adjust cancan permissions

app/javascript/application.js

@@ -81,6 +81,7 @@ window.customElements.define('template-builder', class extends HTMLElement {
       template: reactive(JSON.parse(this.dataset.template)),
       backgroundColor: '#faf7f5',
       withPhone: this.dataset.withPhone === 'true',
+      withLogo: this.dataset.withLogo !== 'false',
       acceptFileTypes: this.dataset.acceptFileTypes,
       isDirectUpload: this.dataset.isDirectUpload === 'true'
     })

app/jobs/send_form_completed_webhook_request_job.rb

@@ -4,7 +4,7 @@ class SendFormCompletedWebhookRequestJob < ApplicationJob
   USER_AGENT = 'DocuSeal.co Webhook'
 
   def perform(submitter)
-    config = submitter.submission.account.encrypted_configs.find_by(key: EncryptedConfig::WEBHOOK_URL_KEY)
+    config = Accounts.load_webhook_configs(submitter.submission.account)
 
     return if config.blank? || config.value.blank?
 
@@ -15,7 +15,7 @@ class SendFormCompletedWebhookRequestJob < ApplicationJob
     Faraday.post(config.value,
                  {
                    event_type: 'form.completed',
-                   timestamp: Time.current.iso8601,
+                   timestamp: Time.current,
                    data: Submitters::SerializeForWebhook.call(submitter)
                  }.to_json,
                  'Content-Type' => 'application/json',

app/jobs/send_form_started_webhook_request_job.rb

@@ -4,7 +4,7 @@ class SendFormStartedWebhookRequestJob < ApplicationJob
   USER_AGENT = 'DocuSeal.co Webhook'
 
   def perform(submitter)
-    config = submitter.submission.account.encrypted_configs.find_by(key: EncryptedConfig::WEBHOOK_URL_KEY)
+    config = Accounts.load_webhook_configs(submitter.submission.account)
 
     return if config.blank? || config.value.blank?
 
@@ -13,7 +13,7 @@ class SendFormStartedWebhookRequestJob < ApplicationJob
     Faraday.post(config.value,
                  {
                    event_type: 'form.started',
-                   timestamp: Time.current.iso8601,
+                   timestamp: Time.current,
                    data: Submitters::SerializeForWebhook.call(submitter)
                  }.to_json,
                  'Content-Type' => 'application/json',

app/jobs/send_form_viewed_webhook_request_job.rb

@@ -4,7 +4,7 @@ class SendFormViewedWebhookRequestJob < ApplicationJob
   USER_AGENT = 'DocuSeal.co Webhook'
 
   def perform(submitter)
-    config = submitter.submission.account.encrypted_configs.find_by(key: EncryptedConfig::WEBHOOK_URL_KEY)
+    config = Accounts.load_webhook_configs(submitter.submission.account)
 
     return if config.blank? || config.value.blank?
 
@@ -13,7 +13,7 @@ class SendFormViewedWebhookRequestJob < ApplicationJob
     Faraday.post(config.value,
                  {
                    event_type: 'form.viewed',
-                   timestamp: Time.current.iso8601,
+                   timestamp: Time.current,
                    data: Submitters::SerializeForWebhook.call(submitter)
                  }.to_json,
                  'Content-Type' => 'application/json',

app/views/accounts/show.html.erb

@@ -21,8 +21,9 @@
           </div>
         </div>
       <% end %>
-      <% unless Docuseal.multitenant? %>
-        <%= f.fields_for @encrypted_config || EncryptedConfig.find_or_initialize_by(account: current_account, key: EncryptedConfig::APP_URL_KEY) do |ff| %>
+      <% encrypted_config = @encrypted_config || EncryptedConfig.find_or_initialize_by(account: current_account, key: EncryptedConfig::APP_URL_KEY) %>
+      <% if !Docuseal.multitenant? && can?(:manage, encrypted_config) %>
+        <%= f.fields_for encrypted_config do |ff| %>
           <div class="form-control">
             <%= ff.label :value, 'App URL', class: 'label' %>
             <%= ff.text_field :value, autocomplete: 'off', class: 'base-input' %>

app/views/layouts/_head_tags.html.erb

@@ -0,0 +1,4 @@
+<title>
+  DocuSeal | Open Source Document Filling and Signing
+</title>
+<%= render 'shared/meta' %>

app/views/layouts/application.html.erb

@@ -1,10 +1,7 @@
 <!DOCTYPE html>
 <html data-theme="docuseal" lang="en">
   <head>
-    <title>
-      DocuSeal | Open Source Document Filling and Signing
-    </title>
-    <%= render 'shared/meta' %>
+    <%= render 'layouts/head_tags' %>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <%= csrf_meta_tags %>
     <%= csp_meta_tag %>

app/views/layouts/form.html.erb

@@ -1,10 +1,7 @@
 <!DOCTYPE html>
 <html data-theme="docuseal" lang="en">
   <head>
-    <title>
-      DocuSeal | Open Source Document Filling and Signing
-    </title>
-    <%= render 'shared/meta' %>
+    <%= render 'layouts/head_tags' %>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <%= csrf_meta_tags %>
     <%= csp_meta_tag %>

app/views/layouts/plain.html.erb

@@ -1,10 +1,7 @@
 <!DOCTYPE html>
 <html data-theme="docuseal" lang="en">
   <head>
-    <title>
-      DocuSeal | Open Source Document Filling and Signing
-    </title>
-    <%= render 'shared/meta' %>
+    <%= render 'layouts/head_tags' %>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <%= csrf_meta_tags %>
     <%= csp_meta_tag %>

app/views/pages/landing.html.erb

@@ -22,7 +22,7 @@
             </div>
             <h3 class="mb-4 text-2xl font-semibold">Easy to Start</h3>
             <p class="text-base text-gray-500">
-              Run on your own host using <a href="https://hub.docker.com/r/docuseal/docuseal" class="link link-neutral font-bold" target="_blank">Docker</a> container, or deploy on  your favorite managed PaaS with a single <a href="https://www.docuseal.co/install" class="link link-neutral font-bold">click</a>.
+              Run on your own host using Docker container, or deploy on  your favorite managed PaaS with a single <a href="https://www.docuseal.co/install" class="link link-neutral font-bold">click</a>.
             </p>
           </div>
         </div>
@@ -70,4 +70,4 @@
     </div>
   </div>
 </section>
-<%= render 'shared/attribution' %>
+<%= render 'shared/attribution', with_counter: true %>

app/views/shared/_attribution.html.erb

@@ -1 +1 @@
-<%= render 'shared/powered_by' %>
+<%= render 'shared/powered_by', with_counter: local_assigns[:with_counter] %>

app/views/shared/_github.html.erb

@@ -0,0 +1,3 @@
+<a href="<%= Docuseal::GITHUB_URL %>" target="_blank" class="inline">
+  <img alt="GitHub Repo stars" src="https://www.docuseal.co/github-badge.svg" style="height: 22px">
+</a>

app/views/shared/_navbar.html.erb

@@ -1,14 +1,9 @@
 <div class="max-w-6xl mb-4 mx-auto px-4 md:px-2 py-3 flex items-center justify-between">
   <div class="flex items-center space-x-4">
     <a href="<%= root_path %>" class="text-2xl font-bold items-center flex space-x-2">
-      <%= render 'shared/logo' %>
-      <span>DocuSeal</span>
+      <%= render 'shared/title' %>
     </a>
-    <% unless Docuseal.demo? %>
-      <a href="<%= Docuseal::GITHUB_URL %>" target="_blank" class="inline">
-        <img alt="GitHub Repo stars" src="https://www.docuseal.co/github-badge.svg" style="height: 22px">
-      </a>
-    <% end %>
+    <%= render 'shared/github' %>
   </div>
   <% if signed_in? %>
     <div class="space-x-4 flex items-center">
@@ -16,11 +11,13 @@
         <%= render 'shared/github_button' %>
       <% else %>
         <div class="flex items-center justify-center space-x-4 mr-1">
-          <%= link_to Docuseal.multitenant? ? console_redirect_index_path : Docuseal::CONSOLE_URL, class: 'hidden md:inline-flex items-center font-medium text-lg', data: { prefetch: false } do %>
-            Console
-            <span class="badge badge-warning ml-1">New</span>
+          <% if can?(:manage, EncryptedConfig) && !can?(:manage, :tenants) %>
+            <%= link_to Docuseal.multitenant? ? console_redirect_index_path : Docuseal::CONSOLE_URL, class: 'hidden md:inline-flex items-center font-medium text-lg', data: { prefetch: false } do %>
+              Console
+              <span class="badge badge-warning ml-1">New</span>
+            <% end %>
+            <span class="hidden md:inline-flex h-3 border-r border-base-content"></span>
           <% end %>
-          <span class="hidden md:inline-flex h-3 border-r border-base-content"></span>
           <%= link_to 'Settings', settings_profile_index_path, class: 'hidden md:inline-flex font-medium text-lg' %>
         </div>
       <% end %>
@@ -35,7 +32,7 @@
               <span class="mr-1">Profile</span>
             <% end %>
           </li>
-          <% unless Docuseal.demo? %>
+          <% if !Docuseal.demo? && can?(:manage, EncryptedConfig) %>
             <li>
               <%= link_to Docuseal.multitenant? ? console_redirect_index_path : Docuseal::CONSOLE_URL, data: { prefetch: false }, class: 'flex items-center' do %>
                 <%= svg_icon('terminal', class: 'w-5 h-5 stroke-2') %>
@@ -43,12 +40,14 @@
               <% end %>
             </li>
           <% end %>
-          <li>
-            <%= link_to settings_esign_path, class: 'flex items-center' do %>
-              <%= svg_icon('zoom_check', class: 'w-5 h-5 stroke-2') %>
-              <span class="mr-1">Verify PDF</span>
-            <% end %>
-          </li>
+          <% if can?(:read, EncryptedConfig.new(key: EncryptedConfig::ESIGN_CERTS_KEY, account: current_account)) %>
+            <li>
+              <%= link_to settings_esign_path, class: 'flex items-center' do %>
+                <%= svg_icon('zoom_check', class: 'w-5 h-5 stroke-2') %>
+                <span class="mr-1">Verify PDF</span>
+              <% end %>
+            </li>
+          <% end %>
           <li>
             <%= button_to destroy_user_session_path, method: :delete, data: { turbo: false }, class: 'flex items-center' do %>
               <%= svg_icon('logout', class: 'w-5 h-5 stroke-2 mr-2 inline') %>

app/views/shared/_powered_by.html.erb

@@ -1,4 +1,13 @@
 <div class="text-center px-2">
-  Powered by
+  <% if local_assigns[:with_counter] %>
+    <% count = Submitter.where.not(completed_at: nil).distinct.count(:submission_id) %>
+    <% if count > 1 %>
+      <b><%= count %></b> documents signed with
+    <% else %>
+      Powered by
+    <% end %>
+  <% else %>
+    Powered by
+  <% end %>
   <a href="<%= Docuseal::PRODUCT_URL %>" class="underline"><%= Docuseal::PRODUCT_NAME %></a> - open source documents software
 </div>

app/views/shared/_settings_nav.html.erb

@@ -58,7 +58,7 @@
           <%= link_to 'Personalization', settings_personalization_path, class: 'text-base hover:bg-base-300' %>
         </li>
       <% end %>
-      <% unless Docuseal.demo? %>
+      <% if !Docuseal.demo? && can?(:manage, EncryptedConfig) %>
         <li>
           <%= link_to Docuseal.multitenant? ? console_redirect_index_path : Docuseal::CONSOLE_URL, class: 'text-base hover:bg-base-300', data: { prefetch: false } do %>
             Console
@@ -68,29 +68,31 @@
       <% end %>
     </ul>
   </menu-active>
-  <div class="mx-4 border-t border-base-300 hidden md:block">
-    <div class="text-sm mt-3">
-      Need help? Ask a question:
-    </div>
-    <div class="flex mt-3 space-x-3">
-      <div class="tooltip" data-tip="GitHub">
-        <a href="<%= Docuseal::GITHUB_URL %>" target="_blank" class="btn btn-circle btn-primary btn-md">
-          <%= svg_icon('brand_github', class: 'w-8 h-8') %>
-        </a>
-      </div>
-      <div class="tooltip" data-tip="Discord Community">
-        <a href="<%= Docuseal::DISCORD_URL %>" target="_blank" class="btn btn-circle btn-primary btn-md">
-          <%= svg_icon('brand_discord', class: 'w-8 h-8') %>
-        </a>
+  <% if !can?(:manage, :tenants) %>
+    <div class="mx-4 border-t border-base-300 hidden md:block">
+      <div class="text-sm mt-3">
+        Need help? Ask a question:
       </div>
-      <div class="tooltip" data-tip="Twitter">
-        <a href="<%= Docuseal::TWITTER_URL %>" target="_blank" class="btn btn-circle btn-primary btn-md">
-          <%= svg_icon('brand_twitter', class: 'w-8 h-8') %>
-        </a>
+      <div class="flex mt-3 space-x-3">
+        <div class="tooltip" data-tip="GitHub">
+          <a href="<%= Docuseal::GITHUB_URL %>" target="_blank" class="btn btn-circle btn-primary btn-md">
+            <%= svg_icon('brand_github', class: 'w-8 h-8') %>
+          </a>
+        </div>
+        <div class="tooltip" data-tip="Discord Community">
+          <a href="<%= Docuseal::DISCORD_URL %>" target="_blank" class="btn btn-circle btn-primary btn-md">
+            <%= svg_icon('brand_discord', class: 'w-8 h-8') %>
+          </a>
+        </div>
+        <div class="tooltip" data-tip="Twitter">
+          <a href="<%= Docuseal::TWITTER_URL %>" target="_blank" class="btn btn-circle btn-primary btn-md">
+            <%= svg_icon('brand_twitter', class: 'w-8 h-8') %>
+          </a>
+        </div>
       </div>
+      <a href="mailto:<%= Docuseal::SUPPORT_EMAIL %>" target="_blank" class="w-full block mt-4 underline text-center">
+        <%= Docuseal::SUPPORT_EMAIL %>
+      </a>
     </div>
-    <a href="mailto:<%= Docuseal::SUPPORT_EMAIL %>" target="_blank" class="w-full block mt-4 underline text-center">
-      <%= Docuseal::SUPPORT_EMAIL %>
-    </a>
-  </div>
+  <% end %>
 </div>

app/views/shared/_title.html.erb

@@ -0,0 +1,2 @@
+<%= render 'shared/logo' %>
+<span>DocuSeal</span>

app/views/templates/_submission.html.erb

@@ -39,7 +39,7 @@
       <% end %>
       <span class="btn btn-outline btn-sm w-20 md:w-24">View</span>
       <% if !submission.deleted_at? && can?(:destroy, submission) %>
-        <%= button_to button_title(title: nil, disabled_with: 'Remov', icon: svg_icon('trash', class: 'w-6 h-6')), submission_path(submission), class: 'btn btn-outline btn-sm', title: 'Delete', method: :delete, data: { turbo_confirm: 'Are you sure?' }, onclick: 'event.stopPropagation()' %>
+        <%= button_to button_title(title: nil, disabled_with: 'Remov', icon: svg_icon('trash', class: 'w-6 h-6')), submission_path(submission), class: 'btn btn-outline btn-sm', form: { class: 'flex' }, title: 'Delete', method: :delete, data: { turbo_confirm: 'Are you sure?' }, onclick: 'event.stopPropagation()' %>
       <% end %>
     </div>
   <% else %>
@@ -113,7 +113,7 @@
       <% end %>
       <span class="btn btn-outline btn-sm w-20 md:w-24">View</span>
       <% unless submission.deleted_at? %>
-        <%= button_to button_title(title: nil, disabled_with: 'Remov', icon: svg_icon('trash', class: 'w-6 h-6')), submission_path(submission), class: 'btn btn-outline btn-sm', title: 'Delete', method: :delete, data: { turbo_confirm: 'Are you sure?' }, onclick: 'event.stopPropagation()' %>
+        <%= button_to button_title(title: nil, disabled_with: 'Remov', icon: svg_icon('trash', class: 'w-6 h-6')), submission_path(submission), class: 'btn btn-outline btn-sm', form: { class: 'flex' }, title: 'Delete', method: :delete, data: { turbo_confirm: 'Are you sure?' }, onclick: 'event.stopPropagation()' %>
       <% end %>
     </div>
   <% end %>

lib/accounts.rb

@@ -43,12 +43,19 @@ module Accounts
     new_template
   end
 
+  def load_webhook_configs(account)
+    account = Account.order(:id).first unless Docuseal.multitenant?
+
+    account.encrypted_configs.find_by(key: EncryptedConfig::WEBHOOK_URL_KEY)
+  end
+
   def load_signing_pkcs(account)
     cert_data =
       if Docuseal.multitenant?
-        Docuseal::CERTS
+        EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || Docuseal::CERTS
       else
-        EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY).value
+        EncryptedConfig.find_by(account: Account.order(:id).first,
+                                key: EncryptedConfig::ESIGN_CERTS_KEY).value
       end
 
     if (default_cert = cert_data['custom']&.find { |e| e['status'] == 'default' })