2022-10-07 19:08:25 +00:00
|
|
|
import type { NextApiRequest } from "next";
|
|
|
|
|
2022-11-22 20:24:25 +00:00
|
|
|
import { HttpError } from "@calcom/lib/http-error";
|
2022-10-07 19:08:25 +00:00
|
|
|
import { defaultResponder } from "@calcom/lib/server";
|
|
|
|
|
2022-11-25 13:56:58 +00:00
|
|
|
import { schemaAttendeeCreateBodyParams, schemaAttendeeReadPublic } from "~/lib/validations/attendee";
|
2022-10-07 19:08:25 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @swagger
|
|
|
|
* /attendees:
|
|
|
|
* post:
|
|
|
|
* operationId: addAttendee
|
|
|
|
* summary: Creates a new attendee
|
2023-03-10 13:59:24 +00:00
|
|
|
* parameters:
|
|
|
|
* - in: query
|
|
|
|
* name: apiKey
|
|
|
|
* required: true
|
|
|
|
* schema:
|
|
|
|
* type: string
|
|
|
|
* description: Your API key
|
2022-10-07 19:08:25 +00:00
|
|
|
* requestBody:
|
|
|
|
* description: Create a new attendee related to one of your bookings
|
|
|
|
* required: true
|
|
|
|
* content:
|
|
|
|
* application/json:
|
|
|
|
* schema:
|
|
|
|
* type: object
|
|
|
|
* required:
|
|
|
|
* - bookingId
|
|
|
|
* - name
|
|
|
|
* - email
|
|
|
|
* - timeZone
|
|
|
|
* properties:
|
|
|
|
* bookingId:
|
|
|
|
* type: number
|
|
|
|
* email:
|
|
|
|
* type: string
|
2023-03-10 13:59:24 +00:00
|
|
|
* format: email
|
2022-10-07 19:08:25 +00:00
|
|
|
* name:
|
|
|
|
* type: string
|
|
|
|
* timeZone:
|
|
|
|
* type: string
|
|
|
|
* tags:
|
|
|
|
* - attendees
|
|
|
|
* responses:
|
|
|
|
* 201:
|
|
|
|
* description: OK, attendee created
|
|
|
|
* 400:
|
|
|
|
* description: Bad request. Attendee body is invalid.
|
|
|
|
* 401:
|
|
|
|
* description: Authorization information is missing or invalid.
|
|
|
|
*/
|
|
|
|
async function postHandler(req: NextApiRequest) {
|
|
|
|
const { userId, isAdmin, prisma } = req;
|
|
|
|
const body = schemaAttendeeCreateBodyParams.parse(req.body);
|
|
|
|
|
|
|
|
if (!isAdmin) {
|
|
|
|
const userBooking = await prisma.booking.findFirst({
|
|
|
|
where: { userId, id: body.bookingId },
|
|
|
|
select: { id: true },
|
|
|
|
});
|
|
|
|
// Here we make sure to only return attendee's of the user's own bookings.
|
2022-10-14 23:41:28 +00:00
|
|
|
if (!userBooking) throw new HttpError({ statusCode: 403, message: "Forbidden" });
|
2022-10-07 19:08:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
const data = await prisma.attendee.create({
|
|
|
|
data: {
|
|
|
|
email: body.email,
|
|
|
|
name: body.name,
|
|
|
|
timeZone: body.timeZone,
|
|
|
|
booking: { connect: { id: body.bookingId } },
|
|
|
|
},
|
|
|
|
});
|
|
|
|
|
|
|
|
return {
|
|
|
|
attendee: schemaAttendeeReadPublic.parse(data),
|
|
|
|
message: "Attendee created successfully",
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
export default defaultResponder(postHandler);
|