decidim-core 0.11.2 → 0.12.0.pre

data/app/models/decidim/searchable_resource.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require "pg_search"
+
+module Decidim
+  # A Searchable Resource.
+  # This is a model to a PgSearch table that indexes all searchable resources.
+  # This table is used to perform textual searches.
+  #
+  # Main attributes are:
+  # - locale: One entry per locale is required, so each resource will be indexed once per locale.
+  # - content_a: The most relevant textual content.
+  # - content_b: The second most relevant textual content.
+  # - content_c: The third most relevant textual content.
+  # - content_d: The less relevant textual content.
+  # - datetime:  The timestamp that places this resource in the line of time. Used as second criteria (first is text relevance) for sorting.
+  #
+  class SearchableResource < ApplicationRecord
+    include PgSearch
+
+    belongs_to :organization,
+               foreign_key: "decidim_organization_id",
+               class_name: "Decidim::Organization"
+    belongs_to :scope,
+               foreign_key: "decidim_scope_id",
+               class_name: "Decidim::Scope",
+               optional: true
+    belongs_to :resource, polymorphic: true
+    belongs_to :decidim_participatory_space, polymorphic: true
+
+    validates :locale, uniqueness: { scope: :resource }
+
+    pg_search_scope :global_search,
+                    against: { content_a: "A", content_b: "B", content_c: "C", content_d: "D" },
+                    order_within_rank: "datetime DESC"
+  end
+end

data/app/models/decidim/static_page.rb

@@ -36,6 +36,10 @@ module Decidim
       Decidim::AdminLog::StaticPagePresenter
     end
 
+    def self.sorted_by_i18n_title(locale = I18n.locale)
+      order([Arel.sql("title->? ASC"), locale])
+    end
+
     # Whether this is page is a default one or not.
     #
     # Returns Boolean.

data/app/models/decidim/user.rb

@@ -7,16 +7,18 @@ module Decidim
   # A User is a citizen that wants to join the platform to participate.
   class User < ApplicationRecord
     include Nicknamizable
+    include Resourceable
     include Decidim::Followable
     include Decidim::Loggable
 
     OMNIAUTH_PROVIDERS = [:facebook, :twitter, :google_oauth2, (:developer if Rails.env.development?)].compact
     ROLES = %w(admin user_manager).freeze
 
-    devise :invitable, :database_authenticatable, :registerable, :confirmable,
+    devise :invitable, :database_authenticatable, :registerable, :confirmable, :timeoutable,
            :recoverable, :rememberable, :trackable, :decidim_validatable,
            :omniauthable, omniauth_providers: OMNIAUTH_PROVIDERS,
-                          request_keys: [:env], reset_password_keys: [:decidim_organization_id, :email]
+                          request_keys: [:env], reset_password_keys: [:decidim_organization_id, :email],
+                          confirmation_keys: [:decidim_organization_id, :email]
 
     belongs_to :organization, foreign_key: "decidim_organization_id", class_name: "Decidim::Organization"
     has_many :identities, foreign_key: "decidim_user_id", class_name: "Decidim::Identity", dependent: :destroy
@@ -25,11 +27,13 @@ module Decidim
     has_many :notifications, foreign_key: "decidim_user_id", class_name: "Decidim::Notification", dependent: :destroy
     has_many :access_grants, class_name: "Doorkeeper::AccessGrant", foreign_key: :resource_owner_id, dependent: :destroy
     has_many :access_tokens, class_name: "Doorkeeper::AccessToken", foreign_key: :resource_owner_id, dependent: :destroy
+    has_many :following_follows, foreign_key: "decidim_user_id", class_name: "Decidim::Follow", dependent: :destroy
 
     validates :name, presence: true, unless: -> { deleted? }
-    validates :nickname, presence: true, unless: -> { deleted? || managed? }
+    validates :nickname, presence: true, unless: -> { deleted? || managed? }, length: { maximum: Decidim::User.nickname_max_length }
     validates :locale, inclusion: { in: :available_locales }, allow_blank: true
     validates :tos_agreement, acceptance: true, allow_nil: false, on: :create
+    validates :tos_agreement, acceptance: true, if: :user_invited?
     validates :avatar, file_size: { less_than_or_equal_to: ->(_record) { Decidim.maximum_avatar_size } }
     validates :email, :nickname, uniqueness: { scope: :organization }, unless: -> { deleted? || managed? || nickname.blank? }
 
@@ -45,6 +49,10 @@ module Decidim
     scope :officialized, -> { where.not(officialized_at: nil) }
     scope :not_officialized, -> { where(officialized_at: nil) }
 
+    def user_invited?
+      invitation_token_changed? && invitation_accepted_at_changed?
+    end
+
     # Public: Allows customizing the invitation instruction email content when
     # inviting a user.
     #
@@ -89,6 +97,28 @@ module Decidim
       Decidim::Follow.where(user: self, followable: followable).any?
     end
 
+    # Public: Returns a collection with all the entities this user is following.
+    #
+    # This can't be done as with a `has_many :following, through: :following_follows`
+    # since it's a polymorphic relation and Rails doesn't know how to load it. With
+    # this implementation we only query the database once for each kind of following.
+    #
+    # Returns an Array of Decidim::Followable
+    def following
+      @following ||= begin
+                       followings = following_follows.pluck(:decidim_followable_type, :decidim_followable_id)
+                       grouped_followings = followings.each_with_object({}) do |(type, following_id), all|
+                         all[type] ||= []
+                         all[type] << following_id
+                         all
+                       end
+
+                       grouped_followings.flat_map do |type, ids|
+                         type.constantize.where(id: ids)
+                       end
+                     end
+    end
+
     def unread_conversations
       Decidim::Messaging::Conversation.unread_by(self)
     end
@@ -107,6 +137,12 @@ module Decidim
       )
     end
 
+    def tos_accepted?
+      return true if managed
+      return false if accepted_tos_version.nil?
+      accepted_tos_version >= organization.tos_version
+    end
+
     protected
 
     # Overrides devise email required validation.

data/app/permissions/decidim/default_permissions.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Decidim
+  # Default permissions class for all components and spaces. It disauthorizes all
+  # actions by any kind of user. Also works as a default implementation so other
+  # components can inherit from it and get some cenvenience methods.
+  class DefaultPermissions
+    def initialize(user, permission_action, context = {})
+      @user = user
+      @permission_action = permission_action
+      @context = context
+    end
+
+    def permissions
+      permission_action
+    end
+
+    private
+
+    attr_reader :user, :permission_action, :context
+
+    def disallow!
+      permission_action.disallow!
+    end
+
+    def allow!
+      permission_action.allow!
+    end
+
+    def toggle_allow(condition)
+      condition ? allow! : disallow!
+    end
+
+    def read_participatory_space_action?
+      permission_action.action == :read &&
+        [:participatory_space, :component].include?(permission_action.subject)
+    end
+
+    def authorized?(permission_action)
+      return unless component
+
+      ActionAuthorizer.new(user, component, permission_action).authorize.ok?
+    end
+
+    def current_settings
+      @current_settings ||= context.fetch(:current_settings, nil)
+    end
+
+    def component_settings
+      @component_settings ||= context.fetch(:component_settings, nil)
+    end
+
+    def component
+      @component ||= context.fetch(:current_component)
+    end
+
+    def space
+      @space ||= component.participatory_space
+    end
+  end
+end

data/app/permissions/decidim/permissions.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+module Decidim
+  class Permissions < DefaultPermissions
+    def permissions
+      read_public_pages_action?
+      locales_action?
+      component_public_action?
+      search_scope_action?
+
+      return permission_action unless user
+      return user_manager_permissions if not_admin? && user_manager?
+
+      manage_self_user_action?
+      authorization_action?
+      follow_action?
+      notification_action?
+      conversation_action?
+
+      permission_action
+    end
+
+    private
+
+    def read_public_pages_action?
+      return unless permission_action.subject == :public_page &&
+                    permission_action.action == :read
+      allow!
+    end
+
+    def locales_action?
+      return unless permission_action.subject == :locales
+      allow!
+    end
+
+    def component_public_action?
+      return unless permission_action.subject == :component &&
+                    permission_action.action == :read
+
+      toggle_allow(component.published?)
+    end
+
+    def search_scope_action?
+      return unless permission_action.subject == :scope
+      toggle_allow([:search, :pick].include?(permission_action.action))
+    end
+
+    def manage_self_user_action?
+      return unless permission_action.subject == :user
+      toggle_allow(context.fetch(:current_user, nil) == user)
+    end
+
+    def authorization_action?
+      return unless permission_action.subject == :authorization
+      authorization = context.fetch(:authorization, nil)
+
+      case permission_action.action
+      when :create
+        toggle_allow(authorization.user == user && not_already_active?(authorization))
+      when :update
+        toggle_allow(authorization.user == user && !authorization.granted?)
+      end
+    end
+
+    def follow_action?
+      return unless permission_action.subject == :follow
+      return allow! if permission_action.action == :create
+
+      follow = context.fetch(:follow, nil)
+      toggle_allow(follow&.user == user)
+    end
+
+    def notification_action?
+      return unless permission_action.subject == :notification
+      return allow! if permission_action.action == :read
+
+      notification = context.fetch(:notification, nil)
+      toggle_allow(notification&.user == user)
+    end
+
+    def conversation_action?
+      return unless permission_action.subject == :conversation
+      return allow! if [:create, :list].include?(permission_action.action)
+
+      conversation = context.fetch(:conversation, nil)
+      toggle_allow(conversation.participants.include?(user))
+    end
+
+    def not_already_active?(authorization)
+      Verifications::Authorizations.new(organization: user.organization, user: user, name: authorization.name).none?
+    end
+
+    def user_manager_permissions
+      Decidim::UserManagerPermissions.new(user, permission_action, context).permissions
+    end
+
+    def not_admin?
+      !user.admin?
+    end
+
+    # Whether the user has the user_manager role or not.
+    def user_manager?
+      user.role? "user_manager"
+    end
+  end
+end

data/app/permissions/decidim/user_manager_permissions.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Decidim
+  class UserManagerPermissions < DefaultPermissions
+    def permissions
+      allow! if read_admin_dashboard_action?
+      allow! if impersonate_managed_user_action?
+
+      permission_action
+    end
+
+    private
+
+    def read_admin_dashboard_action?
+      permission_action.subject == :admin_dashboard &&
+        permission_action.action == :read
+    end
+
+    def impersonate_managed_user_action?
+      permission_action.subject == :managed_user &&
+        permission_action.action == :impersonate
+    end
+  end
+end

data/app/presenters/decidim/admin_log/organization_presenter.rb

@@ -30,7 +30,8 @@ module Decidim
           facebook_handler: :string,
           instagram_handler: :string,
           youtube_handler: :string,
-          github_handler: :string
+          github_handler: :string,
+          tos_version: :datetime
         }
       end
 

data/app/presenters/decidim/home_stats_presenter.rb

@@ -67,21 +67,15 @@ module Decidim
           " ".html_safe
         else
           safe_join([
-                      content_tag(:h4, I18n.t(name, scope: "pages.home.statistics"), class: "home-pam__title"),
+                      content_tag(:h4, I18n.t(name, scope: "decidim.pages.home.statistics"), class: "home-pam__title"),
                       content_tag(:span, " #{number_with_delimiter(data)}", class: "home-pam__number #{name}")
                     ])
         end
       end
     end
 
-    def public_participatory_spaces
-      @public_participatory_spaces ||= Decidim.participatory_space_manifests.flat_map do |manifest|
-        manifest.participatory_spaces.call(organization).public_spaces
-      end
-    end
-
     def published_components
-      @published_components ||= Component.where(participatory_space: public_participatory_spaces).published
+      @published_components ||= organization.published_components
     end
   end
 end

data/app/presenters/decidim/user_presenter.rb

@@ -38,5 +38,13 @@ module Decidim
     def display_mention
       link_to nickname, profile_path, class: "user-mention"
     end
+
+    def followers_count
+      __getobj__.followers.count
+    end
+
+    def following_count
+      __getobj__.following_follows.count
+    end
   end
 end

data/app/services/decidim/traceability.rb

@@ -59,15 +59,12 @@ module Decidim
     #
     # Returns whatever the given block returns.
     def perform_action!(action, resource, author, extra_log_info = {})
-      PaperTrail.whodunnit(gid(author)) do
-        klass = resource.is_a?(Class) ? resource : resource.class
-        klass.transaction do
-          Decidim::ApplicationRecord.transaction do
-            result = block_given? ? yield : nil
-            loggable_resource = resource.is_a?(Class) ? result : resource
-            log(action, author, loggable_resource, extra_log_info)
-            result
-          end
+      PaperTrail.request(whodunnit: gid(author)) do
+        Decidim::ApplicationRecord.transaction do
+          result = block_given? ? yield : nil
+          loggable_resource = resource.is_a?(Class) ? result : resource
+          log(action, author, loggable_resource, extra_log_info)
+          return result
         end
       end
     end

data/app/types/decidim/core/user_type.rb

@@ -8,7 +8,7 @@ module Decidim
       description "A user"
 
       interfaces [
-        Decidim::Core::AuthorInterface
+        -> { Decidim::Core::AuthorInterface }
       ]
 
       field :name, !types.String, "The user's name"

data/app/views/decidim/devise/invitations/edit.html.erb

@@ -3,28 +3,74 @@
   <div class="row collapse">
     <div class="columns large-8 large-centered text-center page-title">
       <h1><%= t "devise.invitations.edit.header" %></h1>
+
+      <p><%= t("devise.invitations.edit.subtitle").html_safe %></p>
     </div>
   </div>
 
   <div class="row">
-    <div class="columns medium-7 large-5 medium-centered">
-      <div class="card">
-        <div class="card__content">
-          <%= decidim_form_for resource, as: resource_name, url: invitation_path(resource_name, invite_redirect: params[:invite_redirect]), html: { method: :put, class: "register-form new_user" } do |f| %>
+    <div class="columns large-6 medium-10 medium-centered">
+      <%= decidim_form_for resource, as: resource_name, url: invitation_path(resource_name, invite_redirect: params[:invite_redirect]), html: { method: :put, class: "register-form new_user" } do |f| %>
+        <div class="card">
+          <div class="card__content">
+            <legend><%= t("sign_up_as.legend", scope: "decidim.devise.registrations.new") %></legend>
+
             <%= f.hidden_field :invitation_token %>
 
-            <%= f.text_field :nickname, help_text: t("devise.invitations.edit.nickname_help", organization: current_organization.name) %>
+            <div class="field">
+              <%= f.text_field :nickname, help_text: t("devise.invitations.edit.nickname_help", organization: current_organization.name), required: "required" %>
+            </div>
 
             <% if f.object.class.require_password_on_accepting %>
-              <%= f.password_field :password %></p>
+              <div class="field">
+                <%= f.password_field :password, required: "required" %></p>
+              </div>
 
-              <%= f.password_field :password_confirmation %></p>
+              <div class="field">
+                <%= f.password_field :password_confirmation, required: "required" %></p>
+              </div>
             <% end %>
+          </div>
+        </div>
+
+        <div class="card" id="card__tos">
+          <div class="card__content">
+            <legend>
+              <%= t("tos_title", scope: "decidim.devise.registrations.new") %>
+            </legend>
+
+            <p class="tos-text">
+              <%= strip_tags(translated_attribute(terms_and_conditions_page.content)) %>
+            </p>
 
-            <p><%= f.submit t("devise.invitations.edit.submit_button", class: "button expanded") %></p>
-          <% end %>
+            <div class="field">
+              <% link = link_to t("terms", scope: "decidim.devise.registrations.new"), page_path("terms-and-conditions"), target: "_blank" %>
+              <% label = t("tos_agreement", scope: "decidim.devise.registrations.new", link: link) %>
+              <%= f.check_box :tos_agreement, label: label, required: "required" %>
+            </div>
+          </div>
         </div>
-      </div>
+
+        <div class="card" id="card__newsletter">
+          <div class="card__content">
+            <legend><%= t("newsletter_title", scope: "decidim.devise.registrations.new") %></legend>
+            <fieldset>
+              <div class="field">
+                <%= f.check_box :newsletter_notifications, label: t("newsletter", scope: "decidim.devise.registrations.new") %>
+              </div>
+            </fieldset>
+          </div>
+        </div>
+
+        <div class="card">
+          <div class="card__content">
+            <div class="actions">
+              <%= f.submit t("devise.invitations.edit.submit_button"), class: "button expanded" %>
+            </div>
+          </div>
+        </div>
+
+      <% end %>
     </div>
   </div>
 </div>