- fl.signature.request: token-protected request linking an fl.document to a
signer (res.partner). State machine: draft → prepared → sent → signed |
declined | expired. Per-report _SIGNATURE_COORDS map plus DOC_TYPE_TO_REPORT
for resolving the QWeb report template and the signature block rectangle
- action_prepare renders the QWeb PDF and stores it; action_send_to_signer
emails a one-time link /familylaw/sign/<token> (256-bit token, 14-day expiry,
hourly cron sweeps stale links)
- apply_signature decodes the canvas-pad PNG, embeds it at the page-relative
rectangle via PyMuPDF, attaches the signed PDF to the fl.document, marks
the document signed, and audits the signer IP + timestamp
- Public portal controller (/familylaw/sign/<token>): GET shows the unsigned
PDF in an iframe + inline HTML5 canvas pad (no external JS, mouse + touch);
POST submits the PNG; separate decline endpoint. Token+state checks gate
every transition
- action_validate_pdfa on the signed request reuses the e-filing pikepdf
check (markers + OutputIntents) so e-filing-bound docs can be re-validated
- Wiring: models/__init__, controllers/__init__, manifest entry, ACL for the
request, Signature Requests menu under Cases, signature_request_ids on
fl.case with a Filings-tab list, "Request Signature" header button, and a
cron for expiry
- Note: Odoo Sign / DocuSign / HelloSign deliberately NOT used per CLAUDE.md
spec (HIPAA + FL court e-signature compliance)
- Verified: throwaway-DB install passes cleanly
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tocmo0nlord
49358183e7