decidim-core 0.12.2 → 0.13.0.pre1

data/app/commands/decidim/invite_user.rb

@@ -43,14 +43,16 @@ module Decidim
       @user = Decidim::User.new(
         name: form.name,
         email: form.email.downcase,
-        nickname: User.nicknamize(form.name),
+        nickname: User.nicknamize(form.name, organization: form.organization),
         organization: form.organization,
         admin: form.role == "admin",
         roles: form.role == "admin" ? [] : [form.role].compact
       )
       @user.invite!(
         form.invited_by,
-        invitation_instructions: form.invitation_instructions
+        {
+          invitation_instructions: form.invitation_instructions
+        }.merge(form.try(:extra_email_options) || {})
       )
     end
   end

data/app/commands/decidim/unsubscribe_settings.rb

@@ -6,13 +6,13 @@ module Decidim
     # unsubscribe user from newsletter.
     #
     # user - The user to be updated.
-    # newsletter_notifications - to be false
+    # newsletter_notifications_at - to be nil
     def initialize(user)
       @user = user
     end
 
     def call
-      return broadcast(:invalid) unless @user.newsletter_notifications
+      return broadcast(:invalid) unless @user.newsletter_notifications_at?
 
       update_settings
       @user.save!
@@ -23,7 +23,7 @@ module Decidim
     private
 
     def update_settings
-      @user.newsletter_notifications = false
+      @user.newsletter_notifications_at = nil
     end
   end
 end

data/app/commands/decidim/update_notifications_settings.rb

@@ -25,7 +25,7 @@ module Decidim
 
     def update_notifications_settings
       @user.email_on_notification = @form.email_on_notification
-      @user.newsletter_notifications = @form.newsletter_notifications
+      @user.newsletter_notifications_at = @form.newsletter_notifications_at
     end
   end
 end

data/app/controllers/concerns/decidim/needs_tos_accepted.rb

@@ -25,7 +25,12 @@ module Decidim
     end
 
     def permitted_paths?
-      permitted_paths = [tos_path, decidim.delete_account_path, decidim.accept_tos_path]
+      permitted_paths = [tos_path,
+                         decidim.delete_account_path,
+                         decidim.accept_tos_path,
+                         decidim.data_portability_path,
+                         decidim.export_data_portability_path,
+                         decidim.download_file_data_portability_path]
       permitted_paths.include?(request.path)
     end
 

data/app/controllers/decidim/data_portability_controller.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require "zip"
+
+module Decidim
+  # The controller to handle the user's download_my_data page.
+  class DataPortabilityController < Decidim::ApplicationController
+    include Decidim::UserProfile
+
+    def show
+      enforce_permission_to :show, :user, current_user: current_user
+
+      @account = form(AccountForm).from_model(current_user)
+    end
+
+    def export
+      enforce_permission_to :export, :user, current_user: current_user
+
+      DataPortabilityExportJob.perform_later(current_user, export_format)
+
+      flash[:notice] = t("decidim.account.data_portability_export.notice")
+
+      redirect_back(fallback_location: data_portability_path)
+    end
+
+    def download_file
+      enforce_permission_to :download, :user, current_user: current_user
+
+      if params[:token].present?
+        file_reader = Decidim::DataPortabilityFileReader.new(current_user, params[:token])
+        if file_reader.valid_token?
+          file = File.open(file_reader.file_path)
+          if File.exist?(file)
+            send_file file, type: "application/zip", disposition: "attachment"
+          else
+            flash[:error] = t("decidim.account.data_portability_export.file_no_exists")
+            redirect_to data_portability_path
+          end
+        else
+          flash[:error] = t("decidim.account.data_portability_export.invalid_token")
+          redirect_to data_portability_path
+        end
+      else
+        flash[:error] = t("decidim.account.data_portability_export.no_token")
+        redirect_to data_portability_path
+      end
+    end
+
+    private
+
+    def export_format
+      "CSV"
+    end
+  end
+end

data/app/controllers/decidim/devise/invitations_controller.rb

@@ -25,6 +25,7 @@ module Decidim
       # When a managed user accepts the invitation is promoted to non-managed user.
       def accept_resource
         resource = resource_class.accept_invitation!(update_resource_params)
+        resource.update!(newsletter_notifications_at: Time.zone.now) if update_resource_params[:newsletter_notifications]
         resource.update!(managed: false) if resource.managed?
         resource.update!(accepted_tos_version: resource.organization.tos_version)
         resource

data/app/controllers/decidim/invitations_controller.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Decidim
+  # The controller to handle friends invitations by the current user.
+  class InvitationsController < Decidim::ApplicationController
+    include FormFactory
+
+    def index
+      @form = form(InvitationsForm).instance
+    end
+
+    def create
+      @form = form(InvitationsForm).from_params(params)
+
+      InviteFriends.call(@form) do
+        on(:ok) do
+          flash[:notice] = t("invitations.create.success", scope: "decidim")
+          redirect_to account_path
+        end
+
+        on(:invalid) do
+          flash.now[:alert] = if @form.emails.empty?
+                                t("invitations.create.error_empty_form", scope: "decidim")
+                              else
+                                t("invitations.create.error", scope: "decidim")
+                              end
+          render action: :index
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/newsletters_opt_in_controller.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Decidim
+  # The controller to control newsletter Opt-in for GDPR
+  class NewslettersOptInController < Decidim::ApplicationController
+    include FormFactory
+
+    before_action :check_current_user_with_token
+
+    def update
+      enforce_permission_to :update, :user, current_user: current_user
+
+      current_user.newsletter_opt_in_validate
+      if current_user.save
+        flash[:notice] = t(".success")
+      else
+        flash[:alert] = t(".error")
+      end
+      redirect_to decidim.root_path(host: current_organization)
+    end
+
+    private
+
+    def check_current_user_with_token
+      unless current_user.newsletter_token == params[:token]
+        flash[:alert] = t("newsletters_opt_in.unathorized", scope: "decidim")
+        redirect_to decidim.root_path(host: current_organization)
+      end
+    end
+  end
+end

data/app/forms/decidim/account_form.rb

@@ -22,7 +22,7 @@ module Decidim
 
     validates :nickname, length: { maximum: Decidim::User.nickname_max_length, allow_blank: true }
     validates :password, confirmation: true
-    validates :password, length: { in: Decidim::User.password_length, allow_blank: true }
+    validates :password, password: { name: :name, email: :email, username: :nickname }, if: -> { password.present? }
     validates :password_confirmation, presence: true, if: :password_present
     validates :avatar, file_size: { less_than_or_equal_to: ->(_record) { Decidim.maximum_avatar_size } }
 

data/app/forms/decidim/invitations_form.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Decidim
+  # This form holds the data for the invitations system.
+  class InvitationsForm < Form
+    mimic :invitations
+
+    attribute :email_1, String
+    attribute :email_2, String
+    attribute :email_3, String
+    attribute :email_4, String
+    attribute :email_5, String
+    attribute :email_6, String
+    attribute :custom_text, String
+
+    validates :email_1,
+              :email_2,
+              :email_3,
+              :email_4,
+              :email_5,
+              :email_6,
+              "valid_email_2/email": true,
+              allow_blank: true
+    validates :emails, presence: true
+
+    def emails
+      [email_1, email_2, email_3, email_4, email_5, email_6].uniq.select(&:present?)
+    end
+
+    def clean_emails
+      existing_emails = Decidim::User
+                        .where(organization: current_organization, email: emails)
+                        .pluck(:email)
+      emails - existing_emails
+    end
+  end
+end

data/app/forms/decidim/notifications_settings_form.rb

@@ -11,5 +11,10 @@ module Decidim
 
     validates :email_on_notification, presence: true
     validates :newsletter_notifications, presence: true
+
+    def newsletter_notifications_at
+      return nil unless newsletter_notifications
+      Time.zone.now
+    end
   end
 end

data/app/forms/decidim/omniauth_registration_form.rb

@@ -24,7 +24,7 @@ module Decidim
     end
 
     def normalized_nickname
-      User.nicknamize(nickname || name)
+      User.nicknamize(nickname || name, organization: current_organization)
     end
   end
 end

data/app/forms/decidim/registration_form.rb

@@ -22,7 +22,8 @@ module Decidim
     validates :name, presence: true
     validates :nickname, presence: true, length: { maximum: Decidim::User.nickname_max_length }
     validates :email, presence: true, 'valid_email_2/email': { disposable: true }
-    validates :password, presence: true, confirmation: true, length: { in: Decidim::User.password_length }
+    validates :password, confirmation: true
+    validates :password, password: { name: :name, email: :email, username: :nickname }
     validates :password_confirmation, presence: true
     validates :tos_agreement, allow_nil: false, acceptance: true
 
@@ -39,6 +40,11 @@ module Decidim
       sign_up_as == "user_group"
     end
 
+    def newsletter_at
+      return nil unless newsletter?
+      Time.zone.now
+    end
+
     private
 
     def email_unique_in_organization

data/app/helpers/decidim/cells_helper.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Decidim
+  module CellsHelper
+    def from_context
+      options[:from].presence || context[:from].presence
+    end
+
+    def proposals_controller?
+      context[:controller].class.to_s == "Decidim::Proposals::ProposalsController"
+    end
+
+    def posts_controller?
+      context[:controller].class.to_s == "Decidim::Blogs::PostsController"
+    end
+
+    def index_action?
+      context[:controller].action_name == "index"
+    end
+
+    def show_action?
+      context[:controller].action_name == "show"
+    end
+
+    def current_component
+      from_context.component
+    end
+
+    def withdrawable?
+      return unless from_context
+      return unless proposals_controller?
+      return if index_action?
+      from_context.withdrawable_by?(current_user)
+    end
+
+    def flagable?
+      return unless from_context
+      return unless proposals_controller?
+      return if index_action?
+      return if from_context.official?
+      true
+    end
+  end
+end

data/app/jobs/decidim/data_portability_export_job.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Decidim
+  class DataPortabilityExportJob < ApplicationJob
+    queue_as :default
+
+    def perform(user, format)
+      objects = Decidim::DataPortabilitySerializers.data_entities
+      export_data = []
+      export_images = []
+
+      objects.each do |object|
+        klass = Object.const_get(object)
+        export_data << [klass.model_name.name.parameterize.pluralize, Decidim::Exporters.find_exporter(format).new(klass.user_collection(user), klass.export_serializer).export]
+        export_images << [klass.model_name.name.parameterize.pluralize, klass.data_portability_images(user).flatten] unless klass.data_portability_images(user).nil?
+      end
+
+      ExportMailer.data_portability_export(user, export_data, export_images).deliver_now
+    end
+  end
+end

data/app/jobs/decidim/newsletters_opt_in_job.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Decidim
+  class NewslettersOptInJob < ApplicationJob
+    queue_as :newsletters_opt_in
+
+    def perform(user, token)
+      NewslettersOptInMailer.notify(user, token).deliver_now
+    end
+  end
+end

data/app/mailers/decidim/export_mailer.rb

@@ -25,5 +25,18 @@ module Decidim
         mail(to: "#{user.name} <#{user.email}>", subject: I18n.t("decidim.export_mailer.subject", name: filename))
       end
     end
+
+    def data_portability_export(user, export_data, export_images)
+      @user = user
+      @organization = user.organization
+
+      file_zipper = Decidim::DataPortabilityFileZipper.new(@user, export_data, export_images)
+      file_zipper.make_zip
+
+      with_user(user) do
+        @token = file_zipper.token
+        mail(to: "#{user.name} <#{user.email}>", subject: I18n.t("decidim.export_mailer.subject", name: user.name))
+      end
+    end
   end
 end

data/app/mailers/decidim/newsletters_opt_in_mailer.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Decidim
+  # A custom mailer for Decidim so we can notify users to verify
+  # his own newsletter notifications settings. GDPR releated
+  class NewslettersOptInMailer < ApplicationMailer
+    def notify(user, token)
+      @user = user
+      @organization = user.organization
+      @token = token
+
+      mail(to: user.email, subject: I18n.t("decidim.newsletters_opt_in_mailer.notify.subject", organization_name: @organization.name))
+    end
+  end
+end

data/app/models/decidim/coauthorship.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Decidim
+  class Coauthorship < ApplicationRecord
+    include Decidim::Authorable
+
+    belongs_to :coauthorable, polymorphic: true, counter_cache: true
+
+    validates :coauthorable, presence: true
+
+    def identity
+      user_group || author
+    end
+
+    private
+
+    # As it is used to validate by comparing to author.organization
+    # @returns The Organization for the Coauthorable
+    def organization
+      coauthorable&.organization
+    end
+  end
+end

data/app/models/decidim/follow.rb

@@ -2,9 +2,19 @@
 
 module Decidim
   class Follow < ApplicationRecord
+    include Decidim::DataPortability
+
     belongs_to :followable, foreign_key: "decidim_followable_id", foreign_type: "decidim_followable_type", polymorphic: true
     belongs_to :user, foreign_key: "decidim_user_id", class_name: "Decidim::User"
 
     validates :user, uniqueness: { scope: [:followable] }
+
+    def self.user_collection(user)
+      where(decidim_user_id: user.id)
+    end
+
+    def self.export_serializer
+      Decidim::DataPortabilitySerializers::DataPortabilityFollowSerializer
+    end
   end
 end