We forgot to do so in commit 04605d5d5. Before that commit, we were
testing the links weren't displayed in the "informing" phase as opposed
to the "finished" phase. After that commit, they weren't displayed
anywhere since a <select> field was shown instead.
Since then, we've replaced the <select> field with the links generated
by the `Budgets::Investments::FiltersComponent`. We've already got tests
for these links.
We're going to make a change, and it's easier if we've already got a
component with tests so we don't have to write system tests to check
whether the map is rendered.
We were returning an (empty) association of users instead of empty
associations of proposals, debates or comments. The code worked because
in the end it returned an empty array, but looked weird nevertheless.
After commit 0214184b2, this method was only used in two places and was
only useful in one of them. IMHO it isn't worth it add a monkey-patch
for such a minor usage.
After upgrading to Chrome/Chromium 101, the test "Cross-Site Scripting
protection banner URL" was failing with the message:
Element <a>...</a> is not clickable (...) Other element would receive
the click: <div class="banner" style="background-color:#FF0000;">...</
div>
The reason was that, when using the structure of a link with one <h2>
and one <h3> inside, previous versions of Chrome/Chromium considered the
margin between the <h2> and the <h3> part of the link. Version 101 does
the same thing Firefox does and so clicking on the space between the
<h2> and the <h3> doesn't result in clicking the link.
In order to keep the previous behavior, we're adding a `display: block`
tag to a link.
Note that, in the future, we might change the structure of the banner,
since using <h3> as a subheading is discouraged by the W3C, and we
aren't sure about the usability of making the whole banner clickable.
But, for now, we're just fixing the issue so our test suite is green
again.
Since we've already got a banner component, we follow the convention of
using one CSS file per component. We also reduce the number of lines in
the huge layout.scss file.
Now the sections in layout.scss from "17" to "19", just like they jump
from "08" to "10".
Currently the application does not send any email to confirm the
account for already confirmed users. But we show a notice message
that may look like you will recive one:
"If your email address exists in our database, you will receive
an email with instructions for how to confirm your email address
in a few minutes."
In this commit we keep the original message, but send an email to
the user informing them that their account is now registered.
This way no one can know if someone else's account is confirmed and
we don't have to worry about GDPR either.
Co-Authored-By: taitus <sebastia.roig@gmail.com>
Add a help text on admin budget show page and improve text from Admin::Budgets::HelpComponent in order to
clarify its functionality when we are using the wizard.
Currently we were using the wizard component to edit a
phase when we were no longer in the wizard.
This was a bit strange, as it took us out of the context
and showed us information such as the
CreationTimelineComponent or the HelpComponent
that is meant for when navigating the Wizard.
We were showing the header when there were no search terms but there
were advanced search filters, unlike what we do for debates and
proposals. Besides, we were already hiding the header when there were
search terms, so it makes sense to hide it when using the advanced
search too.
We're using the `@search_terms` and `@advanced_search_terms` instance
variables in order to be consistent with what we do in the debates and
proposals sections.
In commit f374478dd, we enabled the possibility to use HTML in the
search results translations in order to add a <strong> tag to these
results. However, that meant we were also allowing HTML tags inside the
search term itself, and so it was possible to inject HTML on the page.
Stripping the HTML tags solves the issue.
Note the issue wasn't a high severity issue because tags such as
`<script>` weren't allowed since we were using the `sanitize` helper.
We were using very similar code for proposals, debates and investments,
so we might as well share the code between them.
Note we're using the `proposals.index.search_results` key even for
debates and investments. This will still work because the translations
shared the same text, but IMHO we should rename the key to something
like `shared.search_results_summary`. We aren't doing so because we'd
lose all the existing translations.
The background wasn't expanding to the edge of the page because we
forgot to do this when we did the same thing for proposals and debates
in commit 4c47eab60.
When using the advanced search in the debates and proposals sections, we
were not displaying the search term in the search results summary.
However, we were displaying it when using the advanced search in the
investments section.
Now we're doing the same thing everywhere.
It was added in commit 1db5a00ea, probably due to the Capistrano
configuration of the developer who wrote the code. On my machine, docker
compose crashed due to these lines.
By default, in order to increase performance during IO operations, Ruby
doesn't immediately write to the standard output but uses a buffer
internally and writes the output in chunks [1].
It looks like this results in some output being missed when running
Docker Compose [2], so we're activating the sync mode, which flushes all
output immediately.
[1] https://ruby-doc.org/core-2.6.5/IO.html#method-i-sync-3D
[2] See issue 1118 in the sinatra/sinatra repository
With one package in line and in alphabetic order, it's easier to see
which packages we're installing.
We're also applying the same formatting (taking from the Docker
documentation [1]) to other lines running multiple instructions.
[1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
Quoting the Docker documentation [1]:
> Always combine RUN apt-get update with apt-get install in the same RUN
> statement.
> (...)
> Using apt-get update alone in a RUN statement causes caching issues
> and subsequent apt-get install instructions fail.
> (...)
> Docker sees the initial and modified instructions as identical and
> reuses the cache from previous steps. As a result the apt-get update
> is not executed because the build uses the cached version. Because the
> apt-get update is not run, your build can potentially get an outdated
> version of the curl and nginx packages.
>
> Using RUN apt-get update && apt-get install -y ensures your Dockerfile
> installs the latest package versions with no further coding or manual
> intervention.
[1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
We aren't sure why this option was added; only that it was added with
macos and windows developers in mind.
Since we aren't sure about it, we're using the default `consistent`
option instead.
The --full-index option seemed to be causing caching issues on some
systems.
Since we don't know the reason why this option was added in the first
place, it might have some advantages. However, some people have reported
problems getting "version can no longer be found" errors for some gems
in this step, and documentation for Docker and Rails doesn't mention
this option at all.
