Allow removal of original PDF once all parties signed

[Extarys]

Is your feature request related to a problem? Please describe.
Context:
I create a Code of conduct that 10 people need to sign, separately/independently.

Steps:

1. Convert a random odt file to PDF (10 times)
2. Send a signature request to each person (10 times)
3. Await signatures (10 times... - sorry, I had to 😂 )
4. See 10 original files and 10 signed files. 😮‍💨
5. Make a confused and overwhelmed face 😕 and delete the original files because you are already lost in your tidy folder system with thousands of files, and you don't know where to put them
6. Realize you shouldn't have deleted the 10 original files 😱
7. Create a GitHub issue 🏆

Describe the solution you'd like
Once signed, the user should have the possibility to remove the original document if not needed.

Describe alternatives you've considered

Additional context
#4160 (comment)

This is a good feature. Now the original document is associated to the signed document by a database relation and we have logic flows that is associated to this and I think that the main is that now, when delete the original document we delete the signed document. Other very important flow that I think that will be the most hard to change is because the UUID to validate the document is an attribute of original file and not of signed file and have a lot of side effects to change this. Will be necessary change these flows.

We also need to think what's the best moment to allow to delete the original document. Now, the document .signed is created when the first signer sign the document. Thinking at scenario that we have 3 signers, always that a signer see the document to sign, is displayed the original document and not the document with the signature of previous signers. To remove the association from original document and signed document, will be necessary change this and show, by example, to 2th signer the version with the signature of 1th signer and the 3th signer will see the document already signed by the 1th and 2th signer. This is a good point of improvement, but we need to think if have security impacts.

Could you create a new issue specific to this? I think that this could be described at a new issue.

[vitormattos]

Convert a random odt file to PDF (10 times)

This is not a LibreSign responsibility (convert ODT and DOCX to PDF), but we could think of a dedicated issue to this to add LibreSign to the actions menu when right-clicking an ODT or DOCX file in the Files app, similar to the menu that appears when we right-click a PDF file. The button could be something like "request signature" or "convert to PDF and request signature" (this text is too long)

[vitormattos]

See 10 original files and 10 signed files.

Have two scenarios here:

1. When the 10 signers stay at the same envelope (I don't know what's the best word to identify this) and will generate only a signed document by 10 signers.
2. When the 10 signers need to make individual signatures into separated copies of the same document. This will generate 10 signed files and each signed file will be signed only by a signer of each 10 signers.

The scenario 2 don't exists for now, to do this directly by LibreSign. Only is possible if you do this handmade. The scenario 2 only will exists when the follow issue is implemented:

• Allow a new set of signatures on the same original document #4161

[vitormattos]

I remembered an important point about why is necessary the original document.

If we have 3 signers (example), I think (I don't know if my thinking is right, but make sense to me) that isn't good to display the footer with the qrcode to all signers before finish to sign the document, and, because this, now, the original document is necessary until all signers sign the document. Now, the .signed.pdf file is created when the first signer sign the document and each signer when sign the document will see the original document but will sign the .signed.pdf file.

Going into a more deep explain:

When the first signer start the flow to sign, will see the original document. When send the sign action, the server will verify if already have a signed version of this document (the .signed.pdf file) because the FileID (the id of a file inside Nextcloud database, also commonly called as NodeId) of signed document is stored by LibreSign. If we haven't a signed file, have a step to add the stamp with the footer qrcode and other texts), this step isn't made cryptographically, only is added a stamp over original document with the footer using now the pdftk, after the footer step, the document is signed, if is visible signature, will be added on each place that need to be added, if isn't a visual signature, only will be made the signature step following PAdES requirements that is made by JSignPDF generating the .signed.pdf file.

When the 2th signer start the sign flow, also will see the original document and will be made the same previous flow but more simplified because now we don't need to add the footer, now only the .signed.pdf will be signed.

The point is:

• What will be the file that a signer will see when start the sign flow? Will be the previous signed document (maybe only the document with the footer if is the 1th signer) or every will be the original document?

Now, only will be possible delete the original document after a document is fully signed, otherwise we will need to display the previous .signed.pdf file.

I think that because this we will need to implement exactly as you described at the title "once all parties signed".

[vitormattos]

But... adding more pepper at our sauce....

Now, LibreSign have a Listener that listen all file deletion. This listener have the follow logic:

• When is a signed file (resuming, the .signed.pdf file)
  • Delete the signature request and all related data
• When is the original file
  • Delete the signature request and all related data
  • Delete the original file
  • Delete the signed file ( I need to confirm if really is this )

I think that if we allow to only delete the original file, will be necessary to think what we will do to don't delete the signature request and what will be the document that we will display when a signer start the flow to sign.

[Extarys]

Allow deletion of the original file only when all parties have signed.
If signatures are still pending, don't allow deletion and ask user to delete sign requests before deleting.

I think this would solve the issue, but I might be wrong.

[vitormattos]

We can restrict the deletion but no much.

Could have cases that the file original file is deleted and at this case we will need to think what we will do. Have 3 possible ways:

1. Display the previous signed document, with footer to the next signer
2. Delete the sign request and maintain the .signed.pdf file
3. Delete the sign request and delete the .signed.pdf file

The main problem is because for now, I didn't found any way to add the footer only when the last signer finish the signature process and I need to add before of all. This is why we need to have the original document until that the last signer finish the process.

I think that the 1th option is the best.

[Extarys]

The main problem is because for now, I didn't found any way to add the footer only when the last signer finish the signature process and I need to add before of all. This is why we need to have the original document until that the last signer finish the process.

I would wait for everyone to sign before allowing a file to be deleted, but if this is not possible, option 1 with a warning saying the previous signature will be visible to the next signers would be a good balance between usability and safety.

[vitormattos]

Related PR:

• feat: validate from uploaded file #4239