RubyGems - decidim-core - Versions diffs - 0.23.5 → 0.24.2 - Mend

decidim-core 0.23.5 → 0.24.2

Potentially problematic release.

This version of decidim-core might be problematic. Click here for more details.

Files changed (460) hide show

data/app/presenters/decidim/log/diff_presenter.rb CHANGED Viewed

@@ -103,14 +103,15 @@ module Decidim
         default_klass = Decidim::Log::ValueTypes::DefaultPresenter
         klass = ""
-        if type.is_a?(Symbol)
+        case type
+        when Symbol
           klass = "Decidim::Log::ValueTypes::#{type.to_s.camelize}Presenter"
-        elsif type.is_a?(String)
+        when String
           klass = type
         end
         begin
-          return klass.constantize
+          klass.constantize
         rescue NameError => _e
           default_klass
         end

data/app/presenters/decidim/log/resource_presenter.rb CHANGED Viewed

@@ -55,10 +55,10 @@ module Decidim
       # present, it returns `nil`.
       def resource_path
         @resource_path ||= begin
-                             Decidim::ResourceLocatorPresenter.new(resource).path
-                           rescue NoMethodError
-                             nil
-                           end
+          Decidim::ResourceLocatorPresenter.new(resource).path
+        rescue NoMethodError
+          nil
+        end
       end
       # Private: Presents resource name.

data/app/presenters/decidim/log/user_presenter.rb CHANGED Viewed

@@ -51,7 +51,7 @@ module Decidim
           present_user_name,
           user_path,
           class: "logs__log__author",
-          title: "@" + user.nickname,
+          title: "@#{user.nickname}",
           data: {
             tooltip: true,
             "disable-hover": false

data/app/presenters/decidim/menu_presenter.rb CHANGED Viewed

@@ -22,22 +22,27 @@ module Decidim
     def evaluated_menu
       @evaluated_menu ||= begin
-                            menu = Menu.new(@name)
-                            menu.build_for(@view)
-                            menu
-                          end
+        menu = Menu.new(@name)
+        menu.build_for(@view)
+        menu
+      end
     end
     def render
       content_tag :nav, class: "main-nav" do
-        content_tag :ul do
-          safe_join(menu_items)
-        end
+        render_menu
       end
     end
     protected
+    def render_menu(&block)
+      content_tag :ul do
+        elements = block_given? ? [block.call(@view)] : []
+        safe_join(elements + menu_items)
+      end
+    end
     def menu_items
       items.map do |menu_item|
         MenuItemPresenter.new(menu_item, @view, @options).render

data/app/presenters/decidim/nil_presenter.rb CHANGED Viewed

@@ -20,10 +20,8 @@ module Decidim
       true
     end
-    # rubocop:disable Style/MethodMissingSuper
     def method_missing(_method, *_args)
       ""
     end
-    # rubocop:enable Style/MethodMissingSuper
   end
 end

data/app/presenters/decidim/user_presenter.rb CHANGED Viewed

@@ -43,7 +43,7 @@ module Decidim
     end
     def display_mention
-      link_to nickname, profile_path, class: "user-mention"
+      link_to nickname, profile_url, class: "user-mention"
     end
     def can_be_contacted?

data/app/queries/decidim/metrics/blocked_users_metric_manage.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module Decidim
+  module Metrics
+    # Metric manager for User's registries
+    class BlockedUsersMetricManage < Decidim::MetricManage
+      def metric_name
+        "blocked_users"
+      end
+      private
+      def query
+        return @query if @query
+        @query = Decidim::User.blocked.where(organization: @organization)
+        @query = @query.where("blocked_at <= ?", end_time)
+        @query
+      end
+      def quantity
+        @quantity ||= @query.where("blocked_at >= ?", start_time).count
+      end
+    end
+  end
+end

data/app/queries/decidim/metrics/followers_metric_manage.rb CHANGED Viewed

@@ -26,6 +26,8 @@ module Decidim
       private
+      # rubocop: disable Metrics/CyclomaticComplexity
       # Creates a Hashed structure with number of Followers grouped by
       #
       #  - ParticipatorySpace (type & ID)
@@ -57,6 +59,7 @@ module Decidim
         end
         @query
       end
+      # rubocop: enable Metrics/CyclomaticComplexity
     end
   end
 end

data/app/queries/decidim/metrics/participants_metric_manage.rb CHANGED Viewed

@@ -34,6 +34,8 @@ module Decidim
       private
+      # rubocop: disable Metrics/CyclomaticComplexity
       # Creates a Hashed structure with number of Participants grouped by
       #
       #  - ParticipatorySpace (type & ID)
@@ -66,6 +68,7 @@ module Decidim
         end
         @query
       end
+      # rubocop: enable Metrics/CyclomaticComplexity
       # Search for all components published, within a fixed list of available
       def retrieve_components(participatory_space)

data/app/queries/decidim/metrics/reported_users_metric_manage.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module Decidim
+  module Metrics
+    # Metric manager for User's registries
+    class ReportedUsersMetricManage < Decidim::MetricManage
+      def metric_name
+        "reported_users"
+      end
+      private
+      def query
+        return @query if @query
+        @query = Decidim::User.where(organization: @organization).joins(:user_moderation)
+        @query = @query.where("#{Decidim::UserModeration.table_name}.created_at <= ?", end_time)
+        @query
+      end
+      def quantity
+        @quantity ||= @query.where("#{Decidim::UserModeration.table_name}.created_at >= ?", start_time).count
+      end
+    end
+  end
+end

data/app/queries/decidim/metrics/user_reports_metric_manage.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module Decidim
+  module Metrics
+    # Metric manager for User's registries
+    class UserReportsMetricManage < Decidim::MetricManage
+      def metric_name
+        "user_reports"
+      end
+      private
+      def query
+        return @query if @query
+        @query = Decidim::User.where(organization: @organization).joins(:user_reports)
+        @query = @query.where("#{Decidim::UserReport.table_name}.created_at <= ?", end_time)
+        @query
+      end
+      def quantity
+        @quantity ||= @query.where("#{Decidim::UserReport.table_name}.created_at >= ?", start_time).count
+      end
+    end
+  end
+end

data/app/queries/decidim/user_groups/accepted_memberships.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Decidim
       # Returns an ActiveRecord::Relation.
       def query
         user_group
-          .memberships
+          .non_deleted_memberships
           .includes(:user)
           .where(role: %w(creator admin member))
       end

data/app/queries/decidim/user_groups/admin_memberships.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Decidim
       # Returns an ActiveRecord::Relation.
       def query
         user_group
-          .memberships
+          .non_deleted_memberships
           .includes(:user)
           .where(role: :admin)
       end

data/app/queries/decidim/user_groups/member_memberships.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Decidim
       # Returns an ActiveRecord::Relation.
       def query
         user_group
-          .memberships
+          .non_deleted_memberships
           .includes(:user)
           .where(role: :member)
       end

data/app/services/decidim/activity_search.rb CHANGED Viewed

@@ -29,9 +29,7 @@ module Decidim
       query = query.where(user: options[:user]) if options[:user]
       query = query.where(resource_type: options[:resource_name]) if options[:resource_name]
-      query = filter_follows(query)
-      query
+      filter_follows(query)
     end
     # Overwrites the default Searchlight run method since we want to return

data/app/services/decidim/base_diff_renderer.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Decidim
     end
     def parse_i18n_changeset(attribute, values, type, diff)
-      values.last.each_key do |locale, _value|
+      values.last.keys.each do |locale, _value|
         first_value = values.first.try(:[], locale)
         last_value = values.last.try(:[], locale)
         next if first_value == last_value

data/app/services/decidim/data_portability_exporter.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "seven_zip_ruby"
+require "zip"
 require_relative "zip_stream/zip_stream_writer"
 module Decidim

data/app/services/decidim/email_notification_generator.rb CHANGED Viewed

@@ -38,7 +38,6 @@ module Decidim
       followers.each do |recipient|
         next unless ["all", "followed-only"].include?(recipient.notification_types)
-        next unless participatory_space.present? && participatory_space.is_a?(Decidim::Participable) && participatory_space.can_participate?(recipient)
         send_email_to(recipient, user_role: :follower)
       end
@@ -81,7 +80,8 @@ module Decidim
     def component
       return resource.component if resource.is_a?(Decidim::HasComponent)
-      return resource if resource.is_a?(Decidim::Component)
+      resource if resource.is_a?(Decidim::Component)
     end
     def participatory_space

data/app/services/decidim/events_manager.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Decidim
     #
     # Returns nothing.
     # rubocop:disable Metrics/ParameterLists
-    def self.publish(event:, event_class: Decidim::Events::BaseEvent, resource:, affected_users: [], followers: [], extra: {}, force_send: false)
+    def self.publish(event:, resource:, event_class: Decidim::Events::BaseEvent, affected_users: [], followers: [], extra: {}, force_send: false)
       ActiveSupport::Notifications.publish(
         event,
         event_class: event_class.name,

data/app/services/decidim/open_data_exporter.rb CHANGED Viewed

@@ -7,6 +7,8 @@ module Decidim
   # to be uploaded somewhere so users can download an organization
   # data.
   class OpenDataExporter
+    FILE_NAME_PATTERN = "%{host}-open-data-%{entity}.csv"
     attr_reader :organization, :path
     # Public: Initializes the class.
@@ -28,17 +30,19 @@ module Decidim
     def data
       buffer = Zip::OutputStream.write_buffer do |out|
-        open_data_manifests.each do |export_manifest|
-          csv_data = data_for(export_manifest)
-          out.put_next_entry("#{organization.host}-open-data-#{export_manifest.name}.csv")
-          out.write csv_data.read
+        open_data_component_manifests.each do |manifest|
+          add_file_to_output(out, format(FILE_NAME_PATTERN, { host: organization.host, entity: manifest.name }), data_for_component(manifest))
+        end
+        open_data_participatory_space_manifests.each do |manifest|
+          add_file_to_output(out, format(FILE_NAME_PATTERN, { host: organization.host, entity: manifest.name }), data_for_participatory_space(manifest))
         end
       end
       buffer.string
     end
-    def data_for(export_manifest)
+    def data_for_component(export_manifest)
       collection = components.where(manifest_name: export_manifest.manifest.name).find_each.flat_map do |component|
         export_manifest.collection.call(component)
       end
@@ -46,12 +50,37 @@ module Decidim
       Decidim::Exporters::CSV.new(collection, export_manifest.serializer).export
     end
-    def open_data_manifests
-      @open_data_manifests ||= Decidim.component_manifests.flat_map(&:export_manifests).select(&:include_in_open_data?)
+    def data_for_participatory_space(export_manifest)
+      collection = participatory_spaces.filter { |space| space.manifest.name == export_manifest.manifest.name }.flat_map do |participatory_space|
+        export_manifest.collection.call(participatory_space)
+      end
+      Decidim::Exporters::CSV.new(collection, export_manifest.serializer).export
+    end
+    def add_file_to_output(output, file_name, data)
+      output.put_next_entry(file_name)
+      output.write data.read
+    end
+    def open_data_component_manifests
+      @open_data_component_manifests ||= Decidim.component_manifests
+                                                .flat_map(&:export_manifests)
+                                                .select(&:include_in_open_data?)
+    end
+    def open_data_participatory_space_manifests
+      @open_data_participatory_space_manifests ||= Decidim.participatory_space_manifests
+                                                          .flat_map(&:export_manifests)
+                                                          .select(&:include_in_open_data?)
     end
     def components
       @components ||= organization.published_components
     end
+    def participatory_spaces
+      @participatory_spaces ||= organization.public_participatory_spaces
+    end
   end
 end

data/app/services/decidim/zip_stream/zip_stream_writer.rb CHANGED Viewed

@@ -24,10 +24,10 @@ module Decidim
           attachment_block.last.each do |attachment_uploader|
             next if attachment_uploader.file.nil?
-            case attachment_uploader.fog_provider
-            when "fog" # file system
+            case attachment_uploader.provider
+            when "file" # file system
               next unless File.exist?(attachment_uploader.file.file)
-            when "fog/aws"
+            when "aws"
               cache_attachment_from_aws(attachment_uploader)
             else
               Rails.logger.info "Carrierwave fog_provider not supported by DataPortabilityExporter for attachment: #{attachment_uploader}"

data/app/uploaders/decidim/application_uploader.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Decidim
   # hold the uploads configuration, so you should inherit from this class and
   # then tweak any configuration you need.
   class ApplicationUploader < CarrierWave::Uploader::Base
+    include CarrierWave::MiniMagick
     process :validate_inside_organization
     # Override the directory where uploaded files will be stored.
@@ -17,8 +19,26 @@ module Decidim
       default_path
     end
-    def skip_ssrf_protection?(_uri)
-      true
+    # When the uploaded content can't be processed, we want to make sure
+    # not to expose internal tools errors to the users.
+    # We'll show a generic error instead.
+    def manipulate!
+      super
+    rescue CarrierWave::ProcessingError => e
+      Rails.logger.error(e)
+      raise CarrierWave::ProcessingError, I18n.t("carrierwave.errors.general")
+    end
+    # As of Carrierwave 2.0 fog_provider method has been deprecated, and is throwing RuntimeError
+    # RuntimeError: Carrierwave fog_provider not supported: DEPRECATION WARNING: #fog_provider is deprecated...
+    # We are attempting to fetch the provider from credentials, if not we consider to be file
+    def provider
+      fog_credentials.fetch(:provider, "file").downcase
+    end
+    # We overwrite the downloader to be able to fetch some elements from URL.
+    def downloader
+      Decidim::Downloader
     end
     protected

data/app/uploaders/decidim/attachment_uploader.rb CHANGED Viewed

@@ -3,8 +3,6 @@
 module Decidim
   # This class deals with uploading attachments to a participatory space.
   class AttachmentUploader < ApplicationUploader
-    include CarrierWave::MiniMagick
     process :set_content_type_and_size_in_model
     process :validate_dimensions
     process :strip
@@ -17,7 +15,7 @@ module Decidim
       process resize_to_limit: [nil, 1000]
     end
-    def extension_whitelist
+    def extension_allowlist
       case upload_context
       when :admin
         Decidim.organization_settings(model).upload_allowed_file_extensions_admin
@@ -28,7 +26,7 @@ module Decidim
     # CarrierWave automatically calls this method and validates the content
     # type fo the temp file to match against any of these options.
-    def content_type_whitelist
+    def content_type_allowlist
       case upload_context
       when :admin
         Decidim.organization_settings(model).upload_allowed_content_types_admin