Allow un-ToS'd users to view other Legalpad documents

Summary: Fixes T7420. On Phacility, our ToS currently links to some policy documents, but users who haven't signed the ToS can't see them. I've just created a blanket exemption and documented it; I //think// this is reasonable in all cases. Test Plan: As an un-ToS'd user, viewed some other documents. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T7420 Differential Revision: https://secure.phabricator.com/D11923
2024-11-27 01:02:42 +01:00 · 2015-03-02 07:39:16 -08:00 · 2015-03-02 07:39:16 -08:00 · 2387c1e918
commit 2387c1e918
parent c99d84793b
2 changed files with 46 additions and 3 deletions
--- a/src/applications/legalpad/controller/LegalpadDocumentSignController.php
+++ b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
@ -6,6 +6,10 @@ final class LegalpadDocumentSignController extends LegalpadController {
    return true;
  }

+  public function shouldAllowLegallyNonCompliantUsers() {
+    return true;
+  }
+
  public function handleRequest(AphrontRequest $request) {
    $viewer = $request->getUser();

--- a/src/docs/user/userguide/legalpad.diviner
+++ b/src/docs/user/userguide/legalpad.diviner
@ -3,7 +3,8 @@

 Using Legalpad to track agreements and signatures on legal documents.

-= Overview =
+Overview
+========

 Legalpad is a simple application for tracking signatures on legal agreements.
 You can add legal documents, users can sign them, and you can keep track of who
@ -19,7 +20,27 @@ NOTE: Legalpad is a basic application, and missing many of the features of more
 general document signing software. It may be useful to help you do things
 beyond track CLAs, but you should evaluate its capabilities carefully.

-Requiring a CLA
+Documents
+=========
+
+The primary object in legalpad is the //Legalpad Document//, which represents
+a written agreement, contract, policy, or other similar document.
+
+Most fields of a document are relatively straightforward, but some are unique
+to the application:
+
+**Who Should Sign?** This field controls what kind of signatures the document
+accepts. You can choose either **Individuals** (users will be prompted to sign
+with their name), **Corporations** (users will be prompted to enter information
+identifying the corporation they are signing on behalf of) or **No One** (for
+policy documents or other documents which do not require a signature).
+
+**Require Signature** This field allows you to create a document which all of
+your users must sign before they can use Phabricator, like a terms of service
+document. See "Use Case: Terms of Service" below for details. These documents
+must be signable by individuals.
+
+Use Case: Requiring a CLA
 ===============

 Open source projects often require contributors to sign a license agreement
@ -47,7 +68,25 @@ projects, you can also choose a more narrow Herald condition than "Always" (for
 example, require a signature only if the revision is against certain
 repositories).

-Document-Based Policies
+Use Case: Terms of Service
+=================================
+
+If you have a "Terms of Service" document that you'd like users to agree to
+before they're allowed to use your install, you can add it to Legalpad and then
+check the **Require Signature** box for the document.
+
+After logging in, users will need to agree to the document before they can
+do other things with their account (you'll need to agree to it, too, as soon
+as you save your changes, so that will give you a sense of the workflow).
+
+Note that although users who have not signed all of the required documents can
+not use most Phabricator functions, they can browse other Legalpad documents
+that they have permission to see. This allows a terms document to be
+supplemented with additional policy or guideline documents that users are free
+to review before agreeing to the terms.
+
+
+Use Case: Document-Based Policies
 =======================

 If you have a document like an NDA, you can write a policy rule which prevents