Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

prevent user with no permission from flag comment #22099

Merged
merged 5 commits into from
Jul 4, 2023
Merged

prevent user with no permission from flag comment #22099

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
190c030
prevent user with no permission from flag comment
hungvu193 Jul 3, 2023
310ca01
fix lint error
hungvu193 Jul 3, 2023
5cc07e0
fix lint
hungvu193 Jul 3, 2023
824b7b2
update canFlagReportAction params
hungvu193 Jul 4, 2023
0a05097
Merge branch 'fix-21719' of github.com:hungvu193/App into fix-21719
hungvu193 Jul 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 21 additions & 19 deletions src/libs/ReportUtils.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,24 +211,6 @@ function canEditReportAction(reportAction) {
);
}

/**
* Can only flag if:
*
* - It was written by someone else
* - It's an ADDCOMMENT that is not an attachment
*
* @param {Object} reportAction
* @returns {Boolean}
*/
function canFlagReportAction(reportAction) {
return (
!loginList.includes(reportAction.actorEmail) &&
reportAction.actionName === CONST.REPORT.ACTIONS.TYPE.ADDCOMMENT &&
!ReportActionsUtils.isDeletedAction(reportAction) &&
!ReportActionsUtils.isCreatedTaskReportAction(reportAction)
);
}

/**
* Whether the Money Request report is settled
*
Expand Down Expand Up @@ -2088,6 +2070,26 @@ function chatIncludesChronos(report) {
return report.participantAccountIDs && _.contains(report.participantAccountIDs, CONST.ACCOUNT_ID.CHRONOS);
}

/**
* Can only flag if:
*
* - It was written by someone else
* - It's an ADDCOMMENT that is not an attachment
*
* @param {Object} reportAction
* @param {number} reportID
* @returns {Boolean}
*/
function canFlagReportAction(reportAction, reportID) {
Copy link
Contributor

@allroundexperts allroundexperts Jul 4, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hungvu193 You need to supply reportID everywhere where canFlagReportAction function is being called. Please test your code thoroughly before creating PRs. Regressions like these cause a lot of trouble down the lane.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@allroundexperts my bad, I've just updated

return (
!loginList.includes(reportAction.actorEmail) &&
reportAction.actionName === CONST.REPORT.ACTIONS.TYPE.ADDCOMMENT &&
!ReportActionsUtils.isDeletedAction(reportAction) &&
!ReportActionsUtils.isCreatedTaskReportAction(reportAction) &&
isAllowedToComment(getReport(reportID))
);
}

/**
* Whether flag comment page should show
*
Expand All @@ -2098,7 +2100,7 @@ function chatIncludesChronos(report) {

function shouldShowFlagComment(reportAction, report) {
return (
canFlagReportAction(reportAction) &&
canFlagReportAction(reportAction, report.reportID) &&
!isArchivedRoom(report) &&
!chatIncludesChronos(report) &&
!isConciergeChatReport(report.reportID) &&
Expand Down