plugins-nextcloud-mirror/libresign
1
0
Fork 0
mirror of https://github.com/LibreSign/libresign.git synced 2025-12-18 05:20:45 +01:00
Code Projects Releases Activity

Merge pull request #6139 from LibreSign/fix/filter-draft-sign-requests-in-list

Browse source 
fix: prevent signers from seeing files with DRAFT sign_request status
This commit is contained in:
Vitor Mattos 2025-12-11 18:31:44 -03:00 committed by GitHub
commit 778067f5f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 19 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/Db/SignRequestMapper.php
View file

@ -528,7 +528,9 @@ class SignRequestMapper extends QBMapper {
$qb->expr()->eq('f.user_id', $qb->createNamedParameter($userId)), $qb->expr()->eq('f.user_id', $qb->createNamedParameter($userId)),
$qb->expr()->andX( $qb->expr()->andX(
$qb->expr()->eq('im.identifier_key', $qb->createNamedParameter(IdentifyMethodService::IDENTIFY_ACCOUNT)), $qb->expr()->eq('im.identifier_key', $qb->createNamedParameter(IdentifyMethodService::IDENTIFY_ACCOUNT)),
$qb->expr()->eq('im.identifier_value', $qb->createNamedParameter($userId)) $qb->expr()->eq('im.identifier_value', $qb->createNamedParameter($userId)),
$qb->expr()->neq('f.status', $qb->createNamedParameter(File::STATUS_DRAFT)),
$qb->expr()->neq('sr.status', $qb->createNamedParameter(SignRequestStatus::DRAFT->value)),
) )
]; ];
$qb->where($qb->expr()->orX(...$or))->andWhere($qb->expr()->isNull('id.id')); $qb->where($qb->expr()->orX(...$or))->andWhere($qb->expr()->isNull('id.id'));

27
tests/integration/features/sign/sequential_signing.feature
View file

@ -43,21 +43,26 @@ Feature: sequential-signing
| users | [{"identify":{"account":"signer1"},"signingOrder":1},{"identify":{"account":"signer2"},"signingOrder":2}] | | users | [{"identify":{"account":"signer1"},"signingOrder":1},{"identify":{"account":"signer2"},"signingOrder":2}] |
| name | Sequential Document | | name | Sequential Document |
Then the response should have a status code 200 Then the response should have a status code 200
And as user "signer2" # Signer2 should NOT see the file yet (their sign_request is in DRAFT status)
And sending "get" to ocs "/apps/libresign/api/v1/file/list" Given as user "signer2"
And the response should have a status code 200 When sending "get" to ocs "/apps/libresign/api/v1/file/list"
And fetch field "(SIGN_UUID_2)ocs.data.data.0.signers.1.sign_uuid" from previous JSON response Then the response should have a status code 200
When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_2>" And the response should be a JSON array with the following mandatory values
| method | clickToSign | | key | value |
Then the response should have a status code 422 | (jq).ocs.data.data\|length | 0 |
And as user "signer1" # Signer1 can see and sign the document
And sending "get" to ocs "/apps/libresign/api/v1/file/list" Given as user "signer1"
And the response should have a status code 200 When sending "get" to ocs "/apps/libresign/api/v1/file/list"
Then the response should have a status code 200
And fetch field "(SIGN_UUID_1)ocs.data.data.0.signers.0.sign_uuid" from previous JSON response And fetch field "(SIGN_UUID_1)ocs.data.data.0.signers.0.sign_uuid" from previous JSON response
When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_1>" When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_1>"
| method | clickToSign | | method | clickToSign |
Then the response should have a status code 200 Then the response should have a status code 200
And as user "signer2" # After signer1 signs, signer2 should now see the file and be able to sign
Given as user "signer2"
When sending "get" to ocs "/apps/libresign/api/v1/file/list"
Then the response should have a status code 200
And fetch field "(SIGN_UUID_2)ocs.data.data.0.signers.1.sign_uuid" from previous JSON response
When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_2>" When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_2>"
| method | clickToSign | | method | clickToSign |
Then the response should have a status code 200 Then the response should have a status code 200