RubyGems - decidim-core - Versions diffs - 0.28.0 → 0.28.1 - Mend

decidim-core 0.28.0 → 0.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (196) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5b30446f8e883cb4610be652a64155471870ba9271583ce5b7061105f8d0c68
-  data.tar.gz: 300643e7aaf06cde799abae047625d5e73217f9669addea64be65b81ca56a194
+  metadata.gz: 800e096eb86537caa7de18236fe0becf73b1c30ee38e4631888025b52e831f3a
+  data.tar.gz: 9f05dfffcd55fcc9d4e76163a4b98c5b7e851bbdbcfe317f9a9566cb73a142d9
 SHA512:
-  metadata.gz: 9bf0e3704aecce6bbf26a5603990f07a2d05b44f1d06cec5f8804b563a71e322cd225ebdaf5b487f001eaa485173b09c07643495e3d58b374ad03e59b0505f8c
-  data.tar.gz: f24a8579f4ce4916b9786c4775cb3e865de4da331860a9105768163d868b0b8fc7191d738c23d9c0e8942a924d2c8c681c2f6db8b09aae6942d233e711d38f3e
+  metadata.gz: 97568f03aab3b39a4b75e98421a5b9e43f30f8f1c71b548478f0ee2f73c6303981643948289f9483d9cfbe71af47b872bf3e3c49d39009270e9e3ef72e55bf70
+  data.tar.gz: 8fa7ecb28d0d2e8097124330aced622ac52fc96d6cc8d6039e629c897d29af8f79366e8992107a9d8b89c88280c723b667b345ccbc643d2326303f376abd243a

data/app/cells/decidim/activity_cell.rb CHANGED Viewed

@@ -39,9 +39,9 @@ module Decidim
       case resource_title
       when String
-        resource_title
+        decidim_html_escape(resource_title)
       when Hash
-        translated_attribute(resource_title)
+        decidim_escape_translated(resource_title)
       end
     end

data/app/cells/decidim/address/online.erb CHANGED Viewed

@@ -1,9 +1,27 @@
-<div class="address__container">
-  <%= icon "map-pin-line" %>
-  <div class="address">
-    <div class="address__location"><%= t(model.type_of_meeting, scope: "decidim.meetings.meetings.filters.type_values") %></div>
-    <a href="<%= model.online_meeting_url %>" target="_blank" rel="noopener noreferrer" class="address__hints underline break-all">
-      <%= model.online_meeting_url %>
-    </a>
-  </div>
-</div>
+<ul>
+  <li class="mb-4">
+    <div class="address__container">
+      <%= icon "map-pin-line" %>
+      <div class="address">
+        <div class="address__location"><%= t(model.type_of_meeting, scope: "decidim.meetings.meetings.filters.type_values") %></div>
+        <% if display_online_meeting_url? %>
+          <a href="<%= model.online_meeting_url %>" target="_blank" rel="noopener noreferrer" class="address__hints underline break-all">
+            <%= model.online_meeting_url %>
+          <% end %>
+          </a>
+      </div>
+    </div>
+  </li>
+  <% if display_start_and_end_time? %>
+    <li>
+      <div class="address__container">
+        <%= icon "time-line" %>
+        <div class="address">
+          <div class="address__location">
+            <%= start_and_end_time %>
+          </div>
+        </div>
+      </div>
+    </li>
+  <% end %>
+</ul>

data/app/cells/decidim/address/show.erb CHANGED Viewed

@@ -1,14 +1,29 @@
-<div class="address__container">
-  <%= icon "map-pin-line" %>
-  <div class="address">
-    <% if has_location? %>
-      <div class="address__location"><%= location %></div>
-    <% end %>
+<ul>
+  <li class="mb-4">
+    <div class="address__container">
+      <%= icon "map-pin-line" %>
+      <div class="address">
+        <% if has_location? %>
+          <div class="address__location"><%= location %></div>
+        <% end %>
-    <div class="address__address"><%= address %></div>
+        <div class="address__address"><%= address %></div>
-    <% if has_location_hints? %>
-      <div class="address__hints"><%= location_hints %></div>
-    <% end %>
-  </div>
-</div>
+        <% if has_location_hints? %>
+          <div class="address__hints"><%= location_hints %></div>
+        <% end %>
+      </div>
+    </div>
+  </li>
+  <% if display_start_and_end_time? %>
+    <li>
+      <div class="address__container">
+        <%= icon "time-line" %>
+        <div class="address">
+          <div class="address__location">
+            <%= start_and_end_time %>
+          </div>
+        </div>
+    </li>
+  <% end %>
+</ul>

data/app/cells/decidim/address_cell.rb CHANGED Viewed

@@ -32,5 +32,34 @@ module Decidim
     def address
       decidim_sanitize(translated_attribute(model.address))
     end
+    def display_start_and_end_time?
+      model.respond_to?(:start_time) && model.respond_to?(:end_time)
+    end
+    def start_and_end_time
+      <<~HTML
+        #{with_tooltip(l(model.start_time, format: :tooltip)) { start_time }}
+        -
+        #{with_tooltip(l(model.end_time, format: :tooltip)) { end_time }}
+      HTML
+    end
+    def display_online_meeting_url?
+      return true unless model.respond_to?(:online?)
+      return true unless model.respond_to?(:iframe_access_level_allowed_for_user?)
+      model.online? && model.iframe_access_level_allowed_for_user?(current_user)
+    end
+    private
+    def start_time
+      l model.start_time, format: "%H:%M %p"
+    end
+    def end_time
+      l model.end_time, format: "%H:%M %p %Z"
+    end
   end
 end

data/app/cells/decidim/authorization_modal/show.erb CHANGED Viewed

@@ -1,6 +1,10 @@
-<div data-dialog-container>
-  <%= icon "lock-line" %>
-  <h2 id="dialog-title-authorizationModal" tabindex="-1" data-dialog-title><%= title %></h2>
+<% add_decidim_page_title(title) %>
+<main data-dialog-container class="text-center mt-8">
+  <div class="flex justify-center">
+    <%= icon "lock-line", class: "w-20 h-20" %>
+  </div>
+  <h1 tabindex="-1" class="h1" data-dialog-title><%= title %></h1>
   <div>
     <div class="authorization-modal__verification-container">
       <% verifications.each do |verification| %>
@@ -25,4 +29,4 @@
       <% end %>
     </div>
   </div>
-</div>
+</main>

data/app/cells/decidim/authorization_modal_cell.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 module Decidim
   class AuthorizationModalCell < Decidim::ViewModel
     include LayoutHelper
+    include Decidim::MetaTagsHelper
     delegate :authorize_action_path, to: :controller

data/app/cells/decidim/card_metadata_cell.rb CHANGED Viewed

@@ -75,7 +75,7 @@ module Decidim
       {
         cell: "decidim/coauthorships",
-        args: [resource, { stack: true }]
+        args: [resource, { stack: true, context_actions: [] }]
       }
     end
@@ -105,11 +105,11 @@ module Decidim
       }
     end
-    def duration_item
+    def start_date_item
       return if dates_blank?
       {
-        text: distance_of_time_in_words(start_date, end_date, scope: "datetime.distance_in_words.short"),
+        text: I18n.l(start_date, format: "%H:%M %p %Z"),
         icon: "time-line"
       }
     end

data/app/cells/decidim/coauthorships_cell.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Decidim
         cell(
           "decidim/collapsible_authors",
           presenters_for_identities(model),
-          options
+          options.merge(from: model)
         )
       end
     end

data/app/cells/decidim/content_blocks/menu_breadcrumb_last_activity_cell.rb CHANGED Viewed

@@ -5,6 +5,12 @@ module Decidim
     # A cell to be rendered as a content block with the latest activities performed
     # in a Decidim Organization.
     class MenuBreadcrumbLastActivityCell < LastActivityCell
+      def show
+        return if current_user.blank? && current_organization&.force_users_to_authenticate_before_access_organization
+        super
+      end
       private
       def activities

data/app/cells/decidim/content_blocks/participatory_space_hero_cell.rb CHANGED Viewed

@@ -7,19 +7,35 @@ module Decidim
       include Decidim::TranslationsHelper
       include Decidim::TwitterSearchHelper
-      attr_reader :cta_text, :cta_path
+      delegate :title, :hashtag, :attached_uploader, to: :resource
-      delegate :title, :subtitle, :attached_uploader, :hashtag, to: :resource
+      def cta_text
+        return unless model
+        @cta_text ||= translated_attribute(model.settings.button_text).presence
+      end
+      def cta_path
+        return unless model
+        @cta_path ||= translated_attribute(model.settings.button_url).presence
+      end
       def title_text
-        translated_attribute(title)
+        decidim_escape_translated(title)
       end
       def subtitle_text
-        translated_attribute(subtitle)
+        return unless resource.respond_to?(:subtitle)
+        decidim_escape_translated(resource.subtitle)
       end
+      # If it is called from the landing page content block, use the background image defined there
+      # Else, use the banner image defined in the space (for assemblies)
       def image_path
+        return model.images_container.attached_uploader(:background_image).path if model.respond_to?(:images_container)
         attached_uploader(:banner_image).path
       end

data/app/cells/decidim/content_blocks/participatory_space_hero_settings_form/show.erb ADDED Viewed

@@ -0,0 +1,8 @@
+<% form.fields_for :settings, form.object.settings do |settings_fields| %>
+  <%= settings_fields.translated :text_field, :button_text, label: t("decidim.content_blocks.cta_settings_form.button_text") %>
+  <%= settings_fields.translated :text_field, :button_url, label: t("decidim.content_blocks.cta_settings_form.button_url") %>
+<% end %>
+<% form.fields_for :images, form.object.images do |images_fields| %>
+  <%= images_fields.upload :background_image, label: t("decidim.content_blocks.cta_settings_form.background_image") %>
+<% end %>

data/app/cells/decidim/content_blocks/participatory_space_hero_settings_form_cell.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module Decidim
+  module ContentBlocks
+    class ParticipatorySpaceHeroSettingsFormCell < Decidim::ViewModel
+      alias form model
+      def content_block
+        options[:content_block]
+      end
+    end
+  end
+end

data/app/cells/decidim/content_blocks/participatory_space_metadata_cell.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Decidim
       def metadata_valued_items
         metadata_items.filter_map do |item|
-          next if (value = translated_attribute(presented_space.send(item))).blank?
+          next if (value = decidim_escape_translated(presented_space.send(item))).blank?
           {
             title: t(item, scope: translations_scope),

data/app/cells/decidim/footer_pages_cell.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Decidim
         .static_pages_accessible_for(current_user)
         .where(show_in_footer: true, topic_id: nil)
         .where.not(slug: "terms-and-conditions").map do |page|
-        { title: translated_attribute(page.title), path: decidim.page_path(page) }
+        { title: decidim_escape_translated(page.title), path: decidim.page_path(page) }
       end
     end
@@ -51,9 +51,9 @@ module Decidim
         next if (topic_pages = topic.accessible_pages_for(current_user).where(show_in_footer: true)).blank?
         {
-          title: translated_attribute(topic.title),
+          title: decidim_escape_translated(topic.title),
           pages: topic_pages.map do |page|
-            { title: translated_attribute(page.title), path: decidim.page_path(page) }
+            { title: decidim_escape_translated(page.title), path: decidim.page_path(page) }
           end
         }
       end.compact

data/app/cells/decidim/profile/tabs.erb CHANGED Viewed

@@ -1,6 +1,7 @@
 <% tab_items.each do |tab_item| %>
-  <li class="profile__tab<%= " is-active" if is_active_link?(tab_item[:path]) %>">
-    <%= link_to tab_item[:path], title: tab_item[:text], class: "profile__tab-item" do %>
+  <% active_link = is_active_link?(tab_item[:path]) %>
+  <li class="profile__tab<%= " is-active" if active_link %>">
+    <%= link_to tab_item[:path], title: tab_item[:text], class: "profile__tab-item", aria: { current: active_link ? "page" : nil } do %>
       <%= icon tab_item[:icon] %>
       <span><%= tab_item[:text] %></span>
       <% if tab_item[:count].present? %>

data/app/cells/decidim/tags_cell.rb CHANGED Viewed

@@ -9,6 +9,8 @@ module Decidim
   #   <%= cell("decidim/category", model.category, context: {resource: model}) %>
   #
   class TagsCell < Decidim::ViewModel
+    include Decidim::SanitizeHelper
     def show
       render if category? || scope?
     end
@@ -69,7 +71,7 @@ module Decidim
     end
     def category_name
-      model.category.translated_name
+      decidim_html_escape model.category.translated_name
     end
     def category_path

data/app/cells/decidim/upload_modal/modal.erb CHANGED Viewed

@@ -37,10 +37,10 @@
             <%= icon "upload-cloud-2-line", class: "w-8 h-8 text-gray fill-current" %>
             <%= t("decidim.forms.upload_help.dropzone") %>
           </span>
-          <label class="button button__sm button__secondary" for="files-<%= modal_id %>">
+          <button class="button button__sm button__secondary" data-select-file-button>
             <span><%= t("decidim.forms.upload.select_file") %></span>
             <%= icon "arrow-right-line", class: "fill-current" %>
-          </label>
+          </button>
         </div>
       </div>
     </div>

data/app/commands/decidim/create_omniauth_registration.rb CHANGED Viewed

@@ -57,13 +57,11 @@ module Decidim
         # to be marked confirmed.
         @user.skip_confirmation! if !@user.confirmed? && @user.email == verified_email
       else
-        generated_password = SecureRandom.hex
         @user.email = (verified_email || form.email)
         @user.name = form.name
         @user.nickname = form.normalized_nickname
         @user.newsletter_notifications_at = nil
-        @user.password = generated_password
+        @user.password = SecureRandom.hex
         if form.avatar_url.present?
           url = URI.parse(form.avatar_url)
           filename = File.basename(url.path)

data/app/commands/decidim/messaging/reply_to_conversation.rb CHANGED Viewed

@@ -54,11 +54,13 @@ module Decidim
               notify(manager) do
                 ConversationMailer.new_group_message(sender, manager, conversation, message, recipient).deliver_later
               end
+              Decidim::PushNotificationMessageSender.new.new_group_message(sender, manager, conversation, message, recipient).deliver
             end
           else
             notify(recipient) do
               ConversationMailer.new_message(sender, recipient, conversation, message).deliver_later
             end
+            Decidim::PushNotificationMessageSender.new.new_message(sender, recipient, conversation, message).deliver
           end
         end
       end
@@ -68,6 +70,7 @@ module Decidim
           notify(recipient) do
             ConversationMailer.comanagers_new_message(sender, recipient, conversation, message, form.context.current_user).deliver_later
           end
+          Decidim::PushNotificationMessageSender.new.comanagers_new_message(sender, recipient, conversation, message, form.context.current_user).deliver
         end
       end

data/app/commands/decidim/messaging/start_conversation.rb CHANGED Viewed

@@ -54,11 +54,13 @@ module Decidim
               notify(manager) do
                 ConversationMailer.new_group_conversation(originator, manager, conversation, recipient).deliver_later
               end
+              Decidim::PushNotificationMessageSender.new.new_group_conversation(originator, manager, conversation, recipient).deliver
             end
           else
             notify(recipient) do
               ConversationMailer.new_conversation(originator, recipient, conversation).deliver_later
             end
+            Decidim::PushNotificationMessageSender.new.new_conversation(originator, recipient, conversation).deliver
           end
         end
       end
@@ -68,6 +70,7 @@ module Decidim
           notify(recipient) do
             ConversationMailer.comanagers_new_conversation(originator, recipient, conversation, form.context.current_user).deliver_later
           end
+          Decidim::PushNotificationMessageSender.new.comanagers_new_conversation(originator, recipient, conversation, form.context.current_user).deliver
         end
       end

data/app/controllers/concerns/decidim/devise_authentication_methods.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module DeviseAuthenticationMethods
+    extend ActiveSupport::Concern
+    include Decidim::UserBlockedChecker
+    included do
+      def after_sign_in_path_for(user)
+        if user.present? && user.blocked?
+          check_user_block_status(user)
+        elsif user.needs_password_update?
+          change_password_path
+        elsif first_login_and_not_authorized?(user) && !user.admin? && !pending_redirect?(user)
+          decidim_verifications.first_login_authorizations_path
+        else
+          super
+        end
+      end
+      # Calling the `stored_location_for` method removes the key, so in order
+      # to check if there is any pending redirect after login I need to call
+      # this method and use the value to set a pending redirect. This is the
+      # only way to do this without checking the session directly.
+      def pending_redirect?(user)
+        store_location_for(user, stored_location_for(user))
+      end
+      def first_login_and_not_authorized?(user)
+        user.is_a?(User) && user.sign_in_count == 1 && current_organization.available_authorizations.any? && user.verifiable?
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/paginable.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Decidim
       def per_page
         if OPTIONS.include?(params[:per_page])
-          params[:per_page]
+          params[:per_page].to_i
         elsif params[:per_page]
           sorted = OPTIONS.sort
           params[:per_page].to_i.clamp(sorted.first, sorted.last)

data/app/controllers/decidim/devise/omniauth_registrations_controller.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Decidim
     class OmniauthRegistrationsController < ::Devise::OmniauthCallbacksController
       include FormFactory
       include Decidim::DeviseControllers
+      include Decidim::DeviseAuthenticationMethods
       def new
         @form = form(OmniauthRegistrationForm).from_params(params[:user])
@@ -45,28 +46,6 @@ module Decidim
         end
       end
-      def after_sign_in_path_for(user)
-        if user.present? && user.blocked?
-          check_user_block_status(user)
-        elsif !pending_redirect?(user) && first_login_and_not_authorized?(user)
-          decidim_verifications.authorizations_path
-        else
-          super
-        end
-      end
-      # Calling the `stored_location_for` method removes the key, so in order
-      # to check if there is any pending redirect after login I need to call
-      # this method and use the value to set a pending redirect. This is the
-      # only way to do this without checking the session directly.
-      def pending_redirect?(user)
-        store_location_for(user, stored_location_for(user))
-      end
-      def first_login_and_not_authorized?(user)
-        user.is_a?(User) && user.sign_in_count == 1 && Decidim::Verifications.workflows.any? && user.verifiable?
-      end
       def action_missing(action_name)
         return send(:create) if devise_mapping.omniauthable? && current_organization.enabled_omniauth_providers.keys.include?(action_name.to_sym)

data/app/controllers/decidim/devise/sessions_controller.rb CHANGED Viewed

@@ -5,6 +5,7 @@ module Decidim
     # Custom Devise SessionsController to avoid namespace problems.
     class SessionsController < ::Devise::SessionsController
       include Decidim::DeviseControllers
+      include Decidim::DeviseAuthenticationMethods
       before_action :check_sign_in_enabled, only: :create
@@ -35,30 +36,6 @@ module Decidim
         end
       end
-      def after_sign_in_path_for(user)
-        if user.present? && user.blocked?
-          check_user_block_status(user)
-        elsif user.needs_password_update?
-          change_password_path
-        elsif first_login_and_not_authorized?(user) && !user.admin? && !pending_redirect?(user)
-          decidim_verifications.first_login_authorizations_path
-        else
-          super
-        end
-      end
-      # Calling the `stored_location_for` method removes the key, so in order
-      # to check if there is any pending redirect after login I need to call
-      # this method and use the value to set a pending redirect. This is the
-      # only way to do this without checking the session directly.
-      def pending_redirect?(user)
-        store_location_for(user, stored_location_for(user))
-      end
-      def first_login_and_not_authorized?(user)
-        user.is_a?(User) && user.sign_in_count == 1 && current_organization.available_authorizations.any? && user.verifiable?
-      end
       def after_sign_out_path_for(user)
         request.referer || super
       end

data/app/events/decidim/welcome_notification_event.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
-require "mustache"
 module Decidim
   class WelcomeNotificationEvent < Decidim::Events::BaseEvent
     include Decidim::Events::EmailEvent
@@ -46,13 +44,12 @@ module Decidim
     private
     def interpolate(template)
-      Mustache.render(
-        template.to_s,
-        organization: organization.name,
-        name: user.name,
-        help_url: url_helpers.pages_url(host: organization.host),
-        badges_url: url_helpers.gamification_badges_url(host: organization.host)
-      ).html_safe
+      template
+        .gsub("{{name}}", user.name)
+        .gsub("{{organization}}", organization.name)
+        .gsub("{{help_url}}", url_helpers.pages_url(host: organization.host))
+        .gsub("{{badges_url}}", url_helpers.gamification_badges_url(host: organization.host))
+        .html_safe
     end
   end
 end

data/app/helpers/decidim/application_helper.rb CHANGED Viewed

@@ -102,24 +102,6 @@ module Decidim
       super(name, model, options, &)
     end
-    # Public: Builds the URL for the step Call To Action. Takes URL params
-    # into account.
-    #
-    # process - a ParticipatoryProcess
-    #
-    # Returns a String that can be used as a URL.
-    def step_cta_url(process)
-      return unless respond_to?(:decidim_participatory_processes)
-      base_url, params = decidim_participatory_processes.participatory_process_path(process).split("?")
-      if params.present?
-        [base_url, "/", process.active_step.cta_path, "?", params].join
-      else
-        [base_url, "/", process.active_step.cta_path].join
-      end
-    end
     def prevent_timeout_seconds
       0
     end

data/app/helpers/decidim/cells_paginate_helper.rb CHANGED Viewed

@@ -14,7 +14,7 @@ module Decidim
     end
     def per_page
-      params[:per_page] || Decidim::Paginable::OPTIONS.first
+      params[:per_page].to_i || Decidim::Paginable::OPTIONS.first
     end
   end
 end

data/app/helpers/decidim/check_boxes_tree_helper.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 module Decidim
   # This helper include some methods for rendering a checkboxes tree input.
   module CheckBoxesTreeHelper
+    include SanitizeHelper
     # This method returns a hash with the options for the checkbox and its label
     # used in filters that uses checkboxes trees
     def check_boxes_tree_options(value, label, **options)
@@ -49,23 +51,21 @@ module Decidim
     end
     def filter_categories_values
-      organization = current_participatory_space.organization
       sorted_main_categories = current_participatory_space.categories.first_class.includes(:subcategories).sort_by do |category|
-        [category.weight, translated_attribute(category.name, organization)]
+        [category.weight, decidim_escape_translated(category.name)]
       end
       categories_values = sorted_main_categories.flat_map do |category|
         sorted_descendant_categories = category.descendants.includes(:subcategories).sort_by do |subcategory|
-          [subcategory.weight, translated_attribute(subcategory.name, organization)]
+          [subcategory.weight, decidim_escape_translated(subcategory.name)]
         end
         subcategories = sorted_descendant_categories.flat_map do |subcategory|
-          TreePoint.new(subcategory.id.to_s, translated_attribute(subcategory.name, organization))
+          TreePoint.new(subcategory.id.to_s, decidim_escape_translated(subcategory.name))
         end
         TreeNode.new(
-          TreePoint.new(category.id.to_s, translated_attribute(category.name, organization)),
+          TreePoint.new(category.id.to_s, decidim_escape_translated(category.name)),
           subcategories
         )
       end

data/app/helpers/decidim/layout_helper.rb CHANGED Viewed

@@ -62,7 +62,7 @@ module Decidim
       href = Decidim.cors_enabled ? "" : asset_pack_path("media/images/remixicon.symbol.svg")
       content_tag :svg, html_properties do
-        content_tag :use, nil, "href" => "#{href}#ri-#{name}", tabindex: -1
+        content_tag :use, nil, "href" => "#{href}#ri-#{name}"
       end
     end