Merge branch 'nix-shell' into 'main'

Nix shell

See merge request bde/nk20!201

.gitignore

@@ -48,7 +48,6 @@ backups/
 env/
 venv/
 db.sqlite3
-shell.nix
 
 # ansibles customs host
 ansible/host_vars/*.yaml

.gitlab-ci.yml

@@ -7,25 +7,25 @@ stages:
 variables:
   GIT_SUBMODULE_STRATEGY: recursive
 
-# Debian Buster
+# Debian Bullseye
-#  py37-django22:
+py39-django42:
-#   stage: test
-#   image: debian:buster-backports
-#   before_script:
-#     - >
-#         apt-get update &&
-#         apt-get install --no-install-recommends -t buster-backports -y
-#         python3-django python3-django-crispy-forms
-#         python3-django-extensions python3-django-filters python3-django-polymorphic
-#         python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
-#         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
-#         python3-bs4 python3-setuptools tox texlive-xetex
-#   script: tox -e py37-django22
-
-# Ubuntu 20.04
-py38-django22:
   stage: test
-  image: ubuntu:20.04
+  image: debian:bullseye
+  before_script:
+    - >
+        apt-get update &&
+        apt-get install --no-install-recommends -y
+        python3-django python3-django-crispy-forms
+        python3-django-extensions python3-django-filters python3-django-polymorphic
+        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
+        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
+        python3-bs4 python3-setuptools tox texlive-xetex
+  script: tox -e py39-django42
+
+# Ubuntu 22.04
+py310-django42:
+  stage: test
+  image: ubuntu:22.04
   before_script:
     # Fix tzdata prompt
     - ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime && echo Europe/Paris > /etc/timezone
@@ -37,12 +37,12 @@ py38-django22:
         python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
         python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py38-django22
+  script: tox -e py310-django42
 
-# Debian Bullseye
+# Debian Bookworm
-py39-django22:
+py311-django42:
   stage: test
-  image: debian:bullseye
+  image: debian:bookworm
   before_script:
     - >
         apt-get update &&
@@ -52,11 +52,13 @@ py39-django22:
         python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
         python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py39-django22
+  script: tox -e py311-django42
+
+
 
 linters:
   stage: quality-assurance
-  image: debian:bullseye
+  image: debian:bookworm
   before_script:
     - apt-get update && apt-get install -y tox
   script: tox -e linters

apps/activity/admin.py

@@ -5,7 +5,7 @@ from django.contrib import admin
 from note_kfet.admin import admin_site
 
 from .forms import GuestForm
-from .models import Activity, ActivityType, Entry, Guest
+from .models import Activity, ActivityType, Entry, Guest, Opener
 
 
 @admin.register(Activity, site=admin_site)
@@ -45,3 +45,11 @@ class EntryAdmin(admin.ModelAdmin):
     Admin customisation for Entry
     """
     list_display = ('note', 'activity', 'time', 'guest')
+
+
+@admin.register(Opener, site=admin_site)
+class OpenerAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for Opener
+    """
+    list_display = ('activity', 'opener')

apps/activity/api/serializers.py

@@ -1,9 +1,11 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
+from rest_framework.validators import UniqueTogetherValidator
 
-from ..models import Activity, ActivityType, Entry, Guest, GuestTransaction
+from ..models import Activity, ActivityType, Entry, Guest, GuestTransaction, Opener
 
 
 class ActivityTypeSerializer(serializers.ModelSerializer):
@@ -59,3 +61,17 @@ class GuestTransactionSerializer(serializers.ModelSerializer):
     class Meta:
         model = GuestTransaction
         fields = '__all__'
+
+
+class OpenerSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Openers.
+    The djangorestframework plugin will analyse the model `Opener` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = Opener
+        fields = '__all__'
+        validators = [UniqueTogetherValidator(
+            queryset=Opener.objects.all(), fields=("opener", "activity"),
+            message=_("This opener already exists"))]

apps/activity/api/urls.py

@@ -1,7 +1,7 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet
+from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet, OpenerViewSet
 
 
 def register_activity_urls(router, path):
@@ -12,3 +12,4 @@ def register_activity_urls(router, path):
     router.register(path + '/type', ActivityTypeViewSet)
     router.register(path + '/guest', GuestViewSet)
     router.register(path + '/entry', EntryViewSet)
+    router.register(path + '/opener', OpenerViewSet)

apps/activity/api/views.py

@@ -1,12 +1,15 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
+from django.core.exceptions import ValidationError
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from rest_framework.response import Response
+from rest_framework import status
 
-from .serializers import ActivitySerializer, ActivityTypeSerializer, EntrySerializer, GuestSerializer
+from .serializers import ActivitySerializer, ActivityTypeSerializer, EntrySerializer, GuestSerializer, OpenerSerializer
-from ..models import Activity, ActivityType, Entry, Guest
+from ..models import Activity, ActivityType, Entry, Guest, Opener
 
 
 class ActivityTypeViewSet(ReadProtectedModelViewSet):
@@ -29,7 +32,7 @@ class ActivityViewSet(ReadProtectedModelViewSet):
     """
     queryset = Activity.objects.order_by('id')
     serializer_class = ActivitySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'description', 'activity_type', 'location', 'creater', 'organizer', 'attendees_club',
                         'date_start', 'date_end', 'valid', 'open', ]
     search_fields = ['$name', '$description', '$location', '$creater__last_name', '$creater__first_name',
@@ -47,7 +50,7 @@ class GuestViewSet(ReadProtectedModelViewSet):
     """
     queryset = Guest.objects.order_by('id')
     serializer_class = GuestSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'inviter', 'inviter__alias__name',
                         'inviter__alias__normalized_name', ]
     search_fields = ['$activity__name', '$last_name', '$first_name', '$inviter__user__email', '$inviter__alias__name',
@@ -62,7 +65,36 @@ class EntryViewSet(ReadProtectedModelViewSet):
     """
     queryset = Entry.objects.order_by('id')
     serializer_class = EntrySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['activity', 'time', 'note', 'guest', ]
     search_fields = ['$activity__name', '$note__user__email', '$note__alias__name', '$note__alias__normalized_name',
                      '$guest__last_name', '$guest__first_name', ]
+
+
+class OpenerViewSet(ReadProtectedModelViewSet):
+    """
+    REST Opener View set.
+    The djangorestframework plugin will get all `Opener` objects, serialize it to JSON with the given serializer,
+    then render it on /api/activity/opener/
+    """
+    queryset = Opener.objects
+    serializer_class = OpenerSerializer
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend]
+    search_fields = ['$opener__alias__name', '$opener__alias__normalized_name',
+                     '$activity__name']
+    filterset_fields = ['opener', 'opener__noteuser__user', 'activity']
+
+    def get_serializer_class(self):
+        serializer_class = self.serializer_class
+        if self.request.method in ['PUT', 'PATCH']:
+            # opener-activity can't change
+            serializer_class.Meta.read_only_fields = ('opener', 'acitivity',)
+        return serializer_class
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        try:
+            self.perform_destroy(instance)
+        except ValidationError as e:
+            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
+        return Response(status=status.HTTP_204_NO_CONTENT)

apps/activity/forms.py

@@ -4,13 +4,14 @@
 from datetime import timedelta
 from random import shuffle
 
+from bootstrap_datepicker_plus.widgets import DateTimePickerInput
 from django import forms
 from django.contrib.contenttypes.models import ContentType
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from member.models import Club
 from note.models import Note, NoteUser
-from note_kfet.inputs import Autocomplete, DateTimePickerInput
+from note_kfet.inputs import Autocomplete
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 
@@ -43,7 +44,7 @@ class ActivityForm(forms.ModelForm):
 
     class Meta:
         model = Activity
-        exclude = ('creater', 'valid', 'open', )
+        exclude = ('creater', 'valid', 'open', 'opener', )
         widgets = {
             "organizer": Autocomplete(
                 model=Club,

apps/activity/migrations/0004_opener.py

@@ -0,0 +1,28 @@
+# Generated by Django 2.2.28 on 2024-08-01 12:36
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('note', '0006_trust'),
+        ('activity', '0003_auto_20240323_1422'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Opener',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('activity', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='opener', to='activity.Activity', verbose_name='activity')),
+                ('opener', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='activity_responsible', to='note.Note', verbose_name='opener')),
+            ],
+            options={
+                'verbose_name': 'opener',
+                'verbose_name_plural': 'openers',
+                'unique_together': {('opener', 'activity')},
+            },
+        ),
+    ]

apps/activity/models.py

@@ -11,7 +11,7 @@ from django.db import models, transaction
 from django.db.models import Q
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
-from note.models import NoteUser, Transaction
+from note.models import NoteUser, Transaction, Note
 from rest_framework.exceptions import ValidationError
 
 
@@ -310,3 +310,31 @@ class GuestTransaction(Transaction):
     @property
     def type(self):
         return _('Invitation')
+
+
+class Opener(models.Model):
+    """
+    Allow the user to make activity entries without more rights
+    """
+    activity = models.ForeignKey(
+        Activity,
+        on_delete=models.CASCADE,
+        related_name='opener',
+        verbose_name=_('activity')
+    )
+
+    opener = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='activity_responsible',
+        verbose_name=_('Opener')
+    )
+
+    class Meta:
+        verbose_name = _("Opener")
+        verbose_name_plural = _("Openers")
+        unique_together = ("opener", "activity")
+
+    def __str__(self):
+        return _("{opener} is opener of activity {acivity}").format(
+            opener=str(self.opener), acivity=str(self.activity))

apps/activity/static/activity/js/opener.js

@@ -0,0 +1,57 @@
+/**
+ * On form submit, add a new opener
+ */
+function form_create_opener (e) {
+  // Do not submit HTML form
+  e.preventDefault()
+
+  // Get data and send to API
+  const formData = new FormData(e.target)
+  $.getJSON('/api/note/alias/'+formData.get('opener') + '/',
+    function (opener_alias) {
+      create_opener(formData.get('activity'), opener_alias.note)
+    }).fail(function (xhr, _textStatus, _error) {
+        errMsg(xhr.responseJSON)
+    })
+}
+
+/**
+ * Add an opener between an activity and a user
+ * @param activity:Integer activity id
+ * @param opener:Integer user note id
+ */
+function create_opener(activity, opener) {
+  $.post('/api/activity/opener/', {
+      activity: activity,
+      opener: opener,
+      csrfmiddlewaretoken: CSRF_TOKEN
+  }).done(function () {
+  // Reload tables
+  $('#opener_table').load(location.pathname + ' #opener_table')
+    addMsg(gettext('Opener successfully added'), 'success')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+/**
+ * On click of "delete", delete the opener
+ * @param button_id:Integer Opener id to remove
+ */
+function delete_button (button_id) {
+  $.ajax({
+    url: '/api/activity/opener/' + button_id + '/',
+    method: 'DELETE',
+    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
+  }).done(function () {
+    addMsg(gettext('Opener successfully deleted'), 'success')
+    $('#opener_table').load(location.pathname + ' #opener_table')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+$(document).ready(function () {
+  // Attach event
+  document.getElementById('form_opener').addEventListener('submit', form_create_opener)
+})

apps/activity/tables.py

@@ -5,11 +5,13 @@ from django.utils import timezone
 from django.utils.html import escape
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
+from note_kfet.middlewares import get_current_request
 import django_tables2 as tables
 from django_tables2 import A
+from permission.backends import PermissionBackend
 from note.templatetags.pretty_money import pretty_money
 
-from .models import Activity, Entry, Guest
+from .models import Activity, Entry, Guest, Opener
 
 
 class ActivityTable(tables.Table):
@@ -113,3 +115,34 @@ class EntryTable(tables.Table):
             'data-last-name': lambda record: record.last_name,
             'data-first-name': lambda record: record.first_name,
         }
+
+
+# function delete_button(id) provided in template file
+DELETE_TEMPLATE = """
+    <button id="{{ record.pk }}" class="btn btn-danger btn-sm" onclick="delete_button(this.id)"> {{ delete_trans }}</button>
+"""
+
+
+class OpenerTable(tables.Table):
+    class Meta:
+        attrs = {
+            'class': 'table table condensed table-striped',
+            'id': "opener_table"
+        }
+        model = Opener
+        fields = ("opener",)
+        template_name = 'django_tables2/bootstrap4.html'
+
+    show_header = False
+    opener = tables.Column(attrs={'td': {'class': 'text-center'}})
+
+    delete_col = tables.TemplateColumn(
+        template_code=DELETE_TEMPLATE,
+        extra_context={"delete_trans": _('Delete')},
+        attrs={
+            'td': {
+                'class': lambda record: 'col-sm-1'
+                + (' d-none' if not PermissionBackend.check_perm(
+                    get_current_request(), "activity.delete_opener", record)
+                   else '')}},
+        verbose_name=_("Delete"),)

apps/activity/templates/activity/activity_detail.html

@@ -4,11 +4,31 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n perms %}
 {% load render_table from django_tables2 %}
+{% load static django_tables2 i18n %}
 
 {% block content %}
 <h1 class="text-white">{{ title }}</h1>
 {% include "activity/includes/activity_info.html" %}
 
+{% if activity.activity_type.manage_entries and ".change__opener"|has_perm:activity %}
+    <div class="card bg-white mb-3">
+        <h3 class="card-header text-center">
+            {% trans "Openers" %}
+        </h3>
+        <div class="card-body">
+            <form class="input-group" method="POST" id="form_opener">
+                {% csrf_token %}
+                <input type="hidden" name="activity" value="{{ object.pk }}">
+                {%include "autocomplete_model.html" %}
+                <div class="input-group-append">
+                    <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
+                </div>
+            </form>
+        </div>
+        {% render_table opener %}
+    </div>
+{% endif %}
+
 {% if guests.data %}
 <div class="card bg-white mb-3">
     <h3 class="card-header text-center">
@@ -22,6 +42,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% endblock %}
 
 {% block extrajavascript %}
+<script src="{% static "activity/js/opener.js" %}"></script>
+<script src="{% static "js/autocomplete_model.js" %}"></script>
 <script>
     function remove_guest(guest_id) {
         $.ajax({

apps/activity/views.py

@@ -18,14 +18,15 @@ from django.views import View
 from django.views.decorators.cache import cache_page
 from django.views.generic import DetailView, TemplateView, UpdateView
 from django.views.generic.list import ListView
-from django_tables2.views import MultiTableMixin
+from django_tables2.views import MultiTableMixin, SingleTableMixin
+from api.viewsets import is_regex
 from note.models import Alias, NoteSpecial, NoteUser
 from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 
 from .forms import ActivityForm, GuestForm
-from .models import Activity, Entry, Guest
+from .models import Activity, Entry, Guest, Opener
-from .tables import ActivityTable, EntryTable, GuestTable
+from .tables import ActivityTable, EntryTable, GuestTable, OpenerTable
 
 
 class ActivityCreateView(ProtectQuerysetMixin, ProtectedCreateView):
@@ -63,19 +64,15 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin
     Displays all Activities, and classify if they are on-going or upcoming ones.
     """
     model = Activity
-    tables = [ActivityTable, ActivityTable]
+    tables = [
+        lambda data: ActivityTable(data, prefix="all-"),
+        lambda data: ActivityTable(data, prefix="upcoming-"),
+    ]
     extra_context = {"title": _("Activities")}
 
     def get_queryset(self, **kwargs):
         return super().get_queryset(**kwargs).distinct()
 
-    def get_tables(self):
-        tables = super().get_tables()
-
-        tables[0].prefix = "all-"
-        tables[1].prefix = "upcoming-"
-        return tables
-
     def get_tables_data(self):
         # first table = all activities, second table = upcoming
         return [
@@ -99,7 +96,7 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin
         return context
 
 
-class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
     """
     Shows details about one activity. Add guest to context
     """
@@ -107,15 +104,40 @@ class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     context_object_name = "activity"
     extra_context = {"title": _("Activity detail")}
 
+    tables = [
+        lambda data: GuestTable(data, prefix="guests-"),
+        lambda data: OpenerTable(data, prefix="opener-"),
+    ]
+
+    def get_tables_data(self):
+        return [
+            Guest.objects.filter(activity=self.object)
+                         .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")),
+            self.object.opener.filter(activity=self.object)
+                              .filter(PermissionBackend.filter_queryset(self.request, Opener, "view")),
+        ]
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data()
 
-        table = GuestTable(data=Guest.objects.filter(activity=self.object)
+        tables = context["tables"]
-                           .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")))
+        for name, table in zip(["guests", "opener"], tables):
-        context["guests"] = table
+            context[name] = table
 
         context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start)
 
+        context["widget"] = {
+            "name": "opener",
+            "resetable": True,
+            "attrs": {
+                "class": "autocomplete form-control",
+                "id": "opener",
+                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
+                "name_field": "name",
+                "placeholder": ""
+            }
+        }
+
         return context
 
 
@@ -172,12 +194,14 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
 
 
-class ActivityEntryView(LoginRequiredMixin, TemplateView):
+class ActivityEntryView(LoginRequiredMixin, SingleTableMixin, TemplateView):
     """
     Manages entry to an activity
     """
     template_name = "activity/activity_entry.html"
 
+    table_class = EntryTable
+
     def dispatch(self, request, *args, **kwargs):
         """
         Don't display the entry interface if the user has no right to see it (no right to add an entry for itself),
@@ -212,13 +236,16 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
 
         if "search" in self.request.GET and self.request.GET["search"]:
             pattern = self.request.GET["search"]
-            if pattern[0] != "^":
+
-                pattern = "^" + pattern
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            pattern = "^" + pattern if valid_regex and pattern[0] != "^" else pattern
             guest_qs = guest_qs.filter(
-                Q(first_name__iregex=pattern)
+                Q(**{f"first_name{suffix}": pattern})
-                | Q(last_name__iregex=pattern)
+                | Q(**{f"last_name{suffix}": pattern})
-                | Q(inviter__alias__name__iregex=pattern)
+                | Q(**{f"inviter__alias__name{suffix}": pattern})
-                | Q(inviter__alias__normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"inviter__alias__normalized_name{suffix}": Alias.normalize(pattern)})
             )
         else:
             guest_qs = guest_qs.none()
@@ -250,11 +277,15 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
 
         if "search" in self.request.GET and self.request.GET["search"]:
             pattern = self.request.GET["search"]
+
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__icontains"
             note_qs = note_qs.filter(
-                Q(note__noteuser__user__first_name__iregex=pattern)
+                Q(**{f"note__noteuser__user__first_name{suffix}": pattern})
-                | Q(note__noteuser__user__last_name__iregex=pattern)
+                | Q(**{f"note__noteuser__user__last_name{suffix}": pattern})
-                | Q(name__iregex=pattern)
+                | Q(**{f"name{suffix}": pattern})
-                | Q(normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"normalized_name{suffix}": Alias.normalize(pattern)})
             )
         else:
             note_qs = note_qs.none()
@@ -266,15 +297,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
             if settings.DATABASES[note_qs.db]["ENGINE"] == 'django.db.backends.postgresql' else note_qs.distinct()[:20]
         return note_qs
 
-    def get_context_data(self, **kwargs):
+    def get_table_data(self):
-        """
-        Query the list of Guest and Note to the activity and add information to makes entry with JS.
-        """
-        context = super().get_context_data(**kwargs)
-
         activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
             .distinct().get(pk=self.kwargs["pk"])
-        context["activity"] = activity
 
         matched = []
 
@@ -287,8 +312,17 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
             note.activity = activity
             matched.append(note)
 
-        table = EntryTable(data=matched)
+        return matched
-        context["table"] = table
+
+    def get_context_data(self, **kwargs):
+        """
+        Query the list of Guest and Note to the activity and add information to makes entry with JS.
+        """
+        context = super().get_context_data(**kwargs)
+
+        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
+            .distinct().get(pk=self.kwargs["pk"])
+        context["activity"] = activity
 
         context["entries"] = Entry.objects.filter(activity=activity)
 
@@ -330,8 +364,8 @@ X-WR-CALNAME:Kfet Calendar
 NAME:Kfet Calendar
 CALSCALE:GREGORIAN
 BEGIN:VTIMEZONE
-TZID:Europe/Berlin
+TZID:Europe/Paris
-X-LIC-LOCATION:Europe/Berlin
+X-LIC-LOCATION:Europe/Paris
 BEGIN:DAYLIGHT
 TZOFFSETFROM:+0100
 TZOFFSETTO:+0200
@@ -353,10 +387,10 @@ END:VTIMEZONE
 DTSTAMP:{"{:%Y%m%dT%H%M%S}".format(activity.date_start)}Z
 UID:{md5((activity.name + "$" + str(activity.id) + str(activity.date_start)).encode("UTF-8")).hexdigest()}
 SUMMARY;CHARSET=UTF-8:{self.multilines(activity.name, 75, 22)}
-DTSTART;TZID=Europe/Berlin:{"{:%Y%m%dT%H%M%S}".format(activity.date_start)}
+DTSTART:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_start)}
-DTEND;TZID=Europe/Berlin:{"{:%Y%m%dT%H%M%S}".format(activity.date_end)}
+DTEND:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_end)}
 LOCATION:{self.multilines(activity.location, 75, 9) if activity.location else "Kfet"}
-DESCRIPTION;CHARSET=UTF-8:""" + self.multilines(activity.description.replace("\n", "\\n"), 75, 26) + """
+DESCRIPTION;CHARSET=UTF-8:""" + self.multilines(activity.description.replace("\n", "\\n"), 75, 26) + f"""
  -- {activity.organizer.name}
 END:VEVENT
 """

apps/api/filters.py

@@ -0,0 +1,42 @@
+import re
+from functools import lru_cache
+
+from rest_framework.filters import SearchFilter
+
+
+class RegexSafeSearchFilter(SearchFilter):
+    @lru_cache
+    def validate_regex(self, search_term) -> bool:
+        try:
+            re.compile(search_term)
+            return True
+        except re.error:
+            return False
+
+    def get_search_fields(self, view, request):
+        """
+        Ensure that given regex are valid.
+        If not, we consider that the user is trying to search by substring.
+        """
+        search_fields = super().get_search_fields(view, request)
+        search_terms = self.get_search_terms(request)
+
+        for search_term in search_terms:
+            if not self.validate_regex(search_term):
+                # Invalid regex. We assume we don't query by regex but by substring.
+                search_fields = [f.replace('$', '') for f in search_fields]
+                break
+
+        return search_fields
+
+    def get_search_terms(self, request):
+        """
+        Ensure that search field is a valid regex query. If not, we remove extra characters.
+        """
+        terms = super().get_search_terms(request)
+        if not all(self.validate_regex(term) for term in terms):
+            # Invalid regex. If a ^ is prefixed to the search term, we remove it.
+            terms = [term[1:] if term[0] == '^' else term for term in terms]
+            # Same for dollars.
+            terms = [term[:-1] if term[-1] == '$' else term for term in terms]
+        return terms

apps/api/tests.py

@@ -12,11 +12,12 @@ from django.contrib.contenttypes.models import ContentType
 from django.db.models.fields.files import ImageFieldFile
 from django.test import TestCase
 from django_filters.rest_framework import DjangoFilterBackend
+from phonenumbers import PhoneNumber
+from rest_framework.filters import OrderingFilter
+from api.filters import RegexSafeSearchFilter
 from member.models import Membership, Club
 from note.models import NoteClub, NoteUser, Alias, Note
 from permission.models import PermissionMask, Permission, Role
-from phonenumbers import PhoneNumber
-from rest_framework.filters import SearchFilter, OrderingFilter
 
 from .viewsets import ContentTypeViewSet, UserViewSet
 
@@ -87,7 +88,7 @@ class TestAPI(TestCase):
                     resp = self.client.get(url + f"?ordering=-{field}")
                     self.assertEqual(resp.status_code, 200)
 
-            if SearchFilter in backends:
+            if RegexSafeSearchFilter in backends:
                 # Basic search
                 for field in viewset.search_fields:
                     obj = self.fix_note_object(obj, field)

apps/api/urls.py

@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.conf import settings
-from django.conf.urls import url, include
+from django.conf.urls import include
+from django.urls import re_path
 from rest_framework import routers
 
 from .views import UserInformationView
@@ -14,29 +15,33 @@ router = routers.DefaultRouter()
 router.register('models', ContentTypeViewSet)
 router.register('user', UserViewSet)
 
+if "activity" in settings.INSTALLED_APPS:
+    from activity.api.urls import register_activity_urls
+    register_activity_urls(router, 'activity')
+
+if "food" in settings.INSTALLED_APPS:
+    from food.api.urls import register_food_urls
+    register_food_urls(router, 'food')
+
+if "logs" in settings.INSTALLED_APPS:
+    from logs.api.urls import register_logs_urls
+    register_logs_urls(router, 'logs')
+
 if "member" in settings.INSTALLED_APPS:
     from member.api.urls import register_members_urls
     register_members_urls(router, 'members')
 
-if "member" in settings.INSTALLED_APPS:
-    from activity.api.urls import register_activity_urls
-    register_activity_urls(router, 'activity')
-
 if "note" in settings.INSTALLED_APPS:
     from note.api.urls import register_note_urls
     register_note_urls(router, 'note')
 
-if "treasury" in settings.INSTALLED_APPS:
-    from treasury.api.urls import register_treasury_urls
-    register_treasury_urls(router, 'treasury')
-
 if "permission" in settings.INSTALLED_APPS:
     from permission.api.urls import register_permission_urls
     register_permission_urls(router, 'permission')
 
-if "logs" in settings.INSTALLED_APPS:
+if "treasury" in settings.INSTALLED_APPS:
-    from logs.api.urls import register_logs_urls
+    from treasury.api.urls import register_treasury_urls
-    register_logs_urls(router, 'logs')
+    register_treasury_urls(router, 'treasury')
 
 if "wei" in settings.INSTALLED_APPS:
     from wei.api.urls import register_wei_urls
@@ -47,7 +52,7 @@ app_name = 'api'
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
-    url('^', include(router.urls)),
+    re_path('^', include(router.urls)),
-    url('^me/', UserInformationView.as_view()),
+    re_path('^me/', UserInformationView.as_view()),
-    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    re_path('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]

apps/api/viewsets.py

@@ -1,19 +1,29 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+import re
+
 from django.contrib.contenttypes.models import ContentType
 from django_filters.rest_framework import DjangoFilterBackend
 from django.db.models import Q
 from django.conf import settings
 from django.contrib.auth.models import User
-from rest_framework.filters import SearchFilter
 from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
 from permission.backends import PermissionBackend
 from note.models import Alias
 
+from .filters import RegexSafeSearchFilter
 from .serializers import UserSerializer, ContentTypeSerializer
 
 
+def is_regex(pattern):
+    try:
+        re.compile(pattern)
+        return True
+    except (re.error, TypeError):
+        return False
+
+
 class ReadProtectedModelViewSet(ModelViewSet):
     """
     Protect a ModelViewSet by filtering the objects that the user cannot see.
@@ -60,34 +70,38 @@ class UserViewSet(ReadProtectedModelViewSet):
 
         if "search" in self.request.GET:
             pattern = self.request.GET["search"]
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            prefix = "^" if valid_regex else ""
 
             # Filter with different rules
             # We use union-all to keep each filter rule sorted in result
             queryset = queryset.filter(
                 # Match without normalization
-                note__alias__name__iregex="^" + pattern
+                Q(**{f"note__alias__name{suffix}": prefix + pattern})
             ).union(
                 queryset.filter(
                     # Match with normalization
-                    Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                 ),
                 all=True,
             ).union(
                 queryset.filter(
                     # Match on lower pattern
-                    Q(note__alias__normalized_name__iregex="^" + pattern.lower())
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
-                    & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                 ),
                 all=True,
             ).union(
                 queryset.filter(
                     # Match on firstname or lastname
-                    (Q(last_name__iregex="^" + pattern) | Q(first_name__iregex="^" + pattern))
+                    (Q(**{f"last_name{suffix}": prefix + pattern}) | Q(**{f"first_name{suffix}": prefix + pattern}))
-                    & ~Q(note__alias__normalized_name__iregex="^" + pattern.lower())
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
-                    & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                 ),
                 all=True,
             )
@@ -107,6 +121,6 @@ class ContentTypeViewSet(ReadOnlyModelViewSet):
     """
     queryset = ContentType.objects.order_by('id')
     serializer_class = ContentTypeSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['id', 'app_label', 'model', ]
     search_fields = ['$app_label', '$model', ]

apps/food/admin.py

@@ -0,0 +1,37 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.contrib import admin
+from django.db import transaction
+from note_kfet.admin import admin_site
+
+from .models import Allergen, BasicFood, QRCode, TransformedFood
+
+
+@admin.register(QRCode, site=admin_site)
+class QRCodeAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(BasicFood, site=admin_site)
+class BasicFoodAdmin(admin.ModelAdmin):
+    @transaction.atomic
+    def save_related(self, *args, **kwargs):
+        ans = super().save_related(*args, **kwargs)
+        args[1].instance.update()
+        return ans
+
+
+@admin.register(TransformedFood, site=admin_site)
+class TransformedFoodAdmin(admin.ModelAdmin):
+    exclude = ["allergens", "expiry_date"]
+
+    @transaction.atomic
+    def save_related(self, request, form, *args, **kwargs):
+        super().save_related(request, form, *args, **kwargs)
+        form.instance.update()
+
+
+@admin.register(Allergen, site=admin_site)
+class AllergenAdmin(admin.ModelAdmin):
+    pass

apps/food/api/serializers.py

@@ -0,0 +1,50 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from rest_framework import serializers
+
+from ..models import Allergen, BasicFood, QRCode, TransformedFood
+
+
+class AllergenSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Allergen.
+    The djangorestframework plugin will analyse the model `Allergen` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = Allergen
+        fields = '__all__'
+
+
+class BasicFoodSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for BasicFood.
+    The djangorestframework plugin will analyse the model `BasicFood` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = BasicFood
+        fields = '__all__'
+
+
+class QRCodeSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for QRCode.
+    The djangorestframework plugin will analyse the model `QRCode` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = QRCode
+        fields = '__all__'
+
+
+class TransformedFoodSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for TransformedFood.
+    The djangorestframework plugin will analyse the model `TransformedFood` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = TransformedFood
+        fields = '__all__'

apps/food/api/urls.py

@@ -0,0 +1,14 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from .views import AllergenViewSet, BasicFoodViewSet, QRCodeViewSet, TransformedFoodViewSet
+
+
+def register_food_urls(router, path):
+    """
+    Configure router for Food REST API.
+    """
+    router.register(path + '/allergen', AllergenViewSet)
+    router.register(path + '/basic_food', BasicFoodViewSet)
+    router.register(path + '/qrcode', QRCodeViewSet)
+    router.register(path + '/transformed_food', TransformedFoodViewSet)

apps/food/api/views.py

@@ -0,0 +1,61 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from api.viewsets import ReadProtectedModelViewSet
+from django_filters.rest_framework import DjangoFilterBackend
+from rest_framework.filters import SearchFilter
+
+from .serializers import AllergenSerializer, BasicFoodSerializer, QRCodeSerializer, TransformedFoodSerializer
+from ..models import Allergen, BasicFood, QRCode, TransformedFood
+
+
+class AllergenViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `Allergen` objects, serialize it to JSON with the given serializer,
+    then render it on /api/food/allergen/
+    """
+    queryset = Allergen.objects.order_by('id')
+    serializer_class = AllergenSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', ]
+    search_fields = ['$name', ]
+
+
+class BasicFoodViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `BasicFood` objects, serialize it to JSON with the given serializer,
+    then render it on /api/food/basic_food/
+    """
+    queryset = BasicFood.objects.order_by('id')
+    serializer_class = BasicFoodSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', ]
+    search_fields = ['$name', ]
+
+
+class QRCodeViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `QRCode` objects, serialize it to JSON with the given serializer,
+    then render it on /api/food/qrcode/
+    """
+    queryset = QRCode.objects.order_by('id')
+    serializer_class = QRCodeSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['qr_code_number', ]
+    search_fields = ['$qr_code_number', ]
+
+
+class TransformedFoodViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `TransformedFood` objects, serialize it to JSON with the given serializer,
+    then render it on /api/food/transformed_food/
+    """
+    queryset = TransformedFood.objects.order_by('id')
+    serializer_class = TransformedFoodSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', ]
+    search_fields = ['$name', ]

apps/food/apps.py

@@ -0,0 +1,11 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+from django.utils.translation import gettext_lazy as _
+from django.apps import AppConfig
+
+
+class FoodkfetConfig(AppConfig):
+    name = 'food'
+    verbose_name = _('food')

apps/food/forms.py

@@ -0,0 +1,114 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from random import shuffle
+
+from django import forms
+from django.utils.translation import gettext_lazy as _
+from django.utils import timezone
+from member.models import Club
+from bootstrap_datepicker_plus.widgets import DateTimePickerInput
+from note_kfet.inputs import Autocomplete
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
+
+from .models import BasicFood, QRCode, TransformedFood
+
+
+class AddIngredientForms(forms.ModelForm):
+    """
+    Form for add an ingredient
+    """
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['ingredient'].queryset = self.fields['ingredient'].queryset.filter(
+            polymorphic_ctype__model='transformedfood',
+            is_ready=False,
+            is_active=True,
+            was_eaten=False,
+        )
+        # Caution, the logic is inverted here, we flip the logic on saving in AddIngredientView
+        self.fields['is_active'].initial = True
+        self.fields['is_active'].label = _("Fully used")
+
+    class Meta:
+        model = TransformedFood
+        fields = ('ingredient', 'is_active')
+
+
+class BasicFoodForms(forms.ModelForm):
+    """
+    Form for add non-transformed food
+    """
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['name'].widget.attrs.update({"autofocus": "autofocus"})
+        self.fields['name'].required = True
+        self.fields['owner'].required = True
+
+        # Some example
+        self.fields['name'].widget.attrs.update({"placeholder": _("Pasta METRO 5kg")})
+        clubs = list(Club.objects.filter(PermissionBackend.filter_queryset(get_current_request(), Club, "change")).all())
+        shuffle(clubs)
+        self.fields['owner'].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
+
+    class Meta:
+        model = BasicFood
+        fields = ('name', 'owner', 'date_type', 'expiry_date', 'is_active', 'was_eaten', 'allergens',)
+        widgets = {
+            "owner": Autocomplete(
+                model=Club,
+                attrs={"api_url": "/api/members/club/"},
+            ),
+            'expiry_date': DateTimePickerInput(),
+        }
+
+
+class QRCodeForms(forms.ModelForm):
+    """
+    Form for create QRCode
+    """
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['food_container'].queryset = self.fields['food_container'].queryset.filter(
+            is_active=True,
+            was_eaten=False,
+            polymorphic_ctype__model='transformedfood',
+        )
+
+    class Meta:
+        model = QRCode
+        fields = ('food_container',)
+
+
+class TransformedFoodForms(forms.ModelForm):
+    """
+    Form for add transformed food
+    """
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['name'].widget.attrs.update({"autofocus": "autofocus"})
+        self.fields['name'].required = True
+        self.fields['owner'].required = True
+        self.fields['creation_date'].required = True
+        self.fields['creation_date'].initial = timezone.now
+        self.fields['is_active'].initial = True
+        self.fields['is_ready'].initial = False
+        self.fields['was_eaten'].initial = False
+
+        # Some example
+        self.fields['name'].widget.attrs.update({"placeholder": _("Lasagna")})
+        clubs = list(Club.objects.filter(PermissionBackend.filter_queryset(get_current_request(), Club, "change")).all())
+        shuffle(clubs)
+        self.fields['owner'].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
+
+    class Meta:
+        model = TransformedFood
+        fields = ('name', 'creation_date', 'owner', 'is_active', 'is_ready', 'was_eaten', 'shelf_life')
+        widgets = {
+            "owner": Autocomplete(
+                model=Club,
+                attrs={"api_url": "/api/members/club/"},
+            ),
+            'creation_date': DateTimePickerInput(),
+        }

apps/food/migrations/0001_initial.py

@@ -0,0 +1,84 @@
+# Generated by Django 2.2.28 on 2024-07-05 08:57
+
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('contenttypes', '0002_remove_content_type_name'),
+        ('member', '0011_profile_vss_charter_read'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Allergen',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+            ],
+            options={
+                'verbose_name': 'Allergen',
+                'verbose_name_plural': 'Allergens',
+            },
+        ),
+        migrations.CreateModel(
+            name='Food',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('expiry_date', models.DateTimeField(verbose_name='expiry date')),
+                ('was_eaten', models.BooleanField(default=False, verbose_name='was eaten')),
+                ('is_ready', models.BooleanField(default=False, verbose_name='is ready')),
+                ('allergens', models.ManyToManyField(blank=True, to='food.Allergen', verbose_name='allergen')),
+                ('owner', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='+', to='member.Club', verbose_name='owner')),
+                ('polymorphic_ctype', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_food.food_set+', to='contenttypes.ContentType')),
+            ],
+            options={
+                'verbose_name': 'foods',
+            },
+        ),
+        migrations.CreateModel(
+            name='BasicFood',
+            fields=[
+                ('food_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='food.Food')),
+                ('date_type', models.CharField(choices=[('DLC', 'DLC'), ('DDM', 'DDM')], max_length=255)),
+                ('arrival_date', models.DateTimeField(default=django.utils.timezone.now, verbose_name='arrival date')),
+            ],
+            options={
+                'verbose_name': 'Basic food',
+                'verbose_name_plural': 'Basic foods',
+            },
+            bases=('food.food',),
+        ),
+        migrations.CreateModel(
+            name='QRCode',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('qr_code_number', models.PositiveIntegerField(unique=True, verbose_name='QR-code number')),
+                ('food_container', models.OneToOneField(on_delete=django.db.models.deletion.PROTECT, related_name='QR_code', to='food.Food', verbose_name='food container')),
+            ],
+            options={
+                'verbose_name': 'QR-code',
+                'verbose_name_plural': 'QR-codes',
+            },
+        ),
+        migrations.CreateModel(
+            name='TransformedFood',
+            fields=[
+                ('food_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='food.Food')),
+                ('creation_date', models.DateTimeField(verbose_name='creation date')),
+                ('is_active', models.BooleanField(default=True, verbose_name='is active')),
+                ('ingredient', models.ManyToManyField(blank=True, related_name='transformed_ingredient_inv', to='food.Food', verbose_name='transformed ingredient')),
+            ],
+            options={
+                'verbose_name': 'Transformed food',
+                'verbose_name_plural': 'Transformed foods',
+            },
+            bases=('food.food',),
+        ),
+    ]

apps/food/migrations/0002_transformedfood_shelf_life.py

@@ -0,0 +1,19 @@
+# Generated by Django 2.2.28 on 2024-07-06 20:37
+
+import datetime
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('food', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='transformedfood',
+            name='shelf_life',
+            field=models.DurationField(default=datetime.timedelta(days=3), verbose_name='shelf life'),
+        ),
+    ]

apps/food/migrations/0003_create_14_allergens_mandatory.py

@@ -0,0 +1,62 @@
+from django.db import migrations
+
+def create_14_mandatory_allergens(apps, schema_editor):
+    """
+    There are 14 mandatory allergens, they are pre-injected
+    """
+
+    Allergen = apps.get_model("food", "allergen")
+    
+    Allergen.objects.get_or_create(
+        name="Gluten",
+    ) 
+    Allergen.objects.get_or_create(
+        name="Fruits à coques",
+    )
+    Allergen.objects.get_or_create(
+        name="Crustacés",
+    )
+    Allergen.objects.get_or_create(
+        name="Céléri",
+    )
+    Allergen.objects.get_or_create(
+        name="Oeufs",
+    )
+    Allergen.objects.get_or_create(
+        name="Moutarde",
+    )
+    Allergen.objects.get_or_create(
+        name="Poissons",
+    )
+    Allergen.objects.get_or_create(
+        name="Soja",
+    )
+    Allergen.objects.get_or_create(
+        name="Lait",
+    )
+    Allergen.objects.get_or_create(
+        name="Sulfites",
+    )
+    Allergen.objects.get_or_create(
+        name="Sésame",
+    )
+    Allergen.objects.get_or_create(
+        name="Lupin",
+    )
+    Allergen.objects.get_or_create(
+        name="Arachides",
+    )
+    Allergen.objects.get_or_create(
+        name="Mollusques",
+    )
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('food', '0002_transformedfood_shelf_life'),
+    ]
+
+    operations = [
+        migrations.RunPython(create_14_mandatory_allergens),
+    ]
+    
+    

apps/food/migrations/0004_auto_20240813_2358.py

@@ -0,0 +1,28 @@
+# Generated by Django 2.2.28 on 2024-08-13 21:58
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('food', '0003_create_14_allergens_mandatory'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='transformedfood',
+            name='is_active',
+        ),
+        migrations.AddField(
+            model_name='food',
+            name='is_active',
+            field=models.BooleanField(default=True, verbose_name='is active'),
+        ),
+        migrations.AlterField(
+            model_name='qrcode',
+            name='food_container',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='QR_code', to='food.Food', verbose_name='food container'),
+        ),
+    ]

apps/food/models.py

@@ -0,0 +1,226 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from datetime import timedelta
+
+from django.db import models, transaction
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+from member.models import Club
+from polymorphic.models import PolymorphicModel
+
+
+class QRCode(models.Model):
+    """
+    An QRCode model
+    """
+    qr_code_number = models.PositiveIntegerField(
+        verbose_name=_("QR-code number"),
+        unique=True,
+    )
+
+    food_container = models.ForeignKey(
+        'Food',
+        on_delete=models.CASCADE,
+        related_name='QR_code',
+        verbose_name=_('food container'),
+    )
+
+    class Meta:
+        verbose_name = _("QR-code")
+        verbose_name_plural = _("QR-codes")
+
+    def __str__(self):
+        return _("QR-code number {qr_code_number}").format(qr_code_number=self.qr_code_number)
+
+
+class Allergen(models.Model):
+    """
+    A list of allergen and alimentary restrictions
+    """
+    name = models.CharField(
+        verbose_name=_('name'),
+        max_length=255,
+    )
+
+    class Meta:
+        verbose_name = _('Allergen')
+        verbose_name_plural = _('Allergens')
+
+    def __str__(self):
+        return self.name
+
+
+class Food(PolymorphicModel):
+    name = models.CharField(
+        verbose_name=_('name'),
+        max_length=255,
+    )
+
+    owner = models.ForeignKey(
+        Club,
+        on_delete=models.PROTECT,
+        related_name='+',
+        verbose_name=_('owner'),
+    )
+
+    allergens = models.ManyToManyField(
+        Allergen,
+        blank=True,
+        verbose_name=_('allergen'),
+    )
+
+    expiry_date = models.DateTimeField(
+        verbose_name=_('expiry date'),
+        null=False,
+    )
+
+    was_eaten = models.BooleanField(
+        default=False,
+        verbose_name=_('was eaten'),
+    )
+
+    # is_ready != is_active : is_ready signifie que la nourriture est prête à être manger,
+    #                         is_active signifie que la nourriture n'est pas encore archivé
+    # il sert dans les cas où il est plus intéressant que de l'open soit conservé (confiture par ex)
+
+    is_ready = models.BooleanField(
+        default=False,
+        verbose_name=_('is ready'),
+    )
+
+    is_active = models.BooleanField(
+        default=True,
+        verbose_name=_('is active'),
+    )
+
+    def __str__(self):
+        return self.name
+
+    @transaction.atomic
+    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
+        return super().save(force_insert, force_update, using, update_fields)
+
+    class Meta:
+        verbose_name = _('food')
+        verbose_name = _('foods')
+
+
+class BasicFood(Food):
+    """
+    Food which has been directly buy on supermarket
+    """
+    date_type = models.CharField(
+        max_length=255,
+        choices=(
+            ("DLC", "DLC"),
+            ("DDM", "DDM"),
+        )
+    )
+
+    arrival_date = models.DateTimeField(
+        verbose_name=_('arrival date'),
+        default=timezone.now,
+    )
+
+    # label = models.ImageField(
+    #     verbose_name=_('food label'),
+    #     max_length=255,
+    #     blank=False,
+    #     null=False,
+    #     upload_to='label/',
+    # )
+
+    @transaction.atomic
+    def update_allergens(self):
+        # update parents
+        for parent in self.transformed_ingredient_inv.iterator():
+            parent.update_allergens()
+
+    @transaction.atomic
+    def update_expiry_date(self):
+        # update parents
+        for parent in self.transformed_ingredient_inv.iterator():
+            parent.update_expiry_date()
+
+    @transaction.atomic
+    def update(self):
+        self.update_allergens()
+        self.update_expiry_date()
+
+    class Meta:
+        verbose_name = _('Basic food')
+        verbose_name_plural = _('Basic foods')
+
+
+class TransformedFood(Food):
+    """
+    Transformed food  are a mix between basic food and meal
+    """
+    creation_date = models.DateTimeField(
+        verbose_name=_('creation date'),
+    )
+
+    ingredient = models.ManyToManyField(
+        Food,
+        blank=True,
+        symmetrical=False,
+        related_name='transformed_ingredient_inv',
+        verbose_name=_('transformed ingredient'),
+    )
+
+    # Without microbiological analyzes, the storage time is 3 days
+    shelf_life = models.DurationField(
+        verbose_name=_("shelf life"),
+        default=timedelta(days=3),
+    )
+
+    @transaction.atomic
+    def archive(self):
+        # When a meal are archived, if it was eaten, update ingredient fully used for this meal
+        raise NotImplementedError
+
+    @transaction.atomic
+    def update_allergens(self):
+        # When allergens are changed, simply update the parents' allergens
+        old_allergens = list(self.allergens.all())
+        self.allergens.clear()
+        for ingredient in self.ingredient.iterator():
+            self.allergens.set(self.allergens.union(ingredient.allergens.all()))
+
+        if old_allergens == list(self.allergens.all()):
+            return
+        super().save()
+
+        # update parents
+        for parent in self.transformed_ingredient_inv.iterator():
+            parent.update_allergens()
+
+    @transaction.atomic
+    def update_expiry_date(self):
+        # When expiry_date is changed, simply update the parents' expiry_date
+        old_expiry_date = self.expiry_date
+        self.expiry_date = self.creation_date + self.shelf_life
+        for ingredient in self.ingredient.iterator():
+            self.expiry_date = min(self.expiry_date, ingredient.expiry_date)
+
+        if old_expiry_date == self.expiry_date:
+            return
+        super().save()
+
+        # update parents
+        for parent in self.transformed_ingredient_inv.iterator():
+            parent.update_expiry_date()
+
+    @transaction.atomic
+    def update(self):
+        self.update_allergens()
+        self.update_expiry_date()
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        super().save(*args, **kwargs)
+
+    class Meta:
+        verbose_name = _('Transformed food')
+        verbose_name_plural = _('Transformed foods')

apps/food/tables.py

@@ -0,0 +1,19 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import django_tables2 as tables
+from django_tables2 import A
+
+from .models import TransformedFood
+
+
+class TransformedFoodTable(tables.Table):
+    name = tables.LinkColumn(
+        'food:food_view',
+        args=[A('pk'), ],
+    )
+
+    class Meta:
+        model = TransformedFood
+        template_name = 'django_tables2/bootstrap4.html'
+        fields = ('name', "owner", "allergens", "expiry_date")

apps/food/templates/food/add_ingredient_form.html

@@ -0,0 +1,20 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {%  csrf_token %}
+      {{ form|crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/basicfood_detail.html

@@ -0,0 +1,37 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }} {{ food.name }}
+  </h3>
+  <div class="card-body">
+    <ul>
+      <li><p>{% trans 'Owner' %} : {{ food.owner }}</p></li>
+      <li><p>{% trans 'Arrival date' %} : {{ food.arrival_date }}</p></li>
+      <li><p>{% trans 'Expiry date' %} : {{ food.expiry_date }} ({{ food.date_type }})</p></li>
+      <li>{% trans 'Allergens' %} :</li>
+      <ul>
+      {% for allergen in food.allergens.iterator %}
+        <li>{{ allergen.name }}</li>
+      {% endfor %}
+      </ul>
+	<p>
+	<li><p>{% trans 'Active' %} : {{ food.is_active }}<p></li>
+	<li><p>{% trans 'Eaten' %} : {{ food.was_eaten }}<p></li>
+    </ul>
+    {% if can_update %}
+	<a class="btn btn-sm btn-warning" href="{% url "food:basic_update" pk=food.pk %}">{% trans 'Update' %}</a>
+    {% endif %}
+    {% if can_add_ingredient %}
+    	<a class="btn btn-sm btn-success" href="{% url "food:add_ingredient" pk=food.pk %}">
+		{% trans 'Add to a meal' %}
+	</a>
+    {% endif %}
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/basicfood_form.html

@@ -0,0 +1,20 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {% csrf_token %}
+      {{ form | crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/create_qrcode_form.html

@@ -0,0 +1,55 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load render_table from django_tables2 %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <a class="btn btn-sm btn-success" href="{% url "food:qrcode_basic_create" slug=slug %}">
+      {% trans 'New basic food' %}
+    </a>
+    <form method="post">
+      {%  csrf_token %}
+      {{ form|crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
+    </form>
+    <div class="card-body" id="profile_infos">
+      <h4>{% trans "Copy constructor" %}</h4>
+      <table class="table">
+        <thead>
+          <tr>
+            <th class="orderable">
+              {% trans "Name" %}
+            </th>
+            <th class="orderable">
+              {% trans "Owner" %}
+            </th>
+            <th class="orderable">
+              {% trans "Arrival date" %}
+            </th>
+            <th class="orderable">
+              {% trans "Expiry date" %}
+            </th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for basic in last_basic %}
+            <tr>
+              <td><a href="{% url "food:qrcode_basic_create" slug=slug %}?copy={{ basic.pk }}">{{ basic.name }}</a></td>
+              <td>{{ basic.owner }}</td>
+              <td>{{ basic.arrival_date }}</td>
+              <td>{{ basic.expiry_date }}</td>
+            </tr>
+          {% endfor %}
+        </tbody>
+      </table>
+    </div>
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/qrcode_detail.html

@@ -0,0 +1,39 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+    <h3 class="card-header text-center">
+	{{ title }} {% trans 'number' %} {{ qrcode.qr_code_number }}
+    </h3>
+	<div class="card-body">
+	    <ul>
+		<li><p>{% trans 'Name' %} : {{ qrcode.food_container.name }}</p></li>
+		<li><p>{% trans 'Owner' %} : {{ qrcode.food_container.owner }}</p></li>
+		<li><p>{% trans 'Expiry date' %} : {{ qrcode.food_container.expiry_date  }}</p></li>
+	    </ul>
+	{% if qrcode.food_container.polymorphic_ctype.model == 'basicfood' and can_update_basic %}
+	    <a class="btn btn-sm btn-warning" href="{% url "food:basic_update" pk=qrcode.food_container.pk %}" data-turbolinks="false">
+		{% trans 'Update' %}
+	    </a>
+	{% elif can_update_transformed %}
+	    <a class="btn btn-sm btn-warning" href="{% url "food:transformed_update" pk=qrcode.food_container.pk %}">
+		{% trans 'Update' %}
+	    </a>
+	{% endif %}
+	{% if can_view_detail %}
+	    <a class="btn btn-sm btn-primary" href="{% url "food:food_view" pk=qrcode.food_container.pk %}">
+		{% trans 'View details' %}
+	    </a>
+	{% endif %}
+	{% if can_add_ingredient %}
+	    <a class="btn btn-sm btn-success" href="{% url "food:add_ingredient" pk=qrcode.food_container.pk %}">
+		{% trans 'Add to a meal' %}
+	    </a>
+	{% endif %}
+	</div>
+</div>
+{% endblock %}

apps/food/templates/food/transformedfood_detail.html

@@ -0,0 +1,51 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+    <h3 class="card-header text-center">
+	{{ title }} {{ food.name }}
+    </h3>
+	<div class="card-body">
+	    <ul>
+		<li><p>{% trans 'Owner' %} : {{ food.owner }}</p></li>
+		{% if can_see_ready %}
+		<li><p>{% trans 'Ready' %} : {{ food.is_ready }}</p></li>
+		{% endif %}
+		<li><p>{% trans 'Creation date' %} : {{ food.creation_date }}</p></li>
+		<li><p>{% trans 'Expiry date' %} : {{ food.expiry_date }}</p></li>
+		<li>{% trans 'Allergens' %} :</li>
+		<ul>
+		    {% for allergen in food.allergens.iterator %}
+		    <li>{{ allergen.name }}</li>
+		    {% endfor %}
+	        </ul>
+		<p>
+		<li>{% trans 'Ingredients' %} :</li>
+		<ul>
+		    {% for ingredient in food.ingredient.iterator %}
+		    <li><a href="{% url "food:food_view" pk=ingredient.pk %}">{{ ingredient.name }}</a></li>
+		    {% endfor %}
+		</ul>
+		<p>
+		<li><p>{% trans 'Shelf life' %} : {{ food.shelf_life }}</p></li>
+		<li><p>{% trans 'Ready' %} : {{ food.is_ready }}</p></li>
+		<li><p>{% trans 'Active' %} : {{ food.is_active }}</p></li>
+		<li><p>{% trans 'Eaten' %} : {{ food.was_eaten }}</p></li>
+	    </ul>
+	    {% if can_update %}
+	        <a class="btn btn-sm btn-warning" href="{% url "food:transformed_update" pk=food.pk %}">
+		    {% trans 'Update' %}
+		</a>
+	    {% endif %}
+	    {% if can_add_ingredient %}
+	        <a class="btn btn-sm btn-success" href="{% url "food:add_ingredient" pk=food.pk %}">
+		    {% trans 'Add to a meal' %}
+		</a>
+	    {% endif %}
+    </div>
+</div>
+{% endblock %}

apps/food/templates/food/transformedfood_form.html

@@ -0,0 +1,20 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {%  csrf_token %}
+      {{ form|crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

apps/food/templates/food/transformedfood_list.html

@@ -0,0 +1,60 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load render_table from django_tables2 %}
+{% load i18n %}
+
+{% block content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+	{% trans "Meal served" %}
+    </h3>
+    {% if can_create_meal %}
+    <div class="card-footer">
+	<a class="btn btn-sm btn-success" href="{% url 'food:transformed_create' %}" data-turbolinks="false">
+	    {% trans 'New meal' %}
+	</a>
+    </div>
+    {% endif %}
+    {% if served.data %}
+    {% render_table served %}
+    {% else %}
+    <div class="card-body">
+	<div class="alert alert-warning">
+	    {% trans "There is no meal served." %}
+	</div>
+    </div>
+    {% endif %}
+</div>
+
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+	{% trans "Open" %}
+    </h3>
+    {% if open.data %}
+    {% render_table open %}
+    {% else %}
+    <div class="card-body">
+	<div class="alert alert-warning">
+	    {% trans "There is no free meal." %}
+	</div>
+    </div>
+    {% endif %}
+</div>
+
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {% trans "All meals" %}
+    </h3>
+    {% if table.data %}
+    {% render_table table %}
+    {% else %}
+    <div class="card-body">
+        <div class="alert alert-warning">
+            {% trans "There is no meal." %}
+        </div>
+    </div>
+    {% endif %}
+</div>
+{% endblock %}

apps/food/tests.py

@@ -0,0 +1,3 @@
+# from django.test import TestCase
+
+# Create your tests here.

apps/food/urls.py

@@ -0,0 +1,21 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.urls import path
+
+from . import views
+
+app_name = 'food'
+
+urlpatterns = [
+    path('', views.TransformedListView.as_view(), name='food_list'),
+    path('<int:slug>', views.QRCodeView.as_view(), name='qrcode_view'),
+    path('detail/<int:pk>', views.FoodView.as_view(), name='food_view'),
+
+    path('<int:slug>/create_qrcode', views.QRCodeCreateView.as_view(), name='qrcode_create'),
+    path('<int:slug>/create_qrcode/basic', views.QRCodeBasicFoodCreateView.as_view(), name='qrcode_basic_create'),
+    path('create/transformed', views.TransformedFoodCreateView.as_view(), name='transformed_create'),
+    path('update/basic/<int:pk>', views.BasicFoodUpdateView.as_view(), name='basic_update'),
+    path('update/transformed/<int:pk>', views.TransformedFoodUpdateView.as_view(), name='transformed_update'),
+    path('add/<int:pk>', views.AddIngredientView.as_view(), name='add_ingredient'),
+]

apps/food/views.py

@@ -0,0 +1,421 @@
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.db import transaction
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.http import HttpResponseRedirect
+from django_tables2.views import MultiTableMixin
+from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
+from django.utils import timezone
+from django.views.generic import DetailView, UpdateView
+from django.views.generic.list import ListView
+from django.forms import HiddenInput
+from permission.backends import PermissionBackend
+from permission.views import ProtectQuerysetMixin, ProtectedCreateView
+
+from .forms import AddIngredientForms, BasicFoodForms, QRCodeForms, TransformedFoodForms
+from .models import BasicFood, Food, QRCode, TransformedFood
+from .tables import TransformedFoodTable
+
+
+class AddIngredientView(ProtectQuerysetMixin, UpdateView):
+    """
+    A view to add an ingredient
+    """
+    model = Food
+    template_name = 'food/add_ingredient_form.html'
+    extra_context = {"title": _("Add the ingredient")}
+    form_class = AddIngredientForms
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["pk"] = self.kwargs["pk"]
+        return context
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        food = Food.objects.get(pk=self.kwargs['pk'])
+        add_ingredient_form = AddIngredientForms(data=self.request.POST)
+        if food.is_ready:
+            form.add_error(None, _("The product is already prepared"))
+            return self.form_invalid(form)
+        if not add_ingredient_form.is_valid():
+            return self.form_invalid(form)
+
+        # We flip logic ""fully used = not is_active""
+        food.is_active = not food.is_active
+        # Save the aliment and the allergens associed
+        for transformed_pk in self.request.POST.getlist('ingredient'):
+            transformed = TransformedFood.objects.get(pk=transformed_pk)
+            if not transformed.is_ready:
+                transformed.ingredient.add(food)
+                transformed.update()
+        food.save()
+
+        return HttpResponseRedirect(self.get_success_url())
+
+    def get_success_url(self, **kwargs):
+        return reverse('food:food_list')
+
+
+class BasicFoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    """
+    A view to update a basic food
+    """
+    model = BasicFood
+    form_class = BasicFoodForms
+    template_name = 'food/basicfood_form.html'
+    extra_context = {"title": _("Update an aliment")}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        basic_food_form = BasicFoodForms(data=self.request.POST)
+        if not basic_food_form.is_valid():
+            return self.form_invalid(form)
+
+        ans = super().form_valid(form)
+        form.instance.update()
+        return ans
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:food_view', kwargs={"pk": self.object.pk})
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        return context
+
+
+class FoodView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    A view to see a food
+    """
+    model = Food
+    extra_context = {"title": _("Details of:")}
+    context_object_name = "food"
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        context["can_update"] = PermissionBackend.check_perm(self.request, "food.change_food")
+        context["can_add_ingredient"] = PermissionBackend.check_perm(self.request, "food.change_transformedfood")
+        return context
+
+
+class QRCodeBasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    #####################################################################
+    # TO DO
+    # - this feature is very pratical for meat or fish, nevertheless we can implement this later
+    # - fix picture save
+    # - implement solution crop and convert image (reuse or recode ImageForm from members apps)
+    #####################################################################
+    """
+    A view to add a basic food with a qrcode
+    """
+    model = BasicFood
+    form_class = BasicFoodForms
+    template_name = 'food/basicfood_form.html'
+    extra_context = {"title": _("Add a new basic food with QRCode")}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        basic_food_form = BasicFoodForms(data=self.request.POST)
+        if not basic_food_form.is_valid():
+            return self.form_invalid(form)
+
+        # Save the aliment and the allergens associed
+        basic_food = form.save(commit=False)
+        # We assume the date of labeling and the same as the date of arrival
+        basic_food.arrival_date = timezone.now()
+        basic_food.is_ready = False
+        basic_food.is_active = True
+        basic_food.was_eaten = False
+        basic_food._force_save = True
+        basic_food.save()
+        basic_food.refresh_from_db()
+
+        qrcode = QRCode()
+        qrcode.qr_code_number = self.kwargs['slug']
+        qrcode.food_container = basic_food
+        qrcode.save()
+
+        return super().form_valid(form)
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:qrcode_view', kwargs={"slug": self.kwargs['slug']})
+
+    def get_sample_object(self):
+
+        # We choose a club which may work or BDE else
+        owner_id = 1
+        for membership in self.request.user.memberships.all():
+            club_id = membership.club.id
+            food = BasicFood(name="", expiry_date=timezone.now(), owner_id=club_id)
+            if PermissionBackend.check_perm(self.request, "food.add_basicfood", food):
+                owner_id = club_id
+
+        return BasicFood(
+            name="",
+            expiry_date=timezone.now(),
+            owner_id=owner_id,
+        )
+
+    def get_context_data(self, **kwargs):
+        # Some field are hidden on create
+        context = super().get_context_data(**kwargs)
+
+        form = context['form']
+        form.fields['is_active'].widget = HiddenInput()
+        form.fields['was_eaten'].widget = HiddenInput()
+
+        copy = self.request.GET.get('copy', None)
+        if copy is not None:
+            basic = BasicFood.objects.get(pk=copy)
+            for field in ['date_type', 'expiry_date', 'name', 'owner']:
+                form.fields[field].initial = getattr(basic, field)
+            for field in ['allergens']:
+                form.fields[field].initial = getattr(basic, field).all()
+
+        return context
+
+
+class QRCodeCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    """
+    A view to add a new qrcode
+    """
+    model = QRCode
+    template_name = 'food/create_qrcode_form.html'
+    form_class = QRCodeForms
+    extra_context = {"title": _("Add a new QRCode")}
+
+    def get(self, *args, **kwargs):
+        qrcode = kwargs["slug"]
+        if self.model.objects.filter(qr_code_number=qrcode).count() > 0:
+            return HttpResponseRedirect(reverse("food:qrcode_view", kwargs=kwargs))
+        else:
+            return super().get(*args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["slug"] = self.kwargs["slug"]
+
+        context["last_basic"] = BasicFood.objects.order_by('-pk').all()[:10]
+
+        return context
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        qrcode_food_form = QRCodeForms(data=self.request.POST)
+        if not qrcode_food_form.is_valid():
+            return self.form_invalid(form)
+
+        # Save the qrcode
+        qrcode = form.save(commit=False)
+        qrcode.qr_code_number = self.kwargs["slug"]
+        qrcode._force_save = True
+        qrcode.save()
+        qrcode.refresh_from_db()
+
+        qrcode.food_container.save()
+
+        return super().form_valid(form)
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:qrcode_view', kwargs={"slug": self.kwargs['slug']})
+
+    def get_sample_object(self):
+        return QRCode(
+            qr_code_number=self.kwargs["slug"],
+            food_container_id=1
+        )
+
+
+class QRCodeView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    A view to see a qrcode
+    """
+    model = QRCode
+    extra_context = {"title": _("QRCode")}
+    context_object_name = "qrcode"
+    slug_field = "qr_code_number"
+
+    def get(self, *args, **kwargs):
+        qrcode = kwargs["slug"]
+        if self.model.objects.filter(qr_code_number=qrcode).count() > 0:
+            return super().get(*args, **kwargs)
+        else:
+            return HttpResponseRedirect(reverse("food:qrcode_create", kwargs=kwargs))
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        qr_code_number = self.kwargs['slug']
+        qrcode = self.model.objects.get(qr_code_number=qr_code_number)
+
+        model = qrcode.food_container.polymorphic_ctype.model
+
+        if model == "basicfood":
+            context["can_update_basic"] = PermissionBackend.check_perm(self.request, "food.change_basicfood")
+            context["can_view_detail"] = PermissionBackend.check_perm(self.request, "food.view_basicfood")
+        if model == "transformedfood":
+            context["can_update_transformed"] = PermissionBackend.check_perm(self.request, "food.change_transformedfood")
+            context["can_view_detail"] = PermissionBackend.check_perm(self.request, "food.view_transformedfood")
+        context["can_add_ingredient"] = PermissionBackend.check_perm(self.request, "food.change_transformedfood")
+        return context
+
+
+class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    """
+    A view to add a tranformed food
+    """
+    model = TransformedFood
+    template_name = 'food/transformedfood_form.html'
+    form_class = TransformedFoodForms
+    extra_context = {"title": _("Add a new meal")}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        transformed_food_form = TransformedFoodForms(data=self.request.POST)
+        if not transformed_food_form.is_valid():
+            return self.form_invalid(form)
+
+        # Save the aliment and allergens associated
+        transformed_food = form.save(commit=False)
+        transformed_food.expiry_date = transformed_food.creation_date
+        transformed_food.is_active = True
+        transformed_food.is_ready = False
+        transformed_food.was_eaten = False
+        transformed_food._force_save = True
+        transformed_food.save()
+        transformed_food.refresh_from_db()
+        ans = super().form_valid(form)
+        transformed_food.update()
+        return ans
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:food_view', kwargs={"pk": self.object.pk})
+
+    def get_sample_object(self):
+        # We choose a club which may work or BDE else
+        owner_id = 1
+        for membership in self.request.user.memberships.all():
+            club_id = membership.club.id
+            food = TransformedFood(name="",
+                                   creation_date=timezone.now(),
+                                   expiry_date=timezone.now(),
+                                   owner_id=club_id)
+            if PermissionBackend.check_perm(self.request, "food.add_transformedfood", food):
+                owner_id = club_id
+                break
+
+        return TransformedFood(
+            name="",
+            owner_id=owner_id,
+            creation_date=timezone.now(),
+            expiry_date=timezone.now(),
+        )
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        # Some field are hidden on create
+        form = context['form']
+        form.fields['is_active'].widget = HiddenInput()
+        form.fields['is_ready'].widget = HiddenInput()
+        form.fields['was_eaten'].widget = HiddenInput()
+        form.fields['shelf_life'].widget = HiddenInput()
+
+        return context
+
+
+class TransformedFoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    """
+    A view to update transformed product
+    """
+    model = TransformedFood
+    template_name = 'food/transformedfood_form.html'
+    form_class = TransformedFoodForms
+    extra_context = {'title': _('Update a meal')}
+
+    @transaction.atomic
+    def form_valid(self, form):
+        form.instance.creater = self.request.user
+        transformedfood_form = TransformedFoodForms(data=self.request.POST)
+        if not transformedfood_form.is_valid():
+            return self.form_invalid(form)
+
+        ans = super().form_valid(form)
+        form.instance.update()
+        return ans
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse('food:food_view', kwargs={"pk": self.object.pk})
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        return context
+
+
+class TransformedListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, ListView):
+    """
+    Displays ready TransformedFood
+    """
+    model = TransformedFood
+    tables = [TransformedFoodTable, TransformedFoodTable, TransformedFoodTable]
+    extra_context = {"title": _("Transformed food")}
+
+    def get_queryset(self, **kwargs):
+        return super().get_queryset(**kwargs).distinct()
+
+    def get_tables(self):
+        tables = super().get_tables()
+
+        tables[0].prefix = "all-"
+        tables[1].prefix = "open-"
+        tables[2].prefix = "served-"
+        return tables
+
+    def get_tables_data(self):
+        # first table = all transformed food, second table = free, third = served
+        return [
+            self.get_queryset().order_by("-creation_date"),
+            TransformedFood.objects.filter(is_ready=True, is_active=True, was_eaten=False, expiry_date__lt=timezone.now())
+                                   .filter(PermissionBackend.filter_queryset(self.request, TransformedFood, "view"))
+                                   .distinct()
+                                   .order_by("-creation_date"),
+            TransformedFood.objects.filter(is_ready=True, is_active=True, was_eaten=False, expiry_date__gte=timezone.now())
+                                   .filter(PermissionBackend.filter_queryset(self.request, TransformedFood, "view"))
+                                   .distinct()
+                                   .order_by("-creation_date")
+        ]
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        # We choose a club which should work
+        for membership in self.request.user.memberships.all():
+            club_id = membership.club.id
+            food = TransformedFood(
+                name="",
+                owner_id=club_id,
+                creation_date=timezone.now(),
+                expiry_date=timezone.now(),
+            )
+            if PermissionBackend.check_perm(self.request, "food.add_transformedfood", food):
+                context['can_create_meal'] = True
+                break
+
+        tables = context["tables"]
+        for name, table in zip(["table", "open", "served"], tables):
+            context[name] = table
+        return context

apps/member/api/views.py

@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.filters import OrderingFilter
+from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 
 from .serializers import ProfileSerializer, ClubSerializer, MembershipSerializer
@@ -17,7 +18,7 @@ class ProfileViewSet(ReadProtectedModelViewSet):
     """
     queryset = Profile.objects.order_by('id')
     serializer_class = ProfileSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['user', 'user__first_name', 'user__last_name', 'user__username', 'user__email',
                         'user__note__alias__name', 'user__note__alias__normalized_name', 'phone_number', "section",
                         'department', 'promotion', 'address', 'paid', 'ml_events_registration', 'ml_sport_registration',
@@ -34,7 +35,7 @@ class ClubViewSet(ReadProtectedModelViewSet):
     """
     queryset = Club.objects.order_by('id')
     serializer_class = ClubSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'email', 'note__alias__name', 'note__alias__normalized_name', 'parent_club',
                         'parent_club__name', 'require_memberships', 'membership_fee_paid', 'membership_fee_unpaid',
                         'membership_duration', 'membership_start', 'membership_end', ]
@@ -49,7 +50,7 @@ class MembershipViewSet(ReadProtectedModelViewSet):
     """
     queryset = Membership.objects.order_by('id')
     serializer_class = MembershipSerializer
-    filter_backends = [DjangoFilterBackend, OrderingFilter, SearchFilter]
+    filter_backends = [DjangoFilterBackend, OrderingFilter, RegexSafeSearchFilter]
     filterset_fields = ['club__name', 'club__email', 'club__note__alias__name', 'club__note__alias__normalized_name',
                         'user__username', 'user__last_name', 'user__first_name', 'user__email',
                         'user__note__alias__name', 'user__note__alias__normalized_name',

apps/member/forms.py

@@ -3,7 +3,7 @@
 
 import io
 
-from PIL import Image, ImageSequence
+from bootstrap_datepicker_plus.widgets import DatePickerInput
 from django import forms
 from django.conf import settings
 from django.contrib.auth.forms import AuthenticationForm
@@ -13,8 +13,9 @@ from django.forms import CheckboxSelectMultiple
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from note.models import NoteSpecial, Alias
-from note_kfet.inputs import Autocomplete, AmountInput, DatePickerInput
+from note_kfet.inputs import Autocomplete, AmountInput
 from permission.models import PermissionMask, Role
+from PIL import Image, ImageSequence
 
 from .models import Profile, Club, Membership
 
@@ -32,7 +33,7 @@ class UserForm(forms.ModelForm):
         # Django usernames can only contain letters, numbers, @, ., +, - and _.
         # We want to allow users to have uncommon and unpractical usernames:
         # That is their problem, and we have normalized aliases for us.
-        return super()._get_validation_exclusions() + ["username"]
+        return super()._get_validation_exclusions() | {"username"}
 
     class Meta:
         model = User

apps/member/migrations/0013_auto_20240801_1436.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.28 on 2024-08-01 12:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0012_club_add_registration_form'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='profile',
+            name='promotion',
+            field=models.PositiveSmallIntegerField(default=2024, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
+        ),
+    ]

apps/member/models.py

@@ -295,7 +295,14 @@ class Club(models.Model):
 
         today = datetime.date.today()
 
-        while (today - self.membership_start).days >= 365:
+        # Avoid any problems on February 29
+        if self.membership_start.month == 2 and self.membership_start.day == 29:
+            self.membership_start -= datetime.timedelta(days=1)
+        if self.membership_end.month == 2 and self.membership_end.day == 29:
+            self.membership_end += datetime.timedelta(days=1)
+
+        while today >= datetime.date(self.membership_start.year + 1,
+                                     self.membership_start.month, self.membership_start.day):
             if self.membership_start:
                 self.membership_start = datetime.date(self.membership_start.year + 1,
                                                       self.membership_start.month, self.membership_start.day)

apps/member/views.py

@@ -16,8 +16,9 @@ from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DetailView, UpdateView, TemplateView
 from django.views.generic.edit import FormMixin
-from django_tables2.views import SingleTableView
+from django_tables2.views import MultiTableMixin, SingleTableMixin, SingleTableView
 from rest_framework.authtoken.models import Token
+from api.viewsets import is_regex
 from note.models import Alias, NoteClub, NoteUser, Trust
 from note.models.transactions import Transaction, SpecialTransaction
 from note.tables import HistoryTable, AliasTable, TrustTable, TrustedTable
@@ -219,16 +220,20 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
         if "search" in self.request.GET and self.request.GET["search"]:
             pattern = self.request.GET["search"]
 
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            prefix = "^" if valid_regex else ""
             qs = qs.filter(
-                username__iregex="^" + pattern
+                Q(**{f"username{suffix}": prefix + pattern})
             ).union(
                 qs.filter(
-                    (Q(alias__iregex="^" + pattern)
+                    (Q(**{f"alias{suffix}": prefix + pattern})
-                     | Q(normalized_alias__iregex="^" + Alias.normalize(pattern))
+                     | Q(**{f"normalized_alias{suffix}": prefix + Alias.normalize(pattern)})
-                     | Q(last_name__iregex="^" + pattern)
+                     | Q(**{f"last_name{suffix}": prefix + pattern})
-                     | Q(first_name__iregex="^" + pattern)
+                     | Q(**{f"first_name{suffix}": prefix + pattern})
                      | Q(email__istartswith=pattern))
-                    & ~Q(username__iregex="^" + pattern)
+                    & ~Q(**{f"username{suffix}": prefix + pattern})
                 ), all=True)
         else:
             qs = qs.none()
@@ -243,7 +248,7 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
         return context
 
 
-class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
     """
     View and manage user trust relationships
     """
@@ -252,13 +257,25 @@ class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     context_object_name = 'user_object'
     extra_context = {"title": _("Note friendships")}
 
+    tables = [
+        lambda data: TrustTable(data, prefix="trust-"),
+        lambda data: TrustedTable(data, prefix="trusted-"),
+    ]
+
+    def get_tables_data(self):
+        note = self.object.note
+        return [
+            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct(),
+            note.trusted.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct(),
+        ]
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-        note = context['object'].note
+
-        context["trusting"] = TrustTable(
+        tables = context["tables"]
-            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+        for name, table in zip(["trusting", "trusted_by"], tables):
-        context["trusted_by"] = TrustedTable(
+            context[name] = table
-            note.trusted.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+
         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_trust", Trust(
             trusting=context["object"].note,
             trusted=context["object"].note
@@ -277,7 +294,7 @@ class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         return context
 
 
-class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableMixin, DetailView):
     """
     View and manage user aliases.
     """
@@ -286,12 +303,15 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     context_object_name = 'user_object'
     extra_context = {"title": _("Note aliases")}
 
+    table_class = AliasTable
+    context_table_name = "aliases"
+
+    def get_table_data(self):
+        return self.object.note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct() \
+                                     .order_by('normalized_name')
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-        note = context['object'].note
-        context["aliases"] = AliasTable(
-            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
-            .order_by('normalized_name').all())
         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
             note=context["object"].note,
             name="",
@@ -410,10 +430,15 @@ class ClubListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
         if "search" in self.request.GET:
             pattern = self.request.GET["search"]
 
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            prefix = "^" if valid_regex else ""
+
             qs = qs.filter(
-                Q(name__iregex=pattern)
+                Q(**{f"name{suffix}": prefix + pattern})
-                | Q(note__alias__name__iregex=pattern)
+                | Q(**{f"note__alias__name{suffix}": prefix + pattern})
-                | Q(note__alias__normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
             )
 
         return qs
@@ -510,7 +535,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         return context
 
 
-class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableMixin, DetailView):
     """
     Manage aliases of a club.
     """
@@ -519,11 +544,16 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     context_object_name = 'club'
     extra_context = {"title": _("Note aliases")}
 
+    table_class = AliasTable
+    context_table_name = "aliases"
+
+    def get_table_data(self):
+        return self.object.note.alias.filter(
+            PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-        note = context['object'].note
+
-        context["aliases"] = AliasTable(note.alias.filter(
-            PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
             note=context["object"].note,
             name="",
@@ -912,10 +942,15 @@ class ClubMembersListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableV
 
         if 'search' in self.request.GET:
             pattern = self.request.GET['search']
+
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            prefix = "^" if valid_regex else ""
             qs = qs.filter(
-                Q(user__first_name__iregex='^' + pattern)
+                Q(**{f"user__first_name{suffix}": prefix + pattern})
-                | Q(user__last_name__iregex='^' + pattern)
+                | Q(**{f"user__last_name{suffix}": prefix + pattern})
-                | Q(user__note__alias__normalized_name__iregex='^' + Alias.normalize(pattern))
+                | Q(**{f"user__note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
             )
 
         only_active = "only_active" not in self.request.GET or self.request.GET["only_active"] != '0'

apps/note/api/views.py

@@ -1,16 +1,16 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-import re
 
 from django.conf import settings
 from django.db.models import Q
 from django.core.exceptions import ValidationError
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.filters import OrderingFilter
-from rest_framework import viewsets
+from rest_framework import status, viewsets
 from rest_framework.response import Response
-from rest_framework import status
+from api.filters import RegexSafeSearchFilter
-from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
+from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet, \
+    is_regex
 from permission.backends import PermissionBackend
 
 from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer, \
@@ -29,7 +29,7 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
     """
     queryset = Note.objects.order_by('id')
     serializer_class = NotePolymorphicSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter, OrderingFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter, OrderingFilter]
     filterset_fields = ['alias__name', 'polymorphic_ctype', 'is_active', 'balance', 'last_negative', 'created_at', ]
     search_fields = ['$alias__normalized_name', '$alias__name', '$polymorphic_ctype__model',
                      '$noteuser__user__last_name', '$noteuser__user__first_name', '$noteuser__user__email',
@@ -48,10 +48,14 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
             .distinct()
 
         alias = self.request.query_params.get("alias", ".*")
+        # Check if this is a valid regex. If not, we won't check regex
+        valid_regex = is_regex(alias)
+        suffix = '__iregex' if valid_regex else '__istartswith'
+        alias_prefix = '^' if valid_regex else ''
         queryset = queryset.filter(
-            Q(alias__name__iregex="^" + alias)
+            Q(**{f"alias__name{suffix}": alias_prefix + alias})
-            | Q(alias__normalized_name__iregex="^" + Alias.normalize(alias))
+            | Q(**{f"alias__normalized_name{suffix}": alias_prefix + Alias.normalize(alias)})
-            | Q(alias__normalized_name__iregex="^" + alias.lower())
+            | Q(**{f"alias__normalized_name{suffix}": alias_prefix + alias.lower()})
         )
 
         return queryset.order_by("id")
@@ -65,7 +69,7 @@ class TrustViewSet(ReadProtectedModelViewSet):
     """
     queryset = Trust.objects
     serializer_class = TrustSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
     search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name',
                      '$trusted__alias__name', '$trusted__alias__normalized_name']
     filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user']
@@ -91,11 +95,11 @@ class AliasViewSet(ReadProtectedModelViewSet):
     """
     REST API View set.
     The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer,
-    then render it on /api/note/aliases/
+    then render it on /api/note/alias/
     """
     queryset = Alias.objects
     serializer_class = AliasSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
     filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
                         'note__noteclub__club', 'note__polymorphic_ctype__model', ]
@@ -126,18 +130,22 @@ class AliasViewSet(ReadProtectedModelViewSet):
 
         alias = self.request.query_params.get("alias", None)
         if alias:
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(alias)
+            suffix = '__iregex' if valid_regex else '__istartswith'
+            alias_prefix = '^' if valid_regex else ''
             queryset = queryset.filter(
-                name__iregex="^" + alias
+                **{f"name{suffix}": alias_prefix + alias}
             ).union(
                 queryset.filter(
-                    Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    Q(**{f"normalized_name{suffix}": alias_prefix + Alias.normalize(alias)})
-                    & ~Q(name__iregex="^" + alias)
+                    & ~Q(**{f"name{suffix}": alias_prefix + alias})
                 ),
                 all=True).union(
                 queryset.filter(
-                    Q(normalized_name__iregex="^" + alias.lower())
+                    Q(**{f"normalized_name{suffix}": "^" + alias.lower()})
-                    & ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    & ~Q(**{f"normalized_name{suffix}": "^" + Alias.normalize(alias)})
-                    & ~Q(name__iregex="^" + alias)
+                    & ~Q(**{f"name{suffix}": "^" + alias})
                 ),
                 all=True)
 
@@ -147,7 +155,7 @@ class AliasViewSet(ReadProtectedModelViewSet):
 class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
     queryset = Alias.objects
     serializer_class = ConsumerSerializer
-    filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]
+    filter_backends = [RegexSafeSearchFilter, OrderingFilter, DjangoFilterBackend]
     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
     filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
                         'note__noteclub__club', 'note__polymorphic_ctype__model', ]
@@ -166,11 +174,7 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
 
         alias = self.request.query_params.get("alias", None)
         # Check if this is a valid regex. If not, we won't check regex
-        try:
+        valid_regex = is_regex(alias)
-            re.compile(alias)
-            valid_regex = True
-        except (re.error, TypeError):
-            valid_regex = False
         suffix = '__iregex' if valid_regex else '__istartswith'
         alias_prefix = '^' if valid_regex else ''
         queryset = queryset.prefetch_related('note')
@@ -179,19 +183,10 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
             # We match first an alias if it is matched without normalization,
             # then if the normalized pattern matches a normalized alias.
             queryset = queryset.filter(
-                **{f'name{suffix}': alias_prefix + alias}
+                Q(**{f'name{suffix}': alias_prefix + alias})
-            ).union(
+                | Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
-                queryset.filter(
+                | Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
-                    Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
+            )
-                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
-                ),
-                all=True).union(
-                queryset.filter(
-                    Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
-                    & ~Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
-                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
-                ),
-                all=True)
 
         queryset = queryset if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' \
             else queryset.order_by("name")
@@ -207,7 +202,7 @@ class TemplateCategoryViewSet(ReadProtectedModelViewSet):
     """
     queryset = TemplateCategory.objects.order_by('name')
     serializer_class = TemplateCategorySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'templates', 'templates__name']
     search_fields = ['$name', '$templates__name', ]
 
@@ -220,7 +215,7 @@ class TransactionTemplateViewSet(viewsets.ModelViewSet):
     """
     queryset = TransactionTemplate.objects.order_by('name')
     serializer_class = TransactionTemplateSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
     filterset_fields = ['name', 'amount', 'display', 'category', 'category__name', ]
     search_fields = ['$name', '$category__name', ]
     ordering_fields = ['amount', ]
@@ -234,7 +229,7 @@ class TransactionViewSet(ReadProtectedModelViewSet):
     """
     queryset = Transaction.objects.order_by('-created_at')
     serializer_class = TransactionPolymorphicSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
     filterset_fields = ['source', 'source_alias', 'source__alias__name', 'source__alias__normalized_name',
                         'destination', 'destination_alias', 'destination__alias__name',
                         'destination__alias__normalized_name', 'quantity', 'polymorphic_ctype', 'amount',

apps/note/forms.py

@@ -2,12 +2,13 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import datetime
 
+from bootstrap_datepicker_plus.widgets import DateTimePickerInput
 from django import forms
 from django.contrib.contenttypes.models import ContentType
 from django.forms import CheckboxSelectMultiple
 from django.utils.timezone import make_aware
 from django.utils.translation import gettext_lazy as _
-from note_kfet.inputs import Autocomplete, AmountInput, DateTimePickerInput
+from note_kfet.inputs import Autocomplete, AmountInput
 
 from .models import TransactionTemplate, NoteClub, Alias
 

apps/note/migrations/0002_create_special_notes.py

@@ -18,6 +18,7 @@ def create_special_notes(apps, schema_editor):
 class Migration(migrations.Migration):
     dependencies = [
         ('note', '0001_initial'),
+        ('logs', '0001_initial'),
     ]
 
     operations = [

apps/note/templates/note/amount_input.html

@@ -9,7 +9,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
            name="{{ widget.name }}"
            {# Other attributes are loaded  #}
            {% for name, value in widget.attrs.items %}
-                {% ifnotequal value False %}{{ name }}{% ifnotequal value True %}="{{ value|stringformat:'s' }}"{% endifnotequal %}{% endifnotequal %}
+                {% if value is not False %}{{ name }}{% if value is not True %}="{{ value|stringformat:'s' }}"{% endif %}{% endif %}
             {% endfor %}>
     <div class="input-group-append">
         <span class="input-group-text">€</span>

apps/note/views.py

@@ -13,6 +13,7 @@ from django.views.generic import CreateView, UpdateView, DetailView
 from django.urls import reverse_lazy
 from django_tables2 import SingleTableView
 from activity.models import Entry
+from api.viewsets import is_regex
 from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin
 from note_kfet.inputs import AmountInput
@@ -89,11 +90,15 @@ class TransactionTemplateListView(ProtectQuerysetMixin, LoginRequiredMixin, Sing
         qs = super().get_queryset().distinct()
         if "search" in self.request.GET:
             pattern = self.request.GET["search"]
+
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__icontains"
             qs = qs.filter(
-                Q(name__iregex=pattern)
+                Q(**{f"name{suffix}": pattern})
-                | Q(destination__club__name__iregex=pattern)
+                | Q(**{f"destination__club__name{suffix}": pattern})
-                | Q(category__name__iregex=pattern)
+                | Q(**{f"category__name{suffix}": pattern})
-                | Q(description__iregex=pattern)
+                | Q(**{f"description{suffix}": pattern})
             )
 
         qs = qs.order_by('-display', 'category__name', 'destination__club__name', 'name')
@@ -223,7 +228,10 @@ class TransactionSearchView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView
         if "type" in data and data["type"]:
             transactions = transactions.filter(polymorphic_ctype__in=data["type"])
         if "reason" in data and data["reason"]:
-            transactions = transactions.filter(reason__iregex=data["reason"])
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(data["reason"])
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            transactions = transactions.filter(Q(**{f"reason{suffix}": data["reason"]}))
         if "valid" in data and data["valid"]:
             transactions = transactions.filter(valid=data["valid"])
         if "amount_gte" in data and data["amount_gte"]:

apps/permission/api/views.py

@@ -1,9 +1,9 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from api.viewsets import ReadOnlyProtectedModelViewSet
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from api.filters import RegexSafeSearchFilter
+from api.viewsets import ReadOnlyProtectedModelViewSet
 
 from .serializers import PermissionSerializer, RoleSerializer
 from ..models import Permission, Role
@@ -17,9 +17,9 @@ class PermissionViewSet(ReadOnlyProtectedModelViewSet):
     """
     queryset = Permission.objects.order_by('id')
     serializer_class = PermissionSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['model', 'type', 'query', 'mask', 'field', 'permanent', ]
-    search_fields = ['$model__name', '$query', '$description', ]
+    search_fields = ['$model__model', '$query', '$description', ]
 
 
 class RoleViewSet(ReadOnlyProtectedModelViewSet):
@@ -30,6 +30,6 @@ class RoleViewSet(ReadOnlyProtectedModelViewSet):
     """
     queryset = Role.objects.order_by('id')
     serializer_class = RoleSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'permissions', 'for_club', 'memberships__user', ]
     search_fields = ['$name', '$for_club__name', ]

apps/permission/fixtures/initial.json

@@ -3111,6 +3111,647 @@
 			"description": "Voir ceux nous ayant pour ami, pour toujours"
 		}
 	},
+	{
+		"model": "permission.permission",
+		"pk": 199,
+		"fields": {
+			"model": [
+				"activity",
+				"activity"
+			],
+			"query": "{\"opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"open\": true, \"activity_type__manage_entries\":true}",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Voir les activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 200,
+		"fields": {
+			"model": [
+				"activity",
+				"activity"
+			],
+			"query": "{\"opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"open\": true, \"activity_type__manage_entries\":true}",
+			"type": "change",
+			"mask": 2,
+			"field": "open",
+			"permanent": false,
+			"description": "Fermer les activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 201,
+		"fields": {
+			"model": [
+				"activity",
+				"entry"
+			],
+			"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"activity__open\": true, \"activity__activity_type__manage_entries\":true}",
+			"type": "add",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Faire les entrées des activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 202,
+		"fields": {
+			"model": [
+				"activity",
+				"entry"
+			],
+			"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]]}",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Voir les entrées des activités dont l'utilisateur⋅rice est ouvreur⋅se"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 203,
+		"fields": {
+			"model": [
+				"activity",
+				"guest"
+			],
+			"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]]}",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Voir les invité⋅es des activités dont l'utilisateur⋅rice est ouvreur⋅se"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 204,
+		"fields": {
+			"model": [
+				"activity",
+				"guesttransaction"
+			],
+			"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
+			"type": "add",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Créer une transaction d'invitation lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
+		}
+	},
+	{
+
+		"model": "permission.permission",
+		"pk": 205,
+		"fields": {
+			"model": [
+				"note",
+				"specialtransaction"
+			],
+			"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
+			"type": "add",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Créer un crédit ou un retrait quelconque lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 206,
+		"fields": {
+			"model": [
+				"note",
+				"notespecial"
+			],
+			"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Afficher l'interface crédit/retrait lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 207,
+		"fields": {
+			"model": [
+				"activity",
+				"opener"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Voir les ouvreur⋅ses des activités"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 208,
+		"fields": {
+			"model": [
+				"activity",
+				"opener"
+			],
+			"query": "{}",
+			"type": "add",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Ajouter des ouvreur⋅ses aux activités"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 209,
+		"fields": {
+			"model": [
+				"activity",
+				"opener"
+			],
+			"query": "{}",
+			"type": "delete",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Supprimer des ouvreur⋅ses aux activités"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 210,
+		"fields": {
+			"model": [
+				"activity",
+				"activity"
+			],
+			"query": "{}",
+			"type": "change",
+			"mask": 2,
+			"field": "opener",
+			"permanent": false,
+			"description": "Voir le tableau des ouvreur⋅ses"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 211,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir tout les plats"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 212,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"owner\": [\"club\"]}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir tout les plats de son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 213,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"is_ready\": true, \"is_active\": true, \"was_eaten\": false}",
+			"type": "view",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Voir les plats préparés actifs servis"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 214,
+		"fields": {
+			"model": [
+				"food",
+				"qrcode"
+			],
+			"query": "{}",
+			"type": "add",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Initialiser un QR code de traçabilité"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 215,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{\"owner\": [\"club\"]}",
+			"type": "add",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Créer un nouvel ingrédient pour son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 216,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{}",
+			"type": "add",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Créer un nouvel ingrédient"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 217,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir toute la bouffe"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 218,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{\"is_active\": true}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir toute la bouffe active"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 219,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{\"is_active\": true, \"owner\": [\"club\"]}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir la bouffe active de son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 220,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{}",
+			"type": "change",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Modifier de la bouffe"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 221,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{\"is_active\": true, \"was_eaten\": false}",
+			"type": "change",
+			"mask": 3,
+			"field": "allergens",
+			"permanent": false,
+			"description": "Modifier les allergènes de la bouffe existante"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 222,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{\"is_active\": true, \"was_eaten\": false, \"owner\": [\"club\"]}",
+			"type": "change",
+			"mask": 3,
+			"field": "allergens",
+			"permanent": false,
+			"description": "Modifier les allergènes de la bouffe appartenant à son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 223,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{}",
+			"type": "add",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Créer un plat"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 224,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"owner\": [\"club\"]}",
+			"type": "add",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Créer un plat pour son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 225,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{}",
+			"type": "change",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Modifier tout les plats"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 226,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"is_active\": true}",
+			"type": "change",
+			"mask": 3,
+			"field": "was_eaten",
+			"permanent": false,
+			"description": "Indiquer si un plat a été mangé"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 227,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"is_active\": true, \"owner\": [\"club\"]}",
+			"type": "change",
+			"mask": 3,
+			"field": "is_ready",
+			"permanent": false,
+			"description": "Indiquer si un plat de son club est prêt"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 228,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"is_active\": true}",
+			"type": "change",
+			"mask": 3,
+			"field": "is_active",
+			"permanent": false,
+			"description": "Archiver un plat"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 229,
+		"fields": {
+			"model": [
+				"food",
+				"basicfood"
+			],
+			"query": "{\"is_active\": true}",
+			"type": "change",
+			"mask": 3,
+			"field": "is_active",
+			"permanent": false,
+			"description": "Archiver de la bouffe"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 230,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"is_active\": true}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir tout les plats actifs"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 231,
+		"fields": {
+			"model": [
+				"food",
+				"qrcode"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir tous les QR codes"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 232,
+		"fields": {
+			"model": [
+				"food",
+				"qrcode"
+			],
+			"query": "{\"food_container__is_active\": true}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir tous les QR codes actifs"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 233,
+		"fields": {
+			"model": [
+				"food",
+				"qrcode"
+			],
+			"query": "{\"food_container__owner\": [\"club\"], \"food_container__is_active\": true}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir tous les QR codes actifs de son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk" : 234,
+		"fields": {
+			"model": [
+				"food",
+				"transformedfood"
+			],
+			"query": "{\"owner\": [\"club\"], \"is_active\": true}",
+			"type": "change",
+			"mask": 3,
+			"field": "ingredients",
+			"permanent": false,
+			"description": "Changer les ingrédients d'un plat actif de son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 235,
+		"fields": {
+			"model": [
+				"food",
+				"food"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir bouffe"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 236,
+		"fields": {
+			"model": [
+				"food",
+				"food"
+			],
+			"query": "{\"is_active\": true}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir bouffe active"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 237,
+		"fields": {
+			"model": [
+				"food",
+				"food"
+			],
+			"query": "{\"is_active\": true, \"owner\": [\"club\"]}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir bouffe active de son club"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 238,
+		"fields": {
+			"model": [
+				"food",
+				"food"
+			],
+			"query": "{}",
+			"type": "change",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Modifier bouffe"
+		}
+	},
 	{
 		"model": "permission.role",
 		"pk": 1,
@@ -3152,7 +3793,15 @@
 				191,
 				195,
 				196,
-                198
+				198,
+				199,
+				200,
+				201,
+				202,
+				203,
+				204,
+				205,
+				206
 			]
 		}
 	},
@@ -3190,7 +3839,8 @@
 				157,
 				158,
 				159,
-				160
+				160,
+				213
 			]
 		}
 	},
@@ -3216,7 +3866,17 @@
 				49,
 				50,
 				141,
-				169
+				169,
+				212,
+				214,
+				215,
+				219,
+				222,
+				224,
+				227,
+				233,
+				234,
+				237
 			]
 		}
 	},
@@ -3390,7 +4050,21 @@
 				166,
 				167,
 				168,
-				182
+				182,
+				212,
+				214,
+				215,
+				218,
+				221,
+				224,
+				226,
+				227,
+				228,
+				229,
+				230,
+				232,
+				234,
+				236
 			]
 		}
 	},
@@ -3414,7 +4088,11 @@
 				46,
 				148,
 				149,
-				182
+				182,
+				207,
+				208,
+				209,
+				210
 			]
 		}
 	},
@@ -3594,7 +4272,8 @@
 				168,
 				176,
 				177,
-				197
+				197,
+				211
 			]
 		}
 	},
@@ -3612,6 +4291,27 @@
 			]
 		}
 	},
+	{
+		"model": "permission.role",
+		"pk": 22,
+	        "fields": {
+			"for_club": 2,
+			"name": "Respo Bouffe",
+			"permissions": [
+				137,
+				211,
+				214,
+				216,
+				217,
+				220,
+				223,
+				225,
+				231,
+				235,
+				238
+			]
+		}
+	},
 	{
 		"model": "wei.weirole",
 		"pk": 12,

apps/permission/scopes.py

@@ -35,6 +35,8 @@ class PermissionScopes(BaseScopes):
 
 
 class PermissionOAuth2Validator(OAuth2Validator):
+    oidc_claim_scope = None  # fix breaking change of django-oauth-toolkit 2.0.0
+
     def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
         """
         User can request as many scope as he wants, including invalid scopes,

apps/permission/views.py

@@ -12,6 +12,7 @@ from django.forms import HiddenInput
 from django.http import Http404
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import UpdateView, TemplateView, CreateView
+from django_tables2 import MultiTableMixin
 from member.models import Membership
 
 from .backends import PermissionBackend
@@ -35,11 +36,9 @@ class ProtectQuerysetMixin:
         try:
             return super().get_object(queryset)
         except Http404 as e:
-            try:
+            if self.get_queryset(filter_permissions=False).count() == self.get_queryset().count():
-                super().get_object(self.get_queryset(filter_permissions=False))
-                raise PermissionDenied()
-            except Http404:
                 raise e
+            raise PermissionDenied()
 
     def get_form(self, form_class=None):
         form = super().get_form(form_class)
@@ -107,10 +106,31 @@ class ProtectedCreateView(LoginRequiredMixin, CreateView):
         return super().dispatch(request, *args, **kwargs)
 
 
-class RightsView(TemplateView):
+class RightsView(MultiTableMixin, TemplateView):
     template_name = "permission/all_rights.html"
     extra_context = {"title": _("Rights")}
 
+    tables = [
+        lambda data: RightsTable(data, prefix="clubs-"),
+        lambda data: SuperuserTable(data, prefix="superusers-"),
+    ]
+
+    def get_tables_data(self):
+        special_memberships = Membership.objects.filter(
+            date_start__lte=date.today(),
+            date_end__gte=date.today(),
+        ).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent⋅e BDE")
+                                                  | Q(name="Adhérent⋅e Kfet")
+                                                  | Q(name="Membre de club")
+                                                  | Q(name="Bureau de club"))
+                                                & Q(weirole__isnull=True))))\
+            .order_by("club__name", "user__last_name")\
+            .distinct().all()
+        return [
+            special_memberships,
+            User.objects.filter(is_superuser=True).order_by("last_name"),
+        ]
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
@@ -128,19 +148,9 @@ class RightsView(TemplateView):
             role.clubs = [membership.club for membership in active_memberships if role in membership.roles.all()]
 
         if self.request.user.is_authenticated:
-            special_memberships = Membership.objects.filter(
+            tables = context["tables"]
-                date_start__lte=date.today(),
+            for name, table in zip(["special_memberships_table", "superusers"], tables):
-                date_end__gte=date.today(),
+                context[name] = table
-            ).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent⋅e BDE")
-                                                      | Q(name="Adhérent⋅e Kfet")
-                                                      | Q(name="Membre de club")
-                                                      | Q(name="Bureau de club"))
-                                                    & Q(weirole__isnull=True))))\
-                .order_by("club__name", "user__last_name")\
-                .distinct().all()
-            context["special_memberships_table"] = RightsTable(special_memberships, prefix="clubs-")
-            context["superusers"] = SuperuserTable(User.objects.filter(is_superuser=True).order_by("last_name").all(),
-                                                   prefix="superusers-")
 
         return context
 

apps/registration/views.py

@@ -16,6 +16,7 @@ from django.views import View
 from django.views.generic import CreateView, TemplateView, DetailView
 from django.views.generic.edit import FormMixin
 from django_tables2 import SingleTableView
+from api.viewsets import is_regex
 from member.forms import ProfileForm
 from member.models import Membership, Club
 from note.models import SpecialTransaction, Alias
@@ -192,11 +193,16 @@ class FutureUserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableVi
         if "search" in self.request.GET and self.request.GET["search"]:
             pattern = self.request.GET["search"]
 
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix_username = "__iregex" if valid_regex else "__icontains"
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            prefix = "^" if valid_regex else ""
             qs = qs.filter(
-                Q(first_name__iregex=pattern)
+                Q(**{f"first_name{suffix}": pattern})
-                | Q(last_name__iregex=pattern)
+                | Q(**{f"last_name{suffix}": pattern})
-                | Q(profile__section__iregex=pattern)
+                | Q(**{f"profile__section{suffix}": pattern})
-                | Q(username__iregex="^" + pattern)
+                | Q(**{f"username{suffix_username}": prefix + pattern})
             )
 
         return qs

apps/treasury/api/views.py

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 
 from .serializers import InvoiceSerializer, ProductSerializer, RemittanceTypeSerializer, RemittanceSerializer, \
@@ -18,7 +18,7 @@ class InvoiceViewSet(ReadProtectedModelViewSet):
     """
     queryset = Invoice.objects.order_by('id')
     serializer_class = InvoiceSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['bde', 'object', 'description', 'name', 'address', 'date', 'acquitted', 'locked', ]
     search_fields = ['$object', '$description', '$name', '$address', ]
 
@@ -31,7 +31,7 @@ class ProductViewSet(ReadProtectedModelViewSet):
     """
     queryset = Product.objects.order_by('invoice_id', 'id')
     serializer_class = ProductSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['invoice', 'designation', 'quantity', 'amount', ]
     search_fields = ['$designation', '$invoice__object', ]
 
@@ -44,7 +44,7 @@ class RemittanceTypeViewSet(ReadProtectedModelViewSet):
     """
     queryset = RemittanceType.objects.order_by('id')
     serializer_class = RemittanceTypeSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['note', ]
     search_fields = ['$note__special_type', ]
 
@@ -57,7 +57,7 @@ class RemittanceViewSet(ReadProtectedModelViewSet):
     """
     queryset = Remittance.objects.order_by('id')
     serializer_class = RemittanceSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['date', 'remittance_type', 'comment', 'closed', 'transaction_proxies__transaction', ]
     search_fields = ['$remittance_type__note__special_type', '$comment', ]
 
@@ -70,7 +70,7 @@ class SogeCreditViewSet(ReadProtectedModelViewSet):
     """
     queryset = SogeCredit.objects.order_by('id')
     serializer_class = SogeCreditSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['user', 'user__last_name', 'user__first_name', 'user__email', 'user__note__alias__name',
                         'user__note__alias__normalized_name', 'transactions', 'credit_transaction', ]
     search_fields = ['$user__last_name', '$user__first_name', '$user__email', '$user__note__alias__name',

apps/treasury/templates/treasury/invoice_sample.tex

@@ -109,7 +109,7 @@
 \renewcommand{\headrulewidth}{0pt}
 \cfoot{
     \small{\MonNom  ~--~ \MonAdresseRue ~ \MonAdresseVille ~--~ Téléphone : +33(0)7 78 17 22 34\newline
-     Site web : bde.ens-cachan.fr ~--~ E-mail : tresorerie.bde@lists.crans.org \newline Numéro SIRET : 399 485 838 00029
+     E-mail : tresorerie.bde@lists.crans.org ~--~ Numéro SIRET : 399 485 838 00029
     }
 }
 

apps/treasury/views.py

@@ -19,7 +19,8 @@ from django.utils.translation import gettext_lazy as _
 from django.views.generic import UpdateView, DetailView
 from django.views.generic.base import View, TemplateView
 from django.views.generic.edit import BaseFormView, DeleteView
-from django_tables2 import SingleTableView
+from django_tables2 import MultiTableMixin, SingleTableMixin, SingleTableView
+from api.viewsets import is_regex
 from note.models import SpecialTransaction, NoteSpecial, Alias
 from note_kfet.settings.base import BASE_DIR
 from permission.backends import PermissionBackend
@@ -251,21 +252,26 @@ class RemittanceCreateView(ProtectQuerysetMixin, ProtectedCreateView):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
-        context["table"] = RemittanceTable(
-            data=Remittance.objects.filter(
-                PermissionBackend.filter_queryset(self.request, Remittance, "view")).all())
         context["special_transactions"] = SpecialTransactionTable(data=SpecialTransaction.objects.none())
 
         return context
 
 
-class RemittanceListView(LoginRequiredMixin, TemplateView):
+class RemittanceListView(LoginRequiredMixin, MultiTableMixin, TemplateView):
     """
     List existing Remittances
     """
     template_name = "treasury/remittance_list.html"
     extra_context = {"title": _("Remittances list")}
 
+    tables = [
+        lambda data: RemittanceTable(data, prefix="opened-remittances-"),
+        lambda data: RemittanceTable(data, prefix="closed-remittances-"),
+        lambda data: SpecialTransactionTable(data, prefix="no-remittance-", exclude=('remittance_remove', )),
+        lambda data: SpecialTransactionTable(data, prefix="with-remittance-", exclude=('remittance_add', )),
+    ]
+    paginate_by = 10     # number of rows in tables
+
     def dispatch(self, request, *args, **kwargs):
         # Check that the user is authenticated
         if not request.user.is_authenticated:
@@ -275,49 +281,37 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
             raise PermissionDenied(_("You are not able to see the treasury interface."))
         return super().dispatch(request, *args, **kwargs)
 
+    def get_tables_data(self):
+        return [
+            Remittance.objects.filter(closed=False).filter(
+                PermissionBackend.filter_queryset(self.request, Remittance, "view")),
+            Remittance.objects.filter(closed=True).filter(
+                PermissionBackend.filter_queryset(self.request, Remittance, "view")),
+            SpecialTransaction.objects.filter(source__in=NoteSpecial.objects.filter(~Q(remittancetype=None)),
+                                              specialtransactionproxy__remittance=None).filter(
+                PermissionBackend.filter_queryset(self.request, Remittance, "view")),
+            SpecialTransaction.objects.filter(source__in=NoteSpecial.objects.filter(~Q(remittancetype=None)),
+                                              specialtransactionproxy__remittance__closed=False).filter(
+                PermissionBackend.filter_queryset(self.request, Remittance, "view")),
+        ]
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
-        opened_remittances = RemittanceTable(
+        tables = context["tables"]
-            data=Remittance.objects.filter(closed=False).filter(
+        names = [
-                PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
+            "opened_remittances",
-            prefix="opened-remittances-",
+            "closed_remittances",
-        )
+            "special_transactions_no_remittance",
-        opened_remittances.paginate(page=self.request.GET.get("opened-remittances-page", 1), per_page=10)
+            "special_transactions_with_remittance",
-        context["opened_remittances"] = opened_remittances
+        ]
-
+        for name, table in zip(names, tables):
-        closed_remittances = RemittanceTable(
+            context[name] = table
-            data=Remittance.objects.filter(closed=True).filter(
-                PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
-            prefix="closed-remittances-",
-        )
-        closed_remittances.paginate(page=self.request.GET.get("closed-remittances-page", 1), per_page=10)
-        context["closed_remittances"] = closed_remittances
-
-        no_remittance_tr = SpecialTransactionTable(
-            data=SpecialTransaction.objects.filter(source__in=NoteSpecial.objects.filter(~Q(remittancetype=None)),
-                                                   specialtransactionproxy__remittance=None).filter(
-                PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
-            exclude=('remittance_remove', ),
-            prefix="no-remittance-",
-        )
-        no_remittance_tr.paginate(page=self.request.GET.get("no-remittance-page", 1), per_page=10)
-        context["special_transactions_no_remittance"] = no_remittance_tr
-
-        with_remittance_tr = SpecialTransactionTable(
-            data=SpecialTransaction.objects.filter(source__in=NoteSpecial.objects.filter(~Q(remittancetype=None)),
-                                                   specialtransactionproxy__remittance__closed=False).filter(
-                PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
-            exclude=('remittance_add', ),
-            prefix="with-remittance-",
-        )
-        with_remittance_tr.paginate(page=self.request.GET.get("with-remittance-page", 1), per_page=10)
-        context["special_transactions_with_remittance"] = with_remittance_tr
 
         return context
 
 
-class RemittanceUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+class RemittanceUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableMixin, UpdateView):
     """
     Update Remittance
     """
@@ -325,19 +319,18 @@ class RemittanceUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView)
     form_class = RemittanceForm
     extra_context = {"title": _("Update a remittance")}
 
+    table_class = SpecialTransactionTable
+    context_table_name = "special_transactions"
+
     def get_success_url(self):
         return reverse_lazy('treasury:remittance_list')
 
-    def get_context_data(self, **kwargs):
+    def get_table_data(self):
-        context = super().get_context_data(**kwargs)
+        return SpecialTransaction.objects.filter(specialtransactionproxy__remittance=self.object).filter(
+            PermissionBackend.filter_queryset(self.request, Remittance, "view"))
 
-        data = SpecialTransaction.objects.filter(specialtransactionproxy__remittance=self.object).filter(
+    def get_table_kwargs(self):
-            PermissionBackend.filter_queryset(self.request, Remittance, "view")).all()
+        return {"exclude": ('remittance_add', 'remittance_remove', ) if self.object.closed else ('remittance_add', )}
-        context["special_transactions"] = SpecialTransactionTable(
-            data=data,
-            exclude=('remittance_add', 'remittance_remove', ) if self.object.closed else ('remittance_add', ))
-
-        return context
 
 
 class LinkTransactionToRemittanceView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
@@ -411,11 +404,16 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
         if "search" in self.request.GET:
             pattern = self.request.GET["search"]
             if pattern:
+                # Check if this is a valid regex. If not, we won't check regex
+                valid_regex = is_regex(pattern)
+                suffix_alias = "__iregex" if valid_regex else "__icontains"
+                suffix = "__iregex" if valid_regex else "__istartswith"
+                prefix = "^" if valid_regex else ""
                 qs = qs.filter(
-                    Q(user__first_name__iregex=pattern)
+                    Q(**{f"user__first_name{suffix}": pattern})
-                    | Q(user__last_name__iregex=pattern)
+                    | Q(**{f"user__last_name{suffix}": pattern})
-                    | Q(user__note__alias__name__iregex="^" + pattern)
+                    | Q(**{f"user__note__alias__name{suffix_alias}": prefix + pattern})
-                    | Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    | Q(**{f"user__note__alias__normalized_name{suffix_alias}": prefix + Alias.normalize(pattern)})
                 )
 
         if "valid" not in self.request.GET or not self.request.GET["valid"]:

apps/wei/api/views.py

@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.filters import OrderingFilter
+from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 
 from .serializers import WEIClubSerializer, BusSerializer, BusTeamSerializer, WEIRoleSerializer, \
@@ -18,7 +19,7 @@ class WEIClubViewSet(ReadProtectedModelViewSet):
     """
     queryset = WEIClub.objects.order_by('id')
     serializer_class = WEIClubSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'year', 'date_start', 'date_end', 'email', 'note__alias__name',
                         'note__alias__normalized_name', 'parent_club', 'parent_club__name', 'require_memberships',
                         'membership_fee_paid', 'membership_fee_unpaid', 'membership_duration', 'membership_start',
@@ -34,7 +35,7 @@ class BusViewSet(ReadProtectedModelViewSet):
     """
     queryset = Bus.objects.order_by('id')
     serializer_class = BusSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'wei', 'description', ]
     search_fields = ['$name', '$wei__name', '$description', ]
 
@@ -47,7 +48,7 @@ class BusTeamViewSet(ReadProtectedModelViewSet):
     """
     queryset = BusTeam.objects.order_by('id')
     serializer_class = BusTeamSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'bus', 'color', 'description', 'bus__wei', ]
     search_fields = ['$name', '$bus__name', '$bus__wei__name', '$description', ]
 
@@ -60,7 +61,7 @@ class WEIRoleViewSet(ReadProtectedModelViewSet):
     """
     queryset = WEIRole.objects.order_by('id')
     serializer_class = WEIRoleSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'permissions', 'memberships', ]
     search_fields = ['$name', ]
 
@@ -73,7 +74,7 @@ class WEIRegistrationViewSet(ReadProtectedModelViewSet):
     """
     queryset = WEIRegistration.objects.order_by('id')
     serializer_class = WEIRegistrationSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['user', 'user__username', 'user__first_name', 'user__last_name', 'user__email',
                         'user__note__alias__name', 'user__note__alias__normalized_name', 'wei', 'wei__name',
                         'wei__email', 'wei__year', 'soge_credit', 'caution_check', 'birth_date', 'gender',
@@ -92,7 +93,7 @@ class WEIMembershipViewSet(ReadProtectedModelViewSet):
     """
     queryset = WEIMembership.objects.order_by('id')
     serializer_class = WEIMembershipSerializer
-    filter_backends = [DjangoFilterBackend, OrderingFilter, SearchFilter]
+    filter_backends = [DjangoFilterBackend, OrderingFilter, RegexSafeSearchFilter]
     filterset_fields = ['club__name', 'club__email', 'club__note__alias__name',
                         'club__note__alias__normalized_name', 'user__username', 'user__last_name',
                         'user__first_name', 'user__email', 'user__note__alias__name',

apps/wei/forms/registration.py

@@ -1,13 +1,14 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from bootstrap_datepicker_plus.widgets import DatePickerInput
 from django import forms
 from django.contrib.auth.models import User
 from django.db.models import Q
 from django.forms import CheckboxSelectMultiple
 from django.utils.translation import gettext_lazy as _
 from note.models import NoteSpecial, NoteUser
-from note_kfet.inputs import AmountInput, DatePickerInput, Autocomplete, ColorWidget
+from note_kfet.inputs import AmountInput, Autocomplete, ColorWidget
 
 from ..models import WEIClub, WEIRegistration, Bus, BusTeam, WEIMembership, WEIRole
 

apps/wei/tests/test_wei_registration.py

@@ -439,7 +439,7 @@ class TestWEIRegistration(TestCase):
             emergency_contact_phone='+33123456789',
         ))
         self.assertEqual(response.status_code, 200)
-        self.assertTrue("This user can't be in her/his first year since he/she has already participated to a WEI."
+        self.assertTrue("This user can't be in her/his first year since he/she has already participated to a WEI."
                         in str(response.context["form"].errors))
 
         # Check that if the WEI is started, we can't register anyone
@@ -635,7 +635,7 @@ class TestWEIRegistration(TestCase):
         ))
         self.assertEqual(response.status_code, 200)
         self.assertFalse(response.context["form"].is_valid())
-        self.assertTrue("This team doesn't belong to the given bus." in str(response.context["form"].errors))
+        self.assertTrue("This team doesn't belong to the given bus." in str(response.context["form"].errors))
 
         response = self.client.post(reverse("wei:validate_registration", kwargs=dict(pk=self.registration.pk)), dict(
             roles=[WEIRole.objects.get(name="GC WEI").id],

apps/wei/views.py

@@ -22,7 +22,8 @@ from django.views import View
 from django.views.generic import DetailView, UpdateView, RedirectView, TemplateView
 from django.utils.translation import gettext_lazy as _
 from django.views.generic.edit import BaseFormView, DeleteView
-from django_tables2 import SingleTableView
+from django_tables2 import SingleTableView, MultiTableMixin
+from api.viewsets import is_regex
 from member.models import Membership, Club
 from note.models import Transaction, NoteClub, Alias, SpecialTransaction, NoteSpecial
 from note.tables import HistoryTable
@@ -100,7 +101,7 @@ class WEICreateView(ProtectQuerysetMixin, ProtectedCreateView):
         return reverse_lazy("wei:wei_detail", kwargs={"pk": self.object.pk})
 
 
-class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
     """
     View WEI information
     """
@@ -108,34 +109,40 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     context_object_name = "club"
     extra_context = {"title": _("WEI Detail")}
 
-    def get_context_data(self, **kwargs):
+    tables = [
-        context = super().get_context_data(**kwargs)
+        lambda data: HistoryTable(data, prefix="history-"),
-
+        lambda data: WEIMembershipTable(data, prefix="membership-"),
-        club = context["club"]
+        lambda data: WEIRegistrationTable(data, prefix="pre-registration-"),
+        lambda data: BusTable(data, prefix="bus-"),
+    ]
+    paginate_by = 20   # number of rows in tables
 
+    def get_tables_data(self):
+        club = self.object
         club_transactions = Transaction.objects.all().filter(Q(source=club.note) | Q(destination=club.note)) \
             .filter(PermissionBackend.filter_queryset(self.request, Transaction, "view")) \
             .order_by('-created_at', '-id')
-        history_table = HistoryTable(club_transactions, prefix="history-")
-        history_table.paginate(per_page=20, page=self.request.GET.get('history-page', 1))
-        context['history_list'] = history_table
-
         club_member = WEIMembership.objects.filter(
             club=club,
             date_end__gte=date.today(),
         ).filter(PermissionBackend.filter_queryset(self.request, WEIMembership, "view"))
-        membership_table = WEIMembershipTable(data=club_member, prefix="membership-")
-        membership_table.paginate(per_page=20, page=self.request.GET.get('membership-page', 1))
-        context['member_list'] = membership_table
-
         pre_registrations = WEIRegistration.objects.filter(
             PermissionBackend.filter_queryset(self.request, WEIRegistration, "view")).filter(
             membership=None,
             wei=club
         )
-        pre_registrations_table = WEIRegistrationTable(data=pre_registrations, prefix="pre-registration-")
+        buses = Bus.objects.filter(PermissionBackend.filter_queryset(self.request, Bus, "view")) \
-        pre_registrations_table.paginate(per_page=20, page=self.request.GET.get('pre-registration-page', 1))
+            .filter(wei=self.object).annotate(count=Count("memberships")).order_by("name")
-        context['pre_registrations'] = pre_registrations_table
+        return [club_transactions, club_member, pre_registrations, buses, ]
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        club = context["club"]
+
+        tables = context["tables"]
+        for name, table in zip(["history_list", "member_list", "pre_registrations", "buses"], tables):
+            context[name] = table
 
         my_registration = WEIRegistration.objects.filter(wei=club, user=self.request.user)
         if my_registration.exists():
@@ -144,11 +151,6 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
             my_registration = None
         context["my_registration"] = my_registration
 
-        buses = Bus.objects.filter(PermissionBackend.filter_queryset(self.request, Bus, "view")) \
-            .filter(wei=self.object).annotate(count=Count("memberships")).order_by("name")
-        bus_table = BusTable(data=buses, prefix="bus-")
-        context['buses'] = bus_table
-
         random_user = User.objects.filter(~Q(wei__wei__in=[club])).first()
 
         if random_user is None:
@@ -219,13 +221,18 @@ class WEIMembershipsView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableVi
         if not pattern:
             return qs.none()
 
+        # Check if this is a valid regex. If not, we won't check regex
+        valid_regex = is_regex(pattern)
+        suffix_alias = "__iregex" if valid_regex else "__istartswith"
+        suffix = "__iregex" if valid_regex else "__icontains"
+        prefix = "^" if valid_regex else ""
         qs = qs.filter(
-            Q(user__first_name__iregex=pattern)
+            Q(**{f"user__first_name{suffix}": pattern})
-            | Q(user__last_name__iregex=pattern)
+            | Q(**{f"user__last_name{suffix}": pattern})
-            | Q(user__note__alias__name__iregex="^" + pattern)
+            | Q(**{f"user__note__alias__name{suffix_alias}": prefix + pattern})
-            | Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+            | Q(**{f"user__note__alias__normalized_name{suffix_alias}": prefix + Alias.normalize(pattern)})
-            | Q(bus__name__iregex=pattern)
+            | Q(**{f"bus__name{suffix}": pattern})
-            | Q(team__name__iregex=pattern)
+            | Q(**{f"team__name{suffix}": pattern})
         )
 
         return qs
@@ -255,11 +262,16 @@ class WEIRegistrationsView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTable
         pattern = self.request.GET.get("search", "")
 
         if pattern:
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix_alias = "__iregex" if valid_regex else "__istartswith"
+            suffix = "__iregex" if valid_regex else "__icontains"
+            prefix = "^" if valid_regex else ""
             qs = qs.filter(
-                Q(user__first_name__iregex=pattern)
+                Q(**{f"user__first_name{suffix}": pattern})
-                | Q(user__last_name__iregex=pattern)
+                | Q(**{f"user__last_name{suffix}": pattern})
-                | Q(user__note__alias__name__iregex="^" + pattern)
+                | Q(**{f"user__note__alias__name{suffix_alias}": prefix + pattern})
-                | Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                | Q(**{f"user__note__alias__normalized_name{suffix_alias}": prefix + Alias.normalize(pattern)})
             )
 
         return qs

docs/apps/activity.rst

@@ -8,7 +8,7 @@ peuvent être diffusées via des calendriers ou la mailing list d'événements.
 Modèles
 -------
 
-L'application comporte 5 modèles : activités, types d'activité, invité⋅es, entrées et transactions d'invitation.
+L'application comporte 6 modèles : activités, types d'activité, invité⋅es, entrées et transactions d'invitation et les ouvreur⋅ses.
 
 Types d'activité
 ~~~~~~~~~~~~~~~~
@@ -71,6 +71,17 @@ comportent qu'un champ supplémentaire, de type ``OneToOneField`` vers ``Guest``
 Ce modèle aurait pu appartenir à l'application ``note``, mais afin de rester modulaire et que l'application ``note``
 ne dépende pas de cette application, on procède de cette manière.
 
+Ouvreur⋅ses
+~~~~~~~~~~~
+
+Depuis la page d'une activité, il est possible d'ajouter des personnes en tant qu'« ouvreur⋅se ». Cela permet à une
+personne sans aucun droit note de pouvoir faire les entrées d'une ``Activity``. Ce rôle n'est valable que pendant que
+l'activité est ouverte et sur aucune autre activité. Les ouvreur⋅ses ont aussi accès à l'interface des transactions.
+
+Ce modèle regroupe :
+* Activité (clé étrangère)
+* Note (clé étrangère)
+
 Graphe
 ~~~~~~
 
@@ -108,3 +119,6 @@ apparaîssent, afin de régler la taxe d'invitation : l'un prélève directement
 permettent un paiement par espèces ou par carte bancaire. En réalité, les deux derniers boutons enregistrent
 automatiquement un crédit sur la note de l'hôte, puis une transaction (de type ``GuestTransaction``) est faite depuis
 la note de l'hôte vers la note du club organisateur de l'événement.
+
+Si une personne souhaite faire les entrées, il est possible de l'ajouter dans la liste des ouvreur⋅ses depuis la page
+de l'activité.

docs/apps/food.rst

@@ -0,0 +1,83 @@
+Application Food
+================
+
+L'application ``food`` s'occupe de la traçabilité et permet notamment l'obtention de la liste des allergènes.
+
+Modèles
+-------
+
+L'application comporte 5 modèles : Allergen, QRCode, Food, BasicFood, TransformedFood.
+
+Food
+~~~~
+
+Ce modèle est un PolymorphicModel et ne sert uniquement à créer BasicFood et TransformedFood.
+
+Le modèle regroupe :
+
+* Nom du produit
+* Propriétaire (doit-être un Club)
+* Allergènes (ManyToManyField)
+* date d'expiration
+* a été mangé (booléen)
+* est prêt (booléen)
+
+BasicFood
+~~~~~~~~~
+
+Les BasicFood correspondent aux produits non modifiés à la Kfet. Ils peuvent correspondre à la fois à des produits achetés en magasin ou à des produits Terre à Terre. Ces produits seront les ingrédients de tous les plats préparés et en conséquent sont les seuls produits à nécessité une saisie manuelle des allergènes.
+
+Le modèle regroupe :
+
+* Type de date (DLC = date limite de consommation, DDM = date de durabilité minimale)
+* Date d'arrivée
+* Champs de Food
+
+TransformedFood
+~~~~~~~~~~~~~~~
+
+Les TransformedFood correspondent aux produits préparés à la Kfet. Ils peuvent être composés de BasicFood et/ou de TransformedFood. La date d'expiration et les allergènes sont automatiquement mis à jour par update (qui doit être exécuté après modification des ingrédients dans les forms par exemple).
+
+Le modèle regroupe :
+
+* Durée de consommation (par défaut 3 jours)
+* Ingrédients (ManyToManyField vers Food)
+* Date de création
+* Champs de Food
+
+Allergen
+~~~~~~~~
+
+Le modèle regroupe :
+
+* Nom
+
+QRCode
+~~~~~~
+
+Le modèle regroupe :
+
+* nombre (unique, entier positif)
+* food (OneToOneField vers Food)
+
+Création de BasicFood
+~~~~~~~~~~~~~~~~~~~~~
+
+Un BasicFood a toujours besoin d'un QRCode (depuis l'interface web). Il convient donc de coller le QRCode puis de le scanner et de compléter le formulaire.
+
+Création de TransformedFood
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Pour créer un TransformedFood, il suffit d'aller dans l'onglet ``traçabilité`` et de cliquer sur l'onglet.
+
+Ajouter un ingrédient
+~~~~~~~~~~~~~~~~~~~~~
+
+Un ingrédient a forcément un QRCode. Il convient donc de scanner le QRCode de l'ingrédient et de sélectionner le produit auquel il doit être ajouté.
+
+Remarque : Un produit fini doit avoir un QRCode et inversement.
+
+Terminer un plat
+~~~~~~~~~~~~~~~~
+
+Il suffit de coller le QRCode sur le plat, de le scanner et de sélectionner le produit.

docs/faq.rst

@@ -177,11 +177,13 @@ Contributeur⋅rices
 
    Liste des contributeur⋅rices majeur⋅es, par ordre alphabétique :
 
-   * Pierre-André « PAC » COMBY
+   * bleizi
-   * Emmy « ÿnérant » D'ANELLO
+   * erdnaxe
-   * Benjamin « esum » GRAILLOT
+   * esum
-   * Alexandre « erdnaxe » IOOSS
+   * korenst1
-   * Nicolas « nicomarg » MARGULIES
+   * nicomarg
+   * PAC
+   * ÿnérant
 
 
 Hébergement

locale/fr/LC_MESSAGES/djangojs.po

@@ -17,6 +17,14 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
+#: apps/member/static/member/js/alias.js:17
+msgid "Opener successfully added"
+msgstr "Ouvreureuse ajouté avec succès"
+
+#: apps/member/static/member/js/alias.js:17
+msgid "Opener successfully deleted"
+msgstr "Ouvreureuse supprimé avec succès"
+
 #: apps/member/static/member/js/alias.js:17
 msgid "Alias successfully added"
 msgstr "Alias ajouté avec succès"

note_kfet/admin.py

@@ -25,8 +25,8 @@ admin_site.register(Site, SiteAdmin)
 
 # Add external apps model
 if "oauth2_provider" in settings.INSTALLED_APPS:
-    from oauth2_provider.admin import Application, ApplicationAdmin, Grant, \
+    from oauth2_provider.admin import ApplicationAdmin, GrantAdmin, AccessTokenAdmin, RefreshTokenAdmin
-        GrantAdmin, AccessToken, AccessTokenAdmin, RefreshToken, RefreshTokenAdmin
+    from oauth2_provider.models import Application, Grant, AccessToken, RefreshToken
     admin_site.register(Application, ApplicationAdmin)
     admin_site.register(Grant, GrantAdmin)
     admin_site.register(AccessToken, AccessTokenAdmin)

note_kfet/inputs.py

@@ -68,264 +68,3 @@ class ColorWidget(Widget):
     def value_from_datadict(self, data, files, name):
         val = super().value_from_datadict(data, files, name)
         return int(val[1:], 16)
-
-
-"""
-The remaining of this file comes from the project `django-bootstrap-datepicker-plus` available on Github:
-https://github.com/monim67/django-bootstrap-datepicker-plus
-This is distributed under Apache License 2.0.
-
-This adds datetime pickers with bootstrap.
-"""
-
-"""Contains Base Date-Picker input class for widgets of this package."""
-
-
-class DatePickerDictionary:
-    """Keeps track of all date-picker input classes."""
-
-    _i = 0
-    items = dict()
-
-    @classmethod
-    def generate_id(cls):
-        """Return a unique ID for each date-picker input class."""
-        cls._i += 1
-        return 'dp_%s' % cls._i
-
-
-class BasePickerInput(DateTimeBaseInput):
-    """Base Date-Picker input class for widgets of this package."""
-
-    template_name = 'bootstrap_datepicker_plus/date-picker.html'
-    picker_type = 'DATE'
-    format = '%Y-%m-%d'
-    config = {}
-    _default_config = {
-        'id': None,
-        'picker_type': None,
-        'linked_to': None,
-        'options': {}  # final merged options
-    }
-    options = {}  # options extended by user
-    options_param = {}  # options passed as parameter
-    _default_options = {
-        'showClose': True,
-        'showClear': True,
-        'showTodayButton': True,
-        "locale": "fr",
-    }
-
-    # source: https://github.com/tutorcruncher/django-bootstrap3-datetimepicker
-    # file: /blob/31fbb09/bootstrap3_datetime/widgets.py#L33
-    format_map = (
-        ('DDD', r'%j'),
-        ('DD', r'%d'),
-        ('MMMM', r'%B'),
-        ('MMM', r'%b'),
-        ('MM', r'%m'),
-        ('YYYY', r'%Y'),
-        ('YY', r'%y'),
-        ('HH', r'%H'),
-        ('hh', r'%I'),
-        ('mm', r'%M'),
-        ('ss', r'%S'),
-        ('a', r'%p'),
-        ('ZZ', r'%z'),
-    )
-
-    class Media:
-        """JS/CSS resources needed to render the date-picker calendar."""
-
-        js = (
-            'https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.9.0/'
-            'moment-with-locales.min.js',
-            'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/'
-            '4.17.47/js/bootstrap-datetimepicker.min.js',
-            'bootstrap_datepicker_plus/js/datepicker-widget.js'
-        )
-        css = {'all': (
-            'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/'
-            '4.17.47/css/bootstrap-datetimepicker.css',
-            'bootstrap_datepicker_plus/css/datepicker-widget.css'
-        ), }
-
-    @classmethod
-    def format_py2js(cls, datetime_format):
-        """Convert python datetime format to moment datetime format."""
-        for js_format, py_format in cls.format_map:
-            datetime_format = datetime_format.replace(py_format, js_format)
-        return datetime_format
-
-    @classmethod
-    def format_js2py(cls, datetime_format):
-        """Convert moment datetime format to python datetime format."""
-        for js_format, py_format in cls.format_map:
-            datetime_format = datetime_format.replace(js_format, py_format)
-        return datetime_format
-
-    def __init__(self, attrs=None, format=None, options=None):
-        """Initialize the Date-picker widget."""
-        self.format_param = format
-        self.options_param = options if options else {}
-        self.config = self._default_config.copy()
-        self.config['id'] = DatePickerDictionary.generate_id()
-        self.config['picker_type'] = self.picker_type
-        self.config['options'] = self._calculate_options()
-        attrs = attrs if attrs else {}
-        if 'class' not in attrs:
-            attrs['class'] = 'form-control'
-        super().__init__(attrs, self._calculate_format())
-
-    def _calculate_options(self):
-        """Calculate and Return the options."""
-        _options = self._default_options.copy()
-        _options.update(self.options)
-        if self.options_param:
-            _options.update(self.options_param)
-        return _options
-
-    def _calculate_format(self):
-        """Calculate and Return the datetime format."""
-        _format = self.format_param if self.format_param else self.format
-        if self.config['options'].get('format'):
-            _format = self.format_js2py(self.config['options'].get('format'))
-        else:
-            self.config['options']['format'] = self.format_py2js(_format)
-        return _format
-
-    def get_context(self, name, value, attrs):
-        """Return widget context dictionary."""
-        context = super().get_context(
-            name, value, attrs)
-        context['widget']['attrs']['dp_config'] = json_dumps(self.config)
-        return context
-
-    def start_of(self, event_id):
-        """
-        Set Date-Picker as the start-date of a date-range.
-
-        Args:
-            - event_id (string): User-defined unique id for linking two fields
-        """
-        DatePickerDictionary.items[str(event_id)] = self
-        return self
-
-    def end_of(self, event_id, import_options=True):
-        """
-        Set Date-Picker as the end-date of a date-range.
-
-        Args:
-            - event_id (string): User-defined unique id for linking two fields
-            - import_options (bool): inherit options from start-date input,
-              default: TRUE
-        """
-        event_id = str(event_id)
-        if event_id in DatePickerDictionary.items:
-            linked_picker = DatePickerDictionary.items[event_id]
-            self.config['linked_to'] = linked_picker.config['id']
-            if import_options:
-                backup_moment_format = self.config['options']['format']
-                self.config['options'].update(linked_picker.config['options'])
-                self.config['options'].update(self.options_param)
-                if self.format_param or 'format' in self.options_param:
-                    self.config['options']['format'] = backup_moment_format
-                else:
-                    self.format = linked_picker.format
-            # Setting useCurrent is necessary, see following issue
-            # https://github.com/Eonasdan/bootstrap-datetimepicker/issues/1075
-            self.config['options']['useCurrent'] = False
-            self._link_to(linked_picker)
-        else:
-            raise KeyError(
-                'start-date not specified for event_id "%s"' % event_id)
-        return self
-
-    def _link_to(self, linked_picker):
-        """
-        Executed when two date-inputs are linked together.
-
-        This method for sub-classes to override to customize the linking.
-        """
-        pass
-
-
-class DatePickerInput(BasePickerInput):
-    """
-    Widget to display a Date-Picker Calendar on a DateField property.
-
-    Args:
-        - attrs (dict): HTML attributes of rendered HTML input
-        - format (string): Python DateTime format eg. "%Y-%m-%d"
-        - options (dict): Options to customize the widget, see README
-    """
-
-    picker_type = 'DATE'
-    format = '%Y-%m-%d'
-    format_key = 'DATE_INPUT_FORMATS'
-
-
-class TimePickerInput(BasePickerInput):
-    """
-    Widget to display a Time-Picker Calendar on a TimeField property.
-
-    Args:
-        - attrs (dict): HTML attributes of rendered HTML input
-        - format (string): Python DateTime format eg. "%Y-%m-%d"
-        - options (dict): Options to customize the widget, see README
-    """
-
-    picker_type = 'TIME'
-    format = '%H:%M'
-    format_key = 'TIME_INPUT_FORMATS'
-    template_name = 'bootstrap_datepicker_plus/time_picker.html'
-
-
-class DateTimePickerInput(BasePickerInput):
-    """
-    Widget to display a DateTime-Picker Calendar on a DateTimeField property.
-
-    Args:
-        - attrs (dict): HTML attributes of rendered HTML input
-        - format (string): Python DateTime format eg. "%Y-%m-%d"
-        - options (dict): Options to customize the widget, see README
-    """
-
-    picker_type = 'DATETIME'
-    format = '%Y-%m-%d %H:%M'
-    format_key = 'DATETIME_INPUT_FORMATS'
-
-
-class MonthPickerInput(BasePickerInput):
-    """
-    Widget to display a Month-Picker Calendar on a DateField property.
-
-    Args:
-        - attrs (dict): HTML attributes of rendered HTML input
-        - format (string): Python DateTime format eg. "%Y-%m-%d"
-        - options (dict): Options to customize the widget, see README
-    """
-
-    picker_type = 'MONTH'
-    format = '01/%m/%Y'
-    format_key = 'DATE_INPUT_FORMATS'
-
-
-class YearPickerInput(BasePickerInput):
-    """
-    Widget to display a Year-Picker Calendar on a DateField property.
-
-    Args:
-        - attrs (dict): HTML attributes of rendered HTML input
-        - format (string): Python DateTime format eg. "%Y-%m-%d"
-        - options (dict): Options to customize the widget, see README
-    """
-
-    picker_type = 'YEAR'
-    format = '01/01/%Y'
-    format_key = 'DATE_INPUT_FORMATS'
-
-    def _link_to(self, linked_picker):
-        """Customize the options when linked with other date-time input"""
-        yformat = self.config['options']['format'].replace('-01-01', '-12-31')
-        self.config['options']['format'] = yformat

note_kfet/settings/base.py

@@ -40,8 +40,9 @@ INSTALLED_APPS = [
     # External apps
     'bootstrap_datepicker_plus',
     'colorfield',
+    'crispy_bootstrap4',
     'crispy_forms',
-    'django_htcpcp_tea',
+#    'django_htcpcp_tea',
     'django_tables2',
     'mailer',
     'phonenumber_field',
@@ -69,6 +70,7 @@ INSTALLED_APPS = [
     # Note apps
     'api',
     'activity',
+    'food',
     'logs',
     'member',
     'note',
@@ -90,12 +92,14 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.sites.middleware.CurrentSiteMiddleware',
-    'django_htcpcp_tea.middleware.HTCPCPTeaMiddleware',
     'note_kfet.middlewares.SessionMiddleware',
     'note_kfet.middlewares.LoginByIPMiddleware',
     'note_kfet.middlewares.TurbolinksMiddleware',
     'note_kfet.middlewares.ClacksMiddleware',
 ]
+if "django_htcpcp_tea" in INSTALLED_APPS:
+    MIDDLEWARE.append('django_htcpcp_tea.middleware.HTCPCPTeaMiddleware')
+
 
 ROOT_URLCONF = 'note_kfet.urls'
 
@@ -236,7 +240,7 @@ DEFAULT_FROM_EMAIL = "NoteKfet2020 <" + SERVER_EMAIL + ">"
 cache_address = os.getenv("CACHE_ADDRESS", "127.0.0.1:11211")
 CACHES = {
     'default': {
-        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+        'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',
         'LOCATION': cache_address,
     }
 }
@@ -263,6 +267,9 @@ OAUTH2_PROVIDER = {
     'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
 }
 
+# PKCE (fix a breaking change of django-oauth-toolkit 2.0.0)
+PKCE_REQUIRED = False
+
 # Take control on how widget templates are sourced
 # See https://docs.djangoproject.com/en/2.2/ref/forms/renderers/#templatessetting
 FORM_RENDERER = 'django.forms.renderers.TemplatesSetting'
@@ -274,6 +281,7 @@ LOGIN_REDIRECT_URL = '/'
 SESSION_COOKIE_AGE = 60 * 60 * 3
 
 # Use Crispy Bootstrap4 theme
+CRISPY_ALLOWED_TEMPLATE_PACKS = 'bootstrap4'
 CRISPY_TEMPLATE_PACK = 'bootstrap4'
 
 # Use Django Table2 Bootstrap4 theme
@@ -295,3 +303,6 @@ PHONENUMBER_DEFAULT_REGION = 'FR'
 
 # We add custom information to CAS, in order to give a normalized name to other services
 CAS_AUTH_CLASS = 'member.auth.CustomAuthUser'
+
+# Default field for primary key
+DEFAULT_AUTO_FIELD = "django.db.models.AutoField"

note_kfet/templates/autocomplete_model.html

@@ -8,7 +8,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
    {% if widget.value != None and widget.value != "" %}value="{{ widget.value }}"{% endif %}
    name="{{ widget.name }}_name" autocomplete="off"
     {% for name, value in widget.attrs.items %}
-        {% ifnotequal value False %}{{ name }}{% ifnotequal value True %}="{{ value|stringformat:'s' }}"{% endifnotequal %}{% endifnotequal %}
+        {% if value is not False %}{{ name }}{% if value is not True %}="{{ value|stringformat:'s' }}"{% endif %}{% endif %}
     {% endfor %}
     aria-describedby="{{widget.attrs.id}}_tooltip">
     {% if widget.resetable %}

note_kfet/templates/base.html

@@ -66,6 +66,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
                             <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-coffee"></i> {% trans 'Consumptions' %}</a>
                         </li>
                     {% endif %}
+		    {% if request.user.is_authenticated %}
+                    	<li class="nav-item">
+                            {% url 'food:food_list' as url %}
+			    <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-cutlery"></i> {% trans 'Food' %}</a>
+                    	</li>
+		    {% endif %}	
                     {% if user.is_authenticated and user|is_member:"Kfet" %}
                         <li class="nav-item">
                             {% url 'note:transfer' as url %}

note_kfet/urls.py

@@ -21,6 +21,7 @@ urlpatterns = [
     path('activity/', include('activity.urls')),
     path('treasury/', include('treasury.urls')),
     path('wei/', include('wei.urls')),
+    path('food/',include('food.urls')),
 
     # Include Django Contrib and Core routers
     path('i18n/', include('django.conf.urls.i18n')),
@@ -30,9 +31,6 @@ urlpatterns = [
     path('accounts/', include('django.contrib.auth.urls')),
     path('api/', include('api.urls')),
     path('permission/', include('permission.urls')),
-
-    # Make coffee
-    path('coffee/', include('django_htcpcp_tea.urls')),
 ]
 
 # During development, serve static and media files
@@ -57,6 +55,11 @@ if "debug_toolbar" in settings.INSTALLED_APPS:
         path('__debug__/', include(debug_toolbar.urls)),
     ] + urlpatterns
 
+if "django_htcpcp_tea" in settings.INSTALLED_APPS:
+    # Make coffee
+    urlpatterns.append(
+        path('coffee/', include('django_htcpcp_tea.urls'))
+    )
 
 handler400 = bad_request
 handler403 = permission_denied

requirements.txt

@@ -1,19 +1,20 @@
-beautifulsoup4~=4.7.1
+beautifulsoup4~=4.12.3
-Django~=2.2.15
+crispy-bootstrap4~=2023.1
-django-bootstrap-datepicker-plus~=3.0.5
+Django~=4.2.9
-django-cas-server~=1.2.0
+django-bootstrap-datepicker-plus~=5.0.5
-django-colorfield~=0.3.2
+#django-cas-server~=2.0.0
-django-crispy-forms~=1.7.2
+django-colorfield~=0.11.0
-django-extensions>=2.1.4
+django-crispy-forms~=2.1.0
-django-filter~=2.1
+django-extensions>=3.2.3
-django-htcpcp-tea~=0.3.1
+django-filter~=23.5
-django-mailer~=2.0.1
+#django-htcpcp-tea~=0.8.1
-django-oauth-toolkit~=1.3.3
+django-mailer~=2.3.1
-django-phonenumber-field~=5.0.0
+django-oauth-toolkit~=2.3.0
-django-polymorphic>=2.0.3,<3.0.0
+django-phonenumber-field~=7.3.0
-djangorestframework>=3.9.0,<3.13.0
+django-polymorphic~=3.1.0
-django-rest-polymorphic~=0.1.9
+djangorestframework~=3.14.0
-django-tables2~=2.3.1
+django-rest-polymorphic~=0.1.10
-python-memcached~=1.59
+django-tables2~=2.7.0
-phonenumbers~=8.9.10
+python-memcached~=1.62
-Pillow>=5.4.1
+phonenumbers~=8.13.28
+Pillow>=10.2.0

shell-static.nix

@@ -0,0 +1,34 @@
+# This is a workaround meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
+# 
+# The nk20 javascript static location are hardcoded for imperative system.
+# This make ./manage.py collectstatic hard to use with nixos.
+# 
+# A workaround is to enter a FHSUserEnv with the static placed under /share/javascript/<static>.
+# This emulate a debian like system and enable collecting static normally with ./manage.py collectstatics.
+# The regular shell.nix should be enough for other configurations.
+#
+# Warning, you are still supposed to use pip package with a venv !
+{ pkgs ? import <nixpkgs> {} }:
+(pkgs.buildFHSUserEnv {
+  name = "pipzone";
+  targetPkgs = pkgs: (with pkgs;
+  let
+    fhs-static = stdenv.mkDerivation {
+      name = "fhs-static";
+      buildCommand = ''
+      mkdir -p $out/share/javascript/bootstrap4
+      mkdir -p $out/share/javascript/jquery
+      ln -s ${python39Packages.xstatic-bootstrap}/lib/python3.9/site-packages/xstatic/pkg/bootstrap/data/* $out/share/javascript/bootstrap4
+      ln -s ${python39Packages.xstatic-jquery}/lib/python3.9/site-packages/xstatic/pkg/jquery/data/* $out/share/javascript/jquery
+    '';
+    };
+  in [
+    fhs-static
+    python39
+    gettext
+    python39Packages.pip
+    python39Packages.virtualenv
+    python39Packages.setuptools
+  ]);
+  runScript = "bash";
+}).env

shell.nix

@@ -0,0 +1,23 @@
+# This is meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
+#
+# This shell.nix contains all dependencies require to create a venv and pip install -r requirements.txt.
+#
+# Please check shell-static.nix for running ./manage.py collectstatics.
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+    python39
+    python39Packages.pip
+    python39Packages.setuptools
+    gettext
+
+  ];
+  shellHook = ''
+    # Tells pip to put packages into $PIP_PREFIX instead of the usual locations.
+    # See https://pip.pypa.io/en/stable/user_guide/#environment-variables.
+    export PIP_PREFIX=$(pwd)/_build/pip_packages
+    export PYTHONPATH="$PIP_PREFIX/${pkgs.python39.sitePackages}:$PYTHONPATH"
+    export PATH="$PIP_PREFIX/bin:$PATH"
+    unset SOURCE_DATE_EPOCH
+  '';
+}

tox.ini

@@ -1,13 +1,13 @@
 [tox]
 envlist =
-    # Debian Buster Python
-    py37-django22
-
-    # Ubuntu 20.04 Python
-    py38-django22
-
     # Debian Bullseye Python
-    py39-django22
+    py39-django42
+
+    # Ubuntu 22.04 Python
+    py310-django42
+
+    # Debian Bookworm Python
+    py311-django42
 
     linters
 skipsdist = True
@@ -51,4 +51,4 @@ max-complexity = 15
 max-line-length = 160
 import-order-style = google
 application-import-names = flake8
-format = ${cyan}%(path)s${reset}:${yellow_bold}%(row)d${reset}:${green_bold}%(col)d${reset}: ${red_bold}%(code)s${reset} %(text)s
+format = %(cyan)s%(path)s%(reset)s:%(yellow)s%(bold)s%(row)d%(reset)s:%(green)s%(bold)s%(col)d%(reset)s: %(red)s%(bold)s%(code)s%(reset)s %(text)s