Merge branch 'oidc' into 'main'

OIDC 0 Quark 1

See merge request bde/nk20!322

apps/activity/migrations/0007_alter_guest_activity.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.2.20 on 2025-05-08 19:07
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('activity', '0006_guest_school'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='guest',
+            name='activity',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='+', to='activity.activity'),
+        ),
+    ]

apps/activity/models.py

@@ -234,7 +234,7 @@ class Guest(models.Model):
     """
     activity = models.ForeignKey(
         Activity,
-        on_delete=models.PROTECT,
+        on_delete=models.CASCADE,
         related_name='+',
     )
 

apps/activity/templates/activity/activity_detail.html

@@ -95,5 +95,23 @@ SPDX-License-Identifier: GPL-3.0-or-later
             errMsg(xhr.responseJSON);
         });
     });
+    $("#delete_activity").click(function () {
+        if (!confirm("{% trans 'Are you sure you want to delete this activity?' %}")) {
+            return;
+        }
+
+        $.ajax({
+            url: "/api/activity/activity/{{ activity.pk }}/",
+            type: "DELETE",
+            headers: {
+                "X-CSRFTOKEN": CSRF_TOKEN
+            }
+        }).done(function () {
+            addMsg("{% trans 'Activity deleted' %}", "success");
+            window.location.href = "/activity/";  // Redirige vers la liste des activités
+        }).fail(function (xhr) {
+            errMsg(xhr.responseJSON);
+        });
+    });
 </script>
 {% endblock %}

apps/activity/templates/activity/includes/activity_info.html

@@ -70,7 +70,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
             {% if ".change_"|has_perm:activity %}
                 <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_update' pk=activity.pk %}" data-turbolinks="false"> {% trans "edit"|capfirst %}</a>
             {% endif %}
-            {% if activity.activity_type.can_invite and not activity_started %}
+            {% if not activity.valid and ".delete_"|has_perm:activity %}
+                <a class="btn btn-danger btn-sm my-1" id="delete_activity"> {% trans "delete"|capfirst %} </a>
+            {% endif %}
+            {% if activity.activity_type.can_invite and not activity_started and activity.valid %}
                 <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_invite' pk=activity.pk %}" data-turbolinks="false"> {% trans "Invite" %}</a>
             {% endif %}
         {% endif %}

apps/activity/urls.py

@@ -15,4 +15,5 @@ urlpatterns = [
     path('<int:pk>/update/', views.ActivityUpdateView.as_view(), name='activity_update'),
     path('new/', views.ActivityCreateView.as_view(), name='activity_create'),
     path('calendar.ics', views.CalendarView.as_view(), name='calendar_ics'),
+    path('<int:pk>/delete', views.ActivityDeleteView.as_view(), name='delete_activity'),
 ]

apps/activity/views.py

@@ -9,7 +9,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.db.models import F, Q
-from django.http import HttpResponse
+from django.http import HttpResponse, JsonResponse
 from django.urls import reverse_lazy
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -153,6 +153,34 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
 
 
+class ActivityDeleteView(View):
+    """
+    Deletes an Activity
+    """
+    def delete(self, request, pk):
+        try:
+            activity = Activity.objects.get(pk=pk)
+            activity.delete()
+            return JsonResponse({"message": "Activity deleted"})
+        except Activity.DoesNotExist:
+            return JsonResponse({"error": "Activity not found"}, status=404)
+
+    def dispatch(self, *args, **kwargs):
+        """
+        Don't display the delete button if the user has no right to delete.
+        """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        activity = Activity.objects.get(pk=self.kwargs["pk"])
+        if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity):
+            raise PermissionDenied(_("You are not allowed to delete this activity."))
+
+        if activity.valid:
+            raise PermissionDenied(_("This activity is valid."))
+        return super().dispatch(*args, **kwargs)
+
+
 class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
     """
     Invite a Guest, The rules to invites someone are defined in `forms:activity.GuestForm`

apps/food/api/serializers.py

@@ -3,7 +3,7 @@
 
 from rest_framework import serializers
 
-from ..models import Allergen, BasicFood, TransformedFood, QRCode
+from ..models import Allergen, Food, BasicFood, TransformedFood, QRCode
 
 
 class AllergenSerializer(serializers.ModelSerializer):
@@ -16,6 +16,16 @@ class AllergenSerializer(serializers.ModelSerializer):
         fields = '__all__'
 
 
+class FoodSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Food.
+    The djangorestframework plugin will analyse the model `Food` and parse all fields in the API.
+    """
+    class Meta:
+        model = Food
+        fields = '__all__'
+
+
 class BasicFoodSerializer(serializers.ModelSerializer):
     """
     REST API Serializer for BasicFood.

apps/food/api/urls.py

@@ -1,7 +1,7 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .views import AllergenViewSet, BasicFoodViewSet, TransformedFoodViewSet, QRCodeViewSet
+from .views import AllergenViewSet, FoodViewSet, BasicFoodViewSet, TransformedFoodViewSet, QRCodeViewSet
 
 
 def register_food_urls(router, path):
@@ -9,6 +9,7 @@ def register_food_urls(router, path):
     Configure router for Food REST API.
     """
     router.register(path + '/allergen', AllergenViewSet)
+    router.register(path + '/food', FoodViewSet)
     router.register(path + '/basicfood', BasicFoodViewSet)
     router.register(path + '/transformedfood', TransformedFoodViewSet)
     router.register(path + '/qrcode', QRCodeViewSet)

apps/food/api/views.py

@@ -5,8 +5,8 @@ from api.viewsets import ReadProtectedModelViewSet
 from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.filters import SearchFilter
 
-from .serializers import AllergenSerializer, BasicFoodSerializer, TransformedFoodSerializer, QRCodeSerializer
-from ..models import Allergen, BasicFood, TransformedFood, QRCode
+from .serializers import AllergenSerializer, FoodSerializer, BasicFoodSerializer, TransformedFoodSerializer, QRCodeSerializer
+from ..models import Allergen, Food, BasicFood, TransformedFood, QRCode
 
 
 class AllergenViewSet(ReadProtectedModelViewSet):
@@ -22,6 +22,19 @@ class AllergenViewSet(ReadProtectedModelViewSet):
     search_fields = ['$name', ]
 
 
+class FoodViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `Food` objects, serialize it to JSON with the given serializer,
+    then render it on /api/food/food/
+    """
+    queryset = Food.objects.order_by('id')
+    serializer_class = FoodSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', ]
+    search_fields = ['$name', ]
+
+
 class BasicFoodViewSet(ReadProtectedModelViewSet):
     """
     REST API View set.

apps/food/forms.py

@@ -12,7 +12,7 @@ from note_kfet.inputs import Autocomplete
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 
-from .models import BasicFood, TransformedFood, QRCode
+from .models import Food, BasicFood, TransformedFood, QRCode
 
 
 class QRCodeForms(forms.ModelForm):
@@ -22,7 +22,6 @@ class QRCodeForms(forms.ModelForm):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.fields['food_container'].queryset = self.fields['food_container'].queryset.filter(
-            is_ready=False,
             end_of_life__isnull=True,
             polymorphic_ctype__model='transformedfood',
         ).filter(PermissionBackend.filter_queryset(
@@ -151,3 +150,38 @@ class AddIngredientForms(forms.ModelForm):
     class Meta:
         model = TransformedFood
         fields = ('ingredients',)
+
+
+class ManageIngredientsForm(forms.Form):
+    """
+    Form to manage ingredient
+    """
+    fully_used = forms.BooleanField()
+    fully_used.initial = True
+    fully_used.required = True
+    fully_used.label = _('Fully used')
+
+    name = forms.CharField()
+    name.widget = Autocomplete(
+        model=Food,
+        resetable=True,
+        attrs={"api_url": "/api/food/food",
+               "class": "autocomplete"},
+    )
+    name.label = _('Name')
+
+    qrcode = forms.IntegerField()
+    qrcode.widget = Autocomplete(
+        model=QRCode,
+        resetable=True,
+        attrs={"api_url": "/api/food/qrcode/",
+               "name_field": "qr_code_number",
+               "class": "autocomplete"},
+    )
+    qrcode.label = _('QR code number')
+
+
+ManageIngredientsFormSet = forms.formset_factory(
+    ManageIngredientsForm,
+    extra=1,
+)

apps/food/templates/food/food_detail.html

@@ -39,6 +39,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
 	<a class="btn btn-sm btn-primary" href="{% url "food:add_ingredient" pk=food.pk %}">
 	  {% trans "Add to a meal" %}
 	</a>
+      {% endif %}
+      {% if manage_ingredients %}
+        <a class="btn btn-sm btn-secondary" href="{% url "food:manage_ingredients" pk=food.pk %}">
+	  {% trans "Manage ingredients" %}
+	</a>
       {% endif %}
 	<a class="btn btn-sm btn-primary" href="{% url "food:food_list" %}">
 	  {% trans "Return to the food list" %}

apps/food/templates/food/manage_ingredients.html

@@ -0,0 +1,116 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form"></div>
+  <form method="post" action="">
+    {% csrf_token %}
+    <table class="table table-condensed table-striped">
+      {# Fill initial data #}
+      {% for display, form in formset %}
+      {% if forloop.first %}
+      <thead>
+	<tr>
+	  <th>{{ form.name.label }}</th>
+	  <th>{{ form.qrcode.label }}</th>
+	  <th>{{ form.fully_used.label }}</th>
+	</tr>
+      </thead>
+      <tbody id="form_body">
+	{% endif %}
+	{% if display %}
+	<tr class="row-formset ingredients">
+	{% else %}
+	<tr class="row-formset ingredients" style="display: none">
+	{% endif %}
+	  <td>{{ form.name }}</td>
+	  <td>{{ form.qrcode }}</td>
+	  <td>{{ form.fully_used }}</td>
+	</tr>
+      {% endfor %}
+      </tbody>
+    </table>
+
+    {# Display buttons to add and remove ingredients #}
+    <div class="card-body">
+      <div class="btn-group btn-block" role="group">
+	<button type="button" id="add_more" class="btn btn-success">{% trans "Add ingredient" %}</button>
+	<button type="button" id="remove_one" class="btn btn-danger">{% trans "Remove ingredient" %}</button>
+      </div>
+    <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </div>
+  </form>
+</div>
+
+{% endblock %}
+{% block extrajavascript %} 
+<script>
+/* script that handles add and remove lines */
+
+const foods = {{ ingredients | safe }};
+
+function set_ingredient_id () {
+	let ingredients = document.getElementsByClassName('ingredients');
+	for (var i = 0; i < ingredients.length; i++) {
+		ingredients[i].id = 'ingredients-' + parseInt(i);
+	};
+}
+set_ingredient_id();
+
+function prepopulate () {
+	for (var i = 0; i < {{ ingredients_count }}; i++) {
+		let prefix = 'id_form-' + parseInt(i) + '-';
+		document.getElementById(prefix + 'name_pk').value = parseInt(foods[i]['food_pk']);
+		document.getElementById(prefix + 'name').value = foods[i]['food_name'];
+		document.getElementById(prefix + 'qrcode_pk').value = parseInt(foods[i]['qr_pk']);
+		if (foods[i]['qr_number'] === '') {
+			document.getElementById(prefix + 'qrcode').value = '';
+		}
+		else {
+		document.getElementById(prefix + 'qrcode').value = parseInt(foods[i]['qr_number']);
+		};
+		document.getElementById(prefix + 'fully_used').checked = Boolean(foods[i]['fully_used']);
+	};
+}
+prepopulate();
+
+function delete_form_data (form_id) {
+	let prefix = "id_form-" + parseInt(form_id) + "-";
+	document.getElementById(prefix + "name_pk").value = "";
+	document.getElementById(prefix + "name").value = "";
+	document.getElementById(prefix + "qrcode_pk").value = "";
+	document.getElementById(prefix + "qrcode").value = "";
+	document.getElementById(prefix + "fully_used").checked = true;
+}
+var form_count = {{ ingredients_count }} + 1;
+
+$('#add_more').click(function () {
+	let ingredient_form = document.getElementById('ingredients-' + parseInt(form_count));
+	if (ingredient_form === null) {
+		addMsg(gettext("You can't add more ingredient"), "danger",  5000);
+		return;};
+	ingredient_form.style = "display: true";
+	form_count += 1;
+});
+  
+$('#remove_one').click(function () {
+	let ingredient_form = document.getElementById('ingredients-' + parseInt(form_count - 1));
+	if (ingredient_form === null) {
+		return;};
+	ingredient_form.style = "display: none";
+	delete_form_data(form_count - 1);
+	form_count -= 1;
+});
+
+addMsg(gettext("Add ingredient with their name or their qrcode, if two different priority is given to qrcode"), "warning"); 
+
+</script>
+{% endblock %}

apps/food/templates/food/transformedfood_update.html

@@ -0,0 +1,87 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {% csrf_token %}
+      {{ form | crispy }}
+      <table class="table table-condensed table-striped">
+        {# Fill initial data #}
+        {% for ingredient_form in formset %}
+        {% if forloop.first %}
+        <thead>
+          <tr>
+	    <th>{% trans "Name" %}</th>
+	    <th>{% trans "QR-code number" %}</th>
+	    <th>{% trans "Fully used" %}<th>
+          </tr>
+        </thead>
+        <tbody id="form_body">
+        {% endif %}
+        <tr class="row-formset">
+		{{ ingredient_form | crispy }}
+          <td>{{ ingredient_form.name }}</td>
+	  <td>{{ ingredient_form.qrcode }}</td>
+	  <td>{{ ingredient_form.fully_used }}</td>
+        </tr>
+        {% endfor %}
+        </tbody>
+      </table>
+      {# Display buttons to add and remove products #}
+      <div class="card-body">
+        <div class="btn-group btn-block" role="group">
+          <button type="button" id="add_more" class="btn btn-success">{% trans "Add ingredient" %}</button>
+	  <button type="button" id="remove_one" class="btn btn-danger">{% trans "Remove ingredient" %}</button>
+        </div>
+        <button type="submit" class="btn btn-block btn-primary">{% trans "Submit" %}</button>
+      </div>
+    </form>
+  </div>
+</div>
+
+{# Hidden div that store an empty product form, to be copied into new forms #}
+<div id="empty_form" style="display: none;">
+    <table class='no_error'>
+        <tbody id="for_real">
+            <tr class="row-formset">
+                <td>{{ formset.empty_form.name }}</td>
+		<td>{{ formset.empty_form.qrcode }}</td>
+		<td>{{ formset.empty_form.fully_used }}</td>
+            </tr>
+        </tbody>
+    </table>
+</div>
+{% endblock %}
+{% block extrajavascript %}
+<script>
+    /* script that handles add and remove lines */
+    IDS = {};
+
+    $("#id_form-TOTAL_FORMS").val($(".row-formset").length - 1);
+
+    $('#add_more').click(function () {
+        let form_idx = $('#id_form-TOTAL_FORMS').val();
+        $('#form_body').append($('#for_real').html().replace(/__prefix__/g, form_idx));
+        $('#id_form-TOTAL_FORMS').val(parseInt(form_idx) + 1);
+        $('#id_form-' + parseInt(form_idx) + '-id').val(IDS[parseInt(form_idx)]);
+    });
+
+    $('#remove_one').click(function () {
+        let form_idx = $('#id_form-TOTAL_FORMS').val();
+        if (form_idx > 0) {
+            IDS[parseInt(form_idx) - 1] = $('#id_form-' + (parseInt(form_idx) - 1) + '-id').val();
+            $('#form_body tr:last-child').remove();
+            $('#id_form-TOTAL_FORMS').val(parseInt(form_idx) - 1);
+        }
+    });
+</script>
+{% endblock %}

apps/food/urls.py

@@ -13,6 +13,7 @@ urlpatterns = [
     path('<int:slug>/add/basic', views.BasicFoodCreateView.as_view(), name='basicfood_create'),
     path('add/transformed', views.TransformedFoodCreateView.as_view(), name='transformedfood_create'),
     path('update/<int:pk>', views.FoodUpdateView.as_view(), name='food_update'),
+    path('update/ingredients/<int:pk>', views.ManageIngredientsView.as_view(), name='manage_ingredients'),
     path('detail/<int:pk>', views.FoodDetailView.as_view(), name='food_view'),
     path('detail/basic/<int:pk>', views.BasicFoodDetailView.as_view(), name='basicfood_view'),
     path('detail/transformed/<int:pk>', views.TransformedFoodDetailView.as_view(), name='transformedfood_view'),

apps/food/views.py

@@ -7,7 +7,7 @@ from api.viewsets import is_regex
 from django_tables2.views import MultiTableMixin
 from django.db import transaction
 from django.db.models import Q
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, Http404
 from django.views.generic import DetailView, UpdateView, CreateView
 from django.views.generic.list import ListView
 from django.urls import reverse_lazy
@@ -18,7 +18,9 @@ from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView, LoginRequiredMixin
 
 from .models import Food, BasicFood, TransformedFood, QRCode
-from .forms import AddIngredientForms, BasicFoodForms, TransformedFoodForms, BasicFoodUpdateForms, TransformedFoodUpdateForms, QRCodeForms
+from .forms import QRCodeForms, BasicFoodForms, TransformedFoodForms, \
+    ManageIngredientsForm, ManageIngredientsFormSet, AddIngredientForms, \
+    BasicFoodUpdateForms, TransformedFoodUpdateForms
 from .tables import FoodTable
 from .utils import pretty_duration
 
@@ -61,7 +63,8 @@ class FoodListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, Li
             valid_regex = is_regex(pattern)
             suffix = '__iregex' if valid_regex else '__istartswith'
             prefix = '^' if valid_regex else ''
-            qs = qs.filter(Q(**{f'name{suffix}': prefix + pattern}))
+            qs = qs.filter(Q(**{f'name{suffix}': prefix + pattern})
+                           | Q(**{f'owner__name{suffix}': prefix + pattern}))
         else:
             qs = qs.none()
         search_table = qs.filter(PermissionBackend.filter_queryset(self.request, Food, 'view'))
@@ -69,11 +72,11 @@ class FoodListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, Li
         open_table = self.get_queryset().order_by('expiry_date').filter(
             Q(polymorphic_ctype__model='transformedfood')
             | Q(polymorphic_ctype__model='basicfood', basicfood__date_type='DLC')).filter(
-                expiry_date__lt=timezone.now()).filter(
+                expiry_date__lt=timezone.now(), end_of_life='').filter(
                     PermissionBackend.filter_queryset(self.request, Food, 'view'))
         # table served
         served_table = self.get_queryset().order_by('-pk').filter(
-            end_of_life='', is_ready=True).filter(
+            end_of_life='', is_ready=True).exclude(
                 Q(polymorphic_ctype__model='basicfood',
                   basicfood__date_type='DLC',
                   expiry_date__lte=timezone.now(),)
@@ -106,7 +109,7 @@ class FoodListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, Li
         return context
 
 
-class QRCodeCreateView(ProtectQuerysetMixin, CreateView):
+class QRCodeCreateView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
     """
     A view to add qrcode
     """
@@ -166,7 +169,8 @@ class BasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
     template_name = "food/food_update.html"
 
     def get_sample_object(self):
-        return BasicFood(
+        # We choose a club which may work or BDE else
+        food = BasicFood(
             name="",
             owner_id=1,
             expiry_date=timezone.now(),
@@ -175,6 +179,14 @@ class BasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
             date_type='DLC',
         )
 
+        for membership in self.request.user.memberships.all():
+            club_id = membership.club.id
+            food.owner_id = club_id
+            if PermissionBackend.check_perm(self.request, "food.add_basicfood", food):
+                return food
+
+        return food
+
     @transaction.atomic
     def form_valid(self, form):
         if QRCode.objects.filter(qr_code_number=self.kwargs['slug']).count() > 0:
@@ -225,13 +237,22 @@ class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
     template_name = "food/food_update.html"
 
     def get_sample_object(self):
-        return TransformedFood(
+        # We choose a club which may work or BDE else
+        food = TransformedFood(
             name="",
             owner_id=1,
             expiry_date=timezone.now(),
             is_ready=True,
         )
 
+        for membership in self.request.user.memberships.all():
+            club_id = membership.club.id
+            food.owner_id = club_id
+            if PermissionBackend.check_perm(self.request, "food.add_transformedfood", food):
+                return food
+
+        return food
+
     @transaction.atomic
     def form_valid(self, form):
         form.instance.expiry_date = timezone.now() + timedelta(days=3)
@@ -243,7 +264,80 @@ class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
         return reverse_lazy('food:transformedfood_view', kwargs={"pk": self.object.pk})
 
 
-class AddIngredientView(ProtectQuerysetMixin, UpdateView):
+MAX_FORMS = 100
+
+
+class ManageIngredientsView(LoginRequiredMixin, UpdateView):
+    """
+    A view to manage ingredient for a transformed food
+    """
+    model = TransformedFood
+    fields = ['ingredients']
+    extra_context = {"title": _("Manage ingredients of:")}
+    template_name = 'food/manage_ingredients.html'
+
+    @transaction.atomic
+    def form_valid(self, form):
+        old_ingredients = list(self.object.ingredients.all()).copy()
+        old_allergens = list(self.object.allergens.all()).copy()
+        self.object.ingredients.clear()
+        for i in range(self.object.ingredients.all().count() + 1 + MAX_FORMS):
+            prefix = 'form-' + str(i) + '-'
+            if form.data[prefix + 'qrcode'] not in ['0', '']:
+                ingredient = QRCode.objects.get(pk=form.data[prefix + 'qrcode']).food_container
+                self.object.ingredients.add(ingredient)
+                if (prefix + 'fully_used') in form.data and form.data[prefix + 'fully_used'] == 'on':
+                    ingredient.end_of_life = _('Fully used in {meal}'.format(
+                        meal=self.object.name))
+                    ingredient.save()
+
+            elif form.data[prefix + 'name'] != '':
+                ingredient = Food.objects.get(pk=form.data[prefix + 'name'])
+                self.object.ingredients.add(ingredient)
+                if (prefix + 'fully_used') in form.data and form.data[prefix + 'fully_used'] == 'on':
+                    ingredient.end_of_life = _('Fully used in {meal}'.format(
+                        meal=self.object.name))
+                    ingredient.save()
+        # We recalculate new expiry date and allergens
+        self.object.expiry_date = self.object.creation_date + self.object.shelf_life
+        self.object.allergens.clear()
+
+        for ingredient in self.object.ingredients.iterator():
+            if not (ingredient.polymorphic_ctype.model == 'basicfood' and ingredient.date_type == 'DDM'):
+                self.object.expiry_date = min(self.object.expiry_date, ingredient.expiry_date)
+            self.object.allergens.set(self.object.allergens.union(ingredient.allergens.all()))
+
+        self.object.save(old_ingredients=old_ingredients, old_allergens=old_allergens)
+        return HttpResponseRedirect(self.get_success_url())
+
+    def get_context_data(self, *args, **kwargs):
+        context = super().get_context_data(*args, **kwargs)
+        context['title'] += ' ' + self.object.name
+        formset = ManageIngredientsFormSet()
+        ingredients = self.object.ingredients.all()
+        formset.extra += ingredients.count() + MAX_FORMS
+        context['form'] = ManageIngredientsForm()
+        context['ingredients_count'] = ingredients.count()
+        display = [True] * (1 + ingredients.count()) + [False] * (formset.extra - ingredients.count() - 1)
+        context['formset'] = zip(display, formset)
+        context['ingredients'] = []
+        for ingredient in ingredients:
+            qr = QRCode.objects.filter(food_container=ingredient)
+
+            context['ingredients'].append({
+                'food_pk': ingredient.pk,
+                'food_name': ingredient.name,
+                'qr_pk': '' if qr.count() == 0 else qr[0].pk,
+                'qr_number': '' if qr.count() == 0 else qr[0].qr_code_number,
+                'fully_used': 'true' if ingredient.end_of_life else '',
+            })
+        return context
+
+    def get_success_url(self, **kwargs):
+        return reverse_lazy('food:transformedfood_view', kwargs={"pk": self.object.pk})
+
+
+class AddIngredientView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
     """
     A view to add ingredient to a meal
     """
@@ -366,6 +460,8 @@ class FoodDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         return context
 
     def get(self, *args, **kwargs):
+        if Food.objects.filter(pk=kwargs['pk']).count() != 1:
+            return Http404
         model = Food.objects.get(pk=kwargs['pk']).polymorphic_ctype.model
         if 'stop_redirect' in kwargs and kwargs['stop_redirect']:
             return super().get(*args, **kwargs)
@@ -404,6 +500,7 @@ class TransformedFoodDetailView(FoodDetailView):
             pretty_duration(self.object.shelf_life)
         ))
         context["foods"] = self.object.ingredients.all()
+        context["manage_ingredients"] = True
         return context
 
     def get(self, *args, **kwargs):

apps/member/migrations/0014_create_bda.py

@@ -0,0 +1,46 @@
+from django.db import migrations
+
+def create_bda(apps, schema_editor):
+    """
+    The club BDA is now pre-injected.
+    """
+    Club = apps.get_model("member", "club")
+    NoteClub = apps.get_model("note", "noteclub")
+    Alias = apps.get_model("note", "alias")
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    polymorphic_ctype_id = ContentType.objects.get_for_model(NoteClub).id
+    
+    Club.objects.get_or_create(
+        id=10,
+        name="BDA",
+        email="bda.ensparissaclay@gmail.com",
+        require_memberships=True,
+        membership_fee_paid=750,
+        membership_fee_unpaid=750,
+        membership_duration=396,
+        membership_start="2024-08-01",
+        membership_end="2025-09-30",
+    )
+    NoteClub.objects.get_or_create(
+        id=1937,
+        club_id=10,
+        polymorphic_ctype_id=polymorphic_ctype_id,
+    )
+    Alias.objects.get_or_create(
+        id=1937,
+        note_id=1937,
+        name="BDA",
+        normalized_name="bda",
+    )
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0013_auto_20240801_1436'),
+    ]
+    
+    operations = [
+        migrations.RunPython(create_bda),
+    ]
+

apps/permission/fixtures/initial.json

@@ -4152,8 +4152,8 @@
             "name": "Pr\u00e9sident\u22c5e de club",
             "permissions": [
                 62,
-                142,
-                135
+                135,
+                142
             ]
         }
     },
@@ -4562,6 +4562,133 @@
             ]
         }
     },  
+    {
+        "model": "permission.role",
+        "pk": 23,
+            "fields": {
+            "for_club": 2,
+            "name": "Darbonne",
+            "permissions": [
+                30,
+                31,
+                32
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 24,
+            "fields": {
+            "for_club": null,
+            "name": "Staffeur⋅euse (S&L,Respo Tech,...)",
+            "permissions": []
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 25,
+            "fields": {
+            "for_club": null,
+            "name": "Référent⋅e Bus",
+            "permissions": [
+                22,
+                84,
+                115,
+                117,
+                118,
+                119,
+                120,
+                121,
+                122
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 28,
+            "fields": {
+            "for_club": 10,
+            "name": "Trésorièr⸱e BDA",
+            "permissions": [
+                55,
+                56,
+                57,
+                58,
+                135,
+                143,
+                176,
+                177,
+                178,
+                243,
+                260,
+                261,
+                262,
+                263,
+                264,
+                265,
+                266,
+                267,
+                268,
+                269
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 30,
+            "fields": {
+            "for_club": 10,
+            "name": "Respo sorties",
+            "permissions": [
+                49, 
+                62, 
+                141, 
+                241, 
+                242, 
+                243
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 31,
+            "fields": {
+            "for_club": 1,
+            "name": "Respo comm",
+            "permissions": [
+                135,
+                244
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 32,
+            "fields": {
+            "for_club": 10,
+            "name": "Respo comm Art",
+            "permissions": [
+                135,
+                245
+            ]
+        }
+    }, 
+    {
+        "model": "permission.role",
+        "pk": 33,
+            "fields": {
+            "for_club": 10,
+            "name": "Respo Jam",
+            "permissions": [
+                247, 
+                250, 
+                251, 
+                252, 
+                253, 
+                254
+            ]
+        }
+    }, 
     {
         "model": "wei.weirole",
         "pk": 12,
@@ -4596,5 +4723,15 @@
         "model": "wei.weirole",
         "pk": 18,
         "fields": {}
+    },
+    {
+        "model": "wei.weirole",
+        "pk": 24,
+        "fields": {}
+    },
+    {
+        "model": "wei.weirole",
+        "pk": 25,
+        "fields": {}
     }
 ]

apps/permission/scopes.py

@@ -1,8 +1,10 @@
 # Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
+
 from oauth2_provider.oauth2_validators import OAuth2Validator
 from oauth2_provider.scopes import BaseScopes
 from member.models import Club
+from note.models import Alias
 from note_kfet.middlewares import get_current_request
 
 from .backends import PermissionBackend
@@ -17,25 +19,46 @@ class PermissionScopes(BaseScopes):
     """
 
     def get_all_scopes(self):
-        return {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
+        scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
                   for p in Permission.objects.all() for club in Club.objects.all()}
+        scopes['openid'] = "OpenID Connect"
+        return scopes
 
     def get_available_scopes(self, application=None, request=None, *args, **kwargs):
         if not application:
             return []
-        return [f"{p.id}_{p.membership.club.id}"
+        scopes = [f"{p.id}_{p.membership.club.id}"
                   for t in Permission.PERMISSION_TYPES
                   for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
+        scopes.append('openid')
+        return scopes
 
     def get_default_scopes(self, application=None, request=None, *args, **kwargs):
         if not application:
             return []
-        return [f"{p.id}_{p.membership.club.id}"
+        scopes = [f"{p.id}_{p.membership.club.id}"
                   for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
+        scopes.append('openid')
+        return scopes
 
 
 class PermissionOAuth2Validator(OAuth2Validator):
-    oidc_claim_scope = None  # fix breaking change of django-oauth-toolkit 2.0.0
+    oidc_claim_scope = OAuth2Validator.oidc_claim_scope
+    oidc_claim_scope.update({"name": 'openid',
+                             "normalized_name": 'openid',
+                             "email": 'openid',
+                             })
+
+    def get_additional_claims(self, request):
+        return {
+            "name": request.user.username,
+            "normalized_name": Alias.normalize(request.user.username),
+            "email": request.user.email,
+        }
+
+    def get_discovery_claims(self, request):
+        claims = super().get_discovery_claims(self)
+        return claims + ["name", "normalized_name", "email"]
 
     def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
         """
@@ -54,6 +77,8 @@ class PermissionOAuth2Validator(OAuth2Validator):
                 if scope in scopes:
                     valid_scopes.add(scope)
 
-        request.scopes = valid_scopes
+        if 'openid' in scopes:
+            valid_scopes.add('openid')
 
+        request.scopes = valid_scopes
         return valid_scopes

apps/permission/signals.py

@@ -19,6 +19,7 @@ EXCLUDED = [
     'oauth2_provider.accesstoken',
     'oauth2_provider.grant',
     'oauth2_provider.refreshtoken',
+    'oauth2_provider.idtoken',
     'sessions.session',
 ]
 

apps/permission/views.py

@@ -171,7 +171,7 @@ class ScopesView(LoginRequiredMixin, TemplateView):
             available_scopes = scopes.get_available_scopes(app)
             context["scopes"][app] = OrderedDict()
             items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes]
-            items.sort(key=lambda x: (int(x[0].split("_")[1]), int(x[0].split("_")[0])))
+            # items.sort(key=lambda x: (int(x[0].split("_")[1]), int(x[0].split("_")[0])))
             for k, v in items:
                 context["scopes"][app][k] = v
 

docs/apps/food.rst

@@ -19,8 +19,9 @@ Le modèle regroupe :
 * Propriétaire (doit-être un Club)
 * Allergènes (ManyToManyField)
 * date d'expiration
-* a été mangé (booléen)
+* fin de vie
 * est prêt (booléen)
+* consigne (pour les GCKs)
 
 BasicFood
 ~~~~~~~~~
@@ -40,7 +41,7 @@ Les TransformedFood correspondent aux produits préparés à la Kfet. Ils peuven
 
 Le modèle regroupe :
 
-* Durée de consommation (par défaut 3 jours)
+* Durée de conservation (par défaut 3 jours)
 * Ingrédients (ManyToManyField vers Food)
 * Date de création
 * Champs de Food

docs/apps/index.rst

@@ -12,6 +12,7 @@ Applications de la Note Kfet 2020
    ../api/index
    registration
    logs
+   food
    treasury
    wei
    wrapped
@@ -66,6 +67,8 @@ Applications facultatives
     Serveur central d'authentification, permet d'utiliser son compte de la NoteKfet2020 pour se connecter à d'autre application ayant intégrer un client.
 * `Scripts <https://gitlab.crans.org/bde/nk20-scripts>`_
      Ensemble de commande `./manage.py` pour la gestion de la note: import de données, verification d'intégrité, etc...
+* `Food <food>`_ :
+    Gestion de la nourriture dans Kfet pour les clubs.
 * `Treasury <treasury>`_ :
     Interface de gestion pour les trésorièr⋅es, émission de factures, remises de chèque, statistiques...
 * `WEI <wei>`_ :

docs/faq.rst

@@ -183,6 +183,7 @@ Contributeur⋅rices
    * korenst1
    * nicomarg
    * PAC
+   * Quark
    * ÿnérant
 
 

docs/scripts.rst

@@ -136,7 +136,7 @@ de diffusion utiles.
    Faîtes attention, donc où la sortie est stockée.
 
 
-Il prend 2 options :
+Il prend 4 options :
 
 * ``--type``, qui prend en argument ``members`` (défaut), ``clubs``, ``events``, ``art``,
   ``sport``, qui permet respectivement de sortir la liste des adresses mails des adhérent⋅es
@@ -149,7 +149,10 @@ Il prend 2 options :
   pour la ML Adhérents, pour exporter les mails des adhérents au BDE pendant n'importe 
   laquelle des ``n+1`` dernières années. 
 
-Le script sort sur la sortie standard la liste des adresses mails à inscrire.
+* ``--email``, qui prend en argument une chaine de caractère contenant une adresse email.
+  
+Si aucun email n'est renseigné, le script sort sur la sortie standard la liste des adresses mails à inscrire.
+Dans le cas contraire, la liste est envoyée à l'adresse passée en argument.
 
 Attention : il y a parfois certains cas particuliers à prendre en compte, il n'est
 malheureusement pas aussi simple que de simplement supposer que ces listes sont exhaustives.

locale/fr/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-04-24 18:22+0200\n"
+"POT-Creation-Date: 2025-04-30 11:44+0200\n"
 "PO-Revision-Date: 2022-04-11 22:05+0200\n"
 "Last-Translator: bleizi <bleizi@crans.org>\n"
 "Language-Team: French <http://translate.ynerant.fr/projects/nk20/nk20/fr/>\n"
@@ -383,7 +383,9 @@ msgstr "Entrée effectuée !"
 
 #: apps/activity/templates/activity/activity_form.html:16
 #: apps/food/templates/food/food_update.html:17
+#: apps/food/templates/food/manage_ingredients.html:48
 #: apps/food/templates/food/qrcode.html:18
+#: apps/food/templates/food/transformedfood_update.html:45
 #: apps/member/templates/member/add_members.html:46
 #: apps/member/templates/member/club_form.html:16
 #: apps/note/templates/note/transactiontemplate_form.html:18
@@ -495,26 +497,40 @@ msgstr "API"
 msgid "food"
 msgstr "bouffe"
 
-#: apps/food/forms.py:50
+#: apps/food/forms.py:49
 msgid "Pasta METRO 5kg"
 msgstr "Pâtes METRO 5kg"
 
-#: apps/food/forms.py:54 apps/food/forms.py:82
+#: apps/food/forms.py:53 apps/food/forms.py:81
 msgid "Specific order given to GCKs"
 msgstr ""
 
-#: apps/food/forms.py:78
+#: apps/food/forms.py:77
 msgid "Lasagna"
 msgstr "Lasagnes"
 
-#: apps/food/forms.py:117
+#: apps/food/forms.py:116
 msgid "Shelf life (in hours)"
 msgstr "Durée de vie (en heure)"
 
-#: apps/food/forms.py:139
+#: apps/food/forms.py:138 apps/food/forms.py:162
+#: apps/food/templates/food/transformedfood_update.html:25
 msgid "Fully used"
 msgstr "Entièrement utilisé"
 
+#: apps/food/forms.py:171 apps/food/templates/food/qrcode.html:29
+#: apps/food/templates/food/transformedfood_update.html:23
+#: apps/note/templates/note/transaction_form.html:132
+#: apps/treasury/models.py:61
+msgid "Name"
+msgstr "Nom"
+
+#: apps/food/forms.py:181
+#, fuzzy
+#| msgid "QR-code number"
+msgid "QR code number"
+msgstr "numéro de QR-code"
+
 #: apps/food/models.py:23
 msgid "Allergen"
 msgstr "Allergène"
@@ -547,7 +563,7 @@ msgstr "est prêt"
 msgid "order"
 msgstr "consigne"
 
-#: apps/food/models.py:107 apps/food/views.py:32
+#: apps/food/models.py:107 apps/food/views.py:34
 #: note_kfet/templates/base.html:72
 msgid "Food"
 msgstr "Bouffe"
@@ -605,6 +621,7 @@ msgid "QR-codes"
 msgstr "QR-codes"
 
 #: apps/food/models.py:286
+#: apps/food/templates/food/transformedfood_update.html:24
 msgid "QR-code number"
 msgstr "numéro de QR-code"
 
@@ -624,7 +641,11 @@ msgstr "Modifier"
 msgid "Add to a meal"
 msgstr "Ajouter à un plat"
 
-#: apps/food/templates/food/food_detail.html:44
+#: apps/food/templates/food/food_detail.html:45
+msgid "Manage ingredients"
+msgstr "Gérer les ingrédients"
+
+#: apps/food/templates/food/food_detail.html:49
 msgid "Return to the food list"
 msgstr "Retour à la liste de nourriture"
 
@@ -660,6 +681,16 @@ msgstr "Bouffe du club"
 msgid "Yours club has not food yet."
 msgstr "Ton club n'a pas de bouffe pour l'instant"
 
+#: apps/food/templates/food/manage_ingredients.html:45
+#: apps/food/templates/food/transformedfood_update.html:42
+msgid "Add ingredient"
+msgstr "Ajouter un ingrédient"
+
+#: apps/food/templates/food/manage_ingredients.html:46
+#: apps/food/templates/food/transformedfood_update.html:43
+msgid "Remove ingredient"
+msgstr "Enlever un ingrédient"
+
 #: apps/food/templates/food/qrcode.html:22
 msgid "Copy constructor"
 msgstr "Constructeur de copie"
@@ -668,12 +699,6 @@ msgstr "Constructeur de copie"
 msgid "New food"
 msgstr "Nouvel aliment"
 
-#: apps/food/templates/food/qrcode.html:29
-#: apps/note/templates/note/transaction_form.html:132
-#: apps/treasury/models.py:61
-msgid "Name"
-msgstr "Nom"
-
 #: apps/food/templates/food/qrcode.html:32
 msgid "Owner"
 msgstr "Propriétaire"
@@ -726,40 +751,49 @@ msgstr "semaines"
 msgid "and"
 msgstr "et"
 
-#: apps/food/views.py:116
+#: apps/food/views.py:118
 msgid "Add a new QRCode"
 msgstr "Ajouter un nouveau QR-code"
 
-#: apps/food/views.py:165
+#: apps/food/views.py:167
 msgid "Add an aliment"
 msgstr "Ajouter un nouvel aliment"
 
-#: apps/food/views.py:224
+#: apps/food/views.py:226
 msgid "Add a meal"
 msgstr "Ajouter un plat"
 
-#: apps/food/views.py:251
+#: apps/food/views.py:262
+msgid "Manage ingredients of:"
+msgstr "Gestion des ingrédienrs de :"
+
+#: apps/food/views.py:276 apps/food/views.py:284
+#, python-brace-format
+msgid "Fully used in {meal}"
+msgstr "Aliment entièrement utilisé dans : {meal}"
+
+#: apps/food/views.py:323
 msgid "Add the ingredient:"
 msgstr "Ajouter l'ingrédient"
 
-#: apps/food/views.py:275
+#: apps/food/views.py:349
 #, python-brace-format
 msgid "Food fully used in : {meal.name}"
 msgstr "Aliment entièrement utilisé dans : {meal.name}"
 
-#: apps/food/views.py:294
+#: apps/food/views.py:368
 msgid "Update an aliment"
 msgstr "Modifier un aliment"
 
-#: apps/food/views.py:342
+#: apps/food/views.py:416
 msgid "Details of:"
 msgstr "Détails de :"
 
-#: apps/food/views.py:352 apps/treasury/tables.py:149
+#: apps/food/views.py:426 apps/treasury/tables.py:149
 msgid "Yes"
 msgstr "Oui"
 
-#: apps/food/views.py:354 apps/member/models.py:99 apps/treasury/tables.py:149
+#: apps/food/views.py:428 apps/member/models.py:99 apps/treasury/tables.py:149
 msgid "No"
 msgstr "Non"