linters

Fix de views.py et tests de permissions
Fix des tests de apps/wei
2025-07-22 16:56:48 +02:00 · 2025-05-28 16:31:03 +02:00 · 2025-05-28 16:04:19 +02:00 · 2025-05-28 15:37:37 +02:00 · 2025-05-27 18:56:49 +02:00 · 2025-05-26 18:15:51 +02:00
14 changed files with 6635 additions and 2177 deletions
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@ -3998,6 +3998,54 @@
            "description": "Créer une transaction de ou vers la note d'un club tant que la source reste au dessus de -50 €"
        }
    },
+    {
+        "model": "permission.permission",
+        "pk": 271,
+        "fields": {
+            "model": [
+                "wei",
+                "bus"
+            ],
+            "query": "{\"wei\": [\"club\"]}",
+            "type": "change",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Modifier n'importe quel bus du wei"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 272,
+        "fields": {
+            "model": [
+                "wei",
+                "bus"
+            ],
+            "query": "{\"wei\": [\"club\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir tous les bus du wei"
+        }
+    },
+    {
+        "model": "permission.permission",
+        "pk": 273,
+        "fields": {
+            "model": [
+                "wei",
+                "busteam"
+            ],
+            "query": "{\"bus__wei\": [\"club\"], \"bus__wei__membership_end__gte\": [\"today\"]}",
+            "type": "view",
+            "mask": 3,
+            "field": "",
+            "permanent": false,
+            "description": "Voir toutes les équipes WEI"
+        }
+    },
    {
        "model": "permission.role",
        "pk": 1,
@ -4382,7 +4430,10 @@
                112,
                113,
                128,
-                130
+                130,
+                271,
+                272,
+                273
            ]
        }
    },
--- a/apps/permission/tests/test_permission_denied.py
+++ b/apps/permission/tests/test_permission_denied.py
@ -10,7 +10,7 @@ from django.utils import timezone
 from django.utils.crypto import get_random_string
 from activity.models import Activity
 from member.models import Club, Membership
-from note.models import NoteUser
+from note.models import NoteUser, NoteClub
 from wei.models import WEIClub, Bus, WEIRegistration


@ -122,10 +122,13 @@ class TestPermissionDenied(TestCase):

    def test_validate_weiregistration(self):
        wei = WEIClub.objects.create(
+            name="WEI Test",
            membership_start=date.today(),
            date_start=date.today() + timedelta(days=1),
            date_end=date.today() + timedelta(days=1),
+            parent_club=Club.objects.get(name="Kfet"),
        )
+        NoteClub.objects.create(club=wei)
        registration = WEIRegistration.objects.create(wei=wei, user=self.user, birth_date="2000-01-01")
        response = self.client.get(reverse("wei:validate_registration", kwargs=dict(pk=registration.pk)))
        self.assertEqual(response.status_code, 403)
--- a/apps/wei/forms/registration.py
+++ b/apps/wei/forms/registration.py
@ -39,7 +39,11 @@ class WEIRegistrationForm(forms.ModelForm):

    class Meta:
        model = WEIRegistration
-        exclude = ('wei', 'clothing_cut')
+        fields = [
+            'user', 'soge_credit', 'birth_date', 'gender', 'clothing_size',
+            'health_issues', 'emergency_contact_name', 'emergency_contact_phone',
+            'first_year', 'information_json', 'caution_check'
+        ]
        widgets = {
            "user": Autocomplete(
                User,
@ -49,8 +53,14 @@ class WEIRegistrationForm(forms.ModelForm):
                    'placeholder': 'Nom ...',
                },
            ),
-            "birth_date": DatePickerInput(options={'minDate': '1900-01-01',
-                                                   'maxDate': '2100-01-01'}),
+            "birth_date": DatePickerInput(options={
+                'minDate': '1900-01-01',
+                'maxDate': '2100-01-01'
+            }),
+            "caution_check": forms.BooleanField(
+                label=_("I confirm that I have read the caution and that I am aware of the risks involved."),
+                required=False,
+            ),
        }


@ -81,11 +91,6 @@ class WEIChooseBusForm(forms.Form):


 class WEIMembershipForm(forms.ModelForm):
-    caution_check = forms.BooleanField(
-        required=False,
-        label=_("Caution check given"),
-    )
-
    roles = forms.ModelMultipleChoiceField(
        queryset=WEIRole.objects,
        label=_("WEI Roles"),
@ -194,3 +199,4 @@ class BusTeamForm(forms.ModelForm):
            ),
            "color": ColorWidget(),
        }
+        # "color": ColorWidget(),
--- a/apps/wei/migrations/0011_alter_weiclub_year.py
+++ b/apps/wei/migrations/0011_alter_weiclub_year.py
@ -0,0 +1,18 @@
+# Generated by Django 4.2.21 on 2025-05-25 12:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('wei', '0010_remove_weiregistration_specific_diet'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='weiclub',
+            name='year',
+            field=models.PositiveIntegerField(default=2025, unique=True, verbose_name='year'),
+        ),
+    ]
--- a/apps/wei/tables.py
+++ b/apps/wei/tables.py
@ -98,7 +98,7 @@ class WEIRegistrationTable(tables.Table):
        if not hasperm:
            return format_html("<span class='no-perm'></span>")

-        url = reverse_lazy('wei:validate_registration', args=(record.pk,))
+        url = reverse_lazy('wei:wei_update_registration', args=(record.pk,)) + '?validate=true'
        text = _('Validate')
        if record.fee > record.user.note.balance and not record.soge_credit:
            btn_class = 'btn-secondary'
--- a/apps/wei/templates/wei/busteam_detail.html
+++ b/apps/wei/templates/wei/busteam_detail.html
@ -18,6 +18,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
    <div class="card-footer text-center">
        <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:update_bus' pk=bus.pk %}"
            data-turbolinks="false">{% trans "Edit" %}</a>
+        <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:manage_bus' pk=bus.pk %}"
+            data-turbolinks="false">{% trans "View" %}</a>
        <a class="btn btn-primary btn-sm my-1" href="{% url 'wei:add_team' pk=bus.pk %}"
            data-turbolinks="false">{% trans "Add team" %}</a>
    </div>
--- a/apps/wei/templates/wei/busteam_form.html
+++ b/apps/wei/templates/wei/busteam_form.html
@ -13,9 +13,17 @@ SPDX-License-Identifier: GPL-3.0-or-later
    <div class="card-body">
        <form method="post">
            {% csrf_token %}
+            {{ form.media }} 
            {{ form|crispy }}
            <button class="btn btn-primary" type="submit">{% trans "Submit" %}</button>
        </form>
    </div>
 </div>
+<script>
+    document.addEventListener("DOMContentLoaded", function () {
+        if (window.jscolor && jscolor.install) {
+            jscolor.install();
+        }
+    });
+</script>
 {% endblock %}
--- a/apps/wei/tests/test_wei_registration.py
+++ b/apps/wei/tests/test_wei_registration.py
@ -510,7 +510,7 @@ class TestWEIRegistration(TestCase):
        )
        qs = WEIRegistration.objects.filter(user_id=self.user.id, soge_credit=False, clothing_size="M")
        self.assertTrue(qs.exists())
-        self.assertRedirects(response, reverse("wei:validate_registration", kwargs=dict(pk=qs.get().pk)), 302, 200)
+        self.assertRedirects(response, reverse("wei:wei_detail", kwargs=dict(pk=qs.get().wei.pk)), 302, 200)

        # Check the page when the registration is already validated
        membership = WEIMembership(
@ -564,7 +564,7 @@ class TestWEIRegistration(TestCase):
        )
        qs = WEIRegistration.objects.filter(user_id=self.user.id, clothing_size="L")
        self.assertTrue(qs.exists())
-        self.assertRedirects(response, reverse("wei:validate_registration", kwargs=dict(pk=qs.get().pk)), 302, 200)
+        self.assertRedirects(response, reverse("wei:wei_detail", kwargs=dict(pk=qs.get().wei.pk)), 302, 200)

        # Test invalid form
        response = self.client.post(
@ -632,6 +632,7 @@ class TestWEIRegistration(TestCase):
            last_name="admin",
            first_name="admin",
            bank="Société générale",
+            caution_check=True,
        ))
        self.assertEqual(response.status_code, 200)
        self.assertFalse(response.context["form"].is_valid())
@ -646,8 +647,10 @@ class TestWEIRegistration(TestCase):
            last_name="admin",
            first_name="admin",
            bank="Société générale",
+            caution_check=True,
        ))
        self.assertRedirects(response, reverse("wei:wei_registrations", kwargs=dict(pk=self.registration.wei.pk)), 302, 200)
+
        # Check if the membership is successfully created
        membership = WEIMembership.objects.filter(user_id=self.user.id, club=self.wei)
        self.assertTrue(membership.exists())
--- a/apps/wei/views.py
+++ b/apps/wei/views.py
@ -4,16 +4,18 @@
 import os
 import shutil
 import subprocess
-from datetime import date, timedelta
+from datetime import date
 from tempfile import mkdtemp

 from django.conf import settings
+from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.db.models import Q, Count
 from django.db.models.functions.text import Lower
+from django import forms
 from django.http import HttpResponse, Http404
 from django.shortcuts import redirect
 from django.template.loader import render_to_string
@ -441,6 +443,10 @@ class BusTeamCreateView(ProtectQuerysetMixin, ProtectedCreateView):
        self.object.refresh_from_db()
        return reverse_lazy("wei:manage_bus_team", kwargs={"pk": self.object.pk})

+    def get_template_names(self):
+        names = super().get_template_names()
+        return names
+

 class BusTeamUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
    """
@ -473,6 +479,10 @@ class BusTeamUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
        self.object.refresh_from_db()
        return reverse_lazy("wei:manage_bus_team", kwargs={"pk": self.object.pk})

+    def get_template_names(self):
+        names = super().get_template_names()
+        return names
+

 class BusTeamManageView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
    """
@ -546,9 +556,15 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
    def get_form(self, form_class=None):
        form = super().get_form(form_class)
        form.fields["user"].initial = self.request.user
+
+        # Cacher les champs pendant l'inscription initiale
+        if "first_year" in form.fields:
            del form.fields["first_year"]
+        if "caution_check" in form.fields:
            del form.fields["caution_check"]
+        if "information_json" in form.fields:
            del form.fields["information_json"]
+
        return form

    @transaction.atomic
@ -644,8 +660,12 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
            form.fields["soge_credit"].disabled = True
            form.fields["soge_credit"].help_text = _("You already opened an account in the Société générale.")

-        del form.fields["caution_check"]
+        # Cacher les champs pendant l'inscription initiale
+        if "first_year" in form.fields:
            del form.fields["first_year"]
+        if "caution_check" in form.fields:
+            del form.fields["caution_check"]
+        if "information_json" in form.fields:
            del form.fields["information_json"]

        return form
@ -702,11 +722,15 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
        # We can't update a registration once the WEI is started and before the membership start date
        if today >= wei.date_start or today < wei.membership_start:
            return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
+        # Store the validate parameter in the view's state
+        self.should_validate = request.GET.get('validate', False)
        return super().dispatch(request, *args, **kwargs)

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        context["club"] = self.object.wei
+        # Pass the validate parameter to the template
+        context["should_validate"] = self.should_validate

        if self.object.is_validated:
            membership_form = self.get_membership_form(instance=self.object.membership,
@ -740,6 +764,9 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
        # The auto-json-format may cause issues with the default field remove
        if not PermissionBackend.check_perm(self.request, 'wei.change_weiregistration_information_json', self.object):
            del form.fields["information_json"]
+        # Masquer le champ caution_check pour tout le monde dans le formulaire de modification
+        if "caution_check" in form.fields:
+            del form.fields["caution_check"]
        return form

    def get_membership_form(self, data=None, instance=None):
@ -759,10 +786,30 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
    def form_valid(self, form):
        # If the membership is already validated, then we update the bus and the team (and the roles)
        if form.instance.is_validated:
-            membership_form = self.get_membership_form(self.request.POST, form.instance.membership)
+            try:
+                membership = form.instance.membership
+                if membership is None:
+                    raise ValueError(_("No membership found for this registration"))
+
+                membership_form = self.get_membership_form(self.request.POST, instance=membership)
                if not membership_form.is_valid():
                    return self.form_invalid(form)
+
+                # Vérifier que l'utilisateur a la permission de modifier le membership
+                # On vérifie d'abord si l'utilisateur a la permission générale de modification
+                if not self.request.user.has_perm("wei.change_weimembership"):
+                    raise PermissionDenied(_("You don't have the permission to update memberships"))
+
+                # On vérifie ensuite les permissions spécifiques pour chaque champ modifié
+                for field_name in membership_form.changed_data:
+                    perm = f"wei.change_weimembership_{field_name}"
+                    if not self.request.user.has_perm(perm):
+                        raise PermissionDenied(_("You don't have the permission to update the field %(field)s") % {'field': field_name})
+
                membership_form.save()
+            except (WEIMembership.DoesNotExist, ValueError, PermissionDenied) as e:
+                form.add_error(None, str(e))
+                return self.form_invalid(form)
        # If it is not validated and if this is an old member, then we update the choices
        elif not form.instance.first_year and PermissionBackend.check_perm(
                self.request, "wei.change_weiregistration_information_json", self.object):
@ -787,14 +834,8 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
            survey = CurrentSurvey(self.object)
            if not survey.is_complete():
                return reverse_lazy("wei:wei_survey", kwargs={"pk": self.object.pk})
-        if PermissionBackend.check_perm(self.request, "wei.add_weimembership", WEIMembership(
-            club=self.object.wei,
-            user=self.object.user,
-            date_start=date.today(),
-            date_end=date.today(),
-            fee=0,
-            registration=self.object,
-        )):
+        # On redirige vers la validation uniquement si c'est explicitement demandé (et stocké dans la vue)
+        if self.should_validate and self.request.user.has_perm("wei.add_weimembership"):
            return reverse_lazy("wei:validate_registration", kwargs={"pk": self.object.pk})
        return reverse_lazy("wei:wei_detail", kwargs={"pk": self.object.wei.pk})

@ -836,18 +877,22 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
    extra_context = {"title": _("Validate WEI registration")}

    def get_sample_object(self):
+        """
+        Return a sample object for permission checking
+        """
        registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
        return WEIMembership(
-            club=registration.wei,
            user=registration.user,
-            date_start=date.today(),
-            date_end=date.today() + timedelta(days=1),
-            fee=0,
+            club=registration.wei,
+            date_start=registration.wei.date_start,
+            # Add any fields needed for proper permission checking
            registration=registration,
        )

    def dispatch(self, request, *args, **kwargs):
-        wei = WEIRegistration.objects.get(pk=self.kwargs["pk"]).wei
+        registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
+
+        wei = registration.wei
        today = date.today()
        # We can't validate anyone once the WEI is started and before the membership start date
        if today >= wei.date_start or today < wei.membership_start:
@ -900,8 +945,14 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
        form.fields["last_name"].initial = registration.user.last_name
        form.fields["first_name"].initial = registration.user.first_name

-        if "caution_check" in form.fields:
-            form.fields["caution_check"].initial = registration.caution_check
+        # Ajouter le champ caution_check uniquement pour les non-première année et le rendre obligatoire
+        if not registration.first_year:
+            form.fields["caution_check"] = forms.BooleanField(
+                required=True,
+                initial=registration.caution_check,
+                label=_("Caution check given"),
+                help_text=_("Please make sure the check is given before validating the registration")
+            )

        if registration.soge_credit:
            form.fields["credit_type"].disabled = True
@ -1289,8 +1340,22 @@ class WEIAttributeBus1ANextView(LoginRequiredMixin, RedirectView):
        if not wei.exists():
            raise Http404
        wei = wei.get()
-        qs = WEIRegistration.objects.filter(wei=wei, membership__isnull=False, membership__bus__isnull=True)
-        qs = qs.filter(information_json__contains='selected_bus_pk')  # not perfect, but works...
-        if qs.exists():
-            return reverse_lazy('wei:wei_bus_1A', args=(qs.first().pk, ))
-        return reverse_lazy('wei:wei_1A_list', args=(wei.pk, ))
+
+        # On cherche d'abord les 1A qui ont une inscription validée (membership) mais pas de bus
+        qs = WEIRegistration.objects.filter(
+            wei=wei,
+            first_year=True,
+            membership__isnull=False,
+            membership__bus__isnull=True
+        )
+
+        # Parmi eux, on prend ceux qui ont répondu au questionnaire (ont un bus préféré)
+        qs = qs.filter(information_json__contains='selected_bus_pk')
+
+        if not qs.exists():
+            # Si on ne trouve personne, on affiche un message et on retourne à la liste
+            messages.info(self.request, _("No first year student without a bus found. Either all of them have a bus, or none has filled the survey yet."))
+            return reverse_lazy('wei:wei_1A_list', args=(wei.pk,))
+
+        # On redirige vers la page d'attribution pour le premier étudiant trouvé
+        return reverse_lazy('wei:wei_bus_1A', args=(qs.first().pk,))
--- a/locale/de/LC_MESSAGES/django.po
+++ b/locale/de/LC_MESSAGES/django.po
--- a/locale/es/LC_MESSAGES/django.po
+++ b/locale/es/LC_MESSAGES/django.po
--- a/locale/fr/LC_MESSAGES/django.po
+++ b/locale/fr/LC_MESSAGES/django.po
--- a/note_kfet/inputs.py
+++ b/note_kfet/inputs.py
@ -63,8 +63,16 @@ class ColorWidget(Widget):
    def format_value(self, value):
        if value is None:
            value = 0xFFFFFF
+        if isinstance(value, str):
+            return value  # Assume it's already a hex string like "#FFAA33"
+        try:
            return "#{:06X}".format(value)
+        except Exception:
+            return "#FFFFFF"
+

    def value_from_datadict(self, data, files, name):
        val = super().value_from_datadict(data, files, name)
+        if val:
            return int(val[1:], 16)
+        return None
--- a/note_kfet/templates/colorfield/color.html
+++ b/note_kfet/templates/colorfield/color.html
@ -0,0 +1,5 @@
+<input type="text"
+       name="{{ widget.name }}"
+       value="{{ widget.value }}"
+       class="jscolor"
+       {% include "django/forms/widgets/attrs.html" %}>
Author	SHA1	Message	Date
Ehouarn	02453e07ba	linters	2025-05-28 16:31:03 +02:00
Ehouarn	4479e8f97a	Fix de views.py et tests de permissions	2025-05-28 16:04:19 +02:00
Ehouarn	a351415494	Fix des tests de apps/wei	2025-05-28 15:37:37 +02:00
Ehouarn	16cfaa809a	Fix de la plupart des bugs	2025-05-27 18:56:49 +02:00
Ehouarn	f2cd0b6d36	Merge branch 'wei' of gitlab.crans.org:bde/nk20 into wei	2025-05-26 18:15:51 +02:00
ehouarn	a2e2ff5fa9	Merge branch 'main' into 'wei' Main See merge request bde/nk20!319	2025-05-26 17:51:33 +02:00
Ehouarn	53d0480a12	Ajout de permissions	2025-05-26 17:29:34 +02:00
ehouarn	ff812a028c	Merge branch 'darbonne' into 'main' Darbonne See merge request bde/nk20!318	2025-05-26 16:47:03 +02:00
Ehouarn	136f636fda	Fix de l'ajout d'équipe, le ColorWidget était défaillant	2025-05-25 23:31:09 +02:00
ehouarn	e88dbfd597	Merge branch 'darbonne' into 'main' Faute de frappe See merge request bde/nk20!317	2025-05-23 23:57:18 +02:00