[stable31] feat: docmdp per file

lib/Db/File.php

@@ -41,6 +41,8 @@
  * @method int getModificationStatus()
  * @method void setSignatureFlow(int $signatureFlow)
  * @method int getSignatureFlow()
+ * @method void setDocmdpLevel(int $docmdpLevel)
+ * @method int getDocmdpLevel()
  */
 class File extends Entity {
 	protected int $nodeId = 0;
@@ -56,6 +58,7 @@ class File extends Entity {
 	protected ?array $metadata = null;
 	protected int $modificationStatus = 0;
 	protected int $signatureFlow = SignatureFlow::NUMERIC_PARALLEL;
+	protected int $docmdpLevel = 0;
 	public const STATUS_NOT_LIBRESIGN_FILE = -1;
 	public const STATUS_DRAFT = 0;
 	public const STATUS_ABLE_TO_SIGN = 1;
@@ -83,6 +86,7 @@ public function __construct() {
 		$this->addType('metadata', Types::JSON);
 		$this->addType('modificationStatus', Types::SMALLINT);
 		$this->addType('signatureFlow', Types::SMALLINT);
+		$this->addType('docmdpLevel', Types::SMALLINT);
 	}
 
 	public function isDeletedAccount(): bool {
@@ -102,4 +106,12 @@ public function getSignatureFlowEnum(): \OCA\Libresign\Enum\SignatureFlow {
 	public function setSignatureFlowEnum(\OCA\Libresign\Enum\SignatureFlow $flow): void {
 		$this->setSignatureFlow($flow->toNumeric());
 	}
+
+	public function getDocmdpLevelEnum(): \OCA\Libresign\Enum\DocMdpLevel {
+		return \OCA\Libresign\Enum\DocMdpLevel::tryFrom($this->docmdpLevel) ?? \OCA\Libresign\Enum\DocMdpLevel::NOT_CERTIFIED;
+	}
+
+	public function setDocmdpLevelEnum(\OCA\Libresign\Enum\DocMdpLevel $level): void {
+		$this->setDocmdpLevel($level->value);
+	}
 }

lib/Db/SignRequestMapper.php

@@ -501,6 +501,7 @@ private function getFilesAssociatedFilesWithMeQueryBuilder(string $userId, array
 				'f.metadata',
 				'f.created_at',
 				'f.signature_flow',
+				'f.docmdp_level',
 			)
 				->groupBy(
 					'f.id',
@@ -512,6 +513,7 @@ private function getFilesAssociatedFilesWithMeQueryBuilder(string $userId, array
 					'f.status',
 					'f.created_at',
 					'f.signature_flow',
+					'f.docmdp_level',
 				);
 			// metadata is a json column, the right way is to use f.metadata::text
 			// when the database is PostgreSQL. The problem is that the command
@@ -623,12 +625,14 @@ private function formatListRow(array $row): array {
 
 		$row['name'] = $this->removeExtensionFromName($row['name'], $row['metadata']);
 		$row['signatureFlow'] = SignatureFlow::fromNumeric((int)($row['signature_flow']))->value;
+		$row['docmdpLevel'] = (int)($row['docmdp_level'] ?? 0);
 
 		unset(
 			$row['user_id'],
 			$row['node_id'],
 			$row['signed_node_id'],
 			$row['signature_flow'],
+			$row['docmdp_level'],
 		);
 		return $row;
 	}

lib/Migration/Version15001Date20251214000000.php

@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\Types;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+/**
+ * Add DocMDP level support per file
+ * - Adds 'docmdp_level' column to libresign_file table to store DocMDP certification level per file
+ */
+class Version15001Date20251214000000 extends SimpleMigrationStep {
+	/**
+	 * @param IOutput $output
+	 * @param Closure(): ISchemaWrapper $schemaClosure
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	#[\Override]
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		if ($schema->hasTable('libresign_file')) {
+			$tableFile = $schema->getTable('libresign_file');
+			if (!$tableFile->hasColumn('docmdp_level')) {
+				$tableFile->addColumn('docmdp_level', Types::SMALLINT, [
+					'notnull' => true,
+					'default' => 0,
+					'comment' => 'DocMDP permission level for this file: 0=none, 1=no changes, 2=form fill, 3=form fill + annotations',
+				]);
+			}
+		}
+
+		return $schema;
+	}
+}

lib/ResponseDefinitions.php

@@ -187,6 +187,7 @@
  *     statusText: string,
  *     nodeId: non-negative-int,
  *     signatureFlow: int,
+ *     docmdpLevel: int,
  *     totalPages: non-negative-int,
  *     size: non-negative-int,
  *     pdfVersion: string,

lib/Service/FileService.php

@@ -712,6 +712,7 @@ private function loadLibreSignData(): void {
 		$this->fileData->statusText = $this->fileMapper->getTextOfStatus($this->file->getStatus());
 		$this->fileData->nodeId = $this->file->getNodeId();
 		$this->fileData->signatureFlow = $this->file->getSignatureFlow();
+		$this->fileData->docmdpLevel = $this->file->getDocmdpLevel();
 
 		$this->fileData->requested_by = [
 			'userId' => $this->file->getUserId(),

lib/Service/RequestSignatureService.php

@@ -56,6 +56,7 @@ public function __construct(
 		protected IEventDispatcher $eventDispatcher,
 		protected FileStatusService $fileStatusService,
 		protected SignRequestStatusService $signRequestStatusService,
+		protected DocMdpConfigService $docMdpConfigService,
 	) {
 	}
 
@@ -128,6 +129,8 @@ public function saveFile(array $data): FileEntity {
 			$this->setSignatureFlowFromGlobalConfig($file);
 		}
 
+		$this->setDocMdpLevelFromGlobalConfig($file);
+
 		$this->fileMapper->insert($file);
 		return $file;
 	}
@@ -138,6 +141,13 @@ private function setSignatureFlowFromGlobalConfig(FileEntity $file): void {
 		$file->setSignatureFlowEnum($globalFlow);
 	}
 
+	private function setDocMdpLevelFromGlobalConfig(FileEntity $file): void {
+		if ($this->docMdpConfigService->isEnabled()) {
+			$docmdpLevel = $this->docMdpConfigService->getLevel();
+			$file->setDocmdpLevelEnum($docmdpLevel);
+		}
+	}
+
 	private function getFileMetadata(\OCP\Files\Node $node): array {
 		$metadata = [];
 		if ($extension = strtolower($node->getExtension())) {

lib/Service/SignFileService.php

@@ -338,17 +338,28 @@ public function sign(): File {
 	 * @throws LibresignException If the document has DocMDP level 1 (no changes allowed)
 	 */
 	protected function validateDocMdpAllowsSignatures(): void {
-		$resource = $this->getLibreSignFileAsResource();
+		$docmdpLevel = $this->libreSignFile->getDocmdpLevelEnum();
 
-		try {
-			if (!$this->docMdpHandler->allowsAdditionalSignatures($resource)) {
-				throw new LibresignException(
-					$this->l10n->t('This document has been certified with no changes allowed, so no additional signatures can be added.'),
-					AppFrameworkHttp::STATUS_UNPROCESSABLE_ENTITY
-				);
+		if ($docmdpLevel === \OCA\Libresign\Enum\DocMdpLevel::CERTIFIED_NO_CHANGES_ALLOWED) {
+			throw new LibresignException(
+				$this->l10n->t('This document has been certified with no changes allowed. You cannot add more signers to this document.'),
+				AppFrameworkHttp::STATUS_UNPROCESSABLE_ENTITY
+			);
+		}
+
+		if ($docmdpLevel === \OCA\Libresign\Enum\DocMdpLevel::NOT_CERTIFIED) {
+			$resource = $this->getLibreSignFileAsResource();
+
+			try {
+				if (!$this->docMdpHandler->allowsAdditionalSignatures($resource)) {
+					throw new LibresignException(
+						$this->l10n->t('This document has been certified with no changes allowed. You cannot add more signers to this document.'),
+						AppFrameworkHttp::STATUS_UNPROCESSABLE_ENTITY
+					);
+				}
+			} finally {
+				fclose($resource);
 			}
-		} finally {
-			fclose($resource);
 		}
 	}
 

openapi-full.json

@@ -1013,6 +1013,7 @@
                     "statusText",
                     "nodeId",
                     "signatureFlow",
+                    "docmdpLevel",
                     "totalPages",
                     "size",
                     "pdfVersion",
@@ -1050,6 +1051,10 @@
                         "type": "integer",
                         "format": "int64"
                     },
+                    "docmdpLevel": {
+                        "type": "integer",
+                        "format": "int64"
+                    },
                     "totalPages": {
                         "type": "integer",
                         "format": "int64",

openapi.json

@@ -863,6 +863,7 @@
                     "statusText",
                     "nodeId",
                     "signatureFlow",
+                    "docmdpLevel",
                     "totalPages",
                     "size",
                     "pdfVersion",
@@ -900,6 +901,10 @@
                         "type": "integer",
                         "format": "int64"
                     },
+                    "docmdpLevel": {
+                        "type": "integer",
+                        "format": "int64"
+                    },
                     "totalPages": {
                         "type": "integer",
                         "format": "int64",

src/Components/RightSidebar/RequestSignatureTab.vue

@@ -4,6 +4,9 @@
 -->
 <template>
 	<div id="request-signature-tab">
+		<NcNoteCard v-if="showDocMdpWarning" type="warning">
+			{{ t('libresign', 'This document has been certified with no changes allowed. You cannot add more signers to this document.') }}
+		</NcNoteCard>
 		<NcButton v-if="filesStore.canAddSigner()"
 			:variant="hasSigners ? 'secondary' : 'primary'"
 			@click="addSigner">
@@ -209,6 +212,7 @@ import NcDialog from '@nextcloud/vue/components/NcDialog'
 import NcIconSvgWrapper from '@nextcloud/vue/components/NcIconSvgWrapper'
 import NcLoadingIcon from '@nextcloud/vue/components/NcLoadingIcon'
 import NcModal from '@nextcloud/vue/components/NcModal'
+import NcNoteCard from '@nextcloud/vue/components/NcNoteCard'
 
 import IdentifySigner from '../Request/IdentifySigner.vue'
 import VisibleElements from '../Request/VisibleElements.vue'
@@ -247,6 +251,7 @@ export default {
 		NcIconSvgWrapper,
 		NcLoadingIcon,
 		NcModal,
+		NcNoteCard,
 		NcDialog,
 		Delete,
 		Draw,
@@ -292,6 +297,9 @@ export default {
 		isOrderedNumeric() {
 			return this.signatureFlow === 'ordered_numeric'
 		},
+		showDocMdpWarning() {
+			return this.filesStore.isDocMdpNoChangesAllowed() && !this.filesStore.canAddSigner()
+		},
 		canEditSigningOrder() {
 			return (signer) => {
 				return this.isOrderedNumeric

src/store/files.js

@@ -133,6 +133,11 @@ export const useFilesStore = function(...args) {
 			},
 			canAddSigner(file) {
 				file = this.getFile(file)
+
+				if (this.isDocMdpNoChangesAllowed(file)) {
+					return false
+				}
+
 				return this.canRequestSign
 					&& (
 						!Object.hasOwn(file, 'requested_by')
@@ -141,6 +146,10 @@ export const useFilesStore = function(...args) {
 					&& !this.isPartialSigned(file)
 					&& !this.isFullSigned(file)
 			},
+			isDocMdpNoChangesAllowed(file) {
+				file = this.getFile(file)
+				return file.docmdpLevel === 1 && file.signers && file.signers.length > 0
+			},
 			canSave(file) {
 				file = this.getFile(file)
 				return this.canRequestSign

src/types/openapi/openapi-full.ts

@@ -1759,6 +1759,8 @@ export type components = {
             /** Format: int64 */
             signatureFlow: number;
             /** Format: int64 */
+            docmdpLevel: number;
+            /** Format: int64 */
             totalPages: number;
             /** Format: int64 */
             size: number;

src/types/openapi/openapi.ts

@@ -1281,6 +1281,8 @@ export type components = {
             /** Format: int64 */
             signatureFlow: number;
             /** Format: int64 */
+            docmdpLevel: number;
+            /** Format: int64 */
             totalPages: number;
             /** Format: int64 */
             size: number;

tests/php/Unit/Service/RequestSignatureServiceTest.php

@@ -13,6 +13,7 @@
 use OCA\Libresign\Db\SignRequestMapper;
 use OCA\Libresign\Handler\DocMdpHandler;
 use OCA\Libresign\Helper\ValidateHelper;
+use OCA\Libresign\Service\DocMdpConfigService;
 use OCA\Libresign\Service\FileElementService;
 use OCA\Libresign\Service\FileStatusService;
 use OCA\Libresign\Service\FolderService;
@@ -56,6 +57,7 @@ final class RequestSignatureServiceTest extends \OCA\Libresign\Tests\Unit\TestCa
 	private IEventDispatcher&MockObject $eventDispatcher;
 	private FileStatusService&MockObject $fileStatusService;
 	private SignRequestStatusService&MockObject $signRequestStatusService;
+	private DocMdpConfigService&MockObject $docMdpConfigService;
 
 	public function setUp(): void {
 		parent::setUp();
@@ -85,9 +87,10 @@ public function setUp(): void {
 		$this->eventDispatcher = $this->createMock(IEventDispatcher::class);
 		$this->fileStatusService = $this->createMock(FileStatusService::class);
 		$this->signRequestStatusService = $this->createMock(SignRequestStatusService::class);
+		$this->docMdpConfigService = $this->createMock(DocMdpConfigService::class);
 	}
 
-	private function getService(?SequentialSigningService $sequentialSigningService = null): RequestSignatureService {
+	private function getService(): RequestSignatureService {
 		return new RequestSignatureService(
 			$this->l10n,
 			$this->identifyMethodService,
@@ -104,11 +107,12 @@ private function getService(?SequentialSigningService $sequentialSigningService
 			$this->client,
 			$this->docMdpHandler,
 			$this->loggerInterface,
-			$sequentialSigningService ?? $this->sequentialSigningService,
+			$this->sequentialSigningService,
 			$this->appConfig,
 			$this->eventDispatcher,
 			$this->fileStatusService,
 			$this->signRequestStatusService,
+			$this->docMdpConfigService,
 		);
 	}