decidim-participatory_documents 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 948f2ce3751047c3b4c93d8aabae2162612947b59468315bf241504324132f0e
-  data.tar.gz: 7ca9e90b7d71c5675f42d4a474dd951f24be9dc06f8fa192ef8bcb755ce81482
+  metadata.gz: d15ab2a26c0e881ac9828a12577a6eab25ba5bf170f19d35401c9a7c878e66e5
+  data.tar.gz: aa488aea6b962f8442807ad0d7e74f87c3a08eee861f584c0015e03dc21c13a6
 SHA512:
-  metadata.gz: ae6c812bfb33537c0945e3d0bb1d3fa11c81a86c65d5dde2016fe2965b8f265ed719e0b167c0613e20bc2de0cd223c49dfc503353536e00ca0e963d89a86385c
-  data.tar.gz: 23fb8126196662085bc24f3fb3a74c78ab0dcbc733c011fe3e36685b02c9acd1da5a6f1af735a4baeb1aaaba79f897f540c55f6d58be8aaca9f4b5ddeba8fa8b
+  metadata.gz: ca9cd0de450e692d5ea0b05d2fe2f7a19ecb43fc9e3aed8b465b6a1e8a38692782f319d31828bc23b3ddd528fe880626e973a3ed1e72c4bb776a10e5686c111b
+  data.tar.gz: aac05750446931a873b85b1851b0a12d089a07c7ba07d55d21ef9abc82159a72ba1be70cdf3104388e1156ca8ab2b65fcae8ab34f26dffa4474746eb6fcf0b12

data/.github/workflows/test.yml

@@ -36,6 +36,13 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 1
+      - uses: nanasess/setup-chromedriver@v2
+        with:
+          chromedriver-version: 119.0.6045.105
+
+      - uses: nanasess/setup-chromedriver@v2
+        with:
+          chromedriver-version: 119.0.6045.105
 
       - uses: ruby/setup-ruby@v1
         with:

data/Gemfile.lock

@@ -1,12 +1,13 @@
 PATH
   remote: .
   specs:
-    decidim-participatory_documents (0.2.1)
+    decidim-participatory_documents (0.2.2)
       decidim-core (>= 0.27.0, < 0.28)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    abbrev (0.1.2)
     actioncable (6.1.7.6)
       actionpack (= 6.1.7.6)
       activesupport (= 6.1.7.6)
@@ -159,53 +160,53 @@ GEM
     db-query-matchers (0.10.0)
       activesupport (>= 4.0, < 7)
       rspec (~> 3.0)
-    decidim (0.27.4)
-      decidim-accountability (= 0.27.4)
-      decidim-admin (= 0.27.4)
-      decidim-api (= 0.27.4)
-      decidim-assemblies (= 0.27.4)
-      decidim-blogs (= 0.27.4)
-      decidim-budgets (= 0.27.4)
-      decidim-comments (= 0.27.4)
-      decidim-core (= 0.27.4)
-      decidim-debates (= 0.27.4)
-      decidim-forms (= 0.27.4)
-      decidim-generators (= 0.27.4)
-      decidim-meetings (= 0.27.4)
-      decidim-pages (= 0.27.4)
-      decidim-participatory_processes (= 0.27.4)
-      decidim-proposals (= 0.27.4)
-      decidim-sortitions (= 0.27.4)
-      decidim-surveys (= 0.27.4)
-      decidim-system (= 0.27.4)
-      decidim-templates (= 0.27.4)
-      decidim-verifications (= 0.27.4)
-    decidim-accountability (0.27.4)
-      decidim-comments (= 0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-admin (0.27.4)
+    decidim (0.27.5)
+      decidim-accountability (= 0.27.5)
+      decidim-admin (= 0.27.5)
+      decidim-api (= 0.27.5)
+      decidim-assemblies (= 0.27.5)
+      decidim-blogs (= 0.27.5)
+      decidim-budgets (= 0.27.5)
+      decidim-comments (= 0.27.5)
+      decidim-core (= 0.27.5)
+      decidim-debates (= 0.27.5)
+      decidim-forms (= 0.27.5)
+      decidim-generators (= 0.27.5)
+      decidim-meetings (= 0.27.5)
+      decidim-pages (= 0.27.5)
+      decidim-participatory_processes (= 0.27.5)
+      decidim-proposals (= 0.27.5)
+      decidim-sortitions (= 0.27.5)
+      decidim-surveys (= 0.27.5)
+      decidim-system (= 0.27.5)
+      decidim-templates (= 0.27.5)
+      decidim-verifications (= 0.27.5)
+    decidim-accountability (0.27.5)
+      decidim-comments (= 0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-admin (0.27.5)
       active_link_to (~> 1.0)
-      decidim-core (= 0.27.4)
+      decidim-core (= 0.27.5)
       devise (~> 4.7)
       devise-i18n (~> 1.2)
-      devise_invitable (~> 2.0)
-    decidim-api (0.27.4)
+      devise_invitable (~> 2.0, >= 2.0.9)
+    decidim-api (0.27.5)
       graphql (~> 1.12, < 1.13)
       graphql-docs (~> 2.1.0)
       rack-cors (~> 1.0)
-    decidim-assemblies (0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-blogs (0.27.4)
-      decidim-admin (= 0.27.4)
-      decidim-comments (= 0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-budgets (0.27.4)
-      decidim-comments (= 0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-comments (0.27.4)
-      decidim-core (= 0.27.4)
+    decidim-assemblies (0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-blogs (0.27.5)
+      decidim-admin (= 0.27.5)
+      decidim-comments (= 0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-budgets (0.27.5)
+      decidim-comments (= 0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-comments (0.27.5)
+      decidim-core (= 0.27.5)
       redcarpet (~> 3.5, >= 3.5.1)
-    decidim-core (0.27.4)
+    decidim-core (0.27.5)
       active_link_to (~> 1.0)
       acts_as_list (~> 0.9)
       batch-loader (~> 1.2)
@@ -215,7 +216,7 @@ GEM
       cells-rails (~> 0.1.3)
       charlock_holmes (~> 0.7)
       date_validator (~> 0.12.0)
-      decidim-api (= 0.27.4)
+      decidim-api (= 0.27.5)
       devise (~> 4.7)
       devise-i18n (~> 1.2)
       diffy (~> 3.3)
@@ -256,15 +257,15 @@ GEM
       webpacker (= 6.0.0.rc.5)
       webpush (~> 1.1)
       wisper (~> 2.0)
-    decidim-debates (0.27.4)
-      decidim-comments (= 0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-dev (0.27.4)
+    decidim-debates (0.27.5)
+      decidim-comments (= 0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-dev (0.27.5)
       axe-core-rspec (~> 4.1.0)
       byebug (~> 11.0)
       capybara (~> 3.24)
       db-query-matchers (~> 0.10.0)
-      decidim (= 0.27.4)
+      decidim (= 0.27.5)
       erb_lint (~> 0.0.35)
       factory_bot_rails (~> 4.8)
       i18n-tasks (~> 0.9.18)
@@ -287,45 +288,45 @@ GEM
       w3c_rspec_validators (~> 0.3.0)
       webmock (~> 3.6)
       wisper-rspec (~> 1.0)
-    decidim-forms (0.27.4)
-      decidim-core (= 0.27.4)
+    decidim-forms (0.27.5)
+      decidim-core (= 0.27.5)
       wicked_pdf (~> 2.1)
       wkhtmltopdf-binary (~> 0.12)
-    decidim-generators (0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-meetings (0.27.4)
-      decidim-core (= 0.27.4)
-      decidim-forms (= 0.27.4)
+    decidim-generators (0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-meetings (0.27.5)
+      decidim-core (= 0.27.5)
+      decidim-forms (= 0.27.5)
       icalendar (~> 2.5)
-    decidim-pages (0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-participatory_processes (0.27.4)
-      decidim-core (= 0.27.4)
-    decidim-proposals (0.27.4)
-      decidim-comments (= 0.27.4)
-      decidim-core (= 0.27.4)
+    decidim-pages (0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-participatory_processes (0.27.5)
+      decidim-core (= 0.27.5)
+    decidim-proposals (0.27.5)
+      decidim-comments (= 0.27.5)
+      decidim-core (= 0.27.5)
       doc2text (~> 0.4.5)
       redcarpet (~> 3.5, >= 3.5.1)
-    decidim-sortitions (0.27.4)
-      decidim-admin (= 0.27.4)
-      decidim-comments (= 0.27.4)
-      decidim-core (= 0.27.4)
-      decidim-proposals (= 0.27.4)
-    decidim-surveys (0.27.4)
-      decidim-core (= 0.27.4)
-      decidim-forms (= 0.27.4)
-      decidim-templates (= 0.27.4)
-    decidim-system (0.27.4)
+    decidim-sortitions (0.27.5)
+      decidim-admin (= 0.27.5)
+      decidim-comments (= 0.27.5)
+      decidim-core (= 0.27.5)
+      decidim-proposals (= 0.27.5)
+    decidim-surveys (0.27.5)
+      decidim-core (= 0.27.5)
+      decidim-forms (= 0.27.5)
+      decidim-templates (= 0.27.5)
+    decidim-system (0.27.5)
       active_link_to (~> 1.0)
-      decidim-core (= 0.27.4)
+      decidim-core (= 0.27.5)
       devise (~> 4.7)
       devise-i18n (~> 1.2)
-      devise_invitable (~> 2.0)
-    decidim-templates (0.27.4)
-      decidim-core (= 0.27.4)
-      decidim-forms (= 0.27.4)
-    decidim-verifications (0.27.4)
-      decidim-core (= 0.27.4)
+      devise_invitable (~> 2.0, >= 2.0.9)
+    decidim-templates (0.27.5)
+      decidim-core (= 0.27.5)
+      decidim-forms (= 0.27.5)
+    decidim-verifications (0.27.5)
+      decidim-core (= 0.27.5)
     declarative-builder (0.1.0)
       declarative-option (< 0.2.0)
     declarative-option (0.1.0)
@@ -339,7 +340,7 @@ GEM
       warden (~> 1.2.3)
     devise-i18n (1.12.0)
       devise (>= 4.9.0)
-    devise_invitable (2.0.8)
+    devise_invitable (2.0.9)
       actionmailer (>= 5.0)
       devise (>= 4.6)
     diff-lcs (1.5.0)
@@ -412,7 +413,8 @@ GEM
       sass (~> 3.4)
     hashdiff (1.0.1)
     hashie (5.0.0)
-    highline (2.1.0)
+    highline (3.0.0)
+      abbrev
     hkdf (0.3.0)
     html-pipeline (2.14.3)
       activesupport (>= 2)
@@ -431,7 +433,7 @@ GEM
       rails-i18n
       rainbow (>= 2.2.2, < 4.0)
       terminal-table (>= 1.5.1)
-    icalendar (2.9.0)
+    icalendar (2.10.1)
       ice_cube (~> 0.16)
     ice_cube (0.16.4)
     ice_nine (0.11.2)
@@ -440,7 +442,7 @@ GEM
       ruby-vips (>= 2.0.17, < 3)
     invisible_captcha (0.13.0)
       rails (>= 3.2.0)
-    json (2.6.3)
+    json (2.7.1)
     jwt (2.7.1)
     kaminari (1.2.2)
       activesupport (>= 4.1.0)
@@ -571,7 +573,7 @@ GEM
       net-smtp
       premailer (~> 1.7, >= 1.7.9)
     public_suffix (5.0.3)
-    puma (5.6.7)
+    puma (5.6.8)
       nio4r (~> 2.0)
     racc (1.7.1)
     rack (2.2.8)
@@ -641,9 +643,9 @@ GEM
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
       rspec-mocks (~> 3.12.0)
-    rspec-cells (0.3.8)
+    rspec-cells (0.3.9)
       cells (>= 4.0.0, < 6.0.0)
-      rspec-rails (>= 3.0.0, < 6.1.0)
+      rspec-rails (>= 3.0.0, < 6.2.0)
     rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
     rspec-expectations (3.12.3)
@@ -800,8 +802,8 @@ DEPENDENCIES
   bootsnap (~> 1.7)
   byebug (~> 11.0)
   codecov
-  decidim (= 0.27.4)
-  decidim-dev (= 0.27.4)
+  decidim (= 0.27.5)
+  decidim-dev (= 0.27.5)
   decidim-participatory_documents!
   faker (~> 2.14)
   letter_opener_web (~> 1.3)
@@ -816,4 +818,4 @@ RUBY VERSION
    ruby 3.0.6p216
 
 BUNDLED WITH
-   2.3.20
+   2.4.22

data/README.md

@@ -41,8 +41,10 @@ Depending on your Decidim version, you can choose the corresponding version to e
 
 ## Usage
 
-TODO...
+This module adds a new component to Decidim called `Participatory Documents` that allows to upload PDFs and define areas on top of it that will become spaces for suggestions or comments.
 
+The administrator must upload a PDF file and then define areas on top of it by drawing polygons. 
+Each area will become a new zone that will allow users to create suggestions.
 
 ## Configuration
 
@@ -66,6 +68,14 @@ Decidim::ParticipatoryDocuments.configure do |config|
 end
 ```
 
+## Antivirus compatibility
+
+This module has a builtin compatibility with https://github.com/mainio/decidim-module-antivirus to scan the uploaded documents (it is also possible to directly use the gem https://github.com/mainio/ratonvirus if configuring it in a initializer).
+
+If the antivirus is not installed, the module will still work but the documents will not be scanned.
+
+> Note: this module only checks for the existance of the class `AntivirusValidator` so it is possible to use any other antivirus validator as well (a custom one for instance).
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/openpoke/decidim-module-participatory-documents.

data/app/cells/decidim/participatory_documents/suggestion/admin_answer.erb

@@ -3,5 +3,5 @@
       <strong><%= answered_at %></strong>
       <strong><%= t("suggestion_answer", scope: "decidim.participatory_documents.document") %></strong>
     </div>
-  <%= translated_attribute(model.answer) %>
+  <%= sanitize translated_attribute(model.answer) %>
 </div>

data/app/commands/decidim/participatory_documents/admin/create_document.rb

@@ -21,8 +21,12 @@ module Decidim
               create_document
             end
             broadcast(:ok, document)
-          rescue ActiveRecord::RecordInvalid
-            form.errors.add(:file, document.errors[:file]) if document.errors.include? :file
+          rescue ActiveRecord::RecordInvalid => e
+            if document&.errors&.include? :file
+              form.errors.add(:file, document.errors[:file])
+            else
+              form.errors.add(:file, e.message)
+            end
             broadcast(:invalid)
           end
         end

data/app/controllers/decidim/participatory_documents/admin/documents_controller.rb

@@ -22,7 +22,7 @@ module Decidim
 
         def new
           enforce_permission_to :create, :participatory_document
-          @form = form(DocumentForm).from_params(params)
+          @form = form(DocumentForm).instance
         end
 
         def create

data/app/controllers/decidim/participatory_documents/admin/suggestions_controller.rb

@@ -11,7 +11,8 @@ module Decidim
         helper Decidim::ParticipatoryDocuments::Admin::SuggestionHelper
         helper Decidim::Messaging::ConversationHelper
 
-        helper_method :suggestions, :suggestion, :notes_form, :find_valuators_for_select, :suggestion_ids, :suggestion_find
+        helper_method :suggestions, :suggestion, :notes_form, :find_valuators_for_select, :suggestion_ids,
+                      :suggestion_find, :valuator_assigned_to_suggestion?
 
         def show
           enforce_permission_to :show, :suggestion, suggestion: suggestion
@@ -174,6 +175,13 @@ module Decidim
             [valuator.name, role.id]
           end
         end
+
+        def valuator_assigned_to_suggestion?
+          @valuator_assigned_to_suggestion ||=
+            Decidim::ParticipatoryDocuments::ValuationAssignment
+            .where(suggestion: suggestion, valuator_role: valuator_roles)
+            .any?
+        end
       end
     end
   end

data/app/controllers/decidim/participatory_documents/admin/valuation_assignments_controller.rb

@@ -4,8 +4,10 @@ module Decidim
   module ParticipatoryDocuments
     module Admin
       class ValuationAssignmentsController < Admin::ApplicationController
+        helper_method :suggestion
+
         def create
-          enforce_permission_to :assign_to_valuator, :suggestions
+          enforce_permission_to :assign_to_valuator, :suggestions, suggestion: suggestion
 
           @form = form(Admin::ValuationAssignmentForm).from_params(params)
 
@@ -25,7 +27,7 @@ module Decidim
         def destroy
           @form = form(Admin::ValuationAssignmentForm).from_params(destroy_params)
 
-          enforce_permission_to :unassign_from_valuator, :suggestions, valuator: @form.valuator_user
+          enforce_permission_to :unassign_from_valuator, :suggestions, valuator: @form.valuator_user, suggestion: suggestion
 
           Admin::UnassignSuggestionsFromValuator.call(@form) do
             on(:ok) do |_proposal|
@@ -46,6 +48,10 @@ module Decidim
 
         private
 
+        def suggestion
+          @suggestion ||= Decidim::ParticipatoryDocuments::Suggestion.find(params[:suggestion_ids] || [params[:suggestion_id]])
+        end
+
         def destroy_params
           {
             id: params.dig(:valuator_role, :id) || params[:id],

data/app/forms/decidim/participatory_documents/admin/document_form.rb

@@ -14,16 +14,23 @@ module Decidim
 
         attribute :box_color, String, default: "#1e98d7"
         attribute :box_opacity, Integer, default: 12
+        attribute :organization
 
         attribute :file, Decidim::Attributes::Blob
         attribute :remove_file, Boolean, default: false
 
+        validates :file, passthru: { to: Document }, if: ->(form) { form.file.present? }
         validates :file, file_content_type: { allow: ["application/pdf"] }
+
         # ensure color and opacity are present
         def map_model(doc)
           self.box_color = doc.box_color.presence || "#1e98d7"
           self.box_opacity = doc.box_opacity.presence || 12
         end
+
+        def organization
+          attributes[:organization] || current_organization
+        end
       end
     end
   end

data/app/models/decidim/participatory_documents/document.rb

@@ -17,6 +17,8 @@ module Decidim
 
       has_one_attached :file
       validates_upload :file, uploader: Decidim::ParticipatoryDocuments::PdfDocumentUploader
+      # compatibility with ratonvirus (see https://github.com/mainio/decidim-module-antivirus)
+      validates :file, antivirus: true if ParticipatoryDocuments.antivirus_enabled
 
       has_many :sections, class_name: "Decidim::ParticipatoryDocuments::Section", dependent: :restrict_with_error
       has_many :suggestions, class_name: "Decidim::ParticipatoryDocuments::Suggestion", dependent: :restrict_with_error, as: :suggestable
@@ -24,6 +26,15 @@ module Decidim
 
       attr_accessor :remove_file
 
+      # the dynamic upload validator requires the organization,
+      # if the object is not created yet is assigned from the context by the UploadValidationForm using this method
+      attr_writer :organization
+
+      # override the delegate from HasComponent for the dynamic upload validator
+      def organization
+        component&.organization || @organization
+      end
+
       def self.log_presenter_class_for(_log)
         Decidim::ParticipatoryDocuments::AdminLog::DocumentPresenter
       end

data/app/permissions/decidim/participatory_documents/admin/permissions.rb

@@ -19,11 +19,11 @@ module Decidim
           if valuator_assigned_to_suggestion?
             can_create_suggestion_note?
             can_create_suggestion_answer?
+            valuator_can_assign_or_unassign_valuator_from_suggestions?
             allow! if action_is_show_on_suggestion?
           elsif action_is_show_on_suggestion?
             disallow!
           end
-          valuator_can_unassign_valuator_from_suggestions?
         end
 
         def handle_general_permissions
@@ -84,16 +84,8 @@ module Decidim
           permission_action.action == :create
         end
 
-        def can_unassign_valuator_from_suggestions?
-          allow! if permission_action.subject == :suggestions && permission_action.action == :unassign_from_valuator
-        end
-
-        def valuator_can_unassign_valuator_from_suggestions?
-          can_unassign_valuator_from_suggestions? if user == context.fetch(:valuator, nil)
-
-          return unless permission_action.action == :assign_to_valuator && permission_action.subject == :suggestions
-
-          allow!
+        def valuator_can_assign_or_unassign_valuator_from_suggestions?
+          allow! if permission_action.action == :unassign_from_valuator || permission_action.action == :assign_to_valuator
         end
 
         def admin_suggestion_answering_is_enabled?

data/app/views/decidim/participatory_documents/admin/documents/edit_pdf.html.erb

@@ -3,6 +3,7 @@
     <h2 class="card-title flex--sbc">
       <%= translated_attribute(current_component.name) %>
       <%= render "title", button: :back %>
+      <div class="flex--cc flex-gap--1"><%= preview_sections_btn %></div>
     </h2>
   </div>
   <div class="card-section pdf-viewer-container">

data/app/views/decidim/participatory_documents/admin/suggestions/_add_valuators.html.erb

@@ -1,4 +1,4 @@
-<% if allowed_to? :assign_to_valuator, :suggestions %>
+<% if valuator_assigned_to_suggestion? || current_user.admin? %>
   <div id="js-assign-suggestion-to-valuator-actions" class="form-single-suggestion"
        style="max-width:400px">
     <%= form_tag(document_valuation_assignment_path(document), method: :post, id: "js-form-assign-suggestion-to-valuator",

data/app/views/decidim/participatory_documents/admin/suggestions/_valuators.html.erb

@@ -20,8 +20,7 @@
                       presented_valuator.profile_path,
                       target: :blank
                     ) %>
-
-                <% if allowed_to? :unassign_from_valuator, :suggestions, valuator: assignment.valuator %>
+                <% if valuator_assigned_to_suggestion? || current_user.admin? %>
                   <%= icon_link_to(
                         "circle-x",
                         document_suggestion_valuation_assignment_path(document, suggestion, assignment.valuator_role),

data/app/views/decidim/participatory_documents/documents/index.html.erb

@@ -1,7 +1,7 @@
 <% if document.present? && document.file.attached? %>
   <div class="row">
-    <%= content_tag(:h3, translated_attribute(document.title), class: "title") if translated_attribute(document.title).present? %>
-    <%= content_tag(:p, translated_attribute(document.description).html_safe, class: "description") if translated_attribute(document.description).present? %>
+    <%= content_tag(:h3, sanitize(translated_attribute(document.title)), class: "title") if translated_attribute(document.title).present? %>
+    <%= content_tag(:p, sanitize(translated_attribute(document.description)), class: "description") if translated_attribute(document.description).present? %>
     <% if preview_mode? %>
       <div class="callout announcement mb-sm warning cell-announcement">
         <p class="heading5"><%= t("decidim.participatory_documents.documents.preview_title") %></p>