RubyGems - decidim-decidim_awesome - Versions diffs - 0.8.0 → 0.12.0 - Mend

decidim-decidim_awesome 0.8.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (351) hide show

data/app/controllers/decidim/decidim_awesome/admin/custom_redirects_controller.rb CHANGED Viewed

@@ -8,8 +8,6 @@ module Decidim
         include NeedsAwesomeConfig
         include ConfigConstraintsHelpers
-        layout "decidim/admin/decidim_awesome"
         before_action do
           enforce_permission_to :edit_config, :menu
         end
@@ -23,6 +21,10 @@ module Decidim
           @form = form(CustomRedirectForm).instance
         end
+        def edit
+          @form = form(CustomRedirectForm).from_model(redirect_item)
+        end
         def create
           @form = form(CustomRedirectForm).from_params(params)
           CreateCustomRedirect.call(@form) do
@@ -38,10 +40,6 @@ module Decidim
           end
         end
-        def edit
-          @form = form(CustomRedirectForm).from_model(redirect_item)
-        end
         def update
           @form = form(CustomRedirectForm).from_params(params)
           UpdateCustomRedirect.call(@form, redirect_item) do
@@ -63,7 +61,7 @@ module Decidim
               flash[:notice] = I18n.t("custom_redirects.destroy.success", scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |error|
-              flash[:alert] = I18n.t("custom_redirects.destroy.error", scope: "decidim.decidim_awesome.admin", error: error)
+              flash[:alert] = I18n.t("custom_redirects.destroy.error", scope: "decidim.decidim_awesome.admin", error:)
             end
           end
           redirect_to decidim_admin_decidim_awesome.custom_redirects_path
@@ -76,7 +74,7 @@ module Decidim
           raise ActiveRecord::RecordNotFound unless item
           OpenStruct.new(
-            origin: origin,
+            origin:,
             destination: item["destination"],
             active: item["active"]
           )

data/app/controllers/decidim/decidim_awesome/admin/maintenance_controller.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+require "decidim/decidim_awesome/version"
+module Decidim
+  module DecidimAwesome
+    module Admin
+      # System compatibility analyzer
+      class MaintenanceController < DecidimAwesome::Admin::ApplicationController
+        include NeedsAwesomeConfig
+        include MaintenanceContext
+        include Decidim::Admin::Filterable
+        include ActionView::Helpers::DateHelper
+        helper ConfigConstraintsHelpers
+        helper_method :collection, :resource, :present, :time_ago
+        before_action do
+          enforce_permission_to :edit_config, :private_data, private_data:
+        end
+        def show
+          respond_to do |format|
+            format.json do
+              render json: private_data_finder.for(params[:resources].to_s.split(",")).map { |resource| present(resource) }
+            end
+            format.all do
+              render :show
+            end
+          end
+        end
+        def destroy_private_data
+          if private_data && private_data.total.to_i.positive?
+            Decidim::ActionLogger.log("destroy_private_data", current_user, resource, nil, count: private_data.total)
+            Lock.new(current_organization).get!(resource)
+            DestroyPrivateDataJob.set(wait: 1.second).perform_later(resource)
+          end
+          redirect_to decidim_admin_decidim_awesome.maintenance_path("private_data"),
+                      notice: I18n.t("destroying_private_data", scope: "decidim.decidim_awesome.admin.maintenance.private_data", title: present_private_data(resource).name)
+        end
+        private
+        def resource
+          @resource ||= Component.find_by(id: params[:resource_id])
+        end
+        def private_data
+          @private_data ||= present_private_data(resource) if resource
+        end
+        def collection
+          filtered_collection
+        end
+        def base_query
+          private_data_finder.query
+        end
+        def present(resource)
+          present_private_data(resource)
+        end
+        def private_data_finder
+          @private_data_finder ||= PrivateDataFinder.new
+        end
+        def time_ago
+          @time_ago ||= time_ago_in_words(Time.current - Decidim::DecidimAwesome.private_data_expiration_time)
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/decidim_awesome/admin/menu_hacks_controller.rb CHANGED Viewed

@@ -8,8 +8,6 @@ module Decidim
         include NeedsAwesomeConfig
         include ConfigConstraintsHelpers
-        layout "decidim/admin/decidim_awesome"
         helper ConfigConstraintsHelpers
         helper_method :current_items, :visibility_options, :target_options
@@ -23,6 +21,10 @@ module Decidim
           @form = form(MenuForm).instance
         end
+        def edit
+          @form = form(MenuForm).from_model(menu_item)
+        end
         def create
           @form = form(MenuForm).from_params(params)
           CreateMenuHack.call(@form, current_menu_name) do
@@ -38,10 +40,6 @@ module Decidim
           end
         end
-        def edit
-          @form = form(MenuForm).from_model(menu_item)
-        end
         def update
           @form = form(MenuForm).from_params(params)
           UpdateMenuHack.call(@form, current_menu_name) do
@@ -63,7 +61,7 @@ module Decidim
               flash[:notice] = I18n.t("menu_hacks.destroy.success", scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |error|
-              flash[:alert] = I18n.t("menu_hacks.destroy.error", scope: "decidim.decidim_awesome.admin", error: error)
+              flash[:alert] = I18n.t("menu_hacks.destroy.error", scope: "decidim.decidim_awesome.admin", error:)
             end
           end
           redirect_to decidim_admin_decidim_awesome.menu_hacks_path
@@ -94,7 +92,7 @@ module Decidim
         end
         def current_menu_name
-          :menu
+          params[:menu_id].to_sym
         end
         def visibility_options

data/app/controllers/decidim/decidim_awesome/admin/proposal_custom_fields_controller.rb CHANGED Viewed

@@ -6,9 +6,9 @@ module Decidim
       # Global configuration controller
       class ProposalCustomFieldsController < DecidimAwesome::Admin::ConfigController
         def create
-          CreateProposalCustomField.call(current_organization) do
+          CreateProposalCustomField.call(current_organization, config_var) do
             on(:ok) do |key|
-              flash[:notice] = I18n.t("config.create_proposal_custom_field.success", key: key, scope: "decidim.decidim_awesome.admin")
+              flash[:notice] = I18n.t("config.create_proposal_custom_field.success", key:, scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |message|
@@ -16,13 +16,13 @@ module Decidim
             end
           end
-          redirect_to decidim_admin_decidim_awesome.config_path(:proposal_custom_fields)
+          redirect_to decidim_admin_decidim_awesome.config_path(config_var)
         end
         def destroy
-          DestroyProposalCustomField.call(params[:key], current_organization) do
+          DestroyProposalCustomField.call(params[:key], current_organization, config_var) do
             on(:ok) do |key|
-              flash[:notice] = I18n.t("config.destroy_proposal_custom_field.success", key: key, scope: "decidim.decidim_awesome.admin")
+              flash[:notice] = I18n.t("config.destroy_proposal_custom_field.success", key:, scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |message|
@@ -30,7 +30,15 @@ module Decidim
             end
           end
-          redirect_to decidim_admin_decidim_awesome.config_path(:proposal_custom_fields)
+          redirect_to decidim_admin_decidim_awesome.config_path(config_var)
+        end
+        private
+        def config_var
+          return :proposal_private_custom_fields if params[:private] == "true"
+          :proposal_custom_fields
         end
       end
     end

data/app/controllers/decidim/decidim_awesome/admin/scoped_admins_controller.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Decidim
         def create
           CreateScopedAdmin.call(current_organization) do
             on(:ok) do |key|
-              flash[:notice] = I18n.t("config.create_scoped_admin.success", key: key, scope: "decidim.decidim_awesome.admin")
+              flash[:notice] = I18n.t("config.create_scoped_admin.success", key:, scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |message|
@@ -22,7 +22,7 @@ module Decidim
         def destroy
           DestroyScopedAdmin.call(params[:key], current_organization) do
             on(:ok) do |key|
-              flash[:notice] = I18n.t("config.destroy_scoped_admin.success", key: key, scope: "decidim.decidim_awesome.admin")
+              flash[:notice] = I18n.t("config.destroy_scoped_admin.success", key:, scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |message|

data/app/controllers/decidim/decidim_awesome/admin/scoped_styles_controller.rb CHANGED Viewed

@@ -6,9 +6,9 @@ module Decidim
       # Global configuration controller
       class ScopedStylesController < DecidimAwesome::Admin::ConfigController
         def create
-          CreateScopedStyle.call(current_organization) do
+          CreateScopedStyle.call(current_organization, config_var) do
             on(:ok) do |key|
-              flash[:notice] = I18n.t("config.create_scoped_style.success", key: key, scope: "decidim.decidim_awesome.admin")
+              flash[:notice] = I18n.t("config.create_scoped_style.success", key:, scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |message|
@@ -16,13 +16,13 @@ module Decidim
             end
           end
-          redirect_to decidim_admin_decidim_awesome.config_path(:styles)
+          redirect_to decidim_admin_decidim_awesome.config_path(config_var)
         end
         def destroy
-          DestroyScopedStyle.call(params[:key], current_organization) do
+          DestroyScopedStyle.call(params[:key], current_organization, config_var) do
             on(:ok) do |key|
-              flash[:notice] = I18n.t("config.destroy_scoped_style.success", key: key, scope: "decidim.decidim_awesome.admin")
+              flash[:notice] = I18n.t("config.destroy_scoped_style.success", key:, scope: "decidim.decidim_awesome.admin")
             end
             on(:invalid) do |message|
@@ -30,7 +30,15 @@ module Decidim
             end
           end
-          redirect_to decidim_admin_decidim_awesome.config_path(:styles)
+          redirect_to decidim_admin_decidim_awesome.config_path(config_var)
+        end
+        private
+        def config_var
+          return :scoped_admin_styles if params[:admin_panel] == "true"
+          :scoped_styles
         end
       end
     end

data/app/controllers/decidim/decidim_awesome/blank_component_controller.rb CHANGED Viewed

@@ -6,13 +6,18 @@ module Decidim
     class BlankComponentController < Decidim::Components::BaseController
       # just redirects to settings
       def settings
-        redirect_to EngineRouter.admin_proxy(component.participatory_space).edit_component_path(id: component)
+        redirect_to EngineRouter.admin_proxy(current_component.participatory_space).edit_component_path(id: current_component)
       end
       private
-      def component
-        Decidim::Component.find(params[:component_id])
+      def set_component_breadcrumb_item
+        context_breadcrumb_items << {
+          label: current_component.name,
+          url: EngineRouter.admin_proxy(current_component.participatory_space).edit_component_path(id: current_component),
+          active: false,
+          resource: current_component
+        }
       end
     end
   end

data/app/controllers/decidim/decidim_awesome/editor_images_controller.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Decidim
   module DecidimAwesome
-    # This controller handles image uploads for the hacked Quill editor
+    # This controller handles image uploads for the Tiptap editor
     class EditorImagesController < DecidimAwesome::ApplicationController
       include FormFactory
       include NeedsAwesomeConfig
@@ -11,14 +11,14 @@ module Decidim
       rescue_from Decidim::ActionForbidden, with: :ajax_user_has_no_permission
       def create
-        enforce_permission_to :create, :editor_image, awesome_config: awesome_config
+        enforce_permission_to(:create, :editor_image, awesome_config:)
         @form = form(EditorImageForm).from_params(form_values)
         CreateEditorImage.call(@form) do
           on(:ok) do |image|
             url = image.attached_uploader(:file).path
             url = "#{request.base_url}#{url}" unless url&.start_with?("http")
-            render json: { url: url, message: I18n.t("decidim_awesome.editor_images.create.success", scope: "decidim") }
+            render json: { url:, message: I18n.t("decidim_awesome.editor_images.create.success", scope: "decidim") }
           end
           on(:invalid) do |_message|
@@ -32,8 +32,6 @@ module Decidim
       # Rescue ajax calls and print the update.js view which prints the info on the message ajax form
       # Only if the request is AJAX, otherwise behave as Decidim standards
       def ajax_user_has_no_permission
-        return user_has_no_permission unless request.xhr?
         render json: { message: I18n.t("actions.unauthorized", scope: "decidim.core") }, status: :unprocessable_entity
       end

data/app/controllers/decidim/decidim_awesome/iframe_component/iframe_controller.rb CHANGED Viewed

@@ -5,7 +5,8 @@ module Decidim
     module IframeComponent
       class IframeController < DecidimAwesome::BlankComponentController
         ALLOWED_ATTRIBUTES = %w(src width height frameborder title allow allowpaymentrequest name referrerpolicy sandbox srcdoc allowfullscreen).freeze
-        helper_method :iframe, :remove_margins?, :viewport_width?
+        helper_method :iframe, :viewport_width?
+        before_action :add_additional_csp_directives, only: :show
         def show; end
@@ -17,16 +18,28 @@ module Decidim
         def sanitize(html)
           sanitizer = Rails::Html::SafeListSanitizer.new
-          sanitizer.sanitize(html, tags: %w(iframe), attributes: ALLOWED_ATTRIBUTES)
-        end
+          partially_sanitized_html = sanitizer.sanitize(html, tags: %w(iframe), attributes: ALLOWED_ATTRIBUTES)
+          document = Nokogiri::HTML::DocumentFragment.parse(partially_sanitized_html)
+          document.css("iframe").each do |iframe|
+            iframe["srcdoc"] = Loofah.fragment(iframe["srcdoc"]).scrub!(:prune).to_s if iframe["srcdoc"]
+          end
-        def remove_margins?
-          current_component.settings.no_margins
+          document.to_s
         end
         def viewport_width?
           current_component.settings.viewport_width
         end
+        def add_additional_csp_directives
+          iframe_urls = Nokogiri::HTML::DocumentFragment.parse(iframe).children.select { |x| x.name == "iframe" }.filter_map { |x| x.attribute("src")&.value }
+          return if iframe_urls.blank?
+          iframe_urls.each do |url|
+            content_security_policy.append_csp_directive("frame-src", url)
+          end
+        end
       end
     end
   end

data/app/controllers/decidim/decidim_awesome/required_authorizations_controller.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    # This controller handles image uploads for the Tiptap editor
+    class RequiredAuthorizationsController < DecidimAwesome::ApplicationController
+      layout "layouts/decidim/authorizations"
+      helper_method :granted_authorizations, :pending_authorizations, :missing_authorizations, :redirect_url
+      before_action do
+        redirect_to redirect_url unless user_signed_in?
+        redirect_to redirect_url if user_is_authorized?
+      end
+      def redirect_url
+        @redirect_url ||= begin
+          path = params[:redirect_url] || request.referer
+          if path.blank? || path.include?(decidim_decidim_awesome.required_authorizations_path.split("?").first)
+            decidim.root_path
+          else
+            path
+          end
+        end
+      end
+      def index
+        enforce_permission_to :read, :required_authorizations, user_is_authorized: user_is_authorized?
+      end
+      private
+      def missing_authorizations
+        @missing_authorizations ||= required_authorizations.filter do |manifest|
+          Decidim::Verifications::Authorizations.new(
+            organization: current_organization,
+            user: current_user,
+            name: required_authorizations.map(&:name)
+          ).pluck(:name).exclude?(manifest.name)
+        end
+      end
+      def pending_authorizations
+        @pending_authorizations ||= required_authorizations.filter do |manifest|
+          Decidim::Verifications::Authorizations.new(
+            organization: current_organization,
+            user: current_user,
+            name: required_authorizations.map(&:name),
+            granted: false
+          ).pluck(:name).include?(manifest.name)
+        end
+      end
+      def granted_authorizations
+        @granted_authorizations ||= required_authorizations.filter { |manifest| current_authorizations.pluck(:name).include?(manifest.name) }
+      end
+    end
+  end
+end

data/app/forms/concerns/decidim/decidim_awesome/account_form_override.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    module AccountFormOverride
+      extend ActiveSupport::Concern
+      included do
+        attribute :user_time_zone
+        validates :user_time_zone, time_zone: true, if: -> { user_time_zone.present? }
+        def user_time_zone
+          return nil if awesome_config[:user_timezone].blank?
+          super.presence || current_user.extended_data["time_zone"].presence || current_organization.time_zone
+        end
+        # Used for the user_time_zone setting, which does not have constraints
+        def awesome_config
+          @awesome_config ||= Decidim::DecidimAwesome::Config.new(current_organization)&.organization_config || {}
+        end
+      end
+    end
+  end
+end

data/app/forms/concerns/decidim/decidim_awesome/proposals/proposal_form_customizations.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+# Recreate validations to take into account custom fields and ignore the length limit in proposals
+module Decidim
+  module DecidimAwesome
+    module Proposals
+      module ProposalFormCustomizations
+        extend ActiveSupport::Concern
+        included do
+          clear_validators!
+          validates :title, presence: true, etiquette: true
+          validates :title, proposal_length: {
+            minimum: ->(form) { form.minimum_title_length },
+            maximum: 150
+          }
+          validates :body, presence: true, unless: ->(form) { form.override_validations? || form.minimum_body_length.zero? }
+          validates :body, etiquette: true, unless: ->(form) { form.override_validations? }
+          validates :body, proposal_length: {
+            minimum: ->(form) { form.minimum_body_length },
+            maximum: ->(form) { form.override_validations? ? 0 : form.component.settings.proposal_length }
+          }
+          validate :body_is_not_bare_template, unless: ->(form) { form.override_validations? }
+          def override_validations?
+            return false if context.current_component.settings.participatory_texts_enabled
+            custom_fields.present?
+          end
+          def minimum_title_length
+            awesome_config.config[:validate_title_min_length].to_i
+          end
+          def minimum_body_length
+            awesome_config.config[:validate_body_min_length].to_i
+          end
+          def custom_fields
+            @custom_fields ||= awesome_config.collect_sub_configs_values("proposal_custom_field")
+          end
+          def awesome_config
+            @awesome_config ||= begin
+              conf = Decidim::DecidimAwesome::Config.new(context.current_organization)
+              conf.context_from_component(context.current_component)
+              conf
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/forms/concerns/decidim/decidim_awesome/proposals/proposal_form_override.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    module Proposals
+      module ProposalFormOverride
+        extend ActiveSupport::Concern
+        included do
+          alias_method :decidim_original_map_model, :map_model
+          attribute :private_body, String
+          def map_model(model)
+            decidim_original_map_model(model)
+            self.private_body = model.private_body
+          end
+        end
+      end
+    end
+  end
+end

data/app/forms/concerns/decidim/decidim_awesome/system/organization_form_override.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module Decidim
+  module DecidimAwesome
+    module System
+      module OrganizationFormOverride
+        extend ActiveSupport::Concern
+        included do
+          alias_method :decidim_original_map_model, :map_model
+          attribute :awesome_admins_available_authorizations, [String]
+          def map_model(model)
+            decidim_original_map_model(model)
+            map_awesome_configs(model)
+          end
+          def clean_awesome_admins_available_authorizations
+            return unless awesome_admins_available_authorizations
+            awesome_admins_available_authorizations.compact_blank
+          end
+          private
+          def map_awesome_configs(organization)
+            self.awesome_admins_available_authorizations = Decidim::DecidimAwesome::AwesomeConfig.find_by(var: :admins_available_authorizations, organization:)&.value
+          end
+        end
+      end
+    end
+  end
+end