* add named signing order values and defer to template signing order
* the enum changes and the default in submission.rb don't REALLY matter since almost all of our changes in future commits defer to templates.
* add template methods to know how many actual submitters there are and add complex default logic based on when fields are added or removed.
For example: If only 1 employee field it's single sided. If we add a manager field it automatically changes to employee_then_manager unless manually changed to a different dual sided. If either field is removed, it automatically switches back to single_sided
* enforce new signing order logic
- replace submitters_order_preserved? with signing_order_enforced? in send_signature_requests
- add manager_then_employee branch to send_signature_requests to send to second submitter first, while we don't send out emails with Docuseal, there are changes further down the line required
- skip submitters without fields for single_sided in create_from_submitters, this is mostly necessary for single_sided manager forms
- refactor current_submitter_order? to reverse submitter_items for manager_then_employee instead of special-casing index
* wire up named signing order through controllers
* when saving a template, check if preferences have changed, if it has changed, fire webhook event.
* changes in templates_controller.rb are for automatic updates based on field types. So if only 1 field type (employee fields only) this automatically updates
* template_preferences_controller.rb handles manual updates to signing order from user
* add signing order UI
- add SigningOrderModal component for selecting signing order from within the template builder
- show signing order button in builder toolbar only when template has 2+ submitter fields
* add template.preferences_updated webhook job
* add template.preferences_updated webhook support
- add template.preferences_updated to account default webhook events
- guard account create_careerplug_webhook against missing CAREERPLUG_WEBHOOK_URL env var
- create partnership-scoped webhook for template.preferences_updated on partnership creation
- add template.preferences_updated to WebhookUrl::EVENTS
- update PARTNERSHIP_EVENTS to only include template.preferences_updated
- return WebhookUrl.none instead of raising for templates with neither account nor partnership
- extend webhooks:setup_development rake task to create partnership webhooks
* rubocop and rspec fixes
* erb_lint violation fixes
* harden webhooks with account_id and partnership_id in payload
* we're requiring two points of contact in the db for multitenancy
* use external account id to match correctly in webhook payload
* PR comments
* handle submitter UUID not matching correctly with flash alert that surfaces to user
* add more testing for simultaneous and single sided orders
* add comment for skipping Devise auth for Iframe auth
* refactor template webhook enqueue to a shared concern
* use safe navigation for first_party name
* make default submitters_order value consistent between `lib/submissions.rb` and `submission.rb`
* more descriptive error message for signing order error
* update to non-predicate method for rubocop
we used to just return true or false, but we are using nil to signify that the submitter uuid is not found for the controller so the error can be surfaced to the user.
* erb_lint formatting fix
* PR comment changes
* change current_submitter_order to validate_submitter_order for clarity
* add translations
* Fix PDF regeneration after change requests
Allow PDFs to be regenerated when a submitter re-completes after a change
request by using timestamp-based detection. This ensures new PDFs are
generated while preserving old ones for audit trail.
Changes:
- Allow multiple 'complete' events per submitter (remove unique constraint)
- Compare event timestamps with completion time to detect stale events
- Add current_documents method to get latest PDF generation
- Prevent waiting forever on stale retry/start events from previous attempts
* Update audit trail generation for change requests
Regenerate audit trail PDF when submitter re-completes after a change request.
Remove DocuSeal branding from audit trail header and add missing translations
for request_changes events.
Changes:
- Regenerate audit trail when created before latest completion timestamp
- Remove DocuSeal logo and branding from audit trail header
- Add request_changes_by_html translations (English and Spanish)
- Generate new audit trail before cleaning up old ones (safer approach)
- Clean up old audit trail PDFs, keeping only the newest
* Change 'Request Changes' button text to 'Submit'
* Remove Download button from submissions view
* Fix download endpoint to return current documents after re-completion
* Add comprehensive tests and apply rubocop fixes
- Add tests for Submitter#current_documents method
- Add tests for PDF regeneration on re-completion
- Add tests for audit trail regeneration logic
- Apply rubocop fixes: use Rails range syntax, fix indentation
- Extract generate_and_record_documents to reduce method length
* fix potential NoMethodError and rubocop fixes
* Use ActiveStorage::Attachment directly instead of `#audit_trail`
* Fix line length in `process`
* Fix download filenames to exclude CloudFront query parameters
- Strip query parameters from URLs before extracting filenames in download buttons
- Add Content-Disposition headers to CloudFront signed URLs for proper browser filename handling
* remove Download combined PDF
* we don't do multiple submissions in the iframe, so this button is not needed
* line length fix
* add fallback filename and tests
* rubocop changes
* refactor build_cloudfront_url
reduce complexity of method by extracting into other methods, also reduces need for more in line comments.
* remove unused buttons
* remove "Resubmit" button and Docuseal logo/header in iframe
* remove template name in preview
* fix line length
* allow there to be no header
* fixed failing tests expecting header
* we don't typically want the header rendered in the iframe
* fix erb_lint violation
* Add partnership template authorization and ability system
* Update template authorization to support partnership context
* Add request context-based authorization for API access
* Implement hybrid partnership/account authorization logic
* Add submission authorization conditions for partnerships
* Support global partnership template access
* Add template cloning services for partnership workflows
* Update template cloning to require explicit target parameters, to allow for cloning for either account or from partnership
* Add Templates::CloneToAccount service for partnership to account cloning
* Add Templates::CloneToPartnership service for global to partnership cloning
* Add logic to detect account vs partnership template cloning with validation
* Add folder assignment logic for cloned templates
* Add external authentication and partnership support
* Update ExternalAuthService to support partnership OR account authentication
* Implement user assignment to accounts when partnership context is provided
* Support pure partnership authentication without account assignment
* Update API controllers for partnership template support
* Add partnership request context to API base controller
* Update submissions controller to support partnership templates
* Add partnership template cloning to templates clone controller
* Refactor template controller webhook logic to reduce complexity
* Support external_account_id parameter for partnership workflows
* Update web controllers and views for partnership template support
* Add tests
* erb_lint fixes
* add local claude file
* shared concern for handling partnership context
* remove overly permissive case
* global templates should be available for partnerships and accounts
* pass through access context in vue
* add tests
* add partnership context and tests to submissions
* add token refresh as last resort for a corrupted token
* Add external_id fields to accounts and users tables
Adds external_account_id and external_user_id fields to support
integration with external ATS systems. These fields will map
DocuSeal accounts/users to their corresponding ATS entities.
* Add external ID support to Account and User models
Implements find_or_create_by_external_id methods for both Account
and User models to support automatic provisioning from external
ATS systems. Users now have access tokens for authentication.
* Add external authentication API endpoint
Creates /api/external_auth/get_user_token endpoint for external API systems
to authenticate users and receive access tokens.
* Refactor authentication to support token-based login
Replaces demo user authentication and setup redirect logic with token-based authentication via params, session, or X-Auth-Token header.
Users do not login, they are just authenticated via token.
* Replace authenticate_user! with authenticate_via_token!
Refactored controllers to use authenticate_via_token! instead of authenticate_user! for authentication. Added authenticate_via_token! method to ApiBaseController.
* Update controller authentication and authorization logic
Removed and replaced several before_action and authorization checks in ExportController, SetupController, and TemplateDocumentsController.
* Add external authentication API endpoint
* Add IframeAuthentication concern for AJAX requests in iframe context
* Create shared concern to handle authentication from HTTP referer
* Extracts auth token from referer URL when AJAX requests don't include token
* Supports Vue component requests within iframes
* Remove old user authentication from dashboard controller
* Quick fix for request changes
Now that we have scoped users, we're changing this to compare to the template authot
* rubocop fixes
* Add and update authentication and model specs
Introduces new specs for iframe authentication, account, user, application controller, and external auth API.
* add safe navigation and remove dead method
- Add Base64-encoded JSON parameter support for ATS prefill values
- Implement field mapping between ATS field names and template field UUIDs
- Enhance merge logic to preserve existing submitter values while adding ATS prefill data
- Add comprehensive error handling for invalid Base64 and JSON parsing
- Update form rendering to use merged ATS values for prefill functionality
- Add integration tests for complete ATS prefill workflow
Add support for fetching prefill values from ATS system when task_assignment_id parameter is provided. This includes:
- New ATS API integration in PrefillFieldsHelper to fetch prefill values
- Cache layer for ATS prefill values with 30-minute TTL
- Merge logic to respect existing submitter values over ATS prefill values
- Error handling and logging for ATS API failures
- Integration with SubmitFormController to fetch values before form rendering
The feature allows forms to be pre-populated with candidate data from the ATS system while preserving any values already entered by submitters.
* new controller to handle change requests
* add button and modal on completed submission view to request changes
* webhook job will send out to external API when submission is updated for changes_requested_at
* email will be sent to user that need to make changes
* submission status steps back from "completed"
This commit removes various visual elements like logos, banners, and
buttons to create a cleaner and more focused user experience. It also
adds context files for AI assistants to aid in development.
Ryan Arakawa
Julie Graceffa
Bernardo Anderson
Bernardo Anderson
Pete Matsyburka
Alex Turchyn