decidim-core 0.25.2 → 0.26.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (146) hide show
  1. checksums.yaml +4 -4
  2. data/app/cells/decidim/activity_cell.rb +2 -1
  3. data/app/cells/decidim/author/flag_user.erb +1 -1
  4. data/app/cells/decidim/author/profile_inline.erb +1 -1
  5. data/app/cells/decidim/author/withdraw.erb +2 -2
  6. data/app/cells/decidim/author_cell.rb +32 -0
  7. data/app/cells/decidim/card_m_cell.rb +1 -1
  8. data/app/cells/decidim/content_blocks/cta_cell.rb +1 -1
  9. data/app/cells/decidim/content_blocks/hero_cell.rb +1 -1
  10. data/app/cells/decidim/content_blocks/highlighted_content_banner/show.erb +1 -1
  11. data/app/cells/decidim/content_blocks/last_activity_cell.rb +1 -1
  12. data/app/cells/decidim/content_blocks/stats_cell.rb +12 -0
  13. data/app/cells/decidim/endorsers_list_cell.rb +3 -1
  14. data/app/cells/decidim/flag_modal/flag_user.erb +2 -2
  15. data/app/cells/decidim/flag_modal/show.erb +2 -2
  16. data/app/cells/decidim/flag_modal_cell.rb +10 -0
  17. data/app/cells/decidim/notification/show.erb +31 -0
  18. data/app/cells/decidim/notification_cell.rb +20 -0
  19. data/app/cells/decidim/notifications/show.erb +1 -24
  20. data/app/cells/decidim/notifications_cell.rb +0 -1
  21. data/app/cells/decidim/user_conversation/conversation_header.erb +1 -1
  22. data/app/cells/decidim/user_conversation/show.erb +4 -2
  23. data/app/cells/decidim/user_conversations/conversation_item.erb +1 -1
  24. data/app/commands/decidim/create_editor_image.rb +41 -0
  25. data/app/controllers/decidim/cookie_policy_controller.rb +2 -0
  26. data/app/controllers/decidim/editor_images_controller.rb +47 -0
  27. data/app/controllers/decidim/user_activities_controller.rb +2 -1
  28. data/app/forms/decidim/editor_image_form.rb +16 -0
  29. data/app/helpers/decidim/amendments_helper.rb +1 -1
  30. data/app/helpers/decidim/application_helper.rb +2 -2
  31. data/app/helpers/decidim/messaging/conversation_helper.rb +32 -3
  32. data/app/helpers/decidim/resource_versions_helper.rb +1 -1
  33. data/app/helpers/decidim/sanitize_helper.rb +65 -0
  34. data/app/models/decidim/editor_image.rb +14 -0
  35. data/app/models/decidim/messaging/conversation.rb +9 -0
  36. data/app/models/decidim/participatory_space_private_user.rb +16 -0
  37. data/app/models/decidim/user.rb +3 -3
  38. data/app/models/decidim/user_group.rb +40 -0
  39. data/app/packs/entrypoints/decidim_core.js +1 -0
  40. data/app/packs/src/decidim/dialog_mode.js +143 -0
  41. data/app/packs/src/decidim/dialog_mode.test.js +168 -0
  42. data/app/packs/src/decidim/editor.js +56 -14
  43. data/app/packs/src/decidim/form_attachments.js +5 -0
  44. data/app/packs/src/decidim/index.js +4 -0
  45. data/app/packs/src/decidim/vendor/image-resize.min.js +3 -0
  46. data/app/packs/src/decidim/vendor/image-upload.min.js +8 -0
  47. data/app/packs/stylesheets/decidim/extras/_extras.scss +0 -1
  48. data/app/packs/stylesheets/decidim/extras/_quill.scss +7 -0
  49. data/app/packs/stylesheets/decidim/modules/_buttons.scss +11 -4
  50. data/app/packs/stylesheets/decidim/modules/_cards.scss +4 -0
  51. data/app/packs/stylesheets/decidim/modules/_layout.scss +1 -1
  52. data/app/presenters/decidim/nil_presenter.rb +2 -2
  53. data/app/presenters/decidim/notification_presenter.rb +25 -0
  54. data/app/presenters/decidim/official_author_presenter.rb +1 -1
  55. data/app/presenters/decidim/validation_errors_presenter.rb +27 -0
  56. data/app/queries/decidim/similar_emendations.rb +1 -1
  57. data/app/resolvers/decidim/core/metric_resolver.rb +1 -1
  58. data/app/services/decidim/activity_search.rb +2 -2
  59. data/app/services/decidim/email_notification_generator.rb +4 -1
  60. data/app/services/decidim/html_truncation.rb +130 -0
  61. data/app/services/decidim/open_data_exporter.rb +29 -5
  62. data/app/services/decidim/resource_search.rb +1 -1
  63. data/app/uploaders/decidim/editor_image_uploader.rb +6 -0
  64. data/app/validators/password_validator.rb +123 -0
  65. data/app/views/decidim/account/_password_fields.html.erb +1 -1
  66. data/app/views/decidim/devise/passwords/edit.html.erb +1 -1
  67. data/app/views/decidim/devise/registrations/new.html.erb +1 -1
  68. data/app/views/decidim/devise/shared/_omniauth_buttons_mini.html.erb +6 -4
  69. data/app/views/decidim/messaging/conversations/_conversation.html.erb +3 -3
  70. data/app/views/decidim/messaging/conversations/_messages.html.erb +8 -2
  71. data/app/views/decidim/messaging/conversations/_show.html.erb +10 -12
  72. data/app/views/decidim/messaging/conversations/show.html.erb +4 -2
  73. data/app/views/decidim/newsletters/show.html.erb +1 -1
  74. data/app/views/decidim/notification_mailer/event_received.html.erb +17 -0
  75. data/app/views/decidim/pages/_tabbed.html.erb +1 -1
  76. data/app/views/decidim/searches/_filters_small_view.html.erb +3 -3
  77. data/app/views/decidim/shared/_login_modal.html.erb +5 -5
  78. data/app/views/decidim/shared/_orders.html.erb +1 -1
  79. data/app/views/decidim/shared/_results_per_page.html.erb +1 -1
  80. data/app/views/decidim/shared/participatory_space_filters/_filters_small_view.html.erb +3 -3
  81. data/app/views/layouts/decidim/_application.html.erb +1 -12
  82. data/app/views/layouts/decidim/_head.html.erb +4 -0
  83. data/app/views/layouts/decidim/_language_chooser.html.erb +1 -1
  84. data/app/views/layouts/decidim/_meta_tags_config.html.erb +11 -0
  85. data/app/views/layouts/decidim/_wrapper.html.erb +1 -1
  86. data/config/brakeman.ignore +149 -0
  87. data/config/initializers/devise.rb +1 -1
  88. data/config/initializers/rack_attack.rb +23 -21
  89. data/config/locales/ca.yml +2 -0
  90. data/config/locales/cs.yml +60 -0
  91. data/config/locales/en.yml +45 -0
  92. data/config/locales/es.yml +45 -0
  93. data/config/locales/eu.yml +5 -0
  94. data/config/locales/fi-plain.yml +6 -0
  95. data/config/locales/fi.yml +45 -0
  96. data/config/locales/fr-CA.yml +38 -0
  97. data/config/locales/fr.yml +44 -6
  98. data/config/locales/gl.yml +5 -0
  99. data/config/locales/it.yml +11 -0
  100. data/config/locales/ja.yml +72 -36
  101. data/config/locales/lb-LU.yml +1354 -0
  102. data/config/locales/lb.yml +1 -1
  103. data/config/locales/nl.yml +54 -0
  104. data/config/locales/pl.yml +5 -5
  105. data/config/locales/pt-BR.yml +1 -1
  106. data/config/locales/ro-RO.yml +8 -0
  107. data/config/locales/sv.yml +5 -0
  108. data/config/locales/val-ES.yml +1 -0
  109. data/config/routes.rb +2 -0
  110. data/db/migrate/20210730112319_create_decidim_editor_images.rb +12 -0
  111. data/db/migrate/20211126183540_add_timestamps_to_content_blocks.rb +14 -0
  112. data/db/seeds.rb +16 -14
  113. data/lib/decidim/api/functions/user_entity_list.rb +1 -0
  114. data/lib/decidim/api/input_sorts/component_input_sort.rb +1 -1
  115. data/lib/decidim/common_passwords.rb +56 -0
  116. data/lib/decidim/content_parsers/inline_images_parser.rb +68 -0
  117. data/lib/decidim/content_parsers.rb +1 -0
  118. data/lib/decidim/content_renderers/link_renderer.rb +85 -1
  119. data/lib/decidim/content_renderers/user_group_renderer.rb +1 -1
  120. data/lib/decidim/content_renderers/user_renderer.rb +1 -1
  121. data/lib/decidim/core/engine.rb +3 -12
  122. data/lib/decidim/core/test/factories.rb +7 -1
  123. data/lib/decidim/core/test/shared_examples/translated_event_examples.rb +131 -0
  124. data/lib/decidim/core/test.rb +1 -0
  125. data/lib/decidim/core/version.rb +1 -1
  126. data/lib/decidim/core.rb +22 -5
  127. data/lib/decidim/db/common-passwords.txt +128420 -0
  128. data/lib/decidim/etherpad/pad.rb +48 -0
  129. data/lib/decidim/etherpad.rb +7 -0
  130. data/lib/decidim/events/base_event.rb +18 -0
  131. data/lib/decidim/events/machine_translated_event.rb +36 -0
  132. data/lib/decidim/events/user_group_event.rb +1 -3
  133. data/lib/decidim/events.rb +1 -0
  134. data/lib/decidim/exporters/csv.rb +7 -7
  135. data/lib/decidim/faker/localized.rb +15 -6
  136. data/lib/decidim/form_builder.rb +14 -4
  137. data/lib/decidim/has_attachments.rb +11 -4
  138. data/lib/decidim/importers/import_manifest.rb +103 -3
  139. data/lib/decidim/paddable.rb +1 -9
  140. data/lib/decidim/searchable.rb +2 -2
  141. data/lib/decidim/settings_manifest.rb +2 -0
  142. data/lib/decidim/translatable_attributes.rb +6 -6
  143. data/lib/decidim/view_model.rb +10 -0
  144. data/lib/tasks/decidim_active_storage_migration_tasks.rake +68 -0
  145. metadata +56 -65
  146. data/app/packs/stylesheets/decidim/extras/_social_icons_mini.scss +0 -11
@@ -5,9 +5,11 @@
5
5
  <% end %>
6
6
  </div>
7
7
 
8
- <% if conversation.accept_user?(current_user) %>
8
+ <% if conversation.with_deleted_users?(current_user) %>
9
+ <div class="callout warning margin-top-2"><%= t ".deleted_accounts" %></div>
10
+ <% elsif conversation.accept_user?(current_user) %>
9
11
  <%= render "reply", form: @form, conversation: conversation %>
10
12
  <% else %>
11
- <em><%= t ".not_allowed" %></em>
13
+ <div class="callout warning margin-top-2"><%= t ".not_allowed" %></div>
12
14
  <% end %>
13
15
  <% end %>
@@ -5,7 +5,7 @@
5
5
  newsletter: newsletter,
6
6
  recipient_user: @user
7
7
  ) %>
8
- <%= decidim_sanitize @cell.to_s %>
8
+ <%= decidim_sanitize_editor @cell.to_s %>
9
9
 
10
10
  <% content_for :note do %>
11
11
  <%== t "note", scope: "decidim.newsletter_mailer.newsletter", organization_name: h(@organization.name), link: decidim.notifications_settings_url(host: @organization.host) %>
@@ -9,6 +9,10 @@
9
9
  <% end %>
10
10
 
11
11
  <% if @event_instance.try(:safe_resource_text).present? %>
12
+ <% if @event_instance.perform_translation? %>
13
+ <p style="font-weight: bold"><%= t(".original_text") %></p>
14
+ <% end %>
15
+
12
16
  <blockquote>
13
17
  <p>
14
18
  <%= @event_instance.safe_resource_text %>
@@ -16,6 +20,19 @@
16
20
  </blockquote>
17
21
  <% end %>
18
22
 
23
+ <% if @event_instance.content_in_same_language? %>
24
+ <p><%= t(".same_language", language: I18n.locale.to_s ) %></p>
25
+ <% elsif @event_instance.translation_missing? %>
26
+ <p><%= t(".no_translation_available", link: @event_instance.resource_url ) %></p>
27
+ <% elsif @event_instance.perform_translation? %>
28
+ <p style="font-weight: bold"><%= t(".translated_text") %></p>
29
+ <blockquote>
30
+ <p>
31
+ <%= @event_instance.safe_resource_translated_text %>
32
+ </p>
33
+ </blockquote>
34
+ <% end %>
35
+
19
36
  <% if @event_instance.has_button? %>
20
37
  <table class="button expanded radius">
21
38
  <tr>
@@ -32,7 +32,7 @@
32
32
  <h2>
33
33
  <%= translated_attribute page.title %>
34
34
  </h2>
35
- <%= decidim_sanitize translated_attribute page.content %>
35
+ <%= decidim_sanitize_editor translated_attribute page.content %>
36
36
  </div>
37
37
  </div>
38
38
  </div>
@@ -1,13 +1,13 @@
1
1
  <div class="filters-controls hide-for-mediumlarge">
2
- <button data-open="filter-box" class="filters-controls__trigger">
2
+ <button data-open="filter-box" class="filters-controls__trigger" aria-controls="filter-box" aria-haspopup="dialog">
3
3
  <%= t ".filter" %>
4
4
  <%= icon "caret-bottom", class: "icon--small float-right", aria_label: t(".unfold"), role: "img" %>
5
5
  </button>
6
6
  </div>
7
7
 
8
- <div class="reveal" id="filter-box" data-reveal>
8
+ <div class="reveal" id="filter-box" data-reveal role="dialog" aria-modal="true" aria-labelledby="filter-box-label">
9
9
  <div class="reveal__header">
10
- <h3 class="reveal__title"><%= t ".filter_by" %>:</h3>
10
+ <h3 id="filter-box-label" class="reveal__title"><%= t ".filter_by" %>:</h3>
11
11
  <button class="close-button" data-close aria-label="<%= t(".close_modal") %>" type="button">
12
12
  <span aria-hidden="true">&times;</span>
13
13
  </button>
@@ -1,12 +1,15 @@
1
- <div class="reveal" id="loginModal" data-reveal>
1
+ <div class="reveal" id="loginModal" data-reveal role="dialog" aria-modal="true" aria-labelledby="loginModal-label">
2
2
  <div class="reveal__header">
3
- <h2 class="reveal__title"><%= t(".please_sign_in") %></h2>
3
+ <h2 id="loginModal-label" class="reveal__title"><%= t(".please_sign_in") %></h2>
4
4
  <button class="close-button" data-close aria-label="<%= t(".close_modal") %>"
5
5
  type="button">
6
6
  <span aria-hidden="true">&times;</span>
7
7
  </button>
8
8
  </div>
9
9
  <% if current_organization.sign_in_enabled? %>
10
+ <% cache current_organization do %>
11
+ <%= render "decidim/devise/shared/omniauth_buttons_mini" %>
12
+ <% end %>
10
13
  <div class="row">
11
14
  <div class="columns medium-8 medium-centered">
12
15
  <%
@@ -39,9 +42,6 @@
39
42
  </p>
40
43
  </div>
41
44
  </div>
42
- <% cache current_organization do %>
43
- <%= render "decidim/devise/shared/omniauth_buttons_mini" %>
44
- <% end %>
45
45
  <% else %>
46
46
  <div class="row">
47
47
  <div class="columns medium-8 medium-centered">
@@ -9,7 +9,7 @@
9
9
  data-close-on-click="true"
10
10
  role="menubar">
11
11
  <li class="is-dropdown-submenu-parent" role="presentation">
12
- <a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="true" title="<%= t("#{i18n_scope}.label") %>" role="menuitem"><%= t("#{i18n_scope}.#{order}") %></a>
12
+ <a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="menu" title="<%= t("#{i18n_scope}.label") %>" role="menuitem"><%= t("#{i18n_scope}.#{order}") %></a>
13
13
 
14
14
  <ul id="<%= menu_id %>" class="menu" role="menu" aria-labelledby="<%= menu_id %>-control">
15
15
  <% orders.each do |order_name| %>
@@ -9,7 +9,7 @@
9
9
  data-close-on-click="true"
10
10
  role="menubar">
11
11
  <li class="is-dropdown-submenu-parent" role="presentation">
12
- <a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="true" title="<%= t("decidim.shared.results_per_page.title") %>" role="menuitem"><%= per_page %></a>
12
+ <a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="menu" title="<%= t("decidim.shared.results_per_page.title") %>" role="menuitem"><%= per_page %></a>
13
13
  <ul id="<%= menu_id %>" class="menu" role="menu" aria-labelledby="<%= menu_id %>-control">
14
14
  <% Decidim::Paginable::OPTIONS.each do |per_page_option| %>
15
15
  <li role="presentation">
@@ -1,13 +1,13 @@
1
1
  <div class="filters-controls hide-for-mediumlarge">
2
- <button data-open="filter-box" class="filters-controls__trigger">
2
+ <button data-open="filter-box" class="filters-controls__trigger" aria-controls="filter-box" aria-haspopup="dialog">
3
3
  <%= t("filter", scope: "decidim.searches.filters_small_view") %>
4
4
  <%= icon "caret-bottom", class: "icon--small float-right", aria_label: t("unfold", scope: "decidim.searches.filters_small_view"), role: "img" %>
5
5
  </button>
6
6
  </div>
7
7
 
8
- <div class="reveal" id="filter-box" data-reveal>
8
+ <div class="reveal" id="filter-box" data-reveal role="dialog" aria-modal="true" aria-labelledby="filter-box-label">
9
9
  <div class="reveal__header">
10
- <h3 class="reveal__title"><%= t("filter_by", scope: "decidim.searches.filters_small_view") %>:</h3>
10
+ <h3 id="filter-box-label" class="reveal__title"><%= t("filter_by", scope: "decidim.searches.filters_small_view") %>:</h3>
11
11
  <button class="close-button" data-close aria-label="<%= 't("close_modal", scope: "decidim.searches.filters_small_view")' %>" type="button">
12
12
  <span aria-hidden="true">&times;</span>
13
13
  </button>
@@ -1,15 +1,4 @@
1
- <% add_decidim_meta_tags({
2
- description: strip_tags(translated_attribute(current_organization.description)),
3
- title: current_organization.name,
4
- url: request.original_url,
5
- twitter_handler: current_organization.twitter_handler,
6
- image_url: Decidim::ContentBlock.published.find_by(
7
- organization: current_organization,
8
- scope_name: :homepage,
9
- manifest_name: :hero
10
- ).try(:images_container).try(:attached_uploader, :background_image).try(:path)
11
- }) %>
12
-
1
+ <%= render partial: "layouts/decidim/meta_tags_config" %>
13
2
  <!DOCTYPE html>
14
3
  <html lang="<%= I18n.locale %>" class="no-js">
15
4
  <head>
@@ -17,6 +17,10 @@
17
17
  <meta property="og:description" content="<%= decidim_meta_description %>">
18
18
  <meta property="og:image" content="<%= decidim_meta_image_url %>">
19
19
 
20
+ <% if current_organization.colors["theme"] %>
21
+ <meta name="theme-color" content="<%= current_organization.colors["theme"] %>">
22
+ <% end %>
23
+
20
24
  <%= favicon %>
21
25
  <%= stylesheet_pack_tag "decidim_core", media: "all" %>
22
26
  <%= invisible_captcha_styles %>
@@ -7,7 +7,7 @@
7
7
  data-close-on-click="true"
8
8
  role="menubar">
9
9
  <li class="is-dropdown-submenu-parent" role="presentation">
10
- <%= link_to t("name", scope: "locale"), "#language-chooser-menu", id: "language-chooser-control", "aria-label": t("layouts.decidim.language_chooser.choose_language"), "aria-controls": "language-chooser-menu", "aria-haspopup": "true", role: "menuitem" %>
10
+ <%= link_to t("name", scope: "locale"), "#language-chooser-menu", id: "language-chooser-control", "aria-label": t("layouts.decidim.language_chooser.choose_language"), "aria-controls": "language-chooser-menu", "aria-haspopup": "menu", role: "menuitem" %>
11
11
  <ul class="menu is-dropdown-submenu" id="language-chooser-menu" role="menu" aria-labelledby="language-chooser-control">
12
12
  <% (available_locales - [I18n.locale.to_s]).each do |locale| %>
13
13
  <li lang="<%= locale %>" role="presentation"><%= link_to locale_name(locale), decidim.locale_path(locale: locale), method: :post, role: "menuitem" %></li>
@@ -0,0 +1,11 @@
1
+ <% add_decidim_meta_tags({
2
+ description: strip_tags(translated_attribute(current_organization.description)),
3
+ title: current_organization.name,
4
+ url: request.original_url,
5
+ twitter_handler: current_organization.twitter_handler,
6
+ image_url: Decidim::ContentBlock.published.find_by(
7
+ organization: current_organization,
8
+ scope_name: :homepage,
9
+ manifest_name: :hero
10
+ ).try(:images_container).try(:attached_uploader, :background_image).try(:path)
11
+ }) %>
@@ -66,7 +66,7 @@ end
66
66
  data-close-on-click="true"
67
67
  role="menubar">
68
68
  <li class="is-dropdown-submenu-parent show-for-medium" role="presentation">
69
- <%= link_to current_user.name, decidim.account_path, id: "user-menu-control", "aria-controls": "user-menu", "aria-haspopup": "true", "aria-label": t("layouts.decidim.user_menu.account", name: current_user.name), "role": "menuitem" %>
69
+ <%= link_to current_user.name, decidim.account_path, id: "user-menu-control", "aria-controls": "user-menu", "aria-haspopup": "menu", "aria-label": t("layouts.decidim.user_menu.account", name: current_user.name), "role": "menuitem" %>
70
70
  <ul class="menu is-dropdown-submenu" id="user-menu" role="menu" aria-labelledby="user-menu-control">
71
71
  <%= render partial: "layouts/decidim/user_menu" %>
72
72
  </ul>
@@ -0,0 +1,149 @@
1
+ {
2
+ "ignored_warnings": [
3
+ {
4
+ "warning_type": "Cross-Site Scripting",
5
+ "warning_code": 2,
6
+ "fingerprint": "211ff4b5e0d738e40e3c7f6d27b6905f23b1ed4e20347c179af3df40f6e5694d",
7
+ "check_name": "CrossSiteScripting",
8
+ "message": "Unescaped model attribute",
9
+ "file": "app/views/decidim/messaging/conversations/_conversation.html.erb",
10
+ "line": 20,
11
+ "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
12
+ "code": "username_list((Unresolved Model).new.interlocutors(current_user), :shorten => true)",
13
+ "render_path": [
14
+ {
15
+ "type": "template",
16
+ "name": "decidim/messaging/conversations/index",
17
+ "line": 25,
18
+ "file": "app/views/decidim/messaging/conversations/index.html.erb",
19
+ "rendered": {
20
+ "name": "decidim/messaging/conversations/_conversation",
21
+ "file": "app/views/decidim/messaging/conversations/_conversation.html.erb"
22
+ }
23
+ }
24
+ ],
25
+ "location": {
26
+ "type": "template",
27
+ "template": "decidim/messaging/conversations/_conversation"
28
+ },
29
+ "user_input": "(Unresolved Model).new.interlocutors(current_user)",
30
+ "confidence": "Weak",
31
+ "note": ""
32
+ },
33
+ {
34
+ "warning_type": "Cross-Site Scripting",
35
+ "warning_code": 4,
36
+ "fingerprint": "2c7f1da812b5d4b350d2260b604e9061ef082ecae90073ae09fe2eb46c1b9a08",
37
+ "check_name": "LinkToHref",
38
+ "message": "Unsafe parameter value in `link_to` href",
39
+ "file": "app/views/decidim/links/_modal.html.erb",
40
+ "line": 16,
41
+ "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",
42
+ "code": "link_to(t(\"decidim.links.warning.proceed\"), params[:external_url], :target => \"_blank\", :data => ({ :close => \"\" }), :class => \"button primary button--nomargin\")",
43
+ "render_path": [
44
+ {
45
+ "type": "controller",
46
+ "class": "Decidim::LinksController",
47
+ "method": "new",
48
+ "line": 16,
49
+ "file": "app/controllers/decidim/links_controller.rb",
50
+ "rendered": {
51
+ "name": "decidim/links/new",
52
+ "file": "app/views/decidim/links/new.js.erb"
53
+ }
54
+ },
55
+ {
56
+ "type": "template",
57
+ "name": "decidim/links/new",
58
+ "line": 3,
59
+ "file": "app/views/decidim/links/new.js.erb",
60
+ "rendered": {
61
+ "name": "decidim/links/_modal",
62
+ "file": "app/views/decidim/links/_modal.html.erb"
63
+ }
64
+ }
65
+ ],
66
+ "location": {
67
+ "type": "template",
68
+ "template": "decidim/links/_modal"
69
+ },
70
+ "user_input": "params[:external_url]",
71
+ "confidence": "High",
72
+ "note": ""
73
+ },
74
+ {
75
+ "warning_type": "Cross-Site Scripting",
76
+ "warning_code": 2,
77
+ "fingerprint": "2d9910c9250df37f9cf9ddd225d4541ab9c411c61e74562b9a4b7b188e44cc47",
78
+ "check_name": "CrossSiteScripting",
79
+ "message": "Unescaped parameter value",
80
+ "file": "app/views/decidim/searches/index.js.erb",
81
+ "line": 5,
82
+ "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
83
+ "code": "j(cell(\"decidim/search_results\", @sections, :params => (params)).show).strip",
84
+ "render_path": [
85
+ {
86
+ "type": "controller",
87
+ "class": "Decidim::SearchesController",
88
+ "method": "index",
89
+ "line": 15,
90
+ "file": "app/controllers/decidim/searches_controller.rb",
91
+ "rendered": {
92
+ "name": "decidim/searches/index",
93
+ "file": "app/views/decidim/searches/index.js.erb"
94
+ }
95
+ }
96
+ ],
97
+ "location": {
98
+ "type": "template",
99
+ "template": "decidim/searches/index"
100
+ },
101
+ "user_input": "params",
102
+ "confidence": "Weak",
103
+ "note": ""
104
+ },
105
+ {
106
+ "warning_type": "Cross-Site Scripting",
107
+ "warning_code": 2,
108
+ "fingerprint": "b46eb40178db883a8a9065d3affe7fb7868369084048fd88321f887d8618eea5",
109
+ "check_name": "CrossSiteScripting",
110
+ "message": "Unescaped parameter value",
111
+ "file": "app/views/decidim/messaging/conversations/_show.html.erb",
112
+ "line": 29,
113
+ "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
114
+ "code": "t(\".title\", :usernames => username_list(form(ConversationForm).from_params(params, :sender => current_user).recipient.to_a))",
115
+ "render_path": [
116
+ {
117
+ "type": "controller",
118
+ "class": "Decidim::Messaging::ConversationsController",
119
+ "method": "new",
120
+ "line": 35,
121
+ "file": "app/controllers/decidim/messaging/conversations_controller.rb",
122
+ "rendered": {
123
+ "name": "decidim/messaging/conversations/new",
124
+ "file": "app/views/decidim/messaging/conversations/new.html.erb"
125
+ }
126
+ },
127
+ {
128
+ "type": "template",
129
+ "name": "decidim/messaging/conversations/new",
130
+ "line": 1,
131
+ "file": "app/views/decidim/messaging/conversations/new.html.erb",
132
+ "rendered": {
133
+ "name": "decidim/messaging/conversations/_show",
134
+ "file": "app/views/decidim/messaging/conversations/_show.html.erb"
135
+ }
136
+ }
137
+ ],
138
+ "location": {
139
+ "type": "template",
140
+ "template": "decidim/messaging/conversations/_show"
141
+ },
142
+ "user_input": "params",
143
+ "confidence": "Weak",
144
+ "note": ""
145
+ }
146
+ ],
147
+ "updated": "2021-12-22 09:55:40 +0000",
148
+ "brakeman_version": "5.1.2"
149
+ }
@@ -88,7 +88,7 @@ Devise.setup do |config|
88
88
  # It will change confirmation, password recovery and other workflows
89
89
  # to behave the same regardless if the e-mail provided was right or wrong.
90
90
  # Does not affect registerable.
91
- # config.paranoid = true
91
+ config.paranoid = true
92
92
 
93
93
  # By default Devise will store the user in session. You can skip storage for
94
94
  # particular strategies by setting this option.
@@ -7,31 +7,33 @@ if Rails.env.production? || Rails.env.test?
7
7
  config.middleware.use Rack::Attack
8
8
  end
9
9
 
10
- Rack::Attack.blocklist("block all access to system") do |request|
11
- # Requests are blocked if the return value is truthy
12
- if request.path.start_with?("/system")
13
- Decidim.system_accesslist_ips.any? && Decidim.system_accesslist_ips.map { |ip_address| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }.any?
10
+ ActiveSupport::Reloader.to_prepare do
11
+ Rack::Attack.blocklist("block all access to system") do |request|
12
+ # Requests are blocked if the return value is truthy
13
+ if request.path.start_with?("/system")
14
+ Decidim.system_accesslist_ips.any? && Decidim.system_accesslist_ips.map { |ip_address| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }.any?
15
+ end
14
16
  end
15
- end
16
17
 
17
- unless Rails.env.test?
18
- Rack::Attack.throttle(
19
- "requests by ip",
20
- limit: Decidim.throttling_max_requests,
21
- period: Decidim.throttling_period,
22
- &:ip
23
- )
18
+ unless Rails.env.test?
19
+ Rack::Attack.throttle(
20
+ "requests by ip",
21
+ limit: Decidim.throttling_max_requests,
22
+ period: Decidim.throttling_period,
23
+ &:ip
24
+ )
24
25
 
25
- # Throttle login attempts for a given email parameter to 6 reqs/minute
26
- # Return the email as a discriminator on POST /users/sign_in requests
27
- Rack::Attack.throttle("limit logins per email", limit: 5, period: 60.seconds) do |request|
28
- request.params["user"]["email"] if request.path == "/users/sign_in" && request.post?
29
- end
26
+ # Throttle login attempts for a given email parameter to 6 reqs/minute
27
+ # Return the email as a discriminator on POST /users/sign_in requests
28
+ Rack::Attack.throttle("limit logins per email", limit: 5, period: 60.seconds) do |request|
29
+ request.params["user"]["email"] if request.path == "/users/sign_in" && request.post?
30
+ end
30
31
 
31
- # Throttle login attempts for a given email parameter to 6 reqs/minute
32
- # Return the email as a discriminator on POST /users/sign_in requests
33
- Rack::Attack.throttle("limit password recovery attempts per email", limit: 5, period: 60.seconds) do |request|
34
- request.params["user"]["email"] if request.path == "/users/password" && request.post?
32
+ # Throttle login attempts for a given email parameter to 6 reqs/minute
33
+ # Return the email as a discriminator on POST /users/sign_in requests
34
+ Rack::Attack.throttle("limit password recovery attempts per email", limit: 5, period: 60.seconds) do |request|
35
+ request.params["user"]["email"] if request.path == "/users/password" && request.post?
36
+ end
35
37
  end
36
38
  end
37
39
  end
@@ -967,6 +967,7 @@ ca:
967
967
  show:
968
968
  back: Tornar a totes les converses
969
969
  chat_with: Conversa amb
970
+ deleted_accounts: No podeu tenir una conversa amb un compte d'usuari eliminat.
970
971
  not_allowed: Aquesta participant no accepta missatges directes.
971
972
  title: Conversa amb %{usernames}
972
973
  start:
@@ -1331,6 +1332,7 @@ ca:
1331
1332
  title_reply: Respondre
1332
1333
  show:
1333
1334
  back: Mostra totes les converses
1335
+ deleted_accounts: No podeu tenir una conversa amb un compte d'usuari eliminat.
1334
1336
  not_allowed: Aquesta participant no accepta missatges directes.
1335
1337
  title: Conversa amb %{usernames}
1336
1338
  update:
@@ -84,6 +84,49 @@ cs:
84
84
  decidim_with_day_and_month_name: "%A %d %b %Y"
85
85
  decidim_with_month_name: "%d %B %Y"
86
86
  decidim_with_month_name_short: "%d %b"
87
+ datetime:
88
+ distance_in_words:
89
+ about_x_hours:
90
+ one: asi 1 hodina
91
+ few: asi %{count} hodiny
92
+ many: asi %{count} hodin
93
+ other: asi %{count} hodin
94
+ about_x_months:
95
+ one: asi 1 měsíc
96
+ few: asi %{count} měsíce
97
+ many: asi %{count} měsíců
98
+ other: asi %{count} měsíců
99
+ half_a_minute: půl minuty
100
+ less_than_x_minutes:
101
+ one: méně než minutu.
102
+ few: méně než %{count} minuty.
103
+ many: méně než %{count} minut.
104
+ other: méně než %{count} minut.
105
+ less_than_x_seconds:
106
+ one: právě teď
107
+ few: méně než %{count} vteřiny.
108
+ many: méně než %{count} vteřin.
109
+ other: méně než %{count} vteřin.
110
+ x_days:
111
+ one: před 1 dnem
112
+ few: "před %{count} dny"
113
+ many: "před %{count} ti dny"
114
+ other: "před %{count} ti dny"
115
+ x_hours:
116
+ one: před 1 hodinou
117
+ few: "před %{count} hodinami"
118
+ many: "před %{count} hodinami"
119
+ other: "před %{count} hodinami"
120
+ x_minutes:
121
+ one: před 1 minutou
122
+ few: "před %{count} minutami"
123
+ many: "před %{count} minutami"
124
+ other: "před %{count} minutami"
125
+ x_seconds:
126
+ one: před 1 vteřinou
127
+ few: "před %{count} vteřinami"
128
+ many: "před %{count} vteřinami"
129
+ other: "před %{count} vteřinami"
87
130
  decidim:
88
131
  accessibility:
89
132
  external_link: Externí odkaz
@@ -527,6 +570,11 @@ cs:
527
570
  this_application_will_not_be_able_to: 'Tato aplikace nebude moci:'
528
571
  update_profile: Aktualizujte svůj profil
529
572
  wants_to_use_your_account_html: "<strong>%{application_name}</strong> chce používat váš účet"
573
+ editor_images:
574
+ create:
575
+ error: Chyba při nahrávání obrázku
576
+ success: Obrázek byl úspěšně nahrán
577
+ drag_and_drop_help: Přidejte obrázky přetažením nebo vložením.
530
578
  endorsable:
531
579
  endorsements: Schválení
532
580
  endorsements_count: Počet schvalování
@@ -992,6 +1040,7 @@ cs:
992
1040
  show:
993
1041
  back: Zpět ke všem konverzacím
994
1042
  chat_with: Konverzace s
1043
+ deleted_accounts: Nemůžete mít konverzaci s odstraněnými účty.
995
1044
  not_allowed: Tento uživatel nepřijímá přímé zprávy.
996
1045
  title: Konverzace s číslem %{usernames}
997
1046
  start:
@@ -1059,6 +1108,12 @@ cs:
1059
1108
  greetings: Zdravím,<br/>%{organization_name}<br/><a href="%{organization_url}">%{organization_url}</a>
1060
1109
  hello: Ahoj,
1061
1110
  subject: Chcete nadále dostávat příslušné informace o %{organization_name}?
1111
+ notification_mailer:
1112
+ event_received:
1113
+ no_translation_available: Omlouváme se, po odeslání e-mailu nelze získat automatický překlad. Překlad původního textu můžete zkontrolovat na následujícím odkazu %{link}.
1114
+ original_text: 'Původní text:'
1115
+ same_language: Obsah byl zveřejněn ve vašem preferovaném jazyce (%{language}), proto se v tomto e-mailu nezobrazuje automatický překlad.
1116
+ translated_text: 'Automaticky přeložený text:'
1062
1117
  notifications:
1063
1118
  no_notifications: Zatím žádné oznámení.
1064
1119
  notifications_settings:
@@ -1358,6 +1413,7 @@ cs:
1358
1413
  title_reply: Odpovědět
1359
1414
  show:
1360
1415
  back: Zobrazit všechny konverzace
1416
+ deleted_accounts: Nemůžete mít konverzaci s odstraněnými účty.
1361
1417
  not_allowed: Tento uživatel již nepřijímá žádné přímé zprávy.
1362
1418
  title: Konverzace s %{usernames}
1363
1419
  update:
@@ -1661,10 +1717,12 @@ cs:
1661
1717
  name: Čeština
1662
1718
  name_with_error: Čeština
1663
1719
  password_validator:
1720
+ blacklisted: je na černé listině
1664
1721
  domain_included_in_password: je příliš podobné tomuto názvu domény
1665
1722
  email_included_in_password: je příliš podobný e-mailu
1666
1723
  fallback: není platný
1667
1724
  name_included_in_password: je příliš podobné vašemu jménu
1725
+ nickname_included_in_password: je příliš podobné vaší přezdívce
1668
1726
  not_enough_unique_characters: nemá dostatek jedinečných znaků
1669
1727
  password_not_allowed: není povoleno
1670
1728
  password_too_common: je příliš běžné
@@ -1699,6 +1757,8 @@ cs:
1699
1757
  day_of_week: "%a"
1700
1758
  day_of_week_long: "%a %e"
1701
1759
  day_of_year: "%d.%m.%y"
1760
+ ddmm: "%d.%m"
1761
+ ddmmyyyy: "%d.%m.%Y"
1702
1762
  decidim_day_of_year: "%d %B %Y"
1703
1763
  decidim_short: "%d/%m/%Y %H:%M"
1704
1764
  default: "%a, %d %b %Y %H:%M:%S %z"