Merged in feat/sw-2967-mystay (pull request #2666)

feat(mystay):SW-2967 - allow access if booking.guest == logged in user * feat(mystay):SW-2967 - allow access if booking.guest == logged in user * Fixed failing tests Approved-by: Hrishikesh Vaipurkar
2025-08-18 11:50:57 +00:00
parent f8a4b88170
commit 78e3259317
2 changed files with 16 additions and 26 deletions
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
@@ -21,30 +21,25 @@ function accessBooking(
  user: SafeUser | null,
  cookie: string = ""
 ) {
-  if (guest.membershipNumber) {
-    if (user) {
-      if (
-        user.membershipNumber === guest.membershipNumber &&
-        user.lastName.toLowerCase() === lastName.toLowerCase() &&
-        lastName.toLowerCase() === guest.lastName?.toLowerCase()
-      ) {
-        return ACCESS_GRANTED
-      }
-    }
+  if (
+    user &&
+    user.membershipNumber === guest.membershipNumber &&
+    user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
+    user.email.toLowerCase() === guest.email?.toLowerCase()
+  ) {
+    return ACCESS_GRANTED
+  }

-    return ERROR_UNAUTHORIZED
+  if (guest.membershipNumber) {
+    if (!user) {
+      return ERROR_UNAUTHORIZED
+    }
+    if (guest.membershipNumber !== user.membershipNumber) {
+      return ERROR_UNAUTHORIZED
+    }
  }

  if (guest.lastName?.toLowerCase() === lastName.toLowerCase()) {
-    if (user) {
-      if (
-        user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
-        user.email.toLowerCase() === guest.email?.toLowerCase()
-      ) {
-        return ACCESS_GRANTED
-      }
-    }
-
    const values =
      cookie && (JSON.parse(cookie) as Partial<AdditionalInfoCookieValue>)
    if (