consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,492 Commits 1 Branch 0 Tags
b31f853bc6ad15cb479e958a1ea2acbcf53d5012
Commit Graph

134 Commits

Author SHA1 Message Date
denialtorres
bb627a7117 Edit Budget Investment only in accepting phase (#3716) 
This way users who made a typo can fix it before the investment is reviewed.
 2019-10-18 13:59:14 +02:00
Javi Martín
6b1864fbcd Sanitize translations instead of using _html 
Using the `_html` suffix in an i18n key is the same as using `html_safe`
on it, which means that translation could potentially be used for XSS
attacks.
 2019-10-09 19:46:47 +02:00
Javi Martín
928312e218 Use sanitize in translations with links 
Sometimes we're interpolating a link inside a translation, and marking
the whole translations as HTML safe.

However, some translations added by admins to the database or through
crowdin are not entirely under our control.

Although AFAIK crowdin checks for potential cross-site scripting
attacks, it's a good practice to sanitize parts of a string potentially
out of our control before marking the string as HTML safe.
 2019-10-08 18:46:21 +02:00
Javi Martín
75a28fafcb Sanitize label texts automatically 
This way we can remove all those `html_safe` calls and we avoid
potential XSS attacks in label texts.
 2019-10-08 18:46:21 +02:00
Javi Martín
55a190f44a Remove unneeded _html suffix in I18n keys 
This suffix does the same thing as calling `.html_safe` on them. So we
don't need to use it in texts that don't use HTML.
 2019-10-08 13:20:22 +02:00
Javi Martín
8d9cb4d8e3 Simplify generating checkboxes in forms 
Using the block syntax to generate the label with a <span> tag inside
isn't necessary after upgrading foundation_rails_helpers. Before the
upgrade, we couldn't do so because the <span> tag was escaped.
 2019-10-06 19:32:04 +02:00
Javi Martín
4f5de5be3b Add aria-describedby attribute automatically 
We were manually adding the attribute in many places, but not
everywhere. I'm assuming adding it where we didn't have it is doing no
harm.
 2019-10-06 19:32:03 +02:00
Javi Martín
3ea9f3cecf Simplify generating form fields with labels 
Instead of generating the label and then a field without a label, we can
directly generate a field with a label.
 2019-10-05 16:01:58 +02:00
Javi Martín
f9ed186909 Add rubocop spacing rules 
We were following these rules in most places; we just didn't define them
anywhere.
 2019-09-10 21:04:56 +02:00
Javi Martín
24359f8152 Remove extra space in HTML tags 2019-09-10 20:02:15 +02:00
Javi Martín
488461b8ac Remove consecutive blank lines 2019-09-10 20:02:15 +02:00
decabeza
55fb14c6e3 Always show dashboard buttons 2019-04-29 15:46:27 +02:00
decabeza
cb22e6cbfb Merge branch 'master' into proposal-dashboard 2019-04-23 17:12:47 +02:00
Julian Herrero
defbb25ec5 Fix Devise deprecation warning 
DEPRECATION WARNING: [Devise] `DeviseHelper.devise_error_messages!`
is deprecated and it will be removed in the next major version.
To customize the errors styles please run `rails g devise:views` and
modify the `devise/shared/error_messages` partial.

We will render the resource errors instead fo calling the deprecated method.
 2019-04-17 17:40:56 +02:00
decabeza
2af154d539 Merge branch 'master' into proposal-dashboard 2019-03-28 01:26:04 +01:00
decabeza
898d409c47 Improve layout for user proposal view 2019-03-26 18:22:19 +01:00
decabeza
eda6ea7f12 Merge branch 'master' into dashboard 2019-03-26 16:45:48 +01:00
Javi Martín
4c35df4812 Use double quotes inside string interpolation 2019-03-25 14:58:54 +01:00
Julian Herrero
f6489bc604 Use double quotes in app/views 2019-03-19 12:33:07 +01:00
decabeza
5d62ab71ff Add missing tr tags on users views 2019-03-14 11:30:59 +01:00
taitus
aa908d8d60 Add progress tab as initial page on Dashboard. 2019-02-02 14:49:28 +01:00
decabeza
cf7155613e Changes honeypot family name to address on users sign up form 2018-12-21 11:34:12 +01:00
decabeza
fcb6e67ced Adds styles to proposals views 2018-10-05 18:10:10 +02:00
Juan Salvador Pérez García
42d448248c Routes have been refactored 
Dashboard routes have been refactored. Now instead of having resources
for dashboard and routes inside a dashboard namespace the proposal
routes contain a dashboar singleton containing everything related to it.
 2018-09-17 15:44:45 +02:00
Juan Salvador Pérez García
01846089d4 Fixes #236 
Addressed comments related to CSS and views.
 2018-07-23 07:25:22 +02:00
Juan Salvador Pérez García
305a0059bd Addresses @iacoco comments 2018-07-17 17:50:47 +02:00
Juan Salvador Pérez García
fc57bad1cd Fixes #155 2018-07-17 17:50:05 +02:00
decabeza
ee884ed998 Updates active to is-active class for menus 2018-06-06 12:01:16 +02:00
iagirre
f2927c8eb2 Add alert to the delete button of 'My activity' section so that users don't delete their investmentes accidentally 2018-01-25 16:54:26 +01:00
Alberto García
19925de06b Merge pull request #2170 from consul/design 
Design improvements
 2017-12-14 11:31:31 +01:00
decabeza
377a1d9f01 improves following view and updates specs 2017-12-07 16:31:05 +01:00
decabeza
d273ba2ba5 improves following page, shows public interest only in this view 2017-12-07 13:40:12 +01:00
Angel Perez
ab9d612128 'Proposals' feature can be enabled/disabled 
Fixes #1886
 2017-11-17 13:10:55 -04:00
decabeza
f6ee472a66 Improve styles for users interest list 2017-10-18 18:55:55 +02:00
decabeza
c5aeaa26ae fixes user show tabs styles 2017-10-18 18:55:07 +02:00
decabeza
eec05219cc improves html markup on activity tables 2017-10-18 18:54:43 +02:00
decabeza
f9e5086a95 fixes table on users proposal list 2017-08-25 12:12:21 +02:00
Senén Rodero Rodríguez
1dea11ca8b Add empty interests list message. 2017-08-03 14:03:19 +02:00
decabeza
6c5513ab38 replaces back_link partial to back_link_to helper 2017-07-26 18:22:45 +02:00
Senén Rodero Rodríguez
c9a6630c94 Remove popup on follow buttons and remove uneeded code. 2017-07-19 17:51:45 +02:00
Senén Rodero Rodríguez
cba497b32e Create new followables helper to have some methods previously on follows helper. Rename entity to followable. 2017-07-19 17:50:46 +02:00
rgarcia
b7ef755b16 minor refactoring for follows 2017-07-19 13:52:38 +02:00
Senén Rodero Rodríguez
57c8887077 Add method to follows helper to get followable partial name and arguments automatically. 2017-07-18 19:35:47 +02:00
Senén Rodero Rodríguez
16987e7eb8 Easier conditional usage. 2017-07-18 19:21:17 +02:00
taitus
b0c571e658 Do not display send notification button when proposal is from another author. 2017-07-13 20:33:57 +02:00
Alessandro Cuoghi
556e2598c3 Remove margin bottom in the table inside accordion. Divided into groups of 10 interests. Inserted interests in columns. 2017-07-13 20:29:36 +02:00
taitus
7e2e94d709 Add following tab to user public page. 2017-07-13 20:29:34 +02:00
Alessandro Cuoghi
52e195d837 Add tab. Add accordion. Add style. Pass test scss-lint. 2017-07-13 20:14:55 +02:00
Senén Rodero Rodríguez
4b2310c135 Move and refactor method from follow to user model to get user interests. Add specification to check the discard of duplicate interests. 2017-07-07 15:18:34 +02:00
taitus
14ec4f5315 Add styles and translations for users interests. 2017-07-07 13:37:53 +02:00