Skip to content

Feat : show Invite button on Members page for money request reports#88459

Open
M00rish wants to merge 20 commits into
Expensify:mainfrom
M00rish:invitecash
Open

Feat : show Invite button on Members page for money request reports#88459
M00rish wants to merge 20 commits into
Expensify:mainfrom
M00rish:invitecash

Conversation

@M00rish

@M00rish M00rish commented Apr 21, 2026

Copy link
Copy Markdown
Contributor

Explanation of Change

Fixed Issues

$ #80957
PROPOSAL: comment

Tests

  1. Create a money Request
  2. open it and click on header -> Members -> invite
  3. invite a member and verify invite is successful
  • Verify that no errors appear in the JS console

Offline tests

QA Steps

// TODO: These must be filled out, or the issue title must include "[No QA]."

  • Verify that no errors appear in the JS console

PR Author Checklist

  • I linked the correct issue in the ### Fixed Issues section above
  • I wrote clear testing steps that cover the changes made in this PR
    • I added steps for local testing in the Tests section
    • I added steps for the expected offline behavior in the Offline steps section
    • I added steps for Staging and/or Production testing in the QA steps section
    • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
    • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
    • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
  • I included screenshots or videos for tests on all platforms
  • I ran the tests on all platforms & verified they passed on:
    • Android: Native
    • Android: mWeb Chrome
    • iOS: Native
    • iOS: mWeb Safari
    • MacOS: Chrome / Safari
  • I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
  • I verified there are no new alerts related to the canBeMissing param for useOnyx
  • I followed proper code patterns (see Reviewing the code)
    • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
    • I verified that comments were added to code that is not self explanatory
    • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
    • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
      • If any non-english text was added/modified, I used JaimeGPT to get English > Spanish translation. I then posted it in #expensify-open-source and it was approved by an internal Expensify engineer. Link to Slack message:
    • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
    • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
    • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
    • I verified the JSDocs style guidelines (in STYLE.md) were followed
  • If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
  • I followed the guidelines as stated in the Review Guidelines
  • I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
  • I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
  • I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
  • I verified that if a function's arguments changed that all usages have also been updated correctly
  • If any new file was added I verified that:
    • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
  • If a new CSS style is added I verified that:
    • A similar style doesn't already exist
    • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
  • If new assets were added or existing ones were modified, I verified that:
    • The assets are optimized and compressed (for SVG files, run npm run compress-svg)
    • The assets load correctly across all supported platforms.
  • If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
  • If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
  • If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
  • If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
  • If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
    • I verified that all the inputs inside a form are aligned with each other.
    • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
  • If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
  • I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
  • If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.

Screenshots/Videos

Android: Native
Android.webm
Android: mWeb Chrome
Android.webm
iOS: Native
ios.webm
iOS: mWeb Safari
iosWEB.webm
MacOS: Chrome / Safari
web.webm

@M00rish M00rish requested review from a team as code owners April 21, 2026 17:10
@melvin-bot melvin-bot Bot requested review from abzokhattab and flaviadefaria and removed request for a team April 21, 2026 17:10
@melvin-bot

melvin-bot Bot commented Apr 21, 2026

Copy link
Copy Markdown

@abzokhattab Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

@melvin-bot melvin-bot Bot removed the request for review from a team April 21, 2026 17:10
@M00rish M00rish changed the title fix header Feat : show Invite button on Members page for money request reports Apr 21, 2026
const {translate, formatPhoneNumber} = useLocalize();
const [countryCode = CONST.DEFAULT_COUNTRY_CODE] = useOnyx(ONYXKEYS.COUNTRY_CODE);
const [didScreenTransitionEnd, setDidScreenTransitionEnd] = useState(false);
const reportAttributes = useReportAttributes();

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ PERF-11 (docs)

useReportAttributes() subscribes to the entire ONYXKEYS.DERIVED.REPORT_ATTRIBUTES record (all reports' attributes). This component only needs reportAttributes?.[report.reportID]?.reportName — a single string. Every time any report's attributes change anywhere in the app, this component will re-render unnecessarily.

Consider a targeted useOnyx call with a selector that returns the primitive reportName string for just this report:

const [reportName] = useOnyx(ONYXKEYS.DERIVED.REPORT_ATTRIBUTES, {
    selector: (data) => data?.reports?.[report.reportID]?.reportName,
});
// Then use: StringUtils.lineBreaksToSpaces(reportName ?? '')

A selector returning a primitive (string) is cheap to compare and prevents re-renders from unrelated report attribute changes.


Reviewed at: fbfb102 | Please rate this suggestion with 👍 or 👎 to help us improve! Reactions are used to monitor reviewer efficiency.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@M00rish can you please check that comment

@codecov

codecov Bot commented Apr 21, 2026

Copy link
Copy Markdown

Codecov Report

✅ Changes either increased or maintained existing code coverage, great job!

Files with missing lines Coverage Δ
src/pages/InviteReportParticipantsPage.tsx 0.00% <0.00%> (ø)
src/pages/ReportParticipantsPage.tsx 0.00% <0.00%> (ø)
... and 43 files with indirect coverage changes

@codecov

codecov Bot commented Apr 21, 2026

Copy link
Copy Markdown

Codecov Report

✅ Changes either increased or maintained existing code coverage, great job!

Files with missing lines Coverage Δ
src/libs/actions/RequestConflictUtils.ts 100.00% <100.00%> (ø)
src/pages/InviteReportParticipantsPageUtils.ts 100.00% <100.00%> (ø)
src/pages/DynamicReportParticipantsInvitePage.tsx 0.00% <0.00%> (ø)
src/pages/DynamicReportParticipantsPage.tsx 0.00% <0.00%> (ø)
... and 268 files with indirect coverage changes

flaviadefaria
flaviadefaria previously approved these changes Apr 24, 2026

@flaviadefaria flaviadefaria left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@abzokhattab

Copy link
Copy Markdown
Contributor

is this ready for review or still waiting for backend work? @M00rish

@M00rish

M00rish commented Apr 27, 2026

Copy link
Copy Markdown
Contributor Author

There's some backend work to be done

@M00rish

M00rish commented May 4, 2026

Copy link
Copy Markdown
Contributor Author

PR is ready for review again @abzokhattab thanks!

@abzokhattab

Copy link
Copy Markdown
Contributor

@codex review

@abzokhattab

Copy link
Copy Markdown
Contributor

@MelvinBot review

@MelvinBot

Copy link
Copy Markdown
Contributor

PR Review

Overall: Clean, well-scoped PR with good test coverage. A few items to address:

1. Selector re-render risk (agrees with PERF-11 bot flag)

InviteReportParticipantsPage.tsx:49-52: reportByIDsSelector returns a new object on every evaluation, so useOnyx will see a changed reference and re-render even when the underlying data hasn't changed. Since this page only needs the report name string, a primitive-returning selector would avoid unnecessary re-renders:

const [reportName = ''] = useOnyx(ONYXKEYS.DERIVED.REPORT_ATTRIBUTES, {
    selector: (data) => data?.reports?.[reportID]?.reportName,
});
// Then: StringUtils.lineBreaksToSpaces(reportName)

This eliminates the useMemo + reportByIDsSelector import entirely and returns a primitive that's cheap to compare.

2. Good catch on optimistic accountID handling

The change from !accountID to accountID === undefined in InviteReportParticipantsPageUtils.ts:14 correctly preserves accountID = 0 for new invitees. The test at InviteReportParticipantsPageTest.ts:5-17 validates this well. 👍

3. Conflict resolution accountIDList — good fix

RequestConflictUtils.ts:80-81: Adding accountIDList comparison prevents an OpenReport request from incorrectly replacing another one with different participants. The null-coalescing to '' handles the optional field cleanly.

4. Minor: no permission guard on invite for money request reports

ReportParticipantsPage.tsx:89: shouldShowInviteButton = isGroupChat || isMoneyRequestReport(report) shows the invite button to all viewers of a money request report. For group chats, any member can invite — is the same true for money request reports? If only certain roles (e.g., the report owner or policy admins) should be able to invite, a guard should be added here. If it's intentionally open to all participants, this is fine as-is — just flagging for confirmation.

Summary

The core logic (showing invite on money request reports, conflict dedup with accountIDList, utility extraction with tests) looks correct. The main actionable item is #1 — switching to a primitive selector to avoid unnecessary re-renders.

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. More of your lovely PRs please.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@lakchote

Copy link
Copy Markdown
Contributor

@abzokhattab can you review it please?

@abzokhattab

Copy link
Copy Markdown
Contributor

on my list for today

@abzokhattab

Copy link
Copy Markdown
Contributor

Reviewer Checklist

  • I have verified the author checklist is complete (all boxes are checked off).
  • I verified the correct issue is linked in the ### Fixed Issues section above
  • I verified testing steps are clear and they cover the changes made in this PR
    • I verified the steps for local testing are in the Tests section
    • I verified the steps for Staging and/or Production testing are in the QA steps section
    • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
    • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
  • I checked that screenshots or videos are included for tests on all platforms
  • I included screenshots or videos for tests on all platforms
  • I verified that the composer does not automatically focus or open the keyboard on mobile unless explicitly intended. This includes checking that returning the app from the background does not unexpectedly open the keyboard.
  • I verified tests pass on all platforms & I tested again on:
    • Android: HybridApp
    • Android: mWeb Chrome
    • iOS: HybridApp
    • iOS: mWeb Safari
    • MacOS: Chrome / Safari
  • If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
  • I verified proper code patterns were followed (see Reviewing the code)
    • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
    • I verified that comments were added to code that is not self explanatory
    • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
    • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
    • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
    • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
    • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
    • I verified the JSDocs style guidelines (in STYLE.md) were followed
  • If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
  • I verified that this PR follows the guidelines as stated in the Review Guidelines
  • I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
  • I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
  • I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
  • If a new component is created I verified that:
    • A similar component doesn't exist in the codebase
    • All props are defined accurately and each prop has a /** comment above it */
    • The file is named correctly
    • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
    • The only data being stored in the state is data necessary for rendering and nothing else
    • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
    • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
    • All JSX used for rendering exists in the render method
    • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
  • If any new file was added I verified that:
    • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
  • If a new CSS style is added I verified that:
    • A similar style doesn't already exist
    • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)
  • If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
  • If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
  • If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
  • If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
  • If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
    • I verified that all the inputs inside a form are aligned with each other.
    • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
  • If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
  • For any bug fix or new feature in this PR, I verified that sufficient unit tests are included to prevent regressions in this flow.
  • If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
  • I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Android: HybridApp
Android: mWeb Chrome
iOS: HybridApp
iOS: mWeb Safari
MacOS: Chrome / Safari

@abzokhattab

Copy link
Copy Markdown
Contributor

I noticed a potential issue: the Invite member button is visible to all participants of the expense report, including users who were just invited — not just the submitter or admins. Should we limit visibility to the submitter or admins only? @lakchote @flaviadefaria what's the intended permission model here?

Untitled.mov

@flaviadefaria

Copy link
Copy Markdown
Contributor

Should we limit visibility to the submitter or admins only? @lakchote @flaviadefaria what's the intended permission model here?

Testing this is Classic, it seems like anyone who has access to the report can share the report with someone else:

A few thoughts that came to mind while reading the issue and proposed solution:

  • If the submitter shares a report with another user, can you confirm what actions that user can take on the report? This isn't clear from the recordings.
  • Will the shared user automatically receive a PDF copy by email? I believe that's what currently happens when a report is submitted to someone in a regular submission flow.
  • I'm a bit on the fence about the button “Invite member.” We're not really inviting someone; we're sharing the report with them. “Invite” could be misleading/confusing with other "invite" actions. Also, as far as I’m aware, the report can be shared with anyone, not just workspace members. Would it make more sense to call this action “Share with” or "Add user" instead?

Before we move forward, I’d love to hear thoughts from @trjExpensify and @Expensify/design on this.

Here is a screenshot of the sharing page in Classic:

image

@dannymcclain

Copy link
Copy Markdown
Contributor

I'm a bit on the fence about the button “Invite member.” We're not really inviting someone; we're sharing the report with them. “Invite” could be misleading/confusing with other "invite" actions. Also, as far as I’m aware, the report can be shared with anyone, not just workspace members. Would it make more sense to call this action “Share with” or "Add user" instead?

I feel like we labeled it Invite because we're inviting them to the chat room, which is actually the report. (I'm not saying this is clear, I'm just pointing out why I think we call it invite? Maybe?)

Personally though I agree with you, Share report feels a lot more clear to me, and that classic screenshot you shared (Report Share Settings) makes way more sense than the current "Members" RHP IMO. My only hesitation with switching up the language is potentially creating inconsistency around when we use Invite vs. Share. But I think basically replicating that classic screenshot in ND would be better for our customers. So if we're not worried about that potential inconsistency (or if that's actually a non-issue), I'd be down to update.

Curious for more thoughts from the design team and @Expensify/product though.

@shawnborton

Copy link
Copy Markdown
Contributor

Yeah, we might want to have a broader conversation about our current "Share" feature and if users actually use it or know what it means:
CleanShot 2026-06-29 at 09 45 00@2x

That is likely a separate conversation though. Definitely curious about Flavia's points above and agree with Danny's comments too.

@trjExpensify

Copy link
Copy Markdown
Contributor

I feel like we labeled it Invite because we're inviting them to the chat room, which is actually the report. (I'm not saying this is clear, I'm just pointing out why I think we call it invite? Maybe?)

That's my recollection too, because this "member" management is available on chat reports well:

image

I think even if we improve "Share" and add another alt option there for manual sharing instead of just the URL option, I'd probably still keep Invite member atop the Members list of the report for consistency.

@flaviadefaria

Copy link
Copy Markdown
Contributor

Thanks for the context. Personally, I think we’re optimizing this for chat, even though we know many of our customers don’t like the chat-centric interface. I also wonder how many users actually invite someone to a workspace chat.

We can move forward with the current approach, but I think this will end up being a feature that’s not intuitive and will consistently require users to reach out for help to figure out where it is. I’d rather we break the pattern here if it makes a commonly requested feature easier to discover than stick to a pattern that users don’t really understand.

The real goal isn’t to invite someone into the report chat, it’s to share the report with them so they can view the expenses and export it.

I also think the email copy will be confusing if we use “invited” instead of “shared.”

image

But that’s just my two cents. If everyone feels consistency is the higher priority here, I’m okay with that, it is a relatively small feature after all.

@dannymcclain

Copy link
Copy Markdown
Contributor

I agree with Flavia personally. I think we kinda just got this wrong the first time around. Just my 2 cents of course, but for basically all other things that I want people to be able to see and/or edit, the verbiage is share (Google Doc, Figma file, grocery list, note, etc.)

But I also feel the same as:

If everyone feels consistency is the higher priority here, I’m okay with that, it is a relatively small feature after all.

@trjExpensify

Copy link
Copy Markdown
Contributor

I don't think anyone here is disputing we should still consider bringing "Share" out of details and into the More menu, adding an option in it for a manual share with a bespoke share message etc. In fact, didn't Jason say here that he was going to create an issue for that? 🤔 I can't find it, but I think it can be progressed.

Equally though, this is just a PR to fix a bug with the existing Members screen in the product, so I still think that's out of scope here and we should proceed to fix this in the meantime.

@JmillsExpensify

Copy link
Copy Markdown
Contributor

Sorry I did not create an issue. That said, I still feel the same. I like:

  • Keeping this PR focused on fixing the bug
  • Creating another issue to keep exploring our broader approach to Share.

@flaviadefaria

Copy link
Copy Markdown
Contributor

Just to make sure we’re aligned, are we considering this a bug? @trjExpensify, I thought your comment in the main issue was that it wasn’t:

Right, exactly. That’s not a bug. The bug in the thread transpires to be the “Invite” button missing on the Members page of the report.

My understanding is that we’re implementing functionality from Classic in NewDot, rather than fixing something that’s currently broken.

With that in mind, I wonder if it would make more sense to close this issue, first align on our broader approach to Share in a separate issue, and then implement the requested changes as part of that work.

That said, I’m happy to go with whatever approach the team thinks is best. I mainly want to make sure we’re solving the right problem before we start implementing a solution.

@trjExpensify

Copy link
Copy Markdown
Contributor

Yeah, the first part of that quote is referring to not having a "CC" option on submission as we don't support that in NewDot (therefore not a bug). The second part of the quote is referencing the bug this PR fixes - which is the invite button was missing atop the Members page.

I did point out a few comments below that one how the OP of that parent issue is confusing and not reflective of what we were actually fixing here in the first order:

I think the OP of this issue and the title is a little confusing. Per the bug report thread for this, we were focusing on fixing the bug with the existing Members page on an expense report whereby the Invite button isn't appearing atop of that page when it should.

Anything extra or new for CC'ing on submission etc seems better to handle separately.

@dannymcclain

Copy link
Copy Markdown
Contributor

Ok cool, I'm following - down with what you and Jason are suggesting 👍

Copy link
Copy Markdown
Contributor

Flavia - do you want to lead up the next steps with Share?

@flaviadefaria

Copy link
Copy Markdown
Contributor

Thanks for clarifying, @trjExpensify! The OP was definitely misleading. I’m on board with fixing the bug here and discussing sharing options as a separate initiative.

Flavia - do you want to lead up the next steps with Share?

I'm not passionate about it but I'll add it to my list.

@flaviadefaria

Copy link
Copy Markdown
Contributor

I noticed a potential issue: the Invite member button is visible to all participants of the expense report, including users who were just invited — not just the submitter or admins. Should we limit visibility to the submitter or admins only? @lakchote @flaviadefaria what's the intended permission model here?

Back to this comment from @abzokhattab, yes we should limit it to submitter and admins only to keep the same behavior as we have in the workspace chat.

@abzokhattab

Copy link
Copy Markdown
Contributor

@M00rish lets the invitation for submitter and admins only

@M00rish

M00rish commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@abzokhattab would you review pls ?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this file change is not related to the issue ... is it intended?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes it is, it solves messaging the invited member error

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry i am not following. What messaging error? It would be nice if you could share can video

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here's video @abzokhattab

Video.mp4

@abzokhattab

Copy link
Copy Markdown
Contributor

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9eba2e9c1f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

const isGroupChat = isGroupChatUtils(report);
const policy = usePolicy(report.policyID);
const isReportSubmitterOrAdmin = isCurrentUserSubmitter(report) || isPolicyAdmin(policy);
const shouldShowInviteButton = isReportSubmitterOrAdmin && (isGroupChat || (isMoneyRequestReport(report) && isOpenExpenseReport(report)));

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep group chat controls visible to group admins

When the report is a group chat, this new isReportSubmitterOrAdmin requirement hides the entire action container for group-chat admins who are not also the report owner/workspace admin. The table still enables selection from isCurrentUserGroupChatAdmin, so those admins can select members but no longer see Remove / Make admin actions, and non-owner group chat members also lose the invite button that existed before this change. Gate the group-chat case on the group-chat permissions, or apply the submitter/policy-admin check only to open expense reports.

Useful? React with 👍 / 👎.

selector: reportAttributesSelector,
});
const backPath = useDynamicBackPath(DYNAMIC_ROUTES.REPORT_PARTICIPANTS_INVITE.path);
const shouldShowInvitePage = isGroupChat(report) || (isMoneyRequestReport(report) && isOpenExpenseReport(report));

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reuse the invite permission check on the invite route

For open expense reports, the participants page hides the invite button unless the current user is the submitter or a policy admin, but this route-level check allows any open expense report. A non-submitter member who opens the invite URL directly can still search users and submit inviteToGroupChat, causing optimistic participant changes/API calls despite the action being hidden in the normal flow. Mirror the same submitter/policy-admin permission here for the money-request case.

Useful? React with 👍 / 👎.

@M00rish

M00rish commented Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

could you review again @abzokhattab ? the error checks are from main will merge main once resolved.

@abzokhattab

abzokhattab commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Left a comment here #88459 (comment) @M00rish

@M00rish

M00rish commented Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

please check the video

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants