Merge pull request #375 from HackIllinois/dev/sherry/event-id-bug

Remove eventId for attendees in GET

Author: sherrylong

src/services/event/event-router.test.ts

@@ -79,6 +79,23 @@ const TESTER_EVENT_2 = {
     isPro: false,
 } satisfies Event;
 
+const PUBLIC_EVENT = {
+    eventId: "test-public-event",
+    isStaff: false,
+    name: "meeting",
+    description: "meeting",
+    startTime: 9,
+    endTime: 10,
+    eventType: EventType.MEETING,
+    locations: [],
+    isAsync: false,
+    points: 0,
+    isPrivate: false,
+    isMandatory: true,
+    isPro: false,
+    menu: [],
+} satisfies Event;
+
 // Before each test, initialize database with tester & other users
 beforeEach(async () => {
     await Models.EventFollowers.create(TESTER_EVENT_FOLLOWERS);
@@ -92,6 +109,18 @@ beforeEach(async () => {
     await Models.Event.create(TESTER_EVENT_2);
 });
 
+describe("GET /event/", () => {
+    it("returns events with correct eventId visibility", async () => {
+        await Models.Event.deleteMany({});
+        await Models.Event.create(PUBLIC_EVENT);
+        const attendeeResponse = await getAsAttendee(`/event/`).expect(StatusCode.SuccessOK);
+        const staffResponse = await getAsStaff(`/event/`).expect(StatusCode.SuccessOK);
+
+        expect(JSON.parse(attendeeResponse.text).events.eventId).toBeUndefined();
+        expect(JSON.parse(staffResponse.text).events).toMatchObject([PUBLIC_EVENT]);
+    });
+});
+
 describe("GET /event/followers/", () => {
     it("gives an forbidden error for a non-staff user", async () => {
         const response = await getAsAttendee(`/event/followers/${TESTER_EVENT_FOLLOWERS.eventId}/`).expect(

src/services/event/event-router.ts

@@ -16,6 +16,7 @@ import {
     EventAttendeesSchema,
     EventAttendeesInfoSchema,
     EventAttendanceSchema,
+    PublicEventsSchema,
 } from "./event-schemas";
 import { EventIdSchema, SuccessResponseSchema, UserIdSchema } from "../../common/schemas";
 import { z } from "zod";
@@ -259,16 +260,17 @@ eventsRouter.get(
         responses: {
             [StatusCode.SuccessOK]: {
                 description: "The events",
-                schema: EventsSchema,
+                schema: z.union([PublicEventsSchema, EventsSchema]),
             },
         },
     }),
     async (req, res) => {
         const roles = tryGetAuthenticatedUser(req)?.roles || [];
+        const includeIds = roles.includes(Role.ADMIN) || roles.includes(Role.STAFF);
         const events = await Models.Event.find({
             eventType: { $ne: EventType.STAFF_SHIFT },
             ...restrictEventsByRoles(roles),
-        });
+        }).select(includeIds ? "-_id" : "-eventId -_id"); // Excludes eventId for attendees
 
         return res.status(StatusCode.SuccessOK).send({ events });
     },

src/services/event/event-schemas.ts

@@ -241,6 +241,12 @@ export const EventsSchema = z
     })
     .openapi("Events");
 
+export const PublicEventsSchema = z
+    .object({
+        events: z.array(EventSchema.omit({ eventId: true })),
+    })
+    .openapi("Events");
+
 export const EventAttendanceSchema = z
     .object({
         present: z.array(z.tuple([z.string(), z.number(), z.number()])),