translation

Easier access to food details

See merge request bde/nk20!326

.env_example

@@ -21,3 +21,6 @@ EMAIL_PASSWORD=CHANGE_ME
 # Wiki configuration
 WIKI_USER=NoteKfet2020
 WIKI_PASSWORD=
+
+# OIDC
+OIDC_RSA_PRIVATE_KEY=CHANGE_ME

.gitlab-ci.yml

@@ -8,7 +8,7 @@ variables:
   GIT_SUBMODULE_STRATEGY: recursive
 
 # Ubuntu 22.04
-py310-django42:
+py310-django52:
   stage: test
   image: ubuntu:22.04
   before_script:
@@ -22,10 +22,10 @@ py310-django42:
         python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
         python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py310-django42
+  script: tox -e py310-django52
 
 # Debian Bookworm
-py311-django42:
+py311-django52:
   stage: test
   image: debian:bookworm
   before_script:
@@ -37,7 +37,7 @@ py311-django42:
         python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
         python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py311-django42
+  script: tox -e py311-django52
 
 linters:
   stage: quality-assurance

README.md

@@ -61,8 +61,8 @@ Bien que cela permette de créer une instance sur toutes les distributions,
 6. (Optionnel) **Création d'une clé privée OpenID Connect**
 
 Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
-exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son
+exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et copier la clé dans .env dans le champ
-emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`).
+`OIDC_RSA_PRIVATE_KEY`.
 
 7.  Enjoy :
 
@@ -237,8 +237,8 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
 7. **Création d'une clé privée OpenID Connect**
 
 Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
-exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son
+exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner le champ
-emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`).
+`OIDC_RSA_PRIVATE_KEY` dans le .env (par défaut `/var/secrets/oidc.key`).
 
 8.  *Enjoy \o/*
 

apps/activity/migrations/0007_alter_guest_activity.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.2.20 on 2025-05-08 19:07
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('activity', '0006_guest_school'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='guest',
+            name='activity',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='+', to='activity.activity'),
+        ),
+    ]

apps/activity/models.py

@@ -234,7 +234,7 @@ class Guest(models.Model):
     """
     activity = models.ForeignKey(
         Activity,
-        on_delete=models.PROTECT,
+        on_delete=models.CASCADE,
         related_name='+',
     )
 

apps/activity/templates/activity/activity_detail.html

@@ -95,5 +95,23 @@ SPDX-License-Identifier: GPL-3.0-or-later
             errMsg(xhr.responseJSON);
         });
     });
+    $("#delete_activity").click(function () {
+        if (!confirm("{% trans 'Are you sure you want to delete this activity?' %}")) {
+            return;
+        }
+
+        $.ajax({
+            url: "/api/activity/activity/{{ activity.pk }}/",
+            type: "DELETE",
+            headers: {
+                "X-CSRFTOKEN": CSRF_TOKEN
+            }
+        }).done(function () {
+            addMsg("{% trans 'Activity deleted' %}", "success");
+            window.location.href = "/activity/";  // Redirige vers la liste des activités
+        }).fail(function (xhr) {
+            errMsg(xhr.responseJSON);
+        });
+    });
 </script>
 {% endblock %}

apps/activity/templates/activity/includes/activity_info.html

@@ -70,7 +70,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
             {% if ".change_"|has_perm:activity %}
                 <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_update' pk=activity.pk %}" data-turbolinks="false"> {% trans "edit"|capfirst %}</a>
             {% endif %}
-            {% if activity.activity_type.can_invite and not activity_started %}
+            {% if not activity.valid and ".delete_"|has_perm:activity %}
+                <a class="btn btn-danger btn-sm my-1" id="delete_activity"> {% trans "delete"|capfirst %} </a>
+            {% endif %}
+            {% if activity.activity_type.can_invite and not activity_started and activity.valid %}
                 <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_invite' pk=activity.pk %}" data-turbolinks="false"> {% trans "Invite" %}</a>
             {% endif %}
         {% endif %}

apps/activity/urls.py

@@ -15,4 +15,5 @@ urlpatterns = [
     path('<int:pk>/update/', views.ActivityUpdateView.as_view(), name='activity_update'),
     path('new/', views.ActivityCreateView.as_view(), name='activity_create'),
     path('calendar.ics', views.CalendarView.as_view(), name='calendar_ics'),
+    path('<int:pk>/delete', views.ActivityDeleteView.as_view(), name='delete_activity'),
 ]

apps/activity/views.py

@@ -9,7 +9,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.db.models import F, Q
-from django.http import HttpResponse
+from django.http import HttpResponse, JsonResponse
 from django.urls import reverse_lazy
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -153,6 +153,34 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
 
 
+class ActivityDeleteView(View):
+    """
+    Deletes an Activity
+    """
+    def delete(self, request, pk):
+        try:
+            activity = Activity.objects.get(pk=pk)
+            activity.delete()
+            return JsonResponse({"message": "Activity deleted"})
+        except Activity.DoesNotExist:
+            return JsonResponse({"error": "Activity not found"}, status=404)
+
+    def dispatch(self, *args, **kwargs):
+        """
+        Don't display the delete button if the user has no right to delete.
+        """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        activity = Activity.objects.get(pk=self.kwargs["pk"])
+        if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity):
+            raise PermissionDenied(_("You are not allowed to delete this activity."))
+
+        if activity.valid:
+            raise PermissionDenied(_("This activity is valid."))
+        return super().dispatch(*args, **kwargs)
+
+
 class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
     """
     Invite a Guest, The rules to invites someone are defined in `forms:activity.GuestForm`

apps/food/api/serializers.py

@@ -3,7 +3,7 @@
 
 from rest_framework import serializers
 
-from ..models import Allergen, BasicFood, TransformedFood, QRCode
+from ..models import Allergen, Food, BasicFood, TransformedFood, QRCode
 
 
 class AllergenSerializer(serializers.ModelSerializer):
@@ -16,6 +16,16 @@ class AllergenSerializer(serializers.ModelSerializer):
         fields = '__all__'
 
 
+class FoodSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Food.
+    The djangorestframework plugin will analyse the model `Food` and parse all fields in the API.
+    """
+    class Meta:
+        model = Food
+        fields = '__all__'
+
+
 class BasicFoodSerializer(serializers.ModelSerializer):
     """
     REST API Serializer for BasicFood.

apps/food/api/urls.py

@@ -1,7 +1,7 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .views import AllergenViewSet, BasicFoodViewSet, TransformedFoodViewSet, QRCodeViewSet
+from .views import AllergenViewSet, FoodViewSet, BasicFoodViewSet, TransformedFoodViewSet, QRCodeViewSet
 
 
 def register_food_urls(router, path):
@@ -9,6 +9,7 @@ def register_food_urls(router, path):
     Configure router for Food REST API.
     """
     router.register(path + '/allergen', AllergenViewSet)
+    router.register(path + '/food', FoodViewSet)
     router.register(path + '/basicfood', BasicFoodViewSet)
     router.register(path + '/transformedfood', TransformedFoodViewSet)
     router.register(path + '/qrcode', QRCodeViewSet)

apps/food/api/views.py

@@ -5,8 +5,8 @@ from api.viewsets import ReadProtectedModelViewSet
 from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.filters import SearchFilter
 
-from .serializers import AllergenSerializer, BasicFoodSerializer, TransformedFoodSerializer, QRCodeSerializer
+from .serializers import AllergenSerializer, FoodSerializer, BasicFoodSerializer, TransformedFoodSerializer, QRCodeSerializer
-from ..models import Allergen, BasicFood, TransformedFood, QRCode
+from ..models import Allergen, Food, BasicFood, TransformedFood, QRCode
 
 
 class AllergenViewSet(ReadProtectedModelViewSet):
@@ -22,6 +22,19 @@ class AllergenViewSet(ReadProtectedModelViewSet):
     search_fields = ['$name', ]
 
 
+class FoodViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `Food` objects, serialize it to JSON with the given serializer,
+    then render it on /api/food/food/
+    """
+    queryset = Food.objects.order_by('id')
+    serializer_class = FoodSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', ]
+    search_fields = ['$name', ]
+
+
 class BasicFoodViewSet(ReadProtectedModelViewSet):
     """
     REST API View set.

apps/food/forms.py

@@ -12,7 +12,7 @@ from note_kfet.inputs import Autocomplete
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 
-from .models import BasicFood, TransformedFood, QRCode
+from .models import Food, BasicFood, TransformedFood, QRCode
 
 
 class QRCodeForms(forms.ModelForm):
@@ -22,7 +22,6 @@ class QRCodeForms(forms.ModelForm):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.fields['food_container'].queryset = self.fields['food_container'].queryset.filter(
-            is_ready=False,
             end_of_life__isnull=True,
             polymorphic_ctype__model='transformedfood',
         ).filter(PermissionBackend.filter_queryset(
@@ -151,3 +150,38 @@ class AddIngredientForms(forms.ModelForm):
     class Meta:
         model = TransformedFood
         fields = ('ingredients',)
+
+
+class ManageIngredientsForm(forms.Form):
+    """
+    Form to manage ingredient
+    """
+    fully_used = forms.BooleanField()
+    fully_used.initial = True
+    fully_used.required = True
+    fully_used.label = _('Fully used')
+
+    name = forms.CharField()
+    name.widget = Autocomplete(
+        model=Food,
+        resetable=True,
+        attrs={"api_url": "/api/food/food",
+               "class": "autocomplete"},
+    )
+    name.label = _('Name')
+
+    qrcode = forms.IntegerField()
+    qrcode.widget = Autocomplete(
+        model=QRCode,
+        resetable=True,
+        attrs={"api_url": "/api/food/qrcode/",
+               "name_field": "qr_code_number",
+               "class": "autocomplete"},
+    )
+    qrcode.label = _('QR code number')
+
+
+ManageIngredientsFormSet = forms.formset_factory(
+    ManageIngredientsForm,
+    extra=1,
+)

apps/food/templates/food/food_detail.html

@@ -39,6 +39,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
 	<a class="btn btn-sm btn-primary" href="{% url "food:add_ingredient" pk=food.pk %}">
 	  {% trans "Add to a meal" %}
 	</a>
+      {% endif %}
+      {% if manage_ingredients %}
+        <a class="btn btn-sm btn-secondary" href="{% url "food:manage_ingredients" pk=food.pk %}">
+	  {% trans "Manage ingredients" %}
+	</a>
       {% endif %}
 	<a class="btn btn-sm btn-primary" href="{% url "food:food_list" %}">
 	  {% trans "Return to the food list" %}

apps/food/templates/food/food_list.html

@@ -7,7 +7,52 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% load i18n %}
 
 {% block content %}
-{{ block.super }}
+<div class="card bg-light">
+  <h3 class="card-header text-center">
+      {{ title }}
+  </h3>
+  <div class="card-body">
+    <style>
+      input[type=number]::-webkit-inner-spin-button,
+      input[type=number]::-webkit-outer-spin-button {
+          -webkit-appearance: none;
+          margin: 0;
+      }
+      input[type=number] {
+          appearance: textfield;
+          padding: 6px;
+          border: 1px solid #ccc;
+          border-radius: 4px;
+          width: 100px;
+      }
+    </style>
+    <div class="d-flex align-items-center" style="max-width: 300px;">
+      <form method="get" action="{% url 'food:redirect_view' %}" class="d-flex w-100">
+        <input type="number" name="slug" placeholder="QR-code" required class="form-control form-control-sm" style="max-width: 120px;">
+        <button type="submit" class="btn btn-sm btn-primary">{% trans "View food" %}</button>
+      </form>
+    </div>
+  </div>
+  <div class="card-body">
+      <input id="searchbar" type="text" class="form-control"
+          placeholder="{% trans "Search by attribute such as name..." %}">
+  </div>
+
+  {% block extra_inside_card %}
+  {% endblock %}
+
+  <div id="dynamic-table">
+      {% if table.data %}
+      {% render_table table %}
+      {% else %}
+      <div class="card-body">
+          <div class="alert alert-warning">
+              {% trans "There is no results." %}
+          </div>
+      </div>
+      {% endif %}
+  </div>
+</div>
 <br>
 <div class="card bg-light mb-3">
   <h3 class="card-header text-center">
@@ -68,4 +113,20 @@ SPDX-License-Identifier: GPL-3.0-or-later
   {% endfor %}
   {% endif %}
 </div>
-{% endblock %}
+
+
+<script>
+  document.addEventListener('DOMContentLoaded', function() {
+      document.getElementById('goButton').addEventListener('click', function(event) {
+          event.preventDefault();
+          const slug = document.getElementById('slugInput').value;
+          if (slug && !isNaN(slug)) {
+              window.location.href = `/food/${slug}/`;
+          } else {
+              alert("Veuillez entrer un nombre valide.");
+          }
+      });
+  });
+  </script>
+
+{% endblock %}

apps/food/templates/food/manage_ingredients.html

@@ -0,0 +1,116 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form"></div>
+  <form method="post" action="">
+    {% csrf_token %}
+    <table class="table table-condensed table-striped">
+      {# Fill initial data #}
+      {% for display, form in formset %}
+      {% if forloop.first %}
+      <thead>
+	<tr>
+	  <th>{{ form.name.label }}</th>
+	  <th>{{ form.qrcode.label }}</th>
+	  <th>{{ form.fully_used.label }}</th>
+	</tr>
+      </thead>
+      <tbody id="form_body">
+	{% endif %}
+	{% if display %}
+	<tr class="row-formset ingredients">
+	{% else %}
+	<tr class="row-formset ingredients" style="display: none">
+	{% endif %}
+	  <td>{{ form.name }}</td>
+	  <td>{{ form.qrcode }}</td>
+	  <td>{{ form.fully_used }}</td>
+	</tr>
+      {% endfor %}
+      </tbody>
+    </table>
+
+    {# Display buttons to add and remove ingredients #}
+    <div class="card-body">
+      <div class="btn-group btn-block" role="group">
+	<button type="button" id="add_more" class="btn btn-success">{% trans "Add ingredient" %}</button>
+	<button type="button" id="remove_one" class="btn btn-danger">{% trans "Remove ingredient" %}</button>
+      </div>
+    <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </div>
+  </form>
+</div>
+
+{% endblock %}
+{% block extrajavascript %} 
+<script>
+/* script that handles add and remove lines */
+
+const foods = {{ ingredients | safe }};
+
+function set_ingredient_id () {
+	let ingredients = document.getElementsByClassName('ingredients');
+	for (var i = 0; i < ingredients.length; i++) {
+		ingredients[i].id = 'ingredients-' + parseInt(i);
+	};
+}
+set_ingredient_id();
+
+function prepopulate () {
+	for (var i = 0; i < {{ ingredients_count }}; i++) {
+		let prefix = 'id_form-' + parseInt(i) + '-';
+		document.getElementById(prefix + 'name_pk').value = parseInt(foods[i]['food_pk']);
+		document.getElementById(prefix + 'name').value = foods[i]['food_name'];
+		document.getElementById(prefix + 'qrcode_pk').value = parseInt(foods[i]['qr_pk']);
+		if (foods[i]['qr_number'] === '') {
+			document.getElementById(prefix + 'qrcode').value = '';
+		}
+		else {
+		document.getElementById(prefix + 'qrcode').value = parseInt(foods[i]['qr_number']);
+		};
+		document.getElementById(prefix + 'fully_used').checked = Boolean(foods[i]['fully_used']);
+	};
+}
+prepopulate();
+
+function delete_form_data (form_id) {
+	let prefix = "id_form-" + parseInt(form_id) + "-";
+	document.getElementById(prefix + "name_pk").value = "";
+	document.getElementById(prefix + "name").value = "";
+	document.getElementById(prefix + "qrcode_pk").value = "";
+	document.getElementById(prefix + "qrcode").value = "";
+	document.getElementById(prefix + "fully_used").checked = true;
+}
+var form_count = {{ ingredients_count }} + 1;
+
+$('#add_more').click(function () {
+	let ingredient_form = document.getElementById('ingredients-' + parseInt(form_count));
+	if (ingredient_form === null) {
+		addMsg(gettext("You can't add more ingredient"), "danger",  5000);
+		return;};
+	ingredient_form.style = "display: true";
+	form_count += 1;
+});
+  
+$('#remove_one').click(function () {
+	let ingredient_form = document.getElementById('ingredients-' + parseInt(form_count - 1));
+	if (ingredient_form === null) {
+		return;};
+	ingredient_form.style = "display: none";
+	delete_form_data(form_count - 1);
+	form_count -= 1;
+});
+
+addMsg(gettext("Add ingredient with their name or their qrcode, if two different priority is given to qrcode"), "warning"); 
+
+</script>
+{% endblock %}

apps/food/templates/food/transformedfood_update.html

@@ -0,0 +1,87 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {% csrf_token %}
+      {{ form | crispy }}
+      <table class="table table-condensed table-striped">
+        {# Fill initial data #}
+        {% for ingredient_form in formset %}
+        {% if forloop.first %}
+        <thead>
+          <tr>
+	    <th>{% trans "Name" %}</th>
+	    <th>{% trans "QR-code number" %}</th>
+	    <th>{% trans "Fully used" %}<th>
+          </tr>
+        </thead>
+        <tbody id="form_body">
+        {% endif %}
+        <tr class="row-formset">
+		{{ ingredient_form | crispy }}
+          <td>{{ ingredient_form.name }}</td>
+	  <td>{{ ingredient_form.qrcode }}</td>
+	  <td>{{ ingredient_form.fully_used }}</td>
+        </tr>
+        {% endfor %}
+        </tbody>
+      </table>
+      {# Display buttons to add and remove products #}
+      <div class="card-body">
+        <div class="btn-group btn-block" role="group">
+          <button type="button" id="add_more" class="btn btn-success">{% trans "Add ingredient" %}</button>
+	  <button type="button" id="remove_one" class="btn btn-danger">{% trans "Remove ingredient" %}</button>
+        </div>
+        <button type="submit" class="btn btn-block btn-primary">{% trans "Submit" %}</button>
+      </div>
+    </form>
+  </div>
+</div>
+
+{# Hidden div that store an empty product form, to be copied into new forms #}
+<div id="empty_form" style="display: none;">
+    <table class='no_error'>
+        <tbody id="for_real">
+            <tr class="row-formset">
+                <td>{{ formset.empty_form.name }}</td>
+		<td>{{ formset.empty_form.qrcode }}</td>
+		<td>{{ formset.empty_form.fully_used }}</td>
+            </tr>
+        </tbody>
+    </table>
+</div>
+{% endblock %}
+{% block extrajavascript %}
+<script>
+    /* script that handles add and remove lines */
+    IDS = {};
+
+    $("#id_form-TOTAL_FORMS").val($(".row-formset").length - 1);
+
+    $('#add_more').click(function () {
+        let form_idx = $('#id_form-TOTAL_FORMS').val();
+        $('#form_body').append($('#for_real').html().replace(/__prefix__/g, form_idx));
+        $('#id_form-TOTAL_FORMS').val(parseInt(form_idx) + 1);
+        $('#id_form-' + parseInt(form_idx) + '-id').val(IDS[parseInt(form_idx)]);
+    });
+
+    $('#remove_one').click(function () {
+        let form_idx = $('#id_form-TOTAL_FORMS').val();
+        if (form_idx > 0) {
+            IDS[parseInt(form_idx) - 1] = $('#id_form-' + (parseInt(form_idx) - 1) + '-id').val();
+            $('#form_body tr:last-child').remove();
+            $('#id_form-TOTAL_FORMS').val(parseInt(form_idx) - 1);
+        }
+    });
+</script>
+{% endblock %}

apps/food/urls.py

@@ -13,8 +13,10 @@ urlpatterns = [
     path('<int:slug>/add/basic', views.BasicFoodCreateView.as_view(), name='basicfood_create'),
     path('add/transformed', views.TransformedFoodCreateView.as_view(), name='transformedfood_create'),
     path('update/<int:pk>', views.FoodUpdateView.as_view(), name='food_update'),
+    path('update/ingredients/<int:pk>', views.ManageIngredientsView.as_view(), name='manage_ingredients'),
     path('detail/<int:pk>', views.FoodDetailView.as_view(), name='food_view'),
     path('detail/basic/<int:pk>', views.BasicFoodDetailView.as_view(), name='basicfood_view'),
     path('detail/transformed/<int:pk>', views.TransformedFoodDetailView.as_view(), name='transformedfood_view'),
     path('add/ingredient/<int:pk>', views.AddIngredientView.as_view(), name='add_ingredient'),
+    path('redirect/', views.QRCodeRedirectView.as_view(), name='redirect_view'),
 ]

apps/food/views.py

@@ -7,9 +7,10 @@ from api.viewsets import is_regex
 from django_tables2.views import MultiTableMixin
 from django.db import transaction
 from django.db.models import Q
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, Http404
 from django.views.generic import DetailView, UpdateView, CreateView
 from django.views.generic.list import ListView
+from django.views.generic.base import RedirectView
 from django.urls import reverse_lazy
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
@@ -18,7 +19,9 @@ from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView, LoginRequiredMixin
 
 from .models import Food, BasicFood, TransformedFood, QRCode
-from .forms import AddIngredientForms, BasicFoodForms, TransformedFoodForms, BasicFoodUpdateForms, TransformedFoodUpdateForms, QRCodeForms
+from .forms import QRCodeForms, BasicFoodForms, TransformedFoodForms, \
+    ManageIngredientsForm, ManageIngredientsFormSet, AddIngredientForms, \
+    BasicFoodUpdateForms, TransformedFoodUpdateForms
 from .tables import FoodTable
 from .utils import pretty_duration
 
@@ -61,7 +64,8 @@ class FoodListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, Li
             valid_regex = is_regex(pattern)
             suffix = '__iregex' if valid_regex else '__istartswith'
             prefix = '^' if valid_regex else ''
-            qs = qs.filter(Q(**{f'name{suffix}': prefix + pattern}))
+            qs = qs.filter(Q(**{f'name{suffix}': prefix + pattern})
+                           | Q(**{f'owner__name{suffix}': prefix + pattern}))
         else:
             qs = qs.none()
         search_table = qs.filter(PermissionBackend.filter_queryset(self.request, Food, 'view'))
@@ -69,11 +73,11 @@ class FoodListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, Li
         open_table = self.get_queryset().order_by('expiry_date').filter(
             Q(polymorphic_ctype__model='transformedfood')
             | Q(polymorphic_ctype__model='basicfood', basicfood__date_type='DLC')).filter(
-                expiry_date__lt=timezone.now()).filter(
+                expiry_date__lt=timezone.now(), end_of_life='').filter(
                     PermissionBackend.filter_queryset(self.request, Food, 'view'))
         # table served
         served_table = self.get_queryset().order_by('-pk').filter(
-            end_of_life='', is_ready=True).filter(
+            end_of_life='', is_ready=True).exclude(
                 Q(polymorphic_ctype__model='basicfood',
                   basicfood__date_type='DLC',
                   expiry_date__lte=timezone.now(),)
@@ -106,7 +110,7 @@ class FoodListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, Li
         return context
 
 
-class QRCodeCreateView(ProtectQuerysetMixin, CreateView):
+class QRCodeCreateView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
     """
     A view to add qrcode
     """
@@ -166,7 +170,8 @@ class BasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
     template_name = "food/food_update.html"
 
     def get_sample_object(self):
-        return BasicFood(
+        # We choose a club which may work or BDE else
+        food = BasicFood(
             name="",
             owner_id=1,
             expiry_date=timezone.now(),
@@ -175,6 +180,14 @@ class BasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
             date_type='DLC',
         )
 
+        for membership in self.request.user.memberships.all():
+            club_id = membership.club.id
+            food.owner_id = club_id
+            if PermissionBackend.check_perm(self.request, "food.add_basicfood", food):
+                return food
+
+        return food
+
     @transaction.atomic
     def form_valid(self, form):
         if QRCode.objects.filter(qr_code_number=self.kwargs['slug']).count() > 0:
@@ -225,13 +238,22 @@ class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
     template_name = "food/food_update.html"
 
     def get_sample_object(self):
-        return TransformedFood(
+        # We choose a club which may work or BDE else
+        food = TransformedFood(
             name="",
             owner_id=1,
             expiry_date=timezone.now(),
             is_ready=True,
         )
 
+        for membership in self.request.user.memberships.all():
+            club_id = membership.club.id
+            food.owner_id = club_id
+            if PermissionBackend.check_perm(self.request, "food.add_transformedfood", food):
+                return food
+
+        return food
+
     @transaction.atomic
     def form_valid(self, form):
         form.instance.expiry_date = timezone.now() + timedelta(days=3)
@@ -243,7 +265,80 @@ class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
         return reverse_lazy('food:transformedfood_view', kwargs={"pk": self.object.pk})
 
 
-class AddIngredientView(ProtectQuerysetMixin, UpdateView):
+MAX_FORMS = 100
+
+
+class ManageIngredientsView(LoginRequiredMixin, UpdateView):
+    """
+    A view to manage ingredient for a transformed food
+    """
+    model = TransformedFood
+    fields = ['ingredients']
+    extra_context = {"title": _("Manage ingredients of:")}
+    template_name = 'food/manage_ingredients.html'
+
+    @transaction.atomic
+    def form_valid(self, form):
+        old_ingredients = list(self.object.ingredients.all()).copy()
+        old_allergens = list(self.object.allergens.all()).copy()
+        self.object.ingredients.clear()
+        for i in range(self.object.ingredients.all().count() + 1 + MAX_FORMS):
+            prefix = 'form-' + str(i) + '-'
+            if form.data[prefix + 'qrcode'] not in ['0', '']:
+                ingredient = QRCode.objects.get(pk=form.data[prefix + 'qrcode']).food_container
+                self.object.ingredients.add(ingredient)
+                if (prefix + 'fully_used') in form.data and form.data[prefix + 'fully_used'] == 'on':
+                    ingredient.end_of_life = _('Fully used in {meal}'.format(
+                        meal=self.object.name))
+                    ingredient.save()
+
+            elif form.data[prefix + 'name'] != '':
+                ingredient = Food.objects.get(pk=form.data[prefix + 'name'])
+                self.object.ingredients.add(ingredient)
+                if (prefix + 'fully_used') in form.data and form.data[prefix + 'fully_used'] == 'on':
+                    ingredient.end_of_life = _('Fully used in {meal}'.format(
+                        meal=self.object.name))
+                    ingredient.save()
+        # We recalculate new expiry date and allergens
+        self.object.expiry_date = self.object.creation_date + self.object.shelf_life
+        self.object.allergens.clear()
+
+        for ingredient in self.object.ingredients.iterator():
+            if not (ingredient.polymorphic_ctype.model == 'basicfood' and ingredient.date_type == 'DDM'):
+                self.object.expiry_date = min(self.object.expiry_date, ingredient.expiry_date)
+            self.object.allergens.set(self.object.allergens.union(ingredient.allergens.all()))
+
+        self.object.save(old_ingredients=old_ingredients, old_allergens=old_allergens)
+        return HttpResponseRedirect(self.get_success_url())
+
+    def get_context_data(self, *args, **kwargs):
+        context = super().get_context_data(*args, **kwargs)
+        context['title'] += ' ' + self.object.name
+        formset = ManageIngredientsFormSet()
+        ingredients = self.object.ingredients.all()
+        formset.extra += ingredients.count() + MAX_FORMS
+        context['form'] = ManageIngredientsForm()
+        context['ingredients_count'] = ingredients.count()
+        display = [True] * (1 + ingredients.count()) + [False] * (formset.extra - ingredients.count() - 1)
+        context['formset'] = zip(display, formset)
+        context['ingredients'] = []
+        for ingredient in ingredients:
+            qr = QRCode.objects.filter(food_container=ingredient)
+
+            context['ingredients'].append({
+                'food_pk': ingredient.pk,
+                'food_name': ingredient.name,
+                'qr_pk': '' if qr.count() == 0 else qr[0].pk,
+                'qr_number': '' if qr.count() == 0 else qr[0].qr_code_number,
+                'fully_used': 'true' if ingredient.end_of_life else '',
+            })
+        return context
+
+    def get_success_url(self, **kwargs):
+        return reverse_lazy('food:transformedfood_view', kwargs={"pk": self.object.pk})
+
+
+class AddIngredientView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
     """
     A view to add ingredient to a meal
     """
@@ -366,6 +461,8 @@ class FoodDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         return context
 
     def get(self, *args, **kwargs):
+        if Food.objects.filter(pk=kwargs['pk']).count() != 1:
+            return Http404
         model = Food.objects.get(pk=kwargs['pk']).polymorphic_ctype.model
         if 'stop_redirect' in kwargs and kwargs['stop_redirect']:
             return super().get(*args, **kwargs)
@@ -404,9 +501,21 @@ class TransformedFoodDetailView(FoodDetailView):
             pretty_duration(self.object.shelf_life)
         ))
         context["foods"] = self.object.ingredients.all()
+        context["manage_ingredients"] = True
         return context
 
     def get(self, *args, **kwargs):
         if Food.objects.filter(pk=kwargs['pk']).count() == 1:
             kwargs['stop_redirect'] = (Food.objects.get(pk=kwargs['pk']).polymorphic_ctype.model == 'transformedfood')
         return super().get(*args, **kwargs)
+
+
+class QRCodeRedirectView(RedirectView):
+    """
+    Redirects to the QR code creation page from Food List
+    """
+    def get_redirect_url(self, *args, **kwargs):
+        slug = self.request.GET.get('slug')
+        if slug:
+            return reverse_lazy('food:qrcode_create', kwargs={'slug': slug})
+        return reverse_lazy('food:list')

apps/member/migrations/0014_create_bda.py

@@ -0,0 +1,46 @@
+from django.db import migrations
+
+def create_bda(apps, schema_editor):
+    """
+    The club BDA is now pre-injected.
+    """
+    Club = apps.get_model("member", "club")
+    NoteClub = apps.get_model("note", "noteclub")
+    Alias = apps.get_model("note", "alias")
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    polymorphic_ctype_id = ContentType.objects.get_for_model(NoteClub).id
+    
+    Club.objects.get_or_create(
+        id=10,
+        name="BDA",
+        email="bda.ensparissaclay@gmail.com",
+        require_memberships=True,
+        membership_fee_paid=750,
+        membership_fee_unpaid=750,
+        membership_duration=396,
+        membership_start="2024-08-01",
+        membership_end="2025-09-30",
+    )
+    NoteClub.objects.get_or_create(
+        id=1937,
+        club_id=10,
+        polymorphic_ctype_id=polymorphic_ctype_id,
+    )
+    Alias.objects.get_or_create(
+        id=1937,
+        note_id=1937,
+        name="BDA",
+        normalized_name="bda",
+    )
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0013_auto_20240801_1436'),
+    ]
+    
+    operations = [
+        migrations.RunPython(create_bda),
+    ]
+

apps/member/tests/test_login.py

@@ -44,7 +44,7 @@ class TemplateLoggedInTests(TestCase):
         self.assertRedirects(response, settings.LOGIN_REDIRECT_URL, 302, 302)
 
     def test_logout(self):
-        response = self.client.get(reverse("logout"))
+        response = self.client.post(reverse("logout"))
         self.assertEqual(response.status_code, 200)
 
     def test_admin_index(self):

apps/note/api/urls.py

@@ -13,7 +13,7 @@ def register_note_urls(router, path):
     router.register(path + '/note', NotePolymorphicViewSet)
     router.register(path + '/alias', AliasViewSet)
     router.register(path + '/trust', TrustViewSet)
-    router.register(path + '/consumer', ConsumerViewSet)
+    router.register(path + '/consumer', ConsumerViewSet, basename='alias2')
 
     router.register(path + '/transaction/category', TemplateCategoryViewSet)
     router.register(path + '/transaction/transaction', TransactionViewSet)

apps/permission/fixtures/initial.json

@@ -1695,7 +1695,7 @@
                 "wei",
                 "weimembership"
             ],
-            "query": "[\"AND\", {\"club\": [\"club\"], \"club__weiclub__membership_end__gte\": [\"today\"]}, [\"OR\", {\"registration__soge_credit\": true}, {\"user__note__balance__gte\": {\"F\": [\"F\", \"fee\"]}}]]",
+            "query": "{\"club\": [\"club\"]}",
             "type": "add",
             "mask": 2,
             "field": "",
@@ -3998,6 +3998,358 @@
             "description": "Créer une transaction de ou vers la note d'un club tant que la source reste au dessus de -50 €"
         }
     },
+    {
+        "model": "permission.permission",
+        "pk": 271,
+        "fields": {
+            "model": [
+                "wei",
+                "bus"
+            ],
+            "query": "{\"wei\": [\"club\"]}",
+            "type": "change",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Modifier n'importe quel bus du wei"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 272,
+        "fields": {
+            "model": [
+                "wei",
+                "bus"
+            ],
+            "query": "{\"wei\": [\"club\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir tous les bus du wei"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 273,
+        "fields": {
+            "model": [
+                "wei",
+                "busteam"
+            ],
+            "query": "{\"bus__wei\": [\"club\"], \"bus__wei__membership_end__gte\": [\"today\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir toutes les équipes WEI"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 274,
+        "fields": {
+            "model": [
+                "member",
+                "club"
+            ],
+            "query": "{\"bus__wei\": [\"club\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir les informations de clubs des bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 275,
+        "fields": {
+            "model": [
+                "member",
+                "club"
+            ],
+            "query": "{\"bus__wei\": [\"club\"]}",
+            "type": "change",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Modifier les clubs des bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 276,
+        "fields": {
+            "model": [
+                "member",
+                "membership"
+            ],
+            "query": "{\"club__bus__wei\": [\"club\"]}",
+            "type": "add",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Ajouter un⋅e membre à un club de bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 277,
+        "fields": {
+            "model": [
+                "member",
+                "membership"
+            ],
+            "query": "{\"club__bus__wei\": [\"club\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir les adhérents d'un club de bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 278,
+        "fields": {
+            "model": [
+                "member",
+                "membership"
+            ],
+            "query": "{\"club__bus__wei\": [\"club\"]}",
+            "type": "change",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Modifier l'adhésion d'un club de bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 279,
+        "fields": {
+            "model": [
+                "note",
+                "note"
+            ],
+            "query": "{\"noteclub__club__bus__wei\": [\"club\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir la note d'un club de bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 280,
+        "fields": {
+            "model": [
+                "note",
+                "transaction"
+            ],
+            "query": "[\"OR\", {\"source__noteclub__club__bus__wei\": [\"club\"]}, {\"destination__noteclub__club__bus__wei\": [\"club\"]}]",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir les transactions d'un club de bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 281,
+        "fields": {
+            "model": [
+                "note",
+                "transaction"
+            ],
+            "query": "[\"AND\", [\"OR\", {\"source__noteclub__club__bus__wei\": [\"club\"]}, {\"destination__noteclub__club__bus__wei\": [\"club\"]}], [\"OR\", {\"source__balance__gte\": {\"F\": [\"SUB\", [\"MUL\", [\"F\", \"amount\"], [\"F\", \"quantity\"]], 2000]}}, {\"valid\": false}]]",
+            "type": "add",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Créer une transaction d'un club de bus tant que la source reste au dessus de -20 €"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 282,
+        "fields": {
+            "model": [
+                "note",
+                "transaction"
+            ],
+            "query": "[\"AND\", [\"OR\", {\"source__noteclub__club\": [\"club\"]}, {\"destination__noteclub__club\": [\"club\"]}], [\"OR\", {\"source__balance__gte\": {\"F\": [\"SUB\", [\"MUL\", [\"F\", \"amount\"], [\"F\", \"quantity\"]], 2000]}}, {\"valid\": false}]]",
+            "type": "add",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Créer une transaction d'un WEI tant que la source reste au dessus de -20 €"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 283,
+        "fields": {
+            "model": [
+                "auth",
+                "user"
+            ],
+            "query": "{\"memberships__club__name\": \"Kfet\", \"memberships__roles__name\": \"Adh\u00e9rent\u22c5e Kfet\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir n'importe quel⋅le utilisateur⋅rice qui est adhérent⋅e Kfet"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 284,
+        "fields": {
+            "model": [
+                "member",
+                "club"
+            ],
+            "query": "{\"bus\":  [\"membership\", \"weimembership\", \"bus\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir les informations de club de son bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 285,
+        "fields": {
+            "model": [
+                "member",
+                "club"
+            ],
+            "query": "{\"bus\": [\"membership\", \"weimembership\", \"bus\"]}",
+            "type": "change",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Modifier le club de son bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 286,
+        "fields": {
+            "model": [
+                "member",
+                "membership"
+            ],
+            "query": "{\"club__bus\": [\"membership\", \"weimembership\", \"bus\"]}",
+            "type": "add",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Ajouter un⋅e membre au club de son bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 287,
+        "fields": {
+            "model": [
+                "member",
+                "membership"
+            ],
+            "query": "{\"club__bus\": [\"membership\", \"weimembership\", \"bus\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir les adhérents du club de son bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 288,
+        "fields": {
+            "model": [
+                "member",
+                "membership"
+            ],
+            "query": "{\"club__bus\": [\"membership\", \"weimembership\", \"bus\"]}",
+            "type": "change",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Modifier l'adhésion au club de son bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 289,
+        "fields": {
+            "model": [
+                "note",
+                "note"
+            ],
+            "query": "{\"noteclub__club__bus\": [\"membership\", \"weimembership\", \"bus\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir la note du club de son bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 290,
+        "fields": {
+            "model": [
+                "note",
+                "transaction"
+            ],
+            "query": "[\"OR\", {\"source__noteclub__club__bus\": [\"membership\", \"weimembership\", \"bus\"]}, {\"destination__noteclub__club__bus\": [\"membership\", \"weimembership\", \"bus\"]}]",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir les transactions du club de son bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 291,
+        "fields": {
+            "model": [
+                "wei",
+                "bus"
+            ],
+            "query": "{\"pk\": [\"membership\", \"weimembership\", \"bus\", \"pk\"], \"wei__date_end__gte\": [\"today\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir mon bus"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 292,
+        "fields": {
+            "model": [
+                "member",
+                "membership"
+            ],
+            "query": "{\"club__pk__lte\": 2}",
+            "type": "add",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Ajouter un membre au BDE ou à la Kfet"
+        }
+    },
     {
         "model": "permission.role",
         "pk": 1,
@@ -4091,8 +4443,8 @@
                 158,
                 159,
                 160,
-		212,
+                212,
-		222
+                222
             ]
         }
     },
@@ -4133,14 +4485,14 @@
                 50,
                 141,
                 169,
-		217,
+                217,
-		218,
+                218,
-		219,
+                219,
-		220,
+                220,
-		221,
+                221,
-		247,
+                247,
-		258,
+                258,
-		259
+                259
             ]
         }
     },
@@ -4152,8 +4504,8 @@
             "name": "Pr\u00e9sident\u22c5e de club",
             "permissions": [
                 62,
-                142,
+                135,
-                135
+                142
             ]
         }
     },
@@ -4358,6 +4710,8 @@
             "name": "GC WEI",
             "permissions": [
                 22,
+                49,
+                62,
                 70,
                 72,
                 76,
@@ -4382,7 +4736,23 @@
                 112,
                 113,
                 128,
-                130
+                130,
+                142,
+                269,
+                271,
+                272,
+                273,
+                274,
+                275,
+                276,
+                277,
+                278,
+                279,
+                280,
+                281,
+                282,
+                283,
+                292
             ]
         }
     },
@@ -4401,7 +4771,14 @@
                 119,
                 120,
                 121,
-                122
+                122,
+                284,
+                285,
+                286,
+                287,
+                289,
+                290,
+                291
             ]
         }
     },
@@ -4538,8 +4915,8 @@
             "name": "GC anti-VSS",
             "permissions": [
                 42,
-		135,
+                135,
-		150,
+                150,
                 163,
                 164
             ]
@@ -4555,13 +4932,147 @@
                 137,
                 211,
                 212,
-		213,
+                213,
-		214,
+                214,
-		215,
+                215,
-		216
+                216
             ]
         }
     },  
+    {
+        "model": "permission.role",
+        "pk": 23,
+            "fields": {
+            "for_club": 2,
+            "name": "Darbonne",
+            "permissions": [
+                30,
+                31,
+                32
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 24,
+            "fields": {
+            "for_club": null,
+            "name": "Staffeur⋅euse (S&L,Respo Tech,...)",
+            "permissions": []
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 25,
+            "fields": {
+            "for_club": null,
+            "name": "Référent⋅e Bus",
+            "permissions": [
+                22,
+                84,
+                115,
+                117,
+                118,
+                119,
+                120,
+                121,
+                122,
+                284,
+                285,
+                286,
+                287,
+                289,
+                290,
+                291
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 28,
+            "fields": {
+            "for_club": 10,
+            "name": "Trésorièr⸱e BDA",
+            "permissions": [
+                55,
+                56,
+                57,
+                58,
+                135,
+                143,
+                176,
+                177,
+                178,
+                243,
+                260,
+                261,
+                262,
+                263,
+                264,
+                265,
+                266,
+                267,
+                268,
+                269
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 30,
+            "fields": {
+            "for_club": 10,
+            "name": "Respo sorties",
+            "permissions": [
+                49, 
+                62, 
+                141, 
+                241, 
+                242, 
+                243
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 31,
+            "fields": {
+            "for_club": 1,
+            "name": "Respo comm",
+            "permissions": [
+                135,
+                244
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 32,
+            "fields": {
+            "for_club": 10,
+            "name": "Respo comm Art",
+            "permissions": [
+                135,
+                245
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 33,
+            "fields": {
+            "for_club": 10,
+            "name": "Respo Jam",
+            "permissions": [
+                247, 
+                250, 
+                251, 
+                252, 
+                253, 
+                254
+            ]
+        }
+    }, 
     {
         "model": "wei.weirole",
         "pk": 12,
@@ -4596,5 +5107,15 @@
         "model": "wei.weirole",
         "pk": 18,
         "fields": {}
+    },
+    {
+        "model": "wei.weirole",
+        "pk": 24,
+        "fields": {}
+    },
+    {
+        "model": "wei.weirole",
+        "pk": 25,
+        "fields": {}
     }
 ]

apps/permission/scopes.py

@@ -1,8 +1,10 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
+
 from oauth2_provider.oauth2_validators import OAuth2Validator
 from oauth2_provider.scopes import BaseScopes
 from member.models import Club
+from note.models import Alias
 from note_kfet.middlewares import get_current_request
 
 from .backends import PermissionBackend
@@ -16,26 +18,58 @@ class PermissionScopes(BaseScopes):
     and can be useful to make queries through the API with limited privileges.
     """
 
-    def get_all_scopes(self):
+    def get_all_scopes(self, **kwargs):
-        return {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
+        scopes = {}
-                for p in Permission.objects.all() for club in Club.objects.all()}
+        if 'scopes' in kwargs:
+            for scope in kwargs['scopes']:
+                if scope == 'openid':
+                    scopes['openid'] = "OpenID Connect"
+                else:
+                    p = Permission.objects.get(id=scope.split('_')[0])
+                    club = Club.objects.get(id=scope.split('_')[1])
+                    scopes[scope] = f"{p.description} (club {club.name})"
+            return scopes
+
+        scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
+                  for p in Permission.objects.all() for club in Club.objects.all()}
+        scopes['openid'] = "OpenID Connect"
+        return scopes
 
     def get_available_scopes(self, application=None, request=None, *args, **kwargs):
         if not application:
             return []
-        return [f"{p.id}_{p.membership.club.id}"
+        scopes = [f"{p.id}_{p.membership.club.id}"
-                for t in Permission.PERMISSION_TYPES
+                  for t in Permission.PERMISSION_TYPES
-                for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
+                  for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
+        scopes.append('openid')
+        return scopes
 
     def get_default_scopes(self, application=None, request=None, *args, **kwargs):
         if not application:
             return []
-        return [f"{p.id}_{p.membership.club.id}"
+        scopes = [f"{p.id}_{p.membership.club.id}"
-                for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
+                  for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
+        scopes.append('openid')
+        return scopes
 
 
 class PermissionOAuth2Validator(OAuth2Validator):
-    oidc_claim_scope = None  # fix breaking change of django-oauth-toolkit 2.0.0
+    oidc_claim_scope = OAuth2Validator.oidc_claim_scope
+    oidc_claim_scope.update({"name": 'openid',
+                             "normalized_name": 'openid',
+                             "email": 'openid',
+                             })
+
+    def get_additional_claims(self, request):
+        return {
+            "name": request.user.username,
+            "normalized_name": Alias.normalize(request.user.username),
+            "email": request.user.email,
+        }
+
+    def get_discovery_claims(self, request):
+        claims = super().get_discovery_claims(self)
+        return claims + ["name", "normalized_name", "email"]
 
     def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
         """
@@ -54,6 +88,8 @@ class PermissionOAuth2Validator(OAuth2Validator):
                 if scope in scopes:
                     valid_scopes.add(scope)
 
-        request.scopes = valid_scopes
+        if 'openid' in scopes:
+            valid_scopes.add('openid')
 
+        request.scopes = valid_scopes
         return valid_scopes

apps/permission/signals.py

@@ -13,12 +13,14 @@ EXCLUDED = [
     'cas_server.serviceticket',
     'cas_server.user',
     'cas_server.userattributes',
+    'constance.constance',
     'contenttypes.contenttype',
     'logs.changelog',
     'migrations.migration',
     'oauth2_provider.accesstoken',
     'oauth2_provider.grant',
     'oauth2_provider.refreshtoken',
+    'oauth2_provider.idtoken',
     'sessions.session',
 ]
 

apps/permission/tests/test_permission_denied.py

@@ -10,7 +10,7 @@ from django.utils import timezone
 from django.utils.crypto import get_random_string
 from activity.models import Activity
 from member.models import Club, Membership
-from note.models import NoteUser
+from note.models import NoteUser, NoteClub
 from wei.models import WEIClub, Bus, WEIRegistration
 
 
@@ -122,10 +122,13 @@ class TestPermissionDenied(TestCase):
 
     def test_validate_weiregistration(self):
         wei = WEIClub.objects.create(
+            name="WEI Test",
             membership_start=date.today(),
             date_start=date.today() + timedelta(days=1),
             date_end=date.today() + timedelta(days=1),
+            parent_club=Club.objects.get(name="Kfet"),
         )
+        NoteClub.objects.create(club=wei)
         registration = WEIRegistration.objects.create(wei=wei, user=self.user, birth_date="2000-01-01")
         response = self.client.get(reverse("wei:validate_registration", kwargs=dict(pk=registration.pk)))
         self.assertEqual(response.status_code, 403)

apps/permission/views.py

@@ -164,14 +164,24 @@ class ScopesView(LoginRequiredMixin, TemplateView):
         from oauth2_provider.models import Application
         from .scopes import PermissionScopes
 
-        scopes = PermissionScopes()
+        oidc = False
         context["scopes"] = {}
-        all_scopes = scopes.get_all_scopes()
         for app in Application.objects.filter(user=self.request.user).all():
-            available_scopes = scopes.get_available_scopes(app)
+            available_scopes = PermissionScopes().get_available_scopes(app)
             context["scopes"][app] = OrderedDict()
-            items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes]
+            all_scopes = PermissionScopes().get_all_scopes(scopes=available_scopes)
+            scopes = {}
+            for scope in available_scopes:
+                scopes[scope] = all_scopes[scope]
+            # remove OIDC scope for sort
+            if 'openid' in scopes:
+                del scopes['openid']
+                oidc = True
+            items = [(k, v) for (k, v) in scopes.items()]
             items.sort(key=lambda x: (int(x[0].split("_")[1]), int(x[0].split("_")[0])))
+            # add oidc if necessary
+            if oidc:
+                items.append(('openid', PermissionScopes().get_all_scopes(scopes=['openid'])['openid']))
             for k, v in items:
                 context["scopes"][app][k] = v
 

apps/wei/forms/__init__.py

@@ -1,10 +1,11 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .registration import WEIForm, WEIRegistrationForm, WEIMembership1AForm, WEIMembershipForm, BusForm, BusTeamForm
+from .registration import WEIForm, WEIRegistrationForm, WEIRegistration1AForm, WEIRegistration2AForm, WEIMembership1AForm, \
+    WEIMembershipForm, BusForm, BusTeamForm
 from .surveys import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, CurrentSurvey
 
 __all__ = [
-    'WEIForm', 'WEIRegistrationForm', 'WEIMembership1AForm', 'WEIMembershipForm', 'BusForm', 'BusTeamForm',
+    'WEIForm', 'WEIRegistrationForm', 'WEIRegistration1AForm', 'WEIRegistration2AForm', 'WEIMembership1AForm', 'WEIMembershipForm', 'BusForm', 'BusTeamForm',
     'WEISurvey', 'WEISurveyInformation', 'WEISurveyAlgorithm', 'CurrentSurvey',
 ]

apps/wei/forms/registration.py

@@ -5,7 +5,7 @@ from bootstrap_datepicker_plus.widgets import DatePickerInput
 from django import forms
 from django.contrib.auth.models import User
 from django.db.models import Q
-from django.forms import CheckboxSelectMultiple
+from django.forms import CheckboxSelectMultiple, RadioSelect
 from django.utils.translation import gettext_lazy as _
 from note.models import NoteSpecial, NoteUser
 from note_kfet.inputs import AmountInput, Autocomplete, ColorWidget
@@ -24,6 +24,7 @@ class WEIForm(forms.ModelForm):
             "membership_end": DatePickerInput(),
             "date_start": DatePickerInput(),
             "date_end": DatePickerInput(),
+            "caution_amount": AmountInput(),
         }
 
 
@@ -39,7 +40,11 @@ class WEIRegistrationForm(forms.ModelForm):
 
     class Meta:
         model = WEIRegistration
-        exclude = ('wei', 'clothing_cut')
+        fields = [
+            'user', 'soge_credit', 'birth_date', 'gender', 'clothing_size',
+            'health_issues', 'emergency_contact_name', 'emergency_contact_phone',
+            'first_year', 'information_json', 'caution_check'
+        ]
         widgets = {
             "user": Autocomplete(
                 User,
@@ -49,11 +54,30 @@ class WEIRegistrationForm(forms.ModelForm):
                     'placeholder': 'Nom ...',
                 },
             ),
-            "birth_date": DatePickerInput(options={'minDate': '1900-01-01',
+            "birth_date": DatePickerInput(options={
-                                                   'maxDate': '2100-01-01'}),
+                'minDate': '1900-01-01',
+                'maxDate': '2100-01-01'
+            }),
+            "caution_check": forms.BooleanField(
+                required=False,
+            ),
         }
 
 
+class WEIRegistration2AForm(WEIRegistrationForm):
+    class Meta(WEIRegistrationForm.Meta):
+        fields = WEIRegistrationForm.Meta.fields + ['caution_type']
+        widgets = WEIRegistrationForm.Meta.widgets.copy()
+        widgets.update({
+            "caution_type": forms.RadioSelect(),
+        })
+
+
+class WEIRegistration1AForm(WEIRegistrationForm):
+    class Meta(WEIRegistrationForm.Meta):
+        fields = WEIRegistrationForm.Meta.fields
+
+
 class WEIChooseBusForm(forms.Form):
     bus = forms.ModelMultipleChoiceField(
         queryset=Bus.objects,
@@ -72,7 +96,7 @@ class WEIChooseBusForm(forms.Form):
     )
 
     roles = forms.ModelMultipleChoiceField(
-        queryset=WEIRole.objects.filter(~Q(name="1A")),
+        queryset=WEIRole.objects.filter(~Q(name="1A") & ~Q(name="GC WEI")),
         label=_("WEI Roles"),
         help_text=_("Select the roles that you are interested in."),
         initial=WEIRole.objects.filter(name="Adhérent⋅e WEI").all(),
@@ -81,13 +105,8 @@ class WEIChooseBusForm(forms.Form):
 
 
 class WEIMembershipForm(forms.ModelForm):
-    caution_check = forms.BooleanField(
-        required=False,
-        label=_("Caution check given"),
-    )
-
     roles = forms.ModelMultipleChoiceField(
-        queryset=WEIRole.objects,
+        queryset=WEIRole.objects.filter(~Q(name="GC WEI")),
         label=_("WEI Roles"),
         widget=CheckboxSelectMultiple(),
     )
@@ -121,6 +140,19 @@ class WEIMembershipForm(forms.ModelForm):
         required=False,
     )
 
+    def __init__(self, *args, wei=None, **kwargs):
+        super().__init__(*args, **kwargs)
+        if 'bus' in self.fields:
+            if wei is not None:
+                self.fields['bus'].queryset = Bus.objects.filter(wei=wei)
+            else:
+                self.fields['bus'].queryset = Bus.objects.none()
+        if 'team' in self.fields:
+            if wei is not None:
+                self.fields['team'].queryset = BusTeam.objects.filter(bus__wei=wei)
+            else:
+                self.fields['team'].queryset = BusTeam.objects.none()
+
     def clean(self):
         cleaned_data = super().clean()
         if 'team' in cleaned_data and cleaned_data["team"] is not None \
@@ -132,21 +164,8 @@ class WEIMembershipForm(forms.ModelForm):
         model = WEIMembership
         fields = ('roles', 'bus', 'team',)
         widgets = {
-            "bus": Autocomplete(
+            "bus": RadioSelect(),
-                Bus,
+            "team": RadioSelect(),
-                attrs={
-                    'api_url': '/api/wei/bus/',
-                    'placeholder': 'Bus ...',
-                }
-            ),
-            "team": Autocomplete(
-                BusTeam,
-                attrs={
-                    'api_url': '/api/wei/team/',
-                    'placeholder': 'Équipe ...',
-                },
-                resetable=True,
-            ),
         }
 
 

apps/wei/forms/surveys/__init__.py

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm
-from .wei2024 import WEISurvey2024
+from .wei2025 import WEISurvey2025
 
 
 __all__ = [
     'WEISurvey', 'WEISurveyInformation', 'WEISurveyAlgorithm', 'CurrentSurvey',
 ]
 
-CurrentSurvey = WEISurvey2024
+CurrentSurvey = WEISurvey2025

apps/wei/forms/surveys/base.py

@@ -121,6 +121,13 @@ class WEISurveyAlgorithm:
         """
         raise NotImplementedError
 
+    @classmethod
+    def get_bus_information_form(cls):
+        """
+        The class of the form to update the bus information.
+        """
+        raise NotImplementedError
+
 
 class WEISurvey:
     """

apps/wei/forms/surveys/wei2025.py

@@ -0,0 +1,347 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import time
+import json
+from functools import lru_cache
+from random import Random
+
+from django import forms
+from django.db import transaction
+from django.db.models import Q
+from django.utils.translation import gettext_lazy as _
+
+from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, WEIBusInformation
+from ...models import WEIMembership, Bus
+
+WORDS = [
+    '13 organisé', '3ième mi temps', 'Années 2000', 'Apéro', 'BBQ', 'BP', 'Beauf', 'Binge drinking', 'Bon enfant',
+    'Cartouche', 'Catacombes', 'Chansons paillardes', 'Chansons populaires', 'Chanteur', 'Chartreuse', 'Chill',
+    'Core', 'DJ', 'Dancefloor', 'Danse', 'David Guetta', 'Disco', 'Eau de vie', 'Électro', 'Escalade', 'Familial',
+    'Fanfare', 'Fracassage', 'Féria', 'Hard rock', 'Hoeggarden', 'House', 'Huit-six', 'IPA', 'Inclusif', 'Inferno',
+    'Introverti', 'Jager bomb', 'Jazz', 'Jeux d\'alcool', 'Jeux de rôles', 'Jeux vidéo', 'Jul', 'Jus de fruit',
+    'Karaoké', 'LGBTQI+', 'Lady Gaga', 'Loup garou', 'Morning beer', 'Métal', 'Nuit blanche', 'Ovalie', 'Psychedelic',
+    'Pétanque', 'Rave', 'Reggae', 'Rhum', 'Ricard', 'Rock', 'Rosé', 'Rétro', 'Séducteur', 'Techno', 'Thérapie taxi',
+    'Théâtre', 'Trap', 'Turn up', 'Underground', 'Volley', 'Wati B', 'Zinédine Zidane',
+]
+
+
+class WEISurveyForm2025(forms.Form):
+    """
+    Survey form for the year 2025.
+    Members choose 20 words, from which we calculate the best associated bus.
+    """
+
+    word = forms.ChoiceField(
+        label=_("Choose a word:"),
+        widget=forms.RadioSelect(),
+    )
+
+    def set_registration(self, registration):
+        """
+        Filter the bus selector with the buses of the current WEI.
+        """
+        information = WEISurveyInformation2025(registration)
+        if not information.seed:
+            information.seed = int(1000 * time.time())
+            information.save(registration)
+            registration._force_save = True
+            registration.save()
+
+        if self.data:
+            self.fields["word"].choices = [(w, w) for w in WORDS]
+            if self.is_valid():
+                return
+
+        rng = Random((information.step + 1) * information.seed)
+
+        buses = WEISurveyAlgorithm2025.get_buses()
+        informations = {bus: WEIBusInformation2025(bus) for bus in buses}
+        scores = sum((list(informations[bus].scores.values()) for bus in buses), [])
+        if scores:
+            average_score = sum(scores) / len(scores)
+        else:
+            average_score = 0
+
+        preferred_words = {bus: [word for word in WORDS
+                                 if informations[bus].scores[word] >= average_score]
+                           for bus in buses}
+
+        # Correction : proposer plusieurs mots différents à chaque étape
+        n_choices = 4  # Nombre de mots à proposer à chaque étape
+        all_preferred_words = set()
+        for bus_words in preferred_words.values():
+            all_preferred_words.update(bus_words)
+        all_preferred_words = list(all_preferred_words)
+        rng.shuffle(all_preferred_words)
+        words = all_preferred_words[:n_choices]
+        self.fields["word"].choices = [(w, w) for w in words]
+
+
+class WEIBusInformation2025(WEIBusInformation):
+    """
+    For each word, the bus has a score
+    """
+    scores: dict
+
+    def __init__(self, bus):
+        self.scores = {}
+        for word in WORDS:
+            self.scores[word] = 0
+        super().__init__(bus)
+
+
+class BusInformationForm2025(forms.ModelForm):
+    class Meta:
+        model = Bus
+        fields = ['information_json']
+        widgets = {}
+
+    def __init__(self, *args, words=None, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        initial_scores = {}
+        if self.instance and self.instance.information_json:
+            try:
+                info = json.loads(self.instance.information_json)
+                initial_scores = info.get("scores", {})
+            except (json.JSONDecodeError, TypeError, AttributeError):
+                initial_scores = {}
+        if words is None:
+            words = WORDS
+        self.words = words
+
+        choices = [(i, str(i)) for i in range(6)]  # [(0, '0'), (1, '1'), ..., (5, '5')]
+        for word in words:
+            self.fields[word] = forms.TypedChoiceField(
+                label=word,
+                choices=choices,
+                coerce=int,
+                initial=initial_scores.get(word, 0),
+                required=True,
+                widget=forms.RadioSelect,
+                help_text=_("Rate between 0 and 5."),
+            )
+
+    def clean(self):
+        cleaned_data = super().clean()
+        scores = {}
+        for word in self.words:
+            value = cleaned_data.get(word)
+            if value is not None:
+                scores[word] = value
+        # On encode en JSON
+        cleaned_data['information_json'] = json.dumps({"scores": scores})
+        return cleaned_data
+
+
+class WEISurveyInformation2025(WEISurveyInformation):
+    """
+    We store the id of the selected bus. We store only the name, but is not used in the selection:
+    that's only for humans that try to read data.
+    """
+    # Random seed that is stored at the first time to ensure that words are generated only once
+    seed = 0
+    step = 0
+
+    def __init__(self, registration):
+        for i in range(1, 21):
+            setattr(self, "word" + str(i), None)
+        super().__init__(registration)
+
+
+class WEISurvey2025(WEISurvey):
+    """
+    Survey for the year 2025.
+    """
+
+    @classmethod
+    def get_year(cls):
+        return 2025
+
+    @classmethod
+    def get_survey_information_class(cls):
+        return WEISurveyInformation2025
+
+    def get_form_class(self):
+        return WEISurveyForm2025
+
+    def update_form(self, form):
+        """
+        Filter the bus selector with the buses of the WEI.
+        """
+        form.set_registration(self.registration)
+
+    @transaction.atomic
+    def form_valid(self, form):
+        word = form.cleaned_data["word"]
+        self.information.step += 1
+        setattr(self.information, "word" + str(self.information.step), word)
+        self.save()
+
+    @classmethod
+    def get_algorithm_class(cls):
+        return WEISurveyAlgorithm2025
+
+    def is_complete(self) -> bool:
+        """
+        The survey is complete once the bus is chosen.
+        """
+        return self.information.step == 20
+
+    @classmethod
+    @lru_cache()
+    def word_mean(cls, word):
+        """
+        Calculate the mid-score given by all buses.
+        """
+        buses = cls.get_algorithm_class().get_buses()
+        return sum([cls.get_algorithm_class().get_bus_information(bus).scores[word] for bus in buses]) / buses.count()
+
+    @lru_cache()
+    def score(self, bus):
+        if not self.is_complete():
+            raise ValueError("Survey is not ended, can't calculate score")
+
+        bus_info = self.get_algorithm_class().get_bus_information(bus)
+        # Score is the given score by the bus subtracted to the mid-score of the buses.
+        s = sum(bus_info.scores[getattr(self.information, 'word' + str(i))]
+                - self.word_mean(getattr(self.information, 'word' + str(i))) for i in range(1, 21)) / 20
+        return s
+
+    @lru_cache()
+    def scores_per_bus(self):
+        return {bus: self.score(bus) for bus in self.get_algorithm_class().get_buses()}
+
+    @lru_cache()
+    def ordered_buses(self):
+        values = list(self.scores_per_bus().items())
+        values.sort(key=lambda item: -item[1])
+        return values
+
+    @classmethod
+    def clear_cache(cls):
+        cls.word_mean.cache_clear()
+        return super().clear_cache()
+
+
+class WEISurveyAlgorithm2025(WEISurveyAlgorithm):
+    """
+    The algorithm class for the year 2025.
+    We use Gale-Shapley algorithm to attribute 1y students into buses.
+    """
+
+    @classmethod
+    def get_survey_class(cls):
+        return WEISurvey2025
+
+    @classmethod
+    def get_bus_information_class(cls):
+        return WEIBusInformation2025
+
+    @classmethod
+    def get_bus_information_form(cls):
+        return BusInformationForm2025
+
+    def run_algorithm(self, display_tqdm=False):
+        """
+        Gale-Shapley algorithm implementation.
+        We modify it to allow buses to have multiple "weddings".
+        """
+        surveys = list(self.get_survey_class()(r) for r in self.get_registrations())  # All surveys
+        surveys = [s for s in surveys if s.is_complete()]  # Don't consider invalid surveys
+        # Don't manage hardcoded people
+        surveys = [s for s in surveys if not hasattr(s.information, 'hardcoded') or not s.information.hardcoded]
+
+        # Reset previous algorithm run
+        for survey in surveys:
+            survey.free()
+            survey.save()
+
+        non_men = [s for s in surveys if s.registration.gender != 'male']
+        men = [s for s in surveys if s.registration.gender == 'male']
+
+        quotas = {}
+        registrations = self.get_registrations()
+        non_men_total = registrations.filter(~Q(gender='male')).count()
+        for bus in self.get_buses():
+            free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
+            # Remove hardcoded people
+            free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
+                                                       registration__information_json__icontains="hardcoded").count()
+            quotas[bus] = 4 + int(non_men_total / registrations.count() * free_seats)
+
+        tqdm_obj = None
+        if display_tqdm:
+            from tqdm import tqdm
+            tqdm_obj = tqdm(total=len(non_men), desc="Non-hommes")
+
+        # Repartition for non men people first
+        self.make_repartition(non_men, quotas, tqdm_obj=tqdm_obj)
+
+        quotas = {}
+        for bus in self.get_buses():
+            free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
+            free_seats -= sum(1 for s in non_men if s.information.selected_bus_pk == bus.pk)
+            # Remove hardcoded people
+            free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
+                                                       registration__information_json__icontains="hardcoded").count()
+            quotas[bus] = free_seats
+
+        if display_tqdm:
+            tqdm_obj.close()
+
+            from tqdm import tqdm
+            tqdm_obj = tqdm(total=len(men), desc="Hommes")
+
+        self.make_repartition(men, quotas, tqdm_obj=tqdm_obj)
+
+        if display_tqdm:
+            tqdm_obj.close()
+
+        # Clear cache information after running algorithm
+        WEISurvey2025.clear_cache()
+
+    def make_repartition(self, surveys, quotas=None, tqdm_obj=None):
+        free_surveys = surveys.copy()  # Remaining surveys
+        while free_surveys:  # Some students are not affected
+            survey = free_surveys[0]
+            buses = survey.ordered_buses()  # Preferences of the student
+            for bus, current_score in buses:
+                if self.get_bus_information(bus).has_free_seats(surveys, quotas):
+                    # Selected bus has free places. Put student in the bus
+                    survey.select_bus(bus)
+                    survey.save()
+                    free_surveys.remove(survey)
+                    break
+                else:
+                    # Current bus has not enough places. Remove the least preferred student from the bus if existing
+                    least_preferred_survey = None
+                    least_score = -1
+                    # Find the least student in the bus that has a lower score than the current student
+                    for survey2 in surveys:
+                        if not survey2.information.valid or survey2.information.get_selected_bus() != bus:
+                            continue
+                        score2 = survey2.score(bus)
+                        if current_score <= score2:  # Ignore better students
+                            continue
+                        if least_preferred_survey is None or score2 < least_score:
+                            least_preferred_survey = survey2
+                            least_score = score2
+
+                    if least_preferred_survey is not None:
+                        # Remove the least student from the bus and put the current student in.
+                        # If it does not exist, choose the next bus.
+                        least_preferred_survey.free()
+                        least_preferred_survey.save()
+                        free_surveys.append(least_preferred_survey)
+                        survey.select_bus(bus)
+                        survey.save()
+                        free_surveys.remove(survey)
+                        break
+            else:
+                raise ValueError(f"User {survey.registration.user} has no free seat")
+
+            if tqdm_obj is not None:
+                tqdm_obj.n = len(surveys) - len(free_surveys)
+                tqdm_obj.refresh()

apps/wei/migrations/0011_alter_weiclub_year.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.21 on 2025-05-25 12:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('wei', '0010_remove_weiregistration_specific_diet'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='weiclub',
+            name='year',
+            field=models.PositiveIntegerField(default=2025, unique=True, verbose_name='year'),
+        ),
+    ]

apps/wei/migrations/0012_bus_club.py

@@ -0,0 +1,20 @@
+# Generated by Django 4.2.21 on 2025-05-29 16:16
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0014_create_bda'),
+        ('wei', '0011_alter_weiclub_year'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='bus',
+            name='club',
+            field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='bus', to='member.club', verbose_name='club'),
+        ),
+    ]

apps/wei/migrations/0013_weiclub_caution_amount_weiregistration_caution_type.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.2.21 on 2025-06-01 21:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('wei', '0012_bus_club'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='weiclub',
+            name='caution_amount',
+            field=models.PositiveIntegerField(default=0, verbose_name='caution amount'),
+        ),
+        migrations.AddField(
+            model_name='weiregistration',
+            name='caution_type',
+            field=models.CharField(choices=[('check', 'Check'), ('note', 'Note transaction')], default='check', max_length=16, verbose_name='caution type'),
+        ),
+    ]

apps/wei/models.py

@@ -33,6 +33,11 @@ class WEIClub(Club):
         verbose_name=_("date end"),
     )
 
+    caution_amount = models.PositiveIntegerField(
+        verbose_name=_("caution amount"),
+        default=0,
+    )
+
     class Meta:
         verbose_name = _("WEI")
         verbose_name_plural = _("WEI")
@@ -72,6 +77,15 @@ class Bus(models.Model):
         default=50,
     )
 
+    club = models.OneToOneField(
+        Club,
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+        related_name="bus",
+        verbose_name=_("club"),
+    )
+
     description = models.TextField(
         blank=True,
         default="",
@@ -188,6 +202,16 @@ class WEIRegistration(models.Model):
         verbose_name=_("Caution check given")
     )
 
+    caution_type = models.CharField(
+        max_length=16,
+        choices=(
+            ('check', _("Check")),
+            ('note', _("Note transaction")),
+        ),
+        default='check',
+        verbose_name=_("caution type"),
+    )
+
     birth_date = models.DateField(
         verbose_name=_("birth date"),
     )

apps/wei/tables.py

@@ -98,7 +98,7 @@ class WEIRegistrationTable(tables.Table):
         if not hasperm:
             return format_html("<span class='no-perm'></span>")
 
-        url = reverse_lazy('wei:validate_registration', args=(record.pk,))
+        url = reverse_lazy('wei:wei_update_registration', args=(record.pk,)) + '?validate=true'
         text = _('Validate')
         if record.fee > record.user.note.balance and not record.soge_credit:
             btn_class = 'btn-secondary'

apps/wei/templates/wei/base.html

@@ -40,22 +40,20 @@ SPDX-License-Identifier: GPL-3.0-or-later
                     <dt class="col-xl-6">{% trans 'membership fee'|capfirst %}</dt>
                     <dd class="col-xl-6">{{ club.membership_fee_paid|pretty_money }}</dd>
                     {% else %}
-                    {% with bde_kfet_fee=club.parent_club.membership_fee_paid|add:club.parent_club.parent_club.membership_fee_paid %}
-                    <dt class="col-xl-6">{% trans 'WEI fee (paid students)'|capfirst %}</dt>
-                    <dd class="col-xl-6">{{ club.membership_fee_paid|add:bde_kfet_fee|pretty_money }}
-                        <i class="fa fa-question-circle"
-                            title="{% trans "The BDE membership is included in the WEI registration." %}"></i></dd>
-                    {% endwith %}
 
-                    {% with bde_kfet_fee=club.parent_club.membership_fee_unpaid|add:club.parent_club.parent_club.membership_fee_unpaid %}
+                    <dt class="col-xl-6">{% trans 'WEI fee (paid students)'|capfirst %}</dt>
+                    <dd class="col-xl-6">{{ club.membership_fee_paid|pretty_money }}
+
                     <dt class="col-xl-6">{% trans 'WEI fee (unpaid students)'|capfirst %}</dt>
-                    <dd class="col-xl-6">{{ club.membership_fee_unpaid|add:bde_kfet_fee|pretty_money }}
+                    <dd class="col-xl-6">{{ club.membership_fee_unpaid|pretty_money }}
-                        <i class="fa fa-question-circle"
-                            title="{% trans "The BDE membership is included in the WEI registration." %}"></i></dd>
-                    {% endwith %}
                     {% endif %}
                     {% endif %}
 
+                    {% if club.caution_amount > 0 %}
+                    <dt class="col-xl-6">{% trans 'Caution amount'|capfirst %}</dt>
+                    <dd class="col-xl-6">{{ club.caution_amount|pretty_money }}</dd>
+                    {% endif %}
+
                     {% if "note.view_note"|has_perm:club.note %}
                     <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
                     <dd class="col-xl-6">{{ club.note.balance | pretty_money }}</dd>

apps/wei/templates/wei/bus_detail.html

@@ -16,8 +16,14 @@ SPDX-License-Identifier: GPL-3.0-or-later
     </div>
 
     <div class="card-footer text-center">
+        {% if object.club %}
+        <a class="btn btn-primary btn-sm my-1" href="{% url 'member:club_detail' pk=object.club.pk %}"
+            data-turbolinks="false">{% trans "View club" %}</a>
+        {% endif %}
         <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:update_bus' pk=object.pk %}"
             data-turbolinks="false">{% trans "Edit" %}</a>
+            <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:update_bus_info' pk=object.pk %}"
+            data-turbolinks="false">{% trans "Edit information" %}</a>
         <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:add_team' pk=object.pk %}"
             data-turbolinks="false">{% trans "Add team" %}</a>
     </div>

apps/wei/templates/wei/busteam_detail.html

@@ -18,6 +18,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <div class="card-footer text-center">
         <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:update_bus' pk=bus.pk %}"
             data-turbolinks="false">{% trans "Edit" %}</a>
+        <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:manage_bus' pk=bus.pk %}"
+            data-turbolinks="false">{% trans "View" %}</a>
         <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:add_team' pk=bus.pk %}"
             data-turbolinks="false">{% trans "Add team" %}</a>
     </div>

apps/wei/templates/wei/busteam_form.html

@@ -13,9 +13,17 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <div class="card-body">
         <form method="post">
             {% csrf_token %}
+            {{ form.media }} 
             {{ form|crispy }}
             <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
         </form>
     </div>
 </div>
+<script>
+    document.addEventListener("DOMContentLoaded", function () {
+        if (window.jscolor && jscolor.install) {
+            jscolor.install();
+        }
+    });
+</script>
 {% endblock %}

apps/wei/templates/wei/weiclub_detail.html

@@ -95,9 +95,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
 </div>
 {% endif %}
 
-    {% if can_validate_1a %}
+{% if can_validate_1a %}
-        <a href="{% url 'wei:wei_1A_list' pk=object.pk %}" class="btn btn-block btn-info">{% trans "Attribute buses" %}</a>
+    <a href="{% url 'wei:wei_1A_list' pk=object.pk %}" class="btn btn-block btn-info">{% trans "Attribute buses" %}</a>
-    {% endif %}
+{% endif %}
+
+
 {% endblock %}
 
 {% block extrajavascript %}

apps/wei/templates/wei/weimembership_form.html

@@ -143,25 +143,35 @@ SPDX-License-Identifier: GPL-3.0-or-later
                         {% endblocktrans %}
                     </div>
                 {% else %}
-                    {% if registration.user.note.balance < fee %}
+                    <div class="alert {% if registration.user.note.balance < fee %}alert-danger{% else %}alert-success{% endif %}">
-                        <div class="alert alert-danger">
+                        <h5>{% trans "Required payments:" %}</h5>
-                            {% with pretty_fee=fee|pretty_money %}
+                        <ul>
-                            {% blocktrans trimmed with balance=registration.user.note.balance|pretty_money %}
+                            <li>{% blocktrans trimmed with amount=fee|pretty_money %}
-                                The note don't have enough money ({{ balance }}, {{ pretty_fee }} required).
+                                Membership fees: {{ amount }}
-                                The registration may fail if you don't credit the note now.
+                            {% endblocktrans %}</li>
-                            {% endblocktrans %}
+                            {% if registration.caution_type == 'note' %}
-                            {% endwith %}
+                                <li>{% blocktrans trimmed with amount=club.caution_amount|pretty_money %}
-                        </div>
+                                    Deposit (by Note transaction): {{ amount }}
-                    {% else %}
+                                {% endblocktrans %}</li>
-                        <div class="alert alert-success">
+                                <li><strong>{% blocktrans trimmed with total=total_needed|pretty_money %}
-                            {% blocktrans trimmed with pretty_fee=fee|pretty_money %}
+                                    Total needed: {{ total }}
-                                The note has enough money ({{ pretty_fee }} required), the registration is possible.
+                                {% endblocktrans %}</strong></li>
-                            {% endblocktrans %}
+                            {% else %}
-                        </div>
+                                <li>{% blocktrans trimmed with amount=club.caution_amount|pretty_money %}
-                    {% endif %}
+                                    Deposit (by check): {{ amount }}
+                                {% endblocktrans %}</li>
+                                <li><strong>{% blocktrans trimmed with total=fee|pretty_money %}
+                                    Total needed: {{ total }}
+                                {% endblocktrans %}</strong></li>
+                            {% endif %}
+                        </ul>
+                        <p>{% blocktrans trimmed with balance=registration.user.note.balance|pretty_money %}
+                            Current balance: {{ balance }}
+                        {% endblocktrans %}</p>
+                    </div>
                 {% endif %}
 
-                {% if not registration.caution_check and not registration.first_year %}
+                {% if not registration.caution_check and not registration.first_year and registration.caution_type == 'check' %}
                     <div class="alert alert-danger">
                         {% trans "The user didn't give her/his caution check." %}
                     </div>
@@ -200,4 +210,27 @@ SPDX-License-Identifier: GPL-3.0-or-later
             }
         }
     </script>
+    <script>
+        $(document).ready(function () {
+            function refreshTeams() {
+                let buses = [];
+                $("input[name='bus']:checked").each(function (ignored) {
+                    buses.push($(this).parent().text().trim());
+                });
+                console.log(buses);
+                $("input[name='team']").each(function () {
+                    let label = $(this).parent();
+                    $(this).parent().addClass('d-none');
+                    buses.forEach(function (bus) {
+                        if (label.text().includes(bus))
+                            label.removeClass('d-none');
+                    });
+                });
+            }
+    
+            $("input[name='bus']").change(refreshTeams);
+    
+            refreshTeams();
+        });
+    </script>
 {% endblock %}

apps/wei/tests/test_wei_algorithm_2024.py

@@ -6,8 +6,6 @@ from datetime import date, timedelta
 
 from django.contrib.auth.models import User
 from django.test import TestCase
-from django.urls import reverse
-from note.models import NoteUser
 
 from ..forms.surveys.wei2024 import WEIBusInformation2024, WEISurvey2024, WORDS, WEISurveyInformation2024
 from ..models import Bus, WEIClub, WEIRegistration
@@ -129,44 +127,3 @@ class TestWEIAlgorithm(TestCase):
             self.assertLessEqual(max_score - score, 25)  # Always less than 25 % of tolerance
 
         self.assertLessEqual(penalty / 100, 25)  # Tolerance of 5 %
-
-    def test_register_1a(self):
-        """
-        Test register a first year member to the WEI and complete the survey
-        """
-        response = self.client.get(reverse("wei:wei_register_1A", kwargs=dict(wei_pk=self.wei.pk)))
-        self.assertEqual(response.status_code, 200)
-
-        user = User.objects.create(username="toto", email="toto@example.com")
-        NoteUser.objects.create(user=user)
-        response = self.client.post(reverse("wei:wei_register_1A", kwargs=dict(wei_pk=self.wei.pk)), dict(
-            user=user.id,
-            soge_credit=True,
-            birth_date=date(2000, 1, 1),
-            gender='nonbinary',
-            clothing_cut='female',
-            clothing_size='XS',
-            health_issues='I am a bot',
-            emergency_contact_name='NoteKfet2020',
-            emergency_contact_phone='+33123456789',
-        ))
-        qs = WEIRegistration.objects.filter(user_id=user.id)
-        self.assertTrue(qs.exists())
-        registration = qs.get()
-        self.assertRedirects(response, reverse("wei:wei_survey", kwargs=dict(pk=registration.pk)), 302, 200)
-        for question in WORDS:
-            # Fill 1A Survey, 10 pages
-            # be careful if questionnary form change (number of page, type of answer...)
-            response = self.client.post(reverse("wei:wei_survey", kwargs=dict(pk=registration.pk)), {
-                question: "1"
-            })
-            registration.refresh_from_db()
-            survey = WEISurvey2024(registration)
-            self.assertRedirects(response, reverse("wei:wei_survey", kwargs=dict(pk=registration.pk)), 302,
-                                 302 if survey.is_complete() else 200)
-            self.assertIsNotNone(getattr(survey.information, question), "Survey page " + question + " failed")
-        survey = WEISurvey2024(registration)
-        self.assertTrue(survey.is_complete())
-        survey.select_bus(self.buses[0])
-        survey.save()
-        self.assertIsNotNone(survey.information.get_selected_bus())

apps/wei/tests/test_wei_algorithm_2025.py

@@ -0,0 +1,111 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import random
+
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from ..forms.surveys.wei2025 import WEIBusInformation2025, WEISurvey2025, WORDS, WEISurveyInformation2025
+from ..models import Bus, WEIClub, WEIRegistration
+
+
+class TestWEIAlgorithm(TestCase):
+    """
+    Run some tests to ensure that the WEI algorithm is working well.
+    """
+    fixtures = ('initial',)
+
+    def setUp(self):
+        """
+        Create some test data, with one WEI and 10 buses with random score attributions.
+        """
+        self.wei = WEIClub.objects.create(
+            name="WEI 2025",
+            email="wei2025@example.com",
+            date_start='2025-09-12',
+            date_end='2025-09-14',
+            year=2025,
+            membership_start='2025-06-01'
+        )
+
+        self.buses = []
+        for i in range(10):
+            bus = Bus.objects.create(wei=self.wei, name=f"Bus {i}", size=10)
+            self.buses.append(bus)
+            information = WEIBusInformation2025(bus)
+            for word in WORDS:
+                information.scores[word] = random.randint(0, 101)
+            information.save()
+            bus.save()
+
+    def test_survey_algorithm_small(self):
+        """
+        There are only a few people in each bus, ensure that each person has its best bus
+        """
+        # Add a few users
+        for i in range(10):
+            user = User.objects.create(username=f"user{i}")
+            registration = WEIRegistration.objects.create(
+                user=user,
+                wei=self.wei,
+                first_year=True,
+                birth_date='2000-01-01',
+            )
+            information = WEISurveyInformation2025(registration)
+            for j in range(1, 21):
+                setattr(information, f'word{j}', random.choice(WORDS))
+            information.step = 20
+            information.save(registration)
+            registration.save()
+
+        # Run algorithm
+        WEISurvey2025.get_algorithm_class()().run_algorithm()
+
+        # Ensure that everyone has its first choice
+        for r in WEIRegistration.objects.filter(wei=self.wei).all():
+            survey = WEISurvey2025(r)
+            preferred_bus = survey.ordered_buses()[0][0]
+            chosen_bus = survey.information.get_selected_bus()
+            self.assertEqual(preferred_bus, chosen_bus)
+
+    def test_survey_algorithm_full(self):
+        """
+        Buses are full of first year people, ensure that they are happy
+        """
+        # Add a lot of users
+        for i in range(95):
+            user = User.objects.create(username=f"user{i}")
+            registration = WEIRegistration.objects.create(
+                user=user,
+                wei=self.wei,
+                first_year=True,
+                birth_date='2000-01-01',
+            )
+            information = WEISurveyInformation2025(registration)
+            for j in range(1, 21):
+                setattr(information, f'word{j}', random.choice(WORDS))
+            information.step = 20
+            information.save(registration)
+            registration.save()
+
+        # Run algorithm
+        WEISurvey2025.get_algorithm_class()().run_algorithm()
+
+        penalty = 0
+        # Ensure that everyone seems to be happy
+        # We attribute a penalty for each user that didn't have its first choice
+        # The penalty is the square of the distance between the score of the preferred bus
+        # and the score of the attributed bus
+        # We consider it acceptable if the mean of this distance is lower than 5 %
+        for r in WEIRegistration.objects.filter(wei=self.wei).all():
+            survey = WEISurvey2025(r)
+            chosen_bus = survey.information.get_selected_bus()
+            buses = survey.ordered_buses()
+            score = min(v for bus, v in buses if bus == chosen_bus)
+            max_score = buses[0][1]
+            penalty += (max_score - score) ** 2
+
+            self.assertLessEqual(max_score - score, 25)  # Always less than 25 % of tolerance
+
+        self.assertLessEqual(penalty / 100, 25)  # Tolerance of 5 %

apps/wei/tests/test_wei_registration.py

@@ -126,6 +126,7 @@ class TestWEIRegistration(TestCase):
             year=self.year + 1,
             date_start=str(self.year + 1) + "-09-01",
             date_end=str(self.year + 1) + "-09-03",
+            caution_amount=12000,
         ))
         qs = WEIClub.objects.filter(name="Create WEI Test", year=self.year + 1)
         self.assertTrue(qs.exists())
@@ -160,6 +161,7 @@ class TestWEIRegistration(TestCase):
             membership_end="2000-09-30",
             date_start="2000-09-01",
             date_end="2000-09-03",
+            caution_amount=12000,
         ))
         qs = WEIClub.objects.filter(name="Update WEI Test", id=self.wei.id)
         self.assertRedirects(response, reverse("wei:wei_detail", kwargs=dict(pk=self.wei.pk)), 302, 200)
@@ -318,6 +320,7 @@ class TestWEIRegistration(TestCase):
             bus=[],
             team=[],
             roles=[],
+            caution_type='check'
         ))
         self.assertEqual(response.status_code, 200)
         self.assertFalse(response.context["membership_form"].is_valid())
@@ -334,7 +337,8 @@ class TestWEIRegistration(TestCase):
             emergency_contact_phone='+33123456789',
             bus=[self.bus.id],
             team=[self.team.id],
-            roles=[role.id for role in WEIRole.objects.filter(~Q(name="1A")).all()],
+            roles=[role.id for role in WEIRole.objects.filter(~Q(name="1A") & ~Q(name="GC WEI")).all()],
+            caution_type='check'
         ))
         qs = WEIRegistration.objects.filter(user_id=user.id)
         self.assertTrue(qs.exists())
@@ -354,6 +358,7 @@ class TestWEIRegistration(TestCase):
             bus=[self.bus.id],
             team=[self.team.id],
             roles=[role.id for role in WEIRole.objects.filter(~Q(name="1A")).all()],
+            caution_type='check'
         ))
         self.assertEqual(response.status_code, 200)
         self.assertTrue("This user is already registered to this WEI." in str(response.context["form"].errors))
@@ -506,11 +511,12 @@ class TestWEIRegistration(TestCase):
                 team=[self.team.id],
                 roles=[role.id for role in WEIRole.objects.filter(name="Adhérent⋅e WEI").all()],
                 information_json=self.registration.information_json,
+                caution_type='check'
             )
         )
         qs = WEIRegistration.objects.filter(user_id=self.user.id, soge_credit=False, clothing_size="M")
         self.assertTrue(qs.exists())
-        self.assertRedirects(response, reverse("wei:validate_registration", kwargs=dict(pk=qs.get().pk)), 302, 200)
+        self.assertRedirects(response, reverse("wei:wei_detail", kwargs=dict(pk=qs.get().wei.pk)), 302, 200)
 
         # Check the page when the registration is already validated
         membership = WEIMembership(
@@ -560,11 +566,12 @@ class TestWEIRegistration(TestCase):
                 team=[self.team.id],
                 roles=[role.id for role in WEIRole.objects.filter(name="Adhérent⋅e WEI").all()],
                 information_json=self.registration.information_json,
+                caution_type='check'
             )
         )
         qs = WEIRegistration.objects.filter(user_id=self.user.id, clothing_size="L")
         self.assertTrue(qs.exists())
-        self.assertRedirects(response, reverse("wei:validate_registration", kwargs=dict(pk=qs.get().pk)), 302, 200)
+        self.assertRedirects(response, reverse("wei:wei_detail", kwargs=dict(pk=qs.get().wei.pk)), 302, 200)
 
         # Test invalid form
         response = self.client.post(
@@ -583,6 +590,7 @@ class TestWEIRegistration(TestCase):
                 team=[],
                 roles=[],
                 information_json=self.registration.information_json,
+                caution_type='check'
             )
         )
         self.assertFalse(response.context["membership_form"].is_valid())
@@ -624,7 +632,7 @@ class TestWEIRegistration(TestCase):
         second_bus = Bus.objects.create(wei=self.wei, name="Second bus")
         second_team = BusTeam.objects.create(bus=second_bus, name="Second team", color=42)
         response = self.client.post(reverse("wei:validate_registration", kwargs=dict(pk=self.registration.pk)), dict(
-            roles=[WEIRole.objects.get(name="GC WEI").id],
+            roles=[WEIRole.objects.get(name="Adhérent⋅e WEI").id],
             bus=self.bus.pk,
             team=second_team.pk,
             credit_type=4,  # Bank transfer
@@ -632,13 +640,14 @@ class TestWEIRegistration(TestCase):
             last_name="admin",
             first_name="admin",
             bank="Société générale",
+            caution_check=True,
         ))
         self.assertEqual(response.status_code, 200)
         self.assertFalse(response.context["form"].is_valid())
         self.assertTrue("This team doesn't belong to the given bus." in str(response.context["form"].errors))
 
         response = self.client.post(reverse("wei:validate_registration", kwargs=dict(pk=self.registration.pk)), dict(
-            roles=[WEIRole.objects.get(name="GC WEI").id],
+            roles=[WEIRole.objects.get(name="Adhérent⋅e WEI").id],
             bus=self.bus.pk,
             team=self.team.pk,
             credit_type=4,  # Bank transfer
@@ -646,8 +655,10 @@ class TestWEIRegistration(TestCase):
             last_name="admin",
             first_name="admin",
             bank="Société générale",
+            caution_check=True,
         ))
         self.assertRedirects(response, reverse("wei:wei_registrations", kwargs=dict(pk=self.registration.wei.pk)), 302, 200)
+
         # Check if the membership is successfully created
         membership = WEIMembership.objects.filter(user_id=self.user.id, club=self.wei)
         self.assertTrue(membership.exists())
@@ -767,7 +778,7 @@ class TestDefaultWEISurvey(TestCase):
         WEISurvey.update_form(None, None)
 
         self.assertEqual(CurrentSurvey.get_algorithm_class().get_survey_class(), CurrentSurvey)
-        self.assertEqual(CurrentSurvey.get_year(), 2024)
+        self.assertEqual(CurrentSurvey.get_year(), 2025)
 
 
 class TestWeiAPI(TestAPI):

apps/wei/urls.py

@@ -4,7 +4,7 @@
 from django.urls import path
 
 from .views import CurrentWEIDetailView, WEI1AListView, WEIListView, WEICreateView, WEIDetailView, WEIUpdateView, \
-    WEIRegistrationsView, WEIMembershipsView, MemberListRenderView, \
+    WEIRegistrationsView, WEIMembershipsView, MemberListRenderView, BusInformationUpdateView, \
     BusCreateView, BusManageView, BusUpdateView, BusTeamCreateView, BusTeamManageView, BusTeamUpdateView, \
     WEIAttributeBus1AView, WEIAttributeBus1ANextView, WEIRegister1AView, WEIRegister2AView, WEIUpdateRegistrationView, \
     WEIDeleteRegistrationView, WEIValidateRegistrationView, WEISurveyView, WEISurveyEndView, WEIClosedView
@@ -42,4 +42,5 @@ urlpatterns = [
     path('detail/<int:pk>/closed/', WEIClosedView.as_view(), name="wei_closed"),
     path('bus-1A/<int:pk>/', WEIAttributeBus1AView.as_view(), name="wei_bus_1A"),
     path('bus-1A/next/<int:pk>/', WEIAttributeBus1ANextView.as_view(), name="wei_bus_1A_next"),
+    path('update-bus-info/<int:pk>/', BusInformationUpdateView.as_view(), name="update_bus_info"),
 ]

apps/wei/views.py

@@ -4,16 +4,18 @@
 import os
 import shutil
 import subprocess
-from datetime import date, timedelta
+from datetime import date
 from tempfile import mkdtemp
 
 from django.conf import settings
+from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.db.models import Q, Count
 from django.db.models.functions.text import Lower
+from django import forms
 from django.http import HttpResponse, Http404
 from django.shortcuts import redirect
 from django.template.loader import render_to_string
@@ -33,7 +35,7 @@ from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 
 from .forms.registration import WEIChooseBusForm
 from .models import WEIClub, WEIRegistration, WEIMembership, Bus, BusTeam, WEIRole
-from .forms import WEIForm, WEIRegistrationForm, BusForm, BusTeamForm, WEIMembership1AForm, \
+from .forms import WEIForm, WEIRegistrationForm, WEIRegistration1AForm, WEIRegistration2AForm, BusForm, BusTeamForm, WEIMembership1AForm, \
     WEIMembershipForm, CurrentSurvey
 from .tables import BusRepartitionTable, BusTable, BusTeamTable, WEITable, WEIRegistrationTable, \
     WEIRegistration1ATable, WEIMembershipTable
@@ -441,6 +443,10 @@ class BusTeamCreateView(ProtectQuerysetMixin, ProtectedCreateView):
         self.object.refresh_from_db()
         return reverse_lazy("wei:manage_bus_team", kwargs={"pk": self.object.pk})
 
+    def get_template_names(self):
+        names = super().get_template_names()
+        return names
+
 
 class BusTeamUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
     """
@@ -473,6 +479,10 @@ class BusTeamUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
         self.object.refresh_from_db()
         return reverse_lazy("wei:manage_bus_team", kwargs={"pk": self.object.pk})
 
+    def get_template_names(self):
+        names = super().get_template_names()
+        return names
+
 
 class BusTeamManageView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     """
@@ -500,7 +510,7 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
     Register a new user to the WEI
     """
     model = WEIRegistration
-    form_class = WEIRegistrationForm
+    form_class = WEIRegistration1AForm
     extra_context = {"title": _("Register first year student to the WEI")}
 
     def get_sample_object(self):
@@ -546,9 +556,17 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
     def get_form(self, form_class=None):
         form = super().get_form(form_class)
         form.fields["user"].initial = self.request.user
-        del form.fields["first_year"]
+
-        del form.fields["caution_check"]
+        # Cacher les champs pendant l'inscription initiale
-        del form.fields["information_json"]
+        if "first_year" in form.fields:
+            del form.fields["first_year"]
+        if "caution_check" in form.fields:
+            del form.fields["caution_check"]
+        if "information_json" in form.fields:
+            del form.fields["information_json"]
+        if "caution_type" in form.fields:
+            del form.fields["caution_type"]
+
         return form
 
     @transaction.atomic
@@ -586,7 +604,7 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
     Register an old user to the WEI
     """
     model = WEIRegistration
-    form_class = WEIRegistrationForm
+    form_class = WEIRegistration2AForm
     extra_context = {"title": _("Register old student to the WEI")}
 
     def get_sample_object(self):
@@ -644,9 +662,19 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
             form.fields["soge_credit"].disabled = True
             form.fields["soge_credit"].help_text = _("You already opened an account in the Société générale.")
 
-        del form.fields["caution_check"]
+        # Cacher les champs pendant l'inscription initiale
-        del form.fields["first_year"]
+        if "first_year" in form.fields:
-        del form.fields["information_json"]
+            del form.fields["first_year"]
+        if "caution_check" in form.fields:
+            del form.fields["caution_check"]
+        if "information_json" in form.fields:
+            del form.fields["information_json"]
+
+        # S'assurer que le champ caution_type est obligatoire
+        if "caution_type" in form.fields:
+            form.fields["caution_type"].required = True
+            form.fields["caution_type"].help_text = _("Choose how you want to pay the deposit")
+            form.fields["caution_type"].widget = forms.RadioSelect(choices=form.fields["caution_type"].choices)
 
         return form
 
@@ -673,6 +701,9 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
         information["preferred_roles_pk"] = [role.pk for role in choose_bus_form.cleaned_data["roles"]]
         information["preferred_roles_name"] = [role.name for role in choose_bus_form.cleaned_data["roles"]]
         form.instance.information = information
+
+        # Sauvegarder le type de caution
+        form.instance.caution_type = form.cleaned_data["caution_type"]
         form.instance.save()
 
         if 'treasury' in settings.INSTALLED_APPS:
@@ -702,11 +733,15 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
         # We can't update a registration once the WEI is started and before the membership start date
         if today >= wei.date_start or today < wei.membership_start:
             return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
+        # Store the validate parameter in the view's state
+        self.should_validate = request.GET.get('validate', False)
         return super().dispatch(request, *args, **kwargs)
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context["club"] = self.object.wei
+        # Pass the validate parameter to the template
+        context["should_validate"] = self.should_validate
 
         if self.object.is_validated:
             membership_form = self.get_membership_form(instance=self.object.membership,
@@ -740,10 +775,21 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
         # The auto-json-format may cause issues with the default field remove
         if not PermissionBackend.check_perm(self.request, 'wei.change_weiregistration_information_json', self.object):
             del form.fields["information_json"]
+        # Masquer le champ caution_check pour tout le monde dans le formulaire de modification
+        if "caution_check" in form.fields:
+            del form.fields["caution_check"]
+
+        # S'assurer que le champ caution_type est obligatoire pour les 2A+
+        if not self.object.first_year and "caution_type" in form.fields:
+            form.fields["caution_type"].required = True
+            form.fields["caution_type"].help_text = _("Choose how you want to pay the deposit")
+            form.fields["caution_type"].widget = forms.RadioSelect(choices=form.fields["caution_type"].choices)
+
         return form
 
     def get_membership_form(self, data=None, instance=None):
-        membership_form = WEIMembershipForm(data if data else None, instance=instance)
+        registration = self.get_object()
+        membership_form = WEIMembershipForm(data if data else None, instance=instance, wei=registration.wei)
         del membership_form.fields["credit_type"]
         del membership_form.fields["credit_amount"]
         del membership_form.fields["first_name"]
@@ -759,10 +805,30 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
     def form_valid(self, form):
         # If the membership is already validated, then we update the bus and the team (and the roles)
         if form.instance.is_validated:
-            membership_form = self.get_membership_form(self.request.POST, form.instance.membership)
+            try:
-            if not membership_form.is_valid():
+                membership = form.instance.membership
+                if membership is None:
+                    raise ValueError(_("No membership found for this registration"))
+
+                membership_form = self.get_membership_form(self.request.POST, instance=membership)
+                if not membership_form.is_valid():
+                    return self.form_invalid(form)
+
+                # Vérifier que l'utilisateur a la permission de modifier le membership
+                # On vérifie d'abord si l'utilisateur a la permission générale de modification
+                if not self.request.user.has_perm("wei.change_weimembership"):
+                    raise PermissionDenied(_("You don't have the permission to update memberships"))
+
+                # On vérifie ensuite les permissions spécifiques pour chaque champ modifié
+                for field_name in membership_form.changed_data:
+                    perm = f"wei.change_weimembership_{field_name}"
+                    if not self.request.user.has_perm(perm):
+                        raise PermissionDenied(_("You don't have the permission to update the field %(field)s") % {'field': field_name})
+
+                membership_form.save()
+            except (WEIMembership.DoesNotExist, ValueError, PermissionDenied) as e:
+                form.add_error(None, str(e))
                 return self.form_invalid(form)
-            membership_form.save()
         # If it is not validated and if this is an old member, then we update the choices
         elif not form.instance.first_year and PermissionBackend.check_perm(
                 self.request, "wei.change_weiregistration_information_json", self.object):
@@ -777,6 +843,10 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
             information["preferred_roles_pk"] = [role.pk for role in choose_bus_form.cleaned_data["roles"]]
             information["preferred_roles_name"] = [role.name for role in choose_bus_form.cleaned_data["roles"]]
             form.instance.information = information
+
+            # Sauvegarder le type de caution pour les 2A+
+            if "caution_type" in form.cleaned_data:
+                form.instance.caution_type = form.cleaned_data["caution_type"]
             form.instance.save()
 
         return super().form_valid(form)
@@ -787,14 +857,8 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
             survey = CurrentSurvey(self.object)
             if not survey.is_complete():
                 return reverse_lazy("wei:wei_survey", kwargs={"pk": self.object.pk})
-        if PermissionBackend.check_perm(self.request, "wei.add_weimembership", WEIMembership(
+        # On redirige vers la validation uniquement si c'est explicitement demandé (et stocké dans la vue)
-            club=self.object.wei,
+        if self.should_validate and self.request.user.has_perm("wei.add_weimembership"):
-            user=self.object.user,
-            date_start=date.today(),
-            date_end=date.today(),
-            fee=0,
-            registration=self.object,
-        )):
             return reverse_lazy("wei:validate_registration", kwargs={"pk": self.object.pk})
         return reverse_lazy("wei:wei_detail", kwargs={"pk": self.object.wei.pk})
 
@@ -836,18 +900,23 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
     extra_context = {"title": _("Validate WEI registration")}
 
     def get_sample_object(self):
+        """
+        Return a sample object for permission checking
+        """
         registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
         return WEIMembership(
-            club=registration.wei,
             user=registration.user,
-            date_start=date.today(),
+            club=registration.wei,
-            date_end=date.today() + timedelta(days=1),
+            date_start=registration.wei.date_start,
-            fee=0,
+            fee=registration.wei.membership_fee_paid if registration.user.profile.paid else registration.wei.membership_fee_unpaid,
+            # Add any fields needed for proper permission checking
             registration=registration,
         )
 
     def dispatch(self, request, *args, **kwargs):
-        wei = WEIRegistration.objects.get(pk=self.kwargs["pk"]).wei
+        registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
+
+        wei = registration.wei
         today = date.today()
         # We can't validate anyone once the WEI is started and before the membership start date
         if today >= wei.date_start or today < wei.membership_start:
@@ -878,7 +947,14 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
             date_start__gte=bde.membership_start,
         ).exists()
 
-        context["fee"] = registration.fee
+        fee = registration.fee
+        context["fee"] = fee
+
+        # Calculer le montant total nécessaire (frais + caution si transaction)
+        total_needed = fee
+        if registration.caution_type == 'note':
+            total_needed += registration.wei.caution_amount
+        context["total_needed"] = total_needed
 
         form = context["form"]
         if registration.soge_credit:
@@ -890,18 +966,41 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
 
     def get_form_class(self):
         registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
-        if registration.first_year and 'sleected_bus_pk' not in registration.information:
+        if registration.first_year and 'selected_bus_pk' not in registration.information:
             return WEIMembership1AForm
         return WEIMembershipForm
 
+    def get_form_kwargs(self):
+        kwargs = super().get_form_kwargs()
+        registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
+        wei = registration.wei
+        kwargs['wei'] = wei
+        return kwargs
+
     def get_form(self, form_class=None):
         form = super().get_form(form_class)
         registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
         form.fields["last_name"].initial = registration.user.last_name
         form.fields["first_name"].initial = registration.user.first_name
 
-        if "caution_check" in form.fields:
+        # Ajouter le champ caution_check uniquement pour les non-première année et le rendre obligatoire
-            form.fields["caution_check"].initial = registration.caution_check
+        if not registration.first_year:
+            if registration.caution_type == 'check':
+                form.fields["caution_check"] = forms.BooleanField(
+                    required=True,
+                    initial=registration.caution_check,
+                    label=_("Caution check given"),
+                    help_text=_("Please make sure the check is given before validating the registration")
+                )
+            else:
+                form.fields["caution_check"] = forms.BooleanField(
+                    required=True,
+                    initial=False,
+                    label=_("Create deposit transaction"),
+                    help_text=_("A transaction of %(amount).2f€ will be created from the user's Note account") % {
+                        'amount': registration.wei.caution_amount / 100
+                    }
+                )
 
         if registration.soge_credit:
             form.fields["credit_type"].disabled = True
@@ -985,10 +1084,20 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
         if credit_type is None or registration.soge_credit:
             credit_amount = 0
 
-        if not registration.soge_credit and user.note.balance + credit_amount < fee:
+        # Calculer le montant total nécessaire (frais + caution si transaction)
-            # Users must have money before registering to the WEI.
+        total_needed = fee
+        if registration.caution_type == 'note':
+            total_needed += club.caution_amount
+
+        # Vérifier que l'utilisateur a assez d'argent pour tout payer
+        if not registration.soge_credit and user.note.balance + credit_amount < total_needed:
             form.add_error('credit_type',
-                           _("This user don't have enough money to join this club, and can't have a negative balance."))
+                           _("This user doesn't have enough money to join this club and pay the deposit. "
+                               "Current balance: %(balance)d€, credit: %(credit)d€, needed: %(needed)d€") % {
+                               'balance': user.note.balance,
+                               'credit': credit_amount,
+                               'needed': total_needed}
+                           )
             return super().form_invalid(form)
 
         if credit_amount:
@@ -1028,6 +1137,18 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
         membership.refresh_from_db()
         membership.roles.add(WEIRole.objects.get(name="Adhérent⋅e WEI"))
 
+        # Créer la transaction de caution si nécessaire
+        if registration.caution_type == 'note':
+            from note.models import Transaction
+            Transaction.objects.create(
+                source=user.note,
+                destination=club.note,
+                quantity=1,
+                amount=club.caution_amount,
+                reason=_("Caution %(name)s") % {'name': club.name},
+                valid=True,
+            )
+
         return super().form_valid(form)
 
     def get_success_url(self):
@@ -1247,6 +1368,7 @@ class WEI1AListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableView):
     def get_queryset(self, filter_permissions=True, **kwargs):
         qs = super().get_queryset(filter_permissions, **kwargs)
         qs = qs.filter(first_year=True, membership__isnull=False)
+        qs = qs.filter(wei=self.club)
         qs = qs.order_by('-membership__bus')
         return qs
 
@@ -1289,8 +1411,48 @@ class WEIAttributeBus1ANextView(LoginRequiredMixin, RedirectView):
         if not wei.exists():
             raise Http404
         wei = wei.get()
-        qs = WEIRegistration.objects.filter(wei=wei, membership__isnull=False, membership__bus__isnull=True)
+
-        qs = qs.filter(information_json__contains='selected_bus_pk')  # not perfect, but works...
+        # On cherche d'abord les 1A qui ont une inscription validée (membership) mais pas de bus
-        if qs.exists():
+        qs = WEIRegistration.objects.filter(
-            return reverse_lazy('wei:wei_bus_1A', args=(qs.first().pk, ))
+            wei=wei,
-        return reverse_lazy('wei:wei_1A_list', args=(wei.pk, ))
+            first_year=True,
+            membership__isnull=False,
+            membership__bus__isnull=True
+        )
+
+        # Parmi eux, on prend ceux qui ont répondu au questionnaire (ont un bus préféré)
+        qs = qs.filter(information_json__contains='selected_bus_pk')
+
+        if not qs.exists():
+            # Si on ne trouve personne, on affiche un message et on retourne à la liste
+            messages.info(self.request, _("No first year student without a bus found. Either all of them have a bus, or none has filled the survey yet."))
+            return reverse_lazy('wei:wei_1A_list', args=(wei.pk,))
+
+        # On redirige vers la page d'attribution pour le premier étudiant trouvé
+        return reverse_lazy('wei:wei_bus_1A', args=(qs.first().pk,))
+
+
+class BusInformationUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    model = Bus
+
+    def get_form_class(self):
+        return CurrentSurvey.get_algorithm_class().get_bus_information_form()
+
+    def dispatch(self, request, *args, **kwargs):
+        wei = self.get_object().wei
+        today = date.today()
+        # We can't update a bus once the WEI is started
+        if today >= wei.date_start:
+            return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["club"] = self.object.wei
+        context["information"] = CurrentSurvey.get_algorithm_class().get_bus_information(self.object)
+        self.object.save()
+        return context
+
+    def get_success_url(self):
+        self.object.refresh_from_db()
+        return reverse_lazy("wei:manage_bus", kwargs={"pk": self.object.pk})

docs/apps/food.rst

@@ -19,8 +19,9 @@ Le modèle regroupe :
 * Propriétaire (doit-être un Club)
 * Allergènes (ManyToManyField)
 * date d'expiration
-* a été mangé (booléen)
+* fin de vie
 * est prêt (booléen)
+* consigne (pour les GCKs)
 
 BasicFood
 ~~~~~~~~~
@@ -40,7 +41,7 @@ Les TransformedFood correspondent aux produits préparés à la Kfet. Ils peuven
 
 Le modèle regroupe :
 
-* Durée de consommation (par défaut 3 jours)
+* Durée de conservation (par défaut 3 jours)
 * Ingrédients (ManyToManyField vers Food)
 * Date de création
 * Champs de Food

docs/apps/index.rst

@@ -12,6 +12,7 @@ Applications de la Note Kfet 2020
    ../api/index
    registration
    logs
+   food
    treasury
    wei
    wrapped
@@ -66,6 +67,8 @@ Applications facultatives
     Serveur central d'authentification, permet d'utiliser son compte de la NoteKfet2020 pour se connecter à d'autre application ayant intégrer un client.
 * `Scripts <https://gitlab.crans.org/bde/nk20-scripts>`_
      Ensemble de commande `./manage.py` pour la gestion de la note: import de données, verification d'intégrité, etc...
+* `Food <food>`_ :
+    Gestion de la nourriture dans Kfet pour les clubs.
 * `Treasury <treasury>`_ :
     Interface de gestion pour les trésorièr⋅es, émission de factures, remises de chèque, statistiques...
 * `WEI <wei>`_ :

docs/faq.rst

@@ -183,6 +183,7 @@ Contributeur⋅rices
    * korenst1
    * nicomarg
    * PAC
+   * Quark
    * ÿnérant
 
 

docs/scripts.rst

@@ -136,7 +136,7 @@ de diffusion utiles.
    Faîtes attention, donc où la sortie est stockée.
 
 
-Il prend 2 options :
+Il prend 4 options :
 
 * ``--type``, qui prend en argument ``members`` (défaut), ``clubs``, ``events``, ``art``,
   ``sport``, qui permet respectivement de sortir la liste des adresses mails des adhérent⋅es
@@ -149,7 +149,10 @@ Il prend 2 options :
   pour la ML Adhérents, pour exporter les mails des adhérents au BDE pendant n'importe 
   laquelle des ``n+1`` dernières années. 
 
-Le script sort sur la sortie standard la liste des adresses mails à inscrire.
+* ``--email``, qui prend en argument une chaine de caractère contenant une adresse email.
+  
+Si aucun email n'est renseigné, le script sort sur la sortie standard la liste des adresses mails à inscrire.
+Dans le cas contraire, la liste est envoyée à l'adresse passée en argument.
 
 Attention : il y a parfois certains cas particuliers à prendre en compte, il n'est
 malheureusement pas aussi simple que de simplement supposer que ces listes sont exhaustives.

note.cron

@@ -27,5 +27,6 @@ MAILTO=notekfet2020@lists.crans.org
 # Vider les tokens Oauth2
  00  6     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py cleartokens -v 0
 # Envoyer la liste des abonnés à la NL BDA
- 00  10     *   *   0     root   cd /var/www/note_kfet && env/bin/python manage.py extract_ml_registrations -t art -e "bda.ensparissaclay@gmail.com"
+ 00  10    *   *   0     root   cd /var/www/note_kfet && env/bin/python manage.py extract_ml_registrations -t art -e "bda.ensparissaclay@gmail.com"
- 
+# Envoyer la liste de la bouffe au club et aux GCKs
+ 00  8     *   *   1     root   cd /var/www/note_kfet && env/bin/python manage.py send_mail_for_food --report --club

note_kfet/admin.py

@@ -56,3 +56,8 @@ if "cas_server" in settings.INSTALLED_APPS:
     from cas_server.models import *
     admin_site.register(ServicePattern, ServicePatternAdmin)
     admin_site.register(FederatedIendityProvider, FederatedIendityProviderAdmin)
+
+if "constance" in settings.INSTALLED_APPS:
+    from constance.admin import *
+    from constance.models import *
+    admin_site.register([Config], ConstanceAdmin)

note_kfet/inputs.py

@@ -63,8 +63,16 @@ class ColorWidget(Widget):
     def format_value(self, value):
         if value is None:
             value = 0xFFFFFF
-        return "#{:06X}".format(value)
+        if isinstance(value, str):
+            return value  # Assume it's already a hex string like "#FFAA33"
+        try:
+            return "#{:06X}".format(value)
+        except Exception:
+            return "#FFFFFF"
+
 
     def value_from_datadict(self, data, files, name):
         val = super().value_from_datadict(data, files, name)
-        return int(val[1:], 16)
+        if val:
+            return int(val[1:], 16)
+        return None

note_kfet/settings/base.py

@@ -39,7 +39,9 @@ SECURE_HSTS_PRELOAD = True
 INSTALLED_APPS = [
     # External apps
     'bootstrap_datepicker_plus',
+    'cas_server',
     'colorfield',
+    'constance',
     'crispy_bootstrap4',
     'crispy_forms',
 #    'django_htcpcp_tea',
@@ -111,6 +113,7 @@ TEMPLATES = [
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
+                'constance.context_processors.config',
                 'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
@@ -270,7 +273,7 @@ OAUTH2_PROVIDER = {
     'PKCE_REQUIRED': False, # PKCE (fix a breaking change of django-oauth-toolkit 2.0.0)
     'OIDC_ENABLED': True,
     'OIDC_RSA_PRIVATE_KEY':
-        os.getenv('OIDC_RSA_PRIVATE_KEY', '/var/secrets/oidc.key'),
+        os.getenv('OIDC_RSA_PRIVATE_KEY', 'CHANGE_ME_IN_ENV_SETTINGS').replace('\\n', '\n'), # for multilines
     'SCOPES': { 'openid': "OpenID Connect scope" },
 }
 
@@ -307,6 +310,30 @@ PHONENUMBER_DEFAULT_REGION = 'FR'
 
 # We add custom information to CAS, in order to give a normalized name to other services
 CAS_AUTH_CLASS = 'member.auth.CustomAuthUser'
+CAS_LOGIN_TEMPLATE = 'cas/login.html'
+CAS_LOGOUT_TEMPLATE = 'cas/logout.html'
+CAS_WARN_TEMPLATE = 'cas/warn.html'
+CAS_LOGGED_TEMPLATE = 'cas/logged.html'
 
 # Default field for primary key
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
+
+# Constance settings
+CONSTANCE_ADDITIONAL_FIELDS = {
+    'banner_type': ['django.forms.fields.ChoiceField', {
+        'widget': 'django.forms.Select',
+        'choices': (('info', 'Info'), ('success', 'Success'), ('warning', 'Warning'), ('danger', 'Danger'))
+    }],
+}
+CONSTANCE_CONFIG = {
+    'BANNER_MESSAGE': ('', 'Some message', str),
+    'BANNER_TYPE': ('info', 'Banner type', 'banner_type'),
+    'MAINTENANCE': (False, 'check for mainteance mode', bool),
+    'MAINTENANCE_MESSAGE': ('', 'Some maintenance message', str),
+}
+CONSTANCE_CONFIG_FIELDSETS = {
+    'Maintenance': ('MAINTENANCE_MESSAGE', 'MAINTENANCE'),
+    'Banner': ('BANNER_MESSAGE', 'BANNER_TYPE'),
+}
+CONSTANCE_BACKEND = 'constance.backends.database.DatabaseBackend'
+CONSTANCE_SUPERUSER_ONLY = True

note_kfet/templates/base.html

@@ -5,6 +5,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <!DOCTYPE html>
 {% get_current_language as LANGUAGE_CODE %}{% get_current_language_bidi as LANGUAGE_BIDI %}
 <html lang="{{ LANGUAGE_CODE|default:"en" }}" {% if LANGUAGE_BIDI %}dir="rtl"{% endif %} class="position-relative h-100">
+{% if not config.MAINTENANCE %}
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
@@ -138,9 +139,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
                                 <a class="dropdown-item" href="{% url 'member:user_detail' pk=request.user.pk %}">
                                     <i class="fa fa-user"></i> {% trans "My account" %}
                                 </a>
-                                <a class="dropdown-item" href="{% url 'logout' %}">
+				<form method="post" action="{% url 'logout' %}">
-                                    <i class="fa fa-sign-out"></i> {% trans "Log out" %}
+				    {% csrf_token %}
-                                </a>
+				    <button class="dropdown-item" type=submit">
+					<i class="fa fa-sign-out"></i> {% trans "Log out" %}
+				    </button>
+                                </form>
                             </div>
                         </li>
                     {% else %}
@@ -188,7 +192,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
                     {% endblocktrans %}
                 </div>
             {% endif %}
-            {# TODO Add banners #}
+	    {% if config.BANNER_MESSAGE and user.is_authenticated %}
+	    <div class="alert alert-{{ config.BANNER_TYPE }}">
+	      {{ config.BANNER_MESSAGE }}
+	    </div>
+	    {% endif %}
         </div>
         {% block content %}
             <p>Default content...</p>
@@ -210,6 +218,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
                            class="text-muted">{% trans "Charte Info (FR)" %}</a> &mdash;
                         <a href="https://note.crans.org/doc/faq/"
                            class="text-muted">{% trans "FAQ (FR)" %}</a> &mdash;
+		   	<a href="https://bde.ens-cachan.fr"
+			   class="text-muted">{% trans "Managed by BDE" %}</a> &mdash;
+		   	<a href="https://crans.org"
+			   class="text-muted">{% trans "Hosted by Cr@ns" %}</a> &mdash;
                     </span>
                     {% csrf_token %}
                     <select title="language" name="language"
@@ -246,4 +258,15 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 {% block extrajavascript %}{% endblock %}
 </body>
+{% endif %}
+{% if config.MAINTENANCE %}
+<body>
+  <div style="text-align:center">
+    <br />
+    {% trans "The note is not available for now" %}<br /><br />
+    {{ config.MAINTENANCE_MESSAGE }}<br /><br />
+    {% trans "Thank you for your understanding -- The Respos Info of BDE" %}
+  </div>
+</body>
+{% endif %}
 </html>

note_kfet/templates/cas/logged.html

@@ -0,0 +1,28 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) by BDE ENS-Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n %}
+{% block content %}
+<div class="alert alert-success" role="alert">{% blocktrans %}<h3>Log In Successful</h3>You have successfully logged into the Central Authentication Service.<br/>For security reasons, please Log Out and Exit your web browser when you are done accessing services that require authentication!{% endblocktrans %}</div>
+<div class="card bg-light mx-auto" style="max-width:30rem;">
+  <div class="card-body">
+    <form class="form-signin" method="get" action="logout">
+      <div class="checkbox">
+	<label>
+	  <input type="checkbox" name="all" value="1">{% trans "Log me out from all my sessions" %}
+	</label>
+      </div>
+      {% if settings.CAS_FEDERATE and request.COOKIES.remember_provider %}
+      <div class="checkbox">
+	<label>
+	  <input type="checkbox" name="forget_provider" value="1">{% trans "Forget the identity provider" %}
+	</label>
+      </div>
+      {% endif %}
+      <button class="btn btn-danger btn-block btn-lg" type="submit">{% trans "Logout" %}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

note_kfet/templates/cas/login.html

@@ -0,0 +1,42 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) by BDE ENS-Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n %}
+
+{% block ante_messages %}
+  {% if auto_submit %}<noscript>{% endif %}
+  <div class="card-header text-center">
+    <h2 class="form-signin-heading">{% trans "Please log in" %}</h2>
+  </div>
+  {% if auto_submit %}</noscript>{% endif %}
+{% endblock %}
+
+{% block content %}
+  <div class="card bg-light mx-auto" style="max-width: 30rem;">
+    <div class="card-body">
+	<form class="form-signin" method="post" id="login_form"{% if post_url %} action="{{post_url}}"{% endif %}>
+	  {% csrf_token %}
+	  {% include "cas_server/bs4/form.html" %}
+	  {% if auto_submit %}<noscript>{% endif %}
+	  <button class="btn btn-primary btn-block btn-lg" type="submit">{% trans "Login" %}</button>
+	  {% if auto_submit %}</noscript>{% endif %}
+	</div>
+      </form>
+    </div>
+  </div>
+{% endblock %}
+
+{% block javascript_inline %}
+jQuery(function( $ ){
+  $("#id_warn").click(function(e){
+    if($("#id_warn").is(':checked')){
+      createCookie("warn", "on", 10 * 365);
+    } else {
+      eraseCookie("warn");
+    }
+  });
+});
+{% if auto_submit %}document.getElementById('login_form').submit(); // SUBMIT FORM{% endif %}
+{% endblock %}

note_kfet/templates/cas/logout.html

@@ -0,0 +1,10 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) by BDE ENS-Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n static %}
+{% block content %}
+    <div class="alert alert-success" role="alert">{{ logout_msg }}</div>
+{% endblock %}
+  

note_kfet/templates/cas/warn.html

@@ -0,0 +1,19 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) by BDE ENS-Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n static %}
+
+{% block content %}
+  <div class="card bg-light mx-auto" style="max-width: 30rem;">
+    <div class="card-body">
+      <form class="form-signin" method="post">
+	{% csrf_token %}
+	{% include "cas_server/bs4/form.html" %}
+	<button class="btn btn-primary btn-block btn-lg" type="submit">{% trans "Connect to the service" %}</button>
+      </form>
+    </div>
+  </div>
+{% endblock %}
+  

note_kfet/templates/colorfield/color.html

@@ -0,0 +1,5 @@
+<input type="text"
+       name="{{ widget.name }}"
+       value="{{ widget.value }}"
+       class="jscolor"
+       {% include "django/forms/widgets/attrs.html" %}>

requirements.txt

@@ -1,20 +1,21 @@
-beautifulsoup4~=4.12.3
+beautifulsoup4~=4.13.4
-crispy-bootstrap4~=2023.1
+crispy-bootstrap4~=2025.6
-Django~=4.2.9
+Django~=5.2.4
 django-bootstrap-datepicker-plus~=5.0.5
-#django-cas-server~=2.0.0
+django-cas-server~=3.1.0
-django-colorfield~=0.11.0
+django-colorfield~=0.14.0
-django-crispy-forms~=2.1.0
+django-constance~=4.3.2
-django-extensions>=3.2.3
+django-crispy-forms~=2.4.0
-django-filter~=23.5
+django-extensions>=4.1.0
+django-filter~=25.1
 #django-htcpcp-tea~=0.8.1
-django-mailer~=2.3.1
+django-mailer~=2.3.2
-django-oauth-toolkit~=2.3.0
+django-oauth-toolkit~=3.0.1
-django-phonenumber-field~=7.3.0
+django-phonenumber-field~=8.1.0
 django-polymorphic~=3.1.0
-djangorestframework~=3.14.0
+djangorestframework~=3.16.0
 django-rest-polymorphic~=0.1.10
-django-tables2~=2.7.0
+django-tables2~=2.7.5
 python-memcached~=1.62
-phonenumbers~=8.13.28
+phonenumbers~=9.0.8
-Pillow>=10.2.0
+Pillow>=11.3.0

tox.ini

@@ -1,13 +1,13 @@
 [tox]
 envlist =
     # Ubuntu 22.04 Python
-    py310-django42
+    py310-django52
 
     # Debian Bookworm Python
-    py311-django42
+    py311-django52
 
     # Ubuntu 24.04 Python
-    py312-django42
+    py312-django52
 
     linters
 skipsdist = True
@@ -32,8 +32,7 @@ deps =
     pep8-naming
     pyflakes
 commands =
-    flake8 apps --extend-exclude apps/scripts,apps/wrapped/management/commands
+    flake8 apps --extend-exclude apps/scripts
-    flake8 apps/wrapped/management/commands --extend-ignore=C901
 
 [flake8]
 ignore = W503, I100, I101, B019