[$250] Invoice - Receiver can send and pay their own invoice when receiver is also workspace admin

[IuliiaHerets]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: v9.0.18-7 Reproducible in staging?: Y Reproducible in production?: Y Email or phone of affected tester (no customers): applausetester+kh050806@applause.expensifail.com Issue reported by: Applause Internal Team

Action Performed:

1. Go to staging.new.expensify.com
2. [User A] Invite User B to workspace and promote User B to admin.
3. [User A] Send an invoice to User B from the same workspace in Step 2.
4. [User B] Go to invoice room.
5. [User B] Click + > Send invoice.
6. [User B] Send an invoice in the same workspace chat as invoice receiver.
7. [User B] Note that User B can send and pay their own invoice. Error will show up if User B pays their own invoice as business for the second time.

Expected Result:

User B (invoice receiver and also admin of the workspace) should not be able to pay the invoice that User B sends.

Actual Result:

User B (invoice receiver and also admin of the workspace) is able to pay the invoice that User B sends. When User B pays their own invoice as business for the second time, error shows up.

Workaround:

Unknown

Platforms:

• [x] Android: Native
• [x] Android: mWeb Chrome
• [x] iOS: Native
• [x] iOS: mWeb Safari
• [x] MacOS: Chrome / Safari
• [x] MacOS: Desktop

Screenshots/Videos

https://github.com/user-attachments/assets/58fd96d7-77ff-4297-9b9f-15a6758806a0

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01267eba2b7c7cce57
• Upwork Job ID: 1825637731328105082
• Last Price Increase: 2024-11-04

Issue Owner

Current Issue Owner: @shubham1206agra

[shubham1206agra]

@trjExpensify Bump agian

[davidcardoza]

Sorry I am not entirely clear what the question is. Can you please restate the problem?

[trjExpensify]

I totally missed these pings for some reason as well, my bad. Same boat as Doza, I don't really understand what we're doing in this issue or what the problem is.

[shubham1206agra]

@davidcardoza @trjExpensify In individual invoice creation, we fix the invoice payer using property in the report for the whole invoice room. So, should we create a separate invoice room when the invoice payer creates an invoice for the previous invoice creator? Please check the issue steps to get more clarity.

[davidcardoza]

I think I am following, referencing the OP the problem seems to be this:

User B (invoice receiver and also admin of the workspace) is able to pay the invoice that User B sends.

In short, users can currently pay their own invoices, which we should prevent. Let’s lock this down by hiding the "Pay" button in the IOU preview from the invoice sender.

[shubham1206agra]

In short, users can currently pay their own invoices, which we should prevent. Let’s lock this down by hiding the "Pay" button in the IOU preview from the invoice sender.

But user A can't pay this either. This is the problem we are facing.

[melvin-bot[bot]]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[MuaazArshad]

@shubham1206agra bump!

[melvin-bot[bot]]

@OfstadC, @shubham1206agra Huh... This is 4 days overdue. Who can take care of this?

[shubham1206agra]

@trjExpensify @davidcardoza Bump on https://github.com/Expensify/App/issues/47174#issuecomment-2375856373

[davidcardoza]

In your example you stated "[User A] Send an invoice to User B from the same workspace in Step 2." So in this case User A sent an invoice, so they shouldn't be able to pay their invoice. Perhaps you can record a new flow of this issue occurring to help us better conceptualize the workflow. That would be helpful.

[shubham1206agra]

@IuliiaHerets Can you ask for new recording from Applause?

[OfstadC]

I've asked Applause here

[m-natarajan]

In step 7: [User B] Note that User B can send and pay their own invoice. - Able to reproduce this still Error will show up if User B pays their own invoice as business for the second time. - Not reproduced now. Video:

https://github.com/user-attachments/assets/57098024-631f-4f6c-b661-958889f0ff5b

[melvin-bot[bot]]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[OfstadC]

Any further update @shubham1206agra ? 😃

[melvin-bot[bot]]

@OfstadC, @shubham1206agra Huh... This is 4 days overdue. Who can take care of this?

[melvin-bot[bot]]

@OfstadC, @shubham1206agra 6 days overdue. This is scarier than being forced to listen to Vogon poetry!

[OfstadC]

Bump @shubham1206agra

[shubham1206agra]

Waiting for @davidcardoza for response here

[melvin-bot[bot]]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot[bot]]

@OfstadC, @shubham1206agra Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[shubham1206agra]

@madmax330 Can you chime in here https://github.com/Expensify/App/issues/47174#issuecomment-2352859330?

[madmax330]

Is the issue that the sender of the invoice can pay the invoice? I assume we only want the receiver, or any admin in the receiving workspace to be able to pay the invoice right @davidcardoza

[MuaazArshad]

Bump @shubham1206agra @OfstadC

[melvin-bot[bot]]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot[bot]]

@OfstadC, @shubham1206agra Eep! 4 days overdue now. Issues have feelings too...

[OfstadC]

As noted here, we don't want anyone to be able to pay their own invoice. (Slack convo)

Can someone clarify where the confusion is 😅 ? I'm not sure what we are waiting on here @shubham1206agra @MuaazArshad

[shubham1206agra]

Ok The thing I am waiting on is that the logic in BE is wrong as the invoice room is locked for single payer, which should not happen

[melvin-bot[bot]]

@OfstadC, @shubham1206agra Whoops! This issue is 2 days overdue. Let's get this updated quick!

[melvin-bot[bot]]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot[bot]]

@OfstadC, @shubham1206agra 6 days overdue. This is scarier than being forced to listen to Vogon poetry!

[shubham1206agra]

I am not sure what should we do next here. Since this is stuck on decision.

[OfstadC]

I think I might be confused about where we are stuck here 😅

[shubham1206agra]

Wait let me start a thread on slack.

https://expensify.slack.com/archives/C01GTK53T8Q/p1730301321468289

[davidcardoza]

@shubham1206agra From what I’m seeing, it seems that we should restrict a user from paying invoices they send within the same workspace to prevent confusion or errors. Let me know if that aligns with your understanding or if there’s anything further to clarify!

[shubham1206agra]

@shubham1206agra From what I’m seeing, it seems that we should restrict a user from paying invoices they send within the same workspace to prevent confusion or errors. Let me know if that aligns with your understanding or if there’s anything further to clarify!

@davidcardoza I agree with this statement. But the problem is that the payer is getting locked to a single person, and hence other admins cannot do payout here. So shouldn't we do something here?

[melvin-bot[bot]]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot[bot]]

@OfstadC, @shubham1206agra Whoops! This issue is 2 days overdue. Let's get this updated quick!

[davidcardoza]

Yes we should fix that and open up the ability to pay an invoice to other admins in the invoice room.

[shubham1206agra]

@davidcardoza Can you take this internal then?