Temp/0.24

decidim-assemblies/app/permissions/decidim/assemblies/permissions.rb

@@ -17,7 +17,6 @@ def permissions
           public_list_assemblies_action?
           public_read_assembly_action?
           public_list_members_action?
-          public_report_content_action?
           return permission_action
         end
 
@@ -125,13 +124,6 @@ def public_list_members_action?
         allow!
       end
 
-      def public_report_content_action?
-        return unless permission_action.action == :create &&
-                      permission_action.subject == :moderation
-
-        allow!
-      end
-
       # All users with a relation to a assembly and organization admins can enter
       # the space area. The sapce area is considered to be the assemblies zone,
       # not the assembly groups one.

decidim-assemblies/spec/permissions/decidim/assemblies/permissions_spec.rb

@@ -126,14 +126,6 @@
       it { is_expected.to eq true }
     end
 
-    context "when reporting a resource" do
-      let(:action) do
-        { scope: :public, action: :create, subject: :moderation }
-      end
-
-      it { is_expected.to eq true }
-    end
-
     context "when any other action" do
       let(:action) do
         { scope: :public, action: :foo, subject: :bar }

decidim-blogs/app/views/decidim/blogs/posts/_posts.html.erb

@@ -1,6 +1,9 @@
 <div class="row small-12">
   <% paginate_posts.each do |post| %>
     <div class="card card--post">
+      <% if post.photo.present? %>
+        <%= image_tag post.photo.url, class: "card__image" %>
+      <% end %>
       <div class="card__content">
         <div class="card__header">
           <%= link_to post, class: "card__link" do %>

decidim-blogs/spec/system/explore_posts_spec.rb

@@ -9,6 +9,8 @@
   let!(:old_post) { create(:post, component: component, created_at: Time.current - 2.days) }
   let!(:new_post) { create(:post, component: component, created_at: Time.current) }
 
+  let!(:image) { create(:attachment, attached_to: old_post) }
+
   describe "index" do
     it "shows all posts for the given process" do
       visit_component
@@ -17,6 +19,11 @@
       expect(page).to have_selector(".card--post", text: translated(old_post.title))
     end
 
+    it "shows images" do
+      visit_component
+      expect(page).to have_selector(".card--post img.card__image")
+    end
+
     context "when paginating" do
       let(:collection_size) { 10 }
       let!(:collection) { create_list :post, collection_size, component: component }

decidim-comments/app/cells/decidim/comments/comment/votes.erb

@@ -1,11 +1,11 @@
 <div class="comment__votes">
   <% if user_signed_in? %>
-    <%= button_to decidim_comments.comment_votes_path(model, weight: 1), remote: true, disabled: voted_down?, class: votes_up_classes, title: t("decidim.components.up_vote_button.text") do %>
+    <%= vote_button_to decidim_comments.comment_votes_path(model, weight: 1), remote: true, disabled: voted_down?, class: votes_up_classes, title: t("decidim.components.up_vote_button.text") do %>
       <span class="show-for-sr"><%= t("decidim.components.up_vote_button.text") %></span>
       <%= icon "chevron-top", class: "icon--small", role: "none presentation" %>
       <span class="comment__votes--count"><%= up_votes_count %></span>
     <% end %>
-    <%= button_to decidim_comments.comment_votes_path(model, weight: -1), remote: true, disabled: voted_up?, class: votes_down_classes, title: t("decidim.components.down_vote_button.text") do %>
+    <%= vote_button_to decidim_comments.comment_votes_path(model, weight: -1), remote: true, disabled: voted_up?, class: votes_down_classes, title: t("decidim.components.down_vote_button.text") do %>
       <span class="show-for-sr"><%= t("decidim.components.down_vote_button.text") %></span>
       <%= icon "chevron-bottom", class: "icon--small", role: "none presentation" %>
       <span class="comment__votes--count"><%= down_votes_count %></span>

decidim-comments/app/cells/decidim/comments/comment_cell.rb

@@ -151,6 +151,20 @@ def nested_level_even?
       def has_replies?
         model.comment_threads.any?
       end
+
+      # action_authorization_button expects current_component to be available
+      def current_component
+        root_commentable.try(:component)
+      end
+
+      def vote_button_to(path, params, &block)
+        # actions are linked to objects belonging to a component
+        # In consultations, a question belong to a participatory_space but it has comments
+        # To apply :comment permission, the modal authorizer should be refactored to allow participatory spaces-level comments
+        return button_to(path, params, &block) unless current_component
+
+        action_authorized_button_to(:vote_comment, path, params.merge(resource: root_commentable), &block)
+      end
     end
   end
 end

decidim-comments/app/cells/decidim/comments/comments/user_comments_blocked_warning.erb

@@ -1,3 +1,7 @@
 <div class="callout warning">
-  <p><%= t("decidim.components.comments.blocked_comments_for_user_warning") %></p>
+  <% if comment_permissions? %>
+    <p><%= blocked_comments_for_unauthorized_user_warning_link %></p>
+  <% else %>
+    <p><%= t("decidim.components.comments.blocked_comments_for_user_warning") %></p>
+  <% end %>
 </div>

decidim-comments/app/cells/decidim/comments/comments_cell.rb

@@ -129,6 +129,23 @@ def user_comments_blocked?
 
         !model.user_allowed_to_comment?(current_user)
       end
+
+      def comment_permissions?
+        [model, current_component].any? do |resource|
+          resource.try(:permissions).try(:[], "comment")
+        end
+      end
+
+      # action_authorization_link expects current_component to be available
+      def current_component
+        model.try(:component)
+      end
+
+      def blocked_comments_for_unauthorized_user_warning_link
+        action_authorized_link_to(:comment, commentable_path, { resource: model }) do
+          t("decidim.components.comments.blocked_comments_for_unauthorized_user_warning")
+        end
+      end
     end
   end
 end

decidim-comments/app/models/decidim/comments/comment.rb

@@ -80,7 +80,7 @@ def visible?
       end
 
       def participatory_space
-        return root_commentable if root_commentable.is_a?(Decidim::Participable)
+        return root_commentable unless root_commentable.respond_to?(:participatory_space)
 
         root_commentable.participatory_space
       end

decidim-comments/app/permissions/decidim/comments/permissions.rb

@@ -36,7 +36,7 @@ def can_create_comment?
 
       def can_vote_comment?
         return disallow! unless user
-        return disallow! unless commentable&.user_allowed_to_comment?(user)
+        return disallow! unless commentable&.user_allowed_to_vote_comment?(user)
 
         allow!
       end

decidim-comments/config/locales/en.yml

@@ -74,6 +74,7 @@ en:
       comment_thread:
         title: Conversation with %{authorName}
       comments:
+        blocked_comments_for_unauthorized_user_warning: You need to be verified to comment at this moment, but you can read the previous ones.
         blocked_comments_for_user_warning: You are not able to comment at this moment, but you can read the previous ones.
         blocked_comments_warning: Comments are disabled at this time, but you can read the previous ones.
         comment_details_title: Comment details

decidim-comments/lib/decidim/comments/commentable.rb

@@ -52,6 +52,11 @@ def user_allowed_to_comment?(_user)
           true
         end
 
+        # Public: Whether the object can have new comment votes or not.
+        def user_allowed_to_vote_comment?(_user)
+          true
+        end
+
         # Public: Updates the comments counter cache. We have to do it these
         # way in order to properly calculate the coutner with hidden
         # comments.

decidim-comments/spec/cells/decidim/comments/comment_cell_spec.rb

@@ -124,5 +124,39 @@ module Decidim::Comments
         end
       end
     end
+
+    describe "#vote_button_to" do
+      context "when commentable has permissions set for the vote_comment action" do
+        let(:permissions) do
+          {
+            vote_comment: {
+              authorization_handlers: {
+                "dummy_authorization_handler" => { "options" => {} }
+              }
+            }
+          }
+        end
+
+        let(:user) { create(:user, :confirmed, organization: organization) }
+
+        before do
+          organization.available_authorizations = ["dummy_authorization_handler"]
+          organization.save!
+          commentable.create_resource_permission(permissions: permissions)
+          allow(commentable).to receive(:comments_have_votes?).and_return(true)
+          allow(subject).to receive(:current_user).and_return(user)
+        end
+
+        it "renders an action_authorized button" do
+          expect(subject).to have_css("[data-open=\"authorizationModal\"]")
+        end
+      end
+
+      context "when commentable has no permissions set for the vote_comment action" do
+        it "renders a plain button" do
+          expect(subject).to have_no_css("[data-open=\"authorizationModal\"]")
+        end
+      end
+    end
   end
 end

decidim-comments/spec/cells/decidim/comments/comments_cell_spec.rb

@@ -92,13 +92,39 @@ module Decidim::Comments
         context "when user comments are blocked" do
           before do
             allow(commentable).to receive(:user_allowed_to_comment?).with(current_user).and_return(false)
+            allow(commentable).to receive(:user_authorized_to_comment?).with(current_user).and_return(true)
           end
 
           it "renders the user comments blocked warning" do
-            expect(subject).not_to have_css(".callout.warning", text: I18n.t("decidim.components.comments.blocked_comments_warning"))
+            expect(subject).not_to have_css(".callout.warning", text: I18n.t("decidim.components.comments.blocked_comments_for_unauthorized_user_warning"))
             expect(subject).to have_css(".callout.warning", text: I18n.t("decidim.components.comments.blocked_comments_for_user_warning"))
           end
         end
+
+        context "when user is not authorized to comment" do
+          let(:permissions) do
+            {
+              comment: {
+                authorization_handlers: {
+                  "dummy_authorization_handler" => { "options" => {} }
+                }
+              }
+            }
+          end
+
+          before do
+            organization.available_authorizations = ["dummy_authorization_handler"]
+            organization.save!
+            commentable.create_resource_permission(permissions: permissions)
+            allow(commentable).to receive(:user_allowed_to_comment?).with(current_user).and_return(false)
+            allow(commentable).to receive(:user_authorized_to_comment?).with(current_user).and_return(false)
+          end
+
+          it "renders the user not authorized to comment warning" do
+            expect(subject).to have_css(".callout.warning", text: I18n.t("decidim.components.comments.blocked_comments_for_unauthorized_user_warning"))
+            expect(subject).not_to have_css(".callout.warning", text: I18n.t("decidim.components.comments.blocked_comments_for_user_warning"))
+          end
+        end
       end
     end
   end

decidim-conferences/app/permissions/decidim/conferences/permissions.rb

@@ -20,7 +20,6 @@ def permissions
           public_list_program_action?
           public_list_media_links_action?
           public_list_registration_types_action?
-          public_report_content_action?
 
           can_join_conference?
           can_leave_conference?
@@ -159,13 +158,6 @@ def public_list_registration_types_action?
         allow!
       end
 
-      def public_report_content_action?
-        return unless permission_action.action == :create &&
-                      permission_action.subject == :moderation
-
-        allow!
-      end
-
       # All users with a relation to a conference and organization admins can enter
       # the space area. The sapce area is considered to be the conferences zone,
       # not the conference groups one.

decidim-conferences/app/views/decidim/conferences/admin/invite_join_conference_mailer/invite.html.erb

@@ -1,12 +1,12 @@
-<p><%= t("devise.mailer.invitation_instructions.hello", email: @user.name) %></p>
+<p class="email-greeting"><%= t("devise.mailer.invitation_instructions.hello", email: @user.name) %></p>
 
-<p>
+<p class="email-instructions">
   <%= t ".invited_you_to_join_a_conference", invited_by: @invited_by.name, application: @user.organization.name %>
 </p>
 
-<p>
+<p class="email-button email-button__cta cta-decline">
   <%= link_to t(".decline", conference_title: translated_attribute(@conference.title)),routes.decline_invitation_conference_registration_type_conference_registration_path(conference_slug: @conference.slug, registration_type_id: @registration_type.id) %>
 </p>
-<p>
+<p class="email-button email-button__cta cta-accept">
   <%= link_to t(".registration", conference_title: translated_attribute(@conference.title)),routes.conference_registration_type_conference_registration_url(conference_slug: @conference.slug, registration_type_id: @registration_type.id) %>
 </p>

decidim-conferences/app/views/decidim/conferences/conference_registration_mailer/confirmation.html.erb

@@ -1,11 +1,11 @@
-<p><%= t(".confirmed_html", title: translated_attribute(@conference.title), url: @locator.url) %></p>
+<p class="email-greeting"><%= t(".confirmed_html", title: translated_attribute(@conference.title), url: @locator.url) %></p>
 
-<p><%= t(".details_1", registration_type: translated_attribute(@registration_type.title), price: number_to_currency((@registration_type.price || 0), locale: I18n.locale, unit: Decidim.currency_unit)) %></p>
+<p class="email-instructions"><%= t(".details_1", registration_type: translated_attribute(@registration_type.title), price: number_to_currency((@registration_type.price || 0), locale: I18n.locale, unit: Decidim.currency_unit)) %></p>
 
 <ul>
   <% @registration_type.conference_meetings.order(:start_time).each do |conference_meeting| %>
     <li><%= present(conference_meeting).title %> </li>
   <% end %>
 </ul>
 
-<p><%= t(".details_2") %></p>
+<p class="email-instructions"><%= t(".details_2") %></p>

decidim-conferences/app/views/decidim/conferences/conference_registration_mailer/pending_validation.html.erb

@@ -1,11 +1,11 @@
-<p><%= t(".pending_html", title: translated_attribute(@conference.title), url: @locator.url) %></p>
+<p class="email-greeting"><%= t(".pending_html", title: translated_attribute(@conference.title), url: @locator.url) %></p>
 
-<p><%= t(".details", registration_type: translated_attribute(@registration_type.title), price: number_to_currency((@registration_type.price || 0), locale: I18n.locale, unit: Decidim.currency_unit)) %></p>
+<p class="email-instructions"><%= t(".details", registration_type: translated_attribute(@registration_type.title), price: number_to_currency((@registration_type.price || 0), locale: I18n.locale, unit: Decidim.currency_unit)) %></p>
 
 <ul>
   <% @registration_type.conference_meetings.order(:start_time).each do |conference_meeting| %>
     <li><%= present(conference_meeting).title %> </li>
   <% end %>
 </ul>
 
-<p><%= t(".confirmation_pending") %></p>
+<p class="email-small email-closing"><%= t(".confirmation_pending") %></p>

decidim-conferences/app/views/devise/mailer/join_conference.html.erb

@@ -1,13 +1,13 @@
-<p><%= t("devise.mailer.invitation_instructions.hello", email: @resource.name) %></p>
+<p class="email-greeting"><%= t("devise.mailer.invitation_instructions.hello", email: @resource.name) %></p>
 
-<p>
+<p class="email-instructions">
   <%= t("decidim.conferences.admin.invite_join_conference_mailer.invite.invited_you_to_join_a_conference", invited_by: @resource.invited_by.name, application: @resource.organization.name) %>
 </p>
 
-<p><%= link_to t("devise.mailer.invitation_instructions.accept"), accept_invitation_url(@resource, invitation_token: @token, invite_redirect: Decidim::EngineRouter.main_proxy(@opts[:conference]).conference_conference_registration_path(conference_slug: @opts[:conference]), host: @resource.organization.host) %></p>
+<p class="email-button email-button__cta"><%= link_to t("devise.mailer.invitation_instructions.accept"), accept_invitation_url(@resource, invitation_token: @token, invite_redirect: Decidim::EngineRouter.main_proxy(@opts[:conference]).conference_conference_registration_path(conference_slug: @opts[:conference]), host: @resource.organization.host) %></p>
 
 <% if @resource.invitation_due_at %>
-  <p><%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :long)) %></p>
+  <p class="email-small"><%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :long)) %></p>
 <% end %>
 
-<p><%= t("devise.mailer.invitation_instructions.ignore").html_safe %></p>
+<p class="email-small email-closing"><%= t("devise.mailer.invitation_instructions.ignore").html_safe %></p>

decidim-conferences/spec/mailers/conference_registration_mailer_spec.rb

@@ -29,7 +29,7 @@ module Decidim::Conferences
     describe "confirmation" do
       let(:default_subject) { "Your conference's registration has been confirmed" }
 
-      let(:default_body) { "details in the attachment" }
+      let(:default_body) { "You will find the conference" }
 
       it "expect subject and body" do
         expect(mail.subject).to eq(default_subject)

decidim-conferences/spec/permissions/decidim/conferences/permissions_spec.rb

@@ -140,14 +140,6 @@
       it { is_expected.to eq true }
     end
 
-    context "when reporting a resource" do
-      let(:action) do
-        { scope: :public, action: :create, subject: :moderation }
-      end
-
-      it { is_expected.to eq true }
-    end
-
     context "when any other action" do
       let(:action) do
         { scope: :public, action: :foo, subject: :bar }

decidim-consultations/app/models/decidim/consultations/question.rb

@@ -66,6 +66,7 @@ class Question < ApplicationRecord
       delegate :start_voting_date, to: :consultation
       delegate :end_voting_date, to: :consultation
       delegate :results_published?, to: :consultation
+      delegate :moderators, to: :consultation
 
       alias participatory_space consultation
 

decidim-core/app/permissions/decidim/permissions.rb

@@ -10,6 +10,8 @@ def permissions
       component_public_action?
       search_scope_action?
 
+      public_report_content_action?
+
       return permission_action unless user
 
       user_manager_permissions
@@ -28,6 +30,13 @@ def permissions
 
     private
 
+    def public_report_content_action?
+      return unless permission_action.action == :create &&
+                    permission_action.subject == :moderation
+
+      allow!
+    end
+
     def read_public_pages_action?
       return unless permission_action.subject == :public_page &&
                     permission_action.action == :read