No OneTemporary
Actions

Size

38 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/resources/sql/autopatches/20190206.external.01.legalpad.sql b/resources/sql/autopatches/20190206.external.01.legalpad.sql
	new file mode 100644
	index 0000000000..8afa9dd9ff
	--- /dev/null
	+++ b/resources/sql/autopatches/20190206.external.01.legalpad.sql
	@@ -0,0 +1,2 @@
	+UPDATE {$NAMESPACE}_legalpad.legalpad_documentsignature
	+ SET signerPHID = NULL WHERE signerPHID LIKE 'PHID-XUSR-%';
	diff --git a/resources/sql/autopatches/20190206.external.02.email.sql b/resources/sql/autopatches/20190206.external.02.email.sql
	new file mode 100644
	index 0000000000..14f5f4791f
	--- /dev/null
	+++ b/resources/sql/autopatches/20190206.external.02.email.sql
	@@ -0,0 +1,2 @@
	+DELETE FROM {$NAMESPACE}_user.user_externalaccount
	+ WHERE accountType = 'email';
	diff --git a/src/applications/auth/query/PhabricatorExternalAccountQuery.php b/src/applications/auth/query/PhabricatorExternalAccountQuery.php
	index b34199ce60..c4a53c12f8 100644
	--- a/src/applications/auth/query/PhabricatorExternalAccountQuery.php
	+++ b/src/applications/auth/query/PhabricatorExternalAccountQuery.php
	@@ -1,202 +1,171 @@
	<?php

	/**
	* NOTE: When loading ExternalAccounts for use in an authentication context
	* (that is, you're going to act as the account or link identities or anything
	* like that) you should require CAN_EDIT capability even if you aren't actually
	* editing the ExternalAccount.
	*
	* ExternalAccounts have a permissive CAN_VIEW policy (like users) because they
	* interact directly with objects and can leave comments, sign documents, etc.
	* However, CAN_EDIT is restricted to users who own the accounts.
	*/
	final class PhabricatorExternalAccountQuery
	extends PhabricatorCursorPagedPolicyAwareQuery {

	private $ids;
	private $phids;
	private $accountTypes;
	private $accountDomains;
	private $accountIDs;
	private $userPHIDs;
	private $needImages;
	private $accountSecrets;

	public function withUserPHIDs(array $user_phids) {
	$this->userPHIDs = $user_phids;
	return $this;
	}

	public function withAccountIDs(array $account_ids) {
	$this->accountIDs = $account_ids;
	return $this;
	}

	public function withAccountDomains(array $account_domains) {
	$this->accountDomains = $account_domains;
	return $this;
	}

	public function withAccountTypes(array $account_types) {
	$this->accountTypes = $account_types;
	return $this;
	}

	public function withPHIDs(array $phids) {
	$this->phids = $phids;
	return $this;
	}

	public function withIDs($ids) {
	$this->ids = $ids;
	return $this;
	}

	public function withAccountSecrets(array $secrets) {
	$this->accountSecrets = $secrets;
	return $this;
	}

	public function needImages($need) {
	$this->needImages = $need;
	return $this;
	}

	public function newResultObject() {
	return new PhabricatorExternalAccount();
	}

	protected function loadPage() {
	return $this->loadStandardPage($this->newResultObject());
	}

	protected function willFilterPage(array $accounts) {
	if ($this->needImages) {
	$file_phids = mpull($accounts, 'getProfileImagePHID');
	$file_phids = array_filter($file_phids);

	if ($file_phids) {
	// NOTE: We use the omnipotent viewer here because these files are
	// usually created during registration and can't be associated with
	// the correct policies, since the relevant user account does not exist
	// yet. In effect, if you can see an ExternalAccount, you can see its
	// profile image.
	$files = id(new PhabricatorFileQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withPHIDs($file_phids)
	->execute();
	$files = mpull($files, null, 'getPHID');
	} else {
	$files = array();
	}

	$default_file = null;
	foreach ($accounts as $account) {
	$image_phid = $account->getProfileImagePHID();
	if ($image_phid && isset($files[$image_phid])) {
	$account->attachProfileImageFile($files[$image_phid]);
	} else {
	if ($default_file === null) {
	$default_file = PhabricatorFile::loadBuiltin(
	$this->getViewer(),
	'profile.png');
	}
	$account->attachProfileImageFile($default_file);
	}
	}
	}

	return $accounts;
	}

	protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
	$where = parent::buildWhereClauseParts($conn);

	if ($this->ids !== null) {
	$where[] = qsprintf(
	$conn,
	'id IN (%Ld)',
	$this->ids);
	}

	if ($this->phids !== null) {
	$where[] = qsprintf(
	$conn,
	'phid IN (%Ls)',
	$this->phids);
	}

	if ($this->accountTypes !== null) {
	$where[] = qsprintf(
	$conn,
	'accountType IN (%Ls)',
	$this->accountTypes);
	}

	if ($this->accountDomains !== null) {
	$where[] = qsprintf(
	$conn,
	'accountDomain IN (%Ls)',
	$this->accountDomains);
	}

	if ($this->accountIDs !== null) {
	$where[] = qsprintf(
	$conn,
	'accountID IN (%Ls)',
	$this->accountIDs);
	}

	if ($this->userPHIDs !== null) {
	$where[] = qsprintf(
	$conn,
	'userPHID IN (%Ls)',
	$this->userPHIDs);
	}

	if ($this->accountSecrets !== null) {
	$where[] = qsprintf(
	$conn,
	'accountSecret IN (%Ls)',
	$this->accountSecrets);
	}

	return $where;
	}

	public function getQueryApplicationClass() {
	return 'PhabricatorPeopleApplication';
	}

	- /**
	- * Attempts to find an external account and if none exists creates a new
	- * external account with a shiny new ID and PHID.
	- *
	- * NOTE: This function assumes the first item in various query parameters is
	- * the correct value to use in creating a new external account.
	- */
	- public function loadOneOrCreate() {
	- $account = $this->executeOne();
	- if (!$account) {
	- $account = new PhabricatorExternalAccount();
	- if ($this->accountIDs) {
	- $account->setAccountID(reset($this->accountIDs));
	- }
	- if ($this->accountTypes) {
	- $account->setAccountType(reset($this->accountTypes));
	- }
	- if ($this->accountDomains) {
	- $account->setAccountDomain(reset($this->accountDomains));
	- }
	- if ($this->accountSecrets) {
	- $account->setAccountSecret(reset($this->accountSecrets));
	- }
	- if ($this->userPHIDs) {
	- $account->setUserPHID(reset($this->userPHIDs));
	- }
	- $account->save();
	- }
	- return $account;
	- }
	-
	}
	diff --git a/src/applications/legalpad/controller/LegalpadDocumentSignController.php b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	index ab98c0bb78..f09d95af29 100644
	--- a/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	+++ b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	@@ -1,706 +1,696 @@
	<?php

	final class LegalpadDocumentSignController extends LegalpadController {

	public function shouldAllowPublic() {
	return true;
	}

	public function shouldAllowLegallyNonCompliantUsers() {
	return true;
	}

	public function handleRequest(AphrontRequest $request) {
	$viewer = $request->getUser();

	$document = id(new LegalpadDocumentQuery())
	->setViewer($viewer)
	->withIDs(array($request->getURIData('id')))
	->needDocumentBodies(true)
	->executeOne();
	if (!$document) {
	return new Aphront404Response();
	}

	$information = $this->readSignerInformation(
	$document,
	$request);
	if ($information instanceof AphrontResponse) {
	return $information;
	}
	list($signer_phid, $signature_data) = $information;

	$signature = null;

	$type_individual = LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL;
	$is_individual = ($document->getSignatureType() == $type_individual);
	switch ($document->getSignatureType()) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	// nothing to sign means this should be true
	$has_signed = true;
	// this is a status UI element
	$signed_status = null;
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	if ($signer_phid) {
	// TODO: This is odd and should probably be adjusted after
	// grey/external accounts work better, but use the omnipotent
	// viewer to check for a signature so we can pick up
	// anonymous/grey signatures.

	$signature = id(new LegalpadDocumentSignatureQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withDocumentPHIDs(array($document->getPHID()))
	->withSignerPHIDs(array($signer_phid))
	->executeOne();

	if ($signature && !$viewer->isLoggedIn()) {
	return $this->newDialog()
	->setTitle(pht('Already Signed'))
	->appendParagraph(pht('You have already signed this document!'))
	->addCancelButton('/'.$document->getMonogram(), pht('Okay'));
	}
	}

	$signed_status = null;
	if (!$signature) {
	$has_signed = false;
	$signature = id(new LegalpadDocumentSignature())
	->setSignerPHID($signer_phid)
	->setDocumentPHID($document->getPHID())
	->setDocumentVersion($document->getVersions());

	// If the user is logged in, show a notice that they haven't signed.
	// If they aren't logged in, we can't be as sure, so don't show
	// anything.
	if ($viewer->isLoggedIn()) {
	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_WARNING)
	->setErrors(
	array(
	pht('You have not signed this document yet.'),
	));
	}
	} else {
	$has_signed = true;
	$signature_data = $signature->getSignatureData();

	// In this case, we know they've signed.
	$signed_at = $signature->getDateCreated();

	if ($signature->getIsExemption()) {
	$exemption_phid = $signature->getExemptionPHID();
	$handles = $this->loadViewerHandles(array($exemption_phid));
	$exemption_handle = $handles[$exemption_phid];

	$signed_text = pht(
	'You do not need to sign this document. '.
	'%s added a signature exemption for you on %s.',
	$exemption_handle->renderLink(),
	phabricator_datetime($signed_at, $viewer));
	} else {
	$signed_text = pht(
	'You signed this document on %s.',
	phabricator_datetime($signed_at, $viewer));
	}

	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_NOTICE)
	->setErrors(array($signed_text));
	}

	$field_errors = array(
	'name' => true,
	'email' => true,
	'agree' => true,
	);
	$signature->setSignatureData($signature_data);
	break;

	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$signature = id(new LegalpadDocumentSignature())
	->setDocumentPHID($document->getPHID())
	->setDocumentVersion($document->getVersions());

	if ($viewer->isLoggedIn()) {
	$has_signed = false;

	$signed_status = null;
	} else {
	// This just hides the form.
	$has_signed = true;

	$login_text = pht(
	'This document requires a corporate signatory. You must log in to '.
	'accept this document on behalf of a company you represent.');
	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_WARNING)
	->setErrors(array($login_text));
	}

	$field_errors = array(
	'name' => true,
	'address' => true,
	'contact.name' => true,
	'email' => true,
	);
	$signature->setSignatureData($signature_data);
	break;
	}

	$errors = array();
	$hisec_token = null;
	if ($request->isFormOrHisecPost() && !$has_signed) {
	list($form_data, $errors, $field_errors) = $this->readSignatureForm(
	$document,
	$request);

	$signature_data = $form_data + $signature_data;

	$signature->setSignatureData($signature_data);
	$signature->setSignatureType($document->getSignatureType());
	$signature->setSignerName((string)idx($signature_data, 'name'));
	$signature->setSignerEmail((string)idx($signature_data, 'email'));

	$agree = $request->getExists('agree');
	if (!$agree) {
	$errors[] = pht(
	'You must check "I agree to the terms laid forth above."');
	$field_errors['agree'] = pht('Required');
	}

	if ($viewer->isLoggedIn() && $is_individual) {
	$verified = LegalpadDocumentSignature::VERIFIED;
	} else {
	$verified = LegalpadDocumentSignature::UNVERIFIED;
	}
	$signature->setVerified($verified);

	if (!$errors) {
	// Require MFA to sign legal documents.
	if ($viewer->isLoggedIn()) {
	$workflow_key = sprintf(
	'legalpad.sign(%s)',
	$document->getPHID());

	$hisec_token = id(new PhabricatorAuthSessionEngine())
	->setWorkflowKey($workflow_key)
	->requireHighSecurityToken(
	$viewer,
	$request,
	$document->getURI());
	}

	$signature->save();

	// If the viewer is logged in, signing for themselves, send them to
	// the document page, which will show that they have signed the
	// document. Unless of course they were required to sign the
	// document to use Phabricator; in that case try really hard to
	// re-direct them to where they wanted to go.
	//
	// Otherwise, send them to a completion page.
	if ($viewer->isLoggedIn() && $is_individual) {
	$next_uri = '/'.$document->getMonogram();
	if ($document->getRequireSignature()) {
	$request_uri = $request->getRequestURI();
	$next_uri = (string)$request_uri;
	}
	} else {
	$this->sendVerifySignatureEmail(
	$document,
	$signature);

	$next_uri = $this->getApplicationURI('done/');
	}

	return id(new AphrontRedirectResponse())->setURI($next_uri);
	}
	}

	$document_body = $document->getDocumentBody();
	$engine = id(new PhabricatorMarkupEngine())
	->setViewer($viewer);
	$engine->addObject(
	$document_body,
	LegalpadDocumentBody::MARKUP_FIELD_TEXT);
	$engine->process();

	$document_markup = $engine->getOutput(
	$document_body,
	LegalpadDocumentBody::MARKUP_FIELD_TEXT);

	$title = $document_body->getTitle();

	$manage_uri = $this->getApplicationURI('view/'.$document->getID().'/');

	$can_edit = PhabricatorPolicyFilter::hasCapability(
	$viewer,
	$document,
	PhabricatorPolicyCapability::CAN_EDIT);

	// Use the last content update as the modified date. We don't want to
	// show that a document like a TOS was "updated" by an incidental change
	// to a field like the preamble or privacy settings which does not actually
	// affect the content of the agreement.
	$content_updated = $document_body->getDateCreated();

	// NOTE: We're avoiding `setPolicyObject()` here so we don't pick up
	// extra UI elements that are unnecessary and clutter the signature page.
	// These details are available on the "Manage" page.
	$header = id(new PHUIHeaderView())
	->setHeader($title)
	->setUser($viewer)
	->setEpoch($content_updated)
	->addActionLink(
	id(new PHUIButtonView())
	->setTag('a')
	->setIcon('fa-pencil')
	->setText(pht('Manage'))
	->setHref($manage_uri)
	->setDisabled(!$can_edit)
	->setWorkflow(!$can_edit));

	$preamble_box = null;
	if (strlen($document->getPreamble())) {
	$preamble_text = new PHUIRemarkupView($viewer, $document->getPreamble());

	// NOTE: We're avoiding `setObject()` here so we don't pick up extra UI
	// elements like "Subscribers". This information is available on the
	// "Manage" page, but just clutters up the "Signature" page.
	$preamble = id(new PHUIPropertyListView())
	->setUser($viewer)
	->addSectionHeader(pht('Preamble'))
	->addTextContent($preamble_text);

	$preamble_box = new PHUIPropertyGroupView();
	$preamble_box->addPropertyList($preamble);
	}

	$content = id(new PHUIDocumentView())
	->addClass('legalpad')
	->setHeader($header)
	->appendChild(
	array(
	$signed_status,
	$preamble_box,
	$document_markup,
	));

	$signature_box = null;
	if (!$has_signed) {
	$error_view = null;
	if ($errors) {
	$error_view = id(new PHUIInfoView())
	->setErrors($errors);
	}

	$signature_form = $this->buildSignatureForm(
	$document,
	$signature,
	$field_errors);

	switch ($document->getSignatureType()) {
	default:
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$box = id(new PHUIObjectBoxView())
	->addClass('document-sign-box')
	->setHeaderText(pht('Agree and Sign Document'))
	->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
	->setForm($signature_form);
	if ($error_view) {
	$box->setInfoView($error_view);
	}
	$signature_box = phutil_tag_div(
	'phui-document-view-pro-box plt', $box);
	break;
	}


	}

	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->setBorder(true);
	$crumbs->addTextCrumb($document->getMonogram());

	$box = id(new PHUITwoColumnView())
	->setFooter($signature_box);

	return $this->newPage()
	->setTitle($title)
	->setCrumbs($crumbs)
	->setPageObjectPHIDs(array($document->getPHID()))
	->appendChild(array(
	$content,
	$box,
	));
	}

	private function readSignerInformation(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$viewer = $request->getUser();
	$signer_phid = null;
	$signature_data = array();

	switch ($document->getSignatureType()) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	if ($viewer->isLoggedIn()) {
	$signer_phid = $viewer->getPHID();
	$signature_data = array(
	'name' => $viewer->getRealName(),
	'email' => $viewer->loadPrimaryEmailAddress(),
	);
	} else if ($request->isFormPost()) {
	$email = new PhutilEmailAddress($request->getStr('email'));
	if (strlen($email->getDomainName())) {
	$email_obj = id(new PhabricatorUserEmail())
	->loadOneWhere('address = %s', $email->getAddress());
	if ($email_obj) {
	return $this->signInResponse();
	}
	- $external_account = id(new PhabricatorExternalAccountQuery())
	- ->setViewer($viewer)
	- ->withAccountTypes(array('email'))
	- ->withAccountDomains(array($email->getDomainName()))
	- ->withAccountIDs(array($email->getAddress()))
	- ->loadOneOrCreate();
	- if ($external_account->getUserPHID()) {
	- return $this->signInResponse();
	- }
	- $signer_phid = $external_account->getPHID();
	}
	}
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$signer_phid = $viewer->getPHID();
	if ($signer_phid) {
	$signature_data = array(
	'contact.name' => $viewer->getRealName(),
	'email' => $viewer->loadPrimaryEmailAddress(),
	'actorPHID' => $viewer->getPHID(),
	);
	}
	break;
	}

	return array($signer_phid, $signature_data);
	}

	private function buildSignatureForm(
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$viewer = $this->getRequest()->getUser();
	$data = $signature->getSignatureData();

	$form = id(new AphrontFormView())
	->setUser($viewer);

	$signature_type = $document->getSignatureType();
	switch ($signature_type) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	// bail out of here quick
	return;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	$this->buildIndividualSignatureForm(
	$form,
	$document,
	$signature,
	$errors);
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$this->buildCorporateSignatureForm(
	$form,
	$document,
	$signature,
	$errors);
	break;
	default:
	throw new Exception(
	pht(
	'This document has an unknown signature type ("%s").',
	$signature_type));
	}

	$form
	->appendChild(
	id(new AphrontFormCheckboxControl())
	->setError(idx($errors, 'agree', null))
	->addCheckbox(
	'agree',
	'agree',
	pht('I agree to the terms laid forth above.'),
	false));
	if ($document->getRequireSignature()) {
	$cancel_uri = '/logout/';
	$cancel_text = pht('Log Out');
	} else {
	$cancel_uri = $this->getApplicationURI();
	$cancel_text = pht('Cancel');
	}
	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Sign Document'))
	->addCancelButton($cancel_uri, $cancel_text));

	return $form;
	}

	private function buildIndividualSignatureForm(
	AphrontFormView $form,
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$data = $signature->getSignatureData();

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Name'))
	->setValue(idx($data, 'name', ''))
	->setName('name')
	->setError(idx($errors, 'name', null)));

	$viewer = $this->getRequest()->getUser();
	if (!$viewer->isLoggedIn()) {
	$form->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Email'))
	->setValue(idx($data, 'email', ''))
	->setName('email')
	->setError(idx($errors, 'email', null)));
	}

	return $form;
	}

	private function buildCorporateSignatureForm(
	AphrontFormView $form,
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$data = $signature->getSignatureData();

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Company Name'))
	->setValue(idx($data, 'name', ''))
	->setName('name')
	->setError(idx($errors, 'name', null)))
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Company Address'))
	->setValue(idx($data, 'address', ''))
	->setName('address')
	->setError(idx($errors, 'address', null)))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Contact Name'))
	->setValue(idx($data, 'contact.name', ''))
	->setName('contact.name')
	->setError(idx($errors, 'contact.name', null)))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Contact Email'))
	->setValue(idx($data, 'email', ''))
	->setName('email')
	->setError(idx($errors, 'email', null)));

	return $form;
	}

	private function readSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$signature_type = $document->getSignatureType();
	switch ($signature_type) {
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	$result = $this->readIndividualSignatureForm(
	$document,
	$request);
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$result = $this->readCorporateSignatureForm(
	$document,
	$request);
	break;
	default:
	throw new Exception(
	pht(
	'This document has an unknown signature type ("%s").',
	$signature_type));
	}

	return $result;
	}

	private function readIndividualSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$signature_data = array();
	$errors = array();
	$field_errors = array();


	$name = $request->getStr('name');

	if (!strlen($name)) {
	$field_errors['name'] = pht('Required');
	$errors[] = pht('Name field is required.');
	} else {
	$field_errors['name'] = null;
	}
	$signature_data['name'] = $name;

	$viewer = $request->getUser();
	if ($viewer->isLoggedIn()) {
	$email = $viewer->loadPrimaryEmailAddress();
	} else {
	$email = $request->getStr('email');

	$addr_obj = null;
	if (!strlen($email)) {
	$field_errors['email'] = pht('Required');
	$errors[] = pht('Email field is required.');
	} else {
	$addr_obj = new PhutilEmailAddress($email);
	$domain = $addr_obj->getDomainName();
	if (!$domain) {
	$field_errors['email'] = pht('Invalid');
	$errors[] = pht('A valid email is required.');
	} else {
	$field_errors['email'] = null;
	}
	}
	}
	$signature_data['email'] = $email;

	return array($signature_data, $errors, $field_errors);
	}

	private function readCorporateSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$viewer = $request->getUser();
	if (!$viewer->isLoggedIn()) {
	throw new Exception(
	pht(
	'You can not sign a document on behalf of a corporation unless '.
	'you are logged in.'));
	}

	$signature_data = array();
	$errors = array();
	$field_errors = array();

	$name = $request->getStr('name');

	if (!strlen($name)) {
	$field_errors['name'] = pht('Required');
	$errors[] = pht('Company name is required.');
	} else {
	$field_errors['name'] = null;
	}
	$signature_data['name'] = $name;

	$address = $request->getStr('address');
	if (!strlen($address)) {
	$field_errors['address'] = pht('Required');
	$errors[] = pht('Company address is required.');
	} else {
	$field_errors['address'] = null;
	}
	$signature_data['address'] = $address;

	$contact_name = $request->getStr('contact.name');
	if (!strlen($contact_name)) {
	$field_errors['contact.name'] = pht('Required');
	$errors[] = pht('Contact name is required.');
	} else {
	$field_errors['contact.name'] = null;
	}
	$signature_data['contact.name'] = $contact_name;

	$email = $request->getStr('email');
	$addr_obj = null;
	if (!strlen($email)) {
	$field_errors['email'] = pht('Required');
	$errors[] = pht('Contact email is required.');
	} else {
	$addr_obj = new PhutilEmailAddress($email);
	$domain = $addr_obj->getDomainName();
	if (!$domain) {
	$field_errors['email'] = pht('Invalid');
	$errors[] = pht('A valid email is required.');
	} else {
	$field_errors['email'] = null;
	}
	}
	$signature_data['email'] = $email;

	return array($signature_data, $errors, $field_errors);
	}

	private function sendVerifySignatureEmail(
	LegalpadDocument $doc,
	LegalpadDocumentSignature $signature) {

	$signature_data = $signature->getSignatureData();
	$email = new PhutilEmailAddress($signature_data['email']);
	$doc_name = $doc->getTitle();
	$doc_link = PhabricatorEnv::getProductionURI('/'.$doc->getMonogram());
	$path = $this->getApplicationURI(sprintf(
	'/verify/%s/',
	$signature->getSecretKey()));
	$link = PhabricatorEnv::getProductionURI($path);

	$name = idx($signature_data, 'name');

	$body = pht(
	"%s:\n\n".
	"This email address was used to sign a Legalpad document ".
	"in Phabricator:\n\n".
	" %s\n\n".
	"Please verify you own this email address and accept the ".
	"agreement by clicking this link:\n\n".
	" %s\n\n".
	"Your signature is not valid until you complete this ".
	"verification step.\n\nYou can review the document here:\n\n".
	" %s\n",
	$name,
	$doc_name,
	$link,
	$doc_link);

	id(new PhabricatorMetaMTAMail())
	->addRawTos(array($email->getAddress()))
	->setSubject(pht('[Legalpad] Signature Verification'))
	->setForceDelivery(true)
	->setBody($body)
	->setRelatedPHID($signature->getDocumentPHID())
	->saveAndSend();
	}

	private function signInResponse() {
	return id(new Aphront403Response())
	->setForbiddenText(
	pht(
	'The email address specified is associated with an account. '.
	'Please login to that account and sign this document again.'));
	}

	}
	diff --git a/src/applications/legalpad/query/LegalpadDocumentSignatureSearchEngine.php b/src/applications/legalpad/query/LegalpadDocumentSignatureSearchEngine.php
	index 9df8d2478d..ea14fd4a2f 100644
	--- a/src/applications/legalpad/query/LegalpadDocumentSignatureSearchEngine.php
	+++ b/src/applications/legalpad/query/LegalpadDocumentSignatureSearchEngine.php
	@@ -1,315 +1,315 @@
	<?php

	final class LegalpadDocumentSignatureSearchEngine
	extends PhabricatorApplicationSearchEngine {

	private $document;

	public function getResultTypeDescription() {
	return pht('Legalpad Signatures');
	}

	public function getApplicationClassName() {
	return 'PhabricatorLegalpadApplication';
	}

	public function setDocument(LegalpadDocument $document) {
	$this->document = $document;
	return $this;
	}

	public function buildSavedQueryFromRequest(AphrontRequest $request) {
	$saved = new PhabricatorSavedQuery();

	$saved->setParameter(
	'signerPHIDs',
	$this->readUsersFromRequest($request, 'signers'));

	$saved->setParameter(
	'documentPHIDs',
	$this->readPHIDsFromRequest(
	$request,
	'documents',
	array(
	PhabricatorLegalpadDocumentPHIDType::TYPECONST,
	)));

	$saved->setParameter('nameContains', $request->getStr('nameContains'));
	$saved->setParameter('emailContains', $request->getStr('emailContains'));

	return $saved;
	}

	public function buildQueryFromSavedQuery(PhabricatorSavedQuery $saved) {
	$query = id(new LegalpadDocumentSignatureQuery());

	$signer_phids = $saved->getParameter('signerPHIDs', array());
	if ($signer_phids) {
	$query->withSignerPHIDs($signer_phids);
	}

	if ($this->document) {
	$query->withDocumentPHIDs(array($this->document->getPHID()));
	} else {
	$document_phids = $saved->getParameter('documentPHIDs', array());
	if ($document_phids) {
	$query->withDocumentPHIDs($document_phids);
	}
	}

	$name_contains = $saved->getParameter('nameContains');
	if (strlen($name_contains)) {
	$query->withNameContains($name_contains);
	}

	$email_contains = $saved->getParameter('emailContains');
	if (strlen($email_contains)) {
	$query->withEmailContains($email_contains);
	}

	return $query;
	}

	public function buildSearchForm(
	AphrontFormView $form,
	PhabricatorSavedQuery $saved_query) {

	$document_phids = $saved_query->getParameter('documentPHIDs', array());
	$signer_phids = $saved_query->getParameter('signerPHIDs', array());

	if (!$this->document) {
	$form
	->appendControl(
	id(new AphrontFormTokenizerControl())
	->setDatasource(new LegalpadDocumentDatasource())
	->setName('documents')
	->setLabel(pht('Documents'))
	->setValue($document_phids));
	}

	$name_contains = $saved_query->getParameter('nameContains', '');
	$email_contains = $saved_query->getParameter('emailContains', '');

	$form
	->appendControl(
	id(new AphrontFormTokenizerControl())
	->setDatasource(new PhabricatorPeopleDatasource())
	->setName('signers')
	->setLabel(pht('Signers'))
	->setValue($signer_phids))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Name Contains'))
	->setName('nameContains')
	->setValue($name_contains))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Email Contains'))
	->setName('emailContains')
	->setValue($email_contains));
	}

	protected function getURI($path) {
	if ($this->document) {
	return '/legalpad/signatures/'.$this->document->getID().'/'.$path;
	} else {
	return '/legalpad/signatures/'.$path;
	}
	}

	protected function getBuiltinQueryNames() {
	$names = array(
	'all' => pht('All Signatures'),
	);

	return $names;
	}

	public function buildSavedQueryFromBuiltin($query_key) {

	$query = $this->newSavedQuery();
	$query->setQueryKey($query_key);

	switch ($query_key) {
	case 'all':
	return $query;
	}

	return parent::buildSavedQueryFromBuiltin($query_key);
	}

	protected function getRequiredHandlePHIDsForResultList(
	array $signatures,
	PhabricatorSavedQuery $query) {

	return array_merge(
	mpull($signatures, 'getSignerPHID'),
	mpull($signatures, 'getDocumentPHID'));
	}

	protected function renderResultList(
	array $signatures,
	PhabricatorSavedQuery $query,
	array $handles) {
	assert_instances_of($signatures, 'LegalpadDocumentSignature');

	$viewer = $this->requireViewer();

	Javelin::initBehavior('phabricator-tooltips');

	$sig_good = $this->renderIcon(
	'fa-check',
	null,
	pht('Verified, Current'));

	$sig_corp = $this->renderIcon(
	'fa-building-o',
	null,
	pht('Verified, Corporate'));

	$sig_old = $this->renderIcon(
	'fa-clock-o',
	'orange',
	pht('Signed Older Version'));

	$sig_unverified = $this->renderIcon(
	'fa-envelope',
	'red',
	pht('Unverified Email'));

	$sig_exemption = $this->renderIcon(
	'fa-asterisk',
	'indigo',
	pht('Exemption'));

	id(new PHUIIconView())
	->setIcon('fa-envelope', 'red')
	->addSigil('has-tooltip')
	->setMetadata(array('tip' => pht('Unverified Email')));

	$type_corporate = LegalpadDocument::SIGNATURE_TYPE_CORPORATION;

	$rows = array();
	foreach ($signatures as $signature) {
	$name = $signature->getSignerName();
	$email = $signature->getSignerEmail();

	$document = $signature->getDocument();

	if ($signature->getIsExemption()) {
	$sig_icon = $sig_exemption;
	} else if (!$signature->isVerified()) {
	$sig_icon = $sig_unverified;
	} else if ($signature->getDocumentVersion() != $document->getVersions()) {
	$sig_icon = $sig_old;
	} else if ($signature->getSignatureType() == $type_corporate) {
	$sig_icon = $sig_corp;
	} else {
	$sig_icon = $sig_good;
	}

	$signature_href = $this->getApplicationURI(
	'signature/'.$signature->getID().'/');

	$sig_icon = javelin_tag(
	'a',
	array(
	'href' => $signature_href,
	'sigil' => 'workflow',
	),
	$sig_icon);

	$signer_phid = $signature->getSignerPHID();

	$rows[] = array(
	$sig_icon,
	$handles[$document->getPHID()]->renderLink(),
	$signer_phid
	? $handles[$signer_phid]->renderLink()
	- : null,
	+ : phutil_tag('em', array(), pht('None')),
	$name,
	phutil_tag(
	'a',
	array(
	'href' => 'mailto:'.$email,
	),
	$email),
	phabricator_datetime($signature->getDateCreated(), $viewer),
	);
	}

	$table = id(new AphrontTableView($rows))
	->setNoDataString(pht('No signatures match the query.'))
	->setHeaders(
	array(
	'',
	pht('Document'),
	pht('Account'),
	pht('Name'),
	pht('Email'),
	pht('Signed'),
	))
	->setColumnVisibility(
	array(
	true,

	// Only show the "Document" column if we aren't scoped to a
	// particular document.
	!$this->document,
	))
	->setColumnClasses(
	array(
	'',
	'',
	'',
	'',
	'wide',
	'right',
	));

	$button = null;
	if ($this->document) {
	$document_id = $this->document->getID();

	$button = id(new PHUIButtonView())
	->setText(pht('Add Exemption'))
	->setTag('a')
	->setHref($this->getApplicationURI('addsignature/'.$document_id.'/'))
	->setWorkflow(true)
	->setIcon('fa-pencil');
	}

	if (!$this->document) {
	$table->setNotice(
	pht('NOTE: You can only see your own signatures and signatures on '.
	'documents you have permission to edit.'));
	}

	$result = new PhabricatorApplicationSearchResultView();
	$result->setTable($table);
	if ($button) {
	$result->addAction($button);
	}

	return $result;

	}

	private function renderIcon($icon, $color, $title) {
	Javelin::initBehavior('phabricator-tooltips');

	return array(
	id(new PHUIIconView())
	->setIcon($icon, $color)
	->addSigil('has-tooltip')
	->setMetadata(array('tip' => $title)),
	javelin_tag(
	'span',
	array(
	'aural' => true,
	),
	$title),
	);
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Tue, Dec 2, 6:08 AM (21 h, 44 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 431680
Default Alt Text: (38 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions