RubyGems - decidim-admin - Versions diffs - 0.11.2 → 0.12.0.pre - Mend

decidim-admin 0.11.2 → 0.12.0.pre

Potentially problematic release.

This version of decidim-admin might be problematic. Click here for more details.

Files changed (116) hide show

data/app/controllers/decidim/admin/dashboard_controller.rb CHANGED

@@ -5,10 +5,12 @@ module Decidim
     # Controller that shows a simple dashboard.
     #
     class DashboardController < Decidim::Admin::ApplicationController
-      authorize_resource :admin_dashboard, class: false
       helper_method :latest_action_logs
+      def show
+        enforce_permission_to :read, :admin_dashboard
+      end
       private
       def latest_action_logs

data/app/controllers/decidim/admin/exports_controller.rb CHANGED

@@ -7,7 +7,7 @@ module Decidim
       include Decidim::ComponentPathHelper
       def create
-        authorize! :manage, component
+        enforce_permission_to :export, :component_data, component: component
         name = params[:id]
         ExportJob.perform_later(current_user, component, name, params[:format] || default_format)

data/app/controllers/decidim/admin/impersonatable_users_controller.rb CHANGED

@@ -8,8 +8,10 @@ module Decidim
     class ImpersonatableUsersController < Decidim::Admin::ApplicationController
       layout "decidim/admin/users"
+      helper_method :new_managed_user
       def index
-        authorize! :index, :impersonatable_users
+        enforce_permission_to :index, :impersonatable_user
         @query = params[:q]
         @state = params[:state]
@@ -24,6 +26,10 @@ module Decidim
       def collection
         @collection ||= current_organization.users.where(admin: false, roles: [])
       end
+      def new_managed_user
+        Decidim::User.new(managed: true, admin: false, roles: [])
+      end
     end
   end
 end

data/app/controllers/decidim/admin/impersonations_controller.rb CHANGED

@@ -11,10 +11,8 @@ module Decidim
                     :other_available_authorizations,
                     :creating_managed_user?
-      skip_authorization_check only: [:close_session]
       def new
-        authorize! :impersonate, user
+        enforce_permission_to :impersonate, :impersonatable_user, user: user
         @form = form(ImpersonateUserForm).from_params(
           user: user,
@@ -27,7 +25,7 @@ module Decidim
       end
       def create
-        authorize! :impersonate, user
+        enforce_permission_to :impersonate, :impersonatable_user, user: user
         @form = form(ImpersonateUserForm).from_params(
           user: user,

data/app/controllers/decidim/admin/logs_controller.rb CHANGED

@@ -5,10 +5,12 @@ module Decidim
     # Controller that shows a simple dashboard.
     #
     class LogsController < Decidim::Admin::ApplicationController
-      authorize_resource :admin_log, class: false
       helper_method :logs
+      def index
+        enforce_permission_to :read, :admin_log
+      end
       private
       def logs

data/app/controllers/decidim/admin/managed_users/impersonation_logs_controller.rb CHANGED

@@ -8,8 +8,6 @@ module Decidim
       class ImpersonationLogsController < Decidim::Admin::ApplicationController
         layout "decidim/admin/users"
-        skip_authorization_check
         def index
           @impersonation_logs = Decidim::ImpersonationLog.where(user: user).order(started_at: :desc).page(params[:page]).per(15)
         end

data/app/controllers/decidim/admin/managed_users/promotions_controller.rb CHANGED

@@ -9,12 +9,12 @@ module Decidim
         layout "decidim/admin/users"
         def new
-          authorize! :promote, user
+          enforce_permission_to :promote, :managed_user, user: user
           @form = form(ManagedUserPromotionForm).instance
         end
         def create
-          authorize! :promote, user
+          enforce_permission_to :promote, :managed_user, user: user
           @form = form(ManagedUserPromotionForm).from_params(params)
           PromoteManagedUser.call(@form, user, current_user) do

data/app/controllers/decidim/admin/moderations_controller.rb CHANGED

@@ -4,14 +4,14 @@ module Decidim
   module Admin
     # This controller allows admins to manage moderations in a participatory process.
     class ModerationsController < Decidim::Admin::ApplicationController
-      helper_method :moderations
+      helper_method :moderations, :allowed_to?
       def index
-        authorize! :read, Decidim::Moderation
+        enforce_permission_to :read, :moderation
       end
       def unreport
-        authorize! :unreport, reportable
+        enforce_permission_to :unreport, :moderation
         Admin::UnreportResource.call(reportable, current_user) do
           on(:ok) do
@@ -27,7 +27,7 @@ module Decidim
       end
       def hide
-        authorize! :hide, reportable
+        enforce_permission_to :hide, :moderation
         Admin::HideResource.call(reportable, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/newsletters_controller.rb CHANGED

@@ -7,24 +7,24 @@ module Decidim
       include Decidim::NewslettersHelper
       def index
-        authorize! :index, Newsletter
+        enforce_permission_to :read, :newsletter
         @newsletters = collection.order(Newsletter.arel_table[:created_at].desc)
       end
       def new
-        authorize! :create, Newsletter
+        enforce_permission_to :create, :newsletter
         @form = form(NewsletterForm).instance
       end
       def show
         @newsletter = collection.find(params[:id])
         @email = NewsletterMailer.newsletter(current_user, @newsletter)
-        authorize! :read, @newsletter
+        enforce_permission_to :read, :newsletter, newsletter: @newsletter
       end
       def preview
         @newsletter = collection.find(params[:id])
-        authorize! :read, @newsletter
+        enforce_permission_to :read, :newsletter, newsletter: @newsletter
         email = NewsletterMailer.newsletter(current_user, @newsletter)
         Premailer::Rails::Hook.perform(email)
@@ -32,7 +32,7 @@ module Decidim
       end
       def create
-        authorize! :create, Newsletter
+        enforce_permission_to :create, :newsletter
         @form = form(NewsletterForm).from_params(params)
         CreateNewsletter.call(@form, current_user) do
@@ -51,13 +51,13 @@ module Decidim
       def edit
         @newsletter = collection.find(params[:id])
-        authorize! :update, @newsletter
+        enforce_permission_to :update, :newsletter, newsletter: @newsletter
         @form = form(NewsletterForm).from_model(@newsletter)
       end
       def update
         @newsletter = collection.find(params[:id])
-        authorize! :update, Newsletter
+        enforce_permission_to :update, :newsletter, newsletter: @newsletter
         @form = form(NewsletterForm).from_params(params)
         UpdateNewsletter.call(@newsletter, @form, current_user) do
@@ -76,7 +76,7 @@ module Decidim
       def destroy
         @newsletter = collection.find(params[:id])
-        authorize! :destroy, @newsletter
+        enforce_permission_to :destroy, :newsletter, newsletter: @newsletter
         DestroyNewsletter.call(@newsletter, current_user) do
           on(:already_sent) do
@@ -93,7 +93,7 @@ module Decidim
       def deliver
         @newsletter = collection.find(params[:id])
-        authorize! :update, @newsletter
+        enforce_permission_to :update, :newsletter, newsletter: @newsletter
         DeliverNewsletter.call(@newsletter, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/oauth_applications_controller.rb CHANGED

@@ -6,22 +6,22 @@ module Decidim
     #
     class OAuthApplicationsController < Admin::ApplicationController
       def index
-        authorize! :index, :oauth_applications
+        enforce_permission_to :read, :oauth_application
         @oauth_applications = collection.page(params[:page]).per(15)
       end
       def show
         @oauth_application = collection.find(params[:id])
-        authorize! :show, @oauth_application
+        enforce_permission_to :read, :oauth_application
       end
       def new
-        authorize! :create, :oauth_applications
+        enforce_permission_to :create, :oauth_application
         @form = form(OAuthApplicationForm).instance
       end
       def create
-        authorize! :create, :oauth_applications
+        enforce_permission_to :create, :oauth_application
         @form = form(OAuthApplicationForm).from_params(params)
@@ -40,13 +40,13 @@ module Decidim
       def edit
         @oauth_application = collection.find(params[:id])
-        authorize! :update, @oauth_application
+        enforce_permission_to :update, :oauth_application, oauth_application: @oauth_application
         @form = form(OAuthApplicationForm).from_model(@oauth_application)
       end
       def update
         @oauth_application = collection.find(params[:id])
-        authorize! :update, @oauth_application
+        enforce_permission_to :update, :oauth_application, oauth_application: @oauth_application
         @form = form(OAuthApplicationForm).from_params({ organization_logo: @oauth_application.organization_logo }.merge(params.to_unsafe_h))
         UpdateOAuthApplication.call(@oauth_application, @form, current_user) do
@@ -65,7 +65,7 @@ module Decidim
       def destroy
         @oauth_application = collection.find(params[:id])
-        authorize! :destroy, @oauth_application
+        enforce_permission_to :destroy, :oauth_application, oauth_application: @oauth_application
         DestroyOAuthApplication.call(@oauth_application, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/officializations_controller.rb CHANGED

@@ -10,8 +10,7 @@ module Decidim
       helper_method :user
       def index
-        authorize! :index, :officializations
+        enforce_permission_to :read, :officialization
         @query = params[:q]
         @state = params[:state]
@@ -21,13 +20,13 @@ module Decidim
       end
       def new
-        authorize! :new, :officializations
+        enforce_permission_to :create, :officialization
         @form = form(OfficializationForm).from_model(user)
       end
       def create
-        authorize! :create, :officializations
+        enforce_permission_to :create, :officialization
         @form = form(OfficializationForm).from_params(params)
@@ -41,7 +40,7 @@ module Decidim
       end
       def destroy
-        authorize! :destroy, :officializations
+        enforce_permission_to :destroy, :officialization
         UnofficializeUser.call(user, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/organization_appearance_controller.rb CHANGED

@@ -7,12 +7,12 @@ module Decidim
       layout "decidim/admin/settings"
       def edit
-        authorize! :update, current_organization
+        enforce_permission_to :update, :organization, organization: current_organization
         @form = form(OrganizationAppearanceForm).from_model(current_organization)
       end
       def update
-        authorize! :update, current_organization
+        enforce_permission_to :update, :organization, organization: current_organization
         @form = form(OrganizationAppearanceForm).from_params(params)
         UpdateOrganizationAppearance.call(current_organization, @form) do

data/app/controllers/decidim/admin/organization_controller.rb CHANGED

@@ -8,12 +8,12 @@ module Decidim
       layout "decidim/admin/settings"
       def edit
-        authorize! :update, current_organization
+        enforce_permission_to :update, :organization, organization: current_organization
         @form = form(OrganizationForm).from_model(current_organization)
       end
       def update
-        authorize! :update, current_organization
+        enforce_permission_to :update, :organization, organization: current_organization
         @form = form(OrganizationForm).from_params(params)
         UpdateOrganization.call(current_organization, @form) do
@@ -28,6 +28,25 @@ module Decidim
           end
         end
       end
+      def users
+        respond_to do |format|
+          format.json do
+            if (term = params[:term].to_s).present?
+              query = current_organization.users.order(name: :asc)
+              query = if term.start_with?("@")
+                        query.where("nickname ILIKE ?", "#{term.delete("@")}%")
+                      else
+                        query.where("name ILIKE ?", "%#{term}%")
+                      end
+              render json: query.all.collect { |u| { value: u.id, label: "#{u.name} (@#{u.nickname})" } }
+            else
+              render json: []
+            end
+          end
+        end
+      end
     end
   end
 end

data/app/controllers/decidim/admin/scope_types_controller.rb CHANGED

@@ -9,16 +9,16 @@ module Decidim
       helper_method :scope_types
       def index
-        authorize! :index, ScopeType
+        enforce_permission_to :read, :scope_type
       end
       def new
-        authorize! :new, ScopeType
+        enforce_permission_to :create, :scope_type
         @form = form(ScopeTypeForm).instance
       end
       def create
-        authorize! :new, ScopeType
+        enforce_permission_to :create, :scope_type
         @form = form(ScopeTypeForm).from_params(params)
         CreateScopeType.call(@form) do
@@ -35,12 +35,12 @@ module Decidim
       end
       def edit
-        authorize! :update, scope_type
+        enforce_permission_to :update, :scope_type, scope_type: scope_type
         @form = form(ScopeTypeForm).from_model(scope_type)
       end
       def update
-        authorize! :update, scope_type
+        enforce_permission_to :update, :scope_type, scope_type: scope_type
         @form = form(ScopeTypeForm).from_params(params)
         UpdateScopeType.call(scope_type, @form) do
@@ -57,7 +57,7 @@ module Decidim
       end
       def destroy
-        authorize! :destroy, scope_type
+        enforce_permission_to :destroy, :scope_type, scope_type: scope_type
         scope_type.destroy!
         flash[:notice] = I18n.t("scope_types.destroy.success", scope: "decidim.admin")

data/app/controllers/decidim/admin/scopes_controller.rb CHANGED

@@ -9,17 +9,17 @@ module Decidim
       helper_method :scope, :parent_scope, :add_scope_path, :current_scopes_path
       def index
-        authorize! :index, Scope
-        @scopes = children_scopes.order("name->'#{I18n.locale}' ASC")
+        enforce_permission_to :read, :scope
+        @scopes = children_scopes.order(Arel.sql("name->'#{I18n.locale}' ASC"))
       end
       def new
-        authorize! :new, Scope
+        enforce_permission_to :create, :scope
         @form = form(ScopeForm).instance
       end
       def create
-        authorize! :new, Scope
+        enforce_permission_to :create, :scope
         @form = form(ScopeForm).from_params(params)
         CreateScope.call(@form, parent_scope) do
           on(:ok) do
@@ -35,12 +35,12 @@ module Decidim
       end
       def edit
-        authorize! :update, scope
+        enforce_permission_to :update, :scope, scope: scope
         @form = form(ScopeForm).from_model(scope)
       end
       def update
-        authorize! :update, scope
+        enforce_permission_to :update, :scope, scope: scope
         @form = form(ScopeForm).from_params(params)
         UpdateScope.call(scope, @form) do
@@ -57,7 +57,7 @@ module Decidim
       end
       def destroy
-        authorize! :destroy, scope
+        enforce_permission_to :destroy, :scope, scope: scope
         DestroyScope.call(scope, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/static_pages_controller.rb CHANGED

@@ -6,19 +6,20 @@ module Decidim
     #
     class StaticPagesController < Decidim::Admin::ApplicationController
       layout "decidim/admin/pages"
+      before_action :tos_version_formatted, only: [:index, :edit]
       def index
-        authorize! :index, StaticPage
+        enforce_permission_to :read, :static_page
         @pages = collection
       end
       def new
-        authorize! :new, StaticPage
+        enforce_permission_to :create, :static_page
         @form = form(StaticPageForm).instance
       end
       def create
-        authorize! :new, StaticPage
+        enforce_permission_to :create, :static_page
         @form = form(StaticPageForm).from_params(form_params)
         CreateStaticPage.call(@form) do
@@ -35,13 +36,13 @@ module Decidim
       end
       def edit
-        authorize! :update, page
+        enforce_permission_to :update, :static_page, static_page: page
         @form = form(StaticPageForm).from_model(page)
       end
       def update
         @page = collection.find(params[:id])
-        authorize! :update, page
+        enforce_permission_to :update, :static_page, static_page: page
         @form = form(StaticPageForm).from_params(form_params)
         UpdateStaticPage.call(page, @form) do
@@ -58,11 +59,11 @@ module Decidim
       end
       def show
-        authorize! :read, page
+        enforce_permission_to :read, :static_page
       end
       def destroy
-        authorize! :destroy, page
+        enforce_permission_to :destroy, :static_page, static_page: page
         DestroyStaticPage.call(page, current_user) do
           on(:ok) do
@@ -92,6 +93,14 @@ module Decidim
       def collection
         current_organization.static_pages
       end
+      def tos_version
+        current_organization.tos_version
+      end
+      def tos_version_formatted
+        @tos_version_formatted ||= l(tos_version, format: :short) if tos_version.present?
+      end
     end
   end
 end