change -50€ to -20€ and doc

link SogeCredit to WEI by creation date instead of civil year

See merge request bde/nk20!206

README.md

@@ -1,8 +1,8 @@
 # NoteKfet 2020
 
 [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.txt)
-[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/master/pipeline.svg)](https://gitlab.crans.org/bde/nk20/commits/master)
-[![coverage report](https://gitlab.crans.org/bde/nk20/badges/master/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/master)
+[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/main/pipeline.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
+[![coverage report](https://gitlab.crans.org/bde/nk20/badges/main/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
 
 ## Table des matières
 

ansible/base.yml

@@ -7,7 +7,7 @@
       prompt: "Password of the database (leave it blank to skip database init)"
       private: yes
   vars:
-    mirror: mirror.crans.org
+    mirror: eclats.crans.org
   roles:
     - 1-apt-basic
     - 2-nk20

ansible/host_vars/bde-note.adh.crans.org.yml

@@ -1,7 +1,7 @@
 ---
 note:
   server_name: note.crans.org
-  git_branch: master
+  git_branch: main
   serve_static: true
   cron_enabled: true
   email: notekfet2020@lists.crans.org

ansible/roles/1-apt-basic/tasks/main.yml

@@ -1,14 +1,15 @@
 ---
-- name: Add buster-backports to apt sources
+- name: Add buster-backports to apt sources if needed
   apt_repository:
     repo: deb http://{{ mirror }}/debian buster-backports main
     state: present
-  when: ansible_facts['distribution'] == "Debian"
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version | int == 10
 
 - name: Install note_kfet APT dependencies
   apt:
     update_cache: true
-    default_release: "{{ 'buster-backports' if ansible_facts['distribution'] == 'Debian' }}"
     install_recommends: false
     name:
       # Common tools

apps/activity/fixtures/initial.json

@@ -6,7 +6,7 @@
             "name": "Pot",
             "manage_entries": true,
             "can_invite": true,
-            "guest_entry_fee": 500
+            "guest_entry_fee": 1000
         }
     },
     {
@@ -28,5 +28,25 @@
             "can_invite": false,
             "guest_entry_fee": 0
         }
+    },
+    {
+        "model": "activity.activitytype",
+        "pk": 5,
+        "fields": {
+            "name": "Soir\u00e9e avec entrées",
+            "manage_entries": true,
+            "can_invite": false,
+            "guest_entry_fee": 0
+        }
+    },
+    {
+        "model": "activity.activitytype",
+        "pk": 7,
+        "fields": {
+            "name": "Soir\u00e9e avec invitations",
+            "manage_entries": true,
+            "can_invite": true,
+            "guest_entry_fee": 0
+        }
     }
 ]

apps/api/pagination.py

@@ -0,0 +1,5 @@
+from rest_framework.pagination import PageNumberPagination
+
+class CustomPagination(PageNumberPagination):
+    page_size_query_param = 'page_size'
+

apps/api/serializers.py

@@ -7,8 +7,11 @@ from django.contrib.auth.models import User
 from django.utils import timezone
 from rest_framework import serializers
 from member.api.serializers import ProfileSerializer, MembershipSerializer
+from member.models import Membership
 from note.api.serializers import NoteSerializer
 from note.models import Alias
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
 
 
 class UserSerializer(serializers.ModelSerializer):
@@ -45,18 +48,30 @@ class OAuthSerializer(serializers.ModelSerializer):
     """
     normalized_name = serializers.SerializerMethodField()
 
-    profile = ProfileSerializer()
+    profile = serializers.SerializerMethodField()
 
-    note = NoteSerializer()
+    note = serializers.SerializerMethodField()
 
     memberships = serializers.SerializerMethodField()
 
     def get_normalized_name(self, obj):
         return Alias.normalize(obj.username)
 
+    def get_profile(self, obj):
+        # Display the profile of the user only if we have rights to see it.
+        return ProfileSerializer().to_representation(obj.profile) \
+            if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None
+
+    def get_note(self, obj):
+        # Display the note of the user only if we have rights to see it.
+        return NoteSerializer().to_representation(obj.note) \
+            if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None
+
     def get_memberships(self, obj):
+        # Display only memberships that we are allowed to see.
         return serializers.ListSerializer(child=MembershipSerializer()).to_representation(
-            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now()))
+            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now())
+                           .filter(PermissionBackend.filter_queryset(get_current_request(), Membership, 'view')))
 
     class Meta:
         model = User

apps/member/models.py

@@ -258,16 +258,18 @@ class Club(models.Model):
         This function is called each time the club detail view is displayed.
         Update the year of the membership dates.
         """
-        if not self.membership_start:
+        if not self.membership_start or not self.membership_end:
             return
 
         today = datetime.date.today()
 
         if (today - self.membership_start).days >= 365:
-            self.membership_start = datetime.date(self.membership_start.year + 1,
-                                                  self.membership_start.month, self.membership_start.day)
-            self.membership_end = datetime.date(self.membership_end.year + 1,
-                                                self.membership_end.month, self.membership_end.day)
+            if self.membership_start:
+                self.membership_start = datetime.date(self.membership_start.year + 1,
+                                                      self.membership_start.month, self.membership_start.day)
+            if self.membership_end:
+                self.membership_end = datetime.date(self.membership_end.year + 1,
+                                                    self.membership_end.month, self.membership_end.day)
             self._force_save = True
             self.save(force_update=True)
 

apps/member/static/member/js/trust.js

@@ -0,0 +1,53 @@
+/**
+ * On form submit, create a new friendship
+ */
+function create_trust (e) {
+  // Do not submit HTML form
+  e.preventDefault()
+
+  // Get data and send to API
+  const formData = new FormData(e.target)
+  $.getJSON('/api/note/alias/'+formData.get('trusted') + '/',
+    function (trusted_alias) {
+      if ((trusted_alias.note == formData.get('trusting')))
+      {
+         addMsg(gettext("You can't add yourself as a friend"), "danger")
+         return
+      }
+      $.post('/api/note/trust/', {
+        csrfmiddlewaretoken: formData.get('csrfmiddlewaretoken'),
+        trusting: formData.get('trusting'),
+        trusted: trusted_alias.note
+      }).done(function () {
+        // Reload table
+        $('#trust_table').load(location.pathname + ' #trust_table')
+        addMsg(gettext('Friendship successfully added'), 'success')
+      }).fail(function (xhr, _textStatus, _error) {
+        errMsg(xhr.responseJSON)
+      })
+    }).fail(function (xhr, _textStatus, _error) {
+        errMsg(xhr.responseJSON)
+    })
+}
+
+/**
+ * On click of "delete", delete the alias
+ * @param button_id:Integer Alias id to remove
+ */
+function delete_button (button_id) {
+  $.ajax({
+    url: '/api/note/trust/' + button_id + '/',
+    method: 'DELETE',
+    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
+  }).done(function () {
+    addMsg(gettext('Friendship successfully deleted'), 'success')
+    $('#trust_table').load(location.pathname + ' #trust_table')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+$(document).ready(function () {
+  // Attach event
+  document.getElementById('form_trust').addEventListener('submit', create_trust)
+})

apps/member/tables.py

@@ -120,7 +120,7 @@ class MembershipTable(tables.Table):
                     club=record.club,
                     user=record.user,
                     date_start__gte=record.club.membership_start,
-                    date_end__lte=record.club.membership_end,
+                    date_end__lte=record.club.membership_end or date(9999, 12, 31),
             ).exists():  # If the renew is not yet performed
                 empty_membership = Membership(
                     club=record.club,

apps/member/templates/member/includes/profile_info.html

@@ -25,6 +25,14 @@
         </a>
     </dd>
 
+    <dt class="col-xl-6">{% trans 'friendships'|capfirst %}</dt>
+    <dd class="col-xl-6">
+        <a class="badge badge-secondary" href="{% url 'member:user_trust' user_object.pk %}">
+            <i class="fa fa-edit"></i>
+            {% trans 'Manage friendships' %} ({{ user_object.note.trusting.all|length }})
+        </a>
+    </dd>
+
     {% if "member.view_profile"|has_perm:user_object.profile %}
         <dt class="col-xl-6">{% trans 'section'|capfirst %}</dt>
         <dd class="col-xl-6">{{ user_object.profile.section }}</dd>

apps/member/templates/member/profile_trust.html

@@ -0,0 +1,41 @@
+{% extends "member/base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load static django_tables2 i18n %}
+
+{% block profile_content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {% trans "Note friendships" %}
+    </h3>
+    <div class="card-body">
+        {% if can_create %}
+            <form class="input-group" method="POST" id="form_trust">
+                {% csrf_token %}
+                <input type="hidden" name="trusting" value="{{ object.note.pk }}">
+                {%include "autocomplete_model.html" %}
+                <div class="input-group-append">
+                    <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
+                </div>
+            </form>
+        {% endif %}
+    </div>
+    {% render_table trusting %}
+</div>
+
+<div class="alert alert-warning card">
+    {% blocktrans trimmed %}
+        Adding someone as a friend enables them to initiate transactions coming
+        from your account (while keeping your balance positive). This is
+        designed to simplify using note kfet transfers to transfer money between
+        users. The intent is that one person can make all transfers for a group of
+        friends without needing additional rights among them.
+    {% endblocktrans %}
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script src="{% static "member/js/trust.js" %}"></script>
+<script src="{% static "js/autocomplete_model.js" %}"></script>
+{% endblock%}

apps/member/urls.py

@@ -23,5 +23,6 @@ urlpatterns = [
     path('user/<int:pk>/update/', views.UserUpdateView.as_view(), name="user_update_profile"),
     path('user/<int:pk>/update_pic/', views.ProfilePictureUpdateView.as_view(), name="user_update_pic"),
     path('user/<int:pk>/aliases/', views.ProfileAliasView.as_view(), name="user_alias"),
+    path('user/<int:pk>/trust', views.ProfileTrustView.as_view(), name="user_trust"),
     path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
 ]

apps/member/views.py

@@ -8,6 +8,7 @@ from django.contrib.auth import logout
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.contrib.auth.views import LoginView
+from django.contrib.contenttypes.models import ContentType
 from django.db import transaction
 from django.db.models import Q, F
 from django.shortcuts import redirect
@@ -18,9 +19,9 @@ from django.views.generic import DetailView, UpdateView, TemplateView
 from django.views.generic.edit import FormMixin
 from django_tables2.views import SingleTableView
 from rest_framework.authtoken.models import Token
-from note.models import Alias, NoteUser
+from note.models import Alias, NoteClub, NoteUser, Trust
 from note.models.transactions import Transaction, SpecialTransaction
-from note.tables import HistoryTable, AliasTable
+from note.tables import HistoryTable, AliasTable, TrustTable
 from note_kfet.middlewares import _set_current_request
 from permission.backends import PermissionBackend
 from permission.models import Role
@@ -174,7 +175,7 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
             modified_note = NoteUser.objects.get(pk=user.note.pk)
             # Don't log these tests
             modified_note._no_signal = True
-            modified_note.is_active = True
+            modified_note.is_active = False
             modified_note.inactivity_reason = 'manual'
             context["can_lock_note"] = user.note.is_active and PermissionBackend\
                                            .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
@@ -183,14 +184,14 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
             modified_note._force_save = True
             modified_note.save()
             context["can_force_lock"] = user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
             old_note._force_save = True
             old_note._no_signal = True
             old_note.save()
             modified_note.refresh_from_db()
             modified_note.is_active = True
             context["can_unlock_note"] = not user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
 
         return context
 
@@ -243,6 +244,39 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
         return context
 
 
+class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    View and manage user trust relationships
+    """
+    model = User
+    template_name = 'member/profile_trust.html'
+    context_object_name = 'user_object'
+    extra_context = {"title": _("Note friendships")}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        note = context['object'].note
+        context["trusting"] = TrustTable(
+            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_trust", Trust(
+            trusting=context["object"].note,
+            trusted=context["object"].note
+        ))
+        context["widget"] = {
+            "name": "trusted",
+            "attrs": {
+                "model_pk": ContentType.objects.get_for_model(Alias).pk,
+                "class": "autocomplete form-control",
+                "id": "trusted",
+                "resetable": True,
+                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
+                "name_field": "name",
+                "placeholder": ""
+            }
+        }
+        return context
+
+
 class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     """
     View and manage user aliases.
@@ -256,7 +290,8 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         context = super().get_context_data(**kwargs)
         note = context['object'].note
         context["aliases"] = AliasTable(
-            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
+            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
+            .order_by('normalized_name').all())
         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
             note=context["object"].note,
             name="",
@@ -403,9 +438,12 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         """
         context = super().get_context_data(**kwargs)
 
-        club = context["club"]
+        club = self.object
+        context["note"] = club.note
+
         if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club):
             club.update_membership_dates()
+
         # managers list
         managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club",
                                              date_start__lte=date.today(), date_end__gte=date.today())\
@@ -443,6 +481,29 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         context["can_add_members"] = PermissionBackend()\
             .has_perm(self.request.user, "member.add_membership", empty_membership)
 
+        # Check permissions to see if the authenticated user can lock/unlock the note
+        with transaction.atomic():
+            modified_note = NoteClub.objects.get(pk=club.note.pk)
+            # Don't log these tests
+            modified_note._no_signal = True
+            modified_note.is_active = False
+            modified_note.inactivity_reason = 'manual'
+            context["can_lock_note"] = club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+            old_note = NoteClub.objects.select_for_update().get(pk=club.note.pk)
+            modified_note.inactivity_reason = 'forced'
+            modified_note._force_save = True
+            modified_note.save()
+            context["can_force_lock"] = club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+            old_note._force_save = True
+            old_note._no_signal = True
+            old_note.save()
+            modified_note.refresh_from_db()
+            modified_note.is_active = True
+            context["can_unlock_note"] = not club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+
         return context
 
 

apps/note/api/serializers.py

@@ -12,7 +12,7 @@ from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 from rest_framework.utils import model_meta
 
-from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias
+from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias, Trust
 from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \
     RecurrentTransaction, SpecialTransaction
 
@@ -77,6 +77,22 @@ class NoteUserSerializer(serializers.ModelSerializer):
         return str(obj)
 
 
+class TrustSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Trusts.
+    The djangorestframework plugin will analyse the model `Trust` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = Trust
+        fields = '__all__'
+
+    def validate(self, attrs):
+        instance = Trust(**attrs)
+        instance.clean()
+        return attrs
+
+
 class AliasSerializer(serializers.ModelSerializer):
     """
     REST API Serializer for Aliases.

apps/note/api/urls.py

@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \
-    TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet
+    TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet, \
+    TrustViewSet
 
 
 def register_note_urls(router, path):
@@ -11,6 +12,7 @@ def register_note_urls(router, path):
     """
     router.register(path + '/note', NotePolymorphicViewSet)
     router.register(path + '/alias', AliasViewSet)
+    router.register(path + '/trust', TrustViewSet)
     router.register(path + '/consumer', ConsumerViewSet)
 
     router.register(path + '/transaction/category', TemplateCategoryViewSet)

apps/note/api/views.py

@@ -14,8 +14,9 @@ from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSe
 from permission.backends import PermissionBackend
 
 from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
-    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer
-from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial
+    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer, \
+    TrustSerializer
+from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial, Trust
 from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory
 
 
@@ -56,11 +57,41 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
         return queryset.order_by("id")
 
 
+class TrustViewSet(ReadProtectedModelViewSet):
+    """
+    REST Trust View set.
+    The djangorestframework plugin will get all `Trust` objects, serialize it to JSON with the given serializer,
+    then render it on /api/note/trust/
+    """
+    queryset = Trust.objects
+    serializer_class = TrustSerializer
+    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name',
+                     '$trusted__alias__name', '$trusted__alias__normalized_name']
+    filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user']
+    ordering_fields = ['trusting', 'trusted', ]
+
+    def get_serializer_class(self):
+        serializer_class = self.serializer_class
+        if self.request.method in ['PUT', 'PATCH']:
+            # trust relationship can't change people involved
+            serializer_class.Meta.read_only_fields = ('trusting', 'trusting',)
+        return serializer_class
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        try:
+            self.perform_destroy(instance)
+        except ValidationError as e:
+            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+
 class AliasViewSet(ReadProtectedModelViewSet):
     """
     REST API View set.
     The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer,
-    then render it on /api/aliases/
+    then render it on /api/note/aliases/
     """
     queryset = Alias.objects
     serializer_class = AliasSerializer

apps/note/migrations/0006_trust.py

@@ -0,0 +1,27 @@
+# Generated by Django 2.2.24 on 2021-09-05 19:16
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('note', '0005_auto_20210313_1235'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Trust',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('trusted', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusted', to='note.Note', verbose_name='trusted')),
+                ('trusting', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusting', to='note.Note', verbose_name='trusting')),
+            ],
+            options={
+                'verbose_name': 'frienship',
+                'verbose_name_plural': 'friendships',
+                'unique_together': {('trusting', 'trusted')},
+            },
+        ),
+    ]

apps/note/models/__init__.py

@@ -1,13 +1,13 @@
 # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
+from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust
 from .transactions import MembershipTransaction, Transaction, \
     TemplateCategory, TransactionTemplate, RecurrentTransaction, SpecialTransaction
 
 __all__ = [
     # Notes
-    'Alias', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser',
+    'Alias', 'Trust', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser',
     # Transactions
     'MembershipTransaction', 'Transaction', 'TemplateCategory', 'TransactionTemplate',
     'RecurrentTransaction', 'SpecialTransaction',

apps/note/models/notes.py

@@ -217,6 +217,38 @@ class NoteSpecial(Note):
         return self.special_type
 
 
+class Trust(models.Model):
+    """
+    A one-sided trust relationship bertween two users
+
+    If another user considers you as your friend, you can transfer money from
+    them
+    """
+
+    trusting = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='trusting',
+        verbose_name=_('trusting')
+    )
+
+    trusted = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='trusted',
+        verbose_name=_('trusted')
+    )
+
+    class Meta:
+        verbose_name = _("frienship")
+        verbose_name_plural = _("friendships")
+        unique_together = ("trusting", "trusted")
+
+    def __str__(self):
+        return _("Friendship between {trusting} and {trusted}").format(
+            trusting=str(self.trusting), trusted=str(self.trusted))
+
+
 class Alias(models.Model):
     """
     points toward  a :model:`note.NoteUser` or :model;`note.NoteClub` instance.

apps/note/static/note/js/consos.js

@@ -221,7 +221,7 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
     .done(function () {
       if (!isNaN(source.balance)) {
         const newBalance = source.balance - quantity * amount
-        if (newBalance <= -5000) {
+        if (newBalance <= -2000) {
           addMsg(interpolate(gettext('Warning, the transaction from the note %s succeed, ' +
               'but the emitter note %s is very negative.'), [source_alias, source_alias]), 'danger', 30000)
         } else if (newBalance < 0) {

apps/note/static/note/js/transfer.js

@@ -314,7 +314,7 @@ $('#btn_transfer').click(function () {
 
           if (!isNaN(source.note.balance)) {
             const newBalance = source.note.balance - source.quantity * dest.quantity * amount
-            if (newBalance <= -5000) {
+            if (newBalance <= -2000) {
               addMsg(interpolate(gettext('Warning, the transaction of %s from the note %s to the note %s succeed, but the emitter note %s is very negative.'),
                   [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, source.name]), 'danger', 10000)
               reset()

apps/note/tables.py

@@ -10,7 +10,7 @@ from django.utils.translation import gettext_lazy as _
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 
-from .models.notes import Alias
+from .models.notes import Alias, Trust
 from .models.transactions import Transaction, TransactionTemplate
 from .templatetags.pretty_money import pretty_money
 
@@ -148,6 +148,31 @@ DELETE_TEMPLATE = """
 """
 
 
+class TrustTable(tables.Table):
+    class Meta:
+        attrs = {
+            'class': 'table table condensed table-striped',
+            'id': "trust_table"
+        }
+        model = Trust
+        fields = ("trusted",)
+        template_name = 'django_tables2/bootstrap4.html'
+
+    show_header = False
+    trusted = tables.Column(attrs={'td': {'class': 'text_center'}})
+
+    delete_col = tables.TemplateColumn(
+        template_code=DELETE_TEMPLATE,
+        extra_context={"delete_trans": _('delete')},
+        attrs={
+            'td': {
+                'class': lambda record: 'col-sm-1'
+                + (' d-none' if not PermissionBackend.check_perm(
+                    get_current_request(), "note.delete_trust", record)
+                   else '')}},
+        verbose_name=_("Delete"),)
+
+
 class AliasTable(tables.Table):
     class Meta:
         attrs = {
@@ -198,14 +223,15 @@ class ButtonTable(tables.Table):
     )
 
     hideshow = tables.Column(
-            verbose_name= _("Hide/Show"),
-            accessor="pk",
-            attrs= {
-                'td': {
-                    'class': 'col-sm-1',
-                    'id': lambda record: "hideshow_" + str(record.pk),
-                    }
-                })
+        verbose_name=_("Hide/Show"),
+        accessor="pk",
+        attrs={
+            'td': {
+                'class': 'col-sm-1',
+                'id': lambda record: "hideshow_" + str(record.pk),
+            }
+        },
+    )
 
     delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
                                        extra_context={"delete_trans": _('delete')},
@@ -215,6 +241,9 @@ class ButtonTable(tables.Table):
     def render_amount(self, value):
         return pretty_money(value)
 
+    def order_category(self, queryset, is_descending):
+        return queryset.order_by(f"{'-' if is_descending else ''}category__name"), True
+
     def render_hideshow(self, record):
         val = '<button id="'
         val += str(record.pk)

apps/note/views.py

@@ -90,9 +90,9 @@ class TransactionTemplateListView(ProtectQuerysetMixin, LoginRequiredMixin, Sing
         if "search" in self.request.GET:
             pattern = self.request.GET["search"]
             qs = qs.filter(
-                Q(name__iregex="^" + pattern)
-                | Q(destination__club__name__iregex="^" + pattern)
-                | Q(category__name__iregex="^" + pattern)
+                Q(name__iregex=pattern)
+                | Q(destination__club__name__iregex=pattern)
+                | Q(category__name__iregex=pattern)
                 | Q(description__iregex=pattern)
             )
 

apps/permission/migrations/0002_club_not_required.py

@@ -0,0 +1,19 @@
+# Generated by Django 2.2.28 on 2023-07-24 10:15
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('permission', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='role',
+            name='for_club',
+            field=models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.PROTECT, to='member.Club', verbose_name='for club'),
+        ),
+    ]

apps/permission/models.py

@@ -339,6 +339,7 @@ class Role(models.Model):
         "member.Club",
         verbose_name=_("for club"),
         on_delete=models.PROTECT,
+        blank=True,
         null=True,
         default=None,
     )

apps/permission/scopes.py

@@ -1,6 +1,6 @@
 # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-
+from oauth2_provider.oauth2_validators import OAuth2Validator
 from oauth2_provider.scopes import BaseScopes
 from member.models import Club
 from note_kfet.middlewares import get_current_request
@@ -32,3 +32,26 @@ class PermissionScopes(BaseScopes):
             return []
         return [f"{p.id}_{p.membership.club.id}"
                 for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
+
+
+class PermissionOAuth2Validator(OAuth2Validator):
+    def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
+        """
+        User can request as many scope as he wants, including invalid scopes,
+        but it will have only the permissions he has.
+
+        This allows clients to request more permission to get finally a
+        subset of permissions.
+        """
+
+        valid_scopes = set()
+
+        for t in Permission.PERMISSION_TYPES:
+            for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0]):
+                scope = f"{p.id}_{p.membership.club.id}"
+                if scope in scopes:
+                    valid_scopes.add(scope)
+
+        request.scopes = valid_scopes
+
+        return valid_scopes

apps/permission/templates/permission/scopes.html

@@ -11,25 +11,25 @@
             <div class="accordion" id="accordionApps">
                 {% for app, app_scopes in scopes.items %}
                     <div class="card">
-                        <div class="card-header" id="app-{{ app.name.lower }}-title">
+                        <div class="card-header" id="app-{{ app.name|slugify }}-title">
                             <a class="text-decoration-none collapsed" href="#" data-toggle="collapse"
-                               data-target="#app-{{ app.name.lower }}" aria-expanded="false"
-                               aria-controls="app-{{ app.name.lower }}">
+                               data-target="#app-{{ app.name|slugify }}" aria-expanded="false"
+                               aria-controls="app-{{ app.name|slugify }}">
                                 {{ app.name }}
                             </a>
                         </div>
-                        <div class="collapse" id="app-{{ app.name.lower }}" aria-labelledby="app-{{ app.name.lower }}" data-target="#accordionApps">
+                        <div class="collapse" id="app-{{ app.name|slugify }}" aria-labelledby="app-{{ app.name|slugify }}" data-target="#accordionApps">
                             <div class="card-body">
                                 {% for scope_id, scope_desc in app_scopes.items %}
                                     <div class="form-group">
-                                        <label class="form-check-label" for="scope-{{ app.name.lower }}-{{ scope_id }}">
-                                            <input type="checkbox" id="scope-{{ app.name.lower }}-{{ scope_id }}"
-                                                   name="scope-{{ app.name.lower }}" class="checkboxinput form-check-input" value="{{ scope_id }}">
+                                        <label class="form-check-label" for="scope-{{ app.name|slugify }}-{{ scope_id }}">
+                                            <input type="checkbox" id="scope-{{ app.name|slugify }}-{{ scope_id }}"
+                                                   name="scope-{{ app.name|slugify }}" class="checkboxinput form-check-input" value="{{ scope_id }}">
                                             {{ scope_desc }}
                                         </label>
                                     </div>
                                 {% endfor %}
-                                <p id="url-{{ app.name.lower }}">
+                                <p id="url-{{ app.name|slugify }}">
                                     <a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code" target="_blank">
                                         {{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code
                                     </a>
@@ -51,11 +51,10 @@
 {% block extrajavascript %}
     <script>
         {% for app in scopes.keys %}
-            let elements = document.getElementsByName("scope-{{ app.name.lower }}");
-            for (let element of elements) {
+            for (let element of document.getElementsByName("scope-{{ app.name|slugify }}")) {
                 element.onchange = function (event) {
                     let scope = ""
-                    for (let element of elements) {
+                    for (let element of document.getElementsByName("scope-{{ app.name|slugify }}")) {
                         if (element.checked) {
                             scope += element.value + " "
                         }
@@ -63,7 +62,7 @@
 
                     scope = scope.substr(0, scope.length - 1)
 
-                    document.getElementById("url-{{ app.name.lower }}").innerHTML = 'Scopes : ' + scope
+                    document.getElementById("url-{{ app.name|slugify }}").innerHTML = 'Scopes : ' + scope
                         + '<br><a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='+ scope.replaceAll(' ', '%20')
                         + '" target="_blank">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='
                         + scope.replaceAll(' ', '%20') + '</a>'

apps/treasury/models.py

@@ -310,8 +310,8 @@ class SogeCredit(models.Model):
         amount = sum(transaction.total for transaction in self.transactions.all())
         if 'wei' in settings.INSTALLED_APPS:
             from wei.models import WEIMembership
-            if not WEIMembership.objects.filter(club__weiclub__year=datetime.date.today().year, user=self.user)\
-                    .exists():
+            if not WEIMembership.objects\
+                    .filter(club__weiclub__year=self.credit_transaction.created_at.year, user=self.user).exists():
                 # 80 € for people that don't go to WEI
                 amount += 8000
         return amount
@@ -329,17 +329,18 @@ class SogeCredit(models.Model):
         bde_qs = Membership.objects.filter(user=self.user, club=bde, date_start__gte=bde.membership_start)
         kfet_qs = Membership.objects.filter(user=self.user, club=kfet, date_start__gte=kfet.membership_start)
 
-        if bde_qs.exists():
-            m = bde_qs.get()
-            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
-                if m.transaction not in self.transactions.all():
-                    self.transactions.add(m.transaction)
-
-        if kfet_qs.exists():
-            m = kfet_qs.get()
-            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
-                if m.transaction not in self.transactions.all():
-                    self.transactions.add(m.transaction)
+## Soge do not pay BDE and kfet memberships this year (2022-2023)
+#        if bde_qs.exists():
+#            m = bde_qs.get()
+#            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
+#                if m.transaction not in self.transactions.all():
+#                    self.transactions.add(m.transaction)
+#
+#        if kfet_qs.exists():
+#            m = kfet_qs.get()
+#            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
+#                if m.transaction not in self.transactions.all():
+#                    self.transactions.add(m.transaction)
 
         if 'wei' in settings.INSTALLED_APPS:
             from wei.models import WEIClub

apps/treasury/views.py

@@ -108,7 +108,7 @@ class InvoiceListView(LoginRequiredMixin, SingleTableView):
             name="",
             address="",
         )
-        if not PermissionBackend.check_perm(self.request, "treasury.add_invoice", sample_invoice):
+        if not PermissionBackend.check_perm(self.request, "treasury.view_invoice", sample_invoice):
             raise PermissionDenied(_("You are not able to see the treasury interface."))
         return super().dispatch(request, *args, **kwargs)
 

apps/wei/forms/surveys/__init__.py

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm
-from .wei2021 import WEISurvey2021
+from .wei2022 import WEISurvey2022
 
 
 __all__ = [
     'WEISurvey', 'WEISurveyInformation', 'WEISurveyAlgorithm', 'CurrentSurvey',
 ]
 
-CurrentSurvey = WEISurvey2021
+CurrentSurvey = WEISurvey2022

apps/wei/forms/surveys/wei2022.py

@@ -0,0 +1,296 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import time
+from functools import lru_cache
+from random import Random
+
+from django import forms
+from django.db import transaction
+from django.db.models import Q
+from django.utils.translation import gettext_lazy as _
+
+from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, WEIBusInformation
+from ...models import WEIMembership
+
+WORDS = [
+	'ABBA', 'After', 'Alcoolique anonyme', 'Ambiance festive', 'Années 2000', 'Apéro', 'Art',
+	'Baby foot billard biere pong', 'BBQ', 'Before', 'Bière pong', 'Bon enfant', 'Calme', 'Canapé',
+	'Chanson paillarde', 'Chanson populaire', 'Chartreuse', 'Cheerleader', 'Chill', 'Choré',
+	'Cinéma', 'Cocktail', 'Comédie musicle', 'Commercial', 'Copaing', 'Danse', 'Dancefloor',
+	'Electro', 'Fanfare', 'Gin tonic', 'Inclusif', 'Jazz', "Jeux d'alcool", 'Jeux de carte',
+	'Jeux de rôle', 'Jeux de société', 'JUL', 'Jus de fruit', 'Kfet', 'Kleptomanie assurée',
+	'LGBTQ+', 'Livre', 'Morning beer', 'Musique', 'NAPS', 'Paillettes', 'Pastis', 'Paté Hénaff',
+	'Peluche', 'Pena baiona', "Peu d'alcool", 'Pilier de bar', 'PMU', 'Poulpe', 'Punch', 'Rap',
+	'Réveil', 'Rock', 'Rugby', 'Sandwich', 'Serge', 'Shot', 'Sociable', 'Spectacle', 'Techno',
+	'Techno house', 'Thérapie Taxi', 'Tradition kchanaises', 'Troisième mi-temps', 'Turn up',
+	'Vodka', 'Vodka pomme', 'Volley', 'Vomi stratégique'
+]
+
+
+class WEISurveyForm2022(forms.Form):
+    """
+    Survey form for the year 2022.
+    Members choose 20 words, from which we calculate the best associated bus.
+    """
+
+    word = forms.ChoiceField(
+        label=_("Choose a word:"),
+        widget=forms.RadioSelect(),
+    )
+
+    def set_registration(self, registration):
+        """
+        Filter the bus selector with the buses of the current WEI.
+        """
+        information = WEISurveyInformation2022(registration)
+        if not information.seed:
+            information.seed = int(1000 * time.time())
+            information.save(registration)
+            registration._force_save = True
+            registration.save()
+
+        if self.data:
+            self.fields["word"].choices = [(w, w) for w in WORDS]
+            if self.is_valid():
+                return
+
+        rng = Random((information.step + 1) * information.seed)
+
+        words = None
+
+        buses = WEISurveyAlgorithm2022.get_buses()
+        informations = {bus: WEIBusInformation2022(bus) for bus in buses}
+        scores = sum((list(informations[bus].scores.values()) for bus in buses), [])
+        average_score = sum(scores) / len(scores)
+
+        preferred_words = {bus: [word for word in WORDS
+                                 if informations[bus].scores[word] >= average_score]
+                           for bus in buses}
+        while words is None or len(set(words)) != len(words):
+            # Ensure that there is no the same word 2 times
+            words = [rng.choice(words) for _ignored2, words in preferred_words.items()]
+        rng.shuffle(words)
+        words = [(w, w) for w in words]
+        self.fields["word"].choices = words
+
+
+class WEIBusInformation2022(WEIBusInformation):
+    """
+    For each word, the bus has a score
+    """
+    scores: dict
+
+    def __init__(self, bus):
+        self.scores = {}
+        for word in WORDS:
+            self.scores[word] = 0.0
+        super().__init__(bus)
+
+
+class WEISurveyInformation2022(WEISurveyInformation):
+    """
+    We store the id of the selected bus. We store only the name, but is not used in the selection:
+    that's only for humans that try to read data.
+    """
+    # Random seed that is stored at the first time to ensure that words are generated only once
+    seed = 0
+    step = 0
+
+    def __init__(self, registration):
+        for i in range(1, 21):
+            setattr(self, "word" + str(i), None)
+        super().__init__(registration)
+
+
+class WEISurvey2022(WEISurvey):
+    """
+    Survey for the year 2022.
+    """
+
+    @classmethod
+    def get_year(cls):
+        return 2022
+
+    @classmethod
+    def get_survey_information_class(cls):
+        return WEISurveyInformation2022
+
+    def get_form_class(self):
+        return WEISurveyForm2022
+
+    def update_form(self, form):
+        """
+        Filter the bus selector with the buses of the WEI.
+        """
+        form.set_registration(self.registration)
+
+    @transaction.atomic
+    def form_valid(self, form):
+        word = form.cleaned_data["word"]
+        self.information.step += 1
+        setattr(self.information, "word" + str(self.information.step), word)
+        self.save()
+
+    @classmethod
+    def get_algorithm_class(cls):
+        return WEISurveyAlgorithm2022
+
+    def is_complete(self) -> bool:
+        """
+        The survey is complete once the bus is chosen.
+        """
+        return self.information.step == 20
+
+    @classmethod
+    @lru_cache()
+    def word_mean(cls, word):
+        """
+        Calculate the mid-score given by all buses.
+        """
+        buses = cls.get_algorithm_class().get_buses()
+        return sum([cls.get_algorithm_class().get_bus_information(bus).scores[word] for bus in buses]) / buses.count()
+
+    @lru_cache()
+    def score(self, bus):
+        if not self.is_complete():
+            raise ValueError("Survey is not ended, can't calculate score")
+
+        bus_info = self.get_algorithm_class().get_bus_information(bus)
+        # Score is the given score by the bus subtracted to the mid-score of the buses.
+        s = sum(bus_info.scores[getattr(self.information, 'word' + str(i))]
+                - self.word_mean(getattr(self.information, 'word' + str(i))) for i in range(1, 21)) / 20
+        return s
+
+    @lru_cache()
+    def scores_per_bus(self):
+        return {bus: self.score(bus) for bus in self.get_algorithm_class().get_buses()}
+
+    @lru_cache()
+    def ordered_buses(self):
+        values = list(self.scores_per_bus().items())
+        values.sort(key=lambda item: -item[1])
+        return values
+
+    @classmethod
+    def clear_cache(cls):
+        cls.word_mean.cache_clear()
+        return super().clear_cache()
+
+
+class WEISurveyAlgorithm2022(WEISurveyAlgorithm):
+    """
+    The algorithm class for the year 2022.
+    We use Gale-Shapley algorithm to attribute 1y students into buses.
+    """
+
+    @classmethod
+    def get_survey_class(cls):
+        return WEISurvey2022
+
+    @classmethod
+    def get_bus_information_class(cls):
+        return WEIBusInformation2022
+
+    def run_algorithm(self, display_tqdm=False):
+        """
+        Gale-Shapley algorithm implementation.
+        We modify it to allow buses to have multiple "weddings".
+        """
+        surveys = list(self.get_survey_class()(r) for r in self.get_registrations())  # All surveys
+        surveys = [s for s in surveys if s.is_complete()]  # Don't consider invalid surveys
+        # Don't manage hardcoded people
+        surveys = [s for s in surveys if not hasattr(s.information, 'hardcoded') or not s.information.hardcoded]
+
+        # Reset previous algorithm run
+        for survey in surveys:
+            survey.free()
+            survey.save()
+
+        non_men = [s for s in surveys if s.registration.gender != 'male']
+        men = [s for s in surveys if s.registration.gender == 'male']
+
+        quotas = {}
+        registrations = self.get_registrations()
+        non_men_total = registrations.filter(~Q(gender='male')).count()
+        for bus in self.get_buses():
+            free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
+            # Remove hardcoded people
+            free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
+                                                       registration__information_json__icontains="hardcoded").count()
+            quotas[bus] = 4 + int(non_men_total / registrations.count() * free_seats)
+
+        tqdm_obj = None
+        if display_tqdm:
+            from tqdm import tqdm
+            tqdm_obj = tqdm(total=len(non_men), desc="Non-hommes")
+
+        # Repartition for non men people first
+        self.make_repartition(non_men, quotas, tqdm_obj=tqdm_obj)
+
+        quotas = {}
+        for bus in self.get_buses():
+            free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
+            free_seats -= sum(1 for s in non_men if s.information.selected_bus_pk == bus.pk)
+            # Remove hardcoded people
+            free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
+                                                       registration__information_json__icontains="hardcoded").count()
+            quotas[bus] = free_seats
+
+        if display_tqdm:
+            tqdm_obj.close()
+
+            from tqdm import tqdm
+            tqdm_obj = tqdm(total=len(men), desc="Hommes")
+
+        self.make_repartition(men, quotas, tqdm_obj=tqdm_obj)
+
+        if display_tqdm:
+            tqdm_obj.close()
+
+        # Clear cache information after running algorithm
+        WEISurvey2022.clear_cache()
+
+    def make_repartition(self, surveys, quotas=None, tqdm_obj=None):
+        free_surveys = surveys.copy()  # Remaining surveys
+        while free_surveys:  # Some students are not affected
+            survey = free_surveys[0]
+            buses = survey.ordered_buses()  # Preferences of the student
+            for bus, current_score in buses:
+                if self.get_bus_information(bus).has_free_seats(surveys, quotas):
+                    # Selected bus has free places. Put student in the bus
+                    survey.select_bus(bus)
+                    survey.save()
+                    free_surveys.remove(survey)
+                    break
+                else:
+                    # Current bus has not enough places. Remove the least preferred student from the bus if existing
+                    least_preferred_survey = None
+                    least_score = -1
+                    # Find the least student in the bus that has a lower score than the current student
+                    for survey2 in surveys:
+                        if not survey2.information.valid or survey2.information.get_selected_bus() != bus:
+                            continue
+                        score2 = survey2.score(bus)
+                        if current_score <= score2:  # Ignore better students
+                            continue
+                        if least_preferred_survey is None or score2 < least_score:
+                            least_preferred_survey = survey2
+                            least_score = score2
+
+                    if least_preferred_survey is not None:
+                        # Remove the least student from the bus and put the current student in.
+                        # If it does not exist, choose the next bus.
+                        least_preferred_survey.free()
+                        least_preferred_survey.save()
+                        free_surveys.append(least_preferred_survey)
+                        survey.select_bus(bus)
+                        survey.save()
+                        free_surveys.remove(survey)
+                        break
+            else:
+                raise ValueError(f"User {survey.registration.user} has no free seat")
+
+            if tqdm_obj is not None:
+                tqdm_obj.n = len(surveys) - len(free_surveys)
+                tqdm_obj.refresh()

apps/wei/tests/test_wei_algorithm_2021.py

@@ -25,6 +25,7 @@ class TestWEIAlgorithm(TestCase):
             email="wei2021@example.com",
             date_start='2021-09-17',
             date_end='2021-09-19',
+            year=2021,
         )
 
         self.buses = []

apps/wei/tests/test_wei_algorithm_2022.py

@@ -0,0 +1,110 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import random
+
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from ..forms.surveys.wei2022 import WEIBusInformation2022, WEISurvey2022, WORDS, WEISurveyInformation2022
+from ..models import Bus, WEIClub, WEIRegistration
+
+
+class TestWEIAlgorithm(TestCase):
+    """
+    Run some tests to ensure that the WEI algorithm is working well.
+    """
+    fixtures = ('initial',)
+
+    def setUp(self):
+        """
+        Create some test data, with one WEI and 10 buses with random score attributions.
+        """
+        self.wei = WEIClub.objects.create(
+            name="WEI 2022",
+            email="wei2022@example.com",
+            date_start='2022-09-16',
+            date_end='2022-09-18',
+            year=2022,
+        )
+
+        self.buses = []
+        for i in range(10):
+            bus = Bus.objects.create(wei=self.wei, name=f"Bus {i}", size=10)
+            self.buses.append(bus)
+            information = WEIBusInformation2022(bus)
+            for word in WORDS:
+                information.scores[word] = random.randint(0, 101)
+            information.save()
+            bus.save()
+
+    def test_survey_algorithm_small(self):
+        """
+        There are only a few people in each bus, ensure that each person has its best bus
+        """
+        # Add a few users
+        for i in range(10):
+            user = User.objects.create(username=f"user{i}")
+            registration = WEIRegistration.objects.create(
+                user=user,
+                wei=self.wei,
+                first_year=True,
+                birth_date='2000-01-01',
+            )
+            information = WEISurveyInformation2022(registration)
+            for j in range(1, 21):
+                setattr(information, f'word{j}', random.choice(WORDS))
+            information.step = 20
+            information.save(registration)
+            registration.save()
+
+        # Run algorithm
+        WEISurvey2022.get_algorithm_class()().run_algorithm()
+
+        # Ensure that everyone has its first choice
+        for r in WEIRegistration.objects.filter(wei=self.wei).all():
+            survey = WEISurvey2022(r)
+            preferred_bus = survey.ordered_buses()[0][0]
+            chosen_bus = survey.information.get_selected_bus()
+            self.assertEqual(preferred_bus, chosen_bus)
+
+    def test_survey_algorithm_full(self):
+        """
+        Buses are full of first year people, ensure that they are happy
+        """
+        # Add a lot of users
+        for i in range(95):
+            user = User.objects.create(username=f"user{i}")
+            registration = WEIRegistration.objects.create(
+                user=user,
+                wei=self.wei,
+                first_year=True,
+                birth_date='2000-01-01',
+            )
+            information = WEISurveyInformation2022(registration)
+            for j in range(1, 21):
+                setattr(information, f'word{j}', random.choice(WORDS))
+            information.step = 20
+            information.save(registration)
+            registration.save()
+
+        # Run algorithm
+        WEISurvey2022.get_algorithm_class()().run_algorithm()
+
+        penalty = 0
+        # Ensure that everyone seems to be happy
+        # We attribute a penalty for each user that didn't have its first choice
+        # The penalty is the square of the distance between the score of the preferred bus
+        # and the score of the attributed bus
+        # We consider it acceptable if the mean of this distance is lower than 5 %
+        for r in WEIRegistration.objects.filter(wei=self.wei).all():
+            survey = WEISurvey2022(r)
+            chosen_bus = survey.information.get_selected_bus()
+            buses = survey.ordered_buses()
+            score = min(v for bus, v in buses if bus == chosen_bus)
+            max_score = buses[0][1]
+            penalty += (max_score - score) ** 2
+
+            self.assertLessEqual(max_score - score, 25)  # Always less than 25 % of tolerance
+
+        self.assertLessEqual(penalty / 100, 25)  # Tolerance of 5 %

apps/wei/tests/test_wei_registration.py

@@ -782,7 +782,7 @@ class TestDefaultWEISurvey(TestCase):
         WEISurvey.update_form(None, None)
 
         self.assertEqual(CurrentSurvey.get_algorithm_class().get_survey_class(), CurrentSurvey)
-        self.assertEqual(CurrentSurvey.get_year(), 2021)
+        self.assertEqual(CurrentSurvey.get_year(), 2022)
 
 
 class TestWeiAPI(TestAPI):

docs/apps/permission.rst

@@ -118,13 +118,13 @@ Exemples
          {"F": [
            "ADD",
            ["F", "source__balance"],
-           5000]
+           2000]
          }
        }
     ]
 
-  | si la destination est la note du club dont on est membre et si le montant est inférieur au solde de la source + 50 €,
-    autrement dit le solde final est au-dessus de -50 €.
+  | si la destination est la note du club dont on est membre et si le montant est inférieur au solde de la source + 20 €,
+    autrement dit le solde final est au-dessus de -20 €.
 
 
 Masques de permissions

docs/apps/treasury.rst

@@ -86,7 +86,7 @@ Génération
 
 Les factures peuvent s'exporter au format PDF (là est tout leur intérêt). Pour cela, on utilise le template LaTeX
 présent à l'adresse suivante :
-`/templates/treasury/invoice_sample.tex <https://gitlab.crans.org/bde/nk20/-/tree/master/templates/treasury/invoice_sample.tex>`_
+`/templates/treasury/invoice_sample.tex <https://gitlab.crans.org/bde/nk20/-/tree/main/templates/treasury/invoice_sample.tex>`_
 
 On le remplit avec les données de la facture et les données du BDE, hard-codées. On copie le template rempli dans un
 ficher tex dans un dossier temporaire. On fait ensuite 2 appels à ``pdflatex`` pour générer la facture au format PDF.

docs/external_services/oauth2.rst

@@ -41,8 +41,14 @@ On a ensuite besoin de définir nos propres scopes afin d'avoir des permissions
 
    OAUTH2_PROVIDER = {
        'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
+       'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator",
+       'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
    }
 
+Cela a pour effet d'avoir des scopes sous la forme ``PERMISSION_CLUB``,
+et de demander des scopes facultatives (voir plus bas).
+Un jeton de rafraîchissement expire de plus au bout de 14 jours, si non-renouvelé.
+
 On ajoute enfin les routes dans ``urls.py`` :
 
 .. code:: python
@@ -94,6 +100,27 @@ du format renvoyé.
    Vous pouvez donc contrôler le plus finement possible les permissions octroyées à vos
    jetons.
 
+.. danger::
+
+   Demander des scopes n'implique pas de les avoir.
+
+   Lorsque des scopes sont demandées par un client, la Note
+   va considérer l'ensemble des permissions accessibles parmi
+   ce qui est demandé. Dans vos programmes, vous devrez donc
+   vérifier les permissions acquises (communiquées lors de la
+   récupération du jeton d'accès à partir du grant code),
+   et prévoir un comportement dans le cas où des permissions
+   sont manquantes.
+
+   Cela offre un intérêt supérieur par rapport au protocole
+   OAuth2 classique, consistant à demander trop de permissions
+   et agir en conséquence.
+
+   Par exemple, vous pourriez demander la permission d'accéder
+   aux membres d'un club ou de faire des transactions, et agir
+   uniquement dans le cas où l'utilisateur connecté possède la
+   permission problématique.
+
 Avec Django-allauth
 ###################
 
@@ -116,6 +143,7 @@ installées (sur votre propre client), puis de bien ajouter l'application social
    SOCIALACCOUNT_PROVIDERS = {
        'notekfet': {
            # 'DOMAIN': 'note.crans.org',
+           'SCOPE': ['1_1', '2_1'],
        },
        ...
    }
@@ -123,6 +151,10 @@ installées (sur votre propre client), puis de bien ajouter l'application social
 Le paramètre ``DOMAIN`` permet de changer d'instance de Note Kfet. Par défaut, il
 se connectera à ``note.crans.org`` si vous ne renseignez rien.
 
+Le paramètre ``SCOPE`` permet de définir les scopes à demander.
+Dans l'exemple ci-dessous, les permissions d'accéder à l'utilisateur
+et au profil sont demandées.
+
 En créant l'application sur la note, vous pouvez renseigner
 ``https://monsite.example.com/accounts/notekfet/login/callback/`` en URL de redirection,
 à adapter selon votre configuration.

docs/faq.rst

@@ -83,13 +83,6 @@ Je suis trésorier d'un club, qu'ai-je le droit de faire ?
    bien sûr permis pour faciliter des transferts. Tout abus de droits constaté
    pourra mener à des sanctions prises par le bureau du BDE.
 
-.. warning::
-   Une fonctionnalité pour permettre de gérer plus proprement les remboursements
-   entre amis est en cours de développement. Temporairement et pour des raisons
-   de confort, les trésoriers de clubs ont le droit de prélever n'importe quelle
-   adhérente vers n'importe quelle autre note adhérente, tant que la source ne
-   descend pas sous ``- 50 €``. Ces droits seront retirés d'ici quelques semaines.
-
 
 Je suis trésorier d'un club, je n'arrive pas à voir le solde du club / faire des transactions
 ---------------------------------------------------------------------------------------------------

docs/install.rst

@@ -88,7 +88,7 @@ On clone donc le dépôt en tant que ``www-data`` :
 
    $ sudo -u www-data git clone https://gitlab.crans.org/bde/nk20.git /var/www/note_kfet
 
-Par défaut, le dépôt est configuré pour suivre la branche ``master``, qui est la branche
+Par défaut, le dépôt est configuré pour suivre la branche ``main``, qui est la branche
 stable, notamment installée sur `<https://note.crans.org/>`_. Pour changer de branche,
 notamment passer sur la branche ``beta`` sur un serveur de pré-production (un peu comme
 `<https://note-dev.crans.org/>`_), on peut faire :
@@ -587,7 +587,7 @@ Dans ce fichier, remplissez :
    ---
    note:
      server_name: note.crans.org
-     git_branch: master
+     git_branch: main
      cron_enabled: true
      email: notekfet2020@lists.crans.org
 

locale/fr/LC_MESSAGES/django.po

@@ -7,16 +7,16 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-10-07 22:55+0200\n"
-"PO-Revision-Date: 2020-11-16 20:02+0000\n"
-"Last-Translator: Yohann D'ANELLO <ynerant@crans.org>\n"
+"POT-Creation-Date: 2022-04-10 22:34+0200\n"
+"PO-Revision-Date: 2022-04-11 22:05+0200\n"
+"Last-Translator: elkmaennchen <elkmaennchen@crans.org>\n"
 "Language-Team: French <http://translate.ynerant.fr/projects/nk20/nk20/fr/>\n"
 "Language: fr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n > 1;\n"
-"X-Generator: Weblate 4.3.2\n"
+"X-Generator: Poedit 3.0\n"
 
 #: apps/activity/apps.py:10 apps/activity/models.py:151
 #: apps/activity/models.py:167
@@ -56,7 +56,7 @@ msgstr "Vous ne pouvez pas inviter plus de 3 personnes à cette activité."
 #: apps/member/models.py:199
 #: apps/member/templates/member/includes/club_info.html:4
 #: apps/member/templates/member/includes/profile_info.html:4
-#: apps/note/models/notes.py:231 apps/note/models/transactions.py:26
+#: apps/note/models/notes.py:263 apps/note/models/transactions.py:26
 #: apps/note/models/transactions.py:46 apps/note/models/transactions.py:301
 #: apps/permission/models.py:330
 #: apps/registration/templates/registration/future_profile_detail.html:16
@@ -114,7 +114,7 @@ msgstr "Lieu où l'activité est organisée, par exemple la Kfet."
 msgid "type"
 msgstr "type"
 
-#: apps/activity/models.py:89 apps/logs/models.py:22 apps/member/models.py:305
+#: apps/activity/models.py:89 apps/logs/models.py:22 apps/member/models.py:307
 #: apps/note/models/notes.py:148 apps/treasury/models.py:285
 #: apps/wei/models.py:173 apps/wei/templates/wei/attribute_bus_1A.html:13
 #: apps/wei/templates/wei/survey.html:15
@@ -295,7 +295,7 @@ msgstr "Invité supprimé"
 #: apps/note/models/transactions.py:257
 #: apps/note/templates/note/transaction_form.html:17
 #: apps/note/templates/note/transaction_form.html:152
-#: note_kfet/templates/base.html:73
+#: note_kfet/templates/base.html:72
 msgid "Transfer"
 msgstr "Virement"
 
@@ -388,7 +388,7 @@ msgid "validate"
 msgstr "valider"
 
 #: apps/activity/templates/activity/includes/activity_info.html:71
-#: apps/logs/models.py:64 apps/note/tables.py:195
+#: apps/logs/models.py:64 apps/note/tables.py:220
 msgid "edit"
 msgstr "modifier"
 
@@ -400,7 +400,7 @@ msgstr "Inviter"
 msgid "Create new activity"
 msgstr "Créer une nouvelle activité"
 
-#: apps/activity/views.py:67 note_kfet/templates/base.html:91
+#: apps/activity/views.py:67 note_kfet/templates/base.html:90
 msgid "Activities"
 msgstr "Activités"
 
@@ -466,9 +466,9 @@ msgstr "nouvelles données"
 msgid "create"
 msgstr "créer"
 
-#: apps/logs/models.py:65 apps/note/tables.py:165 apps/note/tables.py:211
-#: apps/permission/models.py:127 apps/treasury/tables.py:38
-#: apps/wei/tables.py:74
+#: apps/logs/models.py:65 apps/note/tables.py:166 apps/note/tables.py:190
+#: apps/note/tables.py:237 apps/permission/models.py:127
+#: apps/treasury/tables.py:38 apps/wei/tables.py:74
 msgid "delete"
 msgstr "supprimer"
 
@@ -507,11 +507,11 @@ msgstr "cotisation pour adhérer (normalien élève)"
 msgid "membership fee (unpaid students)"
 msgstr "cotisation pour adhérer (normalien étudiant)"
 
-#: apps/member/admin.py:65 apps/member/models.py:317
+#: apps/member/admin.py:65 apps/member/models.py:319
 msgid "roles"
 msgstr "rôles"
 
-#: apps/member/admin.py:66 apps/member/models.py:331
+#: apps/member/admin.py:66 apps/member/models.py:333
 msgid "fee"
 msgstr "cotisation"
 
@@ -547,7 +547,7 @@ msgstr "Taille maximale : 2 Mo"
 msgid "This image cannot be loaded."
 msgstr "Cette image ne peut pas être chargée."
 
-#: apps/member/forms.py:141 apps/member/views.py:102
+#: apps/member/forms.py:141 apps/member/views.py:103
 #: apps/registration/forms.py:33 apps/registration/views.py:262
 msgid "An alias with a similar name already exists."
 msgstr "Un alias avec un nom similaire existe déjà."
@@ -610,14 +610,14 @@ msgid "hash"
 msgstr "haché"
 
 #: apps/member/models.py:38
-#: apps/member/templates/member/includes/profile_info.html:35
+#: apps/member/templates/member/includes/profile_info.html:43
 #: apps/registration/templates/registration/future_profile_detail.html:40
 #: apps/wei/templates/wei/weimembership_form.html:44
 msgid "phone number"
 msgstr "numéro de téléphone"
 
 #: apps/member/models.py:45
-#: apps/member/templates/member/includes/profile_info.html:29
+#: apps/member/templates/member/includes/profile_info.html:37
 #: apps/registration/templates/registration/future_profile_detail.html:34
 #: apps/wei/templates/wei/weimembership_form.html:38
 msgid "section"
@@ -705,14 +705,14 @@ msgid "Year of entry to the school (None if not ENS student)"
 msgstr "Année d'entrée dans l'école (None si non-étudiant·e de l'ENS)"
 
 #: apps/member/models.py:83
-#: apps/member/templates/member/includes/profile_info.html:39
+#: apps/member/templates/member/includes/profile_info.html:47
 #: apps/registration/templates/registration/future_profile_detail.html:37
 #: apps/wei/templates/wei/weimembership_form.html:41
 msgid "address"
 msgstr "adresse"
 
 #: apps/member/models.py:90
-#: apps/member/templates/member/includes/profile_info.html:42
+#: apps/member/templates/member/includes/profile_info.html:50
 #: apps/registration/templates/registration/future_profile_detail.html:43
 #: apps/wei/templates/wei/weimembership_form.html:47
 msgid "paid"
@@ -784,7 +784,7 @@ msgstr "Activez votre compte Note Kfet"
 
 #: apps/member/models.py:204
 #: apps/member/templates/member/includes/club_info.html:55
-#: apps/member/templates/member/includes/profile_info.html:32
+#: apps/member/templates/member/includes/profile_info.html:40
 #: apps/registration/templates/registration/future_profile_detail.html:22
 #: apps/wei/templates/wei/base.html:70
 #: apps/wei/templates/wei/weimembership_form.html:20
@@ -833,46 +833,46 @@ msgstr ""
 "Date maximale d'une fin d'adhésion, après laquelle les adhérents doivent la "
 "renouveler."
 
-#: apps/member/models.py:286 apps/member/models.py:311
+#: apps/member/models.py:288 apps/member/models.py:313
 #: apps/note/models/notes.py:176
 msgid "club"
 msgstr "club"
 
-#: apps/member/models.py:287
+#: apps/member/models.py:289
 msgid "clubs"
 msgstr "clubs"
 
-#: apps/member/models.py:322
+#: apps/member/models.py:324
 msgid "membership starts on"
 msgstr "l'adhésion commence le"
 
-#: apps/member/models.py:326
+#: apps/member/models.py:328
 msgid "membership ends on"
 msgstr "l'adhésion finit le"
 
-#: apps/member/models.py:428
+#: apps/member/models.py:430
 #, python-brace-format
 msgid "The role {role} does not apply to the club {club}."
 msgstr "Le rôle {role} ne s'applique pas au club {club}."
 
-#: apps/member/models.py:437 apps/member/views.py:651
+#: apps/member/models.py:439 apps/member/views.py:712
 msgid "User is already a member of the club"
 msgstr "L'utilisateur est déjà membre du club"
 
-#: apps/member/models.py:449 apps/member/views.py:660
+#: apps/member/models.py:451 apps/member/views.py:721
 msgid "User is not a member of the parent club"
 msgstr "L'utilisateur n'est pas membre du club parent"
 
-#: apps/member/models.py:502
+#: apps/member/models.py:504
 #, python-brace-format
 msgid "Membership of {user} for the club {club}"
 msgstr "Adhésion de {user} pour le club {club}"
 
-#: apps/member/models.py:505 apps/note/models/transactions.py:389
+#: apps/member/models.py:507 apps/note/models/transactions.py:389
 msgid "membership"
 msgstr "adhésion"
 
-#: apps/member/models.py:506
+#: apps/member/models.py:508
 msgid "memberships"
 msgstr "adhésions"
 
@@ -924,7 +924,7 @@ msgid "Account #"
 msgstr "Compte n°"
 
 #: apps/member/templates/member/base.html:48
-#: apps/member/templates/member/base.html:62 apps/member/views.py:59
+#: apps/member/templates/member/base.html:62 apps/member/views.py:60
 #: apps/registration/templates/registration/future_profile_detail.html:48
 #: apps/wei/templates/wei/weimembership_form.html:117
 msgid "Update Profile"
@@ -985,13 +985,14 @@ msgstr ""
 "seront à nouveau possible."
 
 #: apps/member/templates/member/club_alias.html:10
-#: apps/member/templates/member/profile_alias.html:10 apps/member/views.py:253
-#: apps/member/views.py:456
+#: apps/member/templates/member/profile_alias.html:10 apps/member/views.py:287
+#: apps/member/views.py:517
 msgid "Note aliases"
 msgstr "Alias de la note"
 
 #: apps/member/templates/member/club_alias.html:20
 #: apps/member/templates/member/profile_alias.html:19
+#: apps/member/templates/member/profile_trust.html:19
 #: apps/treasury/tables.py:99
 #: apps/treasury/templates/treasury/sogecredit_list.html:34
 #: apps/treasury/templates/treasury/sogecredit_list.html:73
@@ -1044,7 +1045,7 @@ msgid "membership fee"
 msgstr "cotisation pour adhérer"
 
 #: apps/member/templates/member/includes/club_info.html:43
-#: apps/member/templates/member/includes/profile_info.html:47
+#: apps/member/templates/member/includes/profile_info.html:55
 #: apps/treasury/templates/treasury/sogecredit_detail.html:24
 #: apps/wei/templates/wei/base.html:60
 msgid "balance"
@@ -1052,7 +1053,7 @@ msgstr "solde du compte"
 
 #: apps/member/templates/member/includes/club_info.html:47
 #: apps/member/templates/member/includes/profile_info.html:20
-#: apps/note/models/notes.py:255 apps/wei/templates/wei/base.html:66
+#: apps/note/models/notes.py:287 apps/wei/templates/wei/base.html:66
 msgid "aliases"
 msgstr "alias"
 
@@ -1076,7 +1077,16 @@ msgstr "mot de passe"
 msgid "Change password"
 msgstr "Changer le mot de passe"
 
-#: apps/member/templates/member/includes/profile_info.html:55
+#: apps/member/templates/member/includes/profile_info.html:28
+#: apps/note/models/notes.py:244
+msgid "friendships"
+msgstr "amitiés"
+
+#: apps/member/templates/member/includes/profile_info.html:32
+msgid "Manage friendships"
+msgstr "Gérer les amitiés"
+
+#: apps/member/templates/member/includes/profile_info.html:63
 msgid "API token"
 msgstr "Accès API"
 
@@ -1148,6 +1158,23 @@ msgstr "Cliquez ici pour renvoyer un lien de validation."
 msgid "View my memberships"
 msgstr "Voir mes adhésions"
 
+#: apps/member/templates/member/profile_trust.html:10 apps/member/views.py:254
+msgid "Note friendships"
+msgstr "Amitiés note"
+
+#: apps/member/templates/member/profile_trust.html:28
+msgid ""
+"Adding someone as a friend enables them to initiate transactions coming from "
+"your account (while keeping your balance positive). This is designed to "
+"simplify using note kfet transfers to transfer money between users. The "
+"intent is that one person can make all transfers for a group of friends "
+"without needing additional rights among them."
+msgstr ""
+"Ajouter quelqu'un⋅e en ami⋅e lui permet de me prélever de l'argent (tant que "
+"ma note reste positive). Ceci sert à simplifier les remboursements entre "
+"ami⋅es via note. En effet, une personne peut effectuer tous les transferts "
+"sans posséder de droits supplémentaires."
+
 #: apps/member/templates/member/profile_update.html:18
 msgid "Save Changes"
 msgstr "Sauvegarder les changements"
@@ -1156,47 +1183,47 @@ msgstr "Sauvegarder les changements"
 msgid "Registrations"
 msgstr "Inscriptions"
 
-#: apps/member/views.py:72 apps/registration/forms.py:23
+#: apps/member/views.py:73 apps/registration/forms.py:23
 msgid "This address must be valid."
 msgstr "Cette adresse doit être valide."
 
-#: apps/member/views.py:139
+#: apps/member/views.py:140
 msgid "Profile detail"
 msgstr "Détails de l'utilisateur"
 
-#: apps/member/views.py:205
+#: apps/member/views.py:206
 msgid "Search user"
 msgstr "Chercher un utilisateur"
 
-#: apps/member/views.py:273
+#: apps/member/views.py:308
 msgid "Update note picture"
 msgstr "Modifier la photo de la note"
 
-#: apps/member/views.py:319
+#: apps/member/views.py:354
 msgid "Manage auth token"
 msgstr "Gérer les jetons d'authentification"
 
-#: apps/member/views.py:346
+#: apps/member/views.py:381
 msgid "Create new club"
 msgstr "Créer un nouveau club"
 
-#: apps/member/views.py:365
+#: apps/member/views.py:400
 msgid "Search club"
 msgstr "Chercher un club"
 
-#: apps/member/views.py:398
+#: apps/member/views.py:433
 msgid "Club detail"
 msgstr "Détails du club"
 
-#: apps/member/views.py:479
+#: apps/member/views.py:540
 msgid "Update club"
 msgstr "Modifier le club"
 
-#: apps/member/views.py:513
+#: apps/member/views.py:574
 msgid "Add new member to the club"
 msgstr "Ajouter un nouveau membre au club"
 
-#: apps/member/views.py:642 apps/wei/views.py:973
+#: apps/member/views.py:703 apps/wei/views.py:973
 msgid ""
 "This user don't have enough money to join this club, and can't have a "
 "negative balance."
@@ -1204,19 +1231,19 @@ msgstr ""
 "Cet utilisateur n'a pas assez d'argent pour rejoindre ce club et ne peut pas "
 "avoir un solde négatif."
 
-#: apps/member/views.py:664
+#: apps/member/views.py:725
 msgid "The membership must start after {:%m-%d-%Y}."
 msgstr "L'adhésion doit commencer après le {:%d/%m/%Y}."
 
-#: apps/member/views.py:669
+#: apps/member/views.py:730
 msgid "The membership must begin before {:%m-%d-%Y}."
 msgstr "L'adhésion doit commencer avant le {:%d/%m/%Y}."
 
-#: apps/member/views.py:815
+#: apps/member/views.py:876
 msgid "Manage roles of an user in the club"
 msgstr "Gérer les rôles d'un utilisateur dans le club"
 
-#: apps/member/views.py:840
+#: apps/member/views.py:901
 msgid "Members of the club"
 msgstr "Membres du club"
 
@@ -1234,7 +1261,7 @@ msgstr "destination"
 msgid "amount"
 msgstr "montant"
 
-#: apps/note/api/serializers.py:183 apps/note/api/serializers.py:189
+#: apps/note/api/serializers.py:199 apps/note/api/serializers.py:205
 #: apps/note/models/transactions.py:228
 msgid ""
 "The transaction can't be saved since the source note or the destination note "
@@ -1366,30 +1393,47 @@ msgstr "note spéciale"
 msgid "special notes"
 msgstr "notes spéciales"
 
-#: apps/note/models/notes.py:237
+#: apps/note/models/notes.py:232
+msgid "trusting"
+msgstr "note"
+
+#: apps/note/models/notes.py:239
+msgid "trusted"
+msgstr "ami"
+
+#: apps/note/models/notes.py:243
+msgid "frienship"
+msgstr "amitié"
+
+#: apps/note/models/notes.py:248
+#, python-brace-format
+msgid "Friendship between {trusting} and {trusted}"
+msgstr "Amitié entre {trusting} et {trusted}"
+
+#: apps/note/models/notes.py:269
 msgid "Invalid alias"
 msgstr "Alias invalide"
 
-#: apps/note/models/notes.py:254
+#: apps/note/models/notes.py:286
 msgid "alias"
 msgstr "alias"
 
-#: apps/note/models/notes.py:278
+#: apps/note/models/notes.py:310
 msgid "Alias is too long."
 msgstr "L'alias est trop long."
 
-#: apps/note/models/notes.py:281
+#: apps/note/models/notes.py:313
 msgid ""
 "This alias contains only complex character. Please use a more simple alias."
 msgstr ""
 "Cet alias ne contient que des caractères complexes. Merci d'utiliser un "
 "alias plus simple."
 
-#: apps/note/models/notes.py:285
+#: apps/note/models/notes.py:317
 msgid "An alias with a similar name already exists: {} "
 msgstr "Un alias avec un nom similaire existe déjà : {} "
 
-#: apps/note/models/notes.py:299
+#: apps/note/models/notes.py:331
 msgid "You can't delete your main alias."
 msgstr "Vous ne pouvez pas supprimer votre alias principal."
 
@@ -1535,7 +1579,8 @@ msgstr "Cliquez pour valider"
 msgid "No reason specified"
 msgstr "Pas de motif spécifié"
 
-#: apps/note/tables.py:169 apps/note/tables.py:213 apps/treasury/tables.py:39
+#: apps/note/tables.py:173 apps/note/tables.py:194 apps/note/tables.py:239
+#: apps/treasury/tables.py:39
 #: apps/treasury/templates/treasury/invoice_confirm_delete.html:30
 #: apps/treasury/templates/treasury/sogecredit_detail.html:65
 #: apps/wei/tables.py:75 apps/wei/tables.py:118
@@ -1546,7 +1591,7 @@ msgstr "Pas de motif spécifié"
 msgid "Delete"
 msgstr "Supprimer"
 
-#: apps/note/tables.py:197 apps/note/templates/note/conso_form.html:132
+#: apps/note/tables.py:222 apps/note/templates/note/conso_form.html:132
 #: apps/wei/tables.py:49 apps/wei/tables.py:50
 #: apps/wei/templates/wei/base.html:89
 #: apps/wei/templates/wei/bus_detail.html:20
@@ -1556,7 +1601,7 @@ msgstr "Supprimer"
 msgid "Edit"
 msgstr "Éditer"
 
-#: apps/note/tables.py:201 apps/note/tables.py:224
+#: apps/note/tables.py:226 apps/note/tables.py:253
 msgid "Hide/Show"
 msgstr "Afficher/Masquer"
 
@@ -1717,7 +1762,7 @@ msgstr "Chercher un bouton"
 msgid "Update button"
 msgstr "Modifier le bouton"
 
-#: apps/note/views.py:151 note_kfet/templates/base.html:67
+#: apps/note/views.py:151 note_kfet/templates/base.html:66
 msgid "Consumptions"
 msgstr "Consommations"
 
@@ -1915,7 +1960,7 @@ msgstr ""
 "Vous n'avez pas la permission d'ajouter une instance du modèle « {model} » "
 "avec ces paramètres. Merci de les corriger et de réessayer."
 
-#: apps/permission/views.py:112 note_kfet/templates/base.html:109
+#: apps/permission/views.py:112 note_kfet/templates/base.html:108
 msgid "Rights"
 msgstr "Droits"
 
@@ -2122,7 +2167,7 @@ msgstr ""
 msgid "Invalidate pre-registration"
 msgstr "Invalider l'inscription"
 
-#: apps/treasury/apps.py:12 note_kfet/templates/base.html:97
+#: apps/treasury/apps.py:12 note_kfet/templates/base.html:96
 msgid "Treasury"
 msgstr "Trésorerie"
 
@@ -2530,7 +2575,7 @@ msgstr "Gérer les crédits de la Société générale"
 
 #: apps/wei/apps.py:10 apps/wei/models.py:50 apps/wei/models.py:51
 #: apps/wei/models.py:62 apps/wei/models.py:180
-#: note_kfet/templates/base.html:103
+#: note_kfet/templates/base.html:102
 msgid "WEI"
 msgstr "WEI"
 
@@ -2538,7 +2583,7 @@ msgstr "WEI"
 msgid "The selected user is not validated. Please validate its account first"
 msgstr ""
 "L'utilisateur sélectionné n'est pas validé. Merci de d'abord valider son "
-"compte."
+"compte"
 
 #: apps/wei/forms/registration.py:59 apps/wei/models.py:126
 #: apps/wei/models.py:323
@@ -2579,7 +2624,7 @@ msgstr "Sélectionnez les rôles qui vous intéressent."
 msgid "This team doesn't belong to the given bus."
 msgstr "Cette équipe n'appartient pas à ce bus."
 
-#: apps/wei/forms/surveys/wei2021.py:35
+#: apps/wei/forms/surveys/wei2021.py:35 apps/wei/forms/surveys/wei2022.py:35
 msgid "Choose a word:"
 msgstr "Choisissez un mot :"
 
@@ -3140,19 +3185,19 @@ msgstr "Répartir les 1A dans les bus"
 msgid "Attribute bus"
 msgstr "Attribuer un bus"
 
-#: note_kfet/settings/base.py:161
+#: note_kfet/settings/base.py:172
 msgid "German"
 msgstr "Allemand"
 
-#: note_kfet/settings/base.py:162
+#: note_kfet/settings/base.py:173
 msgid "English"
 msgstr "Anglais"
 
-#: note_kfet/settings/base.py:163
+#: note_kfet/settings/base.py:174
 msgid "Spanish"
 msgstr "Espagnol"
 
-#: note_kfet/settings/base.py:164
+#: note_kfet/settings/base.py:175
 msgid "French"
 msgstr "Français"
 
@@ -3209,7 +3254,7 @@ msgstr ""
 "erreur, qui sera corrigée rapidement. Vous pouvez désormais aller boire une "
 "bière."
 
-#: note_kfet/templates/autocomplete_model.html:14
+#: note_kfet/templates/autocomplete_model.html:15
 msgid "Reset"
 msgstr "Réinitialiser"
 
@@ -3217,34 +3262,34 @@ msgstr "Réinitialiser"
 msgid "The ENS Paris-Saclay BDE note."
 msgstr "La note du BDE de l'ENS Paris-Saclay."
 
-#: note_kfet/templates/base.html:79
+#: note_kfet/templates/base.html:78
 msgid "Users"
 msgstr "Utilisateurs"
 
-#: note_kfet/templates/base.html:85
+#: note_kfet/templates/base.html:84
 msgid "Clubs"
 msgstr "Clubs"
 
-#: note_kfet/templates/base.html:114
+#: note_kfet/templates/base.html:113
 msgid "Admin"
 msgstr "Admin"
 
-#: note_kfet/templates/base.html:128
+#: note_kfet/templates/base.html:127
 msgid "My account"
 msgstr "Mon compte"
 
-#: note_kfet/templates/base.html:131
+#: note_kfet/templates/base.html:130
 msgid "Log out"
 msgstr "Se déconnecter"
 
-#: note_kfet/templates/base.html:139
+#: note_kfet/templates/base.html:138
 #: note_kfet/templates/registration/signup.html:6
 #: note_kfet/templates/registration/signup.html:11
 #: note_kfet/templates/registration/signup.html:28
 msgid "Sign up"
 msgstr "Inscription"
 
-#: note_kfet/templates/base.html:146
+#: note_kfet/templates/base.html:145
 #: note_kfet/templates/registration/login.html:6
 #: note_kfet/templates/registration/login.html:15
 #: note_kfet/templates/registration/login.html:38
@@ -3252,7 +3297,7 @@ msgstr "Inscription"
 msgid "Log in"
 msgstr "Se connecter"
 
-#: note_kfet/templates/base.html:160
+#: note_kfet/templates/base.html:159
 msgid ""
 "You are not a BDE member anymore. Please renew your membership if you want "
 "to use the note."
@@ -3260,7 +3305,7 @@ msgstr ""
 "Vous n'êtes plus adhérent BDE. Merci de réadhérer si vous voulez profiter de "
 "la note."
 
-#: note_kfet/templates/base.html:166
+#: note_kfet/templates/base.html:165
 msgid ""
 "Your e-mail address is not validated. Please check your mail inbox and click "
 "on the validation link."
@@ -3268,7 +3313,7 @@ msgstr ""
 "Votre adresse e-mail n'est pas validée. Merci de vérifier votre boîte mail "
 "et de cliquer sur le lien de validation."
 
-#: note_kfet/templates/base.html:172
+#: note_kfet/templates/base.html:171
 msgid ""
 "You declared that you opened a bank account in the Société générale. The "
 "bank did not validate the creation of the account to the BDE, so the "
@@ -3282,11 +3327,11 @@ msgstr ""
 "vérification peut durer quelques jours. Merci de vous assurer de bien aller "
 "au bout de vos démarches."
 
-#: note_kfet/templates/base.html:195
+#: note_kfet/templates/base.html:194
 msgid "Contact us"
 msgstr "Nous contacter"
 
-#: note_kfet/templates/base.html:197
+#: note_kfet/templates/base.html:196
 msgid "Technical Support"
 msgstr "Support technique"
 

note_kfet/settings/base.py

@@ -7,6 +7,8 @@
 import os
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+from datetime import timedelta
+
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 
 # Quick-start development settings - unsuitable for production
@@ -22,6 +24,15 @@ ALLOWED_HOSTS = [
     os.getenv('NOTE_URL', 'localhost'),
 ]
 
+# Use secure cookies in production
+SESSION_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_SECURE = not DEBUG
+
+# Remember HTTPS for 1 year
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
 
 # Application definition
 
@@ -241,13 +252,15 @@ REST_FRAMEWORK = {
         'rest_framework.authentication.TokenAuthentication',
         'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
     ],
-    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
+    'DEFAULT_PAGINATION_CLASS': 'apps.api.pagination.CustomPagination',
     'PAGE_SIZE': 20,
 }
 
 # OAuth2 Provider
 OAUTH2_PROVIDER = {
     'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
+    'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator",
+    'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
 }
 
 # Take control on how widget templates are sourced

note_kfet/static/css/custom.css

@@ -65,7 +65,7 @@ mark {
 
 /* Last BDE colors */
 .bg-primary {
-    background-color: rgb(18, 67, 4) !important;
+    background-color: rgb(102, 83, 105) !important;
 }
 
 html {
@@ -81,14 +81,14 @@ body {
 .btn-outline-primary:not(:disabled):not(.disabled).active,
 .btn-outline-primary:not(:disabled):not(.disabled):active {
     color: #fff;
-    background-color: rgb(18, 67, 46);
-    border-color: rgb(18, 67, 46);
+    background-color: rgb(102, 83, 105);
+    border-color: rgb(102, 83, 105);
 }
 
 .btn-outline-primary {
-    color: rgb(18, 67, 46);
+    color: rgb(102, 83, 105);
     background-color: rgba(248, 249, 250, 0.9);
-    border-color: rgb(18, 67, 46);
+    border-color: rgb(102, 83, 105);
 }
 
 .turbolinks-progress-bar {
@@ -99,35 +99,35 @@ body {
 .btn-primary:not(:disabled):not(.disabled).active,
 .btn-primary:not(:disabled):not(.disabled):active {
     color: #fff;
-    background-color: rgb(18, 67, 46);
-    border-color: rgb(18, 67, 46);
+    background-color: rgb(102, 83, 105);
+    border-color: rgb(102, 83, 105);
 }
 
 .btn-primary {
     color: rgba(248, 249, 250, 0.9); 
-    background-color: rgb(28, 114, 10);
-    border-color: rgb(18, 67, 46);
+    background-color: rgb(102, 83, 105);
+    border-color: rgb(102, 83, 105);
 }
 
 .border-primary {
-    border-color: rgb(28, 114, 10) !important; 
+    border-color: rgb(115, 15, 115) !important; 
 }
 
 a {
-    color: rgb(28, 114, 10);
+    color: rgb(102, 83, 105);
 }
 
 a:hover {
-    color: rgb(122, 163, 75);
+    color: rgb(200, 30, 200);
 }
 
 .form-control:focus {
-    box-shadow: 0 0 0 0.25rem rgba(122, 163, 75, 0.25);
-    border-color: rgb(122, 163, 75);
+    box-shadow: 0 0 0 0.25rem rgba(200, 30, 200, 0.25);
+    border-color: rgb(200, 30, 200);
 }
 
 .btn-outline-primary.focus {
-  box-shadow: 0 0 0 0.25rem rgba(122, 163, 75, 0.5);
+  box-shadow: 0 0 0 0.25rem rgba(200, 30, 200, 0.5);
 }
 
 

note_kfet/static/js/autocomplete_model.js

@@ -13,21 +13,29 @@ $(document).ready(function () {
     $('#' + prefix + '_reset').removeClass('d-none')
 
     $.getJSON(api_url + (api_url.includes('?') ? '&' : '?') + 'format=json&search=^' + input + api_url_suffix, function (objects) {
-      let html = ''
+      let html = '<ul class="list-group list-group-flush" id="' + prefix + '_list">'
 
       objects.results.forEach(function (obj) {
         html += li(prefix + '_' + obj.id, obj[name_field])
       })
+      html += '</ul>'
 
-      const results_list = $('#' + prefix + '_list')
-      results_list.html(html)
+      target.tooltip({
+        html: true,
+        placement: 'bottom',
+        trigger: 'manual',
+        container: target.parent(),
+        fallbackPlacement: 'clockwise'
+      })
+
+      target.attr("data-original-title", html).tooltip("show")
 
       objects.results.forEach(function (obj) {
         $('#' + prefix + '_' + obj.id).click(function () {
           target.val(obj[name_field])
           $('#' + prefix + '_pk').val(obj.id)
 
-          results_list.html('')
+          target.tooltip("hide")
           target.removeClass('is-invalid')
           target.addClass('is-valid')
 
@@ -37,8 +45,8 @@ $(document).ready(function () {
         if (input === obj[name_field]) { $('#' + prefix + '_pk').val(obj.id) }
       })
 
-      if (results_list.children().length === 1 && e.originalEvent.keyCode >= 32) {
-        results_list.children().first().trigger('click')
+      if (objects.results.length === 1 && e.originalEvent.keyCode >= 32) {
+        $('#' + prefix + '_' + objects.results[0].id).trigger('click')
       }
     })
   })

note_kfet/static/js/base.js

@@ -96,7 +96,7 @@ function displayStyle (note) {
   if (!note) { return '' }
   const balance = note.balance
   var css = ''
-  if (balance < -5000) { css += ' text-danger bg-dark' } 
+  if (balance < -2000) { css += ' text-danger bg-dark' } 
   else if (balance < -1000) { css += ' text-danger' } 
   else if (balance < 0) { css += ' text-warning' }
   if (!note.email_confirmed) { css += ' bg-primary' }

note_kfet/templates/autocomplete_model.html

@@ -9,9 +9,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
    name="{{ widget.name }}_name" autocomplete="off"
     {% for name, value in widget.attrs.items %}
         {% ifnotequal value False %}{{ name }}{% ifnotequal value True %}="{{ value|stringformat:'s' }}"{% endifnotequal %}{% endifnotequal %}
-    {% endfor %}>
+    {% endfor %}
+    aria-describedby="{{widget.attrs.id}}_tooltip">
     {% if widget.resetable %}
         <a id="{{ widget.attrs.id }}_reset" class="btn btn-light autocomplete-reset{% if not widget.value %} d-none{% endif %}">{% trans "Reset" %}</a>
     {% endif %}
-<ul class="list-group list-group-flush" id="{{ widget.attrs.id }}_list">
-</ul>
+

note_kfet/templates/base.html

@@ -33,8 +33,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <script src="{% static "jquery/jquery.min.js" %}"></script>
     <script src="{% static "popper.js/umd/popper.min.js" %}"></script>
     <script src="{% static "bootstrap4/js/bootstrap.min.js" %}"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/turbolinks/5.2.0/turbolinks.js"
-            crossorigin="anonymous"></script>
+    <script src="{% static "js/turbolinks.js" %}"></script>
     <script src="{% static "js/base.js" %}"></script>
     <script src="{% static "js/konami.js" %}"></script>
 

note_kfet/templates/registration/signup.html

@@ -23,11 +23,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
             {% csrf_token %}
             {{ form|crispy }}
             {{ profile_form|crispy }}
-            {{ soge_form|crispy }}
+            {% comment "Soge not for membership (only WEI)" %} {{ soge_form|crispy }} {% endcomment %}
             <button class="btn btn-success" type="submit">
                 {% trans "Sign up" %}
             </button>
         </form>
     </div>
 </div>
-{% endblock %}
+{% endblock %}