-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Block report submission when strict policy rules are enabled with violations #72663
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
181f464
0c58450
d96f09c
590e322
3a0dee3
da37814
7f8d6bd
27f2d91
3b56f69
ceaa89d
902ba2a
cad8617
b3db34c
d48987b
6f38615
43de8dd
6d940f9
0a9ec6c
a3ea30f
77e0e14
197d9c7
12fb7e4
09efc42
0ada7a8
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| import {Str} from 'expensify-common'; | ||
| import ONYXKEYS from '@src/ONYXKEYS'; | ||
| import useOnyx from './useOnyx'; | ||
|
|
||
| type UseStrictPolicyRulesResult = { | ||
| /** Whether the user's domain has strict policy rules enabled (strictly enforce workspace rules) */ | ||
| areStrictPolicyRulesEnabled: boolean; | ||
| }; | ||
|
|
||
| /** | ||
| * Hook to check if strict policy rules are enabled for the user's domain security group. | ||
| * When enabled, users cannot submit reports that have policy violations. | ||
| */ | ||
| function useStrictPolicyRules(): UseStrictPolicyRulesResult { | ||
|
mountiny marked this conversation as resolved.
|
||
| const [myDomainSecurityGroups] = useOnyx(ONYXKEYS.MY_DOMAIN_SECURITY_GROUPS, {canBeMissing: true}); | ||
| const [securityGroups] = useOnyx(ONYXKEYS.COLLECTION.SECURITY_GROUP, {canBeMissing: true}); | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wonder how we could incorporate the selector for the groupID here already since it's dependent on the other useOnyx @TMisiukiewicz |
||
| const [session] = useOnyx(ONYXKEYS.SESSION, {canBeMissing: true}); | ||
|
|
||
| // Get the user's domain from their email | ||
| const userDomain = session?.email ? Str.extractEmailDomain(session.email) : undefined; | ||
|
|
||
| // Get the security group ID for the user's domain | ||
| const securityGroupID = userDomain && myDomainSecurityGroups?.[userDomain]; | ||
|
mountiny marked this conversation as resolved.
|
||
|
|
||
| // Get the security group details | ||
| const securityGroupKey = `${ONYXKEYS.COLLECTION.SECURITY_GROUP}${securityGroupID}`; | ||
| const securityGroup = securityGroupID ? securityGroups?.[securityGroupKey] : null; | ||
|
|
||
| // Check if strict policy rules are enabled | ||
| const areStrictPolicyRulesEnabled = securityGroup?.enableStrictPolicyRules === true; | ||
|
|
||
| return { | ||
| areStrictPolicyRulesEnabled, | ||
| }; | ||
| } | ||
|
|
||
| export default useStrictPolicyRules; | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8670,6 +8670,22 @@ function hasReportViolations(reportID: string | undefined) { | |
| return Object.values(reportViolations ?? {}).some((violations) => !isEmptyObject(violations)); | ||
| } | ||
|
|
||
| /** | ||
| * Checks if submission should be blocked due to strict policy rules being enabled and violations present. | ||
| * When a user's domain has "strictly enforce workspace rules" enabled, they cannot submit reports with violations. | ||
| */ | ||
| function shouldBlockSubmitDueToStrictPolicyRules( | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @abzokhattab Please add unit tests for this method
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
| reportID: string | undefined, | ||
| transactionViolations: OnyxCollection<TransactionViolation[]>, | ||
| areStrictPolicyRulesEnabled: boolean, | ||
| reportTransactions?: Transaction[] | SearchTransaction[], | ||
| ) { | ||
| if (!areStrictPolicyRulesEnabled) { | ||
| return false; | ||
| } | ||
| return hasAnyViolations(reportID, transactionViolations, reportTransactions as SearchTransaction[]); | ||
| } | ||
|
|
||
| type ReportErrorsAndReportActionThatRequiresAttention = { | ||
| errors: ErrorFields; | ||
| reportAction?: OnyxEntry<ReportAction>; | ||
|
|
@@ -12545,6 +12561,7 @@ export { | |
| doesReportContainRequestsFromMultipleUsers, | ||
| hasUnresolvedCardFraudAlert, | ||
| getUnresolvedCardFraudAlertAction, | ||
| shouldBlockSubmitDueToStrictPolicyRules, | ||
| }; | ||
| export type { | ||
| Ancestor, | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In #73426, we decided to only show the violation with open expense report.
More details in:
#73426 (comment)