)
 product_recipe = Recipe(Product, club=foreign_key(Recipe(Club)))
+price_recipe = Recipe(Price, product=foreign_key(product_recipe))
 sale_recipe = Recipe(
     Selling,
     product=foreign_key(product_recipe),

counter/forms.py

@@ -1,11 +1,12 @@
 import json
 import math
 import uuid
+from collections import defaultdict
 from datetime import date, datetime, timezone
 
 from dateutil.relativedelta import relativedelta
 from django import forms
-from django.core.validators import MaxValueValidator
+from django.core.exceptions import ValidationError
 from django.db.models import Exists, OuterRef, Q
 from django.forms import BaseModelFormSet
 from django.utils.timezone import now
@@ -15,7 +16,7 @@ from phonenumber_field.widgets import RegionalPhoneNumberWidget
 
 from club.models import Club
 from club.widgets.ajax_select import AutoCompleteSelectClub
-from core.models import User
+from core.models import User, UserQuerySet
 from core.views.forms import (
     FutureDateTimeField,
     NFCTextInput,
@@ -32,9 +33,11 @@ from core.views.widgets.ajax_select import (
 from counter.models import (
     BillingInfo,
     Counter,
+    CounterSellers,
     Customer,
     Eticket,
     InvoiceCall,
+    Price,
     Product,
     ProductFormula,
     Refilling,
@@ -170,14 +173,39 @@ class RefillForm(forms.ModelForm):
 class CounterEditForm(forms.ModelForm):
     class Meta:
         model = Counter
-        fields = ["sellers", "products"]
-        widgets = {"sellers": AutoCompleteSelectMultipleUser}
+        fields = ["products"]
+
+    sellers_regular = forms.ModelMultipleChoiceField(
+        label=_("Regular barmen"),
+        help_text=_(
+            "Barmen having regular permanences "
+            "or frequently giving a hand throughout the semester."
+        ),
+        queryset=User.objects.all(),
+        widget=AutoCompleteSelectMultipleUser,
+        required=False,
+    )
+    sellers_temporary = forms.ModelMultipleChoiceField(
+        label=_("Temporary barmen"),
+        help_text=_(
+            "Barmen who will be there only for a limited period (e.g. for one evening)"
+        ),
+        queryset=User.objects.all(),
+        widget=AutoCompleteSelectMultipleUser,
+        required=False,
+    )
+    field_order = ["sellers_regular", "sellers_temporary", "products"]
 
     def __init__(self, *args, user: User, instance: Counter, **kwargs):
         super().__init__(*args, instance=instance, **kwargs)
+        # if the user is an admin, he will have access to all products,
+        # else only to active products owned by the counter's club
+        # or already on the counter
         if user.has_perm("counter.change_counter"):
             self.fields["products"].widget = AutoCompleteSelectMultipleProduct()
         else:
+            # updating the queryset of the field also updates the choices of
+            # the widget, so it's important to set the queryset after the widget
             self.fields["products"].widget = AutoCompleteSelectMultiple()
             self.fields["products"].queryset = Product.objects.filter(
                 Q(club_id=instance.club_id) | Q(counters=instance), archived=False
@@ -186,6 +214,61 @@ class CounterEditForm(forms.ModelForm):
                 "If you want to add a product that is not owned by "
                 "your club to this counter, you should ask an admin."
             )
+        self.fields["sellers_regular"].initial = self.instance.sellers.filter(
+            countersellers__is_regular=True
+        ).all()
+        self.fields["sellers_temporary"].initial = self.instance.sellers.filter(
+            countersellers__is_regular=False
+        ).all()
+
+    def clean(self):
+        regular: UserQuerySet = self.cleaned_data["sellers_regular"]
+        temporary: UserQuerySet = self.cleaned_data["sellers_temporary"]
+        duplicates = list(regular.intersection(temporary))
+        if duplicates:
+            raise ValidationError(
+                _(
+                    "A user cannot be a regular and a temporary barman "
+                    "at the same time, "
+                    "but the following users have been defined as both : %(users)s"
+                )
+                % {"users": ", ".join([u.get_display_name() for u in duplicates])}
+            )
+        return self.cleaned_data
+
+    def save_sellers(self):
+        sellers = []
+        for users, is_regular in (
+            (self.cleaned_data["sellers_regular"], True),
+            (self.cleaned_data["sellers_temporary"], False),
+        ):
+            sellers.extend(
+                [
+                    CounterSellers(counter=self.instance, user=u, is_regular=is_regular)
+                    for u in users
+                ]
+            )
+        # start by deleting removed CounterSellers objects
+        user_ids = [seller.user.id for seller in sellers]
+        CounterSellers.objects.filter(
+            ~Q(user_id__in=user_ids), counter=self.instance
+        ).delete()
+
+        # then create or update the new barmen
+        CounterSellers.objects.bulk_create(
+            sellers,
+            update_conflicts=True,
+            update_fields=["is_regular"],
+            unique_fields=["user", "counter"],
+        )
+
+    def save(self, commit=True):  # noqa: FBT002
+        self.instance = super().save(commit=commit)
+        if commit and any(
+            key in self.changed_data for key in ("sellers_regular", "sellers_temporary")
+        ):
+            self.save_sellers()
+        return self.instance
 
 
 class ScheduledProductActionForm(forms.ModelForm):
@@ -291,7 +374,22 @@ ScheduledProductActionFormSet = forms.modelformset_factory(
     absolute_max=None,
     can_delete=True,
     can_delete_extra=False,
-    extra=2,
+    extra=0,
+)
+
+
+ProductPriceFormSet = forms.inlineformset_factory(
+    parent_model=Product,
+    model=Price,
+    fields=["amount", "label", "groups", "is_always_shown"],
+    widgets={
+        "groups": AutoCompleteSelectMultipleGroup,
+        "is_always_shown": forms.CheckboxInput(attrs={"class": "switch"}),
+    },
+    absolute_max=None,
+    can_delete_extra=False,
+    min_num=1,
+    extra=0,
 )
 
 
@@ -306,10 +404,7 @@ class ProductForm(forms.ModelForm):
             "description",
             "product_type",
             "code",
-            "buying_groups",
             "purchase_price",
-            "selling_price",
-            "special_selling_price",
             "icon",
             "club",
             "limit_age",
@@ -324,8 +419,8 @@ class ProductForm(forms.ModelForm):
         }
         widgets = {
             "product_type": AutoCompleteSelect,
-            "buying_groups": AutoCompleteSelectMultipleGroup,
             "club": AutoCompleteSelectClub,
+            "tray": forms.CheckboxInput(attrs={"class": "switch"}),
         }
 
     counters = forms.ModelMultipleChoiceField(
@@ -335,50 +430,40 @@ class ProductForm(forms.ModelForm):
         queryset=Counter.objects.all(),
     )
 
-    def __init__(self, *args, instance=None, **kwargs):
-        super().__init__(*args, instance=instance, **kwargs)
+    def __init__(self, *args, prefix: str | None = None, instance=None, **kwargs):
+        super().__init__(*args, prefix=prefix, instance=instance, **kwargs)
+        self.fields["name"].widget.attrs["autofocus"] = "autofocus"
         if self.instance.id:
             self.fields["counters"].initial = self.instance.counters.all()
             if hasattr(self.instance, "formula"):
                 self.formula_init(self.instance.formula)
+        self.price_formset = ProductPriceFormSet(
+            *args, instance=self.instance, prefix="price", **kwargs
+        )
         self.action_formset = ScheduledProductActionFormSet(
-            *args, product=self.instance, **kwargs
+            *args, product=self.instance, prefix="action", **kwargs
         )
 
-    def formula_init(self, formula: ProductFormula):
-        """Part of the form initialisation specific to formula products."""
-        self.fields["selling_price"].help_text = _(
-            "This product is a formula. "
-            "Its price cannot be greater than the price "
-            "of the products constituting it, which is %(price)s €"
-        ) % {"price": formula.max_selling_price}
-        self.fields["special_selling_price"].help_text = _(
-            "This product is a formula. "
-            "Its special price cannot be greater than the price "
-            "of the products constituting it, which is %(price)s €"
-        ) % {"price": formula.max_special_selling_price}
-        for key, price in (
-            ("selling_price", formula.max_selling_price),
-            ("special_selling_price", formula.max_special_selling_price),
-        ):
-            self.fields[key].widget.attrs["max"] = price
-            self.fields[key].validators.append(MaxValueValidator(price))
-
     def is_valid(self):
-        return super().is_valid() and self.action_formset.is_valid()
+        return (
+            super().is_valid()
+            and self.price_formset.is_valid()
+            and self.action_formset.is_valid()
+        )
 
     def save(self, *args, **kwargs) -> Product:
         product = super().save(*args, **kwargs)
         product.counters.set(self.cleaned_data["counters"])
+        # if it's a creation, the product given in the formset
+        # wasn't a persisted instance.
+        # So if we tried to persist the related objects in the current state,
+        # they would be linked to no product, thus be completely useless
+        # To make it work, we have to replace
+        # the initial product with a persisted one
         for form in self.action_formset:
-            # if it's a creation, the product given in the formset
-            # wasn't a persisted instance.
-            # So if we tried to persist the scheduled actions in the current state,
-            # they would be linked to no product, thus be completely useless
-            # To make it work, we have to replace
-            # the initial product with a persisted one
             form.set_product(product)
         self.action_formset.save()
+        self.price_formset.save()
         return product
 
 
@@ -401,18 +486,6 @@ class ProductFormulaForm(forms.ModelForm):
                     "the result and a part of the formula."
                 ),
             )
-        prices = [p.selling_price for p in cleaned_data["products"]]
-        special_prices = [p.special_selling_price for p in cleaned_data["products"]]
-        selling_price = cleaned_data["result"].selling_price
-        special_selling_price = cleaned_data["result"].special_selling_price
-        if selling_price > sum(prices) or special_selling_price > sum(special_prices):
-            self.add_error(
-                "result",
-                _(
-                    "The result cannot be more expensive "
-                    "than the total of the other products."
-                ),
-            )
         return cleaned_data
 
 
@@ -463,48 +536,47 @@ class CloseCustomerAccountForm(forms.Form):
     )
 
 
-class BasketProductForm(forms.Form):
+class BasketItemForm(forms.Form):
     quantity = forms.IntegerField(min_value=1, required=True)
-    id = forms.IntegerField(min_value=0, required=True)
+    price_id = forms.IntegerField(min_value=0, required=True)
 
     def __init__(
         self,
         customer: Customer,
         counter: Counter,
-        allowed_products: dict[int, Product],
+        allowed_prices: dict[int, Price],
         *args,
         **kwargs,
     ):
         self.customer = customer  # Used by formset
         self.counter = counter  # Used by formset
-        self.allowed_products = allowed_products
+        self.allowed_prices = allowed_prices
         super().__init__(*args, **kwargs)
 
-    def clean_id(self):
-        data = self.cleaned_data["id"]
+    def clean_price_id(self):
+        data = self.cleaned_data["price_id"]
 
-        # We store self.product so we can use it later on the formset validation
+        # We store self.price so we can use it later on the formset validation
         # And also in the global clean
-        self.product = self.allowed_products.get(data, None)
-        if self.product is None:
+        self.price = self.allowed_prices.get(data, None)
+        if self.price is None:
             raise forms.ValidationError(
                 _("The selected product isn't available for this user")
             )
-
         return data
 
     def clean(self):
         cleaned_data = super().clean()
         if len(self.errors) > 0:
-            return
+            return cleaned_data
 
         # Compute prices
         cleaned_data["bonus_quantity"] = 0
-        if self.product.tray:
+        if self.price.product.tray:
             cleaned_data["bonus_quantity"] = math.floor(
                 cleaned_data["quantity"] / Product.QUANTITY_FOR_TRAY_PRICE
             )
-        cleaned_data["total_price"] = self.product.price * (
+        cleaned_data["total_price"] = self.price.amount * (
             cleaned_data["quantity"] - cleaned_data["bonus_quantity"]
         )
 
@@ -528,8 +600,8 @@ class BaseBasketForm(forms.BaseFormSet):
             raise forms.ValidationError(_("Submitted basket is invalid"))
 
     def _check_product_are_unique(self):
-        product_ids = {form.cleaned_data["id"] for form in self.forms}
-        if len(product_ids) != len(self.forms):
+        price_ids = {form.cleaned_data["price_id"] for form in self.forms}
+        if len(price_ids) != len(self.forms):
             raise forms.ValidationError(_("Duplicated product entries."))
 
     def _check_enough_money(self, counter: Counter, customer: Customer):
@@ -539,10 +611,9 @@ class BaseBasketForm(forms.BaseFormSet):
 
     def _check_recorded_products(self, customer: Customer):
         """Check for, among other things, ecocups and pitchers"""
-        items = {
-            form.cleaned_data["id"]: form.cleaned_data["quantity"]
-            for form in self.forms
-        }
+        items = defaultdict(int)
+        for form in self.forms:
+            items[form.price.product_id] += form.cleaned_data["quantity"]
         ids = list(items.keys())
         returnables = list(
             ReturnableProduct.objects.filter(
@@ -568,7 +639,7 @@ class BaseBasketForm(forms.BaseFormSet):
 
 
 BasketForm = forms.formset_factory(
-    BasketProductForm, formset=BaseBasketForm, absolute_max=None, min_num=1
+    BasketItemForm, formset=BaseBasketForm, absolute_max=None, min_num=1
 )
 
 

counter/migrations/0038_countersellers.py

@@ -0,0 +1,88 @@
+# Generated by Django 5.2.11 on 2026-03-04 15:26
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("counter", "0037_productformula"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        # cf. https://docs.djangoproject.com/fr/stable/howto/writing-migrations/#changing-a-manytomanyfield-to-use-a-through-model
+        migrations.SeparateDatabaseAndState(
+            database_operations=[
+                migrations.RunSQL(
+                    sql="ALTER TABLE counter_counter_sellers RENAME TO counter_countersellers",
+                    reverse_sql="ALTER TABLE counter_countersellers RENAME TO counter_counter_sellers",
+                ),
+            ],
+            state_operations=[
+                migrations.CreateModel(
+                    name="CounterSellers",
+                    fields=[
+                        (
+                            "id",
+                            models.AutoField(
+                                auto_created=True,
+                                primary_key=True,
+                                serialize=False,
+                                verbose_name="ID",
+                            ),
+                        ),
+                        (
+                            "counter",
+                            models.ForeignKey(
+                                on_delete=django.db.models.deletion.CASCADE,
+                                to="counter.counter",
+                            ),
+                        ),
+                        (
+                            "user",
+                            models.ForeignKey(
+                                on_delete=django.db.models.deletion.CASCADE,
+                                to=settings.AUTH_USER_MODEL,
+                            ),
+                        ),
+                    ],
+                    options={
+                        "constraints": [
+                            models.UniqueConstraint(
+                                fields=("counter", "user"),
+                                name="counter_counter_sellers_counter_id_subscriber_id_key",
+                            )
+                        ],
+                    },
+                ),
+                migrations.AlterField(
+                    model_name="counter",
+                    name="sellers",
+                    field=models.ManyToManyField(
+                        blank=True,
+                        related_name="counters",
+                        through="counter.CounterSellers",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="sellers",
+                    ),
+                ),
+            ],
+        ),
+        migrations.AddField(
+            model_name="countersellers",
+            name="created_at",
+            field=models.DateTimeField(
+                auto_now_add=True,
+                default=django.utils.timezone.now,
+                verbose_name="created at",
+            ),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name="countersellers",
+            name="is_regular",
+            field=models.BooleanField(default=False, verbose_name="regular barman"),
+        ),
+    ]

counter/migrations/0039_price.py

@@ -0,0 +1,149 @@
+# Generated by Django 5.2.11 on 2026-02-18 13:30
+
+import django.db.models.deletion
+from django.db import migrations, models
+from django.db.migrations.state import StateApps
+
+import counter.fields
+
+
+def migrate_prices(apps: StateApps, schema_editor):
+    Product = apps.get_model("counter", "Product")
+    Price = apps.get_model("counter", "Price")
+    prices = [
+        Price(
+            amount=p.selling_price,
+            product=p,
+            created_at=p.created_at,
+            updated_at=p.updated_at,
+        )
+        for p in Product.objects.all()
+    ]
+    Price.objects.bulk_create(prices)
+    groups = [
+        Price.groups.through(price=price, group=group)
+        for price in Price.objects.select_related("product").prefetch_related(
+            "product__buying_groups"
+        )
+        for group in price.product.buying_groups.all()
+    ]
+    Price.groups.through.objects.bulk_create(groups)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0048_alter_user_options"),
+        ("counter", "0038_countersellers"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Price",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "amount",
+                    counter.fields.CurrencyField(
+                        decimal_places=2, max_digits=12, verbose_name="amount"
+                    ),
+                ),
+                (
+                    "is_always_shown",
+                    models.BooleanField(
+                        default=False,
+                        help_text=(
+                            "If this option is enabled, "
+                            "people will see this price and be able to pay it, "
+                            "even if another cheaper price exists. "
+                            "Else it will visible only if it is the cheapest available price."
+                        ),
+                        verbose_name="always show",
+                    ),
+                ),
+                (
+                    "label",
+                    models.CharField(
+                        default="",
+                        help_text=(
+                            "A short label for easier differentiation "
+                            "if a user can see multiple prices."
+                        ),
+                        max_length=32,
+                        verbose_name="label",
+                        blank=True,
+                    ),
+                ),
+                (
+                    "created_at",
+                    models.DateTimeField(auto_now_add=True, verbose_name="created at"),
+                ),
+                (
+                    "updated_at",
+                    models.DateTimeField(auto_now=True, verbose_name="updated at"),
+                ),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        related_name="prices", to="core.group", verbose_name="groups"
+                    ),
+                ),
+                (
+                    "product",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="prices",
+                        to="counter.product",
+                        verbose_name="product",
+                    ),
+                ),
+            ],
+            options={"verbose_name": "price"},
+        ),
+        migrations.AlterField(
+            model_name="product",
+            name="tray",
+            field=models.BooleanField(
+                default=False,
+                help_text="Buy five, get the sixth free",
+                verbose_name="tray price",
+            ),
+        ),
+        migrations.RunPython(migrate_prices, reverse_code=migrations.RunPython.noop),
+        migrations.RemoveField(model_name="product", name="selling_price"),
+        migrations.RemoveField(model_name="product", name="special_selling_price"),
+        migrations.AlterField(
+            model_name="product",
+            name="description",
+            field=models.TextField(blank=True, default="", verbose_name="description"),
+        ),
+        migrations.AlterField(
+            model_name="product",
+            name="product_type",
+            field=models.ForeignKey(
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="products",
+                to="counter.producttype",
+                verbose_name="product type",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="productformula",
+            name="result",
+            field=models.OneToOneField(
+                help_text="The product got with the formula.",
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="formula",
+                to="counter.product",
+                verbose_name="result product",
+            ),
+        ),
+    ]

counter/models.py

@@ -22,7 +22,7 @@ import string
 from datetime import date, datetime, timedelta
 from datetime import timezone as tz
 from decimal import Decimal
-from typing import Literal, Self
+from typing import TYPE_CHECKING, Literal, Self
 
 from dict2xml import dict2xml
 from django.conf import settings
@@ -47,6 +47,9 @@ from core.utils import get_start_of_semester
 from counter.fields import CurrencyField
 from subscription.models import Subscription
 
+if TYPE_CHECKING:
+    from collections.abc import Sequence
+
 
 def get_eboutic() -> Counter:
     return Counter.objects.filter(type="EBOUTIC").order_by("id").first()
@@ -157,14 +160,7 @@ class Customer(models.Model):
 
     @property
     def can_buy(self) -> bool:
-        """Check if whether this customer has the right to purchase any item.
-
-        This must be not confused with the Product.can_be_sold_to(user)
-        method as the present method returns an information
-        about a customer whereas the other tells something
-        about the relation between a User (not a Customer,
-        don't mix them) and a Product.
-        """
+        """Check if whether this customer has the right to purchase any item."""
         subscription = self.user.subscriptions.order_by("subscription_end").last()
         if subscription is None:
             return False
@@ -363,13 +359,13 @@ class Product(models.Model):
     QUANTITY_FOR_TRAY_PRICE = 6
 
     name = models.CharField(_("name"), max_length=64)
-    description = models.TextField(_("description"), default="")
+    description = models.TextField(_("description"), blank=True, default="")
     product_type = models.ForeignKey(
         ProductType,
         related_name="products",
         verbose_name=_("product type"),
         null=True,
-        blank=True,
+        blank=False,
         on_delete=models.SET_NULL,
     )
     code = models.CharField(_("code"), max_length=16, blank=True)
@@ -377,11 +373,6 @@ class Product(models.Model):
         _("purchase price"),
         help_text=_("Initial cost of purchasing the product"),
     )
-    selling_price = CurrencyField(_("selling price"))
-    special_selling_price = CurrencyField(
-        _("special selling price"),
-        help_text=_("Price for barmen during their permanence"),
-    )
     icon = ResizedImageField(
         height=70,
         force_format="WEBP",
@@ -394,7 +385,9 @@ class Product(models.Model):
         Club, related_name="products", verbose_name=_("club"), on_delete=models.CASCADE
     )
     limit_age = models.IntegerField(_("limit age"), default=0)
-    tray = models.BooleanField(_("tray price"), default=False)
+    tray = models.BooleanField(
+        _("tray price"), help_text=_("Buy five, get the sixth free"), default=False
+    )
     buying_groups = models.ManyToManyField(
         Group, related_name="products", verbose_name=_("buying groups"), blank=True
     )
@@ -419,41 +412,77 @@ class Product(models.Model):
             pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID
         ) or user.is_in_group(pk=settings.SITH_GROUP_COUNTER_ADMIN_ID)
 
-    def can_be_sold_to(self, user: User) -> bool:
-        """Check if whether the user given in parameter has the right to buy
-        this product or not.
 
-        This must be not confused with the Customer.can_buy()
-        method as the present method returns an information
-        about the relation between a User and a Product,
-        whereas the other tells something about a Customer
-        (and not a user, they are not the same model).
+class PriceQuerySet(models.QuerySet):
+    def for_user(self, user: User) -> Self:
+        age = user.age
+        if user.is_banned_alcohol:
+            age = min(age, 17)
+        return self.filter(
+            Q(is_always_shown=True, groups__in=user.all_groups)
+            | Q(
+                id=Subquery(
+                    Price.objects.filter(
+                        product_id=OuterRef("product_id"), groups__in=user.all_groups
+                    )
+                    .order_by("amount")
+                    .values("id")[:1]
+                )
+            ),
+            product__archived=False,
+            product__limit_age__lte=age,
+        ).distinct()
 
-        Returns:
-            True if the user can buy this product else False
 
-        Warning:
-            This performs a db query, thus you can quickly have
-            a N+1 queries problem if you call it in a loop.
-            Hopefully, you can avoid that if you prefetch the buying_groups :
+class Price(models.Model):
+    amount = CurrencyField(_("amount"))
+    product = models.ForeignKey(
+        Product,
+        verbose_name=_("product"),
+        related_name="prices",
+        on_delete=models.CASCADE,
+    )
+    groups = models.ManyToManyField(
+        Group, verbose_name=_("groups"), related_name="prices"
+    )
+    is_always_shown = models.BooleanField(
+        _("always show"),
+        help_text=_(
+            "If this option is enabled, "
+            "people will see this price and be able to pay it, "
+            "even if another cheaper price exists. "
+            "Else it will visible only if it is the cheapest available price."
+        ),
+        default=False,
+    )
+    label = models.CharField(
+        _("label"),
+        help_text=_(
+            "A short label for easier differentiation "
+            "if a user can see multiple prices."
+        ),
+        max_length=32,
+        default="",
+        blank=True,
+    )
+    created_at = models.DateTimeField(_("created at"), auto_now_add=True)
+    updated_at = models.DateTimeField(_("updated at"), auto_now=True)
 
-            ```python
-            user = User.objects.get(username="foobar")
-            products = [
-                p
-                for p in Product.objects.prefetch_related("buying_groups")
-                if p.can_be_sold_to(user)
-            ]
-            ```
-        """
-        buying_groups = list(self.buying_groups.all())
-        if not buying_groups:
-            return True
-        return any(user.is_in_group(pk=group.id) for group in buying_groups)
+    objects = PriceQuerySet.as_manager()
+
+    class Meta:
+        verbose_name = _("price")
+
+    def __str__(self):
+        if not self.label:
+            return f"{self.product.name} ({self.amount}€)"
+        return f"{self.product.name} {self.label} ({self.amount}€)"
 
     @property
-    def profit(self):
-        return self.selling_price - self.purchase_price
+    def full_label(self):
+        if not self.label:
+            return self.product.name
+        return f"{self.product.name} \u2013 {self.label}"
 
 
 class ProductFormula(models.Model):
@@ -474,18 +503,6 @@ class ProductFormula(models.Model):
     def __str__(self):
         return self.result.name
 
-    @cached_property
-    def max_selling_price(self) -> float:
-        # iterating over all products is less efficient than doing
-        # a simple aggregation, but this method is likely to be used in
-        # coordination with `max_special_selling_price`,
-        # and Django caches the result of the `all` queryset.
-        return sum(p.selling_price for p in self.products.all())
-
-    @cached_property
-    def max_special_selling_price(self) -> float:
-        return sum(p.special_selling_price for p in self.products.all())
-
 
 class CounterQuerySet(models.QuerySet):
     def annotate_has_barman(self, user: User) -> Self:
@@ -551,7 +568,11 @@ class Counter(models.Model):
         choices=[("BAR", _("Bar")), ("OFFICE", _("Office")), ("EBOUTIC", _("Eboutic"))],
     )
     sellers = models.ManyToManyField(
-        User, verbose_name=_("sellers"), related_name="counters", blank=True
+        User,
+        verbose_name=_("sellers"),
+        related_name="counters",
+        blank=True,
+        through="CounterSellers",
     )
     edit_groups = models.ManyToManyField(
         Group, related_name="editable_counters", blank=True
@@ -579,7 +600,7 @@ class Counter(models.Model):
         if user.is_anonymous:
             return False
         mem = self.club.get_membership_for(user)
-        if mem and mem.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]:
+        if mem and mem.role.is_presidency:
             return True
         return user.is_in_group(pk=settings.SITH_GROUP_COUNTER_ADMIN_ID)
 
@@ -712,36 +733,41 @@ class Counter(models.Model):
         # but they share the same primary key
         return self.type == "BAR" and any(b.pk == customer.pk for b in self.barmen_list)
 
-    def get_products_for(self, customer: Customer) -> list[Product]:
-        """
-        Get all allowed products for the provided customer on this counter
-        Prices will be annotated
-        """
-
-        products = (
-            self.products.filter(archived=False)
-            .select_related("product_type")
-            .prefetch_related("buying_groups")
+    def get_prices_for(
+        self, customer: Customer, *, order_by: Sequence[str] | None = None
+    ) -> list[Price]:
+        qs = (
+            Price.objects.filter(
+                product__counters=self, product__product_type__isnull=False
+            )
+            .for_user(customer.user)
+            .select_related("product", "product__product_type")
+            .prefetch_related("groups")
         )
+        if order_by:
+            qs = qs.order_by(*order_by)
+        return list(qs)
 
-        # Only include age appropriate products
-        age = customer.user.age
-        if customer.user.is_banned_alcohol:
-            age = min(age, 17)
-        products = products.filter(limit_age__lte=age)
 
-        # Compute special price for customer if he is a barmen on that bar
-        if self.customer_is_barman(customer):
-            products = products.annotate(price=F("special_selling_price"))
-        else:
-            products = products.annotate(price=F("selling_price"))
+class CounterSellers(models.Model):
+    """Custom through model for the counter-sellers M2M relationship."""
 
-        return [
-            product
-            for product in products.all()
-            if product.can_be_sold_to(customer.user)
+    counter = models.ForeignKey(Counter, on_delete=models.CASCADE)
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    is_regular = models.BooleanField(_("regular barman"), default=False)
+    created_at = models.DateTimeField(_("created at"), auto_now_add=True)
+
+    class Meta:
+        constraints = [
+            models.UniqueConstraint(
+                fields=["counter", "user"],
+                name="counter_counter_sellers_counter_id_subscriber_id_key",
+            )
         ]
 
+    def __str__(self):
+        return f"counter {self.counter_id} - user {self.user_id}"
+
 
 class RefillingQuerySet(models.QuerySet):
     def annotate_total(self) -> Self:
@@ -1001,7 +1027,9 @@ class Selling(models.Model):
         event = self.product.eticket.event_title or _("Unknown event")
         subject = _("Eticket bought for the event %(event)s") % {"event": event}
         message_html = _(
-            "You bought an eticket for the event %(event)s.\nYou can download it directly from this link %(eticket)s.\nYou can also retrieve all your e-tickets on your account page %(url)s."
+            "You bought an eticket for the event %(event)s.\n"
+            "You can download it directly from this link %(eticket)s.\n"
+            "You can also retrieve all your e-tickets on your account page %(url)s."
         ) % {
             "event": event,
             "url": (

counter/schemas.py

@@ -6,8 +6,8 @@ from ninja import FilterLookup, FilterSchema, ModelSchema, Schema
 from pydantic import model_validator
 
 from club.schemas import SimpleClubSchema
-from core.schemas import GroupSchema, NonEmptyStr, SimpleUserSchema
-from counter.models import Counter, Product, ProductType
+from core.schemas import NonEmptyStr, SimpleUserSchema
+from counter.models import Counter, Price, Product, ProductType
 
 
 class CounterSchema(ModelSchema):
@@ -66,6 +66,12 @@ class SimpleProductSchema(ModelSchema):
         fields = ["id", "name", "code"]
 
 
+class ProductPriceSchema(ModelSchema):
+    class Meta:
+        model = Price
+        fields = ["amount", "groups"]
+
+
 class ProductSchema(ModelSchema):
     class Meta:
         model = Product
@@ -75,13 +81,12 @@ class ProductSchema(ModelSchema):
             "code",
             "description",
             "purchase_price",
-            "selling_price",
             "icon",
             "limit_age",
             "archived",
         ]
 
-    buying_groups: list[GroupSchema]
+    prices: list[ProductPriceSchema]
     club: SimpleClubSchema
     product_type: SimpleProductTypeSchema | None
     url: str

counter/static/bundled/counter/basket.ts

@@ -1,12 +1,11 @@
-import type { Product } from "#counter:counter/types.ts";
+import type { CounterItem } from "#counter:counter/types";
 
 export class BasketItem {
   quantity: number;
-  product: Product;
-  quantityForTrayPrice: number;
+  product: CounterItem;
   errors: string[];
 
-  constructor(product: Product, quantity: number) {
+  constructor(product: CounterItem, quantity: number) {
     this.quantity = quantity;
     this.product = product;
     this.errors = [];
@@ -20,6 +19,6 @@ export class BasketItem {
   }
 
   sum(): number {
-    return (this.quantity - this.getBonusQuantity()) * this.product.price;
+    return (this.quantity - this.getBonusQuantity()) * this.product.price.amount;
   }
 }

counter/static/bundled/counter/counter-click-index.ts

@@ -1,11 +1,12 @@
-import { AlertMessage } from "#core:utils/alert-message.ts";
-import { BasketItem } from "#counter:counter/basket.ts";
+import { AlertMessage } from "#core:utils/alert-message";
+import { BasketItem } from "#counter:counter/basket";
 import type {
   CounterConfig,
+  CounterItem,
   ErrorMessage,
   ProductFormula,
-} from "#counter:counter/types.ts";
-import type { CounterProductSelect } from "./components/counter-product-select-index.ts";
+} from "#counter:counter/types";
+import type { CounterProductSelect } from "./components/counter-product-select-index";
 
 document.addEventListener("alpine:init", () => {
   Alpine.data("counter", (config: CounterConfig) => ({
@@ -63,8 +64,10 @@ document.addEventListener("alpine:init", () => {
     },
 
     checkFormulas() {
+      // Try to find a formula.
+      // A formula is found if all its elements are already in the basket
       const products = new Set(
-        Object.keys(this.basket).map((i: string) => Number.parseInt(i)),
+        Object.values(this.basket).map((item: BasketItem) => item.product.productId),
       );
       const formula: ProductFormula = config.formulas.find((f: ProductFormula) => {
         return f.products.every((p: number) => products.has(p));
@@ -72,22 +75,29 @@ document.addEventListener("alpine:init", () => {
       if (formula === undefined) {
         return;
       }
+      // Now that the formula is found, remove the items composing it from the basket
       for (const product of formula.products) {
-        const key = product.toString();
+        const key = Object.entries(this.basket).find(
+          ([_, i]: [string, BasketItem]) => i.product.productId === product,
+        )[0];
         this.basket[key].quantity -= 1;
         if (this.basket[key].quantity <= 0) {
           this.removeFromBasket(key);
         }
       }
+      // Then add the result product of the formula to the basket
+      const result = Object.values(config.products)
+        .filter((item: CounterItem) => item.productId === formula.result)
+        .reduce((acc, curr) => (acc.price.amount < curr.price.amount ? acc : curr));
+      this.addToBasket(result.price.id, 1);
       this.alertMessage.display(
         interpolate(
           gettext("Formula %(formula)s applied"),
-          { formula: config.products[formula.result.toString()].name },
+          { formula: result.name },
           true,
         ),
         { success: true },
       );
-      this.addToBasket(formula.result.toString(), 1);
     },
 
     getBasketSize() {

counter/static/bundled/counter/product-list-index.ts

@@ -1,13 +1,9 @@
 import { showSaveFilePicker } from "native-file-system-adapter";
 import type TomSelect from "tom-select";
-import { paginated } from "#core:utils/api.ts";
-import { csv } from "#core:utils/csv.ts";
-import {
-  getCurrentUrlParams,
-  History,
-  updateQueryString,
-} from "#core:utils/history.ts";
-import type { NestedKeyOf } from "#core:utils/types.ts";
+import { paginated } from "#core:utils/api";
+import { csv } from "#core:utils/csv";
+import { getCurrentUrlParams, History, updateQueryString } from "#core:utils/history";
+import type { NestedKeyOf } from "#core:utils/types";
 import {
   type ProductSchema,
   type ProductSearchProductsDetailedData,
@@ -20,6 +16,9 @@ type GroupedProducts = Record<ProductType, ProductSchema[]>;
 const defaultPageSize = 100;
 const defaultPage = 1;
 
+// biome-ignore lint/style/useNamingConvention: api is snake case
+type ProductWithPriceSchema = ProductSchema & { selling_price: string };
+
 /**
  * Keys of the properties to include in the CSV.
  */
@@ -34,7 +33,7 @@ const csvColumns = [
   "purchase_price",
   "selling_price",
   "archived",
-] as NestedKeyOf<ProductSchema>[];
+] as NestedKeyOf<ProductWithPriceSchema>[];
 
 /**
  * Title of the csv columns.
@@ -175,7 +174,16 @@ document.addEventListener("alpine:init", () => {
         this.nbPages > 1
           ? await paginated(productSearchProductsDetailed, this.getQueryParams())
           : Object.values<ProductSchema[]>(this.products).flat();
-      const content = csv.stringify(products, {
+      // CSV cannot represent nested data
+      // so we create a row for each price of each product.
+      const productsWithPrice: ProductWithPriceSchema[] = products.flatMap(
+        (product: ProductSchema) =>
+          product.prices.map((price) =>
+            // biome-ignore lint/style/useNamingConvention: API is snake_case
+            Object.assign(product, { selling_price: price.amount }),
+          ),
+      );
+      const content = csv.stringify(productsWithPrice, {
         columns: csvColumns,
         titleRow: csvColumnTitles,
       });

counter/static/bundled/counter/types.d.ts

@@ -2,7 +2,7 @@ export type ErrorMessage = string;
 
 export interface InitialFormData {
   /* Used to refill the form when the backend raises an error */
-  id?: keyof Record<string, Product>;
+  id?: keyof Record<string, CounterItem>;
   quantity?: number;
   errors?: string[];
 }
@@ -15,17 +15,22 @@ export interface ProductFormula {
 export interface CounterConfig {
   customerBalance: number;
   customerId: number;
-  products: Record<string, Product>;
+  products: Record<string, CounterItem>;
   formulas: ProductFormula[];
   formInitial: InitialFormData[];
   cancelUrl: string;
 }
 
-export interface Product {
-  id: string;
+interface Price {
+  id: number;
+  amount: number;
+}
+
+export interface CounterItem {
+  productId: number;
+  price: Price;
   code: string;
   name: string;
-  price: number;
   hasTrayPrice: boolean;
   quantityForTrayPrice: number;
 }