update bookings scripts #10
Description
When replacing bookings with admin.sh in ed0 and ed0-alternate, current bookings will be ignored because the start time is often further in the past than is allowed by the typical policy in the manifest. Rather than change the policy to allow bookings in the past, we can edit current bookings in the bookings file to have a start time set into the very near future. There will then be a shorter booking recorded in the audit trail of old bookings, giving the user free time. The alternative is to add a booking to old bookings that covers the first part of the booking, but then if anyone has a total number of bookings policy limit, they unfairly lose one booking, even if the total time is right (not sure what use case that would be, but it would probably apply to an experiment that is costly to set-up, so set-up cost dominates booking cost). Hence it would be better to have an add booking mechanism for admin. One of the reasons we do what we do, is to prevent the recipient of a session from gaining credentials on the front side that they could use to obtain further bookings, so this 'add bookings' feature would need to bypass checks such as eligibility of the user to be booked onto that resource by ignoring whether the user has that group (and certainly NOT adding that group to the user's account), although it still needs to respect the window available to the policy so that we cannot inadvertently book in windows that are forbidden to a policy. That would remove some of the benefit of having policies. This change would not necessarily need a database in the background, just a new endpoint that is secured for admin access only (same as the export/replace bookings).