feat: migrate policy settings and footer workflow

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

eslint.config.mjs

@@ -3,11 +3,23 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
+import js from '@eslint/js'
+import { FlatCompat } from '@eslint/eslintrc'
 import nextcloudConfig from '@nextcloud/eslint-config'
-import globals from 'globals'
+import { dirname } from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+const compat = new FlatCompat({
+	baseDirectory: dirname(fileURLToPath(import.meta.url)),
+	recommendedConfig: js.configs.recommended,
+	allConfig: js.configs.all,
+})
+
+const compatConfigs = (Array.isArray(nextcloudConfig) ? nextcloudConfig : [nextcloudConfig])
+	.flatMap((config) => compat.config(config))
 
 export default [
-	...(Array.isArray(nextcloudConfig) ? nextcloudConfig : [nextcloudConfig]),
+	...compatConfigs,
 
 	{
 		name: 'libresign/ignores',

lib/Handler/FooterHandler.php

@@ -36,6 +36,7 @@ class FooterHandler {
 	private QrCode $qrCode;
 	/** @var array<string, mixed> */
 	private array $requestPolicyOverrides = [];
+	private ?string $templateOverride = null;
 	private ?bool $writeQrcodeOnFooterOverride = null;
 	private const MIN_QRCODE_SIZE = 100;
 	private const POINT_TO_MILIMETER = 0.3527777778;
@@ -129,6 +130,11 @@ public function setWriteQrcodeOnFooterOverride(?bool $value): self {
 		return $this;
 	}
 
+	public function setTemplateOverride(?string $template): self {
+		$this->templateOverride = $template;
+		return $this;
+	}
+
 	public function getEffectiveFooterPolicyAsJson(): string {
 		return (string)$this->policyService->resolve(FooterPolicy::KEY, $this->requestPolicyOverrides)->getEffectiveValue();
 	}
@@ -201,6 +207,10 @@ private function prepareTemplateVars(bool $forceEnabled = false): array {
 	}
 
 	public function getTemplate(): string {
+		if ($this->templateOverride !== null) {
+			return trim($this->templateOverride) !== '' ? $this->templateOverride : $this->getDefaultTemplate();
+		}
+
 		$footerPolicy = $this->resolveFooterPolicy();
 
 		if ($footerPolicy['customizeFooterTemplate']) {

lib/Middleware/InjectionMiddleware.php

@@ -29,6 +29,8 @@
 use OCA\Libresign\Middleware\Attribute\RequireSignerUuid;
 use OCA\Libresign\Middleware\Attribute\RequireSignRequestUuid;
 use OCA\Libresign\Service\FileAccessService;
+use OCA\Libresign\Service\Policy\PolicyService;
+use OCA\Libresign\Service\Policy\Provider\ValidationAccess\ValidationAccessPolicy;
 use OCA\Libresign\Service\SignFileService;
 use OCA\Libresign\Service\UuidResolverService;
 use OCP\AppFramework\Controller;
@@ -41,7 +43,6 @@
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Middleware;
 use OCP\AppFramework\Services\IInitialState;
-use OCP\IAppConfig;
 use OCP\IL10N;
 use OCP\IRequest;
 use OCP\ISession;
@@ -63,8 +64,8 @@ public function __construct(
 		private FileAccessService $fileAccessService,
 		private SignFileService $signFileService,
 		private UuidResolverService $uuidResolverService,
+		private PolicyService $policyService,
 		private IL10N $l10n,
-		private IAppConfig $appConfig,
 		private IURLGenerator $urlGenerator,
 		protected ?string $userId,
 	) {
@@ -114,7 +115,9 @@ private function privateValidation(\ReflectionMethod $reflectionMethod): void {
 		if ($this->userSession->isLoggedIn()) {
 			return;
 		}
-		$isValidationUrlPrivate = (bool)$this->appConfig->getValueBool(Application::APP_ID, 'make_validation_url_private', false);
+		$isValidationUrlPrivate = $this->policyService
+			->resolve(ValidationAccessPolicy::KEY)
+			->getEffectiveValueAsBool();
 		if (!$isValidationUrlPrivate) {
 			return;
 		}

lib/Service/FooterService.php

@@ -29,16 +29,19 @@ public function getTemplate(): string {
 		return $this->footerHandler->getTemplate();
 	}
 
+	public function getDefaultTemplate(): string {
+		return $this->footerHandler->getDefaultTemplate();
+	}
+
 	public function saveTemplate(string $template = ''): void {
-		$currentPolicy = $this->getEffectiveFooterPolicy();
-		$defaultTemplateFromPolicy = $currentPolicy['footerTemplate'];
+		$defaultTemplate = $this->footerHandler->getDefaultTemplate();
 
 		if (empty($template)) {
 			$this->syncFooterPolicyTemplate('', false);
 			return;
 		}
 
-		$isProvidedTemplateEqualsDefault = $template === $defaultTemplateFromPolicy;
+		$isProvidedTemplateEqualsDefault = $template === $defaultTemplate;
 
 		if ($isProvidedTemplateEqualsDefault) {
 			$this->syncFooterPolicyTemplate('', false);
@@ -68,10 +71,6 @@ private function getEffectiveFooterPolicy(): array {
 	}
 
 	public function renderPreviewPdf(string $template = '', int $width = 595, int $height = 50, ?bool $writeQrcodeOnFooter = null): string {
-		if (!empty($template)) {
-			$this->saveTemplate($template);
-		}
-
 		$previewUuid = sprintf(
 			'preview-%04x-%04x-%04x-%012x',
 			random_int(0, 0xffff),
@@ -81,6 +80,7 @@ public function renderPreviewPdf(string $template = '', int $width = 595, int $h
 		);
 
 		$handler = $this->footerHandler
+			->setTemplateOverride($template !== '' ? $template : null)
 			->setTemplateVar('uuid', $previewUuid)
 			->setTemplateVar('signers', [
 				[

lib/Service/Policy/Model/ResolvedPolicy.php

@@ -40,6 +40,31 @@ public function getEffectiveValue(): mixed {
 		return $this->effectiveValue;
 	}
 
+	public function getEffectiveValueAsBool(bool $default = false): bool {
+		if (is_bool($this->effectiveValue)) {
+			return $this->effectiveValue;
+		}
+
+		if ($this->effectiveValue === null) {
+			return $default;
+		}
+
+		if (is_int($this->effectiveValue)) {
+			return $this->effectiveValue !== 0;
+		}
+
+		if (is_float($this->effectiveValue)) {
+			return $this->effectiveValue !== 0.0;
+		}
+
+		if (is_string($this->effectiveValue)) {
+			$parsed = filter_var($this->effectiveValue, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+			return $parsed ?? $default;
+		}
+
+		return $default;
+	}
+
 	public function setInheritedValue(mixed $inheritedValue): self {
 		$this->inheritedValue = $inheritedValue;
 		return $this;

lib/Service/Policy/Provider/Footer/FooterPolicy.php

@@ -26,16 +26,15 @@ public function keys(): array {
 
 	#[\Override]
 	public function get(string|\BackedEnum $policyKey): IPolicyDefinition {
-		$instanceBaseTemplate = $this->resolveInstanceBaseTemplate();
 		return match ($this->normalizePolicyKey($policyKey)) {
 			self::KEY => new PolicySpec(
 				key: self::KEY,
-				defaultSystemValue: FooterPolicyValue::encode(FooterPolicyValue::defaults($instanceBaseTemplate)),
+				defaultSystemValue: FooterPolicyValue::encode(FooterPolicyValue::defaults()),
 				allowedValues: static fn (): array => [],
-				normalizer: function (mixed $rawValue) use ($instanceBaseTemplate): mixed {
-					return FooterPolicyValue::encode(FooterPolicyValue::normalize($rawValue, $instanceBaseTemplate));
+				normalizer: static function (mixed $rawValue): mixed {
+					return FooterPolicyValue::encode(FooterPolicyValue::normalize($rawValue));
 				},
-				validator: function (mixed $value, PolicyContext $context) use ($instanceBaseTemplate): void {
+				validator: static function (mixed $value, PolicyContext $context): void {
 					if (!is_string($value) || trim($value) === '') {
 						throw new \InvalidArgumentException('Invalid value for ' . self::KEY);
 					}
@@ -46,7 +45,7 @@ public function get(string|\BackedEnum $policyKey): IPolicyDefinition {
 					}
 
 					if (!self::canManageTechnicalFooterSettings($context)) {
-						$normalized = FooterPolicyValue::normalize($decoded, $instanceBaseTemplate);
+						$normalized = FooterPolicyValue::normalize($decoded);
 						if ($normalized['validationSite'] !== '') {
 							throw new \InvalidArgumentException('Validation URL override is not allowed for this actor');
 						}
@@ -72,11 +71,4 @@ private static function canManageTechnicalFooterSettings(PolicyContext $context)
 		return ($capabilities['canManageSystemPolicies'] ?? false) === true
 			|| ($capabilities['canManageGroupPolicies'] ?? false) === true;
 	}
-
-	private function resolveInstanceBaseTemplate(): string {
-		$defaultTemplatePath = __DIR__ . '/../../../../Handler/Templates/footer.twig';
-		$defaultTemplate = @file_get_contents($defaultTemplatePath);
-
-		return is_string($defaultTemplate) ? $defaultTemplate : '';
-	}
 }

lib/Service/Policy/Provider/PolicyProviders.php

@@ -15,7 +15,9 @@
 use OCA\Libresign\Service\Policy\Provider\IdentificationDocuments\IdentificationDocumentsPolicy;
 use OCA\Libresign\Service\Policy\Provider\RequestSignGroups\RequestSignGroupsPolicy;
 use OCA\Libresign\Service\Policy\Provider\Signature\SignatureFlowPolicy;
+use OCA\Libresign\Service\Policy\Provider\SignatureBackground\SignatureBackgroundPolicy;
 use OCA\Libresign\Service\Policy\Provider\SignatureText\SignatureTextPolicy;
+use OCA\Libresign\Service\Policy\Provider\ValidationAccess\ValidationAccessPolicy;
 
 final class PolicyProviders {
 	/** @var array<string, class-string> */
@@ -25,7 +27,9 @@ final class PolicyProviders {
 		FooterPolicy::KEY => FooterPolicy::class,
 		DocMdpPolicy::KEY => DocMdpPolicy::class,
 		RequestSignGroupsPolicy::KEY => RequestSignGroupsPolicy::class,
+		ValidationAccessPolicy::KEY => ValidationAccessPolicy::class,
 		SignatureFlowPolicy::KEY => SignatureFlowPolicy::class,
+		SignatureBackgroundPolicy::KEY => SignatureBackgroundPolicy::class,
 		IdentificationDocumentsPolicy::KEY => IdentificationDocumentsPolicy::class,
 		SignatureTextPolicy::KEY => SignatureTextPolicy::class,
 		SignatureTextPolicy::KEY_TEMPLATE => SignatureTextPolicy::class,

lib/Service/Policy/Provider/SignatureBackground/SignatureBackgroundPolicy.php

@@ -0,0 +1,64 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2026 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Service\Policy\Provider\SignatureBackground;
+
+use OCA\Libresign\Service\Policy\Contract\IPolicyDefinition;
+use OCA\Libresign\Service\Policy\Contract\IPolicyDefinitionProvider;
+use OCA\Libresign\Service\Policy\Model\PolicySpec;
+
+final class SignatureBackgroundPolicy implements IPolicyDefinitionProvider {
+	public const KEY = 'signature_background_type';
+	public const SYSTEM_APP_CONFIG_KEY = 'signature_background_type';
+
+	#[\Override]
+	public function keys(): array {
+		return [
+			self::KEY,
+		];
+	}
+
+	#[\Override]
+	public function get(string|\BackedEnum $policyKey): IPolicyDefinition {
+		return match ($this->normalizePolicyKey($policyKey)) {
+			self::KEY => new PolicySpec(
+				key: self::KEY,
+				defaultSystemValue: 'default',
+				allowedValues: [
+					'default',
+					'custom',
+					'deleted',
+				],
+				normalizer: static fn (mixed $rawValue): string => self::normalizeBackgroundType($rawValue),
+				appConfigKey: self::SYSTEM_APP_CONFIG_KEY,
+			),
+			default => throw new \InvalidArgumentException('Unknown policy key: ' . $this->normalizePolicyKey($policyKey)),
+		};
+	}
+
+	private static function normalizeBackgroundType(mixed $rawValue): string {
+		if (!is_string($rawValue)) {
+			return 'default';
+		}
+
+		$normalized = trim(strtolower($rawValue));
+		if (in_array($normalized, ['default', 'custom', 'deleted'], true)) {
+			return $normalized;
+		}
+
+		return 'default';
+	}
+
+	private function normalizePolicyKey(string|\BackedEnum $policyKey): string {
+		if ($policyKey instanceof \BackedEnum) {
+			return (string)$policyKey->value;
+		}
+
+		return $policyKey;
+	}
+}

lib/Service/Policy/Provider/ValidationAccess/ValidationAccessPolicy.php

@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2026 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Service\Policy\Provider\ValidationAccess;
+
+use OCA\Libresign\Service\Policy\Contract\IPolicyDefinition;
+use OCA\Libresign\Service\Policy\Contract\IPolicyDefinitionProvider;
+use OCA\Libresign\Service\Policy\Model\PolicySpec;
+
+final class ValidationAccessPolicy implements IPolicyDefinitionProvider {
+	public const KEY = 'make_validation_url_private';
+	public const SYSTEM_APP_CONFIG_KEY = 'make_validation_url_private';
+
+	#[\Override]
+	public function keys(): array {
+		return [
+			self::KEY,
+		];
+	}
+
+	#[\Override]
+	public function get(string|\BackedEnum $policyKey): IPolicyDefinition {
+		return match ($this->normalizePolicyKey($policyKey)) {
+			self::KEY => new PolicySpec(
+				key: self::KEY,
+				defaultSystemValue: false,
+				allowedValues: [
+					false,
+					true,
+				],
+				normalizer: static fn (mixed $rawValue): bool => filter_var($rawValue, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ?? false,
+				appConfigKey: self::SYSTEM_APP_CONFIG_KEY,
+			),
+			default => throw new \InvalidArgumentException('Unknown policy key: ' . $this->normalizePolicyKey($policyKey)),
+		};
+	}
+
+	private function normalizePolicyKey(string|\BackedEnum $policyKey): string {
+		if ($policyKey instanceof \BackedEnum) {
+			return (string)$policyKey->value;
+		}
+
+		return $policyKey;
+	}
+}

lib/Service/Policy/Runtime/PolicySource.php

@@ -544,7 +544,15 @@ public function saveSystemPolicy(string $policyKey, mixed $value, bool $allowChi
 		$defaultValue = $definition->normalizeValue($definition->defaultSystemValue());
 		$allowOverrideConfigKey = $this->getSystemAllowOverrideConfigKey($definition->getAppConfigKey());
 
-		if ($normalizedValue === $defaultValue) {
+		$valuesAreEqual = $normalizedValue === $defaultValue;
+		if (!$valuesAreEqual && is_string($normalizedValue) && is_string($defaultValue)) {
+			$d1 = json_decode($normalizedValue, true);
+			$d2 = json_decode($defaultValue, true);
+			if (is_array($d1) && is_array($d2)) {
+				$valuesAreEqual = $d1 === $d2;
+			}
+		}
+		if ($valuesAreEqual) {
 			if ($allowChildOverride) {
 				$this->writeSystemValue($definition->getAppConfigKey(), $normalizedValue);
 				$this->appConfig->setAppValueString($allowOverrideConfigKey, '1');