From 3213897667a7e27267ee3d5f0420dd149b1e1dce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= <lgryglicki@cncf.io>
Date: Thu, 5 Dec 2024 06:31:09 +0000
Subject: [PATCH] Python APIs update to also set embargo_acked flag on existing
 signatures when updating them
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Łukasz Gryglicki <lgryglicki@cncf.io>
---
 cla-backend/cla/controllers/signature.py  |  4 ++--
 cla-backend/cla/models/docusign_models.py | 15 ++++++++++++++-
 cla-backend/cla/models/dynamo_models.py   |  4 ++--
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/cla-backend/cla/controllers/signature.py b/cla-backend/cla/controllers/signature.py
index 920af127e..b1178d5c2 100644
--- a/cla-backend/cla/controllers/signature.py
+++ b/cla-backend/cla/controllers/signature.py
@@ -55,7 +55,7 @@ def create_signature(signature_project_id,  # pylint: disable=too-many-arguments
                      signature_type='cla',
                      signature_approved=False,
                      signature_signed=False,
-                     signature_embargo_acked=False,
+                     signature_embargo_acked=True,
                      signature_return_url=None,
                      signature_sign_url=None,
                      signature_user_ccla_company_id=None,
@@ -155,7 +155,7 @@ def update_signature(signature_id,  # pylint: disable=too-many-arguments,too-man
                      signature_type=None,
                      signature_approved=None,
                      signature_signed=None,
-                     signature_embargo_acked=None,
+                     signature_embargo_acked=True,
                      signature_return_url=None,
                      signature_sign_url=None,
                      domain_whitelist=None,
diff --git a/cla-backend/cla/models/docusign_models.py b/cla-backend/cla/models/docusign_models.py
index b54126da8..37982bbd1 100644
--- a/cla-backend/cla/models/docusign_models.py
+++ b/cla-backend/cla/models/docusign_models.py
@@ -197,6 +197,9 @@ def request_individual_signature(self, project_id, user_id, return_url=None, ret
             cla.log.debug('Individual Signature - user already has a signatures with this project: {}'.
                           format(latest_signature.get_signature_id()))
 
+            # Set embargo acknowledged flag also for the existing signature
+            latest_signature.set_signature_embargo_acked(True)
+
             # Re-generate and set the signing url - this will update the signature record
             self.populate_sign_url(latest_signature, callback_url, default_values=default_cla_values,
                                    preferred_email=preferred_email)
@@ -313,6 +316,9 @@ def request_individual_signature_gerrit(self, project_id, user_id, return_url=No
                 last_document.get_document_major_version() == latest_signature.get_signature_document_major_version():
             cla.log.info('User already has a signatures with this project: %s', latest_signature.get_signature_id())
 
+            # Set embargo acknowledged flag also for the existing signature
+            latest_signature.set_signature_embargo_acked(True)
+
             # Re-generate and set the signing url - this will update the signature record
             self.populate_sign_url(latest_signature, callback_url, default_values=default_cla_values)
 
@@ -784,7 +790,7 @@ def _save_employee_signature(self,signature):
             'signature_type': {'S': signature.get_signature_type()},
             'signature_signed': {'BOOL': signature.get_signature_signed()},
             'signature_approved': {'BOOL': signature.get_signature_approved()},
-            'signature_embargo_acked': {'BOOL': signature.get_signature_embargo_acked()},
+            'signature_embargo_acked': {'BOOL': True},
             'signature_acl': {'SS': list(signature.get_signature_acl())},
             'signature_user_ccla_company_id': {'S': signature.get_signature_user_ccla_company_id()},
             'date_modified': {'S': datetime.now().isoformat()},
@@ -990,6 +996,9 @@ def handle_signing_new_corporate_signature(self, signature, project, company, us
         # Set signature ACL
         signature.set_signature_acl(user.get_lf_username())
 
+        # Set embargo acknowledged flag also for the existing signature
+        signature.set_signature_embargo_acked(True)
+
         self.populate_sign_url(signature, callback_url,
                                signatory_name, signatory_email,
                                send_as_email,
@@ -1510,6 +1519,7 @@ def signed_individual_callback(self, content, installation_id, github_repository
             cla.log.info(f'{fn} - ICLA signature signed ({signature_id}) - '
                          'Notifying repository service provider')
             signature.set_signature_signed(True)
+            signature.set_signature_embargo_acked(True)
             populate_signature_from_icla_callback(content, tree, signature)
             # Save signature
             signature.save()
@@ -1604,6 +1614,7 @@ def signed_individual_callback_gerrit(self, content, user_id):
             cla.log.debug(f'{fn} - updating signature in database - setting signed=true...')
             # Save signature before adding user to LDAP Groups.
             signature.set_signature_signed(True)
+            signature.set_signature_embargo_acked(True)
             signature.save()
 
             # Load the Project by ID and send audit event
@@ -1715,6 +1726,7 @@ def signed_individual_callback_gitlab(self, content, user_id, organization_id, g
 
             cla.log.debug(f'{fn} - updating signature in database - setting signed=true...')
             signature.set_signature_signed(True)
+            signature.set_signature_embargo_acked(True)
             populate_signature_from_icla_callback(content, tree, signature)
             signature.save()
 
@@ -1859,6 +1871,7 @@ def signed_corporate_callback(self, content, project_id, company_id):
             # Note: cla-manager role assignment and cla-manager-designee cleanup is handled in the DB trigger handler
             # upon save with the signature signed flag transition to true...
             signature.set_signature_signed(True)
+            signature.set_signature_embargo_acked(True)
             populate_signature_from_ccla_callback(content, tree, signature)
             signature.save()
 
diff --git a/cla-backend/cla/models/dynamo_models.py b/cla-backend/cla/models/dynamo_models.py
index a4d4b8b84..5e6311470 100644
--- a/cla-backend/cla/models/dynamo_models.py
+++ b/cla-backend/cla/models/dynamo_models.py
@@ -2484,7 +2484,7 @@ class Meta:
     signature_project_index = ProjectSignatureIndex()
     signature_reference_index = ReferenceSignatureIndex()
     signature_envelope_id = UnicodeAttribute(null=True)
-    signature_embargo_acked = BooleanAttribute(default=False, null=True)
+    signature_embargo_acked = BooleanAttribute(default=True, null=True)
     # Callback type refers to either Gerrit or GitHub
     signature_return_url_type = UnicodeAttribute(null=True)
     note = UnicodeAttribute(null=True)
@@ -2539,7 +2539,7 @@ def __init__(
             signature_type=None,
             signature_signed=False,
             signature_approved=False,
-            signature_embargo_acked=False,
+            signature_embargo_acked=True,
             signed_on=None,
             signatory_name=None,
             signing_entity_name=None,