Merge pull request #1147 from ae-utbm/taiste

Many fixes
Merge pull request #1146 from ae-utbm/fix-ts
2025-07-12 21:09:24 +00:00 · 2025-07-02 10:10:19 +02:00 · 2025-07-02 09:01:24 +02:00 · 2025-06-30 18:35:53 +02:00 · 2025-06-30 18:17:29 +02:00 · 2025-06-30 13:46:02 +02:00
354 changed files with 18015 additions and 16600 deletions
--- a/.env.example
+++ b/.env.example
@ -0,0 +1,18 @@
+HTTPS=off
+SITH_DEBUG=true
+
+# This is not the real key used in prod
+SECRET_KEY=(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2
+
+# comment the sqlite line and uncomment the postgres one to switch the dbms
+DATABASE_URL=sqlite:///db.sqlite3
+#DATABASE_URL=postgres://user:password@127.0.0.1:5432/sith
+
+REDIS_PORT=7963
+CACHE_URL=redis://127.0.0.1:${REDIS_PORT}/0
+TASK_BROKER_URL=redis://127.0.0.1:${REDIS_PORT}/1
+
+# Used to select which other services to run alongside
+# manage.py, pytest and runserver
+PROCFILE_STATIC=Procfile.static
+PROCFILE_SERVICE=Procfile.service
--- a/.github/actions/setup_project/action.yml
+++ b/.github/actions/setup_project/action.yml
@ -1,14 +1,28 @@
 name: "Setup project"
 description: "Setup Python and Poetry"
+inputs:
+  full:
+    description: > 
+      If true, do a full setup, else install
+      only python, uv and non-xapian python deps
+    required: false
+    default: "false"
 runs:
  using: composite
  steps:
    - name: Install apt packages
-      uses: awalsh128/cache-apt-pkgs-action@latest
+      if: ${{ inputs.full == 'true' }}
+      uses: awalsh128/cache-apt-pkgs-action@v1.4.3
      with:
        packages: gettext
        version: 1.0  # increment to reset cache

+    - name: Install Redis
+      if: ${{ inputs.full == 'true' }}
+      uses: shogo82148/actions-setup-redis@v1
+      with:
+        redis-version: "7.x"
+
    - name: Install uv
      uses: astral-sh/setup-uv@v5
      with:
@ -32,15 +46,20 @@ runs:
      shell: bash

    - name: Install Xapian
+      if: ${{ inputs.full == 'true' }}
      run: uv run ./manage.py install_xapian
      shell: bash

+    # compiling xapian accounts for almost the entirety of the virtualenv setup,
+    # so we save the virtual environment only on workflows where it has been installed
    - name: Save cached virtualenv
+      if: ${{ inputs.full == 'true' }}
      uses: actions/cache/save@v4
      with:
        key: venv-${{ runner.os }}-${{ hashFiles('.python-version') }}-${{ hashFiles('pyproject.toml') }}-${{ env.CACHE_SUFFIX }}
        path: .venv

    - name: Compile gettext messages
+      if: ${{ inputs.full == 'true' }}
      run: uv run ./manage.py compilemessages
      shell: bash
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -7,6 +7,12 @@ on:
    branches: [master, taiste]
  workflow_dispatch:

+env:
+  SECRET_KEY: notTheRealOne
+  DATABASE_URL: sqlite:///db.sqlite3
+  CACHE_URL: redis://127.0.0.1:6379/0
+  TASK_BROKER_URL: redis://127.0.0.1:6379/1
+
 jobs:
  pre-commit:
    name: Launch pre-commits checks (ruff)
@ -26,11 +32,13 @@ jobs:
    strategy:
      fail-fast: false  # don't interrupt the other test processes
      matrix:
-        pytest-mark: [slow, not slow]
+        pytest-mark: [not slow]
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - uses: ./.github/actions/setup_project
+        with:
+          full: true
        env:
          # To avoid race conditions on environment cache
          CACHE_SUFFIX: ${{ matrix.pytest-mark }}
@ -41,7 +49,7 @@ jobs:
          uv run coverage report
          uv run coverage html
      - name: Archive code coverage results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: coverage-report
+          name: coverage-report-${{ matrix.pytest-mark }}
          path: coverage_report
--- a/.github/workflows/deploy_docs.yml
+++ b/.github/workflows/deploy_docs.yml
@ -2,7 +2,7 @@ name: deploy_docs
 on:
  push:
    branches:
-      - master
+      - taiste
 permissions:
  contents: write
 jobs:
--- a/.gitignore
+++ b/.gitignore
@ -18,6 +18,14 @@ sith/search_indexes/
 .coverage
 coverage_report/
 node_modules/
+.env
+*.pid

 # compiled documentation
 site/
+
+### Redis ###
+
+# Ignore redis binary dump (dump.rdb) files
+
+*.rdb
--- a/.npmrc
+++ b/.npmrc
@ -0,0 +1 @@
+@jsr:registry=https://npm.jsr.io
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,18 +1,18 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    # Ruff version.
-    rev: v0.8.3
+    rev: v0.11.13
    hooks:
-      - id: ruff  # just check the code, and print the errors
-      - id: ruff  # actually fix the fixable errors, but print nothing
+      - id: ruff-check  # just check the code, and print the errors
+      - id: ruff-check  # actually fix the fixable errors, but print nothing
        args: ["--fix", "--silent"]
      # Run the formatter.
      - id: ruff-format
  - repo: https://github.com/biomejs/pre-commit
-    rev: "v0.1.0"  # Use the sha / tag you want to point at
+    rev: v0.6.1
    hooks:
      - id: biome-check
-        additional_dependencies: ["@biomejs/biome@1.9.3"]
+        additional_dependencies: ["@biomejs/biome@1.9.4"]
  - repo: https://github.com/rtts/djhtml
    rev: 3.0.7
    hooks:
--- a/Procfile.service
+++ b/Procfile.service
@ -0,0 +1,2 @@
+redis: redis-server --port $REDIS_PORT
+celery: uv run celery -A sith worker --beat -l INFO
--- a/Procfile.static
+++ b/Procfile.static
@ -0,0 +1 @@
+bundler: npm run serve
--- a/accounting/init.py
+++ b/accounting/init.py
@ -1,14 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
--- a/accounting/admin.py
+++ b/accounting/admin.py
@ -1,36 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from django.contrib import admin
-
-from accounting.models import (
-    AccountingType,
-    BankAccount,
-    ClubAccount,
-    Company,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-
-admin.site.register(BankAccount)
-admin.site.register(ClubAccount)
-admin.site.register(GeneralJournal)
-admin.site.register(AccountingType)
-admin.site.register(SimplifiedAccountingType)
-admin.site.register(Operation)
-admin.site.register(Label)
-admin.site.register(Company)
--- a/accounting/api.py
+++ b/accounting/api.py
@ -1,23 +0,0 @@
-from typing import Annotated
-
-from annotated_types import MinLen
-from ninja_extra import ControllerBase, api_controller, paginate, route
-from ninja_extra.pagination import PageNumberPaginationExtra
-from ninja_extra.schemas import PaginatedResponseSchema
-
-from accounting.models import ClubAccount, Company
-from accounting.schemas import ClubAccountSchema, CompanySchema
-from core.api_permissions import CanAccessLookup
-
-
-@api_controller("/lookup", permissions=[CanAccessLookup])
-class AccountingController(ControllerBase):
-    @route.get("/club-account", response=PaginatedResponseSchema[ClubAccountSchema])
-    @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_club_account(self, search: Annotated[str, MinLen(1)]):
-        return ClubAccount.objects.filter(name__icontains=search).values()
-
-    @route.get("/company", response=PaginatedResponseSchema[CompanySchema])
-    @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_company(self, search: Annotated[str, MinLen(1)]):
-        return Company.objects.filter(name__icontains=search).values()
--- a/accounting/migrations/0001_initial.py
+++ b/accounting/migrations/0001_initial.py
@ -1,280 +0,0 @@
-from __future__ import unicode_literals
-
-import django.core.validators
-import django.db.models.deletion
-from django.db import migrations, models
-
-import accounting.models
-
-
-class Migration(migrations.Migration):
-    dependencies = []
-
-    operations = [
-        migrations.CreateModel(
-            name="AccountingType",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                (
-                    "code",
-                    models.CharField(
-                        max_length=16,
-                        verbose_name="code",
-                        validators=[
-                            django.core.validators.RegexValidator(
-                                "^[0-9]*$",
-                                "An accounting type code contains only numbers",
-                            )
-                        ],
-                    ),
-                ),
-                ("label", models.CharField(max_length=128, verbose_name="label")),
-                (
-                    "movement_type",
-                    models.CharField(
-                        choices=[
-                            ("CREDIT", "Credit"),
-                            ("DEBIT", "Debit"),
-                            ("NEUTRAL", "Neutral"),
-                        ],
-                        max_length=12,
-                        verbose_name="movement type",
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "accounting type",
-                "ordering": ["movement_type", "code"],
-            },
-        ),
-        migrations.CreateModel(
-            name="BankAccount",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=30, verbose_name="name")),
-                (
-                    "iban",
-                    models.CharField(max_length=255, blank=True, verbose_name="iban"),
-                ),
-                (
-                    "number",
-                    models.CharField(
-                        max_length=255, blank=True, verbose_name="account number"
-                    ),
-                ),
-            ],
-            options={"verbose_name": "Bank account", "ordering": ["club", "name"]},
-        ),
-        migrations.CreateModel(
-            name="ClubAccount",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=30, verbose_name="name")),
-            ],
-            options={
-                "verbose_name": "Club account",
-                "ordering": ["bank_account", "name"],
-            },
-        ),
-        migrations.CreateModel(
-            name="Company",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=60, verbose_name="name")),
-            ],
-            options={"verbose_name": "company"},
-        ),
-        migrations.CreateModel(
-            name="GeneralJournal",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("start_date", models.DateField(verbose_name="start date")),
-                (
-                    "end_date",
-                    models.DateField(
-                        null=True, verbose_name="end date", default=None, blank=True
-                    ),
-                ),
-                ("name", models.CharField(max_length=40, verbose_name="name")),
-                (
-                    "closed",
-                    models.BooleanField(verbose_name="is closed", default=False),
-                ),
-                (
-                    "amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2,
-                        default=0,
-                        verbose_name="amount",
-                        max_digits=12,
-                    ),
-                ),
-                (
-                    "effective_amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2,
-                        default=0,
-                        verbose_name="effective_amount",
-                        max_digits=12,
-                    ),
-                ),
-            ],
-            options={"verbose_name": "General journal", "ordering": ["-start_date"]},
-        ),
-        migrations.CreateModel(
-            name="Operation",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("number", models.IntegerField(verbose_name="number")),
-                (
-                    "amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2, max_digits=12, verbose_name="amount"
-                    ),
-                ),
-                ("date", models.DateField(verbose_name="date")),
-                ("remark", models.CharField(max_length=128, verbose_name="comment")),
-                (
-                    "mode",
-                    models.CharField(
-                        choices=[
-                            ("CHECK", "Check"),
-                            ("CASH", "Cash"),
-                            ("TRANSFERT", "Transfert"),
-                            ("CARD", "Credit card"),
-                        ],
-                        max_length=255,
-                        verbose_name="payment method",
-                    ),
-                ),
-                (
-                    "cheque_number",
-                    models.CharField(
-                        max_length=32,
-                        null=True,
-                        verbose_name="cheque number",
-                        default="",
-                        blank=True,
-                    ),
-                ),
-                ("done", models.BooleanField(verbose_name="is done", default=False)),
-                (
-                    "target_type",
-                    models.CharField(
-                        choices=[
-                            ("USER", "User"),
-                            ("CLUB", "Club"),
-                            ("ACCOUNT", "Account"),
-                            ("COMPANY", "Company"),
-                            ("OTHER", "Other"),
-                        ],
-                        max_length=10,
-                        verbose_name="target type",
-                    ),
-                ),
-                (
-                    "target_id",
-                    models.IntegerField(
-                        null=True, verbose_name="target id", blank=True
-                    ),
-                ),
-                (
-                    "target_label",
-                    models.CharField(
-                        max_length=32,
-                        blank=True,
-                        verbose_name="target label",
-                        default="",
-                    ),
-                ),
-                (
-                    "accounting_type",
-                    models.ForeignKey(
-                        null=True,
-                        related_name="operations",
-                        verbose_name="accounting type",
-                        to="accounting.AccountingType",
-                        blank=True,
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-            options={"ordering": ["-number"]},
-        ),
-        migrations.CreateModel(
-            name="SimplifiedAccountingType",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("label", models.CharField(max_length=128, verbose_name="label")),
-                (
-                    "accounting_type",
-                    models.ForeignKey(
-                        verbose_name="simplified accounting types",
-                        to="accounting.AccountingType",
-                        related_name="simplified_types",
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "simplified type",
-                "ordering": ["accounting_type__movement_type", "accounting_type__code"],
-            },
-        ),
-    ]
--- a/accounting/migrations/0002_auto_20160824_2152.py
+++ b/accounting/migrations/0002_auto_20160824_2152.py
@ -1,105 +0,0 @@
-from __future__ import unicode_literals
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("club", "0001_initial"),
-        ("accounting", "0001_initial"),
-        ("core", "0001_initial"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="operation",
-            name="invoice",
-            field=models.ForeignKey(
-                null=True,
-                related_name="operations",
-                verbose_name="invoice",
-                to="core.SithFile",
-                blank=True,
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="journal",
-            field=models.ForeignKey(
-                verbose_name="journal",
-                to="accounting.GeneralJournal",
-                related_name="operations",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="linked_operation",
-            field=models.OneToOneField(
-                on_delete=django.db.models.deletion.CASCADE,
-                blank=True,
-                to="accounting.Operation",
-                null=True,
-                related_name="operation_linked_to",
-                verbose_name="linked operation",
-                default=None,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="simpleaccounting_type",
-            field=models.ForeignKey(
-                null=True,
-                related_name="operations",
-                verbose_name="simple type",
-                to="accounting.SimplifiedAccountingType",
-                blank=True,
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="generaljournal",
-            name="club_account",
-            field=models.ForeignKey(
-                verbose_name="club account",
-                to="accounting.ClubAccount",
-                related_name="journals",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="clubaccount",
-            name="bank_account",
-            field=models.ForeignKey(
-                verbose_name="bank account",
-                to="accounting.BankAccount",
-                related_name="club_accounts",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="clubaccount",
-            name="club",
-            field=models.ForeignKey(
-                verbose_name="club",
-                to="club.Club",
-                related_name="club_account",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="bankaccount",
-            name="club",
-            field=models.ForeignKey(
-                verbose_name="club",
-                to="club.Club",
-                related_name="bank_accounts",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AlterUniqueTogether(
-            name="operation", unique_together={("number", "journal")}
-        ),
-    ]
--- a/accounting/migrations/0003_auto_20160824_2203.py
+++ b/accounting/migrations/0003_auto_20160824_2203.py
@ -1,48 +0,0 @@
-from __future__ import unicode_literals
-
-import phonenumber_field.modelfields
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0002_auto_20160824_2152")]
-
-    operations = [
-        migrations.AddField(
-            model_name="company",
-            name="city",
-            field=models.CharField(blank=True, verbose_name="city", max_length=60),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="country",
-            field=models.CharField(blank=True, verbose_name="country", max_length=32),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="email",
-            field=models.EmailField(blank=True, verbose_name="email", max_length=254),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="phone",
-            field=phonenumber_field.modelfields.PhoneNumberField(
-                blank=True, verbose_name="phone", max_length=128
-            ),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="postcode",
-            field=models.CharField(blank=True, verbose_name="postcode", max_length=10),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="street",
-            field=models.CharField(blank=True, verbose_name="street", max_length=60),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="website",
-            field=models.CharField(blank=True, verbose_name="website", max_length=64),
-        ),
-    ]
--- a/accounting/migrations/0004_auto_20161005_1505.py
+++ b/accounting/migrations/0004_auto_20161005_1505.py
@ -1,50 +0,0 @@
-from __future__ import unicode_literals
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0003_auto_20160824_2203")]
-
-    operations = [
-        migrations.CreateModel(
-            name="Label",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        verbose_name="ID",
-                        primary_key=True,
-                        auto_created=True,
-                        serialize=False,
-                    ),
-                ),
-                ("name", models.CharField(max_length=64, verbose_name="label")),
-                (
-                    "club_account",
-                    models.ForeignKey(
-                        related_name="labels",
-                        verbose_name="club account",
-                        to="accounting.ClubAccount",
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="label",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="operations",
-                null=True,
-                blank=True,
-                verbose_name="label",
-                to="accounting.Label",
-            ),
-        ),
-        migrations.AlterUniqueTogether(
-            name="label", unique_together={("name", "club_account")}
-        ),
-    ]
--- a/accounting/migrations/0005_auto_20170324_0917.py
+++ b/accounting/migrations/0005_auto_20170324_0917.py
@ -1,17 +0,0 @@
-from __future__ import unicode_literals
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0004_auto_20161005_1505")]
-
-    operations = [
-        migrations.AlterField(
-            model_name="operation",
-            name="remark",
-            field=models.CharField(
-                null=True, max_length=128, blank=True, verbose_name="comment"
-            ),
-        )
-    ]
--- a/accounting/models.py
+++ b/accounting/models.py
@ -1,520 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from decimal import Decimal
-
-from django.conf import settings
-from django.core import validators
-from django.core.exceptions import ValidationError
-from django.db import models
-from django.template import defaultfilters
-from django.urls import reverse
-from django.utils.translation import gettext_lazy as _
-from phonenumber_field.modelfields import PhoneNumberField
-
-from club.models import Club
-from core.models import SithFile, User
-
-
-class CurrencyField(models.DecimalField):
-    """Custom database field used for currency."""
-
-    def __init__(self, *args, **kwargs):
-        kwargs["max_digits"] = 12
-        kwargs["decimal_places"] = 2
-        super().__init__(*args, **kwargs)
-
-    def to_python(self, value):
-        try:
-            return super().to_python(value).quantize(Decimal("0.01"))
-        except AttributeError:
-            return None
-
-
-if settings.TESTING:
-    from model_bakery import baker
-
-    baker.generators.add(
-        CurrencyField,
-        lambda: baker.random_gen.gen_decimal(max_digits=8, decimal_places=2),
-    )
-else:  # pragma: no cover
-    # baker is only used in tests, so we don't need coverage for this part
-    pass
-
-
-# Accounting classes
-
-
-class Company(models.Model):
-    name = models.CharField(_("name"), max_length=60)
-    street = models.CharField(_("street"), max_length=60, blank=True)
-    city = models.CharField(_("city"), max_length=60, blank=True)
-    postcode = models.CharField(_("postcode"), max_length=10, blank=True)
-    country = models.CharField(_("country"), max_length=32, blank=True)
-    phone = PhoneNumberField(_("phone"), blank=True)
-    email = models.EmailField(_("email"), blank=True)
-    website = models.CharField(_("website"), max_length=64, blank=True)
-
-    class Meta:
-        verbose_name = _("company")
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:co_edit", kwargs={"co_id": self.id})
-
-    def get_display_name(self):
-        return self.name
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        return user.memberships.filter(
-            end_date=None, club__role=settings.SITH_CLUB_ROLES_ID["Treasurer"]
-        ).exists()
-
-    def can_be_viewed_by(self, user):
-        """Check if that object can be viewed by the given user."""
-        return user.memberships.filter(
-            end_date=None, club__role_gte=settings.SITH_CLUB_ROLES_ID["Treasurer"]
-        ).exists()
-
-
-class BankAccount(models.Model):
-    name = models.CharField(_("name"), max_length=30)
-    iban = models.CharField(_("iban"), max_length=255, blank=True)
-    number = models.CharField(_("account number"), max_length=255, blank=True)
-    club = models.ForeignKey(
-        Club,
-        related_name="bank_accounts",
-        verbose_name=_("club"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("Bank account")
-        ordering = ["club", "name"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:bank_details", kwargs={"b_account_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        m = self.club.get_membership_for(user)
-        return m is not None and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-
-class ClubAccount(models.Model):
-    name = models.CharField(_("name"), max_length=30)
-    club = models.ForeignKey(
-        Club,
-        related_name="club_account",
-        verbose_name=_("club"),
-        on_delete=models.CASCADE,
-    )
-    bank_account = models.ForeignKey(
-        BankAccount,
-        related_name="club_accounts",
-        verbose_name=_("bank account"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("Club account")
-        ordering = ["bank_account", "name"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:club_details", kwargs={"c_account_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        m = self.club.get_membership_for(user)
-        return m and m.role == settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def can_be_viewed_by(self, user):
-        """Check if that object can be viewed by the given user."""
-        m = self.club.get_membership_for(user)
-        return m and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def has_open_journal(self):
-        return self.journals.filter(closed=False).exists()
-
-    def get_open_journal(self):
-        return self.journals.filter(closed=False).first()
-
-    def get_display_name(self):
-        return _("%(club_account)s on %(bank_account)s") % {
-            "club_account": self.name,
-            "bank_account": self.bank_account,
-        }
-
-
-class GeneralJournal(models.Model):
-    """Class storing all the operations for a period of time."""
-
-    start_date = models.DateField(_("start date"))
-    end_date = models.DateField(_("end date"), null=True, blank=True, default=None)
-    name = models.CharField(_("name"), max_length=40)
-    closed = models.BooleanField(_("is closed"), default=False)
-    club_account = models.ForeignKey(
-        ClubAccount,
-        related_name="journals",
-        null=False,
-        verbose_name=_("club account"),
-        on_delete=models.CASCADE,
-    )
-    amount = CurrencyField(_("amount"), default=0)
-    effective_amount = CurrencyField(_("effective_amount"), default=0)
-
-    class Meta:
-        verbose_name = _("General journal")
-        ordering = ["-start_date"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:journal_details", kwargs={"j_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_viewed_by(self, user):
-        return self.club_account.can_be_viewed_by(user)
-
-    def update_amounts(self):
-        self.amount = 0
-        self.effective_amount = 0
-        for o in self.operations.all():
-            if o.accounting_type.movement_type == "CREDIT":
-                if o.done:
-                    self.effective_amount += o.amount
-                self.amount += o.amount
-            else:
-                if o.done:
-                    self.effective_amount -= o.amount
-                self.amount -= o.amount
-        self.save()
-
-
-class Operation(models.Model):
-    """An operation is a line in the journal, a debit or a credit."""
-
-    number = models.IntegerField(_("number"))
-    journal = models.ForeignKey(
-        GeneralJournal,
-        related_name="operations",
-        null=False,
-        verbose_name=_("journal"),
-        on_delete=models.CASCADE,
-    )
-    amount = CurrencyField(_("amount"))
-    date = models.DateField(_("date"))
-    remark = models.CharField(_("comment"), max_length=128, null=True, blank=True)
-    mode = models.CharField(
-        _("payment method"),
-        max_length=255,
-        choices=settings.SITH_ACCOUNTING_PAYMENT_METHOD,
-    )
-    cheque_number = models.CharField(
-        _("cheque number"), max_length=32, default="", null=True, blank=True
-    )
-    invoice = models.ForeignKey(
-        SithFile,
-        related_name="operations",
-        verbose_name=_("invoice"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    done = models.BooleanField(_("is done"), default=False)
-    simpleaccounting_type = models.ForeignKey(
-        "SimplifiedAccountingType",
-        related_name="operations",
-        verbose_name=_("simple type"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    accounting_type = models.ForeignKey(
-        "AccountingType",
-        related_name="operations",
-        verbose_name=_("accounting type"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    label = models.ForeignKey(
-        "Label",
-        related_name="operations",
-        verbose_name=_("label"),
-        null=True,
-        blank=True,
-        on_delete=models.SET_NULL,
-    )
-    target_type = models.CharField(
-        _("target type"),
-        max_length=10,
-        choices=[
-            ("USER", _("User")),
-            ("CLUB", _("Club")),
-            ("ACCOUNT", _("Account")),
-            ("COMPANY", _("Company")),
-            ("OTHER", _("Other")),
-        ],
-    )
-    target_id = models.IntegerField(_("target id"), null=True, blank=True)
-    target_label = models.CharField(
-        _("target label"), max_length=32, default="", blank=True
-    )
-    linked_operation = models.OneToOneField(
-        "self",
-        related_name="operation_linked_to",
-        verbose_name=_("linked operation"),
-        null=True,
-        blank=True,
-        default=None,
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        unique_together = ("number", "journal")
-        ordering = ["-number"]
-
-    def __str__(self):
-        return f"{self.amount} € | {self.date} | {self.accounting_type} | {self.done}"
-
-    def save(self, *args, **kwargs):
-        if self.number is None:
-            self.number = self.journal.operations.count() + 1
-        super().save(*args, **kwargs)
-        self.journal.update_amounts()
-
-    def get_absolute_url(self):
-        return reverse("accounting:journal_details", kwargs={"j_id": self.journal.id})
-
-    def __getattribute__(self, attr):
-        if attr == "target":
-            return self.get_target()
-        else:
-            return object.__getattribute__(self, attr)
-
-    def clean(self):
-        super().clean()
-        if self.date is None:
-            raise ValidationError(_("The date must be set."))
-        elif self.date < self.journal.start_date:
-            raise ValidationError(
-                _(
-                    """The date can not be before the start date of the journal, which is
-%(start_date)s."""
-                )
-                % {
-                    "start_date": defaultfilters.date(
-                        self.journal.start_date, settings.DATE_FORMAT
-                    )
-                }
-            )
-        if self.target_type != "OTHER" and self.get_target() is None:
-            raise ValidationError(_("Target does not exists"))
-        if self.target_type == "OTHER" and self.target_label == "":
-            raise ValidationError(
-                _("Please add a target label if you set no existing target")
-            )
-        if not self.accounting_type and not self.simpleaccounting_type:
-            raise ValidationError(
-                _(
-                    "You need to provide ether a simplified accounting type or a standard accounting type"
-                )
-            )
-        if self.simpleaccounting_type:
-            self.accounting_type = self.simpleaccounting_type.accounting_type
-
-    @property
-    def target(self):
-        return self.get_target()
-
-    def get_target(self):
-        tar = None
-        if self.target_type == "USER":
-            tar = User.objects.filter(id=self.target_id).first()
-        elif self.target_type == "CLUB":
-            tar = Club.objects.filter(id=self.target_id).first()
-        elif self.target_type == "ACCOUNT":
-            tar = ClubAccount.objects.filter(id=self.target_id).first()
-        elif self.target_type == "COMPANY":
-            tar = Company.objects.filter(id=self.target_id).first()
-        return tar
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        if self.journal.closed:
-            return False
-        m = self.journal.club_account.club.get_membership_for(user)
-        return m is not None and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        if self.journal.closed:
-            return False
-        m = self.journal.club_account.club.get_membership_for(user)
-        return m is not None and m.role == settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-
-class AccountingType(models.Model):
-    """Accounting types.
-
-    Those are numbers used in accounting to classify operations
-    """
-
-    code = models.CharField(
-        _("code"),
-        max_length=16,
-        validators=[
-            validators.RegexValidator(
-                r"^[0-9]*$", _("An accounting type code contains only numbers")
-            )
-        ],
-    )
-    label = models.CharField(_("label"), max_length=128)
-    movement_type = models.CharField(
-        _("movement type"),
-        choices=[
-            ("CREDIT", _("Credit")),
-            ("DEBIT", _("Debit")),
-            ("NEUTRAL", _("Neutral")),
-        ],
-        max_length=12,
-    )
-
-    class Meta:
-        verbose_name = _("accounting type")
-        ordering = ["movement_type", "code"]
-
-    def __str__(self):
-        return self.code + " - " + self.get_movement_type_display() + " - " + self.label
-
-    def get_absolute_url(self):
-        return reverse("accounting:type_list")
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-
-class SimplifiedAccountingType(models.Model):
-    """Simplified version of `AccountingType`."""
-
-    label = models.CharField(_("label"), max_length=128)
-    accounting_type = models.ForeignKey(
-        AccountingType,
-        related_name="simplified_types",
-        verbose_name=_("simplified accounting types"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("simplified type")
-        ordering = ["accounting_type__movement_type", "accounting_type__code"]
-
-    def __str__(self):
-        return (
-            f"{self.get_movement_type_display()} "
-            f"- {self.accounting_type.code} - {self.label}"
-        )
-
-    def get_absolute_url(self):
-        return reverse("accounting:simple_type_list")
-
-    @property
-    def movement_type(self):
-        return self.accounting_type.movement_type
-
-    def get_movement_type_display(self):
-        return self.accounting_type.get_movement_type_display()
-
-
-class Label(models.Model):
-    """Label allow a club to sort its operations."""
-
-    name = models.CharField(_("label"), max_length=64)
-    club_account = models.ForeignKey(
-        ClubAccount,
-        related_name="labels",
-        verbose_name=_("club account"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        unique_together = ("name", "club_account")
-
-    def __str__(self):
-        return "%s (%s)" % (self.name, self.club_account.name)
-
-    def get_absolute_url(self):
-        return reverse(
-            "accounting:label_list", kwargs={"clubaccount_id": self.club_account.id}
-        )
-
-    def is_owned_by(self, user):
-        if user.is_anonymous:
-            return False
-        return self.club_account.is_owned_by(user)
-
-    def can_be_edited_by(self, user):
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_viewed_by(self, user):
-        return self.club_account.can_be_viewed_by(user)
--- a/accounting/schemas.py
+++ b/accounting/schemas.py
@ -1,15 +0,0 @@
-from ninja import ModelSchema
-
-from accounting.models import ClubAccount, Company
-
-
-class ClubAccountSchema(ModelSchema):
-    class Meta:
-        model = ClubAccount
-        fields = ["id", "name"]
-
-
-class CompanySchema(ModelSchema):
-    class Meta:
-        model = Company
-        fields = ["id", "name"]
--- a/accounting/static/bundled/accounting/components/ajax-select-index.ts
+++ b/accounting/static/bundled/accounting/components/ajax-select-index.ts
@ -1,60 +0,0 @@
-import { AjaxSelect } from "#core:core/components/ajax-select-base";
-import { registerComponent } from "#core:utils/web-components";
-import type { TomOption } from "tom-select/dist/types/types";
-import type { escape_html } from "tom-select/dist/types/utils";
-import {
-  type ClubAccountSchema,
-  type CompanySchema,
-  accountingSearchClubAccount,
-  accountingSearchCompany,
-} from "#openapi";
-
-@registerComponent("club-account-ajax-select")
-export class ClubAccountAjaxSelect extends AjaxSelect {
-  protected valueField = "id";
-  protected labelField = "name";
-  protected searchField = ["code", "name"];
-
-  protected async search(query: string): Promise<TomOption[]> {
-    const resp = await accountingSearchClubAccount({ query: { search: query } });
-    if (resp.data) {
-      return resp.data.results;
-    }
-    return [];
-  }
-
-  protected renderOption(item: ClubAccountSchema, sanitize: typeof escape_html) {
-    return `<div class="select-item">
-            <span class="select-item-text">${sanitize(item.name)}</span>
-          </div>`;
-  }
-
-  protected renderItem(item: ClubAccountSchema, sanitize: typeof escape_html) {
-    return `<span>${sanitize(item.name)}</span>`;
-  }
-}
-
-@registerComponent("company-ajax-select")
-export class CompanyAjaxSelect extends AjaxSelect {
-  protected valueField = "id";
-  protected labelField = "name";
-  protected searchField = ["code", "name"];
-
-  protected async search(query: string): Promise<TomOption[]> {
-    const resp = await accountingSearchCompany({ query: { search: query } });
-    if (resp.data) {
-      return resp.data.results;
-    }
-    return [];
-  }
-
-  protected renderOption(item: CompanySchema, sanitize: typeof escape_html) {
-    return `<div class="select-item">
-            <span class="select-item-text">${sanitize(item.name)}</span>
-          </div>`;
-  }
-
-  protected renderItem(item: CompanySchema, sanitize: typeof escape_html) {
-    return `<span>${sanitize(item.name)}</span>`;
-  }
-}
--- a/accounting/templates/accounting/accountingtype_list.jinja
+++ b/accounting/templates/accounting/accountingtype_list.jinja
@ -1,27 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Accounting type list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {% trans %}Accounting types{% endtrans %}
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:type_new') }}">{% trans %}New accounting type{% endtrans %}</a></p>
-    {% if accountingtype_list %}
-      <h3>{% trans %}Accounting type list{% endtrans %}</h3>
-      <ul>
-        {% for a in accountingtype_list  %}
-          <li><a href="{{ url('accounting:type_edit', type_id=a.id) }}">{{ a }}</a></li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no types in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-
--- a/accounting/templates/accounting/bank_account_details.jinja
+++ b/accounting/templates/accounting/bank_account_details.jinja
@ -1,38 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Bank account: {% endtrans %}{{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {{ object.name }}
-    </p>
-    <hr>
-    <h2>{% trans %}Bank account: {% endtrans %}{{ object.name }}</h2>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and not object.club_accounts.exists() %}
-      <a href="{{ url('accounting:bank_delete', b_account_id=object.id) }}">{% trans %}Delete{% endtrans %}</a>
-    {% endif %}
-    <h4>{% trans %}Infos{% endtrans %}</h4>
-    <ul>
-      <li><strong>{% trans %}IBAN: {% endtrans %}</strong>{{ object.iban }}</li>
-      <li><strong>{% trans %}Number: {% endtrans %}</strong>{{ object.number }}</li>
-    </ul>
-    <p><a href="{{ url('accounting:club_new') }}?parent={{ object.id }}">{% trans %}New club account{% endtrans %}</a></p>
-    <ul>
-      {% for c in object.club_accounts.all() %}
-        <li><a href="{{ url('accounting:club_details', c_account_id=c.id) }}">{{ c }}</a>
-          - <a href="{{ url('accounting:club_edit', c_account_id=c.id) }}">{% trans %}Edit{% endtrans %}</a>
-          {% if c.journals.count() == 0 %}
-            - <a href="{{ url('accounting:club_delete', c_account_id=c.id) }}">{% trans %}Delete{% endtrans %}</a>
-          {% endif %}
-        </li>
-      {% endfor %}
-    </ul>
-  </div>
-{% endblock %}
-
-
-
--- a/accounting/templates/accounting/bank_account_list.jinja
+++ b/accounting/templates/accounting/bank_account_list.jinja
@ -1,33 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Bank account list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <h4>
-      {% trans %}Accounting{% endtrans %}
-    </h4>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:simple_type_list') }}">{% trans %}Manage simplified types{% endtrans %}</a></p>
-      <p><a href="{{ url('accounting:type_list') }}">{% trans %}Manage accounting types{% endtrans %}</a></p>
-      <p><a href="{{ url('accounting:bank_new') }}">{% trans %}New bank account{% endtrans %}</a></p>
-    {% endif %}
-    {% if bankaccount_list %}
-      <h3>{% trans %}Bank account list{% endtrans %}</h3>
-      <ul>
-        {% for a in object_list  %}
-          <li><a href="{{ url('accounting:bank_details', b_account_id=a.id) }}">{{ a }}</a>
-            - <a href="{{ url('accounting:bank_edit', b_account_id=a.id) }}">{% trans %}Edit{% endtrans %}</a>
-          </li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no accounts in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-
-
-
--- a/accounting/templates/accounting/club_account_details.jinja
+++ b/accounting/templates/accounting/club_account_details.jinja
@ -1,68 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Club account:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.bank_account.id) }}">{{object.bank_account }}</a> >
-      {{ object }}
-    </p>
-    <hr>
-    <h2>{% trans %}Club account:{% endtrans %} {{ object.name }}</h2>
-    {% if user.is_root and not object.journals.exists() %}
-      <a href="{{ url('accounting:club_delete', c_account_id=object.id) }}">{% trans %}Delete{% endtrans %}</a>
-    {% endif %}
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:label_new') }}?parent={{ object.id }}">{% trans %}New label{% endtrans %}</a></p>
-    {% endif %}
-    <p><a href="{{ url('accounting:label_list', clubaccount_id=object.id) }}">{% trans %}Label list{% endtrans %}</a></p>
-    {% if not object.has_open_journal() %}
-      <p><a href="{{ url('accounting:journal_new') }}?parent={{ object.id }}">{% trans %}New journal{% endtrans %}</a></p>
-    {% else %}
-      <p>{% trans %}You can not create new journal while you still have one opened{% endtrans %}</p>
-    {% endif %}
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Name{% endtrans %}</td>
-          <td>{% trans %}Start{% endtrans %}</td>
-          <td>{% trans %}End{% endtrans %}</td>
-          <td>{% trans %}Amount{% endtrans %}</td>
-          <td>{% trans %}Effective amount{% endtrans %}</td>
-          <td>{% trans %}Closed{% endtrans %}</td>
-          <td>{% trans %}Actions{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for j in object.journals.all() %}
-          <tr>
-            <td>{{ j.name }}</td>
-            <td>{{ j.start_date }}</td>
-            {% if j.end_date %}
-              <td>{{ j.end_date }}</td>
-            {% else %}
-              <td> - </td>
-            {% endif %}
-            <td>{{ j.amount }} €</td>
-            <td>{{ j.effective_amount }} €</td>
-            {% if j.closed %}
-              <td>{% trans %}Yes{% endtrans %}</td>
-            {% else %}
-              <td>{% trans %}No{% endtrans %}</td>
-            {% endif %}
-            <td> <a href="{{ url('accounting:journal_details', j_id=j.id) }}">{% trans %}View{% endtrans %}</a>
-              <a href="{{ url('accounting:journal_edit', j_id=j.id) }}">{% trans %}Edit{% endtrans %}</a>
-              {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and j.operations.count() == 0 %}
-                <a href="{{ url('accounting:journal_delete', j_id=j.id) }}">{% trans %}Delete{% endtrans %}</a>
-              {% endif %}
-            </td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-  </div>
-{% endblock %}
--- a/accounting/templates/accounting/co_list.jinja
+++ b/accounting/templates/accounting/co_list.jinja
@ -1,30 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Company list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    {% if user.is_root
-    or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-    %}
-    <p><a href="{{ url('accounting:co_new') }}">{% trans %}Create new company{% endtrans %}</a></p>
-{% endif %}
-<br/>
-<table>
-  <thead>
-    <tr>
-      <td>{% trans %}Companies{% endtrans %}</td>
-    </tr>
-  </thead>
-  <tbody>
-    {% for o in object_list %}
-      <tr>
-        <td><a href="{{ url('accounting:co_edit', co_id=o.id) }}">{{ o.get_display_name() }}</a></td>
-      </tr>
-    {% endfor %}
-  </tbody>
-</table>
-</div>
-{% endblock %}
--- a/accounting/templates/accounting/journal_details.jinja
+++ b/accounting/templates/accounting/journal_details.jinja
@ -1,103 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.club_account.bank_account.id) }}">{{object.club_account.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.club_account.id) }}">{{ object.club_account }}</a> >
-      {{ object.name }}
-    </p>
-    <hr>
-    <h2>{% trans %}General journal:{% endtrans %} {{ object.name }}</h2>
-    <p><a href="{{ url('accounting:label_new') }}?parent={{ object.club_account.id }}">{% trans %}New label{% endtrans %}</a></p>
-    <p><a href="{{ url('accounting:label_list', clubaccount_id=object.club_account.id) }}">{% trans %}Label list{% endtrans %}</a></p>
-    <p><a href="{{ url('accounting:co_list') }}">{% trans %}Company list{% endtrans %}</a></p>
-    <p><strong>{% trans %}Amount: {% endtrans %}</strong>{{ object.amount }} € -
-      <strong>{% trans %}Effective amount: {% endtrans %}</strong>{{ object.effective_amount }} €</p>
-    {% if object.closed %}
-      <p>{% trans %}Journal is closed, you can not create operation{% endtrans %}</p>
-    {% else %}
-      <p><a href="{{ url('accounting:op_new', j_id=object.id) }}">{% trans %}New operation{% endtrans %}</a></p>
-      </br>
-    {% endif %}
-    <div class="journal-table">
-      <table>
-        <thead>
-          <tr>
-            <td>{% trans %}Nb{% endtrans %}</td>
-            <td>{% trans %}Date{% endtrans %}</td>
-            <td>{% trans %}Label{% endtrans %}</td>
-            <td>{% trans %}Amount{% endtrans %}</td>
-            <td>{% trans %}Payment mode{% endtrans %}</td>
-            <td>{% trans %}Target{% endtrans %}</td>
-            <td>{% trans %}Code{% endtrans %}</td>
-            <td>{% trans %}Nature{% endtrans %}</td>
-            <td>{% trans %}Done{% endtrans %}</td>
-            <td>{% trans %}Comment{% endtrans %}</td>
-            <td>{% trans %}File{% endtrans %}</td>
-            <td>{% trans %}Actions{% endtrans %}</td>
-            <td>{% trans %}PDF{% endtrans %}</td>
-          </tr>
-        </thead>
-        <tbody>
-          {% for o in object.operations.all() %}
-            <tr>
-              <td>{{ o.number }}</td>
-              <td>{{ o.date }}</td>
-              <td>{{ o.label or "" }}</td>
-              {% if o.accounting_type.movement_type == "DEBIT" %}
-                <td class="neg-amount">&nbsp;{{ o.amount }}&nbsp;€</td>
-              {% else %}
-                <td class="pos-amount">&nbsp;{{ o.amount }}&nbsp;€</td>
-              {% endif %}
-              <td>{{ o.get_mode_display() }}</td>
-              {% if o.target_type == "OTHER" %}
-                <td>{{ o.target_label }}</td>
-              {% else %}
-                <td><a href="{{ o.target.get_absolute_url() }}">{{ o.target.get_display_name() }}</a></td>
-              {% endif %}
-              <td>{{ o.accounting_type.code }}</td>
-              <td>{{ o.accounting_type.label }}</td>
-              {% if o.done %}
-                <td>{% trans %}Yes{% endtrans %}</td>
-              {% else %}
-                <td>{% trans %}No{% endtrans %}</td>
-              {% endif %}
-              <td>{{ o.remark }}
-                {% if not o.linked_operation and o.target_type == "ACCOUNT" and not o.target.has_open_journal() %}
-                  <p><strong>
-                    {% trans %}Warning: this operation has no linked operation because the targeted club account has no opened journal.{% endtrans %}
-                  </strong></p>
-                  <p><strong>
-                    {% trans url=o.target.get_absolute_url() %}Open a journal in <a href="{{ url }}">this club account</a>, then save this operation again to make the linked operation.{% endtrans %}
-                  </strong></p>
-                {% endif %}
-              </td>
-              {% if o.invoice %}
-                <td><a href="{{ url('core:download', file_id=o.invoice.id) }}">{{ o.invoice.name }}</a></td>
-              {% else %}
-                <td>-</td>
-              {% endif %}
-              <td>
-                {%
-                if o.journal.club_account.bank_account.name not in ["AE TI", "TI"]
-                or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-                %}
-                {% if not o.journal.closed %}
-                  <a href="{{ url('accounting:op_edit', op_id=o.id) }}">{% trans %}Edit{% endtrans %}</a>
-                {% endif %}
-          {% endif %}
-        </td>
-        <td><a href="{{ url('accounting:op_pdf', op_id=o.id) }}">{% trans %}Generate{% endtrans %}</a></td>
-      </tr>
-{% endfor %}
-</tbody>
-</table>
-</div>
-</div>
-{% endblock %}
--- a/accounting/templates/accounting/journal_statement_accounting.jinja
+++ b/accounting/templates/accounting/journal_statement_accounting.jinja
@ -1,33 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-
-{% block content %}
-  <div id="accounting">
-    <h3>{% trans %}Accounting statement: {% endtrans %} {{ object.name }}</h3>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Operation type{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in statement.items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p><strong>{% trans %}Amount: {% endtrans %}</strong>{{ "%.2f" % object.amount }} €</p>
-    <p><strong>{% trans %}Effective amount: {% endtrans %}</strong>{{ "%.2f" %object.effective_amount }} €</p>
-  </div>
-{% endblock %}
--- a/accounting/templates/accounting/journal_statement_nature.jinja
+++ b/accounting/templates/accounting/journal_statement_nature.jinja
@ -1,57 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% macro display_tables(dict) %}
-  <div id="accounting">
-    <h6>{% trans %}Credit{% endtrans %}</h6>
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Nature of operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in dict['CREDIT'].items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-    {% trans %}Total: {% endtrans %}{{ "%.2f" % dict['CREDIT_sum'] }}
-
-    <h6>{% trans %}Debit{% endtrans %}</h6>
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Nature of operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in dict['DEBIT'].items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-    {% trans %}Total: {% endtrans %}{{ "%.2f" % dict['DEBIT_sum'] }}
-{% endmacro %}
-
-{% block content %}
-  <h3>{% trans %}Statement by nature: {% endtrans %} {{ object.name }}</h3>
-
-  {% for k,v in statement.items() %}
-    <h4 style="background: lightblue; padding: 4px;">{{ k }} : {{ "%.2f" % (v['CREDIT_sum'] - v['DEBIT_sum']) }}</h4>
-    {{ display_tables(v) }}
-    <hr>
-  {% endfor %}
-  </div>
-{% endblock %}
--- a/accounting/templates/accounting/journal_statement_person.jinja
+++ b/accounting/templates/accounting/journal_statement_person.jinja
@ -1,68 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-
-{% block content %}
-  <div id="accounting">
-    <h3>{% trans %}Statement by person: {% endtrans %} {{ object.name }}</h3>
-
-    <h4>{% trans %}Credit{% endtrans %}</h4>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Target of the operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for key in credit_statement.keys() %}
-          <tr>
-            {% if key.target_type == "OTHER" %}
-              <td>{{ o.target_label }}</td>
-            {% elif key %}
-              <td><a href="{{ key.get_absolute_url() }}">{{ key.get_display_name() }}</a></td>
-            {% else %}
-              <td></td>
-            {% endif %}
-            <td>{{ "%.2f" % credit_statement[key] }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p>Total : {{ "%.2f" % total_credit }}</p>
-
-    <h4>{% trans %}Debit{% endtrans %}</h4>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Target of the operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for key in debit_statement.keys() %}
-          <tr>
-            {% if key.target_type == "OTHER" %}
-              <td>{{ o.target_label }}</td>
-            {% elif key %}
-              <td><a href="{{ key.get_absolute_url() }}">{{ key.get_display_name() }}</a></td>
-            {% else %}
-              <td></td>
-            {% endif %}
-            <td>{{ "%.2f" % debit_statement[key] }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p>Total : {{ "%.2f" % total_debit }}</p>
-  </div>
-{% endblock %}
--- a/accounting/templates/accounting/label_list.jinja
+++ b/accounting/templates/accounting/label_list.jinja
@ -1,36 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Label list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.bank_account.id) }}">{{object.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.id) }}">{{ object }}</a>
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:club_details', c_account_id=object.id) }}">{% trans %}Back to club account{% endtrans %}</a></p>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:label_new') }}?parent={{ object.id }}">{% trans %}New label{% endtrans %}</a></p>
-    {% endif %}
-    {% if object.labels.all() %}
-      <h3>{% trans %}Label list{% endtrans %}</h3>
-      <ul>
-        {% for l in object.labels.all()  %}
-          <li><a href="{{ url('accounting:label_edit', label_id=l.id) }}">{{ l }}</a>
-            {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-              -
-              <a href="{{ url('accounting:label_delete', label_id=l.id) }}">{% trans %}Delete{% endtrans %}</a>
-            {% endif %}
-          </li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no label in this club account.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-
--- a/accounting/templates/accounting/operation_edit.jinja
+++ b/accounting/templates/accounting/operation_edit.jinja
@ -1,123 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Edit operation{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.club_account.bank_account.id) }}">{{object.club_account.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.club_account.id) }}">{{ object.club_account }}</a> >
-      <a href="{{ url('accounting:journal_details', j_id=object.id) }}">{{ object.name }}</a> >
-      {% trans %}Edit operation{% endtrans %}
-    </p>
-    <hr>
-    <h2>{% trans %}Edit operation{% endtrans %}</h2>
-    <form action="" method="post">
-      {% csrf_token %}
-      {{ form.non_field_errors() }}
-      {{ form.journal }}
-      {{ form.target_id }}
-      <p>{{ form.amount.errors }}<label for="{{ form.amount.name }}">{{ form.amount.label }}</label> {{ form.amount }}</p>
-      <p>{{ form.remark.errors }}<label for="{{ form.remark.name }}">{{ form.remark.label }}</label> {{ form.remark }}</p>
-      <br />
-      <strong>{% trans %}Warning: if you select <em>Account</em>, the opposite operation will be created in the target account. If you don't want that, select <em>Club</em> instead of <em>Account</em>.{% endtrans %}</strong>
-      <p>{{ form.target_type.errors }}<label for="{{ form.target_type.name }}">{{ form.target_type.label }}</label> {{ form.target_type }}</p>
-      {{ form.user }}
-      {{ form.club }}
-      {{ form.club_account }}
-      {{ form.company }}
-      {{ form.target_label }}
-      <span id="id_need_link_full"><label>{{ form.need_link.label }}</label> {{ form.need_link }}</span>
-      <p>{{ form.date.errors }}<label for="{{ form.date.name }}">{{ form.date.label }}</label> {{ form.date }}</p>
-      <p>{{ form.mode.errors }}<label for="{{ form.mode.name }}">{{ form.mode.label }}</label> {{ form.mode }}</p>
-      <p>{{ form.cheque_number.errors }}<label for="{{ form.cheque_number.name }}">{{ form.cheque_number.label }}</label> {{
-        form.cheque_number }}</p>
-      <p>{{ form.invoice.errors }}<label for="{{ form.invoice.name }}">{{ form.invoice.label }}</label> {{ form.invoice }}</p>
-      <p>{{ form.simpleaccounting_type.errors }}<label for="{{ form.simpleaccounting_type.name }}">{{
-        form.simpleaccounting_type.label }}</label> {{ form.simpleaccounting_type }}</p>
-      <p>{{ form.accounting_type.errors }}<label for="{{ form.accounting_type.name }}">{{ form.accounting_type.label }}</label> {{
-        form.accounting_type }}</p>
-      <p>{{ form.label.errors }}<label for="{{ form.label.name }}">{{ form.label.label }}</label> {{ form.label }}</p>
-      <p>{{ form.done.errors }}<label for="{{ form.done.name }}">{{ form.done.label }}</label> {{ form.done }}</p>
-      {% if form.instance.linked_operation %}
-        {% set obj = form.instance.linked_operation %}
-        <p><strong>{% trans %}Linked operation:{% endtrans %}</strong><br>
-          <a href="{{ url('accounting:bank_details', b_account_id=obj.journal.club_account.bank_account.id) }}">
-            {{obj.journal.club_account.bank_account }}</a> >
-          <a href="{{ url('accounting:club_details', c_account_id=obj.journal.club_account.id) }}">{{ obj.journal.club_account }}</a> >
-          <a href="{{ url('accounting:journal_details', j_id=obj.journal.id) }}">{{ obj.journal }}</a> >
-          n°{{ obj.number }}
-        </p>
-      {% endif %}
-      <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
-    </form>
-{% endblock %}
-
-{% block script %}
-  {{ super() }}
-  <script>
-    $( function() {
-      var target_type = $('#id_target_type');
-      var user = $('user-ajax-select');
-      var club = $('club-ajax-select');
-      var club_account = $('club-account-ajax-select');
-      var company = $('company-ajax-select');
-      var other = $('#id_target_label');
-      var need_link = $('#id_need_link_full');
-      function update_targets () {
-        if (target_type.val() == "USER") {
-          console.log(user);
-          user.show();
-          club.hide();
-          club_account.hide();
-          company.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "ACCOUNT") {
-          club_account.show();
-          need_link.show();
-          user.hide();
-          club.hide();
-          company.hide();
-          other.hide();
-        } else if (target_type.val() == "CLUB") {
-          club.show();
-          user.hide();
-          club_account.hide();
-          company.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "COMPANY") {
-          company.show();
-          user.hide();
-          club_account.hide();
-          club.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "OTHER") {
-          other.show();
-          user.hide();
-          club.hide();
-          club_account.hide();
-          company.hide();
-          need_link.hide();
-        } else {
-          company.hide();
-          user.hide();
-          club_account.hide();
-          club.hide();
-          other.hide();
-          need_link.hide();
-        }
-      }
-      update_targets();
-      target_type.change(update_targets);
-    } );
-  </script>
-  </div>
-{% endblock %}
-
-
--- a/accounting/templates/accounting/simplifiedaccountingtype_list.jinja
+++ b/accounting/templates/accounting/simplifiedaccountingtype_list.jinja
@ -1,27 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Simplified type list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {% trans %}Simplified types{% endtrans %}
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:simple_type_new') }}">{% trans %}New simplified type{% endtrans %}</a></p>
-    {% if simplifiedaccountingtype_list %}
-      <h3>{% trans %}Simplified type list{% endtrans %}</h3>
-      <ul>
-        {% for a in simplifiedaccountingtype_list  %}
-          <li><a href="{{ url('accounting:simple_type_edit', type_id=a.id) }}">{{ a }}</a></li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no types in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-
--- a/accounting/tests.py
+++ b/accounting/tests.py
@ -1,292 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from datetime import date, timedelta
-
-from django.test import TestCase
-from django.urls import reverse
-
-from accounting.models import (
-    AccountingType,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-from core.models import User
-
-
-class TestRefoundAccount(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.skia = User.objects.get(username="skia")
-        # reffil skia's account
-        cls.skia.customer.amount = 800
-        cls.skia.customer.save()
-        cls.refound_account_url = reverse("accounting:refound_account")
-
-    def test_permission_denied(self):
-        self.client.force_login(User.objects.get(username="guy"))
-        response_post = self.client.post(
-            self.refound_account_url, {"user": self.skia.id}
-        )
-        response_get = self.client.get(self.refound_account_url)
-        assert response_get.status_code == 403
-        assert response_post.status_code == 403
-
-    def test_root_granteed(self):
-        self.client.force_login(User.objects.get(username="root"))
-        response = self.client.post(self.refound_account_url, {"user": self.skia.id})
-        self.assertRedirects(response, self.refound_account_url)
-        self.skia.refresh_from_db()
-        response = self.client.get(self.refound_account_url)
-        assert response.status_code == 200
-        assert '<form action="" method="post">' in str(response.content)
-        assert self.skia.customer.amount == 0
-
-    def test_comptable_granteed(self):
-        self.client.force_login(User.objects.get(username="comptable"))
-        response = self.client.post(self.refound_account_url, {"user": self.skia.id})
-        self.assertRedirects(response, self.refound_account_url)
-        self.skia.refresh_from_db()
-        response = self.client.get(self.refound_account_url)
-        assert response.status_code == 200
-        assert '<form action="" method="post">' in str(response.content)
-        assert self.skia.customer.amount == 0
-
-
-class TestJournal(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.journal = GeneralJournal.objects.get(id=1)
-
-    def test_permission_granted(self):
-        self.client.force_login(User.objects.get(username="comptable"))
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-
-        assert response_get.status_code == 200
-        assert "<td>M\\xc3\\xa9thode de paiement</td>" in str(response_get.content)
-
-    def test_permission_not_granted(self):
-        self.client.force_login(User.objects.get(username="skia"))
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-
-        assert response_get.status_code == 403
-        assert "<td>M\xc3\xa9thode de paiement</td>" not in str(response_get.content)
-
-
-class TestOperation(TestCase):
-    def setUp(self):
-        self.tomorrow_formatted = (date.today() + timedelta(days=1)).strftime(
-            "%d/%m/%Y"
-        )
-        self.journal = GeneralJournal.objects.filter(id=1).first()
-        self.skia = User.objects.filter(username="skia").first()
-        at = AccountingType(
-            code="443", label="Ce code n'existe pas", movement_type="CREDIT"
-        )
-        at.save()
-        label = Label.objects.create(club_account=self.journal.club_account, name="bob")
-        self.client.force_login(User.objects.get(username="comptable"))
-        self.op1 = Operation(
-            journal=self.journal,
-            date=date.today(),
-            amount=1,
-            remark="Test bilan",
-            mode="CASH",
-            done=True,
-            label=label,
-            accounting_type=at,
-            target_type="USER",
-            target_id=self.skia.id,
-        )
-        self.op1.save()
-        self.op2 = Operation(
-            journal=self.journal,
-            date=date.today(),
-            amount=2,
-            remark="Test bilan",
-            mode="CASH",
-            done=True,
-            label=label,
-            accounting_type=at,
-            target_type="USER",
-            target_id=self.skia.id,
-        )
-        self.op2.save()
-
-    def test_new_operation(self):
-        at = AccountingType.objects.get(code="604")
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de la nuit",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": at.id,
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertFalse(response.status_code == 403)
-        self.assertTrue(
-            self.journal.operations.filter(
-                target_label="Le fantome de la nuit"
-            ).exists()
-        )
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-        self.assertTrue("<td>Le fantome de la nuit</td>" in str(response_get.content))
-
-    def test_bad_new_operation(self):
-        AccountingType.objects.get(code="604")
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de la nuit",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": "",
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertTrue(
-            "Vous devez fournir soit un type comptable simplifi\\xc3\\xa9 ou un type comptable standard"
-            in str(response.content)
-        )
-
-    def test_new_operation_not_authorized(self):
-        self.client.force_login(self.skia)
-        at = AccountingType.objects.filter(code="604").first()
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome du jour",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": at.id,
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertTrue(response.status_code == 403)
-        self.assertFalse(
-            self.journal.operations.filter(target_label="Le fantome du jour").exists()
-        )
-
-    def test_operation_simple_accounting(self):
-        sat = SimplifiedAccountingType.objects.all().first()
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 23,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de l'aurore",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": sat.id,
-                "accounting_type": "",
-                "label": "",
-                "done": False,
-            },
-        )
-        assert response.status_code != 403
-        assert self.journal.operations.filter(amount=23).exists()
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-        assert "<td>Le fantome de l&#39;aurore</td>" in str(response_get.content)
-
-        assert (
-            self.journal.operations.filter(amount=23)
-            .values("accounting_type")
-            .first()["accounting_type"]
-            == AccountingType.objects.filter(code=6).values("id").first()["id"]
-        )
-
-    def test_nature_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_nature_statement", args=[self.journal.id])
-        )
-        self.assertContains(response, "bob (Troll Penché) : 3.00", status_code=200)
-
-    def test_person_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_person_statement", args=[self.journal.id])
-        )
-        self.assertContains(response, "Total : 5575.72", status_code=200)
-        self.assertContains(response, "Total : 71.42")
-        content = response.content.decode()
-        self.assertInHTML(
-            """<td><a href="/user/1/">S&#39; Kia</a></td><td>3.00</td>""", content
-        )
-        self.assertInHTML(
-            """<td><a href="/user/1/">S&#39; Kia</a></td><td>823.00</td>""", content
-        )
-
-    def test_accounting_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_accounting_statement", args=[self.journal.id])
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            """
-            <tr>
-                <td>443 - Crédit - Ce code n&#39;existe pas</td>
-                <td>3.00</td>
-            </tr>""",
-            response.content.decode(),
-        )
-        self.assertContains(
-            response,
-            """
-    <p><strong>Montant : </strong>-5504.30 €</p>
-    <p><strong>Montant effectif: </strong>-5504.30 €</p>""",
-        )
--- a/accounting/urls.py
+++ b/accounting/urls.py
@ -1,173 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from django.urls import path
-
-from accounting.views import (
-    AccountingTypeCreateView,
-    AccountingTypeEditView,
-    AccountingTypeListView,
-    BankAccountCreateView,
-    BankAccountDeleteView,
-    BankAccountDetailView,
-    BankAccountEditView,
-    BankAccountListView,
-    ClubAccountCreateView,
-    ClubAccountDeleteView,
-    ClubAccountDetailView,
-    ClubAccountEditView,
-    CompanyCreateView,
-    CompanyEditView,
-    CompanyListView,
-    JournalAccountingStatementView,
-    JournalCreateView,
-    JournalDeleteView,
-    JournalDetailView,
-    JournalEditView,
-    JournalNatureStatementView,
-    JournalPersonStatementView,
-    LabelCreateView,
-    LabelDeleteView,
-    LabelEditView,
-    LabelListView,
-    OperationCreateView,
-    OperationEditView,
-    OperationPDFView,
-    RefoundAccountView,
-    SimplifiedAccountingTypeCreateView,
-    SimplifiedAccountingTypeEditView,
-    SimplifiedAccountingTypeListView,
-)
-
-urlpatterns = [
-    # Accounting types
-    path(
-        "simple_type/",
-        SimplifiedAccountingTypeListView.as_view(),
-        name="simple_type_list",
-    ),
-    path(
-        "simple_type/create/",
-        SimplifiedAccountingTypeCreateView.as_view(),
-        name="simple_type_new",
-    ),
-    path(
-        "simple_type/<int:type_id>/edit/",
-        SimplifiedAccountingTypeEditView.as_view(),
-        name="simple_type_edit",
-    ),
-    # Accounting types
-    path("type/", AccountingTypeListView.as_view(), name="type_list"),
-    path("type/create/", AccountingTypeCreateView.as_view(), name="type_new"),
-    path(
-        "type/<int:type_id>/edit/",
-        AccountingTypeEditView.as_view(),
-        name="type_edit",
-    ),
-    # Bank accounts
-    path("", BankAccountListView.as_view(), name="bank_list"),
-    path("bank/create", BankAccountCreateView.as_view(), name="bank_new"),
-    path(
-        "bank/<int:b_account_id>/",
-        BankAccountDetailView.as_view(),
-        name="bank_details",
-    ),
-    path(
-        "bank/<int:b_account_id>/edit/",
-        BankAccountEditView.as_view(),
-        name="bank_edit",
-    ),
-    path(
-        "bank/<int:b_account_id>/delete/",
-        BankAccountDeleteView.as_view(),
-        name="bank_delete",
-    ),
-    # Club accounts
-    path("club/create/", ClubAccountCreateView.as_view(), name="club_new"),
-    path(
-        "club/<int:c_account_id>/",
-        ClubAccountDetailView.as_view(),
-        name="club_details",
-    ),
-    path(
-        "club/<int:c_account_id>/edit/",
-        ClubAccountEditView.as_view(),
-        name="club_edit",
-    ),
-    path(
-        "club/<int:c_account_id>/delete/",
-        ClubAccountDeleteView.as_view(),
-        name="club_delete",
-    ),
-    # Journals
-    path("journal/create/", JournalCreateView.as_view(), name="journal_new"),
-    path(
-        "journal/<int:j_id>/",
-        JournalDetailView.as_view(),
-        name="journal_details",
-    ),
-    path(
-        "journal/<int:j_id>/edit/",
-        JournalEditView.as_view(),
-        name="journal_edit",
-    ),
-    path(
-        "journal/<int:j_id>/delete/",
-        JournalDeleteView.as_view(),
-        name="journal_delete",
-    ),
-    path(
-        "journal/<int:j_id>/statement/nature/",
-        JournalNatureStatementView.as_view(),
-        name="journal_nature_statement",
-    ),
-    path(
-        "journal/<int:j_id>/statement/person/",
-        JournalPersonStatementView.as_view(),
-        name="journal_person_statement",
-    ),
-    path(
-        "journal/<int:j_id>/statement/accounting/",
-        JournalAccountingStatementView.as_view(),
-        name="journal_accounting_statement",
-    ),
-    # Operations
-    path(
-        "operation/create/<int:j_id>/",
-        OperationCreateView.as_view(),
-        name="op_new",
-    ),
-    path("operation/<int:op_id>/", OperationEditView.as_view(), name="op_edit"),
-    path("operation/<int:op_id>/pdf/", OperationPDFView.as_view(), name="op_pdf"),
-    # Companies
-    path("company/list/", CompanyListView.as_view(), name="co_list"),
-    path("company/create/", CompanyCreateView.as_view(), name="co_new"),
-    path("company/<int:co_id>/", CompanyEditView.as_view(), name="co_edit"),
-    # Labels
-    path("label/new/", LabelCreateView.as_view(), name="label_new"),
-    path(
-        "label/<int:clubaccount_id>/",
-        LabelListView.as_view(),
-        name="label_list",
-    ),
-    path("label/<int:label_id>/edit/", LabelEditView.as_view(), name="label_edit"),
-    path(
-        "label/<int:label_id>/delete/",
-        LabelDeleteView.as_view(),
-        name="label_delete",
-    ),
-    # User account
-    path("refound/account/", RefoundAccountView.as_view(), name="refound_account"),
-]
--- a/accounting/views.py
+++ b/accounting/views.py
@ -1,893 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-import collections
-
-from django import forms
-from django.conf import settings
-from django.core.exceptions import PermissionDenied, ValidationError
-from django.db import transaction
-from django.db.models import Sum
-from django.forms import HiddenInput
-from django.forms.models import modelform_factory
-from django.http import HttpResponse
-from django.urls import reverse, reverse_lazy
-from django.utils.translation import gettext_lazy as _
-from django.views.generic import DetailView, ListView
-from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateView
-
-from accounting.models import (
-    AccountingType,
-    BankAccount,
-    ClubAccount,
-    Company,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-from accounting.widgets.select import (
-    AutoCompleteSelectClubAccount,
-    AutoCompleteSelectCompany,
-)
-from club.models import Club
-from club.widgets.select import AutoCompleteSelectClub
-from core.models import User
-from core.views import (
-    CanCreateMixin,
-    CanEditMixin,
-    CanEditPropMixin,
-    CanViewMixin,
-    TabedViewMixin,
-)
-from core.views.forms import SelectDate, SelectFile
-from core.views.widgets.select import AutoCompleteSelectUser
-from counter.models import Counter, Product, Selling
-
-# Main accounting view
-
-
-class BankAccountListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = BankAccount
-    template_name = "accounting/bank_account_list.jinja"
-    ordering = ["name"]
-
-
-# Simplified accounting types
-
-
-class SimplifiedAccountingTypeListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = SimplifiedAccountingType
-    template_name = "accounting/simplifiedaccountingtype_list.jinja"
-
-
-class SimplifiedAccountingTypeEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = SimplifiedAccountingType
-    pk_url_kwarg = "type_id"
-    fields = ["label", "accounting_type"]
-    template_name = "core/edit.jinja"
-
-
-class SimplifiedAccountingTypeCreateView(CanCreateMixin, CreateView):
-    """Create an accounting type (for the admins)."""
-
-    model = SimplifiedAccountingType
-    fields = ["label", "accounting_type"]
-    template_name = "core/create.jinja"
-
-
-# Accounting types
-
-
-class AccountingTypeListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = AccountingType
-    template_name = "accounting/accountingtype_list.jinja"
-
-
-class AccountingTypeEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = AccountingType
-    pk_url_kwarg = "type_id"
-    fields = ["code", "label", "movement_type"]
-    template_name = "core/edit.jinja"
-
-
-class AccountingTypeCreateView(CanCreateMixin, CreateView):
-    """Create an accounting type (for the admins)."""
-
-    model = AccountingType
-    fields = ["code", "label", "movement_type"]
-    template_name = "core/create.jinja"
-
-
-# BankAccount views
-
-
-class BankAccountEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    fields = ["name", "iban", "number", "club"]
-    template_name = "core/edit.jinja"
-
-
-class BankAccountDetailView(CanViewMixin, DetailView):
-    """A detail view, listing every club account."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    template_name = "accounting/bank_account_details.jinja"
-
-
-class BankAccountCreateView(CanCreateMixin, CreateView):
-    """Create a bank account (for the admins)."""
-
-    model = BankAccount
-    fields = ["name", "club", "iban", "number"]
-    template_name = "core/create.jinja"
-
-
-class BankAccountDeleteView(
-    CanEditPropMixin, DeleteView
-):  # TODO change Delete to Close
-    """Delete a bank account (for the admins)."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:bank_list")
-
-
-# ClubAccount views
-
-
-class ClubAccountEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    fields = ["name", "club", "bank_account"]
-    template_name = "core/edit.jinja"
-
-
-class ClubAccountDetailView(CanViewMixin, DetailView):
-    """A detail view, listing every journal."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    template_name = "accounting/club_account_details.jinja"
-
-
-class ClubAccountCreateView(CanCreateMixin, CreateView):
-    """Create a club account (for the admins)."""
-
-    model = ClubAccount
-    fields = ["name", "club", "bank_account"]
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = BankAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["bank_account"] = obj.id
-        return ret
-
-
-class ClubAccountDeleteView(
-    CanEditPropMixin, DeleteView
-):  # TODO change Delete to Close
-    """Delete a club account (for the admins)."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:bank_list")
-
-
-# Journal views
-
-
-class JournalTabsMixin(TabedViewMixin):
-    def get_tabs_title(self):
-        return _("Journal")
-
-    def get_list_of_tabs(self):
-        return [
-            {
-                "url": reverse(
-                    "accounting:journal_details", kwargs={"j_id": self.object.id}
-                ),
-                "slug": "journal",
-                "name": _("Journal"),
-            },
-            {
-                "url": reverse(
-                    "accounting:journal_nature_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "nature_statement",
-                "name": _("Statement by nature"),
-            },
-            {
-                "url": reverse(
-                    "accounting:journal_person_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "person_statement",
-                "name": _("Statement by person"),
-            },
-            {
-                "url": reverse(
-                    "accounting:journal_accounting_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "accounting_statement",
-                "name": _("Accounting statement"),
-            },
-        ]
-
-
-class JournalCreateView(CanCreateMixin, CreateView):
-    """Create a general journal."""
-
-    model = GeneralJournal
-    form_class = modelform_factory(
-        GeneralJournal,
-        fields=["name", "start_date", "club_account"],
-        widgets={"start_date": SelectDate},
-    )
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = ClubAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["club_account"] = obj.id
-        return ret
-
-
-class JournalDetailView(JournalTabsMixin, CanViewMixin, DetailView):
-    """A detail view, listing every operation."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_details.jinja"
-    current_tab = "journal"
-
-
-class JournalEditView(CanEditMixin, UpdateView):
-    """Update a general journal."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    fields = ["name", "start_date", "end_date", "club_account", "closed"]
-    template_name = "core/edit.jinja"
-
-
-class JournalDeleteView(CanEditPropMixin, DeleteView):
-    """Delete a club account (for the admins)."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:club_details")
-
-    def dispatch(self, request, *args, **kwargs):
-        self.object = self.get_object()
-        if self.object.operations.count() == 0:
-            return super().dispatch(request, *args, **kwargs)
-        else:
-            raise PermissionDenied
-
-
-# Operation views
-
-
-class OperationForm(forms.ModelForm):
-    class Meta:
-        model = Operation
-        fields = [
-            "amount",
-            "remark",
-            "journal",
-            "target_type",
-            "target_id",
-            "target_label",
-            "date",
-            "mode",
-            "cheque_number",
-            "invoice",
-            "simpleaccounting_type",
-            "accounting_type",
-            "label",
-            "done",
-        ]
-        widgets = {
-            "journal": HiddenInput,
-            "target_id": HiddenInput,
-            "date": SelectDate,
-            "invoice": SelectFile,
-        }
-
-    user = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectUser,
-        queryset=User.objects.all(),
-    )
-    club_account = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectClubAccount,
-        queryset=ClubAccount.objects.all(),
-    )
-    club = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectClub,
-        queryset=Club.objects.all(),
-    )
-    company = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectCompany,
-        queryset=Company.objects.all(),
-    )
-    need_link = forms.BooleanField(
-        label=_("Link this operation to the target account"),
-        required=False,
-        initial=False,
-    )
-
-    def __init__(self, *args, **kwargs):
-        club_account = kwargs.pop("club_account", None)
-        super().__init__(*args, **kwargs)
-        if club_account:
-            self.fields["label"].queryset = club_account.labels.order_by("name").all()
-        if self.instance.target_type == "USER":
-            self.fields["user"].initial = self.instance.target_id
-        elif self.instance.target_type == "ACCOUNT":
-            self.fields["club_account"].initial = self.instance.target_id
-        elif self.instance.target_type == "CLUB":
-            self.fields["club"].initial = self.instance.target_id
-        elif self.instance.target_type == "COMPANY":
-            self.fields["company"].initial = self.instance.target_id
-
-    def clean(self):
-        self.cleaned_data = super().clean()
-        if "target_type" in self.cleaned_data:
-            if (
-                self.cleaned_data.get("user") is None
-                and self.cleaned_data.get("club") is None
-                and self.cleaned_data.get("club_account") is None
-                and self.cleaned_data.get("company") is None
-                and self.cleaned_data.get("target_label") == ""
-            ):
-                self.add_error(
-                    "target_type", ValidationError(_("The target must be set."))
-                )
-            else:
-                if self.cleaned_data["target_type"] == "USER":
-                    self.cleaned_data["target_id"] = self.cleaned_data["user"].id
-                elif self.cleaned_data["target_type"] == "ACCOUNT":
-                    self.cleaned_data["target_id"] = self.cleaned_data[
-                        "club_account"
-                    ].id
-                elif self.cleaned_data["target_type"] == "CLUB":
-                    self.cleaned_data["target_id"] = self.cleaned_data["club"].id
-                elif self.cleaned_data["target_type"] == "COMPANY":
-                    self.cleaned_data["target_id"] = self.cleaned_data["company"].id
-
-        if self.cleaned_data.get("amount") is None:
-            self.add_error("amount", ValidationError(_("The amount must be set.")))
-
-        return self.cleaned_data
-
-    def save(self):
-        ret = super().save()
-        if (
-            self.instance.target_type == "ACCOUNT"
-            and not self.instance.linked_operation
-            and self.instance.target.has_open_journal()
-            and self.cleaned_data["need_link"]
-        ):
-            inst = self.instance
-            club_account = inst.target
-            acc_type = (
-                AccountingType.objects.exclude(movement_type="NEUTRAL")
-                .exclude(movement_type=inst.accounting_type.movement_type)
-                .order_by("code")
-                .first()
-            )  # Select a random opposite accounting type
-            op = Operation(
-                journal=club_account.get_open_journal(),
-                amount=inst.amount,
-                date=inst.date,
-                remark=inst.remark,
-                mode=inst.mode,
-                cheque_number=inst.cheque_number,
-                invoice=inst.invoice,
-                done=False,  # Has to be checked by hand
-                simpleaccounting_type=None,
-                accounting_type=acc_type,
-                target_type="ACCOUNT",
-                target_id=inst.journal.club_account.id,
-                target_label="",
-                linked_operation=inst,
-            )
-            op.save()
-            self.instance.linked_operation = op
-            self.save()
-        return ret
-
-
-class OperationCreateView(CanCreateMixin, CreateView):
-    """Create an operation."""
-
-    model = Operation
-    form_class = OperationForm
-    template_name = "accounting/operation_edit.jinja"
-
-    def get_form(self, form_class=None):
-        self.journal = GeneralJournal.objects.filter(id=self.kwargs["j_id"]).first()
-        ca = self.journal.club_account if self.journal else None
-        return self.form_class(club_account=ca, **self.get_form_kwargs())
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if self.journal is not None:
-            ret["journal"] = self.journal.id
-        return ret
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        if self.journal:
-            kwargs["object"] = self.journal
-        return kwargs
-
-
-class OperationEditView(CanEditMixin, UpdateView):
-    """An edit view, working as detail for the moment."""
-
-    model = Operation
-    pk_url_kwarg = "op_id"
-    form_class = OperationForm
-    template_name = "accounting/operation_edit.jinja"
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["object"] = self.object.journal
-        return kwargs
-
-
-class OperationPDFView(CanViewMixin, DetailView):
-    """Display the PDF of a given operation."""
-
-    model = Operation
-    pk_url_kwarg = "op_id"
-
-    def get(self, request, *args, **kwargs):
-        from reportlab.lib import colors
-        from reportlab.lib.pagesizes import letter
-        from reportlab.lib.units import cm
-        from reportlab.lib.utils import ImageReader
-        from reportlab.pdfbase import pdfmetrics
-        from reportlab.pdfbase.ttfonts import TTFont
-        from reportlab.pdfgen import canvas
-        from reportlab.platypus import Table, TableStyle
-
-        pdfmetrics.registerFont(TTFont("DejaVu", "DejaVuSerif.ttf"))
-
-        self.object = self.get_object()
-        amount = self.object.amount
-        remark = self.object.remark
-        nature = self.object.accounting_type.movement_type
-        num = self.object.number
-        date = self.object.date
-        mode = self.object.mode
-        club_name = self.object.journal.club_account.name
-        ti = self.object.journal.name
-        op_label = self.object.label
-        club_address = self.object.journal.club_account.club.address
-        id_op = self.object.id
-
-        if self.object.target_type == "OTHER":
-            target = self.object.target_label
-        else:
-            target = self.object.target.get_display_name()
-
-        response = HttpResponse(content_type="application/pdf")
-        response["Content-Disposition"] = 'filename="op-%d(%s_on_%s).pdf"' % (
-            num,
-            ti,
-            club_name,
-        )
-        p = canvas.Canvas(response)
-
-        p.setFont("DejaVu", 12)
-
-        p.setTitle("%s %d" % (_("Operation"), num))
-        width, height = letter
-        im = ImageReader("core/static/core/img/logo.jpg")
-        iw, ih = im.getSize()
-        p.drawImage(im, 40, height - 50, width=iw / 2, height=ih / 2)
-
-        labelStr = [["%s %s - %s %s" % (_("Journal"), ti, _("Operation"), num)]]
-
-        label = Table(labelStr, colWidths=[150], rowHeights=[20])
-
-        label.setStyle(TableStyle([("ALIGN", (0, 0), (-1, -1), "RIGHT")]))
-        w, h = label.wrapOn(label, 0, 0)
-        label.drawOn(p, width - 180, height)
-
-        p.drawString(
-            90, height - 100, _("Financial proof: ") + "OP%010d" % (id_op)
-        )  # Justificatif du libellé
-        p.drawString(
-            90, height - 130, _("Club: %(club_name)s") % ({"club_name": club_name})
-        )
-        p.drawString(
-            90,
-            height - 160,
-            _("Label: %(op_label)s")
-            % {"op_label": op_label if op_label is not None else ""},
-        )
-        p.drawString(90, height - 190, _("Date: %(date)s") % {"date": date})
-
-        data = []
-
-        data += [
-            ["%s" % (_("Credit").upper() if nature == "CREDIT" else _("Debit").upper())]
-        ]
-
-        data += [[_("Amount: %(amount).2f €") % {"amount": amount}]]
-
-        payment_mode = ""
-        for m in settings.SITH_ACCOUNTING_PAYMENT_METHOD:
-            if m[0] == mode:
-                payment_mode += "[\u00d7]"
-            else:
-                payment_mode += "[  ]"
-            payment_mode += " %s\n" % (m[1])
-
-        data += [[payment_mode]]
-
-        data += [
-            [
-                "%s : %s"
-                % (_("Debtor") if nature == "CREDIT" else _("Creditor"), target),
-                "",
-            ]
-        ]
-
-        data += [["%s \n%s" % (_("Comment:"), remark)]]
-
-        t = Table(
-            data, colWidths=[(width - 90 * 2) / 2] * 2, rowHeights=[20, 20, 70, 20, 80]
-        )
-        t.setStyle(
-            TableStyle(
-                [
-                    ("ALIGN", (0, 0), (-1, -1), "CENTER"),
-                    ("VALIGN", (-2, -1), (-1, -1), "TOP"),
-                    ("VALIGN", (0, 0), (-1, -2), "MIDDLE"),
-                    ("INNERGRID", (0, 0), (-1, -1), 0.25, colors.black),
-                    ("SPAN", (0, 0), (1, 0)),  # line DEBIT/CREDIT
-                    ("SPAN", (0, 1), (1, 1)),  # line amount
-                    ("SPAN", (-2, -1), (-1, -1)),  # line comment
-                    ("SPAN", (0, -2), (-1, -2)),  # line creditor/debtor
-                    ("SPAN", (0, 2), (1, 2)),  # line payment_mode
-                    ("ALIGN", (0, 2), (1, 2), "LEFT"),  # line payment_mode
-                    ("ALIGN", (-2, -1), (-1, -1), "LEFT"),
-                    ("BOX", (0, 0), (-1, -1), 0.25, colors.black),
-                ]
-            )
-        )
-
-        signature = []
-        signature += [[_("Signature:")]]
-
-        tSig = Table(signature, colWidths=[(width - 90 * 2)], rowHeights=[80])
-        tSig.setStyle(
-            TableStyle(
-                [
-                    ("VALIGN", (0, 0), (-1, -1), "TOP"),
-                    ("BOX", (0, 0), (-1, -1), 0.25, colors.black),
-                ]
-            )
-        )
-
-        w, h = tSig.wrapOn(p, 0, 0)
-        tSig.drawOn(p, 90, 200)
-
-        w, h = t.wrapOn(p, 0, 0)
-
-        t.drawOn(p, 90, 350)
-
-        p.drawCentredString(10.5 * cm, 2 * cm, club_name)
-        p.drawCentredString(10.5 * cm, 1 * cm, club_address)
-
-        p.showPage()
-        p.save()
-        return response
-
-
-class JournalNatureStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Display a statement sorted by labels."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_nature.jinja"
-    current_tab = "nature_statement"
-
-    def statement(self, queryset, movement_type):
-        ret = collections.OrderedDict()
-        statement = collections.OrderedDict()
-        total_sum = 0
-        for sat in [
-            None,
-            *list(SimplifiedAccountingType.objects.order_by("label")),
-        ]:
-            amount = queryset.filter(
-                accounting_type__movement_type=movement_type, simpleaccounting_type=sat
-            ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-            label = sat.label if sat is not None else ""
-            if amount:
-                total_sum += amount
-                statement[label] = amount
-        ret[movement_type] = statement
-        ret[movement_type + "_sum"] = total_sum
-        return ret
-
-    def big_statement(self):
-        label_list = (
-            self.object.operations.order_by("label").values_list("label").distinct()
-        )
-        labels = Label.objects.filter(id__in=label_list).all()
-        statement = collections.OrderedDict()
-        gen_statement = collections.OrderedDict()
-        no_label_statement = collections.OrderedDict()
-        gen_statement.update(self.statement(self.object.operations.all(), "CREDIT"))
-        gen_statement.update(self.statement(self.object.operations.all(), "DEBIT"))
-        statement[_("General statement")] = gen_statement
-        no_label_statement.update(
-            self.statement(self.object.operations.filter(label=None).all(), "CREDIT")
-        )
-        no_label_statement.update(
-            self.statement(self.object.operations.filter(label=None).all(), "DEBIT")
-        )
-        statement[_("No label operations")] = no_label_statement
-        for label in labels:
-            l_stmt = collections.OrderedDict()
-            journals = self.object.operations.filter(label=label).all()
-            l_stmt.update(self.statement(journals, "CREDIT"))
-            l_stmt.update(self.statement(journals, "DEBIT"))
-            statement[label] = l_stmt
-        return statement
-
-    def get_context_data(self, **kwargs):
-        """Add infos to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["statement"] = self.big_statement()
-        return kwargs
-
-
-class JournalPersonStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Calculate a dictionary with operation target and sum of operations."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_person.jinja"
-    current_tab = "person_statement"
-
-    def sum_by_target(self, target_id, target_type, movement_type):
-        return self.object.operations.filter(
-            accounting_type__movement_type=movement_type,
-            target_id=target_id,
-            target_type=target_type,
-        ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-
-    def statement(self, movement_type):
-        statement = collections.OrderedDict()
-        for op in (
-            self.object.operations.filter(accounting_type__movement_type=movement_type)
-            .order_by("target_type", "target_id")
-            .distinct()
-        ):
-            statement[op.target] = self.sum_by_target(
-                op.target_id, op.target_type, movement_type
-            )
-        return statement
-
-    def total(self, movement_type):
-        return sum(self.statement(movement_type).values())
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["credit_statement"] = self.statement("CREDIT")
-        kwargs["debit_statement"] = self.statement("DEBIT")
-        kwargs["total_credit"] = self.total("CREDIT")
-        kwargs["total_debit"] = self.total("DEBIT")
-        return kwargs
-
-
-class JournalAccountingStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Calculate a dictionary with operation type and sum of operations."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_accounting.jinja"
-    current_tab = "accounting_statement"
-
-    def statement(self):
-        statement = collections.OrderedDict()
-        for at in AccountingType.objects.order_by("code").all():
-            sum_by_type = self.object.operations.filter(
-                accounting_type__code__startswith=at.code
-            ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-            if sum_by_type:
-                statement[at] = sum_by_type
-        return statement
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["statement"] = self.statement()
-        return kwargs
-
-
-# Company views
-
-
-class CompanyListView(CanViewMixin, ListView):
-    model = Company
-    template_name = "accounting/co_list.jinja"
-
-
-class CompanyCreateView(CanCreateMixin, CreateView):
-    """Create a company."""
-
-    model = Company
-    fields = ["name"]
-    template_name = "core/create.jinja"
-    success_url = reverse_lazy("accounting:co_list")
-
-
-class CompanyEditView(CanCreateMixin, UpdateView):
-    """Edit a company."""
-
-    model = Company
-    pk_url_kwarg = "co_id"
-    fields = ["name"]
-    template_name = "core/edit.jinja"
-    success_url = reverse_lazy("accounting:co_list")
-
-
-# Label views
-
-
-class LabelListView(CanViewMixin, DetailView):
-    model = ClubAccount
-    pk_url_kwarg = "clubaccount_id"
-    template_name = "accounting/label_list.jinja"
-
-
-class LabelCreateView(
-    CanCreateMixin, CreateView
-):  # FIXME we need to check the rights before creating the object
-    model = Label
-    form_class = modelform_factory(
-        Label, fields=["name", "club_account"], widgets={"club_account": HiddenInput}
-    )
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = ClubAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["club_account"] = obj.id
-        return ret
-
-
-class LabelEditView(CanEditMixin, UpdateView):
-    model = Label
-    pk_url_kwarg = "label_id"
-    fields = ["name"]
-    template_name = "core/edit.jinja"
-
-
-class LabelDeleteView(CanEditMixin, DeleteView):
-    model = Label
-    pk_url_kwarg = "label_id"
-    template_name = "core/delete_confirm.jinja"
-
-    def get_success_url(self):
-        return self.object.get_absolute_url()
-
-
-class CloseCustomerAccountForm(forms.Form):
-    user = forms.ModelChoiceField(
-        label=_("Refound this account"),
-        help_text=None,
-        required=True,
-        widget=AutoCompleteSelectUser,
-        queryset=User.objects.all(),
-    )
-
-
-class RefoundAccountView(FormView):
-    """Create a selling with the same amount than the current user money."""
-
-    template_name = "accounting/refound_account.jinja"
-    form_class = CloseCustomerAccountForm
-
-    def permission(self, user):
-        if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        else:
-            raise PermissionDenied
-
-    def dispatch(self, request, *arg, **kwargs):
-        res = super().dispatch(request, *arg, **kwargs)
-        if self.permission(request.user):
-            return res
-
-    def post(self, request, *arg, **kwargs):
-        self.operator = request.user
-        if self.permission(request.user):
-            return super().post(self, request, *arg, **kwargs)
-
-    def form_valid(self, form):
-        self.customer = form.cleaned_data["user"]
-        self.create_selling()
-        return super().form_valid(form)
-
-    def get_success_url(self):
-        return reverse("accounting:refound_account")
-
-    def create_selling(self):
-        with transaction.atomic():
-            uprice = self.customer.customer.amount
-            refound_club_counter = Counter.objects.get(
-                id=settings.SITH_COUNTER_REFOUND_ID
-            )
-            refound_club = refound_club_counter.club
-            s = Selling(
-                label=_("Refound account"),
-                unit_price=uprice,
-                quantity=1,
-                seller=self.operator,
-                customer=self.customer.customer,
-                club=refound_club,
-                counter=refound_club_counter,
-                product=Product.objects.get(id=settings.SITH_PRODUCT_REFOUND_ID),
-            )
-            s.save()
--- a/accounting/widgets/select.py
+++ b/accounting/widgets/select.py
@ -1,39 +0,0 @@
-from pydantic import TypeAdapter
-
-from accounting.models import ClubAccount, Company
-from accounting.schemas import ClubAccountSchema, CompanySchema
-from core.views.widgets.select import AutoCompleteSelect, AutoCompleteSelectMultiple
-
-_js = ["bundled/accounting/components/ajax-select-index.ts"]
-
-
-class AutoCompleteSelectClubAccount(AutoCompleteSelect):
-    component_name = "club-account-ajax-select"
-    model = ClubAccount
-    adapter = TypeAdapter(list[ClubAccountSchema])
-
-    js = _js
-
-
-class AutoCompleteSelectMultipleClubAccount(AutoCompleteSelectMultiple):
-    component_name = "club-account-ajax-select"
-    model = ClubAccount
-    adapter = TypeAdapter(list[ClubAccountSchema])
-
-    js = _js
-
-
-class AutoCompleteSelectCompany(AutoCompleteSelect):
-    component_name = "company-ajax-select"
-    model = Company
-    adapter = TypeAdapter(list[CompanySchema])
-
-    js = _js
-
-
-class AutoCompleteSelectMultipleCompany(AutoCompleteSelectMultiple):
-    component_name = "company-ajax-select"
-    model = Company
-    adapter = TypeAdapter(list[CompanySchema])
-
-    js = _js
--- a/antispam/forms.py
+++ b/antispam/forms.py
@ -1,5 +1,3 @@
-import re
-
 from django import forms
 from django.core.validators import EmailValidator
 from django.utils.translation import gettext_lazy as _
@ -7,12 +5,18 @@ from django.utils.translation import gettext_lazy as _
 from antispam.models import ToxicDomain


+class AntiSpamEmailValidator(EmailValidator):
+    def __call__(self, value: str):
+        super().__call__(value)
+        domain_part = value.rsplit("@", 1)[1]
+        if ToxicDomain.objects.filter(domain=domain_part).exists():
+            raise forms.ValidationError(_("Email domain is not allowed."))
+
+
+validate_antispam_email = AntiSpamEmailValidator()
+
+
 class AntiSpamEmailField(forms.EmailField):
    """An email field that email addresses with a known toxic domain."""

-    def run_validators(self, value: str):
-        super().run_validators(value)
-        # Domain part should exist since email validation is guaranteed to run first
-        domain = re.search(EmailValidator.domain_regex, value)
-        if ToxicDomain.objects.filter(domain=domain[0]).exists():
-            raise forms.ValidationError(_("Email domain is not allowed."))
+    default_validators = [validate_antispam_email]
--- a/antispam/management/commands/update_spam_database.py
+++ b/antispam/management/commands/update_spam_database.py
@ -34,7 +34,7 @@ class Command(BaseCommand):
                    f"Source {provider} responded with code {res.status_code}"
                )
                continue
-            domains |= set(res.content.decode().splitlines())
+            domains |= set(res.text.splitlines())
        return domains

    def _update_domains(self, domains: set[str]):
--- a/accounting/migrations/init.py
+++ b/accounting/migrations/init.py
--- a/api/admin.py
+++ b/api/admin.py
@ -0,0 +1,55 @@
+from django.contrib import admin, messages
+from django.db.models import QuerySet
+from django.http import HttpRequest
+from django.utils.translation import gettext_lazy as _
+
+from api.hashers import generate_key
+from api.models import ApiClient, ApiKey
+
+
+@admin.register(ApiClient)
+class ApiClientAdmin(admin.ModelAdmin):
+    list_display = ("name", "owner", "created_at", "updated_at")
+    search_fields = (
+        "name",
+        "owner__first_name",
+        "owner__last_name",
+        "owner__nick_name",
+    )
+    autocomplete_fields = ("owner", "groups", "client_permissions")
+
+
+@admin.register(ApiKey)
+class ApiKeyAdmin(admin.ModelAdmin):
+    list_display = ("name", "client", "created_at", "revoked")
+    list_filter = ("revoked",)
+    date_hierarchy = "created_at"
+
+    readonly_fields = ("prefix", "hashed_key")
+    actions = ("revoke_keys",)
+
+    def save_model(self, request: HttpRequest, obj: ApiKey, form, change):
+        if not change:
+            key, hashed = generate_key()
+            obj.prefix = key[: ApiKey.PREFIX_LENGTH]
+            obj.hashed_key = hashed
+            self.message_user(
+                request,
+                _(
+                    "The API key for %(name)s is: %(key)s. "
+                    "Please store it somewhere safe: "
+                    "you will not be able to see it again."
+                )
+                % {"name": obj.name, "key": key},
+                level=messages.WARNING,
+            )
+        return super().save_model(request, obj, form, change)
+
+    def get_readonly_fields(self, request, obj: ApiKey | None = None):
+        if obj is None or obj.revoked:
+            return ["revoked", *self.readonly_fields]
+        return self.readonly_fields
+
+    @admin.action(description=_("Revoke selected API keys"))
+    def revoke_keys(self, _request: HttpRequest, queryset: QuerySet[ApiKey]):
+        queryset.update(revoked=True)
--- a/api/apps.py
+++ b/api/apps.py
@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ApiConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "api"
--- a/api/auth.py
+++ b/api/auth.py
@ -0,0 +1,20 @@
+from django.http import HttpRequest
+from ninja.security import APIKeyHeader
+
+from api.hashers import get_hasher
+from api.models import ApiClient, ApiKey
+
+
+class ApiKeyAuth(APIKeyHeader):
+    param_name = "X-APIKey"
+
+    def authenticate(self, request: HttpRequest, key: str | None) -> ApiClient | None:
+        if not key or len(key) != ApiKey.KEY_LENGTH:
+            return None
+        hasher = get_hasher()
+        hashed_key = hasher.encode(key)
+        try:
+            key_obj = ApiKey.objects.get(revoked=False, hashed_key=hashed_key)
+        except ApiKey.DoesNotExist:
+            return None
+        return key_obj.client
--- a/api/hashers.py
+++ b/api/hashers.py
@ -0,0 +1,43 @@
+import functools
+import hashlib
+import secrets
+
+from django.contrib.auth.hashers import BasePasswordHasher
+from django.utils.crypto import constant_time_compare
+
+
+class Sha512ApiKeyHasher(BasePasswordHasher):
+    """
+    An API key hasher using the sha256 algorithm.
+
+    This hasher shouldn't be used in Django's `PASSWORD_HASHERS` setting.
+    It is insecure for use in hashing passwords, but is safe for hashing
+    high entropy, randomly generated API keys.
+    """
+
+    algorithm = "sha512"
+
+    def salt(self) -> str:
+        # No need for a salt on a high entropy key.
+        return ""
+
+    def encode(self, password: str, salt: str = "") -> str:
+        hashed = hashlib.sha512(password.encode()).hexdigest()
+        return f"{self.algorithm}$${hashed}"
+
+    def verify(self, password: str, encoded: str) -> bool:
+        encoded_2 = self.encode(password, "")
+        return constant_time_compare(encoded, encoded_2)
+
+
+@functools.cache
+def get_hasher():
+    return Sha512ApiKeyHasher()
+
+
+def generate_key() -> tuple[str, str]:
+    """Generate a [key, hash] couple."""
+    # this will result in key with a length of 72
+    key = str(secrets.token_urlsafe(54))
+    hasher = get_hasher()
+    return key, hasher.encode(key)
--- a/api/migrations/0001_initial.py
+++ b/api/migrations/0001_initial.py
@ -0,0 +1,113 @@
+# Generated by Django 5.2 on 2025-06-01 08:53
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        ("auth", "0012_alter_user_first_name_max_length"),
+        ("core", "0046_permissionrights"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ApiClient",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("name", models.CharField(max_length=64, verbose_name="name")),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                (
+                    "client_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this api client.",
+                        related_name="clients",
+                        to="auth.permission",
+                        verbose_name="client permissions",
+                    ),
+                ),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        related_name="api_clients",
+                        to="core.group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "owner",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="api_clients",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="owner",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "api client",
+                "verbose_name_plural": "api clients",
+            },
+        ),
+        migrations.CreateModel(
+            name="ApiKey",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("name", models.CharField(blank=True, default="", verbose_name="name")),
+                (
+                    "prefix",
+                    models.CharField(
+                        editable=False, max_length=5, verbose_name="prefix"
+                    ),
+                ),
+                (
+                    "hashed_key",
+                    models.CharField(
+                        db_index=True,
+                        editable=False,
+                        max_length=136,
+                        verbose_name="hashed key",
+                    ),
+                ),
+                ("revoked", models.BooleanField(default=False, verbose_name="revoked")),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                (
+                    "client",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="api_keys",
+                        to="api.apiclient",
+                        verbose_name="api client",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "api key",
+                "verbose_name_plural": "api keys",
+                "permissions": [("revoke_apikey", "Revoke API keys")],
+            },
+        ),
+    ]
--- a/launderette/migrations/init.py
+++ b/launderette/migrations/init.py
--- a/api/models.py
+++ b/api/models.py
@ -0,0 +1,94 @@
+from typing import Iterable
+
+from django.contrib.auth.models import Permission
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+from django.utils.translation import pgettext_lazy
+
+from core.models import Group, User
+
+
+class ApiClient(models.Model):
+    name = models.CharField(_("name"), max_length=64)
+    owner = models.ForeignKey(
+        User,
+        verbose_name=_("owner"),
+        related_name="api_clients",
+        on_delete=models.CASCADE,
+    )
+    groups = models.ManyToManyField(
+        Group, verbose_name=_("groups"), related_name="api_clients", blank=True
+    )
+    client_permissions = models.ManyToManyField(
+        Permission,
+        verbose_name=_("client permissions"),
+        blank=True,
+        help_text=_("Specific permissions for this api client."),
+        related_name="clients",
+    )
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    _perm_cache: set[str] | None = None
+
+    class Meta:
+        verbose_name = _("api client")
+        verbose_name_plural = _("api clients")
+
+    def __str__(self):
+        return self.name
+
+    def has_perm(self, perm: str):
+        """Return True if the client has the specified permission."""
+
+        if self._perm_cache is None:
+            group_permissions = (
+                Permission.objects.filter(group__group__in=self.groups.all())
+                .values_list("content_type__app_label", "codename")
+                .order_by()
+            )
+            client_permissions = self.client_permissions.values_list(
+                "content_type__app_label", "codename"
+            ).order_by()
+            self._perm_cache = {
+                f"{content_type}.{name}"
+                for content_type, name in (*group_permissions, *client_permissions)
+            }
+        return perm in self._perm_cache
+
+    def has_perms(self, perm_list):
+        """
+        Return True if the client has each of the specified permissions. If
+        object is passed, check if the client has all required perms for it.
+        """
+        if not isinstance(perm_list, Iterable) or isinstance(perm_list, str):
+            raise ValueError("perm_list must be an iterable of permissions.")
+        return all(self.has_perm(perm) for perm in perm_list)
+
+
+class ApiKey(models.Model):
+    PREFIX_LENGTH = 5
+    KEY_LENGTH = 72
+    HASHED_KEY_LENGTH = 136
+
+    name = models.CharField(_("name"), blank=True, default="")
+    prefix = models.CharField(_("prefix"), max_length=PREFIX_LENGTH, editable=False)
+    hashed_key = models.CharField(
+        _("hashed key"), max_length=HASHED_KEY_LENGTH, db_index=True, editable=False
+    )
+    client = models.ForeignKey(
+        ApiClient,
+        verbose_name=_("api client"),
+        related_name="api_keys",
+        on_delete=models.CASCADE,
+    )
+    revoked = models.BooleanField(pgettext_lazy("api key", "revoked"), default=False)
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    class Meta:
+        verbose_name = _("api key")
+        verbose_name_plural = _("api keys")
+        permissions = [("revoke_apikey", "Revoke API keys")]
+
+    def __str__(self):
+        return f"{self.name} ({self.prefix}***)"
--- a/core/api_permissions.py
+++ b/core/api_permissions.py
@ -3,7 +3,8 @@
 Some permissions are global (like `IsInGroup` or `IsRoot`),
 and some others are per-object (like `CanView` or `CanEdit`).

-Examples:
+Example:
+    ```python
    # restrict all the routes of this controller
    # to subscribed users
    @api_controller("/foo", permissions=[IsSubscriber])
@ -33,10 +34,14 @@ Examples:
        ]
        def bar_delete(self, bar_id: int):
            # ...
+    ```
 """

-from typing import Any
+import operator
+from functools import reduce
+from typing import Any, Callable

+from django.contrib.auth.models import Permission
 from django.http import HttpRequest
 from ninja_extra import ControllerBase
 from ninja_extra.permissions import BasePermission
@ -54,6 +59,60 @@ class IsInGroup(BasePermission):
        return request.user.is_in_group(pk=self._group_pk)


+class HasPerm(BasePermission):
+    """Check that the user has the required perm.
+
+    If multiple perms are given, a comparer function can also be passed,
+    in order to change the way perms are checked.
+
+    Example:
+        ```python
+        @api_controller("/foo")
+        class FooController(ControllerBase):
+            # this route will require both permissions
+            @route.put("/foo", permissions=[HasPerm(["foo.change_foo", "foo.add_foo"])]
+            def foo(self): ...
+
+            # This route will require at least one of the perm,
+            # but it's not mandatory to have all of them
+            @route.put(
+                "/bar",
+                permissions=[HasPerm(["foo.change_bar", "foo.add_bar"], op=operator.or_)],
+            )
+            def bar(self): ...
+        ```
+    """
+
+    def __init__(
+        self,
+        perms: str | Permission | list[str | Permission],
+        op: Callable[[bool, bool], bool] = operator.and_,
+    ):
+        """
+        Args:
+            perms: a permission or a list of permissions the user must have
+            op: An operator to combine multiple permissions (in most cases,
+                it will be either `operator.and_` or `operator.or_`)
+        """
+        super().__init__()
+        if not isinstance(perms, (list, tuple, set)):
+            perms = [perms]
+        self._operator = op
+        self._perms = perms
+
+    def has_permission(self, request: HttpRequest, controller: ControllerBase) -> bool:
+        # if the request has the `auth` property,
+        # it means that the user has been explicitly authenticated
+        # using a django-ninja authentication backend
+        # (whether it is SessionAuth or ApiKeyAuth).
+        # If not, this authentication has not been done, but the user may
+        # still be implicitly authenticated through AuthenticationMiddleware
+        user = request.auth if hasattr(request, "auth") else request.user
+        # `user` may either be a `core.User` or an `api.ApiClient` ;
+        # they are not the same model, but they both implement the `has_perm` method
+        return reduce(self._operator, (user.has_perm(p) for p in self._perms))
+
+
 class IsRoot(BasePermission):
    """Check that the user is root."""

@ -135,4 +194,4 @@ class IsLoggedInCounter(BasePermission):
        return Counter.objects.filter(token=token).exists()


-CanAccessLookup = IsOldSubscriber | IsRoot | IsLoggedInCounter
+CanAccessLookup = IsLoggedInCounter | HasPerm("core.access_lookup")
--- a/api/tests/init.py
+++ b/api/tests/init.py
--- a/api/tests/test_api_key.py
+++ b/api/tests/test_api_key.py
@ -0,0 +1,29 @@
+import pytest
+from django.test import RequestFactory
+from model_bakery import baker
+
+from api.auth import ApiKeyAuth
+from api.hashers import generate_key
+from api.models import ApiClient, ApiKey
+
+
+@pytest.mark.django_db
+def test_api_key_auth():
+    key, hashed = generate_key()
+    client = baker.make(ApiClient)
+    baker.make(ApiKey, client=client, hashed_key=hashed)
+    auth = ApiKeyAuth()
+
+    assert auth.authenticate(RequestFactory().get(""), key) == client
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    ("key", "hashed"), [(generate_key()[0], generate_key()[1]), (generate_key()[0], "")]
+)
+def test_api_key_auth_invalid(key, hashed):
+    client = baker.make(ApiClient)
+    baker.make(ApiKey, client=client, hashed_key=hashed)
+    auth = ApiKeyAuth()
+
+    assert auth.authenticate(RequestFactory().get(""), key) is None
--- a/api/urls.py
+++ b/api/urls.py
@ -0,0 +1,10 @@
+from ninja_extra import NinjaExtraAPI
+
+api = NinjaExtraAPI(
+    title="PICON",
+    description="Portail Interactif de Communication avec les Outils Numériques",
+    version="0.2.0",
+    urls_namespace="api",
+    csrf=True,
+)
+api.auto_discover_controllers()
--- a/club/admin.py
+++ b/club/admin.py
@ -19,8 +19,8 @@ from club.models import Club, Membership

@admin.register(Club)
 class ClubAdmin(admin.ModelAdmin):
-    list_display = ("name", "unix_name", "parent", "is_active")
-    search_fields = ("name", "unix_name")
+    list_display = ("name", "slug_name", "parent", "is_active")
+    search_fields = ("name", "slug_name")
    autocomplete_fields = (
        "parent",
        "board_group",
--- a/club/api.py
+++ b/club/api.py
@ -1,22 +1,42 @@
 from typing import Annotated

 from annotated_types import MinLen
+from django.db.models import Prefetch
+from ninja.security import SessionAuth
 from ninja_extra import ControllerBase, api_controller, paginate, route
 from ninja_extra.pagination import PageNumberPaginationExtra
 from ninja_extra.schemas import PaginatedResponseSchema

-from club.models import Club
-from club.schemas import ClubSchema
-from core.api_permissions import CanAccessLookup
+from api.auth import ApiKeyAuth
+from api.permissions import CanAccessLookup, HasPerm
+from club.models import Club, Membership
+from club.schemas import ClubSchema, SimpleClubSchema


@api_controller("/club")
 class ClubController(ControllerBase):
    @route.get(
        "/search",
-        response=PaginatedResponseSchema[ClubSchema],
+        response=PaginatedResponseSchema[SimpleClubSchema],
+        auth=[SessionAuth(), ApiKeyAuth()],
        permissions=[CanAccessLookup],
+        url_name="search_club",
    )
    @paginate(PageNumberPaginationExtra, page_size=50)
    def search_club(self, search: Annotated[str, MinLen(1)]):
        return Club.objects.filter(name__icontains=search).values()
+
+    @route.get(
+        "/{int:club_id}",
+        response=ClubSchema,
+        auth=[SessionAuth(), ApiKeyAuth()],
+        permissions=[HasPerm("club.view_club")],
+        url_name="fetch_club",
+    )
+    def fetch_club(self, club_id: int):
+        prefetch = Prefetch(
+            "members", queryset=Membership.objects.ongoing().select_related("user")
+        )
+        return self.get_object_or_exception(
+            Club.objects.prefetch_related(prefetch), id=club_id
+        )
--- a/club/forms.py
+++ b/club/forms.py
@ -24,23 +24,32 @@

 from django import forms
 from django.conf import settings
+from django.db.models import Exists, OuterRef, Q
+from django.db.models.functions import Lower
 from django.utils.translation import gettext_lazy as _

 from club.models import Club, Mailing, MailingSubscription, Membership
 from core.models import User
 from core.views.forms import SelectDate, SelectDateTime
-from core.views.widgets.select import AutoCompleteSelectMultipleUser
-from counter.models import Counter
+from core.views.widgets.ajax_select import AutoCompleteSelectMultipleUser
+from counter.models import Counter, Selling


 class ClubEditForm(forms.ModelForm):
+    error_css_class = "error"
+    required_css_class = "required"
+
    class Meta:
        model = Club
        fields = ["address", "logo", "short_description"]
+        widgets = {"short_description": forms.Textarea()}

-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields["short_description"].widget = forms.Textarea()
+
+class ClubAdminEditForm(ClubEditForm):
+    admin_fields = ["name", "parent", "is_active"]
+
+    class Meta(ClubEditForm.Meta):
+        fields = ["name", "parent", "is_active", *ClubEditForm.Meta.fields]


 class MailingForm(forms.Form):
@ -152,12 +161,21 @@ class SellingsForm(forms.Form):
        label=_("End date"), widget=SelectDateTime, required=False
    )

-    counters = forms.ModelMultipleChoiceField(
-        Counter.objects.order_by("name").all(), label=_("Counter"), required=False
-    )
-
    def __init__(self, club, *args, **kwargs):
        super().__init__(*args, **kwargs)
+        # postgres struggles really hard with a single query having three WHERE conditions,
+        # but deals perfectly fine with UNION of multiple queryset with their own WHERE clause,
+        # so we do this to get the ids, which we use to build another queryset that can be used by django.
+        club_sales_subquery = Selling.objects.filter(counter=OuterRef("pk"), club=club)
+        ids = (
+            Counter.objects.filter(Q(club=club) | Q(products__club=club))
+            .union(Counter.objects.filter(Exists(club_sales_subquery)))
+            .values_list("id", flat=True)
+        )
+        counters_qs = Counter.objects.filter(id__in=ids).order_by(Lower("name"))
+        self.fields["counters"] = forms.ModelMultipleChoiceField(
+            counters_qs, label=_("Counter"), required=False
+        )
        self.fields["products"] = forms.ModelMultipleChoiceField(
            club.products.order_by("name").filter(archived=False).all(),
            label=_("Products"),
@ -189,9 +207,7 @@ class ClubMemberForm(forms.Form):
        self.request_user = kwargs.pop("request_user")
        self.club_members = kwargs.pop("club_members", None)
        if not self.club_members:
-            self.club_members = (
-                self.club.members.filter(end_date=None).order_by("-role").all()
-            )
+            self.club_members = self.club.members.ongoing().order_by("-role").all()
        self.request_user_membership = self.club.get_membership_for(self.request_user)
        super().__init__(*args, **kwargs)

--- a/club/migrations/0011_auto_20180426_2013.py
+++ b/club/migrations/0011_auto_20180426_2013.py
@ -1,10 +1,9 @@
 from __future__ import unicode_literals

 import django.db.models.deletion
+from django.conf import settings
 from django.db import migrations, models

-import club.models
-

 class Migration(migrations.Migration):
    dependencies = [("club", "0010_auto_20170912_2028")]
@ -15,7 +14,7 @@ class Migration(migrations.Migration):
            name="owner_group",
            field=models.ForeignKey(
                on_delete=django.db.models.deletion.CASCADE,
-                default=club.models.get_default_owner_group,
+                default=lambda: settings.SITH_ROOT_USER_ID,
                related_name="owned_club",
                to="core.Group",
            ),
--- a/club/migrations/0014_alter_club_options_rename_unix_name_club_slug_name_and_more.py
+++ b/club/migrations/0014_alter_club_options_rename_unix_name_club_slug_name_and_more.py
@ -0,0 +1,75 @@
+# Generated by Django 4.2.17 on 2025-02-28 20:34
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+import core.fields
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0044_alter_userban_options"),
+        ("club", "0013_alter_club_board_group_alter_club_members_group_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(name="club", options={"ordering": ["name"]}),
+        migrations.RenameField(
+            model_name="club",
+            old_name="unix_name",
+            new_name="slug_name",
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="name",
+            field=models.CharField(unique=True, max_length=64, verbose_name="name"),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="slug_name",
+            field=models.SlugField(
+                editable=False, max_length=30, unique=True, verbose_name="slug name"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="id",
+            field=models.AutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="logo",
+            field=core.fields.ResizedImageField(
+                blank=True,
+                force_format="WEBP",
+                height=200,
+                null=True,
+                upload_to="club_logos",
+                verbose_name="logo",
+                width=200,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="page",
+            field=models.OneToOneField(
+                blank=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="club",
+                to="core.page",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="short_description",
+            field=models.CharField(
+                blank=True,
+                default="",
+                help_text="A summary of what your club does. This will be displayed on the club list page.",
+                max_length=1000,
+                verbose_name="short description",
+            ),
+        ),
+    ]
--- a/club/models.py
+++ b/club/models.py
@ -26,7 +26,6 @@ from __future__ import annotations
 from typing import Iterable, Self

 from django.conf import settings
-from django.core import validators
 from django.core.cache import cache
 from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.core.validators import RegexValidator, validate_email
@ -35,48 +34,43 @@ from django.db.models import Exists, F, OuterRef, Q
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.functional import cached_property
+from django.utils.text import slugify
 from django.utils.timezone import localdate
 from django.utils.translation import gettext_lazy as _

+from core.fields import ResizedImageField
 from core.models import Group, Notification, Page, SithFile, User

-# Create your models here.
-
-
-# This function prevents generating migration upon settings change
-def get_default_owner_group():
-    return settings.SITH_GROUP_ROOT_ID
-

 class Club(models.Model):
    """The Club class, made as a tree to allow nice tidy organization."""

-    id = models.AutoField(primary_key=True, db_index=True)
-    name = models.CharField(_("name"), max_length=64)
+    name = models.CharField(_("name"), unique=True, max_length=64)
    parent = models.ForeignKey(
        "Club", related_name="children", null=True, blank=True, on_delete=models.CASCADE
    )
-    unix_name = models.CharField(
-        _("unix name"),
-        max_length=30,
-        unique=True,
-        validators=[
-            validators.RegexValidator(
-                r"^[a-z0-9][a-z0-9._-]*[a-z0-9]$",
-                _(
-                    "Enter a valid unix name. This value may contain only "
-                    "letters, numbers ./-/_ characters."
-                ),
+    slug_name = models.SlugField(
+        _("slug name"), max_length=30, unique=True, editable=False
    )
-        ],
-        error_messages={"unique": _("A club with that unix name already exists.")},
-    )
-    logo = models.ImageField(
-        upload_to="club_logos", verbose_name=_("logo"), null=True, blank=True
+    logo = ResizedImageField(
+        upload_to="club_logos",
+        verbose_name=_("logo"),
+        null=True,
+        blank=True,
+        force_format="WEBP",
+        height=200,
+        width=200,
    )
    is_active = models.BooleanField(_("is active"), default=True)
    short_description = models.CharField(
-        _("short description"), max_length=1000, default="", blank=True, null=True
+        _("short description"),
+        max_length=1000,
+        default="",
+        blank=True,
+        help_text=_(
+            "A summary of what your club does. "
+            "This will be displayed on the club list page."
+        ),
    )
    address = models.CharField(_("address"), max_length=254)
    home = models.OneToOneField(
@ -88,7 +82,7 @@ class Club(models.Model):
        on_delete=models.SET_NULL,
    )
    page = models.OneToOneField(
-        Page, related_name="club", blank=True, null=True, on_delete=models.CASCADE
+        Page, related_name="club", blank=True, on_delete=models.CASCADE
    )
    members_group = models.OneToOneField(
        Group, related_name="club", on_delete=models.PROTECT
@ -98,7 +92,7 @@ class Club(models.Model):
    )

    class Meta:
-        ordering = ["name", "unix_name"]
+        ordering = ["name"]

    def __str__(self):
        return self.name
@ -106,10 +100,12 @@ class Club(models.Model):
    @transaction.atomic()
    def save(self, *args, **kwargs):
        creation = self._state.adding
+        if (slug := slugify(self.name)[:30]) != self.slug_name:
+            self.slug_name = slug
        if not creation:
            db_club = Club.objects.get(id=self.id)
-            if self.unix_name != db_club.unix_name:
-                self.home.name = self.unix_name
+            if self.name != db_club.name:
+                self.home.name = self.slug_name
                self.home.save()
            if self.name != db_club.name:
                self.board_group.name = f"{self.name} - Bureau"
@ -123,11 +119,9 @@ class Club(models.Model):
            self.members_group = Group.objects.create(
                name=f"{self.name} - Membres", is_manually_manageable=False
            )
-        super().save(*args, **kwargs)
-        if creation:
            self.make_home()
        self.make_page()
-        cache.set(f"sith_club_{self.unix_name}", self)
+        super().save(*args, **kwargs)

    def get_absolute_url(self):
        return reverse("club:club_view", kwargs={"club_id": self.id})
@ -155,41 +149,30 @@ class Club(models.Model):
    def make_home(self) -> None:
        if self.home:
            return
-        home_root = SithFile.objects.filter(parent=None, name="clubs").first()
-        root = User.objects.filter(username="root").first()
-        if home_root and root:
-            home = SithFile(parent=home_root, name=self.unix_name, owner=root)
-            home.save()
-            self.home = home
-            self.save()
+        home_root = SithFile.objects.get(parent=None, name="clubs")
+        root = User.objects.get(id=settings.SITH_ROOT_USER_ID)
+        self.home = SithFile.objects.create(
+            parent=home_root, name=self.slug_name, owner=root
+        )

    def make_page(self) -> None:
-        root = User.objects.filter(username="root").first()
-        if not self.page:
-            club_root = Page.objects.filter(name=settings.SITH_CLUB_ROOT_PAGE).first()
-            if root and club_root:
-                public = Group.objects.filter(id=settings.SITH_GROUP_PUBLIC_ID).first()
-                p = Page(name=self.unix_name)
-                p.parent = club_root
+        page_name = self.slug_name
+        if not self.page_id:
+            # Club.page is a OneToOneField, so if we are inside this condition
+            # then self._meta.state.adding is True.
+            club_root = Page.objects.get(name=settings.SITH_CLUB_ROOT_PAGE)
+            public = Group.objects.get(id=settings.SITH_GROUP_PUBLIC_ID)
+            p = Page(name=page_name, parent=club_root)
            p.save(force_lock=True)
-                if public:
            p.view_groups.add(public)
-                p.save(force_lock=True)
-                if self.parent and self.parent.page:
-                    p.parent = self.parent.page
+            if self.parent and self.parent.page_id:
+                p.parent_id = self.parent.page_id
            self.page = p
-                self.save()
-        elif self.page and self.page.name != self.unix_name:
-            self.page.unset_lock()
-            self.page.name = self.unix_name
-            self.page.save(force_lock=True)
-        elif (
-            self.page
-            and self.parent
-            and self.parent.page
-            and self.page.parent != self.parent.page
-        ):
+            return
        self.page.unset_lock()
+        if self.page.name != page_name:
+            self.page.name = page_name
+        elif self.parent and self.parent.page and self.page.parent != self.parent.page:
            self.page.parent = self.parent.page
        self.page.save(force_lock=True)

@ -197,7 +180,6 @@ class Club(models.Model):
        # Invalidate the cache of this club and of its memberships
        for membership in self.members.ongoing().select_related("user"):
            cache.delete(f"membership_{self.id}_{membership.user.id}")
-        cache.delete(f"sith_club_{self.unix_name}")
        self.board_group.delete()
        self.members_group.delete()
        return super().delete(*args, **kwargs)
--- a/club/schemas.py
+++ b/club/schemas.py
@ -1,9 +1,40 @@
 from ninja import ModelSchema

-from club.models import Club
+from club.models import Club, Membership
+from core.schemas import SimpleUserSchema
+
+
+class SimpleClubSchema(ModelSchema):
+    class Meta:
+        model = Club
+        fields = ["id", "name"]
+
+
+class ClubProfileSchema(ModelSchema):
+    """The infos needed to display a simple club profile."""
+
+    class Meta:
+        model = Club
+        fields = ["id", "name", "logo"]
+
+    url: str
+
+    @staticmethod
+    def resolve_url(obj: Club) -> str:
+        return obj.get_absolute_url()
+
+
+class ClubMemberSchema(ModelSchema):
+    class Meta:
+        model = Membership
+        fields = ["start_date", "end_date", "role", "description"]
+
+    user: SimpleUserSchema


 class ClubSchema(ModelSchema):
    class Meta:
        model = Club
-        fields = ["id", "name"]
+        fields = ["id", "name", "logo", "is_active", "short_description", "address"]
+
+    members: list[ClubMemberSchema]
--- a/club/templates/club/club_detail.jinja
+++ b/club/templates/club/club_detail.jinja
@ -4,7 +4,7 @@
 {% block content %}
  <div id="club_detail">
    {% if club.logo %}
-      <div class="club_logo"><img src="{{ club.logo.url }}" alt="{{ club.unix_name }}"></div>
+      <div class="club_logo"><img src="{{ club.logo.url }}" alt="{{ club.name }}"></div>
    {% endif %}
    {% if page_revision %}
      {{ page_revision|markdown }}
--- a/club/templates/club/club_members.jinja
+++ b/club/templates/club/club_members.jinja
@ -11,7 +11,7 @@
        {{ select_all_checkbox("users_old") }}
        <p></p>
      {% endif %}
-      <table>
+      <table id="club_members_table">
        <thead>
          <tr>
            <td>{% trans %}User{% endtrans %}</td>
--- a/club/templates/club/club_tools.jinja
+++ b/club/templates/club/club_tools.jinja
@ -16,30 +16,13 @@
    </ul>
    <h4>{% trans %}Counters:{% endtrans %}</h4>
    <ul>
-      {% if object.unix_name == settings.SITH_LAUNDERETTE_MANAGER['unix_name'] %}
-        {% for l in Launderette.objects.all() %}
-          <li><a href="{{ url('launderette:main_click', launderette_id=l.id) }}">{{ l }}</a></li>
-        {% endfor %}
-      {% elif object.counters.filter(type="OFFICE")|count > 0 %}
      {% for c in object.counters.filter(type="OFFICE") %}
        <li>{{ c }}:
          <a href="{{ url('counter:details', counter_id=c.id) }}">View</a>
          <a href="{{ url('counter:admin', counter_id=c.id) }}">Edit</a>
        </li>
      {% endfor %}
-      {% endif %}
    </ul>
-    {% if object.club_account.exists() %}
-      <h4>{% trans %}Accounting: {% endtrans %}</h4>
-      <ul>
-        {% for ca in object.club_account.all() %}
-          <li><a href="{{ url('accounting:club_details', c_account_id=ca.id) }}">{{ ca.get_display_name() }}</a></li>
-        {% endfor %}
-      </ul>
-    {% endif %}
-    {% if object.unix_name == settings.SITH_LAUNDERETTE_MANAGER['unix_name'] %}
-      <li><a href="{{ url('launderette:launderette_list') }}">{% trans %}Manage launderettes{% endtrans %}</a></li>
-    {% endif %}
  </div>
 {% endblock %}

--- a/club/templates/club/edit_club.jinja
+++ b/club/templates/club/edit_club.jinja
@ -0,0 +1,54 @@
+{% extends "core/base.jinja" %}
+
+{% block title %}
+  {% trans name=object %}Edit {{ name }}{% endtrans %}
+{% endblock %}
+
+{% block content %}
+  <h2>{% trans name=object %}Edit {{ name }}{% endtrans %}</h2>
+
+  <form action="" method="post" enctype="multipart/form-data">
+    {% csrf_token %}
+
+    {{ form.non_field_errors() }}
+
+    {% if form.admin_fields %}
+      {# If the user is admin, display the admin fields,
+         and explicitly separate them from the non-admin ones,
+         with some help text.
+         Non-admin users will only see the regular form fields,
+         so they don't need thoses explanations #}
+      <h3>{% trans %}Club properties{% endtrans %}</h3>
+      <p class="helptext">
+        {% trans trimmed %}
+          The following form fields are linked to the core properties of a club.
+          Only admin users can see and edit them.
+        {% endtrans %}
+      </p>
+      <fieldset class="required margin-bottom">
+        {% for field_name in form.admin_fields %}
+          {% set field = form[field_name] %}
+          <div class="form-group">
+            {{ field.errors }}
+            {{ field.label_tag() }}
+            {{ field }}
+          </div>
+          {# Remove the the admin fields from the form.
+             The remaining non-admin fields will be rendered
+             at once with a simple {{ form.as_p() }} #}
+          {% set _ = form.fields.pop(field_name) %}
+        {% endfor %}
+      </fieldset>
+
+      <h3>{% trans %}Club informations{% endtrans %}</h3>
+      <p class="helptext">
+        {% trans trimmed %}
+          The following form fields are linked to the basic description of a club.
+          All board members of this club can see and edit them.
+        {% endtrans %}
+      </p>
+    {% endif %}
+    {{ form.as_p() }}
+    <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
+  </form>
+{% endblock content %}
--- a/club/templates/club/stats.jinja
+++ b/club/templates/club/stats.jinja
@ -1,49 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Club stats{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  {% if club_list %}
-    <h3>{% trans %}Club stats{% endtrans %}</h3>
-    <form action="" method="GET">
-      {% csrf_token %}
-      <p>
-        <select name="branch">
-          {% for b in settings.SITH_PROFILE_DEPARTMENTS %}
-            <option value="{{ b[0] }}">{{ b[0] }}</option>
-          {% endfor %}
-        </select>
-      </p>
-      <p><input type="submit" value="{% trans %}Show{% endtrans %}" /></p>
-    </form>
-    <table>
-      <thead>
-        <tr>
-          <td>Club</td>
-          <td>Member number</td>
-          <td>Old member number</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for c in club_list.order_by('id') %}
-          {% set members = c.members.all() %}
-          {% if request.GET['branch'] %}
-            {% set members = members.filter(user__department=request.GET['branch']) %}
-          {% endif %}
-          <tr>
-            <td>{{ c.get_display_name() }}</td>
-            <td>{{ members.filter(end_date=None, role__gt=settings.SITH_MAXIMUM_FREE_ROLE).count() }}</td>
-            <td>{{ members.exclude(end_date=None, role__gt=settings.SITH_MAXIMUM_FREE_ROLE).count() }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-  {% else %}
-    {% trans %}There is no club in this website.{% endtrans %}
-  {% endif %}
-{% endblock %}
-
-
-
--- a/club/tests.py
+++ b/club/tests.py
@ -1,906 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-from datetime import timedelta
-
-from django.conf import settings
-from django.core.cache import cache
-from django.test import TestCase
-from django.urls import reverse
-from django.utils import timezone
-from django.utils.timezone import localdate, localtime, now
-from django.utils.translation import gettext as _
-from model_bakery import baker
-
-from club.forms import MailingForm
-from club.models import Club, Mailing, Membership
-from core.baker_recipes import subscriber_user
-from core.models import AnonymousUser, User
-from sith.settings import SITH_BAR_MANAGER, SITH_MAIN_CLUB_ID
-
-
-class TestClub(TestCase):
-    """Set up data for test cases related to clubs and membership.
-
-    The generated dataset is the one created by the populate command,
-    plus the following modifications :
-
-    - `self.club` is a dummy club recreated for each test
-    - `self.club` has two board members : skia (role 3) and comptable (role 10)
-    - `self.club` has one regular member : richard
-    - `self.club` has one former member : sli (who had role 2)
-    - None of the `self.club` members are in the AE club.
-    """
-
-    @classmethod
-    def setUpTestData(cls):
-        # subscribed users - initial members
-        cls.skia = User.objects.get(username="skia")
-        # by default, Skia is in the AE, which creates side effect
-        cls.skia.memberships.all().delete()
-        cls.richard = User.objects.get(username="rbatsbak")
-        cls.comptable = User.objects.get(username="comptable")
-        cls.sli = User.objects.get(username="sli")
-        cls.root = User.objects.get(username="root")
-
-        # subscribed users - not initial members
-        cls.krophil = User.objects.get(username="krophil")
-        cls.subscriber = User.objects.get(username="subscriber")
-
-        # old subscriber
-        cls.old_subscriber = User.objects.get(username="old_subscriber")
-
-        # not subscribed
-        cls.public = User.objects.get(username="public")
-
-        cls.ae = Club.objects.filter(pk=SITH_MAIN_CLUB_ID)[0]
-        cls.club = Club.objects.create(
-            name="Fake Club",
-            unix_name="fake-club",
-            address="5 rue de la République, 90000 Belfort",
-        )
-        cls.members_url = reverse("club:club_members", kwargs={"club_id": cls.club.id})
-        a_month_ago = now() - timedelta(days=30)
-        yesterday = now() - timedelta(days=1)
-        Membership.objects.create(
-            club=cls.club, user=cls.skia, start_date=a_month_ago, role=3
-        )
-        Membership.objects.create(club=cls.club, user=cls.richard, role=1)
-        Membership.objects.create(
-            club=cls.club, user=cls.comptable, start_date=a_month_ago, role=10
-        )
-
-        # sli was a member but isn't anymore
-        Membership.objects.create(
-            club=cls.club,
-            user=cls.sli,
-            start_date=a_month_ago,
-            end_date=yesterday,
-            role=2,
-        )
-
-    def setUp(self):
-        cache.clear()
-
-
-class TestMembershipQuerySet(TestClub):
-    def test_ongoing(self):
-        """Test that the ongoing queryset method returns the memberships that
-        are not ended.
-        """
-        current_members = list(self.club.members.ongoing().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-            self.richard.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert current_members == expected
-
-    def test_ongoing_with_membership_ending_today(self):
-        """Test that a membership ending the present day is considered as ended."""
-        today = localdate()
-        self.richard.memberships.filter(club=self.club).update(end_date=today)
-        current_members = list(self.club.members.ongoing().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert current_members == expected
-
-    def test_board(self):
-        """Test that the board queryset method returns the memberships
-        of user in the club board.
-        """
-        board_members = list(self.club.members.board().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-            # sli is no more member, but he was in the board
-            self.sli.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert board_members == expected
-
-    def test_ongoing_board(self):
-        """Test that combining ongoing and board returns users
-        who are currently board members of the club.
-        """
-        members = list(self.club.members.ongoing().board().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert members == expected
-
-    def test_update_invalidate_cache(self):
-        """Test that the `update` queryset method properly invalidate cache."""
-        mem_skia = self.skia.memberships.get(club=self.club)
-        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
-        self.skia.memberships.update(end_date=localtime(now()).date())
-        assert (
-            cache.get(f"membership_{mem_skia.club_id}_{mem_skia.user_id}")
-            == "not_member"
-        )
-
-        mem_richard = self.richard.memberships.get(club=self.club)
-        cache.set(
-            f"membership_{mem_richard.club_id}_{mem_richard.user_id}", mem_richard
-        )
-        self.richard.memberships.update(role=5)
-        new_mem = self.richard.memberships.get(club=self.club)
-        assert new_mem != "not_member"
-        assert new_mem.role == 5
-
-    def test_update_change_club_groups(self):
-        """Test that `update` set the user groups accordingly."""
-        user = baker.make(User)
-        membership = baker.make(Membership, end_date=None, user=user, role=5)
-        members_group = membership.club.members_group
-        board_group = membership.club.board_group
-        assert user.groups.contains(members_group)
-        assert user.groups.contains(board_group)
-
-        user.memberships.update(role=1)  # from board to simple member
-        assert user.groups.contains(members_group)
-        assert not user.groups.contains(board_group)
-
-        user.memberships.update(role=5)  # from member to board
-        assert user.groups.contains(members_group)
-        assert user.groups.contains(board_group)
-
-        user.memberships.update(end_date=localdate())  # end the membership
-        assert not user.groups.contains(members_group)
-        assert not user.groups.contains(board_group)
-
-    def test_delete_invalidate_cache(self):
-        """Test that the `delete` queryset properly invalidate cache."""
-        mem_skia = self.skia.memberships.get(club=self.club)
-        mem_comptable = self.comptable.memberships.get(club=self.club)
-        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
-        cache.set(
-            f"membership_{mem_comptable.club_id}_{mem_comptable.user_id}", mem_comptable
-        )
-
-        # should delete the subscriptions of skia and comptable
-        self.club.members.ongoing().board().delete()
-
-        for membership in (mem_skia, mem_comptable):
-            cached_mem = cache.get(
-                f"membership_{membership.club_id}_{membership.user_id}"
-            )
-            assert cached_mem == "not_member"
-
-    def test_delete_remove_from_groups(self):
-        """Test that `delete` removes from club groups"""
-        user = baker.make(User)
-        memberships = baker.make(Membership, role=iter([1, 5]), user=user, _quantity=2)
-        club_groups = {
-            memberships[0].club.members_group,
-            memberships[1].club.members_group,
-            memberships[1].club.board_group,
-        }
-        assert set(user.groups.all()) == club_groups
-        user.memberships.all().delete()
-        assert user.groups.all().count() == 0
-
-
-class TestClubModel(TestClub):
-    def assert_membership_started_today(self, user: User, role: int):
-        """Assert that the given membership is active and started today."""
-        membership = user.memberships.ongoing().filter(club=self.club).first()
-        assert membership is not None
-        assert localtime(now()).date() == membership.start_date
-        assert membership.end_date is None
-        assert membership.role == role
-        assert membership.club.get_membership_for(user) == membership
-        assert user.is_in_group(pk=self.club.members_group_id)
-        assert user.is_in_group(pk=self.club.board_group_id)
-
-    def assert_membership_ended_today(self, user: User):
-        """Assert that the given user have a membership which ended today."""
-        today = localtime(now()).date()
-        assert user.memberships.filter(club=self.club, end_date=today).exists()
-        assert self.club.get_membership_for(user) is None
-
-    def test_access_unauthorized(self):
-        """Test that users who never subscribed and anonymous users
-        cannot see the page.
-        """
-        response = self.client.post(self.members_url)
-        assert response.status_code == 403
-
-        self.client.force_login(self.public)
-        response = self.client.post(self.members_url)
-        assert response.status_code == 403
-
-    def test_display(self):
-        """Test that a GET request return a page where the requested
-        information are displayed.
-        """
-        self.client.force_login(self.skia)
-        response = self.client.get(self.members_url)
-        assert response.status_code == 200
-        expected_html = (
-            "<table><thead><tr>"
-            "<td>Utilisateur</td><td>Rôle</td><td>Description</td>"
-            "<td>Depuis</td><td>Marquer comme ancien</td>"
-            "</tr></thead><tbody>"
-        )
-        memberships = self.club.members.ongoing().order_by("-role")
-        input_id = 0
-        for membership in memberships.select_related("user"):
-            user = membership.user
-            expected_html += (
-                f"<tr><td><a href=\"{reverse('core:user_profile', args=[user.id])}\">"
-                f"{user.get_display_name()}</a></td>"
-                f"<td>{settings.SITH_CLUB_ROLES[membership.role]}</td>"
-                f"<td>{membership.description}</td>"
-                f"<td>{membership.start_date}</td><td>"
-            )
-            if membership.role <= 3:  # 3 is the role of skia
-                expected_html += (
-                    '<input type="checkbox" name="users_old" '
-                    f'value="{user.id}" '
-                    f'id="id_users_old_{input_id}">'
-                )
-                input_id += 1
-            expected_html += "</td></tr>"
-        expected_html += "</tbody></table>"
-        self.assertInHTML(expected_html, response.content.decode())
-
-    def test_root_add_one_club_member(self):
-        """Test that root users can add members to clubs, one at a time."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": [self.subscriber.id], "role": 3},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.subscriber.refresh_from_db()
-        self.assert_membership_started_today(self.subscriber, role=3)
-
-    def test_root_add_multiple_club_member(self):
-        """Test that root users can add multiple members at once to clubs."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {
-                "users": (self.subscriber.id, self.krophil.id),
-                "role": 3,
-            },
-        )
-        self.assertRedirects(response, self.members_url)
-        self.subscriber.refresh_from_db()
-        self.assert_membership_started_today(self.subscriber, role=3)
-        self.assert_membership_started_today(self.krophil, role=3)
-
-    def test_add_unauthorized_members(self):
-        """Test that users who are not currently subscribed
-        cannot be members of clubs.
-        """
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.public.id, "role": 1},
-        )
-        assert not self.public.memberships.filter(club=self.club).exists()
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-
-        response = self.client.post(
-            self.members_url,
-            {"users": self.old_subscriber.id, "role": 1},
-        )
-        assert not self.public.memberships.filter(club=self.club).exists()
-        assert self.club.get_membership_for(self.public) is None
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-
-    def test_add_members_already_members(self):
-        """Test that users who are already members of a club
-        cannot be added again to this club.
-        """
-        self.client.force_login(self.root)
-        current_membership = self.skia.memberships.ongoing().get(club=self.club)
-        nb_memberships = self.skia.memberships.count()
-        self.client.post(
-            self.members_url,
-            {"users": self.skia.id, "role": current_membership.role + 1},
-        )
-        self.skia.refresh_from_db()
-        assert nb_memberships == self.skia.memberships.count()
-        new_membership = self.skia.memberships.ongoing().get(club=self.club)
-        assert current_membership == new_membership
-        assert self.club.get_membership_for(self.skia) == new_membership
-
-    def test_add_not_existing_users(self):
-        """Test that not existing users cannot be added in clubs.
-        If one user in the request is invalid, no membership creation at all
-        can take place.
-        """
-        self.client.force_login(self.root)
-        nb_memberships = self.club.members.count()
-        response = self.client.post(
-            self.members_url,
-            {"users": [9999], "role": 1},
-        )
-        assert response.status_code == 200
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-        self.club.refresh_from_db()
-        assert self.club.members.count() == nb_memberships
-        response = self.client.post(
-            self.members_url,
-            {
-                "users": (self.subscriber.id, 9999),
-                "start_date": "12/06/2016",
-                "role": 3,
-            },
-        )
-        assert response.status_code == 200
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-        self.club.refresh_from_db()
-        assert self.club.members.count() == nb_memberships
-
-    def test_president_add_members(self):
-        """Test that the president of the club can add members."""
-        president = self.club.members.get(role=10).user
-        nb_club_membership = self.club.members.count()
-        nb_subscriber_memberships = self.subscriber.memberships.count()
-        self.client.force_login(president)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "role": 9},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.club.refresh_from_db()
-        self.subscriber.refresh_from_db()
-        assert self.club.members.count() == nb_club_membership + 1
-        assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
-        self.assert_membership_started_today(self.subscriber, role=9)
-
-    def test_add_member_greater_role(self):
-        """Test that a member of the club member cannot create
-        a membership with a greater role than its own.
-        """
-        self.client.force_login(self.skia)
-        nb_memberships = self.club.members.count()
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "role": 10},
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            "<li>Vous n'avez pas la permission de faire cela</li>",
-            response.content.decode(),
-        )
-        self.club.refresh_from_db()
-        assert nb_memberships == self.club.members.count()
-        assert not self.subscriber.memberships.filter(club=self.club).exists()
-
-    def test_add_member_without_role(self):
-        """Test that trying to add members without specifying their role fails."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "start_date": "12/06/2016"},
-        )
-        assert (
-            '<ul class="errorlist"><li>Vous devez choisir un r'
-            in response.content.decode()
-        )
-
-    def test_end_membership_self(self):
-        """Test that a member can end its own membership."""
-        self.client.force_login(self.skia)
-        self.client.post(
-            self.members_url,
-            {"users_old": self.skia.id},
-        )
-        self.skia.refresh_from_db()
-        self.assert_membership_ended_today(self.skia)
-
-    def test_end_membership_lower_role(self):
-        """Test that board members of the club can end memberships
-        of users with lower roles.
-        """
-        # remainder : skia has role 3, comptable has role 10, richard has role 1
-        self.client.force_login(self.skia)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": self.richard.id},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.club.refresh_from_db()
-        self.assert_membership_ended_today(self.richard)
-
-    def test_end_membership_higher_role(self):
-        """Test that board members of the club cannot end memberships
-        of users with higher roles.
-        """
-        membership = self.comptable.memberships.filter(club=self.club).first()
-        self.client.force_login(self.skia)
-        self.client.post(
-            self.members_url,
-            {"users_old": self.comptable.id},
-        )
-        self.club.refresh_from_db()
-        new_membership = self.club.get_membership_for(self.comptable)
-        assert new_membership is not None
-        assert new_membership == membership
-
-        membership = self.comptable.memberships.filter(club=self.club).first()
-        assert membership.end_date is None
-
-    def test_end_membership_as_main_club_board(self):
-        """Test that board members of the main club can end the membership
-        of anyone.
-        """
-        # make subscriber a board member
-        subscriber = subscriber_user.make()
-        Membership.objects.create(club=self.ae, user=subscriber, role=3)
-
-        nb_memberships = self.club.members.ongoing().count()
-        self.client.force_login(subscriber)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": self.comptable.id},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.assert_membership_ended_today(self.comptable)
-        assert self.club.members.ongoing().count() == nb_memberships - 1
-
-    def test_end_membership_as_root(self):
-        """Test that root users can end the membership of anyone."""
-        nb_memberships = self.club.members.ongoing().count()
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": [self.comptable.id]},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.assert_membership_ended_today(self.comptable)
-        assert self.club.members.ongoing().count() == nb_memberships - 1
-
-    def test_end_membership_as_foreigner(self):
-        """Test that users who are not in this club cannot end its memberships."""
-        nb_memberships = self.club.members.count()
-        membership = self.richard.memberships.filter(club=self.club).first()
-        self.client.force_login(self.subscriber)
-        self.client.post(
-            self.members_url,
-            {"users_old": [self.richard.id]},
-        )
-        # nothing should have changed
-        new_mem = self.club.get_membership_for(self.richard)
-        assert self.club.members.count() == nb_memberships
-        assert membership == new_mem
-
-    def test_remove_from_club_group(self):
-        """Test that when a membership ends, the user is removed from club groups."""
-        user = baker.make(User)
-        baker.make(Membership, user=user, club=self.club, end_date=None, role=3)
-        assert user.groups.contains(self.club.members_group)
-        assert user.groups.contains(self.club.board_group)
-        user.memberships.update(end_date=localdate())
-        assert not user.groups.contains(self.club.members_group)
-        assert not user.groups.contains(self.club.board_group)
-
-    def test_add_to_club_group(self):
-        """Test that when a membership begins, the user is added to the club group."""
-        assert not self.subscriber.groups.contains(self.club.members_group)
-        assert not self.subscriber.groups.contains(self.club.board_group)
-        baker.make(Membership, club=self.club, user=self.subscriber, role=3)
-        assert self.subscriber.groups.contains(self.club.members_group)
-        assert self.subscriber.groups.contains(self.club.board_group)
-
-    def test_change_position_in_club(self):
-        """Test that when moving from board to members, club group change"""
-        membership = baker.make(
-            Membership, club=self.club, user=self.subscriber, role=3
-        )
-        assert self.subscriber.groups.contains(self.club.members_group)
-        assert self.subscriber.groups.contains(self.club.board_group)
-        membership.role = 1
-        membership.save()
-        assert self.subscriber.groups.contains(self.club.members_group)
-        assert not self.subscriber.groups.contains(self.club.board_group)
-
-    def test_club_owner(self):
-        """Test that a club is owned only by board members of the main club."""
-        anonymous = AnonymousUser()
-        assert not self.club.is_owned_by(anonymous)
-        assert not self.club.is_owned_by(self.subscriber)
-
-        # make sli a board member
-        self.sli.memberships.all().delete()
-        Membership(club=self.ae, user=self.sli, role=3).save()
-        assert self.club.is_owned_by(self.sli)
-
-    def test_change_club_name(self):
-        """Test that changing the club name doesn't break things."""
-        members_group = self.club.members_group
-        board_group = self.club.board_group
-        initial_members = set(members_group.users.values_list("id", flat=True))
-        initial_board = set(board_group.users.values_list("id", flat=True))
-        self.club.name = "something else"
-        self.club.save()
-        self.club.refresh_from_db()
-
-        # The names should have changed, but not the ids nor the group members
-        assert self.club.members_group.name == "something else - Membres"
-        assert self.club.board_group.name == "something else - Bureau"
-        assert self.club.members_group.id == members_group.id
-        assert self.club.board_group.id == board_group.id
-        new_members = set(self.club.members_group.users.values_list("id", flat=True))
-        new_board = set(self.club.board_group.users.values_list("id", flat=True))
-        assert new_members == initial_members
-        assert new_board == initial_board
-
-
-class TestMailingForm(TestCase):
-    """Perform validation tests for MailingForm."""
-
-    @classmethod
-    def setUpTestData(cls):
-        cls.skia = User.objects.get(username="skia")
-        cls.rbatsbak = User.objects.get(username="rbatsbak")
-        cls.krophil = User.objects.get(username="krophil")
-        cls.comunity = User.objects.get(username="comunity")
-        cls.root = User.objects.get(username="root")
-        cls.bdf = Club.objects.get(unix_name=SITH_BAR_MANAGER["unix_name"])
-        cls.mail_url = reverse("club:mailing", kwargs={"club_id": cls.bdf.id})
-
-    def setUp(self):
-        Membership(
-            user=self.rbatsbak,
-            club=self.bdf,
-            start_date=timezone.now(),
-            role=settings.SITH_CLUB_ROLES_ID["Board member"],
-        ).save()
-
-    def test_mailing_list_add_no_moderation(self):
-        # Test with Communication admin
-        self.client.force_login(self.comunity)
-        response = self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "foyer"},
-        )
-        self.assertRedirects(response, self.mail_url)
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "Liste de diffusion foyer@utbm.fr" in response.content.decode()
-
-        # Test with Root
-        self.client.force_login(self.root)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "Liste de diffusion mde@utbm.fr" in response.content.decode()
-
-    def test_mailing_list_add_moderation(self):
-        self.client.force_login(self.rbatsbak)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "Liste de diffusion mde@utbm.fr" not in content
-        assert "<p>Listes de diffusions en attente de modération</p>" in content
-        assert "<li>mde@utbm.fr" in content
-
-    def test_mailing_list_forbidden(self):
-        # With anonymous user
-        response = self.client.get(self.mail_url)
-        self.assertContains(response, "", status_code=403)
-
-        # With user not in club
-        self.client.force_login(self.krophil)
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 403
-
-    def test_add_new_subscription_fail_not_moderated(self):
-        self.client.force_login(self.rbatsbak)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.skia.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "skia@git.an" not in response.content.decode()
-
-    def test_add_new_subscription_success(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        # Add single user
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.skia.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "skia@git.an" in response.content.decode()
-
-        # Add multiple users
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": (self.comunity.id, self.rbatsbak.id),
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-
-        # Add arbitrary email
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_email": "arbitrary@git.an",
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-        assert "arbitrary@git.an" in content
-
-        # Add user and arbitrary email
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_email": "more.arbitrary@git.an",
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-        assert "arbitrary@git.an" in content
-        assert "more.arbitrary@git.an" in content
-        assert "krophil@git.an" in content
-
-    def test_add_new_subscription_fail_form_errors(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        # Neither email or email is specified
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code
-        self.assertInHTML(
-            _("You must specify at least an user or an email address"),
-            response.content.decode(),
-        )
-
-        # No mailing specified
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-            },
-        )
-        assert response.status_code == 200
-        assert _("This field is required") in response.content.decode()
-
-        # One of the selected users doesn't exist
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": [789],
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("You must specify at least an user or an email address"),
-            response.content.decode(),
-        )
-
-        # An user has no email address
-        self.krophil.email = ""
-        self.krophil.save()
-
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("One of the selected users doesn't have an email address"),
-            response.content.decode(),
-        )
-
-        self.krophil.email = "krophil@git.an"
-        self.krophil.save()
-
-        # An user is added twice
-
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("This email is already suscribed in this mailing"),
-            response.content.decode(),
-        )
-
-    def test_remove_subscription_success(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        mde = Mailing.objects.get(email="mde")
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": (
-                    self.comunity.id,
-                    self.rbatsbak.id,
-                    self.krophil.id,
-                ),
-                "subscription_mailing": mde.id,
-            },
-        )
-
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" in content
-        assert "richard@git.an" in content
-        assert "krophil@git.an" in content
-
-        # Delete one user
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
-                "removal_%d" % mde.id: mde.subscriptions.get(user=self.krophil).id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" in content
-        assert "richard@git.an" in content
-        assert "krophil@git.an" not in content
-
-        # Delete multiple users
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
-                "removal_%d" % mde.id: [
-                    user.id
-                    for user in mde.subscriptions.filter(
-                        user__in=[self.rbatsbak, self.comunity]
-                    ).all()
-                ],
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" not in content
-        assert "richard@git.an" not in content
-        assert "krophil@git.an" not in content
-
-
-class TestClubSellingView(TestCase):
-    """Perform basics tests to ensure that the page is available."""
-
-    @classmethod
-    def setUpTestData(cls):
-        cls.ae = Club.objects.get(unix_name="ae")
-        cls.skia = User.objects.get(username="skia")
-
-    def test_page_not_internal_error(self):
-        """Test that the page does not return and internal error."""
-        self.client.force_login(self.skia)
-        response = self.client.get(
-            reverse("club:club_sellings", kwargs={"club_id": self.ae.id})
-        )
-        assert response.status_code == 200
--- a/club/tests/init.py
+++ b/club/tests/init.py
--- a/club/tests/base.py
+++ b/club/tests/base.py
@ -0,0 +1,60 @@
+from datetime import timedelta
+
+from django.conf import settings
+from django.core.cache import cache
+from django.test import TestCase
+from django.urls import reverse
+from django.utils.timezone import now
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+
+from club.models import Club, Membership
+from core.baker_recipes import old_subscriber_user, subscriber_user
+from core.models import User
+
+
+class TestClub(TestCase):
+    """Set up data for test cases related to clubs and membership.
+
+    The generated dataset is the one created by the populate command,
+    plus the following modifications :
+
+    - `self.club` is a dummy club
+    - `self.club` has two board members :
+       simple_board_member (role 3) and president (role 10)
+    - `self.club` has one regular member : richard
+    - `self.club` has one former member : sli (who had role 2)
+    - None of the `self.club` members are in the AE club.
+    """
+
+    @classmethod
+    def setUpTestData(cls):
+        # subscribed users - initial members
+        cls.president, cls.simple_board_member = subscriber_user.make(_quantity=2)
+        cls.richard = User.objects.get(username="rbatsbak")
+        cls.sli = User.objects.get(username="sli")
+        cls.root = baker.make(User, is_superuser=True)
+        cls.old_subscriber = old_subscriber_user.make()
+        cls.public = baker.make(User)
+
+        # subscribed users - not initial member
+        cls.krophil = User.objects.get(username="krophil")
+        cls.subscriber = subscriber_user.make()
+
+        cls.ae = Club.objects.get(pk=settings.SITH_MAIN_CLUB_ID)
+        cls.club = baker.make(Club)
+        cls.members_url = reverse("club:club_members", kwargs={"club_id": cls.club.id})
+        a_month_ago = now() - timedelta(days=30)
+        yesterday = now() - timedelta(days=1)
+        membership_recipe = Recipe(Membership, club=cls.club)
+        membership_recipe.make(
+            user=cls.simple_board_member, start_date=a_month_ago, role=3
+        )
+        membership_recipe.make(user=cls.richard, role=1)
+        membership_recipe.make(user=cls.president, start_date=a_month_ago, role=10)
+        membership_recipe.make(  # sli was a member but isn't anymore
+            user=cls.sli, start_date=a_month_ago, end_date=yesterday, role=2
+        )
+
+    def setUp(self):
+        cache.clear()
--- a/club/tests/test_club_controller.py
+++ b/club/tests/test_club_controller.py
@ -0,0 +1,43 @@
+from datetime import date, timedelta
+
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+from pytest_django.asserts import assertNumQueries
+
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+class TestFetchClub:
+    @pytest.fixture()
+    def club(self):
+        club = baker.make(Club)
+        last_month = date.today() - timedelta(days=30)
+        yesterday = date.today() - timedelta(days=1)
+        membership_recipe = Recipe(Membership, club=club, start_date=last_month)
+        membership_recipe.make(end_date=None, _quantity=10, _bulk_create=True)
+        membership_recipe.make(end_date=yesterday, _quantity=10, _bulk_create=True)
+        return club
+
+    def test_fetch_club_members(self, client: Client, club: Club):
+        user = subscriber_user.make()
+        client.force_login(user)
+        res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
+        assert res.status_code == 200
+        member_ids = {member["user"]["id"] for member in res.json()["members"]}
+        assert member_ids == set(
+            club.members.ongoing().values_list("user_id", flat=True)
+        )
+
+    def test_fetch_club_nb_queries(self, client: Client, club: Club):
+        user = subscriber_user.make()
+        client.force_login(user)
+        with assertNumQueries(6):
+            # - 4 queries for authentication
+            # - 2 queries for the actual data
+            res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
+            assert res.status_code == 200
--- a/club/tests/test_edit.py
+++ b/club/tests/test_edit.py
@ -0,0 +1,38 @@
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from pytest_django.asserts import assertRedirects
+
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+def test_club_board_member_cannot_edit_club_properties(client: Client):
+    user = subscriber_user.make()
+    club = baker.make(Club, name="old name", is_active=True, address="old address")
+    baker.make(Membership, club=club, user=user, role=7)
+    client.force_login(user)
+    res = client.post(
+        reverse("club:club_edit", kwargs={"club_id": club.id}),
+        {"name": "new name", "is_active": False, "address": "new address"},
+    )
+    # The request should success,
+    # but admin-only fields shouldn't be taken into account
+    assertRedirects(res, club.get_absolute_url())
+    club.refresh_from_db()
+    assert club.name == "old name"
+    assert club.is_active
+    assert club.address == "new address"
+
+
+@pytest.mark.django_db
+def test_edit_club_page_doesnt_crash(client: Client):
+    """crash test for club:club_edit"""
+    club = baker.make(Club)
+    user = subscriber_user.make()
+    baker.make(Membership, club=club, user=user, role=3)
+    client.force_login(user)
+    res = client.get(reverse("club:club_edit", kwargs={"club_id": club.id}))
+    assert res.status_code == 200
--- a/club/tests/test_mailing.py
+++ b/club/tests/test_mailing.py
@ -0,0 +1,327 @@
+from django.conf import settings
+from django.test import TestCase
+from django.urls import reverse
+from django.utils import timezone
+from django.utils.translation import gettext as _
+
+from club.forms import MailingForm
+from club.models import Club, Mailing, Membership
+from core.models import User
+
+
+class TestMailingForm(TestCase):
+    """Perform validation tests for MailingForm."""
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.skia = User.objects.get(username="skia")
+        cls.rbatsbak = User.objects.get(username="rbatsbak")
+        cls.krophil = User.objects.get(username="krophil")
+        cls.comunity = User.objects.get(username="comunity")
+        cls.root = User.objects.get(username="root")
+        cls.club = Club.objects.get(id=settings.SITH_PDF_CLUB_ID)
+        cls.mail_url = reverse("club:mailing", kwargs={"club_id": cls.club.id})
+        Membership(
+            user=cls.rbatsbak,
+            club=cls.club,
+            start_date=timezone.now(),
+            role=settings.SITH_CLUB_ROLES_ID["Board member"],
+        ).save()
+
+    def test_mailing_list_add_no_moderation(self):
+        # Test with Communication admin
+        self.client.force_login(self.comunity)
+        response = self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "foyer"},
+        )
+        self.assertRedirects(response, self.mail_url)
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "Liste de diffusion foyer@utbm.fr" in response.text
+
+        # Test with Root
+        self.client.force_login(self.root)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "Liste de diffusion mde@utbm.fr" in response.text
+
+    def test_mailing_list_add_moderation(self):
+        self.client.force_login(self.rbatsbak)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "Liste de diffusion mde@utbm.fr" not in content
+        assert "<p>Listes de diffusions en attente de modération</p>" in content
+        assert "<li>mde@utbm.fr" in content
+
+    def test_mailing_list_forbidden(self):
+        # With anonymous user
+        response = self.client.get(self.mail_url)
+        self.assertContains(response, "", status_code=403)
+
+        # With user not in club
+        self.client.force_login(self.krophil)
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 403
+
+    def test_add_new_subscription_fail_not_moderated(self):
+        self.client.force_login(self.rbatsbak)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.skia.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "skia@git.an" not in response.text
+
+    def test_add_new_subscription_success(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        # Add single user
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.skia.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "skia@git.an" in response.text
+
+        # Add multiple users
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": (self.comunity.id, self.rbatsbak.id),
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+
+        # Add arbitrary email
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_email": "arbitrary@git.an",
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+        assert "arbitrary@git.an" in content
+
+        # Add user and arbitrary email
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_email": "more.arbitrary@git.an",
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+        assert "arbitrary@git.an" in content
+        assert "more.arbitrary@git.an" in content
+        assert "krophil@git.an" in content
+
+    def test_add_new_subscription_fail_form_errors(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        # Neither email or email is specified
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code
+        self.assertInHTML(
+            _("You must specify at least an user or an email address"),
+            response.text,
+        )
+
+        # No mailing specified
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+            },
+        )
+        assert response.status_code == 200
+        assert _("This field is required") in response.text
+
+        # One of the selected users doesn't exist
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": [789],
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("You must specify at least an user or an email address"),
+            response.text,
+        )
+
+        # An user has no email address
+        self.krophil.email = ""
+        self.krophil.save()
+
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("One of the selected users doesn't have an email address"),
+            response.text,
+        )
+
+        self.krophil.email = "krophil@git.an"
+        self.krophil.save()
+
+        # An user is added twice
+
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("This email is already suscribed in this mailing"),
+            response.text,
+        )
+
+    def test_remove_subscription_success(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        mde = Mailing.objects.get(email="mde")
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": (
+                    self.comunity.id,
+                    self.rbatsbak.id,
+                    self.krophil.id,
+                ),
+                "subscription_mailing": mde.id,
+            },
+        )
+
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" in content
+        assert "richard@git.an" in content
+        assert "krophil@git.an" in content
+
+        # Delete one user
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
+                "removal_%d" % mde.id: mde.subscriptions.get(user=self.krophil).id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" in content
+        assert "richard@git.an" in content
+        assert "krophil@git.an" not in content
+
+        # Delete multiple users
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
+                "removal_%d" % mde.id: [
+                    user.id
+                    for user in mde.subscriptions.filter(
+                        user__in=[self.rbatsbak, self.comunity]
+                    ).all()
+                ],
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" not in content
+        assert "richard@git.an" not in content
+        assert "krophil@git.an" not in content
--- a/club/tests/test_membership.py
+++ b/club/tests/test_membership.py
@ -0,0 +1,492 @@
+from bs4 import BeautifulSoup
+from django.conf import settings
+from django.core.cache import cache
+from django.db.models import Max
+from django.urls import reverse
+from django.utils.timezone import localdate, localtime, now
+from model_bakery import baker
+
+from club.forms import ClubMemberForm
+from club.models import Membership
+from club.tests.base import TestClub
+from core.baker_recipes import subscriber_user
+from core.models import AnonymousUser, User
+
+
+class TestMembershipQuerySet(TestClub):
+    def test_ongoing(self):
+        """Test that the ongoing queryset method returns the memberships that
+        are not ended.
+        """
+        current_members = list(self.club.members.ongoing().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+            self.richard.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert current_members == expected
+
+    def test_ongoing_with_membership_ending_today(self):
+        """Test that a membership ending the present day is considered as ended."""
+        today = localdate()
+        self.richard.memberships.filter(club=self.club).update(end_date=today)
+        current_members = list(self.club.members.ongoing().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert current_members == expected
+
+    def test_board(self):
+        """Test that the board queryset method returns the memberships
+        of user in the club board.
+        """
+        board_members = list(self.club.members.board().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+            # sli is no more member, but he was in the board
+            self.sli.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert board_members == expected
+
+    def test_ongoing_board(self):
+        """Test that combining ongoing and board returns users
+        who are currently board members of the club.
+        """
+        members = list(self.club.members.ongoing().board().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert members == expected
+
+    def test_update_invalidate_cache(self):
+        """Test that the `update` queryset method properly invalidate cache."""
+        mem_skia = self.simple_board_member.memberships.get(club=self.club)
+        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
+        self.simple_board_member.memberships.update(end_date=localtime(now()).date())
+        assert (
+            cache.get(f"membership_{mem_skia.club_id}_{mem_skia.user_id}")
+            == "not_member"
+        )
+
+        mem_richard = self.richard.memberships.get(club=self.club)
+        cache.set(
+            f"membership_{mem_richard.club_id}_{mem_richard.user_id}", mem_richard
+        )
+        self.richard.memberships.update(role=5)
+        new_mem = self.richard.memberships.get(club=self.club)
+        assert new_mem != "not_member"
+        assert new_mem.role == 5
+
+    def test_update_change_club_groups(self):
+        """Test that `update` set the user groups accordingly."""
+        user = baker.make(User)
+        membership = baker.make(Membership, end_date=None, user=user, role=5)
+        members_group = membership.club.members_group
+        board_group = membership.club.board_group
+        assert user.groups.contains(members_group)
+        assert user.groups.contains(board_group)
+
+        user.memberships.update(role=1)  # from board to simple member
+        assert user.groups.contains(members_group)
+        assert not user.groups.contains(board_group)
+
+        user.memberships.update(role=5)  # from member to board
+        assert user.groups.contains(members_group)
+        assert user.groups.contains(board_group)
+
+        user.memberships.update(end_date=localdate())  # end the membership
+        assert not user.groups.contains(members_group)
+        assert not user.groups.contains(board_group)
+
+    def test_delete_invalidate_cache(self):
+        """Test that the `delete` queryset properly invalidate cache."""
+        mem_skia = self.simple_board_member.memberships.get(club=self.club)
+        mem_comptable = self.president.memberships.get(club=self.club)
+        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
+        cache.set(
+            f"membership_{mem_comptable.club_id}_{mem_comptable.user_id}", mem_comptable
+        )
+
+        # should delete the subscriptions of simple_board_member and president
+        self.club.members.ongoing().board().delete()
+
+        for membership in (mem_skia, mem_comptable):
+            cached_mem = cache.get(
+                f"membership_{membership.club_id}_{membership.user_id}"
+            )
+            assert cached_mem == "not_member"
+
+    def test_delete_remove_from_groups(self):
+        """Test that `delete` removes from club groups"""
+        user = baker.make(User)
+        memberships = baker.make(Membership, role=iter([1, 5]), user=user, _quantity=2)
+        club_groups = {
+            memberships[0].club.members_group,
+            memberships[1].club.members_group,
+            memberships[1].club.board_group,
+        }
+        assert set(user.groups.all()).issuperset(club_groups)
+        user.memberships.all().delete()
+        assert set(user.groups.all()).isdisjoint(club_groups)
+
+
+class TestMembership(TestClub):
+    def assert_membership_started_today(self, user: User, role: int):
+        """Assert that the given membership is active and started today."""
+        membership = user.memberships.ongoing().filter(club=self.club).first()
+        assert membership is not None
+        assert localtime(now()).date() == membership.start_date
+        assert membership.end_date is None
+        assert membership.role == role
+        assert membership.club.get_membership_for(user) == membership
+        assert user.is_in_group(pk=self.club.members_group_id)
+        assert user.is_in_group(pk=self.club.board_group_id)
+
+    def assert_membership_ended_today(self, user: User):
+        """Assert that the given user have a membership which ended today."""
+        today = localtime(now()).date()
+        assert user.memberships.filter(club=self.club, end_date=today).exists()
+        assert self.club.get_membership_for(user) is None
+
+    def test_access_unauthorized(self):
+        """Test that users who never subscribed and anonymous users
+        cannot see the page.
+        """
+        response = self.client.post(self.members_url)
+        assert response.status_code == 403
+
+        self.client.force_login(self.public)
+        response = self.client.post(self.members_url)
+        assert response.status_code == 403
+
+    def test_display(self):
+        """Test that a GET request return a page where the requested
+        information are displayed.
+        """
+        self.client.force_login(self.simple_board_member)
+        response = self.client.get(self.members_url)
+        assert response.status_code == 200
+        soup = BeautifulSoup(response.text, "lxml")
+        table = soup.find("table", id="club_members_table")
+        assert [r.text for r in table.find("thead").find_all("td")] == [
+            "Utilisateur",
+            "Rôle",
+            "Description",
+            "Depuis",
+            "Marquer comme ancien",
+        ]
+        rows = table.find("tbody").find_all("tr")
+        memberships = self.club.members.ongoing().order_by("-role")
+        for row, membership in zip(
+            rows, memberships.select_related("user"), strict=False
+        ):
+            user = membership.user
+            user_url = reverse("core:user_profile", args=[user.id])
+            cols = row.find_all("td")
+            user_link = cols[0].find("a")
+            assert user_link.attrs["href"] == user_url
+            assert user_link.text == user.get_display_name()
+            assert cols[1].text == settings.SITH_CLUB_ROLES[membership.role]
+            assert cols[2].text == membership.description
+            assert cols[3].text == str(membership.start_date)
+
+            if membership.role <= 3:  # 3 is the role of simple_board_member
+                form_input = cols[4].find("input")
+                expected_attrs = {
+                    "type": "checkbox",
+                    "name": "users_old",
+                    "value": str(user.id),
+                }
+                assert form_input.attrs.items() >= expected_attrs.items()
+            else:
+                assert cols[4].find_all() == []
+
+    def test_root_add_one_club_member(self):
+        """Test that root users can add members to clubs, one at a time."""
+        self.client.force_login(self.root)
+        response = self.client.post(
+            self.members_url,
+            {"users": [self.subscriber.id], "role": 3},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.subscriber.refresh_from_db()
+        self.assert_membership_started_today(self.subscriber, role=3)
+
+    def test_root_add_multiple_club_member(self):
+        """Test that root users can add multiple members at once to clubs."""
+        self.client.force_login(self.root)
+        response = self.client.post(
+            self.members_url,
+            {
+                "users": (self.subscriber.id, self.krophil.id),
+                "role": 3,
+            },
+        )
+        self.assertRedirects(response, self.members_url)
+        self.subscriber.refresh_from_db()
+        self.assert_membership_started_today(self.subscriber, role=3)
+        self.assert_membership_started_today(self.krophil, role=3)
+
+    def test_add_unauthorized_members(self):
+        """Test that users who are not currently subscribed
+        cannot be members of clubs.
+        """
+        for user in self.public, self.old_subscriber:
+            form = ClubMemberForm(
+                data={"users": [user.id], "role": 1},
+                request_user=self.root,
+                club=self.club,
+            )
+
+            assert not form.is_valid()
+            assert form.errors == {
+                "users": [
+                    "L'utilisateur doit être cotisant pour faire partie d'un club"
+                ]
+            }
+
+    def test_add_members_already_members(self):
+        """Test that users who are already members of a club
+        cannot be added again to this club.
+        """
+        self.client.force_login(self.root)
+        current_membership = self.simple_board_member.memberships.ongoing().get(
+            club=self.club
+        )
+        nb_memberships = self.simple_board_member.memberships.count()
+        self.client.post(
+            self.members_url,
+            {"users": self.simple_board_member.id, "role": current_membership.role + 1},
+        )
+        self.simple_board_member.refresh_from_db()
+        assert nb_memberships == self.simple_board_member.memberships.count()
+        new_membership = self.simple_board_member.memberships.ongoing().get(
+            club=self.club
+        )
+        assert current_membership == new_membership
+        assert self.club.get_membership_for(self.simple_board_member) == new_membership
+
+    def test_add_not_existing_users(self):
+        """Test that not existing users cannot be added in clubs.
+        If one user in the request is invalid, no membership creation at all
+        can take place.
+        """
+        nb_memberships = self.club.members.count()
+        max_id = User.objects.aggregate(id=Max("id"))["id"]
+        for members in [max_id + 1], [max_id + 1, self.subscriber.id]:
+            form = ClubMemberForm(
+                data={"users": members, "role": 1},
+                request_user=self.root,
+                club=self.club,
+            )
+            assert not form.is_valid()
+            assert form.errors == {
+                "users": [
+                    "Sélectionnez un choix valide. "
+                    f"{max_id + 1} n\u2019en fait pas partie."
+                ]
+            }
+        self.club.refresh_from_db()
+        assert self.club.members.count() == nb_memberships
+
+    def test_president_add_members(self):
+        """Test that the president of the club can add members."""
+        president = self.club.members.get(role=10).user
+        nb_club_membership = self.club.members.count()
+        nb_subscriber_memberships = self.subscriber.memberships.count()
+        self.client.force_login(president)
+        response = self.client.post(
+            self.members_url,
+            {"users": self.subscriber.id, "role": 9},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.club.refresh_from_db()
+        self.subscriber.refresh_from_db()
+        assert self.club.members.count() == nb_club_membership + 1
+        assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
+        self.assert_membership_started_today(self.subscriber, role=9)
+
+    def test_add_member_greater_role(self):
+        """Test that a member of the club member cannot create
+        a membership with a greater role than its own.
+        """
+        form = ClubMemberForm(
+            data={"users": [self.subscriber.id], "role": 10},
+            request_user=self.simple_board_member,
+            club=self.club,
+        )
+        nb_memberships = self.club.members.count()
+
+        assert not form.is_valid()
+        assert form.errors == {
+            "__all__": ["Vous n'avez pas la permission de faire cela"]
+        }
+        self.club.refresh_from_db()
+        assert nb_memberships == self.club.members.count()
+        assert not self.subscriber.memberships.filter(club=self.club).exists()
+
+    def test_add_member_without_role(self):
+        """Test that trying to add members without specifying their role fails."""
+        self.client.force_login(self.root)
+        form = ClubMemberForm(
+            data={"users": [self.subscriber.id]},
+            request_user=self.simple_board_member,
+            club=self.club,
+        )
+
+        assert not form.is_valid()
+        assert form.errors == {"role": ["Vous devez choisir un rôle"]}
+
+    def test_end_membership_self(self):
+        """Test that a member can end its own membership."""
+        self.client.force_login(self.simple_board_member)
+        self.client.post(
+            self.members_url,
+            {"users_old": self.simple_board_member.id},
+        )
+        self.simple_board_member.refresh_from_db()
+        self.assert_membership_ended_today(self.simple_board_member)
+
+    def test_end_membership_lower_role(self):
+        """Test that board members of the club can end memberships
+        of users with lower roles.
+        """
+        # remainder : simple_board_member has role 3, president has role 10, richard has role 1
+        self.client.force_login(self.simple_board_member)
+        response = self.client.post(
+            self.members_url,
+            {"users_old": self.richard.id},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.club.refresh_from_db()
+        self.assert_membership_ended_today(self.richard)
+
+    def test_end_membership_higher_role(self):
+        """Test that board members of the club cannot end memberships
+        of users with higher roles.
+        """
+        membership = self.president.memberships.filter(club=self.club).first()
+        self.client.force_login(self.simple_board_member)
+        self.client.post(
+            self.members_url,
+            {"users_old": self.president.id},
+        )
+        self.club.refresh_from_db()
+        new_membership = self.club.get_membership_for(self.president)
+        assert new_membership is not None
+        assert new_membership == membership
+
+        membership = self.president.memberships.filter(club=self.club).first()
+        assert membership.end_date is None
+
+    def test_end_membership_as_main_club_board(self):
+        """Test that board members of the main club can end the membership
+        of anyone.
+        """
+        # make subscriber a board member
+        subscriber = subscriber_user.make()
+        Membership.objects.create(club=self.ae, user=subscriber, role=3)
+
+        nb_memberships = self.club.members.ongoing().count()
+        self.client.force_login(subscriber)
+        response = self.client.post(
+            self.members_url,
+            {"users_old": self.president.id},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.assert_membership_ended_today(self.president)
+        assert self.club.members.ongoing().count() == nb_memberships - 1
+
+    def test_end_membership_as_root(self):
+        """Test that root users can end the membership of anyone."""
+        nb_memberships = self.club.members.ongoing().count()
+        self.client.force_login(self.root)
+        response = self.client.post(
+            self.members_url,
+            {"users_old": [self.president.id]},
+        )
+        self.assertRedirects(response, self.members_url)
+        self.assert_membership_ended_today(self.president)
+        assert self.club.members.ongoing().count() == nb_memberships - 1
+
+    def test_end_membership_as_foreigner(self):
+        """Test that users who are not in this club cannot end its memberships."""
+        nb_memberships = self.club.members.count()
+        membership = self.richard.memberships.filter(club=self.club).first()
+        self.client.force_login(self.subscriber)
+        self.client.post(
+            self.members_url,
+            {"users_old": [self.richard.id]},
+        )
+        # nothing should have changed
+        new_mem = self.club.get_membership_for(self.richard)
+        assert self.club.members.count() == nb_memberships
+        assert membership == new_mem
+
+    def test_remove_from_club_group(self):
+        """Test that when a membership ends, the user is removed from club groups."""
+        user = baker.make(User)
+        baker.make(Membership, user=user, club=self.club, end_date=None, role=3)
+        assert user.groups.contains(self.club.members_group)
+        assert user.groups.contains(self.club.board_group)
+        user.memberships.update(end_date=localdate())
+        assert not user.groups.contains(self.club.members_group)
+        assert not user.groups.contains(self.club.board_group)
+
+    def test_add_to_club_group(self):
+        """Test that when a membership begins, the user is added to the club group."""
+        assert not self.subscriber.groups.contains(self.club.members_group)
+        assert not self.subscriber.groups.contains(self.club.board_group)
+        baker.make(Membership, club=self.club, user=self.subscriber, role=3)
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert self.subscriber.groups.contains(self.club.board_group)
+
+    def test_change_position_in_club(self):
+        """Test that when moving from board to members, club group change"""
+        membership = baker.make(
+            Membership, club=self.club, user=self.subscriber, role=3
+        )
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert self.subscriber.groups.contains(self.club.board_group)
+        membership.role = 1
+        membership.save()
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert not self.subscriber.groups.contains(self.club.board_group)
+
+    def test_club_owner(self):
+        """Test that a club is owned only by board members of the main club."""
+        anonymous = AnonymousUser()
+        assert not self.club.is_owned_by(anonymous)
+        assert not self.club.is_owned_by(self.subscriber)
+
+        # make sli a board member
+        self.sli.memberships.all().delete()
+        Membership(club=self.ae, user=self.sli, role=3).save()
+        assert self.club.is_owned_by(self.sli)
+
+    def test_change_club_name(self):
+        """Test that changing the club name doesn't break things."""
+        members_group = self.club.members_group
+        board_group = self.club.board_group
+        initial_members = set(members_group.users.values_list("id", flat=True))
+        initial_board = set(board_group.users.values_list("id", flat=True))
+        self.club.name = "something else"
+        self.club.save()
+        self.club.refresh_from_db()
+
+        # The names should have changed, but not the ids nor the group members
+        assert self.club.members_group.name == "something else - Membres"
+        assert self.club.board_group.name == "something else - Bureau"
+        assert self.club.members_group.id == members_group.id
+        assert self.club.board_group.id == board_group.id
+        new_members = set(self.club.members_group.users.values_list("id", flat=True))
+        new_board = set(self.club.board_group.users.values_list("id", flat=True))
+        assert new_members == initial_members
+        assert new_board == initial_board
--- a/club/tests/test_page.py
+++ b/club/tests/test_page.py
@ -0,0 +1,39 @@
+import pytest
+from bs4 import BeautifulSoup
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from pytest_django.asserts import assertHTMLEqual
+
+from club.models import Club
+from core.markdown import markdown
+from core.models import PageRev, User
+
+
+@pytest.mark.django_db
+def test_page_display_on_club_main_page(client: Client):
+    """Test the club Page is properly displayed on the club main view"""
+    club = baker.make(Club)
+    content = "# foo\nLorem ipsum dolor sit amet"
+    baker.make(PageRev, page=club.page, revision=1, content=content)
+    client.force_login(baker.make(User))
+    res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
+
+    assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(id="club_detail").find(class_="markdown")
+    assertHTMLEqual(detail_html.decode_contents(), markdown(content))
+
+
+@pytest.mark.django_db
+def test_club_main_page_without_content(client: Client):
+    """Test the club view works, even if the club page is empty"""
+    club = baker.make(Club)
+    club.page.revisions.all().delete()
+    client.force_login(baker.make(User))
+    res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
+
+    assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(id="club_detail")
+    assert detail_html.find_all("markdown") == []
--- a/club/tests/test_sales.py
+++ b/club/tests/test_sales.py
@ -0,0 +1,38 @@
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+
+from club.forms import SellingsForm
+from club.models import Club
+from core.models import User
+from counter.baker_recipes import product_recipe, sale_recipe
+from counter.models import Counter, Customer
+
+
+@pytest.mark.django_db
+def test_sales_page_doesnt_crash(client: Client):
+    club = baker.make(Club)
+    admin = baker.make(User, is_superuser=True)
+    client.force_login(admin)
+    response = client.get(reverse("club:club_sellings", kwargs={"club_id": club.id}))
+    assert response.status_code == 200
+
+
+@pytest.mark.django_db
+def test_sales_form_counter_filter():
+    """Test that counters are properly filtered in SellingsForm"""
+    club = baker.make(Club)
+    counters = baker.make(
+        Counter, _quantity=5, _bulk_create=True, name=iter(["Z", "a", "B", "e", "f"])
+    )
+    counters[0].club = club
+    counters[0].save()
+    sale_recipe.make(
+        counter=counters[1], club=club, unit_price=0, customer=baker.make(Customer)
+    )
+    product_recipe.make(counters=[counters[2]], club=club)
+
+    form = SellingsForm(club)
+    form_counters = list(form.fields["counters"].queryset)
+    assert form_counters == [counters[1], counters[2], counters[0]]
--- a/club/urls.py
+++ b/club/urls.py
@ -26,7 +26,6 @@ from django.urls import path

 from club.views import (
    ClubCreateView,
-    ClubEditPropView,
    ClubEditView,
    ClubListView,
    ClubMailingView,
@ -37,7 +36,6 @@ from club.views import (
    ClubRevView,
    ClubSellingCSVView,
    ClubSellingView,
-    ClubStatView,
    ClubToolsView,
    ClubView,
    MailingAutoGenerationView,
@ -54,7 +52,6 @@ from club.views import (
 urlpatterns = [
    path("", ClubListView.as_view(), name="club_list"),
    path("new/", ClubCreateView.as_view(), name="club_new"),
-    path("stats/", ClubStatView.as_view(), name="club_stats"),
    path("<int:club_id>/", ClubView.as_view(), name="club_view"),
    path(
        "<int:club_id>/rev/<int:rev_id>/", ClubRevView.as_view(), name="club_view_rev"
@ -72,7 +69,6 @@ urlpatterns = [
    path(
        "<int:club_id>/sellings/csv/", ClubSellingCSVView.as_view(), name="sellings_csv"
    ),
-    path("<int:club_id>/prop/", ClubEditPropView.as_view(), name="club_prop"),
    path("<int:club_id>/tools/", ClubToolsView.as_view(), name="tools"),
    path("<int:club_id>/mailing/", ClubMailingView.as_view(), name="mailing"),
    path(
--- a/club/views.py
+++ b/club/views.py
@ -25,6 +25,7 @@
 import csv

 from django.conf import settings
+from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
 from django.core.paginator import InvalidPage, Paginator
 from django.db.models import Sum
@ -36,12 +37,19 @@ from django.http import (
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
+from django.utils.functional import cached_property
 from django.utils.translation import gettext as _t
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import DetailView, ListView, TemplateView, View
+from django.views.generic import DetailView, ListView, View
 from django.views.generic.edit import CreateView, DeleteView, UpdateView

-from club.forms import ClubEditForm, ClubMemberForm, MailingForm, SellingsForm
+from club.forms import (
+    ClubAdminEditForm,
+    ClubEditForm,
+    ClubMemberForm,
+    MailingForm,
+    SellingsForm,
+)
 from club.models import Club, Mailing, MailingSubscription, Membership
 from com.views import (
    PosterCreateBaseView,
@ -49,17 +57,10 @@ from com.views import (
    PosterEditBaseView,
    PosterListBaseView,
 )
+from core.auth.mixins import CanCreateMixin, CanEditMixin, CanViewMixin
 from core.models import PageRev
-from core.views import (
-    CanCreateMixin,
-    CanEditMixin,
-    CanEditPropMixin,
-    CanViewMixin,
-    DetailFormView,
-    PageEditViewBase,
-    TabedViewMixin,
-    UserIsRootMixin,
-)
+from core.views import DetailFormView, PageEditViewBase
+from core.views.mixins import TabedViewMixin
 from counter.models import Selling


@ -79,23 +80,23 @@ class ClubTabsMixin(TabedViewMixin):
            }
        ]
        if self.request.user.can_view(self.object):
-            tab_list.append(
+            tab_list.extend(
+                [
                    {
                        "url": reverse(
                            "club:club_members", kwargs={"club_id": self.object.id}
                        ),
                        "slug": "members",
                        "name": _("Members"),
-                }
-            )
-            tab_list.append(
+                    },
                    {
                        "url": reverse(
                            "club:club_old_members", kwargs={"club_id": self.object.id}
                        ),
                        "slug": "elderlies",
                        "name": _("Old members"),
-                }
+                    },
+                ]
            )
        if self.object.page:
            tab_list.append(
@ -108,21 +109,23 @@ class ClubTabsMixin(TabedViewMixin):
                }
            )
        if self.request.user.can_edit(self.object):
-            tab_list.append(
+            tab_list.extend(
+                [
                    {
-                    "url": reverse("club:tools", kwargs={"club_id": self.object.id}),
+                        "url": reverse(
+                            "club:tools", kwargs={"club_id": self.object.id}
+                        ),
                        "slug": "tools",
                        "name": _("Tools"),
-                }
-            )
-            tab_list.append(
+                    },
                    {
                        "url": reverse(
                            "club:club_edit", kwargs={"club_id": self.object.id}
                        ),
                        "slug": "edit",
                        "name": _("Edit"),
-                }
+                    },
+                ]
            )
            if self.object.page and self.request.user.can_edit(self.object.page):
                tab_list.append(
@ -135,40 +138,30 @@ class ClubTabsMixin(TabedViewMixin):
                        "name": _("Edit club page"),
                    }
                )
-            tab_list.append(
+            tab_list.extend(
+                [
                    {
                        "url": reverse(
                            "club:club_sellings", kwargs={"club_id": self.object.id}
                        ),
                        "slug": "sellings",
                        "name": _("Sellings"),
-                }
-            )
-            tab_list.append(
+                    },
                    {
-                    "url": reverse("club:mailing", kwargs={"club_id": self.object.id}),
+                        "url": reverse(
+                            "club:mailing", kwargs={"club_id": self.object.id}
+                        ),
                        "slug": "mailing",
                        "name": _("Mailing list"),
-                }
-            )
-            tab_list.append(
+                    },
                    {
                        "url": reverse(
                            "club:poster_list", kwargs={"club_id": self.object.id}
                        ),
                        "slug": "posters",
                        "name": _("Posters list"),
-                }
-            )
-        if self.request.user.is_owner(self.object):
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_prop", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "props",
-                    "name": _("Props"),
-                }
+                    },
+                ]
            )
        return tab_list

@ -190,8 +183,12 @@ class ClubView(ClubTabsMixin, DetailView):

    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
-        if self.object.page and self.object.page.revisions.exists():
-            kwargs["page_revision"] = self.object.page.revisions.last().content
+        kwargs["page_revision"] = (
+            PageRev.objects.filter(page_id=self.object.page_id)
+            .order_by("-date")
+            .values_list("content", flat=True)
+            .first()
+        )
        return kwargs


@ -254,15 +251,19 @@ class ClubMembersView(ClubTabsMixin, CanViewMixin, DetailFormView):
    template_name = "club/club_members.jinja"
    current_tab = "members"

+    @cached_property
+    def members(self) -> list[Membership]:
+        return list(self.object.members.ongoing().order_by("-role"))
+
    def get_form_kwargs(self):
        kwargs = super().get_form_kwargs()
        kwargs["request_user"] = self.request.user
-        kwargs["club"] = self.get_object()
+        kwargs["club"] = self.object
        kwargs["club_members"] = self.members
        return kwargs

-    def get_context_data(self, *args, **kwargs):
-        kwargs = super().get_context_data(*args, **kwargs)
+    def get_context_data(self, **kwargs):
+        kwargs = super().get_context_data(**kwargs)
        kwargs["members"] = self.members
        return kwargs

@ -274,21 +275,15 @@ class ClubMembersView(ClubTabsMixin, CanViewMixin, DetailFormView):
        users = data.pop("users", [])
        users_old = data.pop("users_old", [])
        for user in users:
-            Membership(club=self.get_object(), user=user, **data).save()
+            Membership(club=self.object, user=user, **data).save()
        for user in users_old:
-            membership = self.get_object().get_membership_for(user)
+            membership = self.object.get_membership_for(user)
            membership.end_date = timezone.now()
            membership.save()
        return resp

-    def dispatch(self, request, *args, **kwargs):
-        self.members = self.get_object().members.ongoing().order_by("-role")
-        return super().dispatch(request, *args, **kwargs)
-
    def get_success_url(self, **kwargs):
-        return reverse_lazy(
-            "club:club_members", kwargs={"club_id": self.get_object().id}
-        )
+        return self.request.path


 class ClubOldMembersView(ClubTabsMixin, CanViewMixin, DetailView):
@ -455,32 +450,33 @@ class ClubSellingCSVView(ClubSellingView):


 class ClubEditView(ClubTabsMixin, CanEditMixin, UpdateView):
-    """Edit a Club's main informations (for the club's members)."""
+    """Edit a Club.
+
+    Regular club board members will be able to edit the main infos
+    (like the logo and the description).
+    Admins will also be able to edit the club properties
+    (like the name and the parent club).
+    """

    model = Club
    pk_url_kwarg = "club_id"
-    form_class = ClubEditForm
-    template_name = "core/edit.jinja"
+    template_name = "club/edit_club.jinja"
    current_tab = "edit"

-
-class ClubEditPropView(ClubTabsMixin, CanEditPropMixin, UpdateView):
-    """Edit the properties of a Club object (for the Sith admins)."""
-
-    model = Club
-    pk_url_kwarg = "club_id"
-    fields = ["name", "unix_name", "parent", "is_active"]
-    template_name = "core/edit.jinja"
-    current_tab = "props"
+    def get_form_class(self):
+        if self.object.is_owned_by(self.request.user):
+            return ClubAdminEditForm
+        return ClubEditForm


-class ClubCreateView(CanCreateMixin, CreateView):
+class ClubCreateView(PermissionRequiredMixin, CreateView):
    """Create a club (for the Sith admin)."""

    model = Club
    pk_url_kwarg = "club_id"
-    fields = ["name", "unix_name", "parent"]
-    template_name = "core/edit.jinja"
+    fields = ["name", "parent"]
+    template_name = "core/create.jinja"
+    permission_required = "club.add_club"


 class MembershipSetOldView(CanEditMixin, DetailView):
@ -512,26 +508,18 @@ class MembershipSetOldView(CanEditMixin, DetailView):
        )


-class MembershipDeleteView(UserIsRootMixin, DeleteView):
+class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
    """Delete a membership (for admins only)."""

    model = Membership
    pk_url_kwarg = "membership_id"
    template_name = "core/delete_confirm.jinja"
+    permission_required = "club.delete_membership"

    def get_success_url(self):
        return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})


-class ClubStatView(TemplateView):
-    template_name = "club/stats.jinja"
-
-    def get_context_data(self, **kwargs):
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["club_list"] = Club.objects.all()
-        return kwargs
-
-
 class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
    """A list of mailing for a given club."""

@ -543,26 +531,19 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):

    def get_form_kwargs(self):
        kwargs = super().get_form_kwargs()
-        kwargs["club_id"] = self.get_object().id
+        kwargs["club_id"] = self.object.id
        kwargs["user_id"] = self.request.user.id
-        kwargs["mailings"] = self.mailings
+        kwargs["mailings"] = self.object.mailings.all()
        return kwargs

-    def dispatch(self, request, *args, **kwargs):
-        self.mailings = Mailing.objects.filter(club_id=self.get_object().id).all()
-        return super().dispatch(request, *args, **kwargs)
-
    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
-        kwargs["club"] = self.get_object()
+        mailings = list(self.object.mailings.all())
+        kwargs["club"] = self.object
        kwargs["user"] = self.request.user
-        kwargs["mailings"] = self.mailings
-        kwargs["mailings_moderated"] = (
-            kwargs["mailings"].exclude(is_moderated=False).all()
-        )
-        kwargs["mailings_not_moderated"] = (
-            kwargs["mailings"].exclude(is_moderated=True).all()
-        )
+        kwargs["mailings"] = mailings
+        kwargs["mailings_moderated"] = [m for m in mailings if m.is_moderated]
+        kwargs["mailings_not_moderated"] = [m for m in mailings if not m.is_moderated]
        kwargs["form_actions"] = {
            "NEW_MALING": self.form_class.ACTION_NEW_MAILING,
            "NEW_SUBSCRIPTION": self.form_class.ACTION_NEW_SUBSCRIPTION,
@ -573,7 +554,7 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
    def add_new_mailing(self, cleaned_data) -> ValidationError | None:
        """Create a new mailing list from the form."""
        mailing = Mailing(
-            club=self.get_object(),
+            club=self.object,
            email=cleaned_data["mailing_email"],
            moderator=self.request.user,
            is_moderated=False,
@ -650,7 +631,7 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
        return resp

    def get_success_url(self, **kwargs):
-        return reverse_lazy("club:mailing", kwargs={"club_id": self.get_object().id})
+        return reverse("club:mailing", kwargs={"club_id": self.object.id})


 class MailingDeleteView(CanEditMixin, DeleteView):
--- a/club/widgets/ajax_select.py
+++ b/club/widgets/ajax_select.py
@ -1,8 +1,11 @@
 from pydantic import TypeAdapter

 from club.models import Club
-from club.schemas import ClubSchema
-from core.views.widgets.select import AutoCompleteSelect, AutoCompleteSelectMultiple
+from club.schemas import SimpleClubSchema
+from core.views.widgets.ajax_select import (
+    AutoCompleteSelect,
+    AutoCompleteSelectMultiple,
+)

 _js = ["bundled/club/components/ajax-select-index.ts"]

@ -10,7 +13,7 @@ _js = ["bundled/club/components/ajax-select-index.ts"]
 class AutoCompleteSelectClub(AutoCompleteSelect):
    component_name = "club-ajax-select"
    model = Club
-    adapter = TypeAdapter(list[ClubSchema])
+    adapter = TypeAdapter(list[SimpleClubSchema])

    js = _js

@ -18,6 +21,6 @@ class AutoCompleteSelectClub(AutoCompleteSelect):
 class AutoCompleteSelectMultipleClub(AutoCompleteSelectMultiple):
    component_name = "club-ajax-select"
    model = Club
-    adapter = TypeAdapter(list[ClubSchema])
+    adapter = TypeAdapter(list[SimpleClubSchema])

    js = _js
--- a/com/admin.py
+++ b/com/admin.py
@ -13,17 +13,25 @@
 #
 #
 from django.contrib import admin
+from django.contrib.admin import TabularInline
 from haystack.admin import SearchModelAdmin

-from com.models import News, Poster, Screen, Sith, Weekmail
+from com.models import News, NewsDate, Poster, Screen, Sith, Weekmail
+
+
+class NewsDateInline(TabularInline):
+    model = NewsDate
+    extra = 0


@admin.register(News)
 class NewsAdmin(SearchModelAdmin):
-    list_display = ("title", "type", "club", "author")
+    list_display = ("title", "club", "author")
    search_fields = ("title", "summary", "content")
    autocomplete_fields = ("author", "moderator")

+    inlines = [NewsDateInline]
+

@admin.register(Poster)
 class PosterAdmin(SearchModelAdmin):
--- a/com/api.py
+++ b/com/api.py
@ -1,32 +1,90 @@
-from pathlib import Path
+from typing import Literal

-from django.conf import settings
-from django.http import Http404
-from ninja_extra import ControllerBase, api_controller, route
+from django.http import HttpResponse
+from django.utils.cache import add_never_cache_headers
+from ninja import Query
+from ninja_extra import ControllerBase, api_controller, paginate, route
+from ninja_extra.pagination import PageNumberPaginationExtra
+from ninja_extra.permissions import IsAuthenticated
+from ninja_extra.schemas import PaginatedResponseSchema

-from com.calendar import IcsCalendar
+from api.permissions import HasPerm
+from com.ics_calendar import IcsCalendar
+from com.models import News, NewsDate
+from com.schemas import NewsDateFilterSchema, NewsDateSchema
 from core.views.files import send_raw_file


@api_controller("/calendar")
 class CalendarController(ControllerBase):
-    CACHE_FOLDER: Path = settings.MEDIA_ROOT / "com" / "calendars"
-
-    @route.get("/external.ics", url_name="calendar_external")
-    def calendar_external(self):
-        """Return the ICS file of the AE Google Calendar
-
-        Because of Google's cors rules, we can't just do a request to google ics
-        from the frontend. Google is blocking CORS request in it's responses headers.
-        The only way to do it from the frontend is to use Google Calendar API with an API key
-        This is not especially desirable as your API key is going to be provided to the frontend.
-
-        This is why we have this backend based solution.
-        """
-        if (calendar := IcsCalendar.get_external()) is not None:
-            return send_raw_file(calendar)
-        raise Http404
-
    @route.get("/internal.ics", url_name="calendar_internal")
    def calendar_internal(self):
-        return send_raw_file(IcsCalendar.get_internal())
+        response = send_raw_file(IcsCalendar.get_internal())
+        add_never_cache_headers(response)
+        return response
+
+    @route.get(
+        "/unpublished.ics",
+        permissions=[IsAuthenticated],
+        url_name="calendar_unpublished",
+    )
+    def calendar_unpublished(self):
+        response = HttpResponse(
+            IcsCalendar.get_unpublished(self.context.request.user),
+            content_type="text/calendar",
+        )
+        add_never_cache_headers(response)
+        return response
+
+
+@api_controller("/news")
+class NewsController(ControllerBase):
+    @route.patch(
+        "/{int:news_id}/publish",
+        permissions=[HasPerm("com.moderate_news")],
+        url_name="moderate_news",
+    )
+    def publish_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        if not news.is_published:
+            news.is_published = True
+            news.moderator = self.context.request.user
+            news.save()
+
+    @route.patch(
+        "/{int:news_id}/unpublish",
+        permissions=[HasPerm("com.moderate_news")],
+        url_name="unpublish_news",
+    )
+    def unpublish_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        if news.is_published:
+            news.is_published = False
+            news.moderator = self.context.request.user
+            news.save()
+
+    @route.delete(
+        "/{int:news_id}",
+        permissions=[HasPerm("com.delete_news")],
+        url_name="delete_news",
+    )
+    def delete_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        news.delete()
+
+    @route.get(
+        "/date",
+        url_name="fetch_news_dates",
+        response=PaginatedResponseSchema[NewsDateSchema],
+    )
+    @paginate(PageNumberPaginationExtra, page_size=50)
+    def fetch_news_dates(
+        self,
+        filters: Query[NewsDateFilterSchema],
+        text_format: Literal["md", "html"] = "md",
+    ):
+        return filters.filter(
+            NewsDate.objects.viewable_by(self.context.request.user)
+            .order_by("start_date")
+            .select_related("news", "news__club")
+        )
--- a/com/calendar.py
+++ b/com/calendar.py
@ -1,76 +0,0 @@
-from datetime import datetime, timedelta
-from pathlib import Path
-from typing import final
-
-import urllib3
-from dateutil.relativedelta import relativedelta
-from django.conf import settings
-from django.urls import reverse
-from django.utils import timezone
-from ical.calendar import Calendar
-from ical.calendar_stream import IcsCalendarStream
-from ical.event import Event
-
-from com.models import NewsDate
-
-
-@final
-class IcsCalendar:
-    _CACHE_FOLDER: Path = settings.MEDIA_ROOT / "com" / "calendars"
-    _EXTERNAL_CALENDAR = _CACHE_FOLDER / "external.ics"
-    _INTERNAL_CALENDAR = _CACHE_FOLDER / "internal.ics"
-
-    @classmethod
-    def get_external(cls, expiration: timedelta = timedelta(hours=1)) -> Path | None:
-        if (
-            cls._EXTERNAL_CALENDAR.exists()
-            and timezone.make_aware(
-                datetime.fromtimestamp(cls._EXTERNAL_CALENDAR.stat().st_mtime)
-            )
-            + expiration
-            > timezone.now()
-        ):
-            return cls._EXTERNAL_CALENDAR
-        return cls.make_external()
-
-    @classmethod
-    def make_external(cls) -> Path | None:
-        calendar = urllib3.request(
-            "GET",
-            "https://calendar.google.com/calendar/ical/ae.utbm%40gmail.com/public/basic.ics",
-        )
-        if calendar.status != 200:
-            return None
-
-        cls._CACHE_FOLDER.mkdir(parents=True, exist_ok=True)
-        with open(cls._EXTERNAL_CALENDAR, "wb") as f:
-            _ = f.write(calendar.data)
-        return cls._EXTERNAL_CALENDAR
-
-    @classmethod
-    def get_internal(cls) -> Path:
-        if not cls._INTERNAL_CALENDAR.exists():
-            return cls.make_internal()
-        return cls._INTERNAL_CALENDAR
-
-    @classmethod
-    def make_internal(cls) -> Path:
-        # Updated through a post_save signal on News in com.signals
-        calendar = Calendar()
-        for news_date in NewsDate.objects.filter(
-            news__is_moderated=True,
-            end_date__gte=timezone.now() - (relativedelta(months=6)),
-        ).prefetch_related("news"):
-            event = Event(
-                summary=news_date.news.title,
-                start=news_date.start_date,
-                end=news_date.end_date,
-                url=reverse("com:news_detail", kwargs={"news_id": news_date.news.id}),
-            )
-            calendar.events.append(event)
-
-        # Create a file so we can offload the download to the reverse proxy if available
-        cls._CACHE_FOLDER.mkdir(parents=True, exist_ok=True)
-        with open(cls._INTERNAL_CALENDAR, "wb") as f:
-            _ = f.write(IcsCalendarStream.calendar_to_ics(calendar).encode("utf-8"))
-        return cls._INTERNAL_CALENDAR
--- a/com/forms.py
+++ b/com/forms.py
@ -0,0 +1,193 @@
+from datetime import date
+
+from dateutil.relativedelta import relativedelta
+from django import forms
+from django.db.models import Exists, OuterRef
+from django.forms import CheckboxInput
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+
+from club.models import Club
+from club.widgets.ajax_select import AutoCompleteSelectClub
+from com.models import News, NewsDate, Poster
+from core.models import User
+from core.utils import get_end_of_semester
+from core.views.forms import SelectDateTime
+from core.views.widgets.markdown import MarkdownInput
+
+
+class PosterForm(forms.ModelForm):
+    class Meta:
+        model = Poster
+        fields = [
+            "name",
+            "file",
+            "club",
+            "screens",
+            "date_begin",
+            "date_end",
+            "display_time",
+        ]
+        widgets = {"screens": forms.CheckboxSelectMultiple}
+        help_texts = {"file": _("Format: 16:9 | Resolution: 1920x1080")}
+
+    date_begin = forms.DateTimeField(
+        label=_("Start date"),
+        widget=SelectDateTime,
+        required=True,
+        initial=timezone.now().strftime("%Y-%m-%d %H:%M:%S"),
+    )
+    date_end = forms.DateTimeField(
+        label=_("End date"), widget=SelectDateTime, required=False
+    )
+
+    def __init__(self, *args, **kwargs):
+        self.user = kwargs.pop("user", None)
+        super().__init__(*args, **kwargs)
+        if self.user and not self.user.is_com_admin:
+            self.fields["club"].queryset = Club.objects.filter(
+                id__in=self.user.clubs_with_rights
+            )
+            self.fields.pop("display_time")
+
+
+class NewsDateForm(forms.ModelForm):
+    """Form to select the dates of an event."""
+
+    required_css_class = "required"
+
+    class Meta:
+        model = NewsDate
+        fields = ["start_date", "end_date"]
+        widgets = {"start_date": SelectDateTime, "end_date": SelectDateTime}
+
+    is_weekly = forms.BooleanField(
+        label=_("Weekly event"),
+        help_text=_("Weekly events will occur each week for a specified timespan."),
+        widget=CheckboxInput(attrs={"class": "switch"}),
+        initial=False,
+        required=False,
+    )
+    occurrence_choices = [
+        *[(str(i), _("%d times") % i) for i in range(2, 7)],
+        ("SEMESTER_END", _("Until the end of the semester")),
+    ]
+    occurrences = forms.ChoiceField(
+        label=_("Occurrences"),
+        help_text=_("How much times should the event occur (including the first one)"),
+        choices=occurrence_choices,
+        initial="SEMESTER_END",
+        required=False,
+    )
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.label_suffix = ""
+
+    @classmethod
+    def get_occurrences(cls, number: int) -> tuple[str, str] | None:
+        """Find the occurrence choice corresponding to numeric number of occurrences."""
+        if number < 2:
+            # If only 0 or 1 date, there cannot be weekly events
+            return None
+        # occurrences have all a numeric value, except "SEMESTER_END"
+        str_num = str(number)
+        occurrences = next((c for c in cls.occurrence_choices if c[0] == str_num), None)
+        if occurrences:
+            return occurrences
+        return next((c for c in cls.occurrence_choices if c[0] == "SEMESTER_END"), None)
+
+    def save(self, commit: bool = True, *, news: News):  # noqa FBT001
+        # the base save method contains some checks we want to run
+        # before doing our own logic
+        super().save(commit=False)
+        # delete existing dates before creating new ones
+        news.dates.all().delete()
+        if not self.cleaned_data.get("is_weekly"):
+            self.instance.news = news
+            return super().save(commit=commit)
+
+        dates: list[NewsDate] = [self.instance]
+        occurrences = self.cleaned_data.get("occurrences")
+        start = self.instance.start_date
+        end = self.instance.end_date
+        if occurrences[0].isdigit():
+            nb_occurrences = int(occurrences[0])
+        else:  # to the end of the semester
+            start_date = date(start.year, start.month, start.day)
+            nb_occurrences = (get_end_of_semester(start_date) - start_date).days // 7
+        dates.extend(
+            [
+                NewsDate(
+                    start_date=start + relativedelta(weeks=i),
+                    end_date=end + relativedelta(weeks=i),
+                )
+                for i in range(1, nb_occurrences)
+            ]
+        )
+        for d in dates:
+            d.news = news
+        if not commit:
+            return dates
+        return NewsDate.objects.bulk_create(dates)
+
+
+class NewsForm(forms.ModelForm):
+    """Form to create or edit news."""
+
+    error_css_class = "error"
+    required_css_class = "required"
+
+    class Meta:
+        model = News
+        fields = ["title", "club", "summary", "content"]
+        widgets = {
+            "author": forms.HiddenInput,
+            "summary": MarkdownInput,
+            "content": MarkdownInput,
+        }
+
+    auto_publish = forms.BooleanField(
+        label=_("Auto publication"),
+        widget=CheckboxInput(attrs={"class": "switch"}),
+        required=False,
+    )
+
+    def __init__(self, *args, author: User, date_form: NewsDateForm, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.author = author
+        self.date_form = date_form
+        self.label_suffix = ""
+        # if the author is an admin, he/she can choose any club,
+        # otherwise, only clubs for which he/she is a board member can be selected
+        if author.is_root or author.is_com_admin:
+            self.fields["club"] = forms.ModelChoiceField(
+                queryset=Club.objects.all(), widget=AutoCompleteSelectClub
+            )
+        else:
+            active_memberships = author.memberships.board().ongoing()
+            self.fields["club"] = forms.ModelChoiceField(
+                queryset=Club.objects.filter(
+                    Exists(active_memberships.filter(club=OuterRef("pk")))
+                )
+            )
+
+    def is_valid(self):
+        return super().is_valid() and self.date_form.is_valid()
+
+    def full_clean(self):
+        super().full_clean()
+        self.date_form.full_clean()
+
+    def save(self, commit: bool = True):  # noqa FBT001
+        self.instance.author = self.author
+        if (self.author.is_com_admin or self.author.is_root) and (
+            self.cleaned_data.get("auto_publish") is True
+        ):
+            self.instance.is_published = True
+            self.instance.moderator = self.author
+        else:
+            self.instance.is_published = False
+        created_news = super().save(commit=commit)
+        self.date_form.save(commit=commit, news=created_news)
+        return created_news
--- a/com/ics_calendar.py
+++ b/com/ics_calendar.py
@ -0,0 +1,76 @@
+from pathlib import Path
+
+from dateutil.relativedelta import relativedelta
+from django.conf import settings
+from django.contrib.sites.models import Site
+from django.contrib.syndication.views import add_domain
+from django.db.models import F, QuerySet
+from django.http import HttpRequest
+from django.urls import reverse
+from django.utils import timezone
+from ical.calendar import Calendar
+from ical.calendar_stream import IcsCalendarStream
+from ical.event import Event
+
+from com.models import NewsDate
+from core.models import User
+
+
+def as_absolute_url(url: str, request: HttpRequest | None = None) -> str:
+    return add_domain(
+        Site.objects.get_current(request=request),
+        url,
+        secure=request.is_secure() if request is not None else settings.HTTPS,
+    )
+
+
+class IcsCalendar:
+    _CACHE_FOLDER: Path = settings.MEDIA_ROOT / "com" / "calendars"
+    _INTERNAL_CALENDAR = _CACHE_FOLDER / "internal.ics"
+
+    @classmethod
+    def get_internal(cls) -> Path:
+        if not cls._INTERNAL_CALENDAR.exists():
+            return cls.make_internal()
+        return cls._INTERNAL_CALENDAR
+
+    @classmethod
+    def make_internal(cls) -> Path:
+        # Updated through a post_save signal on News in com.signals
+        # Create a file so we can offload the download to the reverse proxy if available
+        cls._CACHE_FOLDER.mkdir(parents=True, exist_ok=True)
+        with open(cls._INTERNAL_CALENDAR, "wb") as f:
+            _ = f.write(
+                cls.ics_from_queryset(
+                    NewsDate.objects.filter(
+                        news__is_published=True,
+                        end_date__gte=timezone.now() - (relativedelta(months=6)),
+                    )
+                )
+            )
+        return cls._INTERNAL_CALENDAR
+
+    @classmethod
+    def get_unpublished(cls, user: User) -> bytes:
+        return cls.ics_from_queryset(
+            NewsDate.objects.viewable_by(user).filter(
+                news__is_published=False,
+                end_date__gte=timezone.now() - (relativedelta(months=6)),
+            ),
+        )
+
+    @classmethod
+    def ics_from_queryset(cls, queryset: QuerySet[NewsDate]) -> bytes:
+        calendar = Calendar()
+        for news_date in queryset.annotate(news_title=F("news__title")):
+            event = Event(
+                summary=news_date.news_title,
+                start=news_date.start_date,
+                end=news_date.end_date,
+                url=as_absolute_url(
+                    reverse("com:news_detail", kwargs={"news_id": news_date.news.id})
+                ),
+            )
+            calendar.events.append(event)
+
+        return IcsCalendarStream.calendar_to_ics(calendar).encode("utf-8")
--- a/com/migrations/0008_alter_news_options_alter_newsdate_options_and_more.py
+++ b/com/migrations/0008_alter_news_options_alter_newsdate_options_and_more.py
@ -0,0 +1,61 @@
+# Generated by Django 4.2.17 on 2025-01-06 21:52
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("com", "0007_alter_news_club_alter_news_content_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="news",
+            options={
+                "verbose_name": "news",
+                "permissions": [
+                    ("moderate_news", "Can moderate news"),
+                    ("view_unmoderated_news", "Can view non-moderated news"),
+                ],
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="newsdate",
+            options={"verbose_name": "news date", "verbose_name_plural": "news dates"},
+        ),
+        migrations.AlterModelOptions(
+            name="poster",
+            options={"permissions": [("moderate_poster", "Can moderate poster")]},
+        ),
+        migrations.RemoveField(model_name="news", name="type"),
+        migrations.AlterField(
+            model_name="news",
+            name="author",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="owned_news",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="author",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="newsdate",
+            name="end_date",
+            field=models.DateTimeField(verbose_name="end_date"),
+        ),
+        migrations.AlterField(
+            model_name="newsdate",
+            name="start_date",
+            field=models.DateTimeField(verbose_name="start_date"),
+        ),
+        migrations.AddConstraint(
+            model_name="newsdate",
+            constraint=models.CheckConstraint(
+                check=models.Q(("end_date__gte", models.F("start_date"))),
+                name="news_date_end_date_after_start_date",
+            ),
+        ),
+    ]
--- a/com/migrations/0009_remove_news_is_moderated_news_is_published.py
+++ b/com/migrations/0009_remove_news_is_moderated_news_is_published.py
@ -0,0 +1,16 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("com", "0008_alter_news_options_alter_newsdate_options_and_more")]
+
+    operations = [
+        migrations.RenameField(
+            model_name="news", old_name="is_moderated", new_name="is_published"
+        ),
+        migrations.AlterField(
+            model_name="news",
+            name="is_published",
+            field=models.BooleanField(default=False, verbose_name="is published"),
+        ),
+    ]
--- a/com/models.py
+++ b/com/models.py
@ -21,13 +21,13 @@
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
-
+from typing import Self

 from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.core.mail import EmailMultiAlternatives
 from django.db import models, transaction
-from django.db.models import Q
+from django.db.models import F, Q
 from django.shortcuts import render
 from django.templatetags.static import static
 from django.urls import reverse
@ -54,12 +54,24 @@ class Sith(models.Model):
        return user.is_com_admin


-NEWS_TYPES = [
-    ("NOTICE", _("Notice")),
-    ("EVENT", _("Event")),
-    ("WEEKLY", _("Weekly")),
-    ("CALL", _("Call")),
-]
+class NewsQuerySet(models.QuerySet):
+    def moderated(self) -> Self:
+        return self.filter(is_published=True)
+
+    def viewable_by(self, user: User) -> Self:
+        """Filter news that the given user can view.
+
+        If the user has the `com.view_unmoderated_news` permission,
+        all news are viewable.
+        Else the viewable news are those that are either moderated
+        or authored by the user.
+        """
+        if user.has_perm("com.view_unmoderated_news"):
+            return self
+        q_filter = Q(is_published=True)
+        if user.is_authenticated:
+            q_filter |= Q(author_id=user.id)
+        return self.filter(q_filter)


 class News(models.Model):
@ -79,9 +91,6 @@ class News(models.Model):
        default="",
        help_text=_("A more detailed and exhaustive description of the event."),
    )
-    type = models.CharField(
-        _("type"), max_length=16, choices=NEWS_TYPES, default="EVENT"
-    )
    club = models.ForeignKey(
        Club,
        related_name="news",
@ -93,9 +102,9 @@ class News(models.Model):
        User,
        related_name="owned_news",
        verbose_name=_("author"),
-        on_delete=models.CASCADE,
+        on_delete=models.PROTECT,
    )
-    is_moderated = models.BooleanField(_("is moderated"), default=False)
+    is_published = models.BooleanField(_("is published"), default=False)
    moderator = models.ForeignKey(
        User,
        related_name="moderated_news",
@ -104,19 +113,27 @@ class News(models.Model):
        on_delete=models.SET_NULL,
    )

+    objects = NewsQuerySet.as_manager()
+
+    class Meta:
+        verbose_name = _("news")
+        permissions = [
+            ("moderate_news", "Can moderate news"),
+            ("view_unmoderated_news", "Can view non-moderated news"),
+        ]
+
    def __str__(self):
-        return "%s: %s" % (self.type, self.title)
+        return self.title

    def save(self, *args, **kwargs):
        super().save(*args, **kwargs)
+        if self.is_published:
+            return
        for user in User.objects.filter(
            groups__id__in=[settings.SITH_GROUP_COM_ADMIN_ID]
        ):
            Notification.objects.create(
-                user=user,
-                url=reverse("com:news_admin_list"),
-                type="NEWS_MODERATION",
-                param="1",
+                user=user, url=reverse("com:news_admin_list"), type="NEWS_MODERATION"
            )

    def get_absolute_url(self):
@ -130,35 +147,53 @@ class News(models.Model):
            return False
        return user.is_com_admin or user == self.author

-    def can_be_edited_by(self, user):
-        return user.is_com_admin
-
-    def can_be_viewed_by(self, user):
-        return self.is_moderated or user.is_com_admin
-
-
-def news_notification_callback(notif):
-    count = (
-        News.objects.filter(
-            Q(dates__start_date__gt=timezone.now(), is_moderated=False)
-            | Q(type="NOTICE", is_moderated=False)
+    def can_be_edited_by(self, user: User):
+        return user.is_authenticated and (
+            self.author_id == user.id or user.has_perm("com.change_news")
        )
-        .distinct()
-        .count()
+
+    def can_be_viewed_by(self, user: User):
+        return (
+            self.is_published
+            or user.has_perm("com.view_unmoderated_news")
+            or (user.is_authenticated and self.author_id == user.id)
        )
+
+
+def news_notification_callback(notif: Notification):
+    # the NewsDate linked to the News
+    # which creation triggered this callback may not exist yet,
+    # so it's important to filter by "not past date" rather than by "future date"
+    count = News.objects.filter(
+        ~Q(dates__start_date__gt=timezone.now()), is_published=False
+    ).count()
    if count:
        notif.viewed = False
-        notif.param = "%s" % count
-        notif.date = timezone.now()
+        notif.param = str(count)
    else:
        notif.viewed = True


-class NewsDate(models.Model):
-    """A date class, useful for weekly events, or for events that just have no date.
+class NewsDateQuerySet(models.QuerySet):
+    def viewable_by(self, user: User) -> Self:
+        """Filter the event dates that the given user can view.

-    This class allows more flexibilty managing the dates related to a news, particularly when this news is weekly, since
-    we don't have to make copies
+        - If the can view non moderated news, he can view all news dates
+        - else, he can view the dates of news that are either
+          authored by him or moderated.
+        """
+        if user.has_perm("com.view_unmoderated_news"):
+            return self
+        q_filter = Q(news__is_published=True)
+        if user.is_authenticated:
+            q_filter |= Q(news__author_id=user.id)
+        return self.filter(q_filter)
+
+
+class NewsDate(models.Model):
+    """A date associated with news.
+
+    A [News][com.models.News] can have multiple dates, for example if it is a recurring event.
    """

    news = models.ForeignKey(
@ -167,11 +202,23 @@ class NewsDate(models.Model):
        verbose_name=_("news_date"),
        on_delete=models.CASCADE,
    )
-    start_date = models.DateTimeField(_("start_date"), null=True, blank=True)
-    end_date = models.DateTimeField(_("end_date"), null=True, blank=True)
+    start_date = models.DateTimeField(_("start_date"))
+    end_date = models.DateTimeField(_("end_date"))
+
+    objects = NewsDateQuerySet.as_manager()
+
+    class Meta:
+        verbose_name = _("news date")
+        verbose_name_plural = _("news dates")
+        constraints = [
+            models.CheckConstraint(
+                check=Q(end_date__gte=F("start_date")),
+                name="news_date_end_date_after_start_date",
+            )
+        ]

    def __str__(self):
-        return "%s: %s - %s" % (self.news.title, self.start_date, self.end_date)
+        return f"{self.news.title}: {self.start_date} - {self.end_date}"


 class Weekmail(models.Model):
@ -330,6 +377,9 @@ class Poster(models.Model):
        on_delete=models.CASCADE,
    )

+    class Meta:
+        permissions = [("moderate_poster", "Can moderate poster")]
+
    def __str__(self):
        return self.name

--- a/com/schemas.py
+++ b/com/schemas.py
@ -0,0 +1,58 @@
+from datetime import datetime
+
+from ninja import FilterSchema, ModelSchema
+from ninja_extra import service_resolver
+from ninja_extra.context import RouteContext
+from pydantic import Field
+
+from club.schemas import ClubProfileSchema
+from com.models import News, NewsDate
+from core.markdown import markdown
+
+
+class NewsDateFilterSchema(FilterSchema):
+    before: datetime | None = Field(None, q="end_date__lt")
+    after: datetime | None = Field(None, q="start_date__gt")
+    club_id: int | None = Field(None, q="news__club_id")
+    news_id: int | None = None
+    is_published: bool | None = Field(None, q="news__is_published")
+    title: str | None = Field(None, q="news__title__icontains")
+
+
+class NewsSchema(ModelSchema):
+    class Meta:
+        model = News
+        fields = ["id", "title", "summary", "is_published"]
+
+    club: ClubProfileSchema
+    url: str
+
+    @staticmethod
+    def resolve_summary(obj: News) -> str:
+        # if this is returned from a route that allows the
+        # user to choose the text format (md or html)
+        # and the user chose "html", convert the markdown to html
+        context: RouteContext = service_resolver(RouteContext)
+        if context.kwargs.get("text_format", "") == "html":
+            return markdown(obj.summary)
+        return obj.summary
+
+    @staticmethod
+    def resolve_url(obj: News) -> str:
+        return obj.get_absolute_url()
+
+
+class NewsDateSchema(ModelSchema):
+    """Basic infos about an event occurrence.
+
+    Warning:
+        This uses [NewsSchema][], which itself
+        uses [ClubProfileSchema][club.schemas.ClubProfileSchema].
+        Don't forget the appropriated `select_related`.
+    """
+
+    class Meta:
+        model = NewsDate
+        fields = ["id", "start_date", "end_date"]
+
+    news: NewsSchema
--- a/com/signals.py
+++ b/com/signals.py
@ -1,10 +1,10 @@
-from django.db.models.base import post_save
+from django.db.models.signals import post_delete, post_save
 from django.dispatch import receiver

-from com.calendar import IcsCalendar
+from com.ics_calendar import IcsCalendar
 from com.models import News


-@receiver(post_save, sender=News, dispatch_uid="update_internal_ics")
+@receiver([post_save, post_delete], sender=News, dispatch_uid="update_internal_ics")
 def update_internal_ics(*args, **kwargs):
    _ = IcsCalendar.make_internal()
--- a/com/static/bundled/com/components/ics-calendar-index.ts
+++ b/com/static/bundled/com/components/ics-calendar-index.ts
@ -7,20 +7,38 @@ import frLocale from "@fullcalendar/core/locales/fr";
 import dayGridPlugin from "@fullcalendar/daygrid";
 import iCalendarPlugin from "@fullcalendar/icalendar";
 import listPlugin from "@fullcalendar/list";
-import { calendarCalendarExternal, calendarCalendarInternal } from "#openapi";
+import { type HTMLTemplateResult, html, render } from "lit-html";
+import {
+  calendarCalendarInternal,
+  calendarCalendarUnpublished,
+  newsDeleteNews,
+  newsPublishNews,
+  newsUnpublishNews,
+} from "#openapi";

@registerComponent("ics-calendar")
 export class IcsCalendar extends inheritHtmlElement("div") {
-  static observedAttributes = ["locale"];
+  static observedAttributes = ["locale", "can_moderate", "can_delete", "ics-help-url"];
  private calendar: Calendar;
  private locale = "en";
+  private canModerate = false;
+  private canDelete = false;
+  private helpUrl = "";

  attributeChangedCallback(name: string, _oldValue?: string, newValue?: string) {
-    if (name !== "locale") {
-      return;
+    if (name === "locale") {
+      this.locale = newValue;
+    }
+    if (name === "can_moderate") {
+      this.canModerate = newValue.toLowerCase() === "true";
+    }
+    if (name === "can_delete") {
+      this.canDelete = newValue.toLowerCase() === "true";
    }

-    this.locale = newValue;
+    if (name === "ics-help-url") {
+      this.helpUrl = newValue;
+    }
  }

  isMobile() {
@ -32,7 +50,18 @@ export class IcsCalendar extends inheritHtmlElement("div") {
    return this.isMobile() ? "listMonth" : "dayGridMonth";
  }

-  currentToolbar() {
+  currentFooterToolbar() {
+    if (this.isMobile()) {
+      return {
+        start: "",
+        center: "getCalendarLink helpButton",
+        end: "",
+      };
+    }
+    return { start: "getCalendarLink helpButton", center: "", end: "" };
+  }
+
+  currentHeaderToolbar() {
    if (this.isMobile()) {
      return {
        left: "prev,next",
@ -54,6 +83,93 @@ export class IcsCalendar extends inheritHtmlElement("div") {
    }).format(date);
  }

+  getNewsId(event: EventImpl) {
+    return Number.parseInt(
+      event.url
+        .toString()
+        .split("/")
+        .filter((s) => s) // Remove blank characters
+        .pop(),
+    );
+  }
+
+  refreshEvents() {
+    this.click(); // Remove focus from popup
+    this.calendar.refetchEvents();
+  }
+
+  async publishNews(id: number) {
+    await newsPublishNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-publish", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async unpublishNews(id: number) {
+    await newsUnpublishNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-unpublish", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async deleteNews(id: number) {
+    await newsDeleteNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-delete", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async getEventSources() {
+    return [
+      {
+        url: `${await makeUrl(calendarCalendarInternal)}`,
+        format: "ics",
+        className: "internal",
+        cache: false,
+      },
+      {
+        url: `${await makeUrl(calendarCalendarUnpublished)}`,
+        format: "ics",
+        color: "red",
+        className: "unpublished",
+        cache: false,
+      },
+    ];
+  }
+
  createEventDetailPopup(event: EventClickArg) {
    // Delete previous popup
    const oldPopup = document.getElementById("event-details");
@ -61,29 +177,25 @@ export class IcsCalendar extends inheritHtmlElement("div") {
      oldPopup.remove();
    }

-    const makePopupInfo = (info: HTMLElement, iconClass: string) => {
-      const row = document.createElement("div");
-      const icon = document.createElement("i");
-
-      row.setAttribute("class", "event-details-row");
-
-      icon.setAttribute("class", `event-detail-row-icon fa-xl ${iconClass}`);
-
-      row.appendChild(icon);
-      row.appendChild(info);
-
-      return row;
+    const makePopupInfo = (info: HTMLTemplateResult, iconClass: string) => {
+      return html`
+        <div class="event-details-row">
+          <i class="event-detail-row-icon fa-xl ${iconClass}"></i>
+          ${info}
+        </div>
+      `;
    };

    const makePopupTitle = (event: EventImpl) => {
-      const row = document.createElement("div");
-      row.innerHTML = `
+      const row = html`
+        <div>
          <h4 class="event-details-row-content">
            ${event.title}
          </h4>
          <span class="event-details-row-content">
            ${this.formatDate(event.start)} - ${this.formatDate(event.end)}
          </span>
+        </div>
      `;
      return makePopupInfo(
        row,
@ -95,9 +207,11 @@ export class IcsCalendar extends inheritHtmlElement("div") {
      if (event.extendedProps.location === null) {
        return null;
      }
-      const info = document.createElement("div");
-      info.innerText = event.extendedProps.location;
-
+      const info = html`
+        <div>
+          ${event.extendedProps.location}
+        </div>
+      `;
      return makePopupInfo(info, "fa-solid fa-location-dot");
    };

@ -105,33 +219,68 @@ export class IcsCalendar extends inheritHtmlElement("div") {
      if (event.url === "") {
        return null;
      }
-      const url = document.createElement("a");
-      url.href = event.url;
-      url.textContent = gettext("More info");
-
+      const url = html`<a href="${event.url}">${gettext("More info")}</a>`;
      return makePopupInfo(url, "fa-solid fa-link");
    };

+    const makePopupTools = (event: EventImpl) => {
+      if (!(this.canDelete || this.canModerate)) {
+        return null;
+      }
+      const newsId = this.getNewsId(event);
+      const buttons = [] as HTMLTemplateResult[];
+
+      if (this.canModerate) {
+        if (event.source.internalEventSource.ui.classNames.includes("unpublished")) {
+          const button = html`
+            <button class="btn btn-green" @click="${() => this.publishNews(newsId)}">
+              <i class="fa fa-check"></i>${gettext("Publish")}
+            </button>
+          `;
+          buttons.push(button);
+        } else {
+          const button = html`
+            <button class="btn btn-orange" @click="${() => this.unpublishNews(newsId)}">
+              <i class="fa fa-times"></i>${gettext("Unpublish")}
+            </button>
+          `;
+          buttons.push(button);
+        }
+      }
+      if (this.canDelete) {
+        const button = html`
+          <button class="btn btn-red" @click="${() => this.deleteNews(newsId)}">
+            <i class="fa fa-trash-can"></i>${gettext("Delete")}
+          </button>
+        `;
+        buttons.push(button);
+      }
+
+      return makePopupInfo(html`<div>${buttons}</div>`, "fa-solid fa-toolbox");
+    };
+
    // Create new popup
-    const popup = document.createElement("div");
-    const popupContainer = document.createElement("div");
-
-    popup.setAttribute("id", "event-details");
-    popupContainer.setAttribute("class", "event-details-container");
-
-    popupContainer.appendChild(makePopupTitle(event.event));
+    const infos = [] as HTMLTemplateResult[];
+    infos.push(makePopupTitle(event.event));

    const location = makePopupLocation(event.event);
    if (location !== null) {
-      popupContainer.appendChild(location);
+      infos.push(location);
    }

    const url = makePopupUrl(event.event);
    if (url !== null) {
-      popupContainer.appendChild(url);
+      infos.push(url);
    }

-    popup.appendChild(popupContainer);
+    const tools = makePopupTools(event.event);
+    if (tools !== null) {
+      infos.push(tools);
+    }
+
+    const popup = document.createElement("div");
+    popup.setAttribute("id", "event-details");
+    render(html`<div class="event-details-container">${infos}</div>`, popup);

    // We can't just add the element relative to the one we want to appear under
    // Otherwise, it either gets clipped by the boundaries of the calendar or resize cells
@ -155,23 +304,55 @@ export class IcsCalendar extends inheritHtmlElement("div") {
    this.calendar = new Calendar(this.node, {
      plugins: [dayGridPlugin, iCalendarPlugin, listPlugin],
      locales: [frLocale, enLocale],
+      customButtons: {
+        getCalendarLink: {
+          text: gettext("Copy calendar link"),
+          click: async (event: Event) => {
+            const button = event.target as HTMLButtonElement;
+            button.classList.add("text-copy");
+            button.setAttribute("tooltip-class", "calendar-copy-tooltip");
+            if (!button.hasAttribute("tooltip-position")) {
+              button.setAttribute("tooltip-position", "top");
+            }
+            if (button.classList.contains("text-copied")) {
+              button.classList.remove("text-copied");
+            }
+            button.setAttribute("tooltip", gettext("Link copied"));
+            navigator.clipboard.writeText(
+              new URL(
+                await makeUrl(calendarCalendarInternal),
+                window.location.origin,
+              ).toString(),
+            );
+            setTimeout(() => {
+              button.setAttribute("tooltip-class", "calendar-copy-tooltip text-copied");
+              button.classList.remove("text-copied");
+              button.classList.add("text-copied");
+              button.classList.remove("text-copy");
+            }, 1500);
+          },
+        },
+        helpButton: {
+          text: "?",
+          hint: gettext("How to use calendar link"),
+          click: () => {
+            if (this.helpUrl) {
+              window.open(this.helpUrl, "_blank");
+            }
+          },
+        },
+      },
      height: "auto",
      locale: this.locale,
      initialView: this.currentView(),
-      headerToolbar: this.currentToolbar(),
-      eventSources: [
-        {
-          url: await makeUrl(calendarCalendarInternal),
-          format: "ics",
-        },
-        {
-          url: await makeUrl(calendarCalendarExternal),
-          format: "ics",
-        },
-      ],
+      headerToolbar: this.currentHeaderToolbar(),
+      footerToolbar: this.currentFooterToolbar(),
+      eventSources: await this.getEventSources(),
+      lazyFetching: false,
      windowResize: () => {
        this.calendar.changeView(this.currentView());
-        this.calendar.setOption("headerToolbar", this.currentToolbar());
+        this.calendar.setOption("headerToolbar", this.currentHeaderToolbar());
+        this.calendar.setOption("footerToolbar", this.currentFooterToolbar());
      },
      eventClick: (event) => {
        // Avoid our popup to be deleted because we clicked outside of it
--- a/com/static/bundled/com/moderation-alert-index.ts
+++ b/com/static/bundled/com/moderation-alert-index.ts
@ -0,0 +1,81 @@
+import { exportToHtml } from "#core:utils/globals";
+import { newsDeleteNews, newsFetchNewsDates, newsPublishNews } from "#openapi";
+
+// This will be used in jinja templates,
+// so we cannot use real enums as those are purely an abstraction of Typescript
+const AlertState = {
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  PENDING: 1,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  PUBLISHED: 2,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  DELETED: 3,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  DISPLAYED: 4, // When published at page generation
+};
+exportToHtml("AlertState", AlertState);
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("moderationAlert", (newsId: number) => ({
+    state: AlertState.PENDING,
+    newsId: newsId as number,
+    loading: false,
+
+    async publishNews() {
+      this.loading = true;
+      // biome-ignore lint/style/useNamingConvention: api is snake case
+      await newsPublishNews({ path: { news_id: this.newsId } });
+      this.state = AlertState.PUBLISHED;
+      this.$dispatch("news-moderated", { newsId: this.newsId, state: this.state });
+      this.loading = false;
+    },
+
+    async deleteNews() {
+      this.loading = true;
+      // biome-ignore lint/style/useNamingConvention: api is snake case
+      await newsDeleteNews({ path: { news_id: this.newsId } });
+      this.state = AlertState.DELETED;
+      this.$dispatch("news-moderated", { newsId: this.newsId, state: this.state });
+      this.loading = false;
+    },
+
+    /**
+     * Event receiver for when news dates are moderated.
+     *
+     * If the moderated date is linked to the same news
+     * as the one this moderation alert is attached to,
+     * then set the alert state to the same as the moderated one.
+     */
+    dispatchModeration(event: CustomEvent) {
+      if (event.detail.newsId === this.newsId) {
+        this.state = event.detail.state;
+      }
+    },
+
+    /**
+     * Query the server to know the number of news dates that would be moderated
+     * if this one is moderated.
+     */
+    async nbToPublish(): Promise<number> {
+      // What we want here is the count attribute of the response.
+      // We don't care about the actual results,
+      // so we ask for the minimum page size possible.
+      const response = await newsFetchNewsDates({
+        // biome-ignore lint/style/useNamingConvention: api is snake-case
+        query: { news_id: this.newsId, page: 1, page_size: 1 },
+      });
+      return response.data.count;
+    },
+
+    weeklyEventWarningMessage(nbEvents: number): string {
+      return interpolate(
+        gettext(
+          "This event will take place every week for %s weeks. " +
+            "If you publish or delete this event, " +
+            "it will also be published (or deleted) for the following weeks.",
+        ),
+        [nbEvents],
+      );
+    },
+  }));
+});
--- a/com/static/bundled/com/upcoming-news-loader-index.ts
+++ b/com/static/bundled/com/upcoming-news-loader-index.ts
@ -0,0 +1,71 @@
+import { type NewsDateSchema, newsFetchNewsDates } from "#openapi";
+
+interface ParsedNewsDateSchema extends Omit<NewsDateSchema, "start_date" | "end_date"> {
+  // biome-ignore lint/style/useNamingConvention: api is snake_case
+  start_date: Date;
+  // biome-ignore lint/style/useNamingConvention: api is snake_case
+  end_date: Date;
+}
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("upcomingNewsLoader", (startDate: Date, locale: string) => ({
+    startDate: startDate,
+    currentPage: 1,
+    pageSize: 6,
+    hasNext: true,
+    loading: false,
+    newsDates: [] as NewsDateSchema[],
+    dateFormat: new Intl.DateTimeFormat(locale, {
+      dateStyle: "medium",
+      timeStyle: "short",
+    }),
+
+    async loadMore() {
+      this.loading = true;
+      const response = await newsFetchNewsDates({
+        query: {
+          after: this.startDate.toISOString(),
+          // biome-ignore lint/style/useNamingConvention: api is snake_case
+          text_format: "html",
+          page: this.currentPage,
+          // biome-ignore lint/style/useNamingConvention: api is snake_case
+          page_size: this.pageSize,
+        },
+      });
+      if (response.response.status === 404) {
+        this.hasNext = false;
+      } else if (response.data.next === null) {
+        this.newsDates.push(...response.data.results);
+        this.hasNext = false;
+      } else {
+        this.newsDates.push(...response.data.results);
+        this.currentPage += 1;
+      }
+      this.loading = false;
+    },
+
+    groupedDates(): Record<string, NewsDateSchema[]> {
+      return this.newsDates
+        .map(
+          (date: NewsDateSchema): ParsedNewsDateSchema => ({
+            ...date,
+            // biome-ignore lint/style/useNamingConvention: api is snake_case
+            start_date: new Date(date.start_date),
+            // biome-ignore lint/style/useNamingConvention: api is snake_case
+            end_date: new Date(date.end_date),
+          }),
+        )
+        .reduce(
+          (acc: Record<string, ParsedNewsDateSchema[]>, date: ParsedNewsDateSchema) => {
+            const key = date.start_date.toDateString();
+            if (!acc[key]) {
+              acc[key] = [];
+            }
+            acc[key].push(date);
+            return acc;
+          },
+          {},
+        );
+    },
+  }));
+});
--- a/com/static/com/components/ics-calendar.scss
+++ b/com/static/com/components/ics-calendar.scss
@ -1,4 +1,5 @@
@import "core/static/core/colors";
+@import "core/static/core/tooltips";


 :root {
@ -75,7 +76,7 @@ ics-calendar {
  }

  td {
-    overflow-x: visible; // Show events on multiple days
+    overflow: visible; // Show events on multiple days
  }

  //Reset from style.scss
@ -98,4 +99,51 @@ ics-calendar {
      background: white;
    }
  }
+
+  .fc .fc-toolbar.fc-footer-toolbar {
+    margin-bottom: 0.5em;
+  }
+
+  button.text-copy,
+  button.text-copy:focus,
+  button.text-copy:hover {
+    background-color: #67AE6E !important;
+    transition: 500ms ease-in;
+  }
+
+  button.text-copied,
+  button.text-copied:focus,
+  button.text-copied:hover {
+    transition: 500ms ease-out;
+  }
+
+  .fc .fc-getCalendarLink-button {
+    margin-right: 0.5rem;
+  }
+
+  .fc .fc-helpButton-button {
+    border-radius: 70%;
+    padding-left: 0.5rem;
+    padding-right: 0.5rem;
+    background-color: rgba(0, 0, 0, 0.8);
+    transition: 100ms ease-out;
+    width: 30px;
+    height: 30px;
+    font-size: 11px;
+  }
+
+
+  .fc .fc-helpButton-button:hover {
+    background-color: rgba(20, 20, 20, 0.6);
+  }
+}
+
+.tooltip.calendar-copy-tooltip {
+  opacity: 1;
+  transition: opacity 500ms ease-in;
+}
+
+.tooltip.calendar-copy-tooltip.text-copied {
+  opacity: 0;
+  transition: opacity 500ms ease-out;
 }
--- a/com/static/com/css/news-list.scss
+++ b/com/static/com/css/news-list.scss
@ -36,6 +36,11 @@
    &:not(:first-of-type) {
      margin: 2em 0 1em 0;
    }
+
+    .feed {
+      float: right;
+      color: #f26522;
+    }
  }

  @media screen and (max-width: $small-devices) {
@ -46,6 +51,22 @@
    }
  }

+  /* UPCOMING EVENTS */
+
+  #upcoming-events {
+    max-height: 600px;
+    overflow-y: scroll;
+    overflow-x: clip;
+
+    #load-more-news-button {
+      text-align: center;
+
+      button {
+        width: 150px;
+      }
+    }
+  }
+
  /* LINKS/BIRTHDAYS */
  #links,
  #birthdays {
@ -166,55 +187,26 @@
      }

      .news_event {
-        display: block;
-        padding: 0.4em;
+        display: flex;
+        flex-direction: column;
+        gap: .5em;
+        padding: 1em;

-        &:not(:last-child) {
-          border-bottom: 1px solid grey;
+        header {
+          img {
+            height: 75px;
          }

-        div {
-          margin: 0.2em;
-        }
+          .header_content {
+            display: flex;
+            flex-direction: column;
+            justify-content: center;
+            gap: .2rem;

            h4 {
-          margin-top: 1em;
+              margin-top: 0;
              text-transform: uppercase;
            }
-
-        .club_logo {
-          float: left;
-          min-width: 7em;
-          max-width: 9em;
-          margin: 0;
-          margin-right: 1em;
-          margin-top: 0.8em;
-
-          img {
-            max-height: 6em;
-            max-width: 8em;
-            display: block;
-            margin: 0 auto;
-          }
-        }
-
-        .news_date {
-          font-size: 100%;
-        }
-
-        .news_content {
-          clear: left;
-
-          .button_bar {
-            text-align: right;
-
-            .fb {
-              color: $faceblue;
-            }
-
-            .twitter {
-              color: $twitblue;
-            }
          }
        }
      }
@ -223,70 +215,6 @@

  /* END EVENTS TODAY AND NEXT FEW DAYS */

-  /* COMING SOON */
-  .news_coming_soon {
-    display: list-item;
-    list-style-type: square;
-    list-style-position: inside;
-    margin-left: 1em;
-    padding-left: 0;
-
-    a {
-      font-weight: bold;
-      text-transform: uppercase;
-    }
-
-    .news_date {
-      font-size: 0.9em;
-    }
-  }
-
-  /* END COMING SOON */
-
-  /* NOTICES */
-  .news_notice {
-    margin: 0 0 1em 1em;
-    padding: 0.4em;
-    padding-left: 1em;
-    background: $secondary-neutral-light-color;
-    box-shadow: $shadow-color 0 0 2px;
-    border-radius: 18px 5px 18px 5px;
-
-    h4 {
-      margin: 0;
-    }
-
-    .news_content {
-      margin-left: 1em;
-    }
-  }
-
-  /* END NOTICES */
-
-  /* CALLS */
-  .news_call {
-    margin: 0 0 1em 1em;
-    padding: 0.4em;
-    padding-left: 1em;
-    background: $secondary-neutral-light-color;
-    border: 1px solid grey;
-    box-shadow: $shadow-color 1px 1px 1px;
-
-    h4 {
-      margin: 0;
-    }
-
-    .news_date {
-      font-size: 0.9em;
-    }
-
-    .news_content {
-      margin-left: 1em;
-    }
-  }
-
-  /* END CALLS */
-
  .news_empty {
    margin-left: 1em;
  }
--- a/com/templates/com/macros.jinja
+++ b/com/templates/com/macros.jinja
@ -0,0 +1,127 @@
+{% macro news_moderation_alert(news, user, alpineState = None) %}
+    {# An alert to display on top of unpublished news,
+    with actions to either publish or delete them.
+
+    The current state of the alert is accessible through
+    the given `alpineState` variable.
+    This state is a `AlertState`, as defined in `moderation-alert-index.ts`
+
+    This comes in three flavours :
+    - You can pass the `News` object itself to the macro.
+      In this case, if `request.user` can publish news,
+      it will perform an additional db query to know if it is a recurring event.
+    - You can also give only the news id.
+      In this case, a server request will be issued to know
+      if it is a recurring event.
+    - Finally, you can pass the name of an alpine variable, which value is the id.
+      In this case, a server request will be issued to know
+      if it is a recurring event.
+
+    Example with full `News` object :
+    ```jinja
+    <div x-data="{state: AlertState.PENDING}">
+      {{ news_moderation_alert(news, user, "state") }}
+    </div>
+    ```
+    With an id :
+    ```jinja
+    <div x-data="{state: AlertState.PENDING}">
+      {{ news_moderation_alert(news.id, user, "state") }}
+    </div>
+    ```
+    An with an alpine variable
+    ```jinja
+    <div x-data="{state: AlertState.PENDING, newsId: {{ news.id }}">
+      {{ news_moderation_alert("newsId", user, "state") }}
+    </div>
+    ```
+
+
+    Args:
+        news: (News | int | string)
+          Either the `News` object to which this alert is related,
+          or its id, or the name of an Alpine which value is its id
+        user: The request.user
+        alpineState: An alpine variable name
+
+    Warning:
+        If you use this macro, you must also include `moderation-alert-index.ts`
+        in your template.
+    #}
+  <div
+    {% if news is integer or news is string %}
+      x-data="moderationAlert({{ news }})"
+    {% else %}
+      x-data="moderationAlert({{ news.id }})"
+    {% endif %}
+    {# the news-moderated is received when a moderation alert is deleted or moderated #}
+    @news-moderated.window="dispatchModeration($event)"
+    {% if alpineState %}
+      x-model="{{ alpineState }}"
+      x-modelable="state"
+    {% endif %}
+  >
+    <template x-if="state === AlertState.PENDING">
+      <div class="alert alert-yellow">
+        <div class="alert-main">
+          <strong>{% trans %}Waiting publication{% endtrans %}</strong>
+          <p>
+            {% trans trimmed %}
+              This news isn't published and is visible
+              only by its author and the communication admins.
+            {% endtrans %}
+          </p>
+          <p>
+            {% trans trimmed %}
+              It will stay hidden for other users until it has been published.
+            {% endtrans %}
+          </p>
+          {% if user.has_perm("com.moderate_news") %}
+            {# This is an additional query for each non-moderated news,
+            but it will be executed only for admin users, and only one time
+            (if they do their job and moderated news as soon as they see them),
+            so it's still reasonable #}
+            <div
+              {% if news is integer or news is string %}
+                x-data="{ nbEvents: 0 }"
+                x-init="nbEvents = await nbToPublish()"
+              {% else %}
+                x-data="{ nbEvents: {{ news.dates.count() }} }"
+              {% endif %}
+            >
+              <template x-if="nbEvents > 1">
+                <div>
+                  <br>
+                  <strong>{% trans %}Weekly event{% endtrans %}</strong>
+                  <p x-text="weeklyEventWarningMessage(nbEvents)"></p>
+                </div>
+              </template>
+            </div>
+          {% endif %}
+        </div>
+        {% if user.has_perm("com.moderate_news") %}
+          <span class="alert-aside" :aria-busy="loading">
+            <button class="btn btn-green" @click="publishNews()" :disabled="loading">
+              <i class="fa fa-check"></i> {% trans %}Publish{% endtrans %}
+            </button>
+        {% endif %}
+        {% if user.has_perm("com.delete_news") %}
+          <button class="btn btn-red" @click="deleteNews()" :disabled="loading">
+            <i class="fa fa-trash-can"></i> {% trans %}Delete{% endtrans %}
+          </button>
+          </span>
+        {% endif %}
+      </div>
+    </template>
+    <template x-if="state === AlertState.PUBLISHED">
+      <div class="alert alert-green">
+        {% trans %}News published{% endtrans %}
+      </div>
+    </template>
+    <template x-if="state === AlertState.DELETED">
+      <div class="alert alert-red">
+        {% trans %}News deleted{% endtrans %}
+      </div>
+    </template>
+  </div>
+{% endmacro %}
--- a/com/templates/com/news_admin_list.jinja
+++ b/com/templates/com/news_admin_list.jinja
@ -10,78 +10,13 @@

  <p><a href="{{ url('com:news_new') }}">{% trans %}Create news{% endtrans %}</a></p>

-  <hr />
-  <h4>{% trans %}Notices{% endtrans %}</h4>
-  {% set notices = object_list.filter(type="NOTICE").distinct().order_by('id') %}
-  <h5>{% trans %}Displayed notices{% endtrans %}</h5>
-  <table>
-    <thead>
-      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
-        <td>{% trans %}Title{% endtrans %}</td>
-        <td>{% trans %}Summary{% endtrans %}</td>
-        <td>{% trans %}Club{% endtrans %}</td>
-        <td>{% trans %}Author{% endtrans %}</td>
-        <td>{% trans %}Moderator{% endtrans %}</td>
-        <td>{% trans %}Actions{% endtrans %}</td>
-      </tr>
-    </thead>
-    <tbody>
-      {% for news in notices.filter(is_moderated=True) %}
-        <tr>
-          <td>{{ news.get_type_display() }}</td>
-          <td>{{ news.title }}</td>
-          <td>{{ news.summary|markdown }}</td>
-          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
-          <td>{{ user_profile_link(news.author) }}</td>
-          <td>{{ user_profile_link(news.moderator) }}</td>
-          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
-            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}?remove">{% trans %}Remove{% endtrans %}</a>
-            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-  <h5>{% trans %}Notices to moderate{% endtrans %}</h5>
-  <table>
-    <thead>
-      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
-        <td>{% trans %}Title{% endtrans %}</td>
-        <td>{% trans %}Summary{% endtrans %}</td>
-        <td>{% trans %}Club{% endtrans %}</td>
-        <td>{% trans %}Author{% endtrans %}</td>
-        <td>{% trans %}Actions{% endtrans %}</td>
-      </tr>
-    </thead>
-    <tbody>
-      {% for news in notices.filter(is_moderated=False) %}
-        <tr>
-          <td>{{ news.get_type_display() }}</td>
-          <td>{{ news.title }}</td>
-          <td>{{ news.summary|markdown }}</td>
-          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
-          <td>{{ user_profile_link(news.author) }}</td>
-          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
-            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Moderate{% endtrans %}</a>
-            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-
  <hr />
  <h4>{% trans %}Weeklies{% endtrans %}</h4>
-  {% set weeklies = object_list.filter(type="WEEKLY", dates__end_date__gte=timezone.now()).distinct().order_by('id') %}
+  {% set weeklies = object_list.filter(dates__end_date__gte=timezone.now()).distinct().order_by('id') %}
  <h5>{% trans %}Displayed weeklies{% endtrans %}</h5>
  <table>
    <thead>
      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
        <td>{% trans %}Title{% endtrans %}</td>
        <td>{% trans %}Summary{% endtrans %}</td>
        <td>{% trans %}Club{% endtrans %}</td>
@ -92,9 +27,8 @@
      </tr>
    </thead>
    <tbody>
-      {% for news in weeklies.filter(is_moderated=True) %}
+      {% for news in weeklies.filter(is_published=True) %}
        <tr>
-          <td>{{ news.get_type_display() }}</td>
          <td>{{ news.title }}</td>
          <td>{{ news.summary|markdown }}</td>
          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
@ -113,7 +47,7 @@
          </td>
          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}?remove">{% trans %}Remove{% endtrans %}</a>
+            <a href="{{ url('com:news_moderate', news_id=news.id) }}?remove">{% trans %}Unpublish{% endtrans %}</a>
            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
          </td>
        </tr>
@ -124,7 +58,6 @@
  <table>
    <thead>
      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
        <td>{% trans %}Title{% endtrans %}</td>
        <td>{% trans %}Summary{% endtrans %}</td>
        <td>{% trans %}Club{% endtrans %}</td>
@ -134,9 +67,8 @@
      </tr>
    </thead>
    <tbody>
-      {% for news in weeklies.filter(is_moderated=False) %}
+      {% for news in weeklies.filter(is_published=False) %}
        <tr>
-          <td>{{ news.get_type_display() }}</td>
          <td>{{ news.title }}</td>
          <td>{{ news.summary|markdown }}</td>
          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
@ -154,98 +86,20 @@
          </td>
          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Moderate{% endtrans %}</a>
+            <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Publish{% endtrans %}</a>
            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
          </td>
        </tr>
      {% endfor %}
    </tbody>
  </table>
-
-  <hr />
-  <h4>{% trans %}Calls{% endtrans %}</h4>
-  {% set calls = object_list.filter(type="CALL", dates__end_date__gte=timezone.now()).distinct().order_by('id') %}
-  <h5>{% trans %}Displayed calls{% endtrans %}</h5>
-  <table>
-    <thead>
-      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
-        <td>{% trans %}Title{% endtrans %}</td>
-        <td>{% trans %}Summary{% endtrans %}</td>
-        <td>{% trans %}Club{% endtrans %}</td>
-        <td>{% trans %}Author{% endtrans %}</td>
-        <td>{% trans %}Moderator{% endtrans %}</td>
-        <td>{% trans %}Start{% endtrans %}</td>
-        <td>{% trans %}End{% endtrans %}</td>
-        <td>{% trans %}Actions{% endtrans %}</td>
-      </tr>
-    </thead>
-    <tbody>
-      {% for news in calls.filter(is_moderated=True) %}
-        <tr>
-          <td>{{ news.get_type_display() }}</td>
-          <td>{{ news.title }}</td>
-          <td>{{ news.summary|markdown }}</td>
-          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
-          <td>{{ user_profile_link(news.author) }}</td>
-          <td>{{ user_profile_link(news.moderator) }}</td>
-          <td>{{ news.dates.first().start_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</td>
-          <td>{{ news.dates.first().end_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</td>
-          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
-            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}?remove">{% trans %}Remove{% endtrans %}</a>
-            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-  <h5>{% trans %}Calls to moderate{% endtrans %}</h5>
-  <table>
-    <thead>
-      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
-        <td>{% trans %}Title{% endtrans %}</td>
-        <td>{% trans %}Summary{% endtrans %}</td>
-        <td>{% trans %}Club{% endtrans %}</td>
-        <td>{% trans %}Author{% endtrans %}</td>
-        <td>{% trans %}Start{% endtrans %}</td>
-        <td>{% trans %}End{% endtrans %}</td>
-        <td>{% trans %}Actions{% endtrans %}</td>
-      </tr>
-    </thead>
-    <tbody>
-      {% for news in calls.filter(is_moderated=False) %}
-        <tr>
-          <td>{{ news.get_type_display() }}</td>
-          <td>{{ news.title }}</td>
-          <td>{{ news.summary|markdown }}</td>
-          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
-          <td>{{ user_profile_link(news.author) }}</td>
-          <td>{{ news.dates.first().start_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</td>
-          <td>{{ news.dates.first().end_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</td>
-          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
-            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Moderate{% endtrans %}</a>
-            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-
  <hr />
  <h4>{% trans %}Events{% endtrans %}</h4>
-  {% set events = object_list.filter(type="EVENT", dates__end_date__gte=timezone.now()).distinct().order_by('id') %}
+  {% set events = object_list.filter(dates__end_date__gte=timezone.now()).order_by('id') %}
  <h5>{% trans %}Displayed events{% endtrans %}</h5>
  <table>
    <thead>
      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
        <td>{% trans %}Title{% endtrans %}</td>
        <td>{% trans %}Summary{% endtrans %}</td>
        <td>{% trans %}Club{% endtrans %}</td>
@ -257,21 +111,20 @@
      </tr>
    </thead>
    <tbody>
-      {% for news in events.filter(is_moderated=True) %}
+      {% for news in events.filter(is_published=True) %}
        <tr>
-          <td>{{ news.get_type_display() }}</td>
          <td>{{ news.title }}</td>
          <td>{{ news.summary|markdown }}</td>
          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
          <td>{{ user_profile_link(news.author) }}</td>
          <td>{{ user_profile_link(news.moderator) }}</td>
-          <td>{{ news.dates.first().start_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</td>
-          <td>{{ news.dates.first().end_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</td>
+          <td>{{ news.dates.all()[0].start_date|localtime|date(DATETIME_FORMAT) }}
+            {{ news.dates.all()[0].start_date|localtime|time(DATETIME_FORMAT) }}</td>
+          <td>{{ news.dates.all()[0].end_date|localtime|date(DATETIME_FORMAT) }}
+            {{ news.dates.all()[0].end_date|localtime|time(DATETIME_FORMAT) }}</td>
          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}?remove">{% trans %}Remove{% endtrans %}</a>
+            <a href="{{ url('com:news_moderate', news_id=news.id) }}?remove">{% trans %}Unpublish{% endtrans %}</a>
            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
          </td>
        </tr>
@ -282,7 +135,6 @@
  <table>
    <thead>
      <tr>
-        <td>{% trans %}Type{% endtrans %}</td>
        <td>{% trans %}Title{% endtrans %}</td>
        <td>{% trans %}Summary{% endtrans %}</td>
        <td>{% trans %}Club{% endtrans %}</td>
@ -293,20 +145,19 @@
      </tr>
    </thead>
    <tbody>
-      {% for news in events.filter(is_moderated=False) %}
+      {% for news in events.filter(is_published=False) %}
        <tr>
-          <td>{{ news.get_type_display() }}</td>
          <td>{{ news.title }}</td>
          <td>{{ news.summary|markdown }}</td>
          <td><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></td>
          <td>{{ user_profile_link(news.author) }}</td>
-          <td>{{ news.dates.first().start_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</td>
-          <td>{{ news.dates.first().end_date|localtime|date(DATETIME_FORMAT) }}
-            {{ news.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</td>
+          <td>{{ news.dates.all()[0].start_date|localtime|date(DATETIME_FORMAT) }}
+            {{ news.dates.all()[0].start_date|localtime|time(DATETIME_FORMAT) }}</td>
+          <td>{{ news.dates.all()[0].end_date|localtime|date(DATETIME_FORMAT) }}
+            {{ news.dates.all()[0].end_date|localtime|time(DATETIME_FORMAT) }}</td>
          <td><a href="{{ url('com:news_detail', news_id=news.id) }}">{% trans %}View{% endtrans %}</a>
            <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit{% endtrans %}</a>
-            <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Moderate{% endtrans %}</a>
+            <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Publish{% endtrans %}</a>
            <a href="{{ url('com:news_delete', news_id=news.id) }}">{% trans %}Delete{% endtrans %}</a>
          </td>
        </tr>
--- a/com/templates/com/news_detail.jinja
+++ b/com/templates/com/news_detail.jinja
@ -1,5 +1,6 @@
 {% extends "core/base.jinja" %}
 {% from 'core/macros.jinja' import user_profile_link, facebook_share, tweet, link_news_logo, gen_news_metatags %}
+{% from "com/macros.jinja" import news_moderation_alert %}

 {% block title %}
  {% trans %}News{% endtrans %} -
@ -16,19 +17,28 @@
  <link rel="stylesheet" href="{{ static('com/css/news-detail.scss') }}">
 {% endblock %}

+{% block additional_js %}
+  <script type="module" src={{ static("bundled/com/moderation-alert-index.ts") }}></script>
+{% endblock %}
+
 {% block content %}
  <p><a href="{{ url('com:news_list') }}">{% trans %}Back to news{% endtrans %}</a></p>
-  <section id="news_details">
+  <div x-data="{newsState: AlertState.PENDING}">
+
+    {% if not news.is_published %}
+      {{ news_moderation_alert(news, user, "newsState") }}
+    {% endif %}
+    <article id="news_details" x-show="newsState !== AlertState.DELETED">
      <div class="club_logo">
        <img src="{{ link_news_logo(news)}}" alt="{{ news.club }}" />
        <a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a>
      </div>
      <h4>{{ news.title }}</h4>
      <p class="date">
-      <span>{{ news.dates.first().start_date|localtime|date(DATETIME_FORMAT) }}
-        {{ news.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</span> -
-      <span>{{ news.dates.first().end_date|localtime|date(DATETIME_FORMAT) }}
-        {{ news.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</span>
+        <time datetime="{{ date.start_date.isoformat(timespec="seconds") }}">{{ date.start_date|localtime|date(DATETIME_FORMAT) }}
+          {{ date.start_date|localtime|time(DATETIME_FORMAT) }}</time> -
+        <time datetime="{{ date.end_date.isoformat(timespec="seconds") }}">{{ date.end_date|localtime|date(DATETIME_FORMAT) }}
+          {{ date.end_date|localtime|time(DATETIME_FORMAT) }}</time>
      </p>
      <div class="news_content">
        <div><em>{{ news.summary|markdown }}</em></div>
@ -41,14 +51,15 @@
          {% if news.moderator %}
            <p>{% trans %}Moderator: {% endtrans %}{{ user_profile_link(news.moderator) }}</p>
          {% elif user.is_com_admin %}
-          <p> <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Moderate{% endtrans %}</a></p>
+            <p> <a href="{{ url('com:news_moderate', news_id=news.id) }}">{% trans %}Publish{% endtrans %}</a></p>
          {% endif %}
          {% if user.can_edit(news) %}
            <p> <a href="{{ url('com:news_edit', news_id=news.id) }}">{% trans %}Edit (will be moderated again){% endtrans %}</a></p>
          {% endif %}
        </div>
      </div>
-  </section>
+    </article>
+  </div>
 {% endblock %}


--- a/com/templates/com/news_edit.jinja
+++ b/com/templates/com/news_edit.jinja
@ -10,21 +10,6 @@
 {% endblock %}

 {% block content %}
-  {% if 'preview' in request.POST.keys() %}
-    <section class="news_event">
-      <h4>{{ form.instance.title }}</h4>
-      <p class="date">
-        <span>{{ form.instance.dates.first().start_date|localtime|date(DATETIME_FORMAT) }}
-          {{ form.instance.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</span> -
-        <span>{{ form.instance.dates.first().end_date|localtime|date(DATETIME_FORMAT) }}
-          {{ form.instance.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</span>
-      </p>
-      <p><a href="#">{{ form.instance.club or "Club" }}</a></p>
-      <div>{{ form.instance.summary|markdown }}</div>
-      <div>{{ form.instance.content|markdown }}</div>
-      <p>{% trans %}Author: {% endtrans %} {{ user_profile_link(form.instance.author) }}</p>
-    </section>
-  {% endif %}
  {% if object %}
    <h2>{% trans %}Edit news{% endtrans %}</h2>
  {% else %}
@ -33,103 +18,73 @@
  <form action="" method="post">
    {% csrf_token %}
    {{ form.non_field_errors() }}
-    {{ form.author }}
-    <p>
-      {{ form.type.errors }}
-      <label for="{{ form.type.name }}" class="required">{{ form.type.label }}</label>
-      <ul>
-        <li>{% trans %}Notice: Information, election result - no date{% endtrans %}</li>
-        <li>{% trans %}Event: punctual event, associated with one date{% endtrans %}</li>
-        <li>
-          {% trans trimmed%}
-            Weekly: recurrent event, associated with many dates
-            (specify the first one, and a deadline)
-          {% endtrans %}
-        </li>
-        <li>
-          {% trans trimmed %}
-            Call: long time event, associated with a long date (like election appliance)
-          {% endtrans %}
-        </li>
-      </ul>
-      {{ form.type }}
-    </p>
-    <p class="date">
-      {{ form.start_date.errors }}
-      <label for="{{ form.start_date.name }}">{{ form.start_date.label }}</label>
-      {{ form.start_date }}
-    </p>
-    <p class="date">
-      {{ form.end_date.errors }}
-      <label for="{{ form.end_date.name }}">{{ form.end_date.label }}</label>
-      {{ form.end_date }}
-    </p>
-    <p class="until">
-      {{ form.until.errors }}
-      <label for="{{ form.until.name }}">{{ form.until.label }}</label>
-      {{ form.until }}
-    </p>
-    <p>
+    <fieldset>
      {{ form.title.errors }}
-      <label for="{{ form.title.name }}" class="required">{{ form.title.label }}</label>
+      {{ form.title.label_tag() }}
      {{ form.title }}
-    </p>
-    <p>
+    </fieldset>
+    <fieldset>
      {{ form.club.errors }}
-      <label for="{{ form.club.name }}" class="required">{{ form.club.label }}</label>
+      {{ form.club.label_tag() }}
      <span class="helptext">{{ form.club.help_text }}</span>
      {{ form.club }}
-    </p>
-    <p>
+    </fieldset>
+    {{ form.date_form.non_field_errors() }}
+    <div
+      class="row gap-2x"
+      x-data="{startDate: '{{ form.date_form.start_date.value() }}'}"
+    >
+        {# startDate is used to dynamically ensure end_date >= start_date,
+        whatever the value of start_date #}
+      <fieldset>
+        {{ form.date_form.start_date.errors }}
+        {{ form.date_form.start_date.label_tag() }}
+        <span class="helptext">{{ form.date_form.start_date.help_text }}</span>
+        {{ form.date_form.start_date|add_attr("x-model=startDate") }}
+      </fieldset>
+      <fieldset>
+        {{ form.date_form.end_date.errors }}
+        {{ form.date_form.end_date.label_tag() }}
+        <span class="helptext">{{ form.date_form.end_date.help_text }}</span>
+        {{ form.date_form.end_date|add_attr(":min=startDate") }}
+      </fieldset>
+    </div>
+    {# lower to convert True and False to true and false #}
+    <div x-data="{isWeekly: {{ form.date_form.is_weekly.value()|lower }}}">
+      <fieldset>
+        <div class="row gap">
+          {{ form.date_form.is_weekly|add_attr("x-model=isWeekly") }}
+          <div>
+            {{ form.date_form.is_weekly.label_tag() }}
+            <span class="helptext">{{ form.date_form.is_weekly.help_text }}</span>
+          </div>
+        </div>
+      </fieldset>
+      <fieldset x-show="isWeekly" x-transition x-cloak>
+        {{ form.date_form.occurrences.label_tag() }}
+        <span class="helptext">{{ form.date_form.occurrences.help_text }}</span>
+        {{ form.date_form.occurrences }}
+      </fieldset>
+    </div>
+    <fieldset>
      {{ form.summary.errors }}
-      <label for="{{ form.summary.name }}" class="required">{{ form.summary.label }}</label>
+      {{ form.summary.label_tag() }}
      <span class="helptext">{{ form.summary.help_text }}</span>
      {{ form.summary }}
-    </p>
-    <p>
+    </fieldset>
+    <fieldset>
      {{ form.content.errors }}
-      <label for="{{ form.content.name }}">{{ form.content.label }}</label>
+      {{ form.content.label_tag() }}
      <span class="helptext">{{ form.content.help_text }}</span>
      {{ form.content }}
-    </p>
-    {% if user.is_com_admin %}
-      <p>
-        {{ form.automoderation.errors }}
-        <label for="{{ form.automoderation.name }}">{{ form.automoderation.label }}</label>
-        {{ form.automoderation }}
-      </p>
+    </fieldset>
+    {% if user.is_root or user.is_com_admin %}
+      <fieldset>
+        {{ form.auto_publish.errors }}
+        {{ form.auto_publish }}
+        {{ form.auto_publish.label_tag() }}
+      </fieldset>
    {% endif %}
-    <p><input type="submit" name="preview" value="{% trans %}Preview{% endtrans %}"/></p>
-    <p><input type="submit" value="{% trans %}Save{% endtrans %}"/></p>
+    <p><input type="submit" value="{% trans %}Save{% endtrans %}" class="btn btn-blue"/></p>
  </form>
 {% endblock %}
-
-{% block script %}
-  {{ super() }}
-  <script>
-    $(function () {
-      let type = $('input[name=type]');
-      let dates = $('.date');
-      let until = $('.until');
-
-      function update_targets() {
-        const type_checked = $('input[name=type]:checked');
-        if (["CALL", "EVENT"].includes(type_checked.val())) {
-          dates.show();
-          until.hide();
-        } else if (type_checked.val() === "WEEKLY") {
-          dates.show();
-          until.show();
-        } else {
-          dates.hide();
-          until.hide();
-        }
-      }
-
-      update_targets();
-      type.change(update_targets);
-    });
-  </script>
-{% endblock %}
-
-
--- a/com/templates/com/news_list.jinja
+++ b/com/templates/com/news_list.jinja
@ -1,5 +1,5 @@
 {% extends "core/base.jinja" %}
-{% from 'core/macros.jinja' import tweet_quick, fb_quick %}
+{% from "com/macros.jinja" import news_moderation_alert %}

 {% block title %}
  {% trans %}News{% endtrans %}
@ -8,98 +8,198 @@
 {% block additional_css %}
  <link rel="stylesheet" href="{{ static('com/css/news-list.scss') }}">
  <link rel="stylesheet" href="{{ static('com/components/ics-calendar.scss') }}">
+
+  {# Atom feed discovery, not really css but also goes there #}
+  <link rel="alternate" type="application/rss+xml" title="{% trans %}News feed{% endtrans %}" href="{{ url("com:news_feed") }}">
 {% endblock %}

 {% block additional_js %}
  <script type="module" src={{ static("bundled/com/components/ics-calendar-index.ts") }}></script>
+  <script type="module" src={{ static("bundled/com/moderation-alert-index.ts") }}></script>
+  <script type="module" src={{ static("bundled/com/upcoming-news-loader-index.ts") }}></script>
 {% endblock %}

 {% block content %}
-  {% if user.is_com_admin %}
-    <div id="news_admin">
-      <a class="button" href="{{ url('com:news_admin_list') }}">{% trans %}Administrate news{% endtrans %}</a>
-    </div>
-    <br>
-  {% endif  %}
-
  <div id="news">
    <div id="left_column" class="news_column">
-      {% for news in object_list.filter(type="NOTICE") %}
-        <section class="news_notice">
-          <h4><a href="{{ url('com:news_detail', news_id=news.id) }}">{{ news.title }}</a></h4>
-          <div class="news_content">{{ news.summary|markdown }}</div>
-        </section>
-      {% endfor %}
-
-      {% for news in object_list.filter(dates__start_date__lte=timezone.now(), dates__end_date__gte=timezone.now(), type="CALL") %}
-        <section class="news_call">
-          <h4> <a href="{{ url('com:news_detail', news_id=news.id) }}">{{ news.title }}</a></h4>
-          <div class="news_date">
-            <span>{{ news.dates.first().start_date|localtime|date(DATETIME_FORMAT) }}
-              {{ news.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</span> -
-            <span>{{ news.dates.first().end_date|localtime|date(DATETIME_FORMAT) }}
-              {{ news.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</span>
-          </div>
-          <div class="news_content">{{ news.summary|markdown }}</div>
-        </section>
-      {% endfor %}
-
-      {% set events_dates = NewsDate.objects.filter(end_date__gte=timezone.now(), start_date__lte=timezone.now()+timedelta(days=5), news__type="EVENT", news__is_moderated=True).datetimes('start_date', 'day') %}
-      <h3>{% trans %}Events today and the next few days{% endtrans %}</h3>
-      {% if events_dates %}
-        {% for d in events_dates %}
-          <div class="news_events_group">
-            <div class="news_events_group_date">
-              <div>
-                <div>{{ d|localtime|date('D') }}</div>
-                <div class="day">{{ d|localtime|date('d') }}</div>
-                <div>{{ d|localtime|date('b') }}</div>
-              </div>
-            </div>
-            <div class="news_events_group_items">
-              {% for news in object_list.filter(dates__start_date__gte=d,
-              dates__start_date__lte=d+timedelta(days=1),
-              type="EVENT").exclude(dates__end_date__lt=timezone.now())
-              .order_by('dates__start_date') %}
-              <section class="news_event">
-                <div class="club_logo">
-                  {% if news.club.logo %}
-                    <img src="{{ news.club.logo.url }}" alt="{{ news.club }}" />
-                  {% else %}
-                    <img src="{{ static("com/img/news.png") }}" alt="{{ news.club }}" />
+      <h3>
+        {% trans %}Events today and the next few days{% endtrans %}
+        <a target="#" href="{{ url("com:news_feed") }}"><i class="fa fa-rss feed"></i></a>
+      </h3>
+      {% if user.is_authenticated and (user.is_com_admin or user.memberships.board().ongoing().exists()) %}
+        <a class="btn btn-blue margin-bottom" href="{{ url("com:news_new") }}">
+          <i class="fa fa-plus"></i>
+          {% trans %}Create news{% endtrans %}
+        </a>
      {% endif %}
-                </div>
-                <h4> <a href="{{ url('com:news_detail', news_id=news.id) }}">{{ news.title }}</a></h4>
-                <div><a href="{{ news.club.get_absolute_url() }}">{{ news.club }}</a></div>
-                <div class="news_date">
-                  <span>{{ news.dates.first().start_date|localtime|time(DATETIME_FORMAT) }}</span> -
-                  <span>{{ news.dates.first().end_date|localtime|time(DATETIME_FORMAT) }}</span>
-                </div>
-                <div class="news_content">{{ news.summary|markdown }}
-                  <div class="button_bar">
-                    {{ fb_quick(news) }}
-                    {{ tweet_quick(news) }}
-                  </div>
-                </div>
-              </section>
-        {% endfor %}
-        </div>
-        </div>
-      {% endfor %}
-{% else %}
+      {% if user.is_com_admin %}
+        <a class="btn btn-blue" href="{{ url('com:news_admin_list') }}">
+          {% trans %}Administrate news{% endtrans %}
+        </a>
+        <br>
+      {% endif %}
+      <section id="upcoming-events">
+        {% if not news_dates %}
          <div class="news_empty">
            <em>{% trans %}Nothing to come...{% endtrans %}</em>
          </div>
-{% endif %}
+        {% else %}
+          {% for day, dates_group in news_dates.items() %}
+            <div class="news_events_group">
+              <div class="news_events_group_date">
+                <div>
+                  <div>{{ day|date('D') }}</div>
+                  <div class="day">{{ day|date('d') }}</div>
+                  <div>{{ day|date('b') }}</div>
+                </div>
+              </div>
+              <div class="news_events_group_items">
+                {% for date in dates_group %}
+                  <article
+                    class="news_event"
+                    {%- if not date.news.is_published -%}
+                      x-data="{newsState: AlertState.PENDING}"
+                    {% else %}
+                      x-data="{newsState: AlertState.DISPLAYED}"
+                    {%- endif -%}
+                  >
+                    {# if a non published news is in the object list,
+                    the logged user is either an admin or the news author #}
+                    {{ news_moderation_alert(date.news, user, "newsState") }}
+                    <div
+                      x-show="newsState !== AlertState.DELETED"
+                    >
+                      <header class="row gap">
+                        {% if date.news.club.logo %}
+                          <img src="{{ date.news.club.logo.url }}" alt="{{ date.news.club }}"/>
+                        {% else %}
+                          <img src="{{ static("com/img/news.png") }}" alt="{{ date.news.club }}"/>
+                        {% endif %}
+                        <div class="header_content">
+                          <h4>
+                            <a href="{{ url('com:news_detail', news_id=date.news_id) }}">
+                              {{ date.news.title }}
+                            </a>
+                          </h4>
+                          <a href="{{ date.news.club.get_absolute_url() }}">{{ date.news.club }}</a>
+                          <div class="news_date">
+                            <time datetime="{{ date.start_date.isoformat(timespec="seconds") }}">
+                              {{ date.start_date|localtime|date(DATETIME_FORMAT) }},
+                              {{ date.start_date|localtime|time(DATETIME_FORMAT) }}
+                            </time> -
+                            <time datetime="{{ date.end_date.isoformat(timespec="seconds") }}">
+                              {{ date.end_date|localtime|date(DATETIME_FORMAT) }},
+                              {{ date.end_date|localtime|time(DATETIME_FORMAT) }}
+                            </time>
+                          </div>
+                        </div>
+                      </header>
+                      <div class="news_content markdown">
+                        {{ date.news.summary|markdown }}
+                      </div>
+                    </div>
+                  </article>
+                {% endfor %}
+              </div>
+            </div>
+          {% endfor %}
+          <div x-data="upcomingNewsLoader(new Date('{{ last_day + timedelta(days=1) }}'), '{{ get_language() }}')">
+            <template x-for="newsList in Object.values(groupedDates())">
+              <div class="news_events_group">
+                <div class="news_events_group_date">
+                  <div x-data="{day: newsList[0].start_date}">
+                    <div x-text="day.toLocaleString('{{ get_language() }}', { weekday: 'short' }).substring(0, 3)"></div>
+                    <div
+                      class="day"
+                      x-text="day.toLocaleString('{{ get_language() }}', { day: 'numeric' })"
+                    ></div>
+                    <div x-text="day.toLocaleString('{{ get_language() }}', { month: 'short' }).substring(0, 3)"></div>
+                  </div>
+                </div>
+                <div class="news_events_group_items">
+                  <template x-for="newsDate in newsList" :key="newsDate.id">
+                    <article
+                      class="news_event"
+                      x-data="{ newsState: newsDate.news.is_published ? AlertState.PUBLISHED : AlertState.PENDING }"
+                    >
+                      <template x-if="!newsDate.news.is_published">
+                        {{ news_moderation_alert("newsDate.news.id", user, "newsState") }}
+                      </template>
+                      <div x-show="newsState !== AlertState.DELETED">
+                        <header class="row gap">
+                          <img
+                            :src="newsDate.news.club.logo || '{{ static("com/img/news.png") }}'"
+                            :alt="newsDate.news.club.name"
+                          />
+                          <div class="header_content">
+                            <h4>
+                              <a :href="newsDate.news.url" x-text="newsDate.news.title"></a>
+                            </h4>
+                            <a :href="newsDate.news.club.url" x-text="newsDate.news.club.name"></a>
+                            <div class="news_date">
+                              <time
+                                :datetime="newsDate.start_date.toISOString()"
+                                x-text="dateFormat.format(newsDate.start_date)"
+                              ></time> -
+                              <time
+                                :datetime="newsDate.end_date.toISOString()"
+                                x-text="dateFormat.format(newsDate.end_date)"
+                              ></time>
+                            </div>
+                          </div>
+                        </header>
+                        {# The API returns a summary in html.
+                           It's generated from our markdown subset, so it should be safe #}
+                        <div class="news_content markdown" x-html="newsDate.news.summary"></div>
+                      </div>
+                    </article>
+                  </template>
+                </div>
+              </div>
+            </template>

+            <div id="load-more-news-button" :aria-busy="loading">
+              <button class="btn btn-grey" x-show="!loading && hasNext" @click="loadMore()">
+                {% trans %}See more{% endtrans %} &nbsp;<i class="fa fa-arrow-down"></i>
+              </button>
+              <p x-show="!loading && !hasNext">
+                <em>
+                  {% trans trimmed %}
+                    It was too short.
+                    You already reached the end of the upcoming events list.
+                  {% endtrans %}
+                </em>
+              </p>
+            </div>
+          </div>
+        {% endif %}
+      </section>

-<h3>{% trans %}All coming events{% endtrans %}</h3>
-<ics-calendar locale="{{ get_language() }}"></ics-calendar>
+      <h3>
+        {% trans %}All coming events{% endtrans %}
+        <a target="#" href="{{ url("com:news_feed") }}"><i class="fa fa-rss feed"></i></a>
+      </h3>
+      <ics-calendar
+        x-data
+        x-ref="calendar"
+        @news-moderated.window="
+                                if ($event.target !== $refs.calendar){
+                                // Avoid triggering a refresh with a dispatch
+                                // from the calendar itself
+                                $refs.calendar.refreshEvents($event);
+                                }
+                               "
+        @calendar-delete="$dispatch('news-moderated', {newsId: $event.detail.id, state: AlertState.DELETED})"
+        @calendar-unpublish="$dispatch('news-moderated', {newsId: $event.detail.id, state: AlertState.PENDING})"
+        @calendar-publish="$dispatch('news-moderated', {newsId: $event.detail.id, state: AlertState.PUBLISHED})"
+        ics-help-url="{{ url('core:page', page_name='Index/calendrier')}}"
+        locale="{{ get_language() }}"
+        can_moderate="{{ user.has_perm("com.moderate_news") }}"
+        can_delete="{{ user.has_perm("com.delete_news") }}"
+      ></ics-calendar>
+    </div>

-
-</div>
-
-<div id="right_column">
+    <div id="right_column">
      <div id="links">
        <h3>{% trans %}Links{% endtrans %}</h3>
        <div id="links_content">
@ -123,18 +223,26 @@
          <ul>
            <li>
              <i class="fa-brands fa-discord fa-xl"></i>
-          <a rel="nofollow" target="#" href="https://discord.gg/QvTm3XJrHR">{% trans %}Discord AE{% endtrans %}</a>
+              <a rel="nofollow" target="#" href="https://discord.gg/QvTm3XJrHR">
+                {% trans %}Discord AE{% endtrans %}
+              </a>
              {% if user.was_subscribed %}
-            - <a rel="nofollow" target="#" href="https://discord.gg/XK9WfPsUFm">{% trans %}Dev Team{% endtrans %}</a>
+                - <a rel="nofollow" target="#" href="https://discord.gg/u6EuMfyGaJ">
+                  {% trans %}Dev Team{% endtrans %}
+                </a>
              {% endif %}
            </li>
            <li>
              <i class="fa-brands fa-facebook fa-xl"></i>
-          <a rel="nofollow" target="#" href="https://www.facebook.com/@AEUTBM/">{% trans %}Facebook{% endtrans %}</a>
+              <a rel="nofollow" target="#" href="https://www.facebook.com/@AEUTBM/">
+                Facebook
+              </a>
            </li>
            <li>
              <i class="fa-brands fa-square-instagram fa-xl"></i>
-          <a rel="nofollow" target="#" href="https://www.instagram.com/ae_utbm">{% trans %}Instagram{% endtrans %}</a>
+              <a rel="nofollow" target="#" href="https://www.instagram.com/ae_utbm">
+                Instagram
+              </a>
            </li>
          </ul>
        </div>
@ -143,7 +251,7 @@
      <div id="birthdays">
        <h3>{% trans %}Birthdays{% endtrans %}</h3>
        <div id="birthdays_content">
-      {%- if user.was_subscribed -%}
+          {%- if user.has_perm("core.view_user") -%}
            <ul class="birthdays_year">
              {%- for year, users in birthdays -%}
                <li>
@ -156,14 +264,16 @@
                </li>
              {%- endfor -%}
            </ul>
-      {%- else -%}
+          {%- elif not user.was_subscribed -%}
+            {# The user cannot view birthdays, because he never subscribed #}
            <p>{% trans %}You need to subscribe to access this content{% endtrans %}</p>
+          {%- else -%}
+            {# There is another reason why user cannot view birthdays (maybe he is banned)
+               but we cannot know exactly what is this reason #}
+            <p>{% trans %}You cannot access this content{% endtrans %}</p>
          {%- endif -%}
        </div>
      </div>
-
-</div>
-
-
-</div>
+    </div>
+  </div>
 {% endblock %}
--- a/com/tests/test_api.py
+++ b/com/tests/test_api.py
@ -1,26 +1,30 @@
 from dataclasses import dataclass
-from datetime import datetime, timedelta
+from datetime import timedelta
 from pathlib import Path
-from typing import Callable
-from unittest.mock import MagicMock, patch

 import pytest
 from django.conf import settings
+from django.contrib.auth.models import Permission
 from django.http import HttpResponse
-from django.test.client import Client
+from django.test import Client, TestCase
 from django.urls import reverse
-from django.utils import timezone
+from django.utils.timezone import now
+from model_bakery import baker, seq
+from pytest_django.asserts import assertNumQueries

-from com.calendar import IcsCalendar
+from com.ics_calendar import IcsCalendar
+from com.models import News, NewsDate
+from core.markdown import markdown
+from core.models import User


@dataclass
 class MockResponse:
-    status: int
+    ok: bool
    value: str

    @property
-    def data(self):
+    def content(self):
        return self.value.encode("utf8")


@ -33,81 +37,6 @@ def accel_redirect_to_file(response: HttpResponse) -> Path | None:
    )


-@pytest.mark.django_db
-class TestExternalCalendar:
-    @pytest.fixture
-    def mock_request(self):
-        mock = MagicMock()
-        with patch("urllib3.request", mock):
-            yield mock
-
-    @pytest.fixture
-    def mock_current_time(self):
-        mock = MagicMock()
-        original = timezone.now
-        with patch("django.utils.timezone.now", mock):
-            yield mock, original
-
-    @pytest.fixture(autouse=True)
-    def clear_cache(self):
-        IcsCalendar._EXTERNAL_CALENDAR.unlink(missing_ok=True)
-
-    @pytest.mark.parametrize("error_code", [403, 404, 500])
-    def test_fetch_error(
-        self, client: Client, mock_request: MagicMock, error_code: int
-    ):
-        mock_request.return_value = MockResponse(error_code, "not allowed")
-        assert client.get(reverse("api:calendar_external")).status_code == 404
-
-    def test_fetch_success(self, client: Client, mock_request: MagicMock):
-        external_response = MockResponse(200, "Definitely an ICS")
-        mock_request.return_value = external_response
-        response = client.get(reverse("api:calendar_external"))
-        assert response.status_code == 200
-        out_file = accel_redirect_to_file(response)
-        assert out_file is not None
-        assert out_file.exists()
-        with open(out_file, "r") as f:
-            assert f.read() == external_response.value
-
-    def test_fetch_caching(
-        self,
-        client: Client,
-        mock_request: MagicMock,
-        mock_current_time: tuple[MagicMock, Callable[[], datetime]],
-    ):
-        fake_current_time, original_timezone = mock_current_time
-        start_time = original_timezone()
-
-        fake_current_time.return_value = start_time
-        external_response = MockResponse(200, "Definitely an ICS")
-        mock_request.return_value = external_response
-
-        with open(
-            accel_redirect_to_file(client.get(reverse("api:calendar_external"))), "r"
-        ) as f:
-            assert f.read() == external_response.value
-
-        mock_request.return_value = MockResponse(200, "This should be ignored")
-        with open(
-            accel_redirect_to_file(client.get(reverse("api:calendar_external"))), "r"
-        ) as f:
-            assert f.read() == external_response.value
-
-        mock_request.assert_called_once()
-
-        fake_current_time.return_value = start_time + timedelta(hours=1, seconds=1)
-        external_response = MockResponse(200, "This won't be ignored")
-        mock_request.return_value = external_response
-
-        with open(
-            accel_redirect_to_file(client.get(reverse("api:calendar_external"))), "r"
-        ) as f:
-            assert f.read() == external_response.value
-
-        assert mock_request.call_count == 2
-
-
@pytest.mark.django_db
 class TestInternalCalendar:
    @pytest.fixture(autouse=True)
@ -120,3 +49,126 @@ class TestInternalCalendar:
        out_file = accel_redirect_to_file(response)
        assert out_file is not None
        assert out_file.exists()
+
+
+@pytest.mark.django_db
+class TestModerateNews:
+    @pytest.mark.parametrize("news_is_published", [True, False])
+    def test_moderation_ok(self, client: Client, news_is_published: bool):  # noqa FBT
+        user = baker.make(
+            User, user_permissions=[Permission.objects.get(codename="moderate_news")]
+        )
+        # The API call should work even if the news is initially moderated.
+        # In the latter case, the result should be a noop, rather than an error.
+        news = baker.make(News, is_published=news_is_published)
+        initial_moderator = news.moderator
+        client.force_login(user)
+        response = client.patch(
+            reverse("api:moderate_news", kwargs={"news_id": news.id})
+        )
+        # if it wasn't moderated, it should now be moderated and the moderator should
+        # be the user that made the request.
+        # If it was already moderated, it should be a no-op, but not an error
+        assert response.status_code == 200
+        news.refresh_from_db()
+        assert news.is_published
+        if not news_is_published:
+            assert news.moderator == user
+        else:
+            assert news.moderator == initial_moderator
+
+    def test_moderation_forbidden(self, client: Client):
+        user = baker.make(User)
+        news = baker.make(News, is_published=False)
+        client.force_login(user)
+        response = client.patch(
+            reverse("api:moderate_news", kwargs={"news_id": news.id})
+        )
+        assert response.status_code == 403
+        news.refresh_from_db()
+        assert not news.is_published
+
+
+@pytest.mark.django_db
+class TestDeleteNews:
+    def test_delete_news_ok(self, client: Client):
+        user = baker.make(
+            User, user_permissions=[Permission.objects.get(codename="delete_news")]
+        )
+        news = baker.make(News)
+        client.force_login(user)
+        response = client.delete(
+            reverse("api:delete_news", kwargs={"news_id": news.id})
+        )
+        assert response.status_code == 200
+        assert not News.objects.filter(id=news.id).exists()
+
+    def test_delete_news_forbidden(self, client: Client):
+        user = baker.make(User)
+        news = baker.make(News)
+        client.force_login(user)
+        response = client.delete(
+            reverse("api:delete_news", kwargs={"news_id": news.id})
+        )
+        assert response.status_code == 403
+        assert News.objects.filter(id=news.id).exists()
+
+
+class TestFetchNewsDates(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        News.objects.all().delete()
+        cls.dates = baker.make(
+            NewsDate,
+            _quantity=5,
+            _bulk_create=True,
+            start_date=seq(value=now(), increment_by=timedelta(days=1)),
+            end_date=seq(
+                value=now() + timedelta(hours=2), increment_by=timedelta(days=1)
+            ),
+            news=iter(
+                baker.make(News, is_published=True, _quantity=5, _bulk_create=True)
+            ),
+        )
+        cls.dates.append(
+            baker.make(
+                NewsDate,
+                start_date=now() + timedelta(days=2, hours=1),
+                end_date=now() + timedelta(days=2, hours=5),
+                news=baker.make(News, is_published=True),
+            )
+        )
+        cls.dates.sort(key=lambda d: d.start_date)
+
+    def test_num_queries(self):
+        with assertNumQueries(2):
+            self.client.get(reverse("api:fetch_news_dates"))
+
+    def test_html_format(self):
+        """Test that when the summary is asked in html, the summary is in html."""
+        summary_1 = "# First event\nThere is something happening.\n"
+        self.dates[0].news.summary = summary_1
+        self.dates[0].news.save()
+        summary_2 = (
+            "# Second event\n"
+            "There is something happening **for real**.\n"
+            "Everything is [here](https://youtu.be/dQw4w9WgXcQ)\n"
+        )
+        self.dates[1].news.summary = summary_2
+        self.dates[1].news.save()
+        response = self.client.get(
+            reverse("api:fetch_news_dates") + "?page_size=2&text_format=html"
+        )
+        assert response.status_code == 200
+        dates = response.json()["results"]
+        assert dates[0]["news"]["summary"] == markdown(summary_1)
+        assert dates[1]["news"]["summary"] == markdown(summary_2)
+
+    def test_fetch(self):
+        after = (now() + timedelta(days=1)).isoformat()
+        response = self.client.get(
+            reverse("api:fetch_news_dates", query={"page_size": 3, "after": after})
+        )
+        assert response.status_code == 200
+        dates = response.json()["results"]
+        assert [d["id"] for d in dates] == [d.id for d in self.dates[1:4]]
--- a/com/tests/test_models.py
+++ b/com/tests/test_models.py
@ -0,0 +1,42 @@
+import itertools
+
+from django.contrib.auth.models import Permission
+from django.test import TestCase
+from model_bakery import baker
+
+from com.models import News
+from core.models import User
+
+
+class TestNewsViewableBy(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        News.objects.all().delete()
+        cls.users = baker.make(User, _quantity=3, _bulk_create=True)
+        # There are six news and six authors.
+        # Each author has one moderated and one non-moderated news
+        cls.news = baker.make(
+            News,
+            author=itertools.cycle(cls.users),
+            is_published=iter([True, True, True, False, False, False]),
+            _quantity=6,
+            _bulk_create=True,
+        )
+
+    def test_admin_can_view_everything(self):
+        """Test with a user that can view non moderated news."""
+        user = baker.make(
+            User,
+            user_permissions=[Permission.objects.get(codename="view_unmoderated_news")],
+        )
+        assert set(News.objects.viewable_by(user)) == set(self.news)
+
+    def test_normal_user_can_view_moderated_and_self_news(self):
+        """Test that basic users can view moderated news and news they authored."""
+        user = self.news[0].author
+        assert set(News.objects.viewable_by(user)) == {
+            self.news[0],
+            self.news[1],
+            self.news[2],
+            self.news[3],
+        }
--- a/com/tests/test_notifications.py
+++ b/com/tests/test_notifications.py
@ -0,0 +1,23 @@
+import pytest
+from django.conf import settings
+from model_bakery import baker
+
+from com.models import News
+from core.models import Group, Notification, User
+
+
+@pytest.mark.django_db
+def test_notification_created():
+    com_admin_group = Group.objects.get(pk=settings.SITH_GROUP_COM_ADMIN_ID)
+    com_admin_group.users.all().delete()
+    Notification.objects.all().delete()
+    com_admin = baker.make(User, groups=[com_admin_group])
+    for i in range(2):
+        # news notifications are permanent, so the notification created
+        # during the first iteration should be reused during the second one.
+        baker.make(News)
+        notifications = list(Notification.objects.all())
+        assert len(notifications) == 1
+        assert notifications[0].user == com_admin
+        assert notifications[0].type == "NEWS_MODERATION"
+        assert notifications[0].param == str(i + 1)
--- a/com/tests/test_views.py
+++ b/com/tests/test_views.py
@ -12,17 +12,24 @@
 # OR WITHIN THE LOCAL FILE "LICENSE"
 #
 #
+from datetime import timedelta
+from unittest.mock import patch
+
 import pytest
 from django.conf import settings
+from django.contrib.sites.models import Site
 from django.core.files.uploadedfile import SimpleUploadedFile
-from django.test import TestCase
+from django.test import Client, TestCase
 from django.urls import reverse
 from django.utils import html
 from django.utils.timezone import localtime, now
 from django.utils.translation import gettext as _
+from model_bakery import baker
+from pytest_django.asserts import assertNumQueries, assertRedirects

 from club.models import Club, Membership
-from com.models import News, Poster, Sith, Weekmail, WeekmailArticle
+from com.models import News, NewsDate, Poster, Sith, Weekmail, WeekmailArticle
+from core.baker_recipes import subscriber_user
 from core.models import AnonymousUser, Group, User


@ -137,15 +144,8 @@ class TestNews(TestCase):
    @classmethod
    def setUpTestData(cls):
        cls.com_admin = User.objects.get(username="comunity")
-        new = News.objects.create(
-            title="dummy new",
-            summary="This is a dummy new",
-            content="Look at that beautiful dummy new",
-            author=User.objects.get(username="subscriber"),
-            club=Club.objects.first(),
-        )
-        cls.new = new
-        cls.author = new.author
+        cls.new = baker.make(News)
+        cls.author = cls.new.author
        cls.sli = User.objects.get(username="sli")
        cls.anonymous = AnonymousUser()

@ -160,15 +160,15 @@ class TestNews(TestCase):

    def test_news_viewer(self):
        """Test that moderated news can be viewed by anyone
-        and not moderated news only by com admins.
+        and not moderated news only by com admins and by their author.
        """
-        # by default a news isn't moderated
+        # by default news aren't moderated
        assert self.new.can_be_viewed_by(self.com_admin)
+        assert self.new.can_be_viewed_by(self.author)
        assert not self.new.can_be_viewed_by(self.sli)
        assert not self.new.can_be_viewed_by(self.anonymous)
-        assert not self.new.can_be_viewed_by(self.author)

-        self.new.is_moderated = True
+        self.new.is_published = True
        self.new.save()
        assert self.new.can_be_viewed_by(self.com_admin)
        assert self.new.can_be_viewed_by(self.sli)
@ -176,11 +176,11 @@ class TestNews(TestCase):
        assert self.new.can_be_viewed_by(self.author)

    def test_news_editor(self):
-        """Test that only com admins can edit news."""
+        """Test that only com admins and the original author can edit news."""
        assert self.new.can_be_edited_by(self.com_admin)
+        assert self.new.can_be_edited_by(self.author)
        assert not self.new.can_be_edited_by(self.sli)
        assert not self.new.can_be_edited_by(self.anonymous)
-        assert not self.new.can_be_edited_by(self.author)


 class TestWeekmailArticle(TestCase):
@ -230,3 +230,124 @@ class TestPoster(TestCase):

        assert not self.poster.is_owned_by(self.susbcriber)
        assert self.poster.is_owned_by(self.sli)
+
+
+class TestNewsCreation(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.club = baker.make(Club)
+        cls.user = subscriber_user.make()
+        baker.make(Membership, user=cls.user, club=cls.club, role=5)
+
+    def setUp(self):
+        self.client.force_login(self.user)
+        self.start = now() + timedelta(days=1)
+        self.end = self.start + timedelta(hours=5)
+        self.valid_payload = {
+            "title": "Test news",
+            "summary": "This is a test news",
+            "content": "This is a test news",
+            "club": self.club.pk,
+            "is_weekly": False,
+            "start_date": self.start,
+            "end_date": self.end,
+        }
+
+    def test_create_news(self):
+        response = self.client.post(reverse("com:news_new"), self.valid_payload)
+        created = News.objects.order_by("id").last()
+        assertRedirects(response, created.get_absolute_url())
+        assert created.title == "Test news"
+        assert not created.is_published
+        dates = list(created.dates.values("start_date", "end_date"))
+        assert dates == [{"start_date": self.start, "end_date": self.end}]
+
+    def test_create_news_multiple_dates(self):
+        self.valid_payload["is_weekly"] = True
+        self.valid_payload["occurrences"] = 2
+        response = self.client.post(reverse("com:news_new"), self.valid_payload)
+        created = News.objects.order_by("id").last()
+
+        assertRedirects(response, created.get_absolute_url())
+        dates = list(
+            created.dates.values("start_date", "end_date").order_by("start_date")
+        )
+        assert dates == [
+            {"start_date": self.start, "end_date": self.end},
+            {
+                "start_date": self.start + timedelta(days=7),
+                "end_date": self.end + timedelta(days=7),
+            },
+        ]
+
+    def test_edit_news(self):
+        news = baker.make(News, author=self.user, is_published=True)
+        baker.make(
+            NewsDate,
+            news=news,
+            start_date=self.start + timedelta(hours=1),
+            end_date=self.end + timedelta(hours=1),
+            _quantity=2,
+        )
+
+        response = self.client.post(
+            reverse("com:news_edit", kwargs={"news_id": news.id}), self.valid_payload
+        )
+        created = News.objects.order_by("id").last()
+        assertRedirects(response, created.get_absolute_url())
+        assert created.title == "Test news"
+        assert not created.is_published
+        dates = list(created.dates.values("start_date", "end_date"))
+        assert dates == [{"start_date": self.start, "end_date": self.end}]
+
+    def test_ics_updated(self):
+        """Test that the internal ICS is updated when news are created"""
+
+        # we will just test that the ICS is modified.
+        # Checking that the ICS is *well* modified is up to the ICS tests
+        with patch("com.ics_calendar.IcsCalendar.make_internal") as mocked:
+            self.client.post(reverse("com:news_new"), self.valid_payload)
+            mocked.assert_called()
+
+        # The ICS file should also change after an update
+        self.valid_payload["is_weekly"] = True
+        self.valid_payload["occurrences"] = 2
+        last_news = News.objects.order_by("id").last()
+
+        with patch("com.ics_calendar.IcsCalendar.make_internal") as mocked:
+            self.client.post(
+                reverse("com:news_edit", kwargs={"news_id": last_news.id}),
+                self.valid_payload,
+            )
+            mocked.assert_called()
+
+
+@pytest.mark.django_db
+def test_feed(client: Client):
+    """Smoke test that checks that the atom feed is working"""
+    Site.objects.clear_cache()
+    with assertNumQueries(2):
+        # get sith domain with Site api: 1 request
+        # get all news and related info: 1 request
+        resp = client.get(reverse("com:news_feed"))
+        assert resp.status_code == 200
+        assert resp.headers["Content-Type"] == "application/rss+xml; charset=utf-8"
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    "url",
+    [
+        reverse("com:poster_list"),
+        reverse("com:poster_create"),
+        reverse("com:poster_moderate_list"),
+    ],
+)
+def test_poster_management_views_crash_test(client: Client, url: str):
+    """Test that poster management views work"""
+    user = baker.make(
+        User, groups=[Group.objects.get(pk=settings.SITH_GROUP_COM_ADMIN_ID)]
+    )
+    client.force_login(user)
+    res = client.get(url)
+    assert res.status_code == 200
--- a/com/urls.py
+++ b/com/urls.py
@ -25,9 +25,10 @@ from com.views import (
    NewsCreateView,
    NewsDeleteView,
    NewsDetailView,
-    NewsEditView,
+    NewsFeed,
    NewsListView,
    NewsModerateView,
+    NewsUpdateView,
    PosterCreateView,
    PosterDeleteView,
    PosterEditView,
@ -73,13 +74,14 @@ urlpatterns = [
        name="weekmail_article_edit",
    ),
    path("news/", NewsListView.as_view(), name="news_list"),
+    path("news/feed/", NewsFeed(), name="news_feed"),
    path("news/admin/", NewsAdminListView.as_view(), name="news_admin_list"),
    path("news/create/", NewsCreateView.as_view(), name="news_new"),
+    path("news/<int:news_id>/edit/", NewsUpdateView.as_view(), name="news_edit"),
    path("news/<int:news_id>/delete/", NewsDeleteView.as_view(), name="news_delete"),
    path(
        "news/<int:news_id>/moderate/", NewsModerateView.as_view(), name="news_moderate"
    ),
-    path("news/<int:news_id>/edit/", NewsEditView.as_view(), name="news_edit"),
    path("news/<int:news_id>/", NewsDetailView.as_view(), name="news_detail"),
    path("mailings/", MailingListAdminView.as_view(), name="mailing_admin"),
    path(
--- a/com/views.py
+++ b/com/views.py
@ -22,36 +22,37 @@
 #
 #
 import itertools
-from datetime import timedelta
+from datetime import date, timedelta
 from smtplib import SMTPRecipientsRefused
+from typing import Any

-from django import forms
+from dateutil.relativedelta import relativedelta
 from django.conf import settings
+from django.contrib.auth.mixins import AccessMixin, PermissionRequiredMixin
+from django.contrib.syndication.views import Feed
 from django.core.exceptions import PermissionDenied, ValidationError
-from django.db.models import Exists, Max, OuterRef
+from django.db.models import Max
 from django.forms.models import modelform_factory
 from django.http import HttpResponseRedirect
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
-from django.utils.timezone import localdate
+from django.utils.timezone import localdate, now
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import DetailView, ListView, View
-from django.views.generic.detail import SingleObjectMixin
+from django.views.generic import DetailView, ListView, TemplateView, View
 from django.views.generic.edit import CreateView, DeleteView, UpdateView

 from club.models import Club, Mailing
+from com.forms import NewsDateForm, NewsForm, PosterForm
+from com.ics_calendar import IcsCalendar
 from com.models import News, NewsDate, Poster, Screen, Sith, Weekmail, WeekmailArticle
-from core.models import Notification, User
-from core.views import (
-    CanCreateMixin,
-    CanEditMixin,
+from core.auth.mixins import (
    CanEditPropMixin,
    CanViewMixin,
-    QuickNotifMixin,
-    TabedViewMixin,
+    PermissionOrAuthorRequiredMixin,
 )
-from core.views.forms import SelectDateTime
+from core.models import User
+from core.views.mixins import QuickNotifMixin, TabedViewMixin
 from core.views.widgets.markdown import MarkdownInput

 # Sith object
@ -59,92 +60,46 @@ from core.views.widgets.markdown import MarkdownInput
 sith = Sith.objects.first


-class PosterForm(forms.ModelForm):
-    class Meta:
-        model = Poster
-        fields = [
-            "name",
-            "file",
-            "club",
-            "screens",
-            "date_begin",
-            "date_end",
-            "display_time",
-        ]
-        widgets = {"screens": forms.CheckboxSelectMultiple}
-        help_texts = {"file": _("Format: 16:9 | Resolution: 1920x1080")}
-
-    date_begin = forms.DateTimeField(
-        label=_("Start date"),
-        widget=SelectDateTime,
-        required=True,
-        initial=timezone.now().strftime("%Y-%m-%d %H:%M:%S"),
-    )
-    date_end = forms.DateTimeField(
-        label=_("End date"), widget=SelectDateTime, required=False
-    )
-
-    def __init__(self, *args, **kwargs):
-        self.user = kwargs.pop("user", None)
-        super().__init__(*args, **kwargs)
-        if self.user and not self.user.is_com_admin:
-            self.fields["club"].queryset = Club.objects.filter(
-                id__in=self.user.clubs_with_rights
-            )
-            self.fields.pop("display_time")
-
-
 class ComTabsMixin(TabedViewMixin):
-    def get_tabs_title(self):
-        return _("Communication administration")
+    tabs_title = _("Communication administration")

    def get_list_of_tabs(self):
-        tab_list = []
-        tab_list.append(
-            {"url": reverse("com:weekmail"), "slug": "weekmail", "name": _("Weekmail")}
-        )
-        tab_list.append(
+        return [
+            {"url": reverse("com:weekmail"), "slug": "weekmail", "name": _("Weekmail")},
            {
                "url": reverse("com:weekmail_destinations"),
                "slug": "weekmail_destinations",
                "name": _("Weekmail destinations"),
-            }
-        )
-        tab_list.append(
-            {"url": reverse("com:info_edit"), "slug": "info", "name": _("Info message")}
-        )
-        tab_list.append(
+            },
+            {
+                "url": reverse("com:info_edit"),
+                "slug": "info",
+                "name": _("Info message"),
+            },
            {
                "url": reverse("com:alert_edit"),
                "slug": "alert",
                "name": _("Alert message"),
-            }
-        )
-        tab_list.append(
+            },
            {
                "url": reverse("com:mailing_admin"),
                "slug": "mailings",
                "name": _("Mailing lists administration"),
-            }
-        )
-        tab_list.append(
+            },
            {
                "url": reverse("com:poster_list"),
                "slug": "posters",
                "name": _("Posters list"),
-            }
-        )
-        tab_list.append(
+            },
            {
                "url": reverse("com:screen_list"),
                "slug": "screens",
                "name": _("Screens list"),
-            }
-        )
-        return tab_list
+            },
+        ]


-class IsComAdminMixin(View):
+class IsComAdminMixin(AccessMixin):
    def dispatch(self, request, *args, **kwargs):
        if not request.user.is_com_admin:
            raise PermissionDenied
@ -184,174 +139,86 @@ class WeekmailDestinationEditView(ComEditView):
 # News


-class NewsForm(forms.ModelForm):
-    class Meta:
+class NewsCreateView(PermissionRequiredMixin, CreateView):
+    """View to either create or update News."""
+
    model = News
-        fields = ["type", "title", "club", "summary", "content", "author"]
-        widgets = {
-            "author": forms.HiddenInput,
-            "type": forms.RadioSelect,
-            "summary": MarkdownInput,
-            "content": MarkdownInput,
+    form_class = NewsForm
+    template_name = "com/news_edit.jinja"
+    permission_required = "com.add_news"
+
+    def get_date_form_kwargs(self) -> dict[str, Any]:
+        """Get initial data for NewsDateForm"""
+        if self.request.method == "POST":
+            return {"data": self.request.POST}
+        return {}
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {
+            "author": self.request.user,
+            "date_form": NewsDateForm(**self.get_date_form_kwargs()),
        }

-    start_date = forms.DateTimeField(
-        label=_("Start date"), widget=SelectDateTime, required=False
-    )
-    end_date = forms.DateTimeField(
-        label=_("End date"), widget=SelectDateTime, required=False
-    )
-    until = forms.DateTimeField(label=_("Until"), widget=SelectDateTime, required=False)
-
-    automoderation = forms.BooleanField(label=_("Automoderation"), required=False)
-
-    def clean(self):
-        self.cleaned_data = super().clean()
-        if self.cleaned_data["type"] != "NOTICE":
-            if not self.cleaned_data["start_date"]:
-                self.add_error(
-                    "start_date", ValidationError(_("This field is required."))
-                )
-            if not self.cleaned_data["end_date"]:
-                self.add_error(
-                    "end_date", ValidationError(_("This field is required."))
-                )
-            if (
-                not self.has_error("start_date")
-                and not self.has_error("end_date")
-                and self.cleaned_data["start_date"] > self.cleaned_data["end_date"]
-            ):
-                self.add_error(
-                    "end_date",
-                    ValidationError(_("An event cannot end before its beginning.")),
-                )
-            if self.cleaned_data["type"] == "WEEKLY" and not self.cleaned_data["until"]:
-                self.add_error("until", ValidationError(_("This field is required.")))
-        return self.cleaned_data
-
-    def save(self, *args, **kwargs):
-        ret = super().save()
-        self.instance.dates.all().delete()
-        if self.instance.type == "EVENT" or self.instance.type == "CALL":
-            NewsDate(
-                start_date=self.cleaned_data["start_date"],
-                end_date=self.cleaned_data["end_date"],
-                news=self.instance,
-            ).save()
-        elif self.instance.type == "WEEKLY":
-            start_date = self.cleaned_data["start_date"]
-            end_date = self.cleaned_data["end_date"]
-            while start_date <= self.cleaned_data["until"]:
-                NewsDate(
-                    start_date=start_date, end_date=end_date, news=self.instance
-                ).save()
-                start_date += timedelta(days=7)
-                end_date += timedelta(days=7)
-        return ret
+    def get_initial(self):
+        init = super().get_initial()
+        # if the id of a club is provided, select it by default
+        if club_id := self.request.GET.get("club"):
+            init["club"] = Club.objects.filter(id=club_id).first()
+        return init


-class NewsEditView(CanEditMixin, UpdateView):
+class NewsUpdateView(PermissionOrAuthorRequiredMixin, UpdateView):
    model = News
    form_class = NewsForm
    template_name = "com/news_edit.jinja"
    pk_url_kwarg = "news_id"
-
-    def get_initial(self):
-        news_date: NewsDate = self.object.dates.order_by("id").first()
-        if news_date is None:
-            return {"start_date": None, "end_date": None}
-        return {"start_date": news_date.start_date, "end_date": news_date.end_date}
-
-    def post(self, request, *args, **kwargs):
-        form = self.get_form()
-        if form.is_valid() and "preview" not in request.POST:
-            return self.form_valid(form)
-        else:
-            return self.form_invalid(form)
+    permission_required = "com.edit_news"

    def form_valid(self, form):
-        self.object = form.save()
-        if form.cleaned_data["automoderation"] and self.request.user.is_com_admin:
-            self.object.moderator = self.request.user
-            self.object.is_moderated = True
-            self.object.save()
-        else:
-            self.object.is_moderated = False
-            self.object.save()
-            unread_notif_subquery = Notification.objects.filter(
-                user=OuterRef("pk"), type="NEWS_MODERATION", viewed=False
-            )
-            for user in User.objects.filter(
-                ~Exists(unread_notif_subquery),
-                groups__id__in=[settings.SITH_GROUP_COM_ADMIN_ID],
-            ):
-                Notification.objects.create(
-                    user=user,
-                    url=self.object.get_absolute_url(),
-                    type="NEWS_MODERATION",
-                )
-        return super().form_valid(form)
+        response = super().form_valid(form)  # Does the saving part
+        IcsCalendar.make_internal()
+        return response
+
+    def get_date_form_kwargs(self) -> dict[str, Any]:
+        """Get initial data for NewsDateForm"""
+        response = {}
+        if self.request.method == "POST":
+            response["data"] = self.request.POST
+        dates = list(self.object.dates.order_by("id"))
+        if len(dates) == 0:
+            return {}
+        response["instance"] = dates[0]
+        occurrences = NewsDateForm.get_occurrences(len(dates))
+        if occurrences is not None:
+            response["initial"] = {"is_weekly": True, "occurrences": occurrences}
+        return response
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {
+            "author": self.request.user,
+            "date_form": NewsDateForm(**self.get_date_form_kwargs()),
+        }


-class NewsCreateView(CanCreateMixin, CreateView):
-    model = News
-    form_class = NewsForm
-    template_name = "com/news_edit.jinja"
-
-    def get_initial(self):
-        init = {"author": self.request.user}
-        if "club" not in self.request.GET:
-            return init
-        init["club"] = Club.objects.filter(id=self.request.GET["club"]).first()
-        return init
-
-    def post(self, request, *args, **kwargs):
-        form = self.get_form()
-        if form.is_valid() and "preview" not in request.POST:
-            return self.form_valid(form)
-        else:
-            self.object = form.instance
-            return self.form_invalid(form)
-
-    def form_valid(self, form):
-        self.object = form.save()
-        if form.cleaned_data["automoderation"] and self.request.user.is_com_admin:
-            self.object.moderator = self.request.user
-            self.object.is_moderated = True
-            self.object.save()
-        else:
-            unread_notif_subquery = Notification.objects.filter(
-                user=OuterRef("pk"), type="NEWS_MODERATION", viewed=False
-            )
-            for user in User.objects.filter(
-                ~Exists(unread_notif_subquery),
-                groups__id__in=[settings.SITH_GROUP_COM_ADMIN_ID],
-            ):
-                Notification.objects.create(
-                    user=user,
-                    url=reverse("com:news_admin_list"),
-                    type="NEWS_MODERATION",
-                )
-        return super().form_valid(form)
-
-
-class NewsDeleteView(CanEditMixin, DeleteView):
+class NewsDeleteView(PermissionOrAuthorRequiredMixin, DeleteView):
    model = News
    pk_url_kwarg = "news_id"
    template_name = "core/delete_confirm.jinja"
    success_url = reverse_lazy("com:news_admin_list")
+    permission_required = "com.delete_news"


-class NewsModerateView(CanEditMixin, SingleObjectMixin):
+class NewsModerateView(PermissionRequiredMixin, DetailView):
    model = News
    pk_url_kwarg = "news_id"
+    permission_required = "com.moderate_news"

    def get(self, request, *args, **kwargs):
        self.object = self.get_object()
        if "remove" in request.GET:
-            self.object.is_moderated = False
+            self.object.is_published = False
        else:
-            self.object.is_moderated = True
+            self.object.is_published = True
        self.object.moderator = request.user
        self.object.save()
        if "next" in self.request.GET:
@ -359,37 +226,112 @@ class NewsModerateView(CanEditMixin, SingleObjectMixin):
        return redirect("com:news_admin_list")


-class NewsAdminListView(CanEditMixin, ListView):
+class NewsAdminListView(PermissionRequiredMixin, ListView):
    model = News
    template_name = "com/news_admin_list.jinja"
-    queryset = News.objects.all()
+    queryset = News.objects.select_related(
+        "club", "author", "moderator"
+    ).prefetch_related("dates")
+    permission_required = ["com.moderate_news", "com.delete_news"]


-class NewsListView(CanViewMixin, ListView):
-    model = News
+class NewsListView(TemplateView):
    template_name = "com/news_list.jinja"
-    queryset = News.objects.filter(is_moderated=True)

-    def get_context_data(self, **kwargs):
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["NewsDate"] = NewsDate
-        kwargs["timedelta"] = timedelta
-        kwargs["birthdays"] = itertools.groupby(
+    def get_birthdays(self):
+        if not self.request.user.has_perm("core.view_user"):
+            return []
+        return itertools.groupby(
            User.objects.filter(
                date_of_birth__month=localdate().month,
                date_of_birth__day=localdate().day,
+                is_subscriber_viewable=True,
            )
            .filter(role__in=["STUDENT", "FORMER STUDENT"])
            .order_by("-date_of_birth"),
            key=lambda u: u.date_of_birth.year,
        )
-        return kwargs
+
+    def get_last_day(self) -> date | None:
+        """Get the last day when news will be displayed
+
+        The returned day is the third one where something happen.
+        For example, if there are 6 events : A on 15/03, B and C on 17/03,
+        D on 20/03, E on 21/03 and F on 22/03 ;
+        then the result is 20/03.
+        """
+        dates = list(
+            NewsDate.objects.filter(end_date__gt=now())
+            .order_by("start_date")
+            .values_list("start_date__date", flat=True)
+            .distinct()[:4]
+        )
+        return dates[-1] if len(dates) > 0 else None
+
+    def get_news_dates(self, until: date) -> dict[date, list[date]]:
+        """Return the event dates to display.
+
+        The selected events are the ones that happens between
+        right now and the given day (included).
+        """
+        return {
+            date: list(dates)
+            for date, dates in itertools.groupby(
+                NewsDate.objects.viewable_by(self.request.user)
+                .filter(end_date__gt=now(), start_date__date__lte=until)
+                .order_by("start_date")
+                .select_related("news", "news__club"),
+                key=lambda d: d.start_date.date(),
+            )
+        }
+
+    def get_context_data(self, **kwargs):
+        last_day = self.get_last_day()
+        return super().get_context_data(**kwargs) | {
+            "news_dates": self.get_news_dates(until=last_day)
+            if last_day is not None
+            else {},
+            "birthdays": self.get_birthdays(),
+            "last_day": last_day,
+        }


 class NewsDetailView(CanViewMixin, DetailView):
    model = News
    template_name = "com/news_detail.jinja"
    pk_url_kwarg = "news_id"
+    queryset = News.objects.select_related("club", "author", "moderator")
+
+    def get_context_data(self, **kwargs):
+        return super().get_context_data(**kwargs) | {"date": self.object.dates.first()}
+
+
+class NewsFeed(Feed):
+    title = _("News")
+    link = reverse_lazy("com:news_list")
+    description = _("All incoming events")
+
+    def items(self):
+        return (
+            NewsDate.objects.filter(
+                news__is_published=True,
+                end_date__gte=timezone.now() - (relativedelta(months=6)),
+            )
+            .select_related("news", "news__author")
+            .order_by("-start_date")
+        )
+
+    def item_title(self, item: NewsDate):
+        return item.news.title
+
+    def item_description(self, item: NewsDate):
+        return item.news.summary
+
+    def item_link(self, item: NewsDate):
+        return item.news.get_absolute_url()
+
+    def item_author_name(self, item: NewsDate):
+        return item.news.author.get_display_name()


 # Weekmail
@ -616,7 +558,11 @@ class MailingModerateView(View):
        raise PermissionDenied


-class PosterListBaseView(ListView):
+class PosterAdminViewMixin(IsComAdminMixin, ComTabsMixin):
+    current_tab = "posters"
+
+
+class PosterListBaseView(PosterAdminViewMixin, ListView):
    """List communication posters."""

    current_tab = "posters"
@ -643,7 +589,7 @@ class PosterListBaseView(ListView):
        return kwargs


-class PosterCreateBaseView(CreateView):
+class PosterCreateBaseView(PosterAdminViewMixin, CreateView):
    """Create communication poster."""

    current_tab = "posters"
@ -675,7 +621,7 @@ class PosterCreateBaseView(CreateView):
        return super().form_valid(form)


-class PosterEditBaseView(UpdateView):
+class PosterEditBaseView(PosterAdminViewMixin, UpdateView):
    """Edit communication poster."""

    pk_url_kwarg = "poster_id"
@ -721,7 +667,7 @@ class PosterEditBaseView(UpdateView):
        return super().form_valid(form)


-class PosterDeleteBaseView(DeleteView):
+class PosterDeleteBaseView(PosterAdminViewMixin, DeleteView):
    """Edit communication poster."""

    pk_url_kwarg = "poster_id"
@ -738,7 +684,7 @@ class PosterDeleteBaseView(DeleteView):
        return super().dispatch(request, *args, **kwargs)


-class PosterListView(IsComAdminMixin, ComTabsMixin, PosterListBaseView):
+class PosterListView(PosterListBaseView):
    """List communication posters."""

    def get_context_data(self, **kwargs):
@ -747,7 +693,7 @@ class PosterListView(IsComAdminMixin, ComTabsMixin, PosterListBaseView):
        return kwargs


-class PosterCreateView(IsComAdminMixin, ComTabsMixin, PosterCreateBaseView):
+class PosterCreateView(PosterCreateBaseView):
    """Create communication poster."""

    success_url = reverse_lazy("com:poster_list")
@ -758,7 +704,7 @@ class PosterCreateView(IsComAdminMixin, ComTabsMixin, PosterCreateBaseView):
        return kwargs


-class PosterEditView(IsComAdminMixin, ComTabsMixin, PosterEditBaseView):
+class PosterEditView(PosterEditBaseView):
    """Edit communication poster."""

    success_url = reverse_lazy("com:poster_list")
@ -769,13 +715,13 @@ class PosterEditView(IsComAdminMixin, ComTabsMixin, PosterEditBaseView):
        return kwargs


-class PosterDeleteView(IsComAdminMixin, ComTabsMixin, PosterDeleteBaseView):
+class PosterDeleteView(PosterDeleteBaseView):
    """Delete communication poster."""

    success_url = reverse_lazy("com:poster_list")


-class PosterModerateListView(IsComAdminMixin, ComTabsMixin, ListView):
+class PosterModerateListView(PosterAdminViewMixin, ListView):
    """Moderate list communication poster."""

    current_tab = "posters"
@ -789,7 +735,7 @@ class PosterModerateListView(IsComAdminMixin, ComTabsMixin, ListView):
        return kwargs


-class PosterModerateView(IsComAdminMixin, ComTabsMixin, View):
+class PosterModerateView(PosterAdminViewMixin, View):
    """Moderate communication poster."""

    def get(self, request, *args, **kwargs):
--- a/Show More
+++ b/Show More