Add waiting lists interfaces

Signed-off-by: Emmy D'ANELLO <ynerant@crans.org>

Dockerfile

@@ -12,7 +12,7 @@ RUN apt-get update && \
     python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
     python3-bs4 python3-setuptools \
     uwsgi uwsgi-plugin-python3 \
-    texlive-xetex gettext libjs-bootstrap4 && \
+    texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome && \
     rm -rf /var/lib/apt/lists/*
 
 # Instal PyPI requirements

README.md

@@ -1,8 +1,8 @@
 # NoteKfet 2020
 
 [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.txt)
-[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/master/pipeline.svg)](https://gitlab.crans.org/bde/nk20/commits/master)
-[![coverage report](https://gitlab.crans.org/bde/nk20/badges/master/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/master)
+[![pipeline status](https://gitlab.crans.org/bde/nk20/badges/main/pipeline.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
+[![coverage report](https://gitlab.crans.org/bde/nk20/badges/main/coverage.svg)](https://gitlab.crans.org/bde/nk20/commits/main)
 
 ## Table des matières
 
@@ -23,7 +23,7 @@ Bien que cela permette de créer une instance sur toutes les distributions,
     $ sudo apt update
     $ sudo apt install --no-install-recommends -y \
         ipython3 python3-setuptools python3-venv python3-dev \
-        texlive-xetex gettext libjs-bootstrap4 git
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome git
     ```
 
 2.  **Clonage du dépot** là où vous voulez :
@@ -115,7 +115,7 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
         python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
         python3-bs4 python3-setuptools python3-docutils \
         memcached uwsgi uwsgi-plugin-python3 \
-        texlive-xetex gettext libjs-bootstrap4 \
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome \
         nginx python3-venv git acl
     ```
 

ansible/base.yml

@@ -7,7 +7,7 @@
       prompt: "Password of the database (leave it blank to skip database init)"
       private: yes
   vars:
-    mirror: mirror.crans.org
+    mirror: eclats.crans.org
   roles:
     - 1-apt-basic
     - 2-nk20

ansible/host_vars/bde-note.adh.crans.org.yml

@@ -1,7 +1,7 @@
 ---
 note:
   server_name: note.crans.org
-  git_branch: master
+  git_branch: main
   serve_static: true
   cron_enabled: true
   email: notekfet2020@lists.crans.org

ansible/roles/1-apt-basic/tasks/main.yml

@@ -1,14 +1,15 @@
 ---
-- name: Add buster-backports to apt sources
+- name: Add buster-backports to apt sources if needed
   apt_repository:
     repo: deb http://{{ mirror }}/debian buster-backports main
     state: present
-  when: ansible_facts['distribution'] == "Debian"
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version | int == 10
 
 - name: Install note_kfet APT dependencies
   apt:
     update_cache: true
-    default_release: "{{ 'buster-backports' if ansible_facts['distribution'] == 'Debian' }}"
     install_recommends: false
     name:
       # Common tools
@@ -17,6 +18,7 @@
       - ipython3
 
       # Front-end dependencies
+      - fonts-font-awesome
       - libjs-bootstrap4
 
       # Python dependencies

apps/activity/templates/activity/activity_list.html

@@ -34,9 +34,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     {% endif %}
     <div class="card-footer">
         <a class="btn btn-sm btn-success" href="{% url 'activity:activity_create' %}" data-turbolinks="false">
-            <svg class="bi bi-calendar-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 .5a.5.5 0 0 0-1 0V1H2a2 2 0 0 0-2 2v1h16V3a2 2 0 0 0-2-2h-1V.5a.5.5 0 0 0-1 0V1H4V.5zM16 14V5H0v9a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2zM8.5 8.5V10H10a.5.5 0 0 1 0 1H8.5v1.5a.5.5 0 0 1-1 0V11H6a.5.5 0 0 1 0-1h1.5V8.5a.5.5 0 0 1 1 0z"/>
-            </svg>
+            <i class="fa fa-calendar-plus-o" aria-hidden="true"></i>
             {% trans 'New activity' %}
         </a>
     </div>

apps/activity/views.py

@@ -168,6 +168,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
         Don't display the entry interface if the user has no right to see it (no right to add an entry for itself),
         it is closed or doesn't manage entries.
         """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
+
         activity = Activity.objects.get(pk=self.kwargs["pk"])
 
         sample_entry = Entry(activity=activity, note=self.request.user.note)

apps/api/serializers.py

@@ -7,8 +7,11 @@ from django.contrib.auth.models import User
 from django.utils import timezone
 from rest_framework import serializers
 from member.api.serializers import ProfileSerializer, MembershipSerializer
+from member.models import Membership
 from note.api.serializers import NoteSerializer
 from note.models import Alias
+from note_kfet.middlewares import get_current_request
+from permission.backends import PermissionBackend
 
 
 class UserSerializer(serializers.ModelSerializer):
@@ -45,18 +48,30 @@ class OAuthSerializer(serializers.ModelSerializer):
     """
     normalized_name = serializers.SerializerMethodField()
 
-    profile = ProfileSerializer()
+    profile = serializers.SerializerMethodField()
 
-    note = NoteSerializer()
+    note = serializers.SerializerMethodField()
 
     memberships = serializers.SerializerMethodField()
 
     def get_normalized_name(self, obj):
         return Alias.normalize(obj.username)
 
+    def get_profile(self, obj):
+        # Display the profile of the user only if we have rights to see it.
+        return ProfileSerializer().to_representation(obj.profile) \
+            if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None
+
+    def get_note(self, obj):
+        # Display the note of the user only if we have rights to see it.
+        return NoteSerializer().to_representation(obj.note) \
+            if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None
+
     def get_memberships(self, obj):
+        # Display only memberships that we are allowed to see.
         return serializers.ListSerializer(child=MembershipSerializer()).to_representation(
-            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now()))
+            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now())
+                           .filter(PermissionBackend.filter_queryset(get_current_request(), Membership, 'view')))
 
     class Meta:
         model = User

apps/api/urls.py

@@ -26,6 +26,10 @@ if "note" in settings.INSTALLED_APPS:
     from note.api.urls import register_note_urls
     register_note_urls(router, 'note')
 
+if "sheets" in settings.INSTALLED_APPS:
+    from sheets.api.urls import register_sheets_urls
+    register_sheets_urls(router, 'sheets')
+
 if "treasury" in settings.INSTALLED_APPS:
     from treasury.api.urls import register_treasury_urls
     register_treasury_urls(router, 'treasury')

apps/member/migrations/0008_auto_20211005_1544.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.24 on 2021-10-05 13:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0007_auto_20210313_1235'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='profile',
+            name='department',
+            field=models.CharField(choices=[('A0', 'Informatics (A0)'), ('A1', 'Mathematics (A1)'), ('A2', 'Physics (A2)'), ("A'2", "Applied physics (A'2)"), ("A''2", "Chemistry (A''2)"), ('A3', 'Biology (A3)'), ('B1234', 'SAPHIRE (B1234)'), ('B1', 'Mechanics (B1)'), ('B2', 'Civil engineering (B2)'), ('B3', 'Mechanical engineering (B3)'), ('B4', 'EEA (B4)'), ('C', 'Design (C)'), ('D2', 'Economy-management (D2)'), ('D3', 'Social sciences (D3)'), ('E', 'English (E)'), ('EXT', 'External (EXT)')], max_length=8, verbose_name='department'),
+        ),
+    ]

apps/member/migrations/0009_auto_20220818_1301.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.27 on 2022-08-18 11:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0008_auto_20211005_1544'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='profile',
+            name='promotion',
+            field=models.PositiveSmallIntegerField(default=2022, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
+        ),
+    ]

apps/member/models.py

@@ -258,16 +258,18 @@ class Club(models.Model):
         This function is called each time the club detail view is displayed.
         Update the year of the membership dates.
         """
-        if not self.membership_start:
+        if not self.membership_start or not self.membership_end:
             return
 
         today = datetime.date.today()
 
         if (today - self.membership_start).days >= 365:
-            self.membership_start = datetime.date(self.membership_start.year + 1,
-                                                  self.membership_start.month, self.membership_start.day)
-            self.membership_end = datetime.date(self.membership_end.year + 1,
-                                                self.membership_end.month, self.membership_end.day)
+            if self.membership_start:
+                self.membership_start = datetime.date(self.membership_start.year + 1,
+                                                      self.membership_start.month, self.membership_start.day)
+            if self.membership_end:
+                self.membership_end = datetime.date(self.membership_end.year + 1,
+                                                    self.membership_end.month, self.membership_end.day)
             self._force_save = True
             self.save(force_update=True)
 

apps/member/static/member/js/trust.js

@@ -0,0 +1,53 @@
+/**
+ * On form submit, create a new friendship
+ */
+function create_trust (e) {
+  // Do not submit HTML form
+  e.preventDefault()
+
+  // Get data and send to API
+  const formData = new FormData(e.target)
+  $.getJSON('/api/note/alias/'+formData.get('trusted') + '/',
+    function (trusted_alias) {
+      if ((trusted_alias.note == formData.get('trusting')))
+      {
+         addMsg(gettext("You can't add yourself as a friend"), "danger")
+         return
+      }
+      $.post('/api/note/trust/', {
+        csrfmiddlewaretoken: formData.get('csrfmiddlewaretoken'),
+        trusting: formData.get('trusting'),
+        trusted: trusted_alias.note
+      }).done(function () {
+        // Reload table
+        $('#trust_table').load(location.pathname + ' #trust_table')
+        addMsg(gettext('Friendship successfully added'), 'success')
+      }).fail(function (xhr, _textStatus, _error) {
+        errMsg(xhr.responseJSON)
+      })
+    }).fail(function (xhr, _textStatus, _error) {
+        errMsg(xhr.responseJSON)
+    })
+}
+
+/**
+ * On click of "delete", delete the alias
+ * @param button_id:Integer Alias id to remove
+ */
+function delete_button (button_id) {
+  $.ajax({
+    url: '/api/note/trust/' + button_id + '/',
+    method: 'DELETE',
+    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
+  }).done(function () {
+    addMsg(gettext('Friendship successfully deleted'), 'success')
+    $('#trust_table').load(location.pathname + ' #trust_table')
+  }).fail(function (xhr, _textStatus, _error) {
+    errMsg(xhr.responseJSON)
+  })
+}
+
+$(document).ready(function () {
+  // Attach event
+  document.getElementById('form_trust').addEventListener('submit', create_trust)
+})

apps/member/tables.py

@@ -120,7 +120,7 @@ class MembershipTable(tables.Table):
                     club=record.club,
                     user=record.user,
                     date_start__gte=record.club.membership_start,
-                    date_end__lte=record.club.membership_end,
+                    date_end__lte=record.club.membership_end or date(9999, 12, 31),
             ).exists():  # If the renew is not yet performed
                 empty_membership = Membership(
                     club=record.club,

apps/member/templates/member/base.html

@@ -45,10 +45,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
             <div class="card-footer">
                 {% if user_object %}
                 <a class="btn btn-sm btn-secondary" href="{% url 'member:user_update_profile' user_object.pk %}">
-                    <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                        <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                    </svg>
-                    {% trans 'Update Profile' %}
+                    <i class="fa fa-edit"></i> {% trans 'Update Profile' %}
                 </a>
                 {% url 'member:user_detail' user_object.pk as user_profile_url %}
                 {% if request.path_info != user_profile_url %}
@@ -62,10 +59,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                 {% if ".change_"|has_perm:club %}
                 <a class="btn btn-sm btn-secondary" href="{% url 'member:club_update' pk=club.pk %}"
                    data-turbolinks="false">
-                    <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                        <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                    </svg>
-                    {% trans 'Update Profile' %}
+                    <i class="fa fa-edit"></i> {% trans 'Update Profile' %}
                 </a>
                 {% endif %}
                 {% url 'member:club_detail' club.pk as club_detail_url %}

apps/member/templates/member/club_detail.html

@@ -10,10 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="font-weight-bold">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-            </svg>
-            {% trans "Club managers" %}
+            <i class="fa fa-users"></i> {% trans "Club managers" %}
         </a>
     </div>
     {% render_table managers %}
@@ -26,12 +23,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="stretched-link font-weight-bold" href="{% url 'member:club_members' pk=club.pk %}">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                <path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
-                <path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
-            </svg>
-            {% trans "Club members" %}
+            <i class="fa fa-users"></i> {% trans "Club members" %}
         </a>
     </div>
     {% render_table member_list %}
@@ -45,10 +37,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <div class="card-header position-relative" id="historyListHeading">
         <a class="stretched-link font-weight-bold" {% if "note.view_note"|has_perm:club.note %}
             href="{% url 'note:transactions' pk=club.note.pk %}" {% endif %}>
-            <svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
-            </svg>
-            {% trans "Transaction history" %}
+            <i class="fa fa-euro"></i> {% trans "Transaction history" %}
         </a>
     </div>
     <div id="history_list">

apps/member/templates/member/includes/club_info.html

@@ -47,9 +47,7 @@
     <dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
     <dd class="col-xl-6">
         <a class="badge badge-secondary" href="{% url 'member:club_alias' club.pk %}">
-            <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-            </svg>
+            <i class="fa fa-edit"></i>
             {% trans 'Manage aliases' %} ({{ club.note.alias.all|length }})
         </a>
     </dd>

apps/member/templates/member/includes/profile_info.html

@@ -11,9 +11,7 @@
     <dt class="col-xl-6">{% trans 'password'|capfirst %}</dt>
     <dd class="col-xl-6">
         <a class="badge badge-secondary" href="{% url 'password_change' %}">
-            <svg class="bi bi-lock" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
-            </svg>
+            <i class="fa fa-lock"></i>
             {% trans 'Change password' %}
         </a>
     </dd>
@@ -22,13 +20,19 @@
     <dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
     <dd class="col-xl-6">
         <a class="badge badge-secondary" href="{% url 'member:user_alias' user_object.pk %}">
-            <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-            </svg>
+            <i class="fa fa-edit"></i>
             {% trans 'Manage aliases' %} ({{ user_object.note.alias.all|length }})
         </a>
     </dd>
 
+    <dt class="col-xl-6">{% trans 'friendships'|capfirst %}</dt>
+    <dd class="col-xl-6">
+        <a class="badge badge-secondary" href="{% url 'member:user_trust' user_object.pk %}">
+            <i class="fa fa-edit"></i>
+            {% trans 'Manage friendships' %} ({{ user_object.note.trusting.all|length }})
+        </a>
+    </dd>
+
     {% if "member.view_profile"|has_perm:user_object.profile %}
         <dt class="col-xl-6">{% trans 'section'|capfirst %}</dt>
         <dd class="col-xl-6">{{ user_object.profile.section }}</dd>
@@ -56,10 +60,7 @@
 {% if user_object.pk == user.pk %}
     <div class="text-center">
         <a class="small badge badge-secondary" href="{% url 'member:auth_token' %}">
-            <svg class="bi bi-cogs" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M9.405 1.05c-.413-1.4-2.397-1.4-2.81 0l-.1.34a1.464 1.464 0 0 1-2.105.872l-.31-.17c-1.283-.698-2.686.705-1.987 1.987l.169.311c.446.82.023 1.841-.872 2.105l-.34.1c-1.4.413-1.4 2.397 0 2.81l.34.1a1.464 1.464 0 0 1 .872 2.105l-.17.31c-.698 1.283.705 2.686 1.987 1.987l.311-.169a1.464 1.464 0 0 1 2.105.872l.1.34c.413 1.4 2.397 1.4 2.81 0l.1-.34a1.464 1.464 0 0 1 2.105-.872l.31.17c1.283.698 2.686-.705 1.987-1.987l-.169-.311a1.464 1.464 0 0 1 .872-2.105l.34-.1c1.4-.413 1.4-2.397 0-2.81l-.34-.1a1.464 1.464 0 0 1-.872-2.105l.17-.31c.698-1.283-.705-2.686-1.987-1.987l-.311.169a1.464 1.464 0 0 1-2.105-.872l-.1-.34zM8 10.93a2.929 2.929 0 1 1 0-5.86 2.929 2.929 0 0 1 0 5.858z"/>
-            </svg>
-            {% trans 'API token' %}
+            <i class="fa fa-cogs"></i>{% trans 'API token' %}
         </a>
     </div>
 {% endif %}

apps/member/templates/member/profile_detail.html

@@ -18,10 +18,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card bg-light mb-3">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="font-weight-bold">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-            </svg>
-            {% trans "View my memberships" %}
+            <i class="fa fa-users"></i> {% trans "View my memberships" %}
         </a>
     </div>
     {% render_table club_list %}
@@ -32,10 +29,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
         <a class="stretched-link font-weight-bold text-decoration-none"
             {% if "note.view_note"|has_perm:user_object.note %}
             href="{% url 'note:transactions' pk=user_object.note.pk %}" {% endif %}>
-            <svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
-            </svg>
-            {% trans "Transaction history" %}
+            <i class="fa fa-euro"></i> {% trans "Transaction history" %}
         </a>
     </div>
     <div id="history_list">

apps/member/templates/member/profile_trust.html

@@ -0,0 +1,41 @@
+{% extends "member/base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load static django_tables2 i18n %}
+
+{% block profile_content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {% trans "Note friendships" %}
+    </h3>
+    <div class="card-body">
+        {% if can_create %}
+            <form class="input-group" method="POST" id="form_trust">
+                {% csrf_token %}
+                <input type="hidden" name="trusting" value="{{ object.note.pk }}">
+                {%include "autocomplete_model.html" %}
+                <div class="input-group-append">
+                    <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
+                </div>
+            </form>
+        {% endif %}
+    </div>
+    {% render_table trusting %}
+</div>
+
+<div class="alert alert-warning card">
+    {% blocktrans trimmed %}
+        Adding someone as a friend enables them to initiate transactions coming
+        from your account (while keeping your balance positive). This is
+        designed to simplify using note kfet transfers to transfer money between
+        users. The intent is that one person can make all transfers for a group of
+        friends without needing additional rights among them.
+    {% endblocktrans %}
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script src="{% static "member/js/trust.js" %}"></script>
+<script src="{% static "js/autocomplete_model.js" %}"></script>
+{% endblock%}

apps/member/templates/member/user_list.html

@@ -7,11 +7,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% block content %}
 {% if can_manage_registrations %}
 <a class="btn btn-block btn-secondary mb-3" href="{% url 'registration:future_user_list' %}">
-    <svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-        <path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-        <path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
-    </svg>
-    {% trans "Registrations" %}
+    <i class="fa fa-user-plus"></i> {% trans "Registrations" %}
 </a>
 {% endif %}
 

apps/member/urls.py

@@ -23,5 +23,6 @@ urlpatterns = [
     path('user/<int:pk>/update/', views.UserUpdateView.as_view(), name="user_update_profile"),
     path('user/<int:pk>/update_pic/', views.ProfilePictureUpdateView.as_view(), name="user_update_pic"),
     path('user/<int:pk>/aliases/', views.ProfileAliasView.as_view(), name="user_alias"),
+    path('user/<int:pk>/trust', views.ProfileTrustView.as_view(), name="user_trust"),
     path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
 ]

apps/member/views.py

@@ -8,6 +8,7 @@ from django.contrib.auth import logout
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.contrib.auth.views import LoginView
+from django.contrib.contenttypes.models import ContentType
 from django.db import transaction
 from django.db.models import Q, F
 from django.shortcuts import redirect
@@ -18,9 +19,9 @@ from django.views.generic import DetailView, UpdateView, TemplateView
 from django.views.generic.edit import FormMixin
 from django_tables2.views import SingleTableView
 from rest_framework.authtoken.models import Token
-from note.models import Alias, NoteUser
+from note.models import Alias, NoteClub, NoteUser, Trust
 from note.models.transactions import Transaction, SpecialTransaction
-from note.tables import HistoryTable, AliasTable
+from note.tables import HistoryTable, AliasTable, TrustTable
 from note_kfet.middlewares import _set_current_request
 from permission.backends import PermissionBackend
 from permission.models import Role
@@ -174,7 +175,7 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
             modified_note = NoteUser.objects.get(pk=user.note.pk)
             # Don't log these tests
             modified_note._no_signal = True
-            modified_note.is_active = True
+            modified_note.is_active = False
             modified_note.inactivity_reason = 'manual'
             context["can_lock_note"] = user.note.is_active and PermissionBackend\
                                            .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
@@ -183,14 +184,14 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
             modified_note._force_save = True
             modified_note.save()
             context["can_force_lock"] = user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
             old_note._force_save = True
             old_note._no_signal = True
             old_note.save()
             modified_note.refresh_from_db()
             modified_note.is_active = True
             context["can_unlock_note"] = not user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
 
         return context
 
@@ -243,6 +244,39 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
         return context
 
 
+class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    """
+    View and manage user trust relationships
+    """
+    model = User
+    template_name = 'member/profile_trust.html'
+    context_object_name = 'user_object'
+    extra_context = {"title": _("Note friendships")}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        note = context['object'].note
+        context["trusting"] = TrustTable(
+            note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all())
+        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_trust", Trust(
+            trusting=context["object"].note,
+            trusted=context["object"].note
+        ))
+        context["widget"] = {
+            "name": "trusted",
+            "attrs": {
+                "model_pk": ContentType.objects.get_for_model(Alias).pk,
+                "class": "autocomplete form-control",
+                "id": "trusted",
+                "resetable": True,
+                "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser",
+                "name_field": "name",
+                "placeholder": ""
+            }
+        }
+        return context
+
+
 class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
     """
     View and manage user aliases.
@@ -256,7 +290,8 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         context = super().get_context_data(**kwargs)
         note = context['object'].note
         context["aliases"] = AliasTable(
-            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
+            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct()
+            .order_by('normalized_name').all())
         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
             note=context["object"].note,
             name="",
@@ -403,9 +438,12 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         """
         context = super().get_context_data(**kwargs)
 
-        club = context["club"]
+        club = self.object
+        context["note"] = club.note
+
         if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club):
             club.update_membership_dates()
+
         # managers list
         managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club",
                                              date_start__lte=date.today(), date_end__gte=date.today())\
@@ -443,6 +481,29 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         context["can_add_members"] = PermissionBackend()\
             .has_perm(self.request.user, "member.add_membership", empty_membership)
 
+        # Check permissions to see if the authenticated user can lock/unlock the note
+        with transaction.atomic():
+            modified_note = NoteClub.objects.get(pk=club.note.pk)
+            # Don't log these tests
+            modified_note._no_signal = True
+            modified_note.is_active = False
+            modified_note.inactivity_reason = 'manual'
+            context["can_lock_note"] = club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+            old_note = NoteClub.objects.select_for_update().get(pk=club.note.pk)
+            modified_note.inactivity_reason = 'forced'
+            modified_note._force_save = True
+            modified_note.save()
+            context["can_force_lock"] = club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+            old_note._force_save = True
+            old_note._no_signal = True
+            old_note.save()
+            modified_note.refresh_from_db()
+            modified_note.is_active = True
+            context["can_unlock_note"] = not club.note.is_active and PermissionBackend \
+                .check_perm(self.request, "note.change_noteclub_is_active", modified_note)
+
         return context
 
 

apps/note/api/serializers.py

@@ -12,7 +12,7 @@ from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 from rest_framework.utils import model_meta
 
-from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias
+from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias, Trust
 from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \
     RecurrentTransaction, SpecialTransaction
 
@@ -77,6 +77,22 @@ class NoteUserSerializer(serializers.ModelSerializer):
         return str(obj)
 
 
+class TrustSerializer(serializers.ModelSerializer):
+    """
+    REST API Serializer for Trusts.
+    The djangorestframework plugin will analyse the model `Trust` and parse all fields in the API.
+    """
+
+    class Meta:
+        model = Trust
+        fields = '__all__'
+
+    def validate(self, attrs):
+        instance = Trust(**attrs)
+        instance.clean()
+        return attrs
+
+
 class AliasSerializer(serializers.ModelSerializer):
     """
     REST API Serializer for Aliases.

apps/note/api/urls.py

@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \
-    TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet
+    TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet, \
+    TrustViewSet
 
 
 def register_note_urls(router, path):
@@ -11,6 +12,7 @@ def register_note_urls(router, path):
     """
     router.register(path + '/note', NotePolymorphicViewSet)
     router.register(path + '/alias', AliasViewSet)
+    router.register(path + '/trust', TrustViewSet)
     router.register(path + '/consumer', ConsumerViewSet)
 
     router.register(path + '/transaction/category', TemplateCategoryViewSet)

apps/note/api/views.py

@@ -14,8 +14,9 @@ from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSe
 from permission.backends import PermissionBackend
 
 from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
-    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer
-from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial
+    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer, \
+    TrustSerializer
+from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial, Trust
 from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory
 
 
@@ -56,11 +57,41 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
         return queryset.order_by("id")
 
 
+class TrustViewSet(ReadProtectedModelViewSet):
+    """
+    REST Trust View set.
+    The djangorestframework plugin will get all `Trust` objects, serialize it to JSON with the given serializer,
+    then render it on /api/note/trust/
+    """
+    queryset = Trust.objects
+    serializer_class = TrustSerializer
+    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name',
+                     '$trusted__alias__name', '$trusted__alias__normalized_name']
+    filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user']
+    ordering_fields = ['trusting', 'trusted', ]
+
+    def get_serializer_class(self):
+        serializer_class = self.serializer_class
+        if self.request.method in ['PUT', 'PATCH']:
+            # trust relationship can't change people involved
+            serializer_class.Meta.read_only_fields = ('trusting', 'trusting',)
+        return serializer_class
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        try:
+            self.perform_destroy(instance)
+        except ValidationError as e:
+            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+
 class AliasViewSet(ReadProtectedModelViewSet):
     """
     REST API View set.
     The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer,
-    then render it on /api/aliases/
+    then render it on /api/note/aliases/
     """
     queryset = Alias.objects
     serializer_class = AliasSerializer

apps/note/migrations/0006_trust.py

@@ -0,0 +1,27 @@
+# Generated by Django 2.2.24 on 2021-09-05 19:16
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('note', '0005_auto_20210313_1235'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Trust',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('trusted', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusted', to='note.Note', verbose_name='trusted')),
+                ('trusting', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusting', to='note.Note', verbose_name='trusting')),
+            ],
+            options={
+                'verbose_name': 'frienship',
+                'verbose_name_plural': 'friendships',
+                'unique_together': {('trusting', 'trusted')},
+            },
+        ),
+    ]

apps/note/models/__init__.py

@@ -1,13 +1,13 @@
 # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
+from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust
 from .transactions import MembershipTransaction, Transaction, \
     TemplateCategory, TransactionTemplate, RecurrentTransaction, SpecialTransaction
 
 __all__ = [
     # Notes
-    'Alias', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser',
+    'Alias', 'Trust', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser',
     # Transactions
     'MembershipTransaction', 'Transaction', 'TemplateCategory', 'TransactionTemplate',
     'RecurrentTransaction', 'SpecialTransaction',

apps/note/models/notes.py

@@ -217,6 +217,38 @@ class NoteSpecial(Note):
         return self.special_type
 
 
+class Trust(models.Model):
+    """
+    A one-sided trust relationship bertween two users
+
+    If another user considers you as your friend, you can transfer money from
+    them
+    """
+
+    trusting = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='trusting',
+        verbose_name=_('trusting')
+    )
+
+    trusted = models.ForeignKey(
+        Note,
+        on_delete=models.CASCADE,
+        related_name='trusted',
+        verbose_name=_('trusted')
+    )
+
+    class Meta:
+        verbose_name = _("frienship")
+        verbose_name_plural = _("friendships")
+        unique_together = ("trusting", "trusted")
+
+    def __str__(self):
+        return _("Friendship between {trusting} and {trusted}").format(
+            trusting=str(self.trusting), trusted=str(self.trusted))
+
+
 class Alias(models.Model):
     """
     points toward  a :model:`note.NoteUser` or :model;`note.NoteClub` instance.

apps/note/tables.py

@@ -4,13 +4,13 @@
 import html
 
 import django_tables2 as tables
-from django.utils.html import format_html
+from django.utils.html import format_html, mark_safe
 from django_tables2.utils import A
 from django.utils.translation import gettext_lazy as _
 from note_kfet.middlewares import get_current_request
 from permission.backends import PermissionBackend
 
-from .models.notes import Alias
+from .models.notes import Alias, Trust
 from .models.transactions import Transaction, TransactionTemplate
 from .templatetags.pretty_money import pretty_money
 
@@ -148,6 +148,31 @@ DELETE_TEMPLATE = """
 """
 
 
+class TrustTable(tables.Table):
+    class Meta:
+        attrs = {
+            'class': 'table table condensed table-striped',
+            'id': "trust_table"
+        }
+        model = Trust
+        fields = ("trusted",)
+        template_name = 'django_tables2/bootstrap4.html'
+
+    show_header = False
+    trusted = tables.Column(attrs={'td': {'class': 'text_center'}})
+
+    delete_col = tables.TemplateColumn(
+        template_code=DELETE_TEMPLATE,
+        extra_context={"delete_trans": _('delete')},
+        attrs={
+            'td': {
+                'class': lambda record: 'col-sm-1'
+                + (' d-none' if not PermissionBackend.check_perm(
+                    get_current_request(), "note.delete_trust", record)
+                   else '')}},
+        verbose_name=_("Delete"),)
+
+
 class AliasTable(tables.Table):
     class Meta:
         attrs = {
@@ -197,6 +222,17 @@ class ButtonTable(tables.Table):
         verbose_name=_("Edit"),
     )
 
+    hideshow = tables.Column(
+        verbose_name=_("Hide/Show"),
+        accessor="pk",
+        attrs={
+            'td': {
+                'class': 'col-sm-1',
+                'id': lambda record: "hideshow_" + str(record.pk),
+            }
+        },
+    )
+
     delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
                                        extra_context={"delete_trans": _('delete')},
                                        attrs={'td': {'class': 'col-sm-1'}},
@@ -204,3 +240,16 @@ class ButtonTable(tables.Table):
 
     def render_amount(self, value):
         return pretty_money(value)
+
+    def order_category(self, queryset, is_descending):
+        return queryset.order_by(f"{'-' if is_descending else ''}category__name"), True
+
+    def render_hideshow(self, record):
+        val = '<button id="'
+        val += str(record.pk)
+        val += '" class="btn btn-secondary btn-sm" \
+            onclick="hideshow(' + str(record.id) + ',' + \
+            str(record.display).lower() + ')">'
+        val += str(_("Hide/Show"))
+        val += '</button>'
+        return mark_safe(val)

apps/note/templates/note/conso_form.html

@@ -129,10 +129,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                 {# Mode switch #}
                 <div class="card-footer border-primary">
                     <a class="btn btn-sm btn-secondary float-left" href="{% url 'note:template_list' %}">
-                        <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                            <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                        </svg>
-                        {% trans "Edit" %}
+                        <i class="fa fa-edit"></i> {% trans "Edit" %}
                     </a>
                     <div class="btn-group btn-group-toggle float-right" data-toggle="buttons">
                         <label for="single_conso" class="btn btn-sm btn-outline-primary active">

apps/note/templates/note/transactiontemplate_list.html

@@ -31,29 +31,29 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 {% block extrajavascript %}
 <script type="text/javascript">
+    function refreshMatchedWords() {
+        $("tr").each(function() {
+            let pattern = $('#search_field').val();
+            if (pattern) {
+                $(this).find("td:eq(0), td:eq(1), td:eq(3), td:eq(6)").each(function () {
+                    $(this).html($(this).text().replace(new RegExp(pattern, 'i'), "<mark>$&</mark>"));
+                });
+            }
+        });
+    }
+
+    function reloadTable() {
+        let pattern = $('#search_field').val();
+        $("#buttons_table").load(location.pathname + "?search=" + pattern.replace(" ", "%20") + " #buttons_table", refreshMatchedWords);
+    }
+
     $(document).ready(function() {
         let searchbar_obj = $("#search_field");
         let timer_on = false;
         let timer;
 
-        function refreshMatchedWords() {
-            $("tr").each(function() {
-                let pattern = searchbar_obj.val();
-                if (pattern) {
-                    $(this).find("td:eq(0), td:eq(1), td:eq(3), td:eq(6)").each(function () {
-                        $(this).html($(this).text().replace(new RegExp(pattern, 'i'), "<mark>$&</mark>"));
-                    });
-                }
-            });
-        }
-
         refreshMatchedWords();
 
-        function reloadTable() {
-            let pattern = searchbar_obj.val();
-            $("#buttons_table").load(location.pathname + "?search=" + pattern.replace(" ", "%20") + " #buttons_table", refreshMatchedWords);
-        }
-
         searchbar_obj.keyup(function() {
             if (timer_on)
                 clearTimeout(timer);
@@ -77,5 +77,28 @@ SPDX-License-Identifier: GPL-3.0-or-later
               addMsg('{% trans "Unable to delete button "%} #' + button_id, 'danger')
           });
      }
+
+    // on click of button "hide/show", call the API
+    function hideshow(id, displayed) {
+            $.ajax({
+                url: '/api/note/transaction/template/' + id + '/',
+                type: 'PATCH',
+                dataType: 'json',
+                headers: {
+                    'X-CSRFTOKEN': CSRF_TOKEN
+                },
+                data: {
+                    display: !displayed
+                },
+                success: function() {
+                    if(displayed)
+                        addMsg("{% trans "Button hidden"%}", 'success', 1000)
+                    else addMsg("{% trans "Button displayed"%}", 'success', 1000)
+                    reloadTable()
+                },
+                error: function (err) {
+                    addMsg("{% trans "An error occured"%}", 'danger')
+                }})
+        }
 </script>
 {% endblock %}

apps/note/templates/sheets/order.html

@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load crispy_forms_tags %}
+{% load i18n %}
+
+{% block content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {{ title }}
+    </h3>
+    <div class="card-body">
+        {% crispy form %}
+    </div>
+</div>
+{% endblock %}

apps/note/templates/sheets/waiting_list.html

@@ -0,0 +1,88 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+<div class="card">
+<div class="card-header text-center">
+    <h1>{{ food.name }}</h1>
+</div>
+<div class="card-body">
+    <div class="row">
+        <div class="card col-xl-6">
+            <div class="card-header text-center">
+                <h2>{% trans "queued"|capfirst %}{% if queue %} ({{ queue|length }}){% endif %}</h2>
+            </div>
+            <div class="card-body">
+                <ul>
+                    {% for ordered_food in queue %}
+                        <li>
+                            {{ ordered_food.order.note }}
+                            {% if ordered_food.priority %}
+                                <span class="badge badge-secondary">{{ ordered_food.priority }}</span>
+                            {% endif %}
+                        </li>
+                    {% empty %}
+                        <div class="alert alert-warning">
+                            {% trans "There is no queued order." %}
+                        </div>
+                    {% endfor %}
+                </ul>
+            </div>
+        </div>
+        <div class="card col-xl-6">
+            <div class="card-header text-center">
+                <h2>{% trans "ready"|capfirst %}</h2>
+            </div>
+            <div class="card-body">
+                <ul>
+                    {% for ordered_food in ready %}
+                        <li>{{ ordered_food.order.note }}</li>
+                    {% empty %}
+                        <div class="alert alert-warning">
+                            {% trans "There is no ready order." %}
+                        </div>
+                    {% endfor %}
+                </ul>
+            </div>
+        </div>
+    </div>
+
+    <hr>
+
+    <h3>{% trans "Other waiting lists:" %}</h3>
+    <ul>
+        {% for other_food in food.sheet.food_set.all %}
+            {% if other_food != food %}
+                <li>
+                    <a href="{% url 'sheets:waiting_list' pk=other_food.pk %}">{{ other_food }}</a>
+                </li>
+            {% endif %}
+        {% endfor %}
+    </ul>
+</div>
+<div class="card-footer text-center">
+    <a href="{% url 'sheets:queued_list' pk=food.pk %}" class="btn btn-primary">
+        {% trans "Queued orders" %}
+    </a>
+    <a href="{% url 'sheets:ready_list' pk=food.pk %}" class="btn btn-primary">
+        {% trans "Ready orders" %}
+    </a>
+    <a href="{% url 'sheets:sheet_detail' pk=food.sheet_id %}" class="btn btn-secondary">
+        {% trans "Back to note sheet detail" %}
+    </a>
+</div>
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+    <script>
+        function reload() {
+            reloadWithTurbolinks()
+            timeout = setTimeout(reload, 15000)
+        }
+
+        if (timeout === undefined)
+            var timeout = setTimeout(reload, 15000)
+    </script>
+{% endblock %}

apps/note/templates/sheets/waiting_list_detail.html

@@ -0,0 +1,152 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+<div class="card">
+<div class="card-header text-center">
+    <h1>{{ title }}</h1>
+</div>
+<div class="card-body">
+    {% for of in orders %}
+        <div class="card mb-4">
+            <div class="card-header text-center">
+                <h3>{{ of.order.note }}</h3>
+            </div>
+            <div class="card-body">
+                <dl class="row">
+                    <dt class="col-xl-3">{% trans 'date'|capfirst %}</dt>
+                    <dd class="col-xl-9">{{ of.order.date }}</dd>
+
+                    {% if of.number > 1 %}
+                        <dt class="col-xl-3">{% trans 'order number'|capfirst %}</dt>
+                        <dd class="col-xl-9">{{ of.number }}</dd>
+                    {% endif %}
+
+                    {% if of.priority %}
+                        <dt class="col-xl-3">{% trans 'priority request'|capfirst %}</dt>
+                        <dd class="col-xl-9">{{ of.priority }}</dd>
+                    {% endif %}
+
+                    {% if of.remark %}
+                        <dt class="col-xl-3">{% trans 'remark'|capfirst %}</dt>
+                        <dd class="col-xl-9">{{ of.remark }}</dd>
+                    {% endif %}
+
+                    {% if of.options.count %}
+                        <dt class="col-xl-3">{% trans 'options'|capfirst %}</dt>
+                        <dd class="col-xl-9">{{ of.options.all|join:', ' }}</dd>
+                    {% endif %}
+                </dl>
+            </div>
+            <div class="card-footer text-center">
+                {% if list_type != 'READY' %}
+                    <a href="#" class="btn btn-success" onclick="setOrderStatus({{ of.pk }}, 'READY')">
+                        {% trans "Mark as ready" %}
+                    </a>
+                {% endif %}
+                {% if list_type != 'SERVED' %}
+                    <a href="#" class="btn btn-primary" onclick="setOrderStatus({{ of.pk }}, 'SERVED')">
+                        {% trans "Mark as served" %}
+                    </a>
+                {% endif %}
+                {% if list_type != 'QUEUED' %}
+                    <a href="#" class="btn btn-warning" onclick="setOrderStatus({{ of.pk }}, 'QUEUED')">
+                        {% trans "Re-queue" %}
+                    </a>
+                {% endif %}
+                {% if list_type != 'CANCELED' %}
+                    <a href="#" class="btn btn-danger" onclick="setOrderStatus({{ of.pk }}, 'CANCELED')">
+                        {% trans "Cancel" %}
+                    </a>
+                {% endif %}
+            </div>
+        </div>
+    {% empty %}
+        <div class="alert alert-warning">
+            {% trans "There is no queued order." %}
+        </div>
+    {% endfor %}
+</div>
+</div>
+
+<div class="card mt-5">
+<div class="card-body">
+    <h3>{% trans "Other waiting lists:" %}</h3>
+    <ul>
+        {% for other_food in food.sheet.food_set.all %}
+            {% if other_food != food %}
+                <li>
+                    {% if list_type == 'QUEUED' %}
+                        <a href="{% url 'sheets:queued_list' pk=other_food.pk %}">{{ other_food }}</a>
+                    {% else %}
+                        <a href="{% url 'sheets:ready_list' pk=other_food.pk %}">{{ other_food }}</a>
+                    {% endif %}
+                </li>
+            {% endif %}
+        {% endfor %}
+    </ul>
+</div>
+<div class="card-footer text-center">
+    {% if list_type != 'QUEUED' %}
+        <a href="{% url 'sheets:queued_list' pk=food.pk %}" class="btn btn-primary">
+            {% trans "Queued orders" %}
+        </a>
+    {% endif %}
+    {% if list_type != 'READY' %}
+        <a href="{% url 'sheets:ready_list' pk=food.pk %}" class="btn btn-success">
+            {% trans "Ready orders" %}
+        </a>
+    {% endif %}
+    {% if list_type != 'SERVED' %}
+        <a href="{% url 'sheets:served_list' pk=food.pk %}" class="btn btn-secondary">
+            {% trans "Served orders" %}
+        </a>
+    {% endif %}
+    {% if list_type != 'CANCELED' %}
+        <a href="{% url 'sheets:canceled_list' pk=food.pk %}" class="btn btn-danger">
+            {% trans "Canceled orders" %}
+        </a>
+    {% endif %}
+    <a href="{% url 'sheets:waiting_list' pk=food.pk %}" class="btn btn-primary">
+        {% trans "Waiting list" %}
+    </a>
+    <a href="{% url 'sheets:sheet_detail' pk=food.sheet_id %}" class="btn btn-secondary">
+        {% trans "Back to note sheet detail" %}
+    </a>
+</div>
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+    <script>
+        function reload() {
+            reloadWithTurbolinks()
+            timeout = setTimeout(reload, 15000)
+        }
+
+        if (timeout === undefined)
+            var timeout = setTimeout(reload, 15000)
+
+        function setOrderStatus(ordered_food_id, status) {
+            fetch('/api/sheets/orderedfood/' + ordered_food_id + '/', {
+                method: 'PATCH',
+                body: JSON.stringify({
+                    status: status,
+                    served_date: status === 'QUEUED' ? null : new Date().toISOString(),
+                }),
+                headers: {
+                    'Content-Type': "application/json; charset=UTF-8",
+                    'X-CSRFTOKEN': "{{ csrf_token }}"
+                }
+            }).then(response => response.json()).then(response => {
+                if ('detail' in response)
+                    addMsg("{% trans "An error occurred" %}" + " : " + response['detail'], "danger")
+                else {
+                    clearTimeout(timeout)
+                    reload()
+                }
+            })
+        }
+    </script>
+{% endblock %}

apps/note/views.py

@@ -90,9 +90,9 @@ class TransactionTemplateListView(ProtectQuerysetMixin, LoginRequiredMixin, Sing
         if "search" in self.request.GET:
             pattern = self.request.GET["search"]
             qs = qs.filter(
-                Q(name__iregex="^" + pattern)
-                | Q(destination__club__name__iregex="^" + pattern)
-                | Q(category__name__iregex="^" + pattern)
+                Q(name__iregex=pattern)
+                | Q(destination__club__name__iregex=pattern)
+                | Q(category__name__iregex=pattern)
                 | Q(description__iregex=pattern)
             )
 

apps/permission/fixtures/initial.json

@@ -977,7 +977,7 @@
 			],
 			"query": "[\"OR\", {\"source\": [\"club\", \"note\"]}, {\"destination\": [\"club\", \"note\"]}]",
 			"type": "view",
-			"mask": 1,
+			"mask": 2,
 			"field": "",
 			"permanent": false,
 			"description": "Voir les transactions d'un club"
@@ -2511,7 +2511,7 @@
 				"note",
 				"noteuser"
 			],
-			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"inactivity_reason\": null}]]",
+			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]",
 			"type": "change",
 			"mask": 1,
 			"field": "is_active",
@@ -2527,7 +2527,7 @@
 				"note",
 				"noteuser"
 			],
-			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"inactivity_reason\": null}]]",
+			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]",
 			"type": "change",
 			"mask": 1,
 			"field": "inactivity_reason",
@@ -2871,6 +2871,214 @@
 			"description": "Changer l'image de n'importe quelle note"
 		}
 	},
+	{
+		"model": "permission.permission",
+		"pk": 184,
+		"fields": {
+			"model": [
+				"note",
+				"noteclub"
+			],
+			"query": "[\"AND\", {\"club\": [\"club\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]",
+			"type": "change",
+			"mask": 3,
+			"field": "is_active",
+			"permanent": true,
+			"description": "(Dé)bloquer la note de son club manuellement"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 185,
+		"fields": {
+			"model": [
+				"note",
+				"noteclub"
+			],
+			"query": "[\"AND\", {\"club\": [\"club\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]",
+			"type": "change",
+			"mask": 3,
+			"field": "inactivity_reason",
+			"permanent": true,
+			"description": "(Dé)bloquer la note de son club et indiquer que cela a été fait manuellement"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 186,
+		"fields": {
+			"model": [
+				"oauth2_provider",
+				"application"
+			],
+			"query": "{\"user\": [\"user\"]}",
+			"type": "view",
+			"mask": 1,
+			"field": "",
+			"permanent": true,
+			"description": "Voir ses applications OAuth2"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 187,
+		"fields": {
+			"model": [
+				"oauth2_provider",
+				"application"
+			],
+			"query": "{\"user\": [\"user\"]}",
+			"type": "add",
+			"mask": 1,
+			"field": "",
+			"permanent": true,
+			"description": "Créer une application OAuth2"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 188,
+		"fields": {
+			"model": [
+				"oauth2_provider",
+				"application"
+			],
+			"query": "{\"user\": [\"user\"]}",
+			"type": "change",
+			"mask": 1,
+			"field": "",
+			"permanent": true,
+			"description": "Modifier une application OAuth2"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 189,
+		"fields": {
+			"model": [
+				"oauth2_provider",
+				"application"
+			],
+			"query": "{\"user\": [\"user\"]}",
+			"type": "delete",
+			"mask": 1,
+			"field": "",
+			"permanent": true,
+			"description": "Supprimer une application OAuth2"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 190,
+		"fields": {
+			"model": [
+				"note",
+				"trust"
+			],
+			"query": "{\"trusting\": [\"user\", \"note\"]}",
+			"type": "delete",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Supprimer une amitié à sa note"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 191,
+		"fields": {
+			"model": [
+				"note",
+				"trust"
+			],
+			"query": "{\"trusting\": [\"user\", \"note\"]}",
+			"type": "add",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Ajouter une amitié à sa note"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 192,
+		"fields": {
+			"model": [
+				"note",
+				"trust"
+			],
+			"query": "{\"trusting__is_active\": true}",
+			"type": "add",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Ajouter une amitié à une note non bloquée"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 193,
+		"fields": {
+			"model": [
+				"note",
+				"trust"
+			],
+			"query": "{\"trusting__is_active\": true}",
+			"type": "delete",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Supprimer une amitié à une note non bloquée"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 194,
+		"fields": {
+			"model": [
+				"note",
+				"trust"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir toutes les amitiés, y compris celles des non adhérents"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 195,
+		"fields": {
+			"model": [
+				"note",
+				"trust"
+			],
+			"query": "{\"trusting__noteuser__user\": [\"user\"]}",
+			"type": "view",
+			"mask": 1,
+			"field": "",
+			"permanent": true,
+			"description": "Voir ses propres amitiés, pour toujours"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 196,
+		"fields": {
+			"model": [
+				"note",
+				"transaction"
+			],
+			"query": "[\"AND\", {\"source__trusting__trusted\": [\"user\", \"note\"]}, [\"OR\", {\"source__balance__gte\": {\"F\": [\"MUL\", [\"F\", \"amount\"], [\"F\", \"quantity\"]]}}, {\"valid\": false}]]",
+			"type": "add",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Transférer de l'argent depuis une note amie en restant positif"
+		}
+	},
 	{
 		"model": "permission.role",
 		"pk": 1,
@@ -2901,7 +3109,15 @@
 				126,
 				161,
 				162,
-				165
+				165,
+				186,
+				187,
+				188,
+				189,
+				190,
+				191,
+				195,
+				196
 			]
 		}
 	},
@@ -2942,7 +3158,9 @@
 				158,
 				159,
 				160,
-				179
+				179,
+				189,
+				190
 			]
 		}
 	},
@@ -3010,7 +3228,9 @@
 				166,
 				167,
 				168,
-				182
+				182,
+				184,
+				185
 			]
 		}
 	},
@@ -3090,7 +3310,10 @@
 				176,
 				177,
 				178,
-				183
+				188,
+				183,
+				186,
+				187
 			]
 		}
 	},
@@ -3278,7 +3501,20 @@
 				180,
 				181,
 				182,
-				183
+				183,
+				184,
+				185,
+				186,
+				187,
+				188,
+				189,
+				190,
+				191,
+				192,
+				193,
+				194,
+				195,
+				196
 			]
 		}
 	},
@@ -3338,7 +3574,8 @@
 				45,
 				46,
 				148,
-				149
+				149,
+				182
 			]
 		}
 	},

apps/permission/scopes.py

@@ -1,6 +1,6 @@
 # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-
+from oauth2_provider.oauth2_validators import OAuth2Validator
 from oauth2_provider.scopes import BaseScopes
 from member.models import Club
 from note_kfet.middlewares import get_current_request
@@ -32,3 +32,26 @@ class PermissionScopes(BaseScopes):
             return []
         return [f"{p.id}_{p.membership.club.id}"
                 for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
+
+
+class PermissionOAuth2Validator(OAuth2Validator):
+    def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
+        """
+        User can request as many scope as he wants, including invalid scopes,
+        but it will have only the permissions he has.
+
+        This allows clients to request more permission to get finally a
+        subset of permissions.
+        """
+
+        valid_scopes = set()
+
+        for t in Permission.PERMISSION_TYPES:
+            for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0]):
+                scope = f"{p.id}_{p.membership.club.id}"
+                if scope in scopes:
+                    valid_scopes.add(scope)
+
+        request.scopes = valid_scopes
+
+        return valid_scopes

apps/permission/templates/permission/scopes.html

@@ -11,25 +11,25 @@
             <div class="accordion" id="accordionApps">
                 {% for app, app_scopes in scopes.items %}
                     <div class="card">
-                        <div class="card-header" id="app-{{ app.name.lower }}-title">
+                        <div class="card-header" id="app-{{ app.name|slugify }}-title">
                             <a class="text-decoration-none collapsed" href="#" data-toggle="collapse"
-                               data-target="#app-{{ app.name.lower }}" aria-expanded="false"
-                               aria-controls="app-{{ app.name.lower }}">
+                               data-target="#app-{{ app.name|slugify }}" aria-expanded="false"
+                               aria-controls="app-{{ app.name|slugify }}">
                                 {{ app.name }}
                             </a>
                         </div>
-                        <div class="collapse" id="app-{{ app.name.lower }}" aria-labelledby="app-{{ app.name.lower }}" data-target="#accordionApps">
+                        <div class="collapse" id="app-{{ app.name|slugify }}" aria-labelledby="app-{{ app.name|slugify }}" data-target="#accordionApps">
                             <div class="card-body">
                                 {% for scope_id, scope_desc in app_scopes.items %}
                                     <div class="form-group">
-                                        <label class="form-check-label" for="scope-{{ app.name.lower }}-{{ scope_id }}">
-                                            <input type="checkbox" id="scope-{{ app.name.lower }}-{{ scope_id }}"
-                                                   name="scope-{{ app.name.lower }}" class="checkboxinput form-check-input" value="{{ scope_id }}">
+                                        <label class="form-check-label" for="scope-{{ app.name|slugify }}-{{ scope_id }}">
+                                            <input type="checkbox" id="scope-{{ app.name|slugify }}-{{ scope_id }}"
+                                                   name="scope-{{ app.name|slugify }}" class="checkboxinput form-check-input" value="{{ scope_id }}">
                                             {{ scope_desc }}
                                         </label>
                                     </div>
                                 {% endfor %}
-                                <p id="url-{{ app.name.lower }}">
+                                <p id="url-{{ app.name|slugify }}">
                                     <a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code" target="_blank">
                                         {{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code
                                     </a>
@@ -51,11 +51,10 @@
 {% block extrajavascript %}
     <script>
         {% for app in scopes.keys %}
-            let elements = document.getElementsByName("scope-{{ app.name.lower }}");
-            for (let element of elements) {
+            for (let element of document.getElementsByName("scope-{{ app.name|slugify }}")) {
                 element.onchange = function (event) {
                     let scope = ""
-                    for (let element of elements) {
+                    for (let element of document.getElementsByName("scope-{{ app.name|slugify }}")) {
                         if (element.checked) {
                             scope += element.value + " "
                         }
@@ -63,7 +62,7 @@
 
                     scope = scope.substr(0, scope.length - 1)
 
-                    document.getElementById("url-{{ app.name.lower }}").innerHTML = 'Scopes : ' + scope
+                    document.getElementById("url-{{ app.name|slugify }}").innerHTML = 'Scopes : ' + scope
                         + '<br><a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='+ scope.replaceAll(' ', '%20')
                         + '" target="_blank">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='
                         + scope.replaceAll(' ', '%20') + '</a>'

apps/sheets/__init__.py

@@ -0,0 +1,4 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+default_app_config = 'sheets.apps.SheetsConfig'

apps/sheets/admin.py

@@ -0,0 +1,46 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.contrib import admin
+from note_kfet.admin import admin_site
+from sheets.models import Sheet, Food, FoodOption, Meal, Order, OrderedMeal, OrderedFood, SheetOrderTransaction
+
+
+@admin.register(Sheet, site=admin_site)
+class SheetAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(Food, site=admin_site)
+class FoodAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(FoodOption, site=admin_site)
+class FoodOptionAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(Meal, site=admin_site)
+class MealAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(Order, site=admin_site)
+class OrderAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(OrderedMeal, site=admin_site)
+class OrderedMealAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(OrderedFood, site=admin_site)
+class OrderedFoodAdmin(admin.ModelAdmin):
+    pass
+
+
+@admin.register(SheetOrderTransaction, site=admin_site)
+class SheetOrderTransactionAdmin(admin.ModelAdmin):
+    pass

apps/sheets/api/serializers.py

@@ -0,0 +1,55 @@
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from rest_framework import serializers
+
+
+from ..models import Sheet, Food, FoodOption, Meal, Order, OrderedMeal, OrderedFood, SheetOrderTransaction
+
+
+class SheetSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Sheet
+        fields = '__all__'
+
+
+class FoodSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Food
+        fields = '__all__'
+
+
+class FoodOptionSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = FoodOption
+        fields = '__all__'
+
+
+class MealSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Meal
+        fields = '__all__'
+
+
+class OrderSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Order
+        fields = '__all__'
+
+
+class OrderedMealSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = OrderedMeal
+        fields = '__all__'
+
+
+class OrderedFoodSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = OrderedFood
+        fields = '__all__'
+
+
+class SheetOrderTransactionSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = SheetOrderTransaction
+        fields = '__all__'

apps/sheets/api/urls.py

@@ -0,0 +1,19 @@
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from sheets.api.views import SheetViewSet, FoodViewSet, FoodOptionViewSet, MealViewSet, OrderViewSet, \
+    OrderedMealViewSet, OrderedFoodViewSet, SheetOrderTransactionViewSet
+
+
+def register_sheets_urls(router, path):
+    """
+    Configure router for Sheets REST API.
+    """
+    router.register(path + '/sheet', SheetViewSet)
+    router.register(path + '/food', FoodViewSet)
+    router.register(path + '/foodoption', FoodOptionViewSet)
+    router.register(path + '/meal', MealViewSet)
+    router.register(path + '/order', OrderViewSet)
+    router.register(path + '/orderedmeal', OrderedMealViewSet)
+    router.register(path + '/orderedfood', OrderedFoodViewSet)
+    router.register(path + '/sheetordertransaction', SheetOrderTransactionViewSet)

apps/sheets/api/views.py

@@ -0,0 +1,78 @@
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from api.viewsets import ReadProtectedModelViewSet
+from django_filters.rest_framework import DjangoFilterBackend
+from rest_framework.filters import SearchFilter, OrderingFilter
+
+from .serializers import SheetSerializer, FoodSerializer, FoodOptionSerializer, MealSerializer, OrderSerializer, \
+    OrderedMealSerializer, OrderedFoodSerializer, SheetOrderTransactionSerializer
+from ..models import Sheet, Food, FoodOption, Meal, Order, OrderedMeal, OrderedFood, SheetOrderTransaction
+
+
+class SheetViewSet(ReadProtectedModelViewSet):
+    queryset = Sheet.objects.order_by('id')
+    serializer_class = SheetSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'date', ]
+    search_fields = ['$name', ]
+
+
+class FoodViewSet(ReadProtectedModelViewSet):
+    queryset = Food.objects.order_by('id')
+    serializer_class = FoodSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'sheet', 'price', 'club', 'available', ]
+    search_fields = ['$name', ]
+
+
+class FoodOptionViewSet(ReadProtectedModelViewSet):
+    queryset = FoodOption.objects.order_by('id')
+    serializer_class = FoodOptionSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'food', 'extra_cost', 'available', ]
+    search_fields = ['$name', '$food__name', ]
+
+
+class MealViewSet(ReadProtectedModelViewSet):
+    queryset = Meal.objects.order_by('id')
+    serializer_class = MealSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'content', 'price', 'available', ]
+    search_fields = ['$name', ]
+
+
+class OrderViewSet(ReadProtectedModelViewSet):
+    queryset = Order.objects.order_by('id')
+    serializer_class = OrderSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['sheet', 'note', 'date', 'gift', ]
+    search_fields = ['$sheet__name', '$note__alias__name', '$note__alias__normalized_name', ]
+
+
+class OrderedMealViewSet(ReadProtectedModelViewSet):
+    queryset = OrderedMeal.objects.order_by('id')
+    serializer_class = OrderedMealSerializer
+    filter_backends = [DjangoFilterBackend]
+    filterset_fields = ['order', 'meal', ]
+
+
+class OrderedFoodViewSet(ReadProtectedModelViewSet):
+    queryset = OrderedFood.objects.order_by('id')
+    serializer_class = OrderedFoodSerializer
+    filter_backends = [DjangoFilterBackend]
+    filterset_fields = ['order', 'meal', 'food', 'options', 'number', 'status', 'served_date', ]
+
+
+class SheetOrderTransactionViewSet(ReadProtectedModelViewSet):
+    queryset = SheetOrderTransaction.objects.order_by('-created_at')
+    serializer_class = SheetOrderTransactionSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter, OrderingFilter]
+    filterset_fields = ['source', 'source_alias', 'source__alias__name', 'source__alias__normalized_name',
+                        'destination', 'destination_alias', 'destination__alias__name',
+                        'destination__alias__normalized_name', 'quantity', 'polymorphic_ctype', 'amount',
+                        'created_at', 'valid', 'invalidity_reason', 'ordered_food', ]
+    search_fields = ['$reason', '$source_alias', '$source__alias__name', '$source__alias__normalized_name',
+                     '$destination_alias', '$destination__alias__name', '$destination__alias__normalized_name',
+                     '$invalidity_reason', ]
+    ordering_fields = ['created_at', 'amount', ]

apps/sheets/apps.py

@@ -0,0 +1,10 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.apps import AppConfig
+from django.utils.translation import gettext_lazy as _
+
+
+class SheetsConfig(AppConfig):
+    name = 'sheets'
+    verbose_name = _('note sheets')

apps/sheets/forms.py

@@ -0,0 +1,67 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+from crispy_forms.helper import FormHelper
+from django import forms
+
+from member.models import Club
+from note_kfet.inputs import AmountInput, Autocomplete, DateTimePickerInput
+
+from .models import Food, FoodOption, Meal, Sheet
+
+
+class SheetForm(forms.ModelForm):
+    class Meta:
+        model = Sheet
+        fields = '__all__'
+        widgets = {
+            'date': DateTimePickerInput(),
+        }
+
+
+class FoodForm(forms.ModelForm):
+    class Meta:
+        model = Food
+        exclude = ('sheet', )
+        widgets = {
+            'price': AmountInput(),
+            'club': Autocomplete(
+                model=Club,
+                attrs={"api_url": "/api/members/club/"},
+            ),
+        }
+
+
+class FoodOptionForm(forms.ModelForm):
+    class Meta:
+        model = FoodOption
+        fields = '__all__'
+        widgets = {
+            'extra_cost': AmountInput(),
+        }
+
+
+FoodOptionsFormSet = forms.inlineformset_factory(
+    Food,
+    FoodOption,
+    form=FoodOptionForm,
+    extra=0,
+)
+
+
+class FoodOptionFormSetHelper(FormHelper):
+    def __init__(self, form=None):
+        super().__init__(form)
+        self.form_tag = False
+        self.form_method = 'POST'
+        self.form_class = 'form-inline'
+        self.template = 'bootstrap4/table_inline_formset.html'
+
+
+class MealForm(forms.ModelForm):
+    class Meta:
+        model = Meal
+        exclude = ('sheet', )
+        widgets = {
+            'content': forms.CheckboxSelectMultiple(),
+            'price': AmountInput(),
+        }

apps/sheets/migrations/0001_initial.py

@@ -0,0 +1,157 @@
+# Generated by Django 2.2.27 on 2022-08-18 11:01
+
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('member', '0009_auto_20220818_1301'),
+        ('note', '0006_trust'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Food',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='food')),
+                ('price', models.IntegerField(verbose_name='price')),
+                ('available', models.BooleanField(default=True, help_text="If set to false, this option won't be offered (in case of out of stock)", verbose_name='available')),
+                ('club', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='member.Club', verbose_name='destination club')),
+            ],
+            options={
+                'verbose_name': 'food',
+                'verbose_name_plural': 'food',
+            },
+        ),
+        migrations.CreateModel(
+            name='FoodOption',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('extra_cost', models.IntegerField(default=0, verbose_name='extra cost')),
+                ('available', models.BooleanField(default=True, help_text="If set to false, this option won't be offered (in case of out of stock)", verbose_name='available')),
+                ('food', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='sheets.Food', verbose_name='food')),
+            ],
+            options={
+                'verbose_name': 'food option',
+                'verbose_name_plural': 'food options',
+            },
+        ),
+        migrations.CreateModel(
+            name='Meal',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('price', models.IntegerField(verbose_name='price')),
+                ('available', models.BooleanField(default=True, help_text="If set to false, this option won't be offered (in case of out of stock)", verbose_name='available')),
+                ('content', models.ManyToManyField(to='sheets.Food', verbose_name='content')),
+            ],
+            options={
+                'verbose_name': 'meal',
+                'verbose_name_plural': 'meals',
+            },
+        ),
+        migrations.CreateModel(
+            name='Order',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('date', models.DateTimeField(auto_now_add=True, verbose_name='date')),
+                ('gift', models.IntegerField(verbose_name='gift')),
+                ('note', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='note.Note', verbose_name='note')),
+            ],
+            options={
+                'verbose_name': 'order',
+                'verbose_name_plural': 'orders',
+            },
+        ),
+        migrations.CreateModel(
+            name='OrderedFood',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('remark', models.TextField(blank=True, default='', verbose_name='remark')),
+                ('priority', models.CharField(blank=True, default='', max_length=64, verbose_name='priority request')),
+                ('number', models.IntegerField(help_text='How many times the user ordered this.', verbose_name='number')),
+                ('status', models.CharField(choices=[('QUEUED', 'queued'), ('READY', 'ready'), ('SERVED', 'served'), ('CANCELED', 'canceled')], max_length=8, verbose_name='status')),
+                ('served_date', models.DateTimeField(default=None, null=True, verbose_name='served date')),
+                ('food', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='sheets.Food', verbose_name='food')),
+            ],
+            options={
+                'verbose_name': 'ordered food',
+                'verbose_name_plural': 'ordered food',
+            },
+        ),
+        migrations.CreateModel(
+            name='Sheet',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, verbose_name='name')),
+                ('date', models.DateTimeField(default=django.utils.timezone.now, verbose_name='start date')),
+                ('description', models.TextField(verbose_name='description')),
+                ('visible', models.BooleanField(default=False, help_text='the note sheet will be private until this field is checked.', verbose_name='visible')),
+            ],
+            options={
+                'verbose_name': 'note sheet',
+                'verbose_name_plural': 'note sheets',
+            },
+        ),
+        migrations.CreateModel(
+            name='SheetOrderTransaction',
+            fields=[
+                ('transaction_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='note.Transaction')),
+                ('ordered_food', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='sheets.OrderedFood', verbose_name='ordered food')),
+            ],
+            options={
+                'verbose_name': 'sheet order transaction',
+                'verbose_name_plural': 'sheet order transactions',
+            },
+            bases=('note.transaction',),
+        ),
+        migrations.CreateModel(
+            name='OrderedMeal',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('meal', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='sheets.Meal', verbose_name='meal')),
+                ('order', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='sheets.Order', verbose_name='order')),
+            ],
+            options={
+                'verbose_name': 'ordered meal',
+                'verbose_name_plural': 'ordered meals',
+            },
+        ),
+        migrations.AddField(
+            model_name='orderedfood',
+            name='meal',
+            field=models.ForeignKey(default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, to='sheets.OrderedMeal', verbose_name='ordered meal'),
+        ),
+        migrations.AddField(
+            model_name='orderedfood',
+            name='options',
+            field=models.ManyToManyField(blank=True, to='sheets.FoodOption', verbose_name='options'),
+        ),
+        migrations.AddField(
+            model_name='orderedfood',
+            name='order',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='sheets.Order', verbose_name='order'),
+        ),
+        migrations.AddField(
+            model_name='order',
+            name='sheet',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='sheets.Sheet', verbose_name='note sheet'),
+        ),
+        migrations.AddField(
+            model_name='meal',
+            name='sheet',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='sheets.Sheet', verbose_name='note sheet'),
+        ),
+        migrations.AddField(
+            model_name='food',
+            name='sheet',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='sheets.Sheet', verbose_name='note sheet'),
+        ),
+    ]

apps/sheets/migrations/0002_auto_20220818_1713.py

@@ -0,0 +1,34 @@
+# Generated by Django 2.2.27 on 2022-08-18 15:13
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('sheets', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='order',
+            name='gift',
+        ),
+        migrations.AddField(
+            model_name='orderedfood',
+            name='gift',
+            field=models.IntegerField(default=0, verbose_name='gift'),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='orderedmeal',
+            name='gift',
+            field=models.IntegerField(default=0, verbose_name='gift'),
+            preserve_default=False,
+        ),
+        migrations.AlterField(
+            model_name='orderedfood',
+            name='status',
+            field=models.CharField(choices=[('QUEUED', 'queued'), ('READY', 'ready'), ('SERVED', 'served'), ('CANCELED', 'canceled')], default='QUEUED', max_length=8, verbose_name='status'),
+        ),
+    ]

apps/sheets/models.py

@@ -0,0 +1,289 @@
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.db import models
+from django.urls import reverse_lazy
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+
+from member.models import Club
+from note.models import Note, Transaction
+
+
+class Sheet(models.Model):
+    name = models.CharField(
+        max_length=255,
+        verbose_name=_("name"),
+    )
+
+    date = models.DateTimeField(
+        verbose_name=_("start date"),
+        default=timezone.now,
+    )
+
+    description = models.TextField(
+        verbose_name=_("description"),
+    )
+
+    visible = models.BooleanField(
+        default=False,
+        verbose_name=_("visible"),
+        help_text=_("the note sheet will be private until this field is checked."),
+    )
+
+    def get_absolute_url(self):
+        return reverse_lazy('sheets:sheet_detail', args=(self.pk,))
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        verbose_name = _("note sheet")
+        verbose_name_plural = _("note sheets")
+
+
+class Food(models.Model):
+    name = models.CharField(
+        max_length=255,
+        verbose_name=_("food"),
+    )
+
+    sheet = models.ForeignKey(
+        Sheet,
+        on_delete=models.CASCADE,
+        verbose_name=_("note sheet"),
+    )
+
+    price = models.IntegerField(
+        verbose_name=_("price"),
+    )
+
+    club = models.ForeignKey(
+        Club,
+        on_delete=models.PROTECT,
+        verbose_name=_("destination club"),
+    )
+
+    available = models.BooleanField(
+        default=True,
+        verbose_name=_("available"),
+        help_text=_("If set to false, this option won't be offered (in case of out of stock)"),
+    )
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        verbose_name = _("food")
+        verbose_name_plural = _("food")
+
+
+class FoodOption(models.Model):
+    name = models.CharField(
+        max_length=255,
+        verbose_name=_("name"),
+    )
+
+    food = models.ForeignKey(
+        Food,
+        on_delete=models.CASCADE,
+        verbose_name=_("food"),
+    )
+
+    extra_cost = models.IntegerField(
+        default=0,
+        verbose_name=_("extra cost"),
+    )
+
+    available = models.BooleanField(
+        default=True,
+        verbose_name=_("available"),
+        help_text=_("If set to false, this option won't be offered (in case of out of stock)"),
+    )
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        verbose_name = _("food option")
+        verbose_name_plural = _("food options")
+
+
+class Meal(models.Model):
+    sheet = models.ForeignKey(
+        Sheet,
+        on_delete=models.CASCADE,
+        verbose_name=_("note sheet"),
+    )
+
+    name = models.CharField(
+        max_length=255,
+        verbose_name=_("name"),
+    )
+
+    content = models.ManyToManyField(
+        Food,
+        verbose_name=_("content"),
+    )
+
+    price = models.IntegerField(
+        verbose_name=_("price"),
+    )
+
+    available = models.BooleanField(
+        default=True,
+        verbose_name=_("available"),
+        help_text=_("If set to false, this option won't be offered (in case of out of stock)"),
+    )
+
+    def __str__(self):
+        return _("meal").capitalize() + " " + self.name
+
+    class Meta:
+        verbose_name = _("meal")
+        verbose_name_plural = _("meals")
+
+
+class Order(models.Model):
+    sheet = models.ForeignKey(
+        Sheet,
+        on_delete=models.PROTECT,
+        verbose_name=_("note sheet"),
+    )
+
+    note = models.ForeignKey(
+        Note,
+        on_delete=models.PROTECT,
+        verbose_name=_("note"),
+    )
+
+    date = models.DateTimeField(
+        verbose_name=_("date"),
+        auto_now_add=True,
+    )
+
+    class Meta:
+        verbose_name = _("order")
+        verbose_name_plural = _("orders")
+
+
+class OrderedMeal(models.Model):
+    order = models.ForeignKey(
+        Order,
+        on_delete=models.PROTECT,
+        verbose_name=_("order"),
+    )
+
+    meal = models.ForeignKey(
+        Meal,
+        on_delete=models.PROTECT,
+        verbose_name=_("meal"),
+    )
+
+    gift = models.IntegerField(
+        verbose_name=_("gift"),
+    )
+
+    class Meta:
+        verbose_name = _("ordered meal")
+        verbose_name_plural = _("ordered meals")
+
+
+class OrderedFood(models.Model):
+    order = models.ForeignKey(
+        Order,
+        on_delete=models.PROTECT,
+        verbose_name=_("order"),
+    )
+
+    meal = models.ForeignKey(
+        OrderedMeal,
+        on_delete=models.SET_NULL,
+        null=True,
+        default=None,
+        verbose_name=_("ordered meal"),
+    )
+
+    food = models.ForeignKey(
+        Food,
+        on_delete=models.PROTECT,
+        verbose_name=_("food"),
+    )
+
+    options = models.ManyToManyField(
+        FoodOption,
+        blank=True,
+        verbose_name=_("options"),
+    )
+
+    remark = models.TextField(
+        blank=True,
+        default="",
+        verbose_name=_("remark"),
+    )
+
+    priority = models.CharField(
+        max_length=64,
+        blank=True,
+        default="",
+        verbose_name=_("priority request"),
+    )
+
+    gift = models.IntegerField(
+        verbose_name=_("gift"),
+    )
+
+    number = models.IntegerField(
+        verbose_name=_("number"),
+        help_text=_("How many times the user ordered this."),
+    )
+
+    status = models.CharField(
+        max_length=8,
+        choices=[
+            ('QUEUED', _("queued")),
+            ('READY', _("ready")),
+            ('SERVED', _("served")),
+            ('CANCELED', _("canceled")),
+        ],
+        default='QUEUED',
+        verbose_name=_("status"),
+    )
+
+    served_date = models.DateTimeField(
+        null=True,
+        default=None,
+        verbose_name=_("served date")
+    )
+
+    class Meta:
+        verbose_name = _("ordered food")
+        verbose_name_plural = _("ordered food")
+
+
+class SheetOrderTransaction(Transaction):
+    ordered_food = models.ForeignKey(
+        OrderedFood,
+        on_delete=models.PROTECT,
+        verbose_name=_("ordered food"),
+    )
+
+    @property
+    def type(self):
+        return _("note sheet")
+
+    @property
+    def get_price(self):
+        if self.ordered_food.meal:
+            return self.ordered_food.meal.meal.price + self.ordered_food.meal.gift + sum(
+                sum(opt.extra_cost for opt in ordered_food.options.all())
+                for ordered_food in self.ordered_food.meal.orderedfood_set.exclude(status='CANCELED').all())
+        elif self.ordered_food.status == 'CANCELED':
+            return 0
+        else:
+            return self.ordered_food.food.price + self.ordered_food.gift \
+                   + sum(opt.extra_cost for opt in self.ordered_food.options.all())
+
+    class Meta:
+        verbose_name = _("sheet order transaction")
+        verbose_name_plural = _("sheet order transactions")

apps/sheets/tables.py

@@ -0,0 +1,22 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import django_tables2 as tables
+from django.urls import reverse_lazy
+
+from sheets.models import Sheet
+
+
+class SheetTable(tables.Table):
+    class Meta:
+        attrs = {
+            'class': 'table table-condensed table-striped table-hover'
+        }
+        model = Sheet
+        template_name = 'django_tables2/bootstrap4.html'
+        fields = ('name', 'date', )
+        row_attrs = {
+            'class': 'table-row',
+            'id': lambda record: "row-" + str(record.pk),
+            'data-href': lambda record: reverse_lazy('sheets:sheet_detail', args=(record.pk,))
+        }

apps/sheets/templates/sheets/food_form.html

@@ -0,0 +1,86 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load crispy_forms_tags %}
+{% load i18n %}
+
+{% block content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {{ title }}
+    </h3>
+    <div class="card-body">
+        <form method="post">
+            {% csrf_token %}
+            {{ form|crispy }}
+
+            {# The next part concerns the option formset #}
+            {# Generate some hidden fields that manage the number of options, and make easier the parsing #}
+            {{ formset.management_form }}
+            <table class="table table-condensed table-striped">
+                {# Fill initial data #}
+                {% for form in formset %}
+                {% if forloop.first %}
+                <thead>
+                    <tr>
+                        <th>{{ form.name.label }}<span class="asteriskField">*</span></th>
+                        <th>{{ form.extra_cost.label }}<span class="asteriskField">*</span></th>
+                        <th>{{ form.available.label }}<span class="asteriskField">*</span></th>
+                    </tr>
+                </thead>
+                <tbody id="form_body">
+                    {% endif %}
+                    <tr class="row-formset">
+                        <td>{{ form.name }}</td>
+                        <td>{{ form.extra_cost }}</td>
+                        <td>{{ form.available }}</td>
+                        {# These fields are hidden but handled by the formset to link the id and the invoice id #}
+                        {{ form.food }}
+                        {{ form.id }}
+                    </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
+
+            {# Display buttons to add and remove options #}
+            <div class="card-body">
+            <button type="button" id="add_more" class="btn btn-success">{% trans "Add option" %}</button>
+            </div>
+
+            <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
+        </form>
+    </div>
+</div>
+
+{# Hidden div that store an empty product form, to be copied into new forms #}
+<div id="empty_form" style="display: none;">
+    <table class='no_error'>
+        <tbody id="for_real">
+            <tr class="row-formset">
+                <td>{{ formset.empty_form.name }}</td>
+                <td>{{ formset.empty_form.extra_cost }} </td>
+                <td>{{ formset.empty_form.available }}</td>
+                {{ formset.empty_form.food }}
+                {{ formset.empty_form.id }}
+            </tr>
+        </tbody>
+    </table>
+</div>
+{% endblock %}
+
+{% block extrajavascript %}
+<script>
+    /* script that handles add and remove lines */
+    IDS = {};
+
+    $("#id_foodoption_set-TOTAL_FORMS").val($(".row-formset").length - 1);
+
+    $('#add_more').click(function () {
+        let form_idx = $('#id_foodoption_set-TOTAL_FORMS').val();
+        $('#form_body').append($('#for_real').html().replace(/__prefix__/g, form_idx));
+        $('#id_foodoption_set-TOTAL_FORMS').val(parseInt(form_idx) + 1);
+        $('#id_foodoption_set-' + parseInt(form_idx) + '-id').val(IDS[parseInt(form_idx)]);
+    });
+</script>
+{% endblock %}

apps/sheets/templates/sheets/meal_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load crispy_forms_tags %}
+{% load i18n %}
+
+{% block content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {{ title }}
+    </h3>
+    <div class="card-body">
+        <form method="post">
+            {% csrf_token %}
+            {{ form|crispy }}
+            <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
+        </form>
+    </div>
+</div>
+{% endblock %}

apps/sheets/templates/sheets/sheet_detail.html

@@ -0,0 +1,87 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+{% load pretty_money %}
+
+{% block content %}
+<div class="card">
+<div class="card-header text-center">
+    <h1>{{ sheet.name }}</h1>
+</div>
+<div class="card-body">
+    <div class="alert alert-secondary">
+        <div class="row">
+            <div class="col-sm-11">
+                {{ sheet.description }}
+            </div>
+            {% if can_change_sheet %}
+                <div class="col-sm-1">
+                    <a class="badge badge-primary" href="{% url 'sheets:sheet_update' pk=sheet.pk %}">
+                        <i class="fa fa-edit"></i>
+                        {% trans "Edit" %}
+                    </a>
+                </div>
+            {% endif %}
+        </div>
+    </div>
+
+    <h3>{% trans "menu"|capfirst %} :</h3>
+    <ul>
+        {% for meal in sheet.meal_set.all %}
+            <li{% if not meal.available %} class="text-danger" style="text-decoration: line-through !important;" title="{% trans "This product is unavailable." %}"{% endif %}>
+                {{ meal }} ({{ meal.price|pretty_money }})
+                {% if can_change_sheet %}
+                    <a href="{% url 'sheets:meal_update' pk=meal.pk %}" class="badge badge-primary">
+                        <i class="fa fa-edit"></i>
+                        {% trans "Edit" %}
+                    </a>
+                {% endif %}
+            </li>
+        {% endfor %}
+        <hr>
+        {% for food in sheet.food_set.all %}
+            <li{% if not food.available %} class="text-danger" style="text-decoration: line-through !important;" title="{% trans "This product is unavailable." %}"{% endif %}>
+                {{ food }} ({{ food.price|pretty_money }})
+                <a href="{% url 'sheets:waiting_list' pk=food.pk %}" class="badge badge-primary">
+                    <i class="fa fa-list"></i>
+                    {% trans "Waiting list" %}
+                </a>
+                {% if can_change_sheet %}
+                    <a href="{% url 'sheets:food_update' pk=food.pk %}" class="badge badge-primary">
+                        <i class="fa fa-edit"></i>
+                        {% trans "Edit" %}
+                    </a>
+                {% endif %}
+                {% if food.foodoption_set.all %}
+                    <ul>
+                        {% for option in food.foodoption_set.all %}
+                            <li{% if not option.available %} class="text-danger" style="text-decoration: line-through !important;" title="{% trans "This product is unavailable." %}"{% endif %}>
+                                {{ option }}{% if option.extra_cost %} ({{ option.extra_cost|pretty_money }}){% endif %}
+                            </li>
+                        {% endfor %}
+                    </ul>
+                {% endif %}
+            </li>
+        {% empty %}
+            <div class="alert alert-warning">
+                {% trans "The menu is empty for now." %}
+            </div>
+        {% endfor %}
+    </ul>
+
+    <div class="text-center">
+        {% if can_add_food %}
+            <a href="{% url 'sheets:food_create' pk=sheet.pk %}" class="btn btn-primary">{% trans "Add new food" %}</a>
+        {% endif %}
+        {% if can_add_meal %}
+            <a href="{% url 'sheets:meal_create' pk=sheet.pk %}" class="btn btn-primary">{% trans "Add new meal" %}</a>
+        {% endif %}
+    </div>
+</div>
+<div class="card-footer text-center">
+    <a href="{% url 'sheets:sheet_order' pk=sheet.pk %}" class="btn btn-success">
+        {% trans "Order now" %}
+    </a>
+</div>
+</div>
+{% endblock %}

apps/sheets/templates/sheets/sheet_form.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load crispy_forms_tags %}
+{% load i18n %}
+
+{% block content %}
+<div class="card bg-light mb-3">
+    <h3 class="card-header text-center">
+        {{ title }}
+    </h3>
+    <div class="card-body">
+        <form method="post">
+            {% csrf_token %}
+            {{ form|crispy }}
+            <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
+        </form>
+    </div>
+</div>
+{% endblock %}

apps/sheets/templates/sheets/sheet_list.html

@@ -0,0 +1,74 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load render_table from django_tables2 %}
+{% load i18n %}
+
+{% block content %}
+<div class="row justify-content-center mb-4">
+    <div class="col-md-10 text-center">
+        <input class="form-control mx-auto w-25" type="text" onkeyup="search_field_moved()" id="search_field"/>
+        {% if can_create_sheet %}
+            <hr>
+            <a class="btn btn-primary text-center my-4" href="{% url 'sheets:sheet_create' %}">{% trans "Create a sheet" %}</a>
+        {% endif %}
+    </div>
+</div>
+<div class="row justify-content-center">   
+    <div class="col-md-10">
+        <div class="card card-border shadow">
+            <div class="card-header text-center">
+                <h5> {% trans "Note sheet listing" %}</h5>
+            </div>
+            <div class="card-body px-0 py-0" id="sheets_table">
+                {% render_table table %}
+            </div>
+        </div>
+    </div>
+</div>
+
+{% endblock %}
+{% block extrajavascript %}
+<script type="text/javascript">
+
+function getInfo() {
+    var asked = $("#search_field").val();
+    /* on ne fait la requête que si on a au moins un caractère pour chercher */
+    var sel = $(".table-row");
+    if (asked.length >= 1) {
+        $.getJSON("/api/sheets/sheet/?format=json&search="+asked, function(buttons){
+            let selected_id = buttons.results.map((a => "#row-"+a.id));
+            if (selected_id.length)
+                $(".table-row,"+selected_id.join()).show();
+            $(".table-row").not(selected_id.join()).hide();
+            
+        });
+    }else{
+        // show everything
+        $('table tr').show();
+    }       
+}
+var timer;
+var timer_on;
+/* Fontion appelée quand le texte change (délenche le timer) */
+function search_field_moved(secondfield) {
+    if (timer_on) { // Si le timer a déjà été lancé, on réinitialise le compteur.
+        clearTimeout(timer);
+        timer = setTimeout("getInfo(" + secondfield + ")", 300);
+    }
+    else { // Sinon, on le lance et on enregistre le fait qu'il tourne.
+        timer = setTimeout("getInfo(" + secondfield + ")", 300);
+        timer_on = true;
+    }
+}
+
+// clickable row 
+$(document).ready(function($) {
+    $(".table-row").click(function() {
+        window.document.location = $(this).data("href");
+    });
+});
+
+</script>
+{% endblock %}

apps/sheets/urls.py

@@ -0,0 +1,26 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.urls import path
+
+from sheets.views import FoodCreateView, FoodUpdateView, MealCreateView, MealUpdateView, OrderView, \
+    SheetCreateView, SheetDetailView, SheetListView, SheetUpdateView, WaitingListDetailView, WaitingListView
+
+app_name = 'sheets'
+
+urlpatterns = [
+    path('list/', SheetListView.as_view(), name="sheet_list"),
+    path('create/', SheetCreateView.as_view(), name="sheet_create"),
+    path('update/<int:pk>/', SheetUpdateView.as_view(), name="sheet_update"),
+    path('detail/<int:pk>/', SheetDetailView.as_view(), name="sheet_detail"),
+    path('food/create/<int:pk>/', FoodCreateView.as_view(), name="food_create"),
+    path('food/<int:pk>/update/', FoodUpdateView.as_view(), name="food_update"),
+    path('meal/create/<int:pk>/', MealCreateView.as_view(), name="meal_create"),
+    path('meal/<int:pk>/update/', MealUpdateView.as_view(), name="meal_update"),
+    path('order/<int:pk>/', OrderView.as_view(), name="sheet_order"),
+    path('waiting-list/<int:pk>/', WaitingListView.as_view(), name="waiting_list"),
+    path('waiting-list/<int:pk>/queued/', WaitingListDetailView.as_view(), name="queued_list"),
+    path('waiting-list/<int:pk>/ready/', WaitingListDetailView.as_view(), name="ready_list"),
+    path('waiting-list/<int:pk>/served/', WaitingListDetailView.as_view(), name="served_list"),
+    path('waiting-list/<int:pk>/canceled/', WaitingListDetailView.as_view(), name="canceled_list"),
+]

apps/sheets/views.py

@@ -0,0 +1,444 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+from datetime import timedelta
+
+from crispy_forms.bootstrap import Accordion, AccordionGroup, FormActions
+from crispy_forms.helper import FormHelper
+from crispy_forms.layout import Fieldset, Submit, Row, Field
+from django import forms
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.db import transaction
+from django.forms import Form
+from django.urls import reverse_lazy
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+from django.views.generic import DetailView, UpdateView, FormView
+from django_tables2 import SingleTableView
+
+from note.models import Alias, Note
+from note.templatetags.pretty_money import pretty_money
+from note_kfet.inputs import AmountInput, Autocomplete
+from permission.backends import PermissionBackend
+from permission.views import ProtectQuerysetMixin, ProtectedCreateView
+
+from .forms import FoodForm, MealForm, SheetForm, FoodOptionsFormSet, FoodOptionFormSetHelper
+from .models import Sheet, Food, Meal, Order, OrderedMeal, OrderedFood, SheetOrderTransaction
+from .tables import SheetTable
+
+
+class SheetListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
+    model = Sheet
+    table_class = SheetTable
+    ordering = '-date'
+    extra_context = {"title": _("Search note sheet")}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["can_create_sheet"] = PermissionBackend.check_perm(self.request, "sheets.add_sheet", Sheet(
+            name="Test",
+            date=timezone.now(),
+            description="Test sheet",
+        ))
+        return context
+
+
+class SheetCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    model = Sheet
+    form_class = SheetForm
+    extra_context = {"title": _("Create note sheet")}
+
+    def get_sample_object(self):
+        return Sheet(
+            name="Test",
+            date=timezone.now(),
+            description="Test",
+        )
+
+
+class SheetUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    model = Sheet
+    form_class = SheetForm
+    extra_context = {"title": _("Update note sheet")}
+
+
+class SheetDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
+    model = Sheet
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data()
+
+        context['can_change_sheet'] = PermissionBackend.check_perm(self.request, 'sheets.change_sheet', self.object)
+        context['can_add_meal'] = PermissionBackend.check_perm(self.request,
+                                                               'sheets.add_meal',
+                                                               Meal(sheet=self.object, name="Test", price=500))
+        context['can_add_food'] = PermissionBackend.check_perm(self.request,
+                                                               'sheets.add_food',
+                                                               Food(sheet=self.object, name="Test", price=500))
+
+        return context
+
+
+class FoodCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    model = Food
+    form_class = FoodForm
+    extra_context = {"title": _("Create new food")}
+
+    def get_sample_object(self):
+        return Food(
+            sheet_id=self.kwargs['pk'],
+            name="Test",
+            price=500,
+        )
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        form = context['form']
+        form.helper = FormHelper()
+        # Remove form tag on the generation of the form in the template (already present on the template)
+        form.helper.form_tag = False
+        # The formset handles the set of the products
+        form_set = FoodOptionsFormSet(instance=form.instance)
+        context['formset'] = form_set
+        context['helper'] = FoodOptionFormSetHelper()
+
+        return context
+
+    def form_valid(self, form):
+        form.instance.sheet_id = self.kwargs['pk']
+
+        # For each product, we save it
+        formset = FoodOptionsFormSet(self.request.POST, instance=form.instance)
+        if formset.is_valid():
+            for f in formset:
+                # We don't save the product if the designation is not entered, ie. if the line is empty
+                if f.is_valid() and f.instance.name:
+                    f.save()
+                    f.instance.save()
+                else:
+                    f.instance = None
+
+        return super().form_valid(form)
+
+    def get_success_url(self):
+        return reverse_lazy('sheets:sheet_detail', args=(self.kwargs['pk'],))
+
+
+class FoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    model = Food
+    form_class = FoodForm
+    extra_context = {"title": _("Update food")}
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        form = context['form']
+        form.helper = FormHelper()
+        # Remove form tag on the generation of the form in the template (already present on the template)
+        form.helper.form_tag = False
+        # The formset handles the set of the products
+        form_set = FoodOptionsFormSet(instance=form.instance)
+        context['formset'] = form_set
+        context['helper'] = FoodOptionFormSetHelper()
+
+        return context
+
+    def form_valid(self, form):
+        # For each product, we save it
+        formset = FoodOptionsFormSet(self.request.POST, instance=form.instance)
+        if formset.is_valid():
+            for f in formset:
+                # We don't save the product if the designation is not entered, ie. if the line is empty
+                if f.is_valid() and f.instance.name:
+                    f.save()
+                    f.instance.save()
+                else:
+                    f.instance = None
+
+        return super().form_valid(form)
+
+    def get_success_url(self):
+        return reverse_lazy('sheets:sheet_detail', args=(self.object.sheet_id,))
+
+
+class MealCreateView(ProtectQuerysetMixin, ProtectedCreateView):
+    model = Meal
+    form_class = MealForm
+    extra_context = {"title": _("Create new meal")}
+
+    def get_sample_object(self):
+        return Meal(
+            sheet_id=self.kwargs['pk'],
+            name="Test",
+            price=500,
+        )
+
+    def get_form(self, form_class=None):
+        form = super().get_form(form_class)
+        form.fields['content'].queryset = form.fields['content'].queryset.filter(sheet_id=self.kwargs['pk'])
+        return form
+
+    def form_valid(self, form):
+        form.instance.sheet_id = self.kwargs['pk']
+        return super().form_valid(form)
+
+    def get_success_url(self):
+        return reverse_lazy('sheets:sheet_detail', args=(self.object.sheet_id,))
+
+
+class MealUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
+    model = Meal
+    form_class = MealForm
+    extra_context = {"title": _("Update meal")}
+
+    def get_form(self, form_class=None):
+        form = super().get_form(form_class)
+        form.fields['content'].queryset = form.fields['content'].queryset.filter(sheet=self.object.sheet)
+        return form
+
+    def get_success_url(self):
+        return reverse_lazy('sheets:sheet_detail', args=(self.object.sheet_id,))
+
+
+class OrderView(LoginRequiredMixin, FormView, DetailView):
+    model = Sheet
+    template_name = 'sheets/order.html'
+    extra_context = {'title': _("Order now")}
+
+    def get_form(self, form_class=None):
+        form = Form()
+        form.helper = FormHelper()
+        layout_fields = []
+
+        self.object = self.get_object()
+
+        form.fields['note'] = forms.ModelChoiceField(
+            queryset=Note.objects.filter(PermissionBackend.filter_queryset(self.request, Note, 'note.view_note')),
+            label=_("Orderer"),
+            initial=self.request.user.note,
+            widget=Autocomplete(
+                model=Note,
+                attrs={
+                    "api_url": "/api/note/note/",
+                    'placeholder': _("Who orders")
+                },
+            ),
+        )
+        layout_fields.append(Field('note', css_class='is-valid'))
+
+        for meal in self.object.meal_set.filter(available=True).all():
+            form.fields[f'meal_{meal.id}_quantity'] = forms.IntegerField(
+                label=_("Quantity"),
+                initial=0,
+            )
+            form.fields[f'meal_{meal.id}_gift'] = forms.IntegerField(
+                label=_("gift").capitalize(),
+                initial=0,
+                widget=AmountInput(),
+                help_text=_("Be careful: this gift will be multiplied for each order."),
+            )
+            form.fields[f'meal_{meal.id}_remark'] = forms.CharField(
+                max_length=255,
+                required=False,
+                label=_("remark").capitalize(),
+                help_text=_("Allergies,…"),
+            )
+            form.fields[f'meal_{meal.id}_priority'] = forms.CharField(
+                max_length=64,
+                required=False,
+                label=_("priority request").capitalize(),
+                help_text=_("Lesson at 13h30,…"),
+            )
+
+            ag = AccordionGroup(f"{meal} ({pretty_money(meal.price)})",
+                                Row(Field(f'meal_{meal.id}_quantity', wrapper_class='col-sm-9'),
+                                    Field(f'meal_{meal.id}_gift', wrapper_class='col-sm-3')),
+                                Row(Field(f'meal_{meal.id}_remark', wrapper_class='col-sm-9'),
+                                    Field(f'meal_{meal.id}_priority', wrapper_class='col-sm-3')))
+
+            for food in meal.content.filter(available=True).all():
+                if food.foodoption_set.count():
+                    options_fieldset = Fieldset(_("Options for ") + str(food))
+                    options_row = Row(css_class='ml-0')
+                    for option in food.foodoption_set.filter(available=True).all():
+                        form.fields[f'meal_{meal.id}_food_{food.id}_option_{option.id}'] = forms.BooleanField(
+                            label=f"{option}{f' ({pretty_money(option.extra_cost)})' if option.extra_cost else ''}",
+                            required=False,
+                        )
+                        options_row.fields.append(
+                            Field(f'meal_{meal.id}_food_{food.id}_option_{option.id}', wrapper_class='col-sm-12'))
+                    options_fieldset.fields.append(options_row)
+                    ag.fields.append(options_fieldset)
+
+            layout_fields.append(ag)
+
+        for food in self.object.food_set.filter(available=True).all():
+            form.fields[f'food_{food.id}_quantity'] = forms.IntegerField(
+                label=_("quantity").capitalize(),
+                initial=0,
+            )
+            form.fields[f'food_{food.id}_gift'] = forms.IntegerField(
+                label=_("gift").capitalize(),
+                initial=0,
+                widget=AmountInput(),
+                help_text=_("Be careful: this gift will be multiplied for each order."),
+            )
+            form.fields[f'food_{food.id}_remark'] = forms.CharField(
+                max_length=255,
+                required=False,
+                label=_("remark").capitalize(),
+                help_text=_("Allergies,…"),
+            )
+            form.fields[f'food_{food.id}_priority'] = forms.CharField(
+                max_length=255,
+                required=False,
+                label=_("priority request").capitalize(),
+                help_text=_("Lesson at 13h30,…"),
+            )
+
+            ag = AccordionGroup(f"{food} ({pretty_money(food.price)})",
+                                Row(Field(f'food_{food.id}_quantity', wrapper_class='col-sm-9'),
+                                    Field(f'food_{food.id}_gift', wrapper_class='col-sm-3')),
+                                Row(Field(f'food_{food.id}_remark', wrapper_class='col-sm-9'),
+                                    Field(f'food_{food.id}_priority', wrapper_class='col-sm-3')))
+
+            if food.foodoption_set.count():
+                options_fieldset = Fieldset(_("Options"))
+                options_row = Row(css_class='ml-0')
+                for option in food.foodoption_set.all():
+                    form.fields[f'food_{food.id}_option_{option.id}'] = forms.BooleanField(
+                        label=f"{option}{f' ({pretty_money(option.extra_cost)})' if option.extra_cost else ''}",
+                        required=False,
+                    )
+                    options_row.fields.append(Field(f'food_{food.id}_option_{option.id}', wrapper_class='col-sm-12'))
+                options_fieldset.fields.append(options_row)
+                ag.fields.append(options_fieldset)
+
+            layout_fields.append(ag)
+
+        layout_fields.append(FormActions(Submit('submit', _("Order now"))))
+
+        form.helper.layout = Accordion(*layout_fields)
+
+        if self.request.method in ['PUT', 'POST']:
+            form.data = self.request.POST
+            form.files = self.request.FILES
+            form.is_bound = not form.data or not form.files
+
+        return form
+
+    def form_valid(self, form):
+        data = form.cleaned_data
+        sheet = self.get_object()
+
+        with transaction.atomic():
+            order = Order.objects.create(sheet_id=self.kwargs['pk'], note=data['note'])
+
+            total_quantity = 0
+
+            for meal in sheet.meal_set.filter(available=True).all():
+                quantity = data[f'meal_{meal.id}_quantity']
+                if not quantity:
+                    continue
+
+                total_quantity += quantity
+                gift = data[f'meal_{meal.id}_gift']
+                remark = data[f'meal_{meal.id}_remark'] or ''
+                priority = data[f'meal_{meal.id}_priority'] or ''
+                ordered_meal = OrderedMeal.objects.create(order=order, meal=meal, gift=gift)
+
+                for ignored in range(quantity):
+                    for food in meal.content.filter(available=True).all():
+                        n = OrderedFood.objects.filter(order__sheet_id=self.kwargs['pk'],
+                                                       order__note=order.note,
+                                                       order__date__gte=timezone.now() - timedelta(hours=6),
+                                                       food=food).exclude(status='CANCELED').count()
+                        of = OrderedFood.objects.create(order=order, meal=ordered_meal, food=food,
+                                                        remark=remark, priority=priority, number=n + 1, gift=0)
+
+                        for option in food.foodoption_set.filter(available=True).all():
+                            if data[f'meal_{meal.id}_food_{food.id}_option_{option.id}']:
+                                of.options.add(option)
+                        of.save()
+
+                first_food = ordered_meal.orderedfood_set.first()
+                tr = SheetOrderTransaction(source_id=order.note_id, destination=first_food.food.club.note,
+                                           source_alias=str(order.note), destination_alias=first_food.food.club.name,
+                                           quantity=quantity, ordered_food=first_food,
+                                           reason=f"{meal.name} - {sheet.name}")
+                tr.amount = tr.get_price / tr.quantity
+                tr.save()
+
+            for food in sheet.food_set.filter(available=True).all():
+                quantity = data[f'food_{food.id}_quantity']
+                if not quantity:
+                    continue
+
+                total_quantity += quantity
+                gift = data[f'food_{meal.id}_gift']
+                remark = data[f'food_{meal.id}_remark'] or ''
+                priority = data[f'food_{meal.id}_priority'] or ''
+
+                for ignored in range(quantity):
+                    n = OrderedFood.objects.filter(order__sheet_id=self.kwargs['pk'],
+                                                   order__note=order.note,
+                                                   order__date__gte=timezone.now() - timedelta(hours=6),
+                                                   food=food).exclude(state='CANCELED').count()
+                    of = OrderedFood.objects.create(order=order, food=food, gift=gift,
+                                                    remark=remark, priority=priority, number=n + 1)
+
+                    for option in food.foodoption_set.filter(available=True).all():
+                        if data[f'meal_{meal.id}_food_{food.id}_option_{option.id}']:
+                            of.options.add(option)
+                    of.options.save()
+
+                    tr = SheetOrderTransaction(source_id=order.note_id, destination_id=first_food.club.note,
+                                               source_alias=str(order.note), destination_alias=first_food.club.name,
+                                               quantity=quantity, ordered_food=of,
+                                               reason=f"{food.name} - {sheet.name}")
+                    tr.amount = tr.get_price / tr.quantity
+                    tr.save()
+
+        if total_quantity == 0:
+            form.add_error(None, _("You didn't select anything."))
+            transaction.rollback()
+            return self.form_invalid(form)
+
+        return super().form_valid(form)
+
+    def get_success_url(self):
+        return reverse_lazy('sheets:sheet_detail', args=(self.kwargs['pk'],))
+
+
+class WaitingListView(ProtectQuerysetMixin, DetailView):
+    model = Food
+    template_name = 'sheets/waiting_list.html'
+    extra_context = {'title': _("Waiting list")}
+
+    def get_context_data(self, **kwargs):
+        content = super().get_context_data(**kwargs)
+
+        content['queue'] = OrderedFood.objects.filter(food_id=self.kwargs['pk'], status='QUEUED')\
+            .order_by('-priority', 'number', 'order__date').all()
+        content['ready'] = OrderedFood.objects.filter(food_id=self.kwargs['pk'], status='READY')\
+            .order_by('served_date').all()
+
+        return content
+
+
+class WaitingListDetailView(ProtectQuerysetMixin, DetailView):
+    model = Food
+    template_name = 'sheets/waiting_list_detail.html'
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        list_type = 'CANCELED' if 'canceled' in self.request.path else \
+            'SERVED' if 'served' in self.request.path else \
+            'READY' if 'ready' in self.request.path else 'QUEUED'
+        context['list_type'] = list_type
+        context['orders'] = OrderedFood.objects.filter(food_id=self.kwargs['pk'], status=list_type)\
+            .order_by('served_date', '-priority', 'number', 'order__date').all()
+        context['title'] = self.object.name + " - " + _(list_type.lower()).capitalize()
+
+        return context

apps/treasury/migrations/0004_auto_20211005_1544.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.24 on 2021-10-05 13:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('treasury', '0003_auto_20210321_1034'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='sogecredit',
+            name='transactions',
+            field=models.ManyToManyField(blank=True, related_name='_sogecredit_transactions_+', to='note.MembershipTransaction', verbose_name='membership transactions'),
+        ),
+    ]

apps/wei/forms/surveys/__init__.py

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm
-from .wei2021 import WEISurvey2021
+from .wei2022 import WEISurvey2022
 
 
 __all__ = [
     'WEISurvey', 'WEISurveyInformation', 'WEISurveyAlgorithm', 'CurrentSurvey',
 ]
 
-CurrentSurvey = WEISurvey2021
+CurrentSurvey = WEISurvey2022

apps/wei/forms/surveys/wei2022.py

@@ -0,0 +1,293 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import time
+from functools import lru_cache
+from random import Random
+
+from django import forms
+from django.db import transaction
+from django.db.models import Q
+from django.utils.translation import gettext_lazy as _
+
+from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, WEIBusInformation
+from ...models import WEIMembership
+
+WORDS = [
+    '13 organisé', '3ième mi temps', 'Années 2000', 'Apéro', 'BBQ', 'BP', 'Beauf', 'Binge drinking', 'Bon enfant',
+    'Cartouche', 'Catacombes', 'Chansons paillardes', 'Chansons populaires', 'Chanteur', 'Chartreuse', 'Chill',
+    'Core', 'DJ', 'Dancefloor', 'Danse', 'David Guetta', 'Disco', 'Eau de vie', 'Électro', 'Escalade', 'Familial',
+    'Fanfare', 'Fracassage', 'Féria', 'Hard rock', 'Hoeggarden', 'House', 'Huit-six', 'IPA', 'Inclusif', 'Inferno',
+    'Introverti', 'Jager bomb', 'Jazz', 'Jeux d\'alcool', 'Jeux de rôles', 'Jeux vidéo', 'Jul', 'Jus de fruit',
+    'Karaoké', 'LGBTQI+', 'Lady Gaga', 'Loup garou', 'Morning beer', 'Métal', 'Nuit blanche', 'Ovalie', 'Psychedelic',
+    'Pétanque', 'Rave', 'Reggae', 'Rhum', 'Ricard', 'Rock', 'Rosé', 'Rétro', 'Séducteur', 'Techno', 'Thérapie taxi',
+    'Théâtre', 'Trap', 'Turn up', 'Underground', 'Volley', 'Wati B', 'Zinédine Zidane',
+]
+
+
+class WEISurveyForm2022(forms.Form):
+    """
+    Survey form for the year 2022.
+    Members choose 20 words, from which we calculate the best associated bus.
+    """
+
+    word = forms.ChoiceField(
+        label=_("Choose a word:"),
+        widget=forms.RadioSelect(),
+    )
+
+    def set_registration(self, registration):
+        """
+        Filter the bus selector with the buses of the current WEI.
+        """
+        information = WEISurveyInformation2022(registration)
+        if not information.seed:
+            information.seed = int(1000 * time.time())
+            information.save(registration)
+            registration._force_save = True
+            registration.save()
+
+        if self.data:
+            self.fields["word"].choices = [(w, w) for w in WORDS]
+            if self.is_valid():
+                return
+
+        rng = Random((information.step + 1) * information.seed)
+
+        words = None
+
+        buses = WEISurveyAlgorithm2022.get_buses()
+        informations = {bus: WEIBusInformation2022(bus) for bus in buses}
+        scores = sum((list(informations[bus].scores.values()) for bus in buses), [])
+        average_score = sum(scores) / len(scores)
+
+        preferred_words = {bus: [word for word in WORDS
+                                 if informations[bus].scores[word] >= average_score]
+                           for bus in buses}
+        while words is None or len(set(words)) != len(words):
+            # Ensure that there is no the same word 2 times
+            words = [rng.choice(words) for _ignored2, words in preferred_words.items()]
+        rng.shuffle(words)
+        words = [(w, w) for w in words]
+        self.fields["word"].choices = words
+
+
+class WEIBusInformation2022(WEIBusInformation):
+    """
+    For each word, the bus has a score
+    """
+    scores: dict
+
+    def __init__(self, bus):
+        self.scores = {}
+        for word in WORDS:
+            self.scores[word] = 0.0
+        super().__init__(bus)
+
+
+class WEISurveyInformation2022(WEISurveyInformation):
+    """
+    We store the id of the selected bus. We store only the name, but is not used in the selection:
+    that's only for humans that try to read data.
+    """
+    # Random seed that is stored at the first time to ensure that words are generated only once
+    seed = 0
+    step = 0
+
+    def __init__(self, registration):
+        for i in range(1, 21):
+            setattr(self, "word" + str(i), None)
+        super().__init__(registration)
+
+
+class WEISurvey2022(WEISurvey):
+    """
+    Survey for the year 2022.
+    """
+
+    @classmethod
+    def get_year(cls):
+        return 2022
+
+    @classmethod
+    def get_survey_information_class(cls):
+        return WEISurveyInformation2022
+
+    def get_form_class(self):
+        return WEISurveyForm2022
+
+    def update_form(self, form):
+        """
+        Filter the bus selector with the buses of the WEI.
+        """
+        form.set_registration(self.registration)
+
+    @transaction.atomic
+    def form_valid(self, form):
+        word = form.cleaned_data["word"]
+        self.information.step += 1
+        setattr(self.information, "word" + str(self.information.step), word)
+        self.save()
+
+    @classmethod
+    def get_algorithm_class(cls):
+        return WEISurveyAlgorithm2022
+
+    def is_complete(self) -> bool:
+        """
+        The survey is complete once the bus is chosen.
+        """
+        return self.information.step == 20
+
+    @classmethod
+    @lru_cache()
+    def word_mean(cls, word):
+        """
+        Calculate the mid-score given by all buses.
+        """
+        buses = cls.get_algorithm_class().get_buses()
+        return sum([cls.get_algorithm_class().get_bus_information(bus).scores[word] for bus in buses]) / buses.count()
+
+    @lru_cache()
+    def score(self, bus):
+        if not self.is_complete():
+            raise ValueError("Survey is not ended, can't calculate score")
+
+        bus_info = self.get_algorithm_class().get_bus_information(bus)
+        # Score is the given score by the bus subtracted to the mid-score of the buses.
+        s = sum(bus_info.scores[getattr(self.information, 'word' + str(i))]
+                - self.word_mean(getattr(self.information, 'word' + str(i))) for i in range(1, 21)) / 20
+        return s
+
+    @lru_cache()
+    def scores_per_bus(self):
+        return {bus: self.score(bus) for bus in self.get_algorithm_class().get_buses()}
+
+    @lru_cache()
+    def ordered_buses(self):
+        values = list(self.scores_per_bus().items())
+        values.sort(key=lambda item: -item[1])
+        return values
+
+    @classmethod
+    def clear_cache(cls):
+        cls.word_mean.cache_clear()
+        return super().clear_cache()
+
+
+class WEISurveyAlgorithm2022(WEISurveyAlgorithm):
+    """
+    The algorithm class for the year 2022.
+    We use Gale-Shapley algorithm to attribute 1y students into buses.
+    """
+
+    @classmethod
+    def get_survey_class(cls):
+        return WEISurvey2022
+
+    @classmethod
+    def get_bus_information_class(cls):
+        return WEIBusInformation2022
+
+    def run_algorithm(self, display_tqdm=False):
+        """
+        Gale-Shapley algorithm implementation.
+        We modify it to allow buses to have multiple "weddings".
+        """
+        surveys = list(self.get_survey_class()(r) for r in self.get_registrations())  # All surveys
+        surveys = [s for s in surveys if s.is_complete()]  # Don't consider invalid surveys
+        # Don't manage hardcoded people
+        surveys = [s for s in surveys if not hasattr(s.information, 'hardcoded') or not s.information.hardcoded]
+
+        # Reset previous algorithm run
+        for survey in surveys:
+            survey.free()
+            survey.save()
+
+        non_men = [s for s in surveys if s.registration.gender != 'male']
+        men = [s for s in surveys if s.registration.gender == 'male']
+
+        quotas = {}
+        registrations = self.get_registrations()
+        non_men_total = registrations.filter(~Q(gender='male')).count()
+        for bus in self.get_buses():
+            free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
+            # Remove hardcoded people
+            free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
+                                                       registration__information_json__icontains="hardcoded").count()
+            quotas[bus] = 4 + int(non_men_total / registrations.count() * free_seats)
+
+        tqdm_obj = None
+        if display_tqdm:
+            from tqdm import tqdm
+            tqdm_obj = tqdm(total=len(non_men), desc="Non-hommes")
+
+        # Repartition for non men people first
+        self.make_repartition(non_men, quotas, tqdm_obj=tqdm_obj)
+
+        quotas = {}
+        for bus in self.get_buses():
+            free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
+            free_seats -= sum(1 for s in non_men if s.information.selected_bus_pk == bus.pk)
+            # Remove hardcoded people
+            free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
+                                                       registration__information_json__icontains="hardcoded").count()
+            quotas[bus] = free_seats
+
+        if display_tqdm:
+            tqdm_obj.close()
+
+            from tqdm import tqdm
+            tqdm_obj = tqdm(total=len(men), desc="Hommes")
+
+        self.make_repartition(men, quotas, tqdm_obj=tqdm_obj)
+
+        if display_tqdm:
+            tqdm_obj.close()
+
+        # Clear cache information after running algorithm
+        WEISurvey2022.clear_cache()
+
+    def make_repartition(self, surveys, quotas=None, tqdm_obj=None):
+        free_surveys = surveys.copy()  # Remaining surveys
+        while free_surveys:  # Some students are not affected
+            survey = free_surveys[0]
+            buses = survey.ordered_buses()  # Preferences of the student
+            for bus, current_score in buses:
+                if self.get_bus_information(bus).has_free_seats(surveys, quotas):
+                    # Selected bus has free places. Put student in the bus
+                    survey.select_bus(bus)
+                    survey.save()
+                    free_surveys.remove(survey)
+                    break
+                else:
+                    # Current bus has not enough places. Remove the least preferred student from the bus if existing
+                    least_preferred_survey = None
+                    least_score = -1
+                    # Find the least student in the bus that has a lower score than the current student
+                    for survey2 in surveys:
+                        if not survey2.information.valid or survey2.information.get_selected_bus() != bus:
+                            continue
+                        score2 = survey2.score(bus)
+                        if current_score <= score2:  # Ignore better students
+                            continue
+                        if least_preferred_survey is None or score2 < least_score:
+                            least_preferred_survey = survey2
+                            least_score = score2
+
+                    if least_preferred_survey is not None:
+                        # Remove the least student from the bus and put the current student in.
+                        # If it does not exist, choose the next bus.
+                        least_preferred_survey.free()
+                        least_preferred_survey.save()
+                        free_surveys.append(least_preferred_survey)
+                        survey.select_bus(bus)
+                        survey.save()
+                        free_surveys.remove(survey)
+                        break
+            else:
+                raise ValueError(f"User {survey.registration.user} has no free seat")
+
+            if tqdm_obj is not None:
+                tqdm_obj.n = len(surveys) - len(free_surveys)
+                tqdm_obj.refresh()

apps/wei/templates/wei/bus_detail.html

@@ -29,10 +29,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="font-weight-bold">
-            <svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
-            </svg>
-            {% trans "Teams" %}
+            <i class="fa fa-bus"></i> {% trans "Teams" %}
         </a>
     </div>
     {% render_table teams %}
@@ -45,10 +42,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="font-weight-bold">
-            <svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
-            </svg>
-            {% trans "Members" %}
+            <i class="fa fa-bus"></i> {% trans "Members" %}
         </a>
     </div>
     {% render_table memberships %}
@@ -57,13 +51,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <hr>
 
 <a href="{% url 'wei:wei_memberships_bus_pdf' wei_pk=club.pk bus_pk=object.pk %}" data-turbolinks="false">
-    <button class="btn btn-block btn-danger">
-        <svg class="bi bi-file-pdf" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-            <path d="M5.523 12.424c.14-.082.293-.162.459-.238a7.878 7.878 0 0 1-.45.606c-.28.337-.498.516-.635.572a.266.266 0 0 1-.035.012.282.282 0 0 1-.026-.044c-.056-.11-.054-.216.04-.36.106-.165.319-.354.647-.548zm2.455-1.647c-.119.025-.237.05-.356.078a21.148 21.148 0 0 0 .5-1.05 12.045 12.045 0 0 0 .51.858c-.217.032-.436.07-.654.114zm2.525.939a3.881 3.881 0 0 1-.435-.41c.228.005.434.022.612.054.317.057.466.147.518.209a.095.095 0 0 1 .026.064.436.436 0 0 1-.06.2.307.307 0 0 1-.094.124.107.107 0 0 1-.069.015c-.09-.003-.258-.066-.498-.256zM8.278 6.97c-.04.244-.108.524-.2.829a4.86 4.86 0 0 1-.089-.346c-.076-.353-.087-.63-.046-.822.038-.177.11-.248.196-.283a.517.517 0 0 1 .145-.04c.013.03.028.092.032.198.005.122-.007.277-.038.465z"/>
-            <path fill-rule="evenodd" d="M4 0h5.293A1 1 0 0 1 10 .293L13.707 4a1 1 0 0 1 .293.707V14a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2zm5.5 1.5v2a1 1 0 0 0 1 1h2l-3-3zM4.165 13.668c.09.18.23.343.438.419.207.075.412.04.58-.03.318-.13.635-.436.926-.786.333-.401.683-.927 1.021-1.51a11.651 11.651 0 0 1 1.997-.406c.3.383.61.713.91.95.28.22.603.403.934.417a.856.856 0 0 0 .51-.138c.155-.101.27-.247.354-.416.09-.181.145-.37.138-.563a.844.844 0 0 0-.2-.518c-.226-.27-.596-.4-.96-.465a5.76 5.76 0 0 0-1.335-.05 10.954 10.954 0 0 1-.98-1.686c.25-.66.437-1.284.52-1.794.036-.218.055-.426.048-.614a1.238 1.238 0 0 0-.127-.538.7.7 0 0 0-.477-.365c-.202-.043-.41 0-.601.077-.377.15-.576.47-.651.823-.073.34-.04.736.046 1.136.088.406.238.848.43 1.295a19.697 19.697 0 0 1-1.062 2.227 7.662 7.662 0 0 0-1.482.645c-.37.22-.699.48-.897.787-.21.326-.275.714-.08 1.103z"/>
-        </svg>
-        {% trans "View as PDF" %}
-    </button>
+    <button class="btn btn-block btn-danger"><i class="fa fa-file-pdf-o"></i> {% trans "View as PDF" %}</button>
 </a>
 {% endif %}
 {% endblock %}

apps/wei/templates/wei/busteam_detail.html

@@ -47,10 +47,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
     <div class="card-header position-relative" id="clubListHeading">
         <a class="font-weight-bold">
-            <svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
-            </svg>
-            {% trans "Teams" %}
+            <i class="fa fa-bus"></i> {% trans "Teams" %}
         </a>
     </div>
     {% render_table memberships %}
@@ -60,13 +57,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 <a href="{% url 'wei:wei_memberships_team_pdf' wei_pk=club.pk bus_pk=object.bus.pk team_pk=object.pk %}"
     data-turbolinks="false">
-    <button class="btn btn-block btn-danger">
-        <svg class="bi bi-file-pdf" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-            <path d="M5.523 12.424c.14-.082.293-.162.459-.238a7.878 7.878 0 0 1-.45.606c-.28.337-.498.516-.635.572a.266.266 0 0 1-.035.012.282.282 0 0 1-.026-.044c-.056-.11-.054-.216.04-.36.106-.165.319-.354.647-.548zm2.455-1.647c-.119.025-.237.05-.356.078a21.148 21.148 0 0 0 .5-1.05 12.045 12.045 0 0 0 .51.858c-.217.032-.436.07-.654.114zm2.525.939a3.881 3.881 0 0 1-.435-.41c.228.005.434.022.612.054.317.057.466.147.518.209a.095.095 0 0 1 .026.064.436.436 0 0 1-.06.2.307.307 0 0 1-.094.124.107.107 0 0 1-.069.015c-.09-.003-.258-.066-.498-.256zM8.278 6.97c-.04.244-.108.524-.2.829a4.86 4.86 0 0 1-.089-.346c-.076-.353-.087-.63-.046-.822.038-.177.11-.248.196-.283a.517.517 0 0 1 .145-.04c.013.03.028.092.032.198.005.122-.007.277-.038.465z"/>
-            <path fill-rule="evenodd" d="M4 0h5.293A1 1 0 0 1 10 .293L13.707 4a1 1 0 0 1 .293.707V14a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2zm5.5 1.5v2a1 1 0 0 0 1 1h2l-3-3zM4.165 13.668c.09.18.23.343.438.419.207.075.412.04.58-.03.318-.13.635-.436.926-.786.333-.401.683-.927 1.021-1.51a11.651 11.651 0 0 1 1.997-.406c.3.383.61.713.91.95.28.22.603.403.934.417a.856.856 0 0 0 .51-.138c.155-.101.27-.247.354-.416.09-.181.145-.37.138-.563a.844.844 0 0 0-.2-.518c-.226-.27-.596-.4-.96-.465a5.76 5.76 0 0 0-1.335-.05 10.954 10.954 0 0 1-.98-1.686c.25-.66.437-1.284.52-1.794.036-.218.055-.426.048-.614a1.238 1.238 0 0 0-.127-.538.7.7 0 0 0-.477-.365c-.202-.043-.41 0-.601.077-.377.15-.576.47-.651.823-.073.34-.04.736.046 1.136.088.406.238.848.43 1.295a19.697 19.697 0 0 1-1.062 2.227 7.662 7.662 0 0 0-1.482.645c-.37.22-.699.48-.897.787-.21.326-.275.714-.08 1.103z"/>
-        </svg>
-        {% trans "View as PDF" %}
-    </button>
+    <button class="btn btn-block btn-danger"><i class="fa fa-file-pdf-o"></i> {% trans "View as PDF" %}</button>
 </a>
 {% endif %}
 {% endblock %}

apps/wei/templates/wei/weiclub_detail.html

@@ -48,10 +48,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card bg-white mb-3">
     <div class="card-header position-relative" id="clubListHeading">
         <span class="font-weight-bold">
-            <svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
-            </svg>
-            {% trans "Buses" %}
+            <i class="fa fa-bus"></i> {% trans "Buses" %}
         </span>
     </div>
     {% render_table buses %}
@@ -63,12 +60,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <div class="card-header position-relative" id="clubListHeading">
         <a class="stretched-link font-weight-bold text-decoration-none"
             href="{% url "wei:wei_memberships" pk=club.pk %}">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                <path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
-                <path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
-            </svg>
-            {% trans "Members of the WEI" %}
+            <i class="fa fa-users"></i> {% trans "Members of the WEI" %}
         </a>
     </div>
     {% render_table member_list %}
@@ -80,10 +72,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <div class="card-header position-relative" id="historyListHeading">
         <a class="stretched-link font-weight-bold text-decoration-none" {% if "note.view_note"|has_perm:club.note %}
             href="{% url 'note:transactions' pk=club.note.pk %}" {% endif %}>
-            <svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
-            </svg>
-            {% trans "Transaction history" %}
+            <i class="fa fa-euro"></i> {% trans "Transaction history" %}
         </a>
     </div>
     <div id="history_list">
@@ -97,11 +86,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <div class="card-header position-relative" id="historyListHeading">
         <a class="stretched-link font-weight-bold text-decoration-none"
             href="{% url 'wei:wei_registrations' pk=club.pk %}">
-            <svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                <path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
-            </svg>
-            {% trans "Unvalidated registrations" %}
+            <i class="fa fa-user-plus"></i> {% trans "Unvalidated registrations" %}
         </a>
     </div>
     <div id="history_list">

apps/wei/templates/wei/weimembership_list.html

@@ -28,13 +28,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
         </a>
         <hr>
         <a href="{% url 'wei:wei_memberships_pdf' wei_pk=club.pk %}" data-turbolinks="false">
-            <button class="btn btn-block btn-danger">
-                <svg class="bi bi-file-pdf" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                    <path d="M5.523 12.424c.14-.082.293-.162.459-.238a7.878 7.878 0 0 1-.45.606c-.28.337-.498.516-.635.572a.266.266 0 0 1-.035.012.282.282 0 0 1-.026-.044c-.056-.11-.054-.216.04-.36.106-.165.319-.354.647-.548zm2.455-1.647c-.119.025-.237.05-.356.078a21.148 21.148 0 0 0 .5-1.05 12.045 12.045 0 0 0 .51.858c-.217.032-.436.07-.654.114zm2.525.939a3.881 3.881 0 0 1-.435-.41c.228.005.434.022.612.054.317.057.466.147.518.209a.095.095 0 0 1 .026.064.436.436 0 0 1-.06.2.307.307 0 0 1-.094.124.107.107 0 0 1-.069.015c-.09-.003-.258-.066-.498-.256zM8.278 6.97c-.04.244-.108.524-.2.829a4.86 4.86 0 0 1-.089-.346c-.076-.353-.087-.63-.046-.822.038-.177.11-.248.196-.283a.517.517 0 0 1 .145-.04c.013.03.028.092.032.198.005.122-.007.277-.038.465z"/>
-                    <path fill-rule="evenodd" d="M4 0h5.293A1 1 0 0 1 10 .293L13.707 4a1 1 0 0 1 .293.707V14a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2zm5.5 1.5v2a1 1 0 0 0 1 1h2l-3-3zM4.165 13.668c.09.18.23.343.438.419.207.075.412.04.58-.03.318-.13.635-.436.926-.786.333-.401.683-.927 1.021-1.51a11.651 11.651 0 0 1 1.997-.406c.3.383.61.713.91.95.28.22.603.403.934.417a.856.856 0 0 0 .51-.138c.155-.101.27-.247.354-.416.09-.181.145-.37.138-.563a.844.844 0 0 0-.2-.518c-.226-.27-.596-.4-.96-.465a5.76 5.76 0 0 0-1.335-.05 10.954 10.954 0 0 1-.98-1.686c.25-.66.437-1.284.52-1.794.036-.218.055-.426.048-.614a1.238 1.238 0 0 0-.127-.538.7.7 0 0 0-.477-.365c-.202-.043-.41 0-.601.077-.377.15-.576.47-.651.823-.073.34-.04.736.046 1.136.088.406.238.848.43 1.295a19.697 19.697 0 0 1-1.062 2.227 7.662 7.662 0 0 0-1.482.645c-.37.22-.699.48-.897.787-.21.326-.275.714-.08 1.103z"/>
-                </svg>
-                {% trans "View as PDF" %}
-            </button>
+            <button class="btn btn-block btn-danger"><i class="fa fa-file-pdf-o"></i> {% trans "View as PDF" %}</button>
         </a>
     </div>
     </div>

apps/wei/tests/test_wei_algorithm_2021.py

@@ -25,6 +25,7 @@ class TestWEIAlgorithm(TestCase):
             email="wei2021@example.com",
             date_start='2021-09-17',
             date_end='2021-09-19',
+            year=2021,
         )
 
         self.buses = []

apps/wei/tests/test_wei_algorithm_2022.py

@@ -0,0 +1,110 @@
+# Copyright (C) 2018-2022 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import random
+
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from ..forms.surveys.wei2022 import WEIBusInformation2022, WEISurvey2022, WORDS, WEISurveyInformation2022
+from ..models import Bus, WEIClub, WEIRegistration
+
+
+class TestWEIAlgorithm(TestCase):
+    """
+    Run some tests to ensure that the WEI algorithm is working well.
+    """
+    fixtures = ('initial',)
+
+    def setUp(self):
+        """
+        Create some test data, with one WEI and 10 buses with random score attributions.
+        """
+        self.wei = WEIClub.objects.create(
+            name="WEI 2022",
+            email="wei2022@example.com",
+            date_start='2022-09-16',
+            date_end='2022-09-18',
+            year=2022,
+        )
+
+        self.buses = []
+        for i in range(10):
+            bus = Bus.objects.create(wei=self.wei, name=f"Bus {i}", size=10)
+            self.buses.append(bus)
+            information = WEIBusInformation2022(bus)
+            for word in WORDS:
+                information.scores[word] = random.randint(0, 101)
+            information.save()
+            bus.save()
+
+    def test_survey_algorithm_small(self):
+        """
+        There are only a few people in each bus, ensure that each person has its best bus
+        """
+        # Add a few users
+        for i in range(10):
+            user = User.objects.create(username=f"user{i}")
+            registration = WEIRegistration.objects.create(
+                user=user,
+                wei=self.wei,
+                first_year=True,
+                birth_date='2000-01-01',
+            )
+            information = WEISurveyInformation2022(registration)
+            for j in range(1, 21):
+                setattr(information, f'word{j}', random.choice(WORDS))
+            information.step = 20
+            information.save(registration)
+            registration.save()
+
+        # Run algorithm
+        WEISurvey2022.get_algorithm_class()().run_algorithm()
+
+        # Ensure that everyone has its first choice
+        for r in WEIRegistration.objects.filter(wei=self.wei).all():
+            survey = WEISurvey2022(r)
+            preferred_bus = survey.ordered_buses()[0][0]
+            chosen_bus = survey.information.get_selected_bus()
+            self.assertEqual(preferred_bus, chosen_bus)
+
+    def test_survey_algorithm_full(self):
+        """
+        Buses are full of first year people, ensure that they are happy
+        """
+        # Add a lot of users
+        for i in range(95):
+            user = User.objects.create(username=f"user{i}")
+            registration = WEIRegistration.objects.create(
+                user=user,
+                wei=self.wei,
+                first_year=True,
+                birth_date='2000-01-01',
+            )
+            information = WEISurveyInformation2022(registration)
+            for j in range(1, 21):
+                setattr(information, f'word{j}', random.choice(WORDS))
+            information.step = 20
+            information.save(registration)
+            registration.save()
+
+        # Run algorithm
+        WEISurvey2022.get_algorithm_class()().run_algorithm()
+
+        penalty = 0
+        # Ensure that everyone seems to be happy
+        # We attribute a penalty for each user that didn't have its first choice
+        # The penalty is the square of the distance between the score of the preferred bus
+        # and the score of the attributed bus
+        # We consider it acceptable if the mean of this distance is lower than 5 %
+        for r in WEIRegistration.objects.filter(wei=self.wei).all():
+            survey = WEISurvey2022(r)
+            chosen_bus = survey.information.get_selected_bus()
+            buses = survey.ordered_buses()
+            score = min(v for bus, v in buses if bus == chosen_bus)
+            max_score = buses[0][1]
+            penalty += (max_score - score) ** 2
+
+            self.assertLessEqual(max_score - score, 25)  # Always less than 25 % of tolerance
+
+        self.assertLessEqual(penalty / 100, 25)  # Tolerance of 5 %

apps/wei/tests/test_wei_registration.py

@@ -782,7 +782,7 @@ class TestDefaultWEISurvey(TestCase):
         WEISurvey.update_form(None, None)
 
         self.assertEqual(CurrentSurvey.get_algorithm_class().get_survey_class(), CurrentSurvey)
-        self.assertEqual(CurrentSurvey.get_year(), 2021)
+        self.assertEqual(CurrentSurvey.get_year(), 2022)
 
 
 class TestWeiAPI(TestAPI):

docs/apps/treasury.rst

@@ -86,7 +86,7 @@ Génération
 
 Les factures peuvent s'exporter au format PDF (là est tout leur intérêt). Pour cela, on utilise le template LaTeX
 présent à l'adresse suivante :
-`/templates/treasury/invoice_sample.tex <https://gitlab.crans.org/bde/nk20/-/tree/master/templates/treasury/invoice_sample.tex>`_
+`/templates/treasury/invoice_sample.tex <https://gitlab.crans.org/bde/nk20/-/tree/main/templates/treasury/invoice_sample.tex>`_
 
 On le remplit avec les données de la facture et les données du BDE, hard-codées. On copie le template rempli dans un
 ficher tex dans un dossier temporaire. On fait ensuite 2 appels à ``pdflatex`` pour générer la facture au format PDF.

docs/external_services/oauth2.rst

@@ -41,8 +41,14 @@ On a ensuite besoin de définir nos propres scopes afin d'avoir des permissions
 
    OAUTH2_PROVIDER = {
        'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
+       'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator",
+       'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
    }
 
+Cela a pour effet d'avoir des scopes sous la forme ``PERMISSION_CLUB``,
+et de demander des scopes facultatives (voir plus bas).
+Un jeton de rafraîchissement expire de plus au bout de 14 jours, si non-renouvelé.
+
 On ajoute enfin les routes dans ``urls.py`` :
 
 .. code:: python
@@ -94,6 +100,27 @@ du format renvoyé.
    Vous pouvez donc contrôler le plus finement possible les permissions octroyées à vos
    jetons.
 
+.. danger::
+
+   Demander des scopes n'implique pas de les avoir.
+
+   Lorsque des scopes sont demandées par un client, la Note
+   va considérer l'ensemble des permissions accessibles parmi
+   ce qui est demandé. Dans vos programmes, vous devrez donc
+   vérifier les permissions acquises (communiquées lors de la
+   récupération du jeton d'accès à partir du grant code),
+   et prévoir un comportement dans le cas où des permissions
+   sont manquantes.
+
+   Cela offre un intérêt supérieur par rapport au protocole
+   OAuth2 classique, consistant à demander trop de permissions
+   et agir en conséquence.
+
+   Par exemple, vous pourriez demander la permission d'accéder
+   aux membres d'un club ou de faire des transactions, et agir
+   uniquement dans le cas où l'utilisateur connecté possède la
+   permission problématique.
+
 Avec Django-allauth
 ###################
 
@@ -116,6 +143,7 @@ installées (sur votre propre client), puis de bien ajouter l'application social
    SOCIALACCOUNT_PROVIDERS = {
        'notekfet': {
            # 'DOMAIN': 'note.crans.org',
+           'SCOPE': ['1_1', '2_1'],
        },
        ...
    }
@@ -123,6 +151,10 @@ installées (sur votre propre client), puis de bien ajouter l'application social
 Le paramètre ``DOMAIN`` permet de changer d'instance de Note Kfet. Par défaut, il
 se connectera à ``note.crans.org`` si vous ne renseignez rien.
 
+Le paramètre ``SCOPE`` permet de définir les scopes à demander.
+Dans l'exemple ci-dessous, les permissions d'accéder à l'utilisateur
+et au profil sont demandées.
+
 En créant l'application sur la note, vous pouvez renseigner
 ``https://monsite.example.com/accounts/notekfet/login/callback/`` en URL de redirection,
 à adapter selon votre configuration.

docs/install-dev.rst

@@ -23,7 +23,7 @@ Sur un Ubuntu/Debian :
    $ sudo apt update
    $ sudo apt install --no-install-recommends -y \
        python3-setuptools python3-venv python3-dev \
-       texlive-xetex gettext libjs-bootstrap4 git
+       texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome git
 
 Pour Arch Linux :
 

docs/install.rst

@@ -62,7 +62,7 @@ plus propre. On peut donc installer tout ce dont on a besoin, depuis buster-back
    $ sudo apt update
    $ sudo apt install -t buster-backports --no-install-recommends \
        gettext git ipython3 \  # Dépendances basiques
-       libjs-bootstrap4 \  # Pour l'affichage web
+       fonts-font-awesome libjs-bootstrap4 \  # Pour l'affichage web
        python3-bs4 python3-django python3-django-crispy-forms python3-django-extensions \
        python3-django-filters python3-django-oauth-toolkit python3-django-polymorphic \
        python3-djangorestframework python3-memcache python3-phonenumbers \
@@ -88,7 +88,7 @@ On clone donc le dépôt en tant que ``www-data`` :
 
    $ sudo -u www-data git clone https://gitlab.crans.org/bde/nk20.git /var/www/note_kfet
 
-Par défaut, le dépôt est configuré pour suivre la branche ``master``, qui est la branche
+Par défaut, le dépôt est configuré pour suivre la branche ``main``, qui est la branche
 stable, notamment installée sur `<https://note.crans.org/>`_. Pour changer de branche,
 notamment passer sur la branche ``beta`` sur un serveur de pré-production (un peu comme
 `<https://note-dev.crans.org/>`_), on peut faire :
@@ -587,7 +587,7 @@ Dans ce fichier, remplissez :
    ---
    note:
      server_name: note.crans.org
-     git_branch: master
+     git_branch: main
      cron_enabled: true
      email: notekfet2020@lists.crans.org
 

note_kfet/settings/base.py

@@ -7,6 +7,8 @@
 import os
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+from datetime import timedelta
+
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 
 # Quick-start development settings - unsuitable for production
@@ -22,6 +24,15 @@ ALLOWED_HOSTS = [
     os.getenv('NOTE_URL', 'localhost'),
 ]
 
+# Use secure cookies in production
+SESSION_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_SECURE = not DEBUG
+
+# Remember HTTPS for 1 year
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
 
 # Application definition
 
@@ -64,6 +75,7 @@ INSTALLED_APPS = [
     'permission',
     'registration',
     'scripts',
+    'sheets',
     'treasury',
     'wei',
 ]
@@ -248,6 +260,8 @@ REST_FRAMEWORK = {
 # OAuth2 Provider
 OAUTH2_PROVIDER = {
     'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
+    'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator",
+    'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
 }
 
 # Take control on how widget templates are sourced

note_kfet/static/css/custom.css

@@ -65,7 +65,7 @@ mark {
 
 /* Last BDE colors */
 .bg-primary {
-    background-color: rgb(18, 67, 4) !important;
+    background-color: rgb(102, 83, 105) !important;
 }
 
 html {
@@ -81,14 +81,14 @@ body {
 .btn-outline-primary:not(:disabled):not(.disabled).active,
 .btn-outline-primary:not(:disabled):not(.disabled):active {
     color: #fff;
-    background-color: rgb(18, 67, 46);
-    border-color: rgb(18, 67, 46);
+    background-color: rgb(102, 83, 105);
+    border-color: rgb(102, 83, 105);
 }
 
 .btn-outline-primary {
-    color: rgb(18, 67, 46);
+    color: rgb(102, 83, 105);
     background-color: rgba(248, 249, 250, 0.9);
-    border-color: rgb(18, 67, 46);
+    border-color: rgb(102, 83, 105);
 }
 
 .turbolinks-progress-bar {
@@ -97,37 +97,40 @@ body {
 
 .btn-primary:hover,
 .btn-primary:not(:disabled):not(.disabled).active,
-.btn-primary:not(:disabled):not(.disabled):active {
+.btn-primary:not(:disabled):not(.disabled):active,
+a.badge-primary:hover,
+a.badge-primary:not(:disabled):not(.disabled).active,
+a.badge-primary:not(:disabled):not(.disabled):active {
     color: #fff;
-    background-color: rgb(18, 67, 46);
-    border-color: rgb(18, 67, 46);
+    background-color: rgb(102, 83, 105);
+    border-color: rgb(102, 83, 105);
 }
 
-.btn-primary {
+.btn-primary, a.badge-primary {
     color: rgba(248, 249, 250, 0.9); 
-    background-color: rgb(28, 114, 10);
-    border-color: rgb(18, 67, 46);
+    background-color: rgb(102, 83, 105);
+    border-color: rgb(102, 83, 105);
 }
 
 .border-primary {
-    border-color: rgb(28, 114, 10) !important; 
+    border-color: rgb(115, 15, 115) !important; 
 }
 
 a {
-    color: rgb(28, 114, 10);
+    color: rgb(102, 83, 105);
 }
 
 a:hover {
-    color: rgb(122, 163, 75);
+    color: rgb(200, 30, 200);
 }
 
 .form-control:focus {
-    box-shadow: 0 0 0 0.25rem rgba(122, 163, 75, 0.25);
-    border-color: rgb(122, 163, 75);
+    box-shadow: 0 0 0 0.25rem rgba(200, 30, 200, 0.25);
+    border-color: rgb(200, 30, 200);
 }
 
 .btn-outline-primary.focus {
-  box-shadow: 0 0 0 0.25rem rgba(122, 163, 75, 0.5);
+  box-shadow: 0 0 0 0.25rem rgba(200, 30, 200, 0.5);
 }
 
 

note_kfet/static/js/autocomplete_model.js

@@ -13,21 +13,29 @@ $(document).ready(function () {
     $('#' + prefix + '_reset').removeClass('d-none')
 
     $.getJSON(api_url + (api_url.includes('?') ? '&' : '?') + 'format=json&search=^' + input + api_url_suffix, function (objects) {
-      let html = ''
+      let html = '<ul class="list-group list-group-flush" id="' + prefix + '_list">'
 
       objects.results.forEach(function (obj) {
         html += li(prefix + '_' + obj.id, obj[name_field])
       })
+      html += '</ul>'
 
-      const results_list = $('#' + prefix + '_list')
-      results_list.html(html)
+      target.tooltip({
+        html: true,
+        placement: 'bottom',
+        trigger: 'manual',
+        container: target.parent(),
+        fallbackPlacement: 'clockwise'
+      })
+
+      target.attr("data-original-title", html).tooltip("show")
 
       objects.results.forEach(function (obj) {
         $('#' + prefix + '_' + obj.id).click(function () {
           target.val(obj[name_field])
           $('#' + prefix + '_pk').val(obj.id)
 
-          results_list.html('')
+          target.tooltip("hide")
           target.removeClass('is-invalid')
           target.addClass('is-valid')
 
@@ -37,8 +45,8 @@ $(document).ready(function () {
         if (input === obj[name_field]) { $('#' + prefix + '_pk').val(obj.id) }
       })
 
-      if (results_list.children().length === 1 && e.originalEvent.keyCode >= 32) {
-        results_list.children().first().trigger('click')
+      if (objects.results.length === 1 && e.originalEvent.keyCode >= 32) {
+        $('#' + prefix + '_' + objects.results[0].id).trigger('click')
       }
     })
   })

note_kfet/templates/autocomplete_model.html

@@ -9,9 +9,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
    name="{{ widget.name }}_name" autocomplete="off"
     {% for name, value in widget.attrs.items %}
         {% ifnotequal value False %}{{ name }}{% ifnotequal value True %}="{{ value|stringformat:'s' }}"{% endifnotequal %}{% endifnotequal %}
-    {% endfor %}>
+    {% endfor %}
+    aria-describedby="{{widget.attrs.id}}_tooltip">
     {% if widget.resetable %}
         <a id="{{ widget.attrs.id }}_reset" class="btn btn-light autocomplete-reset{% if not widget.value %} d-none{% endif %}">{% trans "Reset" %}</a>
     {% endif %}
-<ul class="list-group list-group-flush" id="{{ widget.attrs.id }}_list">
-</ul>
+

note_kfet/templates/base.html

@@ -24,16 +24,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <meta name="msapplication-config" content="{% static "favicon/browserconfig.xml" %}">
     <meta name="theme-color" content="#ffffff">
 
-    {# Load CSS #}
+    {# Bootstrap, Font Awesome and custom CSS #}
     <link rel="stylesheet" href="{% static "bootstrap4/css/bootstrap.min.css" %}">
+    <link rel="stylesheet" href="{% static "font-awesome/css/font-awesome.min.css" %}">
     <link rel="stylesheet" href="{% static "css/custom.css" %}">
 
     {# JQuery, Bootstrap and Turbolinks JavaScript #}
     <script src="{% static "jquery/jquery.min.js" %}"></script>
     <script src="{% static "popper.js/umd/popper.min.js" %}"></script>
     <script src="{% static "bootstrap4/js/bootstrap.min.js" %}"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/turbolinks/5.2.0/turbolinks.js"
-            crossorigin="anonymous"></script>
+    <script src="{% static "js/turbolinks.js" %}"></script>
     <script src="{% static "js/base.js" %}"></script>
     <script src="{% static "js/konami.js" %}"></script>
 
@@ -63,101 +63,54 @@ SPDX-License-Identifier: GPL-3.0-or-later
                     {% if "note.transactiontemplate"|not_empty_model_list %}
                         <li class="nav-item">
                             {% url 'note:consos' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-mug" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M1 2a1 1 0 0 1 1-1h11a1 1 0 0 1 1 1v1h.5A1.5 1.5 0 0 1 16 4.5v7a1.5 1.5 0 0 1-1.5 1.5h-.55a2.5 2.5 0 0 1-2.45 2h-8A2.5 2.5 0 0 1 1 12.5V2zm13 10h.5a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.5-.5H14v8z"/>
-                                </svg>
-                                {% trans 'Consumptions' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-coffee"></i> {% trans 'Consumptions' %}</a>
                         </li>
                     {% endif %}
                     {% if user.is_authenticated and user|is_member:"Kfet" %}
                         <li class="nav-item">
                             {% url 'note:transfer' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-exchange" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path fill-rule="evenodd" d="M1 11.5a.5.5 0 0 0 .5.5h11.793l-3.147 3.146a.5.5 0 0 0 .708.708l4-4a.5.5 0 0 0 0-.708l-4-4a.5.5 0 0 0-.708.708L13.293 11H1.5a.5.5 0 0 0-.5.5zm14-7a.5.5 0 0 1-.5.5H2.707l3.147 3.146a.5.5 0 1 1-.708.708l-4-4a.5.5 0 0 1 0-.708l4-4a.5.5 0 1 1 .708.708L2.707 4H14.5a.5.5 0 0 1 .5.5z"/>
-                                </svg>
-                                {% trans 'Transfer' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-exchange"></i> {% trans 'Transfer' %} </a>
                         </li>
                     {% endif %}
                     {% if "auth.user"|model_list_length >= 2 %}
                         <li class="nav-item">
                             {% url 'member:user_list' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-user" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                                </svg>
-                                {% trans 'Users' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-user"></i> {% trans 'Users' %}</a>
                         </li>
                     {% endif %}
                     {% if "member.club"|not_empty_model_list %}
                         <li class="nav-item">
                             {% url 'member:club_list' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                                    <path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
-                                    <path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
-                                </svg>
-                                {% trans 'Clubs' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-users"></i> {% trans 'Clubs' %}</a>
                         </li>
                     {% endif %}
                     {% if "activity.activity"|not_empty_model_list %}
                         <li class="nav-item">
                             {% url 'activity:activity_list' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-calendar" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M3.5 0a.5.5 0 0 1 .5.5V1h8V.5a.5.5 0 0 1 1 0V1h1a2 2 0 0 1 2 2v11a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2V5h16V4H0V3a2 2 0 0 1 2-2h1V.5a.5.5 0 0 1 .5-.5z"/>
-                                </svg>
-                                {% trans 'Activities' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-calendar"></i> {% trans 'Activities' %}</a>
                         </li>
                     {% endif %}
                     {% if "treasury.invoice"|not_empty_model_list %}
                         <li class="nav-item">
                             {% url 'treasury:invoice_list' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-credit-card" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M0 4a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v1H0V4zm0 3v5a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V7H0zm3 2h1a1 1 0 0 1 1 1v1a1 1 0 0 1-1 1H3a1 1 0 0 1-1-1v-1a1 1 0 0 1 1-1z"/>
-                                </svg>
-                                {% trans 'Treasury' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-credit-card"></i> {% trans 'Treasury' %}</a>
                         </li>
                     {% endif %}
                     {% if "wei.weiclub"|not_empty_model_list %}
                         <li class="nav-item">
                             {% url 'wei:current_wei_detail' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
-                                </svg>
-                                {% trans 'WEI' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-bus"></i> {% trans 'WEI' %}</a>
                         </li>
                     {% endif %}
                     {% if request.user.is_authenticated %}
                         <li class="nav-item">
                             {% url 'permission:rights' as url %}
-                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
-                                <svg class="bi bi-shield" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path fill-rule="evenodd" d="M8 0c-.69 0-1.843.265-2.928.56-1.11.3-2.229.655-2.887.87a1.54 1.54 0 0 0-1.044 1.262c-.596 4.477.787 7.795 2.465 9.99a11.777 11.777 0 0 0 2.517 2.453c.386.273.744.482 1.048.625.28.132.581.24.829.24s.548-.108.829-.24a7.159 7.159 0 0 0 1.048-.625 11.775 11.775 0 0 0 2.517-2.453c1.678-2.195 3.061-5.513 2.465-9.99a1.541 1.541 0 0 0-1.044-1.263 62.467 62.467 0 0 0-2.887-.87C9.843.266 8.69 0 8 0zm0 5a1.5 1.5 0 0 1 .5 2.915l.385 1.99a.5.5 0 0 1-.491.595h-.788a.5.5 0 0 1-.49-.595l.384-1.99A1.5 1.5 0 0 1 8 5z"/>
-                                </svg>
-                                {% trans 'Rights' %}
-                            </a>
+                            <a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-balance-scale"></i> {% trans 'Rights' %}</a>
                         </li>
                     {% endif %}
                     {% if request.user.is_staff and ""|has_perm:user %}
                         <li class="nav-item">
-                            <a data-turbolinks="false" class="nav-link" href="{% url 'admin:index' %}">
-                                <svg class="bi bi-cog" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M9.405 1.05c-.413-1.4-2.397-1.4-2.81 0l-.1.34a1.464 1.464 0 0 1-2.105.872l-.31-.17c-1.283-.698-2.686.705-1.987 1.987l.169.311c.446.82.023 1.841-.872 2.105l-.34.1c-1.4.413-1.4 2.397 0 2.81l.34.1a1.464 1.464 0 0 1 .872 2.105l-.17.31c-.698 1.283.705 2.686 1.987 1.987l.311-.169a1.464 1.464 0 0 1 2.105.872l.1.34c.413 1.4 2.397 1.4 2.81 0l.1-.34a1.464 1.464 0 0 1 2.105-.872l.31.17c1.283.698 2.686-.705 1.987-1.987l-.169-.311a1.464 1.464 0 0 1 .872-2.105l.34-.1c1.4-.413 1.4-2.397 0-2.81l-.34-.1a1.464 1.464 0 0 1-.872-2.105l.17-.31c.698-1.283-.705-2.686-1.987-1.987l-.311.169a1.464 1.464 0 0 1-2.105-.872l-.1-.34zM8 10.93a2.929 2.929 0 1 1 0-5.86 2.929 2.929 0 0 1 0 5.858z"/>
-                                </svg>
-                                {% trans 'Admin' %}
-                            </a>
+                            <a data-turbolinks="false" class="nav-link" href="{% url 'admin:index' %}"><i class="fa fa-cogs"></i> {% trans 'Admin' %}</a>
                         </li>
                     {% endif %}
                 </ul>
@@ -165,25 +118,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
                     {% if request.user.is_authenticated %}
                         <li class="dropdown">
                             <a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-                                <svg class="bi bi-user" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                    <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                                </svg>
+                                <i class="fa fa-user"></i>
                                 <span id="user_balance">{{ request.user.username }} ({{ request.user.note.balance | pretty_money }})</span>
                             </a>
                             <div class="dropdown-menu dropdown-menu-right"
                                  aria-labelledby="navbarDropdownMenuLink">
                                 <a class="dropdown-item" href="{% url 'member:user_detail' pk=request.user.pk %}">
-                                    <svg class="bi bi-user" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                        <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                                    </svg>
-                                    {% trans "My account" %}
+                                    <i class="fa fa-user"></i> {% trans "My account" %}
                                 </a>
                                 <a class="dropdown-item" href="{% url 'logout' %}">
-                                    <svg class="bi bi-signout" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                        <path fill-rule="evenodd" d="M10 12.5a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-9a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v2a.5.5 0 0 0 1 0v-2A1.5 1.5 0 0 0 9.5 2h-8A1.5 1.5 0 0 0 0 3.5v9A1.5 1.5 0 0 0 1.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-2a.5.5 0 0 0-1 0v2z"/>
-                                        <path fill-rule="evenodd" d="M15.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 0 0-.708.708L14.293 7.5H5.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
-                                    </svg>
-                                    {% trans "Log out" %}
+                                    <i class="fa fa-sign-out"></i> {% trans "Log out" %}
                                 </a>
                             </div>
                         </li>
@@ -191,22 +135,14 @@ SPDX-License-Identifier: GPL-3.0-or-later
                 {% if request.path != "/registration/signup/" %}
                             <li class="nav-item">
                                 <a class="nav-link" href="{% url 'registration:signup' %}">
-                                    <svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                        <path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                                        <path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
-                                    </svg>
-                                    {% trans "Sign up" %}
+                                    <i class="fa fa-user-plus"></i> {% trans "Sign up" %}
                                 </a>
                             </li>
                         {% endif %}
                 {% if request.path != "/accounts/login/" %}
                             <li class="nav-item">
                                 <a class="nav-link" href="{% url 'login' %}">
-                                    <svg class="bi bi-login" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                                        <path fill-rule="evenodd" d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z"/>
-                                        <path fill-rule="evenodd" d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
-                                    </svg>
-                                    {% trans "Log in" %}
+                                    <i class="fa fa-sign-in"></i> {% trans "Log in" %}
                                 </a>
                             </li>
                         {% endif %}

note_kfet/urls.py

@@ -21,6 +21,7 @@ urlpatterns = [
     path('activity/', include('activity.urls')),
     path('treasury/', include('treasury.urls')),
     path('wei/', include('wei.urls')),
+    path('sheets/', include('sheets.urls')),
 
     # Include Django Contrib and Core routers
     path('i18n/', include('django.conf.urls.i18n')),