[CRITICAL] Incorrect previousReportActionID for whispers from workspace invite #34982
Comments
roryabraham
added
Daily
|
Triggered auto assignment to @michaelhaxhiu ( |
|
Job added to Upwork: https://www.upwork.com/jobs/~01d5dec33974b22a01 |
|
Triggered auto assignment to Contributor Plus for review of internal employee PR - @fedirjh ( |
|
I can grab this one. |
|
Following the trail and it should be getting the previous action from here in Auth. This appears to work fine for me locally. @roryabraham do you have any more information about this? |
|
Gonna swap this one for #34982 for now as I don't quite understand what we are trying to fix here and the other one is much clearer to me. |
|
Found this thread and left a comment there. |
|
Seems like we are down to two possible solutions here. Not sure if we are ready to move forward yet. |
|
The path I went down is likely wrong. Seeing if we can pivot. Asked for help in Slack here. |
|
There was some more discussion here today. I am not sure if we have reached a 100% clear consensus - will bump some people for additional feedback on Monday. The latest proposal is to ensure that whisper reportActions are always sent to all participants. I did a quick audit of where all of the different kinds of whispers we have originate in Auth (we will need to ensure that if the Onyx updates are sent from Auth we send them to all participants)...
(likely used in more places)
(likely used in more places) Report previews: (Used in many places) IOU report action:
That breaks out to a lot of stuff that we are going to have to audit and ensure that the correct updates are happening from within Auth. Luckily, we are mainly sending updates via Web-Expensify which are easy enough to spot by looking at the Web-Expensify repo search results here. My recommendation would be to break this up into several smaller issues so we can audit one flow at a time, write tests, and ensure the whisper messages are sent to all clients regardless of whether they are in the Another I picked this up thinking it would be much less involved than it was. After looking into this for a bit I don't think I have the bandwidth to do it all. But happy to help keep pushing it towards a solution for now! |
|
Great conversation happening in #engineering-chat for this one. Put it to a vote here - I think the right path is to start sending whispers to everyone, but it's a big change so I'd like a bit more consensus before we dive down the 🐰 🕳️ . |
|
Alright so, quick update here. This issue has turned out to be significantly more challenging than initially anticipated. I'm going to step out of the way for now since I already have a large project I'm working on. This was a fun investigation though so hopefully what I have to share makes sense and can easily be picked up by someone (feel free to ask me questions if not). My recommendation based on the initial research is that we do these things in this order:
I think if we do all that we should be in a pretty good spot. |
|
Going to unassign @michaelhaxhiu and @fedirjh to make it clear this issue is currently not assigned to an internal engineer who can push it forward. |
|
last status on Slack here |
|
@Beamanator approved the App PR, but because perf-tests were failing, his approval was dismissed when I pushed a fix. |
|
@johncschuster @cristipaval this issue is now 3 weeks old. There is one more week left before this issue breaks WAQ. What needs to happen to get a PR in review this week? Please create a thread in #expensify-open-source to discuss. Thanks! |
|
The App PR is merged, once it hits production, we need to deprecate the older App versions and proceed with merging the Web-E PR |
|
Update: While reviewing the Web-E PR, @marcaaron raised a great point that we need to mute the push notifications for whispers targeted to others in the front end for web and desktop Apps. Here is another App PR that fixes that, is merged, and deployed to staging. Once that hits production, the Web-E PR can merge whenever approved. |
|
Update:
|
|
@johncschuster @cristipaval this issue is now 4 weeks old and preventing us from maintaining WAQ. This should now be your highest priority. Please post below what your plan is to get a PR in review ASAP. Thanks! |
|
This is HOLD this week, we'll merge Web-E PR after the merge freeze |
|
We'll deprecate the App version today and merge the Web-E PR |
|
Web-E PR is merged |
|
Update: Web-E PR is in staging. I'm actively addressing all the feedback on the Auth PR and doing my best to have it deployed tomorrow. |
|
This is now in production |
github-project-automation
bot
moved this from MEDIUM
to Done
in [#whatsnext] Wave 06 - Collect Submitters
Problem
Inviting someone to a workspace will lead the inviter to repeatedly attempt to load whisper actions they can’t access (see the first image from Taras’ post here)
Reproduction:
Must be tested in connection with #30269
previousReportActionIDequal to the whisper message meant only for User B.Expectation:
CREATEDaction for this workspace report instead of an infinite load.Important note: This is but one example, but we are assuming the same problem would exist anywhere a whisper exists.
Observations:
Deleted comments do not suffer the same problem because all users can still access the report action itself.
Whispers can be “hidden” from the front end if the current user’s accountID is not present in the reportAction.message.whisperedTo accountID array.
Solution:
Stop filtering out whisper messages on a per user level and treat them similar to deleted report actions (i.e. everyone can access them so they pose no problems for Comment Linking).
More context here about this decision is in this Slack thread.
Upwork Automation - Do Not Edit
The text was updated successfully, but these errors were encountered: