RubyGems - decidim-core - Versions diffs - 0.23.6 → 0.24.0.rc1 - Mend

decidim-core 0.23.6 → 0.24.0.rc1

Potentially problematic release.

This version of decidim-core might be problematic. Click here for more details.

Files changed (455) hide show

data/app/mailers/decidim/block_user_mailer.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module Decidim
+  # A custom mailer for Decidim so we can notify users
+  # when their account was blocked
+  class BlockUserMailer < ApplicationMailer
+    def notify(user, justification)
+      @user = user
+      @organization = user.organization
+      @justification = justification
+      mail(
+        to: user.email,
+        subject: I18n.t(
+          "decidim.block_user_mailer.notify.subject",
+          organization_name: @organization.name,
+          justification: @justification
+        )
+      )
+    end
+  end
+end

data/app/mailers/decidim/reported_mailer.rb CHANGED Viewed

@@ -6,16 +6,17 @@ module Decidim
     helper Decidim::ResourceHelper
     helper Decidim::TranslationsHelper
-    helper_method :reported_content_url, :manage_moderations_url, :author_profile_url
+    helper_method :reported_content_url, :report_url, :manage_moderations_url, :author_profile_url, :reported_content_cell
     def report(user, report)
       with_user(user) do
         @report = report
+        @reportable = @report.moderation.reportable
         @participatory_space = @report.moderation.participatory_space
         @organization = user.organization
         @user = user
-        @author = @report.moderation.reportable.try(:creator_identity) || @report.moderation.reportable.try(:author)
-        @content = { title: @report.moderation.reportable.try(:title), body: @report.moderation.reportable.try(:body) }.compact
+        @author = @reportable.try(:creator_identity) || @reportable.try(:author)
+        @original_language = original_language(@reportable)
         subject = I18n.t("report.subject", scope: "decidim.reported_mailer")
         mail(to: user.email, subject: subject)
       end
@@ -32,12 +33,21 @@ module Decidim
       end
     end
+    # See comment for reported_content_cell
+    def current_organization
+      @organization
+    end
     private
     def reported_content_url
       @reported_content_url ||= @report.moderation.reportable.reported_content_url
     end
+    def report_url
+      @report_url ||= EngineRouter.admin_proxy(@participatory_space).moderation_report_url(host: @organization.host, moderation_id: @report.moderation.id, id: @report.id)
+    end
     def manage_moderations_url
       @manage_moderations_url ||= EngineRouter.admin_proxy(@participatory_space).moderations_url(host: @organization.host)
     end
@@ -45,5 +55,25 @@ module Decidim
     def author_profile_url
       @author_profile_url ||= @author.is_a?(Decidim::UserBaseEntity) ? decidim.profile_url(@author.nickname, host: @organization.host) : nil
     end
+    def original_language(reportable)
+      return reportable.content_original_language if reportable.respond_to?(:content_original_language)
+      @organization.default_locale
+    end
+    # This is needed to be able to use a cell in an ActionMailer, which is not supported out of the box by cells-rails.
+    # We're are passing the current object as if it was a controller.
+    # We also need to define a 'current_organization' method, which is expected by Decidim::ViewModel.
+    # A similar approach is used in Decidim::NewsletterMailer
+    def reported_content_cell
+      @reported_content_cell ||= ::Decidim::ViewModel.cell(
+        "decidim/reported_content",
+        @reportable,
+        context: {
+          controller: self
+        }
+      )
+    end
   end
 end

data/app/mailers/decidim/user_report_mailer.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module Decidim
+  # A custom mailer to notify Decidim users
+  # that they have been reported
+  class UserReportMailer < ApplicationMailer
+    def notify(admin, token, reason, user)
+      @user = user
+      @organization = user.organization
+      @token = token
+      @reason = reason
+      @admin = admin
+      mail(to: admin.email, subject: I18n.t(
+        "decidim.user_report_mailer.notify.subject",
+        organization_name: @organization.name,
+        reason: @reason,
+        token: @token
+      ))
+    end
+  end
+end

data/app/models/decidim/area.rb CHANGED Viewed

@@ -16,7 +16,6 @@ module Decidim
                inverse_of: :areas
     belongs_to :area_type,
-               foreign_key: "area_type_id",
                class_name: "Decidim::AreaType",
                inverse_of: :areas,
                optional: true

data/app/models/decidim/area_type.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Decidim
                class_name: "Decidim::Organization",
                inverse_of: :area_types
-    has_many :areas, foreign_key: "area_type_id", class_name: "Decidim::Area", inverse_of: :area_type, dependent: :nullify
+    has_many :areas, class_name: "Decidim::Area", inverse_of: :area_type, dependent: :nullify
     validates :name, presence: true

data/app/models/decidim/attachment.rb CHANGED Viewed

@@ -11,10 +11,11 @@ module Decidim
     belongs_to :attachment_collection, class_name: "Decidim::AttachmentCollection", optional: true
     belongs_to :attached_to, polymorphic: true
-    validates :file, :content_type, presence: true
-    validates_upload :file
     mount_uploader :file, Decidim::AttachmentUploader
+    validates_upload :file
+    validates :file, :content_type, presence: true
     default_scope { order(arel_table[:weight].asc, arel_table[:id].asc) }
     # Returns the organization related to this attachment in case the

data/app/models/decidim/attachment_collection.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Decidim
     translatable_fields :name, :description
     belongs_to :collection_for, polymorphic: true
-    has_many :attachments, foreign_key: "attachment_collection_id", class_name: "Decidim::Attachment", dependent: :nullify
+    has_many :attachments, class_name: "Decidim::Attachment", dependent: :nullify
     default_scope { order(arel_table[:weight].asc) }

data/app/models/decidim/authorization.rb CHANGED Viewed

@@ -13,6 +13,10 @@ module Decidim
   class Authorization < ApplicationRecord
     include Decidim::Traceable
     include Decidim::HasUploadValidations
+    include Decidim::RecordEncryptor
+    encrypt_attribute :metadata, type: :hash
+    encrypt_attribute :verification_metadata, type: :hash
     validates_upload :verification_attachment
     mount_uploader :verification_attachment, Decidim::Verifications::AttachmentUploader

data/app/models/decidim/category.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Decidim
     belongs_to :participatory_space, foreign_key: "decidim_participatory_space_id", foreign_type: "decidim_participatory_space_type", polymorphic: true
     has_many :subcategories, foreign_key: "parent_id", class_name: "Decidim::Category", dependent: :destroy, inverse_of: :parent
-    belongs_to :parent, class_name: "Decidim::Category", foreign_key: "parent_id", inverse_of: :subcategories, optional: true
+    belongs_to :parent, class_name: "Decidim::Category", inverse_of: :subcategories, optional: true
     has_many :categorizations, foreign_key: "decidim_category_id", class_name: "Decidim::Categorization", dependent: :destroy
     default_scope { order(arel_table[:parent_id].asc, arel_table[:weight].asc) }
@@ -38,6 +38,11 @@ module Decidim
       categorizations.empty?
     end
+    # Allow ransacker to search for a key in a hstore column (`name`.`en`)
+    ransacker :name do |parent|
+      Arel::Nodes::InfixOperation.new("->>", parent.table[:name], Arel::Nodes.build_quoted(I18n.locale.to_s))
+    end
     private
     # This is done since we only allow one level of subcategories.

data/app/models/decidim/impersonation_log.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Decidim
     belongs_to :admin, foreign_key: "decidim_admin_id", class_name: "Decidim::User"
     belongs_to :user, foreign_key: "decidim_user_id", class_name: "Decidim::User"
-    validate :same_organization, :non_active_impersonation
+    validate :same_organization
     scope :active, -> { where(ended_at: nil, expired_at: nil) }
     scope :expired, -> { where(ended_at: nil).where.not(expired_at: nil) }
@@ -21,6 +21,10 @@ module Decidim
       expired_at.present?
     end
+    def self.log_presenter_class_for(_log)
+      Decidim::AdminLog::ImpersonationLogPresenter
+    end
     private
     def same_organization
@@ -28,11 +32,5 @@ module Decidim
       errors.add(:admin, :invalid)
     end
-    def non_active_impersonation
-      return if ended? || expired?
-      errors.add(:admin, :invalid) if Decidim::ImpersonationLog.where(admin: admin).active.any?
-    end
   end
 end

data/app/models/decidim/metric.rb CHANGED Viewed

@@ -6,8 +6,8 @@ module Decidim
     # ParticipatorySpace, RelatedObject and Category are optional relationships because not all metric objects need them
     # For example, User is only related to an organization, but a Proposal can have all of them
     belongs_to :organization, foreign_key: "decidim_organization_id", class_name: "Decidim::Organization"
-    belongs_to :participatory_space, foreign_key: "participatory_space_id", foreign_type: "participatory_space_type", polymorphic: true, optional: true
-    belongs_to :related_object, foreign_key: "related_object_id", foreign_type: "related_object_type", polymorphic: true, optional: true
+    belongs_to :participatory_space, foreign_type: "participatory_space_type", polymorphic: true, optional: true
+    belongs_to :related_object, foreign_type: "related_object_type", polymorphic: true, optional: true
     belongs_to :category, foreign_key: "decidim_category_id", class_name: "Decidim::Category", optional: true
     validates :day, uniqueness: { scope:

data/app/models/decidim/moderation.rb CHANGED Viewed

@@ -15,5 +15,17 @@ module Decidim
     def self.log_presenter_class_for(_log)
       Decidim::AdminLog::ModerationPresenter
     end
+    ransacker :reported_id_string do
+      Arel.sql(%{cast("decidim_moderations"."decidim_reportable_id" as text)})
+    end
+    ransacker :reported_content do
+      Arel.sql(%{cast("decidim_moderations"."reported_content" as text)})
+    end
+    ransacker :reportable_type_string do
+      Arel.sql(%{cast("decidim_moderations"."decidim_reportable_type" as text)})
+    end
   end
 end

data/app/models/decidim/organization.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Decidim
                         :admin_terms_of_use_body
     has_many :static_pages, foreign_key: "decidim_organization_id", class_name: "Decidim::StaticPage", inverse_of: :organization, dependent: :destroy
-    has_many :static_page_topics, foreign_key: "organization_id", class_name: "Decidim::StaticPageTopic", inverse_of: :organization, dependent: :destroy
+    has_many :static_page_topics, class_name: "Decidim::StaticPageTopic", inverse_of: :organization, dependent: :destroy
     has_many :scopes, -> { order(name: :asc) }, foreign_key: "decidim_organization_id", class_name: "Decidim::Scope", inverse_of: :organization
     has_many :scope_types, -> { order(name: :asc) }, foreign_key: "decidim_organization_id", class_name: "Decidim::ScopeType", inverse_of: :organization
     has_many :areas, -> { order(name: :asc) }, foreign_key: "decidim_organization_id", class_name: "Decidim::Area", inverse_of: :organization
@@ -153,6 +153,10 @@ module Decidim
       Decidim::Debates::OfficialAuthorPresenter.new
     end
+    def static_pages_accessible_for(user)
+      static_pages.accessible_for(self, user)
+    end
     private
     def tenant_disabled_providers_keys

data/app/models/decidim/scope.rb CHANGED Viewed

@@ -17,13 +17,11 @@ module Decidim
                inverse_of: :scopes
     belongs_to :scope_type,
-               foreign_key: "scope_type_id",
                class_name: "Decidim::ScopeType",
                inverse_of: :scopes,
                optional: true
     belongs_to :parent,
-               foreign_key: "parent_id",
                class_name: "Decidim::Scope",
                inverse_of: :children,
                optional: true
@@ -74,6 +72,11 @@ module Decidim
       organization.scopes.where(id: scope_ids).sort { |s1, s2| part_of.index(s2.id) <=> part_of.index(s1.id) }
     end
+    # Allow ransacker to search for a key in a hstore column (`name`.`en`)
+    ransacker :name do |parent|
+      Arel::Nodes::InfixOperation.new("->>", parent.table[:name], Arel::Nodes.build_quoted(I18n.locale.to_s))
+    end
     private
     def forbid_cycles

data/app/models/decidim/scope_type.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Decidim
                class_name: "Decidim::Organization",
                inverse_of: :scope_types
-    has_many :scopes, foreign_key: "scope_type_id", class_name: "Decidim::Scope", inverse_of: :scope_type, dependent: :nullify
+    has_many :scopes, class_name: "Decidim::Scope", inverse_of: :scope_type, dependent: :nullify
     validates :name, presence: true
   end

data/app/models/decidim/share_token.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Decidim
     belongs_to :organization, foreign_key: "decidim_organization_id", class_name: "Decidim::Organization"
     belongs_to :user, foreign_key: "decidim_user_id", class_name: "Decidim::User"
-    belongs_to :token_for, foreign_key: "token_for_id", foreign_type: "token_for_type", polymorphic: true
+    belongs_to :token_for, foreign_type: "token_for_type", polymorphic: true
     after_initialize :generate, :set_default_expiration

data/app/models/decidim/static_page.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Decidim
     translatable_fields :title, :content
     belongs_to :organization, foreign_key: "decidim_organization_id", class_name: "Decidim::Organization", inverse_of: :static_pages
-    belongs_to :topic, foreign_key: "topic_id", class_name: "Decidim::StaticPageTopic", optional: true
+    belongs_to :topic, class_name: "Decidim::StaticPageTopic", optional: true
     validates :slug, presence: true, uniqueness: { scope: :organization }
     validates :slug, format: { with: /\A[a-z0-9-]+/ }
@@ -30,6 +30,16 @@ module Decidim
     default_scope { order(arel_table[:weight].asc) }
+    scope :accessible_for, lambda { |organization, user|
+      collection = where(organization: organization)
+      if user.blank? && organization.force_users_to_authenticate_before_access_organization
+        collection.where(allow_public_access: true)
+      else
+        collection
+      end
+    }
     # Whether this is slug of a default page or not.
     #
     # slug - The String with the value of the slug.

data/app/models/decidim/static_page_topic.rb CHANGED Viewed

@@ -11,5 +11,9 @@ module Decidim
     belongs_to :organization, class_name: "Decidim::Organization"
     has_many :pages, class_name: "Decidim::StaticPage", foreign_key: "topic_id", dependent: :nullify
+    def accessible_pages_for(user)
+      pages.accessible_for(organization, user)
+    end
   end
 end

data/app/models/decidim/user.rb CHANGED Viewed

@@ -10,8 +10,8 @@ module Decidim
     include Decidim::DataPortability
     include Decidim::Searchable
     include Decidim::ActsAsAuthor
-    REGEXP_NICKNAME = /\A[\w\-]+\z/.freeze
+    include Decidim::UserReportable
+    include Decidim::Traceable
     class Roles
       def self.all
@@ -32,12 +32,10 @@ module Decidim
     has_many :access_grants, class_name: "Doorkeeper::AccessGrant", foreign_key: :resource_owner_id, dependent: :destroy
     has_many :access_tokens, class_name: "Doorkeeper::AccessToken", foreign_key: :resource_owner_id, dependent: :destroy
+    has_one :blocking, class_name: "Decidim::UserBlock", foreign_key: :id, primary_key: :block_id, dependent: :destroy
     validates :name, presence: true, unless: -> { deleted? }
-    validates :nickname,
-              presence: true,
-              format: { with: REGEXP_NICKNAME },
-              length: { maximum: Decidim::User.nickname_max_length },
-              unless: -> { deleted? || managed? }
+    validates :nickname, presence: true, unless: -> { deleted? || managed? }, length: { maximum: Decidim::User.nickname_max_length }
     validates :locale, inclusion: { in: :available_locales }, allow_blank: true
     validates :tos_agreement, acceptance: true, allow_nil: false, on: :create
     validates :tos_agreement, acceptance: true, if: :user_invited?
@@ -58,6 +56,9 @@ module Decidim
     scope :confirmed, -> { where.not(confirmed_at: nil) }
     scope :not_confirmed, -> { where(confirmed_at: nil) }
+    scope :blocked, -> { where(blocked: true) }
+    scope :not_blocked, -> { where(blocked: false) }
     scope :interested_in_scopes, lambda { |scope_ids|
       actual_ids = scope_ids.select(&:presence)
       if actual_ids.count.positive?
@@ -207,7 +208,7 @@ module Decidim
     end
     def being_impersonated?
-      ImpersonationLog.active.where(user: self).exists?
+      ImpersonationLog.active.exists?(user: self)
     end
     def interested_scopes_ids
@@ -218,6 +219,10 @@ module Decidim
       @interested_scopes ||= organization.scopes.where(id: interested_scopes_ids)
     end
+    def user_name
+      extended_data["user_name"] || name
+    end
     # Caches a Decidim::DataPortabilityUploader with the retrieved file.
     def data_portability_file(filename)
       @data_portability_file ||= DataPortabilityUploader.new(self).tap do |uploader|

data/app/models/decidim/user_base_entity.rb CHANGED Viewed

@@ -18,12 +18,12 @@ module Decidim
     has_many :following_follows, foreign_key: "decidim_user_id", class_name: "Decidim::Follow", dependent: :destroy
     # Regex for name & nickname format validations
-    REGEXP_NAME = /\A(?!.*[<>?%&\^*#@\(\)\[\]\=\+\:\;\"\{\}\\\|])/.freeze
+    REGEXP_NAME = /\A(?!.*[<>?%&\^*#@()\[\]=+:;"{}\\|])/.freeze
     validates_avatar
     mount_uploader :avatar, Decidim::AvatarUploader
-    validates :name, format: { with: REGEXP_NAME }
+    validates :name, :nickname, format: { with: REGEXP_NAME }
     # Public: Returns a collection with all the entities this user is following.
     #
@@ -34,17 +34,17 @@ module Decidim
     # Returns an Array of Decidim::Followable
     def following
       @following ||= begin
-                       followings = following_follows.pluck(:decidim_followable_type, :decidim_followable_id)
-                       grouped_followings = followings.each_with_object({}) do |(type, following_id), all|
-                         all[type] ||= []
-                         all[type] << following_id
-                         all
-                       end
-                       grouped_followings.flat_map do |type, ids|
-                         type.constantize.where(id: ids)
-                       end
-                     end
+        followings = following_follows.pluck(:decidim_followable_type, :decidim_followable_id)
+        grouped_followings = followings.each_with_object({}) do |(type, following_id), all|
+          all[type] ||= []
+          all[type] << following_id
+          all
+        end
+        grouped_followings.flat_map do |type, ids|
+          type.constantize.where(id: ids)
+        end
+      end
     end
   end
 end

data/app/models/decidim/user_block.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module Decidim
+  class UserBlock < ApplicationRecord
+    MINIMUM_JUSTIFICATION_LENGTH = 15
+    belongs_to :user, class_name: "Decidim::User", foreign_key: :decidim_user_id
+    belongs_to :blocking_user, class_name: "Decidim::User"
+  end
+end

data/app/models/decidim/user_group.rb CHANGED Viewed

@@ -9,6 +9,7 @@ module Decidim
     include Decidim::Traceable
     include Decidim::DataPortability
     include Decidim::ActsAsAuthor
+    include Decidim::UserReportable
     has_many :memberships, class_name: "Decidim::UserGroupMembership", foreign_key: :decidim_user_group_id, dependent: :destroy
     has_many :users, through: :memberships, class_name: "Decidim::User", foreign_key: :decidim_user_id
@@ -36,10 +37,6 @@ module Decidim
         .where("extended_data->>'document_number' = ?", number)
     end
-    def non_deleted_memberships
-      memberships.where(decidim_users: { deleted_at: nil })
-    end
     # Returns the presenter for this author, to be used in the views.
     # Required by ActsAsAuthor.
     def presenter

data/app/models/decidim/user_moderation.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Decidim
+  class UserModeration < ApplicationRecord
+    include Traceable
+    include Loggable
+    belongs_to :user, foreign_key: :decidim_user_id, class_name: "Decidim::UserBaseEntity"
+    has_many :reports, class_name: "Decidim::UserReport", dependent: :destroy
+    scope :blocked, -> { joins(:user).where(decidim_users: { blocked: true }) }
+    scope :unblocked, -> { joins(:user).where(decidim_users: { blocked: false }) }
+    delegate :organization, to: :user
+    scope :blocked, -> { joins(:user).where(decidim_users: { blocked: true }) }
+    scope :unblocked, -> { joins(:user).where(decidim_users: { blocked: false }) }
+    def self.log_presenter_class_for(_log)
+      Decidim::AdminLog::UserModerationPresenter
+    end
+  end
+end

data/app/models/decidim/user_report.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module Decidim
+  class UserReport < ApplicationRecord
+    include Decidim::DataPortability
+    REASONS = %w(spam offensive does_not_belong).freeze
+    belongs_to :moderation, foreign_key: :user_moderation_id, class_name: "Decidim::UserModeration"
+    belongs_to :user, class_name: "Decidim::User"
+    validates :reason, presence: true
+    validates :reason, inclusion: { in: REASONS }
+    validates :user, uniqueness: { scope: :user_moderation_id }
+    validate :user_and_moderation_same_organization
+    def self.export_serializer
+      raise NotImplementedError
+      # Decidim::DataPortabilitySerializers::DataPortabilityReportSerializer
+    end
+    private
+    # Private: check if the moderation and the user have the same organization
+    def user_and_moderation_same_organization
+      return if !moderation || !user
+      errors.add(:moderation, :invalid) unless user.organization == moderation.organization
+    end
+  end
+end

data/app/permissions/decidim/permissions.rb CHANGED Viewed

@@ -127,9 +127,7 @@ module Decidim
       conversation = context.fetch(:conversation)
       interlocutor = context.fetch(:interlocutor, user)
-      if [:create, :update].include?(permission_action.action)
-        return disallow! unless conversation&.accept_user? interlocutor
-      end
+      return disallow! if [:create, :update].include?(permission_action.action) && !conversation&.accept_user?(interlocutor)
       toggle_allow(conversation&.participating?(interlocutor))
     end

data/app/permissions/decidim/report_user_permissions.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module Decidim
+  class ReportUserPermissions < DefaultPermissions
+    def permissions
+      return permission_action unless user
+      allow! if permission_action.subject == :user_report && permission_action.action == :create
+      permission_action
+    end
+  end
+end

data/app/presenters/decidim/admin_log/impersonation_log_presenter.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+module Decidim
+  module AdminLog
+    # This class holds the logic to present a `Decidim::ImpersonationLog`
+    # for the `AdminLog` log.
+    #
+    # Usage should be automatic and you shouldn't need to call this class
+    # directly, but here's an example:
+    #
+    #    action_log = Decidim::ActionLog.last
+    #    view_helpers # => this comes from the views
+    #    ImpersonationLogPresenter.new(action_log, view_helpers).present
+    class ImpersonationLogPresenter < Decidim::Log::BasePresenter
+      alias h view_helpers
+      private
+      def action_string
+        case action
+        when "manage"
+          "decidim.admin_log.impersonation_log.#{action}"
+        else
+          super
+        end
+      end
+      def i18n_params
+        super.merge(
+          reason: action_log.extra["reason"]
+        )
+      end
+      def resource_presenter
+        @resource_presenter ||= Decidim::Log::UserPresenter.new(action_log.resource.user, h, action_log.extra["resource"])
+      end
+    end
+  end
+end

data/app/presenters/decidim/admin_log/organization_presenter.rb CHANGED Viewed

@@ -67,8 +67,7 @@ module Decidim
           favicon: :string,
           official_img_header: :string,
           official_img_footer: :string,
-          official_url: :string,
-          show_statistics: :boolean
+          official_url: :string
         }
       end