Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[HOLD for payment 2024-06-03] [$250] Workspace - Admin can access member details side bar after member leaves workspace #40416

Closed
1 of 6 tasks
izarutskaya opened this issue Apr 18, 2024 · 35 comments
Assignees
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Bug Something is broken. Auto assigns a BugZero manager. Daily KSv2 Engineering External Added to denote the issue can be worked on by a contributor

Comments

@izarutskaya
Copy link

izarutskaya commented Apr 18, 2024

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!


Version Number: 1.4.63-0
Reproducible in staging?: Y
Reproducible in production?: No, new feature
Logs: https://stackoverflow.com/c/expensify/questions/4856
Issue reported by: Applause-Internal team

Action Performed:

  1. Navigate to staging.new.expensify.com
  2. Invite user B to a workspace
  3. Open the side bar for the invited member on the admin side
  4. As the member leave the workspace
  5. Refresh the page for both the member and the admin

Expected Result:

The side bar for the member should not be accessible after member leaves a workspace

Actual Result:

The side bar for the member remains open on the admin side after member leaves the workspace

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

  • Android: Native
  • Android: mWeb Chrome
  • iOS: Native
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
  • MacOS: Desktop

Screenshots/Videos

Bug6453311_1713426320100.bandicam_2024-04-18_10-41-05-637.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit
  • Upwork Job URL: https://www.upwork.com/jobs/~014967949b89818bfd
  • Upwork Job ID: 1781436162713444352
  • Last Price Increase: 2024-04-26
  • Automatic offers:
    • alitoshmatov | Reviewer | 0
    • tienifr | Contributor | 0
Issue OwnerCurrent Issue Owner: @laurenreidexpensify
@izarutskaya izarutskaya added DeployBlockerCash This issue or pull request should block deployment Daily KSv2 Bug Something is broken. Auto assigns a BugZero manager. labels Apr 18, 2024
Copy link

melvin-bot bot commented Apr 18, 2024

Triggered auto assignment to @madmax330 (DeployBlockerCash), see https://stackoverflowteams.com/c/expensify/questions/9980/ for more details.

Copy link

melvin-bot bot commented Apr 18, 2024

Triggered auto assignment to @laurenreidexpensify (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

@github-actions github-actions bot added Engineering Hourly KSv2 and removed Daily KSv2 labels Apr 18, 2024
Copy link
Contributor

👋 Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open `StagingDeployCash` deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:

  1. Identify the pull request that introduced this issue and revert it.
  2. Find someone who can quickly fix the issue.
  3. Fix the issue yourself.

@izarutskaya
Copy link
Author

@laurenreidexpensify I haven't added the External label as I wasn't 100% sure about this issue. Please take a look and add the label if you agree it's a bug and can be handled by external contributors.

@izarutskaya
Copy link
Author

We think this issue might be related to the #collect project.

@izarutskaya
Copy link
Author

Production

bandicam.2024-04-18.12-56-59-071.mp4

@Nodebrute
Copy link
Contributor

Proposal

Please re-state the problem that we are trying to solve in this issue.

Admin can access member details side bar after member leaves workspace

What is the root cause of that problem?

We don't have any logic to handle cases like these.

What changes do you think we should make in order to solve the problem?

We can pass accountID or MemberLogin and then use it in below comment to show NotFoundPage. Then we can check if the user is still the member of policy. If not then we can show the not found page

<AdminPolicyAccessOrNotFoundWrapper policyID={policyID}>

const shouldShowNotFoundPage = isEmptyObject(props.policy) || !props.policy?.id || !PolicyUtils.isPolicyAdmin(props.policy);

What alternative solutions did you explore? (Optional)

@allgandalf
Copy link
Contributor

Proposal

Please re-state the problem that we are trying to solve in this issue.

We show member details even when we the admin deletes the workspace.

What is the root cause of that problem?

This is surprising but in Workspace members details page we never have a check to see is we should show the content or block it in case the user haspendingAction is delete or is the employee has left the workspace or removed. This causes us to show the details of the deleted member when they have pendingAction of delete.

What changes do you think we should make in order to solve the problem?

We need to make use of FullPageNotFoundView here to not show the contents if the member state is pending for delete action.

We need to wrap ScreenWrapper with FullPageNotFoundView over here.

Then we need to pass shouldShow prop to FullPageNotFoundView component, we can set the value of shouldShow by checking if the current selected user exists or the state is in pending action is delete:

const shouldShowNotFoundPage = !member || member.pendingAction === CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE;

And later pass it like:

<FullPageNotFoundView
                    shouldShow={shouldShowNotFoundPage}
                >

Result

Screen.Recording.2024-04-19.at.2.49.27.AM.mov

@thienlnam thienlnam added Daily KSv2 and removed DeployBlockerCash This issue or pull request should block deployment Hourly KSv2 labels Apr 19, 2024
@thienlnam
Copy link
Contributor

Doesn't look like it needs to be a blocker - I'm making it external though

@thienlnam thienlnam added the External Added to denote the issue can be worked on by a contributor label Apr 19, 2024
@melvin-bot melvin-bot bot changed the title Workspace - Admin can access member details side bar after member leaves workspace [$250] Workspace - Admin can access member details side bar after member leaves workspace Apr 19, 2024
Copy link

melvin-bot bot commented Apr 19, 2024

Job added to Upwork: https://www.upwork.com/jobs/~014967949b89818bfd

@melvin-bot melvin-bot bot added the Help Wanted Apply this label when an issue is open to proposals by contributors label Apr 19, 2024
Copy link

melvin-bot bot commented Apr 19, 2024

Triggered auto assignment to Contributor-plus team member for initial proposal review - @alitoshmatov (External)

@saifelance
Copy link

Proposal

Please re-state the problem that we are trying to solve in this issue.

We show member details even when we the admin deletes the workspace.

What is the root cause of that problem?

This is surprising but in Workspace members details page we never have a check to see is we should show the content or block it in case the user haspendingAction is delete or is the employee has left the workspace or removed. This causes us to show the details of the deleted member when they have pendingAction of delete.

What changes do you think we should make in order to solve the problem?

We need to make use of FullPageNotFoundView here to not show the contents if the member state is pending for delete action.

We need to wrap ScreenWrapper with FullPageNotFoundView over here.

Then we need to pass shouldShow prop to FullPageNotFoundView component, we can set the value of shouldShow by checking if the current selected user exists or the state is in pending action is delete:

const shouldShowNotFoundPage = !member || member.pendingAction === CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE;

And later pass it like:

<FullPageNotFoundView
                    shouldShow={shouldShowNotFoundPage}
                >

Result

Screen.Recording.2024-04-19.at.2.49.27.AM.mov

Implement a check to determine whether the content should be shown or blocked based on the pendingAction status of the member. You can set a boolean variable shouldShowNotFoundPage to true if the member doesn't exist or if their pendingAction is "delete."

const shouldShowNotFoundPage = !member || member.pendingAction === CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE;

Wrap the ScreenWrapper component with the FullPageNotFoundView component, passing the shouldShow prop to it.

<FullPageNotFoundView shouldShow={shouldShowNotFoundPage}>
  <ScreenWrapper>
    {/* Content to be rendered if the member is not pending deletion */}
  </ScreenWrapper>
</FullPageNotFoundView>

@tienifr
Copy link
Contributor

tienifr commented Apr 20, 2024

Proposal

Please re-state the problem that we are trying to solve in this issue.

The side bar for the member remains open on the admin side after member leaves the workspace

What is the root cause of that problem?

We never have the logic to disallow accessing member details side bar when member leaves workspace, or even when the "account" is never a member of the workspace at all. As long as the account id and the policy id in the route is correct, we're showing the screen.

What changes do you think we should make in order to solve the problem?

  1. We need to show the not found page if the member here is empty, or it's pending delete. So we can add here
const prevMember = usePrevious(member);

    const shouldShowNotFoundPage = !member || (member.pendingAction === CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE && prevMember?.pendingAction === CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE);

You might notice the prevMember check, why do we need to add that? It's the similar case to here. If we don't check that prevMember.pendingAction === CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE too, we'll have a regression where, for an existing member after selecting Remove from workspace in the member details page and confirming, it will show not found page briefly while the modal is closing. We had that same problem for workspace deletion and used the same approach to fix it.

So, if both member and prevMember are pending deletion, that means the user tries to access the member details page when the member is pending deletion. Meanwhile if member is pending deletion but prevMember is not, that means the user just deleted the workspace and we should not show not found page in this case.

  1. Then we need to use that to show not found page when shouldShowNotFoundPage is true, by adding here
<FullPageNotFoundView shouldShow={shouldShowNotFoundPage}>
  1. Now we have a small edge case where if the user opens workspace member details page in 2 tabs, and delete the member from 1 tab, the member page modal in the other tab will not be dismissed (and only becomes NotFoundPage after back-end API returns)

If we'd like to polish this too, we can again do the same as what we already do for the workspace initial page (see here):

  • Do not goBack here
  • When the member changes from "not pending delete" to "pending delete", that means the user just deleted the member details page, so we can do goBack now
useEffect(() => {
    if (!prevMember || prevMember?.pendingAction === CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE || member?.pendingAction !== CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE) {
        return;
    }
    Navigation.goBack();
}, [member, prevMember]);

This will make sure the other member details tab will be dismissed too when we remove the member in one tab.

What alternative solutions did you explore? (Optional)

NA

@melvin-bot melvin-bot bot added the Overdue label Apr 22, 2024
@melvin-bot melvin-bot bot removed the Help Wanted Apply this label when an issue is open to proposals by contributors label Apr 29, 2024
Copy link

melvin-bot bot commented Apr 29, 2024

📣 @alitoshmatov 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job

Copy link

melvin-bot bot commented Apr 29, 2024

📣 @tienifr 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

@laurenreidexpensify
Copy link
Contributor

@tienifr is there a draft PR up yet? Thanks

@melvin-bot melvin-bot bot added the Overdue label May 1, 2024
@tienifr
Copy link
Contributor

tienifr commented May 1, 2024

I'm back from the holiday, I'll create the PR in a few hours

@madmax330
Copy link
Contributor

Not overdue, waiting on the PR

Copy link

melvin-bot bot commented May 2, 2024

@madmax330 @alitoshmatov @laurenreidexpensify @tienifr this issue was created 2 weeks ago. Are we close to approving a proposal? If not, what's blocking us from getting this issue assigned? Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks!

@melvin-bot melvin-bot bot added Reviewing Has a PR in review Weekly KSv2 and removed Daily KSv2 labels May 4, 2024
@trjExpensify
Copy link
Contributor

👋 Looks like the PR linked to this issue might have caused a regression here: #42555

@melvin-bot melvin-bot bot added Weekly KSv2 Awaiting Payment Auto-added when associated PR is deployed to production and removed Weekly KSv2 labels May 27, 2024
@melvin-bot melvin-bot bot changed the title [$250] Workspace - Admin can access member details side bar after member leaves workspace [HOLD for payment 2024-06-03] [$250] Workspace - Admin can access member details side bar after member leaves workspace May 27, 2024
Copy link

melvin-bot bot commented May 27, 2024

Reviewing label has been removed, please complete the "BugZero Checklist".

@melvin-bot melvin-bot bot removed the Reviewing Has a PR in review label May 27, 2024
Copy link

melvin-bot bot commented May 27, 2024

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.75-1 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

If no regressions arise, payment will be issued on 2024-06-03. 🎊

For reference, here are some details about the assignees on this issue:

Copy link

melvin-bot bot commented May 27, 2024

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

  • [@alitoshmatov] The PR that introduced the bug has been identified. Link to the PR:
  • [@alitoshmatov] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
  • [@alitoshmatov] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
  • [@alitoshmatov] Determine if we should create a regression test for this bug.
  • [@alitoshmatov] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
  • [@laurenreidexpensify] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

@melvin-bot melvin-bot bot added Daily KSv2 and removed Weekly KSv2 labels Jun 2, 2024
@alitoshmatov
Copy link
Contributor

  • The PR that introduced the bug has been identified. Link to the PR: #35715 workspace member details page #37715
  • The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment: https://github.com/Expensify/App/pull/37715/files#r1623639171
  • A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion: No need
  • Determine if we should create a regression test for this bug. No need

@laurenreidexpensify
Copy link
Contributor

Payment Summary:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Bug Something is broken. Auto assigns a BugZero manager. Daily KSv2 Engineering External Added to denote the issue can be worked on by a contributor
Projects
No open projects
Archived in project
Development

No branches or pull requests

10 participants