decidim-core 0.0.1.alpha7 → 0.0.1.alpha8

data/app/models/decidim/ability.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+module Decidim
+  # Defines the abilities for a User. Intended to be used with `cancancan`.
+  class Ability
+    include CanCan::Ability
+
+    # Initializes the ability class for the given user. Automatically merges
+    # injected abilities fmor the configuration. In order to inject more
+    # abilities, add this code in the `engine.rb` file of your own engine, for
+    # example, inside an initializer:
+    #
+    #   Decidim.configure do |config|
+    #     config.abilities << Decidim::MyEngine::Abilities::MyAbility
+    #   end
+    #
+    # Note that, in development, this will force you to restart the server
+    # every time you change things in your ability classes.
+    #
+    # user - the User that needs its abilities checked.
+    def initialize(user)
+      Decidim.abilities.each do |ability|
+        merge ability.new(user)
+      end
+
+      can :manage, Authorization do |authorization|
+        authorization.user == user
+      end
+
+      can :read, :user_account if user
+    end
+  end
+end

data/app/models/decidim/authorization.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module Decidim
+  # An authorization is a record that a User has been authorized somehow. Other
+  # models in the system can use different kind of authorizations to allow a
+  # user to perform actions.
+  #
+  # To create an authorization for a user we need to use an
+  # AuthorizationHandler that validates the user against a set of rules. An
+  # example could be a handler that validates a user email against an API and
+  # depending on the response it allows the creation of the authorization or
+  # not.
+  class Authorization < ApplicationRecord
+    belongs_to :user, foreign_key: "decidim_user_id", class_name: Decidim::User, inverse_of: :authorizations
+
+    validates :name, :user, :handler, presence: true
+    validates :name, uniqueness: { scope: :decidim_user_id }
+
+    # The handler that created this authorization.
+    #
+    # Returns an instance that inherits from Decidim::AuthorizationHandler.
+    def handler
+      @handler ||= AuthorizationHandler.handler_for(name, metadata)
+    end
+  end
+end

data/app/models/decidim/participatory_process.rb

@@ -7,11 +7,36 @@ module Decidim
   # active.
   class ParticipatoryProcess < ApplicationRecord
     belongs_to :organization, foreign_key: "decidim_organization_id", class_name: Decidim::Organization
+    has_many :steps, -> { order(position: :asc) }, foreign_key: "decidim_participatory_process_id", class_name: Decidim::ParticipatoryProcessStep
+    has_one :active_step, -> { where(active: true) }, foreign_key: "decidim_participatory_process_id", class_name: Decidim::ParticipatoryProcessStep
+
+    attr_readonly :active_step
 
     validates :slug, presence: true
     validates :slug, uniqueness: true
 
     mount_uploader :hero_image, Decidim::HeroImageUploader
     mount_uploader :banner_image, Decidim::BannerImageUploader
+
+    # Scope to return only the published processes.
+    #
+    # Returns an ActiveRecord::Relation.
+    def self.published
+      where.not(published_at: nil)
+    end
+
+    # Scope to return only the promoted processes.
+    #
+    # Returns an ActiveRecord::Relation.
+    def self.promoted
+      where(promoted: true)
+    end
+
+    # Checks whether the process has been published or not.
+    #
+    # Returns a boolean.
+    def published?
+      published_at.present?
+    end
   end
 end

data/app/models/decidim/participatory_process_step.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+module Decidim
+  # A ParticipatoryProcess is composed of many steps that hold different
+  # features that will show up in the depending on what step is currently
+  # active.
+  class ParticipatoryProcessStep < ApplicationRecord
+    belongs_to :participatory_process, foreign_key: "decidim_participatory_process_id", class_name: Decidim::ParticipatoryProcess
+    has_one :organization, through: :participatory_process
+
+    validates :start_date, date: { before: :end_date, allow_blank: true, if: proc { |obj| obj.end_date.present? } }
+    validates :end_date, date: { after: :start_date, allow_blank: true, if: proc { |obj| obj.start_date.present? } }
+
+    validates :active, uniqueness: { scope: :decidim_participatory_process_id }, if: proc { |step| step.active? }
+
+    validates :position, numericality: { greater_than_or_equal_to: 0, only_integer: true }, allow_blank: true
+    validates :position, uniqueness: { scope: :decidim_participatory_process_id }
+
+    before_create :set_position
+
+    private
+
+    # Internal: Sets the position of the step if it is `nil`. That means that
+    # when the step is the first of the process, and no position is set
+    # manually, it will be set to 0, and when it is not the only one it will be
+    # set to the last step's position + 1.
+    #
+    # Note: This allows manual positioning, but there is a validation that
+    # forbids two steps from the same proccess to have the same position. Take
+    # that into account. It would be best if you did not use manual
+    # positioning.
+    def set_position
+      return if position.present?
+      return self.position = 0 if participatory_process.steps.empty?
+
+      self.position = participatory_process.steps.pluck(:position).last + 1
+    end
+  end
+end

data/app/models/decidim/user.rb

@@ -8,11 +8,13 @@ module Decidim
            :recoverable, :rememberable, :trackable, :decidim_validatable
 
     belongs_to :organization, foreign_key: "decidim_organization_id", class_name: Decidim::Organization
+    has_many :authorizations, foreign_key: "decidim_user_id", class_name: Decidim::Authorization, inverse_of: :user
 
     ROLES = %w(admin moderator official).freeze
 
     validates :organization, :name, presence: true
     validates :locale, inclusion: { in: I18n.available_locales.map(&:to_s) }, allow_blank: true
+    validates :tos_agreement, acceptance: true, allow_nil: false, on: :create
     validate :all_roles_are_valid
 
     # Public: Allows customizing the invitation instruction email content when
@@ -21,6 +23,23 @@ module Decidim
     # Returns a String.
     attr_accessor :invitation_instructions
 
+    delegate :can?, to: :ability
+
+    # Gets the ability instance for the given user.
+    def ability
+      @ability ||= Ability.new(self)
+    end
+
+    # Checks if the user has the given `role` or not.
+    #
+    # role - a String or a Symbol that represents the role that is being
+    #   checked
+    #
+    # Returns a boolean.
+    def role?(role)
+      roles.include?(role.to_s)
+    end
+
     private
 
     def all_roles_are_valid

data/app/services/decidim/authorization_handler.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+module Decidim
+  # This is the base class for authorization handlers, all implementations
+  # should inherit from it.
+  # Each AuthorizationHandler must define an `authorized?` method that will be
+  # used to check if the authorization is valid or not. When it is valid a new
+  # authorization will be created for the user.
+  #
+  # It also sets two default attributes, `user` and `handler_name`.
+  class AuthorizationHandler < Rectify::Form
+    # The user that is trying to authorize, it's initialized with the
+    # `current_user` from the controller.
+    attribute :user, Decidim::User
+    # The String name of the handler, should not be modified since it's used to
+    # infer the class name of the authorization handler.
+    attribute :handler_name, String
+
+    # THe attributes of the handler that should be exposed as form input when
+    # rendering the handler in a form.
+    #
+    # Returns an Array of Strings.
+    def form_attributes
+      attributes.except(:id, :user).keys
+    end
+
+    # Whether the authorization is valid or not. Each AuthorizationHandler
+    # implementation must implemement this method. This is were you check for
+    # validation errors or against third party systems to validate the
+    # authorization.
+    #
+    # Returns a Boolean.
+    def authorized?
+      raise NotImplementedError
+    end
+
+    # The String partial path so Rails can render the handler as a form. This
+    # is useful if you want to have a custom view to render the form instead of
+    # the default view.
+    #
+    # Example:
+    #
+    #   A handler named Decidim::CensusHandler would look for its partial in:
+    #   decidim/census/form
+    #
+    # Returns a String.
+    def to_partial_path
+      handler_name.sub!(/_handler$/, "") + "/form"
+    end
+
+    # Any data that the developer would like to inject to the `metadata` field
+    # of an authorization when it's created. Can be useful if some of the
+    # params the user sent with the authorization form want to be persisted for
+    # future use.
+    #
+    # Returns a Hash.
+    def metadata
+      {}
+    end
+
+    # A serialized version of the handler's name.
+    #
+    # Returns a String.
+    def self.handler_name
+      name.underscore
+    end
+
+    # Same as the class method but accessible from the instance.
+    #
+    # Returns a String.
+    def handler_name
+      self.class.handler_name
+    end
+
+    # Finds a handler class from a String. This is necessary when processing
+    # the form data. It will only look for valid handlers that have also been
+    # configured in `Decidim.authorization_handlers`.
+    #
+    # name - The String name of the class to find, usually in the same shape as
+    # the one returned by `handler_name`.
+    # params - An optional Hash with params to initialize the handler.
+    #
+    # Returns an AuthorizationHandler descendant.
+    # Returns nil when no handlers could be found.
+    def self.handler_for(name, params = {})
+      handler_klass = name.classify.constantize
+
+      return unless Decidim.authorization_handlers.include?(handler_klass)
+
+      handler_klass.new(params || {})
+    rescue NameError
+      nil
+    end
+  end
+end

data/app/uploaders/decidim/application_uploader.rb

@@ -4,8 +4,6 @@ module Decidim
   # hold the uploads configuration, so you should inherit from this class and
   # then tweak any configuration you need.
   class ApplicationUploader < CarrierWave::Uploader::Base
-    storage :file
-
     # Override the directory where uploaded files will be stored.
     # This is a sensible default for uploaders that are meant to be mounted:
     def store_dir

data/app/views/decidim/account/_authorizations.html.erb

@@ -0,0 +1,52 @@
+<div class="tabs-panel" id="authorizations">
+  <div class="row column">
+    <% if authorizations.any? %>
+      <section class="section">
+        <div class="card card--list">
+          <% authorizations.each do |authorization| %>
+            <div class="card--list__item">
+              <div class="card--list__text">
+                <%= icon "lock-unlocked", class: "card--list__icon" %>
+                <div>
+                  <h5 class="card--list__heading">
+                    <%= t(authorization.name, scope: "decidim.authorization_handlers") %>
+                  </h5>
+                  <span class="text-small"><%= l(authorization.created_at, format: :long) %></span>
+                </div>
+              </div>
+              <div class="card--list__data">
+                <%= link_to authorization, method: :delete, class: "card--list__data__icon", data: { confirm: t(".authorization_confirm_destroy") } do %>
+                  <%= icon "circle-x" %>
+                <% end %>
+              </div>
+            </div>
+          <% end %>
+        </div>
+      <% end %>
+      <% if handlers.any? %>
+        <div class="card card--list">
+          <% handlers.each do |handler| %>
+            <div class="card--list__item">
+              <div class="card--list__text">
+                <a href="#">
+                  <%= icon "lock-locked", class: "card--list__icon" %>
+                </a>
+                <div>
+                  <h5 class="card--list__heading">
+                    <%= link_to t(handler.handler_name, scope: "decidim.authorization_handlers"), new_authorization_path(handler: handler.handler_name) %>
+                  </h5>
+                </div>
+              </div>
+              <div class="card--list__data">
+                <%= link_to new_authorization_path(handler: handler.handler_name), class: "card--list__data__icon" do %>
+                  <%= icon "chevron-right" %>
+                <% end %>
+              </div>
+            </div>
+          <% end %>
+        </div>
+      </section>
+    <% end %>
+  </div>
+</div>
+

data/app/views/decidim/account/show.html.erb

@@ -0,0 +1,32 @@
+<main class="wrapper">
+<div class="row collapse">
+  <div class="columns">
+    <h1 class="heading1 user-header"><%= t(".title") %></h1>
+  </div>
+</div>
+<div class="row collapse">
+  <div class="main-container">
+    <div class="row collapse main-container--side-panel">
+      <div class="columns medium-4 large-3">
+        <div class="side-panel">
+          <ul class="tabs vertical side-panel__tabs" id="user-settings-tabs"
+            data-tabs>
+            <% if handlers.any? || authorizations.any? %>
+              <li class="tabs-title">
+                <a href="#authorizations"><%= t(".authorizations") %></a>
+              </li>
+            <% end %>
+          </ul>
+        </div>
+      </div>
+      <div class="columns medium-8 large-9">
+        <div class="main-container__content">
+          <div class="tabs-content vertical" data-tabs-content="user-settings-tabs">
+            <%= render partial: "authorizations" %>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+</main>

data/app/views/decidim/authorizations/index.html.erb

@@ -0,0 +1,22 @@
+<main class="wrapper">
+  <div class="row collapse">
+    <div class="row collapse">
+      <div class="columns large-8 large-centered text-center">
+        <h1 class="heading1 page-title"><%= t(".title") %></h1>
+        <p class="heading5"><%= t(".verify_with_these_options") %></p>
+      </div>
+    </div>
+    <div class="row">
+      <div class="columns medium-7 large-5 medium-centered">
+        <div class="card">
+          <div class="card__content">
+            <% handlers.each do |handler| %>
+              <%= link_to t(handler.handler_name, scope: "decidim.authorizations.index.actions"), new_authorization_path(handler: handler.handler_name), class: "button expanded" %>
+            <% end %>
+            <p class="text-center skip"><%= t("decidim.authorizations.skip_verification", link: link_to(t("decidim.authorizations.current_participatory_processes"), participatory_processes_path).html_safe).html_safe %>.</p>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</main>

data/app/views/decidim/authorizations/new.html.erb

@@ -0,0 +1,29 @@
+<main class="wrapper">
+  <div class="row collapse">
+    <div class="row collapse">
+      <div class="columns large-8 large-centered text-center page-title">
+        <h1><%= t(".authorize_with", authorizer: t(handler.handler_name, scope: "decidim.authorization_handlers")) %></h1>
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="columns large-6 medium-centered">
+        <div class="card">
+          <div class="card__content">
+            <%= authorization_form_for(handler) do |form| %>
+              <% if lookup_context.exists?(handler.to_partial_path, [], true) %>
+                <%= render partial: handler, as: "handler", locals: { form: form } %>
+              <% else %>
+                <%= form.all_fields %>
+                <div class="actions">
+                  <%= form.submit t(".authorize"), class: "button expanded" %>
+                </div>
+              <% end %>
+            <% end %>
+            <p class="text-center skip"><%= t("decidim.authorizations.skip_verification", link: link_to(t("decidim.authorizations.current_participatory_processes"), participatory_processes_path).html_safe).html_safe %>.</p>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</main>

data/app/views/decidim/devise/confirmations/new.html.erb

@@ -1,15 +1,31 @@
-<h2><%= t("devise.confirmations.new.resend_confirmation_instructions") %></h2>
+<main class="wrapper">
+<div class="row collapse">
+  <div class="row collapse">
+    <div class="columns large-8 large-centered text-center page-title">
+      <h1><%= t("devise.confirmations.new.resend_confirmation_instructions") %></h1>
+    </div>
+  </div>
 
-<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
-  <%= devise_error_messages! %>
+  <div class="row">
+    <div class="columns medium-7 large-5 medium-centered">
+      <div class="card">
+        <div class="card__content">
+          <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post, class: "register-form new_user" }) do |f| %>
+            <%= devise_error_messages! %>
 
-  <div class="field">
-    <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
-  </div>
+            <div class="field">
+              <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
+            </div>
 
-  <div class="actions">
-    <%= f.submit t("devise.confirmations.new.resend_confirmation_instructions") %>
-  </div>
-<% end %>
+            <div class="actions">
+              <%= f.submit t("devise.confirmations.new.resend_confirmation_instructions"), class: "button expanded" %>
+            </div>
+          <% end %>
 
-<%= render "decidim/devise/shared/links" %>
+          <%= render "decidim/devise/shared/links" %>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+</main>