-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[$500] Request Money - The user is able to request money from the Concierge by changing chat ID #28332
Comments
ProposalPlease re-state the problem that we are trying to solve in this issue.Can request money from Concierge by changing report id in link What is the root cause of that problem?We are not checking if the participant account ID(s) is a valid account ID for requesting money in What changes do you think we should make in order to solve the problem?We should check if there are any participant account IDs that are invalid for requesting money. For Concierge we can make these changes. const containsInvalidParticipant = props.report?.participantAccountIDs?.includes(CONST.ACCOUNT_ID.CONCIERGE); <FullPageNotFoundView shouldShow={!IOUUtils.isValidMoneyRequestType(iouType) || containsInvalidParticipant}> We can check for other invalid participants as well in this by using something like this const containsInvalidParticipant = props.report?.participantAccountIDs?.some(participantAccountID => (CONST.EXPENSIFY_ACCOUNT_IDS.includes(participantAccountID))); but I think from some of the Expensify ids money can be requested. We can make an array of ids that cannot be participants for money requests and use it in place of What alternative solutions did you explore? (Optional) |
ProposalPlease re-state the problem that we are trying to solve in this issue.User is able to request money from Concierge What is the root cause of that problem?There is no handling to display not found page for this case when opening by link App/src/pages/iou/MoneyRequestSelectorPage.js Line 101 in 31bb197
What changes do you think we should make in order to solve the problem?We need to add condition What alternative solutions did you explore? (Optional)N/A |
Job added to Upwork: https://www.upwork.com/jobs/~01e314f8f81116a44a |
Triggered auto assignment to @adelekennedy ( |
Bug0 Triage Checklist (Main S/O)
|
Triggered auto assignment to Contributor-plus team member for initial proposal review - @aimane-chnaif ( |
This will be fixed here #26149. |
@aimane-chnaif from the comment above I think we should close this then! |
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Action Performed:
Expected Result:
The user shouldn't be able to request money from the Concierge
Actual Result:
The user is able to request money from the Concierge by changing chat ID
Workaround:
Unknown
Platforms:
Which of our officially supported platforms is this issue occurring on?
Version Number: 1.3.74.2
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation
request-concierge.1.webm
Screenrecorder-2023-09-26-22-37-44-384.1.mp4
RPReplay_Final1695833886.MP4
Recording.4777.mp4
Expensify/Expensify Issue URL:
Issue reported by: @hichamcc
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1695722715634289
View all open jobs on GitHub
Upwork Automation - Do Not Edit
The text was updated successfully, but these errors were encountered: