feat: api v2 GET booking attendees endpoint#27664
Merged
Ryukemeister merged 48 commits intomainfrom Mar 6, 2026
Merged
Conversation
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
…meZone Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
GET booking attendees endpoint api v2
GET booking attendees endpoint api v2GET booking attendees endpoint
Contributor
There was a problem hiding this comment.
1 issue found across 8 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/get-attendees.e2e-spec.ts">
<violation number="1" location="apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/get-attendees.e2e-spec.ts:158">
P2: The PR description explicitly requests a rate limiting test (5 req/min), but no such test exists in this suite. Consider adding an automated test to verify the `@Throttle` behavior, or document why it's tested manually.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/get-attendees.e2e-spec.ts
Show resolved
Hide resolved
Contributor
Devin AI is addressing Cubic AI's review feedbackNew feedback has been sent to the existing Devin session. ✅ Pushed commit |
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/get-attendees.e2e-spec.ts">
<violation number="1" location="apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/get-attendees.e2e-spec.ts:260">
P2: The rate-limiting test uses the same organizer token that the subsequent response-format test uses, so the token can still be blocked for 60s and make the next test flaky. Consider isolating rate-limit tests by running them last or using a fresh token/setup so later tests aren't throttled.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
apps/api/v2/src/ee/bookings/2024-08-13/controllers/e2e/get-attendees.e2e-spec.ts
Outdated
Show resolved
Hide resolved
Contributor
Devin AI is addressing Cubic AI's review feedbackNew feedback has been sent to the existing Devin session. ✅ No changes pushed |
Contributor
Author
Sounds good — I'll keep this PR scoped to just the new endpoints. I've made both GET endpoints return the same |
supalarry
previously approved these changes
Mar 2, 2026
ThyMinimalDev
previously approved these changes
Mar 5, 2026
Contributor
Devin AI is resolving merge conflictsThis PR has merge conflicts with the Devin will:
If you prefer to resolve conflicts manually, you can close the Devin session and handle it yourself. |
Resolved 4 conflicts in docs/api-reference/v2/openapi.json: - Kept PR's GET booking attendees endpoints alongside shared POST endpoint - Adopted main's items wrapper structure for webhook triggers enums (2 instances) - Kept PR's new schema definitions (BookingAttendeeWithId, GetBookingAttendeesOutput, GetBookingAttendeeOutput) alongside shared schemas Co-Authored-By: bot_apk <apk@cognition.ai>
883d0c5
ThyMinimalDev
approved these changes
Mar 6, 2026
lifeofgurpreet
added a commit
to Biji-Biji-Initiative/cal.com
that referenced
this pull request
Apr 6, 2026
* fix: include seed files in cache-db key to prevent stale DB cache (#28284)
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* feat: add upgrade banners for teams and organizations (#27650)
* feat: enable microsoft sign ups (#28080)
* fix: trigger lingo.dev by removing duplicate value
* under progress
* wow this worked
* migrate schema
* fix types
* fix import for google login
* Add onboarding tests for Azure (Microsoft sign up)
* add comments back
* fix failing test
* fix: update Outlook login configuration and improve type safety in authentication adapter
- Set OUTLOOK_LOGIN_ENABLED to false in .env.example
- Refactor getServerSideProps to directly use samlTenantID and samlProductID
- Update linkAccount method in next-auth-custom-adapter for better type handling
- Remove redundant comment in next-auth-options related to Azure AD email verification
* remove log
* remove debug log from signin callback in next-auth options
* fixup
* chore: standardize naming
* chore: add primary calendar for outlook, verify email and auto link org for outlook
* chore: helper fns
* chore: implement cubic feedback
* cleanup
* chore: implement cubic feedback again
* WIP design#
* feat: login design
* fix: map identity provider names correctly
* 32px of mt
* fix: login UI
* fix: type check
* fix: fix type check again
* chore: update OAuth login tests
* fixup
* fix: bad import
* chore: update tests
* fixup
* fix: locales test
* chore: implement PR feedback and fix minor issues
* fix: revert token spreading change
* fix: merge conflicts
* chore: revert signup view changes
* fixup: bring back reverted changes because of merge conflicts
* fix: disable email input when microsoft sign in is in progress
* chore: implement cubic feedback
* cleanup: unused variables
* fix: address Cubic AI review feedback (confidence >= 9/10)
- Remove userId (PII) from log payloads in updateProfilePhotoMicrosoft.ts
- Replace text selectors with data-testid in locale.e2e.ts and oauth-provider.e2e.ts
- Restore callbackUrl redirect parameter in signup link in login-view.tsx
- Add data-testid='login-subtitle' to login page subtitle element
Co-Authored-By: unknown <>
* fix: use empty alt for decorative icon images in login view
MicrosoftIcon and GoogleIcon are decorative (adjacent to text labels),
so they should have empty alt attributes per accessibility best practices.
Co-Authored-By: unknown <>
* chore: implement cubic feedback
* cleanup
* fixup
* chore: implement PR feedback
* chore: implement feedback
* fix: address PR review feedback - type safety and centralize constants
- Replace non-null assertions (!) with proper null checks for OUTLOOK_CLIENT_ID/SECRET
- Replace `as any` casting with `Record<string, unknown>` for OAuth profile claims
- Remove non-null assertion on account.access_token by adding conditional check
- Centralize Outlook env constants in @calcom/lib/constants alongside MICROSOFT_CALENDAR_SCOPES
- Add explanatory comment for getNextAuthProviderName usage in get.handler.ts
Co-Authored-By: unknown <>
* Revert "fix: address PR review feedback - type safety and centralize constants"
This reverts commit 91ace141e6a28a23deea5897f7f9d6ad80319d84.
* chore: implement feedback
* chore: cleanup
* chore: implement feedback
* fix: merge conflicts
* fix: revert formatting-only changes in packages/lib/constants.ts
Co-Authored-By: unknown <>
* fix: revert IdentityProvider enum location change in schema.prisma
Co-Authored-By: unknown <>
* chore: implement more PR feedback
* fix: restore database-derived profileId from determineProfile in OAuth JWT
The profileId regression was identified by Cubic AI (confidence 9/10).
Previously, determineProfile's returned id was used to set profileId in the
JWT via 'profileResult.id ?? token.profileId ?? null'. A recent refactor
changed this to 'token.profileId ?? null', which drops the database-derived
profile ID. On first OAuth login (or when profile switcher is disabled),
token.profileId is likely null, so profileId would incorrectly be set to
null even though determineProfile returned a valid profile with an id.
This commit restores the correct priority chain:
visitorProfileId ?? token.profileId ?? null
Co-Authored-By: bot_apk <apk@cognition.ai>
* refactor: revert pure formatting and import reordering changes
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* fix: normalize determineProfile return type to use consistent 'id' field
The determineProfile function returned a union type where one branch used
'id' and the other used 'profileId'. This caused TS2339 when destructuring
'id' from the result. Normalize the token.upId branch to also return 'id'
(mapped from token.profileId) so the return type is consistent.
Co-Authored-By: bot_apk <apk@cognition.ai>
* chore: add tests
* reveret: profileId changes should be in a separate PR
* fix: avoid logging entire existingUser object in OAuth JWT callback
Revert to logging only { userId, upId } instead of the full existingUser
object, which contains PII (email, name, identity provider details).
This restores the previous safe logging pattern.
Co-Authored-By: bot_apk <apk@cognition.ai>
* chore: remove profileId related tests
---------
Co-authored-by: amrit <iamamrit27@gmail.com>
Co-authored-by: Devanshu Sharma <devanshusharma658@gmail.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Sean Brydon <sean@cal.com>
Co-authored-by: bot_apk <apk@cognition.ai>
* fix: correct webhook triggers OpenAPI type from string to array (#28288)
* fix(api): correct webhook triggers OpenAPI type from string to array
* chore: update .github/oasdiff-err-ignore.txt to allow schema change
* feat: api v2 `GET` booking attendees endpoint (#27664)
* feat: add booking attendees endpoint to API v2
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* feat: add rate limiting to booking attendees endpoint
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* refactor: simplify attendees output to id, bookingId, name, email, timeZone
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* test: add E2E tests for booking attendees endpoint
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* chore: update bookings repository
* fixup: add pbac guards and update service logic
* chore: update openapi spec
* test: add rate limiting E2E test for booking attendees endpoint
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* fix: tests
* fix: return 404 instead of 403 for non-existent booking in BookingPbacGuard
The BookingPbacGuard was returning 403 (Forbidden) for non-existent bookings
because doesUserIdHaveAccessToBooking returns false when a booking doesn't
exist, which the guard treated as an access denial.
Added an explicit booking existence check in the guard before the access
check, so non-existent bookings now correctly return 404 (Not Found) as
documented in the PR description.
Updated the E2E test to expect 404 for non-existent booking UIDs.
Issue identified by cubic.
Co-Authored-By: unknown <>
* fixup
* fix: return 404 instead of 403 for non-existent booking in attendees endpoint
BookingPbacGuard now checks booking existence before the access check,
returning 404 (Not Found) instead of 403 (Forbidden) for non-existent
booking UIDs. Updated the E2E test assertion and description to match.
Issue identified by cubic (confidence 9/10).
Co-Authored-By: unknown <>
* chore: implement PR feedback
* chore: update tests
* fixup
* chore: update endpoint decsription
* feat: endpoint to retrieve specific attendee
* chore: update e2e tests
* chore: implement cubic feedback
* fix: update test to expect 403 for non-existent booking UID (BookingPbacGuard behavior)
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* fix: merge conflicts
* feat: endpoint to get attendees
* chore: update findByUidIncludeEventTypeAttendeesAndUser method
* chore: implement PR feedback
* fix: e2e tests
* chore: update e2e tests
* fixup fixup
* fix: remove phoneNumber assertion since it's optional and not provided in test
* chore: implement PR feedback
* fix: keep the same output shape for get attendees and get attendee endpoint
* chore: update openapi spec
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: bot_apk <apk@cognition.ai>
* fix: use path.sep in redirect-apps template exclusion for Windows compatibility (#28301)
* fix: use path.sep in redirect-apps template exclusion for Windows compatibility
* fix: normalize backslashes instead of using path.sep
---------
Co-authored-by: Romit <85230081+romitg2@users.noreply.github.com>
* fix: create user with team in teams page E2E test (#28313)
The 'should render the /teams page' test was failing because PR #27650
introduced a showHeader flag that hides the 'Teams' heading for users
without teams. Other tests in the file were updated to create users
with hasTeam: true, but this test was missed.
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: update docker-compose volume mount for PostgreSQL 18+ compatibility (#28282)
PostgreSQL 18+ stores data in /var/lib/postgresql/18/main instead of
/var/lib/postgresql/data. The volume mount needs to be at /var/lib/postgresql
to capture the new directory structure.
Fixes #28281
* fix: remove unreachable code in deleteDomain function (#28312)
The deleteDomain function had a 'return false' statement after
'return isDomainDeleted && isDnsRecordDeleted' which could never
be reached.
Co-authored-by: Harshith Kumar <mharshithkumar6@gmail.com>
* fix: load dayjs utc plugin before timezone plugin (#28314)
Day.js requires the 'utc' plugin to be loaded before the 'timezone'
plugin to correctly apply timezone offsets during formatting.
This fixes an issue where the Bookings Dashboard displayed UTC time
but labeled it with the user's timezone.
Fixes #28193
Co-authored-by: Harshith Kumar <mharshithkumar6@gmail.com>
Co-authored-by: Romit <85230081+romitg2@users.noreply.github.com>
* fix: add routing page to enable client-side navigation from sidebar (#27862)
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* feat: make source required on EventBusyDetails for Troubleshooter display (#27088)
* feat: make source required on EventBusyDetails for Troubleshooter display
- Make source a required property on EventBusyDetails type
- Update LimitManager to accept and store source when adding busy times
- Add user-friendly source names for all busy time types:
- 'Booking Limit' for booking limit busy times
- 'Duration Limit' for duration limit busy times
- 'Team Booking Limit' for team booking limit busy times
- 'Buffer Time' for seated event buffer times
- 'Calendar' for external calendar busy times
- Ensure all entries in detailedBusyTimes have source set
- Cover includeManagedEventsInLimits and teamBookingLimits branches
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: add limit value and unit metadata to busy time sources
- Include limit value and unit in source strings for Troubleshooter display
- Booking Limit: shows as 'Booking Limit: 5 per day'
- Duration Limit: shows as 'Duration Limit: 120 min per week'
- Team Booking Limit: shows as 'Team Booking Limit: 10 per month'
- Preserves existing calendar sources (e.g., 'google-calendar')
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: enhance busy time management with new limit sources
- Introduced new limit sources for busy times, including event booking and duration limits, with user-friendly titles for display.
- Updated LimitManager to accept and store detailed busy time information, including title and source.
- Refactored busy time addition logic across various services to utilize the new structure, improving clarity and maintainability.
* fixes
* feat: conditionally include source and translate busy time titles
- Add withSource parameter to conditionally include/exclude source from response
- Translate busy time titles on frontend using useLocale hook
- Source is only included when withSource=true (for Troubleshooter display)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: enhance user availability service and busy time handling
- Updated LargeCalendar component to include event ID check for enabling busy times.
- Added translation for "busy" in common.json for better user experience.
- Refactored getUserAvailability service to include new method for fetching user availability with busy times from limits.
- Introduced parseLimits function to streamline booking and duration limit parsing.
- Improved error handling in user handler for better user feedback.
* refactor: remove unnecessary timeZone: undefined from addBusyTime calls
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: add buffer_time and calendar translation keys for busy times
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: add event source to calendar components and improve busy time handling
- Updated EventList component to include event source in data attributes for better tracking.
- Enhanced LargeCalendar component to pass event
* fix: add missing source property to Date Override calendar event
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: use 'date-override' as source for Date Override calendar events
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* Avoid type assertion
* fix: pass both bookingLimits and durationLimits to getStartEndDateforLimitCheck (#27898)
* test: add unit tests for getUserAvailabilityIncludingBusyTimesFromLimits
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: pass both bookingLimits and durationLimits to getStartEndDateforLimitCheck
- Fix bug where bookingLimits || durationLimits was passed as single param
- Skip getBusyTimesForLimitChecks when eventType has no limits
- Remove as never casts, use proper typing for mock dependencies
- Replace expect.any(String) with exact ISO date assertions
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: replace loose assertions with exact values in tests
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: address review feedback on busy time sources
- Fix t("busy") fallback to t("busy_time.busy") for correct translation lookup
- Add missing title property to buffer time entries for Troubleshooter display
- Use descriptive debug strings for buffer time source field
- Fix import ordering in LargeCalendar.tsx
Co-authored-by: Hariom Balhara <hariombalhara@gmail.com>
Co-Authored-By: unknown <>
* fix: preserve pre-existing busyTimesFromLimitsBookings from initialData
Address review feedback from @hariombalhara (comment #30, #31):
- Initialize busyTimesFromLimitsBookings from initialData instead of []
to avoid silently overwriting pre-existing data with an empty array
- Use conditional spread to only include busyTimesFromLimitsBookings
when it has a value
- Add test verifying pre-existing busyTimesFromLimitsBookings is
preserved and passed through to _getUserAvailability
- Add test verifying busyTimesFromLimitsBookings is not passed when
there are no limits and no initialData bookings
Co-authored-by: Hariom Balhara <hariombalhara@gmail.com>
Co-Authored-By: bot_apk <apk@cognition.ai>
* fix: pass fetched eventType to _getUserAvailability to avoid duplicate DB query
Addresses Devin Review comment r2863593564: the wrapper method fetches
eventType but wasn't passing it through, causing _getUserAvailability to
re-fetch the same eventType from the database.
Also adds a test verifying eventType is forwarded correctly.
Co-Authored-By: bot_apk <apk@cognition.ai>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Udit Takkar <53316345+Udit-takkar@users.noreply.github.com>
Co-authored-by: bot_apk <apk@cognition.ai>
* fix: replace fragile CSS selector with data-testid in locale E2E tests (#28329)
The locale E2E tests (de->ar and de->pt-BR) were flaky because they used
a brittle CSS selector (.bg-default > div > div:nth-child(2)) to click
the language dropdown. This selector was susceptible to react-select's
internal Input wrapper element intercepting pointer events.
Changes:
- Add data-testid='locale-select' to the language Select in general settings
- Replace CSS path selectors with getByTestId('locale-select') in tests
- Replace text selector for pt-BR with getByTestId('select-option-pt-BR')
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* perf: batch DB operations in createAttributesScenario to avoid CI timeout (#28320)
* perf: batch DB operations in performance test setup to avoid CI timeout
Replace ~5200 sequential DB inserts with batch createMany() operations
in createHugeAttributesOfTypeSingleSelect. The test was timing out at
60s on 2-vCPU CI runners because the setup phase alone (creating 400
users, 800 memberships, 4000 attribute assignments one-by-one) exceeded
the timeout before the actual logic under test even ran.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* perf: optimize createAttributesScenario with batch DB operations
Move batch DB operations (createMany) into the shared createAttributesScenario
helper so all tests benefit, not just the performance test. Simplify
createHugeAttributesOfTypeSingleSelect to delegate to the optimized helper.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* Revert "perf: optimize createAttributesScenario with batch DB operations"
This reverts commit c739edd3718796d61f6510ea3a9155065b69a1ce.
* Revert "perf: batch DB operations in performance test setup to avoid CI timeout"
This reverts commit ff6642ae49190c42dd8673a12ee11c8c971370b4.
* perf: optimize createAttributesScenario with batch DB operations
Replace sequential prisma.*.create() calls in the shared createAttributesScenario
helper with batch createMany() calls, reducing ~5,200 sequential DB operations to
~10 batch operations. Simplify createHugeAttributesOfTypeSingleSelect to delegate
to the optimized helper instead of duplicating batch logic.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* fix: preserve deterministic user ordering in createAttributesScenario
Map users by email after findMany to ensure the index-based attribute
assignment matches the original userDataList order, since findMany does
not guarantee return order.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* revert: make test timeout back to 1 min
* refactor: extract batch helpers createTestUsers, createTestMembershipsForUsers, createTestAttributeAssignments
Organize batch DB operations from createAttributesScenario into
reusable helper functions mirroring the existing single-record helpers.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* cleanup: remove unused single-record helpers and JSDoc comments
Remove createTestUser, createTestMemberships, createTestAttributeAssignment
(now replaced by batch versions). Remove added comments.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* chore
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: remove TeamsCTA from teams loading skeleton (#28323)
* fix: resolve duplicate new-team-btn selector in teams E2E test
Remove TeamsCTA from the loading skeleton to prevent duplicate
data-testid='new-team-btn' elements in the DOM during Next.js
streaming SSR. The skeleton's Suspense fallback and the resolved
page content can briefly coexist, causing Playwright's strict
mode to fail when both contain the same test ID.
Also use .first() in the E2E test as a defensive measure.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* fix: assert single new-team-btn element instead of using .first()
Address Cubic AI review feedback: use toHaveCount(1) assertion
to ensure exactly one new-team-btn exists, rather than .first()
which could mask duplicate-element regressions.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
* fix: revert test changes, only remove CTA from skeleton
Per user feedback: only change needed is removing TeamsCTA from
the loading skeleton to prevent users without a team plan from
bypassing the upgrade banner via the skeleton CTA.
Co-Authored-By: romitgabani1 <romitgabani1.work@gmail.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: wait for networkidle in locale e2e tests to avoid hydration race condition (#28341)
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* feat: make impersonatedByUserUuid required across booking audit flows (#26546)
* Integrate creation/rescheduling booking audit
* fix: add missing hostUserUuid to booking audit test data
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix-ci
* feat: enhance booking audit with seat reference
- Added support for seat reference in booking audit actions.
- Updated localization for booking creation to include seat information.
- Modified relevant services to pass attendee seat ID during booking creation.
* fix: update test data to match schema requirements
- Add seatReferenceUid: null to default mock audit log data
- Add seatReferenceUid: null to multiple audit logs test case
- Convert SEAT_RESCHEDULED test data to use numeric timestamps instead of ISO strings
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* Allow nullish seatReferenceUid
* feat: enhance booking audit to support rescheduledBy information
- Updated booking audit actions to include rescheduledBy details, allowing tracking of who rescheduled a booking.
- Refactored related services to accommodate the new rescheduledBy parameter in booking events.
- Adjusted type definitions and function signatures to reflect the changes in the booking audit context.
* Avoid possible run time issue
* Fix imoport path
* fix failing test due to merge from main\
* Pass useruuid
* chore: retrigger CI (flaky unit test)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: add context parameter to bulk audit methods for impersonation support
- Add context parameter to queueBulkCreatedAudit and queueBulkRescheduledAudit in BookingAuditProducerService interface
- Add context parameter to BookingAuditTaskerProducerService implementation
- Add context parameter to onBulkBookingsCreated and onBulkBookingsRescheduled in BookingEventHandlerService
- Update RegularBookingService.fireBookingEvents to accept and pass impersonation context
- Update RecurringBookingService.fireBookingEvents to accept and pass impersonation context
- Update handleSeats to accept and pass impersonation context
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* chore: Integrate mark-no-show booking audit
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Simplify host no-show audit and add comment for attendee actor
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: make impersonatedByUserUuid required with explicit null for non-impersonation cases
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: integrate impersonatedByUserUuid into booking cancellation audit flow
- Add impersonatedByUserUuid to CancelBookingInput and CancelBookingMeta types
- Pass audit context with impersonatedBy to onBookingCancelled and onBulkBookingsCancelled
- Update all cancel booking call sites to pass impersonatedByUserUuid:
- Web app cancel route: uses session impersonatedBy
- API v1 and v2: explicitly set to null (no impersonation support)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: make impersonatedByUserUuid optional and remove explicit null assignments
- Changed impersonatedByUserUuid from required (string | null) to optional (string?)
- Removed explicit null assignments from API v1 and v2 endpoints
- Keep impersonatedByUserUuid only where impersonation actually occurs (web app)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* Apply suggestions from code review
Rfemove unnecessary comment
* fix: restore bookingMeta variable in createBookingForApiV1
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Make actionSource required with ValidActionSource type and remove unnecessary comments
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Remove merge conflict markers from bookings.service.ts
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: implement SYSTEM as a booking audit source for background tasks, including no-show triggers.
* refactor: Move prisma query to BookingRepository for audit logging
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* Conflict resolution
* refactor: introduce `handleMarkHostNoShow` for public viewer and standardize actor and action source parameters for no-show actions.
* refactor: Combine HostNoShowUpdatedAuditActionService and AttendeeNoShowUpdatedAuditActionService into NoShowUpdatedActionService
- Create new NoShowUpdatedAuditActionService with combined schema supporting both noShowHost and noShowAttendee as optional fields
- Update BookingAuditActionServiceRegistry to use combined service with NO_SHOW_UPDATED action type
- Update BookingAuditTaskerProducerService with single queueNoShowUpdatedAudit method
- Update BookingAuditProducerService.interface.ts with combined method
- Update BookingEventHandlerService with single onNoShowUpdated method
- Update handleMarkNoShow.ts to use combined audit service
- Update tasker tasks (triggerGuestNoShow, triggerHostNoShow) to use combined service
- Add NO_SHOW_UPDATED to Prisma BookingAuditAction enum
- Remove old separate HostNoShowUpdatedAuditActionService and AttendeeNoShowUpdatedAuditActionService files
This allows a single API action (e.g., API V2 markAbsent) that updates both host and attendee no-show status to be logged as a single audit event.
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* chore: Add migration for NO_SHOW_UPDATED audit action enum value
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Update no-show audit schema to use host and attendees array
- Rename noShowHost to host and noShowAttendee to attendees (remove redundant prefix)
- Change attendees from single value to array to support multiple attendees in single audit entry
- Update handleMarkNoShow.ts to create single audit entry for all attendees
- Update tasker tasks (triggerGuestNoShow, triggerHostNoShow) to use new schema
- Update display data types to reflect new schema structure
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* Update schema to be more clear. Call onNoShowUpdated immediately after DB update as audit only cares about DB update, and this would avoid any accidental Audit update on DB change
* chore: accommodate schema changes and fix type errors for no-show audit
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Update migration to remove old no-show enum values
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Use updated attendees in webhook payload for guest no-show
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Remove duplicate imports and fix actor parameter in bookings.service.ts
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Move booking query to BookingRepository and remove unused method
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: centralize no-show audit event firing and attendee fetching within `handleMarkNoShow` for improved clarity.
* fix: Build attendeesNoShow as Record with attendee IDs as keys
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* Fix and add tests for handleMarkBoShow
* refactor: Move prisma queries to AttendeeRepository and BookingRepository
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Correct return type for updateNoShow method (noShow can be null)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Update handleMarkNoShow tests to mock new repository methods
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix triggerGuestNoShow
* refactor: Move triggerGuestNoShow queries to AttendeeRepository and add unit tests
- Add new methods to AttendeeRepository:
- findByBookingId: Get attendees with id, email, noShow
- findByBookingIdWithDetails: Get full attendee details
- updateManyNoShowByBookingIdAndEmails: Update specific attendees
- updateManyNoShowByBookingIdExcludingEmails: Update all except specific emails
- Refactor triggerGuestNoShow.ts to use AttendeeRepository instead of direct Prisma calls
- Add comprehensive unit tests for triggerGuestNoShow following handleMarkNoShow.test.ts pattern:
- Mock repositories and external services
- In-memory DB simulation
- Test core functionality, audit logging, webhook payload, error handling, and edge cases
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Move triggerHostNoShow queries to repositories and delete unit test file
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Convert repository methods to use named parameters objects
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Enhance no-show handling by consolidating audit logging and updating repository interactions
- Refactor `buildResultPayload` to accept a structured argument for better clarity.
- Update `updateAttendees` to use a named parameter object for improved readability.
- Introduce `fireNoShowUpdatedEvent` to centralize no-show audit logging for both hosts and guests.
- Remove redundant methods and streamline attendee retrieval in `AttendeeRepository`.
- Add comprehensive unit tests for no-show event handling, ensuring accurate audit logging and webhook triggering.
* test: Add tests for handleMarkHostNoShow guest actor and unmarking host no-show
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: update attendeesNoShow validation to handle numeric keys
- Changed attendeesNoShow schema to use z.coerce.number() for key validation, ensuring string keys are correctly coerced to numbers.
- Updated test to validate attendeesNoShow data using numeric key comparison, improving robustness of the audit data checks.
* test: Add integration tests for NoShowUpdatedAuditActionService coerce fix
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: add graceful error handling for audit log enrichment
- Add hasError field to EnrichedAuditLog type
- Create buildFallbackAuditLog() method for failed enrichments
- Wrap enrichAuditLog() in try-catch to handle errors gracefully
- Add booking_audit_action.error_processing translation key
- Update BookingHistory.tsx to show warning icon for error logs
- Hide 'Show details' button for logs with hasError
- Add comprehensive test cases for error handling scenarios
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* feat: Enhance booking audit action services with new display fields and improved validation
- Added "attendee_no_show_updated" and "no_show_updated" translations to common.json.
- Updated IAuditActionService to include new methods for handling display fields and migration.
- Enhanced NoShowUpdatedAuditActionService to differentiate between host and attendee no-show updates.
- Improved ReassignmentAuditActionService to ensure consistent handling of audit data.
- Refactored BookingAuditViewerService for better clarity and maintainability.
* refactor: Use attendeeEmail instead of attendeeId as key in audit data and store host's userUuid
- Updated schema to use attendee email as key instead of attendee ID because attendee records can be reused with different person's data
- Store host's userUuid in audit data with format: host: { userUuid, noShow: { old, new } }
- Updated fireNoShowUpdated to accept hostUserUuid parameter
- Added uuid field to BookingRepository.findByUidIncludeEventTypeAttendeesAndUser
- Updated NoShowUpdatedAuditActionService getDisplayFields to work with email-based keys
- Added attendeeRepository to DI modules for BookingAuditTaskConsumer
- Updated tests to match new schema format
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* test: Update integration tests to use new schema format with host.userUuid and email keys
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: correct audit schema for SYSTEM source and ensure attendee lookup by bookingId
- Fix schema inconsistency: use host.userUuid format instead of hostNoShow
- Add user.uuid to getBooking select for audit logging
- Log warning when hostUserUuid is undefined but host no-show is being updated
- Use email as key for attendeesNoShow (not attendee ID) to match schema
- Fetch attendees by bookingId before updating to ensure correct scoping
- Remove unused safeStringify import
* refactor: Change attendeesNoShow schema from Record to Array format
- Update NoShowUpdatedAuditActionService schema to use array format:
attendeesNoShow: Array<{attendeeEmail: string, noShow: {old, new}}>
- Update handleMarkNoShow.ts to build attendeesNoShow as array
- Update common.ts fireNoShowUpdatedEvent to convert Map to array
- Update all tests to use new array format with attendeeEmail property
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Update attendeesNoShow schema to use array format in triggerNoShow tasks
- Refactor `triggerGuestNoShow` and `triggerHostNoShow` to replace Map with array for `attendeesNoShowAudit`.
- Update `fireNoShowUpdatedEvent` to handle the new array format for attendees.
- Ensure consistent data structure across no-show audit logging for better clarity and maintainability.
* fix: Update ReassignmentAuditActionService to use GetDisplayFieldsParams interface
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Update ReassignmentAuditActionService tests to use GetDisplayFieldsParams interface
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Use handleMarkAttendeeNoShow for API v2 mark absent endpoint
- Export handleMarkAttendeeNoShow from platform-libraries
- Update API v2 bookings service to use handleMarkAttendeeNoShow with actionSource
- Add validation for userUuid before calling handleMarkAttendeeNoShow
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Enhance display fields structure in booking audit components
- Updated `BookingHistory.tsx` to allow for more flexible display fields, including optional raw values and arrays of values.
- Introduced `DisplayFieldValue` component for rendering display fields, improving clarity and maintainability.
- Adjusted `IAuditActionService` and `NoShowUpdatedAuditActionService` to align with the new display fields structure.
- Ensured consistent handling of display fields across the booking audit service for better data representation.
* fix: Remove debug code that duplicated first attendee in display fields
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Update attendee repository methods to use structured parameters
- Modified `updateNoShow`, `updateManyNoShowByBookingIdAndEmails`, and `updateManyNoShowByBookingIdExcludingEmails` methods to accept structured `where` and `data` parameters for better clarity and maintainability.
- Updated calls to these methods throughout the codebase to reflect the new parameter structure.
- Removed unused `findByIdWithNoShow` method and adjusted related logic to streamline attendee data retrieval.
* feat: Add infrastructure for no-show audit integration
- Add Prisma migrations for SYSTEM source and NO_SHOW_UPDATED audit action
- Add NoShowUpdatedAuditActionService with array-based attendeesNoShow schema
- Update BookingAuditActionServiceRegistry to include NO_SHOW_UPDATED
- Update BookingAuditTaskConsumer and BookingAuditViewerService
- Add AttendeeRepository methods for no-show queries
- Update IAuditActionService interface with values array support
- Update locales with no-show audit translation keys
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Add NO_SHOW_UPDATED to BookingAuditAction and SYSTEM to ActionSource types
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Remove HOST_NO_SHOW_UPDATED and ATTENDEE_NO_SHOW_UPDATED from BookingAuditAction type to match Prisma schema
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Update BookingAuditActionSchema to use NO_SHOW_UPDATED instead of HOST_NO_SHOW_UPDATED and ATTENDEE_NO_SHOW_UPDATED
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: Remove deprecated no-show audit services and unify to NoShowUpdatedAuditActionService
- Delete HostNoShowUpdatedAuditActionService and AttendeeNoShowUpdatedAuditActionService
- Update BookingAuditProducerService.interface.ts to use queueNoShowUpdatedAudit
- Update BookingAuditTaskerProducerService.ts to use queueNoShowUpdatedAudit
- Update BookingEventHandlerService.ts to use onNoShowUpdated
- Add integration tests for NoShowUpdatedAuditActionService
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: Update test mock to match new AttendeeRepository.updateNoShow signature
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* refactor: rename handleMarkAttendeeNoShow to handleMarkNoShow and update related types
- Renamed `handleMarkAttendeeNoShow` to `handleMarkNoShow` for clarity.
- Updated type definitions to reflect the new naming convention.
- Modified the `markNoShow` handler to require `userUuid` and adjusted related logic.
- Enhanced the `fireNoShowUpdatedEvent` to accommodate changes in event type structure.
- Updated references across various files to ensure consistency with the new function name.
* handle null value
* fix: add explicit parentheses for operator precedence clarity
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* Fix cubic reported bug
* feat: add impersonation audit support to no-show flow (#27601)
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* feat: add impersonatedByUserUuid context to all BookingEventHandler calls (#27602)
- Add context parameter to confirm.handler.ts (onBulkBookingsRejected, onBookingRejected)
- Add context parameter to requestReschedule.handler.ts (onRescheduleRequested)
- Add context parameter to editLocation.handler.ts (onLocationChanged)
- Add context parameter to addGuests.handler.ts (onAttendeeAdded)
- Add context parameter to handleConfirmation.ts (onBulkBookingsAccepted, onBookingAccepted)
- Update _router.tsx to pass impersonatedByUserUuid from session to handlers
This ensures all BookingEventHandler method calls that have loggedInUser context
now properly support impersonation tracking for audit logging.
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: remove stray merge artifact in RegularBookingService
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: remove duplicate imports in BookingRepository
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: resolve type errors and duplicate declarations from merge
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: remove duplicate test assertions and duplicate test from merge artifacts
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: remove redundant ?? undefined from impersonatedByUserUuid
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: update impersonatedByUserUuid type to string | null for consistency
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: make impersonatedByUserUuid required in booking audit flows
Changes impersonatedByUserUuid from optional (?: string | null) to
required (: string | null) in all booking-related type definitions.
This ensures audit-critical parameters are never accidentally omitted.
Fixed all call sites to explicitly pass the value or null.
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: add impersonatedByUserUuid to remaining callers and tests
Adds impersonatedByUserUuid: null to API v1, API v2, and test callers
of handleCancelBooking that were missing the now-required parameter.
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: require impersonatedByUserUuid in DTOs and pass it across all booking flows (coalesce to null)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: add impersonatedByUserUuid to remaining call sites (confirm, markNoShow, webhook, tests)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: add impersonatedByUserUuid to confirm handler test and API v2 confirm/decline calls
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: derive impersonatedByUserUuid from session in reportBooking handler instead of hardcoding null
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: reorder spread to ensure impersonatedByUserUuid null fallback is not overwritten
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: add missing impersonatedByUserUuid to CalendarSyncService cancel and reschedule calls
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* fix: update CalendarSyncService tests to expect impersonatedByUserUuid
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* ci: retrigger failed checks (attempt 1)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* ci: retrigger failed checks (attempt 2)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* ci: retrigger failed checks (attempt 3)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* chore: bust prisma cache with comment change
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* ci: retrigger after cache bust (attempt 2)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
* ci: retrigger after cache bust (attempt 3)
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Udit Takkar <53316345+Udit-takkar@users.noreply.github.com>
Co-authored-by: Volnei Munhoz <volnei@cal.com>
* perf: add paginated host endpoints and repository methods for large teams (#28156)
* perf: add paginated host endpoints and delta-based host updates for event type editor
- New cursor-paginated tRPC endpoints: getHostsForAssignment, getHostsForAvailability, searchTeamMembers, getChildrenForAssignment, exportHostsForWeights, getHostsWithLocationOptions
- Delta-based host update support in update.handler.ts (pendingHostChanges, pendingChildrenChanges)
- Repository additions: EventTypeRepository.findChildrenByParentId, HostRepository pagination, MembershipRepository.searchMembers, UserRepository.findByIdsWithPagination
- Remove teamMembers from getEventTypeById initial load
- Shared types: PendingHostChangesInput, PendingChildrenChangesInput, HostUpdateInput
Co-Authored-By: unknown <>
* fix: revert getTranslation import path to @calcom/i18n/server
Co-Authored-By: unknown <>
* fix: guard findChildrenByParentId to only run when pendingChildrenChanges exists
Co-Authored-By: unknown <>
* refactor: remove delta-based saving logic from backend PR
Move pendingHostChanges/pendingChildrenChanges processing out of backend PR.
These changes belong in the frontend PR since they are tightly coupled
to the new frontend delta tracking components.
Backend PR now contains only read-side optimizations:
- Paginated host/children/member endpoints
- Repository methods
- getEventTypeById optimizations
Co-Authored-By: unknown <>
* refactor: move getEventTypeById changes to frontend PR for type safety
Reverts getEventTypeById.ts, eventTypeRepository.ts, API v2 atom service,
and platform libraries to main. The backend PR now only adds new
infrastructure (paginated endpoints, repository methods, findChildrenByParentId)
without changing existing return types. The getEventTypeById optimizations
will be in the frontend PR instead.
Co-Authored-By: unknown <>
* refactor: move findTeamMembersMatchingAttributeLogic pagination to frontend PR
The handler's return type change (adding nextCursor/total) breaks frontend
files on main that expect the old shape. Moving these changes to the
frontend PR keeps the backend PR purely additive.
Co-Authored-By: unknown <>
* fix: address Cubic review comments - empty array filter, stable total count, Set lookup
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* Fix inifnite pagination loop
Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: derive teamId from event type to prevent cross-team enumeration in exportHostsForWeights
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* fix: restore doc comment to correct method hasAnyTeamMembershipByUserId
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* fix: use memberUserIds?.length to handle empty array filter in findHostsForAssignmentPaginated
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* fix: use explicit undefined check for memberUserIds to preserve empty array semantics
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* refactor: rename findChildrenByParentId to findChildrenByParentIdIncludeOwner
The method selects owner with user profile data, so the name should
reflect the included relation per Cal.com repository naming conventions.
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* refactor: rename host repository methods to follow naming conventions
- findHostsForAvailabilityPaginated -> findHostsPaginatedIncludeUser
- findHostsForAssignmentPaginated -> findHostsPaginatedIncludeUserForAssignment
Repository methods should not be named after use-cases (Availability/Assignment)
but should describe what data they include, per Cal.com conventions.
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* refactor: standardize slice(0, limit) across all pagination methods
Replace slice(0, -1) with slice(0, limit) in all HostRepository
pagination methods for consistency. slice(0, limit) is clearer about
intent since it directly references the limit parameter.
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* perf: only run total count query on first page in findByIdsWithPagination
Wrap the count query in a !cursor guard so it only runs on the first
page request, avoiding an extra database query on every scroll.
Consistent with the hasFixedHosts optimization in HostRepository.
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* test: add integration tests for paginated host endpoints
Tests cover getHostsForAvailability and getHostsForAssignment handlers:
- Basic host retrieval
- Cursor-based pagination across multiple pages
- Host data fields (isFixed, priority, weight, name, email)
- Search filtering by name
- memberUserIds filtering (including empty array returning zero results)
- hasFixedHosts only present on first page
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* refactor: extract EventTypeHostService and make TRPC handlers thin
- Create EventTypeHostService at packages/features/host/services/ with all
DTO types and business logic for 5 event-type-host endpoints
- Refactor all 5 handlers to delegate to the service (thin handlers)
- Add 17 unit tests covering DTO mapping, authorization, segment filtering,
default values, and pagination pass-through
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* docs: add PR review context comments to EventTypeHostService
Reference key review decisions from PR #28156 as code comments:
- searchTeamMembers: membership check + repository delegation per @eunjae-lee
- exportHostsForWeights: cross-team enumeration security fix per @hariombalhara
- exportHostsForWeights: repository method instead of direct Prisma per @hariombalhara
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* Revert "docs: add PR review context comments to EventTypeHostService"
This reverts commit 1a1596e012e971f349f01339ce7572516042f1b3.
* fix: use explicit undefined/null check for memberUserIds in searchMembers
Fixes empty array semantics so memberUserIds: [] correctly returns zero
results instead of all members. Now consistent with HostRepository pattern
which uses 'memberUserIds !== undefined' instead of 'memberUserIds?.length'.
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* refactor: replace TRPCError with ErrorWithCode in EventTypeHostService
Per AGENTS.md rules, services in packages/features/ should use
ErrorWithCode instead of TRPCError. The errorConversionMiddleware
will automatically convert it to the appropriate TRPCError at the
router layer.
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* Remove comment
Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: remove unused teamId from exportHostsForWeights schema
teamId was originally accepted by the schema when the handler used it
directly. After the security fix to derive teamId server-side from the
event type, the field became dead code. Removing it to keep the API
contract accurate.
Co-Authored-By: joe@cal.com <j.auyeung419@gmail.com>
* Abstract types
* Update imports
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Udit Takkar <53316345+Udit-takkar@users.noreply.github.com>
* fix: rename OOO controller file to match NestJS Swagger plugin convention (#28342)
* fix: rename OOO controller file to match NestJS Swagger plugin convention for type generation
* fix: update organization module import
* feat: generate openapi docs
* fix: correct @ApiProperty types in verified resources outputs (#28340)
* fix(docs): corrects output response type for verified resources endpoints
* fix: udpate oasdiff-err-ignore.txt
* fix: corrects routing form response type (#28336)
* fix(docs): corrects routing form response type
* fix: update oasdiff-err-ignore
* fix: add missing OpenAPI ApiParam decorators to API v2 controllers (#28305)
* fix: add missing apiparam decorators
* chore: move api param to class level
* revert oasdiff
* chore
* fix: update oasdiff-err-ignore.txt
* chore
* fix: correct admin password banner message and auto-sign-out after 2FA enable (#28129)
* fix: correct admin password banner message to require both password length and 2FA
The banner message incorrectly used 'or' implying only one condition was needed,
but the code requires BOTH a password of at least 15 characters AND 2FA enabled.
Updated the message to clearly state both requirements and added a hint that
users need to log out and log back in after updating their security settings.
Fixes #9527
Co-Authored-By: unknown <>
* fix: auto-sign-out INACTIVE_ADMIN users after enabling 2FA
When an INACTIVE_ADMIN user enables 2FA, automatically sign them out so
they can log back in with refreshed session role, dismissing the banner.
This matches the existing behavior for password changes.
Co-Authored-By: unknown <>
* feat: add dynamic admin banner message based on inactiveAdminReason
Co-Authored-By: unknown <>
* Remove and add various localization strings
* Update common.json
* Add cookie consent checkbox message and remove entries
* test: add unit tests for AdminPasswordBanner and inactiveAdminReason logic
Co-Authored-By: unknown <>
* fix: add expires field to session mock to fix type check
Co-Authored-By: unknown <>
* fix: wrap CALENDSO_ENCRYPTION_KEY mutations in try/finally to prevent env state leaks
Addresses Cubic AI review feedback (confidence 9/10): when a test fails
early, the CALENDSO_ENCRYPTION_KEY env var was not being restored, which
could leak state into subsequent tests. Wrapped the env mutation in
try/finally blocks to guarantee cleanup.
Co-Authored-By: bot_apk <apk@cognition.ai>
* fix: add missing 'expires' field to buildSession in AdminPasswordBanner test
The Session type requires 'expires' to be a string, but buildSession was
not providing it, causing a type error caught by CI type-check.
Co-Authored-By: bot_apk <apk@cognition.ai>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: bot_apk <apk@cognition.ai>
* refactor: simplify redundant recurring event condition in EventTypeDescription (#28355)
Co-authored-by: Romit <85230081+romitg2@users.noreply.github.com>
* fix: allow hyphens, dots, and underscores in Dialpad meeting URL validation (#28253)
The Dialpad conferencing integration's URL regex only accepted
alphanumeric characters in the meeting room path ([a-zA-Z0-9]+),
causing valid personal meeting URLs containing hyphens, dots, or
underscores to fail validation.
For example, https://meetings.dialpad.com/mmit-russ is rejected
despite being a valid Dialpad personal meeting link. The sample URL
shown in the error message (alphanumeric only) passes, but
real-world room names commonly use hyphens and other characters.
Updated the urlRegExp character class from [a-zA-Z0-9] to
[a-zA-Z0-9._-] to match all valid Dialpad meeting room slugs.
Fixes issue introduced in #15444.
Co-authored-by: Sahitya Chandra <sahityajb@gmail.com>
* Fix Keycloak OIDC flow (#27716)
Some OIDC providers like Keycloak (v18+) include an `iss` (issuer) parameter in the authentication response for security (as per RFC 9207). The oidc route was explicitly extracting only `code` and `state`, thus losing the `iss` parameter and other potential parameters like `session_state`. When Jackson passed the incomplete set of parameters to `openid-client`, the library failed validation with the error `invalid response encountered` because it expected the `iss` parameter to be present if the server supports it.
Fixes #22238.
Co-authored-by: Sahitya Chandra <sahityajb@gmail.com>
* fix(app-store-cli): incorrect type annotation (#28319)
* fixup (#28365)
* fix: consolidate booking access checks into doesUserIdHaveAccessToBooking (#28071)
* fix: align checkBookingAccessWithPBAC with listing logic for personal event types
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* fix: align permission strings with doesUserIdHaveAccessToBooking granular permissions
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* change implementation
* remove unused code
* test: add getBookingDetails tests for personal event type booking access
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* fix: remove unused MembershipRole import
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* test: convert BookingDetailsService tests to integration tests
Replace unit tests with mocks by integration tests using real database.
Tests verify org/team admin access to personal event type bookings.
- Org admin viewing team member's personal event booking (fails on main, passes on PR)
- Team admin viewing team member's personal event booking (fails on main, passes on PR)
- Non-admin denied access (passes on both)
- Owner viewing own booking (passes on both)
- Non-existent booking returns Forbidden (passes on both)
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* test: refactor integration tests to use repositories instead of direct prisma calls
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* test: replace direct prisma usage with TestXXXRepository pattern in integration tests
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* test: use production repositories (OrganizationRepository, BookingRepository, UserRepository) instead of test repos for setup
Co-Authored-By: eunjae@cal.com <hey@eunjae.dev>
* test: inline test repository logic into integration test file
The TestXXXRepository classes were thin wrappers around single prisma
calls with barely any logic, so the indirection wasn't justified.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: Lyra App (#27370)
* feat: lyra conference app
* fix: lyra -> lyra meeting
* api url in env example
* feat: lyra oauth
* remove setup page
* fix: revision on feb 25 review
* production api url
* fix: final suggestions implementation
* yarn.lock revert
* chore: remove temporary plan files that were accidentally merged (#28381)
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Rajiv Sahal <sahalrajiv-extc@atharvacoe.ac.in>
* refactor: move useAppsData to features (#28098)
* refactor: move useAppsData to features + replace useIsPlatform with isPlatform prop in DisconnectIntegrationModal
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* refactor: remove old useAppsData from web (moved to features)
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* refactor: move `AppList` to features with slot props (#28100)
* refactor: move AppSetDefaultLinkDialog to features + inline QueryCell + fix broken type import
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* refactor: move AppList to features with slot props + delete AppListCard switcher
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
* fix: correct ConnectedApps type to avoid double nesting of items
Co-Authored-By: rajiv@cal.com <sahalrajiv6900@gmail.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: bot_apk <apk@cognition.ai>
* fix: correct Norwegian booking and cancellation (#28394)
* fix: add "Use a different email" button to verify-email page (#28398)
* fix: add "Use a different email" button to verify-email page
Closes #28393
* fix: address review feedback on verify-email page
- Use signOut({ callbackUrl }) instead of manual redirect
- Stack buttons vertically with flex-col
---------
Co-authored-by: Romit <85230081+romitg2@users.noreply.github.com>
* feat: add platform URL support for reschedule and cancel links in workflow emails (#27132)
* feat: add platform URL support for reschedule and cancel links in workflow emails
Co-Authored-By: morgan@cal.com <morgan@cal.com>
* feat: pass platform URL data to CalendarEventBuilder in workflow emails
Co-Authored-By: morgan@cal.com <morgan@cal.com>
* Revert "feat: pass platform URL data to CalendarEventBuilder in workflow emails"
This reverts commit 1d4d3623c93cd4eeeef18ffdad0597fe583b6a55.
* chore: provide platform metadat to workflow email task
* fixup! chore: provide platform metadat to workflow email task
* test: add unit tests for platform URL handling in EmailWorkflowService
Co-Authored-By: morgan@cal.com <morgan@cal.com>
* test: update WorkflowService tests to include platform params in tasker payload
Co-Authored-By: morgan@cal.com <morgan@cal.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* chore: remove duplicate translation key (#28409)
* fix(docs): correct ListSchedules prop name from getRedirectUrl to getScheduleUrl (#28419)
The documentation referenced `getRedirectUrl` but the actual component
prop is `getScheduleUrl`, causing the callback to silently not fire.
* feat(i18n): add Korean (ko) translations (#28426)
* feat(i18n): add Korean (ko) translations
* chore
---------
Co-authored-by: Romit <romitgabani1.work@gmail.com>
* feat(i18n): complete Vietnamese (vi) translations (#28442)
* feat(i18n): complete Swedish (sv) translations (#28439)
Co-authored-by: Romit <romitgabani1.work@gmail.com>
* feat(i18n): complete Ukrainian (uk) translations (#28440)
* feat(i18n): complete Ukrainian (uk) translations
* fix(i18n): restore missing placeholders in Ukrainian translations
Fix 6 placeholder issues identified by cubic:
- accept_our_license: fix malformed {{agree}} placeholder
- invalid_credential: restore {{appName}} placeholder
- invalid_event_name_variables: restore {{item}} placeholder
- signing_up_terms: restore {{appName}} placeholder
- entries_deleted_successfully: use {{count}} instead of ICU plural
- entries_deleted_with_errors: use {{success}}/{{failed}} instead of ICU plural
* Update packages/i18n/locales/uk/common.json
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* nits
---------
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: Romit <romitgabani1.work@gmail.com>
Co-authored-by: Romit <85230081+romitg2@users.noreply.github.com>
* feat(i18n): complete Turkish (tr) translations (#28441)
* feat(i18n): complete Turkish (tr) translations
* fix(i18n): fix nested objects and missing placeholders in Turkish translations
- Move booking_audit_action dotted keys into existing nested object
- Move busy_time dotted keys into proper nested object
- Restore missing {{appName}}, {{item}}, {{count}}, {{success}}, {{failed}} placeholders
- Replace ICU plural format with i18next {{variable}} format
* nits
---------
Co-authored-by: Romit <85230081+romitg2@users.noreply.github.com>
Co-authored-by: Romit <romitgabani1.work@gmail.com>
* feat: Sink url shortner for sms workflow reminders (#26608)
* feat: Sink url shortner for sms workflow reminders
* fix: remove hardcoded dub values
* update .env.example
* fix: unit tests
* chore: add tests for scheduleSmsReminder and utils
* review refactor
* fix: type check
* review refactor
* fix: update test to account for smsReminderNumber fallback from main
Co-Authored-By: unknown <>
* feat: add feature flag for sink and more tests to verify
* fix: type check
* use proper feature flags for sink
* Apply suggestion from @keithwillcode
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Keith Williams <keithwillcode@gmail.com>
* fix: add missing vi.mock() calls to prevent vitest worker shutdown flakiness (#28459)
* fix: add missing vi.mock() calls to prevent vitest worker shutdown flakiness
Add vi.mock() calls for modules that trigger background network requests
or database connections during import. These transitive imports can cause
the vitest worker RPC to shut down while pending fetch/network operations
are still in flight, resulting in flaky test failures with:
Error: [vitest-worker]: Closing rpc while "fetch" was pending
The primary modules mocked are:
- @calcom/app-store/delegationCredential (triggers credential lookups)
- @calcom/prisma (triggers database initialization)
- @calcom/features/calendars/lib/CalendarManager (triggers calendar API calls)
- @calcom/features/auth/lib/verifyEmail (triggers email service)
- @calcom/lib/domainManager/organization (triggers domain lookups)
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: remove conflicting empty prisma mocks from files with prismock/prismaMock setups
- Remove vi.mock('@calcom/prisma', () => ({ default: {}, prisma: {} })) from 28 files
that already have prismock/prismaMock test doubles. Vitest hoists all vi.mock() calls
and the last one wins, so these empty mocks were overriding the functional test doubles.
- Fix CalendarSubscriptionService.test.ts to reuse the shared mock from
__mocks__/delegationCredential instead of creating a new unconfigured vi.fn()
- Remove DelegationCredentialRepository.test.ts empty prisma mock (different pattern)
- Remove vi.mock from inside beforeEach in intentToCreateOrg.handler.test.ts
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: add comprehensive delegationCredential mock exports to prevent CI test failures
The vi.mock blocks for @calcom/app-store/delegationCredential were missing
exports that the code under test transitively imports (e.g.
enrichUsersWithDelegationCredentials, enrichUserWithDelegationCredentialsIncludeServiceAccountKey,
buildAllCredentials, getFirstDelegationConferencingCredentialAppLocation).
Added all exports with passthrough implementations so the booking flow
works correctly without triggering real network requests.
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: correct credential mock return shapes to match real module API
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* fix: revert unintended yarn.lock changes
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
* feat: add integration options for API v2 update booking location endpoint (#26363)
* init: improvements for update location endpoint
* chore: init function to update calendar event
* fix: bad imports
* chore: update calendar event when updating location
* chore: update platform libraries
* fix: update calendar event
* chore: update platform libraries
* chore: cleanup…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds a new
GET /v2/bookings/:bookingUid/attendeesendpoint to API v2, similar to the find-all-attendees endpoint in API v1. This endpoint retrieves all attendees for a specific booking.Changes:
BookingAttendeesController_2024_08_13with GET endpoints at/v2/bookings/:bookingUid/attendeesand/v2/bookings/:bookingUid/attendees/:attendeeIdBookingAttendeesService_2024_08_13to fetch and transform attendee dataGetBookingAttendeesOutput_2024_08_13andGetBookingAttendeeOutput_2024_08_13response DTOs with simplified output (id,bookingId,name,email,timeZoneonly)getByUidWithAttendeesrepository method inBookingsRepository_2024_08_13usingselectfor minimal data fetchingBookingsModule_2024_08_13Link to Devin run: https://app.devin.ai/sessions/eaca73aee7084c4b9895341aa000cfcf
Requested by: @Ryukemeister
Mandatory Tasks (DO NOT REMOVE)
How should this be tested?
GET /v2/bookings/{bookingUid}/attendeeswith valid API key/access tokenid,bookingId,name,email,timeZoneGET /v2/bookings/{bookingUid}/attendees/{attendeeId}to get a single attendeeExpected response (list):
{ "status": "success", "data": [ { "id": 251, "bookingId": 313, "name": "John Doe", "email": "john.doe@example.com", "timeZone": "Asia/Jerusalem" } ] }E2E test coverage (
get-attendees.e2e-spec.ts):id,bookingId,name,email,timeZone(nodisplayEmail,language,absent,phoneNumber)Known limitations
BookingPbacGuardreturns 403 when the booking doesn't exist becausedoesUserIdHaveAccessToBookingreturnsfalsefor missing bookings. The E2E test expects 403 to match this behavior. This is a pre-existing guard behavior, not specific to this endpoint.Human Review Checklist
packages/platform/types/bookings/2024-08-13/outputs/booking.output.ts(4-space vs 2-space forattendeesproperty) is intentional or should be revertedChecklist