Commit Graph

328 Commits (992bdc0b543d2b305b293a8ae9dcc2f0ae8d132c)

Author SHA1 Message Date
Syed Ali Shahbaz 279c3da21f
Improves Booking docs in swagger (#219)
Adds definition to booking swagger definition, and fixes user _post
definition example
2023-02-07 08:41:08 -07:00
Leo Giovanetti 6cec8620cb
Pagination issue fixed, total added (#227)
Fixes #217.
2023-01-18 12:49:31 -07:00
Hariom Balhara 9c23a8e5ab
Security Fixes (#224)
Fixes - 2,3,4 security vulnerabilities reported in this message.
https://calendso.slack.com/archives/C03127U5S5Q/p1671922033089329

More Fixes
- Dont't allow a user to add a random attendee to a booking not owned by
him
- Don't allow a user to add a random cal user as an organizer of the
booking.
- Membership deletion should be as per the Privileges of
Owner,Admin,Member
2023-01-04 15:17:47 -07:00
zomars 604d937661 Linting 2022-12-20 11:58:30 -07:00
Carina Wollendorfer c3e0852541
Only allow team admin and owner to create team event types (#220)
Currently, anybody can create an event type for any team. With this PR
we only allow team ADMIN and OWNER to create event types for the team.

Co-authored-by: CarinaWolli <wollencarina@gmail.com>
2022-12-20 10:50:46 -07:00
Carina Wollendorfer 161ebacfef
Don't allow team admins to give owner permissions (#221)
Throw an error if a user of a team with ADMIN permission tries to change
permission to OWNER (Bug#3)

Co-authored-by: CarinaWolli <wollencarina@gmail.com>
2022-12-20 10:45:24 -07:00
Joe Au-Yeung 5d892df019
Allow seatsPerTimeSlot and seatsShowAttendees in event type calls (#216)
This PR allows `seatsPerTimeSlot` and `seatsShowAttendees` in event type
POST and PATCH calls
2022-12-15 15:36:09 -07:00
zomars c129586336 Linting 2022-12-08 16:34:09 -07:00
zomars f3c5f9bc0c Import fixes 2022-12-08 16:28:28 -07:00
zomars 41d22c8ccb Fixes for console 2022-12-05 16:09:19 -07:00
zomars e15f6abc9b Fixes 2022-12-02 15:22:56 -07:00
Omar López d35f27014e
Implements API key endpoint (#211)
This allow us to manage our API keys directly from the API itself.

User can:
- Create own API keys
- Edit own API keys (only the note field for now)
- Delete own API keys
- Get own API keys

Admin can:
- CRUD for any user
- Get all API keys
2022-11-29 15:06:23 -07:00
zomars 055699f612 Various import and type fixes 2022-11-25 06:58:21 -07:00
zomars 94ecb1908a Type fixes 2022-11-25 06:03:40 -07:00
alannnc c016a4343d
added more endpoints and validations for publish-pay teams (#209)
## What does the PR do?

- Team billing via API

Just like the web project, we validate that team has stripe metadata
before converting requestedSlug to slug.

Co-authored-by: zomars <zomars@me.com>
2022-11-22 13:24:25 -07:00
Syed Ali Shahbaz 8e25b9244c
Fix deployment failure due to prettier (extra spaces) (#214)
Simply removes extra spaces which are causing prettier to fail
deployment, introduced in the PR for USER swagger doc update
2022-11-21 10:49:55 +05:30
Syed Ali Shahbaz bbaa8ae5e7
Adds more definition to USER swagger (#212)
Adds more definition for documentation for the USER endpoints
2022-11-18 12:20:15 -07:00
Syed Ali Shahbaz 4080e5bc5e
Update availabilities _post swagger def (#210)
- Adds more specs to the swagger definition in /availabilities for doc
experimentation
2022-11-18 12:18:07 -07:00
Alex van Andel e5827b035d
Fix type error with null being an invalid value (#213) 2022-11-18 17:08:49 +05:30
Alex van Andel 51bc3d93c1
user: Add email and username, remove bufferTime,startTime,endTime (#202)
Co-authored-by: zomars <zomars@me.com>
2022-11-17 11:35:06 -07:00
Omar López d1bbaef5c6
Refactor membership endpoints (#204)
refs #175

Co-authored-by: Alex van Andel <me@alexvanandel.com>
2022-10-21 13:54:28 -06:00
zomars d93fd26a1e Removed unused methods middleware 2022-10-21 13:30:09 -06:00
zomars 6522600c42 Add missing bodyUserId 2022-10-21 12:55:35 -06:00
zomars 7617cd43e1 Patching bodyUserId requests 2022-10-21 12:55:15 -06:00
Alex van Andel dee0f6a415
Remove GET /availabilities (#188)
Follows-up on earlier discussions about the relationships of
/availabilities and /schedules.

`GET /schedules/:id` returns a schedule with associated availabilities
in the `availabilities` property. It gives more context and less
consumer work to perform GET actions using this endpoint. Other
endpoints of this collection do make sense.

Proposing also to rename the /availabilities collection to
/availability; given after this it always involves one and only one
/availability record in CRUD.
2022-10-21 00:58:20 +01:00
Leo Giovanetti debc8dbafb
Using abstracted booking cancellation (#191)
Implemented `DELETE /booking/:uid` as well as `DELETE
/booking/:uid/cancel` based on abstracted cancellation logic from
webapp.

PR dependant on https://github.com/calcom/cal.com/pull/5105

Co-authored-by: Alex van Andel <me@alexvanandel.com>
2022-10-21 00:49:57 +01:00
Omar López f66ed50ecb
Selected Calendars endpoints refactor (#193)
refs #175
2022-10-20 11:35:02 -06:00
Alex van Andel 109377b65c
Returns bookings in response where user is attending (#196) 2022-10-20 18:27:24 +01:00
Alex van Andel f4d52b88a4
Changed req to query to allow passing in userId, not session (#197) 2022-10-20 18:27:01 +01:00
Alex van Andel ecd20d63c9
Added attendees & user (#192) 2022-10-19 19:35:34 +01:00
Omar López 03d5f51ceb
Refactor/webhooks (#186)
refs #175
2022-10-19 12:26:12 -06:00
Alex van Andel ce2df7641f
Feature/additional fields (#189)
Added timeZone, attendees.(email, name, timeZone, locale), user.(email,
name, timeZone, locale) & metadata
2022-10-19 17:03:54 +01:00
zomars 07b011424f Formatting 2022-10-15 10:54:22 -06:00
zomars 00bd908916 Fixes permission errors 2022-10-14 17:41:28 -06:00
zomars 25d3d12319 Adds custom inputs to eventTypes responses 2022-10-14 15:52:09 -06:00
zomars ad35d3a5cd Linting 2022-10-14 12:57:50 -06:00
Omar López e3fa0e546b
Refactor schedule endpoints (#185) 2022-10-13 14:54:38 -06:00
Omar López 6ba70a7259
Refactor/custom inputs (#184)
refs #175 

To be merged after #183
2022-10-13 12:30:48 -06:00
Omar López 8c24c5c714
Refactor/booking logic (#183)
refs #175 

Reuses the same logic for creating bookings from the web app.

Co-authored-by: Leo Giovanetti <hello@leog.me>
2022-10-13 12:29:30 -06:00
Omar López f13694fd13
Refactors event-types endpoints (#181)
refs #175
2022-10-11 14:14:03 -06:00
zomars 4ba0395efa Permission fixes 2022-10-11 14:09:22 -06:00
Alex van Andel a506c7da33
Refactor + fix userIds filter (#179)
This fix means a behaviour change to GET calls. Instead of a JSON
payload, instead a filter param has been added to the URL itself. GET
payloads are very unexpected in API designs, even though supported.

* Todo write tests (with postman?)
* Turn isAdmin logic into common middleware

```bash
curl "http://localhost:3002/v1/schedules?apiKey=...&userId=2"
```

```bash
curl "http://localhost:3002/v1/schedules?apiKey=..." \
  -d '{"name":"Hello", "userId": 2}' \
  -H 'Content-Type: application/json'
```
2022-10-11 15:33:25 +01:00
Omar López da61841525
Refactors booking references endpoints (#180)
refs #175
2022-10-11 15:25:57 +01:00
zomars 88332fb2ab Refactors teams 2022-10-10 20:25:47 -06:00
zomars c03144c343 Fixed major flaw with authMiddleware
authMiddleware should not use defaultResponder directly as it will catch thrown error and we need those errors to prevent running the rest of the code.
2022-10-10 20:23:08 -06:00
zomars a35454bb68 Me cleanup 2022-10-10 18:02:36 -06:00
Omar López 18e96e2a47
Refactors availabilities endpoints (#177)
refs #175
2022-10-10 09:42:15 -06:00
zomars d4a2b8e791 Refactors attendees' endpoints 2022-10-07 13:08:25 -06:00
Omar López 85890a6acb
Merge pull request #172 from calcom/fix/invalid-eventtypeid
Recurring event booking: invalid eventTypeId
2022-10-07 10:59:14 -06:00
Syed Ali Shahbaz f5d953ef1c
Hotfix/schedule (#174)
* Allows empty call

An authorized API call by a non-admin user with empty body will still fetch his data now

* Adds missing return
2022-10-07 15:33:04 +05:30