decidim-api 0.29.1 → 0.30.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/decidim-api.gemspec +5 -4
- data/lib/decidim/api/test/component_context.rb +438 -2
- data/lib/decidim/api/test/type_context.rb +1 -1
- data/lib/decidim/api/types/base_object.rb +70 -0
- data/lib/decidim/api/version.rb +1 -1
- data/lib/decidim/api.rb +4 -0
- metadata +31 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2fee654b2c8123c5e96d037b90447eea8cb6fe330698bcccc5fc5333809ef9e5
|
|
4
|
+
data.tar.gz: 2f41b07548990e7c19952d51cbd22e153ff86a8461b564f4f83088922374443a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 84fea0923ec4e3ffea2393241b0c5cb4f915400ab978033e001f7342b561a782a57436ca07b990ef115c737fcc05ec49c498e80a390f67bb04f951216db5f3b0
|
|
7
|
+
data.tar.gz: 27dcf85d7b0b5cb83657b5b34c5c64d5edbd8234a848474c25a7ad27bb414deeaa7475f03126b368750d2a16b59ac2f77117325d42723edbae6b5f7677bb1dbe
|
data/decidim-api.gemspec
CHANGED
|
@@ -10,7 +10,7 @@ Gem::Specification.new do |s|
|
|
|
10
10
|
s.version = Decidim::Api.version
|
|
11
11
|
s.authors = ["Josep Jaume Rey Peroy", "Marc Riera Casals", "Oriol Gual Oliva"]
|
|
12
12
|
s.email = ["josepjaume@gmail.com", "mrc2407@gmail.com", "oriolgual@gmail.com"]
|
|
13
|
-
s.license = "AGPL-3.0"
|
|
13
|
+
s.license = "AGPL-3.0-or-later"
|
|
14
14
|
s.homepage = "https://decidim.org"
|
|
15
15
|
s.metadata = {
|
|
16
16
|
"bug_tracker_uri" => "https://github.com/decidim/decidim/issues",
|
|
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
"homepage_uri" => "https://decidim.org",
|
|
20
20
|
"source_code_uri" => "https://github.com/decidim/decidim"
|
|
21
21
|
}
|
|
22
|
-
s.required_ruby_version = "~> 3.
|
|
22
|
+
s.required_ruby_version = "~> 3.3.0"
|
|
23
23
|
|
|
24
24
|
s.name = "decidim-api"
|
|
25
25
|
s.summary = "Decidim API module"
|
|
@@ -33,10 +33,11 @@ Gem::Specification.new do |s|
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
s.add_dependency "decidim-core", Decidim::Api.version
|
|
36
|
-
s.add_dependency "graphql", "~> 2.
|
|
37
|
-
s.add_dependency "graphql-docs", "~>
|
|
36
|
+
s.add_dependency "graphql", "~> 2.4.0"
|
|
37
|
+
s.add_dependency "graphql-docs", "~> 5.0"
|
|
38
38
|
s.add_dependency "rack-cors", "~> 1.0"
|
|
39
39
|
|
|
40
|
+
s.add_development_dependency "decidim-assemblies", Decidim::Api.version
|
|
40
41
|
s.add_development_dependency "decidim-comments", Decidim::Api.version
|
|
41
42
|
s.add_development_dependency "decidim-dev", Decidim::Api.version
|
|
42
43
|
s.add_development_dependency "decidim-participatory_processes", Decidim::Api.version
|
|
@@ -9,8 +9,9 @@ shared_context "with a graphql decidim component" do
|
|
|
9
9
|
|
|
10
10
|
let(:locale) { "en" }
|
|
11
11
|
|
|
12
|
-
let(:participatory_process) { create
|
|
13
|
-
let(:
|
|
12
|
+
let(:participatory_process) { create(:participatory_process, organization: current_organization) }
|
|
13
|
+
let(:taxonomy) { create(:taxonomy, :with_parent, organization: participatory_process.organization) }
|
|
14
|
+
let(:taxonomies) { [taxonomy] }
|
|
14
15
|
|
|
15
16
|
let(:component_type) { nil }
|
|
16
17
|
let(:component_fragment) { nil }
|
|
@@ -41,3 +42,438 @@ shared_context "with a graphql decidim component" do
|
|
|
41
42
|
)
|
|
42
43
|
end
|
|
43
44
|
end
|
|
45
|
+
|
|
46
|
+
shared_examples "with resource visibility" do
|
|
47
|
+
let(:process_space_factory) { :participatory_process }
|
|
48
|
+
let(:space_type) { "participatoryProcess" }
|
|
49
|
+
|
|
50
|
+
shared_examples "graphQL visible resource" do
|
|
51
|
+
it "is visible" do
|
|
52
|
+
expect(response[space_type]["components"].first[lookout_key]).to eq(query_result)
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
shared_examples "graphQL hidden space" do
|
|
57
|
+
it "should not be visible" do
|
|
58
|
+
expect(response[space_type]).to be_nil
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
shared_examples "graphQL hidden component" do
|
|
63
|
+
it "should not be visible" do
|
|
64
|
+
expect(response[space_type]["components"].first).to be_nil
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
shared_examples "graphQL resource visible for admin" do
|
|
69
|
+
context "when the user is admin" do
|
|
70
|
+
let!(:current_user) { create(:user, :admin, :confirmed, organization: current_organization) }
|
|
71
|
+
|
|
72
|
+
it_behaves_like "graphQL visible resource"
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
shared_examples "graphQL space hidden to visitor" do
|
|
77
|
+
context "when user is visitor" do
|
|
78
|
+
let!(:current_user) { nil }
|
|
79
|
+
it_behaves_like "graphQL hidden space"
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
context "when space is published" do
|
|
84
|
+
let!(:participatory_process) { create(process_space_factory, :published, :with_steps, organization: current_organization) }
|
|
85
|
+
|
|
86
|
+
context "when component is published" do
|
|
87
|
+
let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
|
|
88
|
+
|
|
89
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
90
|
+
|
|
91
|
+
context "when the user is space admin" do
|
|
92
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
93
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
|
|
94
|
+
it_behaves_like "graphQL visible resource"
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
context "when the user is space collaborator" do
|
|
98
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
99
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
|
|
100
|
+
it_behaves_like "graphQL visible resource"
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
context "when the user is space moderator" do
|
|
104
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
105
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
|
|
106
|
+
it_behaves_like "graphQL visible resource"
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
context "when the user is space valuator" do
|
|
110
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
111
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
|
|
112
|
+
it_behaves_like "graphQL visible resource"
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
context "when user is visitor" do
|
|
116
|
+
let!(:current_user) { nil }
|
|
117
|
+
it_behaves_like "graphQL visible resource"
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
context "when user is member" do
|
|
121
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
122
|
+
let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
|
|
123
|
+
it_behaves_like "graphQL visible resource"
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
context "when user is member" do
|
|
127
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
128
|
+
let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
|
|
129
|
+
it_behaves_like "graphQL visible resource"
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
context "when user is normal user" do
|
|
133
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
134
|
+
it_behaves_like "graphQL visible resource"
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
context "when component is not published" do
|
|
139
|
+
let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
|
|
140
|
+
|
|
141
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
142
|
+
|
|
143
|
+
context "when the user is space admin" do
|
|
144
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
145
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
|
|
146
|
+
it_behaves_like "graphQL visible resource"
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
context "when the user is space collaborator" do
|
|
150
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
151
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
|
|
152
|
+
it_behaves_like "graphQL hidden component"
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
context "when the user is space moderator" do
|
|
156
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
157
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
|
|
158
|
+
it_behaves_like "graphQL hidden component"
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
context "when the user is space valuator" do
|
|
162
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
163
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
|
|
164
|
+
it_behaves_like "graphQL visible resource"
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
context "when user is visitor" do
|
|
168
|
+
let!(:current_user) { nil }
|
|
169
|
+
|
|
170
|
+
it_behaves_like "graphQL hidden component"
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
context "when user is normal user" do
|
|
174
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
175
|
+
it_behaves_like "graphQL hidden component"
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
context "when user is member" do
|
|
179
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
180
|
+
let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
|
|
181
|
+
it_behaves_like "graphQL hidden component"
|
|
182
|
+
end
|
|
183
|
+
end
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
context "when space is published, private and transparent" do
|
|
187
|
+
let(:process_space_factory) { :assembly }
|
|
188
|
+
let(:space_type) { "assembly" }
|
|
189
|
+
|
|
190
|
+
let(:participatory_process_query) do
|
|
191
|
+
%(
|
|
192
|
+
assembly(id: #{participatory_process.id}) {
|
|
193
|
+
components(filter: {type: "#{component_type}"}){
|
|
194
|
+
id
|
|
195
|
+
name {
|
|
196
|
+
translation(locale: "#{locale}")
|
|
197
|
+
}
|
|
198
|
+
weight
|
|
199
|
+
__typename
|
|
200
|
+
...fooComponent
|
|
201
|
+
}
|
|
202
|
+
id
|
|
203
|
+
}
|
|
204
|
+
)
|
|
205
|
+
end
|
|
206
|
+
let!(:participatory_process) { create(process_space_factory, :published, :private, :transparent, organization: current_organization) }
|
|
207
|
+
|
|
208
|
+
context "when component is published" do
|
|
209
|
+
let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
|
|
210
|
+
|
|
211
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
212
|
+
|
|
213
|
+
context "when the user is space admin" do
|
|
214
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
215
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
|
|
216
|
+
it_behaves_like "graphQL visible resource"
|
|
217
|
+
end
|
|
218
|
+
|
|
219
|
+
context "when the user is space collaborator" do
|
|
220
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
221
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
|
|
222
|
+
it_behaves_like "graphQL visible resource"
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
context "when the user is space moderator" do
|
|
226
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
227
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
|
|
228
|
+
it_behaves_like "graphQL visible resource"
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
context "when the user is space valuator" do
|
|
232
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
233
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
|
|
234
|
+
it_behaves_like "graphQL visible resource"
|
|
235
|
+
end
|
|
236
|
+
|
|
237
|
+
context "when user is visitor" do
|
|
238
|
+
let!(:current_user) { nil }
|
|
239
|
+
it_behaves_like "graphQL visible resource"
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
context "when user is member" do
|
|
243
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
244
|
+
let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
|
|
245
|
+
it_behaves_like "graphQL visible resource"
|
|
246
|
+
end
|
|
247
|
+
|
|
248
|
+
context "when user is normal user" do
|
|
249
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
250
|
+
it_behaves_like "graphQL visible resource"
|
|
251
|
+
end
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
context "when component is not published" do
|
|
255
|
+
let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
|
|
256
|
+
|
|
257
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
258
|
+
|
|
259
|
+
context "when the user is space admin" do
|
|
260
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
261
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
|
|
262
|
+
it_behaves_like "graphQL visible resource"
|
|
263
|
+
end
|
|
264
|
+
|
|
265
|
+
context "when the user is space collaborator" do
|
|
266
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
267
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
|
|
268
|
+
it_behaves_like "graphQL visible resource"
|
|
269
|
+
end
|
|
270
|
+
|
|
271
|
+
context "when the user is space moderator" do
|
|
272
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
273
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
|
|
274
|
+
it_behaves_like "graphQL hidden component"
|
|
275
|
+
end
|
|
276
|
+
|
|
277
|
+
context "when the user is space valuator" do
|
|
278
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
279
|
+
let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
|
|
280
|
+
it_behaves_like "graphQL visible resource"
|
|
281
|
+
end
|
|
282
|
+
|
|
283
|
+
context "when user is visitor" do
|
|
284
|
+
let!(:current_user) { nil }
|
|
285
|
+
it_behaves_like "graphQL hidden component"
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
context "when user is normal user" do
|
|
289
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
290
|
+
it_behaves_like "graphQL hidden component"
|
|
291
|
+
end
|
|
292
|
+
|
|
293
|
+
context "when user is member" do
|
|
294
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
295
|
+
let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
|
|
296
|
+
it_behaves_like "graphQL hidden component"
|
|
297
|
+
end
|
|
298
|
+
end
|
|
299
|
+
end
|
|
300
|
+
|
|
301
|
+
context "when space is published but private" do
|
|
302
|
+
let!(:participatory_process) { create(process_space_factory, :published, :private, :with_steps, organization: current_organization) }
|
|
303
|
+
|
|
304
|
+
context "when component is published" do
|
|
305
|
+
let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
|
|
306
|
+
|
|
307
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
308
|
+
|
|
309
|
+
context "when the user is space admin" do
|
|
310
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
311
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
|
|
312
|
+
it_behaves_like "graphQL hidden space"
|
|
313
|
+
end
|
|
314
|
+
|
|
315
|
+
context "when the user is space collaborator" do
|
|
316
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
317
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
|
|
318
|
+
it_behaves_like "graphQL hidden space"
|
|
319
|
+
end
|
|
320
|
+
|
|
321
|
+
context "when the user is space moderator" do
|
|
322
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
323
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
|
|
324
|
+
|
|
325
|
+
it_behaves_like "graphQL hidden space"
|
|
326
|
+
end
|
|
327
|
+
|
|
328
|
+
context "when the user is space valuator" do
|
|
329
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
330
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
|
|
331
|
+
it_behaves_like "graphQL hidden space"
|
|
332
|
+
end
|
|
333
|
+
|
|
334
|
+
it_behaves_like "graphQL space hidden to visitor"
|
|
335
|
+
|
|
336
|
+
context "when user is normal user" do
|
|
337
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
338
|
+
it_behaves_like "graphQL hidden space"
|
|
339
|
+
end
|
|
340
|
+
|
|
341
|
+
context "when user is member" do
|
|
342
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
343
|
+
let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
|
|
344
|
+
it_behaves_like "graphQL visible resource"
|
|
345
|
+
end
|
|
346
|
+
end
|
|
347
|
+
|
|
348
|
+
context "when component is not published" do
|
|
349
|
+
let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
|
|
350
|
+
|
|
351
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
352
|
+
|
|
353
|
+
context "when the user is space admin" do
|
|
354
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
355
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
|
|
356
|
+
it_behaves_like "graphQL hidden space"
|
|
357
|
+
end
|
|
358
|
+
|
|
359
|
+
context "when the user is space collaborator" do
|
|
360
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
361
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
|
|
362
|
+
it_behaves_like "graphQL hidden space"
|
|
363
|
+
end
|
|
364
|
+
|
|
365
|
+
context "when the user is space moderator" do
|
|
366
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
367
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
|
|
368
|
+
it_behaves_like "graphQL hidden space"
|
|
369
|
+
end
|
|
370
|
+
|
|
371
|
+
context "when the user is space valuator" do
|
|
372
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
373
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
|
|
374
|
+
it_behaves_like "graphQL hidden space"
|
|
375
|
+
end
|
|
376
|
+
it_behaves_like "graphQL space hidden to visitor"
|
|
377
|
+
|
|
378
|
+
context "when user is member" do
|
|
379
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
380
|
+
let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
|
|
381
|
+
it_behaves_like "graphQL hidden component"
|
|
382
|
+
end
|
|
383
|
+
context "when user is normal user" do
|
|
384
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
385
|
+
it_behaves_like "graphQL hidden space"
|
|
386
|
+
end
|
|
387
|
+
end
|
|
388
|
+
end
|
|
389
|
+
|
|
390
|
+
context "when space is unpublished" do
|
|
391
|
+
let(:participatory_process) { create(process_space_factory, :unpublished, :with_steps, organization: current_organization) }
|
|
392
|
+
|
|
393
|
+
context "when component is published" do
|
|
394
|
+
let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
|
|
395
|
+
|
|
396
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
397
|
+
|
|
398
|
+
context "when the user is space admin" do
|
|
399
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
400
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
|
|
401
|
+
it_behaves_like "graphQL hidden space"
|
|
402
|
+
end
|
|
403
|
+
|
|
404
|
+
context "when the user is space collaborator" do
|
|
405
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
406
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
|
|
407
|
+
it_behaves_like "graphQL hidden space"
|
|
408
|
+
end
|
|
409
|
+
|
|
410
|
+
context "when the user is space moderator" do
|
|
411
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
412
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
|
|
413
|
+
it_behaves_like "graphQL hidden space"
|
|
414
|
+
end
|
|
415
|
+
|
|
416
|
+
context "when the user is space valuator" do
|
|
417
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
418
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
|
|
419
|
+
it_behaves_like "graphQL hidden space"
|
|
420
|
+
end
|
|
421
|
+
|
|
422
|
+
it_behaves_like "graphQL space hidden to visitor"
|
|
423
|
+
|
|
424
|
+
context "when user is member" do
|
|
425
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
426
|
+
let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
|
|
427
|
+
it_behaves_like "graphQL hidden space"
|
|
428
|
+
end
|
|
429
|
+
|
|
430
|
+
context "when user is normal user" do
|
|
431
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
432
|
+
it_behaves_like "graphQL hidden space"
|
|
433
|
+
end
|
|
434
|
+
end
|
|
435
|
+
|
|
436
|
+
context "when component is not published" do
|
|
437
|
+
let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
|
|
438
|
+
|
|
439
|
+
it_behaves_like "graphQL resource visible for admin"
|
|
440
|
+
|
|
441
|
+
context "when the user is space admin" do
|
|
442
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
443
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
|
|
444
|
+
it_behaves_like "graphQL hidden space"
|
|
445
|
+
end
|
|
446
|
+
|
|
447
|
+
context "when the user is space collaborator" do
|
|
448
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
449
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
|
|
450
|
+
it_behaves_like "graphQL hidden space"
|
|
451
|
+
end
|
|
452
|
+
|
|
453
|
+
context "when the user is space moderator" do
|
|
454
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
455
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
|
|
456
|
+
it_behaves_like "graphQL hidden space"
|
|
457
|
+
end
|
|
458
|
+
|
|
459
|
+
context "when the user is space valuator" do
|
|
460
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
461
|
+
let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
|
|
462
|
+
it_behaves_like "graphQL hidden space"
|
|
463
|
+
end
|
|
464
|
+
it_behaves_like "graphQL space hidden to visitor"
|
|
465
|
+
|
|
466
|
+
context "when user is member" do
|
|
467
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
468
|
+
let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
|
|
469
|
+
it_behaves_like "graphQL hidden space"
|
|
470
|
+
end
|
|
471
|
+
|
|
472
|
+
context "when user is normal user" do
|
|
473
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
474
|
+
|
|
475
|
+
it_behaves_like "graphQL hidden space"
|
|
476
|
+
end
|
|
477
|
+
end
|
|
478
|
+
end
|
|
479
|
+
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
shared_context "with a graphql class type" do
|
|
4
4
|
let!(:current_organization) { create(:organization) }
|
|
5
|
-
let!(:current_user) { create(:user, organization: current_organization) }
|
|
5
|
+
let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
|
|
6
6
|
let!(:current_component) { create(:component) }
|
|
7
7
|
let(:model) { OpenStruct.new({}) }
|
|
8
8
|
let(:type_class) { described_class }
|
|
@@ -5,6 +5,76 @@ module Decidim
|
|
|
5
5
|
module Types
|
|
6
6
|
class BaseObject < GraphQL::Schema::Object
|
|
7
7
|
field_class Types::BaseField
|
|
8
|
+
|
|
9
|
+
def self.authorized?(object, context)
|
|
10
|
+
chain = []
|
|
11
|
+
|
|
12
|
+
subject = determine_subject_name(object)
|
|
13
|
+
context[subject] = object
|
|
14
|
+
|
|
15
|
+
chain.unshift(allowed_to?(:read, :participatory_space, object, context)) if object.respond_to?(:participatory_space)
|
|
16
|
+
chain.unshift(allowed_to?(:read, :component, object, context)) if object.respond_to?(:component) && object.component.present?
|
|
17
|
+
|
|
18
|
+
super && chain.all?
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def self.determine_subject_name(object)
|
|
22
|
+
object.class.name.split("::").last.underscore.to_sym
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# This is a simplified adaptation of allowed_to? from NeedsPermission concern
|
|
26
|
+
# @param action [Symbol] The action performed. Most cases the action is :read
|
|
27
|
+
# @param subject [Object] The name of the subject. Ex: :participatory_space, :component, or object
|
|
28
|
+
# @param object [ActiveModel::Base] The object that is being represented.
|
|
29
|
+
# @param context [GraphQL::Query::Context] The GraphQL context
|
|
30
|
+
#
|
|
31
|
+
# @return Boolean
|
|
32
|
+
def self.allowed_to?(action, subject, object, context)
|
|
33
|
+
unless subject.is_a?(::Symbol)
|
|
34
|
+
subject = determine_subject_name(object)
|
|
35
|
+
context[subject] = object
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
permission_action = Decidim::PermissionAction.new(scope: :public, action:, subject:)
|
|
39
|
+
|
|
40
|
+
permission_chain(object).inject(permission_action) do |current_permission_action, permission_class|
|
|
41
|
+
permission_class.new(
|
|
42
|
+
context[:current_user],
|
|
43
|
+
current_permission_action,
|
|
44
|
+
local_context(object, context)
|
|
45
|
+
).permissions
|
|
46
|
+
end.allowed?
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
# Injects into context object current_participatory_space and current_component keys as they are needed
|
|
50
|
+
#
|
|
51
|
+
# @param object [ActiveModel::Base] The object that is being represented.
|
|
52
|
+
# @param context [GraphQL::Query::Context] The GraphQL context
|
|
53
|
+
#
|
|
54
|
+
# @return Hash
|
|
55
|
+
def self.local_context(object, context)
|
|
56
|
+
context[:current_participatory_space] = object.participatory_space if object.respond_to?(:participatory_space)
|
|
57
|
+
context[:current_component] = object.component if object.respond_to?(:component) && object.component.present?
|
|
58
|
+
|
|
59
|
+
context.to_h
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# Creates the permission chain arrau that contains all the permission classes required to authorize a certain resource
|
|
63
|
+
# We are using unshift as we need the Admin and base permissions to be last in the chain
|
|
64
|
+
# @param object [ActiveModel::Base] The object that is being represented.
|
|
65
|
+
#
|
|
66
|
+
# @return [Decidim::DefaultPermissions]
|
|
67
|
+
def self.permission_chain(object)
|
|
68
|
+
permissions = [
|
|
69
|
+
Decidim::Admin::Permissions,
|
|
70
|
+
Decidim::Permissions
|
|
71
|
+
]
|
|
72
|
+
|
|
73
|
+
permissions.unshift(object.participatory_space.manifest.permissions_class) if object.respond_to?(:participatory_space)
|
|
74
|
+
permissions.unshift(object.component.manifest.permissions_class) if object.respond_to?(:component) && object.component.present?
|
|
75
|
+
|
|
76
|
+
permissions
|
|
77
|
+
end
|
|
8
78
|
end
|
|
9
79
|
end
|
|
10
80
|
end
|
data/lib/decidim/api/version.rb
CHANGED
data/lib/decidim/api.rb
CHANGED
|
@@ -24,6 +24,10 @@ module Decidim
|
|
|
24
24
|
15
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
+
config_accessor :disclose_system_version do
|
|
28
|
+
%w(1 true yes).include?(ENV.fetch("DECIDIM_API_DISCLOSE_SYSTEM_VERSION", nil))
|
|
29
|
+
end
|
|
30
|
+
|
|
27
31
|
# This declares all the types an interface or union can resolve to. This needs
|
|
28
32
|
# to be done in order to be able to have them found. This is a shortcoming of
|
|
29
33
|
# graphql-ruby and the way it deals with loading types, in combination with
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: decidim-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.30.0.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josep Jaume Rey Peroy
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2025-02-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: decidim-core
|
|
@@ -18,42 +18,42 @@ dependencies:
|
|
|
18
18
|
requirements:
|
|
19
19
|
- - '='
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
|
-
version: 0.
|
|
21
|
+
version: 0.30.0.rc1
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
25
|
requirements:
|
|
26
26
|
- - '='
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
|
-
version: 0.
|
|
28
|
+
version: 0.30.0.rc1
|
|
29
29
|
- !ruby/object:Gem::Dependency
|
|
30
30
|
name: graphql
|
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
|
32
32
|
requirements:
|
|
33
33
|
- - "~>"
|
|
34
34
|
- !ruby/object:Gem::Version
|
|
35
|
-
version: 2.
|
|
35
|
+
version: 2.4.0
|
|
36
36
|
type: :runtime
|
|
37
37
|
prerelease: false
|
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
|
39
39
|
requirements:
|
|
40
40
|
- - "~>"
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
|
-
version: 2.
|
|
42
|
+
version: 2.4.0
|
|
43
43
|
- !ruby/object:Gem::Dependency
|
|
44
44
|
name: graphql-docs
|
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
|
46
46
|
requirements:
|
|
47
47
|
- - "~>"
|
|
48
48
|
- !ruby/object:Gem::Version
|
|
49
|
-
version: '
|
|
49
|
+
version: '5.0'
|
|
50
50
|
type: :runtime
|
|
51
51
|
prerelease: false
|
|
52
52
|
version_requirements: !ruby/object:Gem::Requirement
|
|
53
53
|
requirements:
|
|
54
54
|
- - "~>"
|
|
55
55
|
- !ruby/object:Gem::Version
|
|
56
|
-
version: '
|
|
56
|
+
version: '5.0'
|
|
57
57
|
- !ruby/object:Gem::Dependency
|
|
58
58
|
name: rack-cors
|
|
59
59
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -68,48 +68,62 @@ dependencies:
|
|
|
68
68
|
- - "~>"
|
|
69
69
|
- !ruby/object:Gem::Version
|
|
70
70
|
version: '1.0'
|
|
71
|
+
- !ruby/object:Gem::Dependency
|
|
72
|
+
name: decidim-assemblies
|
|
73
|
+
requirement: !ruby/object:Gem::Requirement
|
|
74
|
+
requirements:
|
|
75
|
+
- - '='
|
|
76
|
+
- !ruby/object:Gem::Version
|
|
77
|
+
version: 0.30.0.rc1
|
|
78
|
+
type: :development
|
|
79
|
+
prerelease: false
|
|
80
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
81
|
+
requirements:
|
|
82
|
+
- - '='
|
|
83
|
+
- !ruby/object:Gem::Version
|
|
84
|
+
version: 0.30.0.rc1
|
|
71
85
|
- !ruby/object:Gem::Dependency
|
|
72
86
|
name: decidim-comments
|
|
73
87
|
requirement: !ruby/object:Gem::Requirement
|
|
74
88
|
requirements:
|
|
75
89
|
- - '='
|
|
76
90
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: 0.
|
|
91
|
+
version: 0.30.0.rc1
|
|
78
92
|
type: :development
|
|
79
93
|
prerelease: false
|
|
80
94
|
version_requirements: !ruby/object:Gem::Requirement
|
|
81
95
|
requirements:
|
|
82
96
|
- - '='
|
|
83
97
|
- !ruby/object:Gem::Version
|
|
84
|
-
version: 0.
|
|
98
|
+
version: 0.30.0.rc1
|
|
85
99
|
- !ruby/object:Gem::Dependency
|
|
86
100
|
name: decidim-dev
|
|
87
101
|
requirement: !ruby/object:Gem::Requirement
|
|
88
102
|
requirements:
|
|
89
103
|
- - '='
|
|
90
104
|
- !ruby/object:Gem::Version
|
|
91
|
-
version: 0.
|
|
105
|
+
version: 0.30.0.rc1
|
|
92
106
|
type: :development
|
|
93
107
|
prerelease: false
|
|
94
108
|
version_requirements: !ruby/object:Gem::Requirement
|
|
95
109
|
requirements:
|
|
96
110
|
- - '='
|
|
97
111
|
- !ruby/object:Gem::Version
|
|
98
|
-
version: 0.
|
|
112
|
+
version: 0.30.0.rc1
|
|
99
113
|
- !ruby/object:Gem::Dependency
|
|
100
114
|
name: decidim-participatory_processes
|
|
101
115
|
requirement: !ruby/object:Gem::Requirement
|
|
102
116
|
requirements:
|
|
103
117
|
- - '='
|
|
104
118
|
- !ruby/object:Gem::Version
|
|
105
|
-
version: 0.
|
|
119
|
+
version: 0.30.0.rc1
|
|
106
120
|
type: :development
|
|
107
121
|
prerelease: false
|
|
108
122
|
version_requirements: !ruby/object:Gem::Requirement
|
|
109
123
|
requirements:
|
|
110
124
|
- - '='
|
|
111
125
|
- !ruby/object:Gem::Version
|
|
112
|
-
version: 0.
|
|
126
|
+
version: 0.30.0.rc1
|
|
113
127
|
description: API engine for decidim
|
|
114
128
|
email:
|
|
115
129
|
- josepjaume@gmail.com
|
|
@@ -162,7 +176,7 @@ files:
|
|
|
162
176
|
- lib/tasks/decidim_api_docs.rake
|
|
163
177
|
homepage: https://decidim.org
|
|
164
178
|
licenses:
|
|
165
|
-
- AGPL-3.0
|
|
179
|
+
- AGPL-3.0-or-later
|
|
166
180
|
metadata:
|
|
167
181
|
bug_tracker_uri: https://github.com/decidim/decidim/issues
|
|
168
182
|
documentation_uri: https://docs.decidim.org/
|
|
@@ -177,14 +191,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
177
191
|
requirements:
|
|
178
192
|
- - "~>"
|
|
179
193
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: 3.
|
|
194
|
+
version: 3.3.0
|
|
181
195
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
182
196
|
requirements:
|
|
183
197
|
- - ">="
|
|
184
198
|
- !ruby/object:Gem::Version
|
|
185
199
|
version: '0'
|
|
186
200
|
requirements: []
|
|
187
|
-
rubygems_version: 3.
|
|
201
|
+
rubygems_version: 3.5.11
|
|
188
202
|
signing_key:
|
|
189
203
|
specification_version: 4
|
|
190
204
|
summary: Decidim API module
|