minCount on Task in applicationmetadata.json not working

[CelineTranFT]

Description of the bug

The app in the making follows this process:

The user, in this case DAGL+REGNA+UTINN, fills out the form, signs it, and then another user, REVI, signs. This completes the process.
At each confirmation stage, there is choice between rejecting and signing the document.

• If the user presses the sign button, then a signature is added.
• If they press reject, then no signature is added.

In applicationmetadata.json both of the processes are defined with a minimum count of 1 for signature:

{
     "id": "signature1",
      "allowedContentTypes": [
        "application/json"
      ],
      "taskId": "Task_2",
      "maxCount": 1,
      "minCount": 1,
      "enablePdfCreation": false,
      "enableFileScan": false,
      "validationErrorOnPendingFileScan": false,
      "enabledFileAnalysers": [],
      "enabledFileValidators": []
    }
{
     "id": "signature2",
      "allowedContentTypes": [
        "application/json"
      ],
      "taskId": "Task_3",
      "maxCount": 1,
      "minCount": 1,
      "enablePdfCreation": false,
      "enableFileScan": false,
      "validationErrorOnPendingFileScan": false,
      "enabledFileAnalysers": [],
      "enabledFileValidators": []
    }

However, it is still possible to complete the process without all the signatures.

The logic for the first signature is seemingly good.

• If DAGL first signs the form, it ends up in the inbox of REVI.
• If DAGL rejects the form, it will not end up in the inbox of REVI

But for the second signature, the process is as follows:

• If REVI signs the form, then the form is submitted with two signatures
• If REVI rejects the form, then the form is submitted with one signature (DAGL)

This should not happen, as each of the Tasks have a minimum count of 1 on each of the signatures.

Steps To Reproduce

This can be reproduced with the existing signing-test app.
However, this app is created with minCount: 0, so this first needs to be changed to 1 for both signatures. Furthermore, REVI also has the opportunity to reject a form. As such the following code needs to be added:

In applicationmetadata.json minCount has to be increased to 1 for both signatures:

{
     "id": "signature1",
      "allowedContentTypes": [
        "application/json"
      ],
      "taskId": "Task_2",
      "maxCount": 1,
      "minCount": 1,
      "enablePdfCreation": false,
      "enableFileScan": false,
      "validationErrorOnPendingFileScan": false,
      "enabledFileAnalysers": [],
      "enabledFileValidators": []
    }
{
     "id": "signature2",
      "allowedContentTypes": [
        "application/json"
      ],
      "taskId": "Task_3",
      "maxCount": 1,
      "minCount": 1,
      "enablePdfCreation": false,
      "enableFileScan": false,
      "validationErrorOnPendingFileScan": false,
      "enabledFileAnalysers": [],
      "enabledFileValidators": []
    }

In policy.xml the follwing rule (Ruleid2) needs to be changed to:

<xacml:Rule RuleId="urn:altinn:example:ruleid:2" Effect="Permit">
    <xacml:Description>Rule that defines that user with role REVI can read, sign, and reject for [ORG]/[APP] when it is in Task_3</xacml:Description>
    <xacml:Target>
      <xacml:AnyOf>
        <xacml:AllOf>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">A0237</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
        </xacml:AllOf>
        <xacml:AllOf>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">A0238</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
        </xacml:AllOf>
      </xacml:AnyOf>
      <xacml:AnyOf>
        <xacml:AllOf>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Task_3</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:altinn:task" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
        </xacml:AllOf>
      </xacml:AnyOf>
      <xacml:AnyOf>
        <xacml:AllOf>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
        </xacml:AllOf>
        <xacml:AllOf>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">sign</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
        </xacml:AllOf>
        <xacml:AllOf>
          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">reject</xacml:AttributeValue>
            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
          </xacml:Match>
        </xacml:AllOf>
      </xacml:AnyOf>
    </xacml:Target>
  </xacml:Rule>

In process.bpmn the reject action needs to be added for Task_3 as well:

<bpmn:task id="Task_3" name="Confirm2">
            <bpmn:incoming>SequenceFlow_3</bpmn:incoming>
            <bpmn:outgoing>SequenceFlow_4</bpmn:outgoing>
            <bpmn:extensionElements>
                <altinn:taskExtension>
                    <altinn:taskType>signing</altinn:taskType>
                    <altinn:actions>
                        <altinn:action>reject</altinn:action> 
                        <altinn:action>sign</altinn:action> 
                    </altinn:actions>
                    <altinn:signatureConfig>
                        <altinn:dataTypesToSign>
                            <altinn:dataType>data</altinn:dataType>
                        </altinn:dataTypesToSign>
                        <altinn:signatureDataType>signature2</altinn:signatureDataType>
                    </altinn:signatureConfig>
                </altinn:taskExtension>
            </bpmn:extensionElements>
        </bpmn:task>

Lastly, in App/ui/confirm2/layouts/Confirm.json add a button for Reject:

{
        "id": "RejectButton",
        "type": "ActionButton",
        "textResourceBindings": {
          "title": "reject.title"
        },
        "action": "reject",
        "buttonStyle": "secondary"
}

Then complete the steps as followed:

1. Fill out the form and press the submit button
2. Choose "sign" with the role of either DAGL or REGN
3. Then log in again with the role of REVI, open the form and choose the reject option.
4. The form should then be submitted with only one signature as seen in the picture below

Alternatively use the app I am currently working on (and where the issue was first noticed) here

Additional Information

[CelineTranFT]

This turned out to be a local testing issue. When testing on test environment the form was not added to the inbox if the form-filler pressed reject instead of sign.

[CelineTranFT]

It seems it is not a local testing issue after all. After testing my own app in tt02, I noticed the form is still submitting even though there is a lack of signatures. I have edited the issue to reflect this change

[CelineTranFT]

fixed with v4