Merged in feat/sw-2967-mystay (pull request #2666)

feat(mystay):SW-2967 - allow access if booking.guest == logged in user * feat(mystay):SW-2967 - allow access if booking.guest == logged in user * Fixed failing tests Approved-by: Hrishikesh Vaipurkar
2025-08-18 11:50:57 +00:00
parent f8a4b88170
commit 78e3259317
2 changed files with 16 additions and 26 deletions
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
@@ -34,11 +34,6 @@ describe("Access booking", () => {
        accessBooking(loggedInGuest, "Booking", badAuthenticatedUser)
      ).toBe(ERROR_UNAUTHORIZED)
    })
-    it("should deny access if refId mismatch", () => {
-      expect(
-        accessBooking(loggedInGuest, "NotBooking", authenticatedUser)
-      ).toBe(ERROR_UNAUTHORIZED)
-    })
  })

  describe("for anonymous booking", () => {
@@ -145,7 +140,7 @@ const authenticatedUser: SafeUser = {
    zipCode: undefined,
  },
  dateOfBirth: "",
-  email: "",
+  email: "logged+in@scandichotels.com",
  firstName: "Authenticated",
  language: undefined,
  lastName: "Booking",
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
@@ -21,30 +21,25 @@ function accessBooking(
  user: SafeUser | null,
  cookie: string = ""
 ) {
-  if (guest.membershipNumber) {
-    if (user) {
-      if (
-        user.membershipNumber === guest.membershipNumber &&
-        user.lastName.toLowerCase() === lastName.toLowerCase() &&
-        lastName.toLowerCase() === guest.lastName?.toLowerCase()
-      ) {
-        return ACCESS_GRANTED
-      }
-    }
+  if (
+    user &&
+    user.membershipNumber === guest.membershipNumber &&
+    user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
+    user.email.toLowerCase() === guest.email?.toLowerCase()
+  ) {
+    return ACCESS_GRANTED
+  }

-    return ERROR_UNAUTHORIZED
+  if (guest.membershipNumber) {
+    if (!user) {
+      return ERROR_UNAUTHORIZED
+    }
+    if (guest.membershipNumber !== user.membershipNumber) {
+      return ERROR_UNAUTHORIZED
+    }
  }

  if (guest.lastName?.toLowerCase() === lastName.toLowerCase()) {
-    if (user) {
-      if (
-        user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
-        user.email.toLowerCase() === guest.email?.toLowerCase()
-      ) {
-        return ACCESS_GRANTED
-      }
-    }
-
    const values =
      cookie && (JSON.parse(cookie) as Partial<AdditionalInfoCookieValue>)
    if (