No OneTemporary
Actions

Size

27 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/legalpad/controller/LegalpadDocumentSignController.php b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	index b79af05bca..faafe0ee3f 100644
	--- a/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	+++ b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	@@ -1,681 +1,685 @@
	<?php

	final class LegalpadDocumentSignController extends LegalpadController {

	public function shouldAllowPublic() {
	return true;
	}

	+ public function shouldAllowLegallyNonCompliantUsers() {
	+ return true;
	+ }
	+
	public function handleRequest(AphrontRequest $request) {
	$viewer = $request->getUser();

	$document = id(new LegalpadDocumentQuery())
	->setViewer($viewer)
	->withIDs(array($request->getURIData('id')))
	->needDocumentBodies(true)
	->executeOne();
	if (!$document) {
	return new Aphront404Response();
	}

	list($signer_phid, $signature_data) = $this->readSignerInformation(
	$document,
	$request);

	$signature = null;

	$type_individual = LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL;
	$is_individual = ($document->getSignatureType() == $type_individual);
	switch ($document->getSignatureType()) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	// nothing to sign means this should be true
	$has_signed = true;
	// this is a status UI element
	$signed_status = null;
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	if ($signer_phid) {
	// TODO: This is odd and should probably be adjusted after
	// grey/external accounts work better, but use the omnipotent
	// viewer to check for a signature so we can pick up
	// anonymous/grey signatures.

	$signature = id(new LegalpadDocumentSignatureQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withDocumentPHIDs(array($document->getPHID()))
	->withSignerPHIDs(array($signer_phid))
	->executeOne();

	if ($signature && !$viewer->isLoggedIn()) {
	return $this->newDialog()
	->setTitle(pht('Already Signed'))
	->appendParagraph(pht('You have already signed this document!'))
	->addCancelButton('/'.$document->getMonogram(), pht('Okay'));
	}
	}

	$signed_status = null;
	if (!$signature) {
	$has_signed = false;
	$signature = id(new LegalpadDocumentSignature())
	->setSignerPHID($signer_phid)
	->setDocumentPHID($document->getPHID())
	->setDocumentVersion($document->getVersions());

	// If the user is logged in, show a notice that they haven't signed.
	// If they aren't logged in, we can't be as sure, so don't show
	// anything.
	if ($viewer->isLoggedIn()) {
	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_WARNING)
	->setErrors(
	array(
	pht('You have not signed this document yet.'),
	));
	}
	} else {
	$has_signed = true;
	$signature_data = $signature->getSignatureData();

	// In this case, we know they've signed.
	$signed_at = $signature->getDateCreated();

	if ($signature->getIsExemption()) {
	$exemption_phid = $signature->getExemptionPHID();
	$handles = $this->loadViewerHandles(array($exemption_phid));
	$exemption_handle = $handles[$exemption_phid];

	$signed_text = pht(
	'You do not need to sign this document. '.
	'%s added a signature exemption for you on %s.',
	$exemption_handle->renderLink(),
	phabricator_datetime($signed_at, $viewer));
	} else {
	$signed_text = pht(
	'You signed this document on %s.',
	phabricator_datetime($signed_at, $viewer));
	}

	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_NOTICE)
	->setErrors(array($signed_text));
	}

	$field_errors = array(
	'name' => true,
	'email' => true,
	'agree' => true,
	);
	$signature->setSignatureData($signature_data);
	break;

	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$signature = id(new LegalpadDocumentSignature())
	->setDocumentPHID($document->getPHID())
	->setDocumentVersion($document->getVersions());

	if ($viewer->isLoggedIn()) {
	$has_signed = false;

	$signed_status = null;
	} else {
	// This just hides the form.
	$has_signed = true;

	$login_text = pht(
	'This document requires a corporate signatory. You must log in to '.
	'accept this document on behalf of a company you represent.');
	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_WARNING)
	->setErrors(array($login_text));
	}

	$field_errors = array(
	'name' => true,
	'address' => true,
	'contact.name' => true,
	'email' => true,
	);
	$signature->setSignatureData($signature_data);
	break;
	}

	$errors = array();
	if ($request->isFormOrHisecPost() && !$has_signed) {

	// Require two-factor auth to sign legal documents.
	if ($viewer->isLoggedIn()) {
	$engine = new PhabricatorAuthSessionEngine();
	$engine->requireHighSecuritySession(
	$viewer,
	$request,
	'/'.$document->getMonogram());
	}

	list($form_data, $errors, $field_errors) = $this->readSignatureForm(
	$document,
	$request);

	$signature_data = $form_data + $signature_data;

	$signature->setSignatureData($signature_data);
	$signature->setSignatureType($document->getSignatureType());
	$signature->setSignerName((string)idx($signature_data, 'name'));
	$signature->setSignerEmail((string)idx($signature_data, 'email'));

	$agree = $request->getExists('agree');
	if (!$agree) {
	$errors[] = pht(
	'You must check "I agree to the terms laid forth above."');
	$field_errors['agree'] = pht('Required');
	}

	if ($viewer->isLoggedIn() && $is_individual) {
	$verified = LegalpadDocumentSignature::VERIFIED;
	} else {
	$verified = LegalpadDocumentSignature::UNVERIFIED;
	}
	$signature->setVerified($verified);

	if (!$errors) {
	$signature->save();

	// If the viewer is logged in, signing for themselves, send them to
	// the document page, which will show that they have signed the
	// document. Unless of course they were required to sign the
	// document to use Phabricator; in that case try really hard to
	// re-direct them to where they wanted to go.
	//
	// Otherwise, send them to a completion page.
	if ($viewer->isLoggedIn() && $is_individual) {
	$next_uri = '/'.$document->getMonogram();
	if ($document->getRequireSignature()) {
	$request_uri = $request->getRequestURI();
	$next_uri = (string) $request_uri;
	}
	} else {
	$this->sendVerifySignatureEmail(
	$document,
	$signature);

	$next_uri = $this->getApplicationURI('done/');
	}

	return id(new AphrontRedirectResponse())->setURI($next_uri);
	}
	}

	$document_body = $document->getDocumentBody();
	$engine = id(new PhabricatorMarkupEngine())
	->setViewer($viewer);
	$engine->addObject(
	$document_body,
	LegalpadDocumentBody::MARKUP_FIELD_TEXT);
	$engine->process();

	$document_markup = $engine->getOutput(
	$document_body,
	LegalpadDocumentBody::MARKUP_FIELD_TEXT);

	$title = $document_body->getTitle();

	$manage_uri = $this->getApplicationURI('view/'.$document->getID().'/');

	$can_edit = PhabricatorPolicyFilter::hasCapability(
	$viewer,
	$document,
	PhabricatorPolicyCapability::CAN_EDIT);

	$header = id(new PHUIHeaderView())
	->setHeader($title)
	->addActionLink(
	id(new PHUIButtonView())
	->setTag('a')
	->setIcon(
	id(new PHUIIconView())
	->setIconFont('fa-pencil'))
	->setText(pht('Manage Document'))
	->setHref($manage_uri)
	->setDisabled(!$can_edit)
	->setWorkflow(!$can_edit));

	$preamble = null;
	if (strlen($document->getPreamble())) {
	$preamble_text = PhabricatorMarkupEngine::renderOneObject(
	id(new PhabricatorMarkupOneOff())->setContent(
	$document->getPreamble()),
	'default',
	$viewer);

	$preamble = id(new PHUIPropertyListView())
	->addSectionHeader(pht('Preamble'))
	->addTextContent($preamble_text);
	}

	$content = id(new PHUIDocumentView())
	->addClass('legalpad')
	->setHeader($header)
	->setFontKit(PHUIDocumentView::FONT_SOURCE_SANS)
	->appendChild(
	array(
	$signed_status,
	$preamble,
	$document_markup,
	));

	if (!$has_signed) {
	$error_view = null;
	if ($errors) {
	$error_view = id(new PHUIInfoView())
	->setErrors($errors);
	}

	$signature_form = $this->buildSignatureForm(
	$document,
	$signature,
	$field_errors);

	switch ($document->getSignatureType()) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	$subheader = null;
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$subheader = id(new PHUIHeaderView())
	->setHeader(pht('Agree and Sign Document'))
	->setBleedHeader(true);
	break;
	}

	$content->appendChild(
	array(
	$subheader,
	$error_view,
	$signature_form,
	));
	}

	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->setBorder(true);
	$crumbs->addTextCrumb($document->getMonogram());

	return $this->buildApplicationPage(
	array(
	$crumbs,
	$content,
	),
	array(
	'title' => $title,
	'pageObjects' => array($document->getPHID()),
	));
	}

	private function readSignerInformation(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$viewer = $request->getUser();
	$signer_phid = null;
	$signature_data = array();

	switch ($document->getSignatureType()) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	if ($viewer->isLoggedIn()) {
	$signer_phid = $viewer->getPHID();
	$signature_data = array(
	'name' => $viewer->getRealName(),
	'email' => $viewer->loadPrimaryEmailAddress(),
	);
	} else if ($request->isFormPost()) {
	$email = new PhutilEmailAddress($request->getStr('email'));
	if (strlen($email->getDomainName())) {
	$email_obj = id(new PhabricatorUserEmail())
	->loadOneWhere('address = %s', $email->getAddress());
	if ($email_obj) {
	return $this->signInResponse();
	}
	$external_account = id(new PhabricatorExternalAccountQuery())
	->setViewer($viewer)
	->withAccountTypes(array('email'))
	->withAccountDomains(array($email->getDomainName()))
	->withAccountIDs(array($email->getAddress()))
	->loadOneOrCreate();
	if ($external_account->getUserPHID()) {
	return $this->signInResponse();
	}
	$signer_phid = $external_account->getPHID();
	}
	}
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$signer_phid = $viewer->getPHID();
	if ($signer_phid) {
	$signature_data = array(
	'contact.name' => $viewer->getRealName(),
	'email' => $viewer->loadPrimaryEmailAddress(),
	'actorPHID' => $viewer->getPHID(),
	);
	}
	break;
	}

	return array($signer_phid, $signature_data);
	}

	private function buildSignatureForm(
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$viewer = $this->getRequest()->getUser();
	$data = $signature->getSignatureData();

	$form = id(new AphrontFormView())
	->setUser($viewer);

	$signature_type = $document->getSignatureType();
	switch ($signature_type) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	// bail out of here quick
	return;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	$this->buildIndividualSignatureForm(
	$form,
	$document,
	$signature,
	$errors);
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$this->buildCorporateSignatureForm(
	$form,
	$document,
	$signature,
	$errors);
	break;
	default:
	throw new Exception(
	pht(
	'This document has an unknown signature type ("%s").',
	$signature_type));
	}

	$form
	->appendChild(
	id(new AphrontFormCheckboxControl())
	->setError(idx($errors, 'agree', null))
	->addCheckbox(
	'agree',
	'agree',
	pht('I agree to the terms laid forth above.'),
	false));
	if ($document->getRequireSignature()) {
	$cancel_uri = '/logout/';
	$cancel_text = pht('Log Out');
	} else {
	$cancel_uri = $this->getApplicationURI();
	$cancel_text = pht('Cancel');
	}
	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Sign Document'))
	->addCancelButton($cancel_uri, $cancel_text));

	return $form;
	}

	private function buildIndividualSignatureForm(
	AphrontFormView $form,
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$data = $signature->getSignatureData();

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Name'))
	->setValue(idx($data, 'name', ''))
	->setName('name')
	->setError(idx($errors, 'name', null)));

	$viewer = $this->getRequest()->getUser();
	if (!$viewer->isLoggedIn()) {
	$form->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Email'))
	->setValue(idx($data, 'email', ''))
	->setName('email')
	->setError(idx($errors, 'email', null)));
	}

	return $form;
	}

	private function buildCorporateSignatureForm(
	AphrontFormView $form,
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$data = $signature->getSignatureData();

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Company Name'))
	->setValue(idx($data, 'name', ''))
	->setName('name')
	->setError(idx($errors, 'name', null)))
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Company Address'))
	->setValue(idx($data, 'address', ''))
	->setName('address')
	->setError(idx($errors, 'address', null)))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Contact Name'))
	->setValue(idx($data, 'contact.name', ''))
	->setName('contact.name')
	->setError(idx($errors, 'contact.name', null)))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Contact Email'))
	->setValue(idx($data, 'email', ''))
	->setName('email')
	->setError(idx($errors, 'email', null)));

	return $form;
	}

	private function readSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$signature_type = $document->getSignatureType();
	switch ($signature_type) {
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	$result = $this->readIndividualSignatureForm(
	$document,
	$request);
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$result = $this->readCorporateSignatureForm(
	$document,
	$request);
	break;
	default:
	throw new Exception(
	pht(
	'This document has an unknown signature type ("%s").',
	$signature_type));
	}

	return $result;
	}

	private function readIndividualSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$signature_data = array();
	$errors = array();
	$field_errors = array();


	$name = $request->getStr('name');

	if (!strlen($name)) {
	$field_errors['name'] = pht('Required');
	$errors[] = pht('Name field is required.');
	} else {
	$field_errors['name'] = null;
	}
	$signature_data['name'] = $name;

	$viewer = $request->getUser();
	if ($viewer->isLoggedIn()) {
	$email = $viewer->loadPrimaryEmailAddress();
	} else {
	$email = $request->getStr('email');

	$addr_obj = null;
	if (!strlen($email)) {
	$field_errors['email'] = pht('Required');
	$errors[] = pht('Email field is required.');
	} else {
	$addr_obj = new PhutilEmailAddress($email);
	$domain = $addr_obj->getDomainName();
	if (!$domain) {
	$field_errors['email'] = pht('Invalid');
	$errors[] = pht('A valid email is required.');
	} else {
	$field_errors['email'] = null;
	}
	}
	}
	$signature_data['email'] = $email;

	return array($signature_data, $errors, $field_errors);
	}

	private function readCorporateSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$viewer = $request->getUser();
	if (!$viewer->isLoggedIn()) {
	throw new Exception(
	pht(
	'You can not sign a document on behalf of a corporation unless '.
	'you are logged in.'));
	}

	$signature_data = array();
	$errors = array();
	$field_errors = array();

	$name = $request->getStr('name');

	if (!strlen($name)) {
	$field_errors['name'] = pht('Required');
	$errors[] = pht('Company name is required.');
	} else {
	$field_errors['name'] = null;
	}
	$signature_data['name'] = $name;

	$address = $request->getStr('address');
	if (!strlen($address)) {
	$field_errors['address'] = pht('Required');
	$errors[] = pht('Company address is required.');
	} else {
	$field_errors['address'] = null;
	}
	$signature_data['address'] = $address;

	$contact_name = $request->getStr('contact.name');
	if (!strlen($contact_name)) {
	$field_errors['contact.name'] = pht('Required');
	$errors[] = pht('Contact name is required.');
	} else {
	$field_errors['contact.name'] = null;
	}
	$signature_data['contact.name'] = $contact_name;

	$email = $request->getStr('email');
	$addr_obj = null;
	if (!strlen($email)) {
	$field_errors['email'] = pht('Required');
	$errors[] = pht('Contact email is required.');
	} else {
	$addr_obj = new PhutilEmailAddress($email);
	$domain = $addr_obj->getDomainName();
	if (!$domain) {
	$field_errors['email'] = pht('Invalid');
	$errors[] = pht('A valid email is required.');
	} else {
	$field_errors['email'] = null;
	}
	}
	$signature_data['email'] = $email;

	return array($signature_data, $errors, $field_errors);
	}

	private function sendVerifySignatureEmail(
	LegalpadDocument $doc,
	LegalpadDocumentSignature $signature) {

	$signature_data = $signature->getSignatureData();
	$email = new PhutilEmailAddress($signature_data['email']);
	$doc_name = $doc->getTitle();
	$doc_link = PhabricatorEnv::getProductionURI('/'.$doc->getMonogram());
	$path = $this->getApplicationURI(sprintf(
	'/verify/%s/',
	$signature->getSecretKey()));
	$link = PhabricatorEnv::getProductionURI($path);

	$name = idx($signature_data, 'name');

	$body = <<<EOBODY
	{$name}:

	This email address was used to sign a Legalpad document in Phabricator:

	{$doc_name}

	Please verify you own this email address and accept the agreement by clicking
	this link:

	{$link}

	Your signature is not valid until you complete this verification step.

	You can review the document here:

	{$doc_link}

	EOBODY;

	id(new PhabricatorMetaMTAMail())
	->addRawTos(array($email->getAddress()))
	->setSubject(pht('[Legalpad] Signature Verification'))
	->setForceDelivery(true)
	->setBody($body)
	->setRelatedPHID($signature->getDocumentPHID())
	->saveAndSend();
	}

	private function signInResponse() {
	return id(new Aphront403Response())
	->setForbiddenText(pht(
	'The email address specified is associated with an account. '.
	'Please login to that account and sign this document again.'));
	}

	}
	diff --git a/src/docs/user/userguide/legalpad.diviner b/src/docs/user/userguide/legalpad.diviner
	index 0f94d6e6c7..0d235d61cc 100644
	--- a/src/docs/user/userguide/legalpad.diviner
	+++ b/src/docs/user/userguide/legalpad.diviner
	@@ -1,92 +1,131 @@
	@title Legalpad User Guide
	@group userguide

	Using Legalpad to track agreements and signatures on legal documents.

	-= Overview =
	+Overview
	+========

	Legalpad is a simple application for tracking signatures on legal agreements.
	You can add legal documents, users can sign them, and you can keep track of who
	has signed what.

	Right now, it is primarily useful for open source projects that have a
	Contributor License Agreement or a similar document which needs to be signed
	before changes can be accepted from contributors. In particular, it has
	integrations into Differential which can block changes from being accepted until
	the author has signed the required documents.

	NOTE: Legalpad is a basic application, and missing many of the features of more
	general document signing software. It may be useful to help you do things
	beyond track CLAs, but you should evaluate its capabilities carefully.

	-Requiring a CLA
	+Documents
	+=========
	+
	+The primary object in legalpad is the //Legalpad Document//, which represents
	+a written agreement, contract, policy, or other similar document.
	+
	+Most fields of a document are relatively straightforward, but some are unique
	+to the application:
	+
	+Who Should Sign? This field controls what kind of signatures the document
	+accepts. You can choose either Individuals (users will be prompted to sign
	+with their name), Corporations (users will be prompted to enter information
	+identifying the corporation they are signing on behalf of) or No One (for
	+policy documents or other documents which do not require a signature).
	+
	+Require Signature This field allows you to create a document which all of
	+your users must sign before they can use Phabricator, like a terms of service
	+document. See "Use Case: Terms of Service" below for details. These documents
	+must be signable by individuals.
	+
	+Use Case: Requiring a CLA
	===============

	Open source projects often require contributors to sign a license agreement
	before their contributions can be accepted to the project. To require a CLA or
	similar document for an open source project:

	- Create a CLA document in Legalpad.
	- Create a "Global" Herald rule which triggers "Always".
	- The rule should take the action "Require legal signatures", specifying
	your CLA document as the required document.

	After you've done this, all new reviews created in Differential by authors who
	have not signed the document will trigger a signature requirement. These reviews
	can not be accepted until the document has been signed.

	If the author has already signed all of the required documents, Herald will not
	take any actions. This reduces the amount of noise the CLA process generates for
	regular contributors.

	You can require more than one document (to require that they all be signed), if
	you have several agreements that contributors must sign.

	Alternatively, if you have several different sets of agreements for different
	projects, you can also choose a more narrow Herald condition than "Always" (for
	example, require a signature only if the revision is against certain
	repositories).

	-Document-Based Policies
	+Use Case: Terms of Service
	+=================================
	+
	+If you have a "Terms of Service" document that you'd like users to agree to
	+before they're allowed to use your install, you can add it to Legalpad and then
	+check the Require Signature box for the document.
	+
	+After logging in, users will need to agree to the document before they can
	+do other things with their account (you'll need to agree to it, too, as soon
	+as you save your changes, so that will give you a sense of the workflow).
	+
	+Note that although users who have not signed all of the required documents can
	+not use most Phabricator functions, they can browse other Legalpad documents
	+that they have permission to see. This allows a terms document to be
	+supplemented with additional policy or guideline documents that users are free
	+to review before agreeing to the terms.
	+
	+
	+Use Case: Document-Based Policies
	=======================

	If you have a document like an NDA, you can write a policy rule which prevents
	users from seeing content until they sign the document:

	- In any policy control ("Visible To", "Editable By"), choose "Custom Policy".
	- Add a rule like "Allow signers of legalpad documents: X".
	- Leave the default rule as "Deny all other users".
	- Save the policy.

	Users will now only be able to take the action (for example, view or edit the
	object) if they have signed the specified documents.


	Adding Exemptions
	=================

	If you have users who have signed an alternate form of a document (for example,
	you have a hard copy on file), or an equivalent document, or who are otherwise
	exempt from needing to sign a document in Legalpad, you can add a signature
	exemption for them.

	Other applications will treat users with a signature exemption as though they
	had signed the document, although the UI will show the signature as an exemption
	rather than a normal signature.

	To add an exemption, go to Manage Document, then View Signatures, then
	Add Signature Exemption.

	You can optionally add notes about why a user is exempt from signing a document.
	To review the notes later (and see who added the exemption), click the colored
	asterisk in the list view.


	Roadmap
	========

	You can find discussion about the Legalpad roadmap here:

	https://secure.phabricator.com/T5505

	If there are features you'd like to see, let us know.

File Metadata

Mime Type: text/x-diff
Expires: Tue, Jun 10, 6:00 PM (1 d, 16 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 140669
Default Alt Text: (27 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions