decidim-core 0.23.2 → 0.24.0

data/app/cells/decidim/translation_bar_cell.rb

@@ -28,7 +28,7 @@ module Decidim
                   elsif query.nil?
                     new_query_params
                   else
-                    query + "&" + new_query_params
+                    "#{query}&#{new_query_params}"
                   end
 
       parsed_url.query = new_query

data/app/cells/decidim/user_conversation/conversation_header.erb

@@ -4,7 +4,7 @@
       <%= icon "chevron-left", role: "img" %>
     <% end %>
   </div>
-  <%= link_to decidim.profile_conversations_path(nickname: user.nickname) do %>
+  <%= link_to profile_path(user.nickname) do %>
     <%= image_tag conversation_avatar, alt: t("decidim.author.avatar") %>
   <% end %>
 

data/app/cells/decidim/user_conversations_cell.rb

@@ -32,7 +32,7 @@ module Decidim
     end
 
     def conversation_interlocutors(conversation)
-      return username_list(conversation.interlocutors(user), true) unless conversation.interlocutors(user).count == 1
+      return username_list(conversation.interlocutors(user), shorten: true) unless conversation.interlocutors(user).count == 1
 
       "#{conversation.interlocutors(user).first.name} <span class=\"muted\">@#{conversation.interlocutors(user).first.nickname}</span>"
     end

data/app/commands/decidim/attachment_methods.rb

@@ -16,6 +16,10 @@ module Decidim
       )
     end
 
+    def delete_attachment(attachment)
+      Attachment.find(attachment.id).delete if attachment.id == proposal.documents.first.id
+    end
+
     def attachment_invalid?
       if attachment.invalid? && attachment.errors.has_key?(:file)
         @form.attachment.errors.add :file, attachment.errors[:file]
@@ -43,5 +47,9 @@ module Decidim
     def process_attachments?
       attachments_allowed? && attachment_present? && attachment_file_uploaded?
     end
+
+    def delete_attachment?
+      @form.attachment&.delete_file.present?
+    end
   end
 end

data/app/commands/decidim/create_report.rb

@@ -25,6 +25,7 @@ module Decidim
 
       transaction do
         find_or_create_moderation!
+        update_reported_content!
         create_report!
         update_report_count!
       end
@@ -47,12 +48,17 @@ module Decidim
       @moderation = Moderation.find_or_create_by!(reportable: @reportable, participatory_space: participatory_space)
     end
 
+    def update_reported_content!
+      @moderation.update!(reported_content: @reportable.reported_searchable_content_text)
+    end
+
     def create_report!
       @report = Report.create!(
         moderation: @moderation,
         user: @current_user,
         reason: form.reason,
-        details: form.details
+        details: form.details,
+        locale: I18n.locale
       )
     end
 
@@ -66,6 +72,8 @@ module Decidim
 
     def send_report_notification_to_moderators
       participatory_space_moderators.each do |moderator|
+        next unless moderator.email_on_moderations
+
         ReportedMailer.report(moderator, @report).deliver_later
       end
     end
@@ -80,6 +88,8 @@ module Decidim
 
     def send_hide_notification_to_moderators
       participatory_space_moderators.each do |moderator|
+        next unless moderator.email_on_moderations
+
         ReportedMailer.hide(moderator, @report).deliver_later
       end
     end

data/app/commands/decidim/create_user_report.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Decidim
+  # A command with all the business logic when a user creates a report.
+  class CreateUserReport < Rectify::Command
+    # Public: Initializes the command.
+    #
+    # form         - A form object with the params.
+    # reportable   - The resource being reported
+    # current_user - The current user.
+    def initialize(form, reportable, current_user)
+      @form = form
+      @reportable = reportable
+      @current_user = current_user
+    end
+
+    # Executes the command. Broadcasts these events:
+    #
+    # - :ok when everything is valid, together with the report.
+    # - :invalid if the form wasn't valid and we couldn't proceed.
+    #
+    # Returns nothing.
+    def call
+      return broadcast(:invalid) if form.invalid?
+
+      transaction do
+        find_or_create_moderation!
+        create_report!
+        update_report_count!
+        send_notification_to_admins!
+      end
+
+      broadcast(:ok, report)
+    end
+
+    private
+
+    attr_reader :form, :report
+
+    def find_or_create_moderation!
+      @moderation = UserModeration.find_or_create_by!(user: @reportable)
+    end
+
+    def create_report!
+      @report = UserReport.create!(
+        moderation: @moderation,
+        user: @current_user,
+        reason: form.reason,
+        details: form.details
+      )
+    end
+
+    def update_report_count!
+      @moderation.update!(report_count: @moderation.report_count + 1)
+    end
+
+    def send_notification_to_admins!
+      current_organization.admins.each do |admin|
+        Decidim::UserReportJob.perform_later(admin, current_user, form.reason, reportable)
+      end
+    end
+
+    def hideable?
+      false
+    end
+  end
+end

data/app/commands/decidim/destroy_account.rb

@@ -30,6 +30,8 @@ module Decidim
     private
 
     def destroy_user_account!
+      @user.invalidate_all_sessions!
+
       @user.name = ""
       @user.nickname = ""
       @user.email = ""

data/app/commands/decidim/gallery_methods.rb

@@ -39,13 +39,13 @@ module Decidim
       @gallery.map! do |photo|
         photo.attached_to = gallery_attached_to
         photo.save!
-        @form.photos << photo.id.to_s
+        @form.photos << photo
       end
     end
 
     def photo_cleanup!
       gallery_attached_to.photos.each do |photo|
-        photo.destroy! if @form.photos.exclude? photo.id.to_s
+        photo.destroy! if @form.photos.map(&:id).exclude? photo.id
       end
       # manually reset cached photos
       gallery_attached_to.reload

data/app/commands/decidim/multiple_attachments_methods.rb

@@ -16,26 +16,30 @@ module Decidim
     end
 
     def attachments_invalid?
-      @documents.each do |file|
-        if file.invalid? && file.errors.has_key?(:file)
-          @form.errors.add(:add_documents, file.errors[:file])
-          return true
+      @documents.each do |document|
+        next if document.valid? || !document.errors.has_key?(:file)
+
+        document.errors[:file].each do |error|
+          @form.errors.add(:add_documents, error)
         end
+
+        return true
       end
+
       false
     end
 
     def create_attachments
-      @documents.map! do |file|
-        file.attached_to = documents_attached_to
-        file.save!
-        @form.documents << file.id.to_s
+      @documents.map! do |document|
+        document.attached_to = documents_attached_to
+        document.save!
+        @form.documents << document
       end
     end
 
     def document_cleanup!
-      documents_attached_to.documents.each do |file|
-        file.destroy! if @form.documents.exclude? file.id.to_s
+      documents_attached_to.documents.each do |document|
+        document.destroy! if @form.documents.map(&:id).exclude? document.id
       end
 
       documents_attached_to.reload

data/app/commands/decidim/search.rb

@@ -82,8 +82,11 @@ module Decidim
     end
 
     def filtered_query_for(class_name)
-      query = SearchableResource.where(organization: organization, locale: I18n.locale)
-      query = query.where(resource_type: class_name)
+      query = SearchableResource.where(
+        organization: organization,
+        locale: I18n.locale,
+        resource_type: class_name
+      )
 
       clean_filters.each_pair do |attribute_name, value|
         query = query.where(attribute_name => value)

data/app/commands/decidim/update_notifications_settings.rb

@@ -28,6 +28,7 @@ module Decidim
       @user.newsletter_notifications_at = @form.newsletter_notifications_at
       @user.notification_types = @form.notification_types
       @user.direct_message_types = @form.direct_message_types
+      @user.email_on_moderations = @form.email_on_moderations
     end
   end
 end

data/app/commands/decidim/update_user_group.rb

@@ -8,6 +8,7 @@ module Decidim
     # form - A form object with the params.
     # user_group - The user group to update
     def initialize(form, user_group)
+      form.avatar = user_group.avatar if form.avatar.blank?
       @form = form
       @user_group = user_group
     end

data/app/controllers/concerns/decidim/devise_controllers.rb

@@ -19,6 +19,7 @@ module Decidim
       include NeedsPermission
       include Decidim::SafeRedirect
       include NeedsSnippets
+      include UserBlockedChecker
 
       helper Decidim::TranslationsHelper
       helper Decidim::MetaTagsHelper

data/app/controllers/concerns/decidim/flaggable.rb

@@ -10,11 +10,15 @@ module Decidim
     extend ActiveSupport::Concern
 
     included do
-      helper_method :flaggable_controller?
+      helper_method :flaggable_controller?, :report_form
 
       def flaggable_controller?
         true
       end
+
+      def report_form
+        Decidim::ReportForm.from_params(reason: "spam")
+      end
     end
   end
 end

data/app/controllers/concerns/decidim/force_authentication.rb

@@ -23,17 +23,25 @@ module Decidim
       unless user_signed_in?
         flash[:warning] = t("actions.login_before_access", scope: "decidim.core")
         store_location_for(:user, request.path)
-        return redirect_to decidim.new_user_session_path
+        redirect_to decidim.new_user_session_path
       end
     end
 
     # Check for all paths that should be allowed even if the user is not yet
     # authorized
     def allow_unauthorized_path?
-      # Changing the locale
-      return true if %r{^\/locale}.match?(request.path) || %r{^\/cookies}.match?(request.path)
+      return true if unauthorized_paths.any? { |path| /^#{path}/.match?(request.path) }
 
       false
     end
+
+    def unauthorized_paths
+      # /locale is for changing the locale
+      # /cookies is for accepting the cookies
+      %w(/locale /cookies) + Decidim::StaticPage.where(
+        organization: current_organization,
+        allow_public_access: true
+      ).pluck(Arel.sql("CONCAT('/pages/', slug)"))
+    end
   end
 end

data/app/controllers/concerns/decidim/locale_switcher.rb

@@ -69,6 +69,9 @@ module Decidim
         end
       end
 
+      # rubocop: disable Metrics/CyclomaticComplexity
+      # rubocop: disable Metrics/PerceivedComplexity
+
       # Finds a suitable language or returns nil
       # Follows the RFC 2616 rules with this particularities:
       # if no language matches, goes for the 2 chars prefixes
@@ -96,6 +99,8 @@ module Decidim
         end
         lang == "*" ? nil : lang
       end
+      # rubocop: enable Metrics/CyclomaticComplexity
+      # rubocop: enable Metrics/PerceivedComplexity
     end
   end
 end

data/app/controllers/concerns/decidim/needs_permission.rb

@@ -21,7 +21,13 @@ module Decidim
       # them they are not authorized.
       def user_has_no_permission
         flash[:alert] = t("actions.unauthorized", scope: "decidim.core")
-        redirect_to(request.referer || user_has_no_permission_path)
+        redirect_to(user_has_no_permission_referer || user_has_no_permission_path)
+      end
+
+      def user_has_no_permission_referer
+        return if request.referer == request.original_url
+
+        request.referer
       end
 
       def user_has_no_permission_path

data/app/controllers/concerns/decidim/orderable.rb

@@ -29,7 +29,9 @@ module Decidim
       # Returns: A random float number between -1 and 1 to be used as a
       # random seed at the database.
       def random_seed
-        @random_seed ||= session.fetch(:random_seed, (rand * 2 - 1)).to_f
+        @random_seed ||= begin
+          session[:random_seed] ||= rand * 2 - 1
+        end.to_f
       end
     end
   end

data/app/controllers/concerns/decidim/paginable.rb

@@ -18,7 +18,14 @@ module Decidim
       end
 
       def per_page
-        params[:per_page] || OPTIONS.first
+        if OPTIONS.include?(params[:per_page])
+          params[:per_page]
+        elsif params[:per_page]
+          sorted = OPTIONS.sort
+          params[:per_page].to_i.clamp(sorted.first, sorted.last)
+        else
+          OPTIONS.first
+        end
       end
 
       def page_offset

data/app/controllers/concerns/decidim/user_blocked_checker.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+
+module Decidim
+  module UserBlockedChecker
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :check_user_not_blocked
+    end
+
+    def check_user_not_blocked
+      check_user_block_status(current_user)
+    end
+
+    def check_user_block_status(user)
+      if user.present? && user.blocked?
+        sign_out user
+        flash.delete(:notice)
+        flash[:error] = t("decidim.account.blocked")
+        root_path
+      end
+    end
+  end
+end

data/app/controllers/decidim/application_controller.rb

@@ -17,6 +17,7 @@ module Decidim
     include ForceAuthentication
     include SafeRedirect
     include NeedsSnippets
+    include UserBlockedChecker
 
     helper Decidim::MetaTagsHelper
     helper Decidim::DecidimFormHelper
@@ -63,6 +64,27 @@ module Decidim
       store_location_for(:user, value)
     end
 
+    # This overrides Devise's method for extracting the path from the URL. We
+    # want to ensure the path to be stored in the cookie is not too long in
+    # order to avoid ActionDispatch::Cookies::CookieOverflow exception. If the
+    # session cookie (containing all the session data) is over 4 KB in length,
+    # it would lead to an exception if the cookie store is being used. This is
+    # a hard constraint set by ActionDispatch because some browsers do not allow
+    # cookies over 4 KB.
+    #
+    # Original code in Devise: https://git.io/Jt6wt
+    def extract_path_from_location(location)
+      path = super
+      return path unless Rails.application.config.session_store == ActionDispatch::Session::CookieStore
+
+      # Allow 3 KB size for the path because there can be also some other
+      # session variables out there.
+      return path if path.bytesize <= ActionDispatch::Cookies::MAX_COOKIE_SIZE - 1024
+
+      # For too long paths, remove the URL parameters
+      path.split("?").first
+    end
+
     # We store whether the user is requesting to toggle the translations or not.
     # We need to store it this way because if we use an instance variable, then
     # we're not able to access that value from inside the presenters, and we