decidim-initiatives 0.22.0 → 0.23.0

data/app/controllers/decidim/initiatives/initiative_votes_controller.rb

@@ -13,9 +13,14 @@ module Decidim
 
       # POST /initiatives/:initiative_id/initiative_vote
       def create
-        enforce_permission_to :vote, :initiative, initiative: current_initiative, group_id: params[:group_id]
-        @form = form(Decidim::Initiatives::VoteForm).from_params(initiative_id: current_initiative.id, author_id: current_user.id, group_id: params[:group_id])
-        VoteInitiative.call(@form, current_user) do
+        enforce_permission_to :vote, :initiative, initiative: current_initiative
+
+        @form = form(Decidim::Initiatives::VoteForm).from_params(
+          initiative: current_initiative,
+          signer: current_user
+        )
+
+        VoteInitiative.call(@form) do
           on(:ok) do
             current_initiative.reload
             render :update_buttons_and_counters
@@ -31,8 +36,9 @@ module Decidim
 
       # DELETE /initiatives/:initiative_id/initiative_vote
       def destroy
-        enforce_permission_to :unvote, :initiative, initiative: current_initiative, group_id: params[:group_id]
-        UnvoteInitiative.call(current_initiative, current_user, params[:group_id]) do
+        enforce_permission_to :unvote, :initiative, initiative: current_initiative
+
+        UnvoteInitiative.call(current_initiative, current_user) do
           on(:ok) do
             current_initiative.reload
             render :update_buttons_and_counters

data/app/controllers/decidim/initiatives/initiatives_controller.rb

@@ -19,7 +19,6 @@ module Decidim
       helper PaginateHelper
       helper InitiativeHelper
       include InitiativeSlug
-
       include FilterResource
       include Paginable
       include Decidim::Initiatives::Orderable
@@ -32,6 +31,17 @@ module Decidim
       # GET /initiatives
       def index
         enforce_permission_to :list, :initiative
+
+        return unless search.results.blank? && params.dig("filter", "state") != %w(closed)
+
+        @closed_initiatives = search_klass.new(search_params.merge(state: %w(closed)))
+
+        if @closed_initiatives.results.present?
+          params[:filter] ||= {}
+          params[:filter][:date] = %w(closed)
+          @forced_closed_initiatives = true
+          @search = @closed_initiatives
+        end
       end
 
       # GET /initiatives/:id
@@ -39,15 +49,6 @@ module Decidim
         enforce_permission_to :read, :initiative, initiative: current_initiative
       end
 
-      # GET /initiatives/:id/signature_identities
-      def signature_identities
-        @voted_groups = InitiativesVote
-                        .supports
-                        .where(initiative: current_initiative, author: current_user)
-                        .pluck(:decidim_user_group_id)
-        render layout: false
-      end
-
       private
 
       alias current_initiative current_participatory_space

data/app/controllers/decidim/initiatives/initiatives_type_scopes_controller.rb

@@ -15,7 +15,15 @@ module Decidim
       private
 
       def scoped_types
-        @scoped_types ||= InitiativesType.find(params[:type_id]).scopes
+        @scoped_types ||= if initiative_type.only_global_scope_enabled?
+                            initiative_type.scopes.where(scope: nil)
+                          else
+                            initiative_type.scopes
+                          end
+      end
+
+      def initiative_type
+        @initiative_type ||= InitiativesType.find(params[:type_id])
       end
     end
   end

data/app/controllers/decidim/initiatives/{initiative_widgets_controller.rb → widgets_controller.rb}

@@ -3,7 +3,7 @@
 module Decidim
   module Initiatives
     # This controller provides a widget that allows embedding the initiative
-    class InitiativeWidgetsController < Decidim::WidgetsController
+    class WidgetsController < Decidim::WidgetsController
       helper InitiativesHelper
       helper PaginateHelper
       helper InitiativeHelper
@@ -23,7 +23,7 @@ module Decidim
       end
 
       def iframe_url
-        @iframe_url ||= initiative_initiative_widget_url(model)
+        @iframe_url ||= initiative_widget_url(model)
       end
     end
   end

data/app/forms/decidim/initiatives/admin/initiative_form.rb

@@ -19,7 +19,7 @@ module Decidim
         attribute :signature_start_date, Decidim::Attributes::LocalizedDate
         attribute :signature_end_date, Decidim::Attributes::LocalizedDate
         attribute :hashtag, String
-        attribute :offline_votes, Integer
+        attribute :offline_votes, Hash[String => Integer]
         attribute :state, String
         attribute :attachment, AttachmentForm
 
@@ -35,18 +35,29 @@ module Decidim
           form.signature_start_date.blank? && form.signature_end_date.present?
         }
 
-        validates :offline_votes,
-                  numericality: {
-                    only_integer: true,
-                    greater_than: 0
-                  }, allow_blank: true
-
         validate :notify_missing_attachment_if_errored
         validate :area_is_not_removed
 
         def map_model(model)
           self.type_id = model.type.id
           self.decidim_scope_id = model.scope&.id
+          self.offline_votes = model.offline_votes
+
+          if offline_votes.empty?
+            self.offline_votes = model.votable_initiative_type_scopes.each_with_object({}) do |initiative_scope_type, all_votes|
+              all_votes[initiative_scope_type.decidim_scopes_id || "global"] = [0, initiative_scope_type.scope_name]
+            end
+          else
+            offline_votes.delete("total")
+            self.offline_votes = offline_votes.each_with_object({}) do |(decidim_scope_id, votes), all_votes|
+              scope_name = model.votable_initiative_type_scopes.find do |initiative_scope_type|
+                initiative_scope_type.global_scope? && decidim_scope_id == "global" ||
+                  initiative_scope_type.decidim_scopes_id == decidim_scope_id.to_i
+              end.scope_name
+
+              all_votes[decidim_scope_id || "global"] = [votes, scope_name]
+            end
+          end
         end
 
         def signature_type_updatable?
@@ -67,7 +78,7 @@ module Decidim
         def scoped_type_id
           return unless type && decidim_scope_id
 
-          type.scopes.find_by!(decidim_scopes_id: decidim_scope_id).id
+          type.scopes.find_by(decidim_scopes_id: decidim_scope_id.presence).id
         end
 
         def area

data/app/forms/decidim/initiatives/admin/initiative_type_form.rb

@@ -17,6 +17,8 @@ module Decidim
         attribute :attachments_enabled, Boolean
         attribute :custom_signature_end_date_enabled, Boolean
         attribute :area_enabled, Boolean
+        attribute :child_scope_threshold_enabled, Boolean
+        attribute :only_global_scope_enabled, Boolean
         attribute :promoting_committee_enabled, Boolean
         attribute :minimum_committee_members, Integer
         attribute :collect_user_extra_fields, Boolean
@@ -29,6 +31,7 @@ module Decidim
                   :area_enabled, :promoting_committee_enabled, inclusion: { in: [true, false] }
         validates :minimum_committee_members, numericality: { only_integer: true }, allow_nil: true
         validates :banner_image, presence: true, if: ->(form) { form.context.initiative_type.nil? }
+        validates :document_number_authorization_handler, presence: true, if: ->(form) { form.collect_user_extra_fields? }
 
         def minimum_committee_members=(value)
           super(value.presence)

data/app/forms/decidim/initiatives/initiative_form.rb

@@ -41,6 +41,8 @@ module Decidim
       end
 
       def scope_id
+        return nil if initiative_type.only_global_scope_enabled?
+
         super.presence
       end
 
@@ -48,12 +50,28 @@ module Decidim
         @area ||= current_organization.areas.find_by(id: area_id)
       end
 
+      def initiative_type
+        @initiative_type ||= InitiativesType.find(type_id)
+      end
+
+      def available_scopes
+        @available_scopes ||= if initiative_type.only_global_scope_enabled?
+                                initiative_type.scopes.where(scope: nil)
+                              else
+                                initiative_type.scopes
+                              end
+      end
+
+      def scope
+        @scope ||= Scope.find(scope_id) if scope_id.present?
+      end
+
       private
 
       def scope_exists
         return if scope_id.blank?
 
-        errors.add(:scope_id, :invalid) unless InitiativesTypeScope.where(decidim_initiatives_types_id: type_id, decidim_scopes_id: scope_id).exists?
+        errors.add(:scope_id, :invalid) unless InitiativesTypeScope.where(type: initiative_type, scope: scope).exists?
       end
 
       # This method will add an error to the `attachment` field only if there's
@@ -72,7 +90,10 @@ module Decidim
 
         attachment.errors.each { |error| errors.add(:attachment, error) }
 
-        attachment = Attachment.new(file: attachment.try(:file))
+        attachment = Attachment.new(
+          attached_to: attachment.try(:attached_to),
+          file: attachment.try(:file)
+        )
 
         errors.add(:attachment, :file) if !attachment.save && attachment.errors.has_key?(:file)
       end

data/app/forms/decidim/initiatives/vote_form.rb

@@ -19,112 +19,163 @@ module Decidim
       attribute :encrypted_metadata, String
       attribute :hash_id, String
 
-      attribute :initiative_id, Integer
-      attribute :author_id, Integer
-      attribute :group_id, Integer
+      attribute :initiative, Decidim::Initiative
+      attribute :signer, Decidim::User
 
-      validates :name_and_surname, :document_number, :date_of_birth, :postal_code, presence: true, if: :required_personal_data?
-      validates :encrypted_metadata, presence: true, if: :required_personal_data?
-      validates :initiative_id, presence: true
-      validates :author_id, presence: true
+      validates :initiative, :signer, presence: true
 
-      validate :document_number_authorized, if: :required_personal_data?
-      validate :document_number_uniqueness, if: :required_personal_data?
-      validate :personal_data_consistent_with_metadata, if: :required_personal_data?
-
-      def initiative
-        @initiative ||= Decidim::Initiative.find_by(id: initiative_id)
+      with_options if: :required_personal_data? do
+        validates :name_and_surname, :document_number, :date_of_birth, :postal_code, :encrypted_metadata, :hash_id, presence: true
+        validate :document_number_authorized?
+        validate :already_voted?
       end
 
       delegate :scope, to: :initiative
 
-      def metadata
-        { name_and_surname: name_and_surname,
-          document_number: document_number,
-          date_of_birth: date_of_birth,
-          postal_code: postal_code }
-      end
-
       def encrypted_metadata
-        @encrypted_metadata ||= encrypt_metadata
+        return unless required_personal_data?
+
+        @encrypted_metadata ||= encryptor.encrypt(metadata)
       end
 
+      # Public: The hash to uniquely identify an initiative vote. It uses the
+      # initiative scope as a default.
+      #
+      # Returns a String.
       def hash_id
-        Digest::MD5.hexdigest(
-          "#{initiative_id}-#{document_number || author_id}-#{Rails.application.secrets.secret_key_base}"
+        return unless initiative && (document_number || signer)
+
+        @hash_id ||= Digest::MD5.hexdigest(
+          [
+            initiative.id,
+            document_number || signer.id,
+            Rails.application.secrets.secret_key_base
+          ].compact.join("-")
         )
       end
 
-      def decrypted_metadata
-        return unless encrypted_metadata
+      # Public: Builds the list of scopes where the user is authorized to vote in. This is used when
+      # the initiative allows also voting on child scopes, not only the main scope.
+      #
+      # Instead of just listing the children of the main scope, we just want to select the ones that
+      # have been added to the InitiativeType with its voting settings.
+      #
+      def authorized_scopes
+        initiative.votable_initiative_type_scopes.select do |initiative_type_scope|
+          initiative_type_scope.global_scope? ||
+            initiative_type_scope.scope == user_authorized_scope ||
+            initiative_type_scope.scope.ancestor_of?(user_authorized_scope)
+        end.flat_map(&:scope)
+      end
+
+      # Public: Finds the scope the user has an authorization for, this way the user can vote
+      # on that scope and its parents.
+      #
+      # This is can be used to allow users that are authorized with a children
+      # scope to sign an initiative with a parent scope.
+      #
+      # As an example: A city (global scope) has many districts (scopes with
+      # parent nil), and each district has different neighbourhoods (with its
+      # parent as a district). If we setup the authorization handler to match
+      # a neighbourhood, the same authorization can be used to participate
+      # in district, neighbourhoods or city initiatives.
+      #
+      # Returns a Decidim::Scope.
+      def user_authorized_scope
+        return scope if handler_name.blank?
+        return unless authorized?
+
+        @user_authorized_scope ||= authorized_scope_candidates.find do |scope|
+          scope&.id == authorization.metadata.symbolize_keys[:scope_id]
+        end
+      end
+
+      # Public: Builds a list of Decidim::Scopes where the user could have a
+      # valid authorization.
+      #
+      # If the intiative is set with a global scope (meaning the scope is nil),
+      # all the scopes in the organizaton are valid.
+      #
+      # Returns an array of Decidim::Scopes.
+      def authorized_scope_candidates
+        authorized_scope_candidates = [initiative.scope]
+        authorized_scope_candidates += if initiative.scope.present?
+                                         initiative.scope.descendants
+                                       else
+                                         initiative.organization.scopes
+                                       end
+        authorized_scope_candidates.uniq
+      end
 
-        encryptor.decrypt(encrypted_metadata)
+      def metadata
+        {
+          name_and_surname: name_and_surname,
+          document_number: document_number,
+          date_of_birth: date_of_birth,
+          postal_code: postal_code
+        }
       end
 
       protected
 
+      # Private: Whether the personal data given when signing the initiative should
+      # be stored together with the vote or not.
+      #
+      # Returns a Boolean.
       def required_personal_data?
-        initiative_type&.collect_user_extra_fields?
+        @required_personal_data ||= initiative&.type&.collect_user_extra_fields?
       end
 
-      def initiative_type
-        @initiative_type ||= initiative&.scoped_type&.type
-      end
-
-      def encryptor
-        @encryptor ||= DataEncryptor.new(secret: "personal user metadata")
-      end
-
-      def encrypt_metadata
-        return unless required_personal_data?
-
-        encryptor.encrypt(metadata)
-      end
-
-      def document_number_authorized
+      # Private: Checks that the unique hash computed from the authorization
+      # and the user provided data match.
+      #
+      # This prevents users that know partial data from another user to sign
+      # initiatives with someone elses identity.
+      def document_number_authorized?
         return if initiative.document_number_authorization_handler.blank?
 
         errors.add(:document_number, :invalid) unless authorized? && authorization_handler && authorization.unique_id == authorization_handler.unique_id
       end
 
-      def document_number_uniqueness
-        errors.add(:document_number, :taken) if initiative.votes.where(hash_id: hash_id).exists?
-      end
-
-      def personal_data_consistent_with_metadata
-        return if initiative.document_number_authorization_handler.blank?
-
-        errors.add(:base, :invalid) unless authorized? &&
-                                           authorization_handler &&
-                                           authorization_handler_metadata_variations.any? do |variation|
-                                             authorization.metadata.symbolize_keys.except(:extras) == variation.symbolize_keys.except(:extras)
-                                           end
+      # Private: Checks if there's any existing vote that matches the user's data.
+      def already_voted?
+        errors.add(:document_number, :taken) if initiative.votes.where(hash_id: hash_id, scope: scope).exists?
       end
 
       def author
         @author ||= current_organization.users.find_by(id: author_id)
       end
 
+      # Private: Finds an authorization for the user signing the initiative and
+      # the configured handler.
       def authorization
-        return unless author && handler_name
-
-        @authorization ||= Verifications::Authorizations.new(organization: author.organization, user: author, name: handler_name).first
-      end
-
-      def authorization_status
-        return unless authorization
+        return unless signer && handler_name
 
-        Decidim::Verifications::Adapter.from_element(handler_name).authorize(authorization, {}, nil, nil)
+        @authorization ||= Verifications::Authorizations.new(
+          organization: signer.organization,
+          user: signer,
+          name: handler_name
+        ).first
       end
 
+      # Private: Checks if the authorization hasn't expired or is invalid.
       def authorized?
         authorization_status&.first == :ok
       end
 
-      def handler_name
-        initiative.document_number_authorization_handler
-      end
-
+      # Private: Builds an authorization handler with the data the user provided
+      # when signing the initiative.
+      #
+      # This is currently tied to authorization handlers that have, at least, these attributes:
+      #   * document_number
+      #   * name_and_surname
+      #   * date_of_birth
+      #   * postal_code
+      #
+      # Once we have the authorization handler we can use is to compute the
+      # unique_id and compare it to an existing authorization.
+      #
+      # Returns a Decidim::AuthorizationHandler.
       def authorization_handler
         return unless document_number && handler_name
 
@@ -132,21 +183,25 @@ module Decidim
                                                                              document_number: document_number,
                                                                              name_and_surname: name_and_surname,
                                                                              date_of_birth: date_of_birth,
-                                                                             postal_code: postal_code,
-                                                                             scope_id: scope&.id)
+                                                                             postal_code: postal_code)
       end
 
-      def authorization_handler_metadata_variations
-        return [] unless authorization_handler && scope.present?
+      # Private: The AuthorizationHandler name used to verify the user's
+      # document number.
+      #
+      # Returns a String.
+      def handler_name
+        initiative.document_number_authorization_handler
+      end
+
+      def authorization_status
+        return unless authorization
 
-        scope.children.map do |child_scope|
-          Decidim::AuthorizationHandler.handler_for(handler_name,
-                                                    document_number: document_number,
-                                                    name_and_surname: name_and_surname,
-                                                    date_of_birth: date_of_birth,
-                                                    postal_code: postal_code,
-                                                    scope_id: child_scope&.id)
-        end.unshift(authorization_handler).map(&:metadata)
+        Decidim::Verifications::Adapter.from_element(handler_name).authorize(authorization, {}, nil, nil)
+      end
+
+      def encryptor
+        @encryptor ||= DataEncryptor.new(secret: "personal user metadata")
       end
     end
   end