decidim-decidim_awesome 0.11.2 → 0.11.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ab22e9b6e3f198f00701fe777b94bfb01acf39a7f88daa4a10e86907f1b30ec
-  data.tar.gz: f05e18e3bf8236948d901fd8a68c25a70ad2ed9f97afe3201c88914dfa2b773f
+  metadata.gz: ca78262a57db332a236230c15e2584c2dcbc1f5ee6055400b7fc187fbb24dfae
+  data.tar.gz: 48a4aa2ca9b10d8f9c6a8b4a6dc3e8084360e87398ad1c5160a87e9569e18060
 SHA512:
-  metadata.gz: 15f9481a81de5aa0374a6c56c673b4bb372cdb0ddd3169743ecf0b3abe931e1dd50f90e63c76c462ccdb756367f3dd02418436b831f85d8d3b4f74e87545e643
-  data.tar.gz: 1ae626439a52e64a6a84869781fafd6f1ca8c9a3a28a8b9d33a16086931abb0b71ea9eb53b6029a6692a800a638af3ae2b3fad640c098434f7db2a32e2b59890
+  metadata.gz: e59ee2965fc55d0e8874a2745508ef10d15fe8d2582e5a1dad84f79810d0b39d4f58124f637c88a7100eaca171e9a59237f792f7acce7485ceae8de8b05f5ee5
+  data.tar.gz: e66c77623b540ed323d083d2d68967e033dc3bfed826ef82df9db5c40832fab46253ac5d3840a38226aa547cee7ca33ba5a6a4caf76b13e2612e983a6ddc5b1b

data/CHANGELOG.md

@@ -1,6 +1,17 @@
 CHANGELOG
 =========
 
+v0.11.3
+-------
+Compatibility:
+  - Decidim v0.28.x
+
+Features:
+  - Added user time zones in account settings
+  - Added custom styles for the admin panel
+  - Added Verification tweaks
+  - Added Admin manual verifications
+
 v0.11.2
 -------
 

data/README.md

@@ -83,9 +83,15 @@ With this feature you can have a support chat in Decidim. It is linked to a [Tel
 
 #### 8. Custom CSS applied only according scoped restrictions
 
-With this feature you can create directly in the admin a CSS snipped that is only applied globally, in a particular assembly or even a single proposal!
+##### 8.1 Public styles
+With this feature you can create directly in the admin a CSS snipped that is only applied in the public frontend, in a particular assembly or even a single proposal!
 
-![CSS screenshot](examples/custom_styles.png)
+![CSS screenshot](examples/custom_styles_public.png)
+
+##### 8.2 Admin styles
+With this feature you can create directly in the admin a CSS snipped that is only applied in the admin panel, in a particular assembly or even a single proposal!
+
+![CSS screenshot](examples/custom_styles_admin.png)
 
 #### 9. Change the main menu of Decidim entirely!
 
@@ -379,6 +385,46 @@ This menu will show if there's any data older than 6 months (configurable) and w
 
 ![Private data](examples/private_data.png)
 
+#### 19. User custom timezone
+
+If your organization spans across multiple timezones, you can enable this feature under the "Surveys & Forms" section in the Awesome admin panel. This allows users to set their own timezone, which will be used to display dates and times throughout the platform according to their preference.
+
+![User time zone select](examples/user_timezone.png)
+
+#### 20. Mandatory verifications
+
+This feature allows admins to enforce mandatory verifications for users before they can access the platform. Admins can configure which verifications are required.
+
+Admins can manage these settings in the Awesome admin panel under the "Verifications" section.
+
+![Forced verifications admin side](examples/forced_verifications_admin.png)
+![Forced verifications public side](examples/forced_verifications_public.png)
+
+Note that some pages are allowed, you can even configure which controller are allowed by creating an initializer ("required_authorizations" and "authorizations" are always allowed):
+
+```ruby
+# config/initializers/decidim_awesome.rb
+
+Decidim::DecidimAwesome.configure do |config|
+  # default controllers are "account" and "pages"
+  config.force_authorization_allowed_controller_names = %w(account pages homepage)
+```
+
+#### 21. Manual verifications
+
+The admin will be allowed to manually authorize users using the methods specified in the `/system` admin section.
+Currently, only form based handlers are supported (Direct methods). 
+Admins can manually override or verify users in the participants list but they still have to fulfill the requirements of the verifier (although they will be allowed to force the authorization even if some of them fails).
+
+Admin logs are also created in each action for accountability.
+
+System configuration:
+
+![System manual authorization config](examples/manual_verifications_system.png)
+![List of authorizations](examples/manual_verifications_1.png)
+![Removing an authorization](examples/manual_verifications_2.png)
+![Creating an authorization](examples/manual_verifications_3.png)
+
 #### To be continued...
 
 We're not done! Please check the [issues](/decidim-ice/decidim-module-decidim_awesome/issues) (and participate) to see what's on our mind
@@ -401,6 +447,12 @@ bin/rails decidim:upgrade
 bin/rails db:migrate
 ```
 
+> In production mode you must also precompile the assets:
+>
+> ```
+> bin/rails assets:precompile
+> ```
+
 Go to `yourdomain/admin/decidim_awesome` and start tweaking things!
 
 > **EXPERTS ONLY**

data/app/cells/concerns/decidim/decidim_awesome/proposal_l_cell_override.rb

@@ -11,12 +11,14 @@ module Decidim
         alias_method :decidim_original_cache_hash, :cache_hash
 
         def metadata_cell
-          awesome_voting_manifest_for(resource&.component)&.proposal_metadata_cell.presence || "decidim/proposals/proposal_metadata"
+          @metadata_cell ||= awesome_voting_manifest_for(resource&.component)&.proposal_metadata_cell.presence || "decidim/proposals/proposal_metadata"
         end
 
         def cache_hash
-          extra_hash = model.extra_fields&.reload&.vote_weight_totals
-          "#{decidim_original_cache_hash}#{Decidim.cache_key_separator}#{extra_hash}"
+          all_extra_fields = memoize("extra_fields")
+          extra_fields = all_extra_fields ? all_extra_fields[resource.id] : resource.extra_fields
+
+          @cache_hash ||= "#{decidim_original_cache_hash}#{Decidim.cache_key_separator}#{extra_fields&.vote_weight_totals}"
         end
       end
     end

data/app/cells/decidim/decidim_awesome/content_blocks/map_cell.rb

@@ -46,11 +46,7 @@ module Decidim
                 true
               when :proposals
                 component.settings.geocoding_enabled
-              else
-                false
               end
-            else
-              false
             end
           end
         end

data/app/cells/decidim/decidim_awesome/voting/proposal_metadata_cell.rb

@@ -12,7 +12,7 @@ module Decidim
         end
 
         def current_vote
-          @current_vote ||= Decidim::Proposals::ProposalVote.find_by(author: current_user, proposal: resource)
+          @current_vote ||= vote_for(current_user) if current_user
         end
 
         def user_voted_weight
@@ -24,7 +24,7 @@ module Decidim
             weights = [3, 2, 1]
             weights << 0 if resource.component.settings.voting_cards_show_abstain
             weights.index_with do |weight|
-              resource.weight_count(weight)
+              weight_count_for(weight)
             end
           end
         end
@@ -38,7 +38,7 @@ module Decidim
         end
 
         def weight_count_item
-          return unless resource.respond_to?(:weight_count)
+          # return unless resource.respond_to?(:weight_count)
           return if resource.component.current_settings.votes_hidden?
           return if resource&.rejected? || resource&.withdrawn?
 
@@ -48,6 +48,21 @@ module Decidim
             data_attributes: all_weights.transform_keys { |num| "weight-#{num}" }
           }
         end
+
+        def vote_for(user)
+          user_votes = memoize("user_votes")
+          return user_votes[resource.id] if user_votes
+
+          resource.votes.find_by(author: user)
+        end
+
+        def weight_count_for(weight)
+          all_extra_fields = memoize("extra_fields")
+          extra_fields = all_extra_fields ? all_extra_fields[resource.id] : resource.extra_fields
+          return 0 unless extra_fields
+
+          extra_fields.vote_weight_totals[weight.to_s] || 0
+        end
       end
     end
   end

data/app/commands/concerns/decidim/decidim_awesome/proposals/create_proposal_override.rb

@@ -15,10 +15,10 @@ module Decidim
           alias_method :decidim_original_create_proposal, :create_proposal
 
           def create_proposal
-            created_proposal = decidim_original_create_proposal
+            decidim_original_create_proposal
             # Update the proposal with the private body, to
             # avoid tracebility on private fields.
-            created_proposal.update_private_body!(form.private_body) if form.private_body.present?
+            @proposal.update_private_body!(form.private_body) if form.private_body.present?
           end
         end
       end

data/app/commands/concerns/decidim/decidim_awesome/system/register_organization_override.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module System
+      module RegisterOrganizationOverride
+        extend ActiveSupport::Concern
+
+        included do
+          private
+
+          alias_method :decidim_create_organization, :create_organization
+
+          def create_organization
+            @organization = decidim_create_organization
+            if form.clean_awesome_admins_available_authorizations.present?
+              AwesomeConfig.create!(
+                var: :admins_available_authorizations,
+                organization: @organization,
+                value: form.clean_awesome_admins_available_authorizations
+              )
+            end
+            @organization
+          end
+        end
+      end
+    end
+  end
+end

data/app/commands/concerns/decidim/decidim_awesome/system/update_organization_override.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module System
+      module UpdateOrganizationOverride
+        extend ActiveSupport::Concern
+
+        included do
+          private
+
+          alias_method :decidim_original_save_organization, :save_organization
+
+          def save_organization
+            decidim_original_save_organization
+            if form.clean_awesome_admins_available_authorizations.present?
+              add_awesome_configs!
+            elsif awesome_config&.persisted?
+              awesome_config.destroy!
+            end
+          end
+
+          def add_awesome_configs!
+            awesome_config.value = form.clean_awesome_admins_available_authorizations
+            awesome_config.save!
+          end
+
+          def awesome_config
+            @awesome_config ||= AwesomeConfig.find_or_initialize_by(var: :admins_available_authorizations, organization: @organization)
+          end
+        end
+      end
+    end
+  end
+end

data/app/commands/concerns/decidim/decidim_awesome/update_account_override.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module UpdateAccountOverride
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method :decidim_update_personal_data, :update_personal_data
+        alias_method :decidim_send_update_summary!, :send_update_summary!
+
+        def update_personal_data
+          decidim_update_personal_data
+          return if @form.user_time_zone.blank?
+
+          @user.extended_data ||= {}
+          if @form.user_time_zone == @user.organization.time_zone
+            @user.extended_data.delete("time_zone")
+          else
+            @user.extended_data["time_zone"] = @form.user_time_zone
+          end
+        end
+
+        def send_update_summary!(changes)
+          decidim_send_update_summary!(changes - ["extended_data"])
+        end
+      end
+    end
+  end
+end

data/app/commands/decidim/decidim_awesome/admin/create_scoped_style.rb

@@ -6,9 +6,10 @@ module Decidim
       class CreateScopedStyle < Command
         # Public: Initializes the command.
         #
-        def initialize(organization)
+        def initialize(organization, config_var = :scoped_styles)
           @organization = organization
           @ident = rand(36**8).to_s(36)
+          @config_var = config_var
         end
 
         # Executes the command. Broadcasts these events:
@@ -18,7 +19,7 @@ module Decidim
         #
         # Returns nothing.
         def call
-          styles = AwesomeConfig.find_or_initialize_by(var: :scoped_styles, organization: @organization)
+          styles = AwesomeConfig.find_or_initialize_by(var: @config_var, organization: @organization)
           styles.value = {} unless styles.value.is_a? Hash
           # TODO: prevent (unlikely) colisions with exisiting values
           styles.value[@ident] = ""

data/app/commands/decidim/decidim_awesome/admin/destroy_scoped_style.rb

@@ -6,11 +6,12 @@ module Decidim
       class DestroyScopedStyle < Command
         # Public: Initializes the command.
         #
-        # key - the key to destroy inside scoped_styles
+        # key - the key to destroy inside scoped_styles/scoped_admin_styles
         # organization
-        def initialize(key, organization)
+        def initialize(key, organization, config_var = :scoped_styles)
           @key = key
           @organization = organization
+          @config_var = config_var
         end
 
         # Executes the command. Broadcasts these events:
@@ -20,14 +21,15 @@ module Decidim
         #
         # Returns nothing.
         def call
-          styles = AwesomeConfig.find_by(var: :scoped_styles, organization: @organization)
+          styles = AwesomeConfig.find_by(var: @config_var, organization: @organization)
           return broadcast(:invalid, "Not a hash") unless styles&.value.is_a? Hash
           return broadcast(:invalid, "#{key} key invalid") unless styles.value.has_key?(@key)
 
           styles.value.except!(@key)
           styles.save!
           # remove constrains associated (a new config var is generated automatically, by removing it, it will trigger destroy on dependents)
-          constraint = AwesomeConfig.find_by(var: "scoped_style_#{@key}", organization: @organization)
+          constraint = @config_var == :scoped_styles ? :scoped_style : :scoped_admin_style
+          constraint = AwesomeConfig.find_by(var: "#{constraint}_#{@key}", organization: @organization)
           constraint.destroy! if constraint.present?
 
           broadcast(:ok, @key)

data/app/controllers/concerns/decidim/decidim_awesome/check_login_authorizations.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module CheckLoginAuthorizations
+      extend ActiveSupport::Concern
+
+      included do
+        include ::Decidim::DecidimAwesome::NeedsAwesomeConfig
+        before_action :check_required_login_authorizations
+      end
+
+      private
+
+      def check_required_login_authorizations
+        return unless user_signed_in?
+        return unless current_user.confirmed?
+        return if current_user.blocked?
+        return if allowed_controllers.include?(controller_name)
+
+        unless user_is_authorized?
+          flash[:alert] = I18n.t("decidim.decidim_awesome.session.authorization_is_required",
+                                 authorizations: required_authorizations.map(&:fullname).join(", "))
+          redirect_to decidim_decidim_awesome.required_authorizations_path(redirect_url: request.fullpath)
+        end
+      end
+
+      def user_is_authorized?
+        return true if required_authorizations.blank?
+
+        @user_is_authorized ||= if awesome_config[:force_authorization_with_any_method]
+                                  current_authorizations.any?
+                                else
+                                  current_authorizations.count == required_authorizations.count
+                                end
+      end
+
+      def required_authorizations
+        return unless awesome_config[:force_authorization_after_login].is_a?(Array)
+
+        @required_authorizations ||= Decidim::Verifications::Adapter.from_collection(
+          awesome_config[:force_authorization_after_login] & current_organization.available_authorizations & Decidim.authorization_workflows.map(&:name)
+        )
+      end
+
+      def current_authorizations
+        @current_authorizations ||= Decidim::Verifications::Authorizations.new(
+          organization: current_organization,
+          user: current_user,
+          name: required_authorizations.map(&:name),
+          granted: true
+        )
+      end
+
+      def allowed_controllers
+        %w(required_authorizations authorizations upload_validations timeouts editor_images locales) + awesome_config[:force_authorization_allowed_controller_names].to_a
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/decidim_awesome/needs_awesome_config.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "decidim/decidim_awesome/awesome_helpers"
-
 module Decidim
   module DecidimAwesome
     module NeedsAwesomeConfig

data/app/controllers/concerns/decidim/decidim_awesome/proposals/memoize_extra_fields.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module Proposals
+      module MemoizeExtraFields
+        extend ActiveSupport::Concern
+        include Decidim::DecidimAwesome::RequestMemoizer
+
+        included do
+          alias_method :decidim_original_index, :index
+
+          def index
+            decidim_original_index
+
+            memoize("extra_fields") { Decidim::DecidimAwesome::ProposalExtraField.where(proposal: @proposals).index_by(&:decidim_proposal_id) }
+            memoize("user_votes") { Decidim::Proposals::ProposalVote.where(proposal: proposals, author: current_user).index_by(&:decidim_proposal_id) if current_user }
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/decidim_awesome/use_user_time_zone.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module UseUserTimeZone
+      extend ActiveSupport::Concern
+
+      included do
+        around_action :use_user_time_zone, if: -> { user_time_zone.present? }
+        helper_method :user_time_zone
+
+        # Executes a block of code in the context of the user's time zone
+        #
+        # &action - a block of code to be wrapped around the time zone
+        #
+        # Returns nothing.
+        def use_user_time_zone(&)
+          Time.use_zone(user_time_zone, &)
+        end
+
+        # The current time zone from the user. Available as a helper for the views.
+        #
+        # Returns a String.
+        def user_time_zone
+          return if helpers&.awesome_config&.[](:user_timezone).blank?
+
+          @user_time_zone ||= current_user&.extended_data&.[]("time_zone")
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/decidim_awesome/admin/admin_authorizations_controller.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module Admin
+      class AdminAuthorizationsController < DecidimAwesome::Admin::ApplicationController
+        include NeedsAwesomeConfig
+
+        layout "layouts/decidim/decidim_awesome/admin/admin_authorizations"
+        helper_method :user, :authorization, :workflow, :handler, :conflict
+        # overwrite original rescue_from to ensure we print messages from ajax methods
+        rescue_from Decidim::ActionForbidden, with: :json_error
+
+        before_action do
+          enforce_permission_to :edit_config, :admins_available_authorizations, handler: workflow.name
+        end
+
+        def edit
+          render "authorization" if authorization
+        end
+
+        def update
+          if conflict
+            message = render_to_string("conflict")
+          else
+            message = render_to_string("callout", locals: { i18n_key: "user_authorized", klass: "success" })
+            Decidim::Verifications::AuthorizeUser.call(handler, current_organization) do
+              on(:transferred) do |transfer|
+                message += render_to_string("callout", locals: { i18n_key: "authorization_transferred", klass: "success" }) if transfer.records.any?
+              end
+              on(:invalid) do
+                if force_verification.present?
+                  create_forced_authorization
+                else
+                  message = render_to_string("callout", locals: { i18n_key: "user_not_authorized", klass: "alert" })
+                  message += render_to_string("edit", locals: { with_override: true })
+                end
+              end
+              on(:ok) do
+                Decidim::ActionLogger.log("admin_creates_authorization", current_user, user, nil, user_id: user.id, handler: workflow.name, handler_name: workflow.fullname)
+              end
+            end
+          end
+
+          render json: {
+            message:,
+            granted: granted?,
+            userId: user.id,
+            handler: workflow.name
+          }
+        end
+
+        def destroy
+          message = if destroy_authorization
+                      render_to_string("callout", locals: { i18n_key: "authorization_destroyed", klass: "success" })
+                    else
+                      render_to_string("callout", locals: { i18n_key: "authorization_not_destroyed", klass: "alert" })
+                    end
+
+          render json: {
+            message:,
+            granted: granted?,
+            userId: user.id,
+            handler: workflow.name
+          }
+        end
+
+        private
+
+        def create_forced_authorization
+          Decidim::Authorization.create_or_update_from(handler)
+          Decidim::ActionLogger.log("admin_forces_authorization", current_user, user, nil, handler: workflow.name, user_id: user.id, handler_name: workflow.fullname,
+                                                                                           reason: force_verification)
+        end
+
+        def destroy_authorization
+          if authorization&.destroy
+            Decidim::ActionLogger.log("admin_destroys_authorization", current_user, user, nil, user_id: user.id, handler: workflow.name, handler_name: workflow.fullname)
+          end
+        end
+
+        def json_error(exception)
+          render plain: render_to_string("callout", locals: { message: exception.message, klass: "alert" }), status: :unprocessable_entity
+        end
+
+        def user
+          @user ||= Decidim::User.find(params[:id])
+        end
+
+        def authorization
+          @authorization ||= Decidim::Authorization.where.not(granted_at: nil).find_by(user:, name: workflow.name)
+        end
+
+        def granted?
+          authorization&.reload.present?
+        rescue ActiveRecord::RecordNotFound
+          false
+        end
+
+        def workflow
+          @workflow ||= Decidim::Verifications.find_workflow_manifest(params[:handler])
+        end
+
+        def handler
+          @handler ||= Decidim::AuthorizationHandler.handler_for(params[:handler], handler_params)
+        end
+
+        def conflict
+          @conflict ||= Decidim::Authorization.find_by(unique_id: handler.unique_id)
+        end
+
+        def handler_params
+          (params[:authorization_handler] || {}).merge(user:)
+        end
+
+        def force_verification
+          @force_verification ||= params[:force_verification].to_s.strip.presence
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/decidim_awesome/admin/checks_controller.rb

@@ -35,7 +35,7 @@ module Decidim
           case part
           when :CSS
             ['<%= append_stylesheet_pack_tag "decidim_decidim_awesome", media: "all" %>',
-             '<%= render(partial: "layouts/decidim/decidim_awesome/custom_styles") if awesome_custom_styles %>'].join("\n")
+             '<%= render(partial: "layouts/decidim/decidim_awesome/custom_styles") if awesome_scoped_styles %>'].join("\n")
           when :JavaScript
             ['<%= render partial: "layouts/decidim/decidim_awesome/awesome_config" %>',
              '<%= append_javascript_pack_tag "decidim_decidim_awesome", defer: false %>',

data/app/controllers/decidim/decidim_awesome/admin/config_controller.rb

@@ -9,7 +9,7 @@ module Decidim
         include ConfigConstraintsHelpers
         helper ConfigConstraintsHelpers
 
-        helper_method :constraints_for, :users_for, :config_var
+        helper_method :constraints_for, :users_for, :config_var, :available_authorizations
         before_action do
           enforce_permission_to :edit_config, configs
         end
@@ -98,6 +98,12 @@ module Decidim
         def format_user_name(user)
           "#{user.name} (@#{user.nickname} - #{user.email})"
         end
+
+        def available_authorizations
+          @available_authorizations ||= Decidim::Verifications::Adapter.from_collection(
+            current_organization.available_authorizations & Decidim.authorization_workflows.map(&:name)
+          )
+        end
       end
     end
   end

data/app/controllers/decidim/decidim_awesome/admin/constraints_controller.rb

@@ -10,8 +10,10 @@ module Decidim
         helper ConfigConstraintsHelpers
 
         layout false
+        helper_method :constraint_key
+
         before_action do
-          render plain: "no permissions for #{constraint_key}" unless allowed_to? :edit_config, constraint_key
+          render :no_permissions unless allowed_to? :edit_config, constraint_key
         end
 
         def show
@@ -128,6 +130,8 @@ module Decidim
           case key
           when /^scoped_style_/
             :scoped_styles
+          when /^scoped_admin_style_/
+            :scoped_admin_styles
           when /^scoped_admin_/
             :scoped_admins
           when /^proposal_custom_field_/