@stamhoofd/backend 1.0.0

package/src/endpoints/organization/dashboard/webshops/GetWebshopUriAvailabilityEndpoint.ts

@@ -0,0 +1,69 @@
+import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Webshop } from '@stamhoofd/models';
+import { PermissionLevel, WebshopUriAvailabilityResponse } from "@stamhoofd/structures";
+
+import { Context } from '../../../../helpers/Context';
+
+type Params = { id: string };
+type Body = undefined;
+class Query extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    uri: string;
+}
+type ResponseBody = WebshopUriAvailabilityResponse;
+
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+
+export class GetWebshopUriAvailabilityEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id/check-uri", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        const webshop = await Webshop.getByID(request.params.id)
+        if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+            throw Context.auth.notFoundOrNoAccess()
+        }
+        
+        const q = await Webshop.where({ 
+            uri: request.query.uri, 
+            id: {
+                sign: "!=",
+                value: request.params.id
+            } 
+        }, { 
+            limit: 1, 
+            select: "id" 
+        })
+
+        const available = q.length == 0
+        
+        return new Response(
+            WebshopUriAvailabilityResponse.create({
+                available
+            })
+        );
+    }
+}

package/src/endpoints/organization/dashboard/webshops/PatchDiscountCodesEndpoint.ts

@@ -0,0 +1,125 @@
+import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, patchObject, StringDecoder } from "@simonbackx/simple-encoding";
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Webshop, WebshopDiscountCode } from '@stamhoofd/models';
+import { QueueHandler } from "@stamhoofd/queues";
+import { DiscountCode, PermissionLevel } from "@stamhoofd/structures";
+
+import { Context } from "../../../../helpers/Context";
+
+type Params = { id: string };
+type Query = undefined
+type Body = PatchableArrayAutoEncoder<DiscountCode>
+type ResponseBody = DiscountCode[]
+
+export class PatchWebshopDiscountCodesEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new PatchableArrayDecoder(DiscountCode as Decoder<DiscountCode>, DiscountCode.patchType() as Decoder<AutoEncoderPatchType<DiscountCode>>, StringDecoder)
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id/discount-codes", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        const webshop = await Webshop.getByID(request.params.id)
+        if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+            throw Context.auth.notFoundOrNoAccess()
+        }
+
+        const discountCodes: WebshopDiscountCode[] = []
+
+        // Updating discoutn codes should happen in the stock queue (because they are also edited when placing orders)
+        await QueueHandler.schedule("webshop-stock/"+request.params.id, async () => {
+            // TODO: handle order creation here
+            for (const put of request.body.getPuts()) {
+                const struct = put.put
+                const model = new WebshopDiscountCode()
+                model.code = struct.code;
+                model.description = struct.description
+                model.webshopId = webshop.id
+                model.organizationId = webshop.organizationId
+                model.discounts = struct.discounts
+                model.maximumUsage = struct.maximumUsage
+
+                try {
+                    await model.save()
+                } catch (e) {
+                    // Duplicate key probably
+                    if (e.code && e.code == "ER_DUP_ENTRY") {
+                        throw new SimpleError({
+                            code: 'used_code',
+                            message: 'Discount code already in use',
+                            human: 'Er bestaat al een kortingscode met de code ' + struct.code+', een code moet uniek zijn.'
+                        })
+                    }
+                    throw e;
+                }
+
+                discountCodes.push(model)
+            }
+
+            for (const patch of request.body.getPatches()) {
+                const model = await WebshopDiscountCode.getByID(patch.id)
+                if (!model || model.webshopId !== webshop.id) {
+                    throw new SimpleError({
+                        code: "not_found",
+                        message: "Discount code with id "+patch.id+" does not exist"
+                    })
+                }
+
+                model.code = patchObject(model.code, patch.code)
+                model.description = patchObject(model.description, patch.description)
+                model.discounts = patchObject(model.discounts, patch.discounts)
+                model.maximumUsage = patchObject(model.maximumUsage, patch.maximumUsage)
+                
+                try {
+                    await model.save()
+                } catch (e) {
+                    // Duplicate key probably
+                    if (e.code && e.code == "ER_DUP_ENTRY") {
+                        throw new SimpleError({
+                            code: 'used_code',
+                            message: 'Discount code already in use',
+                            human: 'Er bestaat al een kortingscode met de code ' + model.code+', een code moet uniek zijn.'
+                        })
+                    }
+                    throw e;
+                }
+
+                discountCodes.push(model)
+            }
+
+            for (const id of request.body.getDeletes()) {
+                const model = await WebshopDiscountCode.getByID(id)
+                if (!model || model.webshopId !== webshop.id) {
+                    throw new SimpleError({
+                        code: "not_found",
+                        message: "Discount code with id "+id+" does not exist"
+                    })
+                }
+
+            await model.delete()
+            }
+        });
+            
+        return new Response(
+            discountCodes.map(d => d.getStructure())
+        );
+    }
+}

package/src/endpoints/organization/dashboard/webshops/PatchWebshopEndpoint.ts

@@ -0,0 +1,204 @@
+import { AutoEncoderPatchType, Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Token, Webshop } from '@stamhoofd/models';
+import { QueueHandler } from '@stamhoofd/queues';
+import { PermissionLevel, PrivateWebshop, WebshopPrivateMetaData } from "@stamhoofd/structures";
+import { Formatter } from '@stamhoofd/utility';
+
+import { Context } from '../../../../helpers/Context';
+
+type Params = { id: string };
+type Query = undefined;
+type Body = AutoEncoderPatchType<PrivateWebshop>;
+type ResponseBody = PrivateWebshop;
+
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+
+export class PatchWebshopEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = PrivateWebshop.patchType() as Decoder<AutoEncoderPatchType<PrivateWebshop>>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        // Halt all order placement and validation + pause stock updates
+        return await QueueHandler.schedule("webshop-stock/"+request.params.id, async () => {
+            const webshop = await Webshop.getByID(request.params.id)
+            if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+                throw Context.auth.notFoundOrNoAccess()
+            }
+
+            // Do all updates
+            if (request.body.meta) {
+                request.body.meta.domainActive = undefined
+                webshop.meta.patchOrPut(request.body.meta)
+            }
+
+            if (request.body.privateMeta) {
+                // Prevent editing internal fields
+                (request.body.privateMeta as any).dnsRecords = undefined
+                webshop.privateMeta.patchOrPut(request.body.privateMeta)
+            }
+
+            if (request.body.products) {
+                webshop.products = request.body.products.applyTo(webshop.products)
+            }
+
+            if (request.body.categories) {
+                webshop.categories = request.body.categories.applyTo(webshop.categories)
+            }
+
+            if (request.body.domain !== undefined) {
+                if (request.body.domain !== null) {
+                    const cleaned = request.body.domain.toLowerCase().replace(/[^a-zA-Z0-9-.]/g, '');
+
+                    if (cleaned != webshop.domain) {
+                        webshop.domain = cleaned
+                        webshop.meta.domainActive = false
+                        webshop.privateMeta.dnsRecords = WebshopPrivateMetaData.buildDNSRecords(cleaned)
+
+                        // Check if this is a known domain
+                        const knownWebshops = await Webshop.getByDomainOnly(cleaned)
+
+                        if (knownWebshops.length > 0) {
+                            const active = !!knownWebshops.find(k => k.meta.domainActive)
+
+                            if (active) {
+                                const sameOrg = knownWebshops.find(w => w.organizationId === organization.id)
+                                const otherOrg = knownWebshops.find(w => w.organizationId !== organization.id)
+                                if (otherOrg && !sameOrg) {
+                                    throw new SimpleError({
+                                        code: "domain_already_used",
+                                        message: "This domain is already used by another organization",
+                                        human: "Deze domeinnaam is al in gebruik door een andere vereniging. Neem contact op met Stamhoofd als je denkt dat je toch toegang zou moeten krijgen.",
+                                        statusCode: 400
+                                    })
+                                }
+
+                                // Automatically update the dns records already.
+                                // This domain was already used, so no risk of making DNS-caches dirty
+                                console.log("Automatically updating dns records for", cleaned, "during patch")
+                                await webshop.updateDNSRecords()
+                            }
+                        }
+
+                        if (cleaned.length < 4 || !cleaned.includes(".")) {
+                            throw new SimpleError({
+                                code: "invalid_field",
+                                message: "Invalid domain",
+                                human: "Ongeldige domeinnaam",
+                                field: "customUrl"
+                            })
+                        }
+                    }
+                } else {
+                    webshop.domain = null
+                    webshop.privateMeta.dnsRecords = []
+                    webshop.meta.domainActive = false
+                }
+            }
+
+            if (request.body.domainUri !== undefined) {
+                if (webshop.domain !== null) {
+                    webshop.domainUri = request.body.domainUri ?? ""
+
+                    if (webshop.domainUri != Formatter.slug(webshop.domainUri)) {
+                        throw new SimpleError({
+                            code: "invalid_field",
+                            message: "domainUri contains invalid characters",
+                            human: "Een link mag geen spaties, hoofdletters of speciale tekens bevatten",
+                            field: "customUrl"
+                        })
+                    }
+
+                    // Check exists
+                    const existing = await Webshop.getByDomain(webshop.domain, webshop.domainUri);
+                    if (existing !== undefined) {
+                        throw new SimpleError({
+                            code: "invalid_domain",
+                            message: "This domain is already in use",
+                            human: "Deze link is al in gebruik door een andere webshop: " + existing.meta.name+". Verwijder of pas daar de link eerst aan als je die wilt hergebruiken."
+                        })
+                    }
+                } else {
+                    webshop.domainUri = null
+                }
+            }
+
+            if (request.body.legacyUri !== undefined) {
+                // Support editing the legacy uri (e.g. delete it, or for older clients)
+                webshop.legacyUri = request.body.legacyUri
+            }
+
+            if (request.body.uri !== undefined) {
+                // Validate
+                if (request.body.uri.length == 0) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Uri cannot be empty",
+                        human: "De link mag niet leeg zijn",
+                        field: "uri"
+                    })
+                }
+
+                if (request.body.uri != Formatter.slug(request.body.uri)) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Uri contains invalid characters",
+                        human: "Een link mag geen spaties, hoofdletters of speciale tekens bevatten",
+                        field: "uri"
+                    })
+                }
+
+                webshop.uri = request.body.uri
+            }
+
+            // Verify if we still have full access
+            if (!await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+                throw new SimpleError({
+                    code: "missing_permissions",
+                    message: "You cannot restrict your own permissions",
+                    human: "Je kan je eigen volledige toegang tot deze webshop niet verwijderen (algemeen > toegangsbeheer). Vraag aan een hoofdbeheerder om jouw toegang te verwijderen."
+                })
+            }
+
+            try {
+                await webshop.save()
+            } catch (e) {
+                // Duplicate key probably
+                if (e.code && e.code == "ER_DUP_ENTRY") {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Uri already in use",
+                        human: "De link die je hebt gekozen is al in gebruik. Kies een andere.",
+                        field: "uri"
+                    })
+                }
+                throw e;
+            }
+                
+            return new Response(PrivateWebshop.create(webshop));
+        })
+    }
+}

package/src/endpoints/organization/dashboard/webshops/PatchWebshopOrdersEndpoint.ts

@@ -0,0 +1,278 @@
+import { ArrayDecoder, AutoEncoderPatchType, Data, Decoder, PatchableArray, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { BalanceItem, BalanceItemPayment, Order, Payment, Token, Webshop } from '@stamhoofd/models';
+import { QueueHandler } from '@stamhoofd/queues';
+import { BalanceItemStatus, OrderStatus, PaymentMethod, PaymentStatus, PermissionLevel, PrivateOrder, PrivatePayment,Webshop as WebshopStruct } from "@stamhoofd/structures";
+
+import { Context } from '../../../../helpers/Context';
+
+type Params = { id: string };
+type Query = undefined;
+type Body = AutoEncoderPatchType<PrivateOrder>[] | PatchableArrayAutoEncoder<PrivateOrder>
+type ResponseBody = PrivateOrder[]
+
+class VersionSpecificDecoder<A, B> implements Decoder<A | B> {
+    oldDecoder: Decoder<A>;
+    version: number;
+    newerDecoder: Decoder<B>;
+
+    constructor(oldDecoder: Decoder<A>, version: number, newerDecoder: Decoder<B>) {
+        this.oldDecoder = oldDecoder;
+        this.version = version;
+        this.newerDecoder = newerDecoder;
+    }
+
+    decode(data: Data): A | B {
+        // Set the version of the decoding context of "data"
+        const v = data.context.version
+
+        if (v >= this.version) {
+            return this.newerDecoder.decode(data);
+        }
+
+       return this.oldDecoder.decode(data);
+    }
+}
+
+export class PatchWebshopOrdersEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new VersionSpecificDecoder(
+        // Before version 159, accept an array of patches
+        new ArrayDecoder(PrivateOrder.patchType() as Decoder<AutoEncoderPatchType<PrivateOrder>>),
+        159,
+        // After or at version 159, accept a patchable array
+        new PatchableArrayDecoder(PrivateOrder as Decoder<PrivateOrder>, PrivateOrder.patchType() as Decoder<AutoEncoderPatchType<PrivateOrder>>, StringDecoder)
+    );
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id/orders", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        let body: PatchableArrayAutoEncoder<PrivateOrder> = new PatchableArray()
+
+        // Migrate old syntax
+        if (Array.isArray(request.body)) {
+            for (const p of request.body) {
+                body.addPatch(p);
+            }
+        } else {
+            body = request.body
+        }
+
+        if (body.changes.length == 0) {
+            return new Response([]);
+        }
+
+        // Need to happen in the queue because we are updating the webshop stock
+        const orders = await QueueHandler.schedule("webshop-stock/"+request.params.id, async () => {
+            const webshop = await Webshop.getByID(request.params.id)
+            if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Write)) {
+                throw Context.auth.notFoundOrNoAccess()
+            }
+
+            const orders = body.getPatches().length > 0 ? await Order.where({
+                webshopId: webshop.id,
+                id: {
+                    sign: "IN",
+                    value: body.getPatches().map(o => o.id)
+                }
+            }) : []
+
+            // We use a getter because we need to have an up to date webshop struct
+            // otherwise we won't validate orders on the latest webshop with the latest stock information
+            const webshopGetter = {
+                get struct() {
+                    return WebshopStruct.create(webshop);
+                }
+            }
+
+            // TODO: handle order creation here
+            for (const put of body.getPuts()) {
+                const struct = put.put
+                const model = new Order()
+                model.webshopId = webshop.id
+                model.organizationId = webshop.organizationId
+                model.status = struct.status
+                model.data = struct.data
+
+                // For now, we don't invalidate tickets, because they will get invalidated at scan time (the order status is checked)
+                // This allows you to revalidate a ticket without needing to generate a new one (e.g. when accidentally canceling an order) 
+                // -> the user doesn't need to download the ticket again
+                // + added benefit: we can inform the user that the ticket was canceled, instead of throwing an 'invalid ticket' error
+
+                if (model.status === OrderStatus.Deleted) {
+                    model.data.removePersonalData()
+                }
+
+                const order = model.setRelation(Order.webshop, webshop.setRelation(Webshop.organization, organization))
+
+                // TODO: validate before updating stock
+                order.data.validate(webshopGetter.struct, organization.meta, request.i18n, true);
+                
+                try {
+                    await order.updateStock()
+                    const totalPrice = order.data.totalPrice
+
+                    if (totalPrice == 0) {
+                        // Force unknown payment method
+                        order.data.paymentMethod = PaymentMethod.Unknown
+
+                        // Mark this order as paid
+                        await order.markPaid(null, organization, webshop)
+                        await order.save()
+                    } else {
+                        const payment = new Payment()
+                        payment.organizationId = organization.id
+                        payment.method = struct.data.paymentMethod
+                        payment.status = PaymentStatus.Created
+                        payment.price = totalPrice
+                        payment.paidAt = null
+
+                        // Determine the payment provider (always null because no online payments here)
+                        payment.provider = null
+
+                        await payment.save()
+
+                        order.paymentId = payment.id
+                        order.setRelation(Order.payment, payment)
+
+                        // Create balance item
+                        const balanceItem = new BalanceItem();
+                        balanceItem.orderId = order.id;
+                        balanceItem.price = totalPrice
+                        balanceItem.description = webshop.meta.name
+                        balanceItem.pricePaid = 0
+                        balanceItem.organizationId = organization.id;
+                        balanceItem.status = BalanceItemStatus.Pending;
+                        await balanceItem.save();
+
+                        // Create one balance item payment to pay it in one payment
+                        const balanceItemPayment = new BalanceItemPayment()
+                        balanceItemPayment.balanceItemId = balanceItem.id;
+                        balanceItemPayment.paymentId = payment.id;
+                        balanceItemPayment.organizationId = organization.id;
+                        balanceItemPayment.price = balanceItem.price;
+                        await balanceItemPayment.save();
+
+                        if (payment.method == PaymentMethod.Transfer) {
+                            await order.markValid(payment, [])
+                            await payment.save()
+                            await order.save()
+                        } else if (payment.method == PaymentMethod.PointOfSale) {
+                            // Not really paid, but needed to create the tickets if needed
+                            await order.markPaid(payment, organization, webshop)
+                            await payment.save()
+                            await order.save()
+                        } else {
+                            throw new Error("Unsupported payment method")
+                        }
+
+                        balanceItem.description = order.generateBalanceDescription(webshop)
+                        await balanceItem.save()
+                    }
+                } catch (e) {
+                    await order.deleteOrderBecauseOfCreationError()
+                    throw e;
+                }
+                
+                orders.push(order)
+            }
+
+            for (const patch of body.getPatches()) {
+                const model = orders.find(p => p.id == patch.id)
+                if (!model) {
+                    throw new SimpleError({
+                        code: "not_found",
+                        message: "Order with id "+patch.id+" does not exist"
+                    })
+                }
+                const previousToPay = model.totalToPay;
+                const previousStatus = model.status
+
+                model.status = patch.status ?? model.status
+
+                // For now, we don't invalidate tickets, because they will get invalidated at scan time (the order status is checked)
+                // This allows you to revalidate a ticket without needing to generate a new one (e.g. when accidentally canceling an order) 
+                // -> the user doesn't need to download the ticket again
+                // + added benefit: we can inform the user that the ticket was canceled, instead of throwing an 'invalid ticket' error
+
+                const previousData = model.data.clone()
+                if (patch.data) {
+                    model.data.patchOrPut(patch.data)
+
+                    if (model.status !== OrderStatus.Deleted) {
+                        // Make sure all data is up to date and validated (= possible corrections happen here too)
+                        model.data.validate(webshopGetter.struct, organization.meta, request.i18n, true);
+                    }
+                }
+
+                if (model.status === OrderStatus.Deleted) {
+                    model.data.removePersonalData()
+                }
+
+                if (model.status === OrderStatus.Deleted || model.status === OrderStatus.Canceled) {
+                    model.markUpdated()
+                    // Cancel payment if still pending
+                    await BalanceItem.deleteForDeletedOrders([model.id])
+                } else {
+                    if (previousStatus === OrderStatus.Canceled || previousStatus === OrderStatus.Deleted) {
+                        model.markUpdated()
+                        // Undo deletion
+                        await BalanceItem.undoForDeletedOrders([model.id])
+                    }
+                }
+
+                // Update balance item prices for this order if price has changed
+                if (previousToPay !== model.totalToPay) {
+                    const items = await BalanceItem.where({ orderId: model.id })
+                    if (items.length === 1) {
+                        model.markUpdated()
+                        items[0].price = model.totalToPay
+                        items[0].description = model.generateBalanceDescription(webshop)
+                        items[0].updateStatus();
+                        await items[0].save()
+                    } else if (items.length === 0 && model.totalToPay > 0) {
+                        model.markUpdated()
+                        const balanceItem = new BalanceItem();
+                        balanceItem.orderId = model.id;
+                        balanceItem.price = model.totalToPay
+                        balanceItem.description = model.generateBalanceDescription(webshop)
+                        balanceItem.pricePaid = 0
+                        balanceItem.organizationId = organization.id;
+                        balanceItem.status = BalanceItemStatus.Pending;
+                        await balanceItem.save();
+                    }
+                }
+
+                await model.save()
+                await model.setRelation(Order.webshop, webshop).updateStock(previousData)
+                await model.setRelation(Order.webshop, webshop).updateTickets()
+            }
+
+            const mapped = orders.map(order => order.setRelation(Order.webshop, webshop))
+            return mapped
+        })
+
+        return new Response(
+            await Order.getPrivateStructures(orders)
+        );
+    }
+}