Merge branch 'qrcode' into 'main'

Draft: Qrcode See merge request bde/nk20!196
Merge branch 'wei' into 'main'
2025-10-26 13:33:19 +01:00 · 2025-07-02 02:22:50 +02:00 · 2025-07-01 18:14:45 +02:00 · 2025-07-01 17:48:39 +02:00 · 2025-06-27 22:29:51 +02:00 · 2025-06-27 22:13:43 +02:00
322 changed files with 21514 additions and 7692 deletions
--- a/.env_example
+++ b/.env_example
@@ -21,3 +21,6 @@ EMAIL_PASSWORD=CHANGE_ME
 # Wiki configuration
 WIKI_USER=NoteKfet2020
 WIKI_PASSWORD=
 # OIDC
 OIDC_RSA_PRIVATE_KEY=CHANGE_ME
--- a/.gitignore
+++ b/.gitignore
@@ -42,6 +42,7 @@ map.json
 backups/
 /static/
 /media/
 /tmp/
 # Virtualenv
 env/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,25 +7,10 @@ stages:
 variables:
  GIT_SUBMODULE_STRATEGY: recursive
-# Debian Buster
+# Ubuntu 22.04
-py37-django22:
+py310-django42:
  stage: test
-  image: debian:buster-backports
+  image: ubuntu:22.04
  before_script:
    - >
        apt-get update &&
        apt-get install --no-install-recommends -t buster-backports -y
        python3-django python3-django-crispy-forms
        python3-django-extensions python3-django-filters python3-django-polymorphic
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
  script: tox -e py37-django22
 # Ubuntu 20.04
 py38-django22:
  stage: test
  image: ubuntu:20.04
  before_script:
    # Fix tzdata prompt
    - ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime && echo Europe/Paris > /etc/timezone
@@ -37,12 +22,12 @@ py38-django22:
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py38-django22
+  script: tox -e py310-django42
-# Debian Bullseye
+# Debian Bookworm
-py39-django22:
+py311-django42:
  stage: test
-  image: debian:bullseye
+  image: debian:bookworm
  before_script:
    - >
        apt-get update &&
@@ -52,11 +37,11 @@ py39-django22:
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py39-django22
+  script: tox -e py311-django42
 linters:
  stage: quality-assurance
-  image: debian:buster-backports
+  image: debian:bookworm
  before_script:
    - apt-get update && apt-get install -y tox
  script: tox -e linters
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "apps/scripts"]
 	path = apps/scripts
-	url = https://gitlab.crans.org/bde/nk20-scripts.git
+	url = https://gitlab.crans.org/bde/nk20-scripts
--- a/README.md
+++ b/README.md
@@ -55,10 +55,16 @@ Bien que cela permette de créer une instance sur toutes les distributions,
    (env)$ ./manage.py makemigrations
    (env)$ ./manage.py migrate
    (env)$ ./manage.py loaddata initial
-    (env)$ ./manage.py createsuperuser  # Création d'un utilisateur initial
+    (env)$ ./manage.py createsuperuser  # Création d'un⋅e utilisateur⋅rice initial
    ```
-6.  Enjoy :
+6. (Optionnel) **Création d'une clé privée OpenID Connect**
 Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
 exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et copier la clé dans .env dans le champ
 `OIDC_RSA_PRIVATE_KEY`.
 7.  Enjoy :
    ```bash
    (env)$ ./manage.py runserver 0.0.0.0:8000
@@ -228,7 +234,13 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
        (env)$ ./manage.py check # pas de bêtise qui traine
        (env)$ ./manage.py migrate
-7.  *Enjoy \o/*
+7. **Création d'une clé privée OpenID Connect**
 Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
 exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner le champ
 `OIDC_RSA_PRIVATE_KEY` dans le .env (par défaut `/var/secrets/oidc.key`).
 8.  *Enjoy \o/*
 ### Installation avec Docker
--- a/apps/activity/init.py
+++ b/apps/activity/init.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'activity.apps.ActivityConfig'
--- a/apps/activity/admin.py
+++ b/apps/activity/admin.py
@@ -1,11 +1,11 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib import admin
 from note_kfet.admin import admin_site
 from .forms import GuestForm
-from .models import Activity, ActivityType, Entry, Guest
+from .models import Activity, ActivityType, Entry, Guest, Opener
@admin.register(Activity, site=admin_site)
@@ -35,7 +35,7 @@ class GuestAdmin(admin.ModelAdmin):
    """
    Admin customisation for Guest
    """
-    list_display = ('last_name', 'first_name', 'activity', 'inviter')
+    list_display = ('last_name', 'first_name', 'school', 'activity', 'inviter')
    form = GuestForm
@@ -45,3 +45,11 @@ class EntryAdmin(admin.ModelAdmin):
    Admin customisation for Entry
    """
    list_display = ('note', 'activity', 'time', 'guest')
@admin.register(Opener, site=admin_site)
 class OpenerAdmin(admin.ModelAdmin):
    """
    Admin customisation for Opener
    """
    list_display = ('activity', 'opener')
--- a/apps/activity/api/serializers.py
+++ b/apps/activity/api/serializers.py
@@ -1,9 +1,11 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 from rest_framework.validators import UniqueTogetherValidator
-from ..models import Activity, ActivityType, Entry, Guest, GuestTransaction
+from ..models import Activity, ActivityType, Entry, Guest, GuestTransaction, Opener
 class ActivityTypeSerializer(serializers.ModelSerializer):
@@ -59,3 +61,17 @@ class GuestTransactionSerializer(serializers.ModelSerializer):
    class Meta:
        model = GuestTransaction
        fields = '__all__'
 class OpenerSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Openers.
    The djangorestframework plugin will analyse the model `Opener` and parse all fields in the API.
    """
    class Meta:
        model = Opener
        fields = '__all__'
        validators = [UniqueTogetherValidator(
            queryset=Opener.objects.all(), fields=("opener", "activity"),
            message=_("This opener already exists"))]
--- a/apps/activity/api/urls.py
+++ b/apps/activity/api/urls.py
@@ -1,7 +1,7 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet
+from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet, OpenerViewSet
 def register_activity_urls(router, path):
@@ -12,3 +12,4 @@ def register_activity_urls(router, path):
    router.register(path + '/type', ActivityTypeViewSet)
    router.register(path + '/guest', GuestViewSet)
    router.register(path + '/entry', EntryViewSet)
    router.register(path + '/opener', OpenerViewSet)
--- a/apps/activity/api/views.py
+++ b/apps/activity/api/views.py
@@ -1,12 +1,15 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 from django.core.exceptions import ValidationError
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from rest_framework.response import Response
 from rest_framework import status
-from .serializers import ActivitySerializer, ActivityTypeSerializer, EntrySerializer, GuestSerializer
+from .serializers import ActivitySerializer, ActivityTypeSerializer, EntrySerializer, GuestSerializer, OpenerSerializer
-from ..models import Activity, ActivityType, Entry, Guest
+from ..models import Activity, ActivityType, Entry, Guest, Opener
 class ActivityTypeViewSet(ReadProtectedModelViewSet):
@@ -29,7 +32,7 @@ class ActivityViewSet(ReadProtectedModelViewSet):
    """
    queryset = Activity.objects.order_by('id')
    serializer_class = ActivitySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'description', 'activity_type', 'location', 'creater', 'organizer', 'attendees_club',
                        'date_start', 'date_end', 'valid', 'open', ]
    search_fields = ['$name', '$description', '$location', '$creater__last_name', '$creater__first_name',
@@ -47,10 +50,10 @@ class GuestViewSet(ReadProtectedModelViewSet):
    """
    queryset = Guest.objects.order_by('id')
    serializer_class = GuestSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
-    filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'inviter', 'inviter__alias__name',
+    filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'school', 'inviter', 'inviter__alias__name',
                        'inviter__alias__normalized_name', ]
-    search_fields = ['$activity__name', '$last_name', '$first_name', '$inviter__user__email', '$inviter__alias__name',
+    search_fields = ['$activity__name', '$last_name', '$first_name', '$school', '$inviter__user__email', '$inviter__alias__name',
                     '$inviter__alias__normalized_name', ]
@@ -62,7 +65,36 @@ class EntryViewSet(ReadProtectedModelViewSet):
    """
    queryset = Entry.objects.order_by('id')
    serializer_class = EntrySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['activity', 'time', 'note', 'guest', ]
    search_fields = ['$activity__name', '$note__user__email', '$note__alias__name', '$note__alias__normalized_name',
                     '$guest__last_name', '$guest__first_name', ]
 class OpenerViewSet(ReadProtectedModelViewSet):
    """
    REST Opener View set.
    The djangorestframework plugin will get all `Opener` objects, serialize it to JSON with the given serializer,
    then render it on /api/activity/opener/
    """
    queryset = Opener.objects
    serializer_class = OpenerSerializer
    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend]
    search_fields = ['$opener__alias__name', '$opener__alias__normalized_name',
                     '$activity__name']
    filterset_fields = ['opener', 'opener__noteuser__user', 'activity']
    def get_serializer_class(self):
        serializer_class = self.serializer_class
        if self.request.method in ['PUT', 'PATCH']:
            # opener-activity can't change
            serializer_class.Meta.read_only_fields = ('opener', 'acitivity',)
        return serializer_class
    def destroy(self, request, *args, **kwargs):
        instance = self.get_object()
        try:
            self.perform_destroy(instance)
        except ValidationError as e:
            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
        return Response(status=status.HTTP_204_NO_CONTENT)
--- a/apps/activity/apps.py
+++ b/apps/activity/apps.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/activity/fixtures/initial.json
+++ b/apps/activity/fixtures/initial.json
@@ -6,7 +6,7 @@
            "name": "Pot",
            "manage_entries": true,
            "can_invite": true,
-            "guest_entry_fee": 500
+            "guest_entry_fee": 1000
        }
    },
    {
@@ -28,5 +28,25 @@
            "can_invite": false,
            "guest_entry_fee": 0
        }
    },
    {
        "model": "activity.activitytype",
        "pk": 5,
        "fields": {
            "name": "Soir\u00e9e avec entrées",
            "manage_entries": true,
            "can_invite": false,
            "guest_entry_fee": 0
        }
    },
    {
        "model": "activity.activitytype",
        "pk": 7,
        "fields": {
            "name": "Soir\u00e9e avec invitations",
            "manage_entries": true,
            "can_invite": true,
            "guest_entry_fee": 0
        }
    }
 ]
--- a/apps/activity/forms.py
+++ b/apps/activity/forms.py
@@ -1,16 +1,17 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta
 from random import shuffle
 from bootstrap_datepicker_plus.widgets import DateTimePickerInput
 from django import forms
 from django.contrib.contenttypes.models import ContentType
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from member.models import Club
 from note.models import Note, NoteUser
-from note_kfet.inputs import Autocomplete, DateTimePickerInput
+from note_kfet.inputs import Autocomplete
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
@@ -43,7 +44,7 @@ class ActivityForm(forms.ModelForm):
    class Meta:
        model = Activity
-        exclude = ('creater', 'valid', 'open', )
+        exclude = ('creater', 'valid', 'open', 'opener', )
        widgets = {
            "organizer": Autocomplete(
                model=Club,
@@ -106,7 +107,7 @@ class GuestForm(forms.ModelForm):
    class Meta:
        model = Guest
-        fields = ('last_name', 'first_name', 'inviter', )
+        fields = ('last_name', 'first_name', 'school', 'inviter', )
        widgets = {
            "inviter": Autocomplete(
                NoteUser,
--- a/apps/activity/migrations/0003_auto_20240323_1422.py
+++ b/apps/activity/migrations/0003_auto_20240323_1422.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2024-03-23 13:22
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('activity', '0002_auto_20200904_2341'),
    ]
    operations = [
        migrations.AlterField(
            model_name='activity',
            name='description',
            field=models.TextField(blank=True, default='', verbose_name='description'),
        ),
    ]
--- a/apps/activity/migrations/0004_opener.py
+++ b/apps/activity/migrations/0004_opener.py
@@ -0,0 +1,28 @@
 # Generated by Django 2.2.28 on 2024-08-01 12:36
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        ('note', '0006_trust'),
        ('activity', '0003_auto_20240323_1422'),
    ]
    operations = [
        migrations.CreateModel(
            name='Opener',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('activity', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='opener', to='activity.Activity', verbose_name='activity')),
                ('opener', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='activity_responsible', to='note.Note', verbose_name='opener')),
            ],
            options={
                'verbose_name': 'opener',
                'verbose_name_plural': 'openers',
                'unique_together': {('opener', 'activity')},
            },
        ),
    ]
--- a/apps/activity/migrations/0005_alter_opener_options_alter_opener_opener.py
+++ b/apps/activity/migrations/0005_alter_opener_options_alter_opener_opener.py
@@ -0,0 +1,24 @@
 # Generated by Django 4.2.15 on 2024-08-28 08:00
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        ('note', '0006_trust'),
        ('activity', '0004_opener'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='opener',
            options={'verbose_name': 'Opener', 'verbose_name_plural': 'Openers'},
        ),
        migrations.AlterField(
            model_name='opener',
            name='opener',
            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='activity_responsible', to='note.note', verbose_name='Opener'),
        ),
    ]
--- a/apps/activity/migrations/0006_guest_school.py
+++ b/apps/activity/migrations/0006_guest_school.py
@@ -0,0 +1,18 @@
 # Generated by Django 4.2.20 on 2025-03-25 09:58
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ("activity", "0005_alter_opener_options_alter_opener_opener"),
    ]
    operations = [
        migrations.AddField(
            model_name="guest",
            name="school",
            field=models.CharField(default="", max_length=255, verbose_name="school"),
            preserve_default=False,
        ),
    ]
--- a/apps/activity/migrations/0007_alter_guest_activity.py
+++ b/apps/activity/migrations/0007_alter_guest_activity.py
@@ -0,0 +1,19 @@
 # Generated by Django 4.2.20 on 2025-05-08 19:07
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        ('activity', '0006_guest_school'),
    ]
    operations = [
        migrations.AlterField(
            model_name='guest',
            name='activity',
            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='+', to='activity.activity'),
        ),
    ]
--- a/apps/activity/models.py
+++ b/apps/activity/models.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import os
@@ -11,7 +11,7 @@ from django.db import models, transaction
 from django.db.models import Q
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
-from note.models import NoteUser, Transaction
+from note.models import NoteUser, Transaction, Note
 from rest_framework.exceptions import ValidationError
@@ -66,6 +66,8 @@ class Activity(models.Model):
    description = models.TextField(
        verbose_name=_('description'),
        blank=True,
        default="",
    )
    location = models.CharField(
@@ -123,6 +125,14 @@ class Activity(models.Model):
        verbose_name=_('open'),
    )
    class Meta:
        verbose_name = _("activity")
        verbose_name_plural = _("activities")
        unique_together = ("name", "date_start", "date_end",)
    def __str__(self):
        return self.name
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
@@ -144,14 +154,6 @@ class Activity(models.Model):
                if settings.DATABASES["default"]["ENGINE"] == 'django.db.backends.postgresql' else refresh_activities()
        return ret
    def __str__(self):
        return self.name
    class Meta:
        verbose_name = _("activity")
        verbose_name_plural = _("activities")
        unique_together = ("name", "date_start", "date_end",)
 class Entry(models.Model):
    """
@@ -199,7 +201,8 @@ class Entry(models.Model):
    def save(self, *args, **kwargs):
        qs = Entry.objects.filter(~Q(pk=self.pk), activity=self.activity, note=self.note, guest=self.guest)
        if qs.exists():
-            raise ValidationError(_("Already entered on ") + _("{:%Y-%m-%d %H:%M:%S}").format(qs.get().time, ))
+            raise ValidationError(_("Already entered on ")
                                  + _("{:%Y-%m-%d %H:%M:%S}").format(timezone.localtime(qs.get().time), ))
        if self.guest:
            self.note = self.guest.inviter
@@ -231,7 +234,7 @@ class Guest(models.Model):
    """
    activity = models.ForeignKey(
        Activity,
-        on_delete=models.PROTECT,
+        on_delete=models.CASCADE,
        related_name='+',
    )
@@ -245,6 +248,11 @@ class Guest(models.Model):
        verbose_name=_("first name"),
    )
    school = models.CharField(
        max_length=255,
        verbose_name=_("school"),
    )
    inviter = models.ForeignKey(
        NoteUser,
        on_delete=models.PROTECT,
@@ -252,14 +260,13 @@ class Guest(models.Model):
        verbose_name=_("inviter"),
    )
-    @property
+    class Meta:
-    def has_entry(self):
+        verbose_name = _("guest")
-        try:
+        verbose_name_plural = _("guests")
-            if self.entry:
+        unique_together = ("activity", "last_name", "first_name", )
-                return True
+
-            return False
+    def __str__(self):
-        except AttributeError:
+        return self.first_name + " " + self.last_name
            return False
    @transaction.atomic
    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
@@ -290,13 +297,14 @@ class Guest(models.Model):
        return super().save(force_insert, force_update, using, update_fields)
-    def __str__(self):
+    @property
-        return self.first_name + " " + self.last_name
+    def has_entry(self):
-
+        try:
-    class Meta:
+            if self.entry:
-        verbose_name = _("guest")
+                return True
-        verbose_name_plural = _("guests")
+            return False
-        unique_together = ("activity", "last_name", "first_name", )
+        except AttributeError:
            return False
 class GuestTransaction(Transaction):
@@ -308,3 +316,31 @@ class GuestTransaction(Transaction):
    @property
    def type(self):
        return _('Invitation')
 class Opener(models.Model):
    """
    Allow the user to make activity entries without more rights
    """
    activity = models.ForeignKey(
        Activity,
        on_delete=models.CASCADE,
        related_name='opener',
        verbose_name=_('activity')
    )
    opener = models.ForeignKey(
        Note,
        on_delete=models.CASCADE,
        related_name='activity_responsible',
        verbose_name=_('Opener')
    )
    class Meta:
        verbose_name = _("Opener")
        verbose_name_plural = _("Openers")
        unique_together = ("opener", "activity")
    def __str__(self):
        return _("{opener} is opener of activity {acivity}").format(
            opener=str(self.opener), acivity=str(self.activity))
--- a/apps/activity/static/activity/js/opener.js
+++ b/apps/activity/static/activity/js/opener.js
@@ -0,0 +1,57 @@
 /**
 * On form submit, add a new opener
 */
 function form_create_opener (e) {
  // Do not submit HTML form
  e.preventDefault()
  // Get data and send to API
  const formData = new FormData(e.target)
  $.getJSON('/api/note/alias/'+formData.get('opener') + '/',
    function (opener_alias) {
      create_opener(formData.get('activity'), opener_alias.note)
    }).fail(function (xhr, _textStatus, _error) {
        errMsg(xhr.responseJSON)
    })
 }
 /**
 * Add an opener between an activity and a user
 * @param activity:Integer activity id
 * @param opener:Integer user note id
 */
 function create_opener(activity, opener) {
  $.post('/api/activity/opener/', {
      activity: activity,
      opener: opener,
      csrfmiddlewaretoken: CSRF_TOKEN
  }).done(function () {
  // Reload tables
  $('#opener_table').load(location.pathname + ' #opener_table')
    addMsg(gettext('Opener successfully added'), 'success')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
 }
 /**
 * On click of "delete", delete the opener
 * @param button_id:Integer Opener id to remove
 */
 function delete_button (button_id) {
  $.ajax({
    url: '/api/activity/opener/' + button_id + '/',
    method: 'DELETE',
    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
  }).done(function () {
    addMsg(gettext('Opener successfully deleted'), 'success')
    $('#opener_table').load(location.pathname + ' #opener_table')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
 }
 $(document).ready(function () {
  // Attach event
  document.getElementById('form_opener').addEventListener('submit', form_create_opener)
 })
--- a/apps/activity/tables.py
+++ b/apps/activity/tables.py
@@ -1,15 +1,17 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils import timezone
 from django.utils.html import escape
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
 from note_kfet.middlewares import get_current_request
 import django_tables2 as tables
 from django_tables2 import A
 from permission.backends import PermissionBackend
 from note.templatetags.pretty_money import pretty_money
-from .models import Activity, Entry, Guest
+from .models import Activity, Entry, Guest, Opener
 class ActivityTable(tables.Table):
@@ -49,11 +51,11 @@ class GuestTable(tables.Table):
        }
        model = Guest
        template_name = 'django_tables2/bootstrap4.html'
-        fields = ("last_name", "first_name", "inviter", )
+        fields = ("last_name", "first_name", "inviter", "school")
    def render_entry(self, record):
        if record.has_entry:
-            return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(record.entry.time, )))
+            return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(timezone.localtime(record.entry.time))))
        return mark_safe('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> '
                         '{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize()))
@@ -113,3 +115,34 @@ class EntryTable(tables.Table):
            'data-last-name': lambda record: record.last_name,
            'data-first-name': lambda record: record.first_name,
        }
 # function delete_button(id) provided in template file
 DELETE_TEMPLATE = """
    <button id="{{ record.pk }}" class="btn btn-danger btn-sm" onclick="delete_button(this.id)"> {{ delete_trans }}</button>
 """
 class OpenerTable(tables.Table):
    class Meta:
        attrs = {
            'class': 'table table condensed table-striped',
            'id': "opener_table"
        }
        model = Opener
        fields = ("opener",)
        template_name = 'django_tables2/bootstrap4.html'
    show_header = False
    opener = tables.Column(attrs={'td': {'class': 'text-center'}})
    delete_col = tables.TemplateColumn(
        template_code=DELETE_TEMPLATE,
        extra_context={"delete_trans": _('Delete')},
        attrs={
            'td': {
                'class': lambda record: 'col-sm-1'
                + (' d-none' if not PermissionBackend.check_perm(
                    get_current_request(), "activity.delete_opener", record)
                   else '')}},
        verbose_name=_("Delete"),)
--- a/apps/activity/templates/activity/activity_detail.html
+++ b/apps/activity/templates/activity/activity_detail.html
@@ -4,11 +4,31 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n perms %}
 {% load render_table from django_tables2 %}
 {% load static django_tables2 i18n %}
 {% block content %}
 <h1 class="text-white">{{ title }}</h1>
 {% include "activity/includes/activity_info.html" %}
 {% if activity.activity_type.manage_entries and ".change__opener"|has_perm:activity %}
    <div class="card bg-white mb-3">
        <h3 class="card-header text-center">
            {% trans "Openers" %}
        </h3>
        <div class="card-body">
            <form class="input-group" method="POST" id="form_opener">
                {% csrf_token %}
                <input type="hidden" name="activity" value="{{ object.pk }}">
                {%include "autocomplete_model.html" %}
                <div class="input-group-append">
                    <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
                </div>
            </form>
        </div>
        {% render_table opener %}
    </div>
 {% endif %}
 {% if guests.data %}
 <div class="card bg-white mb-3">
    <h3 class="card-header text-center">
@@ -22,6 +42,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% endblock %}
 {% block extrajavascript %}
 <script src="{% static "activity/js/opener.js" %}"></script>
 <script src="{% static "js/autocomplete_model.js" %}"></script>
 <script>
    function remove_guest(guest_id) {
        $.ajax({
@@ -73,5 +95,23 @@ SPDX-License-Identifier: GPL-3.0-or-later
            errMsg(xhr.responseJSON);
        });
    });
    $("#delete_activity").click(function () {
        if (!confirm("{% trans 'Are you sure you want to delete this activity?' %}")) {
            return;
        }
        $.ajax({
            url: "/api/activity/activity/{{ activity.pk }}/",
            type: "DELETE",
            headers: {
                "X-CSRFTOKEN": CSRF_TOKEN
            }
        }).done(function () {
            addMsg("{% trans 'Activity deleted' %}", "success");
            window.location.href = "/activity/";  // Redirige vers la liste des activités
        }).fail(function (xhr) {
            errMsg(xhr.responseJSON);
        });
    });
 </script>
 {% endblock %}
--- a/apps/activity/templates/activity/activity_entry.html
+++ b/apps/activity/templates/activity/activity_entry.html
@@ -38,6 +38,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 </a>
 <input id="alias" type="text" class="form-control" placeholder="Nom/note ...">
 <button id="trigger" class="btn btn-secondary">Click me !</button>
 <hr>
@@ -63,15 +64,46 @@ SPDX-License-Identifier: GPL-3.0-or-later
        refreshBalance();
    }
    function process_qrcode() {
        let name = alias_obj.val();
        $.get("/api/note/note?search=" + name + "&format=json").done(
            function (res) {
                let note = res.results[0];
                $.post("/api/activity/entry/?format=json", {
                    csrfmiddlewaretoken: CSRF_TOKEN,
                    activity: {{ activity.id }},
                    note: note.id,
                    guest: null
                }).done(function () {
                    addMsg(interpolate(gettext(
                        "Entry made for %s whose balance is %s €"),
                        [note.name, note.balance / 100]), "success", 4000);
                    reloadTable(true);
                }).fail(function (xhr) {
                    errMsg(xhr.responseJSON, 4000);
                });
            }).fail(function (xhr) {
                errMsg(xhr.responseJSON, 4000);
            });
    }
    alias_obj.keyup(function(event) {
        let code = event.originalEvent.keyCode
        if (65 <= code <= 122 || code === 13) {
            debounce(reloadTable)()
        }
        if (code === 0)
            process_qrcode();
    });
    $(document).ready(init);
    alias_obj2 = document.getElementById("alias");
    $("#trigger").click(function (e) {
        addMsg("Clicked", "success", 1000);
        alias_obj.val(alias_obj.val() + "\0");
        alias_obj2.dispatchEvent(new KeyboardEvent('keyup'));
    })
    function init() {
        $(".table-row").click(function (e) {
            let target = e.target.parentElement;
--- a/apps/activity/templates/activity/activity_form.html
+++ b/apps/activity/templates/activity/activity_form.html
@@ -18,3 +18,26 @@ SPDX-License-Identifier: GPL-3.0-or-later
  </div>
 </div>
 {% endblock %}
 {% block extrajavascript %}
 <script>
  var date_end = document.getElementById("id_date_end");
  var date_start = document.getElementById("id_date_start");
  function update_date_end (){
    if(date_end.value=="" || date_end.value<date_start.value){
      date_end.value = date_start.value;
    };
  };
  function update_date_start (){
    if(date_start.value=="" || date_end.value<date_start.value){
      date_start.value = date_end.value;
    };
  };
  date_start.addEventListener('focusout', update_date_end);
  date_end.addEventListener('focusout', update_date_start);
 </script>
 {% endblock %}
--- a/apps/activity/templates/activity/includes/activity_info.html
+++ b/apps/activity/templates/activity/includes/activity_info.html
@@ -70,7 +70,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
            {% if ".change_"|has_perm:activity %}
                <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_update' pk=activity.pk %}" data-turbolinks="false"> {% trans "edit"|capfirst %}</a>
            {% endif %}
-            {% if activity.activity_type.can_invite and not activity_started %}
+            {% if not activity.valid and ".delete_"|has_perm:activity %}
                <a class="btn btn-danger btn-sm my-1" id="delete_activity"> {% trans "delete"|capfirst %} </a>
            {% endif %}
            {% if activity.activity_type.can_invite and not activity_started and activity.valid %}
                <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_invite' pk=activity.pk %}" data-turbolinks="false"> {% trans "Invite" %}</a>
            {% endif %}
        {% endif %}
--- a/apps/activity/tests/test_activities.py
+++ b/apps/activity/tests/test_activities.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta
@@ -50,6 +50,7 @@ class TestActivities(TestCase):
            inviter=self.user.note,
            last_name="GUEST",
            first_name="Guest",
            school="School",
        )
    def test_activity_list(self):
@@ -156,6 +157,7 @@ class TestActivities(TestCase):
            inviter=self.user.note.id,
            last_name="GUEST2",
            first_name="Guest",
            school="School",
        ))
        self.assertEqual(response.status_code, 200)
@@ -167,6 +169,7 @@ class TestActivities(TestCase):
            inviter=self.user.note.id,
            last_name="GUEST2",
            first_name="Guest",
            school="School",
        ))
        self.assertRedirects(response, reverse("activity:activity_detail", args=(self.activity.pk,)), 302, 200)
@@ -200,6 +203,7 @@ class TestActivityAPI(TestAPI):
            inviter=self.user.note,
            last_name="GUEST",
            first_name="Guest",
            school="School",
        )
        self.entry = Entry.objects.create(
--- a/apps/activity/urls.py
+++ b/apps/activity/urls.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.urls import path
@@ -15,4 +15,5 @@ urlpatterns = [
    path('<int:pk>/update/', views.ActivityUpdateView.as_view(), name='activity_update'),
    path('new/', views.ActivityCreateView.as_view(), name='activity_create'),
    path('calendar.ics', views.CalendarView.as_view(), name='calendar_ics'),
    path('<int:pk>/delete', views.ActivityDeleteView.as_view(), name='delete_activity'),
 ]
--- a/apps/activity/views.py
+++ b/apps/activity/views.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from hashlib import md5
@@ -9,7 +9,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.db.models import F, Q
-from django.http import HttpResponse
+from django.http import HttpResponse, JsonResponse
 from django.urls import reverse_lazy
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -17,14 +17,16 @@ from django.utils.translation import gettext_lazy as _
 from django.views import View
 from django.views.decorators.cache import cache_page
 from django.views.generic import DetailView, TemplateView, UpdateView
-from django_tables2.views import SingleTableView
+from django.views.generic.list import ListView
 from django_tables2.views import MultiTableMixin, SingleTableMixin
 from api.viewsets import is_regex
 from note.models import Alias, NoteSpecial, NoteUser
 from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 from .forms import ActivityForm, GuestForm
-from .models import Activity, Entry, Guest
+from .models import Activity, Entry, Guest, Opener
-from .tables import ActivityTable, EntryTable, GuestTable
+from .tables import ActivityTable, EntryTable, GuestTable, OpenerTable
 class ActivityCreateView(ProtectQuerysetMixin, ProtectedCreateView):
@@ -57,26 +59,36 @@ class ActivityCreateView(ProtectQuerysetMixin, ProtectedCreateView):
        return reverse_lazy('activity:activity_detail', kwargs={"pk": self.object.pk})
-class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
+class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, ListView):
    """
    Displays all Activities, and classify if they are on-going or upcoming ones.
    """
    model = Activity
-    table_class = ActivityTable
+    tables = [
-    ordering = ('-date_start',)
+        lambda data: ActivityTable(data, prefix="all-"),
        lambda data: ActivityTable(data, prefix="upcoming-"),
    ]
    extra_context = {"title": _("Activities")}
    def get_queryset(self, **kwargs):
        return super().get_queryset(**kwargs).distinct()
    def get_tables_data(self):
        # first table = all activities, second table = upcoming
        return [
            self.get_queryset().order_by("-date_start"),
            Activity.objects.filter(date_end__gt=timezone.now())
                            .filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))
                            .distinct()
                            .order_by("date_start")
        ]
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        upcoming_activities = Activity.objects.filter(date_end__gt=timezone.now())
+        tables = context["tables"]
-        context['upcoming'] = ActivityTable(
+        for name, table in zip(["table", "upcoming"], tables):
-            data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")),
+            context[name] = table
            prefix='upcoming-',
        )
        started_activities = self.get_queryset().filter(open=True, valid=True).distinct().all()
        context["started_activities"] = started_activities
@@ -84,7 +96,7 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
        return context
-class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
    """
    Shows details about one activity. Add guest to context
    """
@@ -92,15 +104,40 @@ class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = "activity"
    extra_context = {"title": _("Activity detail")}
    tables = [
        lambda data: GuestTable(data, prefix="guests-"),
        lambda data: OpenerTable(data, prefix="opener-"),
    ]
    def get_tables_data(self):
        return [
            Guest.objects.filter(activity=self.object)
                         .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")),
            self.object.opener.filter(activity=self.object)
                              .filter(PermissionBackend.filter_queryset(self.request, Opener, "view")),
        ]
    def get_context_data(self, **kwargs):
        context = super().get_context_data()
-        table = GuestTable(data=Guest.objects.filter(activity=self.object)
+        tables = context["tables"]
-                           .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")))
+        for name, table in zip(["guests", "opener"], tables):
-        context["guests"] = table
+            context[name] = table
        context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start)
        context["widget"] = {
            "name": "opener",
            "resetable": True,
            "attrs": {
                "class": "autocomplete form-control",
                "id": "opener",
                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
                "name_field": "name",
                "placeholder": ""
            }
        }
        return context
@@ -116,6 +153,34 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
        return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
 class ActivityDeleteView(View):
    """
    Deletes an Activity
    """
    def delete(self, request, pk):
        try:
            activity = Activity.objects.get(pk=pk)
            activity.delete()
            return JsonResponse({"message": "Activity deleted"})
        except Activity.DoesNotExist:
            return JsonResponse({"error": "Activity not found"}, status=404)
    def dispatch(self, *args, **kwargs):
        """
        Don't display the delete button if the user has no right to delete.
        """
        if not self.request.user.is_authenticated:
            return self.handle_no_permission()
        activity = Activity.objects.get(pk=self.kwargs["pk"])
        if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity):
            raise PermissionDenied(_("You are not allowed to delete this activity."))
        if activity.valid:
            raise PermissionDenied(_("This activity is valid."))
        return super().dispatch(*args, **kwargs)
 class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
    """
    Invite a Guest, The rules to invites someone are defined in `forms:activity.GuestForm`
@@ -131,6 +196,7 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
            activity=activity,
            first_name="",
            last_name="",
            school="",
            inviter=self.request.user.note,
        )
@@ -157,12 +223,14 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
        return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
-class ActivityEntryView(LoginRequiredMixin, TemplateView):
+class ActivityEntryView(LoginRequiredMixin, SingleTableMixin, TemplateView):
    """
    Manages entry to an activity
    """
    template_name = "activity/activity_entry.html"
    table_class = EntryTable
    def dispatch(self, request, *args, **kwargs):
        """
        Don't display the entry interface if the user has no right to see it (no right to add an entry for itself),
@@ -197,13 +265,16 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
-            if pattern[0] != "^":
+
-                pattern = "^" + pattern
+            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            pattern = "^" + pattern if valid_regex and pattern[0] != "^" else pattern
            guest_qs = guest_qs.filter(
-                Q(first_name__iregex=pattern)
+                Q(**{f"first_name{suffix}": pattern})
-                | Q(last_name__iregex=pattern)
+                | Q(**{f"last_name{suffix}": pattern})
-                | Q(inviter__alias__name__iregex=pattern)
+                | Q(**{f"inviter__alias__name{suffix}": pattern})
-                | Q(inviter__alias__normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"inviter__alias__normalized_name{suffix}": Alias.normalize(pattern)})
            )
        else:
            guest_qs = guest_qs.none()
@@ -223,23 +294,26 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        # Keep only users that have a note
        note_qs = note_qs.filter(note__noteuser__isnull=False)
-        # Keep only members
+        # Keep only valid members
        note_qs = note_qs.filter(
            note__noteuser__user__memberships__club=activity.attendees_club,
            note__noteuser__user__memberships__date_start__lte=timezone.now(),
-            note__noteuser__user__memberships__date_end__gte=timezone.now(),
+            note__noteuser__user__memberships__date_end__gte=timezone.now()).exclude(note__inactivity_reason='forced')
        )
        # Filter with permission backend
        note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request, Alias, "view"))
        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__icontains"
            note_qs = note_qs.filter(
-                Q(note__noteuser__user__first_name__iregex=pattern)
+                Q(**{f"note__noteuser__user__first_name{suffix}": pattern})
-                | Q(note__noteuser__user__last_name__iregex=pattern)
+                | Q(**{f"note__noteuser__user__last_name{suffix}": pattern})
-                | Q(name__iregex=pattern)
+                | Q(**{f"name{suffix}": pattern})
-                | Q(normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"normalized_name{suffix}": Alias.normalize(pattern)})
            )
        else:
            note_qs = note_qs.none()
@@ -251,15 +325,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
            if settings.DATABASES[note_qs.db]["ENGINE"] == 'django.db.backends.postgresql' else note_qs.distinct()[:20]
        return note_qs
-    def get_context_data(self, **kwargs):
+    def get_table_data(self):
        """
        Query the list of Guest and Note to the activity and add information to makes entry with JS.
        """
        context = super().get_context_data(**kwargs)
        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
            .distinct().get(pk=self.kwargs["pk"])
        context["activity"] = activity
        matched = []
@@ -272,8 +340,17 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
            note.activity = activity
            matched.append(note)
-        table = EntryTable(data=matched)
+        return matched
-        context["table"] = table
+
    def get_context_data(self, **kwargs):
        """
        Query the list of Guest and Note to the activity and add information to makes entry with JS.
        """
        context = super().get_context_data(**kwargs)
        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
            .distinct().get(pk=self.kwargs["pk"])
        context["activity"] = activity
        context["entries"] = Entry.objects.filter(activity=activity)
@@ -281,7 +358,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        context["noteuser_ctype"] = ContentType.objects.get_for_model(NoteUser).pk
        context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk
-        activities_open = Activity.objects.filter(open=True).filter(
+        activities_open = Activity.objects.filter(open=True, activity_type__manage_entries=True).filter(
            PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
        context["activities_open"] = [a for a in activities_open
                                      if PermissionBackend.check_perm(self.request,
@@ -315,8 +392,8 @@ X-WR-CALNAME:Kfet Calendar
 NAME:Kfet Calendar
 CALSCALE:GREGORIAN
 BEGIN:VTIMEZONE
-TZID:Europe/Berlin
+TZID:Europe/Paris
-X-LIC-LOCATION:Europe/Berlin
+X-LIC-LOCATION:Europe/Paris
 BEGIN:DAYLIGHT
 TZOFFSETFROM:+0100
 TZOFFSETTO:+0200
@@ -338,10 +415,10 @@ END:VTIMEZONE
 DTSTAMP:{"{:%Y%m%dT%H%M%S}".format(activity.date_start)}Z
 UID:{md5((activity.name + "$" + str(activity.id) + str(activity.date_start)).encode("UTF-8")).hexdigest()}
 SUMMARY;CHARSET=UTF-8:{self.multilines(activity.name, 75, 22)}
-DTSTART;TZID=Europe/Berlin:{"{:%Y%m%dT%H%M%S}".format(activity.date_start)}
+DTSTART:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_start)}
-DTEND;TZID=Europe/Berlin:{"{:%Y%m%dT%H%M%S}".format(activity.date_end)}
+DTEND:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_end)}
 LOCATION:{self.multilines(activity.location, 75, 9) if activity.location else "Kfet"}
-DESCRIPTION;CHARSET=UTF-8:""" + self.multilines(activity.description.replace("\n", "\\n"), 75, 26) + """
+DESCRIPTION;CHARSET=UTF-8:""" + self.multilines(activity.description.replace("\n", "\\n"), 75, 26) + f"""
 -- {activity.organizer.name}
 END:VEVENT
 """
--- a/apps/api/init.py
+++ b/apps/api/init.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'api.apps.APIConfig'
--- a/apps/api/apps.py
+++ b/apps/api/apps.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/api/filters.py
+++ b/apps/api/filters.py
@@ -0,0 +1,42 @@
 import re
 from functools import lru_cache
 from rest_framework.filters import SearchFilter
 class RegexSafeSearchFilter(SearchFilter):
    @lru_cache
    def validate_regex(self, search_term) -> bool:
        try:
            re.compile(search_term)
            return True
        except re.error:
            return False
    def get_search_fields(self, view, request):
        """
        Ensure that given regex are valid.
        If not, we consider that the user is trying to search by substring.
        """
        search_fields = super().get_search_fields(view, request)
        search_terms = self.get_search_terms(request)
        for search_term in search_terms:
            if not self.validate_regex(search_term):
                # Invalid regex. We assume we don't query by regex but by substring.
                search_fields = [f.replace('$', '') for f in search_fields]
                break
        return search_fields
    def get_search_terms(self, request):
        """
        Ensure that search field is a valid regex query. If not, we remove extra characters.
        """
        terms = super().get_search_terms(request)
        if not all(self.validate_regex(term) for term in terms):
            # Invalid regex. If a ^ is prefixed to the search term, we remove it.
            terms = [term[1:] if term[0] == '^' else term for term in terms]
            # Same for dollars.
            terms = [term[:-1] if term[-1] == '$' else term for term in terms]
        return terms
--- a/apps/api/pagination.py
+++ b/apps/api/pagination.py
@@ -0,0 +1,5 @@
 from rest_framework.pagination import PageNumberPagination
 class CustomPagination(PageNumberPagination):
    page_size_query_param = 'page_size'
--- a/apps/api/serializers.py
+++ b/apps/api/serializers.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
--- a/apps/api/tests.py
+++ b/apps/api/tests.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import json
@@ -12,11 +12,12 @@ from django.contrib.contenttypes.models import ContentType
 from django.db.models.fields.files import ImageFieldFile
 from django.test import TestCase
 from django_filters.rest_framework import DjangoFilterBackend
 from phonenumbers import PhoneNumber
 from rest_framework.filters import OrderingFilter
 from api.filters import RegexSafeSearchFilter
 from member.models import Membership, Club
 from note.models import NoteClub, NoteUser, Alias, Note
 from permission.models import PermissionMask, Permission, Role
 from phonenumbers import PhoneNumber
 from rest_framework.filters import SearchFilter, OrderingFilter
 from .viewsets import ContentTypeViewSet, UserViewSet
@@ -87,7 +88,7 @@ class TestAPI(TestCase):
                    resp = self.client.get(url + f"?ordering=-{field}")
                    self.assertEqual(resp.status_code, 200)
-            if SearchFilter in backends:
+            if RegexSafeSearchFilter in backends:
                # Basic search
                for field in viewset.search_fields:
                    obj = self.fix_note_object(obj, field)
--- a/apps/api/urls.py
+++ b/apps/api/urls.py
@@ -1,8 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
-from django.conf.urls import url, include
+from django.conf.urls import include
 from django.urls import re_path
 from rest_framework import routers
 from .views import UserInformationView
@@ -14,40 +15,48 @@ router = routers.DefaultRouter()
 router.register('models', ContentTypeViewSet)
 router.register('user', UserViewSet)
-if "member" in settings.INSTALLED_APPS:
+if "activity" in settings.INSTALLED_APPS:
    from member.api.urls import register_members_urls
    register_members_urls(router, 'members')
 if "member" in settings.INSTALLED_APPS:
    from activity.api.urls import register_activity_urls
    register_activity_urls(router, 'activity')
-if "note" in settings.INSTALLED_APPS:
+if "food" in settings.INSTALLED_APPS:
-    from note.api.urls import register_note_urls
+    from food.api.urls import register_food_urls
-    register_note_urls(router, 'note')
+    register_food_urls(router, 'food')
 if "treasury" in settings.INSTALLED_APPS:
    from treasury.api.urls import register_treasury_urls
    register_treasury_urls(router, 'treasury')
 if "permission" in settings.INSTALLED_APPS:
    from permission.api.urls import register_permission_urls
    register_permission_urls(router, 'permission')
 if "logs" in settings.INSTALLED_APPS:
    from logs.api.urls import register_logs_urls
    register_logs_urls(router, 'logs')
 if "member" in settings.INSTALLED_APPS:
    from member.api.urls import register_members_urls
    register_members_urls(router, 'members')
 if "note" in settings.INSTALLED_APPS:
    from note.api.urls import register_note_urls
    register_note_urls(router, 'note')
 if "permission" in settings.INSTALLED_APPS:
    from permission.api.urls import register_permission_urls
    register_permission_urls(router, 'permission')
 if "treasury" in settings.INSTALLED_APPS:
    from treasury.api.urls import register_treasury_urls
    register_treasury_urls(router, 'treasury')
 if "wei" in settings.INSTALLED_APPS:
    from wei.api.urls import register_wei_urls
    register_wei_urls(router, 'wei')
 if "wrapped" in settings.INSTALLED_APPS:
    from wrapped.api.urls import register_wrapped_urls
    register_wrapped_urls(router, 'wrapped')
 app_name = 'api'
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
-    url('^', include(router.urls)),
+    re_path('^', include(router.urls)),
-    url('^me/', UserInformationView.as_view()),
+    re_path('^me/', UserInformationView.as_view()),
-    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    re_path('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]
--- a/apps/api/views.py
+++ b/apps/api/views.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib.auth.models import User
--- a/apps/api/viewsets.py
+++ b/apps/api/viewsets.py
@@ -1,19 +1,29 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import re
 from django.contrib.contenttypes.models import ContentType
 from django_filters.rest_framework import DjangoFilterBackend
 from django.db.models import Q
 from django.conf import settings
 from django.contrib.auth.models import User
 from rest_framework.filters import SearchFilter
 from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
 from permission.backends import PermissionBackend
 from note.models import Alias
 from .filters import RegexSafeSearchFilter
 from .serializers import UserSerializer, ContentTypeSerializer
 def is_regex(pattern):
    try:
        re.compile(pattern)
        return True
    except (re.error, TypeError):
        return False
 class ReadProtectedModelViewSet(ModelViewSet):
    """
    Protect a ModelViewSet by filtering the objects that the user cannot see.
@@ -60,34 +70,38 @@ class UserViewSet(ReadProtectedModelViewSet):
        if "search" in self.request.GET:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            # Filter with different rules
            # We use union-all to keep each filter rule sorted in result
            queryset = queryset.filter(
                # Match without normalization
-                note__alias__name__iregex="^" + pattern
+                Q(**{f"note__alias__name{suffix}": prefix + pattern})
            ).union(
                queryset.filter(
                    # Match with normalization
-                    Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                ),
                all=True,
            ).union(
                queryset.filter(
                    # Match on lower pattern
-                    Q(note__alias__normalized_name__iregex="^" + pattern.lower())
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
-                    & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                ),
                all=True,
            ).union(
                queryset.filter(
                    # Match on firstname or lastname
-                    (Q(last_name__iregex="^" + pattern) | Q(first_name__iregex="^" + pattern))
+                    (Q(**{f"last_name{suffix}": prefix + pattern}) | Q(**{f"first_name{suffix}": prefix + pattern}))
-                    & ~Q(note__alias__normalized_name__iregex="^" + pattern.lower())
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
-                    & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                ),
                all=True,
            )
@@ -107,6 +121,6 @@ class ContentTypeViewSet(ReadOnlyModelViewSet):
    """
    queryset = ContentType.objects.order_by('id')
    serializer_class = ContentTypeSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['id', 'app_label', 'model', ]
    search_fields = ['$app_label', '$model', ]
--- a/apps/food/init.py
+++ b/apps/food/init.py
--- a/apps/food/admin.py
+++ b/apps/food/admin.py
@@ -0,0 +1,59 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib import admin
 from polymorphic.admin import PolymorphicChildModelAdmin, PolymorphicParentModelAdmin
 from note_kfet.admin import admin_site
 from .models import Allergen, Food, BasicFood, TransformedFood, QRCode
@admin.register(Allergen, site=admin_site)
 class AllergenAdmin(admin.ModelAdmin):
    """
    Admin customisation for Allergen
    """
    ordering = ['name']
@admin.register(Food, site=admin_site)
 class FoodAdmin(PolymorphicParentModelAdmin):
    """
    Admin customisation for Food
    """
    child_models = (Food, BasicFood, TransformedFood)
    list_display = ('name', 'expiry_date', 'owner', 'is_ready')
    list_filter = ('is_ready', 'end_of_life')
    search_fields = ['name']
    ordering = ['expiry_date', 'name']
@admin.register(BasicFood, site=admin_site)
 class BasicFood(PolymorphicChildModelAdmin):
    """
    Admin customisation for BasicFood
    """
    list_display = ('name', 'expiry_date', 'date_type', 'owner', 'is_ready')
    list_filter = ('is_ready', 'date_type', 'end_of_life')
    search_fields = ['name']
    ordering = ['expiry_date', 'name']
@admin.register(TransformedFood, site=admin_site)
 class TransformedFood(PolymorphicChildModelAdmin):
    """
    Admin customisation for TransformedFood
    """
    list_display = ('name', 'expiry_date', 'shelf_life', 'owner', 'is_ready')
    list_filter = ('is_ready', 'end_of_life', 'shelf_life')
    search_fields = ['name']
    ordering = ['expiry_date', 'name']
@admin.register(QRCode, site=admin_site)
 class QRCodeAdmin(admin.ModelAdmin):
    """
    Admin customisation for QRCode
    """
    list_diplay = ('qr_code_number', 'food_container')
    search_fields = ['food_container__name']
--- a/apps/food/api/init.py
+++ b/apps/food/api/init.py
--- a/apps/food/api/serializers.py
+++ b/apps/food/api/serializers.py
@@ -0,0 +1,56 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from rest_framework import serializers
 from ..models import Allergen, Food, BasicFood, TransformedFood, QRCode
 class AllergenSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Allergen.
    The djangorestframework plugin will analyse the model `Allergen` and parse all fields in the API.
    """
    class Meta:
        model = Allergen
        fields = '__all__'
 class FoodSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Food.
    The djangorestframework plugin will analyse the model `Food` and parse all fields in the API.
    """
    class Meta:
        model = Food
        fields = '__all__'
 class BasicFoodSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for BasicFood.
    The djangorestframework plugin will analyse the model `BasicFood` and parse all fields in the API.
    """
    class Meta:
        model = BasicFood
        fields = '__all__'
 class TransformedFoodSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for TransformedFood.
    The djangorestframework plugin will analyse the model `TransformedFood` and parse all fields in the API.
    """
    class Meta:
        model = TransformedFood
        fields = '__all__'
 class QRCodeSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for QRCode.
    The djangorestframework plugin will analyse the model `QRCode` and parse all fields in the API.
    """
    class Meta:
        model = QRCode
        fields = '__all__'
--- a/apps/food/api/urls.py
+++ b/apps/food/api/urls.py
@@ -0,0 +1,15 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import AllergenViewSet, FoodViewSet, BasicFoodViewSet, TransformedFoodViewSet, QRCodeViewSet
 def register_food_urls(router, path):
    """
    Configure router for Food REST API.
    """
    router.register(path + '/allergen', AllergenViewSet)
    router.register(path + '/food', FoodViewSet)
    router.register(path + '/basicfood', BasicFoodViewSet)
    router.register(path + '/transformedfood', TransformedFoodViewSet)
    router.register(path + '/qrcode', QRCodeViewSet)
--- a/apps/food/api/views.py
+++ b/apps/food/api/views.py
@@ -0,0 +1,74 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from api.viewsets import ReadProtectedModelViewSet
 from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.filters import SearchFilter
 from .serializers import AllergenSerializer, FoodSerializer, BasicFoodSerializer, TransformedFoodSerializer, QRCodeSerializer
 from ..models import Allergen, Food, BasicFood, TransformedFood, QRCode
 class AllergenViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `Allergen` objects, serialize it to JSON with the given serializer,
    then render it on /api/food/allergen/
    """
    queryset = Allergen.objects.order_by('id')
    serializer_class = AllergenSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
    filterset_fields = ['name', ]
    search_fields = ['$name', ]
 class FoodViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `Food` objects, serialize it to JSON with the given serializer,
    then render it on /api/food/food/
    """
    queryset = Food.objects.order_by('id')
    serializer_class = FoodSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
    filterset_fields = ['name', ]
    search_fields = ['$name', ]
 class BasicFoodViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `BasicFood` objects, serialize it to JSON with the given serializer,
    then render it on /api/food/basicfood/
    """
    queryset = BasicFood.objects.order_by('id')
    serializer_class = BasicFoodSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
    filterset_fields = ['name', ]
    search_fields = ['$name', ]
 class TransformedFoodViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `TransformedFood` objects, serialize it to JSON with the given serializer,
    then render it on /api/food/transformedfood/
    """
    queryset = TransformedFood.objects.order_by('id')
    serializer_class = TransformedFoodSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
    filterset_fields = ['name', ]
    search_fields = ['$name', ]
 class QRCodeViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `QRCode` objects, serialize it to JSON with the given serializer,
    then render it on /api/food/qrcode/
    """
    queryset = QRCode.objects.order_by('id')
    serializer_class = QRCodeSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
    filterset_fields = ['qr_code_number', ]
    search_fields = ['$qr_code_number', ]
--- a/apps/food/apps.py
+++ b/apps/food/apps.py
@@ -0,0 +1,11 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils.translation import gettext_lazy as _
 from django.apps import AppConfig
 class FoodkfetConfig(AppConfig):
    name = 'food'
    verbose_name = _('food')
--- a/apps/food/fixtures/initial.json
+++ b/apps/food/fixtures/initial.json
@@ -0,0 +1,100 @@
 [
    {
 	"model": "food.allergen",
 	"pk": 1,
 	"fields": {
 	    "name": "Lait"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 2,
 	"fields": {
 	    "name": "Oeufs"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 3,
 	"fields": {
 	    "name": "Gluten"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 4,
 	"fields": {
 	    "name": "Fruits à coques"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 5,
 	"fields": {
 	    "name": "Arachides"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 6,
 	"fields": {
 	    "name": "Sésame"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 7,
 	"fields": {
 	    "name": "Soja"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 8,
 	"fields": {
 	    "name": "Céleri"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 9,
 	"fields": {
 	    "name": "Lupin"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 10,
 	"fields": {
 	    "name": "Moutarde"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 11,
 	"fields": {
 	    "name": "Sulfites"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 12,
 	"fields": {
 	    "name": "Crustacés"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 13,
 	"fields": {
 	    "name": "Mollusques"
 	}
    },
    {
 	"model": "food.allergen",
 	"pk": 14,
 	"fields": {
 	    "name": "Poissons"
 	}
    }
 ]
--- a/apps/food/forms.py
+++ b/apps/food/forms.py
@@ -0,0 +1,187 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from random import shuffle
 from bootstrap_datepicker_plus.widgets import DateTimePickerInput
 from django import forms
 from django.forms.widgets import NumberInput
 from django.utils.translation import gettext_lazy as _
 from member.models import Club
 from note_kfet.inputs import Autocomplete
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 from .models import Food, BasicFood, TransformedFood, QRCode
 class QRCodeForms(forms.ModelForm):
    """
    Form for create QRCode for container
    """
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields['food_container'].queryset = self.fields['food_container'].queryset.filter(
            end_of_life__isnull=True,
            polymorphic_ctype__model='transformedfood',
        ).filter(PermissionBackend.filter_queryset(
            get_current_request(),
            TransformedFood,
            "view",
        ))
    class Meta:
        model = QRCode
        fields = ('food_container',)
 class BasicFoodForms(forms.ModelForm):
    """
    Form for add basicfood
    """
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields['name'].widget.attrs.update({"autofocus": "autofocus"})
        self.fields['name'].required = True
        self.fields['owner'].required = True
        # Some example
        self.fields['name'].widget.attrs.update({"placeholder": _("Pasta METRO 5kg")})
        clubs = list(Club.objects.filter(PermissionBackend.filter_queryset(get_current_request(), Club, "change")).all())
        shuffle(clubs)
        self.fields['owner'].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
        self.fields['order'].widget.attrs["placeholder"] = _("Specific order given to GCKs")
    class Meta:
        model = BasicFood
        fields = ('name', 'owner', 'date_type', 'expiry_date', 'allergens', 'order',)
        widgets = {
            "owner": Autocomplete(
                model=Club,
                attrs={"api_url": "/api/members/club/"},
            ),
            "expiry_date": DateTimePickerInput(),
        }
 class TransformedFoodForms(forms.ModelForm):
    """
    Form for add transformedfood
    """
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields['name'].required = True
        self.fields['owner'].required = True
        # Some example
        self.fields['name'].widget.attrs.update({"placeholder": _("Lasagna")})
        clubs = list(Club.objects.filter(PermissionBackend.filter_queryset(get_current_request(), Club, "change")).all())
        shuffle(clubs)
        self.fields['owner'].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
        self.fields['order'].widget.attrs["placeholder"] = _("Specific order given to GCKs")
    class Meta:
        model = TransformedFood
        fields = ('name', 'owner', 'order',)
        widgets = {
            "owner": Autocomplete(
                model=Club,
                attrs={"api_url": "/api/members/club/"},
            ),
        }
 class BasicFoodUpdateForms(forms.ModelForm):
    """
    Form for update basicfood object
    """
    class Meta:
        model = BasicFood
        fields = ('name', 'owner', 'date_type', 'expiry_date', 'end_of_life', 'is_ready', 'order', 'allergens')
        widgets = {
            "owner": Autocomplete(
                model=Club,
                attrs={"api_url": "/api/members/club/"},
            ),
            "expiry_date": DateTimePickerInput(),
        }
 class TransformedFoodUpdateForms(forms.ModelForm):
    """
    Form for update transformedfood object
    """
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields['shelf_life'].label = _('Shelf life (in hours)')
    class Meta:
        model = TransformedFood
        fields = ('name', 'owner', 'end_of_life', 'is_ready', 'order', 'shelf_life')
        widgets = {
            "owner": Autocomplete(
                model=Club,
                attrs={"api_url": "/api/members/club/"},
            ),
            "expiry_date": DateTimePickerInput(),
            "shelf_life": NumberInput(),
        }
 class AddIngredientForms(forms.ModelForm):
    """
    Form for add an ingredient
    """
    fully_used = forms.BooleanField()
    fully_used.initial = True
    fully_used.required = False
    fully_used.label = _("Fully used")
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        # TODO find a better way to get pk (be not url scheme dependant)
        pk = get_current_request().path.split('/')[-1]
        self.fields['ingredients'].queryset = self.fields['ingredients'].queryset.filter(
            polymorphic_ctype__model="transformedfood",
            is_ready=False,
            end_of_life='',
        ).filter(PermissionBackend.filter_queryset(get_current_request(), TransformedFood, "change")).exclude(pk=pk)
    class Meta:
        model = TransformedFood
        fields = ('ingredients',)
 class ManageIngredientsForm(forms.Form):
    """
    Form to manage ingredient
    """
    fully_used = forms.BooleanField()
    fully_used.initial = True
    fully_used.required = True
    fully_used.label = _('Fully used')
    name = forms.CharField()
    name.widget = Autocomplete(
        model=Food,
        resetable=True,
        attrs={"api_url": "/api/food/food",
               "class": "autocomplete"},
    )
    name.label = _('Name')
    qrcode = forms.IntegerField()
    qrcode.widget = Autocomplete(
        model=QRCode,
        resetable=True,
        attrs={"api_url": "/api/food/qrcode/",
               "name_field": "qr_code_number",
               "class": "autocomplete"},
    )
    qrcode.label = _('QR code number')
 ManageIngredientsFormSet = forms.formset_factory(
    ManageIngredientsForm,
    extra=1,
 )
--- a/apps/food/migrations/0001_initial.py
+++ b/apps/food/migrations/0001_initial.py
@@ -0,0 +1,199 @@
 # Generated by Django 4.2.20 on 2025-04-17 21:43
 import datetime
 from django.db import migrations, models
 import django.db.models.deletion
 import django.utils.timezone
 class Migration(migrations.Migration):
    initial = True
    dependencies = [
        ("contenttypes", "0002_remove_content_type_name"),
        ("member", "0013_auto_20240801_1436"),
    ]
    operations = [
        migrations.CreateModel(
            name="Allergen",
            fields=[
                (
                    "id",
                    models.AutoField(
                        auto_created=True,
                        primary_key=True,
                        serialize=False,
                        verbose_name="ID",
                    ),
                ),
                ("name", models.CharField(max_length=255, verbose_name="name")),
            ],
            options={
                "verbose_name": "Allergen",
                "verbose_name_plural": "Allergens",
            },
        ),
        migrations.CreateModel(
            name="Food",
            fields=[
                (
                    "id",
                    models.AutoField(
                        auto_created=True,
                        primary_key=True,
                        serialize=False,
                        verbose_name="ID",
                    ),
                ),
                ("name", models.CharField(max_length=255, verbose_name="name")),
                ("expiry_date", models.DateTimeField(verbose_name="expiry date")),
                (
                    "end_of_life",
                    models.CharField(max_length=255, verbose_name="end of life"),
                ),
                (
                    "is_ready",
                    models.BooleanField(max_length=255, verbose_name="is ready"),
                ),
                ("order", models.CharField(max_length=255, verbose_name="order")),
                (
                    "allergens",
                    models.ManyToManyField(
                        blank=True, to="food.allergen", verbose_name="allergens"
                    ),
                ),
                (
                    "owner",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.PROTECT,
                        related_name="+",
                        to="member.club",
                        verbose_name="owner",
                    ),
                ),
                (
                    "polymorphic_ctype",
                    models.ForeignKey(
                        editable=False,
                        null=True,
                        on_delete=django.db.models.deletion.CASCADE,
                        related_name="polymorphic_%(app_label)s.%(class)s_set+",
                        to="contenttypes.contenttype",
                    ),
                ),
            ],
            options={
                "verbose_name": "Food",
                "verbose_name_plural": "Foods",
            },
        ),
        migrations.CreateModel(
            name="BasicFood",
            fields=[
                (
                    "food_ptr",
                    models.OneToOneField(
                        auto_created=True,
                        on_delete=django.db.models.deletion.CASCADE,
                        parent_link=True,
                        primary_key=True,
                        serialize=False,
                        to="food.food",
                    ),
                ),
                (
                    "arrival_date",
                    models.DateTimeField(
                        default=django.utils.timezone.now, verbose_name="arrival date"
                    ),
                ),
                (
                    "date_type",
                    models.CharField(
                        choices=[("DLC", "DLC"), ("DDM", "DDM")], max_length=255
                    ),
                ),
            ],
            options={
                "verbose_name": "Basic food",
                "verbose_name_plural": "Basic foods",
            },
            bases=("food.food",),
        ),
        migrations.CreateModel(
            name="QRCode",
            fields=[
                (
                    "id",
                    models.AutoField(
                        auto_created=True,
                        primary_key=True,
                        serialize=False,
                        verbose_name="ID",
                    ),
                ),
                (
                    "qr_code_number",
                    models.PositiveIntegerField(
                        unique=True, verbose_name="qr code number"
                    ),
                ),
                (
                    "food_container",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE,
                        related_name="QR_code",
                        to="food.food",
                        verbose_name="food container",
                    ),
                ),
            ],
            options={
                "verbose_name": "QR-code",
                "verbose_name_plural": "QR-codes",
            },
        ),
        migrations.CreateModel(
            name="TransformedFood",
            fields=[
                (
                    "food_ptr",
                    models.OneToOneField(
                        auto_created=True,
                        on_delete=django.db.models.deletion.CASCADE,
                        parent_link=True,
                        primary_key=True,
                        serialize=False,
                        to="food.food",
                    ),
                ),
                (
                    "creation_date",
                    models.DateTimeField(
                        default=django.utils.timezone.now, verbose_name="creation date"
                    ),
                ),
                (
                    "shelf_life",
                    models.DurationField(
                        default=datetime.timedelta(days=3), verbose_name="shelf life"
                    ),
                ),
                (
                    "ingredients",
                    models.ManyToManyField(
                        blank=True,
                        related_name="transformed_ingredient_inv",
                        to="food.food",
                        verbose_name="transformed ingredient",
                    ),
                ),
            ],
            options={
                "verbose_name": "Transformed food",
                "verbose_name_plural": "Transformed foods",
            },
            bases=("food.food",),
        ),
    ]
--- a/apps/food/migrations/init.py
+++ b/apps/food/migrations/init.py
--- a/apps/food/models.py
+++ b/apps/food/models.py
@@ -0,0 +1,286 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta
 from django.db import models, transaction
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from polymorphic.models import PolymorphicModel
 from member.models import Club
 class Allergen(models.Model):
    """
    Allergen and alimentary restrictions
    """
    name = models.CharField(
        verbose_name=_('name'),
        max_length=255,
    )
    class Meta:
        verbose_name = _("Allergen")
        verbose_name_plural = _("Allergens")
    def __str__(self):
        return self.name
 class Food(PolymorphicModel):
    """
    Describe any type of food
    """
    name = models.CharField(
        verbose_name=_("name"),
        max_length=255,
    )
    owner = models.ForeignKey(
        Club,
        on_delete=models.PROTECT,
        related_name='+',
        verbose_name=_('owner'),
    )
    allergens = models.ManyToManyField(
        Allergen,
        blank=True,
        verbose_name=_('allergens'),
    )
    expiry_date = models.DateTimeField(
        verbose_name=_('expiry date'),
        null=False,
    )
    end_of_life = models.CharField(
        blank=True,
        verbose_name=_('end of life'),
        max_length=255,
    )
    is_ready = models.BooleanField(
        verbose_name=_('is ready'),
        max_length=255,
    )
    order = models.CharField(
        blank=True,
        verbose_name=_('order'),
        max_length=255,
    )
    def __str__(self):
        return self.name
    @transaction.atomic
    def update_allergens(self):
        # update parents
        for parent in self.transformed_ingredient_inv.iterator():
            old_allergens = list(parent.allergens.all()).copy()
            parent.allergens.clear()
            for child in parent.ingredients.iterator():
                if child.pk != self.pk:
                    parent.allergens.set(parent.allergens.union(child.allergens.all()))
            parent.allergens.set(parent.allergens.union(self.allergens.all()))
            if old_allergens != list(parent.allergens.all()):
                parent.save(old_allergens=old_allergens)
    def update_expiry_date(self):
        # update parents
        for parent in self.transformed_ingredient_inv.iterator():
            old_expiry_date = parent.expiry_date
            parent.expiry_date = parent.shelf_life + parent.creation_date
            for child in parent.ingredients.iterator():
                if (child.pk != self.pk
                    and not (child.polymorphic_ctype.model == 'basicfood'
                             and child.date_type == 'DDM')):
                    parent.expiry_date = min(parent.expiry_date, child.expiry_date)
            if self.polymorphic_ctype.model == 'basicfood' and self.date_type == 'DLC':
                parent.expiry_date = min(parent.expiry_date, self.expiry_date)
            if old_expiry_date != parent.expiry_date:
                parent.save()
    class Meta:
        verbose_name = _('Food')
        verbose_name_plural = _('Foods')
 class BasicFood(Food):
    """
    A basic food is a food directly buy and stored
    """
    arrival_date = models.DateTimeField(
        default=timezone.now,
        verbose_name=_('arrival date'),
    )
    date_type = models.CharField(
        max_length=255,
        choices=(
            ("DLC", "DLC"),
            ("DDM", "DDM"),
        )
    )
    @transaction.atomic
    def save(self, force_insert=False, force_update=False, using=None, update_fields=None, **kwargs):
        created = self.pk is None
        if not created:
            # Check if important fields are updated
            old_food = Food.objects.select_for_update().get(pk=self.pk)
            if not hasattr(self, "_force_save"):
                # Allergens
                if ('old_allergens' in kwargs
                        and list(self.allergens.all()) != kwargs['old_allergens']):
                    self.update_allergens()
                # Expiry date
                if ((self.expiry_date != old_food.expiry_date
                        and self.date_type == 'DLC')
                        or old_food.date_type != self.date_type):
                    self.update_expiry_date()
        return super().save(force_insert, force_update, using, update_fields)
    @staticmethod
    def get_lastests_objects(number, distinct_field, order_by_field):
        """
        Get the last object with distinct field and ranked with order_by
        This methods exist because we can't distinct with one field and
        order with another
        """
        foods = BasicFood.objects.order_by(order_by_field).all()
        field = []
        for food in foods:
            if getattr(food, distinct_field) in field:
                continue
            else:
                field.append(getattr(food, distinct_field))
                number -= 1
                yield food
            if not number:
                return
    class Meta:
        verbose_name = _('Basic food')
        verbose_name_plural = _('Basic foods')
    def __str__(self):
        return self.name
 class TransformedFood(Food):
    """
    A transformed food is a food with ingredients
    """
    creation_date = models.DateTimeField(
        default=timezone.now,
        verbose_name=_('creation date'),
    )
    # Without microbiological analyzes, the storage time is 3 days
    shelf_life = models.DurationField(
        default=timedelta(days=3),
        verbose_name=_('shelf life'),
    )
    ingredients = models.ManyToManyField(
        Food,
        blank=True,
        symmetrical=False,
        related_name='transformed_ingredient_inv',
        verbose_name=_('transformed ingredient'),
    )
    def check_cycle(self, ingredients, origin, checked):
        for ingredient in ingredients:
            if ingredient == origin:
                # We break the cycle
                self.ingredients.remove(ingredient)
            if ingredient.polymorphic_ctype.model == 'transformedfood' and ingredient not in checked:
                ingredient.check_cycle(ingredient.ingredients.all(), origin, checked)
                checked.append(ingredient)
    @transaction.atomic
    def save(self, force_insert=False, force_update=False, using=None, update_fields=None, **kwargs):
        created = self.pk is None
        if not created:
            # Check if important fields are updated
            update = {'allergens': False, 'expiry_date': False}
            old_food = Food.objects.select_for_update().get(pk=self.pk)
            if not hasattr(self, "_force_save"):
                # Allergens
                # Unfortunately with the many-to-many relation we can't access
                # to old allergens
                if ('old_allergens' in kwargs
                        and list(self.allergens.all()) != kwargs['old_allergens']):
                    update['allergens'] = True
                # Expiry date
                update['expiry_date'] = (self.shelf_life != old_food.shelf_life
                                         or self.creation_date != old_food.creation_date)
                if update['expiry_date']:
                    self.expiry_date = self.creation_date + self.shelf_life
                # Unfortunately with the set method ingredients are already save,
                # we check cycle after if possible
                if ('old_ingredients' in kwargs
                        and list(self.ingredients.all()) != list(kwargs['old_ingredients'])):
                    update['allergens'] = True
                    update['expiry_date'] = True
                    # it's preferable to keep a queryset but we allow list too
                    if type(kwargs['old_ingredients']) is list:
                        kwargs['old_ingredients'] = Food.objects.filter(
                            pk__in=[food.pk for food in kwargs['old_ingredients']])
                    self.check_cycle(self.ingredients.all().difference(kwargs['old_ingredients']), self, [])
                if update['allergens']:
                    self.update_allergens()
                if update['expiry_date']:
                    self.update_expiry_date()
        if created:
            self.expiry_date = self.shelf_life + self.creation_date
            # We save here because we need pk for many-to-many relation
            super().save(force_insert, force_update, using, update_fields)
            for child in self.ingredients.iterator():
                self.allergens.set(self.allergens.union(child.allergens.all()))
                if not (child.polymorphic_ctype.model == 'basicfood' and child.date_type == 'DDM'):
                    self.expiry_date = min(self.expiry_date, child.expiry_date)
        return super().save(force_insert, force_update, using, update_fields)
    class Meta:
        verbose_name = _('Transformed food')
        verbose_name_plural = _('Transformed foods')
    def __str__(self):
        return self.name
 class QRCode(models.Model):
    """
    QR-code for register food
    """
    qr_code_number = models.PositiveIntegerField(
        unique=True,
        verbose_name=_('qr code number'),
    )
    food_container = models.ForeignKey(
        Food,
        on_delete=models.CASCADE,
        related_name='QR_code',
        verbose_name=_('food container'),
    )
    class Meta:
        verbose_name = _('QR-code')
        verbose_name_plural = _('QR-codes')
    def __str__(self):
        return _('QR-code number') + ' ' + str(self.qr_code_number)
--- a/apps/food/tables.py
+++ b/apps/food/tables.py
@@ -0,0 +1,21 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import django_tables2 as tables
 from .models import Food
 class FoodTable(tables.Table):
    """
    List all foods.
    """
    class Meta:
        model = Food
        template_name = 'django_tables2/bootstrap4.html'
        fields = ('name', 'owner', 'allergens', 'expiry_date')
        row_attrs = {
            'class': 'table-row',
            'data-href': lambda record: 'detail/' + str(record.pk),
            'style': 'cursor:pointer',
        }
--- a/apps/food/templates/food/food_detail.html
+++ b/apps/food/templates/food/food_detail.html
@@ -0,0 +1,53 @@
 {% extends "base.html" %}
 {% comment %}
 Copyright (C) by BDE ENS Paris-Saclay
 SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n crispy_forms_tags %}
 {% block content %}
 <div class="card bg-white mb-3">
  <h3 class="card-header text-center">
    {{ title }} {{ food.name }}
  </h3>
  <div class="card-body">
    <ul>
      {% for field, value in fields %}
      <li> {{ field }} : {{ value }}</li>
      {% endfor %}
      {% if meals %}
      <li> {% trans "Contained in" %} : 
      {% for meal in meals %}
      <a href="{% url "food:transformedfood_view" pk=meal.pk %}">{{ meal.name }}</a>{% if not forloop.last %},{% endif %} 
      {% endfor %}
      </li>
      {% endif %}
      {% if foods %}
      <li> {% trans "Contain" %} : 
      {% for food in foods %}
        <a href="{% url "food:food_view" pk=food.pk %}">{{ food.name }}</a>{% if not forloop.last %},{% endif %}
      {% endfor %}
      </li>
      {% endif %}
    </ul>
      {% if update %}
 	<a class="btn btn-sm btn-secondary" href="{% url "food:food_update" pk=food.pk %}">
 	  {% trans "Update" %}
 	</a>
      {% endif %}
      {% if add_ingredient %}
 	<a class="btn btn-sm btn-primary" href="{% url "food:add_ingredient" pk=food.pk %}">
 	  {% trans "Add to a meal" %}
 	</a>
      {% endif %}
      {% if manage_ingredients %}
        <a class="btn btn-sm btn-secondary" href="{% url "food:manage_ingredients" pk=food.pk %}">
 	  {% trans "Manage ingredients" %}
 	</a>
      {% endif %}
 	<a class="btn btn-sm btn-primary" href="{% url "food:food_list" %}">
 	  {% trans "Return to the food list" %}
 	</a>
  </div>
 </div>
 {% endblock %}
--- a/apps/food/templates/food/food_list.html
+++ b/apps/food/templates/food/food_list.html
@@ -0,0 +1,71 @@
 {% extends "base_search.html" %}
 {% comment %}
 Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load render_table from django_tables2 %}
 {% load i18n %}
 {% block content %}
 {{ block.super }}
 <br>
 <div class="card bg-light mb-3">
  <h3 class="card-header text-center">
    {% trans "Meal served" %}
  </h3>
  {% if can_add_meal %}
  <div class="card-footer">
    <a class="btn btn-sm btn-primary" href="{% url 'food:transformedfood_create' %}">
      {% trans "New meal" %}
    </a>
  </div>
  {% endif %}
  {% if served.data %}
  {% render_table served %}
  {% else %}
  <div class="card-body">
    <div class="alert alert-warning">
      {% trans "There is no meal served." %}
    </div>
  </div>
 </div>
  {% endif %}
 <div class="card bg-light mb-3">
  <h3 class="card-header text-center">
    {% trans "Free food" %}
  </h3>
  {% if open.data %}
  {% render_table open %}
  {% else %}
  <div class="card-body">
    <div class="alert alert-warning">
      {% trans "There is no free food." %}
    </div>
  </div>
  {% endif %}
 </div>
 {% if club_tables %}
 <div class="card bg-light mb-3">
  <h3 class="card-header text-center">
    {% trans "Food of your clubs" %}
  </h3>
 </div>
  {% for table in club_tables %}
 <div class="card bg-light mb-3">
  <h3 class="card-header text-center">
    {% trans "Food of club" %} {{ table.prefix }} 
  </h3>
  {% if table.data %}
    {% render_table table %}
  {% else %}
  <div class="card-body">
    <div class="alert alert-warning">
      {% trans "Yours club has not food yet." %}
    </div>
  </div>
  {% endif %}
 </div>
  {% endfor %}
  {% endif %}
 </div>
 {% endblock %}
--- a/apps/food/templates/food/food_update.html
+++ b/apps/food/templates/food/food_update.html
@@ -0,0 +1,21 @@
 {% extends "base.html" %}
 {% comment %}
 Copyright (C) by BDE ENS Paris-Saclay
 SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n crispy_forms_tags %}
 {% block content %}
 <div class="card bg-white mb-3">
  <h3 class="card-header text-center">
    {{ title }}
  </h3>
  <div class="card-body" id="form">
    <form method="post">
      {% csrf_token %}
      {{ form | crispy }}
      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
    </form>
  </div>
 </div>
 {% endblock %}
--- a/apps/food/templates/food/manage_ingredients.html
+++ b/apps/food/templates/food/manage_ingredients.html
@@ -0,0 +1,116 @@
 {% extends "base.html" %}
 {% comment %}
 Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n crispy_forms_tags %}
 {% block content %}
 <div class="card bg-white mb-3">
  <h3 class="card-header text-center">
    {{ title }}
  </h3>
  <div class="card-body" id="form"></div>
  <form method="post" action="">
    {% csrf_token %}
    <table class="table table-condensed table-striped">
      {# Fill initial data #}
      {% for display, form in formset %}
      {% if forloop.first %}
      <thead>
 	<tr>
 	  <th>{{ form.name.label }}</th>
 	  <th>{{ form.qrcode.label }}</th>
 	  <th>{{ form.fully_used.label }}</th>
 	</tr>
      </thead>
      <tbody id="form_body">
 	{% endif %}
 	{% if display %}
 	<tr class="row-formset ingredients">
 	{% else %}
 	<tr class="row-formset ingredients" style="display: none">
 	{% endif %}
 	  <td>{{ form.name }}</td>
 	  <td>{{ form.qrcode }}</td>
 	  <td>{{ form.fully_used }}</td>
 	</tr>
      {% endfor %}
      </tbody>
    </table>
    {# Display buttons to add and remove ingredients #}
    <div class="card-body">
      <div class="btn-group btn-block" role="group">
 	<button type="button" id="add_more" class="btn btn-success">{% trans "Add ingredient" %}</button>
 	<button type="button" id="remove_one" class="btn btn-danger">{% trans "Remove ingredient" %}</button>
      </div>
    <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
    </div>
  </form>
 </div>
 {% endblock %}
 {% block extrajavascript %} 
 <script>
 /* script that handles add and remove lines */
 const foods = {{ ingredients | safe }};
 function set_ingredient_id () {
 	let ingredients = document.getElementsByClassName('ingredients');
 	for (var i = 0; i < ingredients.length; i++) {
 		ingredients[i].id = 'ingredients-' + parseInt(i);
 	};
 }
 set_ingredient_id();
 function prepopulate () {
 	for (var i = 0; i < {{ ingredients_count }}; i++) {
 		let prefix = 'id_form-' + parseInt(i) + '-';
 		document.getElementById(prefix + 'name_pk').value = parseInt(foods[i]['food_pk']);
 		document.getElementById(prefix + 'name').value = foods[i]['food_name'];
 		document.getElementById(prefix + 'qrcode_pk').value = parseInt(foods[i]['qr_pk']);
 		if (foods[i]['qr_number'] === '') {
 			document.getElementById(prefix + 'qrcode').value = '';
 		}
 		else {
 		document.getElementById(prefix + 'qrcode').value = parseInt(foods[i]['qr_number']);
 		};
 		document.getElementById(prefix + 'fully_used').checked = Boolean(foods[i]['fully_used']);
 	};
 }
 prepopulate();
 function delete_form_data (form_id) {
 	let prefix = "id_form-" + parseInt(form_id) + "-";
 	document.getElementById(prefix + "name_pk").value = "";
 	document.getElementById(prefix + "name").value = "";
 	document.getElementById(prefix + "qrcode_pk").value = "";
 	document.getElementById(prefix + "qrcode").value = "";
 	document.getElementById(prefix + "fully_used").checked = true;
 }
 var form_count = {{ ingredients_count }} + 1;
 $('#add_more').click(function () {
 	let ingredient_form = document.getElementById('ingredients-' + parseInt(form_count));
 	if (ingredient_form === null) {
 		addMsg(gettext("You can't add more ingredient"), "danger",  5000);
 		return;};
 	ingredient_form.style = "display: true";
 	form_count += 1;
 });
 $('#remove_one').click(function () {
 	let ingredient_form = document.getElementById('ingredients-' + parseInt(form_count - 1));
 	if (ingredient_form === null) {
 		return;};
 	ingredient_form.style = "display: none";
 	delete_form_data(form_count - 1);
 	form_count -= 1;
 });
 addMsg(gettext("Add ingredient with their name or their qrcode, if two different priority is given to qrcode"), "warning"); 
 </script>
 {% endblock %}
--- a/apps/food/templates/food/qrcode.html
+++ b/apps/food/templates/food/qrcode.html
@@ -0,0 +1,52 @@
 {% extends "base.html" %}
 {% comment %}
 Copyright (C) by BDE ENS Paris-Saclay
 SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n crispy_forms_tags %}
 {% load render_table from django_tables2 %}
 {% block content %}
 <div class="card bg-white mb-3">
  <h3 class="card-header text-center">
    {{ title }}
  </h3>
  <div class="card-body" id="form">
    <form method="post">
      {% csrf_token %}
      {{ form | crispy }}
      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
    </form>
    <div class="card-body">
    <h4>
      {% trans "Copy constructor" %}
      <a class="btn btn-secondary" href="{% url "food:basicfood_create" slug=slug %}">{% trans "New food" %}</a>
    </h4>
      <table class="table">
 	<thead>
 	  <tr>
 	    <th class="orderable">
 	      {% trans "Name" %}
 	    </th>
 	    <th class="orderable">
 	      {% trans "Owner" %}
 	    </th>
 	    <th class="orderable">
 	      {% trans "Expiry date" %}
 	    </th>
 	  </tr>
 	</thead>
 	<tbody>
 	  {% for food in last_items %}
 	    <tr>
 		    <td><a href="{% url "food:basicfood_create" slug=slug %}?copy={{ food.pk }}">{{ food.name }}</a></td>
 	      <td>{{ food.owner }}</td>
 	      <td>{{ food.expiry_date }}</td>
 	    </tr>
 	  {% endfor %}
 	</tbody>
      </table>
    </div>
  </div>
 </div>
 {% endblock %}
--- a/apps/food/templates/food/transformedfood_update.html
+++ b/apps/food/templates/food/transformedfood_update.html
@@ -0,0 +1,87 @@
 {% extends "base.html" %}
 {% comment %}
 Copyright (C) by BDE ENS Paris-Saclay
 SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n crispy_forms_tags %}
 {% block content %}
 <div class="card bg-white mb-3">
  <h3 class="card-header text-center">
    {{ title }}
  </h3>
  <div class="card-body" id="form">
    <form method="post">
      {% csrf_token %}
      {{ form | crispy }}
      <table class="table table-condensed table-striped">
        {# Fill initial data #}
        {% for ingredient_form in formset %}
        {% if forloop.first %}
        <thead>
          <tr>
 	    <th>{% trans "Name" %}</th>
 	    <th>{% trans "QR-code number" %}</th>
 	    <th>{% trans "Fully used" %}<th>
          </tr>
        </thead>
        <tbody id="form_body">
        {% endif %}
        <tr class="row-formset">
 		{{ ingredient_form | crispy }}
          <td>{{ ingredient_form.name }}</td>
 	  <td>{{ ingredient_form.qrcode }}</td>
 	  <td>{{ ingredient_form.fully_used }}</td>
        </tr>
        {% endfor %}
        </tbody>
      </table>
      {# Display buttons to add and remove products #}
      <div class="card-body">
        <div class="btn-group btn-block" role="group">
          <button type="button" id="add_more" class="btn btn-success">{% trans "Add ingredient" %}</button>
 	  <button type="button" id="remove_one" class="btn btn-danger">{% trans "Remove ingredient" %}</button>
        </div>
        <button type="submit" class="btn btn-block btn-primary">{% trans "Submit" %}</button>
      </div>
    </form>
  </div>
 </div>
 {# Hidden div that store an empty product form, to be copied into new forms #}
 <div id="empty_form" style="display: none;">
    <table class='no_error'>
        <tbody id="for_real">
            <tr class="row-formset">
                <td>{{ formset.empty_form.name }}</td>
 		<td>{{ formset.empty_form.qrcode }}</td>
 		<td>{{ formset.empty_form.fully_used }}</td>
            </tr>
        </tbody>
    </table>
 </div>
 {% endblock %}
 {% block extrajavascript %}
 <script>
    /* script that handles add and remove lines */
    IDS = {};
    $("#id_form-TOTAL_FORMS").val($(".row-formset").length - 1);
    $('#add_more').click(function () {
        let form_idx = $('#id_form-TOTAL_FORMS').val();
        $('#form_body').append($('#for_real').html().replace(/__prefix__/g, form_idx));
        $('#id_form-TOTAL_FORMS').val(parseInt(form_idx) + 1);
        $('#id_form-' + parseInt(form_idx) + '-id').val(IDS[parseInt(form_idx)]);
    });
    $('#remove_one').click(function () {
        let form_idx = $('#id_form-TOTAL_FORMS').val();
        if (form_idx > 0) {
            IDS[parseInt(form_idx) - 1] = $('#id_form-' + (parseInt(form_idx) - 1) + '-id').val();
            $('#form_body tr:last-child').remove();
            $('#id_form-TOTAL_FORMS').val(parseInt(form_idx) - 1);
        }
    });
 </script>
 {% endblock %}
--- a/apps/food/tests/test_food.py
+++ b/apps/food/tests/test_food.py
@@ -0,0 +1,170 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from api.tests import TestAPI
 from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 from django.utils import timezone
 from ..api.views import AllergenViewSet, BasicFoodViewSet, TransformedFoodViewSet, QRCodeViewSet
 from ..models import Allergen, BasicFood, TransformedFood, QRCode
 class TestFood(TestCase):
    """
    Test food
    """
    fixtures = ('initial',)
    def setUp(self):
        self.user = User.objects.create_superuser(
            username='admintoto',
            password='toto1234',
            email='toto@example.com'
        )
        self.client.force_login(self.user)
        sess = self.client.session
        sess['permission_mask'] = 42
        sess.save()
        self.allergen = Allergen.objects.create(
            name='allergen',
        )
        self.basicfood = BasicFood.objects.create(
            name='basicfood',
            owner_id=1,
            expiry_date=timezone.now(),
            is_ready=False,
            date_type='DLC',
        )
        self.transformedfood = TransformedFood.objects.create(
            name='transformedfood',
            owner_id=1,
            expiry_date=timezone.now(),
            is_ready=False,
        )
        self.qrcode = QRCode.objects.create(
            qr_code_number=1,
            food_container=self.basicfood,
        )
        def test_food_list(self):
            """
            Display food list
            """
            response = self.client.get(reverse('food:food_list'))
            self.assertEqual(response.status_code, 200)
        def test_qrcode_create(self):
            """
            Display QRCode creation
            """
            response = self.client.get(reverse('food:qrcode_create'))
            self.assertEqual(response.status_code, 200)
        def test_basicfood_create(self):
            """
            Display BasicFood creation
            """
            response = self.client.get(reverse('food:basicfood_create'))
            self.assertEqual(response.status_code, 200)
        def test_transformedfood_create(self):
            """
            Display TransformedFood creation
            """
            response = self.client.get(reverse('food:transformedfood_create'))
            self.assertEqual(response.status_code, 200)
        def test_food_create(self):
            """
            Display Food update
            """
            response = self.client.get(reverse('food:food_update'))
            self.assertEqual(response.status_code, 200)
        def test_food_view(self):
            """
            Display Food detail
            """
            response = self.client.get(reverse('food:food_view'))
            self.assertEqual(response.status_code, 302)
        def test_basicfood_view(self):
            """
            Display BasicFood detail
            """
            response = self.client.get(reverse('food:basicfood_view'))
            self.assertEqual(response.status_code, 200)
        def test_transformedfood_view(self):
            """
            Display TransformedFood detail
            """
            response = self.client.get(reverse('food:transformedfood_view'))
            self.assertEqual(response.status_code, 200)
        def test_add_ingredient(self):
            """
            Display add ingredient view
            """
            response = self.client.get(reverse('food:add_ingredient'))
            self.assertEqual(response.status_code, 200)
 class TestFoodAPI(TestAPI):
    def setUp(self) -> None:
        super().setUP()
        self.allergen = Allergen.objects.create(
            name='name',
        )
        self.basicfood = BasicFood.objects.create(
            name='basicfood',
            owner_id=1,
            expiry_date=timezone.now(),
            is_ready=False,
            date_type='DLC',
        )
        self.transformedfood = TransformedFood.objects.create(
            name='transformedfood',
            owner_id=1,
            expiry_date=timezone.now(),
            is_ready=False,
        )
        self.qrcode = QRCode.objects.create(
            qr_code_number=1,
            food_container=self.basicfood,
        )
        def test_allergen_api(self):
            """
            Load Allergen API page and test all filters and permissions
            """
            self.check_viewset(AllergenViewSet, '/api/food/allergen/')
        def test_basicfood_api(self):
            """
            Load BasicFood API page and test all filters and permissions
            """
            self.check_viewset(BasicFoodViewSet, '/api/food/basicfood/')
        def test_transformedfood_api(self):
            """
            Load TransformedFood API page and test all filters and permissions
            """
            self.check_viewset(TransformedFoodViewSet, '/api/food/transformedfood/')
        def test_qrcode_api(self):
            """
            Load QRCode API page and test all filters and permissions
            """
            self.check_viewset(QRCodeViewSet, '/api/food/qrcode/')
--- a/apps/food/urls.py
+++ b/apps/food/urls.py
@@ -0,0 +1,21 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.urls import path
 from . import views
 app_name = 'food'
 urlpatterns = [
    path('', views.FoodListView.as_view(), name='food_list'),
    path('<int:slug>', views.QRCodeCreateView.as_view(), name='qrcode_create'),
    path('<int:slug>/add/basic', views.BasicFoodCreateView.as_view(), name='basicfood_create'),
    path('add/transformed', views.TransformedFoodCreateView.as_view(), name='transformedfood_create'),
    path('update/<int:pk>', views.FoodUpdateView.as_view(), name='food_update'),
    path('update/ingredients/<int:pk>', views.ManageIngredientsView.as_view(), name='manage_ingredients'),
    path('detail/<int:pk>', views.FoodDetailView.as_view(), name='food_view'),
    path('detail/basic/<int:pk>', views.BasicFoodDetailView.as_view(), name='basicfood_view'),
    path('detail/transformed/<int:pk>', views.TransformedFoodDetailView.as_view(), name='transformedfood_view'),
    path('add/ingredient/<int:pk>', views.AddIngredientView.as_view(), name='add_ingredient'),
 ]
--- a/apps/food/utils.py
+++ b/apps/food/utils.py
@@ -0,0 +1,53 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils.translation import gettext_lazy as _
 seconds = (_('second'), _('seconds'))
 minutes = (_('minute'), _('minutes'))
 hours = (_('hour'), _('hours'))
 days = (_('day'), _('days'))
 weeks = (_('week'), _('weeks'))
 def plural(x):
    if x == 1:
        return 0
    return 1
 def pretty_duration(duration):
    """
    I receive datetime.timedelta object
    You receive string object
    """
    text = []
    sec = duration.seconds
    d = duration.days
    if d >= 7:
        w = d // 7
        text.append(str(w) + ' ' + weeks[plural(w)])
        d -= w * 7
    if d > 0:
        text.append(str(d) + ' ' + days[plural(d)])
    if sec >= 3600:
        h = sec // 3600
        text.append(str(h) + ' ' + hours[plural(h)])
        sec -= h * 3600
    if sec >= 60:
        m = sec // 60
        text.append(str(m) + ' ' + minutes[plural(m)])
        sec -= m * 60
    if sec > 0:
        text.append(str(sec) + ' ' + seconds[plural(sec)])
    if len(text) == 0:
        return ''
    if len(text) == 1:
        return text[0]
    if len(text) >= 2:
        return ', '.join(t for t in text[:-1]) + ' ' + _('and') + ' ' + text[-1]
--- a/apps/food/views.py
+++ b/apps/food/views.py
@@ -0,0 +1,509 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta
 from api.viewsets import is_regex
 from django_tables2.views import MultiTableMixin
 from django.db import transaction
 from django.db.models import Q
 from django.http import HttpResponseRedirect, Http404
 from django.views.generic import DetailView, UpdateView, CreateView
 from django.views.generic.list import ListView
 from django.urls import reverse_lazy
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from member.models import Club, Membership
 from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView, LoginRequiredMixin
 from .models import Food, BasicFood, TransformedFood, QRCode
 from .forms import QRCodeForms, BasicFoodForms, TransformedFoodForms, \
    ManageIngredientsForm, ManageIngredientsFormSet, AddIngredientForms, \
    BasicFoodUpdateForms, TransformedFoodUpdateForms
 from .tables import FoodTable
 from .utils import pretty_duration
 class FoodListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, ListView):
    """
    Display Food
    """
    model = Food
    tables = [FoodTable, FoodTable, FoodTable, ]
    extra_context = {"title": _('Food')}
    template_name = 'food/food_list.html'
    def get_queryset(self, **kwargs):
        return super().get_queryset(**kwargs).distinct()
    def get_tables(self):
        bureau_role_pk = 4
        clubs = Club.objects.filter(membership__in=Membership.objects.filter(
            user=self.request.user, roles=bureau_role_pk).filter(
                date_end__gte=timezone.now()))
        tables = [FoodTable] * (clubs.count() + 3)
        self.tables = tables
        tables = super().get_tables()
        tables[0].prefix = 'search-'
        tables[1].prefix = 'open-'
        tables[2].prefix = 'served-'
        for i in range(clubs.count()):
            tables[i + 3].prefix = clubs[i].name
        return tables
    def get_tables_data(self):
        # table search
        qs = self.get_queryset().order_by('name')
        if "search" in self.request.GET and self.request.GET['search']:
            pattern = self.request.GET['search']
            # check regex
            valid_regex = is_regex(pattern)
            suffix = '__iregex' if valid_regex else '__istartswith'
            prefix = '^' if valid_regex else ''
            qs = qs.filter(Q(**{f'name{suffix}': prefix + pattern})
                           | Q(**{f'owner__name{suffix}': prefix + pattern}))
        else:
            qs = qs.none()
        search_table = qs.filter(PermissionBackend.filter_queryset(self.request, Food, 'view'))
        # table open
        open_table = self.get_queryset().order_by('expiry_date').filter(
            Q(polymorphic_ctype__model='transformedfood')
            | Q(polymorphic_ctype__model='basicfood', basicfood__date_type='DLC')).filter(
                expiry_date__lt=timezone.now(), end_of_life='').filter(
                    PermissionBackend.filter_queryset(self.request, Food, 'view'))
        # table served
        served_table = self.get_queryset().order_by('-pk').filter(
            end_of_life='', is_ready=True).exclude(
                Q(polymorphic_ctype__model='basicfood',
                  basicfood__date_type='DLC',
                  expiry_date__lte=timezone.now(),)
                | Q(polymorphic_ctype__model='transformedfood',
                    expiry_date__lte=timezone.now(),
                    ))
        # tables club
        bureau_role_pk = 4
        clubs = Club.objects.filter(membership__in=Membership.objects.filter(
            user=self.request.user, roles=bureau_role_pk).filter(
                date_end__gte=timezone.now()))
        club_table = []
        for club in clubs:
            club_table.append(self.get_queryset().order_by('expiry_date').filter(
                owner=club, end_of_life='').filter(
                    PermissionBackend.filter_queryset(self.request, Food, 'view')
            ))
        return [search_table, open_table, served_table] + club_table
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        tables = context['tables']
        # for extends base_search.html we need to name 'search_table' in 'table'
        for name, table in zip(['table', 'open', 'served'], tables):
            context[name] = table
        context['club_tables'] = tables[3:]
        context['can_add_meal'] = PermissionBackend.check_perm(self.request, 'food.transformedfood_add')
        return context
 class QRCodeCreateView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
    """
    A view to add qrcode
    """
    model = QRCode
    template_name = 'food/qrcode.html'
    form_class = QRCodeForms
    extra_context = {"title": _("Add a new QRCode")}
    def get(self, *args, **kwargs):
        qrcode = kwargs["slug"]
        if self.model.objects.filter(qr_code_number=qrcode).count() > 0:
            pk = self.model.objects.get(qr_code_number=qrcode).food_container.pk
            return HttpResponseRedirect(reverse_lazy("food:food_view", kwargs={"pk": pk}))
        else:
            return super().get(*args, **kwargs)
    @transaction.atomic
    def form_valid(self, form):
        qrcode_food_form = QRCodeForms(data=self.request.POST)
        if not qrcode_food_form.is_valid():
            return self.form_invalid(form)
        qrcode = form.save(commit=False)
        qrcode.qr_code_number = self.kwargs['slug']
        qrcode._force_save = True
        qrcode.save()
        qrcode.refresh_from_db()
        return super().form_valid(form)
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        context['slug'] = self.kwargs['slug']
        # get last 10 BasicFood objects with distincts 'name' ordered by '-pk'
        # we can't use .distinct and .order_by with differents columns hence the generator
        context['last_items'] = [food for food in BasicFood.get_lastests_objects(10, 'name', '-pk')]
        return context
    def get_success_url(self, **kwargs):
        self.object.refresh_from_db()
        return reverse_lazy('food:food_view', kwargs={'pk': self.object.food_container.pk})
    def get_sample_object(self):
        return QRCode(
            qr_code_number=self.kwargs['slug'],
            food_container_id=1,
        )
 class BasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
    """
    A view to add basicfood
    """
    model = BasicFood
    form_class = BasicFoodForms
    extra_context = {"title": _("Add an aliment")}
    template_name = "food/food_update.html"
    def get_sample_object(self):
        # We choose a club which may work or BDE else
        food = BasicFood(
            name="",
            owner_id=1,
            expiry_date=timezone.now(),
            is_ready=True,
            arrival_date=timezone.now(),
            date_type='DLC',
        )
        for membership in self.request.user.memberships.all():
            club_id = membership.club.id
            food.owner_id = club_id
            if PermissionBackend.check_perm(self.request, "food.add_basicfood", food):
                return food
        return food
    @transaction.atomic
    def form_valid(self, form):
        if QRCode.objects.filter(qr_code_number=self.kwargs['slug']).count() > 0:
            return HttpResponseRedirect(reverse_lazy('food:qrcode_create', kwargs={'slug': self.kwargs['slug']}))
        food_form = BasicFoodForms(data=self.request.POST)
        if not food_form.is_valid():
            return self.form_invalid(form)
        food = form.save(commit=False)
        food.is_ready = False
        food.save()
        food.refresh_from_db()
        qrcode = QRCode()
        qrcode.qr_code_number = self.kwargs['slug']
        qrcode.food_container = food
        qrcode.save()
        return super().form_valid(form)
    def get_success_url(self, **kwargs):
        self.object.refresh_from_db()
        return reverse_lazy('food:basicfood_view', kwargs={"pk": self.object.pk})
    def get_context_data(self, *args, **kwargs):
        context = super().get_context_data(*args, **kwargs)
        copy = self.request.GET.get('copy', None)
        if copy is not None:
            food = BasicFood.objects.get(pk=copy)
            print(context['form'].fields)
            for field in context['form'].fields:
                if field == 'allergens':
                    context['form'].fields[field].initial = getattr(food, field).all()
                else:
                    context['form'].fields[field].initial = getattr(food, field)
        return context
 class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
    """
    A view to add transformedfood
    """
    model = TransformedFood
    form_class = TransformedFoodForms
    extra_context = {"title": _("Add a meal")}
    template_name = "food/food_update.html"
    def get_sample_object(self):
        # We choose a club which may work or BDE else
        food = TransformedFood(
            name="",
            owner_id=1,
            expiry_date=timezone.now(),
            is_ready=True,
        )
        for membership in self.request.user.memberships.all():
            club_id = membership.club.id
            food.owner_id = club_id
            if PermissionBackend.check_perm(self.request, "food.add_transformedfood", food):
                return food
        return food
    @transaction.atomic
    def form_valid(self, form):
        form.instance.expiry_date = timezone.now() + timedelta(days=3)
        form.instance.is_ready = False
        return super().form_valid(form)
    def get_success_url(self, **kwargs):
        self.object.refresh_from_db()
        return reverse_lazy('food:transformedfood_view', kwargs={"pk": self.object.pk})
 MAX_FORMS = 100
 class ManageIngredientsView(LoginRequiredMixin, UpdateView):
    """
    A view to manage ingredient for a transformed food
    """
    model = TransformedFood
    fields = ['ingredients']
    extra_context = {"title": _("Manage ingredients of:")}
    template_name = 'food/manage_ingredients.html'
    @transaction.atomic
    def form_valid(self, form):
        old_ingredients = list(self.object.ingredients.all()).copy()
        old_allergens = list(self.object.allergens.all()).copy()
        self.object.ingredients.clear()
        for i in range(self.object.ingredients.all().count() + 1 + MAX_FORMS):
            prefix = 'form-' + str(i) + '-'
            if form.data[prefix + 'qrcode'] not in ['0', '']:
                ingredient = QRCode.objects.get(pk=form.data[prefix + 'qrcode']).food_container
                self.object.ingredients.add(ingredient)
                if (prefix + 'fully_used') in form.data and form.data[prefix + 'fully_used'] == 'on':
                    ingredient.end_of_life = _('Fully used in {meal}'.format(
                        meal=self.object.name))
                    ingredient.save()
            elif form.data[prefix + 'name'] != '':
                ingredient = Food.objects.get(pk=form.data[prefix + 'name'])
                self.object.ingredients.add(ingredient)
                if (prefix + 'fully_used') in form.data and form.data[prefix + 'fully_used'] == 'on':
                    ingredient.end_of_life = _('Fully used in {meal}'.format(
                        meal=self.object.name))
                    ingredient.save()
        # We recalculate new expiry date and allergens
        self.object.expiry_date = self.object.creation_date + self.object.shelf_life
        self.object.allergens.clear()
        for ingredient in self.object.ingredients.iterator():
            if not (ingredient.polymorphic_ctype.model == 'basicfood' and ingredient.date_type == 'DDM'):
                self.object.expiry_date = min(self.object.expiry_date, ingredient.expiry_date)
            self.object.allergens.set(self.object.allergens.union(ingredient.allergens.all()))
        self.object.save(old_ingredients=old_ingredients, old_allergens=old_allergens)
        return HttpResponseRedirect(self.get_success_url())
    def get_context_data(self, *args, **kwargs):
        context = super().get_context_data(*args, **kwargs)
        context['title'] += ' ' + self.object.name
        formset = ManageIngredientsFormSet()
        ingredients = self.object.ingredients.all()
        formset.extra += ingredients.count() + MAX_FORMS
        context['form'] = ManageIngredientsForm()
        context['ingredients_count'] = ingredients.count()
        display = [True] * (1 + ingredients.count()) + [False] * (formset.extra - ingredients.count() - 1)
        context['formset'] = zip(display, formset)
        context['ingredients'] = []
        for ingredient in ingredients:
            qr = QRCode.objects.filter(food_container=ingredient)
            context['ingredients'].append({
                'food_pk': ingredient.pk,
                'food_name': ingredient.name,
                'qr_pk': '' if qr.count() == 0 else qr[0].pk,
                'qr_number': '' if qr.count() == 0 else qr[0].qr_code_number,
                'fully_used': 'true' if ingredient.end_of_life else '',
            })
        return context
    def get_success_url(self, **kwargs):
        return reverse_lazy('food:transformedfood_view', kwargs={"pk": self.object.pk})
 class AddIngredientView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
    """
    A view to add ingredient to a meal
    """
    model = Food
    extra_context = {"title": _("Add the ingredient:")}
    form_class = AddIngredientForms
    template_name = 'food/food_update.html'
    def get_context_data(self, *args, **kwargs):
        context = super().get_context_data(*args, **kwargs)
        context['title'] += ' ' + self.object.name
        return context
    @transaction.atomic
    def form_valid(self, form):
        meals = TransformedFood.objects.filter(pk__in=form.data.getlist('ingredients')).all()
        if not meals:
            return HttpResponseRedirect(reverse_lazy('food:food_view', kwargs={"pk": self.object.pk}))
        for meal in meals:
            old_ingredients = list(meal.ingredients.all()).copy()
            old_allergens = list(meal.allergens.all()).copy()
            meal.ingredients.add(self.object.pk)
            # update allergen and expiry date if necessary
            if not (self.object.polymorphic_ctype.model == 'basicfood'
                    and self.object.date_type == 'DDM'):
                meal.expiry_date = min(meal.expiry_date, self.object.expiry_date)
            meal.allergens.set(meal.allergens.union(self.object.allergens.all()))
            meal.save(old_ingredients=old_ingredients, old_allergens=old_allergens)
            if 'fully_used' in form.data:
                if not self.object.end_of_life:
                    self.object.end_of_life = _(f'Food fully used in : {meal.name}')
                else:
                    self.object.end_of_life += ', ' + meal.name
        if 'fully_used' in form.data:
            self.object.is_ready = False
        self.object.save()
        # We redirect only the first parent
        parent_pk = meals[0].pk
        return HttpResponseRedirect(self.get_success_url(parent_pk=parent_pk))
    def get_success_url(self, **kwargs):
        return reverse_lazy('food:transformedfood_view', kwargs={"pk": kwargs['parent_pk']})
 class FoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
    """
    A view to update Food
    """
    model = Food
    extra_context = {"title": _("Update an aliment")}
    template_name = 'food/food_update.html'
    @transaction.atomic
    def form_valid(self, form):
        form.instance.creater = self.request.user
        food = Food.objects.get(pk=self.kwargs['pk'])
        old_allergens = list(food.allergens.all()).copy()
        if food.polymorphic_ctype.model == 'transformedfood':
            old_ingredients = food.ingredients.all()
            form.instance.shelf_life = timedelta(
                seconds=int(form.data['shelf_life']) * 60 * 60)
        food_form = self.get_form_class()(data=self.request.POST)
        if not food_form.is_valid():
            return self.form_invalid(form)
        ans = super().form_valid(form)
        if food.polymorphic_ctype.model == 'transformedfood':
            form.instance.save(old_ingredients=old_ingredients)
        else:
            form.instance.save(old_allergens=old_allergens)
        return ans
    def get_form_class(self, **kwargs):
        food = Food.objects.get(pk=self.kwargs['pk'])
        if food.polymorphic_ctype.model == 'basicfood':
            return BasicFoodUpdateForms
        else:
            return TransformedFoodUpdateForms
    def get_form(self, **kwargs):
        form = super().get_form(**kwargs)
        if 'shelf_life' in form.initial:
            hours = form.initial['shelf_life'].days * 24 + form.initial['shelf_life'].seconds // 3600
            form.initial['shelf_life'] = hours
        return form
    def get_success_url(self, **kwargs):
        self.object.refresh_from_db()
        return reverse_lazy('food:food_view', kwargs={"pk": self.object.pk})
 class FoodDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    """
    A view to see a food
    """
    model = Food
    extra_context = {"title": _('Details of:')}
    context_object_name = "food"
    template_name = "food/food_detail.html"
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        fields = ["name", "owner", "expiry_date", "allergens", "is_ready", "end_of_life", "order"]
        fields = dict([(field, getattr(self.object, field)) for field in fields])
        if fields["is_ready"]:
            fields["is_ready"] = _("Yes")
        else:
            fields["is_ready"] = _("No")
        fields["allergens"] = ", ".join(
            allergen.name for allergen in fields["allergens"].all())
        context["fields"] = [(
            Food._meta.get_field(field).verbose_name.capitalize(),
            value) for field, value in fields.items()]
        context["meals"] = self.object.transformed_ingredient_inv.all()
        context["update"] = PermissionBackend.check_perm(self.request, "food.change_food")
        context["add_ingredient"] = (self.object.end_of_life == '' and PermissionBackend.check_perm(self.request, "food.change_transformedfood"))
        return context
    def get(self, *args, **kwargs):
        if Food.objects.filter(pk=kwargs['pk']).count() != 1:
            return Http404
        model = Food.objects.get(pk=kwargs['pk']).polymorphic_ctype.model
        if 'stop_redirect' in kwargs and kwargs['stop_redirect']:
            return super().get(*args, **kwargs)
        kwargs = {'pk': kwargs['pk']}
        if model == 'basicfood':
            return HttpResponseRedirect(reverse_lazy("food:basicfood_view", kwargs=kwargs))
        return HttpResponseRedirect(reverse_lazy("food:transformedfood_view", kwargs=kwargs))
 class BasicFoodDetailView(FoodDetailView):
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        fields = ['arrival_date', 'date_type']
        for field in fields:
            context["fields"].append((
                BasicFood._meta.get_field(field).verbose_name.capitalize(),
                getattr(self.object, field)
            ))
        return context
    def get(self, *args, **kwargs):
        if Food.objects.filter(pk=kwargs['pk']).count() == 1:
            kwargs['stop_redirect'] = (Food.objects.get(pk=kwargs['pk']).polymorphic_ctype.model == 'basicfood')
        return super().get(*args, **kwargs)
 class TransformedFoodDetailView(FoodDetailView):
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        context["fields"].append((
            TransformedFood._meta.get_field("creation_date").verbose_name.capitalize(),
            self.object.creation_date
        ))
        context["fields"].append((
            TransformedFood._meta.get_field("shelf_life").verbose_name.capitalize(),
            pretty_duration(self.object.shelf_life)
        ))
        context["foods"] = self.object.ingredients.all()
        context["manage_ingredients"] = True
        return context
    def get(self, *args, **kwargs):
        if Food.objects.filter(pk=kwargs['pk']).count() == 1:
            kwargs['stop_redirect'] = (Food.objects.get(pk=kwargs['pk']).polymorphic_ctype.model == 'transformedfood')
        return super().get(*args, **kwargs)
--- a/apps/logs/init.py
+++ b/apps/logs/init.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'logs.apps.LogsConfig'
--- a/apps/logs/api/serializers.py
+++ b/apps/logs/api/serializers.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from rest_framework import serializers
--- a/apps/logs/api/urls.py
+++ b/apps/logs/api/urls.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import ChangelogViewSet
--- a/apps/logs/api/views.py
+++ b/apps/logs/api/views.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django_filters.rest_framework import DjangoFilterBackend
--- a/apps/logs/apps.py
+++ b/apps/logs/apps.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/logs/models.py
+++ b/apps/logs/models.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
@@ -76,9 +76,6 @@ class Changelog(models.Model):
        verbose_name=_('timestamp'),
    )
    def delete(self, using=None, keep_parents=False):
        raise ValidationError(_("Logs cannot be destroyed."))
    class Meta:
        verbose_name = _("changelog")
        verbose_name_plural = _("changelogs")
@@ -86,3 +83,6 @@ class Changelog(models.Model):
    def __str__(self):
        return _("Changelog of type \"{action}\" for model {model} at {timestamp}").format(
            action=self.get_action_display(), model=str(self.model), timestamp=str(self.timestamp))
    def delete(self, using=None, keep_parents=False):
        raise ValidationError(_("Logs cannot be destroyed."))
--- a/apps/logs/signals.py
+++ b/apps/logs/signals.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib.contenttypes.models import ContentType
@@ -56,13 +56,13 @@ def save_object(sender, instance, **kwargs):
    # noinspection PyProtectedMember
    previous = instance._previous
-    # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
+    # Si un⋅e utilisateur⋅rice est connecté⋅e, on récupère l'utilisateur⋅rice courant⋅e ainsi que son adresse IP
    request = get_current_request()
    if request is None:
        # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
        # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
-        # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
+        # IMPORTANT : l'utilisateur⋅rice dans la VM doit être un des alias note du respo info
        ip = "127.0.0.1"
        username = Alias.normalize(getpass.getuser())
        note = NoteUser.objects.filter(alias__normalized_name=username)
@@ -134,13 +134,13 @@ def delete_object(sender, instance, **kwargs):
    if instance._meta.label_lower in EXCLUDED or hasattr(instance, "_no_signal"):
        return
-    # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
+    # Si un⋅e utilisateur⋅rice est connecté⋅e, on récupère l'utilisateur⋅rice courant⋅e ainsi que son adresse IP
    request = get_current_request()
    if request is None:
        # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
        # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
-        # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
+        # IMPORTANT : l'utilisateur⋅rice dans la VM doit être un des alias note du respo info
        ip = "127.0.0.1"
        username = Alias.normalize(getpass.getuser())
        note = NoteUser.objects.filter(alias__normalized_name=username)
--- a/apps/member/init.py
+++ b/apps/member/init.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'member.apps.MemberConfig'
--- a/apps/member/admin.py
+++ b/apps/member/admin.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib import admin
--- a/apps/member/api/serializers.py
+++ b/apps/member/api/serializers.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from rest_framework import serializers
--- a/apps/member/api/urls.py
+++ b/apps/member/api/urls.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import ProfileViewSet, ClubViewSet, MembershipViewSet
--- a/apps/member/api/views.py
+++ b/apps/member/api/views.py
@@ -1,8 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.filters import OrderingFilter
 from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 from .serializers import ProfileSerializer, ClubSerializer, MembershipSerializer
@@ -17,7 +18,7 @@ class ProfileViewSet(ReadProtectedModelViewSet):
    """
    queryset = Profile.objects.order_by('id')
    serializer_class = ProfileSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['user', 'user__first_name', 'user__last_name', 'user__username', 'user__email',
                        'user__note__alias__name', 'user__note__alias__normalized_name', 'phone_number', "section",
                        'department', 'promotion', 'address', 'paid', 'ml_events_registration', 'ml_sport_registration',
@@ -34,7 +35,7 @@ class ClubViewSet(ReadProtectedModelViewSet):
    """
    queryset = Club.objects.order_by('id')
    serializer_class = ClubSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'email', 'note__alias__name', 'note__alias__normalized_name', 'parent_club',
                        'parent_club__name', 'require_memberships', 'membership_fee_paid', 'membership_fee_unpaid',
                        'membership_duration', 'membership_start', 'membership_end', ]
@@ -49,7 +50,7 @@ class MembershipViewSet(ReadProtectedModelViewSet):
    """
    queryset = Membership.objects.order_by('id')
    serializer_class = MembershipSerializer
-    filter_backends = [DjangoFilterBackend, OrderingFilter, SearchFilter]
+    filter_backends = [DjangoFilterBackend, OrderingFilter, RegexSafeSearchFilter]
    filterset_fields = ['club__name', 'club__email', 'club__note__alias__name', 'club__note__alias__normalized_name',
                        'user__username', 'user__last_name', 'user__first_name', 'user__email',
                        'user__note__alias__name', 'user__note__alias__normalized_name',
--- a/apps/member/apps.py
+++ b/apps/member/apps.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/member/auth.py
+++ b/apps/member/auth.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from cas_server.auth import DjangoAuthUser  # pragma: no cover
--- a/apps/member/forms.py
+++ b/apps/member/forms.py
@@ -1,9 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import io
-from PIL import Image, ImageSequence
+from bootstrap_datepicker_plus.widgets import DatePickerInput
 from django import forms
 from django.conf import settings
 from django.contrib.auth.forms import AuthenticationForm
@@ -13,8 +13,9 @@ from django.forms import CheckboxSelectMultiple
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from note.models import NoteSpecial, Alias
-from note_kfet.inputs import Autocomplete, AmountInput, DatePickerInput
+from note_kfet.inputs import Autocomplete, AmountInput
 from permission.models import PermissionMask, Role
 from PIL import Image, ImageSequence
 from .models import Profile, Club, Membership
@@ -22,7 +23,7 @@ from .models import Profile, Club, Membership
 class CustomAuthenticationForm(AuthenticationForm):
    permission_mask = forms.ModelChoiceField(
        label=_("Permission mask"),
-        queryset=PermissionMask.objects.order_by("rank"),
+        queryset=PermissionMask.objects.order_by("-rank"),
        empty_label=None,
    )
@@ -32,7 +33,7 @@ class UserForm(forms.ModelForm):
        # Django usernames can only contain letters, numbers, @, ., +, - and _.
        # We want to allow users to have uncommon and unpractical usernames:
        # That is their problem, and we have normalized aliases for us.
-        return super()._get_validation_exclusions() + ["username"]
+        return super()._get_validation_exclusions() | {"username"}
    class Meta:
        model = User
@@ -43,10 +44,18 @@ class ProfileForm(forms.ModelForm):
    """
    A form for the extras field provided by the :model:`member.Profile` model.
    """
    # Remove widget=forms.HiddenInput() if you want to use report frequency.
    report_frequency = forms.IntegerField(required=False, initial=0, label=_("Report frequency"))
    last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last report date"))
    VSS_charter_read = forms.BooleanField(
        required=True,
        label=_("Anti-VSS (<em>Violences Sexistes et Sexuelles</em>) charter read and approved"),
        help_text=_("Tick after having read and accepted the anti-VSS charter \
        <a href=https://perso.crans.org/club-bde/Charte-anti-VSS.pdf target=_blank> available here in pdf</a>")
    )
    def clean_promotion(self):
        promotion = self.cleaned_data["promotion"]
        if promotion > timezone.now().year:
@@ -68,7 +77,8 @@ class ProfileForm(forms.ModelForm):
    class Meta:
        model = Profile
        fields = '__all__'
-        exclude = ('user', 'email_confirmed', 'registration_valid', )
+        # Remove ml_[asso]_registration from exclude if the concerned association uses nk20 to manage its mailing list.
        exclude = ('user', 'email_confirmed', 'registration_valid', 'ml_sport_registration', )
 class ImageForm(forms.Form):
@@ -114,7 +124,7 @@ class ImageForm(forms.Form):
                frame = frame.crop((x, y, x + w, y + h))
                frame = frame.resize(
                    (settings.PIC_WIDTH, settings.PIC_RATIO * settings.PIC_WIDTH),
-                    Image.ANTIALIAS,
+                    Image.LANCZOS,
                )
                frames.append(frame)
@@ -131,6 +141,9 @@ class ImageForm(forms.Form):
        return cleaned_data
    def is_valid(self):
        return super().is_valid() or super().clean().get('image') is None
 class ClubForm(forms.ModelForm):
    def clean(self):
@@ -144,7 +157,7 @@ class ClubForm(forms.ModelForm):
    class Meta:
        model = Club
-        fields = '__all__'
+        exclude = ("add_registration_form",)
        widgets = {
            "membership_fee_paid": AmountInput(),
            "membership_fee_unpaid": AmountInput(),
@@ -200,9 +213,9 @@ class MembershipForm(forms.ModelForm):
    class Meta:
        model = Membership
        fields = ('user', 'date_start')
-        # Le champ d'utilisateur est remplacé par un champ d'auto-complétion.
+        # Le champ d'utilisateur⋅rice est remplacé par un champ d'auto-complétion.
        # Quand des lettres sont tapées, une requête est envoyée sur l'API d'auto-complétion
-        # et récupère les noms d'utilisateur valides
+        # et récupère les noms d'utilisateur⋅rices valides
        widgets = {
            'user':
                Autocomplete(
--- a/apps/member/hashers.py
+++ b/apps/member/hashers.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import hashlib
--- a/apps/member/migrations/0009_auto_20220904_2325.py
+++ b/apps/member/migrations/0009_auto_20220904_2325.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.26 on 2022-09-04 21:25
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0008_auto_20211005_1544'),
    ]
    operations = [
        migrations.AlterField(
            model_name='profile',
            name='promotion',
            field=models.PositiveSmallIntegerField(default=2022, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
        ),
    ]
--- a/apps/member/migrations/0010_new_default_year.py
+++ b/apps/member/migrations/0010_new_default_year.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2023-08-23 21:29
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0009_auto_20220904_2325'),
    ]
    operations = [
        migrations.AlterField(
            model_name='profile',
            name='promotion',
            field=models.PositiveSmallIntegerField(default=2023, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
        ),
    ]
--- a/apps/member/migrations/0011_profile_vss_charter_read.py
+++ b/apps/member/migrations/0011_profile_vss_charter_read.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2023-08-31 09:50
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0010_new_default_year'),
    ]
    operations = [
        migrations.AddField(
            model_name='profile',
            name='VSS_charter_read',
            field=models.BooleanField(default=False, verbose_name='VSS charter read'),
        ),
    ]
--- a/apps/member/migrations/0012_club_add_registration_form.py
+++ b/apps/member/migrations/0012_club_add_registration_form.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2024-07-15 09:24
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0011_profile_vss_charter_read'),
    ]
    operations = [
        migrations.AddField(
            model_name='club',
            name='add_registration_form',
            field=models.BooleanField(default=False, verbose_name='add to registration form'),
        ),
    ]
--- a/apps/member/migrations/0013_auto_20240801_1436.py
+++ b/apps/member/migrations/0013_auto_20240801_1436.py
@@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2024-08-01 12:36
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0012_club_add_registration_form'),
    ]
    operations = [
        migrations.AlterField(
            model_name='profile',
            name='promotion',
            field=models.PositiveSmallIntegerField(default=2024, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
        ),
    ]
--- a/apps/member/migrations/0014_create_bda.py
+++ b/apps/member/migrations/0014_create_bda.py
@@ -0,0 +1,46 @@
 from django.db import migrations
 def create_bda(apps, schema_editor):
    """
    The club BDA is now pre-injected.
    """
    Club = apps.get_model("member", "club")
    NoteClub = apps.get_model("note", "noteclub")
    Alias = apps.get_model("note", "alias")
    ContentType = apps.get_model('contenttypes', 'ContentType')
    polymorphic_ctype_id = ContentType.objects.get_for_model(NoteClub).id
    Club.objects.get_or_create(
        id=10,
        name="BDA",
        email="bda.ensparissaclay@gmail.com",
        require_memberships=True,
        membership_fee_paid=750,
        membership_fee_unpaid=750,
        membership_duration=396,
        membership_start="2024-08-01",
        membership_end="2025-09-30",
    )
    NoteClub.objects.get_or_create(
        id=1937,
        club_id=10,
        polymorphic_ctype_id=polymorphic_ctype_id,
    )
    Alias.objects.get_or_create(
        id=1937,
        note_id=1937,
        name="BDA",
        normalized_name="bda",
    )
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0013_auto_20240801_1436'),
    ]
    operations = [
        migrations.RunPython(create_bda),
    ]
--- a/apps/member/models.py
+++ b/apps/member/models.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import datetime
@@ -28,7 +28,6 @@ class Profile(models.Model):
    We do not want to patch the Django Contrib :model:`auth.User`model;
    so this model add an user profile with additional information.
    """
    user = models.OneToOneField(
        settings.AUTH_USER_MODEL,
        on_delete=models.CASCADE,
@@ -134,6 +133,22 @@ class Profile(models.Model):
        default=False,
    )
    VSS_charter_read = models.BooleanField(
        verbose_name=_("VSS charter read"),
        default=False
    )
    class Meta:
        verbose_name = _('user profile')
        verbose_name_plural = _('user profile')
        indexes = [models.Index(fields=['user'])]
    def __str__(self):
        return str(self.user)
    def get_absolute_url(self):
        return reverse('member:user_detail', args=(self.user_id,))
    @property
    def ens_year(self):
        """
@@ -158,17 +173,6 @@ class Profile(models.Model):
            return SogeCredit.objects.filter(user=self.user, credit_transaction__isnull=False).exists()
        return False
    class Meta:
        verbose_name = _('user profile')
        verbose_name_plural = _('user profile')
        indexes = [models.Index(fields=['user'])]
    def get_absolute_url(self):
        return reverse('member:user_detail', args=(self.user_id,))
    def __str__(self):
        return str(self.user)
    def send_email_validation_link(self):
        subject = "[Note Kfet] " + str(_("Activate your Note Kfet account"))
        token = email_validation_token.make_token(self.user)
@@ -200,9 +204,11 @@ class Club(models.Model):
        max_length=255,
        unique=True,
    )
    email = models.EmailField(
        verbose_name=_('email'),
    )
    parent_club = models.ForeignKey(
        'self',
        null=True,
@@ -253,25 +259,17 @@ class Club(models.Model):
        help_text=_('Maximal date of a membership, after which members must renew it.'),
    )
-    def update_membership_dates(self):
+    add_registration_form = models.BooleanField(
-        """
+        verbose_name=_("add to registration form"),
-        This function is called each time the club detail view is displayed.
+        default=False,
-        Update the year of the membership dates.
+    )
        """
        if not self.membership_start or not self.membership_end:
            return
-        today = datetime.date.today()
+    class Meta:
        verbose_name = _("club")
        verbose_name_plural = _("clubs")
-        if (today - self.membership_start).days >= 365:
+    def __str__(self):
-            if self.membership_start:
+        return self.name
                self.membership_start = datetime.date(self.membership_start.year + 1,
                                                      self.membership_start.month, self.membership_start.day)
            if self.membership_end:
                self.membership_end = datetime.date(self.membership_end.year + 1,
                                                    self.membership_end.month, self.membership_end.day)
            self._force_save = True
            self.save(force_update=True)
    @transaction.atomic
    def save(self, force_insert=False, force_update=False, using=None,
@@ -284,16 +282,36 @@ class Club(models.Model):
            self.membership_end = None
        super().save(force_insert, force_update, update_fields)
    class Meta:
        verbose_name = _("club")
        verbose_name_plural = _("clubs")
    def __str__(self):
        return self.name
    def get_absolute_url(self):
        return reverse_lazy('member:club_detail', args=(self.pk,))
    def update_membership_dates(self):
        """
        This function is called each time the club detail view is displayed.
        Update the year of the membership dates.
        """
        if not self.membership_start or not self.membership_end:
            return
        today = datetime.date.today()
        # Avoid any problems on February 29
        if self.membership_start.month == 2 and self.membership_start.day == 29:
            self.membership_start -= datetime.timedelta(days=1)
        if self.membership_end.month == 2 and self.membership_end.day == 29:
            self.membership_end += datetime.timedelta(days=1)
        while today >= datetime.date(self.membership_start.year + 1,
                                     self.membership_start.month, self.membership_start.day):
            if self.membership_start:
                self.membership_start = datetime.date(self.membership_start.year + 1,
                                                      self.membership_start.month, self.membership_start.day)
            if self.membership_end:
                self.membership_end = datetime.date(self.membership_end.year + 1,
                                                    self.membership_end.month, self.membership_end.day)
            self._force_save = True
            self.save(force_update=True)
 class Membership(models.Model):
    """
@@ -333,6 +351,66 @@ class Membership(models.Model):
        verbose_name=_('fee'),
    )
    class Meta:
        verbose_name = _('membership')
        verbose_name_plural = _('memberships')
        indexes = [models.Index(fields=['user'])]
    def __str__(self):
        return _("Membership of {user} for the club {club}").format(user=self.user.username, club=self.club.name, )
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
        Calculate fee and end date before saving the membership and creating the transaction if needed.
        """
        # Ensure that club membership dates are valid
        old_membership_start = self.club.membership_start
        self.club.update_membership_dates()
        if self.club.membership_start != old_membership_start:
            self.club.save()
        created = not self.pk
        if not created:
            for role in self.roles.all():
                club = role.for_club
                if club is not None:
                    if club.pk != self.club_id:
                        raise ValidationError(_('The role {role} does not apply to the club {club}.')
                                              .format(role=role.name, club=club.name))
        else:
            if Membership.objects.filter(
                    user=self.user,
                    club=self.club,
                    date_start__lte=self.date_start,
                    date_end__gte=self.date_start,
            ).exists():
                raise ValidationError(_('User is already a member of the club'))
            if self.club.parent_club is not None:
                # Check that the user is already a member of the parent club if the membership is created
                if not Membership.objects.filter(
                    user=self.user,
                    club=self.club.parent_club,
                    date_start__gte=self.club.parent_club.membership_start,
                ).exists():
                    if hasattr(self, '_force_renew_parent') and self._force_renew_parent:
                        self.renew_parent()
                    else:
                        raise ValidationError(_('User is not a member of the parent club')
                                              + ' ' + self.club.parent_club.name)
            self.fee = self.club.membership_fee_paid if self.user.profile.paid else self.club.membership_fee_unpaid
            self.date_end = self.date_start + datetime.timedelta(days=self.club.membership_duration) \
                if self.club.membership_duration is not None else self.date_start + datetime.timedelta(days=424242)
            if self.club.membership_end is not None and self.date_end > self.club.membership_end:
                self.date_end = self.club.membership_end
        super().save(*args, **kwargs)
        self.make_transaction()
    @property
    def valid(self):
        """
@@ -402,66 +480,14 @@ class Membership(models.Model):
            if self.club.parent_club.name == "BDE":
                parent_membership.roles.set(
-                    Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all())
+                    Role.objects.filter(Q(name="Adhérent⋅e BDE") | Q(name="Membre de club")).all())
            elif self.club.parent_club.name == "Kfet":
                parent_membership.roles.set(
-                    Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all())
+                    Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all())
            else:
                parent_membership.roles.set(Role.objects.filter(name="Membre de club").all())
            parent_membership.save()
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
        Calculate fee and end date before saving the membership and creating the transaction if needed.
        """
        # Ensure that club membership dates are valid
        old_membership_start = self.club.membership_start
        self.club.update_membership_dates()
        if self.club.membership_start != old_membership_start:
            self.club.save()
        created = not self.pk
        if not created:
            for role in self.roles.all():
                club = role.for_club
                if club is not None:
                    if club.pk != self.club_id:
                        raise ValidationError(_('The role {role} does not apply to the club {club}.')
                                              .format(role=role.name, club=club.name))
        else:
            if Membership.objects.filter(
                    user=self.user,
                    club=self.club,
                    date_start__lte=self.date_start,
                    date_end__gte=self.date_start,
            ).exists():
                raise ValidationError(_('User is already a member of the club'))
            if self.club.parent_club is not None:
                # Check that the user is already a member of the parent club if the membership is created
                if not Membership.objects.filter(
                    user=self.user,
                    club=self.club.parent_club,
                    date_start__gte=self.club.parent_club.membership_start,
                ).exists():
                    if hasattr(self, '_force_renew_parent') and self._force_renew_parent:
                        self.renew_parent()
                    else:
                        raise ValidationError(_('User is not a member of the parent club')
                                              + ' ' + self.club.parent_club.name)
            self.fee = self.club.membership_fee_paid if self.user.profile.paid else self.club.membership_fee_unpaid
            self.date_end = self.date_start + datetime.timedelta(days=self.club.membership_duration) \
                if self.club.membership_duration is not None else self.date_start + datetime.timedelta(days=424242)
            if self.club.membership_end is not None and self.date_end > self.club.membership_end:
                self.date_end = self.club.membership_end
        super().save(*args, **kwargs)
        self.make_transaction()
    def make_transaction(self):
        """
        Create Membership transaction associated to this membership.
@@ -499,11 +525,3 @@ class Membership(models.Model):
                soge_credit.save()
            else:
                transaction.save(force_insert=True)
    def __str__(self):
        return _("Membership of {user} for the club {club}").format(user=self.user.username, club=self.club.name, )
    class Meta:
        verbose_name = _('membership')
        verbose_name_plural = _('memberships')
        indexes = [models.Index(fields=['user'])]
--- a/apps/member/signals.py
+++ b/apps/member/signals.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
--- a/apps/member/static/member/js/trust.js
+++ b/apps/member/static/member/js/trust.js
@@ -1,7 +1,7 @@
 /**
 * On form submit, create a new friendship
 */
-function create_trust (e) {
+function form_create_trust (e) {
  // Do not submit HTML form
  e.preventDefault()
@@ -14,25 +14,35 @@ function create_trust (e) {
         addMsg(gettext("You can't add yourself as a friend"), "danger")
         return
      }
-      $.post('/api/note/trust/', {
+      create_trust(formData.get('trusting'), trusted_alias.note)
        csrfmiddlewaretoken: formData.get('csrfmiddlewaretoken'),
        trusting: formData.get('trusting'),
        trusted: trusted_alias.note
      }).done(function () {
        // Reload table
        $('#trust_table').load(location.pathname + ' #trust_table')
        addMsg(gettext('Friendship successfully added'), 'success')
      }).fail(function (xhr, _textStatus, _error) {
        errMsg(xhr.responseJSON)
      })
    }).fail(function (xhr, _textStatus, _error) {
        errMsg(xhr.responseJSON)
    })
 }
 /**
- * On click of "delete", delete the alias
+ * Create a trust between users
- * @param button_id:Integer Alias id to remove
+ * @param trusting:Integer trusting note id
 * @param trusted:Integer trusted note id
 */
 function create_trust(trusting, trusted) {
  $.post('/api/note/trust/', {
      trusting: trusting,
      trusted: trusted,
      csrfmiddlewaretoken: CSRF_TOKEN
  }).done(function () {
  // Reload tables
  $('#trust_table').load(location.pathname + ' #trust_table')
  $('#trusted_table').load(location.pathname + ' #trusted_table')
    addMsg(gettext('Friendship successfully added'), 'success')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
 }
 /**
 * On click of "delete", delete the trust
 * @param button_id:Integer Trust id to remove
 */
 function delete_button (button_id) {
  $.ajax({
@@ -42,6 +52,7 @@ function delete_button (button_id) {
  }).done(function () {
    addMsg(gettext('Friendship successfully deleted'), 'success')
    $('#trust_table').load(location.pathname + ' #trust_table')
    $('#trusted_table').load(location.pathname + ' #trusted_table')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
@@ -49,5 +60,5 @@ function delete_button (button_id) {
 $(document).ready(function () {
  // Attach event
-  document.getElementById('form_trust').addEventListener('submit', create_trust)
+  document.getElementById('form_trust').addEventListener('submit', form_create_trust)
 })
--- a/apps/member/tables.py
+++ b/apps/member/tables.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import date
@@ -42,12 +42,12 @@ class UserTable(tables.Table):
    """
    alias = tables.Column()
-    section = tables.Column(accessor='profile__section')
+    section = tables.Column(accessor='profile__section', orderable=False)
    # Override the column to let replace the URL
    email = tables.EmailColumn(linkify=lambda record: "mailto:{}".format(record.email))
-    balance = tables.Column(accessor='note__balance', verbose_name=_("Balance"))
+    balance = tables.Column(accessor='note__balance', verbose_name=_("Balance"), orderable=False)
    def render_email(self, record, value):
        # Replace the email by a dash if the user can't see the profile detail
--- a/apps/member/templates/member/club_members.html
+++ b/apps/member/templates/member/club_members.html
@@ -11,7 +11,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
        {{ title }}
    </h3>
    <div class="card-body">
-        <input id="searchbar" type="text" class="form-control" placeholder="Nom/prénom/note…">
+        <input id="searchbar" type="text" class="form-control" placeholder="Nom/prénom/note...">
        <div class="form-check">
            <label class="form-check-label" for="only_active">
                <input type="checkbox" class="checkboxinput form-check-input" id="only_active"
--- a/apps/member/templates/member/includes/profile_info.html
+++ b/apps/member/templates/member/includes/profile_info.html
@@ -60,7 +60,10 @@
 {% if user_object.pk == user.pk %}
    <div class="text-center">
        <a class="small badge badge-secondary" href="{% url 'member:auth_token' %}">
-            <i class="fa fa-cogs"></i>{% trans 'API token' %}
+            <i class="fa fa-cogs"></i>&nbsp;{% trans 'API token' %}
        </a>
        <a class="small badge badge-secondary" href="{% url 'member:qr_code' user_object.pk %}">
            <i class="fa fa-qrcode"></i>&nbsp;{% trans 'QR Code' %}
        </a>
    </div>
 {% endif %}
--- a/apps/member/templates/member/picture_update.html
+++ b/apps/member/templates/member/picture_update.html
@@ -14,15 +14,20 @@ SPDX-License-Identifier: GPL-3.0-or-later
      <form method="post" enctype="multipart/form-data" id="formUpload">
        {% csrf_token %}
        {{ form |crispy }}
        {% if user.note.display_image != "pic/default.png" %}
          <input type="submit" class="btn btn-primary" value="{% trans "Remove" %}">
        {% endif %}
      </form>
    </div>
    <!-- MODAL TO CROP THE IMAGE -->
-    <div class="modal fade" id="modalCrop">
+    <div class="modal fade" id="modalCrop" data-backdrop="static">
      <div class="modal-dialog">
        <div class="modal-content">
-          <div class="modal-body">
+            <div class="modal-body-wrapper" style="width: 500px; height: 500px; padding: 16px;">
-            <img src="" id="modal-image" style="max-width: 100%;">
+              <div class="modal-body" style="width: 100%; height: 100%; padding: 0">
-          </div>
+                <img src="" id="modal-image" style="display: block; max-width: 100%;">
              </div>
            </div>
          <div class="modal-footer">
            <div class="btn-group pull-left" role="group">
              <button type="button" class="btn btn-default" id="js-zoom-in">
--- a/apps/member/templates/member/profile_trust.html
+++ b/apps/member/templates/member/profile_trust.html
@@ -7,7 +7,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% block profile_content %}
 <div class="card bg-light mb-3">
    <h3 class="card-header text-center">
-        {% trans "Note friendships" %}
+        {% trans "Add friends" %}
    </h3>
    <div class="card-body">
        {% if can_create %}
@@ -24,7 +24,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
    {% render_table trusting %}
 </div>
-<div class="alert alert-warning card">
+<div class="alert alert-warning card mb-3">
    {% blocktrans trimmed %}
        Adding someone as a friend enables them to initiate transactions coming
        from your account (while keeping your balance positive). This is
@@ -33,6 +33,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
        friends without needing additional rights among them.
    {% endblocktrans %}
 </div>
 <div class="card bg-light mb-3">
    <h3 class="card-header text-center">
        {% trans "People having you as a friend" %}
    </h3>
    {% render_table trusted_by %}
 </div>
 {% endblock %}
 {% block extrajavascript %}
--- a/apps/member/templates/member/qr_code.html
+++ b/apps/member/templates/member/qr_code.html
@@ -0,0 +1,36 @@
 {% extends "base.html" %}
 {% comment %}
 SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n %}
 {% block content %}
 <div class="card bg-light">
  	<h3 class="card-header text-center">
 		{% trans "QR Code for" %} {{ user_object.username }} ({{ user_object.first_name }} {{user_object.last_name }})
  	</h3>
  	<div class="text-center" id="qrcode">
  	</div>
 </div>
 {% endblock %}
 {% block extrajavascript %}
 <script src="https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js" integrity="sha512-CNgIRecGo7nphbeZ04Sc13ka07paqdeTu0WR1IM4kNcpmBAUSHSQX0FslNhTDadL4O5SAGapGt4FodqL8My0mA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 <script>
 	var qrc = new QRCode(document.getElementById("qrcode"), {
 		text: "{{ user_object.pk }}\0",
 		width: 1024,
 		height: 1024
 	});
 </script>
 {% endblock %}
 {% block extracss %}
 <style>
 img {
    width: 100%
 }
 </style>
 {% endblock %}
--- a/apps/member/templatetags/memberinfo.py
+++ b/apps/member/templatetags/memberinfo.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import date
--- a/apps/member/tests/test_memberships.py
+++ b/apps/member/tests/test_memberships.py
@@ -183,7 +183,7 @@ class TestMemberships(TestCase):
                club = Club.objects.get(name="Kfet")
            else:
                club = Club.objects.create(
-                    name="Second club " + ("with BDE" if bde_parent else "without BDE"),
+                    name="Second club without BDE",
                    parent_club=None,
                    email="newclub@example.com",
                    require_memberships=True,
@@ -291,7 +291,7 @@ class TestMemberships(TestCase):
        response = self.client.post(reverse("member:club_manage_roles", args=(self.membership.pk,)), data=dict(
            roles=[role.id for role in Role.objects.filter(
-                Q(name="Membre de club") | Q(name="Trésorier·ère de club") | Q(name="Bureau de club")).all()],
+                Q(name="Membre de club") | Q(name="Trésorièr⋅e de club") | Q(name="Bureau de club")).all()],
        ))
        self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200)
        self.membership.refresh_from_db()
@@ -335,6 +335,7 @@ class TestMemberships(TestCase):
            ml_sports_registration=True,
            ml_art_registration=True,
            report_frequency=7,
            VSS_charter_read=True
        ))
        self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200)
        self.assertTrue(User.objects.filter(username="toto changed").exists())
--- a/apps/member/urls.py
+++ b/apps/member/urls.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.urls import path
@@ -25,4 +25,5 @@ urlpatterns = [
    path('user/<int:pk>/aliases/', views.ProfileAliasView.as_view(), name="user_alias"),
    path('user/<int:pk>/trust', views.ProfileTrustView.as_view(), name="user_trust"),
    path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
    path('user/<int:pk>/qr_code/', views.QRCodeView.as_view(), name='qr_code'),
 ]
--- a/apps/member/views.py
+++ b/apps/member/views.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta, date
@@ -8,7 +8,6 @@ from django.contrib.auth import logout
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.contrib.auth.views import LoginView
 from django.contrib.contenttypes.models import ContentType
 from django.db import transaction
 from django.db.models import Q, F
 from django.shortcuts import redirect
@@ -17,17 +16,19 @@ from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DetailView, UpdateView, TemplateView
 from django.views.generic.edit import FormMixin
-from django_tables2.views import SingleTableView
+from django_tables2.views import MultiTableMixin, SingleTableMixin, SingleTableView
 from rest_framework.authtoken.models import Token
 from api.viewsets import is_regex
 from note.models import Alias, NoteClub, NoteUser, Trust
 from note.models.transactions import Transaction, SpecialTransaction
-from note.tables import HistoryTable, AliasTable, TrustTable
+from note.tables import HistoryTable, AliasTable, TrustTable, TrustedTable
 from note_kfet.middlewares import _set_current_request
 from permission.backends import PermissionBackend
 from permission.models import Role
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 from django import forms
-from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm,\
+from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \
    CustomAuthenticationForm, MembershipRolesForm
 from .models import Club, Membership
 from .tables import ClubTable, UserTable, MembershipTable, ClubManagerTable
@@ -72,11 +73,24 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
        form.fields['email'].required = True
        form.fields['email'].help_text = _("This address must be valid.")
-        if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile):
+        profile_form = self.profile_form(instance=context['user_object'].profile,
-            context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
+                                         data=self.request.POST if self.request.POST else None)
-                                                        data=self.request.POST if self.request.POST else None)
+
-            if not self.object.profile.report_frequency:
+        if not self.object.profile.report_frequency:
-                del context['profile_form'].fields["last_report"]
+            del profile_form.fields["last_report"]
        fields_to_check = list(profile_form.fields.keys())
        fields_modifiable = False
        # Delete the fields for which the user does not have the permission to modify
        for field_name in fields_to_check:
            if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile):
                profile_form.fields[field_name].widget = forms.HiddenInput()
            else:
                fields_modifiable = True
        if fields_modifiable:
            context['profile_form'] = profile_form
        return context
@@ -220,16 +234,20 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            qs = qs.filter(
-                username__iregex="^" + pattern
+                Q(**{f"username{suffix}": prefix + pattern})
            ).union(
                qs.filter(
-                    (Q(alias__iregex="^" + pattern)
+                    (Q(**{f"alias{suffix}": prefix + pattern})
-                     | Q(normalized_alias__iregex="^" + Alias.normalize(pattern))
+                     | Q(**{f"normalized_alias{suffix}": prefix + Alias.normalize(pattern)})
-                     | Q(last_name__iregex="^" + pattern)
+                     | Q(**{f"last_name{suffix}": prefix + pattern})
-                     | Q(first_name__iregex="^" + pattern)
+                     | Q(**{f"first_name{suffix}": prefix + pattern})
                     | Q(email__istartswith=pattern))
-                    & ~Q(username__iregex="^" + pattern)
+                    & ~Q(**{f"username{suffix}": prefix + pattern})
                ), all=True)
        else:
            qs = qs.none()
@@ -244,7 +262,7 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        return context
-class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
    """
    View and manage user trust relationships
    """
@@ -253,22 +271,35 @@ class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = 'user_object'
    extra_context = {"title": _("Note friendships")}
    tables = [
        lambda data: TrustTable(data, prefix="trust-"),
        lambda data: TrustedTable(data, prefix="trusted-"),
    ]
    def get_tables_data(self):
        note = self.object.note
        return [
            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct(),
            note.trusted.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct(),
        ]
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        note = context['object'].note
+
-        context["trusting"] = TrustTable(
+        tables = context["tables"]
-            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+        for name, table in zip(["trusting", "trusted_by"], tables):
            context[name] = table
        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_trust", Trust(
            trusting=context["object"].note,
            trusted=context["object"].note
        ))
        context["widget"] = {
            "name": "trusted",
            "resetable": True,
            "attrs": {
                "model_pk": ContentType.objects.get_for_model(Alias).pk,
                "class": "autocomplete form-control",
                "id": "trusted",
                "resetable": True,
                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
                "name_field": "name",
                "placeholder": ""
@@ -277,7 +308,7 @@ class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        return context
-class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableMixin, DetailView):
    """
    View and manage user aliases.
    """
@@ -286,12 +317,15 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = 'user_object'
    extra_context = {"title": _("Note aliases")}
    table_class = AliasTable
    context_table_name = "aliases"
    def get_table_data(self):
        return self.object.note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct() \
                                     .order_by('normalized_name')
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        note = context['object'].note
        context["aliases"] = AliasTable(
            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
            .order_by('normalized_name').all())
        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
@@ -326,12 +360,15 @@ class PictureUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin, Det
        """Save image to note"""
        image = form.cleaned_data['image']
-        # Rename as a PNG or GIF
+        if image is None:
-        extension = image.name.split(".")[-1]
+            image = "pic/default.png"
        if extension == "gif":
            image.name = "{}_pic.gif".format(self.object.note.pk)
        else:
-            image.name = "{}_pic.png".format(self.object.note.pk)
+            # Rename as a PNG or GIF
            extension = image.name.split(".")[-1]
            if extension == "gif":
                image.name = "{}_pic.gif".format(self.object.note.pk)
            else:
                image.name = "{}_pic.png".format(self.object.note.pk)
        # Save
        self.object.note.display_image = image
@@ -365,6 +402,14 @@ class ManageAuthTokens(LoginRequiredMixin, TemplateView):
        context['token'] = Token.objects.get_or_create(user=self.request.user)[0]
        return context
 class QRCodeView(LoginRequiredMixin, DetailView):
    """
    Affiche le QR Code
    """
    model = User
    context_object_name = "user_object"
    template_name = "member/qr_code.html"
    extra_context = {"title": _("QR Code")}
 # ******************************* #
 #              CLUB               #
@@ -407,10 +452,15 @@ class ClubListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        if "search" in self.request.GET:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            qs = qs.filter(
-                Q(name__iregex=pattern)
+                Q(**{f"name{suffix}": prefix + pattern})
-                | Q(note__alias__name__iregex=pattern)
+                | Q(**{f"note__alias__name{suffix}": prefix + pattern})
-                | Q(note__alias__normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
            )
        return qs
@@ -507,7 +557,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        return context
-class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableMixin, DetailView):
    """
    Manage aliases of a club.
    """
@@ -516,11 +566,16 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = 'club'
    extra_context = {"title": _("Note aliases")}
    table_class = AliasTable
    context_table_name = "aliases"
    def get_table_data(self):
        return self.object.note.alias.filter(
            PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        note = context['object'].note
+
        context["aliases"] = AliasTable(note.alias.filter(
            PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
@@ -753,6 +808,10 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
            club = old_membership.club
            user = old_membership.user
        # Update club membership date
        if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club):
            club.update_membership_dates()
        form.instance.club = club
        # Get form data
@@ -820,8 +879,8 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        ret = super().form_valid(form)
-        member_role = Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all() \
+        member_role = Role.objects.filter(Q(name="Adhérent⋅e BDE") | Q(name="Membre de club")).all() \
-            if club.name == "BDE" else Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all() \
+            if club.name == "BDE" else Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all() \
            if club.name == "Kfet"else Role.objects.filter(name="Membre de club").all()
        # Set the same roles as before
        if old_membership:
@@ -857,7 +916,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
                membership.refresh_from_db()
                if old_membership.exists():
                    membership.roles.set(old_membership.get().roles.all())
-                membership.roles.set(Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all())
+                membership.roles.set(Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all())
                membership.save()
        return ret
@@ -905,10 +964,15 @@ class ClubMembersListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableV
        if 'search' in self.request.GET:
            pattern = self.request.GET['search']
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            qs = qs.filter(
-                Q(user__first_name__iregex='^' + pattern)
+                Q(**{f"user__first_name{suffix}": prefix + pattern})
-                | Q(user__last_name__iregex='^' + pattern)
+                | Q(**{f"user__last_name{suffix}": prefix + pattern})
-                | Q(user__note__alias__normalized_name__iregex='^' + Alias.normalize(pattern))
+                | Q(**{f"user__note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
            )
        only_active = "only_active" not in self.request.GET or self.request.GET["only_active"] != '0'
--- a/apps/note/init.py
+++ b/apps/note/init.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'note.apps.NoteConfig'
--- a/apps/note/admin.py
+++ b/apps/note/admin.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib import admin
@@ -7,7 +7,7 @@ from polymorphic.admin import PolymorphicChildModelAdmin, \
    PolymorphicChildModelFilter, PolymorphicParentModelAdmin
 from note_kfet.admin import admin_site
-from .models.notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
+from .models.notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust
 from .models.transactions import Transaction, TemplateCategory, TransactionTemplate, \
    RecurrentTransaction, MembershipTransaction, SpecialTransaction
 from .templatetags.pretty_money import pretty_money
@@ -21,6 +21,16 @@ class AliasInlines(admin.TabularInline):
    model = Alias
 class TrustInlines(admin.TabularInline):
    """
    Define trusts when editing the trusting note
    """
    model = Trust
    fk_name = "trusting"
    extra = 0
    readonly_fields = ("trusted",)
@admin.register(Note, site=admin_site)
 class NoteAdmin(PolymorphicParentModelAdmin):
    """
@@ -92,7 +102,7 @@ class NoteUserAdmin(PolymorphicChildModelAdmin):
    """
    Child for an user note, see NoteAdmin
    """
-    inlines = (AliasInlines,)
+    inlines = (AliasInlines, TrustInlines)
    # We can't change user after creation or the balance
    readonly_fields = ('user', 'balance')
--- a/apps/note/api/serializers.py
+++ b/apps/note/api/serializers.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
@@ -11,6 +11,7 @@ from member.models import Membership
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 from rest_framework.utils import model_meta
 from rest_framework.validators import UniqueTogetherValidator
 from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias, Trust
 from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \
@@ -86,11 +87,9 @@ class TrustSerializer(serializers.ModelSerializer):
    class Meta:
        model = Trust
        fields = '__all__'
-
+        validators = [UniqueTogetherValidator(
-    def validate(self, attrs):
+            queryset=Trust.objects.all(), fields=('trusting', 'trusted'),
-        instance = Trust(**attrs)
+            message=_("This friendship already exists"))]
        instance.clean()
        return attrs
 class AliasSerializer(serializers.ModelSerializer):
--- a/apps/note/api/urls.py
+++ b/apps/note/api/urls.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \
--- a/apps/note/api/views.py
+++ b/apps/note/api/views.py
@@ -1,19 +1,19 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import re
 from django.conf import settings
 from django.db.models import Q
 from django.core.exceptions import ValidationError
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.filters import OrderingFilter
-from rest_framework import viewsets
+from rest_framework import status, viewsets
 from rest_framework.response import Response
-from rest_framework import status
+from api.filters import RegexSafeSearchFilter
-from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
+from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet, \
    is_regex
 from permission.backends import PermissionBackend
-from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
+from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer, \
    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer, \
    TrustSerializer
 from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial, Trust
@@ -29,7 +29,7 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
    """
    queryset = Note.objects.order_by('id')
    serializer_class = NotePolymorphicSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter, OrderingFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter, OrderingFilter]
    filterset_fields = ['alias__name', 'polymorphic_ctype', 'is_active', 'balance', 'last_negative', 'created_at', ]
    search_fields = ['$alias__normalized_name', '$alias__name', '$polymorphic_ctype__model',
                     '$noteuser__user__last_name', '$noteuser__user__first_name', '$noteuser__user__email',
@@ -48,10 +48,14 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
            .distinct()
        alias = self.request.query_params.get("alias", ".*")
        # Check if this is a valid regex. If not, we won't check regex
        valid_regex = is_regex(alias)
        suffix = '__iregex' if valid_regex else '__istartswith'
        alias_prefix = '^' if valid_regex else ''
        queryset = queryset.filter(
-            Q(alias__name__iregex="^" + alias)
+            Q(**{f"alias__name{suffix}": alias_prefix + alias})
-            | Q(alias__normalized_name__iregex="^" + Alias.normalize(alias))
+            | Q(**{f"alias__normalized_name{suffix}": alias_prefix + Alias.normalize(alias)})
-            | Q(alias__normalized_name__iregex="^" + alias.lower())
+            | Q(**{f"alias__normalized_name{suffix}": alias_prefix + alias.lower()})
        )
        return queryset.order_by("id")
@@ -65,7 +69,7 @@ class TrustViewSet(ReadProtectedModelViewSet):
    """
    queryset = Trust.objects
    serializer_class = TrustSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name',
                     '$trusted__alias__name', '$trusted__alias__normalized_name']
    filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user']
@@ -91,11 +95,11 @@ class AliasViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer,
-    then render it on /api/note/aliases/
+    then render it on /api/note/alias/
    """
    queryset = Alias.objects
    serializer_class = AliasSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
    filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
                        'note__noteclub__club', 'note__polymorphic_ctype__model', ]
@@ -126,18 +130,22 @@ class AliasViewSet(ReadProtectedModelViewSet):
        alias = self.request.query_params.get("alias", None)
        if alias:
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(alias)
            suffix = '__iregex' if valid_regex else '__istartswith'
            alias_prefix = '^' if valid_regex else ''
            queryset = queryset.filter(
-                name__iregex="^" + alias
+                **{f"name{suffix}": alias_prefix + alias}
            ).union(
                queryset.filter(
-                    Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    Q(**{f"normalized_name{suffix}": alias_prefix + Alias.normalize(alias)})
-                    & ~Q(name__iregex="^" + alias)
+                    & ~Q(**{f"name{suffix}": alias_prefix + alias})
                ),
                all=True).union(
                queryset.filter(
-                    Q(normalized_name__iregex="^" + alias.lower())
+                    Q(**{f"normalized_name{suffix}": "^" + alias.lower()})
-                    & ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    & ~Q(**{f"normalized_name{suffix}": "^" + Alias.normalize(alias)})
-                    & ~Q(name__iregex="^" + alias)
+                    & ~Q(**{f"name{suffix}": "^" + alias})
                ),
                all=True)
@@ -147,7 +155,7 @@ class AliasViewSet(ReadProtectedModelViewSet):
 class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
    queryset = Alias.objects
    serializer_class = ConsumerSerializer
-    filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]
+    filter_backends = [RegexSafeSearchFilter, OrderingFilter, DjangoFilterBackend]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
    filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
                        'note__noteclub__club', 'note__polymorphic_ctype__model', ]
@@ -166,11 +174,7 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
        alias = self.request.query_params.get("alias", None)
        # Check if this is a valid regex. If not, we won't check regex
-        try:
+        valid_regex = is_regex(alias)
            re.compile(alias)
            valid_regex = True
        except (re.error, TypeError):
            valid_regex = False
        suffix = '__iregex' if valid_regex else '__istartswith'
        alias_prefix = '^' if valid_regex else ''
        queryset = queryset.prefetch_related('note')
@@ -179,19 +183,10 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
            # We match first an alias if it is matched without normalization,
            # then if the normalized pattern matches a normalized alias.
            queryset = queryset.filter(
-                **{f'name{suffix}': alias_prefix + alias}
+                Q(**{f'name{suffix}': alias_prefix + alias})
-            ).union(
+                | Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
-                queryset.filter(
+                | Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
-                    Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
+            )
                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
                ),
                all=True).union(
                queryset.filter(
                    Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
                    & ~Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
                ),
                all=True)
        queryset = queryset if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' \
            else queryset.order_by("name")
@@ -207,7 +202,7 @@ class TemplateCategoryViewSet(ReadProtectedModelViewSet):
    """
    queryset = TemplateCategory.objects.order_by('name')
    serializer_class = TemplateCategorySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'templates', 'templates__name']
    search_fields = ['$name', '$templates__name', ]
@@ -220,7 +215,7 @@ class TransactionTemplateViewSet(viewsets.ModelViewSet):
    """
    queryset = TransactionTemplate.objects.order_by('name')
    serializer_class = TransactionTemplateSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    filterset_fields = ['name', 'amount', 'display', 'category', 'category__name', ]
    search_fields = ['$name', '$category__name', ]
    ordering_fields = ['amount', ]
@@ -234,7 +229,7 @@ class TransactionViewSet(ReadProtectedModelViewSet):
    """
    queryset = Transaction.objects.order_by('-created_at')
    serializer_class = TransactionPolymorphicSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    filterset_fields = ['source', 'source_alias', 'source__alias__name', 'source__alias__normalized_name',
                        'destination', 'destination_alias', 'destination__alias__name',
                        'destination__alias__normalized_name', 'quantity', 'polymorphic_ctype', 'amount',
--- a/Show More
+++ b/Show More
`@@ -1,4 +1,4 @@`
	`# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay`	`# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay`
	`# SPDX-License-Identifier: GPL-3.0-or-later`	`# SPDX-License-Identifier: GPL-3.0-or-later`