[HOLD for payment 2023-12-04] [$1000] Web - Displays "Hmm... it's not here" when click on Task by Anonymous User in a public room

[kbecciv]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Action Performed:

1. Create a task in any public room
2. Send any message in the chat report of task details
3. Back to the public room and copy public room URL
4. Open the public room URL in incognito mode
5. Tap on Task to go to Task details page

Expected Result:

Since tasks are essentially a thread with a done state - the anonymous user should be able to view the Task details, but should not be able to take any of the actions related to a task (complete task, edit)

Actual Result:

App displays "Hmm... it's not here"

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number: 1.3.44.0
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

Screen.Recording.2023-07-25.at.06.40.01.mov

Expensify/Expensify Issue URL:
Issue reported by: @hoangzinh
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1689950784101419

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0184f834df2c94f428
• Upwork Job ID: 1684551229979066368
• Last Price Increase: 2023-08-03

[melvin-bot]

Triggered auto assignment to @michaelhaxhiu (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[StevenKKC]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Displays "Hmm... it's not here" when click on Task by Anonymous User in a public room.

What is the root cause of that problem?

When click on task, the following code is called.

App/src/components/ReportActionItem/TaskPreview.js

Lines 75 to 76 in ff54c9e

	<PressableWithoutFeedback
	onPress={() => Navigation.navigate(ROUTES.getReportRoute(props.taskReportID))}

There is no checking whether user is anonymous, so the user is navigated to the task detail page.
But BE responds with "You do not have the permission to do the requested action.", so "Hmm... it's not here" is displayed.

What changes do you think we should make in order to solve the problem?

We should add session check as below.

	onPress={Session.checkIfActionIsAllowed(() => Navigation.navigate(ROUTES.getReportRoute(props.taskReportID)))}

What alternative solutions did you explore? (Optional)

None.

[thienlnam]

Since tasks are essentially a thread with a done state - the anonymous user should be able to view the thread details, but should not be able to take any of the actions related to a task (complete task, edit)
So we should get a bug created to fix this so that an anonymous user can view task details in a public room always as the expected result

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~0184f834df2c94f428

[melvin-bot]

Current assignee @michaelhaxhiu is eligible for the External assigner, not assigning anyone new.

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @abdulrahuman5196 (External)

[michaelhaxhiu]

Agree 100% with @thienlnam

[BhuvaneshPatil]

This needs to be worked upon the backend.
currently we don't have permission to fetch the report.

[abdulrahuman5196]

Reviewing today

[abdulrahuman5196]

@thienlnam I am too seeing this error on openReport api when click on task from public room by anonymous user. We should check on this in backend.

On a side note: During testing for the first time the task details actually opened for me. But after that I am seeing this issue. Not sure if backend sent something different during first time.

So we should check in backend first

[thienlnam]

Yeah agreed, let's get this internal and see what the issue is

[melvin-bot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot]

Current assignee @abdulrahuman5196 is eligible for the Internal assigner, not assigning anyone new.

[marcochavezf]

No update

[marcochavezf]

No update

[miljakljajic]

Given this has been internal since August without much movement, is this low priority enough to close?

[marcochavezf]

I have a backend fix for this in this PR. I noticed we'd still need to limit the anonymous user to mark the task as done (it will be fixed in a second PR).

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.3-11 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Add Session check for TaskHeaderActionButton #31200

If no regressions arise, payment will be issued on 2023-12-04. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

For reference, here are some details about the assignees on this issue:

• @abdulrahuman5196 requires payment
• @hoangzinh requires payment

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@abdulrahuman5196] The PR that introduced the bug has been identified. Link to the PR:
• [@abdulrahuman5196] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@abdulrahuman5196] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@abdulrahuman5196] Determine if we should create a regression test for this bug.
• [@abdulrahuman5196] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@miljakljajic] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[miljakljajic]

Offers extended to @hoangzinh and @abdulrahuman5196! I'll pay as soon as you accept them.

[hoangzinh]

Accepted. Thanks @miljakljajic

[miljakljajic]

Both payments complete!