include only subscribed users and their direct relations in the galaxy

fix: notification on invoice call update

.env.example

@@ -0,0 +1,18 @@
+HTTPS=off
+SITH_DEBUG=true
+
+# This is not the real key used in prod
+SECRET_KEY=(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2
+
+# comment the sqlite line and uncomment the postgres one to switch the dbms
+DATABASE_URL=sqlite:///db.sqlite3
+#DATABASE_URL=postgres://user:password@127.0.0.1:5432/sith
+
+REDIS_PORT=7963
+CACHE_URL=redis://127.0.0.1:${REDIS_PORT}/0
+TASK_BROKER_URL=redis://127.0.0.1:${REDIS_PORT}/1
+
+# Used to select which other services to run alongside
+# manage.py, pytest and runserver
+PROCFILE_STATIC=Procfile.static
+PROCFILE_SERVICE=Procfile.service

.github/actions/setup_project/action.yml

@@ -1,14 +1,28 @@
 name: "Setup project"
 description: "Setup Python and Poetry"
+inputs:
+  full:
+    description: > 
+      If true, do a full setup, else install
+      only python, uv and non-xapian python deps
+    required: false
+    default: "false"
 runs:
   using: composite
   steps:
     - name: Install apt packages
-      uses: awalsh128/cache-apt-pkgs-action@latest
+      if: ${{ inputs.full == 'true' }}
+      uses: awalsh128/cache-apt-pkgs-action@v1.4.3
       with:
         packages: gettext
         version: 1.0  # increment to reset cache
 
+    - name: Install Redis
+      if: ${{ inputs.full == 'true' }}
+      uses: shogo82148/actions-setup-redis@v1
+      with:
+        redis-version: "7.x"
+
     - name: Install uv
       uses: astral-sh/setup-uv@v5
       with:
@@ -32,15 +46,20 @@ runs:
       shell: bash
 
     - name: Install Xapian
+      if: ${{ inputs.full == 'true' }}
       run: uv run ./manage.py install_xapian
       shell: bash
 
+    # compiling xapian accounts for almost the entirety of the virtualenv setup,
+    # so we save the virtual environment only on workflows where it has been installed
     - name: Save cached virtualenv
+      if: ${{ inputs.full == 'true' }}
       uses: actions/cache/save@v4
       with:
         key: venv-${{ runner.os }}-${{ hashFiles('.python-version') }}-${{ hashFiles('pyproject.toml') }}-${{ env.CACHE_SUFFIX }}
         path: .venv
 
     - name: Compile gettext messages
+      if: ${{ inputs.full == 'true' }}
       run: uv run ./manage.py compilemessages
       shell: bash

.github/auto_assign.yml

@@ -6,7 +6,7 @@ addAssignees: author
 
 # A list of team reviewers to be added to pull requests (GitHub team slug)
 reviewers:
-  - ae-utbm/sith-3-developers
+  - ae-utbm/developpeurs
 
 # Number of reviewers has no impact on GitHub teams
 # Set 0 to add all the reviewers (default: 0)

.github/dependabot.yml

@@ -4,11 +4,28 @@
 # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 
 version: 2
-updates:
-  - package-ecosystem: "pip" # See documentation for possible values
-    directory: "/" # Location of package manifests
+
+multi-ecosystem-groups:
+  common:
+    directory: "/"
     schedule:
       interval: "weekly"
     target-branch: "taiste"
     commit-message:
-      prefix: "[UPDATE] "
+      prefix: "[UPDATE] "
+
+updates:
+  - package-ecosystem: "uv"
+    patterns: ["*"]
+    multi-ecosystem-group: "common"
+
+  - package-ecosystem: "npm"
+    patterns: ["*"]
+    multi-ecosystem-group: "common"
+    groups:
+      # npm supports production and development groups, but not uv
+      # cf. https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#dependency-type-groups
+      main-deps:
+        dependency-type: "production"
+      dev-deps:
+        dependency-type: "development"

.github/workflows/ci.yml

@@ -7,6 +7,12 @@ on:
     branches: [master, taiste]
   workflow_dispatch:
 
+env:
+  SECRET_KEY: notTheRealOne
+  DATABASE_URL: sqlite:///db.sqlite3
+  CACHE_URL: redis://127.0.0.1:6379/0
+  TASK_BROKER_URL: redis://127.0.0.1:6379/1
+
 jobs:
   pre-commit:
     name: Launch pre-commits checks (ruff)
@@ -26,11 +32,13 @@ jobs:
     strategy:
       fail-fast: false  # don't interrupt the other test processes
       matrix:
-        pytest-mark: [slow, not slow]
+        pytest-mark: [not slow]
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
       - uses: ./.github/actions/setup_project
+        with:
+          full: true
         env:
           # To avoid race conditions on environment cache
           CACHE_SUFFIX: ${{ matrix.pytest-mark }}
@@ -41,7 +49,7 @@ jobs:
           uv run coverage report
           uv run coverage html
       - name: Archive code coverage results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: coverage-report
+          name: coverage-report-${{ matrix.pytest-mark }}
           path: coverage_report

.github/workflows/deploy_docs.yml

@@ -2,7 +2,7 @@ name: deploy_docs
 on:
   push:
     branches:
-      - master
+      - taiste
 permissions:
   contents: write
 jobs:

.gitignore

@@ -18,6 +18,14 @@ sith/search_indexes/
 .coverage
 coverage_report/
 node_modules/
+.env
+*.pid
 
 # compiled documentation
 site/
+
+### Redis ###
+
+# Ignore redis binary dump (dump.rdb) files
+
+*.rdb

.npmrc

@@ -0,0 +1 @@
+@jsr:registry=https://npm.jsr.io

.pre-commit-config.yaml

@@ -1,18 +1,18 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.8.3
+    rev: v0.11.13
     hooks:
-      - id: ruff  # just check the code, and print the errors
-      - id: ruff  # actually fix the fixable errors, but print nothing
+      - id: ruff-check  # just check the code, and print the errors
+      - id: ruff-check  # actually fix the fixable errors, but print nothing
         args: ["--fix", "--silent"]
       # Run the formatter.
       - id: ruff-format
   - repo: https://github.com/biomejs/pre-commit
-    rev: "v0.1.0"  # Use the sha / tag you want to point at
+    rev: v0.6.1
     hooks:
       - id: biome-check
-        additional_dependencies: ["@biomejs/biome@1.9.3"]
+        additional_dependencies: ["@biomejs/biome@1.9.4"]
   - repo: https://github.com/rtts/djhtml
     rev: 3.0.7
     hooks:

Procfile.service

@@ -0,0 +1,2 @@
+redis: redis-server --port $REDIS_PORT
+celery: uv run celery -A sith worker --beat -l INFO

Procfile.static

@@ -0,0 +1 @@
+bundler: npm run serve

accounting/__init__.py

@@ -1,14 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#

accounting/admin.py

@@ -1,36 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from django.contrib import admin
-
-from accounting.models import (
-    AccountingType,
-    BankAccount,
-    ClubAccount,
-    Company,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-
-admin.site.register(BankAccount)
-admin.site.register(ClubAccount)
-admin.site.register(GeneralJournal)
-admin.site.register(AccountingType)
-admin.site.register(SimplifiedAccountingType)
-admin.site.register(Operation)
-admin.site.register(Label)
-admin.site.register(Company)

accounting/api.py

@@ -1,23 +0,0 @@
-from typing import Annotated
-
-from annotated_types import MinLen
-from ninja_extra import ControllerBase, api_controller, paginate, route
-from ninja_extra.pagination import PageNumberPaginationExtra
-from ninja_extra.schemas import PaginatedResponseSchema
-
-from accounting.models import ClubAccount, Company
-from accounting.schemas import ClubAccountSchema, CompanySchema
-from core.api_permissions import CanAccessLookup
-
-
-@api_controller("/lookup", permissions=[CanAccessLookup])
-class AccountingController(ControllerBase):
-    @route.get("/club-account", response=PaginatedResponseSchema[ClubAccountSchema])
-    @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_club_account(self, search: Annotated[str, MinLen(1)]):
-        return ClubAccount.objects.filter(name__icontains=search).values()
-
-    @route.get("/company", response=PaginatedResponseSchema[CompanySchema])
-    @paginate(PageNumberPaginationExtra, page_size=50)
-    def search_company(self, search: Annotated[str, MinLen(1)]):
-        return Company.objects.filter(name__icontains=search).values()

accounting/migrations/0001_initial.py

@@ -1,280 +0,0 @@
-from __future__ import unicode_literals
-
-import django.core.validators
-import django.db.models.deletion
-from django.db import migrations, models
-
-import accounting.models
-
-
-class Migration(migrations.Migration):
-    dependencies = []
-
-    operations = [
-        migrations.CreateModel(
-            name="AccountingType",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                (
-                    "code",
-                    models.CharField(
-                        max_length=16,
-                        verbose_name="code",
-                        validators=[
-                            django.core.validators.RegexValidator(
-                                "^[0-9]*$",
-                                "An accounting type code contains only numbers",
-                            )
-                        ],
-                    ),
-                ),
-                ("label", models.CharField(max_length=128, verbose_name="label")),
-                (
-                    "movement_type",
-                    models.CharField(
-                        choices=[
-                            ("CREDIT", "Credit"),
-                            ("DEBIT", "Debit"),
-                            ("NEUTRAL", "Neutral"),
-                        ],
-                        max_length=12,
-                        verbose_name="movement type",
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "accounting type",
-                "ordering": ["movement_type", "code"],
-            },
-        ),
-        migrations.CreateModel(
-            name="BankAccount",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=30, verbose_name="name")),
-                (
-                    "iban",
-                    models.CharField(max_length=255, blank=True, verbose_name="iban"),
-                ),
-                (
-                    "number",
-                    models.CharField(
-                        max_length=255, blank=True, verbose_name="account number"
-                    ),
-                ),
-            ],
-            options={"verbose_name": "Bank account", "ordering": ["club", "name"]},
-        ),
-        migrations.CreateModel(
-            name="ClubAccount",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=30, verbose_name="name")),
-            ],
-            options={
-                "verbose_name": "Club account",
-                "ordering": ["bank_account", "name"],
-            },
-        ),
-        migrations.CreateModel(
-            name="Company",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("name", models.CharField(max_length=60, verbose_name="name")),
-            ],
-            options={"verbose_name": "company"},
-        ),
-        migrations.CreateModel(
-            name="GeneralJournal",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("start_date", models.DateField(verbose_name="start date")),
-                (
-                    "end_date",
-                    models.DateField(
-                        null=True, verbose_name="end date", default=None, blank=True
-                    ),
-                ),
-                ("name", models.CharField(max_length=40, verbose_name="name")),
-                (
-                    "closed",
-                    models.BooleanField(verbose_name="is closed", default=False),
-                ),
-                (
-                    "amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2,
-                        default=0,
-                        verbose_name="amount",
-                        max_digits=12,
-                    ),
-                ),
-                (
-                    "effective_amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2,
-                        default=0,
-                        verbose_name="effective_amount",
-                        max_digits=12,
-                    ),
-                ),
-            ],
-            options={"verbose_name": "General journal", "ordering": ["-start_date"]},
-        ),
-        migrations.CreateModel(
-            name="Operation",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("number", models.IntegerField(verbose_name="number")),
-                (
-                    "amount",
-                    accounting.models.CurrencyField(
-                        decimal_places=2, max_digits=12, verbose_name="amount"
-                    ),
-                ),
-                ("date", models.DateField(verbose_name="date")),
-                ("remark", models.CharField(max_length=128, verbose_name="comment")),
-                (
-                    "mode",
-                    models.CharField(
-                        choices=[
-                            ("CHECK", "Check"),
-                            ("CASH", "Cash"),
-                            ("TRANSFERT", "Transfert"),
-                            ("CARD", "Credit card"),
-                        ],
-                        max_length=255,
-                        verbose_name="payment method",
-                    ),
-                ),
-                (
-                    "cheque_number",
-                    models.CharField(
-                        max_length=32,
-                        null=True,
-                        verbose_name="cheque number",
-                        default="",
-                        blank=True,
-                    ),
-                ),
-                ("done", models.BooleanField(verbose_name="is done", default=False)),
-                (
-                    "target_type",
-                    models.CharField(
-                        choices=[
-                            ("USER", "User"),
-                            ("CLUB", "Club"),
-                            ("ACCOUNT", "Account"),
-                            ("COMPANY", "Company"),
-                            ("OTHER", "Other"),
-                        ],
-                        max_length=10,
-                        verbose_name="target type",
-                    ),
-                ),
-                (
-                    "target_id",
-                    models.IntegerField(
-                        null=True, verbose_name="target id", blank=True
-                    ),
-                ),
-                (
-                    "target_label",
-                    models.CharField(
-                        max_length=32,
-                        blank=True,
-                        verbose_name="target label",
-                        default="",
-                    ),
-                ),
-                (
-                    "accounting_type",
-                    models.ForeignKey(
-                        null=True,
-                        related_name="operations",
-                        verbose_name="accounting type",
-                        to="accounting.AccountingType",
-                        blank=True,
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-            options={"ordering": ["-number"]},
-        ),
-        migrations.CreateModel(
-            name="SimplifiedAccountingType",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                        auto_created=True,
-                    ),
-                ),
-                ("label", models.CharField(max_length=128, verbose_name="label")),
-                (
-                    "accounting_type",
-                    models.ForeignKey(
-                        verbose_name="simplified accounting types",
-                        to="accounting.AccountingType",
-                        related_name="simplified_types",
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "simplified type",
-                "ordering": ["accounting_type__movement_type", "accounting_type__code"],
-            },
-        ),
-    ]

accounting/migrations/0002_auto_20160824_2152.py

@@ -1,105 +0,0 @@
-from __future__ import unicode_literals
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("club", "0001_initial"),
-        ("accounting", "0001_initial"),
-        ("core", "0001_initial"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="operation",
-            name="invoice",
-            field=models.ForeignKey(
-                null=True,
-                related_name="operations",
-                verbose_name="invoice",
-                to="core.SithFile",
-                blank=True,
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="journal",
-            field=models.ForeignKey(
-                verbose_name="journal",
-                to="accounting.GeneralJournal",
-                related_name="operations",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="linked_operation",
-            field=models.OneToOneField(
-                on_delete=django.db.models.deletion.CASCADE,
-                blank=True,
-                to="accounting.Operation",
-                null=True,
-                related_name="operation_linked_to",
-                verbose_name="linked operation",
-                default=None,
-            ),
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="simpleaccounting_type",
-            field=models.ForeignKey(
-                null=True,
-                related_name="operations",
-                verbose_name="simple type",
-                to="accounting.SimplifiedAccountingType",
-                blank=True,
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="generaljournal",
-            name="club_account",
-            field=models.ForeignKey(
-                verbose_name="club account",
-                to="accounting.ClubAccount",
-                related_name="journals",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="clubaccount",
-            name="bank_account",
-            field=models.ForeignKey(
-                verbose_name="bank account",
-                to="accounting.BankAccount",
-                related_name="club_accounts",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="clubaccount",
-            name="club",
-            field=models.ForeignKey(
-                verbose_name="club",
-                to="club.Club",
-                related_name="club_account",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AddField(
-            model_name="bankaccount",
-            name="club",
-            field=models.ForeignKey(
-                verbose_name="club",
-                to="club.Club",
-                related_name="bank_accounts",
-                on_delete=django.db.models.deletion.CASCADE,
-            ),
-        ),
-        migrations.AlterUniqueTogether(
-            name="operation", unique_together={("number", "journal")}
-        ),
-    ]

accounting/migrations/0003_auto_20160824_2203.py

@@ -1,48 +0,0 @@
-from __future__ import unicode_literals
-
-import phonenumber_field.modelfields
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0002_auto_20160824_2152")]
-
-    operations = [
-        migrations.AddField(
-            model_name="company",
-            name="city",
-            field=models.CharField(blank=True, verbose_name="city", max_length=60),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="country",
-            field=models.CharField(blank=True, verbose_name="country", max_length=32),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="email",
-            field=models.EmailField(blank=True, verbose_name="email", max_length=254),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="phone",
-            field=phonenumber_field.modelfields.PhoneNumberField(
-                blank=True, verbose_name="phone", max_length=128
-            ),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="postcode",
-            field=models.CharField(blank=True, verbose_name="postcode", max_length=10),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="street",
-            field=models.CharField(blank=True, verbose_name="street", max_length=60),
-        ),
-        migrations.AddField(
-            model_name="company",
-            name="website",
-            field=models.CharField(blank=True, verbose_name="website", max_length=64),
-        ),
-    ]

accounting/migrations/0004_auto_20161005_1505.py

@@ -1,50 +0,0 @@
-from __future__ import unicode_literals
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0003_auto_20160824_2203")]
-
-    operations = [
-        migrations.CreateModel(
-            name="Label",
-            fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        verbose_name="ID",
-                        primary_key=True,
-                        auto_created=True,
-                        serialize=False,
-                    ),
-                ),
-                ("name", models.CharField(max_length=64, verbose_name="label")),
-                (
-                    "club_account",
-                    models.ForeignKey(
-                        related_name="labels",
-                        verbose_name="club account",
-                        to="accounting.ClubAccount",
-                        on_delete=django.db.models.deletion.CASCADE,
-                    ),
-                ),
-            ],
-        ),
-        migrations.AddField(
-            model_name="operation",
-            name="label",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="operations",
-                null=True,
-                blank=True,
-                verbose_name="label",
-                to="accounting.Label",
-            ),
-        ),
-        migrations.AlterUniqueTogether(
-            name="label", unique_together={("name", "club_account")}
-        ),
-    ]

accounting/migrations/0005_auto_20170324_0917.py

@@ -1,17 +0,0 @@
-from __future__ import unicode_literals
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [("accounting", "0004_auto_20161005_1505")]
-
-    operations = [
-        migrations.AlterField(
-            model_name="operation",
-            name="remark",
-            field=models.CharField(
-                null=True, max_length=128, blank=True, verbose_name="comment"
-            ),
-        )
-    ]

accounting/models.py

@@ -1,520 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from decimal import Decimal
-
-from django.conf import settings
-from django.core import validators
-from django.core.exceptions import ValidationError
-from django.db import models
-from django.template import defaultfilters
-from django.urls import reverse
-from django.utils.translation import gettext_lazy as _
-from phonenumber_field.modelfields import PhoneNumberField
-
-from club.models import Club
-from core.models import SithFile, User
-
-
-class CurrencyField(models.DecimalField):
-    """Custom database field used for currency."""
-
-    def __init__(self, *args, **kwargs):
-        kwargs["max_digits"] = 12
-        kwargs["decimal_places"] = 2
-        super().__init__(*args, **kwargs)
-
-    def to_python(self, value):
-        try:
-            return super().to_python(value).quantize(Decimal("0.01"))
-        except AttributeError:
-            return None
-
-
-if settings.TESTING:
-    from model_bakery import baker
-
-    baker.generators.add(
-        CurrencyField,
-        lambda: baker.random_gen.gen_decimal(max_digits=8, decimal_places=2),
-    )
-else:  # pragma: no cover
-    # baker is only used in tests, so we don't need coverage for this part
-    pass
-
-
-# Accounting classes
-
-
-class Company(models.Model):
-    name = models.CharField(_("name"), max_length=60)
-    street = models.CharField(_("street"), max_length=60, blank=True)
-    city = models.CharField(_("city"), max_length=60, blank=True)
-    postcode = models.CharField(_("postcode"), max_length=10, blank=True)
-    country = models.CharField(_("country"), max_length=32, blank=True)
-    phone = PhoneNumberField(_("phone"), blank=True)
-    email = models.EmailField(_("email"), blank=True)
-    website = models.CharField(_("website"), max_length=64, blank=True)
-
-    class Meta:
-        verbose_name = _("company")
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:co_edit", kwargs={"co_id": self.id})
-
-    def get_display_name(self):
-        return self.name
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        return user.memberships.filter(
-            end_date=None, club__role=settings.SITH_CLUB_ROLES_ID["Treasurer"]
-        ).exists()
-
-    def can_be_viewed_by(self, user):
-        """Check if that object can be viewed by the given user."""
-        return user.memberships.filter(
-            end_date=None, club__role_gte=settings.SITH_CLUB_ROLES_ID["Treasurer"]
-        ).exists()
-
-
-class BankAccount(models.Model):
-    name = models.CharField(_("name"), max_length=30)
-    iban = models.CharField(_("iban"), max_length=255, blank=True)
-    number = models.CharField(_("account number"), max_length=255, blank=True)
-    club = models.ForeignKey(
-        Club,
-        related_name="bank_accounts",
-        verbose_name=_("club"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("Bank account")
-        ordering = ["club", "name"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:bank_details", kwargs={"b_account_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        m = self.club.get_membership_for(user)
-        return m is not None and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-
-class ClubAccount(models.Model):
-    name = models.CharField(_("name"), max_length=30)
-    club = models.ForeignKey(
-        Club,
-        related_name="club_account",
-        verbose_name=_("club"),
-        on_delete=models.CASCADE,
-    )
-    bank_account = models.ForeignKey(
-        BankAccount,
-        related_name="club_accounts",
-        verbose_name=_("bank account"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("Club account")
-        ordering = ["bank_account", "name"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:club_details", kwargs={"c_account_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        m = self.club.get_membership_for(user)
-        return m and m.role == settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def can_be_viewed_by(self, user):
-        """Check if that object can be viewed by the given user."""
-        m = self.club.get_membership_for(user)
-        return m and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def has_open_journal(self):
-        return self.journals.filter(closed=False).exists()
-
-    def get_open_journal(self):
-        return self.journals.filter(closed=False).first()
-
-    def get_display_name(self):
-        return _("%(club_account)s on %(bank_account)s") % {
-            "club_account": self.name,
-            "bank_account": self.bank_account,
-        }
-
-
-class GeneralJournal(models.Model):
-    """Class storing all the operations for a period of time."""
-
-    start_date = models.DateField(_("start date"))
-    end_date = models.DateField(_("end date"), null=True, blank=True, default=None)
-    name = models.CharField(_("name"), max_length=40)
-    closed = models.BooleanField(_("is closed"), default=False)
-    club_account = models.ForeignKey(
-        ClubAccount,
-        related_name="journals",
-        null=False,
-        verbose_name=_("club account"),
-        on_delete=models.CASCADE,
-    )
-    amount = CurrencyField(_("amount"), default=0)
-    effective_amount = CurrencyField(_("effective_amount"), default=0)
-
-    class Meta:
-        verbose_name = _("General journal")
-        ordering = ["-start_date"]
-
-    def __str__(self):
-        return self.name
-
-    def get_absolute_url(self):
-        return reverse("accounting:journal_details", kwargs={"j_id": self.id})
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_viewed_by(self, user):
-        return self.club_account.can_be_viewed_by(user)
-
-    def update_amounts(self):
-        self.amount = 0
-        self.effective_amount = 0
-        for o in self.operations.all():
-            if o.accounting_type.movement_type == "CREDIT":
-                if o.done:
-                    self.effective_amount += o.amount
-                self.amount += o.amount
-            else:
-                if o.done:
-                    self.effective_amount -= o.amount
-                self.amount -= o.amount
-        self.save()
-
-
-class Operation(models.Model):
-    """An operation is a line in the journal, a debit or a credit."""
-
-    number = models.IntegerField(_("number"))
-    journal = models.ForeignKey(
-        GeneralJournal,
-        related_name="operations",
-        null=False,
-        verbose_name=_("journal"),
-        on_delete=models.CASCADE,
-    )
-    amount = CurrencyField(_("amount"))
-    date = models.DateField(_("date"))
-    remark = models.CharField(_("comment"), max_length=128, null=True, blank=True)
-    mode = models.CharField(
-        _("payment method"),
-        max_length=255,
-        choices=settings.SITH_ACCOUNTING_PAYMENT_METHOD,
-    )
-    cheque_number = models.CharField(
-        _("cheque number"), max_length=32, default="", null=True, blank=True
-    )
-    invoice = models.ForeignKey(
-        SithFile,
-        related_name="operations",
-        verbose_name=_("invoice"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    done = models.BooleanField(_("is done"), default=False)
-    simpleaccounting_type = models.ForeignKey(
-        "SimplifiedAccountingType",
-        related_name="operations",
-        verbose_name=_("simple type"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    accounting_type = models.ForeignKey(
-        "AccountingType",
-        related_name="operations",
-        verbose_name=_("accounting type"),
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    label = models.ForeignKey(
-        "Label",
-        related_name="operations",
-        verbose_name=_("label"),
-        null=True,
-        blank=True,
-        on_delete=models.SET_NULL,
-    )
-    target_type = models.CharField(
-        _("target type"),
-        max_length=10,
-        choices=[
-            ("USER", _("User")),
-            ("CLUB", _("Club")),
-            ("ACCOUNT", _("Account")),
-            ("COMPANY", _("Company")),
-            ("OTHER", _("Other")),
-        ],
-    )
-    target_id = models.IntegerField(_("target id"), null=True, blank=True)
-    target_label = models.CharField(
-        _("target label"), max_length=32, default="", blank=True
-    )
-    linked_operation = models.OneToOneField(
-        "self",
-        related_name="operation_linked_to",
-        verbose_name=_("linked operation"),
-        null=True,
-        blank=True,
-        default=None,
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        unique_together = ("number", "journal")
-        ordering = ["-number"]
-
-    def __str__(self):
-        return f"{self.amount} € | {self.date} | {self.accounting_type} | {self.done}"
-
-    def save(self, *args, **kwargs):
-        if self.number is None:
-            self.number = self.journal.operations.count() + 1
-        super().save(*args, **kwargs)
-        self.journal.update_amounts()
-
-    def get_absolute_url(self):
-        return reverse("accounting:journal_details", kwargs={"j_id": self.journal.id})
-
-    def __getattribute__(self, attr):
-        if attr == "target":
-            return self.get_target()
-        else:
-            return object.__getattribute__(self, attr)
-
-    def clean(self):
-        super().clean()
-        if self.date is None:
-            raise ValidationError(_("The date must be set."))
-        elif self.date < self.journal.start_date:
-            raise ValidationError(
-                _(
-                    """The date can not be before the start date of the journal, which is
-%(start_date)s."""
-                )
-                % {
-                    "start_date": defaultfilters.date(
-                        self.journal.start_date, settings.DATE_FORMAT
-                    )
-                }
-            )
-        if self.target_type != "OTHER" and self.get_target() is None:
-            raise ValidationError(_("Target does not exists"))
-        if self.target_type == "OTHER" and self.target_label == "":
-            raise ValidationError(
-                _("Please add a target label if you set no existing target")
-            )
-        if not self.accounting_type and not self.simpleaccounting_type:
-            raise ValidationError(
-                _(
-                    "You need to provide ether a simplified accounting type or a standard accounting type"
-                )
-            )
-        if self.simpleaccounting_type:
-            self.accounting_type = self.simpleaccounting_type.accounting_type
-
-    @property
-    def target(self):
-        return self.get_target()
-
-    def get_target(self):
-        tar = None
-        if self.target_type == "USER":
-            tar = User.objects.filter(id=self.target_id).first()
-        elif self.target_type == "CLUB":
-            tar = Club.objects.filter(id=self.target_id).first()
-        elif self.target_type == "ACCOUNT":
-            tar = ClubAccount.objects.filter(id=self.target_id).first()
-        elif self.target_type == "COMPANY":
-            tar = Company.objects.filter(id=self.target_id).first()
-        return tar
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        if self.journal.closed:
-            return False
-        m = self.journal.club_account.club.get_membership_for(user)
-        return m is not None and m.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-    def can_be_edited_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        if self.journal.closed:
-            return False
-        m = self.journal.club_account.club.get_membership_for(user)
-        return m is not None and m.role == settings.SITH_CLUB_ROLES_ID["Treasurer"]
-
-
-class AccountingType(models.Model):
-    """Accounting types.
-
-    Those are numbers used in accounting to classify operations
-    """
-
-    code = models.CharField(
-        _("code"),
-        max_length=16,
-        validators=[
-            validators.RegexValidator(
-                r"^[0-9]*$", _("An accounting type code contains only numbers")
-            )
-        ],
-    )
-    label = models.CharField(_("label"), max_length=128)
-    movement_type = models.CharField(
-        _("movement type"),
-        choices=[
-            ("CREDIT", _("Credit")),
-            ("DEBIT", _("Debit")),
-            ("NEUTRAL", _("Neutral")),
-        ],
-        max_length=12,
-    )
-
-    class Meta:
-        verbose_name = _("accounting type")
-        ordering = ["movement_type", "code"]
-
-    def __str__(self):
-        return self.code + " - " + self.get_movement_type_display() + " - " + self.label
-
-    def get_absolute_url(self):
-        return reverse("accounting:type_list")
-
-    def is_owned_by(self, user):
-        """Check if that object can be edited by the given user."""
-        if user.is_anonymous:
-            return False
-        return user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-
-
-class SimplifiedAccountingType(models.Model):
-    """Simplified version of `AccountingType`."""
-
-    label = models.CharField(_("label"), max_length=128)
-    accounting_type = models.ForeignKey(
-        AccountingType,
-        related_name="simplified_types",
-        verbose_name=_("simplified accounting types"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        verbose_name = _("simplified type")
-        ordering = ["accounting_type__movement_type", "accounting_type__code"]
-
-    def __str__(self):
-        return (
-            f"{self.get_movement_type_display()} "
-            f"- {self.accounting_type.code} - {self.label}"
-        )
-
-    def get_absolute_url(self):
-        return reverse("accounting:simple_type_list")
-
-    @property
-    def movement_type(self):
-        return self.accounting_type.movement_type
-
-    def get_movement_type_display(self):
-        return self.accounting_type.get_movement_type_display()
-
-
-class Label(models.Model):
-    """Label allow a club to sort its operations."""
-
-    name = models.CharField(_("label"), max_length=64)
-    club_account = models.ForeignKey(
-        ClubAccount,
-        related_name="labels",
-        verbose_name=_("club account"),
-        on_delete=models.CASCADE,
-    )
-
-    class Meta:
-        unique_together = ("name", "club_account")
-
-    def __str__(self):
-        return "%s (%s)" % (self.name, self.club_account.name)
-
-    def get_absolute_url(self):
-        return reverse(
-            "accounting:label_list", kwargs={"clubaccount_id": self.club_account.id}
-        )
-
-    def is_owned_by(self, user):
-        if user.is_anonymous:
-            return False
-        return self.club_account.is_owned_by(user)
-
-    def can_be_edited_by(self, user):
-        return self.club_account.can_be_edited_by(user)
-
-    def can_be_viewed_by(self, user):
-        return self.club_account.can_be_viewed_by(user)

accounting/schemas.py

@@ -1,15 +0,0 @@
-from ninja import ModelSchema
-
-from accounting.models import ClubAccount, Company
-
-
-class ClubAccountSchema(ModelSchema):
-    class Meta:
-        model = ClubAccount
-        fields = ["id", "name"]
-
-
-class CompanySchema(ModelSchema):
-    class Meta:
-        model = Company
-        fields = ["id", "name"]

accounting/static/bundled/accounting/components/ajax-select-index.ts

@@ -1,60 +0,0 @@
-import { AjaxSelect } from "#core:core/components/ajax-select-base";
-import { registerComponent } from "#core:utils/web-components";
-import type { TomOption } from "tom-select/dist/types/types";
-import type { escape_html } from "tom-select/dist/types/utils";
-import {
-  type ClubAccountSchema,
-  type CompanySchema,
-  accountingSearchClubAccount,
-  accountingSearchCompany,
-} from "#openapi";
-
-@registerComponent("club-account-ajax-select")
-export class ClubAccountAjaxSelect extends AjaxSelect {
-  protected valueField = "id";
-  protected labelField = "name";
-  protected searchField = ["code", "name"];
-
-  protected async search(query: string): Promise<TomOption[]> {
-    const resp = await accountingSearchClubAccount({ query: { search: query } });
-    if (resp.data) {
-      return resp.data.results;
-    }
-    return [];
-  }
-
-  protected renderOption(item: ClubAccountSchema, sanitize: typeof escape_html) {
-    return `<div class="select-item">
-            <span class="select-item-text">${sanitize(item.name)}</span>
-          </div>`;
-  }
-
-  protected renderItem(item: ClubAccountSchema, sanitize: typeof escape_html) {
-    return `<span>${sanitize(item.name)}</span>`;
-  }
-}
-
-@registerComponent("company-ajax-select")
-export class CompanyAjaxSelect extends AjaxSelect {
-  protected valueField = "id";
-  protected labelField = "name";
-  protected searchField = ["code", "name"];
-
-  protected async search(query: string): Promise<TomOption[]> {
-    const resp = await accountingSearchCompany({ query: { search: query } });
-    if (resp.data) {
-      return resp.data.results;
-    }
-    return [];
-  }
-
-  protected renderOption(item: CompanySchema, sanitize: typeof escape_html) {
-    return `<div class="select-item">
-            <span class="select-item-text">${sanitize(item.name)}</span>
-          </div>`;
-  }
-
-  protected renderItem(item: CompanySchema, sanitize: typeof escape_html) {
-    return `<span>${sanitize(item.name)}</span>`;
-  }
-}

accounting/templates/accounting/accountingtype_list.jinja

@@ -1,27 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Accounting type list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {% trans %}Accounting types{% endtrans %}
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:type_new') }}">{% trans %}New accounting type{% endtrans %}</a></p>
-    {% if accountingtype_list %}
-      <h3>{% trans %}Accounting type list{% endtrans %}</h3>
-      <ul>
-        {% for a in accountingtype_list  %}
-          <li><a href="{{ url('accounting:type_edit', type_id=a.id) }}">{{ a }}</a></li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no types in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-

accounting/templates/accounting/bank_account_details.jinja

@@ -1,38 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Bank account: {% endtrans %}{{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {{ object.name }}
-    </p>
-    <hr>
-    <h2>{% trans %}Bank account: {% endtrans %}{{ object.name }}</h2>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and not object.club_accounts.exists() %}
-      <a href="{{ url('accounting:bank_delete', b_account_id=object.id) }}">{% trans %}Delete{% endtrans %}</a>
-    {% endif %}
-    <h4>{% trans %}Infos{% endtrans %}</h4>
-    <ul>
-      <li><strong>{% trans %}IBAN: {% endtrans %}</strong>{{ object.iban }}</li>
-      <li><strong>{% trans %}Number: {% endtrans %}</strong>{{ object.number }}</li>
-    </ul>
-    <p><a href="{{ url('accounting:club_new') }}?parent={{ object.id }}">{% trans %}New club account{% endtrans %}</a></p>
-    <ul>
-      {% for c in object.club_accounts.all() %}
-        <li><a href="{{ url('accounting:club_details', c_account_id=c.id) }}">{{ c }}</a>
-          - <a href="{{ url('accounting:club_edit', c_account_id=c.id) }}">{% trans %}Edit{% endtrans %}</a>
-          {% if c.journals.count() == 0 %}
-            - <a href="{{ url('accounting:club_delete', c_account_id=c.id) }}">{% trans %}Delete{% endtrans %}</a>
-          {% endif %}
-        </li>
-      {% endfor %}
-    </ul>
-  </div>
-{% endblock %}
-
-
-

accounting/templates/accounting/bank_account_list.jinja

@@ -1,33 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Bank account list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <h4>
-      {% trans %}Accounting{% endtrans %}
-    </h4>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:simple_type_list') }}">{% trans %}Manage simplified types{% endtrans %}</a></p>
-      <p><a href="{{ url('accounting:type_list') }}">{% trans %}Manage accounting types{% endtrans %}</a></p>
-      <p><a href="{{ url('accounting:bank_new') }}">{% trans %}New bank account{% endtrans %}</a></p>
-    {% endif %}
-    {% if bankaccount_list %}
-      <h3>{% trans %}Bank account list{% endtrans %}</h3>
-      <ul>
-        {% for a in object_list  %}
-          <li><a href="{{ url('accounting:bank_details', b_account_id=a.id) }}">{{ a }}</a>
-            - <a href="{{ url('accounting:bank_edit', b_account_id=a.id) }}">{% trans %}Edit{% endtrans %}</a>
-          </li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no accounts in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-
-
-

accounting/templates/accounting/club_account_details.jinja

@@ -1,68 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Club account:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.bank_account.id) }}">{{object.bank_account }}</a> >
-      {{ object }}
-    </p>
-    <hr>
-    <h2>{% trans %}Club account:{% endtrans %} {{ object.name }}</h2>
-    {% if user.is_root and not object.journals.exists() %}
-      <a href="{{ url('accounting:club_delete', c_account_id=object.id) }}">{% trans %}Delete{% endtrans %}</a>
-    {% endif %}
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:label_new') }}?parent={{ object.id }}">{% trans %}New label{% endtrans %}</a></p>
-    {% endif %}
-    <p><a href="{{ url('accounting:label_list', clubaccount_id=object.id) }}">{% trans %}Label list{% endtrans %}</a></p>
-    {% if not object.has_open_journal() %}
-      <p><a href="{{ url('accounting:journal_new') }}?parent={{ object.id }}">{% trans %}New journal{% endtrans %}</a></p>
-    {% else %}
-      <p>{% trans %}You can not create new journal while you still have one opened{% endtrans %}</p>
-    {% endif %}
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Name{% endtrans %}</td>
-          <td>{% trans %}Start{% endtrans %}</td>
-          <td>{% trans %}End{% endtrans %}</td>
-          <td>{% trans %}Amount{% endtrans %}</td>
-          <td>{% trans %}Effective amount{% endtrans %}</td>
-          <td>{% trans %}Closed{% endtrans %}</td>
-          <td>{% trans %}Actions{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for j in object.journals.all() %}
-          <tr>
-            <td>{{ j.name }}</td>
-            <td>{{ j.start_date }}</td>
-            {% if j.end_date %}
-              <td>{{ j.end_date }}</td>
-            {% else %}
-              <td> - </td>
-            {% endif %}
-            <td>{{ j.amount }} €</td>
-            <td>{{ j.effective_amount }} €</td>
-            {% if j.closed %}
-              <td>{% trans %}Yes{% endtrans %}</td>
-            {% else %}
-              <td>{% trans %}No{% endtrans %}</td>
-            {% endif %}
-            <td> <a href="{{ url('accounting:journal_details', j_id=j.id) }}">{% trans %}View{% endtrans %}</a>
-              <a href="{{ url('accounting:journal_edit', j_id=j.id) }}">{% trans %}Edit{% endtrans %}</a>
-              {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and j.operations.count() == 0 %}
-                <a href="{{ url('accounting:journal_delete', j_id=j.id) }}">{% trans %}Delete{% endtrans %}</a>
-              {% endif %}
-            </td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-  </div>
-{% endblock %}

accounting/templates/accounting/co_list.jinja

@@ -1,30 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Company list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    {% if user.is_root
-    or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-    %}
-    <p><a href="{{ url('accounting:co_new') }}">{% trans %}Create new company{% endtrans %}</a></p>
-{% endif %}
-<br/>
-<table>
-  <thead>
-    <tr>
-      <td>{% trans %}Companies{% endtrans %}</td>
-    </tr>
-  </thead>
-  <tbody>
-    {% for o in object_list %}
-      <tr>
-        <td><a href="{{ url('accounting:co_edit', co_id=o.id) }}">{{ o.get_display_name() }}</a></td>
-      </tr>
-    {% endfor %}
-  </tbody>
-</table>
-</div>
-{% endblock %}

accounting/templates/accounting/journal_details.jinja

@@ -1,103 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.club_account.bank_account.id) }}">{{object.club_account.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.club_account.id) }}">{{ object.club_account }}</a> >
-      {{ object.name }}
-    </p>
-    <hr>
-    <h2>{% trans %}General journal:{% endtrans %} {{ object.name }}</h2>
-    <p><a href="{{ url('accounting:label_new') }}?parent={{ object.club_account.id }}">{% trans %}New label{% endtrans %}</a></p>
-    <p><a href="{{ url('accounting:label_list', clubaccount_id=object.club_account.id) }}">{% trans %}Label list{% endtrans %}</a></p>
-    <p><a href="{{ url('accounting:co_list') }}">{% trans %}Company list{% endtrans %}</a></p>
-    <p><strong>{% trans %}Amount: {% endtrans %}</strong>{{ object.amount }} € -
-      <strong>{% trans %}Effective amount: {% endtrans %}</strong>{{ object.effective_amount }} €</p>
-    {% if object.closed %}
-      <p>{% trans %}Journal is closed, you can not create operation{% endtrans %}</p>
-    {% else %}
-      <p><a href="{{ url('accounting:op_new', j_id=object.id) }}">{% trans %}New operation{% endtrans %}</a></p>
-      </br>
-    {% endif %}
-    <div class="journal-table">
-      <table>
-        <thead>
-          <tr>
-            <td>{% trans %}Nb{% endtrans %}</td>
-            <td>{% trans %}Date{% endtrans %}</td>
-            <td>{% trans %}Label{% endtrans %}</td>
-            <td>{% trans %}Amount{% endtrans %}</td>
-            <td>{% trans %}Payment mode{% endtrans %}</td>
-            <td>{% trans %}Target{% endtrans %}</td>
-            <td>{% trans %}Code{% endtrans %}</td>
-            <td>{% trans %}Nature{% endtrans %}</td>
-            <td>{% trans %}Done{% endtrans %}</td>
-            <td>{% trans %}Comment{% endtrans %}</td>
-            <td>{% trans %}File{% endtrans %}</td>
-            <td>{% trans %}Actions{% endtrans %}</td>
-            <td>{% trans %}PDF{% endtrans %}</td>
-          </tr>
-        </thead>
-        <tbody>
-          {% for o in object.operations.all() %}
-            <tr>
-              <td>{{ o.number }}</td>
-              <td>{{ o.date }}</td>
-              <td>{{ o.label or "" }}</td>
-              {% if o.accounting_type.movement_type == "DEBIT" %}
-                <td class="neg-amount">&nbsp;{{ o.amount }}&nbsp;€</td>
-              {% else %}
-                <td class="pos-amount">&nbsp;{{ o.amount }}&nbsp;€</td>
-              {% endif %}
-              <td>{{ o.get_mode_display() }}</td>
-              {% if o.target_type == "OTHER" %}
-                <td>{{ o.target_label }}</td>
-              {% else %}
-                <td><a href="{{ o.target.get_absolute_url() }}">{{ o.target.get_display_name() }}</a></td>
-              {% endif %}
-              <td>{{ o.accounting_type.code }}</td>
-              <td>{{ o.accounting_type.label }}</td>
-              {% if o.done %}
-                <td>{% trans %}Yes{% endtrans %}</td>
-              {% else %}
-                <td>{% trans %}No{% endtrans %}</td>
-              {% endif %}
-              <td>{{ o.remark }}
-                {% if not o.linked_operation and o.target_type == "ACCOUNT" and not o.target.has_open_journal() %}
-                  <p><strong>
-                    {% trans %}Warning: this operation has no linked operation because the targeted club account has no opened journal.{% endtrans %}
-                  </strong></p>
-                  <p><strong>
-                    {% trans url=o.target.get_absolute_url() %}Open a journal in <a href="{{ url }}">this club account</a>, then save this operation again to make the linked operation.{% endtrans %}
-                  </strong></p>
-                {% endif %}
-              </td>
-              {% if o.invoice %}
-                <td><a href="{{ url('core:download', file_id=o.invoice.id) }}">{{ o.invoice.name }}</a></td>
-              {% else %}
-                <td>-</td>
-              {% endif %}
-              <td>
-                {%
-                if o.journal.club_account.bank_account.name not in ["AE TI", "TI"]
-                or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
-                %}
-                {% if not o.journal.closed %}
-                  <a href="{{ url('accounting:op_edit', op_id=o.id) }}">{% trans %}Edit{% endtrans %}</a>
-                {% endif %}
-          {% endif %}
-        </td>
-        <td><a href="{{ url('accounting:op_pdf', op_id=o.id) }}">{% trans %}Generate{% endtrans %}</a></td>
-      </tr>
-{% endfor %}
-</tbody>
-</table>
-</div>
-</div>
-{% endblock %}

accounting/templates/accounting/journal_statement_accounting.jinja

@@ -1,33 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-
-{% block content %}
-  <div id="accounting">
-    <h3>{% trans %}Accounting statement: {% endtrans %} {{ object.name }}</h3>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Operation type{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in statement.items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p><strong>{% trans %}Amount: {% endtrans %}</strong>{{ "%.2f" % object.amount }} €</p>
-    <p><strong>{% trans %}Effective amount: {% endtrans %}</strong>{{ "%.2f" %object.effective_amount }} €</p>
-  </div>
-{% endblock %}

accounting/templates/accounting/journal_statement_nature.jinja

@@ -1,57 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-{% macro display_tables(dict) %}
-  <div id="accounting">
-    <h6>{% trans %}Credit{% endtrans %}</h6>
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Nature of operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in dict['CREDIT'].items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-    {% trans %}Total: {% endtrans %}{{ "%.2f" % dict['CREDIT_sum'] }}
-
-    <h6>{% trans %}Debit{% endtrans %}</h6>
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Nature of operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for k,v in dict['DEBIT'].items() %}
-          <tr>
-            <td>{{ k }}</td>
-            <td>{{ "%.2f" % v }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-    {% trans %}Total: {% endtrans %}{{ "%.2f" % dict['DEBIT_sum'] }}
-{% endmacro %}
-
-{% block content %}
-  <h3>{% trans %}Statement by nature: {% endtrans %} {{ object.name }}</h3>
-
-  {% for k,v in statement.items() %}
-    <h4 style="background: lightblue; padding: 4px;">{{ k }} : {{ "%.2f" % (v['CREDIT_sum'] - v['DEBIT_sum']) }}</h4>
-    {{ display_tables(v) }}
-    <hr>
-  {% endfor %}
-  </div>
-{% endblock %}

accounting/templates/accounting/journal_statement_person.jinja

@@ -1,68 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}General journal:{% endtrans %} {{ object.name }}
-{% endblock %}
-
-
-{% block content %}
-  <div id="accounting">
-    <h3>{% trans %}Statement by person: {% endtrans %} {{ object.name }}</h3>
-
-    <h4>{% trans %}Credit{% endtrans %}</h4>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Target of the operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for key in credit_statement.keys() %}
-          <tr>
-            {% if key.target_type == "OTHER" %}
-              <td>{{ o.target_label }}</td>
-            {% elif key %}
-              <td><a href="{{ key.get_absolute_url() }}">{{ key.get_display_name() }}</a></td>
-            {% else %}
-              <td></td>
-            {% endif %}
-            <td>{{ "%.2f" % credit_statement[key] }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p>Total : {{ "%.2f" % total_credit }}</p>
-
-    <h4>{% trans %}Debit{% endtrans %}</h4>
-
-    <table>
-      <thead>
-        <tr>
-          <td>{% trans %}Target of the operation{% endtrans %}</td>
-          <td>{% trans %}Sum{% endtrans %}</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for key in debit_statement.keys() %}
-          <tr>
-            {% if key.target_type == "OTHER" %}
-              <td>{{ o.target_label }}</td>
-            {% elif key %}
-              <td><a href="{{ key.get_absolute_url() }}">{{ key.get_display_name() }}</a></td>
-            {% else %}
-              <td></td>
-            {% endif %}
-            <td>{{ "%.2f" % debit_statement[key] }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-
-    </table>
-
-    <p>Total : {{ "%.2f" % total_debit }}</p>
-  </div>
-{% endblock %}

accounting/templates/accounting/label_list.jinja

@@ -1,36 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Label list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.bank_account.id) }}">{{object.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.id) }}">{{ object }}</a>
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:club_details', c_account_id=object.id) }}">{% trans %}Back to club account{% endtrans %}</a></p>
-    {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-      <p><a href="{{ url('accounting:label_new') }}?parent={{ object.id }}">{% trans %}New label{% endtrans %}</a></p>
-    {% endif %}
-    {% if object.labels.all() %}
-      <h3>{% trans %}Label list{% endtrans %}</h3>
-      <ul>
-        {% for l in object.labels.all()  %}
-          <li><a href="{{ url('accounting:label_edit', label_id=l.id) }}">{{ l }}</a>
-            {% if user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}
-              -
-              <a href="{{ url('accounting:label_delete', label_id=l.id) }}">{% trans %}Delete{% endtrans %}</a>
-            {% endif %}
-          </li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no label in this club account.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-

accounting/templates/accounting/operation_edit.jinja

@@ -1,123 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Edit operation{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      <a href="{{ url('accounting:bank_details', b_account_id=object.club_account.bank_account.id) }}">{{object.club_account.bank_account }}</a> >
-      <a href="{{ url('accounting:club_details', c_account_id=object.club_account.id) }}">{{ object.club_account }}</a> >
-      <a href="{{ url('accounting:journal_details', j_id=object.id) }}">{{ object.name }}</a> >
-      {% trans %}Edit operation{% endtrans %}
-    </p>
-    <hr>
-    <h2>{% trans %}Edit operation{% endtrans %}</h2>
-    <form action="" method="post">
-      {% csrf_token %}
-      {{ form.non_field_errors() }}
-      {{ form.journal }}
-      {{ form.target_id }}
-      <p>{{ form.amount.errors }}<label for="{{ form.amount.name }}">{{ form.amount.label }}</label> {{ form.amount }}</p>
-      <p>{{ form.remark.errors }}<label for="{{ form.remark.name }}">{{ form.remark.label }}</label> {{ form.remark }}</p>
-      <br />
-      <strong>{% trans %}Warning: if you select <em>Account</em>, the opposite operation will be created in the target account. If you don't want that, select <em>Club</em> instead of <em>Account</em>.{% endtrans %}</strong>
-      <p>{{ form.target_type.errors }}<label for="{{ form.target_type.name }}">{{ form.target_type.label }}</label> {{ form.target_type }}</p>
-      {{ form.user }}
-      {{ form.club }}
-      {{ form.club_account }}
-      {{ form.company }}
-      {{ form.target_label }}
-      <span id="id_need_link_full"><label>{{ form.need_link.label }}</label> {{ form.need_link }}</span>
-      <p>{{ form.date.errors }}<label for="{{ form.date.name }}">{{ form.date.label }}</label> {{ form.date }}</p>
-      <p>{{ form.mode.errors }}<label for="{{ form.mode.name }}">{{ form.mode.label }}</label> {{ form.mode }}</p>
-      <p>{{ form.cheque_number.errors }}<label for="{{ form.cheque_number.name }}">{{ form.cheque_number.label }}</label> {{
-        form.cheque_number }}</p>
-      <p>{{ form.invoice.errors }}<label for="{{ form.invoice.name }}">{{ form.invoice.label }}</label> {{ form.invoice }}</p>
-      <p>{{ form.simpleaccounting_type.errors }}<label for="{{ form.simpleaccounting_type.name }}">{{
-        form.simpleaccounting_type.label }}</label> {{ form.simpleaccounting_type }}</p>
-      <p>{{ form.accounting_type.errors }}<label for="{{ form.accounting_type.name }}">{{ form.accounting_type.label }}</label> {{
-        form.accounting_type }}</p>
-      <p>{{ form.label.errors }}<label for="{{ form.label.name }}">{{ form.label.label }}</label> {{ form.label }}</p>
-      <p>{{ form.done.errors }}<label for="{{ form.done.name }}">{{ form.done.label }}</label> {{ form.done }}</p>
-      {% if form.instance.linked_operation %}
-        {% set obj = form.instance.linked_operation %}
-        <p><strong>{% trans %}Linked operation:{% endtrans %}</strong><br>
-          <a href="{{ url('accounting:bank_details', b_account_id=obj.journal.club_account.bank_account.id) }}">
-            {{obj.journal.club_account.bank_account }}</a> >
-          <a href="{{ url('accounting:club_details', c_account_id=obj.journal.club_account.id) }}">{{ obj.journal.club_account }}</a> >
-          <a href="{{ url('accounting:journal_details', j_id=obj.journal.id) }}">{{ obj.journal }}</a> >
-          n°{{ obj.number }}
-        </p>
-      {% endif %}
-      <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
-    </form>
-{% endblock %}
-
-{% block script %}
-  {{ super() }}
-  <script>
-    $( function() {
-      var target_type = $('#id_target_type');
-      var user = $('user-ajax-select');
-      var club = $('club-ajax-select');
-      var club_account = $('club-account-ajax-select');
-      var company = $('company-ajax-select');
-      var other = $('#id_target_label');
-      var need_link = $('#id_need_link_full');
-      function update_targets () {
-        if (target_type.val() == "USER") {
-          console.log(user);
-          user.show();
-          club.hide();
-          club_account.hide();
-          company.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "ACCOUNT") {
-          club_account.show();
-          need_link.show();
-          user.hide();
-          club.hide();
-          company.hide();
-          other.hide();
-        } else if (target_type.val() == "CLUB") {
-          club.show();
-          user.hide();
-          club_account.hide();
-          company.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "COMPANY") {
-          company.show();
-          user.hide();
-          club_account.hide();
-          club.hide();
-          other.hide();
-          need_link.hide();
-        } else if (target_type.val() == "OTHER") {
-          other.show();
-          user.hide();
-          club.hide();
-          club_account.hide();
-          company.hide();
-          need_link.hide();
-        } else {
-          company.hide();
-          user.hide();
-          club_account.hide();
-          club.hide();
-          other.hide();
-          need_link.hide();
-        }
-      }
-      update_targets();
-      target_type.change(update_targets);
-    } );
-  </script>
-  </div>
-{% endblock %}
-
-

accounting/templates/accounting/simplifiedaccountingtype_list.jinja

@@ -1,27 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Simplified type list{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  <div id="accounting">
-    <p>
-      <a href="{{ url('accounting:bank_list') }}">{% trans %}Accounting{% endtrans %}</a> >
-      {% trans %}Simplified types{% endtrans %}
-    </p>
-    <hr>
-    <p><a href="{{ url('accounting:simple_type_new') }}">{% trans %}New simplified type{% endtrans %}</a></p>
-    {% if simplifiedaccountingtype_list %}
-      <h3>{% trans %}Simplified type list{% endtrans %}</h3>
-      <ul>
-        {% for a in simplifiedaccountingtype_list  %}
-          <li><a href="{{ url('accounting:simple_type_edit', type_id=a.id) }}">{{ a }}</a></li>
-        {% endfor %}
-      </ul>
-    {% else %}
-      {% trans %}There is no types in this website.{% endtrans %}
-    {% endif %}
-  </div>
-{% endblock %}
-

accounting/tests.py

@@ -1,292 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from datetime import date, timedelta
-
-from django.test import TestCase
-from django.urls import reverse
-
-from accounting.models import (
-    AccountingType,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-from core.models import User
-
-
-class TestRefoundAccount(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.skia = User.objects.get(username="skia")
-        # reffil skia's account
-        cls.skia.customer.amount = 800
-        cls.skia.customer.save()
-        cls.refound_account_url = reverse("accounting:refound_account")
-
-    def test_permission_denied(self):
-        self.client.force_login(User.objects.get(username="guy"))
-        response_post = self.client.post(
-            self.refound_account_url, {"user": self.skia.id}
-        )
-        response_get = self.client.get(self.refound_account_url)
-        assert response_get.status_code == 403
-        assert response_post.status_code == 403
-
-    def test_root_granteed(self):
-        self.client.force_login(User.objects.get(username="root"))
-        response = self.client.post(self.refound_account_url, {"user": self.skia.id})
-        self.assertRedirects(response, self.refound_account_url)
-        self.skia.refresh_from_db()
-        response = self.client.get(self.refound_account_url)
-        assert response.status_code == 200
-        assert '<form action="" method="post">' in str(response.content)
-        assert self.skia.customer.amount == 0
-
-    def test_comptable_granteed(self):
-        self.client.force_login(User.objects.get(username="comptable"))
-        response = self.client.post(self.refound_account_url, {"user": self.skia.id})
-        self.assertRedirects(response, self.refound_account_url)
-        self.skia.refresh_from_db()
-        response = self.client.get(self.refound_account_url)
-        assert response.status_code == 200
-        assert '<form action="" method="post">' in str(response.content)
-        assert self.skia.customer.amount == 0
-
-
-class TestJournal(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.journal = GeneralJournal.objects.get(id=1)
-
-    def test_permission_granted(self):
-        self.client.force_login(User.objects.get(username="comptable"))
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-
-        assert response_get.status_code == 200
-        assert "<td>M\\xc3\\xa9thode de paiement</td>" in str(response_get.content)
-
-    def test_permission_not_granted(self):
-        self.client.force_login(User.objects.get(username="skia"))
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-
-        assert response_get.status_code == 403
-        assert "<td>M\xc3\xa9thode de paiement</td>" not in str(response_get.content)
-
-
-class TestOperation(TestCase):
-    def setUp(self):
-        self.tomorrow_formatted = (date.today() + timedelta(days=1)).strftime(
-            "%d/%m/%Y"
-        )
-        self.journal = GeneralJournal.objects.filter(id=1).first()
-        self.skia = User.objects.filter(username="skia").first()
-        at = AccountingType(
-            code="443", label="Ce code n'existe pas", movement_type="CREDIT"
-        )
-        at.save()
-        label = Label.objects.create(club_account=self.journal.club_account, name="bob")
-        self.client.force_login(User.objects.get(username="comptable"))
-        self.op1 = Operation(
-            journal=self.journal,
-            date=date.today(),
-            amount=1,
-            remark="Test bilan",
-            mode="CASH",
-            done=True,
-            label=label,
-            accounting_type=at,
-            target_type="USER",
-            target_id=self.skia.id,
-        )
-        self.op1.save()
-        self.op2 = Operation(
-            journal=self.journal,
-            date=date.today(),
-            amount=2,
-            remark="Test bilan",
-            mode="CASH",
-            done=True,
-            label=label,
-            accounting_type=at,
-            target_type="USER",
-            target_id=self.skia.id,
-        )
-        self.op2.save()
-
-    def test_new_operation(self):
-        at = AccountingType.objects.get(code="604")
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de la nuit",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": at.id,
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertFalse(response.status_code == 403)
-        self.assertTrue(
-            self.journal.operations.filter(
-                target_label="Le fantome de la nuit"
-            ).exists()
-        )
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-        self.assertTrue("<td>Le fantome de la nuit</td>" in str(response_get.content))
-
-    def test_bad_new_operation(self):
-        AccountingType.objects.get(code="604")
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de la nuit",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": "",
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertTrue(
-            "Vous devez fournir soit un type comptable simplifi\\xc3\\xa9 ou un type comptable standard"
-            in str(response.content)
-        )
-
-    def test_new_operation_not_authorized(self):
-        self.client.force_login(self.skia)
-        at = AccountingType.objects.filter(code="604").first()
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 30,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome du jour",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": "",
-                "accounting_type": at.id,
-                "label": "",
-                "done": False,
-            },
-        )
-        self.assertTrue(response.status_code == 403)
-        self.assertFalse(
-            self.journal.operations.filter(target_label="Le fantome du jour").exists()
-        )
-
-    def test_operation_simple_accounting(self):
-        sat = SimplifiedAccountingType.objects.all().first()
-        response = self.client.post(
-            reverse("accounting:op_new", args=[self.journal.id]),
-            {
-                "amount": 23,
-                "remark": "Un gros test",
-                "journal": self.journal.id,
-                "target_type": "OTHER",
-                "target_id": "",
-                "target_label": "Le fantome de l'aurore",
-                "date": self.tomorrow_formatted,
-                "mode": "CASH",
-                "cheque_number": "",
-                "invoice": "",
-                "simpleaccounting_type": sat.id,
-                "accounting_type": "",
-                "label": "",
-                "done": False,
-            },
-        )
-        assert response.status_code != 403
-        assert self.journal.operations.filter(amount=23).exists()
-        response_get = self.client.get(
-            reverse("accounting:journal_details", args=[self.journal.id])
-        )
-        assert "<td>Le fantome de l&#39;aurore</td>" in str(response_get.content)
-
-        assert (
-            self.journal.operations.filter(amount=23)
-            .values("accounting_type")
-            .first()["accounting_type"]
-            == AccountingType.objects.filter(code=6).values("id").first()["id"]
-        )
-
-    def test_nature_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_nature_statement", args=[self.journal.id])
-        )
-        self.assertContains(response, "bob (Troll Penché) : 3.00", status_code=200)
-
-    def test_person_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_person_statement", args=[self.journal.id])
-        )
-        self.assertContains(response, "Total : 5575.72", status_code=200)
-        self.assertContains(response, "Total : 71.42")
-        content = response.content.decode()
-        self.assertInHTML(
-            """<td><a href="/user/1/">S&#39; Kia</a></td><td>3.00</td>""", content
-        )
-        self.assertInHTML(
-            """<td><a href="/user/1/">S&#39; Kia</a></td><td>823.00</td>""", content
-        )
-
-    def test_accounting_statement(self):
-        response = self.client.get(
-            reverse("accounting:journal_accounting_statement", args=[self.journal.id])
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            """
-            <tr>
-                <td>443 - Crédit - Ce code n&#39;existe pas</td>
-                <td>3.00</td>
-            </tr>""",
-            response.content.decode(),
-        )
-        self.assertContains(
-            response,
-            """
-    <p><strong>Montant : </strong>-5504.30 €</p>
-    <p><strong>Montant effectif: </strong>-5504.30 €</p>""",
-        )

accounting/urls.py

@@ -1,173 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-from django.urls import path
-
-from accounting.views import (
-    AccountingTypeCreateView,
-    AccountingTypeEditView,
-    AccountingTypeListView,
-    BankAccountCreateView,
-    BankAccountDeleteView,
-    BankAccountDetailView,
-    BankAccountEditView,
-    BankAccountListView,
-    ClubAccountCreateView,
-    ClubAccountDeleteView,
-    ClubAccountDetailView,
-    ClubAccountEditView,
-    CompanyCreateView,
-    CompanyEditView,
-    CompanyListView,
-    JournalAccountingStatementView,
-    JournalCreateView,
-    JournalDeleteView,
-    JournalDetailView,
-    JournalEditView,
-    JournalNatureStatementView,
-    JournalPersonStatementView,
-    LabelCreateView,
-    LabelDeleteView,
-    LabelEditView,
-    LabelListView,
-    OperationCreateView,
-    OperationEditView,
-    OperationPDFView,
-    RefoundAccountView,
-    SimplifiedAccountingTypeCreateView,
-    SimplifiedAccountingTypeEditView,
-    SimplifiedAccountingTypeListView,
-)
-
-urlpatterns = [
-    # Accounting types
-    path(
-        "simple_type/",
-        SimplifiedAccountingTypeListView.as_view(),
-        name="simple_type_list",
-    ),
-    path(
-        "simple_type/create/",
-        SimplifiedAccountingTypeCreateView.as_view(),
-        name="simple_type_new",
-    ),
-    path(
-        "simple_type/<int:type_id>/edit/",
-        SimplifiedAccountingTypeEditView.as_view(),
-        name="simple_type_edit",
-    ),
-    # Accounting types
-    path("type/", AccountingTypeListView.as_view(), name="type_list"),
-    path("type/create/", AccountingTypeCreateView.as_view(), name="type_new"),
-    path(
-        "type/<int:type_id>/edit/",
-        AccountingTypeEditView.as_view(),
-        name="type_edit",
-    ),
-    # Bank accounts
-    path("", BankAccountListView.as_view(), name="bank_list"),
-    path("bank/create", BankAccountCreateView.as_view(), name="bank_new"),
-    path(
-        "bank/<int:b_account_id>/",
-        BankAccountDetailView.as_view(),
-        name="bank_details",
-    ),
-    path(
-        "bank/<int:b_account_id>/edit/",
-        BankAccountEditView.as_view(),
-        name="bank_edit",
-    ),
-    path(
-        "bank/<int:b_account_id>/delete/",
-        BankAccountDeleteView.as_view(),
-        name="bank_delete",
-    ),
-    # Club accounts
-    path("club/create/", ClubAccountCreateView.as_view(), name="club_new"),
-    path(
-        "club/<int:c_account_id>/",
-        ClubAccountDetailView.as_view(),
-        name="club_details",
-    ),
-    path(
-        "club/<int:c_account_id>/edit/",
-        ClubAccountEditView.as_view(),
-        name="club_edit",
-    ),
-    path(
-        "club/<int:c_account_id>/delete/",
-        ClubAccountDeleteView.as_view(),
-        name="club_delete",
-    ),
-    # Journals
-    path("journal/create/", JournalCreateView.as_view(), name="journal_new"),
-    path(
-        "journal/<int:j_id>/",
-        JournalDetailView.as_view(),
-        name="journal_details",
-    ),
-    path(
-        "journal/<int:j_id>/edit/",
-        JournalEditView.as_view(),
-        name="journal_edit",
-    ),
-    path(
-        "journal/<int:j_id>/delete/",
-        JournalDeleteView.as_view(),
-        name="journal_delete",
-    ),
-    path(
-        "journal/<int:j_id>/statement/nature/",
-        JournalNatureStatementView.as_view(),
-        name="journal_nature_statement",
-    ),
-    path(
-        "journal/<int:j_id>/statement/person/",
-        JournalPersonStatementView.as_view(),
-        name="journal_person_statement",
-    ),
-    path(
-        "journal/<int:j_id>/statement/accounting/",
-        JournalAccountingStatementView.as_view(),
-        name="journal_accounting_statement",
-    ),
-    # Operations
-    path(
-        "operation/create/<int:j_id>/",
-        OperationCreateView.as_view(),
-        name="op_new",
-    ),
-    path("operation/<int:op_id>/", OperationEditView.as_view(), name="op_edit"),
-    path("operation/<int:op_id>/pdf/", OperationPDFView.as_view(), name="op_pdf"),
-    # Companies
-    path("company/list/", CompanyListView.as_view(), name="co_list"),
-    path("company/create/", CompanyCreateView.as_view(), name="co_new"),
-    path("company/<int:co_id>/", CompanyEditView.as_view(), name="co_edit"),
-    # Labels
-    path("label/new/", LabelCreateView.as_view(), name="label_new"),
-    path(
-        "label/<int:clubaccount_id>/",
-        LabelListView.as_view(),
-        name="label_list",
-    ),
-    path("label/<int:label_id>/edit/", LabelEditView.as_view(), name="label_edit"),
-    path(
-        "label/<int:label_id>/delete/",
-        LabelDeleteView.as_view(),
-        name="label_delete",
-    ),
-    # User account
-    path("refound/account/", RefoundAccountView.as_view(), name="refound_account"),
-]

accounting/views.py

@@ -1,893 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-
-import collections
-
-from django import forms
-from django.conf import settings
-from django.core.exceptions import PermissionDenied, ValidationError
-from django.db import transaction
-from django.db.models import Sum
-from django.forms import HiddenInput
-from django.forms.models import modelform_factory
-from django.http import HttpResponse
-from django.urls import reverse, reverse_lazy
-from django.utils.translation import gettext_lazy as _
-from django.views.generic import DetailView, ListView
-from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateView
-
-from accounting.models import (
-    AccountingType,
-    BankAccount,
-    ClubAccount,
-    Company,
-    GeneralJournal,
-    Label,
-    Operation,
-    SimplifiedAccountingType,
-)
-from accounting.widgets.select import (
-    AutoCompleteSelectClubAccount,
-    AutoCompleteSelectCompany,
-)
-from club.models import Club
-from club.widgets.select import AutoCompleteSelectClub
-from core.models import User
-from core.views import (
-    CanCreateMixin,
-    CanEditMixin,
-    CanEditPropMixin,
-    CanViewMixin,
-    TabedViewMixin,
-)
-from core.views.forms import SelectDate, SelectFile
-from core.views.widgets.select import AutoCompleteSelectUser
-from counter.models import Counter, Product, Selling
-
-# Main accounting view
-
-
-class BankAccountListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = BankAccount
-    template_name = "accounting/bank_account_list.jinja"
-    ordering = ["name"]
-
-
-# Simplified accounting types
-
-
-class SimplifiedAccountingTypeListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = SimplifiedAccountingType
-    template_name = "accounting/simplifiedaccountingtype_list.jinja"
-
-
-class SimplifiedAccountingTypeEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = SimplifiedAccountingType
-    pk_url_kwarg = "type_id"
-    fields = ["label", "accounting_type"]
-    template_name = "core/edit.jinja"
-
-
-class SimplifiedAccountingTypeCreateView(CanCreateMixin, CreateView):
-    """Create an accounting type (for the admins)."""
-
-    model = SimplifiedAccountingType
-    fields = ["label", "accounting_type"]
-    template_name = "core/create.jinja"
-
-
-# Accounting types
-
-
-class AccountingTypeListView(CanViewMixin, ListView):
-    """A list view for the admins."""
-
-    model = AccountingType
-    template_name = "accounting/accountingtype_list.jinja"
-
-
-class AccountingTypeEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = AccountingType
-    pk_url_kwarg = "type_id"
-    fields = ["code", "label", "movement_type"]
-    template_name = "core/edit.jinja"
-
-
-class AccountingTypeCreateView(CanCreateMixin, CreateView):
-    """Create an accounting type (for the admins)."""
-
-    model = AccountingType
-    fields = ["code", "label", "movement_type"]
-    template_name = "core/create.jinja"
-
-
-# BankAccount views
-
-
-class BankAccountEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    fields = ["name", "iban", "number", "club"]
-    template_name = "core/edit.jinja"
-
-
-class BankAccountDetailView(CanViewMixin, DetailView):
-    """A detail view, listing every club account."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    template_name = "accounting/bank_account_details.jinja"
-
-
-class BankAccountCreateView(CanCreateMixin, CreateView):
-    """Create a bank account (for the admins)."""
-
-    model = BankAccount
-    fields = ["name", "club", "iban", "number"]
-    template_name = "core/create.jinja"
-
-
-class BankAccountDeleteView(
-    CanEditPropMixin, DeleteView
-):  # TODO change Delete to Close
-    """Delete a bank account (for the admins)."""
-
-    model = BankAccount
-    pk_url_kwarg = "b_account_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:bank_list")
-
-
-# ClubAccount views
-
-
-class ClubAccountEditView(CanViewMixin, UpdateView):
-    """An edit view for the admins."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    fields = ["name", "club", "bank_account"]
-    template_name = "core/edit.jinja"
-
-
-class ClubAccountDetailView(CanViewMixin, DetailView):
-    """A detail view, listing every journal."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    template_name = "accounting/club_account_details.jinja"
-
-
-class ClubAccountCreateView(CanCreateMixin, CreateView):
-    """Create a club account (for the admins)."""
-
-    model = ClubAccount
-    fields = ["name", "club", "bank_account"]
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = BankAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["bank_account"] = obj.id
-        return ret
-
-
-class ClubAccountDeleteView(
-    CanEditPropMixin, DeleteView
-):  # TODO change Delete to Close
-    """Delete a club account (for the admins)."""
-
-    model = ClubAccount
-    pk_url_kwarg = "c_account_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:bank_list")
-
-
-# Journal views
-
-
-class JournalTabsMixin(TabedViewMixin):
-    def get_tabs_title(self):
-        return _("Journal")
-
-    def get_list_of_tabs(self):
-        return [
-            {
-                "url": reverse(
-                    "accounting:journal_details", kwargs={"j_id": self.object.id}
-                ),
-                "slug": "journal",
-                "name": _("Journal"),
-            },
-            {
-                "url": reverse(
-                    "accounting:journal_nature_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "nature_statement",
-                "name": _("Statement by nature"),
-            },
-            {
-                "url": reverse(
-                    "accounting:journal_person_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "person_statement",
-                "name": _("Statement by person"),
-            },
-            {
-                "url": reverse(
-                    "accounting:journal_accounting_statement",
-                    kwargs={"j_id": self.object.id},
-                ),
-                "slug": "accounting_statement",
-                "name": _("Accounting statement"),
-            },
-        ]
-
-
-class JournalCreateView(CanCreateMixin, CreateView):
-    """Create a general journal."""
-
-    model = GeneralJournal
-    form_class = modelform_factory(
-        GeneralJournal,
-        fields=["name", "start_date", "club_account"],
-        widgets={"start_date": SelectDate},
-    )
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = ClubAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["club_account"] = obj.id
-        return ret
-
-
-class JournalDetailView(JournalTabsMixin, CanViewMixin, DetailView):
-    """A detail view, listing every operation."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_details.jinja"
-    current_tab = "journal"
-
-
-class JournalEditView(CanEditMixin, UpdateView):
-    """Update a general journal."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    fields = ["name", "start_date", "end_date", "club_account", "closed"]
-    template_name = "core/edit.jinja"
-
-
-class JournalDeleteView(CanEditPropMixin, DeleteView):
-    """Delete a club account (for the admins)."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "core/delete_confirm.jinja"
-    success_url = reverse_lazy("accounting:club_details")
-
-    def dispatch(self, request, *args, **kwargs):
-        self.object = self.get_object()
-        if self.object.operations.count() == 0:
-            return super().dispatch(request, *args, **kwargs)
-        else:
-            raise PermissionDenied
-
-
-# Operation views
-
-
-class OperationForm(forms.ModelForm):
-    class Meta:
-        model = Operation
-        fields = [
-            "amount",
-            "remark",
-            "journal",
-            "target_type",
-            "target_id",
-            "target_label",
-            "date",
-            "mode",
-            "cheque_number",
-            "invoice",
-            "simpleaccounting_type",
-            "accounting_type",
-            "label",
-            "done",
-        ]
-        widgets = {
-            "journal": HiddenInput,
-            "target_id": HiddenInput,
-            "date": SelectDate,
-            "invoice": SelectFile,
-        }
-
-    user = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectUser,
-        queryset=User.objects.all(),
-    )
-    club_account = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectClubAccount,
-        queryset=ClubAccount.objects.all(),
-    )
-    club = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectClub,
-        queryset=Club.objects.all(),
-    )
-    company = forms.ModelChoiceField(
-        help_text=None,
-        required=False,
-        widget=AutoCompleteSelectCompany,
-        queryset=Company.objects.all(),
-    )
-    need_link = forms.BooleanField(
-        label=_("Link this operation to the target account"),
-        required=False,
-        initial=False,
-    )
-
-    def __init__(self, *args, **kwargs):
-        club_account = kwargs.pop("club_account", None)
-        super().__init__(*args, **kwargs)
-        if club_account:
-            self.fields["label"].queryset = club_account.labels.order_by("name").all()
-        if self.instance.target_type == "USER":
-            self.fields["user"].initial = self.instance.target_id
-        elif self.instance.target_type == "ACCOUNT":
-            self.fields["club_account"].initial = self.instance.target_id
-        elif self.instance.target_type == "CLUB":
-            self.fields["club"].initial = self.instance.target_id
-        elif self.instance.target_type == "COMPANY":
-            self.fields["company"].initial = self.instance.target_id
-
-    def clean(self):
-        self.cleaned_data = super().clean()
-        if "target_type" in self.cleaned_data:
-            if (
-                self.cleaned_data.get("user") is None
-                and self.cleaned_data.get("club") is None
-                and self.cleaned_data.get("club_account") is None
-                and self.cleaned_data.get("company") is None
-                and self.cleaned_data.get("target_label") == ""
-            ):
-                self.add_error(
-                    "target_type", ValidationError(_("The target must be set."))
-                )
-            else:
-                if self.cleaned_data["target_type"] == "USER":
-                    self.cleaned_data["target_id"] = self.cleaned_data["user"].id
-                elif self.cleaned_data["target_type"] == "ACCOUNT":
-                    self.cleaned_data["target_id"] = self.cleaned_data[
-                        "club_account"
-                    ].id
-                elif self.cleaned_data["target_type"] == "CLUB":
-                    self.cleaned_data["target_id"] = self.cleaned_data["club"].id
-                elif self.cleaned_data["target_type"] == "COMPANY":
-                    self.cleaned_data["target_id"] = self.cleaned_data["company"].id
-
-        if self.cleaned_data.get("amount") is None:
-            self.add_error("amount", ValidationError(_("The amount must be set.")))
-
-        return self.cleaned_data
-
-    def save(self):
-        ret = super().save()
-        if (
-            self.instance.target_type == "ACCOUNT"
-            and not self.instance.linked_operation
-            and self.instance.target.has_open_journal()
-            and self.cleaned_data["need_link"]
-        ):
-            inst = self.instance
-            club_account = inst.target
-            acc_type = (
-                AccountingType.objects.exclude(movement_type="NEUTRAL")
-                .exclude(movement_type=inst.accounting_type.movement_type)
-                .order_by("code")
-                .first()
-            )  # Select a random opposite accounting type
-            op = Operation(
-                journal=club_account.get_open_journal(),
-                amount=inst.amount,
-                date=inst.date,
-                remark=inst.remark,
-                mode=inst.mode,
-                cheque_number=inst.cheque_number,
-                invoice=inst.invoice,
-                done=False,  # Has to be checked by hand
-                simpleaccounting_type=None,
-                accounting_type=acc_type,
-                target_type="ACCOUNT",
-                target_id=inst.journal.club_account.id,
-                target_label="",
-                linked_operation=inst,
-            )
-            op.save()
-            self.instance.linked_operation = op
-            self.save()
-        return ret
-
-
-class OperationCreateView(CanCreateMixin, CreateView):
-    """Create an operation."""
-
-    model = Operation
-    form_class = OperationForm
-    template_name = "accounting/operation_edit.jinja"
-
-    def get_form(self, form_class=None):
-        self.journal = GeneralJournal.objects.filter(id=self.kwargs["j_id"]).first()
-        ca = self.journal.club_account if self.journal else None
-        return self.form_class(club_account=ca, **self.get_form_kwargs())
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if self.journal is not None:
-            ret["journal"] = self.journal.id
-        return ret
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        if self.journal:
-            kwargs["object"] = self.journal
-        return kwargs
-
-
-class OperationEditView(CanEditMixin, UpdateView):
-    """An edit view, working as detail for the moment."""
-
-    model = Operation
-    pk_url_kwarg = "op_id"
-    form_class = OperationForm
-    template_name = "accounting/operation_edit.jinja"
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["object"] = self.object.journal
-        return kwargs
-
-
-class OperationPDFView(CanViewMixin, DetailView):
-    """Display the PDF of a given operation."""
-
-    model = Operation
-    pk_url_kwarg = "op_id"
-
-    def get(self, request, *args, **kwargs):
-        from reportlab.lib import colors
-        from reportlab.lib.pagesizes import letter
-        from reportlab.lib.units import cm
-        from reportlab.lib.utils import ImageReader
-        from reportlab.pdfbase import pdfmetrics
-        from reportlab.pdfbase.ttfonts import TTFont
-        from reportlab.pdfgen import canvas
-        from reportlab.platypus import Table, TableStyle
-
-        pdfmetrics.registerFont(TTFont("DejaVu", "DejaVuSerif.ttf"))
-
-        self.object = self.get_object()
-        amount = self.object.amount
-        remark = self.object.remark
-        nature = self.object.accounting_type.movement_type
-        num = self.object.number
-        date = self.object.date
-        mode = self.object.mode
-        club_name = self.object.journal.club_account.name
-        ti = self.object.journal.name
-        op_label = self.object.label
-        club_address = self.object.journal.club_account.club.address
-        id_op = self.object.id
-
-        if self.object.target_type == "OTHER":
-            target = self.object.target_label
-        else:
-            target = self.object.target.get_display_name()
-
-        response = HttpResponse(content_type="application/pdf")
-        response["Content-Disposition"] = 'filename="op-%d(%s_on_%s).pdf"' % (
-            num,
-            ti,
-            club_name,
-        )
-        p = canvas.Canvas(response)
-
-        p.setFont("DejaVu", 12)
-
-        p.setTitle("%s %d" % (_("Operation"), num))
-        width, height = letter
-        im = ImageReader("core/static/core/img/logo.jpg")
-        iw, ih = im.getSize()
-        p.drawImage(im, 40, height - 50, width=iw / 2, height=ih / 2)
-
-        labelStr = [["%s %s - %s %s" % (_("Journal"), ti, _("Operation"), num)]]
-
-        label = Table(labelStr, colWidths=[150], rowHeights=[20])
-
-        label.setStyle(TableStyle([("ALIGN", (0, 0), (-1, -1), "RIGHT")]))
-        w, h = label.wrapOn(label, 0, 0)
-        label.drawOn(p, width - 180, height)
-
-        p.drawString(
-            90, height - 100, _("Financial proof: ") + "OP%010d" % (id_op)
-        )  # Justificatif du libellé
-        p.drawString(
-            90, height - 130, _("Club: %(club_name)s") % ({"club_name": club_name})
-        )
-        p.drawString(
-            90,
-            height - 160,
-            _("Label: %(op_label)s")
-            % {"op_label": op_label if op_label is not None else ""},
-        )
-        p.drawString(90, height - 190, _("Date: %(date)s") % {"date": date})
-
-        data = []
-
-        data += [
-            ["%s" % (_("Credit").upper() if nature == "CREDIT" else _("Debit").upper())]
-        ]
-
-        data += [[_("Amount: %(amount).2f €") % {"amount": amount}]]
-
-        payment_mode = ""
-        for m in settings.SITH_ACCOUNTING_PAYMENT_METHOD:
-            if m[0] == mode:
-                payment_mode += "[\u00d7]"
-            else:
-                payment_mode += "[  ]"
-            payment_mode += " %s\n" % (m[1])
-
-        data += [[payment_mode]]
-
-        data += [
-            [
-                "%s : %s"
-                % (_("Debtor") if nature == "CREDIT" else _("Creditor"), target),
-                "",
-            ]
-        ]
-
-        data += [["%s \n%s" % (_("Comment:"), remark)]]
-
-        t = Table(
-            data, colWidths=[(width - 90 * 2) / 2] * 2, rowHeights=[20, 20, 70, 20, 80]
-        )
-        t.setStyle(
-            TableStyle(
-                [
-                    ("ALIGN", (0, 0), (-1, -1), "CENTER"),
-                    ("VALIGN", (-2, -1), (-1, -1), "TOP"),
-                    ("VALIGN", (0, 0), (-1, -2), "MIDDLE"),
-                    ("INNERGRID", (0, 0), (-1, -1), 0.25, colors.black),
-                    ("SPAN", (0, 0), (1, 0)),  # line DEBIT/CREDIT
-                    ("SPAN", (0, 1), (1, 1)),  # line amount
-                    ("SPAN", (-2, -1), (-1, -1)),  # line comment
-                    ("SPAN", (0, -2), (-1, -2)),  # line creditor/debtor
-                    ("SPAN", (0, 2), (1, 2)),  # line payment_mode
-                    ("ALIGN", (0, 2), (1, 2), "LEFT"),  # line payment_mode
-                    ("ALIGN", (-2, -1), (-1, -1), "LEFT"),
-                    ("BOX", (0, 0), (-1, -1), 0.25, colors.black),
-                ]
-            )
-        )
-
-        signature = []
-        signature += [[_("Signature:")]]
-
-        tSig = Table(signature, colWidths=[(width - 90 * 2)], rowHeights=[80])
-        tSig.setStyle(
-            TableStyle(
-                [
-                    ("VALIGN", (0, 0), (-1, -1), "TOP"),
-                    ("BOX", (0, 0), (-1, -1), 0.25, colors.black),
-                ]
-            )
-        )
-
-        w, h = tSig.wrapOn(p, 0, 0)
-        tSig.drawOn(p, 90, 200)
-
-        w, h = t.wrapOn(p, 0, 0)
-
-        t.drawOn(p, 90, 350)
-
-        p.drawCentredString(10.5 * cm, 2 * cm, club_name)
-        p.drawCentredString(10.5 * cm, 1 * cm, club_address)
-
-        p.showPage()
-        p.save()
-        return response
-
-
-class JournalNatureStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Display a statement sorted by labels."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_nature.jinja"
-    current_tab = "nature_statement"
-
-    def statement(self, queryset, movement_type):
-        ret = collections.OrderedDict()
-        statement = collections.OrderedDict()
-        total_sum = 0
-        for sat in [
-            None,
-            *list(SimplifiedAccountingType.objects.order_by("label")),
-        ]:
-            amount = queryset.filter(
-                accounting_type__movement_type=movement_type, simpleaccounting_type=sat
-            ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-            label = sat.label if sat is not None else ""
-            if amount:
-                total_sum += amount
-                statement[label] = amount
-        ret[movement_type] = statement
-        ret[movement_type + "_sum"] = total_sum
-        return ret
-
-    def big_statement(self):
-        label_list = (
-            self.object.operations.order_by("label").values_list("label").distinct()
-        )
-        labels = Label.objects.filter(id__in=label_list).all()
-        statement = collections.OrderedDict()
-        gen_statement = collections.OrderedDict()
-        no_label_statement = collections.OrderedDict()
-        gen_statement.update(self.statement(self.object.operations.all(), "CREDIT"))
-        gen_statement.update(self.statement(self.object.operations.all(), "DEBIT"))
-        statement[_("General statement")] = gen_statement
-        no_label_statement.update(
-            self.statement(self.object.operations.filter(label=None).all(), "CREDIT")
-        )
-        no_label_statement.update(
-            self.statement(self.object.operations.filter(label=None).all(), "DEBIT")
-        )
-        statement[_("No label operations")] = no_label_statement
-        for label in labels:
-            l_stmt = collections.OrderedDict()
-            journals = self.object.operations.filter(label=label).all()
-            l_stmt.update(self.statement(journals, "CREDIT"))
-            l_stmt.update(self.statement(journals, "DEBIT"))
-            statement[label] = l_stmt
-        return statement
-
-    def get_context_data(self, **kwargs):
-        """Add infos to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["statement"] = self.big_statement()
-        return kwargs
-
-
-class JournalPersonStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Calculate a dictionary with operation target and sum of operations."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_person.jinja"
-    current_tab = "person_statement"
-
-    def sum_by_target(self, target_id, target_type, movement_type):
-        return self.object.operations.filter(
-            accounting_type__movement_type=movement_type,
-            target_id=target_id,
-            target_type=target_type,
-        ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-
-    def statement(self, movement_type):
-        statement = collections.OrderedDict()
-        for op in (
-            self.object.operations.filter(accounting_type__movement_type=movement_type)
-            .order_by("target_type", "target_id")
-            .distinct()
-        ):
-            statement[op.target] = self.sum_by_target(
-                op.target_id, op.target_type, movement_type
-            )
-        return statement
-
-    def total(self, movement_type):
-        return sum(self.statement(movement_type).values())
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["credit_statement"] = self.statement("CREDIT")
-        kwargs["debit_statement"] = self.statement("DEBIT")
-        kwargs["total_credit"] = self.total("CREDIT")
-        kwargs["total_debit"] = self.total("DEBIT")
-        return kwargs
-
-
-class JournalAccountingStatementView(JournalTabsMixin, CanViewMixin, DetailView):
-    """Calculate a dictionary with operation type and sum of operations."""
-
-    model = GeneralJournal
-    pk_url_kwarg = "j_id"
-    template_name = "accounting/journal_statement_accounting.jinja"
-    current_tab = "accounting_statement"
-
-    def statement(self):
-        statement = collections.OrderedDict()
-        for at in AccountingType.objects.order_by("code").all():
-            sum_by_type = self.object.operations.filter(
-                accounting_type__code__startswith=at.code
-            ).aggregate(amount_sum=Sum("amount"))["amount_sum"]
-            if sum_by_type:
-                statement[at] = sum_by_type
-        return statement
-
-    def get_context_data(self, **kwargs):
-        """Add journal to the context."""
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["statement"] = self.statement()
-        return kwargs
-
-
-# Company views
-
-
-class CompanyListView(CanViewMixin, ListView):
-    model = Company
-    template_name = "accounting/co_list.jinja"
-
-
-class CompanyCreateView(CanCreateMixin, CreateView):
-    """Create a company."""
-
-    model = Company
-    fields = ["name"]
-    template_name = "core/create.jinja"
-    success_url = reverse_lazy("accounting:co_list")
-
-
-class CompanyEditView(CanCreateMixin, UpdateView):
-    """Edit a company."""
-
-    model = Company
-    pk_url_kwarg = "co_id"
-    fields = ["name"]
-    template_name = "core/edit.jinja"
-    success_url = reverse_lazy("accounting:co_list")
-
-
-# Label views
-
-
-class LabelListView(CanViewMixin, DetailView):
-    model = ClubAccount
-    pk_url_kwarg = "clubaccount_id"
-    template_name = "accounting/label_list.jinja"
-
-
-class LabelCreateView(
-    CanCreateMixin, CreateView
-):  # FIXME we need to check the rights before creating the object
-    model = Label
-    form_class = modelform_factory(
-        Label, fields=["name", "club_account"], widgets={"club_account": HiddenInput}
-    )
-    template_name = "core/create.jinja"
-
-    def get_initial(self):
-        ret = super().get_initial()
-        if "parent" in self.request.GET:
-            obj = ClubAccount.objects.filter(id=int(self.request.GET["parent"])).first()
-            if obj is not None:
-                ret["club_account"] = obj.id
-        return ret
-
-
-class LabelEditView(CanEditMixin, UpdateView):
-    model = Label
-    pk_url_kwarg = "label_id"
-    fields = ["name"]
-    template_name = "core/edit.jinja"
-
-
-class LabelDeleteView(CanEditMixin, DeleteView):
-    model = Label
-    pk_url_kwarg = "label_id"
-    template_name = "core/delete_confirm.jinja"
-
-    def get_success_url(self):
-        return self.object.get_absolute_url()
-
-
-class CloseCustomerAccountForm(forms.Form):
-    user = forms.ModelChoiceField(
-        label=_("Refound this account"),
-        help_text=None,
-        required=True,
-        widget=AutoCompleteSelectUser,
-        queryset=User.objects.all(),
-    )
-
-
-class RefoundAccountView(FormView):
-    """Create a selling with the same amount than the current user money."""
-
-    template_name = "accounting/refound_account.jinja"
-    form_class = CloseCustomerAccountForm
-
-    def permission(self, user):
-        if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID):
-            return True
-        else:
-            raise PermissionDenied
-
-    def dispatch(self, request, *arg, **kwargs):
-        res = super().dispatch(request, *arg, **kwargs)
-        if self.permission(request.user):
-            return res
-
-    def post(self, request, *arg, **kwargs):
-        self.operator = request.user
-        if self.permission(request.user):
-            return super().post(self, request, *arg, **kwargs)
-
-    def form_valid(self, form):
-        self.customer = form.cleaned_data["user"]
-        self.create_selling()
-        return super().form_valid(form)
-
-    def get_success_url(self):
-        return reverse("accounting:refound_account")
-
-    def create_selling(self):
-        with transaction.atomic():
-            uprice = self.customer.customer.amount
-            refound_club_counter = Counter.objects.get(
-                id=settings.SITH_COUNTER_REFOUND_ID
-            )
-            refound_club = refound_club_counter.club
-            s = Selling(
-                label=_("Refound account"),
-                unit_price=uprice,
-                quantity=1,
-                seller=self.operator,
-                customer=self.customer.customer,
-                club=refound_club,
-                counter=refound_club_counter,
-                product=Product.objects.get(id=settings.SITH_PRODUCT_REFOUND_ID),
-            )
-            s.save()

accounting/widgets/select.py

@@ -1,39 +0,0 @@
-from pydantic import TypeAdapter
-
-from accounting.models import ClubAccount, Company
-from accounting.schemas import ClubAccountSchema, CompanySchema
-from core.views.widgets.select import AutoCompleteSelect, AutoCompleteSelectMultiple
-
-_js = ["bundled/accounting/components/ajax-select-index.ts"]
-
-
-class AutoCompleteSelectClubAccount(AutoCompleteSelect):
-    component_name = "club-account-ajax-select"
-    model = ClubAccount
-    adapter = TypeAdapter(list[ClubAccountSchema])
-
-    js = _js
-
-
-class AutoCompleteSelectMultipleClubAccount(AutoCompleteSelectMultiple):
-    component_name = "club-account-ajax-select"
-    model = ClubAccount
-    adapter = TypeAdapter(list[ClubAccountSchema])
-
-    js = _js
-
-
-class AutoCompleteSelectCompany(AutoCompleteSelect):
-    component_name = "company-ajax-select"
-    model = Company
-    adapter = TypeAdapter(list[CompanySchema])
-
-    js = _js
-
-
-class AutoCompleteSelectMultipleCompany(AutoCompleteSelectMultiple):
-    component_name = "company-ajax-select"
-    model = Company
-    adapter = TypeAdapter(list[CompanySchema])
-
-    js = _js

antispam/forms.py

@@ -1,5 +1,3 @@
-import re
-
 from django import forms
 from django.core.validators import EmailValidator
 from django.utils.translation import gettext_lazy as _
@@ -7,12 +5,18 @@ from django.utils.translation import gettext_lazy as _
 from antispam.models import ToxicDomain
 
 
+class AntiSpamEmailValidator(EmailValidator):
+    def __call__(self, value: str):
+        super().__call__(value)
+        domain_part = value.rsplit("@", 1)[1]
+        if ToxicDomain.objects.filter(domain=domain_part).exists():
+            raise forms.ValidationError(_("Email domain is not allowed."))
+
+
+validate_antispam_email = AntiSpamEmailValidator()
+
+
 class AntiSpamEmailField(forms.EmailField):
     """An email field that email addresses with a known toxic domain."""
 
-    def run_validators(self, value: str):
-        super().run_validators(value)
-        # Domain part should exist since email validation is guaranteed to run first
-        domain = re.search(EmailValidator.domain_regex, value)
-        if ToxicDomain.objects.filter(domain=domain[0]).exists():
-            raise forms.ValidationError(_("Email domain is not allowed."))
+    default_validators = [validate_antispam_email]

antispam/management/commands/update_spam_database.py

@@ -34,7 +34,7 @@ class Command(BaseCommand):
                     f"Source {provider} responded with code {res.status_code}"
                 )
                 continue
-            domains |= set(res.content.decode().splitlines())
+            domains |= set(res.text.splitlines())
         return domains
 
     def _update_domains(self, domains: set[str]):

api/admin.py

@@ -0,0 +1,55 @@
+from django.contrib import admin, messages
+from django.db.models import QuerySet
+from django.http import HttpRequest
+from django.utils.translation import gettext_lazy as _
+
+from api.hashers import generate_key
+from api.models import ApiClient, ApiKey
+
+
+@admin.register(ApiClient)
+class ApiClientAdmin(admin.ModelAdmin):
+    list_display = ("name", "owner", "created_at", "updated_at")
+    search_fields = (
+        "name",
+        "owner__first_name",
+        "owner__last_name",
+        "owner__nick_name",
+    )
+    autocomplete_fields = ("owner", "groups", "client_permissions")
+
+
+@admin.register(ApiKey)
+class ApiKeyAdmin(admin.ModelAdmin):
+    list_display = ("name", "client", "created_at", "revoked")
+    list_filter = ("revoked",)
+    date_hierarchy = "created_at"
+
+    readonly_fields = ("prefix", "hashed_key")
+    actions = ("revoke_keys",)
+
+    def save_model(self, request: HttpRequest, obj: ApiKey, form, change):
+        if not change:
+            key, hashed = generate_key()
+            obj.prefix = key[: ApiKey.PREFIX_LENGTH]
+            obj.hashed_key = hashed
+            self.message_user(
+                request,
+                _(
+                    "The API key for %(name)s is: %(key)s. "
+                    "Please store it somewhere safe: "
+                    "you will not be able to see it again."
+                )
+                % {"name": obj.name, "key": key},
+                level=messages.WARNING,
+            )
+        return super().save_model(request, obj, form, change)
+
+    def get_readonly_fields(self, request, obj: ApiKey | None = None):
+        if obj is None or obj.revoked:
+            return ["revoked", *self.readonly_fields]
+        return self.readonly_fields
+
+    @admin.action(description=_("Revoke selected API keys"))
+    def revoke_keys(self, _request: HttpRequest, queryset: QuerySet[ApiKey]):
+        queryset.update(revoked=True)

api/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ApiConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "api"

api/auth.py

@@ -0,0 +1,20 @@
+from django.http import HttpRequest
+from ninja.security import APIKeyHeader
+
+from api.hashers import get_hasher
+from api.models import ApiClient, ApiKey
+
+
+class ApiKeyAuth(APIKeyHeader):
+    param_name = "X-APIKey"
+
+    def authenticate(self, request: HttpRequest, key: str | None) -> ApiClient | None:
+        if not key or len(key) != ApiKey.KEY_LENGTH:
+            return None
+        hasher = get_hasher()
+        hashed_key = hasher.encode(key)
+        try:
+            key_obj = ApiKey.objects.get(revoked=False, hashed_key=hashed_key)
+        except ApiKey.DoesNotExist:
+            return None
+        return key_obj.client

api/hashers.py

@@ -0,0 +1,43 @@
+import functools
+import hashlib
+import secrets
+
+from django.contrib.auth.hashers import BasePasswordHasher
+from django.utils.crypto import constant_time_compare
+
+
+class Sha512ApiKeyHasher(BasePasswordHasher):
+    """
+    An API key hasher using the sha256 algorithm.
+
+    This hasher shouldn't be used in Django's `PASSWORD_HASHERS` setting.
+    It is insecure for use in hashing passwords, but is safe for hashing
+    high entropy, randomly generated API keys.
+    """
+
+    algorithm = "sha512"
+
+    def salt(self) -> str:
+        # No need for a salt on a high entropy key.
+        return ""
+
+    def encode(self, password: str, salt: str = "") -> str:
+        hashed = hashlib.sha512(password.encode()).hexdigest()
+        return f"{self.algorithm}$${hashed}"
+
+    def verify(self, password: str, encoded: str) -> bool:
+        encoded_2 = self.encode(password, "")
+        return constant_time_compare(encoded, encoded_2)
+
+
+@functools.cache
+def get_hasher():
+    return Sha512ApiKeyHasher()
+
+
+def generate_key() -> tuple[str, str]:
+    """Generate a [key, hash] couple."""
+    # this will result in key with a length of 72
+    key = str(secrets.token_urlsafe(54))
+    hasher = get_hasher()
+    return key, hasher.encode(key)

api/migrations/0001_initial.py

@@ -0,0 +1,113 @@
+# Generated by Django 5.2 on 2025-06-01 08:53
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        ("auth", "0012_alter_user_first_name_max_length"),
+        ("core", "0046_permissionrights"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ApiClient",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("name", models.CharField(max_length=64, verbose_name="name")),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                (
+                    "client_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this api client.",
+                        related_name="clients",
+                        to="auth.permission",
+                        verbose_name="client permissions",
+                    ),
+                ),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        related_name="api_clients",
+                        to="core.group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "owner",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="api_clients",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="owner",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "api client",
+                "verbose_name_plural": "api clients",
+            },
+        ),
+        migrations.CreateModel(
+            name="ApiKey",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("name", models.CharField(blank=True, default="", verbose_name="name")),
+                (
+                    "prefix",
+                    models.CharField(
+                        editable=False, max_length=5, verbose_name="prefix"
+                    ),
+                ),
+                (
+                    "hashed_key",
+                    models.CharField(
+                        db_index=True,
+                        editable=False,
+                        max_length=136,
+                        verbose_name="hashed key",
+                    ),
+                ),
+                ("revoked", models.BooleanField(default=False, verbose_name="revoked")),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                (
+                    "client",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="api_keys",
+                        to="api.apiclient",
+                        verbose_name="api client",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "api key",
+                "verbose_name_plural": "api keys",
+                "permissions": [("revoke_apikey", "Revoke API keys")],
+            },
+        ),
+    ]

api/models.py

@@ -0,0 +1,94 @@
+from typing import Iterable
+
+from django.contrib.auth.models import Permission
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+from django.utils.translation import pgettext_lazy
+
+from core.models import Group, User
+
+
+class ApiClient(models.Model):
+    name = models.CharField(_("name"), max_length=64)
+    owner = models.ForeignKey(
+        User,
+        verbose_name=_("owner"),
+        related_name="api_clients",
+        on_delete=models.CASCADE,
+    )
+    groups = models.ManyToManyField(
+        Group, verbose_name=_("groups"), related_name="api_clients", blank=True
+    )
+    client_permissions = models.ManyToManyField(
+        Permission,
+        verbose_name=_("client permissions"),
+        blank=True,
+        help_text=_("Specific permissions for this api client."),
+        related_name="clients",
+    )
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    _perm_cache: set[str] | None = None
+
+    class Meta:
+        verbose_name = _("api client")
+        verbose_name_plural = _("api clients")
+
+    def __str__(self):
+        return self.name
+
+    def has_perm(self, perm: str):
+        """Return True if the client has the specified permission."""
+
+        if self._perm_cache is None:
+            group_permissions = (
+                Permission.objects.filter(group__group__in=self.groups.all())
+                .values_list("content_type__app_label", "codename")
+                .order_by()
+            )
+            client_permissions = self.client_permissions.values_list(
+                "content_type__app_label", "codename"
+            ).order_by()
+            self._perm_cache = {
+                f"{content_type}.{name}"
+                for content_type, name in (*group_permissions, *client_permissions)
+            }
+        return perm in self._perm_cache
+
+    def has_perms(self, perm_list):
+        """
+        Return True if the client has each of the specified permissions. If
+        object is passed, check if the client has all required perms for it.
+        """
+        if not isinstance(perm_list, Iterable) or isinstance(perm_list, str):
+            raise ValueError("perm_list must be an iterable of permissions.")
+        return all(self.has_perm(perm) for perm in perm_list)
+
+
+class ApiKey(models.Model):
+    PREFIX_LENGTH = 5
+    KEY_LENGTH = 72
+    HASHED_KEY_LENGTH = 136
+
+    name = models.CharField(_("name"), blank=True, default="")
+    prefix = models.CharField(_("prefix"), max_length=PREFIX_LENGTH, editable=False)
+    hashed_key = models.CharField(
+        _("hashed key"), max_length=HASHED_KEY_LENGTH, db_index=True, editable=False
+    )
+    client = models.ForeignKey(
+        ApiClient,
+        verbose_name=_("api client"),
+        related_name="api_keys",
+        on_delete=models.CASCADE,
+    )
+    revoked = models.BooleanField(pgettext_lazy("api key", "revoked"), default=False)
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    class Meta:
+        verbose_name = _("api key")
+        verbose_name_plural = _("api keys")
+        permissions = [("revoke_apikey", "Revoke API keys")]
+
+    def __str__(self):
+        return f"{self.name} ({self.prefix}***)"

api/permissions.py

@@ -3,7 +3,8 @@
 Some permissions are global (like `IsInGroup` or `IsRoot`),
 and some others are per-object (like `CanView` or `CanEdit`).
 
-Examples:
+Example:
+    ```python
     # restrict all the routes of this controller
     # to subscribed users
     @api_controller("/foo", permissions=[IsSubscriber])
@@ -33,10 +34,14 @@ Examples:
         ]
         def bar_delete(self, bar_id: int):
             # ...
+    ```
 """
 
-from typing import Any
+import operator
+from functools import reduce
+from typing import Any, Callable
 
+from django.contrib.auth.models import Permission
 from django.http import HttpRequest
 from ninja_extra import ControllerBase
 from ninja_extra.permissions import BasePermission
@@ -54,6 +59,60 @@ class IsInGroup(BasePermission):
         return request.user.is_in_group(pk=self._group_pk)
 
 
+class HasPerm(BasePermission):
+    """Check that the user has the required perm.
+
+    If multiple perms are given, a comparer function can also be passed,
+    in order to change the way perms are checked.
+
+    Example:
+        ```python
+        @api_controller("/foo")
+        class FooController(ControllerBase):
+            # this route will require both permissions
+            @route.put("/foo", permissions=[HasPerm(["foo.change_foo", "foo.add_foo"])]
+            def foo(self): ...
+
+            # This route will require at least one of the perm,
+            # but it's not mandatory to have all of them
+            @route.put(
+                "/bar",
+                permissions=[HasPerm(["foo.change_bar", "foo.add_bar"], op=operator.or_)],
+            )
+            def bar(self): ...
+        ```
+    """
+
+    def __init__(
+        self,
+        perms: str | Permission | list[str | Permission],
+        op: Callable[[bool, bool], bool] = operator.and_,
+    ):
+        """
+        Args:
+            perms: a permission or a list of permissions the user must have
+            op: An operator to combine multiple permissions (in most cases,
+                it will be either `operator.and_` or `operator.or_`)
+        """
+        super().__init__()
+        if not isinstance(perms, (list, tuple, set)):
+            perms = [perms]
+        self._operator = op
+        self._perms = perms
+
+    def has_permission(self, request: HttpRequest, controller: ControllerBase) -> bool:
+        # if the request has the `auth` property,
+        # it means that the user has been explicitly authenticated
+        # using a django-ninja authentication backend
+        # (whether it is SessionAuth or ApiKeyAuth).
+        # If not, this authentication has not been done, but the user may
+        # still be implicitly authenticated through AuthenticationMiddleware
+        user = request.auth if hasattr(request, "auth") else request.user
+        # `user` may either be a `core.User` or an `api.ApiClient` ;
+        # they are not the same model, but they both implement the `has_perm` method
+        return reduce(self._operator, (user.has_perm(p) for p in self._perms))
+
+
 class IsRoot(BasePermission):
     """Check that the user is root."""
 
@@ -135,4 +194,4 @@ class IsLoggedInCounter(BasePermission):
         return Counter.objects.filter(token=token).exists()
 
 
-CanAccessLookup = IsOldSubscriber | IsRoot | IsLoggedInCounter
+CanAccessLookup = IsLoggedInCounter | HasPerm("core.access_lookup")

api/tests/test_api_key.py

@@ -0,0 +1,29 @@
+import pytest
+from django.test import RequestFactory
+from model_bakery import baker
+
+from api.auth import ApiKeyAuth
+from api.hashers import generate_key
+from api.models import ApiClient, ApiKey
+
+
+@pytest.mark.django_db
+def test_api_key_auth():
+    key, hashed = generate_key()
+    client = baker.make(ApiClient)
+    baker.make(ApiKey, client=client, hashed_key=hashed)
+    auth = ApiKeyAuth()
+
+    assert auth.authenticate(RequestFactory().get(""), key) == client
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    ("key", "hashed"), [(generate_key()[0], generate_key()[1]), (generate_key()[0], "")]
+)
+def test_api_key_auth_invalid(key, hashed):
+    client = baker.make(ApiClient)
+    baker.make(ApiKey, client=client, hashed_key=hashed)
+    auth = ApiKeyAuth()
+
+    assert auth.authenticate(RequestFactory().get(""), key) is None

api/urls.py

@@ -0,0 +1,10 @@
+from ninja_extra import NinjaExtraAPI
+
+api = NinjaExtraAPI(
+    title="PICON",
+    description="Portail Interactif de Communication avec les Outils Numériques",
+    version="0.2.0",
+    urls_namespace="api",
+    csrf=True,
+)
+api.auto_discover_controllers()

club/admin.py

@@ -19,8 +19,8 @@ from club.models import Club, Membership
 
 @admin.register(Club)
 class ClubAdmin(admin.ModelAdmin):
-    list_display = ("name", "unix_name", "parent", "is_active")
-    search_fields = ("name", "unix_name")
+    list_display = ("name", "slug_name", "parent", "is_active")
+    search_fields = ("name", "slug_name")
     autocomplete_fields = (
         "parent",
         "board_group",

club/api.py

@@ -1,22 +1,42 @@
 from typing import Annotated
 
 from annotated_types import MinLen
+from django.db.models import Prefetch
+from ninja.security import SessionAuth
 from ninja_extra import ControllerBase, api_controller, paginate, route
 from ninja_extra.pagination import PageNumberPaginationExtra
 from ninja_extra.schemas import PaginatedResponseSchema
 
-from club.models import Club
-from club.schemas import ClubSchema
-from core.api_permissions import CanAccessLookup
+from api.auth import ApiKeyAuth
+from api.permissions import CanAccessLookup, HasPerm
+from club.models import Club, Membership
+from club.schemas import ClubSchema, SimpleClubSchema
 
 
 @api_controller("/club")
 class ClubController(ControllerBase):
     @route.get(
         "/search",
-        response=PaginatedResponseSchema[ClubSchema],
+        response=PaginatedResponseSchema[SimpleClubSchema],
+        auth=[SessionAuth(), ApiKeyAuth()],
         permissions=[CanAccessLookup],
+        url_name="search_club",
     )
     @paginate(PageNumberPaginationExtra, page_size=50)
     def search_club(self, search: Annotated[str, MinLen(1)]):
         return Club.objects.filter(name__icontains=search).values()
+
+    @route.get(
+        "/{int:club_id}",
+        response=ClubSchema,
+        auth=[SessionAuth(), ApiKeyAuth()],
+        permissions=[HasPerm("club.view_club")],
+        url_name="fetch_club",
+    )
+    def fetch_club(self, club_id: int):
+        prefetch = Prefetch(
+            "members", queryset=Membership.objects.ongoing().select_related("user")
+        )
+        return self.get_object_or_exception(
+            Club.objects.prefetch_related(prefetch), id=club_id
+        )

club/forms.py

@@ -24,23 +24,36 @@
 
 from django import forms
 from django.conf import settings
+from django.db.models import Exists, OuterRef, Q
+from django.db.models.functions import Lower
+from django.utils.functional import cached_property
 from django.utils.translation import gettext_lazy as _
 
 from club.models import Club, Mailing, MailingSubscription, Membership
 from core.models import User
-from core.views.forms import SelectDate, SelectDateTime
-from core.views.widgets.select import AutoCompleteSelectMultipleUser
-from counter.models import Counter
+from core.views.forms import SelectDateTime
+from core.views.widgets.ajax_select import (
+    AutoCompleteSelectMultipleUser,
+    AutoCompleteSelectUser,
+)
+from counter.models import Counter, Selling
 
 
 class ClubEditForm(forms.ModelForm):
+    error_css_class = "error"
+    required_css_class = "required"
+
     class Meta:
         model = Club
         fields = ["address", "logo", "short_description"]
+        widgets = {"short_description": forms.Textarea()}
 
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields["short_description"].widget = forms.Textarea()
+
+class ClubAdminEditForm(ClubEditForm):
+    admin_fields = ["name", "parent", "is_active"]
+
+    class Meta(ClubEditForm.Meta):
+        fields = ["name", "parent", "is_active", *ClubEditForm.Meta.fields]
 
 
 class MailingForm(forms.Form):
@@ -152,12 +165,21 @@ class SellingsForm(forms.Form):
         label=_("End date"), widget=SelectDateTime, required=False
     )
 
-    counters = forms.ModelMultipleChoiceField(
-        Counter.objects.order_by("name").all(), label=_("Counter"), required=False
-    )
-
     def __init__(self, club, *args, **kwargs):
         super().__init__(*args, **kwargs)
+        # postgres struggles really hard with a single query having three WHERE conditions,
+        # but deals perfectly fine with UNION of multiple queryset with their own WHERE clause,
+        # so we do this to get the ids, which we use to build another queryset that can be used by django.
+        club_sales_subquery = Selling.objects.filter(counter=OuterRef("pk"), club=club)
+        ids = (
+            Counter.objects.filter(Q(club=club) | Q(products__club=club))
+            .union(Counter.objects.filter(Exists(club_sales_subquery)))
+            .values_list("id", flat=True)
+        )
+        counters_qs = Counter.objects.filter(id__in=ids).order_by(Lower("name"))
+        self.fields["counters"] = forms.ModelMultipleChoiceField(
+            counters_qs, label=_("Counter"), required=False
+        )
         self.fields["products"] = forms.ModelMultipleChoiceField(
             club.products.order_by("name").filter(archived=False).all(),
             label=_("Products"),
@@ -170,107 +192,113 @@ class SellingsForm(forms.Form):
         )
 
 
-class ClubMemberForm(forms.Form):
-    """Form handling the members of a club."""
+class ClubOldMemberForm(forms.Form):
+    members_old = forms.ModelMultipleChoiceField(
+        Membership.objects.none(),
+        label=_("Mark as old"),
+        widget=forms.CheckboxSelectMultiple,
+        required=False,
+    )
+
+    def __init__(self, *args, user: User, club: Club, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields["members_old"].queryset = (
+            Membership.objects.ongoing().filter(club=club).editable_by(user)
+        )
+
+
+class ClubMemberForm(forms.ModelForm):
+    """Form to add a member to the club, as a board member."""
 
     error_css_class = "error"
     required_css_class = "required"
 
-    users = forms.ModelMultipleChoiceField(
-        label=_("Users to add"),
-        help_text=_("Search users to add (one or more)."),
-        required=False,
-        widget=AutoCompleteSelectMultipleUser,
-        queryset=User.objects.all(),
-    )
+    class Meta:
+        model = Membership
+        fields = ["role", "description"]
 
-    def __init__(self, *args, **kwargs):
-        self.club = kwargs.pop("club")
-        self.request_user = kwargs.pop("request_user")
-        self.club_members = kwargs.pop("club_members", None)
-        if not self.club_members:
-            self.club_members = (
-                self.club.members.filter(end_date=None).order_by("-role").all()
-            )
+    def __init__(self, *args, club: Club, request_user: User, **kwargs):
+        self.club = club
+        self.request_user = request_user
         self.request_user_membership = self.club.get_membership_for(self.request_user)
         super().__init__(*args, **kwargs)
+        self.fields["role"].required = True
+        self.fields["role"].choices = [
+            (value, name)
+            for value, name in settings.SITH_CLUB_ROLES.items()
+            if value <= self.max_available_role
+        ]
+        self.instance.club = club
 
-        # Using a ModelForm binds too much the form with the model and we don't want that
-        # We want the view to process the model creation since they are multiple users
-        # We also want the form to handle bulk deletion
-        self.fields.update(
-            forms.fields_for_model(
-                Membership,
-                fields=("role", "start_date", "description"),
-                widgets={"start_date": SelectDate},
-            )
-        )
+    @property
+    def max_available_role(self):
+        """The greatest role that will be obtainable with this form."""
+        # this is unreachable, because it will be overridden by subclasses
+        return -1  # pragma: no cover
 
-        # Role is required only if users is specified
-        self.fields["role"].required = False
 
-        # Start date and description are never really required
-        self.fields["start_date"].required = False
-        self.fields["description"].required = False
+class ClubAddMemberForm(ClubMemberForm):
+    """Form to add a member to the club, as a board member."""
 
-        self.fields["users_old"] = forms.ModelMultipleChoiceField(
-            User.objects.filter(
-                id__in=[
-                    ms.user.id
-                    for ms in self.club_members
-                    if ms.can_be_edited_by(self.request_user)
-                ]
-            ).all(),
-            label=_("Mark as old"),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-        )
-        if not self.request_user.is_root:
-            self.fields.pop("start_date")
+    class Meta(ClubMemberForm.Meta):
+        fields = ["user", *ClubMemberForm.Meta.fields]
+        widgets = {"user": AutoCompleteSelectUser}
 
-    def clean_users(self):
-        """Check that the user is not trying to add an user already in the club.
+    @cached_property
+    def max_available_role(self):
+        """The greatest role that will be obtainable with this form.
+
+        Admins and the club president can attribute any role.
+        Board members can attribute roles lower than their own.
+        Other users cannot attribute roles with this form
+        """
+        if self.request_user.has_perm("club.add_membership"):
+            return settings.SITH_CLUB_ROLES_ID["President"]
+        membership = self.request_user_membership
+        if membership is None or membership.role <= settings.SITH_MAXIMUM_FREE_ROLE:
+            return -1
+        if membership.role == settings.SITH_CLUB_ROLES_ID["President"]:
+            return membership.role
+        return membership.role - 1
+
+    def clean_user(self):
+        """Check that the user is not trying to add a user already in the club.
 
         Also check that the user is valid and has a valid subscription.
         """
-        cleaned_data = super().clean()
-        users = []
-        for user in cleaned_data["users"]:
-            if not user.is_subscribed:
-                raise forms.ValidationError(
-                    _("User must be subscriber to take part to a club"), code="invalid"
-                )
-            if self.club.get_membership_for(user):
-                raise forms.ValidationError(
-                    _("You can not add the same user twice"), code="invalid"
-                )
-            users.append(user)
-        return users
+        user = self.cleaned_data["user"]
+        if not user.is_subscribed:
+            raise forms.ValidationError(
+                _("User must be subscriber to take part to a club"), code="invalid"
+            )
+        if self.club.get_membership_for(user):
+            raise forms.ValidationError(
+                _("You can not add the same user twice"), code="invalid"
+            )
+        return user
+
+
+class JoinClubForm(ClubMemberForm):
+    """Form to join a club."""
+
+    def __init__(self, *args, club: Club, request_user: User, **kwargs):
+        super().__init__(*args, club=club, request_user=request_user, **kwargs)
+        # this form doesn't manage the user who will join the club,
+        # so we must set this here to avoid errors
+        self.instance.user = self.request_user
+
+    @cached_property
+    def max_available_role(self):
+        return settings.SITH_MAXIMUM_FREE_ROLE
 
     def clean(self):
-        """Check user rights for adding an user."""
-        cleaned_data = super().clean()
-
-        if "start_date" in cleaned_data and not cleaned_data["start_date"]:
-            # Drop start_date if allowed to edition but not specified
-            cleaned_data.pop("start_date")
-
-        if not cleaned_data.get("users"):
-            # No user to add equals no check needed
-            return cleaned_data
-
-        if cleaned_data.get("role", "") == "":
-            # Role is required if users exists
-            self.add_error("role", _("You should specify a role"))
-            return cleaned_data
-
-        request_user = self.request_user
-        membership = self.request_user_membership
-        if not (
-            cleaned_data["role"] <= settings.SITH_MAXIMUM_FREE_ROLE
-            or (membership is not None and membership.role >= cleaned_data["role"])
-            or request_user.is_board_member
-            or request_user.is_root
-        ):
-            raise forms.ValidationError(_("You do not have the permission to do that"))
-        return cleaned_data
+        """Check that the user is subscribed and isn't already in the club."""
+        if not self.request_user.is_subscribed:
+            raise forms.ValidationError(
+                _("You must be subscribed to join a club"), code="invalid"
+            )
+        if self.club.get_membership_for(self.request_user):
+            raise forms.ValidationError(
+                _("You are already a member of this club"), code="invalid"
+            )
+        return super().clean()

club/migrations/0011_auto_20180426_2013.py

@@ -1,10 +1,9 @@
 from __future__ import unicode_literals
 
 import django.db.models.deletion
+from django.conf import settings
 from django.db import migrations, models
 
-import club.models
-
 
 class Migration(migrations.Migration):
     dependencies = [("club", "0010_auto_20170912_2028")]
@@ -15,7 +14,7 @@ class Migration(migrations.Migration):
             name="owner_group",
             field=models.ForeignKey(
                 on_delete=django.db.models.deletion.CASCADE,
-                default=club.models.get_default_owner_group,
+                default=lambda: settings.SITH_ROOT_USER_ID,
                 related_name="owned_club",
                 to="core.Group",
             ),

club/migrations/0012_club_board_group_club_members_group.py

@@ -34,12 +34,10 @@ def migrate_meta_groups(apps: StateApps, schema_editor):
     clubs = list(Club.objects.all())
     for club in clubs:
         club.board_group = meta_groups.get_or_create(
-            name=club.unix_name + settings.SITH_BOARD_SUFFIX,
-            defaults={"is_meta": True},
+            name=f"{club.unix_name}-bureau", defaults={"is_meta": True}
         )[0]
         club.members_group = meta_groups.get_or_create(
-            name=club.unix_name + settings.SITH_MEMBER_SUFFIX,
-            defaults={"is_meta": True},
+            name=f"{club.unix_name}-membres", defaults={"is_meta": True}
         )[0]
         club.save()
         club.refresh_from_db()

club/migrations/0013_alter_club_board_group_alter_club_members_group_and_more.py

@@ -29,7 +29,7 @@ class Migration(migrations.Migration):
         migrations.AddConstraint(
             model_name="membership",
             constraint=models.CheckConstraint(
-                check=models.Q(("end_date__gte", models.F("start_date"))),
+                condition=models.Q(("end_date__gte", models.F("start_date"))),
                 name="end_after_start",
             ),
         ),

club/migrations/0014_alter_club_options_rename_unix_name_club_slug_name_and_more.py

@@ -0,0 +1,75 @@
+# Generated by Django 4.2.17 on 2025-02-28 20:34
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+import core.fields
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0044_alter_userban_options"),
+        ("club", "0013_alter_club_board_group_alter_club_members_group_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(name="club", options={"ordering": ["name"]}),
+        migrations.RenameField(
+            model_name="club",
+            old_name="unix_name",
+            new_name="slug_name",
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="name",
+            field=models.CharField(unique=True, max_length=64, verbose_name="name"),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="slug_name",
+            field=models.SlugField(
+                editable=False, max_length=30, unique=True, verbose_name="slug name"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="id",
+            field=models.AutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="logo",
+            field=core.fields.ResizedImageField(
+                blank=True,
+                force_format="WEBP",
+                height=200,
+                null=True,
+                upload_to="club_logos",
+                verbose_name="logo",
+                width=200,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="page",
+            field=models.OneToOneField(
+                blank=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="club",
+                to="core.page",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="club",
+            name="short_description",
+            field=models.CharField(
+                blank=True,
+                default="",
+                help_text="A summary of what your club does. This will be displayed on the club list page.",
+                max_length=1000,
+                verbose_name="short description",
+            ),
+        ),
+    ]

club/models.py

@@ -26,57 +26,59 @@ from __future__ import annotations
 from typing import Iterable, Self
 
 from django.conf import settings
-from django.core import validators
 from django.core.cache import cache
 from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.core.validators import RegexValidator, validate_email
 from django.db import models, transaction
-from django.db.models import Exists, F, OuterRef, Q
+from django.db.models import Exists, F, OuterRef, Q, Value
+from django.db.models.functions import Greatest
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.functional import cached_property
+from django.utils.text import slugify
 from django.utils.timezone import localdate
 from django.utils.translation import gettext_lazy as _
 
+from core.fields import ResizedImageField
 from core.models import Group, Notification, Page, SithFile, User
 
-# Create your models here.
 
-
-# This function prevents generating migration upon settings change
-def get_default_owner_group():
-    return settings.SITH_GROUP_ROOT_ID
+class ClubQuerySet(models.QuerySet):
+    def having_board_member(self, user: User) -> Self:
+        """Filter all club in which the given user is a board member."""
+        active_memberships = user.memberships.board().ongoing()
+        return self.filter(Exists(active_memberships.filter(club=OuterRef("pk"))))
 
 
 class Club(models.Model):
     """The Club class, made as a tree to allow nice tidy organization."""
 
-    id = models.AutoField(primary_key=True, db_index=True)
-    name = models.CharField(_("name"), max_length=64)
+    name = models.CharField(_("name"), unique=True, max_length=64)
     parent = models.ForeignKey(
         "Club", related_name="children", null=True, blank=True, on_delete=models.CASCADE
     )
-    unix_name = models.CharField(
-        _("unix name"),
-        max_length=30,
-        unique=True,
-        validators=[
-            validators.RegexValidator(
-                r"^[a-z0-9][a-z0-9._-]*[a-z0-9]$",
-                _(
-                    "Enter a valid unix name. This value may contain only "
-                    "letters, numbers ./-/_ characters."
-                ),
-            )
-        ],
-        error_messages={"unique": _("A club with that unix name already exists.")},
+    slug_name = models.SlugField(
+        _("slug name"), max_length=30, unique=True, editable=False
     )
-    logo = models.ImageField(
-        upload_to="club_logos", verbose_name=_("logo"), null=True, blank=True
+    logo = ResizedImageField(
+        upload_to="club_logos",
+        verbose_name=_("logo"),
+        null=True,
+        blank=True,
+        force_format="WEBP",
+        height=200,
+        width=200,
     )
     is_active = models.BooleanField(_("is active"), default=True)
     short_description = models.CharField(
-        _("short description"), max_length=1000, default="", blank=True, null=True
+        _("short description"),
+        max_length=1000,
+        default="",
+        blank=True,
+        help_text=_(
+            "A summary of what your club does. "
+            "This will be displayed on the club list page."
+        ),
     )
     address = models.CharField(_("address"), max_length=254)
     home = models.OneToOneField(
@@ -88,7 +90,7 @@ class Club(models.Model):
         on_delete=models.SET_NULL,
     )
     page = models.OneToOneField(
-        Page, related_name="club", blank=True, null=True, on_delete=models.CASCADE
+        Page, related_name="club", blank=True, on_delete=models.CASCADE
     )
     members_group = models.OneToOneField(
         Group, related_name="club", on_delete=models.PROTECT
@@ -97,8 +99,10 @@ class Club(models.Model):
         Group, related_name="club_board", on_delete=models.PROTECT
     )
 
+    objects = ClubQuerySet.as_manager()
+
     class Meta:
-        ordering = ["name", "unix_name"]
+        ordering = ["name"]
 
     def __str__(self):
         return self.name
@@ -106,10 +110,12 @@ class Club(models.Model):
     @transaction.atomic()
     def save(self, *args, **kwargs):
         creation = self._state.adding
+        if (slug := slugify(self.name)[:30]) != self.slug_name:
+            self.slug_name = slug
         if not creation:
             db_club = Club.objects.get(id=self.id)
-            if self.unix_name != db_club.unix_name:
-                self.home.name = self.unix_name
+            if self.name != db_club.name:
+                self.home.name = self.slug_name
                 self.home.save()
             if self.name != db_club.name:
                 self.board_group.name = f"{self.name} - Bureau"
@@ -123,11 +129,9 @@ class Club(models.Model):
             self.members_group = Group.objects.create(
                 name=f"{self.name} - Membres", is_manually_manageable=False
             )
-        super().save(*args, **kwargs)
-        if creation:
             self.make_home()
         self.make_page()
-        cache.set(f"sith_club_{self.unix_name}", self)
+        super().save(*args, **kwargs)
 
     def get_absolute_url(self):
         return reverse("club:club_view", kwargs={"club_id": self.id})
@@ -155,49 +159,37 @@ class Club(models.Model):
     def make_home(self) -> None:
         if self.home:
             return
-        home_root = SithFile.objects.filter(parent=None, name="clubs").first()
-        root = User.objects.filter(username="root").first()
-        if home_root and root:
-            home = SithFile(parent=home_root, name=self.unix_name, owner=root)
-            home.save()
-            self.home = home
-            self.save()
+        home_root = SithFile.objects.get(parent=None, name="clubs")
+        root = User.objects.get(id=settings.SITH_ROOT_USER_ID)
+        self.home = SithFile.objects.create(
+            parent=home_root, name=self.slug_name, owner=root
+        )
 
     def make_page(self) -> None:
-        root = User.objects.filter(username="root").first()
-        if not self.page:
-            club_root = Page.objects.filter(name=settings.SITH_CLUB_ROOT_PAGE).first()
-            if root and club_root:
-                public = Group.objects.filter(id=settings.SITH_GROUP_PUBLIC_ID).first()
-                p = Page(name=self.unix_name)
-                p.parent = club_root
-                p.save(force_lock=True)
-                if public:
-                    p.view_groups.add(public)
-                p.save(force_lock=True)
-                if self.parent and self.parent.page:
-                    p.parent = self.parent.page
-                self.page = p
-                self.save()
-        elif self.page and self.page.name != self.unix_name:
-            self.page.unset_lock()
-            self.page.name = self.unix_name
-            self.page.save(force_lock=True)
-        elif (
-            self.page
-            and self.parent
-            and self.parent.page
-            and self.page.parent != self.parent.page
-        ):
-            self.page.unset_lock()
+        page_name = self.slug_name
+        if not self.page_id:
+            # Club.page is a OneToOneField, so if we are inside this condition
+            # then self._meta.state.adding is True.
+            club_root = Page.objects.get(name=settings.SITH_CLUB_ROOT_PAGE)
+            public = Group.objects.get(id=settings.SITH_GROUP_PUBLIC_ID)
+            p = Page(name=page_name, parent=club_root)
+            p.save(force_lock=True)
+            p.view_groups.add(public)
+            if self.parent and self.parent.page_id:
+                p.parent_id = self.parent.page_id
+            self.page = p
+            return
+        self.page.unset_lock()
+        if self.page.name != page_name:
+            self.page.name = page_name
+        elif self.parent and self.parent.page and self.page.parent != self.parent.page:
             self.page.parent = self.parent.page
-            self.page.save(force_lock=True)
+        self.page.save(force_lock=True)
 
     def delete(self, *args, **kwargs) -> tuple[int, dict[str, int]]:
         # Invalidate the cache of this club and of its memberships
         for membership in self.members.ongoing().select_related("user"):
             cache.delete(f"membership_{self.id}_{membership.user.id}")
-        cache.delete(f"sith_club_{self.unix_name}")
         self.board_group.delete()
         self.members_group.delete()
         return super().delete(*args, **kwargs)
@@ -218,10 +210,6 @@ class Club(models.Model):
         """Method to see if that object can be edited by the given user."""
         return self.has_rights_in_club(user)
 
-    def can_be_viewed_by(self, user: User) -> bool:
-        """Method to see if that object can be seen by the given user."""
-        return user.was_subscribed
-
     def get_membership_for(self, user: User) -> Membership | None:
         """Return the current membership the given user.
 
@@ -261,6 +249,44 @@ class MembershipQuerySet(models.QuerySet):
         """
         return self.filter(role__gt=settings.SITH_MAXIMUM_FREE_ROLE)
 
+    def editable_by(self, user: User) -> Self:
+        """Filter Memberships that this user can edit.
+
+        Users with the `club.change_membership` permission can edit all Membership.
+        The other users can edit :
+        - their own membership
+        - if they are board members, ongoing memberships with a role lower than their own
+
+        For example, let's suppose the following users :
+        - A : board member
+        - B : board member
+        - C : simple member
+        - D : curious
+        - E : old member
+
+        A will be able to edit the memberships of A, C and D ;
+        C and D will be able to edit only their own membership ;
+        nobody will be able to edit E's membership.
+        """
+        if user.has_perm("club.change_membership"):
+            return self.all()
+        return self.filter(
+            Q(user=user)
+            | Exists(
+                Membership.objects.filter(
+                    Q(
+                        role__gt=Greatest(
+                            OuterRef("role"), Value(settings.SITH_MAXIMUM_FREE_ROLE)
+                        )
+                    ),
+                    user=user,
+                    end_date=None,
+                    club=OuterRef("club"),
+                )
+            ),
+            end_date=None,
+        )
+
     def update(self, **kwargs) -> int:
         """Refresh the cache and edit group ownership.
 
@@ -337,16 +363,12 @@ class Membership(models.Model):
         User,
         verbose_name=_("user"),
         related_name="memberships",
-        null=False,
-        blank=False,
         on_delete=models.CASCADE,
     )
     club = models.ForeignKey(
         Club,
         verbose_name=_("club"),
         related_name="members",
-        null=False,
-        blank=False,
         on_delete=models.CASCADE,
     )
     start_date = models.DateField(_("start date"), default=timezone.now)
@@ -365,7 +387,7 @@ class Membership(models.Model):
     class Meta:
         constraints = [
             models.CheckConstraint(
-                check=Q(end_date__gte=F("start_date")), name="end_after_start"
+                condition=Q(end_date__gte=F("start_date")), name="end_after_start"
             ),
         ]
 

club/schemas.py

@@ -1,9 +1,40 @@
 from ninja import ModelSchema
 
-from club.models import Club
+from club.models import Club, Membership
+from core.schemas import SimpleUserSchema
+
+
+class SimpleClubSchema(ModelSchema):
+    class Meta:
+        model = Club
+        fields = ["id", "name"]
+
+
+class ClubProfileSchema(ModelSchema):
+    """The infos needed to display a simple club profile."""
+
+    class Meta:
+        model = Club
+        fields = ["id", "name", "logo"]
+
+    url: str
+
+    @staticmethod
+    def resolve_url(obj: Club) -> str:
+        return obj.get_absolute_url()
+
+
+class ClubMemberSchema(ModelSchema):
+    class Meta:
+        model = Membership
+        fields = ["start_date", "end_date", "role", "description"]
+
+    user: SimpleUserSchema
 
 
 class ClubSchema(ModelSchema):
     class Meta:
         model = Club
-        fields = ["id", "name"]
+        fields = ["id", "name", "logo", "is_active", "short_description", "address"]
+
+    members: list[ClubMemberSchema]

club/static/club/members.scss

@@ -0,0 +1,24 @@
+#club_members_table {
+  tbody label {
+    margin: 0;
+    padding: 0;
+  }
+}
+
+#add_club_members_form {
+  fieldset {
+    display: flex;
+    flex-direction: row;
+    column-gap: 2em;
+    row-gap: 1em;
+    flex-wrap: wrap;
+
+    @media (max-width: 1100px) {
+      justify-content: space-evenly;
+    }
+
+    .errorlist {
+      max-width: 300px;
+    }
+  }
+}

club/templates/club/club_detail.jinja

@@ -1,10 +1,18 @@
 {% extends "core/base.jinja" %}
 {% from 'core/macros.jinja' import user_profile_link %}
 
+{% block title -%}
+  {{ club.name }}
+{%- endblock %}
+
+{% block description -%}
+  {{ club.short_description }}
+{%- endblock %}
+
 {% block content %}
   <div id="club_detail">
     {% if club.logo %}
-      <div class="club_logo"><img src="{{ club.logo.url }}" alt="{{ club.unix_name }}"></div>
+      <div class="club_logo"><img src="{{ club.logo.url }}" alt="{{ club.name }}"></div>
     {% endif %}
     {% if page_revision %}
       {{ page_revision|markdown }}

club/templates/club/club_list.jinja

@@ -1,8 +1,12 @@
 {% extends "core/base.jinja" %}
 
-{% block title %}
+{% block title -%}
   {% trans %}Club list{% endtrans %}
-{% endblock %}
+{%- endblock %}
+
+{% block description -%}
+  {% trans %}The list of all clubs existing at UTBM.{% endtrans %}
+{%- endblock %}
 
 {% macro display_club(club) -%}
 
@@ -21,7 +25,7 @@
 
   {%- if club.children.all()|length != 0 %}
     <ul>
-      {%- for c in club.children.order_by('name') %}
+      {%- for c in club.children.order_by('name').prefetch_related("children") %}
         {{ display_club(c) }}
       {%- endfor %}
     </ul>
@@ -36,8 +40,8 @@
   {% if club_list %}
     <h3>{% trans %}Club list{% endtrans %}</h3>
     <ul>
-      {%- for c in club_list.all().order_by('name') if c.parent is none %}
-        {{ display_club(c) }}
+      {%- for club in club_list %}
+        {{ display_club(club) }}
       {%- endfor %}
     </ul>
   {% else %}

club/templates/club/club_members.jinja

@@ -1,24 +1,42 @@
 {% extends "core/base.jinja" %}
 {% from 'core/macros.jinja' import user_profile_link, select_all_checkbox %}
 
+{% block additional_js %}
+  <script type="module" src="{{ static("bundled/core/components/ajax-select-index.ts") }}"></script>
+{% endblock %}
+{% block additional_css %}
+  <link rel="stylesheet" href="{{ static("bundled/core/components/ajax-select-index.css") }}">
+  <link rel="stylesheet" href="{{ static("club/members.scss") }}">
+{% endblock %}
+
 {% block content %}
+  {% block notifications %}
+    {# Notifications are moved a little bit below #}
+  {% endblock %}
+
   <h2>{% trans %}Club members{% endtrans %}</h2>
+
+  {% if add_member_fragment %}
+    <br />
+    {{ add_member_fragment }}
+    <br />
+  {% endif %}
+  {% include "core/base/notifications.jinja" %}
   {% if members %}
-    <form action="{{ url('club:club_members', club_id=club.id) }}" id="users_old" method="post">
+    <form action="{{ url('club:club_members', club_id=club.id) }}" id="members_old" method="post">
       {% csrf_token %}
-      {% set users_old = dict(form.users_old | groupby("choice_label")) %}
-      {% if users_old %}
-        {{ select_all_checkbox("users_old") }}
-        <p></p>
+      {% if can_end_membership %}
+        {{ select_all_checkbox("members_old") }}
+        <br />
       {% endif %}
-      <table>
+      <table id="club_members_table">
         <thead>
           <tr>
             <td>{% trans %}User{% endtrans %}</td>
             <td>{% trans %}Role{% endtrans %}</td>
             <td>{% trans %}Description{% endtrans %}</td>
             <td>{% trans %}Since{% endtrans %}</td>
-            {% if users_old %}
+            {% if can_end_membership %}
               <td>{% trans %}Mark as old{% endtrans %}</td>
             {% endif %}
           </tr>
@@ -30,20 +48,24 @@
               <td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
               <td>{{ m.description }}</td>
               <td>{{ m.start_date }}</td>
-              {% if users_old %}
+              {%- if can_end_membership -%}
                 <td>
-                  {% set user_old = users_old[m.user.get_display_name()] %}
-                  {% if user_old %}
-                    {{ user_old[0].tag() }}
-                  {% endif %}
+                  {%- if m.is_editable -%}
+                    <label for="id_members_old_{{ loop.index }}"></label>
+                    <input
+                      type="checkbox"
+                      name="members_old"
+                      value="{{ m.id }}"
+                      id="id_members_old_{{ loop.index }}"
+                    >
+                  {%- endif -%}
                 </td>
-              {% endif %}
+              {%- endif -%}
             </tr>
           {% endfor %}
         </tbody>
       </table>
-      {{ form.users_old.errors }}
-      {% if users_old %}
+      {% if can_end_membership %}
         <p></p>
         <input type="submit" name="submit" value="{% trans %}Mark as old{% endtrans %}">
       {% endif %}
@@ -51,32 +73,4 @@
   {% else %}
     <p>{% trans %}There are no members in this club.{% endtrans %}</p>
   {% endif %}
-  <form action="{{ url('club:club_members', club_id=club.id) }}" id="add_users" method="post">
-    {% csrf_token %}
-    {{ form.non_field_errors() }}
-    <p>
-      {{ form.users.errors }}
-      <label for="{{ form.users.id_for_label }}">{{ form.users.label }} :</label>
-      {{ form.users }}
-      <span class="helptext">{{ form.users.help_text }}</span>
-    </p>
-    <p>
-      {{ form.role.errors }}
-      <label for="{{ form.role.id_for_label }}">{{ form.role.label }} :</label>
-      {{ form.role }}
-    </p>
-    {% if form.start_date %}
-      <p>
-        {{ form.start_date.errors }}
-        <label for="{{ form.start_date.id_for_label }}">{{ form.start_date.label }} :</label>
-        {{ form.start_date }}
-      </p>
-    {% endif %}
-    <p>
-      {{ form.description.errors }}
-      <label for="{{ form.description.id_for_label }}">{{ form.description.label }} :</label>
-      {{ form.description }}
-    </p>
-    <p><input type="submit" value="{% trans %}Add{% endtrans %}" /></p>
-  </form>
 {% endblock %}

club/templates/club/club_old_members.jinja

@@ -5,20 +5,22 @@
   <h2>{% trans %}Club old members{% endtrans %}</h2>
   <table>
     <thead>
-      <td>{% trans %}User{% endtrans %}</td>
-      <td>{% trans %}Role{% endtrans %}</td>
-      <td>{% trans %}Description{% endtrans %}</td>
-      <td>{% trans %}From{% endtrans %}</td>
-      <td>{% trans %}To{% endtrans %}</td>
+      <tr>
+        <td>{% trans %}User{% endtrans %}</td>
+        <td>{% trans %}Role{% endtrans %}</td>
+        <td>{% trans %}Description{% endtrans %}</td>
+        <td>{% trans %}From{% endtrans %}</td>
+        <td>{% trans %}To{% endtrans %}</td>
+      </tr>
     </thead>
     <tbody>
-      {% for m in club.members.exclude(end_date=None).order_by('-role', 'description', '-end_date').all() %}
+      {% for member in old_members %}
         <tr>
-          <td>{{ user_profile_link(m.user) }}</td>
-          <td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
-          <td>{{ m.description }}</td>
-          <td>{{ m.start_date }}</td>
-          <td>{{ m.end_date }}</td>
+          <td>{{ user_profile_link(member.user) }}</td>
+          <td>{{ settings.SITH_CLUB_ROLES[member.role] }}</td>
+          <td>{{ member.description }}</td>
+          <td>{{ member.start_date }}</td>
+          <td>{{ member.end_date }}</td>
         </tr>
       {% endfor %}
     </tbody>

club/templates/club/club_sellings.jinja

@@ -83,9 +83,10 @@ TODO : rewrite the pagination used in this template an Alpine one
   </table>
   <script type="text/javascript">
     function formPagination(link){
-      $("form").attr("action", link.href);
+      const form = document.getElementById("form")
+      form.action = link.href;
       link.href = "javascript:void(0)"; // block link action
-      $("form").submit();
+      form.submit();
     }
   </script>
   {{ paginate(paginated_result, paginator, "formPagination(this)") }}

club/templates/club/club_tools.jinja

@@ -16,30 +16,13 @@
     </ul>
     <h4>{% trans %}Counters:{% endtrans %}</h4>
     <ul>
-      {% if object.unix_name == settings.SITH_LAUNDERETTE_MANAGER['unix_name'] %}
-        {% for l in Launderette.objects.all() %}
-          <li><a href="{{ url('launderette:main_click', launderette_id=l.id) }}">{{ l }}</a></li>
-        {% endfor %}
-      {% elif object.counters.filter(type="OFFICE")|count > 0 %}
-        {% for c in object.counters.filter(type="OFFICE") %}
-          <li>{{ c }}:
-            <a href="{{ url('counter:details', counter_id=c.id) }}">View</a>
-            <a href="{{ url('counter:admin', counter_id=c.id) }}">Edit</a>
-          </li>
-        {% endfor %}
-      {% endif %}
+      {% for c in object.counters.filter(type="OFFICE") %}
+        <li>{{ c }}:
+          <a href="{{ url('counter:details', counter_id=c.id) }}">View</a>
+          <a href="{{ url('counter:admin', counter_id=c.id) }}">Edit</a>
+        </li>
+      {% endfor %}
     </ul>
-    {% if object.club_account.exists() %}
-      <h4>{% trans %}Accounting: {% endtrans %}</h4>
-      <ul>
-        {% for ca in object.club_account.all() %}
-          <li><a href="{{ url('accounting:club_details', c_account_id=ca.id) }}">{{ ca.get_display_name() }}</a></li>
-        {% endfor %}
-      </ul>
-    {% endif %}
-    {% if object.unix_name == settings.SITH_LAUNDERETTE_MANAGER['unix_name'] %}
-      <li><a href="{{ url('launderette:launderette_list') }}">{% trans %}Manage launderettes{% endtrans %}</a></li>
-    {% endif %}
   </div>
 {% endblock %}
 

club/templates/club/edit_club.jinja

@@ -0,0 +1,54 @@
+{% extends "core/base.jinja" %}
+
+{% block title %}
+  {% trans name=object %}Edit {{ name }}{% endtrans %}
+{% endblock %}
+
+{% block content %}
+  <h2>{% trans name=object %}Edit {{ name }}{% endtrans %}</h2>
+
+  <form action="" method="post" enctype="multipart/form-data">
+    {% csrf_token %}
+
+    {{ form.non_field_errors() }}
+
+    {% if form.admin_fields %}
+      {# If the user is admin, display the admin fields,
+         and explicitly separate them from the non-admin ones,
+         with some help text.
+         Non-admin users will only see the regular form fields,
+         so they don't need thoses explanations #}
+      <h3>{% trans %}Club properties{% endtrans %}</h3>
+      <p class="helptext">
+        {% trans trimmed %}
+          The following form fields are linked to the core properties of a club.
+          Only admin users can see and edit them.
+        {% endtrans %}
+      </p>
+      <fieldset class="required margin-bottom">
+        {% for field_name in form.admin_fields %}
+          {% set field = form[field_name] %}
+          <div class="form-group">
+            {{ field.errors }}
+            {{ field.label_tag() }}
+            {{ field }}
+          </div>
+          {# Remove the the admin fields from the form.
+             The remaining non-admin fields will be rendered
+             at once with a simple {{ form.as_p() }} #}
+          {% set _ = form.fields.pop(field_name) %}
+        {% endfor %}
+      </fieldset>
+
+      <h3>{% trans %}Club informations{% endtrans %}</h3>
+      <p class="helptext">
+        {% trans trimmed %}
+          The following form fields are linked to the basic description of a club.
+          All board members of this club can see and edit them.
+        {% endtrans %}
+      </p>
+    {% endif %}
+    {{ form.as_p() }}
+    <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
+  </form>
+{% endblock content %}

club/templates/club/fragments/add_member.jinja

@@ -0,0 +1,46 @@
+<section id="member-fragment-container">
+  {% if form.user %}
+    <h4>{% trans %}Add a new member{% endtrans %}</h4>
+  {% else %}
+    <h4>{% trans %}Join club{% endtrans %}</h4>
+  {% endif %}
+
+  <form
+    hx-post="{{ url('club:club_new_members', club_id=club.id) }}"
+    hx-disabled-elt="find input[type='submit']"
+    hx-swap="outerHTML"
+    hx-target="#member-fragment-container"
+    id="add_club_members_form"
+  >
+    {% csrf_token %}
+    {{ form.non_field_errors() }}
+    <fieldset>
+      {% if form.user %}
+        <div>
+          {{ form.user.label_tag() }}
+          <span class="helptext">{{ form.user.help_text }}</span>
+          {{ form.user }}
+          {{ form.user.errors }}
+        </div>
+      {% endif %}
+      <div>
+        {{ form.role.label_tag() }}
+        {{ form.role }}
+        {{ form.role.errors }}
+      </div>
+      <div>
+        {{ form.description.label_tag() }}
+        {{ form.description }}
+        {{ form.description.errors }}
+      </div>
+    </fieldset>
+    <button type="submit" class="btn btn-blue">
+      <i class="fa fa-user-plus"></i>
+      {%- if form.user -%}
+        {% trans %}Add{% endtrans %}
+      {%- else -%}
+        {% trans %}Join{% endtrans %}
+      {%- endif -%}
+    </button>
+  </form>
+</section>

club/templates/club/stats.jinja

@@ -1,49 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% trans %}Club stats{% endtrans %}
-{% endblock %}
-
-{% block content %}
-  {% if club_list %}
-    <h3>{% trans %}Club stats{% endtrans %}</h3>
-    <form action="" method="GET">
-      {% csrf_token %}
-      <p>
-        <select name="branch">
-          {% for b in settings.SITH_PROFILE_DEPARTMENTS %}
-            <option value="{{ b[0] }}">{{ b[0] }}</option>
-          {% endfor %}
-        </select>
-      </p>
-      <p><input type="submit" value="{% trans %}Show{% endtrans %}" /></p>
-    </form>
-    <table>
-      <thead>
-        <tr>
-          <td>Club</td>
-          <td>Member number</td>
-          <td>Old member number</td>
-        </tr>
-      </thead>
-      <tbody>
-        {% for c in club_list.order_by('id') %}
-          {% set members = c.members.all() %}
-          {% if request.GET['branch'] %}
-            {% set members = members.filter(user__department=request.GET['branch']) %}
-          {% endif %}
-          <tr>
-            <td>{{ c.get_display_name() }}</td>
-            <td>{{ members.filter(end_date=None, role__gt=settings.SITH_MAXIMUM_FREE_ROLE).count() }}</td>
-            <td>{{ members.exclude(end_date=None, role__gt=settings.SITH_MAXIMUM_FREE_ROLE).count() }}</td>
-          </tr>
-        {% endfor %}
-      </tbody>
-    </table>
-  {% else %}
-    {% trans %}There is no club in this website.{% endtrans %}
-  {% endif %}
-{% endblock %}
-
-
-

club/tests.py

@@ -1,906 +0,0 @@
-#
-# Copyright 2023 © AE UTBM
-# ae@utbm.fr / ae.info@utbm.fr
-#
-# This file is part of the website of the UTBM Student Association (AE UTBM),
-# https://ae.utbm.fr.
-#
-# You can find the source code of the website at https://github.com/ae-utbm/sith
-#
-# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
-# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
-# OR WITHIN THE LOCAL FILE "LICENSE"
-#
-#
-from datetime import timedelta
-
-from django.conf import settings
-from django.core.cache import cache
-from django.test import TestCase
-from django.urls import reverse
-from django.utils import timezone
-from django.utils.timezone import localdate, localtime, now
-from django.utils.translation import gettext as _
-from model_bakery import baker
-
-from club.forms import MailingForm
-from club.models import Club, Mailing, Membership
-from core.baker_recipes import subscriber_user
-from core.models import AnonymousUser, User
-from sith.settings import SITH_BAR_MANAGER, SITH_MAIN_CLUB_ID
-
-
-class TestClub(TestCase):
-    """Set up data for test cases related to clubs and membership.
-
-    The generated dataset is the one created by the populate command,
-    plus the following modifications :
-
-    - `self.club` is a dummy club recreated for each test
-    - `self.club` has two board members : skia (role 3) and comptable (role 10)
-    - `self.club` has one regular member : richard
-    - `self.club` has one former member : sli (who had role 2)
-    - None of the `self.club` members are in the AE club.
-    """
-
-    @classmethod
-    def setUpTestData(cls):
-        # subscribed users - initial members
-        cls.skia = User.objects.get(username="skia")
-        # by default, Skia is in the AE, which creates side effect
-        cls.skia.memberships.all().delete()
-        cls.richard = User.objects.get(username="rbatsbak")
-        cls.comptable = User.objects.get(username="comptable")
-        cls.sli = User.objects.get(username="sli")
-        cls.root = User.objects.get(username="root")
-
-        # subscribed users - not initial members
-        cls.krophil = User.objects.get(username="krophil")
-        cls.subscriber = User.objects.get(username="subscriber")
-
-        # old subscriber
-        cls.old_subscriber = User.objects.get(username="old_subscriber")
-
-        # not subscribed
-        cls.public = User.objects.get(username="public")
-
-        cls.ae = Club.objects.filter(pk=SITH_MAIN_CLUB_ID)[0]
-        cls.club = Club.objects.create(
-            name="Fake Club",
-            unix_name="fake-club",
-            address="5 rue de la République, 90000 Belfort",
-        )
-        cls.members_url = reverse("club:club_members", kwargs={"club_id": cls.club.id})
-        a_month_ago = now() - timedelta(days=30)
-        yesterday = now() - timedelta(days=1)
-        Membership.objects.create(
-            club=cls.club, user=cls.skia, start_date=a_month_ago, role=3
-        )
-        Membership.objects.create(club=cls.club, user=cls.richard, role=1)
-        Membership.objects.create(
-            club=cls.club, user=cls.comptable, start_date=a_month_ago, role=10
-        )
-
-        # sli was a member but isn't anymore
-        Membership.objects.create(
-            club=cls.club,
-            user=cls.sli,
-            start_date=a_month_ago,
-            end_date=yesterday,
-            role=2,
-        )
-
-    def setUp(self):
-        cache.clear()
-
-
-class TestMembershipQuerySet(TestClub):
-    def test_ongoing(self):
-        """Test that the ongoing queryset method returns the memberships that
-        are not ended.
-        """
-        current_members = list(self.club.members.ongoing().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-            self.richard.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert current_members == expected
-
-    def test_ongoing_with_membership_ending_today(self):
-        """Test that a membership ending the present day is considered as ended."""
-        today = localdate()
-        self.richard.memberships.filter(club=self.club).update(end_date=today)
-        current_members = list(self.club.members.ongoing().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert current_members == expected
-
-    def test_board(self):
-        """Test that the board queryset method returns the memberships
-        of user in the club board.
-        """
-        board_members = list(self.club.members.board().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-            # sli is no more member, but he was in the board
-            self.sli.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert board_members == expected
-
-    def test_ongoing_board(self):
-        """Test that combining ongoing and board returns users
-        who are currently board members of the club.
-        """
-        members = list(self.club.members.ongoing().board().order_by("id"))
-        expected = [
-            self.skia.memberships.get(club=self.club),
-            self.comptable.memberships.get(club=self.club),
-        ]
-        expected.sort(key=lambda i: i.id)
-        assert members == expected
-
-    def test_update_invalidate_cache(self):
-        """Test that the `update` queryset method properly invalidate cache."""
-        mem_skia = self.skia.memberships.get(club=self.club)
-        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
-        self.skia.memberships.update(end_date=localtime(now()).date())
-        assert (
-            cache.get(f"membership_{mem_skia.club_id}_{mem_skia.user_id}")
-            == "not_member"
-        )
-
-        mem_richard = self.richard.memberships.get(club=self.club)
-        cache.set(
-            f"membership_{mem_richard.club_id}_{mem_richard.user_id}", mem_richard
-        )
-        self.richard.memberships.update(role=5)
-        new_mem = self.richard.memberships.get(club=self.club)
-        assert new_mem != "not_member"
-        assert new_mem.role == 5
-
-    def test_update_change_club_groups(self):
-        """Test that `update` set the user groups accordingly."""
-        user = baker.make(User)
-        membership = baker.make(Membership, end_date=None, user=user, role=5)
-        members_group = membership.club.members_group
-        board_group = membership.club.board_group
-        assert user.groups.contains(members_group)
-        assert user.groups.contains(board_group)
-
-        user.memberships.update(role=1)  # from board to simple member
-        assert user.groups.contains(members_group)
-        assert not user.groups.contains(board_group)
-
-        user.memberships.update(role=5)  # from member to board
-        assert user.groups.contains(members_group)
-        assert user.groups.contains(board_group)
-
-        user.memberships.update(end_date=localdate())  # end the membership
-        assert not user.groups.contains(members_group)
-        assert not user.groups.contains(board_group)
-
-    def test_delete_invalidate_cache(self):
-        """Test that the `delete` queryset properly invalidate cache."""
-        mem_skia = self.skia.memberships.get(club=self.club)
-        mem_comptable = self.comptable.memberships.get(club=self.club)
-        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
-        cache.set(
-            f"membership_{mem_comptable.club_id}_{mem_comptable.user_id}", mem_comptable
-        )
-
-        # should delete the subscriptions of skia and comptable
-        self.club.members.ongoing().board().delete()
-
-        for membership in (mem_skia, mem_comptable):
-            cached_mem = cache.get(
-                f"membership_{membership.club_id}_{membership.user_id}"
-            )
-            assert cached_mem == "not_member"
-
-    def test_delete_remove_from_groups(self):
-        """Test that `delete` removes from club groups"""
-        user = baker.make(User)
-        memberships = baker.make(Membership, role=iter([1, 5]), user=user, _quantity=2)
-        club_groups = {
-            memberships[0].club.members_group,
-            memberships[1].club.members_group,
-            memberships[1].club.board_group,
-        }
-        assert set(user.groups.all()) == club_groups
-        user.memberships.all().delete()
-        assert user.groups.all().count() == 0
-
-
-class TestClubModel(TestClub):
-    def assert_membership_started_today(self, user: User, role: int):
-        """Assert that the given membership is active and started today."""
-        membership = user.memberships.ongoing().filter(club=self.club).first()
-        assert membership is not None
-        assert localtime(now()).date() == membership.start_date
-        assert membership.end_date is None
-        assert membership.role == role
-        assert membership.club.get_membership_for(user) == membership
-        assert user.is_in_group(pk=self.club.members_group_id)
-        assert user.is_in_group(pk=self.club.board_group_id)
-
-    def assert_membership_ended_today(self, user: User):
-        """Assert that the given user have a membership which ended today."""
-        today = localtime(now()).date()
-        assert user.memberships.filter(club=self.club, end_date=today).exists()
-        assert self.club.get_membership_for(user) is None
-
-    def test_access_unauthorized(self):
-        """Test that users who never subscribed and anonymous users
-        cannot see the page.
-        """
-        response = self.client.post(self.members_url)
-        assert response.status_code == 403
-
-        self.client.force_login(self.public)
-        response = self.client.post(self.members_url)
-        assert response.status_code == 403
-
-    def test_display(self):
-        """Test that a GET request return a page where the requested
-        information are displayed.
-        """
-        self.client.force_login(self.skia)
-        response = self.client.get(self.members_url)
-        assert response.status_code == 200
-        expected_html = (
-            "<table><thead><tr>"
-            "<td>Utilisateur</td><td>Rôle</td><td>Description</td>"
-            "<td>Depuis</td><td>Marquer comme ancien</td>"
-            "</tr></thead><tbody>"
-        )
-        memberships = self.club.members.ongoing().order_by("-role")
-        input_id = 0
-        for membership in memberships.select_related("user"):
-            user = membership.user
-            expected_html += (
-                f"<tr><td><a href=\"{reverse('core:user_profile', args=[user.id])}\">"
-                f"{user.get_display_name()}</a></td>"
-                f"<td>{settings.SITH_CLUB_ROLES[membership.role]}</td>"
-                f"<td>{membership.description}</td>"
-                f"<td>{membership.start_date}</td><td>"
-            )
-            if membership.role <= 3:  # 3 is the role of skia
-                expected_html += (
-                    '<input type="checkbox" name="users_old" '
-                    f'value="{user.id}" '
-                    f'id="id_users_old_{input_id}">'
-                )
-                input_id += 1
-            expected_html += "</td></tr>"
-        expected_html += "</tbody></table>"
-        self.assertInHTML(expected_html, response.content.decode())
-
-    def test_root_add_one_club_member(self):
-        """Test that root users can add members to clubs, one at a time."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": [self.subscriber.id], "role": 3},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.subscriber.refresh_from_db()
-        self.assert_membership_started_today(self.subscriber, role=3)
-
-    def test_root_add_multiple_club_member(self):
-        """Test that root users can add multiple members at once to clubs."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {
-                "users": (self.subscriber.id, self.krophil.id),
-                "role": 3,
-            },
-        )
-        self.assertRedirects(response, self.members_url)
-        self.subscriber.refresh_from_db()
-        self.assert_membership_started_today(self.subscriber, role=3)
-        self.assert_membership_started_today(self.krophil, role=3)
-
-    def test_add_unauthorized_members(self):
-        """Test that users who are not currently subscribed
-        cannot be members of clubs.
-        """
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.public.id, "role": 1},
-        )
-        assert not self.public.memberships.filter(club=self.club).exists()
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-
-        response = self.client.post(
-            self.members_url,
-            {"users": self.old_subscriber.id, "role": 1},
-        )
-        assert not self.public.memberships.filter(club=self.club).exists()
-        assert self.club.get_membership_for(self.public) is None
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-
-    def test_add_members_already_members(self):
-        """Test that users who are already members of a club
-        cannot be added again to this club.
-        """
-        self.client.force_login(self.root)
-        current_membership = self.skia.memberships.ongoing().get(club=self.club)
-        nb_memberships = self.skia.memberships.count()
-        self.client.post(
-            self.members_url,
-            {"users": self.skia.id, "role": current_membership.role + 1},
-        )
-        self.skia.refresh_from_db()
-        assert nb_memberships == self.skia.memberships.count()
-        new_membership = self.skia.memberships.ongoing().get(club=self.club)
-        assert current_membership == new_membership
-        assert self.club.get_membership_for(self.skia) == new_membership
-
-    def test_add_not_existing_users(self):
-        """Test that not existing users cannot be added in clubs.
-        If one user in the request is invalid, no membership creation at all
-        can take place.
-        """
-        self.client.force_login(self.root)
-        nb_memberships = self.club.members.count()
-        response = self.client.post(
-            self.members_url,
-            {"users": [9999], "role": 1},
-        )
-        assert response.status_code == 200
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-        self.club.refresh_from_db()
-        assert self.club.members.count() == nb_memberships
-        response = self.client.post(
-            self.members_url,
-            {
-                "users": (self.subscriber.id, 9999),
-                "start_date": "12/06/2016",
-                "role": 3,
-            },
-        )
-        assert response.status_code == 200
-        assert '<ul class="errorlist"><li>' in response.content.decode()
-        self.club.refresh_from_db()
-        assert self.club.members.count() == nb_memberships
-
-    def test_president_add_members(self):
-        """Test that the president of the club can add members."""
-        president = self.club.members.get(role=10).user
-        nb_club_membership = self.club.members.count()
-        nb_subscriber_memberships = self.subscriber.memberships.count()
-        self.client.force_login(president)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "role": 9},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.club.refresh_from_db()
-        self.subscriber.refresh_from_db()
-        assert self.club.members.count() == nb_club_membership + 1
-        assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
-        self.assert_membership_started_today(self.subscriber, role=9)
-
-    def test_add_member_greater_role(self):
-        """Test that a member of the club member cannot create
-        a membership with a greater role than its own.
-        """
-        self.client.force_login(self.skia)
-        nb_memberships = self.club.members.count()
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "role": 10},
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            "<li>Vous n'avez pas la permission de faire cela</li>",
-            response.content.decode(),
-        )
-        self.club.refresh_from_db()
-        assert nb_memberships == self.club.members.count()
-        assert not self.subscriber.memberships.filter(club=self.club).exists()
-
-    def test_add_member_without_role(self):
-        """Test that trying to add members without specifying their role fails."""
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users": self.subscriber.id, "start_date": "12/06/2016"},
-        )
-        assert (
-            '<ul class="errorlist"><li>Vous devez choisir un r'
-            in response.content.decode()
-        )
-
-    def test_end_membership_self(self):
-        """Test that a member can end its own membership."""
-        self.client.force_login(self.skia)
-        self.client.post(
-            self.members_url,
-            {"users_old": self.skia.id},
-        )
-        self.skia.refresh_from_db()
-        self.assert_membership_ended_today(self.skia)
-
-    def test_end_membership_lower_role(self):
-        """Test that board members of the club can end memberships
-        of users with lower roles.
-        """
-        # remainder : skia has role 3, comptable has role 10, richard has role 1
-        self.client.force_login(self.skia)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": self.richard.id},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.club.refresh_from_db()
-        self.assert_membership_ended_today(self.richard)
-
-    def test_end_membership_higher_role(self):
-        """Test that board members of the club cannot end memberships
-        of users with higher roles.
-        """
-        membership = self.comptable.memberships.filter(club=self.club).first()
-        self.client.force_login(self.skia)
-        self.client.post(
-            self.members_url,
-            {"users_old": self.comptable.id},
-        )
-        self.club.refresh_from_db()
-        new_membership = self.club.get_membership_for(self.comptable)
-        assert new_membership is not None
-        assert new_membership == membership
-
-        membership = self.comptable.memberships.filter(club=self.club).first()
-        assert membership.end_date is None
-
-    def test_end_membership_as_main_club_board(self):
-        """Test that board members of the main club can end the membership
-        of anyone.
-        """
-        # make subscriber a board member
-        subscriber = subscriber_user.make()
-        Membership.objects.create(club=self.ae, user=subscriber, role=3)
-
-        nb_memberships = self.club.members.ongoing().count()
-        self.client.force_login(subscriber)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": self.comptable.id},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.assert_membership_ended_today(self.comptable)
-        assert self.club.members.ongoing().count() == nb_memberships - 1
-
-    def test_end_membership_as_root(self):
-        """Test that root users can end the membership of anyone."""
-        nb_memberships = self.club.members.ongoing().count()
-        self.client.force_login(self.root)
-        response = self.client.post(
-            self.members_url,
-            {"users_old": [self.comptable.id]},
-        )
-        self.assertRedirects(response, self.members_url)
-        self.assert_membership_ended_today(self.comptable)
-        assert self.club.members.ongoing().count() == nb_memberships - 1
-
-    def test_end_membership_as_foreigner(self):
-        """Test that users who are not in this club cannot end its memberships."""
-        nb_memberships = self.club.members.count()
-        membership = self.richard.memberships.filter(club=self.club).first()
-        self.client.force_login(self.subscriber)
-        self.client.post(
-            self.members_url,
-            {"users_old": [self.richard.id]},
-        )
-        # nothing should have changed
-        new_mem = self.club.get_membership_for(self.richard)
-        assert self.club.members.count() == nb_memberships
-        assert membership == new_mem
-
-    def test_remove_from_club_group(self):
-        """Test that when a membership ends, the user is removed from club groups."""
-        user = baker.make(User)
-        baker.make(Membership, user=user, club=self.club, end_date=None, role=3)
-        assert user.groups.contains(self.club.members_group)
-        assert user.groups.contains(self.club.board_group)
-        user.memberships.update(end_date=localdate())
-        assert not user.groups.contains(self.club.members_group)
-        assert not user.groups.contains(self.club.board_group)
-
-    def test_add_to_club_group(self):
-        """Test that when a membership begins, the user is added to the club group."""
-        assert not self.subscriber.groups.contains(self.club.members_group)
-        assert not self.subscriber.groups.contains(self.club.board_group)
-        baker.make(Membership, club=self.club, user=self.subscriber, role=3)
-        assert self.subscriber.groups.contains(self.club.members_group)
-        assert self.subscriber.groups.contains(self.club.board_group)
-
-    def test_change_position_in_club(self):
-        """Test that when moving from board to members, club group change"""
-        membership = baker.make(
-            Membership, club=self.club, user=self.subscriber, role=3
-        )
-        assert self.subscriber.groups.contains(self.club.members_group)
-        assert self.subscriber.groups.contains(self.club.board_group)
-        membership.role = 1
-        membership.save()
-        assert self.subscriber.groups.contains(self.club.members_group)
-        assert not self.subscriber.groups.contains(self.club.board_group)
-
-    def test_club_owner(self):
-        """Test that a club is owned only by board members of the main club."""
-        anonymous = AnonymousUser()
-        assert not self.club.is_owned_by(anonymous)
-        assert not self.club.is_owned_by(self.subscriber)
-
-        # make sli a board member
-        self.sli.memberships.all().delete()
-        Membership(club=self.ae, user=self.sli, role=3).save()
-        assert self.club.is_owned_by(self.sli)
-
-    def test_change_club_name(self):
-        """Test that changing the club name doesn't break things."""
-        members_group = self.club.members_group
-        board_group = self.club.board_group
-        initial_members = set(members_group.users.values_list("id", flat=True))
-        initial_board = set(board_group.users.values_list("id", flat=True))
-        self.club.name = "something else"
-        self.club.save()
-        self.club.refresh_from_db()
-
-        # The names should have changed, but not the ids nor the group members
-        assert self.club.members_group.name == "something else - Membres"
-        assert self.club.board_group.name == "something else - Bureau"
-        assert self.club.members_group.id == members_group.id
-        assert self.club.board_group.id == board_group.id
-        new_members = set(self.club.members_group.users.values_list("id", flat=True))
-        new_board = set(self.club.board_group.users.values_list("id", flat=True))
-        assert new_members == initial_members
-        assert new_board == initial_board
-
-
-class TestMailingForm(TestCase):
-    """Perform validation tests for MailingForm."""
-
-    @classmethod
-    def setUpTestData(cls):
-        cls.skia = User.objects.get(username="skia")
-        cls.rbatsbak = User.objects.get(username="rbatsbak")
-        cls.krophil = User.objects.get(username="krophil")
-        cls.comunity = User.objects.get(username="comunity")
-        cls.root = User.objects.get(username="root")
-        cls.bdf = Club.objects.get(unix_name=SITH_BAR_MANAGER["unix_name"])
-        cls.mail_url = reverse("club:mailing", kwargs={"club_id": cls.bdf.id})
-
-    def setUp(self):
-        Membership(
-            user=self.rbatsbak,
-            club=self.bdf,
-            start_date=timezone.now(),
-            role=settings.SITH_CLUB_ROLES_ID["Board member"],
-        ).save()
-
-    def test_mailing_list_add_no_moderation(self):
-        # Test with Communication admin
-        self.client.force_login(self.comunity)
-        response = self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "foyer"},
-        )
-        self.assertRedirects(response, self.mail_url)
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "Liste de diffusion foyer@utbm.fr" in response.content.decode()
-
-        # Test with Root
-        self.client.force_login(self.root)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "Liste de diffusion mde@utbm.fr" in response.content.decode()
-
-    def test_mailing_list_add_moderation(self):
-        self.client.force_login(self.rbatsbak)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "Liste de diffusion mde@utbm.fr" not in content
-        assert "<p>Listes de diffusions en attente de modération</p>" in content
-        assert "<li>mde@utbm.fr" in content
-
-    def test_mailing_list_forbidden(self):
-        # With anonymous user
-        response = self.client.get(self.mail_url)
-        self.assertContains(response, "", status_code=403)
-
-        # With user not in club
-        self.client.force_login(self.krophil)
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 403
-
-    def test_add_new_subscription_fail_not_moderated(self):
-        self.client.force_login(self.rbatsbak)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.skia.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "skia@git.an" not in response.content.decode()
-
-    def test_add_new_subscription_success(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        # Add single user
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.skia.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        assert "skia@git.an" in response.content.decode()
-
-        # Add multiple users
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": (self.comunity.id, self.rbatsbak.id),
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-
-        # Add arbitrary email
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_email": "arbitrary@git.an",
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-        assert "arbitrary@git.an" in content
-
-        # Add user and arbitrary email
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_email": "more.arbitrary@git.an",
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-        assert "richard@git.an" in content
-        assert "comunity@git.an" in content
-        assert "skia@git.an" in content
-        assert "arbitrary@git.an" in content
-        assert "more.arbitrary@git.an" in content
-        assert "krophil@git.an" in content
-
-    def test_add_new_subscription_fail_form_errors(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-
-        # Neither email or email is specified
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code
-        self.assertInHTML(
-            _("You must specify at least an user or an email address"),
-            response.content.decode(),
-        )
-
-        # No mailing specified
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-            },
-        )
-        assert response.status_code == 200
-        assert _("This field is required") in response.content.decode()
-
-        # One of the selected users doesn't exist
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": [789],
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("You must specify at least an user or an email address"),
-            response.content.decode(),
-        )
-
-        # An user has no email address
-        self.krophil.email = ""
-        self.krophil.save()
-
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("One of the selected users doesn't have an email address"),
-            response.content.decode(),
-        )
-
-        self.krophil.email = "krophil@git.an"
-        self.krophil.save()
-
-        # An user is added twice
-
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-
-        response = self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": self.krophil.id,
-                "subscription_mailing": Mailing.objects.get(email="mde").id,
-            },
-        )
-        assert response.status_code == 200
-        self.assertInHTML(
-            _("This email is already suscribed in this mailing"),
-            response.content.decode(),
-        )
-
-    def test_remove_subscription_success(self):
-        # Prepare mailing list
-        self.client.force_login(self.comunity)
-        self.client.post(
-            self.mail_url,
-            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
-        )
-        mde = Mailing.objects.get(email="mde")
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
-                "subscription_users": (
-                    self.comunity.id,
-                    self.rbatsbak.id,
-                    self.krophil.id,
-                ),
-                "subscription_mailing": mde.id,
-            },
-        )
-
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" in content
-        assert "richard@git.an" in content
-        assert "krophil@git.an" in content
-
-        # Delete one user
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
-                "removal_%d" % mde.id: mde.subscriptions.get(user=self.krophil).id,
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" in content
-        assert "richard@git.an" in content
-        assert "krophil@git.an" not in content
-
-        # Delete multiple users
-        self.client.post(
-            self.mail_url,
-            {
-                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
-                "removal_%d" % mde.id: [
-                    user.id
-                    for user in mde.subscriptions.filter(
-                        user__in=[self.rbatsbak, self.comunity]
-                    ).all()
-                ],
-            },
-        )
-        response = self.client.get(self.mail_url)
-        assert response.status_code == 200
-        content = response.content.decode()
-
-        assert "comunity@git.an" not in content
-        assert "richard@git.an" not in content
-        assert "krophil@git.an" not in content
-
-
-class TestClubSellingView(TestCase):
-    """Perform basics tests to ensure that the page is available."""
-
-    @classmethod
-    def setUpTestData(cls):
-        cls.ae = Club.objects.get(unix_name="ae")
-        cls.skia = User.objects.get(username="skia")
-
-    def test_page_not_internal_error(self):
-        """Test that the page does not return and internal error."""
-        self.client.force_login(self.skia)
-        response = self.client.get(
-            reverse("club:club_sellings", kwargs={"club_id": self.ae.id})
-        )
-        assert response.status_code == 200

club/tests/base.py

@@ -0,0 +1,63 @@
+from datetime import timedelta
+
+from django.conf import settings
+from django.core.cache import cache
+from django.test import TestCase
+from django.urls import reverse
+from django.utils.timezone import now
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+
+from club.models import Club, Membership
+from core.baker_recipes import old_subscriber_user, subscriber_user
+from core.models import User
+
+
+class TestClub(TestCase):
+    """Set up data for test cases related to clubs and membership.
+
+    The generated dataset is the one created by the populate command,
+    plus the following modifications :
+
+    - `self.club` is a dummy club
+    - `self.club` has two board members :
+       simple_board_member (role 3) and president (role 10)
+    - `self.club` has one regular member : richard
+    - `self.club` has one former member : sli (who had role 2)
+    - None of the `self.club` members are in the AE club.
+    """
+
+    @classmethod
+    def setUpTestData(cls):
+        # subscribed users - initial members
+        cls.president, cls.simple_board_member = subscriber_user.make(_quantity=2)
+        cls.richard = User.objects.get(username="rbatsbak")
+        cls.sli = User.objects.get(username="sli")
+        cls.root = baker.make(User, is_superuser=True)
+        cls.old_subscriber = old_subscriber_user.make()
+        cls.public = baker.make(User)
+
+        # subscribed users - not initial member
+        cls.krophil = User.objects.get(username="krophil")
+        cls.subscriber = subscriber_user.make()
+
+        cls.ae = Club.objects.get(pk=settings.SITH_MAIN_CLUB_ID)
+        cls.club = baker.make(Club)
+        cls.new_members_url = reverse(
+            "club:club_new_members", kwargs={"club_id": cls.club.id}
+        )
+        cls.members_url = reverse("club:club_members", kwargs={"club_id": cls.club.id})
+        a_month_ago = now() - timedelta(days=30)
+        yesterday = now() - timedelta(days=1)
+        membership_recipe = Recipe(Membership, club=cls.club)
+        membership_recipe.make(
+            user=cls.simple_board_member, start_date=a_month_ago, role=3
+        )
+        membership_recipe.make(user=cls.richard, role=1)
+        membership_recipe.make(user=cls.president, start_date=a_month_ago, role=10)
+        membership_recipe.make(  # sli was a member but isn't anymore
+            user=cls.sli, start_date=a_month_ago, end_date=yesterday, role=2
+        )
+
+    def setUp(self):
+        cache.clear()

club/tests/test_club.py

@@ -0,0 +1,27 @@
+from datetime import timedelta
+
+import pytest
+from django.utils.timezone import localdate
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+def test_club_queryset_having_board_member():
+    clubs = baker.make(Club, _quantity=5)
+    user = subscriber_user.make()
+    membership_recipe = Recipe(
+        Membership, user=user, start_date=localdate() - timedelta(days=3)
+    )
+    membership_recipe.make(club=clubs[0], role=1)
+    membership_recipe.make(club=clubs[1], role=3)
+    membership_recipe.make(club=clubs[2], role=7)
+    membership_recipe.make(
+        club=clubs[3], role=3, end_date=localdate() - timedelta(days=1)
+    )
+
+    club_ids = Club.objects.having_board_member(user).values_list("id", flat=True)
+    assert set(club_ids) == {clubs[1].id, clubs[2].id}

club/tests/test_club_controller.py

@@ -0,0 +1,43 @@
+from datetime import date, timedelta
+
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from model_bakery.recipe import Recipe
+from pytest_django.asserts import assertNumQueries
+
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+class TestFetchClub:
+    @pytest.fixture()
+    def club(self):
+        club = baker.make(Club)
+        last_month = date.today() - timedelta(days=30)
+        yesterday = date.today() - timedelta(days=1)
+        membership_recipe = Recipe(Membership, club=club, start_date=last_month)
+        membership_recipe.make(end_date=None, _quantity=10, _bulk_create=True)
+        membership_recipe.make(end_date=yesterday, _quantity=10, _bulk_create=True)
+        return club
+
+    def test_fetch_club_members(self, client: Client, club: Club):
+        user = subscriber_user.make()
+        client.force_login(user)
+        res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
+        assert res.status_code == 200
+        member_ids = {member["user"]["id"] for member in res.json()["members"]}
+        assert member_ids == set(
+            club.members.ongoing().values_list("user_id", flat=True)
+        )
+
+    def test_fetch_club_nb_queries(self, client: Client, club: Club):
+        user = subscriber_user.make()
+        client.force_login(user)
+        with assertNumQueries(6):
+            # - 4 queries for authentication
+            # - 2 queries for the actual data
+            res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
+            assert res.status_code == 200

club/tests/test_edit.py

@@ -0,0 +1,38 @@
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from pytest_django.asserts import assertRedirects
+
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+def test_club_board_member_cannot_edit_club_properties(client: Client):
+    user = subscriber_user.make()
+    club = baker.make(Club, name="old name", is_active=True, address="old address")
+    baker.make(Membership, club=club, user=user, role=7)
+    client.force_login(user)
+    res = client.post(
+        reverse("club:club_edit", kwargs={"club_id": club.id}),
+        {"name": "new name", "is_active": False, "address": "new address"},
+    )
+    # The request should success,
+    # but admin-only fields shouldn't be taken into account
+    assertRedirects(res, club.get_absolute_url())
+    club.refresh_from_db()
+    assert club.name == "old name"
+    assert club.is_active
+    assert club.address == "new address"
+
+
+@pytest.mark.django_db
+def test_edit_club_page_doesnt_crash(client: Client):
+    """crash test for club:club_edit"""
+    club = baker.make(Club)
+    user = subscriber_user.make()
+    baker.make(Membership, club=club, user=user, role=3)
+    client.force_login(user)
+    res = client.get(reverse("club:club_edit", kwargs={"club_id": club.id}))
+    assert res.status_code == 200

club/tests/test_mailing.py

@@ -0,0 +1,327 @@
+from django.conf import settings
+from django.test import TestCase
+from django.urls import reverse
+from django.utils import timezone
+from django.utils.translation import gettext as _
+
+from club.forms import MailingForm
+from club.models import Club, Mailing, Membership
+from core.models import User
+
+
+class TestMailingForm(TestCase):
+    """Perform validation tests for MailingForm."""
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.skia = User.objects.get(username="skia")
+        cls.rbatsbak = User.objects.get(username="rbatsbak")
+        cls.krophil = User.objects.get(username="krophil")
+        cls.comunity = User.objects.get(username="comunity")
+        cls.root = User.objects.get(username="root")
+        cls.club = Club.objects.get(id=settings.SITH_PDF_CLUB_ID)
+        cls.mail_url = reverse("club:mailing", kwargs={"club_id": cls.club.id})
+        Membership(
+            user=cls.rbatsbak,
+            club=cls.club,
+            start_date=timezone.now(),
+            role=settings.SITH_CLUB_ROLES_ID["Board member"],
+        ).save()
+
+    def test_mailing_list_add_no_moderation(self):
+        # Test with Communication admin
+        self.client.force_login(self.comunity)
+        response = self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "foyer"},
+        )
+        self.assertRedirects(response, self.mail_url)
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "Liste de diffusion foyer@utbm.fr" in response.text
+
+        # Test with Root
+        self.client.force_login(self.root)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "Liste de diffusion mde@utbm.fr" in response.text
+
+    def test_mailing_list_add_moderation(self):
+        self.client.force_login(self.rbatsbak)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "Liste de diffusion mde@utbm.fr" not in content
+        assert "<p>Listes de diffusions en attente de modération</p>" in content
+        assert "<li>mde@utbm.fr" in content
+
+    def test_mailing_list_forbidden(self):
+        # With anonymous user
+        response = self.client.get(self.mail_url)
+        self.assertContains(response, "", status_code=403)
+
+        # With user not in club
+        self.client.force_login(self.krophil)
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 403
+
+    def test_add_new_subscription_fail_not_moderated(self):
+        self.client.force_login(self.rbatsbak)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.skia.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "skia@git.an" not in response.text
+
+    def test_add_new_subscription_success(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        # Add single user
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.skia.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        assert "skia@git.an" in response.text
+
+        # Add multiple users
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": (self.comunity.id, self.rbatsbak.id),
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+
+        # Add arbitrary email
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_email": "arbitrary@git.an",
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+        assert "arbitrary@git.an" in content
+
+        # Add user and arbitrary email
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_email": "more.arbitrary@git.an",
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+        assert "richard@git.an" in content
+        assert "comunity@git.an" in content
+        assert "skia@git.an" in content
+        assert "arbitrary@git.an" in content
+        assert "more.arbitrary@git.an" in content
+        assert "krophil@git.an" in content
+
+    def test_add_new_subscription_fail_form_errors(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+
+        # Neither email or email is specified
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code
+        self.assertInHTML(
+            _("You must specify at least an user or an email address"),
+            response.text,
+        )
+
+        # No mailing specified
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+            },
+        )
+        assert response.status_code == 200
+        assert _("This field is required") in response.text
+
+        # One of the selected users doesn't exist
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": [789],
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("You must specify at least an user or an email address"),
+            response.text,
+        )
+
+        # An user has no email address
+        self.krophil.email = ""
+        self.krophil.save()
+
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("One of the selected users doesn't have an email address"),
+            response.text,
+        )
+
+        self.krophil.email = "krophil@git.an"
+        self.krophil.save()
+
+        # An user is added twice
+
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+
+        response = self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": self.krophil.id,
+                "subscription_mailing": Mailing.objects.get(email="mde").id,
+            },
+        )
+        assert response.status_code == 200
+        self.assertInHTML(
+            _("This email is already suscribed in this mailing"),
+            response.text,
+        )
+
+    def test_remove_subscription_success(self):
+        # Prepare mailing list
+        self.client.force_login(self.comunity)
+        self.client.post(
+            self.mail_url,
+            {"action": MailingForm.ACTION_NEW_MAILING, "mailing_email": "mde"},
+        )
+        mde = Mailing.objects.get(email="mde")
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_NEW_SUBSCRIPTION,
+                "subscription_users": (
+                    self.comunity.id,
+                    self.rbatsbak.id,
+                    self.krophil.id,
+                ),
+                "subscription_mailing": mde.id,
+            },
+        )
+
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" in content
+        assert "richard@git.an" in content
+        assert "krophil@git.an" in content
+
+        # Delete one user
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
+                "removal_%d" % mde.id: mde.subscriptions.get(user=self.krophil).id,
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" in content
+        assert "richard@git.an" in content
+        assert "krophil@git.an" not in content
+
+        # Delete multiple users
+        self.client.post(
+            self.mail_url,
+            {
+                "action": MailingForm.ACTION_REMOVE_SUBSCRIPTION,
+                "removal_%d" % mde.id: [
+                    user.id
+                    for user in mde.subscriptions.filter(
+                        user__in=[self.rbatsbak, self.comunity]
+                    ).all()
+                ],
+            },
+        )
+        response = self.client.get(self.mail_url)
+        assert response.status_code == 200
+        content = response.text
+
+        assert "comunity@git.an" not in content
+        assert "richard@git.an" not in content
+        assert "krophil@git.an" not in content

club/tests/test_membership.py

@@ -0,0 +1,614 @@
+from collections.abc import Callable
+from datetime import timedelta
+
+import pytest
+from bs4 import BeautifulSoup
+from django.conf import settings
+from django.contrib.auth.models import Permission
+from django.core.cache import cache
+from django.db.models import Max
+from django.test import TestCase
+from django.urls import reverse
+from django.utils.timezone import localdate, localtime, now
+from model_bakery import baker
+from pytest_django.asserts import assertRedirects
+
+from club.forms import ClubAddMemberForm, JoinClubForm
+from club.models import Club, Membership
+from club.tests.base import TestClub
+from core.baker_recipes import subscriber_user
+from core.models import AnonymousUser, User
+
+
+class TestMembershipQuerySet(TestClub):
+    def test_ongoing(self):
+        """Test that the ongoing queryset method returns the memberships that
+        are not ended.
+        """
+        current_members = list(self.club.members.ongoing().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+            self.richard.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert current_members == expected
+
+    def test_ongoing_with_membership_ending_today(self):
+        """Test that a membership ending the present day is considered as ended."""
+        today = localdate()
+        self.richard.memberships.filter(club=self.club).update(end_date=today)
+        current_members = list(self.club.members.ongoing().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert current_members == expected
+
+    def test_board(self):
+        """Test that the board queryset method returns the memberships
+        of user in the club board.
+        """
+        board_members = list(self.club.members.board().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+            # sli is no more member, but he was in the board
+            self.sli.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert board_members == expected
+
+    def test_ongoing_board(self):
+        """Test that combining ongoing and board returns users
+        who are currently board members of the club.
+        """
+        members = list(self.club.members.ongoing().board().order_by("id"))
+        expected = [
+            self.simple_board_member.memberships.get(club=self.club),
+            self.president.memberships.get(club=self.club),
+        ]
+        expected.sort(key=lambda i: i.id)
+        assert members == expected
+
+    def test_update_invalidate_cache(self):
+        """Test that the `update` queryset method properly invalidate cache."""
+        mem_skia = self.simple_board_member.memberships.get(club=self.club)
+        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
+        self.simple_board_member.memberships.update(end_date=localtime(now()).date())
+        assert (
+            cache.get(f"membership_{mem_skia.club_id}_{mem_skia.user_id}")
+            == "not_member"
+        )
+
+        mem_richard = self.richard.memberships.get(club=self.club)
+        cache.set(
+            f"membership_{mem_richard.club_id}_{mem_richard.user_id}", mem_richard
+        )
+        self.richard.memberships.update(role=5)
+        new_mem = self.richard.memberships.get(club=self.club)
+        assert new_mem != "not_member"
+        assert new_mem.role == 5
+
+    def test_update_change_club_groups(self):
+        """Test that `update` set the user groups accordingly."""
+        user = baker.make(User)
+        membership = baker.make(Membership, end_date=None, user=user, role=5)
+        members_group = membership.club.members_group
+        board_group = membership.club.board_group
+        assert user.groups.contains(members_group)
+        assert user.groups.contains(board_group)
+
+        user.memberships.update(role=1)  # from board to simple member
+        assert user.groups.contains(members_group)
+        assert not user.groups.contains(board_group)
+
+        user.memberships.update(role=5)  # from member to board
+        assert user.groups.contains(members_group)
+        assert user.groups.contains(board_group)
+
+        user.memberships.update(end_date=localdate())  # end the membership
+        assert not user.groups.contains(members_group)
+        assert not user.groups.contains(board_group)
+
+    def test_delete_invalidate_cache(self):
+        """Test that the `delete` queryset properly invalidate cache."""
+        mem_skia = self.simple_board_member.memberships.get(club=self.club)
+        mem_comptable = self.president.memberships.get(club=self.club)
+        cache.set(f"membership_{mem_skia.club_id}_{mem_skia.user_id}", mem_skia)
+        cache.set(
+            f"membership_{mem_comptable.club_id}_{mem_comptable.user_id}", mem_comptable
+        )
+
+        # should delete the subscriptions of simple_board_member and president
+        self.club.members.ongoing().board().delete()
+
+        for membership in (mem_skia, mem_comptable):
+            cached_mem = cache.get(
+                f"membership_{membership.club_id}_{membership.user_id}"
+            )
+            assert cached_mem == "not_member"
+
+    def test_delete_remove_from_groups(self):
+        """Test that `delete` removes from club groups"""
+        user = baker.make(User)
+        memberships = baker.make(Membership, role=iter([1, 5]), user=user, _quantity=2)
+        club_groups = {
+            memberships[0].club.members_group,
+            memberships[1].club.members_group,
+            memberships[1].club.board_group,
+        }
+        assert set(user.groups.all()).issuperset(club_groups)
+        user.memberships.all().delete()
+        assert set(user.groups.all()).isdisjoint(club_groups)
+
+
+class TestMembershipEditableBy(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        Membership.objects.all().delete()
+        cls.club_a, cls.club_b = baker.make(Club, _quantity=2)
+        cls.memberships = [
+            *baker.make(
+                Membership, role=iter([7, 3, 3, 1]), club=cls.club_a, _quantity=4
+            ),
+            *baker.make(
+                Membership, role=iter([7, 3, 3, 1]), club=cls.club_b, _quantity=4
+            ),
+        ]
+
+    def test_admin_user(self):
+        perm = Permission.objects.get(codename="change_membership")
+        user = baker.make(User, user_permissions=[perm])
+        qs = Membership.objects.editable_by(user).values_list("id", flat=True)
+        assert set(qs) == set(Membership.objects.values_list("id", flat=True))
+
+    def test_simple_subscriber_user(self):
+        user = subscriber_user.make()
+        assert not Membership.objects.editable_by(user).exists()
+
+    def test_board_member(self):
+        # a board member can end lower memberships and its own one
+        user = self.memberships[2].user
+        qs = Membership.objects.editable_by(user).values_list("id", flat=True)
+        expected = {self.memberships[2].id, self.memberships[3].id}
+        assert set(qs) == expected
+
+
+class TestMembership(TestClub):
+    def assert_membership_started_today(self, user: User, role: int):
+        """Assert that the given membership is active and started today."""
+        membership = user.memberships.ongoing().filter(club=self.club).first()
+        assert membership is not None
+        assert localtime(now()).date() == membership.start_date
+        assert membership.end_date is None
+        assert membership.role == role
+        assert membership.club.get_membership_for(user) == membership
+        assert user.is_in_group(pk=self.club.members_group_id)
+        assert user.is_in_group(pk=self.club.board_group_id)
+
+    def assert_membership_ended_today(self, user: User):
+        """Assert that the given user have a membership which ended today."""
+        today = localdate()
+        assert user.memberships.filter(club=self.club, end_date=today).exists()
+        assert self.club.get_membership_for(user) is None
+
+    def test_access_unauthorized(self):
+        """Test that users who never subscribed and anonymous users
+        cannot see the page.
+        """
+        response = self.client.post(self.members_url)
+        assertRedirects(
+            response, reverse("core:login", query={"next": self.members_url})
+        )
+
+        self.client.force_login(self.public)
+        response = self.client.post(self.members_url)
+        assert response.status_code == 403
+
+    def test_display(self):
+        """Test that a GET request return a page where the requested
+        information are displayed.
+        """
+        self.client.force_login(self.simple_board_member)
+        response = self.client.get(
+            reverse("club:club_members", kwargs={"club_id": self.club.id})
+        )
+        assert response.status_code == 200
+        soup = BeautifulSoup(response.text, "lxml")
+        table = soup.find("table", id="club_members_table")
+        assert [r.text for r in table.find("thead").find_all("td")] == [
+            "Utilisateur",
+            "Rôle",
+            "Description",
+            "Depuis",
+            "Marquer comme ancien",
+        ]
+        rows = table.find("tbody").find_all("tr")
+        memberships = self.club.members.ongoing().order_by("-role")
+        for row, membership in zip(
+            rows, memberships.select_related("user"), strict=False
+        ):
+            user = membership.user
+            user_url = reverse("core:user_profile", args=[user.id])
+            cols = row.find_all("td")
+            user_link = cols[0].find("a")
+            assert user_link.attrs["href"] == user_url
+            assert user_link.text == user.get_display_name()
+            assert cols[1].text == settings.SITH_CLUB_ROLES[membership.role]
+            assert cols[2].text == membership.description
+            assert cols[3].text == str(membership.start_date)
+
+            if membership.role < 3 or membership.user_id == self.simple_board_member.id:
+                # 3 is the role of simple_board_member
+                form_input = cols[4].find("input")
+                expected_attrs = {
+                    "type": "checkbox",
+                    "name": "members_old",
+                    "value": str(membership.id),
+                }
+                assert form_input.attrs.items() >= expected_attrs.items()
+            else:
+                assert cols[4].find_all() == []
+
+    def test_root_add_one_club_member(self):
+        """Test that root users can add members to clubs"""
+        self.client.force_login(self.root)
+        response = self.client.post(
+            self.new_members_url, {"user": self.subscriber.id, "role": 3}
+        )
+        assert response.status_code == 200
+        assert response.headers.get("HX-Redirect", "") == reverse(
+            "club:club_members", kwargs={"club_id": self.club.id}
+        )
+        self.subscriber.refresh_from_db()
+        self.assert_membership_started_today(self.subscriber, role=3)
+
+    def test_add_unauthorized_members(self):
+        """Test that users who are not currently subscribed
+        cannot be members of clubs.
+        """
+        for user in self.public, self.old_subscriber:
+            form = ClubAddMemberForm(
+                data={"user": user.id, "role": 1},
+                request_user=self.root,
+                club=self.club,
+            )
+
+            assert not form.is_valid()
+            assert form.errors == {
+                "user": ["L'utilisateur doit être cotisant pour faire partie d'un club"]
+            }
+
+    def test_add_members_already_members(self):
+        """Test that users who are already members of a club
+        cannot be added again to this club.
+        """
+        self.client.force_login(self.root)
+        current_membership = self.simple_board_member.memberships.ongoing().get(
+            club=self.club
+        )
+        nb_memberships = self.simple_board_member.memberships.count()
+        self.client.post(
+            self.members_url,
+            {"users": self.simple_board_member.id, "role": current_membership.role + 1},
+        )
+        self.simple_board_member.refresh_from_db()
+        assert nb_memberships == self.simple_board_member.memberships.count()
+        new_membership = self.simple_board_member.memberships.ongoing().get(
+            club=self.club
+        )
+        assert current_membership == new_membership
+        assert self.club.get_membership_for(self.simple_board_member) == new_membership
+
+    def test_add_not_existing_users(self):
+        """Test that not existing users cannot be added in clubs.
+        If one user in the request is invalid, no membership creation at all
+        can take place.
+        """
+        nb_memberships = self.club.members.count()
+        max_id = User.objects.aggregate(id=Max("id"))["id"]
+        for members in [max_id + 1], [max_id + 1, self.subscriber.id]:
+            form = ClubAddMemberForm(
+                data={"user": members, "role": 1},
+                request_user=self.root,
+                club=self.club,
+            )
+            assert not form.is_valid()
+            assert form.errors == {
+                "user": [
+                    "Sélectionnez un choix valide. "
+                    "Ce choix ne fait pas partie de ceux disponibles."
+                ]
+            }
+        self.club.refresh_from_db()
+        assert self.club.members.count() == nb_memberships
+
+    def test_president_add_members(self):
+        """Test that the president of the club can add members."""
+        president = self.club.members.get(role=10).user
+        nb_club_membership = self.club.members.count()
+        nb_subscriber_memberships = self.subscriber.memberships.count()
+        self.client.force_login(president)
+        response = self.client.post(
+            self.new_members_url, {"user": self.subscriber.id, "role": 9}
+        )
+        assert response.status_code == 200
+        assert response.headers.get("HX-Redirect", "") == reverse(
+            "club:club_members", kwargs={"club_id": self.club.id}
+        )
+        self.club.refresh_from_db()
+        self.subscriber.refresh_from_db()
+        assert self.club.members.count() == nb_club_membership + 1
+        assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
+        self.assert_membership_started_today(self.subscriber, role=9)
+
+    def test_add_member_greater_role(self):
+        """Test that a member of the club member cannot create
+        a membership with a greater role than its own.
+        """
+        form = ClubAddMemberForm(
+            data={"user": self.subscriber.id, "role": 10},
+            request_user=self.simple_board_member,
+            club=self.club,
+        )
+        nb_memberships = self.club.members.count()
+
+        assert not form.is_valid()
+        assert form.errors == {
+            "role": ["Sélectionnez un choix valide. 10 n\u2019en fait pas partie."]
+        }
+        self.club.refresh_from_db()
+        assert nb_memberships == self.club.members.count()
+        assert not self.subscriber.memberships.filter(club=self.club).exists()
+
+    def test_add_member_without_role(self):
+        """Test that trying to add members without specifying their role fails."""
+        form = ClubAddMemberForm(
+            data={"user": self.subscriber.id}, request_user=self.root, club=self.club
+        )
+
+        assert not form.is_valid()
+        assert form.errors == {"role": ["Ce champ est obligatoire."]}
+
+    def test_add_member_already_there(self):
+        form = ClubAddMemberForm(
+            data={"user": self.simple_board_member, "role": 3},
+            request_user=self.root,
+            club=self.club,
+        )
+        assert not form.is_valid()
+        assert form.errors == {
+            "user": ["Vous ne pouvez pas ajouter deux fois le même utilisateur"]
+        }
+
+    def test_add_other_member_forbidden(self):
+        non_member = subscriber_user.make()
+        simple_member = baker.make(Membership, club=self.club, role=1).user
+        for user in non_member, simple_member:
+            form = ClubAddMemberForm(
+                data={"user": subscriber_user.make(), "role": 1},
+                request_user=user,
+                club=self.club,
+            )
+            assert not form.is_valid()
+            assert form.errors == {
+                "role": ["Sélectionnez un choix valide. 1 n\u2019en fait pas partie."]
+            }
+
+    def test_simple_members_dont_see_form_anymore(self):
+        """Test that simple club members don't see the form to add members"""
+        user = subscriber_user.make()
+        baker.make(Membership, club=self.club, user=user, role=1)
+        self.client.force_login(user)
+        res = self.client.get(self.members_url)
+        assert res.status_code == 200
+        soup = BeautifulSoup(res.text, "lxml")
+        assert not soup.find(id="add_club_members_form")
+
+    def test_end_membership_self(self):
+        """Test that a member can end its own membership."""
+        self.client.force_login(self.simple_board_member)
+        membership = self.club.members.get(end_date=None, user=self.simple_board_member)
+        self.client.post(self.members_url, {"members_old": [membership.id]})
+        self.simple_board_member.refresh_from_db()
+        self.assert_membership_ended_today(self.simple_board_member)
+
+    def test_end_membership_lower_role(self):
+        """Test that board members of the club can end memberships
+        of users with lower roles.
+        """
+        # reminder : simple_board_member has role 3
+        self.client.force_login(self.simple_board_member)
+        membership = baker.make(Membership, club=self.club, role=2, end_date=None)
+        response = self.client.post(self.members_url, {"members_old": [membership.id]})
+        self.assertRedirects(response, self.members_url)
+        self.club.refresh_from_db()
+        self.assert_membership_ended_today(membership.user)
+
+    def test_end_membership_higher_role(self):
+        """Test that board members of the club cannot end memberships
+        of users with higher roles.
+        """
+        membership = self.president.memberships.filter(club=self.club).first()
+        self.client.force_login(self.simple_board_member)
+        self.client.post(self.members_url, {"members_old": [membership.id]})
+        self.club.refresh_from_db()
+        new_membership = self.club.get_membership_for(self.president)
+        assert new_membership is not None
+        assert new_membership == membership
+
+        membership.refresh_from_db()
+        assert membership.end_date is None
+
+    def test_end_membership_with_permission(self):
+        """Test that users with permission can end any membership."""
+        # make subscriber a board member
+        nb_memberships = self.club.members.ongoing().count()
+        self.client.force_login(
+            subscriber_user.make(
+                user_permissions=[Permission.objects.get(codename="change_membership")]
+            )
+        )
+        president_membership = self.club.president
+        response = self.client.post(
+            self.members_url, {"members_old": [president_membership.id]}
+        )
+        self.assertRedirects(response, self.members_url)
+        self.assert_membership_ended_today(president_membership.user)
+        assert self.club.members.ongoing().count() == nb_memberships - 1
+
+    def test_end_membership_as_foreigner(self):
+        """Test that users who are not in this club cannot end its memberships."""
+        nb_memberships = self.club.members.count()
+        membership = self.richard.memberships.filter(club=self.club).first()
+        self.client.force_login(self.subscriber)
+        self.client.post(self.members_url, {"members_old": [self.richard.id]})
+        # nothing should have changed
+        membership.refresh_from_db()
+        assert self.club.members.count() == nb_memberships
+        assert membership.end_date is None
+
+    def test_remove_from_club_group(self):
+        """Test that when a membership ends, the user is removed from club groups."""
+        user = baker.make(User)
+        baker.make(Membership, user=user, club=self.club, end_date=None, role=3)
+        assert user.groups.contains(self.club.members_group)
+        assert user.groups.contains(self.club.board_group)
+        user.memberships.update(end_date=localdate())
+        assert not user.groups.contains(self.club.members_group)
+        assert not user.groups.contains(self.club.board_group)
+
+    def test_add_to_club_group(self):
+        """Test that when a membership begins, the user is added to the club group."""
+        assert not self.subscriber.groups.contains(self.club.members_group)
+        assert not self.subscriber.groups.contains(self.club.board_group)
+        baker.make(Membership, club=self.club, user=self.subscriber, role=3)
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert self.subscriber.groups.contains(self.club.board_group)
+
+    def test_change_position_in_club(self):
+        """Test that when moving from board to members, club group change"""
+        membership = baker.make(
+            Membership, club=self.club, user=self.subscriber, role=3
+        )
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert self.subscriber.groups.contains(self.club.board_group)
+        membership.role = 1
+        membership.save()
+        assert self.subscriber.groups.contains(self.club.members_group)
+        assert not self.subscriber.groups.contains(self.club.board_group)
+
+    def test_club_owner(self):
+        """Test that a club is owned only by board members of the main club."""
+        anonymous = AnonymousUser()
+        assert not self.club.is_owned_by(anonymous)
+        assert not self.club.is_owned_by(self.subscriber)
+
+        # make sli a board member
+        self.sli.memberships.all().delete()
+        Membership(club=self.ae, user=self.sli, role=3).save()
+        assert self.club.is_owned_by(self.sli)
+
+    def test_change_club_name(self):
+        """Test that changing the club name doesn't break things."""
+        members_group = self.club.members_group
+        board_group = self.club.board_group
+        initial_members = set(members_group.users.values_list("id", flat=True))
+        initial_board = set(board_group.users.values_list("id", flat=True))
+        self.club.name = "something else"
+        self.club.save()
+        self.club.refresh_from_db()
+
+        # The names should have changed, but not the ids nor the group members
+        assert self.club.members_group.name == "something else - Membres"
+        assert self.club.board_group.name == "something else - Bureau"
+        assert self.club.members_group.id == members_group.id
+        assert self.club.board_group.id == board_group.id
+        new_members = set(self.club.members_group.users.values_list("id", flat=True))
+        new_board = set(self.club.board_group.users.values_list("id", flat=True))
+        assert new_members == initial_members
+        assert new_board == initial_board
+
+
+@pytest.mark.django_db
+class TestJoinClub:
+    @pytest.fixture(autouse=True)
+    def clear_cache(self):
+        cache.clear()
+
+    @pytest.mark.parametrize(
+        ("user_factory", "role", "errors"),
+        [
+            (
+                subscriber_user.make,
+                2,
+                {
+                    "role": [
+                        "Sélectionnez un choix valide. 2 n\u2019en fait pas partie."
+                    ]
+                },
+            ),
+            (
+                lambda: baker.make(User),
+                1,
+                {"__all__": ["Vous devez être cotisant pour faire partie d'un club"]},
+            ),
+        ],
+    )
+    def test_join_club_errors(
+        self, user_factory: Callable[[], User], role: int, errors: dict
+    ):
+        club = baker.make(Club)
+        user = user_factory()
+        form = JoinClubForm(club=club, request_user=user, data={"role": role})
+        assert not form.is_valid()
+        assert form.errors == errors
+
+    def test_user_already_in_club(self):
+        club = baker.make(Club)
+        user = subscriber_user.make()
+        baker.make(Membership, user=user, club=club)
+        form = JoinClubForm(club=club, request_user=user, data={"role": 1})
+        assert not form.is_valid()
+        assert form.errors == {"__all__": ["Vous êtes déjà membre de ce club."]}
+
+    def test_ok(self):
+        club = baker.make(Club)
+        user = subscriber_user.make()
+        form = JoinClubForm(club=club, request_user=user, data={"role": 1})
+        assert form.is_valid()
+        form.save()
+        assert Membership.objects.ongoing().filter(user=user, club=club).exists()
+
+
+class TestOldMembersView(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        club = baker.make(Club)
+        roles = [1, 1, 1, 2, 2, 4, 4, 5, 7, 9, 10]
+        cls.memberships = baker.make(
+            Membership,
+            role=iter(roles),
+            club=club,
+            start_date=now() - timedelta(days=14),
+            end_date=now() - timedelta(days=7),
+            _quantity=len(roles),
+            _bulk_create=True,
+        )
+        cls.url = reverse("club:club_old_members", kwargs={"club_id": club.id})
+
+    def test_ok(self):
+        user = subscriber_user.make()
+        self.client.force_login(user)
+        res = self.client.get(self.url)
+        assert res.status_code == 200
+
+    def test_access_forbidden(self):
+        res = self.client.get(self.url)
+        assertRedirects(res, reverse("core:login", query={"next": self.url}))
+
+        self.client.force_login(baker.make(User))
+        res = self.client.get(self.url)
+        assert res.status_code == 403

club/tests/test_page.py

@@ -0,0 +1,39 @@
+import pytest
+from bs4 import BeautifulSoup
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+from pytest_django.asserts import assertHTMLEqual
+
+from club.models import Club
+from core.markdown import markdown
+from core.models import PageRev, User
+
+
+@pytest.mark.django_db
+def test_page_display_on_club_main_page(client: Client):
+    """Test the club Page is properly displayed on the club main view"""
+    club = baker.make(Club)
+    content = "# foo\nLorem ipsum dolor sit amet"
+    baker.make(PageRev, page=club.page, revision=1, content=content)
+    client.force_login(baker.make(User))
+    res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
+
+    assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(id="club_detail").find(class_="markdown")
+    assertHTMLEqual(detail_html.decode_contents(), markdown(content))
+
+
+@pytest.mark.django_db
+def test_club_main_page_without_content(client: Client):
+    """Test the club view works, even if the club page is empty"""
+    club = baker.make(Club)
+    club.page.revisions.all().delete()
+    client.force_login(baker.make(User))
+    res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
+
+    assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(id="club_detail")
+    assert detail_html.find_all("markdown") == []

club/tests/test_posters.py

@@ -0,0 +1,35 @@
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+
+from club.models import Club
+from com.models import Poster
+from core.baker_recipes import subscriber_user
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize("route_url", ["club:poster_list", "club:poster_create"])
+def test_access(client: Client, route_url):
+    club = baker.make(Club)
+    user = subscriber_user.make()
+    url = reverse(route_url, kwargs={"club_id": club.id})
+
+    client.force_login(user)
+    assert client.get(url).status_code == 403
+    club.board_group.users.add(user)
+    assert client.get(url).status_code == 200
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize("route_url", ["club:poster_edit", "club:poster_delete"])
+def test_access_specific_poster(client: Client, route_url):
+    club = baker.make(Club)
+    user = subscriber_user.make()
+    poster = baker.make(Poster)
+    url = reverse(route_url, kwargs={"club_id": club.id, "poster_id": poster.id})
+
+    client.force_login(user)
+    assert client.get(url).status_code == 403
+    club.board_group.users.add(user)
+    assert client.get(url).status_code == 200

club/tests/test_sales.py

@@ -0,0 +1,38 @@
+import pytest
+from django.test import Client
+from django.urls import reverse
+from model_bakery import baker
+
+from club.forms import SellingsForm
+from club.models import Club
+from core.models import User
+from counter.baker_recipes import product_recipe, sale_recipe
+from counter.models import Counter, Customer
+
+
+@pytest.mark.django_db
+def test_sales_page_doesnt_crash(client: Client):
+    club = baker.make(Club)
+    admin = baker.make(User, is_superuser=True)
+    client.force_login(admin)
+    response = client.get(reverse("club:club_sellings", kwargs={"club_id": club.id}))
+    assert response.status_code == 200
+
+
+@pytest.mark.django_db
+def test_sales_form_counter_filter():
+    """Test that counters are properly filtered in SellingsForm"""
+    club = baker.make(Club)
+    counters = baker.make(
+        Counter, _quantity=5, _bulk_create=True, name=iter(["Z", "a", "B", "e", "f"])
+    )
+    counters[0].club = club
+    counters[0].save()
+    sale_recipe.make(
+        counter=counters[1], club=club, unit_price=0, customer=baker.make(Customer)
+    )
+    product_recipe.make(counters=[counters[2]], club=club)
+
+    form = SellingsForm(club)
+    form_counters = list(form.fields["counters"].queryset)
+    assert form_counters == [counters[1], counters[2], counters[0]]

club/urls.py

@@ -25,8 +25,8 @@
 from django.urls import path
 
 from club.views import (
+    ClubAddMembersFragment,
     ClubCreateView,
-    ClubEditPropView,
     ClubEditView,
     ClubListView,
     ClubMailingView,
@@ -37,7 +37,6 @@ from club.views import (
     ClubRevView,
     ClubSellingCSVView,
     ClubSellingView,
-    ClubStatView,
     ClubToolsView,
     ClubView,
     MailingAutoGenerationView,
@@ -54,7 +53,6 @@ from club.views import (
 urlpatterns = [
     path("", ClubListView.as_view(), name="club_list"),
     path("new/", ClubCreateView.as_view(), name="club_new"),
-    path("stats/", ClubStatView.as_view(), name="club_stats"),
     path("<int:club_id>/", ClubView.as_view(), name="club_view"),
     path(
         "<int:club_id>/rev/<int:rev_id>/", ClubRevView.as_view(), name="club_view_rev"
@@ -63,6 +61,11 @@ urlpatterns = [
     path("<int:club_id>/edit/", ClubEditView.as_view(), name="club_edit"),
     path("<int:club_id>/edit/page/", ClubPageEditView.as_view(), name="club_edit_page"),
     path("<int:club_id>/members/", ClubMembersView.as_view(), name="club_members"),
+    path(
+        "fragment/<int:club_id>/members/",
+        ClubAddMembersFragment.as_view(),
+        name="club_new_members",
+    ),
     path(
         "<int:club_id>/elderlies/",
         ClubOldMembersView.as_view(),
@@ -72,7 +75,6 @@ urlpatterns = [
     path(
         "<int:club_id>/sellings/csv/", ClubSellingCSVView.as_view(), name="sellings_csv"
     ),
-    path("<int:club_id>/prop/", ClubEditPropView.as_view(), name="club_prop"),
     path("<int:club_id>/tools/", ClubToolsView.as_view(), name="tools"),
     path("<int:club_id>/mailing/", ClubMailingView.as_view(), name="mailing"),
     path(

club/views.py

@@ -23,51 +23,57 @@
 #
 
 import csv
+from typing import Any
 
 from django.conf import settings
+from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
 from django.core.paginator import InvalidPage, Paginator
-from django.db.models import Sum
-from django.http import (
-    Http404,
-    HttpResponseRedirect,
-    StreamingHttpResponse,
-)
+from django.db.models import Q, Sum
+from django.http import Http404, HttpResponseRedirect, StreamingHttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
+from django.utils.safestring import SafeString
+from django.utils.timezone import now
 from django.utils.translation import gettext as _t
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import DetailView, ListView, TemplateView, View
+from django.views.generic import DetailView, ListView, View
 from django.views.generic.edit import CreateView, DeleteView, UpdateView
 
-from club.forms import ClubEditForm, ClubMemberForm, MailingForm, SellingsForm
+from club.forms import (
+    ClubAddMemberForm,
+    ClubAdminEditForm,
+    ClubEditForm,
+    ClubOldMemberForm,
+    JoinClubForm,
+    MailingForm,
+    SellingsForm,
+)
 from club.models import Club, Mailing, MailingSubscription, Membership
+from com.models import Poster
 from com.views import (
     PosterCreateBaseView,
     PosterDeleteBaseView,
     PosterEditBaseView,
     PosterListBaseView,
 )
+from core.auth.mixins import CanEditMixin
 from core.models import PageRev
-from core.views import (
-    CanCreateMixin,
-    CanEditMixin,
-    CanEditPropMixin,
-    CanViewMixin,
-    DetailFormView,
-    PageEditViewBase,
-    TabedViewMixin,
-    UserIsRootMixin,
-)
+from core.views import DetailFormView, PageEditViewBase, UseFragmentsMixin
+from core.views.mixins import FragmentMixin, FragmentRenderer, TabedViewMixin
 from counter.models import Selling
 
 
 class ClubTabsMixin(TabedViewMixin):
     def get_tabs_title(self):
-        obj = self.get_object()
-        if isinstance(obj, PageRev):
-            self.object = obj.page.club
+        if not hasattr(self, "object") or not self.object:
+            self.object = self.get_object()
+        if isinstance(self.object, PageRev):
+            self.object = self.object.page.club
+        elif isinstance(self.object, Poster):
+            self.object = self.object.club
         return self.object.get_display_name()
 
     def get_list_of_tabs(self):
@@ -78,51 +84,53 @@ class ClubTabsMixin(TabedViewMixin):
                 "name": _("Infos"),
             }
         ]
-        if self.request.user.can_view(self.object):
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_members", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "members",
-                    "name": _("Members"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_old_members", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "elderlies",
-                    "name": _("Old members"),
-                }
-            )
-        if self.object.page:
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_hist", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "history",
-                    "name": _("History"),
-                }
+        if self.request.user.has_perm("club.view_club"):
+            tab_list.extend(
+                [
+                    {
+                        "url": reverse(
+                            "club:club_members", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "members",
+                        "name": _("Members"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:club_old_members", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "elderlies",
+                        "name": _("Old members"),
+                    },
+                ]
             )
+            if self.object.page:
+                tab_list.append(
+                    {
+                        "url": reverse(
+                            "club:club_hist", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "history",
+                        "name": _("History"),
+                    }
+                )
         if self.request.user.can_edit(self.object):
-            tab_list.append(
-                {
-                    "url": reverse("club:tools", kwargs={"club_id": self.object.id}),
-                    "slug": "tools",
-                    "name": _("Tools"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_edit", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "edit",
-                    "name": _("Edit"),
-                }
+            tab_list.extend(
+                [
+                    {
+                        "url": reverse(
+                            "club:tools", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "tools",
+                        "name": _("Tools"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:club_edit", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "edit",
+                        "name": _("Edit"),
+                    },
+                ]
             )
             if self.object.page and self.request.user.can_edit(self.object.page):
                 tab_list.append(
@@ -135,40 +143,30 @@ class ClubTabsMixin(TabedViewMixin):
                         "name": _("Edit club page"),
                     }
                 )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_sellings", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "sellings",
-                    "name": _("Sellings"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse("club:mailing", kwargs={"club_id": self.object.id}),
-                    "slug": "mailing",
-                    "name": _("Mailing list"),
-                }
-            )
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:poster_list", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "posters",
-                    "name": _("Posters list"),
-                }
-            )
-        if self.request.user.is_owner(self.object):
-            tab_list.append(
-                {
-                    "url": reverse(
-                        "club:club_prop", kwargs={"club_id": self.object.id}
-                    ),
-                    "slug": "props",
-                    "name": _("Props"),
-                }
+            tab_list.extend(
+                [
+                    {
+                        "url": reverse(
+                            "club:club_sellings", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "sellings",
+                        "name": _("Sellings"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:mailing", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "mailing",
+                        "name": _("Mailing list"),
+                    },
+                    {
+                        "url": reverse(
+                            "club:poster_list", kwargs={"club_id": self.object.id}
+                        ),
+                        "slug": "posters",
+                        "name": _("Posters"),
+                    },
+                ]
             )
         return tab_list
 
@@ -178,6 +176,10 @@ class ClubListView(ListView):
 
     model = Club
     template_name = "club/club_list.jinja"
+    queryset = (
+        Club.objects.filter(parent=None).order_by("name").prefetch_related("children")
+    )
+    context_object_name = "club_list"
 
 
 class ClubView(ClubTabsMixin, DetailView):
@@ -190,8 +192,12 @@ class ClubView(ClubTabsMixin, DetailView):
 
     def get_context_data(self, **kwargs):
         kwargs = super().get_context_data(**kwargs)
-        if self.object.page and self.object.page.revisions.exists():
-            kwargs["page_revision"] = self.object.page.revisions.last().content
+        kwargs["page_revision"] = (
+            PageRev.objects.filter(page_id=self.object.page_id)
+            .order_by("-date")
+            .values_list("content", flat=True)
+            .first()
+        )
         return kwargs
 
 
@@ -227,13 +233,14 @@ class ClubPageEditView(ClubTabsMixin, PageEditViewBase):
         return reverse_lazy("club:club_view", kwargs={"club_id": self.club.id})
 
 
-class ClubPageHistView(ClubTabsMixin, CanViewMixin, DetailView):
+class ClubPageHistView(ClubTabsMixin, PermissionRequiredMixin, DetailView):
     """Modification hostory of the page."""
 
     model = Club
     pk_url_kwarg = "club_id"
     template_name = "club/page_history.jinja"
     current_tab = "history"
+    permission_required = "club.view_club"
 
 
 class ClubToolsView(ClubTabsMixin, CanEditMixin, DetailView):
@@ -245,59 +252,121 @@ class ClubToolsView(ClubTabsMixin, CanEditMixin, DetailView):
     current_tab = "tools"
 
 
-class ClubMembersView(ClubTabsMixin, CanViewMixin, DetailFormView):
+class ClubAddMembersFragment(
+    FragmentMixin, PermissionRequiredMixin, SuccessMessageMixin, CreateView
+):
+    template_name = "club/fragments/add_member.jinja"
+    model = Membership
+    object = None
+    reload_on_redirect = True
+    permission_required = "club.view_club"
+
+    def dispatch(self, *args, **kwargs):
+        self.club = get_object_or_404(Club, pk=kwargs.get("club_id"))
+        return super().dispatch(*args, **kwargs)
+
+    def get_form_class(self):
+        user = self.request.user
+        if user.has_perm("club.add_membership") or self.club.get_membership_for(user):
+            return ClubAddMemberForm
+        return JoinClubForm
+
+    def get_form_kwargs(self):
+        return super().get_form_kwargs() | {
+            "request_user": self.request.user,
+            "club": self.club,
+        }
+
+    def render_fragment(self, request, **kwargs) -> SafeString:
+        self.club = kwargs.get("club")
+        return super().render_fragment(request, **kwargs)
+
+    def get_success_url(self):
+        return reverse("club:club_members", kwargs={"club_id": self.club.id})
+
+    def get_context_data(self, **kwargs):
+        return super().get_context_data(**kwargs) | {"club": self.club}
+
+    def get_success_message(self, cleaned_data):
+        if "user" not in cleaned_data or cleaned_data["user"] == self.request.user:
+            return _("You are now a member of this club.")
+        return _("%(user)s has been added to club.") % cleaned_data
+
+
+class ClubMembersView(
+    ClubTabsMixin, UseFragmentsMixin, PermissionRequiredMixin, DetailFormView
+):
     """View of a club's members."""
 
     model = Club
     pk_url_kwarg = "club_id"
-    form_class = ClubMemberForm
+    form_class = ClubOldMemberForm
     template_name = "club/club_members.jinja"
     current_tab = "members"
+    permission_required = "club.view_club"
+
+    def get_fragments(self) -> dict[str, type[FragmentMixin] | FragmentRenderer]:
+        membership = self.object.get_membership_for(self.request.user)
+        if (
+            membership
+            and membership.role <= settings.SITH_MAXIMUM_FREE_ROLE
+            and not self.request.user.has_perm("club.add_membership")
+        ):
+            # Simple club members won't see the form anymore.
+            # Even if they saw it, they couldn't add anyone to the club anyway
+            return {}
+        return {"add_member_fragment": ClubAddMembersFragment}
+
+    def get_fragment_data(self) -> dict[str, Any]:
+        return {"add_member_fragment": {"club": self.object}}
 
     def get_form_kwargs(self):
-        kwargs = super().get_form_kwargs()
-        kwargs["request_user"] = self.request.user
-        kwargs["club"] = self.get_object()
-        kwargs["club_members"] = self.members
-        return kwargs
+        return super().get_form_kwargs() | {
+            "user": self.request.user,
+            "club": self.object,
+        }
 
-    def get_context_data(self, *args, **kwargs):
-        kwargs = super().get_context_data(*args, **kwargs)
-        kwargs["members"] = self.members
+    def get_context_data(self, **kwargs):
+        kwargs = super().get_context_data(**kwargs)
+        editable = list(
+            kwargs["form"].fields["members_old"].queryset.values_list("id", flat=True)
+        )
+        kwargs["members"] = list(
+            self.object.members.ongoing()
+            .annotate(is_editable=Q(id__in=editable))
+            .order_by("-role")
+            .select_related("user")
+        )
+        kwargs["can_end_membership"] = len(editable) > 0
         return kwargs
 
     def form_valid(self, form):
-        """Check user rights."""
-        resp = super().form_valid(form)
-
-        data = form.clean()
-        users = data.pop("users", [])
-        users_old = data.pop("users_old", [])
-        for user in users:
-            Membership(club=self.get_object(), user=user, **data).save()
-        for user in users_old:
-            membership = self.get_object().get_membership_for(user)
-            membership.end_date = timezone.now()
+        for membership in form.cleaned_data.get("members_old"):
+            membership.end_date = now()
             membership.save()
-        return resp
-
-    def dispatch(self, request, *args, **kwargs):
-        self.members = self.get_object().members.ongoing().order_by("-role")
-        return super().dispatch(request, *args, **kwargs)
+        return super().form_valid(form)
 
     def get_success_url(self, **kwargs):
-        return reverse_lazy(
-            "club:club_members", kwargs={"club_id": self.get_object().id}
-        )
+        return self.request.path
 
 
-class ClubOldMembersView(ClubTabsMixin, CanViewMixin, DetailView):
+class ClubOldMembersView(ClubTabsMixin, PermissionRequiredMixin, DetailView):
     """Old members of a club."""
 
     model = Club
     pk_url_kwarg = "club_id"
     template_name = "club/club_old_members.jinja"
     current_tab = "elderlies"
+    permission_required = "club.view_club"
+
+    def get_context_data(self, **kwargs):
+        return super().get_context_data(**kwargs) | {
+            "old_members": (
+                self.object.members.exclude(end_date=None)
+                .order_by("-role", "description", "-end_date")
+                .select_related("user")
+            )
+        }
 
 
 class ClubSellingView(ClubTabsMixin, CanEditMixin, DetailFormView):
@@ -338,7 +407,7 @@ class ClubSellingView(ClubTabsMixin, CanEditMixin, DetailFormView):
         form = self.get_form()
         if form.is_valid():
             if not len([v for v in form.cleaned_data.values() if v is not None]):
-                qs = Selling.objects.filter(id=-1)
+                qs = Selling.objects.none()
             if form.cleaned_data["begin_date"]:
                 qs = qs.filter(date__gte=form.cleaned_data["begin_date"])
             if form.cleaned_data["end_date"]:
@@ -356,7 +425,9 @@ class ClubSellingView(ClubTabsMixin, CanEditMixin, DetailFormView):
             if len(selected_products) > 0:
                 qs = qs.filter(product__in=selected_products)
 
-            kwargs["result"] = qs.all().order_by("-id")
+            kwargs["result"] = qs.select_related(
+                "counter", "counter__club", "customer", "customer__user", "seller"
+            ).order_by("-id")
             kwargs["total"] = sum([s.quantity * s.unit_price for s in kwargs["result"]])
             total_quantity = qs.all().aggregate(Sum("quantity"))
             if total_quantity["quantity__sum"]:
@@ -455,32 +526,33 @@ class ClubSellingCSVView(ClubSellingView):
 
 
 class ClubEditView(ClubTabsMixin, CanEditMixin, UpdateView):
-    """Edit a Club's main informations (for the club's members)."""
+    """Edit a Club.
+
+    Regular club board members will be able to edit the main infos
+    (like the logo and the description).
+    Admins will also be able to edit the club properties
+    (like the name and the parent club).
+    """
 
     model = Club
     pk_url_kwarg = "club_id"
-    form_class = ClubEditForm
-    template_name = "core/edit.jinja"
+    template_name = "club/edit_club.jinja"
     current_tab = "edit"
 
-
-class ClubEditPropView(ClubTabsMixin, CanEditPropMixin, UpdateView):
-    """Edit the properties of a Club object (for the Sith admins)."""
-
-    model = Club
-    pk_url_kwarg = "club_id"
-    fields = ["name", "unix_name", "parent", "is_active"]
-    template_name = "core/edit.jinja"
-    current_tab = "props"
+    def get_form_class(self):
+        if self.object.is_owned_by(self.request.user):
+            return ClubAdminEditForm
+        return ClubEditForm
 
 
-class ClubCreateView(CanCreateMixin, CreateView):
+class ClubCreateView(PermissionRequiredMixin, CreateView):
     """Create a club (for the Sith admin)."""
 
     model = Club
     pk_url_kwarg = "club_id"
-    fields = ["name", "unix_name", "parent"]
-    template_name = "core/edit.jinja"
+    fields = ["name", "parent"]
+    template_name = "core/create.jinja"
+    permission_required = "club.add_club"
 
 
 class MembershipSetOldView(CanEditMixin, DetailView):
@@ -512,26 +584,18 @@ class MembershipSetOldView(CanEditMixin, DetailView):
         )
 
 
-class MembershipDeleteView(UserIsRootMixin, DeleteView):
+class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
     """Delete a membership (for admins only)."""
 
     model = Membership
     pk_url_kwarg = "membership_id"
     template_name = "core/delete_confirm.jinja"
+    permission_required = "club.delete_membership"
 
     def get_success_url(self):
         return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})
 
 
-class ClubStatView(TemplateView):
-    template_name = "club/stats.jinja"
-
-    def get_context_data(self, **kwargs):
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["club_list"] = Club.objects.all()
-        return kwargs
-
-
 class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
     """A list of mailing for a given club."""
 
@@ -543,26 +607,19 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
 
     def get_form_kwargs(self):
         kwargs = super().get_form_kwargs()
-        kwargs["club_id"] = self.get_object().id
+        kwargs["club_id"] = self.object.id
         kwargs["user_id"] = self.request.user.id
-        kwargs["mailings"] = self.mailings
+        kwargs["mailings"] = self.object.mailings.all()
         return kwargs
 
-    def dispatch(self, request, *args, **kwargs):
-        self.mailings = Mailing.objects.filter(club_id=self.get_object().id).all()
-        return super().dispatch(request, *args, **kwargs)
-
     def get_context_data(self, **kwargs):
         kwargs = super().get_context_data(**kwargs)
-        kwargs["club"] = self.get_object()
+        mailings = list(self.object.mailings.all())
+        kwargs["club"] = self.object
         kwargs["user"] = self.request.user
-        kwargs["mailings"] = self.mailings
-        kwargs["mailings_moderated"] = (
-            kwargs["mailings"].exclude(is_moderated=False).all()
-        )
-        kwargs["mailings_not_moderated"] = (
-            kwargs["mailings"].exclude(is_moderated=True).all()
-        )
+        kwargs["mailings"] = mailings
+        kwargs["mailings_moderated"] = [m for m in mailings if m.is_moderated]
+        kwargs["mailings_not_moderated"] = [m for m in mailings if not m.is_moderated]
         kwargs["form_actions"] = {
             "NEW_MALING": self.form_class.ACTION_NEW_MAILING,
             "NEW_SUBSCRIPTION": self.form_class.ACTION_NEW_SUBSCRIPTION,
@@ -573,7 +630,7 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
     def add_new_mailing(self, cleaned_data) -> ValidationError | None:
         """Create a new mailing list from the form."""
         mailing = Mailing(
-            club=self.get_object(),
+            club=self.object,
             email=cleaned_data["mailing_email"],
             moderator=self.request.user,
             is_moderated=False,
@@ -650,7 +707,7 @@ class ClubMailingView(ClubTabsMixin, CanEditMixin, DetailFormView):
         return resp
 
     def get_success_url(self, **kwargs):
-        return reverse_lazy("club:mailing", kwargs={"club_id": self.get_object().id})
+        return reverse("club:mailing", kwargs={"club_id": self.object.id})
 
 
 class MailingDeleteView(CanEditMixin, DeleteView):
@@ -701,48 +758,45 @@ class MailingAutoGenerationView(View):
         return redirect("club:mailing", club_id=club.id)
 
 
-class PosterListView(ClubTabsMixin, PosterListBaseView, CanViewMixin):
+class PosterListView(ClubTabsMixin, PosterListBaseView):
     """List communication posters."""
 
+    current_tab = "posters"
+    extra_context = {"app": "club"}
+
+    def get_queryset(self):
+        return super().get_queryset().filter(club=self.club.id)
+
     def get_object(self):
         return self.club
 
-    def get_context_data(self, **kwargs):
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["app"] = "club"
-        kwargs["club"] = self.club
-        return kwargs
 
-
-class PosterCreateView(PosterCreateBaseView, CanCreateMixin):
+class PosterCreateView(ClubTabsMixin, PosterCreateBaseView):
     """Create communication poster."""
 
-    pk_url_kwarg = "club_id"
-
-    def get_object(self):
-        obj = super().get_object()
-        if not obj:
-            return self.club
-        return obj
+    current_tab = "posters"
 
     def get_success_url(self, **kwargs):
         return reverse_lazy("club:poster_list", kwargs={"club_id": self.club.id})
 
+    def get_object(self, *args, **kwargs):
+        return self.club
 
-class PosterEditView(ClubTabsMixin, PosterEditBaseView, CanEditMixin):
+
+class PosterEditView(ClubTabsMixin, PosterEditBaseView):
     """Edit communication poster."""
 
+    current_tab = "posters"
+    extra_context = {"app": "club"}
+
     def get_success_url(self):
         return reverse_lazy("club:poster_list", kwargs={"club_id": self.club.id})
 
-    def get_context_data(self, **kwargs):
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["app"] = "club"
-        return kwargs
 
-
-class PosterDeleteView(PosterDeleteBaseView, ClubTabsMixin, CanEditMixin):
+class PosterDeleteView(ClubTabsMixin, PosterDeleteBaseView):
     """Delete communication poster."""
 
+    current_tab = "posters"
+
     def get_success_url(self):
         return reverse_lazy("club:poster_list", kwargs={"club_id": self.club.id})

club/widgets/ajax_select.py

@@ -1,8 +1,11 @@
 from pydantic import TypeAdapter
 
 from club.models import Club
-from club.schemas import ClubSchema
-from core.views.widgets.select import AutoCompleteSelect, AutoCompleteSelectMultiple
+from club.schemas import SimpleClubSchema
+from core.views.widgets.ajax_select import (
+    AutoCompleteSelect,
+    AutoCompleteSelectMultiple,
+)
 
 _js = ["bundled/club/components/ajax-select-index.ts"]
 
@@ -10,7 +13,7 @@ _js = ["bundled/club/components/ajax-select-index.ts"]
 class AutoCompleteSelectClub(AutoCompleteSelect):
     component_name = "club-ajax-select"
     model = Club
-    adapter = TypeAdapter(list[ClubSchema])
+    adapter = TypeAdapter(list[SimpleClubSchema])
 
     js = _js
 
@@ -18,6 +21,6 @@ class AutoCompleteSelectClub(AutoCompleteSelect):
 class AutoCompleteSelectMultipleClub(AutoCompleteSelectMultiple):
     component_name = "club-ajax-select"
     model = Club
-    adapter = TypeAdapter(list[ClubSchema])
+    adapter = TypeAdapter(list[SimpleClubSchema])
 
     js = _js

com/admin.py

@@ -13,17 +13,25 @@
 #
 #
 from django.contrib import admin
+from django.contrib.admin import TabularInline
 from haystack.admin import SearchModelAdmin
 
-from com.models import News, Poster, Screen, Sith, Weekmail
+from com.models import News, NewsDate, Poster, Screen, Sith, Weekmail
+
+
+class NewsDateInline(TabularInline):
+    model = NewsDate
+    extra = 0
 
 
 @admin.register(News)
 class NewsAdmin(SearchModelAdmin):
-    list_display = ("title", "type", "club", "author")
+    list_display = ("title", "club", "author")
     search_fields = ("title", "summary", "content")
     autocomplete_fields = ("author", "moderator")
 
+    inlines = [NewsDateInline]
+
 
 @admin.register(Poster)
 class PosterAdmin(SearchModelAdmin):

com/api.py

@@ -1,32 +1,90 @@
-from pathlib import Path
+from typing import Literal
 
-from django.conf import settings
-from django.http import Http404
-from ninja_extra import ControllerBase, api_controller, route
+from django.http import HttpResponse
+from django.utils.cache import add_never_cache_headers
+from ninja import Query
+from ninja_extra import ControllerBase, api_controller, paginate, route
+from ninja_extra.pagination import PageNumberPaginationExtra
+from ninja_extra.permissions import IsAuthenticated
+from ninja_extra.schemas import PaginatedResponseSchema
 
-from com.calendar import IcsCalendar
+from api.permissions import HasPerm
+from com.ics_calendar import IcsCalendar
+from com.models import News, NewsDate
+from com.schemas import NewsDateFilterSchema, NewsDateSchema
 from core.views.files import send_raw_file
 
 
 @api_controller("/calendar")
 class CalendarController(ControllerBase):
-    CACHE_FOLDER: Path = settings.MEDIA_ROOT / "com" / "calendars"
-
-    @route.get("/external.ics", url_name="calendar_external")
-    def calendar_external(self):
-        """Return the ICS file of the AE Google Calendar
-
-        Because of Google's cors rules, we can't just do a request to google ics
-        from the frontend. Google is blocking CORS request in it's responses headers.
-        The only way to do it from the frontend is to use Google Calendar API with an API key
-        This is not especially desirable as your API key is going to be provided to the frontend.
-
-        This is why we have this backend based solution.
-        """
-        if (calendar := IcsCalendar.get_external()) is not None:
-            return send_raw_file(calendar)
-        raise Http404
-
     @route.get("/internal.ics", url_name="calendar_internal")
     def calendar_internal(self):
-        return send_raw_file(IcsCalendar.get_internal())
+        response = send_raw_file(IcsCalendar.get_internal())
+        add_never_cache_headers(response)
+        return response
+
+    @route.get(
+        "/unpublished.ics",
+        permissions=[IsAuthenticated],
+        url_name="calendar_unpublished",
+    )
+    def calendar_unpublished(self):
+        response = HttpResponse(
+            IcsCalendar.get_unpublished(self.context.request.user),
+            content_type="text/calendar",
+        )
+        add_never_cache_headers(response)
+        return response
+
+
+@api_controller("/news")
+class NewsController(ControllerBase):
+    @route.patch(
+        "/{int:news_id}/publish",
+        permissions=[HasPerm("com.moderate_news")],
+        url_name="moderate_news",
+    )
+    def publish_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        if not news.is_published:
+            news.is_published = True
+            news.moderator = self.context.request.user
+            news.save()
+
+    @route.patch(
+        "/{int:news_id}/unpublish",
+        permissions=[HasPerm("com.moderate_news")],
+        url_name="unpublish_news",
+    )
+    def unpublish_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        if news.is_published:
+            news.is_published = False
+            news.moderator = self.context.request.user
+            news.save()
+
+    @route.delete(
+        "/{int:news_id}",
+        permissions=[HasPerm("com.delete_news")],
+        url_name="delete_news",
+    )
+    def delete_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        news.delete()
+
+    @route.get(
+        "/date",
+        url_name="fetch_news_dates",
+        response=PaginatedResponseSchema[NewsDateSchema],
+    )
+    @paginate(PageNumberPaginationExtra, page_size=50)
+    def fetch_news_dates(
+        self,
+        filters: Query[NewsDateFilterSchema],
+        text_format: Literal["md", "html"] = "md",
+    ):
+        return filters.filter(
+            NewsDate.objects.viewable_by(self.context.request.user)
+            .order_by("start_date")
+            .select_related("news", "news__club")
+        )

com/calendar.py

@@ -1,76 +0,0 @@
-from datetime import datetime, timedelta
-from pathlib import Path
-from typing import final
-
-import urllib3
-from dateutil.relativedelta import relativedelta
-from django.conf import settings
-from django.urls import reverse
-from django.utils import timezone
-from ical.calendar import Calendar
-from ical.calendar_stream import IcsCalendarStream
-from ical.event import Event
-
-from com.models import NewsDate
-
-
-@final
-class IcsCalendar:
-    _CACHE_FOLDER: Path = settings.MEDIA_ROOT / "com" / "calendars"
-    _EXTERNAL_CALENDAR = _CACHE_FOLDER / "external.ics"
-    _INTERNAL_CALENDAR = _CACHE_FOLDER / "internal.ics"
-
-    @classmethod
-    def get_external(cls, expiration: timedelta = timedelta(hours=1)) -> Path | None:
-        if (
-            cls._EXTERNAL_CALENDAR.exists()
-            and timezone.make_aware(
-                datetime.fromtimestamp(cls._EXTERNAL_CALENDAR.stat().st_mtime)
-            )
-            + expiration
-            > timezone.now()
-        ):
-            return cls._EXTERNAL_CALENDAR
-        return cls.make_external()
-
-    @classmethod
-    def make_external(cls) -> Path | None:
-        calendar = urllib3.request(
-            "GET",
-            "https://calendar.google.com/calendar/ical/ae.utbm%40gmail.com/public/basic.ics",
-        )
-        if calendar.status != 200:
-            return None
-
-        cls._CACHE_FOLDER.mkdir(parents=True, exist_ok=True)
-        with open(cls._EXTERNAL_CALENDAR, "wb") as f:
-            _ = f.write(calendar.data)
-        return cls._EXTERNAL_CALENDAR
-
-    @classmethod
-    def get_internal(cls) -> Path:
-        if not cls._INTERNAL_CALENDAR.exists():
-            return cls.make_internal()
-        return cls._INTERNAL_CALENDAR
-
-    @classmethod
-    def make_internal(cls) -> Path:
-        # Updated through a post_save signal on News in com.signals
-        calendar = Calendar()
-        for news_date in NewsDate.objects.filter(
-            news__is_moderated=True,
-            end_date__gte=timezone.now() - (relativedelta(months=6)),
-        ).prefetch_related("news"):
-            event = Event(
-                summary=news_date.news.title,
-                start=news_date.start_date,
-                end=news_date.end_date,
-                url=reverse("com:news_detail", kwargs={"news_id": news_date.news.id}),
-            )
-            calendar.events.append(event)
-
-        # Create a file so we can offload the download to the reverse proxy if available
-        cls._CACHE_FOLDER.mkdir(parents=True, exist_ok=True)
-        with open(cls._INTERNAL_CALENDAR, "wb") as f:
-            _ = f.write(IcsCalendarStream.calendar_to_ics(calendar).encode("utf-8"))
-        return cls._INTERNAL_CALENDAR

com/forms.py

@@ -0,0 +1,183 @@
+from datetime import date
+
+from dateutil.relativedelta import relativedelta
+from django import forms
+from django.forms import CheckboxInput
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+
+from club.models import Club
+from club.widgets.ajax_select import AutoCompleteSelectClub
+from com.models import News, NewsDate, Poster
+from core.models import User
+from core.utils import get_end_of_semester
+from core.views.forms import SelectDateTime
+from core.views.widgets.markdown import MarkdownInput
+
+
+class PosterForm(forms.ModelForm):
+    class Meta:
+        model = Poster
+        fields = [
+            "name",
+            "file",
+            "club",
+            "screens",
+            "date_begin",
+            "date_end",
+            "display_time",
+        ]
+        widgets = {"screens": forms.CheckboxSelectMultiple}
+        help_texts = {"file": _("Format: 16:9 | Resolution: 1920x1080")}
+
+    date_begin = forms.DateTimeField(
+        label=_("Start date"),
+        widget=SelectDateTime,
+        required=True,
+        initial=timezone.now(),
+    )
+    date_end = forms.DateTimeField(
+        label=_("End date"), widget=SelectDateTime, required=False
+    )
+
+    def __init__(self, *args, user: User, **kwargs):
+        super().__init__(*args, **kwargs)
+        if user.is_root or user.is_com_admin:
+            self.fields["club"].widget = AutoCompleteSelectClub()
+        else:
+            self.fields["club"].queryset = Club.objects.having_board_member(user)
+
+
+class NewsDateForm(forms.ModelForm):
+    """Form to select the dates of an event."""
+
+    required_css_class = "required"
+
+    class Meta:
+        model = NewsDate
+        fields = ["start_date", "end_date"]
+        widgets = {"start_date": SelectDateTime, "end_date": SelectDateTime}
+
+    is_weekly = forms.BooleanField(
+        label=_("Weekly event"),
+        help_text=_("Weekly events will occur each week for a specified timespan."),
+        widget=CheckboxInput(attrs={"class": "switch"}),
+        initial=False,
+        required=False,
+    )
+    occurrence_choices = [
+        *[(str(i), _("%d times") % i) for i in range(2, 7)],
+        ("SEMESTER_END", _("Until the end of the semester")),
+    ]
+    occurrences = forms.ChoiceField(
+        label=_("Occurrences"),
+        help_text=_("How much times should the event occur (including the first one)"),
+        choices=occurrence_choices,
+        initial="SEMESTER_END",
+        required=False,
+    )
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.label_suffix = ""
+
+    @classmethod
+    def get_occurrences(cls, number: int) -> tuple[str, str] | None:
+        """Find the occurrence choice corresponding to numeric number of occurrences."""
+        if number < 2:
+            # If only 0 or 1 date, there cannot be weekly events
+            return None
+        # occurrences have all a numeric value, except "SEMESTER_END"
+        str_num = str(number)
+        occurrences = next((c for c in cls.occurrence_choices if c[0] == str_num), None)
+        if occurrences:
+            return occurrences
+        return next((c for c in cls.occurrence_choices if c[0] == "SEMESTER_END"), None)
+
+    def save(self, commit: bool = True, *, news: News):  # noqa FBT001
+        # the base save method contains some checks we want to run
+        # before doing our own logic
+        super().save(commit=False)
+        # delete existing dates before creating new ones
+        news.dates.all().delete()
+        if not self.cleaned_data.get("is_weekly"):
+            self.instance.news = news
+            return super().save(commit=commit)
+
+        dates: list[NewsDate] = [self.instance]
+        occurrences = self.cleaned_data.get("occurrences")
+        start = self.instance.start_date
+        end = self.instance.end_date
+        if occurrences[0].isdigit():
+            nb_occurrences = int(occurrences[0])
+        else:  # to the end of the semester
+            start_date = date(start.year, start.month, start.day)
+            nb_occurrences = (get_end_of_semester(start_date) - start_date).days // 7
+        dates.extend(
+            [
+                NewsDate(
+                    start_date=start + relativedelta(weeks=i),
+                    end_date=end + relativedelta(weeks=i),
+                )
+                for i in range(1, nb_occurrences)
+            ]
+        )
+        for d in dates:
+            d.news = news
+        if not commit:
+            return dates
+        return NewsDate.objects.bulk_create(dates)
+
+
+class NewsForm(forms.ModelForm):
+    """Form to create or edit news."""
+
+    error_css_class = "error"
+    required_css_class = "required"
+
+    class Meta:
+        model = News
+        fields = ["title", "club", "summary", "content"]
+        widgets = {
+            "author": forms.HiddenInput,
+            "summary": MarkdownInput,
+            "content": MarkdownInput,
+        }
+
+    auto_publish = forms.BooleanField(
+        label=_("Auto publication"),
+        widget=CheckboxInput(attrs={"class": "switch"}),
+        required=False,
+    )
+
+    def __init__(self, *args, author: User, date_form: NewsDateForm, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.author = author
+        self.date_form = date_form
+        self.label_suffix = ""
+        # if the author is an admin, he/she can choose any club,
+        # otherwise, only clubs for which he/she is a board member can be selected
+        if author.is_root or author.is_com_admin:
+            self.fields["club"].widget = AutoCompleteSelectClub()
+        else:
+            self.fields["club"].queryset = Club.objects.having_board_member(author)
+
+    def is_valid(self):
+        return super().is_valid() and self.date_form.is_valid()
+
+    def full_clean(self):
+        super().full_clean()
+        self.date_form.full_clean()
+
+    def save(self, commit: bool = True):  # noqa FBT001
+        self.instance.author = self.author
+        if (self.author.is_com_admin or self.author.is_root) and (
+            self.cleaned_data.get("auto_publish") is True
+        ):
+            self.instance.is_published = True
+            self.instance.moderator = self.author
+        else:
+            self.instance.is_published = False
+        created_news = super().save(commit=commit)
+        self.date_form.save(commit=commit, news=created_news)
+        return created_news

com/ics_calendar.py

@@ -0,0 +1,76 @@
+from pathlib import Path
+
+from dateutil.relativedelta import relativedelta
+from django.conf import settings
+from django.contrib.sites.models import Site
+from django.contrib.syndication.views import add_domain
+from django.db.models import F, QuerySet
+from django.http import HttpRequest
+from django.urls import reverse
+from django.utils import timezone
+from ical.calendar import Calendar
+from ical.calendar_stream import IcsCalendarStream
+from ical.event import Event
+
+from com.models import NewsDate
+from core.models import User
+
+
+def as_absolute_url(url: str, request: HttpRequest | None = None) -> str:
+    return add_domain(
+        Site.objects.get_current(request=request),
+        url,
+        secure=request.is_secure() if request is not None else settings.HTTPS,
+    )
+
+
+class IcsCalendar:
+    _CACHE_FOLDER: Path = settings.MEDIA_ROOT / "com" / "calendars"
+    _INTERNAL_CALENDAR = _CACHE_FOLDER / "internal.ics"
+
+    @classmethod
+    def get_internal(cls) -> Path:
+        if not cls._INTERNAL_CALENDAR.exists():
+            return cls.make_internal()
+        return cls._INTERNAL_CALENDAR
+
+    @classmethod
+    def make_internal(cls) -> Path:
+        # Updated through a post_save signal on News in com.signals
+        # Create a file so we can offload the download to the reverse proxy if available
+        cls._CACHE_FOLDER.mkdir(parents=True, exist_ok=True)
+        with open(cls._INTERNAL_CALENDAR, "wb") as f:
+            _ = f.write(
+                cls.ics_from_queryset(
+                    NewsDate.objects.filter(
+                        news__is_published=True,
+                        end_date__gte=timezone.now() - (relativedelta(months=6)),
+                    )
+                )
+            )
+        return cls._INTERNAL_CALENDAR
+
+    @classmethod
+    def get_unpublished(cls, user: User) -> bytes:
+        return cls.ics_from_queryset(
+            NewsDate.objects.viewable_by(user).filter(
+                news__is_published=False,
+                end_date__gte=timezone.now() - (relativedelta(months=6)),
+            ),
+        )
+
+    @classmethod
+    def ics_from_queryset(cls, queryset: QuerySet[NewsDate]) -> bytes:
+        calendar = Calendar()
+        for news_date in queryset.annotate(news_title=F("news__title")):
+            event = Event(
+                summary=news_date.news_title,
+                start=news_date.start_date,
+                end=news_date.end_date,
+                url=as_absolute_url(
+                    reverse("com:news_detail", kwargs={"news_id": news_date.news_id})
+                ),
+            )
+            calendar.events.append(event)
+
+        return IcsCalendarStream.calendar_to_ics(calendar).encode("utf-8")

com/migrations/0008_alter_news_options_alter_newsdate_options_and_more.py

@@ -0,0 +1,61 @@
+# Generated by Django 4.2.17 on 2025-01-06 21:52
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("com", "0007_alter_news_club_alter_news_content_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="news",
+            options={
+                "verbose_name": "news",
+                "permissions": [
+                    ("moderate_news", "Can moderate news"),
+                    ("view_unmoderated_news", "Can view non-moderated news"),
+                ],
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="newsdate",
+            options={"verbose_name": "news date", "verbose_name_plural": "news dates"},
+        ),
+        migrations.AlterModelOptions(
+            name="poster",
+            options={"permissions": [("moderate_poster", "Can moderate poster")]},
+        ),
+        migrations.RemoveField(model_name="news", name="type"),
+        migrations.AlterField(
+            model_name="news",
+            name="author",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="owned_news",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="author",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="newsdate",
+            name="end_date",
+            field=models.DateTimeField(verbose_name="end_date"),
+        ),
+        migrations.AlterField(
+            model_name="newsdate",
+            name="start_date",
+            field=models.DateTimeField(verbose_name="start_date"),
+        ),
+        migrations.AddConstraint(
+            model_name="newsdate",
+            constraint=models.CheckConstraint(
+                condition=models.Q(("end_date__gte", models.F("start_date"))),
+                name="news_date_end_date_after_start_date",
+            ),
+        ),
+    ]

com/migrations/0009_remove_news_is_moderated_news_is_published.py

@@ -0,0 +1,16 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("com", "0008_alter_news_options_alter_newsdate_options_and_more")]
+
+    operations = [
+        migrations.RenameField(
+            model_name="news", old_name="is_moderated", new_name="is_published"
+        ),
+        migrations.AlterField(
+            model_name="news",
+            name="is_published",
+            field=models.BooleanField(default=False, verbose_name="is published"),
+        ),
+    ]

com/models.py

@@ -21,13 +21,13 @@
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
-
+from typing import Self
 
 from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.core.mail import EmailMultiAlternatives
 from django.db import models, transaction
-from django.db.models import Q
+from django.db.models import Exists, F, OuterRef, Q
 from django.shortcuts import render
 from django.templatetags.static import static
 from django.urls import reverse
@@ -54,12 +54,32 @@ class Sith(models.Model):
         return user.is_com_admin
 
 
-NEWS_TYPES = [
-    ("NOTICE", _("Notice")),
-    ("EVENT", _("Event")),
-    ("WEEKLY", _("Weekly")),
-    ("CALL", _("Call")),
-]
+class NewsQuerySet(models.QuerySet):
+    def published(self) -> Self:
+        return self.filter(is_published=True)
+
+    def waiting_moderation(self) -> Self:
+        """Filter all non-finished non-published news"""
+        # Because of the way News and NewsDates are created,
+        # there may be some cases where this method is called before
+        # the NewsDates linked to a Date are actually persisted in db.
+        # Thus, it's important to filter by "not past date" rather than by "future date"
+        return self.filter(~Q(dates__start_date__lt=timezone.now()), is_published=False)
+
+    def viewable_by(self, user: User) -> Self:
+        """Filter news that the given user can view.
+
+        If the user has the `com.view_unmoderated_news` permission,
+        all news are viewable.
+        Else the viewable news are those that are either moderated
+        or authored by the user.
+        """
+        if user.has_perm("com.view_unmoderated_news"):
+            return self
+        q_filter = Q(is_published=True)
+        if user.is_authenticated:
+            q_filter |= Q(author_id=user.id)
+        return self.filter(q_filter)
 
 
 class News(models.Model):
@@ -79,9 +99,6 @@ class News(models.Model):
         default="",
         help_text=_("A more detailed and exhaustive description of the event."),
     )
-    type = models.CharField(
-        _("type"), max_length=16, choices=NEWS_TYPES, default="EVENT"
-    )
     club = models.ForeignKey(
         Club,
         related_name="news",
@@ -93,9 +110,9 @@ class News(models.Model):
         User,
         related_name="owned_news",
         verbose_name=_("author"),
-        on_delete=models.CASCADE,
+        on_delete=models.PROTECT,
     )
-    is_moderated = models.BooleanField(_("is moderated"), default=False)
+    is_published = models.BooleanField(_("is published"), default=False)
     moderator = models.ForeignKey(
         User,
         related_name="moderated_news",
@@ -104,61 +121,92 @@ class News(models.Model):
         on_delete=models.SET_NULL,
     )
 
+    objects = NewsQuerySet.as_manager()
+
+    class Meta:
+        verbose_name = _("news")
+        permissions = [
+            ("moderate_news", "Can moderate news"),
+            ("view_unmoderated_news", "Can view non-moderated news"),
+        ]
+
     def __str__(self):
-        return "%s: %s" % (self.type, self.title)
+        return self.title
 
     def save(self, *args, **kwargs):
         super().save(*args, **kwargs)
-        for user in User.objects.filter(
-            groups__id__in=[settings.SITH_GROUP_COM_ADMIN_ID]
-        ):
-            Notification.objects.create(
-                user=user,
-                url=reverse("com:news_admin_list"),
-                type="NEWS_MODERATION",
-                param="1",
+        if not self.is_published:
+            admins_without_notif = User.objects.filter(
+                ~Exists(
+                    Notification.objects.filter(
+                        user=OuterRef("pk"), type="NEWS_MODERATION"
+                    )
+                ),
+                groups__id=settings.SITH_GROUP_COM_ADMIN_ID,
             )
+            notif_url = reverse("com:news_admin_list")
+            new_notifs = [
+                Notification(user=user, url=notif_url, type="NEWS_MODERATION")
+                for user in admins_without_notif
+            ]
+            Notification.objects.bulk_create(new_notifs)
+        self.update_moderation_notifs()
 
     def get_absolute_url(self):
         return reverse("com:news_detail", kwargs={"news_id": self.id})
 
     def get_full_url(self):
-        return "https://%s%s" % (settings.SITH_URL, self.get_absolute_url())
+        return f"https://{settings.SITH_URL}{self.get_absolute_url()}"
 
     def is_owned_by(self, user):
         if user.is_anonymous:
             return False
         return user.is_com_admin or user == self.author
 
-    def can_be_edited_by(self, user):
-        return user.is_com_admin
-
-    def can_be_viewed_by(self, user):
-        return self.is_moderated or user.is_com_admin
-
-
-def news_notification_callback(notif):
-    count = (
-        News.objects.filter(
-            Q(dates__start_date__gt=timezone.now(), is_moderated=False)
-            | Q(type="NOTICE", is_moderated=False)
+    def can_be_edited_by(self, user: User):
+        return user.is_authenticated and (
+            self.author_id == user.id or user.has_perm("com.change_news")
         )
-        .distinct()
-        .count()
-    )
-    if count:
-        notif.viewed = False
-        notif.param = "%s" % count
-        notif.date = timezone.now()
-    else:
-        notif.viewed = True
+
+    def can_be_viewed_by(self, user: User):
+        return (
+            self.is_published
+            or user.has_perm("com.view_unmoderated_news")
+            or (user.is_authenticated and self.author_id == user.id)
+        )
+
+    @staticmethod
+    def update_moderation_notifs():
+        count = News.objects.waiting_moderation().count()
+        notifs_qs = Notification.objects.filter(
+            type="NEWS_MODERATION", user__groups__id=settings.SITH_GROUP_COM_ADMIN_ID
+        )
+        if count:
+            notifs_qs.update(viewed=False, param=str(count))
+        else:
+            notifs_qs.update(viewed=True)
+
+
+class NewsDateQuerySet(models.QuerySet):
+    def viewable_by(self, user: User) -> Self:
+        """Filter the event dates that the given user can view.
+
+        - If the can view non moderated news, he can view all news dates
+        - else, he can view the dates of news that are either
+          authored by him or moderated.
+        """
+        if user.has_perm("com.view_unmoderated_news"):
+            return self
+        q_filter = Q(news__is_published=True)
+        if user.is_authenticated:
+            q_filter |= Q(news__author_id=user.id)
+        return self.filter(q_filter)
 
 
 class NewsDate(models.Model):
-    """A date class, useful for weekly events, or for events that just have no date.
+    """A date associated with news.
 
-    This class allows more flexibilty managing the dates related to a news, particularly when this news is weekly, since
-    we don't have to make copies
+    A [News][com.models.News] can have multiple dates, for example if it is a recurring event.
     """
 
     news = models.ForeignKey(
@@ -167,11 +215,23 @@ class NewsDate(models.Model):
         verbose_name=_("news_date"),
         on_delete=models.CASCADE,
     )
-    start_date = models.DateTimeField(_("start_date"), null=True, blank=True)
-    end_date = models.DateTimeField(_("end_date"), null=True, blank=True)
+    start_date = models.DateTimeField(_("start_date"))
+    end_date = models.DateTimeField(_("end_date"))
+
+    objects = NewsDateQuerySet.as_manager()
+
+    class Meta:
+        verbose_name = _("news date")
+        verbose_name_plural = _("news dates")
+        constraints = [
+            models.CheckConstraint(
+                condition=Q(end_date__gte=F("start_date")),
+                name="news_date_end_date_after_start_date",
+            )
+        ]
 
     def __str__(self):
-        return "%s: %s - %s" % (self.news.title, self.start_date, self.end_date)
+        return f"{self.news.title}: {self.start_date} - {self.end_date}"
 
 
 class Weekmail(models.Model):
@@ -330,6 +390,9 @@ class Poster(models.Model):
         on_delete=models.CASCADE,
     )
 
+    class Meta:
+        permissions = [("moderate_poster", "Can moderate poster")]
+
     def __str__(self):
         return self.name
 
@@ -349,17 +412,5 @@ class Poster(models.Model):
         if self.date_end and self.date_begin > self.date_end:
             raise ValidationError(_("Begin date should be before end date"))
 
-    def is_owned_by(self, user):
-        if user.is_anonymous:
-            return False
-        return user.is_com_admin or len(user.clubs_with_rights) > 0
-
-    def can_be_moderated_by(self, user):
-        return user.is_com_admin
-
     def get_display_name(self):
         return self.club.get_display_name()
-
-    @property
-    def page(self):
-        return self.club.page

com/schemas.py

@@ -0,0 +1,58 @@
+from datetime import datetime
+
+from ninja import FilterSchema, ModelSchema
+from ninja_extra import service_resolver
+from ninja_extra.context import RouteContext
+from pydantic import Field
+
+from club.schemas import ClubProfileSchema
+from com.models import News, NewsDate
+from core.markdown import markdown
+
+
+class NewsDateFilterSchema(FilterSchema):
+    before: datetime | None = Field(None, q="end_date__lt")
+    after: datetime | None = Field(None, q="start_date__gt")
+    club_id: int | None = Field(None, q="news__club_id")
+    news_id: int | None = None
+    is_published: bool | None = Field(None, q="news__is_published")
+    title: str | None = Field(None, q="news__title__icontains")
+
+
+class NewsSchema(ModelSchema):
+    class Meta:
+        model = News
+        fields = ["id", "title", "summary", "is_published"]
+
+    club: ClubProfileSchema
+    url: str
+
+    @staticmethod
+    def resolve_summary(obj: News) -> str:
+        # if this is returned from a route that allows the
+        # user to choose the text format (md or html)
+        # and the user chose "html", convert the markdown to html
+        context: RouteContext = service_resolver(RouteContext)
+        if context.kwargs.get("text_format", "") == "html":
+            return markdown(obj.summary)
+        return obj.summary
+
+    @staticmethod
+    def resolve_url(obj: News) -> str:
+        return obj.get_absolute_url()
+
+
+class NewsDateSchema(ModelSchema):
+    """Basic infos about an event occurrence.
+
+    Warning:
+        This uses [NewsSchema][], which itself
+        uses [ClubProfileSchema][club.schemas.ClubProfileSchema].
+        Don't forget the appropriated `select_related`.
+    """
+
+    class Meta:
+        model = NewsDate
+        fields = ["id", "start_date", "end_date"]
+
+    news: NewsSchema

com/signals.py

@@ -1,10 +1,10 @@
-from django.db.models.base import post_save
+from django.db.models.signals import post_delete, post_save
 from django.dispatch import receiver
 
-from com.calendar import IcsCalendar
+from com.ics_calendar import IcsCalendar
 from com.models import News
 
 
-@receiver(post_save, sender=News, dispatch_uid="update_internal_ics")
+@receiver([post_save, post_delete], sender=News, dispatch_uid="update_internal_ics")
 def update_internal_ics(*args, **kwargs):
     _ = IcsCalendar.make_internal()

com/static/bundled/com/components/ics-calendar-index.ts

@@ -7,20 +7,38 @@ import frLocale from "@fullcalendar/core/locales/fr";
 import dayGridPlugin from "@fullcalendar/daygrid";
 import iCalendarPlugin from "@fullcalendar/icalendar";
 import listPlugin from "@fullcalendar/list";
-import { calendarCalendarExternal, calendarCalendarInternal } from "#openapi";
+import { type HTMLTemplateResult, html, render } from "lit-html";
+import {
+  calendarCalendarInternal,
+  calendarCalendarUnpublished,
+  newsDeleteNews,
+  newsPublishNews,
+  newsUnpublishNews,
+} from "#openapi";
 
 @registerComponent("ics-calendar")
 export class IcsCalendar extends inheritHtmlElement("div") {
-  static observedAttributes = ["locale"];
+  static observedAttributes = ["locale", "can_moderate", "can_delete", "ics-help-url"];
   private calendar: Calendar;
   private locale = "en";
+  private canModerate = false;
+  private canDelete = false;
+  private helpUrl = "";
 
   attributeChangedCallback(name: string, _oldValue?: string, newValue?: string) {
-    if (name !== "locale") {
-      return;
+    if (name === "locale") {
+      this.locale = newValue;
+    }
+    if (name === "can_moderate") {
+      this.canModerate = newValue.toLowerCase() === "true";
+    }
+    if (name === "can_delete") {
+      this.canDelete = newValue.toLowerCase() === "true";
     }
 
-    this.locale = newValue;
+    if (name === "ics-help-url") {
+      this.helpUrl = newValue;
+    }
   }
 
   isMobile() {
@@ -32,7 +50,18 @@ export class IcsCalendar extends inheritHtmlElement("div") {
     return this.isMobile() ? "listMonth" : "dayGridMonth";
   }
 
-  currentToolbar() {
+  currentFooterToolbar() {
+    if (this.isMobile()) {
+      return {
+        start: "",
+        center: "getCalendarLink helpButton",
+        end: "",
+      };
+    }
+    return { start: "getCalendarLink helpButton", center: "", end: "" };
+  }
+
+  currentHeaderToolbar() {
     if (this.isMobile()) {
       return {
         left: "prev,next",
@@ -54,6 +83,93 @@ export class IcsCalendar extends inheritHtmlElement("div") {
     }).format(date);
   }
 
+  getNewsId(event: EventImpl) {
+    return Number.parseInt(
+      event.url
+        .toString()
+        .split("/")
+        .filter((s) => s) // Remove blank characters
+        .pop(),
+    );
+  }
+
+  refreshEvents() {
+    this.click(); // Remove focus from popup
+    this.calendar.refetchEvents();
+  }
+
+  async publishNews(id: number) {
+    await newsPublishNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-publish", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async unpublishNews(id: number) {
+    await newsUnpublishNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-unpublish", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async deleteNews(id: number) {
+    await newsDeleteNews({
+      path: {
+        // biome-ignore lint/style/useNamingConvention: python API
+        news_id: id,
+      },
+    });
+    this.dispatchEvent(
+      new CustomEvent("calendar-delete", {
+        bubbles: true,
+        detail: {
+          id: id,
+        },
+      }),
+    );
+    this.refreshEvents();
+  }
+
+  async getEventSources() {
+    return [
+      {
+        url: `${await makeUrl(calendarCalendarInternal)}`,
+        format: "ics",
+        className: "internal",
+        cache: false,
+      },
+      {
+        url: `${await makeUrl(calendarCalendarUnpublished)}`,
+        format: "ics",
+        color: "red",
+        className: "unpublished",
+        cache: false,
+      },
+    ];
+  }
+
   createEventDetailPopup(event: EventClickArg) {
     // Delete previous popup
     const oldPopup = document.getElementById("event-details");
@@ -61,29 +177,25 @@ export class IcsCalendar extends inheritHtmlElement("div") {
       oldPopup.remove();
     }
 
-    const makePopupInfo = (info: HTMLElement, iconClass: string) => {
-      const row = document.createElement("div");
-      const icon = document.createElement("i");
-
-      row.setAttribute("class", "event-details-row");
-
-      icon.setAttribute("class", `event-detail-row-icon fa-xl ${iconClass}`);
-
-      row.appendChild(icon);
-      row.appendChild(info);
-
-      return row;
+    const makePopupInfo = (info: HTMLTemplateResult, iconClass: string) => {
+      return html`
+        <div class="event-details-row">
+          <i class="event-detail-row-icon fa-xl ${iconClass}"></i>
+          ${info}
+        </div>
+      `;
     };
 
     const makePopupTitle = (event: EventImpl) => {
-      const row = document.createElement("div");
-      row.innerHTML = `
-        <h4 class="event-details-row-content">
-          ${event.title}
-        </h4>
-        <span class="event-details-row-content">
-          ${this.formatDate(event.start)} - ${this.formatDate(event.end)}
-        </span>
+      const row = html`
+        <div>
+          <h4 class="event-details-row-content">
+            ${event.title}
+          </h4>
+          <span class="event-details-row-content">
+            ${this.formatDate(event.start)} - ${this.formatDate(event.end)}
+          </span>
+        </div>
       `;
       return makePopupInfo(
         row,
@@ -95,9 +207,11 @@ export class IcsCalendar extends inheritHtmlElement("div") {
       if (event.extendedProps.location === null) {
         return null;
       }
-      const info = document.createElement("div");
-      info.innerText = event.extendedProps.location;
-
+      const info = html`
+        <div>
+          ${event.extendedProps.location}
+        </div>
+      `;
       return makePopupInfo(info, "fa-solid fa-location-dot");
     };
 
@@ -105,33 +219,68 @@ export class IcsCalendar extends inheritHtmlElement("div") {
       if (event.url === "") {
         return null;
       }
-      const url = document.createElement("a");
-      url.href = event.url;
-      url.textContent = gettext("More info");
-
+      const url = html`<a href="${event.url}">${gettext("More info")}</a>`;
       return makePopupInfo(url, "fa-solid fa-link");
     };
 
+    const makePopupTools = (event: EventImpl) => {
+      if (!(this.canDelete || this.canModerate)) {
+        return null;
+      }
+      const newsId = this.getNewsId(event);
+      const buttons = [] as HTMLTemplateResult[];
+
+      if (this.canModerate) {
+        if (event.source.internalEventSource.ui.classNames.includes("unpublished")) {
+          const button = html`
+            <button class="btn btn-green" @click="${() => this.publishNews(newsId)}">
+              <i class="fa fa-check"></i>${gettext("Publish")}
+            </button>
+          `;
+          buttons.push(button);
+        } else {
+          const button = html`
+            <button class="btn btn-orange" @click="${() => this.unpublishNews(newsId)}">
+              <i class="fa fa-times"></i>${gettext("Unpublish")}
+            </button>
+          `;
+          buttons.push(button);
+        }
+      }
+      if (this.canDelete) {
+        const button = html`
+          <button class="btn btn-red" @click="${() => this.deleteNews(newsId)}">
+            <i class="fa fa-trash-can"></i>${gettext("Delete")}
+          </button>
+        `;
+        buttons.push(button);
+      }
+
+      return makePopupInfo(html`<div>${buttons}</div>`, "fa-solid fa-toolbox");
+    };
+
     // Create new popup
-    const popup = document.createElement("div");
-    const popupContainer = document.createElement("div");
-
-    popup.setAttribute("id", "event-details");
-    popupContainer.setAttribute("class", "event-details-container");
-
-    popupContainer.appendChild(makePopupTitle(event.event));
+    const infos = [] as HTMLTemplateResult[];
+    infos.push(makePopupTitle(event.event));
 
     const location = makePopupLocation(event.event);
     if (location !== null) {
-      popupContainer.appendChild(location);
+      infos.push(location);
     }
 
     const url = makePopupUrl(event.event);
     if (url !== null) {
-      popupContainer.appendChild(url);
+      infos.push(url);
     }
 
-    popup.appendChild(popupContainer);
+    const tools = makePopupTools(event.event);
+    if (tools !== null) {
+      infos.push(tools);
+    }
+
+    const popup = document.createElement("div");
+    popup.setAttribute("id", "event-details");
+    render(html`<div class="event-details-container">${infos}</div>`, popup);
 
     // We can't just add the element relative to the one we want to appear under
     // Otherwise, it either gets clipped by the boundaries of the calendar or resize cells
@@ -155,23 +304,55 @@ export class IcsCalendar extends inheritHtmlElement("div") {
     this.calendar = new Calendar(this.node, {
       plugins: [dayGridPlugin, iCalendarPlugin, listPlugin],
       locales: [frLocale, enLocale],
+      customButtons: {
+        getCalendarLink: {
+          text: gettext("Copy calendar link"),
+          click: async (event: Event) => {
+            const button = event.target as HTMLButtonElement;
+            button.classList.add("text-copy");
+            button.setAttribute("tooltip-class", "calendar-copy-tooltip");
+            if (!button.hasAttribute("tooltip-position")) {
+              button.setAttribute("tooltip-position", "top");
+            }
+            if (button.classList.contains("text-copied")) {
+              button.classList.remove("text-copied");
+            }
+            button.setAttribute("tooltip", gettext("Link copied"));
+            navigator.clipboard.writeText(
+              new URL(
+                await makeUrl(calendarCalendarInternal),
+                window.location.origin,
+              ).toString(),
+            );
+            setTimeout(() => {
+              button.setAttribute("tooltip-class", "calendar-copy-tooltip text-copied");
+              button.classList.remove("text-copied");
+              button.classList.add("text-copied");
+              button.classList.remove("text-copy");
+            }, 1500);
+          },
+        },
+        helpButton: {
+          text: "?",
+          hint: gettext("How to use calendar link"),
+          click: () => {
+            if (this.helpUrl) {
+              window.open(this.helpUrl, "_blank");
+            }
+          },
+        },
+      },
       height: "auto",
       locale: this.locale,
       initialView: this.currentView(),
-      headerToolbar: this.currentToolbar(),
-      eventSources: [
-        {
-          url: await makeUrl(calendarCalendarInternal),
-          format: "ics",
-        },
-        {
-          url: await makeUrl(calendarCalendarExternal),
-          format: "ics",
-        },
-      ],
+      headerToolbar: this.currentHeaderToolbar(),
+      footerToolbar: this.currentFooterToolbar(),
+      eventSources: await this.getEventSources(),
+      lazyFetching: false,
       windowResize: () => {
         this.calendar.changeView(this.currentView());
-        this.calendar.setOption("headerToolbar", this.currentToolbar());
+        this.calendar.setOption("headerToolbar", this.currentHeaderToolbar());
+        this.calendar.setOption("footerToolbar", this.currentFooterToolbar());
       },
       eventClick: (event) => {
         // Avoid our popup to be deleted because we clicked outside of it

com/static/bundled/com/moderation-alert-index.ts

@@ -0,0 +1,81 @@
+import { exportToHtml } from "#core:utils/globals";
+import { newsDeleteNews, newsFetchNewsDates, newsPublishNews } from "#openapi";
+
+// This will be used in jinja templates,
+// so we cannot use real enums as those are purely an abstraction of Typescript
+const AlertState = {
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  PENDING: 1,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  PUBLISHED: 2,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  DELETED: 3,
+  // biome-ignore lint/style/useNamingConvention: this feels more like an enum
+  DISPLAYED: 4, // When published at page generation
+};
+exportToHtml("AlertState", AlertState);
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("moderationAlert", (newsId: number) => ({
+    state: AlertState.PENDING,
+    newsId: newsId as number,
+    loading: false,
+
+    async publishNews() {
+      this.loading = true;
+      // biome-ignore lint/style/useNamingConvention: api is snake case
+      await newsPublishNews({ path: { news_id: this.newsId } });
+      this.state = AlertState.PUBLISHED;
+      this.$dispatch("news-moderated", { newsId: this.newsId, state: this.state });
+      this.loading = false;
+    },
+
+    async deleteNews() {
+      this.loading = true;
+      // biome-ignore lint/style/useNamingConvention: api is snake case
+      await newsDeleteNews({ path: { news_id: this.newsId } });
+      this.state = AlertState.DELETED;
+      this.$dispatch("news-moderated", { newsId: this.newsId, state: this.state });
+      this.loading = false;
+    },
+
+    /**
+     * Event receiver for when news dates are moderated.
+     *
+     * If the moderated date is linked to the same news
+     * as the one this moderation alert is attached to,
+     * then set the alert state to the same as the moderated one.
+     */
+    dispatchModeration(event: CustomEvent) {
+      if (event.detail.newsId === this.newsId) {
+        this.state = event.detail.state;
+      }
+    },
+
+    /**
+     * Query the server to know the number of news dates that would be moderated
+     * if this one is moderated.
+     */
+    async nbToPublish(): Promise<number> {
+      // What we want here is the count attribute of the response.
+      // We don't care about the actual results,
+      // so we ask for the minimum page size possible.
+      const response = await newsFetchNewsDates({
+        // biome-ignore lint/style/useNamingConvention: api is snake-case
+        query: { news_id: this.newsId, page: 1, page_size: 1 },
+      });
+      return response.data.count;
+    },
+
+    weeklyEventWarningMessage(nbEvents: number): string {
+      return interpolate(
+        gettext(
+          "This event will take place every week for %s weeks. " +
+            "If you publish or delete this event, " +
+            "it will also be published (or deleted) for the following weeks.",
+        ),
+        [nbEvents],
+      );
+    },
+  }));
+});

com/static/bundled/com/slideshow-index.ts

@@ -0,0 +1,49 @@
+const INTERVAL = 10;
+
+interface Poster {
+  url: string; // URL of the poster
+  displayTime: number; // Number of seconds to display that poster
+}
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("slideshow", (posters: Poster[]) => ({
+    posters: posters,
+    progress: 0,
+    elapsed: 0,
+
+    current: 0,
+    previous: 0,
+
+    init() {
+      this.$watch("elapsed", () => {
+        const displayTime = this.posters[this.current].displayTime * 1000;
+        if (this.elapsed > displayTime) {
+          this.previous = this.current;
+          this.current = this.getNext();
+          this.elapsed = 0;
+        }
+        if (displayTime === 0) {
+          this.progress = 100;
+        } else {
+          this.progress = (100 * this.elapsed) / displayTime;
+        }
+      });
+      setInterval(() => {
+        this.elapsed += INTERVAL;
+      }, INTERVAL);
+    },
+
+    getNext() {
+      return (this.current + 1) % this.posters.length;
+    },
+
+    async toggleFullScreen(event: Event) {
+      if (document.fullscreenElement) {
+        await document.exitFullscreen();
+        return;
+      }
+      const target = event.target as HTMLElement;
+      await target.requestFullscreen();
+    },
+  }));
+});

com/static/bundled/com/upcoming-news-loader-index.ts

@@ -0,0 +1,71 @@
+import { type NewsDateSchema, newsFetchNewsDates } from "#openapi";
+
+interface ParsedNewsDateSchema extends Omit<NewsDateSchema, "start_date" | "end_date"> {
+  // biome-ignore lint/style/useNamingConvention: api is snake_case
+  start_date: Date;
+  // biome-ignore lint/style/useNamingConvention: api is snake_case
+  end_date: Date;
+}
+
+document.addEventListener("alpine:init", () => {
+  Alpine.data("upcomingNewsLoader", (startDate: Date, locale: string) => ({
+    startDate: startDate,
+    currentPage: 1,
+    pageSize: 6,
+    hasNext: true,
+    loading: false,
+    newsDates: [] as NewsDateSchema[],
+    dateFormat: new Intl.DateTimeFormat(locale, {
+      dateStyle: "medium",
+      timeStyle: "short",
+    }),
+
+    async loadMore() {
+      this.loading = true;
+      const response = await newsFetchNewsDates({
+        query: {
+          after: this.startDate.toISOString(),
+          // biome-ignore lint/style/useNamingConvention: api is snake_case
+          text_format: "html",
+          page: this.currentPage,
+          // biome-ignore lint/style/useNamingConvention: api is snake_case
+          page_size: this.pageSize,
+        },
+      });
+      if (response.response.status === 404) {
+        this.hasNext = false;
+      } else if (response.data.next === null) {
+        this.newsDates.push(...response.data.results);
+        this.hasNext = false;
+      } else {
+        this.newsDates.push(...response.data.results);
+        this.currentPage += 1;
+      }
+      this.loading = false;
+    },
+
+    groupedDates(): Record<string, NewsDateSchema[]> {
+      return this.newsDates
+        .map(
+          (date: NewsDateSchema): ParsedNewsDateSchema => ({
+            ...date,
+            // biome-ignore lint/style/useNamingConvention: api is snake_case
+            start_date: new Date(date.start_date),
+            // biome-ignore lint/style/useNamingConvention: api is snake_case
+            end_date: new Date(date.end_date),
+          }),
+        )
+        .reduce(
+          (acc: Record<string, ParsedNewsDateSchema[]>, date: ParsedNewsDateSchema) => {
+            const key = date.start_date.toDateString();
+            if (!acc[key]) {
+              acc[key] = [];
+            }
+            acc[key].push(date);
+            return acc;
+          },
+          {},
+        );
+    },
+  }));
+});

com/static/com/components/ics-calendar.scss

@@ -1,4 +1,5 @@
 @import "core/static/core/colors";
+@import "core/static/core/tooltips";
 
 
 :root {
@@ -75,10 +76,10 @@ ics-calendar {
   }
 
   td {
-    overflow-x: visible; // Show events on multiple days
+    overflow: visible; // Show events on multiple days
   }
 
-	//Reset from style.scss
+  //Reset from style.scss
   table {
     box-shadow: none;
     border-radius: 0px;
@@ -86,16 +87,63 @@ ics-calendar {
     margin: 0px;
   }
 
-	// Reset from style.scss
+  // Reset from style.scss
   thead {
     background-color: white;
     color: black;
   }
 
-	// Reset from style.scss
+  // Reset from style.scss
   tbody>tr {
     &:nth-child(even):not(.highlight) {
       background: white;
     }
   }
+
+  .fc .fc-toolbar.fc-footer-toolbar {
+    margin-bottom: 0.5em;
+  }
+
+  button.text-copy,
+  button.text-copy:focus,
+  button.text-copy:hover {
+    background-color: #67AE6E !important;
+    transition: 500ms ease-in;
+  }
+
+  button.text-copied,
+  button.text-copied:focus,
+  button.text-copied:hover {
+    transition: 500ms ease-out;
+  }
+
+  .fc .fc-getCalendarLink-button {
+    margin-right: 0.5rem;
+  }
+
+  .fc .fc-helpButton-button {
+    border-radius: 70%;
+    padding-left: 0.5rem;
+    padding-right: 0.5rem;
+    background-color: rgba(0, 0, 0, 0.8);
+    transition: 100ms ease-out;
+    width: 30px;
+    height: 30px;
+    font-size: 11px;
+  }
+
+
+  .fc .fc-helpButton-button:hover {
+    background-color: rgba(20, 20, 20, 0.6);
+  }
+}
+
+.tooltip.calendar-copy-tooltip {
+  opacity: 1;
+  transition: opacity 500ms ease-in;
+}
+
+.tooltip.calendar-copy-tooltip.text-copied {
+  opacity: 0;
+  transition: opacity 500ms ease-out;
 }