decidim-admin 0.11.2 → 0.12.0.pre
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of decidim-admin might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/app/assets/javascripts/decidim/admin/application.js.es6 +5 -1
- data/app/assets/javascripts/decidim/admin/bundle.js +47 -0
- data/app/assets/javascripts/decidim/admin/bundle.js.map +1 -0
- data/app/assets/javascripts/decidim/admin/component_permissions.js.es6 +13 -0
- data/app/assets/javascripts/decidim/admin/managed_users.js.es6 +2 -1
- data/app/assets/javascripts/decidim/admin/subform_toggler.component.js.es6 +14 -7
- data/app/assets/stylesheets/decidim/admin/_decidim.scss +2 -0
- data/app/assets/stylesheets/decidim/admin/bundle.scss +1 -0
- data/app/assets/stylesheets/decidim/admin/components/_autocomplete_select.component.scss +13 -0
- data/app/assets/stylesheets/decidim/admin/modules/_secondary-nav.scss +3 -2
- data/app/assets/stylesheets/decidim/admin/modules/_table-list.scss +7 -0
- data/app/commands/decidim/admin/create_static_page.rb +7 -1
- data/app/commands/decidim/admin/update_component_permissions.rb +9 -3
- data/app/commands/decidim/admin/update_organization_tos_version.rb +47 -0
- data/app/commands/decidim/admin/update_static_page.rb +5 -0
- data/app/constraints/decidim/admin/organization_dashboard_constraint.rb +6 -3
- data/app/controllers/concerns/decidim/admin/participatory_space_admin_context.rb +2 -2
- data/app/controllers/decidim/admin/application_controller.rb +14 -5
- data/app/controllers/decidim/admin/area_types_controller.rb +6 -6
- data/app/controllers/decidim/admin/areas_controller.rb +6 -6
- data/app/controllers/decidim/admin/authorization_workflows_controller.rb +1 -1
- data/app/controllers/decidim/admin/categories_controller.rb +7 -7
- data/app/controllers/decidim/admin/component_permissions_controller.rb +20 -8
- data/app/controllers/decidim/admin/components/base_controller.rb +19 -3
- data/app/controllers/decidim/admin/components_controller.rb +8 -8
- data/app/controllers/decidim/admin/concerns/has_attachment_collections.rb +8 -8
- data/app/controllers/decidim/admin/concerns/has_attachments.rb +11 -9
- data/app/controllers/decidim/admin/concerns/has_private_users.rb +5 -5
- data/app/controllers/decidim/admin/dashboard_controller.rb +4 -2
- data/app/controllers/decidim/admin/exports_controller.rb +1 -1
- data/app/controllers/decidim/admin/impersonatable_users_controller.rb +7 -1
- data/app/controllers/decidim/admin/impersonations_controller.rb +2 -4
- data/app/controllers/decidim/admin/logs_controller.rb +4 -2
- data/app/controllers/decidim/admin/managed_users/impersonation_logs_controller.rb +0 -2
- data/app/controllers/decidim/admin/managed_users/promotions_controller.rb +2 -2
- data/app/controllers/decidim/admin/moderations_controller.rb +4 -4
- data/app/controllers/decidim/admin/newsletters_controller.rb +9 -9
- data/app/controllers/decidim/admin/oauth_applications_controller.rb +7 -7
- data/app/controllers/decidim/admin/officializations_controller.rb +4 -5
- data/app/controllers/decidim/admin/organization_appearance_controller.rb +2 -2
- data/app/controllers/decidim/admin/organization_controller.rb +21 -2
- data/app/controllers/decidim/admin/scope_types_controller.rb +6 -6
- data/app/controllers/decidim/admin/scopes_controller.rb +7 -7
- data/app/controllers/decidim/admin/static_pages_controller.rb +16 -7
- data/app/controllers/decidim/admin/user_groups_controller.rb +3 -3
- data/app/controllers/decidim/admin/users_controller.rb +5 -5
- data/app/forms/decidim/admin/managed_user_promotion_form.rb +1 -1
- data/app/forms/decidim/admin/permission_form.rb +12 -15
- data/app/forms/decidim/admin/static_page_form.rb +1 -0
- data/app/frontend/components/autocomplete.component.test.tsx +19 -0
- data/app/frontend/components/autocomplete.component.tsx +169 -0
- data/app/frontend/entry.ts +17 -0
- data/app/frontend/entry_test.ts +4 -0
- data/app/helpers/decidim/admin/application_helper.rb +0 -4
- data/app/permissions/decidim/admin/permissions.rb +161 -0
- data/app/permissions/decidim/admin/user_manager_permissions.rb +66 -0
- data/app/views/decidim/admin/area_types/index.html.erb +8 -4
- data/app/views/decidim/admin/areas/index.html.erb +6 -3
- data/app/views/decidim/admin/attachment_collections/index.html.erb +3 -3
- data/app/views/decidim/admin/attachment_collections/show.html.erb +2 -2
- data/app/views/decidim/admin/attachments/index.html.erb +3 -3
- data/app/views/decidim/admin/attachments/show.html.erb +2 -2
- data/app/views/decidim/admin/categories/index.html.erb +5 -5
- data/app/views/decidim/admin/categories/show.html.erb +2 -2
- data/app/views/decidim/admin/component_permissions/_options_form.html.erb +14 -0
- data/app/views/decidim/admin/component_permissions/edit.html.erb +37 -16
- data/app/views/decidim/admin/components/_component.html.erb +6 -4
- data/app/views/decidim/admin/components/_form.html.erb +6 -6
- data/app/views/decidim/admin/dashboard/show.html.erb +1 -1
- data/app/views/decidim/admin/impersonatable_users/index.html.erb +5 -3
- data/app/views/decidim/admin/moderations/index.html.erb +2 -2
- data/app/views/decidim/admin/newsletters/index.html.erb +5 -3
- data/app/views/decidim/admin/newsletters/show.html.erb +1 -1
- data/app/views/decidim/admin/oauth_applications/index.html.erb +5 -3
- data/app/views/decidim/admin/participatory_space_private_users/index.html.erb +3 -3
- data/app/views/decidim/admin/scope_types/index.html.erb +5 -3
- data/app/views/decidim/admin/scopes/index.html.erb +4 -4
- data/app/views/decidim/admin/static_pages/_form.html.erb +3 -1
- data/app/views/decidim/admin/static_pages/_form_notable_changes.html.erb +9 -0
- data/app/views/decidim/admin/static_pages/index.html.erb +11 -3
- data/app/views/decidim/admin/static_pages/show.html.erb +2 -2
- data/app/views/decidim/admin/user_groups/index.html.erb +2 -2
- data/app/views/decidim/admin/users/index.html.erb +5 -3
- data/app/views/layouts/decidim/admin/_application.html.erb +0 -1
- data/app/views/layouts/decidim/admin/_template_top.html.erb +1 -0
- data/app/views/layouts/decidim/admin/users.html.erb +4 -4
- data/config/locales/ca.yml +8 -0
- data/config/locales/en.yml +8 -0
- data/config/locales/es.yml +8 -0
- data/config/locales/eu.yml +8 -0
- data/config/locales/fi.yml +8 -0
- data/config/locales/fr.yml +8 -0
- data/config/locales/gl.yml +8 -0
- data/config/locales/it.yml +8 -0
- data/config/locales/nl.yml +8 -0
- data/config/locales/pl.yml +8 -0
- data/config/locales/pt-BR.yml +8 -0
- data/config/locales/pt.yml +8 -0
- data/config/locales/ru.yml +11 -3
- data/config/locales/sv.yml +8 -0
- data/config/locales/uk.yml +8 -0
- data/config/routes.rb +5 -1
- data/lib/decidim/admin.rb +1 -0
- data/lib/decidim/admin/engine.rb +17 -20
- data/lib/decidim/admin/form_builder.rb +64 -0
- data/lib/decidim/admin/test/manage_component_permissions_examples.rb +92 -15
- data/lib/decidim/admin/version.rb +1 -1
- metadata +25 -17
- data/app/models/decidim/admin/abilities/admin_ability.rb +0 -76
- data/app/models/decidim/admin/abilities/base_ability.rb +0 -21
- data/app/models/decidim/admin/abilities/participatory_process_admin_ability.rb +0 -58
- data/app/models/decidim/admin/abilities/participatory_process_collaborator_ability.rb +0 -19
- data/app/models/decidim/admin/abilities/participatory_process_moderator_ability.rb +0 -23
- data/app/models/decidim/admin/abilities/user_manager_ability.rb +0 -34
- data/app/models/decidim/admin/application_record.rb +0 -11
@@ -9,17 +9,17 @@ module Decidim
|
|
9
9
|
helper_method :area, :organization_areas
|
10
10
|
|
11
11
|
def index
|
12
|
-
|
12
|
+
enforce_permission_to :read, :area
|
13
13
|
@areas = organization_areas
|
14
14
|
end
|
15
15
|
|
16
16
|
def new
|
17
|
-
|
17
|
+
enforce_permission_to :create, :area
|
18
18
|
@form = form(AreaForm).instance
|
19
19
|
end
|
20
20
|
|
21
21
|
def create
|
22
|
-
|
22
|
+
enforce_permission_to :create, :area
|
23
23
|
@form = form(AreaForm).from_params(params)
|
24
24
|
CreateArea.call(@form) do
|
25
25
|
on(:ok) do
|
@@ -35,12 +35,12 @@ module Decidim
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def edit
|
38
|
-
|
38
|
+
enforce_permission_to :update, :area, area: area
|
39
39
|
@form = form(AreaForm).from_model(area)
|
40
40
|
end
|
41
41
|
|
42
42
|
def update
|
43
|
-
|
43
|
+
enforce_permission_to :update, :area, area: area
|
44
44
|
@form = form(AreaForm).from_params(params)
|
45
45
|
|
46
46
|
UpdateArea.call(area, @form) do
|
@@ -57,7 +57,7 @@ module Decidim
|
|
57
57
|
end
|
58
58
|
|
59
59
|
def destroy
|
60
|
-
|
60
|
+
enforce_permission_to :destroy, :area, area: area
|
61
61
|
|
62
62
|
DestroyArea.call(area, current_user) do
|
63
63
|
on(:ok) do
|
@@ -9,16 +9,16 @@ module Decidim
|
|
9
9
|
participatory_space_admin_layout
|
10
10
|
|
11
11
|
def index
|
12
|
-
|
12
|
+
enforce_permission_to :read, :category
|
13
13
|
end
|
14
14
|
|
15
15
|
def new
|
16
|
-
|
16
|
+
enforce_permission_to :create, :category
|
17
17
|
@form = form(CategoryForm).from_params({}, current_participatory_space: current_participatory_space)
|
18
18
|
end
|
19
19
|
|
20
20
|
def create
|
21
|
-
|
21
|
+
enforce_permission_to :create, :category
|
22
22
|
@form = form(CategoryForm).from_params(params, current_participatory_space: current_participatory_space)
|
23
23
|
|
24
24
|
CreateCategory.call(@form, current_participatory_space) do
|
@@ -36,13 +36,13 @@ module Decidim
|
|
36
36
|
|
37
37
|
def edit
|
38
38
|
@category = collection.find(params[:id])
|
39
|
-
|
39
|
+
enforce_permission_to :update, :category, category: @category
|
40
40
|
@form = form(CategoryForm).from_model(@category, current_participatory_space: current_participatory_space)
|
41
41
|
end
|
42
42
|
|
43
43
|
def update
|
44
44
|
@category = collection.find(params[:id])
|
45
|
-
|
45
|
+
enforce_permission_to :update, :category, category: @category
|
46
46
|
@form = form(CategoryForm).from_params(params, current_participatory_space: current_participatory_space)
|
47
47
|
|
48
48
|
UpdateCategory.call(@category, @form) do
|
@@ -60,12 +60,12 @@ module Decidim
|
|
60
60
|
|
61
61
|
def show
|
62
62
|
@category = collection.find(params[:id])
|
63
|
-
|
63
|
+
enforce_permission_to :read, :category, category: @category
|
64
64
|
end
|
65
65
|
|
66
66
|
def destroy
|
67
67
|
@category = collection.find(params[:id])
|
68
|
-
|
68
|
+
enforce_permission_to :destroy, :category, category: @category
|
69
69
|
|
70
70
|
DestroyCategory.call(@category) do
|
71
71
|
on(:ok) do
|
@@ -5,17 +5,17 @@ module Decidim
|
|
5
5
|
# Controller that allows managing component permissions.
|
6
6
|
#
|
7
7
|
class ComponentPermissionsController < Decidim::Admin::ApplicationController
|
8
|
-
helper_method :authorizations, :component
|
8
|
+
helper_method :authorizations, :other_authorizations_for, :component
|
9
9
|
|
10
10
|
def edit
|
11
|
-
|
11
|
+
enforce_permission_to :update, :component, component: component
|
12
12
|
@permissions_form = PermissionsForm.new(
|
13
13
|
permissions: permission_forms
|
14
14
|
)
|
15
15
|
end
|
16
16
|
|
17
17
|
def update
|
18
|
-
|
18
|
+
enforce_permission_to :update, :component, component: component
|
19
19
|
@permissions_form = PermissionsForm.from_params(params)
|
20
20
|
|
21
21
|
UpdateComponentPermissions.call(@permissions_form, component) do
|
@@ -33,12 +33,10 @@ module Decidim
|
|
33
33
|
private
|
34
34
|
|
35
35
|
def permission_forms
|
36
|
-
|
37
|
-
|
38
|
-
@permission_forms ||= component.manifest.actions.inject({}) do |result, action|
|
36
|
+
component.manifest.actions.inject({}) do |result, action|
|
39
37
|
form = PermissionForm.new(
|
40
|
-
authorization_handler_name:
|
41
|
-
options: permissions.dig(action, "options")
|
38
|
+
authorization_handler_name: authorization_for(action),
|
39
|
+
options: permissions.dig(action, "options")
|
42
40
|
)
|
43
41
|
|
44
42
|
result.update(action => form)
|
@@ -51,9 +49,23 @@ module Decidim
|
|
51
49
|
)
|
52
50
|
end
|
53
51
|
|
52
|
+
def other_authorizations_for(action)
|
53
|
+
Verifications::Adapter.from_collection(
|
54
|
+
current_organization.available_authorizations - [authorization_for(action)]
|
55
|
+
)
|
56
|
+
end
|
57
|
+
|
54
58
|
def component
|
55
59
|
@component ||= current_participatory_space.components.find(params[:component_id])
|
56
60
|
end
|
61
|
+
|
62
|
+
def permissions
|
63
|
+
@permissions ||= component.permissions || {}
|
64
|
+
end
|
65
|
+
|
66
|
+
def authorization_for(action)
|
67
|
+
permissions.dig(action, "authorization_handler_name")
|
68
|
+
end
|
57
69
|
end
|
58
70
|
end
|
59
71
|
end
|
@@ -6,10 +6,10 @@ module Decidim
|
|
6
6
|
# This controller is the abstract class from which all component
|
7
7
|
# controllers in their admin engines should inherit from.
|
8
8
|
class BaseController < Admin::ApplicationController
|
9
|
-
skip_authorize_resource
|
10
9
|
include Settings
|
11
10
|
|
12
11
|
include Decidim::Admin::ParticipatorySpaceAdminContext
|
12
|
+
include Decidim::NeedsPermission
|
13
13
|
participatory_space_admin_layout
|
14
14
|
|
15
15
|
helper Decidim::ResourceHelper
|
@@ -21,11 +21,27 @@ module Decidim
|
|
21
21
|
:parent_path
|
22
22
|
|
23
23
|
before_action except: [:index, :show] do
|
24
|
-
|
24
|
+
enforce_permission_to :manage, :component, component: current_component
|
25
25
|
end
|
26
26
|
|
27
27
|
before_action on: [:index, :show] do
|
28
|
-
|
28
|
+
enforce_permission_to :read, :component, component: current_component
|
29
|
+
end
|
30
|
+
|
31
|
+
def permissions_context
|
32
|
+
super.merge(participatory_space: current_participatory_space)
|
33
|
+
end
|
34
|
+
|
35
|
+
def permission_class_chain
|
36
|
+
[
|
37
|
+
current_component.manifest.permissions_class,
|
38
|
+
current_participatory_space.manifest.permissions_class,
|
39
|
+
Decidim::Admin::Permissions
|
40
|
+
]
|
41
|
+
end
|
42
|
+
|
43
|
+
def permission_scope
|
44
|
+
:admin
|
29
45
|
end
|
30
46
|
|
31
47
|
def current_component
|
@@ -9,13 +9,13 @@ module Decidim
|
|
9
9
|
helper_method :manifest, :current_participatory_space
|
10
10
|
|
11
11
|
def index
|
12
|
-
|
12
|
+
enforce_permission_to :read, :component
|
13
13
|
@manifests = Decidim.component_manifests
|
14
14
|
@components = current_participatory_space.components
|
15
15
|
end
|
16
16
|
|
17
17
|
def new
|
18
|
-
|
18
|
+
enforce_permission_to :create, :component
|
19
19
|
|
20
20
|
@component = Component.new(
|
21
21
|
name: default_name(manifest),
|
@@ -28,7 +28,7 @@ module Decidim
|
|
28
28
|
|
29
29
|
def create
|
30
30
|
@form = form(ComponentForm).from_params(params)
|
31
|
-
|
31
|
+
enforce_permission_to :create, :component
|
32
32
|
|
33
33
|
CreateComponent.call(manifest, @form, current_participatory_space) do
|
34
34
|
on(:ok) do
|
@@ -45,7 +45,7 @@ module Decidim
|
|
45
45
|
|
46
46
|
def edit
|
47
47
|
@component = query_scope.find(params[:id])
|
48
|
-
|
48
|
+
enforce_permission_to :update, :component, component: @component
|
49
49
|
|
50
50
|
@form = form(ComponentForm).from_model(@component)
|
51
51
|
end
|
@@ -53,7 +53,7 @@ module Decidim
|
|
53
53
|
def update
|
54
54
|
@component = query_scope.find(params[:id])
|
55
55
|
@form = form(ComponentForm).from_params(params)
|
56
|
-
|
56
|
+
enforce_permission_to :update, :component, component: @component
|
57
57
|
|
58
58
|
UpdateComponent.call(@form, @component) do
|
59
59
|
on(:ok) do |settings_changed, previous_settings, current_settings|
|
@@ -72,7 +72,7 @@ module Decidim
|
|
72
72
|
|
73
73
|
def destroy
|
74
74
|
@component = query_scope.find(params[:id])
|
75
|
-
|
75
|
+
enforce_permission_to :destroy, :component, component: @component
|
76
76
|
|
77
77
|
DestroyComponent.call(@component, current_user) do
|
78
78
|
on(:ok) do
|
@@ -89,7 +89,7 @@ module Decidim
|
|
89
89
|
|
90
90
|
def publish
|
91
91
|
@component = query_scope.find(params[:id])
|
92
|
-
|
92
|
+
enforce_permission_to :publish, :component, component: @component
|
93
93
|
|
94
94
|
PublishComponent.call(@component, current_user) do
|
95
95
|
on(:ok) do
|
@@ -101,7 +101,7 @@ module Decidim
|
|
101
101
|
|
102
102
|
def unpublish
|
103
103
|
@component = query_scope.find(params[:id])
|
104
|
-
|
104
|
+
enforce_permission_to :unpublish, :component, component: @component
|
105
105
|
|
106
106
|
UnpublishComponent.call(@component, current_user) do
|
107
107
|
on(:ok) do
|
@@ -13,22 +13,22 @@ module Decidim
|
|
13
13
|
extend ActiveSupport::Concern
|
14
14
|
|
15
15
|
included do
|
16
|
-
helper_method :collection_for, :
|
16
|
+
helper_method :collection_for, :attachment_collection
|
17
17
|
|
18
18
|
def index
|
19
|
-
|
19
|
+
enforce_permission_to :read, :attachment_collection
|
20
20
|
|
21
21
|
render template: "decidim/admin/attachment_collections/index"
|
22
22
|
end
|
23
23
|
|
24
24
|
def new
|
25
|
-
|
25
|
+
enforce_permission_to :create, :attachment_collection
|
26
26
|
@form = form(AttachmentCollectionForm).from_params({}, collection_for: collection_for)
|
27
27
|
render template: "decidim/admin/attachment_collections/new"
|
28
28
|
end
|
29
29
|
|
30
30
|
def create
|
31
|
-
|
31
|
+
enforce_permission_to :create, :attachment_collection
|
32
32
|
@form = form(AttachmentCollectionForm).from_params(params, collection_for: collection_for)
|
33
33
|
|
34
34
|
CreateAttachmentCollection.call(@form, collection_for) do
|
@@ -46,14 +46,14 @@ module Decidim
|
|
46
46
|
|
47
47
|
def edit
|
48
48
|
@attachment_collection = collection.find(params[:id])
|
49
|
-
|
49
|
+
enforce_permission_to :update, :attachment_collection, attachment_collection: @attachment_collection
|
50
50
|
@form = form(AttachmentCollectionForm).from_model(@attachment_collection, collection_for: collection_for)
|
51
51
|
render template: "decidim/admin/attachment_collections/edit"
|
52
52
|
end
|
53
53
|
|
54
54
|
def update
|
55
55
|
@attachment_collection = collection.find(params[:id])
|
56
|
-
|
56
|
+
enforce_permission_to :update, :attachment_collection, attachment_collection: @attachment_collection
|
57
57
|
@form = form(AttachmentCollectionForm).from_params(params, collection_for: collection_for)
|
58
58
|
|
59
59
|
UpdateAttachmentCollection.call(@attachment_collection, @form) do
|
@@ -71,13 +71,13 @@ module Decidim
|
|
71
71
|
|
72
72
|
def show
|
73
73
|
@attachment_collection = collection.find(params[:id])
|
74
|
-
|
74
|
+
enforce_permission_to :read, :attachment_collection, attachment_collection: @attachment_collection
|
75
75
|
render template: "decidim/admin/attachment_collections/show"
|
76
76
|
end
|
77
77
|
|
78
78
|
def destroy
|
79
79
|
@attachment_collection = collection.find(params[:id])
|
80
|
-
|
80
|
+
enforce_permission_to :destroy, :attachment_collection, attachment_collection: @attachment_collection
|
81
81
|
@attachment_collection.destroy!
|
82
82
|
|
83
83
|
flash[:notice] = I18n.t("attachment_collections.destroy.success", scope: "decidim.admin")
|
@@ -13,22 +13,22 @@ module Decidim
|
|
13
13
|
extend ActiveSupport::Concern
|
14
14
|
|
15
15
|
included do
|
16
|
-
helper_method :attached_to, :
|
16
|
+
helper_method :attached_to, :attachment
|
17
17
|
|
18
18
|
def index
|
19
|
-
|
19
|
+
enforce_permission_to :read, :attachment, attached_to: attached_to
|
20
20
|
|
21
21
|
render template: "decidim/admin/attachments/index"
|
22
22
|
end
|
23
23
|
|
24
24
|
def new
|
25
|
-
|
25
|
+
enforce_permission_to :create, :attachment, attached_to: attached_to
|
26
26
|
@form = form(AttachmentForm).from_params({}, attached_to: attached_to)
|
27
27
|
render template: "decidim/admin/attachments/new"
|
28
28
|
end
|
29
29
|
|
30
30
|
def create
|
31
|
-
|
31
|
+
enforce_permission_to :create, :attachment, attached_to: attached_to
|
32
32
|
@form = form(AttachmentForm).from_params(params, attached_to: attached_to)
|
33
33
|
|
34
34
|
CreateAttachment.call(@form, attached_to) do
|
@@ -46,14 +46,14 @@ module Decidim
|
|
46
46
|
|
47
47
|
def edit
|
48
48
|
@attachment = collection.find(params[:id])
|
49
|
-
|
49
|
+
enforce_permission_to :update, :attachment, attachment: attachment
|
50
50
|
@form = form(AttachmentForm).from_model(@attachment, attached_to: attached_to)
|
51
51
|
render template: "decidim/admin/attachments/edit"
|
52
52
|
end
|
53
53
|
|
54
54
|
def update
|
55
55
|
@attachment = collection.find(params[:id])
|
56
|
-
|
56
|
+
enforce_permission_to :update, :attachment, attachment: attachment
|
57
57
|
@form = form(AttachmentForm).from_params(attachment_params, attached_to: attached_to)
|
58
58
|
|
59
59
|
UpdateAttachment.call(@attachment, @form) do
|
@@ -71,13 +71,13 @@ module Decidim
|
|
71
71
|
|
72
72
|
def show
|
73
73
|
@attachment = collection.find(params[:id])
|
74
|
-
|
74
|
+
enforce_permission_to :read, :attachment, attachment: attachment
|
75
75
|
render template: "decidim/admin/attachments/show"
|
76
76
|
end
|
77
77
|
|
78
78
|
def destroy
|
79
79
|
@attachment = collection.find(params[:id])
|
80
|
-
|
80
|
+
enforce_permission_to :destroy, :attachment, attachment: attachment
|
81
81
|
@attachment.destroy!
|
82
82
|
|
83
83
|
flash[:notice] = I18n.t("attachments.destroy.success", scope: "decidim.admin")
|
@@ -103,7 +103,7 @@ module Decidim
|
|
103
103
|
# verify the user can manage the attachments
|
104
104
|
#
|
105
105
|
# By default is the same as the attached_to.
|
106
|
-
def
|
106
|
+
def attachment
|
107
107
|
attached_to
|
108
108
|
end
|
109
109
|
|
@@ -111,6 +111,8 @@ module Decidim
|
|
111
111
|
@collection ||= attached_to.attachments
|
112
112
|
end
|
113
113
|
|
114
|
+
attr_reader :attachment
|
115
|
+
|
114
116
|
private
|
115
117
|
|
116
118
|
def attachment_params
|
@@ -16,19 +16,19 @@ module Decidim
|
|
16
16
|
helper_method :privatable_to, :authorization_object, :collection
|
17
17
|
|
18
18
|
def index
|
19
|
-
|
19
|
+
enforce_permission_to :read, :space_private_user
|
20
20
|
|
21
21
|
render template: "decidim/admin/participatory_space_private_users/index"
|
22
22
|
end
|
23
23
|
|
24
24
|
def new
|
25
|
-
|
25
|
+
enforce_permission_to :create, :space_private_user
|
26
26
|
@form = form(ParticipatorySpacePrivateUserForm).from_params({}, privatable_to: privatable_to)
|
27
27
|
render template: "decidim/admin/participatory_space_private_users/new"
|
28
28
|
end
|
29
29
|
|
30
30
|
def create
|
31
|
-
|
31
|
+
enforce_permission_to :create, :space_private_user
|
32
32
|
@form = form(ParticipatorySpacePrivateUserForm).from_params(params, privatable_to: privatable_to)
|
33
33
|
|
34
34
|
CreateParticipatorySpacePrivateUser.call(@form, current_user, current_participatory_space) do
|
@@ -46,7 +46,7 @@ module Decidim
|
|
46
46
|
|
47
47
|
def destroy
|
48
48
|
@private_user = collection.find(params[:id])
|
49
|
-
|
49
|
+
enforce_permission_to :destroy, :space_private_user, private_user: @private_user
|
50
50
|
@private_user.destroy!
|
51
51
|
|
52
52
|
flash[:notice] = I18n.t("participatory_space_private_users.destroy.success", scope: "decidim.admin")
|
@@ -56,7 +56,7 @@ module Decidim
|
|
56
56
|
|
57
57
|
def resend_invitation
|
58
58
|
@private_user = collection.find(params[:id])
|
59
|
-
|
59
|
+
enforce_permission_to :invite, :space_private_user, private_user: @private_user
|
60
60
|
InviteUserAgain.call(@private_user.user, "invite_private_user") do
|
61
61
|
on(:ok) do
|
62
62
|
flash[:notice] = I18n.t("users.resend_invitation.success", scope: "decidim.admin")
|