RubyGems - decidim-core - Versions diffs - 0.29.1 → 0.30.0.rc1 - Mend

decidim-core 0.29.1 → 0.30.0.rc1

Files changed (517) hide show

data/app/commands/decidim/update_resources_taxonomies.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+module Decidim
+  #  A command with all the business logic when an admin batch updates taxonomies on several resources.
+  class UpdateResourcesTaxonomies < Decidim::Command
+    # Public: Initializes the command.
+    #
+    # taxonomy_ids - the taxonomy ids to update
+    # resources - an ApplicationRecord collection of resources to update.
+    def initialize(taxonomy_ids, resources, organization)
+      @organization = organization
+      @taxonomies = Decidim::Taxonomy.non_roots.where(organization:, id: taxonomy_ids)
+      @resources = resources
+      @response = { taxonomies: [], successful: [], errored: [] }
+    end
+    # Executes the command. Broadcasts these events:
+    #
+    # - :update_resources_taxonomies - when everything is ok, returns @response.
+    # - :invalid_taxonomies - if the taxonomy is blank.
+    # - :invalid_resources - if the resource_ids is blank.
+    #
+    # Returns @response hash:
+    #
+    # - :taxonomies - Array of the updated taxonomies
+    # - :successful - Array of the updated resources
+    # - :errored - Array of the resources not updated because they already had the taxonomies assigned
+    def call
+      return broadcast(:invalid_taxonomies) if @taxonomies.blank?
+      return broadcast(:invalid_resources) if @resources.blank? || !@resources.respond_to?(:find_each)
+      update_resources_taxonomies
+      broadcast(:update_resources_taxonomies, @response)
+    end
+    # Useful for running any code that you may want to execute before updating taxonomies on each resource.
+    def run_before_hooks(resource); end
+    # Useful for running any code that you may want to execute after updating taxonomies on each resource.
+    def run_after_hooks(resource); end
+    private
+    attr_reader :taxonomies, :resources, :organization
+    def update_resources_taxonomies
+      @response[:taxonomies] = taxonomies
+      resources.find_each do |resource|
+        if taxonomies == resource.taxonomies
+          @response[:errored] << resource
+        else
+          update_resource_taxonomies!(resource)
+          @response[:successful] << resource
+        end
+      end
+    end
+    def update_resource_taxonomies!(resource)
+      transaction do
+        run_before_hooks(resource)
+        resource.update!(taxonomies:)
+        run_after_hooks(resource)
+      end
+    end
+  end
+end

data/app/commands/decidim/update_user_group.rb CHANGED Viewed

@@ -22,7 +22,9 @@ module Decidim
       return broadcast(:invalid) if form.invalid?
       was_verified = user_group.verified?
-      update_user_group
+      with_events do
+        update_user_group
+      end
       notify_admins if was_verified
       broadcast(:ok, user_group)
@@ -32,6 +34,10 @@ module Decidim
     attr_reader :form, :user_group
+    def event_arguments
+      { resource: user_group }
+    end
     def update_user_group
       user_group_attributes = attributes
       user_group_attributes.delete(:avatar) if form.avatar.blank?

data/app/constraints/decidim/current_component.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module Decidim
     end
     def detect_current_component(params)
-      @participatory_space.components.find do |component|
+      @participatory_space.components.with_deleted.find do |component|
         params["component_id"] == component.id.to_s && component.manifest_name == @manifest.name.to_s
       end
     end

data/app/controllers/concerns/decidim/ajax_permission_handler.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module AjaxPermissionHandler
+    extend ActiveSupport::Concern
+    included do
+      rescue_from Decidim::ActionForbidden, with: :ajax_user_has_no_permission
+    end
+    private
+    def ajax_user_has_no_permission
+      return user_has_no_permission unless request.xhr?
+      render json: { message: I18n.t("actions.unauthorized", scope: "decidim.core") }, status: :unprocessable_entity
+    end
+  end
+end

data/app/controllers/concerns/decidim/devise_authentication_methods.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Decidim
   module DeviseAuthenticationMethods
     extend ActiveSupport::Concern
     include Decidim::UserBlockedChecker
+    include Decidim::OnboardingActionMethods
     included do
       def after_sign_in_path_for(user)
@@ -13,8 +14,8 @@ module Decidim
           check_user_block_status(user)
         elsif user.needs_password_update?
           decidim.change_password_path
-        elsif first_login_and_not_authorized?(user) && !user.admin? && !pending_redirect?(user)
-          decidim_verifications.first_login_authorizations_path
+        elsif pending_onboarding_action?(user)
+          decidim_verifications.onboarding_pending_authorizations_path
         else
           super
         end
@@ -27,10 +28,6 @@ module Decidim
       def pending_redirect?(user)
         store_location_for(user, stored_location_for(user))
       end
-      def first_login_and_not_authorized?(user)
-        user.is_a?(User) && user.sign_in_count == 1 && current_organization.available_authorizations.any? && user.verifiable?
-      end
     end
   end
 end

data/app/controllers/concerns/decidim/devise_controllers.rb CHANGED Viewed

@@ -22,6 +22,7 @@ module Decidim
       include NeedsSnippets
       include UserBlockedChecker
       include ActiveStorage::SetCurrent
+      include Decidim::OnboardingActionMethods
       helper Decidim::TranslationsHelper
       helper Decidim::MetaTagsHelper
@@ -36,6 +37,7 @@ module Decidim
       helper Decidim::SocialShareButtonHelper
       helper Decidim::SanitizeHelper
       helper Decidim::ApplicationHelper
+      helper Decidim::OnboardingActionHelper
       layout "layouts/decidim/application"

data/app/controllers/concerns/decidim/disable_redirection_to_external_host.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Decidim
     included do
       def redirect_back(fallback_location:, allow_other_host: true, **args) # rubocop:disable Lint/UnusedMethodArgument
-        super fallback_location:, allow_other_host: Decidim.allow_open_redirects, **args
+        super(fallback_location:, allow_other_host: Decidim.allow_open_redirects, **args)
       end
     end
   end

data/app/controllers/concerns/decidim/ephemeral_session_checker.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module EphemeralSessionChecker
+    extend ActiveSupport::Concern
+    included do
+      before_action :check_ephemeral_user_session, if: :ephemeral_user_signed_in?
+      helper_method :onboarding_manager
+    end
+    private
+    def ephemeral_user_signed_in?
+      user_signed_in? && current_user.ephemeral?
+    end
+    def onboarding_manager
+      @onboarding_manager ||= Decidim::OnboardingManager.new(current_user)
+    end
+    def check_ephemeral_user_session
+      return true unless request.format.html?
+      return destroy_ephemeral_session && redirect_to(decidim.root_path) if onboarding_manager.expired?
+      if onboarding_manager.valid?
+        authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources)
+        return redirect_to decidim_verifications.onboarding_pending_authorizations_path unless authorizations_permitted_paths?(authorizations, onboarding_manager)
+        if authorizations.global_code == :unauthorized
+          flash[:alert] = t("unauthorized", scope: "decidim.core.actions")
+          return destroy_ephemeral_session && redirect_to(decidim.root_path)
+        end
+      end
+      return true
+    end
+    def destroy_ephemeral_session
+      Decidim::DestroyEphemeralUser.call(current_user) do
+        on(:ok) do
+          sign_out(current_user)
+          flash[:notice] = t("ephemeral_session_closed", scope: "decidim.devise.sessions.user")
+        end
+        on(:invalid) do
+          flash[:alert] = t("account.destroy.error", scope: "decidim")
+        end
+      end
+    end
+    # This method determines which paths are allowed to the user based on the
+    # onboarding manager data and the associated authorizations. In all cases
+    # the user is allowed to visit the onboarding pending and the terms of
+    # service pages. In addition:
+    # * If the user is pending to complete an authorization is also allowed to
+    #   navigate in the pages to complete the authorizations and the
+    #   authorizations path to send the request.
+    # * If the user is authorized is also allowed to visit the paths determined
+    #   by the onboarding manager after finishing the authorization flow and
+    #   the associated component.
+    # The method checks the request path and checks if the path starts with one
+    # of the paths of the allowlist
+    def authorizations_permitted_paths?(authorizations, onboarding_manager)
+      paths_list = if authorizations.user_pending?
+                     authorizations.statuses.map(&:current_path).compact.prepend(
+                       decidim_verifications.authorizations_path
+                     )
+                   elsif authorizations.ok?
+                     [onboarding_manager.finished_redirect_path, onboarding_manager.component_path].compact
+                   else
+                     []
+                   end
+      paths_list.prepend(
+        decidim_verifications.onboarding_pending_authorizations_path,
+        decidim.page_path(terms_of_service_page)
+      )
+      paths_list.find { |el| /\A#{URI.parse(el).path}/.match?(request.path) }
+    end
+  end
+end

data/app/controllers/concerns/decidim/filter_resource.rb CHANGED Viewed

@@ -16,11 +16,13 @@ module Decidim
       end
       def method_missing(method_name, *_arguments)
-        @filter.present? && @filter.has_key?(method_name) ? @filter[method_name] : super
+        method = method_name.to_s.gsub(/\[[0-9]+\]$/, "").to_sym
+        @filter.present? && @filter.has_key?(method) ? @filter[method] : super
       end
       def respond_to_missing?(method_name, include_private = false)
-        (@filter.present? && @filter.has_key?(method_name)) || super
+        method = method_name.to_s.gsub(/\[[0-9]+\]$/, "").to_sym
+        (@filter.present? && @filter.has_key?(method)) || super
       end
     end

data/app/controllers/concerns/decidim/has_members_page.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module HasMembersPage
+    extend ActiveSupport::Concern
+    included do
+      helper_method :collection
+      private
+      def can_visit_index?
+        current_user_can_visit_space? && current_participatory_space.members_public_page?
+      end
+      def members
+        @members ||= current_participatory_space.participatory_space_private_users.published
+      end
+      alias_method :collection, :members
+    end
+  end
+end

data/app/controllers/concerns/decidim/headers/browser_feature_permissions.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module Headers
+    # This module controls the "Permissions-Policy" header to define the
+    # specific sets of browser features that the website is able to use.
+    module BrowserFeaturePermissions
+      extend ActiveSupport::Concern
+      included do
+        after_action :define_permissions_policy
+      end
+      private
+      def define_permissions_policy
+        return if response.media_type != "text/html"
+        return if response.headers["Permissions-Policy"].present?
+        # Allow the "unload" and "onbeforeunload" events to be used at the
+        # current domain to prevent the user unintentionally changing the page
+        # when they have something important to do on the page, such as an
+        # unsaved form.
+        #
+        # This header is required because Chrome is phasing this event out due
+        # to some performance issues with the back/forward cache feature of the
+        # browser. However, currently there are no alternative events that would
+        # allow preventing accidental page reloads, tab closing or window
+        # closing.
+        #
+        # For further information, see:
+        # https://developer.chrome.com/docs/web-platform/deprecating-unload
+        # https://github.com/fergald/docs/blob/master/explainers/permissions-policy-unload.md
+        #
+        # Note that even Google suggests using the "beforeunload" for this
+        # particular use case:
+        # https://developer.chrome.com/docs/web-platform/page-lifecycle-api#events
+        #
+        # beforeunload
+        #   Important: the beforeunload event should only be used to alert the
+        #   user of unsaved changes. Once those changes are saved, the event
+        #   should be removed. It should never be added unconditionally to the
+        #   page, as doing so can hurt performance in some cases.
+        response.headers["Permissions-Policy"] = "unload=(self)"
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/locale_switcher.rb CHANGED Viewed

@@ -46,14 +46,14 @@ module Decidim
       #
       # Returns an Array of Strings.
       def available_locales
-        @available_locales ||= (current_organization || Decidim).public_send(:available_locales)
+        @available_locales ||= (current_organization || Decidim).available_locales
       end
       # The default locale of this organization.
       #
       # Returns a String with the default locale.
       def default_locale
-        @default_locale ||= (current_organization || Decidim).public_send(:default_locale)
+        @default_locale ||= (current_organization || Decidim).default_locale
       end
       # Detects the locale priority: query string, user saved, session, browser

data/app/controllers/concerns/decidim/needs_password_change.rb CHANGED Viewed

@@ -28,7 +28,6 @@ module Decidim
                          decidim.accept_tos_path,
                          decidim.download_your_data_path,
                          decidim.export_download_your_data_path,
-                         decidim.download_file_download_your_data_path,
                          decidim.change_password_path].compact
       # ensure that path with or without query string pass
       permitted_paths.find { |el| el.split("?").first == target_path }

data/app/controllers/concerns/decidim/needs_permission.rb CHANGED Viewed

@@ -40,7 +40,8 @@ module Decidim
           current_settings: try(:current_settings),
           component_settings: try(:component_settings),
           current_organization: try(:current_organization),
-          current_component: try(:current_component)
+          current_component: try(:current_component),
+          share_token: try(:store_share_token)
         }
       end

data/app/controllers/concerns/decidim/needs_tos_accepted.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Decidim
     def tos_accepted_by_user
       return true unless request.format.html?
       return true unless current_user
-      return if current_user.tos_accepted?
+      return if current_user.tos_accepted? || current_user.ephemeral?
       return if permitted_paths?
       redirect_to_tos
@@ -33,12 +33,11 @@ module Decidim
     end
     def permitted_paths?
+      return true if request.path.starts_with?(decidim.download_your_data_path)
       permitted_paths = [tos_path,
                          decidim.delete_account_path,
-                         decidim.accept_tos_path,
-                         decidim.download_your_data_path,
-                         decidim.export_download_your_data_path,
-                         decidim.download_file_download_your_data_path]
+                         decidim.accept_tos_path]
       # ensure that path with or without query string pass
       permitted_paths.find { |el| el.split("?").first == request.path }
     end

data/app/controllers/concerns/decidim/onboarding_action_methods.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module OnboardingActionMethods
+    extend ActiveSupport::Concern
+    included do
+      helper_method :pending_onboarding_action?
+      # Returns true if there is a pending onboarding action for the user.
+      # The check if skipped for admins, users that are not verifiable of
+      # organizations that have no available authorizations.
+      def pending_onboarding_action?(user)
+        return false if user.blank?
+        return false if user.admin?
+        return false unless user.verifiable?
+        return false if current_organization.available_authorizations.empty?
+        OnboardingManager.new(user).pending_action?
+      end
+      def store_onboarding_cookie_data!(user)
+        data = onboarding_cookie_data
+        return if data.nil?
+        if data.present?
+          user.extended_data = user.extended_data.merge(data)
+          user.save!
+        end
+        cookies.delete(OnboardingManager::DATA_KEY)
+      end
+      def onboarding_cookie_data
+        data_key = OnboardingManager::DATA_KEY
+        return unless cookies[data_key]
+        { data_key => JSON.parse(cookies[data_key]).transform_keys(&:underscore) }
+      rescue JSON::ParserError
+        {}
+      end
+      def clear_onboarding_data!(user)
+        return if user.ephemeral?
+        user.extended_data = user.extended_data.except(OnboardingManager::DATA_KEY)
+        user.save!
+      end
+    end
+  end
+end

data/app/controllers/decidim/application_controller.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module Decidim
     include NeedsTosAccepted
     include Headers::HttpCachingDisabler
     include Headers::ContentSecurityPolicy
+    include Headers::BrowserFeaturePermissions
     include ActionAuthorization
     include ForceAuthentication
     include SafeRedirect
@@ -25,6 +26,8 @@ module Decidim
     include NeedsPasswordChange
     include LinkedResourceReference
     include ActiveStorage::SetCurrent
+    include OnboardingActionMethods
+    include EphemeralSessionChecker
     helper Decidim::MetaTagsHelper
     helper Decidim::DecidimFormHelper
@@ -41,6 +44,7 @@ module Decidim
     helper Decidim::TwitterSearchHelper
     helper Decidim::SocialShareButtonHelper
     helper Decidim::FiltersHelper
+    helper Decidim::OnboardingActionHelper
     register_permissions(::Decidim::ApplicationController,
                          ::Decidim::Admin::Permissions,
@@ -56,6 +60,12 @@ module Decidim
     skip_before_action :disable_http_caching, unless: :user_signed_in?
+    def store_share_token
+      session[:share_token] = params[:share_token] if params.has_key?(:share_token)
+      session[:share_token].presence
+    end
     private
     # This overrides Devise's method for extracting the path from the URL. We

data/app/controllers/decidim/authorization_modals_controller.rb CHANGED Viewed

@@ -5,10 +5,12 @@ module Decidim
     helper_method :authorizations, :authorize_action_path
     layout false
-    def show; end
+    def show
+      store_onboarding_cookie_data!(current_user)
+    end
     def authorize_action_path(handler_name)
-      authorizations.status_for(handler_name).current_path(redirect_url: URI(request.referer).path)
+      authorizations.status_for(handler_name).current_path(redirect_url:)
     end
     private
@@ -31,5 +33,9 @@ module Decidim
     def authorizations
       @authorizations ||= action_authorized_to(authorization_action, resource:)
     end
+    def redirect_url
+      pending_onboarding_action?(current_user) ? decidim_verifications.onboarding_pending_authorizations_path : URI(request.referer).path
+    end
   end
 end

data/app/controllers/decidim/components/base_controller.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Decidim
       helper Decidim::TranslationsHelper
       helper Decidim::IconHelper
       helper Decidim::ResourceHelper
-      helper Decidim::ScopesHelper
+      helper Decidim::TaxonomiesHelper
       helper Decidim::ActionAuthorizationHelper
       helper Decidim::AttachmentsHelper
       helper Decidim::SanitizeHelper
@@ -30,7 +30,7 @@ module Decidim
                     :current_manifest
       before_action do
-        enforce_permission_to :read, :component, component: current_component, share_token:
+        enforce_permission_to :read, :component, component: current_component
       end
       before_action :redirect_unless_feature_private
@@ -49,10 +49,6 @@ module Decidim
         @current_manifest ||= current_component.manifest
       end
-      def share_token
-        params[:share_token]
-      end
       def permission_scope
         :public
       end
@@ -73,7 +69,7 @@ module Decidim
       def set_component_breadcrumb_item
         context_breadcrumb_items << {
           label: current_component.name,
-          url: root_path,
+          url: Decidim::EngineRouter.main_proxy(current_component).root_path,
           active: false,
           resource: current_component
         }

data/app/controllers/decidim/devise/confirmations_controller.rb CHANGED Viewed

@@ -5,6 +5,7 @@ module Decidim
     # Custom Devise ConfirmationsController to avoid namespace problems.
     class ConfirmationsController < ::Devise::ConfirmationsController
       include Decidim::DeviseControllers
+      include Decidim::OnboardingActionMethods
       helper_method :new_user_group_session_path
@@ -33,6 +34,9 @@ module Decidim
         sign_in(resource)
+        store_onboarding_cookie_data!(resource)
+        return decidim_verifications.onboarding_pending_authorizations_path if pending_onboarding_action?(resource)
         super
       end
     end

data/app/controllers/decidim/devise/omniauth_registrations_controller.rb CHANGED Viewed

@@ -7,6 +7,7 @@ module Decidim
       include FormFactory
       include Decidim::DeviseControllers
       include Decidim::DeviseAuthenticationMethods
+      include NeedsTosAccepted
       def new
         @form = form(OmniauthRegistrationForm).from_params(params[:user])
@@ -36,6 +37,12 @@ module Decidim
             render :new
           end
+          on(:add_tos_errors) do
+            set_flash_message :alert, :add_tos_errors if @form.valid_tos?
+            session[:verified_email] = verified_email
+            render :new_tos_fields
+          end
           on(:error) do |user|
             if user.errors[:email]
               set_flash_message :alert, :failure, kind: @form.provider.capitalize, reason: t("decidim.devise.omniauth_registrations.create.email_already_exists")
@@ -75,7 +82,7 @@ module Decidim
       end
       def verified_email
-        @verified_email ||= oauth_data.dig(:info, :email)
+        @verified_email ||= oauth_data.dig(:info, :email).presence || session[:verified_email]
       end
       def oauth_hash

data/app/controllers/decidim/devise/registrations_controller.rb CHANGED Viewed

@@ -57,7 +57,7 @@ module Decidim
       # Called before resource.save
       def build_resource(hash = nil)
-        super(hash)
+        super
         resource.organization = current_organization
       end

data/app/controllers/decidim/devise/sessions_controller.rb CHANGED Viewed

@@ -24,6 +24,8 @@ module Decidim
             validator = PasswordValidator.new({ attributes: :password })
             user.update!(password_updated_at: nil) unless validator.validate_each(user, :password, sign_in_params[:password])
           end
+          store_onboarding_cookie_data!(user)
         end
       end

data/app/controllers/decidim/doorkeeper/credentials_controller.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Decidim
       end
       def avatar_url
-        avatar_url = current_resource_owner.attached_uploader(:avatar).url(host: current_resource_owner.organization.host)
+        avatar_url = current_resource_owner.attached_uploader(:avatar).url
         return unless avatar_url
         unless %r{^https?://}.match? avatar_url