From acb9b6399b1849f205793118365ba8d362b48049 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Tue, 23 Jan 2024 20:08:03 +0100 Subject: [PATCH 01/10] security page, links --- README.md | 61 +++++++++++++++++++ src/libs/actions/Policy.ts | 2 + src/libs/actions/Report.ts | 4 +- src/pages/RoomMembersPage.js | 1 + .../workspace/WorkspaceInviteMessagePage.js | 1 + src/pages/workspace/WorkspaceMembersPage.js | 1 + 6 files changed, 69 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f6629af8604d..f9617c32b97a 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ * [Debugging](#debugging) * [App Structure and Conventions](#app-structure-and-conventions) * [Philosophy](#Philosophy) +* [Security](#Security) * [Internationalization](#Internationalization) * [Deploying](#deploying) @@ -394,6 +395,66 @@ This application is built with the following principles. ---- +# Security +Updated rules for managing all types of chats (add/remove people) + +1. ### DM + | | Member + | :---: | :---: + | **Invite** | ❌ + | **Remove** | ❌ + | **Leave** | ❌ + | **Can be removed** | ❌ + +2. ### Workspace + 1. #### Workspace + | | Creator | Member(Employee/User) | Admin | Auditor? + | :---: | :---: | :---: | :---: | :---: + | **Invite** | ✅ | ❌ | ✅ | ❌ + | **Remove** | ✅ | ❌ | ✅ | ❌ + | **Leave** | ❌ | ❌ | ❌ | ❌ + | **Can be removed** | ❌ | ✅ | ✅ | ✅ + + 2. #### Workspace #announce room + | | Member(Employee/User) | Admin | Auditor? + | :---: | :---: | :---: | :---: + | **Invite** | ❌ | ❌ | ❌ + | **Remove** | ❌ | ❌ | ❌ + | **Leave** | ❌ | ❌ | ❌ + | **Can be removed** | ❌ | ❌ | ❌ | + + 3. #### Workspace #admin room + | | Admin | + | :---: | :---: + | **Invite** | ❌ + | **Remove** | ❌ + | **Leave** | ❌ + | **Can be removed** | ❌ + + 4. #### Workspace rooms + | | Creator | Member | + | :---: | :---: | :---: + | **Invite** | ✅ | ✅ + | **Remove** | ✅ | ✅ + | **Leave** | ❌ | ❌ + | **Can be removed** | ✅ | ✅ + +3. ### Domain chat + | | Member + | :---: | :---: + | **Remove** | ❌ + | **Leave** | ❌ + | **Can be removed** | ❌ + +4. ### Reports + | | Submitter | Manager + | :---: | :---: | :---: + | **Remove** | ❌ | ❌ + | **Leave** | ❌ | ❌ + | **Can be removed** | ❌ | ❌ + +---- + # Internationalization This application is built with Internationalization (I18n) / Localization (L10n) support, so it's important to always localize the following types of data when presented to the user (even accessibility texts that are not rendered): diff --git a/src/libs/actions/Policy.ts b/src/libs/actions/Policy.ts index cbbc00dd42fc..01584c57b09d 100644 --- a/src/libs/actions/Policy.ts +++ b/src/libs/actions/Policy.ts @@ -375,6 +375,7 @@ function removeOptimisticAnnounceRoomMembers(policyID: string, accountIDs: numbe /** * Remove the passed members from the policy employeeList + * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details */ function removeMembers(accountIDs: number[], policyID: string) { // In case user selects only themselves (admin), their email will be filtered out and the members @@ -597,6 +598,7 @@ function createPolicyExpenseChats(policyID: string, invitedEmailsToAccountIDs: R /** * Adds members to the specified workspace/policyID + * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details */ function addMembersToWorkspace(invitedEmailsToAccountIDs: Record, welcomeNote: string, policyID: string) { const membersListKey = `${ONYXKEYS.COLLECTION.POLICY_MEMBERS}${policyID}` as const; diff --git a/src/libs/actions/Report.ts b/src/libs/actions/Report.ts index 2ac85dfafa27..52351c1b6ae0 100644 --- a/src/libs/actions/Report.ts +++ b/src/libs/actions/Report.ts @@ -2236,7 +2236,9 @@ function inviteToRoom(reportID: string, inviteeEmailsToAccountIDs: Record { Report.removeFromRoom(props.report.reportID, selectedMembers); diff --git a/src/pages/workspace/WorkspaceInviteMessagePage.js b/src/pages/workspace/WorkspaceInviteMessagePage.js index 00bdce30891a..976caaf4aa26 100644 --- a/src/pages/workspace/WorkspaceInviteMessagePage.js +++ b/src/pages/workspace/WorkspaceInviteMessagePage.js @@ -99,6 +99,7 @@ function WorkspaceInviteMessagePage(props) { const sendInvitation = () => { Keyboard.dismiss(); + // Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details Policy.addMembersToWorkspace(props.invitedEmailsToAccountIDsDraft, welcomeNote, props.route.params.policyID); Policy.setWorkspaceInviteMembersDraft(props.route.params.policyID, {}); SearchInputManager.searchInput = ''; diff --git a/src/pages/workspace/WorkspaceMembersPage.js b/src/pages/workspace/WorkspaceMembersPage.js index 92bc5ecc8e9c..85efeb02ab51 100644 --- a/src/pages/workspace/WorkspaceMembersPage.js +++ b/src/pages/workspace/WorkspaceMembersPage.js @@ -184,6 +184,7 @@ function WorkspaceMembersPage(props) { /** * Remove selected users from the workspace + * Please see https://github.com/Expensify/App/blob/main/README.md#Security for more details */ const removeUsers = () => { if (!_.isEmpty(errors)) { From 1fd5c8f8ad366ec1256065bfdcfc1d1bef4a1c46 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Mon, 29 Jan 2024 18:15:08 +0100 Subject: [PATCH 02/10] update doc --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index f9617c32b97a..8016a6b460fb 100644 --- a/README.md +++ b/README.md @@ -439,6 +439,14 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ❌ | **Can be removed** | ✅ | ✅ + 4. #### Workspace chats + | | Creator(Admin) | Member + | :---: | :---: | :---: + | **Invite** | ❌ | ❌ + | **Remove** | ❌ | ❌ + | **Leave** | ❌ | ❌ + | **Can be removed** | ❌ | ❌ + 3. ### Domain chat | | Member | :---: | :---: From b4ebc8062da9fe710fce1be97263e8ae5c48aa97 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Mon, 29 Jan 2024 18:15:38 +0100 Subject: [PATCH 03/10] update workspace room doc --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8016a6b460fb..d2938c1d4a90 100644 --- a/README.md +++ b/README.md @@ -436,7 +436,7 @@ Updated rules for managing all types of chats (add/remove people) | :---: | :---: | :---: | **Invite** | ✅ | ✅ | **Remove** | ✅ | ✅ - | **Leave** | ❌ | ❌ + | **Leave** | ✅ | ✅ | **Can be removed** | ✅ | ✅ 4. #### Workspace chats From d51ac98ea8172a6ef7755283d770921ca58c7d10 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Mon, 29 Jan 2024 18:50:59 +0100 Subject: [PATCH 04/10] updated workspace rules --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index d2938c1d4a90..d188be9c475b 100644 --- a/README.md +++ b/README.md @@ -412,7 +412,7 @@ Updated rules for managing all types of chats (add/remove people) | :---: | :---: | :---: | :---: | :---: | **Invite** | ✅ | ❌ | ✅ | ❌ | **Remove** | ✅ | ❌ | ✅ | ❌ - | **Leave** | ❌ | ❌ | ❌ | ❌ + | **Leave** | ❌ | ✅ | ❌ | ✅ | **Can be removed** | ❌ | ✅ | ✅ | ✅ 2. #### Workspace #announce room @@ -440,12 +440,12 @@ Updated rules for managing all types of chats (add/remove people) | **Can be removed** | ✅ | ✅ 4. #### Workspace chats - | | Creator(Admin) | Member - | :---: | :---: | :---: - | **Invite** | ❌ | ❌ - | **Remove** | ❌ | ❌ - | **Leave** | ❌ | ❌ - | **Can be removed** | ❌ | ❌ + | | Admin | Member(default) | Member(invited) + | :---: | :---: | :---: | :---: + | **Invite** | ✅ | ✅ | ❌ + | **Remove** | ✅ | ✅ | ❌ + | **Leave** | ❌ | ❌ | ✅ + | **Can be removed** | ❌ | ❌ | ✅ 3. ### Domain chat | | Member From c1955e599f00f90bb4d98efb8849f24d8f693590 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Mon, 5 Feb 2024 16:37:25 +0100 Subject: [PATCH 05/10] updated workspace room --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d188be9c475b..075881cde7d6 100644 --- a/README.md +++ b/README.md @@ -432,12 +432,12 @@ Updated rules for managing all types of chats (add/remove people) | **Can be removed** | ❌ 4. #### Workspace rooms - | | Creator | Member | - | :---: | :---: | :---: - | **Invite** | ✅ | ✅ - | **Remove** | ✅ | ✅ - | **Leave** | ✅ | ✅ - | **Can be removed** | ✅ | ✅ + | | Creator | Member | Guest(outside of the workspace) + | :---: | :---: | :---: | :---: + | **Invite** | ✅ | ✅ | ✅ + | **Remove** | ✅ | ✅ | ❌ + | **Leave** | ✅ | ✅ | ✅ + | **Can be removed** | ✅ | ✅ | ✅ 4. #### Workspace chats | | Admin | Member(default) | Member(invited) From 443ddece90380e0bcfbe4eb3de0d022e4f22930c Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Tue, 6 Feb 2024 13:13:08 +0100 Subject: [PATCH 06/10] updated security section text --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index f173dcbaa60d..073e5c4923dd 100644 --- a/README.md +++ b/README.md @@ -399,6 +399,7 @@ This application is built with the following principles. # Security Updated rules for managing all types of chats (add/remove people) + 1. ### DM | | Member | :---: | :---: @@ -406,6 +407,7 @@ Updated rules for managing all types of chats (add/remove people) | **Remove** | ❌ | **Leave** | ❌ | **Can be removed** | ❌ +- **DM the only ever have 2 participants** 2. ### Workspace 1. #### Workspace @@ -416,6 +418,12 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ✅ | ❌ | ✅ | **Can be removed** | ❌ | ✅ | ✅ | ✅ + - **Creator can't leave or be removed from their own workspace** + - **Admins can't leave from the workspace** + - **Admins can remove other workspace admins, as well as workspace members, and invited guests** + - **Creator can remove other workspace admins, as well as workspace members, and invited guests** + - **Members and Auditoes can't invite or remove from the workspace they were invited to** + 2. #### Workspace #announce room | | Member(Employee/User) | Admin | Auditor? | :---: | :---: | :---: | :---: @@ -424,6 +432,8 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ❌ | ❌ | **Can be removed** | ❌ | ❌ | ❌ | + - **All members can't leave or be removed from the #announce room** + 3. #### Workspace #admin room | | Admin | | :---: | :---: @@ -431,6 +441,8 @@ Updated rules for managing all types of chats (add/remove people) | **Remove** | ❌ | **Leave** | ❌ | **Can be removed** | ❌ + + - **Admins can't leave or be removed from #admins** 4. #### Workspace rooms | | Creator | Member | Guest(outside of the workspace) @@ -440,6 +452,9 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ✅ | ✅ | ✅ | **Can be removed** | ✅ | ✅ | ✅ + - **Everyone can be removed/can leave from the rooms(creator as well)** + - **Only guests are not able to remove from the room** + 4. #### Workspace chats | | Admin | Member(default) | Member(invited) | :---: | :---: | :---: | :---: @@ -448,6 +463,12 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ❌ | ✅ | **Can be removed** | ❌ | ❌ | ✅ + - **Admins are not able to leave/be removed from the workspace chat** + - **Default members(automatically invited) are not able to leave/be removed from the workspace chat** + - **Invited members(invited by members) are not able to invite or remove from the workspace chat** + - **Invited members(invited by members) are able to leave the workspace chat** + - **Default members and admins are able to remove invited members** + 3. ### Domain chat | | Member | :---: | :---: @@ -455,6 +476,8 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | **Can be removed** | ❌ +- **Domain members can't leave or be removed from their domain chat** + 4. ### Reports | | Submitter | Manager | :---: | :---: | :---: @@ -462,6 +485,9 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ❌ | **Can be removed** | ❌ | ❌ +- **Report submitters can't leave or be removed from their reports (eg, if they are the report.accountID)** +- **Report managers can't leave or be removed from their reports (eg, if they are the report.managerID)** + ---- # Internationalization From 78d8eef58d202af2f649211af5094e91b03a2e19 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Thu, 8 Feb 2024 13:25:33 +0100 Subject: [PATCH 07/10] updated security section --- README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 073e5c4923dd..9be42acb59a0 100644 --- a/README.md +++ b/README.md @@ -397,7 +397,7 @@ This application is built with the following principles. ---- # Security -Updated rules for managing all types of chats (add/remove people) +Updated rules for managing members across all types of chats in New Expensify 1. ### DM @@ -407,7 +407,7 @@ Updated rules for managing all types of chats (add/remove people) | **Remove** | ❌ | **Leave** | ❌ | **Can be removed** | ❌ -- **DM the only ever have 2 participants** +- DM always has two participants. None of the participant can leave or be removed from the DM. Also no additional member can be invited to the chat. 2. ### Workspace 1. #### Workspace @@ -418,11 +418,11 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ✅ | ❌ | ✅ | **Can be removed** | ❌ | ✅ | ✅ | ✅ - - **Creator can't leave or be removed from their own workspace** - - **Admins can't leave from the workspace** - - **Admins can remove other workspace admins, as well as workspace members, and invited guests** - - **Creator can remove other workspace admins, as well as workspace members, and invited guests** - - **Members and Auditoes can't invite or remove from the workspace they were invited to** + - Creator can't leave or be removed from their own workspace + - Admins can't leave from the workspace + - Admins can remove other workspace admins, as well as workspace members, and invited guests + - Creator can remove other workspace admins, as well as workspace members, and invited guests + - Members and Auditors cannot invite or remove anyone from the workspace 2. #### Workspace #announce room | | Member(Employee/User) | Admin | Auditor? @@ -432,7 +432,7 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ❌ | ❌ | **Can be removed** | ❌ | ❌ | ❌ | - - **All members can't leave or be removed from the #announce room** + - No one can leave or be removed from the #announce room 3. #### Workspace #admin room | | Admin | @@ -442,7 +442,7 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | **Can be removed** | ❌ - - **Admins can't leave or be removed from #admins** + - Admins can't leave or be removed from #admins 4. #### Workspace rooms | | Creator | Member | Guest(outside of the workspace) @@ -452,8 +452,8 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ✅ | ✅ | ✅ | **Can be removed** | ✅ | ✅ | ✅ - - **Everyone can be removed/can leave from the rooms(creator as well)** - - **Only guests are not able to remove from the room** + - Everyone can be removed/can leave from the room including creator + - Guests are not able to remove anyone from the room 4. #### Workspace chats | | Admin | Member(default) | Member(invited) @@ -463,11 +463,11 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ❌ | ✅ | **Can be removed** | ❌ | ❌ | ✅ - - **Admins are not able to leave/be removed from the workspace chat** - - **Default members(automatically invited) are not able to leave/be removed from the workspace chat** - - **Invited members(invited by members) are not able to invite or remove from the workspace chat** - - **Invited members(invited by members) are able to leave the workspace chat** - - **Default members and admins are able to remove invited members** + - Admins are not able to leave/be removed from the workspace chat + - Default members(automatically invited) are not able to leave/be removed from the workspace chat + - Invited members(invited by members) are not able to invite or remove from the workspace chat + - Invited members(invited by members) are able to leave the workspace chat + - Default members and admins are able to remove invited members 3. ### Domain chat | | Member @@ -476,7 +476,7 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | **Can be removed** | ❌ -- **Domain members can't leave or be removed from their domain chat** +- Domain members can't leave or be removed from their domain chat 4. ### Reports | | Submitter | Manager @@ -485,8 +485,8 @@ Updated rules for managing all types of chats (add/remove people) | **Leave** | ❌ | ❌ | **Can be removed** | ❌ | ❌ -- **Report submitters can't leave or be removed from their reports (eg, if they are the report.accountID)** -- **Report managers can't leave or be removed from their reports (eg, if they are the report.managerID)** +- Report submitters can't leave or be removed from their reports (eg, if they are the report.accountID) +- Report managers can't leave or be removed from their reports (eg, if they are the report.managerID) ---- From ce443d02d6b642387c9f285835f4ce323aed8b33 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Mon, 12 Feb 2024 16:00:01 +0100 Subject: [PATCH 08/10] updated security page --- README.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9be42acb59a0..fa2af3c25a47 100644 --- a/README.md +++ b/README.md @@ -397,7 +397,27 @@ This application is built with the following principles. ---- # Security -Updated rules for managing members across all types of chats in New Expensify +Updated rules for managing members across all types of chats in New Expensify. + +- **Nobody can leave or be removed from something they were automatically added to. For example:** + + - DM members can't leave or be removed from their DMs + - Members can't leave or be removed from their own workspace chats + - Admins can't leave or be removed from workspace chats + - Members can't leave or be removed from the #announce room + - Admins can't leave or be removed from #admins + - Domain members can't leave or be removed from their domain chat + - Report submitters can't leave or be removed from their reports (eg, if they are the report.accountID) + - Report managers can't leave or be removed from their reports (eg, if they are the report.managerID) + - Group owners cannot be removed from their groups - they need to transfer ownership first +- **Excepting the above, admins can remove anyone. For example:** + - Group admins can remove other group admins, as well as group members + - Workspace admins can remove other workspace admins, as well as workspace members, and invited guests +- **Excepting the above, members can remove guests. For example:** + - Workspace members can remove non-workspace guests. +- **Excepting the above, anybody can remove themselves from any object** + + 1. ### DM From 9db2e5146d1378b233f2fd5530a0f68f23923d4f Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Tue, 13 Feb 2024 12:13:25 +0100 Subject: [PATCH 09/10] updated --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fa2af3c25a47..cec3f9ab1065 100644 --- a/README.md +++ b/README.md @@ -407,8 +407,8 @@ Updated rules for managing members across all types of chats in New Expensify. - Members can't leave or be removed from the #announce room - Admins can't leave or be removed from #admins - Domain members can't leave or be removed from their domain chat - - Report submitters can't leave or be removed from their reports (eg, if they are the report.accountID) - - Report managers can't leave or be removed from their reports (eg, if they are the report.managerID) + - Report submitters can't leave or be removed from their reports + - Report managers can't leave or be removed from their reports - Group owners cannot be removed from their groups - they need to transfer ownership first - **Excepting the above, admins can remove anyone. For example:** - Group admins can remove other group admins, as well as group members From c2a7cbaec6fc1750374d44ebb7486b0022079582 Mon Sep 17 00:00:00 2001 From: Artem Makushov Date: Tue, 13 Feb 2024 13:18:46 +0100 Subject: [PATCH 10/10] fix --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index cec3f9ab1065..24fa343f0d45 100644 --- a/README.md +++ b/README.md @@ -417,9 +417,6 @@ Updated rules for managing members across all types of chats in New Expensify. - Workspace members can remove non-workspace guests. - **Excepting the above, anybody can remove themselves from any object** - - - 1. ### DM | | Member | :---: | :---: