decidim-core 0.27.0 → 0.27.2

data/app/packs/stylesheets/decidim/_editor.scss

@@ -10,4 +10,133 @@
     margin-bottom: $paragraph-margin-bottom;
     text-rendering: $paragraph-text-rendering;
   }
+
+  ul,
+  ol{
+    margin-bottom: $paragraph-margin-bottom;
+  }
+}
+
+.ql-editor-display{
+  ul,
+  ol{
+    li{
+      list-style-type: none;
+      margin-bottom: .5rem;
+
+      &::before{
+        content: "\2022";
+        display: inline-block;
+        white-space: nowrap;
+        width: 1.2em;
+      }
+
+      &.ql-indent-1{
+        padding-left: 3em;
+      }
+
+      &.ql-indent-2{
+        padding-left: 6em;
+      }
+
+      &.ql-indent-3{
+        padding-left: 9em;
+      }
+
+      &.ql-indent-4{
+        padding-left: 12em;
+      }
+
+      &.ql-indent-5{
+        padding-left: 15em;
+      }
+
+      &.ql-indent-6{
+        padding-left: 18em;
+      }
+
+      &.ql-indent-7{
+        padding-left: 21em;
+      }
+
+      &.ql-indent-8{
+        padding-left: 24em;
+      }
+
+      &.ql-indent-9{
+        padding-left: 27em;
+      }
+    }
+  }
+
+  ol{
+    li{
+      counter-reset: list-1 list-2 list-3 list-4 list-5 list-6 list-7 list-8 list-9;
+      counter-increment: list-0;
+
+      &::before{ content: counter(list-0, decimal) ". "; }
+
+      &.ql-indent-1{
+        counter-increment: list-1;
+        counter-reset: list-2 list-3 list-4 list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-1, lower-alpha) ". "; }
+      }
+
+      &.ql-indent-2{
+        counter-increment: list-2;
+        counter-reset: list-3 list-4 list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-2, lower-roman) ". "; }
+      }
+
+      &.ql-indent-3{
+        counter-increment: list-3;
+        counter-reset: list-4 list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-3, decimal) ". "; }
+      }
+
+      &.ql-indent-4{
+        counter-increment: list-4;
+        counter-reset: list-5 list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-4, lower-alpha) ". "; }
+      }
+
+      &.ql-indent-5{
+        counter-increment: list-5;
+        counter-reset: list-6 list-7 list-8 list-9;
+
+        &::before{ content: counter(list-5, lower-roman) ". "; }
+      }
+
+      &.ql-indent-6{
+        counter-increment: list-6;
+        counter-reset: list-7 list-8 list-9;
+
+        &::before{ content: counter(list-6, decimal) ". "; }
+      }
+
+      &.ql-indent-7{
+        counter-increment: list-7;
+        counter-reset: list-8 list-9;
+
+        &::before{ content: counter(list-7, lower-alpha) ". "; }
+      }
+
+      &.ql-indent-8{
+        counter-increment: list-8;
+        counter-reset: list-9;
+
+        &::before{ content: counter(list-8, lower-roman) ". "; }
+      }
+
+      &.ql-indent-9{
+        counter-increment: list-9;
+
+        &::before{ content: counter(list-9, decimal) ". "; }
+      }
+    }
+  }
 }

data/app/packs/stylesheets/decidim/email.scss

@@ -25,6 +25,13 @@ body{
   -moz-box-sizing: border-box;
   -webkit-box-sizing: border-box;
   box-sizing: border-box;
+
+  &.preview{
+    .see-on-website,
+    .unsubscribe{
+      cursor: not-allowed;
+    }
+  }
 }
 
 .ExternalClass{

data/app/packs/stylesheets/decidim/extras/_quill.scss

@@ -11,9 +11,3 @@
   margin-top: 0;
   margin-bottom: 0;
 }
-
-.ql-reset-decidim{
-  display: inline;
-  padding: 0;
-  white-space: inherit;
-}

data/app/presenters/decidim/admin_log/user_group_presenter.rb

@@ -20,7 +20,7 @@ module Decidim
 
       def action_string
         case action
-        when "verify", "verify_via_csv", "reject"
+        when "verify", "verify_via_csv", "reject", "block", "unblock"
           "decidim.admin_log.user_group.#{action}"
         else
           super

data/app/presenters/decidim/admin_log/user_moderation_presenter.rb

@@ -52,7 +52,7 @@ module Decidim
       end
 
       def unreported_user
-        @unreported_user ||= Decidim::User.find_by(id: action_log.extra.dig("extra", "user_id"))
+        @unreported_user ||= Decidim::UserBaseEntity.find_by(id: action_log.extra.dig("extra", "user_id"))
       end
 
       def has_diff?

data/app/presenters/decidim/home_stats_presenter.rb

@@ -42,12 +42,19 @@ module Decidim
     end
 
     def component_stats(conditions)
+      stats = {}
       Decidim.component_manifests.flat_map do |component|
-        component.stats.except([:supports_count])
-                 .filter(conditions)
-                 .with_context(published_components)
-                 .map { |name, data| [name, data] }
+        component
+          .stats.except([:supports_count])
+          .filter(conditions)
+          .with_context(published_components)
+          .each do |name, data|
+            stats[name] ||= 0
+            stats[name] += data
+          end
       end
+
+      stats.to_a
     end
 
     def published_components

data/app/presenters/decidim/push_notification_presenter.rb

@@ -19,7 +19,7 @@ module Decidim
     end
 
     def url
-      resource.reported_content_url
+      event_class_instance.resource_url
     end
   end
 end

data/app/presenters/decidim/stats_presenter.rb

@@ -15,18 +15,17 @@ module Decidim
     end
 
     def statistics(grouped_stats)
-      statistics = []
+      statistics = {}
+
       grouped_stats.each do |_manifest_name, stats|
-        stats.each_with_index.each do |stat, _index|
-          stat.each_with_index.map do |_item, subindex|
-            next unless (subindex % 3).zero?
-            next if stat[subindex + 2].zero?
+        stats.each do |_space_manifest, component_manifest, count|
+          next if count.zero?
 
-            statistics << { stat_title: stat[subindex + 1], stat_number: stat[subindex + 2] }
-          end
+          statistics[component_manifest] ||= 0
+          statistics[component_manifest] += count
         end
       end
-      statistics
+      statistics.map { |key, number| { stat_title: key, stat_number: number } }
     end
   end
 end

data/app/presenters/decidim/user_presenter.rb

@@ -5,7 +5,6 @@ module Decidim
   # Decorator for users
   #
   class UserPresenter < SimpleDelegator
-    include Rails.application.routes.mounted_helpers
     include ActionView::Helpers::UrlHelper
     include Decidim::TranslatableAttributes
 
@@ -27,7 +26,7 @@ module Decidim
     def profile_url
       return "" if respond_to?(:deleted?) && deleted?
 
-      decidim.profile_url(__getobj__.nickname, host: __getobj__.organization.host)
+      decidim.profile_url(__getobj__.nickname)
     end
 
     def avatar
@@ -36,13 +35,13 @@ module Decidim
 
     def avatar_url(variant = nil)
       return default_avatar_url if __getobj__.blocked?
-      return avatar.default_url unless avatar.attached?
+      return default_avatar_url unless avatar.attached?
 
       avatar.path(variant: variant)
     end
 
     def default_avatar_url
-      attached_uploader(:avatar).default_url
+      avatar.default_url
     end
 
     def profile_path
@@ -77,5 +76,11 @@ module Decidim
     def has_tooltip?
       true
     end
+
+    private
+
+    def decidim
+      @decidim ||= Decidim::EngineRouter.new("decidim", { host: __getobj__.organization.host })
+    end
   end
 end

data/app/queries/decidim/public_activities.rb

@@ -107,6 +107,7 @@ module Decidim
               LEFT JOIN decidim_participatory_space_private_users AS #{manifest.name}_private_users
                 ON #{manifest.name}_private_users.privatable_to_type = '#{manifest.model_class_name}'
                 AND #{table}.id = #{manifest.name}_private_users.privatable_to_id
+                AND #{table}.private_space = 't'
             SQL
           ).to_s
         ).where(

data/app/uploaders/decidim/application_uploader.rb

@@ -47,7 +47,7 @@ module Decidim
       return unless attached?
 
       representable = variant(key)
-      AssetRouter.new(representable).url(**options)
+      AssetRouter::Storage.new(representable).url(**options)
     end
 
     def path(options = {})

data/app/uploaders/decidim/avatar_uploader.rb

@@ -12,11 +12,11 @@ module Decidim
     end
 
     def default_url(*)
-      ActionController::Base.helpers.asset_pack_path("media/images/default-avatar.svg")
+      AssetRouter::Pipeline.new("media/images/default-avatar.svg", model: model).url
     end
 
     def default_multiuser_url(*)
-      ActionController::Base.helpers.asset_pack_path("media/images/avatar-multiuser.png")
+      AssetRouter::Pipeline.new("media/images/avatar-multiuser.png", model: model).url
     end
   end
 end

data/app/validators/etiquette_validator.rb

@@ -3,12 +3,16 @@
 # This validator takes care of ensuring the validated content is
 # respectful, doesn't use caps, and overall is meaningful.
 class EtiquetteValidator < ActiveModel::EachValidator
+  include ActionView::Helpers::SanitizeHelper
+
   def validate_each(record, attribute, value)
     return if value.blank?
 
-    validate_caps(record, attribute, value)
-    validate_marks(record, attribute, value)
-    validate_caps_first(record, attribute, value)
+    text_value = strip_tags(value)
+
+    validate_caps(record, attribute, text_value)
+    validate_marks(record, attribute, text_value)
+    validate_caps_first(record, attribute, text_value)
   end
 
   private

data/app/validators/file_content_type_validator.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+# We need to define the validator in the `ActiveModel::Validations` namespace as
+# this is what the `file_validators` uses and this is what gets priority over
+# the root namespace class.
+module ActiveModel
+  module Validations
+    # This validator provides content type validation for uploaded files. Extends
+    # the validator provided by the `file_validators` gem by fixing some weird
+    # messages in that validator.
+    class FileContentTypeValidator
+      private
+
+      alias mark_invalid_original mark_invalid unless private_method_defined?(:mark_invalid_original)
+
+      # This fixes the "weird" error messages such as "(?-mix:image\\/.*)" because
+      # this is the notation Regexp#to_s will return. Instead, we want to show the
+      # inner contents of the regular expressions.
+      #
+      # @see ActiveModel::Validations::FileContentTypeValidator#mark_invalid
+      def mark_invalid(record, attribute, error, option_types)
+        mark_invalid_original(record, attribute, error, invalid_types(option_types))
+      end
+
+      # Converts the configured content type matches to extensions if extensions are
+      # recognized for the specified content type and if not, the content type
+      # string itself.
+      #
+      # @param option_types [Array<Regexp, String>] Array of configured types.
+      # @param allowed_extensions [Array<String>, nil] Array of allowed extensions
+      #   or nil if all extensions are "allowed" (in case we want to show the
+      #   denylist error or hard code the types).
+      # @return [Array<String>] The invalid types as strings.
+      def invalid_types(option_types, allowed_extensions = nil)
+        extensions = []
+        content_types = []
+        option_types.each do |type|
+          # Since the original content types may have endings such as image/.*?, we
+          # want to replace the regexp pattern just with a star with the fallback
+          # option.
+          content_type = (type.try(:source) || type.to_s).gsub(".*?", "*")
+          if (exts = content_type_extensions(content_type, allowed_extensions))
+            extensions += exts
+          else
+            content_types << content_type
+          end
+        end
+
+        extensions.sort + content_types.sort
+      end
+
+      # Resolves the content type extensions through MiniMime or looks up all the
+      # possible extensions for wildcard content types such as `image/*`. For the
+      # wildcard extension types only those listed in the `allowed_extensions` will
+      # be returned.
+      #
+      # @param content_type [String] The content type, such as application/pdf or
+      #   image/*.
+      # @param allowed_extensions [Array, nil] Array of allowed extensions
+      #   or nil if all extensions are "allowed" (in case we want to show the
+      #   denylist error or hard code the types).
+      # @return [Array<String>, nil] An array of the allowed extensions or nil when
+      #   no extensions could be found.
+      def content_type_extensions(content_type, allowed_extensions = nil)
+        extensions =
+          if content_type.ends_with?("/*")
+            main_type = content_type.split("/")[0]
+            extensions_matching(%r{#{main_type}/.*})
+          else
+            extensions_matching(content_type)
+          end
+        return if extensions.count.zero?
+        return extensions unless allowed_extensions
+
+        extensions & allowed_extensions
+      end
+
+      # Looks up the extensions matching the content type lookup based on the
+      # MiniMime content types.
+      #
+      # @param content_type_lookup [String, Regexp] The lookup to be matched
+      #   against.
+      # @return [Array<String>] The array of extensions.
+      def extensions_matching(content_type_lookup)
+        extensions = []
+        File.open(MiniMime::Configuration.ext_db_path).each do |line|
+          info = line.split(/\s+/)
+          next unless info[1].match?(content_type_lookup)
+
+          extensions << info[0]
+        end
+
+        extensions
+      end
+    end
+  end
+end
+
+# This is just to make Zeitwerk happy. The actual validator that gets priority
+# is the class above as all validators in the `ActiveModel::Validations`
+# namespace will be used primarily and only if a matching validator is not found
+# in that namespace, the ones at the root level are used.
+class FileContentTypeValidator < ActiveModel::Validations::FileContentTypeValidator; end

data/app/validators/passthru_validator.rb

@@ -62,9 +62,20 @@ class PassthruValidator < ActiveModel::EachValidator
     elsif dummy.respond_to?(:organization=) && record.respond_to?(:organization)
       dummy.organization = record.organization
     end
+    validation_record_context(dummy, record)
     dummy
   end
 
+  def validation_record_context(dummy, record)
+    if dummy.is_a?(Decidim::Form)
+      dummy.with_context(
+        current_organization: record.try(:current_organization) || record.try(:ganization),
+        current_participatory_space: record.try(:current_participatory_space) || record.try(:participatory_space),
+        current_component: record.try(:current_component) || record.try(:component)
+      )
+    end
+  end
+
   def target_validators(attribute)
     target_class.validators_on(target_attribute(attribute))
   end

data/app/validators/uploader_content_type_validator.rb

@@ -41,4 +41,26 @@ class UploaderContentTypeValidator < ActiveModel::Validations::FileContentTypeVa
   # rubocop: enable Metrics/CyclomaticComplexity
 
   def check_validity!; end
+
+  private
+
+  # This fixes the "weird" error messages such as "(?-mix:image\\/.*)" because
+  # this is the notation Regexp#to_s will return. Instead, we want to show the
+  # inner contents of the regular expressions.
+  #
+  # @see ActiveModel::Validations::FileContentTypeValidator#mark_invalid
+  def mark_invalid(record, attribute, error, option_types)
+    allowed_extensions = nil
+    if error == :allowed_file_content_types
+      uploader = record.attached_uploader(attribute) if record.respond_to?(:attached_uploader)
+      allowed_extensions =
+        # Note that this may be a private method in some uploaders.
+        if uploader && uploader.respond_to?(:extension_allowlist, true)
+          uploader.send(:extension_allowlist)
+        else
+          Decidim.organization_settings(record).upload_allowed_file_extensions
+        end
+    end
+    mark_invalid_original(record, attribute, error, invalid_types(option_types, allowed_extensions))
+  end
 end

data/app/views/decidim/messaging/conversations/_conversation.html.erb

@@ -9,7 +9,7 @@
             <%= image_tag present(current_user).avatar.default_multiuser_url, alt: t("decidim.author.avatar_multiuser") %>
           <% end %>
         </div>
-        <span class="text-medium mt-xs"><%= Date::ABBR_DAYNAMES[conversation.created_at.wday] %> <%= conversation.created_at.wday %></span>
+        <span class="text-medium mt-xs"><%= Date::ABBR_DAYNAMES[conversation.created_at.wday] %> <%= l conversation.created_at, format: :decidim_short %></span>
       </div>
     </li>
     <li class="card-data__item card--list__item card-data__item--expand absolutes">

data/app/views/decidim/newsletter_mailer/newsletter.html.erb

@@ -1,16 +1,16 @@
 <%= decidim_sanitize_newsletter cell.to_s %>
 
 <% content_for :note do %>
-  <%== t ".note", organization_name: h(@organization.name), link: decidim.notifications_settings_url(host: @organization.host) %>
+  <%== t ".note", organization_name: h(@organization.name), link: @newsletter.notifications_settings_url %>
 <% end %>
 
 <% content_for :unsubscribe do %>
-  <%== t ".unsubscribe", link: decidim.unsubscribe_newsletters_url(host: @organization.host, u: @encrypted_token ) %>
+  <%== t ".unsubscribe", link: @newsletter.unsubscribe_newsletters_url(u: @encrypted_token) %>
 <% end %>
 
 <% content_for :see_on_website do %>
   <center style="display: none">
     <%== CGI.unescapeHTML truncate(cell.body, max_length: 50) %>
   </center>
-  <%== t ".see_on_website", link: decidim.newsletter_url(host: @organization.host, id: @newsletter) %>
+  <%== t ".see_on_website", link: @newsletter.url %>
 <% end %>

data/app/views/decidim/newsletters/show.html.erb

@@ -5,7 +5,7 @@
   newsletter: newsletter,
   recipient_user: @user
 ) %>
-<%= decidim_sanitize_editor @cell.to_s %>
+<%= decidim_sanitize_newsletter @cell.to_s %>
 
 <% content_for :note do %>
   <%== t "note", scope: "decidim.newsletter_mailer.newsletter", organization_name: h(@organization.name), link: decidim.notifications_settings_url(host: @organization.host) %>

data/app/views/decidim/notification_mailer/event_received.html.erb

@@ -4,7 +4,7 @@
 
 <% if @event_instance.resource_path.present? && @event_instance.resource_title.present? %>
   <p class="email-button email-button__cta">
-    <%= link_to @event_instance.resource_title, @event_instance.resource_url %>
+    <%= link_to decidim_sanitize(@event_instance.resource_title, strip_tags: true), @event_instance.resource_url %>
   </p>
 <% end %>
 

data/app/views/decidim/notifications_digest_mailer/_email_content.html.erb

@@ -5,7 +5,7 @@
   </p>
   <% if notification.resource_path.present? && notification.resource_title.present? %>
     <p class="email-button email-button__cta">
-      <%= link_to notification.resource_title, notification.resource_url %>
+      <%= link_to decidim_sanitize(notification.resource_title, strip_tags: true), notification.resource_url %>
     </p>
   <% end %>
 </div>

data/app/views/layouts/decidim/_mailer_logo.html.erb

@@ -1,6 +1,6 @@
 <% if organization %>
-  <% if @custom_url_for_mail_root.present? %>
-    <% url = @custom_url_for_mail_root %>
+  <% if defined?(custom_url_for_mail_root) && custom_url_for_mail_root.present? %>
+    <% url = custom_url_for_mail_root %>
   <% else %>
     <% url = decidim.root_url(host: organization.host) %>
   <% end %>

data/app/views/layouts/decidim/newsletter_base.html.erb

@@ -6,7 +6,7 @@
     <%= stylesheet_pack_tag "decidim_email" %>
   </head>
 
-  <body>
+  <%= content_tag :body, class: @preview ? "preview" : nil do %>
     <!-- <style> -->
     <table class="body">
       <% if content_for?(:see_on_website) %>
@@ -42,5 +42,5 @@
         </td>
       </tr>
     </table>
-  </body>
+  <% end %>
 </html>

data/config/locales/ar.yml

@@ -305,6 +305,8 @@ ar:
           title: غير مخوّل
         unconfirmed:
           title: تأكيد البريد الإلكتروني
+      show:
+        close_modal: إغلاق مشروط
     block_user_mailer:
       notify:
         hello: مرحبًا،
@@ -654,18 +656,6 @@ ar:
           how: كيف يمكنك كسب ذلك
           page_description: الشارات عبارة عن اعتراف بإجراءات المشارك والتقدم في المنصة. عند البدء في الاكتشاف والمشاركة والتفاعل في المنصة ، ستربح شارات مختلفة. فيما يلي قائمة بالشارات وبعض الطرق التي يمكنك من خلالها كسبها.
           title: شارات
-        invitations:
-          conditions:
-            - استخدم رابط "دعوة الأصدقاء" في صفحة المستخدم الخاصة بك لدعوة أصدقائك
-            - تخصيص ، إذا كنت تريد ، الرسالة التي ترسلها
-            - ستصل إلى أعلى مستوى عن طريق إرسال الدعوات وتسجيلها.
-          description: تُمنح هذه الشارة عند قيامك بدعوة بعض الأشخاص وقضاء بعض الوقت للتسجيل في %{organization_name} وتصبح مشاركًا. شكرًا لك على تعريف شخص %{organization_name} للآخرين والمساعدة في توسيع نطاق المجتمع!
-          description_another: قام هذا المشارك بدعوة %{score} شخصًا.
-          description_own: لقد قمت بدعوة %{score} شخصًا.
-          name: دعوات
-          next_level_in: دعوة %{score} أشخاص آخرين للوصول إلى المستوى التالي!
-          unearned_another: هذا المشارك لم يدع أي شخص حتى الآن
-          unearned_own: لم تقم بدعوة أي شخص حتى الآن.
       description: الشارات عبارة عن اعتراف بإجراءات المشارك والتقدم في المنصة. عند البدء في الاكتشاف والمشاركة والتفاعل في المنصة ، ستربح شارات مختلفة.
       level: المستوى %{level}
       reached_top: لقد وصلت إلى المستوى الأعلى لهذه الشارة.
@@ -769,6 +759,7 @@ ar:
     links:
       warning:
         cancel: إلغاء
+        close_modal: إغلاق مشروط
     log:
       base_presenter:
         create: "%{user_name} تم الإنشاء %{resource_name}"
@@ -844,7 +835,6 @@ ar:
     newsletter_mailer:
       newsletter:
         note: لقد تلقيت هذه الرسالة الإلكترونية لأنك مشترك في الرسائل الإخبارية على %{organization_name}. يمكنك تغيير الإعدادات الخاصة بك على هاتفك <a href="%{link}">الصفحة إخطارات</a>.
-        see_on_website: لا يمكن عرض هذا البريد الإلكتروني بشكل صحيح؟ اطلع عليه على <a href="%{link}" target="_blank">الموقع</a>.
         unsubscribe: لإلغاء الاشتراك في تلقي هذا النوع من البريد الإلكتروني ، <a href="%{link}" target="_blank" class="unsubscribe">إلغاء الاشتراك</a>.
     newsletter_templates:
       image_text_cta_settings_form:
@@ -988,7 +978,9 @@ ar:
       report:
         content_original_language: لغة المحتوى الأصلية
         hello: مرحبا %{name}،
+        reason: السبب
         report_html: <p>تم الإبلاغ عن المحتوى <a href="%{url}">التالي</a> .</p>
+        see_report: معاينة التقرير
         subject: تم الإبلاغ عن مورد
     reports:
       create:
@@ -1078,9 +1070,6 @@ ar:
       pages_count: صفحات
       participants_count: المشاركون
       users_count: المشاركون
-    user_activity:
-      index:
-        no_activities_warning: هذا المشارك لم يقم بأي نشاط حتى الآن.
     user_conversations:
       index:
         add_users_placeholder: البحث…
@@ -1268,7 +1257,6 @@ ar:
       not_locked: لم يكن مغلقا
       too_many_marks: يستخدم الكثير من علامات الترقيم المتتالية (مثل! و؟)
       too_much_caps: يستخدم عددًا كبيرًا جدًا من الأحرف الكبيرة (أكثر من 25٪ من النص)
-      too_short: قصير جدًا (أقل من 15 حرفًا)
   forms:
     required: مطلوب
   invisible_captcha: