feat: org/team event type private links endpoints

[alishaz-polymath]

What does this PR do?

Summary

• Added org/team-scoped private links endpoints that mirror the permissions/guards of Orgs / Teams / Event Types.
• Reused existing private links service; validated team ownership for event types.
• Added e2e tests for the new endpoints.

Endpoints

• POST /v2/organizations/:orgId/teams/:teamId/event-types/:eventTypeId/private-links
• GET /v2/organizations/:orgId/teams/:teamId/event-types/:eventTypeId/private-links
• PATCH /v2/organizations/:orgId/teams/:teamId/event-types/:eventTypeId/private-links/:linkId
• DELETE /v2/organizations/:orgId/teams/:teamId/event-types/:eventTypeId/private-links/:linkId

Permissions and guards

• Decorators: @Roles("TEAM_ADMIN"), @PlatformPlan("ESSENTIALS")
• Guards: ApiAuthGuard, IsOrgGuard, RolesGuard, IsTeamInOrg, PlatformPlanGuard, IsAdminAPIEnabledGuard
• Event type/Team relationship is enforced via TeamsEventTypesService.validateEventTypeExists(teamId, eventTypeId)

Implementation notes

• Controller: apps/api/v2/src/ee/event-types-private-links/controllers/organizations-event-types-private-links.controller.ts
• Uses existing PrivateLinksService for create/list/update/delete.
• Returns standardized responses with SUCCESS_STATUS and platform-types outputs.

Module changes

• Registered the new controller in OrganizationsModule:
  • Imports EventTypesPrivateLinksModule for the service.
  • Adds OrganizationsEventTypesPrivateLinksController to controllers.
• Slimmed EventTypesPrivateLinksModule to only event-type-scoped endpoints and exported PrivateLinksService.

Tests

• New e2e: apps/api/v2/src/modules/organizations/event-types/organizations-event-types-private-links.e2e-spec.ts
  • Covers POST/GET/PATCH/DELETE happy paths.
  • Uses fixtures to create org, team, and team-owned event type.
  • Overrides plan/admin/roles guards for focus; auth remains enabled.

API surface and data model

• No DB schema changes.
• No breaking changes for existing endpoints.
• Private link objects and behaviors match the existing event-type private links controller.

Visual Demo (For contributors especially)

A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).

Video Demo (if applicable):

• Show screen recordings of the issue or feature.
• Demonstrate how to reproduce the issue, the behavior before and after the change.

Image Demo (if applicable):

• Add side-by-side screenshots of the original and updated change.
• Highlight any significant change(s).

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

• Ensure you’re authenticated and a TEAM_ADMIN in the org/team.
• Create a team event type, then:
  • POST to create a link; expect 201 and data.linkId.
  • GET to list links; expect 200 with array.
  • PATCH :linkId to update maxUsageCount; expect 200 with updated value.
  • DELETE :linkId; expect 200 with data.linkId.

Checklist

• I haven't read the contributing guide
• My code doesn't follow the style guidelines of this project
• I haven't commented my code, particularly in hard-to-understand areas
• I haven't checked if my changes generate no new warnings

[coderabbitai]

Note

Reviews paused

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Walkthrough

Adds organization/team-scoped private-links support for event types: introduces OrganizationsEventTypesPrivateLinksController with CRUD endpoints, wires EventTypesPrivateLinksModule into OrganizationsModule and exports PrivateLinksService, refactors PrivateLinksService (removes userId from get/update/delete signatures and injects input/output/repository dependencies), updates existing event-type private-links controller to match, removes OAuthClientModule from the module imports, adds an e2e test exercising org/team private-link CRUD flows, and updates OpenAPI/Swagger and public OpenAPI v2 docs to include the new endpoints and schemas. Also bumps @calcom/platform-libraries to 9.9.9.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Possibly related PRs

• feat: Add private links to API #22943 — Implements the same private-links feature across controllers, services, modules, tests, and OpenAPI; likely the main or parallel implementation.
• feat: Enhance private link expiration with usage and date limits #22304 — Earlier work on private/hashed links adding expiry/usage semantics and related services/endpoints; foundational to this change.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/api-private-links-team-org

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
cal	⬜️ Ignored			Aug 14, 2025 9:43am
cal-eu	⬜️ Ignored			Aug 14, 2025 9:43am

[supalarry]

I thought that userId was removed from private links service - user id is still passed here.

[alishaz-polymath]

It is indeed passed here, it was only removed from GET, PATCH and DELETE. The userId passed here is used to it’s used to generate the link string (generateHashedLink) in POST

https://github.com/calcom/cal.com/pull/23048/files/bc65976649509e2c57981b3c485d75efa0d648e2#diff-33447bafca072a0c28d18881f7873ae3071ff136849d2d9fd8a699bac7288fbbR28

[graphite-app]

Graphite Automations

"Add ready-for-e2e label" took an action on this PR • (08/13/25)

1 label was added to this PR based on Keith Williams's automation.

[github-actions]

E2E results are ready!

• Workflow #71916.2 latest results

[coderabbitai]

✅ Actions performed

Reviews paused.