feat: FORMS-943 Adding file upload component on public form

[revanth-banala]

Description

The “File Upload” component is limited to authenticated users. For example, if you create a form that has “Form Access” set to “Public”, then the “File Upload” component is not available when building the form. Probably likewise for BCeID users.

However, you can set the “Form Access” to “IDIR”, create the form and save it, and then set the “Form Access” to “Public”. This is failing and producing 403 errors on the POST because filePermissions.hasFileCreate checks that it’s an IDIR user.

NOTE: some users may be relying on this behaviour. They might want to have a “Staff Only” section of a public form, and it contains components that are only visible to staff after the form is submitted by the public (such as attaching related files to the submission).

This change allows users to:

Create public (anonymous) forms and IDIR upload forms.
Use the file upload component directly on public forms, eliminating the need for workarounds (e.g., switching access levels).

Type of Change

feat (a new feature)

Checklist

• I have read the CONTRIBUTING doc
• I have checked that unit tests pass locally with my changes
• I have run the npm script lint on the frontend and backend
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)
• I have approval from the product owner for the contribution in this pull request

Further comments

Have modified the few tests in filepermissions.spec.js file as we are allowing both public and idir users
Modified hasFileCreate middleware to check form settings instead of user types
Verified uploads work in both IDIR-authenticated and public forms

[sonarqubecloud]

Quality Gate failed

Failed conditions
4.7% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud