Commit Graph

336 Commits (d47fa578b756f04c57e5bb1bf044806e2f3c17e2)

Author SHA1 Message Date
Syed Ali Shahbaz d47fa578b7
Fixes _patch swagger paramters 2023-02-23 20:46:55 +05:30
Syed Ali Shahbaz a4f82fa6fa
Adds swagger definition to Event Types (#242)
This PR adds swagger definition to Event Types endpoint with request
body examples for POST and PATCH requests
2023-02-23 13:54:10 +01:00
zomars 42eb7041d4 New linting rules 2023-02-16 14:01:40 -07:00
Syed Ali Shahbaz f02cfc9990
Swagger definition general fixes (#237)
This PR addresses definition errors currently residing within our
swagger doc.
 
~DISCLAIMER: There is still an error for our DELETE booking call, as
open API standard doesn't expect the DELETE call to contain a request
body, but we are requiring it in the way it currently works. Perhaps we
should move those to Query Parameters instead. Thoughts @zomars @emrysal
?~

It was taken care of by @leog and the docs are now updated as per the
endpoint

<img width="247" alt="image"
src="https://user-images.githubusercontent.com/52925846/217799706-21b7c21d-696b-4e20-a682-c8a949694b61.png">
<img width="629" alt="image"
src="https://user-images.githubusercontent.com/52925846/217799842-c903c23a-0b0d-4208-a3e9-01a682eeff97.png">

---------

Co-authored-by: Leo Giovanetti <hello@leog.me>
Co-authored-by: Omar López <zomars@me.com>
2023-02-13 12:52:11 +00:00
Syed Ali Shahbaz 2248d7069f
Improves Destination Calendar docs in swagger (#235)
Adds swagger definition to `destination-calendar` endpoint
2023-02-08 17:16:32 -07:00
Syed Ali Shahbaz f170f17f2c
Improves custom inputs docs in swagger (#233)
Adds swagger definition to `custom-inputs` endpoint
2023-02-08 14:38:04 -07:00
zomars dc0a6eaa32 Export for typecheck 2023-02-08 10:56:00 -07:00
Syed Ali Shahbaz 3ebab100ce
Fixes invalid availability schema (#236)
Hotfix attempt to fix fix invalid availability _post schema in swagger
2023-02-08 15:52:08 +01:00
Syed Ali Shahbaz 279c3da21f
Improves Booking docs in swagger (#219)
Adds definition to booking swagger definition, and fixes user _post
definition example
2023-02-07 08:41:08 -07:00
Leo Giovanetti 6cec8620cb
Pagination issue fixed, total added (#227)
Fixes #217.
2023-01-18 12:49:31 -07:00
Hariom Balhara 9c23a8e5ab
Security Fixes (#224)
Fixes - 2,3,4 security vulnerabilities reported in this message.
https://calendso.slack.com/archives/C03127U5S5Q/p1671922033089329

More Fixes
- Dont't allow a user to add a random attendee to a booking not owned by
him
- Don't allow a user to add a random cal user as an organizer of the
booking.
- Membership deletion should be as per the Privileges of
Owner,Admin,Member
2023-01-04 15:17:47 -07:00
zomars 604d937661 Linting 2022-12-20 11:58:30 -07:00
Carina Wollendorfer c3e0852541
Only allow team admin and owner to create team event types (#220)
Currently, anybody can create an event type for any team. With this PR
we only allow team ADMIN and OWNER to create event types for the team.

Co-authored-by: CarinaWolli <wollencarina@gmail.com>
2022-12-20 10:50:46 -07:00
Carina Wollendorfer 161ebacfef
Don't allow team admins to give owner permissions (#221)
Throw an error if a user of a team with ADMIN permission tries to change
permission to OWNER (Bug#3)

Co-authored-by: CarinaWolli <wollencarina@gmail.com>
2022-12-20 10:45:24 -07:00
Joe Au-Yeung 5d892df019
Allow seatsPerTimeSlot and seatsShowAttendees in event type calls (#216)
This PR allows `seatsPerTimeSlot` and `seatsShowAttendees` in event type
POST and PATCH calls
2022-12-15 15:36:09 -07:00
zomars c129586336 Linting 2022-12-08 16:34:09 -07:00
zomars f3c5f9bc0c Import fixes 2022-12-08 16:28:28 -07:00
zomars 41d22c8ccb Fixes for console 2022-12-05 16:09:19 -07:00
zomars e15f6abc9b Fixes 2022-12-02 15:22:56 -07:00
Omar López d35f27014e
Implements API key endpoint (#211)
This allow us to manage our API keys directly from the API itself.

User can:
- Create own API keys
- Edit own API keys (only the note field for now)
- Delete own API keys
- Get own API keys

Admin can:
- CRUD for any user
- Get all API keys
2022-11-29 15:06:23 -07:00
zomars 055699f612 Various import and type fixes 2022-11-25 06:58:21 -07:00
zomars 94ecb1908a Type fixes 2022-11-25 06:03:40 -07:00
alannnc c016a4343d
added more endpoints and validations for publish-pay teams (#209)
## What does the PR do?

- Team billing via API

Just like the web project, we validate that team has stripe metadata
before converting requestedSlug to slug.

Co-authored-by: zomars <zomars@me.com>
2022-11-22 13:24:25 -07:00
Syed Ali Shahbaz 8e25b9244c
Fix deployment failure due to prettier (extra spaces) (#214)
Simply removes extra spaces which are causing prettier to fail
deployment, introduced in the PR for USER swagger doc update
2022-11-21 10:49:55 +05:30
Syed Ali Shahbaz bbaa8ae5e7
Adds more definition to USER swagger (#212)
Adds more definition for documentation for the USER endpoints
2022-11-18 12:20:15 -07:00
Syed Ali Shahbaz 4080e5bc5e
Update availabilities _post swagger def (#210)
- Adds more specs to the swagger definition in /availabilities for doc
experimentation
2022-11-18 12:18:07 -07:00
Alex van Andel e5827b035d
Fix type error with null being an invalid value (#213) 2022-11-18 17:08:49 +05:30
Alex van Andel 51bc3d93c1
user: Add email and username, remove bufferTime,startTime,endTime (#202)
Co-authored-by: zomars <zomars@me.com>
2022-11-17 11:35:06 -07:00
Omar López d1bbaef5c6
Refactor membership endpoints (#204)
refs #175

Co-authored-by: Alex van Andel <me@alexvanandel.com>
2022-10-21 13:54:28 -06:00
zomars d93fd26a1e Removed unused methods middleware 2022-10-21 13:30:09 -06:00
zomars 6522600c42 Add missing bodyUserId 2022-10-21 12:55:35 -06:00
zomars 7617cd43e1 Patching bodyUserId requests 2022-10-21 12:55:15 -06:00
Alex van Andel dee0f6a415
Remove GET /availabilities (#188)
Follows-up on earlier discussions about the relationships of
/availabilities and /schedules.

`GET /schedules/:id` returns a schedule with associated availabilities
in the `availabilities` property. It gives more context and less
consumer work to perform GET actions using this endpoint. Other
endpoints of this collection do make sense.

Proposing also to rename the /availabilities collection to
/availability; given after this it always involves one and only one
/availability record in CRUD.
2022-10-21 00:58:20 +01:00
Leo Giovanetti debc8dbafb
Using abstracted booking cancellation (#191)
Implemented `DELETE /booking/:uid` as well as `DELETE
/booking/:uid/cancel` based on abstracted cancellation logic from
webapp.

PR dependant on https://github.com/calcom/cal.com/pull/5105

Co-authored-by: Alex van Andel <me@alexvanandel.com>
2022-10-21 00:49:57 +01:00
Omar López f66ed50ecb
Selected Calendars endpoints refactor (#193)
refs #175
2022-10-20 11:35:02 -06:00
Alex van Andel 109377b65c
Returns bookings in response where user is attending (#196) 2022-10-20 18:27:24 +01:00
Alex van Andel f4d52b88a4
Changed req to query to allow passing in userId, not session (#197) 2022-10-20 18:27:01 +01:00
Alex van Andel ecd20d63c9
Added attendees & user (#192) 2022-10-19 19:35:34 +01:00
Omar López 03d5f51ceb
Refactor/webhooks (#186)
refs #175
2022-10-19 12:26:12 -06:00
Alex van Andel ce2df7641f
Feature/additional fields (#189)
Added timeZone, attendees.(email, name, timeZone, locale), user.(email,
name, timeZone, locale) & metadata
2022-10-19 17:03:54 +01:00
zomars 07b011424f Formatting 2022-10-15 10:54:22 -06:00
zomars 00bd908916 Fixes permission errors 2022-10-14 17:41:28 -06:00
zomars 25d3d12319 Adds custom inputs to eventTypes responses 2022-10-14 15:52:09 -06:00
zomars ad35d3a5cd Linting 2022-10-14 12:57:50 -06:00
Omar López e3fa0e546b
Refactor schedule endpoints (#185) 2022-10-13 14:54:38 -06:00
Omar López 6ba70a7259
Refactor/custom inputs (#184)
refs #175 

To be merged after #183
2022-10-13 12:30:48 -06:00
Omar López 8c24c5c714
Refactor/booking logic (#183)
refs #175 

Reuses the same logic for creating bookings from the web app.

Co-authored-by: Leo Giovanetti <hello@leog.me>
2022-10-13 12:29:30 -06:00
Omar López f13694fd13
Refactors event-types endpoints (#181)
refs #175
2022-10-11 14:14:03 -06:00
zomars 4ba0395efa Permission fixes 2022-10-11 14:09:22 -06:00
Alex van Andel a506c7da33
Refactor + fix userIds filter (#179)
This fix means a behaviour change to GET calls. Instead of a JSON
payload, instead a filter param has been added to the URL itself. GET
payloads are very unexpected in API designs, even though supported.

* Todo write tests (with postman?)
* Turn isAdmin logic into common middleware

```bash
curl "http://localhost:3002/v1/schedules?apiKey=...&userId=2"
```

```bash
curl "http://localhost:3002/v1/schedules?apiKey=..." \
  -d '{"name":"Hello", "userId": 2}' \
  -H 'Content-Type: application/json'
```
2022-10-11 15:33:25 +01:00