RubyGems - decidim-decidim_awesome - Versions diffs - 0.12.3 → 0.12.4 - Mend

decidim-decidim_awesome 0.12.3 → 0.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

data/app/commands/decidim/decidim_awesome/admin/update_menu_hack.rb CHANGED Viewed

@@ -4,11 +4,13 @@ module Decidim
   module DecidimAwesome
     module Admin
       class UpdateMenuHack < Command
+        include NeedsConstraintHelpers
         # Public: Initializes the command.
         #
         def initialize(form, menu_name)
           @form = form
-          @menu = AwesomeConfig.find_or_initialize_by(var: menu_name, organization: form.current_organization)
+          @config_var = menu_name
+          @organization = form.current_organization
         end
         # Executes the command. Broadcasts these events:
@@ -20,10 +22,10 @@ module Decidim
         def call
           return broadcast(:invalid) if form.invalid?
-          menu.value = [] unless menu.value.is_a? Array
-          menu.value = menu.value.filter { |i| i.is_a? Hash }
+          find_var.value = [] unless find_var.value.is_a? Array
+          find_var.value = find_var.value.filter { |i| i.is_a? Hash }
           found = false
-          menu.value.map! do |item|
+          find_var.value.map! do |item|
             if item["url"] == form.url
               found = true
               form.to_params
@@ -31,16 +33,16 @@ module Decidim
               item
             end
           end
-          menu.value << form.to_params unless found
-          menu.save!
-          broadcast(:ok, menu)
+          find_var.value << form.to_params unless found
+          find_var.save!
+          broadcast(:ok, find_var)
         rescue StandardError => e
           broadcast(:invalid, e.message)
         end
         private
-        attr_reader :form, :menu
+        attr_reader :form
       end
     end
   end

data/app/controllers/concerns/decidim/decidim_awesome/enforce_access_authorizations.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    module EnforceAccessAuthorizations
+      extend ActiveSupport::Concern
+      included do
+        include ::Decidim::DecidimAwesome::NeedsAwesomeConfig
+        before_action :enforce_authorizations
+      end
+      private
+      def enforce_authorizations
+        return if skip_enforcement_for_current_request?
+        unless service.granted?
+          flash[:alert] = I18n.t("decidim.decidim_awesome.session.authorization_is_required",
+                                 authorizations: service.adapters.map(&:fullname).join(", "))
+          redirect_to decidim_decidim_awesome.required_authorizations_path(redirect_url: request.fullpath)
+        end
+      end
+      def service
+        @service ||= Decidim::DecidimAwesome::AccessAuthorizationService.new(current_user, current_organization, required_authorization_groups)
+      end
+      def required_authorization_groups
+        return unless awesome_force_authorizations.is_a?(Array)
+        @required_authorization_groups ||= awesome_force_authorizations.pluck("authorization_handlers").compact_blank
+      end
+      def skip_enforcement_for_current_request?
+        # skip unconfirmed and blocked as other decidim mechanisms kick in
+        return true if user_signed_in? && (!current_user.confirmed? || current_user.blocked?)
+        return true if allowed_controllers.include?(controller_name.to_s)
+        # Only apply it if the context requires it
+        awesome_force_authorizations.blank?
+      end
+      def allowed_controllers
+        %w(required_authorizations authorizations upload_validations timeouts editor_images locales pages tos) + awesome_config[:force_authorization_allowed_controller_names].to_a
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/decidim_awesome/needs_hashcash.rb CHANGED Viewed

@@ -30,11 +30,13 @@ module Decidim
       # Dynamically configures the gem https://github.com/BaseSecrete/active_hashcash
       def set_hashcash_bits
-        if controller_name == "sessions"
-          ActiveHashcash.bits = awesome_hashcash_bits(:login)
-        elsif controller_name == "registrations"
-          ActiveHashcash.bits = awesome_hashcash_bits(:signup)
-        end
+        return if user_signed_in?
+        ActiveHashcash.bits = if controller_name == "registrations"
+                                awesome_hashcash_bits(:signup)
+                              else
+                                awesome_hashcash_bits(:login)
+                              end
       end
     end
   end

data/app/controllers/decidim/decidim_awesome/admin/constraints_controller.rb CHANGED Viewed

@@ -138,6 +138,8 @@ module Decidim
             :proposal_custom_fields
           when /^proposal_private_custom_field_/
             :proposal_private_custom_fields
+          when /^force_authorization_/
+            :force_authorizations
           else
             key
           end

data/app/controllers/decidim/decidim_awesome/admin/force_authorizations_controller.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    module Admin
+      class ForceAuthorizationsController < DecidimAwesome::Admin::ConfigController
+        def create
+          CreateAuthorizationGroup.call(current_organization, config_var) do
+            on(:ok) do |key|
+              flash[:notice] = I18n.t("config.create_force_authorization.success", key:, scope: "decidim.decidim_awesome.admin")
+            end
+            on(:invalid) do |message|
+              flash[:alert] = I18n.t("config.create_force_authorization.error", error: message, scope: "decidim.decidim_awesome.admin")
+            end
+          end
+          redirect_to decidim_admin_decidim_awesome.config_path(:verifications)
+        end
+        def destroy
+          DestroyAuthorizationGroup.call(params[:key], current_organization, config_var) do
+            on(:ok) do |key|
+              flash[:notice] = I18n.t("config.destroy_force_authorization.success", key:, scope: "decidim.decidim_awesome.admin")
+            end
+            on(:invalid) do |message|
+              flash[:alert] = I18n.t("config.destroy_force_authorization.error", error: message, scope: "decidim.decidim_awesome.admin")
+            end
+          end
+          redirect_to decidim_admin_decidim_awesome.config_path(:verifications)
+        end
+        private
+        # maybe in the future we want to restrict the admin as well
+        def config_var
+          :force_authorizations
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/decidim_awesome/required_authorizations_controller.rb CHANGED Viewed

@@ -2,14 +2,17 @@
 module Decidim
   module DecidimAwesome
-    # This controller handles image uploads for the Tiptap editor
+    # Lists the authorizations required for the current user/context and helps
     class RequiredAuthorizationsController < DecidimAwesome::ApplicationController
+      include ActionView::Helpers::SanitizeHelper
       layout "layouts/decidim/authorizations"
-      helper_method :granted_authorizations, :pending_authorizations, :missing_authorizations, :redirect_url
+      helper_method :granted_authorizations, :pending_authorizations, :missing_authorizations, :redirect_url, :authorization_help_text, :service
       before_action do
-        redirect_to redirect_url unless user_signed_in?
-        redirect_to redirect_url if user_is_authorized?
+        # If the user is already authorized for the required handlers, send them
+        # back to the original destination (or root). This avoids loops because
+        # redirect_url defaults to decidim.root_path when it points back here.
+        redirect_to redirect_url if user_signed_in? && service.granted? && request.path != redirect_url
       end
       def redirect_url
@@ -23,35 +26,70 @@ module Decidim
         end
       end
-      def index
-        enforce_permission_to :read, :required_authorizations, user_is_authorized: user_is_authorized?
-      end
       private
+      delegate :authorization_handlers, :adapters, to: :service
+      def current_authorizations
+        @current_authorizations ||= Decidim::Verifications::Authorizations.new(
+          organization: current_organization,
+          user: current_user,
+          name: authorization_handlers,
+          granted: true
+        )
+      end
       def missing_authorizations
-        @missing_authorizations ||= required_authorizations.filter do |manifest|
+        @missing_authorizations ||= adapters.filter do |manifest|
           Decidim::Verifications::Authorizations.new(
             organization: current_organization,
             user: current_user,
-            name: required_authorizations.map(&:name)
+            name: authorization_handlers
           ).pluck(:name).exclude?(manifest.name)
         end
       end
       def pending_authorizations
-        @pending_authorizations ||= required_authorizations.filter do |manifest|
+        @pending_authorizations ||= adapters.filter do |manifest|
           Decidim::Verifications::Authorizations.new(
             organization: current_organization,
             user: current_user,
-            name: required_authorizations.map(&:name),
+            name: authorization_handlers,
             granted: false
           ).pluck(:name).include?(manifest.name)
         end
       end
       def granted_authorizations
-        @granted_authorizations ||= required_authorizations.filter { |manifest| current_authorizations.pluck(:name).include?(manifest.name) }
+        @granted_authorizations ||= adapters.filter { |manifest| current_authorizations.pluck(:name).include?(manifest.name) }
+      end
+      def service
+        @service ||= Decidim::DecidimAwesome::AccessAuthorizationService.new(current_user, current_organization, context_authorizations)
+      end
+      # we need to detect the context from the redirect_url passed
+      def context_force_authorizations
+        @context_force_authorizations ||= begin
+          config = Config.new(current_organization)
+          config.context_from_request!(redirect_url)
+          config.application_context!(current_user:)
+          config.collect_sub_configs_values("force_authorization")
+        end
+      end
+      def context_authorizations
+        @context_authorizations ||= (context_force_authorizations.pluck("authorization_handlers").compact_blank if context_force_authorizations.is_a?(Array))
+      end
+      # show the first help text available
+      def authorization_help_text
+        return unless context_force_authorizations.is_a?(Array)
+        context_force_authorizations.pluck("force_authorization_help_text").find do |text|
+          text = translated_attribute(text)
+          strip_tags(text).strip.present? ? text : nil
+        end
       end
     end
   end

data/app/forms/concerns/decidim/decidim_awesome/proposals/admin/proposal_form_customizations.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+# Recreate validations to take into account custom fields and ignore the length limit in proposals
+module Decidim
+  module DecidimAwesome
+    module Proposals
+      module Admin
+        module ProposalFormCustomizations
+          extend ActiveSupport::Concern
+          include ProposalFormCustomizationsBase
+          class_methods do
+            def overridden_validators
+              _validators.filter do |attribute, _validators|
+                attribute.to_s.start_with?("title") || attribute.to_s.start_with?("body")
+              end
+            end
+            def overridden_validate_callbacks
+              _validate_callbacks.filter do |callback|
+                filter = callback.filter
+                if filter.is_a?(ActiveModel::Validations::LengthValidator) ||
+                   filter.is_a?(ActiveModel::Validations::PresenceValidator) ||
+                   filter.is_a?(TranslatablePresenceValidator)
+                  filter.attributes.any? { |attr| attr.to_s.start_with?("title") || attr.to_s.start_with?("body") }
+                end
+              end
+            end
+            # remove presence, length and etiquette validators from :title and :body
+            def clear_overridden_validators!
+              overridden_validators.keys.each do |attribute|
+                _validators.delete(attribute)
+              end
+              overridden_validate_callbacks.each do |callback|
+                _validate_callbacks.delete(callback)
+              end
+            end
+          end
+          included do
+            clear_overridden_validators!
+            translatable_attribute :title, String do |field, _locale|
+              validates field, proposal_length: {
+                minimum: ->(form) { form.minimum_title_length },
+                maximum: 150
+              }, if: proc { |resource| resource.send(field).present? }
+            end
+            validates :title, :body, translatable_presence: true, unless: ->(form) { form.override_validations? }
+          end
+        end
+      end
+    end
+  end
+end

data/app/forms/concerns/decidim/decidim_awesome/proposals/proposal_form_customizations.rb CHANGED Viewed

@@ -7,8 +7,35 @@ module Decidim
       module ProposalFormCustomizations
         extend ActiveSupport::Concern
+        include ProposalFormCustomizationsBase
+        class_methods do
+          def overridden_validate_callbacks
+            _validate_callbacks.filter do |callback|
+              filter = callback.filter
+              case filter
+              when EtiquetteValidator, ActiveModel::Validations::LengthValidator, ProposalLengthValidator, ActiveModel::Validations::PresenceValidator
+                filter.attributes.include?(:title) || filter.attributes.include?(:body)
+              when :body_is_not_bare_template
+                true
+              end
+            end
+          end
+          # remove presence, length and etiquette validators from :title and :body
+          def clear_overridden_validators!
+            _validators.delete(:title)
+            _validators.delete(:body)
+            overridden_validate_callbacks.each do |callback|
+              _validate_callbacks.delete(callback)
+            end
+          end
+        end
         included do
-          clear_validators!
+          clear_overridden_validators!
           validates :title, presence: true, etiquette: true
           validates :title, proposal_length: {
@@ -22,34 +49,7 @@ module Decidim
             minimum: ->(form) { form.minimum_body_length },
             maximum: ->(form) { form.override_validations? ? 0 : form.component.settings.proposal_length }
           }
           validate :body_is_not_bare_template, unless: ->(form) { form.override_validations? }
-          def override_validations?
-            return false if context.current_component.settings.participatory_texts_enabled
-            custom_fields.present?
-          end
-          def minimum_title_length
-            awesome_config.config[:validate_title_min_length].to_i
-          end
-          def minimum_body_length
-            awesome_config.config[:validate_body_min_length].to_i
-          end
-          def custom_fields
-            @custom_fields ||= awesome_config.collect_sub_configs_values("proposal_custom_field")
-          end
-          def awesome_config
-            @awesome_config ||= begin
-              conf = Decidim::DecidimAwesome::Config.new(context.current_organization)
-              conf.context_from_component(context.current_component)
-              conf
-            end
-          end
         end
       end
     end

data/app/forms/concerns/decidim/decidim_awesome/proposals/proposal_form_customizations_base.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    module Proposals
+      module ProposalFormCustomizationsBase
+        def override_validations?
+          return false if context.current_component.settings.participatory_texts_enabled
+          custom_fields.present?
+        end
+        def minimum_title_length
+          awesome_config.config[:validate_title_min_length].to_i
+        end
+        def minimum_body_length
+          awesome_config.config[:validate_body_min_length].to_i
+        end
+        def custom_fields
+          @custom_fields ||= awesome_config.collect_sub_configs_values("proposal_custom_field")
+        end
+        def awesome_config
+          @awesome_config ||= begin
+            conf = Decidim::DecidimAwesome::Config.new(context.current_organization)
+            conf.context_from_component!(context.current_component)
+            conf.application_context!(current_user: context.current_user)
+            conf
+          end
+        end
+      end
+    end
+  end
+end

data/app/forms/decidim/decidim_awesome/admin/authorization_group_form.rb ADDED Viewed

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    module Admin
+      class AuthorizationGroupForm < Decidim::Form
+        include TranslatableAttributes
+        attribute :authorization_handlers, { String => Object }
+        attribute :authorization_handlers_names, Array[String]
+        attribute :authorization_handlers_options, { String => Object }
+        translatable_attribute :force_authorization_help_text, String, default: {}
+        def verification_settings
+          {
+            authorization_handlers: parsed_authorization_handlers,
+            force_authorization_help_text: force_authorization_help_text || {}
+          }
+        end
+        def parsed_authorization_handlers
+          authorization_handlers_names.filter_map do |name|
+            next if name.blank?
+            [
+              name,
+              { options: authorization_handler_options(name) }
+            ]
+          end.to_h
+        end
+        def options_schema(handler_name)
+          options_manifest(handler_name).schema.new(authorization_handler_options(handler_name))
+        end
+        def authorization_handlers_names
+          super.presence || authorization_handlers.keys.map(&:to_s)
+        end
+        def authorization_handler_options(handler_name)
+          authorization_handlers_options&.dig(handler_name.to_s) || authorization_handlers&.dig(handler_name, "options").presence || {}
+        end
+        def options_attributes(handler_name)
+          manifest = options_manifest(handler_name)
+          manifest ? manifest.attributes : []
+        end
+        def manifest(handler_name)
+          Decidim::Verifications.find_workflow_manifest(handler_name)
+        end
+        def options_manifest(handler_name)
+          manifest(handler_name).options
+        end
+        # Helper for the view, at this point, ephemeral authorizations are not supported yet
+        def available_authorizations
+          Decidim.authorization_workflows.filter do |workflow|
+            current_organization.available_authorizations.include?(workflow.name) && !workflow.ephemeral?
+          end
+        end
+      end
+    end
+  end
+end

data/app/forms/decidim/decidim_awesome/admin/config_form.rb CHANGED Viewed

@@ -18,13 +18,11 @@ module Decidim
         attribute :proposal_custom_fields, Hash
         attribute :proposal_private_custom_fields, Hash
         attribute :user_timezone, Boolean
-        attribute :force_authorization_after_login, Array
-        attribute :force_authorization_with_any_method, Boolean
+        attribute :force_authorizations, Hash, default: {}
         attribute :hashcash_signup, Boolean
         attribute :hashcash_signup_bits, Integer, default: Decidim::DecidimAwesome.hashcash_signup_bits
         attribute :hashcash_login, Boolean
         attribute :hashcash_login_bits, Integer, default: Decidim::DecidimAwesome.hashcash_login_bits
-        translatable_attribute :force_authorization_help_text, String
         attribute :scoped_admins, Hash
         attribute :menu, [MenuForm]
         attribute :intergram_for_admins, Boolean
@@ -55,28 +53,27 @@ module Decidim
         validates :validate_body_max_marks_together, presence: true, numericality: { greater_than_or_equal_to: 1 }
         validates :hashcash_signup_bits, presence: true, numericality: { greater_than_or_equal_to: 10, less_than_or_equal_to: 50 }
         validates :hashcash_login_bits, presence: true, numericality: { greater_than_or_equal_to: 10, less_than_or_equal_to: 50 }
-        validate :force_authorization_after_login_is_valid
         # TODO: validate non general admins are here
         def self.from_params(params, additional_params = {})
           instance = super(params, additional_params)
-          instance.force_authorization_after_login = instance.force_authorization_after_login.compact_blank if instance.force_authorization_after_login.present?
-          instance.valid_keys = extract_valid_keys_from_params(params)
+          instance.valid_keys = params.keys.map(&:to_sym) || []
+          instance.force_authorizations = build_force_authorizations(instance.force_authorizations)
           instance.sanitize_labels!
           instance.sanitize_arrays!
           instance
         end
-        def self.extract_valid_keys_from_params(params)
-          keys = []
-          params.each do |key, _value|
-            keys << if key.to_s.starts_with?("force_authorization_help_text_")
-                      :force_authorization_help_text if keys.exclude?(:force_authorization_help_text)
-                    else
-                      key.to_sym
-                    end
+        def self.build_force_authorizations(raw_groups)
+          raw_groups.transform_values do |group_data|
+            group_data.is_a?(AuthorizationGroupForm) ? group_data : AuthorizationGroupForm.new(group_data)
           end
-          keys
+        end
+        def force_authorizations_attributes
+          return {} unless force_authorizations.is_a?(Hash)
+          force_authorizations.transform_values(&:verification_settings)
         end
         def additional_proposal_sorting_labels
@@ -147,17 +144,6 @@ module Decidim
             code.is_a?(Array) ? code.compact_blank : code
           end
         end
-        private
-        def force_authorization_after_login_is_valid
-          return if force_authorization_after_login.blank?
-          invalid = force_authorization_after_login - (current_organization.available_authorizations & Decidim.authorization_workflows.map(&:name))
-          return if invalid.empty?
-          errors.add(:force_authorization_after_login, :invalid)
-        end
       end
     end
   end

data/app/forms/decidim/decidim_awesome/admin/constraint_form.rb CHANGED Viewed

@@ -9,11 +9,13 @@ module Decidim
         attribute :participatory_space_slug, String
         attribute :component_manifest, String
         attribute :component_id, Integer
+        attribute :application_context, String
         validates :component_manifest, absence: true, if: lambda { |form|
           form.component_id.present? || ConfigConstraintsHelpers::OTHER_MANIFESTS.include?(form.participatory_space_manifest&.to_sym)
         }
         validates :component_id, absence: true, if: ->(form) { form.component_manifest.present? }
+        validates :application_context, inclusion: { in: ConfigConstraintsHelpers::APPLICATION_CONTEXTS.map(&:to_s) }, allow_blank: true
       end
     end
   end

data/app/helpers/concerns/decidim/decidim_awesome/amendments_helper_override.rb CHANGED Viewed

@@ -53,7 +53,8 @@ module Decidim
           return if component.settings.participatory_texts_enabled?
           awesome_config = Decidim::DecidimAwesome::Config.new(component.organization)
-          awesome_config.context_from_component(component)
+          awesome_config.context_from_component!(component)
+          awesome_config.application_context!(current_user:)
           pub = awesome_config.collect_sub_configs_values("proposal_custom_field")
           priv = awesome_config.collect_sub_configs_values("proposal_private_custom_field")

data/app/helpers/decidim/decidim_awesome/admin/config_constraints_helpers.rb CHANGED Viewed

@@ -5,6 +5,7 @@ module Decidim
     module Admin
       module ConfigConstraintsHelpers
         OTHER_MANIFESTS = [:none, :system, :process_groups].freeze
+        APPLICATION_CONTEXTS = [:user_logged_in, :anonymous].freeze
         include Decidim::TranslatableAttributes
@@ -50,30 +51,32 @@ module Decidim
           space = model_for_manifest(manifest)
           return {} unless space&.column_names&.include? "slug"
-          components = Component.where(participatory_space: space.find_by(slug:))
+          components = Decidim::Component.where(participatory_space: space.find_by(slug:))
           components.to_h do |item|
             [item.id, "#{item.id}: #{translated_attribute(item.name)}"]
           end
         end
+        def contexts_list
+          ConfigConstraintsHelpers::APPLICATION_CONTEXTS.index_with { |c| I18n.t("decidim.decidim_awesome.admin.config.#{c}") }
+        end
         def translate_constraint_value(constraint, key)
           value = constraint.settings[key]
-          case key.to_sym
-          when :participatory_space_manifest
-            participatory_space_manifests[value.to_sym] || value
-          when :participatory_space_slug
-            manifest = constraint.settings["participatory_space_manifest"]
-            participatory_spaces_list(manifest)[value] || value
-          when :component_manifest
-            component_manifests[value.to_sym] || value
-          when :component_id
-            component = Component.find_by(id: value)
-            return "#{component.id}: #{translated_attribute(component.name)}" if component
-            value
-          else
-            value
-          end
+          translation = case key.to_sym
+                        when :participatory_space_manifest
+                          participatory_space_manifests[value.to_sym]
+                        when :participatory_space_slug
+                          participatory_spaces_list(constraint.settings["participatory_space_manifest"])[value]
+                        when :component_manifest
+                          component_manifests[value.to_sym]
+                        when :component_id
+                          component = Decidim::Component.find_by(id: value)
+                          "#{component.id}: #{translated_attribute(component.name)}" if component
+                        when :application_context
+                          I18n.t("decidim.decidim_awesome.admin.config.#{value}")
+                        end
+          translation.presence || value
         end
         def md5(text)

data/app/overrides/decidim/assemblies/admin/assemblies/_form/add_visibility_callout.html.erb.deface ADDED Viewed

@@ -0,0 +1,3 @@
+<!-- insert_bottom "div#panel-visibility" -->
+<%= render "decidim/decidim_awesome/admin/shared/visibility_notice", participatory_space: current_assembly %>