decidim-centers 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3d9404d74205212bd3baf112cadc15a1f876f9ed8a00ed882ca60924a330ca0
-  data.tar.gz: 2ddef7bf7c73e61d52aee22a361569c84e4e8255a88ce5c8ec5341a48d08164a
+  metadata.gz: 322ae36dae0cc1f6450d0bdb4dee7cdc1125823329f0dded27ffe1406d98af1c
+  data.tar.gz: 94e3c59ce5f089248873859b0ae967bb8f12aebf9afdc082be358158b0d7cccf
 SHA512:
-  metadata.gz: 313aed3486d72c4a012151c98873aa891ddf58ddda348d406f20bbd3377863364c032af93f29ccaf645e88a183152053f35d4d089d50318c169aef650e0b6257
-  data.tar.gz: b861414678d79a6049c075f443cb964d6474d9c024eaea61b258a9f4d268e1f18658e1fd3e0e136ad07723f4528539037d5774ca49a19182ebe6b19e6798a48f
+  metadata.gz: ffe9e5780b724a8194f7e041b37a62203b8439c678730ec6fc8a1797d06006077a2fbcae7d060e7aeb4fc5de08345a0e7f386c82884933a8d6d3dad3c45eb84f
+  data.tar.gz: b3b96f0f4f7d912a5b6b325ec6ba2e5d116f68cbacf34ed17f9349887914347cf841fb8290d1b19d081f92934eb38bfda40a8138e136e636e29b43db9385cf70

data/README.md

@@ -4,15 +4,16 @@
 [![[CI] Lint](https://github.com/Platoniq/decidim-module-centers/actions/workflows/lint.yml/badge.svg)](https://github.com/Platoniq/decidim-module-centers/actions/workflows/lint.yml)
 [![[CI] Test](https://github.com/Platoniq/decidim-module-centers/actions/workflows/test.yml/badge.svg)](https://github.com/Platoniq/decidim-module-centers/actions/workflows/test.yml)
 [![Maintainability](https://api.codeclimate.com/v1/badges/6b1b656b229f9731a64b/maintainability)](https://codeclimate.com/github/Platoniq/decidim-module-centers/maintainability)
-[![codecov](https://codecov.io/gh/Platoniq/decidim-module-centers/branch/main/graph/badge.svg)](https://codecov.io/gh/Platoniq/decidim-module-centers)
+[![Coverage Status](https://coveralls.io/repos/github/Platoniq/decidim-module-centers/badge.svg?branch=main)](https://coveralls.io/github/Platoniq/decidim-module-centers?branch=main)
 
-Manage your centers and scopes so the users can be authorized over them. As an admin you will be able
-to create centers and scopes (we use the model Decidim currently provides).
+Manage your centers, roles and scopes so the users can be authorized over them. As an admin you will be able
+to create centers, roles and scopes (we use the model Decidim currently provides).
 
 When a user signs up in the platform two new fields will appear in the registration form.
 
 - **Center**: Where the user works. For example: "University of Granada"
 - **Scope**: The work scope in which the user works. For example: "Computer Science"
+- **Role**: The role of the user in the center. For example: "Professor"
 
 ![Registration form](examples/registration.png)
 
@@ -22,8 +23,8 @@ When they create the account or update their values, a `center` authorization wi
 with the value of the center and scope the user has selected.
 
 As an admin you will be able to configure the permissions of a component restricting the access to
-specific centers and scopes. When you select multiple centers or scopes they work as "or". When you specify
-both the center and the scope it will work as an "and" between them.
+specific centers, roles and scopes. When you select multiple centers, roles or scopes they work as "or". When you specify
+the center, the role and the scope it will work as an "and" between them.
 
 ![Permissions in the admin page](examples/permissions.png)
 
@@ -53,14 +54,16 @@ Depending on your Decidim version, choose the corresponding version to ensure co
 | Version | Compatible decidim versions |
 |---------|-----------------------------|
 | 0.1.x   | v0.27.x                     |
+| 0.2.x   | v0.27.x                     |
 
 ## Configuration
 
 You can customize your installation using the environment variables below:
 
-| ENV                                  | Description                                               | Default | Example      |
-|--------------------------------------|-----------------------------------------------------------|---------|--------------|
-| DECIDIM_CENTERS_SCOPES_ENABLED       | Use scopes to categorize users too along with the centers | true    | false        |
+| ENV                            | Description                                               | Default | Example      |
+|--------------------------------|-----------------------------------------------------------|---------|--------------|
+| DECIDIM_CENTERS_SCOPES_ENABLED | Use scopes to categorize users too along with the centers | true    | false        |
+| DECIDIM_CENTERS_ROLES_ENABLED  | Use roles to categorize users too along with the centers  | true    | false        |
 
 > **IMPORTANT**: Remember to activate the verification method `center` in the
 > Decidim `/system` admin page for your organization.

data/app/commands/concerns/decidim/centers/publish_center_update_event.rb

@@ -12,6 +12,7 @@ module Decidim
           "decidim.centers.user.updated",
           user_id: @user.id,
           center_id: @form.center_id,
+          role_id: @form.role_id,
           scope_id: @form.scope_id
         )
       end

data/app/commands/decidim/centers/admin/create_role.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    module Admin
+      # This command is executed when the user creates a Role from the admin
+      # panel.
+      class CreateRole < Decidim::Command
+        # Initializes a CreateRole Command.
+        #
+        # form - The form from which to get the data.
+        # current_user - The user who performs the action.
+        def initialize(form, current_user)
+          @form = form
+          @current_user = current_user
+        end
+
+        # Creates the role if valid.
+        #
+        # Broadcasts :ok if successful, :invalid otherwise.
+        def call
+          return broadcast(:invalid) if form.invalid?
+
+          transaction do
+            create_role!
+          end
+
+          broadcast(:ok, @role)
+        end
+
+        private
+
+        attr_reader :form, :current_user
+
+        def create_role!
+          attributes = {
+            organization: form.current_organization,
+            title: form.title
+          }
+
+          @role = Decidim.traceability.create!(
+            Role,
+            current_user,
+            attributes
+          )
+        end
+      end
+    end
+  end
+end

data/app/commands/decidim/centers/admin/destroy_role.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    module Admin
+      # This command is executed when the user destroys a Role from the admin
+      # panel.
+      class DestroyRole < Decidim::Command
+        # Initializes a DestroyRole Command.
+        #
+        # role - The current instance of the role to be destroyed.
+        # current_user - The user who performs the action.
+        def initialize(role, current_user)
+          @role = role
+          @current_user = current_user
+        end
+
+        # Destroys the role if valid.
+        #
+        # Broadcasts :ok if successful, :invalid otherwise.
+        def call
+          transaction do
+            destroy_role!
+          end
+
+          broadcast(:ok, role)
+        end
+
+        private
+
+        attr_reader :role, :current_user
+
+        def destroy_role!
+          attributes = {
+            deleted_at: Time.current
+          }
+
+          Decidim.traceability.update!(
+            role,
+            current_user,
+            attributes
+          )
+        end
+      end
+    end
+  end
+end

data/app/commands/decidim/centers/admin/update_role.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    module Admin
+      # This command is executed when the user changes a Role from the admin
+      # panel.
+      class UpdateRole < Decidim::Command
+        # Initializes a UpdateRole Command.
+        #
+        # form - The form from which to get the data.
+        # role - The current instance of the role to be updated.
+        # current_user - The user who performs the action.
+        def initialize(form, role, current_user)
+          @form = form
+          @role = role
+          @current_user = current_user
+        end
+
+        # Updates the role if valid.
+        #
+        # Broadcasts :ok if successful, :invalid otherwise.
+        def call
+          return broadcast(:invalid) if form.invalid?
+
+          transaction do
+            update_role!
+          end
+
+          broadcast(:ok, role)
+        end
+
+        private
+
+        attr_reader :form, :role, :current_user
+
+        def update_role!
+          Decidim.traceability.update!(
+            role,
+            current_user,
+            title: form.title
+          )
+        end
+      end
+    end
+  end
+end

data/app/commands/decidim/centers/create_or_update_role_user.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    # This command is executed when a new relationship between user
+    # and role is created
+    class CreateOrUpdateRoleUser < Decidim::Command
+      # Initializes a CreateOrUpdateRoleUser Command.
+      #
+      # role - The role to be related with the user.
+      # user - The user to be related with the role.
+      def initialize(role, user)
+        @role = role
+        @user = user
+      end
+
+      # Creates or update the role user if valid.
+      #
+      # Broadcasts :ok if successful, :invalid otherwise.
+      def call
+        transaction do
+          delete_existing_role_user!
+          create_role_user!
+        rescue ActiveRecord::RecordInvalid
+          broadcast(:invalid)
+        end
+
+        broadcast(:ok, @role_user)
+      end
+
+      private
+
+      attr_reader :role, :user
+
+      def delete_existing_role_user!
+        RoleUser.where(user: user).destroy_all
+      end
+
+      def create_role_user!
+        @role_user = RoleUser.create!(role: role, user: user)
+      end
+    end
+  end
+end

data/app/controllers/decidim/centers/admin/roles_controller.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    module Admin
+      # This controller allows the create or update a role.
+      class RolesController < ApplicationController
+        include TranslatableAttributes
+
+        helper_method :roles, :role
+
+        def index
+          enforce_permission_to :index, :role
+          respond_to do |format|
+            format.html
+            format.json do
+              render json: json_roles
+            end
+          end
+        end
+
+        def new
+          enforce_permission_to :create, :role
+          @form = form(RoleForm).instance
+        end
+
+        def create
+          enforce_permission_to :create, :role
+          @form = form(RoleForm).from_params(params)
+
+          CreateRole.call(@form, current_user) do
+            on(:ok) do
+              flash[:notice] = I18n.t("roles.create.success", scope: "decidim.centers.admin")
+              redirect_to roles_path
+            end
+
+            on(:invalid) do
+              flash.now[:alert] = I18n.t("roles.create.invalid", scope: "decidim.centers.admin")
+              render action: "new"
+            end
+          end
+        end
+
+        def edit
+          enforce_permission_to :update, :role, role: role
+          @form = form(RoleForm).from_model(role)
+        end
+
+        def update
+          enforce_permission_to :update, :role, role: role
+          @form = form(RoleForm).from_params(params)
+
+          UpdateRole.call(@form, role, current_user) do
+            on(:ok) do
+              flash[:notice] = I18n.t("roles.update.success", scope: "decidim.centers.admin")
+              redirect_to roles_path
+            end
+
+            on(:invalid) do
+              flash.now[:alert] = I18n.t("roles.update.invalid", scope: "decidim.centers.admin")
+              render action: "edit"
+            end
+          end
+        end
+
+        def destroy
+          enforce_permission_to :destroy, :role, role: role
+
+          DestroyRole.call(role, current_user) do
+            on(:ok) do
+              flash[:notice] = I18n.t("roles.destroy.success", scope: "decidim.centers.admin")
+            end
+          end
+
+          redirect_to roles_path
+        end
+
+        private
+
+        def json_roles
+          query = filtered_roles
+          query = query.where(id: params[:ids]) if params[:ids]
+          query = query.where("title->>? ilike ?", I18n.locale, "%#{params[:q]}%") if params[:q]
+          query.map do |item|
+            {
+              id: item.id,
+              text: translated_attribute(item.title)
+            }
+          end
+        end
+
+        def role
+          @role ||= filtered_roles.find(params[:id])
+        end
+
+        def roles
+          @roles ||= filtered_roles.page(params[:page]).per(15)
+        end
+
+        def filtered_roles
+          Role.where(organization: current_organization).not_deleted
+        end
+      end
+    end
+  end
+end

data/app/forms/concerns/decidim/centers/account_form_override.rb

@@ -13,20 +13,27 @@ module Decidim
         include Decidim::Centers::ApplicationHelper
 
         attribute :center_id, Integer
+        attribute :role_id, Integer
         attribute :scope_id, Integer
 
         validates :center_id, presence: true
+        validates :role_id, presence: true, if: :role_id?
         validates :scope_id, presence: true, if: :scope_id?
 
         def map_model(model)
           original_map_model(model)
 
           self.center_id = model.center.try(:id)
+          self.role_id = model.center_role.try(:id)
           self.scope_id = model.scope.try(:id)
         end
 
         private
 
+        def role_id?
+          Decidim::Centers.roles_enabled
+        end
+
         def scope_id?
           Decidim::Centers.scopes_enabled
         end

data/app/forms/decidim/centers/admin/role_form.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    module Admin
+      # This class holds a Form to update roles from Decidim's admin panel.
+      class RoleForm < Decidim::Form
+        include TranslatableAttributes
+
+        translatable_attribute :title, String
+
+        validates :title, translatable_presence: true
+
+        alias organization current_organization
+      end
+    end
+  end
+end

data/app/forms/decidim/centers/verifications/center.rb

@@ -7,11 +7,13 @@ module Decidim
     module Verifications
       class Center < Decidim::AuthorizationHandler
         validate :center_present
+        validate :role_present
         validate :scope_present
 
         def metadata
           super.merge(
             centers: user.centers.pluck(:id),
+            roles: user.center_roles.pluck(:id),
             scopes: user.scopes.pluck(:id)
           )
         end
@@ -22,6 +24,12 @@ module Decidim
           errors.add(:user, I18n.t("decidim.centers.authorizations.new.error")) unless user.centers.any?
         end
 
+        def role_present
+          return unless Decidim::Centers.roles_enabled
+
+          errors.add(:user, I18n.t("decidim.centers.authorizations.new.error")) unless user.center_roles.any?
+        end
+
         def scope_present
           return unless Decidim::Centers.scopes_enabled
 

data/app/helpers/decidim/centers/application_helper.rb

@@ -12,6 +12,12 @@ module Decidim
           [center.id, translated_attribute(center.title)]
         end
       end
+
+      def role_options_for_select
+        Decidim::Centers::Role.where(organization: current_organization).map do |role|
+          [role.id, translated_attribute(role.title)]
+        end
+      end
     end
   end
 end

data/app/jobs/decidim/centers/auto_verification_job.rb

@@ -7,7 +7,7 @@ module Decidim
 
       def perform(user_id)
         @user = Decidim::User.find(user_id)
-        @user.centers.any? || @user.scopes.any? ? create_auth : remove_auth
+        @user.centers.any? || @user.scopes.any? || @user.center_roles.any? ? create_auth : remove_auth
       rescue ActiveRecord::RecordNotFound => _e
         Rails.logger.error "AutoVerificationJob: ERROR: user not found #{user_id}"
       end

data/app/jobs/decidim/centers/sync_role_user_job.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    class SyncRoleUserJob < ApplicationJob
+      queue_as :default
+
+      def perform(data)
+        @user = Decidim::User.find(data[:user_id])
+        @role = Decidim::Centers::Role.find(data[:role_id])
+        create_or_update_role_user
+      end
+
+      private
+
+      def create_or_update_role_user
+        Decidim::Centers::CreateOrUpdateRoleUser.call(@role, @user) do
+          on(:ok) do
+            Rails.logger.info "SyncRoleUserJob: Success: updated for user #{@user.id}"
+          end
+
+          on(:invalid) do
+            Rails.logger.error "SyncRoleUserJob: ERROR: not updated for user #{@user.id}"
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/decidim/centers/user_override.rb

@@ -13,6 +13,13 @@ module Decidim
 
         has_many :centers, through: :center_users
 
+        has_many :role_users,
+                 class_name: "Decidim::Centers::RoleUser",
+                 foreign_key: "decidim_user_id",
+                 dependent: :destroy
+
+        has_many :center_roles, through: :role_users, source: :role
+
         has_many :scope_users,
                  class_name: "Decidim::Centers::ScopeUser",
                  foreign_key: "decidim_user_id",
@@ -24,6 +31,10 @@ module Decidim
           centers.first
         end
 
+        def center_role
+          center_roles.first
+        end
+
         def scope
           scopes.first
         end

data/app/models/decidim/centers/role.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    class Role < Centers::ApplicationRecord
+      include Decidim::TranslatableResource
+
+      translatable_fields :title
+
+      belongs_to :organization,
+                 foreign_key: "decidim_organization_id",
+                 class_name: "Decidim::Organization"
+
+      scope :not_deleted, -> { where(deleted_at: nil) }
+
+      def deleted?
+        deleted_at.present?
+      end
+
+      def self.log_presenter_class_for(_log)
+        Decidim::Centers::AdminLog::RolePresenter
+      end
+    end
+  end
+end

data/app/models/decidim/centers/role_user.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    class RoleUser < Centers::ApplicationRecord
+      include UniqueByUser
+
+      belongs_to :role,
+                 foreign_key: "decidim_centers_role_id",
+                 class_name: "Decidim::Centers::Role"
+
+      belongs_to :user,
+                 foreign_key: "decidim_user_id",
+                 class_name: "Decidim::User"
+
+      validate :same_organization
+
+      private
+
+      def same_organization
+        return if role.try(:organization) == user.try(:organization)
+
+        errors.add(:role, :invalid)
+        errors.add(:user, :invalid)
+      end
+    end
+  end
+end

data/app/packs/src/decidim/centers/admin/resource_permissions_select2.js

@@ -9,6 +9,10 @@ $(() => {
       url: "/admin/centers/centers",
       inputName: "[authorization_handlers_options][center][centers]"
     },
+    {
+      url: "/admin/centers/roles",
+      inputName: "[authorization_handlers_options][center][roles]"
+    },
     {
       url: "/admin/centers/scopes",
       inputName: "[authorization_handlers_options][center][scopes]"

data/app/permissions/decidim/centers/admin/permissions.rb

@@ -8,7 +8,7 @@ module Decidim
           return permission_action unless user
           return permission_action unless user.admin?
           return permission_action unless permission_action.scope == :admin
-          return permission_action unless permission_action.subject == :center
+          return permission_action unless [:center, :role].include?(permission_action.subject)
 
           allow!
           permission_action

data/app/presenters/decidim/centers/admin_log/role_presenter.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Centers
+    module AdminLog
+      # This class holds the logic to present a `Decidim::Centers::Role`
+      # for the `AdminLog` log.
+      #
+      # Usage should be automatic and you shouldn't need to call this class
+      # directly, but here's an example:
+      #
+      #    action_log = Decidim::ActionLog.last
+      #    view_helpers # => this comes from the views
+      #    RolePresenter.new(action_log, view_helpers).present
+      class RolePresenter < Decidim::Log::BasePresenter
+        private
+
+        def action_string
+          case action
+          when "create", "delete", "update"
+            "decidim.centers.admin_log.role.#{action}"
+          else
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/app/views/decidim/centers/_profile_form.html.erb

@@ -1,5 +1,9 @@
 <%= f.collection_select :center_id, f.object.center_options_for_select, :first, :last %>
 
+<% if Decidim::Centers.roles_enabled %>
+  <%= f.collection_select :role_id, f.object.role_options_for_select, :first, :last %>
+<% end %>
+
 <% if Decidim::Centers.scopes_enabled %>
   <%= scopes_picker_field f, :scope_id, root: nil %>
 <% end %>

data/app/views/decidim/centers/_registration_form.html.erb

@@ -3,6 +3,10 @@
     <div class="field">
       <%= f.collection_select :center_id, f.object.center_options_for_select, :first, :last %>
 
+      <% if Decidim::Centers.roles_enabled %>
+        <%= f.collection_select :role_id, f.object.role_options_for_select, :first, :last %>
+      <% end %>
+
       <% if Decidim::Centers.scopes_enabled %>
         <%= scopes_picker_field f, :scope_id, root: nil %>
       <% end %>

data/app/views/decidim/centers/admin/centers/index.html.erb

@@ -3,7 +3,7 @@
   <div class="card-divider">
     <h2 class="card-title">
       <%= t(".title") %>
-      <%= link_to t("actions.new", scope: "decidim.centers", name: t("models.center.name", scope: "decidim.centers.admin")), new_center_path, class: "button tiny button--title" if allowed_to? :create, :center %>
+      <%= link_to t("actions.new", scope: "decidim.centers.admin.centers", name: t("models.center.name", scope: "decidim.centers.admin")), new_center_path, class: "button tiny button--title" if allowed_to? :create, :center %>
     </h2>
   </div>
 
@@ -14,7 +14,7 @@
           <tr>
             <th><%= t("models.center.fields.title", scope: "decidim.centers") %></th>
             <th><%= t("models.center.fields.created_at", scope: "decidim.centers") %></th>
-            <th class="actions"><%= t("actions.title", scope: "decidim.centers") %></th>
+            <th class="actions"><%= t("actions.title", scope: "decidim.centers.admin.centers") %></th>
           </tr>
         </thead>
         <tbody>
@@ -28,11 +28,11 @@
               </td>
               <td class="table-list__actions">
                 <% if allowed_to? :update, :center, center: center %>
-                  <%= icon_link_to "pencil", edit_center_path(center), t("actions.edit", scope: "decidim.centers"), class: "action-icon--edit" %>
+                  <%= icon_link_to "pencil", edit_center_path(center), t("actions.edit", scope: "decidim.centers.admin.centers"), class: "action-icon--edit" %>
                 <% end %>
 
                 <% if allowed_to? :destroy, :center, center: center %>
-                  <%= icon_link_to "circle-x", center_path(center), t("actions.destroy", scope: "decidim.centers"), method: :delete, class: "action-icon--remove", data: { confirm: t("actions.confirm_destroy", scope: "decidim.centers") } %>
+                  <%= icon_link_to "circle-x", center_path(center), t("actions.destroy", scope: "decidim.centers.admin.centers"), method: :delete, class: "action-icon--remove", data: { confirm: t("actions.confirm_destroy", scope: "decidim.centers.admin.centers") } %>
                 <% end %>
               </td>
             </tr>

data/app/views/decidim/centers/admin/roles/_form.html.erb

@@ -0,0 +1,10 @@
+<div class="card">
+  <div class="card-divider">
+    <h2 class="card-title"><%= title %></h2>
+  </div>
+  <div class="card-section">
+    <div class="row column">
+      <%= form.translated :text_field, :title, autofocus: true %>
+    </div>
+  </div>
+</div>

data/app/views/decidim/centers/admin/roles/edit.html.erb

@@ -0,0 +1,8 @@
+<% add_decidim_page_title(t(".title")) %>
+<%= decidim_form_for(@form, html: { class: "form edit_role" }) do |f| %>
+  <%= render partial: "form", object: f, locals: { title: t(".title") } %>
+
+  <div class="button--double form-general-submit">
+    <%= f.submit t(".save") %>
+  </div>
+<% end %>

data/app/views/decidim/centers/admin/roles/index.html.erb

@@ -0,0 +1,45 @@
+<% add_decidim_page_title(t(".title")) %>
+<div class="card">
+  <div class="card-divider">
+    <h2 class="card-title">
+      <%= t(".title") %>
+      <%= link_to t("actions.new", scope: "decidim.centers.admin.roles", name: t("models.role.name", scope: "decidim.centers.admin")), new_role_path, class: "button tiny button--title" if allowed_to? :create, :role %>
+    </h2>
+  </div>
+
+  <div class="card-section">
+    <div class="table-scroll">
+      <table class="table-list roles">
+        <thead>
+          <tr>
+            <th><%= t("models.role.fields.title", scope: "decidim.centers") %></th>
+            <th><%= t("models.role.fields.created_at", scope: "decidim.centers") %></th>
+            <th class="actions"><%= t("actions.title", scope: "decidim.centers.admin.roles") %></th>
+          </tr>
+        </thead>
+        <tbody>
+          <% roles.each do |role| %>
+            <tr data-id="<%= role.id %>">
+              <td>
+                <%= translated_attribute(role.title) %><br>
+              </td>
+              <td>
+                <%= l role.created_at, format: "%d/%m/%Y - %H:%M" %>
+              </td>
+              <td class="table-list__actions">
+                <% if allowed_to? :update, :role, role: role %>
+                  <%= icon_link_to "pencil", edit_role_path(role), t("actions.edit", scope: "decidim.centers.admin.roles"), class: "action-icon--edit" %>
+                <% end %>
+
+                <% if allowed_to? :destroy, :role, role: role %>
+                  <%= icon_link_to "circle-x", role_path(role), t("actions.destroy", scope: "decidim.centers.admin.roles"), method: :delete, class: "action-icon--remove", data: { confirm: t("actions.confirm_destroy", scope: "decidim.centers.admin.roles") } %>
+                <% end %>
+              </td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+      <%= paginate roles, theme: "decidim" %>
+    </div>
+  </div>
+</div>

data/app/views/decidim/centers/admin/roles/new.html.erb

@@ -0,0 +1,8 @@
+<% add_decidim_page_title(t(".title")) %>
+<%= decidim_form_for(@form, html: { class: "form new_role" }) do |f| %>
+  <%= render partial: "form", object: f, locals: { title: t(".title") } %>
+
+  <div class="button--double form-general-submit">
+      <%= f.submit t(".create") %>
+  </div>
+<% end %>

data/config/locales/en.yml

@@ -6,17 +6,18 @@ en:
         explanation: Get verified with the center of the user
         fields:
           centers: Centers
+          roles: Roles
           scopes: Scopes
         name: Center
     centers:
-      actions:
-        confirm_destroy: Are you sure you want to delete this center?
-        destroy: Delete
-        edit: Edit
-        new: New center
-        title: Actions
       admin:
         centers:
+          actions:
+            confirm_destroy: Are you sure you want to delete this center?
+            destroy: Delete
+            edit: Edit
+            new: New center
+            title: Actions
           create:
             invalid: There was a problem creating this center
             success: Center successfully created
@@ -36,16 +37,49 @@ en:
         models:
           center:
             name: Center
+          role:
+            name: Role
+        roles:
+          actions:
+            confirm_destroy: Are you sure you want to delete this role?
+            destroy: Delete
+            edit: Edit
+            new: New role
+            title: Actions
+          create:
+            invalid: There was a problem creating this role
+            success: Role successfully created
+          destroy:
+            success: Role successfully deleted
+          edit:
+            save: Update
+            title: Edit role
+          index:
+            title: Roles
+          new:
+            create: Create
+            title: Create role
+          update:
+            invalid: There was a problem saving the role.
+            success: Role successfully saved
       admin_log:
         center:
           create: "%{user_name} created the %{resource_name} center"
           delete: "%{user_name} deleted the %{resource_name} center"
           update: "%{user_name} updated the %{resource_name} center"
+        role:
+          create: "%{user_name} created the %{resource_name} role"
+          delete: "%{user_name} deleted the %{resource_name} role"
+          update: "%{user_name} updated the %{resource_name} role"
       authorizations:
         new:
-          error: The user has no center or scope configured
+          error: The user has no center, role or scope configured
       models:
         center:
           fields:
             created_at: Created at
             title: Title
+        role:
+          fields:
+            created_at: Created at
+            title: Title

data/db/migrate/20241204134913_create_decidim_centers_roles.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class CreateDecidimCentersRoles < ActiveRecord::Migration[6.1]
+  def change
+    create_table :decidim_centers_roles do |t|
+      t.references :decidim_organization, foreign_key: true, index: true
+      t.jsonb :title, null: false
+      t.datetime :deleted_at
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20241204135138_create_decidim_centers_role_users.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class CreateDecidimCentersRoleUsers < ActiveRecord::Migration[6.1]
+  def change
+    create_table :decidim_centers_role_users do |t|
+      t.references :decidim_centers_role, foreign_key: true, index: { name: "index_decidim_role_users_on_decidim_role_id" }
+      t.references :decidim_user, foreign_key: true, index: { name: "index_decidim_role_users_on_decidim_user_id" }
+
+      t.timestamps
+    end
+  end
+end

data/lib/decidim/centers/admin_engine.rb

@@ -11,6 +11,7 @@ module Decidim
 
       routes do
         resources :centers
+        resources :roles
         resources :scopes, only: :index
         root to: "centers#index"
       end
@@ -29,6 +30,12 @@ module Decidim
                         icon_name: "home",
                         position: 15,
                         active: :inclusive
+          menu.add_item :roles,
+                        I18n.t("menu.roles", scope: "decidim.admin", default: "Roles"),
+                        decidim_admin_centers.roles_path,
+                        icon_name: "members",
+                        position: 16,
+                        active: :inclusive
         end
       end
 

data/lib/decidim/centers/engine.rb

@@ -54,6 +54,7 @@ module Decidim
       initializer "decidim_centers.sync" do
         ActiveSupport::Notifications.subscribe "decidim.centers.user.updated" do |_name, data|
           Decidim::Centers::SyncCenterUserJob.perform_now(data)
+          Decidim::Centers::SyncRoleUserJob.perform_now(data) if Decidim::Centers.roles_enabled
           Decidim::Centers::SyncScopeUserJob.perform_now(data) if Decidim::Centers.scopes_enabled
           Decidim::Centers::AutoVerificationJob.perform_later(data[:user_id])
         end
@@ -66,6 +67,7 @@ module Decidim
 
           workflow.options do |options|
             options.attribute :centers, type: :string
+            options.attribute :roles, type: :string if Decidim::Centers.roles_enabled
             options.attribute :scopes, type: :string if Decidim::Centers.scopes_enabled
           end
         end

data/lib/decidim/centers/test/factories.rb

@@ -18,6 +18,21 @@ FactoryBot.define do
     center { create :center, organization: user.organization }
   end
 
+  factory :role, class: "Decidim::Centers::Role" do
+    organization { create :organization }
+    title { generate_localized_title }
+    deleted_at { nil }
+
+    trait :deleted do
+      deleted_at { Time.current }
+    end
+  end
+
+  factory :role_user, class: "Decidim::Centers::RoleUser" do
+    user { create :user }
+    role { create :role, organization: user.organization }
+  end
+
   factory :scope_user, class: "Decidim::Centers::ScopeUser" do
     user { create :user }
     scope { create :scope, organization: user.organization }

data/lib/decidim/centers/test/shared_contexts.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 
-def check_center_authorization(authorization, user, center, scope = nil)
+def check_center_authorization(authorization, user, center, scope: nil, role: nil)
   expect(authorization.name).to eq("center")
   expect(authorization.user).to eq(user)
   expect(authorization.metadata["centers"]).to include(center.id)
   expect(authorization.metadata["scopes"]).to include(scope.id) if scope
+  expect(authorization.metadata["roles"]).to include(role.id) if role
 end
 
 shared_examples_for "no authorization is created" do
@@ -20,3 +21,11 @@ shared_context "with scopes disabled" do
     allow(Decidim::Centers).to receive(:scopes_enabled).and_return(false)
   end
 end
+
+shared_context "with roles disabled" do
+  let(:role) { nil }
+
+  before do
+    allow(Decidim::Centers).to receive(:roles_enabled).and_return(false)
+  end
+end

data/lib/decidim/centers/verifications/center_action_authorizer.rb

@@ -9,7 +9,7 @@ module Decidim
 
           status_code = :unauthorized
           return [status_code, { fields: { centers: "..." } }] if authorization_centers.blank?
-          return [:ok, {}] if belongs_to_center? && belongs_to_scope?
+          return [:ok, {}] if belongs_to_center? && belongs_to_scope? && belongs_to_role?
 
           [status_code, {}]
         end
@@ -20,6 +20,12 @@ module Decidim
           options["centers"]&.split(",") || []
         end
 
+        def options_roles
+          return [] unless Decidim::Centers.roles_enabled
+
+          options["roles"]&.split(",") || []
+        end
+
         def options_scopes
           return [] unless Decidim::Centers.scopes_enabled
 
@@ -30,6 +36,10 @@ module Decidim
           authorization.metadata["centers"] || []
         end
 
+        def authorization_roles
+          authorization.metadata["roles"] || []
+        end
+
         def authorization_scopes
           authorization.metadata["scopes"] || []
         end
@@ -38,6 +48,12 @@ module Decidim
           options_centers.empty? || options_centers.detect { |center| authorization_centers.include? center.to_i }
         end
 
+        def belongs_to_role?
+          return true unless Decidim::Centers.roles_enabled
+
+          options_roles.empty? || options_roles.detect { |center| authorization_roles.include? center.to_i }
+        end
+
         def belongs_to_scope?
           return true unless Decidim::Centers.scopes_enabled
 

data/lib/decidim/centers/version.rb

@@ -3,7 +3,7 @@
 module Decidim
   # This holds the decidim-centers version.
   module Centers
-    VERSION = "0.1.1"
+    VERSION = "0.2.0"
     DECIDIM_VERSION = "0.27.4"
     COMPAT_DECIDIM_VERSION = [">= 0.27.0", "< 0.28"].freeze
   end

data/lib/decidim/centers.rb

@@ -15,5 +15,10 @@ module Decidim
     config_accessor :scopes_enabled do
       Decidim::Env.new("DECIDIM_CENTERS_SCOPES_ENABLED", true).default_or_present_if_exists
     end
+
+    # if false, it won't ask the user for the role
+    config_accessor :roles_enabled do
+      Decidim::Env.new("DECIDIM_CENTERS_ROLES_ENABLED", true).default_or_present_if_exists
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: decidim-centers
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Francisco Bolívar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-13 00:00:00.000000000 Z
+date: 2024-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: decidim-core
@@ -59,9 +59,13 @@ files:
 - app/commands/concerns/decidim/centers/publish_center_update_event.rb
 - app/commands/concerns/decidim/centers/update_account_override.rb
 - app/commands/decidim/centers/admin/create_center.rb
+- app/commands/decidim/centers/admin/create_role.rb
 - app/commands/decidim/centers/admin/destroy_center.rb
+- app/commands/decidim/centers/admin/destroy_role.rb
 - app/commands/decidim/centers/admin/update_center.rb
+- app/commands/decidim/centers/admin/update_role.rb
 - app/commands/decidim/centers/create_or_update_center_user.rb
+- app/commands/decidim/centers/create_or_update_role_user.rb
 - app/commands/decidim/centers/create_or_update_scope_user.rb
 - app/controllers/concerns/decidim/centers/admin/needs_select2_snippets.rb
 - app/controllers/concerns/decidim/centers/devise/omniauth_registrations_controller_override.rb
@@ -69,19 +73,24 @@ files:
 - app/controllers/concerns/decidim/centers/with_scopes_helper.rb
 - app/controllers/decidim/centers/admin/application_controller.rb
 - app/controllers/decidim/centers/admin/centers_controller.rb
+- app/controllers/decidim/centers/admin/roles_controller.rb
 - app/controllers/decidim/centers/admin/scopes_controller.rb
 - app/forms/concerns/decidim/centers/account_form_override.rb
 - app/forms/decidim/centers/admin/center_form.rb
+- app/forms/decidim/centers/admin/role_form.rb
 - app/forms/decidim/centers/verifications/center.rb
 - app/helpers/decidim/centers/application_helper.rb
 - app/jobs/decidim/centers/auto_verification_job.rb
 - app/jobs/decidim/centers/sync_center_user_job.rb
+- app/jobs/decidim/centers/sync_role_user_job.rb
 - app/jobs/decidim/centers/sync_scope_user_job.rb
 - app/models/concerns/decidim/centers/unique_by_user.rb
 - app/models/concerns/decidim/centers/user_override.rb
 - app/models/decidim/centers/application_record.rb
 - app/models/decidim/centers/center.rb
 - app/models/decidim/centers/center_user.rb
+- app/models/decidim/centers/role.rb
+- app/models/decidim/centers/role_user.rb
 - app/models/decidim/centers/scope_user.rb
 - app/overrides/decidim/account/show/centers.html.erb.deface
 - app/overrides/decidim/devise/omniauth_registrations/new/centers.html.erb.deface
@@ -91,18 +100,25 @@ files:
 - app/packs/stylesheets/vendor/select2_foundation_theme.scss
 - app/permissions/decidim/centers/admin/permissions.rb
 - app/presenters/decidim/centers/admin_log/center_presenter.rb
+- app/presenters/decidim/centers/admin_log/role_presenter.rb
 - app/views/decidim/centers/_profile_form.html.erb
 - app/views/decidim/centers/_registration_form.html.erb
 - app/views/decidim/centers/admin/centers/_form.html.erb
 - app/views/decidim/centers/admin/centers/edit.html.erb
 - app/views/decidim/centers/admin/centers/index.html.erb
 - app/views/decidim/centers/admin/centers/new.html.erb
+- app/views/decidim/centers/admin/roles/_form.html.erb
+- app/views/decidim/centers/admin/roles/edit.html.erb
+- app/views/decidim/centers/admin/roles/index.html.erb
+- app/views/decidim/centers/admin/roles/new.html.erb
 - config/assets.rb
 - config/i18n-tasks.yml
 - config/locales/en.yml
 - db/migrate/20231129114029_create_decidim_centers_centers.rb
 - db/migrate/20231130125631_create_decidim_centers_center_users.rb
 - db/migrate/20231205153627_create_decidim_centers_scope_users.rb
+- db/migrate/20241204134913_create_decidim_centers_roles.rb
+- db/migrate/20241204135138_create_decidim_centers_role_users.rb
 - lib/decidim/centers.rb
 - lib/decidim/centers/admin.rb
 - lib/decidim/centers/admin_engine.rb