Settings — Signature Template Editor
The Signature template editor (/settings/signatures/:id) is the
visual authoring surface for a single staff-signature template. It
captures the HTML body, scope (org-wide or division), default flag,
and renders a live preview against either generic example data or a
real org user.
This is the page that opens when you click Edit on a row of Settings ▸ Staff Signatures, or when you finish creating a new template from the list-page slide-out.
Anatomy of the page
Section titled “Anatomy of the page”1. Page header
Section titled “1. Page header”A standard PageHeader sits above the inline editor row, providing
the help and docs icons. The page title here is intentionally
static (Edit Signature Template) — the editable template-name field
lives in the row below as an inline <Input> so admins can rename
without leaving the page.
2. Inline editor row
Section titled “2. Inline editor row”Below the PageHeader:
- Back-to-list button (with unsaved-changes guard)
- Template-name
<Input>(editable; this is the visible “title” of the template being edited) - Delete (admin-only, with confirm dialog)
- Save
3. HTML rich-text editor
Section titled “3. HTML rich-text editor”A RichTextEditor component for the signature body. Toolbar exposes
bold, italic, links, lists, and an Insert merge variable picker.
Server-side sanitization happens on save; client-side
sanitization happens on every render via DOMPurify as defense in
depth.
4. Form fields
Section titled “4. Form fields”Below the editor:
- Division scope — dropdown bound to Settings ▸ Divisions; blank = org-wide
- Default — boolean toggle; only one template per org can hold this flag
5. Preview pane
Section titled “5. Preview pane”A live render of the template:
- Generic preview (default) — uses hardcoded example values for every token
- Preview as — pick any user from a 100-row directory dropdown to render against their actual profile
6. Deferred-token notice
Section titled “6. Deferred-token notice”When the template uses tokens like {{credentials}} that resolve at
email-send time (not at copy-to-clipboard time), the page surfaces a
small notice explaining the deferred-render semantics.
Merge token catalogue
Section titled “Merge token catalogue”The supported set is fixed in code. Common tokens:
| Token | Source | Deferred? |
|---|---|---|
{{full_name}} | users.name_first + name_last | No |
{{title}} | employee_profiles.title | No |
{{email}} | users.email | No |
{{phone}} | employee_profiles.phone | No |
{{headshot_url}} | employee_profiles.headshot_url | No |
{{org_name}} | org.name | No |
{{org_logo_url}} | org.logo_url | No |
{{org_address}} | org.address | No |
{{credentials}} | Active credentials at send time | Yes |
Deferred tokens are documented with a notice on the page so admins know the difference between “what shows in the preview” and “what shows when an email actually goes out.”
Scope, default, lockout
Section titled “Scope, default, lockout”- Org-wide = blank division, available to assignment for any user
- Division-scoped = only assignable to users in that division
- Default = the one template the platform falls back to when no explicit assignment + no division match
The default is exclusive — toggling it on for one template automatically toggles it off for the previous default. There must always be at most one default; the platform refuses an attempt to clear the only default without designating a new one.
Permissions and scope
Section titled “Permissions and scope”| Role | View | Edit | Delete | Set default |
|---|---|---|---|---|
| Owner / Admin | ✓ | ✓ | ✓ | ✓ |
| Member | ✗ | ✗ | ✗ | ✗ |
| Viewer | ✗ | ✗ | ✗ | ✗ |
Audit logging
Section titled “Audit logging”| Action | Event |
|---|---|
| Save | signature_template.updated |
| Set default | signature_template.default_set |
| Delete | signature_template.deleted |
Events surface in Settings ▸ Audit Log.
Render pipeline
Section titled “Render pipeline”The render flow on every fetch from /signatures/me:
- Resolve the user’s signature template via the assignment fallback (explicit user > division default > org default)
- Substitute every supported merge token against the user’s profile + org metadata
- HTML-escape every substituted value (#108.1)
- Resolve deferred tokens at email-send time, not at this render
- Sanitize via DOMPurify before sending
The same pipeline is used for the live preview on this page — “Preview as” mode runs steps 1-3 against the chosen user, with the deferred-token notice shown for any unresolved deferred tokens.
Troubleshooting
Section titled “Troubleshooting”| Symptom | Most likely cause | Fix |
|---|---|---|
| Token literal shown | Typo or unsupported | Use Insert merge variable |
| Preview empty for real user | User profile incomplete | Different user, or fill profile |
| Save fails | Empty name | Type a name |
| Cannot delete | Template assigned | Reassign under Settings ▸ Team |
| Default toggle won’t stick | Race with another admin | Refresh and re-toggle |
Related pages
Section titled “Related pages”- Settings ▸ Staff Signatures — list view that opens this editor
- Account ▸ Signature — user-side render of the template
- Settings ▸ Divisions — division-scope source list
- Settings ▸ Team — explicit per-user assignment