decidim-core 0.22.0 → 0.23.3

data/app/uploaders/decidim/banner_image_uploader.rb

@@ -2,6 +2,6 @@
 
 module Decidim
   # This class deals with uploading banner images to ParticipatoryProcesses.
-  class BannerImageUploader < ImageUploader
+  class BannerImageUploader < RecordImageUploader
   end
 end

data/app/uploaders/decidim/hero_image_uploader.rb

@@ -2,7 +2,7 @@
 
 module Decidim
   # This class deals with uploading hero images to ParticipatoryProcesses.
-  class HeroImageUploader < ImageUploader
+  class HeroImageUploader < RecordImageUploader
     process resize_to_limit: [1000, 1000]
   end
 end

data/app/uploaders/decidim/homepage_image_uploader.rb

@@ -2,7 +2,7 @@
 
 module Decidim
   # This class deals with uploading hero images to organizations.
-  class HomepageImageUploader < ImageUploader
+  class HomepageImageUploader < RecordImageUploader
     version :big do
       process resize_to_fill: [1920, 666]
     end

data/app/uploaders/decidim/image_uploader.rb

@@ -44,7 +44,7 @@ module Decidim
     # Add a white list of extensions which are allowed to be uploaded.
     # For images you might use something like this:
     def extension_whitelist
-      %w(jpg jpeg gif png bmp ico)
+      Decidim.organization_settings(model).upload_allowed_file_extensions_image
     end
 
     # A simple check to avoid DoS with maliciously crafted images, or just to
@@ -60,7 +60,7 @@ module Decidim
 
     def validate_size
       manipulate! do |image|
-        validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > Decidim.maximum_attachment_size
+        validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > maximum_upload_size
         image
       end
     end
@@ -82,5 +82,9 @@ module Decidim
       model.errors.add(mounted_as, text)
       raise CarrierWave::IntegrityError, text
     end
+
+    def maximum_upload_size
+      Decidim.organization_settings(model).upload_maximum_file_size
+    end
   end
 end

data/app/uploaders/decidim/oauth_application_logo_uploader.rb

@@ -2,7 +2,7 @@
 
 module Decidim
   # This class deals with uploading hero images to ParticipatoryProcesses.
-  class OAuthApplicationLogoUploader < ImageUploader
+  class OAuthApplicationLogoUploader < RecordImageUploader
     process resize_to_fit: [75, 75]
   end
 end

data/app/uploaders/decidim/official_image_footer_uploader.rb

@@ -2,7 +2,7 @@
 
 module Decidim
   # This class deals with uploading hero images to ParticipatoryProcesses.
-  class OfficialImageFooterUploader < ImageUploader
+  class OfficialImageFooterUploader < RecordImageUploader
     process resize_to_fit: [600, 180]
   end
 end

data/app/uploaders/decidim/official_image_header_uploader.rb

@@ -2,7 +2,7 @@
 
 module Decidim
   # This class deals with uploading hero images to ParticipatoryProcesses.
-  class OfficialImageHeaderUploader < ImageUploader
+  class OfficialImageHeaderUploader < RecordImageUploader
     process resize_to_fit: [160, 160]
   end
 end

data/app/uploaders/decidim/organization_logo_uploader.rb

@@ -2,7 +2,7 @@
 
 module Decidim
   # This class deals with uploading the organization's logo.
-  class OrganizationLogoUploader < ImageUploader
+  class OrganizationLogoUploader < RecordImageUploader
     version :medium do
       process resize_to_fit: [600, 160]
     end

data/app/uploaders/decidim/record_image_uploader.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Decidim
+  # This class deals with uploading record specific images that have more
+  # limited content types than the defaults.
+  class RecordImageUploader < ImageUploader
+    def content_type_whitelist
+      %w(image/jpeg image/png)
+    end
+
+    def extension_whitelist
+      %w(jpeg jpg png)
+    end
+  end
+end

data/app/validators/etiquette_validator.rb

@@ -8,7 +8,6 @@ class EtiquetteValidator < ActiveModel::EachValidator
 
     validate_caps(record, attribute, value)
     validate_marks(record, attribute, value)
-    validate_long_words(record, attribute, value)
     validate_caps_first(record, attribute, value)
     validate_length(record, attribute, value)
   end
@@ -27,12 +26,6 @@ class EtiquetteValidator < ActiveModel::EachValidator
     record.errors.add(attribute, options[:message] || :too_many_marks)
   end
 
-  def validate_long_words(record, attribute, value)
-    return if value.scan(/[A-z]{35,}/).empty?
-
-    record.errors.add(attribute, options[:message] || :long_words)
-  end
-
   def validate_caps_first(record, attribute, value)
     return if value.scan(/\A[a-z]{1}/).empty?
 

data/app/validators/geocoding_validator.rb

@@ -4,10 +4,9 @@
 # an existing address and computes its coordinates.
 class GeocodingValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
-    if Decidim.geocoder.present? && record.component.present?
-      organization = record.component.organization
-      Geocoder.configure(Geocoder.config.merge(http_headers: { "Referer" => organization.host }))
-      coordinates = Geocoder.coordinates(value)
+    if Decidim::Map.available?(:geocoding) && record.component.present?
+      geocoder = geocoder_for(record.component.organization)
+      coordinates = geocoder.coordinates(value)
 
       if coordinates.present?
         record.latitude = coordinates.first
@@ -19,4 +18,10 @@ class GeocodingValidator < ActiveModel::EachValidator
       record.errors.add(attribute, :invalid)
     end
   end
+
+  private
+
+  def geocoder_for(organization)
+    Decidim::Map.geocoding(organization: organization)
+  end
 end

data/app/validators/passthru_validator.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+# This validator passes through the file upload validations on a record
+# attribute to an associated record. Useful e.g. with the forms that are not
+# aware of the actual record's validators but they still need to apply the same
+# validators as in the model they represent. Needs to be configured with the
+# target class and optionally the target attribute where the validators are
+# fetched from. By default the attribute name matches the attribute the
+# validator is set for. Works only for each validators.
+#
+# Example:
+#
+#   class ParticipantForm < Decidim::Form
+#     # Passes both the validator class only
+#     validates :avatar_image, passthru: { to: Person }
+#
+#     # Passes both the validator class and attribute
+#     validates :image, passthru: { to: Person, attribute: :avatar_image }
+#   end
+class PassthruValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return unless target_class
+
+    dummy_attr = target_attribute(attribute)
+
+    # Create a dummy record for which the validations are actually run on
+    dummy = validation_record(record)
+
+    target_validators(attribute).each do |validator|
+      next unless validator.is_a?(ActiveModel::EachValidator)
+      next unless check_validator_conditions(dummy, validator)
+
+      dummy.errors.clear
+      validator.validate_each(dummy, dummy_attr, value)
+      dummy.errors[dummy_attr].each do |err|
+        record.errors.add(attribute, err)
+      end
+    end
+  end
+
+  # Creates a dummy validation record that passes the correct file upload
+  # validation context from the original record for the validators.
+  def validation_record(record)
+    dummy = target_instance(record)
+    if dummy.is_a?(Decidim::Attachment)
+      if record.respond_to?(:attached_to)
+        dummy.attached_to = record.attached_to
+      elsif record.respond_to?(:organization)
+        dummy.attached_to = record.organization
+      end
+    elsif dummy.respond_to?(:organization=) && record.respond_to?(:organization)
+      dummy.organization = record.organization
+    end
+    dummy
+  end
+
+  def target_validators(attribute)
+    target_class.validators_on(target_attribute(attribute))
+  end
+
+  def target_class
+    options[:to]
+  end
+
+  def target_attribute(default = nil)
+    options[:attribute] || default
+  end
+
+  def target_instance(record)
+    instance_attributes = begin
+      if options[:with].respond_to?(:call)
+        options[:with].call(record)
+      else
+        options[:with] || {}
+      end
+    end
+    instance_attributes.each do |key, val|
+      instance_attributes[key] = val.call(record) if val.respond_to?(:call)
+    end
+
+    target_class.new(instance_attributes)
+  end
+
+  private
+
+  def check_validator_conditions(record, validator)
+    if (condition = validator.options[:if])
+      if_result = begin
+        if condition.respond_to?(:call)
+          condition.call(record)
+        else
+          record.public_send(condition)
+        end
+      end
+      return false unless if_result
+    end
+
+    if (condition = validator.options[:unless])
+      unless_result = begin
+        if condition.respond_to?(:call)
+          condition.call(record)
+        else
+          record.public_send(condition)
+        end
+      end
+      return false if unless_result
+    end
+
+    true
+  end
+end

data/app/validators/scope_belongs_to_component_validator.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+# This validator ensures the scope is a scope of a component scope
+class ScopeBelongsToComponentValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return unless component_for(record)
+
+    record.errors.add(attribute, :invalid) if component_for(record).out_of_scope?(Decidim::Scope.find_by(id: value))
+  end
+
+  private
+
+  def component_for(record)
+    record.try(:component) || record.try(:current_component)
+  end
+end

data/app/validators/uploader_content_type_validator.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# This validator ensures the files to be uploaded match the attached uploader's
+# content types. This prevents CarrierWave from uploading the records before
+# they pass the content type validations.
+class UploaderContentTypeValidator < ActiveModel::Validations::FileContentTypeValidator
+  def validate_each(record, attribute, value)
+    begin
+      values = parse_values(value)
+    rescue JSON::ParserError
+      record.errors.add attribute, :invalid
+      return
+    end
+
+    return if values.empty?
+
+    uploader = record.send(attribute)
+    return unless uploader
+    return unless uploader.is_a?(Decidim::ApplicationUploader)
+
+    mode = option_value(record, :mode)
+    allowed_types = uploader.content_type_whitelist || []
+    forbidden_types = uploader.content_type_blacklist || []
+
+    values.each do |val|
+      val_mode = mode
+
+      # The :strict mode would be more robust for the content type detection if
+      # the value does not know its own content type. However, this would
+      # require the command line utility named `file` which is only available in
+      # *nix. This would also require adding a new gem dependency for running
+      # the CLI utility, Terrapin or Cocaine in older versions of the
+      # file_validators gem. The :relaxed mode detects the content type based on
+      # the file extension through the mime-types gem.
+      val_mode = :relaxed if val_mode.blank? && !val.respond_to?(:content_type)
+
+      content_type = get_content_type(val, val_mode)
+      validate_whitelist(record, attribute, content_type, allowed_types)
+      validate_blacklist(record, attribute, content_type, forbidden_types)
+    end
+  end
+
+  def check_validity!; end
+end

data/app/views/decidim/authorization_modals/_content.html.erb

@@ -17,8 +17,8 @@
   <% authorizations.statuses.each do |status| %>
     <% next if status.ok? || authorizations.global_code && status.code != base_code %>
     <p><%= t ".#{status.code}.explanation", authorization: t("#{status.handler_name}.name", scope: "decidim.authorization_handlers") %></p>
-    <% if status.data[:extra_explanation] %>
-      <p><%= t status.data[:extra_explanation][:key], **status.data[:extra_explanation][:params] %></p>
+    <% [status.data[:extra_explanation]].flatten.compact.each do |extra_explanation| %>
+      <p><%= t extra_explanation[:key], **extra_explanation[:params] %></p>
     <% end %>
     <% if status.data[:fields] %>
       <ul>

data/app/views/decidim/devise/registrations/new.html.erb

@@ -19,7 +19,9 @@
     </div>
   </div>
 
-  <%= render "decidim/devise/shared/omniauth_buttons" %>
+  <% cache current_organization do %>
+    <%= render "decidim/devise/shared/omniauth_buttons" %>
+  <% end %>
 
   <div class="row">
     <div class="columns large-6 medium-10 medium-centered">

data/app/views/decidim/devise/sessions/new.html.erb

@@ -21,7 +21,9 @@
         <% end %>
       </div>
     </div>
-    <%= render "decidim/devise/shared/omniauth_buttons" %>
+    <% cache current_organization do %>
+      <%= render "decidim/devise/shared/omniauth_buttons" %>
+    <% end %>
 
     <% if current_organization.sign_in_enabled? %>
       <div class="row">

data/app/views/decidim/messaging/conversations/_error_modal.html.erb

@@ -0,0 +1,21 @@
+<div class="reveal" id="messageErrorModal" data-reveal>
+  <div class="reveal__header">
+    <h2 class="reveal__title"><%= error %></h2>
+    <button class="close-button" data-close aria-label="<%= t(".close") %>"
+      type="button">
+      <span aria-hidden="true">&times;</span>
+    </button>
+  </div>
+  <div class="reveal__body">
+    <p><%= t(".intro") %></p>
+    <p>
+      <%= messages.join("<br>") %>
+    </p>
+    <p><%= t(".correct_errors") %></p>
+  </div>
+  <div class="reveal__footer">
+    <div class="buttons button--double">
+      <a class="button" role="button" href="#" data-close aria-label="<%= t(".ok") %>"><%= t(".ok") %></a>
+    </div>
+  </div>
+</div>

data/app/views/decidim/messaging/conversations/error.js.erb

@@ -0,0 +1,10 @@
+var $messageError = $("#messageErrorModal");
+if ($messageError.length > 0) {
+  $messageError.foundation("_destroy").remove();
+}
+
+$("#messages").append("<%= j(render "error_modal", error: error, messages: messages).html_safe %>");
+$messageError = $("#messageErrorModal");
+
+var messageErrorReveal = new Foundation.Reveal($messageError);
+messageErrorReveal.open();

data/app/views/decidim/newsletter_mailer/newsletter.html.erb

@@ -1,4 +1,4 @@
-<%= decidim_sanitize cell.to_s %>
+<%= decidim_sanitize_newsletter cell.to_s %>
 
 <% content_for :note do %>
   <%== t ".note", organization_name: h(@organization.name), link: decidim.notifications_settings_url(host: @organization.host) %>

data/app/views/decidim/notification_mailer/event_received.html.erb

@@ -2,10 +2,10 @@
 
 <p><%= @event_instance.email_intro %></p>
 
-<% if @event_instance.try(:resource_text).present? %>
+<% if @event_instance.try(:safe_resource_text).present? %>
   <blockquote>
     <p>
-      <%= @event_instance.resource_text.html_safe %>
+      <%= @event_instance.safe_resource_text %>
     </p>
   </blockquote>
 <% end %>

data/app/views/decidim/pages/_standalone.html.erb

@@ -15,7 +15,7 @@
         </div>
       </div>
 
-      <%= cell "decidim/tos_page", :sticky_form %>
+      <%= cell "decidim/tos_page", :form %>
     </main>
   </div>
 </div>

data/app/views/decidim/pages/_tabbed.html.erb

@@ -39,7 +39,7 @@
         </div>
       </div>
 
-      <%= cell "decidim/tos_page", :sticky_form %>
+      <%= cell "decidim/tos_page", :form %>
     </div>
   </div>
 </div>