[HOLD for payment 2024-12-12] [$250] Support-Logged-In Agents Can Appear to Delete Workspaces in NewDot Without Actual Deletion or Error Message #52854
Comments
m-natarajan
added
Daily
|
Triggered auto assignment to @MitchExpensify ( |
|
This has been labelled "Needs Reproduction". Follow the steps here: https://stackoverflowteams.com/c/expensify/questions/16989 |
|
@MitchExpensify I'm happy to manage this one, but would you mind confirming that you can repro from your own NewDot supportal? |
|
please also assign me here with @RachCHopkins , we are going back and forth on this one on slack 👋 |
Confirmed I can reproduce |
RachCHopkins
added
External
melvin-bot
bot
changed the title
|
Job added to Upwork: https://www.upwork.com/jobs/~021860949442956139975 |
melvin-bot
bot
added
the
Help Wanted
|
Current assignee @allgandalf is eligible for the External assigner, not assigning anyone new. |
|
Not overdue, waiting for proposals / agency to pick up |
|
@Expensify/design What should be the expected result here when a person supportal-logged in tries to delete a workspace ? On OD we show them a modal saying they are not allowed to take the action: 
If we want to show the same on ND, a mock would be great 🙏 |
|
We have a very simple modal alert pattern we can reuse here, something like this: |
ProposalPlease re-state the problem that we are trying to solve in this issue.Agents Can Appear to Delete Workspaces in NewDot Without Actual Deletion or Error Message What is the root cause of that problem?We do not have any check in places to see if the action is requested by support agent, so everytime we call the delete workspace, we directly show the modal to delete: App/src/pages/workspace/WorkspacesListPage.tsx Lines 170 to 175 in 967cc5c In old dot, we have a modal to show that this action is not allowed. Similarly in new dot, we will show similar modal if the request is from agent. What changes do you think we should make in order to solve the problem?First we will check if the request is from support agent using the existing App/src/libs/Network/NetworkStore.ts Lines 131 to 133 in 967cc5c In const isSupportalAction = isSupportAuthToken();Then we will introduce a new state to show the modal of blocking and add const [isSupportalActionRestrictedModalOpen ,setIsSupportalActionRestrictedModalOpen] = useState(false);
const hideSupportalModal = () => {
setIsSupportalActionRestrictedModalOpen(false);
};Then below: App/src/pages/workspace/WorkspacesListPage.tsx Lines 170 to 175 in 967cc5c First we will check if the request is from agent and then show the blocking modal: onSelected: () => {
if(isSupportalAction) {
isSupportalActionRestrictedModalOpen(true);
return;
}
setPolicyIDToDelete(item.policyID ?? '-1');
setPolicyNameToDelete(item.title);
setIsDeleteModalOpen(true);
},Then add a modal to show that action is not allowed here: // Note that all these will be translated to their spanish equivalents as well and updated in es.ts file
<ConfirmModal
title={'Not so fast'}
isVisible={isSupportalActionRestrictedModalOpen}
onConfirm={hideSupportalModal}
prompt={'You are not authorized to take this action when support logged in.'}
confirmText={translate('common.buttonConfirm')}
shouldShowCancelButton={false}
/>Note that we can make a generic modal component for agent request blocking, we can also check all the places where we can delete the workspace and add this check there, also note that we can show this blocking view on the delete confirmation modal, that can be decided in the PR phase What alternative solutions did you explore? (Optional) |
|
Alright, @twilight2294 proposal makes sense to me, Their RCA is correct and solution would work in theory. Let's go with their solution. Only caveat is that we would need to hardcode the value to true (While testing during PR phase) and then Internal QA it to test on either Ad-hoc (If possible) or directly onto staging. The assigned internal engineer can help with that. 🎀👀🎀 C+ reviewed |
|
Triggered auto assignment to @Beamanator, see https://stackoverflow.com/c/expensify/questions/7972 for more details. |
melvin-bot
bot
removed
the
Help Wanted
|
📣 @allgandalf 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app! |
|
The solution for this issue has been 🚀 deployed to production 🚀 in version 9.0.71-2 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue: If no regressions arise, payment will be issued on 2024-12-12. 🎊 For reference, here are some details about the assignees on this issue:
|
|
@allgandalf @RachCHopkins @allgandalf The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed. Please copy/paste the BugZero Checklist from here into a new comment on this GH and complete it. If you have the K2 extension, you can simply click: [this button] |
BugZero Checklist:
Bug classificationSource of bug:
Where bug was reported:
Who reported the bug:
Regression Test Proposal Template
Regression Test ProposalPrecondition:Test:Do we agree 👍 or 👎 |
|
cc on the BZ steps above @allgandalf |
|
@MitchExpensify no regression test and checklist for this bug
@Beamanator to confirm 🙇 |
|
Mmmmm true, I don't think supportal is available for applause so they can't really manually test that, right @MitchExpensify ? |
|
That is true; I'm not sure how, or if, QA tests any Supportal centric bugs today. Maybe @mallenexpensify can help give us a bit of guidance on the BZ steps here 🙏 |
|
@Beamanator is it cool if I pay people even without this figured out? |
|
Contributor: @twilight2294 paid $250 via Upwork Didn't wanna hold up payments over the weekend. Let's leave this open through next week to see if we can figure out how we want to address Supportal issues (which... maybe we can just kick the can down the road til we see if we have many? I really don't know, kinda spitballing late on a Friday) |
|
Thanks for paying out! Hmm yeah good call, maybe we can bring this up to the main people responsible for implementing supportal in NewDot recently? |
|
@Beamanator, @RachCHopkins, @allgandalf, @twilight2294 Uh oh! This issue is overdue by 2 days. Don't forget to update your issues! |
|
patience melv!! not overdue |
|
@Beamanator, @RachCHopkins, @allgandalf, @twilight2294 Huh... This is 4 days overdue. Who can take care of this? |
|
All paid out, waiting on QA steps. |
|
No updates..... most probably we'll hear next year 😆 |
|
@Beamanator, @RachCHopkins, @allgandalf, @twilight2294 Eep! 4 days overdue now. Issues have feelings too... |
|
@Beamanator, @RachCHopkins, @allgandalf, @twilight2294 Still overdue 6 days?! Let's take care of this! |
|
Still waiting on QA steps. |
|
Just to be clear, we're not waiting on me, right? 😅 |
|
|
I'm unsure of what QA steps would/should be for supportal related issues. Also unsure of who would/should come up with those. If we don't view the steps as a near-term priority, we can likely close this.... right? |
|
Trueeee if QA doesn't actually test supportal stuff, it doesn't really make sense to need QA steps, does it? 🤣 |
|
Did a quick search in the #qa Slack room and didn't see much about Supportal, so I'm going to close for now. Comment/reopen if needed. |
If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!
Version Number:
Reproducible in staging?: Needs Reproduction(No access to supportal)
Reproducible in production?: Needs Reproduction(No access to supportal)
If this was caught on HybridApp, is this reproducible on New Expensify Standalone?:
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: @RachCHopkins
Slack conversation (hyperlinked to channel name): ts_external_expensify_bugs
Action Performed:
Expected Result:
When a support agent attempts to delete a customer's workspace in NewDot while support-logged-in:
1.The UI should display an appropriate error message, similar to OldDot, indicating that the deletion is not allowed.
2.The workspace should remain visible and unchanged in the UI.
3.The UI should not give any misleading indication that the workspace has been successfully deleted.
Actual Result:
The UI appears to allow the deletion, showing no error message.
Even after refreshing, the workspace seems to be deleted from the NewDot
Upon returning to the main Supportal page, the workspace is still present, confirming it was not actually deleted.
Workaround:
Unknown
Platforms:
Which of our officially supported platforms is this issue occurring on?
Screenshots/Videos
Add any screenshot/video evidence
2024-11-20_08-50-52.mp4
View all open jobs on GitHub
Upwork Automation - Do Not Edit
Issue Owner
Current Issue Owner: @Issue Owner
Current Issue Owner: @RachCHopkinsThe text was updated successfully, but these errors were encountered: