Add guest management functionality to existing bookings#2
Add guest management functionality to existing bookings#2akshayutture-augment wants to merge 1 commit into
Conversation
* feat: ability to add guests via app.cal.com/bookings * fix: some update * fix: minor issue * fix: final update * update * update * add requested changes * fix type error * small update * final update * fix type error * fix location * update calender event --------- Co-authored-by: Somay Chauhan <somaychauhan98@gmail.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
|
|
||
| const isTeamAdminOrOwner = | ||
| (await isTeamAdmin(user.id, booking.eventType?.teamId ?? 0)) && | ||
| (await isTeamOwner(user.id, booking.eventType?.teamId ?? 0)); |
There was a problem hiding this comment.
Bug: Permission Logic Error Blocks Valid Users.
The permission check uses && (AND) instead of || (OR) when checking if a user is a team admin or owner. This requires the user to be both an admin AND an owner simultaneously, which is impossible. The check should use || to allow users who are either admins or owners to add guests.
| (guest) => | ||
| !booking.attendees.some((attendee) => guest === attendee.email) && | ||
| !blacklistedGuestEmails.includes(guest) | ||
| ); |
There was a problem hiding this comment.
Bug: Case Sensitivity Allows Blacklist Bypass
The blacklist check compares lowercase blacklisted emails against the original case guest email. The blacklistedGuestEmails array is lowercased but guest is not, causing case-sensitive comparison. This allows blacklisted emails to bypass the filter if they use different casing (e.g., Test@example.com vs test@example.com).
| await eventManager.updateCalendarAttendees(evt, booking); | ||
|
|
||
| try { | ||
| await sendAddGuestsEmails(evt, guests); |
There was a problem hiding this comment.
Bug: Email Logic Confuses Guest Types
The function passes the original guests array to sendAddGuestsEmails instead of uniqueGuests. This causes existing attendees who were included in the input to incorrectly receive a "scheduled" email rather than an "add guests" notification, since the email logic checks if an attendee is in the newGuests array to determine which email template to use.
2 participants
Test 10
Replicated from ai-code-review-evaluation/cal.com-cursor#10
Note
Cursor Bugbot is generating a summary for commit baa9045. Configure here.