mirror of
https://github.com/LibreSign/libresign.git
synced 2025-12-18 05:20:45 +01:00
ca7339e078
Filter out sign_requests with status DRAFT (0) in the file list endpoint when the user is not the file owner. This ensures that signers do not see documents where their sign_request is in DRAFT status, unless they are the requester (owner) of the document. The filter is applied in the getFilesAssociatedFilesWithMeQueryBuilder method by adding conditions to exclude: - Files with status DRAFT (0) - Sign requests with status DRAFT (0) Only when the user is not the file owner (not matching f.user_id). This change affects only the /api/v1/file/list endpoint and does not impact other file access methods or signature flows. Ref: Security improvement to prevent premature document visibility Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| Activity | ||
| AppInfo | ||
| BackgroundJob | ||
| Collaboration/Collaborators | ||
| Command | ||
| Controller | ||
| DataObjects | ||
| Dav | ||
| Db | ||
| Enum | ||
| Events | ||
| Exception | ||
| Files | ||
| Handler | ||
| Helper | ||
| Listener | ||
| Middleware | ||
| Migration | ||
| Notification | ||
| Service | ||
| Settings | ||
| Capabilities.php | ||
| ResponseDefinitions.php | ||