Hi @tedraykov, I would like to work on this.

You can take onto the issue. In order to add a new role, you need to add a new migration in the authorization plugin as so:
https://github.com/reactioncommerce/reaction/blob/trunk/packages/api-plugin-authorization-simple/migrations/3.js

You also have to update the migration in the following repo:
https://github.com/reactioncommerce/api-migrations/blob/trunk/migrator.config.js

@tedraykov Need some help here. I'm getting this error while starting dev server with pnpm run start:dev.
ERROR Reaction: Module "file:///home/vinit/Desktop/opensource/reaction/apps/reaction/plugins.json" needs an import assertion of type "json".
I tried const plugins = await importPluginsJSONFile("../plugins.json", { assert: { type: "json" }, }); but this doesn't seem to work.

@tedraykov Never mind, I have fixed the above error. But there seems to be a new one
Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './collectionIndex.js' is not defined by "exports" in /home/vinit/Desktop/opensource/reaction/packages/api-core/node_modules/@reactioncommerce/api-utils/package.json imported from /home/vinit/Desktop/opensource/reaction/packages/api-core/src/ReactionAPICore.js

@tedraykov Do I have to write any additional tests? I ran npm run test and it seems there were no failed tests with my changes.

You should write two additional tests. One that it works when you have the correct permissions (which might be covered by existing tests if you changed them) and one that it fails when you don't have the correct permissions

@zenweasel Okay, so if I got this right, It's for unauthenticated and authenticated with read permissions just like groups tests, right?

test("authenticated with `reaction:legacy:groups/read` permissions, gets all groups", async () => {
  await testApp.setLoggedInUser(mockAdminAccount);

  const nodes = allGroups.map(groupMongoSchemaToGraphQL);

  // Default sortBy is createdAt ascending
  nodes.sort((item1, item2) => {
    if (item1.createdAt > item2.createdAt) return 1;
    if (item1.createdAt < item2.createdAt) return -1;
    return 0;
  });

  const result = await groupsQuery({ shopId: opaqueShopId });
  expect(result).toEqual({
    groups: {
      nodes
    }
  });

  await testApp.clearLoggedInUser();
});

@tedraykov Can we confirm that this query without permissions is not used anywhere in the storefront by customer-facing code

@Vinitvh Yes that seems right. Not sure if this particular query returns a cursor or not though

I checked that. The only public access to the surcharges are trough the cart, but the cart resolvers does not use this query but rather directly fetch the data from the database.