decidim-proposals 0.27.5 → 0.27.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d86dedc7c769a8efba7a3e155139f0e0668e31ffe54edafb51a49485479fef8
-  data.tar.gz: 1e8ea8f759a82484b1b1b93513c77d55d06b780e033f3cb13862cb46c6085b6b
+  metadata.gz: 1e291f2f0b2cac7faf278350614fa4d8eea1f12c514787a1102bc34f033c6c20
+  data.tar.gz: 26de14643cc5d736985bd35684628cd38b21618d5bfc065fa789f282d9fff8f5
 SHA512:
-  metadata.gz: 69f4c89eeea8892cb2906d9b87895615c79d47de2865391f661b79be144b9ad59a49f1532110c82ba4ac78dc7fc88f3317be07f94a30fcc814f9511a9285e94b
-  data.tar.gz: 06d799b876315ba91c6e97f73297f663e393094718122d7cb5c5677e2033d91a93c77797dcbe8a0e93a59d11796d6463d0013b281ad58ddef234e0546516e5bb
+  metadata.gz: c80f1d038c0c260680c3186cec61780b5d1cae0d66ed946014647b84cbb0ada6f8bf98cd478b65e78d1bf059495cf0fc66eeba76f80066025451d948f45d434b
+  data.tar.gz: 4187a7c435fda93c5212bdcb8e7feae60c826b72b0fd5be1bda96078f94c63c538f3371b6ef5a21c89771d51d8d728fa7bb3c872b2c9ed1968c298c7e237862c

data/app/cells/decidim/proposals/highlighted_proposals_for_component/show.erb

@@ -1,6 +1,6 @@
 <section class="section row collapse highlighted_proposals">
   <h3 class="section-heading">
-    <%= translated_attribute(model.name) %>  <a href="<%= main_component_path(model) %>" class="text-small"><%= t("decidim.participatory_spaces.highlighted_proposals.see_all", count: proposals_count) %></a>
+    <%= decidim_escape_translated(model.name) %>  <a href="<%= main_component_path(model) %>" class="text-small"><%= t("decidim.participatory_spaces.highlighted_proposals.see_all", count: proposals_count) %></a>
   </h3>
 
   <%= cell(

data/app/cells/decidim/proposals/participatory_text_proposal/buttons.erb

@@ -6,7 +6,7 @@
         <%= link_to resource_amendments_path, class: "column medium-4 button light secondary" do %>
           <%= visible_emendations.count %>
         <% end %>
-        <%= link_to amend_resource_path, class: "column button hollow secondary button--sc", disabled: amend_button_disabled? do %>
+        <%= action_authorized_link_to :amend, amend_resource_path, resource: model, data: { "redirect_url" => amend_resource_path }, class: "column button hollow secondary button--sc", disabled: amend_button_disabled? do %>
           <%= t("amend", scope: "decidim.proposals.participatory_text_proposal.buttons") %>
         <% end %>
       </div>
@@ -23,7 +23,7 @@
           <%= link_to resource_comments_path, class: "column medium-4 button light secondary" do %>
             <%= icon "comment-square", class: "icon--small", aria_label: t("comments", scope: "decidim.proposals.participatory_text_proposal.buttons"), role: "img" %> <%= model.comments_count %>
           <% end %>
-          <%= link_to resource_comments_path, class: "column button hollow secondary button--sc" do %>
+          <%= action_authorized_link_to :comment, resource_comments_path, resource: model, class: "column button hollow secondary button--sc" do %>
             <%= t("comment", scope: "decidim.proposals.participatory_text_proposal.buttons") %>
           <% end %>
         <% end %>

data/app/cells/decidim/proposals/proposal_tags/show.erb

@@ -3,8 +3,8 @@
     <% if category.present? %>
       <li>
         <%= link_to resource_locator(model).index(filter: { with_any_category: [category.id.to_s] }), title: t("decidim.tags.filter_results_for_category", resource: translated_attribute(category.name)) do %>
-          <span class="show-for-sr"><%= t "decidim.tags.filter_results_for_category", resource: translated_attribute(category.name) %></span>
-          <span aria-hidden="true"><%= translated_attribute(category.name) %></span>
+          <span class="show-for-sr"><%= t "decidim.tags.filter_results_for_category", resource: decidim_html_escape(translated_attribute(category.name)) %></span>
+          <span aria-hidden="true"><%= decidim_html_escape(translated_attribute(category.name)) %></span>
         <% end %>
         <% if previous_category.present? && show_previous_category? %>
           &nbsp;

data/app/controllers/decidim/proposals/widgets_controller.rb

@@ -5,15 +5,25 @@ module Decidim
     class WidgetsController < Decidim::WidgetsController
       helper Proposals::ApplicationHelper
 
+      def show
+        enforce_permission_to :embed, :proposal, proposal: model if model
+
+        super
+      end
+
       private
 
       def model
-        @model ||= Proposal.where(component: params[:component_id]).find(params[:proposal_id])
+        @model ||= Proposal.not_hidden.except_withdrawn.where(component: current_component).find(params[:proposal_id])
       end
 
       def iframe_url
         @iframe_url ||= proposal_widget_url(model)
       end
+
+      def permission_class_chain
+        [Decidim::Proposals::Permissions]
+      end
     end
   end
 end

data/app/helpers/decidim/proposals/application_helper.rb

@@ -151,7 +151,7 @@ module Decidim
       end
 
       def show_voting_rules?
-        return false unless votes_enabled?
+        return false if !votes_enabled? || current_settings.votes_blocked?
 
         return true if vote_limit_enabled?
         return true if threshold_per_proposal_enabled?

data/app/models/decidim/proposals/proposal.rb

@@ -96,11 +96,11 @@ module Decidim
       }
 
       scope :sort_by_valuation_assignments_count_asc, lambda {
-        order(Arel.sql("#{sort_by_valuation_assignments_count_nulls_last_query} ASC NULLS FIRST").to_s)
+        order(valuation_assignments_count: :asc)
       }
 
       scope :sort_by_valuation_assignments_count_desc, lambda {
-        order(Arel.sql("#{sort_by_valuation_assignments_count_nulls_last_query} DESC NULLS LAST").to_s)
+        order(valuation_assignments_count: :desc)
       }
 
       scope_search_multi :with_any_state, [:accepted, :rejected, :evaluating, :state_not_published]
@@ -333,18 +333,6 @@ module Decidim
         ProposalSearch.new(self, params, options)
       end
 
-      # Defines the base query so that ransack can actually sort by this value
-      def self.sort_by_valuation_assignments_count_nulls_last_query
-        <<-SQL.squish
-        (
-          SELECT COUNT(decidim_proposals_valuation_assignments.id)
-          FROM decidim_proposals_valuation_assignments
-          WHERE decidim_proposals_valuation_assignments.decidim_proposal_id = decidim_proposals_proposals.id
-          GROUP BY decidim_proposals_valuation_assignments.decidim_proposal_id
-        )
-        SQL
-      end
-
       # method to filter by assigned valuator role ID
       def self.valuator_role_ids_has(value)
         query = <<-SQL.squish

data/app/models/decidim/proposals/valuation_assignment.rb

@@ -9,7 +9,8 @@ module Decidim
       include Decidim::Traceable
       include Decidim::Loggable
 
-      belongs_to :proposal, foreign_key: "decidim_proposal_id", class_name: "Decidim::Proposals::Proposal"
+      belongs_to :proposal, foreign_key: "decidim_proposal_id", class_name: "Decidim::Proposals::Proposal",
+                            counter_cache: true
       belongs_to :valuator_role, polymorphic: true
 
       def self.log_presenter_class_for(_log)

data/app/packs/src/decidim/proposals/admin/proposals.js

@@ -47,6 +47,12 @@ $(() => {
     }
   }
 
+  const resetForms = function() {
+    $("#js-bulk-actions-dropdown button").each(function() {
+      $(`#js-form-${$(this).data("action")}`)[0].reset();
+    })
+  }
+
   const showOtherActionsButtons = function() {
     $("#js-other-actions-wrapper").removeClass("hide");
   }
@@ -68,6 +74,7 @@ $(() => {
   window.showOtherActionsButtons = showOtherActionsButtons;
   window.hideOtherActionsButtons = hideOtherActionsButtons;
   window.hideBulkActionForms = hideBulkActionForms;
+  window.resetForms = resetForms;
 
   if ($(".js-bulk-action-form").length) {
     hideBulkActionForms();

data/app/permissions/decidim/proposals/permissions.rb

@@ -4,6 +4,7 @@ module Decidim
   module Proposals
     class Permissions < Decidim::DefaultPermissions
       def permissions
+        allow_embed_proposal?
         return permission_action unless user
 
         # Delegate the admin permission checks to the admin permissions class
@@ -47,6 +48,14 @@ module Decidim
         @proposal ||= context.fetch(:proposal, nil) || context.fetch(:resource, nil)
       end
 
+      # As this is a public action, we need to run this before other checks
+      def allow_embed_proposal?
+        return unless permission_action.action == :embed && permission_action.subject == :proposal && proposal
+        return disallow! if proposal.withdrawn?
+
+        allow!
+      end
+
       def voting_enabled?
         return unless current_settings
 

data/app/presenters/decidim/proposals/admin_log/proposal_presenter.rb

@@ -15,13 +15,9 @@ module Decidim
       class ProposalPresenter < Decidim::Log::BasePresenter
         private
 
-        def resource_presenter
-          @resource_presenter ||= Decidim::Proposals::Log::ResourcePresenter.new(action_log.resource, h, action_log.extra["resource"])
-        end
-
         def diff_fields_mapping
           {
-            title: "Decidim::Proposals::AdminLog::ValueTypes::ProposalTitleBodyPresenter",
+            title: :i18n,
             body: "Decidim::Proposals::AdminLog::ValueTypes::ProposalTitleBodyPresenter",
             state: "Decidim::Proposals::AdminLog::ValueTypes::ProposalStatePresenter",
             answered_at: :date,

data/app/presenters/decidim/proposals/admin_log/value_types/proposal_title_body_presenter.rb

@@ -5,12 +5,10 @@ module Decidim
     module AdminLog
       module ValueTypes
         class ProposalTitleBodyPresenter < Decidim::Log::ValueTypes::DefaultPresenter
-          include Decidim::TranslatableAttributes
-
           def present
             return unless value
 
-            translated_value = translated_attribute(value)
+            translated_value = h.decidim_escape_translated(value)
             return if translated_value.blank?
 
             renderer = Decidim::ContentRenderers::HashtagRenderer.new(translated_value)

data/app/presenters/decidim/proposals/log/valuation_assignment_presenter.rb

@@ -11,7 +11,7 @@ module Decidim
         # Returns an HTML-safe String.
         def present_resource_name
           if resource.present?
-            Decidim::Proposals::ProposalPresenter.new(resource.proposal).title
+            resource.proposal.presenter.title(html_escape: true)
           else
             super
           end

data/app/views/decidim/proposals/admin/proposals/_form.html.erb

@@ -44,7 +44,7 @@
 
         <div class="row column" id="proposal_meeting">
           <%= form.select :meeting_id,
-                          options_for_select(@form.meetings&.map { |meeting| [present(meeting).title, meeting.id] }, selected: meetings_as_authors_selected ),
+                          options_for_select(@form.meetings&.map { |meeting| [present(meeting).title(html_escape: true), meeting.id] }, selected: meetings_as_authors_selected ),
                           { include_blank: true, label: t(".select_a_meeting") },
                           { multiple: false, class: "chosen-select" } %>
         </div>

data/app/views/decidim/proposals/admin/proposals/_proposal-tr.html.erb

@@ -53,7 +53,7 @@
   </td>
 
   <td class="valuators-count">
-    <%= proposal.valuation_assignments.count %>
+    <%= proposal.valuation_assignments.size %>
   </td>
 
   <td>

data/app/views/decidim/proposals/admin/proposals/show.html.erb

@@ -107,7 +107,7 @@
             <% proposal_meetings.each do |meeting| %>
               <% presented_meeting = present(meeting) %>
               <li>
-                <%= link_to presented_meeting.title, presented_meeting.profile_path %>
+                <%= link_to decidim_escape_translated(meeting.title).html_safe, presented_meeting.profile_path %>
               </li>
             <% end %>
           </ul>

data/app/views/decidim/proposals/admin/proposals/update_attribute.js.erb

@@ -22,5 +22,6 @@
   window.hideBulkActionsButton();
   window.hideBulkActionForms();
   window.showOtherActionsButtons();
-  window.selectedResourcesCountUpdate();
+  window.selectedProposalsCountUpdate();
+  window.resetForms();
 <% end %>

data/app/views/decidim/proposals/proposals/show.html.erb

@@ -129,7 +129,9 @@ extra_admin_link(
     <%= resource_version(proposal_presenter, versions_path: proposal_versions_path(@proposal)) %>
     <%= cell("decidim/fingerprint", @proposal) %>
     <%= render partial: "decidim/shared/share_modal", locals: { resource: @proposal } %>
-    <%= embed_modal_for proposal_widget_url(@proposal, format: :js) %>
+    <% if allowed_to? :embed, :proposal, proposal: @proposal %>
+      <%= embed_modal_for proposal_widget_url(@proposal, format: :js) %>
+    <% end %>
     <%= cell "decidim/proposals/proposal_link_to_collaborative_draft", @proposal %>
     <%= cell "decidim/proposals/proposal_link_to_rejected_emendation", @proposal %>
   </div>

data/config/locales/ar.yml

@@ -191,7 +191,6 @@ ar:
             proposal_wizard_step_1_help_text: اقتراح الاقتراح "إنشاء" نص مساعدة الخطوة
             proposal_wizard_step_2_help_text: اقتراح الاقتراح "قارن" نص خطوة المساعدة
             proposal_wizard_step_3_help_text: نص اقتراح "إكمال" تعليمات نص المعالج
-            proposal_wizard_step_4_help_text: اقتراح الاقتراح "نشر" نص تعليمات الخطوة
             resources_permissions_enabled: يمكن تعيين أذونات الإجراءات لكل اقتراح
             scope_id: نطاق
             scopes_enabled: النطاقات مفعلة
@@ -291,7 +290,6 @@ ar:
             notification_title: تم قبول اقتراحك <a href="%{resource_path}">%{resource_title}</a>.
           follower:
             email_intro: 'تم قبول الاقتراح "%{resource_title}". يمكنك قراءة الإجابة على هذه الصفحة:'
-            email_outro: لقد تلقيت هذا الإشعار لأنك تتابع %{resource_title}. يمكنك إلغاء المتابعة على الرابط السابق.
             email_subject: تم قبول اقتراح تتابعه
             notification_title: لقد تم قبول المُقتَرح <a href="%{resource_path}">%{resource_title}</a>.
         proposal_evaluating:
@@ -302,7 +300,6 @@ ar:
             notification_title: يتم تقييم الاقتراح الخاص بك <a href="%{resource_path}">%{resource_title}</a>.
           follower:
             email_intro: 'الاقتراح "%{resource_title}" قيد التقييم حاليا. يمكنك التحقق من وجود إجابة على هذه الصفحة:'
-            email_outro: لقد تلقيت هذا الإشعار لأنك تتابع %{resource_title}. يمكنك إلغاء المتابعة على الرابط السابق.
             email_subject: واحد من الاقتراحات التي تتبعها قيد التقييم الآن
             notification_title: الاقتراح <a href="%{resource_path}">%{resource_title}</a> قيد التقييم الآن.
         proposal_mentioned:
@@ -329,7 +326,6 @@ ar:
             notification_title: تم رفض اقتراحك <a href="%{resource_path}">%{resource_title}</a>.
           follower:
             email_intro: 'تم رفض الاقتراح %{resource_title}. يمكنك قراءة الإجابة على ذلك على هذه الصفحة:'
-            email_outro: لقد تلقيت هذا الإشعار لأنك تتابع %{resource_title}. يمكنك إلغاء المتابعة على الرابط السابق.
             email_subject: واحد من الاقتراحات التي تتبعها تم رفضها
             notification_title: تم رفض الاقتراح <a href="%{resource_path}">%{resource_title}</a>.
         proposal_update_category:
@@ -496,7 +492,7 @@ ar:
             accepted: وافقت
             answer_proposal: إجابة
             evaluating: تقييم
-            not_answered: لم تتم الإجابة عليه
+            not_answered: بلا جواب
             rejected: مرفوض
             title: الإجابة على الاقتراح %{title}
         proposal_notes:
@@ -992,7 +988,7 @@ ar:
           step_1: إنشاء اقتراحك
           step_2: قارن
           step_3: إكمال
-          step_4: انشر اقتراحك
+          step_4: نشر اقتراحك
           step_of: الخطوة %{current_step_num} من %{total_steps}
           title: خطوات إنشاء الاقتراحات
       proposals_picker: