[WEI] Store seed in WEI Survey to add determinism in RNG

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
Current WEI year is 2021
2025-07-04 14:52:13 +02:00 · 2021-08-02 19:30:36 +02:00 · 2021-08-02 19:22:07 +02:00 · 2021-08-02 18:22:19 +02:00 · 2021-08-02 18:21:06 +02:00 · 2021-06-14 20:25:40 +00:00
226 changed files with 11090 additions and 642 deletions
--- a/.env_example
+++ b/.env_example
@ -10,7 +10,6 @@ DJANGO_SECRET_KEY=CHANGE_ME
 DJANGO_SETTINGS_MODULE=note_kfet.settings
 CONTACT_EMAIL=tresorerie.bde@localhost
 NOTE_URL=localhost
-DOMAIN=localhost

 # Config for mails. Only used in production
 NOTE_MAIL=notekfet@localhost
--- a/.gitignore
+++ b/.gitignore
@ -47,3 +47,8 @@ backups/
 env/
 venv/
 db.sqlite3
+
+# ansibles customs host
+ansible/host_vars/*.yaml
+!ansible/host_vars/bde*
+ansible/hosts
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,6 +1,7 @@
 stages:
  - test
  - quality-assurance
+  - docs

 # Also fetch submodules
 variables:
@ -38,6 +39,21 @@ py38-django22:
        python3-bs4 python3-setuptools tox texlive-xetex
  script: tox -e py38-django22

+# Debian Bullseye
+py39-django22:
+  stage: test
+  image: debian:bullseye
+  before_script:
+    - >
+        apt-get update &&
+        apt-get install --no-install-recommends -y
+        python3-django python3-django-crispy-forms
+        python3-django-extensions python3-django-filters python3-django-polymorphic
+        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
+        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
+        python3-bs4 python3-setuptools tox texlive-xetex
+  script: tox -e py39-django22
+
 linters:
  stage: quality-assurance
  image: debian:buster-backports
@ -47,3 +63,17 @@ linters:

  # Be nice to new contributors, but please use `tox`
  allow_failure: true
+
+# Compile documentation
+documentation:
+  stage: docs
+  image: sphinxdoc/sphinx
+  before_script:
+    - pip install sphinx-rtd-theme
+    - cd docs
+  script:
+    - make dirhtml
+  artifacts:
+    paths:
+      - docs/_build
+    expire_in: 1 day
--- a/README.md
+++ b/README.md
@ -69,13 +69,31 @@ accessible depuis l'ensemble de votre réseau, pratique pour tester le rendu
 de la note sur un téléphone !

 ## Installation d'une instance de production
+Pour déployer facilement la note il est possible d'utiliser le playbook Ansible (sinon vous pouvez toujours le faire a la main, voir plus bas).
+### Avec ansible
+Il vous faudra un serveur sous debian ou ubuntu connecté à internet et que vous souhaiterez accéder à cette instance de la note sur `note.nomdedomaine.tld`.
+
+0. Installer Ansible sur votre machine personnelle.
+
+0. (bis) cloner le dépot sur votre machine personelle.
+
+1.  Copier le fichier `ansible/host_example`
+``` bash
+$ cp ansible/hosts_example ansible/hosts
+```
+et ajouter sous [dev] et/ou [prod] les serveurs sur lesquels vous souhaitez installer la note.
+2.  Créer un fichier `ansible/host_vars/<note.nomdedomaine.tld.yaml>` sur le modèle des fichiers existants dans `ansible/hosts` et compléter les variables nécessaires.
+
+3. lancer `ansible/base.yaml -l <nomdedomaine.tld.yaml>`
+4. Aller vous faire un café, ca peux durer un moment.
+
+### Installation manuelle

 **En production on souhaite absolument utiliser les modules Python packagées dans le gestionnaire de paquet.**
 Cela permet de mettre à jour facilement les dépendances critiques telles que Django.

 L'installation d'une instance de production néccessite **une installation de Debian Buster ou d'Ubuntu 20.04**.

-Pour aller vite vous pouvez lancer le Playbook Ansible fournit dans ce dépôt en l'adaptant.
 Sinon vous pouvez suivre les étapes décrites ci-dessous.

 0.  Sous Debian Buster, **activer Debian Backports.** En effet Django 2.2 LTS n'est que disponible dans les backports.
@ -261,20 +279,25 @@ Le cahier des charges initial est disponible [sur le Wiki Crans](https://wiki.cr
 La documentation des classes et fonctions est directement dans le code et est explorable à partir de la partie documentation de l'interface d'administration de Django.
 **Commentez votre code !**

-La documentation plus haut niveau sur le développement est disponible sur [le Wiki associé au dépôt Git](https://gitlab.crans.org/bde/nk20/-/wikis/home).
+La documentation plus haut niveau sur le développement et sur l'utilisation
+est disponible sur <https://note.crans.org/doc> et également dans le dossier `docs`.

 ## FAQ

 ### Regénérer les fichiers de traduction

-Pour regénérer les traductions vous pouvez vous placer à la racine du projet et lancer le script `makemessages`. Il faut penser à ignorer les dossiers ne contenant pas notre code, dont le virtualenv.
+Pour regénérer les traductions vous pouvez vous placer à la racine du projet et lancer le script `makemessages`.
+Il faut penser à ignorer les dossiers ne contenant pas notre code, dont le virtualenv.
+De plus, il faut aussi extraire les variables des fichiers JavaScript.

 ```bash
-django-admin makemessages -i env
+python3 manage.py makemessages -i env
+python3 manage.py makemessages -i env -e js -d djangojs
 ```

 Une fois les fichiers édités, vous pouvez compiler les nouvelles traductions avec

 ```bash
-django-admin compilemessages
+python3 manage.py compilemessages
+python3 manage.py compilejsmessages
 ```
--- a/ansible/base.yml
+++ b/ansible/base.yml
@ -7,7 +7,7 @@
      prompt: "Password of the database (leave it blank to skip database init)"
      private: yes
  vars:
-    mirror: deb.debian.org
+    mirror: mirror.crans.org
  roles:
    - 1-apt-basic
    - 2-nk20
@ -16,3 +16,4 @@
    - 5-nginx
    - 6-psql
    - 7-postinstall
+    - 8-docs
--- a/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
+++ b/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
@ -3,3 +3,4 @@ note:
  server_name: note-beta.crans.org
  git_branch: beta
  cron_enabled: false
+  email: notekfet2020@lists.crans.org
--- a/ansible/host_vars/bde-note-dev.adh.crans.org.yml
+++ b/ansible/host_vars/bde-note-dev.adh.crans.org.yml
@ -3,3 +3,4 @@ note:
  server_name: note-dev.crans.org
  git_branch: beta
  cron_enabled: false
+  email: notekfet2020@lists.crans.org
--- a/ansible/host_vars/bde-note.adh.crans.org.yml
+++ b/ansible/host_vars/bde-note.adh.crans.org.yml
@ -3,3 +3,4 @@ note:
  server_name: note.crans.org
  git_branch: master
  cron_enabled: true
+  email: notekfet2020@lists.crans.org
--- a/ansible/hosts_example
+++ b/ansible/hosts_example
@ -1,5 +1,5 @@
 [dev]
-bde3-virt.adh.crans.org
+bde-note-dev.adh.crans.org
 bde-nk20-beta.adh.crans.org

 [prod]
--- a/ansible/roles/1-apt-basic/tasks/main.yml
+++ b/ansible/roles/1-apt-basic/tasks/main.yml
@ -3,11 +3,12 @@
  apt_repository:
    repo: deb http://{{ mirror }}/debian buster-backports main
    state: present
+  when: ansible_facts['distribution'] == "Debian"

 - name: Install note_kfet APT dependencies
  apt:
    update_cache: true
-    default_release: buster-backports
+    default_release: "{{ 'buster-backports' if ansible_facts['distribution'] == 'Debian' }}"
    install_recommends: false
    name:
      # Common tools
--- a/ansible/roles/2-nk20/tasks/main.yml
+++ b/ansible/roles/2-nk20/tasks/main.yml
@ -16,7 +16,7 @@

 - name: Use default env vars (should be updated!)
  template:
-    src: "env_example"
+    src: "env.j2"
    dest: "/var/www/note_kfet/.env"
    mode: 0644
    force: false
@ -36,3 +36,13 @@
    dest: /etc/cron.d/note
    owner: root
    group: root
+
+- name: Set default directory to /var/www/note_kfet
+  lineinfile:
+    path: /etc/skel/.bashrc
+    line: 'cd /var/www/note_kfet'
+
+- name: Automatically source Python virtual environment
+  lineinfile:
+    path: /etc/skel/.bashrc
+    line: 'source /var/www/note_kfet/env/bin/activate'
--- a/ansible/roles/2-nk20/templates/env.j2
+++ b/ansible/roles/2-nk20/templates/env.j2
@ -0,0 +1,23 @@
+DJANGO_APP_STAGE=prod
+# Only used in dev mode, change to "postgresql" if you want to use PostgreSQL in dev
+DJANGO_DEV_STORE_METHOD=sqlite
+DJANGO_DB_HOST=localhost
+DJANGO_DB_NAME=note_db
+DJANGO_DB_USER=note
+DJANGO_DB_PASSWORD={{ DB_PASSWORD }}
+DJANGO_DB_PORT=
+DJANGO_SECRET_KEY=CHANGE_ME
+DJANGO_SETTINGS_MODULE=note_kfet.settings
+CONTACT_EMAIL=tresorerie.bde@localhost
+NOTE_URL= {{note.server_name}}
+
+# Config for mails. Only used in production
+NOTE_MAIL=notekfet@localhost
+EMAIL_HOST=smtp.localhost
+EMAIL_PORT=25
+EMAIL_USER=notekfet@localhost
+EMAIL_PASSWORD=CHANGE_ME
+
+# Wiki configuration
+WIKI_USER=NoteKfet2020
+WIKI_PASSWORD=
--- a/ansible/roles/4-certbot/tasks/main.yml
+++ b/ansible/roles/4-certbot/tasks/main.yml
@ -9,6 +9,11 @@
  retries: 3
  until: pkg_result is succeeded

+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{note.server_name}}/cert.pem
+  register: letsencrypt_cert
+
 - name: Create /etc/letsencrypt/conf.d
  file:
    path: /etc/letsencrypt/conf.d
@ -19,3 +24,17 @@
    src: "letsencrypt/conf.d/nk20.ini.j2"
    dest: "/etc/letsencrypt/conf.d/nk20.ini"
    mode: 0644
+
+- name: Stop services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: stopped
+
+- name: Generate new certificate if one doesn't exist.
+  shell: "certbot certonly --non-interactive --agree-tos --config /etc/letsencrypt/conf.d/nk20.ini -d {{note.server_name}}"
+  when: letsencrypt_cert.stat.exists == False
+
+- name: Restart services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: started
--- a/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
+++ b/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
@ -10,7 +10,7 @@ rsa-key-size = 4096
 # server = https://acme-staging.api.letsencrypt.org/directory

 # Uncomment and update to register with the specified e-mail address
-email = notekfet2020@lists.crans.org
+email = {{ note.email }}

 # Uncomment to use a text interface instead of ncurses
 text = True
--- a/ansible/roles/5-nginx/templates/nginx_note.conf
+++ b/ansible/roles/5-nginx/templates/nginx_note.conf
@ -1,5 +1,5 @@
 # the upstream component nginx needs to connect to
-upstream note{
+upstream note {
    server unix:///var/www/note_kfet/note_kfet.sock; # file socket
 }

@ -50,6 +50,10 @@ server {
        alias /var/www/note_kfet/static; # your Django project's static files - amend as required
    }

+    location /doc {
+        alias /var/www/documentation;    # The documentation of the project
+    }
+
    # Finally, send all non-media requests to the Django server.
    location / {
        uwsgi_pass note;
--- a/ansible/roles/6-psql/tasks/main.yml
+++ b/ansible/roles/6-psql/tasks/main.yml
@ -11,14 +11,14 @@
  until: pkg_result is succeeded

 - name: Create role note
-  when: "DB_PASSWORD|bool"    # If the password is not defined, skip the installation
+  when: DB_PASSWORD|length > 0 # If the password is not defined, skip the installation
  postgresql_user:
    name: note
    password: "{{ DB_PASSWORD }}"
  become_user: postgres

 - name: Create NK20 database
-  when: "DB_PASSWORD|bool"
+  when: DB_PASSWORD|length >0
  postgresql_db:
    name: note_db
    owner: note
--- a/ansible/roles/7-postinstall/tasks/main.yml
+++ b/ansible/roles/7-postinstall/tasks/main.yml
@ -1,4 +1,10 @@
 ---
+- name: Collect static files
+  command: /var/www/note_kfet/env/bin/python manage.py collectstatic --noinput
+  args:
+    chdir: /var/www/note_kfet
+  become_user: www-data
+
 - name: Migrate Django database
  command: /var/www/note_kfet/env/bin/python manage.py migrate
  args:
@ -11,14 +17,14 @@
    chdir: /var/www/note_kfet
  become_user: www-data

+- name: Compile JavaScript messages
+  command: /var/www/note_kfet/env/bin/python manage.py compilejsmessages
+  args:
+    chdir: /var/www/note_kfet
+  become_user: www-data
+
 - name: Install initial fixtures
  command: /var/www/note_kfet/env/bin/python manage.py loaddata initial
  args:
    chdir: /var/www/note_kfet
  become_user: postgres
-
- name: Collect static files
-  command: /var/www/note_kfet/env/bin/python manage.py collectstatic --noinput
-  args:
-    chdir: /var/www/note_kfet
-  become_user: www-data
--- a/ansible/roles/8-docs/tasks/main.yml
+++ b/ansible/roles/8-docs/tasks/main.yml
@ -0,0 +1,20 @@
+---
+- name: Install Sphinx and RTD theme
+  pip:
+    requirements: /var/www/note_kfet/docs/requirements.txt
+    virtualenv: /var/www/note_kfet/env
+    virtualenv_command: /usr/bin/python3 -m venv
+    virtualenv_site_packages: true
+  become_user: www-data
+
+- name: Create documentation directory with good permissions
+  file:
+    path: /var/www/documentation
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: u=rwx,g=rwxs,o=rx
+
+- name: Build HTML documentation
+  command: /var/www/note_kfet/env/bin/sphinx-build -b dirhtml /var/www/note_kfet/docs/ /var/www/documentation/
+  become_user: www-data
--- a/apps/activity/init.py
+++ b/apps/activity/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'activity.apps.ActivityConfig'
--- a/apps/activity/admin.py
+++ b/apps/activity/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib import admin
--- a/apps/activity/api/serializers.py
+++ b/apps/activity/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/activity/api/urls.py
+++ b/apps/activity/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet
--- a/apps/activity/api/views.py
+++ b/apps/activity/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from api.viewsets import ReadProtectedModelViewSet
@ -15,10 +15,10 @@ class ActivityTypeViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `ActivityType` objects, serialize it to JSON with the given serializer,
    then render it on /api/activity/type/
    """
-    queryset = ActivityType.objects.all()
+    queryset = ActivityType.objects.order_by('id')
    serializer_class = ActivityTypeSerializer
    filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['name', 'can_invite', ]
+    filterset_fields = ['name', 'manage_entries', 'can_invite', 'guest_entry_fee', ]


 class ActivityViewSet(ReadProtectedModelViewSet):
@ -27,10 +27,16 @@ class ActivityViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Activity` objects, serialize it to JSON with the given serializer,
    then render it on /api/activity/activity/
    """
-    queryset = Activity.objects.all()
+    queryset = Activity.objects.order_by('id')
    serializer_class = ActivitySerializer
-    filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['name', 'description', 'activity_type', ]
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'description', 'activity_type', 'location', 'creater', 'organizer', 'attendees_club',
+                        'date_start', 'date_end', 'valid', 'open', ]
+    search_fields = ['$name', '$description', '$location', '$creater__last_name', '$creater__first_name',
+                     '$creater__email', '$creater__note__alias__name', '$creater__note__alias__normalized_name',
+                     '$organizer__name', '$organizer__email', '$organizer__note__alias__name',
+                     '$organizer__note__alias__normalized_name', '$attendees_club__name', '$attendees_club__email',
+                     '$attendees_club__note__alias__name', '$attendees_club__note__alias__normalized_name', ]


 class GuestViewSet(ReadProtectedModelViewSet):
@ -39,10 +45,13 @@ class GuestViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Guest` objects, serialize it to JSON with the given serializer,
    then render it on /api/activity/guest/
    """
-    queryset = Guest.objects.all()
+    queryset = Guest.objects.order_by('id')
    serializer_class = GuestSerializer
-    filter_backends = [SearchFilter]
-    search_fields = ['$last_name', '$first_name', '$inviter__alias__name', '$inviter__alias__normalized_name', ]
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'inviter', 'inviter__alias__name',
+                        'inviter__alias__normalized_name', ]
+    search_fields = ['$activity__name', '$last_name', '$first_name', '$inviter__user__email', '$inviter__alias__name',
+                     '$inviter__alias__normalized_name', ]


 class EntryViewSet(ReadProtectedModelViewSet):
@ -51,7 +60,9 @@ class EntryViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Entry` objects, serialize it to JSON with the given serializer,
    then render it on /api/activity/entry/
    """
-    queryset = Entry.objects.all()
+    queryset = Entry.objects.order_by('id')
    serializer_class = EntrySerializer
-    filter_backends = [SearchFilter]
-    search_fields = ['$last_name', '$first_name', '$inviter__alias__name', '$inviter__alias__normalized_name', ]
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['activity', 'time', 'note', 'guest', ]
+    search_fields = ['$activity__name', '$note__user__email', '$note__alias__name', '$note__alias__normalized_name',
+                     '$guest__last_name', '$guest__first_name', ]
--- a/apps/activity/apps.py
+++ b/apps/activity/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/activity/forms.py
+++ b/apps/activity/forms.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import timedelta
--- a/apps/activity/models.py
+++ b/apps/activity/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import os
--- a/apps/activity/tables.py
+++ b/apps/activity/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.utils import timezone
 from django.utils.html import format_html
--- a/apps/activity/templates/activity/activity_detail.html
+++ b/apps/activity/templates/activity/activity_detail.html
@ -30,7 +30,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
         headers: {"X-CSRFTOKEN": CSRF_TOKEN}
     })
      .done(function() {
-          addMsg('Invité supprimé','success');
+          addMsg('{% trans "Guest deleted" %}', 'success');
          $("#guests_table").load(location.pathname + " #guests_table");
      })
      .fail(function(xhr, textStatus, error) {
--- a/apps/activity/templates/activity/activity_entry.html
+++ b/apps/activity/templates/activity/activity_entry.html
@ -86,10 +86,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
                }).done(function () {
                    if (target.hasClass("table-info"))
                        addMsg(
-                            "Entrée effectuée, mais attention : la personne n'est plus adhérente Kfet.",
+                            "{% trans "Entry done, but caution: the user is not a Kfet member." %}",
                            "warning", 10000);
                    else
-                        addMsg("Entrée effectuée !", "success", 4000);
+                        addMsg("Entry made!", "success", 4000);
                    reloadTable(true);
                }).fail(function (xhr) {
                    errMsg(xhr.responseJSON, 4000);
@ -121,10 +121,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
                    }).done(function () {
                        if (target.hasClass("table-info"))
                            addMsg(
-                                "Entrée effectuée, mais attention : la personne n'est plus adhérente Kfet.",
+                                "{% trans "Entry done, but caution: the user is not a Kfet member." %}",
                                "warning", 10000);
                        else
-                            addMsg("Entrée effectuée !", "success", 4000);
+                            addMsg("{% trans "Entry done!" %}", "success", 4000);
                        reloadTable(true);
                    }).fail(function (xhr) {
                        errMsg(xhr.responseJSON, 4000);
--- a/apps/activity/tests/test_activities.py
+++ b/apps/activity/tests/test_activities.py
@ -1,15 +1,18 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import timedelta

+from api.tests import TestAPI
 from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 from django.utils import timezone
-from activity.models import Activity, ActivityType, Guest, Entry
 from member.models import Club

+from ..api.views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet
+from ..models import Activity, ActivityType, Guest, Entry
+

 class TestActivities(TestCase):
    """
@ -173,3 +176,58 @@ class TestActivities(TestCase):
        """
        response = self.client.get(reverse("activity:calendar_ics"))
        self.assertEqual(response.status_code, 200)
+
+
+class TestActivityAPI(TestAPI):
+    def setUp(self) -> None:
+        super().setUp()
+
+        self.activity = Activity.objects.create(
+            name="Activity",
+            description="This is a test activity\non two very very long lines\nbecause this is very important.",
+            location="Earth",
+            activity_type=ActivityType.objects.get(name="Pot"),
+            creater=self.user,
+            organizer=Club.objects.get(name="Kfet"),
+            attendees_club=Club.objects.get(name="Kfet"),
+            date_start=timezone.now(),
+            date_end=timezone.now() + timedelta(days=2),
+            valid=True,
+        )
+
+        self.guest = Guest.objects.create(
+            activity=self.activity,
+            inviter=self.user.note,
+            last_name="GUEST",
+            first_name="Guest",
+        )
+
+        self.entry = Entry.objects.create(
+            activity=self.activity,
+            note=self.user.note,
+            guest=self.guest,
+        )
+
+    def test_activity_api(self):
+        """
+        Load Activity API page and test all filters and permissions
+        """
+        self.check_viewset(ActivityViewSet, "/api/activity/activity/")
+
+    def test_activity_type_api(self):
+        """
+        Load ActivityType API page and test all filters and permissions
+        """
+        self.check_viewset(ActivityTypeViewSet, "/api/activity/type/")
+
+    def test_entry_api(self):
+        """
+        Load Entry API page and test all filters and permissions
+        """
+        self.check_viewset(EntryViewSet, "/api/activity/entry/")
+
+    def test_guest_api(self):
+        """
+        Load Guest API page and test all filters and permissions
+        """
+        self.check_viewset(GuestViewSet, "/api/activity/guest/")
--- a/apps/activity/urls.py
+++ b/apps/activity/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.urls import path
--- a/apps/activity/views.py
+++ b/apps/activity/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from hashlib import md5
--- a/apps/api/init.py
+++ b/apps/api/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'api.apps.APIConfig'
--- a/apps/api/apps.py
+++ b/apps/api/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/api/serializers.py
+++ b/apps/api/serializers.py
@ -1,13 +1,17 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later


 from django.contrib.contenttypes.models import ContentType
 from django.contrib.auth.models import User
-from rest_framework.serializers import ModelSerializer
+from django.utils import timezone
+from rest_framework import serializers
+from member.api.serializers import ProfileSerializer, MembershipSerializer
+from note.api.serializers import NoteSerializer
+from note.models import Alias


-class UserSerializer(ModelSerializer):
+class UserSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Users.
    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
@ -22,7 +26,7 @@ class UserSerializer(ModelSerializer):
        )


-class ContentTypeSerializer(ModelSerializer):
+class ContentTypeSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Users.
    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
@ -31,3 +35,42 @@ class ContentTypeSerializer(ModelSerializer):
    class Meta:
        model = ContentType
        fields = '__all__'
+
+
+class OAuthSerializer(serializers.ModelSerializer):
+    """
+    Informations that are transmitted by OAuth.
+    For now, this includes user, profile and valid memberships.
+    This should be better managed later.
+    """
+    normalized_name = serializers.SerializerMethodField()
+
+    profile = ProfileSerializer()
+
+    note = NoteSerializer()
+
+    memberships = serializers.SerializerMethodField()
+
+    def get_normalized_name(self, obj):
+        return Alias.normalize(obj.username)
+
+    def get_memberships(self, obj):
+        return serializers.ListSerializer(child=MembershipSerializer()).to_representation(
+            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now()))
+
+    class Meta:
+        model = User
+        fields = (
+            'id',
+            'username',
+            'normalized_name',
+            'first_name',
+            'last_name',
+            'email',
+            'is_superuser',
+            'is_active',
+            'is_staff',
+            'profile',
+            'note',
+            'memberships',
+        )
--- a/apps/api/tests.py
+++ b/apps/api/tests.py
@ -0,0 +1,240 @@
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import json
+from datetime import datetime, date
+from decimal import Decimal
+from urllib.parse import quote_plus
+from warnings import warn
+
+from django.contrib.auth.models import User
+from django.contrib.contenttypes.models import ContentType
+from django.db.models.fields.files import ImageFieldFile
+from django.test import TestCase
+from django_filters.rest_framework import DjangoFilterBackend
+from member.models import Membership, Club
+from note.models import NoteClub, NoteUser, Alias, Note
+from permission.models import PermissionMask, Permission, Role
+from phonenumbers import PhoneNumber
+from rest_framework.filters import SearchFilter, OrderingFilter
+
+from .viewsets import ContentTypeViewSet, UserViewSet
+
+
+class TestAPI(TestCase):
+    """
+    Load API pages and check that filters are working.
+    """
+    fixtures = ('initial', )
+
+    def setUp(self) -> None:
+        self.user = User.objects.create_superuser(
+            username="adminapi",
+            password="adminapi",
+            email="adminapi@example.com",
+            last_name="Admin",
+            first_name="Admin",
+        )
+        self.client.force_login(self.user)
+
+        sess = self.client.session
+        sess["permission_mask"] = 42
+        sess.save()
+
+    def check_viewset(self, viewset, url):
+        """
+        This function should be called inside a unit test.
+        This loads the viewset and for each filter entry, it checks that the filter is running good.
+        """
+        resp = self.client.get(url + "?format=json")
+        self.assertEqual(resp.status_code, 200)
+
+        model = viewset.serializer_class.Meta.model
+
+        if not model.objects.exists():  # pragma: no cover
+            warn(f"Warning: unable to test API filters for the model {model._meta.verbose_name} "
+                 "since there is no instance of it.")
+            return
+
+        if hasattr(viewset, "filter_backends"):
+            backends = viewset.filter_backends
+            obj = model.objects.last()
+
+            if DjangoFilterBackend in backends:
+                # Specific search
+                for field in viewset.filterset_fields:
+                    obj = self.fix_note_object(obj, field)
+
+                    value = self.get_value(obj, field)
+                    if value is None:  # pragma: no cover
+                        warn(f"Warning: the filter {field} for the model {model._meta.verbose_name} "
+                             "has not been tested.")
+                        continue
+                    resp = self.client.get(url + f"?format=json&{field}={quote_plus(str(value))}")
+                    self.assertEqual(resp.status_code, 200, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+                    content = json.loads(resp.content)
+                    self.assertGreater(content["count"], 0, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+
+            if OrderingFilter in backends:
+                # Ensure that ordering is working well
+                for field in viewset.ordering_fields:
+                    resp = self.client.get(url + f"?ordering={field}")
+                    self.assertEqual(resp.status_code, 200)
+                    resp = self.client.get(url + f"?ordering=-{field}")
+                    self.assertEqual(resp.status_code, 200)
+
+            if SearchFilter in backends:
+                # Basic search
+                for field in viewset.search_fields:
+                    obj = self.fix_note_object(obj, field)
+
+                    if field[0] == '$' or field[0] == '=':
+                        field = field[1:]
+                    value = self.get_value(obj, field)
+                    if value is None:  # pragma: no cover
+                        warn(f"Warning: the filter {field} for the model {model._meta.verbose_name} "
+                             "has not been tested.")
+                        continue
+                    resp = self.client.get(url + f"?format=json&search={quote_plus(str(value))}")
+                    self.assertEqual(resp.status_code, 200, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+                    content = json.loads(resp.content)
+                    self.assertGreater(content["count"], 0, f"The filter {field} for the model "
+                                                            f"{model._meta.verbose_name} does not work. "
+                                                            f"Given parameter: {value}")
+
+            self.check_permissions(url, obj)
+
+    def check_permissions(self, url, obj):
+        """
+        Check that permissions are working
+        """
+        # Drop rights
+        self.user.is_superuser = False
+        self.user.save()
+        sess = self.client.session
+        sess["permission_mask"] = 0
+        sess.save()
+
+        # Delete user permissions
+        for m in Membership.objects.filter(user=self.user).all():
+            m.roles.clear()
+            m.save()
+
+        # Create a new role, which will have the checking permission
+        role = Role.objects.get_or_create(name="β-tester")[0]
+        role.permissions.clear()
+        role.save()
+        membership = Membership.objects.get_or_create(user=self.user, club=Club.objects.get(name="BDE"))[0]
+        membership.roles.set([role])
+        membership.save()
+
+        # Ensure that the access to the object is forbidden without permission
+        resp = self.client.get(url + f"{obj.pk}/")
+        self.assertEqual(resp.status_code, 404, f"Mysterious access to {url}{obj.pk}/ for {obj}")
+
+        obj.refresh_from_db()
+
+        # There are problems with polymorphism
+        if isinstance(obj, Note) and hasattr(obj, "note_ptr"):
+            obj = obj.note_ptr
+
+        mask = PermissionMask.objects.get(rank=0)
+
+        for field in obj._meta.fields:
+            # Build permission query
+            value = self.get_value(obj, field.name)
+            if isinstance(value, date) or isinstance(value, datetime):
+                value = value.isoformat()
+            elif isinstance(value, ImageFieldFile):
+                value = value.name
+            elif isinstance(value, Decimal):
+                value = str(value)
+            query = json.dumps({field.name: value})
+
+            # Create sample permission
+            permission = Permission.objects.get_or_create(
+                model=ContentType.objects.get_for_model(obj._meta.model),
+                query=query,
+                mask=mask,
+                type="view",
+                permanent=False,
+                description=f"Can view {obj._meta.verbose_name}",
+            )[0]
+            role.permissions.set([permission])
+            role.save()
+
+            # Check that the access is possible
+            resp = self.client.get(url + f"{obj.pk}/")
+            self.assertEqual(resp.status_code, 200, f"Permission {permission.query} is not working "
+                                                    f"for the model {obj._meta.verbose_name}")
+
+        # Restore rights
+        self.user.is_superuser = True
+        self.user.save()
+        sess = self.client.session
+        sess["permission_mask"] = 42
+        sess.save()
+
+    @staticmethod
+    def get_value(obj, key: str):
+        """
+        Resolve the queryset filter to get the Python value of an object.
+        """
+        if hasattr(obj, "all"):
+            # obj is a RelatedManager
+            obj = obj.last()
+
+        if obj is None:  # pragma: no cover
+            return None
+
+        if '__' not in key:
+            obj = getattr(obj, key)
+            if hasattr(obj, "pk"):
+                return obj.pk
+            elif hasattr(obj, "all"):
+                if not obj.exists():  # pragma: no cover
+                    return None
+                return obj.last().pk
+            elif isinstance(obj, bool):
+                return int(obj)
+            elif isinstance(obj, datetime):
+                return obj.isoformat()
+            elif isinstance(obj, PhoneNumber):
+                return obj.raw_input
+            return obj
+
+        key, remaining = key.split('__', 1)
+        return TestAPI.get_value(getattr(obj, key), remaining)
+
+    @staticmethod
+    def fix_note_object(obj, field):
+        """
+        When querying an object that has a noteclub or a noteuser field,
+        ensure that the object has a good value.
+        """
+        if isinstance(obj, Alias):
+            if "noteuser" in field:
+                return NoteUser.objects.last().alias.last()
+            elif "noteclub" in field:
+                return NoteClub.objects.last().alias.last()
+        elif isinstance(obj, Note):
+            if "noteuser" in field:
+                return NoteUser.objects.last()
+            elif "noteclub" in field:
+                return NoteClub.objects.last()
+        return obj
+
+
+class TestBasicAPI(TestAPI):
+    def test_user_api(self):
+        """
+        Load the user page.
+        """
+        self.check_viewset(ContentTypeViewSet, "/api/models/")
+        self.check_viewset(UserViewSet, "/api/user/")
--- a/apps/api/urls.py
+++ b/apps/api/urls.py
@ -1,10 +1,11 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
 from django.conf.urls import url, include
 from rest_framework import routers

+from .views import UserInformationView
 from .viewsets import ContentTypeViewSet, UserViewSet

 # Routers provide an easy way of automatically determining the URL conf.
@ -47,5 +48,6 @@ app_name = 'api'
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
    url('^', include(router.urls)),
+    url('^me/', UserInformationView.as_view()),
    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]
--- a/apps/api/views.py
+++ b/apps/api/views.py
@ -0,0 +1,20 @@
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.contrib.auth.models import User
+from rest_framework.generics import RetrieveAPIView
+
+from .serializers import OAuthSerializer
+
+
+class UserInformationView(RetrieveAPIView):
+    """
+    These fields are give to OAuth authenticators.
+    """
+    serializer_class = OAuthSerializer
+
+    def get_queryset(self):
+        return User.objects.filter(pk=self.request.user.pk)
+
+    def get_object(self):
+        return self.request.user
--- a/apps/api/viewsets.py
+++ b/apps/api/viewsets.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib.contenttypes.models import ContentType
@ -6,6 +6,7 @@ from django_filters.rest_framework import DjangoFilterBackend
 from django.db.models import Q
 from django.conf import settings
 from django.contrib.auth.models import User
+from rest_framework.filters import SearchFilter
 from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
 from permission.backends import PermissionBackend
 from note_kfet.middlewares import get_current_session
@ -48,12 +49,13 @@ class UserViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `User` objects, serialize it to JSON with the given serializer,
-    then render it on /api/users/
+    then render it on /api/user/
    """
-    queryset = User.objects.all()
+    queryset = User.objects
    serializer_class = UserSerializer
    filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_superuser', 'is_staff', 'is_active', ]
+    filterset_fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_superuser', 'is_staff', 'is_active',
+                        'note__alias__name', 'note__alias__normalized_name', ]

    def get_queryset(self):
        queryset = super().get_queryset()
@ -106,7 +108,10 @@ class ContentTypeViewSet(ReadOnlyModelViewSet):
    """
    REST API View set.
    The djangorestframework plugin will get all `User` objects, serialize it to JSON with the given serializer,
-    then render it on /api/users/
+    then render it on /api/models/
    """
-    queryset = ContentType.objects.all()
+    queryset = ContentType.objects.order_by('id')
    serializer_class = ContentTypeSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['id', 'app_label', 'model', ]
+    search_fields = ['$app_label', '$model', ]
--- a/apps/logs/init.py
+++ b/apps/logs/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'logs.apps.LogsConfig'
--- a/apps/logs/api/serializers.py
+++ b/apps/logs/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/logs/api/urls.py
+++ b/apps/logs/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import ChangelogViewSet
--- a/apps/logs/api/views.py
+++ b/apps/logs/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django_filters.rest_framework import DjangoFilterBackend
@ -15,7 +15,7 @@ class ChangelogViewSet(ReadOnlyProtectedModelViewSet):
    The djangorestframework plugin will get all `Changelog` objects, serialize it to JSON with the given serializer,
    then render it on /api/logs/
    """
-    queryset = Changelog.objects.all()
+    queryset = Changelog.objects.order_by('id')
    serializer_class = ChangelogSerializer
    filter_backends = [DjangoFilterBackend, OrderingFilter]
    filterset_fields = ['model', 'action', "instance_pk", 'user', 'ip', ]
--- a/apps/logs/apps.py
+++ b/apps/logs/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/logs/models.py
+++ b/apps/logs/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
--- a/apps/logs/signals.py
+++ b/apps/logs/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib.contenttypes.models import ContentType
--- a/apps/member/init.py
+++ b/apps/member/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'member.apps.MemberConfig'
--- a/apps/member/admin.py
+++ b/apps/member/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib import admin
--- a/apps/member/api/serializers.py
+++ b/apps/member/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/member/api/urls.py
+++ b/apps/member/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import ProfileViewSet, ClubViewSet, MembershipViewSet
--- a/apps/member/api/views.py
+++ b/apps/member/api/views.py
@ -1,7 +1,8 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

-from rest_framework.filters import SearchFilter
+from django_filters.rest_framework import DjangoFilterBackend
+from rest_framework.filters import OrderingFilter, SearchFilter
 from api.viewsets import ReadProtectedModelViewSet

 from .serializers import ProfileSerializer, ClubSerializer, MembershipSerializer
@ -14,8 +15,15 @@ class ProfileViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Profile` objects, serialize it to JSON with the given serializer,
    then render it on /api/members/profile/
    """
-    queryset = Profile.objects.all()
+    queryset = Profile.objects.order_by('id')
    serializer_class = ProfileSerializer
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['user', 'user__first_name', 'user__last_name', 'user__username', 'user__email',
+                        'user__note__alias__name', 'user__note__alias__normalized_name', 'phone_number', "section",
+                        'department', 'promotion', 'address', 'paid', 'ml_events_registration', 'ml_sport_registration',
+                        'ml_art_registration', 'report_frequency', 'email_confirmed', 'registration_valid', ]
+    search_fields = ['$user__first_name', '$user__last_name', '$user__username', '$user__email',
+                     '$user__note__alias__name', '$user__note__alias__normalized_name', ]


 class ClubViewSet(ReadProtectedModelViewSet):
@ -24,10 +32,13 @@ class ClubViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Club` objects, serialize it to JSON with the given serializer,
    then render it on /api/members/club/
    """
-    queryset = Club.objects.all()
+    queryset = Club.objects.order_by('id')
    serializer_class = ClubSerializer
-    filter_backends = [SearchFilter]
-    search_fields = ['$name', ]
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'email', 'note__alias__name', 'note__alias__normalized_name', 'parent_club',
+                        'parent_club__name', 'require_memberships', 'membership_fee_paid', 'membership_fee_unpaid',
+                        'membership_duration', 'membership_start', 'membership_end', ]
+    search_fields = ['$name', '$email', '$note__alias__name', '$note__alias__normalized_name', ]


 class MembershipViewSet(ReadProtectedModelViewSet):
@ -36,5 +47,14 @@ class MembershipViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Membership` objects, serialize it to JSON with the given serializer,
    then render it on /api/members/membership/
    """
-    queryset = Membership.objects.all()
+    queryset = Membership.objects.order_by('id')
    serializer_class = MembershipSerializer
+    filter_backends = [DjangoFilterBackend, OrderingFilter, SearchFilter]
+    filterset_fields = ['club__name', 'club__email', 'club__note__alias__name', 'club__note__alias__normalized_name',
+                        'user__username', 'user__last_name', 'user__first_name', 'user__email',
+                        'user__note__alias__name', 'user__note__alias__normalized_name',
+                        'date_start', 'date_end', 'fee', 'roles', ]
+    ordering_fields = ['id', 'date_start', 'date_end', ]
+    search_fields = ['$club__name', '$club__email', '$club__note__alias__name', '$club__note__alias__normalized_name',
+                     '$user__username', '$user__last_name', '$user__first_name', '$user__email',
+                     '$user__note__alias__name', '$user__note__alias__normalized_name', '$roles__name', ]
--- a/apps/member/apps.py
+++ b/apps/member/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/member/auth.py
+++ b/apps/member/auth.py
@ -0,0 +1,17 @@
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from cas_server.auth import DjangoAuthUser  # pragma: no cover
+from note.models import Alias
+
+
+class CustomAuthUser(DjangoAuthUser):  # pragma: no cover
+    """
+    Override Django Auth User model to define a custom Matrix username.
+    """
+
+    def attributs(self):
+        d = super().attributs()
+        if self.user:
+            d["normalized_name"] = Alias.normalize(self.user.username)
+        return d
--- a/apps/member/forms.py
+++ b/apps/member/forms.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import io
--- a/apps/member/hashers.py
+++ b/apps/member/hashers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import hashlib
--- a/apps/member/migrations/0006_create_note_account_bde_membership.py
+++ b/apps/member/migrations/0006_create_note_account_bde_membership.py
@ -0,0 +1,50 @@
+import sys
+
+from django.db import migrations
+
+
+def give_note_account_permissions(apps, schema_editor):
+    """
+    Automatically manage the membership of the Note account.
+    """
+    User = apps.get_model("auth", "user")
+    Membership = apps.get_model("member", "membership")
+    Role = apps.get_model("permission", "role")
+
+    note = User.objects.filter(username="note")
+    if not note.exists():
+        # We are in a test environment, don't log error message
+        if len(sys.argv) > 1 and sys.argv[1] == 'test':
+            return
+        print("Warning: Note account was not found. The note account was not imported.")
+        print("Make sure you have imported the NK15 database. The new import script handles correctly the permissions.")
+        print("This migration will be ignored, you can re-run it if you forgot the note account or ignore it if you "
+              "don't want this account.")
+        return
+
+    note = note.get()
+
+    # Set for the two clubs a large expiration date and the correct role.
+    for m in Membership.objects.filter(user_id=note.id).all():
+        m.date_end = "3142-12-12"
+        m.roles.set(Role.objects.filter(name="PC Kfet").all())
+        m.save()
+    # By default, the note account is only authorized to be logged from localhost.
+    note.password = "ipbased$127.0.0.1"
+    note.is_active = True
+    note.save()
+    # Ensure that the note of the account is disabled
+    note.note.inactivity_reason = 'forced'
+    note.note.is_active = False
+    note.save()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('member', '0005_remove_null_tag_on_charfields'),
+        ('permission', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RunPython(give_note_account_permissions),
+    ]
--- a/apps/member/migrations/0007_auto_20210313_1235.py
+++ b/apps/member/migrations/0007_auto_20210313_1235.py
@ -0,0 +1,23 @@
+# Generated by Django 2.2.19 on 2021-03-13 11:35
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('member', '0006_create_note_account_bde_membership'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='membership',
+            name='roles',
+            field=models.ManyToManyField(related_name='memberships', to='permission.Role', verbose_name='roles'),
+        ),
+        migrations.AlterField(
+            model_name='profile',
+            name='promotion',
+            field=models.PositiveSmallIntegerField(default=2021, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
+        ),
+    ]
--- a/apps/member/models.py
+++ b/apps/member/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import datetime
@ -313,6 +313,7 @@ class Membership(models.Model):

    roles = models.ManyToManyField(
        "permission.Role",
+        related_name="memberships",
        verbose_name=_("roles"),
    )

--- a/apps/member/signals.py
+++ b/apps/member/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later


--- a/apps/member/static/member/js/alias.js
+++ b/apps/member/static/member/js/alias.js
@ -14,7 +14,7 @@ function create_alias (e) {
  }).done(function () {
    // Reload table
    $('#alias_table').load(location.pathname + ' #alias_table')
-    addMsg('Alias ajouté', 'success')
+    addMsg(gettext('Alias successfully added'), 'success')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
  })
@ -22,7 +22,7 @@ function create_alias (e) {

 /**
 * On click of "delete", delete the alias
- * @param Integer button_id Alias id to remove
+ * @param button_id:Integer Alias id to remove
 */
 function delete_button (button_id) {
  $.ajax({
@ -30,7 +30,7 @@ function delete_button (button_id) {
    method: 'DELETE',
    headers: { 'X-CSRFTOKEN': CSRF_TOKEN }
  }).done(function () {
-    addMsg('Alias supprimé', 'success')
+    addMsg(gettext('Alias successfully deleted'), 'success')
    $('#alias_table').load(location.pathname + ' #alias_table')
  }).fail(function (xhr, _textStatus, _error) {
    errMsg(xhr.responseJSON)
--- a/apps/member/tables.py
+++ b/apps/member/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import date
@ -43,8 +43,24 @@ class UserTable(tables.Table):

    section = tables.Column(accessor='profile__section')

+    # Override the column to let replace the URL
+    email = tables.EmailColumn(linkify=lambda record: "mailto:{}".format(record.email))
+
    balance = tables.Column(accessor='note__balance', verbose_name=_("Balance"))

+    def render_email(self, record, value):
+        # Replace the email by a dash if the user can't see the profile detail
+        # Replace also the URL
+        if not PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile):
+            value = "—"
+            record.email = value
+        return value
+
+    def render_section(self, record, value):
+        return value \
+            if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile) \
+            else "—"
+
    def render_balance(self, record, value):
        return pretty_money(value)\
            if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", record.note) else "—"
--- a/apps/member/templates/member/includes/club_info.html
+++ b/apps/member/templates/member/includes/club_info.html
@ -48,7 +48,7 @@
    <dd class="col-xl-6">
        <a class="badge badge-secondary" href="{% url 'member:club_alias' club.pk %}">
            <i class="fa fa-edit"></i>
-            {% trans 'Manage aliases' %} ({{ club.note.alias_set.all|length }})
+            {% trans 'Manage aliases' %} ({{ club.note.alias.all|length }})
        </a>
    </dd>

--- a/apps/member/templates/member/includes/profile_info.html
+++ b/apps/member/templates/member/includes/profile_info.html
@ -21,29 +21,31 @@
    <dd class="col-xl-6">
        <a class="badge badge-secondary" href="{% url 'member:user_alias' user_object.pk %}">
            <i class="fa fa-edit"></i>
-            {% trans 'Manage aliases' %} ({{ user_object.note.alias_set.all|length }})
+            {% trans 'Manage aliases' %} ({{ user_object.note.alias.all|length }})
        </a>
    </dd>

-    <dt class="col-xl-6">{% trans 'section'|capfirst %}</dt>
-    <dd class="col-xl-6">{{ user_object.profile.section }}</dd>
+    {% if "member.view_profile"|has_perm:user_object.profile %}
+        <dt class="col-xl-6">{% trans 'section'|capfirst %}</dt>
+        <dd class="col-xl-6">{{ user_object.profile.section }}</dd>

-    <dt class="col-xl-6">{% trans 'email'|capfirst %}</dt>
-    <dd class="col-xl-6"><a href="mailto:{{ user_object.email }}">{{ user_object.email }}</a></dd>
+        <dt class="col-xl-6">{% trans 'email'|capfirst %}</dt>
+        <dd class="col-xl-6"><a href="mailto:{{ user_object.email }}">{{ user_object.email }}</a></dd>

-    <dt class="col-xl-6">{% trans 'phone number'|capfirst %}</dt>
-    <dd class="col-xl-6"><a href="tel:{{ user_object.profile.phone_number }}">{{ user_object.profile.phone_number }}</a>
-    </dd>
+        <dt class="col-xl-6">{% trans 'phone number'|capfirst %}</dt>
+        <dd class="col-xl-6"><a href="tel:{{ user_object.profile.phone_number }}">{{ user_object.profile.phone_number }}</a>
+        </dd>

-    <dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
-    <dd class="col-xl-6">{{ user_object.profile.address }}</dd>
+        <dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
+        <dd class="col-xl-6">{{ user_object.profile.address }}</dd>

-    {% if user_object.note and "note.view_note"|has_perm:user_object.note %}
-    <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
-    <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
+        {% if user_object.note and "note.view_note"|has_perm:user_object.note %}
+        <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
+        <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>

-    <dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt>
-    <dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd>
+        <dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt>
+        <dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd>
+        {% endif %}
    {% endif %}
 </dl>

--- a/apps/member/templates/member/user_list.html
+++ b/apps/member/templates/member/user_list.html
@ -5,7 +5,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% load i18n perms %}

 {% block content %}
-{% if "member.change_profile_registration_valid"|has_perm:user %}
+{% if can_manage_registrations %}
 <a class="btn btn-block btn-secondary mb-3" href="{% url 'registration:future_user_list' %}">
    <i class="fa fa-user-plus"></i> {% trans "Registrations" %}
 </a>
--- a/apps/member/templatetags/memberinfo.py
+++ b/apps/member/templatetags/memberinfo.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import date
--- a/apps/member/tests/test_login.py
+++ b/apps/member/tests/test_login.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
 from django.contrib.auth.models import User
--- a/apps/member/tests/test_memberships.py
+++ b/apps/member/tests/test_memberships.py
@ -1,21 +1,24 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import hashlib
 import os
 from datetime import date, timedelta

+from api.tests import TestAPI
 from django.contrib.auth.models import User
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.db.models import Q
 from django.test import TestCase
 from django.urls import reverse
 from django.utils import timezone
-from member.models import Club, Membership, Profile
 from note.models import Alias, NoteSpecial
 from permission.models import Role
 from treasury.models import SogeCredit

+from ..api.views import ClubViewSet, MembershipViewSet, ProfileViewSet
+from ..models import Club, Membership, Profile
+
 """
 Create some users and clubs and test that all pages are rendering properly
 and that memberships are working.
@ -403,3 +406,46 @@ class TestMemberships(TestCase):
        self.user.password = "custom_nk15$1$" + salt + "|" + hashed
        self.user.save()
        self.assertTrue(self.user.check_password(password))
+
+
+class TestMemberAPI(TestAPI):
+    def setUp(self) -> None:
+        super().setUp()
+
+        self.user.profile.registration_valid = True
+        self.user.profile.email_confirmed = True
+        self.user.profile.phone_number = "0600000000"
+        self.user.profile.section = "1A0"
+        self.user.profile.department = "A0"
+        self.user.profile.address = "Earth"
+        self.user.profile.save()
+
+        self.club = Club.objects.create(
+            name="totoclub",
+            parent_club=Club.objects.get(name="BDE"),
+            membership_start=date(year=1970, month=1, day=1),
+            membership_end=date(year=2040, month=1, day=1),
+            membership_duration=365 * 10,
+        )
+        self.bde_membership = Membership.objects.create(user=self.user, club=Club.objects.get(name="BDE"))
+        self.membership = Membership.objects.create(user=self.user, club=self.club)
+        self.membership.roles.add(Role.objects.get(name="Bureau de club"))
+        self.membership.save()
+
+    def test_club_api(self):
+        """
+        Load Club API page and test all filters and permissions
+        """
+        self.check_viewset(ClubViewSet, "/api/members/club/")
+
+    def test_profile_api(self):
+        """
+        Load Profile API page and test all filters and permissions
+        """
+        self.check_viewset(ProfileViewSet, "/api/members/profile/")
+
+    def test_membership_api(self):
+        """
+        Load Membership API page and test all filters and permissions
+        """
+        self.check_viewset(MembershipViewSet, "/api/members/membership/")
--- a/apps/member/urls.py
+++ b/apps/member/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.urls import path
--- a/apps/member/views.py
+++ b/apps/member/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import timedelta, date
@ -70,10 +70,11 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
        form.fields['email'].required = True
        form.fields['email'].help_text = _("This address must be valid.")

-        context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
-                                                    data=self.request.POST if self.request.POST else None)
-        if not self.object.profile.report_frequency:
-            del context['profile_form'].fields["last_report"]
+        if PermissionBackend.check_perm(self.request.user, "member.change_profile", context['user_object'].profile):
+            context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
+                                                        data=self.request.POST if self.request.POST else None)
+            if not self.object.profile.report_frequency:
+                del context['profile_form'].fields["last_report"]

        return context

@ -234,6 +235,13 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):

        return qs

+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        pre_registered_users = User.objects.filter(PermissionBackend.filter_queryset(self.request.user, User, "view"))\
+            .filter(profile__registration_valid=False)
+        context["can_manage_registrations"] = pre_registered_users.exists()
+        return context
+

 class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    """
@ -247,8 +255,8 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        note = context['object'].note
-        context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
-                                                              .filter_queryset(self.request.user, Alias, "view")).all())
+        context["aliases"] = AliasTable(
+            note.alias.filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all())
        context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
@ -450,8 +458,8 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        note = context['object'].note
-        context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
-                                                              .filter_queryset(self.request.user, Alias, "view")).all())
+        context["aliases"] = AliasTable(note.alias.filter(
+            PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all())
        context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
@ -617,9 +625,6 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        # Retrieve form data
        credit_type = form.cleaned_data["credit_type"]
        credit_amount = form.cleaned_data["credit_amount"]
-        last_name = form.cleaned_data["last_name"]
-        first_name = form.cleaned_data["first_name"]
-        bank = form.cleaned_data["bank"]
        soge = form.cleaned_data["soge"] and not user.profile.soge and (club.name == "BDE" or club.name == "Kfet")

        if not credit_type:
@ -650,8 +655,8 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        if club.name != "Kfet" and club.parent_club and not Membership.objects.filter(
                user=form.instance.user,
                club=club.parent_club,
-                date_start__gte=club.parent_club.membership_start,
-                date_end__lte=club.parent_club.membership_end,
+                date_start__lte=timezone.now(),
+                date_end__gte=club.parent_club.membership_end,
        ).exists():
            form.add_error('user', _('User is not a member of the parent club') + ' ' + club.parent_club.name)
            error = True
@ -666,15 +671,9 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
                           .format(form.instance.club.membership_end))
            error = True

-        if credit_amount:
-            if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"):
-                if not last_name:
-                    form.add_error('last_name', _("This field is required."))
-                if not first_name:
-                    form.add_error('first_name', _("This field is required."))
-                if not bank and credit_type.special_type == "Chèque":
-                    form.add_error('bank', _("This field is required."))
-                return self.form_invalid(form)
+        if credit_amount and not SpecialTransaction.validate_payment_form(form):
+            # Check that special information for payment are filled
+            error = True

        return not error

@ -736,6 +735,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
            # When we renew the BDE membership, we update the profile section
            # that should happens at least once a year.
            user.profile.section = user.profile.section_generated
+            user.profile._force_save = True
            user.profile.save()

        # Credit note before the membership is created.
--- a/apps/note/init.py
+++ b/apps/note/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'note.apps.NoteConfig'
--- a/apps/note/admin.py
+++ b/apps/note/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib import admin
--- a/apps/note/api/serializers.py
+++ b/apps/note/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
--- a/apps/note/api/urls.py
+++ b/apps/note/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \
--- a/apps/note/api/views.py
+++ b/apps/note/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
@ -15,29 +15,37 @@ from permission.backends import PermissionBackend

 from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
    TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer
-from ..models.notes import Note, Alias
+from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial
 from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory


 class NotePolymorphicViewSet(ReadProtectedModelViewSet):
    """
    REST API View set.
-    The djangorestframework plugin will get all `Note` objects (with polymorhism), serialize it to JSON with the given serializer,
+    The djangorestframework plugin will get all `Note` objects (with polymorhism),
+    serialize it to JSON with the given serializer,
    then render it on /api/note/note/
    """
-    queryset = Note.objects.all()
+    queryset = Note.objects.order_by('id')
    serializer_class = NotePolymorphicSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter, OrderingFilter]
-    filterset_fields = ['polymorphic_ctype', 'is_active', ]
-    search_fields = ['$alias__normalized_name', '$alias__name', '$polymorphic_ctype__model', ]
-    ordering_fields = ['alias__name', 'alias__normalized_name']
+    filterset_fields = ['alias__name', 'polymorphic_ctype', 'is_active', 'balance', 'last_negative', 'created_at', ]
+    search_fields = ['$alias__normalized_name', '$alias__name', '$polymorphic_ctype__model',
+                     '$noteuser__user__last_name', '$noteuser__user__first_name', '$noteuser__user__email',
+                     '$noteuser__user__email', '$noteclub__club__email', ]
+    ordering_fields = ['alias__name', 'alias__normalized_name', 'balance', 'created_at', ]

    def get_queryset(self):
        """
        Parse query and apply filters.
        :return: The filtered set of requested notes
        """
-        queryset = super().get_queryset().distinct()
+        user = self.request.user
+        get_current_session().setdefault("permission_mask", 42)
+        queryset = self.queryset.filter(PermissionBackend.filter_queryset(user, Note, "view")
+                                        | PermissionBackend.filter_queryset(user, NoteUser, "view")
+                                        | PermissionBackend.filter_queryset(user, NoteClub, "view")
+                                        | PermissionBackend.filter_queryset(user, NoteSpecial, "view")).distinct()

        alias = self.request.query_params.get("alias", ".*")
        queryset = queryset.filter(
@ -55,18 +63,18 @@ class AliasViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer,
    then render it on /api/aliases/
    """
-    queryset = Alias.objects.all()
+    queryset = Alias.objects
    serializer_class = AliasSerializer
    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
-    filterset_fields = ['note']
-    ordering_fields = ['name', 'normalized_name']
+    filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ]
+    ordering_fields = ['name', 'normalized_name', ]

    def get_serializer_class(self):
        serializer_class = self.serializer_class
        if self.request.method in ['PUT', 'PATCH']:
            # alias owner cannot be change once establish
-            setattr(serializer_class.Meta, 'read_only_fields', ('note',))
+            serializer_class.Meta.read_only_fields = ('note',)
        return serializer_class

    def destroy(self, request, *args, **kwargs):
@ -74,7 +82,7 @@ class AliasViewSet(ReadProtectedModelViewSet):
        try:
            self.perform_destroy(instance)
        except ValidationError as e:
-            return Response({e.code: e.message}, status.HTTP_400_BAD_REQUEST)
+            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
        return Response(status=status.HTTP_204_NO_CONTENT)

    def get_queryset(self):
@ -106,12 +114,12 @@ class AliasViewSet(ReadProtectedModelViewSet):


 class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
-    queryset = Alias.objects.all()
+    queryset = Alias.objects
    serializer_class = ConsumerSerializer
    filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
-    filterset_fields = ['note']
-    ordering_fields = ['name', 'normalized_name']
+    filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ]
+    ordering_fields = ['name', 'normalized_name', ]

    def get_queryset(self):
        """
@ -157,10 +165,11 @@ class TemplateCategoryViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `TemplateCategory` objects, serialize it to JSON with the given serializer,
    then render it on /api/note/transaction/category/
    """
-    queryset = TemplateCategory.objects.order_by("name").all()
+    queryset = TemplateCategory.objects.order_by('name')
    serializer_class = TemplateCategorySerializer
-    filter_backends = [SearchFilter]
-    search_fields = ['$name', ]
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'templates', 'templates__name']
+    search_fields = ['$name', '$templates__name', ]


 class TransactionTemplateViewSet(viewsets.ModelViewSet):
@ -169,11 +178,12 @@ class TransactionTemplateViewSet(viewsets.ModelViewSet):
    The djangorestframework plugin will get all `TransactionTemplate` objects, serialize it to JSON with the given serializer,
    then render it on /api/note/transaction/template/
    """
-    queryset = TransactionTemplate.objects.order_by("name").all()
+    queryset = TransactionTemplate.objects.order_by('name')
    serializer_class = TransactionTemplateSerializer
-    filter_backends = [SearchFilter, DjangoFilterBackend]
-    filterset_fields = ['name', 'amount', 'display', 'category', ]
-    search_fields = ['$name', ]
+    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
+    filterset_fields = ['name', 'amount', 'display', 'category', 'category__name', ]
+    search_fields = ['$name', '$category__name', ]
+    ordering_fields = ['amount', ]


 class TransactionViewSet(ReadProtectedModelViewSet):
@ -182,13 +192,17 @@ class TransactionViewSet(ReadProtectedModelViewSet):
    The djangorestframework plugin will get all `Transaction` objects, serialize it to JSON with the given serializer,
    then render it on /api/note/transaction/transaction/
    """
-    queryset = Transaction.objects.order_by("-created_at").all()
+    queryset = Transaction.objects.order_by('-created_at')
    serializer_class = TransactionPolymorphicSerializer
    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
-    filterset_fields = ["source", "source_alias", "destination", "destination_alias", "quantity",
-                        "polymorphic_ctype", "amount", "created_at", ]
-    search_fields = ['$reason', ]
-    ordering_fields = ['created_at', 'amount']
+    filterset_fields = ['source', 'source_alias', 'source__alias__name', 'source__alias__normalized_name',
+                        'destination', 'destination_alias', 'destination__alias__name',
+                        'destination__alias__normalized_name', 'quantity', 'polymorphic_ctype', 'amount',
+                        'created_at', 'valid', 'invalidity_reason', ]
+    search_fields = ['$reason', '$source_alias', '$source__alias__name', '$source__alias__normalized_name',
+                     '$destination_alias', '$destination__alias__name', '$destination__alias__normalized_name',
+                     '$invalidity_reason', ]
+    ordering_fields = ['created_at', 'amount', ]

    def get_queryset(self):
        user = self.request.user
--- a/apps/note/apps.py
+++ b/apps/note/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/note/forms.py
+++ b/apps/note/forms.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import datetime

--- a/apps/note/migrations/0005_auto_20210313_1235.py
+++ b/apps/note/migrations/0005_auto_20210313_1235.py
@ -0,0 +1,19 @@
+# Generated by Django 2.2.19 on 2021-03-13 11:35
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('note', '0004_remove_null_tag_on_charfields'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='alias',
+            name='note',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='alias', to='note.Note'),
+        ),
+    ]
--- a/apps/note/models/init.py
+++ b/apps/note/models/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
--- a/apps/note/models/notes.py
+++ b/apps/note/models/notes.py
@ -1,10 +1,9 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import unicodedata

 from django.conf import settings
-from django.conf.global_settings import DEFAULT_FROM_EMAIL
 from django.core.exceptions import ValidationError
 from django.core.mail import send_mail
 from django.core.validators import RegexValidator
@ -190,8 +189,8 @@ class NoteClub(Note):
    def send_mail_negative_balance(self):
        plain_text = render_to_string("note/mails/negative_balance.txt", dict(note=self))
        html = render_to_string("note/mails/negative_balance.html", dict(note=self))
-        send_mail("[Note Kfet] Passage en négatif (club {})".format(self.club.name), plain_text, DEFAULT_FROM_EMAIL,
-                  [self.club.email], html_message=html)
+        send_mail("[Note Kfet] Passage en négatif (club {})".format(self.club.name), plain_text,
+                  settings.DEFAULT_FROM_EMAIL, [self.club.email], html_message=html)


 class NoteSpecial(Note):
@ -248,6 +247,7 @@ class Alias(models.Model):
    note = models.ForeignKey(
        Note,
        on_delete=models.PROTECT,
+        related_name="alias",
    )

    class Meta:
--- a/apps/note/models/transactions.py
+++ b/apps/note/models/transactions.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.core.exceptions import ValidationError
@ -223,7 +223,8 @@ class Transaction(PolymorphicModel):
        # Check that the amounts stay between big integer bounds
        diff_source, diff_dest = self.validate()

-        if not self.source.is_active or not self.destination.is_active:
+        if not (hasattr(self, '_force_save') and self._force_save) \
+                and (not self.source.is_active or not self.destination.is_active):
            raise ValidationError(_("The transaction can't be saved since the source note "
                                    "or the destination note is not active."))

@ -271,7 +272,7 @@ class RecurrentTransaction(Transaction):
    )

    def clean(self):
-        if self.template.destination != self.destination:
+        if self.template.destination != self.destination and not (hasattr(self, '_force_save') and self._force_save):
            raise ValidationError(
                _("The destination of this transaction must equal to the destination of the template."))
        return super().clean()
@ -332,6 +333,36 @@ class SpecialTransaction(Transaction):
        self.clean()
        super().save(*args, **kwargs)

+    @staticmethod
+    def validate_payment_form(form):
+        """
+        Ensure that last name and first name are filled for a form that creates a SpecialTransaction,
+        and check that if the user pays with a check, then the bank field is filled.
+
+        Return True iff there is no error.
+        Whenever there is an error, they are inserted in the form errors.
+        """
+
+        credit_type = form.cleaned_data["credit_type"]
+        last_name = form.cleaned_data["last_name"]
+        first_name = form.cleaned_data["first_name"]
+        bank = form.cleaned_data["bank"]
+
+        error = False
+
+        if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"):
+            if not last_name:
+                form.add_error('last_name', _("This field is required."))
+                error = True
+            if not first_name:
+                form.add_error('first_name', _("This field is required."))
+                error = True
+            if not bank and credit_type.special_type == "Chèque":
+                form.add_error('bank', _("This field is required."))
+                error = True
+
+        return not error
+
    class Meta:
        verbose_name = _("Special transaction")
        verbose_name_plural = _("Special transactions")
--- a/apps/note/signals.py
+++ b/apps/note/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.utils import timezone
@ -43,4 +43,5 @@ def delete_transaction(instance, **_kwargs):
    """
    if not hasattr(instance, "_no_signal"):
        instance.valid = False
+        instance._force_save = True
        instance.save()
--- a/apps/note/static/note/js/consos.js
+++ b/apps/note/static/note/js/consos.js
@ -1,4 +1,4 @@
-// Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+// Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 // SPDX-License-Identifier: GPL-3.0-or-later

 // When a transaction is performed, lock the interface to prevent spam clicks.
@ -28,7 +28,7 @@ $(document).ready(function () {

  // Switching in double consumptions mode should update the layout
  $('#double_conso').change(function () {
-    $('#consos_list_div').removeClass('d-none')
+    document.getElementById('consos_list_div').classList.remove('d-none')
    $('#infos_div').attr('class', 'col-sm-5 col-xl-6')

    const note_list_obj = $('#note_list')
@ -37,7 +37,7 @@ $(document).ready(function () {
      note_list_obj.html('')

      buttons.forEach(function (button) {
-        $('#conso_button_' + button.id).click(function () {
+        document.getElementById(`conso_button_${button.id}`).addEventListener('click', () => {
          if (LOCK) { return }
          removeNote(button, 'conso_button', buttons, 'consos_list')()
        })
@ -46,7 +46,7 @@ $(document).ready(function () {
  })

  $('#single_conso').change(function () {
-    $('#consos_list_div').addClass('d-none')
+    document.getElementById('consos_list_div').classList.add('d-none')
    $('#infos_div').attr('class', 'col-sm-5 col-md-4')

    const consos_list_obj = $('#consos_list')
@ -68,9 +68,9 @@ $(document).ready(function () {
  })

  // Ensure we begin in single consumption. Fix issue with TurboLinks and BootstrapJS
-  $("label[for='double_conso']").removeClass('active')
+  document.querySelector("label[for='double_conso']").classList.remove('active')

-  $('#consume_all').click(consumeAll)
+  document.getElementById("consume_all").addEventListener('click', consumeAll)
 })

 notes = []
@ -127,11 +127,10 @@ function addConso (dest, amount, type, category_id, category_name, template_id,
      html += li('conso_button_' + button.id, button.name +
                '<span class="badge badge-dark badge-pill">' + button.quantity + '</span>')
    })
+    document.getElementById(list).innerHTML = html

-    $('#' + list).html(html)
-
-    buttons.forEach(function (button) {
-      $('#conso_button_' + button.id).click(function () {
+    buttons.forEach((button) => {
+      document.getElementById(`conso_button_${button.id}`).addEventListener('click', () => {
        if (LOCK) { return }
        removeNote(button, 'conso_button', buttons, list)()
      })
@ -146,12 +145,13 @@ function reset () {
  notes_display.length = 0
  notes.length = 0
  buttons.length = 0
-  $('#note_list').html('')
-  $('#consos_list').html('')
-  $('#note').val('')
-  $('#note').attr('data-original-title', '').tooltip('hide')
-  $('#profile_pic').attr('src', '/static/member/img/default_picture.png')
-  $('#profile_pic_link').attr('href', '#')
+  document.getElementById('note_list').innerHTML = ''
+  document.getElementById('consos_list').innerHTML = ''
+  document.getElementById('note').value = ''
+  document.getElementById('note').dataset.originTitle = ''
+  $('#note').tooltip('hide')
+  document.getElementById('profile_pic').src = '/static/member/img/default_picture.png'
+  document.getElementById('profile_pic_link').href = '#'
  refreshHistory()
  refreshBalance()
  LOCK = false
@ -168,7 +168,7 @@ function consumeAll () {
  let error = false

  if (notes_display.length === 0) {
-    $('#note').addClass('is-invalid')
+    document.getElementById('note').classList.add('is-invalid')
    $('#note_list').html(li('', '<strong>Ajoutez des émetteurs.</strong>', 'text-danger'))
    error = true
  }
@ -222,17 +222,15 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
      if (!isNaN(source.balance)) {
        const newBalance = source.balance - quantity * amount
        if (newBalance <= -5000) {
-          addMsg('Attention, La transaction depuis la note ' + source_alias + ' a été réalisée avec ' +
-                        'succès, mais la note émettrice ' + source_alias + ' est en négatif sévère.',
-          'danger', 30000)
+          addMsg(interpolate(gettext('Warning, the transaction from the note %s succeed, ' +
+              'but the emitter note %s is very negative.'), [source_alias, source_alias]), 'danger', 30000)
        } else if (newBalance < 0) {
-          addMsg('Attention, La transaction depuis la note ' + source_alias + ' a été réalisée avec ' +
-                        'succès, mais la note émettrice ' + source_alias + ' est en négatif.',
-          'warning', 30000)
+          addMsg(interpolate(gettext('Warning, the transaction from the note %s succeed, ' +
+              'but the emitter note %s is negative.'), [source_alias, source_alias]), 'warning', 30000)
        }
        if (source.membership && source.membership.date_end < new Date().toISOString()) {
-          addMsg('Attention : la note émettrice ' + source.name + " n'est plus adhérente.",
-            'danger', 30000)
+          addMsg(interpolate(gettext('Warning, the emitter note %s is no more a BDE member.'), [source_alias]),
+              'danger', 30000)
        }
      }
      reset()
@ -253,7 +251,7 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
          template: template
        }).done(function () {
        reset()
-        addMsg("La transaction n'a pas pu être validée pour cause de solde insuffisant.", 'danger', 10000)
+        addMsg(gettext("The transaction couldn't be validated because of insufficient balance."), 'danger', 10000)
      }).fail(function () {
        reset()
        errMsg(e.responseJSON)
--- a/apps/note/static/note/js/transfer.js
+++ b/apps/note/static/note/js/transfer.js
@ -239,20 +239,20 @@ $('#btn_transfer').click(function () {

  if (!amount_field.val() || isNaN(amount_field.val()) || amount_field.val() <= 0) {
    amount_field.addClass('is-invalid')
-    $('#amount-required').html('<strong>Ce champ est requis et doit comporter un nombre décimal strictement positif.</strong>')
+    $('#amount-required').html('<strong>' + gettext('This field is required and must contain a decimal positive number.') + '</strong>')
    error = true
  }

-  const amount = Math.floor(100 * amount_field.val())
+  const amount = Math.round(100 * amount_field.val())
  if (amount > 2147483647) {
    amount_field.addClass('is-invalid')
-    $('#amount-required').html('<strong>Le montant ne doit pas excéder 21474836.47 €.</strong>')
+    $('#amount-required').html('<strong>' + gettext('The amount must stay under 21,474,836.47 €.') + '</strong>')
    error = true
  }

  if (!reason_field.val() && $('#type_transfer').is(':checked')) {
    reason_field.addClass('is-invalid')
-    $('#reason-required').html('<strong>Ce champ est requis.</strong>')
+    $('#reason-required').html('<strong>' + gettext('This field is required.') + '</strong>')
    error = true
  }

@ -278,9 +278,8 @@ $('#btn_transfer').click(function () {
    [...sources_notes_display].forEach(function (source) {
      [...dests_notes_display].forEach(function (dest) {
        if (source.note.id === dest.note.id) {
-          addMsg('Attention : la transaction de ' + pretty_money(amount) + ' de la note ' + source.name +
-                        ' vers la note ' + dest.name + " n'a pas été faite car il s'agit de la même note au départ" +
-                        " et à l'arrivée.", 'warning', 10000)
+          addMsg(interpolate(gettext('Warning: the transaction of %s from %s to %s was not made because ' +
+              'it is the same source and destination note.'), [pretty_money(amount), source.name, dest.name]), 'warning', 10000)
          LOCK = false
          return
        }
@ -300,43 +299,35 @@ $('#btn_transfer').click(function () {
            destination_alias: dest.name
          }).done(function () {
          if (source.note.membership && source.note.membership.date_end < new Date().toISOString()) {
-            addMsg('Attention : la note émettrice ' + source.name + " n'est plus adhérente.",
-              'danger', 30000)
+            addMsg(interpolate(gettext('Warning, the emitter note %s is no more a BDE member.'), [source.name]), 'danger', 30000)
          }
          if (dest.note.membership && dest.note.membership.date_end < new Date().toISOString()) {
-            addMsg('Attention : la note destination ' + dest.name + " n'est plus adhérente.",
-              'danger', 30000)
+            addMsg(interpolate(gettext('Warning, the destination note %s is no more a BDE member.'), [dest.name]), 'danger', 30000)
          }

          if (!isNaN(source.note.balance)) {
            const newBalance = source.note.balance - source.quantity * dest.quantity * amount
            if (newBalance <= -5000) {
-              addMsg('Le transfert de ' +
-                                    pretty_money(source.quantity * dest.quantity * amount) + ' de la note ' +
-                                    source.name + ' vers la note ' + dest.name + ' a été fait avec succès, ' +
-                                    'mais la note émettrice est en négatif sévère.', 'danger', 10000)
+              addMsg(interpolate(gettext('Warning, the transaction of %s from the note %s to the note %s succeed, but the emitter note %s is very negative.'),
+                  [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, source.name]), 'danger', 10000)
              reset()
              return
            } else if (newBalance < 0) {
-              addMsg('Le transfert de ' +
-                                    pretty_money(source.quantity * dest.quantity * amount) + ' de la note ' +
-                                    source.name + ' vers la note ' + dest.name + ' a été fait avec succès, ' +
-                                    'mais la note émettrice est en négatif.', 'warning', 10000)
+              addMsg(interpolate(gettext('Warning, the transaction of %s from the note %s to the note %s succeed, but the emitter note %s is negative.'),
+                  [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, source.name]), 'danger', 10000)
              reset()
              return
            }
          }
-          addMsg('Le transfert de ' +
-                            pretty_money(source.quantity * dest.quantity * amount) + ' de la note ' + source.name +
-                            ' vers la note ' + dest.name + ' a été fait avec succès !', 'success', 10000)
+          addMsg(interpolate(gettext('Transfer of %s from %s to %s succeed!'),
+              [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name]), 'success', 10000)

          reset()
        }).fail(function (err) { // do it again but valid = false
          const errObj = JSON.parse(err.responseText)
          if (errObj.non_field_errors) {
-            addMsg('Le transfert de ' +
-                                pretty_money(source.quantity * dest.quantity * amount) + ' de la note ' + source.name +
-                                ' vers la note ' + dest.name + ' a échoué : ' + errObj.non_field_errors, 'danger')
+            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, errObj.non_field_errors]), 'danger')
            LOCK = false
            return
          }
@ -356,17 +347,15 @@ $('#btn_transfer').click(function () {
              destination: dest.note.id,
              destination_alias: dest.name
            }).done(function () {
-            addMsg('Le transfert de ' +
-                                pretty_money(source.quantity * dest.quantity * amount) + ' de la note ' + source.name +
-                                ' vers la note ' + dest.name + ' a échoué : Solde insuffisant', 'danger', 10000)
+            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, gettext('insufficient funds')]), 'danger', 10000)
            reset()
          }).fail(function (err) {
            const errObj = JSON.parse(err.responseText)
            let error = errObj.detail ? errObj.detail : errObj.non_field_errors
            if (!error) { error = err.responseText }
-            addMsg('Le transfert de ' +
-                                pretty_money(source.quantity * dest.quantity * amount) + ' de la note ' + source.name +
-                                ' vers la note ' + dest.name + ' a échoué : ' + error, 'danger')
+            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, error]), 'danger')
            LOCK = false
          })
        })
@ -412,14 +401,14 @@ $('#btn_transfer').click(function () {
        first_name: $('#first_name').val(),
        bank: $('#bank').val()
      }).done(function () {
-      addMsg('Le crédit/retrait a bien été effectué !', 'success', 10000)
-      if (user_note.membership && user_note.membership.date_end < new Date().toISOString()) { addMsg('Attention : la note ' + alias + " n'est plus adhérente.", 'danger', 10000) }
+      addMsg(gettext('Credit/debit succeed!'), 'success', 10000)
+      if (user_note.membership && user_note.membership.date_end < new Date().toISOString()) { addMsg(gettext('Warning, the emitter note %s is no more a BDE member.'), 'danger', 10000) }
      reset()
    }).fail(function (err) {
      const errObj = JSON.parse(err.responseText)
      let error = errObj.detail ? errObj.detail : errObj.non_field_errors
      if (!error) { error = err.responseText }
-      addMsg('Le crédit/retrait a échoué : ' + error, 'danger', 10000)
+      addMsg(interpolate(gettext('Credit/debit failed: %s'), [error]), 'danger', 10000)
      LOCK = false
    })
  }
--- a/apps/note/tables.py
+++ b/apps/note/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import html
--- a/apps/note/templates/note/transaction_form.html
+++ b/apps/note/templates/note/transaction_form.html
@ -57,7 +57,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
                <ul class="list-group list-group-flush" id="source_note_list">
                </ul>
                <div class="card-body">
-                    <select id="credit_type" class="custom-select d-none">
+                    <select id="credit_type" class="form-control custom-select d-none">
                        {% for special_type in special_types %}
                            <option value="{{ special_type.id }}">{{ special_type.special_type }}</option>
                        {% endfor %}
@ -84,7 +84,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
                <ul class="list-group list-group-flush" id="dest_note_list">
                </ul>
                <div class="card-body">
-                    <select id="debit_type" class="custom-select d-none">
+                    <select id="debit_type" class="form-control custom-select d-none">
                        {% for special_type in special_types %}
                            <option value="{{ special_type.id }}">{{ special_type.special_type }}</option>
                        {% endfor %}
--- a/apps/note/templatetags/getenv.py
+++ b/apps/note/templatetags/getenv.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django import template
--- a/apps/note/templatetags/pretty_money.py
+++ b/apps/note/templatetags/pretty_money.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django import template
--- a/apps/note/tests/test_transactions.py
+++ b/apps/note/tests/test_transactions.py
@ -1,15 +1,20 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

+from api.tests import TestAPI
+from member.models import Club, Membership
 from django.contrib.auth.models import User
 from django.contrib.contenttypes.models import ContentType
 from django.test import TestCase
 from django.urls import reverse
-from member.models import Club, Membership
-from note.models import NoteUser, Transaction, TemplateCategory, TransactionTemplate, RecurrentTransaction, \
-    MembershipTransaction, SpecialTransaction, NoteSpecial, Alias
+from django.utils import timezone
 from permission.models import Role

+from ..api.views import AliasViewSet, ConsumerViewSet, NotePolymorphicViewSet, TemplateCategoryViewSet,\
+    TransactionTemplateViewSet, TransactionViewSet
+from ..models import NoteUser, Transaction, TemplateCategory, TransactionTemplate, RecurrentTransaction, \
+    MembershipTransaction, SpecialTransaction, NoteSpecial, Alias, Note
+

 class TestTransactions(TestCase):
    fixtures = ('initial', )
@ -297,8 +302,8 @@ class TestTransactions(TestCase):

    def test_render_search_transactions(self):
        response = self.client.get(reverse("note:transactions", args=(self.user.note.pk,)), data=dict(
-            source=self.second_user.note.alias_set.first().id,
-            destination=self.user.note.alias_set.first().id,
+            source=self.second_user.note.alias.first().id,
+            destination=self.user.note.alias.first().id,
            type=[ContentType.objects.get_for_model(Transaction).id],
            reason="test",
            valid=True,
@ -363,3 +368,69 @@ class TestTransactions(TestCase):
        self.assertTrue(Alias.objects.filter(name="test_updated_alias").exists())
        response = self.client.delete("/api/note/alias/" + str(alias.pk) + "/")
        self.assertEqual(response.status_code, 204)
+
+
+class TestNoteAPI(TestAPI):
+    def setUp(self) -> None:
+        super().setUp()
+
+        membership = Membership.objects.create(club=Club.objects.get(name="BDE"), user=self.user)
+        membership.roles.add(Role.objects.get(name="Respo info"))
+        membership.save()
+        Membership.objects.create(club=Club.objects.get(name="Kfet"), user=self.user)
+        self.user.note.last_negative = timezone.now()
+        self.user.note.save()
+
+        self.transaction = Transaction.objects.create(
+            source=Note.objects.first(),
+            destination=self.user.note,
+            amount=4200,
+            reason="Test transaction",
+        )
+        self.user.note.refresh_from_db()
+        Alias.objects.create(note=self.user.note, name="I am a ¢omplex alias")
+
+        self.category = TemplateCategory.objects.create(name="Test")
+        self.template = TransactionTemplate.objects.create(
+            name="Test",
+            destination=Club.objects.get(name="BDE").note,
+            category=self.category,
+            amount=100,
+            description="Test template",
+        )
+
+    def test_alias_api(self):
+        """
+        Load Alias API page and test all filters and permissions
+        """
+        self.check_viewset(AliasViewSet, "/api/note/alias/")
+
+    def test_consumer_api(self):
+        """
+        Load Consumer API page and test all filters and permissions
+        """
+        self.check_viewset(ConsumerViewSet, "/api/note/consumer/")
+
+    def test_note_api(self):
+        """
+        Load Note API page and test all filters and permissions
+        """
+        self.check_viewset(NotePolymorphicViewSet, "/api/note/note/")
+
+    def test_template_category_api(self):
+        """
+        Load TemplateCategory API page and test all filters and permissions
+        """
+        self.check_viewset(TemplateCategoryViewSet, "/api/note/transaction/category/")
+
+    def test_transaction_template_api(self):
+        """
+        Load TemplateTemplate API page and test all filters and permissions
+        """
+        self.check_viewset(TransactionTemplateViewSet, "/api/note/transaction/template/")
+
+    def test_transaction_api(self):
+        """
+        Load Transaction API page and test all filters and permissions
+        """
+        self.check_viewset(TransactionViewSet, "/api/note/transaction/transaction/")
--- a/apps/note/urls.py
+++ b/apps/note/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.urls import path
--- a/apps/note/views.py
+++ b/apps/note/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import json
--- a/apps/permission/init.py
+++ b/apps/permission/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'permission.apps.PermissionConfig'
--- a/apps/permission/admin.py
+++ b/apps/permission/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-lateré

 from django.contrib import admin
--- a/apps/permission/api/serializers.py
+++ b/apps/permission/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/permission/api/urls.py
+++ b/apps/permission/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import PermissionViewSet, RoleViewSet
--- a/apps/permission/api/views.py
+++ b/apps/permission/api/views.py
@ -1,8 +1,9 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

-from django_filters.rest_framework import DjangoFilterBackend
 from api.viewsets import ReadOnlyProtectedModelViewSet
+from django_filters.rest_framework import DjangoFilterBackend
+from rest_framework.filters import SearchFilter

 from .serializers import PermissionSerializer, RoleSerializer
 from ..models import Permission, Role
@ -14,10 +15,11 @@ class PermissionViewSet(ReadOnlyProtectedModelViewSet):
    The djangorestframework plugin will get all `Permission` objects, serialize it to JSON with the given serializer,
    then render it on /api/permission/permission/
    """
-    queryset = Permission.objects.all()
+    queryset = Permission.objects.order_by('id')
    serializer_class = PermissionSerializer
-    filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['model', 'type', ]
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['model', 'type', 'query', 'mask', 'field', 'permanent', ]
+    search_fields = ['$model__name', '$query', '$description', ]


 class RoleViewSet(ReadOnlyProtectedModelViewSet):
@ -26,7 +28,8 @@ class RoleViewSet(ReadOnlyProtectedModelViewSet):
    The djangorestframework plugin will get all `RolePermission` objects, serialize it to JSON with the given serializer
    then render it on /api/permission/roles/
    """
-    queryset = Role.objects.all()
+    queryset = Role.objects.order_by('id')
    serializer_class = RoleSerializer
-    filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['role', ]
+    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filterset_fields = ['name', 'permissions', 'for_club', 'memberships__user', ]
+    search_fields = ['$name', '$for_club__name', ]
--- a/apps/permission/apps.py
+++ b/apps/permission/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import date
@ -134,8 +134,6 @@ class PermissionBackend(ModelBackend):
            return False

        sess = get_current_session()
-        if sess is not None and sess.session_key is None:
-            return False

        if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42:
            return True
--- a/apps/permission/decorators.py
+++ b/apps/permission/decorators.py
@ -1,6 +1,6 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-
+import sys
 from functools import lru_cache
 from time import time

@ -38,6 +38,10 @@ def memoize(f):

        nonlocal last_collect

+        if "test" in sys.argv:
+            # In a test environment, don't memoize permissions
+            return f(*args, **kwargs)
+
        if time() - last_collect > 60:
            # Clear cache
            collect()
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@ -799,12 +799,12 @@
 				"member",
 				"membership"
 			],
-			"query": "{\"club\": [\"club\"]}",
+			"query": "{}",
 			"type": "change",
 			"mask": 3,
 			"field": "roles",
 			"permanent": false,
-			"description": "Modifier les rôles d'un adhérent d'un club"
+			"description": "Modifier les rôles d'une adhésion"
 		}
 	},
 	{
@ -819,7 +819,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "",
-			"permanent": false,
+			"permanent": true,
 			"description": "Modifier son profil"
 		}
 	},
@ -2081,7 +2081,7 @@
 			],
 			"query": "{}",
 			"type": "change",
-			"mask": 1,
+			"mask": 2,
 			"field": "invalidity_reason",
 			"permanent": false,
 			"description": "Modifier la raison d'invalidité d'une transaction"
@ -2807,6 +2807,70 @@
 			"description": "Voir ses propres alias, pour toujours"
 		}
 	},
+	{
+		"model": "permission.permission",
+		"pk": 180,
+		"fields": {
+			"model": [
+				"auth",
+				"user"
+			],
+			"query": "{\"profile__registration_valid\": false}",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Voir n'importe quel utilisateur non encore inscrit"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 181,
+		"fields": {
+			"model": [
+				"member",
+				"profile"
+			],
+			"query": "{\"registration_valid\": false}",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Voir n'importe quel profil non encore inscrit"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 182,
+		"fields": {
+			"model": [
+				"auth",
+				"user"
+			],
+			"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
+			"type": "view",
+			"mask": 2,
+			"field": "",
+			"permanent": false,
+			"description": "Voir n'importe quel utilisateur qui est adhérent BDE"
+		}
+	},
+	{
+		"model": "permission.permission",
+		"pk": 183,
+		"fields": {
+			"model": [
+				"note",
+				"note"
+			],
+			"query": "{}",
+			"type": "change",
+			"mask": 1,
+			"field": "display_image",
+			"permanent": false,
+			"description": "Changer l'image de n'importe quelle note"
+		}
+	},
 	{
 		"model": "permission.role",
 		"pk": 1,
@ -2939,14 +3003,14 @@
 				62,
 				127,
 				133,
-				135,
 				136,
 				141,
 				142,
 				150,
 				166,
 				167,
-				168
+				168,
+				182
 			]
 		}
 	},
@ -2960,7 +3024,9 @@
 				24,
 				25,
 				26,
-				27
+				27,
+				30,
+				33
 			]
 		}
 	},
@ -3022,7 +3088,8 @@
 				175,
 				176,
 				177,
-				178
+				178,
+				183
 			]
 		}
 	},
@ -3205,7 +3272,12 @@
 				175,
 				176,
 				177,
-				178
+				178,
+				179,
+				180,
+				181,
+				182,
+				183
 			]
 		}
 	},
@ -3239,7 +3311,12 @@
 				170,
 				171,
 				176,
-				177
+				177,
+				178,
+				179,
+				180,
+				181,
+				182
 			]
 		}
 	},
@ -3402,7 +3479,6 @@
 				135,
 				136,
 				137,
-				138,
 				139,
 				140,
 				143,
@ -3415,6 +3491,41 @@
 			]
 		}
 	},
+	{
+		"model": "permission.role",
+		"pk": 20,
+		"fields": {
+			"for_club": 2,
+			"name": "PC Kfet",
+			"permissions": [
+				6,
+				22,
+				24,
+				25,
+				26,
+				27,
+				30,
+				49,
+				50,
+				55,
+				56,
+				57,
+				58,
+				135,
+				137,
+				143,
+				147,
+				150,
+				166,
+				167,
+				168,
+				176,
+				177,
+				180,
+				181
+			]
+		}
+	},
 	{
 		"model": "wei.weirole",
 		"pk": 12,
--- a/apps/permission/models.py
+++ b/apps/permission/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import functools
@ -45,6 +45,7 @@ class InstancedPermission:
                with transaction.atomic():
                    sid = transaction.savepoint()
                    for o in self.model.model_class().objects.filter(pk=0).all():
+                        o._no_signal = True
                        o._force_delete = True
                        Model.delete(o)
                        # An object with pk 0 wouldn't deleted. That's not normal, we alert admins.
@ -62,10 +63,6 @@ class InstancedPermission:
                    obj._no_signal = True
                    Model.save(obj, force_insert=True)
                    ret = self.model.model_class().objects.filter(self.query & Q(pk=0)).exists()
-                    # Delete testing object
-                    obj._no_signal = True
-                    obj._force_delete = True
-                    Model.delete(obj)
                    transaction.savepoint_rollback(sid)

                return ret
--- a/Show More
+++ b/Show More