pennlabs · minghansun1 · Feb 10, 2026 · Feb 10, 2026 · Copilot · Feb 10, 2026
diff --git a/backend/gsr_booking/serializers.py b/backend/gsr_booking/serializers.py
@@ -127,13 +127,22 @@ def create(self, validated_data):
 
 class SharedGSRBookingSerializer(serializers.ModelSerializer):
 
-    building = serializers.CharField(source="gsr.name")
     is_valid = serializers.SerializerMethodField()
     owner_name = serializers.SerializerMethodField()
+    gsr = GSRSerializer(read_only=True)
 
     class Meta:
         model = GSRBooking
-        fields = ["room_name", "building", "start", "end", "is_valid", "owner_name"]
+        fields = [
+            "booking_id",
+            "gsr",
+            "room_id",
+            "room_name",
+            "start",
+            "end",
+            "is_valid",
+            "owner_name",
+        ]
         read_only_fields = fields
 
     def get_owner_name(self, obj):

diff --git a/backend/tests/gsr_booking/test_share_codes.py b/backend/tests/gsr_booking/test_share_codes.py
@@ -117,13 +117,22 @@ def test_view_shared_booking_public_access(self):
         payload = json.loads(response.content)
 
         # Should only contain booking info and not owner info
+        print("Payload: ", payload)
+        self.assertIn("booking_id", payload)
+        self.assertIn("gsr", payload)
+        self.assertIn("lid", payload["gsr"])
+        self.assertIn("gid", payload["gsr"])
+        self.assertIn("name", payload["gsr"])
+        self.assertIn("kind", payload["gsr"])
+        self.assertIn("image_url", payload["gsr"])
         self.assertIn("room_name", payload)
-        self.assertIn("building", payload)
+        self.assertIn("room_id", payload)
         self.assertIn("start", payload)
         self.assertIn("end", payload)
         self.assertIn("is_valid", payload)
+        self.assertIn("owner_name", payload)
         self.assertEqual(payload["room_name"], self.booking.room_name)
-        self.assertEqual(payload["building"], self.booking.gsr.name)
+        self.assertEqual(payload["gsr"]["name"], self.booking.gsr.name)
         self.assertEqual(payload["is_valid"], True)
 
     def test_view_shared_booking_invalid_code(self):
@@ -304,17 +313,24 @@ def test_shared_booking_serializer(self):
         data = serializer.data
 
         # Should have booking details
+        self.assertIn("booking_id", data)
+        self.assertIn("gsr", data)
+        self.assertIn("lid", data["gsr"])
+        self.assertIn("gid", data["gsr"])
+        self.assertIn("name", data["gsr"])
+        self.assertIn("kind", data["gsr"])
+        self.assertIn("image_url", data["gsr"])
         self.assertIn("room_name", data)
-        self.assertIn("building", data)
+        self.assertIn("room_id", data)
         self.assertIn("start", data)
         self.assertIn("end", data)
         self.assertIn("is_valid", data)
+        self.assertIn("owner_name", data)
 
         # Should not have owner info
-        # Should not have owner info
+        # Should not expose owner-related model fields (only owner_name is allowed)
-        # Should not have owner info
+        # Should not expose owner-related model fields (only owner_name is allowed)
         self.assertNotIn("user", data)
         self.assertNotIn("owner", data)
         self.assertNotIn("reservation", data)
-        self.assertNotIn("booking_id", data)
 
     def test_is_valid_method(self):
         share_code = GSRShareCode.objects.create(