Skip to content

[Payment due @daledah] [No QA] Report managed card transactions to employee's default policy#94768

Merged
luacmartins merged 16 commits into
Expensify:mainfrom
s77rt:policy-and-report-list-admin-submit
Jul 7, 2026
Merged

[Payment due @daledah] [No QA] Report managed card transactions to employee's default policy#94768
luacmartins merged 16 commits into
Expensify:mainfrom
s77rt:policy-and-report-list-admin-submit

Conversation

@s77rt

@s77rt s77rt commented Jun 27, 2026

Copy link
Copy Markdown
Member

Explanation of Change

Modified the usePolicyForMovingExpenses hook that we use to select the target policyID when moving expenses, if we are moving an unreported managed card transaction then it should be moved to the employee's default policy (and not ours) and since we don't know that info, we will return undefined and this will omit sending the policyID to the backend.

In the backend, when no explicit policyID is provided, it will automatically find and use the preferred policy.

Fixed Issues

#87954
PROPOSAL:

Tests

  • Requires 2 accounts (an admin and an employee) on same private domain e.g. companydomain.com
  • Employee have assigned an E-Card.
  • Admin and Employee have different default workspaces
  1. Employee: Have an unreported card expense
  2. Admin: Go to Spend > Expenses and look for the unreported expense
  3. Admin: When reporting the unreported expense verify the Create report option does not display any workspace name under it i.e. no supporting text
  4. Admin: Report the unreported expense
  5. Admin: Verify it was reported with success
  6. Employee: Verify the expense is on a new report that was created on your default workspace
Screen.Recording.2026-06-27.at.11.46.24.AM.mov
  • Verify that no errors appear in the JS console

Offline tests

n/a

QA Steps

n/a

  • Verify that no errors appear in the JS console

PR Author Checklist

  • I linked the correct issue in the ### Fixed Issues section above
  • I wrote clear testing steps that cover the changes made in this PR
    • I added steps for local testing in the Tests section
    • I added steps for the expected offline behavior in the Offline steps section
    • I added steps for Staging and/or Production testing in the QA steps section
    • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
    • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
    • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
  • I included screenshots or videos for tests on all platforms
  • I ran the tests on all platforms & verified they passed on:
    • Android: Native
    • Android: mWeb Chrome
    • iOS: Native
    • iOS: mWeb Safari
    • MacOS: Chrome / Safari
  • I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
  • I followed proper code patterns (see Reviewing the code)
    • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
    • I verified that comments were added to code that is not self explanatory
    • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
    • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
  • I followed the guidelines as stated in the Review Guidelines
  • I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
  • If any new file was added I verified that:
    • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
  • If a new CSS style is added I verified that:
    • A similar style doesn't already exist
    • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
  • If new assets were added or existing ones were modified, I verified that:
    • The assets are optimized and compressed (for SVG files, run npm run compress-svg)
    • The assets load correctly across all supported platforms.
  • If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
  • If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
  • If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
  • If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
  • If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
    • I verified that all the inputs inside a form are aligned with each other.
    • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
  • I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
  • If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.

Screenshots/Videos

Android: Native
Android: mWeb Chrome
iOS: Native
iOS: mWeb Safari
MacOS: Chrome / Safari

@codecov

codecov Bot commented Jun 27, 2026

Copy link
Copy Markdown

Codecov Report

❌ Looks like you've decreased code coverage for some files. Please write tests to increase, or at least maintain, the existing level of code coverage. See our documentation here for how to interpret this table.

Files with missing lines Coverage Δ
...firmationListFooter/hooks/useFooterDerivedFlags.ts 100.00% <100.00%> (ø)
...nents/Navigation/QuickCreationActionsBar/index.tsx 85.36% <100.00%> (-0.18%) ⬇️
...c/components/ReportActionItem/MoneyRequestView.tsx 73.83% <100.00%> (-0.07%) ⬇️
.../SearchPageHeader/SearchActionsBarCreateButton.tsx 96.05% <100.00%> (-0.06%) ⬇️
src/libs/TransactionUtils/index.ts 88.69% <100.00%> (+0.01%) ⬆️
src/libs/actions/Report/index.ts 70.02% <100.00%> (+0.02%) ⬆️
...es/iou/request/step/IOURequestEditReportCommon.tsx 79.83% <100.00%> (+0.16%) ⬆️
.../components/MoneyRequestHeaderSecondaryActions.tsx 0.51% <0.00%> (+<0.01%) ⬆️
src/pages/iou/SplitExpenseEditPage.tsx 0.00% <0.00%> (ø)
...rc/pages/iou/request/step/IOURequestStepReport.tsx 75.32% <71.42%> (+1.00%) ⬆️
... and 3 more
... and 47 files with indirect coverage changes

@s77rt
s77rt marked this pull request as ready for review June 27, 2026 10:56
@s77rt
s77rt requested review from a team as code owners June 27, 2026 10:56
@melvin-bot
melvin-bot Bot requested review from flaviadefaria and marcochavezf and removed request for a team June 27, 2026 10:56
@melvin-bot

melvin-bot Bot commented Jun 27, 2026

Copy link
Copy Markdown

@marcochavezf Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

@melvin-bot
melvin-bot Bot removed the request for review from a team June 27, 2026 10:57
@s77rt
s77rt requested review from luacmartins and removed request for marcochavezf June 27, 2026 10:57
@s77rt

s77rt commented Jun 27, 2026

Copy link
Copy Markdown
Member Author

Does this need C+ review?

Comment thread src/pages/Search/SearchTransactionsChangeReport.tsx Outdated
const policyForMovingExpenses = policyForMovingExpensesID ? allPolicies?.[`${ONYXKEYS.COLLECTION.POLICY}${policyForMovingExpensesID}`] : undefined;
const [betas] = useOnyx(ONYXKEYS.BETAS);
const [transactions] = useTransactionsByID(transactionIDs);
const hasUnreportedManagedCardTransactions = transactions.some((transaction) => isExpenseUnreported(transaction) && isManagedCardTransaction(transaction));

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ CONSISTENCY-3 (docs)

The predicate isExpenseUnreported(transaction) && isManagedCardTransaction(transaction) is duplicated here and in SearchTransactionsChangeReport.tsx and IOURequestStepReport.tsx. Consolidate this single concept into one util so it stays consistent.

Add isUnreportedManagedCardTransaction(transaction) to TransactionUtils and reuse it:

const hasUnreportedManagedCardTransactions = transactions.some(isUnreportedManagedCardTransaction);

Reviewed at: e280d03 | Please rate this suggestion with 👍 or 👎 to help us improve! Reactions are used to monitor reviewer efficiency.

Comment thread src/pages/iou/request/step/IOURequestStepReport.tsx Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e280d034aa

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread src/pages/iou/request/step/IOURequestEditReport.tsx Outdated
Comment thread src/hooks/usePolicyForMovingExpenses.ts
@luacmartins
luacmartins requested a review from daledah June 29, 2026 14:36
@daledah

daledah commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Reviewer Checklist

  • I have verified the author checklist is complete (all boxes are checked off).
  • I verified the correct issue is linked in the ### Fixed Issues section above
  • I verified testing steps are clear and they cover the changes made in this PR
    • I verified the steps for local testing are in the Tests section
    • I verified the steps for Staging and/or Production testing are in the QA steps section
    • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
    • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
  • I checked that screenshots or videos are included for tests on all platforms
  • I included screenshots or videos for tests on all platforms
  • I verified that the composer does not automatically focus or open the keyboard on mobile unless explicitly intended. This includes checking that returning the app from the background does not unexpectedly open the keyboard.
  • I verified tests pass on all platforms & I tested again on:
    • Android: HybridApp
    • Android: mWeb Chrome
    • iOS: HybridApp
    • iOS: mWeb Safari
    • MacOS: Chrome / Safari
  • If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
  • I verified proper code patterns were followed (see Reviewing the code)
    • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
    • I verified that comments were added to code that is not self explanatory
    • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
    • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
  • I verified that this PR follows the guidelines as stated in the Review Guidelines
  • I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
  • If a new component is created I verified that:
    • A similar component doesn't exist in the codebase
    • All props are defined accurately and each prop has a /** comment above it */
    • The file is named correctly
    • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
    • The only data being stored in the state is data necessary for rendering and nothing else
    • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
    • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
    • All JSX used for rendering exists in the render method
    • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
  • If any new file was added I verified that:
    • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
  • If a new CSS style is added I verified that:
    • A similar style doesn't already exist
    • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)
  • If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
  • If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
  • If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
  • If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
  • If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
    • I verified that all the inputs inside a form are aligned with each other.
    • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
  • For any bug fix or new feature in this PR, I verified that sufficient unit tests are included to prevent regressions in this flow.
  • If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
  • I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Android: HybridApp
Android: mWeb Chrome
iOS: HybridApp
iOS: mWeb Safari
MacOS: Chrome / Safari

@daledah

daledah commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Employee have assigned an E-Card.
Employee: Have an unreported card expense

The code looks good overall, and I don't see any issues. @s77rt how can I create an unreported card expense for testing?

@s77rt

s77rt commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

@daledah Not really sure, can you please ask in Slack cc @DylanDylann in case you have some link to share as you tested #76000

@luacmartins

Copy link
Copy Markdown
Contributor

@daledah can you try the following?

  1. Use staging API
  2. Workspace > More Features > Enable Company Cards
  3. Workspace > Company cards > Add Cards
  4. Select United States, Direct Feed and Mock Bank
  5. Refresh the page
  6. You should see two cards
  7. Assign the card to a workspace member, select Transaction start date > From the beginning
  8. That should assign the card and create a few transactions for that card
  9. If you need to unreport them, you can delete the report.

@daledah

daledah commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

thanks @luacmartins, i have unreported card expense for testing now.

@daledah

daledah commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@s77rt could you please resolve conflict?

and I'm having trouble with this branch, error: message: "401 Unauthorized" when i click create report button

dev.mov

On staging, I'm able to create a report, and the new report is created in the employee workspace.

staging.mov

@luacmartins

Copy link
Copy Markdown
Contributor

thanks @luacmartins, i have unreported card expense for testing now.

Nice! Glad it worked

@s77rt

s77rt commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

@daledah Thanks for testing! So when I tested this I tested it on a private domain and that worked (admin@domain.com/employee@domain.com) but now I'm seeing it does not work with a public domain (when you are an admin only at workspace level).

Not really sure how to handle this but can you test on OD too? (in OD there are two options to report unreported transaction, either by creating a new report or use the auto-report option)

@daledah

daledah commented Jul 6, 2026

Copy link
Copy Markdown
Contributor
web.mov

@s77rt I tested it on OD as well with a public domain

  • With the New Report option, an "An error has occurred" modal is displayed.
  • With the Auto Report option, we receive a "401 Unauthorized" error message.

@s77rt

s77rt commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

@daledah Thanks for testing. The Auto Report option is actually working. (Both error messages you saw were for the New Report option)

I'm checking this now...

@s77rt

s77rt commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

Okay I don't have a good solution for this yet. I can update the CreateReport API to accept another parameter managedCardID so we can resolve the correct domain to use for the authToken swapping but not sure if this is the best option. I have updated the steps to require testing on same domain accounts. (not sure if this is easy to test though)

@luacmartins Do you think we can proceed here and handle the case where admin/employee are on different domains? That case is broken on OD too

@luacmartins

Copy link
Copy Markdown
Contributor

I think we can proceed if both conditions below are true:

  1. The flow is also broken in OD
  2. This won't persist incorrect data in the DB

It seems like that's the case, but I just want to make sure before we continue here.

@s77rt

s77rt commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

Yeah it's the case, just wanted to get this unblocked so we can keep making progress

@luacmartins

Copy link
Copy Markdown
Contributor

Cool, in that case, let's continue with review @daledah

@daledah daledah left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aside from the known 401 issue on public domain accounts (which is also broken on OD and will be handled separately), everything LGTM.

@melvin-bot melvin-bot Bot changed the title [No QA] Report managed card transactions to employee's default policy [Payment due @daledah] [No QA] Report managed card transactions to employee's default policy Jul 7, 2026
@melvin-bot

melvin-bot Bot commented Jul 7, 2026

Copy link
Copy Markdown

🎯 @daledah, thanks for reviewing and testing this PR! 🎉

A payment issue will be created for your review once this PR is deployed to production.
E/E issue linked to the PR - no internal issue.

If payment is not needed (e.g., regression PR review fix etc), react with 👎 to this comment to prevent the payment issue from being created.

@luacmartins
luacmartins merged commit 6a0f1e5 into Expensify:main Jul 7, 2026
40 checks passed
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🚧 luacmartins has triggered a test Expensify/App build. You can view the workflow run here.

@OSBotify

OSBotify commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

@OSBotify

OSBotify commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🚀 Deployed to staging by https://github.com/luacmartins in version: 9.4.32-0 🚀

platform result
🕸 web 🕸 success ✅
🤖 android 🤖 success ✅
🍎 iOS 🍎 success ✅

@MelvinBot

Copy link
Copy Markdown
Contributor

🤖 I reviewed the changes and checked the help site articles under docs/articles.

Conclusion: No help site changes are required. The existing documentation already describes the exact behavior this PR enforces, so no draft PR was created.

This PR is a bug fix: when a Workspace Admin reports an employee's unreported managed card transaction, the code now omits the policyID so the backend routes the new report to the employee's default workspace instead of the admin's.

The article that documents this flow — Create and Submit Reports — already states the correct, post-fix behavior:

This is a case of the code catching up to already-accurate docs, not a doc-impacting behavior change. I also confirmed there is no contradicting statement elsewhere (e.g. Managing-Expenses-in-a-Report.md and the Spend page article describe the same admin-on-behalf flow consistently). The only other user-visible detail from the test steps — the Create report option no longer showing workspace supporting text for these transactions — is UI-level polish that the help articles do not document.

Since no articles needed updating, there is no linked help site PR to review, label (HelpDot), or assign.

s77rt — if you believe a specific article should call out this employee-default-workspace behavior more explicitly (rather than it just being implicitly correct), let me know which article and I'll draft the update.

@OSBotify

Copy link
Copy Markdown
Contributor

🚀 Deployed to production by https://github.com/grgia in version: 9.4.32-3 🚀

platform result
🕸 web 🕸 success ✅
🤖 android 🤖 success ✅
🍎 iOS 🍎 success ✅

Bundle Size Analysis (Sentry):

@melvin-bot

melvin-bot Bot commented Jul 10, 2026

Copy link
Copy Markdown

🤖 Payment issue created: #95816

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants