decidim-core 0.25.1 → 0.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eca76c4ef82409ae6c776698ddc78d82295da48e750e5d94463d98c43804c01c
-  data.tar.gz: 1f8d94bfb15701d211c27fd1299b1ccfb26f3c7416d1431fe2ef4c93cee19da5
+  metadata.gz: f92f8225a3998e9e26e1c147c90eafb9ebb90a7c153e300b3ea2b9695e63e2ba
+  data.tar.gz: 8c3eb2093ab824160548f3089e3b5ba68536a7231892f2c2484aa384c49307b5
 SHA512:
-  metadata.gz: 1017e4e7f91af798732af3d223a5610843e306e62226c934916dff92e055f1fe3ad95ac396b76ac882946c413e7c55c81e7856b4b6a6bfd4bfa421215797b10a
-  data.tar.gz: b59c04f0d040272d056716a57c97d0611a9cd2eccfe951d09eaab6c88408fa77d3e5100d10e634cfe2a392a3d8c20c3c49bebcb438717bb4615d27aaf999ce74
+  metadata.gz: 1abf1ab6e14a84745b3bb8fd176f002b7fd65ecbd497b1e4544202b517d265a2eded3d628e0ab27ed53f2385849da158f31571af32181e68cb7df02ee60844a4
+  data.tar.gz: 9f0209ace6ff368bd4dfb87d3b28c704d4ba1726abf8bfe29efab5a0aa52babb06eb214a6bee663d1b6d6728f9c4fff222ff83008b0f44cb868b5d575437be32

data/app/cells/decidim/activity_cell.rb

@@ -92,10 +92,14 @@ module Decidim
 
     def cache_hash
       hash = []
+      hash << I18n.locale.to_s
       hash << model.class.name.underscore
       hash << model.cache_key_with_version
+      if (author_cell = author)
+        hash.push(Digest::MD5.hexdigest(author_cell.send(:cache_hash)))
+      end
 
-      hash.join("/")
+      hash.join(Decidim.cache_key_separator)
     end
 
     private

data/app/cells/decidim/author/flag_user.erb

@@ -1,5 +1,5 @@
 <% if user_flaggable? && model.try(:id) != current_user.try(:id) %>
-  <button type="button" class="link-alt" data-open="<%= current_user.present? ? "flagUserModal" : "loginModal" %>" title="<%= t("report", scope: "decidim.proposals.proposals.show") %>" aria-controls="<%= current_user.present? ? "flagUserModal" : "loginModal" %>" aria-haspopup="true" tabindex="0">
+  <button type="button" class="link-alt" data-open="<%= current_user.present? ? "flagUserModal" : "loginModal" %>" title="<%= t("report", scope: "decidim.proposals.proposals.show") %>" aria-controls="<%= current_user.present? ? "flagUserModal" : "loginModal" %>" aria-haspopup="dialog" tabindex="0">
     <%= icon "flag", aria_hidden: true, class: "icon--small", role: "img", "aria-hidden": true %>
     <span class="show-for-sr">
         <%= t("report", scope: "decidim.proposals.proposals.show") %>

data/app/cells/decidim/author/profile_inline.erb

@@ -1,5 +1,5 @@
 <span class="author__avatar">
-  <%= image_tag model.avatar_url, alt: t("decidim.author.avatar", name: decidim_sanitize(author_name)) %>
+  <%= image_tag model.avatar_url(:thumb), alt: t("decidim.author.avatar", name: decidim_sanitize(author_name)) %>
 </span>
 
 <% if model.deleted? %>

data/app/cells/decidim/author/withdraw.erb

@@ -1,6 +1,6 @@
 <% if withdrawable? %>
-  <%= action_authorized_link_to :withdraw, withdraw_path, method: :put, class: "title-action__action button small hollow", title: t("withdraw_btn_hint", scope: "decidim.proposals.proposals.show"), data: { confirm: t("withdraw_confirmation_html", scope: "decidim.proposals.proposals.show") } do %>
-    <%= t("withdraw_proposal", scope: "decidim.proposals.proposals.show") %>
+  <%= action_authorized_link_to :withdraw, withdraw_path, method: :put, class: "title-action__action button small hollow", title: t("withdraw_btn_hint", scope: resource_i18n_scope ), data: { confirm: t("withdraw_confirmation_html", scope: resource_i18n_scope ) } do %>
+    <%= t("withdraw_#{resource_name}", scope: resource_i18n_scope) %>
     <%= icon "x", role: "img", "aria-hidden": true %>
   <% end %>
 <% end %>

data/app/cells/decidim/author_cell.rb

@@ -55,8 +55,29 @@ module Decidim
       render
     end
 
+    def perform_caching?
+      true
+    end
+
     private
 
+    def cache_hash
+      hash = []
+
+      hash.push(I18n.locale)
+      hash.push(model.cache_key_with_version) if model.respond_to?(:cache_key_with_version)
+      hash.push(from_context.cache_key_with_version) if from_context.respond_to?(:cache_key_with_version)
+      hash.push(current_user.try(:id))
+      hash.push(current_user.present?)
+      hash.push(commentable?)
+      hash.push(endorsable?)
+      hash.push(actionable?)
+      hash.push(withdrawable?)
+      hash.push(flaggable?)
+      hash.push(profile_path?)
+      hash.join(Decidim.cache_key_separator)
+    end
+
     def from_context_path
       resource_locator(from_context).path
     end
@@ -111,5 +132,17 @@ module Decidim
     def raw_model
       model.try(:__getobj__) || model
     end
+
+    def resource_i18n_scope
+      @resource_i18n_scope ||= [
+        from_context.class.name.deconstantize.underscore.gsub("/", "."),
+        resource_name.pluralize,
+        :show
+      ].join(".")
+    end
+
+    def resource_name
+      @resource_name ||= from_context.class.name.demodulize.underscore
+    end
   end
 end

data/app/cells/decidim/card_m_cell.rb

@@ -64,7 +64,7 @@ module Decidim
       attribute = model.try(:short_description) || model.try(:body) || model.description
       text = translated_attribute(attribute)
 
-      decidim_sanitize(html_truncate(text, length: 100))
+      decidim_sanitize_editor(html_truncate(text, length: 100))
     end
 
     def has_authors?

data/app/cells/decidim/content_blocks/cta_cell.rb

@@ -16,7 +16,7 @@ module Decidim
       end
 
       def translated_description
-        @translated_description ||= decidim_sanitize(translated_attribute(model.settings.description))
+        @translated_description ||= decidim_sanitize_editor(translated_attribute(model.settings.description))
       end
 
       def button_url

data/app/cells/decidim/content_blocks/hero_cell.rb

@@ -30,7 +30,7 @@ module Decidim
         hash << current_organization.cache_key_with_version
         hash << I18n.locale.to_s
 
-        hash.join("/")
+        hash.join(Decidim.cache_key_separator)
       end
     end
   end

data/app/cells/decidim/content_blocks/highlighted_content_banner/show.erb

@@ -7,7 +7,7 @@
           <%= translated_attribute current_organization.highlighted_content_banner_title %>
         </h1>
         <span class="text-highlight">
-          <%= decidim_sanitize translated_attribute current_organization.highlighted_content_banner_short_description %>
+          <%= decidim_sanitize_editor translated_attribute current_organization.highlighted_content_banner_short_description %>
         </span>
       </div>
       <div class="columns large-2">

data/app/cells/decidim/content_blocks/how_to_participate/show.erb

@@ -41,7 +41,7 @@
     <div class="row">
       <div class="columns small-centered small-10
                 smallmedium-8 medium-6 large-4">
-        <%= link_to t("decidim.pages.home.extended.more_info", resource_name: translated_attribute(current_organization.name, current_organization)), decidim.page_path("faq"), class: "button expanded hollow button--sc" %>
+        <%= link_to t("decidim.pages.home.extended.more_info", resource_name: translated_attribute(current_organization.name, current_organization)), decidim.pages_path, class: "button expanded hollow button--sc" %>
       </div>
     </div>
   </div>

data/app/cells/decidim/content_blocks/last_activity_cell.rb

@@ -52,7 +52,7 @@ module Decidim
         hash << Digest::MD5.hexdigest(valid_activities.map(&:cache_key_with_version).to_s)
         hash << I18n.locale.to_s
 
-        hash.join("/")
+        hash.join(Decidim.cache_key_separator)
       end
 
       def activities

data/app/cells/decidim/content_blocks/stats_cell.rb

@@ -3,9 +3,21 @@
 module Decidim
   module ContentBlocks
     class StatsCell < Decidim::ViewModel
+      cache :show, expires_in: 10.minutes, if: :perform_caching? do
+        cache_hash
+      end
+
       def stats
         @stats ||= HomeStatsPresenter.new(organization: current_organization)
       end
+
+      private
+
+      def cache_hash
+        hash = []
+        hash.push(I18n.locale)
+        hash.join(Decidim.cache_key_separator)
+      end
     end
   end
 end

data/app/cells/decidim/endorsers_list_cell.rb

@@ -23,7 +23,9 @@ module Decidim
     #
     # Returns an Array of presented Users/UserGroups
     def endorsers
-      @endorsers ||= model.endorsements.for_listing.map { |identity| present(identity.normalized_author) }
+      @endorsers ||= model.endorsements.for_listing
+                          .includes(:author, :user_group)
+                          .map { |identity| present(identity.normalized_author) }
     end
   end
 end

data/app/cells/decidim/flag_modal/flag_user.erb

@@ -1,6 +1,6 @@
-<div class="reveal flag-modal" id="flagUserModal" data-reveal>
+<div class="reveal flag-modal" id="flagUserModal" data-reveal role="dialog" aria-modal="true" aria-labelledby="flagUserModal-label">
   <div class="reveal__header">
-    <h3 class="reveal__title"><%= t("decidim.shared.flag_user_modal.title") %></h3>
+    <h3 id="flagUserModal-label" class="reveal__title"><%= t("decidim.shared.flag_user_modal.title") %></h3>
     <button class="close-button" data-close aria-label="<%= t("decidim.shared.flag_user_modal.close") %>" type="button">
       <span aria-hidden="true">&times;</span>
     </button>

data/app/cells/decidim/flag_modal/show.erb

@@ -1,6 +1,6 @@
-<div class="reveal flag-modal" id="<%= modal_id %>" data-reveal>
+<div class="reveal flag-modal" id="<%= modal_id %>" data-reveal role="dialog" aria-modal="true" aria-labelledby="<%= modal_id %>-label">
   <div class="reveal__header">
-    <h3 class="reveal__title"><%= t("decidim.shared.flag_modal.title") %></h3>
+    <h3 id="<%= modal_id %>-label" class="reveal__title"><%= t("decidim.shared.flag_modal.title") %></h3>
     <button class="close-button" data-close aria-label="<%= t("decidim.shared.flag_modal.close") %>" type="button">
       <span aria-hidden="true">&times;</span>
     </button>

data/app/cells/decidim/flag_modal_cell.rb

@@ -8,6 +8,16 @@ module Decidim
       render
     end
 
+    def cache_hash
+      hash = []
+      hash.push(I18n.locale)
+      hash.push(current_user.try(:id))
+      hash.push(model.reported_by?(current_user) ? 1 : 0)
+      hash.push(model.class.name.gsub("::", ":"))
+      hash.push(model.id)
+      hash.join(Decidim.cache_key_separator)
+    end
+
     private
 
     def user_report_form

data/app/cells/decidim/notification/show.erb

@@ -0,0 +1,31 @@
+<div class="card card--widget">
+  <ul class="card-data">
+    <li class="card-data__item">
+      <div class="card__link text-center">
+        <%= resource_icon notification.resource, class: "icon--large" %>
+        <span class="text-medium mt-xs" title="<%= l(notification.created_at) %>" data-tooltip="true" data-disable-hover="false">
+          <%= notification.created_at_in_words %>
+        </span>
+      </div>
+    </li>
+    <li class="card-data__item card-data__item--expand absolutes">
+      <div class="mr-s">
+        <span class="text-small"><%= notification.event_class.constantize.model_name.human %></span>
+        <br>
+        <span>
+          <%= notification.event_class_instance.notification_title %>
+        </span>
+        <% if notification.display_resource_text? %>
+          <p>
+            <em><%= notification.resource_text %></em>
+          </p>
+        <% end %>
+      </div>
+      <div class="right center mr-s">
+        <%= link_to model, remote: true, method: :delete, class: "mark-as-read-button" do %>
+          <%= icon "circle-x", class: "card__link", aria_label: t("mark_as_read", scope: "layouts.decidim.notifications_dashboard"), role: "img" %>
+        <% end %>
+      </div>
+    </li>
+  </ul>
+</div>

data/app/cells/decidim/notification_cell.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Decidim
+  # This cell renders a notification from a notifications collection
+
+  class NotificationCell < Decidim::ViewModel
+    include Decidim::IconHelper
+    include Decidim::Core::Engine.routes.url_helpers
+
+    def show
+      render :show
+    end
+
+    private
+
+    def notification
+      @notification ||= Decidim::NotificationPresenter.new(model)
+    end
+  end
+end

data/app/cells/decidim/notifications/show.erb

@@ -17,30 +17,7 @@
   </div>
 
   <% notifications.select(&:resource).each do |notification| %>
-    <div class="card card--widget">
-      <ul class="card-data">
-        <li class="card-data__item">
-          <div class="card__link text-center">
-            <%= resource_icon notification.resource, class: "icon--large" %>
-            <span class="text-medium mt-xs"><%= l notification.created_at, format: :day_of_week_long %></span>
-          </div>
-        </li>
-        <li class="card-data__item card-data__item--expand absolutes">
-          <div class="mr-s">
-            <span class="text-small"><%= notification.event_class.constantize.model_name.human %></span>
-            <br>
-            <span>
-              <%= notification.event_class_instance.notification_title %>
-            </span>
-          </div>
-          <div class="right center mr-s">
-            <%= link_to notification, remote: true, method: :delete, class: "mark-as-read-button" do %>
-              <%= icon "circle-x", class: "card__link", aria_label: t("mark_as_read", scope: "layouts.decidim.notifications_dashboard"), role: "img" %>
-            <% end %>
-          </div>
-        </li>
-      </ul>
-    </div>
+    <%= cell("decidim/notification", notification) %>
   <% end %>
 </div>
 

data/app/cells/decidim/notifications_cell.rb

@@ -3,7 +3,6 @@
 module Decidim
   class NotificationsCell < Decidim::ViewModel
     include Decidim::CellsPaginateHelper
-    include Decidim::IconHelper
     include Decidim::Core::Engine.routes.url_helpers
 
     helper_method :notifications

data/app/cells/decidim/profile_sidebar/show.erb

@@ -23,7 +23,7 @@
       <small><%= decidim_html_escape(profile_user.about.to_s) %></small>
     </div>
     <% if profile_user.personal_url.present? %>
-      <%= link_to html_truncate(profile_user.personal_url.gsub(%r{https?\:\/\/}, ""), length: 30), profile_user.personal_url %>
+      <%= link_to html_truncate(profile_user.personal_url.gsub(%r{https?\:\/\/}, ""), length: 30), profile_user.personal_url, rel: "nofollow noopener" %>
     <% end %>
   </div>
   <% if profile_user.badge.present? %>

data/app/cells/decidim/user_conversation/conversation_header.erb

@@ -9,6 +9,6 @@
   <% end %>
 
   <div class="ml-s">
-    <%= t("decidim.user_conversations.show.title", usernames: interlocutors_names) %>
+    <%= t("decidim.user_conversations.show.title", usernames: interlocutors_names).html_safe %>
   </div>
 </div>

data/app/cells/decidim/user_conversation/show.erb

@@ -10,10 +10,12 @@
         <% end %>
       </div>
 
-      <% if conversation.accept_user?(user) %>
+      <% if conversation.with_deleted_users?(user) %>
+        <div class="callout warning margin-top-2"><%= t "decidim.user_conversations.show.deleted_accounts" %></div>
+      <% elsif conversation.accept_user?(user) %>
         <%= render view: :reply, locals: { title: t("decidim.user_conversations.reply.title_reply") } %>
       <% else %>
-        <em><%= t "decidim.user_conversations.show.not_allowed" %></em>
+        <div class="callout warning margin-top-2"><%= t "decidim.user_conversations.show.not_allowed" %></div>
       <% end %>
     </div>
   </div>

data/app/cells/decidim/user_conversations/conversation_item.erb

@@ -10,7 +10,7 @@
     </li>
     <li class="card-data__item card--list__item card-data__item--expand absolutes">
       <div class="mr-s">
-        <%= t("decidim.user_conversations.index.from") %>: <strong><%= conversation_interlocutors(conversation) %></strong>
+        <%= t("decidim.user_conversations.index.from") %>: <strong><%= conversation_interlocutors(conversation).html_safe %></strong>
         <br>
         <span class="muted">
           <%= truncate conversation.last_message.body, length: 150 %>

data/app/commands/decidim/create_editor_image.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Decidim
+  # A command with all the business logic to create an editor image.
+  class CreateEditorImage < Rectify::Command
+    # Public: Initializes the command.
+    #
+    # form - A form object with the params.
+    def initialize(form)
+      @form = form
+    end
+
+    # Executes the command. Broadcasts these events:
+    #
+    # - :ok when everything is valid.
+    # - :invalid if the form wasn't valid and we couldn't proceed.
+    #
+    # Returns nothing.
+    def call
+      return broadcast(:invalid) if form.invalid?
+
+      transaction do
+        create_editor_image
+      end
+
+      broadcast(:ok, @editor_image)
+    end
+
+    private
+
+    attr_reader :form
+
+    def create_editor_image
+      @editor_image = EditorImage.create!(
+        decidim_author_id: form.current_user.id,
+        organization: form.organization,
+        file: form.file
+      )
+    end
+  end
+end

data/app/controllers/decidim/cookie_policy_controller.rb

@@ -10,6 +10,8 @@ module Decidim
         Decidim.config.consent_cookie_name,
         value: "true",
         path: "/",
+        httponly: true,
+        secure: request.session_options[:secure],
         expires: 1.year.from_now.utc
       )
 

data/app/controllers/decidim/editor_images_controller.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Decidim
+  class EditorImagesController < Decidim::ApplicationController
+    include FormFactory
+
+    # overwrite original rescue_from to ensure we print messages from ajax methods (update)
+    rescue_from Decidim::ActionForbidden, with: :ajax_user_has_no_permission
+
+    def create
+      enforce_permission_to :create, :editor_image
+
+      @form = form(EditorImageForm).from_params(form_values)
+
+      CreateEditorImage.call(@form) do
+        on(:ok) do |image|
+          render json: { url: image.attached_uploader(:file).path, message: I18n.t("success", scope: "decidim.editor_images.create") }
+        end
+
+        on(:invalid) do |_message|
+          render json: { message: I18n.t("error", scope: "decidim.editor_images.create") }, status: :unprocessable_entity
+        end
+      end
+    end
+
+    private
+
+    # Rescue ajax calls and print the update.js view which prints the info on the message ajax form
+    # Only if the request is AJAX, otherwise behave as Decidim standards
+    def ajax_user_has_no_permission
+      return user_has_no_permission unless request.xhr?
+
+      render json: { message: I18n.t("actions.unauthorized", scope: "decidim.core") }, status: :unprocessable_entity
+    end
+
+    def form_values
+      {
+        file: params[:image],
+        author_id: current_user.id
+      }
+    end
+
+    def permission_scope
+      :admin
+    end
+  end
+end

data/app/controllers/decidim/user_activities_controller.rb

@@ -12,7 +12,8 @@ module Decidim
     helper_method :activities, :resource_types, :user
 
     def index
-      raise ActionController::RoutingError, "Blocked User" if user&.blocked? && !current_user&.admin?
+      raise ActionController::RoutingError, "Missing user: #{params[:nickname]}" unless user
+      raise ActionController::RoutingError, "Blocked User" if user.blocked? && !current_user&.admin?
     end
 
     private

data/app/forms/decidim/editor_image_form.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Decidim
+  class EditorImageForm < Decidim::Form
+    mimic :editor_image
+
+    attribute :file
+    attribute :author_id, Integer
+
+    validates :author_id, presence: true
+    validates :file, presence: true
+    validates :file, passthru: { to: Decidim::EditorImage }
+
+    alias organization current_organization
+  end
+end

data/app/helpers/decidim/amendments_helper.rb

@@ -136,7 +136,7 @@ module Decidim
 
       return body unless rich_text_editor_in_public_views?
 
-      decidim_sanitize(body)
+      decidim_sanitize_editor(body)
     end
 
     # Return the edited field value or presents the original attribute value in a form.

data/app/helpers/decidim/application_helper.rb

@@ -15,7 +15,7 @@ module Decidim
     # options - A Hash with the options to truncate the text (default: {}):
     #           :length - An Integer number with the max length of the text.
     #           :separator - A String to append to the text when it's being
-    #           truncated. See `truncato` gem for more options.
+    #           truncated.
     #
     # Returns a String.
     def html_truncate(text, options = {})
@@ -25,7 +25,7 @@ module Decidim
       options[:count_tail] ||= false
       options[:tail_before_final_tag] = true unless options.has_key?(:tail_before_final_tag)
 
-      Truncato.truncate(text, options)
+      Decidim::HtmlTruncation.new(text, options).perform
     end
 
     def present(object, presenter_class: nil)

data/app/helpers/decidim/messaging/conversation_helper.rb

@@ -3,14 +3,43 @@
 module Decidim
   module Messaging
     module ConversationHelper
+      def conversation_name_for(users)
+        return content_tag(:span, t("decidim.profile.deleted"), class: "label label--small label--basic") if users.first.deleted?
+
+        content_tag = content_tag(:strong, users.first.name)
+        content_tag << tag.br
+        content_tag << content_tag(:span, "@#{users.first.nickname}", class: "muted")
+        content_tag
+      end
+
+      def conversation_label_for(participants)
+        return t("title", scope: "decidim.messaging.conversations.show", usernames: username_list(participants)) unless participants.count == 1
+
+        chat_with_user = if participants.first.deleted?
+                           t("decidim.profile.deleted")
+                         else
+                           "#{participants.first.name} (@#{participants.first.nickname})"
+                         end
+
+        "#{t("chat_with", scope: "decidim.messaging.conversations.show")} #{chat_with_user}"
+      end
+
       #
       # Generates a visualization of users for listing conversations threads
       #
       def username_list(users, shorten: false)
-        return users.pluck(:name).join(", ") unless shorten
-        return users.pluck(:name).join(", ") unless users.count > 3
+        content_tags = []
+        first_users = shorten ? users.first(3) : users
+        deleted_user_tag = content_tag(:span, t("decidim.profile.deleted"), class: "label label--small label--basic")
+        first_users.each do |u|
+          content_tags.push(u.deleted? ? deleted_user_tag : content_tag(:strong, u.name))
+        end
+
+        return content_tags.join(", ") unless shorten
+        return content_tags.join(", ") unless users.count > 3
 
-        "#{users.first(3).pluck(:name).join(", ")} + #{users.count - 3}"
+        content_tags.push(content_tag(:strong, " + #{users.count - 3}"))
+        content_tags.join(", ")
       end
 
       #

data/app/helpers/decidim/resource_versions_helper.rb

@@ -13,7 +13,7 @@ module Decidim
     #
     # Returns a String.
     def resource_version(resource, options = {})
-      return unless resource.respond_to?(:versions) && resource.versions.present?
+      return unless resource.respond_to?(:versions) && resource.versions_count.positive?
 
       html = []
       html << resource_version_number(resource.versions_count)