NotificationsYou must be signed in to change notification settings
Fork11.2k
Star39k

Commitfd390f9

authored

fix: add authorization checks to booking reassignment endpoints (#25054)

1 parenteae779b commitfd390f9Copy full SHA for fd390f9

File tree

5 files changed

+139

-40

lines changed

apps/api/v2/src/ee/bookings/2024-08-13
- controllers
  - bookings.controller.ts
  - e2e
    - emails
      - team-emails.e2e-spec.ts
    - reassign-bookings.e2e-spec.ts
- repositories
  - bookings.repository.ts
- services
  - bookings.service.ts

5 files changed

+139

-40

lines changed

`‎apps/api/v2/src/ee/bookings/2024-08-13/controllers/bookings.controller.ts‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -405,9 +405,9 @@ export class BookingsController_2024_08_13 {`
`405`	`405`	`})`
`406`	`406`	`asyncreassignBooking(`
`407`	`407`	`@Param("bookingUid")bookingUid:string,`
`408`		`- @GetUser()user:ApiAuthGuardUser`
	`408`	`+ @GetUser()reassignedByUser:ApiAuthGuardUser`
`409`	`409`	`):Promise<ReassignBookingOutput_2024_08_13>{`
`410`		`-constbooking=awaitthis.bookingsService.reassignBooking(bookingUid,user);`
	`410`	`+constbooking=awaitthis.bookingsService.reassignBooking(bookingUid,reassignedByUser);`
`411`	`411`
`412`	`412`	`return{`
`413`	`413`	`status:SUCCESS_STATUS,`
`@@ -430,13 +430,13 @@ export class BookingsController_2024_08_13 {`
`430`	`430`	`asyncreassignBookingToUser(`
`431`	`431`	`@Param("bookingUid")bookingUid:string,`
`432`	`432`	`@Param("userId")userId:number,`
`433`		`- @GetUser("id")reassignedById:number,`
	`433`	`+ @GetUser()reassignedByUser:ApiAuthGuardUser,`
`434`	`434`	`@Body()body:ReassignToUserBookingInput_2024_08_13`
`435`	`435`	`):Promise<ReassignBookingOutput_2024_08_13>{`
`436`	`436`	`constbooking=awaitthis.bookingsService.reassignBookingToUser(`
`437`	`437`	`bookingUid,`
`438`	`438`	`userId,`
`439`		`-reassignedById,`
	`439`	`+reassignedByUser,`
`440`	`440`	`body`
`441`	`441`	`);`
`442`	`442`

`‎apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/emails/team-emails.e2e-spec.ts‎`

Lines changed: 18 additions & 17 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ import { INestApplication } from "@nestjs/common";`
`12`	`12`	`import{NestExpressApplication}from"@nestjs/platform-express";`
`13`	`13`	`import{Test}from"@nestjs/testing";`
`14`	`14`	`import*asrequestfrom"supertest";`
	`15`	`+import{ApiKeysRepositoryFixture}from"test/fixtures/repository/api-keys.repository.fixture";`
`15`	`16`	`import{EventTypesRepositoryFixture}from"test/fixtures/repository/event-types.repository.fixture";`
`16`	`17`	`import{HostsRepositoryFixture}from"test/fixtures/repository/hosts.repository.fixture";`
`17`	`18`	`import{MembershipRepositoryFixture}from"test/fixtures/repository/membership.repository.fixture";`
`@@ -20,7 +21,6 @@ import { ProfileRepositoryFixture } from "test/fixtures/repository/profiles.repo`
`20`	`21`	`import{TeamRepositoryFixture}from"test/fixtures/repository/team.repository.fixture";`
`21`	`22`	`import{UserRepositoryFixture}from"test/fixtures/repository/users.repository.fixture";`
`22`	`23`	`import{randomString}from"test/utils/randomString";`
`23`		`-import{withApiAuth}from"test/utils/withApiAuth";`
`24`	`24`
`25`	`25`	`import{CAL_API_VERSION_HEADER,SUCCESS_STATUS,VERSION_2024_08_13}from"@calcom/platform-constants";`
`26`	`26`	`import{`
`@@ -72,6 +72,7 @@ type EmailSetup = {`
`72`	`72`	`team:Team;`
`73`	`73`	`member1:User;`
`74`	`74`	`member2:User;`
	`75`	`+member1ApiKey:string;`
`75`	`76`	`collectiveEventType:{id:number};`
`76`	`77`	`roundRobinEventType:{id:number};`
`77`	`78`	`};`
`@@ -89,25 +90,21 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`89`	`90`	`letprofileRepositoryFixture:ProfileRepositoryFixture;`
`90`	`91`	`letmembershipsRepositoryFixture:MembershipRepositoryFixture;`
`91`	`92`	`lethostsRepositoryFixture:HostsRepositoryFixture;`
	`93`	`+letapiKeysRepositoryFixture:ApiKeysRepositoryFixture;`
`92`	`94`
`93`	`95`	`// Setup data for tests`
`94`	`96`	`letemailsEnabledSetup:EmailSetup;`
`95`	`97`	`letemailsDisabledSetup:EmailSetup;`
`96`	`98`
`97`		`-constauthEmail="team-emails-2024-08-13-user-admin@example.com";`
`98`		`-`
`99`	`99`	`// Utility function to check response data type`
`100`		`-constresponseDataIsBooking=(data:any):data isBookingOutput_2024_08_13=>{`
`101`		`-return!Array.isArray(data)&&typeofdata==="object"&&data&&"id"indata;`
	`100`	`+constresponseDataIsBooking=(data:unknown):data isBookingOutput_2024_08_13=>{`
	`101`	`+return!Array.isArray(data)&&data!==null&&typeofdata==="object"&&data&&"id"indata;`
`102`	`102`	`};`
`103`	`103`
`104`	`104`	`beforeAll(async()=>{`
`105`		`-constmoduleRef=awaitwithApiAuth(`
`106`		`-authEmail,`
`107`		`-Test.createTestingModule({`
`108`		`-imports:[AppModule,PrismaModule,UsersModule,SchedulesModule_2024_04_15],`
`109`		`-})`
`110`		`-)`
	`105`	`+constmoduleRef=awaitTest.createTestingModule({`
	`106`	`+imports:[AppModule,PrismaModule,UsersModule,SchedulesModule_2024_04_15],`
	`107`	`+})`
`111`	`108`	`.overrideGuard(PermissionsGuard)`
`112`	`109`	`.useValue({`
`113`	`110`	`canActivate:()=>true,`
`@@ -122,6 +119,7 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`122`	`119`	`profileRepositoryFixture=newProfileRepositoryFixture(moduleRef);`
`123`	`120`	`membershipsRepositoryFixture=newMembershipRepositoryFixture(moduleRef);`
`124`	`121`	`hostsRepositoryFixture=newHostsRepositoryFixture(moduleRef);`
	`122`	`+apiKeysRepositoryFixture=newApiKeysRepositoryFixture(moduleRef);`
`125`	`123`	`schedulesService=moduleRef.get<SchedulesService_2024_04_15>(SchedulesService_2024_04_15);`
`126`	`124`
`127`	`125`	`// Create a base organization for all tests`
`@@ -131,11 +129,6 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`131`	`129`	`emailsEnabledSetup=awaitsetupTestEnvironment(true);`
`132`	`130`	`emailsDisabledSetup=awaitsetupTestEnvironment(false);`
`133`	`131`
`134`		`-awaituserRepositoryFixture.create({`
`135`		`-email:authEmail,`
`136`		`-organization:{connect:{id:organization.id}},`
`137`		`-});`
`138`		`-`
`139`	`132`	`app=moduleRef.createNestApplication();`
`140`	`133`	`bootstrap(appasNestExpressApplication);`
`141`	`134`	`awaitapp.init();`
`@@ -173,10 +166,15 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`173`	`166`	`constcollectiveEvent=awaitcreateEventType("COLLECTIVE",team.id,[member1.id,member2.id]);`
`174`	`167`	`constroundRobinEvent=awaitcreateEventType("ROUND_ROBIN",team.id,[member1.id,member2.id]);`
`175`	`168`
	`169`	`+// Create API key for member1 to use in authorized tests`
	`170`	`+const{ keyString}=awaitapiKeysRepositoryFixture.createApiKey(member1.id,null);`
	`171`	+constmember1ApiKey=`cal_test_${keyString}`;
	`172`	`+`
`176`	`173`	`return{`
`177`	`174`	`team,`
`178`	`175`	`member1,`
`179`	`176`	`member2,`
	`177`	`+ member1ApiKey,`
`180`	`178`	`collectiveEventType:{id:collectiveEvent.id},`
`181`	`179`	`roundRobinEventType:{id:roundRobinEvent.id},`
`182`	`180`	`};`
`@@ -351,6 +349,7 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`351`	`349`	`:emailsDisabledSetup.member1.id;`
`352`	`350`	`constmanualReassignResponse=awaitrequest(app.getHttpServer())`
`353`	`351`	.post(`/v2/bookings/${rescheduledBookingUid}/reassign/${reassignToId}`)
	`352`	+.set("Authorization",`Bearer${emailsDisabledSetup.member1ApiKey}`)
`354`	`353`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13);`
`355`	`354`
`356`	`355`	`expect(manualReassignResponse.status).toBe(200);`
`@@ -359,6 +358,7 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`359`	`358`	`// --- 4. Automatic Reassign ---`
`360`	`359`	`constautoReassignResponse=awaitrequest(app.getHttpServer())`
`361`	`360`	.post(`/v2/bookings/${rescheduledBookingUid}/reassign`)
	`361`	+.set("Authorization",`Bearer${emailsDisabledSetup.member1ApiKey}`)
`362`	`362`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13);`
`363`	`363`
`364`	`364`	`expect(autoReassignResponse.status).toBe(200);`
`@@ -484,6 +484,7 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`484`	`484`
`485`	`485`	`constmanualReassignResponse=awaitrequest(app.getHttpServer())`
`486`	`486`	.post(`/v2/bookings/${rescheduledBookingUid}/reassign/${reassignToId}`)
	`487`	+.set("Authorization",`Bearer${emailsEnabledSetup.member1ApiKey}`)
`487`	`488`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13);`
`488`	`489`
`489`	`490`	`expect(manualReassignResponse.status).toBe(200);`
`@@ -499,6 +500,7 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`499`	`500`	`jest.clearAllMocks();`
`500`	`501`	`constautoReassignResponse=awaitrequest(app.getHttpServer())`
`501`	`502`	.post(`/v2/bookings/${rescheduledBookingUid}/reassign`)
	`503`	+.set("Authorization",`Bearer${emailsEnabledSetup.member1ApiKey}`)
`502`	`504`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13);`
`503`	`505`
`504`	`506`	`expect(autoReassignResponse.status).toBe(200);`
`@@ -523,7 +525,6 @@ describe("Bookings Endpoints 2024-08-13 team emails", () => {`
`523`	`525`	`afterAll(async()=>{`
`524`	`526`	`// Clean up database records`
`525`	`527`	`awaitteamRepositoryFixture.delete(organization.id);`
`526`		`-awaituserRepositoryFixture.deleteByEmail(authEmail);`
`527`	`528`	`awaituserRepositoryFixture.deleteByEmail(emailsEnabledSetup.member1.email);`
`528`	`529`	`awaituserRepositoryFixture.deleteByEmail(emailsEnabledSetup.member2.email);`
`529`	`530`	`awaituserRepositoryFixture.deleteByEmail(emailsDisabledSetup.member1.email);`

`‎apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/reassign-bookings.e2e-spec.ts‎`

Lines changed: 67 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`import{bootstrap}from"@/app";`
`2`	`2`	`import{AppModule}from"@/app.module";`
`3`	`3`	`import{ReassignBookingOutput_2024_08_13}from"@/ee/bookings/2024-08-13/outputs/reassign-booking.output";`
	`4`	`+import{BOOKING_REASSIGN_PERMISSION_ERROR}from"@/ee/bookings/2024-08-13/services/bookings.service";`
`4`	`5`	`import{CreateScheduleInput_2024_04_15}from"@/ee/schedules/schedules_2024_04_15/inputs/create-schedule.input";`
`5`	`6`	`import{SchedulesModule_2024_04_15}from"@/ee/schedules/schedules_2024_04_15/schedules.module";`
`6`	`7`	`import{SchedulesService_2024_04_15}from"@/ee/schedules/schedules_2024_04_15/services/schedules.service";`
`@@ -11,6 +12,7 @@ import { INestApplication } from "@nestjs/common";`
`11`	`12`	`import{NestExpressApplication}from"@nestjs/platform-express";`
`12`	`13`	`import{Test}from"@nestjs/testing";`
`13`	`14`	`import*asrequestfrom"supertest";`
	`15`	`+import{ApiKeysRepositoryFixture}from"test/fixtures/repository/api-keys.repository.fixture";`
`14`	`16`	`import{BookingsRepositoryFixture}from"test/fixtures/repository/bookings.repository.fixture";`
`15`	`17`	`import{EventTypesRepositoryFixture}from"test/fixtures/repository/event-types.repository.fixture";`
`16`	`18`	`import{HostsRepositoryFixture}from"test/fixtures/repository/hosts.repository.fixture";`
`@@ -21,15 +23,11 @@ import { ProfileRepositoryFixture } from "test/fixtures/repository/profiles.repo`
`21`	`23`	`import{TeamRepositoryFixture}from"test/fixtures/repository/team.repository.fixture";`
`22`	`24`	`import{UserRepositoryFixture}from"test/fixtures/repository/users.repository.fixture";`
`23`	`25`	`import{randomString}from"test/utils/randomString";`
`24`		`-import{withApiAuth}from"test/utils/withApiAuth";`
`25`		`-`
`26`		`-`
`27`	`26`
`28`	`27`	`import{CAL_API_VERSION_HEADER,SUCCESS_STATUS,VERSION_2024_08_13}from"@calcom/platform-constants";`
`29`	`28`	`importtype{CreateBookingInput_2024_08_13}from"@calcom/platform-types";`
`30`	`29`	`importtype{Booking,User,PlatformOAuthClient,Team}from"@calcom/prisma/client";`
`31`	`30`
`32`		`-`
`33`	`31`	`describe("Bookings Endpoints 2024-08-13",()=>{`
`34`	`32`	`describe("Reassign bookings",()=>{`
`35`	`33`	`letapp:INestApplication;`
`@@ -47,13 +45,16 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`47`	`45`	`lethostsRepositoryFixture:HostsRepositoryFixture;`
`48`	`46`	`letorganizationsRepositoryFixture:OrganizationRepositoryFixture;`
`49`	`47`	`letprofileRepositoryFixture:ProfileRepositoryFixture;`
	`48`	`+letapiKeysRepositoryFixture:ApiKeysRepositoryFixture;`
`50`	`49`
`51`	`50`	constteamUserEmail=`reassign-bookings-2024-08-13-user1-${randomString()}@api.com`;
`52`	`51`	constteamUserEmail2=`reassign-bookings-2024-08-13-user2-${randomString()}@api.com`;
`53`	`52`	constteamUserEmail3=`reassign-bookings-2024-08-13-user3-${randomString()}@api.com`;
`54`	`53`	`letteamUser1:User;`
`55`	`54`	`letteamUser2:User;`
`56`	`55`	`letteamUser3:User;`
	`56`	`+letteamUser1ApiKey:string;`
	`57`	`+letteamUser2ApiKey:string;`
`57`	`58`
`58`	`59`	`letteamRoundRobinEventTypeId:number;`
`59`	`60`	`letteamRoundRobinFixedHostEventTypeId:number;`
`@@ -69,12 +70,9 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`69`	`70`	`letrescheduleReasonBookingInitialHostId:number;`
`70`	`71`
`71`	`72`	`beforeAll(async()=>{`
`72`		`-constmoduleRef=awaitwithApiAuth(`
`73`		`-teamUserEmail,`
`74`		`-Test.createTestingModule({`
`75`		`-imports:[AppModule,PrismaModule,UsersModule,SchedulesModule_2024_04_15],`
`76`		`-})`
`77`		`-)`
	`73`	`+constmoduleRef=awaitTest.createTestingModule({`
	`74`	`+imports:[AppModule,PrismaModule,UsersModule,SchedulesModule_2024_04_15],`
	`75`	`+})`
`78`	`76`	`.overrideGuard(PermissionsGuard)`
`79`	`77`	`.useValue({`
`80`	`78`	`canActivate:()=>true,`
`@@ -90,6 +88,7 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`90`	`88`	`profileRepositoryFixture=newProfileRepositoryFixture(moduleRef);`
`91`	`89`	`membershipsRepositoryFixture=newMembershipRepositoryFixture(moduleRef);`
`92`	`90`	`hostsRepositoryFixture=newHostsRepositoryFixture(moduleRef);`
	`91`	`+apiKeysRepositoryFixture=newApiKeysRepositoryFixture(moduleRef);`
`93`	`92`	`schedulesService=moduleRef.get<SchedulesService_2024_04_15>(SchedulesService_2024_04_15);`
`94`	`93`
`95`	`94`	`organization=awaitorganizationsRepositoryFixture.create({`
`@@ -126,6 +125,12 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`126`	`125`	name:`reassign-bookings-2024-08-13-user3-${randomString()}`,
`127`	`126`	`});`
`128`	`127`
	`128`	`+const{ keyString}=awaitapiKeysRepositoryFixture.createApiKey(teamUser1.id,null);`
	`129`	+teamUser1ApiKey=`cal_test_${keyString}`;
	`130`	`+`
	`131`	`+const{keyString:keyString2}=awaitapiKeysRepositoryFixture.createApiKey(teamUser2.id,null);`
	`132`	+teamUser2ApiKey=`cal_test_${keyString2}`;
	`133`	`+`
`129`	`134`	`constuserSchedule:CreateScheduleInput_2024_04_15={`
`130`	`135`	name:`reassign-bookings-2024-08-13-schedule-${randomString()}`,
`131`	`136`	`timeZone:"Europe/Rome",`
`@@ -473,6 +478,7 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`473`	`478`
`474`	`479`	`returnrequest(app.getHttpServer())`
`475`	`480`	.post(`/v2/bookings/${roundRobinBooking.uid}/reassign`)
	`481`	+.set("Authorization",`Bearer${teamUser1ApiKey}`)
`476`	`482`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
`477`	`483`	`.expect(200)`
`478`	`484`	`.then(async(response)=>{`
`@@ -512,6 +518,7 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`512`	`518`	`returnrequest(app.getHttpServer())`
`513`	`519`	.post(`/v2/bookings/${roundRobinBooking.uid}/reassign/${teamUser1.id}`)
`514`	`520`	`.send(body)`
	`521`	+.set("Authorization",`Bearer${teamUser1ApiKey}`)
`515`	`522`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
`516`	`523`	`.expect(200)`
`517`	`524`	`.then(async(response)=>{`
`@@ -562,6 +569,7 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`562`	`569`
`563`	`570`	`returnrequest(app.getHttpServer())`
`564`	`571`	.post(`/v2/bookings/${bookingUid}/reassign`)
	`572`	+.set("Authorization",`Bearer${teamUser2ApiKey}`)
`565`	`573`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
`566`	`574`	`.expect(200)`
`567`	`575`	`.then(async(response)=>{`
`@@ -611,6 +619,7 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`611`	`619`
`612`	`620`	`returnrequest(app.getHttpServer())`
`613`	`621`	.post(`/v2/bookings/${bookingUid}/reassign/${teamUser3.id}`)
	`622`	+.set("Authorization",`Bearer${teamUser1ApiKey}`)
`614`	`623`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
`615`	`624`	`.expect(200)`
`616`	`625`	`.then(async(response)=>{`
`@@ -669,6 +678,7 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`669`	`678`
`670`	`679`	`returnrequest(app.getHttpServer())`
`671`	`680`	.post(`/v2/bookings/${bookingUid}/reassign/${reassignToHostId}`)
	`681`	+.set("Authorization",`Bearer${teamUser1ApiKey}`)
`672`	`682`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
`673`	`683`	`.expect(200)`
`674`	`684`	`.then(async(response)=>{`
`@@ -704,6 +714,7 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`704`	`714`
`705`	`715`	`returnrequest(app.getHttpServer())`
`706`	`716`	.post(`/v2/bookings/${bookingUid}/reassign`)
	`717`	+.set("Authorization",`Bearer${teamUser1ApiKey}`)
`707`	`718`	`.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
`708`	`719`	`.expect(200)`
`709`	`720`	`.then(async(response)=>{`
`@@ -724,6 +735,51 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`724`	`735`	`});`
`725`	`736`	`});`
`726`	`737`
	`738`	`+it("should return 403 when unauthorized user tries to reassign booking",async()=>{`
	`739`	+constunauthorizedUserEmail=`fake-user-${randomString()}@api.com`;
	`740`	`+constunauthorizedUser=awaituserRepositoryFixture.create({`
	`741`	`+email:unauthorizedUserEmail,`
	`742`	`+locale:"en",`
	`743`	+name:`fake-user-${randomString()}`,
	`744`	`+});`
	`745`	`+`
	`746`	`+const{ keyString}=awaitapiKeysRepositoryFixture.createApiKey(unauthorizedUser.id,null);`
	`747`	+constunauthorizedApiKeyString=`cal_test_${keyString}`;
	`748`	`+`
	`749`	`+constresponse=awaitrequest(app.getHttpServer())`
	`750`	+.post(`/v2/bookings/${roundRobinBooking.uid}/reassign`)
	`751`	+.set("Authorization",`Bearer${unauthorizedApiKeyString}`)
	`752`	`+.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
	`753`	`+.expect(403);`
	`754`	`+`
	`755`	`+expect(response.body.error.message).toBe(BOOKING_REASSIGN_PERMISSION_ERROR);`
	`756`	`+`
	`757`	`+awaituserRepositoryFixture.deleteByEmail(unauthorizedUserEmail);`
	`758`	`+});`
	`759`	`+`
	`760`	`+it("should return 403 when unauthorized user tries to reassign booking to specific user",async()=>{`
	`761`	+constunauthorizedUserEmail=`fake-user-${randomString()}@api.com`;
	`762`	`+constunauthorizedUser=awaituserRepositoryFixture.create({`
	`763`	`+email:unauthorizedUserEmail,`
	`764`	`+locale:"en",`
	`765`	+name:`fake-user-${randomString()}`,
	`766`	`+});`
	`767`	`+`
	`768`	`+const{ keyString}=awaitapiKeysRepositoryFixture.createApiKey(unauthorizedUser.id,null);`
	`769`	+constunauthorizedApiKeyString=`cal_test_${keyString}`;
	`770`	`+`
	`771`	`+constresponse=awaitrequest(app.getHttpServer())`
	`772`	+.post(`/v2/bookings/${roundRobinBooking.uid}/reassign/${teamUser2.id}`)
	`773`	`+.send({reason:"Testing unauthorized access"})`
	`774`	+.set("Authorization",`Bearer${unauthorizedApiKeyString}`)
	`775`	`+.set(CAL_API_VERSION_HEADER,VERSION_2024_08_13)`
	`776`	`+.expect(403);`
	`777`	`+`
	`778`	`+expect(response.body.error.message).toBe(BOOKING_REASSIGN_PERMISSION_ERROR);`
	`779`	`+`
	`780`	`+awaituserRepositoryFixture.deleteByEmail(unauthorizedUserEmail);`
	`781`	`+});`
	`782`	`+`
`727`	`783`	`asyncfunctioncreateOAuthClient(organizationId:number){`
`728`	`784`	`constdata={`
`729`	`785`	`logo:"logo-url",`
`@@ -749,4 +805,4 @@ describe("Bookings Endpoints 2024-08-13", () => {`
`749`	`805`	`awaitapp.close();`
`750`	`806`	`});`
`751`	`807`	`});`
`752`		`-});`
	`808`	`+});`

`‎apps/api/v2/src/ee/bookings/2024-08-13/repositories/bookings.repository.ts‎`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,17 @@ export class BookingsRepository_2024_08_13 {`
`72`	`72`	`});`
`73`	`73`	`}`
`74`	`74`
	`75`	`+asyncgetByUidWithEventType(bookingUid:string){`
	`76`	`+returnthis.dbRead.prisma.booking.findUnique({`
	`77`	`+where:{`
	`78`	`+uid:bookingUid,`
	`79`	`+},`
	`80`	`+include:{`
	`81`	`+eventType:true,`
	`82`	`+},`
	`83`	`+});`
	`84`	`+}`
	`85`	`+`
`75`	`86`	`asyncgetByUidWithUser(bookingUid:string){`
`76`	`87`	`returnthis.dbRead.prisma.booking.findUnique({`
`77`	`88`	`where:{`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfd390f9

File tree

5 files changed

5 files changed

`‎apps/api/v2/src/ee/bookings/2024-08-13/controllers/bookings.controller.ts‎`

`‎apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/emails/team-emails.e2e-spec.ts‎`

`‎apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/reassign-bookings.e2e-spec.ts‎`

`‎apps/api/v2/src/ee/bookings/2024-08-13/repositories/bookings.repository.ts‎`

0 commit comments