decidim-core 0.19.1 → 0.20.0

data/app/models/decidim/category.rb

@@ -9,6 +9,8 @@ module Decidim
     belongs_to :parent, class_name: "Decidim::Category", foreign_key: "parent_id", inverse_of: :subcategories, optional: true
     has_many :categorizations, foreign_key: "decidim_category_id", class_name: "Decidim::Categorization", dependent: :destroy
 
+    default_scope { order(arel_table[:parent_id].asc, arel_table[:weight].asc) }
+
     validate :forbid_deep_nesting
     before_validation :subcategories_have_same_participatory_space
 

data/app/models/decidim/component.rb

@@ -80,6 +80,8 @@ module Decidim
       participatory_space.can_participate?(user)
     end
 
+    delegate :serializes_specific_data?, to: :manifest
+
     private
 
     def participatory_space_name

data/app/models/decidim/user.rb

@@ -9,6 +9,7 @@ module Decidim
   class User < UserBaseEntity
     include Decidim::DataPortability
     include Decidim::Searchable
+    include Decidim::ActsAsAuthor
 
     OMNIAUTH_PROVIDERS = [:facebook, :twitter, :google_oauth2, (:developer if Rails.env.development?)].compact
 
@@ -19,8 +20,8 @@ module Decidim
     end
 
     devise :invitable, :database_authenticatable, :registerable, :confirmable, :timeoutable,
-           :recoverable, :rememberable, :trackable, :decidim_validatable,
-           :decidim_newsletterable,
+           :recoverable, :rememberable, :trackable, :lockable,
+           :decidim_validatable, :decidim_newsletterable,
            :omniauthable, omniauth_providers: OMNIAUTH_PROVIDERS,
                           request_keys: [:env], reset_password_keys: [:decidim_organization_id, :email],
                           confirmation_keys: [:decidim_organization_id, :email]
@@ -81,6 +82,12 @@ module Decidim
     # Returns a String.
     attr_accessor :invitation_instructions
 
+    # Returns the presenter for this author, to be used in the views.
+    # Required by ActsAsAuthor.
+    def presenter
+      Decidim::UserPresenter.new(self)
+    end
+
     def self.log_presenter_class_for(_log)
       Decidim::AdminLog::UserPresenter
     end

data/app/models/decidim/user_group.rb

@@ -8,6 +8,7 @@ module Decidim
   class UserGroup < UserBaseEntity
     include Decidim::Traceable
     include Decidim::DataPortability
+    include Decidim::ActsAsAuthor
 
     has_many :memberships, class_name: "Decidim::UserGroupMembership", foreign_key: :decidim_user_group_id, dependent: :destroy
     has_many :users, through: :memberships, class_name: "Decidim::User", foreign_key: :decidim_user_id
@@ -35,6 +36,12 @@ module Decidim
         .where("extended_data->>'document_number' = ?", number)
     end
 
+    # Returns the presenter for this author, to be used in the views.
+    # Required by ActsAsAuthor.
+    def presenter
+      Decidim::UserGroupPresenter.new(self)
+    end
+
     def self.log_presenter_class_for(_log)
       Decidim::AdminLog::UserGroupPresenter
     end

data/app/presenters/decidim/attachment_presenter.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Decidim
+  #
+  # Decorator for attachments
+  #
+  class AttachmentPresenter < SimpleDelegator
+    include Rails.application.routes.mounted_helpers
+    include ActionView::Helpers::UrlHelper
+
+    delegate :url, to: :file, prefix: true
+
+    def attachment_file_url
+      URI.join(decidim.root_url(host: attachment.attached_to.organization.host), attachment.file_url).to_s
+    end
+
+    def attachment
+      __getobj__
+    end
+  end
+end

data/app/resolvers/decidim/core/user_resolver.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Core
+    # A GraphQL resolver to handle `user` queries
+    class UserResolver
+      #
+      # - organization: Decidim::Organization scoping
+      # - filters: hash of attr - value to filter results
+      #
+      def initialize(organization, filters = {})
+        @organization = organization
+        if filters.include? :wildcard
+          filters.delete(:name)
+          filters.delete(:nickname)
+        end
+        @filters = filters
+      end
+
+      def users
+        resolve
+      end
+
+      private
+
+      def resolve
+        return @records if @records
+
+        scope
+        global_filter
+        filter
+        @records.limit(50)
+      end
+
+      def scope
+        @records = Decidim::User
+                   .where(organization: organization)
+                   .confirmed
+      end
+
+      # Only key name attributes in Decidim::User will be applied
+      def filter
+        @filters.each do |key, value|
+          next unless Decidim::User.column_names.include? key.to_s
+
+          @records = @records.where("#{key} ilike ?", "%#{value}%")
+        end
+      end
+
+      # Special search key ":wildcard"
+      def global_filter
+        return unless @filters.include? :wildcard
+
+        term = "%#{@filters[:wildcard]}%"
+        @records = @records.where("name ilike ? or nickname ilike ?", term, term)
+      end
+
+      attr_reader :organization, :filters
+    end
+  end
+end

data/app/scrubbers/decidim/user_input_scrubber.rb

@@ -21,11 +21,11 @@ module Decidim
     private
 
     def custom_allowed_attributes
-      Loofah::HTML5::WhiteList::ALLOWED_ATTRIBUTES + %w(frameborder allowfullscreen)
+      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES + %w(frameborder allowfullscreen)
     end
 
     def custom_allowed_tags
-      Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS_WITH_LIBXML2 + %w(iframe)
+      Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 + %w(iframe)
     end
   end
 end

data/app/serializers/decidim/exporters/participatory_space_components_serializer.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Exporters
+    # This class serializes all components in a ParticipatorySpace so can be
+    # exported to CSV, JSON or other formats.
+    class ParticipatorySpaceComponentsSerializer < Decidim::Exporters::Serializer
+      include Decidim::ApplicationHelper
+      include Decidim::ResourceHelper
+      include Decidim::TranslationsHelper
+
+      # Public: Initializes the serializer with a participatory_space.
+      def initialize(participatory_space)
+        @participatory_space = participatory_space
+      end
+
+      # Public: Exports a hash with the serialized data for this participatory_space.
+      def serialize
+        participatory_space.components.collect do |component|
+          serialized = {
+            manifest_name: component.manifest_name,
+            id: component.id,
+            name: component.name,
+            participatory_space_id: component.participatory_space_id,
+            participatory_space_type: component.participatory_space_type,
+            settings: component.settings.as_json,
+            weight: component.weight,
+            permissions: component.permissions,
+            published_at: component.published_at
+          }
+          serialized[:specific_data] = serialize_component_specific_data(component) if component.serializes_specific_data?
+          serialized
+        end
+      end
+
+      private
+
+      attr_reader :participatory_space
+
+      def serialize_component_specific_data(component)
+        specific_serializer = component.manifest.specific_data_serializer_class.new(component)
+        specific_serializer.serialize
+      end
+    end
+  end
+end

data/app/serializers/decidim/importers/importer.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Importers
+    # This class is an abstraction that defines a common and flexible interface
+    # in how importers should be called.
+    class Importer
+      # Imports the contents of the `serialized` argument.
+      #
+      # Importers that import JSON will normally accept a JSON valid value for
+      # the `serialized` argument.
+      # This values may be either: object, array, string, number, true, false
+      # or null.
+      #
+      # Returns: What has been imported.
+      #
+      # +serialized+: The serialized version of the resource to import.
+      # +user+: The Decidim::User that is importing.
+      # +opts+: Extra options that specific subclasses may require.
+      def import(_serialized, _user, _opts = {})
+        raise NotImplementedError, "Decidim::Importers::Importer should be subclassed."
+      end
+    end
+  end
+end

data/app/serializers/decidim/importers/participatory_space_components_importer.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Importers
+    # This class parses and imports all components in a ParticipatorySpace.
+    # It currently supports JSON format.
+    class ParticipatorySpaceComponentsImporter < Decidim::Importers::Importer
+      # +participatory_space+: The ParticipatorySpace to which all components
+      # will belong to.
+      def initialize(participatory_space)
+        @participatory_space = participatory_space
+      end
+
+      # Parses an exported list of components and imports them into the
+      # platform.
+      #
+      # +participatory_space+: The ParticipatorySpace to which all components
+      # will belong to.
+      # +json_text+: A json document as a String.
+      # +user+: The Decidim::User that is importing.
+      def from_json(json_text, user)
+        json = JSON.parse(json_text)
+        import(json, user)
+      end
+
+      # For each component configuration in the json,
+      # creates a new Decidim::Component with that configuration.
+      #
+      # Returns: An Array with all components created.
+      #
+      # +json+: An array of json compatible Hashes with the configuration of Decidim::Components.
+      # +user+: The Decidim::User that is importing.
+      def import(json_ary, user)
+        ActiveRecord::Base.transaction do
+          json_ary.collect do |serialized|
+            attributes = serialized.with_indifferent_access
+            # we override the parent participatory sapce
+            attributes["participatory_space_id"] = @participatory_space.id
+            attributes["participatory_space_type"] = @participatory_space.class.name
+            import_component_from_attributes(attributes, user)
+          end
+        end
+      end
+
+      private
+
+      # Returns a persisted Component instance build from the +attributes+ argument.
+      def import_component_from_attributes(attributes, user)
+        component = Decidim.traceability.perform_action!(:create,
+                                                         Decidim::Component,
+                                                         user) do
+          c = Decidim::Component.new(attributes.except(:id, :settings, :specific_data))
+          c[:settings] = attributes[:settings]
+          c.save!
+          c
+        end
+        import_component_specific_data(component, attributes, user) if component.serializes_specific_data?
+        component
+      end
+
+      def import_component_specific_data(component, serialized, user)
+        specific_importer = component.manifest.specific_data_importer_class.new(component)
+        specific_importer.import(serialized[:specific_data], user)
+      end
+    end
+  end
+end

data/app/services/decidim/open_data_exporter.rb

@@ -37,7 +37,7 @@ module Decidim
     end
 
     def data_for(export_manifest)
-      collection = components.where(manifest_name: export_manifest.component_manifest.name).find_each.flat_map do |component|
+      collection = components.where(manifest_name: export_manifest.manifest.name).find_each.flat_map do |component|
         export_manifest.collection.call(component)
       end
 

data/app/uploaders/decidim/banner_image_uploader.rb

@@ -3,6 +3,5 @@
 module Decidim
   # This class deals with uploading banner images to ParticipatoryProcesses.
   class BannerImageUploader < ImageUploader
-    process resize_to_limit: [1000, 200]
   end
 end

data/app/views/decidim/devise/invitations/edit.html.erb

@@ -17,8 +17,10 @@
 
             <%= f.hidden_field :invitation_token %>
 
-            <div class="field">
-              <%= f.text_field :nickname, help_text: t("devise.invitations.edit.nickname_help", organization: current_organization.name), required: "required" %>
+            <div class="user-nickname">
+              <div class="field">
+                <%= f.text_field :nickname, help_text: t("devise.invitations.edit.nickname_help", organization: current_organization.name), required: "required", prefix: { value: "@", small: 1, large: 1 } %>
+              </div>
             </div>
 
             <% if f.object.class.require_password_on_accepting %>

data/app/views/decidim/devise/registrations/new.html.erb

@@ -34,9 +34,9 @@
               </div>
             </div>
 
-            <div class="user-person">
+            <div class="user-nickname">
               <div class="field">
-                <%= f.text_field :nickname, help_text: t(".nickname_help", organization: current_organization.name) %>
+                <%= f.text_field :nickname, help_text: t(".nickname_help", organization: current_organization.name), prefix: { value: "@", small: 1, large: 1 } %>
               </div>
             </div>
 

data/app/views/decidim/devise/unlocks/new.html.erb

@@ -0,0 +1,33 @@
+<% add_decidim_page_title(t("devise.unlocks.new.resend_unlock_instructions")) %>
+
+<main class="wrapper">
+  <div class="row collapse">
+    <div class="row collapse">
+      <div class="columns large-8 large-centered text-center page-title">
+        <h1><%= t("devise.unlocks.new.resend_unlock_instructions") %></h1>
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="columns medium-7 large-5 medium-centered">
+        <div class="card">
+          <div class="card__content">
+            <%= decidim_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post, class: "register-form new_user" }) do |f| %>
+              <%= devise_error_messages! %>
+
+              <div class="field">
+                <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+              </div>
+
+              <div class="actions">
+                <%= f.submit t("devise.unlocks.new.resend_unlock_instructions"), class: "button expanded" %>
+              </div>
+            <% end %>
+
+            <%= render "decidim/devise/shared/links" %>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</main>

data/app/views/decidim/searches/_filters.html.erb

@@ -6,25 +6,9 @@
     <% end %>
   </p>
 <% end %>
-<div class="card card--secondary">
-  <div class="filters">
-    <% @sections.each do |type, results| %>
-    <div class="filters__section--general<%= " no-results" if results[:count].zero? %>">
-      <% if results[:count].positive? %>
-        <%= link_to search_path_by_resource_type(type), class: "flex--sbc" do %>
-          <strong class="section-title"><%= searchable_resource_human_name(type) %></strong>
-          <span class="muted">&nbsp;<%= results[:count] %></span>
-        <% end %>
-      <% else %>
-        <div class="flex--sbc">
-          <strong class="section-title"><%= searchable_resource_human_name(type) %></strong>
-          <span class="muted">&nbsp;<%= results[:count] %></span>
-        </div>
-      <% end %>
-    </div>
-    <% end %>
-  </div>
-</div>
+<%= render partial: "resources_filter_block", locals: { sections: @sections, types: Decidim::Searchable.searchable_resources_of_type_participant } %>
+<%= render partial: "resources_filter_block", locals: { sections: @sections, types: Decidim::Searchable.searchable_resources_of_type_participatory_space } %>
+<%= render partial: "resources_filter_block", locals: { sections: @sections, types: Decidim::Searchable.searchable_resources_of_type_component } %>
 <div class="card card--secondary">
   <%= filter_form_for filter do |form| %>
     <%= scopes_picker_filter form, :decidim_scope_id %>

data/app/views/decidim/searches/_resources_filter_block.html.erb

@@ -0,0 +1,20 @@
+<% resources= @sections.select {|type, results| types.include?(type)} %>
+<div class="card card--secondary">
+  <div class="filters">
+    <% resources.each do |type, results| %>
+    <div class="filters__section--general<%= " no-results" if results[:count].zero? %>">
+      <% if results[:count].positive? %>
+        <%= link_to search_path_by_resource_type(type), class: "flex--sbc" do %>
+          <strong class="section-title"><%= searchable_resource_human_name(type) %></strong>
+          <span class="muted">&nbsp;<%= results[:count] %></span>
+        <% end %>
+      <% else %>
+        <div class="flex--sbc">
+          <strong class="section-title"><%= searchable_resource_human_name(type) %></strong>
+          <span class="muted">&nbsp;<%= results[:count] %></span>
+        </div>
+      <% end %>
+    </div>
+    <% end %>
+  </div>
+</div>

data/app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p><%= t(".greeting", recipient: @resource.email) %></p>
+
+<p><%= t(".message") %></p>
+
+<p><%= t(".instruction") %></p>
+
+<p><%= link_to t(".action"), unlock_url(@resource, unlock_token: @token, host: @resource.organization.host) %></p>