replace "…" -> "..." (#130 ) and disable sorting on certain columns (#129 )

fix Oauth
Merge branch 'main' into migration-django-4-2
2025-06-21 01:48:21 +02:00 · 2024-08-29 10:19:06 +02:00 · 2024-08-29 00:43:33 +02:00 · 2024-08-25 16:14:59 +02:00 · 2024-08-25 16:13:01 +02:00 · 2024-08-25 15:17:36 +02:00
207 changed files with 4014 additions and 2879 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -7,40 +7,8 @@ stages:
 variables:
  GIT_SUBMODULE_STRATEGY: recursive
 # Debian Buster
 py37-django22:
  stage: test
  image: debian:buster-backports
  before_script:
    - >
        apt-get update &&
        apt-get install --no-install-recommends -t buster-backports -y
        python3-django python3-django-crispy-forms
        python3-django-extensions python3-django-filters python3-django-polymorphic
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
  script: tox -e py37-django22
 # Ubuntu 20.04
 py38-django22:
  stage: test
  image: ubuntu:20.04
  before_script:
    # Fix tzdata prompt
    - ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime && echo Europe/Paris > /etc/timezone
    - >
        apt-get update &&
        apt-get install --no-install-recommends -y
        python3-django python3-django-crispy-forms
        python3-django-extensions python3-django-filters python3-django-polymorphic
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
  script: tox -e py38-django22
 # Debian Bullseye
-py39-django22:
+py39-django42:
  stage: test
  image: debian:bullseye
  before_script:
@ -52,11 +20,45 @@ py39-django22:
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
-  script: tox -e py39-django22
+  script: tox -e py39-django42
 # Ubuntu 22.04
 py310-django42:
  stage: test
  image: ubuntu:22.04
  before_script:
    # Fix tzdata prompt
    - ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime && echo Europe/Paris > /etc/timezone
    - >
        apt-get update &&
        apt-get install --no-install-recommends -y
        python3-django python3-django-crispy-forms
        python3-django-extensions python3-django-filters python3-django-polymorphic
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
  script: tox -e py310-django42
 # Debian Bookworm
 py311-django42:
  stage: test
  image: debian:bookworm
  before_script:
    - >
        apt-get update &&
        apt-get install --no-install-recommends -y
        python3-django python3-django-crispy-forms
        python3-django-extensions python3-django-filters python3-django-polymorphic
        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
        python3-bs4 python3-setuptools tox texlive-xetex
  script: tox -e py311-django42
 linters:
  stage: quality-assurance
-  image: debian:buster-backports
+  image: debian:bookworm
  before_script:
    - apt-get update && apt-get install -y tox
  script: tox -e linters
--- a/.gitmodules
+++ b/.gitmodules
@ -1,3 +1,3 @@
 [submodule "apps/scripts"]
 	path = apps/scripts
-	url = https://gitlab.crans.org/bde/nk20-scripts.git
+	url = https://gitlab.crans.org/bde/nk20-scripts
--- a/README.md
+++ b/README.md
@ -55,7 +55,7 @@ Bien que cela permette de créer une instance sur toutes les distributions,
    (env)$ ./manage.py makemigrations
    (env)$ ./manage.py migrate
    (env)$ ./manage.py loaddata initial
-    (env)$ ./manage.py createsuperuser  # Création d'un utilisateur initial
+    (env)$ ./manage.py createsuperuser  # Création d'un⋅e utilisateur⋅rice initial
    ```
 6.  Enjoy :
--- a/apps/activity/init.py
+++ b/apps/activity/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'activity.apps.ActivityConfig'
--- a/apps/activity/admin.py
+++ b/apps/activity/admin.py
@ -1,11 +1,11 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib import admin
 from note_kfet.admin import admin_site
 from .forms import GuestForm
-from .models import Activity, ActivityType, Entry, Guest
+from .models import Activity, ActivityType, Entry, Guest, Opener
@admin.register(Activity, site=admin_site)
@ -45,3 +45,11 @@ class EntryAdmin(admin.ModelAdmin):
    Admin customisation for Entry
    """
    list_display = ('note', 'activity', 'time', 'guest')
@admin.register(Opener, site=admin_site)
 class OpenerAdmin(admin.ModelAdmin):
    """
    Admin customisation for Opener
    """
    list_display = ('activity', 'opener')
--- a/apps/activity/api/serializers.py
+++ b/apps/activity/api/serializers.py
@ -1,9 +1,11 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 from rest_framework.validators import UniqueTogetherValidator
-from ..models import Activity, ActivityType, Entry, Guest, GuestTransaction
+from ..models import Activity, ActivityType, Entry, Guest, GuestTransaction, Opener
 class ActivityTypeSerializer(serializers.ModelSerializer):
@ -59,3 +61,17 @@ class GuestTransactionSerializer(serializers.ModelSerializer):
    class Meta:
        model = GuestTransaction
        fields = '__all__'
 class OpenerSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Openers.
    The djangorestframework plugin will analyse the model `Opener` and parse all fields in the API.
    """
    class Meta:
        model = Opener
        fields = '__all__'
        validators = [UniqueTogetherValidator(
            queryset=Opener.objects.all(), fields=("opener", "activity"),
            message=_("This opener already exists"))]
--- a/apps/activity/api/urls.py
+++ b/apps/activity/api/urls.py
@ -1,7 +1,7 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet
+from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet, OpenerViewSet
 def register_activity_urls(router, path):
@ -12,3 +12,4 @@ def register_activity_urls(router, path):
    router.register(path + '/type', ActivityTypeViewSet)
    router.register(path + '/guest', GuestViewSet)
    router.register(path + '/entry', EntryViewSet)
    router.register(path + '/opener', OpenerViewSet)
--- a/apps/activity/api/views.py
+++ b/apps/activity/api/views.py
@ -1,12 +1,15 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 from django.core.exceptions import ValidationError
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from rest_framework.response import Response
 from rest_framework import status
-from .serializers import ActivitySerializer, ActivityTypeSerializer, EntrySerializer, GuestSerializer
+from .serializers import ActivitySerializer, ActivityTypeSerializer, EntrySerializer, GuestSerializer, OpenerSerializer
-from ..models import Activity, ActivityType, Entry, Guest
+from ..models import Activity, ActivityType, Entry, Guest, Opener
 class ActivityTypeViewSet(ReadProtectedModelViewSet):
@ -29,7 +32,7 @@ class ActivityViewSet(ReadProtectedModelViewSet):
    """
    queryset = Activity.objects.order_by('id')
    serializer_class = ActivitySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'description', 'activity_type', 'location', 'creater', 'organizer', 'attendees_club',
                        'date_start', 'date_end', 'valid', 'open', ]
    search_fields = ['$name', '$description', '$location', '$creater__last_name', '$creater__first_name',
@ -47,7 +50,7 @@ class GuestViewSet(ReadProtectedModelViewSet):
    """
    queryset = Guest.objects.order_by('id')
    serializer_class = GuestSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'inviter', 'inviter__alias__name',
                        'inviter__alias__normalized_name', ]
    search_fields = ['$activity__name', '$last_name', '$first_name', '$inviter__user__email', '$inviter__alias__name',
@ -62,7 +65,36 @@ class EntryViewSet(ReadProtectedModelViewSet):
    """
    queryset = Entry.objects.order_by('id')
    serializer_class = EntrySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['activity', 'time', 'note', 'guest', ]
    search_fields = ['$activity__name', '$note__user__email', '$note__alias__name', '$note__alias__normalized_name',
                     '$guest__last_name', '$guest__first_name', ]
 class OpenerViewSet(ReadProtectedModelViewSet):
    """
    REST Opener View set.
    The djangorestframework plugin will get all `Opener` objects, serialize it to JSON with the given serializer,
    then render it on /api/activity/opener/
    """
    queryset = Opener.objects
    serializer_class = OpenerSerializer
    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend]
    search_fields = ['$opener__alias__name', '$opener__alias__normalized_name',
                     '$activity__name']
    filterset_fields = ['opener', 'opener__noteuser__user', 'activity']
    def get_serializer_class(self):
        serializer_class = self.serializer_class
        if self.request.method in ['PUT', 'PATCH']:
            # opener-activity can't change
            serializer_class.Meta.read_only_fields = ('opener', 'acitivity',)
        return serializer_class
    def destroy(self, request, *args, **kwargs):
        instance = self.get_object()
        try:
            self.perform_destroy(instance)
        except ValidationError as e:
            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
        return Response(status=status.HTTP_204_NO_CONTENT)
--- a/apps/activity/apps.py
+++ b/apps/activity/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/activity/forms.py
+++ b/apps/activity/forms.py
@ -1,16 +1,17 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta
 from random import shuffle
 from bootstrap_datepicker_plus.widgets import DateTimePickerInput
 from django import forms
 from django.contrib.contenttypes.models import ContentType
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from member.models import Club
 from note.models import Note, NoteUser
-from note_kfet.inputs import Autocomplete, DateTimePickerInput
+from note_kfet.inputs import Autocomplete
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
@ -43,7 +44,7 @@ class ActivityForm(forms.ModelForm):
    class Meta:
        model = Activity
-        exclude = ('creater', 'valid', 'open', )
+        exclude = ('creater', 'valid', 'open', 'opener', )
        widgets = {
            "organizer": Autocomplete(
                model=Club,
--- a/apps/activity/migrations/0003_auto_20240323_1422.py
+++ b/apps/activity/migrations/0003_auto_20240323_1422.py
@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2024-03-23 13:22
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('activity', '0002_auto_20200904_2341'),
    ]
    operations = [
        migrations.AlterField(
            model_name='activity',
            name='description',
            field=models.TextField(blank=True, default='', verbose_name='description'),
        ),
    ]
--- a/apps/activity/migrations/0004_opener.py
+++ b/apps/activity/migrations/0004_opener.py
@ -0,0 +1,28 @@
 # Generated by Django 2.2.28 on 2024-08-01 12:36
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        ('note', '0006_trust'),
        ('activity', '0003_auto_20240323_1422'),
    ]
    operations = [
        migrations.CreateModel(
            name='Opener',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('activity', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='opener', to='activity.Activity', verbose_name='activity')),
                ('opener', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='activity_responsible', to='note.Note', verbose_name='opener')),
            ],
            options={
                'verbose_name': 'opener',
                'verbose_name_plural': 'openers',
                'unique_together': {('opener', 'activity')},
            },
        ),
    ]
--- a/apps/activity/models.py
+++ b/apps/activity/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import os
@ -11,7 +11,7 @@ from django.db import models, transaction
 from django.db.models import Q
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
-from note.models import NoteUser, Transaction
+from note.models import NoteUser, Transaction, Note
 from rest_framework.exceptions import ValidationError
@ -66,6 +66,8 @@ class Activity(models.Model):
    description = models.TextField(
        verbose_name=_('description'),
        blank=True,
        default="",
    )
    location = models.CharField(
@ -123,6 +125,14 @@ class Activity(models.Model):
        verbose_name=_('open'),
    )
    class Meta:
        verbose_name = _("activity")
        verbose_name_plural = _("activities")
        unique_together = ("name", "date_start", "date_end",)
    def __str__(self):
        return self.name
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
@ -144,14 +154,6 @@ class Activity(models.Model):
                if settings.DATABASES["default"]["ENGINE"] == 'django.db.backends.postgresql' else refresh_activities()
        return ret
    def __str__(self):
        return self.name
    class Meta:
        verbose_name = _("activity")
        verbose_name_plural = _("activities")
        unique_together = ("name", "date_start", "date_end",)
 class Entry(models.Model):
    """
@ -252,14 +254,13 @@ class Guest(models.Model):
        verbose_name=_("inviter"),
    )
-    @property
+    class Meta:
-    def has_entry(self):
+        verbose_name = _("guest")
-        try:
+        verbose_name_plural = _("guests")
-            if self.entry:
+        unique_together = ("activity", "last_name", "first_name", )
-                return True
+
-            return False
+    def __str__(self):
-        except AttributeError:
+        return self.first_name + " " + self.last_name
            return False
    @transaction.atomic
    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
@ -290,13 +291,14 @@ class Guest(models.Model):
        return super().save(force_insert, force_update, using, update_fields)
-    def __str__(self):
+    @property
-        return self.first_name + " " + self.last_name
+    def has_entry(self):
-
+        try:
-    class Meta:
+            if self.entry:
-        verbose_name = _("guest")
+                return True
-        verbose_name_plural = _("guests")
+            return False
-        unique_together = ("activity", "last_name", "first_name", )
+        except AttributeError:
            return False
 class GuestTransaction(Transaction):
@ -308,3 +310,31 @@ class GuestTransaction(Transaction):
    @property
    def type(self):
        return _('Invitation')
 class Opener(models.Model):
    """
    Allow the user to make activity entries without more rights
    """
    activity = models.ForeignKey(
        Activity,
        on_delete=models.CASCADE,
        related_name='opener',
        verbose_name=_('activity')
    )
    opener = models.ForeignKey(
        Note,
        on_delete=models.CASCADE,
        related_name='activity_responsible',
        verbose_name=_('Opener')
    )
    class Meta:
        verbose_name = _("Opener")
        verbose_name_plural = _("Openers")
        unique_together = ("opener", "activity")
    def __str__(self):
        return _("{opener} is opener of activity {acivity}").format(
            opener=str(self.opener), acivity=str(self.activity))
--- a/apps/activity/static/activity/js/opener.js
+++ b/apps/activity/static/activity/js/opener.js
@ -0,0 +1,57 @@
 /**
 * On form submit, add a new opener
 */
 function form_create_opener (e) {
  // Do not submit HTML form
  e.preventDefault()
  // Get data and send to API
  const formData = new FormData(e.target)
  $.getJSON('/api/note/alias/'+formData.get('opener') + '/',
    function (opener_alias) {
      create_opener(formData.get('activity'), opener_alias.note)
    }).fail(function (xhr, _textStatus, _error) {
        errMsg(xhr.responseJSON)
    })
 }
 /**
 * Add an opener between an activity and a user
 * @param activity:Integer activity id
 * @param opener:Integer user note id
 */
 function create_opener(activity, opener) {
  $.post('/api/activity/opener/', {
      activity: activity,
      opener: opener,
      csrfmiddlewaretoken: CSRF_TOKEN
  }).done(function () {
  // Reload tables
  $('#opener_table').load(location.pathname + ' #opener_table')
    addMsg(gettext('Opener successfully added'), 'success')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
 }
 /**
 * On click of "delete", delete the opener
 * @param button_id:Integer Opener id to remove
 */
 function delete_button (button_id) {
  $.ajax({
    url: '/api/activity/opener/' + button_id + '/',
    method: 'DELETE',
    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
  }).done(function () {
    addMsg(gettext('Opener successfully deleted'), 'success')
    $('#opener_table').load(location.pathname + ' #opener_table')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
 }
 $(document).ready(function () {
  // Attach event
  document.getElementById('form_opener').addEventListener('submit', form_create_opener)
 })
--- a/apps/activity/tables.py
+++ b/apps/activity/tables.py
@ -1,15 +1,17 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils import timezone
 from django.utils.html import escape
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
 from note_kfet.middlewares import get_current_request
 import django_tables2 as tables
 from django_tables2 import A
 from permission.backends import PermissionBackend
 from note.templatetags.pretty_money import pretty_money
-from .models import Activity, Entry, Guest
+from .models import Activity, Entry, Guest, Opener
 class ActivityTable(tables.Table):
@ -113,3 +115,34 @@ class EntryTable(tables.Table):
            'data-last-name': lambda record: record.last_name,
            'data-first-name': lambda record: record.first_name,
        }
 # function delete_button(id) provided in template file
 DELETE_TEMPLATE = """
    <button id="{{ record.pk }}" class="btn btn-danger btn-sm" onclick="delete_button(this.id)"> {{ delete_trans }}</button>
 """
 class OpenerTable(tables.Table):
    class Meta:
        attrs = {
            'class': 'table table condensed table-striped',
            'id': "opener_table"
        }
        model = Opener
        fields = ("opener",)
        template_name = 'django_tables2/bootstrap4.html'
    show_header = False
    opener = tables.Column(attrs={'td': {'class': 'text-center'}})
    delete_col = tables.TemplateColumn(
        template_code=DELETE_TEMPLATE,
        extra_context={"delete_trans": _('Delete')},
        attrs={
            'td': {
                'class': lambda record: 'col-sm-1'
                + (' d-none' if not PermissionBackend.check_perm(
                    get_current_request(), "activity.delete_opener", record)
                   else '')}},
        verbose_name=_("Delete"),)
--- a/apps/activity/templates/activity/activity_detail.html
+++ b/apps/activity/templates/activity/activity_detail.html
@ -4,11 +4,31 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% endcomment %}
 {% load i18n perms %}
 {% load render_table from django_tables2 %}
 {% load static django_tables2 i18n %}
 {% block content %}
 <h1 class="text-white">{{ title }}</h1>
 {% include "activity/includes/activity_info.html" %}
 {% if activity.activity_type.manage_entries and ".change__opener"|has_perm:activity %}
    <div class="card bg-white mb-3">
        <h3 class="card-header text-center">
            {% trans "Openers" %}
        </h3>
        <div class="card-body">
            <form class="input-group" method="POST" id="form_opener">
                {% csrf_token %}
                <input type="hidden" name="activity" value="{{ object.pk }}">
                {%include "autocomplete_model.html" %}
                <div class="input-group-append">
                    <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
                </div>
            </form>
        </div>
        {% render_table opener %}
    </div>
 {% endif %}
 {% if guests.data %}
 <div class="card bg-white mb-3">
    <h3 class="card-header text-center">
@ -22,6 +42,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% endblock %}
 {% block extrajavascript %}
 <script src="{% static "activity/js/opener.js" %}"></script>
 <script src="{% static "js/autocomplete_model.js" %}"></script>
 <script>
    function remove_guest(guest_id) {
        $.ajax({
--- a/apps/activity/templates/activity/activity_form.html
+++ b/apps/activity/templates/activity/activity_form.html
@ -17,4 +17,27 @@ SPDX-License-Identifier: GPL-3.0-or-later
    </form>
  </div>
 </div>
-{% endblock %}
+{% endblock %}
 {% block extrajavascript %}
 <script>
  var date_end = document.getElementById("id_date_end");
  var date_start = document.getElementById("id_date_start");
  function update_date_end (){
    if(date_end.value=="" || date_end.value<date_start.value){
      date_end.value = date_start.value;
    };
  };
  function update_date_start (){
    if(date_start.value=="" || date_end.value<date_start.value){
      date_start.value = date_end.value;
    };
  };
  date_start.addEventListener('focusout', update_date_end);
  date_end.addEventListener('focusout', update_date_start);
 </script>
 {% endblock %}
--- a/apps/activity/templates/activity/activity_list.html
+++ b/apps/activity/templates/activity/activity_list.html
@ -46,4 +46,4 @@ SPDX-License-Identifier: GPL-3.0-or-later
    </h3>
    {% render_table table %}
 </div>
-{% endblock %}
+{% endblock %}
--- a/apps/activity/tests/test_activities.py
+++ b/apps/activity/tests/test_activities.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta
--- a/apps/activity/urls.py
+++ b/apps/activity/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.urls import path
--- a/apps/activity/views.py
+++ b/apps/activity/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from hashlib import md5
@ -17,14 +17,16 @@ from django.utils.translation import gettext_lazy as _
 from django.views import View
 from django.views.decorators.cache import cache_page
 from django.views.generic import DetailView, TemplateView, UpdateView
-from django_tables2.views import SingleTableView
+from django.views.generic.list import ListView
 from django_tables2.views import MultiTableMixin, SingleTableMixin
 from api.viewsets import is_regex
 from note.models import Alias, NoteSpecial, NoteUser
 from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 from .forms import ActivityForm, GuestForm
-from .models import Activity, Entry, Guest
+from .models import Activity, Entry, Guest, Opener
-from .tables import ActivityTable, EntryTable, GuestTable
+from .tables import ActivityTable, EntryTable, GuestTable, OpenerTable
 class ActivityCreateView(ProtectQuerysetMixin, ProtectedCreateView):
@ -57,26 +59,36 @@ class ActivityCreateView(ProtectQuerysetMixin, ProtectedCreateView):
        return reverse_lazy('activity:activity_detail', kwargs={"pk": self.object.pk})
-class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
+class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, ListView):
    """
    Displays all Activities, and classify if they are on-going or upcoming ones.
    """
    model = Activity
-    table_class = ActivityTable
+    tables = [
-    ordering = ('-date_start',)
+        lambda data: ActivityTable(data, prefix="all-"),
        lambda data: ActivityTable(data, prefix="upcoming-"),
    ]
    extra_context = {"title": _("Activities")}
    def get_queryset(self, **kwargs):
        return super().get_queryset(**kwargs).distinct()
    def get_tables_data(self):
        # first table = all activities, second table = upcoming
        return [
            self.get_queryset().order_by("-date_start"),
            Activity.objects.filter(date_end__gt=timezone.now())
                            .filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))
                            .distinct()
                            .order_by("date_start")
        ]
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        upcoming_activities = Activity.objects.filter(date_end__gt=timezone.now())
+        tables = context["tables"]
-        context['upcoming'] = ActivityTable(
+        for name, table in zip(["table", "upcoming"], tables):
-            data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")),
+            context[name] = table
            prefix='upcoming-',
        )
        started_activities = self.get_queryset().filter(open=True, valid=True).distinct().all()
        context["started_activities"] = started_activities
@ -84,7 +96,7 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
        return context
-class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
    """
    Shows details about one activity. Add guest to context
    """
@ -92,15 +104,40 @@ class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = "activity"
    extra_context = {"title": _("Activity detail")}
    tables = [
        lambda data: GuestTable(data, prefix="guests-"),
        lambda data: OpenerTable(data, prefix="opener-"),
    ]
    def get_tables_data(self):
        return [
            Guest.objects.filter(activity=self.object)
                         .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")),
            self.object.opener.filter(activity=self.object)
                              .filter(PermissionBackend.filter_queryset(self.request, Opener, "view")),
        ]
    def get_context_data(self, **kwargs):
        context = super().get_context_data()
-        table = GuestTable(data=Guest.objects.filter(activity=self.object)
+        tables = context["tables"]
-                           .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")))
+        for name, table in zip(["guests", "opener"], tables):
-        context["guests"] = table
+            context[name] = table
        context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start)
        context["widget"] = {
            "name": "opener",
            "resetable": True,
            "attrs": {
                "class": "autocomplete form-control",
                "id": "opener",
                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
                "name_field": "name",
                "placeholder": ""
            }
        }
        return context
@ -157,12 +194,14 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
        return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
-class ActivityEntryView(LoginRequiredMixin, TemplateView):
+class ActivityEntryView(LoginRequiredMixin, SingleTableMixin, TemplateView):
    """
    Manages entry to an activity
    """
    template_name = "activity/activity_entry.html"
    table_class = EntryTable
    def dispatch(self, request, *args, **kwargs):
        """
        Don't display the entry interface if the user has no right to see it (no right to add an entry for itself),
@ -197,13 +236,16 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
-            if pattern[0] != "^":
+
-                pattern = "^" + pattern
+            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            pattern = "^" + pattern if valid_regex and pattern[0] != "^" else pattern
            guest_qs = guest_qs.filter(
-                Q(first_name__iregex=pattern)
+                Q(**{f"first_name{suffix}": pattern})
-                | Q(last_name__iregex=pattern)
+                | Q(**{f"last_name{suffix}": pattern})
-                | Q(inviter__alias__name__iregex=pattern)
+                | Q(**{f"inviter__alias__name{suffix}": pattern})
-                | Q(inviter__alias__normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"inviter__alias__normalized_name{suffix}": Alias.normalize(pattern)})
            )
        else:
            guest_qs = guest_qs.none()
@ -235,11 +277,15 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__icontains"
            note_qs = note_qs.filter(
-                Q(note__noteuser__user__first_name__iregex=pattern)
+                Q(**{f"note__noteuser__user__first_name{suffix}": pattern})
-                | Q(note__noteuser__user__last_name__iregex=pattern)
+                | Q(**{f"note__noteuser__user__last_name{suffix}": pattern})
-                | Q(name__iregex=pattern)
+                | Q(**{f"name{suffix}": pattern})
-                | Q(normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"normalized_name{suffix}": Alias.normalize(pattern)})
            )
        else:
            note_qs = note_qs.none()
@ -251,15 +297,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
            if settings.DATABASES[note_qs.db]["ENGINE"] == 'django.db.backends.postgresql' else note_qs.distinct()[:20]
        return note_qs
-    def get_context_data(self, **kwargs):
+    def get_table_data(self):
        """
        Query the list of Guest and Note to the activity and add information to makes entry with JS.
        """
        context = super().get_context_data(**kwargs)
        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
            .distinct().get(pk=self.kwargs["pk"])
        context["activity"] = activity
        matched = []
@ -272,8 +312,17 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
            note.activity = activity
            matched.append(note)
-        table = EntryTable(data=matched)
+        return matched
-        context["table"] = table
+
    def get_context_data(self, **kwargs):
        """
        Query the list of Guest and Note to the activity and add information to makes entry with JS.
        """
        context = super().get_context_data(**kwargs)
        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
            .distinct().get(pk=self.kwargs["pk"])
        context["activity"] = activity
        context["entries"] = Entry.objects.filter(activity=activity)
@ -315,8 +364,8 @@ X-WR-CALNAME:Kfet Calendar
 NAME:Kfet Calendar
 CALSCALE:GREGORIAN
 BEGIN:VTIMEZONE
-TZID:Europe/Berlin
+TZID:Europe/Paris
-X-LIC-LOCATION:Europe/Berlin
+X-LIC-LOCATION:Europe/Paris
 BEGIN:DAYLIGHT
 TZOFFSETFROM:+0100
 TZOFFSETTO:+0200
@ -338,10 +387,10 @@ END:VTIMEZONE
 DTSTAMP:{"{:%Y%m%dT%H%M%S}".format(activity.date_start)}Z
 UID:{md5((activity.name + "$" + str(activity.id) + str(activity.date_start)).encode("UTF-8")).hexdigest()}
 SUMMARY;CHARSET=UTF-8:{self.multilines(activity.name, 75, 22)}
-DTSTART;TZID=Europe/Berlin:{"{:%Y%m%dT%H%M%S}".format(activity.date_start)}
+DTSTART:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_start)}
-DTEND;TZID=Europe/Berlin:{"{:%Y%m%dT%H%M%S}".format(activity.date_end)}
+DTEND:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_end)}
 LOCATION:{self.multilines(activity.location, 75, 9) if activity.location else "Kfet"}
-DESCRIPTION;CHARSET=UTF-8:""" + self.multilines(activity.description.replace("\n", "\\n"), 75, 26) + """
+DESCRIPTION;CHARSET=UTF-8:""" + self.multilines(activity.description.replace("\n", "\\n"), 75, 26) + f"""
 -- {activity.organizer.name}
 END:VEVENT
 """
--- a/apps/api/init.py
+++ b/apps/api/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'api.apps.APIConfig'
--- a/apps/api/apps.py
+++ b/apps/api/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/api/filters.py
+++ b/apps/api/filters.py
@ -0,0 +1,42 @@
 import re
 from functools import lru_cache
 from rest_framework.filters import SearchFilter
 class RegexSafeSearchFilter(SearchFilter):
    @lru_cache
    def validate_regex(self, search_term) -> bool:
        try:
            re.compile(search_term)
            return True
        except re.error:
            return False
    def get_search_fields(self, view, request):
        """
        Ensure that given regex are valid.
        If not, we consider that the user is trying to search by substring.
        """
        search_fields = super().get_search_fields(view, request)
        search_terms = self.get_search_terms(request)
        for search_term in search_terms:
            if not self.validate_regex(search_term):
                # Invalid regex. We assume we don't query by regex but by substring.
                search_fields = [f.replace('$', '') for f in search_fields]
                break
        return search_fields
    def get_search_terms(self, request):
        """
        Ensure that search field is a valid regex query. If not, we remove extra characters.
        """
        terms = super().get_search_terms(request)
        if not all(self.validate_regex(term) for term in terms):
            # Invalid regex. If a ^ is prefixed to the search term, we remove it.
            terms = [term[1:] if term[0] == '^' else term for term in terms]
            # Same for dollars.
            terms = [term[:-1] if term[-1] == '$' else term for term in terms]
        return terms
--- a/apps/api/serializers.py
+++ b/apps/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
--- a/apps/api/tests.py
+++ b/apps/api/tests.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import json
@ -12,11 +12,12 @@ from django.contrib.contenttypes.models import ContentType
 from django.db.models.fields.files import ImageFieldFile
 from django.test import TestCase
 from django_filters.rest_framework import DjangoFilterBackend
 from phonenumbers import PhoneNumber
 from rest_framework.filters import OrderingFilter
 from api.filters import RegexSafeSearchFilter
 from member.models import Membership, Club
 from note.models import NoteClub, NoteUser, Alias, Note
 from permission.models import PermissionMask, Permission, Role
 from phonenumbers import PhoneNumber
 from rest_framework.filters import SearchFilter, OrderingFilter
 from .viewsets import ContentTypeViewSet, UserViewSet
@ -87,7 +88,7 @@ class TestAPI(TestCase):
                    resp = self.client.get(url + f"?ordering=-{field}")
                    self.assertEqual(resp.status_code, 200)
-            if SearchFilter in backends:
+            if RegexSafeSearchFilter in backends:
                # Basic search
                for field in viewset.search_fields:
                    obj = self.fix_note_object(obj, field)
--- a/apps/api/urls.py
+++ b/apps/api/urls.py
@ -1,8 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
-from django.conf.urls import url, include
+from django.conf.urls import include
 from django.urls import re_path
 from rest_framework import routers
 from .views import UserInformationView
@ -47,7 +48,7 @@ app_name = 'api'
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
-    url('^', include(router.urls)),
+    re_path('^', include(router.urls)),
-    url('^me/', UserInformationView.as_view()),
+    re_path('^me/', UserInformationView.as_view()),
-    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    re_path('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]
--- a/apps/api/views.py
+++ b/apps/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib.auth.models import User
--- a/apps/api/viewsets.py
+++ b/apps/api/viewsets.py
@ -1,19 +1,29 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import re
 from django.contrib.contenttypes.models import ContentType
 from django_filters.rest_framework import DjangoFilterBackend
 from django.db.models import Q
 from django.conf import settings
 from django.contrib.auth.models import User
 from rest_framework.filters import SearchFilter
 from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
 from permission.backends import PermissionBackend
 from note.models import Alias
 from .filters import RegexSafeSearchFilter
 from .serializers import UserSerializer, ContentTypeSerializer
 def is_regex(pattern):
    try:
        re.compile(pattern)
        return True
    except (re.error, TypeError):
        return False
 class ReadProtectedModelViewSet(ModelViewSet):
    """
    Protect a ModelViewSet by filtering the objects that the user cannot see.
@ -60,34 +70,38 @@ class UserViewSet(ReadProtectedModelViewSet):
        if "search" in self.request.GET:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            # Filter with different rules
            # We use union-all to keep each filter rule sorted in result
            queryset = queryset.filter(
                # Match without normalization
-                note__alias__name__iregex="^" + pattern
+                Q(**{f"note__alias__name{suffix}": prefix + pattern})
            ).union(
                queryset.filter(
                    # Match with normalization
-                    Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                ),
                all=True,
            ).union(
                queryset.filter(
                    # Match on lower pattern
-                    Q(note__alias__normalized_name__iregex="^" + pattern.lower())
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
-                    & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                ),
                all=True,
            ).union(
                queryset.filter(
                    # Match on firstname or lastname
-                    (Q(last_name__iregex="^" + pattern) | Q(first_name__iregex="^" + pattern))
+                    (Q(**{f"last_name{suffix}": prefix + pattern}) | Q(**{f"first_name{suffix}": prefix + pattern}))
-                    & ~Q(note__alias__normalized_name__iregex="^" + pattern.lower())
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
-                    & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
-                    & ~Q(note__alias__name__iregex="^" + pattern)
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
                ),
                all=True,
            )
@ -107,6 +121,6 @@ class ContentTypeViewSet(ReadOnlyModelViewSet):
    """
    queryset = ContentType.objects.order_by('id')
    serializer_class = ContentTypeSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['id', 'app_label', 'model', ]
    search_fields = ['$app_label', '$model', ]
--- a/apps/logs/init.py
+++ b/apps/logs/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'logs.apps.LogsConfig'
--- a/apps/logs/api/serializers.py
+++ b/apps/logs/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from rest_framework import serializers
--- a/apps/logs/api/urls.py
+++ b/apps/logs/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import ChangelogViewSet
--- a/apps/logs/api/views.py
+++ b/apps/logs/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django_filters.rest_framework import DjangoFilterBackend
--- a/apps/logs/apps.py
+++ b/apps/logs/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/logs/models.py
+++ b/apps/logs/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
@ -76,9 +76,6 @@ class Changelog(models.Model):
        verbose_name=_('timestamp'),
    )
    def delete(self, using=None, keep_parents=False):
        raise ValidationError(_("Logs cannot be destroyed."))
    class Meta:
        verbose_name = _("changelog")
        verbose_name_plural = _("changelogs")
@ -86,3 +83,6 @@ class Changelog(models.Model):
    def __str__(self):
        return _("Changelog of type \"{action}\" for model {model} at {timestamp}").format(
            action=self.get_action_display(), model=str(self.model), timestamp=str(self.timestamp))
    def delete(self, using=None, keep_parents=False):
        raise ValidationError(_("Logs cannot be destroyed."))
--- a/apps/logs/signals.py
+++ b/apps/logs/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib.contenttypes.models import ContentType
@ -56,13 +56,13 @@ def save_object(sender, instance, **kwargs):
    # noinspection PyProtectedMember
    previous = instance._previous
-    # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
+    # Si un⋅e utilisateur⋅rice est connecté⋅e, on récupère l'utilisateur⋅rice courant⋅e ainsi que son adresse IP
    request = get_current_request()
    if request is None:
        # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
        # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
-        # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
+        # IMPORTANT : l'utilisateur⋅rice dans la VM doit être un des alias note du respo info
        ip = "127.0.0.1"
        username = Alias.normalize(getpass.getuser())
        note = NoteUser.objects.filter(alias__normalized_name=username)
@ -134,13 +134,13 @@ def delete_object(sender, instance, **kwargs):
    if instance._meta.label_lower in EXCLUDED or hasattr(instance, "_no_signal"):
        return
-    # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
+    # Si un⋅e utilisateur⋅rice est connecté⋅e, on récupère l'utilisateur⋅rice courant⋅e ainsi que son adresse IP
    request = get_current_request()
    if request is None:
        # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
        # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
-        # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
+        # IMPORTANT : l'utilisateur⋅rice dans la VM doit être un des alias note du respo info
        ip = "127.0.0.1"
        username = Alias.normalize(getpass.getuser())
        note = NoteUser.objects.filter(alias__normalized_name=username)
--- a/apps/member/init.py
+++ b/apps/member/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'member.apps.MemberConfig'
--- a/apps/member/admin.py
+++ b/apps/member/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib import admin
--- a/apps/member/api/serializers.py
+++ b/apps/member/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from rest_framework import serializers
--- a/apps/member/api/urls.py
+++ b/apps/member/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import ProfileViewSet, ClubViewSet, MembershipViewSet
--- a/apps/member/api/views.py
+++ b/apps/member/api/views.py
@ -1,8 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.filters import OrderingFilter
 from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
 from .serializers import ProfileSerializer, ClubSerializer, MembershipSerializer
@ -17,7 +18,7 @@ class ProfileViewSet(ReadProtectedModelViewSet):
    """
    queryset = Profile.objects.order_by('id')
    serializer_class = ProfileSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['user', 'user__first_name', 'user__last_name', 'user__username', 'user__email',
                        'user__note__alias__name', 'user__note__alias__normalized_name', 'phone_number', "section",
                        'department', 'promotion', 'address', 'paid', 'ml_events_registration', 'ml_sport_registration',
@ -34,7 +35,7 @@ class ClubViewSet(ReadProtectedModelViewSet):
    """
    queryset = Club.objects.order_by('id')
    serializer_class = ClubSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'email', 'note__alias__name', 'note__alias__normalized_name', 'parent_club',
                        'parent_club__name', 'require_memberships', 'membership_fee_paid', 'membership_fee_unpaid',
                        'membership_duration', 'membership_start', 'membership_end', ]
@ -49,7 +50,7 @@ class MembershipViewSet(ReadProtectedModelViewSet):
    """
    queryset = Membership.objects.order_by('id')
    serializer_class = MembershipSerializer
-    filter_backends = [DjangoFilterBackend, OrderingFilter, SearchFilter]
+    filter_backends = [DjangoFilterBackend, OrderingFilter, RegexSafeSearchFilter]
    filterset_fields = ['club__name', 'club__email', 'club__note__alias__name', 'club__note__alias__normalized_name',
                        'user__username', 'user__last_name', 'user__first_name', 'user__email',
                        'user__note__alias__name', 'user__note__alias__normalized_name',
--- a/apps/member/apps.py
+++ b/apps/member/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/member/auth.py
+++ b/apps/member/auth.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from cas_server.auth import DjangoAuthUser  # pragma: no cover
--- a/apps/member/forms.py
+++ b/apps/member/forms.py
@ -1,9 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import io
-from PIL import Image, ImageSequence
+from bootstrap_datepicker_plus.widgets import DatePickerInput
 from django import forms
 from django.conf import settings
 from django.contrib.auth.forms import AuthenticationForm
@ -13,8 +13,9 @@ from django.forms import CheckboxSelectMultiple
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from note.models import NoteSpecial, Alias
-from note_kfet.inputs import Autocomplete, AmountInput, DatePickerInput
+from note_kfet.inputs import Autocomplete, AmountInput
 from permission.models import PermissionMask, Role
 from PIL import Image, ImageSequence
 from .models import Profile, Club, Membership
@ -32,7 +33,7 @@ class UserForm(forms.ModelForm):
        # Django usernames can only contain letters, numbers, @, ., +, - and _.
        # We want to allow users to have uncommon and unpractical usernames:
        # That is their problem, and we have normalized aliases for us.
-        return super()._get_validation_exclusions() + ["username"]
+        return super()._get_validation_exclusions() | {"username"}
    class Meta:
        model = User
@ -121,7 +122,7 @@ class ImageForm(forms.Form):
                frame = frame.crop((x, y, x + w, y + h))
                frame = frame.resize(
                    (settings.PIC_WIDTH, settings.PIC_RATIO * settings.PIC_WIDTH),
-                    Image.ANTIALIAS,
+                    Image.LANCZOS,
                )
                frames.append(frame)
@ -138,6 +139,9 @@ class ImageForm(forms.Form):
        return cleaned_data
    def is_valid(self):
        return super().is_valid() or super().clean().get('image') is None
 class ClubForm(forms.ModelForm):
    def clean(self):
@ -151,7 +155,7 @@ class ClubForm(forms.ModelForm):
    class Meta:
        model = Club
-        fields = '__all__'
+        exclude = ("add_registration_form",)
        widgets = {
            "membership_fee_paid": AmountInput(),
            "membership_fee_unpaid": AmountInput(),
@ -207,9 +211,9 @@ class MembershipForm(forms.ModelForm):
    class Meta:
        model = Membership
        fields = ('user', 'date_start')
-        # Le champ d'utilisateur est remplacé par un champ d'auto-complétion.
+        # Le champ d'utilisateur⋅rice est remplacé par un champ d'auto-complétion.
        # Quand des lettres sont tapées, une requête est envoyée sur l'API d'auto-complétion
-        # et récupère les noms d'utilisateur valides
+        # et récupère les noms d'utilisateur⋅rices valides
        widgets = {
            'user':
                Autocomplete(
--- a/apps/member/hashers.py
+++ b/apps/member/hashers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import hashlib
--- a/apps/member/migrations/0012_club_add_registration_form.py
+++ b/apps/member/migrations/0012_club_add_registration_form.py
@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2024-07-15 09:24
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0011_profile_vss_charter_read'),
    ]
    operations = [
        migrations.AddField(
            model_name='club',
            name='add_registration_form',
            field=models.BooleanField(default=False, verbose_name='add to registration form'),
        ),
    ]
--- a/apps/member/migrations/0013_auto_20240801_1436.py
+++ b/apps/member/migrations/0013_auto_20240801_1436.py
@ -0,0 +1,18 @@
 # Generated by Django 2.2.28 on 2024-08-01 12:36
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0012_club_add_registration_form'),
    ]
    operations = [
        migrations.AlterField(
            model_name='profile',
            name='promotion',
            field=models.PositiveSmallIntegerField(default=2024, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
        ),
    ]
--- a/apps/member/models.py
+++ b/apps/member/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import datetime
@ -28,7 +28,6 @@ class Profile(models.Model):
    We do not want to patch the Django Contrib :model:`auth.User`model;
    so this model add an user profile with additional information.
    """
    user = models.OneToOneField(
        settings.AUTH_USER_MODEL,
        on_delete=models.CASCADE,
@ -139,6 +138,17 @@ class Profile(models.Model):
        default=False
    )
    class Meta:
        verbose_name = _('user profile')
        verbose_name_plural = _('user profile')
        indexes = [models.Index(fields=['user'])]
    def __str__(self):
        return str(self.user)
    def get_absolute_url(self):
        return reverse('member:user_detail', args=(self.user_id,))
    @property
    def ens_year(self):
        """
@ -163,17 +173,6 @@ class Profile(models.Model):
            return SogeCredit.objects.filter(user=self.user, credit_transaction__isnull=False).exists()
        return False
    class Meta:
        verbose_name = _('user profile')
        verbose_name_plural = _('user profile')
        indexes = [models.Index(fields=['user'])]
    def get_absolute_url(self):
        return reverse('member:user_detail', args=(self.user_id,))
    def __str__(self):
        return str(self.user)
    def send_email_validation_link(self):
        subject = "[Note Kfet] " + str(_("Activate your Note Kfet account"))
        token = email_validation_token.make_token(self.user)
@ -205,9 +204,11 @@ class Club(models.Model):
        max_length=255,
        unique=True,
    )
    email = models.EmailField(
        verbose_name=_('email'),
    )
    parent_club = models.ForeignKey(
        'self',
        null=True,
@ -258,25 +259,17 @@ class Club(models.Model):
        help_text=_('Maximal date of a membership, after which members must renew it.'),
    )
-    def update_membership_dates(self):
+    add_registration_form = models.BooleanField(
-        """
+        verbose_name=_("add to registration form"),
-        This function is called each time the club detail view is displayed.
+        default=False,
-        Update the year of the membership dates.
+    )
        """
        if not self.membership_start or not self.membership_end:
            return
-        today = datetime.date.today()
+    class Meta:
        verbose_name = _("club")
        verbose_name_plural = _("clubs")
-        while (today - self.membership_start).days >= 365:
+    def __str__(self):
-            if self.membership_start:
+        return self.name
                self.membership_start = datetime.date(self.membership_start.year + 1,
                                                      self.membership_start.month, self.membership_start.day)
            if self.membership_end:
                self.membership_end = datetime.date(self.membership_end.year + 1,
                                                    self.membership_end.month, self.membership_end.day)
            self._force_save = True
            self.save(force_update=True)
    @transaction.atomic
    def save(self, force_insert=False, force_update=False, using=None,
@ -289,16 +282,36 @@ class Club(models.Model):
            self.membership_end = None
        super().save(force_insert, force_update, update_fields)
    class Meta:
        verbose_name = _("club")
        verbose_name_plural = _("clubs")
    def __str__(self):
        return self.name
    def get_absolute_url(self):
        return reverse_lazy('member:club_detail', args=(self.pk,))
    def update_membership_dates(self):
        """
        This function is called each time the club detail view is displayed.
        Update the year of the membership dates.
        """
        if not self.membership_start or not self.membership_end:
            return
        today = datetime.date.today()
        # Avoid any problems on February 29
        if self.membership_start.month == 2 and self.membership_start.day == 29:
            self.membership_start -= datetime.timedelta(days=1)
        if self.membership_end.month == 2 and self.membership_end.day == 29:
            self.membership_end += datetime.timedelta(days=1)
        while today >= datetime.date(self.membership_start.year + 1,
                                     self.membership_start.month, self.membership_start.day):
            if self.membership_start:
                self.membership_start = datetime.date(self.membership_start.year + 1,
                                                      self.membership_start.month, self.membership_start.day)
            if self.membership_end:
                self.membership_end = datetime.date(self.membership_end.year + 1,
                                                    self.membership_end.month, self.membership_end.day)
            self._force_save = True
            self.save(force_update=True)
 class Membership(models.Model):
    """
@ -338,6 +351,66 @@ class Membership(models.Model):
        verbose_name=_('fee'),
    )
    class Meta:
        verbose_name = _('membership')
        verbose_name_plural = _('memberships')
        indexes = [models.Index(fields=['user'])]
    def __str__(self):
        return _("Membership of {user} for the club {club}").format(user=self.user.username, club=self.club.name, )
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
        Calculate fee and end date before saving the membership and creating the transaction if needed.
        """
        # Ensure that club membership dates are valid
        old_membership_start = self.club.membership_start
        self.club.update_membership_dates()
        if self.club.membership_start != old_membership_start:
            self.club.save()
        created = not self.pk
        if not created:
            for role in self.roles.all():
                club = role.for_club
                if club is not None:
                    if club.pk != self.club_id:
                        raise ValidationError(_('The role {role} does not apply to the club {club}.')
                                              .format(role=role.name, club=club.name))
        else:
            if Membership.objects.filter(
                    user=self.user,
                    club=self.club,
                    date_start__lte=self.date_start,
                    date_end__gte=self.date_start,
            ).exists():
                raise ValidationError(_('User is already a member of the club'))
            if self.club.parent_club is not None:
                # Check that the user is already a member of the parent club if the membership is created
                if not Membership.objects.filter(
                    user=self.user,
                    club=self.club.parent_club,
                    date_start__gte=self.club.parent_club.membership_start,
                ).exists():
                    if hasattr(self, '_force_renew_parent') and self._force_renew_parent:
                        self.renew_parent()
                    else:
                        raise ValidationError(_('User is not a member of the parent club')
                                              + ' ' + self.club.parent_club.name)
            self.fee = self.club.membership_fee_paid if self.user.profile.paid else self.club.membership_fee_unpaid
            self.date_end = self.date_start + datetime.timedelta(days=self.club.membership_duration) \
                if self.club.membership_duration is not None else self.date_start + datetime.timedelta(days=424242)
            if self.club.membership_end is not None and self.date_end > self.club.membership_end:
                self.date_end = self.club.membership_end
        super().save(*args, **kwargs)
        self.make_transaction()
    @property
    def valid(self):
        """
@ -407,66 +480,14 @@ class Membership(models.Model):
            if self.club.parent_club.name == "BDE":
                parent_membership.roles.set(
-                    Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all())
+                    Role.objects.filter(Q(name="Adhérent⋅e BDE") | Q(name="Membre de club")).all())
            elif self.club.parent_club.name == "Kfet":
                parent_membership.roles.set(
-                    Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all())
+                    Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all())
            else:
                parent_membership.roles.set(Role.objects.filter(name="Membre de club").all())
            parent_membership.save()
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
        Calculate fee and end date before saving the membership and creating the transaction if needed.
        """
        # Ensure that club membership dates are valid
        old_membership_start = self.club.membership_start
        self.club.update_membership_dates()
        if self.club.membership_start != old_membership_start:
            self.club.save()
        created = not self.pk
        if not created:
            for role in self.roles.all():
                club = role.for_club
                if club is not None:
                    if club.pk != self.club_id:
                        raise ValidationError(_('The role {role} does not apply to the club {club}.')
                                              .format(role=role.name, club=club.name))
        else:
            if Membership.objects.filter(
                    user=self.user,
                    club=self.club,
                    date_start__lte=self.date_start,
                    date_end__gte=self.date_start,
            ).exists():
                raise ValidationError(_('User is already a member of the club'))
            if self.club.parent_club is not None:
                # Check that the user is already a member of the parent club if the membership is created
                if not Membership.objects.filter(
                    user=self.user,
                    club=self.club.parent_club,
                    date_start__gte=self.club.parent_club.membership_start,
                ).exists():
                    if hasattr(self, '_force_renew_parent') and self._force_renew_parent:
                        self.renew_parent()
                    else:
                        raise ValidationError(_('User is not a member of the parent club')
                                              + ' ' + self.club.parent_club.name)
            self.fee = self.club.membership_fee_paid if self.user.profile.paid else self.club.membership_fee_unpaid
            self.date_end = self.date_start + datetime.timedelta(days=self.club.membership_duration) \
                if self.club.membership_duration is not None else self.date_start + datetime.timedelta(days=424242)
            if self.club.membership_end is not None and self.date_end > self.club.membership_end:
                self.date_end = self.club.membership_end
        super().save(*args, **kwargs)
        self.make_transaction()
    def make_transaction(self):
        """
        Create Membership transaction associated to this membership.
@ -504,11 +525,3 @@ class Membership(models.Model):
                soge_credit.save()
            else:
                transaction.save(force_insert=True)
    def __str__(self):
        return _("Membership of {user} for the club {club}").format(user=self.user.username, club=self.club.name, )
    class Meta:
        verbose_name = _('membership')
        verbose_name_plural = _('memberships')
        indexes = [models.Index(fields=['user'])]
--- a/apps/member/signals.py
+++ b/apps/member/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
--- a/apps/member/static/member/js/trust.js
+++ b/apps/member/static/member/js/trust.js
@ -1,7 +1,7 @@
 /**
 * On form submit, create a new friendship
 */
-function create_trust (e) {
+function form_create_trust (e) {
  // Do not submit HTML form
  e.preventDefault()
@ -14,25 +14,35 @@ function create_trust (e) {
         addMsg(gettext("You can't add yourself as a friend"), "danger")
         return
      }
-      $.post('/api/note/trust/', {
+      create_trust(formData.get('trusting'), trusted_alias.note)
        csrfmiddlewaretoken: formData.get('csrfmiddlewaretoken'),
        trusting: formData.get('trusting'),
        trusted: trusted_alias.note
      }).done(function () {
        // Reload table
        $('#trust_table').load(location.pathname + ' #trust_table')
        addMsg(gettext('Friendship successfully added'), 'success')
      }).fail(function (xhr, _textStatus, _error) {
        errMsg(xhr.responseJSON)
      })
    }).fail(function (xhr, _textStatus, _error) {
        errMsg(xhr.responseJSON)
    })
 }
 /**
- * On click of "delete", delete the alias
+ * Create a trust between users
- * @param button_id:Integer Alias id to remove
+ * @param trusting:Integer trusting note id
 * @param trusted:Integer trusted note id
 */
 function create_trust(trusting, trusted) {
  $.post('/api/note/trust/', {
      trusting: trusting,
      trusted: trusted,
      csrfmiddlewaretoken: CSRF_TOKEN
  }).done(function () {
  // Reload tables
  $('#trust_table').load(location.pathname + ' #trust_table')
  $('#trusted_table').load(location.pathname + ' #trusted_table')
    addMsg(gettext('Friendship successfully added'), 'success')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
 }
 /**
 * On click of "delete", delete the trust
 * @param button_id:Integer Trust id to remove
 */
 function delete_button (button_id) {
  $.ajax({
@ -42,6 +52,7 @@ function delete_button (button_id) {
  }).done(function () {
    addMsg(gettext('Friendship successfully deleted'), 'success')
    $('#trust_table').load(location.pathname + ' #trust_table')
    $('#trusted_table').load(location.pathname + ' #trusted_table')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
@ -49,5 +60,5 @@ function delete_button (button_id) {
 $(document).ready(function () {
  // Attach event
-  document.getElementById('form_trust').addEventListener('submit', create_trust)
+  document.getElementById('form_trust').addEventListener('submit', form_create_trust)
 })
--- a/apps/member/tables.py
+++ b/apps/member/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import date
@ -42,12 +42,12 @@ class UserTable(tables.Table):
    """
    alias = tables.Column()
-    section = tables.Column(accessor='profile__section')
+    section = tables.Column(accessor='profile__section', orderable=False)
    # Override the column to let replace the URL
    email = tables.EmailColumn(linkify=lambda record: "mailto:{}".format(record.email))
-    balance = tables.Column(accessor='note__balance', verbose_name=_("Balance"))
+    balance = tables.Column(accessor='note__balance', verbose_name=_("Balance"), orderable=False)
    def render_email(self, record, value):
        # Replace the email by a dash if the user can't see the profile detail
--- a/apps/member/templates/member/club_members.html
+++ b/apps/member/templates/member/club_members.html
@ -11,7 +11,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
        {{ title }}
    </h3>
    <div class="card-body">
-        <input id="searchbar" type="text" class="form-control" placeholder="Nom/prénom/note…">
+        <input id="searchbar" type="text" class="form-control" placeholder="Nom/prénom/note...">
        <div class="form-check">
            <label class="form-check-label" for="only_active">
                <input type="checkbox" class="checkboxinput form-check-input" id="only_active"
@ -66,4 +66,4 @@ SPDX-License-Identifier: GPL-3.0-or-later
        roles_obj.change(reloadTable);
    });
 </script>
-{% endblock %}
+{% endblock %}
--- a/apps/member/templates/member/picture_update.html
+++ b/apps/member/templates/member/picture_update.html
@ -14,6 +14,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
      <form method="post" enctype="multipart/form-data" id="formUpload">
        {% csrf_token %}
        {{ form |crispy }}
        {% if user.note.display_image != "pic/default.png" %}
          <input type="submit" class="btn btn-primary" value="{% trans "Remove" %}">
        {% endif %}
      </form>
    </div>
    <!-- MODAL TO CROP THE IMAGE -->
--- a/apps/member/templates/member/profile_trust.html
+++ b/apps/member/templates/member/profile_trust.html
@ -7,7 +7,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% block profile_content %}
 <div class="card bg-light mb-3">
    <h3 class="card-header text-center">
-        {% trans "Note friendships" %}
+        {% trans "Add friends" %}
    </h3>
    <div class="card-body">
        {% if can_create %}
@ -24,7 +24,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
    {% render_table trusting %}
 </div>
-<div class="alert alert-warning card">
+<div class="alert alert-warning card mb-3">
    {% blocktrans trimmed %}
        Adding someone as a friend enables them to initiate transactions coming
        from your account (while keeping your balance positive). This is
@ -33,6 +33,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
        friends without needing additional rights among them.
    {% endblocktrans %}
 </div>
 <div class="card bg-light mb-3">
    <h3 class="card-header text-center">
        {% trans "People having you as a friend" %}
    </h3>
    {% render_table trusted_by %}
 </div>
 {% endblock %}
 {% block extrajavascript %}
--- a/apps/member/templatetags/memberinfo.py
+++ b/apps/member/templatetags/memberinfo.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import date
--- a/apps/member/tests/test_memberships.py
+++ b/apps/member/tests/test_memberships.py
@ -291,7 +291,7 @@ class TestMemberships(TestCase):
        response = self.client.post(reverse("member:club_manage_roles", args=(self.membership.pk,)), data=dict(
            roles=[role.id for role in Role.objects.filter(
-                Q(name="Membre de club") | Q(name="Trésorier·ère de club") | Q(name="Bureau de club")).all()],
+                Q(name="Membre de club") | Q(name="Trésorièr⋅e de club") | Q(name="Bureau de club")).all()],
        ))
        self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200)
        self.membership.refresh_from_db()
--- a/apps/member/urls.py
+++ b/apps/member/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.urls import path
--- a/apps/member/views.py
+++ b/apps/member/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta, date
@ -8,7 +8,6 @@ from django.contrib.auth import logout
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.contrib.auth.views import LoginView
 from django.contrib.contenttypes.models import ContentType
 from django.db import transaction
 from django.db.models import Q, F
 from django.shortcuts import redirect
@ -17,17 +16,18 @@ from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DetailView, UpdateView, TemplateView
 from django.views.generic.edit import FormMixin
-from django_tables2.views import SingleTableView
+from django_tables2.views import MultiTableMixin, SingleTableMixin, SingleTableView
 from rest_framework.authtoken.models import Token
 from api.viewsets import is_regex
 from note.models import Alias, NoteClub, NoteUser, Trust
 from note.models.transactions import Transaction, SpecialTransaction
-from note.tables import HistoryTable, AliasTable, TrustTable
+from note.tables import HistoryTable, AliasTable, TrustTable, TrustedTable
 from note_kfet.middlewares import _set_current_request
 from permission.backends import PermissionBackend
 from permission.models import Role
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
-from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm,\
+from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \
    CustomAuthenticationForm, MembershipRolesForm
 from .models import Club, Membership
 from .tables import ClubTable, UserTable, MembershipTable, ClubManagerTable
@ -220,16 +220,20 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            qs = qs.filter(
-                username__iregex="^" + pattern
+                Q(**{f"username{suffix}": prefix + pattern})
            ).union(
                qs.filter(
-                    (Q(alias__iregex="^" + pattern)
+                    (Q(**{f"alias{suffix}": prefix + pattern})
-                     | Q(normalized_alias__iregex="^" + Alias.normalize(pattern))
+                     | Q(**{f"normalized_alias{suffix}": prefix + Alias.normalize(pattern)})
-                     | Q(last_name__iregex="^" + pattern)
+                     | Q(**{f"last_name{suffix}": prefix + pattern})
-                     | Q(first_name__iregex="^" + pattern)
+                     | Q(**{f"first_name{suffix}": prefix + pattern})
                     | Q(email__istartswith=pattern))
-                    & ~Q(username__iregex="^" + pattern)
+                    & ~Q(**{f"username{suffix}": prefix + pattern})
                ), all=True)
        else:
            qs = qs.none()
@ -244,7 +248,7 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        return context
-class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
    """
    View and manage user trust relationships
    """
@ -253,22 +257,35 @@ class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = 'user_object'
    extra_context = {"title": _("Note friendships")}
    tables = [
        lambda data: TrustTable(data, prefix="trust-"),
        lambda data: TrustedTable(data, prefix="trusted-"),
    ]
    def get_tables_data(self):
        note = self.object.note
        return [
            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct(),
            note.trusted.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct(),
        ]
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        note = context['object'].note
+
-        context["trusting"] = TrustTable(
+        tables = context["tables"]
-            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+        for name, table in zip(["trusting", "trusted_by"], tables):
            context[name] = table
        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_trust", Trust(
            trusting=context["object"].note,
            trusted=context["object"].note
        ))
        context["widget"] = {
            "name": "trusted",
            "resetable": True,
            "attrs": {
                "model_pk": ContentType.objects.get_for_model(Alias).pk,
                "class": "autocomplete form-control",
                "id": "trusted",
                "resetable": True,
                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
                "name_field": "name",
                "placeholder": ""
@ -277,7 +294,7 @@ class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        return context
-class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableMixin, DetailView):
    """
    View and manage user aliases.
    """
@ -286,12 +303,15 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = 'user_object'
    extra_context = {"title": _("Note aliases")}
    table_class = AliasTable
    context_table_name = "aliases"
    def get_table_data(self):
        return self.object.note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct() \
                                     .order_by('normalized_name')
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        note = context['object'].note
        context["aliases"] = AliasTable(
            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
            .order_by('normalized_name').all())
        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
@ -326,12 +346,15 @@ class PictureUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin, Det
        """Save image to note"""
        image = form.cleaned_data['image']
-        # Rename as a PNG or GIF
+        if image is None:
-        extension = image.name.split(".")[-1]
+            image = "pic/default.png"
        if extension == "gif":
            image.name = "{}_pic.gif".format(self.object.note.pk)
        else:
-            image.name = "{}_pic.png".format(self.object.note.pk)
+            # Rename as a PNG or GIF
            extension = image.name.split(".")[-1]
            if extension == "gif":
                image.name = "{}_pic.gif".format(self.object.note.pk)
            else:
                image.name = "{}_pic.png".format(self.object.note.pk)
        # Save
        self.object.note.display_image = image
@ -407,10 +430,15 @@ class ClubListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        if "search" in self.request.GET:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            qs = qs.filter(
-                Q(name__iregex=pattern)
+                Q(**{f"name{suffix}": prefix + pattern})
-                | Q(note__alias__name__iregex=pattern)
+                | Q(**{f"note__alias__name{suffix}": prefix + pattern})
-                | Q(note__alias__normalized_name__iregex=Alias.normalize(pattern))
+                | Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
            )
        return qs
@ -507,7 +535,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        return context
-class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableMixin, DetailView):
    """
    Manage aliases of a club.
    """
@ -516,11 +544,16 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    context_object_name = 'club'
    extra_context = {"title": _("Note aliases")}
    table_class = AliasTable
    context_table_name = "aliases"
    def get_table_data(self):
        return self.object.note.alias.filter(
            PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        note = context['object'].note
+
        context["aliases"] = AliasTable(note.alias.filter(
            PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
@ -824,8 +857,8 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        ret = super().form_valid(form)
-        member_role = Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all() \
+        member_role = Role.objects.filter(Q(name="Adhérent⋅e BDE") | Q(name="Membre de club")).all() \
-            if club.name == "BDE" else Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all() \
+            if club.name == "BDE" else Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all() \
            if club.name == "Kfet"else Role.objects.filter(name="Membre de club").all()
        # Set the same roles as before
        if old_membership:
@ -861,7 +894,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
                membership.refresh_from_db()
                if old_membership.exists():
                    membership.roles.set(old_membership.get().roles.all())
-                membership.roles.set(Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all())
+                membership.roles.set(Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all())
                membership.save()
        return ret
@ -909,10 +942,15 @@ class ClubMembersListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableV
        if 'search' in self.request.GET:
            pattern = self.request.GET['search']
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__istartswith"
            prefix = "^" if valid_regex else ""
            qs = qs.filter(
-                Q(user__first_name__iregex='^' + pattern)
+                Q(**{f"user__first_name{suffix}": prefix + pattern})
-                | Q(user__last_name__iregex='^' + pattern)
+                | Q(**{f"user__last_name{suffix}": prefix + pattern})
-                | Q(user__note__alias__normalized_name__iregex='^' + Alias.normalize(pattern))
+                | Q(**{f"user__note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
            )
        only_active = "only_active" not in self.request.GET or self.request.GET["only_active"] != '0'
--- a/apps/note/init.py
+++ b/apps/note/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'note.apps.NoteConfig'
--- a/apps/note/admin.py
+++ b/apps/note/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib import admin
@ -7,7 +7,7 @@ from polymorphic.admin import PolymorphicChildModelAdmin, \
    PolymorphicChildModelFilter, PolymorphicParentModelAdmin
 from note_kfet.admin import admin_site
-from .models.notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
+from .models.notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust
 from .models.transactions import Transaction, TemplateCategory, TransactionTemplate, \
    RecurrentTransaction, MembershipTransaction, SpecialTransaction
 from .templatetags.pretty_money import pretty_money
@ -21,6 +21,16 @@ class AliasInlines(admin.TabularInline):
    model = Alias
 class TrustInlines(admin.TabularInline):
    """
    Define trusts when editing the trusting note
    """
    model = Trust
    fk_name = "trusting"
    extra = 0
    readonly_fields = ("trusted",)
@admin.register(Note, site=admin_site)
 class NoteAdmin(PolymorphicParentModelAdmin):
    """
@ -92,7 +102,7 @@ class NoteUserAdmin(PolymorphicChildModelAdmin):
    """
    Child for an user note, see NoteAdmin
    """
-    inlines = (AliasInlines,)
+    inlines = (AliasInlines, TrustInlines)
    # We can't change user after creation or the balance
    readonly_fields = ('user', 'balance')
--- a/apps/note/api/serializers.py
+++ b/apps/note/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
@ -11,6 +11,7 @@ from member.models import Membership
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 from rest_framework.utils import model_meta
 from rest_framework.validators import UniqueTogetherValidator
 from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias, Trust
 from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \
@ -86,11 +87,9 @@ class TrustSerializer(serializers.ModelSerializer):
    class Meta:
        model = Trust
        fields = '__all__'
-
+        validators = [UniqueTogetherValidator(
-    def validate(self, attrs):
+            queryset=Trust.objects.all(), fields=('trusting', 'trusted'),
-        instance = Trust(**attrs)
+            message=_("This friendship already exists"))]
        instance.clean()
        return attrs
 class AliasSerializer(serializers.ModelSerializer):
--- a/apps/note/api/urls.py
+++ b/apps/note/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \
--- a/apps/note/api/views.py
+++ b/apps/note/api/views.py
@ -1,19 +1,19 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import re
 from django.conf import settings
 from django.db.models import Q
 from django.core.exceptions import ValidationError
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.filters import OrderingFilter
-from rest_framework import viewsets
+from rest_framework import status, viewsets
 from rest_framework.response import Response
-from rest_framework import status
+from api.filters import RegexSafeSearchFilter
-from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
+from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet, \
    is_regex
 from permission.backends import PermissionBackend
-from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
+from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer, \
    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer, \
    TrustSerializer
 from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial, Trust
@ -29,7 +29,7 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
    """
    queryset = Note.objects.order_by('id')
    serializer_class = NotePolymorphicSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter, OrderingFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter, OrderingFilter]
    filterset_fields = ['alias__name', 'polymorphic_ctype', 'is_active', 'balance', 'last_negative', 'created_at', ]
    search_fields = ['$alias__normalized_name', '$alias__name', '$polymorphic_ctype__model',
                     '$noteuser__user__last_name', '$noteuser__user__first_name', '$noteuser__user__email',
@ -48,10 +48,14 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
            .distinct()
        alias = self.request.query_params.get("alias", ".*")
        # Check if this is a valid regex. If not, we won't check regex
        valid_regex = is_regex(alias)
        suffix = '__iregex' if valid_regex else '__istartswith'
        alias_prefix = '^' if valid_regex else ''
        queryset = queryset.filter(
-            Q(alias__name__iregex="^" + alias)
+            Q(**{f"alias__name{suffix}": alias_prefix + alias})
-            | Q(alias__normalized_name__iregex="^" + Alias.normalize(alias))
+            | Q(**{f"alias__normalized_name{suffix}": alias_prefix + Alias.normalize(alias)})
-            | Q(alias__normalized_name__iregex="^" + alias.lower())
+            | Q(**{f"alias__normalized_name{suffix}": alias_prefix + alias.lower()})
        )
        return queryset.order_by("id")
@ -65,7 +69,7 @@ class TrustViewSet(ReadProtectedModelViewSet):
    """
    queryset = Trust.objects
    serializer_class = TrustSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name',
                     '$trusted__alias__name', '$trusted__alias__normalized_name']
    filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user']
@ -91,11 +95,11 @@ class AliasViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer,
-    then render it on /api/note/aliases/
+    then render it on /api/note/alias/
    """
    queryset = Alias.objects
    serializer_class = AliasSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
    filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
                        'note__noteclub__club', 'note__polymorphic_ctype__model', ]
@ -126,18 +130,22 @@ class AliasViewSet(ReadProtectedModelViewSet):
        alias = self.request.query_params.get("alias", None)
        if alias:
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(alias)
            suffix = '__iregex' if valid_regex else '__istartswith'
            alias_prefix = '^' if valid_regex else ''
            queryset = queryset.filter(
-                name__iregex="^" + alias
+                **{f"name{suffix}": alias_prefix + alias}
            ).union(
                queryset.filter(
-                    Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    Q(**{f"normalized_name{suffix}": alias_prefix + Alias.normalize(alias)})
-                    & ~Q(name__iregex="^" + alias)
+                    & ~Q(**{f"name{suffix}": alias_prefix + alias})
                ),
                all=True).union(
                queryset.filter(
-                    Q(normalized_name__iregex="^" + alias.lower())
+                    Q(**{f"normalized_name{suffix}": "^" + alias.lower()})
-                    & ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    & ~Q(**{f"normalized_name{suffix}": "^" + Alias.normalize(alias)})
-                    & ~Q(name__iregex="^" + alias)
+                    & ~Q(**{f"name{suffix}": "^" + alias})
                ),
                all=True)
@ -147,7 +155,7 @@ class AliasViewSet(ReadProtectedModelViewSet):
 class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
    queryset = Alias.objects
    serializer_class = ConsumerSerializer
-    filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]
+    filter_backends = [RegexSafeSearchFilter, OrderingFilter, DjangoFilterBackend]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
    filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
                        'note__noteclub__club', 'note__polymorphic_ctype__model', ]
@ -166,11 +174,7 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
        alias = self.request.query_params.get("alias", None)
        # Check if this is a valid regex. If not, we won't check regex
-        try:
+        valid_regex = is_regex(alias)
            re.compile(alias)
            valid_regex = True
        except (re.error, TypeError):
            valid_regex = False
        suffix = '__iregex' if valid_regex else '__istartswith'
        alias_prefix = '^' if valid_regex else ''
        queryset = queryset.prefetch_related('note')
@ -179,19 +183,10 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
            # We match first an alias if it is matched without normalization,
            # then if the normalized pattern matches a normalized alias.
            queryset = queryset.filter(
-                **{f'name{suffix}': alias_prefix + alias}
+                Q(**{f'name{suffix}': alias_prefix + alias})
-            ).union(
+                | Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
-                queryset.filter(
+                | Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
-                    Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
+            )
                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
                ),
                all=True).union(
                queryset.filter(
                    Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
                    & ~Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
                ),
                all=True)
        queryset = queryset if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' \
            else queryset.order_by("name")
@ -207,7 +202,7 @@ class TemplateCategoryViewSet(ReadProtectedModelViewSet):
    """
    queryset = TemplateCategory.objects.order_by('name')
    serializer_class = TemplateCategorySerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'templates', 'templates__name']
    search_fields = ['$name', '$templates__name', ]
@ -220,7 +215,7 @@ class TransactionTemplateViewSet(viewsets.ModelViewSet):
    """
    queryset = TransactionTemplate.objects.order_by('name')
    serializer_class = TransactionTemplateSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    filterset_fields = ['name', 'amount', 'display', 'category', 'category__name', ]
    search_fields = ['$name', '$category__name', ]
    ordering_fields = ['amount', ]
@ -234,7 +229,7 @@ class TransactionViewSet(ReadProtectedModelViewSet):
    """
    queryset = Transaction.objects.order_by('-created_at')
    serializer_class = TransactionPolymorphicSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter]
    filterset_fields = ['source', 'source_alias', 'source__alias__name', 'source__alias__normalized_name',
                        'destination', 'destination_alias', 'destination__alias__name',
                        'destination__alias__normalized_name', 'quantity', 'polymorphic_ctype', 'amount',
--- a/apps/note/apps.py
+++ b/apps/note/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/note/forms.py
+++ b/apps/note/forms.py
@ -1,13 +1,14 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import datetime
 from bootstrap_datepicker_plus.widgets import DateTimePickerInput
 from django import forms
 from django.contrib.contenttypes.models import ContentType
 from django.forms import CheckboxSelectMultiple
 from django.utils.timezone import make_aware
 from django.utils.translation import gettext_lazy as _
-from note_kfet.inputs import Autocomplete, AmountInput, DateTimePickerInput
+from note_kfet.inputs import Autocomplete, AmountInput
 from .models import TransactionTemplate, NoteClub, Alias
--- a/apps/note/migrations/0002_create_special_notes.py
+++ b/apps/note/migrations/0002_create_special_notes.py
@ -18,6 +18,7 @@ def create_special_notes(apps, schema_editor):
 class Migration(migrations.Migration):
    dependencies = [
        ('note', '0001_initial'),
        ('logs', '0001_initial'),
    ]
    operations = [
--- a/apps/note/models/init.py
+++ b/apps/note/models/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust
--- a/apps/note/models/notes.py
+++ b/apps/note/models/notes.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import unicodedata
@ -293,6 +293,11 @@ class Alias(models.Model):
    def __str__(self):
        return self.name
    @transaction.atomic
    def save(self, *args, **kwargs):
        self.clean()
        super().save(*args, **kwargs)
    @staticmethod
    def normalize(string):
        """
@ -321,11 +326,6 @@ class Alias(models.Model):
            pass
        self.normalized_name = normalized_name
    @transaction.atomic
    def save(self, *args, **kwargs):
        self.clean()
        super().save(*args, **kwargs)
    def delete(self, using=None, keep_parents=False):
        if self.name == str(self.note):
            raise ValidationError(_("You can't delete your main alias."),
--- a/apps/note/models/transactions.py
+++ b/apps/note/models/transactions.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.core.exceptions import ValidationError
@ -59,6 +59,7 @@ class TransactionTemplate(models.Model):
    amount = models.PositiveIntegerField(
        verbose_name=_('amount'),
    )
    category = models.ForeignKey(
        TemplateCategory,
        on_delete=models.PROTECT,
@ -87,12 +88,12 @@ class TransactionTemplate(models.Model):
        verbose_name = _("transaction template")
        verbose_name_plural = _("transaction templates")
    def get_absolute_url(self):
        return reverse('note:template_update', args=(self.pk,))
    def __str__(self):
        return self.name
    def get_absolute_url(self):
        return reverse('note:template_update', args=(self.pk,))
 class Transaction(PolymorphicModel):
    """
@ -101,7 +102,6 @@ class Transaction(PolymorphicModel):
    amount is store in centimes of currency, making it a  positive integer
    value. (from someone to someone else)
    """
    source = models.ForeignKey(
        Note,
        on_delete=models.PROTECT,
@ -166,6 +166,50 @@ class Transaction(PolymorphicModel):
            models.Index(fields=['destination']),
        ]
    def __str__(self):
        return self.__class__.__name__ + " from " + str(self.source) + " to " + str(self.destination) + " of "\
            + pretty_money(self.quantity * self.amount) + ("" if self.valid else " invalid")
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
        When saving, also transfer money between two notes
        """
        if self.source.pk == self.destination.pk:
            # When source == destination, no money is transferred and no transaction is created
            return
        self.source = Note.objects.select_for_update().get(pk=self.source_id)
        self.destination = Note.objects.select_for_update().get(pk=self.destination_id)
        # Check that the amounts stay between big integer bounds
        diff_source, diff_dest = self.validate()
        if not (hasattr(self, '_force_save') and self._force_save) \
                and (not self.source.is_active or not self.destination.is_active):
            raise ValidationError(_("The transaction can't be saved since the source note "
                                    "or the destination note is not active."))
        # If the aliases are not entered, we assume that the used alias is the name of the note
        if not self.source_alias:
            self.source_alias = str(self.source)
        if not self.destination_alias:
            self.destination_alias = str(self.destination)
        # We save first the transaction, in case of the user has no right to transfer money
        super().save(*args, **kwargs)
        # Save notes
        self.source.refresh_from_db()
        self.source.balance += diff_source
        self.source._force_save = True
        self.source.save()
        self.destination.refresh_from_db()
        self.destination.balance += diff_dest
        self.destination._force_save = True
        self.destination.save()
    def validate(self):
        previous_source_balance = self.source.balance
        previous_dest_balance = self.destination.balance
@ -208,46 +252,6 @@ class Transaction(PolymorphicModel):
        return source_balance - previous_source_balance, dest_balance - previous_dest_balance
    @transaction.atomic
    def save(self, *args, **kwargs):
        """
        When saving, also transfer money between two notes
        """
        if self.source.pk == self.destination.pk:
            # When source == destination, no money is transferred and no transaction is created
            return
        self.source = Note.objects.select_for_update().get(pk=self.source_id)
        self.destination = Note.objects.select_for_update().get(pk=self.destination_id)
        # Check that the amounts stay between big integer bounds
        diff_source, diff_dest = self.validate()
        if not (hasattr(self, '_force_save') and self._force_save) \
                and (not self.source.is_active or not self.destination.is_active):
            raise ValidationError(_("The transaction can't be saved since the source note "
                                    "or the destination note is not active."))
        # If the aliases are not entered, we assume that the used alias is the name of the note
        if not self.source_alias:
            self.source_alias = str(self.source)
        if not self.destination_alias:
            self.destination_alias = str(self.destination)
        # We save first the transaction, in case of the user has no right to transfer money
        super().save(*args, **kwargs)
        # Save notes
        self.source.refresh_from_db()
        self.source.balance += diff_source
        self.source._force_save = True
        self.source.save()
        self.destination.refresh_from_db()
        self.destination.balance += diff_dest
        self.destination._force_save = True
        self.destination.save()
    @property
    def total(self):
        return self.amount * self.quantity
@ -256,46 +260,40 @@ class Transaction(PolymorphicModel):
    def type(self):
        return _('Transfer')
    def __str__(self):
        return self.__class__.__name__ + " from " + str(self.source) + " to " + str(self.destination) + " of "\
            + pretty_money(self.quantity * self.amount) + ("" if self.valid else " invalid")
 class RecurrentTransaction(Transaction):
    """
    Special type of :model:`note.Transaction` associated to a :model:`note.TransactionTemplate`.
    """
    template = models.ForeignKey(
        TransactionTemplate,
        on_delete=models.PROTECT,
    )
    class Meta:
        verbose_name = _("recurrent transaction")
        verbose_name_plural = _("recurrent transactions")
    @transaction.atomic
    def save(self, *args, **kwargs):
        self.clean()
        return super().save(*args, **kwargs)
    def clean(self):
        if self.template.destination != self.destination and not (hasattr(self, '_force_save') and self._force_save):
            raise ValidationError(
                _("The destination of this transaction must equal to the destination of the template."))
        return super().clean()
    @transaction.atomic
    def save(self, *args, **kwargs):
        self.clean()
        return super().save(*args, **kwargs)
    @property
    def type(self):
        return _('Template')
    class Meta:
        verbose_name = _("recurrent transaction")
        verbose_name_plural = _("recurrent transactions")
 class SpecialTransaction(Transaction):
    """
    Special type of :model:`note.Transaction` associated to transactions with special notes
    """
    last_name = models.CharField(
        max_length=255,
        verbose_name=_("name"),
@ -312,6 +310,15 @@ class SpecialTransaction(Transaction):
        blank=True,
    )
    class Meta:
        verbose_name = _("Special transaction")
        verbose_name_plural = _("Special transactions")
    @transaction.atomic
    def save(self, *args, **kwargs):
        self.clean()
        super().save(*args, **kwargs)
    @property
    def type(self):
        return _('Credit') if isinstance(self.source, NoteSpecial) else _("Debit")
@ -328,11 +335,6 @@ class SpecialTransaction(Transaction):
            raise ValidationError(_("A special transaction is only possible between a"
                                    " Note associated to a payment method and a User or a Club"))
    @transaction.atomic
    def save(self, *args, **kwargs):
        self.clean()
        super().save(*args, **kwargs)
    @staticmethod
    def validate_payment_form(form):
        """
@ -363,17 +365,11 @@ class SpecialTransaction(Transaction):
        return not error
    class Meta:
        verbose_name = _("Special transaction")
        verbose_name_plural = _("Special transactions")
 class MembershipTransaction(Transaction):
    """
    Special type of :model:`note.Transaction` associated to a :model:`member.Membership`.
    """
    membership = models.OneToOneField(
        'member.Membership',
        on_delete=models.PROTECT,
--- a/apps/note/signals.py
+++ b/apps/note/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils import timezone
--- a/apps/note/static/note/js/consos.js
+++ b/apps/note/static/note/js/consos.js
@ -1,4 +1,4 @@
-// Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+// Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 // SPDX-License-Identifier: GPL-3.0-or-later
 // When a transaction is performed, lock the interface to prevent spam clicks.
@ -258,3 +258,39 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
      })
    })
 }
 var searchbar = document.getElementById("search-input")
 var search_results = document.getElementById("search-results")
 var old_pattern = null;
 var firstMatch = null;
 /**
 * Updates the button search tab
 * @param force Forces the update even if the pattern didn't change
 */
 function updateSearch(force = false) {
  let pattern = searchbar.value
  if (pattern === "")
    firstMatch = null;
  if ((pattern === old_pattern || pattern === "") && !force)
    return;
  firstMatch = null;
  const re = new RegExp(pattern, "i");
  Array.from(search_results.children).forEach(function(b) {
    if (re.test(b.innerText)) {
      b.hidden = false;
      if (firstMatch === null) {
        firstMatch = b;
      }
    } else
      b.hidden = true;
  });
 }
 searchbar.addEventListener("input", function (e) {
  debounce(updateSearch)()
 });
 searchbar.addEventListener("keyup", function (e) {
  if (firstMatch && e.key === "Enter")
    firstMatch.click()
 });
--- a/apps/note/tables.py
+++ b/apps/note/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import html
@ -159,11 +159,11 @@ class TrustTable(tables.Table):
        template_name = 'django_tables2/bootstrap4.html'
    show_header = False
-    trusted = tables.Column(attrs={'td': {'class': 'text_center'}})
+    trusted = tables.Column(attrs={'td': {'class': 'text-center'}})
    delete_col = tables.TemplateColumn(
        template_code=DELETE_TEMPLATE,
-        extra_context={"delete_trans": _('delete')},
+        extra_context={"delete_trans": _('Delete')},
        attrs={
            'td': {
                'class': lambda record: 'col-sm-1'
@ -173,6 +173,46 @@ class TrustTable(tables.Table):
        verbose_name=_("Delete"),)
 class TrustedTable(tables.Table):
    class Meta:
        attrs = {
            'class': 'table table condensed table-striped',
            'id': 'trusted_table'
        }
        Model = Trust
        fields = ("trusting",)
        template_name = "django_tables2/bootstrap4.html"
    show_header = False
    trusting = tables.Column(attrs={
        'td': {'class': 'text-center', 'width': '100%'}})
    trust_back = tables.Column(
        verbose_name=_("Trust back"),
        accessor="pk",
        attrs={
            'td': {
                'class': '',
                'id': lambda record: "trust_back_" + str(record.pk),
            }
        },
    )
    def render_trust_back(self, record):
        user_note = record.trusted
        trusting_note = record.trusting
        if Trust.objects.filter(trusted=trusting_note, trusting=user_note):
            return ""
        val = '<button id="'
        val += str(record.pk)
        val += '" class="btn btn-success btn-sm text-nowrap" \
            onclick="create_trust(' + str(record.trusted.pk) + ',' + \
            str(record.trusting.pk) + ')">'
        val += str(_("Add back"))
        val += '</button>'
        return mark_safe(val)
 class AliasTable(tables.Table):
    class Meta:
        attrs = {
@ -220,11 +260,13 @@ class ButtonTable(tables.Table):
        text=_('edit'),
        accessor='pk',
        verbose_name=_("Edit"),
        orderable=False,
    )
    hideshow = tables.Column(
        verbose_name=_("Hide/Show"),
        accessor="pk",
        orderable=False,
        attrs={
            'td': {
                'class': 'col-sm-1',
@ -236,7 +278,8 @@ class ButtonTable(tables.Table):
    delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
                                       extra_context={"delete_trans": _('delete')},
                                       attrs={'td': {'class': 'col-sm-1'}},
-                                       verbose_name=_("Delete"), )
+                                       verbose_name=_("Delete"),
                                       orderable=False, )
    def render_amount(self, value):
        return pretty_money(value)
--- a/apps/note/templates/note/amount_input.html
+++ b/apps/note/templates/note/amount_input.html
@ -9,7 +9,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
           name="{{ widget.name }}"
           {# Other attributes are loaded  #}
           {% for name, value in widget.attrs.items %}
-                {% ifnotequal value False %}{{ name }}{% ifnotequal value True %}="{{ value|stringformat:'s' }}"{% endifnotequal %}{% endifnotequal %}
+                {% if value is not False %}{{ name }}{% if value is not True %}="{{ value|stringformat:'s' }}"{% endif %}{% endif %}
            {% endfor %}>
    <div class="input-group-append">
        <span class="input-group-text">€</span>
--- a/apps/note/templates/note/conso_form.html
+++ b/apps/note/templates/note/conso_form.html
@ -103,6 +103,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
                                </a>
                            </li>
                        {% endfor %}
                            <li class="nav-item">
                                <a class="nav-link font-weight-bold" data-toggle="tab" href="#search">
                                    {% trans "Search" %}
                                </a>
                            </li>
                    </ul>
                </div>
@ -123,6 +128,20 @@ SPDX-License-Identifier: GPL-3.0-or-later
                                </div>
                            </div>
                        {% endfor %}
                            <div class="tab-pane" id="search">
                                <input class="form-control mx-auto d-block mb-3"
                                       placeholder="{% trans "Search button..." %}" type="search" id="search-input"/>
                                <div class="d-inline-flex flex-wrap justify-content-center" id="search-results">
                                    {% for button in all_buttons %}
                                        {% if button.display %}
                                            <button class="btn btn-outline-dark rounded-0 flex-fill" hidden
                                                    id="search_button{{ button.id }}" name="button" value="{{ button.name }}">
                                                {{ button.name }} ({{ button.amount | pretty_money }})
                                            </button>
                                        {% endif %}
                                    {% endfor %}
                                </div>
                            </div>
                    </div>
                </div>
@ -163,7 +182,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
    <script type="text/javascript">
        {% for button in highlighted %}
            {% if button.display %}
-                $("#highlighted_button{{ button.id }}").click(function() {
+                document.getElementById("highlighted_button{{ button.id }}").addEventListener("click", function() {
                    addConso({{ button.destination_id }}, {{ button.amount }},
                        {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name|escapejs }}",
                        {{ button.id }}, "{{ button.name|escapejs }}");
@ -174,7 +193,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
        {% for category in categories %}
            {% for button in category.templates_filtered %}
            {% if button.display %}
-                $("#button{{ button.id }}").click(function() {
+                document.getElementById("button{{ button.id }}").addEventListener("click", function() {
                    addConso({{ button.destination_id }}, {{ button.amount }},
                        {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name|escapejs }}",
                        {{ button.id }}, "{{ button.name|escapejs }}");
@ -182,5 +201,15 @@ SPDX-License-Identifier: GPL-3.0-or-later
            {% endif %}
            {% endfor %}
        {% endfor %}
        {% for button in all_buttons %}
            {% if button.display %}
                document.getElementById("search_button{{ button.id }}").addEventListener("click", function() {
                    addConso({{ button.destination_id }}, {{ button.amount }},
                        {{ polymorphic_ctype }}, {{ button.category_id }}, "{{ button.category.name|escapejs }}",
                        {{ button.id }}, "{{ button.name|escapejs }}");
                });
            {% endif %}
        {% endfor %}
    </script>
 {% endblock %}
--- a/apps/note/templates/note/mails/negative_balance.html
+++ b/apps/note/templates/note/mails/negative_balance.html
@ -22,8 +22,8 @@
 </p>
 <p>
-    Par ailleurs, le BDE ne sert pas d'alcool aux adhérents dont le solde
+    Par ailleurs, le BDE ne sert pas d'alcool aux adhérent⋅es dont le solde
-    est inférieur à 0 € depuis plus de 24h.
+    est inférieur à 0 €.
 </p>
 <p>
@ -43,4 +43,4 @@
    {% trans "Mail generated by the Note Kfet on the" %} {% now "j F Y à H:i:s" %}
 </p>
 </body>
-</html>
+</html>
--- a/apps/note/templates/note/mails/negative_balance.txt
+++ b/apps/note/templates/note/mails/negative_balance.txt
@ -9,7 +9,7 @@ Ce mail t'a été envoyé parce que le solde de ta Note Kfet
 Ton solde actuel est de {{ note.balance|pretty_money }}.
-Par ailleurs, le BDE ne sert pas d'alcool aux adhérents dont le solde
+Par ailleurs, le BDE ne sert pas d'alcool aux adhérent·e·s dont le solde
 est inférieur à 0 € depuis plus de 24h.
 Si tu ne comprends pas ton solde, tu peux consulter ton historique
@ -22,4 +22,4 @@ virement bancaire.
 --
 Le BDE
-{% trans "Mail generated by the Note Kfet on the" %} {% now "j F Y à H:i:s" %}
+{% trans "Mail generated by the Note Kfet on the" %} {% now "j F Y à H:i:s" %}
--- a/apps/note/templatetags/getenv.py
+++ b/apps/note/templatetags/getenv.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django import template
--- a/apps/note/templatetags/pretty_money.py
+++ b/apps/note/templatetags/pretty_money.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django import template
--- a/apps/note/tests/test_transactions.py
+++ b/apps/note/tests/test_transactions.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from api.tests import TestAPI
@ -10,7 +10,7 @@ from django.urls import reverse
 from django.utils import timezone
 from permission.models import Role
-from ..api.views import AliasViewSet, ConsumerViewSet, NotePolymorphicViewSet, TemplateCategoryViewSet,\
+from ..api.views import AliasViewSet, ConsumerViewSet, NotePolymorphicViewSet, TemplateCategoryViewSet, \
    TransactionTemplateViewSet, TransactionViewSet
 from ..models import NoteUser, Transaction, TemplateCategory, TransactionTemplate, RecurrentTransaction, \
    MembershipTransaction, SpecialTransaction, NoteSpecial, Alias, Note
--- a/apps/note/urls.py
+++ b/apps/note/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.urls import path
--- a/apps/note/views.py
+++ b/apps/note/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import json
@ -10,12 +10,13 @@ from django.core.exceptions import PermissionDenied
 from django.db.models import Q, F
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import CreateView, UpdateView, DetailView
 from django_tables2 import SingleTableView
 from django.urls import reverse_lazy
 from django_tables2 import SingleTableView
 from activity.models import Entry
-from note_kfet.inputs import AmountInput
+from api.viewsets import is_regex
 from permission.backends import PermissionBackend
 from permission.views import ProtectQuerysetMixin
 from note_kfet.inputs import AmountInput
 from .forms import TransactionTemplateForm, SearchTransactionForm
 from .models import TemplateCategory, Transaction, TransactionTemplate, RecurrentTransaction, NoteSpecial, Note
@ -89,11 +90,15 @@ class TransactionTemplateListView(ProtectQuerysetMixin, LoginRequiredMixin, Sing
        qs = super().get_queryset().distinct()
        if "search" in self.request.GET:
            pattern = self.request.GET["search"]
            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(pattern)
            suffix = "__iregex" if valid_regex else "__icontains"
            qs = qs.filter(
-                Q(name__iregex=pattern)
+                Q(**{f"name{suffix}": pattern})
-                | Q(destination__club__name__iregex=pattern)
+                | Q(**{f"destination__club__name{suffix}": pattern})
-                | Q(category__name__iregex=pattern)
+                | Q(**{f"category__name{suffix}": pattern})
-                | Q(description__iregex=pattern)
+                | Q(**{f"description{suffix}": pattern})
            )
        qs = qs.order_by('-display', 'category__name', 'destination__club__name', 'name')
@ -190,6 +195,10 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        ).order_by('name').all()
        context['polymorphic_ctype'] = ContentType.objects.get_for_model(RecurrentTransaction).pk
        context['all_buttons'] = TransactionTemplate.objects.filter(
            PermissionBackend.filter_queryset(self.request, TransactionTemplate, "view")
        ).filter(display=True).order_by('name').all()
        return context
@ -219,7 +228,10 @@ class TransactionSearchView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView
        if "type" in data and data["type"]:
            transactions = transactions.filter(polymorphic_ctype__in=data["type"])
        if "reason" in data and data["reason"]:
-            transactions = transactions.filter(reason__iregex=data["reason"])
+            # Check if this is a valid regex. If not, we won't check regex
            valid_regex = is_regex(data["reason"])
            suffix = "__iregex" if valid_regex else "__istartswith"
            transactions = transactions.filter(Q(**{f"reason{suffix}": data["reason"]}))
        if "valid" in data and data["valid"]:
            transactions = transactions.filter(valid=data["valid"])
        if "amount_gte" in data and data["amount_gte"]:
--- a/apps/permission/init.py
+++ b/apps/permission/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_app_config = 'permission.apps.PermissionConfig'
--- a/apps/permission/admin.py
+++ b/apps/permission/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-lateré
 from django.contrib import admin
--- a/apps/permission/api/serializers.py
+++ b/apps/permission/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from rest_framework import serializers
--- a/apps/permission/api/urls.py
+++ b/apps/permission/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from .views import PermissionViewSet, RoleViewSet
--- a/apps/permission/api/views.py
+++ b/apps/permission/api/views.py
@ -1,9 +1,9 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from api.viewsets import ReadOnlyProtectedModelViewSet
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadOnlyProtectedModelViewSet
 from .serializers import PermissionSerializer, RoleSerializer
 from ..models import Permission, Role
@ -17,9 +17,9 @@ class PermissionViewSet(ReadOnlyProtectedModelViewSet):
    """
    queryset = Permission.objects.order_by('id')
    serializer_class = PermissionSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['model', 'type', 'query', 'mask', 'field', 'permanent', ]
-    search_fields = ['$model__name', '$query', '$description', ]
+    search_fields = ['$model__model', '$query', '$description', ]
 class RoleViewSet(ReadOnlyProtectedModelViewSet):
@ -30,6 +30,6 @@ class RoleViewSet(ReadOnlyProtectedModelViewSet):
    """
    queryset = Role.objects.order_by('id')
    serializer_class = RoleSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'permissions', 'for_club', 'memberships__user', ]
    search_fields = ['$name', '$for_club__name', ]
--- a/apps/permission/apps.py
+++ b/apps/permission/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.apps import AppConfig
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import date
@ -198,6 +198,41 @@ class PermissionBackend(ModelBackend):
    def has_module_perms(self, user_obj, app_label):
        return False
    @staticmethod
    @memoize
    def has_model_perm(request, model, type):
        """
        Check is the given user has the permission over a given model for a given action.
        The result is then memoized.
        :param request: The current request
        :param model: The model that the permissions shoud apply
        :param type: The type of the permissions: view, change, add or delete
        For view action, it is consider possible if user can view or change the model
        """
        # Requested by a shell
        if request is None:
            return False
        user_obj = request.user
        sess = request.session
        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
            # OAuth2 Authentication
            user_obj = request.auth.user
        if user_obj is None or user_obj.is_anonymous:
            return False
        if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42:
            return True
        ct = ContentType.objects.get_for_model(model)
        if any(PermissionBackend.permissions(request, ct, type)):
            return True
        if type == "view" and any(PermissionBackend.permissions(request, ct, "change")):
            return True
        return False
    def get_all_permissions(self, user_obj, obj=None):
        ct = ContentType.objects.get_for_model(obj)
        return list(self.permissions(get_current_request(), ct, "view"))
--- a/apps/permission/decorators.py
+++ b/apps/permission/decorators.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import sys
 from functools import lru_cache
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@ -36,7 +36,7 @@
 			"mask": 1,
 			"field": "",
 			"permanent": true,
-			"description": "Voir son compte utilisateur"
+			"description": "Voir son compte utilisateur⋅rice"
 		}
 	},
 	{
@ -68,7 +68,7 @@
 			"mask": 1,
 			"field": "",
 			"permanent": true,
-			"description": "Voir sa propre note d'utilisateur"
+			"description": "Voir sa propre note d'utilisateur⋅rice"
 		}
 	},
 	{
@ -116,7 +116,7 @@
 			"mask": 1,
 			"field": "",
 			"permanent": false,
-			"description": "Voir les aliases des notes des clubs et des adhérents du club BDE"
+			"description": "Voir les alias des notes des clubs et des adhérent⋅es du club BDE"
 		}
 	},
 	{
@ -772,7 +772,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Voir les adhérents du club"
+			"description": "Voir les adhérent⋅es du club"
 		}
 	},
 	{
@ -788,7 +788,7 @@
 			"mask": 2,
 			"field": "",
 			"permanent": false,
-			"description": "Ajouter un membre à un club"
+			"description": "Ajouter un⋅e membre à un club"
 		}
 	},
 	{
@ -852,7 +852,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Modifier n'importe quel utilisateur"
+			"description": "Modifier n'importe quel⋅le utilisateur⋅rice"
 		}
 	},
 	{
@ -868,7 +868,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Ajouter un utilisateur"
+			"description": "Ajouter un⋅e utilisateur⋅rice"
 		}
 	},
 	{
@ -1284,7 +1284,7 @@
 			"mask": 2,
 			"field": "",
 			"permanent": false,
-			"description": "Inscrire un 1A au WEI"
+			"description": "Inscrire un⋅e 1A au WEI"
 		}
 	},
 	{
@ -1956,7 +1956,7 @@
 			"mask": 1,
 			"field": "",
 			"permanent": true,
-			"description": "Voir mes activitées passées, même après la fin de l'adhésion BDE"
+			"description": "Voir mes activités passées, même après la fin de l'adhésion BDE"
 		}
 	},
 	{
@ -2100,7 +2100,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Voir n'importe quel utilisateur"
+			"description": "Voir n'importe quel⋅le utilisateur⋅rice"
 		}
 	},
 	{
@ -2228,7 +2228,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Créer une note d'utilisateur"
+			"description": "Créer une note d'utilisateur⋅rice"
 		}
 	},
 	{
@ -2276,7 +2276,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Voir tous les adhérents de tous les clubs"
+			"description": "Voir toustes les adhérent⋅es de tous les clubs"
 		}
 	},
 	{
@ -2292,7 +2292,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Ajouter un membre à n'importe quel club"
+			"description": "Ajouter un⋅e membre à n'importe quel club"
 		}
 	},
 	{
@ -2372,7 +2372,7 @@
 			"mask": 1,
 			"field": "name",
 			"permanent": false,
-			"description": "Modifier le nom d'une activité non validée dont on est l'auteur"
+			"description": "Modifier le nom d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2388,7 +2388,7 @@
 			"mask": 1,
 			"field": "description",
 			"permanent": false,
-			"description": "Modifier la description d'une activité non validée dont on est l'auteur"
+			"description": "Modifier la description d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2404,7 +2404,7 @@
 			"mask": 1,
 			"field": "location",
 			"permanent": false,
-			"description": "Modifier le lieu d'une activité non validée dont on est l'auteur"
+			"description": "Modifier le lieu d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2420,7 +2420,7 @@
 			"mask": 1,
 			"field": "activity_type",
 			"permanent": false,
-			"description": "Modifier le type d'une activité non validée dont on est l'auteur"
+			"description": "Modifier le type d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2436,7 +2436,7 @@
 			"mask": 1,
 			"field": "organizer",
 			"permanent": false,
-			"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur"
+			"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2452,7 +2452,7 @@
 			"mask": 1,
 			"field": "attendees_club",
 			"permanent": false,
-			"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur"
+			"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2468,7 +2468,7 @@
 			"mask": 1,
 			"field": "date_start",
 			"permanent": false,
-			"description": "Modifier la date de début d'une activité non validée dont on est l'auteur"
+			"description": "Modifier la date de début d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2484,7 +2484,7 @@
 			"mask": 1,
 			"field": "date_end",
 			"permanent": false,
-			"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur"
+			"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur⋅rice"
 		}
 	},
 	{
@ -2591,12 +2591,12 @@
 				"note",
 				"transaction"
 			],
-			"query": "[\"OR\", {\"source__balance__gte\": {\"F\": [\"SUB\", [\"MUL\", [\"F\", \"amount\"], [\"F\", \"quantity\"]], 2000]}}, {\"valid\": false}]",
+			"query": "[\"OR\", {\"source__balance__gte\": 0}, [\"AND\", [\"NOT\", {\"recurrenttransaction__template__category__name\": \"Alcool\"}], {\"source__balance__gte\": {\"F\": [\"SUB\", [\"MUL\", [\"F\", \"amount\"], [\"F\", \"quantity\"]], 2000]}}], {\"valid\": false}]",
 			"type": "add",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
-			"description": "Créer une transaction quelconque tant que la source reste au-dessus de -20 €"
+			"description": "Créer une transaction quelconque tant que la source reste positive s'il s'agit d'alcool, sinon au-dessus de -20€"
 		}
 	},
 	{
@ -2756,7 +2756,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Modifier n'importe quel utilisateur non encore inscrit"
+			"description": "Modifier n'importe quel⋅le utilisateur⋅rice non encore inscrit⋅e"
 		}
 	},
 	{
@ -2788,7 +2788,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Voir tous les alias, y compris ceux des non adhérents"
+			"description": "Voir tous les alias, y compris ceux des non adhérent⋅es"
 		}
 	},
 	{
@ -2820,7 +2820,7 @@
 			"mask": 2,
 			"field": "",
 			"permanent": false,
-			"description": "Voir n'importe quel utilisateur non encore inscrit"
+			"description": "Voir n'importe quel⋅le utilisateur⋅rice non encore inscrit⋅e"
 		}
 	},
 	{
@ -2847,12 +2847,12 @@
 				"auth",
 				"user"
 			],
-			"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
+			"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent⋅e BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
 			"type": "view",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
-			"description": "Voir n'importe quel utilisateur qui est adhérent BDE"
+			"description": "Voir n'importe quel⋅le utilisateur⋅rice qui est adhérent⋅e BDE"
 		}
 	},
 	{
@ -3044,7 +3044,7 @@
 			"mask": 3,
 			"field": "",
 			"permanent": false,
-			"description": "Voir toutes les amitiés, y compris celles des non adhérents"
+			"description": "Voir toutes les amitiés, y compris celles des non adhérent⋅es"
 		}
 	},
 	{
@ -3073,7 +3073,7 @@
 			],
 			"query": "[\"AND\", {\"source__trusting__trusted\": [\"user\", \"note\"]}, [\"OR\", {\"source__balance__gte\": {\"F\": [\"MUL\", [\"F\", \"amount\"], [\"F\", \"quantity\"]]}}, {\"valid\": false}]]",
 			"type": "add",
-			"mask": 2,
+			"mask": 1,
 			"field": "",
 			"permanent": false,
 			"description": "Transférer de l'argent depuis une note amie en restant positif"
@ -3093,6 +3093,215 @@
 			"field": "",
 			"permanent": false,
 			"description": "Créer un crédit quelconque"
        }
    },
 	{
 		"model": "permission.permission",
 		"pk": 198,
 		"fields": {
 			"model": [
 				"note",
 				"trust"
 			],
 			"query": "{\"trusted__noteuser__user\": [\"user\"]}",
 			"type": "view",
 			"mask": 1,
 			"field": "",
 			"permanent": true,
 			"description": "Voir ceux nous ayant pour ami, pour toujours"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 199,
 		"fields": {
 			"model": [
 				"activity",
 				"activity"
 			],
 			"query": "{\"opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"open\": true, \"activity_type__manage_entries\":true}",
 			"type": "view",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Voir les activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 200,
 		"fields": {
 			"model": [
 				"activity",
 				"activity"
 			],
 			"query": "{\"opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"open\": true, \"activity_type__manage_entries\":true}",
 			"type": "change",
 			"mask": 2,
 			"field": "open",
 			"permanent": false,
 			"description": "Fermer les activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 201,
 		"fields": {
 			"model": [
 				"activity",
 				"entry"
 			],
 			"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"activity__open\": true, \"activity__activity_type__manage_entries\":true}",
 			"type": "add",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Faire les entrées des activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 202,
 		"fields": {
 			"model": [
 				"activity",
 				"entry"
 			],
 			"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]]}",
 			"type": "view",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Voir les entrées des activités dont l'utilisateur⋅rice est ouvreur⋅se"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 203,
 		"fields": {
 			"model": [
 				"activity",
 				"guest"
 			],
 			"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]]}",
 			"type": "view",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Voir les invité⋅es des activités dont l'utilisateur⋅rice est ouvreur⋅se"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 204,
 		"fields": {
 			"model": [
 				"activity",
 				"guesttransaction"
 			],
 			"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
 			"type": "add",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Créer une transaction d'invitation lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 205,
 		"fields": {
 			"model": [
 				"note",
 				"specialtransaction"
 			],
 			"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
 			"type": "add",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Créer un crédit ou un retrait quelconque lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 206,
 		"fields": {
 			"model": [
 				"note",
 				"notespecial"
 			],
 			"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
 			"type": "view",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Afficher l'interface crédit/retrait lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 207,
 		"fields": {
 			"model": [
 				"activity",
 				"opener"
 			],
 			"query": "{}",
 			"type": "view",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Voir les ouvreur⋅ses des activités"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 208,
 		"fields": {
 			"model": [
 				"activity",
 				"opener"
 			],
 			"query": "{}",
 			"type": "add",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Ajouter des ouvreur⋅ses aux activités"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 209,
 		"fields": {
 			"model": [
 				"activity",
 				"opener"
 			],
 			"query": "{}",
 			"type": "delete",
 			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Supprimer des ouvreur⋅ses aux activités"
 		}
 	},
 	{
 		"model": "permission.permission",
 		"pk": 210,
 		"fields": {
 			"model": [
 				"activity",
 				"activity"
 			],
 			"query": "{}",
 			"type": "change",
 			"mask": 2,
 			"field": "opener",
 			"permanent": false,
 			"description": "Voir le tableau des ouvreur⋅ses"
 		}
 	},
 	{
@ -3100,7 +3309,7 @@
 		"pk": 1,
 		"fields": {
 			"for_club": 1,
-			"name": "Adh\u00e9rent BDE",
+			"name": "Adh\u00e9rent\u22c5e BDE",
 			"permissions": [
 				1,
 				2,
@ -3135,7 +3344,16 @@
 				190,
 				191,
 				195,
-				196
+				196,
 				198,
 				199,
 				200,
 				201,
 				202,
 				203,
 				204,
 				205,
 				206
 			]
 		}
 	},
@ -3144,7 +3362,7 @@
 		"pk": 2,
 		"fields": {
 			"for_club": 2,
-			"name": "Adh\u00e9rent Kfet",
+			"name": "Adh\u00e9rent\u22c5e Kfet",
 			"permissions": [
 				22,
 				36,
@ -3208,10 +3426,11 @@
 		"pk": 5,
 		"fields": {
 			"for_club": null,
-			"name": "Pr\u00e9sident\u00b7e de club",
+			"name": "Pr\u00e9sident\u22c5e de club",
 			"permissions": [
 				62,
-				142
+				142,
 				135
 			]
 		}
 	},
@ -3220,7 +3439,7 @@
 		"pk": 6,
 		"fields": {
 			"for_club": null,
-			"name": "Tr\u00e9sorier\u00b7\u00e8re de club",
+			"name": "Tr\u00e9sorièr\u22c5e de club",
 			"permissions": [
 				19,
 				20,
@ -3244,7 +3463,7 @@
 		"pk": 7,
 		"fields": {
 			"for_club": 1,
-			"name": "Pr\u00e9sident\u00b7e BDE",
+			"name": "Pr\u00e9sident\u22c5e BDE",
 			"permissions": [
 				24,
 				25,
@ -3273,7 +3492,7 @@
 		"pk": 8,
 		"fields": {
 			"for_club": 1,
-			"name": "Tr\u00e9sorier\u00b7\u00e8re BDE",
+			"name": "Tr\u00e9sorièr\u22c5e BDE",
 			"permissions": [
 				23,
 				24,
@ -3396,7 +3615,11 @@
 				46,
 				148,
 				149,
-				182
+				182,
 				207,
 				208,
 				209,
 				210
 			]
 		}
 	},
@ -3441,7 +3664,7 @@
 		"pk": 13,
 		"fields": {
 			"for_club": null,
-			"name": "Chef de bus",
+			"name": "Chef\u22c5fe de bus",
 			"permissions": [
 				22,
 				84,
@ -3460,7 +3683,7 @@
 		"pk": 14,
 		"fields": {
 			"for_club": null,
-			"name": "Chef d'\u00e9quipe",
+			"name": "Chef\u22c5fe d'\u00e9quipe",
 			"permissions": [
 				22,
 				84,
@ -3509,7 +3732,7 @@
 		"pk": 18,
 		"fields": {
 			"for_club": null,
-			"name": "Adhérent WEI",
+			"name": "Adhérent\u22c5e WEI",
 			"permissions": [
 				77,
 				114
--- a/apps/permission/models.py
+++ b/apps/permission/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import functools
@ -26,6 +26,15 @@ class InstancedPermission:
        self.mask = mask
        self.kwargs = kwargs
    def __repr__(self):
        if self.field:
            return _("Can {type} {model}.{field} in {query}").format(type=self.type, model=self.model, field=self.field, query=self.query)
        else:
            return _("Can {type} {model} in {query}").format(type=self.type, model=self.model, query=self.query)
    def __str__(self):
        return self.__repr__()
    def applies(self, obj, permission_type, field_name=None):
        """
        Returns True if the permission applies to
@ -84,21 +93,11 @@ class InstancedPermission:
            # noinspection PyProtectedMember
            self.query = Permission._about(self.raw_query, **self.kwargs)
    def __repr__(self):
        if self.field:
            return _("Can {type} {model}.{field} in {query}").format(type=self.type, model=self.model, field=self.field, query=self.query)
        else:
            return _("Can {type} {model} in {query}").format(type=self.type, model=self.model, query=self.query)
    def __str__(self):
        return self.__repr__()
 class PermissionMask(models.Model):
    """
    Permissions that are hidden behind a mask
    """
    rank = models.PositiveSmallIntegerField(
        unique=True,
        verbose_name=_('rank'),
@ -110,13 +109,13 @@ class PermissionMask(models.Model):
        verbose_name=_('description'),
    )
    def __str__(self):
        return self.description
    class Meta:
        verbose_name = _("permission mask")
        verbose_name_plural = _("permission masks")
    def __str__(self):
        return self.description
 class Permission(models.Model):
@ -136,18 +135,18 @@ class Permission(models.Model):
    # A json encoded Q object with the following grammar
    #  query -> [] | {}  (the empty query representing all objects)
-    #  query -> ["AND", query, …]            AND multiple queries
+    #  query -> ["AND", query, ...]          AND multiple queries
-    #         | ["OR", query, …]             OR multiple queries
+    #         | ["OR", query, ...]           OR multiple queries
    #         | ["NOT", query]               Opposite of query
-    #  query -> {key: value, …}              A list of fields and values of a Q object
+    #  query -> {key: value, ...}            A list of fields and values of a Q object
    #  key   -> string                       A field name
    #  value -> int | string | bool | null   Literal values
-    #         | [parameter, …]               A parameter. See compute_param for more details.
+    #         | [parameter, ...]             A parameter. See compute_param for more details.
    #         | {"F": oper}                  An F object
-    #  oper  -> [string, …]                  A parameter. See compute_param for more details.
+    #  oper  -> [string, ...]                A parameter. See compute_param for more details.
-    #         | ["ADD", oper, …]             Sum multiple F objects or literal
+    #         | ["ADD", oper, ...]           Sum multiple F objects or literal
    #         | ["SUB", oper, oper]          Substract two F objects or literal
-    #         | ["MUL", oper, …]             Multiply F objects or literals
+    #         | ["MUL", oper, ...]           Multiply F objects or literals
    #         | int | string | bool | null   Literal values
    #         | ["F", string]                A field
    #
@ -194,16 +193,19 @@ class Permission(models.Model):
        verbose_name = _("permission")
        verbose_name_plural = _("permissions")
-    def clean(self):
+    def __str__(self):
-        self.query = json.dumps(json.loads(self.query))
+        return self.description
        if self.field and self.type not in {'view', 'change'}:
            raise ValidationError(_("Specifying field applies only to view and change permission types."))
    @transaction.atomic
    def save(self, **kwargs):
        self.full_clean()
        super().save()
    def clean(self):
        self.query = json.dumps(json.loads(self.query))
        if self.field and self.type not in {'view', 'change'}:
            raise ValidationError(_("Specifying field applies only to view and change permission types."))
    @staticmethod
    def compute_f(oper, **kwargs):
        if isinstance(oper, list):
@ -317,9 +319,6 @@ class Permission(models.Model):
        # query = self._about(query, **kwargs)
        return InstancedPermission(self.model, query, self.type, self.field, self.mask, **kwargs)
    def __str__(self):
        return self.description
 class Role(models.Model):
    """
@ -344,9 +343,9 @@ class Role(models.Model):
        default=None,
    )
    def __str__(self):
        return self.name
    class Meta:
        verbose_name = _("role permissions")
        verbose_name_plural = _("role permissions")
    def __str__(self):
        return self.name
--- a/apps/permission/permissions.py
+++ b/apps/permission/permissions.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from rest_framework.permissions import DjangoObjectPermissions
--- a/apps/permission/scopes.py
+++ b/apps/permission/scopes.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from oauth2_provider.oauth2_validators import OAuth2Validator
 from oauth2_provider.scopes import BaseScopes
@ -35,6 +35,8 @@ class PermissionScopes(BaseScopes):
 class PermissionOAuth2Validator(OAuth2Validator):
    oidc_claim_scope = None  # fix breaking change of django-oauth-toolkit 2.0.0
    def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
        """
        User can request as many scope as he wants, including invalid scopes,
--- a/apps/permission/signals.py
+++ b/apps/permission/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.core.exceptions import PermissionDenied
--- a/apps/permission/tables.py
+++ b/apps/permission/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import django_tables2 as tables
@ -36,8 +36,8 @@ class RightsTable(tables.Table):
    def render_roles(self, record):
        # If the user has the right to manage the roles, display the link to manage them
-        roles = record.roles.filter((~(Q(name="Adhérent BDE")
+        roles = record.roles.filter((~(Q(name="Adhérent⋅e BDE")
-                                     | Q(name="Adhérent Kfet")
+                                     | Q(name="Adhérent⋅e Kfet")
                                     | Q(name="Membre de club")
                                     | Q(name="Bureau de club"))
                                     & Q(weirole__isnull=True))).all()
--- a/apps/permission/templatetags/perms.py
+++ b/apps/permission/templatetags/perms.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib.contenttypes.models import ContentType
--- a/apps/permission/tests/test_oauth2.py
+++ b/apps/permission/tests/test_oauth2.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta
@ -58,7 +58,7 @@ class OAuth2TestCase(TestCase):
        # Create membership to validate permissions
        NoteUser.objects.create(user=self.user)
        membership = Membership.objects.create(user=self.user, club_id=bde.pk)
-        membership.roles.add(Role.objects.get(name="Adhérent BDE"))
+        membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
        membership.save()
        # User is now a member and can now see its own user detail
@ -85,7 +85,7 @@ class OAuth2TestCase(TestCase):
        bde = Club.objects.get(name="BDE")
        NoteUser.objects.create(user=self.user)
        membership = Membership.objects.create(user=self.user, club_id=bde.pk)
-        membership.roles.add(Role.objects.get(name="Adhérent BDE"))
+        membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
        membership.save()
        resp = self.client.get(reverse('permission:scopes'))
--- a/apps/permission/tests/test_permission_denied.py
+++ b/apps/permission/tests/test_permission_denied.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import timedelta, date
--- a/apps/permission/tests/test_permission_queries.py
+++ b/apps/permission/tests/test_permission_queries.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import date
--- a/apps/permission/tests/test_rights_page.py
+++ b/apps/permission/tests/test_rights_page.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.contrib.auth.models import User
--- a/Show More
+++ b/Show More
`@ -1,4 +1,4 @@`
	`# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay`	`# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay`
	`# SPDX-License-Identifier: GPL-3.0-or-later`	`# SPDX-License-Identifier: GPL-3.0-or-later`