decidim-core 0.11.2 → 0.12.0.pre

data/app/controllers/decidim/notifications_settings_controller.rb

@@ -6,12 +6,12 @@ module Decidim
     include Decidim::UserProfile
 
     def show
-      authorize! :show, current_user
+      enforce_permission_to :read, :user, current_user: current_user
       @notifications_settings = form(NotificationsSettingsForm).from_model(current_user)
     end
 
     def update
-      authorize! :update, current_user
+      enforce_permission_to :update, :user, current_user: current_user
       @notifications_settings = form(NotificationsSettingsForm).from_params(params)
 
       UpdateNotificationsSettings.call(current_user, @notifications_settings) do

data/app/controllers/decidim/pages_controller.rb

@@ -1,29 +1,31 @@
 # frozen_string_literal: true
 
-require_dependency "decidim/page_finder"
-
 module Decidim
   # This controller serves static pages using HighVoltage.
   class PagesController < Decidim::ApplicationController
-    include HighVoltage::StaticPage
-
     layout "layouts/decidim/application"
 
-    authorize_resource :public_pages, class: false
-    delegate :page, to: :page_finder
     helper_method :page, :stats
     helper CtaButtonHelper
     helper Decidim::SanitizeHelper
     skip_before_action :store_current_location
 
     def index
-      @pages = current_organization.static_pages.all.to_a.sort do |a, b|
-        a.title[I18n.locale.to_s] <=> b.title[I18n.locale.to_s]
+      enforce_permission_to :read, :public_page
+      @pages = current_organization.static_pages.sorted_by_i18n_title
+    end
+
+    def show
+      enforce_permission_to :read, :public_page, page: page
+      if params[:id] == "home"
+        render :home
+      else
+        render :decidim_page
       end
     end
 
-    def page_finder
-      @page_finder ||= Decidim::PageFinder.new(params[:id], current_organization)
+    def page
+      @page ||= current_organization.static_pages.find_by(slug: params[:id])
     end
 
     private

data/app/controllers/decidim/profiles_controller.rb

@@ -3,13 +3,14 @@
 module Decidim
   # The controller to handle the user's public profile page.
   class ProfilesController < Decidim::ApplicationController
-    skip_authorization_check
-
     helper Decidim::Messaging::ConversationHelper
 
-    helper_method :user
+    helper_method :user, :active_content
 
-    def show; end
+    def show
+      return redirect_to profile_notifications_path(nickname: params[:nickname]) if current_user == user && params[:active].blank?
+      return redirect_to profile_path(nickname: params[:nickname]) if current_user != user && params[:active] == "notifications"
+    end
 
     private
 
@@ -19,5 +20,10 @@ module Decidim
         organization: current_organization
       )
     end
+
+    def active_content
+      return "following" if current_user != user && params[:active].blank?
+      params[:active].presence
+    end
   end
 end

data/app/controllers/decidim/reports_controller.rb

@@ -4,10 +4,12 @@ module Decidim
   # Exposes the report resource so users can report a reportable.
   class ReportsController < Decidim::ApplicationController
     include FormFactory
+    include NeedsPermission
+
     before_action :authenticate_user!
 
     def create
-      authorize! :report, reportable
+      enforce_permission_to :create, :moderation
 
       @form = form(Decidim::ReportForm).from_params(params)
 
@@ -29,5 +31,16 @@ module Decidim
     def reportable
       @reportable ||= GlobalID::Locator.locate_signed params[:sgid]
     end
+
+    def permission_class_chain
+      [
+        reportable.participatory_space.manifest.permissions_class,
+        Decidim::Permissions
+      ]
+    end
+
+    def permission_scope
+      :public
+    end
   end
 end

data/app/controllers/decidim/scopes_controller.rb

@@ -6,10 +6,10 @@ module Decidim
     skip_before_action :store_current_location
 
     def picker
-      authorize! :pick, Scope
+      enforce_permission_to :pick, :scope
 
       title = params[:title] || t("decidim.scopes.picker.title", field: params[:field]&.downcase)
-      root = Scope.find(params[:root]) if params[:root]
+      root = current_organization.scopes.find(params[:root]) if params[:root]
       context = root ? { root: root.id, title: title } : { title: title }
       required = params[:required] && params[:required] != "false"
       if params[:current]
@@ -18,7 +18,7 @@ module Decidim
         parent_scopes = current.part_of_scopes(root)
       else
         current = root
-        scopes = root&.children || Scope.top_level
+        scopes = root&.children || current_organization.scopes.top_level
         parent_scopes = [root].compact
       end
       render :picker, layout: nil, locals: { required: required, title: title, root: root, current: current, scopes: scopes.order(name: :asc),

data/app/controllers/decidim/searches_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Decidim
+  class SearchesController < Decidim::ApplicationController
+    include Rectify::ControllerHelpers
+    include FormFactory
+    include FilterResource
+    include Paginable
+
+    helper Decidim::FiltersHelper
+    helper_method :term
+
+    def index
+      Search.call(term, current_organization, filters) do
+        on(:ok) do |results|
+          expose(results: results)
+        end
+      end
+    end
+
+    private
+
+    def default_filter_params
+      {
+        term: params[:term],
+        resource_type: nil,
+        decidim_scope_id: nil
+      }
+    end
+
+    def term
+      @term ||= filter_params[:term]
+    end
+
+    def filters
+      filter_params
+    end
+  end
+end

data/app/controllers/decidim/static_map_controller.rb

@@ -2,8 +2,6 @@
 
 module Decidim
   class StaticMapController < Decidim::ApplicationController
-    skip_authorization_check
-
     def show
       send_data StaticMapGenerator.new(resource).data, type: "image/jpeg", disposition: "inline"
     end

data/app/controllers/decidim/tos_controller.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Decidim
+  # The controller to handle the current user's
+  # Terms and Conditions agreement.
+  class TosController < Decidim::ApplicationController
+    skip_before_action :store_current_location
+
+    def accept_tos
+      current_user.accepted_tos_version = Time.current
+      if current_user.save!
+        flash[:notice] = t("accept.success", scope: "decidim.pages.terms_and_conditions")
+        redirect_to after_sign_in_path_for current_user
+      else
+        flash[:alert] = t("accept.error", scope: "decidim.pages.terms_and_conditions")
+        redirect_to decidim.page_path tos_page
+      end
+    end
+  end
+end

data/app/controllers/decidim/widgets_controller.rb

@@ -2,7 +2,6 @@
 
 module Decidim
   class WidgetsController < Decidim::ApplicationController
-    skip_authorization_check only: :show
     skip_before_action :verify_authenticity_token
     after_action :allow_iframe, only: :show
     helper ResourceHelper

data/app/forms/decidim/follow_form.rb

@@ -8,6 +8,7 @@ module Decidim
     attribute :followable_gid, String
 
     validates :followable_gid, :followable, presence: true
+    validates :followable, exclusion: { in: ->(form) { [form.current_user] } }
 
     def followable
       @followable ||= GlobalID::Locator.locate_signed followable_gid

data/app/forms/decidim/registration_form.rb

@@ -20,9 +20,10 @@ module Decidim
 
     validates :sign_up_as, inclusion: { in: %w(user user_group) }
     validates :name, presence: true
-    validates :nickname, presence: true
+    validates :nickname, presence: true, length: { maximum: Decidim::User.nickname_max_length }
     validates :email, presence: true, 'valid_email_2/email': { disposable: true }
     validates :password, presence: true, confirmation: true, length: { in: Decidim::User.password_length }
+    validates :password_confirmation, presence: true
     validates :tos_agreement, allow_nil: false, acceptance: true
 
     validates :user_group_name, presence: true, if: :user_group?

data/app/helpers/decidim/card_helper.rb

@@ -10,6 +10,8 @@ module Decidim
     #
     # Returns an HTML.
     def card_for(model, options = {})
+      options = { context: { current_user: current_user } }.merge(options)
+
       cell "decidim/card", model, options
     end
   end

data/app/helpers/decidim/cells_paginate_helper.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Decidim
+  module CellsPaginateHelper
+    include Kaminari::Helpers::HelperMethods
+    include ActionView::Helpers::OutputSafetyHelper
+    include ActionView::Helpers::TranslationHelper
+    include Cell::ViewModel::Partial
+    include Decidim::PaginateHelper
+
+    def paginate(scope, options = {}, &block)
+      options = options.reverse_merge(views_prefix: "../views/")
+      super
+    end
+  end
+end

data/app/helpers/decidim/cta_button_helper.rb

@@ -6,7 +6,7 @@ module Decidim
     # Renders the Call To Action button. Link and text can be configured
     # per organization.
     def cta_button
-      button_text = translated_attribute(current_organization.cta_button_text).presence || t("pages.home.hero.participate")
+      button_text = translated_attribute(current_organization.cta_button_text).presence || t("decidim.pages.home.hero.participate")
 
       link_to button_text, cta_button_path, class: "hero-cta button expanded large button--sc"
     end

data/app/helpers/decidim/decidim_form_helper.rb

@@ -185,5 +185,9 @@ module Decidim
 
       alert_box(record.errors.full_messages_for(:base).join(","), "alert", false)
     end
+
+    def foundation_datepicker_locale_tag
+      javascript_include_tag "datepicker-locales/foundation-datepicker.#{I18n.locale}.js" if I18n.locale != :en
+    end
   end
 end

data/app/helpers/decidim/icon_helper.rb

@@ -3,6 +3,8 @@
 module Decidim
   # Helpers related to icons
   module IconHelper
+    include Decidim::LayoutHelper
+
     # Public: Returns an icon given an instance of a Component. It defaults to
     # a question mark when no icon is found.
     #

data/app/helpers/decidim/resource_helper.rb

@@ -16,9 +16,8 @@ module Decidim
     # Returns nothing.
     def linked_resources_for(resource, type, link_name)
       linked_resources = resource.linked_resources(type, link_name).group_by { |linked_resource| linked_resource.class.name }
-      safe_join(linked_resources.map do |klass, resources|
-        next unless resources.any? { |r| r.component.published? }
 
+      safe_join(linked_resources.map do |klass, resources|
         resource_manifest = klass.constantize.resource_manifest
         content_tag(:div, class: "section") do
           i18n_name = "#{resource.class.name.demodulize.underscore}_#{resource_manifest.name}"

data/app/helpers/decidim/scopes_helper.rb

@@ -13,7 +13,9 @@ module Decidim
     #
     # Returns boolean.
     def has_visible_scopes?(resource)
-      resource.participatory_space.scopes_enabled? && resource.scope.present? && resource.participatory_space.scope != resource.scope
+      resource.participatory_space.scopes_enabled? &&
+        resource.scope.present? &&
+        resource.participatory_space.scope != resource.scope
     end
 
     # Retrieves the translated name and type for an scope.
@@ -22,13 +24,11 @@ module Decidim
     #
     # Returns a string
     def scope_name_for_picker(scope, global_name)
-      if scope
-        name = translated_attribute(scope.name)
-        name << " (#{translated_attribute(scope.scope_type.name)})" if scope.scope_type
-        name
-      else
-        global_name
-      end
+      return global_name unless scope
+
+      name = translated_attribute(scope.name)
+      name << " (#{translated_attribute(scope.scope_type.name)})" if scope.scope_type
+      name
     end
 
     # Renders a scopes picker field in a form.
@@ -66,8 +66,15 @@ module Decidim
     # Returns nothing.
     def scopes_picker_filter(form, name)
       form.scopes_picker name, multiple: true, legend_title: I18n.t("decidim.scopes.scopes"), label: false do |scope|
-        { url: decidim.scopes_picker_path(root: try(:current_participatory_space)&.scope, current: scope&.id, title: I18n.t("decidim.scopes.prompt"), global_value: "global"),
-          text: scope_name_for_picker(scope, I18n.t("decidim.scopes.prompt")) }
+        {
+          url: decidim.scopes_picker_path(
+            root: try(:current_participatory_space)&.scope,
+            current: scope&.id,
+            title: I18n.t("decidim.scopes.prompt"),
+            global_value: "global"
+          ),
+          text: scope_name_for_picker(scope, I18n.t("decidim.scopes.prompt"))
+        }
       end
     end
   end

data/app/helpers/decidim/searches_helper.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Decidim
+  # A Helper to render and link to resources.
+  module SearchesHelper
+    def searchable_resource_human_name(resource)
+      resource.model_name.human.pluralize
+    end
+
+    def searchable_resources_as_options(all_label)
+      [["", all_label]] + Decidim::Searchable.searchable_resources.values.collect do |r|
+        [r.name, searchable_resource_human_name(r)]
+      end.sort
+    end
+  end
+end

data/app/helpers/decidim/tooltip_helper.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Decidim
+  # This helper includes some methods to help with the inclusion of tooltips
+  # on the layout.
+  module TooltipHelper
+    def with_tooltip(title, &block)
+      content_tag(:span, data: { tooltip: true, disable_hover: false, click_open: false },
+                         title: title, &block)
+    end
+  end
+end

data/app/models/decidim/organization.rb

@@ -49,5 +49,15 @@ module Decidim
     def homepage_big_url
       homepage_image.big.url
     end
+
+    def public_participatory_spaces
+      @public_participatory_spaces ||= Decidim.participatory_space_manifests.flat_map do |manifest|
+        manifest.participatory_spaces.call(self).public_spaces
+      end
+    end
+
+    def published_components
+      @published_components ||= Component.where(participatory_space: public_participatory_spaces).published
+    end
   end
 end

data/app/models/decidim/permission_action.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Decidim
+  # This class encapsulates an action, which will be used by the
+  # permissions system to check if the user is allowed to perform it.
+  #
+  # It consists of a `scope` (which will typically be either `:public` or
+  # `:admin`), the name of the `:action` that is being performed and the
+  # `:subject` of the action.
+  class PermissionAction
+    # action - a Symbol representing the action being performed
+    # scope - a Symbol representing the scope of the action
+    # subject - a Symbol representing the subject of the action
+    def initialize(action:, scope:, subject:)
+      @action = action
+      @scope = scope
+      @subject = subject
+      @state = nil
+    end
+
+    attr_reader :action, :scope, :subject
+
+    def allow!
+      raise PermissionCannotBeDisallowedError, "Allowing a previously disallowed action is not permitted: #{inspect}" if @state == :disallowed
+      @state = :allowed
+    end
+
+    def disallow!
+      @state = :disallowed
+    end
+
+    def allowed?
+      raise PermissionNotSetError, "Permission hasn't been allowed or disallowed yet: #{inspect}" if @state.blank?
+      @state == :allowed
+    end
+
+    class PermissionNotSetError < StandardError; end
+    class PermissionCannotBeDisallowedError < StandardError; end
+  end
+end