@stamhoofd/backend 1.0.0

package/src/endpoints/organization/dashboard/payments/PatchBalanceItemsEndpoint.ts

@@ -0,0 +1,202 @@
+import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { BalanceItem, Member, Order, Registration, User } from '@stamhoofd/models';
+import { QueueHandler } from '@stamhoofd/queues';
+import { BalanceItemStatus, MemberBalanceItem, PermissionLevel } from "@stamhoofd/structures";
+import { Formatter } from '@stamhoofd/utility';
+
+import { Context } from '../../../../helpers/Context';
+
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PatchableArrayAutoEncoder<MemberBalanceItem>
+type ResponseBody = MemberBalanceItem[]
+
+export class PatchBalanceItemsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new PatchableArrayDecoder(MemberBalanceItem as Decoder<MemberBalanceItem>, MemberBalanceItem.patchType() as Decoder<AutoEncoderPatchType<MemberBalanceItem>>, StringDecoder)
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/organization/balance", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        if (request.body.changes.length == 0) {
+            return new Response([]);
+        }
+
+        const returnedModels: BalanceItem[] = []
+
+        // Keep track of updates
+        const memberIds: string[] = []
+        const registrationIds: string[] = []
+
+        await QueueHandler.schedule("balance-item-update/"+organization.id, async () => {
+            for (const {put} of request.body.getPuts()) {
+                // Create a new balance item
+                const model = new BalanceItem();
+                model.description = put.description;
+                model.price = put.price;
+                model.organizationId = organization.id;
+                model.createdAt = put.createdAt;
+                model.status = put.status === BalanceItemStatus.Hidden ? BalanceItemStatus.Hidden : BalanceItemStatus.Pending;
+
+                if (put.userId) {
+                    model.userId = (await this.validateUserId(model, put.userId)).id;
+                }
+
+                if (put.memberId) {
+                    model.memberId = (await this.validateMemberId(put.memberId)).id;
+                    memberIds.push(model.memberId)
+                }
+
+                if (!model.userId && !model.memberId) {
+                    throw new SimpleError({
+                        code: 'invalid_field',
+                        message: 'No user or member provided',
+                        field: 'userId'
+                    })
+                }
+
+                if (put.registration) {
+                    const registration = await Registration.getByID(put.registration.id)
+                    if (!registration || registration.memberId !== model.memberId || registration.organizationId !== organization.id) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'Registration not found',
+                            field: 'registration'
+                        })
+                    }
+                    model.registrationId = registration.id
+                    registrationIds.push(registration.id)
+                }
+
+                await model.save();
+                returnedModels.push(model);
+            }
+
+            for (const patch of request.body.getPatches()) {
+                // Create a new balance item
+                const model = await BalanceItem.getByID(patch.id)
+                if (!model || !(await Context.auth.canAccessBalanceItems([model], PermissionLevel.Write))) {
+                    throw new SimpleError({
+                        code: 'invalid_field',
+                        message: 'BalanceItem not found'
+                    })
+                }
+                // Check permissions
+                if (model.memberId) {
+                    // Update old
+                    memberIds.push(model.memberId)
+                }
+
+                if (patch.memberId) {
+                    model.memberId = (await this.validateMemberId(patch.memberId)).id;
+
+                    // Update new
+                    memberIds.push(model.memberId)
+                }
+
+                if (model.registrationId) {
+                    // Update old
+                    registrationIds.push(model.registrationId)
+                }
+                
+                if (patch.createdAt) {
+                    model.createdAt = patch.createdAt
+                }
+
+                if (patch.registration) {
+                    const registration = await Registration.getByID(patch.registration.id)
+                    if (!registration || registration.memberId !== model.memberId || registration.organizationId !== organization.id) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'Registration not found',
+                            field: 'registration'
+                        })
+                    }
+                    model.registrationId = registration.id
+
+                    // Update new
+                    registrationIds.push(model.registrationId)
+                } else if (patch.registration === null) {
+                    model.registrationId = null
+                }
+                model.description = patch.description ?? model.description;
+                model.price = patch.price ?? model.price;
+
+                if (model.orderId) {
+                    // Not allowed to change this
+                    const order = await Order.getByID(model.orderId)
+                    if (order) {
+                        model.price = order.totalToPay
+                    }
+                }
+
+                if (patch.status && patch.status === BalanceItemStatus.Hidden) {
+                    if (model.pricePaid === 0) {
+                        model.status = BalanceItemStatus.Hidden
+                    }
+                } else if (patch.status) {
+                    model.status = model.pricePaid >= model.price ? BalanceItemStatus.Paid : BalanceItemStatus.Pending;
+                }
+
+                await model.save();
+                returnedModels.push(model);
+            }
+        });
+
+        await Member.updateOutstandingBalance(Formatter.uniqueArray(memberIds))
+        await Registration.updateOutstandingBalance(Formatter.uniqueArray(registrationIds), organization.id)
+
+         return new Response(
+            await BalanceItem.getMemberStructure(returnedModels)
+        );
+    }
+
+    async validateMemberId(memberId: string) {
+        const member = (await Member.getWithRegistrations(memberId))
+
+        if (!member || !(await Context.auth.canLinkBalanceItemToMember(member))) {
+            throw new SimpleError({
+                code: 'permission_denied',
+                message: 'No permission to link balanace items to this member',
+                human: 'Je hebt geen toegang om aanrekeningen te maken verbonden met dit lid',
+                field: 'memberId'
+            })
+        }
+
+        return member;
+    }
+
+    async validateUserId(balanceItem: BalanceItem, userId: string) {
+        const user = await User.getByID(userId);
+        if (!user || !await Context.auth.canLinkBalanceItemToUser(balanceItem, user)) {
+            throw new SimpleError({
+                code: 'permission_denied',
+                message: 'No permission to link balanace items to this user',
+                human: 'Je hebt geen toegang om aanrekeningen te maken verbonden met deze gebruiker',
+                field: 'userId'
+            })
+        }
+
+        return user;
+    }
+}

package/src/endpoints/organization/dashboard/payments/PatchPaymentsEndpoint.ts

@@ -0,0 +1,233 @@
+import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { BalanceItem, BalanceItemPayment, Payment, Token } from '@stamhoofd/models';
+import { QueueHandler } from '@stamhoofd/queues';
+import { Payment as PaymentStruct, PaymentGeneral, PaymentMethod, PaymentStatus, PermissionLevel } from "@stamhoofd/structures";
+
+import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures';
+import { Context } from '../../../../helpers/Context';
+import { ExchangePaymentEndpoint } from '../../shared/ExchangePaymentEndpoint';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PatchableArrayAutoEncoder<PaymentGeneral>
+type ResponseBody = PaymentGeneral[]
+
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+
+export class PatchPaymentsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new PatchableArrayDecoder(PaymentGeneral as Decoder<PaymentGeneral>, PaymentStruct.patchType() as Decoder<AutoEncoderPatchType<PaymentGeneral>>, StringDecoder)
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/organization/payments", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        const changedPayments: Payment[] = []
+
+        // Modify payments
+        for (const {put} of request.body.getPuts()) {
+            // Create a new payment
+            if (put.balanceItemPayments.length == 0) {
+                throw new SimpleError({
+                    code: "invalid_field",
+                    message: "You need to add at least one balance item payment",
+                    human: "Een betaling moet ten minste één afrekening bevatten voor een openstaande rekening.",
+                    field: "balanceItemPayments"
+                })
+            }
+
+            if (![PaymentMethod.Unknown, PaymentMethod.Transfer, PaymentMethod.PointOfSale].includes(put.method)) {
+                throw new SimpleError({
+                    code: "invalid_field",
+                    message: "Invalid payment method",
+                    human: "Je kan zelf geen online betalingen aanmaken",
+                    field: "method"
+                })
+            }
+
+            const payment = new Payment()
+            payment.organizationId = organization.id
+            payment.status = PaymentStatus.Created
+            payment.method = put.method
+
+            if (payment.method == PaymentMethod.Transfer) {
+                if (!put.transferSettings) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Transfer settings are required",
+                        human: "Je moet de overschrijvingsdetails invullen",
+                        field: "transferSettings"
+                    })
+                }
+
+                payment.transferSettings = put.transferSettings
+
+                if (!put.transferDescription) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Transfer description is required",
+                        human: "Je moet een mededeling invullen voor de overschrijving",
+                        field: "transferDescription"
+                    })
+                }
+
+                payment.transferDescription = put.transferDescription
+            }
+
+            const balanceItems: BalanceItem[] = []
+            const balanceItemPayments: BalanceItemPayment[] = [];
+
+            for (const item of put.balanceItemPayments) {
+                const balanceItem = await BalanceItem.getByID(item.balanceItem.id)
+                if (!balanceItem || balanceItem.organizationId !== organization.id) {
+                    throw Context.auth.notFoundOrNoAccess("Eén van de afrekeningen die je wilde markeren als betaald bestaat niet (meer).")
+                }
+                balanceItems.push(balanceItem)
+
+                // Create payment
+                const balanceItemPayment = new BalanceItemPayment()
+                balanceItemPayment.organizationId = organization.id
+                balanceItemPayment.balanceItemId = balanceItem.id
+                balanceItemPayment.price = item.price
+                balanceItemPayments.push(balanceItemPayment)
+            }
+
+            // Check permissions
+            if (!(await Context.auth.canAccessBalanceItems(balanceItems, PermissionLevel.Write))) {
+                throw Context.auth.error('Je hebt geen toegangsrechten tot één van de gekozen afrekeningen voor de betaling die je wilt aanmaken')
+            }
+
+            // Check total price
+            const totalPrice = balanceItemPayments.reduce((total, item) => total + item.price, 0)
+
+            if (totalPrice !== put.price) {
+                throw new SimpleError({
+                    code: "invalid_field",
+                    message: "Total price doesn't match",
+                    human: "De totale prijs komt niet overeen met de som van de afrekeningen",
+                    field: "price"
+                })
+            }
+
+            payment.price = totalPrice
+
+            // Save payment
+            await payment.save();
+
+            // Save balance item payments
+            for (const balanceItemPayment of balanceItemPayments) {
+                balanceItemPayment.paymentId = payment.id
+                await balanceItemPayment.save()
+            }
+
+            // Mark paid or failed
+            if (put.status !== PaymentStatus.Created && put.status !== PaymentStatus.Pending) {
+                await ExchangePaymentEndpoint.handlePaymentStatusUpdate(payment, organization, put.status)
+
+                if (put.status === PaymentStatus.Succeeded) {
+                    payment.paidAt = put.paidAt
+                    await payment.save()
+                }
+            } else {
+                for (const balanceItem of balanceItems) {
+                    await balanceItem.markUpdated(payment, organization)
+                }
+            }
+
+            changedPayments.push(payment)
+        }
+
+        // Modify payments
+        for (const patch of request.body.getPatches()) {
+            await QueueHandler.schedule("payments/"+patch.id, async () => {
+                const payment = await Payment.getByID(patch.id);
+                if (!payment || !(await Context.auth.canAccessPayment(payment, PermissionLevel.Write))) {
+                    throw new SimpleError({
+                        code: "not_found",
+                        message: "Payment not found",
+                        human: "Deze betaling werd niet gevonden."
+                    })
+                }
+
+                if (patch.method || patch.paidAt !== undefined) {
+                    if (payment.method && ![PaymentMethod.Unknown, PaymentMethod.Transfer, PaymentMethod.PointOfSale].includes(payment.method)) {
+                        throw new SimpleError({
+                            code: "invalid_field",
+                            message: "Invalid payment method",
+                            human: "Je kan online betalingen niet wijzigen"
+                        })
+                    }
+                }
+
+                if (patch.transferSettings && payment.method == PaymentMethod.Transfer) {
+                    if (patch.transferSettings.isPut()) {
+                        payment.transferSettings = patch.transferSettings
+                    } else if (payment.transferSettings !== null) {
+                        payment.transferSettings = payment.transferSettings.patch(patch.transferSettings)
+                    }
+                }
+
+                if (patch.method) {
+                    if (![PaymentMethod.Unknown, PaymentMethod.Transfer, PaymentMethod.PointOfSale].includes(patch.method)) {
+                        throw new SimpleError({
+                            code: "invalid_field",
+                            message: "Invalid payment method",
+                            human: "De betaalmethode die je wilt gebruiken is niet toegestaan",
+                            field: "method"
+                        })
+                    }
+                    payment.method = patch.method
+
+                    if (payment.method === PaymentMethod.Transfer && patch.transferDescription === undefined && !payment.transferDescription) {
+                        payment.transferSettings = payment.transferSettings ?? organization.meta.transferSettings
+                        // TODO: fill in description!
+                        payment.generateDescription(organization, "")
+                    }
+                }
+
+                if (patch.transferDescription && payment.method == PaymentMethod.Transfer) {
+                    payment.transferDescription = patch.transferDescription
+                }
+
+                if (patch.paidAt && payment.paidAt !== null) {
+                    // Only allow to set the date if it is already set
+                    payment.paidAt = patch.paidAt
+                }
+
+                await payment.save()
+
+                if (patch.status) {
+                    await ExchangePaymentEndpoint.handlePaymentStatusUpdate(payment, organization, patch.status)
+                }
+
+                changedPayments.push(
+                    payment
+                )
+            });
+        }
+
+        return new Response(
+            await AuthenticatedStructures.paymentsGeneral(changedPayments, true)
+        );
+    }
+}

package/src/endpoints/organization/dashboard/registration-periods/GetOrganizationRegistrationPeriodsEndpoint.ts

@@ -0,0 +1,66 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { RegistrationPeriodList, OrganizationRegistrationPeriod as OrganizationRegistrationPeriodStruct } from "@stamhoofd/structures";
+
+import { Group, OrganizationRegistrationPeriod, RegistrationPeriod } from '@stamhoofd/models';
+import { Context } from "../../../../helpers/Context";
+import { Sorter } from "@stamhoofd/utility";
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = RegistrationPeriodList
+
+/**
+ * One endpoint to create, patch and delete members and their registrations and payments
+ */
+
+export class PatchRegistrationPeriodsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/organization/registration-periods", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        } 
+        
+        const organizationPeriods = await OrganizationRegistrationPeriod.where({ organizationId: organization.id });
+        const periods = await RegistrationPeriod.all();
+        const groups = await Group.getAll(organization.id, null)
+
+        const structs: OrganizationRegistrationPeriodStruct[] = [];
+
+        for (const period of periods) {
+            const organizationPeriod = organizationPeriods.find(p => p.periodId == period.id);
+            if (!organizationPeriod) {
+                continue;
+            }
+
+            const gs = groups.filter(g => g.periodId === period.id);
+            structs.push(organizationPeriod.getStructure(period, gs));
+        }
+
+        // Sort
+        periods.sort((a, b) => Sorter.byDateValue(a.startDate, b.startDate))
+
+        return new Response(
+            RegistrationPeriodList.create({
+                organizationPeriods: structs,
+                periods: periods.map(p => p.getStructure())
+            })
+        );
+    }
+
+}