Merge branch 'main' into cal-6307

Author: sahitya-chandra

.changeset/shiny-jokes-matter.md

@@ -74,8 +74,14 @@ jobs:
     uses: ./.github/workflows/e2e-embed-react.yml
     secrets: inherit
 
+  e2e-atoms:
+    name: Tests
+    needs: [lint, build, build-atoms, build-api-v2]
+    uses: ./.github/workflows/e2e-atoms.yml
+    secrets: inherit
+
   required:
-    needs: [lint, type-check, unit-test, integration-test, build, build-api-v1, build-api-v2, e2e, e2e-embed, e2e-embed-react, e2e-app-store]
+    needs: [lint, type-check, unit-test, integration-test, build, build-api-v1, build-api-v2, e2e, e2e-embed, e2e-embed-react, e2e-app-store, e2e-atoms]
     if: always()
     runs-on: buildjet-2vcpu-ubuntu-2204
     steps:

.changeset/stale-tires-report.md

@@ -1,15 +1,7 @@
 name: Atoms E2E Tests
 
 on:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - 'packages/platform/atoms/**'
-      - 'packages/platform/examples/base/**'
-      - 'apps/api/v2/**'
-      - '.github/workflows/atoms-e2e.yml'
-
+  workflow_call:
 permissions:
   actions: write
   contents: read
@@ -25,7 +17,7 @@ env:
   DATABASE_URL: ${{ secrets.CI_DATABASE_URL }}
 
 jobs:
-  atoms-e2e:
+  e2e-atoms:
     timeout-minutes: 15
     name: Atoms E2E Tests
     runs-on: buildjet-4vcpu-ubuntu-2204
@@ -45,13 +37,13 @@ jobs:
         uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: atoms-e2e-test-results
+          name: e2e-atoms-test-results
           path: test-results
           retention-days: 7
       - name: Upload Playwright Report
         uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: atoms-e2e-playwright-report
+          name: e2e-atoms-playwright-report
           path: playwright-report
           retention-days: 7

.changeset/tough-dingos-own.md

@@ -195,6 +195,13 @@ jobs:
     uses: ./.github/workflows/e2e-embed-react.yml
     secrets: inherit
 
+  e2e-atoms:
+    name: Tests
+    needs: [changes, check-label, build, build-atoms, build-api-v2]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/e2e-atoms.yml
+    secrets: inherit
+
   analyze:
     name: Analyze Build
     needs: [build]
@@ -204,7 +211,7 @@ jobs:
   merge-reports:
     name: Merge reports
     if: ${{ !cancelled() && needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
-    needs: [changes, check-label, e2e, e2e-embed, e2e-embed-react, e2e-app-store]
+    needs: [changes, check-label, e2e, e2e-embed, e2e-embed-react, e2e-app-store, e2e-atoms]
     uses: ./.github/workflows/merge-reports.yml
     secrets: inherit
 
@@ -249,6 +256,7 @@ jobs:
         e2e-embed,
         e2e-embed-react,
         e2e-app-store,
+        e2e-atoms,
       ]
     if: always()
     runs-on: buildjet-2vcpu-ubuntu-2204

.github/workflows/all-checks.yml

@@ -38,7 +38,7 @@
     "@axiomhq/winston": "^1.2.0",
     "@calcom/platform-constants": "*",
     "@calcom/platform-enums": "*",
-    "@calcom/platform-libraries": "npm:@calcom/[email protected].320",
+    "@calcom/platform-libraries": "npm:@calcom/[email protected].321",
     "@calcom/platform-types": "*",
     "@calcom/platform-utils": "*",
     "@calcom/prisma": "*",

.github/workflows/atoms-e2e.yml .github/workflows/e2e-atoms.yml.github/workflows/atoms-e2e.yml renamed to .github/workflows/e2e-atoms.yml

@@ -22,6 +22,7 @@ import { BookingSeatModule } from "@/modules/booking-seat/booking-seat.module";
 import { BookingSeatRepository } from "@/modules/booking-seat/booking-seat.repository";
 import { CredentialsRepository } from "@/modules/credentials/credentials.repository";
 import { KyselyModule } from "@/modules/kysely/kysely.module";
+import { MembershipsModule } from "@/modules/memberships/memberships.module";
 import { OAuthClientRepository } from "@/modules/oauth-clients/oauth-client.repository";
 import { OAuthClientUsersService } from "@/modules/oauth-clients/services/oauth-clients-users.service";
 import { OAuthFlowService } from "@/modules/oauth-clients/services/oauth-flow.service";
@@ -53,6 +54,7 @@ import { Module } from "@nestjs/common";
     StripeModule,
     TeamsModule,
     TeamsEventTypesModule,
+    MembershipsModule,
   ],
   providers: [
     TokensRepository,

.github/workflows/pr.yml

@@ -13,10 +13,14 @@ import { CalVideoService } from "@/ee/bookings/2024-08-13/services/cal-video.ser
 import { VERSION_2024_08_13_VALUE, VERSION_2024_08_13 } from "@/lib/api-versions";
 import { API_KEY_OR_ACCESS_TOKEN_HEADER } from "@/lib/docs/headers";
 import { PlatformPlan } from "@/modules/auth/decorators/billing/platform-plan.decorator";
+import {
+  AuthOptionalUser,
+  GetOptionalUser,
+} from "@/modules/auth/decorators/get-optional-user/get-optional-user.decorator";
 import { GetUser } from "@/modules/auth/decorators/get-user/get-user.decorator";
 import { Permissions } from "@/modules/auth/decorators/permissions/permissions.decorator";
-import { Roles } from "@/modules/auth/decorators/roles/roles.decorator";
 import { ApiAuthGuard } from "@/modules/auth/guards/api-auth/api-auth.guard";
+import { OptionalApiAuthGuard } from "@/modules/auth/guards/optional-api-auth/optional-api-auth.guard";
 import { PermissionsGuard } from "@/modules/auth/guards/permissions/permissions.guard";
 import { UsersService } from "@/modules/users/services/users.service";
 import { UserWithProfile } from "@/modules/users/users.repository";
@@ -96,6 +100,7 @@ export class BookingsController_2024_08_13 {
   ) {}
 
   @Post("/")
+  @UseGuards(OptionalApiAuthGuard)
   @ApiOperation({
     summary: "Create a booking",
     description: `
@@ -138,9 +143,10 @@ export class BookingsController_2024_08_13 {
   async createBooking(
     @Body(new CreateBookingInputPipe())
     body: CreateBookingInput,
-    @Req() request: Request
+    @Req() request: Request,
+    @GetOptionalUser() user: AuthOptionalUser
   ): Promise<CreateBookingOutput_2024_08_13> {
-    const booking = await this.bookingsService.createBooking(request, body);
+    const booking = await this.bookingsService.createBooking(request, body, user);
 
     if (Array.isArray(booking)) {
       await this.bookingsService.billBookings(booking);

apps/api/v2/package.json

@@ -3,6 +3,7 @@ import { AppModule } from "@/app.module";
 import { HttpExceptionFilter } from "@/filters/http-exception.filter";
 import { PrismaExceptionFilter } from "@/filters/prisma-exception.filter";
 import { Locales } from "@/lib/enums/locales";
+import { MembershipsModule } from "@/modules/memberships/memberships.module";
 import {
   CreateManagedUserData,
   CreateManagedUserOutput,
@@ -80,7 +81,7 @@ describe("Managed user bookings 2024-08-13", () => {
   beforeAll(async () => {
     const moduleRef = await Test.createTestingModule({
       providers: [PrismaExceptionFilter, HttpExceptionFilter],
-      imports: [AppModule, UsersModule],
+      imports: [AppModule, UsersModule, MembershipsModule],
     }).compile();
 
     app = moduleRef.createNestApplication();
@@ -772,6 +773,77 @@ describe("Managed user bookings 2024-08-13", () => {
     });
   });
 
+  describe("event type booking requires authentication", () => {
+    let eventTypeRequiringAuthenticationId: number;
+
+    let body: CreateBookingInput_2024_08_13;
+
+    beforeAll(async () => {
+      const eventTypeRequiringAuthentication = await eventTypesRepositoryFixture.create(
+        {
+          title: `event-type-requiring-authentication-${randomString()}`,
+          slug: `event-type-requiring-authentication-${randomString()}`,
+          length: 60,
+          requiresConfirmation: true,
+          bookingRequiresAuthentication: true,
+        },
+        secondManagedUser.user.id
+      );
+      eventTypeRequiringAuthenticationId = eventTypeRequiringAuthentication.id;
+
+      body = {
+        start: new Date(Date.UTC(2030, 0, 9, 15, 0, 0)).toISOString(),
+        eventTypeId: eventTypeRequiringAuthenticationId,
+        attendee: {
+          email: "[email protected]",
+          name: "External Attendee",
+          timeZone: "Europe/Rome",
+        },
+      };
+    });
+
+    it("can't be booked without credentials", async () => {
+      await request(app.getHttpServer())
+        .post(`/v2/bookings`)
+        .send(body)
+        .set(CAL_API_VERSION_HEADER, VERSION_2024_08_13)
+        .expect(401);
+    });
+
+    it("can't be booked with managed user credentials who is not admin and not event type owner", async () => {
+      await request(app.getHttpServer())
+        .post(`/v2/bookings`)
+        .send(body)
+        .set(CAL_API_VERSION_HEADER, VERSION_2024_08_13)
+        .set("Authorization", `Bearer ${firstManagedUser.accessToken}`)
+        .expect(403);
+    });
+
+    it("can be booked with managed user credentials who is event type owner", async () => {
+      const response = await request(app.getHttpServer())
+        .post(`/v2/bookings`)
+        .send(body)
+        .set(CAL_API_VERSION_HEADER, VERSION_2024_08_13)
+        .set("Authorization", `Bearer ${secondManagedUser.accessToken}`)
+        .expect(201);
+
+      const bookingId = response.body.data.id;
+      await bookingsRepositoryFixture.deleteById(bookingId);
+    });
+
+    it("can be booked with managed user credentials who is admin", async () => {
+      const response = await request(app.getHttpServer())
+        .post(`/v2/bookings`)
+        .send(body)
+        .set(CAL_API_VERSION_HEADER, VERSION_2024_08_13)
+        .set("Authorization", `Bearer ${orgAdminManagedUser.accessToken}`)
+        .expect(201);
+
+      const bookingId = response.body.data.id;
+      await bookingsRepositoryFixture.deleteById(bookingId);
+    });
+  });
+
   afterAll(async () => {
     await userRepositoryFixture.delete(firstManagedUser.user.id);
     await userRepositoryFixture.delete(secondManagedUser.user.id);