decidim-core 0.23.3 → 0.24.0.rc1

data/lib/decidim/gamification/badge_scorer.rb

@@ -122,9 +122,10 @@ module Decidim
       end
 
       def recipients
-        if @model.is_a?(User)
+        case @model
+        when User
           [@model]
-        elsif @model.is_a?(UserGroup)
+        when UserGroup
           @model.users
         end
       end

data/lib/decidim/gamification/base_event.rb

@@ -25,11 +25,11 @@ module Decidim
       end
 
       def badge
-        @badge ||= Gamification.find_badge(extra.dig("badge_name"))
+        @badge ||= Gamification.find_badge(extra["badge_name"])
       end
 
       def current_level
-        extra.dig("current_level")
+        extra["current_level"]
       end
 
       def user

data/lib/decidim/geocodable.rb

@@ -29,11 +29,13 @@ module Decidim
 
       private
 
+      # rubocop:disable Style/OptionalBooleanParameter
       def do_lookup(_reverse = false)
         RecordGeocoder.with_record(self) do
           super
         end
       end
+      # rubocop:enable Style/OptionalBooleanParameter
     end
 
     module RecordGeocoder

data/lib/decidim/has_category.rb

@@ -24,7 +24,7 @@ module Decidim
       def category_belongs_to_organization
         return unless category
 
-        errors.add(:category, :invalid) unless component.categories.where(id: category.id).exists?
+        errors.add(:category, :invalid) unless component.categories.exists?(id: category.id)
       end
     end
   end

data/lib/decidim/has_private_users.rb

@@ -26,7 +26,7 @@ module Decidim
             id: public_spaces +
                 private_spaces
                   .joins(:participatory_space_private_users)
-                  .where("decidim_participatory_space_private_users.decidim_user_id = ?", user.id)
+                  .where(decidim_participatory_space_private_users: { decidim_user_id: user.id })
           )
         else
           public_spaces

data/lib/decidim/importers/import_manifest.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Importers
+    # For importing data from files to components. Every resource type should
+    # specify it's own creator, which will be responsible for producing (creating)
+    # and finishing (saving) the imported resource.
+    class ImportManifest
+      attr_reader :name, :manifest
+
+      # Initializes the manifest.
+      #
+      # name - The name of the export artifact. It should be unique in the
+      #        space or component.
+      #
+      # manifest - The parent manifest where this import manifest belongs to.
+      #
+      def initialize(name, manifest)
+        @name = name.to_sym
+        @manifest = manifest
+      end
+
+      # Public: Sets the creator when an argument is provided, returns the
+      # stored creator otherwise.
+      def creator(creator = nil)
+        @creator ||= creator || Decidim::Admin::Import::Creator
+      end
+
+      DEFAULT_FORMATS = %w(CSV JSON Excel).freeze
+
+      def formats
+        DEFAULT_FORMATS
+      end
+    end
+  end
+end

data/lib/decidim/map/autocomplete.rb

@@ -57,8 +57,18 @@ module Decidim
             @template.snippets.add(:head, @template.snippets.for(:geocoding))
           end
 
+          options[:value] ||= object.send(attribute) if object.respond_to?(attribute)
+          if object.respond_to?(:latitude) && object.respond_to?(:longitude)
+            point = [object.latitude, object.longitude]
+            options["data-coordinates"] ||= point.join(",")
+          end
+
           field(attribute, options) do |opts|
-            builder.geocoding_field(@object_name, attribute, opts)
+            builder.geocoding_field(
+              @object_name,
+              attribute,
+              opts
+            )
           end
         end
       end

data/lib/decidim/metric_operation.rb

@@ -36,12 +36,11 @@ module Decidim
     # With 'metric_operation' and 'metric_name':
     #   - Returns a single manifest related to that two params
     def for(metric_operation, metric_name = nil)
-      list = if metric_name
-               all.find { |manifest| manifest.metric_operation == metric_operation.to_s && manifest.metric_name == metric_name.to_s }
-             else
-               all.find_all { |manifest| manifest.metric_operation == metric_operation.to_s }
-             end
-      list
+      if metric_name
+        all.find { |manifest| manifest.metric_operation == metric_operation.to_s && manifest.metric_name == metric_name.to_s }
+      else
+        all.find_all { |manifest| manifest.metric_operation == metric_operation.to_s }
+      end
     end
 
     def all

data/lib/decidim/participatory_space_resourceable.rb

@@ -54,9 +54,7 @@ module Decidim
         manifest = Decidim.find_participatory_space_manifest(participatory_space_name)
         return self.class.none unless manifest
 
-        scope = manifest.participatory_spaces.call(organization)
-
-        scope
+        manifest.participatory_spaces.call(organization)
       end
 
       # Links the given resources to this model, replaces any previous links with the same name.

data/lib/decidim/query_extensions.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-require "decidim/api/component_interface"
-require "decidim/api/participatory_space_interface"
-
 module Decidim
   # This module's job is to extend the API with custom fields related to
   # decidim-core.
@@ -12,91 +9,115 @@ module Decidim
     # type - A GraphQL::BaseType to extend.
     #
     # Returns nothing.
-    def self.define(type)
-      Decidim.participatory_space_manifests.each do |participatory_space_manifest|
-        type.field participatory_space_manifest.name.to_s.camelize(:lower),
-                   type: type.types[participatory_space_manifest.query_type.constantize],
-                   description: "Lists all #{participatory_space_manifest.name}",
-                   function: participatory_space_manifest.query_list.constantize.new(manifest: participatory_space_manifest)
-
-        type.field participatory_space_manifest.name.to_s.singularize.camelize(:lower),
-                   type: participatory_space_manifest.query_type.constantize,
-                   description: "Finds a #{participatory_space_manifest.name.to_s.singularize}",
-                   function: participatory_space_manifest.query_finder.constantize.new(manifest: participatory_space_manifest)
+    def self.included(type)
+      type.field :participatory_processes,
+                 [Decidim::ParticipatoryProcesses::ParticipatoryProcessType],
+                 null: true,
+                 description: "Lists all participatory_processes" do
+        argument :filter, Decidim::ParticipatoryProcesses::ParticipatoryProcessInputFilter, "This argument let's you filter the results", required: false
+        argument :order, Decidim::ParticipatoryProcesses::ParticipatoryProcessInputSort, "This argument let's you order the results", required: false
       end
 
-      type.field :component, Decidim::Core::ComponentInterface do
-        description "Lists the components this space contains."
-        argument :id, !types.ID, "The ID of the component to be found"
+      type.field :participatory_process,
+                 Decidim::ParticipatoryProcesses::ParticipatoryProcessType,
+                 null: true,
+                 description: "Finds a participatory_process" do
+        argument :id, GraphQL::Types::ID, "The ID of the participatory space", required: false
+        argument :slug, String, "The slug of the participatory process", required: false
+      end
 
-        resolve lambda { |_, args, ctx|
-                  component = Decidim::Component.published.find_by(id: args[:id])
-                  component&.organization == ctx[:current_organization] ? component : nil
-                }
+      type.field :component, Decidim::Core::ComponentInterface, null: true do
+        description "Lists the components this space contains."
+        argument :id, GraphQL::Types::ID, required: true, description: "The ID of the component to be found"
       end
 
-      type.field :session do
-        type Core::SessionType
-        description "Return's information about the logged in user"
+      type.field :session, Core::SessionType, description: "Return's information about the logged in user", null: true
 
-        resolve lambda { |_obj, _args, ctx|
-          ctx[:current_user]
-        }
-      end
+      type.field :decidim, Core::DecidimType, "Decidim's framework properties.", null: true
+
+      type.field :organization, Core::OrganizationType, "The current organization", null: true
 
-      type.field :decidim, Core::DecidimType, "Decidim's framework properties." do
-        resolve ->(_obj, _args, _ctx) { Decidim }
+      type.field :hashtags, [Core::HashtagType], null: true, description: "The hashtags for current organization" do
+        argument :name, GraphQL::Types::String, "The name of the hashtag", required: false
       end
 
-      type.field :organization, Core::OrganizationType, "The current organization" do
-        resolve ->(_obj, _args, ctx) { ctx[:current_organization] }
+      type.field :metrics, type: [Decidim::Core::MetricType], null: true do
+        argument :names, [GraphQL::Types::String], "The names of the metrics you want to retrieve", camelize: false, required: false
+        argument :space_type, GraphQL::Types::String, "The type of ParticipatorySpace you want to filter with", camelize: false, required: false
+        argument :space_id, GraphQL::Types::Int, "The ID of ParticipatorySpace you want to filter with", camelize: false, required: false
       end
 
-      type.field :hashtags do
-        type types[Core::HashtagType]
-        description "The hashtags for current organization"
-        argument :name, types.String, "The name of the hashtag"
+      type.field :user,
+                 type: Core::AuthorInterface, null: true,
+                 description: "A participant (user or group) in the current organization" do
+        argument :id, GraphQL::Types::ID, "The ID of the participant", required: false
+        argument :nickname, GraphQL::Types::String, "The @nickname of the participant", required: false
+      end
 
-        resolve lambda { |_obj, args, ctx|
-          Decidim::HashtagsResolver.new(ctx[:current_organization], args[:name]).hashtags
-        }
+      type.field :users,
+                 type: [Core::AuthorInterface], null: true,
+                 description: "The participants (users or groups) for the current organization" do
+        argument :order, Decidim::Core::UserEntityInputSort, "Provides several methods to order the results", required: false
+        argument :filter, Decidim::Core::UserEntityInputFilter, "Provides several methods to filter the results", required: false
       end
+    end
 
-      type.field :metrics do
-        type types[Decidim::Core::MetricType]
-        argument :names, types[types.String], "The names of the metrics you want to retrieve"
-        argument :space_type, types.String, "The type of ParticipatorySpace you want to filter with"
-        argument :space_id, types.Int, "The ID of ParticipatorySpace you want to filter with"
-
-        resolve lambda { |_, args, ctx|
-                  manifests = if args[:names].blank?
-                                Decidim.metrics_registry.all
-                              else
-                                Decidim.metrics_registry.all.select do |manifest|
-                                  args[:names].include?(manifest.metric_name.to_s)
-                                end
-                              end
-                  filters = {}
-                  if args[:space_type].present? && args[:space_id].present?
-                    filters[:participatory_space_type] = args[:space_type]
-                    filters[:participatory_space_id] = args[:space_id]
-                  end
+    def participatory_processes(filter: {}, order: {})
+      manifest = Decidim.participatory_space_manifests.select { |m| m.name == :participatory_processes }.first
+      Decidim::Core::ParticipatorySpaceListBase.new(manifest: manifest).call(object, { filter: filter, order: order }, context)
+    end
+
+    def participatory_process(id: nil, slug: nil)
+      manifest = Decidim.participatory_space_manifests.select { |m| m.name == :participatory_processes }.first
+      Decidim::Core::ParticipatorySpaceFinderBase.new(manifest: manifest).call(object, { id: id, slug: slug }, context)
+    end
+
+    def component(id: {})
+      component = Decidim::Component.published.find_by(id: id)
+      component&.organization == context[:current_organization] ? component : nil
+    end
+
+    def session
+      context[:current_user]
+    end
+
+    def decidim
+      Decidim
+    end
+
+    def organization
+      context[:current_organization]
+    end
 
-                  manifests.map do |manifest|
-                    Decidim::Core::MetricResolver.new(manifest.metric_name, ctx[:current_organization], filters)
+    def hashtags(name: nil)
+      Decidim::HashtagsResolver.new(context[:current_organization], name).hashtags
+    end
+
+    def metrics(names: [], space_type: nil, space_id: nil)
+      manifests = if names.blank?
+                    Decidim.metrics_registry.all
+                  else
+                    Decidim.metrics_registry.all.select do |manifest|
+                      names.include?(manifest.metric_name.to_s)
+                    end
                   end
-                }
+      filters = {}
+      if space_type.present? && space_id.present?
+        filters[:participatory_space_type] = space_type
+        filters[:participatory_space_id] = space_id
       end
 
-      type.field :user,
-                 type: Core::AuthorInterface,
-                 description: "A participant (user or group) in the current organization",
-                 function: Core::UserEntityFinder.new
+      manifests.map do |manifest|
+        Decidim::Core::MetricResolver.new(manifest.metric_name, context[:current_organization], filters)
+      end
+    end
 
-      type.field :users,
-                 type: type.types[Core::AuthorInterface],
-                 description: "The participants (users or groups) for the current organization",
-                 function: Core::UserEntityList.new
+    def user(id: nil, nickname: nil)
+      Core::UserEntityFinder.new.call(object, { id: id, nickname: nickname }, context)
+    end
+
+    def users(filter: {}, order: {})
+      Core::UserEntityList.new.call(object, { filter: filter, order: order }, context)
     end
   end
 end

data/lib/decidim/randomable.rb

@@ -12,7 +12,12 @@ module Decidim
       def order_randomly(seed)
         transaction do
           connection.execute("SELECT setseed(#{connection.quote(seed)})")
-          order(Arel.sql("RANDOM()")).load
+          # Include the record IDs as a base number for the order calculation
+          # in order to avoid PostgreSQL random ordering when the records are
+          # updated. PostgreSQL can randomly change the base ordering in case
+          # the records are changed which is not desired as we want consistent
+          # orders for the records.
+          order(arel_table[primary_key] * Arel.sql("RANDOM()")).load
         end
       end
     end

data/lib/decidim/record_encryptor.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+
+module Decidim
+  # A concern that provides attribute encryption e.g. to active record models.
+  #
+  # Use this e.g. in models as follows:
+  #
+  # class Example < ApplicationRecord
+  #   include Decidim::RecordEncryptor
+  #
+  #   encrypt_attribute :name, type: :string
+  #   encrypt_attribute :metadata, type: :hash
+  # end
+  module RecordEncryptor
+    extend ActiveSupport::Concern
+
+    included do
+      # Store the encrypted attributes in a class accessor
+      cattr_accessor :encrypted_attributes
+
+      before_save :ensure_encrypted_attributes if respond_to?(:before_save)
+    end
+
+    class_methods do
+      # Public: Defines an attribute that should be encrypted
+      def encrypt_attribute(attribute, type:)
+        self.encrypted_attributes ||= []
+        raise "The attribute #{attribute} is already defined as encrypted" if encrypted_attributes.include?(attribute)
+
+        encrypted_attributes << attribute
+
+        # Defines the suffix for the encrypt and decrypt methods. E.g. when
+        # the `type` is `:hash`, method `decrypt_hash_values` would be called
+        # for decryption and `encrypt_hash_values` would be called for
+        # encryption.
+        method_suffix = begin
+          case type
+          when :hash
+            "hash_values"
+          else
+            "value"
+          end
+        end
+
+        # Dynamically defines the getter and setter for the encrypted attribute.
+        # E.g. when called as `encrypt_attribute :name, type: :string`, this
+        # would define the following methods:
+        #
+        #   def name
+        #     decrypt_value(super)
+        #   end
+        #
+        #   def name=(value)
+        #     super(encrypt_value(value))
+        #   end
+        class_eval <<-RUBY, __FILE__, __LINE__ + 1
+          def #{attribute}
+            return @#{attribute}_decrypted if instance_variable_defined?(:@#{attribute}_decrypted)
+
+            encrypted_value = begin
+              if defined?(super)
+                super
+              elsif instance_variable_defined?(:@#{attribute})
+                @#{attribute}
+              end
+            end
+            @#{attribute}_decrypted = decrypt_#{method_suffix}(encrypted_value)
+          end
+
+          def #{attribute}=(value)
+            remove_instance_variable(:@#{attribute}_decrypted) if instance_variable_defined?(:@#{attribute}_decrypted)
+            encrypted_value = encrypt_#{method_suffix}(value)
+
+            if defined?(super)
+              super(encrypted_value)
+            else
+              @#{attribute} = encrypted_value
+            end
+          end
+        RUBY
+      end
+    end
+
+    private
+
+    # Re-assign the encrypted attributes before save so they are also saved when
+    # they are modified without calling the accessors. This could happen e.g.
+    # for hashes which are modified directly as follows:
+    #
+    #  record = Example.find(1)
+    #  record.metadata["foo"] = "bar"
+    #  record.save!
+    #
+    # This will also clear the cached attributes during saving so that next time
+    # they are accessed, they will be updated according to the stored values.
+    def ensure_encrypted_attributes
+      self.class.encrypted_attributes.each do |attr|
+        send("#{attr}=", send(attr))
+      end
+    end
+
+    def decrypt_value(value)
+      Decidim::AttributeEncryptor.decrypt(value)
+    rescue ActiveSupport::MessageEncryptor::InvalidMessage
+      # Support for legacy unencrypted values. This is necessary e.g. when
+      # migrating the original unencrypted values to encrypted values.
+      value
+    end
+
+    def encrypt_value(value)
+      Decidim::AttributeEncryptor.encrypt(value)
+    end
+
+    def decrypt_hash_values(hash)
+      return hash unless hash.is_a?(Hash)
+
+      hash.transform_values { |value| ActiveSupport::JSON.decode(decrypt_value(value)) }
+    end
+
+    def encrypt_hash_values(hash)
+      return hash unless hash.is_a?(Hash)
+
+      # The values are stored in JSON encoded format in order to match the
+      # PostgreSQL adapter's default functionality as you can see at:
+      # https://git.io/JkdYJ
+      hash.transform_values { |value| encrypt_value(ActiveSupport::JSON.encode(value)) }
+    end
+  end
+end