I’m trying to create a macro which allows users to insert their signature in Confluence Cloud pages. The user has just to write /sign and their signature would stand there forever.
I’ve managed to create a dynamic content macro, which shows a given signature depending on the current user. However, that is wrong: if user A inserts their signature, user B will see their own signature (instead of user A’s signature).
I’m using nodejs and in sign.hbs I’m doing the following:
{{!< layout}}
<div id="signingHolder">
</div>
<script>
$(function(){
AP.user.getCurrentUser(function(user){
switch(user.atlassianAccountId){
case '1234':
imgURL = "https://....";
name = 'User A';
break;
default:
imgURL = '"';
name = "";
}
if(imgURL != "" && name != ""){
HTML = '<img src="' + imgURL + '" height="60"/>' + "<p>(" + name + ")"
$("#signingHolder").append(HTML)
}
})
})
</script>
If you want to display the signature of the user that initially inserted the macro you’ll need to store their accountId somewhere. A good place for this could be a macro parameter.
For this you’ll need to make the parameter required so that the macro editor opens when your macro is inserted. And you’ll want to provide your own macro editor that automatically sets the value, otherwise the user will just see a text field in which they have to enter their own accountId.
In your macro editor you’ll need to account for other users that can edit your macro as well, even though the accountId is already set. You need to decide whether you want to allow them to change the value, or if you want to display some kind of error message.
Also: I don’t know what your use case is, but keep in mind though that this isn’t secure. Every user could copy & paste the sign macro that someone else inserted - or just edit the macro parameter value by changing the storage format of the page.
I’ll explore the hints you gave me - many thanks for your help.
Regarding the security issue you referred: do you have any suggestion on how to make this secure? I’m implementing a Quality Management System, and I would like to have a table where people would put their signature indicating that user A made/updated the document, user B reviewed it, and user C approved it. Every version of the document would have a different table row.
Unless you want to use some cryptographic signature mechanism it would probably be easiest to just store this information in your app’s backend. E.g.:
User 1 signed Page A
User 2 signed Page B
...
As long as you make sure only authenticated users can add information about themselves this should be secure. I guess in that case you also should think about going away from using a macro for this and providing a “sign” button for your users via something like a Content Byline Item.
