decidim-core 0.26.5 → 0.26.8

data/app/packs/src/decidim/editor.js

@@ -1,11 +1,25 @@
 /* eslint-disable require-jsdoc */
 
-import lineBreakButtonHandler from "src/decidim/editor/linebreak_module"
-import "src/decidim/editor/clipboard_override"
-import "src/decidim/vendor/image-resize.min"
-import "src/decidim/vendor/image-upload.min"
+import lineBreakButtonHandler from "src/decidim/editor/linebreak_module";
+import "src/decidim/editor/clipboard_override";
+import "src/decidim/vendor/image-resize.min";
+import "src/decidim/vendor/image-upload.min";
 
-const quillFormats = ["bold", "italic", "link", "underline", "header", "list", "video", "image", "alt", "break", "width", "style", "code", "blockquote", "indent"];
+const quillFormats = [
+  "bold",
+  "italic",
+  "link",
+  "underline",
+  "header",
+  "list",
+  "alt",
+  "break",
+  "width",
+  "style",
+  "code",
+  "blockquote",
+  "indent"
+];
 
 export default function createQuillEditor(container) {
   const toolbar = $(container).data("toolbar");
@@ -17,26 +31,28 @@ export default function createQuillEditor(container) {
     [{ list: "ordered" }, { list: "bullet" }],
     ["link", "clean"],
     ["code", "blockquote"],
-    [{ "indent": "-1"}, { "indent": "+1" }]
+    [{ indent: "-1" }, { indent: "+1" }]
   ];
 
-  let addImage = $(container).data("editorImages");
+  let addImage = false;
+  let addVideo = false;
 
-  if (toolbar === "full") {
+  /**
+   * - basic = only basic controls without titles
+   * - content = basic + headings
+   * - full = basic + headings + image + video
+   */
+  if (toolbar === "content") {
+    quillToolbar = [[{ header: [2, 3, 4, 5, 6, false] }], ...quillToolbar];
+  } else if (toolbar === "full") {
+    addImage = true;
+    addVideo = true;
     quillToolbar = [
       [{ header: [2, 3, 4, 5, 6, false] }],
       ...quillToolbar,
-      ["video"]
+      ["video"],
+      ["image"]
     ];
-  } else if (toolbar === "basic") {
-    quillToolbar = [
-      ...quillToolbar,
-      ["video"]
-    ];
-  }
-
-  if (addImage) {
-    quillToolbar.push(["image"]);
   }
 
   let modules = {
@@ -44,17 +60,26 @@ export default function createQuillEditor(container) {
     toolbar: {
       container: quillToolbar,
       handlers: {
-        "linebreak": lineBreakButtonHandler
+        linebreak: lineBreakButtonHandler
       }
     }
   };
   const $input = $(container).siblings('input[type="hidden"]');
   container.innerHTML = $input.val() || "";
   const token = $('meta[name="csrf-token"]').attr("content");
+
+  if (addVideo) {
+    quillFormats.push("video");
+  }
+
   if (addImage) {
+    // Attempt to allow images only if the image support is enabled at editor support.
+    // see: https://github.com/quilljs/quill/issues/1108
+    quillFormats.push("image");
+
     modules.imageResize = {
       modules: ["Resize", "DisplaySize"]
-    }
+    };
     modules.imageUpload = {
       url: $(container).data("uploadImagesPath"),
       method: "POST",
@@ -62,18 +87,23 @@ export default function createQuillEditor(container) {
       withCredentials: false,
       headers: { "X-CSRF-Token": token },
       callbackOK: (serverResponse, next) => {
-        $("div.ql-toolbar").last().removeClass("editor-loading")
+        $("div.ql-toolbar").last().removeClass("editor-loading");
         next(serverResponse.url);
       },
       callbackKO: (serverError) => {
-        $("div.ql-toolbar").last().removeClass("editor-loading")
+        $("div.ql-toolbar").last().removeClass("editor-loading");
         console.log(`Image upload error: ${serverError.message}`);
       },
       checkBeforeSend: (file, next) => {
-        $("div.ql-toolbar").last().addClass("editor-loading")
+        $("div.ql-toolbar").last().addClass("editor-loading");
         next(file);
       }
-    }
+    };
+
+    const text = $(container).data("dragAndDropHelpText");
+    $(container).after(
+      `<p class="help-text" style="margin-top:-1.5rem;">${text}</p>`
+    );
   }
   const quill = new Quill(container, {
     modules: modules,
@@ -81,6 +111,11 @@ export default function createQuillEditor(container) {
     theme: "snow"
   });
 
+  if (addImage === false) {
+    // Firefox natively implements image drop in contenteditable which is why we need to disable that
+    quill.root.addEventListener("drop", (ev) => ev.preventDefault());
+  }
+
   if (disabled) {
     quill.disable();
   }
@@ -95,7 +130,10 @@ export default function createQuillEditor(container) {
     });
     container.dispatchEvent(event);
 
-    if ((text === "\n" || text === "\n\n") && quill.root.querySelectorAll(allowedEmptyContentSelector).length === 0) {
+    if (
+      (text === "\n" || text === "\n\n") &&
+      quill.root.querySelectorAll(allowedEmptyContentSelector).length === 0
+    ) {
       $input.val("");
     } else {
       const emptyParagraph = "<p><br></p>";
@@ -109,13 +147,5 @@ export default function createQuillEditor(container) {
   // After editor is ready, linebreak_module deletes two extraneous new lines
   quill.emitter.emit("editor-ready");
 
-  if (addImage) {
-    const text = $(container).data("dragAndDropHelpText");
-    $(container).after(`<p class="help-text" style="margin-top:-1.5rem;">${text}</p>`);
-  }
-
-  // After editor is ready, linebreak_module deletes two extraneous new lines
-  quill.emitter.emit("editor-ready");
-
   return quill;
 }

data/app/packs/src/decidim/map/controller/drag_marker.js

@@ -1,6 +1,4 @@
-import * as L from "leaflet";
 import MapController from "src/decidim/map/controller"
-import "src/decidim/vendor/leaflet-tilelayer-here"
 
 export default class MapDragMarkerController extends MapController {
   start() {

data/app/packs/src/decidim/map/controller/markers.js

@@ -1,5 +1,4 @@
 import "src/decidim/vendor/jquery-tmpl"
-import * as L from "leaflet";
 import MapController from "src/decidim/map/controller"
 import "leaflet.markercluster";
 

data/app/packs/src/decidim/map/controller/static.js

@@ -1,4 +1,3 @@
-import * as L from "leaflet";
 import MapController from "src/decidim/map/controller"
 
 const openLink = window.open;

data/app/packs/src/decidim/map/controller.js

@@ -1,5 +1,3 @@
-import * as L from "leaflet";
-import "src/decidim/map/icon"
 import MapControllerRegistry from "src/decidim/map/controller_registry"
 
 export default class MapController {

data/app/packs/src/decidim/map/factory.js

@@ -1,3 +1,5 @@
+import "src/decidim/map/icon"
+
 import MapMarkersController from "src/decidim/map/controller/markers"
 import MapStaticController from "src/decidim/map/controller/static"
 import MapDragMarkerController from "src/decidim/map/controller/drag_marker"
@@ -22,7 +24,8 @@ import MapDragMarkerController from "src/decidim/map/controller/drag_marker"
  *   window.Decidim.createMapController = (mapId, config) => {
  *     if (config.type === "custom") {
  *       // Obviously you need to implement CustomMapController for this to
- *       // work.
+ *       // work. You can find an example at:
+ *       // decidim-dev/app/packs/src/decidim/dev/test/custom_map_factory.js
  *       return new window.Decidim.CustomMapController(mapId, config);
  *     }
  *

data/app/packs/src/decidim/map/icon.js

@@ -1,4 +1,3 @@
-import * as L from "leaflet";
 import { SVGIcon } from "leaflet-svgicon"
 
 L.DivIcon.SVGIcon = SVGIcon;

data/app/packs/src/decidim/map/legacy.js

@@ -1,6 +1,5 @@
 /* eslint-disable require-jsdoc */
 
-import * as L from "leaflet";
 import "src/decidim/map/factory"
 
 /**

data/app/packs/src/decidim/map/provider/default.js

@@ -1,3 +1,5 @@
+import "leaflet"
+
 /**
  * NOTE:
  * This has to load before decidim/map in order for it to apply correctly when

data/app/packs/src/decidim/map/provider/here.js

@@ -1,4 +1,5 @@
-import * as L from "leaflet"
+import "leaflet"
+import "src/decidim/vendor/leaflet-tilelayer-here"
 
 /**
  * NOTE:

data/app/packs/stylesheets/decidim/_editor.scss

@@ -10,4 +10,133 @@
     margin-bottom: $paragraph-margin-bottom;
     text-rendering: $paragraph-text-rendering;
   }
+
+  ul,
+  ol{
+    margin-bottom: $paragraph-margin-bottom;
+  }
+}
+
+.ql-editor-display{
+  ul,
+  ol{
+    li{
+      list-style-type: none;
+      margin-bottom: .5rem;
+
+      &::before{
+        content: "\2022";
+        display: inline-block;
+        white-space: nowrap;
+        width: 1.2em;
+      }
+
+      &.ql-indent-1{
+        padding-left: 3em;
+      }
+
+      &.ql-indent-2{
+        padding-left: 6em;
+      }
+
+      &.ql-indent-3{
+        padding-left: 9em;
+      }
+
+      &.ql-indent-4{
+        padding-left: 12em;
+      }
+
+      &.ql-indent-5{
+        padding-left: 15em;
+      }
+
+      &.ql-indent-6{
+        padding-left: 18em;
+      }
+
+      &.ql-indent-7{
+        padding-left: 21em;
+      }
+
+      &.ql-indent-8{
+        padding-left: 24em;
+      }
+
+      &.ql-indent-9{
+        padding-left: 27em;
+      }
+    }
+  }
+
+  ol{
+    li{
+      counter-reset: list-1 list-2 list-3 list-4 list-5 list-6 list-7 list-8 list-9;
+      counter-increment: list-0;
+
+      &::before{ content: counter(list-0, decimal) ". "; }
+
+      &.ql-indent-1{
+        counter-increment: list-1;
+        counter-reset: list-2 list-3 list-4 list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-1, lower-alpha) ". "; }
+      }
+
+      &.ql-indent-2{
+        counter-increment: list-2;
+        counter-reset: list-3 list-4 list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-2, lower-roman) ". "; }
+      }
+
+      &.ql-indent-3{
+        counter-increment: list-3;
+        counter-reset: list-4 list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-3, decimal) ". "; }
+      }
+
+      &.ql-indent-4{
+        counter-increment: list-4;
+        counter-reset: list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-4, lower-alpha) ". "; }
+      }
+
+      &.ql-indent-5{
+        counter-increment: list-5;
+        counter-reset: list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-5, lower-roman) ". "; }
+      }
+
+      &.ql-indent-6{
+        counter-increment: list-6;
+        counter-reset: list-7 list-8 list-9;
+
+        &::before{ content: counter(list-6, decimal) ". "; }
+      }
+
+      &.ql-indent-7{
+        counter-increment: list-7;
+        counter-reset: list-8 list-9;
+
+        &::before{ content: counter(list-7, lower-alpha) ". "; }
+      }
+
+      &.ql-indent-8{
+        counter-increment: list-8;
+        counter-reset: list-9;
+
+        &::before{ content: counter(list-8, lower-roman) ". "; }
+      }
+
+      &.ql-indent-9{
+        counter-increment: list-9;
+
+        &::before{ content: counter(list-9, decimal) ". "; }
+      }
+    }
+  }
 }

data/app/packs/stylesheets/decidim/extras/_quill.scss

@@ -11,9 +11,3 @@
   margin-top: 0;
   margin-bottom: 0;
 }
-
-.ql-reset-decidim{
-  display: inline;
-  padding: 0;
-  white-space: inherit;
-}

data/app/packs/stylesheets/decidim/modules/_buttons.scss

@@ -123,6 +123,10 @@
     }
   }
 
+  &.primary{
+    @include button-hollow-variant(var(--primary));
+  }
+
   &.secondary{
     @include button-hollow-variant(var(--secondary));
   }
@@ -257,12 +261,12 @@
 
 .button--shadow{
   $shadows: (
-    primary: shade($primary, 50),
-    secondary: shade($secondary, 50),
-    success: shade($success, 50),
-    warning: shade($warning, 50),
-    alert: shade($alert, 50),
-    muted: shade($muted, 50),
+    primary: shade($primary, 50%),
+    secondary: shade($secondary, 50%),
+    success: shade($success, 50%),
+    warning: shade($warning, 50%),
+    alert: shade($alert, 50%),
+    muted: shade($muted, 50%),
   );
 
   @include modifiers(background-color, $shadows){

data/app/packs/stylesheets/decidim/modules/_cards.scss

@@ -934,7 +934,7 @@ a .card__title{
   @include modifiers(
     color,
     (
-      muted: tint($muted, 50),
+      muted: tint($muted, 50%),
     )
   ){
     margin-top: -$global-margin * .95;

data/app/packs/stylesheets/decidim/modules/_comments.scss

@@ -17,6 +17,30 @@ $comment-form-bg: $light-gray;
 
 .comment-thread{
   @extend .card;
+
+  .show-comment-replies{
+    display: none;
+  }
+
+  .hide-comment-replies{
+    display: inline;
+  }
+
+  .comment__hide{
+    float: left;
+    margin-bottom: 0;
+  }
+
+  .no-comments{
+    .show-comment-replies{
+      display: inline;
+    }
+
+    .hide-comment-replies,
+    .replies{
+      display: none;
+    }
+  }
 }
 
 .comment-thread__title{

data/app/packs/stylesheets/decidim/modules/_dropdown_menu.scss

@@ -0,0 +1,9 @@
+.dropdown.menu > li {
+  &.is-active > a {
+    color: var(--secondary);
+  }
+
+  &.is-dropdown-submenu-parent > a::after {
+    border-color: var(--secondary) transparent transparent;
+  }
+}

data/app/packs/stylesheets/decidim/vizzs/_linechart.scss

@@ -36,8 +36,8 @@
   @mixin loop-colors-types($color, $max: 12){
     @for $i from 0 through ($max - 1){
       $interval: ($i % 4) * 24 + 1;
-      $tints: tint($color, $interval);
-      $shades: shade($color, $interval);
+      $tints: tint($color, $interval * 1%);
+      $shades: shade($color, $interval * 1%);
       $adjusts: adjust-color($color, $lightness: $interval * 1%, $hue: -$interval);
 
       .type-#{$i}:not(.legend){

data/app/packs/stylesheets/decidim/vizzs/_rowchart.scss

@@ -27,8 +27,8 @@
   @mixin loop-colors-types($color, $max: 12){
     @for $i from 0 through ($max - 1){
       $interval: ($i % 4) * 24 + 1;
-      $tints: tint($color, $interval);
-      $shades: shade($color, $interval);
+      $tints: tint($color, $interval * 1%);
+      $shades: shade($color, $interval * 1%);
       $adjusts: adjust-color($color, $lightness: $interval * 1%, $hue: -$interval);
 
       .type-#{$i}{

data/app/presenters/decidim/notification_presenter.rb

@@ -11,7 +11,7 @@ module Decidim
 
     def created_at_in_words
       if created_at.between?(1.month.ago, Time.current)
-        time_ago_in_words(created_at)
+        I18n.t("decidim.user_conversations.index.time_ago", time: time_ago_in_words(created_at))
       else
         format = created_at.year == Time.current.year ? :ddmm : :ddmmyyyy
         I18n.l(created_at, format: format)

data/app/presenters/decidim/user_group_presenter.rb

@@ -16,7 +16,7 @@ module Decidim
     end
 
     def can_be_contacted?
-      true
+      true unless blocked?
     end
 
     def officialization_text

data/app/presenters/decidim/user_presenter.rb

@@ -61,7 +61,7 @@ module Decidim
     end
 
     def can_be_contacted?
-      true
+      true unless blocked?
     end
 
     def officialization_text

data/app/queries/decidim/metrics/users_metric_manage.rb

@@ -11,15 +11,15 @@ module Decidim
       private
 
       def query
-        return @query if @query
-
-        @query = Decidim::User.where(organization: @organization)
-        @query = @query.where("created_at <= ?", end_time)
-        @query
+        @query ||= Decidim::User.where(organization: @organization)
+                                .where("deleted_at IS NULL OR deleted_at > ?", end_time)
+                                .where("blocked_at IS NULL OR blocked_at > ?", end_time)
+                                .confirmed
+                                .where("created_at <= ?", end_time)
       end
 
       def quantity
-        @quantity ||= @query.where("created_at >= ?", start_time).count
+        @quantity ||= query.where("created_at >= ?", start_time).count
       end
     end
   end

data/app/scrubbers/decidim/admin_input_scrubber.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Decidim
+  # Use this class as a scrubber to sanitize admin user input. The default
+  # scrubbed provided by Rails does not allow `iframe`s, and we are using
+  # them to embed videos, so we need to provide a whole new scrubber.
+  #
+  # Example:
+  #
+  #    sanitize(@page.body, scrubber: Decidim::AdminInputScrubber.new)
+  #
+  # Lists of default tags and attributes are extracted from
+  # https://stackoverflow.com/a/35073814/2110884.
+  class AdminInputScrubber < UserInputScrubber
+    private
+
+    DECIDIM_ALLOWED_TAGS = %w(img video audio source comment iframe).freeze
+
+    def custom_allowed_attributes
+      super + %w(frameborder allowfullscreen) - %w(onerror)
+    end
+
+    def custom_allowed_tags
+      super + DECIDIM_ALLOWED_TAGS
+    end
+  end
+end

data/app/scrubbers/decidim/user_input_scrubber.rb

@@ -1,9 +1,7 @@
 # frozen_string_literal: true
 
 module Decidim
-  # Use this class as a scrubber to sanitize user input. The default
-  # scrubbed provided by Rails does not allow `iframe`s, and we're using
-  # them to embed videos, so we need to provide a whole new scrubber.
+  # Use this class as a scrubber to sanitize participant user input.
   #
   # Example:
   #
@@ -20,12 +18,41 @@ module Decidim
 
     private
 
+    RESTRICTED_TAGS = %w(
+      area
+      article
+      aside
+      audio
+      button
+      canvas
+      fieldset
+      figcaption
+      figure
+      font
+      footer
+      form
+      header
+      img
+      input
+      label
+      legend
+      main
+      map
+      menu
+      optgroup
+      option
+      output
+      select
+      textarea
+      video
+    ).freeze
+
     def custom_allowed_attributes
-      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES + %w(frameborder allowfullscreen) - %w(onerror)
+      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES
     end
 
     def custom_allowed_tags
-      Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 + %w(iframe)
+      Loofah::HTML5::SafeList::ACCEPTABLE_ELEMENTS - RESTRICTED_TAGS
     end
   end
 end

data/app/services/decidim/traceability.rb

@@ -117,6 +117,7 @@ module Decidim
       return unless user.is_a?(Decidim::User)
       # If the record is not valid, it may not yet have an ID causing an
       # exception when trying to save the log record.
+      return if resource.nil?
       return unless resource.valid?
 
       Decidim::ActionLogger.log(