Skip to content

Commit ae7f8f1

Browse files
authored
feat: v2 show hidden attendees for authenticated requests (calcom#23868)
* refactor: return attendees when fetching all bookings * refactor: v2 show hidden attendees for authenticated requests * chore: regenerate docs * chore: add test
1 parent 4d0458b commit ae7f8f1

6 files changed

Lines changed: 977 additions & 541 deletions

File tree

apps/api/v2/src/ee/bookings/2024-08-13/controllers/bookings.controller.ts

Lines changed: 54 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,12 @@ import { BookingReferencesService_2024_08_13 } from "@/ee/bookings/2024-08-13/se
1111
import { BookingsService_2024_08_13 } from "@/ee/bookings/2024-08-13/services/bookings.service";
1212
import { CalVideoService } from "@/ee/bookings/2024-08-13/services/cal-video.service";
1313
import { VERSION_2024_08_13_VALUE, VERSION_2024_08_13 } from "@/lib/api-versions";
14-
import { API_KEY_OR_ACCESS_TOKEN_HEADER } from "@/lib/docs/headers";
14+
import {
15+
API_KEY_OR_ACCESS_TOKEN_HEADER,
16+
OPTIONAL_API_KEY_OR_ACCESS_TOKEN_HEADER,
17+
OPTIONAL_X_CAL_CLIENT_ID_HEADER,
18+
OPTIONAL_X_CAL_SECRET_KEY_HEADER,
19+
} from "@/lib/docs/headers";
1520
import { PlatformPlan } from "@/modules/auth/decorators/billing/platform-plan.decorator";
1621
import {
1722
AuthOptionalUser,
@@ -22,8 +27,8 @@ import { Permissions } from "@/modules/auth/decorators/permissions/permissions.d
2227
import { ApiAuthGuard } from "@/modules/auth/guards/api-auth/api-auth.guard";
2328
import { OptionalApiAuthGuard } from "@/modules/auth/guards/optional-api-auth/optional-api-auth.guard";
2429
import { PermissionsGuard } from "@/modules/auth/guards/permissions/permissions.guard";
30+
import { ApiAuthGuardUser } from "@/modules/auth/strategies/api-auth/api-auth.strategy";
2531
import { UsersService } from "@/modules/users/services/users.service";
26-
import { UserWithProfile } from "@/modules/users/users.repository";
2732
import {
2833
Controller,
2934
Post,
@@ -101,6 +106,9 @@ export class BookingsController_2024_08_13 {
101106

102107
@Post("/")
103108
@UseGuards(OptionalApiAuthGuard)
109+
@ApiHeader(OPTIONAL_X_CAL_CLIENT_ID_HEADER)
110+
@ApiHeader(OPTIONAL_X_CAL_SECRET_KEY_HEADER)
111+
@ApiHeader(OPTIONAL_API_KEY_OR_ACCESS_TOKEN_HEADER)
104112
@ApiOperation({
105113
summary: "Create a booking",
106114
description: `
@@ -122,6 +130,9 @@ export class BookingsController_2024_08_13 {
122130
And 2 ways to book and event type belonging to a team:
123131
1. Provide \`eventTypeId\` in the request body.
124132
2. Provide \`eventTypeSlug\` and \`teamSlug\` and optionally \`organizationSlug\` if the team with the teamSlug is within an organization.
133+
134+
If you are creating a seated booking for an event type with 'show attendees' disabled, then to retrieve attendees in the response either set 'show attendees' to true on event type level or
135+
you have to provide an authentication method of event type owner, host, team admin or owner or org admin or owner.
125136
`,
126137
})
127138
@ApiBody({
@@ -161,7 +172,10 @@ export class BookingsController_2024_08_13 {
161172
}
162173

163174
@Get("/:bookingUid")
164-
@UseGuards(BookingUidGuard)
175+
@UseGuards(BookingUidGuard, OptionalApiAuthGuard)
176+
@ApiHeader(OPTIONAL_X_CAL_CLIENT_ID_HEADER)
177+
@ApiHeader(OPTIONAL_X_CAL_SECRET_KEY_HEADER)
178+
@ApiHeader(OPTIONAL_API_KEY_OR_ACCESS_TOKEN_HEADER)
165179
@ApiOperation({
166180
summary: "Get a booking",
167181
description: `\`:bookingUid\` can be
@@ -170,10 +184,17 @@ export class BookingsController_2024_08_13 {
170184
171185
2. uid of one of the recurring booking recurrences
172186
173-
3. uid of recurring booking which will return an array of all recurring booking recurrences (stored as recurringBookingUid on one of the individual recurrences).`,
187+
3. uid of recurring booking which will return an array of all recurring booking recurrences (stored as recurringBookingUid on one of the individual recurrences).
188+
189+
If you are fetching a seated booking for an event type with 'show attendees' disabled, then to retrieve attendees in the response either set 'show attendees' to true on event type level or
190+
you have to provide an authentication method of event type owner, host, team admin or owner or org admin or owner.
191+
`,
174192
})
175-
async getBooking(@Param("bookingUid") bookingUid: string): Promise<GetBookingOutput_2024_08_13> {
176-
const booking = await this.bookingsService.getBooking(bookingUid);
193+
async getBooking(
194+
@Param("bookingUid") bookingUid: string,
195+
@GetOptionalUser() user: AuthOptionalUser
196+
): Promise<GetBookingOutput_2024_08_13> {
197+
const booking = await this.bookingsService.getBooking(bookingUid, user);
177198

178199
return {
179200
status: SUCCESS_STATUS,
@@ -218,7 +239,7 @@ export class BookingsController_2024_08_13 {
218239
@ApiOperation({ summary: "Get all bookings" })
219240
async getBookings(
220241
@Query() queryParams: GetBookingsInput_2024_08_13,
221-
@GetUser() user: UserWithProfile
242+
@GetUser() user: ApiAuthGuardUser
222243
): Promise<GetBookingsOutput_2024_08_13> {
223244
const profile = this.usersService.getUserMainProfile(user);
224245

@@ -236,7 +257,10 @@ export class BookingsController_2024_08_13 {
236257
}
237258

238259
@Post("/:bookingUid/reschedule")
239-
@UseGuards(BookingUidGuard)
260+
@UseGuards(BookingUidGuard, OptionalApiAuthGuard)
261+
@ApiHeader(OPTIONAL_X_CAL_CLIENT_ID_HEADER)
262+
@ApiHeader(OPTIONAL_X_CAL_SECRET_KEY_HEADER)
263+
@ApiHeader(OPTIONAL_API_KEY_OR_ACCESS_TOKEN_HEADER)
240264
@ApiOperation({
241265
summary: "Reschedule a booking",
242266
description: "Reschedule a booking or seated booking",
@@ -248,17 +272,20 @@ export class BookingsController_2024_08_13 {
248272
{ $ref: getSchemaPath(RescheduleSeatedBookingInput_2024_08_13) },
249273
],
250274
},
251-
description:
252-
"Accepts different types of reschedule booking input: Reschedule Booking (Option 1) or Reschedule Seated Booking (Option 2)",
275+
description: `Accepts different types of reschedule booking input: Reschedule Booking (Option 1) or Reschedule Seated Booking (Option 2).
276+
277+
If you are rescheduling a seated booking for an event type with 'show attendees' disabled, then to retrieve attendees in the response either set 'show attendees' to true on event type level or
278+
you have to provide an authentication method of event type owner, host, team admin or owner or org admin or owner.`,
253279
})
254280
@ApiExtraModels(RescheduleBookingInput_2024_08_13, RescheduleSeatedBookingInput_2024_08_13)
255281
async rescheduleBooking(
256282
@Param("bookingUid") bookingUid: string,
257283
@Body(new RescheduleBookingInputPipe())
258284
body: RescheduleBookingInput,
259-
@Req() request: Request
285+
@Req() request: Request,
286+
@GetOptionalUser() user: AuthOptionalUser
260287
): Promise<RescheduleBookingOutput_2024_08_13> {
261-
const newBooking = await this.bookingsService.rescheduleBooking(request, bookingUid, body);
288+
const newBooking = await this.bookingsService.rescheduleBooking(request, bookingUid, body, user);
262289
await this.bookingsService.billRescheduledBooking(newBooking, bookingUid);
263290

264291
return {
@@ -268,7 +295,10 @@ export class BookingsController_2024_08_13 {
268295
}
269296

270297
@Post("/:bookingUid/cancel")
271-
@UseGuards(BookingUidGuard)
298+
@UseGuards(BookingUidGuard, OptionalApiAuthGuard)
299+
@ApiHeader(OPTIONAL_X_CAL_CLIENT_ID_HEADER)
300+
@ApiHeader(OPTIONAL_X_CAL_SECRET_KEY_HEADER)
301+
@ApiHeader(OPTIONAL_API_KEY_OR_ACCESS_TOKEN_HEADER)
272302
@HttpCode(HttpStatus.OK)
273303
@ApiOperation({
274304
summary: "Cancel a booking",
@@ -281,7 +311,11 @@ export class BookingsController_2024_08_13 {
281311
282312
\nCancelling recurring seated bookings:
283313
For recurring seated bookings it is not possible to cancel all of them with 1 call
284-
like with non-seated recurring bookings by providing recurring bookind uid - you have to cancel each recurrence booking by its bookingUid + seatUid.`,
314+
like with non-seated recurring bookings by providing recurring bookind uid - you have to cancel each recurrence booking by its bookingUid + seatUid.
315+
316+
If you are cancelling a seated booking for an event type with 'show attendees' disabled, then to retrieve attendees in the response either set 'show attendees' to true on event type level or
317+
you have to provide an authentication method of event type owner, host, team admin or owner or org admin or owner.
318+
`,
285319
})
286320
@ApiBody({
287321
schema: {
@@ -298,9 +332,10 @@ export class BookingsController_2024_08_13 {
298332
@Req() request: Request,
299333
@Param("bookingUid") bookingUid: string,
300334
@Body(new CancelBookingInputPipe())
301-
body: CancelBookingInput
335+
body: CancelBookingInput,
336+
@GetOptionalUser() user: AuthOptionalUser
302337
): Promise<CancelBookingOutput_2024_08_13> {
303-
const cancelledBooking = await this.bookingsService.cancelBooking(request, bookingUid, body);
338+
const cancelledBooking = await this.bookingsService.cancelBooking(request, bookingUid, body, user);
304339

305340
return {
306341
status: SUCCESS_STATUS,
@@ -342,7 +377,7 @@ export class BookingsController_2024_08_13 {
342377
})
343378
async reassignBooking(
344379
@Param("bookingUid") bookingUid: string,
345-
@GetUser() user: UserWithProfile
380+
@GetUser() user: ApiAuthGuardUser
346381
): Promise<ReassignBookingOutput_2024_08_13> {
347382
const booking = await this.bookingsService.reassignBooking(bookingUid, user);
348383

@@ -392,7 +427,7 @@ export class BookingsController_2024_08_13 {
392427
})
393428
async confirmBooking(
394429
@Param("bookingUid") bookingUid: string,
395-
@GetUser() user: UserWithProfile
430+
@GetUser() user: ApiAuthGuardUser
396431
): Promise<GetBookingOutput_2024_08_13> {
397432
const booking = await this.bookingsService.confirmBooking(bookingUid, user);
398433

@@ -414,7 +449,7 @@ export class BookingsController_2024_08_13 {
414449
async declineBooking(
415450
@Param("bookingUid") bookingUid: string,
416451
@Body() body: DeclineBookingInput_2024_08_13,
417-
@GetUser() user: UserWithProfile
452+
@GetUser() user: ApiAuthGuardUser
418453
): Promise<GetBookingOutput_2024_08_13> {
419454
const booking = await this.bookingsService.declineBooking(bookingUid, user, body.reason);
420455

0 commit comments

Comments
 (0)