From 190c0308314300b2fa2f3a377ba0467064353fce Mon Sep 17 00:00:00 2001
From: Hans <visaocuoitroi193@gmail.com>
Date: Mon, 3 Jul 2023 17:44:53 +0700
Subject: [PATCH 1/4] prevent user with no permission from flag comment

---
 src/libs/ReportUtils.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/libs/ReportUtils.js b/src/libs/ReportUtils.js
index 4ddbf032867c..a3c8d859aa05 100644
--- a/src/libs/ReportUtils.js
+++ b/src/libs/ReportUtils.js
@@ -20,6 +20,7 @@ import isReportMessageAttachment from './isReportMessageAttachment';
 import * as defaultWorkspaceAvatars from '../components/Icon/WorkspaceDefaultAvatars';
 import * as CurrencyUtils from './CurrencyUtils';
 import * as UserUtils from './UserUtils';
+import * as ReportUtils from './ReportUtils';
 
 let currentUserEmail;
 let currentUserAccountID;
@@ -218,14 +219,16 @@ function canEditReportAction(reportAction) {
  * - It's an ADDCOMMENT that is not an attachment
  *
  * @param {Object} reportAction
+ * @param {number} reportID
  * @returns {Boolean}
  */
-function canFlagReportAction(reportAction) {
+function canFlagReportAction(reportAction, reportID) {
     return (
         !loginList.includes(reportAction.actorEmail) &&
         reportAction.actionName === CONST.REPORT.ACTIONS.TYPE.ADDCOMMENT &&
         !ReportActionsUtils.isDeletedAction(reportAction) &&
-        !ReportActionsUtils.isCreatedTaskReportAction(reportAction)
+        !ReportActionsUtils.isCreatedTaskReportAction(reportAction) &&
+        ReportUtils.isAllowedToComment(ReportUtils.getReport(reportID))
     );
 }
 

From 310ca01ddfd7dac66797c288e0eaf0de2c7fb7c0 Mon Sep 17 00:00:00 2001
From: Hans <visaocuoitroi193@gmail.com>
Date: Mon, 3 Jul 2023 22:23:07 +0700
Subject: [PATCH 2/4] fix lint error

---
 src/libs/ReportUtils.js | 41 ++++++++++++++++++++---------------------
 1 file changed, 20 insertions(+), 21 deletions(-)

diff --git a/src/libs/ReportUtils.js b/src/libs/ReportUtils.js
index a3c8d859aa05..7e38dd80f4e6 100644
--- a/src/libs/ReportUtils.js
+++ b/src/libs/ReportUtils.js
@@ -20,7 +20,6 @@ import isReportMessageAttachment from './isReportMessageAttachment';
 import * as defaultWorkspaceAvatars from '../components/Icon/WorkspaceDefaultAvatars';
 import * as CurrencyUtils from './CurrencyUtils';
 import * as UserUtils from './UserUtils';
-import * as ReportUtils from './ReportUtils';
 
 let currentUserEmail;
 let currentUserAccountID;
@@ -212,26 +211,6 @@ function canEditReportAction(reportAction) {
     );
 }
 
-/**
- * Can only flag if:
- *
- * - It was written by someone else
- * - It's an ADDCOMMENT that is not an attachment
- *
- * @param {Object} reportAction
- * @param {number} reportID
- * @returns {Boolean}
- */
-function canFlagReportAction(reportAction, reportID) {
-    return (
-        !loginList.includes(reportAction.actorEmail) &&
-        reportAction.actionName === CONST.REPORT.ACTIONS.TYPE.ADDCOMMENT &&
-        !ReportActionsUtils.isDeletedAction(reportAction) &&
-        !ReportActionsUtils.isCreatedTaskReportAction(reportAction) &&
-        ReportUtils.isAllowedToComment(ReportUtils.getReport(reportID))
-    );
-}
-
 /**
  * Whether the Money Request report is settled
  *
@@ -2359,6 +2338,26 @@ function getOriginalReportID(reportID, reportAction) {
     return isThreadFirstChat(reportAction, reportID) ? lodashGet(allReports, [`${ONYXKEYS.COLLECTION.REPORT}${reportID}`, 'parentReportID']) : reportID;
 }
 
+/**
+ * Can only flag if:
+ *
+ * - It was written by someone else
+ * - It's an ADDCOMMENT that is not an attachment
+ *
+ * @param {Object} reportAction
+ * @param {number} reportID
+ * @returns {Boolean}
+ */
+function canFlagReportAction(reportAction, reportID) {
+    return (
+        !loginList.includes(reportAction.actorEmail) &&
+        reportAction.actionName === CONST.REPORT.ACTIONS.TYPE.ADDCOMMENT &&
+        !ReportActionsUtils.isDeletedAction(reportAction) &&
+        !ReportActionsUtils.isCreatedTaskReportAction(reportAction) &&
+        isAllowedToComment(getReport(reportID))
+    );
+}
+
 export {
     getReportParticipantsTitle,
     isReportMessageAttachment,

From 5cc07e007396b41d63f5b7703213a78fd929fa1d Mon Sep 17 00:00:00 2001
From: Hans <visaocuoitroi193@gmail.com>
Date: Mon, 3 Jul 2023 22:33:58 +0700
Subject: [PATCH 3/4] fix lint

---
 src/libs/ReportUtils.js | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/libs/ReportUtils.js b/src/libs/ReportUtils.js
index 7e38dd80f4e6..2c3998e23b34 100644
--- a/src/libs/ReportUtils.js
+++ b/src/libs/ReportUtils.js
@@ -2070,6 +2070,26 @@ function chatIncludesChronos(report) {
     return report.participantAccountIDs && _.contains(report.participantAccountIDs, CONST.ACCOUNT_ID.CHRONOS);
 }
 
+/**
+ * Can only flag if:
+ *
+ * - It was written by someone else
+ * - It's an ADDCOMMENT that is not an attachment
+ *
+ * @param {Object} reportAction
+ * @param {number} reportID
+ * @returns {Boolean}
+ */
+function canFlagReportAction(reportAction, reportID) {
+    return (
+        !loginList.includes(reportAction.actorEmail) &&
+        reportAction.actionName === CONST.REPORT.ACTIONS.TYPE.ADDCOMMENT &&
+        !ReportActionsUtils.isDeletedAction(reportAction) &&
+        !ReportActionsUtils.isCreatedTaskReportAction(reportAction) &&
+        isAllowedToComment(getReport(reportID))
+    );
+}
+
 /**
  * Whether flag comment page should show
  *
@@ -2338,26 +2358,6 @@ function getOriginalReportID(reportID, reportAction) {
     return isThreadFirstChat(reportAction, reportID) ? lodashGet(allReports, [`${ONYXKEYS.COLLECTION.REPORT}${reportID}`, 'parentReportID']) : reportID;
 }
 
-/**
- * Can only flag if:
- *
- * - It was written by someone else
- * - It's an ADDCOMMENT that is not an attachment
- *
- * @param {Object} reportAction
- * @param {number} reportID
- * @returns {Boolean}
- */
-function canFlagReportAction(reportAction, reportID) {
-    return (
-        !loginList.includes(reportAction.actorEmail) &&
-        reportAction.actionName === CONST.REPORT.ACTIONS.TYPE.ADDCOMMENT &&
-        !ReportActionsUtils.isDeletedAction(reportAction) &&
-        !ReportActionsUtils.isCreatedTaskReportAction(reportAction) &&
-        isAllowedToComment(getReport(reportID))
-    );
-}
-
 export {
     getReportParticipantsTitle,
     isReportMessageAttachment,

From 824b7b25b817a4ccb2c3145b62d19c4a81e3c0da Mon Sep 17 00:00:00 2001
From: Hans <visaocuoitroi193@gmail.com>
Date: Tue, 4 Jul 2023 17:49:24 +0700
Subject: [PATCH 4/4] update canFlagReportAction params

---
 src/libs/ReportUtils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libs/ReportUtils.js b/src/libs/ReportUtils.js
index a3c8d859aa05..1f19ba16483f 100644
--- a/src/libs/ReportUtils.js
+++ b/src/libs/ReportUtils.js
@@ -2101,7 +2101,7 @@ function chatIncludesChronos(report) {
 
 function shouldShowFlagComment(reportAction, report) {
     return (
-        canFlagReportAction(reportAction) &&
+        canFlagReportAction(reportAction, report.reportID) &&
         !isArchivedRoom(report) &&
         !chatIncludesChronos(report) &&
         !isConciergeChatReport(report.reportID) &&