decidim-core 0.27.0.rc1 → 0.27.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db2049c9f719053d8344dc12a1cc1333b839c20c53de98b67e3ca27bb013e0be
-  data.tar.gz: 139361af6d051e502902469fed8c2fb0ed5357cd30d3f41895f63040f2140c7c
+  metadata.gz: 150f88886f1b4e3b5e3402c9f7fa34057d3c808a4de16cef92493aafb82597f9
+  data.tar.gz: b1fe1fa4fd31ed1038cb77395e7eee3bc0af36853f42c60d34bc96b388a3f7f4
 SHA512:
-  metadata.gz: 58f161196f88af069f757f01d0cb008a0a0821d5e6fe26b8151bdeb8aac7b5b9646435e0108ef1bb6a4438c91161fa8c8de6896a4dc61bf9e6aa283cf62128ec
-  data.tar.gz: 070fbf34950a9c38c70aa55f877dcc18e86b19914ed587536e5711c4fa2e68a14f43fd786197e3b99e07e4f66c2482978279f8aa96499639f4db91fd216da2fd
+  metadata.gz: 559ef49a486a762a2928150e7511faf9f9946bf50d825f1060613c3c0fcac696cfb6be68222895eb2ea0570e9d1b2e8dfccde78f56afb1b8b31704e8a14b5d76
+  data.tar.gz: aa814eae2a1d8ac9d2baaab67b9547b6066ddb14537c38be2f5e2990f84e1fb5727e3608912ec768fbb6f62cf908fc73be46c4cf0708b42586bec79d387a4945

data/app/cells/decidim/announcement_cell.rb

@@ -62,7 +62,7 @@ module Decidim
     end
 
     def clean(value)
-      decidim_sanitize(translated_attribute(value))
+      decidim_sanitize_admin(translated_attribute(value))
     end
   end
 end

data/app/cells/decidim/content_blocks/cta/show.erb

@@ -1,5 +1,5 @@
 <section class="section">
-  <div class="expanded hero" style="background-image:url(<%= background_image %>);">
+  <div class="expanded hero" style="background-image:url('<%= background_image %>');">
     <div class="hero__container">
       <div class="row">
         <div class="columns small-centered medium-6 text-center">

data/app/cells/decidim/content_blocks/cta_cell.rb

@@ -16,7 +16,7 @@ module Decidim
       end
 
       def translated_description
-        @translated_description ||= decidim_sanitize_editor(translated_attribute(model.settings.description))
+        @translated_description ||= decidim_sanitize_editor_admin(translated_attribute(model.settings.description))
       end
 
       def button_url

data/app/cells/decidim/content_blocks/hero/show.erb

@@ -1,4 +1,4 @@
-<section id="hero" class="extended hero home-section" style="background-image:url(<%= background_image %>);">
+<section id="hero" class="extended hero home-section" style="background-image:url('<%= background_image %>');">
   <div class="hero__container">
     <div class="row">
       <div class="columns small-centered large-10">
@@ -6,7 +6,7 @@
           <% if translated_welcome_text.blank? %>
             <%= t("decidim.pages.home.hero.welcome", organization: current_organization.name) %>
           <% else %>
-            <%= decidim_sanitize translated_welcome_text %>
+            <%= decidim_sanitize_admin translated_welcome_text %>
           <% end %>
         </h1>
       </div>

data/app/cells/decidim/content_blocks/hero_cell.rb

@@ -29,6 +29,7 @@ module Decidim
         hash << Digest::MD5.hexdigest(model.attributes.to_s)
         hash << current_organization.cache_key_with_version
         hash << I18n.locale.to_s
+        hash << background_image
 
         hash.join(Decidim.cache_key_separator)
       end

data/app/cells/decidim/content_blocks/highlighted_content_banner/show.erb

@@ -1,5 +1,5 @@
 <section id="highlighted_content_banner" class="extended highligted-content-banner home-section"
-          style="background-image:url(<%= current_organization.attached_uploader(:highlighted_content_banner_image).path %>);">
+          style="background-image:url('<%= current_organization.attached_uploader(:highlighted_content_banner_image).path %>');">
   <div class="highligted-content-banner__container">
     <div class="row">
       <div class="columns large-10">
@@ -7,7 +7,7 @@
           <%= translated_attribute current_organization.highlighted_content_banner_title %>
         </h1>
         <div class="text-highlight">
-          <%= decidim_sanitize_editor translated_attribute current_organization.highlighted_content_banner_short_description %>
+          <%= decidim_sanitize_editor_admin translated_attribute current_organization.highlighted_content_banner_short_description %>
         </div>
       </div>
       <div class="columns large-2">

data/app/cells/decidim/content_blocks/stats_cell.rb

@@ -12,6 +12,7 @@ module Decidim
       def cache_hash
         hash = []
         hash.push(I18n.locale)
+        hash.push(current_organization.cache_key)
         hash.join(Decidim.cache_key_separator)
       end
 

data/app/cells/decidim/content_blocks/sub_hero_cell.rb

@@ -15,7 +15,7 @@ module Decidim
       private
 
       def organization_description
-        desc = decidim_sanitize(translated_attribute(current_organization.description))
+        desc = decidim_sanitize_admin(translated_attribute(current_organization.description))
 
         # Strip the surrounding paragraph tag because it is not allowed within
         # a <hN> element.

data/app/cells/decidim/data_consent/category.erb

@@ -1,60 +1,60 @@
 <div class="category-wrapper margin-vertical-1" data-id="<%= category[:slug] %>">
   <div class="category-row flex-center">
-    <button class="cc-title padding-left-3">
-      <span class="h5 cc-category-title">
+    <button class="dc-title padding-left-3">
+      <span class="h5 dc-category-title">
         <strong><%= category[:title] %></strong>
       </span>
     </button>
 
-    <div class="cc-switch">
+    <div class="dc-switch">
       <input
         class="switch-input"
         <%= %(checked="checked") if category[:mandatory] %>
-        id="cc-<%= category[:slug] %>"
+        id="dc-<%= category[:slug] %>"
         type="checkbox"
         name="<%= category[:slug] %>"
         <%= "disabled" if category[:mandatory] %>>
 
-      <label class="switch-paddle" for="cc-<%= category[:slug] %>">
-        <span class="show-for-sr"><%= t("layouts.decidim.cookie_consent.modal.toggle", consent_category: category[:title]) %></span>
+      <label class="switch-paddle" for="dc-<%= category[:slug] %>">
+        <span class="show-for-sr"><%= t("layouts.decidim.data_consent.modal.toggle", consent_category: category[:title]) %></span>
       </label>
     </div>
   </div>
-  <div class="cc-description hide">
+  <div class="dc-description hide">
     <div class="description-text">
       <p><%= category[:description] %></p>
     </div>
 
-    <% if category[:cookies].present? %>
-      <div class="cookie-details-wrapper">
+    <% if category[:items].present? %>
+      <div class="dataconsent-details-wrapper">
         <div class="row detail-titles">
           <div class="columns small-2">
-            <%= t("layouts.decidim.cookie_consent.cookie_details.columns.type") %>
+            <%= t("layouts.decidim.data_consent.details.columns.type") %>
           </div>
           <div class="columns small-2">
-            <%= t("layouts.decidim.cookie_consent.cookie_details.columns.name") %>
+            <%= t("layouts.decidim.data_consent.details.columns.name") %>
           </div>
           <div class="columns small-2">
-            <%= t("layouts.decidim.cookie_consent.cookie_details.columns.service") %>
+            <%= t("layouts.decidim.data_consent.details.columns.service") %>
           </div>
           <div class="columns small-6">
-            <%= t("layouts.decidim.cookie_consent.cookie_details.columns.description") %>
+            <%= t("layouts.decidim.data_consent.details.columns.description") %>
           </div>
         </div>
 
-        <% category[:cookies].each do |cookie| %>
-          <div class="row cookie-detail-row">
+        <% category[:items].each do |item| %>
+          <div class="row dataconsent-detail-row">
             <div class="columns small-2">
-              <%= t("layouts.decidim.cookie_consent.cookie_details.types.#{cookie[:type]}") %>
+              <%= t("layouts.decidim.data_consent.details.types.#{item[:type]}") %>
             </div>
             <div class="columns small-2">
-              <%= cookie[:name] %>
+              <%= item[:name] %>
             </div>
             <div class="columns small-2">
-              <%= t("layouts.decidim.cookie_consent.cookie_details.cookies.#{cookie[:name]}.service") %>
+              <%= t("layouts.decidim.data_consent.details.items.#{item[:name]}.service") %>
             </div>
             <div class="columns small-6">
-              <%= t("layouts.decidim.cookie_consent.cookie_details.cookies.#{cookie[:name]}.description") %>
+              <%= t("layouts.decidim.data_consent.details.items.#{item[:name]}.description") %>
             </div>
           </div>
         <% end %>

data/app/cells/decidim/data_consent/dialog.erb

@@ -1,26 +1,26 @@
-<div id="cc-dialog-wrapper" class="flex-center hide robots-noindex robots-nocontent noindex" data-nosnippet role="region">
-  <div class="cc-dialog padding-vertical-1">
+<div id="dc-dialog-wrapper" class="flex-center hide robots-noindex robots-nocontent noindex" data-nosnippet role="region">
+  <div class="dc-dialog padding-vertical-1">
     <div class="row expanded">
       <div class="columns medium-12 large-8">
-        <div class="cc-content">
+        <div class="dc-content">
           <div class="h5">
-            <%= t("layouts.decidim.cookie_consent.dialog.title") %>
+            <%= t("layouts.decidim.data_consent.dialog.title") %>
           </div>
           <div>
-            <%= t("layouts.decidim.cookie_consent.dialog.description") %>
+            <%= t("layouts.decidim.data_consent.dialog.description") %>
           </div>
         </div>
       </div>
       <div class="columns medium-12 large-4">
-        <div class="cc-button-wrapper flex-center">
-          <button id="cc-dialog-accept" class="button">
-            <%= t("layouts.decidim.cookie_consent.dialog.accept_all") %>
+        <div class="dc-button-wrapper flex-center">
+          <button id="dc-dialog-accept" class="button">
+            <%= t("layouts.decidim.data_consent.dialog.accept_all") %>
           </button>
-          <button id="cc-dialog-reject" class="button hollow">
-            <%= t("layouts.decidim.cookie_consent.dialog.accept_only_essential") %>
+          <button id="dc-dialog-reject" class="button hollow">
+            <%= t("layouts.decidim.data_consent.dialog.accept_only_essential") %>
           </button>
-          <button id="cc-dialog-settings" class="button clear" data-open="cc-modal">
-            <%= t("layouts.decidim.cookie_consent.dialog.cookie_settings") %>
+          <button id="dc-dialog-settings" class="button clear" data-open="dc-modal">
+            <%= t("layouts.decidim.data_consent.dialog.settings") %>
           </button>
         </div>
       </div>

data/app/cells/decidim/data_consent/modal.erb

@@ -1,14 +1,14 @@
-<div class="reveal cc-modal" id="cc-modal" role="dialog" data-close-on-click="false" data-close-on-esc="false" aria-modal="true" data-reveal>
+<div class="reveal dc-modal" id="dc-modal" role="dialog" data-close-on-click="false" data-close-on-esc="false" aria-modal="true" data-reveal>
   <div class="reveal__header">
     <h3 class="reveal__title">
-      <%= t("layouts.decidim.cookie_consent.modal.title") %>
+      <%= t("layouts.decidim.data_consent.modal.title") %>
     </h3>
     <p>
-      <%= t("layouts.decidim.cookie_consent.modal.description") %>
+      <%= t("layouts.decidim.data_consent.modal.description") %>
     </p>
   </div>
 
-  <div class="cc-categories">
+  <div class="dc-categories">
     <% categories.each do |category| %>
       <%= render(
         {
@@ -21,18 +21,18 @@
     <% end %>
   </div>
 
-  <div class="cc-buttons-wrapper flex-center">
-    <div class="cc-buttons-left">
-      <button id="cc-modal-accept" class="button" data-close>
-        <%= t("layouts.decidim.cookie_consent.modal.accept_all") %>
+  <div class="dc-buttons-wrapper flex-center">
+    <div class="dc-buttons-left">
+      <button id="dc-modal-accept" class="button" data-close>
+        <%= t("layouts.decidim.data_consent.modal.accept_all") %>
       </button>
-      <button id="cc-modal-reject" class="button hollow" data-close>
-        <%= t("layouts.decidim.cookie_consent.modal.accept_only_essential") %>
+      <button id="dc-modal-reject" class="button hollow" data-close>
+        <%= t("layouts.decidim.data_consent.modal.accept_only_essential") %>
       </button>
     </div>
-    <div class="cc-buttons-right">
-      <button id="cc-modal-save" class="button clear" data-close>
-        <%= t("layouts.decidim.cookie_consent.modal.save_settings") %>
+    <div class="dc-buttons-right">
+      <button id="dc-modal-save" class="button clear" data-close>
+        <%= t("layouts.decidim.data_consent.modal.save_settings") %>
       </button>
     </div>
   </div>

data/app/cells/decidim/data_consent_cell.rb

@@ -10,10 +10,10 @@ module Decidim
       @categories ||= Decidim.consent_categories.map do |category|
         {
           slug: category[:slug],
-          title: t("layouts.decidim.cookie_consent.modal.#{category[:slug]}.title"),
-          description: t("layouts.decidim.cookie_consent.modal.#{category[:slug]}.description"),
+          title: t("layouts.decidim.data_consent.modal.#{category[:slug]}.title"),
+          description: t("layouts.decidim.data_consent.modal.#{category[:slug]}.description"),
           mandatory: category[:mandatory],
-          cookies: category.has_key?(:cookies) ? category[:cookies] : []
+          items: category.has_key?(:items) ? category[:items] : []
         }
       end
     end

data/app/commands/decidim/update_account.rb

@@ -24,7 +24,9 @@ module Decidim
         notify_followers
         broadcast(:ok, @user.unconfirmed_email.present?)
       else
-        @form.errors.add :avatar, @user.errors[:avatar] if @user.errors.has_key? :avatar
+        [:avatar, :password, :password_confirmation].each do |key|
+          @form.errors.add key, @user.errors[key] if @user.errors.has_key? key
+        end
         broadcast(:invalid)
       end
     end

data/app/controllers/concerns/decidim/resource_versions_concern.rb

@@ -10,6 +10,10 @@ module Decidim
       helper Decidim::TraceabilityHelper
       helper_method :current_version, :versioned_resource
 
+      def show
+        raise ActionController::RoutingError, "Not found" unless current_version
+      end
+
       private
 
       # Overwrite this method in your controller to define how to find the

data/app/controllers/decidim/devise/registrations_controller.rb

@@ -39,7 +39,7 @@ module Decidim
           end
 
           on(:invalid) do
-            flash.now[:alert] = @form.errors[:base].join(", ") if @form.errors[:base].any?
+            flash.now[:alert] = @form.errors.full_messages.join(", ") if @form.errors.full_messages.any?
             render :new
           end
         end
@@ -60,6 +60,10 @@ module Decidim
         super(hash)
         resource.organization = current_organization
       end
+
+      def devise_mapping
+        ::Devise.mappings[:user]
+      end
     end
   end
 end

data/app/controllers/decidim/last_activities_controller.rb

@@ -35,6 +35,7 @@ module Decidim
       ActionLog
         .where(visibility: %w(public-only all))
         .where(organization: current_organization)
+        .order(created_at: :desc)
     end
 
     def default_filter_params

data/app/events/decidim/resource_endorsed_event.rb

@@ -15,7 +15,8 @@ module Decidim
     end
 
     def resource_text
-      resource.body
+      return resource.body if resource.respond_to? :body
+      return resource.description if resource.respond_to? :description
     end
 
     def resource_type

data/app/forms/decidim/account_form.rb

@@ -14,7 +14,7 @@ module Decidim
     attribute :email
     attribute :password
     attribute :password_confirmation
-    attribute :avatar
+    attribute :avatar, Decidim::Attributes::Blob
     attribute :remove_avatar, Boolean, default: false
     attribute :personal_url
     attribute :about

data/app/forms/decidim/user_group_form.rb

@@ -10,7 +10,7 @@ module Decidim
     attribute :name
     attribute :nickname
     attribute :email
-    attribute :avatar
+    attribute :avatar, Decidim::Attributes::Blob
     attribute :about
     attribute :document_number
     attribute :phone

data/app/helpers/decidim/filters_helper.rb

@@ -24,7 +24,11 @@ module Decidim
           remote: true,
           html: { id: nil }.merge(html_options)
         ) do |form|
-          yield form
+          # Cannot use `concat()` here because it's not available in cells
+          inner = []
+          inner << hidden_field_tag("per_page", params[:per_page], id: nil) if params[:per_page]
+          inner << capture { yield form }
+          inner.join.html_safe
         end
       end
     end

data/app/helpers/decidim/sanitize_helper.rb

@@ -16,13 +16,18 @@ module Decidim
     #
     # Returns an HTML-safe String.
     def decidim_sanitize(html, options = {})
+      scrubber = options[:scrubber] || Decidim::UserInputScrubber.new
       if options[:strip_tags]
-        strip_tags sanitize(html, scrubber: Decidim::UserInputScrubber.new)
+        strip_tags sanitize(html, scrubber: scrubber)
       else
-        sanitize(html, scrubber: Decidim::UserInputScrubber.new)
+        sanitize(html, scrubber: scrubber)
       end
     end
 
+    def decidim_sanitize_admin(html, options = {})
+      decidim_sanitize(html, { scrubber: Decidim::AdminInputScrubber.new }.merge(options))
+    end
+
     def decidim_sanitize_newsletter(html, options = {})
       if options[:strip_tags]
         strip_tags sanitize(html, scrubber: Decidim::NewsletterScrubber.new)
@@ -32,10 +37,14 @@ module Decidim
     end
 
     def decidim_sanitize_editor(html, options = {})
-      html = Decidim::IframeDisabler.new(html, options).perform
       content_tag(:div, decidim_sanitize(html, options), class: %w(ql-editor ql-reset-decidim))
     end
 
+    def decidim_sanitize_editor_admin(html, options = {})
+      html = Decidim::IframeDisabler.new(html, options).perform
+      decidim_sanitize_editor(html, { scrubber: Decidim::AdminInputScrubber.new }.merge(options))
+    end
+
     def decidim_html_escape(text)
       ERB::Util.unwrapped_html_escape(text.to_str)
     end

data/app/models/decidim/action_log.rb

@@ -214,16 +214,16 @@ module Decidim
     end
 
     # Whether this activity or log is visible for a given user (can also be nil)
-    #
-    # Returns a True/False.
     def visible_for?(user)
-      return false if resource_lazy.blank?
-      return false if participatory_space_lazy.blank?
-      return false if resource_lazy.respond_to?(:deleted?) && resource_lazy.deleted?
-      return false if resource_lazy.respond_to?(:hidden?) && resource_lazy.hidden?
-      return false if resource_lazy.respond_to?(:can_participate?) && !resource_lazy.can_participate?(user)
-
-      true
+      resource_lazy.present? &&
+        participatory_space_lazy.present? &&
+        !resource_lazy.try(:deleted?) &&
+        !resource_lazy.try(:hidden?) &&
+        (!resource_lazy.respond_to?(:can_participate?) || resource_lazy.try(:can_participate?, user))
+    rescue NameError => e
+      Rails.logger.warn "Failed resource for #{self.class.name}(id=#{id}): #{e.message}"
+
+      false
     end
   end
 end

data/app/models/decidim/notification.rb

@@ -7,8 +7,17 @@ module Decidim
     belongs_to :resource, foreign_key: "decidim_resource_id", foreign_type: "decidim_resource_type", polymorphic: true
     belongs_to :user, foreign_key: "decidim_user_id", class_name: "Decidim::User"
 
-    scope :daily, ->(time: Time.now.utc - 1.day) { where(created_at: time.all_day) }
-    scope :weekly, ->(time: Time.now.utc) { where(created_at: (time - 7.days)..time) }
+    # Daily notifications should contain all notifications within the previous
+    # day from the given day.
+    scope :daily, ->(time: Time.now.utc) { where(created_at: (time - 1.day).all_day) }
+
+    # Weekly notifications should contain all notifications within the previous
+    # week counting from the end of the previous day until the start of the day
+    # 1 week ago from the previous day.
+    scope :weekly, lambda { |time: Time.now.utc|
+      end_of_previous_day = (time - 1.day).end_of_day
+      where(created_at: (end_of_previous_day - 7.days).beginning_of_day..end_of_previous_day)
+    }
 
     def event_class_instance
       @event_class_instance ||= event_class.constantize.new(

data/app/models/decidim/user_base_entity.rb

@@ -30,6 +30,7 @@ module Decidim
 
     scope :blocked, -> { where(blocked: true) }
     scope :not_blocked, -> { where(blocked: false) }
+    scope :available, -> { where(deleted_at: nil, blocked: false, managed: false) }
 
     # Public: Returns a collection with all the public entities this user is following.
     #

data/app/packs/entrypoints/decidim_core.js

@@ -58,7 +58,7 @@ import "src/decidim/identity_selector_dialog"
 import "src/decidim/gallery"
 import "src/decidim/direct_uploads/upload_field"
 import "src/decidim/back_to_list"
-import "src/decidim/cookie_consent/cookie_consent"
+import "src/decidim/data_consent"
 
 // CSS
 import "entrypoints/decidim_core.scss"

data/app/packs/src/decidim/account_form.js

@@ -1,27 +1,77 @@
+/**
+ * Initializes the edit account form to control the password field elements
+ * which should only be required when they are visible.
+ *
+ * @returns {void}
+ */
+const initializeAccountForm = () => {
+  const editUserForm = document.querySelector("form.edit_user");
+  if (!editUserForm) {
+    return;
+  }
+
+  const passwordChange = editUserForm.querySelector("#passwordChange");
+  if (!passwordChange) {
+    return;
+  }
+
+  const passwordFields = passwordChange.querySelectorAll("input[type='password']");
+  if (passwordFields.length < 1) {
+    return;
+  }
+
+  // Foundation uses jQuery so these have to be bound using jQuery and the
+  // attribute value needs to be set through jQuery.
+  const togglePasswordFieldValidators = (enabled) => {
+    $(passwordFields).attr("required", enabled);
+
+    if (!enabled) {
+      passwordFields.forEach((field) => (field.value = ""));
+    }
+  }
+
+  $(passwordChange).on("on.zf.toggler", () => {
+    togglePasswordFieldValidators(true);
+  });
+  $(passwordChange).on("off.zf.toggler", () => {
+    togglePasswordFieldValidators(false);
+  });
+  togglePasswordFieldValidators(false);
+};
+
 /**
  * Since the delete account has a modal to confirm it we need to copy the content of the
  * reason field to the hidden field in the form inside the modal.
+ *
+ * @return {void}
  */
-$(() => {
+const initializeDeleteAccount = () => {
   const $deleteAccountForm = $(".delete-account");
   const $deleteAccountModalForm = $(".delete-account-modal");
 
-  if ($deleteAccountForm.length > 0) {
-    const $openModalButton = $(".open-modal-button");
-    const $modal = $("#deleteConfirm");
-
-    $openModalButton.on("click", (event) => {
-      try {
-        const reasonValue = $deleteAccountForm.find("textarea#delete_account_delete_reason").val();
-        $deleteAccountModalForm.find("input#delete_account_delete_reason").val(reasonValue);
-        $modal.foundation("open");
-      } catch (error) {
-        console.error(error); // eslint-disable-line no-console
-      }
-
-      event.preventDefault();
-      event.stopPropagation();
-      return false;
-    });
+  if ($deleteAccountForm.length < 1) {
+    return;
   }
+
+  const $openModalButton = $(".open-modal-button");
+  const $modal = $("#deleteConfirm");
+
+  $openModalButton.on("click", (event) => {
+    try {
+      const reasonValue = $deleteAccountForm.find("textarea#delete_account_delete_reason").val();
+      $deleteAccountModalForm.find("input#delete_account_delete_reason").val(reasonValue);
+      $modal.foundation("open");
+    } catch (error) {
+      console.error(error); // eslint-disable-line no-console
+    }
+
+    event.preventDefault();
+    event.stopPropagation();
+    return false;
+  });
+};
+
+$(() => {
+  initializeAccountForm();
+  initializeDeleteAccount();
 });