Client Files & Documents

Client Files & Documents

NexusRMS provides two document systems: Client Files for general attachments and Client Secure Documents for encrypted, compliance-sensitive records.

Client Files (ClientFile)

File types: contract, certificate, insurance, quote, invoice, other.

Storage fields: filename (original), stored_filename (unique S3 name), file_path, file_size (bytes), mime_type, extension.

Metadata: title, description, category, uploaded_by (user ID), project_id (optional project link).

Client Sharing

The is_shared_with_client boolean controls portal visibility. When true, the client can view and download the file from their portal.

Signature Support

• requires_signature — File needs signing
• is_signed — File has been signed
• signed_at — Signature timestamp
• signed_by_user_id / signed_by_contact_id — Who signed

Expiry Tracking

Set expires_at for time-sensitive documents. Methods: isExpired(), isExpiringSoon(days) (default 30), getDaysUntilExpiry() (negative if expired).

Download Tracking and File Operations

recordDownload() increments download_count and updates last_downloaded_at. Other methods: getFormattedFileSize() (e.g. "1.5 MB"), getSignedUrl(minutes) (time-limited S3 URL, default 60 min), existsInStorage(), deleteFromStorage().

Files Tab on Detail Page

Grid layout showing each file's type icon (colour-coded for PDF, image, Word, Excel, etc.), file name, upload date, and download/delete buttons. The Upload button opens a dialogue for selecting a file, entering a name, and choosing a type (General Document, Contract, Certificate, Insurance, Other). Accepted formats: PDF, DOC, DOCX, XLS, XLSX, PNG, JPG, JPEG. Empty state prompts uploading the first document.

Secure Documents (ClientSecureDocument)

Encrypted storage fields: encrypted_file_path, encryption_key_ref, file_checksum (SHA-256). document_number uses Laravel's encrypted cast. Hidden from API: document_number, encrypted_file_path, encryption_key_ref.

Document details: document_type_id, document_type_code, document_number, issued_by, issued_date, expires_at, country_code.

Verification Workflow

verification_status: pending, verified, rejected, expired. Methods: markAsVerified(userId), markAsRejected(userId, reason), markAsExpired().

Version Control

Fields: version (integer), is_current_version (boolean), previous_version_id. The currentVersion() scope returns only the latest version.

Two-Factor Access

requires_2fa_access enables 2FA for sensitive documents. last_2fa_verification_at records when 2FA was completed. is2FAValid(minutes) checks validity (default 30 minutes).

Node Sync and GDPR

synced_from_node_at and sync_status (synced, pending, failed, stale, local) track Node synchronisation. GDPR fields: retention_until, consent_given_at, consent_ip_address. Watermarking via watermark_id.

Tips

• Use is_shared_with_client to control portal visibility.
• Track signatures for a clear audit trail of who signed what and when.
• Monitor documents approaching their expires_at date.
• Use secure documents for PII or commercially sensitive files.
• Review pending verification statuses regularly to avoid compliance bottlenecks.