Implementing QRcode creation, modifying Allergen model and creating of few views

Réécriture en inclusif de l'ensemble des textes français de la note

See merge request bde/nk20!246

.gitignore

@@ -42,6 +42,7 @@ map.json
 backups/
 /static/
 /media/
+/tmp/
 
 # Virtualenv
 env/

.gitlab-ci.yml

@@ -8,19 +8,19 @@ variables:
   GIT_SUBMODULE_STRATEGY: recursive
 
 # Debian Buster
-py37-django22:
-  stage: test
-  image: debian:buster-backports
-  before_script:
-    - >
-        apt-get update &&
-        apt-get install --no-install-recommends -t buster-backports -y
-        python3-django python3-django-crispy-forms
-        python3-django-extensions python3-django-filters python3-django-polymorphic
-        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
-        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
-        python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py37-django22
+# py37-django22:
+#   stage: test
+#   image: debian:buster-backports
+#   before_script:
+#     - >
+#         apt-get update &&
+#         apt-get install --no-install-recommends -t buster-backports -y
+#         python3-django python3-django-crispy-forms
+#         python3-django-extensions python3-django-filters python3-django-polymorphic
+#         python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
+#         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
+#         python3-bs4 python3-setuptools tox texlive-xetex
+#   script: tox -e py37-django22
 
 # Ubuntu 20.04
 py38-django22:
@@ -56,7 +56,7 @@ py39-django22:
 
 linters:
   stage: quality-assurance
-  image: debian:buster-backports
+  image: debian:bullseye
   before_script:
     - apt-get update && apt-get install -y tox
   script: tox -e linters

Dockerfile

@@ -12,7 +12,7 @@ RUN apt-get update && \
     python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
     python3-bs4 python3-setuptools \
     uwsgi uwsgi-plugin-python3 \
-    texlive-xetex gettext libjs-bootstrap4 && \
+    texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome && \
     rm -rf /var/lib/apt/lists/*
 
 # Instal PyPI requirements

README.md

@@ -1,8 +1,8 @@
 # NoteKfet 2020
 
 [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.txt)
-[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/master/pipeline.svg)](https://gitlab.crans.org/bde/nk20/commits/master)
-[![coverage report](https://gitlab.crans.org/bde/nk20/badges/master/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/master)
+[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/main/pipeline.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
+[![coverage report](https://gitlab.crans.org/bde/nk20/badges/main/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
 
 ## Table des matières
 
@@ -23,7 +23,7 @@ Bien que cela permette de créer une instance sur toutes les distributions,
     $ sudo apt update
     $ sudo apt install --no-install-recommends -y \
         ipython3 python3-setuptools python3-venv python3-dev \
-        texlive-xetex gettext libjs-bootstrap4 git
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome git
     ```
 
 2.  **Clonage du dépot** là où vous voulez :
@@ -115,7 +115,7 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
         python3-bs4 python3-setuptools python3-docutils \
         memcached uwsgi uwsgi-plugin-python3 \
-        texlive-xetex gettext libjs-bootstrap4 \
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome \
         nginx python3-venv git acl
     ```
 

ansible/base.yml

@@ -7,7 +7,7 @@
       prompt: "Password of the database (leave it blank to skip database init)"
       private: yes
   vars:
-    mirror: mirror.crans.org
+    mirror: eclats.crans.org
   roles:
     - 1-apt-basic
     - 2-nk20

ansible/host_vars/bde-note.adh.crans.org.yml

@@ -1,7 +1,7 @@
 ---
 note:
   server_name: note.crans.org
-  git_branch: master
+  git_branch: main
   serve_static: true
   cron_enabled: true
   email: notekfet2020@lists.crans.org

ansible/roles/1-apt-basic/tasks/main.yml

@@ -1,14 +1,15 @@
 ---
-- name: Add buster-backports to apt sources
+- name: Add buster-backports to apt sources if needed
   apt_repository:
     repo: deb http://{{ mirror }}/debian buster-backports main
     state: present
-  when: ansible_facts['distribution'] == "Debian"
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version | int == 10
 
 - name: Install note_kfet APT dependencies
   apt:
     update_cache: true
-    default_release: "{{ 'buster-backports' if ansible_facts['distribution'] == 'Debian' }}"
     install_recommends: false
     name:
       # Common tools
@@ -17,6 +18,7 @@
       - ipython3
 
       # Front-end dependencies
+      - fonts-font-awesome
       - libjs-bootstrap4
 
       # Python dependencies

apps/activity/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_app_config = 'activity.apps.ActivityConfig'

apps/activity/admin.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib import admin

apps/activity/api/serializers.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from rest_framework import serializers

apps/activity/api/urls.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet

apps/activity/api/views.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from api.viewsets import ReadProtectedModelViewSet

apps/activity/apps.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.apps import AppConfig

apps/activity/fixtures/initial.json

@@ -6,7 +6,7 @@
             "name": "Pot",
             "manage_entries": true,
             "can_invite": true,
-            "guest_entry_fee": 500
+            "guest_entry_fee": 1000
         }
     },
     {
@@ -28,5 +28,25 @@
             "can_invite": false,
             "guest_entry_fee": 0
         }
+    },
+    {
+        "model": "activity.activitytype",
+        "pk": 5,
+        "fields": {
+            "name": "Soir\u00e9e avec entrées",
+            "manage_entries": true,
+            "can_invite": false,
+            "guest_entry_fee": 0
+        }
+    },
+    {
+        "model": "activity.activitytype",
+        "pk": 7,
+        "fields": {
+            "name": "Soir\u00e9e avec invitations",
+            "manage_entries": true,
+            "can_invite": true,
+            "guest_entry_fee": 0
+        }
     }
 ]

apps/activity/forms.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from datetime import timedelta

apps/activity/migrations/0003_auto_20240323_1422.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.28 on 2024-03-23 13:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('activity', '0002_auto_20200904_2341'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='activity',
+            name='description',
+            field=models.TextField(blank=True, default='', verbose_name='description'),
+        ),
+    ]

apps/activity/models.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import os
@@ -66,6 +66,8 @@ class Activity(models.Model):
 
     description = models.TextField(
         verbose_name=_('description'),
+        blank=True,
+        default="",
     )
 
     location = models.CharField(
@@ -123,6 +125,14 @@ class Activity(models.Model):
         verbose_name=_('open'),
     )
 
+    class Meta:
+        verbose_name = _("activity")
+        verbose_name_plural = _("activities")
+        unique_together = ("name", "date_start", "date_end",)
+
+    def __str__(self):
+        return self.name
+
     @transaction.atomic
     def save(self, *args, **kwargs):
         """
@@ -144,14 +154,6 @@ class Activity(models.Model):
                 if settings.DATABASES["default"]["ENGINE"] == 'django.db.backends.postgresql' else refresh_activities()
         return ret
 
-    def __str__(self):
-        return self.name
-
-    class Meta:
-        verbose_name = _("activity")
-        verbose_name_plural = _("activities")
-        unique_together = ("name", "date_start", "date_end",)
-
 
 class Entry(models.Model):
     """
@@ -252,14 +254,13 @@ class Guest(models.Model):
         verbose_name=_("inviter"),
     )
 
-    @property
-    def has_entry(self):
-        try:
-            if self.entry:
-                return True
-            return False
-        except AttributeError:
-            return False
+    class Meta:
+        verbose_name = _("guest")
+        verbose_name_plural = _("guests")
+        unique_together = ("activity", "last_name", "first_name", )
+
+    def __str__(self):
+        return self.first_name + " " + self.last_name
 
     @transaction.atomic
     def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
@@ -290,13 +291,14 @@ class Guest(models.Model):
 
         return super().save(force_insert, force_update, using, update_fields)
 
-    def __str__(self):
-        return self.first_name + " " + self.last_name
-
-    class Meta:
-        verbose_name = _("guest")
-        verbose_name_plural = _("guests")
-        unique_together = ("activity", "last_name", "first_name", )
+    @property
+    def has_entry(self):
+        try:
+            if self.entry:
+                return True
+            return False
+        except AttributeError:
+            return False
 
 
 class GuestTransaction(Transaction):

apps/activity/tables.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.utils import timezone

apps/activity/templates/activity/activity_form.html

@@ -17,4 +17,27 @@ SPDX-License-Identifier: GPL-3.0-or-later
     </form>
   </div>
 </div>
-{% endblock %}
+{% endblock %}
+
+{% block extrajavascript %}
+<script>
+  var date_end = document.getElementById("id_date_end");
+  var date_start = document.getElementById("id_date_start");
+  
+  function update_date_end (){
+    if(date_end.value=="" || date_end.value<date_start.value){
+      date_end.value = date_start.value;
+    };
+  };
+  
+  function update_date_start (){
+    if(date_start.value=="" || date_end.value<date_start.value){
+      date_start.value = date_end.value;
+    };
+  };
+  
+  date_start.addEventListener('focusout', update_date_end);
+  date_end.addEventListener('focusout', update_date_start);
+  
+</script>
+{% endblock %}

apps/activity/templates/activity/activity_list.html

@@ -34,9 +34,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     {% endif %}
     <div class="card-footer">
         <a class="btn btn-sm btn-success" href="{% url 'activity:activity_create' %}" data-turbolinks="false">
-            <svg class="bi bi-calendar-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 .5a.5.5 0 0 0-1 0V1H2a2 2 0 0 0-2 2v1h16V3a2 2 0 0 0-2-2h-1V.5a.5.5 0 0 0-1 0V1H4V.5zM16 14V5H0v9a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2zM8.5 8.5V10H10a.5.5 0 0 1 0 1H8.5v1.5a.5.5 0 0 1-1 0V11H6a.5.5 0 0 1 0-1h1.5V8.5a.5.5 0 0 1 1 0z"/>
-            </svg>
+            <i class="fa fa-calendar-plus-o" aria-hidden="true"></i>
             {% trans 'New activity' %}
         </a>
     </div>

apps/activity/tests/test_activities.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from datetime import timedelta

apps/activity/urls.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.urls import path

apps/activity/views.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from hashlib import md5
@@ -76,6 +76,7 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
         context['upcoming'] = ActivityTable(
             data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")),
             prefix='upcoming-',
+            order_by='date_start',
         )
 
         started_activities = self.get_queryset().filter(open=True, valid=True).distinct().all()
@@ -168,6 +169,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
         Don't display the entry interface if the user has no right to see it (no right to add an entry for itself),
         it is closed or doesn't manage entries.
         """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
+
         activity = Activity.objects.get(pk=self.kwargs["pk"])
 
         sample_entry = Entry(activity=activity, note=self.request.user.note)

apps/api/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_app_config = 'api.apps.APIConfig'

apps/api/apps.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.apps import AppConfig

apps/api/pagination.py

@@ -0,0 +1,5 @@
+from rest_framework.pagination import PageNumberPagination
+
+
+class CustomPagination(PageNumberPagination):
+    page_size_query_param = 'page_size'

apps/api/serializers.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 
@@ -7,8 +7,11 @@ from django.contrib.auth.models import User
 from django.utils import timezone
 from rest_framework import serializers
 from member.api.serializers import ProfileSerializer, MembershipSerializer
+from member.models import Membership
 from note.api.serializers import NoteSerializer
 from note.models import Alias
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
 
 
 class UserSerializer(serializers.ModelSerializer):
@@ -45,18 +48,30 @@ class OAuthSerializer(serializers.ModelSerializer):
     """
     normalized_name = serializers.SerializerMethodField()
 
-    profile = ProfileSerializer()
+    profile = serializers.SerializerMethodField()
 
-    note = NoteSerializer()
+    note = serializers.SerializerMethodField()
 
     memberships = serializers.SerializerMethodField()
 
     def get_normalized_name(self, obj):
         return Alias.normalize(obj.username)
 
+    def get_profile(self, obj):
+        # Display the profile of the user only if we have rights to see it.
+        return ProfileSerializer().to_representation(obj.profile) \
+            if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None
+
+    def get_note(self, obj):
+        # Display the note of the user only if we have rights to see it.
+        return NoteSerializer().to_representation(obj.note) \
+            if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None
+
     def get_memberships(self, obj):
+        # Display only memberships that we are allowed to see.
         return serializers.ListSerializer(child=MembershipSerializer()).to_representation(
-            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now()))
+            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now())
+                           .filter(PermissionBackend.filter_queryset(get_current_request(), Membership, 'view')))
 
     class Meta:
         model = User

apps/api/tests.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import json

apps/api/urls.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.conf import settings

apps/api/views.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib.auth.models import User

apps/api/viewsets.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib.contenttypes.models import ContentType

apps/food/admin.py

@@ -0,0 +1,35 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.contrib import admin
+from note_kfet.admin import admin_site
+
+from .models import Allergen, BasicFood, QRCode, TransformedFood
+
+
+@admin.register(QRCode, site=admin_site)
+class QRCodeAdmin(admin.ModelAdmin):
+    """
+    TEMPORARY
+    """
+
+
+@admin.register(BasicFood, site=admin_site)
+class BasicFoodAdmin(admin.ModelAdmin):
+    """
+    TEMPORARY
+    """
+
+
+@admin.register(TransformedFood, site=admin_site)
+class TransformedFoodAdmin(admin.ModelAdmin):
+    """
+    TEMPORARY
+    """
+
+
+@admin.register(Allergen, site=admin_site)
+class AllergenAdmin(admin.ModelAdmin):
+    """
+    TEMPORARY
+    """

apps/food/apps.py

@@ -0,0 +1,11 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+from django.utils.translation import gettext_lazy as _
+from django.apps import AppConfig
+
+
+class FoodkfetConfig(AppConfig):
+    name = 'food'
+    verbose_name = _('food')

apps/food/fixtures/initial.json

@@ -0,0 +1,107 @@
+[
+    {
+        "model": "food.allergen",
+        "pk": 1,
+        "fields": {
+            "name": "alcohol"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 2,
+        "fields": {
+            "name": "celery"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 3,
+        "fields": {
+            "name": "crustecean"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 4,
+        "fields": {
+            "name": "egg"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 5,
+        "fields": {
+            "name": "fish"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 6,
+        "fields": {
+            "name": "gluten"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 7,
+        "fields": {
+            "name": "groundnut"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 8,
+        "fields": {
+            "name": "lupine"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 9,
+        "fields": {
+            "name": "milk"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 10,
+        "fields": {
+            "name": "mollusc"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 11,
+        "fields": {
+            "name": "mustard"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 12,
+        "fields": {
+            "name": "nut"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 13,
+        "fields": {
+            "name": "sesame"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 14,
+        "fields": {
+            "name": "soy"
+        }
+    },
+    {
+        "model": "food.allergen",
+        "pk": 15,
+        "fields": {
+            "name": "sulphite"
+        }
+    }
+]

apps/food/forms.py

@@ -0,0 +1,73 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from random import shuffle
+
+from django import forms
+from django.utils.translation import gettext_lazy as _
+from django.utils import timezone
+from member.models import Club
+from note_kfet.inputs import Autocomplete, DateTimePickerInput
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
+
+from .models import BasicFood, TransformedFood
+
+
+class BasicFoodForms(forms.ModelForm):
+    """
+    Form for add non-transformed food
+    """
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['name'].widget.attrs.update({"autofocus": "autofocus"})
+        self.fields['name'].required = True
+        self.fields['owner'].required = True
+
+        # Some example
+        self.fields['name'].widget.attrs.update({"placeholder": _("pasta")})
+        clubs = list(Club.objects.filter(PermissionBackend.filter_queryset(get_current_request(), Club, "change")).all())
+        shuffle(clubs)
+        self.fields['owner'].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
+
+    class Meta:
+        model = BasicFood
+        fields = ('name', 'owner', 'date_type', 'expiry_date', 'allergens')
+        widgets = {
+            "owner": Autocomplete(
+                model=Club,
+                attrs={"api_url": "/api/members/club/"},
+            ),
+            'expiry_date': DateTimePickerInput(),
+        }
+
+
+class TransformedFoodForms(forms.ModelForm):
+    """
+    Form for add transformed food
+    """
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['name'].widget.attrs.update({"autofocus": "autofocus"})
+        self.fields['name'].required = True
+        self.fields['owner'].required = True
+        self.fields['creation_date'].required = True
+        self.fields['creation_date'].initial = timezone.now
+        self.fields['is_active'].initial = True
+
+        # Some example
+        self.fields['name'].widget.attrs.update({"placeholder": _("lasagna")})
+        clubs = list(Club.objects.filter(PermissionBackend.filter_queryset(get_current_request(), Club, "change")).all())
+        shuffle(clubs)
+        self.fields['owner'].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
+
+    class Meta:
+        model = TransformedFood
+        fields = ('name', 'creation_date', 'owner', 'is_active', 'allergens')
+        widgets = {
+            "owner": Autocomplete(
+                model=Club,
+                attrs={"api_url": "/api/members/club/"},
+            ),
+            'creation_date': DateTimePickerInput(),
+        }

apps/food/migrations/0001_initial.py

@@ -0,0 +1,72 @@
+# Generated by Django 2.2.28 on 2024-07-03 07:40
+
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('member', '0011_profile_vss_charter_read'),
+        ('contenttypes', '0002_remove_content_type_name'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Allergen',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, null=True, verbose_name='name')),
+            ],
+            options={
+                'verbose_name': 'Allergen',
+                'verbose_name_plural': 'Allergens',
+            },
+        ),
+        migrations.CreateModel(
+            name='Food',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('expiry_date', models.DateTimeField(verbose_name='expiry date')),
+                ('was_eaten', models.BooleanField(default=False, verbose_name='was eaten')),
+                ('code', models.IntegerField(unique=True, verbose_name='code')),
+                ('allergens', models.ManyToManyField(blank=True, to='food.Allergen', verbose_name='allergen')),
+                ('owner', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='+', to='member.Club', verbose_name='owner')),
+                ('polymorphic_ctype', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_food.food_set+', to='contenttypes.ContentType')),
+            ],
+            options={
+                'verbose_name': 'foods',
+            },
+        ),
+        migrations.CreateModel(
+            name='BasicFood',
+            fields=[
+                ('food_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='food.Food')),
+                ('date_type', models.CharField(choices=[('DLC', 'DLC'), ('DDM', 'DDM')], max_length=255)),
+                ('arrival_date', models.DateTimeField(blank=True, default=django.utils.timezone.now, verbose_name='arrival date')),
+            ],
+            options={
+                'verbose_name': 'Basic food',
+                'verbose_name_plural': 'Basic foods',
+            },
+            bases=('food.food',),
+        ),
+        migrations.CreateModel(
+            name='TransformedFood',
+            fields=[
+                ('food_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='food.Food')),
+                ('creation_date', models.DateTimeField(verbose_name='creation date')),
+                ('is_active', models.BooleanField(default=True, verbose_name='is active')),
+                ('ingredient', models.ManyToManyField(blank=True, related_name='transformed_ingredient_inv', to='food.Food', verbose_name='transformed ingredient')),
+            ],
+            options={
+                'verbose_name': 'Transformed food',
+                'verbose_name_plural': 'Transformed foods',
+            },
+            bases=('food.food',),
+        ),
+    ]

apps/food/migrations/0002_auto_20240703_1549.py

@@ -0,0 +1,30 @@
+# Generated by Django 2.2.28 on 2024-07-03 13:49
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('food', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='food',
+            name='code',
+        ),
+        migrations.CreateModel(
+            name='QRCode',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('qr_code_number', models.PositiveIntegerField(verbose_name='QR-code number')),
+                ('food_container', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='QR_code', to='food.Food', unique=True, verbose_name='food container')),
+            ],
+            options={
+                'verbose_name': 'QR-code',
+                'verbose_name_plural': 'QR-codes',
+            },
+        ),
+    ]

apps/food/models.py

@@ -0,0 +1,153 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.db import models, transaction
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+from member.models import Club
+from polymorphic.models import PolymorphicModel
+
+#################################################################
+# TO DO
+# - link allergen with one food (basic or transformed) with check
+# - check on basic food
+# - check on transformed food
+#################################################################
+
+
+class QRCode(models.Model):
+    """
+    An QRCode model
+    """
+    qr_code_number = models.PositiveIntegerField(
+        verbose_name=_("QR-code number"),
+    )
+
+    food_container = models.ForeignKey(
+        'Food',
+        on_delete=models.PROTECT,
+        related_name='QR_code',
+        unique=True,
+        verbose_name=_('food container'),
+    )
+
+    class Meta:
+        verbose_name = _("QR-code")
+        verbose_name_plural = _("QR-codes")
+
+    def __str__(self):
+        return _("QR-code number {qr_code_number}").format(qr_code_number=self.qr_code_number)
+
+
+class Allergen(models.Model):
+    """
+    A list of allergen and alimentary restrictions
+    """
+    name = models.CharField(
+        verbose_name=_('name'),
+        max_length=255,
+    )
+
+    class Meta:
+        verbose_name = _('Allergen')
+        verbose_name_plural = _('Allergens')
+
+    def __str__(self):
+        return self.name
+
+
+class Food(PolymorphicModel):
+    name = models.CharField(
+        verbose_name=_('name'),
+        max_length=255,
+    )
+
+    owner = models.ForeignKey(
+        Club,
+        on_delete=models.PROTECT,
+        related_name='+',
+        verbose_name=_('owner'),
+    )
+
+    allergens = models.ManyToManyField(
+        Allergen,
+        blank=True,
+        verbose_name=_('allergen'),
+    )
+
+    expiry_date = models.DateTimeField(
+        verbose_name=_('expiry date'),
+    )
+
+    was_eaten = models.BooleanField(
+        default=False,
+        verbose_name=_('was eaten'),
+    )
+
+    def __str__(self):
+        return self.name
+
+    @transaction.atomic
+    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
+        return super().save(force_insert, force_update, using, update_fields)
+
+    class Meta:
+        verbose_name = _('food')
+        verbose_name = _('foods')
+
+
+class BasicFood(Food):
+    """
+    Food which has been directly buy on supermarket
+    """
+    date_type = models.CharField(
+        max_length=255,
+        choices=(
+            ("DLC", "DLC"),
+            ("DDM", "DDM"),
+        )
+    )
+
+    arrival_date = models.DateTimeField(
+        verbose_name=_('arrival date'),
+        default=timezone.now,
+        blank=True,  # TEMPORARY
+    )
+
+    # label = models.ImageField(
+    #     verbose_name=_('food label'),
+    #     max_length=255,
+    #     blank=False,
+    #     null=False,
+    #     upload_to='label/',
+    # )
+
+    class Meta:
+        verbose_name = _('Basic food')
+        verbose_name_plural = _('Basic foods')
+
+
+class TransformedFood(Food):
+    """
+    Transformed food  are a mix between basic food and meal
+    """
+    creation_date = models.DateTimeField(
+        verbose_name=_('creation date'),
+    )
+
+    ingredient = models.ManyToManyField(
+        Food,
+        blank=True,
+        symmetrical=False,
+        related_name='transformed_ingredient_inv',
+        verbose_name=_('transformed ingredient'),
+    )
+
+    is_active = models.BooleanField(
+        default=True,
+        verbose_name=_('is active'),
+    )
+
+    class Meta:
+        verbose_name = _('Transformed food')
+        verbose_name_plural = _('Transformed foods')

apps/food/static/food/js/food.js

@@ -0,0 +1,422 @@
+var LOCK = false
+
+sources = []
+sources_notes_display = []
+dests = []
+dests_notes_display = []
+
+function refreshHistory () {
+  $('#history').load('/note/transfer/ #history')
+}
+
+function reset (refresh = true) {
+  sources_notes_display.length = 0
+  sources.length = 0
+  dests_notes_display.length = 0
+  dests.length = 0
+  $('#source_note_list').html('')
+  $('#dest_note_list').html('')
+  const source_field = $('#source_note')
+  source_field.val('')
+  const event = jQuery.Event('keyup')
+  event.originalEvent = { charCode: 97 }
+  source_field.trigger(event)
+  source_field.removeClass('is-invalid')
+  source_field.attr('data-original-title', '').tooltip('hide')
+  const dest_field = $('#dest_note')
+  dest_field.val('')
+  dest_field.trigger(event)
+  dest_field.removeClass('is-invalid')
+  dest_field.attr('data-original-title', '').tooltip('hide')
+  const amount_field = $('#amount')
+  amount_field.val('')
+  amount_field.removeClass('is-invalid')
+  $('#amount-required').html('')
+  const reason_field = $('#reason')
+  reason_field.val('')
+  reason_field.removeClass('is-invalid')
+  $('#reason-required').html('')
+  $('#last_name').val('')
+  $('#first_name').val('')
+  $('#bank').val('')
+  $('#user_note').val('')
+  $('#profile_pic').attr('src', '/static/member/img/default_picture.png')
+  $('#profile_pic_link').attr('href', '#')
+  if (refresh) {
+    refreshBalance()
+    refreshHistory()
+  }
+
+  LOCK = false
+}
+
+$(document).ready(function () {
+  /**
+     * If we are in credit/debit mode, check that only one note is entered.
+     * More over, get first name and last name to autocomplete fields.
+     */
+  function checkUniqueNote () {
+    if ($('#type_credit').is(':checked') || $('#type_debit').is(':checked')) {
+      const arr = $('#type_credit').is(':checked') ? dests_notes_display : sources_notes_display
+
+      if (arr.length === 0) { return }
+
+      const last = arr[arr.length - 1]
+      arr.length = 0
+      arr.push(last)
+
+      last.quantity = 1
+
+      if (last.note.club) {
+        $('#last_name').val(last.note.name)
+        $('#first_name').val(last.note.name)
+      }
+      else if (!last.note.user) {
+        $.getJSON('/api/note/note/' + last.note.id + '/?format=json', function (note) {
+          last.note.user = note.user
+          $.getJSON('/api/user/' + last.note.user + '/', function (user) {
+            $('#last_name').val(user.last_name)
+            $('#first_name').val(user.first_name)
+          })
+        })
+      } else {
+        $.getJSON('/api/user/' + last.note.user + '/', function (user) {
+          $('#last_name').val(user.last_name)
+          $('#first_name').val(user.first_name)
+        })
+      }
+    }
+
+    return true
+  }
+
+  autoCompleteNote('source_note', 'source_note_list', sources, sources_notes_display,
+    'source_alias', 'source_note', 'user_note', 'profile_pic', checkUniqueNote)
+  autoCompleteNote('dest_note', 'dest_note_list', dests, dests_notes_display,
+    'dest_alias', 'dest_note', 'user_note', 'profile_pic', checkUniqueNote)
+
+  const source = $('#source_note')
+  const dest = $('#dest_note')
+
+  $('#type_transfer').change(function () {
+    if (LOCK) { return }
+
+    $('#source_me_div').removeClass('d-none')
+    $('#source_note').removeClass('is-invalid')
+    $('#dest_note').removeClass('is-invalid')
+    $('#special_transaction_div').addClass('d-none')
+    source.removeClass('d-none')
+    $('#source_note_list').removeClass('d-none')
+    $('#credit_type').addClass('d-none')
+    dest.removeClass('d-none')
+    $('#dest_note_list').removeClass('d-none')
+    $('#debit_type').addClass('d-none')
+
+    $('#source_note_label').text(select_emitters_label)
+    $('#dest_note_label').text(select_receveirs_label)
+
+    location.hash = 'transfer'
+  })
+
+  $('#type_credit').change(function () {
+    if (LOCK) { return }
+
+    $('#source_me_div').addClass('d-none')
+    $('#source_note').removeClass('is-invalid')
+    $('#dest_note').removeClass('is-invalid')
+    $('#special_transaction_div').removeClass('d-none')
+    $('#source_note_list').addClass('d-none')
+    $('#dest_note_list').removeClass('d-none')
+    source.addClass('d-none')
+    source.tooltip('hide')
+    $('#credit_type').removeClass('d-none')
+    dest.removeClass('d-none')
+    dest.val('')
+    dest.tooltip('hide')
+    $('#debit_type').addClass('d-none')
+
+    $('#source_note_label').text(transfer_type_label)
+    $('#dest_note_label').text(select_receveir_label)
+
+    if (dests_notes_display.length > 1) {
+      $('#dest_note_list').html('')
+      dests_notes_display.length = 0
+    }
+
+    location.hash = 'credit'
+  })
+
+  $('#type_debit').change(function () {
+    if (LOCK) { return }
+
+    $('#source_me_div').addClass('d-none')
+    $('#source_note').removeClass('is-invalid')
+    $('#dest_note').removeClass('is-invalid')
+    $('#special_transaction_div').removeClass('d-none')
+    $('#source_note_list').removeClass('d-none')
+    $('#dest_note_list').addClass('d-none')
+    source.removeClass('d-none')
+    source.val('')
+    source.tooltip('hide')
+    $('#credit_type').addClass('d-none')
+    dest.addClass('d-none')
+    dest.tooltip('hide')
+    $('#debit_type').removeClass('d-none')
+
+    $('#source_note_label').text(select_emitter_label)
+    $('#dest_note_label').text(transfer_type_label)
+
+    if (sources_notes_display.length > 1) {
+      $('#source_note_list').html('')
+      sources_notes_display.length = 0
+    }
+
+    location.hash = 'debit'
+  })
+
+  $('#credit_type').change(function () {
+    const type = $('#credit_type option:selected').text()
+    if ($('#type_credit').is(':checked')) { source.val(type) } else { dest.val(type) }
+  })
+
+  // Ensure we begin in transfer mode. Removing these lines may cause problems when reloading.
+  const type_transfer = $('#type_transfer') // Default mode
+  type_transfer.removeAttr('checked')
+  $('#type_credit').removeAttr('checked')
+  $('#type_debit').removeAttr('checked')
+
+  if (location.hash) { $('#type_' + location.hash.substr(1)).click() } else { type_transfer.click() }
+
+  $('#source_me').click(function () {
+    if (LOCK) { return }
+
+    // Shortcut to set the current user as the only emitter
+    sources_notes_display.length = 0
+    sources.length = 0
+    $('#source_note_list').html('')
+
+    const source_note = $('#source_note')
+    source_note.focus()
+    source_note.val('')
+    let event = jQuery.Event('keyup')
+    event.originalEvent = { charCode: 97 }
+    source_note.trigger(event)
+    source_note.val(username)
+    event = jQuery.Event('keyup')
+    event.originalEvent = { charCode: 97 }
+    source_note.trigger(event)
+    const fill_note = function () {
+      if (sources.length === 0) {
+        setTimeout(fill_note, 100)
+        return
+      }
+      event = jQuery.Event('keypress')
+      event.originalEvent = { charCode: 13 }
+      source_note.trigger(event)
+
+      source_note.tooltip('hide')
+      source_note.val('')
+      $('#dest_note').focus()
+    }
+    fill_note()
+  })
+})
+
+// Make transfer when pressing Enter on the amount section
+$('#amount, #reason, #last_name, #first_name, #bank').keypress((event) => {
+  if (event.originalEvent.charCode === 13) {
+    $('#btn_transfer').click()
+  }
+})
+
+$('#btn_transfer').click(function () {
+  if (LOCK) { return }
+
+  LOCK = true
+
+  let error = false
+
+  const amount_field = $('#amount')
+  amount_field.removeClass('is-invalid')
+  $('#amount-required').html('')
+
+  const reason_field = $('#reason')
+  reason_field.removeClass('is-invalid')
+  $('#reason-required').html('')
+
+  if (!amount_field.val() || isNaN(amount_field.val()) || amount_field.val() <= 0) {
+    amount_field.addClass('is-invalid')
+    $('#amount-required').html('<strong>' + gettext('This field is required and must contain a decimal positive number.') + '</strong>')
+    error = true
+  }
+
+  const amount = Math.round(100 * amount_field.val())
+  if (amount > 2147483647) {
+    amount_field.addClass('is-invalid')
+    $('#amount-required').html('<strong>' + gettext('The amount must stay under 21,474,836.47 €.') + '</strong>')
+    error = true
+  }
+
+  if (!reason_field.val() && $('#type_transfer').is(':checked')) {
+    reason_field.addClass('is-invalid')
+    $('#reason-required').html('<strong>' + gettext('This field is required.') + '</strong>')
+    error = true
+  }
+
+  if (!sources_notes_display.length && !$('#type_credit').is(':checked')) {
+    $('#source_note').addClass('is-invalid')
+    error = true
+  }
+
+  if (!dests_notes_display.length && !$('#type_debit').is(':checked')) {
+    $('#dest_note').addClass('is-invalid')
+    error = true
+  }
+
+  if (error) {
+    LOCK = false
+    return
+  }
+
+  let reason = reason_field.val()
+
+  if ($('#type_transfer').is(':checked')) {
+    // We copy the arrays to ensure that transactions are well-processed even if the form is reset
+    [...sources_notes_display].forEach(function (source) {
+      [...dests_notes_display].forEach(function (dest) {
+        if (source.note.id === dest.note.id) {
+          addMsg(interpolate(gettext('Warning: the transaction of %s from %s to %s was not made because ' +
+              'it is the same source and destination note.'), [pretty_money(amount), source.name, dest.name]), 'warning', 10000)
+          LOCK = false
+          return
+        }
+
+        $.post('/api/note/transaction/transaction/',
+          {
+            csrfmiddlewaretoken: CSRF_TOKEN,
+            quantity: source.quantity * dest.quantity,
+            amount: amount,
+            reason: reason,
+            valid: true,
+            polymorphic_ctype: TRANSFER_POLYMORPHIC_CTYPE,
+            resourcetype: 'Transaction',
+            source: source.note.id,
+            source_alias: source.name,
+            destination: dest.note.id,
+            destination_alias: dest.name
+          }).done(function () {
+          if (source.note.membership && source.note.membership.date_end < new Date().toISOString()) {
+            addMsg(interpolate(gettext('Warning, the emitter note %s is no more a BDE member.'), [source.name]), 'danger', 30000)
+          }
+          if (dest.note.membership && dest.note.membership.date_end < new Date().toISOString()) {
+            addMsg(interpolate(gettext('Warning, the destination note %s is no more a BDE member.'), [dest.name]), 'danger', 30000)
+          }
+
+          if (!isNaN(source.note.balance)) {
+            const newBalance = source.note.balance - source.quantity * dest.quantity * amount
+            if (newBalance <= -2000) {
+              addMsg(interpolate(gettext('Warning, the transaction of %s from the note %s to the note %s succeed, but the emitter note %s is very negative.'),
+                  [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, source.name]), 'danger', 10000)
+              reset()
+              return
+            } else if (newBalance < 0) {
+              addMsg(interpolate(gettext('Warning, the transaction of %s from the note %s to the note %s succeed, but the emitter note %s is negative.'),
+                  [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, source.name]), 'danger', 10000)
+              reset()
+              return
+            }
+          }
+          addMsg(interpolate(gettext('Transfer of %s from %s to %s succeed!'),
+              [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name]), 'success', 10000)
+
+          reset()
+        }).fail(function (err) { // do it again but valid = false
+          const errObj = JSON.parse(err.responseText)
+          if (errObj.non_field_errors) {
+            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, errObj.non_field_errors]), 'danger')
+            LOCK = false
+            return
+          }
+
+          $.post('/api/note/transaction/transaction/',
+            {
+              csrfmiddlewaretoken: CSRF_TOKEN,
+              quantity: source.quantity * dest.quantity,
+              amount: amount,
+              reason: reason,
+              valid: false,
+              invalidity_reason: 'Solde insuffisant',
+              polymorphic_ctype: TRANSFER_POLYMORPHIC_CTYPE,
+              resourcetype: 'Transaction',
+              source: source.note.id,
+              source_alias: source.name,
+              destination: dest.note.id,
+              destination_alias: dest.name
+            }).done(function () {
+            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, gettext('insufficient funds')]), 'danger', 10000)
+            reset()
+          }).fail(function (err) {
+            const errObj = JSON.parse(err.responseText)
+            let error = errObj.detail ? errObj.detail : errObj.non_field_errors
+            if (!error) { error = err.responseText }
+            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, error]), 'danger')
+            LOCK = false
+          })
+        })
+      })
+    })
+  } else if ($('#type_credit').is(':checked') || $('#type_debit').is(':checked')) {
+    let special_note
+    let user_note
+    let alias
+    const given_reason = reason
+    let source_id, dest_id
+    if ($('#type_credit').is(':checked')) {
+      special_note = $('#credit_type').val()
+      user_note = dests_notes_display[0].note
+      alias = dests_notes_display[0].name
+      source_id = special_note
+      dest_id = user_note.id
+      reason = 'Crédit ' + $('#credit_type option:selected').text().toLowerCase()
+      if (given_reason.length > 0) { reason += ' (' + given_reason + ')' }
+    } else {
+      special_note = $('#debit_type').val()
+      user_note = sources_notes_display[0].note
+      alias = sources_notes_display[0].name
+      source_id = user_note.id
+      dest_id = special_note
+      reason = 'Retrait ' + $('#debit_type option:selected').text().toLowerCase()
+      if (given_reason.length > 0) { reason += ' (' + given_reason + ')' }
+    }
+    $.post('/api/note/transaction/transaction/',
+      {
+        csrfmiddlewaretoken: CSRF_TOKEN,
+        quantity: 1,
+        amount: amount,
+        reason: reason,
+        valid: true,
+        polymorphic_ctype: SPECIAL_TRANSFER_POLYMORPHIC_CTYPE,
+        resourcetype: 'SpecialTransaction',
+        source: source_id,
+        source_alias: sources_notes_display.length ? alias : null,
+        destination: dest_id,
+        destination_alias: dests_notes_display.length ? alias : null,
+        last_name: $('#last_name').val(),
+        first_name: $('#first_name').val(),
+        bank: $('#bank').val()
+      }).done(function () {
+      addMsg(gettext('Credit/debit succeed!'), 'success', 10000)
+      if (user_note.membership && user_note.membership.date_end < new Date().toISOString()) { addMsg(gettext('Warning, the emitter note %s is no more a BDE member.'), 'danger', 10000) }
+      reset()
+    }).fail(function (err) {
+      const errObj = JSON.parse(err.responseText)
+      let error = errObj.detail ? errObj.detail : errObj.non_field_errors
+      if (!error) { error = err.responseText }
+      addMsg(interpolate(gettext('Credit/debit failed: %s'), [error]), 'danger', 10000)
+      LOCK = false
+    })
+  }
+})

apps/food/templates/food/basic_food_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    HTML not finished <br>
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {% csrf_token %}
+      {{ form|crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/basicfood_detail.html

@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    HTML not finished <br>
+    {{ title }}
+  </h3>
+  <div class="card-body">
+      <p>name : {{ food.name }}</p>
+      <a href="{% url "food:basic_update" pk=food.pk %}">Update</a>
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/create_food_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    HTML not finished <br>
+    {{ title }}
+  </h3>
+    <div class="row">
+        <div class="col-xl-12">
+            <div class="btn-group btn-block">
+                <a href="{% url "food:basic_create" %}" class="btn btn-sm btn-outline-primary">Basic</a>
+                <a href="{% url "food:transformed_create" %}" class="btn btn-sm btn-outline-primary">Transformed</a>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

apps/food/templates/food/create_qrcode_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    HTML not finished <br>
+    {{ title }}
+  </h3>
+    <div class="row">
+        <div class="col-xl-12">
+            <div class="btn-group btn-block">
+                <a href="{% url "food:qrcode_basic_create" slug=slug %}" class="btn btn-sm btn-outline-primary">Basic</a>
+                <a href="{% url "food:qrcode_transformed_create" slug=slug %}" class="btn btn-sm btn-outline-primary">Transformed</a>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

apps/food/templates/food/qrcode_detail.html

@@ -0,0 +1,23 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    HTML not finished <br>
+    {{ title }}
+  </h3>
+  <div class="card-body">
+      <p>qrcode : {{ qrcode.qr_code_number }}</p>
+      <p>name : {{ qrcode.food_container.name }}</p>
+      {% if qrcode.food_container.polymorphic_ctype.name == 'Basic food' %}
+          <a href="{% url "food:basic_update" pk=qrcode.food_container.pk %}">Update</a>
+      {% else %}
+          <a href="{% url "food:transformed_update" pk=qrcode.food_container.pk %}">Update</a>
+      {% endif %}
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/transformed_food_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    HTML not finished <br>
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {%  csrf_token %}
+      {{ form|crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/transformedfood_detail.html

@@ -0,0 +1,19 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    HTML not finished <br>
+    {{ title }}
+  </h3>
+  <div class="card-body">
+    <p>name : {{ food.name }}</p>
+    <p>owner : {{ food.owner }}</p>
+    <a href="{% url "food:transformed_update" pk=food.pk %}">Update</a>
+  </div>
+</div>
+{% endblock %}

apps/food/tests.py

@@ -0,0 +1,3 @@
+# from django.test import TestCase
+
+# Create your tests here.

apps/food/urls.py

@@ -0,0 +1,23 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.urls import path
+
+from . import views
+
+app_name = 'food'
+
+urlpatterns = [
+    path('<int:slug>', views.QRCodeView.as_view(), name='qrcode_view'),
+    path('detail/<int:pk>', views.FoodView.as_view(), name='food_view'),
+
+    path('<int:slug>/create_qrcode', views.QRCodeCreateView.as_view(), name='qrcode_create'),
+    path('create', views.FoodCreateView.as_view(), name='food_create'),
+    path('<int:slug>/create_qrcode/basic', views.QRCodeBasicFoodCreateView.as_view(), name='qrcode_basic_create'),
+    path('<int:slug>/create_qrcode/transformed', views.QRCodeTransformedFoodCreateView.as_view(), name='qrcode_transformed_create'),
+    path('create/basic', views.BasicFoodCreateView.as_view(), name='basic_create'),
+    path('create/transformed', views.TransformedFoodCreateView.as_view(), name='transformed_create'),
+
+    path('update/basic/<int:pk>', views.BasicFoodUpdateView.as_view(), name='basic_update'),
+    path('update/transformed/<int:pk>', views.TransformedFoodUpdateView.as_view(), name='transformed_update'),
+]

apps/food/views.py

@@ -0,0 +1,251 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from datetime import timedelta
+
+from django.db import transaction
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.http import HttpResponseRedirect
+from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
+from django.utils import timezone
+from django.views.generic import DetailView, UpdateView, TemplateView
+from permission.views import ProtectQuerysetMixin, ProtectedCreateView
+
+from .forms import BasicFoodForms, TransformedFoodForms
+from .models import BasicFood, Food, QRCode, TransformedFood
+
+
+class QRCodeView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    A view to add a basic food
+    """
+    model = QRCode
+    extra_context = {"title": _("Add a new meal")}
+    context_object_name = "qrcode"
+    slug_field = "qr_code_number"
+
+    def get(self, *args, **kwargs):
+        qrcode = kwargs["slug"]
+        if self.model.objects.filter(qr_code_number=qrcode).count() > 0:
+            return super().get(*args, **kwargs)
+        else:
+            return HttpResponseRedirect(reverse("food:qrcode_create", kwargs=kwargs))
+
+
+class QRCodeCreateView(ProtectQuerysetMixin, LoginRequiredMixin, TemplateView):
+    """
+    A view to add a basic food
+    """
+    template_name = 'food/create_qrcode_form.html'
+    extra_context = {"title": _("Add a new aliment")}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["slug"] = kwargs["slug"]
+        return context
+
+
+class FoodView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    A view to add a basic food
+    """
+    model = Food
+    extra_context = {"title": _("Add a new meal")}
+    context_object_name = "food"
+
+
+class FoodCreateView(ProtectQuerysetMixin, LoginRequiredMixin, TemplateView):
+    """
+    A view to add a basic food
+    """
+    template_name = 'food/create_food_form.html'
+    extra_context = {"title": _("Add a new aliment")}
+
+
+class BasicFoodFormView(ProtectQuerysetMixin):
+    #####################################################################
+    # TO DO
+    # - fix picture save
+    # - implement solution crop and convert image (reuse or recode ImageForm from members apps)
+    #####################################################################
+    """
+    A view to add a basic food
+    """
+    model = BasicFood
+    form_class = BasicFoodForms
+    template_name = 'food/basic_food_form.html'
+    extra_context = {"title": _("Add a new aliment")}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        basic_food_form = BasicFoodForms(data=self.request.POST)
+        if not basic_food_form.is_valid():
+            return self.form_invalid(form)
+
+        # Save the aliment and the allergens associed
+        basic_food = form.save(commit=False)
+        # We assume the date of labeling and the same as the date of arrival
+        basic_food.arrival_date = timezone.now()
+        basic_food._force_save = True
+        basic_food.save()
+        basic_food.refresh_from_db()
+        return super().form_valid(form)
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:food_view', kwargs={"pk": self.object.pk})
+
+
+class BasicFoodUpdateView(BasicFoodFormView, LoginRequiredMixin, UpdateView):
+    pass
+
+
+class BasicFoodCreateView(BasicFoodFormView, ProtectedCreateView):
+    def get_sample_object(self):
+        return BasicFood(
+            name="",
+            expiry_date=timezone.now(),
+        )
+
+
+class QRCodeBasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    #####################################################################
+    # TO DO
+    # - fix picture save
+    # - implement solution crop and convert image (reuse or recode ImageForm from members apps)
+    #####################################################################
+    """
+    A view to add a basic food
+    """
+    model = BasicFood
+    form_class = BasicFoodForms
+    template_name = 'food/basic_food_form.html'
+    extra_context = {"title": _("Add a new aliment")}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        basic_food_form = BasicFoodForms(data=self.request.POST)
+        if not basic_food_form.is_valid():
+            return self.form_invalid(form)
+
+        # Save the aliment and the allergens associed
+        basic_food = form.save(commit=False)
+        # We assume the date of labeling and the same as the date of arrival
+        basic_food.arrival_date = timezone.now()
+        basic_food._force_save = True
+        basic_food.save()
+        basic_food.refresh_from_db()
+
+        qrcode = QRCode()
+        qrcode.qr_code_number = self.kwargs['slug']
+        qrcode.food_container = basic_food
+        qrcode.save()
+
+        return super().form_valid(form)
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:food_view', kwargs={"pk": self.object.pk})
+
+    def get_sample_object(self):
+        return BasicFood(
+            name="",
+            expiry_date=timezone.now(),
+        )
+
+
+class TransformedFoodFormView(ProtectQuerysetMixin):
+    #####################################################################
+    # TO DO
+    # - fix picture save
+    # - implement solution crop and convert image (reuse or recode ImageForm from members apps)
+    #####################################################################
+    """
+    A view to add a tranformed food
+    """
+    model = TransformedFood
+    template_name = 'food/transformed_food_form.html'
+    form_class = TransformedFoodForms
+    extra_context = {"title": _("Add a new meal")}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        transformed_food_form = TransformedFoodForms(data=self.request.POST)
+        if not transformed_food_form.is_valid():
+            return self.form_invalid(form)
+
+        # Save the aliment and allergens associated
+        transformed_food = form.save(commit=False)
+        # Without microbiological analyzes, the storage time is 3 days
+        transformed_food.expiry_date = transformed_food.creation_date + timedelta(days=3)
+        transformed_food._force_save = True
+        transformed_food.save()
+        transformed_food.refresh_from_db()
+        return super().form_valid(form)
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:food_view', kwargs={"pk": self.object.pk})
+
+
+class TransformedFoodUpdateView(TransformedFoodFormView, LoginRequiredMixin, UpdateView):
+    pass
+
+
+class TransformedFoodCreateView(TransformedFoodFormView, ProtectedCreateView):
+    def get_sample_object(self):
+        return TransformedFood(
+            name="",
+            creation_date=timezone.now(),
+        )
+
+
+class QRCodeTransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    #####################################################################
+    # TO DO
+    # - fix picture save
+    # - implement solution crop and convert image (reuse or recode ImageForm from members apps)
+    #####################################################################
+    """
+    A view to add a basic food
+    """
+    model = TransformedFood
+    template_name = 'food/transformed_food_form.html'
+    form_class = TransformedFoodForms
+    extra_context = {"title": _("Add a new meal")}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        transformed_food_form = TransformedFoodForms(data=self.request.POST)
+        if not transformed_food_form.is_valid():
+            return self.form_invalid(form)
+
+        # Save the aliment and allergens associated
+        transformed_food = form.save(commit=False)
+        # Without microbiological analyzes, the storage time is 3 days
+        transformed_food.expiry_date = transformed_food.creation_date + timedelta(days=3)
+        transformed_food._force_save = True
+        transformed_food.save()
+        transformed_food.refresh_from_db()
+
+        qrcode = QRCode()
+        qrcode.qr_code_number = self.kwargs['slug']
+        qrcode.food_container = transformed_food
+        qrcode.save()
+
+        return super().form_valid(form)
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:food_view', kwargs={"pk": self.object.pk})
+
+    def get_sample_object(self):
+        return BasicFood(
+            name="",
+            expiry_date=timezone.now(),
+        )

apps/logs/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_app_config = 'logs.apps.LogsConfig'

apps/logs/api/serializers.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from rest_framework import serializers

apps/logs/api/urls.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .views import ChangelogViewSet

apps/logs/api/views.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django_filters.rest_framework import DjangoFilterBackend

apps/logs/apps.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.apps import AppConfig

apps/logs/models.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.conf import settings
@@ -76,9 +76,6 @@ class Changelog(models.Model):
         verbose_name=_('timestamp'),
     )
 
-    def delete(self, using=None, keep_parents=False):
-        raise ValidationError(_("Logs cannot be destroyed."))
-
     class Meta:
         verbose_name = _("changelog")
         verbose_name_plural = _("changelogs")
@@ -86,3 +83,6 @@ class Changelog(models.Model):
     def __str__(self):
         return _("Changelog of type \"{action}\" for model {model} at {timestamp}").format(
             action=self.get_action_display(), model=str(self.model), timestamp=str(self.timestamp))
+
+    def delete(self, using=None, keep_parents=False):
+        raise ValidationError(_("Logs cannot be destroyed."))

apps/logs/signals.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib.contenttypes.models import ContentType

apps/member/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_app_config = 'member.apps.MemberConfig'

apps/member/admin.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib import admin

apps/member/api/serializers.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from rest_framework import serializers

apps/member/api/urls.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .views import ProfileViewSet, ClubViewSet, MembershipViewSet

apps/member/api/views.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django_filters.rest_framework import DjangoFilterBackend

apps/member/apps.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.apps import AppConfig

apps/member/auth.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from cas_server.auth import DjangoAuthUser  # pragma: no cover

apps/member/forms.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import io
@@ -47,6 +47,13 @@ class ProfileForm(forms.ModelForm):
 
     last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last report date"))
 
+    VSS_charter_read = forms.BooleanField(
+        required=True,
+        label=_("Anti-VSS (<em>Violences Sexistes et Sexuelles</em>) charter read and approved"),
+        help_text=_("Tick after having read and accepted the anti-VSS charter \
+        <a href=https://perso.crans.org/club-bde/Charte-anti-VSS.pdf target=_blank> available here in pdf</a>")
+    )
+
     def clean_promotion(self):
         promotion = self.cleaned_data["promotion"]
         if promotion > timezone.now().year:
@@ -114,7 +121,7 @@ class ImageForm(forms.Form):
                 frame = frame.crop((x, y, x + w, y + h))
                 frame = frame.resize(
                     (settings.PIC_WIDTH, settings.PIC_RATIO * settings.PIC_WIDTH),
-                    Image.ANTIALIAS,
+                    Image.LANCZOS,
                 )
                 frames.append(frame)
 

apps/member/hashers.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import hashlib

apps/member/migrations/0008_auto_20211005_1544.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.24 on 2021-10-05 13:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0007_auto_20210313_1235'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='profile',
+            name='department',
+            field=models.CharField(choices=[('A0', 'Informatics (A0)'), ('A1', 'Mathematics (A1)'), ('A2', 'Physics (A2)'), ("A'2", "Applied physics (A'2)"), ("A''2", "Chemistry (A''2)"), ('A3', 'Biology (A3)'), ('B1234', 'SAPHIRE (B1234)'), ('B1', 'Mechanics (B1)'), ('B2', 'Civil engineering (B2)'), ('B3', 'Mechanical engineering (B3)'), ('B4', 'EEA (B4)'), ('C', 'Design (C)'), ('D2', 'Economy-management (D2)'), ('D3', 'Social sciences (D3)'), ('E', 'English (E)'), ('EXT', 'External (EXT)')], max_length=8, verbose_name='department'),
+        ),
+    ]

apps/member/migrations/0009_auto_20220904_2325.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.26 on 2022-09-04 21:25
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0008_auto_20211005_1544'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='profile',
+            name='promotion',
+            field=models.PositiveSmallIntegerField(default=2022, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
+        ),
+    ]

apps/member/migrations/0010_new_default_year.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.28 on 2023-08-23 21:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0009_auto_20220904_2325'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='profile',
+            name='promotion',
+            field=models.PositiveSmallIntegerField(default=2023, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
+        ),
+    ]

apps/member/migrations/0011_profile_vss_charter_read.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.28 on 2023-08-31 09:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0010_new_default_year'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='profile',
+            name='VSS_charter_read',
+            field=models.BooleanField(default=False, verbose_name='VSS charter read'),
+        ),
+    ]

apps/member/models.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import datetime
@@ -28,7 +28,6 @@ class Profile(models.Model):
     We do not want to patch the Django Contrib :model:`auth.User`model;
     so this model add an user profile with additional information.
     """
-
     user = models.OneToOneField(
         settings.AUTH_USER_MODEL,
         on_delete=models.CASCADE,
@@ -134,6 +133,22 @@ class Profile(models.Model):
         default=False,
     )
 
+    VSS_charter_read = models.BooleanField(
+        verbose_name=_("VSS charter read"),
+        default=False
+    )
+
+    class Meta:
+        verbose_name = _('user profile')
+        verbose_name_plural = _('user profile')
+        indexes = [models.Index(fields=['user'])]
+
+    def __str__(self):
+        return str(self.user)
+
+    def get_absolute_url(self):
+        return reverse('member:user_detail', args=(self.user_id,))
+
     @property
     def ens_year(self):
         """
@@ -158,17 +173,6 @@ class Profile(models.Model):
             return SogeCredit.objects.filter(user=self.user, credit_transaction__isnull=False).exists()
         return False
 
-    class Meta:
-        verbose_name = _('user profile')
-        verbose_name_plural = _('user profile')
-        indexes = [models.Index(fields=['user'])]
-
-    def get_absolute_url(self):
-        return reverse('member:user_detail', args=(self.user_id,))
-
-    def __str__(self):
-        return str(self.user)
-
     def send_email_validation_link(self):
         subject = "[Note Kfet] " + str(_("Activate your Note Kfet account"))
         token = email_validation_token.make_token(self.user)
@@ -200,9 +204,11 @@ class Club(models.Model):
         max_length=255,
         unique=True,
     )
+
     email = models.EmailField(
         verbose_name=_('email'),
     )
+
     parent_club = models.ForeignKey(
         'self',
         null=True,
@@ -253,23 +259,12 @@ class Club(models.Model):
         help_text=_('Maximal date of a membership, after which members must renew it.'),
     )
 
-    def update_membership_dates(self):
-        """
-        This function is called each time the club detail view is displayed.
-        Update the year of the membership dates.
-        """
-        if not self.membership_start:
-            return
+    class Meta:
+        verbose_name = _("club")
+        verbose_name_plural = _("clubs")
 
-        today = datetime.date.today()
-
-        if (today - self.membership_start).days >= 365:
-            self.membership_start = datetime.date(self.membership_start.year + 1,
-                                                  self.membership_start.month, self.membership_start.day)
-            self.membership_end = datetime.date(self.membership_end.year + 1,
-                                                self.membership_end.month, self.membership_end.day)
-            self._force_save = True
-            self.save(force_update=True)
+    def __str__(self):
+        return self.name
 
     @transaction.atomic
     def save(self, force_insert=False, force_update=False, using=None,
@@ -282,16 +277,29 @@ class Club(models.Model):
             self.membership_end = None
         super().save(force_insert, force_update, update_fields)
 
-    class Meta:
-        verbose_name = _("club")
-        verbose_name_plural = _("clubs")
-
-    def __str__(self):
-        return self.name
-
     def get_absolute_url(self):
         return reverse_lazy('member:club_detail', args=(self.pk,))
 
+    def update_membership_dates(self):
+        """
+        This function is called each time the club detail view is displayed.
+        Update the year of the membership dates.
+        """
+        if not self.membership_start or not self.membership_end:
+            return
+
+        today = datetime.date.today()
+
+        while (today - self.membership_start).days >= 365:
+            if self.membership_start:
+                self.membership_start = datetime.date(self.membership_start.year + 1,
+                                                      self.membership_start.month, self.membership_start.day)
+            if self.membership_end:
+                self.membership_end = datetime.date(self.membership_end.year + 1,
+                                                    self.membership_end.month, self.membership_end.day)
+            self._force_save = True
+            self.save(force_update=True)
+
 
 class Membership(models.Model):
     """
@@ -331,6 +339,66 @@ class Membership(models.Model):
         verbose_name=_('fee'),
     )
 
+    class Meta:
+        verbose_name = _('membership')
+        verbose_name_plural = _('memberships')
+        indexes = [models.Index(fields=['user'])]
+
+    def __str__(self):
+        return _("Membership of {user} for the club {club}").format(user=self.user.username, club=self.club.name, )
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        """
+        Calculate fee and end date before saving the membership and creating the transaction if needed.
+        """
+        # Ensure that club membership dates are valid
+        old_membership_start = self.club.membership_start
+        self.club.update_membership_dates()
+        if self.club.membership_start != old_membership_start:
+            self.club.save()
+
+        created = not self.pk
+        if not created:
+            for role in self.roles.all():
+                club = role.for_club
+                if club is not None:
+                    if club.pk != self.club_id:
+                        raise ValidationError(_('The role {role} does not apply to the club {club}.')
+                                              .format(role=role.name, club=club.name))
+        else:
+            if Membership.objects.filter(
+                    user=self.user,
+                    club=self.club,
+                    date_start__lte=self.date_start,
+                    date_end__gte=self.date_start,
+            ).exists():
+                raise ValidationError(_('User is already a member of the club'))
+
+            if self.club.parent_club is not None:
+                # Check that the user is already a member of the parent club if the membership is created
+                if not Membership.objects.filter(
+                    user=self.user,
+                    club=self.club.parent_club,
+                    date_start__gte=self.club.parent_club.membership_start,
+                ).exists():
+                    if hasattr(self, '_force_renew_parent') and self._force_renew_parent:
+                        self.renew_parent()
+                    else:
+                        raise ValidationError(_('User is not a member of the parent club')
+                                              + ' ' + self.club.parent_club.name)
+
+            self.fee = self.club.membership_fee_paid if self.user.profile.paid else self.club.membership_fee_unpaid
+
+            self.date_end = self.date_start + datetime.timedelta(days=self.club.membership_duration) \
+                if self.club.membership_duration is not None else self.date_start + datetime.timedelta(days=424242)
+            if self.club.membership_end is not None and self.date_end > self.club.membership_end:
+                self.date_end = self.club.membership_end
+
+        super().save(*args, **kwargs)
+
+        self.make_transaction()
+
     @property
     def valid(self):
         """
@@ -408,58 +476,6 @@ class Membership(models.Model):
                 parent_membership.roles.set(Role.objects.filter(name="Membre de club").all())
             parent_membership.save()
 
-    @transaction.atomic
-    def save(self, *args, **kwargs):
-        """
-        Calculate fee and end date before saving the membership and creating the transaction if needed.
-        """
-        # Ensure that club membership dates are valid
-        old_membership_start = self.club.membership_start
-        self.club.update_membership_dates()
-        if self.club.membership_start != old_membership_start:
-            self.club.save()
-
-        created = not self.pk
-        if not created:
-            for role in self.roles.all():
-                club = role.for_club
-                if club is not None:
-                    if club.pk != self.club_id:
-                        raise ValidationError(_('The role {role} does not apply to the club {club}.')
-                                              .format(role=role.name, club=club.name))
-        else:
-            if Membership.objects.filter(
-                    user=self.user,
-                    club=self.club,
-                    date_start__lte=self.date_start,
-                    date_end__gte=self.date_start,
-            ).exists():
-                raise ValidationError(_('User is already a member of the club'))
-
-            if self.club.parent_club is not None:
-                # Check that the user is already a member of the parent club if the membership is created
-                if not Membership.objects.filter(
-                    user=self.user,
-                    club=self.club.parent_club,
-                    date_start__gte=self.club.parent_club.membership_start,
-                ).exists():
-                    if hasattr(self, '_force_renew_parent') and self._force_renew_parent:
-                        self.renew_parent()
-                    else:
-                        raise ValidationError(_('User is not a member of the parent club')
-                                              + ' ' + self.club.parent_club.name)
-
-            self.fee = self.club.membership_fee_paid if self.user.profile.paid else self.club.membership_fee_unpaid
-
-            self.date_end = self.date_start + datetime.timedelta(days=self.club.membership_duration) \
-                if self.club.membership_duration is not None else self.date_start + datetime.timedelta(days=424242)
-            if self.club.membership_end is not None and self.date_end > self.club.membership_end:
-                self.date_end = self.club.membership_end
-
-        super().save(*args, **kwargs)
-
-        self.make_transaction()
-
     def make_transaction(self):
         """
         Create Membership transaction associated to this membership.
@@ -497,11 +513,3 @@ class Membership(models.Model):
                 soge_credit.save()
             else:
                 transaction.save(force_insert=True)
-
-    def __str__(self):
-        return _("Membership of {user} for the club {club}").format(user=self.user.username, club=self.club.name, )
-
-    class Meta:
-        verbose_name = _('membership')
-        verbose_name_plural = _('memberships')
-        indexes = [models.Index(fields=['user'])]

apps/member/signals.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 

apps/member/static/member/js/trust.js

@@ -0,0 +1,64 @@
+/**
+ * On form submit, create a new friendship
+ */
+function form_create_trust (e) {
+  // Do not submit HTML form
+  e.preventDefault()
+
+  // Get data and send to API
+  const formData = new FormData(e.target)
+  $.getJSON('/api/note/alias/'+formData.get('trusted') + '/',
+    function (trusted_alias) {
+      if ((trusted_alias.note == formData.get('trusting')))
+      {
+         addMsg(gettext("You can't add yourself as a friend"), "danger")
+         return
+      }
+      create_trust(formData.get('trusting'), trusted_alias.note)
+    }).fail(function (xhr, _textStatus, _error) {
+        errMsg(xhr.responseJSON)
+    })
+}
+
+/**
+ * Create a trust between users
+ * @param trusting:Integer trusting note id
+ * @param trusted:Integer trusted note id
+ */
+function create_trust(trusting, trusted) {
+  $.post('/api/note/trust/', {
+      trusting: trusting,
+      trusted: trusted,
+      csrfmiddlewaretoken: CSRF_TOKEN
+  }).done(function () {
+  // Reload tables
+  $('#trust_table').load(location.pathname + ' #trust_table')
+  $('#trusted_table').load(location.pathname + ' #trusted_table')
+    addMsg(gettext('Friendship successfully added'), 'success')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+/**
+ * On click of "delete", delete the trust
+ * @param button_id:Integer Trust id to remove
+ */
+function delete_button (button_id) {
+  $.ajax({
+    url: '/api/note/trust/' + button_id + '/',
+    method: 'DELETE',
+    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
+  }).done(function () {
+    addMsg(gettext('Friendship successfully deleted'), 'success')
+    $('#trust_table').load(location.pathname + ' #trust_table')
+    $('#trusted_table').load(location.pathname + ' #trusted_table')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+$(document).ready(function () {
+  // Attach event
+  document.getElementById('form_trust').addEventListener('submit', form_create_trust)
+})

apps/member/tables.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from datetime import date
@@ -120,7 +120,7 @@ class MembershipTable(tables.Table):
                     club=record.club,
                     user=record.user,
                     date_start__gte=record.club.membership_start,
-                    date_end__lte=record.club.membership_end,
+                    date_end__lte=record.club.membership_end or date(9999, 12, 31),
             ).exists():  # If the renew is not yet performed
                 empty_membership = Membership(
                     club=record.club,

apps/member/templates/member/base.html

@@ -45,10 +45,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
             <div class="card-footer">
                 {% if user_object %}
                 <a class="btn btn-sm btn-secondary" href="{% url 'member:user_update_profile' user_object.pk %}">
-                    <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                        <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                    </svg>
-                    {% trans 'Update Profile' %}
+                    <i class="fa fa-edit"></i> {% trans 'Update Profile' %}
                 </a>
                 {% url 'member:user_detail' user_object.pk as user_profile_url %}
                 {% if request.path_info != user_profile_url %}
@@ -62,10 +59,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                 {% if ".change_"|has_perm:club %}
                 <a class="btn btn-sm btn-secondary" href="{% url 'member:club_update' pk=club.pk %}"
                    data-turbolinks="false">
-                    <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                        <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                    </svg>
-                    {% trans 'Update Profile' %}
+                    <i class="fa fa-edit"></i> {% trans 'Update Profile' %}
                 </a>
                 {% endif %}
                 {% url 'member:club_detail' club.pk as club_detail_url %}

apps/member/templates/member/club_detail.html

@@ -10,10 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="font-weight-bold">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-            </svg>
-            {% trans "Club managers" %}
+            <i class="fa fa-users"></i> {% trans "Club managers" %}
         </a>
     </div>
     {% render_table managers %}
@@ -26,12 +23,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="stretched-link font-weight-bold" href="{% url 'member:club_members' pk=club.pk %}">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                <path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
-                <path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
-            </svg>
-            {% trans "Club members" %}
+            <i class="fa fa-users"></i> {% trans "Club members" %}
         </a>
     </div>
     {% render_table member_list %}
@@ -45,10 +37,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <div class="card-header position-relative" id="historyListHeading">
         <a class="stretched-link font-weight-bold" {% if "note.view_note"|has_perm:club.note %}
             href="{% url 'note:transactions' pk=club.note.pk %}" {% endif %}>
-            <svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
-            </svg>
-            {% trans "Transaction history" %}
+            <i class="fa fa-euro"></i> {% trans "Transaction history" %}
         </a>
     </div>
     <div id="history_list">

apps/member/templates/member/includes/club_info.html

@@ -47,9 +47,7 @@
     <dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
     <dd class="col-xl-6">
         <a class="badge badge-secondary" href="{% url 'member:club_alias' club.pk %}">
-            <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-            </svg>
+            <i class="fa fa-edit"></i>
             {% trans 'Manage aliases' %} ({{ club.note.alias.all|length }})
         </a>
     </dd>

apps/member/templates/member/includes/profile_info.html

@@ -11,9 +11,7 @@
     <dt class="col-xl-6">{% trans 'password'|capfirst %}</dt>
     <dd class="col-xl-6">
         <a class="badge badge-secondary" href="{% url 'password_change' %}">
-            <svg class="bi bi-lock" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
-            </svg>
+            <i class="fa fa-lock"></i>
             {% trans 'Change password' %}
         </a>
     </dd>
@@ -22,13 +20,19 @@
     <dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
     <dd class="col-xl-6">
         <a class="badge badge-secondary" href="{% url 'member:user_alias' user_object.pk %}">
-            <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-            </svg>
+            <i class="fa fa-edit"></i>
             {% trans 'Manage aliases' %} ({{ user_object.note.alias.all|length }})
         </a>
     </dd>
 
+    <dt class="col-xl-6">{% trans 'friendships'|capfirst %}</dt>
+    <dd class="col-xl-6">
+        <a class="badge badge-secondary" href="{% url 'member:user_trust' user_object.pk %}">
+            <i class="fa fa-edit"></i>
+            {% trans 'Manage friendships' %} ({{ user_object.note.trusting.all|length }})
+        </a>
+    </dd>
+
     {% if "member.view_profile"|has_perm:user_object.profile %}
         <dt class="col-xl-6">{% trans 'section'|capfirst %}</dt>
         <dd class="col-xl-6">{{ user_object.profile.section }}</dd>
@@ -56,10 +60,7 @@
 {% if user_object.pk == user.pk %}
     <div class="text-center">
         <a class="small badge badge-secondary" href="{% url 'member:auth_token' %}">
-            <svg class="bi bi-cogs" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M9.405 1.05c-.413-1.4-2.397-1.4-2.81 0l-.1.34a1.464 1.464 0 0 1-2.105.872l-.31-.17c-1.283-.698-2.686.705-1.987 1.987l.169.311c.446.82.023 1.841-.872 2.105l-.34.1c-1.4.413-1.4 2.397 0 2.81l.34.1a1.464 1.464 0 0 1 .872 2.105l-.17.31c-.698 1.283.705 2.686 1.987 1.987l.311-.169a1.464 1.464 0 0 1 2.105.872l.1.34c.413 1.4 2.397 1.4 2.81 0l.1-.34a1.464 1.464 0 0 1 2.105-.872l.31.17c1.283.698 2.686-.705 1.987-1.987l-.169-.311a1.464 1.464 0 0 1 .872-2.105l.34-.1c1.4-.413 1.4-2.397 0-2.81l-.34-.1a1.464 1.464 0 0 1-.872-2.105l.17-.31c.698-1.283-.705-2.686-1.987-1.987l-.311.169a1.464 1.464 0 0 1-2.105-.872l-.1-.34zM8 10.93a2.929 2.929 0 1 1 0-5.86 2.929 2.929 0 0 1 0 5.858z"/>
-            </svg>
-            {% trans 'API token' %}
+            <i class="fa fa-cogs"></i>{% trans 'API token' %}
         </a>
     </div>
 {% endif %}

apps/member/templates/member/profile_detail.html

@@ -18,10 +18,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card bg-light mb-3">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="font-weight-bold">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-            </svg>
-            {% trans "View my memberships" %}
+            <i class="fa fa-users"></i> {% trans "View my memberships" %}
         </a>
     </div>
     {% render_table club_list %}
@@ -32,10 +29,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
         <a class="stretched-link font-weight-bold text-decoration-none"
             {% if "note.view_note"|has_perm:user_object.note %}
             href="{% url 'note:transactions' pk=user_object.note.pk %}" {% endif %}>
-            <svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
-            </svg>
-            {% trans "Transaction history" %}
+            <i class="fa fa-euro"></i> {% trans "Transaction history" %}
         </a>
     </div>
     <div id="history_list">

apps/member/templates/member/profile_trust.html

@@ -0,0 +1,48 @@
+{% extends "member/base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load static django_tables2 i18n %}
+
+{% block profile_content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {% trans "Add friends" %}
+    </h3>
+    <div class="card-body">
+        {% if can_create %}
+            <form class="input-group" method="POST" id="form_trust">
+                {% csrf_token %}
+                <input type="hidden" name="trusting" value="{{ object.note.pk }}">
+                {%include "autocomplete_model.html" %}
+                <div class="input-group-append">
+                    <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
+                </div>
+            </form>
+        {% endif %}
+    </div>
+    {% render_table trusting %}
+</div>
+
+<div class="alert alert-warning card mb-3">
+    {% blocktrans trimmed %}
+        Adding someone as a friend enables them to initiate transactions coming
+        from your account (while keeping your balance positive). This is
+        designed to simplify using note kfet transfers to transfer money between
+        users. The intent is that one person can make all transfers for a group of
+        friends without needing additional rights among them.
+    {% endblocktrans %}
+</div>
+
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {% trans "People having you as a friend" %}
+    </h3>
+    {% render_table trusted_by %}
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script src="{% static "member/js/trust.js" %}"></script>
+<script src="{% static "js/autocomplete_model.js" %}"></script>
+{% endblock%}

apps/member/templates/member/user_list.html

@@ -7,11 +7,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% block content %}
 {% if can_manage_registrations %}
 <a class="btn btn-block btn-secondary mb-3" href="{% url 'registration:future_user_list' %}">
-    <svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-        <path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-        <path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
-    </svg>
-    {% trans "Registrations" %}
+    <i class="fa fa-user-plus"></i> {% trans "Registrations" %}
 </a>
 {% endif %}
 

apps/member/templatetags/memberinfo.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from datetime import date

apps/member/tests/test_memberships.py

@@ -183,7 +183,7 @@ class TestMemberships(TestCase):
                 club = Club.objects.get(name="Kfet")
             else:
                 club = Club.objects.create(
-                    name="Second club " + ("with BDE" if bde_parent else "without BDE"),
+                    name="Second club without BDE",
                     parent_club=None,
                     email="newclub@example.com",
                     require_memberships=True,
@@ -335,6 +335,7 @@ class TestMemberships(TestCase):
             ml_sports_registration=True,
             ml_art_registration=True,
             report_frequency=7,
+            VSS_charter_read=True
         ))
         self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200)
         self.assertTrue(User.objects.filter(username="toto changed").exists())

apps/member/urls.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.urls import path
@@ -23,5 +23,6 @@ urlpatterns = [
     path('user/<int:pk>/update/', views.UserUpdateView.as_view(), name="user_update_profile"),
     path('user/<int:pk>/update_pic/', views.ProfilePictureUpdateView.as_view(), name="user_update_pic"),
     path('user/<int:pk>/aliases/', views.ProfileAliasView.as_view(), name="user_alias"),
+    path('user/<int:pk>/trust', views.ProfileTrustView.as_view(), name="user_trust"),
     path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
 ]

apps/member/views.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from datetime import timedelta, date
@@ -18,15 +18,15 @@ from django.views.generic import DetailView, UpdateView, TemplateView
 from django.views.generic.edit import FormMixin
 from django_tables2.views import SingleTableView
 from rest_framework.authtoken.models import Token
-from note.models import Alias, NoteUser
+from note.models import Alias, NoteClub, NoteUser, Trust
 from note.models.transactions import Transaction, SpecialTransaction
-from note.tables import HistoryTable, AliasTable
+from note.tables import HistoryTable, AliasTable, TrustTable, TrustedTable
 from note_kfet.middlewares import _set_current_request
 from permission.backends import PermissionBackend
 from permission.models import Role
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 
-from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm,\
+from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \
     CustomAuthenticationForm, MembershipRolesForm
 from .models import Club, Membership
 from .tables import ClubTable, UserTable, MembershipTable, ClubManagerTable
@@ -174,7 +174,7 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
             modified_note = NoteUser.objects.get(pk=user.note.pk)
             # Don't log these tests
             modified_note._no_signal = True
-            modified_note.is_active = True
+            modified_note.is_active = False
             modified_note.inactivity_reason = 'manual'
             context["can_lock_note"] = user.note.is_active and PermissionBackend\
                                            .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
@@ -183,14 +183,14 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
             modified_note._force_save = True
             modified_note.save()
             context["can_force_lock"] = user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
             old_note._force_save = True
             old_note._no_signal = True
             old_note.save()
             modified_note.refresh_from_db()
             modified_note.is_active = True
             context["can_unlock_note"] = not user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
 
         return context
 
@@ -243,6 +243,40 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
         return context
 
 
+class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    View and manage user trust relationships
+    """
+    model = User
+    template_name = 'member/profile_trust.html'
+    context_object_name = 'user_object'
+    extra_context = {"title": _("Note friendships")}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        note = context['object'].note
+        context["trusting"] = TrustTable(
+            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+        context["trusted_by"] = TrustedTable(
+            note.trusted.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_trust", Trust(
+            trusting=context["object"].note,
+            trusted=context["object"].note
+        ))
+        context["widget"] = {
+            "name": "trusted",
+            "resetable": True,
+            "attrs": {
+                "class": "autocomplete form-control",
+                "id": "trusted",
+                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
+                "name_field": "name",
+                "placeholder": ""
+            }
+        }
+        return context
+
+
 class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     """
     View and manage user aliases.
@@ -256,7 +290,8 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         context = super().get_context_data(**kwargs)
         note = context['object'].note
         context["aliases"] = AliasTable(
-            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
+            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
+            .order_by('normalized_name').all())
         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
             note=context["object"].note,
             name="",
@@ -403,9 +438,12 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         """
         context = super().get_context_data(**kwargs)
 
-        club = context["club"]
+        club = self.object
+        context["note"] = club.note
+
         if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club):
             club.update_membership_dates()
+
         # managers list
         managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club",
                                              date_start__lte=date.today(), date_end__gte=date.today())\
@@ -443,6 +481,29 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         context["can_add_members"] = PermissionBackend()\
             .has_perm(self.request.user, "member.add_membership", empty_membership)
 
+        # Check permissions to see if the authenticated user can lock/unlock the note
+        with transaction.atomic():
+            modified_note = NoteClub.objects.get(pk=club.note.pk)
+            # Don't log these tests
+            modified_note._no_signal = True
+            modified_note.is_active = False
+            modified_note.inactivity_reason = 'manual'
+            context["can_lock_note"] = club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+            old_note = NoteClub.objects.select_for_update().get(pk=club.note.pk)
+            modified_note.inactivity_reason = 'forced'
+            modified_note._force_save = True
+            modified_note.save()
+            context["can_force_lock"] = club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+            old_note._force_save = True
+            old_note._no_signal = True
+            old_note.save()
+            modified_note.refresh_from_db()
+            modified_note.is_active = True
+            context["can_unlock_note"] = not club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+
         return context
 
 
@@ -692,6 +753,10 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
             club = old_membership.club
             user = old_membership.user
 
+        # Update club membership date
+        if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club):
+            club.update_membership_dates()
+
         form.instance.club = club
 
         # Get form data

apps/note/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_app_config = 'note.apps.NoteConfig'

apps/note/admin.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib import admin
@@ -7,7 +7,7 @@ from polymorphic.admin import PolymorphicChildModelAdmin, \
     PolymorphicChildModelFilter, PolymorphicParentModelAdmin
 from note_kfet.admin import admin_site
 
-from .models.notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
+from .models.notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust
 from .models.transactions import Transaction, TemplateCategory, TransactionTemplate, \
     RecurrentTransaction, MembershipTransaction, SpecialTransaction
 from .templatetags.pretty_money import pretty_money
@@ -21,6 +21,16 @@ class AliasInlines(admin.TabularInline):
     model = Alias
 
 
+class TrustInlines(admin.TabularInline):
+    """
+    Define trusts when editing the trusting note
+    """
+    model = Trust
+    fk_name = "trusting"
+    extra = 0
+    readonly_fields = ("trusted",)
+
+
 @admin.register(Note, site=admin_site)
 class NoteAdmin(PolymorphicParentModelAdmin):
     """
@@ -92,7 +102,7 @@ class NoteUserAdmin(PolymorphicChildModelAdmin):
     """
     Child for an user note, see NoteAdmin
     """
-    inlines = (AliasInlines,)
+    inlines = (AliasInlines, TrustInlines)
 
     # We can't change user after creation or the balance
     readonly_fields = ('user', 'balance')

apps/note/api/serializers.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.conf import settings
@@ -11,8 +11,9 @@ from member.models import Membership
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 from rest_framework.utils import model_meta
+from rest_framework.validators import UniqueTogetherValidator
 
-from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias
+from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias, Trust
 from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \
     RecurrentTransaction, SpecialTransaction
 
@@ -77,6 +78,20 @@ class NoteUserSerializer(serializers.ModelSerializer):
         return str(obj)
 
 
+class TrustSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Trusts.
+    The djangorestframework plugin will analyse the model `Trust` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = Trust
+        fields = '__all__'
+        validators = [UniqueTogetherValidator(
+            queryset=Trust.objects.all(), fields=('trusting', 'trusted'),
+            message=_("This friendship already exists"))]
+
+
 class AliasSerializer(serializers.ModelSerializer):
     """
     REST API Serializer for Aliases.

apps/note/api/urls.py

@@ -1,8 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \
-    TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet
+    TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet, \
+    TrustViewSet
 
 
 def register_note_urls(router, path):
@@ -11,6 +12,7 @@ def register_note_urls(router, path):
     """
     router.register(path + '/note', NotePolymorphicViewSet)
     router.register(path + '/alias', AliasViewSet)
+    router.register(path + '/trust', TrustViewSet)
     router.register(path + '/consumer', ConsumerViewSet)
 
     router.register(path + '/transaction/category', TemplateCategoryViewSet)

apps/note/api/views.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import re
 
@@ -13,9 +13,10 @@ from rest_framework import status
 from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
 from permission.backends import PermissionBackend
 
-from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
-    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer
-from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial
+from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer, \
+    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer, \
+    TrustSerializer
+from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial, Trust
 from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory
 
 
@@ -56,11 +57,41 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
         return queryset.order_by("id")
 
 
+class TrustViewSet(ReadProtectedModelViewSet):
+    """
+    REST Trust View set.
+    The djangorestframework plugin will get all `Trust` objects, serialize it to JSON with the given serializer,
+    then render it on /api/note/trust/
+    """
+    queryset = Trust.objects
+    serializer_class = TrustSerializer
+    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name',
+                     '$trusted__alias__name', '$trusted__alias__normalized_name']
+    filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user']
+    ordering_fields = ['trusting', 'trusted', ]
+
+    def get_serializer_class(self):
+        serializer_class = self.serializer_class
+        if self.request.method in ['PUT', 'PATCH']:
+            # trust relationship can't change people involved
+            serializer_class.Meta.read_only_fields = ('trusting', 'trusting',)
+        return serializer_class
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        try:
+            self.perform_destroy(instance)
+        except ValidationError as e:
+            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+
 class AliasViewSet(ReadProtectedModelViewSet):
     """
     REST API View set.
     The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer,
-    then render it on /api/aliases/
+    then render it on /api/note/aliases/
     """
     queryset = Alias.objects
     serializer_class = AliasSerializer

apps/note/apps.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.apps import AppConfig

apps/note/forms.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import datetime
 

apps/note/migrations/0006_trust.py

@@ -0,0 +1,27 @@
+# Generated by Django 2.2.24 on 2021-09-05 19:16
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('note', '0005_auto_20210313_1235'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Trust',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('trusted', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusted', to='note.Note', verbose_name='trusted')),
+                ('trusting', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusting', to='note.Note', verbose_name='trusting')),
+            ],
+            options={
+                'verbose_name': 'frienship',
+                'verbose_name_plural': 'friendships',
+                'unique_together': {('trusting', 'trusted')},
+            },
+        ),
+    ]

apps/note/models/__init__.py

@@ -1,13 +1,13 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
+from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust
 from .transactions import MembershipTransaction, Transaction, \
     TemplateCategory, TransactionTemplate, RecurrentTransaction, SpecialTransaction
 
 __all__ = [
     # Notes
-    'Alias', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser',
+    'Alias', 'Trust', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser',
     # Transactions
     'MembershipTransaction', 'Transaction', 'TemplateCategory', 'TransactionTemplate',
     'RecurrentTransaction', 'SpecialTransaction',

apps/note/models/notes.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import unicodedata
@@ -217,6 +217,38 @@ class NoteSpecial(Note):
         return self.special_type
 
 
+class Trust(models.Model):
+    """
+    A one-sided trust relationship bertween two users
+
+    If another user considers you as your friend, you can transfer money from
+    them
+    """
+
+    trusting = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='trusting',
+        verbose_name=_('trusting')
+    )
+
+    trusted = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='trusted',
+        verbose_name=_('trusted')
+    )
+
+    class Meta:
+        verbose_name = _("frienship")
+        verbose_name_plural = _("friendships")
+        unique_together = ("trusting", "trusted")
+
+    def __str__(self):
+        return _("Friendship between {trusting} and {trusted}").format(
+            trusting=str(self.trusting), trusted=str(self.trusted))
+
+
 class Alias(models.Model):
     """
     points toward  a :model:`note.NoteUser` or :model;`note.NoteClub` instance.
@@ -261,6 +293,11 @@ class Alias(models.Model):
     def __str__(self):
         return self.name
 
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        self.clean()
+        super().save(*args, **kwargs)
+
     @staticmethod
     def normalize(string):
         """
@@ -289,11 +326,6 @@ class Alias(models.Model):
             pass
         self.normalized_name = normalized_name
 
-    @transaction.atomic
-    def save(self, *args, **kwargs):
-        self.clean()
-        super().save(*args, **kwargs)
-
     def delete(self, using=None, keep_parents=False):
         if self.name == str(self.note):
             raise ValidationError(_("You can't delete your main alias."),

apps/note/models/transactions.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.core.exceptions import ValidationError
@@ -59,6 +59,7 @@ class TransactionTemplate(models.Model):
     amount = models.PositiveIntegerField(
         verbose_name=_('amount'),
     )
+
     category = models.ForeignKey(
         TemplateCategory,
         on_delete=models.PROTECT,
@@ -87,12 +88,12 @@ class TransactionTemplate(models.Model):
         verbose_name = _("transaction template")
         verbose_name_plural = _("transaction templates")
 
-    def get_absolute_url(self):
-        return reverse('note:template_update', args=(self.pk,))
-
     def __str__(self):
         return self.name
 
+    def get_absolute_url(self):
+        return reverse('note:template_update', args=(self.pk,))
+
 
 class Transaction(PolymorphicModel):
     """
@@ -101,7 +102,6 @@ class Transaction(PolymorphicModel):
     amount is store in centimes of currency, making it a  positive integer
     value. (from someone to someone else)
     """
-
     source = models.ForeignKey(
         Note,
         on_delete=models.PROTECT,
@@ -166,6 +166,50 @@ class Transaction(PolymorphicModel):
             models.Index(fields=['destination']),
         ]
 
+    def __str__(self):
+        return self.__class__.__name__ + " from " + str(self.source) + " to " + str(self.destination) + " of "\
+            + pretty_money(self.quantity * self.amount) + ("" if self.valid else " invalid")
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        """
+        When saving, also transfer money between two notes
+        """
+        if self.source.pk == self.destination.pk:
+            # When source == destination, no money is transferred and no transaction is created
+            return
+
+        self.source = Note.objects.select_for_update().get(pk=self.source_id)
+        self.destination = Note.objects.select_for_update().get(pk=self.destination_id)
+
+        # Check that the amounts stay between big integer bounds
+        diff_source, diff_dest = self.validate()
+
+        if not (hasattr(self, '_force_save') and self._force_save) \
+                and (not self.source.is_active or not self.destination.is_active):
+            raise ValidationError(_("The transaction can't be saved since the source note "
+                                    "or the destination note is not active."))
+
+        # If the aliases are not entered, we assume that the used alias is the name of the note
+        if not self.source_alias:
+            self.source_alias = str(self.source)
+
+        if not self.destination_alias:
+            self.destination_alias = str(self.destination)
+
+        # We save first the transaction, in case of the user has no right to transfer money
+        super().save(*args, **kwargs)
+
+        # Save notes
+        self.source.refresh_from_db()
+        self.source.balance += diff_source
+        self.source._force_save = True
+        self.source.save()
+        self.destination.refresh_from_db()
+        self.destination.balance += diff_dest
+        self.destination._force_save = True
+        self.destination.save()
+
     def validate(self):
         previous_source_balance = self.source.balance
         previous_dest_balance = self.destination.balance
@@ -208,46 +252,6 @@ class Transaction(PolymorphicModel):
 
         return source_balance - previous_source_balance, dest_balance - previous_dest_balance
 
-    @transaction.atomic
-    def save(self, *args, **kwargs):
-        """
-        When saving, also transfer money between two notes
-        """
-        if self.source.pk == self.destination.pk:
-            # When source == destination, no money is transferred and no transaction is created
-            return
-
-        self.source = Note.objects.select_for_update().get(pk=self.source_id)
-        self.destination = Note.objects.select_for_update().get(pk=self.destination_id)
-
-        # Check that the amounts stay between big integer bounds
-        diff_source, diff_dest = self.validate()
-
-        if not (hasattr(self, '_force_save') and self._force_save) \
-                and (not self.source.is_active or not self.destination.is_active):
-            raise ValidationError(_("The transaction can't be saved since the source note "
-                                    "or the destination note is not active."))
-
-        # If the aliases are not entered, we assume that the used alias is the name of the note
-        if not self.source_alias:
-            self.source_alias = str(self.source)
-
-        if not self.destination_alias:
-            self.destination_alias = str(self.destination)
-
-        # We save first the transaction, in case of the user has no right to transfer money
-        super().save(*args, **kwargs)
-
-        # Save notes
-        self.source.refresh_from_db()
-        self.source.balance += diff_source
-        self.source._force_save = True
-        self.source.save()
-        self.destination.refresh_from_db()
-        self.destination.balance += diff_dest
-        self.destination._force_save = True
-        self.destination.save()
-
     @property
     def total(self):
         return self.amount * self.quantity
@@ -256,46 +260,40 @@ class Transaction(PolymorphicModel):
     def type(self):
         return _('Transfer')
 
-    def __str__(self):
-        return self.__class__.__name__ + " from " + str(self.source) + " to " + str(self.destination) + " of "\
-            + pretty_money(self.quantity * self.amount) + ("" if self.valid else " invalid")
-
 
 class RecurrentTransaction(Transaction):
     """
     Special type of :model:`note.Transaction` associated to a :model:`note.TransactionTemplate`.
     """
-
     template = models.ForeignKey(
         TransactionTemplate,
         on_delete=models.PROTECT,
     )
 
+    class Meta:
+        verbose_name = _("recurrent transaction")
+        verbose_name_plural = _("recurrent transactions")
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        self.clean()
+        return super().save(*args, **kwargs)
+
     def clean(self):
         if self.template.destination != self.destination and not (hasattr(self, '_force_save') and self._force_save):
             raise ValidationError(
                 _("The destination of this transaction must equal to the destination of the template."))
         return super().clean()
 
-    @transaction.atomic
-    def save(self, *args, **kwargs):
-        self.clean()
-        return super().save(*args, **kwargs)
-
     @property
     def type(self):
         return _('Template')
 
-    class Meta:
-        verbose_name = _("recurrent transaction")
-        verbose_name_plural = _("recurrent transactions")
-
 
 class SpecialTransaction(Transaction):
     """
     Special type of :model:`note.Transaction` associated to transactions with special notes
     """
-
     last_name = models.CharField(
         max_length=255,
         verbose_name=_("name"),
@@ -312,6 +310,15 @@ class SpecialTransaction(Transaction):
         blank=True,
     )
 
+    class Meta:
+        verbose_name = _("Special transaction")
+        verbose_name_plural = _("Special transactions")
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        self.clean()
+        super().save(*args, **kwargs)
+
     @property
     def type(self):
         return _('Credit') if isinstance(self.source, NoteSpecial) else _("Debit")
@@ -325,13 +332,8 @@ class SpecialTransaction(Transaction):
     def clean(self):
         # SpecialTransaction are only possible with NoteSpecial object
         if self.is_credit() == self.is_debit():
-            raise(ValidationError(_("A special transaction is only possible between a"
-                                    " Note associated to a payment method and a User or a Club")))
-
-    @transaction.atomic
-    def save(self, *args, **kwargs):
-        self.clean()
-        super().save(*args, **kwargs)
+            raise ValidationError(_("A special transaction is only possible between a"
+                                    " Note associated to a payment method and a User or a Club"))
 
     @staticmethod
     def validate_payment_form(form):
@@ -363,17 +365,11 @@ class SpecialTransaction(Transaction):
 
         return not error
 
-    class Meta:
-        verbose_name = _("Special transaction")
-        verbose_name_plural = _("Special transactions")
-
 
 class MembershipTransaction(Transaction):
     """
     Special type of :model:`note.Transaction` associated to a :model:`member.Membership`.
-
     """
-
     membership = models.OneToOneField(
         'member.Membership',
         on_delete=models.PROTECT,

apps/note/signals.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.utils import timezone

apps/note/static/note/js/consos.js

@@ -1,4 +1,4 @@
-// Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+// Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 // SPDX-License-Identifier: GPL-3.0-or-later
 
 // When a transaction is performed, lock the interface to prevent spam clicks.
@@ -221,7 +221,7 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
     .done(function () {
       if (!isNaN(source.balance)) {
         const newBalance = source.balance - quantity * amount
-        if (newBalance <= -5000) {
+        if (newBalance <= -2000) {
           addMsg(interpolate(gettext('Warning, the transaction from the note %s succeed, ' +
               'but the emitter note %s is very negative.'), [source_alias, source_alias]), 'danger', 30000)
         } else if (newBalance < 0) {
@@ -258,3 +258,39 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
       })
     })
 }
+
+var searchbar = document.getElementById("search-input")
+var search_results = document.getElementById("search-results")
+
+var old_pattern = null;
+var firstMatch = null;
+/**
+ * Updates the button search tab
+ * @param force Forces the update even if the pattern didn't change
+ */
+function updateSearch(force = false) {
+  let pattern = searchbar.value
+  if (pattern === "")
+    firstMatch = null;
+  if ((pattern === old_pattern || pattern === "") && !force)
+    return;
+  firstMatch = null;
+  const re = new RegExp(pattern, "i");
+  Array.from(search_results.children).forEach(function(b) {
+    if (re.test(b.innerText)) {
+      b.hidden = false;
+      if (firstMatch === null) {
+        firstMatch = b;
+      }
+    } else
+      b.hidden = true;
+  });
+}
+
+searchbar.addEventListener("input", function (e) {
+  debounce(updateSearch)()
+});
+searchbar.addEventListener("keyup", function (e) {
+  if (firstMatch && e.key === "Enter")
+    firstMatch.click()
+});

apps/note/static/note/js/transfer.js

@@ -314,7 +314,7 @@ $('#btn_transfer').click(function () {
 
           if (!isNaN(source.note.balance)) {
             const newBalance = source.note.balance - source.quantity * dest.quantity * amount
-            if (newBalance <= -5000) {
+            if (newBalance <= -2000) {
               addMsg(interpolate(gettext('Warning, the transaction of %s from the note %s to the note %s succeed, but the emitter note %s is very negative.'),
                   [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, source.name]), 'danger', 10000)
               reset()