We were returning an (empty) association of users instead of empty
associations of proposals, debates or comments. The code worked because
in the end it returned an empty array, but looked weird nevertheless.
After commit 0214184b2, this method was only used in two places and was
only useful in one of them. IMHO it isn't worth it add a monkey-patch
for such a minor usage.
After upgrading to Chrome/Chromium 101, the test "Cross-Site Scripting
protection banner URL" was failing with the message:
Element <a>...</a> is not clickable (...) Other element would receive
the click: <div class="banner" style="background-color:#FF0000;">...</
div>
The reason was that, when using the structure of a link with one <h2>
and one <h3> inside, previous versions of Chrome/Chromium considered the
margin between the <h2> and the <h3> part of the link. Version 101 does
the same thing Firefox does and so clicking on the space between the
<h2> and the <h3> doesn't result in clicking the link.
In order to keep the previous behavior, we're adding a `display: block`
tag to a link.
Note that, in the future, we might change the structure of the banner,
since using <h3> as a subheading is discouraged by the W3C, and we
aren't sure about the usability of making the whole banner clickable.
But, for now, we're just fixing the issue so our test suite is green
again.
Since we've already got a banner component, we follow the convention of
using one CSS file per component. We also reduce the number of lines in
the huge layout.scss file.
Now the sections in layout.scss from "17" to "19", just like they jump
from "08" to "10".
Currently the application does not send any email to confirm the
account for already confirmed users. But we show a notice message
that may look like you will recive one:
"If your email address exists in our database, you will receive
an email with instructions for how to confirm your email address
in a few minutes."
In this commit we keep the original message, but send an email to
the user informing them that their account is now registered.
This way no one can know if someone else's account is confirmed and
we don't have to worry about GDPR either.
Co-Authored-By: taitus <sebastia.roig@gmail.com>
Add a help text on admin budget show page and improve text from Admin::Budgets::HelpComponent in order to
clarify its functionality when we are using the wizard.
Currently we were using the wizard component to edit a
phase when we were no longer in the wizard.
This was a bit strange, as it took us out of the context
and showed us information such as the
CreationTimelineComponent or the HelpComponent
that is meant for when navigating the Wizard.
We were showing the header when there were no search terms but there
were advanced search filters, unlike what we do for debates and
proposals. Besides, we were already hiding the header when there were
search terms, so it makes sense to hide it when using the advanced
search too.
We're using the `@search_terms` and `@advanced_search_terms` instance
variables in order to be consistent with what we do in the debates and
proposals sections.
In commit f374478dd, we enabled the possibility to use HTML in the
search results translations in order to add a <strong> tag to these
results. However, that meant we were also allowing HTML tags inside the
search term itself, and so it was possible to inject HTML on the page.
Stripping the HTML tags solves the issue.
Note the issue wasn't a high severity issue because tags such as
`<script>` weren't allowed since we were using the `sanitize` helper.
We were using very similar code for proposals, debates and investments,
so we might as well share the code between them.
Note we're using the `proposals.index.search_results` key even for
debates and investments. This will still work because the translations
shared the same text, but IMHO we should rename the key to something
like `shared.search_results_summary`. We aren't doing so because we'd
lose all the existing translations.
The background wasn't expanding to the edge of the page because we
forgot to do this when we did the same thing for proposals and debates
in commit 4c47eab60.
When using the advanced search in the debates and proposals sections, we
were not displaying the search term in the search results summary.
However, we were displaying it when using the advanced search in the
investments section.
Now we're doing the same thing everywhere.
It was added in commit 1db5a00ea, probably due to the Capistrano
configuration of the developer who wrote the code. On my machine, docker
compose crashed due to these lines.
By default, in order to increase performance during IO operations, Ruby
doesn't immediately write to the standard output but uses a buffer
internally and writes the output in chunks [1].
It looks like this results in some output being missed when running
Docker Compose [2], so we're activating the sync mode, which flushes all
output immediately.
[1] https://ruby-doc.org/core-2.6.5/IO.html#method-i-sync-3D
[2] See issue 1118 in the sinatra/sinatra repository
With one package in line and in alphabetic order, it's easier to see
which packages we're installing.
We're also applying the same formatting (taking from the Docker
documentation [1]) to other lines running multiple instructions.
[1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
Quoting the Docker documentation [1]:
> Always combine RUN apt-get update with apt-get install in the same RUN
> statement.
> (...)
> Using apt-get update alone in a RUN statement causes caching issues
> and subsequent apt-get install instructions fail.
> (...)
> Docker sees the initial and modified instructions as identical and
> reuses the cache from previous steps. As a result the apt-get update
> is not executed because the build uses the cached version. Because the
> apt-get update is not run, your build can potentially get an outdated
> version of the curl and nginx packages.
>
> Using RUN apt-get update && apt-get install -y ensures your Dockerfile
> installs the latest package versions with no further coding or manual
> intervention.
[1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
We aren't sure why this option was added; only that it was added with
macos and windows developers in mind.
Since we aren't sure about it, we're using the default `consistent`
option instead.
The --full-index option seemed to be causing caching issues on some
systems.
Since we don't know the reason why this option was added in the first
place, it might have some advantages. However, some people have reported
problems getting "version can no longer be found" errors for some gems
in this step, and documentation for Docker and Rails doesn't mention
this option at all.
When customizing CONSUL, one of the most common actions is adding a new
field to a form.
This requires modifying the permitted/allowed parameters. However, in
most cases, the method returning these parameters returned an instance
of `ActionController::Parameters`, so adding more parameters to it
wasn't easy.
So customizing the code required copying the method returning those
parameters and adding the new ones. For example:
```
def something_params
params.require(:something).permit(
:one_consul_attribute,
:another_consul_attribute,
:my_custom_attribute
)
end
```
This meant that, if the `something_params` method changed in CONSUL, the
customization of this method had to be updated as well.
So we're extracting the logic returning the parameters to a method which
returns an array. Now this code can be customized without copying the
original method:
```
alias_method :consul_allowed_params, :allowed_params
def allowed_params
consul_allowed_params + [:my_custom_attribute]
end
```
Since we were creating a new answer in the form, we weren't getting the
errors associated to the answer the administrator was trying to create,
and so we were skipping the test.
Using the answer which contains the information about validation errors
fixes the issue and so we don't have to skip the tests.
I'd say this feature is actually tested in the "proposal polls specific
validations"; the empty test was probably added by accident in commit
4b8cc85c4.
This way the tests won't appear as "pending" when running the test
suite, and so we get rid of a lot of noise in the test results. There
doesn't seem to be a way to call `skip` without the test being marked as
"pending".
Note that in the globalizable tests we need to build a factory before
deciding whether an atribute is required or not (particularly for the
milestone factory, since milestone attributes are required depending on
the presence of other attributes). This isn't possible before we're
inside the test, so we can't add an `if:` condition to the test. So
we're adding the condition inside the test instead. A minor
inconvenience of this method is the test still runs even when the
condition is `false`.
We define the available locales in the test environment, so Spanish is
always available in this environment even if it isn't available in the
production environment.
