From 14380e48568d96fc24bf6641dd58726bdf858f51 Mon Sep 17 00:00:00 2001
From: Vijaivir Dhaliwal <91633223+vijaivir@users.noreply.github.com>
Date: Thu, 5 Sep 2024 12:02:16 -0700
Subject: [PATCH] Fix: Extend Form Submitter permissions for GET
 /documentTemplates (#1493)

* removed template read permissions

* migration to extend form submitter role

* update form_submitter permission
---
 ...0240904140843_047-extend-submitter-role.js | 34 +++++++++++++++++++
 app/src/forms/common/constants.js             |  2 +-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 app/src/db/migrations/20240904140843_047-extend-submitter-role.js

diff --git a/app/src/db/migrations/20240904140843_047-extend-submitter-role.js b/app/src/db/migrations/20240904140843_047-extend-submitter-role.js
new file mode 100644
index 000000000..c5519b811
--- /dev/null
+++ b/app/src/db/migrations/20240904140843_047-extend-submitter-role.js
@@ -0,0 +1,34 @@
+const uuid = require('uuid');
+
+const { Permissions, Roles } = require('../../forms/common/constants');
+
+const CREATED_BY = 'migration-047';
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.up = function(knex) {
+    return Promise.resolve().then(() => {
+        const rolePermission = {
+          id: uuid.v4(),
+          createdBy: CREATED_BY,
+          role: Roles.FORM_SUBMITTER,
+          permission: Permissions.DOCUMENT_TEMPLATE_READ,
+        };
+        return knex('role_permission').insert(rolePermission);
+      });
+};
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = function(knex) {
+    return Promise.resolve().then(() =>
+        knex('role_permission')
+            .where({
+                createdBy: CREATED_BY,
+            })
+            .del()
+    );  
+};
diff --git a/app/src/forms/common/constants.js b/app/src/forms/common/constants.js
index 7d377bedf..6cd51fbf9 100644
--- a/app/src/forms/common/constants.js
+++ b/app/src/forms/common/constants.js
@@ -29,7 +29,7 @@ module.exports = Object.freeze({
     FORM_API_UPDATE: 'form_api_update',
     FORM_DELETE: 'form_delete',
     FORM_READ: 'form_read',
-    FORM_SUBMITTER: ['form_read', 'submission_create'],
+    FORM_SUBMITTER: ['form_read', 'submission_create', 'document_template_read'],
     FORM_UPDATE: 'form_update',
     SUBMISSION_CREATE: 'submission_create',
     SUBMISSION_DELETE: 'submission_delete',