From 27468b0b7b9bc12a18bd89e94f843721859caa34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Fri, 11 Oct 2019 03:06:24 +0200
Subject: [PATCH] Use relative URLs where possible

In general, we always use relative URLs (using `_path`), but sometimes
we were accidentally using absolute URLs (using `_url`). It's been
reported i might cause some isuses if accepting both HTTP and HTTPS
connections, although we've never seen the case.

In any case, this change makes the code more consistent and makes the
generated HTML cleaner.
---
 .../admin/poll/active_polls_controller.rb     |  4 +--
 .../admin/widget/cards_controller.rb          |  2 +-
 .../concerns/access_denied_handler.rb         |  2 +-
 .../management/users_controller.rb            |  2 +-
 .../users/omniauth_callbacks_controller.rb    |  2 +-
 .../users/registrations_controller.rb         |  2 +-
 app/helpers/direct_uploads_helper.rb          | 12 +++++----
 app/helpers/documents_helper.rb               | 26 ++++++++++---------
 app/helpers/images_helper.rb                  | 20 +++++++-------
 .../admin/poll/active_polls/edit.html.erb     |  2 +-
 .../ballot/_investment_for_sidebar.html.erb   |  4 +--
 .../budgets/investments/_ballot.html.erb      |  6 ++---
 app/views/budgets/investments/index.html.erb  |  2 +-
 app/views/dashboard/_form.html.erb            |  3 +--
 app/views/legislation/proposals/edit.html.erb |  2 +-
 app/views/legislation/proposals/new.html.erb  |  2 +-
 app/views/management/proposals/new.html.erb   |  2 +-
 app/views/proposals/edit.html.erb             |  2 +-
 app/views/proposals/new.html.erb              |  2 +-
 app/views/shared/_map.html.erb                |  2 +-
 app/views/shared/_suggest.html.erb            |  2 +-
 spec/features/campaigns_spec.rb               |  8 +++---
 22 files changed, 58 insertions(+), 53 deletions(-)

diff --git a/app/controllers/admin/poll/active_polls_controller.rb b/app/controllers/admin/poll/active_polls_controller.rb
index 17690a803..5dbc5cff7 100644
--- a/app/controllers/admin/poll/active_polls_controller.rb
+++ b/app/controllers/admin/poll/active_polls_controller.rb
@@ -5,7 +5,7 @@ class Admin::Poll::ActivePollsController < Admin::Poll::BaseController
 
   def create
     if @active_poll.update(active_poll_params)
-      redirect_to admin_polls_url, notice: t("flash.actions.update.active_poll")
+      redirect_to admin_polls_path, notice: t("flash.actions.update.active_poll")
     else
       render :edit
     end
@@ -16,7 +16,7 @@ class Admin::Poll::ActivePollsController < Admin::Poll::BaseController
 
   def update
     if @active_poll.update(active_poll_params)
-      redirect_to admin_polls_url, notice: t("flash.actions.update.active_poll")
+      redirect_to admin_polls_path, notice: t("flash.actions.update.active_poll")
     else
       render :edit
     end
diff --git a/app/controllers/admin/widget/cards_controller.rb b/app/controllers/admin/widget/cards_controller.rb
index eb1e6ba79..514df854e 100644
--- a/app/controllers/admin/widget/cards_controller.rb
+++ b/app/controllers/admin/widget/cards_controller.rb
@@ -60,7 +60,7 @@ class Admin::Widget::CardsController < Admin::BaseController
       if @card.site_customization_page_id
         redirect_to admin_site_customization_page_cards_path(page), notice: notice
       else
-        redirect_to admin_homepage_url, notice: notice
+        redirect_to admin_homepage_path, notice: notice
       end
     end
 
diff --git a/app/controllers/concerns/access_denied_handler.rb b/app/controllers/concerns/access_denied_handler.rb
index d924baf56..080a77283 100644
--- a/app/controllers/concerns/access_denied_handler.rb
+++ b/app/controllers/concerns/access_denied_handler.rb
@@ -4,7 +4,7 @@ module AccessDeniedHandler
   included do
     rescue_from CanCan::AccessDenied do |exception|
       respond_to do |format|
-        format.html { redirect_to main_app.root_url, alert: exception.message }
+        format.html { redirect_to main_app.root_path, alert: exception.message }
         format.json { render json: { error: exception.message }, status: :forbidden }
       end
     end
diff --git a/app/controllers/management/users_controller.rb b/app/controllers/management/users_controller.rb
index 7a063e82e..93cb6f9bd 100644
--- a/app/controllers/management/users_controller.rb
+++ b/app/controllers/management/users_controller.rb
@@ -32,7 +32,7 @@ class Management::UsersController < Management::BaseController
 
   def logout
     destroy_session
-    redirect_to management_root_url, notice: t("management.sessions.signed_out_managed_user")
+    redirect_to management_root_path, notice: t("management.sessions.signed_out_managed_user")
   end
 
   private
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
index 67edc4e26..ccd3f8e1a 100644
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -36,7 +36,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
         set_flash_message(:notice, :success, kind: provider.to_s.capitalize) if is_navigational_format?
       else
         session["devise.#{provider}_data"] = auth
-        redirect_to new_user_registration_url
+        redirect_to new_user_registration_path
       end
     end
 
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index cb5e256af..56211a65f 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -26,7 +26,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
   def delete
     current_user.erase(erase_params[:erase_reason])
     sign_out
-    redirect_to root_url, notice: t("devise.registrations.destroyed")
+    redirect_to root_path, notice: t("devise.registrations.destroyed")
   end
 
   def success
diff --git a/app/helpers/direct_uploads_helper.rb b/app/helpers/direct_uploads_helper.rb
index d697b5127..54a6c958b 100644
--- a/app/helpers/direct_uploads_helper.rb
+++ b/app/helpers/direct_uploads_helper.rb
@@ -3,11 +3,13 @@ module DirectUploadsHelper
   def render_destroy_upload_link(direct_upload)
     label = direct_upload.resource_relation == "image" ? "images" : "documents"
     link_to t("#{label}.form.delete_button"),
-            direct_upload_destroy_url("direct_upload[resource_type]": direct_upload.resource_type,
-                                      "direct_upload[resource_id]": direct_upload.resource_id,
-                                      "direct_upload[resource_relation]": direct_upload.resource_relation,
-                                      "direct_upload[cached_attachment]": direct_upload.relation.cached_attachment,
-                                      format: :json),
+            direct_upload_destroy_path(
+              "direct_upload[resource_type]": direct_upload.resource_type,
+              "direct_upload[resource_id]": direct_upload.resource_id,
+              "direct_upload[resource_relation]": direct_upload.resource_relation,
+              "direct_upload[cached_attachment]": direct_upload.relation.cached_attachment,
+              format: :json
+            ),
             method: :delete,
             remote: true,
             class: "delete remove-cached-attachment"
diff --git a/app/helpers/documents_helper.rb b/app/helpers/documents_helper.rb
index 1386796bb..eeb517f46 100644
--- a/app/helpers/documents_helper.rb
+++ b/app/helpers/documents_helper.rb
@@ -19,13 +19,15 @@ module DocumentsHelper
   def render_destroy_document_link(builder, document)
     if !document.persisted? && document.cached_attachment.present?
       link_to t("documents.form.delete_button"),
-                  direct_upload_destroy_url("direct_upload[resource_type]": document.documentable_type,
-                                            "direct_upload[resource_id]": document.documentable_id,
-                                            "direct_upload[resource_relation]": "documents",
-                                            "direct_upload[cached_attachment]": document.cached_attachment),
-                  method: :delete,
-                  remote: true,
-                  class: "delete remove-cached-attachment"
+              direct_upload_destroy_path(
+                "direct_upload[resource_type]": document.documentable_type,
+                "direct_upload[resource_id]": document.documentable_id,
+                "direct_upload[resource_relation]": "documents",
+                "direct_upload[cached_attachment]": document.cached_attachment
+              ),
+              method: :delete,
+              remote: true,
+              class: "delete remove-cached-attachment"
     else
       link_to_remove_association document.new_record? ? t("documents.form.cancel_button") : t("documents.form.delete_button"), builder, class: "delete remove-document"
     end
@@ -38,15 +40,15 @@ module DocumentsHelper
                        accept: accepted_content_types_extensions(document.documentable_type.constantize),
                        class: "js-document-attachment",
                        data: {
-                         url: document_direct_upload_url(document),
+                         url: document_direct_upload_path(document),
                          nested_document: true
                        }
   end
 
-  def document_direct_upload_url(document)
-    direct_uploads_url("direct_upload[resource_type]": document.documentable_type,
-                       "direct_upload[resource_id]": document.documentable_id,
-                       "direct_upload[resource_relation]": "documents")
+  def document_direct_upload_path(document)
+    direct_uploads_path("direct_upload[resource_type]": document.documentable_type,
+                        "direct_upload[resource_id]": document.documentable_id,
+                        "direct_upload[resource_relation]": "documents")
   end
 
   def document_item_link(document)
diff --git a/app/helpers/images_helper.rb b/app/helpers/images_helper.rb
index 632634aee..4d5b620f2 100644
--- a/app/helpers/images_helper.rb
+++ b/app/helpers/images_helper.rb
@@ -28,10 +28,12 @@ module ImagesHelper
   def render_destroy_image_link(builder, image)
     if !image.persisted? && image.cached_attachment.present?
       link_to t("images.form.delete_button"),
-              direct_upload_destroy_url("direct_upload[resource_type]": image.imageable_type,
-                                        "direct_upload[resource_id]": image.imageable_id,
-                                        "direct_upload[resource_relation]": "image",
-                                        "direct_upload[cached_attachment]": image.cached_attachment),
+              direct_upload_destroy_path(
+                "direct_upload[resource_type]": image.imageable_type,
+                "direct_upload[resource_id]": image.imageable_id,
+                "direct_upload[resource_relation]": "image",
+                "direct_upload[cached_attachment]": image.cached_attachment
+              ),
               method: :delete,
               remote: true,
               class: "delete remove-cached-attachment"
@@ -47,7 +49,7 @@ module ImagesHelper
                        accept: imageable_accepted_content_types_extensions,
                        class: "js-image-attachment",
                        data: {
-                         url: image_direct_upload_url(imageable),
+                         url: image_direct_upload_path(imageable),
                          nested_image: true
                        }
   end
@@ -59,10 +61,10 @@ module ImagesHelper
                            show_caption: show_caption
   end
 
-  def image_direct_upload_url(imageable)
-    direct_uploads_url("direct_upload[resource_type]": imageable.class.name,
-                       "direct_upload[resource_id]": imageable.id,
-                       "direct_upload[resource_relation]": "image")
+  def image_direct_upload_path(imageable)
+    direct_uploads_path("direct_upload[resource_type]": imageable.class.name,
+                        "direct_upload[resource_id]": imageable.id,
+                        "direct_upload[resource_relation]": "image")
   end
 
 end
diff --git a/app/views/admin/poll/active_polls/edit.html.erb b/app/views/admin/poll/active_polls/edit.html.erb
index 6d8b39c67..a4cebcdcd 100644
--- a/app/views/admin/poll/active_polls/edit.html.erb
+++ b/app/views/admin/poll/active_polls/edit.html.erb
@@ -3,5 +3,5 @@
 <h2><%= t("admin.active_polls.edit.title") %></h2>
 
 <div class="polls-form">
-  <%= render "form", form_url: admin_active_polls_url(@active_poll) %>
+  <%= render "form", form_url: admin_active_polls_path(@active_poll) %>
 </div>
diff --git a/app/views/budgets/ballot/_investment_for_sidebar.html.erb b/app/views/budgets/ballot/_investment_for_sidebar.html.erb
index 82db87e87..a0c268a35 100644
--- a/app/views/budgets/ballot/_investment_for_sidebar.html.erb
+++ b/app/views/budgets/ballot/_investment_for_sidebar.html.erb
@@ -3,8 +3,8 @@
   <span><%= investment.formatted_price %></span>
 
   <% if @budget.balloting? %>
-    <%= link_to budget_ballot_line_url(id: investment.id,
-                                       investments_ids: investment_ids),
+    <%= link_to budget_ballot_line_path(id: investment.id,
+                                        investments_ids: investment_ids),
                 title: t("budgets.ballots.show.remove"),
                 class: "remove-investment-project",
                 method: :delete,
diff --git a/app/views/budgets/investments/_ballot.html.erb b/app/views/budgets/investments/_ballot.html.erb
index 73fe2fe8b..fb712b423 100644
--- a/app/views/budgets/investments/_ballot.html.erb
+++ b/app/views/budgets/investments/_ballot.html.erb
@@ -28,9 +28,9 @@
       </p>
       <% if investment.should_show_ballots? %>
         <%= link_to t("budgets.investments.investment.add"),
-                    budget_ballot_lines_url(investment_id: investment.id,
-                                            budget_id: investment.budget_id,
-                                            investments_ids: investment_ids),
+                    budget_ballot_lines_path(investment_id: investment.id,
+                                             budget_id: investment.budget_id,
+                                             investments_ids: investment_ids),
                     class: "button button-support small expanded",
                     title: t("budgets.investments.investment.support_title"),
                     method: :post,
diff --git a/app/views/budgets/investments/index.html.erb b/app/views/budgets/investments/index.html.erb
index d167cf53a..023fa1579 100644
--- a/app/views/budgets/investments/index.html.erb
+++ b/app/views/budgets/investments/index.html.erb
@@ -55,7 +55,7 @@
         </div>
       <% end %>
 
-      <%= render("shared/advanced_search", search_path: budget_investments_url(@budget)) %>
+      <%= render("shared/advanced_search", search_path: budget_investments_path(@budget)) %>
 
       <% if unfeasible_or_unselected_filter %>
         <ul class="no-bullet submenu">
diff --git a/app/views/dashboard/_form.html.erb b/app/views/dashboard/_form.html.erb
index 437451214..b40ff1943 100644
--- a/app/views/dashboard/_form.html.erb
+++ b/app/views/dashboard/_form.html.erb
@@ -11,8 +11,7 @@
 <% else %>
   <% if dashboard_action.request_to_administrators && !dashboard_action.requested_for?(proposal) %>
     <%= form_for @dashboard_executed_action,
-                 url: create_request_proposal_dashboard_action_url(proposal,
-                                                                   dashboard_action) do |f| %>
+                 url: create_request_proposal_dashboard_action_path(proposal, dashboard_action) do |f| %>
       <%= f.submit(class: "button", value: t("dashboard.form.request")) %>
     <% end %>
   <% end %>
diff --git a/app/views/legislation/proposals/edit.html.erb b/app/views/legislation/proposals/edit.html.erb
index 6d4761524..3fc7cd594 100644
--- a/app/views/legislation/proposals/edit.html.erb
+++ b/app/views/legislation/proposals/edit.html.erb
@@ -9,6 +9,6 @@
 
     <h1><%= t("proposals.edit.editing") %></h1>
 
-    <%= render "form", form_url: legislation_process_proposal_url(@proposal.legislation_process_id, @proposal) %>
+    <%= render "form", form_url: legislation_process_proposal_path(@proposal.legislation_process_id, @proposal) %>
   </div>
 </div>
diff --git a/app/views/legislation/proposals/new.html.erb b/app/views/legislation/proposals/new.html.erb
index 0ce9e2da7..058914f5d 100644
--- a/app/views/legislation/proposals/new.html.erb
+++ b/app/views/legislation/proposals/new.html.erb
@@ -5,6 +5,6 @@
 
     <h1><%= t("proposals.new.start_new") %></h1>
 
-    <%= render "legislation/proposals/form", form_url: legislation_process_proposals_url, id: @proposal.id %>
+    <%= render "legislation/proposals/form", form_url: legislation_process_proposals_path, id: @proposal.id %>
   </div>
 </div>
diff --git a/app/views/management/proposals/new.html.erb b/app/views/management/proposals/new.html.erb
index 4ec2ef483..5d6a21159 100644
--- a/app/views/management/proposals/new.html.erb
+++ b/app/views/management/proposals/new.html.erb
@@ -6,7 +6,7 @@
 
   <div class="small-12 medium-9 column end">
     <h2><%= t("management.proposals.create_proposal") %></h2>
-    <%= render "proposals/form", form_url: management_proposals_url %>
+    <%= render "proposals/form", form_url: management_proposals_path %>
   </div>
 
 </div>
diff --git a/app/views/proposals/edit.html.erb b/app/views/proposals/edit.html.erb
index 6e5b14a08..a615dda37 100644
--- a/app/views/proposals/edit.html.erb
+++ b/app/views/proposals/edit.html.erb
@@ -9,6 +9,6 @@
 
     <h1><%= t("proposals.edit.editing") %></h1>
 
-    <%= render "form", form_url: proposal_url(@proposal) %>
+    <%= render "form", form_url: proposal_path(@proposal) %>
   </div>
 </div>
diff --git a/app/views/proposals/new.html.erb b/app/views/proposals/new.html.erb
index 8c1da0eb9..f38b9f3ce 100644
--- a/app/views/proposals/new.html.erb
+++ b/app/views/proposals/new.html.erb
@@ -9,7 +9,7 @@
         <%= t("proposals.new.more_info") %>
       <% end %>
     </div>
-    <%= render "proposals/form", form_url: proposals_url %>
+    <%= render "proposals/form", form_url: proposals_path %>
   </div>
 
   <div class="small-12 medium-3 column">
diff --git a/app/views/shared/_map.html.erb b/app/views/shared/_map.html.erb
index c0ce63e68..f24269ded 100644
--- a/app/views/shared/_map.html.erb
+++ b/app/views/shared/_map.html.erb
@@ -20,7 +20,7 @@
         <% @geozones.each do |geozone| %>
           <area shape="poly"
                 coords="<%= geozone.html_map_coordinates %>"
-                href="<%= polymorphic_url(@resource, search: geozone.name) %>"
+                href="<%= polymorphic_path(@resource, search: geozone.name) %>"
                 title="<%= geozone.name %>"
                 alt="<%= geozone.name %>">
         <% end %>
diff --git a/app/views/shared/_suggest.html.erb b/app/views/shared/_suggest.html.erb
index 033c898fe..4bdeb6319 100644
--- a/app/views/shared/_suggest.html.erb
+++ b/app/views/shared/_suggest.html.erb
@@ -24,7 +24,7 @@
                 limit: @limit) %>
           </strong>
           <%= link_to t("shared.suggest.#{resource_name}.see_all"),
-                      polymorphic_url(resource_model, search: @search_terms) %>
+                      polymorphic_path(resource_model, search: @search_terms) %>
         </p>
       <% end %>
 
diff --git a/spec/features/campaigns_spec.rb b/spec/features/campaigns_spec.rb
index b2c5b60ed..6e3434120 100644
--- a/spec/features/campaigns_spec.rb
+++ b/spec/features/campaigns_spec.rb
@@ -9,8 +9,8 @@ describe "Email campaigns" do
   end
 
   scenario "Track email templates" do
-    3.times { visit root_url(track_id: campaign1.track_id) }
-    5.times { visit root_url(track_id: campaign2.track_id) }
+    3.times { visit root_path(track_id: campaign1.track_id) }
+    5.times { visit root_path(track_id: campaign2.track_id) }
 
     visit admin_stats_path
     click_link campaign1.name
@@ -24,8 +24,8 @@ describe "Email campaigns" do
   end
 
   scenario "Do not track erroneous track_ids" do
-    visit root_url(track_id: campaign1.track_id)
-    visit root_url(track_id: "999")
+    visit root_path(track_id: campaign1.track_id)
+    visit root_path(track_id: "999")
 
     visit admin_stats_path
     click_link campaign1.name