[Backport] Allow users with admin level to the space to preview unpublished comp…

CHANGELOG.md

@@ -23,6 +23,10 @@ use the following command in your rails console : `Decidim::User.find_each { |us
 
 - **decidim-core**: Add shinier signature. [#186](https://github.com/OpenSourcePolitics/decidim/pull/186)
 
+**Backported**:
+
+- **decidim-core**: Allows users with admin access to preview unpublished components [\#209](https://github.com/OpenSourcePolitics/decidim/pull/209)
+
 ## [Unreleased](https://github.com/decidim/decidim/tree/0.11-stable)
 
 **Upgrade notes**:

decidim-core/app/permissions/decidim/permissions.rb

@@ -36,8 +36,10 @@ def locales_action?
     def component_public_action?
       return unless permission_action.subject == :component &&
                     permission_action.action == :read
-
-      toggle_allow(component.published?)
+      return allow! if component.published?
+      return allow! if user_can_admin_component?
+      return allow! if user_can_admin_component_via_space?
+      disallow!
     end
 
     def search_scope_action?
@@ -90,6 +92,33 @@ def not_already_active?(authorization)
       Verifications::Authorizations.new(organization: user.organization, user: user, name: authorization.name).none?
     end
 
+    def user_can_admin_component?
+      new_permission_action = Decidim::PermissionAction.new(
+        action: permission_action.action,
+        scope: :admin,
+        subject: permission_action.subject
+      )
+      Decidim::Admin::Permissions.new(user, new_permission_action, context).permissions.allowed?
+    rescue Decidim::PermissionAction::PermissionNotSetError
+      nil
+    end
+
+    def user_can_admin_component_via_space?
+      Decidim.participatory_space_manifests.any? do |manifest|
+        begin
+          new_permission_action = Decidim::PermissionAction.new(
+            action: permission_action.action,
+            scope: :admin,
+            subject: permission_action.subject
+          )
+          new_context = context.merge(current_participatory_space: component.participatory_space)
+          manifest.permissions_class.new(user, new_permission_action, new_context).permissions.allowed?
+        rescue Decidim::PermissionAction::PermissionNotSetError
+          nil
+        end
+      end
+    end
+
     def user_manager_permissions
       Decidim::UserManagerPermissions.new(user, permission_action, context).permissions
     end

decidim-core/spec/permissions/decidim/permissions_spec.rb

@@ -37,6 +37,7 @@
       { scope: :public, action: :read, subject: :component }
     end
     let(:context) { { current_component: component } }
+    let(:organization) { component.participatory_space.organization }
 
     context "when the component is published" do
       let(:component) { create :component, :published }
@@ -47,7 +48,24 @@
     context "when the component is not published" do
       let(:component) { create :component, :unpublished }
 
-      it { is_expected.to eq false }
+      context "when the user does not exist" do
+        it { is_expected.to eq false }
+      end
+      context "when the user has no admin access" do
+        let(:user) { create :user, organization: organization }
+
+        it { is_expected.to eq false }
+      end
+      context "when the user is an admin" do
+        let(:user) { create :user, :admin, organization: organization }
+
+        it { is_expected.to eq true }
+      end
+      context "when the space gives the user admin access" do
+        let(:user) { create :process_admin, participatory_process: component.participatory_space }
+
+        it { is_expected.to eq true }
+      end
     end
   end