-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[$500] Scan - Workspace admin is unable to replace receipt for expense created by employee #29829
Comments
Triggered auto assignment to @bfitzexpensify ( |
Job added to Upwork: https://www.upwork.com/jobs/~015ffebdb6212649cd |
Bug0 Triage Checklist (Main S/O)
|
Triggered auto assignment to Contributor-plus team member for initial proposal review - @abdulrahuman5196 ( |
This seems like a backend issue. The frontend allows you to try to replace it but the backend returns the following response:
|
I agree with @graylewis, the user is exposed to edit reciept page which calls IOU.replaceReceipt only if it's either the request owner or an admin so it shouldn't return Unauthorized, perhaps when the backend side was done it was expected that some extra parameter would be provided or it was not considered that it could be an admin replacing the receipt. |
Triggered auto assignment to @pecanoro ( |
@pecanoro can you help confirm that this is a back-end issue? |
Let me check in Slack if admins should be able to replace the receipts. |
We decided that it makes no sense to let the admin replace the receipt so we need to block that in the front end! |
@pecanoro Then we should probably remove the option all together for anyone except the account that uploaded the receipt right? |
Yes, that sounds good! |
@bfitzexpensify Should a feauture request be created or how should this be done? |
This is still a bug since there is a reason why the back-end does not allow it and it is because the front-end shouldn't either. |
In that case: ProposalPlease re-state the problem that we are trying to solve in this issue.The frontend displays an option to replace the receipt for an expense created by an employee when it shouldn't What is the root cause of that problem?The
What changes do you think we should make in order to solve the problem?Since admins should only be allowed to edit a receipt request when they created it, we can simply remove
What alternative solutions did you explore? (Optional)N/A |
Will be reviewing today |
📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸 |
@abdulrahuman5196 Friendly bump! |
@pecanoro, @bfitzexpensify, @abdulrahuman5196 Uh oh! This issue is overdue by 2 days. Don't forget to update your issues! |
@graylewis For me, the receipt is only seen by me. Not seen by the admin. So admin is unable to go to receipt screen itself. Could you kindly check if the same is happening for you? Or anyone else possible to check the same? I think something in backend changed. |
@abdulrahuman5196 Is still scanning? I think it might change when it is not scanning anymore. I will check later as well. |
Nope. Even after hours not changing. Tried manually updating in which case, scanning progress was removed but still the receipt was only visible by the creator. |
@pecanoro @bfitzexpensify @abdulrahuman5196 this issue was created 2 weeks ago. Are we close to approving a proposal? If not, what's blocking us from getting this issue assigned? Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks! |
📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸 |
@abdulrahuman5196 Hmm if it says only visible to you it means it's stuck scanning or something. If you sign out, still same problem? |
Let me check again |
ProposalPlease re-state the problem that we are trying to solve in this issue.
What is the root cause of that problem?
What changes do you think we should make in order to solve the problem?
1. Firstly, hide
function canEditFieldOfMoneyRequest(reportAction, reportID, fieldToEdit) {
...
+ const nonEditableFieldsWhenIsAdmin = [CONST.EDIT_REQUEST_FIELD.RECEIPT];
+ const isRequestor = currentUserAccountID === reportAction.actorAccountID;
+ if (isAdmin && !isRequestor && nonEditableFieldsWhenIsAdmin.includes(fieldToEdit)) {
+ return false;
}
....
2. Secondly, we need to handle the case that opening app by deeplink. When user is admin, try accessing the route like
What alternative solutions did you explore? (Optional)
|
Checking now with the fake bill |
Now I am able use the fake bill. REviewing the proposals |
@DylanDylann 's proposal here #29829 (comment) looks good and works well. 🎀 👀 🎀 cc: @pecanoro |
@pecanoro @bfitzexpensify @abdulrahuman5196 this issue is now 3 weeks old. There is one more week left before this issue breaks WAQ and will need to go internal. What needs to happen to get a PR in review this week? Please create a thread in #expensify-open-source to discuss. Thanks! |
@abdulrahuman5196 Thank you for double-checking! Assigning @DylanDylann to the issue! |
📣 @abdulrahuman5196 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app! |
📣 @DylanDylann 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app! Offer link |
@abdulrahuman5196 PR #31024 is ready for review |
Not a regression. New expectation was set with the PR.
Yes.
@bfitzexpensify Seems melvin didn't auto update this issue. The payment date is today - #31024 (comment) |
Sorry for the delay, only seeing that comment now, looks like melvin did miss this one. Payments complete, and regression steps proposed in https://github.com/Expensify/Expensify/issues/342297. Closing this one out. |
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Version Number: 1.3.85-2
Reproducible in staging?: Yes
Reproducible in production?: Yes
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: Applause - Internal Team
Slack conversation:
Action Performed:
Note that admin can edit all the fields except receipt
Expected Result:
The admin can edit all the fields in the workspace expense created by employee
Actual Result:
The admin can edit all the fields in the workspace expense created by employee, except receipt. Replacing the receipt reverts it to the original receipt uploaded by the employee
Workaround:
Unknown
Platforms:
Which of our officially supported platforms is this issue occurring on?
Screenshots/Videos
Android: Native
Android: mWeb Chrome
iOS: Native
iOS: mWeb Safari
MacOS: Chrome / Safari
Bug6240990_1697572063677.20231018_003035.mp4
MacOS: Desktop
View all open jobs on GitHub
Upwork Automation - Do Not Edit
The text was updated successfully, but these errors were encountered: