Skip to content

feat: Admin Approver expenses/check policy/check mandatory bulk APIs #788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
prabs222 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Admin Approver expenses/check policy/check mandatory bulk APIs #788

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ff6fbea
feat: Admin Approver expenses/check policy/check mandatory bulk APIs
prabs222 Apr 27, 2026
e8e1e22
Auto generate API docs
prabs222 Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
659 changes: 500 additions & 159 deletions reference/admin.yaml
View file
Open in desktop

Large diffs are not rendered by default.

667 changes: 504 additions & 163 deletions reference/approver.yaml
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions src/admin/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,8 @@ paths:
$ref: paths/admin@accounting_export_lineitems@bulk.yaml
/admin/expenses:
$ref: paths/admin@expenses.yaml
/admin/expenses/bulk:
$ref: paths/admin@expenses@bulk.yaml
/admin/expenses/attach_files/bulk :
$ref: paths/admin@expenses@attach_files@bulk.yaml
/admin/expenses/accounting_export_summary/bulk:
Expand Down Expand Up @@ -518,6 +520,10 @@ paths:
$ref: paths/admin@expense_rules@delete.yaml
/admin/expenses/check_mandatory_fields:
$ref: paths/admin@expenses@check_mandatory_fields.yaml
/admin/expenses/check_mandatory_fields/bulk:
$ref: paths/admin@expenses@check_mandatory_fields_bulk.yaml
/admin/expenses/check_policies/bulk:
$ref: paths/admin@expenses@check_policies_bulk.yaml
/admin/expenses/comments:
$ref: paths/admin@expenses@comments.yaml
/admin/expenses/comments/bulk:
Expand Down
52 changes: 52 additions & 0 deletions src/admin/paths/admin@expenses@bulk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
post:
tags:
- Expenses
summary: Update expenses in bulk
description: |
Update expenses in bulk by admin.
operationId: admin_expenses_post_bulk
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
data:
$ref: '../../components/schemas/expense.yaml#/admin_expenses_bulk_in'
responses:
Comment on lines +12 to +17
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The request schema doesn’t mark data as required and doesn’t set additionalProperties: false, so an empty object {} (or unexpected fields) would still validate. Other bulk endpoints under Expenses (e.g., attach_files bulk) require data and disallow additional properties; consider aligning this endpoint to avoid an overly-permissive contract.

Copilot uses AI. Check for mistakes.
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '../../components/schemas/expense.yaml#/expense_out'
'400':
Comment on lines +21 to +29
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 200-response schema is missing additionalProperties: false (and doesn’t require data), making the documented response shape more permissive than other bulk Expenses endpoints. Consider tightening the response schema for consistency and better client generation.

Copilot uses AI. Check for mistakes.
description: Bad request
content:
application/json:
schema:
$ref: '../../components/schemas/400.yaml'
'401':
description: Unauthorized request
content:
application/json:
schema:
$ref: '../../components/schemas/401.yaml'
'403':
description: Forbidden
content:
application/json:
schema:
$ref: '../../components/schemas/403.yaml'
'404':
description: Not Found
content:
application/json:
schema:
$ref: '../../components/schemas/404.yaml'
57 changes: 57 additions & 0 deletions src/admin/paths/admin@expenses@check_mandatory_fields_bulk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
post:
tags:
- Expenses
summary: Check multiple expenses for missing mandatory fields in bulk
description: |
Before updating multiple expense objects as an admin, you can validate
if all mandatory fields are present using this bulk endpoint.
operationId: admin_check_mandatory_fields_bulk_post
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: False
required:
- data
properties:
data:
$ref: '../../components/schemas/expense.yaml#/admin_expense_check_mandatory_fields_bulk_in'
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
additionalProperties: False
required:
- data
properties:
data:
$ref: ../../components/schemas/expense.yaml#/expense_check_mandatory_fields_bulk_out
'401':
description: Unauthorised request
content:
application/json:
schema:
$ref: '../../components/schemas/401.yaml'
'400':
description: Bad request
content:
application/json:
schema:
$ref: '../../components/schemas/400.yaml'
'403':
description: Forbidden
content:
application/json:
schema:
$ref: '../../components/schemas/403.yaml'
'404':
description: Not Found
content:
application/json:
schema:
$ref: '../../components/schemas/404.yaml'
51 changes: 51 additions & 0 deletions src/admin/paths/admin@expenses@check_policies_bulk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
post:
tags:
- Expenses
summary: Check multiple expenses for policy violations in bulk
description: |
Admin bulk version of the check_policies API that allows checking
multiple expenses for policy violations in one request.

**NOTE:** This API can only be used to check policies for existing expenses that you want to update. The API will evaluate all the expenses against the configured policy rules and return an array of policy violation information for each expense in the request payload.
operationId: admin_check_policies_bulk_post
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: False
required:
- data
properties:
data:
$ref: "../../components/schemas/expense.yaml#/admin_check_policies_bulk_in"
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
additionalProperties: False
properties:
data:
$ref: ../../components/schemas/expense.yaml#/expense_check_policies_bulk_out
"401":
description: Unauthorised request
content:
application/json:
schema:
$ref: "../../components/schemas/401.yaml"
"400":
description: Bad request
content:
application/json:
schema:
$ref: "../../components/schemas/400.yaml"
"404":
description: Not Found
content:
application/json:
schema:
$ref: "../../components/schemas/404.yaml"
6 changes: 6 additions & 0 deletions src/approver/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,8 @@ paths:
$ref: paths/approver@reports@exports.yaml
/approver/expenses:
$ref: 'paths/approver@expenses.yaml'
/approver/expenses/bulk:
$ref: 'paths/approver@expenses@bulk.yaml'
/approver/expenses/attach_files/bulk :
$ref: paths/approver@expenses@attach_files@bulk.yaml
/approver/expenses/permissions:
Expand Down Expand Up @@ -136,6 +138,10 @@ paths:
$ref: paths/approver@expense_policies@states.yaml
/approver/expenses/check_mandatory_fields:
$ref: paths/approver@expenses@check_mandatory_fields.yaml
/approver/expenses/check_mandatory_fields/bulk:
$ref: paths/approver@expenses@check_mandatory_fields_bulk.yaml
/approver/expenses/check_policies/bulk:
$ref: paths/approver@expenses@check_policies_bulk.yaml
/approver/expenses/comments:
$ref: paths/approver@expenses@comments.yaml
/approver/expenses/comments/bulk:
Expand Down
52 changes: 52 additions & 0 deletions src/approver/paths/approver@expenses@bulk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
post:
tags:
- Expenses
summary: Update expenses in bulk
description: |
Update expenses in bulk by approver.
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The description here is much less specific than the single-expense approver update endpoint (which documents allowed expense states / constraints). If the same constraints apply to bulk updates, they should be documented here too to prevent misuse and support correct client-side validation.

Suggested change
Update expenses in bulk by approver.
Update multiple expenses in bulk by approver.
Each expense in the request is validated independently and must satisfy the
same approver authorization, allowed expense-state, and update constraints
as the single-expense approver update endpoint. Only expenses that are
eligible for the requested update can be processed through this operation.
Clients should apply the same validation rules used for the single-expense
approver update flow to every item included in the bulk payload.

Copilot uses AI. Check for mistakes.
operationId: approver_expenses_post_bulk
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
data:
$ref: '../../components/schemas/expense.yaml#/approver_expenses_bulk_in'
responses:
Comment on lines +12 to +17
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The request schema doesn’t mark data as required and doesn’t set additionalProperties: false, so an empty object {} (or unexpected fields) would still validate. Other bulk endpoints under Expenses (e.g., attach_files bulk) require data and disallow additional properties; consider aligning this endpoint to avoid an overly-permissive contract.

Copilot uses AI. Check for mistakes.
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '../../components/schemas/expense.yaml#/expense_out'
'400':
Comment on lines +21 to +29
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 200-response schema is missing additionalProperties: false (and doesn’t require data), making the documented response shape more permissive than other bulk Expenses endpoints. Consider tightening the response schema for consistency and better client generation.

Copilot uses AI. Check for mistakes.
description: Bad request
content:
application/json:
schema:
$ref: '../../components/schemas/400.yaml'
'401':
description: Unauthorized request
content:
application/json:
schema:
$ref: '../../components/schemas/401.yaml'
'403':
description: Forbidden
content:
application/json:
schema:
$ref: '../../components/schemas/403.yaml'
'404':
description: Not Found
content:
application/json:
schema:
$ref: '../../components/schemas/404.yaml'
57 changes: 57 additions & 0 deletions src/approver/paths/approver@expenses@check_mandatory_fields_bulk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
post:
tags:
- Expenses
summary: Check multiple expenses for missing mandatory fields in bulk
description: |
Before updating multiple expense objects as an approver, you can validate
if all mandatory fields are present using this bulk endpoint.
operationId: approver_check_mandatory_fields_bulk_post
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: False
required:
- data
properties:
data:
$ref: '../../components/schemas/expense.yaml#/approver_expense_check_mandatory_fields_bulk_in'
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
additionalProperties: False
required:
- data
properties:
data:
$ref: ../../components/schemas/expense.yaml#/expense_check_mandatory_fields_bulk_out
'401':
description: Unauthorised request
content:
application/json:
schema:
$ref: '../../components/schemas/401.yaml'
'400':
description: Bad request
content:
application/json:
schema:
$ref: '../../components/schemas/400.yaml'
'403':
description: Forbidden
content:
application/json:
schema:
$ref: '../../components/schemas/403.yaml'
'404':
description: Not Found
content:
application/json:
schema:
$ref: '../../components/schemas/404.yaml'
51 changes: 51 additions & 0 deletions src/approver/paths/approver@expenses@check_policies_bulk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
post:
tags:
- Expenses
summary: Check multiple expenses for policy violations in bulk
description: |
Approver bulk version of the check_policies API that allows checking
multiple expenses for policy violations in one request.

**NOTE:** This API can only be used to check policies for existing expenses that you want to update. The API will evaluate all the expenses against the configured policy rules and return an array of policy violation information for each expense in the request payload.
operationId: approver_check_policies_bulk_post
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: False
required:
- data
properties:
data:
$ref: "../../components/schemas/expense.yaml#/approver_check_policies_bulk_in"
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
additionalProperties: False
properties:
data:
$ref: ../../components/schemas/expense.yaml#/expense_check_policies_bulk_out
"401":
description: Unauthorised request
content:
application/json:
schema:
$ref: "../../components/schemas/401.yaml"
"400":
description: Bad request
content:
application/json:
schema:
$ref: "../../components/schemas/400.yaml"
"404":
description: Not Found
content:
application/json:
schema:
$ref: "../../components/schemas/404.yaml"
Loading
Loading