fix: avoid location prompt cooldown for blocked permission

[KJ21-ENG]

Explanation of Change

This PR updates LocationPermissionModal so its deny callback tells consumers whether the denial came from an explicit app-level user skip or from the browser/OS permission layer refusing the request.

When the user explicitly chooses Not now, consumers still write NVP_LAST_LOCATION_PERMISSION_PROMPT and preserve the intended 7-day cooldown. When the user tries to continue but browser/OS location permission is blocked or denied, consumers continue without location but do not write the cooldown, so the next scan flow can prompt again.

This PR is intentionally still in draft while I complete final manual review before requesting review.

Fixed Issues

$ #89668
PROPOSAL: #89668 (comment)

Tests

1. Open the app on web.
2. Make sure browser location permission is disabled/blocked.
3. Click FAB > Create Expense > Scan > Upload a receipt > Choose a recipient > Create expense.
4. Verify the Allow location access modal appears.
5. Click Got It/continue while browser location permission remains blocked.
6. Verify the expense is created.
7. Click FAB > QAB > Upload a receipt > Create expense.
8. Verify the Allow location access modal appears again instead of being suppressed by the 7-day cooldown.
9. Click Not now on the modal.
10. Start another scan flow that requires location.
11. Verify the modal is suppressed after the explicit Not now skip.
12. Verify that no errors appear in the JS console.

Automated regression coverage:

• npx jest tests/ui/LocationPermissionModalTest.tsx --runInBand

Native app recordings are N/A for the original repro because native blocked-permission UI is intentionally different: native shows Settings + Not now, while the reported browser/mWeb repro uses the blocked geolocation Got it path. Tapping Not now on native is an explicit skip and should still apply the cooldown.

• Verify that no errors appear in the JS console

Offline tests

Not applicable. This change only affects client-side location permission prompt state and the local prompt cooldown timestamp. There is no network-dependent behavior change.

QA Steps

Same as tests.

• Verify that no errors appear in the JS console

PR Author Checklist

• I linked the correct issue in the ### Fixed Issues section above
• I wrote clear testing steps that cover the changes made in this PR
  • I added steps for local testing in the Tests section
  • I added steps for the expected offline behavior in the Offline steps section
  • I added steps for Staging and/or Production testing in the QA steps section
  • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline). N/A: this change only affects local permission prompt cooldown state.
  • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability). N/A: this change does not affect report list loading or high-traffic rendering paths.
• I included screenshots or videos for tests on all platforms
• I ran the tests on all platforms & verified they passed on:
  • Android: Native. N/A for the original browser/mWeb repro because native blocked-permission UI intentionally uses Settings + Not now.
  • Android: mWeb Chrome
  • iOS: Native. N/A for the original browser/mWeb repro because native blocked-permission UI intentionally uses Settings + Not now.
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari. Tested on Chrome for the reported repro.
• I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
• I followed proper code patterns (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • I verified that comments were added to code that is not self explanatory. N/A: no new comments were needed.
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing. N/A: no comments were added.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method. N/A: no product copy was added or changed.
    • If any non-english text was added/modified, I used JaimeGPT to get English > Spanish translation. I then posted it in #expensify-open-source and it was approved by an internal Expensify engineer. Link to Slack message: N/A
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods. N/A: no displayed numbers, amounts, dates, or phone numbers were added or changed.
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue). N/A: no product copy was added or changed.
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README. Added tests/ui/LocationPermissionModalTest.tsx; existing platform-specific files still follow the repo naming convention.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed. N/A: no JSDocs were added or changed.
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers. N/A: this follows the approved proposal and only carries intent through an existing callback contract.
• I followed the guidelines as stated in the Review Guidelines
• I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such. N/A: no new constants were needed.
• I verified that if a function's arguments changed that all usages have also been updated correctly
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory. N/A: tests/ui/LocationPermissionModalTest.tsx is a focused regression test file and the test names/assertions describe the behavior being covered.
• If a new CSS style is added I verified that: N/A: no CSS styles were added.
  • A similar style doesn't already exist. N/A: no CSS styles were added.
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)). N/A: no CSS styles were added.
• If new assets were added or existing ones were modified, I verified that: N/A: no assets were added or modified.
  • The assets are optimized and compressed (for SVG files, run npm run compress-svg). N/A: no assets were added or modified.
  • The assets load correctly across all supported platforms. N/A: no assets were added or modified.
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic. N/A: this PR does not modify editing or sending message behavior.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases). The changed callback contract was updated in all LocationPermissionModal consumers.
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected. N/A: this component is not covered by a Storybook story in this PR's scope.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account. N/A: this change is within an authenticated expense/share permission flow, not a direct public deeplink path.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles: N/A: no UI, spacing, sizing, or form input styles were changed.
  • I verified that all the inputs inside a form are aligned with each other. N/A: no form inputs were changed.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes. N/A: no visual design change.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page. N/A: no page was added.
• I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow. Covered by tests/ui/LocationPermissionModalTest.tsx, including explicit Not now skips vs browser/OS permission denials for the shared and Android modal implementations.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps. N/A: main has not been merged into this PR after review.

Screenshots/Videos

Android: Native

N/A. Native blocked-permission state intentionally shows Settings + Not now; the reported repro is the browser/mWeb blocked geolocation Got it path.

Android: mWeb Chrome

Android_Mweb_1778601841089889.mp4

iOS: Native

N/A. Native blocked-permission state intentionally shows Settings + Not now; tapping Not now is an explicit skip and should preserve the cooldown.

iOS: mWeb Safari

ios_mweb_1778601961415969.mp4

MacOS: Chrome / Safari

Macos.chrome_1778598041282857.mp4

[codecov]

Codecov Report

✅ Changes either increased or maintained existing code coverage, great job!

Files with missing lines	Coverage Δ
...mponents/LocationPermissionModal/index.android.tsx	87.09% <100.00%> (+87.09%)	⬆️
src/components/LocationPermissionModal/index.tsx	92.00% <100.00%> (+92.00%)	⬆️
src/pages/Share/SubmitDetailsPage.tsx	0.00% <ø> (ø)
...st/step/confirmation/SubmitExpenseOrchestrator.tsx	58.10% <ø> (ø)
...OURequestStepScan/components/GpsPermissionGate.tsx	0.00% <0.00%> (ø)
... and 5 files with indirect coverage changes

[melvin-bot]

@truph01 Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[KJ21-ENG]

@truph01 @flaviadefaria kind ping here

[KJ21-ENG]

@truph01 @flaviadefaria kind ping here

[truph01]

@KJ21-ENG Please fix jest unit tests and reassure perf

[KJ21-ENG]

@truph01 I checked the current CI.

All 8 Jest shard jobs are green. The Jest Unit Tests workflow is red only because the separate Storybook tests job crashed during Storybook/webpack startup with Illegal instruction (core dumped) / exit 132, which does not point to this PR diff.

perf-tests failed on an unrelated scenario: [ReportActionsList] should render ReportActionsList with 500 reportActions stored, with render count difference 3 → 5. This PR only touches the location permission modal / scan flow and adds LocationPermissionModalTest; it does not touch ReportActionsList or perf-test code.

I do not see a code/test change needed for this PR. Can we rerun the failed Storybook and Reassure jobs?

[KJ21-ENG]

@truph01 @flaviadefaria kind ping here. Thanks

[KJ21-ENG]

@truph01 @flaviadefaria kind ping here. Thanks

[KJ21-ENG]

@truph01 @flaviadefaria Kind ping here. Thanks

[truph01]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. What shall we delve into next?

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[truph01]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Already looking forward to the next diff.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[KJ21-ENG]

@truph01 @flaviadefaria Kind ping here. Thanks

[truph01]

@KJ21-ENG Please resolve:

ESLint check / ESLint check (pull_request)
ESLint check / ESLint check (pull_request)Failing after 10m
TypeScript Checks / typecheck (pull_request)
TypeScript Checks / typecheck (pull_request)Failing after 3m

[KJ21-ENG]

@KJ21-ENG Please resolve:

ESLint check / ESLint check (pull_request)
ESLint check / ESLint check (pull_request)Failing after 10m
TypeScript Checks / typecheck (pull_request)
TypeScript Checks / typecheck (pull_request)Failing after 3m

@truph01 Done.