From 651d4543b0f6b9e3d638e210e8bbca0eda86c1a5 Mon Sep 17 00:00:00 2001
From: shuhaib-aot <shuhaib.s@aot-technologies.com>
Date: Wed, 4 Dec 2024 16:36:08 +0530
Subject: [PATCH] FWF-3972 [bugfix] fixed application authorization fixed for
 submitter only

---
 .../src/formsflow_api/models/authorization.py | 32 ++++++++++++-------
 .../services/form_process_mapper.py           |  4 +--
 .../src/components/Form/EditForm/FormEdit.js  |  5 ++-
 .../components/Form/EditForm/FormSettings.js  |  7 ++--
 4 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/forms-flow-api/src/formsflow_api/models/authorization.py b/forms-flow-api/src/formsflow_api/models/authorization.py
index 9a530ed1fa..ec46e80e2b 100644
--- a/forms-flow-api/src/formsflow_api/models/authorization.py
+++ b/forms-flow-api/src/formsflow_api/models/authorization.py
@@ -5,7 +5,7 @@
 from enum import Enum, unique
 from typing import List, Optional
 
-from sqlalchemy import JSON, and_, or_
+from sqlalchemy import JSON, and_, or_, text
 from sqlalchemy.dialects.postgresql import ARRAY, ENUM
 
 from .audit_mixin import AuditDateTimeMixin, AuditUserMixin
@@ -71,17 +71,27 @@ def _auth_query(
         cls, auth_type, roles, tenant, user_name, include_created_by=False
     ):  # pylint: disable=too-many-arguments,too-many-positional-arguments
         role_condition = [Authorization.roles.contains([role]) for role in roles]
-        query = cls.query.filter(Authorization.auth_type == auth_type).filter(
-            or_(
-                *role_condition,
-                include_created_by and Authorization.created_by == user_name,
-                Authorization.user_name == user_name,
-                and_(
-                    Authorization.user_name.is_(None),
-                    or_(Authorization.roles == {}, Authorization.roles.is_(None)),
-                ),
+        query = cls.query.filter(Authorization.auth_type == auth_type)
+        if auth_type == AuthType.APPLICATION:
+            # if the authtype is application then need to check role id exist or if submitter true
+            query = query.filter(
+                or_(
+                    *role_condition,
+                    text("resource_details ->>'submitter' = 'True'"),
+                )
+            )
+        else:
+            query = query.filter(
+                or_(
+                    *role_condition,
+                    include_created_by and Authorization.created_by == user_name,
+                    Authorization.user_name == user_name,
+                    and_(
+                        Authorization.user_name.is_(None),
+                        or_(Authorization.roles == {}, Authorization.roles.is_(None)),
+                    ),
+                )
             )
-        )
 
         if tenant:
             query = query.filter(Authorization.tenant == tenant)
diff --git a/forms-flow-api/src/formsflow_api/services/form_process_mapper.py b/forms-flow-api/src/formsflow_api/services/form_process_mapper.py
index 260af0a2a8..55f17a1720 100644
--- a/forms-flow-api/src/formsflow_api/services/form_process_mapper.py
+++ b/forms-flow-api/src/formsflow_api/services/form_process_mapper.py
@@ -429,9 +429,9 @@ def create_form(data, is_designer, **kwargs):  # pylint:disable=too-many-locals
             authorization_data = {
                 "application": {
                     "resourceId": parent_form_id,
-                    "resourceDetails": {},
+                    "resourceDetails": {"submitter": True},
                     "roles": [],
-                    "userName": user.user_name,
+                    "userName": None,
                 },
                 "designer": {
                     "resourceId": parent_form_id,
diff --git a/forms-flow-web/src/components/Form/EditForm/FormEdit.js b/forms-flow-web/src/components/Form/EditForm/FormEdit.js
index 3b955544ea..d3c6f8fa3b 100644
--- a/forms-flow-web/src/components/Form/EditForm/FormEdit.js
+++ b/forms-flow-web/src/components/Form/EditForm/FormEdit.js
@@ -447,6 +447,9 @@ const EditComponent = () => {
 
   /* ----------- save settings function to be used in settings modal ---------- */
   const filterAuthorizationData = (authorizationData) => {
+    if(authorizationData.selectedOption === "submitter"){
+      return {roles: [], userName:null, resourceDetails:{submitter:true}};
+    }
     if (authorizationData.selectedOption === "specifiedRoles") {
       return { roles: authorizationData.selectedRoles, userName: "" };
     }
@@ -475,7 +478,7 @@ const EditComponent = () => {
     const authorizations = {
       application: {
         resourceId: parentFormId,
-        resourceDetails: {},
+        resourceDetails:{submitter:false},
         ...filterAuthorizationData(rolesState.APPLICATION),
       },
       designer: {
diff --git a/forms-flow-web/src/components/Form/EditForm/FormSettings.js b/forms-flow-web/src/components/Form/EditForm/FormSettings.js
index e51eff8352..c7b7814ba9 100644
--- a/forms-flow-web/src/components/Form/EditForm/FormSettings.js
+++ b/forms-flow-web/src/components/Form/EditForm/FormSettings.js
@@ -78,8 +78,11 @@ const FormSettings = forwardRef((props, ref) => {
     APPLICATION: {
       roleInput: "",
       selectedRoles: formAuthorization.APPLICATION?.roles,
-      selectedOption: setSelectedOption(formAuthorization.APPLICATION?.roles, "submitter"),
-    },
+      selectedOption: setSelectedOption(formAuthorization.APPLICATION?.roles, "submitter"), 
+      /* The 'submitter' key is stored in 'resourceDetails'. If the roles array is not empty
+       we assume that the submitter is true. */
+    }
+
   });
 
     /* ------------------------- validating form name and path ------------------------ */