feat: allow editing of submission by the user

docs/DataStructure.md

@@ -27,6 +27,7 @@ This document describes the Object-Structure, that is used within the Forms App
 | isAnonymous       | Boolean                              |                                         | If Answers will be stored anonymously                                                                                            |
 | state             | Integer                              | [Form state](#form-state)               | The state of the form                                                                                                            |
 | submitMultiple    | Boolean                              |                                         | If users are allowed to submit multiple times to the form                                                                        |
+| allowEdit         | Boolean                              |                                         | If users are allowed to edit or delete their response                                                                            |
 | showExpiration    | Boolean                              |                                         | If the expiration date will be shown on the form                                                                                 |
 | canSubmit         | Boolean                              |                                         | If the user can Submit to the form, i.e. calculated information out of `submitMultiple` and existing submissions.                |
 | permissions       | Array of [Permissions](#permissions) | Array of permissions regarding the form |
@@ -46,6 +47,7 @@ This document describes the Object-Structure, that is used within the Forms App
   "expires": 0,
   "isAnonymous": false,
   "submitMultiple": true,
+  "allowEdit": false,
   "showExpiration": false,
   "canSubmit": true,
   "permissions": [

lib/Controller/ApiController.php

@@ -172,6 +172,7 @@
 				'showToAllUsers' => false,
 			]);
 			$form->setSubmitMultiple(false);
+			$form->setAllowEdit(false);
 			$form->setShowExpiration(false);
 			$form->setExpires(0);
 			$form->setIsAnonymous(false);
@@ -1294,7 +1295,7 @@
 				continue;
 			}
 
-			$this->storeAnswersForQuestion($form, $submission->getId(), $questions[$questionIndex], $answerArray);
+			$this->storeAnswersForQuestion($form, $submission->getId(), $questions[$questionIndex], $answerArray, false);
 		}
 
 		$this->formMapper->update($form);
@@ -1309,6 +1310,87 @@
 		return new DataResponse(null, Http::STATUS_CREATED);
 	}
 
+	/**
+	 * Update an existing submission
+	 *
+	 * @param int $formId the form id
+	 * @param int $submissionId the submission id
+	 * @param array<string, list<string>> $answers [question_id => arrayOfString]
+	 * @param string $shareHash public share-hash -> Necessary to submit on public link-shares.
+	 * @return DataResponse<Http::STATUS_OK, int, array{}>
+	 * @throws OCSBadRequestException Can only update submission if AllowEdit is set and the answers are valid
+	 * @throws OCSForbiddenException Can only update your own submission
+	 *
+	 * 200: the id of the updated submission
+	 */
+	#[CORS()]
+	#[NoAdminRequired()]
+	#[NoCSRFRequired()]
+	#[PublicPage()]
+	#[ApiRoute(verb: 'PUT', url: '/api/v3/forms/{formId}/submissions/{submissionId}')]
+	public function updateSubmission(int $formId, int $submissionId, array $answers, string $shareHash = ''): DataResponse {
+		$this->logger->debug('Updating submission: formId: {formId}, answers: {answers}, shareHash: {shareHash}', [
+			'formId' => $formId,
+			'answers' => $answers,
+			'shareHash' => $shareHash,
+		]);
+
+		$form = $this->loadFormForSubmission($formId, $shareHash);
+
+		if (!$form->getAllowEdit()) {
+			throw new OCSBadRequestException('Can only update if AllowEdit is set');
+		}
+
+		$questions = $this->formsService->getQuestions($formId);
+		// Is the submission valid
+		$isSubmissionValid = $this->submissionService->validateSubmission($questions, $answers, $form->getOwnerId());
+		if (is_string($isSubmissionValid)) {
+			throw new OCSBadRequestException($isSubmissionValid);
+		}
+		if ($isSubmissionValid === false) {
+			throw new OCSBadRequestException('At least one submitted answer is not valid');
+		}
+
+		// get existing submission of this user
+		try {
+			$submission = $this->submissionMapper->findByFormAndUser($form->getId(), $this->currentUser->getUID());
+		} catch (DoesNotExistException $e) {
+			throw new OCSBadRequestException('Cannot update a non existing submission');
+		}
+
+		if ($submissionId != $submission->getId()) {
+			throw new OCSForbiddenException('Can only update your own submissions');
+		}
+
+		$submission->setTimestamp(time());
+		$this->submissionMapper->update($submission);
+
+		if (empty($answers)) {
+			// Clear Answers
+			foreach ($questions as $question) {
+				$this->storeAnswersForQuestion($form, $submission->getId(), $question, [''], true);
+			}
+		} else {
+			// Process Answers
+			foreach ($answers as $questionId => $answerArray) {
+				// Search corresponding Question, skip processing if not found
+				$questionIndex = array_search($questionId, array_column($questions, 'id'));
+				if ($questionIndex === false) {
+					continue;
+				}
+
+				$question = $questions[$questionIndex];
+
+				$this->storeAnswersForQuestion($form, $submission->getId(), $question, $answerArray, true);
+			}
+		}
+
+		//Create Activity
+		$this->formsService->notifyNewSubmission($form, $submission);
+
+		return new DataResponse($submissionId);
+	}
+
 	/**
 	 * Delete a specific submission
 	 *
@@ -1522,14 +1604,23 @@
 	// private functions
 
 	/**
-	 * Insert answers for a question
+	 * Insert or update answers for a question
 	 *
 	 * @param Form $form
 	 * @param int $submissionId
 	 * @param array $question
 	 * @param string[]|array<array{uploadedFileId: string, uploadedFileName: string}> $answerArray
+	 * @param bool $update
 	 */
-	private function storeAnswersForQuestion(Form $form, $submissionId, array $question, array $answerArray): void {
+	private function storeAnswersForQuestion(Form $form, int $submissionId, array $question, array $answerArray, bool $update): void {
+		// get stored answers for this question
+		$storedAnswers = [];
+		if ($update) {
+			$storedAnswers = $this->answerMapper->findBySubmissionAndQuestion($submissionId, $question['id']);
+		}
+
+		$newAnswerTexts = [];
+
 		foreach ($answerArray as $answer) {
 			$answerEntity = new Answer();
 			$answerEntity->setSubmissionId($submissionId);
@@ -1546,6 +1637,33 @@
 				} elseif (!empty($question['extraSettings']['allowOtherAnswer']) && strpos($answer, Constants::QUESTION_EXTRASETTINGS_OTHER_PREFIX) === 0) {
 					$answerText = str_replace(Constants::QUESTION_EXTRASETTINGS_OTHER_PREFIX, '', $answer);
 				}
+
+				if (!array_key_exists($question['id'], $newAnswerTexts)) {
+					$newAnswerTexts[$question['id']] = [];
+				}
+				$newAnswerTexts[$question['id']][] = $answerText;
+
+				// has this answer already been stored?
+				$foundAnswer = false;
+				foreach ($storedAnswers as $storedAnswer) {
+					if ($storedAnswer->getText() == $answerText) {
+						// nothing to be changed
+						$foundAnswer = true;
+						break;
+					}
+				}
+				if (!$foundAnswer) {
+					if ($answerText === '') {
+						continue;
+					}
+					// need to add answer
+					$answerEntity = new Answer();
+					$answerEntity->setSubmissionId($submissionId);
+					$answerEntity->setQuestionId($question['id']);
+					$answerEntity->setText($answerText);
+					$this->answerMapper->insert($answerEntity);
+				}
+
 			} elseif ($question['type'] === Constants::ANSWER_TYPE_FILE) {
 				$uploadedFile = $this->uploadedFileMapper->getByUploadedFileId($answer['uploadedFileId']);
 				$answerEntity->setFileId($uploadedFile->getFileId());
@@ -1565,20 +1683,43 @@
 				$file->move($folder->getPath() . '/' . $name);
 
 				$answerText = $name;
+
+				$answerEntity->setText($answerText);
+				$this->answerMapper->insert($answerEntity);
 			} else {
 				$answerText = $answer; // Not a multiple-question, answerText is given answer
-			}
 
-			if ($answerText === '') {
-				continue;
+				if (!empty($storedAnswers)) {
+					$answerEntity = $storedAnswers[0];
+					$answerEntity->setText($answerText);
+					$this->answerMapper->update($answerEntity);
+				} else {
+					if ($answerText === '') {
+						continue;
+					}
+					$answerEntity = new Answer();
+					$answerEntity->setSubmissionId($submissionId);
+					$answerEntity->setQuestionId($question['id']);
+					$answerEntity->setText($answerText);
+					$this->answerMapper->insert($answerEntity);
+				}
 			}
 
-			$answerEntity->setText($answerText);
-			$this->answerMapper->insert($answerEntity);
 			if ($uploadedFile) {
 				$this->uploadedFileMapper->delete($uploadedFile);
 			}
 		}
+
+		if (in_array($question['type'], Constants::ANSWER_TYPES_PREDEFINED)) {
+			// drop all answers that are not in new set of answers
+			foreach ($storedAnswers as $storedAnswer) {
+				$questionId = $storedAnswer->getQuestionId();
+
+				if (empty($newAnswerTexts[$questionId]) || !in_array($storedAnswer->getText(), $newAnswerTexts[$questionId])) {
+					$this->answerMapper->delete($storedAnswer);
+				}
+			}
+		}
 	}
 
 	private function loadFormForSubmission(int $formId, string $shareHash): Form {

lib/Db/AnswerMapper.php

@@ -41,6 +41,26 @@
 		return $this->findEntities($qb);
 	}
 
+	/**
+	 * @param int $submissionId
+	 * @param int $questionId
+	 * @throws \OCP\AppFramework\Db\DoesNotExistException if not found
+	 * @return Answer[]
+	 */
+
+	public function findBySubmissionAndQuestion(int $submissionId, int $questionId): array {
+		$qb = $this->db->getQueryBuilder();
+
+		$qb->select('*')
+			->from($this->getTableName())
+			->where(
+				$qb->expr()->eq('submission_id', $qb->createNamedParameter($submissionId, IQueryBuilder::PARAM_INT)),
+				$qb->expr()->eq('question_id', $qb->createNamedParameter($questionId, IQueryBuilder::PARAM_INT))
+			);
+
+		return $this->findEntities($qb);
+	}
+
 	/**
 	 * @param int $submissionId
 	 */

lib/Db/Form.php

@@ -35,6 +35,8 @@
  * @method void setIsAnonymous(bool $value)
  * @method int getSubmitMultiple()
  * @method void setSubmitMultiple(bool $value)
+ * @method int getAllowEdit()
+ * @method void setAllowEdit(bool $value)
  * @method int getShowExpiration()
  * @method void setShowExpiration(bool $value)
  * @method int getLastUpdated()
@@ -58,6 +60,7 @@ class Form extends Entity {
 	protected $expires;
 	protected $isAnonymous;
 	protected $submitMultiple;
+	protected $allowEdit;
 	protected $showExpiration;
 	protected $submissionMessage;
 	protected $lastUpdated;
@@ -71,6 +74,7 @@ public function __construct() {
 		$this->addType('expires', 'integer');
 		$this->addType('isAnonymous', 'boolean');
 		$this->addType('submitMultiple', 'boolean');
+		$this->addType('allowEdit', 'boolean');
 		$this->addType('showExpiration', 'boolean');
 		$this->addType('lastUpdated', 'integer');
 		$this->addType('state', 'integer');
@@ -140,6 +144,7 @@ public function setAccess(array $access): void {
 	 *   expires: int,
 	 *   isAnonymous: bool,
 	 *   submitMultiple: bool,
+	 *   allowEdit: bool,
 	 *   showExpiration: bool,
 	 *   lastUpdated: int,
 	 *   submissionMessage: ?string,
@@ -160,6 +165,7 @@ public function read() {
 			'expires' => (int)$this->getExpires(),
 			'isAnonymous' => (bool)$this->getIsAnonymous(),
 			'submitMultiple' => (bool)$this->getSubmitMultiple(),
+			'allowEdit' => (bool)$this->getAllowEdit(),
 			'showExpiration' => (bool)$this->getShowExpiration(),
 			'lastUpdated' => (int)$this->getLastUpdated(),
 			'submissionMessage' => $this->getSubmissionMessage(),

lib/Db/SubmissionMapper.php

@@ -47,6 +47,29 @@
 		return $this->findEntities($qb);
 	}
 
+	/**
+	 * @param int $formId
+	 * @param string $userId
+	 *
+	 * @return Submission
+	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException if more than one result
+	 * @throws \OCP\AppFramework\Db\DoesNotExistException if not found
+	 */
+	public function findByFormAndUser(int $formId, string $userId): Submission {
+		$qb = $this->db->getQueryBuilder();
+
+		$qb->select('*')
+			->from($this->getTableName())
+			->where(
+				$qb->expr()->eq('form_id', $qb->createNamedParameter($formId, IQueryBuilder::PARAM_INT)),
+				$qb->expr()->eq('user_id', $qb->createNamedParameter($userId, IQueryBuilder::PARAM_STR))
+			)
+			//Newest submissions first
+			->orderBy('timestamp', 'DESC');
+
+		return $this->findEntity($qb);
+	}
+
 	/**
 	 * @param int $id
 	 * @return Submission

lib/FormsMigrator.php

@@ -146,6 +146,7 @@ public function import(IUser $user, IImportSource $importSource, OutputInterface
 				$form->setExpires($formData['expires']);
 				$form->setIsAnonymous($formData['isAnonymous']);
 				$form->setSubmitMultiple($formData['submitMultiple']);
+				$form->setAllowEdit($formData['allowEdit']);
 				$form->setShowExpiration($formData['showExpiration']);
 
 				$this->formMapper->insert($form);

lib/Migration/Version050000Date20250109201500.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Forms\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\Types;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version050000Date20250109201500 extends SimpleMigrationStep {
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+		$table = $schema->getTable('forms_v2_forms');
+
+		if (!$table->hasColumn('allow_edit')) {
+			$table->addColumn('allow_edit', Types::BOOLEAN, [
+				'notnull' => false,
+				'default' => 0,
+			]);
+
+			return $schema;
+		}
+
+		return null;
+	}
+}

lib/ResponseDefinitions.php

@@ -111,6 +111,7 @@
  *   isAnonymous: bool,
  *   lastUpdated: int,
  *   submitMultiple: bool,
+ *   allowEdit: bool,
  *   showExpiration: bool,
  *   canSubmit: bool,
  *   permissions: list<FormsPermission>,
@@ -119,6 +120,9 @@
  *   shares: list<FormsShare>,
  *   submissionCount?: int,
  *   submissionMessage: ?string,
+ *   answers?: array<string,mixed>,
+ *   newSubmission?: bool,
+ *   submissionId?: int,
  * }
  *
  * @psalm-type FormsUploadedFile = array{