feat(events): #add_attendee (#326)

PlaceOS · Jul 16, 2024 · cd522f7 · cd522f7
1 parent 1f6e1df
commit cd522f7
Show file tree

Hide file tree

Showing 5 changed files with 481 additions and 3 deletions.
diff --git a/spec/controllers/events_spec.cr b/spec/controllers/events_spec.cr
@@ -255,6 +255,288 @@ describe Events do
     end
   end
 
+  describe "permission", tags: ["auth", "group-event"] do
+    it "#add_attendee should NOT allow adding public or same tenant users to PRIVATE events" do
+      WebMock.stub(:post, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/events")
+        .to_return(body: File.read("./spec/fixtures/events/o365/create.json"))
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/room1%40example.com/calendar/events/AAMkADE3YmQxMGQ2LTRmZDgtNDljYy1hNDg1LWM0NzFmMGI0ZTQ3YgBGAAAAAADFYQb3DJ_xSJHh14kbXHWhBwB08dwEuoS_QYSBDzuv558sAAAAAAENAAB08dwEuoS_QYSBDzuv558sAACGVOwUAAA%3D")
+        .to_return(body: File.read("./spec/fixtures/events/o365/create.json"))
+
+      WebMock.stub(:patch, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/events/AAMkADE3YmQxMGQ2LTRmZDgtNDljYy1hNDg1LWM0NzFmMGI0ZTQ3YgBGAAAAAADFYQb3DJ_xSJHh14kbXHWhBwB08dwEuoS_QYSBDzuv558sAAAAAAENAAB08dwEuoS_QYSBDzuv558sAACGVOwUAAA%3D")
+        .to_return(body: File.read("./spec/fixtures/events/o365/update.json"))
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.com/calendars")
+        .to_return(body: File.read("./spec/fixtures/calendars/o365/show.json"))
+
+      # Stub getting the host event
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/calendarView?startDateTime=2020-08-26T14%3A00%3A00-00%3A00&endDateTime=2020-08-27T13%3A59%3A59-00%3A00&%24filter=iCalUId+eq+%27040000008200E00074C5B7101A82E008000000006DE2E3761F8AD6010000000000000000100000009CCCDBB1F09DE74D8B157797D97F6A10%27&%24top=10000")
+        .to_return(body: File.read("./spec/fixtures/events/o365/events_query.json"))
+
+      req_body = EventsHelper.create_event_input(permission: PlaceOS::Model::EventMetadata::Permission::PRIVATE)
+
+      event = JSON.parse(client.post(EVENTS_BASE, headers: headers, body: req_body).body).as_h
+      event_id = event["id"].to_s
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/room1%40example.com/calendar/calendarView?startDateTime=2020-08-26T14:00:00-00:00&endDateTime=2020-08-27T13:59:59-00:00&%24filter=iCalUId+eq+%27040000008200E00074C5B7101A82E008000000006DE2E3761F8AD6010000000000000000100000009CCCDBB1F09DE74D8B157797D97F6A10%27&$top=10000")
+        .to_return(EventsHelper.event_query_response(event_id))
+
+      system_id = "sys-rJQQlR4Cn7"
+      EventsHelper.stub_permissions_check(system_id)
+
+      # public user
+      no_auth_headers = Mock::Headers.office365_no_auth
+      response = client.post(%(#{EVENTS_BASE}/#{event_id}/attendee?system_id=#{system_id}), headers: no_auth_headers, body: {
+        name:           "User Two",
+        email:          "user-two@example.com",
+        checked_in:     true,
+        visit_expected: true,
+      }.to_json)
+      response.status_code.should eq(401)
+
+      # same tenant user
+      same_tenant_headers = Mock::Headers.office365_normal_user(email: "user-three@example.com")
+      response = client.post(%(#{EVENTS_BASE}/#{event_id}/attendee?system_id=#{system_id}), headers: same_tenant_headers, body: {
+        name:           "User Three",
+        email:          "user-three@example.com",
+        checked_in:     true,
+        visit_expected: true,
+      }.to_json)
+      response.status_code.should eq(403)
+
+      event_metadata = EventMetadata.find_by(event_id: event_id)
+      # Should only have the event creator and room
+      event_metadata.attendees.count.should eq(2)
+
+      guests = event_metadata.attendees.map(&.guest.not_nil!)
+      (guests.map(&.email) - ["jon@example.com", "dev@acaprojects.onmicrosoft.com"]).size.should eq(0)
+    end
+
+    it "#add_attendee should allow adding same tenant users to OPEN events" do
+      WebMock.stub(:post, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/events")
+        .to_return(body: File.read("./spec/fixtures/events/o365/create.json"))
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/room1%40example.com/calendar/events/AAMkADE3YmQxMGQ2LTRmZDgtNDljYy1hNDg1LWM0NzFmMGI0ZTQ3YgBGAAAAAADFYQb3DJ_xSJHh14kbXHWhBwB08dwEuoS_QYSBDzuv558sAAAAAAENAAB08dwEuoS_QYSBDzuv558sAACGVOwUAAA%3D")
+        .to_return(body: File.read("./spec/fixtures/events/o365/create.json"))
+
+      WebMock.stub(:patch, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/events/AAMkADE3YmQxMGQ2LTRmZDgtNDljYy1hNDg1LWM0NzFmMGI0ZTQ3YgBGAAAAAADFYQb3DJ_xSJHh14kbXHWhBwB08dwEuoS_QYSBDzuv558sAAAAAAENAAB08dwEuoS_QYSBDzuv558sAACGVOwUAAA%3D")
+        .to_return(body: File.read("./spec/fixtures/events/o365/update.json"))
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.com/calendars")
+        .to_return(body: File.read("./spec/fixtures/calendars/o365/show.json"))
+
+      # Stub getting the host event
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/calendarView?startDateTime=2020-08-26T14%3A00%3A00-00%3A00&endDateTime=2020-08-27T13%3A59%3A59-00%3A00&%24filter=iCalUId+eq+%27040000008200E00074C5B7101A82E008000000006DE2E3761F8AD6010000000000000000100000009CCCDBB1F09DE74D8B157797D97F6A10%27&%24top=10000")
+        .to_return(body: File.read("./spec/fixtures/events/o365/events_query.json"))
+
+      req_body = EventsHelper.create_event_input(permission: PlaceOS::Model::EventMetadata::Permission::OPEN)
+
+      event = JSON.parse(client.post(EVENTS_BASE, headers: headers, body: req_body).body).as_h
+      event_id = event["id"].to_s
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/room1%40example.com/calendar/calendarView?startDateTime=2020-08-26T14:00:00-00:00&endDateTime=2020-08-27T13:59:59-00:00&%24filter=iCalUId+eq+%27040000008200E00074C5B7101A82E008000000006DE2E3761F8AD6010000000000000000100000009CCCDBB1F09DE74D8B157797D97F6A10%27&$top=10000")
+        .to_return(EventsHelper.event_query_response(event_id))
+
+      system_id = "sys-rJQQlR4Cn7"
+      EventsHelper.stub_permissions_check(system_id)
+
+      # public user
+      no_auth_headers = Mock::Headers.office365_no_auth
+      response = client.post(%(#{EVENTS_BASE}/#{event_id}/attendee?system_id=#{system_id}), headers: no_auth_headers, body: {
+        name:           "User Two",
+        email:          "user-two@example.com",
+        checked_in:     true,
+        visit_expected: true,
+      }.to_json)
+      response.status_code.should eq(401)
+
+      # same tenant user
+      same_tenant_headers = Mock::Headers.office365_normal_user(email: "user-three@example.com")
+      response = client.post(%(#{EVENTS_BASE}/#{event_id}/attendee?system_id=#{system_id}), headers: same_tenant_headers, body: {
+        name:           "User Three",
+        email:          "user-three@example.com",
+        checked_in:     true,
+        visit_expected: true,
+      }.to_json)
+      response.status_code.should eq(200)
+
+      event_metadata = EventMetadata.find_by(event_id: event_id)
+      event_metadata.attendees.count.should eq(3)
+
+      guests = event_metadata.attendees.map(&.guest.not_nil!)
+      (guests.map(&.email) - [
+        "jon@example.com",
+        "dev@acaprojects.onmicrosoft.com",
+        "user-three@example.com",
+      ]).size.should eq(0)
+    end
+
+    it "#add_attendee should allow adding anyone to PUBLIC events" do
+      WebMock.stub(:post, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/events")
+        .to_return(body: File.read("./spec/fixtures/events/o365/create.json"))
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/room1%40example.com/calendar/events/AAMkADE3YmQxMGQ2LTRmZDgtNDljYy1hNDg1LWM0NzFmMGI0ZTQ3YgBGAAAAAADFYQb3DJ_xSJHh14kbXHWhBwB08dwEuoS_QYSBDzuv558sAAAAAAENAAB08dwEuoS_QYSBDzuv558sAACGVOwUAAA%3D")
+        .to_return(body: File.read("./spec/fixtures/events/o365/create.json"))
+
+      WebMock.stub(:patch, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/events/AAMkADE3YmQxMGQ2LTRmZDgtNDljYy1hNDg1LWM0NzFmMGI0ZTQ3YgBGAAAAAADFYQb3DJ_xSJHh14kbXHWhBwB08dwEuoS_QYSBDzuv558sAAAAAAENAAB08dwEuoS_QYSBDzuv558sAACGVOwUAAA%3D")
+        .to_return(body: File.read("./spec/fixtures/events/o365/update.json"))
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.com/calendars")
+        .to_return(body: File.read("./spec/fixtures/calendars/o365/show.json"))
+
+      # Stub getting the host event
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.onmicrosoft.com/calendar/calendarView?startDateTime=2020-08-26T14%3A00%3A00-00%3A00&endDateTime=2020-08-27T13%3A59%3A59-00%3A00&%24filter=iCalUId+eq+%27040000008200E00074C5B7101A82E008000000006DE2E3761F8AD6010000000000000000100000009CCCDBB1F09DE74D8B157797D97F6A10%27&%24top=10000")
+        .to_return(body: File.read("./spec/fixtures/events/o365/events_query.json"))
+
+      req_body = EventsHelper.create_event_input(permission: PlaceOS::Model::EventMetadata::Permission::PUBLIC)
+
+      event = JSON.parse(client.post(EVENTS_BASE, headers: headers, body: req_body).body).as_h
+      event_id = event["id"].to_s
+
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/room1%40example.com/calendar/calendarView?startDateTime=2020-08-26T14:00:00-00:00&endDateTime=2020-08-27T13:59:59-00:00&%24filter=iCalUId+eq+%27040000008200E00074C5B7101A82E008000000006DE2E3761F8AD6010000000000000000100000009CCCDBB1F09DE74D8B157797D97F6A10%27&$top=10000")
+        .to_return(EventsHelper.event_query_response(event_id))
+
+      system_id = "sys-rJQQlR4Cn7"
+      EventsHelper.stub_permissions_check(system_id)
+
+      # public user
+      no_auth_headers = Mock::Headers.office365_no_auth
+      response = client.post(%(#{EVENTS_BASE}/#{event_id}/attendee?system_id=#{system_id}), headers: no_auth_headers, body: {
+        name:           "User Two",
+        email:          "user-two@example.com",
+        checked_in:     true,
+        visit_expected: true,
+      }.to_json)
+      response.status_code.should eq(200)
+
+      # same tenant user
+      same_tenant_headers = Mock::Headers.office365_normal_user(email: "user-three@example.com")
+      response = client.post(%(#{EVENTS_BASE}/#{event_id}/attendee?system_id=#{system_id}), headers: same_tenant_headers, body: {
+        name:           "User Three",
+        email:          "user-three@example.com",
+        checked_in:     true,
+        visit_expected: true,
+      }.to_json)
+      response.status_code.should eq(200)
+
+      event_metadata = EventMetadata.find_by(event_id: event_id)
+      event_metadata.attendees.count.should eq(4)
+
+      guests = event_metadata.attendees.map(&.guest.not_nil!)
+      (guests.map(&.email) - [
+        "jon@example.com",
+        "dev@acaprojects.onmicrosoft.com",
+        "user-two@example.com",
+        "user-three@example.com",
+      ]).size.should eq(0)
+    end
+
+    pending "#index should return a list of PUBLIC events for unauthenticated users" do
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.com/calendar?")
+        .to_return(body: File.read("./spec/fixtures/calendars/o365/show.json"))
+      WebMock.stub(:get, "#{ENV["PLACE_URI"]}/api/engine/v2/systems?limit=1000&offset=0&zone_id=z1")
+        .to_return(body: File.read("./spec/fixtures/placeos/systems.json"))
+      WebMock.stub(:post, "https://graph.microsoft.com/v1.0/%24batch")
+        .to_return(body: File.read("./spec/fixtures/events/o365/batch_index.json"))
+
+      tenant = get_tenant
+
+      # private booking
+      private_event = EventMetadatasHelper.create_event(
+        tenant.id,
+        event_start: 10.minutes.from_now.to_unix,
+        event_end: 50.minutes.from_now.to_unix,
+        permission: PlaceOS::Model::EventMetadata::Permission::PRIVATE,
+      )
+
+      # open booking
+      open_event = EventMetadatasHelper.create_event(
+        tenant.id,
+        event_start: 10.minutes.from_now.to_unix,
+        event_end: 50.minutes.from_now.to_unix,
+        permission: PlaceOS::Model::EventMetadata::Permission::OPEN,
+      )
+
+      # public booking
+      public_event = EventMetadatasHelper.create_event(
+        tenant.id,
+        event_start: 10.minutes.from_now.to_unix,
+        event_end: 50.minutes.from_now.to_unix,
+        permission: PlaceOS::Model::EventMetadata::Permission::PUBLIC,
+      )
+
+      starting = 5.minutes.from_now.to_unix
+      ending = 90.minutes.from_now.to_unix
+
+      # public user
+      no_auth_headers = Mock::Headers.office365_no_auth
+      response = client.get("#{EVENTS_BASE}?zone_ids=z1&period_start=#{starting}&period_end=#{starting}", headers: no_auth_headers)
+      response.status_code.should eq(200)
+      events = JSON.parse(response.body).as_a
+      events.size.should eq(1)
+      events.map(&.["id"]).should_not contain(private_event.id)
+      events.map(&.["id"]).should_not contain(open_event.id)
+      events.map(&.["id"]).should contain(public_event.id)
+    end
+
+    pending "#index should return a list of OPEN and PUBLIC events for same tenant users" do
+      WebMock.stub(:get, "https://graph.microsoft.com/v1.0/users/dev%40acaprojects.com/calendar?")
+        .to_return(body: File.read("./spec/fixtures/calendars/o365/show.json"))
+      WebMock.stub(:get, "#{ENV["PLACE_URI"]}/api/engine/v2/systems?limit=1000&offset=0&zone_id=z1")
+        .to_return(body: File.read("./spec/fixtures/placeos/systems.json"))
+      WebMock.stub(:post, "https://graph.microsoft.com/v1.0/%24batch")
+        .to_return(body: File.read("./spec/fixtures/events/o365/batch_index.json"))
+
+      tenant = get_tenant
+
+      # private booking
+      private_event = EventMetadatasHelper.create_event(
+        tenant.id,
+        event_start: 10.minutes.from_now.to_unix,
+        event_end: 50.minutes.from_now.to_unix,
+        permission: PlaceOS::Model::EventMetadata::Permission::PRIVATE,
+      )
+
+      # open booking
+      open_event = EventMetadatasHelper.create_event(
+        tenant.id,
+        event_start: 10.minutes.from_now.to_unix,
+        event_end: 50.minutes.from_now.to_unix,
+        permission: PlaceOS::Model::EventMetadata::Permission::OPEN,
+      )
+
+      # public booking
+      public_event = EventMetadatasHelper.create_event(
+        tenant.id,
+        event_start: 10.minutes.from_now.to_unix,
+        event_end: 50.minutes.from_now.to_unix,
+        permission: PlaceOS::Model::EventMetadata::Permission::PUBLIC,
+      )
+
+      starting = 5.minutes.from_now.to_unix
+      ending = 90.minutes.from_now.to_unix
+
+      # same tenant user
+      same_tenant_headers = Mock::Headers.office365_normal_user(email: "user-four@example.com")
+      response = client.get("#{EVENTS_BASE}?zone_ids=z1&period_start=#{starting}&period_end=#{starting}", headers: same_tenant_headers)
+      response.status_code.should eq(200)
+      events = JSON.parse(response.body).as_a
+      events.size.should eq(1)
+      events.map(&.["id"]).should_not contain(private_event.id)
+      events.map(&.["id"]).should contain(open_event.id)
+      events.map(&.["id"]).should contain(public_event.id)
+    end
+
+    pending "#index should return a list of PRIVATE, OPEN, and PUBLIC group-event events for the event creator" do
+    end
+
+    pending "#index should NOT include attendee details for unauthenticated users" do
+    end
+
+    pending "#destroy_attendee should allow same tenant users to remove attendees from OPEN events" do
+    end
+  end
+
   describe "#show" do
     before_each do
       EventsHelper.stub_show_endpoints

diff --git a/spec/controllers/helpers/event_helper.cr b/spec/controllers/helpers/event_helper.cr
@@ -81,7 +81,7 @@ module EventsHelper
     }.to_json
   end
 
-  def create_event_input(user = Mock::Token.generate_auth_user(false, false))
+  def create_event_input(user = Mock::Token.generate_auth_user(false, false), permission = PlaceOS::Model::EventMetadata::Permission::PRIVATE)
     %({
     "event_start": 1598503500,
     "event_end": 1598507160,
@@ -125,6 +125,7 @@ module EventsHelper
     "system": {
         "id": "sys-rJQQlR4Cn7"
     },
+    "permission": "#{permission}",
     "extension_data": {
       "foo": "bar"
     }

diff --git a/spec/spec_helper.cr b/spec/spec_helper.cr
@@ -235,7 +235,8 @@ module EventMetadatasHelper
                    room_email = Faker::Internet.email,
                    host = Faker::Internet.email,
                    ext_data = JSON.parse({"foo": 123}.to_json),
-                   ical_uid = "random_uid-#{Random.new.rand(500)}")
+                   ical_uid = "random_uid-#{Random.new.rand(500)}",
+                   permission = PlaceOS::Model::EventMetadata::Permission::PRIVATE)
     EventMetadata.create!(
       tenant_id: tenant_id,
       system_id: system_id,
@@ -246,6 +247,7 @@ module EventMetadatasHelper
       event_end: event_end,
       ext_data: ext_data,
       ical_uid: ical_uid,
+      permission: permission
     )
   end
 end