decidim-api 0.29.1 → 0.29.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9585f47d411b9a9e9bda8e8a5608a3fcd90582e9844c7baed210b3c935b91c3b
-  data.tar.gz: 641a97f83951689fc9d1e3ebd3fedc10749ee6a23a6681c59cbca0d781da45c5
+  metadata.gz: 468053a5bebf49385de8bda0afb78d2e4eac0c53899e9fb2b5d96c3cb4d7542b
+  data.tar.gz: 9ac0c09214d171b017d946f7e1aec123b9bc1616e5152ba3bbfe63eb9db45f8b
 SHA512:
-  metadata.gz: ac63bab88afe41a312a3b0a563d017f7a1fbba6ffb4b8b4001485c57b197b0b239b1ab30bd552098b5e8a532d20b507dc3b1d43c4f8fa258f116dea01ba1912d
-  data.tar.gz: 3c3863d36870b095f7afd928477f8c0e17cd3bef07ee1862c5162e717d44c6cf33458d59f5110ee19428502dd61d6073d09434a26aaffff7c389f618a5957c28
+  metadata.gz: 98af2b7e9adcd818c182d996734e0cfc3b77b95849b8e0f02140de3d66da889570cc1871fc3ef53d79b771ecd20c3ab3806ef6fd1731202ed44976b257fb6378
+  data.tar.gz: 1485446fae224e268fbd7f63a6f5efa4e0966203740a14e54334c33c055a7793f78e49b85c5037f62487474fac9996a7ba0a84c7180f1e2e0308140b602e2d47

data/decidim-api.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |s|
   s.version = Decidim::Api.version
   s.authors = ["Josep Jaume Rey Peroy", "Marc Riera Casals", "Oriol Gual Oliva"]
   s.email = ["josepjaume@gmail.com", "mrc2407@gmail.com", "oriolgual@gmail.com"]
-  s.license = "AGPL-3.0"
+  s.license = "AGPL-3.0-or-later"
   s.homepage = "https://decidim.org"
   s.metadata = {
     "bug_tracker_uri" => "https://github.com/decidim/decidim/issues",
@@ -37,6 +37,7 @@ Gem::Specification.new do |s|
   s.add_dependency "graphql-docs", "~> 4.0"
   s.add_dependency "rack-cors", "~> 1.0"
 
+  s.add_development_dependency "decidim-assemblies", Decidim::Api.version
   s.add_development_dependency "decidim-comments", Decidim::Api.version
   s.add_development_dependency "decidim-dev", Decidim::Api.version
   s.add_development_dependency "decidim-participatory_processes", Decidim::Api.version

data/lib/decidim/api/test/component_context.rb

@@ -41,3 +41,438 @@ shared_context "with a graphql decidim component" do
     )
   end
 end
+
+shared_examples "with resource visibility" do
+  let(:process_space_factory) { :participatory_process }
+  let(:space_type) { "participatoryProcess" }
+
+  shared_examples "graphQL visible resource" do
+    it "is visible" do
+      expect(response[space_type]["components"].first[lookout_key]).to eq(query_result)
+    end
+  end
+
+  shared_examples "graphQL hidden space" do
+    it "should not be visible" do
+      expect(response[space_type]).to be_nil
+    end
+  end
+
+  shared_examples "graphQL hidden component" do
+    it "should not be visible" do
+      expect(response[space_type]["components"].first).to be_nil
+    end
+  end
+
+  shared_examples "graphQL resource visible for admin" do
+    context "when the user is admin" do
+      let!(:current_user) { create(:user, :admin, :confirmed, organization: current_organization) }
+
+      it_behaves_like "graphQL visible resource"
+    end
+  end
+
+  shared_examples "graphQL space hidden to visitor" do
+    context "when user is visitor" do
+      let!(:current_user) { nil }
+      it_behaves_like "graphQL hidden space"
+    end
+  end
+
+  context "when space is published" do
+    let!(:participatory_process) { create(process_space_factory, :published, :with_steps, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL visible resource"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden component"
+      end
+    end
+  end
+
+  context "when space is published, private and transparent" do
+    let(:process_space_factory) { :assembly }
+    let(:space_type) { "assembly" }
+
+    let(:participatory_process_query) do
+      %(
+      assembly(id: #{participatory_process.id}) {
+        components(filter: {type: "#{component_type}"}){
+          id
+          name {
+            translation(locale: "#{locale}")
+          }
+          weight
+          __typename
+          ...fooComponent
+        }
+        id
+      }
+    )
+    end
+    let!(:participatory_process) { create(process_space_factory, :published, :private, :transparent, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL visible resource"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden component"
+      end
+    end
+  end
+
+  context "when space is published but private" do
+    let!(:participatory_process) { create(process_space_factory, :published, :private, :with_steps, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden component"
+      end
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden space"
+      end
+    end
+  end
+
+  context "when space is unpublished" do
+    let(:participatory_process) { create(process_space_factory, :unpublished, :with_steps, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden space"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+
+        it_behaves_like "graphQL hidden space"
+      end
+    end
+  end
+end

data/lib/decidim/api/test/type_context.rb

@@ -2,7 +2,7 @@
 
 shared_context "with a graphql class type" do
   let!(:current_organization) { create(:organization) }
-  let!(:current_user) { create(:user, organization: current_organization) }
+  let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
   let!(:current_component) { create(:component) }
   let(:model) { OpenStruct.new({}) }
   let(:type_class) { described_class }

data/lib/decidim/api/types/base_object.rb

@@ -5,6 +5,76 @@ module Decidim
     module Types
       class BaseObject < GraphQL::Schema::Object
         field_class Types::BaseField
+
+        def self.authorized?(object, context)
+          chain = []
+
+          subject = determine_subject_name(object)
+          context[subject] = object
+
+          chain.unshift(allowed_to?(:read, :participatory_space, object, context)) if object.respond_to?(:participatory_space)
+          chain.unshift(allowed_to?(:read, :component, object, context)) if object.respond_to?(:component) && object.component.present?
+
+          super && chain.all?
+        end
+
+        def self.determine_subject_name(object)
+          object.class.name.split("::").last.underscore.to_sym
+        end
+
+        # This is a simplified adaptation of allowed_to? from NeedsPermission concern
+        # @param action [Symbol] The action performed. Most cases the action is :read
+        # @param subject [Object] The name of the subject. Ex: :participatory_space, :component, or object
+        # @param object [ActiveModel::Base] The object that is being represented.
+        # @param context [GraphQL::Query::Context] The GraphQL context
+        #
+        # @return Boolean
+        def self.allowed_to?(action, subject, object, context)
+          unless subject.is_a?(::Symbol)
+            subject = determine_subject_name(object)
+            context[subject] = object
+          end
+
+          permission_action = Decidim::PermissionAction.new(scope: :public, action:, subject:)
+
+          permission_chain(object).inject(permission_action) do |current_permission_action, permission_class|
+            permission_class.new(
+              context[:current_user],
+              current_permission_action,
+              local_context(object, context)
+            ).permissions
+          end.allowed?
+        end
+
+        # Injects into context object current_participatory_space and current_component keys as they are needed
+        #
+        # @param object [ActiveModel::Base] The object that is being represented.
+        # @param context [GraphQL::Query::Context] The GraphQL context
+        #
+        # @return Hash
+        def self.local_context(object, context)
+          context[:current_participatory_space] = object.participatory_space if object.respond_to?(:participatory_space)
+          context[:current_component] = object.component if object.respond_to?(:component) && object.component.present?
+
+          context.to_h
+        end
+
+        # Creates the permission chain arrau that contains all the permission classes required to authorize a certain resource
+        # We are using unshift as we need the Admin and base permissions to be last in the chain
+        # @param object [ActiveModel::Base] The object that is being represented.
+        #
+        # @return [Decidim::DefaultPermissions]
+        def self.permission_chain(object)
+          permissions = [
+            Decidim::Admin::Permissions,
+            Decidim::Permissions
+          ]
+
+          permissions.unshift(object.participatory_space.manifest.permissions_class) if object.respond_to?(:participatory_space)
+          permissions.unshift(object.component.manifest.permissions_class) if object.respond_to?(:component) && object.component.present?
+
+          permissions
+        end
       end
     end
   end

data/lib/decidim/api/version.rb

@@ -4,7 +4,7 @@ module Decidim
   # This holds the decidim-api version.
   module Api
     def self.version
-      "0.29.1"
+      "0.29.3"
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: decidim-api
 version: !ruby/object:Gem::Version
-  version: 0.29.1
+  version: 0.29.3
 platform: ruby
 authors:
 - Josep Jaume Rey Peroy
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-02 00:00:00.000000000 Z
+date: 2025-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: decidim-core
@@ -18,14 +18,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
@@ -68,48 +68,62 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: decidim-assemblies
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.29.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.29.3
 - !ruby/object:Gem::Dependency
   name: decidim-comments
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
 - !ruby/object:Gem::Dependency
   name: decidim-dev
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
 - !ruby/object:Gem::Dependency
   name: decidim-participatory_processes
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.29.3
 description: API engine for decidim
 email:
 - josepjaume@gmail.com
@@ -162,7 +176,7 @@ files:
 - lib/tasks/decidim_api_docs.rake
 homepage: https://decidim.org
 licenses:
-- AGPL-3.0
+- AGPL-3.0-or-later
 metadata:
   bug_tracker_uri: https://github.com/decidim/decidim/issues
   documentation_uri: https://docs.decidim.org/