decidim-api 0.28.4 → 0.28.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/decidim-api.gemspec +2 -1
  3. data/lib/decidim/api/test/component_context.rb +435 -0
  4. data/lib/decidim/api/test/type_context.rb +2 -1
  5. data/lib/decidim/api/types/base_object.rb +70 -0
  6. data/lib/decidim/api/version.rb +1 -1
  7. metadata +25 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 81726d50d218c9b420f4ed8c23357b0b9eb8a849d778cf27a8e297a756b43f60
4
- data.tar.gz: be2e886b84412da834583e7f4b0cd90a1faff07f4bb16fce7546f00d6a138826
3
+ metadata.gz: 88423df68a4d00904f695f91718a1ddcc50a5ec349f72f556953c5f0da6ac37f
4
+ data.tar.gz: 474806afddaa0642ce4f47dfd5d95995825444ea4184f1a455c99228a3f67a82
5
5
  SHA512:
6
- metadata.gz: 49a20f58a028560facd9c6cb2bbd6156d4becd0137dde86ca7ef614086c0b43f1e766d6589523a6410c553b0a0d47196fb13817b0d2b0bf67641d7718a7a614e
7
- data.tar.gz: ce75ff26c38bb4b9cc495bf9c6191a7d30fe19d92a31d008fd05ab84cc00cedb8d7bde280be0016b296fd61fce761278c02c9a756b905bf4a62b4157fbdf1879
6
+ metadata.gz: 88a714501878574770b3961359740ad405b111777c9bc5b54200987c38f0e9203748895f747937cf313c845d479cc9d27e8e388a316b13cb05c63aa061803e88
7
+ data.tar.gz: 92b2932c7d96f26e5e2a5b0d9fe4ae4023b56b79af26d982b9fed0901887ff768ee5160d99a948adb1fdee6098abc0963b44fd4fed83b5f8abc8a41e1f4dd25f
data/decidim-api.gemspec CHANGED
@@ -10,7 +10,7 @@ Gem::Specification.new do |s|
10
10
  s.version = Decidim::Api.version
11
11
  s.authors = ["Josep Jaume Rey Peroy", "Marc Riera Casals", "Oriol Gual Oliva"]
12
12
  s.email = ["josepjaume@gmail.com", "mrc2407@gmail.com", "oriolgual@gmail.com"]
13
- s.license = "AGPL-3.0"
13
+ s.license = "AGPL-3.0-or-later"
14
14
  s.homepage = "https://decidim.org"
15
15
  s.metadata = {
16
16
  "bug_tracker_uri" => "https://github.com/decidim/decidim/issues",
@@ -39,6 +39,7 @@ Gem::Specification.new do |s|
39
39
  s.add_dependency "graphql-docs", "~> 3.0.1"
40
40
  s.add_dependency "rack-cors", "~> 1.0"
41
41
 
42
+ s.add_development_dependency "decidim-assemblies", Decidim::Api.version
42
43
  s.add_development_dependency "decidim-comments", Decidim::Api.version
43
44
  s.add_development_dependency "decidim-dev", Decidim::Api.version
44
45
  s.add_development_dependency "decidim-participatory_processes", Decidim::Api.version
data/lib/decidim/api/test/component_context.rb CHANGED
@@ -41,3 +41,438 @@ shared_context "with a graphql decidim component" do
41
41
  )
42
42
  end
43
43
  end
44
+
45
+ shared_examples "with resource visibility" do
46
+ let(:process_space_factory) { :participatory_process }
47
+ let(:space_type) { "participatoryProcess" }
48
+
49
+ shared_examples "graphQL visible resource" do
50
+ it "is visible" do
51
+ expect(response[space_type]["components"].first[lookout_key]).to eq(query_result)
52
+ end
53
+ end
54
+
55
+ shared_examples "graphQL hidden space" do
56
+ it "should not be visible" do
57
+ expect(response[space_type]).to be_nil
58
+ end
59
+ end
60
+
61
+ shared_examples "graphQL hidden component" do
62
+ it "should not be visible" do
63
+ expect(response[space_type]["components"].first).to be_nil
64
+ end
65
+ end
66
+
67
+ shared_examples "graphQL resource visible for admin" do
68
+ context "when the user is admin" do
69
+ let!(:current_user) { create(:user, :admin, :confirmed, organization: current_organization) }
70
+
71
+ it_behaves_like "graphQL visible resource"
72
+ end
73
+ end
74
+
75
+ shared_examples "graphQL space hidden to visitor" do
76
+ context "when user is visitor" do
77
+ let!(:current_user) { nil }
78
+ it_behaves_like "graphQL hidden space"
79
+ end
80
+ end
81
+
82
+ context "when space is published" do
83
+ let!(:participatory_process) { create(process_space_factory, :published, :with_steps, organization: current_organization) }
84
+
85
+ context "when component is published" do
86
+ let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
87
+
88
+ it_behaves_like "graphQL resource visible for admin"
89
+
90
+ context "when the user is space admin" do
91
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
92
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
93
+ it_behaves_like "graphQL visible resource"
94
+ end
95
+
96
+ context "when the user is space collaborator" do
97
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
98
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
99
+ it_behaves_like "graphQL visible resource"
100
+ end
101
+
102
+ context "when the user is space moderator" do
103
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
104
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
105
+ it_behaves_like "graphQL visible resource"
106
+ end
107
+
108
+ context "when the user is space valuator" do
109
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
110
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
111
+ it_behaves_like "graphQL visible resource"
112
+ end
113
+
114
+ context "when user is visitor" do
115
+ let!(:current_user) { nil }
116
+ it_behaves_like "graphQL visible resource"
117
+ end
118
+
119
+ context "when user is member" do
120
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
121
+ let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
122
+ it_behaves_like "graphQL visible resource"
123
+ end
124
+
125
+ context "when user is member" do
126
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
127
+ let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
128
+ it_behaves_like "graphQL visible resource"
129
+ end
130
+
131
+ context "when user is normal user" do
132
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
133
+ it_behaves_like "graphQL visible resource"
134
+ end
135
+ end
136
+
137
+ context "when component is not published" do
138
+ let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
139
+
140
+ it_behaves_like "graphQL resource visible for admin"
141
+
142
+ context "when the user is space admin" do
143
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
144
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
145
+ it_behaves_like "graphQL visible resource"
146
+ end
147
+
148
+ context "when the user is space collaborator" do
149
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
150
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
151
+ it_behaves_like "graphQL hidden component"
152
+ end
153
+
154
+ context "when the user is space moderator" do
155
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
156
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
157
+ it_behaves_like "graphQL hidden component"
158
+ end
159
+
160
+ context "when the user is space valuator" do
161
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
162
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
163
+ it_behaves_like "graphQL visible resource"
164
+ end
165
+
166
+ context "when user is visitor" do
167
+ let!(:current_user) { nil }
168
+
169
+ it_behaves_like "graphQL hidden component"
170
+ end
171
+
172
+ context "when user is normal user" do
173
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
174
+ it_behaves_like "graphQL hidden component"
175
+ end
176
+
177
+ context "when user is member" do
178
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
179
+ let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
180
+ it_behaves_like "graphQL hidden component"
181
+ end
182
+ end
183
+ end
184
+
185
+ context "when space is published, private and transparent" do
186
+ let(:process_space_factory) { :assembly }
187
+ let(:space_type) { "assembly" }
188
+
189
+ let(:participatory_process_query) do
190
+ %(
191
+ assembly(id: #{participatory_process.id}) {
192
+ components(filter: {type: "#{component_type}"}){
193
+ id
194
+ name {
195
+ translation(locale: "#{locale}")
196
+ }
197
+ weight
198
+ __typename
199
+ ...fooComponent
200
+ }
201
+ id
202
+ }
203
+ )
204
+ end
205
+ let!(:participatory_process) { create(process_space_factory, :published, :private, :transparent, organization: current_organization) }
206
+
207
+ context "when component is published" do
208
+ let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
209
+
210
+ it_behaves_like "graphQL resource visible for admin"
211
+
212
+ context "when the user is space admin" do
213
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
214
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
215
+ it_behaves_like "graphQL visible resource"
216
+ end
217
+
218
+ context "when the user is space collaborator" do
219
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
220
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
221
+ it_behaves_like "graphQL visible resource"
222
+ end
223
+
224
+ context "when the user is space moderator" do
225
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
226
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
227
+ it_behaves_like "graphQL visible resource"
228
+ end
229
+
230
+ context "when the user is space valuator" do
231
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
232
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
233
+ it_behaves_like "graphQL visible resource"
234
+ end
235
+
236
+ context "when user is visitor" do
237
+ let!(:current_user) { nil }
238
+ it_behaves_like "graphQL visible resource"
239
+ end
240
+
241
+ context "when user is member" do
242
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
243
+ let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
244
+ it_behaves_like "graphQL visible resource"
245
+ end
246
+
247
+ context "when user is normal user" do
248
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
249
+ it_behaves_like "graphQL visible resource"
250
+ end
251
+ end
252
+
253
+ context "when component is not published" do
254
+ let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
255
+
256
+ it_behaves_like "graphQL resource visible for admin"
257
+
258
+ context "when the user is space admin" do
259
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
260
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
261
+ it_behaves_like "graphQL visible resource"
262
+ end
263
+
264
+ context "when the user is space collaborator" do
265
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
266
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
267
+ it_behaves_like "graphQL visible resource"
268
+ end
269
+
270
+ context "when the user is space moderator" do
271
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
272
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
273
+ it_behaves_like "graphQL hidden component"
274
+ end
275
+
276
+ context "when the user is space valuator" do
277
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
278
+ let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
279
+ it_behaves_like "graphQL visible resource"
280
+ end
281
+
282
+ context "when user is visitor" do
283
+ let!(:current_user) { nil }
284
+ it_behaves_like "graphQL hidden component"
285
+ end
286
+
287
+ context "when user is normal user" do
288
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
289
+ it_behaves_like "graphQL hidden component"
290
+ end
291
+
292
+ context "when user is member" do
293
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
294
+ let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
295
+ it_behaves_like "graphQL hidden component"
296
+ end
297
+ end
298
+ end
299
+
300
+ context "when space is published but private" do
301
+ let!(:participatory_process) { create(process_space_factory, :published, :private, :with_steps, organization: current_organization) }
302
+
303
+ context "when component is published" do
304
+ let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
305
+
306
+ it_behaves_like "graphQL resource visible for admin"
307
+
308
+ context "when the user is space admin" do
309
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
310
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
311
+ it_behaves_like "graphQL hidden space"
312
+ end
313
+
314
+ context "when the user is space collaborator" do
315
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
316
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
317
+ it_behaves_like "graphQL hidden space"
318
+ end
319
+
320
+ context "when the user is space moderator" do
321
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
322
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
323
+
324
+ it_behaves_like "graphQL hidden space"
325
+ end
326
+
327
+ context "when the user is space valuator" do
328
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
329
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
330
+ it_behaves_like "graphQL hidden space"
331
+ end
332
+
333
+ it_behaves_like "graphQL space hidden to visitor"
334
+
335
+ context "when user is normal user" do
336
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
337
+ it_behaves_like "graphQL hidden space"
338
+ end
339
+
340
+ context "when user is member" do
341
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
342
+ let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
343
+ it_behaves_like "graphQL visible resource"
344
+ end
345
+ end
346
+
347
+ context "when component is not published" do
348
+ let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
349
+
350
+ it_behaves_like "graphQL resource visible for admin"
351
+
352
+ context "when the user is space admin" do
353
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
354
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
355
+ it_behaves_like "graphQL hidden space"
356
+ end
357
+
358
+ context "when the user is space collaborator" do
359
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
360
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
361
+ it_behaves_like "graphQL hidden space"
362
+ end
363
+
364
+ context "when the user is space moderator" do
365
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
366
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
367
+ it_behaves_like "graphQL hidden space"
368
+ end
369
+
370
+ context "when the user is space valuator" do
371
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
372
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
373
+ it_behaves_like "graphQL hidden space"
374
+ end
375
+ it_behaves_like "graphQL space hidden to visitor"
376
+
377
+ context "when user is member" do
378
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
379
+ let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
380
+ it_behaves_like "graphQL hidden component"
381
+ end
382
+ context "when user is normal user" do
383
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
384
+ it_behaves_like "graphQL hidden space"
385
+ end
386
+ end
387
+ end
388
+
389
+ context "when space is unpublished" do
390
+ let(:participatory_process) { create(process_space_factory, :unpublished, :with_steps, organization: current_organization) }
391
+
392
+ context "when component is published" do
393
+ let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
394
+
395
+ it_behaves_like "graphQL resource visible for admin"
396
+
397
+ context "when the user is space admin" do
398
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
399
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
400
+ it_behaves_like "graphQL hidden space"
401
+ end
402
+
403
+ context "when the user is space collaborator" do
404
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
405
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
406
+ it_behaves_like "graphQL hidden space"
407
+ end
408
+
409
+ context "when the user is space moderator" do
410
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
411
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
412
+ it_behaves_like "graphQL hidden space"
413
+ end
414
+
415
+ context "when the user is space valuator" do
416
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
417
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
418
+ it_behaves_like "graphQL hidden space"
419
+ end
420
+
421
+ it_behaves_like "graphQL space hidden to visitor"
422
+
423
+ context "when user is member" do
424
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
425
+ let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
426
+ it_behaves_like "graphQL hidden space"
427
+ end
428
+
429
+ context "when user is normal user" do
430
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
431
+ it_behaves_like "graphQL hidden space"
432
+ end
433
+ end
434
+
435
+ context "when component is not published" do
436
+ let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
437
+
438
+ it_behaves_like "graphQL resource visible for admin"
439
+
440
+ context "when the user is space admin" do
441
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
442
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
443
+ it_behaves_like "graphQL hidden space"
444
+ end
445
+
446
+ context "when the user is space collaborator" do
447
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
448
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
449
+ it_behaves_like "graphQL hidden space"
450
+ end
451
+
452
+ context "when the user is space moderator" do
453
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
454
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
455
+ it_behaves_like "graphQL hidden space"
456
+ end
457
+
458
+ context "when the user is space valuator" do
459
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
460
+ let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
461
+ it_behaves_like "graphQL hidden space"
462
+ end
463
+ it_behaves_like "graphQL space hidden to visitor"
464
+
465
+ context "when user is member" do
466
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
467
+ let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
468
+ it_behaves_like "graphQL hidden space"
469
+ end
470
+
471
+ context "when user is normal user" do
472
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
473
+
474
+ it_behaves_like "graphQL hidden space"
475
+ end
476
+ end
477
+ end
478
+ end
data/lib/decidim/api/test/type_context.rb CHANGED
@@ -2,7 +2,8 @@
2
2
 
3
3
  shared_context "with a graphql class type" do
4
4
  let!(:current_organization) { create(:organization) }
5
- let!(:current_user) { create(:user, organization: current_organization) }
5
+ let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
6
+ let!(:current_component) { create(:component) }
6
7
  let(:model) { OpenStruct.new({}) }
7
8
  let(:type_class) { described_class }
8
9
  let(:variables) { {} }
data/lib/decidim/api/types/base_object.rb CHANGED
@@ -5,6 +5,76 @@ module Decidim
5
5
  module Types
6
6
  class BaseObject < GraphQL::Schema::Object
7
7
  field_class Types::BaseField
8
+
9
+ def self.authorized?(object, context)
10
+ chain = []
11
+
12
+ subject = determine_subject_name(object)
13
+ context[subject] = object
14
+
15
+ chain.unshift(allowed_to?(:read, :participatory_space, object, context)) if object.respond_to?(:participatory_space)
16
+ chain.unshift(allowed_to?(:read, :component, object, context)) if object.respond_to?(:component) && object.component.present?
17
+
18
+ super && chain.all?
19
+ end
20
+
21
+ def self.determine_subject_name(object)
22
+ object.class.name.split("::").last.underscore.to_sym
23
+ end
24
+
25
+ # This is a simplified adaptation of allowed_to? from NeedsPermission concern
26
+ # @param action [Symbol] The action performed. Most cases the action is :read
27
+ # @param subject [Object] The name of the subject. Ex: :participatory_space, :component, or object
28
+ # @param object [ActiveModel::Base] The object that is being represented.
29
+ # @param context [GraphQL::Query::Context] The GraphQL context
30
+ #
31
+ # @return Boolean
32
+ def self.allowed_to?(action, subject, object, context)
33
+ unless subject.is_a?(::Symbol)
34
+ subject = determine_subject_name(object)
35
+ context[subject] = object
36
+ end
37
+
38
+ permission_action = Decidim::PermissionAction.new(scope: :public, action:, subject:)
39
+
40
+ permission_chain(object).inject(permission_action) do |current_permission_action, permission_class|
41
+ permission_class.new(
42
+ context[:current_user],
43
+ current_permission_action,
44
+ local_context(object, context)
45
+ ).permissions
46
+ end.allowed?
47
+ end
48
+
49
+ # Injects into context object current_participatory_space and current_component keys as they are needed
50
+ #
51
+ # @param object [ActiveModel::Base] The object that is being represented.
52
+ # @param context [GraphQL::Query::Context] The GraphQL context
53
+ #
54
+ # @return Hash
55
+ def self.local_context(object, context)
56
+ context[:current_participatory_space] = object.participatory_space if object.respond_to?(:participatory_space)
57
+ context[:current_component] = object.component if object.respond_to?(:component) && object.component.present?
58
+
59
+ context.to_h
60
+ end
61
+
62
+ # Creates the permission chain arrau that contains all the permission classes required to authorize a certain resource
63
+ # We are using unshift as we need the Admin and base permissions to be last in the chain
64
+ # @param object [ActiveModel::Base] The object that is being represented.
65
+ #
66
+ # @return [Decidim::DefaultPermissions]
67
+ def self.permission_chain(object)
68
+ permissions = [
69
+ Decidim::Admin::Permissions,
70
+ Decidim::Permissions
71
+ ]
72
+
73
+ permissions.unshift(object.participatory_space.manifest.permissions_class) if object.respond_to?(:participatory_space)
74
+ permissions.unshift(object.component.manifest.permissions_class) if object.respond_to?(:component) && object.component.present?
75
+
76
+ permissions
77
+ end
8
78
  end
9
79
  end
10
80
  end
data/lib/decidim/api/version.rb CHANGED
@@ -4,7 +4,7 @@ module Decidim
4
4
  # This holds the decidim-api version.
5
5
  module Api
6
6
  def self.version
7
- "0.28.4"
7
+ "0.28.6"
8
8
  end
9
9
  end
10
10
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: decidim-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.28.4
4
+ version: 0.28.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josep Jaume Rey Peroy
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2024-10-02 00:00:00.000000000 Z
13
+ date: 2025-04-29 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: commonmarker
@@ -38,14 +38,14 @@ dependencies:
38
38
  requirements:
39
39
  - - '='
40
40
  - !ruby/object:Gem::Version
41
- version: 0.28.4
41
+ version: 0.28.6
42
42
  type: :runtime
43
43
  prerelease: false
44
44
  version_requirements: !ruby/object:Gem::Requirement
45
45
  requirements:
46
46
  - - '='
47
47
  - !ruby/object:Gem::Version
48
- version: 0.28.4
48
+ version: 0.28.6
49
49
  - !ruby/object:Gem::Dependency
50
50
  name: graphql
51
51
  requirement: !ruby/object:Gem::Requirement
@@ -88,48 +88,62 @@ dependencies:
88
88
  - - "~>"
89
89
  - !ruby/object:Gem::Version
90
90
  version: '1.0'
91
+ - !ruby/object:Gem::Dependency
92
+ name: decidim-assemblies
93
+ requirement: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - '='
96
+ - !ruby/object:Gem::Version
97
+ version: 0.28.6
98
+ type: :development
99
+ prerelease: false
100
+ version_requirements: !ruby/object:Gem::Requirement
101
+ requirements:
102
+ - - '='
103
+ - !ruby/object:Gem::Version
104
+ version: 0.28.6
91
105
  - !ruby/object:Gem::Dependency
92
106
  name: decidim-comments
93
107
  requirement: !ruby/object:Gem::Requirement
94
108
  requirements:
95
109
  - - '='
96
110
  - !ruby/object:Gem::Version
97
- version: 0.28.4
111
+ version: 0.28.6
98
112
  type: :development
99
113
  prerelease: false
100
114
  version_requirements: !ruby/object:Gem::Requirement
101
115
  requirements:
102
116
  - - '='
103
117
  - !ruby/object:Gem::Version
104
- version: 0.28.4
118
+ version: 0.28.6
105
119
  - !ruby/object:Gem::Dependency
106
120
  name: decidim-dev
107
121
  requirement: !ruby/object:Gem::Requirement
108
122
  requirements:
109
123
  - - '='
110
124
  - !ruby/object:Gem::Version
111
- version: 0.28.4
125
+ version: 0.28.6
112
126
  type: :development
113
127
  prerelease: false
114
128
  version_requirements: !ruby/object:Gem::Requirement
115
129
  requirements:
116
130
  - - '='
117
131
  - !ruby/object:Gem::Version
118
- version: 0.28.4
132
+ version: 0.28.6
119
133
  - !ruby/object:Gem::Dependency
120
134
  name: decidim-participatory_processes
121
135
  requirement: !ruby/object:Gem::Requirement
122
136
  requirements:
123
137
  - - '='
124
138
  - !ruby/object:Gem::Version
125
- version: 0.28.4
139
+ version: 0.28.6
126
140
  type: :development
127
141
  prerelease: false
128
142
  version_requirements: !ruby/object:Gem::Requirement
129
143
  requirements:
130
144
  - - '='
131
145
  - !ruby/object:Gem::Version
132
- version: 0.28.4
146
+ version: 0.28.6
133
147
  description: API engine for decidim
134
148
  email:
135
149
  - josepjaume@gmail.com
@@ -182,7 +196,7 @@ files:
182
196
  - lib/tasks/decidim_api_docs.rake
183
197
  homepage: https://decidim.org
184
198
  licenses:
185
- - AGPL-3.0
199
+ - AGPL-3.0-or-later
186
200
  metadata:
187
201
  bug_tracker_uri: https://github.com/decidim/decidim/issues
188
202
  documentation_uri: https://docs.decidim.org/