Skip to content

fix: Booker reschedule behaviour for org admin#26530

Merged
Ryukemeister merged 9 commits intomainfrom
fix-reschedule-behaviour-for-seated-bookings
Jan 13, 2026
Merged

fix: Booker reschedule behaviour for org admin#26530
Ryukemeister merged 9 commits intomainfrom
fix-reschedule-behaviour-for-seated-bookings

Conversation

@Ryukemeister
Copy link
Contributor

@Ryukemeister Ryukemeister commented Jan 7, 2026
edited by cubic-dev-ai bot
Loading

Summary by cubic

Fixes rescheduling so org admins can reschedule seated bookings and bookings they manage without ownership errors. Ensures the Booker loads the correct event type by using the booking host’s username during reschedule.

  • Bug Fixes
    • Used org-level permission check (PBAC) in getBookingForReschedule for seated events.
    • Exposed user.username in booking queries and preferred the host’s username in the Booker when rescheduling.
    • Preserved booking seat data (description and responses) during reschedule.

Written for commit 19394e7. Summary will update on new commits.

@Ryukemeister Ryukemeister requested review from a team as code owners January 7, 2026 08:58
@graphite-app graphite-app bot added consumer core area: core, team members only labels Jan 7, 2026
@vercel
Copy link

vercel bot commented Jan 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

4 Skipped Deployments
Project Deployment Review Updated (UTC)
api-v2 Ignored Ignored Preview Jan 9, 2026 2:06am
cal Ignored Ignored Jan 9, 2026 2:06am
cal-companion Ignored Ignored Preview Jan 9, 2026 2:06am
cal-eu Ignored Ignored Jan 9, 2026 2:06am

@Ryukemeister
Copy link
Contributor Author

Ryukemeister commented Jan 7, 2026

most of these are just linting changes

Ryukemeister
Ryukemeister commented Jan 7, 2026
View reviewed changes
packages/features/bookings/lib/get-booking.ts Outdated
const isUserIdInBooking = theBooking.userId === userId;

if (!isOwnerOfBooking && !isHostOfEventType && !isUserIdInBooking) return null;
const isOrgAdmin =
Copy link
Contributor Author

@Ryukemeister Ryukemeister Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this ensures if an org admin tries to reschedule booking belonging to members of his org we dont throw an error

Copy link
Member

@sean-brydon sean-brydon Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use PBAC here for booking.read or whatever permission you see fit with fallback roles of adminOrOwner.

This ADMIN field this checks in orgs isnt 100% true when PBAC is enabled

Ryukemeister
Ryukemeister commented Jan 7, 2026
View reviewed changes
packages/features/bookings/lib/get-booking.ts
user: {
select: {
id: true,
username: true,
Copy link
Contributor Author

@Ryukemeister Ryukemeister Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for rescheduling its better to use the host username that we get from get-booking

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Ryukemeister
Ryukemeister commented Jan 7, 2026
View reviewed changes
packages/platform/atoms/booker/BookerPlatformWrapper.tsx
const queryClient = useQueryClient();

const username = useMemo(() => {
// when rescheduling, prefer the booking host's username from bookingData
Copy link
Contributor Author

@Ryukemeister Ryukemeister Jan 7, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is the only change thats been made in BookerPlatformWrapper, rest are just linting changes

sean-brydon
sean-brydon previously requested changes Jan 7, 2026
View reviewed changes
packages/features/bookings/lib/get-booking.ts Outdated
const isUserIdInBooking = theBooking.userId === userId;

if (!isOwnerOfBooking && !isHostOfEventType && !isUserIdInBooking) return null;
const isOrgAdmin =
Copy link
Member

@sean-brydon sean-brydon Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use PBAC here for booking.read or whatever permission you see fit with fallback roles of adminOrOwner.

This ADMIN field this checks in orgs isnt 100% true when PBAC is enabled

@github-actions github-actions bot marked this pull request as draft January 7, 2026 09:07
@Ryukemeister
Copy link
Contributor Author

Ryukemeister commented Jan 7, 2026
edited
Loading

@sean-brydon this is for a platform customer and platform orgs dont use PBAC. I don't think we let anyone do this on app.cal.com

@sean-brydon
Copy link
Member

sean-brydon commented Jan 7, 2026

@sean-brydon this is for a platform customer and platform orgs dont use PBAC. I don't think we let anyone do this on app.cal.com

They can though right? This is still core logic that should take it into account I think? I don’t belive this is a platform specific file

@Ryukemeister

This comment was marked as outdated.

Sign in to view
@Ryukemeister Ryukemeister marked this pull request as ready for review January 13, 2026 07:52
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@Ryukemeister Ryukemeister dismissed sean-brydon’s stale review January 13, 2026 07:55

implemented feedback

Ryukemeister
Ryukemeister commented Jan 13, 2026
View reviewed changes
packages/features/bookings/lib/get-booking.ts
let hasOrgAccess = false;
if (userId && theBooking.user?.organizationId) {
const permissionCheckService = new PermissionCheckService();
hasOrgAccess = await permissionCheckService.checkPermission({
Copy link
Contributor Author

@Ryukemeister Ryukemeister Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sean-brydon we use pbac now to check if user is org admin or not

@vercel vercel bot temporarily deployed to Preview – cal-companion January 13, 2026 10:36 Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Jan 13, 2026
edited
Loading

E2E results are ready!

@Ryukemeister Ryukemeister enabled auto-merge (squash) January 13, 2026 16:00
@Ryukemeister Ryukemeister merged commit f32ea8b into main Jan 13, 2026
76 of 78 checks passed
@Ryukemeister Ryukemeister deleted the fix-reschedule-behaviour-for-seated-bookings branch January 13, 2026 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@ThyMinimalDev ThyMinimalDev ThyMinimalDev approved these changes

@sean-brydon sean-brydon Awaiting requested review from sean-brydon

Assignees

No one assigned

Labels

consumer core area: core, team members only ready-for-e2e size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Ryukemeister @sean-brydon @ThyMinimalDev @PeerRich

Comments