decidim-api 0.29.1 → 0.30.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9585f47d411b9a9e9bda8e8a5608a3fcd90582e9844c7baed210b3c935b91c3b
-  data.tar.gz: 641a97f83951689fc9d1e3ebd3fedc10749ee6a23a6681c59cbca0d781da45c5
+  metadata.gz: 2fee654b2c8123c5e96d037b90447eea8cb6fe330698bcccc5fc5333809ef9e5
+  data.tar.gz: 2f41b07548990e7c19952d51cbd22e153ff86a8461b564f4f83088922374443a
 SHA512:
-  metadata.gz: ac63bab88afe41a312a3b0a563d017f7a1fbba6ffb4b8b4001485c57b197b0b239b1ab30bd552098b5e8a532d20b507dc3b1d43c4f8fa258f116dea01ba1912d
-  data.tar.gz: 3c3863d36870b095f7afd928477f8c0e17cd3bef07ee1862c5162e717d44c6cf33458d59f5110ee19428502dd61d6073d09434a26aaffff7c389f618a5957c28
+  metadata.gz: 84fea0923ec4e3ffea2393241b0c5cb4f915400ab978033e001f7342b561a782a57436ca07b990ef115c737fcc05ec49c498e80a390f67bb04f951216db5f3b0
+  data.tar.gz: 27dcf85d7b0b5cb83657b5b34c5c64d5edbd8234a848474c25a7ad27bb414deeaa7475f03126b368750d2a16b59ac2f77117325d42723edbae6b5f7677bb1dbe

data/decidim-api.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |s|
   s.version = Decidim::Api.version
   s.authors = ["Josep Jaume Rey Peroy", "Marc Riera Casals", "Oriol Gual Oliva"]
   s.email = ["josepjaume@gmail.com", "mrc2407@gmail.com", "oriolgual@gmail.com"]
-  s.license = "AGPL-3.0"
+  s.license = "AGPL-3.0-or-later"
   s.homepage = "https://decidim.org"
   s.metadata = {
     "bug_tracker_uri" => "https://github.com/decidim/decidim/issues",
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
     "homepage_uri" => "https://decidim.org",
     "source_code_uri" => "https://github.com/decidim/decidim"
   }
-  s.required_ruby_version = "~> 3.2.0"
+  s.required_ruby_version = "~> 3.3.0"
 
   s.name = "decidim-api"
   s.summary = "Decidim API module"
@@ -33,10 +33,11 @@ Gem::Specification.new do |s|
   end
 
   s.add_dependency "decidim-core", Decidim::Api.version
-  s.add_dependency "graphql", "~> 2.2.6"
-  s.add_dependency "graphql-docs", "~> 4.0"
+  s.add_dependency "graphql", "~> 2.4.0"
+  s.add_dependency "graphql-docs", "~> 5.0"
   s.add_dependency "rack-cors", "~> 1.0"
 
+  s.add_development_dependency "decidim-assemblies", Decidim::Api.version
   s.add_development_dependency "decidim-comments", Decidim::Api.version
   s.add_development_dependency "decidim-dev", Decidim::Api.version
   s.add_development_dependency "decidim-participatory_processes", Decidim::Api.version

data/lib/decidim/api/test/component_context.rb

@@ -9,8 +9,9 @@ shared_context "with a graphql decidim component" do
 
   let(:locale) { "en" }
 
-  let(:participatory_process) { create :participatory_process, organization: current_organization }
-  let(:category) { create(:category, participatory_space: participatory_process) }
+  let(:participatory_process) { create(:participatory_process, organization: current_organization) }
+  let(:taxonomy) { create(:taxonomy, :with_parent, organization: participatory_process.organization) }
+  let(:taxonomies) { [taxonomy] }
 
   let(:component_type) { nil }
   let(:component_fragment) { nil }
@@ -41,3 +42,438 @@ shared_context "with a graphql decidim component" do
     )
   end
 end
+
+shared_examples "with resource visibility" do
+  let(:process_space_factory) { :participatory_process }
+  let(:space_type) { "participatoryProcess" }
+
+  shared_examples "graphQL visible resource" do
+    it "is visible" do
+      expect(response[space_type]["components"].first[lookout_key]).to eq(query_result)
+    end
+  end
+
+  shared_examples "graphQL hidden space" do
+    it "should not be visible" do
+      expect(response[space_type]).to be_nil
+    end
+  end
+
+  shared_examples "graphQL hidden component" do
+    it "should not be visible" do
+      expect(response[space_type]["components"].first).to be_nil
+    end
+  end
+
+  shared_examples "graphQL resource visible for admin" do
+    context "when the user is admin" do
+      let!(:current_user) { create(:user, :admin, :confirmed, organization: current_organization) }
+
+      it_behaves_like "graphQL visible resource"
+    end
+  end
+
+  shared_examples "graphQL space hidden to visitor" do
+    context "when user is visitor" do
+      let!(:current_user) { nil }
+      it_behaves_like "graphQL hidden space"
+    end
+  end
+
+  context "when space is published" do
+    let!(:participatory_process) { create(process_space_factory, :published, :with_steps, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL visible resource"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden component"
+      end
+    end
+  end
+
+  context "when space is published, private and transparent" do
+    let(:process_space_factory) { :assembly }
+    let(:space_type) { "assembly" }
+
+    let(:participatory_process_query) do
+      %(
+      assembly(id: #{participatory_process.id}) {
+        components(filter: {type: "#{component_type}"}){
+          id
+          name {
+            translation(locale: "#{locale}")
+          }
+          weight
+          __typename
+          ...fooComponent
+        }
+        id
+      }
+    )
+    end
+    let!(:participatory_process) { create(process_space_factory, :published, :private, :transparent, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL visible resource"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "admin") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:assembly_user_role, assembly: participatory_process, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL visible resource"
+      end
+
+      context "when user is visitor" do
+        let!(:current_user) { nil }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden component"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:assembly_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden component"
+      end
+    end
+  end
+
+  context "when space is published but private" do
+    let!(:participatory_process) { create(process_space_factory, :published, :private, :with_steps, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL visible resource"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden component"
+      end
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden space"
+      end
+    end
+  end
+
+  context "when space is unpublished" do
+    let(:participatory_process) { create(process_space_factory, :unpublished, :with_steps, organization: current_organization) }
+
+    context "when component is published" do
+      let!(:current_component) { create(component_factory, :published, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        it_behaves_like "graphQL hidden space"
+      end
+    end
+
+    context "when component is not published" do
+      let!(:current_component) { create(component_factory, :unpublished, participatory_space: participatory_process) }
+
+      it_behaves_like "graphQL resource visible for admin"
+
+      context "when the user is space admin" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "admin") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space collaborator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "collaborator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space moderator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "moderator") }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when the user is space valuator" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:role) { create(:participatory_process_user_role, participatory_process:, user: current_user, role: "valuator") }
+        it_behaves_like "graphQL hidden space"
+      end
+      it_behaves_like "graphQL space hidden to visitor"
+
+      context "when user is member" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+        let!(:participatory_space_private_user) { create(:participatory_space_private_user, user: current_user, privatable_to: participatory_process) }
+        it_behaves_like "graphQL hidden space"
+      end
+
+      context "when user is normal user" do
+        let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
+
+        it_behaves_like "graphQL hidden space"
+      end
+    end
+  end
+end

data/lib/decidim/api/test/type_context.rb

@@ -2,7 +2,7 @@
 
 shared_context "with a graphql class type" do
   let!(:current_organization) { create(:organization) }
-  let!(:current_user) { create(:user, organization: current_organization) }
+  let!(:current_user) { create(:user, :confirmed, organization: current_organization) }
   let!(:current_component) { create(:component) }
   let(:model) { OpenStruct.new({}) }
   let(:type_class) { described_class }

data/lib/decidim/api/types/base_object.rb

@@ -5,6 +5,76 @@ module Decidim
     module Types
       class BaseObject < GraphQL::Schema::Object
         field_class Types::BaseField
+
+        def self.authorized?(object, context)
+          chain = []
+
+          subject = determine_subject_name(object)
+          context[subject] = object
+
+          chain.unshift(allowed_to?(:read, :participatory_space, object, context)) if object.respond_to?(:participatory_space)
+          chain.unshift(allowed_to?(:read, :component, object, context)) if object.respond_to?(:component) && object.component.present?
+
+          super && chain.all?
+        end
+
+        def self.determine_subject_name(object)
+          object.class.name.split("::").last.underscore.to_sym
+        end
+
+        # This is a simplified adaptation of allowed_to? from NeedsPermission concern
+        # @param action [Symbol] The action performed. Most cases the action is :read
+        # @param subject [Object] The name of the subject. Ex: :participatory_space, :component, or object
+        # @param object [ActiveModel::Base] The object that is being represented.
+        # @param context [GraphQL::Query::Context] The GraphQL context
+        #
+        # @return Boolean
+        def self.allowed_to?(action, subject, object, context)
+          unless subject.is_a?(::Symbol)
+            subject = determine_subject_name(object)
+            context[subject] = object
+          end
+
+          permission_action = Decidim::PermissionAction.new(scope: :public, action:, subject:)
+
+          permission_chain(object).inject(permission_action) do |current_permission_action, permission_class|
+            permission_class.new(
+              context[:current_user],
+              current_permission_action,
+              local_context(object, context)
+            ).permissions
+          end.allowed?
+        end
+
+        # Injects into context object current_participatory_space and current_component keys as they are needed
+        #
+        # @param object [ActiveModel::Base] The object that is being represented.
+        # @param context [GraphQL::Query::Context] The GraphQL context
+        #
+        # @return Hash
+        def self.local_context(object, context)
+          context[:current_participatory_space] = object.participatory_space if object.respond_to?(:participatory_space)
+          context[:current_component] = object.component if object.respond_to?(:component) && object.component.present?
+
+          context.to_h
+        end
+
+        # Creates the permission chain arrau that contains all the permission classes required to authorize a certain resource
+        # We are using unshift as we need the Admin and base permissions to be last in the chain
+        # @param object [ActiveModel::Base] The object that is being represented.
+        #
+        # @return [Decidim::DefaultPermissions]
+        def self.permission_chain(object)
+          permissions = [
+            Decidim::Admin::Permissions,
+            Decidim::Permissions
+          ]
+
+          permissions.unshift(object.participatory_space.manifest.permissions_class) if object.respond_to?(:participatory_space)
+          permissions.unshift(object.component.manifest.permissions_class) if object.respond_to?(:component) && object.component.present?
+
+          permissions
+        end
       end
     end
   end

data/lib/decidim/api/version.rb

@@ -4,7 +4,7 @@ module Decidim
   # This holds the decidim-api version.
   module Api
     def self.version
-      "0.29.1"
+      "0.30.0.rc1"
     end
   end
 end

data/lib/decidim/api.rb

@@ -24,6 +24,10 @@ module Decidim
       15
     end
 
+    config_accessor :disclose_system_version do
+      %w(1 true yes).include?(ENV.fetch("DECIDIM_API_DISCLOSE_SYSTEM_VERSION", nil))
+    end
+
     # This declares all the types an interface or union can resolve to. This needs
     # to be done in order to be able to have them found. This is a shortcoming of
     # graphql-ruby and the way it deals with loading types, in combination with

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: decidim-api
 version: !ruby/object:Gem::Version
-  version: 0.29.1
+  version: 0.30.0.rc1
 platform: ruby
 authors:
 - Josep Jaume Rey Peroy
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-02 00:00:00.000000000 Z
+date: 2025-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: decidim-core
@@ -18,42 +18,42 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.6
+        version: 2.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.6
+        version: 2.4.0
 - !ruby/object:Gem::Dependency
   name: graphql-docs
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rack-cors
   requirement: !ruby/object:Gem::Requirement
@@ -68,48 +68,62 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: decidim-assemblies
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.30.0.rc1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.30.0.rc1
 - !ruby/object:Gem::Dependency
   name: decidim-comments
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
 - !ruby/object:Gem::Dependency
   name: decidim-dev
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
 - !ruby/object:Gem::Dependency
   name: decidim-participatory_processes
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.1
+        version: 0.30.0.rc1
 description: API engine for decidim
 email:
 - josepjaume@gmail.com
@@ -162,7 +176,7 @@ files:
 - lib/tasks/decidim_api_docs.rake
 homepage: https://decidim.org
 licenses:
-- AGPL-3.0
+- AGPL-3.0-or-later
 metadata:
   bug_tracker_uri: https://github.com/decidim/decidim/issues
   documentation_uri: https://docs.decidim.org/
@@ -177,14 +191,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - "~>"
     - !ruby/object:Gem::Version
-      version: 3.2.0
+      version: 3.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: Decidim API module