decidim-core 0.25.0 → 0.25.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 42e511f59400c64469c3f38cc07211386f55536c8e8d1b83403a45cf3257feea
-  data.tar.gz: 1dc8707d02a1971035ff9ef3b809b4f0bcc7af556c6972959d44a17f137cfc39
+  metadata.gz: eca76c4ef82409ae6c776698ddc78d82295da48e750e5d94463d98c43804c01c
+  data.tar.gz: 1f8d94bfb15701d211c27fd1299b1ccfb26f3c7416d1431fe2ef4c93cee19da5
 SHA512:
-  metadata.gz: e3c25eaf439667b98da4de8e71676f41a0cbf1e53181c0275e97080ea3a8342605931683a7a6c324296ce4a5f98d9d165a920878957104db179d4c1d61eca4e4
-  data.tar.gz: fdb4bfcbeab070cd3ad4a8f1b0eb212112f31901422d7ea60cbfbad2f457ed7f802b2a9bd98d83c87e38261b1e4b9d4dc604f12cc11a88f594a4b1a93c42eec8
+  metadata.gz: 1017e4e7f91af798732af3d223a5610843e306e62226c934916dff92e055f1fe3ad95ac396b76ac882946c413e7c55c81e7856b4b6a6bfd4bfa421215797b10a
+  data.tar.gz: b59c04f0d040272d056716a57c97d0611a9cd2eccfe951d09eaab6c88408fa77d3e5100d10e634cfe2a392a3d8c20c3c49bebcb438717bb4615d27aaf999ce74

data/app/cells/decidim/following/show.erb

@@ -1,9 +1,18 @@
-<div class="empty-notifications callout secondary <%= "hide" if followings.any? %>">
-  <p><%= t("decidim.following.no_followings") %></p>
-</div>
-<div class="row small-up-1 medium-up-2 card-grid">
-  <% followings.each do |following| %>
-    <%= card_for following, context: { label: true, show_space: true } %>
+<% if public_followings.any? %>
+  <% if non_public_followings? %>
+    <div class="empty-notifications callout secondary">
+      <p><%= t("decidim.following.non_public_followings") %></p>
+    </div>
   <% end %>
-</div>
-<%= decidim_paginate followings %>
+
+  <div class="row small-up-1 medium-up-2 card-grid">
+    <% public_followings.each do |followable| %>
+      <%= card_for followable, context: { label: true, show_space: true } %>
+    <% end %>
+  </div>
+  <%= decidim_paginate public_followings %>
+<% else %>
+  <div class="empty-notifications callout secondary">
+    <p><%= t("decidim.following.no_followings") %></p>
+  </div>
+<% end %>

data/app/cells/decidim/following_cell.rb

@@ -11,8 +11,12 @@ module Decidim
       render :show
     end
 
-    def followings
-      @followings ||= Kaminari.paginate_array(model.following).page(params[:page]).per(20)
+    def public_followings
+      @public_followings ||= Kaminari.paginate_array(model.public_followings).page(params[:page]).per(20)
+    end
+
+    def non_public_followings?
+      public_followings.count < model.following_count
     end
   end
 end

data/app/controllers/concerns/decidim/disable_redirection_to_external_host.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+
+module Decidim
+  module DisableRedirectionToExternalHost
+    extend ActiveSupport::Concern
+
+    included do
+      def redirect_back(fallback_location:, allow_other_host: true, **args) # rubocop:disable Lint/UnusedMethodArgument
+        super fallback_location: fallback_location, allow_other_host: Decidim.allow_open_redirects, **args
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/safe_redirect.rb

@@ -14,10 +14,21 @@ module Decidim
       # that match the current organization.
       def redirect_url
         return if params[:redirect_url].blank?
-        return params[:redirect_url] unless params[:redirect_url].start_with?("http")
-        return if URI.parse(params[:redirect_url]).host != current_organization.host
 
-        params[:redirect_url]
+        # Parse given URL
+        target_uri = URI.parse(params[:redirect_url])
+
+        # Add the organization host to the URL if not present
+        target_uri = URI.join("#{request.scheme}://#{current_organization.host}", target_uri) unless target_uri.host
+
+        # Don't allow URLs without host or with a different host than the organization one
+        return if target_uri.host != current_organization.host
+
+        # Convert the URI to relative
+        target_uri.scheme = target_uri.host = target_uri.port = nil
+
+        # Return the relative URL
+        target_uri.to_s
       end
     end
   end

data/app/controllers/decidim/application_controller.rb

@@ -19,6 +19,7 @@ module Decidim
     include SafeRedirect
     include NeedsSnippets
     include UserBlockedChecker
+    include DisableRedirectionToExternalHost
 
     helper Decidim::MetaTagsHelper
     helper Decidim::DecidimFormHelper

data/app/models/decidim/user_base_entity.rb

@@ -25,26 +25,31 @@ module Decidim
 
     validates :name, format: { with: REGEXP_NAME }
 
-    # Public: Returns a collection with all the entities this user is following.
+    # Public: Returns a collection with all the public entities this user is following.
     #
     # This can't be done as with a `has_many :following, through: :following_follows`
     # since it's a polymorphic relation and Rails doesn't know how to load it. With
     # this implementation we only query the database once for each kind of following.
     #
     # Returns an Array of Decidim::Followable
-    def following
-      @following ||= begin
-        followings = following_follows.pluck(:decidim_followable_type, :decidim_followable_id)
-        grouped_followings = followings.each_with_object({}) do |(type, following_id), all|
-          all[type] ||= []
-          all[type] << following_id
-          all
-        end
-
-        grouped_followings.flat_map do |type, ids|
-          type.constantize.where(id: ids)
-        end
+    def public_followings
+      @public_followings ||= following_follows.select("array_agg(decidim_followable_id)")
+                                              .group(:decidim_followable_type)
+                                              .pluck(:decidim_followable_type, "array_agg(decidim_followable_id)")
+                                              .to_h
+                                              .flat_map do |type, ids|
+        only_public(type.constantize, ids)
       end
     end
+
+    private
+
+    def only_public(klass, ids)
+      scope = klass.where(id: ids)
+      scope = scope.public_spaces if klass.try(:participatory_space?)
+      scope = scope.includes(:component) if klass.try(:has_component?)
+      scope = scope.filter(&:visible?) if klass.method_defined?(:visible?)
+      scope
+    end
   end
 end

data/app/packs/src/decidim/geocoding/attach_input.js

@@ -64,11 +64,20 @@ export default function attachGeocoding($input, options, callback) {
   inputIdParts.pop();
 
   const idPrefix = `${inputIdParts.join("_")}`;
+
+  let latitudeName = "latitude";
+  let longitudeName = "longitude";
+
+  if ($input.length > 0) {
+    latitudeName = getCoordinateInputName("latitude", $input, attachOptions);
+    longitudeName = getCoordinateInputName("longitude", $input, attachOptions);
+  }
+
   const config = $.extend({
     latitudeId: `${idPrefix}_latitude`,
     longitudeId: `${idPrefix}_longitude`,
-    latitudeName: getCoordinateInputName("latitude", $input, attachOptions),
-    longitudeName: getCoordinateInputName("longitude", $input, attachOptions)
+    latitudeName: latitudeName,
+    longitudeName: longitudeName
   }, options);
   let geocoded = false;
 

data/app/packs/stylesheets/decidim/modules/_timeline.scss

@@ -92,7 +92,7 @@ $timeline-padding: 1rem;
   color: $dark-gray;
 
   .timeline__item--current &{
-    color: rgba($white, .8);
+    color: $white;
   }
 }
 

data/config/locales/ca.yml

@@ -694,6 +694,7 @@ ca:
       no_followers: Encara no hi ha seguidores.
     following:
       no_followings: No segueix a cap persona ni cap activitat.
+      non_public_followings: Alguns dels recursos seguits no són públics.
     follows:
       create:
         button: Seguir

data/config/locales/cs.yml

@@ -719,6 +719,7 @@ cs:
       no_followers: Zatím žádní sledující.
     following:
       no_followings: Nesleduje nikoho ani nic.
+      non_public_followings: Některé z uvedených zdrojů nejsou veřejné.
     follows:
       create:
         button: Sledovat

data/config/locales/en.yml

@@ -702,6 +702,7 @@ en:
       no_followers: No followers yet.
     following:
       no_followings: Doesn't follow anyone or anything yet.
+      non_public_followings: Some of the resources followed are not public.
     follows:
       create:
         button: Follow

data/config/locales/eu.yml

@@ -158,8 +158,12 @@ eu:
         unofficialize: "%{user_name} erabiltzaile ez ofiziala %{resource_name}"
       user_group:
         reject: "%{user_name} baztertu %{resource_name} erabiltzaile taldeen egiaztapena"
-        verify: "%{user_name} egiaztatu %{resource_name} erabiltzaile taldea"
+        verify: "%{user_name} egiaztatu du %{resource_name} taldea"
         verify_via_csv: "%{user_name} egiaztatu du %{resource_name} erabiltzaile talde CSV fitxategi baten bidez"
+      user_moderation:
+        unreport: "%{user_name} desegin du %{resource_type} - %{unreported_user_name} erreportea"
+    admin_terms_of_use:
+      default_body: "<h2>TÉRMINOS ADMIN DE USO</h2><p>Sistemaren tokiko administratzailearen ohiko azalpena jaso duzulakoan gaude. Oro har, hiru gauza hauetara mugatzen da:</p><ol><li>Besteen pribatutasuna errespetatzea.</li><li>Klikatu aurretik pentsatu.</li><li>Botere handiak erantzukizun handia dakar.</li></ol>"
     alert:
       dismiss: Baztertu jakinarazpena
     amendments:
@@ -811,9 +815,9 @@ eu:
         success: Erregistratu eskaera behar bezala sortu da. Administratzaileak zure eskaera berrikusiko du taldera onartu aurretik.
       leave:
         error: Arazo bat izan da taldean utzita
-        success: Taldeak arrakastaz utzi du.
+        success: Taldea zuzen utzi duzu.
       members:
-        accept_or_reject_join_requests: 'Hurrengo talde honetako erabiltzaileei aplikatu zaie. Eskaerak onartu edo ukatu:'
+        accept_or_reject_join_requests: 'Hurrengo parte-hartzaileek taldean sartzea eskatu dute. Onartu edo ukatu bere eskariak:'
         accept_request: Onartu
         reject_request: Ukatu
       new:
@@ -859,13 +863,13 @@ eu:
         delete_with_space: "%{user_name} ezabatu %{resource_name} en %{space_name}"
         unknown_action: "%{user_name} Ekintza batzuk egin %{resource_name}"
         unknown_action_with_space: "%{user_name} Ekintza batzuk egin %{resource_name} en %{space_name}"
-        update: "%{user_name} eguneratu %{resource_name}"
-        update_with_space: "%{user_name} eguneratu %{resource_name} en %{space_name}"
+        update: "%{user_name} eguneratu zuen %{resource_name}"
+        update_with_space: "%{user_name} eguneratu zuen %{resource_name} hemen %{space_name}"
       value_types:
         area_presenter:
-          not_found: 'Ez zen datu-basea aurkitu (ID: %{id})'
+          not_found: 'Area ez zen datu-basean aurkitu (ID: %{id})'
         area_type_presenter:
-          not_found: 'Eremu mota ez da datu basean aurkitu (ID: %{id})'
+          not_found: 'Area mota ez da datu basean aurkitu (ID: %{id})'
         scope_presenter:
           not_found: 'Esparrua ez da aurkitu datu-basean (ID: %{id})'
         scope_type_presenter:

data/config/locales/fr-CA.yml

@@ -692,6 +692,7 @@ fr-CA:
       no_followers: Aucun abonné pour le moment.
     following:
       no_followings: Aucun abonnement
+      non_public_followings: Certaines des ressources suivies ne sont pas publiques.
     follows:
       create:
         button: Suivre

data/config/locales/fr.yml

@@ -692,6 +692,7 @@ fr:
       no_followers: Aucun abonné pour le moment.
     following:
       no_followings: Aucun abonnement
+      non_public_followings: Certaines des ressources suivies ne sont pas publiques.
     follows:
       create:
         button: Suivre

data/config/locales/gl.yml

@@ -524,6 +524,7 @@ gl:
       no_followers: Aínda non hai seguidores.
     following:
       no_followings: Aínda non segue a ninguén nin a nada.
+      non_public_followings: Algúns dos recursos seguidos non son públicos.
     follows:
       create:
         button: Segue

data/config/locales/ja.yml

@@ -688,6 +688,7 @@ ja:
       no_followers: フォロワーはまだいません。
     following:
       no_followings: フォローしている人やコンテンツはありません
+      non_public_followings: フォローしているリソースのいくつかは公開されていません。
     follows:
       create:
         button: フォロー
@@ -1358,7 +1359,7 @@ ja:
         deleted: 削除された参加者
     versions:
       resource_version:
-        of_versions: "( %{number} の)"
+        of_versions: "/ %{number}"
         see_other_versions: 他のバージョンを見る
         version: バージョン %{number}
     versions_list: