Merge pull request #34987 from waterim/feat-33575

Feature: new security section, links

README.md

@@ -16,6 +16,7 @@
 * [Debugging](#debugging)
 * [App Structure and Conventions](#app-structure-and-conventions)
 * [Philosophy](#Philosophy)
+* [Security](#Security)
 * [Internationalization](#Internationalization)
 * [Deploying](#deploying)
 
@@ -395,6 +396,117 @@ This application is built with the following principles.
 
 ----
 
+# Security
+Updated rules for managing members across all types of chats in New Expensify.
+
+- **Nobody can leave or be removed from something they were automatically added to. For example:**
+
+    - DM members can't leave or be removed from their DMs
+    - Members can't leave or be removed from their own workspace chats
+    - Admins can't leave or be removed from workspace chats
+    - Members can't leave or be removed from the #announce room
+    - Admins can't leave or be removed from #admins
+    - Domain members can't leave or be removed from their domain chat
+    - Report submitters can't leave or be removed from their reports 
+    - Report managers can't leave or be removed from their reports 
+    - Group owners cannot be removed from their groups - they need to transfer ownership first
+- **Excepting the above, admins can remove anyone. For example:**
+    - Group admins can remove other group admins, as well as group members
+    - Workspace admins can remove other workspace admins, as well as workspace members, and invited guests
+- **Excepting the above, members can remove guests. For example:**
+    - Workspace members can remove non-workspace guests.
+- **Excepting the above, anybody can remove themselves from any object**
+
+1. ### DM
+    |  | Member
+    | :---: | :---: 
+    | **Invite** | ❌ 
+    | **Remove** | ❌ 
+    | **Leave**  | ❌ 
+    | **Can be removed**  | ❌
+- DM always has two participants. None of the participant can leave or be removed from the DM. Also no additional member can be invited to the chat.
+
+2. ### Workspace
+    1. #### Workspace
+        |   |  Creator  |  Member(Employee/User) | Admin |  Auditor?
+        | :---: | :---:  |  :---: | :---: | :---: 
+        | **Invite** | ✅ |  ❌ |  ✅ | ❌
+        | **Remove** | ✅ |  ❌ |  ✅ | ❌
+        | **Leave**  | ❌ |  ✅ |  ❌ | ✅
+        | **Can be removed**  | ❌ |  ✅ | ✅ | ✅
+
+        - Creator can't leave or be removed from their own workspace
+        - Admins can't leave from the workspace
+        - Admins can remove other workspace admins, as well as workspace members, and invited guests
+        - Creator can remove other workspace admins, as well as workspace members, and invited guests
+        - Members and Auditors cannot invite or remove anyone from the workspace
+
+    2. #### Workspace #announce room
+        |   |  Member(Employee/User) | Admin |  Auditor?
+        | :---: | :---:  |  :---: | :---: 
+        | **Invite** | ❌ |  ❌ |  ❌
+        | **Remove** | ❌ |  ❌ |  ❌
+        | **Leave**  | ❌ |  ❌ |  ❌
+        | **Can be removed**  | ❌ |  ❌ |  ❌ |
+
+       - No one can leave or be removed from the #announce room
+
+    3. #### Workspace #admin room
+        |   |  Admin |
+        | :---: | :---: 
+        | **Invite** | ❌  
+        | **Remove** | ❌   
+        | **Leave**  | ❌ 
+        | **Can be removed**  | ❌
+
+        - Admins can't leave or be removed from #admins
+
+    4. #### Workspace rooms
+        |   |  Creator | Member | Guest(outside of the workspace)
+        | :---: | :---:  |  :---: | :---:
+        | **Invite** | ✅ | ✅ | ✅
+        | **Remove** | ✅ | ✅ | ❌
+        | **Leave**  | ✅ | ✅ | ✅
+        | **Can be removed**  | ✅ | ✅ | ✅
+
+        - Everyone can be removed/can leave from the room including creator
+        - Guests are not able to remove anyone from the room
+
+    4. #### Workspace chats
+        |   |  Admin | Member(default) | Member(invited)  
+        | :---: | :---:  |  :---:  |  :---:
+        | **Invite** | ✅ |  ✅ | ❌
+        | **Remove** | ✅ |  ✅ | ❌  
+        | **Leave**  | ❌ |  ❌  | ✅
+        | **Can be removed**  | ❌ | ❌ | ✅
+
+        - Admins are not able to leave/be removed from the workspace chat
+        - Default members(automatically invited) are not able to leave/be removed from the workspace chat
+        - Invited members(invited by members) are not able to invite or remove from the workspace chat
+        - Invited members(invited by members) are able to leave the workspace chat
+        - Default members and admins are able to remove invited members
+
+3. ### Domain chat
+    |   |  Member
+    | :---: | :---:  
+    | **Remove** | ❌ 
+    | **Leave**  | ❌ 
+    | **Can be removed**  | ❌ 
+
+- Domain members can't leave or be removed from their domain chat
+
+4. ### Reports
+    |   |  Submitter | Manager
+    | :---: | :---:  | :---:  
+    | **Remove** | ❌ | ❌
+    | **Leave**  | ❌ | ❌
+    | **Can be removed**  | ❌ | ❌
+
+- Report submitters can't leave or be removed from their reports (eg, if they are the report.accountID)
+- Report managers can't leave or be removed from their reports (eg, if they are the report.managerID)
+
+----
+
 # Internationalization
 This application is built with Internationalization (I18n) / Localization (L10n) support, so it's important to always
 localize the following types of data when presented to the user (even accessibility texts that are not rendered):

src/libs/actions/Policy.ts

@@ -418,6 +418,7 @@ function removeOptimisticAnnounceRoomMembers(policyID: string, accountIDs: numbe
 
 /**
  * Remove the passed members from the policy employeeList
+ * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
  */
 function removeMembers(accountIDs: number[], policyID: string) {
     // In case user selects only themselves (admin), their email will be filtered out and the members
@@ -635,6 +636,7 @@ function createPolicyExpenseChats(policyID: string, invitedEmailsToAccountIDs: I
 
 /**
  * Adds members to the specified workspace/policyID
+ * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
  */
 function addMembersToWorkspace(invitedEmailsToAccountIDs: InvitedEmailsToAccountIDs, welcomeNote: string, policyID: string) {
     const membersListKey = `${ONYXKEYS.COLLECTION.POLICY_MEMBERS}${policyID}` as const;

src/libs/actions/Report.ts

@@ -2367,7 +2367,9 @@ function inviteToRoom(reportID: string, inviteeEmailsToAccountIDs: Record<string
     API.write(WRITE_COMMANDS.INVITE_TO_ROOM, parameters, {optimisticData, successData, failureData});
 }
 
-/** Removes people from a room */
+/** Removes people from a room
+ *  Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
+ */
 function removeFromRoom(reportID: string, targetAccountIDs: number[]) {
     const report = currentReportData?.[reportID];
 

src/pages/RoomMembersPage.js

@@ -100,6 +100,7 @@ function RoomMembersPage(props) {
 
     /**
      * Remove selected users from the room
+     * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
      */
     const removeUsers = () => {
         Report.removeFromRoom(props.report.reportID, selectedMembers);

src/pages/workspace/WorkspaceInviteMessagePage.tsx

@@ -82,6 +82,7 @@ function WorkspaceInviteMessagePage({workspaceInviteMessageDraft, invitedEmailsT
 
     const sendInvitation = () => {
         Keyboard.dismiss();
+        // Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
         Policy.addMembersToWorkspace(invitedEmailsToAccountIDsDraft ?? {}, welcomeNote ?? '', route.params.policyID);
         Policy.setWorkspaceInviteMembersDraft(route.params.policyID, {});
         SearchInputManager.searchInput = '';

src/pages/workspace/WorkspaceMembersPage.js

@@ -188,6 +188,7 @@ function WorkspaceMembersPage(props) {
 
     /**
      * Remove selected users from the workspace
+     * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details
      */
     const removeUsers = () => {
         if (!_.isEmpty(errors)) {