diff --git a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/my-stay/[refId]/page.tsx b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/my-stay/[refId]/page.tsx index 3ce7c34f5..10e5568a8 100644 --- a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/my-stay/[refId]/page.tsx +++ b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/my-stay/[refId]/page.tsx @@ -10,7 +10,7 @@ export default async function MyStayPage({ }: PageArgs) { return ( }> - + ) } diff --git a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts index a1ba066d5..438f5cb74 100644 --- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts +++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts @@ -3,6 +3,7 @@ import { describe, expect, it } from "@jest/globals" import accessBooking, { ACCESS_GRANTED, ERROR_BAD_REQUEST, + ERROR_FORBIDDEN, ERROR_NOT_FOUND, ERROR_UNAUTHORIZED, } from "./accessBooking" @@ -42,7 +43,7 @@ describe("Access booking", () => { email: "logged-out@scandichotels.com", }).toString() expect(accessBooking(loggedOut, "Booking", user, cookieString)).toBe( - ACCESS_GRANTED + ERROR_FORBIDDEN ) }) it("should prompt for more if first name is missing", () => { diff --git a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts index 8512fb771..17d32b9a9 100644 --- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts +++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts @@ -5,6 +5,7 @@ export { ACCESS_GRANTED, accessBooking as default, ERROR_BAD_REQUEST, + ERROR_FORBIDDEN, ERROR_NOT_FOUND, ERROR_UNAUTHORIZED, } @@ -29,14 +30,18 @@ function accessBooking( } if (guest.lastName === lastName) { - const params = new URLSearchParams(cookie) - if ( - params.get("firstName") === guest.firstName && - params.get("email") === guest.email - ) { - return ACCESS_GRANTED + if (user) { + return ERROR_FORBIDDEN } else { - return ERROR_BAD_REQUEST + const params = new URLSearchParams(cookie) + if ( + params.get("firstName") === guest.firstName && + params.get("email") === guest.email + ) { + return ACCESS_GRANTED + } else { + return ERROR_BAD_REQUEST + } } } @@ -53,6 +58,11 @@ const ERROR_UNAUTHORIZED = { status: 401, } as const +const ERROR_FORBIDDEN = { + code: "FORBIDDEN", + status: 403, +} as const + const ERROR_NOT_FOUND = { code: "NOT_FOUND", status: 404, diff --git a/apps/scandic-web/components/HotelReservation/MyStay/index.tsx b/apps/scandic-web/components/HotelReservation/MyStay/index.tsx index 42a56568a..02465ef50 100644 --- a/apps/scandic-web/components/HotelReservation/MyStay/index.tsx +++ b/apps/scandic-web/components/HotelReservation/MyStay/index.tsx @@ -47,12 +47,11 @@ export async function MyStay({ refId }: { refId: string }) { const { booking, hotel, room } = bookingConfirmation const user = await getProfileSafely() - const cookie = cookies() - const bv = cookie.get("bv")?.value + const bv = cookies().get("bv")?.value const intl = await getIntl() const access = accessBooking(booking.guest, lastName, user, bv) - if (access.status === ACCESS_GRANTED.status) { + if (access === ACCESS_GRANTED) { const linkedBookingPromises = booking.linkedReservations ? booking.linkedReservations.map((linkedBooking) => { return getBookingConfirmation(linkedBooking.confirmationNumber) @@ -122,7 +121,7 @@ export async function MyStay({ refId }: { refId: string }) { ) } - if (access.status === ERROR_BAD_REQUEST.status) { + if (access === ERROR_BAD_REQUEST) { return (
@@ -135,7 +134,7 @@ export async function MyStay({ refId }: { refId: string }) { ) } - if (access.status === ERROR_UNAUTHORIZED.status) { + if (access === ERROR_UNAUTHORIZED) { return (