New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Invalid 403 forbidden for event-types GET #14528
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 4 Ignored Deployments
|
Thank you for following the naming conventions! 🙏 Feel free to join our discord and post your PR link. |
This one is urgent to fix so automated tests might need to come in a follow-up PR but I will start work on them now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice
@@ -26,7 +26,7 @@ export default async function checkTeamEventEditPermission( | |||
|
|||
if (!membership?.role || !["ADMIN", "OWNER"].includes(membership.role)) { | |||
throw new HttpError({ | |||
statusCode: 401, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
401 was the wrong HTTP status code to use here because the user is authenticated at this point given the API key passed in but they are forbidden from performing this action.
📦 Next.js Bundle Analysis for @calcom/webThis analysis was generated by the Next.js Bundle Analysis action. 🤖 Sixty-two Pages Changed SizeThe following pages changed size from the code in this PR compared to its base branch:
DetailsOnly the gzipped size is provided here based on an expert tip. First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If Any third party scripts you have added directly to your app using the The "Budget %" column shows what percentage of your performance budget the First Load total takes up. For example, if your budget was 100kb, and a given page's first load size was 10kb, it would be 10% of your budget. You can also see how much this has increased or decreased compared to the base branch of your PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this. If you see "+/- <0.01%" it means that there was a change in bundle size, but it is a trivial enough amount that it can be ignored. |
Current Playwright Test Results Summary✅ 310 Passing - Run may still be in progress, this comment will be updated as current testing workflow or job completes... (Last updated on 04/11/2024 07:14:24pm UTC) Run DetailsRunning Workflow PR Update on Github Actions Commit: c98a56d Started: 04/11/2024 07:10:15pm UTC
|
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Teams - NonOrg -- future Team Onboarding Invite Members
Retry 2 • Retry 1 • Initial Attempt |
10.66% (39)39 / 366 runsfailed over last 7 days |
31.69% (116)116 / 366 runsflaked over last 7 days |
📄 apps/web/playwright/booking-seats.e2e.ts • 1 Flake
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Reschedule for booking with seats Owner shouldn't be able to reschedule booking without login in
Retry 1 • Initial Attempt |
0.56% (2)2 / 359 runsfailed over last 7 days |
0.56% (2)2 / 359 runsflaked over last 7 days |
📄 apps/web/playwright/event-types.e2e.ts • 1 Flake
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Event Types tests -- future user Different Locations Tests Can add Link Meeting as location and book with it
Retry 1 • Initial Attempt |
0% (0)0 / 352 runsfailed over last 7 days |
3.69% (13)13 / 352 runsflaked over last 7 days |
📄 apps/web/playwright/team/team-invitation.e2e.ts • 1 Flake
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Team Invitation (non verified)
Retry 1 • Initial Attempt |
0.82% (3)3 / 367 runsfailed over last 7 days |
13.35% (49)49 / 367 runsflaked over last 7 days |
📄 packages/app-store/routing-forms/playwright/tests/basic.e2e.ts • 1 Flake
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Routing Forms Seeded Routing Form Test preview should return correct route
Retry 1 • Initial Attempt |
0% (0)0 / 354 runsfailed over last 7 days |
33.90% (120)120 / 354 runsflaked over last 7 days |
📄 packages/embeds/embed-core/playwright/tests/action-based.e2e.ts • 8 Flakes
Top 1 Common Error Messages
|
8 Test Cases Affected |
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Popup Tests should open embed iframe on click - Configured with light theme
Retry 1 • Initial Attempt |
0% (0)0 / 354 runsfailed over last 7 days |
63.56% (225)225 / 354 runsflaked over last 7 days |
Popup Tests should be able to reschedule
Retry 1 • Initial Attempt |
-173.64% (-224)-224 / 129 runsfailed over last 7 days |
173.64% (224)224 / 129 runsflaked over last 7 days |
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe according to system theme when no theme is configured through Embed API
Retry 1 • Initial Attempt |
-172.09% (-222)-222 / 129 runsfailed over last 7 days |
173.64% (224)224 / 129 runsflaked over last 7 days |
Popup Tests should open Routing Forms embed on click
Retry 1 • Initial Attempt |
-173.64% (-224)-224 / 129 runsfailed over last 7 days |
173.64% (224)224 / 129 runsflaked over last 7 days |
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe according to system theme when configured with 'auto' theme using Embed API
Retry 1 • Initial Attempt |
-176.38% (-224)-224 / 127 runsfailed over last 7 days |
176.38% (224)224 / 127 runsflaked over last 7 days |
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe(Booker Profile Page) with dark theme when configured with dark theme using Embed API
Retry 1 • Initial Attempt |
-176.38% (-224)-224 / 127 runsfailed over last 7 days |
176.38% (224)224 / 127 runsflaked over last 7 days |
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe(Event Booking Page) with dark theme when configured with dark theme using Embed API
Retry 1 • Initial Attempt |
-176.38% (-224)-224 / 127 runsfailed over last 7 days |
176.38% (224)224 / 127 runsflaked over last 7 days |
Popup Tests prendered embed should be loaded and apply the config given to it
Retry 1 • Initial Attempt |
-176.38% (-224)-224 / 127 runsfailed over last 7 days |
176.38% (224)224 / 127 runsflaked over last 7 days |
📄 packages/embeds/embed-core/playwright/tests/preview.e2e.ts • 1 Flake
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Preview Preview - embed-core should load
Retry 1 • Initial Attempt |
0% (0)0 / 355 runsfailed over last 7 days |
38.59% (137)137 / 355 runsflaked over last 7 days |
📄 packages/embeds/embed-core/playwright/tests/inline.e2e.ts • 1 Flake
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
Inline Iframe Inline Iframe - Configured with Dark Theme
Retry 1 • Initial Attempt |
0.56% (2)2 / 355 runsfailed over last 7 days |
54.08% (192)192 / 355 runsflaked over last 7 days |
📄 apps/web/playwright/organization/across-org/across-org.e2e.ts • 1 Flake
Test Case Results
Test Case | Last 7 days Failures | Last 7 days Flakes |
---|---|---|
user1NotMemberOfOrg1 is part of team1MemberOfOrg1 EventTypes listing should show correct link for user events and team1MemberOfOrg1's events
Retry 1 • Initial Attempt |
1.87% (7)7 / 374 runsfailed over last 7 days |
5.61% (21)21 / 374 runsflaked over last 7 days |
Running into blockers writing unit tests for this endpoint because our test suite currently doesn't support resolving the ~/lib/{...} imports we use all over the API. Will be investigating this and putting tests in a follow up PR. |
WIP for unit tests here: #14536 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough. LGTM
Co-authored-by: zomars <zomars@me.com>
What does this PR do?
403 Forbidden was being thrown for GET requests even when a user in a team with the event type was making the request. The reason is because we had an auth middleware running before the GET endpoints. The auth middleware was too strict.
I removed the auth middleware since the GET, DELETE and PATCH endpoints all handle their own permissions checks. The extra middleware was 1) creating a bug and 2) making an extra call to the database for every single request made to these endpoints.
Type of change
How should this be tested?