decidim-initiatives 0.11.2 → 0.12.0.pre

data/app/controllers/decidim/initiatives/admin/initiatives_type_scopes_controller.rb

@@ -9,13 +9,13 @@ module Decidim
 
         # GET /admin/initiatives_types/:initiatives_type_id/initiatives_type_scopes/new
         def new
-          authorize! :new, Decidim::InitiativesTypeScope
+          enforce_permission_to :create, :initiative_type_scope
           @form = initiative_type_scope_form.instance
         end
 
         # POST /admin/initiatives_types/:initiatives_type_id/initiatives_type_scopes
         def create
-          authorize! :create, Decidim::InitiativesTypeScope
+          enforce_permission_to :create, :initiative_type_scope
           @form = initiative_type_scope_form
                   .from_params(params, type_id: params[:initiatives_type_id])
 
@@ -34,13 +34,13 @@ module Decidim
 
         # GET /admin/initiatives_types/:initiatives_type_id/initiatives_type_scopes/:id/edit
         def edit
-          authorize! :edit, current_initiative_type_scope
+          enforce_permission_to :edit, :initiative_type_scope, initiative_type_scope: current_initiative_type_scope
           @form = initiative_type_scope_form.from_model(current_initiative_type_scope)
         end
 
         # PUT /admin/initiatives_types/:initiatives_type_id/initiatives_type_scopes/:id
         def update
-          authorize! :update, current_initiative_type_scope
+          enforce_permission_to :update, :initiative_type_scope, initiative_type_scope: current_initiative_type_scope
           @form = initiative_type_scope_form.from_params(params)
 
           UpdateInitiativeTypeScope.call(current_initiative_type_scope, @form) do
@@ -58,7 +58,7 @@ module Decidim
 
         # DELETE /admin/initiatives_types/:initiatives_type_id/initiatives_type_scopes/:id
         def destroy
-          authorize! :destroy, current_initiative_type_scope
+          enforce_permission_to :destroy, :initiative_type_scope, initiative_type_scope: current_initiative_type_scope
           current_initiative_type_scope.destroy!
 
           redirect_to edit_initiatives_type_path(current_initiative_type_scope.type), flash: {

data/app/controllers/decidim/initiatives/admin/initiatives_types_controller.rb

@@ -7,25 +7,25 @@ module Decidim
     module Admin
       # Controller used to manage the available initiative types for the current
       # organization.
-      class InitiativesTypesController < ApplicationController
+      class InitiativesTypesController < Decidim::Initiatives::Admin::ApplicationController
         helper_method :current_initiative_type
 
         # GET /admin/initiatives_types
         def index
-          authorize! :index, Decidim::InitiativesType
+          enforce_permission_to :index, :initiative_type
 
           @initiatives_types = InitiativeTypes.for(current_organization)
         end
 
         # GET /admin/initiatives_types/new
         def new
-          authorize! :new, Decidim::InitiativesType
+          enforce_permission_to :create, :initiative_type
           @form = initiative_type_form.instance
         end
 
         # POST /admin/initiatives_types
         def create
-          authorize! :create, Decidim::InitiativesType
+          enforce_permission_to :create, :initiative_type
           @form = initiative_type_form.from_params(params)
 
           CreateInitiativeType.call(@form) do
@@ -43,7 +43,7 @@ module Decidim
 
         # GET /admin/initiatives_types/:id/edit
         def edit
-          authorize! :edit, current_initiative_type
+          enforce_permission_to :edit, :initiative_type, initiative_type: current_initiative_type
           @form = initiative_type_form
                   .from_model(current_initiative_type,
                               initiative_type: current_initiative_type)
@@ -51,7 +51,7 @@ module Decidim
 
         # PUT /admin/initiatives_types/:id
         def update
-          authorize! :update, current_initiative_type
+          enforce_permission_to :update, :initiative_type, initiative_type: current_initiative_type
 
           @form = initiative_type_form
                   .from_params(params, initiative_type: current_initiative_type)
@@ -71,7 +71,7 @@ module Decidim
 
         # DELETE /admin/initiatives_types/:id
         def destroy
-          authorize! :destroy, current_initiative_type
+          enforce_permission_to :destroy, :initiative_type, initiative_type: current_initiative_type
           current_initiative_type.destroy!
 
           redirect_to initiatives_types_path, flash: {

data/app/controllers/decidim/initiatives/application_controller.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Initiatives
+    # The main admin application controller for initiatives
+    class ApplicationController < Decidim::ApplicationController
+      layout "decidim/admin/initiatives"
+
+      include NeedsPermission
+
+      def permissions_context
+        super.merge(
+          current_participatory_space: try(:current_participatory_space)
+        )
+      end
+
+      def permission_class_chain
+        [
+          Decidim::Initiatives::Permissions,
+          Decidim::Admin::Permissions,
+          Decidim::Permissions
+        ]
+      end
+
+      def permission_scope
+        :public
+      end
+    end
+  end
+end

data/app/controllers/decidim/initiatives/committee_requests_controller.rb

@@ -3,22 +3,21 @@
 module Decidim
   module Initiatives
     # Controller in charge of managing committee membership
-    class CommitteeRequestsController < Decidim::ApplicationController
+    class CommitteeRequestsController < Decidim::Initiatives::ApplicationController
       include Decidim::Initiatives::NeedsInitiative
 
-      helper Decidim::ActionAuthorizationHelper
       helper InitiativeHelper
 
-      include Decidim::Initiatives::ActionAuthorization
+      layout "layouts/decidim/application"
 
       # GET /initiatives/:initiative_id/committee_requests/new
       def new
-        authorize! :request_membership, current_initiative
+        enforce_permission_to :request_membership, :initiative, initiative: current_initiative
       end
 
       # GET /initiatives/:initiative_id/committee_requests/spawn
       def spawn
-        authorize! :request_membership, current_initiative
+        enforce_permission_to :request_membership, :initiative, initiative: current_initiative
 
         SpawnCommitteeRequest.call(current_initiative, current_user) do
           on(:ok) do

data/app/controllers/decidim/initiatives/create_initiative_controller.rb

@@ -5,7 +5,7 @@ module Decidim
     require "wicked"
 
     # Controller in charge of managing the create initiative wizard.
-    class CreateInitiativeController < Decidim::ApplicationController
+    class CreateInitiativeController < Decidim::Initiatives::ApplicationController
       layout "layouts/decidim/initiative_creation"
 
       include Wicked::Wizard
@@ -28,12 +28,12 @@ module Decidim
             :finish
 
       def show
-        authorize! :create, Initiative
+        enforce_permission_to :create, :initiative
         send("#{step}_step", initiative: session[:initiative])
       end
 
       def update
-        authorize! :create, Initiative
+        enforce_permission_to :create, :initiative
         send("#{step}_step", params)
       end
 

data/app/controllers/decidim/initiatives/initiative_types_controller.rb

@@ -3,10 +3,10 @@
 module Decidim
   module Initiatives
     # Exposes the initiative type text search so users can choose a type writing its name.
-    class InitiativeTypesController < Decidim::ApplicationController
+    class InitiativeTypesController < Decidim::Initiatives::ApplicationController
       # GET /initiative_types/search
       def search
-        authorize! :search, InitiativesType
+        enforce_permission_to :search, :initiative_type
 
         types = FreetextInitiativeTypes.for(current_organization, I18n.locale, params[:term])
         render json: { results: types.map { |type| { id: type.id.to_s, text: type.title[I18n.locale.to_s] } } }

data/app/controllers/decidim/initiatives/initiative_votes_controller.rb

@@ -3,18 +3,16 @@
 module Decidim
   module Initiatives
     # Exposes the initiative vote resource so users can vote initiatives.
-    class InitiativeVotesController < Decidim::ApplicationController
+    class InitiativeVotesController < Decidim::Initiatives::ApplicationController
       include Decidim::Initiatives::NeedsInitiative
 
       before_action :authenticate_user!
 
-      helper Decidim::ActionAuthorizationHelper
       helper InitiativeHelper
-      include Decidim::Initiatives::ActionAuthorization
 
       # POST /initiatives/:initiative_id/initiative_vote
       def create
-        authorize! :vote, current_initiative
+        enforce_permission_to :vote, :initiative, initiative: current_initiative, group_id: params[:group_id]
         VoteInitiative.call(current_initiative, current_user, params[:group_id]) do
           on(:ok) do
             current_initiative.reload
@@ -31,7 +29,7 @@ module Decidim
 
       # DELETE /initiatives/:initiative_id/initiative_vote
       def destroy
-        authorize! :unvote, current_initiative
+        enforce_permission_to :unvote, :initiative, initiative: current_initiative, group_id: params[:group_id]
         UnvoteInitiative.call(current_initiative, current_user, params[:group_id]) do
           on(:ok) do
             current_initiative.reload
@@ -39,18 +37,6 @@ module Decidim
           end
         end
       end
-
-      private
-
-      def ability_context
-        {
-          current_settings: try(:current_settings),
-          component_settings: try(:component_settings),
-          current_organization: try(:current_organization),
-          current_component: try(:current_component),
-          params: try(:params)
-        }
-      end
     end
   end
 end

data/app/controllers/decidim/initiatives/initiatives_controller.rb

@@ -3,7 +3,7 @@
 module Decidim
   module Initiatives
     # This controller contains the logic regarding citizen initiatives
-    class InitiativesController < Decidim::ApplicationController
+    class InitiativesController < Decidim::Initiatives::ApplicationController
       include ParticipatorySpaceContext
       participatory_space_layout only: [:show]
 
@@ -11,7 +11,6 @@ module Decidim
       helper Decidim::AttachmentsHelper
       helper Decidim::FiltersHelper
       helper Decidim::OrdersHelper
-      helper Decidim::ActionAuthorizationHelper
       helper Decidim::ResourceHelper
       helper Decidim::IconHelper
       helper Decidim::Comments::CommentsHelper
@@ -20,7 +19,6 @@ module Decidim
       helper InitiativeHelper
       include InitiativeSlug
 
-      include Decidim::Initiatives::ActionAuthorization
       include FilterResource
       include Paginable
       include Orderable
@@ -29,16 +27,14 @@ module Decidim
 
       helper_method :collection, :initiatives, :filter, :stats
 
-      skip_authorization_check only: :signature_identities
-
       # GET /initiatives
       def index
-        authorize! :read, Initiative
+        enforce_permission_to :list, :initiative
       end
 
       # GET /initiatives/:id
       def show
-        authorize! :read, current_initiative
+        enforce_permission_to :read, :initiative, initiative: current_initiative
       end
 
       # GET /initiatives/:id/signature_identities

data/app/controllers/decidim/initiatives/initiatives_type_scopes_controller.rb

@@ -3,12 +3,12 @@
 module Decidim
   module Initiatives
     # Exposes the initiative type text search so users can choose a type writing its name.
-    class InitiativesTypeScopesController < Decidim::ApplicationController
+    class InitiativesTypeScopesController < Decidim::Initiatives::ApplicationController
       helper_method :scoped_types
 
       # GET /initiative_type_scopes/search
       def search
-        authorize! :search, InitiativesTypeScope
+        enforce_permission_to :search, :initiative_type_scope
         render layout: false
       end
 

data/app/events/decidim/initiatives/endorse_initiative_event.rb

@@ -2,52 +2,11 @@
 
 module Decidim
   module Initiatives
-    class EndorseInitiativeEvent < Decidim::Events::BaseEvent
-      include Decidim::Events::EmailEvent
-      include Decidim::Events::NotificationEvent
+    class EndorseInitiativeEvent < Decidim::Events::SimpleEvent
+      include Decidim::Events::AuthorEvent
 
-      def email_subject
-        I18n.t(
-          "decidim.initiatives.events.endorse_initiative_event.email_subject",
-          resource_title: resource_title,
-          author_nickname: author.nickname,
-          author_name: author.name
-        )
-      end
-
-      def email_intro
-        I18n.t(
-          "decidim.initiatives.events.endorse_initiative_event.email_intro",
-          resource_title: resource_title,
-          author_nickname: author.nickname,
-          author_name: author.name
-        )
-      end
-
-      def email_outro
-        I18n.t(
-          "decidim.initiatives.events.endorse_initiative_event.email_outro",
-          resource_title: resource_title,
-          author_nickname: author.nickname,
-          author_name: author.name
-        )
-      end
-
-      def notification_title
-        I18n.t(
-          "decidim.initiatives.events.endorse_initiative_event.notification_title",
-          resource_title: resource_title,
-          resource_path: resource_path,
-          author_nickname: author.nickname,
-          author_name: author.name,
-          author_path: author.profile_path
-        ).html_safe
-      end
-
-      private
-
-      def author
-        @author ||= Decidim::UserPresenter.new(resource.author)
+      def i18n_scope
+        "decidim.initiatives.events.endorse_initiative_event"
       end
     end
   end

data/app/events/decidim/initiatives/milestone_completed_event.rb

@@ -0,0 +1,17 @@
+# frozen-string_literal: true
+
+module Decidim
+  module Initiatives
+    class MilestoneCompletedEvent < Decidim::Events::SimpleEvent
+      i18n_attributes :percentage
+
+      def percentage
+        extra[:percentage]
+      end
+
+      def participatory_space
+        resource
+      end
+    end
+  end
+end

data/app/models/decidim/initiative.rb

@@ -15,6 +15,7 @@ module Decidim
     include Decidim::Traceable
     include Decidim::Loggable
     include Decidim::Initiatives::InitiativeSlug
+    include Decidim::Resourceable
 
     belongs_to :organization,
                foreign_key: "decidim_organization_id",
@@ -78,12 +79,12 @@ module Decidim
     scope :public_spaces, -> { published }
 
     scope :order_by_most_recent, -> { order(created_at: :desc) }
-    scope :order_by_supports, -> { order("initiative_votes_count + coalesce(offline_votes, 0) desc") }
+    scope :order_by_supports, -> { order(Arel.sql("initiative_votes_count + coalesce(offline_votes, 0) desc")) }
     scope :order_by_most_commented, lambda {
       select("decidim_initiatives.*")
         .left_joins(:comments)
         .group("decidim_initiatives.id")
-        .order("count(decidim_comments_comments.id) desc")
+        .order(Arel.sql("count(decidim_comments_comments.id) desc"))
     }
 
     after_save :notify_state_change
@@ -92,7 +93,7 @@ module Decidim
     def self.order_randomly(seed)
       transaction do
         connection.execute("SELECT setseed(#{connection.quote(seed)})")
-        select('"decidim_initiatives".*, RANDOM()').order("RANDOM()").load
+        select('"decidim_initiatives".*, RANDOM()').order(Arel.sql("RANDOM()")).load
       end
     end
 
@@ -223,7 +224,7 @@ module Decidim
 
     def supports_count
       face_to_face_votes = offline_votes.nil? || online? ? 0 : offline_votes
-      digital_votes = offline? ? 0 : initiative_votes_count
+      digital_votes = offline? ? 0 : (initiative_votes_count + initiative_supports_count)
       digital_votes + face_to_face_votes
     end
 

data/app/models/decidim/initiatives_committee_member.rb

@@ -18,5 +18,6 @@ module Decidim
     validates :user, uniqueness: { scope: :initiative }
 
     scope :approved, -> { where(state: :accepted) }
+    scope :non_deleted, -> { includes(:user).where(decidim_users: { deleted_at: nil }) }
   end
 end

data/app/permissions/decidim/initiatives/admin/permissions.rb

@@ -0,0 +1,188 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Initiatives
+    module Admin
+      class Permissions < Decidim::DefaultPermissions
+        def permissions
+          # The public part needs to be implemented yet
+          return permission_action if permission_action.scope != :admin
+          return permission_action unless user
+
+          user_can_enter_space_area?
+
+          return permission_action if initiative && !initiative.is_a?(Decidim::Initiative)
+
+          user_can_read_participatory_space?
+
+          if !user.admin? && initiative&.has_authorship?(user)
+            initiative_committee_action?
+            initiative_user_action?
+            attachment_action?
+
+            return permission_action
+          end
+
+          if !user.admin? && has_initiatives?
+            read_initiative_list_action?
+
+            return permission_action
+          end
+
+          return permission_action unless user.admin?
+
+          initiative_type_action?
+          initiative_type_scope_action?
+          initiative_committee_action?
+          initiative_admin_user_action?
+          allow! if permission_action.subject == :attachment
+
+          permission_action
+        end
+
+        private
+
+        def initiative
+          @initiative ||= context.fetch(:initiative, nil) || context.fetch(:current_participatory_space, nil)
+        end
+
+        def user_can_read_participatory_space?
+          return unless permission_action.action == :read &&
+                        permission_action.subject == :participatory_space
+
+          toggle_allow(user.admin? || initiative.has_authorship?(user))
+        end
+
+        def user_can_enter_space_area?
+          return unless permission_action.action == :enter &&
+                        permission_action.subject == :space_area &&
+                        context.fetch(:space_name, nil) == :initiatives
+
+          toggle_allow(user.admin? || has_initiatives?)
+        end
+
+        def has_initiatives?
+          (InitiativesCreated.by(user) | InitiativesPromoted.by(user)).any?
+        end
+
+        def attachment_action?
+          return unless permission_action.subject == :attachment
+
+          attachment = context.fetch(:attachment, nil)
+          attached = attachment&.attached_to
+
+          case permission_action.action
+          when :update, :destroy
+            toggle_allow(attached && attached.is_a?(Decidim::Initiative))
+          when :read, :create
+            allow!
+          else
+            disallow!
+          end
+        end
+
+        def initiative_type_action?
+          return unless permission_action.subject == :initiative_type
+
+          initiative_type = context.fetch(:initiative_type, nil)
+
+          case permission_action.action
+          when :destroy
+            scopes_are_empty = initiative_type && initiative_type.scopes.all? { |scope| scope.initiatives.empty? }
+            toggle_allow(scopes_are_empty)
+          else
+            allow!
+          end
+        end
+
+        def initiative_type_scope_action?
+          return unless permission_action.subject == :initiative_type_scope
+
+          initiative_type_scope = context.fetch(:initiative_type_scope, nil)
+
+          case permission_action.action
+          when :destroy
+            scopes_is_empty = initiative_type_scope && initiative_type_scope.initiatives.empty?
+            toggle_allow(scopes_is_empty)
+          else
+            allow!
+          end
+        end
+
+        def initiative_committee_action?
+          return unless permission_action.subject == :initiative_committee_member
+
+          request = context.fetch(:request, nil)
+
+          case permission_action.action
+          when :index
+            allow!
+          when :approve
+            toggle_allow(!request&.accepted?)
+          when :revoke
+            toggle_allow(!request&.rejected?)
+          end
+        end
+
+        def initiative_admin_user_action?
+          return unless permission_action.subject == :initiative
+
+          case permission_action.action
+          when :read
+            toggle_allow(Decidim::Initiatives.print_enabled)
+          when :publish
+            toggle_allow(initiative.validating?)
+          when :unpublish
+            toggle_allow(initiative.published?)
+          when :discard
+            toggle_allow(initiative.validating?)
+          when :export_votes
+            toggle_allow(initiative.offline? || initiative.any?)
+          when :accept
+            allowed = initiative.published? &&
+                      initiative.signature_end_time < Time.zone.today &&
+                      initiative.percentage >= 100
+            toggle_allow(allowed)
+          when :reject
+            allowed = initiative.published? &&
+                      initiative.signature_end_time < Time.zone.today &&
+                      initiative.percentage < 100
+            toggle_allow(allowed)
+          else
+            allow!
+          end
+        end
+
+        def read_initiative_list_action?
+          return unless permission_action.subject == :initiative &&
+                        permission_action.action == :list
+          allow!
+        end
+
+        def initiative_user_action?
+          return unless permission_action.subject == :initiative
+
+          case permission_action.action
+          when :read
+            toggle_allow(Decidim::Initiatives.print_enabled)
+          when :preview, :edit
+            allow!
+          when :update
+            toggle_allow(initiative.created?)
+          when :send_to_technical_validation
+            allowed = initiative.created? && (
+                        !initiative.decidim_user_group_id.nil? ||
+                          initiative.committee_members.approved.count >= Decidim::Initiatives.minimum_committee_members
+            )
+
+            toggle_allow(allowed)
+          when :manage_membership
+            allow!
+          else
+            disallow!
+          end
+        end
+      end
+    end
+  end
+end