backport: Export authorization metadata to user extended data

OpenSourcePolitics · Sep 23, 2024 · 0de649f · 0de649f
1 parent 1d6f2db
commit 0de649f
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 1 deletion.
diff --git a/.env-example b/.env-example
@@ -39,4 +39,8 @@ DECIDIM_ADMIN_PASSWORD_STRONG="false"
 # PUMA_PRELOAD_APP=false
 
 # Override after confirmation path with custom route
-# AH_REDIRECT_AFTER_CONFIRMATION="/initiatives"
+# AH_REDIRECT_AFTER_CONFIRMATION="/initiatives"
+
+# Automatically save AH metadata to user extended data
+# Format : comma separated list of auhtorization handler names
+# AUTO_EXPORT_AUTHORIZATIONS_DATA_TO_USER_DATA_ENABLED_FOR="authorization1,authorization2"
diff --git a/app/jobs/authorization_data_to_user_data_job.rb b/app/jobs/authorization_data_to_user_data_job.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class AuthorizationDataToUserDataJob < ApplicationJob
+  queue_as :exports
+
+  def perform(*args)
+    Decidim::AuthorizationDataToUserDataService.run(*args)
+  end
+end
diff --git a/app/services/decidim/authorization_data_to_user_data_service.rb b/app/services/decidim/authorization_data_to_user_data_service.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Decidim
+  class AuthorizationDataToUserDataService
+    def self.run(**args)
+      new(**args).execute
+    end
+
+    def initialize(**args)
+      @name = args[:name]
+      @user = args[:user]
+    end
+
+    def execute
+      Decidim::Authorization.find_each(filter) do |authorization|
+        authorization.user.update(extended_data: authorization.user.extended_data.merge({ @name.to_s => authorization.metadata }))
+      end
+    end
+
+    def filter
+      @filter ||= {
+        name: @name,
+        user: @user
+      }.compact
+    end
+  end
+end
diff --git a/config/application.rb b/config/application.rb
@@ -51,6 +51,7 @@ class Application < Rails::Application
       require "extends/forms/decidim/admin/organization_appearance_form_extends"
       require "extends/omniauth/strategies/france_connect_extends"
       require "extends/forms/decidim/omniauth_registration_form_extend"
+      require "extends/models/decidim/authorization_extends"
     end
 
     initializer "session cookie domain", after: "Expire sessions" do

diff --git a/config/secrets.yml b/config/secrets.yml
@@ -13,6 +13,8 @@
 default: &default
   asset_host: <%= ENV["ASSET_HOST"] %>
   decidim:
+    authorizations:
+      export_data_to_userdata_enabled_for: <%= ENV.fetch("AUTO_EXPORT_AUTHORIZATIONS_DATA_TO_USER_DATA_ENABLED_FOR", "") %>
     reminder:
       unconfirmed_email:
         days: <%= ENV["DECIDIM_REMINDER_UNCONFIRMED_EMAIL_DAYS"]&.to_i || 2 %>

diff --git a/lib/extends/models/decidim/authorization_extends.rb b/lib/extends/models/decidim/authorization_extends.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+module AuthorizationExtends
+  extend ActiveSupport::Concern
+
+  included do
+    after_commit :export_to_user_extended_data, if: proc { |authorization|
+      Rails.application.secrets.dig(:decidim, :export_data_to_userdata_enabled_for)&.split(",")&.include?(authorization.name)
+    }
+
+    def export_to_user_extended_data
+      Decidim::AuthorizationDataToUserDataService.run(name: name, user: user)
+    end
+  end
+end
+
+Decidim::Authorization.include(AuthorizationExtends)
+
diff --git a/lib/tasks/authorizations.rake b/lib/tasks/authorizations.rake
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+namespace :authorizations do
+  task export_to_user_extended_data: :environment do
+    name = ENV["AUTHORIZATION_HANDLE_NAME"].presence
+    raise "AUTHORIZATION_HANDLE_NAME is blank." if name.blank?
+
+    raise "No data found for authorization handler name '#{name}'" unless Decidim::Authorization.exists?(name: name)
+
+    AuthorizationDataToUserDataJob.perform_later(name: name)
+  end
+end