allows mask for Oauth2

Small features

See merge request bde/nk20!355

.dockerignore

@@ -1,3 +1,5 @@
 __pycache__
 media
 db.sqlite3
+.tox
+.coverage

.env_example

@@ -1,6 +1,6 @@
 DJANGO_APP_STAGE=prod
 # Only used in dev mode, change to "postgresql" if you want to use PostgreSQL in dev
-DJANGO_DEV_STORE_METHOD=sqllite
+DJANGO_DEV_STORE_METHOD=sqlite
 DJANGO_DB_HOST=localhost
 DJANGO_DB_NAME=note_db
 DJANGO_DB_USER=note
@@ -10,9 +10,17 @@ DJANGO_SECRET_KEY=CHANGE_ME
 DJANGO_SETTINGS_MODULE=note_kfet.settings
 CONTACT_EMAIL=tresorerie.bde@localhost
 NOTE_URL=localhost
+
 # Config for mails. Only used in production
 NOTE_MAIL=notekfet@localhost
 EMAIL_HOST=smtp.localhost
-EMAIL_PORT=465
+EMAIL_PORT=25
 EMAIL_USER=notekfet@localhost
 EMAIL_PASSWORD=CHANGE_ME
+
+# Wiki configuration
+WIKI_USER=NoteKfet2020
+WIKI_PASSWORD=
+
+# OIDC
+OIDC_RSA_PRIVATE_KEY=CHANGE_ME

.gitignore

@@ -39,12 +39,18 @@ secrets.py
 .env
 map.json
 *.log
-media/
+backups/
+/static/
+/media/
+/tmp/
 
 # Virtualenv
 env/
 venv/
 db.sqlite3
+shell.nix
 
-# Ignore migrations during first phase dev
-migrations/
+# ansibles customs host
+ansible/host_vars/*.yaml
+!ansible/host_vars/bde*
+ansible/hosts

.gitlab-ci.yml

@@ -1,26 +1,64 @@
-image: python:3.6
-
 stages:
   - test
   - quality-assurance
+  - docs
 
+# Also fetch submodules
+variables:
+  GIT_SUBMODULE_STRATEGY: recursive
+
+# Ubuntu 22.04
+py310-django52:
+  stage: test
+  image: ubuntu:22.04
   before_script:
-  - pip install tox
+    # Fix tzdata prompt
+    - ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime && echo Europe/Paris > /etc/timezone
+    - >
+        apt-get update &&
+        apt-get install --no-install-recommends -y
+        python3-django python3-django-crispy-forms
+        python3-django-extensions python3-django-filters python3-django-polymorphic
+        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
+        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
+        python3-bs4 python3-setuptools tox texlive-xetex
+  script: tox -e py310-django52
 
-py36-django22:
-  image: python:3.6
+# Debian Bookworm
+py311-django52:
   stage: test
-  script: tox -e py36-django22
-
-py37-django22:
-  image: python:3.7
-  stage: test
-  script: tox -e py37-django22
+  image: debian:bookworm
+  before_script:
+    - >
+        apt-get update &&
+        apt-get install --no-install-recommends -y
+        python3-django python3-django-crispy-forms
+        python3-django-extensions python3-django-filters python3-django-polymorphic
+        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
+        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
+        python3-bs4 python3-setuptools tox texlive-xetex
+  script: tox -e py311-django52
 
 linters:
-  image: python:3.6
   stage: quality-assurance
+  image: debian:bookworm
+  before_script:
+    - apt-get update && apt-get install -y tox
   script: tox -e linters
 
   # Be nice to new contributors, but please use `tox`
   allow_failure: true
+
+# Compile documentation
+documentation:
+  stage: docs
+  image: sphinxdoc/sphinx
+  before_script:
+    - pip install sphinx-rtd-theme
+    - cd docs
+  script:
+    - make dirhtml
+  artifacts:
+    paths:
+      - docs/_build
+    expire_in: 1 day

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "apps/scripts"]
 	path = apps/scripts
-	url = https://gitlab.crans.org/bde/nk20-scripts.git
+	url = https://gitlab.crans.org/bde/nk20-scripts

Dockerfile

@@ -1,27 +1,27 @@
-FROM python:3-alpine
+FROM debian:buster-backports
 
+# Force the stdout and stderr streams to be unbuffered
 ENV PYTHONUNBUFFERED 1
 
-# Install LaTeX requirements
-RUN apk add --no-cache gettext texlive texmf-dist-latexextra texmf-dist-fontsextra nginx gcc libc-dev libffi-dev postgresql-dev libxml2-dev libxslt-dev jpeg-dev
+# Install Django, external apps, LaTeX and dependencies
+RUN apt-get update && \
+    apt-get install --no-install-recommends -t buster-backports -y \
+    python3-django python3-django-crispy-forms \
+    python3-django-extensions python3-django-filters python3-django-polymorphic \
+    python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil \
+    python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
+    python3-bs4 python3-setuptools \
+    uwsgi uwsgi-plugin-python3 \
+    texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome && \
+    rm -rf /var/lib/apt/lists/*
 
-RUN apk add --no-cache bash
+# Instal PyPI requirements
+COPY requirements.txt /var/www/note_kfet/
+RUN pip3 install -r /var/www/note_kfet/requirements.txt --no-cache-dir
 
-RUN mkdir /code
-WORKDIR /code
-COPY requirements /code/requirements
-RUN pip install gunicorn ptpython --no-cache-dir
-RUN pip install -r requirements/base.txt -r requirements/cas.txt -r requirements/production.txt --no-cache-dir
+# Copy code
+WORKDIR /var/www/note_kfet
+COPY . /var/www/note_kfet/
 
-COPY . /code/
-
-# Configure nginx
-RUN mkdir /run/nginx
-RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
-RUN ln -sf /code/nginx_note.conf_docker /etc/nginx/conf.d/nginx_note.conf
-RUN rm /etc/nginx/conf.d/default.conf
-
-ENTRYPOINT ["/code/entrypoint.sh"]
-EXPOSE 80
-
-CMD ["./manage.py", "shell_plus", "--ptpython"]
+EXPOSE 8080
+ENTRYPOINT ["/var/www/note_kfet/entrypoint.sh"]

LICENSE

@@ -1,674 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<https://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.

README.md

@@ -1,72 +1,173 @@
 # NoteKfet 2020
 
 [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.txt)
-[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/master/pipeline.svg)](https://gitlab.crans.org/bde/nk20/nk20/commits/master)
-[![coverage report](https://gitlab.crans.org/bde/nk20/badges/master/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/master)
+[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/main/pipeline.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
+[![coverage report](https://gitlab.crans.org/bde/nk20/badges/main/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
 
-## Installation sur un serveur
+## Table des matières
 
-On supposera pour la suite que vous utilisez Debian/Ubuntu sur un serveur tout nu ou bien configuré.
+  - [Installation d'une instance de développement](#installation-dune-instance-de-développement)
+  - [Installation d'une instance de production](#installation-dune-instance-de-production)
 
-1. Paquets nécessaires
+## Installation d'une instance de développement
 
-        $ sudo apt install nginx python3 python3-pip python3-dev uwsgi
-        $ sudo apt install uwsgi-plugin-python3 python3-venv git acl
+L'instance de développement installe la majorité des dépendances dans un environnement Python isolé.
+Bien que cela permette de créer une instance sur toutes les distributions,
+**cela veut dire que vos dépendances ne seront pas mises à jour automatiquement.**
 
-    La génération des factures de l'application trésorerie nécessite une installation de LaTeX suffisante :
+1.  **Installation des dépendances de la distribution.**
+    Il y a quelques dépendances qui ne sont pas trouvable dans PyPI.
+    On donne ci-dessous l'exemple pour une distribution basée sur Debian, mais vous pouvez facilement adapter pour ArchLinux ou autre.
 
-        $ sudo apt install texlive-latex-extra texlive-fonts-extra texlive-lang-french
+    ```bash
+    $ sudo apt update
+    $ sudo apt install --no-install-recommends -y \
+        ipython3 python3-setuptools python3-venv python3-dev \
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome git
+    ```
 
-2. Clonage du dépot
+2.  **Clonage du dépot** là où vous voulez :
 
-    on se met au bon endroit :
+    ```bash
+    $ git clone git@gitlab.crans.org:bde/nk20.git --recursive && cd nk20
+    ```
 
-        $ cd /var/www/
-        $ mkdir note_kfet
-        $ sudo chown www-data:www-data note_kfet
-        $ sudo usermod -a -G www-data $USER
-        $ sudo chmod g+ws note_kfet
-        $ sudo setfacl -d -m "g::rwx" note_kfet
-        $ cd note_kfet
-        $ git clone git@gitlab.crans.org:bde/nk20.git .
-3. Environment Virtuel
-
-   À la racine du projet:
+3.  **Création d'un environment de travail Python décorrélé du système.**
+    On n'utilise pas `--system-site-packages` ici pour ne pas avoir des clashs de versions de modules avec le système.
 
+    ```bash
     $ python3 -m venv env
-        $ source env/bin/activate
-        (env)$ pip3 install -r requirements/base.txt
-        (env)$ pip3 install -r requirements/prod.txt # uniquement en prod, nécessite un base postgres
-        (env)$ deactivate
+    $ source env/bin/activate  # entrer dans l'environnement
+    (env)$ pip3 install -r requirements.txt
+    (env)$ deactivate  # sortir de l'environnement
+    ```
 
-4. uwsgi  et Nginx
+4.  **Variable d'environnement.**
+    Copier le fichier `.env_example` vers `.env` à la racine du projet et mettre à jour
+    ce qu'il faut.
 
-    Un exemple de conf est disponible :
+5.  **Migrations et chargement des données initiales.**
+    Pour initialiser la base de données avec de quoi travailler.
 
+    ```bash
+    (env)$ ./manage.py collectstatic --noinput
+    (env)$ ./manage.py compilemessages
+    (env)$ ./manage.py makemigrations
+    (env)$ ./manage.py migrate
+    (env)$ ./manage.py loaddata initial
+    (env)$ ./manage.py createsuperuser  # Création d'un⋅e utilisateur⋅rice initial
+    ```
+
+6. (Optionnel) **Création d'une clé privée OpenID Connect**
+
+Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
+exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et copier la clé dans .env dans le champ
+`OIDC_RSA_PRIVATE_KEY`.
+
+7.  Enjoy :
+
+    ```bash
+    (env)$ ./manage.py runserver 0.0.0.0:8000
+    ```
+
+En mettant `0.0.0.0:8000` après `runserver`, vous rendez votre instance Django
+accessible depuis l'ensemble de votre réseau, pratique pour tester le rendu
+de la note sur un téléphone !
+
+## Installation d'une instance de production
+Pour déployer facilement la note il est possible d'utiliser le playbook Ansible (sinon vous pouvez toujours le faire a la main, voir plus bas).
+### Avec ansible
+Il vous faudra un serveur sous debian ou ubuntu connecté à internet et que vous souhaiterez accéder à cette instance de la note sur `note.nomdedomaine.tld`.
+
+0. Installer Ansible sur votre machine personnelle.
+
+0. (bis) cloner le dépot sur votre machine personelle.
+
+1.  Copier le fichier `ansible/host_example`
+``` bash
+$ cp ansible/hosts_example ansible/hosts
+```
+et ajouter sous [dev] et/ou [prod] les serveurs sur lesquels vous souhaitez installer la note.
+2.  Créer un fichier `ansible/host_vars/<note.nomdedomaine.tld.yaml>` sur le modèle des fichiers existants dans `ansible/hosts` et compléter les variables nécessaires.
+
+3. lancer `ansible/base.yaml -l <nomdedomaine.tld.yaml>`
+4. Aller vous faire un café, ca peux durer un moment.
+
+### Installation manuelle
+
+**En production on souhaite absolument utiliser les modules Python packagées dans le gestionnaire de paquet.**
+Cela permet de mettre à jour facilement les dépendances critiques telles que Django.
+
+L'installation d'une instance de production néccessite **une installation de Debian Buster ou d'Ubuntu 20.04**.
+
+Sinon vous pouvez suivre les étapes décrites ci-dessous.
+
+0.  Sous Debian Buster, **activer Debian Backports.** En effet Django 2.2 LTS n'est que disponible dans les backports.
+
+    ```bash
+    $ echo "deb http://deb.debian.org/debian buster-backports main" | sudo tee /etc/apt/sources.list.d/deb_debian_org_debian.list
+    ```
+
+1.  **Installation des dépendances APT.**
+    On tire les dépendances le plus possible à partir des dépôts de Debian.
+    On a besoin d'un environnement LaTeX pour générer les factures.
+
+    ```bash
+    $ sudo apt update
+    $ sudo apt install --no-install-recommends -t buster-backports -y \
+        python3-django python3-django-crispy-forms \
+        python3-django-extensions python3-django-filters python3-django-polymorphic \
+        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil \
+        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
+        python3-bs4 python3-setuptools python3-docutils \
+        memcached uwsgi uwsgi-plugin-python3 \
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome \
+        nginx python3-venv git acl
+    ```
+
+2.  **Clonage du dépot** dans `/var/www/note_kfet`,
+
+    ```bash
+    $ sudo mkdir -p /var/www/note_kfet && cd /var/www/note_kfet
+    $ sudo chown www-data:www-data .
+    $ sudo chmod g+rwx .
+    $ sudo -u www-data git clone https://gitlab.crans.org/bde/nk20.git --recursive
+    ```
+
+3.  **Création d'un environment de travail Python décorrélé du système.**
+
+    ```bash
+    $ python3 -m venv env --system-site-packages
+    $ source env/bin/activate  # entrer dans l'environnement
+    (env)$ pip3 install -r requirements.txt
+    (env)$ deactivate  # sortir de l'environnement
+    ```
+
+4.  **Pour configurer UWSGI et NGINX**, des exemples de conf sont disponibles.
+    **_Modifier le fichier pour être en accord avec le reste de votre config_**
+
+    ```bash
     $ cp nginx_note.conf_example nginx_note.conf
-
-    ***Modifier le fichier pour être en accord avec le reste de votre config***
-
-    On utilise uwsgi et Nginx pour gérer le coté serveur :
-
     $ sudo ln -sf /var/www/note_kfet/nginx_note.conf /etc/nginx/sites-enabled/
+    ```
 
     Si l'on a un emperor (plusieurs instance uwsgi):
 
+    ```bash
     $ sudo ln -sf /var/www/note_kfet/uwsgi_note.ini /etc/uwsgi/sites/
+    ```
 
-    Sinon:
+    Sinon si on est dans le cas habituel :
 
+    ```bash
     $ sudo ln -sf /var/www/note_kfet/uwsgi_note.ini /etc/uwsgi/apps-enabled/
+    ```
   
     Le touch-reload est activé par défault, pour redémarrer la note il suffit donc de faire `touch uwsgi_note.ini`.
 
-5. Base de données
+5.  **Base de données.** En production on utilise PostgreSQL. 
 
-    En prod on utilise postgresql. 
-        
-        $ sudo apt-get install postgresql postgresql-contrib libpq-dev
-        (env)$ pip3 install psycopg2
+        $ sudo apt-get install postgresql postgresql-contrib
 
     La config de la base de donnée se fait comme suit:
 
@@ -107,7 +208,7 @@ On supposera pour la suite que vous utilisez Debian/Ubuntu sur un serveur tout n
     et on renseigne des secrets et des paramètres :
 
         DJANGO_APP_STAGE=dev # ou "prod" 
-        DJANGO_DEV_STORE_METHOD=sqllite # ou "postgres"
+        DJANGO_DEV_STORE_METHOD=sqlite # ou "postgres"
         DJANGO_DB_HOST=localhost
         DJANGO_DB_NAME=note_db
         DJANGO_DB_USER=note
@@ -115,98 +216,100 @@ On supposera pour la suite que vous utilisez Debian/Ubuntu sur un serveur tout n
         DJANGO_DB_PORT=
         DJANGO_SECRET_KEY=CHANGE_ME
         DJANGO_SETTINGS_MODULE="note_kfet.settings
-        DOMAIN=localhost # note.example.com
-        CONTACT_EMAIL=tresorerie.bde@localhost
         NOTE_URL=localhost # URL où accéder à la note
+        CONTACT_EMAIL=tresorerie.bde@localhost
         # Le reste n'est utile qu'en production, pour configurer l'envoi des mails
         NOTE_MAIL=notekfet@localhost
         EMAIL_HOST=smtp.localhost
-        EMAIL_PORT=465
+        EMAIL_PORT=25
         EMAIL_USER=notekfet@localhost
         EMAIL_PASSWORD=CHANGE_ME
+        WIKI_USER=NoteKfet2020
+        WIKI_PASSWORD=CHANGE_ME
 
 
     Ensuite on (re)bascule dans l'environement virtuel et on lance les migrations
 
         $ source /env/bin/activate
         (env)$ ./manage.py check # pas de bêtise qui traine
-        (env)$ ./manage.py makemigrations
         (env)$ ./manage.py migrate
 
-7. Enjoy
+7. **Création d'une clé privée OpenID Connect**
 
+Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
+exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner le champ
+`OIDC_RSA_PRIVATE_KEY` dans le .env (par défaut `/var/secrets/oidc.key`).
 
-## Installer avec Docker
+8.  *Enjoy \o/*
+
+### Installation avec Docker
 
 Il est possible de travailler sur une instance Docker.
 
-1. Cloner le dépôt là où vous voulez :
+Pour construire l'image Docker `nk20`,
 
-        $ git clone git@gitlab.crans.org:bde/nk20.git
+```
+git clone https://gitlab.crans.org/bde/nk20/ --recursive && cd nk20
+docker build . -t nk20
+```
 
-2. Copiez le fichier `.env_example` à la racine du projet vers le fichier `.env`,
-et  mettez à jour vos variables d'environnement
+Ensuite pour lancer la note Kfet en tant que vous (option `-u`),
+l'exposer sur son port 80 (option `-p`) et monter le code en écriture (option `-v`),
 
-3. Dans le fichier `docker_compose.yml`, qu'on suppose déjà configuré,
-   ajouter les lignes suivantes, en les adaptant à la configuration voulue :
+```
+docker run -it --rm -u $(id -u):$(id -g) -v "$(pwd):/var/www/note_kfet/" -p 80:8080 nk20
+```
 
+Si vous souhaitez lancer une commande spéciale, vous pouvez l'ajouter à la fin, par exemple,
+
+```
+docker run -it --rm -u $(id -u):$(id -g) -v "$(pwd):/var/www/note_kfet/" -p 80:8080 nk20 python3 ./manage.py createsuperuser
+```
+
+#### Avec Docker Compose
+
+On vous conseilles de faire un fichier d'environnement `.env` en prenant exemple sur `.env_example`.
+
+Pour par exemple utiliser le Docker de la note Kfet avec Traefik pour réaliser le HTTPS,
+
+```YAML
 nk20:
-          build: /chemin/vers/nk20
+  build: /chemin/vers/le/code/nk20
   volumes:
-            - /chemin/vers/nk20:/code/
-          env_file: /chemin/vers/nk20/.env
+    - /chemin/vers/le/code/nk20:/var/www/note_kfet/
+  env_file: /chemin/vers/le/code/nk20/.env
   restart: always
   labels:
-            - traefik.domain=ndd.example.com
-            - traefik.frontend.rule=Host:ndd.example.com
-            - traefik.port=8000
-
-3. Enjoy :
-
-        $ docker-compose up -d nk20
-
-## Installer un serveur de développement
-
-Avec `./manage.py runserver` il est très rapide de mettre en place
-un serveur de développement par exemple sur son ordinateur.
-
-1. Cloner le dépôt là où vous voulez :
-
-        $ git clone git@gitlab.crans.org:bde/nk20.git && cd nk20
-
-2. Créer un environnement Python isolé
-   pour ne pas interférer avec les versions de paquets systèmes :
-
-        $ python3 -m venv venv
-        $ source venv/bin/activate
-        (env)$ pip install -r requirements/base.txt
-
-3. Copier le fichier `.env_example` vers `.env` à la racine du projet et mettre à jour
-ce qu'il faut
-
-4. Migrations et chargement des données initiales :
-
-        (env)$ ./manage.py makemigrations
-        (env)$ ./manage.py migrate
-        (env)$ ./manage.py loaddata initial
-
-5. Créer un super-utilisateur :
-
-        (env)$ ./manage.py createsuperuser
-
-6. Enjoy :
-
-        (env)$ ./manage.py runserver 0.0.0.0:8000
-
-En mettant `0.0.0.0:8000` après `runserver`, vous rendez votre instance Django
-accessible depuis l'ensemble de votre réseau, pratique pour tester le rendu
-de la note sur un téléphone !
-
-## Cahier des Charges 
-
-Il est disponible [ici](https://wiki.crans.org/NoteKfet/NoteKfet2018/CdC). 
+    - "traefik.http.routers.nk20.rule=Host(`ndd.example.com`)"
+    - "traefik.http.services.nk20.loadbalancer.server.port=8080"
+```
 
 ## Documentation
 
-La documentation est générée par django et son module admindocs.
+Le cahier des charges initial est disponible [sur le Wiki Crans](https://wiki.crans.org/NoteKfet/NoteKfet2018/CdC).
+
+La documentation des classes et fonctions est directement dans le code et est explorable à partir de la partie documentation de l'interface d'administration de Django.
 **Commentez votre code !**
+
+La documentation plus haut niveau sur le développement et sur l'utilisation
+est disponible sur <https://note.crans.org/doc> et également dans le dossier `docs`.
+
+## FAQ
+
+### Regénérer les fichiers de traduction
+
+Pour regénérer les traductions vous pouvez vous placer à la racine du projet et lancer le script `makemessages`.
+Il faut penser à ignorer les dossiers ne contenant pas notre code, dont le virtualenv.
+De plus, il faut aussi extraire les variables des fichiers JavaScript.
+
+```bash
+python3 manage.py makemessages -i env
+python3 manage.py makemessages -i env -e js -d djangojs
+```
+
+Une fois les fichiers édités, vous pouvez compiler les nouvelles traductions avec
+
+```bash
+python3 manage.py compilemessages
+python3 manage.py compilejsmessages
+```

ansible/base.yml

@@ -1,12 +1,19 @@
 #!/usr/bin/env ansible-playbook
 ---
 
-- hosts: bde-nk20-beta.adh.crans.org
+- hosts: all
+  vars_prompt:
+    - name: DB_PASSWORD
+      prompt: "Password of the database (leave it blank to skip database init)"
+      private: yes
+  vars:
+    mirror: eclats.crans.org
   roles:
     - 1-apt-basic
     - 2-nk20
     - 3-pip
-    - 4-nginx
-    - 5-certbot
+    - 4-certbot
+    - 5-nginx
     - 6-psql
     - 7-postinstall
+    - 8-docs

ansible/host_vars/bde-note-dev.adh.crans.org.yml

@@ -0,0 +1,7 @@
+---
+note:
+  server_name: note-dev.crans.org
+  git_branch: beta
+  serve_static: false
+  cron_enabled: false
+  email: notekfet2020@lists.crans.org

ansible/host_vars/bde-note.adh.crans.org.yml

@@ -0,0 +1,7 @@
+---
+note:
+  server_name: note.crans.org
+  git_branch: main
+  serve_static: true
+  cron_enabled: true
+  email: notekfet2020@lists.crans.org

ansible/hosts

@@ -1,5 +0,0 @@
-[server]
-bde-nk20-beta.adh.crans.org
-
-[all:vars]
-ansible_python_interpreter=/usr/bin/python3

ansible/hosts_example

@@ -0,0 +1,8 @@
+[dev]
+bde-note-dev.adh.crans.org
+
+[prod]
+bde-note.adh.crans.org
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3

ansible/roles/1-apt-basic/tasks/main.yml

@@ -1,21 +1,54 @@
 ---
-- name: Install basic APT packages
+- name: Add buster-backports to apt sources if needed
+  apt_repository:
+    repo: deb http://{{ mirror }}/debian buster-backports main
+    state: present
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version | int == 10
+
+- name: Install note_kfet APT dependencies
   apt:
     update_cache: true
+    install_recommends: false
     name:
-      - nginx
-      - python3
+      # Common tools
+      - gettext
+      - git
+      - ipython3
+
+      # Front-end dependencies
+      - fonts-font-awesome
+      - libjs-bootstrap4
+
+      # Python dependencies
+      - python3-babel
+      - python3-bs4
+      - python3-django
+      - python3-django-crispy-forms
+      - python3-django-extensions
+      - python3-django-filters
+      - python3-django-oauth-toolkit
+      - python3-django-polymorphic
+      - python3-djangorestframework
+      - python3-lockfile
+      - python3-memcache
+      - python3-phonenumbers
+      - python3-pil
       - python3-pip
-      - python3-dev
+      - python3-psycopg2
+      - python3-setuptools
+      - python3-venv
+
+      # LaTeX (PDF generation)
+      - texlive-xetex
+
+      # Cache server
+      - memcached
+
+      # WSGI server
       - uwsgi
       - uwsgi-plugin-python3
-      - python3-venv
-      - git
-      - acl
-      - gettext
-      - texlive-latex-extra
-      - texlive-fonts-extra
-      - texlive-lang-french
   register: pkg_result
   retries: 3
   until: pkg_result is succeeded

ansible/roles/2-nk20/tasks/main.yml

@@ -11,12 +11,12 @@
   git:
     repo: https://gitlab.crans.org/bde/nk20.git
     dest: /var/www/note_kfet
-    version: master
+    version: "{{ note.git_branch }}"
     force: true
 
 - name: Use default env vars (should be updated!)
   template:
-    src: "env_example"
+    src: "env.j2"
     dest: "/var/www/note_kfet/.env"
     mode: 0644
     force: false
@@ -28,3 +28,21 @@
     recurse: yes
     owner: www-data
     group: www-data
+
+- name: Setup cron jobs
+  when: "note.cron_enabled"
+  template:
+    src: note.cron.j2
+    dest: /etc/cron.d/note
+    owner: root
+    group: root
+
+- name: Set default directory to /var/www/note_kfet
+  lineinfile:
+    path: /etc/skel/.bashrc
+    line: 'cd /var/www/note_kfet'
+
+- name: Automatically source Python virtual environment
+  lineinfile:
+    path: /etc/skel/.bashrc
+    line: 'source /var/www/note_kfet/env/bin/activate'

ansible/roles/2-nk20/templates/env.j2

@@ -0,0 +1,23 @@
+DJANGO_APP_STAGE=prod
+# Only used in dev mode, change to "postgresql" if you want to use PostgreSQL in dev
+DJANGO_DEV_STORE_METHOD=sqlite
+DJANGO_DB_HOST=localhost
+DJANGO_DB_NAME=note_db
+DJANGO_DB_USER=note
+DJANGO_DB_PASSWORD={{ DB_PASSWORD }}
+DJANGO_DB_PORT=
+DJANGO_SECRET_KEY=CHANGE_ME
+DJANGO_SETTINGS_MODULE=note_kfet.settings
+CONTACT_EMAIL=tresorerie.bde@localhost
+NOTE_URL= {{note.server_name}}
+
+# Config for mails. Only used in production
+NOTE_MAIL=notekfet@localhost
+EMAIL_HOST=smtp.localhost
+EMAIL_PORT=25
+EMAIL_USER=notekfet@localhost
+EMAIL_PASSWORD=CHANGE_ME
+
+# Wiki configuration
+WIKI_USER=NoteKfet2020
+WIKI_PASSWORD=

ansible/roles/2-nk20/templates/note.cron.j2

@@ -0,0 +1 @@
+../../../../note.cron

ansible/roles/3-pip/tasks/main.yml

@@ -1,14 +1,8 @@
 ---
 - name: Install PIP basic dependencies
   pip:
-    requirements: /var/www/note_kfet/requirements/base.txt
-    virtualenv: /var/www/note_kfet/env
-    virtualenv_command: /usr/bin/python3 -m venv
-  become_user: www-data
-
-- name: Install PIP production dependencies
-  pip:
-    requirements: /var/www/note_kfet/requirements/production.txt
+    requirements: /var/www/note_kfet/requirements.txt
     virtualenv: /var/www/note_kfet/env
     virtualenv_command: /usr/bin/python3 -m venv
+    virtualenv_site_packages: true
   become_user: www-data

ansible/roles/4-certbot/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: Install basic APT packages
+  apt:
+    update_cache: true
+    name:
+      - certbot
+      - python3-certbot-nginx
+  register: pkg_result
+  retries: 3
+  until: pkg_result is succeeded
+
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{note.server_name}}/cert.pem
+  register: letsencrypt_cert
+
+- name: Create /etc/letsencrypt/conf.d
+  file:
+    path: /etc/letsencrypt/conf.d
+    state: directory
+
+- name: Add Certbot configuration
+  template:
+    src: "letsencrypt/conf.d/nk20.ini.j2"
+    dest: "/etc/letsencrypt/conf.d/nk20.ini"
+    mode: 0644
+
+- name: Stop services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: stopped
+
+- name: Generate new certificate if one doesn't exist.
+  shell: "certbot certonly --non-interactive --agree-tos --config /etc/letsencrypt/conf.d/nk20.ini -d {{note.server_name}}"
+  when: letsencrypt_cert.stat.exists == False
+
+- name: Restart services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: started

ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2

@@ -10,7 +10,7 @@ rsa-key-size = 4096
 # server = https://acme-staging.api.letsencrypt.org/directory
 
 # Uncomment and update to register with the specified e-mail address
-email = notekfet2020@lists.crans.org
+email = {{ note.email }}
 
 # Uncomment to use a text interface instead of ncurses
 text = True

ansible/roles/5-certbot/tasks/main.yml

@@ -1,21 +0,0 @@
----
-- name: Install basic APT packages
-  apt:
-    update_cache: true
-    name:
-      - certbot
-      - python3-certbot-nginx
-  register: pkg_result
-  retries: 3
-  until: pkg_result is succeeded
-
-- name: Create /etc/letsencrypt/conf.d
-  file:
-    path: /etc/letsencrypt/conf.d
-    state: directory
-
-- name: Add Certbot configuration
-  template:
-    src: "letsencrypt/conf.d/nk20.ini.j2"
-    dest: "/etc/letsencrypt/conf.d/nk20.ini"
-    mode: 0644

ansible/roles/5-nginx/tasks/main.yml

@@ -1,4 +1,11 @@
 ---
+- name: Install NGINX
+  apt:
+    name: nginx
+  register: pkg_result
+  retries: 3
+  until: pkg_result is succeeded
+
 - name: Copy conf of Nginx
   template:
     src: "nginx_note.conf"

ansible/roles/5-nginx/templates/nginx_note.conf

@@ -9,7 +9,7 @@ server {
     listen [::]:80 default_server;
 
     location / {
-        return 301 https://nk20-beta.crans.org$request_uri;
+        return 301 https://{{ note.server_name }}$request_uri;
     }
 }
 
@@ -19,11 +19,11 @@ server {
     listen [::]:443 ssl default_server;
 
     location / {
-        return 301 https://nk20-beta.crans.org$request_uri;
+        return 301 https://{{ note.server_name }}$request_uri;
     }
 
-    ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
@@ -35,12 +35,13 @@ server {
 
     # the port your site will be served on
     # the domain name it will serve for
-    server_name nk20-beta.crans.org; # substitute your machine's IP address or FQDN
+    server_name {{ note.server_name }}; # substitute your machine's IP address or FQDN
     charset     utf-8;
 
     # max upload size
     client_max_body_size 75M;   # adjust to taste
 
+{% if note.serve_static %}
     # Django media
     location /media  {
         alias /var/www/note_kfet/media;  # your Django project's media files - amend as required
@@ -50,14 +51,19 @@ server {
         alias /var/www/note_kfet/static; # your Django project's static files - amend as required
     }
 
+{% endif %}
+    location /doc {
+        alias /var/www/documentation;    # The documentation of the project
+    }
+
     # Finally, send all non-media requests to the Django server.
     location / {
         uwsgi_pass note;
-        include     /var/www/note_kfet/uwsgi_params; # the uwsgi_params file you installed
+        include /etc/nginx/uwsgi_params;
     }
 
-    ssl_certificate /etc/letsencrypt/live/nk20-beta.crans.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/nk20-beta.crans.org/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }

ansible/roles/6-psql/tasks/main.yml

@@ -10,17 +10,15 @@
   retries: 3
   until: pkg_result is succeeded
 
-- name: Install Psycopg2
-  pip:
-    name: psycopg2-binary
-
 - name: Create role note
+  when: DB_PASSWORD|length > 0 # If the password is not defined, skip the installation
   postgresql_user:
     name: note
-    password: "CHANGE_ME"
+    password: "{{ DB_PASSWORD }}"
   become_user: postgres
 
 - name: Create NK20 database
+  when: DB_PASSWORD|length >0
   postgresql_db:
     name: note_db
     owner: note

ansible/roles/7-postinstall/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
-- name: Make Django migrations
-  command: /var/www/note_kfet/env/bin/python manage.py makemigrations
+- name: Collect static files
+  command: /var/www/note_kfet/env/bin/python manage.py collectstatic --noinput
   args:
     chdir: /var/www/note_kfet
   become_user: www-data
@@ -9,7 +9,7 @@
   command: /var/www/note_kfet/env/bin/python manage.py migrate
   args:
     chdir: /var/www/note_kfet
-  become_user: www-data
+  become_user: postgres
 
 - name: Compile messages
   command: /var/www/note_kfet/env/bin/python manage.py compilemessages
@@ -17,8 +17,14 @@
     chdir: /var/www/note_kfet
   become_user: www-data
 
+- name: Compile JavaScript messages
+  command: /var/www/note_kfet/env/bin/python manage.py compilejsmessages
+  args:
+    chdir: /var/www/note_kfet
+  become_user: www-data
+
 - name: Install initial fixtures
   command: /var/www/note_kfet/env/bin/python manage.py loaddata initial
   args:
     chdir: /var/www/note_kfet
-  become_user: www-data
+  become_user: postgres

ansible/roles/8-docs/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Install Sphinx and RTD theme
+  pip:
+    requirements: /var/www/note_kfet/docs/requirements.txt
+    virtualenv: /var/www/note_kfet/env
+    virtualenv_command: /usr/bin/python3 -m venv
+    virtualenv_site_packages: true
+  become_user: www-data
+
+- name: Create documentation directory with good permissions
+  file:
+    path: /var/www/documentation
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: u=rwx,g=rwxs,o=rx
+
+- name: Build HTML documentation
+  command: /var/www/note_kfet/env/bin/sphinx-build -b dirhtml /var/www/note_kfet/docs/ /var/www/documentation/
+  become_user: www-data

apps/activity/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_app_config = 'activity.apps.ActivityConfig'

apps/activity/admin.py

@@ -1,11 +1,14 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib import admin
+from note_kfet.admin import admin_site
 
-from .models import Activity, ActivityType, Guest
+from .forms import GuestForm
+from .models import Activity, ActivityType, Entry, Guest, Opener
 
 
+@admin.register(Activity, site=admin_site)
 class ActivityAdmin(admin.ModelAdmin):
     """
     Admin customisation for Activity
@@ -19,6 +22,7 @@ class ActivityAdmin(admin.ModelAdmin):
     ordering = ['-date_start']
 
 
+@admin.register(ActivityType, site=admin_site)
 class ActivityTypeAdmin(admin.ModelAdmin):
     """
     Admin customisation for ActivityType
@@ -26,7 +30,26 @@ class ActivityTypeAdmin(admin.ModelAdmin):
     list_display = ('name', 'can_invite', 'guest_entry_fee')
 
 
-# Register your models here.
-admin.site.register(Activity, ActivityAdmin)
-admin.site.register(ActivityType, ActivityTypeAdmin)
-admin.site.register(Guest)
+@admin.register(Guest, site=admin_site)
+class GuestAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for Guest
+    """
+    list_display = ('last_name', 'first_name', 'school', 'activity', 'inviter')
+    form = GuestForm
+
+
+@admin.register(Entry, site=admin_site)
+class EntryAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for Entry
+    """
+    list_display = ('note', 'activity', 'time', 'guest')
+
+
+@admin.register(Opener, site=admin_site)
+class OpenerAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for Opener
+    """
+    list_display = ('activity', 'opener')

apps/activity/api/serializers.py

@@ -1,9 +1,11 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
+from rest_framework.validators import UniqueTogetherValidator
 
-from ..models import ActivityType, Activity, Guest, Entry, GuestTransaction
+from ..models import Activity, ActivityType, Entry, Guest, GuestTransaction, Opener
 
 
 class ActivityTypeSerializer(serializers.ModelSerializer):
@@ -59,3 +61,17 @@ class GuestTransactionSerializer(serializers.ModelSerializer):
     class Meta:
         model = GuestTransaction
         fields = '__all__'
+
+
+class OpenerSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Openers.
+    The djangorestframework plugin will analyse the model `Opener` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = Opener
+        fields = '__all__'
+        validators = [UniqueTogetherValidator(
+            queryset=Opener.objects.all(), fields=("opener", "activity"),
+            message=_("This opener already exists"))]

apps/activity/api/urls.py

@@ -1,7 +1,7 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .views import ActivityTypeViewSet, ActivityViewSet, GuestViewSet, EntryViewSet
+from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet, OpenerViewSet
 
 
 def register_activity_urls(router, path):
@@ -12,3 +12,4 @@ def register_activity_urls(router, path):
     router.register(path + '/type', ActivityTypeViewSet)
     router.register(path + '/guest', GuestViewSet)
     router.register(path + '/entry', EntryViewSet)
+    router.register(path + '/opener', OpenerViewSet)

apps/activity/api/views.py

@@ -1,12 +1,15 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet
+from django.core.exceptions import ValidationError
+from django_filters.rest_framework import DjangoFilterBackend
+from rest_framework.response import Response
+from rest_framework import status
 
-from .serializers import ActivityTypeSerializer, ActivitySerializer, GuestSerializer, EntrySerializer
-from ..models import ActivityType, Activity, Guest, Entry
+from .serializers import ActivitySerializer, ActivityTypeSerializer, EntrySerializer, GuestSerializer, OpenerSerializer
+from ..models import Activity, ActivityType, Entry, Guest, Opener
 
 
 class ActivityTypeViewSet(ReadProtectedModelViewSet):
@@ -15,10 +18,10 @@ class ActivityTypeViewSet(ReadProtectedModelViewSet):
     The djangorestframework plugin will get all `ActivityType` objects, serialize it to JSON with the given serializer,
     then render it on /api/activity/type/
     """
-    queryset = ActivityType.objects.all()
+    queryset = ActivityType.objects.order_by('id')
     serializer_class = ActivityTypeSerializer
     filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['name', 'can_invite', ]
+    filterset_fields = ['name', 'manage_entries', 'can_invite', 'guest_entry_fee', ]
 
 
 class ActivityViewSet(ReadProtectedModelViewSet):
@@ -27,10 +30,16 @@ class ActivityViewSet(ReadProtectedModelViewSet):
     The djangorestframework plugin will get all `Activity` objects, serialize it to JSON with the given serializer,
     then render it on /api/activity/activity/
     """
-    queryset = Activity.objects.all()
+    queryset = Activity.objects.order_by('id')
     serializer_class = ActivitySerializer
-    filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['name', 'description', 'activity_type', ]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['name', 'description', 'activity_type', 'location', 'creater', 'organizer', 'attendees_club',
+                        'date_start', 'date_end', 'valid', 'open', ]
+    search_fields = ['$name', '$description', '$location', '$creater__last_name', '$creater__first_name',
+                     '$creater__email', '$creater__note__alias__name', '$creater__note__alias__normalized_name',
+                     '$organizer__name', '$organizer__email', '$organizer__note__alias__name',
+                     '$organizer__note__alias__normalized_name', '$attendees_club__name', '$attendees_club__email',
+                     '$attendees_club__note__alias__name', '$attendees_club__note__alias__normalized_name', ]
 
 
 class GuestViewSet(ReadProtectedModelViewSet):
@@ -39,10 +48,13 @@ class GuestViewSet(ReadProtectedModelViewSet):
     The djangorestframework plugin will get all `Guest` objects, serialize it to JSON with the given serializer,
     then render it on /api/activity/guest/
     """
-    queryset = Guest.objects.all()
+    queryset = Guest.objects.order_by('id')
     serializer_class = GuestSerializer
-    filter_backends = [SearchFilter]
-    search_fields = ['$last_name', '$first_name', '$inviter__alias__name', '$inviter__alias__normalized_name', ]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'school', 'inviter', 'inviter__alias__name',
+                        'inviter__alias__normalized_name', ]
+    search_fields = ['$activity__name', '$last_name', '$first_name', '$school', '$inviter__user__email', '$inviter__alias__name',
+                     '$inviter__alias__normalized_name', ]
 
 
 class EntryViewSet(ReadProtectedModelViewSet):
@@ -51,7 +63,38 @@ class EntryViewSet(ReadProtectedModelViewSet):
     The djangorestframework plugin will get all `Entry` objects, serialize it to JSON with the given serializer,
     then render it on /api/activity/entry/
     """
-    queryset = Entry.objects.all()
+    queryset = Entry.objects.order_by('id')
     serializer_class = EntrySerializer
-    filter_backends = [SearchFilter]
-    search_fields = ['$last_name', '$first_name', '$inviter__alias__name', '$inviter__alias__normalized_name', ]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['activity', 'time', 'note', 'guest', ]
+    search_fields = ['$activity__name', '$note__user__email', '$note__alias__name', '$note__alias__normalized_name',
+                     '$guest__last_name', '$guest__first_name', ]
+
+
+class OpenerViewSet(ReadProtectedModelViewSet):
+    """
+    REST Opener View set.
+    The djangorestframework plugin will get all `Opener` objects, serialize it to JSON with the given serializer,
+    then render it on /api/activity/opener/
+    """
+    queryset = Opener.objects
+    serializer_class = OpenerSerializer
+    filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend]
+    search_fields = ['$opener__alias__name', '$opener__alias__normalized_name',
+                     '$activity__name']
+    filterset_fields = ['opener', 'opener__noteuser__user', 'activity']
+
+    def get_serializer_class(self):
+        serializer_class = self.serializer_class
+        if self.request.method in ['PUT', 'PATCH']:
+            # opener-activity can't change
+            serializer_class.Meta.read_only_fields = ('opener', 'acitivity',)
+        return serializer_class
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        try:
+            self.perform_destroy(instance)
+        except ValidationError as e:
+            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
+        return Response(status=status.HTTP_204_NO_CONTENT)

apps/activity/apps.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.apps import AppConfig

apps/activity/fixtures/initial.json

@@ -4,8 +4,9 @@
         "pk": 1,
         "fields": {
             "name": "Pot",
+            "manage_entries": true,
             "can_invite": true,
-      "guest_entry_fee": 500
+            "guest_entry_fee": 1000
         }
     },
     {
@@ -13,8 +14,39 @@
         "pk": 2,
         "fields": {
             "name": "Soir\u00e9e de club",
+            "manage_entries": false,
             "can_invite": false,
             "guest_entry_fee": 0
         }
+    },
+    {
+        "model": "activity.activitytype",
+        "pk": 3,
+        "fields": {
+            "name": "Autre",
+            "manage_entries": false,
+            "can_invite": false,
+            "guest_entry_fee": 0
+        }
+    },
+    {
+        "model": "activity.activitytype",
+        "pk": 5,
+        "fields": {
+            "name": "Soir\u00e9e avec entrées",
+            "manage_entries": true,
+            "can_invite": false,
+            "guest_entry_fee": 0
+        }
+    },
+    {
+        "model": "activity.activitytype",
+        "pk": 7,
+        "fields": {
+            "name": "Soir\u00e9e avec invitations",
+            "manage_entries": true,
+            "can_invite": true,
+            "guest_entry_fee": 0
+        }
     }
 ]

apps/activity/forms.py

@@ -1,21 +1,50 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-from datetime import timedelta, datetime
 
+from datetime import timedelta
+from random import shuffle
+
+from bootstrap_datepicker_plus.widgets import DateTimePickerInput
 from django import forms
 from django.contrib.contenttypes.models import ContentType
+from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from member.models import Club
-from note.models import NoteUser, Note
-from note_kfet.inputs import DateTimePickerInput, Autocomplete
+from note.models import Note, NoteUser
+from note_kfet.inputs import Autocomplete
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
 
 from .models import Activity, Guest
 
 
 class ActivityForm(forms.ModelForm):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        # By default, the Kfet club is attended
+        self.fields["attendees_club"].initial = Club.objects.get(name="Kfet")
+        self.fields["attendees_club"].widget.attrs["placeholder"] = "Kfet"
+        clubs = list(Club.objects.filter(PermissionBackend
+                                         .filter_queryset(get_current_request(), Club, "view")).all())
+        shuffle(clubs)
+        self.fields["organizer"].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
+
+    def clean_organizer(self):
+        organizer = self.cleaned_data['organizer']
+        if not organizer.note.is_active:
+            self.add_error('organizer', _('The note of this club is inactive.'))
+        return organizer
+
+    def clean_date_end(self):
+        date_end = self.cleaned_data["date_end"]
+        date_start = self.cleaned_data["date_start"]
+        if date_end < date_start:
+            self.add_error("date_end", _("The end date must be after the start date."))
+        return date_end
+
     class Meta:
         model = Activity
-        exclude = ('creater', 'valid', 'open', )
+        exclude = ('creater', 'valid', 'open', 'opener', )
         widgets = {
             "organizer": Autocomplete(
                 model=Club,
@@ -39,9 +68,18 @@ class ActivityForm(forms.ModelForm):
 
 class GuestForm(forms.ModelForm):
     def clean(self):
+        """
+        Someone can be invited as a Guest to an Activity if:
+        - the activity has not already started.
+        - the activity is validated.
+        - the Guest has not already been invited more than 5 times.
+        - the Guest is already invited.
+        - the inviter already invited 3 peoples.
+        """
+
         cleaned_data = super().clean()
 
-        if self.activity.date_start > datetime.now():
+        if timezone.now() > timezone.localtime(self.activity.date_start):
             self.add_error("inviter", _("You can't invite someone once the activity is started."))
 
         if not self.activity.valid:
@@ -50,26 +88,26 @@ class GuestForm(forms.ModelForm):
         one_year = timedelta(days=365)
 
         qs = Guest.objects.filter(
-            first_name=cleaned_data["first_name"],
-            last_name=cleaned_data["last_name"],
+            first_name__iexact=cleaned_data["first_name"],
+            last_name__iexact=cleaned_data["last_name"],
             activity__date_start__gte=self.activity.date_start - one_year,
         )
-        if len(qs) >= 5:
+        if qs.filter(entry__isnull=False).count() >= 5:
             self.add_error("last_name", _("This person has been already invited 5 times this year."))
 
         qs = qs.filter(activity=self.activity)
         if qs.exists():
             self.add_error("last_name", _("This person is already invited."))
 
-        qs = Guest.objects.filter(inviter=cleaned_data["inviter"], activity=self.activity)
-        if len(qs) >= 3:
+        if "inviter" in cleaned_data:
+            if Guest.objects.filter(inviter=cleaned_data["inviter"], activity=self.activity).count() >= 3:
                 self.add_error("inviter", _("You can't invite more than 3 people to this activity."))
 
         return cleaned_data
 
     class Meta:
         model = Guest
-        fields = ('last_name', 'first_name', 'inviter', )
+        fields = ('last_name', 'first_name', 'school', 'inviter', )
         widgets = {
             "inviter": Autocomplete(
                 NoteUser,

apps/activity/migrations/0001_initial.py

@@ -0,0 +1,69 @@
+# Generated by Django 2.2.16 on 2020-09-04 21:41
+
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Activity',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('description', models.TextField(verbose_name='description')),
+                ('location', models.CharField(blank=True, default='', help_text='Place where the activity is organized, eg. Kfet.', max_length=255, verbose_name='location')),
+                ('date_start', models.DateTimeField(verbose_name='start date')),
+                ('date_end', models.DateTimeField(verbose_name='end date')),
+                ('valid', models.BooleanField(default=False, verbose_name='valid')),
+                ('open', models.BooleanField(default=False, verbose_name='open')),
+            ],
+            options={
+                'verbose_name': 'activity',
+                'verbose_name_plural': 'activities',
+            },
+        ),
+        migrations.CreateModel(
+            name='ActivityType',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('manage_entries', models.BooleanField(default=False, help_text='Enable the support of entries for this activity.', verbose_name='manage entries')),
+                ('can_invite', models.BooleanField(default=False, verbose_name='can invite')),
+                ('guest_entry_fee', models.PositiveIntegerField(default=0, verbose_name='guest entry fee')),
+            ],
+            options={
+                'verbose_name': 'activity type',
+                'verbose_name_plural': 'activity types',
+            },
+        ),
+        migrations.CreateModel(
+            name='Entry',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('time', models.DateTimeField(default=django.utils.timezone.now, verbose_name='entry time')),
+            ],
+            options={
+                'verbose_name': 'entry',
+                'verbose_name_plural': 'entries',
+            },
+        ),
+        migrations.CreateModel(
+            name='Guest',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('last_name', models.CharField(max_length=255, verbose_name='last name')),
+                ('first_name', models.CharField(max_length=255, verbose_name='first name')),
+            ],
+            options={
+                'verbose_name': 'guest',
+                'verbose_name_plural': 'guests',
+            },
+        ),
+    ]

apps/activity/migrations/0002_auto_20200904_2341.py

@@ -0,0 +1,89 @@
+# Generated by Django 2.2.16 on 2020-09-04 21:41
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('activity', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('member', '0001_initial'),
+        ('note', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='GuestTransaction',
+            fields=[
+                ('transaction_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='note.Transaction')),
+                ('entry', models.OneToOneField(on_delete=django.db.models.deletion.PROTECT, to='activity.Entry')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('note.transaction',),
+        ),
+        migrations.AddField(
+            model_name='guest',
+            name='activity',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='+', to='activity.Activity'),
+        ),
+        migrations.AddField(
+            model_name='guest',
+            name='inviter',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='guests', to='note.NoteUser', verbose_name='inviter'),
+        ),
+        migrations.AddField(
+            model_name='entry',
+            name='activity',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='entries', to='activity.Activity', verbose_name='activity'),
+        ),
+        migrations.AddField(
+            model_name='entry',
+            name='guest',
+            field=models.OneToOneField(null=True, on_delete=django.db.models.deletion.PROTECT, to='activity.Guest'),
+        ),
+        migrations.AddField(
+            model_name='entry',
+            name='note',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='note.NoteUser', verbose_name='note'),
+        ),
+        migrations.AddField(
+            model_name='activity',
+            name='activity_type',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='+', to='activity.ActivityType', verbose_name='type'),
+        ),
+        migrations.AddField(
+            model_name='activity',
+            name='attendees_club',
+            field=models.ForeignKey(help_text='Club that is authorized to join the activity. Mostly the Kfet club.', on_delete=django.db.models.deletion.PROTECT, related_name='+', to='member.Club', verbose_name='attendees club'),
+        ),
+        migrations.AddField(
+            model_name='activity',
+            name='creater',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to=settings.AUTH_USER_MODEL, verbose_name='user'),
+        ),
+        migrations.AddField(
+            model_name='activity',
+            name='organizer',
+            field=models.ForeignKey(help_text='Club that organizes the activity. The entry fees will go to this club.', on_delete=django.db.models.deletion.PROTECT, related_name='+', to='member.Club', verbose_name='organizer'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='guest',
+            unique_together={('activity', 'last_name', 'first_name')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='entry',
+            unique_together={('activity', 'note', 'guest')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='activity',
+            unique_together={('name', 'date_start', 'date_end')},
+        ),
+    ]

apps/activity/migrations/0003_auto_20240323_1422.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.28 on 2024-03-23 13:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('activity', '0002_auto_20200904_2341'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='activity',
+            name='description',
+            field=models.TextField(blank=True, default='', verbose_name='description'),
+        ),
+    ]

apps/activity/migrations/0004_opener.py

@@ -0,0 +1,28 @@
+# Generated by Django 2.2.28 on 2024-08-01 12:36
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('note', '0006_trust'),
+        ('activity', '0003_auto_20240323_1422'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Opener',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('activity', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='opener', to='activity.Activity', verbose_name='activity')),
+                ('opener', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='activity_responsible', to='note.Note', verbose_name='opener')),
+            ],
+            options={
+                'verbose_name': 'opener',
+                'verbose_name_plural': 'openers',
+                'unique_together': {('opener', 'activity')},
+            },
+        ),
+    ]

apps/activity/migrations/0005_alter_opener_options_alter_opener_opener.py

@@ -0,0 +1,24 @@
+# Generated by Django 4.2.15 on 2024-08-28 08:00
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('note', '0006_trust'),
+        ('activity', '0004_opener'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='opener',
+            options={'verbose_name': 'Opener', 'verbose_name_plural': 'Openers'},
+        ),
+        migrations.AlterField(
+            model_name='opener',
+            name='opener',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='activity_responsible', to='note.note', verbose_name='Opener'),
+        ),
+    ]

apps/activity/migrations/0006_guest_school.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.20 on 2025-03-25 09:58
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("activity", "0005_alter_opener_options_alter_opener_opener"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="guest",
+            name="school",
+            field=models.CharField(default="", max_length=255, verbose_name="school"),
+            preserve_default=False,
+        ),
+    ]

apps/activity/migrations/0007_alter_guest_activity.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.2.20 on 2025-05-08 19:07
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('activity', '0006_guest_school'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='guest',
+            name='activity',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='+', to='activity.activity'),
+        ),
+    ]

apps/activity/models.py

@@ -1,13 +1,18 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-from datetime import timedelta, datetime
 
+import os
+from datetime import timedelta
+from threading import Thread
+
+from django.conf import settings
 from django.contrib.auth.models import User
-from django.db import models
+from django.db import models, transaction
 from django.db.models import Q
+from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
+from note.models import NoteUser, Transaction, Note
 from rest_framework.exceptions import ValidationError
-from note.models import NoteUser, Transaction
 
 
 class ActivityType(models.Model):
@@ -23,11 +28,21 @@ class ActivityType(models.Model):
         verbose_name=_('name'),
         max_length=255,
     )
+
+    manage_entries = models.BooleanField(
+        verbose_name=_('manage entries'),
+        help_text=_('Enable the support of entries for this activity.'),
+        default=False,
+    )
+
     can_invite = models.BooleanField(
         verbose_name=_('can invite'),
+        default=False,
     )
+
     guest_entry_fee = models.PositiveIntegerField(
         verbose_name=_('guest entry fee'),
+        default=0,
     )
 
     class Meta:
@@ -51,6 +66,16 @@ class Activity(models.Model):
 
     description = models.TextField(
         verbose_name=_('description'),
+        blank=True,
+        default="",
+    )
+
+    location = models.CharField(
+        verbose_name=_('location'),
+        max_length=255,
+        blank=True,
+        default="",
+        help_text=_("Place where the activity is organized, eg. Kfet."),
     )
 
     activity_type = models.ForeignKey(
@@ -71,6 +96,7 @@ class Activity(models.Model):
         on_delete=models.PROTECT,
         related_name='+',
         verbose_name=_('organizer'),
+        help_text=_("Club that organizes the activity. The entry fees will go to this club."),
     )
 
     attendees_club = models.ForeignKey(
@@ -78,6 +104,7 @@ class Activity(models.Model):
         on_delete=models.PROTECT,
         related_name='+',
         verbose_name=_('attendees club'),
+        help_text=_("Club that is authorized to join the activity. Mostly the Kfet club."),
     )
 
     date_start = models.DateTimeField(
@@ -101,6 +128,31 @@ class Activity(models.Model):
     class Meta:
         verbose_name = _("activity")
         verbose_name_plural = _("activities")
+        unique_together = ("name", "date_start", "date_end",)
+
+    def __str__(self):
+        return self.name
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        """
+        Update the activity wiki page each time the activity is updated (validation, change description, ...)
+        """
+        if self.date_end < self.date_start:
+            raise ValidationError(_("The end date must be after the start date."))
+
+        ret = super().save(*args, **kwargs)
+        if not settings.DEBUG and self.pk and "scripts" in settings.INSTALLED_APPS:
+            def refresh_activities():
+                from scripts.management.commands.refresh_activities import Command as RefreshActivitiesCommand
+                # Consider that we can update the wiki iff the WIKI_PASSWORD env var is not empty
+                RefreshActivitiesCommand.refresh_human_readable_wiki_page("Modification de l'activité " + self.name,
+                                                                          False, os.getenv("WIKI_PASSWORD"))
+                RefreshActivitiesCommand.refresh_raw_wiki_page("Modification de l'activité " + self.name,
+                                                               False, os.getenv("WIKI_PASSWORD"))
+            Thread(daemon=True, target=refresh_activities).start()\
+                if settings.DATABASES["default"]["ENGINE"] == 'django.db.backends.postgresql' else refresh_activities()
+        return ret
 
 
 class Entry(models.Model):
@@ -118,7 +170,7 @@ class Entry(models.Model):
     )
 
     time = models.DateTimeField(
-        auto_now_add=True,
+        default=timezone.now,
         verbose_name=_("entry time"),
     )
 
@@ -139,11 +191,18 @@ class Entry(models.Model):
         verbose_name = _("entry")
         verbose_name_plural = _("entries")
 
-    def save(self, *args, **kwargs):
+    def __str__(self):
+        return _("Entry for {guest}, invited by {note} to the activity {activity}").format(
+            guest=str(self.guest), note=str(self.note), activity=str(self.activity)) if self.guest \
+            else _("Entry for {note} to the activity {activity}").format(
+            guest=str(self.guest), note=str(self.note), activity=str(self.activity))
 
+    @transaction.atomic
+    def save(self, *args, **kwargs):
         qs = Entry.objects.filter(~Q(pk=self.pk), activity=self.activity, note=self.note, guest=self.guest)
         if qs.exists():
-            raise ValidationError(_("Already entered on ") + _("{:%Y-%m-%d %H:%M:%S}").format(qs.get().time, ))
+            raise ValidationError(_("Already entered on ")
+                                  + _("{:%Y-%m-%d %H:%M:%S}").format(timezone.localtime(qs.get().time), ))
 
         if self.guest:
             self.note = self.guest.inviter
@@ -175,7 +234,7 @@ class Guest(models.Model):
     """
     activity = models.ForeignKey(
         Activity,
-        on_delete=models.PROTECT,
+        on_delete=models.CASCADE,
         related_name='+',
     )
 
@@ -189,6 +248,11 @@ class Guest(models.Model):
         verbose_name=_("first name"),
     )
 
+    school = models.CharField(
+        max_length=255,
+        verbose_name=_("school"),
+    )
+
     inviter = models.ForeignKey(
         NoteUser,
         on_delete=models.PROTECT,
@@ -196,6 +260,43 @@ class Guest(models.Model):
         verbose_name=_("inviter"),
     )
 
+    class Meta:
+        verbose_name = _("guest")
+        verbose_name_plural = _("guests")
+        unique_together = ("activity", "last_name", "first_name", )
+
+    def __str__(self):
+        return self.first_name + " " + self.last_name
+
+    @transaction.atomic
+    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
+        one_year = timedelta(days=365)
+
+        if not force_insert:
+            if timezone.now() > timezone.localtime(self.activity.date_start):
+                raise ValidationError(_("You can't invite someone once the activity is started."))
+
+            if not self.activity.valid:
+                raise ValidationError(_("This activity is not validated yet."))
+
+            qs = Guest.objects.filter(
+                first_name__iexact=self.first_name,
+                last_name__iexact=self.last_name,
+                activity__date_start__gte=self.activity.date_start - one_year,
+            )
+            if qs.filter(entry__isnull=False).count() >= 5:
+                raise ValidationError(_("This person has been already invited 5 times this year."))
+
+            qs = qs.filter(activity=self.activity)
+            if qs.exists():
+                raise ValidationError(_("This person is already invited."))
+
+            qs = Guest.objects.filter(inviter=self.inviter, activity=self.activity)
+            if qs.count() >= 3:
+                raise ValidationError(_("You can't invite more than 3 people to this activity."))
+
+        return super().save(force_insert, force_update, using, update_fields)
+
     @property
     def has_entry(self):
         try:
@@ -205,39 +306,6 @@ class Guest(models.Model):
         except AttributeError:
             return False
 
-    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
-        one_year = timedelta(days=365)
-
-        if not force_insert:
-            if self.activity.date_start > datetime.now():
-                raise ValidationError(_("You can't invite someone once the activity is started."))
-
-            if not self.activity.valid:
-                raise ValidationError(_("This activity is not validated yet."))
-
-            qs = Guest.objects.filter(
-                first_name=self.first_name,
-                last_name=self.last_name,
-                activity__date_start__gte=self.activity.date_start - one_year,
-            )
-            if len(qs) >= 5:
-                raise ValidationError(_("This person has been already invited 5 times this year."))
-
-            qs = qs.filter(activity=self.activity)
-            if qs.exists():
-                raise ValidationError(_("This person is already invited."))
-
-            qs = Guest.objects.filter(inviter=self.inviter, activity=self.activity)
-            if len(qs) >= 3:
-                raise ValidationError(_("You can't invite more than 3 people to this activity."))
-
-        return super().save(force_insert, force_update, using, update_fields)
-
-    class Meta:
-        verbose_name = _("guest")
-        verbose_name_plural = _("guests")
-        unique_together = ("activity", "last_name", "first_name", )
-
 
 class GuestTransaction(Transaction):
     entry = models.OneToOneField(
@@ -248,3 +316,31 @@ class GuestTransaction(Transaction):
     @property
     def type(self):
         return _('Invitation')
+
+
+class Opener(models.Model):
+    """
+    Allow the user to make activity entries without more rights
+    """
+    activity = models.ForeignKey(
+        Activity,
+        on_delete=models.CASCADE,
+        related_name='opener',
+        verbose_name=_('activity')
+    )
+
+    opener = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='activity_responsible',
+        verbose_name=_('Opener')
+    )
+
+    class Meta:
+        verbose_name = _("Opener")
+        verbose_name_plural = _("Openers")
+        unique_together = ("opener", "activity")
+
+    def __str__(self):
+        return _("{opener} is opener of activity {acivity}").format(
+            opener=str(self.opener), acivity=str(self.activity))

apps/activity/static/activity/js/opener.js

@@ -0,0 +1,57 @@
+/**
+ * On form submit, add a new opener
+ */
+function form_create_opener (e) {
+  // Do not submit HTML form
+  e.preventDefault()
+
+  // Get data and send to API
+  const formData = new FormData(e.target)
+  $.getJSON('/api/note/alias/'+formData.get('opener') + '/',
+    function (opener_alias) {
+      create_opener(formData.get('activity'), opener_alias.note)
+    }).fail(function (xhr, _textStatus, _error) {
+        errMsg(xhr.responseJSON)
+    })
+}
+
+/**
+ * Add an opener between an activity and a user
+ * @param activity:Integer activity id
+ * @param opener:Integer user note id
+ */
+function create_opener(activity, opener) {
+  $.post('/api/activity/opener/', {
+      activity: activity,
+      opener: opener,
+      csrfmiddlewaretoken: CSRF_TOKEN
+  }).done(function () {
+  // Reload tables
+  $('#opener_table').load(location.pathname + ' #opener_table')
+    addMsg(gettext('Opener successfully added'), 'success')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+/**
+ * On click of "delete", delete the opener
+ * @param button_id:Integer Opener id to remove
+ */
+function delete_button (button_id) {
+  $.ajax({
+    url: '/api/activity/opener/' + button_id + '/',
+    method: 'DELETE',
+    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
+  }).done(function () {
+    addMsg(gettext('Opener successfully deleted'), 'success')
+    $('#opener_table').load(location.pathname + ' #opener_table')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+$(document).ready(function () {
+  // Attach event
+  document.getElementById('form_opener').addEventListener('submit', form_create_opener)
+})

apps/activity/tables.py

@@ -1,13 +1,17 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from django.utils.html import format_html
+from django.utils import timezone
+from django.utils.html import escape
+from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
+from note_kfet.middlewares import get_current_request
 import django_tables2 as tables
 from django_tables2 import A
+from permission.backends import PermissionBackend
 from note.templatetags.pretty_money import pretty_money
 
-from .models import Activity, Guest, Entry
+from .models import Activity, Entry, Guest, Opener
 
 
 class ActivityTable(tables.Table):
@@ -20,6 +24,11 @@ class ActivityTable(tables.Table):
         attrs = {
             'class': 'table table-condensed table-striped table-hover'
         }
+        row_attrs = {
+            'class': lambda record: 'bg-success' if record.open else ('' if record.valid else 'bg-warning'),
+            'title': lambda record: _("The activity is currently open.") if record.open else
+            ('' if record.valid else _("The validation of the activity is pending.")),
+        }
         model = Activity
         template_name = 'django_tables2/bootstrap4.html'
         fields = ('name', 'activity_type', 'organizer', 'attendees_club', 'date_start', 'date_end', )
@@ -28,31 +37,27 @@ class ActivityTable(tables.Table):
 class GuestTable(tables.Table):
     inviter = tables.LinkColumn(
         'member:user_detail',
-        args=[A('inviter.user.pk'), ],
+        args=[A('inviter__user__pk'), ],
     )
 
     entry = tables.Column(
         empty_values=(),
-        attrs={
-            "td": {
-                "class": lambda record: "" if record.has_entry else "validate btn btn-danger",
-                "onclick": lambda record: "" if record.has_entry else "remove_guest(" + str(record.pk) + ")"
-            }
-        }
+        verbose_name=_("Remove"),
     )
 
     class Meta:
         attrs = {
-            'class': 'table table-condensed table-striped table-hover'
+            'class': 'table table-condensed table-striped'
         }
         model = Guest
         template_name = 'django_tables2/bootstrap4.html'
-        fields = ("last_name", "first_name", "inviter", )
+        fields = ("last_name", "first_name", "inviter", "school")
 
     def render_entry(self, record):
         if record.has_entry:
-            return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(record.entry.time, )))
-        return _("remove").capitalize()
+            return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(timezone.localtime(record.entry.time))))
+        return mark_safe('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> '
+                         '{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize()))
 
 
 def get_row_class(record):
@@ -66,6 +71,10 @@ def get_row_class(record):
         qs = Entry.objects.filter(note=record.note, activity=record.activity, guest=None)
         if qs.exists():
             c += " table-success"
+        elif not record.note.user.memberships.filter(club=record.activity.attendees_club,
+                                                     date_start__lte=timezone.now(),
+                                                     date_end__gte=timezone.now()).exists():
+            c += " table-info"
         elif record.note.balance < 0:
             c += " table-danger"
     return c
@@ -86,7 +95,7 @@ class EntryTable(tables.Table):
         if hasattr(record, 'username'):
             username = record.username
             if username != value:
-                return format_html(value + " <em>aka.</em> " + username)
+                return mark_safe(escape(value) + " <em>aka.</em> " + escape(username))
         return value
 
     def render_balance(self, value):
@@ -106,3 +115,34 @@ class EntryTable(tables.Table):
             'data-last-name': lambda record: record.last_name,
             'data-first-name': lambda record: record.first_name,
         }
+
+
+# function delete_button(id) provided in template file
+DELETE_TEMPLATE = """
+    <button id="{{ record.pk }}" class="btn btn-danger btn-sm" onclick="delete_button(this.id)"> {{ delete_trans }}</button>
+"""
+
+
+class OpenerTable(tables.Table):
+    class Meta:
+        attrs = {
+            'class': 'table table condensed table-striped',
+            'id': "opener_table"
+        }
+        model = Opener
+        fields = ("opener",)
+        template_name = 'django_tables2/bootstrap4.html'
+
+    show_header = False
+    opener = tables.Column(attrs={'td': {'class': 'text-center'}})
+
+    delete_col = tables.TemplateColumn(
+        template_code=DELETE_TEMPLATE,
+        extra_context={"delete_trans": _('Delete')},
+        attrs={
+            'td': {
+                'class': lambda record: 'col-sm-1'
+                + (' d-none' if not PermissionBackend.check_perm(
+                    get_current_request(), "activity.delete_opener", record)
+                   else '')}},
+        verbose_name=_("Delete"),)

apps/activity/templates/activity/activity_detail.html

@@ -0,0 +1,122 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n perms %}
+{% load render_table from django_tables2 %}
+{% load static django_tables2 i18n %}
+
+{% block content %}
+<h1 class="text-white">{{ title }}</h1>
+{% include "activity/includes/activity_info.html" %}
+
+{% if activity.activity_type.manage_entries and ".change__opener"|has_perm:activity %}
+    <div class="card bg-white mb-3">
+        <h3 class="card-header text-center">
+            {% trans "Openers" %}
+        </h3>
+        <div class="card-body">
+            <form class="input-group" method="POST" id="form_opener">
+                {% csrf_token %}
+                <input type="hidden" name="activity" value="{{ object.pk }}">
+                {%include "autocomplete_model.html" %}
+                <div class="input-group-append">
+                    <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
+                </div>
+            </form>
+        </div>
+        {% render_table opener %}
+    </div>
+{% endif %}
+
+{% if guests.data %}
+<div class="card bg-white mb-3">
+    <h3 class="card-header text-center">
+        {% trans "Guests list" %}
+    </h3>
+    <div id="guests_table">
+        {% render_table guests %}
+    </div>
+    <div class="card-footer text-center">
+        <button class="btn btn-block btn-primary mb-3" onclick="window.location.href='?_export=1&table=guests'">
+            {% trans "Export to CSV" %}
+        </button>
+    </div>
+</div>
+{% endif %}
+{% endblock %}
+
+{% block extrajavascript %}
+<script src="{% static "activity/js/opener.js" %}"></script>
+<script src="{% static "js/autocomplete_model.js" %}"></script>
+<script>
+    function remove_guest(guest_id) {
+        $.ajax({
+         url:"/api/activity/guest/" + guest_id + "/",
+         method:"DELETE",
+         headers: {"X-CSRFTOKEN": CSRF_TOKEN}
+     })
+      .done(function() {
+          addMsg('{% trans "Guest deleted" %}', 'success');
+          $("#guests_table").load(location.pathname + " #guests_table");
+      })
+      .fail(function(xhr, textStatus, error) {
+          errMsg(xhr.responseJSON);
+      });
+    }
+
+    $("#open_activity").click(function() {
+        $.ajax({
+            url: "/api/activity/activity/{{ activity.pk }}/",
+            type: "PATCH",
+            dataType: "json",
+            headers: {
+                "X-CSRFTOKEN": CSRF_TOKEN
+            },
+            data: {
+                open: {{ activity.open|yesno:'false,true' }}
+            }
+        }).done(function () {
+            reloadWithTurbolinks();
+        }).fail(function (xhr) {
+            errMsg(xhr.responseJSON);
+        });
+    });
+
+    $("#validate_activity").click(function () {
+        $.ajax({
+            url: "/api/activity/activity/{{ activity.pk }}/",
+            type: "PATCH",
+            dataType: "json",
+            headers: {
+                "X-CSRFTOKEN": CSRF_TOKEN
+            },
+            data: {
+                valid: {{ activity.valid|yesno:'false,true' }}
+            }
+        }).done(function () {
+            reloadWithTurbolinks();
+        }).fail(function (xhr) {
+            errMsg(xhr.responseJSON);
+        });
+    });
+    $("#delete_activity").click(function () {
+        if (!confirm("{% trans 'Are you sure you want to delete this activity?' %}")) {
+            return;
+        }
+
+        $.ajax({
+            url: "/api/activity/activity/{{ activity.pk }}/",
+            type: "DELETE",
+            headers: {
+                "X-CSRFTOKEN": CSRF_TOKEN
+            }
+        }).done(function () {
+            addMsg("{% trans 'Activity deleted' %}", "success");
+            window.location.href = "/activity/";  // Redirige vers la liste des activités
+        }).fail(function (xhr) {
+            errMsg(xhr.responseJSON);
+        });
+    });
+</script>
+{% endblock %}

apps/activity/templates/activity/activity_entry.html

@@ -0,0 +1,171 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load static i18n pretty_money perms %}
+{% load render_table from django_tables2 %}
+
+{% block content %}
+<h1 class="text-white">{{ title }}</h1>
+<div class="row">
+    <div class="col-xl-12">
+        <div class="btn-group btn-group-toggle bg-light" style="width: 100%">
+            <a href="{% url "note:transfer" %}#transfer" class="btn btn-sm btn-outline-primary">
+                {% trans "Transfer" %}
+            </a>
+            {% if "note.notespecial"|not_empty_model_list %}
+            <a href="{% url "note:transfer" %}#credit" class="btn btn-sm btn-outline-primary">
+                {% trans "Credit" %}
+            </a>
+            <a href="{% url "note:transfer" %}#debit" class="btn btn-sm btn-outline-primary">
+                {% trans "Debit" %}
+            </a>
+            {% endif %}
+            {% for a in activities_open %}
+            <a href="{% url "activity:activity_entry" pk=a.pk %}"
+                class="btn btn-sm btn-outline-primary{% if a.pk == activity.pk %} active{% endif %}">
+                {% trans "Entries" %} {{ a.name }}
+            </a>
+            {% endfor %}
+        </div>
+    </div>
+</div>
+
+<hr>
+
+<a href="{% url "activity:activity_detail" pk=activity.pk %}">
+    <button class="btn btn-light">{% trans "Return to activity page" %}</button>
+</a>
+
+<input id="alias" type="text" class="form-control" placeholder="Nom/note ...">
+
+<hr>
+
+<div class="card" id="entry_table">
+    <h2 class="text-center">{{ entries.count }}
+        {% if entries.count >= 2 %}{% trans "entries" %}{% else %}{% trans "entry" %}{% endif %}</h2>
+    {% render_table table %}
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script>
+    old_pattern = null;
+    alias_obj = $("#alias");
+
+    function reloadTable(force = false) {
+        let pattern = alias_obj.val();
+
+        if ((pattern === old_pattern || pattern === "") && !force)
+            return;
+
+        $("#entry_table").load(location.pathname + "?search=" + pattern.replace(" ", "%20") + " #entry_table", init);
+        refreshBalance();
+    }
+
+    alias_obj.keyup(function(event) {
+        let code = event.originalEvent.keyCode
+        if (65 <= code <= 122 || code === 13) {
+            debounce(reloadTable)()
+        }
+    });
+
+    $(document).ready(init);
+
+    function init() {
+        $(".table-row").click(function (e) {
+            let target = e.target.parentElement;
+            target = $("#" + target.id);
+
+            let type = target.attr("data-type");
+            let id = target.attr("data-id");
+            let last_name = target.attr("data-last-name");
+            let first_name = target.attr("data-first-name");
+
+            if (type === "membership") {
+                $.post("/api/activity/entry/?format=json", {
+                    csrfmiddlewaretoken: CSRF_TOKEN,
+                    activity: {{ activity.id }},
+                    note: id,
+                    guest: null
+                }).done(function () {
+                    if (target.hasClass("table-info"))
+                        addMsg(
+                            "{% trans "Entry done, but caution: the user is not a Kfet member." %}",
+                            "warning", 10000);
+                    else
+                        addMsg("Entry made!", "success", 4000);
+                    reloadTable(true);
+                }).fail(function (xhr) {
+                    errMsg(xhr.responseJSON, 4000);
+                });
+            } else {
+                let line_obj = $("#buttons_guest_" + id);
+                if (line_obj.length || target.attr('class').includes("table-success")) {
+                    line_obj.remove();
+                    return;
+                }
+
+                let tr = "<tr class='text-center'>" +
+                    "<td id='buttons_guest_" + id + "' style='table-danger center' colspan='5'>" +
+                    "<button id='transaction_guest_" + id +
+                    "' class='btn btn-secondary'>Payer avec la note de l'hôte</button> " +
+                    "<button id='transaction_guest_" + id +
+                    "_especes' class='btn btn-secondary'>Payer en espèces</button> " +
+                    "<button id='transaction_guest_" + id +
+                    "_cb' class='btn btn-secondary'>Payer en CB</button></td>" +
+                    "<tr>";
+                $(tr).insertAfter(target);
+
+                let makeTransaction = function () {
+                    $.post("/api/activity/entry/?format=json", {
+                        csrfmiddlewaretoken: CSRF_TOKEN,
+                        activity: {{ activity.id }},
+                        note: target.attr("data-inviter"),
+                        guest: id
+                    }).done(function () {
+                        if (target.hasClass("table-info"))
+                            addMsg(
+                                "{% trans "Entry done, but caution: the user is not a Kfet member." %}",
+                                "warning", 10000);
+                        else
+                            addMsg("{% trans "Entry done!" %}", "success", 4000);
+                        reloadTable(true);
+                    }).fail(function (xhr) {
+                        errMsg(xhr.responseJSON, 4000);
+                    });
+                };
+
+                let credit = function (credit_id, credit_name) {
+                    return function () {
+                        $.post("/api/note/transaction/transaction/", {
+                            "csrfmiddlewaretoken": CSRF_TOKEN,
+                            "quantity": 1,
+                            "amount": {{ activity.activity_type.guest_entry_fee }},
+                            "reason": "Crédit " + credit_name +
+                                " (invitation {{ activity.name }})",
+                            "valid": true,
+                            "polymorphic_ctype": {{ notespecial_ctype }},
+                            "resourcetype": "SpecialTransaction",
+                            "source": credit_id,
+                            "destination": target.attr('data-inviter'),
+                            "last_name": last_name,
+                            "first_name": first_name,
+                            "bank": ""
+                        }).done(function () {
+                            makeTransaction();
+                            reset();
+                        }).fail(function (xhr) {
+                            errMsg(xhr.responseJSON, 4000);
+                        });
+                    };
+                };
+
+                $("#transaction_guest_" + id).click(makeTransaction);
+                $("#transaction_guest_" + id + "_especes").click(credit(1, "espèces"));
+                $("#transaction_guest_" + id + "_cb").click(credit(2, "carte bancaire"));
+            }
+        });
+    }
+</script>
+{% endblock %}

apps/activity/templates/activity/activity_form.html

@@ -0,0 +1,43 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body">
+    <form method="post">
+      {% csrf_token %}
+      {{ form|crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script>
+  var date_end = document.getElementById("id_date_end");
+  var date_start = document.getElementById("id_date_start");
+
+  function update_date_end (){
+    if(date_end.value=="" || date_end.value<date_start.value){
+      date_end.value = date_start.value;
+    };
+  };
+
+  function update_date_start (){
+    if(date_start.value=="" || date_end.value<date_start.value){
+      date_start.value = date_end.value;
+    };
+  };
+
+  date_start.addEventListener('focusout', update_date_end);
+  date_end.addEventListener('focusout', update_date_start);
+  
+</script>
+{% endblock %}

apps/activity/templates/activity/activity_list.html

@@ -0,0 +1,51 @@
+{% extends "base_search.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load render_table from django_tables2 %}
+{% load i18n %}
+
+{% block content %}
+{% if started_activities %}
+<div class="card bg-secondary text-white mb-3">
+    <h3 class="card-header text-center">
+        {% trans "Current activity" %}
+    </h3>
+    <div class="card-body text-dark">
+        {% for activity in started_activities %}
+        {% include "activity/includes/activity_info.html" %}
+        {% endfor %}
+    </div>
+</div>
+{% endif %}
+
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {% trans "Upcoming activities" %}
+    </h3>
+    {% if upcoming.data %}
+    {% render_table upcoming %}
+    {% else %}
+    <div class="card-body">
+        <div class="alert alert-warning">
+            {% trans "There is no planned activity." %}
+        </div>
+    </div>
+    {% endif %}
+    <div class="card-footer">
+        <a class="btn btn-sm btn-success" href="{% url 'activity:activity_create' %}" data-turbolinks="false">
+            <i class="fa fa-calendar-plus-o" aria-hidden="true"></i>
+            {% trans 'New activity' %}
+        </a>
+    </div>
+</div>
+
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {% trans "All activities" %}
+    </h3>
+    {% render_table all %}
+</div>
+
+{{ block.super }}
+{% endblock %}

apps/activity/templates/activity/includes/activity_info.html

@@ -0,0 +1,87 @@
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n perms pretty_money dict_get %}
+{% url 'activity:activity_detail' activity.pk as activity_detail_url %}
+
+<div id="activity_info" class="card bg-light shadow mb-3">
+    <div class="card-header text-center">
+        <h4>
+            {% if request.path_info != activity_detail_url %}
+                <a href="{{ activity_detail_url }}">{{ activity.name }}</a>
+            {% else %}
+                {{ activity.name }}
+            {% endif %}
+        </h4>
+    </div>
+    <div class="card-body" id="profile_infos">
+        <dl class="row">
+            <dt class="col-xl-6">{% trans 'description'|capfirst %}</dt>
+            <dd class="col-xl-6"> {{ activity.description|linebreaks }}</dd>
+
+            <dt class="col-xl-6">{% trans 'type'|capfirst %}</dt>
+            <dd class="col-xl-6"> {{ activity.activity_type }}</dd>
+
+            <dt class="col-xl-6">{% trans 'start date'|capfirst %}</dt>
+            <dd class="col-xl-6">{{ activity.date_start }}</dd>
+
+            <dt class="col-xl-6">{% trans 'end date'|capfirst %}</dt>
+            <dd class="col-xl-6">{{ activity.date_end }}</dd>
+
+            {% if "activity.change_activity_valid"|has_perm:activity %}
+                <dt class="col-xl-6">{% trans 'creater'|capfirst %}</dt>
+                <dd class="col-xl-6"><a href="{% url "member:user_detail" pk=activity.creater.pk %}">{{ activity.creater }}</a></dd>
+            {% endif %}
+
+            <dt class="col-xl-6">{% trans 'organizer'|capfirst %}</dt>
+            <dd class="col-xl-6"><a href="{% url "member:club_detail" pk=activity.organizer.pk %}">{{ activity.organizer }}</a></dd>
+
+            <dt class="col-xl-6">{% trans 'attendees club'|capfirst %}</dt>
+            <dd class="col-xl-6"><a href="{% url "member:club_detail" pk=activity.attendees_club.pk %}">{{ activity.attendees_club }}</a></dd>
+
+            <dt class="col-xl-6">{% trans 'can invite'|capfirst %}</dt>
+            <dd class="col-xl-6">{{ activity.activity_type.can_invite|yesno }}</dd>
+
+            {% if activity.activity_type.can_invite %}
+                <dt class="col-xl-6">{% trans 'guest entry fee'|capfirst %}</dt>
+                <dd class="col-xl-6">{{ activity.activity_type.guest_entry_fee|pretty_money }}</dd>
+            {% endif %}
+
+            <dt class="col-xl-6">{% trans 'valid'|capfirst %}</dt>
+            <dd class="col-xl-6">{{ activity.valid|yesno }}</dd>
+
+            <dt class="col-xl-6">{% trans 'opened'|capfirst %}</dt>
+            <dd class="col-xl-6">{{ activity.open|yesno }}</dd>
+        </dl>
+        {% if show_entries|dict_get:activity %}
+            <h2 class="text-center">
+                {{ entries_count|dict_get:activity }}
+                {% if entries_count|dict_get:activity >= 2 %}{% trans "entries" %}{% else %}{% trans "entry" %}{% endif %}
+            </h2>
+        {% endif %}
+    </div>
+
+    <div class="card-footer text-center">
+        {% if activity.open and activity.activity_type.manage_entries and ".change__open"|has_perm:activity %}
+            <a class="btn btn-warning btn-sm my-1" href="{% url 'activity:activity_entry' pk=activity.pk %}"> {% trans "Entry page" %}</a>
+        {% endif %}
+
+        {% if request.path_info == activity_detail_url %}
+            {% if activity.valid and ".change__open"|has_perm:activity %}
+                <a class="btn btn-warning btn-sm my-1" id="open_activity"> {% if activity.open %}{% trans "close"|capfirst %}{% else %}{% trans "open"|capfirst %}{% endif %}</a>
+            {% endif %}
+            {% if not activity.open and ".change__valid"|has_perm:activity %}
+                <a class="btn btn-success btn-sm my-1" id="validate_activity"> {% if activity.valid %}{% trans "invalidate"|capfirst %}{% else %}{% trans "validate"|capfirst %}{% endif %}</a>
+            {% endif %}
+            {% if ".change_"|has_perm:activity %}
+                <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_update' pk=activity.pk %}" data-turbolinks="false"> {% trans "edit"|capfirst %}</a>
+            {% endif %}
+            {% if not activity.valid and ".delete_"|has_perm:activity %}
+                <a class="btn btn-danger btn-sm my-1" id="delete_activity"> {% trans "delete"|capfirst %} </a>
+            {% endif %}
+            {% if activity.activity_type.can_invite and not activity_started and activity.valid %}
+                <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_invite' pk=activity.pk %}" data-turbolinks="false"> {% trans "Invite" %}</a>
+            {% endif %}
+        {% endif %}
+    </div>
+</div>

apps/activity/templatetags/dict_get.py

@@ -0,0 +1,12 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django import template
+
+
+def dict_get(d, key):
+    return d.get(key)
+
+
+register = template.Library()
+register.filter('dict_get', dict_get)

apps/activity/tests/test_activities.py

@@ -0,0 +1,237 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from datetime import timedelta
+
+from api.tests import TestAPI
+from django.contrib.auth.models import User
+from django.test import TestCase
+from django.urls import reverse
+from django.utils import timezone
+from member.models import Club
+
+from ..api.views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet
+from ..models import Activity, ActivityType, Guest, Entry
+
+
+class TestActivities(TestCase):
+    """
+    Test activities
+    """
+    fixtures = ('initial',)
+
+    def setUp(self):
+        self.user = User.objects.create_superuser(
+            username="admintoto",
+            password="tototototo",
+            email="toto@example.com"
+        )
+        self.client.force_login(self.user)
+
+        sess = self.client.session
+        sess["permission_mask"] = 42
+        sess.save()
+
+        self.activity = Activity.objects.create(
+            name="Activity",
+            description="This is a test activity\non two very very long lines\nbecause this is very important.",
+            location="Earth",
+            activity_type=ActivityType.objects.get(name="Pot"),
+            creater=self.user,
+            organizer=Club.objects.get(name="Kfet"),
+            attendees_club=Club.objects.get(name="Kfet"),
+            date_start=timezone.now(),
+            date_end=timezone.now() + timedelta(days=2),
+            valid=True,
+        )
+
+        self.guest = Guest.objects.create(
+            activity=self.activity,
+            inviter=self.user.note,
+            last_name="GUEST",
+            first_name="Guest",
+            school="School",
+        )
+
+    def test_activity_list(self):
+        """
+        Display the list of all activities
+        """
+        response = self.client.get(reverse("activity:activity_list"))
+        self.assertEqual(response.status_code, 200)
+
+    def test_activity_create(self):
+        """
+        Create a new activity
+        """
+        response = self.client.get(reverse("activity:activity_create"))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(reverse("activity:activity_create"), data=dict(
+            name="Activity created",
+            description="This activity was successfully created.",
+            location="Earth",
+            activity_type=ActivityType.objects.get(name="Soirée de club").id,
+            creater=self.user.id,
+            organizer=Club.objects.get(name="Kfet").id,
+            attendees_club=Club.objects.get(name="Kfet").id,
+            date_start="{:%Y-%m-%d %H:%M}".format(timezone.now()),
+            date_end="{:%Y-%m-%d %H:%M}".format(timezone.now() + timedelta(days=2)),
+            valid=True,
+        ))
+        self.assertTrue(Activity.objects.filter(name="Activity created").exists())
+        activity = Activity.objects.get(name="Activity created")
+        self.assertRedirects(response, reverse("activity:activity_detail", args=(activity.pk,)), 302, 200)
+
+    def test_activity_detail(self):
+        """
+        Display the detail of an activity
+        """
+        response = self.client.get(reverse("activity:activity_detail", args=(self.activity.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+    def test_activity_update(self):
+        """
+        Update an activity
+        """
+        response = self.client.get(reverse("activity:activity_update", args=(self.activity.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(reverse("activity:activity_update", args=(self.activity.pk,)), data=dict(
+            name=str(self.activity) + " updated",
+            description="This activity was successfully updated.",
+            location="Earth",
+            activity_type=ActivityType.objects.get(name="Autre").id,
+            creater=self.user.id,
+            organizer=Club.objects.get(name="Kfet").id,
+            attendees_club=Club.objects.get(name="Kfet").id,
+            date_start="{:%Y-%m-%d %H:%M}".format(timezone.now()),
+            date_end="{:%Y-%m-%d %H:%M}".format(timezone.now() + timedelta(days=2)),
+            valid=True,
+        ))
+        self.assertTrue(Activity.objects.filter(name="Activity updated").exists())
+        self.assertRedirects(response, reverse("activity:activity_detail", args=(self.activity.pk,)), 302, 200)
+
+    def test_activity_entry(self):
+        """
+        Create some entries
+        """
+        self.activity.open = True
+        self.activity.save()
+
+        response = self.client.get(reverse("activity:activity_entry", args=(self.activity.pk,)))
+        self.assertEqual(response.status_code, 200)
+        response = self.client.get(reverse("activity:activity_entry", args=(self.activity.pk,)) + "?search=guest")
+        self.assertEqual(response.status_code, 200)
+        response = self.client.get(reverse("activity:activity_entry", args=(self.activity.pk,)) + "?search=admin")
+        self.assertEqual(response.status_code, 200)
+
+        # User entry
+        response = self.client.post("/api/activity/entry/", data=dict(
+            activity=self.activity.id,
+            note=self.user.note.id,
+            guest="",
+        ))
+        self.assertEqual(response.status_code, 201)     # 201 = Created
+        self.assertTrue(Entry.objects.filter(note=self.user.note, guest=None, activity=self.activity).exists())
+
+        # Guest entry
+        response = self.client.post("/api/activity/entry/", data=dict(
+            activity=self.activity.id,
+            note=self.user.note.id,
+            guest=self.guest.id,
+        ))
+        self.assertEqual(response.status_code, 201)     # 201 = Created
+        self.assertTrue(Entry.objects.filter(note=self.user.note, guest=self.guest.id, activity=self.activity).exists())
+
+    def test_activity_invite(self):
+        """
+        Try to invite people to an activity
+        """
+        response = self.client.get(reverse("activity:activity_invite", args=(self.activity.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        # The activity is started, can't invite
+        response = self.client.post(reverse("activity:activity_invite", args=(self.activity.pk,)), data=dict(
+            activity=self.activity.id,
+            inviter=self.user.note.id,
+            last_name="GUEST2",
+            first_name="Guest",
+            school="School",
+        ))
+        self.assertEqual(response.status_code, 200)
+
+        self.activity.date_start += timedelta(days=1)
+        self.activity.save()
+
+        response = self.client.post(reverse("activity:activity_invite", args=(self.activity.pk,)), data=dict(
+            activity=self.activity.id,
+            inviter=self.user.note.id,
+            last_name="GUEST2",
+            first_name="Guest",
+            school="School",
+        ))
+        self.assertRedirects(response, reverse("activity:activity_detail", args=(self.activity.pk,)), 302, 200)
+
+    def test_activity_ics(self):
+        """
+        Render the ICS calendar
+        """
+        response = self.client.get(reverse("activity:calendar_ics"))
+        self.assertEqual(response.status_code, 200)
+
+
+class TestActivityAPI(TestAPI):
+    def setUp(self) -> None:
+        super().setUp()
+
+        self.activity = Activity.objects.create(
+            name="Activity",
+            description="This is a test activity\non two very very long lines\nbecause this is very important.",
+            location="Earth",
+            activity_type=ActivityType.objects.get(name="Pot"),
+            creater=self.user,
+            organizer=Club.objects.get(name="Kfet"),
+            attendees_club=Club.objects.get(name="Kfet"),
+            date_start=timezone.now(),
+            date_end=timezone.now() + timedelta(days=2),
+            valid=True,
+        )
+
+        self.guest = Guest.objects.create(
+            activity=self.activity,
+            inviter=self.user.note,
+            last_name="GUEST",
+            first_name="Guest",
+            school="School",
+        )
+
+        self.entry = Entry.objects.create(
+            activity=self.activity,
+            note=self.user.note,
+            guest=self.guest,
+        )
+
+    def test_activity_api(self):
+        """
+        Load Activity API page and test all filters and permissions
+        """
+        self.check_viewset(ActivityViewSet, "/api/activity/activity/")
+
+    def test_activity_type_api(self):
+        """
+        Load ActivityType API page and test all filters and permissions
+        """
+        self.check_viewset(ActivityTypeViewSet, "/api/activity/type/")
+
+    def test_entry_api(self):
+        """
+        Load Entry API page and test all filters and permissions
+        """
+        self.check_viewset(EntryViewSet, "/api/activity/entry/")
+
+    def test_guest_api(self):
+        """
+        Load Guest API page and test all filters and permissions
+        """
+        self.check_viewset(GuestViewSet, "/api/activity/guest/")

apps/activity/urls.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.urls import path
@@ -14,4 +14,6 @@ urlpatterns = [
     path('<int:pk>/entry/', views.ActivityEntryView.as_view(), name='activity_entry'),
     path('<int:pk>/update/', views.ActivityUpdateView.as_view(), name='activity_update'),
     path('new/', views.ActivityCreateView.as_view(), name='activity_create'),
+    path('calendar.ics', views.CalendarView.as_view(), name='calendar_ics'),
+    path('<int:pk>/delete', views.ActivityDeleteView.as_view(), name='delete_activity'),
 ]

apps/activity/views.py

@@ -1,29 +1,55 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from datetime import datetime, timezone
+from hashlib import md5
 
 from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import PermissionDenied
+from django.db import transaction
 from django.db.models import F, Q
+from django.http import HttpResponse, JsonResponse
 from django.urls import reverse_lazy
-from django.views.generic import CreateView, DetailView, UpdateView, TemplateView
+from django.utils import timezone
+from django.utils.decorators import method_decorator
 from django.utils.translation import gettext_lazy as _
-from django_tables2.views import SingleTableView
-from note.models import NoteUser, Alias, NoteSpecial
+from django.views import View
+from django.views.decorators.cache import cache_page
+from django.views.generic import DetailView, TemplateView, UpdateView
+from django.views.generic.list import ListView
+from django_tables2.views import MultiTableMixin, SingleTableMixin
+from api.viewsets import is_regex
+from note.models import Alias, NoteSpecial, NoteUser
 from permission.backends import PermissionBackend
-from permission.views import ProtectQuerysetMixin
+from permission.views import ProtectQuerysetMixin, ProtectedCreateView
 
 from .forms import ActivityForm, GuestForm
-from .models import Activity, Guest, Entry
-from .tables import ActivityTable, GuestTable, EntryTable
+from .models import Activity, Entry, Guest, Opener
+from .tables import ActivityTable, EntryTable, GuestTable, OpenerTable
 
 
-class ActivityCreateView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
+class ActivityCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    """
+    View to create a new Activity
+    """
     model = Activity
     form_class = ActivityForm
+    extra_context = {"title": _("Create new activity")}
 
+    def get_sample_object(self):
+        return Activity(
+            name="",
+            description="",
+            creater=self.request.user,
+            activity_type_id=1,
+            organizer_id=1,
+            attendees_club_id=1,
+            date_start=timezone.now(),
+            date_end=timezone.now(),
+        )
+
+    @transaction.atomic
     def form_valid(self, form):
         form.instance.creater = self.request.user
         return super().form_valid(form)
@@ -33,130 +59,391 @@ class ActivityCreateView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.object.pk})
 
 
-class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
+class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, ListView):
+    """
+    Displays all Activities, and classify if they are on-going or upcoming ones.
+    """
     model = Activity
-    table_class = ActivityTable
-    ordering = ('-date_start',)
+    tables = [
+        lambda data: ActivityTable(data, prefix="all-"),
+        lambda data: ActivityTable(data, prefix="upcoming-"),
+        lambda data: ActivityTable(data, prefix="search-"),
+    ]
+    extra_context = {"title": _("Activities")}
 
-    def get_queryset(self):
+    def get_queryset(self, **kwargs):
+        """
+        Filter the user list with the given pattern.
+        """
         return super().get_queryset().distinct()
 
+    def get_tables_data(self):
+        # first table = all activities, second table = upcoming, third table = search
+
+        # table search
+        qs = self.get_queryset().order_by('-date_start')
+        if "search" in self.request.GET and self.request.GET['search']:
+            pattern = self.request.GET['search']
+
+            # check regex
+            valid_regex = is_regex(pattern)
+            suffix = '__iregex' if valid_regex else '__istartswith'
+            prefix = '^' if valid_regex else ''
+            qs = qs.filter(Q(**{f'name{suffix}': prefix + pattern})
+                           | Q(**{f'organizer__name{suffix}': prefix + pattern})
+                           | Q(**{f'organizer__note__alias__name{suffix}': prefix + pattern}))
+        else:
+            qs = qs.none()
+        search_table = qs.filter(PermissionBackend.filter_queryset(self.request, Activity, 'view'))
+
+        return [
+            self.get_queryset().order_by("-date_start"),
+            Activity.objects.filter(date_end__gt=timezone.now())
+                            .filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))
+                            .distinct()
+                            .order_by("date_start"),
+            search_table,
+        ]
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
-        context['title'] = _("Activities")
+        tables = context["tables"]
+        for name, table in zip(["all", "upcoming", "table"], tables):
+            context[name] = table
 
-        upcoming_activities = Activity.objects.filter(date_end__gt=datetime.now())
-        context['upcoming'] = ActivityTable(
-            data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")),
-            prefix='upcoming-',
-        )
+        started_activities = self.get_queryset().filter(open=True, valid=True).distinct().all()
+        context["started_activities"] = started_activities
+
+        entries_count = {}
+        show_entries = {}
+        for activity in started_activities:
+            if activity.activity_type.manage_entries:
+                entries = Entry.objects.filter(activity=activity)
+                entries_count[activity] = entries.count()
+
+                show_entries[activity] = True
+        context["entries_count"] = entries_count
+        context["show_entries"] = show_entries
 
         return context
 
 
-class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, DetailView):
+    """
+    Shows details about one activity. Add guest to context
+    """
     model = Activity
     context_object_name = "activity"
+    extra_context = {"title": _("Activity detail")}
+    export_formats = ["csv"]
+
+    tables = [
+        GuestTable,
+        OpenerTable,
+    ]
+
+    def get_tables(self):
+        tables = super().get_tables()
+        tables[0].prefix = "guests"
+        tables[1].prefix = "opener"
+        return tables
+
+    def get_tables_data(self):
+        return [
+            Guest.objects.filter(activity=self.object)
+                         .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")),
+            self.object.opener.filter(activity=self.object)
+                              .filter(PermissionBackend.filter_queryset(self.request, Opener, "view")),
+        ]
+
+    def render_to_response(self, context, **response_kwargs):
+        """
+        Gère l'export CSV manuel pour MultiTableMixin.
+        """
+        if "_export" in self.request.GET:
+            import tablib
+            table_name = self.request.GET.get("table")
+            if table_name:
+                tables = self.get_tables()
+                data_list = self.get_tables_data()
+
+                for t, d in zip(tables, data_list):
+                    if t.prefix == table_name:
+                        # Préparer le CSV
+                        dataset = tablib.Dataset()
+                        columns = list(t.base_columns)  # noms des colonnes
+                        dataset.headers = columns
+
+                        for row in d:
+                            values = []
+                            for col in columns:
+                                try:
+                                    val = getattr(row, col, "")
+                                    # Gestion spéciale pour la colonne 'entry'
+                                    if col == "entry":
+                                        if getattr(row, "has_entry", False):
+                                            val = timezone.localtime(row.entry.time).strftime("%Y-%m-%d %H:%M:%S")
+                                        else:
+                                            val = ""
+                                    values.append(str(val) if val is not None else "")
+                                except Exception:  # RelatedObjectDoesNotExist ou autre
+                                    values.append("")
+                            dataset.append(values)
+
+                        csv_bytes = dataset.export("csv")
+                        if isinstance(csv_bytes, str):
+                            csv_bytes = csv_bytes.encode("utf-8")
+
+                        response = HttpResponse(csv_bytes, content_type="text/csv")
+                        response["Content-Disposition"] = f'attachment; filename="{table_name}.csv"'
+                        return response
+
+        # Sinon rendu normal
+        return super().render_to_response(context, **response_kwargs)
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data()
 
-        table = GuestTable(data=Guest.objects.filter(activity=self.object)
-                           .filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view")))
-        context["guests"] = table
+        tables = context["tables"]
+        for name, table in zip(["guests", "opener"], tables):
+            context[name] = table
 
-        context["activity_started"] = datetime.now(timezone.utc) > self.object.date_start
+        context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start)
+
+        context["widget"] = {
+            "name": "opener",
+            "resetable": True,
+            "attrs": {
+                "class": "autocomplete form-control",
+                "id": "opener",
+                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
+                "name_field": "name",
+                "placeholder": ""
+            }
+        }
+        if self.object.activity_type.manage_entries:
+            entries = Entry.objects.filter(activity=self.object)
+            context["entries_count"] = {self.object: entries.count()}
+
+            context["show_entries"] = {self.object: timezone.now() > timezone.localtime(self.object.date_start)}
+        else:
+            context["entries_count"] = {self.object: 0}
+            context["show_entries"] = {self.object: False}
 
         return context
 
 
 class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    """
+    Updates one Activity
+    """
     model = Activity
     form_class = ActivityForm
+    extra_context = {"title": _("Update activity")}
 
     def get_success_url(self, **kwargs):
         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
 
 
-class ActivityInviteView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
+class ActivityDeleteView(View):
+    """
+    Deletes an Activity
+    """
+    def delete(self, request, pk):
+        try:
+            activity = Activity.objects.get(pk=pk)
+            activity.delete()
+            return JsonResponse({"message": "Activity deleted"})
+        except Activity.DoesNotExist:
+            return JsonResponse({"error": "Activity not found"}, status=404)
+
+    def dispatch(self, *args, **kwargs):
+        """
+        Don't display the delete button if the user has no right to delete.
+        """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        activity = Activity.objects.get(pk=self.kwargs["pk"])
+        if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity):
+            raise PermissionDenied(_("You are not allowed to delete this activity."))
+
+        if activity.valid:
+            raise PermissionDenied(_("This activity is valid."))
+        return super().dispatch(*args, **kwargs)
+
+
+class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
+    """
+    Invite a Guest, The rules to invites someone are defined in `forms:activity.GuestForm`
+    """
     model = Guest
     form_class = GuestForm
-    template_name = "activity/activity_invite.html"
+    template_name = "activity/activity_form.html"
+
+    def get_sample_object(self):
+        """ Creates a standart Guest binds to the Activity"""
+        activity = Activity.objects.get(pk=self.kwargs["pk"])
+        return Guest(
+            activity=activity,
+            first_name="",
+            last_name="",
+            school="",
+            inviter=self.request.user.note,
+        )
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        activity = context["form"].activity
+        context["title"] = _('Invite guest to the activity "{}"').format(activity.name)
+        return context
 
     def get_form(self, form_class=None):
         form = super().get_form(form_class)
-        form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
-            .get(pk=self.kwargs["pk"])
+        form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
+            .filter(pk=self.kwargs["pk"]).first()
+        form.fields["inviter"].initial = self.request.user.note
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         form.instance.activity = Activity.objects\
-            .filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")).get(pk=self.kwargs["pk"])
+            .filter(PermissionBackend.filter_queryset(self.request, Activity, "view")).get(pk=self.kwargs["pk"])
         return super().form_valid(form)
 
     def get_success_url(self, **kwargs):
         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
 
 
-class ActivityEntryView(LoginRequiredMixin, TemplateView):
+class ActivityEntryView(LoginRequiredMixin, SingleTableMixin, TemplateView):
+    """
+    Manages entry to an activity
+    """
     template_name = "activity/activity_entry.html"
 
-    def get_context_data(self, **kwargs):
-        context = super().get_context_data(**kwargs)
+    table_class = EntryTable
 
-        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
-            .get(pk=self.kwargs["pk"])
-        context["activity"] = activity
+    def dispatch(self, request, *args, **kwargs):
+        """
+        Don't display the entry interface if the user has no right to see it (no right to add an entry for itself),
+        it is closed or doesn't manage entries.
+        """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
 
-        matched = []
+        activity = Activity.objects.get(pk=self.kwargs["pk"])
 
-        pattern = "^$"
-        if "search" in self.request.GET:
-            pattern = self.request.GET["search"]
+        sample_entry = Entry(activity=activity, note=self.request.user.note)
+        if not PermissionBackend.check_perm(self.request, "activity.add_entry", sample_entry):
+            raise PermissionDenied(_("You are not allowed to display the entry interface for this activity."))
 
-        if not pattern:
-            pattern = "^$"
+        if not activity.activity_type.manage_entries:
+            raise PermissionDenied(_("This activity does not support activity entries."))
 
-        if pattern[0] != "^":
-            pattern = "^" + pattern
+        if not activity.open:
+            raise PermissionDenied(_("This activity is closed."))
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_invited_guest(self, activity):
+        """
+        Retrieves all Guests to the activity
+        """
 
         guest_qs = Guest.objects\
             .annotate(balance=F("inviter__balance"), note_name=F("inviter__user__username"))\
-            .filter(Q(first_name__regex=pattern) | Q(last_name__regex=pattern)
-                    | Q(inviter__alias__name__regex=pattern)
-                    | Q(inviter__alias__normalized_name__regex=Alias.normalize(pattern))) \
-            .filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view"))\
-            .distinct()[:20]
-        for guest in guest_qs:
-            guest.type = "Invité"
-            matched.append(guest)
+            .filter(activity=activity)\
+            .filter(PermissionBackend.filter_queryset(self.request, Guest, "view"))\
+            .order_by('last_name', 'first_name')
 
+        if "search" in self.request.GET and self.request.GET["search"]:
+            pattern = self.request.GET["search"]
+
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            pattern = "^" + pattern if valid_regex and pattern[0] != "^" else pattern
+            guest_qs = guest_qs.filter(
+                Q(**{f"first_name{suffix}": pattern})
+                | Q(**{f"last_name{suffix}": pattern})
+                | Q(**{f"inviter__alias__name{suffix}": pattern})
+                | Q(**{f"inviter__alias__normalized_name{suffix}": Alias.normalize(pattern)})
+            )
+        else:
+            guest_qs = guest_qs.none()
+        return guest_qs.distinct()
+
+    def get_invited_note(self, activity):
+        """
+        Retrieves all Note that can attend the activity,
+        they need to have an up-to-date membership in the attendees_club.
+        """
         note_qs = Alias.objects.annotate(last_name=F("note__noteuser__user__last_name"),
                                          first_name=F("note__noteuser__user__first_name"),
                                          username=F("note__noteuser__user__username"),
                                          note_name=F("name"),
-                                         balance=F("note__balance"))\
-            .filter(Q(note__polymorphic_ctype__model="noteuser")
-                    & (Q(note__noteuser__user__first_name__regex=pattern)
-                    | Q(note__noteuser__user__last_name__regex=pattern)
-                    | Q(name__regex=pattern)
-                    | Q(normalized_name__regex=Alias.normalize(pattern)))) \
-            .filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view"))
-        if settings.DATABASES[note_qs.db]["ENGINE"] == 'django.db.backends.postgresql_psycopg2':
-            note_qs = note_qs.distinct('note__pk')[:20]
+                                         balance=F("note__balance"))
+
+        # Keep only users that have a note
+        note_qs = note_qs.filter(note__noteuser__isnull=False)
+
+        # Keep only valid members
+        note_qs = note_qs.filter(
+            note__noteuser__user__memberships__club=activity.attendees_club,
+            note__noteuser__user__memberships__date_start__lte=timezone.now(),
+            note__noteuser__user__memberships__date_end__gte=timezone.now()).exclude(note__inactivity_reason='forced')
+
+        # Filter with permission backend
+        note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request, Alias, "view"))
+
+        if "search" in self.request.GET and self.request.GET["search"]:
+            pattern = self.request.GET["search"]
+
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__icontains"
+            note_qs = note_qs.filter(
+                Q(**{f"note__noteuser__user__first_name{suffix}": pattern})
+                | Q(**{f"note__noteuser__user__last_name{suffix}": pattern})
+                | Q(**{f"name{suffix}": pattern})
+                | Q(**{f"normalized_name{suffix}": Alias.normalize(pattern)})
+            )
         else:
+            note_qs = note_qs.none()
+
         # SQLite doesn't support distinct fields. For compatibility reason (in dev mode), the note list will only
         # have distinct aliases rather than distinct notes with a SQLite DB, but it can fill the result page.
         # In production mode, please use PostgreSQL.
-            note_qs = note_qs.distinct()[:20]
-        for note in note_qs:
+        note_qs = note_qs.distinct('note__pk')[:20]\
+            if settings.DATABASES[note_qs.db]["ENGINE"] == 'django.db.backends.postgresql' else note_qs.distinct()[:20]
+        return note_qs
+
+    def get_table_data(self):
+        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
+            .distinct().get(pk=self.kwargs["pk"])
+
+        matched = []
+
+        for guest in self.get_invited_guest(activity):
+            guest.type = "Invité"
+            matched.append(guest)
+
+        for note in self.get_invited_note(activity):
             note.type = "Adhérent"
             note.activity = activity
             matched.append(note)
 
-        table = EntryTable(data=matched)
-        context["table"] = table
+        return matched
+
+    def get_context_data(self, **kwargs):
+        """
+        Query the list of Guest and Note to the activity and add information to makes entry with JS.
+        """
+        context = super().get_context_data(**kwargs)
+
+        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
+            .distinct().get(pk=self.kwargs["pk"])
+        context["activity"] = activity
 
         context["entries"] = Entry.objects.filter(activity=activity)
 
@@ -164,8 +451,70 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
         context["noteuser_ctype"] = ContentType.objects.get_for_model(NoteUser).pk
         context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk
 
-        context["activities_open"] = Activity.objects.filter(open=True).filter(
-            PermissionBackend.filter_queryset(self.request.user, Activity, "view")).filter(
-            PermissionBackend.filter_queryset(self.request.user, Activity, "change")).all()
+        activities_open = Activity.objects.filter(open=True, activity_type__manage_entries=True).filter(
+            PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
+        context["activities_open"] = [a for a in activities_open
+                                      if PermissionBackend.check_perm(self.request,
+                                                                      "activity.add_entry",
+                                                                      Entry(activity=a, note=self.request.user.note,))]
 
         return context
+
+
+# Cache for 1 hour
+@method_decorator(cache_page(60 * 60), name='dispatch')
+class CalendarView(View):
+    """
+    Render an ICS calendar with all valid activities.
+    """
+
+    def multilines(self, string, maxlength, offset=0):
+        newstring = string[:maxlength - offset]
+        string = string[maxlength - offset:]
+        while string:
+            newstring += "\r\n "
+            newstring += string[:maxlength - 1]
+            string = string[maxlength - 1:]
+        return newstring
+
+    def get(self, request, *args, **kwargs):
+        ics = """BEGIN:VCALENDAR
+VERSION: 2.0
+PRODID:Note Kfet 2020
+X-WR-CALNAME:Kfet Calendar
+NAME:Kfet Calendar
+CALSCALE:GREGORIAN
+BEGIN:VTIMEZONE
+TZID:Europe/Paris
+X-LIC-LOCATION:Europe/Paris
+BEGIN:DAYLIGHT
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0200
+TZNAME:CEST
+DTSTART:19700329T020000
+RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
+END:DAYLIGHT
+BEGIN:STANDARD
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+TZNAME:CET
+DTSTART:19701025T030000
+RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
+END:STANDARD
+END:VTIMEZONE
+"""
+        for activity in Activity.objects.filter(valid=True).order_by("-date_start").all():
+            ics += f"""BEGIN:VEVENT
+DTSTAMP:{"{:%Y%m%dT%H%M%S}".format(activity.date_start)}Z
+UID:{md5((activity.name + "$" + str(activity.id) + str(activity.date_start)).encode("UTF-8")).hexdigest()}
+SUMMARY;CHARSET=UTF-8:{self.multilines(activity.name, 75, 22)}
+DTSTART:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_start)}
+DTEND:{"{:%Y%m%dT%H%M%S}Z".format(activity.date_end)}
+LOCATION:{self.multilines(activity.location, 75, 9) if activity.location else "Kfet"}
+DESCRIPTION;CHARSET=UTF-8:""" + self.multilines(activity.description.replace("\n", "\\n"), 75, 26) + f"""
+ -- {activity.organizer.name}
+END:VEVENT
+"""
+        ics += "END:VCALENDAR"
+        ics = ics.replace("\r", "").replace("\n", "\r\n")
+        return HttpResponse(ics, content_type="text/calendar; charset=UTF-8")

apps/api/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_app_config = 'api.apps.APIConfig'

apps/api/apps.py

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.apps import AppConfig

apps/api/filters.py

@@ -0,0 +1,42 @@
+import re
+from functools import lru_cache
+
+from rest_framework.filters import SearchFilter
+
+
+class RegexSafeSearchFilter(SearchFilter):
+    @lru_cache
+    def validate_regex(self, search_term) -> bool:
+        try:
+            re.compile(search_term)
+            return True
+        except re.error:
+            return False
+
+    def get_search_fields(self, view, request):
+        """
+        Ensure that given regex are valid.
+        If not, we consider that the user is trying to search by substring.
+        """
+        search_fields = super().get_search_fields(view, request)
+        search_terms = self.get_search_terms(request)
+
+        for search_term in search_terms:
+            if not self.validate_regex(search_term):
+                # Invalid regex. We assume we don't query by regex but by substring.
+                search_fields = [f.replace('$', '') for f in search_fields]
+                break
+
+        return search_fields
+
+    def get_search_terms(self, request):
+        """
+        Ensure that search field is a valid regex query. If not, we remove extra characters.
+        """
+        terms = super().get_search_terms(request)
+        if not all(self.validate_regex(term) for term in terms):
+            # Invalid regex. If a ^ is prefixed to the search term, we remove it.
+            terms = [term[1:] if term[0] == '^' else term for term in terms]
+            # Same for dollars.
+            terms = [term[:-1] if term[-1] == '$' else term for term in terms]
+        return terms

apps/api/pagination.py

@@ -0,0 +1,5 @@
+from rest_framework.pagination import PageNumberPagination
+
+
+class CustomPagination(PageNumberPagination):
+    page_size_query_param = 'page_size'

apps/api/serializers.py

@@ -0,0 +1,91 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+from django.contrib.contenttypes.models import ContentType
+from django.contrib.auth.models import User
+from django.utils import timezone
+from rest_framework import serializers
+from member.api.serializers import ProfileSerializer, MembershipSerializer
+from member.models import Membership
+from note.api.serializers import NoteSerializer
+from note.models import Alias
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
+
+
+class UserSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Users.
+    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = User
+        exclude = (
+            'password',
+            'groups',
+            'user_permissions',
+        )
+
+
+class ContentTypeSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Users.
+    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = ContentType
+        fields = '__all__'
+
+
+class OAuthSerializer(serializers.ModelSerializer):
+    """
+    Informations that are transmitted by OAuth.
+    For now, this includes user, profile and valid memberships.
+    This should be better managed later.
+    """
+    normalized_name = serializers.SerializerMethodField()
+
+    profile = serializers.SerializerMethodField()
+
+    note = serializers.SerializerMethodField()
+
+    memberships = serializers.SerializerMethodField()
+
+    def get_normalized_name(self, obj):
+        return Alias.normalize(obj.username)
+
+    def get_profile(self, obj):
+        # Display the profile of the user only if we have rights to see it.
+        return ProfileSerializer().to_representation(obj.profile) \
+            if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None
+
+    def get_note(self, obj):
+        # Display the note of the user only if we have rights to see it.
+        return NoteSerializer().to_representation(obj.note) \
+            if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None
+
+    def get_memberships(self, obj):
+        # Display only memberships that we are allowed to see.
+        return serializers.ListSerializer(child=MembershipSerializer()).to_representation(
+            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now())
+                           .filter(PermissionBackend.filter_queryset(get_current_request(), Membership, 'view')))
+
+    class Meta:
+        model = User
+        fields = (
+            'id',
+            'username',
+            'normalized_name',
+            'first_name',
+            'last_name',
+            'email',
+            'is_superuser',
+            'is_active',
+            'is_staff',
+            'profile',
+            'note',
+            'memberships',
+        )

apps/api/tests.py

@@ -0,0 +1,241 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import json
+from datetime import datetime, date
+from decimal import Decimal
+from urllib.parse import quote_plus
+from warnings import warn
+
+from django.contrib.auth.models import User
+from django.contrib.contenttypes.models import ContentType
+from django.db.models.fields.files import ImageFieldFile
+from django.test import TestCase
+from django_filters.rest_framework import DjangoFilterBackend
+from phonenumbers import PhoneNumber
+from rest_framework.filters import OrderingFilter
+from api.filters import RegexSafeSearchFilter
+from member.models import Membership, Club
+from note.models import NoteClub, NoteUser, Alias, Note
+from permission.models import PermissionMask, Permission, Role
+
+from .viewsets import ContentTypeViewSet, UserViewSet
+
+
+class TestAPI(TestCase):
+    """
+    Load API pages and check that filters are working.
+    """
+    fixtures = ('initial', )
+
+    def setUp(self) -> None:
+        self.user = User.objects.create_superuser(
+            username="adminapi",
+            password="adminapi",
+            email="adminapi@example.com",
+            last_name="Admin",
+            first_name="Admin",
+        )
+        self.client.force_login(self.user)
+
+        sess = self.client.session
+        sess["permission_mask"] = 42
+        sess.save()
+
+    def check_viewset(self, viewset, url):
+        """
+        This function should be called inside a unit test.
+        This loads the viewset and for each filter entry, it checks that the filter is running good.
+        """
+        resp = self.client.get(url + "?format=json")
+        self.assertEqual(resp.status_code, 200)
+
+        model = viewset.serializer_class.Meta.model
+
+        if not model.objects.exists():  # pragma: no cover
+            warn(f"Warning: unable to test API filters for the model {model._meta.verbose_name} "
+                 "since there is no instance of it.")
+            return
+
+        if hasattr(viewset, "filter_backends"):
+            backends = viewset.filter_backends
+            obj = model.objects.last()
+
+            if DjangoFilterBackend in backends:
+                # Specific search
+                for field in viewset.filterset_fields:
+                    obj = self.fix_note_object(obj, field)
+
+                    value = self.get_value(obj, field)
+                    if value is None:  # pragma: no cover
+                        warn(f"Warning: the filter {field} for the model {model._meta.verbose_name} "
+                             "has not been tested.")
+                        continue
+                    resp = self.client.get(url + f"?format=json&{field}={quote_plus(str(value))}")
+                    self.assertEqual(resp.status_code, 200, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+                    content = json.loads(resp.content)
+                    self.assertGreater(content["count"], 0, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+
+            if OrderingFilter in backends:
+                # Ensure that ordering is working well
+                for field in viewset.ordering_fields:
+                    resp = self.client.get(url + f"?ordering={field}")
+                    self.assertEqual(resp.status_code, 200)
+                    resp = self.client.get(url + f"?ordering=-{field}")
+                    self.assertEqual(resp.status_code, 200)
+
+            if RegexSafeSearchFilter in backends:
+                # Basic search
+                for field in viewset.search_fields:
+                    obj = self.fix_note_object(obj, field)
+
+                    if field[0] == '$' or field[0] == '=':
+                        field = field[1:]
+                    value = self.get_value(obj, field)
+                    if value is None:  # pragma: no cover
+                        warn(f"Warning: the filter {field} for the model {model._meta.verbose_name} "
+                             "has not been tested.")
+                        continue
+                    resp = self.client.get(url + f"?format=json&search={quote_plus(str(value))}")
+                    self.assertEqual(resp.status_code, 200, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+                    content = json.loads(resp.content)
+                    self.assertGreater(content["count"], 0, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+
+            self.check_permissions(url, obj)
+
+    def check_permissions(self, url, obj):
+        """
+        Check that permissions are working
+        """
+        # Drop rights
+        self.user.is_superuser = False
+        self.user.save()
+        sess = self.client.session
+        sess["permission_mask"] = 0
+        sess.save()
+
+        # Delete user permissions
+        for m in Membership.objects.filter(user=self.user).all():
+            m.roles.clear()
+            m.save()
+
+        # Create a new role, which will have the checking permission
+        role = Role.objects.get_or_create(name="β-tester")[0]
+        role.permissions.clear()
+        role.save()
+        membership = Membership.objects.get_or_create(user=self.user, club=Club.objects.get(name="BDE"))[0]
+        membership.roles.set([role])
+        membership.save()
+
+        # Ensure that the access to the object is forbidden without permission
+        resp = self.client.get(url + f"{obj.pk}/")
+        self.assertEqual(resp.status_code, 404, f"Mysterious access to {url}{obj.pk}/ for {obj}")
+
+        obj.refresh_from_db()
+
+        # There are problems with polymorphism
+        if isinstance(obj, Note) and hasattr(obj, "note_ptr"):
+            obj = obj.note_ptr
+
+        mask = PermissionMask.objects.get(rank=0)
+
+        for field in obj._meta.fields:
+            # Build permission query
+            value = self.get_value(obj, field.name)
+            if isinstance(value, date) or isinstance(value, datetime):
+                value = value.isoformat()
+            elif isinstance(value, ImageFieldFile):
+                value = value.name
+            elif isinstance(value, Decimal):
+                value = str(value)
+            query = json.dumps({field.name: value})
+
+            # Create sample permission
+            permission = Permission.objects.get_or_create(
+                model=ContentType.objects.get_for_model(obj._meta.model),
+                query=query,
+                mask=mask,
+                type="view",
+                permanent=False,
+                description=f"Can view {obj._meta.verbose_name}",
+            )[0]
+            role.permissions.set([permission])
+            role.save()
+
+            # Check that the access is possible
+            resp = self.client.get(url + f"{obj.pk}/")
+            self.assertEqual(resp.status_code, 200, f"Permission {permission.query} is not working "
+                                                    f"for the model {obj._meta.verbose_name}")
+
+        # Restore rights
+        self.user.is_superuser = True
+        self.user.save()
+        sess = self.client.session
+        sess["permission_mask"] = 42
+        sess.save()
+
+    @staticmethod
+    def get_value(obj, key: str):
+        """
+        Resolve the queryset filter to get the Python value of an object.
+        """
+        if hasattr(obj, "all"):
+            # obj is a RelatedManager
+            obj = obj.last()
+
+        if obj is None:  # pragma: no cover
+            return None
+
+        if '__' not in key:
+            obj = getattr(obj, key)
+            if hasattr(obj, "pk"):
+                return obj.pk
+            elif hasattr(obj, "all"):
+                if not obj.exists():  # pragma: no cover
+                    return None
+                return obj.last().pk
+            elif isinstance(obj, bool):
+                return int(obj)
+            elif isinstance(obj, datetime):
+                return obj.isoformat()
+            elif isinstance(obj, PhoneNumber):
+                return obj.raw_input
+            return obj
+
+        key, remaining = key.split('__', 1)
+        return TestAPI.get_value(getattr(obj, key), remaining)
+
+    @staticmethod
+    def fix_note_object(obj, field):
+        """
+        When querying an object that has a noteclub or a noteuser field,
+        ensure that the object has a good value.
+        """
+        if isinstance(obj, Alias):
+            if "noteuser" in field:
+                return NoteUser.objects.last().alias.last()
+            elif "noteclub" in field:
+                return NoteClub.objects.last().alias.last()
+        elif isinstance(obj, Note):
+            if "noteuser" in field:
+                return NoteUser.objects.last()
+            elif "noteclub" in field:
+                return NoteClub.objects.last()
+        return obj
+
+
+class TestBasicAPI(TestAPI):
+    def test_user_api(self):
+        """
+        Load the user page.
+        """
+        self.check_viewset(ContentTypeViewSet, "/api/models/")
+        self.check_viewset(UserViewSet, "/api/user/")

apps/api/urls.py

@@ -1,91 +1,66 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from django.conf.urls import url, include
-from django.contrib.auth.models import User
-from django.contrib.contenttypes.models import ContentType
-from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework import routers, serializers
-from rest_framework.filters import SearchFilter
-from rest_framework.viewsets import ReadOnlyModelViewSet
-from activity.api.urls import register_activity_urls
-from api.viewsets import ReadProtectedModelViewSet
-from member.api.urls import register_members_urls
-from note.api.urls import register_note_urls
-from treasury.api.urls import register_treasury_urls
-from logs.api.urls import register_logs_urls
-from permission.api.urls import register_permission_urls
-from wei.api.urls import register_wei_urls
-
-
-class UserSerializer(serializers.ModelSerializer):
-    """
-    REST API Serializer for Users.
-    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
-    """
-
-    class Meta:
-        model = User
-        exclude = (
-            'password',
-            'groups',
-            'user_permissions',
-        )
-
-
-class ContentTypeSerializer(serializers.ModelSerializer):
-    """
-    REST API Serializer for Users.
-    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
-    """
-
-    class Meta:
-        model = ContentType
-        fields = '__all__'
-
-
-class UserViewSet(ReadProtectedModelViewSet):
-    """
-    REST API View set.
-    The djangorestframework plugin will get all `User` objects, serialize it to JSON with the given serializer,
-    then render it on /api/users/
-    """
-    queryset = User.objects.all()
-    serializer_class = UserSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
-    filterset_fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_superuser', 'is_staff', 'is_active', ]
-    search_fields = ['$username', '$first_name', '$last_name', ]
-
-
-# This ViewSet is the only one that is accessible from all authenticated users!
-class ContentTypeViewSet(ReadOnlyModelViewSet):
-    """
-    REST API View set.
-    The djangorestframework plugin will get all `User` objects, serialize it to JSON with the given serializer,
-    then render it on /api/users/
-    """
-    queryset = ContentType.objects.all()
-    serializer_class = ContentTypeSerializer
+from django.conf import settings
+from django.conf.urls import include
+from django.urls import re_path
+from rest_framework import routers
 
+from .views import UserInformationView
+from .viewsets import ContentTypeViewSet, UserViewSet
 
 # Routers provide an easy way of automatically determining the URL conf.
 # Register each app API router and user viewset
 router = routers.DefaultRouter()
 router.register('models', ContentTypeViewSet)
 router.register('user', UserViewSet)
-register_members_urls(router, 'members')
+
+if "activity" in settings.INSTALLED_APPS:
+    from activity.api.urls import register_activity_urls
     register_activity_urls(router, 'activity')
-register_note_urls(router, 'note')
-register_treasury_urls(router, 'treasury')
-register_permission_urls(router, 'permission')
+
+if "family" in settings.INSTALLED_APPS:
+    from family.api.urls import register_family_urls
+    register_family_urls(router, 'family')
+
+if "food" in settings.INSTALLED_APPS:
+    from food.api.urls import register_food_urls
+    register_food_urls(router, 'food')
+
+if "logs" in settings.INSTALLED_APPS:
+    from logs.api.urls import register_logs_urls
     register_logs_urls(router, 'logs')
+
+if "member" in settings.INSTALLED_APPS:
+    from member.api.urls import register_members_urls
+    register_members_urls(router, 'members')
+
+if "note" in settings.INSTALLED_APPS:
+    from note.api.urls import register_note_urls
+    register_note_urls(router, 'note')
+
+if "permission" in settings.INSTALLED_APPS:
+    from permission.api.urls import register_permission_urls
+    register_permission_urls(router, 'permission')
+
+if "treasury" in settings.INSTALLED_APPS:
+    from treasury.api.urls import register_treasury_urls
+    register_treasury_urls(router, 'treasury')
+
+if "wei" in settings.INSTALLED_APPS:
+    from wei.api.urls import register_wei_urls
     register_wei_urls(router, 'wei')
 
+if "wrapped" in settings.INSTALLED_APPS:
+    from wrapped.api.urls import register_wrapped_urls
+    register_wrapped_urls(router, 'wrapped')
+
 app_name = 'api'
 
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
-    url('^', include(router.urls)),
-    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    re_path('^', include(router.urls)),
+    re_path('^me/', UserInformationView.as_view()),
+    re_path('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]

apps/api/views.py

@@ -0,0 +1,20 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.contrib.auth.models import User
+from rest_framework.generics import RetrieveAPIView
+
+from .serializers import OAuthSerializer
+
+
+class UserInformationView(RetrieveAPIView):
+    """
+    These fields are give to OAuth authenticators.
+    """
+    serializer_class = OAuthSerializer
+
+    def get_queryset(self):
+        return User.objects.filter(pk=self.request.user.pk)
+
+    def get_object(self):
+        return self.request.user

apps/api/viewsets.py

@@ -1,31 +1,126 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+import re
+
 from django.contrib.contenttypes.models import ContentType
+from django_filters.rest_framework import DjangoFilterBackend
+from django.db.models import Q
+from django.conf import settings
+from django.contrib.auth.models import User
+from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
 from permission.backends import PermissionBackend
-from rest_framework import viewsets
-from note_kfet.middlewares import get_current_authenticated_user
+from note.models import Alias
+
+from .filters import RegexSafeSearchFilter
+from .serializers import UserSerializer, ContentTypeSerializer
 
 
-class ReadProtectedModelViewSet(viewsets.ModelViewSet):
+def is_regex(pattern):
+    try:
+        re.compile(pattern)
+        return True
+    except (re.error, TypeError):
+        return False
+
+
+class ReadProtectedModelViewSet(ModelViewSet):
     """
     Protect a ModelViewSet by filtering the objects that the user cannot see.
     """
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
-        user = get_current_authenticated_user()
-        self.queryset = model.objects.filter(PermissionBackend.filter_queryset(user, model, "view"))
+        self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
+
+    def get_queryset(self):
+        return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct()
 
 
-class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):
+class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet):
     """
     Protect a ReadOnlyModelViewSet by filtering the objects that the user cannot see.
     """
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
-        user = get_current_authenticated_user()
-        self.queryset = model.objects.filter(PermissionBackend.filter_queryset(user, model, "view"))
+        self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
+
+    def get_queryset(self):
+        return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct()
+
+
+class UserViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `User` objects, serialize it to JSON with the given serializer,
+    then render it on /api/user/
+    """
+    queryset = User.objects
+    serializer_class = UserSerializer
+    filter_backends = [DjangoFilterBackend]
+    filterset_fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_superuser', 'is_staff', 'is_active',
+                        'note__alias__name', 'note__alias__normalized_name', ]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        # Sqlite doesn't support ORDER BY in subqueries
+        queryset = queryset.order_by("username") \
+            if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' else queryset
+
+        if "search" in self.request.GET:
+            pattern = self.request.GET["search"]
+            # Check if this is a valid regex. If not, we won't check regex
+            valid_regex = is_regex(pattern)
+            suffix = "__iregex" if valid_regex else "__istartswith"
+            prefix = "^" if valid_regex else ""
+
+            # Filter with different rules
+            # We use union-all to keep each filter rule sorted in result
+            queryset = queryset.filter(
+                # Match without normalization
+                Q(**{f"note__alias__name{suffix}": prefix + pattern})
+            ).union(
+                queryset.filter(
+                    # Match with normalization
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
+                ),
+                all=True,
+            ).union(
+                queryset.filter(
+                    # Match on lower pattern
+                    Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
+                ),
+                all=True,
+            ).union(
+                queryset.filter(
+                    # Match on firstname or lastname
+                    (Q(**{f"last_name{suffix}": prefix + pattern}) | Q(**{f"first_name{suffix}": prefix + pattern}))
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()})
+                    & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)})
+                    & ~Q(**{f"note__alias__name{suffix}": prefix + pattern})
+                ),
+                all=True,
+            )
+
+        queryset = queryset if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' \
+            else queryset.order_by("username")
+
+        return queryset
+
+
+# This ViewSet is the only one that is accessible from all authenticated users!
+class ContentTypeViewSet(ReadOnlyModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `User` objects, serialize it to JSON with the given serializer,
+    then render it on /api/models/
+    """
+    queryset = ContentType.objects.order_by('id')
+    serializer_class = ContentTypeSerializer
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['id', 'app_label', 'model', ]
+    search_fields = ['$app_label', '$model', ]

apps/family/api/serializers.py

@@ -0,0 +1,46 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from rest_framework import serializers
+
+from ..models import Family, FamilyMembership, Challenge, Achievement
+
+
+class FamilySerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Family.
+    The djangorestframework plugin will analyse the model `Family` and parse all fields in the API.
+    """
+    class Meta:
+        model = Family
+        fields = '__all__'
+
+
+class FamilyMembershipSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for FamilyMembership.
+    The djangorestframework plugin will analyse the model `FamilyMembership` and parse all fields in the API.
+    """
+    class Meta:
+        model = FamilyMembership
+        fields = '__all__'
+
+
+class ChallengeSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Challenge.
+    The djangorestframework plugin will analyse the model `Challenge` and parse all fields in the API.
+    """
+    class Meta:
+        model = Challenge
+        fields = '__all__'
+
+
+class AchievementSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Achievement.
+    The djangorestframework plugin will analyse the model `Achievement` and parse all fields in the API.
+    """
+    class Meta:
+        model = Achievement
+        fields = '__all__'

apps/family/api/urls.py

@@ -0,0 +1,20 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+from django.urls import path
+
+from .views import FamilyViewSet, FamilyMembershipViewSet, ChallengeViewSet, AchievementViewSet, BatchAchievementsAPIView
+
+
+def register_family_urls(router, path):
+    """
+    Configure router for Family REST API
+    """
+    router.register(path + '/family', FamilyViewSet)
+    router.register(path + '/familymembership', FamilyMembershipViewSet)
+    router.register(path + '/challenge', ChallengeViewSet)
+    router.register(path + '/achievement', AchievementViewSet)
+
+
+urlpatterns = [
+    path('achievements/batch/', BatchAchievementsAPIView.as_view(), name='batch_achievements')
+]

apps/family/api/views.py

@@ -0,0 +1,98 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from api.viewsets import ReadProtectedModelViewSet
+from django_filters.rest_framework import DjangoFilterBackend
+from api.filters import RegexSafeSearchFilter
+from rest_framework.views import APIView
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework import status
+
+from .serializers import FamilySerializer, FamilyMembershipSerializer, ChallengeSerializer, AchievementSerializer
+from ..models import Family, FamilyMembership, Challenge, Achievement
+
+
+class FamilyViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `Family` objects, serialize it to JSON with the given serializer,
+    then render it on /api/family/family/
+    """
+    queryset = Family.objects.order_by('id')
+    serializer_class = FamilySerializer
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['name', 'description', 'score', 'rank', ]
+    search_fields = ['$name', '$description', ]
+
+
+class FamilyMembershipViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `FamilyMembership` objects, serialize it to JSON with the given serializer,
+    then render it on /api/family/familymembership/
+    """
+    queryset = FamilyMembership.objects.order_by('id')
+    serializer_class = FamilyMembershipSerializer
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['user__username', 'user__first_name', 'user__last_name', 'user__email', 'user__note__alias__name',
+                        'user__note__alias__normalized_name', 'family__name', 'family__description', 'year', ]
+    search_fields = ['$user__username', '$user__first_name', '$user__last_name', '$user__email', '$user__note__alias__name',
+                     '$user__note__alias__normalized_name', '$family__name', '$family__description', '$year', ]
+
+
+class ChallengeViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `Challenge` objects, serialize it to JSON with the given serializer,
+    then render it on /api/family/challenge/
+    """
+    queryset = Challenge.objects.order_by('id')
+    serializer_class = ChallengeSerializer
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['name', 'description', 'points', ]
+    search_fields = ['$name', '$description', '$points', ]
+
+
+class AchievementViewSet(ReadProtectedModelViewSet):
+    """
+    REST API View set.
+    The djangorestframework plugin will get all `Achievement` objects, serialize it to JSON with the given serializer,
+    then render it on /api/family/achievement/
+    """
+    queryset = Achievement.objects.order_by('id')
+    serializer_class = AchievementSerializer
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
+    filterset_fields = ['family__name', 'family__description', 'challenge__name', 'challenge__description', 'obtained_at', 'valid', ]
+    search_fields = ['$family__name', '$family__description', '$challenge__name', '$challenge__description', ]
+
+
+class BatchAchievementsAPIView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request, format=None):
+        family_ids = request.data.get('families')
+        challenge_ids = request.data.get('challenges')
+        families = Family.objects.filter(id__in=family_ids)
+        challenges = Challenge.objects.filter(id__in=challenge_ids)
+        results = []
+        for family in families:
+            for challenge in challenges:
+                a, created = Achievement.objects.get_or_create(family=family, challenge=challenge)
+                if created:
+                    results.append({
+                        'family': family.name,
+                        'challenge': challenge.name,
+                        'status': 'created'
+                    })
+                else:
+                    results.append({
+                        'family': family.name,
+                        'challenge': challenge.name,
+                        'status': 'existed',
+                    })
+        for family in families:
+            family.update_score()
+        Family.update_ranking()
+
+        return Response({'results': results}, status=status.HTTP_201_CREATED)

apps/family/apps.py

@@ -0,0 +1,11 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+from django.utils.translation import gettext_lazy as _
+from django.apps import AppConfig
+
+
+class FamilyConfig(AppConfig):
+    name = 'family'
+    verbose_name = _('family')

apps/family/forms.py

@@ -0,0 +1,44 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django import forms
+from django.forms.widgets import NumberInput
+from note_kfet.inputs import Autocomplete
+
+from .models import Challenge, FamilyMembership, User, Family
+
+
+class ChallengeForm(forms.ModelForm):
+    """
+    To update a challenge
+    """
+    class Meta:
+        model = Challenge
+        fields = ('name', 'description', 'points',)
+        widgets = {
+            "points": NumberInput()
+        }
+
+
+class FamilyForm(forms.ModelForm):
+    class Meta:
+        model = Family
+        fields = ('name', 'description', )
+
+
+class FamilyMembershipForm(forms.ModelForm):
+    class Meta:
+        model = FamilyMembership
+        fields = ('user', )
+
+        widgets = {
+            "user":
+                Autocomplete(
+                    User,
+                    attrs={
+                        'api_url': '/api/user/',
+                        'name_field': 'username',
+                        'placeholder': 'Nom ...',
+                    },
+                )
+        }

apps/family/migrations/0001_initial.py

@@ -0,0 +1,73 @@
+# Generated by Django 4.2.21 on 2025-07-06 16:07
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Challenge',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('description', models.CharField(max_length=255, verbose_name='description')),
+                ('points', models.PositiveIntegerField(verbose_name='points')),
+                ('obtained', models.PositiveIntegerField(default=0, verbose_name='obtained')),
+            ],
+            options={
+                'verbose_name': 'challenge',
+                'verbose_name_plural': 'challenges',
+            },
+        ),
+        migrations.CreateModel(
+            name='Family',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, unique=True, verbose_name='name')),
+                ('description', models.CharField(max_length=255, verbose_name='description')),
+                ('score', models.PositiveIntegerField(default=0, verbose_name='score')),
+                ('rank', models.PositiveIntegerField(verbose_name='rank')),
+            ],
+            options={
+                'verbose_name': 'Family',
+                'verbose_name_plural': 'Families',
+            },
+        ),
+        migrations.CreateModel(
+            name='Achievement',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('obtained_at', models.DateTimeField(default=django.utils.timezone.now, verbose_name='obtained at')),
+                ('challenge', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='family.challenge')),
+                ('family', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='family.family', verbose_name='family')),
+            ],
+            options={
+                'verbose_name': 'achievement',
+                'verbose_name_plural': 'achievements',
+            },
+        ),
+        migrations.CreateModel(
+            name='FamilyMembership',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('year', models.PositiveIntegerField(default=2025, verbose_name='year')),
+                ('family', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='members', to='family.family', verbose_name='family')),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.PROTECT, related_name='family_memberships', to=settings.AUTH_USER_MODEL, verbose_name='user')),
+            ],
+            options={
+                'verbose_name': 'family membership',
+                'verbose_name_plural': 'family memberships',
+                'unique_together': {('user', 'year')},
+            },
+        ),
+    ]

apps/family/migrations/0002_family_display_image.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.23 on 2025-07-17 15:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('family', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='family',
+            name='display_image',
+            field=models.ImageField(default='pic/default.png', max_length=255, upload_to='pic/', verbose_name='display image'),
+        ),
+    ]

apps/family/migrations/0003_achievement_valid_alter_familymembership_family.py

@@ -0,0 +1,24 @@
+# Generated by Django 5.2.4 on 2025-07-21 21:02
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('family', '0002_family_display_image'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='achievement',
+            name='valid',
+            field=models.BooleanField(default=False, verbose_name='valid'),
+        ),
+        migrations.AlterField(
+            model_name='familymembership',
+            name='family',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='memberships', to='family.family', verbose_name='family'),
+        ),
+    ]

apps/family/migrations/0004_remove_challenge_obtained.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.2.4 on 2025-07-22 14:33
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('family', '0003_achievement_valid_alter_familymembership_family'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='challenge',
+            name='obtained',
+        ),
+    ]

apps/family/migrations/0005_alter_achievement_unique_together.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.2.4 on 2025-08-13 20:26
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('family', '0004_remove_challenge_obtained'),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='achievement',
+            unique_together={('challenge', 'family')},
+        ),
+    ]

apps/family/models.py

@@ -0,0 +1,207 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.db import models, transaction
+from django.utils import timezone
+from django.contrib.auth.models import User
+from django.urls import reverse_lazy
+from django.utils.translation import gettext_lazy as _
+
+
+class Family(models.Model):
+    name = models.CharField(
+        max_length=255,
+        verbose_name=_('name'),
+        unique=True,
+    )
+
+    description = models.CharField(
+        max_length=255,
+        verbose_name=_('description'),
+    )
+
+    score = models.PositiveIntegerField(
+        verbose_name=_('score'),
+        default=0,
+    )
+
+    rank = models.PositiveIntegerField(
+        verbose_name=_('rank'),
+    )
+
+    display_image = models.ImageField(
+        verbose_name=_('display image'),
+        max_length=255,
+        blank=False,
+        null=False,
+        upload_to='pic/',
+        default='pic/default.png'
+    )
+
+    class Meta:
+        verbose_name = _('Family')
+        verbose_name_plural = _('Families')
+
+    def __str__(self):
+        return self.name
+
+    def get_absolute_url(self):
+        return reverse_lazy('family:family_detail', args=(self.pk,))
+
+    def update_score(self, *args, **kwargs):
+        challenge_set = Challenge.objects.select_for_update().filter(achievement__family=self, achievement__valid=True)
+        points_sum = challenge_set.aggregate(models.Sum("points"))
+        self.score = points_sum["points__sum"] if points_sum["points__sum"] else 0
+        self.save()
+        self.update_ranking()
+
+    @staticmethod
+    def update_ranking(*args, **kwargs):
+        """
+        Update ranking when adding or removing points
+        """
+        family_set = Family.objects.select_for_update().all().order_by("-score")
+        for i in range(family_set.count()):
+            if i == 0 or family_set[i].score != family_set[i - 1].score:
+                new_rank = i + 1
+            family = family_set[i]
+            family.rank = new_rank
+            family._force_save = True
+            family.save()
+
+    def save(self, *args, **kwargs):
+        if self.rank is None:
+            last_family = Family.objects.order_by("rank").last()
+            if last_family is None or last_family.score > self.score:
+                self.rank = Family.objects.count() + 1
+            else:
+                self.rank = last_family.rank
+        super().save(*args, **kwargs)
+
+
+class FamilyMembership(models.Model):
+    user = models.OneToOneField(
+        User,
+        on_delete=models.PROTECT,
+        related_name=_('family_memberships'),
+        verbose_name=_('user'),
+    )
+
+    family = models.ForeignKey(
+        Family,
+        on_delete=models.PROTECT,
+        related_name=_('memberships'),
+        verbose_name=_('family'),
+    )
+
+    year = models.PositiveIntegerField(
+        verbose_name=_('year'),
+        default=timezone.now().year,
+    )
+
+    class Meta:
+        unique_together = ('user', 'year',)
+        verbose_name = _('family membership')
+        verbose_name_plural = _('family memberships')
+
+    def __str__(self):
+        return _('Family membership of {user} to {family}').format(user=self.user.username, family=self.family.name, )
+
+
+class Challenge(models.Model):
+    name = models.CharField(
+        max_length=255,
+        verbose_name=_('name'),
+    )
+
+    description = models.CharField(
+        max_length=255,
+        verbose_name=_('description'),
+    )
+
+    points = models.PositiveIntegerField(
+        verbose_name=_('points'),
+    )
+
+    @property
+    def obtained(self):
+        achievements = Achievement.objects.filter(challenge=self, valid=True)
+        return achievements.count()
+
+    def __str__(self):
+        return self.name
+
+    def get_absolute_url(self):
+        return reverse_lazy('family:challenge_detail', args=(self.pk,))
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        super().save(*args, **kwargs)
+        # Update families who already obtained this challenge
+        achievements = Achievement.objects.filter(challenge=self)
+        for achievement in achievements:
+            achievement.save()
+
+    class Meta:
+        verbose_name = _('challenge')
+        verbose_name_plural = _('challenges')
+
+
+class Achievement(models.Model):
+    challenge = models.ForeignKey(
+        Challenge,
+        on_delete=models.PROTECT,
+
+    )
+    family = models.ForeignKey(
+        Family,
+        on_delete=models.PROTECT,
+        verbose_name=_('family'),
+    )
+
+    obtained_at = models.DateTimeField(
+        verbose_name=_('obtained at'),
+        default=timezone.now,
+    )
+
+    valid = models.BooleanField(
+        verbose_name=_('valid'),
+        default=False,
+    )
+
+    class Meta:
+        unique_together = ('challenge', 'family',)
+        verbose_name = _('achievement')
+        verbose_name_plural = _('achievements')
+
+    def __str__(self):
+        return _('Challenge {challenge} carried out by Family {family}').format(challenge=self.challenge.name, family=self.family.name, )
+
+    @transaction.atomic
+    def save(self, *args, update_score=True, **kwargs):
+        """
+        When saving, also grants points to the family
+        """
+        self.family = Family.objects.select_for_update().get(pk=self.family_id)
+        self.challenge = Challenge.objects.select_for_update().get(pk=self.challenge_id)
+
+        super().save(*args, **kwargs)
+
+        if update_score:
+            self.family.refresh_from_db()
+            self.family.update_score()
+
+    @transaction.atomic
+    def delete(self, *args, **kwargs):
+        """
+        When deleting, also removes points from the family
+        """
+        # Get the family and challenge before deletion
+        self.family = Family.objects.select_for_update().get(pk=self.family_id)
+
+        # Delete the achievement
+        super().delete(*args, **kwargs)
+
+        # Remove points from the family
+        self.family.refresh_from_db()
+        self.family.update_score()

apps/family/static/family/js/achievements.js

@@ -0,0 +1,411 @@
+// Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// When a transaction is performed, lock the interface to prevent spam clicks.
+var LOCK = false
+
+/**
+ * Refresh the history table on the consumptions page.
+ */
+function refreshHistory () {
+  $('#history').load('/family/manage/ #history')
+}
+
+$(document).ready(function () {
+  // If hash of a category in the URL, then select this category
+  // else select the first one
+  if (location.hash) {
+    $("a[href='" + location.hash + "']").tab('show')
+  } else {
+    $("a[data-toggle='tab']").first().tab('show')
+  }
+
+  // When selecting a category, change URL
+  $(document.body).on('click', "a[data-toggle='tab']", function () {
+    location.hash = this.getAttribute('href')
+  })
+
+})
+
+notes = []
+notes_display = []
+buttons = []
+
+// When the user searches an alias, we update the auto-completion
+autoCompleteFamily('note', 'note_list', notes, notes_display,
+  'note', 'user_note', 'profile_pic', function () {
+    return true
+  })
+
+/**
+ * Add a transaction from a button.
+ * @param fam Where the money goes
+ * @param amount The price of the item
+ * @param type The type of the transaction (content type id for RecurrentTransaction)
+ * @param category_id The category identifier
+ * @param category_name The category name
+ * @param template_id The identifier of the button
+ * @param template_name The name of  the button
+ */
+function addChallenge (id, name, amount) {
+  var challenge = null
+  /** Ajout de 1 à chaque clic d'un bouton déjà choisi  */
+  buttons.forEach(function (b) {
+    if (b.id === id) {
+      challenge = b
+    }
+  })
+  if (challenge == null) {
+    challenge = {
+      id: id,
+      name: name,
+    }
+    buttons.push(challenge)
+  }
+
+  const dc_obj = true
+  
+    const list = 'consos_list'
+    let html = ''
+    buttons.forEach(function (challenge) {
+      html += li('conso_button_' + challenge.id, challenge.name)
+    })
+    document.getElementById(list).innerHTML = html
+
+    buttons.forEach((button) => {
+      document.getElementById(`conso_button_${button.id}`).addEventListener('click', () => {
+        if (LOCK) { return }
+        removeNote(button, 'conso_button', buttons, list)()
+      })
+    })
+
+}
+
+/**
+ * Reset the page as its initial state.
+ */
+function reset () {
+  notes_display.length = 0
+  notes.length = 0
+  buttons.length = 0
+  document.getElementById('note_list').innerHTML = ''
+  document.getElementById('consos_list').innerHTML = ''
+  document.getElementById('note').value = ''
+  document.getElementById('note').dataset.originTitle = ''
+  $('#note').tooltip('hide')
+  document.getElementById('profile_pic').src = '/static/member/img/default_picture.png'
+  document.getElementById('profile_pic_link').href = '#'
+  refreshHistory()
+  LOCK = false
+}
+
+/**
+ * Apply all transactions: all notes in `notes` buy each item in `buttons`
+ */
+function consumeAll () {
+  if (LOCK) { return }
+  LOCK = true
+
+  let error = false
+
+  if (notes_display.length === 0) {
+    // ... gestion erreur ...
+    error = true
+  }
+  if (buttons.length === 0) {
+    // ... gestion erreur ...
+    error = true
+  }
+  if (error) {
+    LOCK = false
+    return
+  }
+  // Récupérer les IDs des familles et des challenges
+  const family_ids = notes_display.map(fam => fam.id)
+  const challenge_ids = buttons.map(chal => chal.id)
+
+  $.ajax({
+    url: '/family/api/family/achievements/batch/',
+    type: 'POST',
+    data: JSON.stringify({
+      families: family_ids,
+      challenges: challenge_ids
+    }),
+    contentType: 'application/json',
+    headers: {
+      'X-CSRFToken': CSRF_TOKEN
+    },
+    success: function (data) {
+      reset()
+      data.results.forEach(function (result) {
+        if (result.status === 'created') {
+          addMsg(
+            interpolate(gettext('Invalid achievement for challenge %s ' +
+            'and family %s created.'), [result.challenge, result.family]),
+            'success',
+            5000
+          )
+        } else {
+          addMsg(
+            interpolate(gettext('An achievement for challenge %s ' +
+            'and family %s already exists.'), [result.challenge, result.family]),
+            'danger',
+            8000
+          )
+        }
+      })
+    }
+  })
+}
+
+
+var searchbar = document.getElementById("search-input")
+var search_results = document.getElementById("search-results")
+
+var old_pattern = null;
+var firstMatch = null;
+/**
+ * Updates the button search tab
+ * @param force Forces the update even if the pattern didn't change
+ */
+function updateSearch(force = false) {
+  let pattern = searchbar.value
+  if (pattern === "")
+    firstMatch = null;
+  if ((pattern === old_pattern || pattern === "") && !force)
+    return;
+  firstMatch = null;
+  const re = new RegExp(pattern, "i");
+  Array.from(search_results.children).forEach(function(b) {
+    if (re.test(b.innerText)) {
+      b.hidden = false;
+      if (firstMatch === null) {
+        firstMatch = b;
+      }
+    } else
+      b.hidden = true;
+  });
+}
+
+searchbar.addEventListener("input", function (e) {
+  debounce(updateSearch)()
+});
+searchbar.addEventListener("keyup", function (e) {
+  if (firstMatch && e.key === "Enter")
+    firstMatch.click()
+});
+
+function createshiny() {
+  const list_btn = document.querySelectorAll('.btn-outline-dark')
+  const shiny_class = list_btn[Math.floor(Math.random() * list_btn.length)].classList
+  shiny_class.replace('btn-outline-dark', 'btn-outline-dark-shiny')
+}
+createshiny()
+
+
+
+
+
+/**
+ * Query the 20 first matched notes with a given pattern
+ * @param pattern The pattern that is queried
+ * @param fun For each found note with the matched alias `alias`, fun(note, alias) is called.
+ */
+function getMatchedFamilies (pattern, fun) {
+  $.getJSON('/api/family/family/?format=json&alias=' + pattern + '&search=family', fun)
+}
+
+/**
+ * Generate a <li> entry with a given id and text
+ */
+function li (id, text, extra_css) {
+  return '<li class="list-group-item py-1 px-2 d-flex justify-content-between align-items-center text-truncate ' +
+        (extra_css || '') + '"' + ' id="' + id + '">' + text + '</li>\n'
+}
+
+
+/**
+ * Génère un champ d'auto-complétion pour rechercher une famille par son nom (version simplifiée sans alias)
+ * @param field_id L'identifiant du champ texte où le nom est saisi
+ * @param family_list_id L'identifiant du bloc div où les familles sélectionnées sont affichées
+ * @param families Un tableau contenant les objets famille sélectionnés
+ * @param families_display Un tableau contenant les infos des familles sélectionnées : [nom, id, objet famille, quantité]
+ * @param family_prefix Le préfixe des <li> pour les familles sélectionnées
+ * @param user_family_field L'identifiant du champ qui affiche la famille survolée (optionnel)
+ * @param profile_pic_field L'identifiant du champ qui affiche la photo de la famille survolée (optionnel)
+ * @param family_click Fonction appelée lors du clic sur un nom. Si elle existe et ne retourne pas true, la famille n'est pas affichée.
+ */
+function autoCompleteFamily(field_id, family_list_id, families, families_display, family_prefix = 'family', user_family_field = null, profile_pic_field = null, family_click = null) {
+  const field = $('#' + field_id)
+  // Configuration du tooltip
+  field.tooltip({
+    html: true,
+    placement: 'bottom',
+    title: 'Chargement...',
+    trigger: 'manual',
+    container: field.parent(),
+    fallbackPlacement: 'clockwise'
+  })
+
+  // Masquer le tooltip lors d'un clic ailleurs
+  $(document).click(function (e) {
+    if (!e.target.id.startsWith(family_prefix)) {
+      field.tooltip('hide')
+    }
+  })
+
+  let old_pattern = null
+
+  // Réinitialiser la recherche au clic
+  field.click(function () {
+    field.tooltip('hide')
+    field.removeClass('is-invalid')
+    field.val('')
+    old_pattern = ''
+  })
+
+  // Sur "Entrée", sélectionner la première famille
+  field.keypress(function (event) {
+    if (event.originalEvent.charCode === 13 && families.length > 0) {
+      const li_obj = field.parent().find('ul li').first()
+      displayFamily(families[0], families[0].name, user_family_field, profile_pic_field)
+      li_obj.trigger('click')
+    }
+  })
+
+  // Mise à jour des suggestions lors de la saisie
+  field.keyup(function (e) {
+    field.removeClass('is-invalid')
+
+    if (e.originalEvent.charCode === 13) { return }
+
+    const pattern = field.val()
+
+    if (pattern === old_pattern) { return }
+    old_pattern = pattern
+    families.length = 0
+
+    if (pattern === '') {
+      field.tooltip('hide')
+      families.length = 0
+      return
+    }
+
+    // Appel à l'API pour récupérer les familles correspondantes
+    $.getJSON('/api/family/family/?format=json&search=' + pattern,
+      function (results) {
+        if (pattern !== $('#' + field_id).val()) { return }
+
+        let matched_html = '<ul class="list-group list-group-flush">'
+        results.results.forEach(function (family) {
+          matched_html += li(family_prefix + '_' + family.id,
+            family.name,
+            '')
+          families.push(family)
+        })
+        matched_html += '</ul>'
+
+        field.attr('data-original-title', matched_html).tooltip('show')
+
+        results.results.forEach(function (family) {
+          const family_obj = $('#' + family_prefix + '_' + family.id)
+          family_obj.hover(function () {
+            displayFamily(family, family.name, user_family_field, profile_pic_field)
+          })
+          family_obj.click(function () {
+            var disp = null
+            families_display.forEach(function (d) {
+              if (d.id === family.id) {
+                disp = d
+              }
+            })
+            if (disp == null) {
+              disp = {
+                name: family.name,
+                id: family.id,
+                family: family,
+              }
+              families_display.push(disp)
+            }
+
+            if (family_click && !family_click()) { return }
+
+            const family_list = $('#' + family_list_id)
+            let html = ''
+            families_display.forEach(function (disp) {
+              html += li(family_prefix + '_' + disp.id,
+                disp.name,
+                '')
+            })
+
+            family_list.html(html)
+            field.tooltip('update')
+
+            families_display.forEach(function (disp) {
+              const line_obj = $('#' + family_prefix + '_' + disp.id)
+              line_obj.hover(function () {
+                displayFamily(disp.family, disp.name, user_family_field, profile_pic_field)
+              })
+              line_obj.click(removeFamily(disp, family_prefix, families_display, family_list_id, user_family_field,
+                profile_pic_field))
+            })
+          })
+        })
+      })
+  })
+}
+
+/**
+ * Affiche le nom et la photo d'une famille
+ * @param family L'objet famille à afficher
+ * @param user_family_field L'identifiant du champ où afficher le nom (optionnel)
+ * @param profile_pic_field L'identifiant du champ où afficher la photo (optionnel)
+ */
+function displayFamily(family, user_family_field = null, profile_pic_field = null) {
+  if (!family.display_image) {
+    family.display_image = '/static/member/img/default_picture.png'
+  }
+  if (user_family_field !== null) {
+    $('#' + user_family_field).removeAttr('class')
+    $('#' + user_family_field).text(family.name)
+    if (profile_pic_field != null) {
+      $('#' + profile_pic_field).attr('src', family.display_image)
+      // Si tu veux un lien vers la page famille :
+      $('#' + profile_pic_field + '_link').attr('href', '/family/detail/' + family.id + '/')
+    }
+  }
+}
+
+
+/**
+ * Retire une famille de la liste sélectionnée.
+ * @param d La famille à retirer
+ * @param family_prefix Le préfixe des <li>
+ * @param families_display Le tableau des familles sélectionnées
+ * @param family_list_id L'id du bloc où sont affichées les familles
+ * @param user_family_field Champ d'affichage (optionnel)
+ * @param profile_pic_field Champ photo (optionnel)
+ * @returns une fonction compatible avec les événements jQuery
+ */
+function removeFamily(d, family_prefix, families_display, family_list_id, user_family_field = null, profile_pic_field = null) {
+  return function () {
+    const new_families_display = []
+    let html = ''
+    families_display.forEach(function (disp) {
+    })
+
+    families_display.length = 0
+    new_families_display.forEach(function (disp) {
+      families_display.push(disp)
+    })
+
+    $('#' + family_list_id).html(html)
+    families_display.forEach(function (disp) {
+      const obj = $('#' + family_prefix + '_' + disp.id)
+      obj.click(removeFamily(disp, family_prefix, families_display, family_list_id, user_family_field, profile_pic_field))
+      obj.hover(function () {
+        displayFamily(disp.family, user_family_field, profile_pic_field)
+      })
+    })
+  }
+}

apps/family/tables.py

@@ -0,0 +1,149 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import django_tables2 as tables
+from django.utils.html import format_html
+from django.utils.translation import gettext_lazy as _
+from django_tables2 import A
+from django.urls import reverse, reverse_lazy
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
+
+from .models import Achievement, Challenge, Family, FamilyMembership
+
+
+class FamilyTable(tables.Table):
+    """
+    List all families
+    """
+
+    description = tables.Column(verbose_name=_("Description"))
+
+    class Meta:
+        attrs = {
+            'class': 'table table-condensed table-striped table-hover'
+        }
+        model = Family
+        template_name = 'django_tables2/bootstrap4.html'
+        fields = ('name', 'score', 'rank',)
+        order_by = ('rank',)
+        row_attrs = {
+            'class': 'table-row',
+            'data-href': lambda record: reverse('family:family_detail', args=[record.pk]),
+            'style': 'cursor:pointer',
+        }
+
+
+class ChallengeTable(tables.Table):
+    """
+    List all challenges
+    """
+
+    name = tables.Column(verbose_name=_("Name"))
+    description = tables.Column(verbose_name=_("Description"))
+    points = tables.Column(verbose_name=_("Points"))
+
+    class Meta:
+        attrs = {
+            'class': 'table table-condensed table-striped table-hover'
+        }
+        order_by = ('id',)
+        model = Challenge
+        template_name = 'django_tables2/bootstrap4.html'
+        fields = ('name', 'description', 'points',)
+        row_attrs = {
+            'class': 'table-row',
+            'data-href': lambda record: reverse('family:challenge_detail', args=[record.pk]),
+            'style': 'cursor:pointer',
+        }
+
+
+class FamilyMembershipTable(tables.Table):
+    """
+    List all family memberships.
+    """
+
+    def render_user(self, value):
+        # Display user's name, clickable if permission is granted
+        s = value.username
+        if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value):
+            s = format_html("<a href='{url}'>{name}</a>",
+                            url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s)
+        return s
+
+    class Meta:
+        attrs = {
+            'class': 'table table-condensed table-striped',
+            'style': 'table-layout: fixed;'
+        }
+        template_name = 'django_tables2/bootstrap4.html'
+        fields = ('user',)
+        model = FamilyMembership
+
+
+class AchievementTable(tables.Table):
+    """
+    List recent achievements.
+    """
+
+    challenge = tables.Column(verbose_name=_("Challenge"))
+
+    validate = tables.LinkColumn(
+        'family:achievement_validate',
+        args=[A('id')],
+        verbose_name=_("Validate"),
+        text=_("Validate"),
+        orderable=False,
+        attrs={
+            'th': {
+                'id': 'validate-achievement-header'
+            },
+            'a': {
+                'class': 'btn btn-success',
+                'data-type': 'validate-achievement'
+            }
+        },
+    )
+
+    delete = tables.LinkColumn(
+        'family:achievement_delete',
+        args=[A('id')],
+        verbose_name=_("Delete"),
+        text=_("Delete"),
+        orderable=False,
+        attrs={
+            'th': {
+                'id': 'delete-achievement-header'
+            },
+            'a': {
+                'class': 'btn btn-danger',
+                'data-type': 'delete-achievement'
+            }
+        },
+    )
+
+    class Meta:
+        attrs = {
+            'class': 'table table-condensed table-striped table-hover'
+        }
+        model = Achievement
+        fields = ('family', 'challenge', 'challenge__points', 'obtained_at', 'valid')
+        template_name = 'django_tables2/bootstrap4.html'
+        order_by = ('-obtained_at',)
+
+
+class FamilyAchievementTable(tables.Table):
+    """
+    Table des défis réalisés par une famille spécifique.
+    """
+
+    challenge = tables.Column(verbose_name=_("Challenge"))
+
+    class Meta:
+        model = Achievement
+        template_name = 'django_tables2/bootstrap4.html'
+        fields = ('challenge', 'challenge__points', 'obtained_at', 'valid')
+        attrs = {
+            'class': 'table table-condensed table-striped table-hover'
+        }
+        order_by = ('-obtained_at',)

apps/family/templates/family/achievement_confirm_delete.html

@@ -0,0 +1,25 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+    <div class="card bg-light">
+        <div class="card-header text-center">
+            <h4>{% trans "Delete achievement" %}</h4>
+        </div>
+            <div class="card-body">
+                <div class="alert alert-warning">
+                    {% blocktrans %}Are you sure you want to delete this achievement? This action can't be undone.{% endblocktrans %}
+                </div>
+            </div>
+        <div class="card-footer text-center">
+            <form method="post">
+                {% csrf_token %}
+                <a class="btn btn-primary" href="{% url 'family:achievement_list' %}">{% trans "Return to achievements list" %}</a>
+                <button class="btn btn-danger" type="submit">{% trans "Delete" %}</button>
+            </form>
+        </div>
+    </div>
+{% endblock %}

apps/family/templates/family/achievement_confirm_validate.html

@@ -0,0 +1,28 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+    <div class="card bg-light">
+        <div class="card-header text-center">
+            <h4>{% trans "Validate achievement" %}</h4>
+        </div>
+            <div class="card-body">
+                <div class="alert alert-warning">
+                    {% blocktrans %}Are you sure you want to validate this achievement? This action can't be undone.{% endblocktrans %}
+                </div>
+            </div>
+        <div class="card-footer text-center">
+            <form method="post">
+                {% csrf_token %}
+                <a class="btn btn-primary" href="{% url 'family:achievement_list' %}">{% trans "Return to achievements list" %}</a>
+                <form method="post" action="{% url 'family:achievement_validate' pk %}">
+                    {% csrf_token %}
+                    <button type="submit" class="btn btn-success">{% trans "Validate" %}</button>
+                </form>
+            </form>
+        </div>
+    </div>
+{% endblock %}

apps/family/templates/family/achievement_list.html

@@ -0,0 +1,33 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n django_tables2 %}
+
+{% block content %}
+
+<div class="card mb-4" id="history">
+    <div class="card-header">
+        <p class="card-text font-weight-bold">
+            {% trans "Invalid achievements history" %}
+        </p>
+        <a class="btn btn-sm btn-primary mx-2" href="{% url "family:manage" %}">
+            {% trans "Return to management page" %}
+        </a>
+    </div>
+    {% render_table invalid %}
+</div>
+
+<div class="card mb-4" id="history">
+    <div class="card-header">
+        <p class="card-text font-weight-bold">
+            {% trans "Valid achievements history" %}
+        </p>
+        <a class="btn btn-sm btn-primary mx-2" href="{% url "family:manage" %}">
+            {% trans "Return to management page" %}
+        </a>
+    </div>
+    {% render_table valid %}
+</div>
+{% endblock %}

apps/family/templates/family/add_member.html

@@ -0,0 +1,60 @@
+{% extends "family/base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load crispy_forms_tags i18n pretty_money %}
+
+{% block profile_content %}
+<div class="card bg-light">
+    <h3 class="card-header text-center">
+        {{ title }}
+    </h3>
+    <div class="card-body">
+        
+        <form method="post" action="">
+            {% csrf_token %}
+            {{ form|crispy }}
+            <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
+        </form>
+    </div>
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script>
+    function autocompleted(user) {
+        $("#id_last_name").val(user.last_name);
+        $("#id_first_name").val(user.first_name);
+        $.getJSON("/api/members/profile/" + user.id + "/", function (profile) {
+            let fee = profile.paid ? "{{ club.membership_fee_paid }}" : "{{ club.membership_fee_unpaid }}";
+            $("#id_credit_amount").val((Number(fee) / 100).toFixed(2));
+        });
+    }
+
+    soge_field = $("#id_soge");
+
+    function fillFields() {
+        let checked = soge_field.is(':checked');
+        if (!checked) {
+            $("input").attr('disabled', false);
+            $("#id_user").attr('disabled', true);
+            $("select").attr('disabled', false);
+            return;
+        }
+
+        let credit_type = $("#id_credit_type");
+        credit_type.attr('disabled', true);
+        credit_type.val(4);
+
+        let credit_amount = $("#id_credit_amount");
+        credit_amount.attr('disabled', true);
+        credit_amount.val('{{ total_fee }}');
+
+        let bank = $("#id_bank");
+        bank.attr('disabled', true);
+        bank.val('Société générale');
+    }
+
+    soge_field.change(fillFields);
+</script>
+{% endblock %}

apps/family/templates/family/base.html

@@ -0,0 +1,52 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n perms %}
+
+{# Use a fluid-width container #}
+{% block containertype %}container-fluid{% endblock %}
+
+{% block content %}
+<div class="row mt-4">
+    <div class="col-xl-4">
+        {% block profile_info %}
+        <div class="card bg-light" id="card-infos">
+            <h4 class="card-header text-center">
+                {{ family.name }}
+            </h4>
+            <div class="text-center">
+                <a href="{% url 'family:update_pic' family.pk  %}">
+                    <img src="{{ family.display_image.url }}" class="img-thumbnail mt-2">
+                </a>
+            </div>
+            <div class="card-body" id="profile_infos">
+                {% include "family/family_info.html" %}
+            </div>
+            <div class="card-footer">
+                {% if can_add_members %}
+                <a class="btn btn-sm btn-success" href="{% url 'family:family_add_member' family_pk=family.pk %}"
+                   data-turbolinks="false"> {% trans "Add member" %}</a>
+                {% endif %}
+                {% if ".change_"|has_perm:family %}
+                <a class="btn btn-sm btn-secondary" href="{% url 'family:family_update' pk=family.pk %}"
+                   data-turbolinks="false">
+                    <i class="fa fa-edit"></i> {% trans 'Update Profile' %}
+                </a>
+                {% endif %}
+                {% url 'family:family_detail' family.pk as family_detail_url %}
+                {% if request.path_info != family_detail_url %}
+                <a class="btn btn-sm btn-primary" href="{{ family_detail_url }}">{% trans 'View Profile' %}</a>
+                {% endif %}
+                <a class="btn btn-sm btn-primary" href="{% url "family:family_list" %}">
+                    {% trans "Return to the family list" %}
+                  </a>
+            </div>
+        </div>
+        {% endblock %}
+    </div>
+    <div class="col-xl-8">
+        {% block profile_content %}{% endblock %}
+    </div>
+</div>
+{% endblock %}

apps/family/templates/family/challenge_detail.html

@@ -0,0 +1,36 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }} {{ challenge.name }}
+  </h3>
+  <div class="card-body">
+    <ul>
+      {% for field, value in fields %}
+      <li> {{ field }} : {{ value }}</li>
+      {% endfor %}
+      <li> {% trans "Obtained by " %} {{obtained}}
+        {% if obtained > 1 %}
+          {% trans "families" %}
+        {% else %}
+          {% trans "family" %}
+        {% endif %}
+      </li>
+    </ul>
+      <a class="btn btn-sm btn-primary" href="{% url "family:challenge_list" %}">
+        {% trans "Return to the challenge list" %}
+      </a>
+      {% if update %}
+      <a class="btn btn-sm btn-secondary" href="{% url "family:challenge_update" pk=challenge.pk %}">
+        {% trans "Update" %}
+      </a>
+      {% endif %}
+  </div>
+</div>
+{% endblock %}

apps/family/templates/family/challenge_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {% csrf_token %}
+      {{ form | crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

apps/family/templates/family/challenge_list.html

@@ -0,0 +1,42 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load render_table from django_tables2 %}
+{% load i18n %}
+
+{% block content %}
+<div class="row">
+    <div class="col-xl-12">
+        <div class="btn-group btn-group-toggle" style="width: 100%; padding: 0 0 2em 0">
+            <a href="{% url "family:family_list" %}" class="btn btn-sm btn-outline-primary">
+                {% trans "Families" %}
+            </a>
+            <a href="#" class="btn btn-sm btn-outline-primary active">
+                {% trans "Challenges" %}
+            </a>
+            {% if can_manage %}
+            <a href="{% url "family:manage" %}" class="btn btn-sm btn-outline-primary">
+                {% trans "Manage" %}
+            </a>
+            {% endif %}
+        </div>
+    </div>
+</div>
+
+<div class="card bg-white mb-3">
+    <h3 class="card-header text-center">
+        {{ title }}
+    </h3>
+    {% render_table table %}
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script type="text/javascript">
+    $(".table-row").click(function () {
+            window.document.location = $(this).data("href");
+        });
+</script>
+{% endblock %}

apps/family/templates/family/family_detail.html

@@ -0,0 +1,29 @@
+{% extends "family/base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load render_table from django_tables2 %}
+{% load i18n perms %}
+
+{% block profile_content %}
+{% if member_list.data %}
+<div class="card">
+    <div class="card-header position-relative" id="clubListHeading">
+        <i class="fa fa-users"></i> {% trans "Family members" %}
+    </div>
+    {% render_table member_list %}
+</div>
+
+<div class="my-4"></div>
+{% endif %}
+
+{% if achievement_list.data %}
+<div class="card">
+    <div class="card-header position-relative">
+        <i class="fa fa-trophy"></i> {% trans "Completed challenges" %}
+    </div>
+    {% render_table achievement_list %}
+</div>
+{% endif %}
+{% endblock %}

apps/family/templates/family/family_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block content %}
+<div class="card bg-white mb-3">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body" id="form">
+    <form method="post">
+      {% csrf_token %}
+      {{ form | crispy }}
+      <button class="btn btn-primary" type="submit">{% trans "Submit"%}</button>
+    </form>
+  </div>
+</div>
+{% endblock %}

apps/family/templates/family/family_info.html

@@ -0,0 +1,15 @@
+{% load i18n pretty_money perms %}
+
+<dl class="row">
+    <dt class="col-xl-6">{% trans 'name'|capfirst %}</dt>
+    <dd class="col-xl-6">{{ family.name }}</dd>
+
+    <dt class="col-xl-6">{% trans 'description'|capfirst %}</dt>
+    <dd class="col-xl-6">{{ family.description }}</dd>
+
+    <dt class="col-xl-6">{% trans 'score'|capfirst %}</dt>
+    <dd class="col-xl-6">{{ family.score }}</dd>
+
+    <dt class="col-xl-6">{% trans 'rank'|capfirst %}</dt>
+    <dd class="col-xl-6">{{ family.rank }}</dd>
+</dl>

apps/family/templates/family/family_list.html

@@ -0,0 +1,43 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load render_table from django_tables2 %}
+{% load i18n %}
+
+{% block content %}
+<div class="row">
+    <div class="col-xl-12">
+        <div class="btn-group btn-group-toggle" style="width: 100%; padding: 0 0 2em 0">
+            <a href="#" class="btn btn-sm btn-outline-primary active">
+                {% trans "Families" %}
+            </a>
+            <a href="{% url "family:challenge_list" %}" class="btn btn-sm btn-outline-primary">
+                {% trans "Challenges" %}
+            </a>
+            {% if can_manage %}
+            <a href="{% url "family:manage" %}" class="btn btn-sm btn-outline-primary">
+                {% trans "Manage" %}
+            </a>
+            {% endif %}
+        </div>
+    </div>
+</div>
+
+<div class="card bg-white mb-3">
+    <h3 class="card-header text-center">
+        {{ title }}
+    </h3>
+    {% render_table table %}
+</div>
+
+{% endblock %}
+
+{% block extrajavascript %}
+<script type="text/javascript">
+    $(".table-row").click(function () {
+            window.document.location = $(this).data("href");
+        });
+</script>
+{% endblock %}

apps/family/templates/family/manage.html

@@ -0,0 +1,287 @@
+{% extends "base.html" %}
+{% comment %}
+Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n static django_tables2 %}
+
+{% block containertype %}container-fluid{% endblock %}
+
+{% block content %}
+<div class="row">
+    <div class="col-xl-12">
+        <div class="btn-group btn-group-toggle" style="width: 100%; padding: 0 0 2em 0">
+            <a href="{% url "family:family_list" %}" class="btn btn-sm btn-outline-primary">
+                {% trans "Families" %}
+            </a>
+            <a href="{% url "family:challenge_list" %}" class="btn btn-sm btn-outline-primary">
+                {% trans "Challenges" %}
+            </a>
+            <a href="#" class="btn btn-sm btn-outline-primary active">
+                {% trans "Manage" %}
+            </a>
+        </div>
+    </div>
+</div>
+
+<div class="row mb-3">
+    <div class='col-sm-5 col-xl-6' id="infos_div">
+        {% if can_add_achievement %}
+        <div class="row justify-content-center justify-content-md-end">
+            {# Family details column #}
+            <div class="col picture-col">
+                <div class="card bg-light mb-4 text-center">
+                    <a id="profile_pic_link" href="#">
+                        <img src="{% static "member/img/default_picture.png" %}" id="profile_pic" alt="" class="card-img-top d-none d-sm-block">
+                    </a>
+                    <div class="card-body text-center text-break p-2">
+                        <span id="user_note"><i class="small">{% trans "Please select a family" %}</i></span>
+                    </div>
+                </div>
+            </div>
+
+            {# Family selection column #}
+            <div class="col-xl" id="user_select_div">
+                <div class="card bg-light border-success mb-4">
+                    <div class="card-header">
+                        <p class="card-text font-weight-bold">
+                            {% trans "Families" %}
+                        </p>
+                    </div>
+                    <div class="card-body p-0" style="min-height:125px;">
+                        <ul class="list-group list-group-flush" id="note_list"></ul>
+                    </div>
+                    {# User search with autocompletion #}
+                    <div class="card-footer">
+                        <input class="form-control mx-auto d-block mb-2" placeholder="{% trans "Name" %}" type="text" id="note" autofocus />
+                        {% if user_family %}
+                        <button class="btn btn-sm btn-secondary btn-block" id="select_my_family">
+                            {% trans "Select my family" %} ({{ user_family.name }})
+                        </button>
+                        {% endif %}
+                    </div>
+                </div>
+            </div>
+
+            {# Summary of challenges and validate button #}
+            <div class="col-xl-5" id="consos_list_div">
+                <div class="card bg-light border-info mb-4">
+                    <div class="card-header">
+                        <p class="card-text font-weight-bold">
+                            {% trans "Challenges" %}
+                        </p>
+                    </div>
+                    <div class="card-body p-0" style="min-height:125px;">
+                        <ul class="list-group list-group-flush" id="consos_list"></ul>
+                    </div>
+                    <div class="card-footer text-center">
+                        <span id="consume_all" class="btn btn-primary">
+                            {% trans "Validate!" %}
+                        </span>
+                    </div>
+                </div>
+            </div>
+        </div>
+        {% endif %}
+
+        {# Create family/challenge buttons #}
+        {% if can_add_family or can_add_challenge %}
+        <div class="card bg-light border-success mb-4">
+          <h3 class="card-header font-weight-bold text-center">
+              {% trans "Create a family or challenge" %}
+          </h3>
+        <div class="card-body text-center">
+            {% if can_add_family %}
+            <a class="btn btn-sm btn-primary mx-2" href="{% url "family:family_create" %}">
+                {% trans "Add a family" %}
+            </a>
+            {% endif %}
+            {% if can_add_challenge %}
+            <a class="btn btn-sm btn-primary mx-2" href="{% url "family:challenge_create" %}">
+                {% trans "Add a challenge" %}
+            </a>
+            {% endif %}
+        </div>
+        </div>
+        {% endif %}
+    </div>
+
+    {# Buttons column #}
+    <div class="col">
+        {% if can_add_achievement %}
+        <div class="card bg-light border-primary text-center mb-4">
+            {# Tabs for list and search #}
+            <div class="card-header">
+                <ul class="nav nav-tabs nav-fill card-header-tabs">
+                    <li class="nav-item">
+                        <a class="nav-link font-weight-bold" data-toggle="tab" href="#list">
+                            {% trans "List" %}
+                        </a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link font-weight-bold" data-toggle="tab" href="#search">
+                            {% trans "Search" %}
+                        </a>
+                    </li>
+                </ul>
+            </div>
+
+            {# Tabs content #}
+            <div class="card-body">
+                <div class="tab-content">
+                    <div class="tab-pane" id="list">
+                        <div class="d-inline-flex flex-wrap justify-content-center">
+                            {% for challenge in all_challenges %}
+                                    <button class="btn btn-outline-dark rounded-0 flex-fill"
+                                            id="challenge{{ challenge.id }}" name="button" value="{{ challenge.name }}">
+                                        {{ challenge.name }} ({{ challenge.points }} {% trans "points" %})
+                                    </button>
+                            {% endfor %}
+                        </div>
+                    </div>
+                    <div class="tab-pane" id="search">
+                        <input class="form-control mx-auto d-block mb-3" placeholder="{% trans "Search challenge..." %}" type="search" id="search-input"/>
+                        <div class="d-inline-flex flex-wrap justify-content-center" id="search-results">
+                            {% for challenge in all_challenges %}
+                                    <button class="btn btn-outline-dark rounded-0 flex-fill" hidden
+                                            id="search_challenge{{ challenge.id }}" name="button" value="{{ challenge.name }}">
+                                            {{ challenge.name }} ({{ challenge.points }} {% trans "points" %})
+                                    </button>
+                            {% endfor %}
+                        </div>
+                    </div>
+                </div>
+            </div>
+
+        </div>
+        {% endif %}
+    </div>
+</div>
+
+{# achievement history #}
+{% if table.data %}
+    <div class="card">
+        <div class="card-header position-relative" id="historyListHeading">
+            <a class="stretched-link font-weight-bold" 
+                href="{% url 'family:achievement_list' %}" >
+                {% trans "Recent achievements history" %}
+            </a>
+        </div>
+        <div id="history">
+            {% render_table table %}
+        </div>
+    </div>
+
+        <!-- Popup de validation -->
+    <div class="modal fade" id="validationModal" tabindex="-1" role="dialog" aria-labelledby="validationModalLabel" aria-hidden="true">
+    <div class="modal-dialog modal-dialog-centered" role="document">
+        <div class="modal-content border-success">
+        <div class="modal-header bg-success text-white">
+            <h5 class="modal-title" id="validationModalLabel">{% trans "Confirmation" %}</h5>
+            <button type="button" class="close text-white" data-dismiss="modal" aria-label="Close">
+            <span aria-hidden="true">&times;</span>
+            </button>
+        </div>
+        <div class="modal-body">
+                <p><strong>{% trans "Are you sure you want to validate this challenge?" %}</strong></p>
+                <p>{% trans "To have your challenge officially validated, please send a message with:" %}</p>
+                <ul>
+                <li>{% trans "The name of the family" %}</li>
+                <li>{% trans "The name of the challenge" %}</li>
+                <li>{% trans "A photo or video as proof" %}</li>
+                </ul>
+                <p>
+                <strong>{% trans "Send it via WhatsApp to:" %}</strong>
+                {% if phone_numbers %}"
+                {% for num in phone_numbers %}
+                    <a href="https://wa.me/{{ num }}" target="_blank">{{ num }}</a>{% if not forloop.last %}, {% endif %}
+                {% endfor %}
+                {% endif %}
+                </p>
+        </div>
+        <div class="modal-footer">
+            <button type="button" class="btn btn-primary" data-dismiss="modal">{% trans "OK" %}</button>
+        </div>
+        </div>
+    </div>
+    </div>
+{% endif %}
+{% endblock %}
+
+
+
+{% block extrajavascript %}
+    <script type="text/javascript" src="{% static "family/js/achievements.js" %}"></script>
+    <script type="text/javascript">
+        {% for challenge in all_challenges %}
+        document.getElementById("challenge{{ challenge.id }}").addEventListener("click", function() {
+            addChallenge({{ challenge.id}}, "{{ challenge.name|escapejs }}", {{ challenge.points }});
+        });
+        {% endfor %}
+    
+        {% for challenge in all_challenges %}
+            document.getElementById("search_challenge{{ challenge.id }}").addEventListener("click", function() {
+                addChallenge({{ challenge.id}}, "{{ challenge.name|escapejs }}", {{ challenge.points }});
+            });
+        {% endfor %} 
+    </script>
+    <script>
+        document.getElementById("consume_all").addEventListener("click", function () {
+            $('#validationModal').modal('show');
+        });
+
+        $('#validationModal .btn-primary').on('click', function () {
+            consumeAll();
+        });
+        
+        {% if user_family %}
+        document.getElementById("select_my_family").addEventListener("click", function () {
+            // Simulate selecting the user's family
+            var userFamily = {
+                id: {{ user_family.id }},
+                name: "{{ user_family.name|escapejs }}",
+                display_image: "{{ user_family.display_image.url|default:'/static/member/img/default_picture.png'|escapejs }}"
+            };
+            
+            // Check if family is already selected
+            var alreadySelected = false;
+            notes_display.forEach(function (d) {
+                if (d.id === userFamily.id) {
+                    alreadySelected = true;
+                }
+            });
+            
+            if (!alreadySelected) {
+                // Add the family to the selected families
+                var disp = {
+                    name: userFamily.name,
+                    id: userFamily.id,
+                    family: userFamily,
+                };
+                notes_display.push(disp);
+                
+                // Update the display
+                const family_list = $('#note_list');
+                let html = '';
+                notes_display.forEach(function (disp) {
+                    html += li('note_' + disp.id, disp.name, '');
+                });
+                
+                family_list.html(html);
+                
+                // Add click handlers for removal
+                notes_display.forEach(function (disp) {
+                    const line_obj = $('#note_' + disp.id);
+                    line_obj.hover(function () {
+                        displayFamily(disp.family, disp.name, 'user_note', 'profile_pic');
+                    });
+                    line_obj.click(removeFamily(disp, 'note', notes_display, 'note_list', 'user_note', 'profile_pic'));
+                });
+                
+                // Display the family info
+                displayFamily(userFamily, userFamily.name, 'user_note', 'profile_pic');
+            }
+        });
+        {% endif %}
+    </script>
+{% endblock %}

apps/family/templates/family/picture_update.html

@@ -0,0 +1,118 @@
+{% extends "family/base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n crispy_forms_tags %}
+
+{% block profile_content %}
+<div class="card bg-light">
+  <h3 class="card-header text-center">
+    {{ title }}
+  </h3>
+  <div class="card-body">
+    <div class="text-center">
+      <form method="post" enctype="multipart/form-data" id="formUpload">
+        {% csrf_token %}
+        {{ form |crispy }}
+        {% if user.note.display_image != "pic/default.png" %}
+          <input type="submit" class="btn btn-primary" value="{% trans "Remove" %}">
+        {% endif %}
+      </form>
+    </div>
+    <!-- MODAL TO CROP THE IMAGE -->
+    <div class="modal fade" id="modalCrop" data-backdrop="static">
+      <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-body-wrapper" style="width: 500px; height: 500px; padding: 16px;">
+              <div class="modal-body" style="width: 100%; height: 100%; padding: 0">
+                <img src="" id="modal-image" style="display: block; max-width: 100%;">
+              </div>
+            </div>
+          <div class="modal-footer">
+            <div class="btn-group pull-left" role="group">
+              <button type="button" class="btn btn-default" id="js-zoom-in">
+                <span class="glyphicon glyphicon-zoom-in"></span>
+              </button>
+              <button type="button" class="btn btn-default js-zoom-out">
+                <span class="glyphicon glyphicon-zoom-out"></span>
+              </button>
+            </div>
+            <button type="button" class="btn btn-default" data-dismiss="modal">{% trans "Nevermind" %}</button>
+            <button type="button" class="btn btn-primary js-crop-and-upload">{% trans "Crop and upload" %}</button>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}
+
+{% block extracss %}
+<link href="https://cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.6/cropper.min.css" rel="stylesheet">
+{% endblock %}
+
+{% block extrajavascript%}
+<script src="https://cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.6/cropper.min.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/jquery-cropper@1.0.1/dist/jquery-cropper.min.js"></script>
+<script>
+  $(function () {
+
+    /* SCRIPT TO OPEN THE MODAL WITH THE PREVIEW */
+    $("#id_image").change(function (e) {
+      if (this.files && this.files[0]) {
+        // Check the image size
+        if (this.files[0].size > 2*1024*1024) {
+          alert("Ce fichier est trop volumineux.")
+	} else {
+          // Read the selected image file
+          var reader = new FileReader();
+          reader.onload = function (e) {
+            $("#modal-image").attr("src", e.target.result);
+            $("#modalCrop").modal("show");
+          }
+          reader.readAsDataURL(this.files[0]);
+        }
+      }
+    });
+
+    /* SCRIPTS TO HANDLE THE CROPPER BOX */
+    var $image = $("#modal-image");
+    var cropBoxData;
+    var canvasData;
+    $("#modalCrop").on("shown.bs.modal", function () {
+      $image.cropper({
+        viewMode: 1,
+        aspectRatio: 1 / 1,
+        minCropBoxWidth: 200,
+        minCropBoxHeight: 200,
+        ready: function () {
+          $image.cropper("setCanvasData", canvasData);
+          $image.cropper("setCropBoxData", cropBoxData);
+        }
+      });
+    }).on("hidden.bs.modal", function () {
+      cropBoxData = $image.cropper("getCropBoxData");
+      canvasData = $image.cropper("getCanvasData");
+      $image.cropper("destroy");
+    });
+
+    $(".js-zoom-in").click(function () {
+      $image.cropper("zoom", 0.1);
+    });
+
+    $(".js-zoom-out").click(function () {
+      $image.cropper("zoom", -0.1);
+    });
+
+    /* SCRIPT TO COLLECT THE DATA AND POST TO THE SERVER */
+    $(".js-crop-and-upload").click(function () {
+      var cropData = $image.cropper("getData");
+      $("#id_x").val(cropData["x"]);
+      $("#id_y").val(cropData["y"]);
+      $("#id_height").val(cropData["height"]);
+      $("#id_width").val(cropData["width"]);
+      $("#formUpload").submit();
+    });
+  });
+</script>
+{% endblock %}

apps/family/tests/test_family.py

@@ -0,0 +1,328 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import os
+
+from api.tests import TestAPI
+from django.contrib.auth.models import User
+from django.core.files.uploadedfile import SimpleUploadedFile
+from django.test import TestCase
+from rest_framework.test import APITestCase
+from django.urls import reverse
+from django.utils import timezone
+
+from ..api.views import FamilyViewSet, FamilyMembershipViewSet, ChallengeViewSet, AchievementViewSet
+from ..models import Family, FamilyMembership, Challenge, Achievement
+
+
+class TestFamily(TestCase):
+    """
+    Test family
+    """
+
+    def setUp(self):
+        self.user = User.objects.create_superuser(
+            username='admintoto',
+            password='toto1234',
+            email='toto@example.com',
+        )
+        self.client.force_login(self.user)
+
+        sess = self.client.session
+        sess['permission_mask'] = 42
+        sess.save()
+
+        self.family = Family.objects.create(
+            name='Test family',
+            description='',
+        )
+
+        self.challenge = Challenge.objects.create(
+            name='Test challenge',
+            description='',
+            points=100,
+        )
+
+        self.achievement = Achievement.objects.create(
+            family=self.family,
+            challenge=self.challenge,
+            valid=False,
+        )
+
+    def test_family_list(self):
+        """
+        Test display family list
+        """
+        response = self.client.get(reverse("family:family_list"))
+        self.assertEqual(response.status_code, 200)
+
+    def test_family_create(self):
+        """
+        Test create a family
+        """
+        response = self.client.get(reverse("family:family_create"))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(reverse("family:family_create"), data={
+            "name": "Family toto",
+            "description": "A test family",
+        })
+        self.assertTrue(Family.objects.filter(name="Family toto").exists())
+        self.assertRedirects(response, reverse("family:manage"), 302, 200)
+
+    def test_family_detail(self):
+        """
+        Test display the detail of a family
+        """
+        response = self.client.get(reverse("family:family_detail", args=(self.family.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+    def test_family_update(self):
+        """
+        Test update a family
+        """
+        response = self.client.get(reverse("family:family_update", args=(self.family.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(reverse("family:family_update", args=(self.family.pk,)), data=dict(
+            name="Toto family updated",
+            description="A larger description for the test family"
+        ))
+        self.assertRedirects(response, self.family.get_absolute_url(), 302, 200)
+        self.assertTrue(Family.objects.filter(name="Toto family updated").exists())
+
+    def test_family_update_picture(self):
+        """
+        Test update the picture of a family
+        """
+        response = self.client.get(reverse("family:update_pic", args=(self.family.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        old_pic = self.family.display_image
+
+        with open("apps/family/static/family/img/default_picture.png", "rb") as f:
+            image = SimpleUploadedFile("image.png", f.read(), "image/png")
+            response = self.client.post(reverse("family:update_pic", args=(self.family.pk,)), dict(
+                image=image,
+                x=0,
+                y=0,
+                width=200,
+                height=200,
+            ))
+            self.assertRedirects(response, self.family.get_absolute_url(), 302, 200)
+
+        self.family.refresh_from_db()
+        self.assertTrue(os.path.exists(self.family.display_image.path))
+        os.remove(self.family.display_image.path)
+
+        self.family.display_image = old_pic
+        self.family.save()
+
+    def test_family_add_member(self):
+        """
+        Test add memberships to a family
+        """
+        response = self.client.get(reverse("family:family_add_member", args=(self.family.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        user = User.objects.create(username="totototo")
+        user.profile.registration_valid = True
+        user.profile.email_confirmed = True
+        user.profile.save()
+        user.save()
+
+        response = self.client.post(reverse("family:family_add_member", args=(self.family.pk,)), data=dict(
+            user=user.pk,
+        ))
+        self.assertRedirects(response, self.family.get_absolute_url(), 302, 200)
+
+        self.assertTrue(FamilyMembership.objects.filter(user=user, family=self.family, year=timezone.now().year).exists())
+
+    def test_challenge_list(self):
+        """
+        Test display challenge list
+        """
+        response = self.client.get(reverse('family:challenge_list'))
+        self.assertEqual(response.status_code, 200)
+
+    def test_challenge_create(self):
+        """
+        Test create a challenge
+        """
+        response = self.client.get(reverse("family:challenge_create"))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(reverse("family:challenge_create"), data={
+            "name": "Challenge for toto",
+            "description": "A test challenge",
+            "points": 50,
+        })
+        self.assertTrue(Challenge.objects.filter(name="Challenge for toto").exists())
+        self.assertRedirects(response, reverse("family:manage"), 302, 200)
+
+    def test_challenge_detail(self):
+        """
+        Test display the detail of a challenge
+        """
+        response = self.client.get(reverse("family:challenge_detail", args=(self.challenge.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+    def test_challenge_update(self):
+        """
+        Test update a challenge
+        """
+        response = self.client.get(reverse("family:challenge_update", args=(self.challenge.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(reverse("family:challenge_update", args=(self.challenge.pk,)), data=dict(
+            name="Challenge updated",
+            description="Another description",
+            points=10,
+        ))
+        self.assertRedirects(response, self.challenge.get_absolute_url(), 302, 200)
+        self.assertTrue(Challenge.objects.filter(name="Challenge updated").exists())
+
+    def test_render_manage_page(self):
+        """
+        Test render manage page
+        """
+        response = self.client.get(reverse("family:manage"))
+        self.assertEqual(response.status_code, 200)
+
+    def test_validate_achievement(self):
+        """
+        Test validate an achievement
+        """
+        old_family_score = self.family.score
+
+        response = self.client.get(reverse("family:achievement_validate", args=(self.achievement.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.post(reverse("family:achievement_validate", args=(self.achievement.pk,)))
+        self.assertRedirects(response, reverse("family:achievement_list"), 302, 200)
+
+        self.achievement.refresh_from_db()
+        self.assertIs(self.achievement.valid, True)
+
+        self.family.refresh_from_db()
+        self.assertEqual(self.family.score, old_family_score + self.achievement.challenge.points)
+
+    def test_delete_achievement(self):
+        """
+        Test delete an achievement
+        """
+        response = self.client.get(reverse("family:achievement_delete", args=(self.achievement.pk,)))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.delete(reverse("family:achievement_delete", args=(self.achievement.pk,)))
+        self.assertRedirects(response, reverse("family:achievement_list"), 302, 200)
+        self.assertFalse(Achievement.objects.filter(pk=self.achievement.pk).exists())
+
+
+class TestBatchAchievements(APITestCase):
+    def setUp(self):
+        self.user = User.objects.create_superuser(
+            username='admintoto',
+            password='toto1234',
+            email='toto@example.com',
+        )
+        self.client.force_login(self.user)
+
+        sess = self.client.session
+        sess['permission_mask'] = 42
+        sess.save()
+
+        self.families = [
+            Family.objects.create(name=f'Famille {i}', description='') for i in range(2)
+        ]
+        self.challenges = [
+            Challenge.objects.create(name=f'Challenge {i}', description='', points=50) for i in range(3)
+        ]
+
+        self.achievement = Achievement.objects.create(
+            family=self.families[0],
+            challenge=self.challenges[0],
+            valid=False,
+        )
+
+        self.url = reverse("family:api:batch_achievements")
+
+    def test_batch_achievement_creation(self):
+        family_ids = [f.id for f in self.families]
+        challenge_ids = [c.id for c in self.challenges]
+        response = self.client.post(
+            self.url,
+            data={
+                'families': family_ids,
+                'challenges': challenge_ids
+            },
+            format='json'
+        )
+
+        self.assertEqual(response.status_code, 201)
+        for result in response.data['results']:
+            if result['family'] == self.families[0].name and result['challenge'] == self.challenges[0].name:
+                self.assertEqual(result['status'], 'existed')
+            else:
+                self.assertEqual(result['status'], 'created')
+
+        expected_count = len(family_ids) * len(challenge_ids)
+        self.assertEqual(Achievement.objects.count(), expected_count)
+
+        # Check that correct couples family/challenge exist
+        for f in self.families:
+            for c in self.challenges:
+                self.assertTrue(
+                    Achievement.objects.filter(family=f, challenge=c).exists()
+                )
+
+
+class TestFamilyAPI(TestAPI):
+    def setUp(self):
+        super().setUp()
+
+        self.family = Family.objects.create(
+            name='Test family',
+            description='',
+        )
+
+        self.familymembership = FamilyMembership.objects.create(
+            user=self.user,
+            family=self.family,
+        )
+
+        self.challenge = Challenge.objects.create(
+            name='Test challenge',
+            description='',
+            points=100,
+        )
+
+        self.achievement = Achievement.objects.create(
+            family=self.family,
+            challenge=self.challenge,
+            valid=False,
+        )
+
+    def test_family_api(self):
+        """
+        Load Family API page and test all filters and permissions
+        """
+        self.check_viewset(FamilyViewSet, '/api/family/family/')
+
+    def test_familymembership_api(self):
+        """
+        Load FamilyMembership API page and test all filters and permissions
+        """
+        self.check_viewset(FamilyMembershipViewSet, '/api/family/familymembership/')
+
+    def test_challenge_api(self):
+        """
+        Load Challenge API page and test all filters and permissions
+        """
+        self.check_viewset(ChallengeViewSet, '/api/family/challenge/')
+
+    def test_achievement_api(self):
+        """
+        Load Achievement API page and test all filters and permissions
+        """
+        self.check_viewset(AchievementViewSet, '/api/family/achievement/')

apps/family/urls.py

@@ -0,0 +1,25 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.urls import path, include
+
+from . import views
+
+app_name = 'family'
+urlpatterns = [
+    path('list/', views.FamilyListView.as_view(), name="family_list"),
+    path('create/', views.FamilyCreateView.as_view(), name="family_create"),
+    path('<int:pk>/detail/', views.FamilyDetailView.as_view(), name="family_detail"),
+    path('<int:pk>/update/', views.FamilyUpdateView.as_view(), name="family_update"),
+    path('<int:pk>/update_pic/', views.FamilyPictureUpdateView.as_view(), name="update_pic"),
+    path('<int:family_pk>/add_member/', views.FamilyAddMemberView.as_view(), name="family_add_member"),
+    path('challenge/list/', views.ChallengeListView.as_view(), name="challenge_list"),
+    path('challenge/create/', views.ChallengeCreateView.as_view(), name="challenge_create"),
+    path('challenge/<int:pk>/detail/', views.ChallengeDetailView.as_view(), name="challenge_detail"),
+    path('challenge/<int:pk>/update/', views.ChallengeUpdateView.as_view(), name="challenge_update"),
+    path('manage/', views.FamilyManageView.as_view(), name="manage"),
+    path('achievement/list/', views.AchievementListView.as_view(), name="achievement_list"),
+    path('achievement/<int:pk>/validate/', views.AchievementValidateView.as_view(), name="achievement_validate"),
+    path('achievement/<int:pk>/delete/', views.AchievementDeleteView.as_view(), name="achievement_delete"),
+    path('api/family/', include(('family.api.urls', 'family_api'), namespace='api')),
+]

apps/family/views.py

@@ -0,0 +1,469 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from datetime import date
+
+from django.conf import settings
+from django.shortcuts import redirect
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.core.exceptions import PermissionDenied
+from django.db import transaction
+from django.views.generic import DetailView, UpdateView, ListView
+from django.views.generic.edit import DeleteView, FormMixin
+from django.views.generic.base import TemplateView
+from django.utils.translation import gettext_lazy as _
+from django_tables2 import SingleTableView, MultiTableMixin
+from permission.backends import PermissionBackend
+from permission.views import ProtectQuerysetMixin, ProtectedCreateView
+from django.urls import reverse_lazy
+from member.forms import ImageForm
+import phonenumbers
+
+from .models import Family, Challenge, FamilyMembership, User, Achievement
+from .tables import FamilyTable, ChallengeTable, FamilyMembershipTable, AchievementTable, FamilyAchievementTable
+from .forms import ChallengeForm, FamilyMembershipForm, FamilyForm
+
+
+class FamilyCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    """
+    Create family
+    """
+    model = Family
+    extra_context = {"title": _('Create family')}
+    form_class = FamilyForm
+
+    def get_sample_object(self):
+        return Family(
+            name="",
+            description="Sample family",
+            score=0,
+            rank=0,
+        )
+
+    def get_success_url(self):
+        self.object.refresh_from_db()
+        return reverse_lazy("family:manage")
+
+
+class FamilyListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
+    """
+    List existing Families
+    """
+    model = Family
+    table_class = FamilyTable
+    extra_context = {"title": _('Families list')}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        fake_family = Family(name="", description="")
+        fake_challenge = Challenge(name="", description="", points=0)
+        can_add_family = PermissionBackend.check_perm(self.request, "family.add_family", fake_family)
+        can_add_challenge = PermissionBackend.check_perm(self.request, "family.add_challenge", fake_challenge)
+
+        if Family.objects.exists() and Challenge.objects.exists():
+            fake_achievement = Achievement(family=Family.objects.first(), challenge=Challenge.objects.first(), valid=False)
+            can_add_achievement = PermissionBackend.check_perm(self.request, "family.add_achievement", fake_achievement)
+        else:
+            can_add_achievement = False
+
+        context["can_manage"] = can_add_family or can_add_challenge or can_add_achievement
+
+        return context
+
+
+class FamilyDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    Display details of a family
+    """
+    model = Family
+    context_object_name = "family"
+    extra_context = {"title": _('Family detail')}
+
+    def get_context_data(self, **kwargs):
+        """
+        Add members list
+        """
+        context = super().get_context_data(**kwargs)
+
+        family = self.object
+
+        # member list
+        family_member = FamilyMembership.objects.filter(
+            family=family,
+            year=date.today().year,
+        ).filter(PermissionBackend.filter_queryset(self.request, FamilyMembership, "view"))\
+            .order_by("user__username")
+        family_member = family_member.distinct("user__username")\
+            if settings.DATABASES["default"]["ENGINE"] == 'django.db.backends.postgresql' else family_member
+
+        membership_table = FamilyMembershipTable(data=family_member, prefix="membership-")
+        membership_table.paginate(per_page=5, page=self.request.GET.get('membership-page', 1))
+        context['member_list'] = membership_table
+
+        # Check if the user has the right to create a membership, to display the button.
+        empty_membership = FamilyMembership(
+            family=family,
+            user=User.objects.first(),
+            year=date.today().year,
+        )
+        context["can_add_members"] = PermissionBackend()\
+            .has_perm(self.request.user, "family.add_membership", empty_membership)
+
+        # Défis réalisé par la famille
+        achievements = Achievement.objects.filter(family=family)
+        achievements_table = FamilyAchievementTable(data=achievements, prefix="achievement-")
+        achievements_table.paginate(per_page=5, page=self.request.GET.get('achievement-page', 1))
+        context["achievement_list"] = achievements_table
+
+        return context
+
+
+class FamilyUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    """
+    Update the information of a family.
+    """
+    model = Family
+    context_object_name = "family"
+    form_class = FamilyForm
+    extra_context = {"title": _('Update family')}
+
+    def get_success_url(self):
+        return reverse_lazy('family:family_detail', kwargs={'pk': self.object.pk})
+
+
+class FamilyPictureUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin, DetailView):
+    """
+    Update profile picture of the family
+    """
+    model = Family
+    extra_context = {"title": _("Update family picture")}
+    template_name = 'family/picture_update.html'
+    form_class = ImageForm
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context['form'] = self.form_class(self.request.POST, self.request.FILES)
+        return context
+
+    def get_success_url(self):
+        """Redirect to family page after upload"""
+        return reverse_lazy('family:family_detail', kwargs={'pk': self.object.pk})
+
+    def post(self, request, *args, **kwargs):
+        form = self.get_form()
+        self.object = self.get_object()
+        return self.form_valid(form) if form.is_valid() else self.form_invalid(form)
+
+    @transaction.atomic
+    def form_valid(self, form):
+        """
+        Save the image
+        """
+        image = form.cleaned_data['image']
+
+        if image is None:
+            image = "pic/default.png"
+        else:
+            # Rename as PNG or GIF
+            extension = image.name.split(".")[-1]
+            if extension == "gif":
+                image.name = "{}_pic.gif".format(self.object.pk)
+            else:
+                image.name = "{}_pic.png".format(self.object.pk)
+
+        # Save
+        self.object.display_image = image
+        self.object.save()
+        return super().form_valid(form)
+
+
+class FamilyAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
+    """
+    Add a membership to a family
+    """
+    model = FamilyMembership
+    form_class = FamilyMembershipForm
+    template_name = 'family/add_member.html'
+    extra_context = {"title": _("Add a new member to the family")}
+
+    def get_sample_object(self):
+        if "family_pk" in self.kwargs:
+            family = Family.objects.get(pk=self.kwargs["family_pk"])
+        else:
+            family = FamilyMembership.objects.get(pk=self.kwargs["pk"]).family
+        return FamilyMembership(
+            user=self.request.user,
+            family=family,
+            year=date.today().year,
+        )
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        family = Family.objects.filter(PermissionBackend.filter_queryset(self.request, Family, "view"))\
+            .get(pk=self.kwargs['family_pk'])
+
+        context['family'] = family
+
+        return context
+
+    @transaction.atomic
+    def form_valid(self, form):
+        """
+        Create family membership, check that everythinf is good
+        """
+        family = Family.objects.filter(PermissionBackend.filter_queryset(self.request, Family, "view")) \
+            .get(pk=self.kwargs["family_pk"])
+
+        form.instance.family = family
+
+        return super().form_valid(form)
+
+    def get_success_url(self):
+        return reverse_lazy('family:family_detail', kwargs={'pk': self.object.family.id})
+
+
+class ChallengeCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    """
+    Create challenge
+    """
+    model = Challenge
+    extra_context = {"title": _('Create challenge')}
+    form_class = ChallengeForm
+
+    def get_sample_object(self):
+        return Challenge(
+            name="",
+            description="Sample challenge",
+            points=0,
+        )
+
+    def get_success_url(self):
+        return reverse_lazy('family:manage')
+
+
+class ChallengeListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
+    """
+    List all challenges
+    """
+    model = Challenge
+    table_class = ChallengeTable
+    extra_context = {"title": _('Challenges list')}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        fake_family = Family(name="", description="")
+        fake_challenge = Challenge(name="", description="", points=0)
+        can_add_family = PermissionBackend.check_perm(self.request, "family.add_family", fake_family)
+        can_add_challenge = PermissionBackend.check_perm(self.request, "family.add_challenge", fake_challenge)
+
+        if Family.objects.exists() and Challenge.objects.exists():
+            fake_achievement = Achievement(family=Family.objects.first(), challenge=Challenge.objects.first(), valid=False)
+            can_add_achievement = PermissionBackend.check_perm(self.request, "family.add_achievement", fake_achievement)
+        else:
+            can_add_achievement = False
+
+        context["can_manage"] = can_add_family or can_add_challenge or can_add_achievement
+
+        return context
+
+
+class ChallengeDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    Display details of a challenge
+    """
+    model = Challenge
+    context_object_name = "challenge"
+    extra_context = {"title": _('Details of:')}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        fields = ["name", "description", "points",]
+
+        fields = dict([(field, getattr(self.object, field)) for field in fields])
+
+        context["fields"] = [(
+            Challenge._meta.get_field(field).verbose_name.capitalize(),
+            value) for field, value in fields.items()]
+        context["obtained"] = self.object.obtained
+        context["update"] = PermissionBackend.check_perm(self.request, "family.change_challenge")
+
+        return context
+
+
+class ChallengeUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    """
+    Update the information of a challenge
+    """
+    model = Challenge
+    context_object_name = "challenge"
+    extra_context = {"title": _('Update challenge')}
+    form_class = ChallengeForm
+
+    def get_success_url(self, **kwargs):
+        self.object.refresh_from_db()
+        return reverse_lazy('family:challenge_detail', kwargs={'pk': self.object.pk})
+
+
+class FamilyManageView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
+    """
+    Manage families and challenges
+    """
+    model = Achievement
+    template_name = 'family/manage.html'
+    table_class = AchievementTable
+    extra_context = {'title': _('Manage families and challenges')}
+
+    def dispatch(self, request, *args, **kwargs):
+        # Check that the user is authenticated
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        perm = PermissionBackend.has_model_perm(self.request, Achievement(), "add")
+        perm = perm or PermissionBackend.has_model_perm(self.request, Challenge(), "add")
+        perm = perm or PermissionBackend.has_model_perm(self.request, Family(), "add")
+        if not perm:
+            raise PermissionDenied(_("You are not able to manage families and challenges."))
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_queryset(self, **kwargs):
+        # retrieves only Transaction that user has the right to see.
+        return Achievement.objects.filter(
+            PermissionBackend.filter_queryset(self.request, Achievement, "view")
+        ).order_by("-obtained_at").all()
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        context['all_challenges'] = Challenge.objects.filter(
+            PermissionBackend.filter_queryset(self.request, Challenge, "view")
+        ).order_by('name')
+
+        context["can_add_family"] = PermissionBackend.has_model_perm(self.request, Family(), "add")
+        context["can_add_challenge"] = PermissionBackend.has_model_perm(self.request, Challenge(), "add")
+        context["can_add_achievement"] = PermissionBackend.has_model_perm(self.request, Achievement(), "add")
+
+        # Get the user's family if they have one
+        try:
+            user_family_membership = FamilyMembership.objects.get(user=self.request.user)
+            context["user_family"] = user_family_membership.family
+        except FamilyMembership.DoesNotExist:
+            context["user_family"] = None
+
+        phone_numbers = [
+            u.profile.phone_number for u in User.objects.filter(
+                memberships__roles__id=35,
+                memberships__date_end__gte=date.today(),
+                profile__phone_number__isnull=False
+            ).distinct()
+        ]
+        formatted_phone_numbers = [phonenumbers.format_number(num, phonenumbers.PhoneNumberFormat.INTERNATIONAL) for num in phone_numbers if num]
+        context["phone_numbers"] = formatted_phone_numbers
+
+        return context
+
+    def get_table(self, **kwargs):
+        table = super().get_table(**kwargs)
+        table.exclude = ('delete', 'validate',)
+        table.orderable = False
+        return table
+
+    def get_table_data(self, **kwargs):
+        qs = super().get_queryset(**kwargs)
+
+        qs = qs.filter(PermissionBackend.filter_queryset(self.request, Achievement, "view"))
+
+        return qs
+
+
+class AchievementListView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMixin, ListView):
+    """
+    List all achievements
+    """
+    model = Achievement
+    tables = [AchievementTable, AchievementTable, ]
+    extra_context = {'title': _('Achievement list')}
+
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        if not PermissionBackend.has_model_perm(self.request, Achievement(), "change"):
+            raise PermissionDenied(_("You are not able to see the achievement validation interface."))
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_tables(self, **kwargs):
+        tables = super().get_tables(**kwargs)
+
+        tables[0].prefix = 'invalid-'
+        tables[1].prefix = 'valid-'
+        tables[1].exclude = ('validate', 'delete',)
+
+        return tables
+
+    def get_tables_data(self):
+        table_valid = self.get_queryset().filter(valid=True)
+        table_invalid = self.get_queryset().filter(valid=False)
+        return [table_invalid, table_valid, ]
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        tables = context['tables']
+
+        context['invalid'] = tables[0]
+        context['valid'] = tables[1]
+        return context
+
+
+class AchievementValidateView(ProtectQuerysetMixin, LoginRequiredMixin, TemplateView):
+    """
+    Validate an achievement obtained by a family
+    """
+    template_name = 'family/achievement_confirm_validate.html'
+
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        fake_achievement = Achievement(
+            family=Family.objects.first(),
+            challenge=Challenge.objects.first(),
+            valid=False,
+        )
+        if not PermissionBackend.check_perm(self.request, "family.change_achievement_valid", fake_achievement):
+            raise PermissionDenied()
+        return super().dispatch(request, *args, **kwargs)
+
+    def post(self, request, pk):
+        achievement = Achievement.objects.get(pk=pk)
+
+        achievement.valid = True
+        achievement.save()
+
+        return redirect(reverse_lazy('family:achievement_list'))
+
+
+class AchievementDeleteView(ProtectQuerysetMixin, LoginRequiredMixin, DeleteView):
+    """
+    Delete an Achievement
+    """
+    model = Achievement
+
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        fake_achievement = Achievement(
+            family=Family.objects.first(),
+            challenge=Challenge.objects.first(),
+            valid=False,
+        )
+        if not PermissionBackend.check_perm(self.request, "family.change_achievement_valid", fake_achievement):
+            raise PermissionDenied()
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_success_url(self):
+        return reverse_lazy('family:achievement_list')

apps/food/admin.py

@@ -0,0 +1,59 @@
+# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.contrib import admin
+from polymorphic.admin import PolymorphicChildModelAdmin, PolymorphicParentModelAdmin
+from note_kfet.admin import admin_site
+
+from .models import Allergen, Food, BasicFood, TransformedFood, QRCode
+
+
+@admin.register(Allergen, site=admin_site)
+class AllergenAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for Allergen
+    """
+    ordering = ['name']
+
+
+@admin.register(Food, site=admin_site)
+class FoodAdmin(PolymorphicParentModelAdmin):
+    """
+    Admin customisation for Food
+    """
+    child_models = (Food, BasicFood, TransformedFood)
+    list_display = ('name', 'expiry_date', 'owner', 'is_ready')
+    list_filter = ('is_ready', 'end_of_life')
+    search_fields = ['name']
+    ordering = ['expiry_date', 'name']
+
+
+@admin.register(BasicFood, site=admin_site)
+class BasicFood(PolymorphicChildModelAdmin):
+    """
+    Admin customisation for BasicFood
+    """
+    list_display = ('name', 'expiry_date', 'date_type', 'owner', 'is_ready')
+    list_filter = ('is_ready', 'date_type', 'end_of_life')
+    search_fields = ['name']
+    ordering = ['expiry_date', 'name']
+
+
+@admin.register(TransformedFood, site=admin_site)
+class TransformedFood(PolymorphicChildModelAdmin):
+    """
+    Admin customisation for TransformedFood
+    """
+    list_display = ('name', 'expiry_date', 'shelf_life', 'owner', 'is_ready')
+    list_filter = ('is_ready', 'end_of_life', 'shelf_life')
+    search_fields = ['name']
+    ordering = ['expiry_date', 'name']
+
+
+@admin.register(QRCode, site=admin_site)
+class QRCodeAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for QRCode
+    """
+    list_diplay = ('qr_code_number', 'food_container')
+    search_fields = ['food_container__name']