In the admin menu, some links take you to a section, and some links open
a submenu with more links.
When we disable the "multi-open" property of the menu and the active
element is a link which takes you to a section, Foundation will hide it
whenever we click a link which opens a submenu.
The easiest solution is to enable "multi-open" property.
Since now it's possible to edit the budget investment during the
accepting phase, it does not really make sense to show the button to
just remove the image when the investment project can be fully edited,
and the image can be removed from the editing form.
These filters were only returning investments with valuation open, but
we don't want to do that since the time we changed the interface in
order to allow users to apply several filters at the same time.
To maintain consistency and the use of advanced search in the frontend,
we forced the expected date format for all languages. This is a temporary
solution that we should analyze in depth to allow different date formats
depending on the language in the filters.
New deutsch translations of remote translations
interface have broke these specs where we were
using English translations at specs to do the checks
while the spec interface was in deutsch and now we
have deutsch translations for the interface application
is not returning english fallbacks anymore and a lot of
specs of this file fails.
This commits also changes the alternative language
used at spec from deutsch to spanish which is
maintaned by code not through Crowdin, so if any
developer update current spanish translations for the
user interface this specs will fail.
These changes fix a bug that causes categories
of a legislation process to be wiped on update
of the process. It also adds a regression test
for this fix.
Generating a random title with `Faker::Lorem.sentence` sometimes caused
validation errors in tests because the generated sentence was more than
80 characters long.
Using `sanitize` we make sure the `href` attribute does not execute any
dangerous code. The possibility of a banner pointing to a dangerous URL
was very reduced, though, since only administrators can edit this
attribute.
In theory it's possible to add a `host` parameter to a URL, and we could
end up redirecting to that host if we just redirect using query
parameters.
Generating the path using `url_for` with `only_path` solves the issue.
Note in the tests I'm using the `get` method because the `patch` method
wouldn't send query parameters. This doesn't mean the action can be
accessed through GET requests, since controller tests don't check route
verbs. Using feature specs doesn't seem to work because `controller` and
`host` parameters are filtered automatically in feature specs.
Also note I'm not testing every hidden/moderation controller because
they basically use the same code.
These actions are never called with query parameters in our application,
so there's no need to use these parameters in a redirect.
Note in the test I'm using the `get` method because the `patch` method
wouldn't send query parameters. This doesn't mean the action can be
accessed through GET requests, since controller tests don't check route
verbs.
Creating more than 25 records isn't necessary to test pagination; we can
stub the number of records per page in a test.
On my machine we save about one second per test with these changes.
The link to show stats for these polls is nowhere to be seen in the
application, and these stats are included in the budget stats, so it
makes sense to restrict access to them.
When defining abilities, scopes cover more cases because they can be
used to check permissions for a record and to filter a collection. Ruby
blocks can only be used to check permissions for a record.
Note the `Budget::Phase.kind_or_later` name sounds funny, probably
because we use the word "phase" for both an an attribute in the budgets
table and an object associated with the budget, and so naming methods
for a budget phase is a bit tricky.
We were checking for `expired?` and `results_enabled?` in views and
helpers, when we've already defined a rule for accessing stats and
results for a poll.
This way we also fix a bug when stats were enabled but the poll wasn't
finished. In this scenario, the link pointed to the stats page, but when
clicking it we'd get a "you don't have permission" message.
Now the link doesn't point to the stats page anymore.
There's no reason to allow administrators to check stats and results for
a poll when it isn't finished or when results and stats are not enabled.
Now admins have the same permissions as everyone else.
When the generated title for a dashboard action ended with a space, the
action `click_link(feature.title)` failed because the link shown in the
HTML ignores the trailing spaces.
Using `strip` solves the problem. Not the most elegant solution, though;
ideally we'd generate a better title.
