decidim-admin 0.18.1 → 0.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e1bb0a468fe74558d68a3e069223c66f93216b5d0b6a982ca573c79b9e5133a
-  data.tar.gz: fbfd2c9a1b874ad641144ff67560e003cfeb4dac69ab83eddb8077d73b359784
+  metadata.gz: 3fe9da64e350f8f333b98343743715f137e5f48ed586e9c397bad527caff7738
+  data.tar.gz: 22ae4dbc9bdaf872065dd3b3ca4c4458b5e0d824bb1c7f6a8dc12db7926abed7
 SHA512:
-  metadata.gz: 0e5c425a443047671cc90f357e4b43d183ac5a4c90703c6ca842257a985531f3f49a047bfae93106d4fe9d9823ba61c5a5db2c1d6e217e9ec5d07d0601d333c6
-  data.tar.gz: f90542e7d01193e11ff18550dc1c4c4f51a71be5bb159cdae6e74fadfdcce4e43c56b71d1923a3fa6cb82766508f7896d02b6c519dbe4c92b49772752ec80b81
+  metadata.gz: 9459a7af134d40568c3f9d53b4edd9f45dbbab101a9d093597ae9ab81a82288876a574d23fe0ab05986c9d7f904bad4058e957eb8e159fa34f614f13a6619db2
+  data.tar.gz: 5188ed41e3f8cf190a64315add75292008af12766a0a1a33307d38f3b5404c2a667b2993ef94eb8738a54e3e76d9693867aefa5b4702585d80f15731334503af

data/app/assets/javascripts/decidim/admin/form.js.es6

@@ -1,17 +1,33 @@
-// Checks if the form contains a field with a special CSS class added in
-// Decidim::Admin::SettingsHelper. If so, prevents the checkbox from being clicked,
-// extracts the stored text and adds a new paragraph after the field.
+// Checks if the form contains fields with special CSS classes added in
+// Decidim::Admin::SettingsHelper and acts accordingly.
 $(() => {
-  const $checkbox = $(".participatory_texts_disabled");
+  // Prevents checkbox with ".participatory_texts_disabled" class from being clicked.
+  const $participatoryTexts = $(".participatory_texts_disabled");
 
-  $checkbox.click((event) => {
+  $participatoryTexts.click((event) => {
     event.preventDefault();
     return false;
   });
 
-  if ($checkbox.length > 0) {
-    const $text = $checkbox[0].dataset.text
+  // Target fields:
+  // - amendments_wizard_help_text
+  // - all fields with ".amendments_step_settings" class
+  // (1) Hides target fields if amendments_enabled component setting is NOT checked.
+  // (2) Toggles visibilty of target fields when amendments_enabled component setting is clicked.
+  const $amendmentsEnabled = $("input#component_settings_amendments_enabled");
 
-    $checkbox.parent().after(`<p class="help-text">${$text}</p>`)
+  if ($amendmentsEnabled.length > 0) {
+    const $amendmentWizardHelpText = $("[id*='amendments_wizard_help_text']").parent();
+    const $amendmentStepSettings = $(".amendments_step_settings").parent();
+
+    if ($amendmentsEnabled.is(":not(:checked)")) {
+      $amendmentWizardHelpText.hide();
+      $amendmentStepSettings.hide().siblings(".help-text").hide();
+    }
+
+    $amendmentsEnabled.click(() => {
+      $amendmentWizardHelpText.toggle();
+      $amendmentStepSettings.toggle().siblings(".help-text").toggle();
+    });
   }
 });

data/app/assets/stylesheets/decidim/admin/modules/_forms.scss

@@ -134,3 +134,11 @@ textarea{
   cursor: not-allowed;
   opacity: .5;
 }
+
+.edit_component .step-settings{
+  .card-section fieldset legend{
+    font-size: 24px;
+    font-weight: bold;
+    border-bottom: 1px solid grey;
+  }
+}

data/app/assets/stylesheets/decidim/admin/modules/_modules.scss

@@ -34,3 +34,4 @@
 @import "decidim/modules/input-tags";
 @import "decidim/modules/input-mentions";
 @import "decidim/modules/input-hashtags";
+@import "decidim/modules/input-gallery";

data/app/commands/decidim/admin/create_component.rb

@@ -8,13 +8,10 @@ module Decidim
 
       # Public: Initializes the command.
       #
-      # manifest            - The component's manifest to create a component from.
-      # form                - The form from which the data in this component comes from.
-      # participatory_space - The participatory space that will hold this component.
-      def initialize(manifest, form, participatory_space)
-        @manifest = manifest
+      # form - The form from which the data in this component comes from.
+      def initialize(form)
         @form = form
-        @participatory_space = participatory_space
+        @manifest = form.manifest
       end
 
       # Public: Creates the Component.
@@ -39,7 +36,7 @@ module Decidim
           form.current_user,
           manifest_name: manifest.name,
           name: form.name,
-          participatory_space: participatory_space,
+          participatory_space: form.participatory_space,
           weight: form.weight,
           settings: form.settings,
           default_step_settings: form.default_step_settings,

data/app/commands/decidim/admin/create_participatory_space_private_user.rb

@@ -10,10 +10,11 @@ module Decidim
       # form - A form object with the params.
       # private_user_to - The private_user_to that will hold the
       #   user role
-      def initialize(form, current_user, private_user_to)
+      def initialize(form, current_user, private_user_to, via_csv = false)
         @form = form
         @current_user = current_user
         @private_user_to = private_user_to
+        @via_csv = via_csv
       end
 
       # Executes the command. Broadcasts these events:
@@ -41,8 +42,9 @@ module Decidim
       attr_reader :form, :private_user_to, :current_user, :user
 
       def create_private_user
+        action = @via_csv ? "create_via_csv" : "create"
         Decidim.traceability.perform_action!(
-          :create,
+          action,
           Decidim::ParticipatorySpacePrivateUser,
           current_user,
           resource: {

data/app/commands/decidim/admin/destroy_newsletter.rb

@@ -17,6 +17,7 @@ module Decidim
       # Broadcasts :ok if it got destroyed
       def call
         return broadcast(:already_sent) if newsletter.sent?
+
         destroy_newsletter
         broadcast(:ok)
       end

data/app/commands/decidim/admin/process_participatory_space_private_user_import_csv.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "csv"
+
+module Decidim
+  module Admin
+    class ProcessParticipatorySpacePrivateUserImportCsv < Rectify::Command
+      # Public: Initializes the command.
+      #
+      # form - the form object containing the uploaded file
+      # current_user - the user performing the action
+      # private_users_to - The private_users_to that will hold the user role
+      def initialize(form, current_user, private_users_to)
+        @form = form
+        @current_user = current_user
+        @private_users_to = private_users_to
+      end
+
+      # Executes the command. Broadcasts these events:
+      #
+      # - :ok when everything is valid.
+      # - :invalid if the form wasn't valid and we couldn't proceed.
+      #
+      # Returns nothing.
+      def call
+        return broadcast(:invalid) unless @form.valid?
+
+        process_csv
+        broadcast(:ok)
+      end
+
+      private
+
+      def process_csv
+        CSV.foreach(@form.file.path) do |email, user_name|
+          ImportParticipatorySpacePrivateUserCsvJob.perform_later(email, user_name, @private_users_to, @current_user) if email.present? && user_name.present?
+        end
+      end
+    end
+  end
+end

data/app/commands/decidim/admin/process_user_group_verification_csv.rb

@@ -22,6 +22,7 @@ module Decidim
       # Returns nothing.
       def call
         return broadcast(:invalid) unless @form.valid?
+
         process_csv
         broadcast(:ok)
       end

data/app/commands/decidim/admin/reject_user_group.rb

@@ -21,6 +21,7 @@ module Decidim
       # Returns nothing.
       def call
         return broadcast(:invalid) unless @user_group.valid?
+
         reject_user_group
         broadcast(:ok)
       end

data/app/commands/decidim/admin/remove_admin.rb

@@ -35,7 +35,7 @@ module Decidim
       attr_reader :user, :current_user
 
       def user_role
-        user.admin? ? :admin : user.roles
+        user.admin? ? :admin : user.roles.last
       end
     end
   end

data/app/commands/decidim/admin/update_component_permissions.rb

@@ -75,7 +75,7 @@ module Decidim
         return permissions unless component.permissions
 
         permissions.deep_stringify_keys.reject do |action, config|
-          HashDiff.diff(config, component.permissions[action]).empty?
+          Hashdiff.diff(config, component.permissions[action]).empty?
         end
       end
 

data/app/commands/decidim/admin/update_organization.rb

@@ -24,6 +24,7 @@ module Decidim
         return broadcast(:invalid) if form.invalid?
 
         return broadcast(:ok, @organization) if update_organization
+
         broadcast(:invalid)
       end
 

data/app/commands/decidim/admin/verify_user_group.rb

@@ -21,6 +21,7 @@ module Decidim
       # Returns nothing.
       def call
         return broadcast(:invalid) unless @user_group.valid?
+
         verify_user_group
         broadcast(:ok)
       end

data/app/controllers/decidim/admin/areas_controller.rb

@@ -79,6 +79,7 @@ module Decidim
 
       def area
         return @area if defined?(@area)
+
         @area = organization_areas.find_by(id: params[:id])
       end
     end

data/app/controllers/decidim/admin/components_controller.rb

@@ -27,10 +27,10 @@ module Decidim
       end
 
       def create
-        @form = form(ComponentForm).from_params(params)
+        @form = form(ComponentForm).from_params(form_params)
         enforce_permission_to :create, :component
 
-        CreateComponent.call(manifest, @form, current_participatory_space) do
+        CreateComponent.call(@form) do
           on(:ok) do
             flash[:notice] = I18n.t("components.create.success", scope: "decidim.admin")
             redirect_to action: :index
@@ -52,7 +52,7 @@ module Decidim
 
       def update
         @component = query_scope.find(params[:id])
-        @form = form(ComponentForm).from_params(params)
+        @form = form(ComponentForm).from_params(form_params)
         enforce_permission_to :update, :component, component: @component
 
         UpdateComponent.call(@form, @component) do
@@ -65,7 +65,7 @@ module Decidim
 
           on(:invalid) do
             flash[:alert] = I18n.t("components.update.error", scope: "decidim.admin")
-            redirect_to action: :edit
+            render action: :edit
           end
         end
       end
@@ -113,12 +113,36 @@ module Decidim
 
       private
 
+      # Returns a Class with the attributes sanitized, coerced  and filtered
+      # to the right type. See Decidim::SettingsManifest#schema.
+      def new_settings_schema(name, data)
+        manifest.settings(name).schema.new(data, current_organization.default_locale)
+      end
+
+      # Processes the component params so Decidim::Admin::ComponentForm
+      # can assign and validate the attributes when using #from_params.
+      def form_params
+        form_params = params[:component].permit!
+        form_params[:id] = params[:id]
+        form_params[:manifest] = manifest
+        form_params[:participatory_space] = current_participatory_space
+        form_params[:settings] = new_settings_schema(:global, form_params[:settings])
+        if form_params[:default_step_settings]
+          form_params[:default_step_settings] = new_settings_schema(:step, form_params[:default_step_settings])
+        else
+          form_params[:step_settings].each do |key, value|
+            form_params[:step_settings][key] = new_settings_schema(:step, value)
+          end
+        end
+        form_params
+      end
+
       def query_scope
         current_participatory_space.components
       end
 
       def manifest
-        Decidim.find_component_manifest(params[:type])
+        @component&.manifest || Decidim.find_component_manifest(params[:type])
       end
 
       def default_name(manifest)

data/app/controllers/decidim/admin/concerns/has_private_users_csv_import.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Admin
+    module Concerns
+      # PrivateUsers can be related to any ParticipatorySpace, in order to
+      # import private users from csv for a given type, you should create a new
+      # controller and include this concern.
+      #
+      # The only requirement is to define a `privatable_to` method that
+      # returns an instance of the model to relate the private_user to.
+      module HasPrivateUsersCsvImport
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :privatable_to
+
+          def new
+            enforce_permission_to :csv_import, :space_private_user
+            @form = form(ParticipatorySpacePrivateUserCsvImportForm).from_params({}, privatable_to: privatable_to)
+            render template: "decidim/admin/participatory_space_private_users_csv_imports/new"
+          end
+
+          def create
+            enforce_permission_to :csv_import, :space_private_user
+            @form = form(ParticipatorySpacePrivateUserCsvImportForm).from_params(params, privatable_to: privatable_to)
+
+            ProcessParticipatorySpacePrivateUserImportCsv.call(@form, current_user, current_participatory_space) do
+              on(:ok) do
+                flash[:notice] = I18n.t("participatory_space_private_users_csv_imports.create.success", scope: "decidim.admin")
+                redirect_to after_import_path
+              end
+
+              on(:invalid) do
+                flash[:alert] = I18n.t("participatory_space_private_users_csv_imports.create.invalid", scope: "decidim.admin")
+                render template: "decidim/admin/participatory_space_private_users_csv_imports/new"
+              end
+            end
+          end
+
+          # Public: Returns a String or Object that will be passed to `redirect_to` after
+          # importing private users. By default it redirects to the privatable_to.
+          #
+          # It can be redefined at controller level if you need to redirect elsewhere.
+          def after_import_path
+            privatable_to
+          end
+
+          # Public: The only method to be implemented at the controller. You need to
+          # return the object where the attachment will be attached to.
+          def privatable_to
+            raise NotImplementedError
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/admin/impersonations_controller.rb

@@ -68,14 +68,31 @@ module Decidim
 
       def user
         @user ||= if creating_managed_user?
-                    new_managed_user
+                    existing_managed_user || new_managed_user
                   else
                     current_organization.users.find(params[:impersonatable_user_id])
                   end
       end
 
+      def existing_managed_user
+        handler = Decidim::AuthorizationHandler.handler_for(
+          handler_name,
+          params.dig(:impersonate_user, :authorization)
+        )
+        return nil unless handler.unique_id
+
+        existing_authorization = Authorization.find_by(
+          name: handler_name,
+          unique_id: handler.unique_id
+        )
+        return nil unless existing_authorization
+        return nil unless existing_authorization.user.managed?
+
+        existing_authorization.user
+      end
+
       def new_managed_user
-        Decidim::User.find_or_initialize_by(
+        Decidim::User.new(
           organization: current_organization,
           managed: true,
           name: params.dig(:impersonate_user, :name)

data/app/controllers/decidim/admin/resource_permissions_controller.rb

@@ -75,7 +75,10 @@ module Decidim
         return if params[:resource_name].blank?
 
         resource_id = params["#{params[:resource_name]}_id"]
-        @resource ||= Decidim.find_resource_manifest(params[:resource_name])&.model_class&.find_by(id: resource_id)
+        resource_slug = params["#{params[:resource_name]}_slug"]
+
+        find_by = resource_slug.present? ? { slug: resource_slug } : { id: resource_id }
+        @resource ||= Decidim.find_resource_manifest(params[:resource_name])&.model_class&.find_by(find_by)
         @resource if @resource&.allow_resource_permissions?
       end
 

data/app/controllers/decidim/admin/scopes_controller.rb

@@ -75,11 +75,13 @@ module Decidim
 
       def parent_scope
         return @parent_scope if defined?(@parent_scope)
+
         @parent_scope = scope ? scope.parent : organization_scopes.find_by(id: params[:scope_id])
       end
 
       def scope
         return @scope if defined?(@scope)
+
         @scope = organization_scopes.find_by(id: params[:id])
       end
 

data/app/forms/decidim/admin/component_form.rb

@@ -13,15 +13,18 @@ module Decidim
       translatable_attribute :name, String
       validates :name, translatable_presence: true
 
-      attribute :settings, Object
-      attribute :default_step_settings, Object
-      attribute :manifest
       attribute :weight, Integer, default: 0
 
+      attribute :manifest, Object
+      attribute :participatory_space, Object
+      validates :manifest, :participatory_space, presence: true
+
+      attribute :settings, Object
+      attribute :default_step_settings, Object
       attribute :step_settings, Hash[String => Object]
-      attribute :participatory_space
 
-      validate :must_be_able_to_change_participatory_texts_setting, if: :proposal_component?
+      validate :must_be_able_to_change_participatory_texts_setting
+      validate :amendments_visibility_options_must_be_valid
 
       def settings?
         settings.manifest.attributes.any?
@@ -31,23 +34,45 @@ module Decidim
         default_step_settings.manifest.attributes.any?
       end
 
-      def component
-        @component ||= Component.find_by(id: id)
+      private
+
+      # Overwrites Rectify::Form#form_attributes_valid? to validate nested `step_settings` attributes.
+      def form_attributes_valid?
+        return false unless errors.empty? && settings_errors_empty? # Preserves errors from custom validation methods
+
+        attributes_that_respond_to(:valid?).concat(
+          step_settings.each_value.select { |attribute| attribute.respond_to?(:valid?) }
+        ).all?(&:valid?)
       end
 
-      def proposal_component?
-        component&.manifest_name == "proposals"
+      def settings_errors_empty?
+        validations = [settings.errors.empty?]
+        validations << if default_step_settings.present?
+                         default_step_settings.errors.empty?
+                       else
+                         step_settings.each_value.map(&:errors).all?(&:empty?)
+                       end
+        validations.all?
       end
 
-      # Validation for `Proposals` components. Prevents changing the global
-      # setting `participatory_texts_enabled` when there are proposals.
-      # Does not add a custom error message as it would be unused, because
-      # the setting's checkbox is automatically being disabled on the frontend.
+      # Validates setting `participatory_texts_enabled` is not changed when there are proposals for the component.
       def must_be_able_to_change_participatory_texts_setting
-        form_setting_value = settings[:participatory_texts_enabled].to_i == 1 # Convert "1"/"0" to true/false
-        return if form_setting_value == component.settings.participatory_texts_enabled
+        return unless manifest&.name == :proposals && (component = Component.find_by(id: id))
+        return unless settings.participatory_texts_enabled != component.settings.participatory_texts_enabled
+
+        settings.errors.add(:participatory_texts_enabled) if Decidim::Proposals::Proposal.where(component: component).any?
+      end
+
+      # Validates setting `amendments_visibility` is included in Decidim::Amendment::VisibilityStepSetting.options.
+      def amendments_visibility_options_must_be_valid
+        return unless manifest&.name == :proposals && settings.amendments_enabled
+
+        visibility_options = Decidim::Amendment::VisibilityStepSetting.options.map(&:last)
+        step_settings.each do |step, settings|
+          next unless visibility_options.exclude? settings[:amendments_visibility]
 
-        errors.add(:settings) if Decidim::Proposals::Proposal.where(component: component).any?
+          step_settings[step].errors.add(:amendments_visibility, :inclusion)
+        end
       end
     end
   end