npm - @stamhoofd/backend - Versions diffs - 2.101.0 → 2.103.0 - Mend

@stamhoofd/backend 2.101.0 → 2.103.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/src/helpers/AuthenticatedStructures.ts CHANGED Viewed

@@ -388,7 +388,7 @@ export class AuthenticatedStructures {
         return (await this.membersBlob(members, false)).members;
     }
-    static async membersBlob(members: MemberWithRegistrations[], includeContextOrganization = false, includeUser?: User): Promise<MembersBlob> {
+    static async membersBlob(members: MemberWithRegistrations[], includeContextOrganization = false, includeUser?: User, options?: { forAdminCartCalculation?: boolean }): Promise<MembersBlob> {
         if (members.length === 0 && !includeUser) {
             return MembersBlob.create({ members: [], organizations: [] });
         }
@@ -399,10 +399,10 @@ export class AuthenticatedStructures {
         if (Context.organization) {
             await BalanceItemService.flushCaches(Context.organization.id);
         }
-        const balances = await CachedBalance.getForObjects(registrationIds, null);
+        const balances = await CachedBalance.getForObjects(registrationIds, null, ReceivableBalanceType.registration);
         const memberIds = members.map(m => m.id);
         const allMemberBalances = Context.organization
-            ? (await CachedBalance.getForObjects(memberIds, Context.organization.id))
+            ? (await CachedBalance.getForObjects(memberIds, Context.organization.id, ReceivableBalanceType.member))
             : [];
         if (includeUser) {
@@ -459,6 +459,7 @@ export class AuthenticatedStructures {
             const filtered: (Registration & {
                 group: Group;
             })[] = [];
+            const userManager = Context.auth.isUserManager(member);
             for (const registration of member.registrations) {
                 if (includeContextOrganization || registration.organizationId !== Context.auth.organization?.id) {
                     const found = organizations.get(registration.id);
@@ -468,11 +469,18 @@ export class AuthenticatedStructures {
                     }
                 }
                 if (organizations.get(registration.organizationId)?.active || (Context.auth.organization && Context.auth.organization.active && registration.organizationId === Context.auth.organization.id) || await Context.auth.hasFullAccess(registration.organizationId)) {
-                    filtered.push(registration);
+                    if (
+                        !!options?.forAdminCartCalculation
+                        || registration.group.settings.implicitlyAllowViewRegistrations
+                        || userManager
+                        || await Context.auth.canAccessRegistration(registration, PermissionLevel.Read, member)
+                    ) {
+                        filtered.push(registration);
+                    }
                 }
             }
             member.registrations = filtered;
-            const balancesPermission = await Context.auth.hasFinancialMemberAccess(member, PermissionLevel.Read, Context.organization?.id);
+            const balancesPermission = (!!options?.forAdminCartCalculation) || await Context.auth.hasFinancialMemberAccess(member, PermissionLevel.Read, Context.organization?.id);
             let memberBalances: GenericBalance[] = [];
@@ -507,7 +515,7 @@ export class AuthenticatedStructures {
             });
             memberBlobs.push(
-                await Context.auth.filterMemberData(member, blob),
+                await Context.auth.filterMemberData(member, blob, { forAdminCartCalculation: options?.forAdminCartCalculation ?? false }),
             );
         }
@@ -619,7 +627,7 @@ export class AuthenticatedStructures {
                 const balancesPermission = member ? (await Context.auth.hasFinancialMemberAccess(member, PermissionLevel.Read, Context.organization?.id)) : false;
                 r = registration.getStructure();
                 r.balances = balancesPermission
-                    ? ((await CachedBalance.getForObjects([registration.id], null)).map((b) => {
+                    ? ((await CachedBalance.getForObjects([registration.id], null, ReceivableBalanceType.registration)).map((b) => {
                             return GenericBalance.create(b);
                         }))
                     : [];
@@ -863,7 +871,7 @@ export class AuthenticatedStructures {
         const members = memberIds.length > 0 ? await Member.getByIDs(...memberIds) : [];
         const userIds = Formatter.uniqueArray([
-            ...balances.filter(b => b.objectType === ReceivableBalanceType.user).map(b => b.objectId),
+            ...balances.filter(b => b.objectType === ReceivableBalanceType.user || b.objectType === ReceivableBalanceType.userWithoutMembers).map(b => b.objectId),
         ]);
         const users = userIds.length > 0 ? await User.getByIDs(...userIds) : [];
@@ -988,7 +996,7 @@ export class AuthenticatedStructures {
                     });
                 }
             }
-            else if (balance.objectType === ReceivableBalanceType.user) {
+            else if (balance.objectType === ReceivableBalanceType.user || balance.objectType === ReceivableBalanceType.userWithoutMembers) {
                 const user = users.find(m => m.id === balance.objectId) ?? null;
                 if (user) {
                     const url = Context.organization && Context.organization.id === balance.organizationId ? 'https://' + Context.organization.getHost() : '';
@@ -1024,7 +1032,7 @@ export class AuthenticatedStructures {
         const results: DetailedReceivableBalance[] = [];
         for (const { balance, object } of items) {
-            const balanceItems = await CachedBalance.balanceForObjects(organizationId, [balance.objectId], balance.objectType, true);
+            const balanceItems = await CachedBalance.balanceForObjects(organizationId, [balance.objectId], balance.objectType);
             const balanceItemsWithPayments = await BalanceItem.getStructureWithPayments(balanceItems);
             const result = DetailedReceivableBalance.create({

package/src/helpers/MemberUserSyncer.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { CachedBalance, Member, MemberResponsibilityRecord, MemberWithUsers, Organization, Platform, User } from '@stamhoofd/models';
 import { QueueHandler } from '@stamhoofd/queues';
 import { SQL } from '@stamhoofd/sql';
-import { AuditLogSource, MemberDetails, PermissionRole, Permissions, UserPermissions } from '@stamhoofd/structures';
+import { AuditLogSource, MemberDetails, PermissionRole, Permissions, ReceivableBalanceType, UserPermissions } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 import basex from 'base-x';
 import crypto from 'crypto';
@@ -416,7 +416,7 @@ export class MemberUserSyncerStatic {
      */
     async updateUserBalance(userId: string, memberId: string) {
         // Update balance of this user, as it could have changed
-        const memberBalances = await CachedBalance.getForObjects([memberId]);
+        const memberBalances = await CachedBalance.getForObjects([memberId], null, ReceivableBalanceType.member);
         if (memberBalances.length > 0) {
             const organizationIds = Formatter.uniqueArray(memberBalances.map(b => b.organizationId));
             for (const organizationId of organizationIds) {

package/src/seeds/{1735577912-update-cached-outstanding-balance-from-items.ts → 1760702454-update-cached-outstanding-balance-from-items.ts} RENAMED Viewed

@@ -21,6 +21,8 @@ export default new Migration(async () => {
         }
     });
+    await BalanceItemService.flushAll();
     console.log('Updated outstanding balance for ' + c + ' items');
     // Do something here

package/src/services/BalanceItemService.ts CHANGED Viewed

@@ -163,6 +163,18 @@ export const BalanceItemService = {
         }
     },
+    scheduleUserUpdate(organizationId: string, userId: string) {
+        userUpdateQueue.addItem(organizationId, userId);
+    },
+    scheduleMemberUpdate(organizationId: string, memberId: string) {
+        memberUpdateQueue.addItem(organizationId, memberId);
+    },
+    scheduleOrganizationUpdate(organizationId: string, payingOrganizationId: string) {
+        organizationUpdateQueue.addItem(organizationId, payingOrganizationId);
+    },
     async markDue(balanceItem: BalanceItem) {
         if (balanceItem.status === BalanceItemStatus.Hidden) {
             balanceItem.status = BalanceItemStatus.Due;

package/src/services/PaymentService.ts CHANGED Viewed

@@ -260,6 +260,9 @@ export const PaymentService = {
                                 if (await payconiqPayment.cancel(organization)) {
                                     status = PaymentStatus.Failed;
                                 }
+                                else {
+                                    console.error('Failed to manually cancel payment');
+                                }
                             }
                             if (this.isManualExpired(status, payment)) {

package/src/sql-filters/base-registration-filter-compilers.ts CHANGED Viewed

@@ -1,6 +1,59 @@
+import { SimpleError } from '@simonbackx/simple-errors';
 import { baseSQLFilterCompilers, createColumnFilter, createExistsFilter, SQL, SQLFilterDefinitions, SQLValueType } from '@stamhoofd/sql';
+import { FilterWrapperMarker, PermissionLevel, StamhoofdFilter, unwrapFilter } from '@stamhoofd/structures';
+import { Context } from '../helpers/Context';
 import { organizationFilterCompilers } from './organizations';
+async function checkGroupIdFilterAccess(filter: StamhoofdFilter, permissionLevel: PermissionLevel) {
+    const groupIds = typeof filter === 'string'
+        ? [filter]
+        : unwrapFilter(filter as StamhoofdFilter, {
+            $in: FilterWrapperMarker,
+        })?.markerValue;
+    if (!Array.isArray(groupIds)) {
+        throw new SimpleError({
+            code: 'invalid_field',
+            field: 'filter',
+            message: 'You must filter on a group of the organization you are trying to access',
+            human: $t(`d0ef2e12-dfa2-4d2a-9ee7-793e52e6b94f`),
+        });
+    }
+    if (groupIds.length === 0) {
+        return;
+    }
+    for (const groupId of groupIds) {
+        if (typeof groupId !== 'string') {
+            throw new SimpleError({
+                code: 'invalid_field',
+                field: 'filter',
+                message: 'Invalid group ID in filter',
+            });
+        }
+    }
+    const groups = await Context.auth.getGroups(groupIds as string[]);
+    console.log('Filtering registrations on groups', groups.map(g => g.settings.name.toString()));
+    for (const group of groups) {
+        if (!await Context.auth.canAccessGroup(group, permissionLevel)) {
+            if (permissionLevel === PermissionLevel.Read && group.settings.implicitlyAllowViewRegistrations) {
+                // Allowed to filter on this group, since we have view access.
+                continue;
+            }
+            throw Context.auth.error({
+                message: 'You do not have access to this group',
+                human: $t(`45eedf49-0f0a-442c-a0bd-7881c2682698`, { groupName: group.settings.name }),
+            });
+        }
+    }
+    return;
+}
 export const baseRegistrationFilterCompilers: SQLFilterDefinitions = {
     ...baseSQLFilterCompilers,
     id: createColumnFilter({
@@ -38,6 +91,9 @@ export const baseRegistrationFilterCompilers: SQLFilterDefinitions = {
         expression: SQL.column('groupId'),
         type: SQLValueType.String,
         nullable: false,
+        async checkPermission(filter) {
+            await checkGroupIdFilterAccess(filter, PermissionLevel.Read);
+        },
     }),
     registeredAt: createColumnFilter({
         expression: SQL.column('registeredAt'),
@@ -60,6 +116,9 @@ export const baseRegistrationFilterCompilers: SQLFilterDefinitions = {
             expression: SQL.column('groupId'),
             type: SQLValueType.String,
             nullable: false,
+            async checkPermission(filter) {
+                await checkGroupIdFilterAccess(filter, PermissionLevel.Read);
+            },
         }),
         type: createColumnFilter({
             expression: SQL.column('groups', 'type'),

package/src/sql-filters/orders.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { baseSQLFilterCompilers, createColumnFilter, SQL, SQLCast, SQLConcat, SQLJsonUnquote, SQLFilterDefinitions, SQLValueType, SQLScalar } from '@stamhoofd/sql';
+import { baseSQLFilterCompilers, createColumnFilter, SQL, SQLCast, SQLConcat, SQLJsonUnquote, SQLFilterDefinitions, SQLValueType, SQLScalar, createExistsFilter, createWildcardColumnFilter, SQLJsonExtract } from '@stamhoofd/sql';
 export const orderFilterCompilers: SQLFilterDefinitions = {
     ...baseSQLFilterCompilers,
@@ -106,4 +106,100 @@ export const orderFilterCompilers: SQLFilterDefinitions = {
         type: SQLValueType.Datetime,
         nullable: true,
     }),
+    items: createExistsFilter(
+        /**
+         * There is a bug in MySQL 8 that is fixed in 9.3
+         * where EXISTS (select * from json_table(...)) does not work
+         * To fix this, we do a double select with join inside the select
+         * It is a bit slower, but it works for now.
+         */
+        SQL.select()
+            .from('webshop_orders', 'innerOrders')
+            .join(
+                SQL.join(
+                    SQL.jsonTable(
+                        SQL.jsonValue(SQL.column('innerOrders', 'data'), '$.value.cart.items'),
+                        'items',
+                    )
+                        .addColumn(
+                            'amount',
+                            'INT',
+                            '$.amount',
+                        )
+                        .addColumn(
+                            'productId',
+                            'TEXT',
+                            '$.product.id',
+                        )
+                        .addColumn(
+                            'productPriceId',
+                            'TEXT',
+                            '$.productPrice.id',
+                        ),
+                ),
+            )
+            .where(SQL.column('innerOrders', 'id'), SQL.column('webshop_orders', 'id')),
+        {
+            ...baseSQLFilterCompilers,
+            amount: createColumnFilter({
+                expression: SQL.column('items', 'amount'),
+                type: SQLValueType.Number,
+                nullable: false,
+            }),
+            product: {
+                ...baseSQLFilterCompilers,
+                id: createColumnFilter({
+                    expression: SQL.column('items', 'productId'),
+                    type: SQLValueType.String,
+                    nullable: false,
+                }),
+            },
+            productPrice: {
+                ...baseSQLFilterCompilers,
+                id: createColumnFilter({
+                    expression: SQL.column('items', 'productPriceId'),
+                    type: SQLValueType.String,
+                    nullable: false,
+                }),
+            },
+        },
+    ),
+    recordAnswers: createWildcardColumnFilter(
+        (key: string) => ({
+            expression: SQL.jsonValue(SQL.column('data'), `$.value.recordAnswers.${SQLJsonExtract.escapePathComponent(key)}`, true),
+            type: SQLValueType.JSONObject,
+            nullable: true,
+        }),
+        (key: string) => ({
+            ...baseSQLFilterCompilers,
+            selected: createColumnFilter({
+                expression: SQL.jsonValue(SQL.column('data'), `$.value.recordAnswers.${SQLJsonExtract.escapePathComponent(key)}.selected`, true),
+                type: SQLValueType.JSONBoolean,
+                nullable: true,
+            }),
+            selectedChoice: {
+                ...baseSQLFilterCompilers,
+                id: createColumnFilter({
+                    expression: SQL.jsonValue(SQL.column('data'), `$.value.recordAnswers.${SQLJsonExtract.escapePathComponent(key)}.selectedChoice.id`, true),
+                    type: SQLValueType.JSONString,
+                    nullable: true,
+                }),
+            },
+            selectedChoices: {
+                ...baseSQLFilterCompilers,
+                id: createColumnFilter({
+                    expression: SQL.jsonValue(SQL.column('data'), `$.value.recordAnswers.${SQLJsonExtract.escapePathComponent(key)}.selectedChoices[*].id`, true),
+                    type: SQLValueType.JSONArray,
+                    nullable: true,
+                }),
+            },
+            value: createColumnFilter({
+                expression: SQL.jsonValue(SQL.column('data'), `$.value.recordAnswers.${SQLJsonExtract.escapePathComponent(key)}.value`, true),
+                type: SQLValueType.JSONString,
+                nullable: true,
+            }),
+        }),
+    ),
 };

package/src/sql-filters/receivable-balances.ts CHANGED Viewed

@@ -97,7 +97,8 @@ export const receivableBalanceFilterCompilers: SQLFilterDefinitions = {
                 SQL.column('cached_outstanding_balances', 'objectId'),
             ).where(
                 SQL.column('cached_outstanding_balances', 'objectType'),
-                'user'),
+                ['user', 'userWithoutMembers'],
+            ),
         {
             ...baseSQLFilterCompilers,
             name: createColumnFilter({
@@ -109,6 +110,11 @@ export const receivableBalanceFilterCompilers: SQLFilterDefinitions = {
                 type: SQLValueType.String,
                 nullable: false,
             }),
+            email: createColumnFilter({
+                expression: SQL.column('email'),
+                type: SQLValueType.String,
+                nullable: false,
+            }),
         },
     ),