Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-15 09:12:02 +10:00
Code Issues Packages Projects Releases Wiki Activity

feat: add envelope editor

Browse Source
This commit is contained in:
David Nguyen
2025-10-12 23:35:54 +11:00
parent bf89bc781b
commit 0da8e7dbc6
307 changed files with 24657 additions and 3681 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/lib/server-only/document/complete-document-with-token.ts
View File

@ -108,7 +108,7 @@ export const completeDocumentWithToken = async ({
const fields = await prisma.field.findMany({
where: {
envelopeId: envelope.id, // Todo: Envelopes - Need to support multi docs.
envelopeId: envelope.id,
recipientId: recipient.id,
},
});

6
packages/lib/server-only/document/delete-document.ts
View File

@ -20,14 +20,14 @@ import {
import type { ApiRequestMetadata } from '../../universal/extract-request-metadata';
import { isDocumentCompleted } from '../../utils/document';
import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
import { unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
import { type EnvelopeIdOptions, unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
import { getEmailContext } from '../email/get-email-context';
import { getMemberRoles } from '../team/get-member-roles';
import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
export type DeleteDocumentOptions = {
id: number;
id: EnvelopeIdOptions;
userId: number;
teamId: number;
requestMetadata: ApiRequestMetadata;
@ -53,7 +53,7 @@ export const deleteDocument = async ({
// Note: This is an unsafe request, we validate the ownership later in the function.
const envelope = await prisma.envelope.findUnique({
where: unsafeBuildEnvelopeIdQuery({ type: 'documentId', id }, EnvelopeType.DOCUMENT),
where: unsafeBuildEnvelopeIdQuery(id, EnvelopeType.DOCUMENT),
include: {
recipients: true,
documentMeta: true,

180
packages/lib/server-only/document/duplicate-document-by-id.ts
View File

@ -1,180 +0,0 @@
import type { Recipient } from '@prisma/client';
import { DocumentSource, EnvelopeType, WebhookTriggerEvents } from '@prisma/client';
import { omit } from 'remeda';
import { prisma } from '@documenso/prisma';
import { AppError, AppErrorCode } from '../../errors/app-error';
import {
ZWebhookDocumentSchema,
mapEnvelopeToWebhookDocumentPayload,
} from '../../types/webhook-payload';
import { nanoid, prefixedId } from '../../universal/id';
import type { EnvelopeIdOptions } from '../../utils/envelope';
import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
import { incrementDocumentId } from '../envelope/increment-id';
import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
export interface DuplicateDocumentOptions {
id: EnvelopeIdOptions;
userId: number;
teamId: number;
}
export const duplicateDocument = async ({ id, userId, teamId }: DuplicateDocumentOptions) => {
const { envelopeWhereInput } = await getEnvelopeWhereInput({
id,
type: EnvelopeType.DOCUMENT,
userId,
teamId,
});
const envelope = await prisma.envelope.findFirst({
where: envelopeWhereInput,
select: {
title: true,
userId: true,
envelopeItems: {
include: {
documentData: {
select: {
data: true,
initialData: true,
type: true,
},
},
},
},
authOptions: true,
visibility: true,
documentMeta: true,
recipients: {
select: {
email: true,
name: true,
role: true,
signingOrder: true,
fields: true,
},
},
teamId: true,
},
});
if (!envelope) {
throw new AppError(AppErrorCode.NOT_FOUND, {
message: 'Document not found',
});
}
const { documentId, formattedDocumentId } = await incrementDocumentId();
const createdDocumentMeta = await prisma.documentMeta.create({
data: {
...omit(envelope.documentMeta, ['id']),
emailSettings: envelope.documentMeta.emailSettings || undefined,
},
});
const duplicatedEnvelope = await prisma.envelope.create({
data: {
id: prefixedId('envelope'),
secondaryId: formattedDocumentId,
type: EnvelopeType.DOCUMENT,
userId,
teamId,
title: envelope.title,
documentMetaId: createdDocumentMeta.id,
authOptions: envelope.authOptions || undefined,
visibility: envelope.visibility,
source: DocumentSource.DOCUMENT,
},
include: {
recipients: true,
documentMeta: true,
},
});
// Key = original envelope item ID
// Value = duplicated envelope item ID.
const oldEnvelopeItemToNewEnvelopeItemIdMap: Record<string, string> = {};
// Duplicate the envelope items.
await Promise.all(
envelope.envelopeItems.map(async (envelopeItem) => {
const duplicatedDocumentData = await prisma.documentData.create({
data: {
type: envelopeItem.documentData.type,
data: envelopeItem.documentData.initialData,
initialData: envelopeItem.documentData.initialData,
},
});
const duplicatedEnvelopeItem = await prisma.envelopeItem.create({
data: {
id: prefixedId('envelope_item'),
title: envelopeItem.title,
envelopeId: duplicatedEnvelope.id,
documentDataId: duplicatedDocumentData.id,
},
});
oldEnvelopeItemToNewEnvelopeItemIdMap[envelopeItem.id] = duplicatedEnvelopeItem.id;
}),
);
const recipients: Recipient[] = [];
for (const recipient of envelope.recipients) {
const duplicatedRecipient = await prisma.recipient.create({
data: {
envelopeId: duplicatedEnvelope.id,
email: recipient.email,
name: recipient.name,
role: recipient.role,
signingOrder: recipient.signingOrder,
token: nanoid(),
fields: {
createMany: {
data: recipient.fields.map((field) => ({
envelopeId: duplicatedEnvelope.id,
envelopeItemId: oldEnvelopeItemToNewEnvelopeItemIdMap[field.envelopeItemId],
type: field.type,
page: field.page,
positionX: field.positionX,
positionY: field.positionY,
width: field.width,
height: field.height,
customText: '',
inserted: false,
fieldMeta: field.fieldMeta as PrismaJson.FieldMeta,
})),
},
},
},
});
recipients.push(duplicatedRecipient);
}
const refetchedEnvelope = await prisma.envelope.findFirstOrThrow({
where: {
id: duplicatedEnvelope.id,
},
include: {
documentMeta: true,
recipients: true,
},
});
await triggerWebhook({
event: WebhookTriggerEvents.DOCUMENT_CREATED,
data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(refetchedEnvelope)),
userId: userId,
teamId: teamId,
});
return {
documentId,
};
};

14
packages/lib/server-only/document/get-document-by-access-token.ts
View File

@ -23,6 +23,7 @@ export const getDocumentByAccessToken = async ({ token }: GetDocumentByAccessTok
select: {
id: true,
secondaryId: true,
internalVersion: true,
title: true,
completedAt: true,
team: {
@ -32,6 +33,11 @@ export const getDocumentByAccessToken = async ({ token }: GetDocumentByAccessTok
},
envelopeItems: {
select: {
id: true,
title: true,
order: true,
documentDataId: true,
envelopeId: true,
documentData: {
select: {
id: true,
@ -50,16 +56,18 @@ export const getDocumentByAccessToken = async ({ token }: GetDocumentByAccessTok
},
});
// Todo: Envelopes
if (!result.envelopeItems[0].documentData) {
const firstDocumentData = result.envelopeItems[0].documentData;
if (!firstDocumentData) {
throw new Error('Missing document data');
}
return {
id: mapSecondaryIdToDocumentId(result.secondaryId),
internalVersion: result.internalVersion,
title: result.title,
completedAt: result.completedAt,
documentData: result.envelopeItems[0].documentData,
envelopeItems: result.envelopeItems,
recipientCount: result._count.recipients,
documentTeamUrl: result.team.url,
};

2
packages/lib/server-only/document/get-document-by-token.ts
View File

@ -110,7 +110,6 @@ export const getDocumentAndSenderByToken = async ({
},
});
// Todo: Envelopes
const firstDocumentData = result.envelopeItems[0].documentData;
if (!firstDocumentData) {
@ -153,5 +152,6 @@ export const getDocumentAndSenderByToken = async ({
},
documentData: firstDocumentData,
id: legacyDocumentId,
envelopeId: result.id,
};
};

7
packages/lib/server-only/document/get-document-with-details-by-id.ts
View File

@ -23,7 +23,6 @@ export const getDocumentWithDetailsById = async ({
const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
// Todo: Envelopes
const firstDocumentData = envelope.envelopeItems[0].documentData;
if (!firstDocumentData) {
@ -32,7 +31,11 @@ export const getDocumentWithDetailsById = async ({
return {
...envelope,
documentData: firstDocumentData,
envelopeId: envelope.id,
documentData: {
...firstDocumentData,
envelopeItemId: envelope.envelopeItems[0].id,
},
id: legacyDocumentId,
fields: envelope.fields.map((field) => ({
...field,

11
packages/lib/server-only/document/is-recipient-authorized.ts
View File

@ -18,7 +18,7 @@ type IsRecipientAuthorizedOptions = {
// !: Probably find a better name than 'ACCESS_2FA' if requirements change.
type: 'ACCESS' | 'ACCESS_2FA' | 'ACTION';
documentAuthOptions: Envelope['authOptions'];
recipient: Pick<Recipient, 'authOptions' | 'email'>;
recipient: Pick<Recipient, 'authOptions' | 'email' | 'envelopeId'>;
/**
* The ID of the user who initiated the request.
@ -125,15 +125,8 @@ export const isRecipientAuthorized = async ({
}
if (type === 'ACCESS_2FA' && method === 'email') {
// Todo: Envelopes - Need to pass in the secondary ID to parse the document ID for.
if (!recipient.documentId) {
throw new AppError(AppErrorCode.NOT_FOUND, {
message: 'Document ID is required for email 2FA verification',
});
}
return await validateTwoFactorTokenFromEmail({
documentId: recipient.documentId,
envelopeId: recipient.envelopeId,
email: recipient.email,
code: token,
window: 10, // 5 minutes worth of tokens

10
packages/lib/server-only/document/resend-document.ts
View File

@ -25,12 +25,13 @@ import { getI18nInstance } from '../../client-only/providers/i18n-server';
import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
import { extractDerivedDocumentEmailSettings } from '../../types/document-email';
import { isDocumentCompleted } from '../../utils/document';
import type { EnvelopeIdOptions } from '../../utils/envelope';
import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
import { getEmailContext } from '../email/get-email-context';
import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
export type ResendDocumentOptions = {
documentId: number;
id: EnvelopeIdOptions;
userId: number;
recipients: number[];
teamId: number;
@ -38,7 +39,7 @@ export type ResendDocumentOptions = {
};
export const resendDocument = async ({
documentId,
id,
userId,
recipients,
teamId,
@ -56,10 +57,7 @@ export const resendDocument = async ({
});
const { envelopeWhereInput } = await getEnvelopeWhereInput({
id: {
type: 'documentId',
id: documentId,
},
id,
type: EnvelopeType.DOCUMENT,
userId,
teamId,

283
packages/lib/server-only/document/seal-document.ts
View File

@ -1,283 +0,0 @@
import {
DocumentStatus,
EnvelopeType,
RecipientRole,
SigningStatus,
WebhookTriggerEvents,
} from '@prisma/client';
import { nanoid } from 'nanoid';
import path from 'node:path';
import { PDFDocument } from 'pdf-lib';
import PostHogServerClient from '@documenso/lib/server-only/feature-flags/get-post-hog-server-client';
import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
import { prisma } from '@documenso/prisma';
import { signPdf } from '@documenso/signing';
import {
ZWebhookDocumentSchema,
mapEnvelopeToWebhookDocumentPayload,
} from '../../types/webhook-payload';
import type { RequestMetadata } from '../../universal/extract-request-metadata';
import { getFileServerSide } from '../../universal/upload/get-file.server';
import { putPdfFileServerSide } from '../../universal/upload/put-file.server';
import { fieldsContainUnsignedRequiredField } from '../../utils/advanced-fields-helpers';
import {
type EnvelopeIdOptions,
mapSecondaryIdToDocumentId,
unsafeBuildEnvelopeIdQuery,
} from '../../utils/envelope';
import { getAuditLogsPdf } from '../htmltopdf/get-audit-logs-pdf';
import { getCertificatePdf } from '../htmltopdf/get-certificate-pdf';
import { addRejectionStampToPdf } from '../pdf/add-rejection-stamp-to-pdf';
import { flattenAnnotations } from '../pdf/flatten-annotations';
import { flattenForm } from '../pdf/flatten-form';
import { insertFieldInPDF } from '../pdf/insert-field-in-pdf';
import { legacy_insertFieldInPDF } from '../pdf/legacy-insert-field-in-pdf';
import { normalizeSignatureAppearances } from '../pdf/normalize-signature-appearances';
import { getTeamSettings } from '../team/get-team-settings';
import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
import { sendCompletedEmail } from './send-completed-email';
export type SealDocumentOptions = {
id: EnvelopeIdOptions;
sendEmail?: boolean;
isResealing?: boolean;
requestMetadata?: RequestMetadata;
};
export const sealDocument = async ({
id,
sendEmail = true,
isResealing = false,
requestMetadata,
}: SealDocumentOptions) => {
const envelope = await prisma.envelope.findFirstOrThrow({
where: unsafeBuildEnvelopeIdQuery(id, EnvelopeType.DOCUMENT),
include: {
envelopeItems: {
select: {
id: true,
documentData: true,
},
include: {
field: {
include: {
signature: true,
},
},
},
},
documentMeta: true,
recipients: {
where: {
role: {
not: RecipientRole.CC,
},
},
},
},
});
// Todo: Envelopes
const envelopeItemToSeal = envelope.envelopeItems[0];
// Todo: Envelopes
if (envelope.envelopeItems.length !== 1 || !envelopeItemToSeal) {
throw new Error(`Document ${envelope.id} needs exactly 1 envelope item`);
}
const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
const documentData = envelopeItemToSeal.documentData;
const fields = envelopeItemToSeal.field; // Todo: Envelopes - This only takes in the first envelope item fields.
const recipients = envelope.recipients;
const settings = await getTeamSettings({
userId: envelope.userId,
teamId: envelope.teamId,
});
// Determine if the document has been rejected by checking if any recipient has rejected it
const rejectedRecipient = recipients.find(
(recipient) => recipient.signingStatus === SigningStatus.REJECTED,
);
const isRejected = Boolean(rejectedRecipient);
// Get the rejection reason from the rejected recipient
const rejectionReason = rejectedRecipient?.rejectionReason ?? '';
// If the document is not rejected, ensure all recipients have signed
if (
!isRejected &&
recipients.some((recipient) => recipient.signingStatus !== SigningStatus.SIGNED)
) {
throw new Error(`Envelope ${envelope.id} has unsigned recipients`);
}
// Skip the field check if the document is rejected
if (!isRejected && fieldsContainUnsignedRequiredField(fields)) {
throw new Error(`Document ${envelope.id} has unsigned required fields`);
}
if (isResealing) {
// If we're resealing we want to use the initial data for the document
// so we aren't placing fields on top of eachother.
documentData.data = documentData.initialData;
}
// !: Need to write the fields onto the document as a hard copy
const pdfData = await getFileServerSide(documentData);
const certificateData = settings.includeSigningCertificate
? await getCertificatePdf({
documentId: legacyDocumentId,
language: envelope.documentMeta.language,
}).catch((e) => {
console.log('Failed to get certificate PDF');
console.error(e);
return null;
})
: null;
const auditLogData = settings.includeAuditLog
? await getAuditLogsPdf({
documentId: legacyDocumentId,
language: envelope.documentMeta.language,
}).catch((e) => {
console.log('Failed to get audit logs PDF');
console.error(e);
return null;
})
: null;
const doc = await PDFDocument.load(pdfData);
// Normalize and flatten layers that could cause issues with the signature
normalizeSignatureAppearances(doc);
await flattenForm(doc);
flattenAnnotations(doc);
// Add rejection stamp if the document is rejected
if (isRejected && rejectionReason) {
await addRejectionStampToPdf(doc, rejectionReason);
}
if (certificateData) {
const certificate = await PDFDocument.load(certificateData);
const certificatePages = await doc.copyPages(certificate, certificate.getPageIndices());
certificatePages.forEach((page) => {
doc.addPage(page);
});
}
if (auditLogData) {
const auditLog = await PDFDocument.load(auditLogData);
const auditLogPages = await doc.copyPages(auditLog, auditLog.getPageIndices());
auditLogPages.forEach((page) => {
doc.addPage(page);
});
}
for (const field of fields) {
envelope.useLegacyFieldInsertion
? await legacy_insertFieldInPDF(doc, field)
: await insertFieldInPDF(doc, field);
}
// Re-flatten post-insertion to handle fields that create arcoFields
await flattenForm(doc);
const pdfBytes = await doc.save();
const pdfBuffer = await signPdf({ pdf: Buffer.from(pdfBytes) });
// Todo: Envelopes use EnvelopeItem title instead.
const { name } = path.parse(envelope.title);
// Add suffix based on document status
const suffix = isRejected ? '_rejected.pdf' : '_signed.pdf';
const { data: newData } = await putPdfFileServerSide({
name: `${name}${suffix}`,
type: 'application/pdf',
arrayBuffer: async () => Promise.resolve(pdfBuffer),
});
const postHog = PostHogServerClient();
if (postHog) {
postHog.capture({
distinctId: nanoid(),
event: 'App: Document Sealed',
properties: {
documentId: envelope.id,
isRejected,
},
});
}
await prisma.$transaction(async (tx) => {
await tx.envelope.update({
where: {
id: envelope.id,
},
data: {
status: isRejected ? DocumentStatus.REJECTED : DocumentStatus.COMPLETED,
completedAt: new Date(),
},
});
await tx.documentData.update({
where: {
id: documentData.id,
},
data: {
data: newData,
},
});
await tx.documentAuditLog.create({
data: createDocumentAuditLogData({
type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
envelopeId: envelope.id,
requestMetadata,
user: null,
data: {
transactionId: nanoid(),
...(isRejected ? { isRejected: true, rejectionReason } : {}),
},
}),
});
});
if (sendEmail && !isResealing) {
await sendCompletedEmail({ id, requestMetadata });
}
const updatedDocument = await prisma.envelope.findFirstOrThrow({
where: {
id: envelope.id,
},
include: {
documentMeta: true,
recipients: true,
},
});
await triggerWebhook({
event: isRejected
? WebhookTriggerEvents.DOCUMENT_REJECTED
: WebhookTriggerEvents.DOCUMENT_COMPLETED,
data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(updatedDocument)),
userId: envelope.userId,
teamId: envelope.teamId ?? undefined,
});
};

81
packages/lib/server-only/document/send-document.ts
View File

@ -1,3 +1,4 @@
import type { DocumentData, Envelope, EnvelopeItem } from '@prisma/client';
import {
DocumentSigningOrder,
DocumentStatus,
@ -64,6 +65,7 @@ export const sendDocument = async ({
type: true,
id: true,
data: true,
initialData: true,
},
},
},
@ -100,46 +102,16 @@ export const sendDocument = async ({
recipientsToNotify.filter((r) => r.sendStatus !== SendStatus.SENT);
}
const envelopeItem = envelope.envelopeItems[0];
const documentData = envelopeItem?.documentData;
// Todo: Envelopes
if (!envelopeItem || !documentData || envelope.envelopeItems.length !== 1) {
throw new Error('Invalid document data');
if (envelope.envelopeItems.length === 0) {
throw new Error('Missing envelope items');
}
// Todo: Envelopes need to support multiple envelope items.
if (envelope.formValues) {
const file = await getFileServerSide(documentData);
const prefilled = await insertFormValuesInPdf({
pdf: Buffer.from(file),
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions
formValues: envelope.formValues as Record<string, string | number | boolean>,
});
let fileName = envelope.title;
if (!envelope.title.endsWith('.pdf')) {
fileName = `${envelope.title}.pdf`;
}
const newDocumentData = await putPdfFileServerSide({
name: fileName,
type: 'application/pdf',
arrayBuffer: async () => Promise.resolve(prefilled),
});
const result = await prisma.envelopeItem.update({
where: {
id: envelopeItem.id,
},
data: {
documentDataId: newDocumentData.id,
},
});
Object.assign(document, result);
await Promise.all(
envelope.envelopeItems.map(async (envelopeItem) => {
await injectFormValuesIntoDocument(envelope, envelopeItem);
}),
);
}
// Commented out server side checks for minimum 1 signature per signer now since we need to
@ -255,3 +227,38 @@ export const sendDocument = async ({
return updatedEnvelope;
};
const injectFormValuesIntoDocument = async (
envelope: Envelope,
envelopeItem: Pick<EnvelopeItem, 'id'> & { documentData: DocumentData },
) => {
const file = await getFileServerSide(envelopeItem.documentData);
const prefilled = await insertFormValuesInPdf({
pdf: Buffer.from(file),
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions
formValues: envelope.formValues as Record<string, string | number | boolean>,
});
let fileName = envelope.title;
if (!envelope.title.endsWith('.pdf')) {
fileName = `${envelope.title}.pdf`;
}
const newDocumentData = await putPdfFileServerSide({
name: fileName,
type: 'application/pdf',
arrayBuffer: async () => Promise.resolve(prefilled),
});
await prisma.envelopeItem.update({
where: {
id: envelopeItem.id,
},
data: {
// Todo: Envelopes [PRE-MAIN] - Should this also replace the initial data? Because if it's resealed we use the initial data thus lose the form values.
documentDataId: newDocumentData.id,
},
});
};

286
packages/lib/server-only/document/update-document.ts
View File

@ -1,286 +0,0 @@
import type { DocumentVisibility, Prisma } from '@prisma/client';
import { EnvelopeType, FolderType } from '@prisma/client';
import { DocumentStatus } from '@prisma/client';
import { isDeepEqual } from 'remeda';
import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
import type { CreateDocumentAuditLogDataResponse } from '@documenso/lib/utils/document-audit-logs';
import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
import { prisma } from '@documenso/prisma';
import { TEAM_DOCUMENT_VISIBILITY_MAP } from '../../constants/teams';
import { AppError, AppErrorCode } from '../../errors/app-error';
import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
import { createDocumentAuthOptions, extractDocumentAuthMethods } from '../../utils/document-auth';
import { buildTeamWhereQuery, canAccessTeamDocument } from '../../utils/teams';
import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
export type UpdateDocumentOptions = {
userId: number;
teamId: number;
documentId: number;
data?: {
title?: string;
externalId?: string | null;
visibility?: DocumentVisibility | null;
globalAccessAuth?: TDocumentAccessAuthTypes[];
globalActionAuth?: TDocumentActionAuthTypes[];
useLegacyFieldInsertion?: boolean;
folderId?: string | null;
};
requestMetadata: ApiRequestMetadata;
};
export const updateDocument = async ({
userId,
teamId,
documentId,
data,
requestMetadata,
}: UpdateDocumentOptions) => {
const { envelopeWhereInput, team } = await getEnvelopeWhereInput({
id: {
type: 'documentId',
id: documentId,
},
type: EnvelopeType.DOCUMENT,
userId,
teamId,
});
const envelope = await prisma.envelope.findFirst({
where: envelopeWhereInput,
include: {
team: {
select: {
organisation: {
select: {
organisationClaim: true,
},
},
},
},
},
});
if (!envelope) {
throw new AppError(AppErrorCode.NOT_FOUND, {
message: 'Document not found',
});
}
const isEnvelopeOwner = envelope.userId === userId;
// Validate whether the new visibility setting is allowed for the current user.
if (
!isEnvelopeOwner &&
data?.visibility &&
!canAccessTeamDocument(team.currentTeamRole, data.visibility)
) {
throw new AppError(AppErrorCode.UNAUTHORIZED, {
message: 'You do not have permission to update the document visibility',
});
}
// If no data just return the document since this function is normally chained after a meta update.
if (!data || Object.values(data).length === 0) {
return envelope;
}
let folderUpdateQuery: Prisma.FolderUpdateOneWithoutEnvelopesNestedInput | undefined = undefined;
// Validate folder ID.
if (data.folderId) {
const folder = await prisma.folder.findFirst({
where: {
id: data.folderId,
team: buildTeamWhereQuery({
teamId,
userId,
}),
type: FolderType.DOCUMENT,
visibility: {
in: TEAM_DOCUMENT_VISIBILITY_MAP[team.currentTeamRole],
},
},
});
if (!folder) {
throw new AppError(AppErrorCode.NOT_FOUND, {
message: 'Folder not found',
});
}
folderUpdateQuery = {
connect: {
id: data.folderId,
},
};
}
// Move to root folder if folderId is null.
if (data.folderId === null) {
folderUpdateQuery = {
disconnect: true,
};
}
const { documentAuthOption } = extractDocumentAuthMethods({
documentAuth: envelope.authOptions,
});
const documentGlobalAccessAuth = documentAuthOption?.globalAccessAuth ?? null;
const documentGlobalActionAuth = documentAuthOption?.globalActionAuth ?? null;
// If the new global auth values aren't passed in, fallback to the current document values.
const newGlobalAccessAuth =
data?.globalAccessAuth === undefined ? documentGlobalAccessAuth : data.globalAccessAuth;
const newGlobalActionAuth =
data?.globalActionAuth === undefined ? documentGlobalActionAuth : data.globalActionAuth;
// Check if user has permission to set the global action auth.
if (newGlobalActionAuth.length > 0 && !envelope.team.organisation.organisationClaim.flags.cfr21) {
throw new AppError(AppErrorCode.UNAUTHORIZED, {
message: 'You do not have permission to set the action auth',
});
}
const isTitleSame = data.title === undefined || data.title === envelope.title;
const isExternalIdSame = data.externalId === undefined || data.externalId === envelope.externalId;
const isGlobalAccessSame =
documentGlobalAccessAuth === undefined ||
isDeepEqual(documentGlobalAccessAuth, newGlobalAccessAuth);
const isGlobalActionSame =
documentGlobalActionAuth === undefined ||
isDeepEqual(documentGlobalActionAuth, newGlobalActionAuth);
const isDocumentVisibilitySame =
data.visibility === undefined || data.visibility === envelope.visibility;
const isFolderSame = data.folderId === undefined || data.folderId === envelope.folderId;
const auditLogs: CreateDocumentAuditLogDataResponse[] = [];
if (!isTitleSame && envelope.status !== DocumentStatus.DRAFT) {
throw new AppError(AppErrorCode.INVALID_BODY, {
message: 'You cannot update the title if the document has been sent',
});
}
if (!isTitleSame) {
auditLogs.push(
createDocumentAuditLogData({
type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_TITLE_UPDATED,
envelopeId: envelope.id,
metadata: requestMetadata,
data: {
from: envelope.title,
to: data.title || '',
},
}),
);
}
if (!isExternalIdSame) {
auditLogs.push(
createDocumentAuditLogData({
type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_EXTERNAL_ID_UPDATED,
envelopeId: envelope.id,
metadata: requestMetadata,
data: {
from: envelope.externalId,
to: data.externalId || '',
},
}),
);
}
if (!isGlobalAccessSame) {
auditLogs.push(
createDocumentAuditLogData({
type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACCESS_UPDATED,
envelopeId: envelope.id,
metadata: requestMetadata,
data: {
from: documentGlobalAccessAuth,
to: newGlobalAccessAuth,
},
}),
);
}
if (!isGlobalActionSame) {
auditLogs.push(
createDocumentAuditLogData({
type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACTION_UPDATED,
envelopeId: envelope.id,
metadata: requestMetadata,
data: {
from: documentGlobalActionAuth,
to: newGlobalActionAuth,
},
}),
);
}
if (!isDocumentVisibilitySame) {
auditLogs.push(
createDocumentAuditLogData({
type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_VISIBILITY_UPDATED,
envelopeId: envelope.id,
metadata: requestMetadata,
data: {
from: envelope.visibility,
to: data.visibility || '',
},
}),
);
}
// Todo: Decide if we want to log moving the document around.
// if (!isFolderSame) {
// auditLogs.push(
// createDocumentAuditLogData({
// type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_FOLDER_UPDATED,
// envelopeId: envelope.id,
// metadata: requestMetadata,
// data: {
// from: envelope.folderId,
// to: data.folderId || '',
// },
// }),
// );
// }
// Early return if nothing is required.
if (auditLogs.length === 0 && data.useLegacyFieldInsertion === undefined && isFolderSame) {
return envelope;
}
return await prisma.$transaction(async (tx) => {
const authOptions = createDocumentAuthOptions({
globalAccessAuth: newGlobalAccessAuth,
globalActionAuth: newGlobalActionAuth,
});
const updatedDocument = await tx.envelope.update({
where: {
id: envelope.id,
type: EnvelopeType.DOCUMENT,
},
data: {
title: data.title,
externalId: data.externalId,
visibility: data.visibility as DocumentVisibility,
useLegacyFieldInsertion: data.useLegacyFieldInsertion,
authOptions,
folder: folderUpdateQuery,
},
});
await tx.documentAuditLog.createMany({
data: auditLogs,
});
return updatedDocument;
});
};

2
packages/lib/server-only/document/validate-field-auth.ts
View File

@ -7,7 +7,7 @@ import { isRecipientAuthorized } from './is-recipient-authorized';
export type ValidateFieldAuthOptions = {
documentAuthOptions: Envelope['authOptions'];
recipient: Pick<Recipient, 'authOptions' | 'email'>;
recipient: Pick<Recipient, 'authOptions' | 'email' | 'envelopeId'>;
field: Field;
userId?: number;
authOptions?: TRecipientActionAuth;