Skip to content

Enforce PermissionsGuard on @Permissions targets #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
codemod wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Enforce PermissionsGuard on @Permissions targets #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions apps/api/v2/src/modules/atoms/controllers/atoms.schedules.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ import { FindDetailedScheduleByIdReturnType } from "@calcom/platform-libraries/s
import { ApiResponse, UpdateAtomScheduleDto } from "@calcom/platform-types";

import { SchedulesAtomsService } from "../services/schedules-atom.service";
import { PermissionsGuard } from "@/modules/auth/guards/permissions/permissions.guard";

/*
Endpoints used only by platform atoms, reusing code from other modules, data is already formatted and ready to be used by frontend atoms
Expand All @@ -53,7 +54,7 @@ export class AtomsSchedulesController {

@Get("/schedules")
@Version(VERSION_NEUTRAL)
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@Permissions([SCHEDULE_READ])
async getSchedule(
@GetUser() user: UserWithProfile,
Expand All @@ -75,7 +76,7 @@ export class AtomsSchedulesController {

@Get("/schedules/event-type/:eventSlug")
@Version(VERSION_NEUTRAL)
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@Permissions([SCHEDULE_READ])
async getScheduleByEventSlug(
@GetUser() user: UserWithProfile,
Expand All @@ -90,7 +91,7 @@ export class AtomsSchedulesController {

@Get("/schedules/all")
@Version(VERSION_NEUTRAL)
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@Permissions([SCHEDULE_READ])
async getAllUserSchedules(
@GetUser() user: UserWithProfile
Expand All @@ -105,7 +106,7 @@ export class AtomsSchedulesController {

@Patch("schedules/:scheduleId")
@Permissions([SCHEDULE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiOperation({ summary: "Update atom schedule" })
async updateSchedule(
@GetUser() user: UserWithProfile,
Expand All @@ -126,7 +127,7 @@ export class AtomsSchedulesController {

@Post("schedules/create")
@Permissions([SCHEDULE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiOperation({ summary: "Create atom schedule" })
async createSchedule(
@GetUser() user: UserWithProfile,
Expand All @@ -142,7 +143,7 @@ export class AtomsSchedulesController {

@Post("schedules/:scheduleId/duplicate")
@Permissions([SCHEDULE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiOperation({ summary: "Duplicate existing schedule" })
async duplicateExistingSchedule(
@GetUser() user: UserWithProfile,
Expand Down
4 changes: 2 additions & 2 deletions apps/api/v2/src/platform/bookings/2024-04-15/controllers/bookings.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ export class BookingsController_2024_04_15 {
) {}

@Get("/")
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@Permissions([BOOKING_READ])
@ApiQuery({ name: "filters[status]", enum: Status_2024_04_15, required: true })
@ApiQuery({ name: "limit", type: "number", required: false })
Expand Down Expand Up @@ -289,7 +289,7 @@ export class BookingsController_2024_04_15 {

@Post("/:bookingUid/mark-no-show")
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
async markNoShow(
@GetUser() user: UserWithProfile,
@Body() body: MarkNoShowInput_2024_04_15,
Expand Down
8 changes: 4 additions & 4 deletions apps/api/v2/src/platform/bookings/2024-08-13/controllers/booking-attendees.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ export class BookingAttendeesController_2024_08_13 {

@Get("/")
@Permissions([BOOKING_READ])
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Get all attendees for a booking",
Expand All @@ -71,7 +71,7 @@ export class BookingAttendeesController_2024_08_13 {

@Get("/:attendeeId")
@Permissions([BOOKING_READ])
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Get a specific attendee for a booking",
Expand All @@ -95,7 +95,7 @@ export class BookingAttendeesController_2024_08_13 {
@Post("/")
@HttpCode(HttpStatus.CREATED)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard, PermissionsGuard)
@Throttle({
limit: 5,
ttl: 60000,
Expand Down Expand Up @@ -134,7 +134,7 @@ export class BookingAttendeesController_2024_08_13 {
@Delete("/:attendeeId")
@HttpCode(HttpStatus.OK)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@Throttle({
limit: 5,
ttl: 60000,
Expand Down
2 changes: 1 addition & 1 deletion apps/api/v2/src/platform/bookings/2024-08-13/controllers/booking-guests.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ export class BookingGuestsController_2024_08_13 {
@Post("/")
@HttpCode(HttpStatus.OK)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@Throttle({
limit: 5,
ttl: 60000,
Expand Down
2 changes: 1 addition & 1 deletion apps/api/v2/src/platform/bookings/2024-08-13/controllers/booking-location.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ export class BookingLocationController_2024_08_13 {
@HttpCode(HttpStatus.OK)
@Throttle({ name: "booking_location_update", limit: 5, ttl: 60000, blockDuration: 60000 })
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Update booking location for an existing booking",
Expand Down
22 changes: 11 additions & 11 deletions apps/api/v2/src/platform/bookings/2024-08-13/controllers/bookings.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ export class BookingsController_2024_08_13 {
@Get("/:bookingUid/recordings")
@Pbac(["booking.readRecordings"])
@Permissions([BOOKING_READ])
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Get all the recordings for the booking",
Expand All @@ -244,7 +244,7 @@ export class BookingsController_2024_08_13 {
@Get("/:bookingUid/transcripts")
@Pbac(["booking.readRecordings"])
@Permissions([BOOKING_READ])
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Get Cal Video real time transcript download links for the booking",
Expand All @@ -267,7 +267,7 @@ export class BookingsController_2024_08_13 {
}

@Get("/")
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@Permissions([BOOKING_READ])
@ApiOperation({
Expand Down Expand Up @@ -390,7 +390,7 @@ export class BookingsController_2024_08_13 {
@Post("/:bookingUid/mark-absent")
@HttpCode(HttpStatus.OK)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Mark a booking absence",
Expand All @@ -415,7 +415,7 @@ export class BookingsController_2024_08_13 {
@Post("/:bookingUid/reassign")
@HttpCode(HttpStatus.OK)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Reassign a booking to auto-selected host",
Expand All @@ -439,7 +439,7 @@ export class BookingsController_2024_08_13 {
@Post("/:bookingUid/reassign/:userId")
@HttpCode(HttpStatus.OK)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Reassign a booking to a specific host",
Expand Down Expand Up @@ -470,7 +470,7 @@ export class BookingsController_2024_08_13 {
@Post("/:bookingUid/confirm")
@HttpCode(HttpStatus.OK)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Confirm a booking",
Expand All @@ -494,7 +494,7 @@ export class BookingsController_2024_08_13 {
@Post("/:bookingUid/decline")
@HttpCode(HttpStatus.OK)
@Permissions([BOOKING_WRITE])
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Decline a booking",
Expand All @@ -517,7 +517,7 @@ export class BookingsController_2024_08_13 {
}

@Get("/:bookingUid/calendar-links")
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@Permissions([BOOKING_READ])
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
Expand All @@ -538,7 +538,7 @@ export class BookingsController_2024_08_13 {
}

@Get("/:bookingUid/references")
@UseGuards(ApiAuthGuard, BookingUidGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, PermissionsGuard)
@Permissions([BOOKING_READ])
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
Expand Down Expand Up @@ -567,7 +567,7 @@ export class BookingsController_2024_08_13 {
@HttpCode(HttpStatus.OK)
@Pbac(["booking.readRecordings"])
@Permissions([BOOKING_READ])
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard)
@UseGuards(ApiAuthGuard, BookingUidGuard, BookingPbacGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Get Video Meeting Sessions. Only supported for Cal Video",
Expand Down
8 changes: 4 additions & 4 deletions ...rc/platform/event-types-private-links/controllers/event-types-private-links.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ export class EventTypesPrivateLinksController {

@Post("/")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard)
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({ summary: "Create a private link for an event type" })
async createPrivateLink(
Expand All @@ -47,7 +47,7 @@ export class EventTypesPrivateLinksController {

@Get("/")
@Permissions([EVENT_TYPE_READ])
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard)
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({ summary: "Get all private links for an event type" })
async getPrivateLinks(
Expand All @@ -63,7 +63,7 @@ export class EventTypesPrivateLinksController {

@Patch("/:linkId")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard)
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({ summary: "Update a private link for an event type" })
async updatePrivateLink(
Expand All @@ -82,7 +82,7 @@ export class EventTypesPrivateLinksController {

@Delete("/:linkId")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard)
@UseGuards(ApiAuthGuard, EventTypeOwnershipGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({ summary: "Delete a private link for an event type" })
async deletePrivateLink(
Expand Down
10 changes: 5 additions & 5 deletions .../v2/src/platform/event-types/event-types_2024_04_15/controllers/event-types.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ export class EventTypesController_2024_04_15 {

@Post("/")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
async createEventType(
@Body() body: CreateEventTypeInput_2024_04_15,
@GetUser() user: UserWithProfile
Expand All @@ -81,7 +81,7 @@ export class EventTypesController_2024_04_15 {

@Get("/:eventTypeId")
@Permissions([EVENT_TYPE_READ])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
async getEventType(
@Param("eventTypeId", ParseIntPipe) eventTypeId: number,
@GetUser() user: UserWithProfile
Expand All @@ -100,7 +100,7 @@ export class EventTypesController_2024_04_15 {

@Get("/")
@Permissions([EVENT_TYPE_READ])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
async getEventTypes(@GetUser() user: UserWithProfile): Promise<GetEventTypesOutput> {
const eventTypes = await getEventTypesByViewer({
id: user.id,
Expand Down Expand Up @@ -169,7 +169,7 @@ export class EventTypesController_2024_04_15 {

@Patch("/:eventTypeId")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@HttpCode(HttpStatus.OK)
async updateEventType(
@Param() params: EventTypeIdParams_2024_04_15,
Expand All @@ -187,7 +187,7 @@ export class EventTypesController_2024_04_15 {

@Delete("/:eventTypeId")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
async deleteEventType(
@Param() params: EventTypeIdParams_2024_04_15,
@Param("eventTypeId", ParseIntPipe) eventTypeId: number,
Expand Down
8 changes: 4 additions & 4 deletions .../v2/src/platform/event-types/event-types_2024_06_14/controllers/event-types.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ export class EventTypesController_2024_06_14 {

@Post("/")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Create an event type",
Expand All @@ -107,7 +107,7 @@ export class EventTypesController_2024_06_14 {

@Get("/:eventTypeId")
@Permissions([EVENT_TYPE_READ])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Get an event type",
Expand Down Expand Up @@ -180,7 +180,7 @@ export class EventTypesController_2024_06_14 {

@Patch("/:eventTypeId")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@HttpCode(HttpStatus.OK)
@ApiOperation({
Expand Down Expand Up @@ -208,7 +208,7 @@ export class EventTypesController_2024_06_14 {

@Delete("/:eventTypeId")
@Permissions([EVENT_TYPE_WRITE])
@UseGuards(ApiAuthGuard)
@UseGuards(ApiAuthGuard, PermissionsGuard)
@ApiHeader(API_KEY_OR_ACCESS_TOKEN_HEADER)
@ApiOperation({
summary: "Delete an event type",
Expand Down