fix(SW-1710): use access object references instead

correct incorrect test that granted access incorrectly

apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/my-stay/[refId]/page.tsx

@@ -10,7 +10,7 @@ export default async function MyStayPage({
 }: PageArgs<LangParams & { refId: string }>) {
   return (
     <Suspense fallback={<MyStaySkeleton />}>
-      <MyStay refId={params.refId} />
+      <MyStay refId={decodeURIComponent(params.refId)} />
     </Suspense>
   )
 }

apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts

@@ -3,6 +3,7 @@ import { describe, expect, it } from "@jest/globals"
 import accessBooking, {
   ACCESS_GRANTED,
   ERROR_BAD_REQUEST,
+  ERROR_FORBIDDEN,
   ERROR_NOT_FOUND,
   ERROR_UNAUTHORIZED,
 } from "./accessBooking"
@@ -42,7 +43,7 @@ describe("Access booking", () => {
         email: "logged-out@scandichotels.com",
       }).toString()
       expect(accessBooking(loggedOut, "Booking", user, cookieString)).toBe(
-        ACCESS_GRANTED
+        ERROR_FORBIDDEN
       )
     })
     it("should prompt for more if first name is missing", () => {

apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts

@@ -5,6 +5,7 @@ export {
   ACCESS_GRANTED,
   accessBooking as default,
   ERROR_BAD_REQUEST,
+  ERROR_FORBIDDEN,
   ERROR_NOT_FOUND,
   ERROR_UNAUTHORIZED,
 }
@@ -29,14 +30,18 @@ function accessBooking(
   }
 
   if (guest.lastName === lastName) {
-    const params = new URLSearchParams(cookie)
+    if (user) {
-    if (
+      return ERROR_FORBIDDEN
-      params.get("firstName") === guest.firstName &&
-      params.get("email") === guest.email
-    ) {
-      return ACCESS_GRANTED
     } else {
-      return ERROR_BAD_REQUEST
+      const params = new URLSearchParams(cookie)
+      if (
+        params.get("firstName") === guest.firstName &&
+        params.get("email") === guest.email
+      ) {
+        return ACCESS_GRANTED
+      } else {
+        return ERROR_BAD_REQUEST
+      }
     }
   }
 
@@ -53,6 +58,11 @@ const ERROR_UNAUTHORIZED = {
   status: 401,
 } as const
 
+const ERROR_FORBIDDEN = {
+  code: "FORBIDDEN",
+  status: 403,
+} as const
+
 const ERROR_NOT_FOUND = {
   code: "NOT_FOUND",
   status: 404,

apps/scandic-web/components/HotelReservation/MyStay/index.tsx

@@ -47,12 +47,11 @@ export async function MyStay({ refId }: { refId: string }) {
 
   const { booking, hotel, room } = bookingConfirmation
   const user = await getProfileSafely()
-  const cookie = cookies()
+  const bv = cookies().get("bv")?.value
-  const bv = cookie.get("bv")?.value
   const intl = await getIntl()
 
   const access = accessBooking(booking.guest, lastName, user, bv)
-  if (access.status === ACCESS_GRANTED.status) {
+  if (access === ACCESS_GRANTED) {
     const linkedBookingPromises = booking.linkedReservations
       ? booking.linkedReservations.map((linkedBooking) => {
           return getBookingConfirmation(linkedBooking.confirmationNumber)
@@ -122,7 +121,7 @@ export async function MyStay({ refId }: { refId: string }) {
     )
   }
 
-  if (access.status === ERROR_BAD_REQUEST.status) {
+  if (access === ERROR_BAD_REQUEST) {
     return (
       <main className={styles.main}>
         <div className={styles.form}>
@@ -135,7 +134,7 @@ export async function MyStay({ refId }: { refId: string }) {
     )
   }
 
-  if (access.status === ERROR_UNAUTHORIZED.status) {
+  if (access === ERROR_UNAUTHORIZED) {
     return (
       <main className={styles.main}>
         <div className={styles.logIn}>