RubyGems - decidim-core - Versions diffs - 0.28.3 → 0.28.5 - Mend

decidim-core 0.28.3 → 0.28.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

checksums.yaml +4 -4
data/app/cells/decidim/activity_cell.rb +1 -4
data/app/cells/decidim/author/show.erb +5 -4
data/app/cells/decidim/author_cell.rb +26 -0
data/app/cells/decidim/card_s/show.erb +5 -3
data/app/cells/decidim/content_blocks/stats_cell.rb +1 -1
data/app/cells/decidim/diff_cell.rb +4 -0
data/app/cells/decidim/endorsement_buttons_cell.rb +1 -1
data/app/cells/decidim/nav_links/show.erb +3 -3
data/app/cells/decidim/newsletter_templates/image_text_cta_cell.rb +1 -1
data/app/cells/decidim/resource_types_filter/show.erb +11 -12
data/app/cells/decidim/translation_bar/show.erb +3 -3
data/app/cells/decidim/translation_bar_cell.rb +1 -1
data/app/commands/decidim/amendable/create_draft.rb +1 -0
data/app/commands/decidim/destroy_account.rb +3 -0
data/app/controllers/concerns/decidim/devise_authentication_methods.rb +1 -1
data/app/controllers/concerns/decidim/direct_upload.rb +82 -0
data/app/controllers/decidim/doorkeeper/credentials_controller.rb +1 -1
data/app/controllers/decidim/links_controller.rb +1 -1
data/app/controllers/decidim/profiles_controller.rb +4 -0
data/app/forms/decidim/upload_validation_form.rb +1 -1
data/app/helpers/concerns/decidim/user_role_checker.rb +46 -0
data/app/helpers/decidim/cta_button_helper.rb +1 -1
data/app/helpers/decidim/layout_helper.rb +28 -0
data/app/helpers/decidim/map_helper.rb +6 -1
data/app/helpers/decidim/menu_helper.rb +1 -1
data/app/helpers/decidim/sanitize_helper.rb +11 -2
data/app/helpers/decidim/scopes_helper.rb +5 -2
data/app/models/decidim/action_log.rb +11 -1
data/app/models/decidim/attachment.rb +1 -1
data/app/packs/src/decidim/a11y.js +11 -15
data/app/packs/src/decidim/append_redirect_url_to_modals.js +24 -14
data/app/packs/src/decidim/direct_uploads/upload_field.js +21 -8
data/app/packs/src/decidim/direct_uploads/upload_modal.js +3 -0
data/app/packs/src/decidim/index.js +3 -0
data/app/packs/src/decidim/remote_tooltips.js +38 -0
data/app/packs/src/decidim/toggle.js +1 -1
data/app/packs/src/decidim/tooltips.js +42 -22
data/app/packs/stylesheets/decidim/_buttons.scss +1 -1
data/app/packs/stylesheets/decidim/_modal_update.scss +4 -0
data/app/packs/stylesheets/decidim/_profile.scss +1 -1
data/app/packs/stylesheets/decidim/_progress-bar.scss +1 -1
data/app/packs/stylesheets/decidim/legacy/conference-diploma.scss +2 -1
data/app/presenters/decidim/attachment_presenter.rb +1 -1
data/app/presenters/decidim/menu_item_presenter.rb +1 -1
data/app/queries/decidim/last_activity.rb +16 -5
data/app/services/decidim/base_diff_renderer.rb +26 -2
data/app/services/decidim/email_notification_generator.rb +14 -5
data/app/views/decidim/devise/omniauth_registrations/new.html.erb +1 -1
data/app/views/decidim/offline/show.html.erb +1 -1
data/app/views/decidim/pages/_tabbed.html.erb +5 -5
data/app/views/decidim/shared/_filters.html.erb +5 -5
data/app/views/decidim/shared/_orders.html.erb +3 -2
data/app/views/decidim/shared/filters/_check_boxes_tree.html.erb +1 -1
data/app/views/decidim/shared/filters/_collection.html.erb +1 -1
data/app/views/layouts/decidim/_head.html.erb +1 -1
data/app/views/layouts/decidim/header/_menu_breadcrumb_mobile_tablet.html.erb +1 -1
data/app/views/layouts/decidim/shared/_layout_user_profile.html.erb +2 -2
data/config/locales/ar.yml +12 -1
data/config/locales/bg.yml +0 -1
data/config/locales/bn-BD.yml +1 -0
data/config/locales/bs-BA.yml +98 -0
data/config/locales/ca.yml +14 -10
data/config/locales/cs.yml +6 -1
data/config/locales/de.yml +18 -14
data/config/locales/el.yml +3 -1
data/config/locales/en.yml +5 -1
data/config/locales/es-MX.yml +6 -2
data/config/locales/es-PY.yml +6 -2
data/config/locales/es.yml +12 -8
data/config/locales/eu.yml +202 -185
data/config/locales/fi-plain.yml +5 -1
data/config/locales/fi.yml +40 -36
data/config/locales/fr-CA.yml +6 -2
data/config/locales/fr.yml +5 -1
data/config/locales/ga-IE.yml +5 -0
data/config/locales/gl.yml +4 -1
data/config/locales/hu.yml +1 -2
data/config/locales/id-ID.yml +4 -0
data/config/locales/is-IS.yml +4 -1
data/config/locales/it.yml +40 -0
data/config/locales/ja.yml +18 -16
data/config/locales/lb.yml +5 -0
data/config/locales/lt.yml +1 -2
data/config/locales/lv.yml +4 -0
data/config/locales/nl.yml +6 -1
data/config/locales/no.yml +5 -0
data/config/locales/pl.yml +1 -2
data/config/locales/pt-BR.yml +199 -1
data/config/locales/pt.yml +11 -0
data/config/locales/ro-RO.yml +302 -180
data/config/locales/ru.yml +4 -0
data/config/locales/sk.yml +5 -1
data/config/locales/sv.yml +452 -81
data/config/locales/tr-TR.yml +6 -1
data/config/locales/uk.yml +4 -1
data/config/locales/zh-CN.yml +5 -0
data/config/locales/zh-TW.yml +4 -1
data/config/routes.rb +1 -0
data/decidim-core.gemspec +4 -1
data/lib/decidim/api/functions/component_list.rb +1 -1
data/lib/decidim/api/functions/participatory_space_finder_base.rb +11 -1
data/lib/decidim/api/interfaces/participatory_space_interface.rb +1 -1
data/lib/decidim/api/types/component_type.rb +7 -0
data/lib/decidim/api/types/user_group_type.rb +4 -0
data/lib/decidim/api/types/user_type.rb +4 -0
data/lib/decidim/attributes/rich_text.rb +38 -0
data/lib/decidim/attributes/time_with_zone.rb +11 -1
data/lib/decidim/attributes.rb +2 -0
data/lib/decidim/content_parsers/blob_parser.rb +93 -0
data/lib/decidim/content_parsers.rb +1 -0
data/lib/decidim/content_renderers/blob_renderer.rb +90 -0
data/lib/decidim/content_renderers.rb +1 -0
data/lib/decidim/core/engine.rb +35 -1
data/lib/decidim/core/test/factories.rb +28 -0
data/lib/decidim/core/test/shared_examples/authorable_interface_examples.rb +1 -1
data/lib/decidim/core/test/shared_examples/comments_examples.rb +25 -2
data/lib/decidim/core/test/shared_examples/system_endorse_resource_examples.rb +112 -14
data/lib/decidim/core/version.rb +1 -1
data/lib/decidim/core.rb +11 -0
data/lib/decidim/diffy_extension.rb +18 -0
data/lib/decidim/form_builder.rb +1 -1
data/lib/decidim/map/autocomplete.rb +1 -0
data/lib/decidim/organization_settings.rb +4 -1
data/lib/decidim/participatory_space_user.rb +4 -0
data/lib/decidim/query_extensions.rb +0 -26
data/lib/decidim/settings_manifest.rb +2 -0
data/lib/decidim/translatable_attributes.rb +6 -1
data/lib/decidim/view_model.rb +1 -1
data/lib/tasks/upgrade/decidim_attachments.rake +14 -0
data/lib/tasks/upgrade/decidim_fix_categorization.rake +34 -8
metadata +30 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ed7b2e2e440e7ab68c508dc8242f6adbee52c292cfa8fd3fd43e42fc75e8f8f
-  data.tar.gz: ee75d95c1002bc872483de673a2e21e23c100d387d2bd50d86bb05ed5a91d1fa
+  metadata.gz: 30504edbc5451f226b04213804ae8b02392132d8f66f9d5ebe9ea58ad264031e
+  data.tar.gz: 0ff217364122ef3812f7aa950e4908364126ceca46f135d0d5dc049b1ee19537
 SHA512:
-  metadata.gz: d82a46910165f8510bec81d79677b26057d49e88ddc9ddd3fda2443b0d8529804faebb2eb8949313b4cf4c25fc8fd406da049dc2e33d172430d7614dc043b9cd
-  data.tar.gz: e86a808c22abc5db470d2bcf7d9427a2d8ea13588a73fcbde936fbd22c381d606f30b45353e3638f39150e16966cf75edcf6d81698164b3bdef9055b1881a02f
+  metadata.gz: 897aec8c06d1dd2110a5bd880e07061cab5e12495b707ed175afa81468c5ac162cf3d7a6643879eab83a82a9ca76232ff82dcb0d9b29ccf277d328fec6539a35
+  data.tar.gz: 88e9607861160a270e3604733a323fc2b1d359779c335ff8ccce97c9e587062c9c916d07682ad0ddda2b50abe2f718d3ce4baeb5bf77cbf3aab77ea231160014

data/app/cells/decidim/activity_cell.rb CHANGED Viewed

@@ -106,10 +106,7 @@ module Decidim
       hash << id_prefix
       hash << I18n.locale.to_s
       hash << model.class.name.underscore
-      hash << model.cache_key_with_version
-      if (author_cell = author)
-        hash.push(Digest::MD5.hexdigest(author_cell.send(:cache_hash)))
-      end
+      hash << model.cache_key_with_version if model.respond_to?(:cache_key_with_version)
       hash.join(Decidim.cache_key_separator)
     end

data/app/cells/decidim/author/show.erb CHANGED Viewed

@@ -1,6 +1,7 @@
-<% data = has_tooltip? ? { tooltip: render(:profile_minicard).html_safe } : nil %>
-<span class="author" data-author>
-  <%= content_tag :span, class: "author__container#{" is-compact" if layout == :compact}", data: do %>
+<%# If the options hash has the demo key it means we are in the decidim-design engine, so it is not a real-world scenario with actual users %>
+<% tooltip = options.has_key?(:demo) ? { tooltip: render(:profile_minicard).html_safe } : nil %>
+<%= content_tag(:span, class: :author, data: ) do %>
+  <%= content_tag :span, class: "author__container#{" is-compact" if layout == :compact}", data: tooltip do %>
     <% if layout == :compact %>
       <%= render :avatar %>
@@ -24,4 +25,4 @@
       <%= render action %>
     <% end %>
   <% end %>
-</span>
+<% end %>

data/app/cells/decidim/author_cell.rb CHANGED Viewed

@@ -49,8 +49,26 @@ module Decidim
       @context_actions_options ||= options[:context_actions].map(&:to_sym)
     end
+    def profile_minicard
+      render
+    end
     private
+    # If the options hash has the demo key it means we are in the decidim-design engine,
+    # so it is not a real-world scenario with actual users
+    def data
+      @data ||= begin
+        internal_data = { author: true }
+        if has_tooltip? && !options.has_key?(:demo)
+          internal_data["remote_tooltip"] = true
+          internal_data["tooltip-url"] = decidim.profile_tooltip_path(raw_model.nickname)
+        end
+        internal_data
+      end
+    end
     def layout
       @layout ||= LAYOUTS.include?(options[:layout]) ? options[:layout] : :default
     end
@@ -162,5 +180,13 @@ module Decidim
     def resource_name
       @resource_name ||= from_context.class.name.demodulize.underscore
     end
+    def has_tooltip?
+      return false if model.deleted?
+      return false if model.respond_to?(:blocked?) && model.blocked?
+      return true if options.has_key?(:tooltip)
+      model.has_tooltip?
+    end
   end
 end

data/app/cells/decidim/card_s/show.erb CHANGED Viewed

@@ -1,10 +1,12 @@
-<%= link_to resource_path, class: "card__search", id: dom_id(resource) do %>
+<%= content_tag :div, id: dom_id(resource), class: "card__search" do %>
   <%= content_tag title_tag, class: "h4 card__search-title" do %>
-    <%= title %>
+    <%= link_to resource_path, class: "card__search" do %>
+      <%= title %>
+    <% end %>
   <% end %>
   <% if metadata_cell.present? %>
     <div class="card__search-metadata">
-      <%= cell metadata_cell, resource, links: false %>
+     <%= cell metadata_cell, resource, links: false %>
     </div>
   <% end %>
 <% end %>

data/app/cells/decidim/content_blocks/stats_cell.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module Decidim
       end
       def cache_expiry_time
-        10.minutes
+        Decidim.stats_cache_expiry_time
       end
     end
   end

data/app/cells/decidim/diff_cell.rb CHANGED Viewed

@@ -71,6 +71,10 @@ module Decidim
     # DiffRenderer class for the current_version's item; falls back to `BaseDiffRenderer`.
     def diff_renderer_class
+      renderer_class = "#{current_version.item_type}DiffRenderer".safe_constantize
+      return renderer_class if renderer_class
       if current_version.item_type.deconstantize == "Decidim"
         "#{current_version.item_type.pluralize}::DiffRenderer".constantize
       else

data/app/cells/decidim/endorsement_buttons_cell.rb CHANGED Viewed

@@ -77,7 +77,7 @@ module Decidim
     end
     def user_has_verified_groups?
-      current_user && Decidim::UserGroups::ManageableUserGroups.for(current_user).verified.any?
+      current_user && current_organization.user_groups_enabled? && Decidim::UserGroups::ManageableUserGroups.for(current_user).verified.any?
     end
     def endorse_translated

data/app/cells/decidim/nav_links/show.erb CHANGED Viewed

@@ -1,12 +1,12 @@
 <div class="participatory-space__nav-container">
-  <button id="dropdown-trigger-participatory-space" data-component="dropdown" data-target="dropdown-menu-participatory-space" data-auto-close="true" data-scroll-to-menu="true">
+  <button id="dropdown-trigger-participatory-space" data-component="dropdown" data-target="dropdown-menu-participatory-space" data-auto-close="true" data-scroll-to-menu="true" data-open-md="true">
     <span><%= t("decidim.searches.filters.jump_to") %></span>
     <%= icon "arrow-down-s-line" %>
     <%= icon "arrow-up-s-line" %>
   </button>
-  <ul id="dropdown-menu-participatory-space" class="participatory-space__nav" aria-hidden="true">
+  <ul id="dropdown-menu-participatory-space" class="participatory-space__nav">
     <% model.each do |item| %>
-      <li>
+      <li role="menuitem">
         <%= link_to item[:url], class: "participatory-space__nav-item" do %>
           <%= item[:name] %>
           <%= icon "arrow-right-line" %>

data/app/cells/decidim/newsletter_templates/image_text_cta_cell.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module Decidim
       end
       def main_image_url
-        newsletter.template.images_container.attached_uploader(:main_image).url(host: organization.host)
+        newsletter.template.images_container.attached_uploader(:main_image).url
       end
       def organization_primary_color

data/app/cells/decidim/resource_types_filter/show.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <div id="<%= id %>" class="filter-container">
-  <button id="dropdown-trigger-resource" data-component="dropdown" data-target="dropdown-menu-resource" data-auto-close="true">
+  <button id="dropdown-trigger-resource" data-component="dropdown" data-target="dropdown-menu-resource" data-open-md="true">
     <% resource_types.each do |resource_type| %>
       <span data-value="<%= resource_type[0] %>" class="<%= "is-active" if filter_param == resource_type[0] %>">
         <%= text_with_resource_icon(*resource_type) %>
@@ -8,15 +8,14 @@
     <%= icon "arrow-down-s-line" %>
     <%= icon "arrow-up-s-line" %>
   </button>
-  <%= filter_form_for filter, form_path, :class => "new_filter", :id => "dropdown-menu-resource", "aria-hidden" => true do |form| %>
-    <%= form.collection_radio_buttons(
-          filter_param_key,
-          resource_types,
-          :first,
-          :last,
-          { checked: filter_param }
-        ) do |builder|
-            builder.label { builder.radio_button(class: "reset-defaults", hidden: true) + content_tag(:span, text_with_resource_icon(builder.value, builder.text), class: "filter") }
-      end %>
-  <% end %>
+  <ul id="dropdown-menu-resource">
+    <% resource_types.each do |resource_type| %>
+      <li role="menuitem">
+        <%= link_to decidim.last_activities_path(filter: { with_resource_type: resource_type[0] } ), class: "filter#{" is-active" if filter_param == resource_type[0]}" do %>
+          <span class="sr-only"><%= resource_type[1] %></span>
+          <%= text_with_resource_icon(*resource_type) %>
+        <% end %>
+      </li>
+    <% end %>
+  </ul>
 </div>

data/app/cells/decidim/translation_bar/show.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<div class="wrapper-mini translation-bar">
-  <div class="row column">
+<div>
+  <div class="pt-4 pb-4 text-center bg-background">
     <%= link %>
-    <span class="translation-button-help"><%= help_text %></span>
+    <span class="translation-button-help ml-4"><%= help_text %></span>
   </div>
 </div>

data/app/cells/decidim/translation_bar_cell.rb CHANGED Viewed

@@ -34,7 +34,7 @@ module Decidim
       parsed_url.query = new_query
       url = parsed_url.to_s
-      link_to button_text, url, class: "button small hollow"
+      link_to button_text, url, class: "button button__sm button__transparent-secondary"
     end
     def button_text

data/app/commands/decidim/amendable/create_draft.rb CHANGED Viewed

@@ -53,6 +53,7 @@ module Decidim
             emendation.body = { I18n.locale => form.emendation_params.with_indifferent_access[:body] }
             emendation.component = amendable.component
             emendation.add_author(current_user, user_group)
+            emendation.category = amendable.category if amendable.respond_to?(:category)
             emendation.save!
             emendation
           end

data/app/commands/decidim/destroy_account.rb CHANGED Viewed

@@ -35,6 +35,9 @@ module Decidim
       @user.name = ""
       @user.nickname = ""
       @user.email = ""
+      @user.personal_url = ""
+      @user.about = ""
+      @user.notifications_sending_frequency = "none"
       @user.delete_reason = @form.delete_reason
       @user.admin = false if @user.admin?
       @user.deleted_at = Time.current

data/app/controllers/concerns/decidim/devise_authentication_methods.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Decidim
         if user.present? && user.blocked?
           check_user_block_status(user)
         elsif user.needs_password_update?
-          change_password_path
+          decidim.change_password_path
         elsif first_login_and_not_authorized?(user) && !user.admin? && !pending_redirect?(user)
           decidim_verifications.first_login_authorizations_path
         else

data/app/controllers/concerns/decidim/direct_upload.rb ADDED Viewed

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+module Decidim
+  module DirectUpload
+    extend ActiveSupport::Concern
+    included do
+      include Decidim::NeedsOrganization
+      skip_before_action :verify_organization
+      before_action :check_organization!,
+                    :check_authenticated!,
+                    :check_user_belongs_to_organization,
+                    :validate_direct_upload
+    end
+    protected
+    def validate_direct_upload
+      # We skip the validation if we are in system panel. `current_admin` refers to the main system admin user.
+      return if current_admin.present?
+      head :unprocessable_entity unless [
+        maximum_allowed_size.try(:to_i) >= blob_args[:byte_size].try(:to_i),
+        content_types.any? { |pattern| pattern.match?(blob_args[:content_type]) },
+        content_types.any? { |pattern| pattern.match?(MiniMime.lookup_by_extension(extension)&.content_type) },
+        allowed_extensions.any? { |pattern| pattern.match?(extension) }
+      ].all?
+    rescue NoMethodError
+      head :unprocessable_entity
+    end
+    def extension
+      File.extname(blob_args[:filename]).delete(".")
+    end
+    def maximum_allowed_size
+      current_organization.settings.upload_maximum_file_size
+    end
+    def check_organization!
+      head :unauthorized if current_organization.blank? && current_admin.blank?
+    end
+    def check_authenticated!
+      head :unauthorized if current_user.blank? && current_admin.blank?
+    end
+    def check_user_belongs_to_organization
+      return if current_admin.present?
+      head :unauthorized unless current_organization == current_user.organization
+    end
+    def allowed_extensions
+      if user_has_elevated_role?
+        current_organization.settings.upload_allowed_file_extensions_admin
+      else
+        current_organization.settings.upload_allowed_file_extensions
+      end
+    end
+    def content_types
+      if user_has_elevated_role?
+        current_organization.settings.upload_allowed_content_types_admin
+      else
+        current_organization.settings.upload_allowed_content_types
+      end
+    end
+    private
+    def user_has_elevated_role?
+      [
+        current_user&.admin?,
+        defined?(Decidim::Assemblies::AssembliesWithUserRole) && Decidim::Assemblies::AssembliesWithUserRole.for(current_user).any?,
+        defined?(Decidim::Conferences::ConferencesWithUserRole) && Decidim::Conferences::ConferencesWithUserRole.for(current_user).any?,
+        defined?(Decidim::ParticipatoryProcessesWithUserRole) && Decidim::ParticipatoryProcessesWithUserRole.for(current_user).any?
+      ].any?
+    end
+  end
+end

data/app/controllers/decidim/doorkeeper/credentials_controller.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Decidim
       end
       def avatar_url
-        avatar_url = current_resource_owner.attached_uploader(:avatar).url(host: current_resource_owner.organization.host)
+        avatar_url = current_resource_owner.attached_uploader(:avatar).url
         return unless avatar_url
         unless %r{^https?://}.match? avatar_url

data/app/controllers/decidim/links_controller.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Decidim
     end
     def escape_url(external_url)
-      before_fragment, fragment = external_url.split("#", 2)
+      before_fragment, fragment = URI.decode_www_form_component(external_url).split("#", 2)
       escaped_before_fragment = URI::Parser.new.escape(before_fragment)
       if fragment

data/app/controllers/decidim/profiles_controller.rb CHANGED Viewed

@@ -27,6 +27,10 @@ module Decidim
       redirect_to profile_activity_path(nickname: params[:nickname])
     end
+    def tooltip
+      render json: { data: cell("decidim/author", profile_holder.presenter).profile_minicard }
+    end
     def following
       @content_cell = "decidim/following"
       @title_key = "following"

data/app/forms/decidim/upload_validation_form.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Decidim
     # Property is named as attribute in upload modal and passthru validator, but
     # it cannot be named as attribute here.
     attribute :property, String
-    attribute :blob, String
+    attribute :blob, Decidim::Attributes::Blob
     attribute :form_class, String
     validates :resource_class, presence: true

data/app/helpers/concerns/decidim/user_role_checker.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+module Decidim
+  module UserRoleChecker
+    # Shared behaviour for signed_in admins
+    extend ActiveSupport::Concern
+    private
+    def user_has_any_role?(user, participatory_space = nil, broad_check: false)
+      return false unless user
+      [
+        user.admin,
+        user.roles.any?,
+        participatory_process_user_role?(user, participatory_space, broad_check:),
+        assembly_user_role?(user, participatory_space, broad_check:),
+        conference_user_role?(user, participatory_space, broad_check:)
+      ].any?
+    end
+    def participatory_process_user_role?(user, participatory_process = nil, broad_check: false)
+      return false unless Decidim.module_installed?(:participatory_processes)
+      return Decidim::ParticipatoryProcessUserRole.exists?(user:) if broad_check
+      return false unless participatory_process.is_a?(Decidim::ParticipatoryProcess)
+      Decidim::ParticipatoryProcessUserRole.exists?(user:, participatory_process:)
+    end
+    def assembly_user_role?(user, assembly = nil, broad_check: false)
+      return false unless Decidim.module_installed?(:assemblies)
+      return Decidim::AssemblyUserRole.exists?(user:) if broad_check
+      return false unless assembly.is_a?(Decidim::Assembly)
+      Decidim::AssemblyUserRole.exists?(user:, assembly:)
+    end
+    def conference_user_role?(user, conference = nil, broad_check: false)
+      return false unless Decidim.module_installed?(:conferences)
+      return Decidim::ConferenceUserRole.exists?(user:) if broad_check
+      return false unless conference.is_a?(Decidim::Conference)
+      Decidim::ConferenceUserRole.exists?(user:, conference:)
+    end
+  end
+end

data/app/helpers/decidim/cta_button_helper.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Decidim
     # Finds the CTA button path to reuse it in other places.
     def cta_button_path
       if current_organization.cta_button_path.present?
-        current_organization.cta_button_path
+        "/#{current_organization.cta_button_path}"
       elsif Decidim::ParticipatoryProcess.where(organization: current_organization).published.any?
         decidim_participatory_processes.participatory_processes_path
       elsif current_user

data/app/helpers/decidim/layout_helper.rb CHANGED Viewed

@@ -169,6 +169,20 @@ module Decidim
                                           end
     end
+    def current_url(params = request.parameters)
+      return url_for(params) if respond_to?(:current_participatory_space) || respond_to?(:current_component)
+      each_decidim_engine do |helpers|
+        return helpers.url_for(params)
+      rescue ActionController::UrlGenerationError
+        # Continue to next engine in case the URL is not available.
+      end
+      main_app.url_for(params)
+    rescue ActionController::UrlGenerationError
+      "#{request.base_url}#{"?#{params.to_query}" unless params.empty?}"
+    end
     private
     def empty_organization_description?
@@ -177,6 +191,20 @@ module Decidim
       organization_description.blank? || organization_description == "<p></p>"
     end
+    def each_decidim_engine
+      Rails.application.railties.each do |engine|
+        next unless engine.is_a?(Rails::Engine)
+        next unless engine.isolated?
+        next unless engine.engine_name.start_with?("decidim_")
+        next unless respond_to?(engine.engine_name)
+        yield public_send(engine.engine_name)
+      end
+      return unless respond_to?(:decidim)
+      yield decidim
+    end
     def tag_builder
       @tag_builder ||= ActionView::Helpers::TagHelper::TagBuilder.new(self)
     end

data/app/helpers/decidim/map_helper.rb CHANGED Viewed

@@ -35,7 +35,12 @@ module Decidim
             data: { "external-link": "text-only" }
           }.merge(map_html_options)
           return link_to(map_url, html_options) do
-            image_tag decidim.static_map_path(sgid: resource.to_sgid.to_s), alt: "#{map_service_brand} - #{address_text}"
+            # We also add the latitude and the longitude to prevent the Workbox cache to be overly aggressive when updating a map
+            image_tag decidim.static_map_path(
+              sgid: resource.to_sgid.to_s,
+              latitude: resource.latitude,
+              longitude: resource.longitude
+            ), alt: "#{map_service_brand} - #{address_text}"
           end
         end
       end

data/app/helpers/decidim/menu_helper.rb CHANGED Viewed

@@ -49,7 +49,7 @@ module Decidim
         self,
         element_class: "font-semibold underline",
         active_class: "is-active",
-        container_options: { class: "space-y-4 break-inside-avoid" },
+        container_options: { class: "space-y-4 break-inside-avoid", role: :menu },
         label: t("layouts.decidim.footer.decidim_title")
       )
     end

data/app/helpers/decidim/sanitize_helper.rb CHANGED Viewed

@@ -37,13 +37,22 @@ module Decidim
       end
     end
+    # Converts the blob and blob variant references to blob URLs.
+    def decidim_rich_text(html, options = {})
+      renderer = Decidim::ContentProcessor.renderer_klass(:blob).constantize.new(html)
+      renderer.render(options)
+    end
     def decidim_sanitize_editor(html, options = {})
       content_tag(:div, decidim_sanitize(html, options), class: %w(rich-text-display))
     end
     def decidim_sanitize_editor_admin(html, options = {})
       html = Decidim::IframeDisabler.new(html, options).perform
-      decidim_sanitize_editor(html, { scrubber: Decidim::AdminInputScrubber.new }.merge(options))
+      decidim_sanitize_editor(
+        decidim_rich_text(html),
+        { scrubber: Decidim::AdminInputScrubber.new }.merge(options)
+      )
     end
     def decidim_html_escape(text)
@@ -51,7 +60,7 @@ module Decidim
     end
     def decidim_url_escape(text)
-      decidim_html_escape(text).sub(/^javascript:/, "")
+      decidim_html_escape(text).sub(/^\s*javascript:/, "")
     end
     def decidim_sanitize_translated(text)

data/app/helpers/decidim/scopes_helper.rb CHANGED Viewed

@@ -53,11 +53,14 @@ module Decidim
     # options       - An optional Hash with options:
     #
     # Returns nothing.
-    def scopes_select_field(form, name, root: false, options: {})
+    def scopes_select_field(form, name, root: false, options: {}, html_options: {})
+      options = options.merge(include_blank: I18n.t("decidim.scopes.prompt")) unless options.has_key?(:include_blank)
       form.select(
         name,
         ordered_scopes_descendants_for_select(root),
-        options.merge(include_blank: I18n.t("decidim.scopes.prompt"))
+        options,
+        html_options
       )
     end

data/app/models/decidim/action_log.rb CHANGED Viewed

@@ -138,6 +138,7 @@ module Decidim
         Decidim::Proposals::Proposal
         Decidim::Surveys::Survey
         Decidim::Assembly
+        Decidim::Conference
         Decidim::Initiative
         Decidim::ParticipatoryProcess
       ).select do |klass|
@@ -154,7 +155,16 @@ module Decidim
     end
     def self.publicable_public_resource_types
-      @publicable_public_resource_types ||= public_resource_types.select { |klass| klass.constantize.column_names.include?("published_at") }
+      @publicable_public_resource_types ||= public_resource_types
+                                            .select { |klass| klass.constantize.column_names.include?("published_at") } - publicable_exceptions
+    end
+    def self.publicable_exceptions
+      @publicable_exceptions = %w(
+        Decidim::Blogs::Post
+      ).select do |klass|
+        klass.safe_constantize.present?
+      end
     end
     def self.ransackable_scopes(auth_object = nil)

data/app/models/decidim/attachment.rb CHANGED Viewed

@@ -65,7 +65,7 @@ module Decidim
     #
     # Returns String.
     def file_type
-      url&.split(".")&.last&.downcase
+      url&.split(".")&.last&.split("&")&.first&.downcase
     end
     def url

data/app/packs/src/decidim/a11y.js CHANGED Viewed

@@ -59,7 +59,6 @@ const createDropdown = (component) => {
   const dropdownOptions = {};
   dropdownOptions.dropdown = component.dataset.target;
   dropdownOptions.hover = component.dataset.hover === "true";
-  dropdownOptions.isOpen = component.dataset.open === "true";
   dropdownOptions.autoClose = component.dataset.autoClose === "true";
   // This snippet allows to disable the dropdown based on the current viewport
@@ -78,6 +77,17 @@ const createDropdown = (component) => {
     return
   }
+  dropdownOptions.isOpen = component.dataset.open === "true";
+  const isOpen = Object.keys(screens).some((key) => {
+    if (!isScreenSize(key)) {
+      return false;
+    }
+    return Boolean(component.dataset[`open-${key}`.replace(/-([a-z])/g, (str) => str[1].toUpperCase())]);
+  });
+  dropdownOptions.isOpen = dropdownOptions.isOpen || isOpen;
   if (!component.id) {
     // when component has no id, we enforce to have it one
     component.id = `dropdown-${Math.random().toString(36).substring(7)}`
@@ -104,20 +114,6 @@ const createDropdown = (component) => {
     });
   }
-  // Disable focus on children elements so we can pass the AXE accessibility tests
-  const dropdownMenu = document.getElementById(dropdownOptions.dropdown);
-  if (dropdownMenu.getAttribute("aria-hidden") === "true") {
-    dropdownMenu.
-      querySelectorAll("a, input, button").
-      forEach((element) => { element.tabIndex = -1 })
-  }
-  component.addEventListener("click", () => {
-    dropdownMenu.
-      querySelectorAll("a, input, button").
-      forEach((element) => { element.tabIndex = 0 })
-  })
   Dropdowns.render(component.id, dropdownOptions);
 }