feat: Admin Approver expenses/check policy/check mandatory bulk APIs#788
feat: Admin Approver expenses/check policy/check mandatory bulk APIs#788
Conversation
There was a problem hiding this comment.
Pull request overview
Adds new Admin and Approver bulk APIs to update expenses and to run “check mandatory fields” / “check policies” validations over multiple expenses in a single request, extending the existing expenses OpenAPI surface and generated reference specs.
Changes:
- Introduces new bulk input schemas for admin/approver expense update + validation requests.
- Adds new Admin/Approver path definitions for
/expenses/bulk,/expenses/check_mandatory_fields/bulk, and/expenses/check_policies/bulk. - Wires the new endpoints into role-specific OpenAPI roots and updates the generated
reference/*.yamlspecs.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| src/components/schemas/expense.yaml | Adds admin/approver bulk request body schemas for expense updates and validations. |
| src/approver/paths/approver@expenses@bulk.yaml | Defines approver bulk expense update endpoint contract. |
| src/approver/paths/approver@expenses@check_mandatory_fields_bulk.yaml | Defines approver bulk mandatory-field validation endpoint contract. |
| src/approver/paths/approver@expenses@check_policies_bulk.yaml | Defines approver bulk policy-check endpoint contract. |
| src/approver/openapi.yaml | Registers the new approver bulk endpoints under paths. |
| src/admin/paths/admin@expenses@bulk.yaml | Defines admin bulk expense update endpoint contract. |
| src/admin/paths/admin@expenses@check_mandatory_fields_bulk.yaml | Defines admin bulk mandatory-field validation endpoint contract. |
| src/admin/paths/admin@expenses@check_policies_bulk.yaml | Defines admin bulk policy-check endpoint contract. |
| src/admin/openapi.yaml | Registers the new admin bulk endpoints under paths. |
| reference/approver.yaml | Updates generated reference spec with new approver endpoints/schemas. |
| reference/admin.yaml | Updates generated reference spec with new admin endpoints/schemas. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| application/json: | ||
| schema: | ||
| type: object | ||
| properties: | ||
| data: | ||
| type: array | ||
| items: | ||
| $ref: '../../components/schemas/expense.yaml#/expense_out' | ||
| '400': |
There was a problem hiding this comment.
The 200-response schema is missing additionalProperties: false (and doesn’t require data), making the documented response shape more permissive than other bulk Expenses endpoints. Consider tightening the response schema for consistency and better client generation.
| items: | ||
| type: object | ||
| required: | ||
| - id | ||
| properties: |
There was a problem hiding this comment.
components/schemas/items is a very generic schema name and is easy to confuse with the JSON Schema items keyword; it can also lead to awkward/ambiguous type names in generated SDKs. Consider renaming this schema to something domain-specific (e.g., expense_bulk_update_item_in) and update the refs that point to it.
| items: | ||
| type: object | ||
| required: | ||
| - id | ||
| properties: |
There was a problem hiding this comment.
components/schemas/items is a very generic schema name and is easy to confuse with the JSON Schema items keyword; it can also lead to awkward/ambiguous type names in generated SDKs. Consider renaming this schema to something domain-specific (e.g., expense_bulk_update_item_in) and update the refs that point to it.
| schema: | ||
| type: object | ||
| properties: | ||
| data: | ||
| $ref: '../../components/schemas/expense.yaml#/approver_expenses_bulk_in' | ||
| responses: |
There was a problem hiding this comment.
The request schema doesn’t mark data as required and doesn’t set additionalProperties: false, so an empty object {} (or unexpected fields) would still validate. Other bulk endpoints under Expenses (e.g., attach_files bulk) require data and disallow additional properties; consider aligning this endpoint to avoid an overly-permissive contract.
| application/json: | ||
| schema: | ||
| type: object | ||
| properties: | ||
| data: | ||
| type: array | ||
| items: | ||
| $ref: '../../components/schemas/expense.yaml#/expense_out' | ||
| '400': |
There was a problem hiding this comment.
The 200-response schema is missing additionalProperties: false (and doesn’t require data), making the documented response shape more permissive than other bulk Expenses endpoints. Consider tightening the response schema for consistency and better client generation.
| - Expenses | ||
| summary: Update expenses in bulk | ||
| description: | | ||
| Update expenses in bulk by approver. |
There was a problem hiding this comment.
The description here is much less specific than the single-expense approver update endpoint (which documents allowed expense states / constraints). If the same constraints apply to bulk updates, they should be documented here too to prevent misuse and support correct client-side validation.
| Update expenses in bulk by approver. | |
| Update multiple expenses in bulk by approver. | |
| Each expense in the request is validated independently and must satisfy the | |
| same approver authorization, allowed expense-state, and update constraints | |
| as the single-expense approver update endpoint. Only expenses that are | |
| eligible for the requested update can be processed through this operation. | |
| Clients should apply the same validation rules used for the single-expense | |
| approver update flow to every item included in the bulk payload. |
| schema: | ||
| type: object | ||
| properties: | ||
| data: | ||
| $ref: '../../components/schemas/expense.yaml#/admin_expenses_bulk_in' | ||
| responses: |
There was a problem hiding this comment.
The request schema doesn’t mark data as required and doesn’t set additionalProperties: false, so an empty object {} (or unexpected fields) would still validate. Other bulk endpoints under Expenses (e.g., attach_files bulk) require data and disallow additional properties; consider aligning this endpoint to avoid an overly-permissive contract.
Description
Screen shots:
Post Admin Expenses Bulk
Clickup
app.clickup.com