decidim-direct_verifications 0.17.6 → 0.17.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: baa520a6dc6b5d727bc233c5076a6dd0d042cfcd3fdd0ff4cdde46f7f1837cec
-  data.tar.gz: 94f879f2b21bfaf542d1820c4d65c84e6769f6e32b9e06ba8930f979dcebc02a
+  metadata.gz: fdece320908b5c93c6b1312fae64fbb23814d8c48e99bd258cdee55dcb2b37b3
+  data.tar.gz: 0d70c5cf75fd68c848ce52328589cce67524197f5cc95dbcbd2ff5cc7d559ed5
 SHA512:
-  metadata.gz: f2aaa64f6b10b225353285a58f70c44d91c6ab0ac50051f6a82bf5dd63ed73a12f8c5df4e09230a3a5d5d535c5a6303af5c1f64d2c4908a7d37adbbe32632575
-  data.tar.gz: 9248e063925c40870f2ada644dd55b6a3efd8f5034d4c870945ef0f017277f1cbc256d88911559cd03c1bf1f43a250aeb385a75b4003e6e59191b6eaf428fa76
+  metadata.gz: ce76ca5c3dcf855eba9f1ecd0d963bfb03791a80ed9fbee729e891932a96390b94df9ca748e19f73aaefb03afd5f55b0a1b873eb470eccf3d67b9e116118d23f
+  data.tar.gz: 761e7647eeb5d859c17694a8c681d9538cd6ffd680071d7f9f4cbe7d3aa3c718fac5451ed9624fdfad8a0e5101cd95690a3cce3d3e514e11ba7d2fa708478082

data/README.md

@@ -6,14 +6,14 @@ A [Decidim](https://github.com/decidim/decidim) that provides a verification met
 
 This plugin allows to verify users against the `Direct verification` method by default, but it is not limited to it, it can be used to directly verify users against any other method registered for the organization.
 
-You can use this plugin in combination with the great [AccessRequests](https://github.com/mainio/decidim-module-access_requests) plugin from Maino Tech to provide and manage several levels of permissions to users in the platform Decidim.
-
-**Other features include:**
+**Features:**
 
 1. Allows to massively register users directly in the platform prior (or independently) to verify them by sending them invite emails.
 > **IMPORTANT:**<br>
 > You must only use this feature if you have explicit consent from your users, otherwise you might be violating the [GDPR](https://eugdpr.org/) regulation in EU.
-2. Can massively revoke authorizations given to any user with any verification method available.
+2. Massive authroizations of users using any verification method registered for the organization **if configured**.
+3. It can massively revoke authorizations given to any user with any verification method available.
+4. Shows user's statuses per verification method in a simple stats table.
 
 ## Screenshot
 
@@ -48,6 +48,56 @@ And then execute:
 bundle
 ```
 
+## Using additional verification methods
+
+You can manage other verification methods (or workflow) a part from `Direct verification`. You need to configure it in a new file in the `config/initializers` folder.
+For instance, you can use this same engine to have 2 levels of permissions in the platform. 
+
+Create a file like `config/initializers/decidim_verifications.rb` with content as:
+
+**`config/initializers/decidim_verifications.rb`:**
+
+```ruby
+# frozen_string_literal: true
+
+# We are using the same DirectVerifications engine without the admin part to 
+# create a custom verification method called "direct_verifications_managers"
+Decidim::Verifications.register_workflow(:direct_verifications_managers) do |workflow|
+  workflow.engine = Decidim::DirectVerifications::Verification::Engine
+end
+
+# We need to tell the plugin to handle this method in addition to the default "Direct verification". Any registered workflow is valid.
+Decidim::DirectVerifications.configure do |config|
+  config.manage_workflows = %w(direct_verifications_managers)
+end
+
+```
+
+You will need the locales entries corresponding to your custom workflow, create as many files as languages you have in your application in `config/locales`:
+
+**`config/locales/en.yml`:**
+
+```yaml
+en:
+  decidim:
+    authorization_handlers:
+      direct_verifications_managers:
+        name: Organization managers
+        explanation: Direct Verifications Subgroup explanation
+```
+
+Similarly, you can also overwrite the default title "Direct verification" by creating the key again in your locales:
+
+```yaml
+en:
+  decidim:
+    authorization_handlers:
+      direct_verifications:
+        name: Generic organization members
+        explanation: Direct Verifications Subgroup explanation
+```
+
+
 ## Contributing
 
 See [Decidim](https://github.com/decidim/decidim).

data/app/assets/config/direct_verifications_admin_manifest.js

@@ -0,0 +1 @@
+//= link decidim/direct_verifications/verification/admin/direct_verifications_admin.js

data/app/assets/javascripts/decidim/direct_verifications/verification/admin/direct_verifications_admin.js.es6

@@ -0,0 +1,7 @@
+// = require_self
+
+$(() => {
+  $('[type="checkbox"]#register').change(function () {
+      $(this).closest('label').find('.callout').toggleClass('hide', !$(this).prop('checked'))
+  })
+})

data/app/controllers/decidim/direct_verifications/verification/admin/direct_verifications_controller.rb

@@ -10,16 +10,21 @@ module Decidim
           layout "decidim/admin/users"
 
           def index
-            enforce_permission_to :index, UserProcessor
+            enforce_permission_to :index, :authorization
+            @authorization_handler = :direct_verifications
+            @workflows = workflows
           end
 
           def create
-            enforce_permission_to :create, UserProcessor
+            enforce_permission_to :create, :authorization
 
             @userlist = params[:userlist]
+            @workflows = workflows
             processor = UserProcessor.new(current_organization, current_user)
             processor.emails = extract_emails_to_hash @userlist
-            processor.authorization_handler = params[:authorization_handler] if params[:authorization_handler]
+            processor.authorization_handler = authorization_handler(params[:authorization_handler])
+            stats = UserStats.new(current_organization)
+            stats.authorization_handler = processor.authorization_handler
             if params[:register]
               processor.register_users
               flash[:warning] = t(".registered", count: processor.emails.count,
@@ -39,28 +44,17 @@ module Decidim
                                              revoked: processor.processed[:revoked].count,
                                              errors: processor.errors[:revoked].count)
             else
+              stats.emails = processor.emails.keys
               flash[:info] = t(".info", handler: t("#{processor.authorization_handler}.name", scope: "decidim.authorization_handlers"),
                                         count: processor.emails.count,
-                                        authorized: processor.total(:authorized),
-                                        unconfirmed: processor.total(:unconfirmed),
-                                        registered: processor.total(:registered))
+                                        authorized: stats.authorized,
+                                        unconfirmed: stats.unconfirmed,
+                                        registered: stats.registered)
               render(action: :index) && return
             end
             redirect_to direct_verifications_path
           end
 
-          def permission_class_chain
-            [
-              Decidim::DirectVerifications::Verification::Admin::Permissions,
-              Decidim::Admin::Permissions,
-              Decidim::Permissions
-            ]
-          end
-
-          def permission_scope
-            :admin
-          end
-
           private
 
           def extract_emails_to_hash(txt)
@@ -72,6 +66,22 @@ module Decidim
               ]
             end .to_h
           end
+
+          def authorization_handler(authorization_handler)
+            @authorization_handler = authorization_handler.presence || :direct_verifications
+          end
+
+          def configured_workflows
+            return Decidim::DirectVerifications.config.manage_workflows if Decidim::DirectVerifications.config
+            ["direct_verifications"]
+          end
+
+          def workflows
+            workflows = configured_workflows & current_organization.available_authorizations.map.to_a
+            workflows.map do |a|
+              [t("#{a}.name", scope: "decidim.authorization_handlers"), a]
+            end
+          end
         end
       end
     end

data/app/controllers/decidim/direct_verifications/verification/admin/stats_controller.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    module Verification
+      module Admin
+        class StatsController < Decidim::Admin::ApplicationController
+          include NeedsPermission
+
+          layout "decidim/admin/users"
+
+          def index
+            enforce_permission_to :index, :authorization
+            stats = UserStats.new(current_organization)
+            @stats = {
+              t(".global") => stats_hash(stats)
+            }
+            current_organization.available_authorizations.map do |a|
+              stats.authorization_handler = a
+              @stats[t("#{a}.name", scope: "decidim.authorization_handlers")] = stats_hash(stats)
+            end
+          end
+
+          private
+
+          def stats_hash(stats)
+            {
+              registered: stats.registered,
+              authorized: stats.authorized,
+              unconfirmed: stats.unconfirmed,
+              authorized_unconfirmed: stats.authorized_unconfirmed
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/app/views/decidim/direct_verifications/verification/admin/direct_verifications/index.html.erb

@@ -1,8 +1,8 @@
-
 <div class="card">
   <div class="card-divider">
     <h2 class="card-title">
       <%= t('admin.index.title', scope: 'decidim.direct_verifications.verification') %>
+      <%= link_to t("admin.index.stats", scope: 'decidim.direct_verifications.verification'), stats_path, class: "button tiny button--title" %>
     </h2>
   </div>
   <div class="card-section">
@@ -13,6 +13,9 @@
       <label>
         <%= check_box_tag :register %>
         <%= t('admin.new.register', scope: 'decidim.direct_verifications.verification') %>
+        <div data-alert class="callout alert hide">
+          <%= t('admin.direct_verifications.gdpr_disclaimer', scope: 'decidim.direct_verifications.verification') %>
+        </div>
       </label>
       <label>
         <%= radio_button_tag :authorize, 'in' %>
@@ -27,10 +30,9 @@
         <%= t('admin.new.check', scope: 'decidim.direct_verifications.verification') %>
       </label>
 
-      <%= label_tag :userlist, t('admin.new.authorization_handler', scope: 'decidim.direct_verifications.verification') %>
-      <%= select_tag :authorization_handler, options_for_select(current_organization.available_authorizations.map { |a|
-        [t("#{a}.name", scope: "decidim.authorization_handlers"), a]
-        }, :direct_verifications) %>
+      <%= label_tag :authorization_handler, t('admin.new.authorization_handler', scope: 'decidim.direct_verifications.verification') %>
+
+      <%= select_tag :authorization_handler, options_for_select(@workflows, @authorization_handler) %>
 
       <%= submit_tag t('admin.new.submit', scope: 'decidim.direct_verifications.verification'), class: 'button' %>
 
@@ -38,3 +40,5 @@
 
   </div>
 </div>
+
+<%= javascript_include_tag "decidim/direct_verifications/verification/admin/direct_verifications_admin" %>

data/app/views/decidim/direct_verifications/verification/admin/stats/index.html.erb

@@ -0,0 +1,35 @@
+<div class="card">
+  <div class="card-divider">
+    <h2 class="card-title">
+      <%= t('admin.index.stats', scope: 'decidim.direct_verifications.verification') %>
+      <%= link_to t("admin.index.title", scope: 'decidim.direct_verifications.verification'), direct_verifications_path, class: "button tiny button--title" %>
+    </h2>
+  </div>
+  <div class="card-section">
+    <table class="table-list">
+      <thead>
+        <tr>
+          <th><%= t("admin.new.authorization_handler", scope: 'decidim.direct_verifications.verification') %></th>
+          <th><%= t(".registered") %></th>
+          <th><%= t(".authorized") %></th>
+          <th><%= t(".unconfirmed") %></th>
+          <th><%= t(".authorized_unconfirmed") %></th>
+          <th></th>
+        </tr>
+      </thead>
+      <tbody>
+        <% @stats.each do |a, s| %>
+        <tr>
+          <td>
+            <%= a %>
+          </td>
+          <td><%= s[:registered] %></td>
+          <td><%= s[:authorized] %></td>
+          <td><%= s[:unconfirmed] %></td>
+          <td><%= s[:authorized_unconfirmed] %></td>
+        </tr>
+        <% end %>
+      </tbody>
+    </table>
+  </div>
+</div>

data/config/locales/ca.yml

@@ -32,10 +32,15 @@ ca:
                 detectats, %{errors} errors)
               revoked: S'ha revocat correctament la verificació de %{revoked} usuaris
                 utilitzant [%{handler}] (%{count} detectats, %{errors} errors)
+            gdpr_disclaimer: Feu-ho sota la vostra responsabilitat. Recordeu que heu
+              de tenir el consentiment explícit dels vostres usuaris per registrar-los.
+              En cas contrari, estareu infringint la regulació GDPR als països de
+              la UE.
           index:
+            stats: Estadístiques d'usuaris
             title: Inscriu i autoritza usuaris
           new:
-            authorization_handler: 'Mètode de verificació:'
+            authorization_handler: Mètode de verificació
             authorize: Autoritza els usuaris
             check: Comprova l'estat dels usuaris
             info: Introdueix aquí els emails, un per línia. Si els emails estan precedits
@@ -43,7 +48,14 @@ ca:
             register: Registra els usuaris a la plataforma (si existeixen s'ignoraran)
             revoke: Revoca l'autorització dels usuaris
             submit: Envia i processa el llistat
-            textarea: 'Llista d''emails:'
+            textarea: Llista d''emails
+          stats:
+            index:
+              authorized: Verificats
+              authorized_unconfirmed: Verificats però no confirmats
+              global: "- Qualsevol mètode de verificació -"
+              registered: Registrats
+              unconfirmed: No confirmats
         authorizations:
           new:
             no_action: Aquest mètode requereix que un administrador us verifiqui

data/config/locales/en.yml

@@ -31,10 +31,14 @@ en:
                 detected, %{errors} errors) "
               revoked: Verification from %{revoked} users have been revoked using
                 [%{handler}] (%{count} detected, %{errors} errors)
+            gdpr_disclaimer: Do this under your responsibility. Remember that you
+              need to have explicit consent from your users in order to register them.
+              Otherwise you will be infringing the GDPR regulation in EU countries.
           index:
+            stats: User stats
             title: Register and authorize users
           new:
-            authorization_handler: 'Verification method:'
+            authorization_handler: Verification method
             authorize: Authorize users
             check: Check users status
             info: Enter the emails here, one per line. If the emails are preceded
@@ -42,7 +46,14 @@ en:
             register: Register users in the platform (if they exist they will be ignored)
             revoke: Revoke authorization from users
             submit: Send and process the list
-            textarea: 'Emails list:'
+            textarea: Emails list
+          stats:
+            index:
+              authorized: Authorized
+              authorized_unconfirmed: Authorized but unconfirmed
+              global: "- Any verification method -"
+              registered: Registered
+              unconfirmed: Unconfirmed
         authorizations:
           new:
             no_action: This method requires an administrator that verifies you

data/config/locales/es.yml

@@ -32,10 +32,15 @@ es:
                 detectados, %{errors} errores)
               revoked: Se ha revocado correctament la verificación de %{revoked} usuarios
                 usando [%{handler}] (%{count} detectados, %{errors} errores)
+            gdpr_disclaimer: Haga esto bajo su responsabilidad. Recuerde que debe
+              contar con el consentimiento explícito de sus usuarios para poder registrarlos.
+              De lo contrario, estará infringiendo la regulación GDPR en los países
+              de la UE.
           index:
+            stats: Estadísticas de usuarios
             title: Inscribe y autoriza usuarios
           new:
-            authorization_handler: 'Método de verificación:'
+            authorization_handler: Método de verificación
             authorize: Autoriza los usuarios
             check: Comprueba el estado de los usuarios
             info: Introduce aquí los emails, uno por linea. Si los emails están precedidos
@@ -43,7 +48,14 @@ es:
             register: Registra los usuarios a la plataforma (si existen se ignorarán)
             revoke: Revoca la autorización de los usuarios
             submit: Envía y procesa el listado
-            textarea: 'Lista de emails:'
+            textarea: Lista de emails
+          stats:
+            index:
+              authorized: Verificados
+              authorized_unconfirmed: Verificados pero sin confirmar
+              global: "- Cualquier método de verificación -"
+              registered: Registrados
+              unconfirmed: Sin confirmar
         authorizations:
           new:
             no_action: Este método requiere que un administrador os verifique

data/lib/decidim/direct_verifications.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 
 require_relative "direct_verifications/version"
+require_relative "direct_verifications/config"
 require_relative "direct_verifications/user_processor"
+require_relative "direct_verifications/user_stats"
 require_relative "direct_verifications/verification"
 
 module Decidim

data/lib/decidim/direct_verifications/config.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    class << self
+      attr_accessor :config
+      def configure
+        yield self.config ||= Config.new
+      end
+    end
+
+    class Config
+      attr_reader :manage_workflows
+      def manage_workflows=(manage_workflows)
+        @manage_workflows.concat(manage_workflows).uniq!
+      end
+
+      def initialize
+        @manage_workflows = ["direct_verifications"]
+      end
+    end
+  end
+end

data/lib/decidim/direct_verifications/user_processor.rb

@@ -43,7 +43,7 @@ module Decidim
         @emails.each do |email, _name|
           if (u = find_user(email))
             auth = authorization(u)
-            next if auth.granted?
+            next unless !auth.granted? || auth.expired?
             Verification::ConfirmUserAuthorization.call(auth, authorize_form(u)) do
               on(:ok) do
                 add_processed :authorized, email
@@ -77,24 +77,6 @@ module Decidim
         end
       end
 
-      def total(type)
-        if type == :registered
-          return User.where(email: @emails.keys, decidim_organization_id: @organization.id)
-                     .count
-        end
-        if type == :unconfirmed
-          return User.where(email: @emails.keys, decidim_organization_id: @organization.id)
-                     .where(confirmed_at: nil).count
-        end
-        if type == :authorized
-          return Decidim::Authorization.joins(:user)
-                                       .where(name: authorization_handler)
-                                       .where("decidim_users.email IN (:emails) AND decidim_users.decidim_organization_id=:org",
-                                              emails: @emails.keys, org: @organization.id).count
-        end
-        0
-      end
-
       private
 
       def find_user(email)

data/lib/decidim/direct_verifications/user_stats.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    class UserStats
+      def initialize(organization)
+        @organization = organization
+        @authorization_handler = ""
+        @emails = []
+      end
+
+      attr_reader :organization, :authorization_handler
+      attr_accessor :emails
+
+      def authorization_handler=(name)
+        @workflow_manifest = nil
+        @authorization_handler = name
+      end
+
+      def registered
+        registered_users.count
+      end
+
+      def unconfirmed
+        registered_users.where("decidim_users.confirmed_at IS NULL").count
+      end
+
+      def authorized
+        authorized_users.count
+      end
+
+      def authorized_unconfirmed
+        authorized_users.where("decidim_users.confirmed_at IS NULL").count
+      end
+
+      private
+
+      def registered_users
+        if authorization_handler.empty?
+          filter = { decidim_organization_id: organization.id }
+          filter[:email] = emails unless emails.empty?
+          return User.where(filter)
+        end
+        authorized_users(false)
+      end
+
+      def authorized_users(strict = true)
+        q = Decidim::Authorization.joins(:user)
+        unless authorization_handler.empty?
+          q = q.where(name: authorization_handler)
+          if strict
+            q = q.where.not(granted_at: nil)
+            q = q.where("decidim_authorizations.granted_at >= :date", date: Time.current - expires_in) if expires_in
+          end
+        end
+        q = q.where("decidim_users.decidim_organization_id=:org", org: organization.id)
+        return q if emails.empty?
+        q.where("decidim_users.email IN (:emails)", emails: emails)
+      end
+
+      def expires_in
+        return unless workflow_manifest
+        return if workflow_manifest.expires_in.zero?
+        workflow_manifest.expires_in
+      end
+
+      def workflow_manifest
+        return if authorization_handler.empty?
+        @workflow_manifest ||= Decidim::Verifications.find_workflow_manifest(authorization_handler)
+      end
+    end
+  end
+end

data/lib/decidim/direct_verifications/verification/admin_engine.rb

@@ -8,10 +8,15 @@ module Decidim
         paths["db/migrate"] = nil
 
         routes do
-          resources :direct_verifications, only: [:index, :create]
+          resources :direct_verifications, only: [:index, :create, :stats]
+          resources :stats, only: [:index]
 
           root to: "direct_verifications#index"
         end
+
+        initializer "decidim_direct_verifications.admin_assets" do |app|
+          app.config.assets.precompile += %w(direct_verifications_admin_manifest.js)
+        end
       end
     end
   end

data/lib/decidim/direct_verifications/version.rb

@@ -3,7 +3,7 @@
 module Decidim
   # This holds the decidim-direct_verifications version.
   module DirectVerifications
-    VERSION = "0.17.6"
+    VERSION = "0.17.7"
     DECIDIM_VERSION = ">= 0.17.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: decidim-direct_verifications
 version: !ruby/object:Gem::Version
-  version: 0.17.6
+  version: 0.17.7
 platform: ruby
 authors:
 - Ivan Vergés
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-04 00:00:00.000000000 Z
+date: 2019-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: decidim-admin
@@ -49,20 +49,25 @@ files:
 - LICENSE-AGPLv3.txt
 - README.md
 - Rakefile
+- app/assets/config/direct_verifications_admin_manifest.js
+- app/assets/javascripts/decidim/direct_verifications/verification/admin/direct_verifications_admin.js.es6
 - app/commands/decidim/direct_verifications/verification/confirm_user_authorization.rb
 - app/commands/decidim/direct_verifications/verification/destroy_user_authorization.rb
 - app/controllers/decidim/direct_verifications/verification/admin/direct_verifications_controller.rb
+- app/controllers/decidim/direct_verifications/verification/admin/stats_controller.rb
 - app/controllers/decidim/direct_verifications/verification/authorizations_controller.rb
 - app/forms/decidim/direct_verifications/verification/direct_verifications_form.rb
-- app/permissions/decidim/direct_verifications/verification/admin/permissions.rb
 - app/views/decidim/direct_verifications/verification/admin/direct_verifications/index.html.erb
+- app/views/decidim/direct_verifications/verification/admin/stats/index.html.erb
 - app/views/devise/mailer/direct_invite.html.erb
 - app/views/devise/mailer/direct_invite.text.erb
 - config/locales/ca.yml
 - config/locales/en.yml
 - config/locales/es.yml
 - lib/decidim/direct_verifications.rb
+- lib/decidim/direct_verifications/config.rb
 - lib/decidim/direct_verifications/user_processor.rb
+- lib/decidim/direct_verifications/user_stats.rb
 - lib/decidim/direct_verifications/verification.rb
 - lib/decidim/direct_verifications/verification/admin.rb
 - lib/decidim/direct_verifications/verification/admin_engine.rb

data/app/permissions/decidim/direct_verifications/verification/admin/permissions.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module Decidim
-  module DirectVerifications
-    module Verification
-      module Admin
-        # Defines the abilities related to direct_verifications for a logged in admin user.
-        class Permissions < Decidim::DefaultPermissions
-          def permissions
-            return permission_action if permission_action.scope != :admin
-            if user.organization.available_authorizations.include?("direct_verifications")
-              allow! if permission_action.subject == Decidim::DirectVerifications::UserProcessor
-              permission_action
-            end
-          end
-        end
-      end
-    end
-  end
-end