[$250] Send money - User can send money to group by modifying the URL to ../send/new/..

[lanitochka17]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Version Number: 1.3.81-6

Reproducible in staging?: Yes

Reproducible in production?: No. Send money is not available on prod

If this was caught during regression testing, add the test name, ID and link from TestRail:

Email or phone of affected tester (no customers):

Logs: https://stackoverflow.com/c/expensify/questions/4856

Expensify/Expensify Issue URL:

Issue reported by: Applause - Internal Team

Slack conversation:

Action Performed:

1. Go to staging.new.expensify.com
2. Go to any group chat
3. Modify the link to staging.new.expensify.com/send/new/<groupchat_ID>
4. Proceed with sending money process

Expected Result:

When navigating to staging.new.expensify.com/send/new/<groupchat_ID>, error should show up

Actual Result:

When navigating to staging.new.expensify.com/send/new/<groupchat_ID>, user can proceed with sending money to the group

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Android: Native

Android: mWeb Chrome

iOS: Native

iOS: mWeb Safari

MacOS: Chrome / Safari

Bug6233318_1697043967927.20231012_003356.mp4

MacOS: Desktop

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~018efda0f6a36aaf1e
• Upwork Job ID: 1712345985658458112
• Last Price Increase: 2023-10-12

[melvin-bot]

Triggered auto assignment to @muttmuure (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[OSBotify]

👋 Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open StagingDeployCash deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:

1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.

[melvin-bot]

Triggered auto assignment to @neil-marcellini (Engineering), see https://stackoverflow.com/c/expensify/questions/4319 for more details.

[alitoshmatov]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Send money - User can send money to group by modifying the URL to ../send/new/..

What is the root cause of that problem?

This problem exists for all kind of iou requests. We have not implemented any conditions to prevent such cases.
I found this comment describing a function which is used to show available iou actions in report + button. Based on this comment we can see which combinations are not allowed, like send request in non 1:1 chats, or split in 1:1 chats

App/src/libs/ReportUtils.js

Lines 3353 to 3376 in 8c73c2b

	/**
	* Helper method to define what money request options we want to show for particular method.
	* There are 3 money request options: Request, Split and Send:
	* - Request option should show for:
	* - DMs
	* - own policy expense chats
	* - open and processing expense reports tied to own policy expense chat
	* - unsettled IOU reports
	* - Send option should show for:
	* - DMs
	* - Split options should show for:
	* - chat/ policy rooms with more than 1 participants
	* - groups chats with 3 and more participants
	* - corporate workspace chats
	*
	* None of the options should show in chat threads or if there is some special Expensify account
	* as a participant of the report.
	*
	* @param {Object} report
	* @param {Array<Number>} reportParticipants
	* @returns {Array}
	*/
	function getMoneyRequestOptions(report, reportParticipants) {
	// In any thread or task report, we do not allow any new money requests yet

What changes do you think we should make in order to solve the problem?

We can leverage this getMoneyRequestOptions function to check if iou request is valid or not and show NotFoundPage in corresponding places
https://github.com/Expensify/App/blob/main/src/pages/iou/MoneyRequestSelectorPage.js#L92
like this:

<FullPageNotFoundView shouldShow={!IOUUtils.isValidMoneyRequestType(iouType) || (!isFromGlobalCreate && !ReportUtils.getMoneyRequestOptions(props.report,props. report.participantAccountIDs).includes(iouType))}>

This will ensure that combination of current report and iou type is allowed one, and prevent from unwanted cases.
Note that, we only apply this check if route has report params, not creating new without selecting report yet.

What alternative solutions did you explore? (Optional)

If this usage is confusing or overloads a function usage, we can create similar function which will check for above cases based on conditions similar to getMoneyRequestOptions conditions

[alitoshmatov]

I don't think this is Deploy blocker since we can reproduce similar issue using .../split/new/... in 1:1 chats.

[jasperhuangg]

cc @techievivek since this seems related to your recent Send Money PR

[neil-marcellini]

I'm removing the blocker label because this is a new feature we’re bringing back, we can’t easily revert it, and the fix won’t be super quick, so we should not block everything on it. Also the reproduction steps for this one are pretty weird.

[neil-marcellini]

I'm assuming we don't want to allow sending money to a group because it's unclear who the money is being sent to. If that's correct we should fix it on the backend too. I'm re-assigning this to @techievivek because it's related to a project he is working on.

[techievivek]

As mentioned by Ali this seems to happen for all iou requests so it makes sense not to hold this as a blocker, thanks for handling it.

If that's correct we should fix it on the backend too.

We expect to only see a singe user for send money requests so we are already handling this.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~018efda0f6a36aaf1e

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @hoangzinh (External)

[melvin-bot]

Upwork job price has been updated to $100

[ghost]

Dibs

[techievivek]

I think a minor fix is required here to prevent users from accessing send money or any other IOU flow, and we have the logic in the backend to help us deny such requests, so I have updated the bounty to only $100.

[hoangzinh]

@techievivek Given the fact that Contributors need to spend their time investigating the issue, make PR, recordings.. and waiting for 1->2 weeks to get payments. I think 100$ is too small to get attractive from them. I saw the minimum bounty in our issue pool is 250$. What do you think?

[melvin-bot]

Upwork job price has been updated to $250

[ghost]

Hey @techievivek i am interested please assign me

[techievivek]

@hannojg Updated it to 250, but I think these are minor fixes with no edge case(hopefully) and shouldn't take long other than just verifying it across platforms.

can you please review the proposal posted by Ali, thanks.

[esh-g]

@techievivek @muttmuure This issue is a dupe and will get fixed here: #26523

[hannojg]

@techievivek did you tag me by accident? I don't see why I was tagged

[hoangzinh]

same thought as @esh-g. The issue #26523 is requesting money, this issue is sending money. But because they share the same component. So looks like we can fix them together. cc @techievivek

[techievivek]

@hannojg

did you tag me by accident? I don't see why I was tagged

Sorry, I tagged you by accident 😄

[techievivek]

The issue #26523 is requesting money, this issue is sending money. But because they share the same component. So looks like we can fix them together.

Yes, that will be great.

[techievivek]

@alitoshmatov Do you mind posting your proposal to the other issue so we can tackle them all together.

[alitoshmatov]

@techievivek Looks like proposal(#26523 (comment)) provided in that issue is very similar to mine and solve the issue. So I think there is no need for my proposal

[techievivek]

This is a duplicate of #26523 so I will close this one.