decidim-core 0.28.4 → 0.28.6

data/config/locales/zh-CN.yml

@@ -25,6 +25,8 @@ zh-CN:
         password_confirmation: 确认您的密码
         personal_url: 个人网址
         remove_avatar: 删除头像
+      user_group:
+        avatar: 头像
     models:
       decidim/attachment_created_event: 附文
       decidim/component_published_event: 活动组件
@@ -57,6 +59,8 @@ zh-CN:
     'false': '否'
     'true': '否'
   date:
+    buttons:
+      select: 选择
     formats:
       decidim_short: "%d/%m/%Y"
       decidim_with_day_and_month_name: "%A %d %b %Y"
@@ -320,10 +324,16 @@ zh-CN:
         view_all: 查看全部
       metrics:
         name: 组织指标
+      participatory_space_metrics:
+        name: 指标
       stats:
         name: 组织统计
       sub_hero:
         name: 子英雄广告
+    core:
+      application_helper:
+        filter_category_values:
+          all: 所有的
     devise:
       omniauth_registrations:
         new:
@@ -708,6 +718,8 @@ zh-CN:
           new_conversation: 新建对话
           next: 下一个
           title: 对话
+        reply_form:
+          placeholder: 您的回复...
         show:
           back: 回到所有对话
           chat_with: 对话
@@ -722,11 +734,9 @@ zh-CN:
       participants:
         description: 组织中的活跃参与者人数
         object: 参与者
-        title: 参加者
       users:
         description: 参加组织的人数
         object: 参与者
-        title: 参加者
     newsletter_mailer:
       newsletter:
         unsubscribe: 选择不接收这种类型的电子邮件， <a href="%{link}" target="_blank" class="unsubscribe">取消订阅</a>。
@@ -823,6 +833,8 @@ zh-CN:
         conversations: 对话
         followers: 关注者
         following: 关注的问题
+        group_admins: 管理管理员
+        group_members: 管理成员
         groups: 群組
         members: 成员
         officialized: 官方参与者
@@ -831,6 +843,16 @@ zh-CN:
           info: 徽章是通过在平台上执行特定活动赚取的。
           title: 徽章
       user:
+        actions:
+          create_user_group: 创建组
+          edit_profile: 编辑配置文件
+          edit_user_group: 编辑群组资料
+          invite_user: Invite participant
+          join_user_group: 加入组的请求
+          leave_user_group: 离开组
+          manage_user_group_admins: 管理管理员
+          manage_user_group_users: 管理成员
+          resend_email_confirmation_instructions: 重新发送电子邮件确认说明
         create_user_group: 创建组
         edit_profile: 编辑配置文件
         edit_user_group: 编辑群组资料
@@ -916,6 +938,8 @@ zh-CN:
         report: 报告
         spam: 包含点击、广告、骗子或脚本机器人。
         title: 报告不恰当的内容
+      flag_user_modal:
+        close: 关闭
       floating_help:
         help: 帮助
       login_modal:
@@ -923,6 +947,7 @@ zh-CN:
       participatory_space_filters:
         filters:
           areas: 地区
+          scope: 范围
           select_an_area: 选择区域
       reference:
         reference: '引用: %{reference}'

data/config/locales/zh-TW.yml

@@ -31,6 +31,8 @@ zh-TW:
         personal_url: 個人 URL
         remove_avatar: 刪除頭像
         tos_agreement: 同意服務條款
+      user_group:
+        avatar: 頭像
     models:
       decidim/attachment_created_event: 附件
       decidim/component_published_event: 啟用組件
@@ -76,6 +78,8 @@ zh-TW:
     errors:
       file_size_too_large: 檔案太大。
   date:
+    buttons:
+      select: 選擇
     formats:
       decidim_short: "%d/%m/%Y"
       decidim_short_with_month_name_short: "%d %b %Y"
@@ -481,6 +485,8 @@ zh-TW:
         view_all: 檢視全部
       metrics:
         name: 組織指標
+      participatory_space_metrics:
+        name: 指標
       static_page:
         section:
           name: 節
@@ -500,6 +506,9 @@ zh-TW:
       actions:
         login_before_access: 請先登入您的帳戶再進行訪問.
         unauthorized: 您無權限執行此操作.
+      application_helper:
+        filter_category_values:
+          all: 全部
     devise:
       omniauth_registrations:
         create:
@@ -1236,6 +1245,8 @@ zh-TW:
         conversations: 對話
         followers: 追隨者
         following: 關注
+        group_admins: 管理管理員
+        group_members: 管理成員
         groups: 群組
         members: 成員
         officialized: 正式認證參與者
@@ -1251,9 +1262,11 @@ zh-TW:
           edit_user_group: 編輯群組資料
           invite_user: 邀請參與者
           join_user_group: 申請加入群組
+          leave_user_group: 退出群組
           manage_user_group_admins: 管理管理員
           manage_user_group_users: 管理成員
           message: 訊息
+          resend_email_confirmation_instructions: 重新發送電子郵件確認指示
         confirmation_instructions_sent: 電子郵件確認指示已發送.
         create_user_group: 建立群組
         edit_profile: 編輯個人資料
@@ -1368,6 +1381,7 @@ zh-TW:
       participatory_space_filters:
         filters:
           areas: 區域
+          scope: 範圍
           select_an_area: 選擇一個地區
       public_participation:
         public_participation: 公開展示我的出席情況。

data/config/routes.rb

@@ -137,6 +137,7 @@ Decidim::Core::Engine.routes.draw do
     get "group_members", to: "profiles#group_members", as: "profile_group_members"
     get "group_admins", to: "profiles#group_admins", as: "profile_group_admins"
     get "activity", to: "user_activities#index", as: "profile_activity"
+    get "tooltip", to: "profiles#tooltip", as: "profile_tooltip"
     resources :conversations, except: [:destroy], controller: "user_conversations", as: "profile_conversations"
   end
 

data/decidim-core.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   }
   s.summary = "The core of the Decidim framework."
   s.description = "Adds core features so other engines can hook into the framework."
-  s.license = "AGPL-3.0"
+  s.license = "AGPL-3.0-or-later"
   s.required_ruby_version = "~> 3.1.0"
 
   s.files = Dir.chdir(__dir__) do
@@ -31,6 +31,9 @@ Gem::Specification.new do |s|
     end
   end
 
+  # Lock Temporarily as it is failing in 0.29 branch. More info: https://github.com/rails/rails/pull/54264
+  s.add_dependency "concurrent-ruby", "= 1.2.2"
+
   s.add_dependency "active_link_to", "~> 1.0"
   s.add_dependency "acts_as_list", "~> 1.0"
   s.add_dependency "batch-loader", "~> 1.2"

data/lib/decidim/api/functions/component_list.rb

@@ -27,7 +27,7 @@ module Decidim
         @query = Decidim::Component
         # remove default ordering if custom order required
         @query = @query.unscoped if args[:order]
-        @query = @query.where(participatory_space:).published
+        @query = @query.where(participatory_space:)
         add_filter_keys(args[:filter])
         add_order_keys(args[:order].to_h)
         add_default_order

data/lib/decidim/api/functions/participatory_space_finder_base.rb

@@ -22,7 +22,17 @@ module Decidim
         args.compact.keys.each do |key|
           query[key] = args[key]
         end
-        model_class.public_spaces.find_by(query)
+
+        @query =
+          if ctx[:current_user]&.admin?
+            model_class
+          elsif model_class.respond_to?(:visible_for)
+            model_class.visible_for(ctx[:current_user])
+          else
+            model_class.public_spaces
+          end
+
+        @query.find_by(query)
       end
     end
   end

data/lib/decidim/api/interfaces/participatory_space_interface.rb

@@ -23,7 +23,7 @@ module Decidim
         ParticipatorySpaceManifestPresenter.new(object.manifest, object.organization)
       end
 
-      field :components, [ComponentInterface], null: true, description: "Lists the components this space contains." do
+      field :components, [ComponentInterface, { null: true }], null: true, description: "Lists the components this space contains." do
         argument :filter, ComponentInputFilter, "Provides several methods to filter the results", required: false
         argument :order, ComponentInputSort, "Provides several methods to order the results", required: false
       end

data/lib/decidim/api/types/component_type.rb

@@ -5,6 +5,13 @@ module Decidim
     class ComponentType < Decidim::Api::Types::BaseObject
       implements Decidim::Core::ComponentInterface
       description "A base component with no particular specificities."
+
+      def self.authorized?(object, context)
+        context[:component] = object
+        context[:current_component] = object
+
+        super && allowed_to?(:read, :component, object, context)
+      end
     end
   end
 end

data/lib/decidim/api/types/user_group_type.rb

@@ -59,6 +59,10 @@ module Decidim
       def members_count
         object.accepted_memberships.count
       end
+
+      def self.authorized?(object, context)
+        super && !object.blocked?
+      end
     end
   end
 end

data/lib/decidim/api/types/user_type.rb

@@ -62,6 +62,10 @@ module Decidim
       def groups
         object.accepted_user_groups
       end
+
+      def self.authorized?(object, context)
+        super && object.confirmed? && !object.blocked? && !object.deleted?
+      end
     end
   end
 end

data/lib/decidim/attributes/rich_text.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Attributes
+    # Custom attributes value to convert rich text strings in the database, i.e.
+    # strings that originate from the editor.
+    class RichText < Decidim::Attributes::CleanString
+      def type
+        :"decidim/attributes/rich_text"
+      end
+
+      # Serializes the value to the database.
+      def serialize(value)
+        serialize_value(value)
+      end
+
+      private
+
+      # From form to database
+      def serialize_value(value)
+        return value unless value.is_a?(String)
+
+        context = {}
+        parsed = Decidim::ContentProcessor.parse_with_processor(:blob, value, context)
+        parsed.rewrite
+      end
+
+      # From database to form
+      def cast_value(value)
+        clean_string = super
+        return clean_string unless clean_string.is_a?(String)
+
+        renderer = Decidim::ContentProcessor.renderer_klass(:blob).constantize.new(clean_string)
+        renderer.render
+      end
+    end
+  end
+end

data/lib/decidim/attributes/time_with_zone.rb

@@ -5,6 +5,15 @@ module Decidim
     # Custom attributes value to parse a String representing a Time using
     # the app TimeZone.
     class TimeWithZone < ActiveModel::Type::DateTime
+      # Date format: 2020-06-20T, 2020-06-20, 20/06/2020T or 20/06/2020
+      # Time format: 10:20, 10:20:30 or 10:20:30.123456
+      ISO_DATETIME_WITHOUT_TIMEZONE = %r{
+        \A
+        ((\d{4})-(\d\d)-(\d\d)|(\d\d)/(\d\d)/(\d{4}))(?:T|\s)
+        (\d\d):(\d\d)(:(\d\d)(?:\.(\d{1,6})\d*)?)?
+        \z
+      }x
+
       def type
         :"decidim/attributes/time_with_zone"
       end
@@ -14,12 +23,17 @@ module Decidim
       def cast_value(value)
         return value unless value.is_a?(String)
 
-        Time.zone.strptime(value, I18n.t("time.formats.decidim_short"))
+        if Date._iso8601(value).present?
+          Time.zone.iso8601(value)
+        else
+          Time.zone.strptime(value, I18n.t("time.formats.decidim_short"))
+        end
       rescue ArgumentError
         fallback = super
         return fallback unless fallback.is_a?(Time)
+        return Time.zone.parse(fallback.strftime("%F %T")) if ISO_DATETIME_WITHOUT_TIMEZONE.match?(value)
 
-        Time.zone.parse(fallback.strftime("%F %T"))
+        ActiveSupport::TimeWithZone.new(fallback, Time.zone)
       end
     end
   end

data/lib/decidim/attributes.rb

@@ -5,6 +5,7 @@ module Decidim
     autoload :TimeWithZone, "decidim/attributes/time_with_zone"
     autoload :LocalizedDate, "decidim/attributes/localized_date"
     autoload :CleanString, "decidim/attributes/clean_string"
+    autoload :RichText, "decidim/attributes/rich_text"
     autoload :Blob, "decidim/attributes/blob"
     autoload :Array, "decidim/attributes/array"
     autoload :Hash, "decidim/attributes/hash"
@@ -27,6 +28,7 @@ module Decidim
     ActiveModel::Type.register(:"decidim/attributes/time_with_zone", Decidim::Attributes::TimeWithZone)
     ActiveModel::Type.register(:"decidim/attributes/localized_date", Decidim::Attributes::LocalizedDate)
     ActiveModel::Type.register(:"decidim/attributes/clean_string", Decidim::Attributes::CleanString)
+    ActiveModel::Type.register(:"decidim/attributes/rich_text", Decidim::Attributes::RichText)
     ActiveModel::Type.register(:"decidim/attributes/blob", Decidim::Attributes::Blob)
 
     # Overrides

data/lib/decidim/content_parsers/blob_parser.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+module Decidim
+  module ContentParsers
+    # Parses any blob URLs from the content and replaces them with references
+    # to those blobs.
+    class BlobParser < BaseParser
+      # Matches all possible URLs pointing to ActiveStorage::Blob objects.
+      #
+      # Possible routes:
+      # get "/blobs/redirect/:signed_id/*filename"
+      # get "/blobs/proxy/:signed_id/*filename"
+      # get "/blobs/:signed_id/*filename"
+      # get "/representations/redirect/:signed_blob_id/:variation_key/*filename"
+      # get "/representations/proxy/:signed_blob_id/:variation_key/*filename"
+      # get "/representations/:signed_blob_id/:variation_key/*filename"
+      # get  "/disk/:encoded_key/*filename"
+      #
+      # See:
+      # https://github.com/rails/rails/blob/a7e379896552ce43b822385c03c37f2bd47739d3/activestorage/config/routes.rb#L5-L14
+      BLOB_REGEX = %r{
+        # Group 1: Host part
+        (?<host_part>
+          # Group 2: Domain and subpath part
+          #{URI::DEFAULT_PARSER.make_regexp(%w(https http))}
+        )?
+        /rails/active_storage
+        # Group 3: Blob path, representation path or disk service path
+        /(?<type_part>blobs/redirect|blobs/proxy|blobs|representations/redirect|representations/proxy|representations|disk)
+        # Group 4: Signed ID for blobs or encoded key for disk service
+        /(?<key_part>[^/]+)
+        # Group 5: Variation part (only for representations)
+        (
+          # Group 6: Variation key for representations
+          /(?<variation_part>[\w.=-]+)
+        )?
+        # Group 7: Filename
+        /([\w.=-]+)
+      }x
+
+      def rewrite
+        replace_blobs(content)
+      end
+
+      private
+
+      def replace_blobs(text)
+        text.gsub(BLOB_REGEX) do |match|
+          named_captures = Regexp.last_match.named_captures
+
+          type_part = named_captures["type_part"]
+          key_part = named_captures["key_part"]
+
+          variation_key = nil
+          blob =
+            if type_part == "disk"
+              # Disk service URL
+              decoded = ActiveStorage.verifier.verified(key_part, purpose: :blob_key)
+              ActiveStorage::Blob.find_by(key: decoded[:key]) if decoded
+            else
+              # Representation or blob
+              if type_part.start_with?("representations")
+                # Representation
+                variation_part = named_captures["variation_part"]
+                variation_key = generate_variation_key(variation_part)
+              end
+
+              ActiveStorage::Blob.find_signed(key_part)
+            end
+          next match unless blob
+
+          "#{blob.to_global_id}#{"/#{variation_key}" if variation_key}"
+        end
+      end
+
+      def generate_variation_key(variation_part)
+        # The variation part has to be decoded because it will eventually
+        # expire. This way we can preserve the variation information
+        # longer.
+        variation = ActiveStorage.verifier.verify(variation_part, purpose: :variation)
+        return unless variation
+
+        # Convert to base64 encoded JSON string for better representation within
+        # the URLs. This manually encoded part will not expire as it is
+        # persisted to the database.
+        Base64.strict_encode64(ActiveSupport::JSON.encode(variation))
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        # This happens if the variation key is already expired in which
+        # case it cannot be represented and instead a URL to the blob is
+        # created.
+        variation_part
+      end
+    end
+  end
+end

data/lib/decidim/content_parsers/user_parser.rb

@@ -49,7 +49,7 @@ module Decidim
 
       def existing_mentionables
         @existing_mentionables ||= mentionable_class.where(
-          "decidim_organization_id = ? AND LOWER(nickname) IN (?)",
+          "decidim_organization_id = ? AND nickname IN (?)",
           current_organization.id,
           content_nicknames
         )

data/lib/decidim/content_parsers.rb

@@ -3,6 +3,7 @@
 module Decidim
   module ContentParsers
     autoload :BaseParser, "decidim/content_parsers/base_parser"
+    autoload :BlobParser, "decidim/content_parsers/blob_parser"
     autoload :UserParser, "decidim/content_parsers/user_parser"
     autoload :UserGroupParser, "decidim/content_parsers/user_group_parser"
     autoload :HashtagParser, "decidim/content_parsers/hashtag_parser"

data/lib/decidim/content_renderers/blob_renderer.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+module Decidim
+  module ContentRenderers
+    # A renderer that searches Global IDs representing blobs in content and
+    # replaces it with a URL to these blobs.
+    #
+    # e.g. gid://<APP_NAME>/ActiveStorage::Blob/1
+    #
+    # OR for representations
+    #
+    # e.g. gid://<APP_NAME>/ActiveStorage::Blob/1/<encoded variant transformations>
+    #
+    # The `<encoded variant transformations>` part of the URL is a Base64
+    # encoded string that contains an unencrypted JSON-encoded value about the
+    # blob transformations. This way the specific representations can be stored
+    # in the database without having these values expiring.
+    #
+    # @see BaseRenderer Examples of how to use a content renderer
+    class BlobRenderer < BaseRenderer
+      # Matches a global id representing a Decidim::User
+      GLOBAL_ID_REGEX = %r{(gid://[\w-]+/ActiveStorage::Blob/\d+)(/([\w=-]+))?}
+
+      # Replaces found Global IDs matching an existing blob with a URL to
+      # that blob. The Global IDs representing an invalid ActiveStorage::Blob
+      # are replaced with an empty string.
+      #
+      # @return [String] the content ready to display (contains HTML)
+      def render(_options = nil)
+        replace_pattern(content, GLOBAL_ID_REGEX)
+      end
+
+      protected
+
+      def replace_pattern(text, pattern)
+        return text unless text.respond_to?(:gsub)
+
+        text.gsub(pattern) do
+          blob_gid = Regexp.last_match(1)
+          variation_key = Regexp.last_match(3)
+
+          blob = GlobalID::Locator.locate(blob_gid)
+          if variation_key
+            variation = begin
+              ActiveSupport::JSON.decode(Base64.strict_decode64(variation_key))
+            rescue JSON::ParseError
+              variation_key
+            end
+            blob_url(blob, variation)
+          else
+            blob_url(blob)
+          end
+        rescue ActiveRecord::RecordNotFound => _e
+          ""
+        end
+      end
+
+      def blob_url(blob, variation = nil)
+        url = begin
+          if variation
+            blob.variant(variation).url
+          else
+            blob.url
+          end
+        rescue ArgumentError
+          # ArgumentError is raised in case the blob's service is set to
+          # ActiveStorage::Service::DiskService and
+          # `ActiveStorage::Current.url_options` is not set.
+        end
+        raise URI::InvalidURIError if url.blank?
+
+        url
+      rescue URI::InvalidURIError
+        local_blob_url(blob, variation)
+      end
+
+      def local_blob_url(blob, variation = nil)
+        if variation
+          routes.rails_representation_url(blob.variant(variation), only_path: true)
+        else
+          routes.rails_blob_url(blob, only_path: true)
+        end
+      end
+
+      def routes
+        @routes ||= Rails.application.routes.url_helpers
+      end
+    end
+  end
+end

data/lib/decidim/content_renderers.rb

@@ -3,6 +3,7 @@
 module Decidim
   module ContentRenderers
     autoload :BaseRenderer, "decidim/content_renderers/base_renderer"
+    autoload :BlobRenderer, "decidim/content_renderers/blob_renderer"
     autoload :UserRenderer, "decidim/content_renderers/user_renderer"
     autoload :UserGroupRenderer, "decidim/content_renderers/user_group_renderer"
     autoload :HashtagRenderer, "decidim/content_renderers/hashtag_renderer"

data/lib/decidim/core/engine.rb

@@ -237,6 +237,34 @@ module Decidim
         app.config.action_mailer.deliver_later_queue_name = :mailers
       end
 
+      initializer "decidim_core.active_storage", before: "active_storage.configs" do |app|
+        next if app.config.active_storage.service_urls_expire_in.present?
+
+        # Ensure that the ActiveStorage URLs are valid long enough because with
+        # the default configuration they would expire in 5 minutes which is a
+        # problem:
+        #   a) for the backend blob URL replacement
+        #   and
+        #   b) for caching
+        #
+        # Note the limitations for each storage service regarding the signed URL
+        # expiration times. This limitation has to be also considered when
+        # defining a caching strategy, otherwise e.g. images or files may not
+        # display correctly when caching is enabled.
+        #
+        # ActiveStorage disk service (default): no limitation
+        #
+        # S3: maximum is 7 days from the creation of the URL
+        # https://docs.aws.amazon.com/AmazonS3/latest/userguide/PresignedUrlUploadObject.html
+        #
+        # Google: maximum is 7 days (604800 seconds)
+        # https://cloud.google.com/storage/docs/access-control/signed-urls
+        #
+        # Azure: no limitation
+        # https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview#best-practices-when-using-sas
+        app.config.active_storage.service_urls_expire_in = 7.days
+      end
+
       initializer "decidim_core.signed_global_id", after: "global_id" do |app|
         next if app.config.global_id.fetch(:expires_in, nil).present?
 
@@ -417,7 +445,7 @@ module Decidim
 
       initializer "decidim_core.content_processors" do |_app|
         Decidim.configure do |config|
-          config.content_processors += [:user, :user_group, :hashtag, :link]
+          config.content_processors += [:user, :user_group, :hashtag, :link, :blob]
         end
       end
 

data/lib/decidim/core/test/factories.rb

@@ -203,8 +203,15 @@ FactoryBot.define do
     end
 
     trait :deleted do
+      name { "" }
+      nickname { "" }
       email { "" }
+      delete_reason { "I want to delete my account" }
+      admin { false }
       deleted_at { Time.current }
+      avatar { nil }
+      personal_url { "" }
+      about { "" }
     end
 
     trait :admin_terms_accepted do
@@ -1001,4 +1008,25 @@ FactoryBot.define do
         end
     end
   end
+
+  factory :blob, class: "ActiveStorage::Blob" do
+    transient do
+      filepath { Decidim::Dev.asset("city.jpeg") }
+    end
+
+    filename { File.basename(filepath) }
+    content_type { MiniMime.lookup_by_filename(filepath)&.content_type || "text/plain" }
+
+    before(:create) do |object, evaluator|
+      object.upload(File.open(evaluator.filepath))
+    end
+
+    trait :image do
+      filepath { Decidim::Dev.asset("city.jpeg") }
+    end
+
+    trait :document do
+      filepath { Decidim::Dev.asset("Exampledocument.pdf") }
+    end
+  end
 end

data/lib/decidim/core/test/shared_examples/authorable_interface_examples.rb

@@ -18,7 +18,7 @@ shared_examples_for "authorable interface" do
     end
 
     describe "with a regular user" do
-      let(:author) { create(:user, organization: model.participatory_space.organization) }
+      let(:author) { create(:user, :confirmed, organization: model.participatory_space.organization) }
       let(:query) { "{ author { name } }" }
 
       before do