RubyGems - decidim-core - Versions diffs - 0.29.5 → 0.30.0.rc1 - Mend

decidim-core 0.29.5 → 0.30.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (595) hide show

data/app/commands/decidim/create_report.rb CHANGED Viewed

@@ -34,7 +34,7 @@ module Decidim
       send_report_notification_to_moderators
       if hideable?
-        @tool.hide!
+        hide!
         send_hide_notification_to_moderators
       end
@@ -53,7 +53,7 @@ module Decidim
     end
     def participatory_space_moderators
-      @participatory_space_moderators ||= participatory_space.moderators
+      @participatory_space_moderators ||= participatory_space.respond_to?(:moderators) ? participatory_space.moderators : []
     end
     def send_report_notification_to_moderators
@@ -72,20 +72,17 @@ module Decidim
       hidden_by_admin? || (!@reportable.hidden? && moderation.report_count >= Decidim.max_reports_before_hiding)
     end
+    def hide!
+      @tool.hide!
+      @tool.send_notification_to_author
+    end
     def send_hide_notification_to_moderators
       participatory_space_moderators.each do |moderator|
         next unless moderator.email_on_moderations
-        if hidden_by_admin?
-          ReportedMailer.hidden_manually(moderator, @report, current_user).deliver_later
-        else
-          ReportedMailer.hidden_automatically(moderator, @report).deliver_later
-        end
+        ReportedMailer.hide(moderator, @report).deliver_later
       end
     end
-    def participatory_space
-      @participatory_space ||= @reportable.component&.participatory_space || @reportable.try(:participatory_space)
-    end
   end
 end

data/app/commands/decidim/create_user_group.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Decidim
     def call
       return broadcast(:invalid) if form.invalid?
-      transaction do
+      with_events(with_transaction: true) do
         create_user_group
         create_membership
       end
@@ -30,7 +30,11 @@ module Decidim
     private
-    attr_reader :form
+    attr_reader :form, :user_group
+    def event_arguments
+      { resource: user_group }
+    end
     def create_user_group
       @user_group = UserGroup.create!(

data/app/commands/decidim/destroy_ephemeral_user.rb ADDED Viewed

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+module Decidim
+  # A command with all the business logic to create an ephemeral user.
+  class DestroyEphemeralUser < Decidim::Command
+    # Public: Initializes the command.
+    #
+    # user - An ephemeral user.
+    def initialize(user)
+      @user = user
+    end
+    # Executes the command. Broadcasts these events:
+    #
+    # - :ok when everything is valid.
+    # - :invalid if the user is not ephemeral
+    #
+    # Returns nothing.
+    def call
+      return broadcast(:invalid) unless user.ephemeral?
+      destroy_pending_authorizations!
+      destroy_account!
+      broadcast(:ok)
+    rescue ActiveRecord::RecordInvalid
+      broadcast(:invalid)
+    end
+    private
+    attr_reader :user
+    def destroy_pending_authorizations!
+      Decidim::Authorization.where(user:, granted_at: nil).destroy_all
+    end
+    def destroy_account!
+      user.invalidate_all_sessions!
+      user.delete_reason = "Ephemeral user session expired"
+      user.deleted_at = Time.current
+      user.skip_reconfirmation!
+      user.save!
+    end
+  end
+end

data/app/commands/decidim/invite_user.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Decidim
       @user = Decidim::User.new(
         name: form.name,
         email: form.email.downcase,
-        nickname: UserBaseEntity.nicknamize(form.name, form.organization.id),
+        nickname: UserBaseEntity.nicknamize(form.name, organization: form.organization),
         organization: form.organization,
         admin: form.role == "admin",
         roles: form.role == "admin" ? [] : [form.role].compact

data/app/commands/decidim/search.rb CHANGED Viewed

@@ -37,12 +37,6 @@ module Decidim
                     klass.order_by_id_list(result_ids.take(HIGHLIGHTED_RESULTS_COUNT))
                   end
-        uncommentable_resources = uncommentable_resources(results) if results.present?
-        if uncommentable_resources.present?
-          results -= uncommentable_resources
-          results_count -= uncommentable_resources.count
-        end
         results_by_type.update(class_name => {
                                  count: results_count,
                                  results:
@@ -95,13 +89,5 @@ module Decidim
       query = query.global_search(I18n.transliterate(term)) if term.present?
       query
     end
-    def uncommentable_resources(results)
-      results.where(id: results.select { |obj| related_uncommentable_resources?(obj) }.map(&:id))
-    end
-    def related_uncommentable_resources?(object)
-      object.respond_to?(:commentable) && !object.commentable.commentable?
-    end
   end
 end

data/app/commands/decidim/update_account.rb CHANGED Viewed

@@ -20,10 +20,12 @@ module Decidim
       update_password
       if current_user.valid?
-        changes = current_user.changed
-        current_user.save!
+        with_events do
+          changes = current_user.changed
+          current_user.save!
+          send_update_summary!(changes)
+        end
         notify_followers
-        send_update_summary!(changes)
         broadcast(:ok, current_user.unconfirmed_email.present?)
       else
         [:avatar, :password].each do |key|
@@ -33,6 +35,12 @@ module Decidim
       end
     end
+    protected
+    def event_arguments
+      { resource: current_user }
+    end
     private
     attr_reader :form

data/app/commands/decidim/update_notifications_settings.rb CHANGED Viewed

@@ -30,6 +30,7 @@ module Decidim
       current_user.notification_types = @form.notification_types
       current_user.direct_message_types = @form.direct_message_types
       current_user.email_on_moderations = @form.email_on_moderations
+      current_user.email_on_assigned_proposals = @form.email_on_assigned_proposals
       current_user.notification_settings = current_user.notification_settings.merge(@form.notification_settings)
       current_user.notifications_sending_frequency = @form.notifications_sending_frequency
     end

data/app/commands/decidim/update_resources_taxonomies.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+module Decidim
+  #  A command with all the business logic when an admin batch updates taxonomies on several resources.
+  class UpdateResourcesTaxonomies < Decidim::Command
+    # Public: Initializes the command.
+    #
+    # taxonomy_ids - the taxonomy ids to update
+    # resources - an ApplicationRecord collection of resources to update.
+    def initialize(taxonomy_ids, resources, organization)
+      @organization = organization
+      @taxonomies = Decidim::Taxonomy.non_roots.where(organization:, id: taxonomy_ids)
+      @resources = resources
+      @response = { taxonomies: [], successful: [], errored: [] }
+    end
+    # Executes the command. Broadcasts these events:
+    #
+    # - :update_resources_taxonomies - when everything is ok, returns @response.
+    # - :invalid_taxonomies - if the taxonomy is blank.
+    # - :invalid_resources - if the resource_ids is blank.
+    #
+    # Returns @response hash:
+    #
+    # - :taxonomies - Array of the updated taxonomies
+    # - :successful - Array of the updated resources
+    # - :errored - Array of the resources not updated because they already had the taxonomies assigned
+    def call
+      return broadcast(:invalid_taxonomies) if @taxonomies.blank?
+      return broadcast(:invalid_resources) if @resources.blank? || !@resources.respond_to?(:find_each)
+      update_resources_taxonomies
+      broadcast(:update_resources_taxonomies, @response)
+    end
+    # Useful for running any code that you may want to execute before updating taxonomies on each resource.
+    def run_before_hooks(resource); end
+    # Useful for running any code that you may want to execute after updating taxonomies on each resource.
+    def run_after_hooks(resource); end
+    private
+    attr_reader :taxonomies, :resources, :organization
+    def update_resources_taxonomies
+      @response[:taxonomies] = taxonomies
+      resources.find_each do |resource|
+        if taxonomies == resource.taxonomies
+          @response[:errored] << resource
+        else
+          update_resource_taxonomies!(resource)
+          @response[:successful] << resource
+        end
+      end
+    end
+    def update_resource_taxonomies!(resource)
+      transaction do
+        run_before_hooks(resource)
+        resource.update!(taxonomies:)
+        run_after_hooks(resource)
+      end
+    end
+  end
+end

data/app/commands/decidim/update_user_group.rb CHANGED Viewed

@@ -22,7 +22,9 @@ module Decidim
       return broadcast(:invalid) if form.invalid?
       was_verified = user_group.verified?
-      update_user_group
+      with_events do
+        update_user_group
+      end
       notify_admins if was_verified
       broadcast(:ok, user_group)
@@ -32,6 +34,10 @@ module Decidim
     attr_reader :form, :user_group
+    def event_arguments
+      { resource: user_group }
+    end
     def update_user_group
       user_group_attributes = attributes
       user_group_attributes.delete(:avatar) if form.avatar.blank?

data/app/constraints/decidim/current_component.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module Decidim
     end
     def detect_current_component(params)
-      @participatory_space.components.find do |component|
+      @participatory_space.components.with_deleted.find do |component|
         params["component_id"] == component.id.to_s && component.manifest_name == @manifest.name.to_s
       end
     end

data/app/controllers/concerns/decidim/ajax_permission_handler.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module AjaxPermissionHandler
+    extend ActiveSupport::Concern
+    included do
+      rescue_from Decidim::ActionForbidden, with: :ajax_user_has_no_permission
+    end
+    private
+    def ajax_user_has_no_permission
+      return user_has_no_permission unless request.xhr?
+      render json: { message: I18n.t("actions.unauthorized", scope: "decidim.core") }, status: :unprocessable_entity
+    end
+  end
+end

data/app/controllers/concerns/decidim/devise_authentication_methods.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Decidim
   module DeviseAuthenticationMethods
     extend ActiveSupport::Concern
     include Decidim::UserBlockedChecker
+    include Decidim::OnboardingActionMethods
     included do
       def after_sign_in_path_for(user)
@@ -13,8 +14,8 @@ module Decidim
           check_user_block_status(user)
         elsif user.needs_password_update?
           decidim.change_password_path
-        elsif first_login_and_not_authorized?(user) && !user.admin? && !pending_redirect?(user)
-          decidim_verifications.first_login_authorizations_path
+        elsif pending_onboarding_action?(user)
+          decidim_verifications.onboarding_pending_authorizations_path
         else
           super
         end
@@ -27,10 +28,6 @@ module Decidim
       def pending_redirect?(user)
         store_location_for(user, stored_location_for(user))
       end
-      def first_login_and_not_authorized?(user)
-        user.is_a?(User) && user.sign_in_count == 1 && current_organization.available_authorizations.any? && user.verifiable?
-      end
     end
   end
 end

data/app/controllers/concerns/decidim/devise_controllers.rb CHANGED Viewed

@@ -22,6 +22,7 @@ module Decidim
       include NeedsSnippets
       include UserBlockedChecker
       include ActiveStorage::SetCurrent
+      include Decidim::OnboardingActionMethods
       helper Decidim::TranslationsHelper
       helper Decidim::MetaTagsHelper
@@ -36,6 +37,7 @@ module Decidim
       helper Decidim::SocialShareButtonHelper
       helper Decidim::SanitizeHelper
       helper Decidim::ApplicationHelper
+      helper Decidim::OnboardingActionHelper
       layout "layouts/decidim/application"

data/app/controllers/concerns/decidim/disable_redirection_to_external_host.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Decidim
     included do
       def redirect_back(fallback_location:, allow_other_host: true, **args) # rubocop:disable Lint/UnusedMethodArgument
-        super fallback_location:, allow_other_host: Decidim.allow_open_redirects, **args
+        super(fallback_location:, allow_other_host: Decidim.allow_open_redirects, **args)
       end
     end
   end

data/app/controllers/concerns/decidim/ephemeral_session_checker.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module EphemeralSessionChecker
+    extend ActiveSupport::Concern
+    included do
+      before_action :check_ephemeral_user_session, if: :ephemeral_user_signed_in?
+      helper_method :onboarding_manager
+    end
+    private
+    def ephemeral_user_signed_in?
+      user_signed_in? && current_user.ephemeral?
+    end
+    def onboarding_manager
+      @onboarding_manager ||= Decidim::OnboardingManager.new(current_user)
+    end
+    def check_ephemeral_user_session
+      return true unless request.format.html?
+      return destroy_ephemeral_session && redirect_to(decidim.root_path) if onboarding_manager.expired?
+      if onboarding_manager.valid?
+        authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources)
+        return redirect_to decidim_verifications.onboarding_pending_authorizations_path unless authorizations_permitted_paths?(authorizations, onboarding_manager)
+        if authorizations.global_code == :unauthorized
+          flash[:alert] = t("unauthorized", scope: "decidim.core.actions")
+          return destroy_ephemeral_session && redirect_to(decidim.root_path)
+        end
+      end
+      return true
+    end
+    def destroy_ephemeral_session
+      Decidim::DestroyEphemeralUser.call(current_user) do
+        on(:ok) do
+          sign_out(current_user)
+          flash[:notice] = t("ephemeral_session_closed", scope: "decidim.devise.sessions.user")
+        end
+        on(:invalid) do
+          flash[:alert] = t("account.destroy.error", scope: "decidim")
+        end
+      end
+    end
+    # This method determines which paths are allowed to the user based on the
+    # onboarding manager data and the associated authorizations. In all cases
+    # the user is allowed to visit the onboarding pending and the terms of
+    # service pages. In addition:
+    # * If the user is pending to complete an authorization is also allowed to
+    #   navigate in the pages to complete the authorizations and the
+    #   authorizations path to send the request.
+    # * If the user is authorized is also allowed to visit the paths determined
+    #   by the onboarding manager after finishing the authorization flow and
+    #   the associated component.
+    # The method checks the request path and checks if the path starts with one
+    # of the paths of the allowlist
+    def authorizations_permitted_paths?(authorizations, onboarding_manager)
+      paths_list = if authorizations.user_pending?
+                     authorizations.statuses.map(&:current_path).compact.prepend(
+                       decidim_verifications.authorizations_path
+                     )
+                   elsif authorizations.ok?
+                     [onboarding_manager.finished_redirect_path, onboarding_manager.component_path].compact
+                   else
+                     []
+                   end
+      paths_list.prepend(
+        decidim_verifications.onboarding_pending_authorizations_path,
+        decidim.page_path(terms_of_service_page)
+      )
+      paths_list.find { |el| /\A#{URI.parse(el).path}/.match?(request.path) }
+    end
+  end
+end

data/app/controllers/concerns/decidim/filter_resource.rb CHANGED Viewed

@@ -16,11 +16,13 @@ module Decidim
       end
       def method_missing(method_name, *_arguments)
-        @filter.present? && @filter.has_key?(method_name) ? @filter[method_name] : super
+        method = method_name.to_s.gsub(/\[[0-9]+\]$/, "").to_sym
+        @filter.present? && @filter.has_key?(method) ? @filter[method] : super
       end
       def respond_to_missing?(method_name, include_private = false)
-        (@filter.present? && @filter.has_key?(method_name)) || super
+        method = method_name.to_s.gsub(/\[[0-9]+\]$/, "").to_sym
+        (@filter.present? && @filter.has_key?(method)) || super
       end
     end

data/app/controllers/concerns/decidim/has_members_page.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module HasMembersPage
+    extend ActiveSupport::Concern
+    included do
+      helper_method :collection
+      private
+      def can_visit_index?
+        current_user_can_visit_space? && current_participatory_space.members_public_page?
+      end
+      def members
+        @members ||= current_participatory_space.participatory_space_private_users.published
+      end
+      alias_method :collection, :members
+    end
+  end
+end

data/app/controllers/concerns/decidim/locale_switcher.rb CHANGED Viewed

@@ -46,14 +46,14 @@ module Decidim
       #
       # Returns an Array of Strings.
       def available_locales
-        @available_locales ||= (current_organization || Decidim).public_send(:available_locales)
+        @available_locales ||= (current_organization || Decidim).available_locales
       end
       # The default locale of this organization.
       #
       # Returns a String with the default locale.
       def default_locale
-        @default_locale ||= (current_organization || Decidim).public_send(:default_locale)
+        @default_locale ||= (current_organization || Decidim).default_locale
       end
       # Detects the locale priority: query string, user saved, session, browser

data/app/controllers/concerns/decidim/needs_password_change.rb CHANGED Viewed

@@ -28,7 +28,6 @@ module Decidim
                          decidim.accept_tos_path,
                          decidim.download_your_data_path,
                          decidim.export_download_your_data_path,
-                         decidim.download_file_download_your_data_path,
                          decidim.change_password_path].compact
       # ensure that path with or without query string pass
       permitted_paths.find { |el| el.split("?").first == target_path }

data/app/controllers/concerns/decidim/needs_permission.rb CHANGED Viewed

@@ -40,7 +40,8 @@ module Decidim
           current_settings: try(:current_settings),
           component_settings: try(:component_settings),
           current_organization: try(:current_organization),
-          current_component: try(:current_component)
+          current_component: try(:current_component),
+          share_token: try(:store_share_token)
         }
       end

data/app/controllers/concerns/decidim/needs_tos_accepted.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Decidim
     def tos_accepted_by_user
       return true unless request.format.html?
       return true unless current_user
-      return if current_user.tos_accepted?
+      return if current_user.tos_accepted? || current_user.ephemeral?
       return if permitted_paths?
       redirect_to_tos
@@ -33,12 +33,11 @@ module Decidim
     end
     def permitted_paths?
+      return true if request.path.starts_with?(decidim.download_your_data_path)
       permitted_paths = [tos_path,
                          decidim.delete_account_path,
-                         decidim.accept_tos_path,
-                         decidim.download_your_data_path,
-                         decidim.export_download_your_data_path,
-                         decidim.download_file_download_your_data_path]
+                         decidim.accept_tos_path]
       # ensure that path with or without query string pass
       permitted_paths.find { |el| el.split("?").first == request.path }
     end

data/app/controllers/concerns/decidim/onboarding_action_methods.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  module OnboardingActionMethods
+    extend ActiveSupport::Concern
+    included do
+      helper_method :pending_onboarding_action?
+      # Returns true if there is a pending onboarding action for the user.
+      # The check if skipped for admins, users that are not verifiable of
+      # organizations that have no available authorizations.
+      def pending_onboarding_action?(user)
+        return false if user.blank?
+        return false if user.admin?
+        return false unless user.verifiable?
+        return false if current_organization.available_authorizations.empty?
+        OnboardingManager.new(user).pending_action?
+      end
+      def store_onboarding_cookie_data!(user)
+        data = onboarding_cookie_data
+        return if data.nil?
+        if data.present?
+          user.extended_data = user.extended_data.merge(data)
+          user.save!
+        end
+        cookies.delete(OnboardingManager::DATA_KEY)
+      end
+      def onboarding_cookie_data
+        data_key = OnboardingManager::DATA_KEY
+        return unless cookies[data_key]
+        { data_key => JSON.parse(cookies[data_key]).transform_keys(&:underscore) }
+      rescue JSON::ParserError
+        {}
+      end
+      def clear_onboarding_data!(user)
+        return if user.ephemeral?
+        user.extended_data = user.extended_data.except(OnboardingManager::DATA_KEY)
+        user.save!
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/participatory_space_context.rb CHANGED Viewed

@@ -9,7 +9,6 @@ module Decidim
     included do
       include Decidim::NeedsOrganization
-      include Decidim::UserRoleChecker
       helper ParticipatorySpaceHelpers, IconHelper, ContextualHelpHelper
       helper_method :current_participatory_space
@@ -82,10 +81,8 @@ module Decidim
       return true unless current_participatory_space.try(:private_space?) &&
                          !current_participatory_space.try(:is_transparent?)
       return false unless current_user
-      return true if current_user.admin?
-      return true if user_has_any_role?(current_user, current_participatory_space, broad_check: true)
-      current_participatory_space.users.include?(current_user)
+      current_user.admin || current_participatory_space.users.include?(current_user)
     end
     def help_section

data/app/controllers/decidim/amendments_controller.rb CHANGED Viewed

@@ -107,7 +107,7 @@ module Decidim
     end
     def reject
-      enforce_permission_to :reject, :amendment, amendable:, current_component: amendable.component
+      enforce_permission_to :reject, :amendment, current_component: amendable.component
       @form = form(Decidim::Amendable::RejectForm).from_model(amendment)
@@ -143,13 +143,13 @@ module Decidim
     end
     def review
-      enforce_permission_to :accept, :amendment, amendable:, current_component: amendable.component
+      enforce_permission_to :accept, :amendment, current_component: amendable.component
       @form = form(Decidim::Amendable::ReviewForm).from_params(params)
     end
     def accept
-      enforce_permission_to :accept, :amendment, amendable:, current_component: amendable.component
+      enforce_permission_to :accept, :amendment, current_component: amendable.component
       @form = form(Decidim::Amendable::ReviewForm).from_params(params)