diff --git a/forms-flow-api/src/formsflow_api/models/authorization.py b/forms-flow-api/src/formsflow_api/models/authorization.py index 9a530ed1f..ec46e80e2 100644 --- a/forms-flow-api/src/formsflow_api/models/authorization.py +++ b/forms-flow-api/src/formsflow_api/models/authorization.py @@ -5,7 +5,7 @@ from enum import Enum, unique from typing import List, Optional -from sqlalchemy import JSON, and_, or_ +from sqlalchemy import JSON, and_, or_, text from sqlalchemy.dialects.postgresql import ARRAY, ENUM from .audit_mixin import AuditDateTimeMixin, AuditUserMixin @@ -71,17 +71,27 @@ def _auth_query( cls, auth_type, roles, tenant, user_name, include_created_by=False ): # pylint: disable=too-many-arguments,too-many-positional-arguments role_condition = [Authorization.roles.contains([role]) for role in roles] - query = cls.query.filter(Authorization.auth_type == auth_type).filter( - or_( - *role_condition, - include_created_by and Authorization.created_by == user_name, - Authorization.user_name == user_name, - and_( - Authorization.user_name.is_(None), - or_(Authorization.roles == {}, Authorization.roles.is_(None)), - ), + query = cls.query.filter(Authorization.auth_type == auth_type) + if auth_type == AuthType.APPLICATION: + # if the authtype is application then need to check role id exist or if submitter true + query = query.filter( + or_( + *role_condition, + text("resource_details ->>'submitter' = 'True'"), + ) + ) + else: + query = query.filter( + or_( + *role_condition, + include_created_by and Authorization.created_by == user_name, + Authorization.user_name == user_name, + and_( + Authorization.user_name.is_(None), + or_(Authorization.roles == {}, Authorization.roles.is_(None)), + ), + ) ) - ) if tenant: query = query.filter(Authorization.tenant == tenant) diff --git a/forms-flow-api/src/formsflow_api/services/form_process_mapper.py b/forms-flow-api/src/formsflow_api/services/form_process_mapper.py index 260af0a2a..55f17a172 100644 --- a/forms-flow-api/src/formsflow_api/services/form_process_mapper.py +++ b/forms-flow-api/src/formsflow_api/services/form_process_mapper.py @@ -429,9 +429,9 @@ def create_form(data, is_designer, **kwargs): # pylint:disable=too-many-locals authorization_data = { "application": { "resourceId": parent_form_id, - "resourceDetails": {}, + "resourceDetails": {"submitter": True}, "roles": [], - "userName": user.user_name, + "userName": None, }, "designer": { "resourceId": parent_form_id, diff --git a/forms-flow-web/src/components/Form/EditForm/FormEdit.js b/forms-flow-web/src/components/Form/EditForm/FormEdit.js index 3b955544e..d3c6f8fa3 100644 --- a/forms-flow-web/src/components/Form/EditForm/FormEdit.js +++ b/forms-flow-web/src/components/Form/EditForm/FormEdit.js @@ -447,6 +447,9 @@ const EditComponent = () => { /* ----------- save settings function to be used in settings modal ---------- */ const filterAuthorizationData = (authorizationData) => { + if(authorizationData.selectedOption === "submitter"){ + return {roles: [], userName:null, resourceDetails:{submitter:true}}; + } if (authorizationData.selectedOption === "specifiedRoles") { return { roles: authorizationData.selectedRoles, userName: "" }; } @@ -475,7 +478,7 @@ const EditComponent = () => { const authorizations = { application: { resourceId: parentFormId, - resourceDetails: {}, + resourceDetails:{submitter:false}, ...filterAuthorizationData(rolesState.APPLICATION), }, designer: { diff --git a/forms-flow-web/src/components/Form/EditForm/FormSettings.js b/forms-flow-web/src/components/Form/EditForm/FormSettings.js index e51eff835..c7b7814ba 100644 --- a/forms-flow-web/src/components/Form/EditForm/FormSettings.js +++ b/forms-flow-web/src/components/Form/EditForm/FormSettings.js @@ -78,8 +78,11 @@ const FormSettings = forwardRef((props, ref) => { APPLICATION: { roleInput: "", selectedRoles: formAuthorization.APPLICATION?.roles, - selectedOption: setSelectedOption(formAuthorization.APPLICATION?.roles, "submitter"), - }, + selectedOption: setSelectedOption(formAuthorization.APPLICATION?.roles, "submitter"), + /* The 'submitter' key is stored in 'resourceDetails'. If the roles array is not empty + we assume that the submitter is true. */ + } + }); /* ------------------------- validating form name and path ------------------------ */