-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow admins to manually verify users (#341)
* add system forms * add commands specs * fix command * deface participants page * add modal * render authorization modal * authorize/unauthorize * handle conflicts and overrides * add authorization & helper specs * add permissions and action log entries * add controller specs * add adminlog specs * fix ffi * add system specs * add reason to forcer verification * readme * readme * fix specs * fix locales * fix config form * optimize styles spec * add locales to allowed controllers * fix spec
- Loading branch information
1 parent
7c19c96
commit 2d63fe5
Showing
60 changed files
with
1,816 additions
and
205 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
app/commands/concerns/decidim/decidim_awesome/system/register_organization_override.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module DecidimAwesome | ||
module System | ||
module RegisterOrganizationOverride | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
private | ||
|
||
alias_method :decidim_create_organization, :create_organization | ||
|
||
def create_organization | ||
@organization = decidim_create_organization | ||
if form.clean_awesome_admins_available_authorizations.present? | ||
AwesomeConfig.create!( | ||
var: :admins_available_authorizations, | ||
organization: @organization, | ||
value: form.clean_awesome_admins_available_authorizations | ||
) | ||
end | ||
@organization | ||
end | ||
end | ||
end | ||
end | ||
end | ||
end |
35 changes: 35 additions & 0 deletions
35
app/commands/concerns/decidim/decidim_awesome/system/update_organization_override.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module DecidimAwesome | ||
module System | ||
module UpdateOrganizationOverride | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
private | ||
|
||
alias_method :decidim_original_save_organization, :save_organization | ||
|
||
def save_organization | ||
decidim_original_save_organization | ||
if form.clean_awesome_admins_available_authorizations.present? | ||
add_awesome_configs! | ||
elsif awesome_config&.persisted? | ||
awesome_config.destroy! | ||
end | ||
end | ||
|
||
def add_awesome_configs! | ||
awesome_config.value = form.clean_awesome_admins_available_authorizations | ||
awesome_config.save! | ||
end | ||
|
||
def awesome_config | ||
@awesome_config ||= AwesomeConfig.find_or_initialize_by(var: :admins_available_authorizations, organization: @organization) | ||
end | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
122 changes: 122 additions & 0 deletions
122
app/controllers/decidim/decidim_awesome/admin/admin_authorizations_controller.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module DecidimAwesome | ||
module Admin | ||
class AdminAuthorizationsController < DecidimAwesome::Admin::ApplicationController | ||
include NeedsAwesomeConfig | ||
|
||
layout false | ||
helper_method :user, :authorization, :workflow, :handler, :conflict | ||
# overwrite original rescue_from to ensure we print messages from ajax methods | ||
rescue_from Decidim::ActionForbidden, with: :json_error | ||
|
||
before_action do | ||
enforce_permission_to :edit_config, :admins_available_authorizations, handler: workflow.name | ||
end | ||
|
||
def edit | ||
render "authorization" if authorization | ||
end | ||
|
||
def update | ||
if conflict | ||
message = render_to_string("conflict") | ||
else | ||
message = render_to_string(partial: "callout", locals: { i18n_key: "user_authorized", klass: "success" }) | ||
Decidim::Verifications::AuthorizeUser.call(handler, current_organization) do | ||
on(:transferred) do |transfer| | ||
message += render_to_string(partial: "callout", locals: { i18n_key: "authorization_transferred", klass: "success" }) if transfer.records.any? | ||
end | ||
on(:invalid) do | ||
if force_verification.present? | ||
create_forced_authorization | ||
else | ||
message = render_to_string(partial: "callout", locals: { i18n_key: "user_not_authorized", klass: "alert" }) | ||
message += render_to_string("edit", locals: { with_override: true }) | ||
end | ||
end | ||
on(:ok) do | ||
Decidim::ActionLogger.log("admin_creates_authorization", current_user, user, nil, user_id: user.id, handler: workflow.name, handler_name: workflow.fullname) | ||
end | ||
end | ||
end | ||
|
||
render json: { | ||
message:, | ||
granted: granted?, | ||
userId: user.id, | ||
handler: workflow.name | ||
} | ||
end | ||
|
||
def destroy | ||
message = if destroy_authorization | ||
render_to_string(partial: "callout", locals: { i18n_key: "authorization_destroyed", klass: "success" }) | ||
else | ||
render_to_string(partial: "callout", locals: { i18n_key: "authorization_not_destroyed", klass: "alert" }) | ||
end | ||
|
||
render json: { | ||
message:, | ||
granted: granted?, | ||
userId: user.id, | ||
handler: workflow.name | ||
} | ||
end | ||
|
||
private | ||
|
||
def create_forced_authorization | ||
Decidim::Authorization.create_or_update_from(handler) | ||
Decidim::ActionLogger.log("admin_forces_authorization", current_user, user, nil, handler: workflow.name, user_id: user.id, handler_name: workflow.fullname, | ||
reason: force_verification) | ||
end | ||
|
||
def destroy_authorization | ||
if authorization&.destroy | ||
Decidim::ActionLogger.log("admin_destroys_authorization", current_user, user, nil, user_id: user.id, handler: workflow.name, handler_name: workflow.fullname) | ||
end | ||
end | ||
|
||
def json_error(exception) | ||
render json: render_to_string(partial: "callout", locals: { message: exception.message, klass: "alert" }), status: :unprocessable_entity | ||
end | ||
|
||
def user | ||
@user ||= Decidim::User.find(params[:id]) | ||
end | ||
|
||
def authorization | ||
@authorization ||= Decidim::Authorization.where.not(granted_at: nil).find_by(user:, name: workflow.name) | ||
end | ||
|
||
def granted? | ||
authorization&.reload.present? | ||
rescue ActiveRecord::RecordNotFound | ||
false | ||
end | ||
|
||
def workflow | ||
@workflow ||= Decidim::Verifications.find_workflow_manifest(params[:handler]) | ||
end | ||
|
||
def handler | ||
@handler ||= Decidim::AuthorizationHandler.handler_for(params[:handler], handler_params) | ||
end | ||
|
||
def conflict | ||
@conflict ||= Decidim::Authorization.find_by(unique_id: handler.unique_id) | ||
end | ||
|
||
def handler_params | ||
(params[:authorization_handler] || {}).merge(user:) | ||
end | ||
|
||
def force_verification | ||
@force_verification ||= params[:force_verification].to_s.strip.presence | ||
end | ||
end | ||
end | ||
end | ||
end |
34 changes: 34 additions & 0 deletions
34
app/forms/concerns/decidim/decidim_awesome/system/organization_form_override.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module DecidimAwesome | ||
module System | ||
module OrganizationFormOverride | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
alias_method :decidim_original_map_model, :map_model | ||
|
||
attribute :awesome_admins_available_authorizations, Array[String] | ||
|
||
def map_model(model) | ||
decidim_original_map_model(model) | ||
map_awesome_configs(model) | ||
end | ||
|
||
def clean_awesome_admins_available_authorizations | ||
return unless awesome_admins_available_authorizations | ||
|
||
awesome_admins_available_authorizations.select(&:present?) | ||
end | ||
|
||
private | ||
|
||
def map_awesome_configs(organization) | ||
self.awesome_admins_available_authorizations = Decidim::DecidimAwesome::AwesomeConfig.find_by(var: :admins_available_authorizations, organization:)&.value | ||
end | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
app/overrides/decidim/admin/officializations/index/add_modal.html.erb.deface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<!-- insert_after "erb[loud]:contains('show_email_modal')" --> | ||
|
||
<%= render "decidim/decidim_awesome/admin/officializations/verification_modal" %> |
5 changes: 5 additions & 0 deletions
5
app/overrides/decidim/admin/officializations/index/add_td.html.erb.deface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<!-- insert_before "td.table-list__actions" --> | ||
|
||
<% if awesome_config[:admins_available_authorizations] %> | ||
<%= render "decidim/decidim_awesome/admin/officializations/participants_td", user: %> | ||
<% end %> |
5 changes: 5 additions & 0 deletions
5
app/overrides/decidim/admin/officializations/index/add_th.html.erb.deface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<!-- insert_before "th:last" --> | ||
|
||
<% if awesome_config[:admins_available_authorizations] %> | ||
<%= render "decidim/decidim_awesome/admin/officializations/participants_th" %> | ||
<% end %> |
9 changes: 9 additions & 0 deletions
9
...rrides/decidim/system/organizations/_advanced_settings/add_awesome_config.html.erb.deface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<!-- insert_top '#advanced-settings-panel' --> | ||
|
||
<% if Decidim::DecidimAwesome.enabled?(:admins_available_authorizations) %> | ||
<div class="awesome_available_authorizations border-2 rounded border-background p-4 form__wrapper mt-8 first:mt-0 last:pb-4"> | ||
<h3 class="h4"><%= t "decidim.decidim_awesome.system.organizations.awesome_tweaks" %></h3> | ||
|
||
<%= render partial: "decidim/decidim_awesome/system/organizations/admin_allowed_authorizations", locals: { f: f } %> | ||
</div> | ||
<% end %> |
Oops, something went wrong.