From 95db530de636060a72c9d1f0087cd2d97a3d2aca Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Wed, 28 Aug 2024 16:45:47 +0200
Subject: [PATCH 1/9] forbid downloads before end

---
 .../esupsignature/entity/Workflow.java            | 12 +++++++++++-
 .../esupsignature/service/SignRequestService.java | 15 ++++++++++-----
 .../esupsignature/service/WorkflowService.java    |  1 +
 .../js/modules/ui/signrequests/WorkspacePdf.js    |  2 +-
 .../templates/admin/workflows/update.html         |  4 ++++
 .../user/signrequests/cards/stepscard.html        |  2 +-
 .../templates/user/signrequests/show.html         |  2 +-
 7 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/esupportail/esupsignature/entity/Workflow.java b/src/main/java/org/esupportail/esupsignature/entity/Workflow.java
index 271259ba7..bc37f177a 100644
--- a/src/main/java/org/esupportail/esupsignature/entity/Workflow.java
+++ b/src/main/java/org/esupportail/esupsignature/entity/Workflow.java
@@ -57,7 +57,9 @@ public class Workflow {
     private Boolean sendAlertToAllRecipients = false;
 
     private String documentsSourceUri;
-    
+
+    private Boolean forbidDownloadsBeforeEnd = true;
+
     @ElementCollection(targetClass = String.class, fetch = FetchType.EAGER)
     private Set<String> managers = new HashSet<>();
 
@@ -323,4 +325,12 @@ public String getMessageToDisplay() {
     public void setMessageToDisplay(String messageToDisplay) {
         this.messageToDisplay = messageToDisplay;
     }
+
+    public Boolean getForbidDownloadsBeforeEnd() {
+        return forbidDownloadsBeforeEnd;
+    }
+
+    public void setForbidDownloadsBeforeEnd(Boolean forbidDownloadsBeforeEnd) {
+        this.forbidDownloadsBeforeEnd = forbidDownloadsBeforeEnd;
+    }
 }
diff --git a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
index 0efcdb6b5..b9dc9ea3f 100644
--- a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
@@ -10,16 +10,14 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.BooleanUtils;
 import org.esupportail.esupsignature.config.GlobalProperties;
 import org.esupportail.esupsignature.dss.service.FOPService;
 import org.esupportail.esupsignature.dto.RecipientWsDto;
 import org.esupportail.esupsignature.dto.js.JsMessage;
 import org.esupportail.esupsignature.entity.*;
 import org.esupportail.esupsignature.entity.enums.*;
-import org.esupportail.esupsignature.exception.EsupSignatureFsException;
-import org.esupportail.esupsignature.exception.EsupSignatureIOException;
-import org.esupportail.esupsignature.exception.EsupSignatureMailException;
-import org.esupportail.esupsignature.exception.EsupSignatureRuntimeException;
+import org.esupportail.esupsignature.exception.*;
 import org.esupportail.esupsignature.repository.SignBookRepository;
 import org.esupportail.esupsignature.repository.SignRequestRepository;
 import org.esupportail.esupsignature.service.interfaces.fs.FsAccessFactoryService;
@@ -899,8 +897,11 @@ public boolean getAttachmentResponse(Long signRequestId, Long attachementId, Htt
 	}
 
 	@Transactional
-	public void getToSignFileResponse(Long signRequestId, String disposition, HttpServletResponse httpServletResponse) throws IOException, EsupSignatureRuntimeException {
+	public void getToSignFileResponse(Long signRequestId, String disposition, HttpServletResponse httpServletResponse) throws IOException, EsupSignatureRuntimeException, EsupSignatureException {
 		SignRequest signRequest = getById(signRequestId);
+		if(disposition.equals("attachment") && signRequest.getParentSignBook().getLiveWorkflow().getWorkflow() != null &&  BooleanUtils.isTrue(signRequest.getParentSignBook().getLiveWorkflow().getWorkflow().getForbidDownloadsBeforeEnd()) && !signRequest.getStatus().equals(SignRequestStatus.completed)) {
+			throw new EsupSignatureException("Téléchargement interdit avant la fin du circuit");
+		}
 		if (!signRequest.getStatus().equals(SignRequestStatus.exported)) {
 			List<Document> documents = signService.getToSignDocuments(signRequest.getId());
 			Document document;
@@ -996,6 +997,10 @@ public byte[] getZipWithDocAndReport(SignRequest signRequest, HttpServletRequest
 	@Transactional
 	public void getFileResponse(Long documentId, HttpServletResponse httpServletResponse) throws IOException {
 		Document document = documentService.getById(documentId);
+		SignRequest signRequest = getById(document.getParentId());
+		if(signRequest.getParentSignBook().getLiveWorkflow().getWorkflow() != null && BooleanUtils.isTrue(signRequest.getParentSignBook().getLiveWorkflow().getWorkflow().getForbidDownloadsBeforeEnd()) && !signRequest.getStatus().equals(SignRequestStatus.completed)) {
+			throw new EsupSignatureRuntimeException("Téléchargement interdit avant la fin du circuit");
+		}
 		webUtilsService.copyFileStreamToHttpResponse(document.getFileName(), document.getContentType(), "attachment", document.getInputStream(), httpServletResponse);
 	}
 
diff --git a/src/main/java/org/esupportail/esupsignature/service/WorkflowService.java b/src/main/java/org/esupportail/esupsignature/service/WorkflowService.java
index 453cfe6dd..b072eb35c 100644
--- a/src/main/java/org/esupportail/esupsignature/service/WorkflowService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/WorkflowService.java
@@ -492,6 +492,7 @@ public Workflow update(Workflow workflow, User user, String[] types, Set<String>
         workflowToUpdate.setSealAtEnd(workflow.getSealAtEnd());
         workflowToUpdate.setOwnerSystem(workflow.getOwnerSystem());
         workflowToUpdate.setDisableDeleteByCreator(workflow.getDisableDeleteByCreator());
+        workflowToUpdate.setForbidDownloadsBeforeEnd(workflow.getForbidDownloadsBeforeEnd());
         workflowToUpdate.setScanPdfMetadatas(workflow.getScanPdfMetadatas());
         workflowToUpdate.setSendAlertToAllRecipients(workflow.getSendAlertToAllRecipients());
         workflowToUpdate.getRoles().clear();
diff --git a/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js b/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
index 673412830..23f4e9996 100644
--- a/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
+++ b/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
@@ -47,7 +47,7 @@ export class WorkspacePdf {
             if(currentSignType === "form") {
                 this.pdfViewer = new PdfViewer('/admin/forms/get-file/' + id, signable, editable, currentStepNumber, this.forcePageNum, fields, true);
             } else {
-                this.pdfViewer = new PdfViewer('/ws-secure/global/get-last-file/' + id, signable, editable, currentStepNumber, this.forcePageNum, fields, false);
+                this.pdfViewer = new PdfViewer('/ws-secure/global/get-last-file-inline/' + id, signable, editable, currentStepNumber, this.forcePageNum, fields, false);
             }
         }
         this.signPosition = new SignPosition(
diff --git a/src/main/resources/templates/admin/workflows/update.html b/src/main/resources/templates/admin/workflows/update.html
index e4b82f2c9..09004bb77 100644
--- a/src/main/resources/templates/admin/workflows/update.html
+++ b/src/main/resources/templates/admin/workflows/update.html
@@ -155,6 +155,10 @@ <h3>WORKFLOW ID : <input type="text" readonly disabled th:value="${workflow.id}"
                             <input id="sendAlertToAllRecipients" type="checkbox" class="form-check-input" th:field="*{sendAlertToAllRecipients}"/>
                             <label for="sendAlertToAllRecipients" class="form-check-label">Avertir tous les participants à la fin du circuit ?</label>
                         </div>
+                        <div class="form-check mb-2">
+                            <input id="forbidDownloadsBeforeEnd" type="checkbox" class="form-check-input" th:field="*{forbidDownloadsBeforeEnd}"/>
+                            <label for="forbidDownloadsBeforeEnd" class="form-check-label">Bloquer les téléchargements jusqu’à la fin du circuit ?</label>
+                        </div>
                         <div class="form-check mb-2">
                             <input id="scanPdfMetadatas" type="checkbox" class="form-check-input" th:field="*{scanPdfMetadatas}"/>
                             <label for="scanPdfMetadatas" class="form-check-label">Construction du circuit à partir des métadonnées des pdf importés</label>
diff --git a/src/main/resources/templates/user/signrequests/cards/stepscard.html b/src/main/resources/templates/user/signrequests/cards/stepscard.html
index 33863fb9d..872c9af2d 100644
--- a/src/main/resources/templates/user/signrequests/cards/stepscard.html
+++ b/src/main/resources/templates/user/signrequests/cards/stepscard.html
@@ -75,7 +75,7 @@
                                             </td>
                                             <td>
                                                 <a class="btn btn-sm btn-outline-primary"
-                                                    th:if="${signRequest.signedDocuments.size() > iterator.index && signRequest.recipientHasSigned.get(recipient) != null && signRequest.recipientHasSigned.get(recipient).actionType.name() == 'signed'}"
+                                                    th:if="${(signRequest.parentSignBook.liveWorkflow.workflow == null || signRequest.parentSignBook.liveWorkflow.workflow.forbidDownloadsBeforeEnd == null || !signRequest.parentSignBook.liveWorkflow.workflow.forbidDownloadsBeforeEnd) && signRequest.signedDocuments.size() > iterator.index && signRequest.recipientHasSigned.get(recipient) != null && signRequest.recipientHasSigned.get(recipient).actionType.name() == 'signed'}"
                                                     th:href="@{'/ws-secure/global/get-file/' + ${signRequest.signedDocuments.get(iterator.index).id}}"
                                                     title="Récupérer le document signé à cette étape">
                                                     <i class="fa-solid fa-download"></i></a>
diff --git a/src/main/resources/templates/user/signrequests/show.html b/src/main/resources/templates/user/signrequests/show.html
index 9408ffb3e..02b963d7c 100644
--- a/src/main/resources/templates/user/signrequests/show.html
+++ b/src/main/resources/templates/user/signrequests/show.html
@@ -97,7 +97,7 @@
                             <i th:if="${!signRequest.deleted}" class="fa-solid fa-trash-alt fa-xl" style="margin-top: -8px;"></i>
                         </button>
                     </li>
-                    <li th:if="${signRequest.status == T(org.esupportail.esupsignature.entity.enums.SignRequestStatus).pending}">
+                    <li th:if="${(signRequest.parentSignBook.liveWorkflow.workflow == null || signRequest.parentSignBook.liveWorkflow.workflow.forbidDownloadsBeforeEnd == null || !signRequest.parentSignBook.liveWorkflow.workflow.forbidDownloadsBeforeEnd) && signRequest.status == T(org.esupportail.esupsignature.entity.enums.SignRequestStatus).pending}">
                         <a class="btn-lg btn-floating bg-primary waves-effect"
                             th:href="'/ws-secure/global/get-last-file/' + ${id}" target="_blank"
                             title="Télécharger le document"><i class="fa-solid fa-file-download fa-2xl"></i></a>

From 2565284aa7150664922cf5277a739063c2e25e23 Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Thu, 29 Aug 2024 16:18:45 +0200
Subject: [PATCH 2/9] disable print on with forbidDownloadsBeforeEnd = true

---
 .../esupsignature/service/SignRequestService.java    |  2 +-
 .../web/wssecure/GlobalWsSecureController.java       | 12 ++++++++++++
 .../js/modules/ui/signrequests/WorkspacePdf.js       |  2 +-
 .../templates/user/signrequests/includes/tools.html  |  3 ++-
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
index b9dc9ea3f..bc183921c 100644
--- a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
@@ -899,7 +899,7 @@ public boolean getAttachmentResponse(Long signRequestId, Long attachementId, Htt
 	@Transactional
 	public void getToSignFileResponse(Long signRequestId, String disposition, HttpServletResponse httpServletResponse) throws IOException, EsupSignatureRuntimeException, EsupSignatureException {
 		SignRequest signRequest = getById(signRequestId);
-		if(disposition.equals("attachment") && signRequest.getParentSignBook().getLiveWorkflow().getWorkflow() != null &&  BooleanUtils.isTrue(signRequest.getParentSignBook().getLiveWorkflow().getWorkflow().getForbidDownloadsBeforeEnd()) && !signRequest.getStatus().equals(SignRequestStatus.completed)) {
+		if(!disposition.equals("form-data") && signRequest.getParentSignBook().getLiveWorkflow().getWorkflow() != null &&  BooleanUtils.isTrue(signRequest.getParentSignBook().getLiveWorkflow().getWorkflow().getForbidDownloadsBeforeEnd()) && !signRequest.getStatus().equals(SignRequestStatus.completed)) {
 			throw new EsupSignatureException("Téléchargement interdit avant la fin du circuit");
 		}
 		if (!signRequest.getStatus().equals(SignRequestStatus.exported)) {
diff --git a/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java b/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java
index 20cbe42a3..70e4d52ee 100644
--- a/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java
+++ b/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java
@@ -130,6 +130,18 @@ public ResponseEntity<Void> getLastFileFromSignRequestInLine(@ModelAttribute("us
         return ResponseEntity.internalServerError().build();
     }
 
+    @PreAuthorize("@preAuthorizeService.signRequestView(#id, #userEppn, #authUserEppn)")
+    @GetMapping(value = "/get-last-file-pdf/{id}")
+    public ResponseEntity<Void> getLastFileFromSignRequestPdf(@ModelAttribute("userEppn") String userEppn, @ModelAttribute("authUserEppn") String authUserEppn, @PathVariable("id") Long id, HttpServletResponse httpServletResponse) {
+        try {
+            signRequestService.getToSignFileResponse(id, "form-data", httpServletResponse);
+            return ResponseEntity.ok().build();
+        } catch (Exception e) {
+            logger.error(e.getMessage(), e);
+        }
+        return ResponseEntity.internalServerError().build();
+    }
+
     @PreAuthorize("@preAuthorizeService.signRequestView(#id, #userEppn, #authUserEppn)")
     @GetMapping(value = "/get-last-file-report/{id}")
     public ResponseEntity<Void> getLastFileReport(@ModelAttribute("userEppn") String userEppn, @ModelAttribute("authUserEppn") String authUserEppn, @PathVariable("id") Long id, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
diff --git a/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js b/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
index 23f4e9996..d14769400 100644
--- a/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
+++ b/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
@@ -47,7 +47,7 @@ export class WorkspacePdf {
             if(currentSignType === "form") {
                 this.pdfViewer = new PdfViewer('/admin/forms/get-file/' + id, signable, editable, currentStepNumber, this.forcePageNum, fields, true);
             } else {
-                this.pdfViewer = new PdfViewer('/ws-secure/global/get-last-file-inline/' + id, signable, editable, currentStepNumber, this.forcePageNum, fields, false);
+                this.pdfViewer = new PdfViewer('/ws-secure/global/get-last-file-pdf/' + id, signable, editable, currentStepNumber, this.forcePageNum, fields, false);
             }
         }
         this.signPosition = new SignPosition(
diff --git a/src/main/resources/templates/user/signrequests/includes/tools.html b/src/main/resources/templates/user/signrequests/includes/tools.html
index 039fbcd4f..35e45ea38 100644
--- a/src/main/resources/templates/user/signrequests/includes/tools.html
+++ b/src/main/resources/templates/user/signrequests/includes/tools.html
@@ -6,7 +6,8 @@
 		<a th:unless="${user.userType.name() == 'external'}" class="btn btn-light btn-outline-dark d-none d-lg-block" title="Détails"data-bs-toggle="modal" data-bs-target="#detailsModal">
 			<i class="fa-solid fa-info-circle"></i>
 		</a>
-		<a class="btn btn-light btn-outline-dark d-none d-lg-block ms-1 me-1"
+		<a th:if="${(signRequest.parentSignBook.liveWorkflow.workflow == null || signRequest.parentSignBook.liveWorkflow.workflow.forbidDownloadsBeforeEnd == null || !signRequest.parentSignBook.liveWorkflow.workflow.forbidDownloadsBeforeEnd) && signRequest.status == T(org.esupportail.esupsignature.entity.enums.SignRequestStatus).pending}"
+		   class="btn btn-light btn-outline-dark d-none d-lg-block ms-1 me-1"
 		   onclick="printIt()" target="_blank"
 		   title="Imprimer le document"><i class="fa-solid fa-print"></i></a>
 		<script th:inline="javascript">

From 57818f8351e248f859757cd13653c389501f01af Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Thu, 29 Aug 2024 16:23:43 +0200
Subject: [PATCH 3/9] 1.29.17-SNAPSHOT

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a6e3ba52d..236fe4d19 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
 	</parent>
 	<groupId>org.esupportail</groupId>
 	<artifactId>esup-signature</artifactId>
-	<version>1.29.16-SNAPSHOT</version>
+	<version>1.29.17-SNAPSHOT</version>
 	<name>esup-signature</name>
 	<properties>
 		<startClass>org.esupportail.esupsignature.EsupSignatureApplication</startClass>

From bb1124c2629224a10cc2431089b6a89ffb8aa504 Mon Sep 17 00:00:00 2001
From: "david.lemaignent" <david.lemaignent@univ-rouen.fr>
Date: Thu, 29 Aug 2024 14:29:12 +0000
Subject: [PATCH 4/9] Add new file

---
 .gitlab-ci.yml | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 .gitlab-ci.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 000000000..2c2878ef5
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,63 @@
+stages:
+  - test
+  - deploy
+
+# Job pour exécuter les tests d'intégration
+integration_test:
+  stage: test
+  script:
+    - set -e
+    - mvn clean package -Dspring.config.location=/opt/esup-signature-test-work/application.yml -Djava.io.tmpdir=/opt/esup-signature-test-work/tmp
+  only:
+    - test
+  tags:
+    - test
+  dependencies:
+    - integration_test
+# Job pour exécuter les tests selenium
+selenium_test:
+  stage: test
+  script:
+    - set -e
+    - mvn verify -Djava.io.tmpdir=/opt/esup-signature-test-work/tmp -DskipSurefire=true -DskipDockerCompose=false
+  only:
+    - test
+  tags:
+    - test
+# Job pour le déploiement en environnement de test
+deploy_test:
+  stage: deploy
+  script:
+    - set -e
+    - mvn clean package -DskipTests -Dspring.config.location=/opt/esup-signature-test-work/application.yml -Djava.io.tmpdir=/opt/esup-signature-test-work/tmp
+    - sudo systemctl stop esup-signature-test.service
+    - rm -f /opt/esup-signature-test-work/esup-signature.war
+    - cp target/esup-signature.war /opt/esup-signature-test-work/
+    - sudo systemctl restart esup-signature-test.service
+  only:
+    - test
+  tags:
+    - test
+  dependencies:
+    - selenium_test
+    - integration_test
+
+# Job pour le déploiement en production (sans exécution des tests)
+deploy_prod:
+  stage: deploy
+  script:
+    - set -e
+    - mvn clean package -DskipTests -Dspring.config.location=/opt/esup-signature/application.yml
+    - sudo systemctl stop esup-signature.service
+    - rm -f /opt/esup-signature/esup-signature.war
+    - cp target/esup-signature.war /opt/esup-signature/
+    - sudo systemctl restart esup-signature.service
+  only:
+    - tags
+  except:
+    - dev
+    - prod
+    - test
+    - master
+  tags:
+    - prod2
\ No newline at end of file

From 6867bc639fd1072b2d67458d1fd9224e7e6ff791 Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Fri, 30 Aug 2024 08:50:12 +0200
Subject: [PATCH 5/9] rm gitlab-ci

---
 .gitlab-ci.yml | 63 --------------------------------------------------
 1 file changed, 63 deletions(-)
 delete mode 100644 .gitlab-ci.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index 2c2878ef5..000000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-stages:
-  - test
-  - deploy
-
-# Job pour exécuter les tests d'intégration
-integration_test:
-  stage: test
-  script:
-    - set -e
-    - mvn clean package -Dspring.config.location=/opt/esup-signature-test-work/application.yml -Djava.io.tmpdir=/opt/esup-signature-test-work/tmp
-  only:
-    - test
-  tags:
-    - test
-  dependencies:
-    - integration_test
-# Job pour exécuter les tests selenium
-selenium_test:
-  stage: test
-  script:
-    - set -e
-    - mvn verify -Djava.io.tmpdir=/opt/esup-signature-test-work/tmp -DskipSurefire=true -DskipDockerCompose=false
-  only:
-    - test
-  tags:
-    - test
-# Job pour le déploiement en environnement de test
-deploy_test:
-  stage: deploy
-  script:
-    - set -e
-    - mvn clean package -DskipTests -Dspring.config.location=/opt/esup-signature-test-work/application.yml -Djava.io.tmpdir=/opt/esup-signature-test-work/tmp
-    - sudo systemctl stop esup-signature-test.service
-    - rm -f /opt/esup-signature-test-work/esup-signature.war
-    - cp target/esup-signature.war /opt/esup-signature-test-work/
-    - sudo systemctl restart esup-signature-test.service
-  only:
-    - test
-  tags:
-    - test
-  dependencies:
-    - selenium_test
-    - integration_test
-
-# Job pour le déploiement en production (sans exécution des tests)
-deploy_prod:
-  stage: deploy
-  script:
-    - set -e
-    - mvn clean package -DskipTests -Dspring.config.location=/opt/esup-signature/application.yml
-    - sudo systemctl stop esup-signature.service
-    - rm -f /opt/esup-signature/esup-signature.war
-    - cp target/esup-signature.war /opt/esup-signature/
-    - sudo systemctl restart esup-signature.service
-  only:
-    - tags
-  except:
-    - dev
-    - prod
-    - test
-    - master
-  tags:
-    - prod2
\ No newline at end of file

From 685a6c3863513c453685189931c3df04d0774751 Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Fri, 30 Aug 2024 08:50:50 +0200
Subject: [PATCH 6/9] fix dl with web services

---
 .../esupsignature/web/ws/SignRequestWsController.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java b/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java
index 7fd22bfe0..384545711 100644
--- a/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java
+++ b/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java
@@ -222,7 +222,7 @@ public ResponseEntity<String> deleteSignBook(@PathVariable Long id,
     public ResponseEntity<Void> getLastFileFromSignRequest(@PathVariable("id") Long id,
                                                            @ModelAttribute("xApiKey") @Parameter(hidden = true) String xApiKey, HttpServletResponse httpServletResponse) {
         try {
-            signRequestService.getToSignFileResponse(id, "attachment", httpServletResponse);
+            signRequestService.getToSignFileResponse(id, "form-data", httpServletResponse);
             return ResponseEntity.ok().build();
         } catch (Exception e) {
             logger.error(e.getMessage(), e);

From 6c14ec12cc9134e635394714a5185b890f4e87d5 Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Fri, 30 Aug 2024 09:12:32 +0200
Subject: [PATCH 7/9] secure dl file+report

---
 .../service/SignRequestService.java           |   5 +-
 .../web/ws/SignRequestWsController.java       |   2 +-
 .../wssecure/GlobalWsSecureController.java    |   2 +-
 .../resources/templates/public/control.html   | 312 +++++++++---------
 .../user/signrequests/includes/details.html   |  12 +-
 5 files changed, 169 insertions(+), 164 deletions(-)

diff --git a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
index bc183921c..b13867cde 100644
--- a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
@@ -939,8 +939,11 @@ public void getToSignFileResponseWithCode(Long signRequestId, HttpServletRespons
 
 
 	@Transactional
-	public void getSignedFileAndReportResponse(Long signRequestId, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
+	public void getSignedFileAndReportResponse(Long signRequestId, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean force) throws Exception {
 		SignRequest signRequest = getById(signRequestId);
+		if(!force && signRequest.getParentSignBook().getLiveWorkflow().getWorkflow() != null &&  BooleanUtils.isTrue(signRequest.getParentSignBook().getLiveWorkflow().getWorkflow().getForbidDownloadsBeforeEnd()) && !signRequest.getStatus().equals(SignRequestStatus.completed)) {
+			throw new EsupSignatureException("Téléchargement interdit avant la fin du circuit");
+		}
 		webUtilsService.copyFileStreamToHttpResponse(signRequest.getTitle() + "-avec_rapport", "application/zip; charset=utf-8", "attachment", new ByteArrayInputStream(getZipWithDocAndReport(signRequest, httpServletRequest, httpServletResponse)), httpServletResponse);
 	}
 
diff --git a/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java b/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java
index 384545711..9d26448eb 100644
--- a/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java
+++ b/src/main/java/org/esupportail/esupsignature/web/ws/SignRequestWsController.java
@@ -237,7 +237,7 @@ public ResponseEntity<Void> getLastFileFromSignRequest(@PathVariable("id") Long
     public ResponseEntity<Void> getLastFileAndReport(@PathVariable("id") Long id,
                                                      @ModelAttribute("xApiKey") @Parameter(hidden = true) String xApiKey, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
         try {
-            signRequestService.getSignedFileAndReportResponse(id, httpServletRequest, httpServletResponse);
+            signRequestService.getSignedFileAndReportResponse(id, httpServletRequest, httpServletResponse, true);
             return ResponseEntity.ok().build();
         } catch (Exception e) {
             logger.error(e.getMessage(), e);
diff --git a/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java b/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java
index 70e4d52ee..9f3aef63c 100644
--- a/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java
+++ b/src/main/java/org/esupportail/esupsignature/web/wssecure/GlobalWsSecureController.java
@@ -146,7 +146,7 @@ public ResponseEntity<Void> getLastFileFromSignRequestPdf(@ModelAttribute("userE
     @GetMapping(value = "/get-last-file-report/{id}")
     public ResponseEntity<Void> getLastFileReport(@ModelAttribute("userEppn") String userEppn, @ModelAttribute("authUserEppn") String authUserEppn, @PathVariable("id") Long id, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
         try {
-            signRequestService.getSignedFileAndReportResponse(id, httpServletRequest, httpServletResponse);
+            signRequestService.getSignedFileAndReportResponse(id, httpServletRequest, httpServletResponse, false);
             return ResponseEntity.ok().build();
         } catch (Exception e) {
             logger.error("get file error", e);
diff --git a/src/main/resources/templates/public/control.html b/src/main/resources/templates/public/control.html
index 6d166be88..17d7bdcdb 100644
--- a/src/main/resources/templates/public/control.html
+++ b/src/main/resources/templates/public/control.html
@@ -7,169 +7,171 @@
 <body>
 <header th:replace="~{fragments/nav-empty :: nav-empty}"></header>
 <main role="main">
-    <div class="col-10 mx-auto" style="margin-top: 60px" th:fragment="control">
-        <div class="alert alert-primary mb-1 text-center">
-            <h5>Vérification de la conformité du document : <span th:text="${token}"></span></h5>
-        </div>
-        <div th:if="${error}" class="alert alert-danger mb-1">
-            <h5>Le document que vous avez fourni n’est pas conforme : </h5>
-            <ul>
-                <li>Soit, vous n’avez pas sélectionné le bon document</li>
-                <li>Soit, le document a été modifié depuis qu’il a été signé</li>
-            </ul>
-        </div>
-        <th:block th:if="${auditTrail != null && (auditTrailChecked != null && auditTrailChecked) || (viewAccess != null && viewAccess) || signRequest != null}">
-            <th:block th:if="${auditTrail != null}">
-                <div class="alert alert-success mb-1 text-center" th:if="${auditTrail.getDocumentCheckSum() != null}">
-                    <h5>Le document est conforme.</h5>
-                </div>
-                <div class="alert alert-success mb-1 text-center" th:if="${simpleReport != null}">
-                    <h5>Le document contient une signature électronique.</h5>
-                </div>
-                <div class="alert alert-info mb-1" th:if="${signRequest != null && viewAccess != null && viewAccess}">
-                    Vous avez accès à cette demande : <a th:href="'/user/signrequests/' + ${signRequest.id}">Voir la demande</a>
-                </div>
-                <div class="row">
-                    <div class="alert alert-light border-secondary mx-auto mb-1" th:if="${auditTrail.getDocumentCheckSum() != null}">
-                        <h4>Informations générales sur le document</h4>
-                        <dl class="row border-bottom m-0">
-                            <dt class="col-3">Nom de document : </dt>
-                            <dd class="col-9" th:text="${auditTrail.documentName}"></dd>
-                        </dl>
-                        <dl class="row border-bottom m-0">
-                            <dt class="col-3">Type de document : </dt>
-                            <dd class="col-9" th:text="${auditTrail.documentType}"></dd>
-                        </dl>
-                        <dl class="row border-bottom m-0">
-                            <dt class="col-3">Taille : </dt>
-                            <dd class="col-9" th:text="${size} + ' (' + ${auditTrail.documentSize} + ')'"></dd>
-                        </dl>
+    <div class="content content-full">
+        <div class="col-10 mx-auto" style="" th:fragment="control">
+            <div class="alert alert-primary mb-1 text-center">
+                <h5>Vérification de la conformité du document : <span th:text="${token}"></span></h5>
+            </div>
+            <div th:if="${error}" class="alert alert-danger mb-1">
+                <h5>Le document que vous avez fourni n’est pas conforme : </h5>
+                <ul>
+                    <li>Soit, vous n’avez pas sélectionné le bon document</li>
+                    <li>Soit, le document a été modifié depuis qu’il a été signé</li>
+                </ul>
+            </div>
+            <th:block th:if="${auditTrail != null && (auditTrailChecked != null && auditTrailChecked) || (viewAccess != null && viewAccess) || signRequest != null}">
+                <th:block th:if="${auditTrail != null}">
+                    <div class="alert alert-success mb-1 text-center" th:if="${auditTrail.getDocumentCheckSum() != null}">
+                        <h5>Le document est conforme.</h5>
                     </div>
-                    <div class="alert alert-light border-secondary mx-auto mb-1" style="page-break-after: always;">
-                        <h4>Signatures</h4>
-                        <table class="table table-sm table-hover">
-                            <thead class="table-secondary">
-                            <tr>
-                                <th></th>
-                                <th>Date</th>
-                                <th>Nom</th>
-                                <th>Email</th>
-                                <th>Document lu</th>
-                            </tr>
-                            </thead>
-                            <tbody>
-                            <th:block th:each="auditStep, iterator : ${auditTrail.auditSteps}">
-                                <tr data-bs-toggle="collapse" th:data-bs-target="'#collapse-' + ${iterator.index}" style="cursor: pointer;" title="Cliquez ici pour afficher le detail">
-                                    <td><i class="fa-solid fa-signature"></i></td>
-                                    <td class="text-left"><span
-                                            th:text="${#dates.format(auditStep.timeStampDate, 'dd/MM/yyyy HH:mm:ss')}"></span></td>
-                                    <td class="text-left"><span th:text="${auditStep.firstname} + ' ' + ${auditStep.name}"></span></td>
-                                    <td class="text-left"><span th:text="${auditStep.email}"></span></td>
-                                    <td class="text-left" th:text="${auditStep.getAllScrolled()} ? 'lu' : 'non lu'"></td>
-                                </tr>
-                                <tr class="collapse" th:id="'collapse-' + ${iterator.index}">
-                                    <td colspan="6">
-                                        <dl class="row border-bottom m-0">
-                                            <dt class="col-lg-5">Login : </dt>
-                                            <dd th:text="${auditStep.authenticationDetails}"></dd>
-                                        </dl>
-                                        <dl class="row border-bottom m-0">
-                                            <dt class="col-lg-5">Authentification : </dt>
-                                            <dd th:text="${auditStep.authenticationDetails}"></dd>
-                                        </dl>
-                                        <dl class="row border-bottom m-0">
-                                            <dt class="col-lg-5">Certificat signature : </dt>
-                                            <dd th:text="${auditStep.signCertificat}"></dd>
-                                        </dl>
-                                        <dl class="row border-bottom m-0">
-                                            <dt class="col-lg-5">Certificat timestamp : </dt>
-                                            <dd th:text="${auditStep.timeStampCertificat}"></dd>
-                                        </dl>
-                                    </td>
+                    <div class="alert alert-success mb-1 text-center" th:if="${simpleReport != null}">
+                        <h5>Le document contient une signature électronique.</h5>
+                    </div>
+                    <div class="alert alert-info mb-1" th:if="${signRequest != null && viewAccess != null && viewAccess}">
+                        Vous avez accès à cette demande : <a th:href="'/user/signrequests/' + ${signRequest.id}">Voir la demande</a>
+                    </div>
+                    <div class="row">
+                        <div class="alert alert-light border-secondary mx-auto mb-1" th:if="${auditTrail.getDocumentCheckSum() != null}">
+                            <h4>Informations générales sur le document</h4>
+                            <dl class="row border-bottom m-0">
+                                <dt class="col-3">Nom de document : </dt>
+                                <dd class="col-9" th:text="${auditTrail.documentName}"></dd>
+                            </dl>
+                            <dl class="row border-bottom m-0">
+                                <dt class="col-3">Type de document : </dt>
+                                <dd class="col-9" th:text="${auditTrail.documentType}"></dd>
+                            </dl>
+                            <dl class="row border-bottom m-0">
+                                <dt class="col-3">Taille : </dt>
+                                <dd class="col-9" th:text="${size} + ' (' + ${auditTrail.documentSize} + ')'"></dd>
+                            </dl>
+                        </div>
+                        <div class="alert alert-light border-secondary mx-auto mb-1" style="page-break-after: always;">
+                            <h4>Signatures</h4>
+                            <table class="table table-sm table-hover">
+                                <thead class="table-secondary">
+                                <tr>
+                                    <th></th>
+                                    <th>Date</th>
+                                    <th>Nom</th>
+                                    <th>Email</th>
+                                    <th>Document lu</th>
                                 </tr>
-                            </th:block>
-                            </tbody>
-                        </table>
-                        <div th:if="${simpleReport != null}" th:utext="${simpleReport}" class="mt-2"></div>
+                                </thead>
+                                <tbody>
+                                <th:block th:each="auditStep, iterator : ${auditTrail.auditSteps}">
+                                    <tr data-bs-toggle="collapse" th:data-bs-target="'#collapse-' + ${iterator.index}" style="cursor: pointer;" title="Cliquez ici pour afficher le detail">
+                                        <td><i class="fa-solid fa-signature"></i></td>
+                                        <td class="text-left"><span
+                                                th:text="${#dates.format(auditStep.timeStampDate, 'dd/MM/yyyy HH:mm:ss')}"></span></td>
+                                        <td class="text-left"><span th:text="${auditStep.firstname} + ' ' + ${auditStep.name}"></span></td>
+                                        <td class="text-left"><span th:text="${auditStep.email}"></span></td>
+                                        <td class="text-left" th:text="${auditStep.getAllScrolled()} ? 'lu' : 'non lu'"></td>
+                                    </tr>
+                                    <tr class="collapse" th:id="'collapse-' + ${iterator.index}">
+                                        <td colspan="6">
+                                            <dl class="row border-bottom m-0">
+                                                <dt class="col-lg-5">Login : </dt>
+                                                <dd th:text="${auditStep.authenticationDetails}"></dd>
+                                            </dl>
+                                            <dl class="row border-bottom m-0">
+                                                <dt class="col-lg-5">Authentification : </dt>
+                                                <dd th:text="${auditStep.authenticationDetails}"></dd>
+                                            </dl>
+                                            <dl class="row border-bottom m-0">
+                                                <dt class="col-lg-5">Certificat signature : </dt>
+                                                <dd th:text="${auditStep.signCertificat}"></dd>
+                                            </dl>
+                                            <dl class="row border-bottom m-0">
+                                                <dt class="col-lg-5">Certificat timestamp : </dt>
+                                                <dd th:text="${auditStep.timeStampCertificat}"></dd>
+                                            </dl>
+                                        </td>
+                                    </tr>
+                                </th:block>
+                                </tbody>
+                            </table>
+                            <div th:if="${simpleReport != null}" th:utext="${simpleReport}" class="mt-2"></div>
+                        </div>
                     </div>
+                    <div class="alert alert-success mb-1 text-center" th:if="${signRequest == null}">
+                        <h5>Le document a bien été signé sur cette plateforme</h5>
+                    </div>
+                </th:block>
+                <th:block th:if="${auditTrail == null}">
+                    <div class="alert alert-warning mb-1">
+                        <h5>Le document est en cours de signature</h5>
+                    </div>
+                </th:block>
+                <div class="alert alert-light border-secondary mx-auto" style="page-break-after: auto;">
+                    <h4>Journal des actions</h4>
+                    <table class="table table-sm table-hover">
+                        <thead class="table-secondary">
+                        <tr>
+                            <th>Date</th>
+                            <th>Nom</th>
+                            <th>Statut</th>
+                            <th>Action</th>
+                            <th>Commentaire</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <th:block th:each="log : ${logs}">
+                            <tr>
+                                <td class="text-left"><span
+                                        th:text="${#dates.format(log.logDate, 'dd/MM/yyyy HH:mm:ss')}"></span></td>
+                                <td class="text-left"><span th:if="${log.user != null}" th:text="${log.user.firstname} + ' ' + ${log.user.name}"></span></td>
+                                <td class="text-left">
+                                    <span th:text="#{'signbook.status.' + ${log.finalStatus}}"></span>
+                                </td>
+                                <td class="text-left">
+                                    <span th:text="${log.action}"></span>
+                                </td>
+                                <td class="text-left" th:if="${log.action == 'Apposition de la signature'}">
+                                    <span th:text="'Apposition d`un visuel en page ' + ${log.pageNumber} + ' aux coordonnées (' + ${log.posX} + ', ' + ${log.posY} + ')'"></span>
+                                </td>
+                                <td class="text-left" th:unless="${log.action == 'Apposition de la signature'}">
+                                    <span th:text="${log.comment}"></span>
+                                </td>
+                            </tr>
+                        </th:block>
+                        </tbody>
+                    </table>
                 </div>
-                <div class="alert alert-success mb-1 text-center" th:if="${signRequest == null}">
-                    <h5>Le document a bien été signé sur cette plateforme</h5>
-                </div>
+                <th:block th:if="${auditTrail != null && auditTrail.getDocumentCheckSum() == null && usersHasRefused != null && !usersHasRefused.isEmpty()}">
+                    <div class="alert alert-danger mb-1 mt-1">
+                        <h5>Le document a été refusé</h5>
+                        <ul th:each="userHasRefused : ${usersHasRefused}">
+                            <li th:text="${userHasRefused.firstname} + ' ' + ${userHasRefused.name}"></li>
+                        </ul>
+                    </div>
+                </th:block>
             </th:block>
-            <th:block th:if="${auditTrail == null}">
-                <div class="alert alert-warning mb-1">
-                    <h5>Le document est en cours de signature</h5>
+            <th:block th:unless="${auditTrail != null && (auditTrailChecked != null && auditTrailChecked) || (viewAccess != null && viewAccess) || signRequest != null}">
+                <div class="alert alert-success mx-auto mt-1 mb-1" th:if="${auditTrail != null}">
+                    <h4>Le document est bien référencé comme signé sur cette plateforme</h4>
+                    <dl class="row border-bottom m-0">
+                        <dt class="col-3">Nom de document : </dt>
+                        <dd class="col-9" th:text="${auditTrail.documentName}"></dd>
+                    </dl>
+                    <dl class="row border-bottom m-0">
+                        <dt class="col-3">Type de document : </dt>
+                        <dd class="col-9" th:text="${auditTrail.documentType}"></dd>
+                    </dl>
+                    <dl class="row border-bottom m-0">
+                        <dt class="col-3">Taille : </dt>
+                        <dd class="col-9" th:text="${size} + ' (' + ${auditTrail.documentSize} + ')'"></dd>
+                    </dl>
                 </div>
-            </th:block>
-            <div class="alert alert-light border-secondary mx-auto" style="page-break-after: auto;">
-                <h4>Journal des actions</h4>
-                <table class="table table-sm table-hover">
-                    <thead class="table-secondary">
-                    <tr>
-                        <th>Date</th>
-                        <th>Nom</th>
-                        <th>Statut</th>
-                        <th>Action</th>
-                        <th>Commentaire</th>
-                    </tr>
-                    </thead>
-                    <tbody>
-                    <th:block th:each="log : ${logs}">
-                        <tr>
-                            <td class="text-left"><span
-                                    th:text="${#dates.format(log.logDate, 'dd/MM/yyyy HH:mm:ss')}"></span></td>
-                            <td class="text-left"><span th:if="${log.user != null}" th:text="${log.user.firstname} + ' ' + ${log.user.name}"></span></td>
-                            <td class="text-left">
-                                <span th:text="#{'signbook.status.' + ${log.finalStatus}}"></span>
-                            </td>
-                            <td class="text-left">
-                                <span th:text="${log.action}"></span>
-                            </td>
-                            <td class="text-left" th:if="${log.action == 'Apposition de la signature'}">
-                                <span th:text="'Apposition d`un visuel en page ' + ${log.pageNumber} + ' aux coordonnées (' + ${log.posX} + ', ' + ${log.posY} + ')'"></span>
-                            </td>
-                            <td class="text-left" th:unless="${log.action == 'Apposition de la signature'}">
-                                <span th:text="${log.comment}"></span>
-                            </td>
-                        </tr>
-                    </th:block>
-                    </tbody>
-                </table>
-            </div>
-            <th:block th:if="${auditTrail != null && auditTrail.getDocumentCheckSum() == null && usersHasRefused != null && !usersHasRefused.isEmpty()}">
-                <div class="alert alert-danger mb-1 mt-1">
-                    <h5>Le document a été refusé</h5>
-                    <ul th:each="userHasRefused : ${usersHasRefused}">
-                        <li th:text="${userHasRefused.firstname} + ' ' + ${userHasRefused.name}"></li>
-                    </ul>
+                <div class="alert alert-light border-secondary">
+                    <h5>Vous pouvez déposer ici le document en votre possession pour vérifier sa conformité et accéder aux informations détaillées</h5>
+                    <form th:action="'/public/control/' + ${token} + '?' + ${_csrf.parameterName} + '=' + ${_csrf.token}" method="post" enctype="multipart/form-data">
+                        <input required class="form-control mb-2" data-buttontext="Choisir fichier" id="multipartFile" name="multipartFile" type="file">
+                        <input class="btn btn-success" type="submit">
+                    </form>
                 </div>
             </th:block>
-        </th:block>
-        <th:block th:unless="${auditTrail != null && (auditTrailChecked != null && auditTrailChecked) || (viewAccess != null && viewAccess) || signRequest != null}">
-            <div class="alert alert-success mx-auto mt-1 mb-1" th:if="${auditTrail != null}">
-                <h4>Le document est bien référencé comme signé sur cette plateforme</h4>
-                <dl class="row border-bottom m-0">
-                    <dt class="col-3">Nom de document : </dt>
-                    <dd class="col-9" th:text="${auditTrail.documentName}"></dd>
-                </dl>
-                <dl class="row border-bottom m-0">
-                    <dt class="col-3">Type de document : </dt>
-                    <dd class="col-9" th:text="${auditTrail.documentType}"></dd>
-                </dl>
-                <dl class="row border-bottom m-0">
-                    <dt class="col-3">Taille : </dt>
-                    <dd class="col-9" th:text="${size} + ' (' + ${auditTrail.documentSize} + ')'"></dd>
-                </dl>
-            </div>
-            <div class="alert alert-light border-secondary">
-                <h5>Vous pouvez déposer ici le document en votre possession pour vérifier sa conformité et accéder aux informations détaillées</h5>
-                <form th:action="'/public/control/' + ${token} + '?' + ${_csrf.parameterName} + '=' + ${_csrf.token}" method="post" enctype="multipart/form-data">
-                    <input required class="form-control mb-2" data-buttontext="Choisir fichier" id="multipartFile" name="multipartFile" type="file">
-                    <input class="btn btn-success" type="submit">
-                </form>
-            </div>
-        </th:block>
+        </div>
     </div>
 </main>
 <footer th:replace="~{fragments/footer-light :: footer}"></footer>
diff --git a/src/main/resources/templates/user/signrequests/includes/details.html b/src/main/resources/templates/user/signrequests/includes/details.html
index 9653bfc18..62441b5fe 100644
--- a/src/main/resources/templates/user/signrequests/includes/details.html
+++ b/src/main/resources/templates/user/signrequests/includes/details.html
@@ -2,14 +2,14 @@
 <html lang="fr" xmlns:th="http://www.thymeleaf.org">
 <div th:fragment="details">
     <div class="col-12 text-center">
-        <a class="btn btn-floating bg-primary waves-effect m-1" th:href="'/ws-secure/global/get-last-file-report/' + ${signRequest.id}" target="_blank" title="Télécharger le dossier ">
-            <i class="fa-solid fa-file-contract fa-xl"></i>
+        <a th:if="${signRequest.status != T(org.esupportail.esupsignature.entity.enums.SignRequestStatus).pending}" class="btn btn-primary m-1" th:href="'/ws-secure/global/get-last-file-report/' + ${signRequest.id}" target="_blank" title="Télécharger le dossier">
+            <i class="fa-solid fa-file-contract"></i> Télécharger le dossier
         </a>
-        <a title="Export SEDA" class="btn btn-floating bg-primary waves-effect m-1" th:href="'/ws-secure/global/get-seda/' + ${signRequest.id}">
-            <i class="fa-solid fa-archive fa-xl"></i>
+        <a th:if="${signRequest.status != T(org.esupportail.esupsignature.entity.enums.SignRequestStatus).pending}" title="Export SEDA" class="btn btn-primary m-1" th:href="'/ws-secure/global/get-seda/' + ${signRequest.id}">
+            <i class="fa-solid fa-archive"></i> Export SEDA
         </a>
-        <a th:if="${signRequest.status != T(org.esupportail.esupsignature.entity.enums.SignRequestStatus).exported}" class="btn btn-floating bg-primary waves-effect m-1" th:href="'/user/validation/document/' + ${id}" title="Contrôler le document">
-            <i class="fa-solid fa-shield-alt fa-xl"></i>
+        <a th:if="${signRequest.status != T(org.esupportail.esupsignature.entity.enums.SignRequestStatus).exported}" class="btn btn-primary waves-effect m-1" th:href="'/user/validation/document/' + ${id}" title="Contrôler le document">
+            <i class="fa-solid fa-shield-alt"></i> Contrôler le document
         </a>
     </div>
     <div th:insert="~{public/control :: control}"></div>

From 136b792c822193079b99157533528cc17dceae6d Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Fri, 30 Aug 2024 12:44:37 +0200
Subject: [PATCH 8/9] to remove : break in audit trail for e-stage

---
 .../esupportail/esupsignature/service/SignRequestService.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
index b13867cde..31c9caf62 100644
--- a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
@@ -274,6 +274,7 @@ public StepStatus sign(SignRequest signRequest, String password, String signWith
 						lastSignLogs.add(updateStatus(signRequest.getId(), signRequest.getStatus(), "Apposition de la signature", null, "SUCCESS", signRequestParams.getSignPageNumber(), signRequestParams.getxPos(), signRequestParams.getyPos(), signRequest.getParentSignBook().getLiveWorkflow().getCurrentStepNumber(), userEppn, authUserEppn));
 						auditTrailService.addAuditStep(signRequest.getToken(), userEppn, "Signature simple", "Pas de timestamp", date, isViewed, signRequestParams.getSignPageNumber(), signRequestParams.getxPos(), signRequestParams.getyPos());
 					}
+					break;
 				}
 			} else {
 				auditTrailService.addAuditStep(signRequest.getToken(), userEppn, "Visa", "Pas de timestamp", date, isViewed, null, null, null);

From 7262f4dd2d9f0439d32b39386ecdd2a89c709ab8 Mon Sep 17 00:00:00 2001
From: David Lemaignent <david.lemaignent@univ-rouen.fr>
Date: Mon, 2 Sep 2024 12:14:59 +0200
Subject: [PATCH 9/9] fix simple/multiple signature for step parameter

---
 .../service/LiveWorkflowStepService.java      |  2 +-
 .../service/SignRequestService.java           | 10 ++++----
 .../modules/ui/signrequests/SignPosition.js   | 23 +++++++++++++++----
 .../js/modules/ui/signrequests/SignUi.js      |  2 +-
 .../modules/ui/signrequests/WorkspacePdf.js   | 16 ++++++-------
 5 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/src/main/java/org/esupportail/esupsignature/service/LiveWorkflowStepService.java b/src/main/java/org/esupportail/esupsignature/service/LiveWorkflowStepService.java
index 05af04e74..23347c110 100644
--- a/src/main/java/org/esupportail/esupsignature/service/LiveWorkflowStepService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/LiveWorkflowStepService.java
@@ -42,7 +42,7 @@ public LiveWorkflowStep createLiveWorkflowStep(SignBook signBook, WorkflowStep w
         LiveWorkflowStep liveWorkflowStep = new LiveWorkflowStep();
         liveWorkflowStep.setWorkflowStep(workflowStep);
         liveWorkflowStep.setRepeatable(Objects.requireNonNullElse(step.getRepeatable(), false));
-        liveWorkflowStep.setMultiSign(Objects.requireNonNullElse(step.getMultiSign(), false));
+        liveWorkflowStep.setMultiSign(Objects.requireNonNullElse(step.getMultiSign(), true));
         liveWorkflowStep.setAutoSign(Objects.requireNonNullElse(step.getAutoSign(), false));
         liveWorkflowStep.setAllSignToComplete(Objects.requireNonNullElse(step.getAllSignToComplete(), false));
         if(step.getSignType() == null) {
diff --git a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
index 31c9caf62..f847c42fd 100644
--- a/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/SignRequestService.java
@@ -264,17 +264,19 @@ public StepStatus sign(SignRequest signRequest, String password, String signWith
 			if(signRequestParamses.isEmpty() && visual) {
 				throw new EsupSignatureRuntimeException("Il manque une signature !");
 			}
+			int nbSign = 0;
 			if (toSignDocuments.size() == 1 && toSignDocuments.get(0).getContentType().equals("application/pdf") && visual) {
 				for(SignRequestParams signRequestParams : signRequestParamses) {
-					signedInputStream = pdfService.stampImage(signedInputStream, signRequest, signRequestParams, 1, signerUser, date, userService.getRoles(userEppn).contains("ROLE_OTP"), false);
-					if(signRequestParams.getSignImageNumber() < 0) {
+					if(signRequestParams.getSignImageNumber() < 0 && signRequest.getParentSignBook().getLiveWorkflow().getCurrentStep().getMultiSign()) {
+						signedInputStream = pdfService.stampImage(signedInputStream, signRequest, signRequestParams, 1, signerUser, date, userService.getRoles(userEppn).contains("ROLE_OTP"), false);
 						lastSignLogs.add(updateStatus(signRequest.getId(), signRequest.getStatus(), "Ajout d'un élément", null, "SUCCESS", signRequestParams.getSignPageNumber(), signRequestParams.getxPos(), signRequestParams.getyPos(), signRequest.getParentSignBook().getLiveWorkflow().getCurrentStepNumber(), userEppn, authUserEppn));
 						auditTrailService.addAuditStep(signRequest.getToken(), userEppn, "Ajout d'un élément", "Pas de timestamp", date, isViewed, signRequestParams.getSignPageNumber(), signRequestParams.getxPos(), signRequestParams.getyPos());
-					} else {
+					} else if(signRequestParams.getSignImageNumber() >= 0 && (signRequest.getParentSignBook().getLiveWorkflow().getCurrentStep().getMultiSign() || nbSign == 0)) {
+						signedInputStream = pdfService.stampImage(signedInputStream, signRequest, signRequestParams, 1, signerUser, date, userService.getRoles(userEppn).contains("ROLE_OTP"), false);
 						lastSignLogs.add(updateStatus(signRequest.getId(), signRequest.getStatus(), "Apposition de la signature", null, "SUCCESS", signRequestParams.getSignPageNumber(), signRequestParams.getxPos(), signRequestParams.getyPos(), signRequest.getParentSignBook().getLiveWorkflow().getCurrentStepNumber(), userEppn, authUserEppn));
 						auditTrailService.addAuditStep(signRequest.getToken(), userEppn, "Signature simple", "Pas de timestamp", date, isViewed, signRequestParams.getSignPageNumber(), signRequestParams.getxPos(), signRequestParams.getyPos());
+						nbSign++;
 					}
-					break;
 				}
 			} else {
 				auditTrailService.addAuditStep(signRequest.getToken(), userEppn, "Visa", "Pas de timestamp", date, isViewed, null, null, null);
diff --git a/src/main/resources/static/js/modules/ui/signrequests/SignPosition.js b/src/main/resources/static/js/modules/ui/signrequests/SignPosition.js
index f1fda25b9..7e094dd5f 100644
--- a/src/main/resources/static/js/modules/ui/signrequests/SignPosition.js
+++ b/src/main/resources/static/js/modules/ui/signrequests/SignPosition.js
@@ -3,13 +3,14 @@ import {EventFactory} from "../../utils/EventFactory.js?version=@version@";
 
 export class SignPosition extends EventFactory {
 
-    constructor(signType, currentSignRequestParamses, signImageNumber, signImages, userName, authUserName, signable, forceResetSignPos, isOtp, phone, csrf) {
+    constructor(signType, currentSignRequestParamses, currentStepMultiSign, signImageNumber, signImages, userName, authUserName, signable, forceResetSignPos, isOtp, phone, csrf) {
         super();
         console.info("Starting sign positioning tools");
         this.userName = userName;
         this.authUserName = authUserName;
         this.pdf = $("#pdf");
         this.signImages = signImages;
+        this.currentStepMultiSign = currentStepMultiSign;
         this.isOtp = isOtp;
         this.phone = phone;
         this.csrf = csrf;
@@ -110,6 +111,10 @@ export class SignPosition extends EventFactory {
                 id = 999999;
                 this.signRequestParamses.set(id, new SignRequestParams(null, id, this.currentScale, page, this.userName, this.authUserName, false, false, false, false, false, false, false, signImageNumber, this.scrollTop, this.csrf, this.signType));
             } else if(signImageNumber >= 0) {
+                if(this.currentStepMultiSign === false && this.signRequestParamses.size > 0) {
+                    alert("Impossible d'ajouter plusieurs signatures sur cette étape");
+                    return;
+                }
                 if(JSON.parse(sessionStorage.getItem("favoriteSignRequestParams")) != null) {
                     favoriteSignRequestParams = JSON.parse(sessionStorage.getItem("favoriteSignRequestParams"));
                     if(currentSignRequestParams != null) {
@@ -119,10 +124,18 @@ export class SignPosition extends EventFactory {
                 }
                 this.signRequestParamses.set(id, new SignRequestParams(favoriteSignRequestParams, id, this.currentScale, page, this.userName, this.authUserName, restore, true, this.signType === "visa", this.signType === "certSign" || this.signType === "nexuSign", this.isOtp, this.phone, false, this.signImages, this.scrollTop));
             } else {
+                if(this.currentStepMultiSign === false) {
+                    alert("Impossible d'ajouter des annotations sur cette étape");
+                    return;
+                }
                 this.signRequestParamses.set(id, new SignRequestParams(favoriteSignRequestParams, id, this.currentScale, page, this.userName, this.authUserName, false, false, false, this.signType === "certSign" || this.signType === "nexuSign", this.isOtp, this.phone, false, null, this.scrollTop));
             }
             this.signRequestParamses.get(id).changeSignImage(signImageNumber);
         } else {
+            if(this.currentStepMultiSign === false) {
+                alert("Impossible d'ajouter des annotations sur cette étape");
+                return;
+            }
             this.signRequestParamses.set(id, new SignRequestParams(null, id, this.currentScale, page, this.userName, this.authUserName, restore, signImageNumber != null && signImageNumber >= 0, false, this.signType === "certSign" || this.signType === "nexuSign", this.isOtp, this.phone, false, null, this.scrollTop));
         }
         this.signRequestParamses.get(id).addEventListener("unlock", e => this.lockSigns());
@@ -157,8 +170,10 @@ export class SignPosition extends EventFactory {
 
     addText(page) {
         let signRequestParams = this.addSign(page, false, null);
-        signRequestParams.turnToText();
-        signRequestParams.cross.css("background-image", "");
-        signRequestParams.changeSignSize(null);
+        if(signRequestParams != null) {
+            signRequestParams.turnToText();
+            signRequestParams.cross.css("background-image", "");
+            signRequestParams.changeSignSize(null);
+        }
     }
 }
\ No newline at end of file
diff --git a/src/main/resources/static/js/modules/ui/signrequests/SignUi.js b/src/main/resources/static/js/modules/ui/signrequests/SignUi.js
index 05406ccd3..c0584df4d 100644
--- a/src/main/resources/static/js/modules/ui/signrequests/SignUi.js
+++ b/src/main/resources/static/js/modules/ui/signrequests/SignUi.js
@@ -21,7 +21,7 @@ export class SignUi {
         this.formId = formId;
         this.dataId = dataId;
         this.currentSignType = currentSignType;
-        this.workspace = new WorkspacePdf(isPdf, id, dataId, formId, currentSignRequestParamses, signImageNumber, currentSignType, signable, editable, postits, currentStepNumber, currentStepMultiSign, workflow, signImages, userName, authUserName, currentSignType, fields, stepRepeatable, status, this.csrf, action, notSigned, attachmentAlert, attachmentRequire, isOtp, restore, phone);
+        this.workspace = new WorkspacePdf(isPdf, id, dataId, formId, currentSignRequestParamses, signImageNumber, currentSignType, signable, editable, postits, currentStepNumber, currentStepMultiSign, workflow, signImages, userName, authUserName, fields, stepRepeatable, status, this.csrf, action, notSigned, attachmentAlert, attachmentRequire, isOtp, restore, phone);
         this.signRequestUrlParams = "";
         this.signComment = $('#signComment');
         this.signModal = $('#signModal');
diff --git a/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js b/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
index d14769400..3b93b6019 100644
--- a/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
+++ b/src/main/resources/static/js/modules/ui/signrequests/WorkspacePdf.js
@@ -5,7 +5,7 @@ import {UserUi} from '../users/UserUi.js?version=@version@';
 
 export class WorkspacePdf {
 
-    constructor(isPdf, id, dataId, formId, currentSignRequestParamses, signImageNumber, currentSignType, signable, editable, postits, currentStepNumber, currentStepMultiSign, workflow, signImages, userName, authUserName, signType, fields, stepRepeatable, status, csrf, action, notSigned, attachmentAlert, attachmentRequire, isOtp, restore, phone) {
+    constructor(isPdf, id, dataId, formId, currentSignRequestParamses, signImageNumber, currentSignType, signable, editable, postits, currentStepNumber, currentStepMultiSign, workflow, signImages, userName, authUserName, fields, stepRepeatable, status, csrf, action, notSigned, attachmentAlert, attachmentRequire, isOtp, restore, phone) {
         console.info("Starting workspace UI");
         this.ready = false;
         this.formInitialized = false;
@@ -17,14 +17,13 @@ export class WorkspacePdf {
         this.dataId = dataId;
         this.formId = formId;
         this.signImageNumber = signImageNumber;
-        this.currentSignType = currentSignType;
         this.restore = restore;
         this.postits = postits;
         this.notSigned = notSigned;
         this.signable = signable;
         this.editable = editable;
         this.signRequestId = id;
-        this.signType = signType;
+        this.currentSignType = currentSignType;
         this.stepRepeatable = stepRepeatable;
         this.status = status;
         this.csrf = csrf;
@@ -51,8 +50,9 @@ export class WorkspacePdf {
             }
         }
         this.signPosition = new SignPosition(
-            signType,
+            currentSignType,
             currentSignRequestParamses,
+            currentStepMultiSign,
             signImageNumber,
             signImages,
             userName, authUserName, signable, this.forcePageNum, this.isOtp, this.phone, this.csrf);
@@ -71,7 +71,7 @@ export class WorkspacePdf {
         this.workspace = $("#workspace");
         this.secondTools = $("#second-tools");
         this.addSignButton = $("#addSignButton")
-        if (signType === "form" || (formId == null && !workflow) || currentSignRequestParamses.length === 0) {
+        if (currentSignType === "form" || (formId == null && !workflow) || currentSignRequestParamses.length === 0) {
             if(this.wsTabs.length) {
                 this.autocollapse();
                 let self = this;
@@ -209,7 +209,7 @@ export class WorkspacePdf {
                 signSpaceDiv = $("#signSpace_" + i);
                 signSpaceDiv.on("click", e => this.addSign(i));
                 if(currentSignRequestParams.ready == null || !currentSignRequestParams.ready) {
-                    if(this.signType !== "visa") {
+                    if(this.currentSignType !== "visa") {
                         signSpaceDiv.html("Cliquez ici pour insérer votre signature");
                     } else {
                         signSpaceDiv.html("Cliquez ici pour insérer votre visa");
@@ -247,7 +247,7 @@ export class WorkspacePdf {
             this.signImageNumber = localStorage.getItem('signNumber');
         }
         this.signPosition.addSign(targetPageNumber, this.restore, this.signImageNumber, forceSignNumber);
-        if((this.signType === "nexuSign" || this.signType === "certSign") && !this.notSigned) {
+        if((this.currentSignType === "nexuSign" || this.currentSignType === "certSign") && !this.notSigned) {
             $("#addSignButton").attr("disabled", true);
         }
     }
@@ -830,7 +830,7 @@ export class WorkspacePdf {
         $('#signButtons').removeClass('d-none');
         $('#signModeButton').toggleClass('btn-outline-success');
 
-        if(this.signType !== 'hiddenVisa') {
+        if(this.currentSignType !== 'hiddenVisa') {
             let signTools = $('#sign-tools');
             signTools.removeClass("d-none");
             signTools.addClass("d-flex");