Skip to content

chore: Integrate edit location booking audit #26569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hariombalhara wants to merge 16 commits into
base: main
Choose a base branch
from
Open

chore: Integrate edit location booking audit #26569

hariombalhara wants to merge 16 commits into from

Conversation

@hariombalhara
Copy link
Member

@hariombalhara hariombalhara commented Jan 8, 2026
edited by devin-ai-integration bot
Loading

What does this PR do?

Integrates booking audit logging for the edit location functionality, following the pattern established in PR #26046 (booking creation/rescheduling audit).

This PR adds audit logging when a booking's location is changed through:

  1. Web app (tRPC handler): packages/trpc/server/routers/viewer/bookings/editLocation.handler.ts
  2. API v2: apps/api/v2/src/ee/bookings/2024-08-13/services/booking-location.service.ts

Changes:

  • Added actionSource as a required parameter to editLocationHandler (no fallback)
  • Added optional userUuid parameter (defaults to logged-in user's uuid)
  • Added ValidActionSource type that excludes "UNKNOWN" for client-facing APIs
  • Captures old location before update for audit data
  • Calls BookingEventHandlerService.onLocationChanged() after successful location update
  • Web app uses actionSource: "WEBAPP", API v2 uses actionSource: "API_V2"
  • Updated router to explicitly pass actionSource: "WEBAPP"
  • Updated test to pass actionSource: "WEBAPP"
  • API v2: Uses NestJS dependency injection pattern with BookingEventHandlerService injected via constructor

Updates since last revision:

  • Created BookingEventHandlerModule (apps/api/v2/src/lib/modules/booking-event-handler.module.ts) to encapsulate BookingEventHandlerService and its dependencies (Logger, TaskerService, HashedLinkService, BookingAuditProducerService)
  • Updated both bookings modules (2024-04-15 and 2024-08-13) to import BookingEventHandlerModule instead of listing individual providers
  • This reduces code duplication and makes dependency management cleaner

Mandatory Tasks (DO NOT REMOVE)

  • I have self-reviewed the code (A decent size PR without self-review might be rejected).
  • I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A - no documentation changes needed.
  • I confirm automated tests are in place that prove my fix is effective or that my feature works. N/A - using existing audit infrastructure that is already tested.

How should this be tested?

  1. Update a booking's location through the web app
  2. Update a booking's location through API v2
  3. Verify audit logs are created with:
    • Correct bookingUid
    • Correct actor (user who made the change)
    • Correct source ("WEBAPP" or "API_V2")
    • Correct auditData.location.old and auditData.location.new values

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have checked if my changes generate no new warnings

Human Review Checklist

  • Verify all callers of editLocationHandler pass actionSource (router updated, test updated)
  • Verify organizationId derivation is correct in both handlers (tRPC uses booking.user?.profiles?.[0]?.organizationId, API v2 uses existingBookingHost.organizationId)
  • Confirm audit call placement after location update is intentional (audit failures would fail the operation even though location was already updated)
  • Note: API v2 has its own implementation and does NOT reuse editLocationHandler - this is correct
  • Verify BookingEventHandlerModule properly exports BookingEventHandlerService and is imported in both bookings modules
  • Verify the updateBookingLocationInDb return value ({ updatedLocation }) is destructured and used correctly for audit data
  • Verify API v2 uses bookingLocation for audit new value, while tRPC uses updatedLocation from DB update

Link to Devin run: https://app.devin.ai/sessions/fd1d439779674050a26ea3fa7d799943
Requested by: @hariombalhara

@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Jan 8, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR that start with 'DevinAI' or '@devin'.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@vercel
Copy link

vercel bot commented Jan 8, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

4 Skipped Deployments
Project Deployment Review Updated (UTC)
api-v2 Ignored Ignored Preview Jan 9, 2026 2:52am
cal Ignored Ignored Jan 9, 2026 2:52am
cal-companion Ignored Ignored Preview Jan 9, 2026 2:52am
cal-eu Ignored Ignored Jan 9, 2026 2:52am

@hariombalhara
Merge remote-tracking branch 'origin/main' into devin/edit-location-a…
ee4a1e4 
…udit-1767854684
@hariombalhara
fix: update booking location service and action source handling
e0d19f9 
- Changed the variable name from `bookingLocation` to `bookingFieldsLocation` in the BookingLocationService for clarity.
- Introduced a new `ValidActionSource` type to ensure only valid action sources are used in the booking audit process, removing the `UNKNOWN` option from the action source schema.
- Refactored the `editLocationHandler` to utilize the new `ValidActionSource` type and removed the handling of `UNKNOWN` action sources.
- Cleaned up formatting and improved readability in several files related to booking cancellation and location editing.
@pull-request-size pull-request-size bot added size/L and removed size/M labels Jan 8, 2026
@hariombalhara hariombalhara force-pushed the devin/edit-location-audit-1767854684 branch from f0dcf26 to 8b617f9 Compare January 8, 2026 13:47
@pull-request-size pull-request-size bot added size/M and removed size/L labels Jan 8, 2026
@keithwillcode keithwillcode added the core area: core, team members only label Jan 10, 2026
@hariombalhara hariombalhara added this to the v6.2 milestone Jan 12, 2026
@pull-request-size pull-request-size bot added size/L and removed size/M labels Jan 12, 2026
devin-ai-integration bot and others added 3 commits January 12, 2026 13:48
@devin-ai-integration @hariombalhara
refactor: Create BookingEventHandlerModule to encapsulate dependencies
223630b 
Instead of adding individual providers (Logger, TaskerService, HashedLinkService,
BookingAuditProducerService, BookingEventHandlerService) to each bookings module,
create a dedicated BookingEventHandlerModule that can be imported where needed.

This reduces code duplication and makes dependency management cleaner.

Co-Authored-By: [email protected] <[email protected]>
@hariombalhara
Merge remote-tracking branch 'origin/main' into devin/edit-location-a…
99bb395 
…udit-1767854684
@hariombalhara
Merge branch 'devin/edit-location-audit-1767854684' of github.com:cal…
ca7166f 
…com/cal.com into devin/edit-location-audit-1767854684
@hariombalhara hariombalhara self-assigned this Jan 13, 2026
@hariombalhara hariombalhara marked this pull request as ready for review January 13, 2026 03:34
@hariombalhara hariombalhara requested a review from a team as a code owner January 13, 2026 03:34
@graphite-app graphite-app bot requested a review from a team January 13, 2026 03:34
@graphite-app graphite-app bot added the enterprise area: enterprise, audit log, organisation, SAML, SSO label Jan 13, 2026
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 7 files

@hariombalhara hariombalhara added 💰 Rewarded Rewarded bounties on Algora.io ready-for-e2e and removed 💰 Rewarded Rewarded bounties on Algora.io labels Jan 13, 2026
@vercel vercel bot temporarily deployed to Preview – dev January 13, 2026 09:17 Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Jan 18, 2026

E2E results are ready!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@hariombalhara hariombalhara

Labels

core area: core, team members only enterprise area: enterprise, audit log, organisation, SAML, SSO ready-for-e2e size/L

Projects

None yet

Milestone

v6.2

Development

Successfully merging this pull request may close these issues.

3 participants

@hariombalhara @keithwillcode