From 78e325931721a4c68718e4feba6daa1560c2dcf4 Mon Sep 17 00:00:00 2001
From: Linus Flood <linus.flood@scandichotels.com>
Date: Mon, 18 Aug 2025 11:50:57 +0000
Subject: [PATCH] Merged in feat/sw-2967-mystay (pull request #2666)

feat(mystay):SW-2967 - allow access if booking.guest == logged in user

* feat(mystay):SW-2967 - allow access if booking.guest == logged in user

* Fixed failing tests


Approved-by: Hrishikesh Vaipurkar
---
 .../MyStay/accessBooking.test.ts              |  7 +---
 .../HotelReservation/MyStay/accessBooking.ts  | 35 ++++++++-----------
 2 files changed, 16 insertions(+), 26 deletions(-)

diff --git a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
index bb516a939..8e93bdcbb 100644
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
@@ -34,11 +34,6 @@ describe("Access booking", () => {
         accessBooking(loggedInGuest, "Booking", badAuthenticatedUser)
       ).toBe(ERROR_UNAUTHORIZED)
     })
-    it("should deny access if refId mismatch", () => {
-      expect(
-        accessBooking(loggedInGuest, "NotBooking", authenticatedUser)
-      ).toBe(ERROR_UNAUTHORIZED)
-    })
   })
 
   describe("for anonymous booking", () => {
@@ -145,7 +140,7 @@ const authenticatedUser: SafeUser = {
     zipCode: undefined,
   },
   dateOfBirth: "",
-  email: "",
+  email: "logged+in@scandichotels.com",
   firstName: "Authenticated",
   language: undefined,
   lastName: "Booking",
diff --git a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
index 920e50a5c..75371f11b 100644
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
@@ -21,30 +21,25 @@ function accessBooking(
   user: SafeUser | null,
   cookie: string = ""
 ) {
-  if (guest.membershipNumber) {
-    if (user) {
-      if (
-        user.membershipNumber === guest.membershipNumber &&
-        user.lastName.toLowerCase() === lastName.toLowerCase() &&
-        lastName.toLowerCase() === guest.lastName?.toLowerCase()
-      ) {
-        return ACCESS_GRANTED
-      }
-    }
+  if (
+    user &&
+    user.membershipNumber === guest.membershipNumber &&
+    user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
+    user.email.toLowerCase() === guest.email?.toLowerCase()
+  ) {
+    return ACCESS_GRANTED
+  }
 
-    return ERROR_UNAUTHORIZED
+  if (guest.membershipNumber) {
+    if (!user) {
+      return ERROR_UNAUTHORIZED
+    }
+    if (guest.membershipNumber !== user.membershipNumber) {
+      return ERROR_UNAUTHORIZED
+    }
   }
 
   if (guest.lastName?.toLowerCase() === lastName.toLowerCase()) {
-    if (user) {
-      if (
-        user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
-        user.email.toLowerCase() === guest.email?.toLowerCase()
-      ) {
-        return ACCESS_GRANTED
-      }
-    }
-
     const values =
       cookie && (JSON.parse(cookie) as Partial<AdditionalInfoCookieValue>)
     if (