Add create authorization to initiative types

[eliegaboriau]

🎩 What? Why?

This PR offers the possibility to add an authorization handler on the creation of initiatives, according to the initiative type.
It asks for the authorization when choosing the initiative type, if an authorization handler has been chosen.
If there's only one initiative type, it asks for the authorization when clicking on "new initiative"

📌 Related Issues

Link your PR to an issue

• Fixes Configure authorization for initiative creation #9294

Testing

Describe the best way to test or validate your PR.
- Go to admin initiative type list
- Click on permissions for one
- Change the create permissions
- Go to initiative
- Click on create initiative
- See that under the initiative type you changed, it's written "verify your account to promote this initiative"
- Click on it
- See that it asks for an authorization

📋 Checklist

🚨 Please review the guidelines for contributing to this repository.

• ❓ CONSIDER adding a unit test if your PR resolves an issue.
• ✔️ DO check open PR's to avoid duplicates.
• ✔️ DO keep pull requests small so they can be easily reviewed.
• ✔️ DO build locally before pushing.
• ✔️ DO make sure tests pass.
• ✔️ DO make sure any new changes are documented in docs/.
• ✔️ DO add and modify seeds if necessary.
• ✔️ DO add CHANGELOG upgrade notes if required.
• ✔️ DO add to GraphQL API if there are new public fields.
• ✔️ DO add link to MetaDecidim if it's a new feature.
• ❌AVOID breaking the continuous integration build.
• ❌AVOID making significant changes to the overall architecture.

📷 Screenshots

Please add screenshots of the changes you're proposing
The screenshots are in the issue

♥️ Thank you!

[ahukkanen]

Looks great, thanks @eliegaboriau !

I just have one question, see below. I understand that you may have a valid reason to do this but just for me to understand us well, could you please explain?

[eliegaboriau]

Looks great, thanks @eliegaboriau !

It's actually not that great, we've seen that it's depend a lot on the "do not require authorization" configuration.
I'm gonna draft it to rewrite the spec

[ahukkanen]

@eliegaboriau Also a kind reminder to you that we are planning releasing 0.27 RC1 next week so if you'd like to incorporate this into the next release, we would need to get this done shortly.

If you cannot finish it shortly, no worries! It will then be part of the 0.28 release.

[eliegaboriau]

@eliegaboriau Also a kind reminder to you that we are planning releasing 0.27 RC1 next week so if you'd like to incorporate this into the next release, we would need to get this done shortly.

If you cannot finish it shortly, no worries! It will then be part of the 0.28 release.

Hello @ahukkanen
I'm trying to add everything i want to add today, hopefully we can add this in the next release

[eliegaboriau]

@ahukkanen It's okay for me, let me know if something's missing !

[ahukkanen]

@eliegaboriau There is one conflict, could you please resolve?

[ahukkanen]

I noticed one issue after the latest changes, could you please move the reveal to its own partial?

Also, there are some conflicts, could you resolve those?

After #9347, we also changed the default password to decidim123456789, so we also need to apply this change to the specs where you are logging in.

[eliegaboriau]

It should be okay now !

[ahukkanen]

Tested this and this works great!

The UX flow just feels weird when doing the following:

• Require authorization for initiative type creation (e.g. use the example authorization with the default configuration)
• Login with an unauthorized user account
• Go to create an initiative of the type that requires the authorization that you configured
• Authorize the user with the required authorization but provide authorization data that does not match the configurations of the configured authorization (e.g. use a different postal code than the required one)

After authorizing the account, I now see this:

If this happened, I would rather see some error message that my authorization data does not match the requirements.

But I also understand it is not in the scope of this PR, so we probably cannot do much about it. This is just how the authorizations work as they are decoupled from the sections that may or may not require an authorization.

When I click the "Verify your account to promote this initiative", I correctly see this popup as expected:

Therefore, I still get the information why I cannot vote but just the UX is pretty weird after the authorization action.

Regarding this particular PR, it's all good.

Even though this PR touches the participant facing UI, I will merge this as this has been already implemented way before the redesign guidelines were published and there were just some code cleanup happening at the final stage of the review. Also, the initiatives redesign has not started yet so I believe it won't do any harm merging this now.

Also FYI @eliegaboriau, for any further PRs, the guidelines are available at #9512 (if you didn't already know).