RubyGems - decidim-admin - Versions diffs - 0.11.2 → 0.12.0.pre - Mend

decidim-admin 0.11.2 → 0.12.0.pre

Potentially problematic release.

This version of decidim-admin might be problematic. Click here for more details.

Files changed (116) hide show

data/app/controllers/decidim/admin/user_groups_controller.rb CHANGED

@@ -8,7 +8,7 @@ module Decidim
       layout "decidim/admin/users"
       def index
-        authorize! :index, UserGroup
+        enforce_permission_to :index, :user_group
         @query = params[:q]
         @state = params[:state]
@@ -18,7 +18,7 @@ module Decidim
       def verify
         @user_group = collection.find(params[:id])
-        authorize! :verify, @user_group
+        enforce_permission_to :verify, :user_group, user_group: @user_group
         VerifyUserGroup.call(@user_group, current_user) do
           on(:ok) do
@@ -35,7 +35,7 @@ module Decidim
       def reject
         @user_group = collection.find(params[:id])
-        authorize! :reject, @user_group
+        enforce_permission_to :reject, :user_group, user_group: @user_group
         RejectUserGroup.call(@user_group, current_user) do
           on(:ok) do

data/app/controllers/decidim/admin/users_controller.rb CHANGED

@@ -6,17 +6,17 @@ module Decidim
     #
     class UsersController < Decidim::Admin::ApplicationController
       def index
-        authorize! :index, :admin_users
+        enforce_permission_to :read, :admin_user
         @users = collection.page(params[:page]).per(15)
       end
       def new
-        authorize! :new, :admin_users
+        enforce_permission_to :create, :admin_user
         @form = form(InviteUserForm).instance
       end
       def create
-        authorize! :new, :admin_users
+        enforce_permission_to :create, :admin_user
         default_params = {
           organization: current_organization,
@@ -40,7 +40,7 @@ module Decidim
       end
       def resend_invitation
-        authorize! :invite, :admin_users
+        enforce_permission_to :invite, :admin_user, user: user
         InviteUserAgain.call(user, "invite_admin") do
           on(:ok) do
@@ -56,7 +56,7 @@ module Decidim
       end
       def destroy
-        authorize! :destroy, :admin_users
+        enforce_permission_to :destroy, :admin_user, user: user
         RemoveAdmin.call(user, current_user) do
           on(:ok) do

data/app/forms/decidim/admin/managed_user_promotion_form.rb CHANGED

@@ -7,7 +7,7 @@ module Decidim
     class ManagedUserPromotionForm < Form
       attribute :email, String
-      validates :email, presence: true
+      validates :email, presence: true, 'valid_email_2/email': { disposable: true }
     end
   end
 end

data/app/forms/decidim/admin/permission_form.rb CHANGED

@@ -5,27 +5,24 @@ module Decidim
     # This form handles permissions for a particular action in the admin panel.
     class PermissionForm < Form
       attribute :authorization_handler_name, String
-      attribute :options, String
+      attribute :options, Hash
-      validate :sanitize
-      validate :options_is_valid_json
+      def manifest
+        Decidim::Verifications.find_workflow_manifest(authorization_handler_name)
+      end
-      private
+      def options_schema
+        @options_schema ||= options_manifest.schema.new(options || {})
+      end
-      def sanitize
-        self.authorization_handler_name = nil if authorization_handler_name.blank?
-        self.options = nil if authorization_handler_name.blank?
-        self.options = nil if options.blank?
+      def options_attributes
+        options_manifest.attributes
       end
-      def options_is_valid_json
-        return unless options
+      private
-        result = JSON.parse(options)
-        errors.add(:options, :invalid_json) unless result.is_a?(Hash)
-        result
-      rescue JSON::ParserError
-        errors.add(:options, :invalid_json)
+      def options_manifest
+        manifest.options
       end
     end
   end

data/app/forms/decidim/admin/static_page_form.rb CHANGED

@@ -9,6 +9,7 @@ module Decidim
       attribute :slug, String
       translatable_attribute :title, String
       translatable_attribute :content, String
+      attribute :changed_notably, Boolean
       mimic :static_page

data/app/frontend/components/autocomplete.component.test.tsx ADDED

@@ -0,0 +1,19 @@
+import { shallow } from "enzyme";
+import * as React from "react";
+import Autocomplete from "./autocomplete.component";
+describe("<Autocomplete />", () => {
+  const name = "custom[name]";
+  const selected = "";
+  const options = Array();
+  const placeholder = "Pick a value";
+  const noResultsText = "No results found";
+  const searchPromptText = "Type to search";
+  const searchURL = "/some/url";
+  it("renders a div of Select", () => {
+    const wrapper = shallow(<Autocomplete name={name} selected={selected} options={options} noResultsText={noResultsText} placeholder={placeholder} searchPromptText={searchPromptText} searchURL={searchURL} />);
+    expect(wrapper.find(".autocomplete-field").exists()).toBeTruthy();
+  });
+});

data/app/frontend/components/autocomplete.component.tsx ADDED

@@ -0,0 +1,169 @@
+import axios, { CancelTokenSource } from "axios";
+import * as React from "react";
+import {Async as AsyncSelect, ReactAsyncSelectProps} from "react-select";
+import "react-select/scss/default.scss";
+declare module "react-select" {
+  interface ReactAsyncSelectProps<TValue = OptionValues> {
+    searchPromptText?: any;
+  }
+}
+export interface AutocompleteProps {
+  /**
+   * Autoload from search url on initialize
+   */
+  autoload?: boolean;
+  /**
+   * The name of the input to be submitted with the form
+   */
+  name: string;
+  /**
+   * The value of the actually selected option
+   */
+  selected: any;
+  /**
+   * An array objects with the preloded options (needs to include the selected option)
+   */
+  options: any[];
+  /**
+   * placeholder displayed when there are no matching search results or a falsy value to hide it
+   */
+  noResultsText: string;
+  /**
+   * Field placeholder, displayed when there's no value
+   */
+  placeholder: string;
+  /**
+   * Text to prompt for search input
+   */
+  searchPromptText: string;
+  /**
+   * The URL where fetch content
+   */
+  searchURL: string;
+}
+interface AutocompleteState {
+  /**
+   * The value of the actually selected option
+   */
+  selectedOption: any;
+  /**
+   * An array objects with the preloded options (needs to include the selected option)
+   */
+  options: any[];
+  /**
+   * Text to prompt for search input
+   */
+  searchPromptText: string;
+  /**
+   * Placeholder displayed when there are no matching search results or a falsy value to hide it
+   */
+  noResultsText: string;
+}
+export class Autocomplete extends React.Component<AutocompleteProps, AutocompleteState> {
+  public static defaultProps: any = {
+    autoload: false
+  };
+  private cancelTokenSource: CancelTokenSource;
+  private minCharactersToSearch: number = 3;
+  constructor(props: AutocompleteProps) {
+    super(props);
+    this.state = {
+      options: props.options,
+      selectedOption: props.selected,
+      searchPromptText: props.searchPromptText,
+      noResultsText: props.noResultsText
+    };
+  }
+  public render(): JSX.Element {
+    const { autoload, name, placeholder } = this.props;
+    const { selectedOption, options, searchPromptText, noResultsText } = this.state;
+    return (
+      <div className="autocomplete-field">
+        <AsyncSelect
+          cache={false}
+          name={name}
+          value={selectedOption}
+          options={options}
+          placeholder={placeholder}
+          searchPromptText={searchPromptText}
+          noResultsText={noResultsText}
+          onChange={this.handleChange}
+          onInputChange={this.onInputChange}
+          loadOptions={this.loadOptions}
+          filterOptions={this.filterOptions}
+          autoload={autoload}
+          removeSelected={true}
+          escapeClearsValue={false}
+          onCloseResetsInput={false}
+        />
+      </div>
+    );
+  }
+  private handleChange = (selectedOption: any) => {
+    this.setState({ selectedOption });
+  }
+  private filterOptions = (options: any, filter: any, excludeOptions: any) => {
+    // Do no filtering, just return all options because
+    // we return a filtered set from server
+    return options;
+  }
+  private onInputChange = (query: string) => {
+    if (query.length < this.minCharactersToSearch) {
+      this.setState({ noResultsText: this.props.searchPromptText });
+    } else {
+      this.setState({ noResultsText: this.props.noResultsText });
+    }
+  }
+  private loadOptions = (query: string, callback: any) => {
+    query = query.toLowerCase();
+    if (this.cancelTokenSource) {
+      this.cancelTokenSource.cancel();
+    }
+    if (query.length < this.minCharactersToSearch) {
+      callback (null, { options: [], complete: false });
+    } else {
+      this.cancelTokenSource = axios.CancelToken.source();
+      axios.get(this.props.searchURL, {
+        cancelToken: this.cancelTokenSource.token,
+        headers: {
+          Accept: "application/json"
+        },
+        withCredentials: true,
+        params: {
+          term: query
+        }
+      })
+      .then((response) => {
+        // CAREFUL! Only set complete to true when there are no more options,
+        // or more specific queries will not be sent to the server.
+        callback (null, { options: response.data, complete: true });
+      })
+      .catch((error: any) => {
+        if (axios.isCancel(error)) {
+          // console.log("Request canceled", error.message);
+        } else {
+          callback (error, { options: [], complete: false });
+        }
+      });
+    }
+  }
+}
+export default Autocomplete;

data/app/frontend/entry.ts ADDED

@@ -0,0 +1,17 @@
+import * as React from "react";
+import * as ReactDOM from "react-dom";
+import Autocomplete, { AutocompleteProps } from "./components/autocomplete.component";
+window.DecidimAdmin = window.DecidimAdmin || {};
+window.DecidimAdmin.renderAutocompleteSelects = (nodeSelector: string) => {
+  window.$(nodeSelector).each((index: number, node: HTMLElement) => {
+    const props: AutocompleteProps = { ...window.$(node).data("autocomplete") };
+    ReactDOM.render(
+      React.createElement(Autocomplete, props),
+      node
+    );
+  });
+};

data/app/frontend/entry_test.ts ADDED

@@ -0,0 +1,4 @@
+import { configure } from "enzyme";
+import * as Adapter from "enzyme-adapter-react-16";
+configure({ adapter: new Adapter() });

data/app/helpers/decidim/admin/application_helper.rb CHANGED

@@ -16,10 +16,6 @@ module Decidim
       def title
         current_organization.name
       end
-      def foundation_datepicker_locale_tag
-        javascript_include_tag "datepicker-locales/foundation-datepicker.#{I18n.locale}.js" if I18n.locale != :en
-      end
     end
   end
 end

data/app/permissions/decidim/admin/permissions.rb ADDED

@@ -0,0 +1,161 @@
+# frozen_string_literal: true
+module Decidim
+  module Admin
+    class Permissions < Decidim::DefaultPermissions
+      def permissions
+        return permission_action if managed_user_action?
+        unless permission_action.scope == :admin
+          read_admin_dashboard_action?
+          return permission_action
+        end
+        unless user
+          disallow!
+          return permission_action
+        end
+        return user_manager_permissions if user_manager?
+        allow! if user_can_enter_space_area?
+        read_admin_dashboard_action?
+        if user.admin?
+          allow! if read_admin_log_action?
+          allow! if static_page_action?
+          allow! if organization_action?
+          allow! if user_action?
+          allow! if permission_action.subject == :category
+          allow! if permission_action.subject == :component
+          allow! if permission_action.subject == :admin_user
+          allow! if permission_action.subject == :attachment
+          allow! if permission_action.subject == :attachment_collection
+          allow! if permission_action.subject == :scope
+          allow! if permission_action.subject == :scope_type
+          allow! if permission_action.subject == :area
+          allow! if permission_action.subject == :area_type
+          allow! if permission_action.subject == :newsletter
+          allow! if permission_action.subject == :oauth_application
+          allow! if permission_action.subject == :user_group
+          allow! if permission_action.subject == :officialization
+          allow! if permission_action.subject == :authorization
+          allow! if permission_action.subject == :authorization_workflow
+        end
+        permission_action
+      end
+      private
+      def user_manager?
+        user && !user.admin? && user.role?("user_manager")
+      end
+      def read_admin_dashboard_action?
+        return unless permission_action.subject == :admin_dashboard &&
+                      permission_action.action == :read
+        toggle_allow(user.admin? || space_allows_admin_access_to_current_action?)
+      end
+      def read_admin_log_action?
+        permission_action.subject == :admin_log &&
+          permission_action.action == :read
+      end
+      def static_page_action?
+        return unless permission_action.subject == :static_page
+        static_page = context.fetch(:static_page, nil)
+        case permission_action.action
+        when :update
+          static_page.present?
+        when :update_slug, :destroy
+          static_page.present? && !StaticPage.default?(static_page.slug)
+        when :update_notable_changes
+          static_page.slug == "terms-and-conditions" && static_page.persisted?
+        else
+          true
+        end
+      end
+      def organization_action?
+        return unless permission_action.subject == :organization
+        return unless permission_action.action == :update
+        organization == user.organization
+      end
+      def managed_user_action?
+        return unless permission_action.subject == :managed_user
+        return user_manager_permissions if user_manager?
+        return unless user&.admin?
+        case permission_action.action
+        when :create
+          toggle_allow(!organization.available_authorizations.empty?)
+        else
+          allow!
+        end
+        true
+      end
+      def user_action?
+        return unless [:user, :impersonatable_user].include?(permission_action.subject)
+        subject_user = context.fetch(:user, nil)
+        case permission_action.action
+        when :promote
+          subject_user.managed? && Decidim::ImpersonationLog.active.where(admin: user).empty?
+        when :impersonate
+          available_authorization_handlers? &&
+            !subject_user.admin? &&
+            subject_user.roles.empty? &&
+            Decidim::ImpersonationLog.active.where(admin: user).empty?
+        when :destroy
+          subject_user != user
+        else
+          true
+        end
+      end
+      def organization
+        @organization ||= context.fetch(:organization, nil) || context.fetch(:current_organization, nil)
+      end
+      def user_can_enter_space_area?
+        return unless permission_action.action == :enter &&
+                      permission_action.subject == :space_area
+        space_allows_admin_access_to_current_action?
+      end
+      def space_allows_admin_access_to_current_action?
+        Decidim.participatory_space_manifests.any? do |manifest|
+          begin
+            new_permission_action = Decidim::PermissionAction.new(
+              action: permission_action.action,
+              scope: permission_action.scope,
+              subject: permission_action.subject
+            )
+            manifest.permissions_class.new(user, new_permission_action, context).permissions.allowed?
+          rescue Decidim::PermissionAction::PermissionNotSetError
+            nil
+          end
+        end
+      end
+      def user_manager_permissions
+        Decidim::Admin::UserManagerPermissions.new(user, permission_action, context).permissions
+      end
+      def available_authorization_handlers?
+        user.organization.available_authorization_handlers.any?
+      end
+    end
+  end
+end