Add preview token system to surveys component

verarojman · verarojman · commit df10ffbad1e2 · 2020-07-01T18:31:13.000+02:00
diff --git a/decidim-core/app/controllers/decidim/components/base_controller.rb b/decidim-core/app/controllers/decidim/components/base_controller.rb
@@ -30,7 +30,7 @@ class BaseController < Decidim::ApplicationController
                     :current_manifest
 
       before_action do
-        enforce_permission_to :read, :component, component: current_component
+        enforce_permission_to :read, :component, component: current_component, preview_token: params[:token]
       end
 
       before_action :redirect_unless_feature_private
diff --git a/decidim-core/app/permissions/decidim/permissions.rb b/decidim-core/app/permissions/decidim/permissions.rb
@@ -45,6 +45,7 @@ def component_public_action?
       return unless permission_action.subject == :component &&
                     permission_action.action == :read
 
+      return allow! if can_preview_component?
       return allow! if component.published?
       return allow! if user_can_admin_component?
       return allow! if user_can_admin_component_via_space?
@@ -163,6 +164,10 @@ def user_can_admin_component?
       nil
     end
 
+    def can_preview_component?
+      allow! if component.settings.preview_token == context[:preview_token]
+    end
+
     def user_can_admin_component_via_space?
       Decidim.participatory_space_manifests.any? do |manifest|
         new_permission_action = Decidim::PermissionAction.new(
diff --git a/decidim-forms/app/controllers/decidim/forms/admin/concerns/has_questionnaire.rb b/decidim-forms/app/controllers/decidim/forms/admin/concerns/has_questionnaire.rb
@@ -77,7 +77,7 @@ def after_update_url
 
             # Implement this method in your controller to set the URL
             # where the questionnaire can be answered.
-            def public_url
+            def public_url(params)
               raise "#{self.class.name} is expected to implement #public_url"
             end
 
diff --git a/decidim-forms/app/views/decidim/forms/admin/questionnaires/_form.html.erb b/decidim-forms/app/views/decidim/forms/admin/questionnaires/_form.html.erb
@@ -4,7 +4,7 @@
       <%= t(".title") %>
       <% if allowed_to? :preview, :questionnaire %>
         <div class="button--title">
-          <%= link_to t(".preview"), public_url, class: "button tiny button--simple", target: :_blank %>
+          <%= link_to t(".preview"), public_url(token: questionnaire_for.try(:component).try(:settings).try(:preview_token)), class: "button tiny button--simple", target: :_blank %>
         </div>
       <% end %>
       <div class="button--title">
diff --git a/decidim-forms/app/views/decidim/forms/questionnaires/show.html.erb b/decidim-forms/app/views/decidim/forms/questionnaires/show.html.erb
@@ -20,7 +20,7 @@
   <div class="columns large-<%= columns %> medium-centered">
     <div class="card">
       <div class="card__content">
-       <% unless questionnaire_for.try(:component)&.try(:published?) %>
+       <% unless questionnaire_for.try(:component).try(:published?) %>
            <div class="section">
             <div class="callout warning">
               <p><%= t(".questionnaire_not_published.body") %></p>
diff --git a/decidim-meetings/app/controllers/decidim/meetings/admin/registration_form_controller.rb b/decidim-meetings/app/controllers/decidim/meetings/admin/registration_form_controller.rb
@@ -20,7 +20,7 @@ def after_update_url
         end
 
         def public_url
-          Decidim::EngineRouter.main_proxy(current_component).join_meeting_registration_path(meeting)
+          Decidim::EngineRouter.main_proxy(current_component).join_meeting_registration_path(meeting, **params)
         end
 
         private
diff --git a/decidim-surveys/app/controllers/decidim/surveys/admin/surveys_controller.rb b/decidim-surveys/app/controllers/decidim/surveys/admin/surveys_controller.rb
@@ -11,8 +11,8 @@ def questionnaire_for
           survey
         end
 
-        def public_url
-          Decidim::EngineRouter.main_proxy(current_component).survey_path(survey)
+        def public_url(params)
+          Decidim::EngineRouter.main_proxy(current_component).survey_path(survey, **params)
         end
 
         private
diff --git a/decidim-surveys/app/controllers/decidim/surveys/surveys_controller.rb b/decidim-surveys/app/controllers/decidim/surveys/surveys_controller.rb
@@ -8,8 +8,6 @@ class SurveysController < Decidim::Surveys::ApplicationController
       include Decidim::ComponentPathHelper
       helper Decidim::Surveys::SurveyHelper
 
-      delegate :allow_unregistered?, to: :current_settings
-
       before_action :check_permissions
 
       def check_permissions
@@ -25,6 +23,10 @@ def questionnaire_for
       def allow_answers?
         !current_component.published? || current_settings.allow_answers?
       end
+      
+      def allow_unregistered?
+        !current_component.published? || current_settings.allow_unregistered?
+      end
 
       def form_path
         main_component_path(current_component)
diff --git a/decidim-surveys/config/locales/en.yml b/decidim-surveys/config/locales/en.yml
@@ -22,6 +22,7 @@ en:
           global:
             announcement: Announcement
             clean_after_publish: Delete answers when publishing the survey
+            preview_token: Preview token
           step:
             allow_answers: Allow answers
             allow_unregistered: Allow unregistered users to answer the survey
diff --git a/decidim-surveys/lib/decidim/surveys/component.rb b/decidim-surveys/lib/decidim/surveys/component.rb
@@ -57,6 +57,7 @@
   component.settings(:global) do |settings|
     settings.attribute :announcement, type: :text, translated: true, editor: true
     settings.attribute :clean_after_publish, type: :boolean, default: true
+    settings.attribute :preview_token, type: :string, default: Digest::MD5.hexdigest(Time.now.to_s)
   end
 
   component.settings(:step) do |settings|
