From 08a69c6168f2453afd35d42b18fdf25fa129b59f Mon Sep 17 00:00:00 2001
From: David Nguyen <davidngu28@gmail.com>
Date: Sat, 11 Jan 2025 22:31:59 +1100
Subject: [PATCH] fix: pending document edit (#1580)

Fix issue where you cannot edit a pending document when there is a CCer
recipient.
---
 .../server-only/recipient/set-document-recipients.ts  |  7 +++++--
 .../recipient/update-document-recipients.ts           |  7 +++++--
 packages/lib/utils/recipients.ts                      | 11 ++++++++++-
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/packages/lib/server-only/recipient/set-document-recipients.ts b/packages/lib/server-only/recipient/set-document-recipients.ts
index 7d260ef46..594fc4d1b 100644
--- a/packages/lib/server-only/recipient/set-document-recipients.ts
+++ b/packages/lib/server-only/recipient/set-document-recipients.ts
@@ -372,12 +372,15 @@ type RecipientData = {
 const hasRecipientBeenChanged = (recipient: Recipient, newRecipientData: RecipientData) => {
   const authOptions = ZRecipientAuthOptionsSchema.parse(recipient.authOptions);
 
+  const newRecipientAccessAuth = newRecipientData.accessAuth || null;
+  const newRecipientActionAuth = newRecipientData.actionAuth || null;
+
   return (
     recipient.email !== newRecipientData.email ||
     recipient.name !== newRecipientData.name ||
     recipient.role !== newRecipientData.role ||
     recipient.signingOrder !== newRecipientData.signingOrder ||
-    authOptions.accessAuth !== newRecipientData.accessAuth ||
-    authOptions.actionAuth !== newRecipientData.actionAuth
+    authOptions.accessAuth !== newRecipientAccessAuth ||
+    authOptions.actionAuth !== newRecipientActionAuth
   );
 };
diff --git a/packages/lib/server-only/recipient/update-document-recipients.ts b/packages/lib/server-only/recipient/update-document-recipients.ts
index d6dfae1ed..0a5372ddd 100644
--- a/packages/lib/server-only/recipient/update-document-recipients.ts
+++ b/packages/lib/server-only/recipient/update-document-recipients.ts
@@ -235,12 +235,15 @@ type RecipientData = {
 const hasRecipientBeenChanged = (recipient: Recipient, newRecipientData: RecipientData) => {
   const authOptions = ZRecipientAuthOptionsSchema.parse(recipient.authOptions);
 
+  const newRecipientAccessAuth = newRecipientData.accessAuth || null;
+  const newRecipientActionAuth = newRecipientData.actionAuth || null;
+
   return (
     recipient.email !== newRecipientData.email ||
     recipient.name !== newRecipientData.name ||
     recipient.role !== newRecipientData.role ||
     recipient.signingOrder !== newRecipientData.signingOrder ||
-    authOptions.accessAuth !== newRecipientData.accessAuth ||
-    authOptions.actionAuth !== newRecipientData.actionAuth
+    authOptions.accessAuth !== newRecipientAccessAuth ||
+    authOptions.actionAuth !== newRecipientActionAuth
   );
 };
diff --git a/packages/lib/utils/recipients.ts b/packages/lib/utils/recipients.ts
index eab5f963c..845a9e36a 100644
--- a/packages/lib/utils/recipients.ts
+++ b/packages/lib/utils/recipients.ts
@@ -8,8 +8,17 @@ export const formatSigningLink = (token: string) => `${NEXT_PUBLIC_WEBAPP_URL()}
  * Whether a recipient can be modified by the document owner.
  */
 export const canRecipientBeModified = (recipient: Recipient, fields: Field[]) => {
+  if (!recipient) {
+    return false;
+  }
+
+  // CCers can always be modified (unless document is completed).
+  if (recipient.role === RecipientRole.CC) {
+    return true;
+  }
+
   // Deny if the recipient has already signed the document.
-  if (!recipient || recipient.signingStatus === SigningStatus.SIGNED) {
+  if (recipient.signingStatus === SigningStatus.SIGNED) {
     return false;
   }