decidim-api 0.31.4 → 0.32.0.rc1

data/lib/decidim/api/errors/attribute_validation_error.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      class AttributeValidationError < GraphQL::ExecutionError
+        def initialize(messages, ast_node: nil, options: nil, extensions: nil)
+          @ast_node = ast_node
+          @options = options
+          @extensions = extensions
+
+          @messages = messages
+
+          message_str =
+            if messages.is_a?(ActiveModel::Errors)
+              messages.full_messages.join(", ")
+            elsif messages.is_a?(Array)
+              messages.map { |a| a[:message] }.join(", ")
+            else
+              messages.to_s
+            end
+          super(message_str)
+        end
+
+        def to_h
+          hash = {}
+          if @messages.is_a?(ActiveModel::Errors)
+            hash["message"] = @messages.map do |error|
+              # This is the GraphQL argument which corresponds to the validation error:
+              local_path = ["attributes", error.attribute.to_s.camelize(:lower)]
+              {
+                path: local_path,
+                message: error.message
+              }
+            end
+          end
+
+          hash["message"] = @messages if @messages.is_a?(Array)
+
+          if ast_node
+            hash["locations"] = [
+              {
+                "line" => ast_node.line,
+                "column" => ast_node.col
+              }
+            ]
+          end
+
+          hash["path"] = path if path
+
+          hash.merge!(options) if options
+
+          if extensions
+            hash["extensions"] = extensions.transform_keys do |(key, value), ext|
+              ext[key.to_s] = value
+            end
+          end
+
+          hash.merge!({ "extensions" => { "code" => "ATTRIBUTE_VALIDATION_ERROR" } })
+
+          hash
+        end
+
+        def message
+          return @messages.full_messages.join(", ") if @messages.is_a?(ActiveModel::Errors)
+          return @messages.map { |a| [a[:path].last, a[:message]].join(": ") }.join(", ") if @messages.is_a?(Array)
+
+          @messages.to_s
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/invalid_locale_error.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      # i18n-tasks-use t("decidim.api.errors.invalid_locale")
+      class InvalidLocaleError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "INVALID_LOCALE_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/locale_error.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      # i18n-tasks-use t("decidim.api.errors.locale_argument_error")
+      class LocaleError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "LOCALE_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/mutation_not_authorized_error.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      # i18n-tasks-use t("decidim.api.errors.unauthorized_mutation")
+      class MutationNotAuthorizedError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "MUTATION_NOT_AUTHORIZED_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/not_found_error.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      # i18n-tasks-use t("decidim.api.errors.not_found")
+      class NotFoundError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "NOT_FOUND_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/permission_not_set_error.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      # i18n-tasks-use t("decidim.api.errors.permission_not_set")
+      class PermissionNotSetError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "PERMISSION_NOT_SET_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/unauthorized_field_error.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      # i18n-tasks-use t("decidim.api.errors.unauthorized_field")
+      class UnauthorizedFieldError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "UNAUTHORIZED_FIELD_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/unauthorized_object_error.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      # i18n-tasks-use t("decidim.api.errors.unauthorized_object")
+      class UnauthorizedObjectError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "UNAUTHORIZED_OBJECT_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/errors/validation_error.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Api
+    module Errors
+      class ValidationError < GraphQL::ExecutionError
+        def to_h
+          super.merge({ "extensions" => { "code" => "VALIDATION_ERROR" } })
+        end
+      end
+    end
+  end
+end

data/lib/decidim/api/graphiql/config.rb

@@ -7,7 +7,7 @@ module Decidim
         # @example Adding a header to the request
         #    config.headers["My-Header"] = -> (view_context) { "My-Value" }
         #
-        # @return [Hash<String => Proc>] Keys are headers to include in GraphQL requests, values are `->(view_context) { ... }` procs to determine values
+        # @return [Hash{String => Proc}] Keys are headers to include in GraphQL requests, values are `->(view_context) { ... }` procs to determine values
         attr_accessor :headers
 
         attr_accessor :query_params, :initial_query, :csrf, :title, :logo

data/lib/decidim/api/graphql_permissions.rb

@@ -17,8 +17,8 @@ module Decidim
           subject = determine_subject_name(object)
           context[subject] = object
 
-          chain.unshift(allowed_to?(:read, :participatory_space, object, context)) if object.respond_to?(:participatory_space)
-          chain.unshift(allowed_to?(:read, :component, object, context)) if object.respond_to?(:component) && object.component.present?
+          chain.unshift(allowed_to?(:read, :participatory_space, object.participatory_space, context)) if object.respond_to?(:participatory_space)
+          chain.unshift(allowed_to?(:read, :component, object.component, context)) if object.respond_to?(:component) && object.component.present?
 
           super && chain.all?
         end
@@ -34,6 +34,7 @@ module Decidim
         # @param context [GraphQL::Query::Context] The GraphQL context
         #
         # @return Boolean
+        # @param [Symbol] scope
         def allowed_to?(action, subject, object, context, scope: :public)
           unless subject.is_a?(::Symbol)
             subject = determine_subject_name(object)
@@ -43,12 +44,7 @@ module Decidim
           permission_action = Decidim::PermissionAction.new(scope:, action:, subject:)
 
           permission_chain(object).inject(permission_action) do |current_permission_action, permission_class|
-            permission_context =
-              if scope == :admin
-                local_admin_context(object, context)
-              else
-                local_context(object, context)
-              end
+            permission_context = local_user_context(object, context)
 
             permission_class.new(
               context[:current_user],
@@ -56,6 +52,8 @@ module Decidim
               permission_context
             ).permissions
           end.allowed?
+        rescue Decidim::PermissionAction::PermissionNotSetError
+          false
         end
 
         # Injects into context object current_participatory_space and current_component keys as they are needed
@@ -65,8 +63,13 @@ module Decidim
         #
         # @return Hash
         def local_context(object, context)
-          context[:current_participatory_space] = object.participatory_space if object.respond_to?(:participatory_space)
-          context[:current_component] =
+          context[:current_participatory_space] ||=
+            if object.respond_to?(:participatory_space)
+              object.participatory_space
+            elsif object.is_a?(Decidim::Participable)
+              object
+            end
+          context[:current_component] ||=
             if object.is_a?(Decidim::Component)
               object
             elsif object.respond_to?(:component)
@@ -76,7 +79,7 @@ module Decidim
           context.to_h
         end
 
-        def local_admin_context(object, context)
+        def local_user_context(object, context)
           context = local_context(object, context)
 
           component = context[:current_component]
@@ -103,7 +106,9 @@ module Decidim
             Decidim::Permissions
           ]
 
-          if object.is_a?(Decidim::Component)
+          if object.is_a?(Decidim::Participable)
+            permissions.unshift(object.manifest.permissions_class)
+          elsif object.is_a?(Decidim::Component)
             permissions.unshift(object.participatory_space.manifest.permissions_class)
             permissions.unshift(object.manifest.permissions_class)
           else

data/lib/decidim/api/query_type.rb

@@ -5,6 +5,97 @@ module Decidim
     # This type represents the root query type of the whole API.
     class QueryType < Decidim::Api::Types::BaseObject
       description "The root query of this schema"
+
+      field :component, Decidim::Core::ComponentInterface, null: true do
+        description "Lists the components this space contains."
+        argument :id, GraphQL::Types::ID, required: true, description: "The ID of the component to be found"
+      end
+      field :decidim, Core::DecidimType, "Decidim's framework properties.", null: true
+      field :moderated_users, type: [Decidim::Core::UserModerationType], null: true,
+                              description: "The moderated users for the current organization"
+      field :moderations, type: [Decidim::Core::ModerationType], null: true,
+                          description: "The moderation for the current organization"
+      field :organization, Core::OrganizationType, "The current organization", null: true
+      field :participant_details, type: Decidim::Core::ParticipantDetailsType, null: true do
+        description "Participant details visible to admin users only"
+        argument :id, GraphQL::Types::ID, "The ID of the participant", required: true
+        argument :nickname, GraphQL::Types::String, "The @nickname of the participant", required: false
+      end
+      field :session, Core::SessionType, description: "Return's information about the logged in user", null: true
+      field :static_page_topics, type: [Decidim::Core::StaticPageTopicType], null: true,
+                                 description: "The static page topics for the current organization"
+      field :static_pages, type: [Decidim::Core::StaticPageType], null: true,
+                           description: "The static pages for the current organization"
+      field :user,
+            type: Core::UserType, null: true,
+            description: "A participant (user or group) in the current organization" do
+        argument :id, GraphQL::Types::ID, "The ID of the participant", required: false
+        argument :nickname, GraphQL::Types::String, "The @nickname of the participant", required: false
+      end
+      field :users,
+            type: [Core::UserType], null: true,
+            description: "The participants (users or groups) for the current organization" do
+        argument :filter, Decidim::Core::UserEntityInputFilter, "Provides several methods to filter the results", required: false
+        argument :order, Decidim::Core::UserEntityInputSort, "Provides several methods to order the results", required: false
+      end
+
+      def component(id: {})
+        component = Decidim::Component.published.find_by(id:)
+        component&.organization == context[:current_organization] ? component : nil
+      end
+
+      def session
+        context[:current_user]
+      end
+
+      def decidim
+        Decidim
+      end
+
+      def organization
+        context[:current_organization]
+      end
+
+      def user(id: nil, nickname: nil)
+        Core::UserEntityFinder.new.call(object, { id:, nickname: }, context)
+      end
+
+      def users(filter: {}, order: {})
+        Core::UserEntityList.new.call(object, { filter:, order: }, context)
+      end
+
+      def participant_details(id: nil, nickname: nil)
+        participant = Decidim::Core::UserEntityFinder.new.call(object, { id:, nickname: }, context)
+        return nil unless participant
+
+        return nil unless Decidim::Core::ParticipantDetailsType.authorized?(participant, context)
+
+        Decidim::ActionLogger.log(
+          "read",
+          context[:current_user],
+          participant,
+          nil,
+          {}
+        )
+
+        participant
+      end
+
+      def static_pages
+        Decidim::StaticPage.accessible_for(organization, context[:current_user])
+      end
+
+      def static_page_topics
+        static_pages.collect(&:topic).uniq.compact_blank
+      end
+
+      def moderated_users
+        Decidim::UserModeration.joins(:user).where(decidim_users: { decidim_organization_id: organization&.id }).where.not(decidim_users: { blocked_at: nil })
+      end
+
+      def moderations
+        Decidim::Moderation.where(participatory_space: organization.participatory_spaces).includes(:reports).hidden
+      end
     end
   end
 end

data/lib/decidim/api/schema.rb

@@ -7,7 +7,7 @@ module Decidim
       mutation(MutationType)
       query(QueryType)
 
-      introspection IntrospectionAnalyzer
+      introspection(IntrospectionAnalyzer)
       query_analyzer RecursionAnalyzer
       query_analyzer AliasAnalyzer
 
@@ -16,6 +16,32 @@ module Decidim
       max_complexity Decidim::Api.schema_max_complexity
 
       orphan_types(Api.orphan_types)
+
+      def self.unauthorized_object(error)
+        # Add a top-level error to the response instead of returning nil:
+        raise Decidim::Api::Errors::UnauthorizedObjectError, I18n.t("decidim.api.errors.unauthorized_object", type: error.type.graphql_name)
+      end
+
+      def self.unauthorized_field(error)
+        # Add a top-level error to the response instead of returning nil:
+        raise Decidim::Api::Errors::UnauthorizedFieldError, I18n.t("decidim.api.errors.unauthorized_field", type: error.type.graphql_name, field: error.field.graphql_name)
+      end
+
+      rescue_from(ActiveRecord::RecordNotFound) do |_err, _obj, _args, _ctx, field|
+        raise Decidim::Api::Errors::NotFoundError, I18n.t("decidim.api.errors.not_found", type: field.type.unwrap.graphql_name)
+      end
+
+      rescue_from(Decidim::PermissionAction::PermissionNotSetError) do |_err, _obj, _args, _ctx, field|
+        raise Decidim::Api::Errors::PermissionNotSetError, I18n.t("decidim.api.errors.permission_not_set", type: field.type.unwrap.graphql_name)
+      end
+
+      rescue_from(I18n::InvalidLocale) do |_err, _obj, _args, _ctx, _field|
+        raise Decidim::Api::Errors::InvalidLocaleError, I18n.t("decidim.api.errors.invalid_locale")
+      end
+
+      rescue_from(I18n::ArgumentError) do |err, _obj, _args, _ctx, _field|
+        raise Decidim::Api::Errors::LocaleError, I18n.t("decidim.api.errors.locale_argument_error", message: err.message)
+      end
     end
   end
 end