Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Workspace Feeds] Start issue new card flow page can be accessed by non-admin member #48481

Closed
mountiny opened this issue Sep 3, 2024 · 6 comments
Closed

[Workspace Feeds] Start issue new card flow page can be accessed by non-admin member #48481

mountiny opened this issue Sep 3, 2024 · 6 comments
Assignees
@mountiny @DylanDylann
Labels
Bug Something is broken. Auto assigns a BugZero manager. Reviewing Has a PR in review Weekly KSv2

Comments

@mountiny
Copy link
Contributor

mountiny commented Sep 3, 2024

### Problem

For the card settings and new card creation flow, we added a couple of new pages to the app that should only be accessible by admins. For example, the IssueNewCardPage is accessible by policy members, too, which means that the API throws an error as only admins are allowed to access this page and its data.

Solution

Ensure to only allow admins to load this page using the AccessOrNotFoundWrapper component and check for PAID and ADMIN conditions.

Make audit of the new pages we added for workspace feeds to ensure those that are for admins only also use this wrapper
@mountiny mountiny added Daily KSv2 Bug Something is broken. Auto assigns a BugZero manager. labels Sep 3, 2024
@melvin-bot Melvin Bot
Copy link

melvin-bot bot commented Sep 3, 2024

Triggered auto assignment to @garrettmknight (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

@garrettmknight
Copy link
Contributor

@mountiny Who's this meant to be starred/waiting on?

@mountiny
Copy link
Contributor Author

mountiny commented Sep 3, 2024

@VickyStash will handle this one so waiting for her to comment tomorrow and assign her. There will be no payments required for this change as its part of the project so I think I can unassign you

@VickyStash
Copy link
Contributor

Hi, I'm Viktoryia from Callstack - expert contributor group - and I would like to work on this issue.

@VickyStash VickyStash mentioned this issue Sep 4, 2024
Merged
50 tasks
@melvin-bot melvin-bot bot added Reviewing Has a PR in review Weekly KSv2 and removed Daily KSv2 labels Sep 4, 2024
@VickyStash
Copy link
Contributor

The PR has been opened for the review

@trjExpensify trjExpensify moved this to Release 2: Summer 2024 (Aug) in [#whatsnext] #wave-collect Sep 6, 2024
@allgandalf allgandalf removed their assignment Sep 11, 2024
@trjExpensify
Copy link
Contributor

This one is deployed, closing.

@github-project-automation github-project-automation bot moved this from Polish to Done in [#whatsnext] #wave-collect Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mountiny mountiny

@DylanDylann DylanDylann

Labels
Bug Something is broken. Auto assigns a BugZero manager. Reviewing Has a PR in review Weekly KSv2
Projects
[wave-collect] Workspace Feeds
Status: Done
[#whatsnext] #wave-collect
Status: Done
Milestone
No milestone
Development

No branches or pull requests
6 participants
@garrettmknight @trjExpensify @VickyStash @mountiny @allgandalf @DylanDylann