Commit Graph

736 Commits (7aebdb8c966f472383cf55e8da31e9655102e775)

Author SHA1 Message Date
Udit Takkar 7aebdb8c96
fix: use schema from zod-utils (#225)
fixes:- https://secure.helpscout.net/conversation/2117165409/2395

How to test? 
Create an event type with custom inputs 
GET Request on /event-types end point


After:- 
<img width="1440" alt="Screenshot 2023-01-07 at 4 57 39 PM"
src="https://user-images.githubusercontent.com/53316345/211147930-1154f1ad-5309-4e9c-b2e0-164169717d47.png">

Signed-off-by: Udit Takkar <udit.07814802719@cse.mait.ac.in>
2023-01-07 08:56:13 -07:00
zomars 2808b798df Upgrades next 2023-01-05 18:02:06 -07:00
Hariom Balhara 9c23a8e5ab
Security Fixes (#224)
Fixes - 2,3,4 security vulnerabilities reported in this message.
https://calendso.slack.com/archives/C03127U5S5Q/p1671922033089329

More Fixes
- Dont't allow a user to add a random attendee to a booking not owned by
him
- Don't allow a user to add a random cal user as an organizer of the
booking.
- Membership deletion should be as per the Privileges of
Owner,Admin,Member
2023-01-04 15:17:47 -07:00
zomars 604d937661 Linting 2022-12-20 11:58:30 -07:00
Carina Wollendorfer c3e0852541
Only allow team admin and owner to create team event types (#220)
Currently, anybody can create an event type for any team. With this PR
we only allow team ADMIN and OWNER to create event types for the team.

Co-authored-by: CarinaWolli <wollencarina@gmail.com>
2022-12-20 10:50:46 -07:00
Carina Wollendorfer 161ebacfef
Don't allow team admins to give owner permissions (#221)
Throw an error if a user of a team with ADMIN permission tries to change
permission to OWNER (Bug#3)

Co-authored-by: CarinaWolli <wollencarina@gmail.com>
2022-12-20 10:45:24 -07:00
zomars 12f19ff7c0 Upgrades zod 2022-12-15 15:56:23 -07:00
Joe Au-Yeung 5d892df019
Allow seatsPerTimeSlot and seatsShowAttendees in event type calls (#216)
This PR allows `seatsPerTimeSlot` and `seatsShowAttendees` in event type
POST and PATCH calls
2022-12-15 15:36:09 -07:00
zomars c129586336 Linting 2022-12-08 16:34:09 -07:00
zomars f3c5f9bc0c Import fixes 2022-12-08 16:28:28 -07:00
zomars 8b74f463f4 Needed for console 2022-12-08 15:00:06 -07:00
zomars 41d22c8ccb Fixes for console 2022-12-05 16:09:19 -07:00
zomars ae7c3e2d6a Removes unused cache 2022-12-05 14:16:58 -07:00
zomars b3443cd22d Revert fix 2022-12-02 18:39:30 -07:00
zomars e15f6abc9b Fixes 2022-12-02 15:22:56 -07:00
Omar López d35f27014e
Implements API key endpoint (#211)
This allow us to manage our API keys directly from the API itself.

User can:
- Create own API keys
- Edit own API keys (only the note field for now)
- Delete own API keys
- Get own API keys

Admin can:
- CRUD for any user
- Get all API keys
2022-11-29 15:06:23 -07:00
Omar López 26ea743af2
Update README.md 2022-11-29 09:07:53 -07:00
Omar López 48b637164c
Update README.md 2022-11-27 15:36:36 -07:00
zomars 055699f612 Various import and type fixes 2022-11-25 06:58:21 -07:00
zomars 94ecb1908a Type fixes 2022-11-25 06:03:40 -07:00
zomars faa685adb6 Sync to monorepo 2022-11-25 05:47:35 -07:00
zomars 3d84ce68c9 Tests updates 2022-11-22 19:50:00 -07:00
alannnc c016a4343d
added more endpoints and validations for publish-pay teams (#209)
## What does the PR do?

- Team billing via API

Just like the web project, we validate that team has stripe metadata
before converting requestedSlug to slug.

Co-authored-by: zomars <zomars@me.com>
2022-11-22 13:24:25 -07:00
Syed Ali Shahbaz 8e25b9244c
Fix deployment failure due to prettier (extra spaces) (#214)
Simply removes extra spaces which are causing prettier to fail
deployment, introduced in the PR for USER swagger doc update
2022-11-21 10:49:55 +05:30
Syed Ali Shahbaz bbaa8ae5e7
Adds more definition to USER swagger (#212)
Adds more definition for documentation for the USER endpoints
2022-11-18 12:20:15 -07:00
Leo Giovanetti 3654677a20
Fixing unit test (#205)
Fixing POST unit test for `apps/api/test/lib/bookings`
2022-11-18 12:19:33 -07:00
Syed Ali Shahbaz 4080e5bc5e
Update availabilities _post swagger def (#210)
- Adds more specs to the swagger definition in /availabilities for doc
experimentation
2022-11-18 12:18:07 -07:00
Alex van Andel e5827b035d
Fix type error with null being an invalid value (#213) 2022-11-18 17:08:49 +05:30
Alex van Andel 51bc3d93c1
user: Add email and username, remove bufferTime,startTime,endTime (#202)
Co-authored-by: zomars <zomars@me.com>
2022-11-17 11:35:06 -07:00
Alex van Andel 0f5017010f Fix lint error 2022-11-07 14:48:32 +00:00
zomars e0619d383a Sync package.json 2022-11-04 12:14:54 -07:00
Omar López d1bbaef5c6
Refactor membership endpoints (#204)
refs #175

Co-authored-by: Alex van Andel <me@alexvanandel.com>
2022-10-21 13:54:28 -06:00
zomars d93fd26a1e Removed unused methods middleware 2022-10-21 13:30:09 -06:00
zomars 6522600c42 Add missing bodyUserId 2022-10-21 12:55:35 -06:00
zomars 7617cd43e1 Patching bodyUserId requests 2022-10-21 12:55:15 -06:00
Alex van Andel b30995456c Bring back @calcom/ui 2022-10-21 14:13:19 +01:00
Alex van Andel 9448e67ed0
Added status: true to booking model (#203) 2022-10-21 14:04:20 +01:00
Alex van Andel adfada993e
Remove the Signup from /api and remove @calcom/ui dep (#201)
Also adds missing dependencies
2022-10-21 13:19:31 +01:00
Alex van Andel dee0f6a415
Remove GET /availabilities (#188)
Follows-up on earlier discussions about the relationships of
/availabilities and /schedules.

`GET /schedules/:id` returns a schedule with associated availabilities
in the `availabilities` property. It gives more context and less
consumer work to perform GET actions using this endpoint. Other
endpoints of this collection do make sense.

Proposing also to rename the /availabilities collection to
/availability; given after this it always involves one and only one
/availability record in CRUD.
2022-10-21 00:58:20 +01:00
Leo Giovanetti debc8dbafb
Using abstracted booking cancellation (#191)
Implemented `DELETE /booking/:uid` as well as `DELETE
/booking/:uid/cancel` based on abstracted cancellation logic from
webapp.

PR dependant on https://github.com/calcom/cal.com/pull/5105

Co-authored-by: Alex van Andel <me@alexvanandel.com>
2022-10-21 00:49:57 +01:00
Omar López f66ed50ecb
Selected Calendars endpoints refactor (#193)
refs #175
2022-10-20 11:35:02 -06:00
Alex van Andel 109377b65c
Returns bookings in response where user is attending (#196) 2022-10-20 18:27:24 +01:00
Alex van Andel f4d52b88a4
Changed req to query to allow passing in userId, not session (#197) 2022-10-20 18:27:01 +01:00
Alex van Andel 1f9be423ad
Set start and endTime to iso8601 (#198) 2022-10-20 18:26:43 +01:00
Alex van Andel ecd20d63c9
Added attendees & user (#192) 2022-10-19 19:35:34 +01:00
Omar López 03d5f51ceb
Refactor/webhooks (#186)
refs #175
2022-10-19 12:26:12 -06:00
Alex van Andel ce2df7641f
Feature/additional fields (#189)
Added timeZone, attendees.(email, name, timeZone, locale), user.(email,
name, timeZone, locale) & metadata
2022-10-19 17:03:54 +01:00
zomars 07b011424f Formatting 2022-10-15 10:54:22 -06:00
zomars 00bd908916 Fixes permission errors 2022-10-14 17:41:28 -06:00
zomars 37fa76315a Allow to update booking description 2022-10-14 15:52:17 -06:00