decidim-core 0.25.0 → 0.25.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of decidim-core might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 42e511f59400c64469c3f38cc07211386f55536c8e8d1b83403a45cf3257feea
4
- data.tar.gz: 1dc8707d02a1971035ff9ef3b809b4f0bcc7af556c6972959d44a17f137cfc39
3
+ metadata.gz: eca76c4ef82409ae6c776698ddc78d82295da48e750e5d94463d98c43804c01c
4
+ data.tar.gz: 1f8d94bfb15701d211c27fd1299b1ccfb26f3c7416d1431fe2ef4c93cee19da5
5
5
  SHA512:
6
- metadata.gz: e3c25eaf439667b98da4de8e71676f41a0cbf1e53181c0275e97080ea3a8342605931683a7a6c324296ce4a5f98d9d165a920878957104db179d4c1d61eca4e4
7
- data.tar.gz: fdb4bfcbeab070cd3ad4a8f1b0eb212112f31901422d7ea60cbfbad2f457ed7f802b2a9bd98d83c87e38261b1e4b9d4dc604f12cc11a88f594a4b1a93c42eec8
6
+ metadata.gz: 1017e4e7f91af798732af3d223a5610843e306e62226c934916dff92e055f1fe3ad95ac396b76ac882946c413e7c55c81e7856b4b6a6bfd4bfa421215797b10a
7
+ data.tar.gz: b59c04f0d040272d056716a57c97d0611a9cd2eccfe951d09eaab6c88408fa77d3e5100d10e634cfe2a392a3d8c20c3c49bebcb438717bb4615d27aaf999ce74
@@ -1,9 +1,18 @@
1
- <div class="empty-notifications callout secondary <%= "hide" if followings.any? %>">
2
- <p><%= t("decidim.following.no_followings") %></p>
3
- </div>
4
- <div class="row small-up-1 medium-up-2 card-grid">
5
- <% followings.each do |following| %>
6
- <%= card_for following, context: { label: true, show_space: true } %>
1
+ <% if public_followings.any? %>
2
+ <% if non_public_followings? %>
3
+ <div class="empty-notifications callout secondary">
4
+ <p><%= t("decidim.following.non_public_followings") %></p>
5
+ </div>
7
6
  <% end %>
8
- </div>
9
- <%= decidim_paginate followings %>
7
+
8
+ <div class="row small-up-1 medium-up-2 card-grid">
9
+ <% public_followings.each do |followable| %>
10
+ <%= card_for followable, context: { label: true, show_space: true } %>
11
+ <% end %>
12
+ </div>
13
+ <%= decidim_paginate public_followings %>
14
+ <% else %>
15
+ <div class="empty-notifications callout secondary">
16
+ <p><%= t("decidim.following.no_followings") %></p>
17
+ </div>
18
+ <% end %>
@@ -11,8 +11,12 @@ module Decidim
11
11
  render :show
12
12
  end
13
13
 
14
- def followings
15
- @followings ||= Kaminari.paginate_array(model.following).page(params[:page]).per(20)
14
+ def public_followings
15
+ @public_followings ||= Kaminari.paginate_array(model.public_followings).page(params[:page]).per(20)
16
+ end
17
+
18
+ def non_public_followings?
19
+ public_followings.count < model.following_count
16
20
  end
17
21
  end
18
22
  end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "active_support/concern"
4
+
5
+ module Decidim
6
+ module DisableRedirectionToExternalHost
7
+ extend ActiveSupport::Concern
8
+
9
+ included do
10
+ def redirect_back(fallback_location:, allow_other_host: true, **args) # rubocop:disable Lint/UnusedMethodArgument
11
+ super fallback_location: fallback_location, allow_other_host: Decidim.allow_open_redirects, **args
12
+ end
13
+ end
14
+ end
15
+ end
@@ -14,10 +14,21 @@ module Decidim
14
14
  # that match the current organization.
15
15
  def redirect_url
16
16
  return if params[:redirect_url].blank?
17
- return params[:redirect_url] unless params[:redirect_url].start_with?("http")
18
- return if URI.parse(params[:redirect_url]).host != current_organization.host
19
17
 
20
- params[:redirect_url]
18
+ # Parse given URL
19
+ target_uri = URI.parse(params[:redirect_url])
20
+
21
+ # Add the organization host to the URL if not present
22
+ target_uri = URI.join("#{request.scheme}://#{current_organization.host}", target_uri) unless target_uri.host
23
+
24
+ # Don't allow URLs without host or with a different host than the organization one
25
+ return if target_uri.host != current_organization.host
26
+
27
+ # Convert the URI to relative
28
+ target_uri.scheme = target_uri.host = target_uri.port = nil
29
+
30
+ # Return the relative URL
31
+ target_uri.to_s
21
32
  end
22
33
  end
23
34
  end
@@ -19,6 +19,7 @@ module Decidim
19
19
  include SafeRedirect
20
20
  include NeedsSnippets
21
21
  include UserBlockedChecker
22
+ include DisableRedirectionToExternalHost
22
23
 
23
24
  helper Decidim::MetaTagsHelper
24
25
  helper Decidim::DecidimFormHelper
@@ -25,26 +25,31 @@ module Decidim
25
25
 
26
26
  validates :name, format: { with: REGEXP_NAME }
27
27
 
28
- # Public: Returns a collection with all the entities this user is following.
28
+ # Public: Returns a collection with all the public entities this user is following.
29
29
  #
30
30
  # This can't be done as with a `has_many :following, through: :following_follows`
31
31
  # since it's a polymorphic relation and Rails doesn't know how to load it. With
32
32
  # this implementation we only query the database once for each kind of following.
33
33
  #
34
34
  # Returns an Array of Decidim::Followable
35
- def following
36
- @following ||= begin
37
- followings = following_follows.pluck(:decidim_followable_type, :decidim_followable_id)
38
- grouped_followings = followings.each_with_object({}) do |(type, following_id), all|
39
- all[type] ||= []
40
- all[type] << following_id
41
- all
42
- end
43
-
44
- grouped_followings.flat_map do |type, ids|
45
- type.constantize.where(id: ids)
46
- end
35
+ def public_followings
36
+ @public_followings ||= following_follows.select("array_agg(decidim_followable_id)")
37
+ .group(:decidim_followable_type)
38
+ .pluck(:decidim_followable_type, "array_agg(decidim_followable_id)")
39
+ .to_h
40
+ .flat_map do |type, ids|
41
+ only_public(type.constantize, ids)
47
42
  end
48
43
  end
44
+
45
+ private
46
+
47
+ def only_public(klass, ids)
48
+ scope = klass.where(id: ids)
49
+ scope = scope.public_spaces if klass.try(:participatory_space?)
50
+ scope = scope.includes(:component) if klass.try(:has_component?)
51
+ scope = scope.filter(&:visible?) if klass.method_defined?(:visible?)
52
+ scope
53
+ end
49
54
  end
50
55
  end
@@ -64,11 +64,20 @@ export default function attachGeocoding($input, options, callback) {
64
64
  inputIdParts.pop();
65
65
 
66
66
  const idPrefix = `${inputIdParts.join("_")}`;
67
+
68
+ let latitudeName = "latitude";
69
+ let longitudeName = "longitude";
70
+
71
+ if ($input.length > 0) {
72
+ latitudeName = getCoordinateInputName("latitude", $input, attachOptions);
73
+ longitudeName = getCoordinateInputName("longitude", $input, attachOptions);
74
+ }
75
+
67
76
  const config = $.extend({
68
77
  latitudeId: `${idPrefix}_latitude`,
69
78
  longitudeId: `${idPrefix}_longitude`,
70
- latitudeName: getCoordinateInputName("latitude", $input, attachOptions),
71
- longitudeName: getCoordinateInputName("longitude", $input, attachOptions)
79
+ latitudeName: latitudeName,
80
+ longitudeName: longitudeName
72
81
  }, options);
73
82
  let geocoded = false;
74
83
 
@@ -92,7 +92,7 @@ $timeline-padding: 1rem;
92
92
  color: $dark-gray;
93
93
 
94
94
  .timeline__item--current &{
95
- color: rgba($white, .8);
95
+ color: $white;
96
96
  }
97
97
  }
98
98
 
@@ -694,6 +694,7 @@ ca:
694
694
  no_followers: Encara no hi ha seguidores.
695
695
  following:
696
696
  no_followings: No segueix a cap persona ni cap activitat.
697
+ non_public_followings: Alguns dels recursos seguits no són públics.
697
698
  follows:
698
699
  create:
699
700
  button: Seguir
@@ -719,6 +719,7 @@ cs:
719
719
  no_followers: Zatím žádní sledující.
720
720
  following:
721
721
  no_followings: Nesleduje nikoho ani nic.
722
+ non_public_followings: Některé z uvedených zdrojů nejsou veřejné.
722
723
  follows:
723
724
  create:
724
725
  button: Sledovat
@@ -702,6 +702,7 @@ en:
702
702
  no_followers: No followers yet.
703
703
  following:
704
704
  no_followings: Doesn't follow anyone or anything yet.
705
+ non_public_followings: Some of the resources followed are not public.
705
706
  follows:
706
707
  create:
707
708
  button: Follow
@@ -158,8 +158,12 @@ eu:
158
158
  unofficialize: "%{user_name} erabiltzaile ez ofiziala %{resource_name}"
159
159
  user_group:
160
160
  reject: "%{user_name} baztertu %{resource_name} erabiltzaile taldeen egiaztapena"
161
- verify: "%{user_name} egiaztatu %{resource_name} erabiltzaile taldea"
161
+ verify: "%{user_name} egiaztatu du %{resource_name} taldea"
162
162
  verify_via_csv: "%{user_name} egiaztatu du %{resource_name} erabiltzaile talde CSV fitxategi baten bidez"
163
+ user_moderation:
164
+ unreport: "%{user_name} desegin du %{resource_type} - %{unreported_user_name} erreportea"
165
+ admin_terms_of_use:
166
+ default_body: "<h2>TÉRMINOS ADMIN DE USO</h2><p>Sistemaren tokiko administratzailearen ohiko azalpena jaso duzulakoan gaude. Oro har, hiru gauza hauetara mugatzen da:</p><ol><li>Besteen pribatutasuna errespetatzea.</li><li>Klikatu aurretik pentsatu.</li><li>Botere handiak erantzukizun handia dakar.</li></ol>"
163
167
  alert:
164
168
  dismiss: Baztertu jakinarazpena
165
169
  amendments:
@@ -811,9 +815,9 @@ eu:
811
815
  success: Erregistratu eskaera behar bezala sortu da. Administratzaileak zure eskaera berrikusiko du taldera onartu aurretik.
812
816
  leave:
813
817
  error: Arazo bat izan da taldean utzita
814
- success: Taldeak arrakastaz utzi du.
818
+ success: Taldea zuzen utzi duzu.
815
819
  members:
816
- accept_or_reject_join_requests: 'Hurrengo talde honetako erabiltzaileei aplikatu zaie. Eskaerak onartu edo ukatu:'
820
+ accept_or_reject_join_requests: 'Hurrengo parte-hartzaileek taldean sartzea eskatu dute. Onartu edo ukatu bere eskariak:'
817
821
  accept_request: Onartu
818
822
  reject_request: Ukatu
819
823
  new:
@@ -859,13 +863,13 @@ eu:
859
863
  delete_with_space: "%{user_name} ezabatu %{resource_name} en %{space_name}"
860
864
  unknown_action: "%{user_name} Ekintza batzuk egin %{resource_name}"
861
865
  unknown_action_with_space: "%{user_name} Ekintza batzuk egin %{resource_name} en %{space_name}"
862
- update: "%{user_name} eguneratu %{resource_name}"
863
- update_with_space: "%{user_name} eguneratu %{resource_name} en %{space_name}"
866
+ update: "%{user_name} eguneratu zuen %{resource_name}"
867
+ update_with_space: "%{user_name} eguneratu zuen %{resource_name} hemen %{space_name}"
864
868
  value_types:
865
869
  area_presenter:
866
- not_found: 'Ez zen datu-basea aurkitu (ID: %{id})'
870
+ not_found: 'Area ez zen datu-basean aurkitu (ID: %{id})'
867
871
  area_type_presenter:
868
- not_found: 'Eremu mota ez da datu basean aurkitu (ID: %{id})'
872
+ not_found: 'Area mota ez da datu basean aurkitu (ID: %{id})'
869
873
  scope_presenter:
870
874
  not_found: 'Esparrua ez da aurkitu datu-basean (ID: %{id})'
871
875
  scope_type_presenter:
@@ -692,6 +692,7 @@ fr-CA:
692
692
  no_followers: Aucun abonné pour le moment.
693
693
  following:
694
694
  no_followings: Aucun abonnement
695
+ non_public_followings: Certaines des ressources suivies ne sont pas publiques.
695
696
  follows:
696
697
  create:
697
698
  button: Suivre
@@ -692,6 +692,7 @@ fr:
692
692
  no_followers: Aucun abonné pour le moment.
693
693
  following:
694
694
  no_followings: Aucun abonnement
695
+ non_public_followings: Certaines des ressources suivies ne sont pas publiques.
695
696
  follows:
696
697
  create:
697
698
  button: Suivre
@@ -524,6 +524,7 @@ gl:
524
524
  no_followers: Aínda non hai seguidores.
525
525
  following:
526
526
  no_followings: Aínda non segue a ninguén nin a nada.
527
+ non_public_followings: Algúns dos recursos seguidos non son públicos.
527
528
  follows:
528
529
  create:
529
530
  button: Segue
@@ -688,6 +688,7 @@ ja:
688
688
  no_followers: フォロワーはまだいません。
689
689
  following:
690
690
  no_followings: フォローしている人やコンテンツはありません
691
+ non_public_followings: フォローしているリソースのいくつかは公開されていません。
691
692
  follows:
692
693
  create:
693
694
  button: フォロー
@@ -1358,7 +1359,7 @@ ja:
1358
1359
  deleted: 削除された参加者
1359
1360
  versions:
1360
1361
  resource_version:
1361
- of_versions: "( %{number} の)"
1362
+ of_versions: "/ %{number}"
1362
1363
  see_other_versions: 他のバージョンを見る
1363
1364
  version: バージョン %{number}
1364
1365
  versions_list: