decidim-decidim_awesome 0.12.0 → 0.12.4

data/app/commands/decidim/decidim_awesome/admin/destroy_proposal_custom_field.rb

@@ -4,12 +4,13 @@ module Decidim
   module DecidimAwesome
     module Admin
       class DestroyProposalCustomField < Command
+        include NeedsConstraintHelpers
         # Public: Initializes the command.
         #
-        # key - the key to destroy inise proposal_custom_fields
+        # key - the key to destroy init proposal_custom_fields
         # organization
         def initialize(key, organization, config_var = :proposal_custom_fields)
-          @key = key
+          @ident = key
           @organization = organization
           @config_var = config_var
         end
@@ -21,19 +22,12 @@ module Decidim
         #
         # Returns nothing.
         def call
-          fields = AwesomeConfig.find_by(var: @config_var, organization: @organization)
-          return broadcast(:invalid, "Not a hash") unless fields&.value.is_a? Hash
-          return broadcast(:invalid, "#{key} key invalid") unless fields.value.has_key?(@key)
+          return broadcast(:invalid, "Not a hash") unless find_var&.value.is_a? Hash
+          return broadcast(:invalid, "#{ident} key invalid") unless find_var.value.has_key?(ident)
 
-          fields.value.except!(@key)
-          fields.save!
+          destroy_hash_ident!
 
-          # remove constrains associated (a new config var is generated automatically, by removing it, it will trigger destroy on dependents)
-          constraint = @config_var == :proposal_custom_fields ? :proposal_custom_field : :proposal_private_custom_field
-          constraint = AwesomeConfig.find_by(var: "#{constraint}_#{@key}", organization: @organization)
-          constraint.destroy! if constraint.present?
-
-          broadcast(:ok, @key)
+          broadcast(:ok, ident)
         rescue StandardError => e
           broadcast(:invalid, e.message)
         end

data/app/commands/decidim/decidim_awesome/admin/destroy_scoped_admin.rb

@@ -4,13 +4,15 @@ module Decidim
   module DecidimAwesome
     module Admin
       class DestroyScopedAdmin < Command
+        include NeedsConstraintHelpers
         # Public: Initializes the command.
         #
         # key - the key to destroy inside scoped_admins
         # organization
         def initialize(key, organization)
-          @key = key
+          @ident = key
           @organization = organization
+          @config_var = :scoped_admins
         end
 
         # Executes the command. Broadcasts these events:
@@ -20,17 +22,12 @@ module Decidim
         #
         # Returns nothing.
         def call
-          admins = AwesomeConfig.find_by(var: :scoped_admins, organization: @organization)
-          return broadcast(:invalid, "Not a hash") unless admins&.value.is_a? Hash
-          return broadcast(:invalid, "#{key} key invalid") unless admins.value.has_key?(@key)
+          return broadcast(:invalid, "Not a hash") unless find_var&.value.is_a? Hash
+          return broadcast(:invalid, "#{ident} key invalid") unless find_var.value.has_key?(ident)
 
-          admins.value.except!(@key)
-          admins.save!
-          # remove constrains associated (a new config var is generated automatically, by removing it, it will trigger destroy on dependents)
-          constraint = AwesomeConfig.find_by(var: "scoped_admin_#{@key}", organization: @organization)
-          constraint.destroy! if constraint.present?
+          destroy_hash_ident!
 
-          broadcast(:ok, @key)
+          broadcast(:ok, ident)
         rescue StandardError => e
           broadcast(:invalid, e.message)
         end

data/app/commands/decidim/decidim_awesome/admin/destroy_scoped_style.rb

@@ -4,12 +4,13 @@ module Decidim
   module DecidimAwesome
     module Admin
       class DestroyScopedStyle < Command
+        include NeedsConstraintHelpers
         # Public: Initializes the command.
         #
         # key - the key to destroy inside scoped_styles/scoped_admin_styles
         # organization
         def initialize(key, organization, config_var = :scoped_styles)
-          @key = key
+          @ident = key
           @organization = organization
           @config_var = config_var
         end
@@ -21,18 +22,12 @@ module Decidim
         #
         # Returns nothing.
         def call
-          styles = AwesomeConfig.find_by(var: @config_var, organization: @organization)
-          return broadcast(:invalid, "Not a hash") unless styles&.value.is_a? Hash
-          return broadcast(:invalid, "#{key} key invalid") unless styles.value.has_key?(@key)
+          return broadcast(:invalid, "Not a hash") unless find_var&.value.is_a? Hash
+          return broadcast(:invalid, "#{ident} key invalid") unless find_var.value.has_key?(ident)
 
-          styles.value.except!(@key)
-          styles.save!
-          # remove constrains associated (a new config var is generated automatically, by removing it, it will trigger destroy on dependents)
-          constraint = @config_var == :scoped_styles ? :scoped_style : :scoped_admin_style
-          constraint = AwesomeConfig.find_by(var: "#{constraint}_#{@key}", organization: @organization)
-          constraint.destroy! if constraint.present?
+          destroy_hash_ident!
 
-          broadcast(:ok, @key)
+          broadcast(:ok, ident)
         rescue StandardError => e
           broadcast(:invalid, e.message)
         end

data/app/commands/decidim/decidim_awesome/admin/update_config.rb

@@ -30,7 +30,18 @@ module Decidim
               next unless form.valid_keys.include?(key.to_sym)
 
               setting = AwesomeConfig.find_or_initialize_by(var: key, organization: form.current_organization)
-              setting.value = val.respond_to?(:attributes) ? val.attributes : val
+
+              value = if form.respond_to?("#{key}_attributes")
+                        # for complex cases
+                        form.public_send("#{key}_attributes")
+                      elsif val.respond_to?(:attributes)
+                        # when the value is another form
+                        val.attributes
+                      else
+                        val
+                      end
+
+              setting.value = value
               setting.save!
             end
 

data/app/commands/decidim/decidim_awesome/admin/update_custom_redirect.rb

@@ -4,12 +4,14 @@ module Decidim
   module DecidimAwesome
     module Admin
       class UpdateCustomRedirect < Command
+        include NeedsConstraintHelpers
         # Public: Initializes the command.
         #
         def initialize(form, item)
           @form = form
           @item = item
-          @redirects = AwesomeConfig.find_by(var: :custom_redirects, organization: form.current_organization)
+          @config_var = :custom_redirects
+          @organization = form.current_organization
         end
 
         # Executes the command. Broadcasts these events:
@@ -22,26 +24,24 @@ module Decidim
           return broadcast(:invalid) if form.invalid?
           return broadcast(:invalid, I18n.t("custom_redirects.origin_missing", scope: "decidim.decidim_awesome.admin")) unless url_exists?
 
-          redirects.value&.except!(item.origin)
-          redirects.value[to_params[0]] = to_params[1]
-          redirects.save!
+          find_var.value&.except!(item.origin)
+          find_var.value[form.to_params[0]] = form.to_params[1]
+          find_var.save!
 
-          broadcast(:ok, redirects)
+          broadcast(:ok, find_var)
         rescue StandardError => e
           broadcast(:invalid, e.message)
         end
 
         private
 
-        attr_reader :form, :redirects, :item
-
-        delegate :to_params, to: :form
+        attr_reader :form, :item
 
         def url_exists?
-          return false unless redirects
-          return false unless redirects.value.is_a? Hash
+          return false unless find_var
+          return false unless find_var.value.is_a? Hash
 
-          redirects.value[item.origin].present?
+          find_var.value[item.origin].present?
         end
       end
     end

data/app/commands/decidim/decidim_awesome/admin/update_menu_hack.rb

@@ -4,11 +4,13 @@ module Decidim
   module DecidimAwesome
     module Admin
       class UpdateMenuHack < Command
+        include NeedsConstraintHelpers
         # Public: Initializes the command.
         #
         def initialize(form, menu_name)
           @form = form
-          @menu = AwesomeConfig.find_or_initialize_by(var: menu_name, organization: form.current_organization)
+          @config_var = menu_name
+          @organization = form.current_organization
         end
 
         # Executes the command. Broadcasts these events:
@@ -20,10 +22,10 @@ module Decidim
         def call
           return broadcast(:invalid) if form.invalid?
 
-          menu.value = [] unless menu.value.is_a? Array
-          menu.value = menu.value.filter { |i| i.is_a? Hash }
+          find_var.value = [] unless find_var.value.is_a? Array
+          find_var.value = find_var.value.filter { |i| i.is_a? Hash }
           found = false
-          menu.value.map! do |item|
+          find_var.value.map! do |item|
             if item["url"] == form.url
               found = true
               form.to_params
@@ -31,16 +33,16 @@ module Decidim
               item
             end
           end
-          menu.value << form.to_params unless found
-          menu.save!
-          broadcast(:ok, menu)
+          find_var.value << form.to_params unless found
+          find_var.save!
+          broadcast(:ok, find_var)
         rescue StandardError => e
           broadcast(:invalid, e.message)
         end
 
         private
 
-        attr_reader :form, :menu
+        attr_reader :form
       end
     end
   end

data/app/controllers/concerns/decidim/decidim_awesome/admin/maintenance_context.rb

@@ -8,34 +8,6 @@ module Decidim
 
         included do
           layout "decidim/decidim_awesome/admin/maintenance"
-          helper_method :current_view, :available_views, :present_private_data
-
-          private
-
-          def present_private_data(model)
-            PrivateDataPresenter.new(model)
-          end
-
-          def current_view
-            return params[:id] if available_views.include?(params[:id])
-
-            available_views.keys.first
-          end
-
-          def available_views
-            {
-              "private_data" => {
-                title: I18n.t("private_data", scope: "decidim.decidim_awesome.admin.menu.maintenance"),
-                icon: "spy-line",
-                path: decidim_admin_decidim_awesome.maintenance_path("private_data")
-              },
-              "checks" => {
-                title: I18n.t("checks", scope: "decidim.decidim_awesome.admin.menu.maintenance"),
-                icon: "pulse",
-                path: decidim_admin_decidim_awesome.checks_maintenance_index_path
-              }
-            }
-          end
         end
       end
     end

data/app/controllers/concerns/decidim/decidim_awesome/enforce_access_authorizations.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module EnforceAccessAuthorizations
+      extend ActiveSupport::Concern
+
+      included do
+        include ::Decidim::DecidimAwesome::NeedsAwesomeConfig
+        before_action :enforce_authorizations
+      end
+
+      private
+
+      def enforce_authorizations
+        return if skip_enforcement_for_current_request?
+
+        unless service.granted?
+          flash[:alert] = I18n.t("decidim.decidim_awesome.session.authorization_is_required",
+                                 authorizations: service.adapters.map(&:fullname).join(", "))
+          redirect_to decidim_decidim_awesome.required_authorizations_path(redirect_url: request.fullpath)
+        end
+      end
+
+      def service
+        @service ||= Decidim::DecidimAwesome::AccessAuthorizationService.new(current_user, current_organization, required_authorization_groups)
+      end
+
+      def required_authorization_groups
+        return unless awesome_force_authorizations.is_a?(Array)
+
+        @required_authorization_groups ||= awesome_force_authorizations.pluck("authorization_handlers").compact_blank
+      end
+
+      def skip_enforcement_for_current_request?
+        # skip unconfirmed and blocked as other decidim mechanisms kick in
+        return true if user_signed_in? && (!current_user.confirmed? || current_user.blocked?)
+        return true if allowed_controllers.include?(controller_name.to_s)
+
+        # Only apply it if the context requires it
+        awesome_force_authorizations.blank?
+      end
+
+      def allowed_controllers
+        %w(required_authorizations authorizations upload_validations timeouts editor_images locales pages tos) + awesome_config[:force_authorization_allowed_controller_names].to_a
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/decidim_awesome/needs_hashcash.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module NeedsHashcash
+      extend ActiveSupport::Concern
+
+      included do
+        include AwesomeHelpers
+        include ActiveHashcash
+
+        helper_method :awesome_hashcash_bits
+        before_action :set_hashcash_bits
+        before_action :awesome_check_hashcash, only: :create # rubocop:disable Rails/LexicallyScopedActionFilter
+      end
+
+      private
+
+      def awesome_hashcash_bits(zone)
+        return false unless awesome_config["hashcash_#{zone}".to_sym]
+
+        awesome_config["hashcash_#{zone}_bits".to_sym]
+      end
+
+      def awesome_check_hashcash
+        return unless set_hashcash_bits
+
+        check_hashcash
+      end
+
+      # Dynamically configures the gem https://github.com/BaseSecrete/active_hashcash
+      def set_hashcash_bits
+        return if user_signed_in?
+
+        ActiveHashcash.bits = if controller_name == "registrations"
+                                awesome_hashcash_bits(:signup)
+                              else
+                                awesome_hashcash_bits(:login)
+                              end
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/decidim_awesome/not_found_redirect.rb

@@ -14,9 +14,9 @@ module Decidim
           return unless Decidim::User.respond_to? :awesome_admins_for_current_scope
           return unless Decidim::User.respond_to? :awesome_potential_admins
           return unless defined? current_user
-          return unless Decidim::User.awesome_potential_admins.include? current_user.id
+          return unless Decidim::User.awesome_potential_admins.include? current_user&.id
 
-          # assiging a flash message here does not work after redirection due the order of middleware in Rails
+          # assigning a flash message here does not work after redirection due the order of middleware in Rails
           # as a workaround, send a message through a get parameter
           path = "/admin/?unauthorized"
           referer = request.headers["Referer"]

data/app/controllers/decidim/decidim_awesome/admin/admin_authorizations_controller.rb

@@ -32,8 +32,8 @@ module Decidim
                 if force_verification.present?
                   create_forced_authorization
                 else
-                  message = render_to_string("callout", locals: { i18n_key: "user_not_authorized", klass: "alert" })
-                  message += render_to_string("edit", locals: { with_override: true })
+                  callout = render_to_string("callout", locals: { i18n_key: "user_not_authorized", klass: "alert" }, layout: false)
+                  message = render_to_string("edit", locals: { with_override: true, callout: })
                 end
               end
               on(:ok) do

data/app/controllers/decidim/decidim_awesome/admin/checks_controller.rb

@@ -52,10 +52,6 @@ module Decidim
         rescue ActionView::Template::Error => e
           flash.now[:alert] = "Partial [#{partial}] has thrown an error: #{e.message}"
         end
-
-        def current_view
-          "checks"
-        end
       end
     end
   end

data/app/controllers/decidim/decidim_awesome/admin/config_controller.rb

@@ -16,8 +16,9 @@ module Decidim
 
         def show
           @form = form(ConfigForm).from_params(organization_awesome_config)
+          path = main_path_for(config_var)
 
-          redirect_to decidim_admin_decidim_awesome.checks_maintenance_index_path unless config_var
+          redirect_to decidim_admin_decidim_awesome.send(path[0], *path[1]) unless path[0] == :config_path
         end
 
         def update

data/app/controllers/decidim/decidim_awesome/admin/constraints_controller.rb

@@ -138,6 +138,8 @@ module Decidim
             :proposal_custom_fields
           when /^proposal_private_custom_field_/
             :proposal_private_custom_fields
+          when /^force_authorization_/
+            :force_authorizations
           else
             key
           end

data/app/controllers/decidim/decidim_awesome/admin/custom_redirects_controller.rb

@@ -3,13 +3,12 @@
 module Decidim
   module DecidimAwesome
     module Admin
-      # Editing menu items
       class CustomRedirectsController < DecidimAwesome::Admin::ApplicationController
         include NeedsAwesomeConfig
         include ConfigConstraintsHelpers
 
         before_action do
-          enforce_permission_to :edit_config, :menu
+          enforce_permission_to :edit_config, :custom_redirects
         end
 
         helper ConfigConstraintsHelpers

data/app/controllers/decidim/decidim_awesome/admin/force_authorizations_controller.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module Admin
+      class ForceAuthorizationsController < DecidimAwesome::Admin::ConfigController
+        def create
+          CreateAuthorizationGroup.call(current_organization, config_var) do
+            on(:ok) do |key|
+              flash[:notice] = I18n.t("config.create_force_authorization.success", key:, scope: "decidim.decidim_awesome.admin")
+            end
+
+            on(:invalid) do |message|
+              flash[:alert] = I18n.t("config.create_force_authorization.error", error: message, scope: "decidim.decidim_awesome.admin")
+            end
+          end
+
+          redirect_to decidim_admin_decidim_awesome.config_path(:verifications)
+        end
+
+        def destroy
+          DestroyAuthorizationGroup.call(params[:key], current_organization, config_var) do
+            on(:ok) do |key|
+              flash[:notice] = I18n.t("config.destroy_force_authorization.success", key:, scope: "decidim.decidim_awesome.admin")
+            end
+
+            on(:invalid) do |message|
+              flash[:alert] = I18n.t("config.destroy_force_authorization.error", error: message, scope: "decidim.decidim_awesome.admin")
+            end
+          end
+
+          redirect_to decidim_admin_decidim_awesome.config_path(:verifications)
+        end
+
+        private
+
+        # maybe in the future we want to restrict the admin as well
+        def config_var
+          :force_authorizations
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/decidim_awesome/admin/hashcash_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "decidim/decidim_awesome/version"
+
+module Decidim
+  module DecidimAwesome
+    module Admin
+      # System compatibility analyzer
+      class HashcashController < DecidimAwesome::Admin::ApplicationController
+        include NeedsAwesomeConfig
+        include MaintenanceContext
+        helper ConfigConstraintsHelpers
+
+        helper_method :stamps, :stamp, :addresses
+        before_action do
+          enforce_permission_to :edit_config, [:hashcash_login, :hashcash_signup]
+        end
+
+        def ip_addresses
+          render "ip_addresses"
+        end
+
+        private
+
+        def stamps
+          @stamps ||= ActiveHashcash::Stamp.filter_by(params).order(created_at: :desc).limit(1000)
+        end
+
+        def stamp
+          @stamp ||= ActiveHashcash::Stamp.find_by(id: params[:id])
+        end
+
+        def addresses
+          @addresses ||= ActiveHashcash::Stamp.filter_by(params).group(:ip_address).order(count_all: :desc).limit(1000).count
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/decidim_awesome/admin/menu_hacks_controller.rb

@@ -12,7 +12,7 @@ module Decidim
         helper_method :current_items, :visibility_options, :target_options
 
         before_action do
-          enforce_permission_to :edit_config, :menu
+          enforce_permission_to :edit_config, current_menu_name
         end
 
         def index; end

data/app/controllers/decidim/decidim_awesome/admin/{maintenance_controller.rb → private_data_controller.rb}

@@ -6,7 +6,7 @@ module Decidim
   module DecidimAwesome
     module Admin
       # System compatibility analyzer
-      class MaintenanceController < DecidimAwesome::Admin::ApplicationController
+      class PrivateDataController < DecidimAwesome::Admin::ApplicationController
         include NeedsAwesomeConfig
         include MaintenanceContext
         include Decidim::Admin::Filterable
@@ -19,36 +19,36 @@ module Decidim
           enforce_permission_to :edit_config, :private_data, private_data:
         end
 
-        def show
+        def index
           respond_to do |format|
             format.json do
               render json: private_data_finder.for(params[:resources].to_s.split(",")).map { |resource| present(resource) }
             end
             format.all do
-              render :show
+              render :index
             end
           end
         end
 
-        def destroy_private_data
+        def destroy
           if private_data && private_data.total.to_i.positive?
             Decidim::ActionLogger.log("destroy_private_data", current_user, resource, nil, count: private_data.total)
 
             Lock.new(current_organization).get!(resource)
             DestroyPrivateDataJob.set(wait: 1.second).perform_later(resource)
           end
-          redirect_to decidim_admin_decidim_awesome.maintenance_path("private_data"),
-                      notice: I18n.t("destroying_private_data", scope: "decidim.decidim_awesome.admin.maintenance.private_data", title: present_private_data(resource).name)
+          redirect_to decidim_admin_decidim_awesome.private_data_path,
+                      notice: I18n.t("destroying", scope: "decidim.decidim_awesome.admin.private_data.private_data", title: present(resource).name)
         end
 
         private
 
         def resource
-          @resource ||= Component.find_by(id: params[:resource_id])
+          @resource ||= Component.find_by(id: params[:id])
         end
 
         def private_data
-          @private_data ||= present_private_data(resource) if resource
+          @private_data ||= present(resource) if resource
         end
 
         def collection
@@ -60,7 +60,7 @@ module Decidim
         end
 
         def present(resource)
-          present_private_data(resource)
+          PrivateDataPresenter.new(resource)
         end
 
         def private_data_finder