Commit Graph

12 Commits (dc0a6eaa32374213cc352216fc87a95642238397)

Author SHA1 Message Date
Hariom Balhara 9c23a8e5ab
Security Fixes (#224)
Fixes - 2,3,4 security vulnerabilities reported in this message.
https://calendso.slack.com/archives/C03127U5S5Q/p1671922033089329

More Fixes
- Dont't allow a user to add a random attendee to a booking not owned by
him
- Don't allow a user to add a random cal user as an organizer of the
booking.
- Membership deletion should be as per the Privileges of
Owner,Admin,Member
2023-01-04 15:17:47 -07:00
zomars 604d937661 Linting 2022-12-20 11:58:30 -07:00
Carina Wollendorfer 161ebacfef
Don't allow team admins to give owner permissions (#221)
Throw an error if a user of a team with ADMIN permission tries to change
permission to OWNER (Bug#3)

Co-authored-by: CarinaWolli <wollencarina@gmail.com>
2022-12-20 10:45:24 -07:00
zomars c129586336 Linting 2022-12-08 16:34:09 -07:00
zomars 055699f612 Various import and type fixes 2022-11-25 06:58:21 -07:00
Omar López d1bbaef5c6
Refactor membership endpoints (#204)
refs #175

Co-authored-by: Alex van Andel <me@alexvanandel.com>
2022-10-21 13:54:28 -06:00
Agusti Fernandez Pardo 89dfa2efe1 feat all endpoints one id file 2022-04-04 21:39:30 +02:00
Agusti Fernandez Pardo 61819772bc fix all swagger docs, dont build templates 2022-04-03 17:47:18 +02:00
Agusti Fernandez Pardo 12de89294d swagger docs add params, memberships handle compoundId 2022-03-31 22:14:37 +02:00
Agusti Fernandez Pardo 1de7bc4146 prettier 2022-03-30 14:17:55 +02:00
Agusti Fernandez Pardo 20a93a13c9 feat: update users/teams/apiKeys to use middleware 2022-03-29 03:59:57 +02:00
Agusti Fernandez Pardo 8165977ec3 Adds basic CRUD endpoints for bookingReferences, Crendentials, DailyEventReferences, DestinationCalendars, EventTypeCustomInputs, Memberships, Schedules, and SelectedCalendars 2022-03-29 00:27:14 +02:00