feat: convert InsightsBookingService to use Prisma.sql raw queries

[akshayutture-augment]

Test 5

---

Replicated from ai-code-review-evaluation/cal.com-greptile#5

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[akshayutture-augment]

@greptileai

[greptile-apps]

Greptile Overview

Confidence Score: 1/5

• This PR contains critical logic bugs that will cause runtime errors and incorrect authorization
• Three critical bugs found: (1) org members not fetched when org has no child teams, breaking authorization for org-only setups; (2) empty array passed to SQL ANY() will generate invalid SQL; (3) incorrect null checking for Prisma.Sql breaks filter conditions
• packages/lib/server/service/insightsBooking.ts requires immediate fixes to authorization logic at lines 158, 200, and 72

Important Files Changed

File Analysis

Filename	Score	Overview
packages/lib/server/service/insightsBooking.ts	1/5	Converted from Prisma ORM queries to raw SQL with critical logic bugs in authorization conditions and null handling
packages/lib/server/service/tests/insightsBooking.integration-test.ts	4/5	Updated tests to match raw SQL expectations, removed caching tests (still validated by other tests)

Sequence Diagram

sequenceDiagram
    participant Client
    participant InsightsBookingService
    participant TeamRepository
    participant MembershipRepository
    participant Database

    Client->>InsightsBookingService: getBaseConditions()
    InsightsBookingService->>InsightsBookingService: getAuthorizationConditions()
    InsightsBookingService->>InsightsBookingService: buildAuthorizationConditions()
    InsightsBookingService->>MembershipRepository: findUniqueByUserIdAndTeamId()
    MembershipRepository->>Database: SELECT membership WHERE userId, teamId
    Database-->>MembershipRepository: membership data
    MembershipRepository-->>InsightsBookingService: isOwnerOrAdmin result
    
    alt scope === "org"
        InsightsBookingService->>TeamRepository: findAllByParentId(orgId)
        TeamRepository->>Database: SELECT teams WHERE parentId
        Database-->>TeamRepository: child teams
        TeamRepository-->>InsightsBookingService: teamsFromOrg
        InsightsBookingService->>MembershipRepository: findAllByTeamIds(teamIds)
        MembershipRepository->>Database: SELECT memberships WHERE teamId IN (...)
        Database-->>MembershipRepository: user memberships
        MembershipRepository-->>InsightsBookingService: userIds
        InsightsBookingService->>InsightsBookingService: Build Prisma.sql with ANY operator
    end
    
    InsightsBookingService->>InsightsBookingService: getFilterConditions()
    InsightsBookingService->>InsightsBookingService: buildFilterConditions()
    InsightsBookingService->>InsightsBookingService: Combine auth + filter SQL
    InsightsBookingService-->>Client: Prisma.Sql conditions
    
    Client->>Database: $queryRaw with conditions
    Database-->>Client: Query results

Loading

[greptile-apps]

Additional Comments (1)

1. packages/lib/server/service/insightsBooking.ts, line 157-162 (link)

   logic: condition prevents fetching users when org has no child teams, but teamIds includes the org itself

   The original code at line 157-162 fetches users from ALL teams including the org (line 154: teamIds = [options.orgId, ...teamsFromOrg.map()]). But the check teamsFromOrg.length > 0 on line 158 skips fetching users when there are no child teams, even though the org itself (in teamIds) may have direct members.

_{2 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

logic: missing empty array check before using ANY operator

When userIdsFromTeam is empty, ANY(${[]}) creates invalid SQL. The original code conditionally added this clause only when the array had elements. Add the same check:

Suggested change

	if (userIdsFromTeam.length > 0) {
	conditions.push(Prisma.sql`("userId" = ANY(${userIdsFromTeam})) AND ("isTeamBooking" = false)`);
	}
	if (userIdsFromTeam.length > 0) {
	conditions.push(Prisma.sql`("userId" = ANY(${userIdsFromTeam})) AND ("isTeamBooking" = false)`);
	}

Prompt To Fix With AI

This is a comment left during a code review.
Path: packages/lib/server/service/insightsBooking.ts
Line: 200:202

Comment:
**logic:** missing empty array check before using ANY operator

When `userIdsFromTeam` is empty, `ANY(${[]})` creates invalid SQL. The original code conditionally added this clause only when the array had elements. Add the same check:

```suggestion
    if (userIdsFromTeam.length > 0) {
      conditions.push(Prisma.sql`("userId" = ANY(${userIdsFromTeam})) AND ("isTeamBooking" = false)`);
    }
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

logic: incorrect null check for Prisma.Sql type

Prisma.Sql is an object type that cannot be null - checking authConditions && filterConditions will always be truthy even when they're NOTHING_CONDITION. This breaks the logic when filterConditions is intentionally null (no filters).

Prompt To Fix With AI

This is a comment left during a code review.
Path: packages/lib/server/service/insightsBooking.ts
Line: 72:74

Comment:
**logic:** incorrect null check for `Prisma.Sql` type

`Prisma.Sql` is an object type that cannot be null - checking `authConditions && filterConditions` will always be truthy even when they're `NOTHING_CONDITION`. This breaks the logic when `filterConditions` is intentionally `null` (no filters).

How can I resolve this? If you propose a fix, please make it concise.