Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: new security section, links #34987

Merged
merged 12 commits into from
Feb 13, 2024
Merged

Feature: new security section, links #34987

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
acb9b63
security page, links
waterim Jan 23, 2024
1fd5c8f
update doc
waterim Jan 29, 2024
b4ebc80
update workspace room doc
waterim Jan 29, 2024
d51ac98
updated workspace rules
waterim Jan 29, 2024
c1955e5
updated workspace room
waterim Feb 5, 2024
3d510ac
Merge remote-tracking branch 'upstream/main' into feat-33575
waterim Feb 5, 2024
443ddec
updated security section text
waterim Feb 6, 2024
78d8eef
updated security section
waterim Feb 8, 2024
be11084
Merge remote-tracking branch 'upstream/main' into feat-33575
waterim Feb 12, 2024
ce443d0
updated security page
waterim Feb 12, 2024
9db2e51
updated
waterim Feb 13, 2024
c2a7cba
fix
waterim Feb 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
* [Debugging](#debugging)
* [App Structure and Conventions](#app-structure-and-conventions)
* [Philosophy](#Philosophy)
* [Security](#Security)
* [Internationalization](#Internationalization)
* [Deploying](#deploying)

Expand Down Expand Up @@ -394,6 +395,74 @@ This application is built with the following principles.

----

# Security
Updated rules for managing all types of chats (add/remove people)

1. ### DM
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please put numbers inside # so that numbers are bolded as well
i.e. ### 1. DM

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its not possible on markdown to make ordered list bold unfortunately

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only alternative way is to make it without tabbing, but it looks messy
image

| | Member
| :---: | :---:
| **Invite** | ❌
| **Remove** | ❌
| **Leave** | ❌
| **Can be removed** | ❌

2. ### Workspace
1. #### Workspace
| | Creator | Member(Employee/User) | Admin | Auditor?
| :---: | :---: | :---: | :---: | :---:
| **Invite** | ✅ | ❌ | ✅ | ❌
| **Remove** | ✅ | ❌ | ✅ | ❌
| **Leave** | ❌ | ✅ | ❌ | ✅
| **Can be removed** | ❌ | ✅ | ✅ | ✅

2. #### Workspace #announce room
| | Member(Employee/User) | Admin | Auditor?
| :---: | :---: | :---: | :---:
| **Invite** | ❌ | ❌ | ❌
| **Remove** | ❌ | ❌ | ❌
| **Leave** | ❌ | ❌ | ❌
| **Can be removed** | ❌ | ❌ | ❌ |

3. #### Workspace #admin room
| | Admin |
| :---: | :---:
| **Invite** | ❌
| **Remove** | ❌
| **Leave** | ❌
| **Can be removed** | ❌

4. #### Workspace rooms
| | Creator | Member |
| :---: | :---: | :---:
| **Invite** | ✅ | ✅
| **Remove** | ✅ | ✅
| **Leave** | ✅ | ✅
| **Can be removed** | ✅ | ✅

4. #### Workspace chats
| | Admin | Member(default) | Member(invited)
| :---: | :---: | :---: | :---:
| **Invite** | ✅ | ✅ | ❌
| **Remove** | ✅ | ✅ | ❌
| **Leave** | ❌ | ❌ | ✅
| **Can be removed** | ❌ | ❌ | ✅

3. ### Domain chat
| | Member
| :---: | :---:
| **Remove** | ❌
| **Leave** | ❌
| **Can be removed** | ❌

4. ### Reports
| | Submitter | Manager
| :---: | :---: | :---:
| **Remove** | ❌ | ❌
| **Leave** | ❌ | ❌
| **Can be removed** | ❌ | ❌

----

# Internationalization
This application is built with Internationalization (I18n) / Localization (L10n) support, so it's important to always
localize the following types of data when presented to the user (even accessibility texts that are not rendered):
Expand Down
2 changes: 2 additions & 0 deletions src/libs/actions/Policy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,7 @@ function removeOptimisticAnnounceRoomMembers(policyID: string, accountIDs: numbe

/**
* Remove the passed members from the policy employeeList
* Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
*/
function removeMembers(accountIDs: number[], policyID: string) {
// In case user selects only themselves (admin), their email will be filtered out and the members
Expand Down Expand Up @@ -597,6 +598,7 @@ function createPolicyExpenseChats(policyID: string, invitedEmailsToAccountIDs: R

/**
* Adds members to the specified workspace/policyID
* Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
*/
function addMembersToWorkspace(invitedEmailsToAccountIDs: Record<string, number>, welcomeNote: string, policyID: string) {
const membersListKey = `${ONYXKEYS.COLLECTION.POLICY_MEMBERS}${policyID}` as const;
Expand Down
4 changes: 3 additions & 1 deletion src/libs/actions/Report.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2236,7 +2236,9 @@ function inviteToRoom(reportID: string, inviteeEmailsToAccountIDs: Record<string
API.write('InviteToRoom', parameters, {optimisticData, successData, failureData});
}

/** Removes people from a room */
/** Removes people from a room
* Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
*/
function removeFromRoom(reportID: string, targetAccountIDs: number[]) {
const report = allReports?.[reportID];

Expand Down
1 change: 1 addition & 0 deletions src/pages/RoomMembersPage.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ function RoomMembersPage(props) {

/**
* Remove selected users from the room
* Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
*/
const removeUsers = () => {
Report.removeFromRoom(props.report.reportID, selectedMembers);
Expand Down
1 change: 1 addition & 0 deletions src/pages/workspace/WorkspaceInviteMessagePage.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ function WorkspaceInviteMessagePage(props) {

const sendInvitation = () => {
Keyboard.dismiss();
// Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
Policy.addMembersToWorkspace(props.invitedEmailsToAccountIDsDraft, welcomeNote, props.route.params.policyID);
Policy.setWorkspaceInviteMembersDraft(props.route.params.policyID, {});
SearchInputManager.searchInput = '';
Expand Down
1 change: 1 addition & 0 deletions src/pages/workspace/WorkspaceMembersPage.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,7 @@ function WorkspaceMembersPage(props) {

/**
* Remove selected users from the workspace
* Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
*/
const removeUsers = () => {
if (!_.isEmpty(errors)) {
Expand Down
Loading