decidim-core 0.28.3 → 0.28.5

data/config/locales/tr-TR.yml

@@ -379,6 +379,10 @@ tr:
         name: Organizasyon istatistikleri
       sub_hero:
         name: Alt ana afişi
+    core:
+      application_helper:
+        filter_category_values:
+          all: Herşey
     devise:
       omniauth_registrations:
         new:
@@ -957,7 +961,7 @@ tr:
     scopes:
       global: Küresel kapsamı
       picker:
-        cancel: İptal etmek
+        cancel: İptal Et
         change: Seçili kapsamı değiştir
         choose: seçmek
         currently_selected: Şu anda seçili kapsam
@@ -1027,6 +1031,7 @@ tr:
       participatory_space_filters:
         filters:
           areas: alanlar
+          scope: Kapsam
           select_an_area: Bir bölge seçin
       progress: "Süreç\nİlerleme"
       reference:

data/config/locales/uk.yml

@@ -191,6 +191,10 @@ uk:
         name: Статистика організації
       sub_hero:
         name: Під-багатирський банер
+    core:
+      application_helper:
+        filter_category_values:
+          all: Усі
     devise:
       omniauth_registrations:
         new:
@@ -417,7 +421,6 @@ uk:
     scopes:
       global: Всеохопний обсяг
       picker:
-        cancel: Скасувати
         choose: Оберіть
         title: Оберіть %{field}
       prompt: Оберіть обсяг

data/config/locales/zh-CN.yml

@@ -324,6 +324,10 @@ zh-CN:
         name: 组织统计
       sub_hero:
         name: 子英雄广告
+    core:
+      application_helper:
+        filter_category_values:
+          all: 所有的
     devise:
       omniauth_registrations:
         new:
@@ -923,6 +927,7 @@ zh-CN:
       participatory_space_filters:
         filters:
           areas: 地区
+          scope: 范围
           select_an_area: 选择区域
       reference:
         reference: '引用: %{reference}'

data/config/locales/zh-TW.yml

@@ -500,6 +500,9 @@ zh-TW:
       actions:
         login_before_access: 請先登入您的帳戶再進行訪問.
         unauthorized: 您無權限執行此操作.
+      application_helper:
+        filter_category_values:
+          all: 全部
     devise:
       omniauth_registrations:
         create:
@@ -824,7 +827,6 @@ zh-TW:
           title_required: 標題為必填欄位！
           uploaded: 已上傳
           validating: 驗證中...
-          validation_error: 驗證錯誤!
         select_file: 選擇檔案
       upload_help:
         dropzone: 將檔案拖曳到此處或點擊按鈕上傳。
@@ -1369,6 +1371,7 @@ zh-TW:
       participatory_space_filters:
         filters:
           areas: 區域
+          scope: 範圍
           select_an_area: 選擇一個地區
       public_participation:
         public_participation: 公開展示我的出席情況。

data/config/routes.rb

@@ -137,6 +137,7 @@ Decidim::Core::Engine.routes.draw do
     get "group_members", to: "profiles#group_members", as: "profile_group_members"
     get "group_admins", to: "profiles#group_admins", as: "profile_group_admins"
     get "activity", to: "user_activities#index", as: "profile_activity"
+    get "tooltip", to: "profiles#tooltip", as: "profile_tooltip"
     resources :conversations, except: [:destroy], controller: "user_conversations", as: "profile_conversations"
   end
 

data/decidim-core.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   }
   s.summary = "The core of the Decidim framework."
   s.description = "Adds core features so other engines can hook into the framework."
-  s.license = "AGPL-3.0"
+  s.license = "AGPL-3.0-or-later"
   s.required_ruby_version = "~> 3.1.0"
 
   s.files = Dir.chdir(__dir__) do
@@ -31,6 +31,9 @@ Gem::Specification.new do |s|
     end
   end
 
+  # Lock Temporarily as it is failing in 0.29 branch. More info: https://github.com/rails/rails/pull/54264
+  s.add_dependency "concurrent-ruby", "= 1.2.2"
+
   s.add_dependency "active_link_to", "~> 1.0"
   s.add_dependency "acts_as_list", "~> 1.0"
   s.add_dependency "batch-loader", "~> 1.2"

data/lib/decidim/api/functions/component_list.rb

@@ -27,7 +27,7 @@ module Decidim
         @query = Decidim::Component
         # remove default ordering if custom order required
         @query = @query.unscoped if args[:order]
-        @query = @query.where(participatory_space:).published
+        @query = @query.where(participatory_space:)
         add_filter_keys(args[:filter])
         add_order_keys(args[:order].to_h)
         add_default_order

data/lib/decidim/api/functions/participatory_space_finder_base.rb

@@ -22,7 +22,17 @@ module Decidim
         args.compact.keys.each do |key|
           query[key] = args[key]
         end
-        model_class.public_spaces.find_by(query)
+
+        @query =
+          if ctx[:current_user]&.admin?
+            model_class
+          elsif model_class.respond_to?(:visible_for)
+            model_class.visible_for(ctx[:current_user])
+          else
+            model_class.public_spaces
+          end
+
+        @query.find_by(query)
       end
     end
   end

data/lib/decidim/api/interfaces/participatory_space_interface.rb

@@ -23,7 +23,7 @@ module Decidim
         ParticipatorySpaceManifestPresenter.new(object.manifest, object.organization)
       end
 
-      field :components, [ComponentInterface], null: true, description: "Lists the components this space contains." do
+      field :components, [ComponentInterface, { null: true }], null: true, description: "Lists the components this space contains." do
         argument :filter, ComponentInputFilter, "Provides several methods to filter the results", required: false
         argument :order, ComponentInputSort, "Provides several methods to order the results", required: false
       end

data/lib/decidim/api/types/component_type.rb

@@ -5,6 +5,13 @@ module Decidim
     class ComponentType < Decidim::Api::Types::BaseObject
       implements Decidim::Core::ComponentInterface
       description "A base component with no particular specificities."
+
+      def self.authorized?(object, context)
+        context[:component] = object
+        context[:current_component] = object
+
+        super && allowed_to?(:read, :component, object, context)
+      end
     end
   end
 end

data/lib/decidim/api/types/user_group_type.rb

@@ -59,6 +59,10 @@ module Decidim
       def members_count
         object.accepted_memberships.count
       end
+
+      def self.authorized?(object, context)
+        super && !object.blocked?
+      end
     end
   end
 end

data/lib/decidim/api/types/user_type.rb

@@ -62,6 +62,10 @@ module Decidim
       def groups
         object.accepted_user_groups
       end
+
+      def self.authorized?(object, context)
+        super && object.confirmed? && !object.blocked? && !object.deleted?
+      end
     end
   end
 end

data/lib/decidim/attributes/rich_text.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Attributes
+    # Custom attributes value to convert rich text strings in the database, i.e.
+    # strings that originate from the editor.
+    class RichText < Decidim::Attributes::CleanString
+      def type
+        :"decidim/attributes/rich_text"
+      end
+
+      # Serializes the value to the database.
+      def serialize(value)
+        serialize_value(value)
+      end
+
+      private
+
+      # From form to database
+      def serialize_value(value)
+        return value unless value.is_a?(String)
+
+        context = {}
+        parsed = Decidim::ContentProcessor.parse_with_processor(:blob, value, context)
+        parsed.rewrite
+      end
+
+      # From database to form
+      def cast_value(value)
+        clean_string = super
+        return clean_string unless clean_string.is_a?(String)
+
+        renderer = Decidim::ContentProcessor.renderer_klass(:blob).constantize.new(clean_string)
+        renderer.render
+      end
+    end
+  end
+end

data/lib/decidim/attributes/time_with_zone.rb

@@ -5,6 +5,15 @@ module Decidim
     # Custom attributes value to parse a String representing a Time using
     # the app TimeZone.
     class TimeWithZone < ActiveModel::Type::DateTime
+      # Date format: 2020-06-20T, 2020-06-20, 20/06/2020T or 20/06/2020
+      # Time format: 10:20, 10:20:30 or 10:20:30.123456
+      ISO_DATETIME_WITHOUT_TIMEZONE = %r{
+        \A
+        ((\d{4})-(\d\d)-(\d\d)|(\d\d)/(\d\d)/(\d{4}))(?:T|\s)
+        (\d\d):(\d\d)(:(\d\d)(?:\.(\d{1,6})\d*)?)?
+        \z
+      }x
+
       def type
         :"decidim/attributes/time_with_zone"
       end
@@ -18,8 +27,9 @@ module Decidim
       rescue ArgumentError
         fallback = super
         return fallback unless fallback.is_a?(Time)
+        return Time.zone.parse(fallback.strftime("%F %T")) if ISO_DATETIME_WITHOUT_TIMEZONE.match?(value)
 
-        Time.zone.parse(fallback.strftime("%F %T"))
+        ActiveSupport::TimeWithZone.new(fallback, Time.zone)
       end
     end
   end

data/lib/decidim/attributes.rb

@@ -5,6 +5,7 @@ module Decidim
     autoload :TimeWithZone, "decidim/attributes/time_with_zone"
     autoload :LocalizedDate, "decidim/attributes/localized_date"
     autoload :CleanString, "decidim/attributes/clean_string"
+    autoload :RichText, "decidim/attributes/rich_text"
     autoload :Blob, "decidim/attributes/blob"
     autoload :Array, "decidim/attributes/array"
     autoload :Hash, "decidim/attributes/hash"
@@ -27,6 +28,7 @@ module Decidim
     ActiveModel::Type.register(:"decidim/attributes/time_with_zone", Decidim::Attributes::TimeWithZone)
     ActiveModel::Type.register(:"decidim/attributes/localized_date", Decidim::Attributes::LocalizedDate)
     ActiveModel::Type.register(:"decidim/attributes/clean_string", Decidim::Attributes::CleanString)
+    ActiveModel::Type.register(:"decidim/attributes/rich_text", Decidim::Attributes::RichText)
     ActiveModel::Type.register(:"decidim/attributes/blob", Decidim::Attributes::Blob)
 
     # Overrides

data/lib/decidim/content_parsers/blob_parser.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+module Decidim
+  module ContentParsers
+    # Parses any blob URLs from the content and replaces them with references
+    # to those blobs.
+    class BlobParser < BaseParser
+      # Matches all possible URLs pointing to ActiveStorage::Blob objects.
+      #
+      # Possible routes:
+      # get "/blobs/redirect/:signed_id/*filename"
+      # get "/blobs/proxy/:signed_id/*filename"
+      # get "/blobs/:signed_id/*filename"
+      # get "/representations/redirect/:signed_blob_id/:variation_key/*filename"
+      # get "/representations/proxy/:signed_blob_id/:variation_key/*filename"
+      # get "/representations/:signed_blob_id/:variation_key/*filename"
+      # get  "/disk/:encoded_key/*filename"
+      #
+      # See:
+      # https://github.com/rails/rails/blob/a7e379896552ce43b822385c03c37f2bd47739d3/activestorage/config/routes.rb#L5-L14
+      BLOB_REGEX = %r{
+        # Group 1: Host part
+        (
+          # Group 2: Domain and subpath part
+          https?://((?!/rails).)+
+        )?
+        /rails/active_storage
+        # Group 3: Blob path, representation path or disk service path
+        /(blobs/redirect|blobs/proxy|blobs|representations/redirect|representations/proxy|representations|disk)
+        # Group 4: Signed ID for blobs or encoded key for disk service
+        /([^/]+)
+        # Group 5: Variation part (only for representations)
+        (
+          # Group 6: Variation key for representations
+          /([\w.=-]+)
+        )?
+        # Group 7: Filename
+        /([\w.=-]+)
+      }x
+
+      def rewrite
+        replace_blobs(content)
+      end
+
+      private
+
+      def replace_blobs(text)
+        text.gsub(BLOB_REGEX) do |match|
+          type_part = Regexp.last_match(3)
+          key_part = Regexp.last_match(4)
+
+          variation_key = nil
+          blob =
+            if type_part == "disk"
+              # Disk service URL
+              decoded = ActiveStorage.verifier.verified(key_part, purpose: :blob_key)
+              ActiveStorage::Blob.find_by(key: decoded[:key]) if decoded
+            else
+              # Representation or blob
+              if type_part.start_with?("representations")
+                # Representation
+                variation_part = Regexp.last_match(6)
+                variation_key = generate_variation_key(variation_part)
+              end
+
+              ActiveStorage::Blob.find_signed(key_part)
+            end
+          next match unless blob
+
+          "#{blob.to_global_id}#{"/#{variation_key}" if variation_key}"
+        end
+      end
+
+      def generate_variation_key(variation_part)
+        # The variation part has to be decoded because it will eventually
+        # expire. This way we can preserve the variation information
+        # longer.
+        variation = ActiveStorage.verifier.verify(variation_part, purpose: :variation)
+        return unless variation
+
+        # Convert to base64 encoded JSON string for better representation within
+        # the URLs. This manually encoded part will not expire as it is
+        # persisted to the database.
+        Base64.strict_encode64(ActiveSupport::JSON.encode(variation))
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        # This happens if the variation key is already expired in which
+        # case it cannot be represented and instead a URL to the blob is
+        # created.
+        variation_part
+      end
+    end
+  end
+end

data/lib/decidim/content_parsers.rb

@@ -3,6 +3,7 @@
 module Decidim
   module ContentParsers
     autoload :BaseParser, "decidim/content_parsers/base_parser"
+    autoload :BlobParser, "decidim/content_parsers/blob_parser"
     autoload :UserParser, "decidim/content_parsers/user_parser"
     autoload :UserGroupParser, "decidim/content_parsers/user_group_parser"
     autoload :HashtagParser, "decidim/content_parsers/hashtag_parser"

data/lib/decidim/content_renderers/blob_renderer.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+module Decidim
+  module ContentRenderers
+    # A renderer that searches Global IDs representing blobs in content and
+    # replaces it with a URL to these blobs.
+    #
+    # e.g. gid://<APP_NAME>/ActiveStorage::Blob/1
+    #
+    # OR for representations
+    #
+    # e.g. gid://<APP_NAME>/ActiveStorage::Blob/1/<encoded variant transformations>
+    #
+    # The `<encoded variant transformations>` part of the URL is a Base64
+    # encoded string that contains an unencrypted JSON-encoded value about the
+    # blob transformations. This way the specific representations can be stored
+    # in the database without having these values expiring.
+    #
+    # @see BaseRenderer Examples of how to use a content renderer
+    class BlobRenderer < BaseRenderer
+      # Matches a global id representing a Decidim::User
+      GLOBAL_ID_REGEX = %r{(gid://[\w-]+/ActiveStorage::Blob/\d+)(/([\w=-]+))?}
+
+      # Replaces found Global IDs matching an existing blob with a URL to
+      # that blob. The Global IDs representing an invalid ActiveStorage::Blob
+      # are replaced with an empty string.
+      #
+      # @return [String] the content ready to display (contains HTML)
+      def render(_options = nil)
+        replace_pattern(content, GLOBAL_ID_REGEX)
+      end
+
+      protected
+
+      def replace_pattern(text, pattern)
+        return text unless text.respond_to?(:gsub)
+
+        text.gsub(pattern) do
+          blob_gid = Regexp.last_match(1)
+          variation_key = Regexp.last_match(3)
+
+          blob = GlobalID::Locator.locate(blob_gid)
+          if variation_key
+            variation = begin
+              ActiveSupport::JSON.decode(Base64.strict_decode64(variation_key))
+            rescue JSON::ParseError
+              variation_key
+            end
+            blob_url(blob, variation)
+          else
+            blob_url(blob)
+          end
+        rescue ActiveRecord::RecordNotFound => _e
+          ""
+        end
+      end
+
+      def blob_url(blob, variation = nil)
+        url = begin
+          if variation
+            blob.variant(variation).url
+          else
+            blob.url
+          end
+        rescue ArgumentError
+          # ArgumentError is raised in case the blob's service is set to
+          # ActiveStorage::Service::DiskService and
+          # `ActiveStorage::Current.url_options` is not set.
+        end
+        raise URI::InvalidURIError if url.blank?
+
+        url
+      rescue URI::InvalidURIError
+        local_blob_url(blob, variation)
+      end
+
+      def local_blob_url(blob, variation = nil)
+        if variation
+          routes.rails_representation_url(blob.variant(variation), only_path: true)
+        else
+          routes.rails_blob_url(blob, only_path: true)
+        end
+      end
+
+      def routes
+        @routes ||= Rails.application.routes.url_helpers
+      end
+    end
+  end
+end

data/lib/decidim/content_renderers.rb

@@ -3,6 +3,7 @@
 module Decidim
   module ContentRenderers
     autoload :BaseRenderer, "decidim/content_renderers/base_renderer"
+    autoload :BlobRenderer, "decidim/content_renderers/blob_renderer"
     autoload :UserRenderer, "decidim/content_renderers/user_renderer"
     autoload :UserGroupRenderer, "decidim/content_renderers/user_group_renderer"
     autoload :HashtagRenderer, "decidim/content_renderers/hashtag_renderer"

data/lib/decidim/core/engine.rb

@@ -237,6 +237,34 @@ module Decidim
         app.config.action_mailer.deliver_later_queue_name = :mailers
       end
 
+      initializer "decidim_core.active_storage", before: "active_storage.configs" do |app|
+        next if app.config.active_storage.service_urls_expire_in.present?
+
+        # Ensure that the ActiveStorage URLs are valid long enough because with
+        # the default configuration they would expire in 5 minutes which is a
+        # problem:
+        #   a) for the backend blob URL replacement
+        #   and
+        #   b) for caching
+        #
+        # Note the limitations for each storage service regarding the signed URL
+        # expiration times. This limitation has to be also considered when
+        # defining a caching strategy, otherwise e.g. images or files may not
+        # display correctly when caching is enabled.
+        #
+        # ActiveStorage disk service (default): no limitation
+        #
+        # S3: maximum is 7 days from the creation of the URL
+        # https://docs.aws.amazon.com/AmazonS3/latest/userguide/PresignedUrlUploadObject.html
+        #
+        # Google: maximum is 7 days (604800 seconds)
+        # https://cloud.google.com/storage/docs/access-control/signed-urls
+        #
+        # Azure: no limitation
+        # https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview#best-practices-when-using-sas
+        app.config.active_storage.service_urls_expire_in = 7.days
+      end
+
       initializer "decidim_core.signed_global_id", after: "global_id" do |app|
         next if app.config.global_id.fetch(:expires_in, nil).present?
 
@@ -275,6 +303,12 @@ module Decidim
         app.config.exceptions_app = Decidim::Core::Engine.routes
       end
 
+      initializer "decidim_core.direct_uploader_paths", after: "decidim_core.exceptions_app" do |_app|
+        config.to_prepare do
+          ActiveStorage::DirectUploadsController.include Decidim::DirectUpload
+        end
+      end
+
       initializer "decidim_core.locales" do |app|
         app.config.i18n.fallbacks = true
       end
@@ -411,7 +445,7 @@ module Decidim
 
       initializer "decidim_core.content_processors" do |_app|
         Decidim.configure do |config|
-          config.content_processors += [:user, :user_group, :hashtag, :link]
+          config.content_processors += [:user, :user_group, :hashtag, :link, :blob]
         end
       end
 

data/lib/decidim/core/test/factories.rb

@@ -203,8 +203,15 @@ FactoryBot.define do
     end
 
     trait :deleted do
+      name { "" }
+      nickname { "" }
       email { "" }
+      delete_reason { "I want to delete my account" }
+      admin { false }
       deleted_at { Time.current }
+      avatar { nil }
+      personal_url { "" }
+      about { "" }
     end
 
     trait :admin_terms_accepted do
@@ -1001,4 +1008,25 @@ FactoryBot.define do
         end
     end
   end
+
+  factory :blob, class: "ActiveStorage::Blob" do
+    transient do
+      filepath { Decidim::Dev.asset("city.jpeg") }
+    end
+
+    filename { File.basename(filepath) }
+    content_type { MiniMime.lookup_by_filename(filepath)&.content_type || "text/plain" }
+
+    before(:create) do |object, evaluator|
+      object.upload(File.open(evaluator.filepath))
+    end
+
+    trait :image do
+      filepath { Decidim::Dev.asset("city.jpeg") }
+    end
+
+    trait :document do
+      filepath { Decidim::Dev.asset("Exampledocument.pdf") }
+    end
+  end
 end

data/lib/decidim/core/test/shared_examples/authorable_interface_examples.rb

@@ -18,7 +18,7 @@ shared_examples_for "authorable interface" do
     end
 
     describe "with a regular user" do
-      let(:author) { create(:user, organization: model.participatory_space.organization) }
+      let(:author) { create(:user, :confirmed, organization: model.participatory_space.organization) }
       let(:query) { "{ author { name } }" }
 
       before do

data/lib/decidim/core/test/shared_examples/comments_examples.rb

@@ -494,6 +494,16 @@ shared_examples "comments" do
         expect(page).to have_selector("span.comments-count", text: "#{commentable.comments.count} comments")
         expect(page.find("#add-comment-#{commentable.commentable_type.demodulize}-#{commentable.id}").value).to be_empty
       end
+
+      it "shows the entry in last activities" do
+        visit decidim.last_activities_path
+        expect(page).to have_content("New comment: #{content}")
+
+        within "#filters" do
+          find("a", class: "filter", text: "Comment", match: :first).click
+        end
+        expect(page).to have_content("New comment: #{content}")
+      end
     end
 
     context "when user adds a new comment with a link" do
@@ -603,7 +613,7 @@ shared_examples "comments" do
     end
 
     context "when the user has verified organizations" do
-      let(:user_group) { create(:user_group, :verified) }
+      let(:user_group) { create(:user_group, :verified, organization:) }
       let(:content) { "This is a new comment" }
 
       before do
@@ -731,6 +741,20 @@ shared_examples "comments" do
               expect(page).to have_content("Edited")
             end
           end
+
+          it "has only one edit modal" do
+            expect(page).to have_css("#editCommentModal#{comment.id}", visible: :hidden, count: 1)
+            3.times do |index|
+              sleep 2
+              within "#comment_#{comment.id}" do
+                page.find("[id^='dropdown-trigger']").click
+                click_on "Edit"
+              end
+              fill_in "edit_comment_#{comment.id}", with: " This comment has been edited #{1 + index} times"
+              click_on "Send"
+            end
+            expect(page).to have_css("#editCommentModal#{comment.id}", visible: :all, count: 1)
+          end
         end
       end
     end
@@ -1015,7 +1039,6 @@ shared_examples "comments blocked" do
   end
 
   context "when authenticated" do
-    let!(:organization) { create(:organization) }
     let!(:user) { create(:user, :confirmed, organization:) }
     let!(:comments) { create_list(:comment, 3, commentable:) }