decidim-direct_verifications 0.2.1

data/README.md

@@ -0,0 +1,146 @@
+# Decidim::DirectVerifications
+
+a [Decidim](https://github.com/decidim/decidim) that provides a verification method called `Direct verification`. Works only on the admin side, final users do not intervene in the verification process.
+
+This plugin allows to verify users against the `Direct verification` method by default, but it is not limited to it, it can be used to directly verify users against any other method registered for the organization.
+
+You can use this plugin in combination with the great [AccessRequests](https://github.com/mainio/decidim-module-access_requests) plugin from Maino Tech to provide and manage several levels of permissions to users in the platform Decidim.
+
+**Other features include:**
+
+1. Allows to massively register users directly in the platform prior (or independently) to verify them by sending them invite emails. 
+> **IMPORTANT:**<br>
+> You must only use this feature if you have explicit consent from your users, otherwise you might be violating the [GDPR](https://eugdpr.org/) regulation in EU.
+2. Can massively revoke authorizations given to any user with any verification method available.
+
+## Usage
+
+DirectVerifications will be available as a new verification method under Participants/Verifications.
+
+Final users take no action, verification is 100% in the admin side.
+
+Verifications can only be managed by the admins. They have available a simple textarea form where to put a list of emails with no special format required. Emails (and names if possible) are detected automatically. 
+
+With the detected list of emails admin have different options available:
+
+1. Register the list of users in the platform
+2. Authorize the list of users using any verification method available (defaults to the built-in `Direct verification` method).
+3. Revoke the authorization for the list of users using any verification method available.
+4. Check the status of the users in order to know if they are verified or registered.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "decidim-direct_verifications"
+```
+
+And then execute:
+
+```bash
+bundle
+```
+
+## Contributing
+
+See [Decidim](https://github.com/decidim/decidim).
+
+### Developing
+
+To start contributing to this project, first:
+
+- Install the basic dependencies (such as Ruby and PostgreSQL)
+- Clone this repository
+
+Decidim's main repository also provides a Docker configuration file if you
+prefer to use Docker instead of installing the dependencies locally on your
+machine.
+
+You can create the development app by running the following commands after
+cloning this project:
+
+```bash
+$ bundle
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rake development_app
+```
+
+Note that the database user has to have rights to create and drop a database in
+order to create the dummy test app database.
+
+Then to test how the module works in Decidim, start the development server:
+
+```bash
+$ cd development_app
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rails s
+```
+
+In case you are using [rbenv](https://github.com/rbenv/rbenv) and have the
+[rbenv-vars](https://github.com/rbenv/rbenv-vars) plugin installed for it, you
+can add the environment variables to the root directory of the project in a file
+named `.rbenv-vars`. If these are defined for the environment, you can omit
+defining these in the commands shown above.
+
+#### Code Styling
+
+Please follow the code styling defined by the different linters that ensure we
+are all talking with the same language collaborating on the same project. This
+project is set to follow the same rules that Decidim itself follows.
+
+[Rubocop](https://rubocop.readthedocs.io/) linter is used for the Ruby language.
+
+You can run the code styling checks by running the following commands from the
+console:
+
+```
+$ bundle exec rubocop
+```
+
+To ease up following the style guide, you should install the plugin to your
+favorite editor, such as:
+
+- Atom - [linter-rubocop](https://atom.io/packages/linter-rubocop)
+- Sublime Text - [Sublime RuboCop](https://github.com/pderichs/sublime_rubocop)
+- Visual Studio Code - [Rubocop for Visual Studio Code](https://github.com/misogi/vscode-ruby-rubocop)
+
+### Testing
+
+To run the tests run the following in the gem development path:
+
+```bash
+$ bundle
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rake test_app
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rspec
+```
+
+Note that the database user has to have rights to create and drop a database in
+order to create the dummy test app database.
+
+In case you are using [rbenv](https://github.com/rbenv/rbenv) and have the
+[rbenv-vars](https://github.com/rbenv/rbenv-vars) plugin installed for it, you
+can add these environment variables to the root directory of the project in a
+file named `.rbenv-vars`. In this case, you can omit defining these in the
+commands shown above.
+
+### Test code coverage
+
+If you want to generate the code coverage report for the tests, you can use
+the `SIMPLECOV=1` environment variable in the rspec command as follows:
+
+```bash
+$ SIMPLECOV=1 bundle exec rspec
+```
+
+This will generate a folder named `coverage` in the project root which contains
+the code coverage report.
+
+## License
+
+This engine is distributed under the GNU AFFERO GENERAL PUBLIC LICENSE.
+
+## Also check
+
+This plugin has been inspired by these two nice verification methods:
+
+- **Access Requests** by Maino Tech: https://github.com/mainio/decidim-module-access_requests
+- **CSV Emails Verifications** by CodiTramuntana: https://github.com/CodiTramuntana/decidim-verifications-csv_emails

data/Rakefile

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require "decidim/dev/common_rake"
+
+desc "Generates a dummy app for testing"
+task test_app: "decidim:generate_external_test_app"
+
+desc "Generates a development app."
+task development_app: "decidim:generate_external_development_app"
+
+# Run all tests, include all
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.verbose = false
+end
+
+# Run both by default
+task default: [:spec]

data/app/commands/decidim/direct_verifications/verification/confirm_user_authorization.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    module Verification
+      class ConfirmUserAuthorization < Decidim::Verifications::ConfirmUserAuthorization
+        def call
+          return broadcast(:invalid) unless form.valid?
+
+          if confirmation_successful?
+            authorization.grant!
+            broadcast(:ok)
+          else
+            broadcast(:invalid)
+          end
+        end
+      end
+    end
+  end
+end

data/app/commands/decidim/direct_verifications/verification/destroy_user_authorization.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    module Verification
+      # A command to destroy an authorization.
+      class DestroyUserAuthorization < Rectify::Command
+        # Public: Initializes the command.
+        #
+        # authorization - The authorization object to destroy.
+        def initialize(authorization)
+          @authorization = authorization
+        end
+
+        # Executes the command. Broadcasts these events:
+        #
+        # - :ok when everything is valid.
+        # - :invalid if the authorization couldn't be destroyed.
+        #
+        # Returns nothing.
+        def call
+          return broadcast(:invalid) unless authorization
+
+          destroy_authorization
+          broadcast(:ok)
+        end
+
+        private
+
+        attr_reader :authorization
+
+        def destroy_authorization
+          authorization.destroy!
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/direct_verifications/verification/admin/direct_verifications_controller.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    module Verification
+      module Admin
+        class DirectVerificationsController < Decidim::Admin::ApplicationController
+          include NeedsPermission
+
+          layout "decidim/admin/users"
+
+          def index
+            enforce_permission_to :index, UserProcessor
+          end
+
+          def create
+            enforce_permission_to :create, UserProcessor
+
+            @userlist = params[:userlist]
+            processor = UserProcessor.new(current_organization, current_user)
+            processor.emails = extract_emails_to_hash @userlist
+            processor.authorization_handler = params[:authorization_handler] if params[:authorization_handler]
+            if params[:register]
+              processor.register_users
+              flash[:warning] = t(".registered", count: processor.emails.count,
+                                                 registered: processor.processed[:registered].count,
+                                                 errors: processor.errors[:registered].count)
+            end
+            if params[:authorize] == "in"
+              processor.authorize_users
+              flash[:notice] = t(".authorized", handler: t("#{processor.authorization_handler}.name", scope: "decidim.authorization_handlers"),
+                                                count: processor.emails.count,
+                                                authorized: processor.processed[:authorized].count,
+                                                errors: processor.errors[:authorized].count)
+            elsif params[:authorize] == "out"
+              processor.revoke_users
+              flash[:notice] = t(".revoked", handler: t("#{processor.authorization_handler}.name", scope: "decidim.authorization_handlers"),
+                                             count: processor.emails.count,
+                                             revoked: processor.processed[:revoked].count,
+                                             errors: processor.errors[:revoked].count)
+            else
+              flash[:info] = t(".info", handler: t("#{processor.authorization_handler}.name", scope: "decidim.authorization_handlers"),
+                                        count: processor.emails.count,
+                                        authorized: processor.total(:authorized),
+                                        unconfirmed: processor.total(:unconfirmed),
+                                        registered: processor.total(:registered))
+              render(action: :index) && return
+            end
+            redirect_to direct_verifications_path
+          end
+
+          def permission_class_chain
+            [
+              Decidim::DirectVerifications::Verification::Admin::Permissions,
+              Decidim::Admin::Permissions,
+              Decidim::Permissions
+            ]
+          end
+
+          def permission_scope
+            :admin
+          end
+
+          private
+
+          def extract_emails_to_hash(txt)
+            reg = /([^@\r\n]*)\b([A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,})\b/i
+            txt.scan(reg).map { |m| [m[1], m[0].delete("<>").strip] }.to_h
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/direct_verifications/verification/authorizations_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    module Verification
+      class AuthorizationsController < Decidim::ApplicationController
+        def new
+          flash[:alert] = t("authorizations.new.no_action", scope: "decidim.direct_verifications.verification")
+          redirect_to decidim_verifications.authorizations_path
+        end
+      end
+    end
+  end
+end

data/app/forms/decidim/direct_verifications/verification/direct_verifications_form.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    module Verification
+      # A form object to be used when public users want to get verified by
+      # DirectVerifications verificator
+      class DirectVerificationsForm < AuthorizationHandler
+        # This is the input (from the user) to validate against
+        attribute :name, String
+        attribute :email, String
+
+        # This is the validation to perform
+        # If passed, an authorization is created
+        validates :email, presence: true
+      end
+    end
+  end
+end

data/app/permissions/decidim/direct_verifications/verification/admin/permissions.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DirectVerifications
+    module Verification
+      module Admin
+        # Defines the abilities related to direct_verifications for a logged in admin user.
+        class Permissions < Decidim::DefaultPermissions
+          def permissions
+            return permission_action if permission_action.scope != :admin
+            if user.organization.available_authorizations.include?("direct_verifications")
+              allow! if permission_action.subject == Decidim::DirectVerifications::UserProcessor
+              permission_action
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/views/decidim/direct_verifications/verification/admin/direct_verifications/index.html.erb

@@ -0,0 +1,40 @@
+
+<div class="card">
+  <div class="card-divider">
+    <h2 class="card-title">
+      <%= t('admin.index.title', scope: 'decidim.direct_verifications.verification') %>
+    </h2>
+  </div>
+  <div class="card-section">
+    <p><%= t('decidim.direct_verifications.verification.admin.new.info') %></p>
+    <%= form_tag direct_verifications_path, multipart: true, class: 'form' do %>
+      <%= label_tag :userlist, t('admin.new.textarea', scope: 'decidim.direct_verifications.verification') %>
+      <%= text_area_tag :userlist, @userlist, rows: 10 %>
+      <label>
+        <%= check_box_tag :register %>
+        <%= t('admin.new.register', scope: 'decidim.direct_verifications.verification') %>
+      </label>
+      <label>
+        <%= radio_button_tag :authorize, 'in' %>
+        <%= t('admin.new.authorize', scope: 'decidim.direct_verifications.verification') %>
+      </label>
+      <label>
+        <%= radio_button_tag :authorize, 'out' %>
+        <%= t('admin.new.revoke', scope: 'decidim.direct_verifications.verification') %>
+      </label>
+      <label>
+        <%= radio_button_tag :authorize, 'check', true %>
+        <%= t('admin.new.check', scope: 'decidim.direct_verifications.verification') %>
+      </label>
+
+      <%= label_tag :userlist, t('admin.new.authorization_handler', scope: 'decidim.direct_verifications.verification') %>
+      <%= select_tag :authorization_handler, options_for_select(current_organization.available_authorizations.map { |a|
+        [t("#{a}.name", scope: "decidim.authorization_handlers"), a]
+        }, :direct_verifications) %>
+
+      <%= submit_tag t('admin.new.submit', scope: 'decidim.direct_verifications.verification'), class: 'button' %>
+
+    <% end %>
+
+  </div>
+</div>

data/config/locales/ca.yml

@@ -0,0 +1,43 @@
+---
+ca:
+  decidim:
+    authorization_handlers:
+      admin:
+        direct_verifications:
+          help:
+          - 'Permet la introducció massiva d''usuaris per tal de:'
+          - Registrar-los directament a la organització amb l'enviament d'invitacions
+          - Verificar-los en qualsevol mètode de verificació actiu
+          - Revocar la verificació en qualsevol mètode de verificació actiu
+      direct_verifications:
+        explanation: Verificació manual per par dels administradors de l'organització
+        name: Verificació directa
+    direct_verifications:
+      verification:
+        admin:
+          direct_verifications:
+            create:
+              authorized: S'han verificat correctament %{authorized} usuaris utilitzant
+                [%{handler}] (%{count} detectats, %{errors} errors)
+              info: S'han detectat %{count} usuaris registrats, dels quals %{registered}
+                estan registrats, %{unconfirmed} sense confirmar i %{authorized} autoritzats
+                utilitzant [%{handler}]
+              registered: S'han registrat correctament %{registered} usuaris (%{count}
+                detectats, %{errors} errors)
+              revoked: S'ha revocat correctament la verificació de %{revoked} usuaris
+                utilitzant [%{handler}] (%{count} detectats, %{errors} errors)
+          index:
+            title: Inscriu i autoritza usuaris
+          new:
+            authorization_handler: 'Mètode de verificació:'
+            authorize: Autoritza els usuaris
+            check: Comprova l'estat dels usuaris
+            info: Introdueix aquí els emails, un per línia. Si els emails estan precedits
+              per un text, s'interpretarà com el nom de l'usuari
+            register: Registra els usuaris a la plataforma (si existeixen s'ignoraran)
+            revoke: Revoca l'autorització dels usuaris
+            submit: Envia i processa el llistat
+            textarea: 'Llista d''emails:'
+        authorizations:
+          new:
+            no_action: Aquest mètode requereix que un administrador us verifiqui