decidim-core 0.27.4 → 0.27.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d976829c2218ab34a1bf7c2ad99443edd61c4f37bb56963c8bb21a3e74afddef
-  data.tar.gz: acbaa2ce577af7e32648ce22941616e258f48bdbfb304e754344770fafaf9ef4
+  metadata.gz: c9b09dc6caf48cd1318acfd39efaef6e9aa95ed3527ff40c3974a56f409eeff7
+  data.tar.gz: bb6ca8ea6d9b57a37d6793757cd8a12bbcffdf63afd27924216f67af1d8acb14
 SHA512:
-  metadata.gz: 868d324e0f83442b37750933c39985dffdba9bfd06a2f47ad00836b7c9b89164bafff5d2083d5e24d7f01eb9c47dac46f564a375bacaa17726fe5d472bf6c86b
-  data.tar.gz: 1af449d8a281aa2ae5db6c0f03a7be077f7a7eeaa2a300e8bc2a2d36622cd4be5aafb4245878a24e4bd2496542d0166a84287974e72cdeb294acdcd021144b00
+  metadata.gz: 4003252d8eeae3f86cb4056380f4fb7aefe8a8e97f3935e97a970513ccdd05e9d6b9ca8658b56147b7bff0e306608472e656db871eae5bbb50ab9cfc1e629d4b
+  data.tar.gz: ce5aec4bd84ee34b87b5b7cc3f1afb08a1e6bcc3c34ff5cf1afa87d3ded13fe012f29a6a882fead250413f64db4a9b643770ca2c0e643e186ea51bb57a2e6c87

data/app/cells/decidim/upload_modal/modal.erb

@@ -35,7 +35,10 @@
         label: false,
         multiple: true,
         direct_upload: true,
-        data: { direct_upload_url: direct_upload_url } %>
+        data: {
+          direct_upload_url: direct_upload_url,
+          upload_validations_url: upload_validations_url
+        } %>
       <span><%= t("decidim.forms.upload_help.dropzone") %></span>
     </label>
   </div>

data/app/cells/decidim/upload_modal_cell.rb

@@ -156,15 +156,15 @@ module Decidim
     end
 
     def truncated_file_name_for(attachment, max_length = 31)
-      filename = file_name_for(attachment)
-      return filename if filename.length <= max_length
+      filename = determine_filename(attachment)
+      return decidim_html_escape(filename).html_safe if filename.length <= max_length
 
       name = File.basename(filename, File.extname(filename))
-      name.truncate(max_length, omission: "...#{name.last((max_length / 2) - 3)}#{File.extname(filename)}")
+      decidim_html_escape(name.truncate(max_length, omission: "...#{name.last((max_length / 2) - 3)}#{File.extname(filename)}")).html_safe
     end
 
     def file_name_for(attachment)
-      determine_filename(attachment)
+      decidim_html_escape(determine_filename(attachment)).html_safe
     end
 
     def determine_filename(attachment)
@@ -205,6 +205,10 @@ module Decidim
       Rails.application.class.routes.url_helpers.rails_direct_uploads_path
     end
 
+    def upload_validations_url
+      Decidim::Core::Engine.routes.url_helpers.upload_validations_path
+    end
+
     def form_object_class
       form.object.class.to_s
     end

data/app/cells/decidim/version_cell.rb

@@ -66,7 +66,7 @@ module Decidim
     end
 
     def resource_path
-      resource_locator(versioned_resource).path
+      Decidim::ResourceLocatorPresenter.new(versioned_resource).path
     end
   end
 end

data/app/cells/decidim/versions_list_cell.rb

@@ -13,7 +13,7 @@ module Decidim
     end
 
     def resource_path
-      resource_locator(versioned_resource).path
+      Decidim::ResourceLocatorPresenter.new(versioned_resource).path
     end
 
     def i18n_changes_title

data/app/commands/decidim/endorse_resource.rb

@@ -31,6 +31,8 @@ module Decidim
       else
         broadcast(:invalid)
       end
+    rescue ActiveRecord::RecordNotUnique
+      broadcast(:invalid)
     end
 
     private

data/app/commands/decidim/search.rb

@@ -3,7 +3,7 @@
 module Decidim
   # A command that will act as a search service, with all the business logic for performing searches.
   class Search < Decidim::Command
-    ACCEPTED_FILTERS = [:decidim_scope_id_eq].freeze
+    ACCEPTED_FILTERS = [:decidim_scope_id_in].freeze
     HIGHLIGHTED_RESULTS_COUNT = 4
 
     # Public: Initializes the command.

data/app/commands/decidim/unendorse_resource.rb

@@ -31,7 +31,7 @@ module Decidim
       query = if @current_group.present?
                 @resource.endorsements.where(decidim_user_group_id: @current_group&.id)
               else
-                @resource.endorsements.where(author: @current_user, decidim_user_group_id: nil)
+                @resource.endorsements.where(author: @current_user, decidim_user_group_id: 0)
               end
       query.destroy_all
     end

data/app/controllers/concerns/decidim/force_authentication.rb

@@ -35,11 +35,15 @@ module Decidim
     end
 
     def unauthorized_paths
-      # /locale is for changing the locale
-      %w(/locale) + Decidim::StaticPage.where(
+      default_unauthorized_paths + Decidim::StaticPage.where(
         organization: current_organization,
         allow_public_access: true
       ).pluck(Arel.sql("CONCAT('/pages/', slug)"))
     end
+
+    def default_unauthorized_paths
+      # /locale is for changing the locale and /manifest.webmanifest to request PWA manifest
+      %w(/locale /manifest.webmanifest)
+    end
   end
 end

data/app/controllers/decidim/devise/registrations_controller.rb

@@ -39,7 +39,7 @@ module Decidim
           end
 
           on(:invalid) do
-            flash.now[:alert] = @form.errors.full_messages.join(", ") if @form.errors.full_messages.any?
+            flash.now[:alert] = t("error", scope: "decidim.devise.registrations.create")
             render :new
           end
         end

data/app/controllers/decidim/links_controller.rb

@@ -35,7 +35,7 @@ module Decidim
     end
 
     def external_url
-      @external_url ||= URI.parse(params[:external_url])
+      @external_url ||= URI.parse(URI::Parser.new.escape(params[:external_url]))
     end
   end
 end

data/app/controllers/decidim/searches_controller.rb

@@ -26,7 +26,7 @@ module Decidim
         term: params[:term],
         with_resource_type: nil,
         with_space_state: nil,
-        decidim_scope_id_eq: nil
+        decidim_scope_id_in: nil
       }
     end
 

data/app/controllers/decidim/user_timeline_controller.rb

@@ -12,7 +12,7 @@ module Decidim
     helper_method :activities, :resource_types, :user
 
     def index
-      raise ActionController::RoutingError, "Not Found" if current_user != user
+      raise ActionController::RoutingError, "Not Found" unless user && current_user == user
     end
 
     private

data/app/forms/decidim/account_form.rb

@@ -24,7 +24,7 @@ module Decidim
     validates :nickname, presence: true, format: { with: Decidim::User::REGEXP_NICKNAME }
 
     validates :nickname, length: { maximum: Decidim::User.nickname_max_length, allow_blank: true }
-    validates :password, confirmation: true
+    validates :password, confirmation: { message: I18n.t("errors.messages.password_confirmation_message") }
     validates :password, password: { name: :name, email: :email, username: :nickname }, if: -> { password.present? }
     validates :password_confirmation, presence: true, if: :password_present
     validates :avatar, passthru: { to: Decidim::User }

data/app/forms/decidim/notifications_settings_form.rb

@@ -44,14 +44,6 @@ module Decidim
       allow_public_contact ? "all" : "followed-only"
     end
 
-    def user_is_moderator?(user)
-      Decidim.participatory_space_manifests.map do |manifest|
-        participatory_space_type = manifest.model_class_name.constantize
-        return true if participatory_space_type.moderators(user.organization).exists?(id: user.id)
-      end
-      false
-    end
-
     def meet_push_notifications_requirements?
       Rails.application.secrets.dig(:vapid, :enabled) || false
     end

data/app/forms/decidim/registration_form.rb

@@ -17,7 +17,7 @@ module Decidim
     validates :name, presence: true, format: { with: Decidim::User::REGEXP_NAME }
     validates :nickname, presence: true, format: { with: Decidim::User::REGEXP_NICKNAME }, length: { maximum: Decidim::User.nickname_max_length }
     validates :email, presence: true, "valid_email_2/email": { disposable: true }
-    validates :password, confirmation: true
+    validates :password, confirmation: { message: I18n.t("errors.messages.password_confirmation_message") }
     validates :password, password: { name: :name, email: :email, username: :nickname }
     validates :password_confirmation, presence: true
     validates :tos_agreement, allow_nil: false, acceptance: true

data/app/helpers/decidim/decidim_form_helper.rb

@@ -84,6 +84,7 @@ module Decidim
 
       template = ""
       template += render("decidim/scopes/scopes_picker_input",
+                         values_options: { delete_button: false },
                          picker_options: picker_options,
                          prompt_params: prompt_params,
                          scopes: scopes,

data/app/helpers/decidim/omniauth_helper.rb

@@ -6,6 +6,8 @@ module Decidim
     # Public: normalize providers names to they can be used for buttons
     # and icons.
     def normalize_provider_name(provider)
+      return "x" if provider == :twitter
+
       provider.to_s.split("_").first
     end
 

data/app/helpers/decidim/resource_helper.rb

@@ -67,6 +67,8 @@ module Decidim
 
     # Returns an instance of ResourceLocatorPresenter with the given resource
     def resource_locator(resource)
+      return resource.resource_locator if resource.respond_to?(:resource_locator)
+
       ::Decidim::ResourceLocatorPresenter.new(resource)
     end
 

data/app/helpers/decidim/short_link_helper.rb

@@ -21,7 +21,7 @@ module Decidim
       target ||= respond_to?(:current_organization) && current_organization
       target ||= Rails.application
 
-      mounted_engine = EngineResolver.new(_routes).mounted_name
+      mounted_engine = target.try(:mounted_engine) || EngineResolver.new(_routes).mounted_name
       ShortLink.to(target, mounted_engine, **kwargs).short_url
     end
   end

data/app/jobs/decidim/download_your_data_export_job.rb

@@ -11,7 +11,8 @@ module Decidim
 
       generate_zip_file(user, path, password, export_format)
       save_or_upload_file(user, path)
-
+      # Deletes temporary file
+      File.delete(path)
       ExportMailer.download_your_data_export(user, filename, password).deliver_later
     end
 

data/app/jobs/decidim/open_data_job.rb

@@ -11,6 +11,8 @@ module Decidim
       raise "Couldn't generate Open Data export" unless exporter.export.positive?
 
       organization.open_data_file.attach(io: File.open(path, "rb"), filename: organization.open_data_file_path)
+      # Deletes the temporary file file
+      File.delete(path)
     end
   end
 end

data/app/models/decidim/user.rb

@@ -205,7 +205,7 @@ module Decidim
     end
 
     def admin_terms_accepted?
-      return true if admin_terms_accepted_at
+      admin_terms_accepted_at.present?
     end
 
     # Whether this user can be verified against some authorization or not.
@@ -269,6 +269,14 @@ module Decidim
       password_updated_at < Decidim.config.admin_password_expiration_days.days.ago
     end
 
+    def moderator?
+      Decidim.participatory_space_manifests.map do |manifest|
+        participatory_space_type = manifest.model_class_name.constantize
+        return true if participatory_space_type.moderators(organization).exists?(id: id)
+      end
+      false
+    end
+
     protected
 
     # Overrides devise email required validation.