@stamhoofd/backend 2.105.0 → 2.106.1

package/src/endpoints/global/members/GetMembersEndpoint.ts

@@ -43,7 +43,7 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
         let scopeFilter: StamhoofdFilter | undefined = undefined;
 
         // First do a quick validation of the groups, so that prevents the backend from having to add a scope filter
-        if (!Context.auth.canAccessAllPlatformMembers() && !await validateGroupFilter({ filter: q.filter, permissionLevel, key: 'registrations' })) {
+        if (!Context.auth.canAccessAllPlatformMembers(permissionLevel) && !await validateGroupFilter({ filter: q.filter, permissionLevel, key: 'registrations' })) {
             if (!organization) {
                 const tags = Context.auth.getPlatformAccessibleOrganizationTags(permissionLevel);
                 if (tags !== 'all' && tags.length === 0) {

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.test.ts

@@ -269,6 +269,148 @@ describe('Endpoint.PatchOrganizationMembersEndpoint', () => {
             });
         });
 
+        test('A registration grants permission to a member', async () => {
+            // Member had a deactivated registration with a group that should give the admin acecss to the member, but since it is deactivated -> no access
+            const organization = await new OrganizationFactory({}).create();
+            const resources = new Map();
+
+            const group = await new GroupFactory({
+                organization,
+            }).create();
+
+            // Give read permission to the group
+            resources.set(
+                PermissionsResourceType.Groups, new Map([[
+                    group.id,
+                    ResourcePermissions.create({
+                        level: PermissionLevel.Write,
+                    }),
+                ]]),
+            );
+
+            const user = await new UserFactory({
+                permissions: Permissions.create({
+                    level: PermissionLevel.None,
+                    resources,
+                }),
+                organization, // since we are in platform mode, this will only set the permissions for this organization
+            }).create();
+
+            const member = await new MemberFactory({
+                firstName,
+                lastName,
+                birthDay,
+                generateData: false,
+            }).create();
+
+            // Register this member
+            await new RegistrationFactory({
+                member,
+                group,
+            }).create();
+
+            const token = await Token.createToken(user);
+
+            const arr: Body = new PatchableArray();
+            const patch = MemberWithRegistrationsBlob.patch({
+                id: member.id,
+                details: MemberDetails.patch({
+                    firstName: 'Changed',
+                }),
+            });
+            arr.addPatch(patch);
+
+            // Try to request all members at organization
+            const request = Request.patch({
+                path: baseUrl,
+                host: organization.getApiHost(),
+                body: arr,
+                headers: {
+                    authorization: 'Bearer ' + token.accessToken,
+                },
+            });
+            const response = await testServer.test(endpoint, request);
+
+            // Check returned
+            expect(response.status).toBe(200);
+            expect(response.body.members.length).toBe(1);
+            const memberStruct = response.body.members[0];
+            expect(memberStruct.details).toMatchObject({
+                firstName: 'Changed',
+            });
+        });
+
+        test('[REGRESSION] A deactivated registration does not grant permission to a member', async () => {
+            // Member had a deactivated registration with a group that should give the admin acecss to the member, but since it is deactivated -> no access
+            const organization = await new OrganizationFactory({}).create();
+            const resources = new Map();
+
+            const group = await new GroupFactory({
+                organization,
+            }).create();
+
+            // Give read permission to the group
+            resources.set(
+                PermissionsResourceType.Groups, new Map([[
+                    group.id,
+                    ResourcePermissions.create({
+                        level: PermissionLevel.Write,
+                    }),
+                ]]),
+            );
+
+            const user = await new UserFactory({
+                permissions: Permissions.create({
+                    level: PermissionLevel.None,
+                    resources,
+                }),
+                organization, // since we are in platform mode, this will only set the permissions for this organization
+            }).create();
+
+            const member = await new MemberFactory({
+                firstName,
+                lastName,
+                birthDay,
+                generateData: false,
+            }).create();
+
+            // Register this member
+            await new RegistrationFactory({
+                member,
+                group,
+                deactivatedAt: new Date(),
+            }).create();
+
+            const token = await Token.createToken(user);
+
+            const arr: Body = new PatchableArray();
+            const patch = MemberWithRegistrationsBlob.patch({
+                id: member.id,
+                details: MemberDetails.patch({
+                    firstName: 'Changed',
+                }),
+            });
+            arr.addPatch(patch);
+
+            // Try to request all members at organization
+            const request = Request.patch({
+                path: baseUrl,
+                host: organization.getApiHost(),
+                body: arr,
+                headers: {
+                    authorization: 'Bearer ' + token.accessToken,
+                },
+            });
+            await expect(testServer.test(endpoint, request)).rejects.toThrow(STExpect.simpleError({
+                code: 'not_found',
+            }));
+
+            await member.refresh();
+
+            // Not changed
+            expect(member.details.firstName).toEqual(firstName);
+        });
+
         test('A full platform admin can edit members without registrations', async () => {
             const organization = await new OrganizationFactory({}).create();
 

package/src/endpoints/global/registration/GetRegistrationsEndpoint.ts

@@ -68,7 +68,7 @@ export class GetRegistrationsEndpoint extends Endpoint<Params, Query, Body, Resp
         let scopeFilter: StamhoofdFilter | undefined = undefined;
 
         // First do a quick validation of the groups, so that prevents the backend from having to add a scope filter
-        if (!Context.auth.canAccessAllPlatformMembers() && !await validateGroupFilter({ filter: q.filter, permissionLevel, key: null })) {
+        if (!Context.auth.canAccessAllPlatformMembers(permissionLevel) && !await validateGroupFilter({ filter: q.filter, permissionLevel, key: null })) {
             if (!organization) {
                 const tags = Context.auth.getPlatformAccessibleOrganizationTags(permissionLevel);
                 if (tags !== 'all' && tags.length === 0) {

package/src/endpoints/global/registration/RegisterMembersEndpoint.test.ts

@@ -1,17 +1,16 @@
+import { PatchMap } from '@simonbackx/simple-encoding';
 import { Request } from '@simonbackx/simple-endpoints';
 import { EmailMocker } from '@stamhoofd/email';
 import { BalanceItemFactory, Group, GroupFactory, MemberFactory, MemberWithRegistrations, Organization, OrganizationFactory, OrganizationRegistrationPeriodFactory, Registration, RegistrationFactory, RegistrationPeriod, RegistrationPeriodFactory, Token, UserFactory } from '@stamhoofd/models';
 import { AccessRight, BalanceItemCartItem, BalanceItemStatus, BalanceItemType, BooleanStatus, Company, GroupOption, GroupOptionMenu, IDRegisterCart, IDRegisterCheckout, IDRegisterItem, OrganizationPackages, PaymentCustomer, PaymentMethod, PermissionLevel, Permissions, PermissionsResourceType, ReduceablePrice, RegisterItemOption, ResourcePermissions, STPackageStatus, STPackageType, UserPermissions, Version } from '@stamhoofd/structures';
 import { STExpect, TestUtils } from '@stamhoofd/test-utils';
 import { v4 as uuidv4 } from 'uuid';
-import { testServer } from '../../../../tests/helpers/TestServer';
-import { initPayconiq } from '../../../../tests/init/initPayconiq';
-import { RegisterMembersEndpoint } from './RegisterMembersEndpoint';
 import { assertBalances } from '../../../../tests/assertions/assertBalances';
-import PersistentFile from 'formidable/PersistentFile';
-import { PatchMap } from '@simonbackx/simple-encoding';
+import { testServer } from '../../../../tests/helpers/TestServer';
 import { initAdmin, initPermissionRole } from '../../../../tests/init';
+import { initPayconiq } from '../../../../tests/init/initPayconiq';
 import { BalanceItemService } from '../../../services/BalanceItemService';
+import { RegisterMembersEndpoint } from './RegisterMembersEndpoint';
 
 const baseUrl = `/v${Version}/members/register`;
 
@@ -19,6 +18,7 @@ describe('Endpoint.RegisterMembers', () => {
     // #region global
     const endpoint = new RegisterMembersEndpoint();
     let period: RegistrationPeriod;
+    let previousPeriod: RegistrationPeriod;
     let defaultPermissionLevel = PermissionLevel.None;
     let defaultLinkMembersToUser = true;
     const post = async (body: IDRegisterCheckout, organization: Organization, token: Token) => {
@@ -28,9 +28,10 @@ describe('Endpoint.RegisterMembers', () => {
     };
 
     beforeAll(async () => {
-        const previousPeriod = await new RegistrationPeriodFactory({
+        previousPeriod = await new RegistrationPeriodFactory({
             startDate: new Date(2022, 0, 1),
             endDate: new Date(2022, 11, 31),
+            locked: true,
         }).create();
 
         period = await new RegistrationPeriodFactory({
@@ -54,12 +55,15 @@ describe('Endpoint.RegisterMembers', () => {
             .create();
 
         const organizationRegistrationPeriod = await new OrganizationRegistrationPeriodFactory({ organization, period: registrationPeriod }).create();
+        if (registrationPeriod !== previousPeriod) {
+            await new OrganizationRegistrationPeriodFactory({ organization, period: previousPeriod }).create();
+        }
 
         return { organization, organizationRegistrationPeriod };
     };
 
-    async function initData({ otherMemberAmount = 0, groupPermissionLevel = PermissionLevel.None, memberPermissionLevel = PermissionLevel.None, permissionLevel = defaultPermissionLevel, linkMembersToUser = defaultLinkMembersToUser }: { otherMemberAmount?: number; memberPermissionLevel?: PermissionLevel; groupPermissionLevel?: PermissionLevel; permissionLevel?: PermissionLevel; linkMembersToUser?: boolean } = {}) {
-        const { organization, organizationRegistrationPeriod } = await initOrganization(period);
+    async function initData({ registrationPeriod = period, otherMemberAmount = 0, groupPermissionLevel = PermissionLevel.None, memberPermissionLevel = PermissionLevel.None, permissionLevel = defaultPermissionLevel, linkMembersToUser = defaultLinkMembersToUser }: { registrationPeriod?: RegistrationPeriod; otherMemberAmount?: number; memberPermissionLevel?: PermissionLevel; groupPermissionLevel?: PermissionLevel; permissionLevel?: PermissionLevel; linkMembersToUser?: boolean } = {}) {
+        const { organization, organizationRegistrationPeriod } = await initOrganization(registrationPeriod);
 
         const user = await new UserFactory({
             organization,
@@ -794,6 +798,37 @@ describe('Endpoint.RegisterMembers', () => {
             expect(updatedGroup!.settings.reservedMembers).toBe(0);
         });
 
+        test('Cannot register in locked period', async () => {
+            const { member, group, groupPrice, organization, token } = await initData({
+                registrationPeriod: previousPeriod,
+            });
+
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                    ],
+                    balanceItems: [],
+                    deleteRegistrationIds: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 25_00,
+                customer: null,
+            });
+
+            await expect(post(body, organization, token)).rejects.toThrow(STExpect.errorWithCode('locked_period'));
+        });
+
         test('Should set reserved members when using online payments', async () => {
             const { member, organization, token } = await initData();
             await initPayconiq({ organization });
@@ -1559,6 +1594,45 @@ describe('Endpoint.RegisterMembers', () => {
             expect(returnedRegistration.balances.length).not.toBe(0);
         });
 
+        test('[REGRESSION] Cannot register a member in a locked period', async () => {
+            const { member, organization, token } = await initData({});
+            const group = await new GroupFactory({
+                organization,
+                price: 25_00,
+                reducedPrice: 12_50,
+                stock: 500,
+                period: previousPeriod,
+            })
+                .create();
+            const groupPrice = group.settings.prices[0];
+
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [],
+                            options: [],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                    ],
+                    balanceItems: [
+                    ],
+                    deleteRegistrationIds: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 25_00,
+                asOrganizationId: organization.id,
+            });
+
+            await expect(post(body, organization, token)).rejects.toThrow(STExpect.errorWithCode('locked_period'));
+        });
+
         test('Can register a member as admin with write permission to new group only', async () => {
             // read permission to existing member, write permission to new group you want to register the member in
             const { member, groupPrice, group, organization, token } = await initData({
@@ -2059,6 +2133,51 @@ describe('Endpoint.RegisterMembers', () => {
             expect(updatedGroup1After!.settings.reservedMembers).toBe(0);
         });
 
+        test('[REGRESSION] Cannot replace registrations of locked periods', async () => {
+            const { member, group, groupPrice, organization, token } = await initData();
+
+            const group1 = await new GroupFactory({
+                organization,
+                price: 25_00,
+                reducedPrice: 12_50,
+                stock: 500,
+                period: previousPeriod,
+            })
+                .create();
+            const groupPrice1 = group1.settings.prices[0];
+
+            const registration = await new RegistrationFactory({
+                member,
+                group: group1,
+                groupPrice: groupPrice1,
+            }).create();
+
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [
+                        IDRegisterItem.create({
+                            id: uuidv4(),
+                            replaceRegistrationIds: [registration.id],
+                            options: [],
+                            groupPrice,
+                            organizationId: organization.id,
+                            groupId: group.id,
+                            memberId: member.id,
+                        }),
+                    ],
+                    balanceItems: [],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 30,
+                asOrganizationId: organization.id,
+                customer: null,
+            });
+
+            await expect(post(body, organization, token)).rejects.toThrow(STExpect.errorWithCode('locked_period'));
+        });
+
         test('When replacing a registration, we should keep the original paying organization id', async () => {
             const { organization, group: group1, groupPrice: groupPrice1, token, member, user } = await initData();
 
@@ -2432,6 +2551,42 @@ describe('Endpoint.RegisterMembers', () => {
             expect(updatedRegistration!.deactivatedAt).not.toBe(null);
         });
 
+        test('[REGRESSION] Cannot deactivate registrations of locked periods', async () => {
+            const { member, organization, token } = await initData();
+
+            const group1 = await new GroupFactory({
+                organization,
+                price: 25_00,
+                reducedPrice: 12_50,
+                stock: 500,
+                period: previousPeriod,
+            })
+                .create();
+            const groupPrice1 = group1.settings.prices[0];
+
+            const registration = await new RegistrationFactory({
+                member,
+                group: group1,
+                groupPrice: groupPrice1,
+            }).create();
+
+            const body = IDRegisterCheckout.create({
+                cart: IDRegisterCart.create({
+                    items: [],
+                    balanceItems: [],
+                    deleteRegistrationIds: [registration.id],
+                }),
+                administrationFee: 0,
+                freeContribution: 0,
+                paymentMethod: PaymentMethod.PointOfSale,
+                totalPrice: 30,
+                asOrganizationId: organization.id,
+                customer: null,
+            });
+
+            await expect(post(body, organization, token)).rejects.toThrow(STExpect.errorWithCode('locked_period'));
+        });
+
         test('Should fail if invalid cancelation fee', async () => {
             for (const cancellationFeePercentage of [10001, -1]) {
                 const { member, group: group1, groupPrice: groupPrice1, organization, token } = await initData();

package/src/endpoints/global/registration/RegisterMembersEndpoint.ts

@@ -15,6 +15,7 @@ import { StripeHelper } from '../../../helpers/StripeHelper';
 import { BalanceItemService } from '../../../services/BalanceItemService';
 import { RegistrationService } from '../../../services/RegistrationService';
 import { PaymentService } from '../../../services/PaymentService';
+import { ServiceFeeHelper } from '../../../helpers/ServiceFeeHelper';
 type Params = Record<string, never>;
 type Query = undefined;
 type Body = IDRegisterCheckout;
@@ -1062,6 +1063,7 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
         const { provider, stripeAccount } = await organization.getPaymentProviderFor(payment.method, organization.privateMeta.registrationPaymentConfiguration);
         payment.provider = provider;
         payment.stripeAccountId = stripeAccount?.id ?? null;
+        ServiceFeeHelper.setServiceFee(payment, organization, 'members', [...balanceItems.entries()].map(([_, p]) => p));
 
         await payment.save();
 

package/src/endpoints/organization/dashboard/billing/GetPackagesEndpoint.test.ts

@@ -0,0 +1,108 @@
+import { Request } from '@simonbackx/simple-endpoints';
+import { OrganizationFactory, STPackageFactory } from '@stamhoofd/models';
+import { AccessRight, LimitedFilteredRequest, STPackageBundle, STPackageType } from '@stamhoofd/structures';
+import { STExpect, TestUtils } from '@stamhoofd/test-utils';
+import { testServer } from '../../../../../tests/helpers/TestServer';
+import { initAdmin } from '../../../../../tests/init';
+import { GetPackagesEndpoint } from './GetPackagesEndpoint';
+
+const baseUrl = `/organization/packages`;
+const endpoint = new GetPackagesEndpoint();
+
+describe('Endpoint.GetPackagesEndpoint', () => {
+    beforeEach(async () => {
+        TestUtils.setEnvironment('userMode', 'organization');
+    });
+
+    test('Can get organization packages as finance director', async () => {
+        const organization = await new OrganizationFactory({}).create();
+
+        const package1 = await new STPackageFactory({
+            organization,
+            bundle: STPackageBundle.Members,
+        }).create();
+
+        // This old package is not returned
+        const oldPackage = await new STPackageFactory({
+            organization,
+            bundle: STPackageBundle.Webshops,
+            removeAt: new Date(Date.now() - 1000 * 60 * 60),
+        }).create();
+
+        // Never activated packages are not returned
+        const inactivePackage = await new STPackageFactory({
+            organization,
+            bundle: STPackageBundle.Webshops,
+            validAt: null,
+        }).create();
+
+        const package2 = await new STPackageFactory({
+            organization,
+            bundle: STPackageBundle.TrialWebshops,
+        }).create();
+
+        const { adminToken } = await initAdmin({
+            organization,
+            accessRights: [AccessRight.OrganizationFinanceDirector],
+        });
+
+        // Try to request all members at organization
+        const request = Request.get({
+            path: baseUrl,
+            host: organization.getApiHost(),
+            query: new LimitedFilteredRequest({
+                limit: 10,
+            }),
+            headers: {
+                authorization: 'Bearer ' + adminToken.accessToken,
+            },
+        });
+
+        const response = await testServer.test(endpoint, request);
+        expect(response.status).toBe(200);
+        expect(response.body.packages).toHaveLength(2);
+
+        expect(response.body.packages).toIncludeSameMembers([
+            expect.objectContaining({
+                id: package1.id,
+                meta: expect.objectContaining({
+                    type: STPackageType.Members,
+                }),
+            }),
+            expect.objectContaining({
+                id: package2.id,
+                meta: expect.objectContaining({
+                    type: STPackageType.TrialWebshops,
+                }),
+            }),
+        ]);
+    });
+
+    test('Cannot get organization packages without finance director right', async () => {
+        const organization = await new OrganizationFactory({}).create();
+
+        await new STPackageFactory({
+            organization,
+            bundle: STPackageBundle.Members,
+        }).create();
+
+        const { adminToken } = await initAdmin({
+            organization,
+            accessRights: [AccessRight.OrganizationCreateWebshops],
+        });
+
+        // Try to request all members at organization
+        const request = Request.get({
+            path: baseUrl,
+            host: organization.getApiHost(),
+            query: new LimitedFilteredRequest({
+                limit: 10,
+            }),
+            headers: {
+                authorization: 'Bearer ' + adminToken.accessToken,
+            },
+        });
+
+        await expect(testServer.test(endpoint, request)).rejects.toThrow(STExpect.errorWithCode('permission_denied'));
+    });
+});

package/src/endpoints/organization/dashboard/billing/GetPackagesEndpoint.ts

@@ -0,0 +1,40 @@
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { STPackage } from '@stamhoofd/models';
+import { OrganizationPackagesStatus, STPackage as STPackageStruct } from '@stamhoofd/structures';
+import { Context } from '../../../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type ResponseBody = OrganizationPackagesStatus;
+type Body = undefined;
+
+export class GetPackagesEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'GET') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/organization/packages', {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate();
+
+        // If the user has permission, we'll also search if he has access to the organization's key
+        if (!await Context.auth.canManageFinances(organization.id)) {
+            throw Context.auth.error();
+        }
+
+        const packages = await STPackage.getForOrganization(organization.id);
+
+        return new Response(OrganizationPackagesStatus.create({
+            packages: packages.map(p => STPackageStruct.create(p)),
+        }));
+    }
+}

package/src/endpoints/organization/dashboard/webshops/PatchWebshopOrdersEndpoint.ts

@@ -3,11 +3,12 @@ import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-
 import { SimpleError } from '@simonbackx/simple-errors';
 import { BalanceItem, BalanceItemPayment, Order, Payment, Webshop, WebshopCounter } from '@stamhoofd/models';
 import { QueueHandler } from '@stamhoofd/queues';
-import { AuditLogSource, BalanceItemRelation, BalanceItemRelationType, BalanceItemStatus, BalanceItemType, OrderStatus, PaymentMethod, PaymentStatus, PermissionLevel, PrivateOrder, TranslatedString, Webshop as WebshopStruct } from '@stamhoofd/structures';
+import { AuditLogSource, BalanceItemRelation, BalanceItemRelationType, BalanceItemStatus, BalanceItemType, OrderStatus, PaymentMethod, PaymentStatus, PermissionLevel, PrivateOrder, TranslatedString, Webshop as WebshopStruct, WebshopTicketType } from '@stamhoofd/structures';
 
 import { Context } from '../../../../helpers/Context';
 import { AuditLogService } from '../../../../services/AuditLogService';
 import { shouldReserveUitpasNumbers, UitpasService } from '../../../../services/uitpas/UitpasService';
+import { ServiceFeeHelper } from '../../../../helpers/ServiceFeeHelper';
 
 type Params = { id: string };
 type Query = undefined;
@@ -157,6 +158,12 @@ export class PatchWebshopOrdersEndpoint extends Endpoint<Params, Query, Body, Re
 
                         // Determine the payment provider (always null because no online payments here)
                         payment.provider = null;
+                        ServiceFeeHelper.setServiceFee(
+                            payment,
+                            organization,
+                            webshop.meta.ticketType === WebshopTicketType.None ? 'webshop' : 'tickets',
+                            order.data.cart.items.flatMap(i => i.calculatedPrices.map(p => p.discountedPrice)),
+                        );
 
                         await payment.save();
 

package/src/endpoints/organization/webshops/PlaceOrderEndpoint.ts

@@ -5,7 +5,7 @@ import { SimpleError } from '@simonbackx/simple-errors';
 import { Email } from '@stamhoofd/email';
 import { BalanceItem, BalanceItemPayment, MolliePayment, MollieToken, Order, PayconiqPayment, Payment, RateLimiter, Webshop, WebshopDiscountCode } from '@stamhoofd/models';
 import { QueueHandler } from '@stamhoofd/queues';
-import { AuditLogSource, BalanceItemRelation, BalanceItemRelationType, BalanceItemStatus, BalanceItemType, OrderData, OrderResponse, Order as OrderStruct, PaymentCustomer, PaymentMethod, PaymentMethodHelper, PaymentProvider, PaymentStatus, Payment as PaymentStruct, TranslatedString, Version, WebshopAuthType, Webshop as WebshopStruct } from '@stamhoofd/structures';
+import { AuditLogSource, BalanceItemRelation, BalanceItemRelationType, BalanceItemStatus, BalanceItemType, OrderData, OrderResponse, Order as OrderStruct, PaymentCustomer, PaymentMethod, PaymentMethodHelper, PaymentProvider, PaymentStatus, Payment as PaymentStruct, TranslatedString, Version, WebshopAuthType, Webshop as WebshopStruct, WebshopTicketType } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 
 import { BuckarooHelper } from '../../../helpers/BuckarooHelper';
@@ -13,6 +13,7 @@ import { Context } from '../../../helpers/Context';
 import { StripeHelper } from '../../../helpers/StripeHelper';
 import { AuditLogService } from '../../../services/AuditLogService';
 import { UitpasService } from '../../../services/uitpas/UitpasService';
+import { ServiceFeeHelper } from '../../../helpers/ServiceFeeHelper';
 
 type Params = { id: string };
 type Query = undefined;
@@ -182,6 +183,12 @@ export class PlaceOrderEndpoint extends Endpoint<Params, Query, Body, ResponseBo
                 const { provider, stripeAccount } = await organization.getPaymentProviderFor(payment.method, webshop.privateMeta.paymentConfiguration);
                 payment.provider = provider;
                 payment.stripeAccountId = stripeAccount?.id ?? null;
+                ServiceFeeHelper.setServiceFee(
+                    payment,
+                    organization,
+                    webshop.meta.ticketType === WebshopTicketType.None ? 'webshop' : 'tickets',
+                    order.data.cart.items.flatMap(i => i.calculatedPrices.map(p => p.discountedPrice)),
+                );
 
                 await payment.save();