fix: Invalid 403 forbidden for event-types GET

[keithwillcode]

What does this PR do?

403 Forbidden was being thrown for GET requests even when a user in a team with the event type was making the request. The reason is because we had an auth middleware running before the GET endpoints. The auth middleware was too strict.

I removed the auth middleware since the GET, DELETE and PATCH endpoints all handle their own permissions checks. The extra middleware was 1) creating a bug and 2) making an extra call to the database for every single request made to these endpoints.

Type of change

• Bug fix (non-breaking change which fixes an issue)

How should this be tested?

• Ensure you can call the GET endpoint for an event-type using an API key of a user within the team that has the event type.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

4 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
ai	⬜️ Ignored (Inspect)	Visit Preview		Apr 11, 2024 7:00pm
cal	⬜️ Ignored (Inspect)	Visit Preview		Apr 11, 2024 7:00pm
calcom-web-canary	⬜️ Ignored (Inspect)	Visit Preview		Apr 11, 2024 7:00pm
qa	⬜️ Ignored (Inspect)	Visit Preview		Apr 11, 2024 7:00pm

[github-actions]

Thank you for following the naming conventions! 🙏 Feel free to join our discord and post your PR link.

[keithwillcode]

This one is urgent to fix so automated tests might need to come in a follow-up PR but I will start work on them now.

[emrysal]

Nice

[keithwillcode]

401 was the wrong HTTP status code to use here because the user is authenticated at this point given the API key passed in but they are forbidden from performing this action.

[github-actions]

📦 Next.js Bundle Analysis for @calcom/web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

Sixty-two Pages Changed Size

The following pages changed size from the code in this PR compared to its base branch:

Page	Size (compressed)	First Load	% of Budget (350 KB)
/apps	277 KB	505.64 KB	144.47% (🟢 -0.20%)
/apps/[slug]/[...pages]	584.33 KB	812.98 KB	232.28% (🟢 -0.21%)
/apps/categories	253.8 KB	482.45 KB	137.84% (🟢 -0.23%)
/availability	461.67 KB	690.32 KB	197.23% (🟢 -0.23%)
/availability/[schedule]	407.8 KB	636.45 KB	181.84% (🟢 -0.23%)
/bookings/[status]	321.54 KB	550.19 KB	157.20% (🟢 -0.24%)
/enterprise	253.85 KB	482.5 KB	137.86% (🟢 -0.24%)
/event-types	553.59 KB	782.24 KB	223.50% (🟢 -0.18%)
/event-types/[type]	432.58 KB	661.23 KB	188.92% (🟢 -0.21%)
/getting-started/[[...step]]	405.45 KB	634.09 KB	181.17% (🟡 +0.31%)
/insights	472.26 KB	700.91 KB	200.26% (🟢 -0.24%)
/more	253.36 KB	482.01 KB	137.72% (🟢 -0.24%)
/settings/admin	259.67 KB	488.32 KB	139.52% (🟢 -0.23%)
/settings/admin/apps	272.74 KB	501.39 KB	143.25% (🟢 -0.23%)
/settings/admin/apps/[category]	272.72 KB	501.37 KB	143.25% (🟢 -0.24%)
/settings/admin/flags	263.47 KB	492.12 KB	140.61% (🟢 -0.24%)
/settings/admin/impersonation	259.97 KB	488.62 KB	139.61% (🟢 -0.24%)
/settings/admin/oAuth	271.68 KB	500.33 KB	142.95% (🟢 -0.23%)
/settings/admin/orgMigrations/_OrgMigrationLayout	248.26 KB	476.91 KB	136.26% (🟢 -0.24%)
/settings/admin/orgMigrations/moveTeamToOrg	297.74 KB	526.39 KB	150.40% (🟢 -0.24%)
/settings/admin/orgMigrations/moveUserToOrg	316.91 KB	545.56 KB	155.87% (🟢 -0.23%)
/settings/admin/orgMigrations/removeTeamFromOrg	297.5 KB	526.15 KB	150.33% (🟢 -0.24%)
/settings/admin/orgMigrations/removeUserFromOrg	297.52 KB	526.16 KB	150.33% (🟢 -0.23%)
/settings/admin/organizations	261.55 KB	490.2 KB	140.06% (🟢 -0.24%)
/settings/admin/organizations/[id]/edit	260.22 KB	488.87 KB	139.68% (🟢 -0.24%)
/settings/admin/users	262.31 KB	490.96 KB	140.28% (🟢 -0.24%)
/settings/admin/users/[id]/edit	390.57 KB	619.22 KB	176.92% (🟢 -0.24%)
/settings/admin/users/add	390.24 KB	618.88 KB	176.82% (🟢 -0.23%)
/settings/billing	259.88 KB	488.52 KB	139.58% (🟢 -0.24%)
/settings/developer/api-keys	264.25 KB	492.89 KB	140.83% (🟢 -0.24%)
/settings/developer/webhooks	264.37 KB	493.02 KB	140.86% (🟢 -0.23%)
/settings/my-account/appearance	312.24 KB	540.89 KB	154.54% (🟢 -0.23%)
/settings/my-account/general	347.79 KB	576.44 KB	164.70% (🟢 -0.24%)
/settings/my-account/out-of-office	264.86 KB	493.5 KB	141.00% (🟢 -0.23%)
/settings/my-account/profile	403.04 KB	631.69 KB	180.48% (🟢 -0.23%)
/settings/organizations/appearance	283.39 KB	512.04 KB	146.30% (🟢 -0.24%)
/settings/organizations/billing	259.91 KB	488.56 KB	139.59% (🟢 -0.24%)
/settings/organizations/dsync	330.03 KB	558.68 KB	159.62% (🟢 -0.23%)
/settings/organizations/general	347.77 KB	576.42 KB	164.69% (🟢 -0.23%)
/settings/organizations/members	428.53 KB	657.18 KB	187.76% (🟢 -0.23%)
/settings/organizations/platform/oauth-clients	261.71 KB	490.36 KB	140.10% (🟢 -0.23%)
/settings/organizations/platform/oauth-clients/create	261.27 KB	489.92 KB	139.98% (🟢 -0.24%)
/settings/organizations/privacy	265.26 KB	493.91 KB	141.12% (🟢 -0.24%)
/settings/organizations/profile	394.55 KB	623.2 KB	178.06% (🟢 -0.24%)
/settings/organizations/sso	270.52 KB	499.17 KB	142.62% (🟢 -0.23%)
/settings/organizations/teams/other	260.74 KB	489.39 KB	139.82% (🟢 -0.23%)
/settings/organizations/teams/other/[id]/appearance	272.4 KB	501.05 KB	143.16% (🟢 -0.24%)
/settings/organizations/teams/other/[id]/members	267.21 KB	495.86 KB	141.67% (🟢 -0.23%)
/settings/organizations/teams/other/[id]/profile	466.16 KB	694.81 KB	198.52% (🟢 -0.24%)
/settings/security/impersonation	265.06 KB	493.7 KB	141.06% (🟢 -0.24%)
/settings/security/password	302.62 KB	531.26 KB	151.79% (🟢 -0.24%)
/settings/security/sso	269.92 KB	498.57 KB	142.45% (🟢 -0.24%)
/settings/security/two-factor-auth	268.52 KB	497.17 KB	142.05% (🟢 -0.24%)
/settings/teams	259.41 KB	488.06 KB	139.45% (🟢 -0.24%)
/settings/teams/[id]/appearance	272.39 KB	501.04 KB	143.15% (🟢 -0.23%)
/settings/teams/[id]/billing	259.91 KB	488.56 KB	139.59% (🟢 -0.24%)
/settings/teams/[id]/members	379.16 KB	607.81 KB	173.66% (🟢 -0.24%)
/settings/teams/[id]/profile	467.01 KB	695.65 KB	198.76% (🟢 -0.24%)
/teams	253.58 KB	482.23 KB	137.78% (🟢 -0.23%)
/upgrade	253.71 KB	482.35 KB	137.82% (🟢 -0.24%)
/workflows	284.9 KB	513.55 KB	146.73% (🟢 -0.22%)
/workflows/[workflow]	407.08 KB	635.73 KB	181.64% (🟢 -0.22%)

Details

Only the gzipped size is provided here based on an expert tip.

First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

The "Budget %" column shows what percentage of your performance budget the First Load total takes up. For example, if your budget was 100kb, and a given page's first load size was 10kb, it would be 10% of your budget. You can also see how much this has increased or decreased compared to the base branch of your PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this. If you see "+/- <0.01%" it means that there was a change in bundle size, but it is a trivial enough amount that it can be ignored.

[deploysentinel]

Current Playwright Test Results Summary

✅ 310 Passing - ⚠️ 16 Flaky

Run may still be in progress, this comment will be updated as current testing workflow or job completes...

(Last updated on 04/11/2024 07:14:24pm UTC)

Run Details

Running Workflow PR Update on Github Actions

Commit: c98a56d

Started: 04/11/2024 07:10:15pm UTC

⚠️ Flakes

📄   apps/web/playwright/teams.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Teams - NonOrg -- future Team Onboarding Invite Members Retry 2 • Retry 1 • Initial Attempt	10.66% (39) 39 / 366 runs failed over last 7 days	31.69% (116) 116 / 366 runs flaked over last 7 days

---

📄   apps/web/playwright/booking-seats.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Reschedule for booking with seats Owner shouldn't be able to reschedule booking without login in Retry 1 • Initial Attempt	0.56% (2) 2 / 359 runs failed over last 7 days	0.56% (2) 2 / 359 runs flaked over last 7 days

---

📄   apps/web/playwright/event-types.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Event Types tests -- future user Different Locations Tests Can add Link Meeting as location and book with it Retry 1 • Initial Attempt	0% (0) 0 / 352 runs failed over last 7 days	3.69% (13) 13 / 352 runs flaked over last 7 days

---

📄   apps/web/playwright/team/team-invitation.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Team Invitation (non verified) Retry 1 • Initial Attempt	0.82% (3) 3 / 367 runs failed over last 7 days	13.35% (49) 49 / 367 runs flaked over last 7 days

---

📄   packages/app-store/routing-forms/playwright/tests/basic.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Routing Forms Seeded Routing Form Test preview should return correct route Retry 1 • Initial Attempt	0% (0) 0 / 354 runs failed over last 7 days	33.90% (120) 120 / 354 runs flaked over last 7 days

---

📄   packages/embeds/embed-core/playwright/tests/action-based.e2e.ts • 8 Flakes

Top 1 Common Error Messages

null	8 Test Cases Affected

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Popup Tests should open embed iframe on click - Configured with light theme Retry 1 • Initial Attempt	0% (0) 0 / 354 runs failed over last 7 days	63.56% (225) 225 / 354 runs flaked over last 7 days
Popup Tests should be able to reschedule Retry 1 • Initial Attempt	-173.64% (-224) -224 / 129 runs failed over last 7 days	173.64% (224) 224 / 129 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe according to system theme when no theme is configured through Embed API Retry 1 • Initial Attempt	-172.09% (-222) -222 / 129 runs failed over last 7 days	173.64% (224) 224 / 129 runs flaked over last 7 days
Popup Tests should open Routing Forms embed on click Retry 1 • Initial Attempt	-173.64% (-224) -224 / 129 runs failed over last 7 days	173.64% (224) 224 / 129 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe according to system theme when configured with 'auto' theme using Embed API Retry 1 • Initial Attempt	-176.38% (-224) -224 / 127 runs failed over last 7 days	176.38% (224) 224 / 127 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe(Booker Profile Page) with dark theme when configured with dark theme using Embed API Retry 1 • Initial Attempt	-176.38% (-224) -224 / 127 runs failed over last 7 days	176.38% (224) 224 / 127 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe(Event Booking Page) with dark theme when configured with dark theme using Embed API Retry 1 • Initial Attempt	-176.38% (-224) -224 / 127 runs failed over last 7 days	176.38% (224) 224 / 127 runs flaked over last 7 days
Popup Tests prendered embed should be loaded and apply the config given to it Retry 1 • Initial Attempt	-176.38% (-224) -224 / 127 runs failed over last 7 days	176.38% (224) 224 / 127 runs flaked over last 7 days

---

📄   packages/embeds/embed-core/playwright/tests/preview.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Preview Preview - embed-core should load Retry 1 • Initial Attempt	0% (0) 0 / 355 runs failed over last 7 days	38.59% (137) 137 / 355 runs flaked over last 7 days

---

📄   packages/embeds/embed-core/playwright/tests/inline.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Inline Iframe Inline Iframe - Configured with Dark Theme Retry 1 • Initial Attempt	0.56% (2) 2 / 355 runs failed over last 7 days	54.08% (192) 192 / 355 runs flaked over last 7 days

---

📄   apps/web/playwright/organization/across-org/across-org.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
user1NotMemberOfOrg1 is part of team1MemberOfOrg1 EventTypes listing should show correct link for user events and team1MemberOfOrg1's events Retry 1 • Initial Attempt	1.87% (7) 7 / 374 runs failed over last 7 days	5.61% (21) 21 / 374 runs flaked over last 7 days

---

View Detailed Build Results

---

[keithwillcode]

Running into blockers writing unit tests for this endpoint because our test suite currently doesn't support resolving the ~/lib/{...} imports we use all over the API. Will be investigating this and putting tests in a follow up PR.

[keithwillcode]

WIP for unit tests here: #14536

[zomars]

Fair enough. LGTM