Add support for uniqueFromSignaturesInDataTypes
element for signature tasks
#12814
Labels
area/process
Area: Related to app process (e.g. signing, receipt, fill inn, payment, etc).
status/ready-for-specification
Status: Used for issues that are ready for functional decription og detailed design.
Description
In the config panel in process editor for signing tasks we need the possibility to specify if the signature's author has to be unique. That means that even though using different signature objects, there are cases where the signing actions in different tasks can have the same access rules connected to them, which means that the same person can sign all. This bpmn element (
<altinn:uniqueFromSignaturesInDataTypes>
) can be added to signing tasks that are added after the first signing task, in order to ensure that the same person cannot sign both tasks even though he/she has the correct access rights to do so.The config in the bpmn file for the upcoming signing tasks will look like this:
NB: Having the option to make a signature for a task unique in should only be visible/enabled in signingtasks added after the first signing task. I.e. not the first signing task.
See docs for more information
Considerations/Questions
Should we do some check in the policy file wether the sign actions across signing tasks have the same roles connected to them and only show the option to make sure the signatures are made from different persons if so?
How to make sure we are in sync? I.e. if the app-developer changes the roles across the signing actions and making the
uniqueFromSignaturesInDataTypes
element in bpmn file unnecessary?What if deleting the signing task that another signing task is referring to?
What if there are more than two signing tasks where all have the same access rights; should the app-dev be able to select which of the other signing-tasks that the current signature should be unique from?
How can we ensure what signing task is the first in the process and keep this in sync during editing?
Updates after clarification with Apps
When a process with signatur tasks with this element is running in the apps, the apps code will only check if the current instance owner has written to the referred data type in the signing task -> if so, he/she cannot perform the signature, if not, he/she can sign. Meaning that referring to a signing task that is further behind in the process, will not have any effect. Studio should
Design-wise:
Design
Probably enough with a switch and some information about what this action will mean for a running app. But need to check with team Apps if there should be possible to select what signing task to refer to (which will connect the name of signature object to that task to the current task behind the scene).
Also need to consider when this config should be visible and how validation messages should act/be. Also need to check with team Apps how strict the config is.
The text was updated successfully, but these errors were encountered: