fix(rgi): download via user's eTerra browser session (not server-side)

Server credentials can list RGI applications and docs but can't download files (confirmOnView returns false — only the current actor/deponent has download permission). Download now opens the eTerra URL directly in the user's browser, which uses their existing eTerra session cookie. Flow: 1. Hidden iframe calls confirmOnView 2. After 500ms, opens downloadFile URL in new tab Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 22:32:09 +02:00
parent 0e5c01839d
commit 5966a11f7e
1 changed files with 24 additions and 7 deletions
@@ -294,17 +294,34 @@ function IssuedDocsPanel({
              </div>
            </div>
          </div>
-          <Button size="sm" variant="outline" className="shrink-0 gap-1" asChild>
-            <a
-              href={`/api/eterra/rgi/download-doc?workspaceId=${doc.workspaceId || workspaceId}&applicationId=${doc.applicationId || applicationPk}&documentPk=${doc.documentPk}&documentTypeId=${doc.documentTypeId}`}
-              target="_blank"
-              rel="noopener noreferrer"
+          <div className="flex items-center gap-1 shrink-0">
+            <Button
+              size="sm"
+              variant="outline"
+              className="gap-1"
+              onClick={() => {
+                // Open eTerra directly — user's browser session has download permission
+                // First open confirmOnView, then download
+                const base = "https://eterra.ancpi.ro/eterra/api";
+                const wid = doc.workspaceId || workspaceId;
+                const appId = doc.applicationId || applicationPk;
+                const dpk = doc.documentPk;
+                // Open confirm in hidden iframe, then download
+                const iframe = document.createElement("iframe");
+                iframe.style.display = "none";
+                iframe.src = `${base}/rgi/appdetail/issueddocs/confirmOnView/${wid}/${appId}/${dpk}`;
+                document.body.appendChild(iframe);
+                setTimeout(() => {
+                  window.open(`${base}/rgi/appdetail/loadDocument/downloadFile/${wid}/${dpk}`, "_blank");
+                  iframe.remove();
+                }, 500);
+              }}
            >
              <Download className="h-3.5 w-3.5" />
              Descarca
-            </a>
            </Button>
          </div>
+        </div>
      ))}
    </div>
  );