decidim-admin 0.11.2 → 0.12.0.pre

data/app/controllers/decidim/admin/areas_controller.rb

@@ -9,17 +9,17 @@ module Decidim
       helper_method :area, :organization_areas
 
       def index
-        authorize! :index, Area
+        enforce_permission_to :read, :area
         @areas = organization_areas
       end
 
       def new
-        authorize! :new, Area
+        enforce_permission_to :create, :area
         @form = form(AreaForm).instance
       end
 
       def create
-        authorize! :new, Area
+        enforce_permission_to :create, :area
         @form = form(AreaForm).from_params(params)
         CreateArea.call(@form) do
           on(:ok) do
@@ -35,12 +35,12 @@ module Decidim
       end
 
       def edit
-        authorize! :update, area
+        enforce_permission_to :update, :area, area: area
         @form = form(AreaForm).from_model(area)
       end
 
       def update
-        authorize! :update, area
+        enforce_permission_to :update, :area, area: area
         @form = form(AreaForm).from_params(params)
 
         UpdateArea.call(area, @form) do
@@ -57,7 +57,7 @@ module Decidim
       end
 
       def destroy
-        authorize! :destroy, area
+        enforce_permission_to :destroy, :area, area: area
 
         DestroyArea.call(area, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/authorization_workflows_controller.rb

@@ -6,7 +6,7 @@ module Decidim
       layout "decidim/admin/users"
 
       def index
-        authorize! :index, :authorization_workflows
+        enforce_permission_to :index, :authorization_workflows
 
         @workflows = Decidim::Verifications.admin_workflows
       end

data/app/controllers/decidim/admin/categories_controller.rb

@@ -9,16 +9,16 @@ module Decidim
       participatory_space_admin_layout
 
       def index
-        authorize! :read, Decidim::Category
+        enforce_permission_to :read, :category
       end
 
       def new
-        authorize! :create, Decidim::Category
+        enforce_permission_to :create, :category
         @form = form(CategoryForm).from_params({}, current_participatory_space: current_participatory_space)
       end
 
       def create
-        authorize! :create, Decidim::Category
+        enforce_permission_to :create, :category
         @form = form(CategoryForm).from_params(params, current_participatory_space: current_participatory_space)
 
         CreateCategory.call(@form, current_participatory_space) do
@@ -36,13 +36,13 @@ module Decidim
 
       def edit
         @category = collection.find(params[:id])
-        authorize! :update, @category
+        enforce_permission_to :update, :category, category: @category
         @form = form(CategoryForm).from_model(@category, current_participatory_space: current_participatory_space)
       end
 
       def update
         @category = collection.find(params[:id])
-        authorize! :update, @category
+        enforce_permission_to :update, :category, category: @category
         @form = form(CategoryForm).from_params(params, current_participatory_space: current_participatory_space)
 
         UpdateCategory.call(@category, @form) do
@@ -60,12 +60,12 @@ module Decidim
 
       def show
         @category = collection.find(params[:id])
-        authorize! :read, @category
+        enforce_permission_to :read, :category, category: @category
       end
 
       def destroy
         @category = collection.find(params[:id])
-        authorize! :destroy, @category
+        enforce_permission_to :destroy, :category, category: @category
 
         DestroyCategory.call(@category) do
           on(:ok) do

data/app/controllers/decidim/admin/component_permissions_controller.rb

@@ -5,17 +5,17 @@ module Decidim
     # Controller that allows managing component permissions.
     #
     class ComponentPermissionsController < Decidim::Admin::ApplicationController
-      helper_method :authorizations, :component
+      helper_method :authorizations, :other_authorizations_for, :component
 
       def edit
-        authorize! :update, component
+        enforce_permission_to :update, :component, component: component
         @permissions_form = PermissionsForm.new(
           permissions: permission_forms
         )
       end
 
       def update
-        authorize! :update, component
+        enforce_permission_to :update, :component, component: component
         @permissions_form = PermissionsForm.from_params(params)
 
         UpdateComponentPermissions.call(@permissions_form, component) do
@@ -33,12 +33,10 @@ module Decidim
       private
 
       def permission_forms
-        permissions = component.permissions || {}
-
-        @permission_forms ||= component.manifest.actions.inject({}) do |result, action|
+        component.manifest.actions.inject({}) do |result, action|
           form = PermissionForm.new(
-            authorization_handler_name: permissions.dig(action, "authorization_handler_name"),
-            options: permissions.dig(action, "options").try(:to_json)
+            authorization_handler_name: authorization_for(action),
+            options: permissions.dig(action, "options")
           )
 
           result.update(action => form)
@@ -51,9 +49,23 @@ module Decidim
         )
       end
 
+      def other_authorizations_for(action)
+        Verifications::Adapter.from_collection(
+          current_organization.available_authorizations - [authorization_for(action)]
+        )
+      end
+
       def component
         @component ||= current_participatory_space.components.find(params[:component_id])
       end
+
+      def permissions
+        @permissions ||= component.permissions || {}
+      end
+
+      def authorization_for(action)
+        permissions.dig(action, "authorization_handler_name")
+      end
     end
   end
 end

data/app/controllers/decidim/admin/components/base_controller.rb

@@ -6,10 +6,10 @@ module Decidim
       # This controller is the abstract class from which all component
       # controllers in their admin engines should inherit from.
       class BaseController < Admin::ApplicationController
-        skip_authorize_resource
         include Settings
 
         include Decidim::Admin::ParticipatorySpaceAdminContext
+        include Decidim::NeedsPermission
         participatory_space_admin_layout
 
         helper Decidim::ResourceHelper
@@ -21,11 +21,27 @@ module Decidim
                       :parent_path
 
         before_action except: [:index, :show] do
-          authorize! :manage, current_component
+          enforce_permission_to :manage, :component, component: current_component
         end
 
         before_action on: [:index, :show] do
-          authorize! :read, current_component
+          enforce_permission_to :read, :component, component: current_component
+        end
+
+        def permissions_context
+          super.merge(participatory_space: current_participatory_space)
+        end
+
+        def permission_class_chain
+          [
+            current_component.manifest.permissions_class,
+            current_participatory_space.manifest.permissions_class,
+            Decidim::Admin::Permissions
+          ]
+        end
+
+        def permission_scope
+          :admin
         end
 
         def current_component

data/app/controllers/decidim/admin/components_controller.rb

@@ -9,13 +9,13 @@ module Decidim
       helper_method :manifest, :current_participatory_space
 
       def index
-        authorize! :read, Component
+        enforce_permission_to :read, :component
         @manifests = Decidim.component_manifests
         @components = current_participatory_space.components
       end
 
       def new
-        authorize! :create, Component
+        enforce_permission_to :create, :component
 
         @component = Component.new(
           name: default_name(manifest),
@@ -28,7 +28,7 @@ module Decidim
 
       def create
         @form = form(ComponentForm).from_params(params)
-        authorize! :create, Component
+        enforce_permission_to :create, :component
 
         CreateComponent.call(manifest, @form, current_participatory_space) do
           on(:ok) do
@@ -45,7 +45,7 @@ module Decidim
 
       def edit
         @component = query_scope.find(params[:id])
-        authorize! :update, @component
+        enforce_permission_to :update, :component, component: @component
 
         @form = form(ComponentForm).from_model(@component)
       end
@@ -53,7 +53,7 @@ module Decidim
       def update
         @component = query_scope.find(params[:id])
         @form = form(ComponentForm).from_params(params)
-        authorize! :update, @component
+        enforce_permission_to :update, :component, component: @component
 
         UpdateComponent.call(@form, @component) do
           on(:ok) do |settings_changed, previous_settings, current_settings|
@@ -72,7 +72,7 @@ module Decidim
 
       def destroy
         @component = query_scope.find(params[:id])
-        authorize! :destroy, @component
+        enforce_permission_to :destroy, :component, component: @component
 
         DestroyComponent.call(@component, current_user) do
           on(:ok) do
@@ -89,7 +89,7 @@ module Decidim
 
       def publish
         @component = query_scope.find(params[:id])
-        authorize! :update, @component
+        enforce_permission_to :publish, :component, component: @component
 
         PublishComponent.call(@component, current_user) do
           on(:ok) do
@@ -101,7 +101,7 @@ module Decidim
 
       def unpublish
         @component = query_scope.find(params[:id])
-        authorize! :update, @component
+        enforce_permission_to :unpublish, :component, component: @component
 
         UnpublishComponent.call(@component, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/concerns/has_attachment_collections.rb

@@ -13,22 +13,22 @@ module Decidim
         extend ActiveSupport::Concern
 
         included do
-          helper_method :collection_for, :authorization_object
+          helper_method :collection_for, :attachment_collection
 
           def index
-            authorize! :read, authorization_object
+            enforce_permission_to :read, :attachment_collection
 
             render template: "decidim/admin/attachment_collections/index"
           end
 
           def new
-            authorize! :create, authorization_object
+            enforce_permission_to :create, :attachment_collection
             @form = form(AttachmentCollectionForm).from_params({}, collection_for: collection_for)
             render template: "decidim/admin/attachment_collections/new"
           end
 
           def create
-            authorize! :create, authorization_object
+            enforce_permission_to :create, :attachment_collection
             @form = form(AttachmentCollectionForm).from_params(params, collection_for: collection_for)
 
             CreateAttachmentCollection.call(@form, collection_for) do
@@ -46,14 +46,14 @@ module Decidim
 
           def edit
             @attachment_collection = collection.find(params[:id])
-            authorize! :update, authorization_object
+            enforce_permission_to :update, :attachment_collection, attachment_collection: @attachment_collection
             @form = form(AttachmentCollectionForm).from_model(@attachment_collection, collection_for: collection_for)
             render template: "decidim/admin/attachment_collections/edit"
           end
 
           def update
             @attachment_collection = collection.find(params[:id])
-            authorize! :update, authorization_object
+            enforce_permission_to :update, :attachment_collection, attachment_collection: @attachment_collection
             @form = form(AttachmentCollectionForm).from_params(params, collection_for: collection_for)
 
             UpdateAttachmentCollection.call(@attachment_collection, @form) do
@@ -71,13 +71,13 @@ module Decidim
 
           def show
             @attachment_collection = collection.find(params[:id])
-            authorize! :read, authorization_object
+            enforce_permission_to :read, :attachment_collection, attachment_collection: @attachment_collection
             render template: "decidim/admin/attachment_collections/show"
           end
 
           def destroy
             @attachment_collection = collection.find(params[:id])
-            authorize! :destroy, authorization_object
+            enforce_permission_to :destroy, :attachment_collection, attachment_collection: @attachment_collection
             @attachment_collection.destroy!
 
             flash[:notice] = I18n.t("attachment_collections.destroy.success", scope: "decidim.admin")

data/app/controllers/decidim/admin/concerns/has_attachments.rb

@@ -13,22 +13,22 @@ module Decidim
         extend ActiveSupport::Concern
 
         included do
-          helper_method :attached_to, :authorization_object
+          helper_method :attached_to, :attachment
 
           def index
-            authorize! :read, authorization_object
+            enforce_permission_to :read, :attachment, attached_to: attached_to
 
             render template: "decidim/admin/attachments/index"
           end
 
           def new
-            authorize! :create, authorization_object
+            enforce_permission_to :create, :attachment, attached_to: attached_to
             @form = form(AttachmentForm).from_params({}, attached_to: attached_to)
             render template: "decidim/admin/attachments/new"
           end
 
           def create
-            authorize! :create, authorization_object
+            enforce_permission_to :create, :attachment, attached_to: attached_to
             @form = form(AttachmentForm).from_params(params, attached_to: attached_to)
 
             CreateAttachment.call(@form, attached_to) do
@@ -46,14 +46,14 @@ module Decidim
 
           def edit
             @attachment = collection.find(params[:id])
-            authorize! :update, authorization_object
+            enforce_permission_to :update, :attachment, attachment: attachment
             @form = form(AttachmentForm).from_model(@attachment, attached_to: attached_to)
             render template: "decidim/admin/attachments/edit"
           end
 
           def update
             @attachment = collection.find(params[:id])
-            authorize! :update, authorization_object
+            enforce_permission_to :update, :attachment, attachment: attachment
             @form = form(AttachmentForm).from_params(attachment_params, attached_to: attached_to)
 
             UpdateAttachment.call(@attachment, @form) do
@@ -71,13 +71,13 @@ module Decidim
 
           def show
             @attachment = collection.find(params[:id])
-            authorize! :read, authorization_object
+            enforce_permission_to :read, :attachment, attachment: attachment
             render template: "decidim/admin/attachments/show"
           end
 
           def destroy
             @attachment = collection.find(params[:id])
-            authorize! :destroy, authorization_object
+            enforce_permission_to :destroy, :attachment, attachment: attachment
             @attachment.destroy!
 
             flash[:notice] = I18n.t("attachments.destroy.success", scope: "decidim.admin")
@@ -103,7 +103,7 @@ module Decidim
           # verify the user can manage the attachments
           #
           # By default is the same as the attached_to.
-          def authorization_object
+          def attachment
             attached_to
           end
 
@@ -111,6 +111,8 @@ module Decidim
             @collection ||= attached_to.attachments
           end
 
+          attr_reader :attachment
+
           private
 
           def attachment_params

data/app/controllers/decidim/admin/concerns/has_private_users.rb

@@ -16,19 +16,19 @@ module Decidim
           helper_method :privatable_to, :authorization_object, :collection
 
           def index
-            authorize! :read, authorization_object
+            enforce_permission_to :read, :space_private_user
 
             render template: "decidim/admin/participatory_space_private_users/index"
           end
 
           def new
-            authorize! :create, authorization_object
+            enforce_permission_to :create, :space_private_user
             @form = form(ParticipatorySpacePrivateUserForm).from_params({}, privatable_to: privatable_to)
             render template: "decidim/admin/participatory_space_private_users/new"
           end
 
           def create
-            authorize! :create, authorization_object
+            enforce_permission_to :create, :space_private_user
             @form = form(ParticipatorySpacePrivateUserForm).from_params(params, privatable_to: privatable_to)
 
             CreateParticipatorySpacePrivateUser.call(@form, current_user, current_participatory_space) do
@@ -46,7 +46,7 @@ module Decidim
 
           def destroy
             @private_user = collection.find(params[:id])
-            authorize! :destroy, authorization_object
+            enforce_permission_to :destroy, :space_private_user, private_user: @private_user
             @private_user.destroy!
 
             flash[:notice] = I18n.t("participatory_space_private_users.destroy.success", scope: "decidim.admin")
@@ -56,7 +56,7 @@ module Decidim
 
           def resend_invitation
             @private_user = collection.find(params[:id])
-            authorize! :invite, authorization_object
+            enforce_permission_to :invite, :space_private_user, private_user: @private_user
             InviteUserAgain.call(@private_user.user, "invite_private_user") do
               on(:ok) do
                 flash[:notice] = I18n.t("users.resend_invitation.success", scope: "decidim.admin")