Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-13 16:23:06 +10:00
Code Issues Packages Projects Releases Wiki Activity

fix: sign-able readonly fields (#1885)

Browse Source
This commit is contained in:
Catalin Pit
2025-07-10 09:47:36 +03:00
committed by GitHub
parent cb73d21e05
commit d6c11bd195
5 changed files with 39 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
packages/lib/server-only/field/sign-field-with-token.ts
View File

@ -1,5 +1,6 @@
import { DocumentStatus, FieldType, RecipientRole, SigningStatus } from '@prisma/client';
import { DateTime } from 'luxon';
import { isDeepEqual } from 'remeda';
import { match } from 'ts-pattern';
import { validateCheckboxField } from '@documenso/lib/advanced-fields-validation/validate-checkbox';
@ -10,6 +11,7 @@ import { validateTextField } from '@documenso/lib/advanced-fields-validation/val
import { fromCheckboxValue } from '@documenso/lib/universal/field-checkbox';
import { prisma } from '@documenso/prisma';
import { AUTO_SIGNABLE_FIELD_TYPES } from '../../constants/autosign';
import { DEFAULT_DOCUMENT_DATE_FORMAT } from '../../constants/date-formats';
import { DEFAULT_DOCUMENT_TIME_ZONE } from '../../constants/time-zones';
import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
@ -205,6 +207,29 @@ export const signFieldWithToken = async ({
throw new Error('Typed signatures are not allowed. Please draw your signature');
}
if (field.fieldMeta?.readOnly && !AUTO_SIGNABLE_FIELD_TYPES.includes(field.type)) {
// !: This is a bit of a hack at the moment, readonly fields with default values
// !: should be inserted with their default value on document creation instead of
// !: this weird programattic approach. Until that's fixed though this will verify
// !: that the programmatic signed value is only that of its default.
const isAutomaticSigningValueValid = match(field.fieldMeta)
.with({ type: 'text' }, (meta) => customText === meta.text)
.with({ type: 'number' }, (meta) => customText === meta.value)
.with({ type: 'checkbox' }, (meta) =>
isDeepEqual(
fromCheckboxValue(customText ?? ''),
meta.values?.filter((v) => v.checked).map((v) => v.value) ?? [],
),
)
.with({ type: 'radio' }, (meta) => customText === meta.values?.find((v) => v.checked)?.value)
.with({ type: 'dropdown' }, (meta) => customText === meta.defaultValue)
.otherwise(() => false);
if (!isAutomaticSigningValueValid) {
throw new Error('Field is read only and only accepts its default value for signing.');
}
}
const assistant = recipient.role === RecipientRole.ASSISTANT ? recipient : undefined;
return await prisma.$transaction(async (tx) => {