- Adds swagger definition and swagger fixes to /availability and
/attendees
- Also fixes Booking API endpoint definition (startTime -> start,
endTime -> end)
This PR addresses definition errors currently residing within our
swagger doc.
~DISCLAIMER: There is still an error for our DELETE booking call, as
open API standard doesn't expect the DELETE call to contain a request
body, but we are requiring it in the way it currently works. Perhaps we
should move those to Query Parameters instead. Thoughts @zomars @emrysal
?~
It was taken care of by @leog and the docs are now updated as per the
endpoint
<img width="247" alt="image"
src="https://user-images.githubusercontent.com/52925846/217799706-21b7c21d-696b-4e20-a682-c8a949694b61.png">
<img width="629" alt="image"
src="https://user-images.githubusercontent.com/52925846/217799842-c903c23a-0b0d-4208-a3e9-01a682eeff97.png">
---------
Co-authored-by: Leo Giovanetti <hello@leog.me>
Co-authored-by: Omar López <zomars@me.com>
Fixes - 2,3,4 security vulnerabilities reported in this message.
https://calendso.slack.com/archives/C03127U5S5Q/p1671922033089329
More Fixes
- Dont't allow a user to add a random attendee to a booking not owned by
him
- Don't allow a user to add a random cal user as an organizer of the
booking.
- Membership deletion should be as per the Privileges of
Owner,Admin,Member
Implemented `DELETE /booking/:uid` as well as `DELETE
/booking/:uid/cancel` based on abstracted cancellation logic from
webapp.
PR dependant on https://github.com/calcom/cal.com/pull/5105
Co-authored-by: Alex van Andel <me@alexvanandel.com>
authMiddleware should not use defaultResponder directly as it will catch thrown error and we need those errors to prevent running the rest of the code.
Syed Ali Shahbaz
