RubyGems - decidim-core - Versions diffs - 0.26.4 → 0.27.0.rc1 - Mend

decidim-core 0.26.4 → 0.27.0.rc1

Potentially problematic release.

This version of decidim-core might be problematic. Click here for more details.

Files changed (569) hide show

data/app/commands/decidim/invite_user.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with the business logic to invite a user to an organization.
-  class InviteUser < Rectify::Command
+  class InviteUser < Decidim::Command
     # Public: Initializes the command.
     #
     # form - A form object with the params.
@@ -27,9 +27,7 @@ module Decidim
     attr_reader :form
     def user
-      # rubocop:disable Rails/FindBy
       @user ||= Decidim::User.where(organization: form.organization).where(email: form.email.downcase).first
-      # rubocop:enable Rails/FindBy
     end
     def update_user

data/app/commands/decidim/invite_user_again.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with the business logic to invite an user to an organization.
-  class InviteUserAgain < Rectify::Command
+  class InviteUserAgain < Decidim::Command
     # Public: Initializes the command.
     #
     # user         - The user that receives the invitation instructions.

data/app/commands/decidim/invite_user_to_group.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with all the business logic to invite a user to a group.
-  class InviteUserToGroup < Rectify::Command
+  class InviteUserToGroup < Decidim::Command
     # Public: Initializes the command.
     #
     # form - A form object with the params.

data/app/commands/decidim/join_user_group.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with all the business logic to join a user group.
-  class JoinUserGroup < Rectify::Command
+  class JoinUserGroup < Decidim::Command
     # Public: Initializes the command.
     #
     # user - the user that wants to join the group

data/app/commands/decidim/leave_user_group.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with all the business logic to leave a user group.
-  class LeaveUserGroup < Rectify::Command
+  class LeaveUserGroup < Decidim::Command
     # Public: Initializes the command.
     #
     # user - the user that wants to leave the group
@@ -20,6 +20,7 @@ module Decidim
     # Returns nothing.
     def call
       return broadcast(:invalid) unless can_leave?
+      return broadcast(:last_admin) if last_admin?
       leave_user_group
@@ -35,7 +36,12 @@ module Decidim
     end
     def can_leave?
-      Decidim::UserGroupMembership.where(user: user, user_group: user_group).where.not(role: :creator).any?
+      Decidim::UserGroupMembership.where(user: user, user_group: user_group).any?
+    end
+    def last_admin?
+      admin_memberships = Decidim::UserGroupMembership.where(user_group: user_group, role: [:creator, :admin])
+      admin_memberships.length == 1 && admin_memberships.pluck(:decidim_user_id).include?(user.id)
     end
   end
 end

data/app/commands/decidim/messaging/reply_to_conversation.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   module Messaging
     # A command with all the business logic for replying to a conversation
-    class ReplyToConversation < Rectify::Command
+    class ReplyToConversation < Decidim::Command
       # Public: Initializes the command.
       #
       # conversation - The conversation to be updated.
@@ -72,7 +72,7 @@ module Decidim
       end
       # in order for a recipient to receive an email it should not have direct-messages disabled
-      # if direct-messages are disabled, only send if he follows the sending user
+      # if direct-messages are disabled, only send if they follow the sending user
       def notify(recipient)
         return unless conversation.unread_count(recipient) == 1
         return unless recipient.accepts_conversation?(form.context.current_user)

data/app/commands/decidim/messaging/start_conversation.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   module Messaging
     # A command with all the business logic for replying to a conversation
-    class StartConversation < Rectify::Command
+    class StartConversation < Decidim::Command
       # Public: Initializes the command.
       #
       # form - A conversation form
@@ -72,7 +72,7 @@ module Decidim
       end
       # in order for a recipient to receive an email it should not have direct-messages disabled
-      # if direct-messages are disabled, only send if he follows the sending user
+      # if direct-messages are disabled, only send if they follow the sending user
       def notify(recipient)
         return unless recipient.accepts_conversation?(form.context.current_user)

data/app/commands/decidim/multiple_attachments_methods.rb CHANGED Viewed

@@ -6,16 +6,25 @@ module Decidim
     def build_attachments
       @documents = []
-      @form.add_documents.each do |file|
+      @form.add_documents.compact_blank.each do |attachment|
+        if attachment.is_a?(Hash) && attachment.has_key?(:id)
+          update_attachment_title_for(attachment)
+          next
+        end
         @documents << Attachment.new(
-          title: { I18n.locale => file.original_filename },
+          title: title_for(attachment),
           attached_to: @attached_to || documents_attached_to,
-          file: file,
-          content_type: file.content_type
+          file: signed_id_for(attachment),
+          content_type: content_type_for(attachment)
         )
       end
     end
+    def update_attachment_title_for(attachment)
+      Decidim::Attachment.find(attachment[:id]).update(title: title_for(attachment))
+    end
     def attachments_invalid?
       @documents.each do |document|
         next if document.valid? || !document.errors.has_key?(:file)
@@ -30,10 +39,18 @@ module Decidim
       false
     end
-    def create_attachments
+    def create_attachments(first_weight: 0)
+      weight = first_weight
+      # Add the weights first to the old document
+      @form.documents.each do |document|
+        document.update!(weight: weight)
+        weight += 1
+      end
       @documents.map! do |document|
+        document.weight = weight
         document.attached_to = documents_attached_to
         document.save!
+        weight += 1
         @form.documents << document
       end
     end
@@ -57,5 +74,27 @@ module Decidim
       form.current_component.organization if form.respond_to?(:current_component)
     end
+    def signed_id_for(attachment)
+      return attachment[:file] if attachment.is_a?(Hash)
+      attachment
+    end
+    def title_for(attachment)
+      return { I18n.locale => attachment[:title] } if attachment.is_a?(Hash) && attachment.has_key?(:title)
+      { I18n.locale => "" }
+    end
+    def content_type_for(attachment)
+      return attachment.content_type if attachment.instance_of?(ActionDispatch::Http::UploadedFile)
+      blob(signed_id_for(attachment)).content_type
+    end
+    def blob(signed_id)
+      ActiveStorage::Blob.find_signed(signed_id)
+    end
   end
 end

data/app/commands/decidim/promote_membership.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with all the business logic to promote a user to group admin.
-  class PromoteMembership < Rectify::Command
+  class PromoteMembership < Decidim::Command
     # Public: Initializes the command.
     #
     # membership - the UserGroupMembership to be promoted.

data/app/commands/decidim/reject_group_invitation.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   # A command with all the business logic to reject an invitation to belong to a
   # group.
-  class RejectGroupInvitation < Rectify::Command
+  class RejectGroupInvitation < Decidim::Command
     # Public: Initializes the command.
     #
     # user_group - the UserGroup where the user has been invited

data/app/commands/decidim/reject_user_group_join_request.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   # A command with all the business logic to reject a join request to a user
   # group.
-  class RejectUserGroupJoinRequest < Rectify::Command
+  class RejectUserGroupJoinRequest < Decidim::Command
     # Public: Initializes the command.
     #
     # membership - the UserGroupMembership to be accepted.

data/app/commands/decidim/remove_user_from_group.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with all the business logic to remove a user from a group.
-  class RemoveUserFromGroup < Rectify::Command
+  class RemoveUserFromGroup < Decidim::Command
     # Public: Initializes the command.
     #
     # membership - the UserGroupMembership to be accepted.

data/app/commands/decidim/resend_confirmation_instructions.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Decidim
+  class ResendConfirmationInstructions < Decidim::Command
+    def initialize(user)
+      @user = user
+      @unconfirmed_email = user.unconfirmed_email
+    end
+    def call
+      return broadcast(:invalid) unless @unconfirmed_email
+      ResendConfirmationInstructionsJob.perform_later(@user)
+      broadcast(:ok)
+    end
+  end
+end

data/app/commands/decidim/search.rb CHANGED Viewed

@@ -2,8 +2,8 @@
 module Decidim
   # A command that will act as a search service, with all the business logic for performing searches.
-  class Search < Rectify::Command
-    ACCEPTED_FILTERS = [:decidim_scope_id].freeze
+  class Search < Decidim::Command
+    ACCEPTED_FILTERS = [:decidim_scope_id_eq].freeze
     HIGHLIGHTED_RESULTS_COUNT = 4
     # Public: Initializes the command.
@@ -30,9 +30,9 @@ module Decidim
         result_ids = filtered_query_for(class_name).pluck(:resource_id)
         results_count = result_ids.count
-        results = if filters[:resource_type].present? && filters[:resource_type] == class_name
+        results = if filters[:with_resource_type].present? && filters[:with_resource_type] == class_name
                     paginate(klass.order_by_id_list(result_ids))
-                  elsif filters[:resource_type].present?
+                  elsif filters[:with_resource_type].present?
                     ApplicationRecord.none
                   else
                     klass.order_by_id_list(result_ids.take(HIGHLIGHTED_RESULTS_COUNT))
@@ -59,15 +59,15 @@ module Decidim
     def clean_filters
       @clean_filters ||= filters.select do |attribute_name, value|
         ACCEPTED_FILTERS.include?(attribute_name.to_sym) && value.present?
-      end.merge(decidim_participatory_space: spaces_to_filter).compact
+      end.compact
     end
     def spaces_to_filter
-      return nil if filters[:space_state].blank?
+      return nil if filters[:with_space_state].blank?
       Decidim.participatory_space_manifests.flat_map do |manifest|
         public_spaces = manifest.participatory_spaces.call(organization).public_spaces
-        spaces = case filters[:space_state]
+        spaces = case filters[:with_space_state]
                  when "active"
                    public_spaces.active_spaces
                  when "future"
@@ -88,9 +88,10 @@ module Decidim
         resource_type: class_name
       )
-      clean_filters.each_pair do |attribute_name, value|
-        query = query.where(attribute_name => value)
+      if (spaces = spaces_to_filter)
+        query = query.where(decidim_participatory_space: spaces)
       end
+      query = query.ransack(clean_filters).result if clean_filters.any?
       query = query.order("datetime DESC")
       query = query.global_search(I18n.transliterate(term)) if term.present?

data/app/commands/decidim/unendorse_resource.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with all the business logic to unendorse a resource, both as a user or as a user_group.
-  class UnendorseResource < Rectify::Command
+  class UnendorseResource < Decidim::Command
     # Public: Initializes the command.
     #
     # resource     - A Decidim::Endorsable object.

data/app/commands/decidim/unsubscribe_settings.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # This command unsubscribes user from newsletter.
-  class UnsubscribeSettings < Rectify::Command
+  class UnsubscribeSettings < Decidim::Command
     # unsubscribe user from newsletter.
     #
     # user - The user to be updated.

data/app/commands/decidim/update_account.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # This command updates the user's account.
-  class UpdateAccount < Rectify::Command
+  class UpdateAccount < Decidim::Command
     # Updates a user's account.
     #
     # user - The user to be updated.
@@ -42,7 +42,7 @@ module Decidim
     def update_avatar
       if @form.avatar.present?
-        @user.avatar = @form.avatar
+        @user.avatar.attach(@form.avatar)
       elsif @form.remove_avatar
         @user.avatar = nil
       end

data/app/commands/decidim/update_notifications_settings.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # This command updates the user's notifications settings.
-  class UpdateNotificationsSettings < Rectify::Command
+  class UpdateNotificationsSettings < Decidim::Command
     # Updates a user's notifications settings.
     #
     # user - The user to be updated.
@@ -24,11 +24,12 @@ module Decidim
     private
     def update_notifications_settings
-      @user.email_on_notification = @form.email_on_notification
       @user.newsletter_notifications_at = @form.newsletter_notifications_at
       @user.notification_types = @form.notification_types
       @user.direct_message_types = @form.direct_message_types
       @user.email_on_moderations = @form.email_on_moderations
+      @user.notification_settings = @user.notification_settings.merge(@form.notification_settings)
+      @user.notifications_sending_frequency = @form.notifications_sending_frequency
     end
   end
 end

data/app/commands/decidim/update_password.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module Decidim
+  # Decidim command updates user's password
+  class UpdatePassword < Decidim::Command
+    # Updates a user's password.
+    #
+    # user - The user to be updated.
+    # form - The form with the data.
+    def initialize(user, form)
+      @user = user
+      @form = form
+    end
+    def call
+      return broadcast(:invalid) if form.invalid?
+      user.password = form.password
+      if user.save
+        broadcast(:ok)
+      else
+        broadcast(:invalid)
+      end
+    end
+    private
+    attr_reader :form, :user
+  end
+end

data/app/commands/decidim/update_user_group.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # A command with all the business logic to update a user group profile.
-  class UpdateUserGroup < Rectify::Command
+  class UpdateUserGroup < Decidim::Command
     # Public: Initializes the command.
     #
     # form - A form object with the params.
@@ -60,7 +60,7 @@ module Decidim
         affected_users: Decidim::User.org_admins_except_me(form.current_user)
       }
-      Decidim::EventsManager.publish(data)
+      Decidim::EventsManager.publish(**data)
     end
   end
 end

data/app/commands/decidim/update_user_interests.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # This command updates the user's interests.
-  class UpdateUserInterests < Rectify::Command
+  class UpdateUserInterests < Decidim::Command
     # Updates a user's intersts.
     #
     # user - The user to be updated.

data/app/commands/decidim/validate_upload.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module Decidim
+  class ValidateUpload < Decidim::Command
+    def initialize(form)
+      @form = form
+    end
+    def call
+      return broadcast(:invalid, @form.errors) if @form.invalid?
+      broadcast(:ok)
+    end
+  end
+end

data/app/controllers/concerns/decidim/devise_controllers.rb CHANGED Viewed

@@ -25,7 +25,6 @@ module Decidim
       helper Decidim::MetaTagsHelper
       helper Decidim::DecidimFormHelper
       helper Decidim::LanguageChooserHelper
-      helper Decidim::CookiesHelper
       helper Decidim::ReplaceButtonsHelper
       helper Decidim::LayoutHelper
       helper Decidim::MenuHelper

data/app/controllers/concerns/decidim/filter_resource.rb CHANGED Viewed

@@ -20,20 +20,24 @@ module Decidim
       end
       def respond_to_missing?(method_name, include_private = false)
-        @filter.present? && @filter.has_key?(method_name) || super
+        (@filter.present? && @filter.has_key?(method_name)) || super
       end
     end
     included do
-      helper_method :search, :filter
+      helper_method :search, :filter_params, :filter
       private
       def search
-        @search ||= search_klass.new(search_params)
+        @search ||= search_with(filter_params)
       end
-      def search_klass
+      def search_with(provided_params)
+        search_collection.ransack(provided_params, context_params.merge(auth_object: current_user))
+      end
+      def search_collection
         raise NotImplementedError, "A search class is neeeded to filter resources"
       end
@@ -41,19 +45,15 @@ module Decidim
         @filter ||= Filter.new(filter_params)
       end
-      def search_params
-        default_search_params
-          .merge(filter_params)
-          .merge(context_params)
-      end
+      # Fetches the correct filter parameters from the request parameters in
+      # order to limit the parameters which can be used for searching the
+      # resources. Otherwise the user could pass extra search parameters from
+      # the request using the Ransack API.
       def filter_params
-        default_filter_params
-          .merge(params.to_unsafe_h[:filter].try(:symbolize_keys) || {})
-      end
-      def default_search_params
-        {}
+        @filter_params = begin
+          passed_params = params.to_unsafe_h[:filter].try(:symbolize_keys) || {}
+          default_filter_params.merge(passed_params.slice(*default_filter_params.keys))
+        end
       end
       def default_filter_params
@@ -76,14 +76,13 @@ module Decidim
         end
       end
-      # If the controller responds to current_component, its search service uses the
-      # base class Decidim::ResourceSearch; else it uses the ParticipatorySpaceSearch.
-      # They need different context_params to set up the base_query:
-      # - ResourceSearch uses `component`
-      # - ParticipatorySpaceSearch uses `organization`
-      # - Both use `current_user`
-      # - Both need `organization` for localized searches in order to fetch the
-      #   available locales from the organization in Decidim::ResourceSearch.
+      # If the controller responds to current_component, its is probably
+      # searching against that component. Otherwise it is be likely to search
+      # against a participatory space. The context params are passed to the
+      # Ransack search classes which may be customized per model in case they
+      # need this contextual information. For such searches, take a look at the
+      # ResourceSearch class or any search class inheriting from that which
+      # utilize this context information, such as the current user.
       def context_params
         context = {
           current_user: current_user,

data/app/controllers/concerns/decidim/force_authentication.rb CHANGED Viewed

@@ -36,8 +36,7 @@ module Decidim
     def unauthorized_paths
       # /locale is for changing the locale
-      # /cookies is for accepting the cookies
-      %w(/locale /cookies) + Decidim::StaticPage.where(
+      %w(/locale) + Decidim::StaticPage.where(
         organization: current_organization,
         allow_public_access: true
       ).pluck(Arel.sql("CONCAT('/pages/', slug)"))

data/app/controllers/concerns/decidim/http_caching_disabler.rb CHANGED Viewed

@@ -13,9 +13,9 @@ module Decidim
     end
     def disable_http_caching
-      response.headers["Cache-Control"] = "no-cache, no-store"
       response.headers["Pragma"] = "no-cache"
       response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
+      response.cache_control.replace(no_cache: true, extras: ["no-store"])
     end
   end
 end

data/app/controllers/concerns/decidim/needs_password_change.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module Decidim
+  # Force user to "Change your password" view when they need to change password
+  module NeedsPasswordChange
+    extend ActiveSupport::Concern
+    included do
+      before_action :check_password_update_required
+    end
+    private
+    def check_password_update_required
+      return unless request.format.html?
+      return unless current_user
+      return unless current_user.admin?
+      return unless Decidim.config.admin_password_strong
+      return unless current_user.needs_password_update?
+      return if password_update_permitted_path?(request.path)
+      redirect_to_change_password
+    end
+    def password_update_permitted_path?(target_path)
+      permitted_paths = [(tos_path if respond_to?(:tos_path, true)),
+                         decidim.delete_account_path,
+                         decidim.accept_tos_path,
+                         decidim.download_your_data_path,
+                         decidim.export_download_your_data_path,
+                         decidim.download_file_download_your_data_path,
+                         decidim.change_password_path].compact
+      # ensure that path with or without query string pass
+      permitted_paths.find { |el| el.split("?").first == target_path }
+    end
+    def redirect_to_change_password
+      flash[:notice] = flash[:notice] if flash[:notice]
+      flash[:secondary] = t("decidim.admin.password_change.alert")
+      redirect_to decidim.change_password_path
+    end
+  end
+end

data/app/controllers/concerns/decidim/needs_tos_accepted.rb CHANGED Viewed

@@ -29,9 +29,9 @@ module Decidim
       permitted_paths = [tos_path,
                          decidim.delete_account_path,
                          decidim.accept_tos_path,
-                         decidim.data_portability_path,
-                         decidim.export_data_portability_path,
-                         decidim.download_file_data_portability_path]
+                         decidim.download_your_data_path,
+                         decidim.export_download_your_data_path,
+                         decidim.download_file_download_your_data_path]
       # ensure that path with or without query string pass
       permitted_paths.find { |el| el.split("?").first == request.path }
     end

data/app/controllers/concerns/decidim/orderable.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Decidim
       # random seed at the database.
       def random_seed
         @random_seed ||= begin
-          session[:random_seed] ||= rand * 2 - 1
+          session[:random_seed] ||= (rand * 2) - 1
         end.to_f
       end
     end

data/app/controllers/concerns/decidim/participatory_space_context.rb CHANGED Viewed

@@ -17,8 +17,8 @@ module Decidim
       #
       # Returns nothing.
       def participatory_space_layout(options = {})
-        layout :layout, options
-        before_action :authorize_participatory_space, options
+        layout :layout, **options
+        before_action :authorize_participatory_space, **options
       end
     end

data/app/controllers/concerns/decidim/resource_versions_concern.rb CHANGED Viewed

@@ -10,10 +10,6 @@ module Decidim
       helper Decidim::TraceabilityHelper
       helper_method :current_version, :versioned_resource
-      def show
-        raise ActionController::RoutingError, "Not found" unless current_version
-      end
       private
       # Overwrite this method in your controller to define how to find the