Skip to content

Commit 085b3ad

Browse files
roryabrahamroryabraham
authored
Merge pull request #46931 from Expensify/youssef_edit_control_reports
Prevent submitters from editing forwarded reports on Control
2 parents e56709a + 06f3d4d commit 085b3ad

File tree

1 file changed

+15
-5
lines changed

1 file changed

+15
-5
lines changed

src/libs/ReportUtils.ts

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2850,6 +2850,11 @@ function canEditMoneyRequest(reportAction: OnyxInputOrEntry<ReportAction<typeof
28502850
return true;
28512851
}
28522852

2853+
if (policy?.type === CONST.POLICY.TYPE.CORPORATE && moneyRequestReport && isCurrentUserSubmitter(moneyRequestReport.reportID)) {
2854+
const isForwarded = PolicyUtils.getSubmitToAccountID(policy, moneyRequestReport.ownerAccountID ?? 0) !== moneyRequestReport.managerID;
2855+
return !isForwarded;
2856+
}
2857+
28532858
return !isReportApproved(moneyRequestReport) && !isSettled(moneyRequestReport?.reportID) && isRequestor;
28542859
}
28552860

@@ -2893,17 +2898,22 @@ function canEditFieldOfMoneyRequest(reportAction: OnyxInputOrEntry<ReportAction>
28932898
return false;
28942899
}
28952900

2896-
if ((fieldToEdit === CONST.EDIT_REQUEST_FIELD.AMOUNT || fieldToEdit === CONST.EDIT_REQUEST_FIELD.CURRENCY) && TransactionUtils.isDistanceRequest(transaction)) {
2897-
const policy = getPolicy(moneyRequestReport?.reportID ?? '-1');
2898-
const isAdmin = isExpenseReport(moneyRequestReport) && policy?.role === CONST.POLICY.ROLE.ADMIN;
2899-
const isManager = isExpenseReport(moneyRequestReport) && currentUserAccountID === moneyRequestReport?.managerID;
2901+
const policy = getPolicy(moneyRequestReport?.reportID ?? '-1');
2902+
const isAdmin = isExpenseReport(moneyRequestReport) && policy?.role === CONST.POLICY.ROLE.ADMIN;
2903+
const isManager = isExpenseReport(moneyRequestReport) && currentUserAccountID === moneyRequestReport?.managerID;
29002904

2905+
if ((fieldToEdit === CONST.EDIT_REQUEST_FIELD.AMOUNT || fieldToEdit === CONST.EDIT_REQUEST_FIELD.CURRENCY) && TransactionUtils.isDistanceRequest(transaction)) {
29012906
return isAdmin || isManager;
29022907
}
29032908

29042909
if (fieldToEdit === CONST.EDIT_REQUEST_FIELD.RECEIPT) {
29052910
const isRequestor = currentUserAccountID === reportAction?.actorAccountID;
2906-
return !isInvoiceReport(moneyRequestReport) && !TransactionUtils.isReceiptBeingScanned(transaction) && !TransactionUtils.isDistanceRequest(transaction) && isRequestor;
2911+
return (
2912+
!isInvoiceReport(moneyRequestReport) &&
2913+
!TransactionUtils.isReceiptBeingScanned(transaction) &&
2914+
!TransactionUtils.isDistanceRequest(transaction) &&
2915+
(isAdmin || isManager || isRequestor)
2916+
);
29072917
}
29082918

29092919
if (fieldToEdit === CONST.EDIT_REQUEST_FIELD.DISTANCE_RATE) {

0 commit comments

Comments
 (0)