decidim-admin 0.27.5 → 0.27.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff93ac8455dc2e0c83ea885cffd0167c733c99ef4aa4ecf87c804865274a2fb1
-  data.tar.gz: effea866bfcf0e7eeb60917547ae95fb4f880f4e7c6afd877b18a66f28c5a9d8
+  metadata.gz: 89af8ec67ceb6341a006d36411a053aeb1ddfe47cf8b87dfa01fa06d61c34305
+  data.tar.gz: 3c780a0d891e04f13f982a08ef8681506337333c863f9f4fdbac5a88097cff49
 SHA512:
-  metadata.gz: e907b4a9858aaa67f5815458c995f85546643d29c79ea9b92ee17bac1d5f621da646c7c23a887cba48114907dee74f5712abe80f207b7ec96e50a6c9f09d7334
-  data.tar.gz: 8aab3aa06c560cc2f7b958f188a2f89e7809f66e9e648517b3c54b6df70c84aae10e52305d6e22c9e8f7966b38512a0bedfc7520c4093126cb0e049b4f455597
+  metadata.gz: 36629e02f1ddaa454e8e5c0ee531a3067782c4f90c21d00b981ff4a81a27c633a09c88b98a6ac89d4e69837b3f59a7d76a44c1c5295f74ce11870be5162d57f3
+  data.tar.gz: dd3651f270e9db52fb99a06d2a288cab0fb330ed1a860e722f5f3070e264f7f48a077d5a2d37fb15e8b7daefa5199e62e5e424e54ebf5299d41f23746f6abd9c

data/app/commands/decidim/admin/destroy_category.rb

@@ -20,7 +20,7 @@ module Decidim
       #
       # Returns nothing.
       def call
-        return broadcast(:invalid) if category.nil? || category.subcategories.any?
+        return broadcast(:invalid) if category.nil? || category.subcategories.any? || !category.unused?
 
         destroy_category
         broadcast(:ok)

data/app/controllers/decidim/admin/application_controller.rb

@@ -30,6 +30,7 @@ module Decidim
       helper Decidim::LanguageChooserHelper
       helper Decidim::ComponentPathHelper
       helper Decidim::SanitizeHelper
+      helper Decidim::Templates::Admin::ApplicationHelper if Decidim.module_installed?(:templates) && defined?(Decidim::Templates::Admin::ApplicationHelper)
 
       default_form_builder Decidim::Admin::FormBuilder
 

data/app/controllers/decidim/admin/authorization_workflows_controller.rb

@@ -8,7 +8,9 @@ module Decidim
       def index
         enforce_permission_to :index, :authorization_workflow
 
-        @workflows = Decidim::Verifications.admin_workflows
+        @workflows = Decidim::Verifications.admin_workflows.select do |manifest|
+          current_organization.available_authorizations.include?(manifest.name.to_s)
+        end
 
         # Decidim::Verifications::Authorizations Query
         @authorizations = Decidim::Verifications::Authorizations.new(

data/app/controllers/decidim/admin/conflicts_controller.rb

@@ -6,12 +6,16 @@ module Decidim
       layout "decidim/admin/users"
 
       def index
+        enforce_permission_to :index, :impersonatable_user
+
         @conflicts = Decidim::Verifications::Conflict.joins(:current_user).where(
           decidim_users: { decidim_organization_id: current_organization.id }
         )
       end
 
       def edit
+        enforce_permission_to :index, :impersonatable_user
+
         conflict = Decidim::Verifications::Conflict.find(params[:id])
 
         @form = form(TransferUserForm).from_params(
@@ -22,6 +26,8 @@ module Decidim
       end
 
       def update
+        enforce_permission_to :index, :impersonatable_user
+
         conflict = Decidim::Verifications::Conflict.find(params[:id])
 
         @form = form(TransferUserForm).from_params(

data/app/controllers/decidim/admin/impersonatable_users_controller.rb

@@ -24,7 +24,7 @@ module Decidim
       private
 
       def collection
-        @collection ||= current_organization.users.where(admin: false, roles: [])
+        @collection ||= current_organization.users.not_deleted.not_blocked.where(admin: false, roles: [])
       end
 
       def new_managed_user

data/app/controllers/decidim/admin/impersonations_controller.rb

@@ -82,6 +82,7 @@ module Decidim
         return nil unless handler.unique_id
 
         existing_authorization = Authorization.find_by(
+          user: User.where(organization: current_organization),
           name: handler_name,
           unique_id: handler.unique_id
         )

data/app/controllers/decidim/admin/managed_users/impersonation_logs_controller.rb

@@ -9,6 +9,8 @@ module Decidim
         layout "decidim/admin/users"
 
         def index
+          enforce_permission_to :index, :impersonatable_user
+
           @impersonation_logs = Decidim::ImpersonationLog.where(user: user).order(started_at: :desc).page(params[:page]).per(15)
         end
 

data/app/controllers/decidim/admin/organization_controller.rb

@@ -44,13 +44,16 @@ module Decidim
         respond_to do |format|
           format.json do
             if (term = params[:term].to_s).present?
-              query = relation.order(name: :asc)
               query = if term.start_with?("@")
-                        query.where("nickname ILIKE ?", "#{term.delete("@")}%")
+                        nickname = term.delete("@")
+                        relation.where("nickname ILIKE ?", "#{nickname}%")
+                                .order(Arel.sql(ActiveRecord::Base.sanitize_sql_array("similarity(nickname, '#{nickname}') DESC")))
                       else
-                        query.where("name ILIKE ?", "%#{term}%").or(
-                          query.where("email ILIKE ?", "%#{term}%")
+                        relation.where("name ILIKE ?", "%#{term}%").or(
+                          relation.where("email ILIKE ?", "%#{term}%")
                         )
+                                .order(Arel.sql(ActiveRecord::Base.sanitize_sql_array("GREATEST(similarity(name, '#{term}'), similarity(email, '#{term}')) DESC")))
+                                .order(Arel.sql(ActiveRecord::Base.sanitize_sql_array("(similarity(name, '#{term}') + similarity(email, '#{term}')) / 2 DESC")))
                       end
               render json: query.all.collect { |u| { value: u.id, label: "#{u.name} (@#{u.nickname})" } }
             else

data/app/events/decidim/component_published_event.rb

@@ -2,5 +2,16 @@
 
 module Decidim
   class ComponentPublishedEvent < Decidim::Events::SimpleEvent
+    # Public: The Hash of options to pass to the I18.t method.
+    def i18n_options
+      default_i18n_options.merge(event_interpolations)
+    end
+
+    def resource_title
+      return unless resource
+
+      title = decidim_sanitize_translated(resource.name)
+      Decidim::ContentProcessor.render_without_format(title, links: false).html_safe
+    end
   end
 end

data/app/events/decidim/resource_hidden_event.rb

@@ -2,6 +2,8 @@
 
 module Decidim
   class ResourceHiddenEvent < Decidim::Events::SimpleEvent
+    include Decidim::ApplicationHelper
+
     i18n_attributes :resource_path, :report_reasons, :resource_type, :resource_content
 
     def resource_path
@@ -23,7 +25,9 @@ module Decidim
     end
 
     def resource_content
-      translated_attribute(@resource[@resource.reported_attributes.first]).truncate(100, separator: " ")
+      text = translated_attribute(@resource[@resource.reported_attributes.first])
+
+      decidim_sanitize(html_truncate(text, length: 100), strip_tags: true)
     end
 
     def resource_text

data/app/helpers/decidim/admin/admin_terms_helper.rb

@@ -5,7 +5,7 @@ module Decidim
     # This module includes helpers to show Admin Terms of Use
     module AdminTermsHelper
       def admin_terms_of_use_body
-        current_organization.admin_terms_of_use_body.symbolize_keys[I18n.locale].html_safe
+        decidim_sanitize_admin(translated_attribute(current_organization.admin_terms_of_use_body)).html_safe
       end
 
       def announcement_body

data/app/helpers/decidim/admin/newsletters_helper.rb

@@ -74,7 +74,7 @@ module Decidim
           else
             Decidim.find_participatory_space_manifest(type["manifest_name"].to_sym)
                    .participatory_spaces.call(current_organization).where(id: type["ids"]).each do |space|
-              html += "<strong>#{translated_attribute space.title}</strong>"
+              html += "<strong>#{decidim_escape_translated space.title}</strong>"
             end
           end
           html += "<br/>"

data/app/views/decidim/admin/categories/index.html.erb

@@ -52,7 +52,13 @@
                   <% end %>
 
                   <% if allowed_to? :destroy, :category, category: subcategory %>
-                    <%= icon_link_to "circle-x", category_path(current_participatory_space, subcategory), t("actions.destroy", scope: "decidim.admin"), class: "action-icon--remove", method: :delete, data: { confirm: t("actions.confirm_destroy", scope: "decidim.admin") } %>
+                    <% if subcategory.unused? %>
+                      <%= icon_link_to "circle-x", category_path(current_participatory_space, subcategory), t("actions.destroy", scope: "decidim.admin"), class: "action-icon--remove", method: :delete, data: { confirm: t("actions.confirm_destroy", scope: "decidim.admin") } %>
+                    <% else %>
+                      <span class="action-icon" title="<%= t("categories.index.category_used", scope: "decidim.admin") %>" data-tooltip="true" data-disable-hover="false">
+                        <%= icon "delete-bin-line", class: "action-icon action-icon--disabled", role: "img", "aria-hidden": true %>
+                      </span>
+                    <% end %>
                   <% end %>
                   </td>
                 </tr>

data/app/views/decidim/admin/resource_permissions/edit.html.erb

@@ -6,9 +6,9 @@
         <% if resource %>
           -
           <% if resource.is_a?(Decidim::Resourceable) %>
-            <%= link_to(resource_title(resource), resource_locator(resource).path) %>
+            <%= link_to(decidim_escape_translated(resource.title).html_safe, resource_locator(resource).path) %>
           <% else %>
-            <%= strip_tags resource_title(resource) %>
+            <%= decidim_escape_translated(resource.title).html_safe %>
           <% end %>
         <% end %>
       </h3>

data/app/views/layouts/decidim/admin/_header.html.erb

@@ -1,5 +1,8 @@
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <%= csrf_meta_tags %>
+<%= legacy_favicon %>
+<%= favicon %>
+<%= apple_favicon %>
 <%= stylesheet_pack_tag "decidim_admin", media: "all" %>
 <%= javascript_pack_tag "decidim_admin", defer: false %>
 <%= organization_colors %>

data/app/views/layouts/decidim/admin/_js_configuration.html.erb

@@ -1,5 +1,6 @@
 <%
 js_configs = {
+  api_path: decidim_api.root_path(locale: nil),
   icons_path: Decidim.cors_enabled ? "" : asset_pack_path("media/images/icons.svg"),
   messages: {
     "selfxssWarning": {

data/config/locales/ar.yml

@@ -319,8 +319,6 @@ ar:
           view_more_logs: عرض المزيد من السجلات
           welcome: أهلا بك على اللوح الإداري.
       domain_whitelist:
-        form:
-          domain_too_short: نطاق الدومين قصير جداً
         update:
           error: فشل تحديث القائمة النطاقات المسموحة
           success: تم تحديث النطاقات المسموحة بنجاح
@@ -719,11 +717,6 @@ ar:
       organization_external_domain_whitelist:
         edit:
           update: تحديث
-        external_domain:
-          down: أسفل
-          external_domain: نطاق خارجي
-          remove: إزالة
-          up: أعلى
         form:
           add: إضافة إلى القائمة البيضاء
       organization_homepage_content_blocks:
@@ -854,6 +847,7 @@ ar:
         areas: المناطق
         authorization_workflows: طرق التحقق
         dashboard: لوحة القيادة
+        edit_organization_appearance: تعديل مظهر الصفحة الرئيسية
         impersonatable_users: المشاركون في الإدارة
         impersonations: إدارة المشاركين
         pages: الصفحات