From c11d63fb42da3e8bb072611f1fde50a255d26d14 Mon Sep 17 00:00:00 2001
From: Courtney Myers <courtney.myers@erg.com>
Date: Wed, 27 Nov 2024 16:11:51 -0500
Subject: [PATCH] Update Formio form submissions endpoints to use the new
 checkUserData() function to return empty arrays instead of 401 Unauthorized
 responses for helpdesk users with no BAP combo keys

---
 app/server/app/utilities/formio.js | 35 +++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/app/server/app/utilities/formio.js b/app/server/app/utilities/formio.js
index 40145531..55d61930 100644
--- a/app/server/app/utilities/formio.js
+++ b/app/server/app/utilities/formio.js
@@ -19,7 +19,8 @@ const {
   getBapDataFor2022CRF,
   checkFormSubmissionPeriodAndBapStatus,
 } = require("../utilities/bap");
-const log = require("./logger");
+const { checkUserData } = require("../utilities/user");
+const log = require("../utilities/logger");
 
 const { NODE_ENV } = process.env;
 
@@ -1092,7 +1093,13 @@ function fetchFRFSubmissions({ rebateYear, req, res }) {
   const { bapComboKeys } = req;
   const { mail } = req.user;
 
-  if (bapComboKeys.length === 0) {
+  const { adminOrHelpdeskUser, noBapComboKeys } = checkUserData({ req });
+
+  if (noBapComboKeys) {
+    if (adminOrHelpdeskUser) {
+      return res.json([]);
+    }
+
     const logMessage =
       `User with email '${mail}' attempted to fetch ${rebateYear} FRF ` +
       `submissions from Formio without any SAM.gov combo keys.`;
@@ -1345,7 +1352,13 @@ function fetchPRFSubmissions({ rebateYear, req, res }) {
   const { bapComboKeys } = req;
   const { mail } = req.user;
 
-  if (bapComboKeys.length === 0) {
+  const { adminOrHelpdeskUser, noBapComboKeys } = checkUserData({ req });
+
+  if (noBapComboKeys) {
+    if (adminOrHelpdeskUser) {
+      return res.json([]);
+    }
+
     const logMessage =
       `User with email '${mail}' attempted to fetch ${rebateYear} PRF ` +
       `submissions from Formio without any SAM.gov combo keys.`;
@@ -1718,7 +1731,13 @@ function fetchCRFSubmissions({ rebateYear, req, res }) {
   const { bapComboKeys } = req;
   const { mail } = req.user;
 
-  if (bapComboKeys.length === 0) {
+  const { adminOrHelpdeskUser, noBapComboKeys } = checkUserData({ req });
+
+  if (noBapComboKeys) {
+    if (adminOrHelpdeskUser) {
+      return res.json([]);
+    }
+
     const logMessage =
       `User with email '${mail}' attempted to fetch ${rebateYear} CRF ` +
       `submissions from Formio without any SAM.gov combo keys.`;
@@ -2002,7 +2021,13 @@ function fetchChangeRequests({ rebateYear, req, res }) {
   const { bapComboKeys } = req;
   const { mail } = req.user;
 
-  if (bapComboKeys.length === 0) {
+  const { adminOrHelpdeskUser, noBapComboKeys } = checkUserData({ req });
+
+  if (noBapComboKeys) {
+    if (adminOrHelpdeskUser) {
+      return res.json([]);
+    }
+
     const logMessage =
       `User with email '${mail}' attempted to fetch ${rebateYear} Change ` +
       `Request form submissions from Formio without any SAM.gov combo keys.`;