Add approval history privacy, fix template heading, clone workflows

- Template: 'Approval History' is always the section heading; workflow
  name_label is used in stage card headers instead of 'Stage N'
- Privacy: add hide_approval_history field to WorkflowDefinition. When
  enabled, submitters see only the final decision (approved/rejected/
  under review) — approvers and admins still see full history.
- Clone: both admin action and form builder API now clone workflows,
  stages, and stage approval groups when duplicating a form.
- Migration 0047_add_hide_approval_history
- Bump version to 0.24.0

Author: matteius

django_forms_workflows/admin.py

@@ -278,6 +278,7 @@ class WorkflowDefinitionInline(admin.StackedInline):
     fields = [
         "name_label",
         "requires_approval",
+        "hide_approval_history",
         ("notify_on_submission", "notify_on_approval", "notify_on_rejection"),
         "additional_notify_emails",
         ("allow_bulk_export", "allow_bulk_pdf_export"),
@@ -504,6 +505,52 @@ def clone_forms(self, request, queryset):
                     cloned_form.view_groups.set(form.view_groups.all())
                     cloned_form.admin_groups.set(form.admin_groups.all())
 
+                    # Clone workflows, stages, and stage approval groups
+                    for wf in form.workflows.all():
+                        original_stages = list(
+                            wf.stages.prefetch_related("approval_groups").order_by(
+                                "order"
+                            )
+                        )
+                        cloned_wf = WorkflowDefinition.objects.create(
+                            form_definition=cloned_form,
+                            name_label=wf.name_label,
+                            requires_approval=wf.requires_approval,
+                            approval_deadline_days=wf.approval_deadline_days,
+                            send_reminder_after_days=wf.send_reminder_after_days,
+                            auto_approve_after_days=wf.auto_approve_after_days,
+                            notify_on_submission=wf.notify_on_submission,
+                            notify_on_approval=wf.notify_on_approval,
+                            notify_on_rejection=wf.notify_on_rejection,
+                            notify_on_withdrawal=wf.notify_on_withdrawal,
+                            additional_notify_emails=wf.additional_notify_emails,
+                            notification_cadence=wf.notification_cadence,
+                            notification_cadence_day=wf.notification_cadence_day,
+                            notification_cadence_time=wf.notification_cadence_time,
+                            notification_cadence_form_field=wf.notification_cadence_form_field,
+                            visual_workflow_data=wf.visual_workflow_data,
+                            hide_approval_history=wf.hide_approval_history,
+                            allow_bulk_export=wf.allow_bulk_export,
+                            allow_bulk_pdf_export=wf.allow_bulk_pdf_export,
+                        )
+                        for stage in original_stages:
+                            cloned_stage = WorkflowStage.objects.create(
+                                workflow=cloned_wf,
+                                name=stage.name,
+                                order=stage.order,
+                                approval_logic=stage.approval_logic,
+                                requires_manager_approval=stage.requires_manager_approval,
+                                approve_label=stage.approve_label,
+                            )
+                            for sag in StageApprovalGroup.objects.filter(
+                                stage=stage
+                            ).order_by("position"):
+                                StageApprovalGroup.objects.create(
+                                    stage=cloned_stage,
+                                    group=sag.group,
+                                    position=sag.position,
+                                )
+
                     cloned_count += 1
             except Exception as e:
                 self.message_user(

django_forms_workflows/form_builder_views.py

@@ -15,7 +15,15 @@
 from django.shortcuts import get_object_or_404, render
 from django.views.decorators.http import require_GET, require_POST
 
-from .models import FormDefinition, FormField, FormTemplate, PrefillSource
+from .models import (
+    FormDefinition,
+    FormField,
+    FormTemplate,
+    PrefillSource,
+    StageApprovalGroup,
+    WorkflowDefinition,
+    WorkflowStage,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -143,6 +151,50 @@ def form_builder_clone(request, form_id):
             cloned_form.view_groups.set(original_form.view_groups.all())
             cloned_form.admin_groups.set(original_form.admin_groups.all())
 
+            # Clone workflows, stages, and stage approval groups
+            for wf in original_form.workflows.all():
+                original_stages = list(
+                    wf.stages.prefetch_related("approval_groups").order_by("order")
+                )
+                cloned_wf = WorkflowDefinition.objects.create(
+                    form_definition=cloned_form,
+                    name_label=wf.name_label,
+                    requires_approval=wf.requires_approval,
+                    approval_deadline_days=wf.approval_deadline_days,
+                    send_reminder_after_days=wf.send_reminder_after_days,
+                    auto_approve_after_days=wf.auto_approve_after_days,
+                    notify_on_submission=wf.notify_on_submission,
+                    notify_on_approval=wf.notify_on_approval,
+                    notify_on_rejection=wf.notify_on_rejection,
+                    notify_on_withdrawal=wf.notify_on_withdrawal,
+                    additional_notify_emails=wf.additional_notify_emails,
+                    notification_cadence=wf.notification_cadence,
+                    notification_cadence_day=wf.notification_cadence_day,
+                    notification_cadence_time=wf.notification_cadence_time,
+                    notification_cadence_form_field=wf.notification_cadence_form_field,
+                    visual_workflow_data=wf.visual_workflow_data,
+                    hide_approval_history=wf.hide_approval_history,
+                    allow_bulk_export=wf.allow_bulk_export,
+                    allow_bulk_pdf_export=wf.allow_bulk_pdf_export,
+                )
+                for stage in original_stages:
+                    cloned_stage = WorkflowStage.objects.create(
+                        workflow=cloned_wf,
+                        name=stage.name,
+                        order=stage.order,
+                        approval_logic=stage.approval_logic,
+                        requires_manager_approval=stage.requires_manager_approval,
+                        approve_label=stage.approve_label,
+                    )
+                    for sag in StageApprovalGroup.objects.filter(stage=stage).order_by(
+                        "position"
+                    ):
+                        StageApprovalGroup.objects.create(
+                            stage=cloned_stage,
+                            group=sag.group,
+                            position=sag.position,
+                        )
+
             return JsonResponse(
                 {
                     "success": True,

django_forms_workflows/migrations/0047_add_hide_approval_history.py

@@ -0,0 +1,21 @@
+# Generated by Django 6.0.2 on 2026-03-13 19:12
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("django_forms_workflows", "0046_workflow_definition_one_to_many"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="workflowdefinition",
+            name="hide_approval_history",
+            field=models.BooleanField(
+                default=False,
+                help_text="When enabled, the submitter will not see approval history or individual approval steps — only the final decision (approved / rejected) is shown. Approvers and admins can still see the full history.",
+            ),
+        ),
+    ]

django_forms_workflows/models.py

@@ -651,6 +651,16 @@ class WorkflowDefinition(models.Model):
         help_text="Visual workflow builder layout (nodes and connections)",
     )
 
+    # Privacy
+    hide_approval_history = models.BooleanField(
+        default=False,
+        help_text=(
+            "When enabled, the submitter will not see approval history or "
+            "individual approval steps — only the final decision (approved / rejected) "
+            "is shown. Approvers and admins can still see the full history."
+        ),
+    )
+
     # Bulk Export
     allow_bulk_export = models.BooleanField(
         default=False,

django_forms_workflows/templates/django_forms_workflows/submission_detail.html

@@ -167,9 +167,41 @@ <h6 class="mb-0 fw-bold">{{ section.step_name }}</h6>
         <!-- Approval History -->
         {% if approval_tasks %}
 
-        {% if stage_groups %}
+        {% if hide_approval_history %}
+        {# ---- Privacy mode: submitter sees only the final decision ---- #}
+        <h5 class="mb-3"><i class="bi bi-shield-lock"></i> Approval Status</h5>
+        <div class="card mb-4
+            {% if submission.status == 'approved' %}border-success
+            {% elif submission.status == 'rejected' %}border-danger
+            {% else %}border-warning{% endif %}">
+            <div class="card-body text-center py-4">
+                {% if submission.status == 'approved' %}
+                    <span class="badge bg-success fs-5 px-4 py-2">Approved</span>
+                    {% if submission.completed_at %}
+                    <p class="text-muted mt-2 mb-0">Decision made on {{ submission.completed_at|date:"F d, Y g:i A" }}</p>
+                    {% endif %}
+                {% elif submission.status == 'rejected' %}
+                    <span class="badge bg-danger fs-5 px-4 py-2">Rejected</span>
+                    {% if submission.completed_at %}
+                    <p class="text-muted mt-2 mb-0">Decision made on {{ submission.completed_at|date:"F d, Y g:i A" }}</p>
+                    {% endif %}
+                    {% for task in approval_tasks %}
+                        {% if task.status == 'rejected' and task.comments %}
+                        <div class="alert alert-danger mt-3 mb-0 text-start">
+                            <strong>Reason:</strong> {{ task.comments }}
+                        </div>
+                        {% endif %}
+                    {% endfor %}
+                {% else %}
+                    <span class="badge bg-warning text-dark fs-5 px-4 py-2">Under Review</span>
+                    <p class="text-muted mt-2 mb-0">Your submission is being reviewed. You will be notified when a decision is made.</p>
+                {% endif %}
+            </div>
+        </div>
+
+        {% elif stage_groups %}
         {# ---- Staged workflow: one card per stage ---- #}
-        <h5 class="mb-3"><i class="bi bi-diagram-3"></i> {% if workflow_name_label %}{{ workflow_name_label }}{% else %}Approval History{% endif %}</h5>
+        <h5 class="mb-3"><i class="bi bi-diagram-3"></i> Approval History</h5>
         {% for stage in stage_groups %}
         <div class="card mb-3
             {% if stage.rejected_count > 0 %}border-danger
@@ -182,7 +214,7 @@ <h5 class="mb-3"><i class="bi bi-diagram-3"></i> {% if workflow_name_label %}{{
                 {% elif stage.approved_count > 0 %}bg-primary text-white
                 {% else %}bg-light text-muted{% endif %}">
                 <span>
-                    <strong>Stage {{ stage.number }}{% if not stage.has_multiple_stages %}: {{ stage.name }}{% endif %}</strong>
+                    <strong>{% if workflow_name_label %}{{ workflow_name_label }}{% else %}Stage {{ stage.number }}{% if not stage.has_multiple_stages %}: {{ stage.name }}{% endif %}{% endif %}</strong>
                 </span>
                 <span class="badge bg-white
                     {% if stage.rejected_count > 0 %}text-danger

django_forms_workflows/views.py

@@ -713,6 +713,18 @@ def submission_detail(request, submission_id):
         or request.user.groups.filter(id__in=form_def.admin_groups.all()).exists()
     )
 
+    # Privacy: hide approval history from the submitter when configured.
+    # Approvers and admins always see the full history.
+    is_submitter_only = (
+        submission.submitter == request.user
+        and not request.user.is_superuser
+        and not user_can_approve(request.user, submission)
+        and not request.user.groups.filter(id__in=form_def.admin_groups.all()).exists()
+    )
+    hide_approval_history = bool(
+        workflow and workflow.hide_approval_history and is_submitter_only
+    )
+
     return render(
         request,
         "django_forms_workflows/submission_detail.html",
@@ -730,6 +742,7 @@ def submission_detail(request, submission_id):
             "approval_field_names": approval_field_names,
             "approval_step_sections": approval_step_sections,
             "can_approve_pdf": can_approve_pdf,
+            "hide_approval_history": hide_approval_history,
         },
     )
 

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "django-forms-workflows"
-version = "0.23.2"
+version = "0.24.0"
 description = "Enterprise-grade, database-driven form builder with approval workflows and external data integration"
 license = "LGPL-3.0-only"
 readme = "README.md"