[Workspace Roles] Release 4: Payments Admin — Workflows Payments page guards, write controls, and role picker

[flodnv]

Part of the Workspace Roles project. Depends on Release 0 frontend and Release 4 Auth C++ backend.

Goal: Surface the "Payments Admin" role in the workspace UI and gate Workflows > Payments pages on FEATURE.WORKFLOWS_PAYMENTS write access. Payments Admins can configure and trigger reimbursements; they can also be selected as the workspace payer.

Member list & role picker (src/pages/workspace/WorkspaceMembersPage.tsx)

• Add "Payments Admin" as a selectable role in the role dropdown (alongside Admin, Auditor, Card Admin, People Admin, User)
• Add a "Payments Admin" badge/label for members with role === CONST.POLICY.ROLE.PAYMENTS_ADMIN

Imported-members CSV (src/pages/workspace/members/ImportedMembersConfirmationPage.tsx)

• Add paymentAdmin as a selectable option

Workflows payer selection (src/pages/workspace/workflows/WorkspaceWorkflowsPayerPage.tsx)

• The payer picker currently filters to admins only; extend the filter to also include members with FEATURE.WORKFLOWS_PAYMENTS write access (i.e., paymentAdmin)
• Gate the entire page entry on hasPolicyPermission(..., FEATURE.WORKFLOWS_PAYMENTS, FEATURE_ACCESS.WRITE)

Workflows Payments pages (under src/pages/workspace/workflows/)

Any page or component that controls payment settings / reimbursement configuration:

• Gate write controls on hasPolicyPermission(..., FEATURE.WORKFLOWS_PAYMENTS, FEATURE_ACCESS.WRITE)
• Auditors with FEATURE_ACCESS.READ see pages in read-only mode

Pattern to apply

// Before
if (!isPolicyAdmin(policy, currentUserLogin)) return null;

// After
if (!hasPolicyPermission(policy, currentUserLogin, CONST.POLICY.FEATURE.WORKFLOWS_PAYMENTS, CONST.POLICY.FEATURE_ACCESS.WRITE)) return null;

Issue Owner

Current Issue Owner: @ShridharGoel

[melvin-bot]

Triggered auto assignment to Design team member for new feature review - @dubielzyk-expensify (NewFeature)