diff --git a/app/views/submissions/show.html.erb b/app/views/submissions/show.html.erb
index 3256ad36..9b39a43c 100644
--- a/app/views/submissions/show.html.erb
+++ b/app/views/submissions/show.html.erb
@@ -19,7 +19,7 @@
<%= svg_icon('external_link', class: 'w-6 h-6') %>
<%= t('audit_log') %>
- <% else %>
+ <% elsif signed_in? %>
<%= link_to submission_events_path(@submission), class: 'white-button', data: { turbo_frame: :modal } do %>
<%= svg_icon('logs', class: 'w-6 h-6') %>
<%= t('event_log') %>
@@ -105,7 +105,18 @@
<% value = values[field['uuid']] %>
<% value ||= field['default_value'] if field['type'] == 'heading' %>
<% next if value.blank? %>
- <%= render 'submissions/value', area:, field:, attachments_index:, value:, locale: @submission.account.locale, timezone: @submission.account.timezone, submitter: submitters_index[field['submitter_uuid']], with_signature_id: %>
+ <% if field.dig('preferences', 'mask').present? && signed_in? && can?(:read, @submission) %>
+
+
+ <%= render 'submissions/value', area:, field:, attachments_index:, value:, locale: @submission.account.locale, timezone: @submission.account.timezone, submitter: submitters_index[field['submitter_uuid']], with_signature_id: %>
+
+
+ <%= render 'submissions/value', area:, field:, attachments_index:, value: Array.wrap(value).map { |e| TextUtils.mask_value(e) }.join(', '), locale: @submission.account.locale, timezone: @submission.account.timezone, submitter: submitters_index[field['submitter_uuid']], with_signature_id: %>
+
+
+ <% else %>
+ <%= render 'submissions/value', area:, field:, attachments_index:, value: field.dig('preferences', 'mask').present? ? Array.wrap(value).map { |e| TextUtils.mask_value(e) }.join(', ') : value, locale: @submission.account.locale, timezone: @submission.account.timezone, submitter: submitters_index[field['submitter_uuid']], with_signature_id: %>
+ <% end %>
<% end %>
@@ -232,12 +243,21 @@
<% elsif field['type'] == 'checkbox' %>
<%= svg_icon('check', class: 'w-6 h-6') %>
- <% elsif field['type'] == 'number' %>
- <%= NumberUtils.format_number(value, field.dig('preferences', 'format')) %>
- <% elsif field['type'] == 'date' %>
- <%= TimeUtils.format_date_string(value, field.dig('preferences', 'format'), @submission.account.locale) %>
<% else %>
- <%= Array.wrap(value).join(', ') %>
+ <% if field['type'] == 'number' %>
+ <% value = NumberUtils.format_number(value, field.dig('preferences', 'format')) %>
+ <% elsif field['type'] == 'date' %>
+ <% value = TimeUtils.format_date_string(value, field.dig('preferences', 'format'), @submission.account.locale) %>
+ <% end %>
+ <% if field.dig('preferences', 'mask').present? %>
+ <% if signed_in? && can?(:read, @submission) %>
+ <%= Array.wrap(value).join(', ') %>
+ <% else %>
+ <%= Array.wrap(value).map { |e| TextUtils.mask_value(e) }.join(', ') %>
+ <% end %>
+ <% else %>
+ <%= Array.wrap(value).join(', ') %>
+ <% end %>
<% end %>
diff --git a/app/views/submit_form/show.html.erb b/app/views/submit_form/show.html.erb
index 02967492..0ef05cc8 100644
--- a/app/views/submit_form/show.html.erb
+++ b/app/views/submit_form/show.html.erb
@@ -58,7 +58,7 @@
<% next if field['conditions'].present? && values[field['uuid']].blank? && field['submitter_uuid'] != @submitter.uuid %>
<% next if field['conditions'].present? && field['submitter_uuid'] == @submitter.uuid %>
<% next if field.dig('preferences', 'formula').present? && field['submitter_uuid'] == @submitter.uuid %>
- <%= render 'submissions/value', area:, field:, attachments_index: @attachments_index, value:, locale: @submitter.account.locale, timezone: @submitter.account.timezone, submitter: submitters_index[field['submitter_uuid']], with_signature_id: @form_configs[:with_signature_id] %>
+ <%= render 'submissions/value', area:, field:, attachments_index: @attachments_index, value: field.dig('preferences', 'mask').present? ? TextUtils.mask_value(value) : value, locale: @submitter.account.locale, timezone: @submitter.account.timezone, submitter: submitters_index[field['submitter_uuid']], with_signature_id: @form_configs[:with_signature_id] %>
<% end %>
diff --git a/lib/submissions/generate_audit_trail.rb b/lib/submissions/generate_audit_trail.rb
index f787c5fb..c5870418 100644
--- a/lib/submissions/generate_audit_trail.rb
+++ b/lib/submissions/generate_audit_trail.rb
@@ -366,6 +366,8 @@ module Submissions
value = value.join(', ') if value.is_a?(Array)
+ value = TextUtils.mask_value(value) if field.dig('preferences', 'mask').present?
+
composer.formatted_text_box([{ text: TextUtils.maybe_rtl_reverse(value.to_s.presence || 'n/a') }],
text_align: value.to_s.match?(RTL_REGEXP) ? :right : :left,
padding: [0, 0, 10, 0])
diff --git a/lib/submissions/generate_result_attachments.rb b/lib/submissions/generate_result_attachments.rb
index 3039ac19..4692cad1 100644
--- a/lib/submissions/generate_result_attachments.rb
+++ b/lib/submissions/generate_result_attachments.rb
@@ -391,6 +391,8 @@ module Submissions
when ->(type) { type == 'cells' && !area['cell_w'].to_f.zero? }
cell_width = area['cell_w'] * width
+ value = TextUtils.mask_value(value) if field.dig('preferences', 'mask').present?
+
chars = TextUtils.maybe_rtl_reverse(value).chars
chars = chars.reverse if field.dig('preferences', 'align') == 'right'
@@ -440,6 +442,8 @@ module Submissions
value = TextUtils.maybe_rtl_reverse(Array.wrap(value).join(', '))
+ value = TextUtils.mask_value(value) if field.dig('preferences', 'mask').present?
+
text_params = { font:, fill_color:, font_size: }
text_params[:line_height] = text_params[:font_size] * 1.6 if font_name == COURIER_FONT
diff --git a/lib/text_utils.rb b/lib/text_utils.rb
index 8d33f3ef..c5c00e03 100644
--- a/lib/text_utils.rb
+++ b/lib/text_utils.rb
@@ -2,6 +2,8 @@
module TextUtils
RTL_REGEXP = /[\p{Hebrew}\p{Arabic}]/
+ MASK_REGEXP = /[^\s\-_\[\]\(\)\+\?\.\,]/
+ MASK_SYMBOL = 'X'
module_function
@@ -13,6 +15,10 @@ module TextUtils
false
end
+ def mask_value(text)
+ text.to_s.gsub(MASK_REGEXP, MASK_SYMBOL)
+ end
+
def maybe_rtl_reverse(text)
if text.match?(RTL_REGEXP)
TwitterCldr::Shared::Bidi