Depending on the size of the window, these images can look pretty bad
when they're displayed right after some text, since on GitBook they
might appear in the middle of the paragraph.
While this leads to a bit of duplication, since now the same code is in
both the Spanish and English texts, and it makes it harder to actually
run the code, it'll make it easier for people reading the documentation
to find the code, and we get rid of the confusingly-named `doc/` folder.
We don't use the `config/api.yml` file since commit c984e666f, and the
`.delete("\n").delete(" ")` in the code examples isn't necessary (we
should have probably added it in commit 56e42f209).
We're also changing the responses so there are no references to any
specific city.
We accidentally removed the code for maximum complexity in commit
c984e666f. As mentioned in the documentation:
> The main risk factor is multiple collections of resources being
> requested in the same query.
We reject these requests by limiting the complexity.
The `max_complexity` option depends on the page size being set. Without
it, we get an error:
```
Can't calculate complexity for User.public_debates, no `first:`,
`last:`, `max_page_size` or `default_max_page_size`
```
So we're also adding a default max page size.
Note that the documentation mentioned that the default page size was 25.
However, before commit c984e666f, we were using a page size of 50 in
some cases. We're going with the one mentioned in the documentation
since we don't fully understand the old code.
We accidentally removed this code in commit c984e666f. As mentioned in
our GraphQL documentation, limiting the depth of the queries helps
against DoS attacks.
When returning a collection of records in the API, we were making sure
we only returned public ones. However, when returning individual
records, we were not checking that.
In practice, this wasn't a big issue, since most `public_for_api`
methods return all records, but it could affect Consul Democracy
installations which might have customized their `public_for_api` method.
The only exception was the `budget` method, since it was returning
budgets that were still in drafting.
Back in commit c984e666f, we reorganized the code related to the GraphQL
API, but we didn't reorganize the tests.
So we're doing it now, since we're going to fix a potential issue and
add some tests for it.
These tests were always passing because they were stubbing the response
of the same method they were testing. For example, we were testing the
result of `Comment.public_for_api` and stubbing it at the same time.
So we're now stubbing the result of the associations; for example, in
order to test `Comment.public_for_api`, we're stubbing the response of
`Debate.public_for_api`. Now the tests fail if, for instance, the
implementation of `Comment.public_for_api` returns all comments.
- added 2 new types
- modified the models to get data through graphQL
- modified the corresponding spec
- also testing that hidden comments do not show up
- modified comments specs bc now it returns comments on budget
investments
The keys to configure Omniauth for WordPress were only added
to the production environment, so we unified all the keys across
the staging and preproduction environments.
Most of it was up-to-date, except for the fact that Consul Democracy
already uses Rails 7.0 and that it's possible to use different languages
per tenant since commit 6de4737b7.
