From bc0495dea9a99d10917fcc83f0d963200ce2be27 Mon Sep 17 00:00:00 2001 From: Chandler Copeland Date: Fri, 3 Apr 2026 18:14:46 -0600 Subject: [PATCH] =?UTF-8?q?fix(signing):=20filter=20fields=20by=20signer?= =?UTF-8?q?=20on=20sign=20page=20=E2=80=94=20was=20passing=20all=20fields?= =?UTF-8?q?=20unfiltered?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/app/sign/[token]/page.tsx | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/teressa-copeland-homes/src/app/sign/[token]/page.tsx b/teressa-copeland-homes/src/app/sign/[token]/page.tsx index 1cf0ef5..ed4c71c 100644 --- a/teressa-copeland-homes/src/app/sign/[token]/page.tsx +++ b/teressa-copeland-homes/src/app/sign/[token]/page.tsx @@ -1,7 +1,7 @@ import { verifySigningToken } from '@/lib/signing/token'; import { logAuditEvent } from '@/lib/signing/audit'; import { db } from '@/lib/db'; -import { signingTokens, documents } from '@/lib/db/schema'; +import { signingTokens, documents, isClientVisibleField } from '@/lib/db/schema'; import { eq } from 'drizzle-orm'; import { headers } from 'next/headers'; import { SigningPageClientWrapper } from './_components/SigningPageClientWrapper'; @@ -57,11 +57,21 @@ export default async function SignPage({ params }: Props) { db.update(documents).set({ status: 'Viewed' }).where(eq(documents.id, payload.documentId)), ]); + // Filter fields to this signer's fields only (same logic as GET /api/sign/[token]) + const allFields = doc.signatureFields ?? []; + const visibleFields = allFields.filter((field) => { + if (!isClientVisibleField(field)) return false; + if (tokenRow.signerEmail !== null) { + return field.signerEmail === tokenRow.signerEmail; + } + return true; // legacy null-signer token: show all client-visible fields + }); + return ( ); }