Skip to content

[CORRUPTED] Synthetic Benchmark PR #76153 - Revert "Merge pull request #73676 from mkzie2/mkzie2-issue/70286"#20

Open
tomerqodo wants to merge 3 commits into
base_pr_76153_20251204_3815from
corrupted_pr_76153_20251204_3815
Open

[CORRUPTED] Synthetic Benchmark PR #76153 - Revert "Merge pull request #73676 from mkzie2/mkzie2-issue/70286"#20
tomerqodo wants to merge 3 commits into
base_pr_76153_20251204_3815from
corrupted_pr_76153_20251204_3815

Conversation

@tomerqodo

@tomerqodo tomerqodo commented Dec 4, 2025

Copy link
Copy Markdown

User description

Benchmark PR Expensify#76153

Type: Corrupted (contains bugs)

Original PR Title: Revert "Merge pull request Expensify#73676 from mkzie2/mkzie2-issue/70286"
Original PR Description: ### Explanation of Change

Reverts Expensify#73676

Fixed Issues

$ Expensify#76086

Tests

  1. Create a control workspace
  2. Invite a member
  3. Enable workflows
  4. Set the member as the approver
  5. Remove the member
  6. Verify the default approval flow is still visible and the admin is set as the approver

Offline tests

None

QA Steps

Same as Tests

PR Author Checklist

  • I linked the correct issue in the ### Fixed Issues section above
  • I wrote clear testing steps that cover the changes made in this PR
    • I added steps for local testing in the Tests section
    • I added steps for the expected offline behavior in the Offline steps section
    • I added steps for Staging and/or Production testing in the QA steps section
    • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
    • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
    • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
  • I included screenshots or videos for tests on all platforms
  • I ran the tests on all platforms & verified they passed on:
    • Android: Native
    • Android: mWeb Chrome
    • iOS: Native
    • iOS: mWeb Safari
    • MacOS: Chrome / Safari
  • I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
  • I verified there are no new alerts related to the canBeMissing param for useOnyx
  • I followed proper code patterns (see Reviewing the code)
    • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
    • I verified that comments were added to code that is not self explanatory
    • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
    • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
      • If any non-english text was added/modified, I used JaimeGPT to get English > Spanish translation. I then posted it in #expensify-open-source and it was approved by an internal Expensify engineer. Link to Slack message:
    • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
    • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
    • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
    • I verified the JSDocs style guidelines (in STYLE.md) were followed
  • If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
  • I followed the guidelines as stated in the Review Guidelines
  • I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
  • I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
  • I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
  • I verified that if a function's arguments changed that all usages have also been updated correctly
  • If any new file was added I verified that:
    • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
  • If a new CSS style is added I verified that:
    • A similar style doesn't already exist
    • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
  • If new assets were added or existing ones were modified, I verified that:
    • The assets are optimized and compressed (for SVG files, run npm run compress-svg)
    • The assets load correctly across all supported platforms.
  • If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
  • If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
  • If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
  • If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
  • If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
    • I verified that all the inputs inside a form are aligned with each other.
    • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
  • If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
  • I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
  • If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.

Screenshots/Videos

Screen.Recording.2025-11-26.at.11.04.50.AM.mov

Original PR URL: Expensify#76153


PR Type

Bug fix


Description

  • Revert approval workflow changes that incorrectly preserved pending delete actions

  • Simplify pending action handling in workflow conversion logic

  • Remove helper functions and consolidate workflow update logic into main functions

  • Move approver removal handling from Member.ts to component level

  • Remove "Prevent Self Approvals" lock based on member count


Diagram Walkthrough

flowchart LR
  A["Member Removal"] -->|Previously| B["Update Workflows in Member.ts"]
  A -->|Now| C["Call removeMembers"]
  C --> D["Component Level"]
  D --> E["Check if Approver"]
  E -->|Yes| F["Update/Remove Workflows"]
  E -->|No| G["Complete"]
  F --> G
  H["Workflow Functions"] -->|Previously| I["Return OnyxData"]
  H -->|Now| J["Execute API Directly"]
Loading

File Walkthrough

Relevant files
Bug fix
WorkflowUtils.ts
Simplify pending action handling in workflow conversion   

src/libs/WorkflowUtils.ts

  • Removed logic that preserved DELETE pending actions for approvers and
    members
  • Simplified pendingAction assignment to always use the current pending
    action value
  • Removed conditional checks for previousPendingAction ===
    CONST.RED_BRICK_ROAD_PENDING_ACTION.DELETE
+4/-8     
Member.ts
Remove workflow handling from member removal function       

src/libs/actions/Policy/Member.ts

  • Removed approvalWorkflows and allPersonalDetails parameters from
    removeMembers function signature
  • Removed approval workflow update logic from member removal function
  • Removed "Prevent Self Approvals" auto-disable logic when only one
    employee remains
  • Removed imports for workflow-related functions and types
  • Simplified function to focus only on member removal from policy
+29/-93 
ExpenseReportRulesSection.tsx
Remove member count lock from prevent self approvals         

src/pages/workspace/rules/ExpenseReportRulesSection.tsx

  • Removed calculation of membersCount and shouldLockPreventSelfApprovals
  • Changed "Prevent Self Approvals" toggle to always be enabled (not
    locked by member count)
  • Updated subtitle and lock icon logic to only depend on
    workflowApprovalsUnavailable
  • Set disabled property to false instead of
    shouldLockPreventSelfApprovals
+4/-6     
Refactoring
Policy.ts
Consolidate prevent self approval into single function     

src/libs/actions/Policy/Policy.ts

  • Renamed getSetPolicyPreventSelfApprovalOnyxData to
    setPolicyPreventSelfApproval and made it a direct API call
  • Removed return of OnyxData object; function now executes API write
    directly
  • Removed early return of empty object when value hasn't changed
  • Removed export of getSetPolicyPreventSelfApprovalOnyxData helper
    function
+7/-22   
Workflow.ts
Consolidate workflow functions into direct API calls         

src/libs/actions/Workflow.ts

  • Renamed getUpdateApprovalWorkflowOnyxData to updateApprovalWorkflow
    and made it execute API call directly
  • Renamed getRemoveApprovalWorkflowOnyxData to removeApprovalWorkflow
    and made it execute API call directly
  • Removed separate helper functions that returned OnyxData objects
  • Removed OnyxData type import
  • Removed exports of helper functions
+5/-48   
Tests
PolicyMemberTest.ts
Update tests for simplified removeMembers signature           

tests/actions/PolicyMemberTest.ts

  • Updated test calls to removeMembers to remove approvalWorkflows and
    allPersonalDetails parameters
  • Simplified personal details setup in test cases
  • Removed type casting for personal details
+6/-14   
Enhancement
WorkspaceMembersPage.tsx
Move workflow updates to component level                                 

src/pages/workspace/WorkspaceMembersPage.tsx

  • Added imports for removeApprovalWorkflowAction and
    updateApprovalWorkflow
  • Added import for updateWorkflowDataOnApproverRemoval utility
  • Moved approver removal workflow handling into removeUsers function
  • Added logic to check if removed members are approvers and update
    workflows accordingly
  • Updated removeMembers call to remove workflow-related parameters
+32/-3   
WorkspaceMemberDetailsPage.tsx
Move workflow and self-approval handling to component       

src/pages/workspace/members/WorkspaceMemberDetailsPage.tsx

  • Added imports for setPolicyPreventSelfApproval and workflow action
    functions
  • Added import for updateWorkflowDataOnApproverRemoval utility
  • Moved "Prevent Self Approvals" disable logic into
    removeMemberAndCloseModal callback
  • Added removeUser callback to handle approver removal and workflow
    updates
  • Updated confirm modal to call removeUser instead of
    removeMemberAndCloseModal
  • Updated removeMembers call to remove workflow-related parameters
+43/-4   

@qodo-code-review

Copy link
Copy Markdown

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🔴
Weak approval control

Description: The "Prevent Self Approvals" control is no longer locked when only one member remains,
allowing a single user to enable self-approval and approve their own expenses, which
weakens approval integrity and can be abused to bypass required separation of duties.
ExpenseReportRulesSection.tsx [32-49]

Referred Code
        return translate('workspace.rules.expenseReportRules.unlockFeatureEnableWorkflowsSubtitle', {featureName, moreFeaturesLink});
    }
    return translate('workspace.rules.expenseReportRules.enableFeatureSubtitle', {featureName, moreFeaturesLink});
};

const optionItems = [
    {
        title: translate('workspace.rules.expenseReportRules.preventSelfApprovalsTitle'),
        subtitle: workflowApprovalsUnavailable
            ? renderFallbackSubtitle({featureName: translate('common.approvals').toLowerCase()})
            : translate('workspace.rules.expenseReportRules.preventSelfApprovalsSubtitle'),
        shouldParseSubtitle: workflowApprovalsUnavailable,
        switchAccessibilityLabel: translate('workspace.rules.expenseReportRules.preventSelfApprovalsTitle'),
        isActive: policy?.preventSelfApproval,
        disabled: false,
        showLockIcon: workflowApprovalsUnavailable,
        pendingAction: policy?.pendingFields?.preventSelfApproval,
        onToggle: (isEnabled: boolean) => setPolicyPreventSelfApproval(policyID, isEnabled),
Missing safeguard

Description: The automatic safeguard that disabled "Prevent Self Approvals" when only one employee
remained was removed, increasing the risk that a sole remaining member can self-approve
expenses after removals without any compensating control.
Member.ts [642-651]

Referred Code
        });
    }

    const params: DeleteMembersFromWorkspaceParams = {
        emailList: selectedMemberEmails.join(','),
        policyID,
    };

    API.write(WRITE_COMMANDS.DELETE_MEMBERS_FROM_WORKSPACE, params, {optimisticData, successData, failureData});
}
Inconsistent state handling

Description: Newly added logic always sets employee pendingAction to the current action, removing the
prior exception that preserved DELETE pendingAction; this could erroneously flip or clear
deletion states and enable inconsistent access transitions during workflow updates.
WorkflowUtils.ts [265-271]

Referred Code
updatedEmployeeList[approver.email] = {
    email: approver.email,
    forwardsTo,
    pendingAction,
    pendingFields: {
        forwardsTo: pendingAction,
    },
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
Missing audit logs: The new workflow updates and member removals are triggered without any added audit logging
for critical actions like approver/member removal or approval workflow changes.

Referred Code
    Navigation.navigate(ROUTES.WORKSPACE_INVITE.getRoute(route.params.policyID, Navigation.getActiveRouteWithoutParams()));
}, [route.params.policyID, isAccountLocked, showLockedAccountModal]);

/**
 * Remove selected users from the workspace
 * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
 */
const removeUsers = () => {
    // Check if any of the members are approvers
    const hasApprovers = selectedEmployees.some((email) => isApprover(policy, email));

    setRemoveMembersConfirmModalVisible(false);
    // eslint-disable-next-line @typescript-eslint/no-deprecated
    InteractionManager.runAfterInteractions(() => {
        setSelectedEmployees([]);
        removeMembers(policyID, selectedEmployees, policyMemberEmailsToAccountIDs);
    });

    if (hasApprovers) {
        const ownerEmail = ownerDetails.login;
        for (const login of selectedEmployees) {


 ... (clipped 21 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Silent early return: New functions return early without signaling or logging when required context is missing
(e.g., missing policy), which may hide edge cases and make debugging difficult.

Referred Code
function updateApprovalWorkflow(approvalWorkflow: ApprovalWorkflow, membersToRemove: Member[], approversToRemove: Approver[], policy: OnyxEntry<Policy>) {
    if (!policy) {
        return;
    }

    const previousDefaultApprover = getDefaultApprover(policy);
    const newDefaultApprover = approvalWorkflow.isDefault ? approvalWorkflow.approvers.at(0)?.email : undefined;
    const previousEmployeeList = Object.fromEntries(Object.entries(policy.employeeList ?? {}).map(([key, value]) => [key, {...value, pendingAction: null}]));
    const updatedEmployees = convertApprovalWorkflowToPolicyEmployees({
        previousEmployeeList,
        approvalWorkflow,
        type: CONST.APPROVAL_WORKFLOW.TYPE.UPDATE,
        membersToRemove,
        approversToRemove,
        defaultApprover: newDefaultApprover ?? previousDefaultApprover ?? '',
    });

    // If there are no changes to the employees list, we can exit early
    if (isEmptyObject(updatedEmployees) && !newDefaultApprover) {
        return;
    }


 ... (clipped 1 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Authorization checks: The new UI-triggered removal and workflow update paths rely on existing helpers but add no
explicit authorization or validation checks for who can remove approvers/members, which
may depend on unseen layers.

Referred Code
    Navigation.navigate(ROUTES.WORKSPACE_INVITE.getRoute(route.params.policyID, Navigation.getActiveRouteWithoutParams()));
}, [route.params.policyID, isAccountLocked, showLockedAccountModal]);

/**
 * Remove selected users from the workspace
 * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
 */
const removeUsers = () => {
    // Check if any of the members are approvers
    const hasApprovers = selectedEmployees.some((email) => isApprover(policy, email));

    setRemoveMembersConfirmModalVisible(false);
    // eslint-disable-next-line @typescript-eslint/no-deprecated
    InteractionManager.runAfterInteractions(() => {
        setSelectedEmployees([]);
        removeMembers(policyID, selectedEmployees, policyMemberEmailsToAccountIDs);
    });

    if (hasApprovers) {
        const ownerEmail = ownerDetails.login;
        for (const login of selectedEmployees) {


 ... (clipped 21 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review

Copy link
Copy Markdown

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Remove unused variable declaration

Remove the unused variable autoPayApprovedReportsUnavailable.

src/pages/workspace/rules/ExpenseReportRulesSection.tsx [27]

-const autoPayApprovedReportsUnavailable = !policy?.areWorkflowsEnabled || policy?.reimbursementChoice !== CONST.POLICY.REIMBURSEMENT_CHOICES.REIMBURSEMENT_YES || !hasVBBA(policyID);
+// This line can be removed as it is unused.

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 2

__

Why: The suggestion correctly identifies an unused variable, and removing it would be a minor code quality improvement.

Low
  • More

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants