decidim-department_admin 0.7.2

data/app/helpers/decidim/department_admin/application_helper.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DepartmentAdmin
+    # Custom helpers, scoped to the department_admin engine.
+    #
+    module ApplicationHelper
+      include ::Decidim::TranslatableAttributes
+
+      # rubocop: disable Rails/HelperInstanceVariable
+      def roles_with_title(user)
+        roles_with_title = user.roles.collect { |role| [role, ""] }
+        # if user had particiatory processes then add role of process admin
+        user_participatory_processes_filtered(user, current_locale, @search_text).each do |participatory_process|
+          roles_with_title << ["process_admin", translated_attribute(participatory_process.title)]
+        end
+        # if user is admin then add admin role
+        roles_with_title << ["admin", ""] if user.admin?
+        # if user had assemblies then add role of assembly admin
+        user_assemblies_filtered(user, current_locale, @search_text).each do |assembly|
+          roles_with_title << ["assembly_admin", translated_attribute(assembly.title)]
+        end
+        # if user had conferences then add role of conference admin
+        user_conferences_filtered(user, current_locale, @search_text).each do |conference|
+          roles_with_title << ["conference_admin", translated_attribute(conference.title)]
+        end
+        roles_with_title
+      end
+
+      private
+
+      def user_participatory_processes_filtered(user, _locale, search_text)
+        query = user.participatory_processes
+        query = query.where("lower(title->>?) like lower(?)", current_locale, "%#{search_text}%") if @by_process_name && search_text.present?
+        query
+      end
+
+      def user_assemblies_filtered(user, _locale, search_text)
+        query = user.assemblies
+        query = query.where("lower(title->>?) like lower(?)", current_locale, "%#{search_text}%") if @by_process_name && search_text.present?
+        query
+      end
+
+      def user_conferences_filtered(user, _locale, search_text)
+        return [] unless Decidim::DepartmentAdmin.conferences_defined?
+
+        query = user.conferences
+        query = query.where("lower(title->>?) like lower(?)", current_locale, "%#{search_text}%") if @by_process_name && search_text.present?
+        query
+      end
+      # rubocop: enable Rails/HelperInstanceVariable
+    end
+  end
+end

data/app/models/decidim/participatory_space_role_config/department_admin.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Decidim
+  module ParticipatorySpaceRoleConfig
+    class DepartmentAdmin < Base
+    end
+  end
+end

data/app/overrides/decidim/admin/shared/add_radio_buttons_to_filters.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+Deface::Override.new(virtual_path: "decidim/admin/shared/_filters",
+                     name: "add_radio_buttons_to_filters",
+                     insert_after: "div.input-group",
+                     partial: "decidim/admin/users/filters")

data/app/packs/entrypoints/decidim_department_admin.js

@@ -0,0 +1,4 @@
+// Images
+require.context("../images", true)
+
+import "entrypoints/decidim_department_admin.scss";

data/app/packs/entrypoints/decidim_department_admin.scss

@@ -0,0 +1 @@
+@import "stylesheets/decidim/admin/department_admin";

data/app/packs/images/decidim/department_admin/icon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 35 35"><path d="M17.5 35A17.5 17.5 0 1 1 35 17.5 17.52 17.52 0 0 1 17.5 35zm0-33.06A15.56 15.56 0 1 0 33.06 17.5 15.57 15.57 0 0 0 17.5 1.94zm9.5 13.7H8a1 1 0 0 1 0-1.94h19a1 1 0 0 1 0 1.94zm0 3.68H8a1 1 0 0 1 0-1.94h19a1 1 0 0 1 0 1.94zM22.26 23H8a1 1 0 0 1 0-1.94h14.26a1 1 0 0 1 0 1.94z"/></svg>

data/app/packs/stylesheets/decidim/admin/department_admin.scss

@@ -0,0 +1,5 @@
+.department-admin-filter {
+  .dropdown {
+    z-index: 0 !important;
+  }
+}

data/app/permissions/decidim/assemblies/participatory_space_permissions.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Assemblies
+    class ParticipatorySpacePermissions < Decidim::DepartmentAdmin::Permissions
+      def initialize(*)
+        # This are the same permissions as Decidim's assemblies space.
+        # Right now are the same for admin and public views
+        self.class.delegate_chain = [Decidim::Assemblies::Permissions]
+        super
+      end
+    end
+  end
+end

data/app/permissions/decidim/conferences/participatory_space_permissions.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Conferences
+    parent_class = Decidim::DepartmentAdmin.conferences_defined? ? Decidim::DepartmentAdmin::Permissions : Object
+    class ParticipatorySpacePermissions < parent_class
+      def initialize(*)
+        if Decidim::DepartmentAdmin.conferences_defined?
+          # This are the same permissions as Decidim's conferences space.
+          # Right now are the same for admin and public views
+          self.class.delegate_chain = [Decidim::Conferences::Permissions]
+        end
+        super
+      end
+    end
+  end
+end

data/app/permissions/decidim/department_admin/permissions.rb

@@ -0,0 +1,240 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DepartmentAdmin
+    class Permissions < Decidim::DefaultPermissions
+      class << self
+        attr_writer :delegate_chain, :configurable_checks
+      end
+
+      class << self
+        attr_reader :delegate_chain, :configurable_checks
+      end
+
+      def delegate_chain
+        self.class.delegate_chain
+      end
+
+      # Applications with custom modules can configure their checks in an initializer.
+      # The checks will be executed in `has_permissions?`, and the syntax should be like:
+      #
+      # <code>
+      # Decidim::DepartmentAdmin::Permissions.configurable_checks= [
+      #  {permission_for?: [:admin, :enter, :space_area, space_name: :courses]}
+      # ]
+      # </code>
+      def configurable_checks
+        ::Decidim::DepartmentAdmin::Permissions.configurable_checks || []
+      end
+
+      def permissions
+        # byebug if same_action?(permission_action, :admin, :read, :global_moderation)
+
+        current_permission_action = permission_action
+        if permission_action.scope == :admin && user&.department_admin?
+          current_permission_action = apply_department_admin_permissions!
+        elsif delegate_chain.present?
+          # not admin or not a department_admin, use the standard permissions
+          delegate_chain.inject(permission_action) do |injected_permission_action, permission_class|
+            permission_class.new(user, injected_permission_action, context).permissions
+          end
+        else
+          super
+        end
+
+        current_permission_action
+      end
+
+      def apply_department_admin_permissions!
+        # avoid having PermissionCannotBeDisallowedError if permission was already disallowed in the chain
+        new_permission_action = permission_action.dup
+        if has_permission?(new_permission_action)
+          new_permission_action.allow!
+          new_permission_action
+        elsif delegate_chain.present?
+          # if department_admin has no permissions let's apply the default permissions
+          delegate_chain.inject(permission_action) do |injected_permission_action, permission_class|
+            permission_class.new(user, injected_permission_action, context).permissions
+          end
+        else
+          permission_action
+        end
+      end
+
+      def has_permission?(requested_action)
+        default_checks = [
+          -> { permission_for?(requested_action, :admin, :read, :admin_dashboard) },
+          -> { permission_for?(requested_action, :public, :read, :admin_dashboard) },
+
+          -> { permission_for_current_space?(requested_action) },
+
+          # PARTICIPATORY PROCESSES
+          -> { permission_for?(requested_action, :admin, :enter, :space_area, space_name: :processes) },
+          -> { permission_for?(requested_action, :admin, :read, :process_list) },
+          -> { permission_for?(requested_action, :admin, :create, :process) },
+          -> { same_area_permission_for?(requested_action, :admin, :preview, :process, restricted_rsrc: context[:process]) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :process, restricted_rsrc: context[:process]) },
+          -> { same_area_permission_for?(requested_action, :admin, :publish, :process, restricted_rsrc: context[:process]) },
+          -> { same_area_permission_for?(requested_action, :admin, :unpublish, :process, restricted_rsrc: context[:process]) },
+          -> { permission_for?(requested_action, :admin, :import, :process) },
+
+          # STEPS
+          -> { permission_for?(requested_action, :admin, :read, :process_step) },
+          -> { permission_for?(requested_action, :admin, :create, :process_step) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :process_step, restricted_rsrc: context[:process_step]&.participatory_process) },
+          -> { same_area_permission_for?(requested_action, :admin, :activate, :process_step, restricted_rsrc: context[:process_step]&.participatory_process) },
+          -> { same_area_permission_for?(requested_action, :admin, :destroy, :process_step, restricted_rsrc: context[:process_step]&.participatory_process) },
+          # COMPONENTS
+          -> { permission_for?(requested_action, :admin, :read, :component) },
+          -> { permission_for?(requested_action, :admin, :create, :component) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :component, restricted_rsrc: context[:component]&.participatory_space) },
+          -> { same_area_permission_for?(requested_action, :admin, :manage, :component, restricted_rsrc: context[:component]&.participatory_space) },
+          -> { same_area_permission_for?(requested_action, :admin, :destroy, :component, restricted_rsrc: context[:component]&.participatory_space) },
+          -> { same_area_permission_for?(requested_action, :admin, :publish, :component, restricted_rsrc: context[:component]&.participatory_space) },
+          -> { same_area_permission_for?(requested_action, :admin, :unpublish, :component, restricted_rsrc: context[:component]&.participatory_space) },
+          -> { same_area_permission_for?(requested_action, :admin, :export, :component_data, restricted_rsrc: context[:component]&.participatory_space) },
+          # CATEGORIES
+          -> { permission_for?(requested_action, :admin, :read, :category) },
+          -> { permission_for?(requested_action, :admin, :create, :category) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :category, restricted_rsrc: context[:category]&.participatory_space) },
+          -> { same_area_permission_for?(requested_action, :admin, :destroy, :category, restricted_rsrc: context[:category]&.participatory_space) },
+          # ATTACHMENT COLLECTIONS
+          -> { permission_for?(requested_action, :admin, :read, :attachment_collection) },
+          -> { permission_for?(requested_action, :admin, :create, :attachment_collection) },
+          -> { same_area_permission_for?(requested_action, :admin, :read, :attachment_collection, restricted_rsrc: context[:attachment_collection]&.collection_for) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :attachment_collection, restricted_rsrc: context[:attachment_collection]&.collection_for) },
+          -> { same_area_permission_for?(requested_action, :admin, :destroy, :attachment_collection, restricted_rsrc: context[:attachment_collection]&.collection_for) },
+          # ATTACHMENTS
+          -> { permission_for?(requested_action, :admin, :read, :attachment) },
+          -> { permission_for?(requested_action, :admin, :create, :attachment) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :attachment, restricted_rsrc: context[:attachment]&.attached_to) },
+          -> { same_area_permission_for?(requested_action, :admin, :destroy, :attachment, restricted_rsrc: context[:attachment]&.attached_to) },
+          # INVITE PROCESS ADMIN: USER ROLES
+          -> { permission_for?(requested_action, :admin, :read, :process_user_role) },
+          -> { permission_for?(requested_action, :admin, :create, :process_user_role) },
+          -> { permission_for?(requested_action, :admin, :update, :process_user_role) },
+          -> { permission_for?(requested_action, :admin, :destroy, :process_user_role) },
+          # SPACE PRIVATE USERS
+          -> { permission_for?(requested_action, :admin, :read, :space_private_user) },
+          -> { permission_for?(requested_action, :admin, :create, :space_private_user) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :space_private_user, restricted_rsrc: context[:private_user]&.privatable_to) },
+          -> { same_area_permission_for?(requested_action, :admin, :destroy, :space_private_user, restricted_rsrc: context[:private_user]&.privatable_to) },
+          -> { same_area_permission_for?(requested_action, :admin, :invite, :space_private_user, restricted_rsrc: context[:private_user]&.privatable_to) },
+          # MODERATIONS
+          -> { permission_for?(requested_action, :admin, :read, :moderation) },
+          -> { permission_for?(requested_action, :admin, :unreport, :moderation) },
+          -> { permission_for?(requested_action, :admin, :hide, :moderation) },
+          -> { permission_for?(requested_action, :admin, :unhide, :moderation) },
+
+          # ASSEMBLIES
+          -> { permission_for?(requested_action, :admin, :enter, :space_area, space_name: :assemblies) },
+          -> { permission_for?(requested_action, :admin, :read, :assembly_list) },
+          -> { permission_for?(requested_action, :admin, :create, :assembly) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :assembly, restricted_rsrc: context[:assembly]) },
+          -> { same_area_permission_for?(requested_action, :admin, :publish, :assembly, restricted_rsrc: context[:assembly]) },
+          -> { same_area_permission_for?(requested_action, :admin, :unpublish, :assembly, restricted_rsrc: context[:assembly]) },
+          -> { permission_for?(requested_action, :admin, :import, :assembly) },
+          # Assemly Admin: USER ROLES
+          -> { permission_for?(requested_action, :admin, :index, :assembly_user_role) },
+          -> { permission_for?(requested_action, :admin, :read, :assembly_user_role) },
+          -> { permission_for?(requested_action, :admin, :create, :assembly_user_role) },
+          -> { permission_for?(requested_action, :admin, :update, :assembly_user_role) },
+          -> { permission_for?(requested_action, :admin, :invite, :assembly_user_role) },
+          -> { permission_for?(requested_action, :admin, :destroy, :assembly_user_role) },
+
+          # Assembly Members
+          -> { same_area_permission_for?(requested_action, :admin, :read, :assembly_member, restricted_rsrc: context[:assembly]) },
+          -> { permission_for?(requested_action, :admin, :index, :assembly_member) },
+          -> { permission_for?(requested_action, :admin, :create, :assembly_member) },
+          -> { permission_for?(requested_action, :admin, :update, :assembly_member) },
+          -> { permission_for?(requested_action, :admin, :destroy, :assembly_member) },
+          # other assembly_member permissions are setted via Decidim::Assemblies::AssembliesWithUserRole decorator
+
+          # NEWSLETTER
+          -> { permission_for?(requested_action, :admin, :index, :newsletter) },
+          -> { permission_for?(requested_action, :admin, :read, :newsletter) },
+          -> { permission_for?(requested_action, :admin, :create, :newsletter) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :newsletter, restricted_rsrc: context[:newsletter]) },
+          -> { same_area_permission_for?(requested_action, :admin, :destroy, :newsletter, restricted_rsrc: context[:newsletter]) },
+
+          # CONFERENCES
+          -> { permission_for?(requested_action, :admin, :enter, :space_area, space_name: :conferences) },
+          -> { permission_for?(requested_action, :admin, :read, :conference_list) },
+          -> { permission_for?(requested_action, :admin, :create, :conference) },
+          -> { permission_for?(requested_action, :admin, :preview, :conference) },
+          -> { same_area_permission_for?(requested_action, :admin, :update, :conference, restricted_rsrc: context[:conference]) },
+          # Conference Admin: USER ROLES
+          -> { permission_for?(requested_action, :admin, :index, :conference_user_role) },
+          -> { permission_for?(requested_action, :admin, :read, :conference_user_role) },
+          -> { permission_for?(requested_action, :admin, :create, :conference_user_role) },
+          -> { permission_for?(requested_action, :admin, :update, :conference_user_role) },
+          -> { permission_for?(requested_action, :admin, :invite, :conference_user_role) },
+          -> { permission_for?(requested_action, :admin, :destroy, :conference_user_role) },
+
+          # USERS ADMINISTRATORS
+          -> { permission_for?(requested_action, :admin, :enter, :space_area, space_name: :users) },
+          -> { permission_for?(requested_action, :admin, :read, :admin_user) },
+          -> { permission_for?(requested_action, :admin, :create, :admin_user) },
+          -> { permission_for?(requested_action, :admin, :read, :managed_user) },
+          # USERS PARTICIPANTS
+          -> { permission_for?(requested_action, :admin, :index, :officialization) },
+          -> { permission_for?(requested_action, :admin, :read, :officialization) },
+          -> { permission_for?(requested_action, :admin, :create, :officialization) },
+        ]
+        default_checks.any?(&:call) || any_configurable_check?(requested_action)
+      end
+
+      def any_configurable_check?(requested_action)
+        configurable_checks.any? do |check|
+          check = check.entries.first
+          method = check.first
+          args = check.last
+          next unless [:permission_for?, :same_area_permission_for].include?(method)
+
+          send(method, requested_action, *args)
+        end
+      end
+
+      ALLOWED_SPACES = ["Decidim::ParticipatoryProcess", "Decidim::Assembly", "Decidim::Conference"].freeze
+      def permission_for_current_space?(permission_action)
+        has = permission_for?(permission_action, :admin, :read, :participatory_space)
+        has ||= permission_for?(permission_action, :public, :read, :participatory_space)
+        has &&= ALLOWED_SPACES.include?(context[:current_participatory_space].class.name)
+        has
+      end
+
+      # Does user have permission for the specified scope/action/subject?
+      def permission_for?(requested_action, scope, action, subject, expected_context = {})
+        same_action?(requested_action, scope, action, subject, expected_context)
+      end
+
+      # Does user have permission for the specified scope/action/subject?
+      # Also check if the resource in the context for with the key defined by `area_restricted_rsrc`
+      # has the same area as current user.
+      def same_area_permission_for?(requested_action, scope, action, subject, restricted_rsrc:)
+        if restricted_rsrc.respond_to?(:area) || restricted_rsrc.nil?
+          is = same_action?(requested_action, scope, action, subject)
+          is &&= in_same_area?(restricted_rsrc)
+          is
+        elsif restricted_rsrc.try(:participatory_space).try(:area).present?
+          same_area_permission_for?(requested_action, scope, action, subject, restricted_rsrc: restricted_rsrc.try(:participatory_space))
+        else
+          permission_for?(requested_action, scope, action, subject)
+        end
+      end
+
+      # Is current action requesting permissions for the specified scope/action/subject?
+      def same_action?(requested_action, scope, action, subject, expected_context = {})
+        is = requested_action.matches?(scope, action, subject)
+        expected_context.each_pair do |key, expected_value|
+          is &&= (context.try(:[], key) == expected_value)
+        end
+        is
+      end
+
+      def in_same_area?(resource)
+        user.areas.include? resource&.area
+      end
+    end
+  end
+end

data/app/permissions/decidim/participatory_processes/participatory_space_permissions.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module ParticipatoryProcesses
+    class ParticipatorySpacePermissions < Decidim::DepartmentAdmin::Permissions
+      def initialize(*)
+        # This are the same permissions as Decidim's processes space.
+        # Right now are the same for admin and public views
+        self.class.delegate_chain = [Decidim::ParticipatoryProcesses::Permissions]
+        super
+      end
+    end
+  end
+end

data/app/queries/decidim/admin/user_admin_by_space_name_filter.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Admin
+    # A class used to filter users by processes that hey administer
+    class UserAdminBySpaceNameFilter < Decidim::Query
+      # termsc - text to filter users by
+      def self.for(term = nil, organization = nil, current_locale = :ca)
+        new(term, organization, current_locale).query
+      end
+
+      # Initializes the class.
+      #
+      # term - text to filter users by name or email
+      def initialize(term = nil, organization = nil, current_locale = :ca)
+        @term = term
+        @organization = organization
+        @current_locale = current_locale
+        super(Decidim::User.space_admins(@organization))
+      end
+
+      def query
+        filter_by_processes_term
+      end
+
+      private
+
+      attr_reader :term, :current_locale
+
+      def filter_by_processes_term
+        return @scope if term.blank?
+
+        containing_space_name = "%#{term}%"
+
+        query = <<-EOSQL
+          (id in (select decidim_user_id
+                  from decidim_participatory_process_user_roles
+                  where decidim_participatory_process_id in (
+                    select id
+                    from decidim_participatory_processes
+                    where lower(title->>?) like lower(?)))
+          or id in  ( select decidim_user_id
+                      from decidim_assembly_user_roles
+                      where decidim_assembly_id in (
+                        select id
+                        from decidim_assemblies
+                        where lower(title->>?) like lower(?)))
+          #{if Decidim::DepartmentAdmin.conferences_defined?
+              "or id in  ( select decidim_user_id
+                          from decidim_conference_user_roles
+                          where decidim_conference_id in (
+                            select id
+                            from decidim_conferences
+                            where lower(title->>?) like lower(?))))" else
+                                                                       ")"
+            end}
+        EOSQL
+
+        if Decidim::DepartmentAdmin.conferences_defined?
+          @scope.where(query, current_locale, containing_space_name, current_locale, containing_space_name, current_locale, containing_space_name)
+        else
+          @scope.where(query, current_locale, containing_space_name, current_locale, containing_space_name)
+        end
+      end
+    end
+  end
+end

data/app/queries/decidim/admin/user_admin_filter.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Admin
+    # A class used to filter users by whitelisted scope or searches on their
+    # name
+    class UserAdminFilter < Decidim::Query
+      # scope - the ActiveRecord::Relation of users to be filtered
+      # termsc - text to filter users by
+      # role - evaluation role to be used as a filter
+      def self.for(scope, term = nil, role = nil, organization = nil)
+        new(scope, term, role, organization).query
+      end
+
+      # Initializes the class.
+      #
+      # scope - the ActiveRecord::Relation of users to be filtered
+      # term - text to filter users by name or email
+      # role - users role, must be defined as a scope in the user model
+      def initialize(scope, term = nil, role = nil, organization = nil)
+        @scope = scope
+        @term = term
+        @role = role
+        @organization = organization
+        super(scope)
+      end
+
+      def query
+        filter_by_role(scope)
+      end
+
+      private
+
+      attr_reader :term, :role, :scope
+
+      def filter_by_role(users)
+        case role
+        when "space_admin"
+          Decidim::User.space_admins(@organization)
+        when "admin"
+          users.where('"decidim_users"."admin" = ?', true)
+        when "department_admin", "user_manager"
+          users.where("? = any(roles)", role)
+        else
+          users.or(Decidim::User.space_admins(@organization))
+        end
+      end
+    end
+  end
+end

data/app/views/decidim/admin/users/_filters.html.erb

@@ -0,0 +1,28 @@
+<div class='department-admin-filter filter row'>
+  <div class='column medium-3'>
+  <span class='dropdown-menu-inverted_label'><%= t('.filter_by') %> :</span>
+    <ul class='dropdown menu dropdown-inverted' data-dropdown-menu data-close-on-click-inside='false'>
+      <li class='is-dropdown-submenu-parent'>
+        <a href='#'>
+        <% if @role.present? %>
+          <%= t("models.user.fields.roles.#{@role}", scope: 'decidim.admin') %>
+        <% else %>
+          <%= t('.filter.all') %>
+        <% end %>
+        </a>
+        <ul class='menu is-dropdown-submenu'>
+          <% Decidim::User::Roles.all.map do |role| %>
+            <li><%= link_to t("models.user.fields.roles.#{role}", scope: 'decidim.admin'), url_for(role: role, q: ransack_params) %></li>
+          <% end %>
+          <li><%= link_to t('models.user.fields.roles.space_admin', scope: 'decidim.admin'), url_for(role: 'space_admin', q: ransack_params) %></li>
+          <li><%= link_to t('.filter.all'), url_for(q: ransack_params) %></li>
+        </ul>
+      </li>
+    </ul>
+    <%= t('models.user.fields.search_question', scope: 'decidim.admin') %>
+    <input type='radio' id='processes_filter' name='filter_search' value='by_process_name' <%= @by_process_name ? "checked" : "" %> style='margin-left: 20px'>
+    <label for='processes_filter'><%= t('models.user.fields.search_field_processes', scope: 'decidim.admin') %></label>
+    <input type='radio' id='query_filter' name='filter_search' value='query' <%= params[:filter_search].blank? || params[:filter_search] == "query" ? "checked" : "" %> >
+    <label for='query_filter'><%= t('models.user.fields.search_field_admins', scope: 'decidim.admin') %></label>
+  </div>
+</div>

data/app/views/decidim/admin/users/_form.html.erb

@@ -0,0 +1,30 @@
+<div class="row column">
+  <%= form.text_field :name, label: t(".name") %>
+</div>
+
+<div class="row column">
+  <%= form.email_field :email, label: t(".email") %>
+</div>
+
+<div class="row column">
+  <%= form.select :role, @form.available_roles_for_select, label: t(".role") %>
+</div>
+
+<div id="area-block" class="row column">
+  <%= form.select :area_id,
+                  @form.available_areas_for_select,
+                  { label: t(".area") },
+                  { disabled: current_user.roles.include?('department_admin') }
+  %>
+</div>
+
+<%= javascript_tag do %>
+$('#user_role').on('change', function(ev) {
+  var opt= ev.target
+  if(opt.value == 'department_admin') {
+    $('#area-block').show()
+  } else {
+    $('#area-block').hide()
+  }
+})
+<% end -%>

data/app/views/decidim/admin/users/index.html.erb

@@ -0,0 +1,93 @@
+<% add_decidim_page_title(t("decidim.admin.titles.users")) %>
+<div class="card">
+  <div class="card-divider">
+    <h2 class="card-title">
+      <%= t "decidim.admin.titles.users" %>
+      <% if allowed_to? :create, :admin_user %>
+        <%= link_to t("actions.user.new", scope: "decidim.admin"), [:new, :user], class: "button tiny button--title" %>
+      <% end %>
+    </h2>
+  </div>
+  <%= admin_filter_selector %>
+  <div class="card-section">
+    <div class="table-scroll">
+      <table class="table-list">
+        <thead>
+          <tr>
+            <th><%= sort_link(query, :role, t("models.user.fields.role", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :name, t("models.user.fields.name", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :email, t("models.user.fields.email", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :department, t("models.user.fields.department", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :spaces, t("models.user.fields.spaces", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :invitation_sent_at, t("models.user.fields.invitation_sent_at", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :invitation_accepted_at, t("models.user.fields.invitation_accepted_at", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :last_sign_in_at, t("models.user.fields.last_sign_in_at", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th><%= sort_link(query, :created_at, t("models.user.fields.created_at", scope: "decidim.admin"), default_order: :desc) %></th>
+            <th></th>
+          </tr>
+        </thead>
+        <tbody>
+          <% filtered_collection.each do |user| %>
+            <% roles_with_title(user).each do |role_and_title| %>
+              <% if @role.blank? || (@role == role_and_title[0] || @role == 'space_admin' && (role_and_title[0] == 'process_admin' || role_and_title[0] == 'assembly_admin' || role_and_title[0] == 'conference_admin')) %>              
+              <tr data-user-id="<%= user.id %>">
+                <td>
+                  <% if role_and_title.nil? || role_and_title[0].empty? %>
+                    <%= t("models.user.fields.roles.#{user.active_role}", scope: "decidim.admin") %>
+                  <% else %>
+                    <%= t("models.user.fields.roles.#{role_and_title[0] }", scope: "decidim.admin") %>
+                  <% end %>
+                </td>
+                <td><%= user.name %></td>
+                <td><%= user.email %></td>
+                <td>
+                  <% if user.department_admin? %>
+                    <%= translated_attribute(user.areas.first&.name) %>
+                  <% end %>
+                </td>
+                <td>
+                  <% if !role_and_title.nil? && !role_and_title[1].empty? %>
+                    <%= role_and_title[1] %>
+                  <% end %>
+                </td>
+                <td>
+                  <% if user.invitation_sent_at %>
+                    <%= l user.invitation_sent_at, format: :short %>
+                  <% end %>
+                </td>
+                <td>
+                  <% if user.invitation_accepted_at %>
+                    <%= l user.invitation_accepted_at, format: :short %>
+                  <% end %>
+                </td>
+                <td>
+                  <% if user.last_sign_in_at %>
+                    <%= l user.last_sign_in_at, format: :short %>
+                  <% end %>
+                </td>
+                <td><%= l user.created_at, format: :short %></td>
+                <td class="table-list__actions">
+                  <% if user.participatory_processes.size > 0 || user.assemblies.size > 0 || (Decidim::DepartmentAdmin.conferences_defined? && user.conferences.size > 0) %>
+                    <% if allowed_to? :preview, :user, user: user %>
+                      <%= icon_link_to "eye", user_path(user.id), t("actions.preview", scope: "decidim.admin"), class: "action-icon--preview" %>
+                    <% end %>
+                  <% end %>
+
+                  <% if allowed_to?(:invite, :admin_user, user: user) && user.invited_to_sign_up? %>
+                    <%= icon_link_to "reload", [:resend_invitation, user], t("actions.resend_invitation", scope: "decidim.admin"), class: "resend-invitation", method: :post %>
+                  <% end %>
+
+                  <% if allowed_to? :destroy, :admin_user, user: user %>
+                    <%= icon_link_to "circle-x", user, t("actions.destroy", scope: "decidim.admin"), class: "action-icon--remove", method: :delete, data: { confirm: t("actions.confirm_destroy", scope: "decidim.admin") } %>
+                  <% end %>
+                </td>
+              </tr>
+              <% end %>
+            <% end %>
+          <% end %>
+        </tbody>
+      </table>
+      <%= paginate @users, theme: "decidim" %>
+    </div>
+  </div>
+</div>