Skip to content

fix: Booker reschedule behaviour for org admin #26530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Ryukemeister wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

fix: Booker reschedule behaviour for org admin #26530

Ryukemeister wants to merge 3 commits into from
+160 −41

Conversation

@Ryukemeister
Copy link
Contributor

@Ryukemeister Ryukemeister commented Jan 7, 2026
edited by cubic-dev-ai bot
Loading

Summary by cubic

Fixes rescheduling so org admins can reschedule seated bookings and bookings they manage without ownership errors. Ensures the Booker loads the correct event type by using the booking host’s username during reschedule.

  • Bug Fixes
    • Added org admin ownership check in getBookingForReschedule for seated events.
    • Exposed user.username in booking queries and preferred the host’s username in the Booker when rescheduling.
    • Preserved booking seat data (description and responses) during reschedule.

Written for commit d85c9a8. Summary will update on new commits.

@Ryukemeister Ryukemeister requested review from a team as code owners January 7, 2026 08:58
@graphite-app graphite-app bot added consumer core area: core, team members only labels Jan 7, 2026
@vercel
Copy link

vercel bot commented Jan 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

4 Skipped Deployments
Project Deployment Review Updated (UTC)
api-v2 Ignored Ignored Preview Jan 9, 2026 2:06am
cal Ignored Ignored Jan 9, 2026 2:06am
cal-companion Ignored Ignored Preview Jan 9, 2026 2:06am
cal-eu Ignored Ignored Jan 9, 2026 2:06am

@Ryukemeister
Copy link
Contributor Author

Ryukemeister commented Jan 7, 2026

most of these are just linting changes

Ryukemeister
Ryukemeister commented Jan 7, 2026
View reviewed changes
packages/features/bookings/lib/get-booking.ts
const isUserIdInBooking = theBooking.userId === userId;

if (!isOwnerOfBooking && !isHostOfEventType && !isUserIdInBooking) return null;
const isOrgAdmin =
Copy link
Contributor Author

@Ryukemeister Ryukemeister Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this ensures if an org admin tries to reschedule booking belonging to members of his org we dont throw an error

Copy link
Member

@sean-brydon sean-brydon Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use PBAC here for booking.read or whatever permission you see fit with fallback roles of adminOrOwner.

This ADMIN field this checks in orgs isnt 100% true when PBAC is enabled

Ryukemeister
Ryukemeister commented Jan 7, 2026
View reviewed changes
packages/features/bookings/lib/get-booking.ts
user: {
select: {
id: true,
username: true,
Copy link
Contributor Author

@Ryukemeister Ryukemeister Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for rescheduling its better to use the host username that we get from get-booking

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Ryukemeister
Ryukemeister commented Jan 7, 2026
View reviewed changes
packages/platform/atoms/booker/BookerPlatformWrapper.tsx
const queryClient = useQueryClient();

const username = useMemo(() => {
// when rescheduling, prefer the booking host's username from bookingData
Copy link
Contributor Author

@Ryukemeister Ryukemeister Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is the only change thats been made in BookerPlatformWrapper

sean-brydon
sean-brydon requested changes Jan 7, 2026
View reviewed changes
packages/features/bookings/lib/get-booking.ts
const isUserIdInBooking = theBooking.userId === userId;

if (!isOwnerOfBooking && !isHostOfEventType && !isUserIdInBooking) return null;
const isOrgAdmin =
Copy link
Member

@sean-brydon sean-brydon Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use PBAC here for booking.read or whatever permission you see fit with fallback roles of adminOrOwner.

This ADMIN field this checks in orgs isnt 100% true when PBAC is enabled

@github-actions github-actions bot marked this pull request as draft January 7, 2026 09:07
@Ryukemeister
Copy link
Contributor Author

Ryukemeister commented Jan 7, 2026
edited
Loading

@sean-brydon this is for a platform customer and platform orgs dont use PBAC. I don't think we let anyone do this on app.cal.com

@sean-brydon
Copy link
Member

sean-brydon commented Jan 7, 2026

@sean-brydon this is for a platform customer and platform orgs dont use PBAC. I don't think we let anyone do this on app.cal.com

They can though right? This is still core logic that should take it into account I think? I don’t belive this is a platform specific file

@Ryukemeister
Copy link
Contributor Author

Ryukemeister commented Jan 7, 2026

@sean-brydon this is for a platform customer and platform orgs dont use PBAC. I don't think we let anyone do this on app.cal.com

They can though right? This is still core logic that should take it into account I think? I don’t belive this is a platform specific file

no they cant use PBAC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@sean-brydon sean-brydon sean-brydon requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

consumer core area: core, team members only size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Ryukemeister @sean-brydon