RubyGems - decidim-initiatives - Versions diffs - 0.16.1 → 0.17.0 - Mend

decidim-initiatives 0.16.1 → 0.17.0

Files changed (126) hide show

data/app/controllers/decidim/initiatives/initiative_signatures_controller.rb ADDED

@@ -0,0 +1,207 @@
+# frozen_string_literal: true
+module Decidim
+  module Initiatives
+    require "wicked"
+    class InitiativeSignaturesController < Decidim::Initiatives::ApplicationController
+      layout "layouts/decidim/initiative_signature_creation"
+      include Wicked::Wizard
+      include Decidim::Initiatives::NeedsInitiative
+      include Decidim::FormFactory
+      prepend_before_action :set_wizard_steps
+      before_action :authenticate_user!
+      helper InitiativeHelper
+      helper_method :initiative_type, :extra_data_legal_information
+      # GET /initiatives/:initiative_id/initiative_signatures/:step
+      def show
+        group_id = params[:group_id] || (session[:initiative_vote_form] ||= {})["group_id"]
+        enforce_permission_to :sign_initiative, :initiative, initiative: current_initiative, group_id: group_id, signature_has_steps: signature_has_steps?
+        send("#{step}_step", initiative_vote_form: session[:initiative_vote_form])
+      end
+      # PUT /initiatives/:initiative_id/initiative_signatures/:step
+      def update
+        group_id = params.dig(:initiatives_vote, :group_id) || session[:initiative_vote_form]["group_id"]
+        enforce_permission_to :sign_initiative, :initiative, initiative: current_initiative, group_id: group_id, signature_has_steps: signature_has_steps?
+        send("#{step}_step", params)
+      end
+      # POST /initiatives/:initiative_id/initiative_signatures
+      def create
+        group_id = params[:group_id] || session[:initiative_vote_form]&.dig("group_id")
+        enforce_permission_to :vote, :initiative, initiative: current_initiative, group_id: group_id
+        @form = form(Decidim::Initiatives::VoteForm)
+                .from_params(
+                  initiative_id: current_initiative.id,
+                  author_id: current_user.id,
+                  group_id: group_id
+                )
+        VoteInitiative.call(@form, current_user) do
+          on(:ok) do
+            current_initiative.reload
+            render :update_buttons_and_counters
+          end
+          on(:invalid) do
+            render json: {
+              error: I18n.t("create.error", scope: "decidim.initiatives.initiative_votes")
+            }, status: 422
+          end
+        end
+      end
+      private
+      def fill_personal_data_step(_unused)
+        @form = form(Decidim::Initiatives::VoteForm)
+                .from_params(
+                  initiative_id: current_initiative.id,
+                  author_id: current_user.id,
+                  group_id: params[:group_id]
+                )
+        session[:initiative_vote_form] = { group_id: @form.group_id }
+        skip_step unless initiative_type.collect_user_extra_fields
+        render_wizard
+      end
+      def sms_phone_number_step(parameters)
+        if parameters.has_key?(:initiatives_vote) || !fill_personal_data_step?
+          build_vote_form(parameters)
+        else
+          check_session_personal_data
+        end
+        clear_session_sms_code
+        if @vote_form.invalid?
+          flash[:alert] = I18n.t("personal_data.invalid", scope: "decidim.initiatives.initiative_votes")
+          jump_to(previous_step)
+        end
+        @form = Decidim::Verifications::Sms::MobilePhoneForm.new
+        render_wizard
+      end
+      def sms_code_step(parameters)
+        check_session_personal_data if fill_personal_data_step?
+        @phone_form = Decidim::Verifications::Sms::MobilePhoneForm.from_params(parameters.merge(user: current_user))
+        @form = Decidim::Verifications::Sms::ConfirmationForm.new
+        render_wizard && return if session_sms_code.present?
+        ValidateMobilePhone.call(@phone_form, current_user) do
+          on(:ok) do |metadata|
+            store_session_sms_code(metadata)
+            render_wizard
+          end
+          on(:invalid) do
+            flash[:alert] = I18n.t("sms_phone.invalid", scope: "decidim.initiatives.initiative_votes")
+            redirect_to wizard_path(:sms_phone_number)
+          end
+        end
+      end
+      def finish_step(parameters)
+        if parameters.has_key?(:initiatives_vote) || !fill_personal_data_step?
+          build_vote_form(parameters)
+        else
+          check_session_personal_data
+        end
+        if sms_step?
+          @confirmation_code_form = Decidim::Verifications::Sms::ConfirmationForm.from_params(parameters)
+          ValidateSmsCode.call(@confirmation_code_form, session_sms_code) do
+            on(:ok) { clear_session_sms_code }
+            on(:invalid) do
+              flash[:alert] = I18n.t("sms_code.invalid", scope: "decidim.initiatives.initiative_votes")
+              jump_to :sms_code
+              render_wizard && return
+            end
+          end
+        end
+        VoteInitiative.call(@vote_form, current_user) do
+          on(:ok) do
+            session[:initiative_vote_form] = {}
+          end
+          on(:invalid) do |vote|
+            logger.fatal "Failed creating signature: #{vote.errors.full_messages.join(", ")}" if vote
+            flash[:alert] = I18n.t("create.invalid", scope: "decidim.initiatives.initiative_votes")
+            jump_to previous_step
+          end
+        end
+        render_wizard
+      end
+      def build_vote_form(parameters)
+        @vote_form = form(Decidim::Initiatives::VoteForm).from_params(parameters).tap do |form|
+          form.initiative_id = current_initiative.id
+          form.author_id = current_user.id
+        end
+        session[:initiative_vote_form] = session[:initiative_vote_form].merge(@vote_form.attributes_with_values)
+      end
+      def session_vote_form
+        raw_birth_date = session[:initiative_vote_form]["date_of_birth"]
+        return unless raw_birth_date
+        @vote_form = form(Decidim::Initiatives::VoteForm).from_params(
+          session[:initiative_vote_form].merge("date_of_birth" => Date.parse(raw_birth_date))
+        )
+      end
+      def initiative_type
+        @initiative_type ||= current_initiative&.scoped_type&.type
+      end
+      def extra_data_legal_information
+        @extra_data_legal_information ||= initiative_type.extra_fields_legal_information
+      end
+      def check_session_personal_data
+        return if session[:initiative_vote_form].present? && session_vote_form&.valid?
+        flash[:alert] = I18n.t("create.error", scope: "decidim.initiatives.initiative_votes")
+        jump_to(:fill_personal_data)
+      end
+      def store_session_sms_code(metadata)
+        session[:initiative_sms_code] = metadata
+      end
+      def session_sms_code
+        session[:initiative_sms_code]
+      end
+      def clear_session_sms_code
+        session[:initiative_sms_code] = {}
+      end
+      def sms_step?
+        current_initiative.validate_sms_code_on_votes?
+      end
+      def fill_personal_data_step?
+        initiative_type.collect_user_extra_fields?
+      end
+      def set_wizard_steps
+        initial_wizard_steps = [:finish]
+        initial_wizard_steps.unshift(:sms_phone_number, :sms_code) if sms_step?
+        initial_wizard_steps.unshift(:fill_personal_data) if fill_personal_data_step?
+        self.steps = initial_wizard_steps
+      end
+    end
+  end
+end

data/app/controllers/decidim/initiatives/initiative_votes_controller.rb CHANGED

@@ -5,6 +5,7 @@ module Decidim
     # Exposes the initiative vote resource so users can vote initiatives.
     class InitiativeVotesController < Decidim::Initiatives::ApplicationController
       include Decidim::Initiatives::NeedsInitiative
+      include Decidim::FormFactory
       before_action :authenticate_user!
@@ -13,7 +14,8 @@ module Decidim
       # POST /initiatives/:initiative_id/initiative_vote
       def create
         enforce_permission_to :vote, :initiative, initiative: current_initiative, group_id: params[:group_id]
-        VoteInitiative.call(current_initiative, current_user, params[:group_id]) do
+        @form = form(Decidim::Initiatives::VoteForm).from_params(initiative_id: current_initiative.id, author_id: current_user.id, group_id: params[:group_id])
+        VoteInitiative.call(@form, current_user) do
           on(:ok) do
             current_initiative.reload
             render :update_buttons_and_counters

data/app/controllers/decidim/initiatives/initiatives_type_signature_types_controller.rb ADDED

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module Decidim
+  module Initiatives
+    class InitiativesTypeSignatureTypesController < Decidim::Initiatives::ApplicationController
+      helper_method :allowed_signature_types_for_initiatives
+      # GET /initiative_type_signature_types/search
+      def search
+        enforce_permission_to :search, :initiative_type_signature_types
+        render layout: false
+      end
+      private
+      def allowed_signature_types_for_initiatives
+        @allowed_signature_types_for_initiatives ||= InitiativesType.find(params[:type_id]).allowed_signature_types_for_initiatives
+      end
+    end
+  end
+end

data/app/forms/decidim/initiatives/admin/initiative_answer_form.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module Decidim
+  module Initiatives
+    module Admin
+      # A form object used to manage the initiative answer in the
+      # administration panel.
+      class InitiativeAnswerForm < Form
+        include TranslatableAttributes
+        mimic :initiative
+        translatable_attribute :answer, String
+        attribute :answer_url, String
+        attribute :signature_start_date, Decidim::Attributes::LocalizedDate
+        attribute :signature_end_date, Decidim::Attributes::LocalizedDate
+        validates :signature_start_date, :signature_end_date, presence: true, if: :signature_dates_required?
+        validates :signature_end_date, date: { after: :signature_start_date }, if: lambda { |form|
+          form.signature_start_date.present? && form.signature_end_date.present?
+        }
+        def signature_dates_required?
+          @signature_dates_required ||= context.initiative.state == "published"
+        end
+      end
+    end
+  end
+end

data/app/forms/decidim/initiatives/admin/initiative_form.rb CHANGED

@@ -19,21 +19,16 @@ module Decidim
         attribute :signature_end_date, Decidim::Attributes::LocalizedDate
         attribute :hashtag, String
         attribute :offline_votes, Integer
-        translatable_attribute :answer, String
-        attribute :answer_url, String
+        attribute :state, String
         validates :title, :description, presence: true
-        validates :signature_type, presence: true
+        validates :signature_type, presence: true, if: :signature_type_updatable?
         validates :signature_start_date, presence: true, if: ->(form) { form.context.initiative.published? }
         validates :signature_end_date, presence: true, if: ->(form) { form.context.initiative.published? }
         validates :signature_end_date, date: { after: :signature_start_date }, if: lambda { |form|
           form.signature_start_date.present? && form.signature_end_date.present?
         }
-        validates :answer, translatable_presence: true, if: ->(form) { form.context.initiative.accepted? }
-        validates :answer_url, presence: true, if: ->(form) { form.context.initiative.accepted? }
         validates :offline_votes,
                   numericality: {
                     only_integer: true,
@@ -44,6 +39,29 @@ module Decidim
           self.type_id = model.type.id
           self.decidim_scope_id = model.scope.id
         end
+        def signature_type_updatable?
+          @signature_type_updatable ||= begin
+                                          state ||= context.initiative.state
+                                          state == "validating" && context.current_user.admin? || state == "created"
+                                        end
+        end
+        def state_updatable?
+          false
+        end
+        def scoped_type_id
+          return unless type && decidim_scope_id
+          type.scopes.find_by!(decidim_scopes_id: decidim_scope_id).id
+        end
+        private
+        def type
+          @type ||= type_id ? Decidim::InitiativesType.find(type_id) : context.initiative.type
+        end
       end
     end
   end

data/app/forms/decidim/initiatives/admin/initiative_type_form.rb CHANGED

@@ -12,11 +12,25 @@ module Decidim
         translatable_attribute :title, String
         translatable_attribute :description, String
         attribute :banner_image, String
+        attribute :online_signature_enabled, Boolean
+        attribute :undo_online_signatures_enabled, Boolean
+        attribute :minimum_committee_members, Integer
+        attribute :collect_user_extra_fields, Boolean
+        translatable_attribute :extra_fields_legal_information, String
+        attribute :validate_sms_code_on_votes, Boolean
+        attribute :document_number_authorization_handler, String
         validates :title, :description, translatable_presence: true
+        validates :online_signature_enabled, inclusion: { in: [true, false] }
+        validates :undo_online_signatures_enabled, inclusion: { in: [true, false] }
+        validates :minimum_committee_members, numericality: { only_integer: true }, allow_nil: true
         validates :banner_image, presence: true, if: lambda { |form|
           form.context.initiative_type.nil?
         }
+        def minimum_committee_members=(value)
+          super(value.presence)
+        end
       end
     end
   end

data/app/forms/decidim/initiatives/committee_member_form.rb ADDED

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module Decidim
+  module Initiatives
+    # A form object used to collect the data for a new initiative committee
+    # member.
+    class CommitteeMemberForm < Form
+      mimic :initiatives_committee_member
+      attribute :initiative_id, Integer
+      attribute :user_id, Integer
+      attribute :state, String
+      validates :initiative_id, presence: true
+      validates :user_id, presence: true
+      validates :state, inclusion: { in: %w(requested rejected accepted) }, unless: :user_is_author?
+      validates :state, inclusion: { in: %w(rejected accepted) }, if: :user_is_author?
+      def user_is_author?
+        initiative&.decidim_author_id == user_id
+      end
+      private
+      def initiative
+        @initiative ||= Decidim::Initiative.find_by(id: initiative_id)
+      end
+    end
+  end
+end

data/app/forms/decidim/initiatives/initiative_form.rb CHANGED

@@ -14,6 +14,7 @@ module Decidim
       attribute :scope_id, Integer
       attribute :decidim_user_group_id, Integer
       attribute :signature_type, String
+      attribute :state, String
       validates :title, :description, presence: true
       validates :title, length: { maximum: 150 }
@@ -25,6 +26,10 @@ module Decidim
         self.type_id = model.type.id
         self.scope_id = model.scope.id
       end
+      def signature_type_updatable?
+        state == "created" || state.nil?
+      end
     end
   end
 end

data/app/forms/decidim/initiatives/vote_form.rb ADDED

@@ -0,0 +1,151 @@
+# frozen_string_literal: true
+require "virtus/multiparams"
+module Decidim
+  module Initiatives
+    # A form object used to collect the data for a new initiative.
+    class VoteForm < Form
+      include TranslatableAttributes
+      include Virtus::Multiparams
+      mimic :initiatives_vote
+      attribute :name_and_surname, String
+      attribute :document_number, String
+      attribute :date_of_birth, Date
+      attribute :postal_code, String
+      attribute :encrypted_metadata, String
+      attribute :hash_id, String
+      attribute :initiative_id, Integer
+      attribute :author_id, Integer
+      attribute :group_id, Integer
+      validates :name_and_surname, :document_number, :date_of_birth, :postal_code, presence: true, if: :required_personal_data?
+      validates :encrypted_metadata, presence: true, if: :required_personal_data?
+      validates :initiative_id, presence: true
+      validates :author_id, presence: true
+      validate :document_number_authorized, if: :required_personal_data?
+      validate :document_number_uniqueness, if: :required_personal_data?
+      validate :personal_data_consistent_with_metadata, if: :required_personal_data?
+      def initiative
+        @initiative ||= Decidim::Initiative.find_by(id: initiative_id)
+      end
+      delegate :scope, to: :initiative
+      def metadata
+        { name_and_surname: name_and_surname,
+          document_number: document_number,
+          date_of_birth: date_of_birth,
+          postal_code: postal_code }
+      end
+      def encrypted_metadata
+        @encrypted_metadata ||= encrypt_metadata
+      end
+      def hash_id
+        Digest::MD5.hexdigest(
+          "#{initiative_id}-#{document_number || author_id}-#{Rails.application.secrets.secret_key_base}"
+        )
+      end
+      def decrypted_metadata
+        return unless encrypted_metadata
+        encryptor.decrypt(encrypted_metadata)
+      end
+      protected
+      def required_personal_data?
+        initiative_type&.collect_user_extra_fields?
+      end
+      def initiative_type
+        @initiative_type ||= initiative&.scoped_type&.type
+      end
+      def encryptor
+        @encryptor ||= DataEncryptor.new(secret: "personal user metadata")
+      end
+      def encrypt_metadata
+        return unless required_personal_data?
+        encryptor.encrypt(metadata)
+      end
+      def document_number_authorized
+        return if initiative.document_number_authorization_handler.blank?
+        errors.add(:document_number, :invalid) unless authorized? && authorization_handler && authorization.unique_id == authorization_handler.unique_id
+      end
+      def document_number_uniqueness
+        errors.add(:document_number, :taken) if initiative.votes.where(hash_id: hash_id).exists?
+      end
+      def personal_data_consistent_with_metadata
+        return if initiative.document_number_authorization_handler.blank?
+        errors.add(:base, :invalid) unless authorized? &&
+                                           authorization_handler &&
+                                           authorization_handler_metadata_variations.any? { |variation| authorization.metadata.symbolize_keys == variation.symbolize_keys }
+      end
+      def author
+        @author ||= current_organization.users.find_by(id: author_id)
+      end
+      def authorization
+        return unless author && handler_name
+        @authorization ||= Verifications::Authorizations.new(organization: author.organization, user: author, name: handler_name).first
+      end
+      def authorization_status
+        return unless authorization
+        Decidim::Verifications::Adapter.from_element(handler_name).authorize(authorization, {}, nil, nil)
+      end
+      def authorized?
+        authorization_status&.first == :ok
+      end
+      def handler_name
+        initiative.document_number_authorization_handler
+      end
+      def authorization_handler
+        return unless document_number && handler_name
+        @authorization_handler ||= Decidim::AuthorizationHandler.handler_for(handler_name,
+                                                                             document_number: document_number,
+                                                                             name_and_surname: name_and_surname,
+                                                                             date_of_birth: date_of_birth,
+                                                                             postal_code: postal_code,
+                                                                             scope_id: scope&.id)
+      end
+      def authorization_handler_metadata_variations
+        return [] unless authorization_handler && scope.present?
+        scope.children.map do |child_scope|
+          Decidim::AuthorizationHandler.handler_for(handler_name,
+                                                    document_number: document_number,
+                                                    name_and_surname: name_and_surname,
+                                                    date_of_birth: date_of_birth,
+                                                    postal_code: postal_code,
+                                                    scope_id: child_scope&.id)
+        end.unshift(authorization_handler).map(&:metadata)
+      end
+    end
+  end
+end