149 lines
4.9 KiB
TypeScript
149 lines
4.9 KiB
TypeScript
import type { NextApiRequest, NextApiResponse } from "next";
|
|
|
|
// import db from "@calcom/prisma";
|
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
|
import type { AttendeeResponse, AttendeesResponse } from "@lib/types";
|
|
import { isAdminGuard } from "@lib/utils/isAdmin";
|
|
import { schemaAttendeeCreateBodyParams, schemaAttendeeReadPublic } from "@lib/validations/attendee";
|
|
|
|
async function createOrlistAllAttendees(
|
|
{ method, userId, body, prisma }: NextApiRequest,
|
|
res: NextApiResponse<AttendeesResponse | AttendeeResponse>
|
|
) {
|
|
const isAdmin = await isAdminGuard(userId);
|
|
let attendees;
|
|
if (!isAdmin) {
|
|
const userBookings = await prisma.booking.findMany({
|
|
where: {
|
|
userId,
|
|
},
|
|
include: {
|
|
attendees: true,
|
|
},
|
|
});
|
|
attendees = userBookings.map((booking) => booking.attendees).flat();
|
|
} else {
|
|
const data = await prisma.attendee.findMany();
|
|
attendees = data.map((attendee) => schemaAttendeeReadPublic.parse(attendee));
|
|
}
|
|
if (method === "GET") {
|
|
/**
|
|
* @swagger
|
|
* /attendees:
|
|
* get:
|
|
* operationId: listAttendees
|
|
* summary: Find all attendees
|
|
* tags:
|
|
* - attendees
|
|
* responses:
|
|
* 200:
|
|
* description: OK
|
|
* 401:
|
|
* description: Authorization information is missing or invalid.
|
|
* 404:
|
|
* description: No attendees were found
|
|
*/
|
|
if (attendees) res.status(200).json({ attendees });
|
|
else (error: Error) => res.status(400).json({ error });
|
|
} else if (method === "POST") {
|
|
/**
|
|
* @swagger
|
|
* /attendees:
|
|
* post:
|
|
* operationId: addAttendee
|
|
* summary: Creates a new attendee
|
|
* requestBody:
|
|
* description: Create a new attendee related to one of your bookings
|
|
* required: true
|
|
* content:
|
|
* application/json:
|
|
* schema:
|
|
* type: object
|
|
* required:
|
|
* - bookingId
|
|
* - name
|
|
* - email
|
|
* - timeZone
|
|
* properties:
|
|
* bookingId:
|
|
* type: number
|
|
* example: 1
|
|
* email:
|
|
* type: string
|
|
* example: email@example.com
|
|
* name:
|
|
* type: string
|
|
* example: John Doe
|
|
* timeZone:
|
|
* type: string
|
|
* example: Europe/London
|
|
* tags:
|
|
* - attendees
|
|
* responses:
|
|
* 201:
|
|
* description: OK, attendee created
|
|
* 400:
|
|
* description: Bad request. Attendee body is invalid.
|
|
* 401:
|
|
* description: Authorization information is missing or invalid.
|
|
*/
|
|
const safePost = schemaAttendeeCreateBodyParams.safeParse(body);
|
|
if (!safePost.success) {
|
|
res.status(400).json({ message: "Invalid request body", error: safePost.error });
|
|
return;
|
|
}
|
|
if (!isAdmin) {
|
|
const userWithBookings = await prisma.user.findUnique({
|
|
where: { id: userId },
|
|
include: { bookings: true },
|
|
});
|
|
if (!userWithBookings) {
|
|
res.status(404).json({ message: "User not found" });
|
|
return;
|
|
}
|
|
const userBookingIds = userWithBookings.bookings.map((booking: { id: number }) => booking.id).flat();
|
|
// Here we make sure to only return attendee's of the user's own bookings.
|
|
if (!userBookingIds.includes(safePost.data.bookingId))
|
|
res.status(401).json({ message: "Unauthorized" });
|
|
else {
|
|
const data = await prisma.attendee.create({
|
|
data: {
|
|
email: safePost.data.email,
|
|
name: safePost.data.name,
|
|
timeZone: safePost.data.timeZone,
|
|
booking: { connect: { id: safePost.data.bookingId } },
|
|
},
|
|
});
|
|
const attendee = schemaAttendeeReadPublic.parse(data);
|
|
|
|
if (attendee) {
|
|
res.status(201).json({
|
|
attendee,
|
|
message: "Attendee created successfully",
|
|
});
|
|
} else (error: Error) => res.status(400).json({ error });
|
|
}
|
|
} else {
|
|
// @todo: check real availability times before booking
|
|
const data = await prisma.attendee.create({
|
|
data: {
|
|
email: safePost.data.email,
|
|
name: safePost.data.name,
|
|
timeZone: safePost.data.timeZone,
|
|
booking: { connect: { id: safePost.data.bookingId } },
|
|
},
|
|
});
|
|
const attendee = schemaAttendeeReadPublic.parse(data);
|
|
|
|
if (attendee) {
|
|
res.status(201).json({
|
|
attendee,
|
|
message: "Attendee created successfully",
|
|
});
|
|
} else (error: Error) => res.status(400).json({ error });
|
|
}
|
|
} else res.status(405).json({ message: `Method ${method} not allowed` });
|
|
}
|
|
|
|
export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllAttendees);
|