RubyGems - decidim - Versions diffs - 0.0.1.alpha4 → 0.0.1.alpha5 - Mend

decidim 0.0.1.alpha4 → 0.0.1.alpha5

Potentially problematic release.

This version of decidim might be problematic. Click here for more details.

Files changed (63) hide show

data/decidim-admin/app/controllers/concerns/decidim/needs_authorization.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require "active_support/concern"
+module Decidim
+  # Shared behaviour for controllers that need authorization to work.
+  module NeedsAuthorization
+    extend ActiveSupport::Concern
+    included do
+      include Pundit
+      after_action :verify_authorized
+      rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+      private
+      # Overwrites the `policy` method from the `pundit` gem in order to be
+      # able to specify which policy class should be used in each case. This is
+      # due to `pundit` failing to correctly identify the policy class when the
+      # model class name is scoped and the policy class is in a different scope
+      # (eg. `Decidim::ParticipatoryProcess` and
+      # `Decidim::Admin::ParticipatoryProcessPolicy`). The original method does
+      # not let us specify the correct class.
+      #
+      # Remember that, in order to make this work, you'll need to define the
+      # `policy_class` method in the controller, which should only return a
+      # policy class name.
+      #
+      # record - the record that will be evaluated against the policy class.
+      def policy(record)
+        policies[record] ||= policy_class.new(current_user, record)
+      end
+      # Needed in order to make the `policy` method work. Overwirite it in the
+      # given controller and make it return a Policy class.
+      def policy_class
+        raise NotImplementedError, "Define this method and make it return a policy class name in order to make it work"
+      end
+      # Handles the case when a user visits a path that is not allowed to them.
+      # Redirects the user to the root path and shows a flash message telling
+      # them they are not authorized.
+      def user_not_authorized
+        flash[:alert] = t("actions.unauthorized", scope: "decidim.admin")
+        redirect_to(request.referrer || decidim_admin.root_path)
+      end
+    end
+  end
+end

data/decidim-admin/app/controllers/decidim/admin/application_controller.rb CHANGED Viewed

@@ -4,6 +4,8 @@ module Decidim
     # The main application controller that inherits from Rails.
     class ApplicationController < ActionController::Base
       include NeedsOrganization
+      include NeedsAuthorization
       protect_from_forgery with: :exception, prepend: true
     end
   end

data/decidim-admin/app/controllers/decidim/admin/dashboard_controller.rb CHANGED Viewed

@@ -3,7 +3,18 @@ require_dependency "decidim/admin/application_controller"
 module Decidim
   module Admin
+    # Controller that shows a simple dashboard.
+    #
     class DashboardController < ApplicationController
+      def show
+        authorize :dashboard
+      end
+      private
+      def policy_class
+        Decidim::Admin::DashboardPolicy
+      end
     end
   end
 end

data/decidim-admin/app/controllers/decidim/admin/participatory_processes_controller.rb ADDED Viewed

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+require_dependency "decidim/admin/application_controller"
+module Decidim
+  module Admin
+    # Controller that allows managing all the Admins.
+    #
+    class ParticipatoryProcessesController < ApplicationController
+      def index
+        @participatory_processes = collection
+        authorize @participatory_processes
+      end
+      def new
+        @form = ParticipatoryProcessForm.new
+        authorize ParticipatoryProcess
+      end
+      def create
+        @form = ParticipatoryProcessForm.from_params(params)
+        authorize ParticipatoryProcess
+        CreateParticipatoryProcess.call(@form, current_organization) do
+          on(:ok) do
+            flash[:notice] = I18n.t("participatory_processes.create.success", scope: "decidim.admin")
+            redirect_to participatory_processes_path
+          end
+          on(:invalid) do
+            flash.now[:alert] = I18n.t("participatory_processes.create.error", scope: "decidim.admin")
+            render :new
+          end
+        end
+      end
+      def edit
+        @participatory_process = collection.find(params[:id])
+        authorize @participatory_process
+        @form = ParticipatoryProcessForm.from_model(@participatory_process)
+      end
+      def update
+        @participatory_process = collection.find(params[:id])
+        authorize @participatory_process
+        @form = ParticipatoryProcessForm.from_params(params)
+        UpdateParticipatoryProcess.call(@participatory_process, @form) do
+          on(:ok) do
+            flash[:notice] = I18n.t("participatory_processes.update.success", scope: "decidim.admin")
+            redirect_to participatory_processes_path
+          end
+          on(:invalid) do
+            flash.now[:alert] = I18n.t("participatory_processes.update.error", scope: "decidim.admin")
+            render :edit
+          end
+        end
+      end
+      def show
+        @participatory_process = collection.find(params[:id])
+        authorize @participatory_process
+      end
+      def destroy
+        @participatory_process = collection.find(params[:id]).destroy!
+        authorize @participatory_process
+        flash[:notice] = I18n.t("participatory_processes.destroy.success", scope: "decidim.admin")
+        redirect_to participatory_processes_path
+      end
+      private
+      def collection
+        current_organization.participatory_processes
+      end
+      def policy_class
+        Decidim::Admin::ParticipatoryProcessPolicy
+      end
+    end
+  end
+end

data/decidim-admin/app/forms/decidim/admin/participatory_process_form.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module Decidim
+  module Admin
+    # A form object used to create participatory processes from the admin
+    # dashboard.
+    #
+    class ParticipatoryProcessForm < Rectify::Form
+      include TranslatableAttributes
+      translatable_attribute :title, String
+      translatable_attribute :subtitle, String
+      translatable_attribute :description, String
+      translatable_attribute :short_description, String
+      mimic :participatory_process
+      attribute :slug, String
+      attribute :hashtag, String
+      validates :slug, presence: true
+      translatable_validates :title, :subtitle, :description, :short_description, presence: true
+      validate :slug, :slug_uniqueness
+      private
+      def slug_uniqueness
+        return unless ParticipatoryProcess.where(slug: slug).where.not(id: id).any?
+        errors.add(
+          :slug,
+          I18n.t("models.participatory_process.validations.slug_uniqueness", scope: "decidim.admin")
+        )
+      end
+    end
+  end
+end

data/decidim-admin/app/helpers/decidim/admin/application_helper.rb CHANGED Viewed

@@ -4,6 +4,8 @@ module Decidim
     # Custom helpers, scoped to the admin panel.
     #
     module ApplicationHelper
+      include Decidim::TranslationsHelper
       def title
         current_organization.name
       end

data/decidim-admin/app/helpers/decidim/admin/attributes_display_helper.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+module Decidim
+  module Admin
+    # Custom helpers, scoped to the admin panel.
+    #
+    module AttributesDisplayHelper
+      # Displays the given attributes list in a list. This is a simple
+      # `show_for` alternative, so there's no way to modify how an attribute is
+      # shown and there is no intention on adding this. It is intnded to be
+      # used inside a `dl` HTML tag, so you can customize how a specific
+      # attribute has to be shown directly:
+      #
+      #   <dl>
+      #     <%= display_for @post, :title, :body %>
+      #     <dt>Comments number</dt>
+      #     <dd>2</dd>
+      #   </dl>
+      #
+      # This will render this HTML:
+      #
+      #   <dl>
+      #     <dt>Title</dt>
+      #     <dd>Hello, world!</dd>
+      #     <dt>Body</dt>
+      #     <dd>Lorem ipsum dolor sit amet...</dd>
+      #     <dt>Comments number</dt>
+      #     <dd>2</dd>
+      #   </dl>
+      #
+      # record - any Ruby object that needs some attributes rendered
+      # attrs - a list of N attributes of the `record`.
+      def display_for(record, *attrs)
+        attrs.map do |attr|
+          if record.column_for_attribute(attr).type == :hstore
+            I18n.available_locales.map do |locale|
+              content_tag(:dt, record.class.human_attribute_name(attr) + " (#{locale})") +
+                display_value(record, attr, locale)
+            end.reduce(:+)
+          else
+            display_label(record, attr) + display_value(record, attr)
+          end
+        end.reduce(:+)
+      end
+      private
+      # Private: Holds the logic to render a label for a given attribute.
+      def display_label(record, attr)
+        content_tag(:dt, record.class.human_attribute_name(attr))
+      end
+      # Private: Holds the logic to render the attribute value.
+      def display_value(record, attr, locale = nil)
+        return I18n.with_locale(locale) do
+          content_tag(:dd, translated_attribute(record.send(attr)).try(:html_safe))
+        end if locale
+        content_tag(:dd, record.send(attr).try(:html_safe))
+      end
+    end
+  end
+end

data/decidim-admin/app/policies/decidim/admin/dashboard_policy.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module Decidim
+  module Admin
+    # A policy to define all the authorizations regarding a
+    # ParticipatoryProcess, to be used with Pundit.
+    class DashboardPolicy < ApplicationPolicy
+      # Checks if the user can see the admin dashboard.
+      #
+      # Returns a Boolean.
+      def show?
+        user.roles.include?("admin")
+      end
+    end
+  end
+end

data/decidim-admin/app/policies/decidim/admin/participatory_process_policy.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+module Decidim
+  module Admin
+    # A policy to define all the authorizations regarding a
+    # ParticipatoryProcess, to be used with Pundit.
+    class ParticipatoryProcessPolicy < ApplicationPolicy
+      # Checks if the user can see the form for participatory process creation.
+      #
+      # Returns a Boolean.
+      def new?
+        user.roles.include?("admin")
+      end
+      # Checks if the user can create a participatory process.
+      #
+      # Returns a Boolean.
+      def create?
+        user.roles.include?("admin")
+      end
+      # Checks if the user can list a participatory process.
+      #
+      # Returns a Boolean.
+      def index?
+        user.roles.include?("admin") && user.organization == record.first.organization
+      end
+      # Checks if the user can see a participatory process.
+      #
+      # Returns a Boolean.
+      def show?
+        user.roles.include?("admin") && user.organization == record.organization
+      end
+      # Checks if the user can edit a participatory process.
+      #
+      # Returns a Boolean.
+      def edit?
+        user.roles.include?("admin") && user.organization == record.organization
+      end
+      # Checks if the user can update a participatory process.
+      #
+      # Returns a Boolean.
+      def update?
+        user.roles.include?("admin") && user.organization == record.organization
+      end
+      # Checks if the user can destroy a participatory process.
+      #
+      # Returns a Boolean.
+      def destroy?
+        user.roles.include?("admin") && user.organization == record.organization
+      end
+    end
+  end
+end

data/decidim-admin/app/views/decidim/admin/participatory_processes/_form.html.erb ADDED Viewed

@@ -0,0 +1,23 @@
+<div class="field">
+  <%= form.translated :text_field, :title, autofocus: true %>
+</div>
+<div class="field">
+  <%= form.translated :text_field, :subtitle %>
+</div>
+<div class="field">
+  <%= form.text_field :slug %>
+</div>
+<div class="field">
+  <%= form.text_field :hashtag %>
+</div>
+<div class="field">
+  <%= form.translated :text_area, :short_description %>
+</div>
+<div class="field">
+  <%= form.translated :text_area, :description %>
+</div>

data/decidim-admin/app/views/decidim/admin/participatory_processes/edit.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<% content_for :title do %>
+  <h2><%= t ".title" %></h2>
+<% end %>
+<%= form_for(@form) do |f| %>
+  <%= render partial: 'form', object: f %>
+  <div class="actions">
+    <%= f.submit t(".update") %>
+  </div>
+<% end %>

data/decidim-admin/app/views/decidim/admin/participatory_processes/index.html.erb ADDED Viewed

@@ -0,0 +1,34 @@
+<% content_for :title do %>
+  <h2><%= t "decidim.admin.titles.participatory_processes" %></h2>
+<% end %>
+<div class="actions title">
+  <%= link_to t("actions.new", scope: "decidim.admin", name: t("models.participatory_process.name", scope: "decidim.admin")), ['new', 'participatory_process'], class: 'new' %>
+</div>
+<table class="stack">
+  <thead>
+    <tr>
+      <th><%= t("models.participatory_process.fields.title", scope: "decidim.admin") %></th>
+      <th><%= t("models.participatory_process.fields.created_at", scope: "decidim.admin") %></th>
+      <th class="actions"><%= t("actions.title", scope: "decidim.admin") %></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @participatory_processes.each do |process| %>
+      <tr>
+        <td>
+          <%= link_to translated_attribute(process.title), process %><br />
+        </td>
+        <td>
+          <%= l process.created_at, format: :short %>
+        </td>
+        <td class="actions">
+          <%= link_to_if policy(process).edit?, t("actions.edit", scope: "decidim.admin"), ['edit', process] %>
+          <%= link_to_if policy(process).destroy?, t("actions.destroy", scope: "decidim.admin"), process, method: :delete, class: "small alert button", data: { confirm: t("actions.confirm_destroy", scope: "decidim.admin") } %>
+        </td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>

data/decidim-admin/app/views/decidim/admin/participatory_processes/new.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<% content_for :title do %>
+  <h2><%= t ".title" %></h2>
+<% end %>
+<%= form_for(@form) do |f| %>
+  <%= render partial: 'form', object: f %>
+  <div class="actions">
+    <%= f.submit t(".create") %>
+  </div>
+<% end %>

data/decidim-admin/app/views/decidim/admin/participatory_processes/show.html.erb ADDED Viewed

@@ -0,0 +1,20 @@
+<% content_for :title do %>
+  <h2><%= link_to translated_attribute(@participatory_process.title), @participatory_process %></h2>
+  <h3 class="subheader"><%= translated_attribute(@participatory_process.subtitle) %></h3>
+<% end %>
+<div class="actions">
+  <hr />
+  <%= link_to_if policy(@participatory_process).edit?, t("decidim.admin.actions.edit"), ['edit', @participatory_process] %>
+  <%= link_to_if policy(@participatory_process).destroy?, t("decidim.admin.actions.destroy"), @participatory_process, method: :delete, class: "alert button", data: { confirm: t("decidim.admin.actions.confirm_destroy") } %>
+</div>
+<dl>
+  <%= display_for @participatory_process,
+    :title,
+    :subtitle,
+    :hashtag,
+    :short_description,
+    :description
+    %>
+</dl>