enable JavaScriptCatalog view

Atomicité

See merge request bde/nk20!122

apps/activity/models.py

@@ -7,7 +7,7 @@ from threading import Thread
 
 from django.conf import settings
 from django.contrib.auth.models import User
-from django.db import models
+from django.db import models, transaction
 from django.db.models import Q
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
@@ -123,6 +123,7 @@ class Activity(models.Model):
         verbose_name=_('open'),
     )
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         """
         Update the activity wiki page each time the activity is updated (validation, change description, ...)
@@ -194,8 +195,8 @@ class Entry(models.Model):
             else _("Entry for {note} to the activity {activity}").format(
             guest=str(self.guest), note=str(self.note), activity=str(self.activity))
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
-
         qs = Entry.objects.filter(~Q(pk=self.pk), activity=self.activity, note=self.note, guest=self.guest)
         if qs.exists():
             raise ValidationError(_("Already entered on ") + _("{:%Y-%m-%d %H:%M:%S}").format(qs.get().time, ))
@@ -260,6 +261,7 @@ class Guest(models.Model):
         except AttributeError:
             return False
 
+    @transaction.atomic
     def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
         one_year = timedelta(days=365)
 

apps/activity/views.py

@@ -7,6 +7,7 @@ from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import PermissionDenied
+from django.db import transaction
 from django.db.models import F, Q
 from django.http import HttpResponse
 from django.urls import reverse_lazy
@@ -44,6 +45,7 @@ class ActivityCreateView(ProtectQuerysetMixin, ProtectedCreateView):
             date_end=timezone.now(),
         )
 
+    @transaction.atomic
     def form_valid(self, form):
         form.instance.creater = self.request.user
         return super().form_valid(form)
@@ -145,6 +147,7 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
         form.fields["inviter"].initial = self.request.user.note
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         form.instance.activity = Activity.objects\
             .filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")).get(pk=self.kwargs["pk"])

apps/member/forms.py

@@ -8,6 +8,7 @@ from django import forms
 from django.conf import settings
 from django.contrib.auth.forms import AuthenticationForm
 from django.contrib.auth.models import User
+from django.db import transaction
 from django.forms import CheckboxSelectMultiple
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
@@ -57,6 +58,7 @@ class ProfileForm(forms.ModelForm):
         self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"})
         self.fields['promotion'].widget.attrs.update({"max": timezone.now().year})
 
+    @transaction.atomic
     def save(self, commit=True):
         if not self.instance.section or (("department" in self.changed_data
                                          or "promotion" in self.changed_data) and "section" not in self.changed_data):
@@ -161,7 +163,7 @@ class MembershipForm(forms.ModelForm):
     soge = forms.BooleanField(
         label=_("Inscription paid by Société Générale"),
         required=False,
-        help_text=_("Check this case is the Société Générale paid the inscription."),
+        help_text=_("Check this case if the Société Générale paid the inscription."),
     )
 
     credit_type = forms.ModelChoiceField(

apps/member/models.py

@@ -7,7 +7,7 @@ import os
 from django.conf import settings
 from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
-from django.db import models
+from django.db import models, transaction
 from django.db.models import Q
 from django.template import loader
 from django.urls import reverse, reverse_lazy
@@ -271,6 +271,7 @@ class Club(models.Model):
             self._force_save = True
             self.save(force_update=True)
 
+    @transaction.atomic
     def save(self, force_insert=False, force_update=False, using=None,
              update_fields=None):
         if not self.require_memberships:
@@ -406,6 +407,7 @@ class Membership(models.Model):
                 parent_membership.roles.set(Role.objects.filter(name="Membre de club").all())
             parent_membership.save()
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         """
         Calculate fee and end date before saving the membership and creating the transaction if needed.
@@ -475,8 +477,13 @@ class Membership(models.Model):
                 # to treasurers.
                 transaction.valid = False
                 from treasury.models import SogeCredit
-                soge_credit = SogeCredit.objects.get_or_create(user=self.user)[0]
+                if SogeCredit.objects.filter(user=self.user).exists():
-                soge_credit.refresh_from_db()
+                    soge_credit = SogeCredit.objects.get(user=self.user)
+                else:
+                    soge_credit = SogeCredit(user=self.user)
+                    soge_credit._force_save = True
+                    soge_credit.save(force_insert=True)
+                    soge_credit.refresh_from_db()
                 transaction.save(force_insert=True)
                 transaction.refresh_from_db()
                 soge_credit.transactions.add(transaction)

apps/member/templates/member/add_members.html

@@ -13,15 +13,29 @@ SPDX-License-Identifier: GPL-3.0-or-later
         {% if additional_fee_renewal %}
         <div class="alert alert-warning">
             {% if renewal %}
-            {% blocktrans trimmed with clubs=clubs_renewal|join:", " pretty_fee=additional_fee_renewal|pretty_money %}
+                {% if club.name == "Kfet" %} {# Auto-renewal #}
-            The user is not a member of the club·s {{ clubs }}. An additional fee of {{ pretty_fee }}
+                    {% blocktrans trimmed with clubs=clubs_renewal|join:", " pretty_fee=additional_fee_renewal|pretty_money %}
-            will be charged to renew automatically the membership in this/these club·s.
+                    The user is not a member of the club·s {{ clubs }}. An additional fee of {{ pretty_fee }}
-            {% endblocktrans %}
+                    will be charged to renew automatically the membership in this/these club·s.
+                    {% endblocktrans %}
+                {% else %}
+                    {% blocktrans trimmed with clubs=clubs_renewal|join:", " pretty_fee=additional_fee_renewal|pretty_money %}
+                        The user is not a member of the club·s {{ clubs }}. Please create the required memberships,
+                        otherwise it will fail.
+                    {% endblocktrans %}
+                {% endif %}
             {% else %}
-            {% blocktrans trimmed with clubs=clubs_renewal|join:", " pretty_fee=additional_fee_renewal|pretty_money %}
+                {% if club.name == "Kfet" %}
-            This club has parents {{ clubs }}. An additional fee of {{ pretty_fee }}
+                    {% blocktrans trimmed with clubs=clubs_renewal|join:", " pretty_fee=additional_fee_renewal|pretty_money %}
-            will be charged to adhere automatically to this/these club·s.
+                    This club has parents {{ clubs }}. An additional fee of {{ pretty_fee }}
-            {% endblocktrans %}
+                    will be charged to adhere automatically to this/these club·s.
+                    {% endblocktrans %}
+                {% else %}
+                    {% blocktrans trimmed with clubs=clubs_renewal|join:", " pretty_fee=additional_fee_renewal|pretty_money %}
+                        This club has parents {{ clubs }}. Please make sure that the user is a member of this or these club·s,
+                        otherwise the creation of this membership will fail.
+                    {% endblocktrans %}
+                {% endif %}
             {% endif %}
         </div>
         {% endif %}

apps/member/templates/member/includes/profile_info.html

@@ -38,7 +38,7 @@
     <dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
     <dd class="col-xl-6">{{ user_object.profile.address }}</dd>
 
-    {% if "note.view_note"|has_perm:user_object.note %}
+    {% if user_object.note and "note.view_note"|has_perm:user_object.note %}
     <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
     <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
 
@@ -47,7 +47,7 @@
     {% endif %}
 </dl>
 
-{% if user_object.pk == user_object.pk %}
+{% if user_object.pk == user.pk %}
     <div class="text-center">
         <a class="small badge badge-secondary" href="{% url 'member:auth_token' %}">
             <i class="fa fa-cogs"></i>{% trans 'API token' %}

apps/member/views.py

@@ -38,6 +38,7 @@ class CustomLoginView(LoginView):
     """
     form_class = CustomAuthenticationForm
 
+    @transaction.atomic
     def form_valid(self, form):
         logout(self.request)
         _set_current_user_and_ip(form.get_user(), self.request.session, None)
@@ -76,6 +77,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
 
         return context
 
+    @transaction.atomic
     def form_valid(self, form):
         """
         Check if ProfileForm is correct
@@ -269,6 +271,7 @@ class PictureUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin, Det
         self.object = self.get_object()
         return self.form_valid(form) if form.is_valid() else self.form_invalid(form)
 
+    @transaction.atomic
     def form_valid(self, form):
         """Save image to note"""
         image = form.cleaned_data['image']
@@ -607,6 +610,9 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
         bank = form.cleaned_data["bank"]
         soge = form.cleaned_data["soge"] and not user.profile.soge and (club.name == "BDE" or club.name == "Kfet")
 
+        if not credit_type:
+            credit_amount = 0
+
         if not soge and user.note.balance + credit_amount < fee and not Membership.objects.filter(
                 club__name="Kfet",
                 user=user,
@@ -628,6 +634,16 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
             form.add_error('user', _('User is already a member of the club'))
             error = True
 
+        # Must join the parent club before joining this club, except for the Kfet club where it can be at the same time.
+        if club.name != "Kfet" and club.parent_club and not Membership.objects.filter(
+                user=form.instance.user,
+                club=club.parent_club,
+                date_start__lte=club.parent_club.membership_start,
+                date_end__gte=club.parent_club.membership_end,
+        ).exists():
+            form.add_error('user', _('User is not a member of the parent club') + ' ' + club.parent_club.name)
+            error = True
+
         if club.membership_start and form.instance.date_start < club.membership_start:
             form.add_error('user', _("The membership must start after {:%m-%d-%Y}.")
                            .format(form.instance.club.membership_start))
@@ -650,6 +666,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
 
         return not error
 
+    @transaction.atomic
     def form_valid(self, form):
         """
         Create membership, check that all is good, make transactions

apps/note/api/views.py

@@ -1,5 +1,6 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
+
 from django.conf import settings
 from django.db.models import Q
 from django.core.exceptions import ValidationError
@@ -56,8 +57,9 @@ class AliasViewSet(ReadProtectedModelViewSet):
     """
     queryset = Alias.objects.all()
     serializer_class = AliasSerializer
-    filter_backends = [SearchFilter, OrderingFilter]
+    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
+    filterset_fields = ['note']
     ordering_fields = ['name', 'normalized_name']
 
     def get_serializer_class(self):
@@ -106,8 +108,9 @@ class AliasViewSet(ReadProtectedModelViewSet):
 class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
     queryset = Alias.objects.all()
     serializer_class = ConsumerSerializer
-    filter_backends = [SearchFilter, OrderingFilter]
+    filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]
     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
+    filterset_fields = ['note']
     ordering_fields = ['name', 'normalized_name']
 
     def get_queryset(self):
@@ -116,29 +119,31 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
         :return: The filtered set of requested aliases
         """
 
-        queryset = super().get_queryset()
+        queryset = super().get_queryset().distinct()
         # Sqlite doesn't support ORDER BY in subqueries
         queryset = queryset.order_by("name") \
             if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' else queryset
 
-        alias = self.request.query_params.get("alias", ".*")
+        alias = self.request.query_params.get("alias", None)
         queryset = queryset.prefetch_related('note')
-        # We match first an alias if it is matched without normalization,
+
-        # then if the normalized pattern matches a normalized alias.
+        if alias:
-        queryset = queryset.filter(
+            # We match first an alias if it is matched without normalization,
-            name__iregex="^" + alias
+            # then if the normalized pattern matches a normalized alias.
-        ).union(
+            queryset = queryset.filter(
-            queryset.filter(
+                name__iregex="^" + alias
-                Q(normalized_name__iregex="^" + Alias.normalize(alias))
+            ).union(
-                & ~Q(name__iregex="^" + alias)
+                queryset.filter(
-            ),
+                    Q(normalized_name__iregex="^" + Alias.normalize(alias))
-            all=True).union(
+                    & ~Q(name__iregex="^" + alias)
-            queryset.filter(
+                ),
-                Q(normalized_name__iregex="^" + alias.lower())
+                all=True).union(
-                & ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                queryset.filter(
-                & ~Q(name__iregex="^" + alias)
+                    Q(normalized_name__iregex="^" + alias.lower())
-            ),
+                    & ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
-            all=True)
+                    & ~Q(name__iregex="^" + alias)
+                ),
+                all=True)
 
         queryset = queryset if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' \
             else queryset.order_by("name")
@@ -179,8 +184,11 @@ class TransactionViewSet(ReadProtectedModelViewSet):
     """
     queryset = Transaction.objects.order_by("-created_at").all()
     serializer_class = TransactionPolymorphicSerializer
-    filter_backends = [SearchFilter]
+    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filterset_fields = ["source", "source_alias", "destination", "destination_alias", "quantity",
+                        "polymorphic_ctype", "amount", "created_at", ]
     search_fields = ['$reason', ]
+    ordering_fields = ['created_at', 'amount']
 
     def get_queryset(self):
         user = self.request.user

apps/note/models/notes.py

@@ -8,7 +8,7 @@ from django.conf.global_settings import DEFAULT_FROM_EMAIL
 from django.core.exceptions import ValidationError
 from django.core.mail import send_mail
 from django.core.validators import RegexValidator
-from django.db import models
+from django.db import models, transaction
 from django.template.loader import render_to_string
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
@@ -93,6 +93,7 @@ class Note(PolymorphicModel):
         delta = timezone.now() - self.last_negative
         return "{:d} jours".format(delta.days)
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         """
         Save note with it's alias (called in polymorphic children)
@@ -108,12 +109,16 @@ class Note(PolymorphicModel):
 
             # Save alias
             a.note = self
+            # Consider that if the name of the note could be changed, then the alias can be created.
+            # It does not mean that any alias can be created.
+            a._force_save = True
             a.save(force_insert=True)
         else:
             # Check if the name of the note changed without changing the normalized form of the alias
             alias = Alias.objects.get(normalized_name=Alias.normalize(str(self)))
             if alias.name != str(self):
                 alias.name = str(self)
+                alias._force_save = True
                 alias.save()
 
     def clean(self, *args, **kwargs):
@@ -154,6 +159,7 @@ class NoteUser(Note):
     def pretty(self):
         return _("%(user)s's note") % {'user': str(self.user)}
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         if self.pk and self.balance < 0:
             old_note = NoteUser.objects.get(pk=self.pk)
@@ -195,6 +201,7 @@ class NoteClub(Note):
     def pretty(self):
         return _("Note of %(club)s club") % {'club': str(self.club)}
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         if self.pk and self.balance < 0:
             old_note = NoteClub.objects.get(pk=self.pk)
@@ -310,6 +317,7 @@ class Alias(models.Model):
             pass
         self.normalized_name = normalized_name
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         self.clean()
         super().save(*args, **kwargs)

apps/note/models/transactions.py

@@ -170,19 +170,21 @@ class Transaction(PolymorphicModel):
         previous_source_balance = self.source.balance
         previous_dest_balance = self.destination.balance
 
-        source_balance = self.source.balance
+        source_balance = previous_source_balance
-        dest_balance = self.destination.balance
+        dest_balance = previous_dest_balance
 
         created = self.pk is None
-        to_transfer = self.amount * self.quantity
+        to_transfer = self.total
-        if not created and not self.valid and not hasattr(self, "_force_save"):
+        if not created:
             # Revert old transaction
-            old_transaction = Transaction.objects.get(pk=self.pk)
+            # We make a select for update to avoid concurrency issues
+            old_transaction = Transaction.objects.select_for_update().get(pk=self.pk)
             # Check that nothing important changed
-            for field_name in ["source_id", "destination_id", "quantity", "amount"]:
+            if not hasattr(self, "_force_save"):
-                if getattr(self, field_name) != getattr(old_transaction, field_name):
+                for field_name in ["source_id", "destination_id", "quantity", "amount"]:
-                    raise ValidationError(_("You can't update the {field} on a Transaction. "
+                    if getattr(self, field_name) != getattr(old_transaction, field_name):
-                                            "Please invalidate it and create one other.").format(field=field_name))
+                        raise ValidationError(_("You can't update the {field} on a Transaction. "
+                                                "Please invalidate it and create one other.").format(field=field_name))
 
             if old_transaction.valid == self.valid:
                 # Don't change anything
@@ -215,10 +217,6 @@ class Transaction(PolymorphicModel):
             # When source == destination, no money is transferred and no transaction is created
             return
 
-        # We refresh the notes with the "select for update" tag to avoid concurrency issues
-        self.source = Note.objects.filter(pk=self.source_id).select_for_update().get()
-        self.destination = Note.objects.filter(pk=self.destination_id).select_for_update().get()
-
         # Check that the amounts stay between big integer bounds
         diff_source, diff_dest = self.validate()
 
@@ -237,9 +235,11 @@ class Transaction(PolymorphicModel):
         super().save(*args, **kwargs)
 
         # Save notes
+        self.source.refresh_from_db()
         self.source.balance += diff_source
         self.source._force_save = True
         self.source.save()
+        self.destination.refresh_from_db()
         self.destination.balance += diff_dest
         self.destination._force_save = True
         self.destination.save()
@@ -273,6 +273,7 @@ class RecurrentTransaction(Transaction):
                 _("The destination of this transaction must equal to the destination of the template."))
         return super().clean()
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         self.clean()
         return super().save(*args, **kwargs)
@@ -323,6 +324,7 @@ class SpecialTransaction(Transaction):
             raise(ValidationError(_("A special transaction is only possible between a"
                                     " Note associated to a payment method and a User or a Club")))
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         self.clean()
         super().save(*args, **kwargs)

apps/note/static/note/js/consos.js

@@ -29,7 +29,6 @@ $(document).ready(function () {
   // Switching in double consumptions mode should update the layout
   $('#double_conso').change(function () {
     $('#consos_list_div').removeClass('d-none')
-    $('#user_select_div').attr('class', 'col-xl-4')
     $('#infos_div').attr('class', 'col-sm-5 col-xl-6')
 
     const note_list_obj = $('#note_list')
@@ -48,7 +47,6 @@ $(document).ready(function () {
 
   $('#single_conso').change(function () {
     $('#consos_list_div').addClass('d-none')
-    $('#user_select_div').attr('class', 'col-xl-7')
     $('#infos_div').attr('class', 'col-sm-5 col-md-4')
 
     const consos_list_obj = $('#consos_list')
@@ -255,7 +253,7 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
           template: template
         }).done(function () {
         reset()
-        addMsg("La transaction n'a pas pu être validée pour cause de solde insuffisant.", 'danger', 10000)
+        addMsg(gettext("La transaction n'a pas pu être validée pour cause de solde insuffisant."), 'danger', 10000)
       }).fail(function () {
         reset()
         errMsg(e.responseJSON)

apps/note/templates/note/conso_form.html

@@ -10,22 +10,22 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% block content %}
     <div class="row mt-4">
         <div class="col-sm-5 col-md-4" id="infos_div">
-            <div class="row">
+            <div class="row justify-content-center justify-content-md-end">
                 {# User details column #}
-                <div class="col">
+                <div class="col picture-col">
-                    <div class="card bg-light border-success mb-4 text-center">
+                    <div class="card bg-light mb-4 text-center">
                         <a id="profile_pic_link" href="#">
                             <img src="{% static "member/img/default_picture.png" %}"
-                                 id="profile_pic" alt="" class="card-img-top">
+                                 id="profile_pic" alt="" class="card-img-top d-none d-sm-block">
                         </a>
-                        <div class="card-body text-center text-break">
+                        <div class="card-body text-center text-break p-2">
-                            <span id="user_note"></span>
+                            <span id="user_note"><i class="small">{% trans "Please select a note" %}</i></span>
                         </div>
                     </div>
                 </div>
 
                 {# User selection column #}
-                <div class="col-xl-7" id="user_select_div">
+                <div class="col-xl" id="user_select_div">
                     <div class="card bg-light border-success mb-4">
                         <div class="card-header">
                             <p class="card-text font-weight-bold">
@@ -44,6 +44,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                         </div>
                     </div>
                 </div>
+
                 {# Summary of consumption and consume button #}
                 <div class="col-xl-5 d-none" id="consos_list_div">
                     <div class="card bg-light border-info mb-4">
@@ -65,7 +66,6 @@ SPDX-License-Identifier: GPL-3.0-or-later
                 </div>
             </div>
 
-
             {# Show last used buttons #}
             <div class="card bg-light mb-4">
                 <div class="card-header">
@@ -159,7 +159,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% endblock %}
 
 {% block extrajavascript %}
-    <script type="text/javascript" src="{% static "js/consos.js" %}"></script>
+    <script type="text/javascript" src="{% static "note/js/consos.js" 'javascript-catalog' %}"></script>
     <script type="text/javascript">
         {% for button in highlighted %}
             {% if button.display %}

apps/note/templates/note/transaction_form.html

@@ -34,21 +34,21 @@ SPDX-License-Identifier: GPL-2.0-or-later
         </div>
     </div>
     <hr>
-    <div class="row">
+    <div class="row justify-content-center">
         {#  Preview note profile (picture, username and balance) #}
-        <div class="col-md-3" id="note_infos_div">
+        <div class="col-md picture-col" id="note_infos_div">
-            <div class="card bg-light border-success shadow mb-4 pt-4 text-center">
+            <div class="card bg-light mb-4 text-center">
                 <a id="profile_pic_link" href="#"><img src="{% static "member/img/default_picture.png" %}"
                         id="profile_pic" alt="" class="img-fluid rounded mx-auto"></a>
-                <div class="card-body text-center">
+                <div class="card-body text-center p-2">
-                    <span id="user_note"></span>
+                    <span id="user_note"><i class="small">{% trans "Please select a note" %}</i></span>
                 </div>
             </div>
         </div>
 
         {# list of emitters #}
         <div class="col-md-3" id="emitters_div">
-            <div class="card bg-light border-success shadow mb-4">
+            <div class="card bg-light mb-4">
                 <div class="card-header">
                     <p class="card-text font-weight-bold">
                         <label for="source_note" id="source_note_label">{% trans "Select emitters" %}</label>
@@ -75,7 +75,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
 
         {# list of receiver #}
         <div class="col-md-3" id="dests_div">
-            <div class="card bg-light border-info shadow mb-4">
+            <div class="card bg-light mb-4">
                 <div class="card-header">
                     <p class="card-text font-weight-bold" id="dest_title">
                         <label for="dest_note" id="dest_note_label">{% trans "Select receivers" %}</label>
@@ -97,8 +97,8 @@ SPDX-License-Identifier: GPL-2.0-or-later
         </div>
 
         {# Information on transaction (amount, reason, name,...) #}
-        <div class="col-md-3" id="external_div">
+        <div class="col-md" id="external_div">
-            <div class="card bg-light border-warning shadow mb-4">
+            <div class="card bg-light mb-4">
                 <div class="card-header">
                     <p class="card-text font-weight-bold">
                         {% trans "Action" %}
@@ -153,7 +153,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
         </div>
     </div>
 {# transaction history #}
-    <div class="card shadow mb-4" id="history">
+    <div class="card mb-4" id="history">
         <div class="card-header">
             <p class="card-text font-weight-bold">
                 {% trans "Recent transactions history" %}
@@ -176,5 +176,5 @@ SPDX-License-Identifier: GPL-2.0-or-later
         select_receveirs_label = "{% trans "Select receivers" %}";
         transfer_type_label = "{% trans "Transfer type" %}";
     </script>
-    <script src="/static/js/transfer.js"></script>
+    <script src="{% static "note/js/transfer.js" %}"></script>
 {% endblock %}

apps/note/views.py

@@ -144,7 +144,7 @@ class TransactionTemplateUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, Up
 class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
     """
     The Magic View that make people pay their beer and burgers.
-    (Most of the magic happens in the dark world of Javascript see `note_kfet/static/js/consos.js`)
+    (Most of the magic happens in the dark world of Javascript see `static/note/js/consos.js`)
     """
     model = Transaction
     template_name = "note/conso_form.html"

apps/permission/decorators.py

@@ -4,7 +4,6 @@
 from functools import lru_cache
 from time import time
 
-from django.conf import settings
 from django.contrib.sessions.models import Session
 from note_kfet.middlewares import get_current_session
 
@@ -33,9 +32,9 @@ def memoize(f):
         sess_funs = new_sess_funs
 
     def func(*args, **kwargs):
-        if settings.DEBUG:
+        # if settings.DEBUG:
-            # Don't memoize in DEBUG mode
+        #     # Don't memoize in DEBUG mode
-            return f(*args, **kwargs)
+        #     return f(*args, **kwargs)
 
         nonlocal last_collect
 

apps/permission/fixtures/initial.json

@@ -1103,7 +1103,7 @@
 				"treasury",
 				"sogecredit"
 			],
-			"query": "{\"credit_transaction\": null}",
+			"query": "{}",
 			"type": "add",
 			"mask": 1,
 			"field": "",
@@ -2647,6 +2647,150 @@
 			"description": "Changer l'image de la note de son club"
 		}
 	},
+	{
+		"model": "permission.permission",
+		"pk": 170,
+		"fields": {
+			"model": [
+				"note",
+				"alias"
+			],
+			"query": "{\"note__is_active\": true}",
+			"type": "add",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Ajouter n'importe quel alias à une note non bloquée"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 171,
+		"fields": {
+			"model": [
+				"note",
+				"alias"
+			],
+			"query": "{\"note__is_active\": true}",
+			"type": "delete",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Supprimer n'importe quel alias à une note non bloquée"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 172,
+		"fields": {
+			"model": [
+				"treasury",
+				"remittance"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir toutes les remises"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 173,
+		"fields": {
+			"model": [
+				"treasury",
+				"remittance"
+			],
+			"query": "{}",
+			"type": "add",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Ajouter une remise"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 174,
+		"fields": {
+			"model": [
+				"treasury",
+				"remittance"
+			],
+			"query": "{}",
+			"type": "change",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Modifier une remise"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 175,
+		"fields": {
+			"model": [
+				"treasury",
+				"remittance"
+			],
+			"query": "{}",
+			"type": "delete",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Supprimer une remise"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 176,
+		"fields": {
+			"model": [
+				"auth",
+				"user"
+			],
+			"query": "{\"profile__registration_valid\": false}",
+			"type": "change",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Modifier n'importe quel utilisateur non encore inscrit"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 177,
+		"fields": {
+			"model": [
+				"member",
+				"profile"
+			],
+			"query": "{\"registration_valid\": false}",
+			"type": "change",
+			"mask": 1,
+			"field": "",
+			"permanent": false,
+			"description": "Modifier n'importe quel profil non encore inscrit"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 178,
+		"fields": {
+			"model": [
+				"note",
+				"alias"
+			],
+			"query": "{}",
+			"type": "view",
+			"mask": 3,
+			"field": "",
+			"permanent": false,
+			"description": "Voir tous les alias, y compris ceux des non adhérents"
+		}
+	},
 	{
 		"model": "permission.role",
 		"pk": 1,
@@ -2850,7 +2994,16 @@
 				150,
 				151,
 				163,
-				164
+				164,
+				170,
+				171,
+				172,
+				173,
+				174,
+				175,
+				176,
+				177,
+				178
 			]
 		}
 	},
@@ -3024,7 +3177,16 @@
 				166,
 				167,
 				168,
-				169
+				169,
+				170,
+				171,
+				172,
+				173,
+				174,
+				175,
+				176,
+				177,
+				178
 			]
 		}
 	},
@@ -3050,10 +3212,15 @@
 				29,
 				30,
 				31,
+				70,
 				143,
 				166,
 				167,
-				168
+				168,
+				170,
+				171,
+				176,
+				177
 			]
 		}
 	},
@@ -3219,10 +3386,13 @@
 				138,
 				139,
 				140,
+				143,
 				145,
 				146,
 				147,
-				150
+				150,
+				176,
+				177
 			]
 		}
 	},

apps/permission/models.py

@@ -199,6 +199,7 @@ class Permission(models.Model):
         if self.field and self.type not in {'view', 'change'}:
             raise ValidationError(_("Specifying field applies only to view and change permission types."))
 
+    @transaction.atomic
     def save(self, **kwargs):
         self.full_clean()
         super().save()

apps/permission/permissions.py

@@ -14,6 +14,7 @@ class StrongDjangoObjectPermissions(DjangoObjectPermissions):
     This is a simple patch of this class that controls view access.
     """
 
+    # The queryset is filtered, and permissions are more powerful than a simple check than just "can view this model"
     perms_map = {
         'GET': ['%(app_label)s.view_%(model_name)s'],
         'OPTIONS': [],

apps/permission/views.py

@@ -6,6 +6,7 @@ from datetime import date
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied
+from django.db import transaction
 from django.db.models import Q
 from django.forms import HiddenInput
 from django.http import Http404
@@ -56,6 +57,7 @@ class ProtectQuerysetMixin:
 
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         """
         Submit the form, if the page is a FormView.

apps/registration/forms.py

@@ -60,7 +60,7 @@ class ValidationForm(forms.Form):
     soge = forms.BooleanField(
         label=_("Inscription paid by Société Générale"),
         required=False,
-        help_text=_("Check this case is the Société Générale paid the inscription."),
+        help_text=_("Check this case if the Société Générale paid the inscription."),
     )
 
     credit_type = forms.ModelChoiceField(

apps/registration/templates/registration/future_profile_detail.html

@@ -6,7 +6,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 {% block content %}
     <div class="row mt-4">
-        <div class="col-md-3 mb-4">
+        <div class="col-xl-5 mb-4">
             <div class="card bg-light shadow">
                 <div class="card-header text-center" >
                     <h4> {% trans "Account #" %}  {{ object.pk }}</h4>
@@ -50,7 +50,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                 </div>
             </div>
         </div>
-        <div class="col-md-9">
+        <div class="col-md-7">
             <div class="card bg-light shadow">
                 <form method="post">
                     <div class="card-header text-center" >

apps/registration/views.py

@@ -5,6 +5,7 @@ from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
+from django.db import transaction
 from django.db.models import Q
 from django.shortcuts import resolve_url, redirect
 from django.urls import reverse_lazy
@@ -47,6 +48,7 @@ class UserCreateView(CreateView):
 
         return context
 
+    @transaction.atomic
     def form_valid(self, form):
         """
         If the form is valid, then the user is created with is_active set to False
@@ -234,6 +236,7 @@ class FutureUserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin,
         form.fields["first_name"].initial = user.first_name
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         user = self.get_object()
 

apps/treasury/forms.py

@@ -4,6 +4,7 @@
 from crispy_forms.helper import FormHelper
 from crispy_forms.layout import Submit
 from django import forms
+from django.db import transaction
 from django.utils.translation import gettext_lazy as _
 from note_kfet.inputs import AmountInput
 
@@ -149,6 +150,7 @@ class LinkTransactionToRemittanceForm(forms.ModelForm):
         self.instance.transaction.bank = cleaned_data["bank"]
         return cleaned_data
 
+    @transaction.atomic
     def save(self, commit=True):
         """
         Save the transaction and the remittance.

apps/treasury/models.py

@@ -5,7 +5,7 @@ from datetime import date
 
 from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
-from django.db import models
+from django.db import models, transaction
 from django.db.models import Q
 from django.template.loader import render_to_string
 from django.utils import timezone
@@ -76,6 +76,7 @@ class Invoice(models.Model):
         verbose_name=_("tex source"),
     )
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         """
         When an invoice is generated, we store the tex source.
@@ -228,6 +229,7 @@ class Remittance(models.Model):
         """
         return sum(transaction.total for transaction in self.transactions.all())
 
+    @transaction.atomic
     def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
         # Check if all transactions have the right type.
         if self.transactions.exists() and self.transactions.filter(~Q(source=self.remittance_type.note)).exists():
@@ -291,11 +293,12 @@ class SogeCredit(models.Model):
 
     @property
     def valid(self):
-        return self.credit_transaction.valid
+        return self.credit_transaction and self.credit_transaction.valid
 
     @property
     def amount(self):
-        return sum(transaction.total for transaction in self.transactions.all()) + 8000
+        return self.credit_transaction.total if self.valid \
+            else sum(transaction.total for transaction in self.transactions.all()) + 8000
 
     def invalidate(self):
         """
@@ -305,10 +308,10 @@ class SogeCredit(models.Model):
         if self.valid:
             self.credit_transaction.valid = False
             self.credit_transaction.save()
-        for transaction in self.transactions.all():
+        for tr in self.transactions.all():
-            transaction.valid = False
+            tr.valid = False
-            transaction._force_save = True
+            tr._force_save = True
-            transaction.save()
+            tr.save()
 
     def validate(self, force=False):
         if self.valid and not force:
@@ -320,18 +323,20 @@ class SogeCredit(models.Model):
         # Refresh credit amount
         self.save()
         self.credit_transaction.valid = True
+        self.credit_transaction._force_save = True
         self.credit_transaction.save()
         self.save()
 
-        for transaction in self.transactions.all():
+        for tr in self.transactions.all():
-            transaction.valid = True
+            tr.valid = True
-            transaction._force_save = True
+            tr._force_save = True
-            transaction.created_at = timezone.now()
+            tr.created_at = timezone.now()
-            transaction.save()
+            tr.save()
 
+    @transaction.atomic
     def save(self, *args, **kwargs):
         if not self.credit_transaction:
-            self.credit_transaction = SpecialTransaction.objects.create(
+            credit_transaction = SpecialTransaction(
                 source=NoteSpecial.objects.get(special_type="Virement bancaire"),
                 destination=self.user.note,
                 quantity=1,
@@ -342,6 +347,10 @@ class SogeCredit(models.Model):
                 bank="Société générale",
                 valid=False,
             )
+            credit_transaction._force_save = True
+            credit_transaction.save()
+            credit_transaction.refresh_from_db()
+            self.credit_transaction = credit_transaction
         elif not self.valid:
             self.credit_transaction.amount = self.amount
             self.credit_transaction._force_save = True
@@ -361,11 +370,11 @@ class SogeCredit(models.Model):
                                     "Please ask her/him to credit the note before invalidating this credit."))
 
         self.invalidate()
-        for transaction in self.transactions.all():
+        for tr in self.transactions.all():
-            transaction._force_save = True
+            tr._force_save = True
-            transaction.valid = True
+            tr.valid = True
-            transaction.created_at = timezone.now()
+            tr.created_at = timezone.now()
-            transaction.save()
+            tr.save()
         self.credit_transaction.valid = False
         self.credit_transaction.reason += " (invalide)"
         self.credit_transaction.save()

apps/treasury/views.py

@@ -9,6 +9,7 @@ from tempfile import mkdtemp
 from crispy_forms.helper import FormHelper
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.core.exceptions import ValidationError, PermissionDenied
+from django.db import transaction
 from django.db.models import Q
 from django.forms import Form
 from django.http import HttpResponse
@@ -65,6 +66,7 @@ class InvoiceCreateView(ProtectQuerysetMixin, ProtectedCreateView):
         del form.fields["locked"]
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         ret = super().form_valid(form)
 
@@ -144,6 +146,7 @@ class InvoiceUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
         del form.fields["id"]
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         ret = super().form_valid(form)
 
@@ -439,6 +442,7 @@ class SogeCreditManageView(LoginRequiredMixin, ProtectQuerysetMixin, BaseFormVie
     form_class = Form
     extra_context = {"title": _("Manage credits from the Société générale")}
 
+    @transaction.atomic
     def form_valid(self, form):
         if "validate" in form.data:
             self.get_object().validate(True)

apps/wei/forms/surveys/wei2020.py

@@ -4,6 +4,7 @@
 from random import choice
 
 from django import forms
+from django.db import transaction
 from django.utils.translation import gettext_lazy as _
 
 from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, WEIBusInformation
@@ -88,6 +89,7 @@ class WEISurvey2020(WEISurvey):
         """
         form.set_registration(self.registration)
 
+    @transaction.atomic
     def form_valid(self, form):
         word = form.cleaned_data["word"]
         self.information.step += 1

apps/wei/management/commands/extract_ml_registrations.py

@@ -1,59 +0,0 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-from datetime import date
-
-from django.core.management import BaseCommand
-from django.db.models import Q
-from member.models import Membership, Club
-from wei.models import WEIClub
-
-
-class Command(BaseCommand):
-    help = "Get mailing list registrations from the last wei. " \
-           "Usage: manage.py extract_ml_registrations -t {events,art,sport}. " \
-           "You can write this into a file with a pipe, then paste the document into your mail manager."
-
-    def add_arguments(self, parser):
-        parser.add_argument('--type', '-t', choices=["members", "clubs", "events", "art", "sport"], default="members",
-                            help='Select the type of the mailing list (default members)')
-        parser.add_argument('--year', '-y', type=int, default=None,
-                            help='Select the year of the concerned WEI. Default: last year')
-
-    def handle(self, *args, **options):
-        ###########################################################
-        #                         WARNING                         #
-        ###########################################################
-        #
-        # This code is obsolete.
-        # TODO: Improve the mailing list extraction system, and link it automatically with Mailman.
-
-        if options["type"] == "members":
-            for membership in Membership.objects.filter(
-                club__name="BDE",
-                date_start__lte=date.today(),
-                date_end__gte=date.today(),
-            ).all():
-                self.stdout.write(membership.user.email)
-            return
-
-        if options["type"] == "clubs":
-            for club in Club.objects.all():
-                self.stdout.write(club.email)
-            return
-
-        if options["year"] is None:
-            wei = WEIClub.objects.order_by('-year').first()
-        else:
-            wei = WEIClub.objects.filter(year=options["year"])
-            if wei.exists():
-                wei = wei.get()
-            else:
-                wei = WEIClub.objects.order_by('-year').first()
-                self.stderr.write(self.style.WARNING("Warning: there was no WEI in year " + str(options["year"]) + ". "
-                                                     + "Assuming the last WEI (year " + str(wei.year) + ")"))
-        q = Q(ml_events_registration=True) if options["type"] == "events" else Q(ml_art_registration=True)\
-            if options["type"] == "art" else Q(ml_sport_registration=True)
-        registrations = wei.users.filter(q)
-        for registration in registrations.all():
-            self.stdout.write(registration.user.email)

apps/wei/models.py

@@ -238,7 +238,7 @@ class WEIRegistration(models.Model):
     information_json = models.TextField(
         default="{}",
         verbose_name=_("registration information"),
-        help_text=_("Information about the registration (buses for old members, survey fot the new members), "
+        help_text=_("Information about the registration (buses for old members, survey for the new members), "
                     "encoded in JSON"),
     )
 

apps/wei/views.py

@@ -10,6 +10,7 @@ from tempfile import mkdtemp
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied
+from django.db import transaction
 from django.db.models import Q, Count
 from django.db.models.functions.text import Lower
 from django.forms import HiddenInput
@@ -84,6 +85,7 @@ class WEICreateView(ProtectQuerysetMixin, ProtectedCreateView):
             date_end=date.today(),
         )
 
+    @transaction.atomic
     def form_valid(self, form):
         form.instance.requires_membership = True
         form.instance.parent_club = Club.objects.get(name="Kfet")
@@ -517,6 +519,7 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
         del form.fields["information_json"]
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         form.instance.wei = WEIClub.objects.get(pk=self.kwargs["wei_pk"])
         form.instance.first_year = True
@@ -597,6 +600,7 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
 
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         form.instance.wei = WEIClub.objects.get(pk=self.kwargs["wei_pk"])
         form.instance.first_year = False
@@ -688,6 +692,7 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
             del form.fields["information_json"]
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         # If the membership is already validated, then we update the bus and the team (and the roles)
         if form.instance.is_validated:
@@ -866,6 +871,7 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
                 ).all()
         return form
 
+    @transaction.atomic
     def form_valid(self, form):
         """
         Create membership, check that all is good, make transactions
@@ -1016,6 +1022,7 @@ class WEISurveyView(LoginRequiredMixin, BaseFormView, DetailView):
         context["club"] = self.object.wei
         return context
 
+    @transaction.atomic
     def form_valid(self, form):
         """
         Update the survey with the data of the form.

note_kfet/fixtures/initial.json

@@ -3,7 +3,7 @@
         "model": "sites.site",
         "pk": 1,
         "fields": {
-            "domain": "localhost",
+            "domain": "note.crans.org",
             "name": "La Note Kfet \ud83c\udf7b"
         }
     }

note_kfet/middlewares.py

@@ -50,6 +50,20 @@ class SessionMiddleware(object):
 
     def __call__(self, request):
         user = request.user
+
+        # If we authenticate through a token to connect to the API, then we query the good user
+        if 'HTTP_AUTHORIZATION' in request.META and request.path.startswith("/api"):
+            token = request.META.get('HTTP_AUTHORIZATION')
+            if token.startswith("Token "):
+                token = token[6:]
+                from rest_framework.authtoken.models import Token
+                if Token.objects.filter(key=token).exists():
+                    token_obj = Token.objects.get(key=token)
+                    user = token_obj.user
+                    session = request.session
+                    session["permission_mask"] = 42
+                    session.save()
+
         if 'HTTP_X_REAL_IP' in request.META:
             ip = request.META.get('HTTP_X_REAL_IP')
         elif 'HTTP_X_FORWARDED_FOR' in request.META:

note_kfet/settings/base.py

@@ -154,6 +154,7 @@ from django.utils.translation import gettext_lazy as _
 LANGUAGES = [
     ('de', _('German')),
     ('en', _('English')),
+    ('es', _('Spanish')),
     ('fr', _('French')),
 ]
 

note_kfet/static/css/custom.css

@@ -22,6 +22,11 @@
     border-bottom-color: rgba(0, 0, 0, .250);
 }
 
+/* Fixed width picture column */
+.picture-col {
+    max-width: 202px;
+}
+
 /* Limit fluid container to a max size */
 .container-fluid {
     max-width: 1600px;

note_kfet/templates/base.html

@@ -177,12 +177,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
                             onchange="this.form.submit()">
                         {% get_current_language as LANGUAGE_CODE %}
                         {% get_available_languages as LANGUAGES %}
-                        {% get_language_info_list for LANGUAGES as languages %}
+                        {% for lang_code, lang_name in LANGUAGES %}
-                        {% for language in languages %}
+                            <option value="{{ lang_code }}"
-                            <option value="{{ language.code }}"
+                                    {% if lang_code == LANGUAGE_CODE %}
-                                    {% if language.code == LANGUAGE_CODE %}
                                     selected{% endif %}>
-                                {{ language.name_local }} ({{ language.code }})
+                                {{ lang_name }} ({{ lang_code }})
                             </option>
                         {% endfor %}
                     </select>

note_kfet/urls.py

@@ -6,6 +6,7 @@ from django.conf.urls.static import static
 from django.urls import path, include
 from django.views.defaults import bad_request, permission_denied, page_not_found, server_error
 from django.views.generic import RedirectView
+from django.views.i18n import JavaScriptCatalog
 
 from member.views import CustomLoginView
 
@@ -34,10 +35,14 @@ urlpatterns = [
 
     # Make coffee
     path('coffee/', include('django_htcpcp_tea.urls')),
+    
+    # Translate js
+    path('jsi18n/', JavaScriptCatalog.as_view(), name='javascript-catalog'),
 ]
 
-urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+# During development, serve media files
-urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+if settings.DEBUG:
+    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 
 
 if "cas_server" in settings.INSTALLED_APPS: