docuseal

Commit Graph

Author	SHA1	Message	Date
Ryan Arakawa	741c548d26	CP-11042 partnership features updated (#26 ) * Add partnership template authorization and ability system * Update template authorization to support partnership context * Add request context-based authorization for API access * Implement hybrid partnership/account authorization logic * Add submission authorization conditions for partnerships * Support global partnership template access * Add template cloning services for partnership workflows * Update template cloning to require explicit target parameters, to allow for cloning for either account or from partnership * Add Templates::CloneToAccount service for partnership to account cloning * Add Templates::CloneToPartnership service for global to partnership cloning * Add logic to detect account vs partnership template cloning with validation * Add folder assignment logic for cloned templates * Add external authentication and partnership support * Update ExternalAuthService to support partnership OR account authentication * Implement user assignment to accounts when partnership context is provided * Support pure partnership authentication without account assignment * Update API controllers for partnership template support * Add partnership request context to API base controller * Update submissions controller to support partnership templates * Add partnership template cloning to templates clone controller * Refactor template controller webhook logic to reduce complexity * Support external_account_id parameter for partnership workflows * Update web controllers and views for partnership template support * Add tests * erb_lint fixes * add local claude file * shared concern for handling partnership context * remove overly permissive case * global templates should be available for partnerships and accounts * pass through access context in vue * add tests * add partnership context and tests to submissions * add token refresh as last resort for a corrupted token	2 months ago
Ryan Arakawa	4ec9e7fc5e	CP-10370 authentication (#15 ) * Add external_id fields to accounts and users tables Adds external_account_id and external_user_id fields to support integration with external ATS systems. These fields will map DocuSeal accounts/users to their corresponding ATS entities. * Add external ID support to Account and User models Implements find_or_create_by_external_id methods for both Account and User models to support automatic provisioning from external ATS systems. Users now have access tokens for authentication. * Add external authentication API endpoint Creates /api/external_auth/get_user_token endpoint for external API systems to authenticate users and receive access tokens. * Refactor authentication to support token-based login Replaces demo user authentication and setup redirect logic with token-based authentication via params, session, or X-Auth-Token header. Users do not login, they are just authenticated via token. * Replace authenticate_user! with authenticate_via_token! Refactored controllers to use authenticate_via_token! instead of authenticate_user! for authentication. Added authenticate_via_token! method to ApiBaseController. * Update controller authentication and authorization logic Removed and replaced several before_action and authorization checks in ExportController, SetupController, and TemplateDocumentsController. * Add external authentication API endpoint * Add IframeAuthentication concern for AJAX requests in iframe context * Create shared concern to handle authentication from HTTP referer * Extracts auth token from referer URL when AJAX requests don't include token * Supports Vue component requests within iframes * Remove old user authentication from dashboard controller * Quick fix for request changes Now that we have scoped users, we're changing this to compare to the template authot * rubocop fixes * Add and update authentication and model specs Introduces new specs for iframe authentication, account, user, application controller, and external auth API. * add safe navigation and remove dead method	4 months ago

Author

SHA1

Message

Date

Ryan Arakawa

741c548d26

CP-11042 partnership features updated (#26 )

* Add partnership template authorization and ability system

* Update template authorization to support partnership context
* Add request context-based authorization for API access
* Implement hybrid partnership/account authorization logic
* Add submission authorization conditions for partnerships
* Support global partnership template access

* Add template cloning services for partnership workflows

* Update template cloning to require explicit target parameters, to allow for cloning for either account or from partnership
* Add Templates::CloneToAccount service for partnership to account cloning
* Add Templates::CloneToPartnership service for global to partnership cloning
* Add logic to detect account vs partnership template cloning with validation
* Add folder assignment logic for cloned templates

* Add external authentication and partnership support

* Update ExternalAuthService to support partnership OR account authentication
* Implement user assignment to accounts when partnership context is provided
* Support pure partnership authentication without account assignment

* Update API controllers for partnership template support

* Add partnership request context to API base controller
* Update submissions controller to support partnership templates
* Add partnership template cloning to templates clone controller
* Refactor template controller webhook logic to reduce complexity
* Support external_account_id parameter for partnership workflows

* Update web controllers and views for partnership template support

* Add tests

* erb_lint fixes

* add local claude file

* shared concern for handling partnership context

* remove overly permissive case

* global templates should be available for partnerships and accounts

* pass through access context in vue

* add tests

* add partnership context and tests to submissions

* add token refresh as last resort for a corrupted token

Ryan Arakawa

4ec9e7fc5e

CP-10370 authentication (#15 )

* Add external_id fields to accounts and users tables

Adds external_account_id and external_user_id fields to support
integration with external ATS systems. These fields will map
DocuSeal accounts/users to their corresponding ATS entities.

* Add external ID support to Account and User models

Implements find_or_create_by_external_id methods for both Account
and User models to support automatic provisioning from external
ATS systems. Users now have access tokens for authentication.

* Add external authentication API endpoint

Creates /api/external_auth/get_user_token endpoint for external API systems
to authenticate users and receive access tokens.

* Refactor authentication to support token-based login

Replaces demo user authentication and setup redirect logic with token-based authentication via params, session, or X-Auth-Token header.

Users do not login, they are just authenticated via token.

* Replace authenticate_user! with authenticate_via_token!

Refactored controllers to use authenticate_via_token! instead of authenticate_user! for authentication. Added authenticate_via_token! method to ApiBaseController.

* Update controller authentication and authorization logic

Removed and replaced several before_action and authorization checks in ExportController, SetupController, and TemplateDocumentsController.

* Add external authentication API endpoint

* Add IframeAuthentication concern for AJAX requests in iframe context

* Create shared concern to handle authentication from HTTP referer
* Extracts auth token from referer URL when AJAX requests don't include token
* Supports Vue component requests within iframes

* Remove old user authentication from dashboard controller

* Quick fix for request changes

Now that we have scoped users, we're changing this to compare to the template authot

* rubocop fixes

* Add and update authentication and model specs

Introduces new specs for iframe authentication, account, user, application controller, and external auth API.

* add safe navigation and remove dead method

2 Commits (b110dec45254810c841f057f02ce39d79cf7eba5)