[Workspace Roles] Release 3: People Admin — Workflows Approvals page guards and write controls

[flodnv]

Part of the Workspace Roles project. Depends on Release 0 frontend and Release 3 Auth C++ backend.

Goal: Migrate all Workflows > Approvals pages from hardcoded admin checks to hasPolicyPermission(..., FEATURE.WORKFLOWS_APPROVALS, FEATURE_ACCESS.WRITE), giving People Admins full write access to approval configuration.

Pages to update (under src/pages/workspace/workflows/)

• WorkspaceWorkflowsPage.tsx — the main workflows toggle/overview: gate the Approvals toggle on FEATURE.WORKFLOWS_APPROVALS write; gate the Payments toggle on FEATURE.WORKFLOWS_PAYMENTS write (People Admin has approvals write but not payments write)
• WorkspaceWorkflowsApprovalPage.tsx
• WorkspaceWorkflowsApprovalsPage.tsx
• WorkspaceWorkflowsApprovalsExpensesPage.tsx
• WorkspaceWorkflowsAutoReportingPage.tsx
• WorkspaceWorkflowsAutoReportingFrequencyPage.tsx

Pattern to apply

// Before
if (!isPolicyAdmin(policy, currentUserLogin)) return null;

// After
if (!hasPolicyPermission(policy, currentUserLogin, CONST.POLICY.FEATURE.WORKFLOWS_APPROVALS, CONST.POLICY.FEATURE_ACCESS.WRITE)) return null;

Auditors (who have FEATURE_ACCESS.READ on WORKFLOWS_APPROVALS) should see the page in read-only mode — disable edit controls but allow viewing.

Issue Owner

Current Issue Owner: @ShridharGoel

[melvin-bot]

Triggered auto assignment to Design team member for new feature review - @shawnborton (NewFeature)