RubyGems - decidim-core - Versions diffs - 0.26.9 → 0.27.0.rc1 - Mend

decidim-core 0.26.9 → 0.27.0.rc1

Potentially problematic release.

This version of decidim-core might be problematic. Click here for more details.

Files changed (643) hide show

data/app/{services/decidim/activity_search.rb → queries/decidim/public_activities.rb} RENAMED Viewed

@@ -1,100 +1,60 @@
 # frozen_string_literal: true
 module Decidim
-  # A class to search for recent activity performed in a Decidim Organization.
-  # It is intended to be used in the user profile, to retrieve activity and
-  # timeline for that user.
+  # This query finds the public ActionLog entries that can be shown in the
+  # participant views of the application within a Decidim Organization. It is
+  # intended to be used in the user profile, to retrieve activity and timeline
+  # for that user.
   #
-  # It will return any action for a given resource, except `create` on resources
-  # that implement the `Decidim::Publicable` concern to avoid leaking private
-  # data.
+  # This will create the base query for the activities but the resulting query
+  # needs to be scoped with either `with_resource_type` or
+  # `with_new_resource_type` in order to avoid leaking private data.
   #
   # Possible options:
   #
-  # :organization - the `Decidim::Organization` to scope to search. Required.
-  # :user - an optional `Decidim::USer` that performed the activites
+  # :resource_name - an optional name for a resource for searching only that
+  #    type of resources.
+  # :user - an optional `Decidim::User` that performed the activites
+  # :current_user - an optional `Decidim::User` for defining whether to show the
+  #   private log entries that relate to the current user.
   # :follows - a collection of `Decidim::Follow` resources. It will return any
   #   activity affecting any of these resources, performed by any of them or
   #   contained in any of them as spaces.
   # :scopes - a collection of `Decidim::Scope`. It will return any activity that
   #   took place in any of those scopes.
-  class ActivitySearch < Searchlight::Search
-    # Needed by Searchlight, this is the base query that will be used to
-    # append other criteria to the search.
-    def base_query
+  class PublicActivities < Decidim::Query
+    def initialize(organization, options = {})
+      @organization = organization
+      @resource_name = options[:resource_name]
+      @user = options[:user]
+      @current_user = options[:current_user]
+      @follows = options[:follows]
+      @scopes = options[:scopes]
+    end
+    def query
       query = ActionLog
-              .where(visibility: %w(public-only all))
-              .where(organization: options.fetch(:organization))
+              .where(visibility: visibility)
+              .where(organization: organization)
-      query = query.where(user: options[:user]) if options[:user]
-      query = query.where(resource_type: options[:resource_name]) if options[:resource_name]
+      query = query.where(user: user) if user
+      query = query.where(resource_type: resource_name) if resource_name.present?
       query = filter_follows(query)
-      filter_hidden(query)
-    end
-    # Overwrites the default Searchlight run method since we want to return
-    # activities in an specific order but we need to set it at the end of the chain.
-    def run
-      super.order(created_at: :desc)
-    end
-    # Adds a constrain to filter by resource type(s).
-    def search_resource_type
-      if resource_types.include?(resource_type)
-        scope_for(resource_type)
-      else
-        all_resources_scope
-      end
-    end
+      query = filter_hidden(query)
-    # All the resource types that are eligible to be included as an activity.
-    def resource_types
-      @resource_types ||= %w(
-        Decidim::Accountability::Result
-        Decidim::Blogs::Post
-        Decidim::Comments::Comment
-        Decidim::Consultations::Question
-        Decidim::Debates::Debate
-        Decidim::Meetings::Meeting
-        Decidim::Proposals::Proposal
-        Decidim::Surveys::Survey
-        Decidim::Assembly
-        Decidim::Consultation
-        Decidim::Initiative
-        Decidim::ParticipatoryProcess
-      ).select do |klass|
-        klass.safe_constantize.present?
-      end
+      query.order(created_at: :desc)
     end
     private
-    def publicable_resource_types
-      @publicable_resource_types ||= resource_types.select { |klass| klass.constantize.column_names.include?("published_at") }
-    end
-    def scope_for(resource_type)
-      if publicable_resource_types.include?(resource_type)
-        query.where(resource_type: resource_type).where.not(action: "create")
-      else
-        query.where(resource_type: resource_type)
-      end
-    end
+    attr_reader :organization, :resource_name, :user, :current_user, :follows, :scopes
-    def all_resources_scope
-      query
-        .where(
-          "(action <> ? AND resource_type IN (?)) OR (resource_type IN (?))",
-          "create",
-          publicable_resource_types,
-          (resource_types - publicable_resource_types)
-        )
+    def visibility
+      %w(public-only all)
     end
     def filter_follows(query)
-      follows = options[:follows]
-      interesting_scopes = options[:scopes]
       conditions = []
       if follows.present?
@@ -108,14 +68,12 @@ module Decidim
         conditions += followed_spaces_conditions(follows)
       end
-      conditions += interesting_scopes_conditions(interesting_scopes)
+      conditions += interesting_scopes_conditions(scopes)
       return query if conditions.empty?
       chained_conditions = conditions.inject do |previous_condition, condition|
-        next condition unless previous_condition
-        previous_condition.or(condition)
+        previous_condition.present? ? previous_condition.or(condition) : condition
       end
       query.where(chained_conditions)
@@ -134,7 +92,7 @@ module Decidim
       # Filter out the private space items that should not be visible for the
       # current user.
-      current_user_id = options.fetch(:current_user, nil)&.id.to_i
+      current_user_id = current_user&.id.to_i
       Decidim.participatory_space_manifests.map do |manifest|
         klass = manifest.model_class_name.constantize
         next unless klass.include?(Decidim::HasPrivateUsers)
@@ -149,7 +107,6 @@ module Decidim
               LEFT JOIN decidim_participatory_space_private_users AS #{manifest.name}_private_users
                 ON #{manifest.name}_private_users.privatable_to_type = '#{manifest.model_class_name}'
                 AND #{table}.id = #{manifest.name}_private_users.privatable_to_id
-                AND #{table}.private_space = 't'
             SQL
           ).to_s
         ).where(

data/app/queries/decidim/public_components.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   # This query finds the published components for all public participatory
   # spaces in the given organization. Can filter by manifest name.
-  class PublicComponents < Rectify::Query
+  class PublicComponents < Decidim::Query
     def self.for(organization, manifest_name: nil)
       new(organization, manifest_name: manifest_name).query
     end

data/app/queries/decidim/similar_emendations.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   # Class used to retrieve similar emendations, scoped to the current component.
-  class SimilarEmendations < Rectify::Query
+  class SimilarEmendations < Decidim::Query
     include Decidim::TranslationsHelper
     # Syntactic sugar to initialize the class and return the queried objects.

data/app/queries/decidim/stats_users_count.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   # This query counts registered users from a collection of organizations
   # in an optional interval of time.
-  class StatsUsersCount < Rectify::Query
+  class StatsUsersCount < Decidim::Query
     def self.for(organization, start_at = nil, end_at = nil)
       new(organization, start_at, end_at).query
     end

data/app/queries/decidim/user_groups/accepted_memberships.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   module UserGroups
     # Use this class to find the accepted memberships of the given user group.
-    class AcceptedMemberships < Rectify::Query
+    class AcceptedMemberships < Decidim::Query
       # Syntactic sugar to initialize the class and return the queried objects.
       #
       # user_group - a UserGroup that needs to find its accepted memberships

data/app/queries/decidim/user_groups/accepted_user_groups.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Decidim
     # Use this class to find the user groups the given user is accepted. In order
     # to calculate this, we get those groups where the user has a role of
     # member, creator or admin.
-    class AcceptedUserGroups < Rectify::Query
+    class AcceptedUserGroups < Decidim::Query
       # Syntactic sugar to initialize the class and return the queried objects.
       #
       # user - a User that needs to find the groups where they are accepted

data/app/queries/decidim/user_groups/accepted_users.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   module UserGroups
     # Use this class to find the accepted members of the given user group.
-    class AcceptedUsers < Rectify::Query
+    class AcceptedUsers < Decidim::Query
       # Syntactic sugar to initialize the class and return the queried objects.
       #
       # user_group - a UserGroup that needs to find its accepted members

data/app/queries/decidim/user_groups/admin_memberships.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Decidim
   module UserGroups
     # Use this class to find the the admins of the given user group with the
     # "admin" role. It returns memberships.
-    class AdminMemberships < Rectify::Query
+    class AdminMemberships < Decidim::Query
       # Syntactic sugar to initialize the class and return the queried objects.
       #
       # user_group - a UserGroup that needs to find its admin users

data/app/queries/decidim/user_groups/invited_memberships.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Decidim
   module UserGroups
     # Use this class to find the invitations to user groups the given user has.
-    class InvitedMemberships < Rectify::Query
+    class InvitedMemberships < Decidim::Query
       # Syntactic sugar to initialize the class and return the queried objects.
       #
       # user - a User that needs to find which groups they have been invited to

data/app/queries/decidim/user_groups/manageable_user_groups.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Decidim
     # Use this class to find the user groups the given user can manage. In order
     # to calculate this, we get those groups where the user has a role of
     # creator or admin.
-    class ManageableUserGroups < Rectify::Query
+    class ManageableUserGroups < Decidim::Query
       # Syntactic sugar to initialize the class and return the queried objects.
       #
       # user - a User that needs to find which groups can manage

data/app/queries/decidim/user_groups/member_memberships.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Decidim
   module UserGroups
     # Use this class to find the the members of the given user group with the
     # "member" role. It returns memberships.
-    class MemberMemberships < Rectify::Query
+    class MemberMemberships < Decidim::Query
       # Syntactic sugar to initialize the class and return the queried objects.
       #
       # user_group - a UserGroup that needs to find its member users

data/app/scrubbers/decidim/user_input_scrubber.rb CHANGED Viewed

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 module Decidim
-  # Use this class as a scrubber to sanitize participant user input.
+  # Use this class as a scrubber to sanitize user input. The default
+  # scrubbed provided by Rails does not allow `iframe`s, and we're using
+  # them to embed videos, so we need to provide a whole new scrubber.
   #
   # Example:
   #
@@ -18,41 +20,12 @@ module Decidim
     private
-    RESTRICTED_TAGS = %w(
-      area
-      article
-      aside
-      audio
-      button
-      canvas
-      fieldset
-      figcaption
-      figure
-      font
-      footer
-      form
-      header
-      img
-      input
-      label
-      legend
-      main
-      map
-      menu
-      optgroup
-      option
-      output
-      select
-      textarea
-      video
-    ).freeze
     def custom_allowed_attributes
-      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES
+      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES + %w(frameborder allowfullscreen) - %w(onerror)
     end
     def custom_allowed_tags
-      Loofah::HTML5::SafeList::ACCEPTABLE_ELEMENTS - RESTRICTED_TAGS
+      Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 + %w(iframe)
     end
   end
 end

data/app/services/decidim/{data_portability_exporter.rb → download_your_data_exporter.rb} RENAMED Viewed

@@ -9,11 +9,11 @@ module Decidim
   # somewhere so users can download their data.
   #
   # In fact, the 7z file wraps a ZIP file which finally contains the data files.
-  class DataPortabilityExporter
+  class DownloadYourDataExporter
     include ::Decidim::ZipStream::Writer
     DEFAULT_EXPORT_FORMAT = "CSV"
-    ZIP_FILE_NAME = "data-portability.zip"
+    ZIP_FILE_NAME = "download-your-data.zip"
     # Public: Initializes the class.
     #
@@ -56,18 +56,18 @@ module Decidim
       export_data = []
       export_attachments = []
-      data_portability_entities.each do |object|
+      download_your_data_entities.each do |object|
         klass = Object.const_get(object)
         export_data << [klass.model_name.name.parameterize.pluralize, Exporters.find_exporter(format).new(klass.user_collection(user), klass.export_serializer).export]
-        attachments = klass.data_portability_images(user)
+        attachments = klass.download_your_data_images(user)
         export_attachments << [klass.model_name.name.parameterize.pluralize, attachments.flatten] unless attachments.nil?
       end
       [export_data, export_attachments]
     end
-    def data_portability_entities
-      @data_portability_entities ||= DataPortabilitySerializers.data_entities
+    def download_your_data_entities
+      @download_your_data_entities ||= DownloadYourDataSerializers.data_entities
     end
   end
 end

data/app/services/decidim/email_notification_generator.rb CHANGED Viewed

@@ -54,7 +54,7 @@ module Decidim
     attr_reader :event, :event_class, :resource, :followers, :affected_users, :extra
     # Private: sends the notification email to the user if they have the
-    # `email_on_notification` flag active.
+    # `notifications_sending_frequency` set to real_time.
     #
     # recipient - The user that will receive the email.
     # user_role - the role the user takes for this notification (either
@@ -63,7 +63,7 @@ module Decidim
     # Returns nothing.
     def send_email_to(recipient, user_role:)
       return unless recipient
-      return unless recipient.email_on_notification?
+      return unless recipient.notifications_sending_frequency == "real_time"
       return if resource.respond_to?(:can_participate?) && !resource.can_participate?(recipient)
       wait_time = 0

data/app/services/decidim/engine_resolver.rb ADDED Viewed

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+module Decidim
+  # This class can be used to resolve the mounted route based on the current
+  # routes in any provided context.
+  class EngineResolver
+    # Initializes the engine resolver instance.
+    #
+    # @param current_routes [ActionDispatch::Routing::RouteSet] the route set
+    #  for the context
+    def initialize(current_routes)
+      @current_routes = current_routes
+    end
+    # Resolves the mounted route name for the provided context.
+    #
+    # @return [String] The resolved route name or "decidim" if it could not be
+    #   resolved
+    def mounted_name
+      return "main_app" if base_engine.routes == current_routes
+      route = find_mounted_route(base_engine)
+      route&.name || "decidim"
+    end
+    private
+    attr_reader :current_routes
+    # Provides the base engine from which the search is started from.
+    #
+    # @return [Rails::Engine] The engine to start the search from
+    def base_engine
+      Rails.application
+    end
+    # Finds the mounted route for current context based on the current routes.
+    #
+    # @param target_engine [Rails::Engine] The engine from which the search is
+    #   performed.
+    # @return [ActionDispatch::Journey::Route] The defined route that matches
+    #   the current context based on the current routes provided for the
+    #   initializer.
+    def find_mounted_route(target_engine)
+      target_engine.routes.set.each do |route|
+        # If the route is a dispatcher
+        # (ActionDispatch::Routing::RouteSet::Dispatcher), it won't have an
+        # engine app mapped to it in which case the app won't respond to the
+        # `routes` method.
+        next if route.dispatcher?
+        next unless route.app.app.is_a?(Class)
+        next unless route.app.app < Rails::Engine
+        # route.app -> ActionDispatch::Routing::Mapper::Constraints
+        # route.app.app -> the target engine
+        return route if route.app.app.routes == current_routes
+        # Test the sub-engines if any engines are mounted to this engine.
+        sub = find_mounted_route(route.app.app)
+        return sub if sub
+      end
+      nil
+    end
+  end
+end

data/app/services/decidim/events_manager.rb CHANGED Viewed

@@ -27,8 +27,8 @@ module Decidim
     def self.publish(event:, resource:, event_class: Decidim::Events::BaseEvent, affected_users: [], followers: [], extra: {}, force_send: false)
       ActiveSupport::Notifications.publish(
         event,
-        event_class: event_class.name,
         resource: resource,
+        event_class: event_class.name,
         affected_users: affected_users.uniq.compact,
         followers: followers.uniq.compact,
         force_send: force_send,

data/app/services/decidim/iframe_disabler.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module Decidim
+  class IframeDisabler
+    def initialize(text, _options = {})
+      @text = text
+    end
+    def perform
+      @document = Nokogiri::HTML::DocumentFragment.parse(@text)
+      disable_iframes(@document)
+      document.to_html
+    end
+    private
+    attr_reader :document
+    def disable_iframes(node)
+      if node.name == "iframe"
+        node.name = "div"
+        old_classes = node.attributes["class"].value
+        node.attributes["class"].value = old_classes.present? ? "#{old_classes} disabled-iframe" : "disabled-iframe"
+      end
+      node.children.each do |child|
+        disable_iframes(child)
+      end
+    end
+  end
+end

data/app/services/decidim/notification_generator_for_recipient.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module Decidim
       return unless resource
       return unless recipient
-      notification.save!
+      notification if notification.save!
     end
     private

data/app/services/decidim/notifications_digest_sending_decider.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Decidim
+  class NotificationsDigestSendingDecider
+    class << self
+      def must_notify?(user, time: Time.now.utc)
+        return true if user.digest_sent_at.blank?
+        case user.notifications_sending_frequency.to_sym
+        when :none then false
+        when :daily then user.digest_sent_at < time - 1.day
+        when :weekly then user.digest_sent_at < time - 1.week
+        else true
+        end
+      end
+    end
+  end
+end

data/app/services/decidim/notifications_subscriptions_persistor.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module Decidim
+  # This class manages the creation and deletion of user notifications
+  class NotificationsSubscriptionsPersistor
+    attr_reader :user
+    def initialize(user)
+      @user = user
+    end
+    def add_subscription(params)
+      subscriptions = user.notification_settings["subscriptions"] || {}
+      filtered_params = filter_params(params)
+      new_subscription = { filtered_params[:auth] => filtered_params }
+      user.notification_settings["subscriptions"] = subscriptions.merge(new_subscription)
+      user.save
+    end
+    def delete_subscription(auth_key)
+      subscriptions = user.notification_settings["subscriptions"] || {}
+      user.notification_settings["subscriptions"] = subscriptions.except(auth_key)
+      user.save
+    end
+    private
+    def filter_params(params)
+      {
+        auth: params[:keys][:auth],
+        p256dh: params[:keys][:p256dh],
+        endpoint: params[:endpoint]
+      }
+    end
+  end
+end

data/app/services/decidim/open_data_exporter.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Decidim
     def export
       dirname = File.dirname(path)
       FileUtils.mkdir_p(dirname) unless File.directory?(dirname)
-      File.open(path, "wb") { |file| file.write(data) }
+      File.binwrite(path, data)
     end
     private