Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nyverie/reservafacil/llms.txt

Use this file to discover all available pages before exploring further.

The /api/reservas/[id] endpoints provide single-record access to reservations. All three methods require authentication, and each enforces strict role-based rules: regular users can only view and cancel their own reservations, while admins and superadmins have full read, update, and delete privileges over any record.

GET /api/reservas/[id]

Retrieves a single reservation by its CUID. The response always includes the nested cancha and usuario objects regardless of caller role. Requires authentication.

Path parameter

id
string
required
The CUID of the reservation to retrieve (e.g. clx1abc2def3ghi).

Access rules

  • USUARIO: can only retrieve a reservation where reserva.usuarioId === session.id. Attempting to fetch another user’s reservation returns 403.
  • ADMIN / SUPERADMIN: can retrieve any reservation.

Response 200

{
  "reserva": {
    "id": "clx1abc2def3ghi",
    "usuarioId": "clx9usr1abc2def",
    "canchaId": "clx5crt1abc2def",
    "fecha": "2024-01-15T00:00:00.000Z",
    "horaInicio": "09:00",
    "horaFin": "10:00",
    "estado": "CONFIRMADA",
    "total": 50.00,
    "notas": null,
    "creadoEn": "2024-01-14T12:00:00.000Z",
    "cancha": { "id": "clx5crt1abc2def", "nombre": "Cancha A", "tipo": "FUTBOL" },
    "usuario": { "id": "clx9usr1abc2def", "nombre": "Ana López", "email": "ana@example.com" }
  }
}
reserva
Reserva
The full reservation object, always including nested cancha and usuario.
reserva.id
string
CUID identifier for the reservation.
reserva.usuarioId
string
ID of the user who owns the reservation.
reserva.canchaId
string
ID of the reserved court.
reserva.fecha
string (ISO 8601)
Date of the reservation as a UTC timestamp.
reserva.horaInicio
string
Start time in HH:MM 24-hour format.
reserva.horaFin
string
End time in HH:MM 24-hour format.
reserva.estado
enum
One of: PENDIENTE, CONFIRMADA, CANCELADA, COMPLETADA.
reserva.total
number
Total cost of the booking.
reserva.notas
string | null
Optional notes attached to the reservation.
reserva.creadoEn
string (ISO 8601)
Timestamp of when the record was created.
reserva.cancha
object
Nested Cancha (court) object.
reserva.usuario
object
Nested Usuario object. Present for all roles on this endpoint (unlike the list endpoint, where it is omitted for USUARIO callers).

Error responses

StatusBodyDescription
401{ "error": "No autenticado" }No valid session.
403{ "error": "Sin permisos" }Caller is USUARIO and the reservation belongs to a different user.
404{ "error": "No encontrada" }No reservation found with the given id.

PATCH /api/reservas/[id]

Partially updates a reservation. Accepts any subset of Reserva fields in the request body and merges them into the existing record. Requires authentication.
Users with the USUARIO role face strict update restrictions: they can only modify their own reservations, and the only allowed state transition is setting estado to "CANCELADA". Any attempt to set estado to another value — or to patch a reservation they do not own — returns a 403 error. Admins and superadmins have no such restrictions and may update any field on any reservation.

Path parameter

id
string
required
The CUID of the reservation to update.

Request body

estado
enum
New status for the reservation. One of: PENDIENTE, CONFIRMADA, CANCELADA, COMPLETADA. USUARIO callers may only supply "CANCELADA".
notas
string
Updated notes for the reservation. Available to ADMIN and SUPERADMIN only.
horaInicio
string
Updated start time in HH:MM format. Available to ADMIN and SUPERADMIN only.
horaFin
string
Updated end time in HH:MM format. Available to ADMIN and SUPERADMIN only.
total
number
Updated total cost. Available to ADMIN and SUPERADMIN only.

Response 200

{
  "ok": true,
  "reserva": {
    "id": "clx1abc2def3ghi",
    "usuarioId": "clx9usr1abc2def",
    "canchaId": "clx5crt1abc2def",
    "fecha": "2024-01-15T00:00:00.000Z",
    "horaInicio": "09:00",
    "horaFin": "10:00",
    "estado": "CONFIRMADA",
    "total": 50.00,
    "notas": "Confirmado por admin",
    "creadoEn": "2024-01-14T12:00:00.000Z",
    "cancha": { "id": "clx5crt1abc2def", "nombre": "Cancha A", "tipo": "FUTBOL" },
    "usuario": { "id": "clx9usr1abc2def", "nombre": "Ana López", "email": "ana@example.com" }
  }
}
ok
boolean
Always true on success.
reserva
Reserva
The updated reservation including nested cancha and usuario.

Error responses

StatusBodyDescription
401{ "error": "No autenticado" }No valid session.
403{ "error": "Sin permisos" }USUARIO attempting to patch a reservation that does not belong to them.
403{ "error": "Solo puedes cancelar tu reserva" }USUARIO attempting to set estado to any value other than "CANCELADA".
404{ "error": "No encontrada" }No reservation found with the given id.

DELETE /api/reservas/[id]

Permanently deletes a reservation. This action is irreversible. Requires ADMIN or SUPERADMIN role. Any request from a USUARIO session — or an unauthenticated request — is rejected with 403. There is no soft-delete; the record is removed from the database entirely.

Path parameter

id
string
required
The CUID of the reservation to delete.

Response 200

{ "ok": true }
ok
boolean
Always true on success.

Error responses

StatusBodyDescription
403{ "error": "Sin permisos" }Caller is not authenticated, or has USUARIO role.

Examples

curl https://your-domain.com/api/reservas/clx1abc2def3ghi \
  --cookie "token=<your_jwt_token>"

Build docs developers (and LLMs) love