@stamhoofd/backend 2.109.0 → 2.111.0

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.109.0",
+    "version": "2.111.0",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -48,17 +48,17 @@
         "@bwip-js/node": "^4.5.1",
         "@mollie/api-client": "4.3.3",
         "@simonbackx/simple-database": "1.34.0",
-        "@simonbackx/simple-encoding": "2.22.0",
+        "@simonbackx/simple-encoding": "2.23.1",
         "@simonbackx/simple-endpoints": "1.20.1",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.109.0",
-        "@stamhoofd/backend-middleware": "2.109.0",
-        "@stamhoofd/email": "2.109.0",
-        "@stamhoofd/models": "2.109.0",
-        "@stamhoofd/queues": "2.109.0",
-        "@stamhoofd/sql": "2.109.0",
-        "@stamhoofd/structures": "2.109.0",
-        "@stamhoofd/utility": "2.109.0",
+        "@stamhoofd/backend-i18n": "2.111.0",
+        "@stamhoofd/backend-middleware": "2.111.0",
+        "@stamhoofd/email": "2.111.0",
+        "@stamhoofd/models": "2.111.0",
+        "@stamhoofd/queues": "2.111.0",
+        "@stamhoofd/sql": "2.111.0",
+        "@stamhoofd/structures": "2.111.0",
+        "@stamhoofd/utility": "2.111.0",
         "archiver": "^7.0.1",
         "axios": "^1.13.2",
         "cookie": "^0.7.0",
@@ -76,5 +76,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "9a987df4a751f24aabd56e1480dfb9239fb8e019"
+    "gitHead": "21344c902f356539e4034b499b94f54adbe10e50"
 }

package/src/endpoints/auth/PatchUserEndpoint.test.ts

@@ -0,0 +1,56 @@
+import { Request } from '@simonbackx/simple-endpoints';
+import { OrganizationFactory, UserFactory } from '@stamhoofd/models';
+
+import { NewUser, PermissionRole, Permissions, UserPermissions } from '@stamhoofd/structures';
+import { testServer } from '../../../tests/helpers/TestServer.js';
+import { initAdmin } from '../../../tests/init/initAdmin.js';
+import { PatchUserEndpoint } from './PatchUserEndpoint.js';
+
+describe('Endpoint.PatchUser', () => {
+    // Test endpoint
+    const endpoint = new PatchUserEndpoint();
+
+    test('[Regression] Sending a patch for organization permissions that does not exist', async () => {
+        // Case: User A does not have permissions for organization A.
+        // You send a patch to change User A's permissions for organization A
+        // In the past, this caused data corruption because the way simple-encoding was implemented
+
+        const organization = await new OrganizationFactory({}).create();
+        const user = await new UserFactory({ organization }).create();
+
+        const { adminToken } = await initAdmin({ organization });
+
+        // Try to request members for this group
+        const userPermissions = UserPermissions.patch({});
+        const permissionsPatch = Permissions.patch({});
+        permissionsPatch.roles.addPut(PermissionRole.create({
+            id: 'test',
+            name: 'Test role',
+        }));
+        userPermissions.organizationPermissions.set(organization.id, permissionsPatch);
+
+        const request = Request.patch({
+            path: `/user/${user.id}`,
+            host: organization.getApiHost(),
+            headers: {
+                authorization: 'Bearer ' + adminToken.accessToken,
+            },
+            body: NewUser.patch({
+                id: user.id,
+                permissions: userPermissions,
+            }),
+        });
+
+        const response = await testServer.test(endpoint, request);
+        expect(response.status).toBe(200);
+
+        // This threw in the past when something was wrong
+        await user.refresh();
+
+        expect(user.permissions?.organizationPermissions.size).toEqual(1);
+
+        expect(user.permissions?.organizationPermissions.get(organization.id)).toBeDefined();
+        expect(user.permissions?.organizationPermissions.get(organization.id)?.roles.length).toEqual(1);
+        expect(user.permissions?.organizationPermissions.get(organization.id)?.roles[0].id).toEqual('test');
+    });
+});

package/src/endpoints/organization/dashboard/documents/PatchDocumentTemplatesEndpoint.ts

@@ -53,15 +53,7 @@ export class PatchDocumentTemplatesEndpoint extends Endpoint<Params, Query, Body
             template.year = put.year;
             template.organizationId = organization.id;
 
-            if (await this.doesYearAlreadyHaveFiscalDocument(template)) {
-                throw new SimpleError({
-                    code: 'double_fiscal_document',
-                    field: 'year',
-                    message: 'This year already has a fiscal document',
-                    human: $t('475f5f96-86bf-4124-a005-9904aaf72b37'),
-
-                });
-            }
+            await this.throwErrorIfAddMoreThanOneFiscalDocumentInYear(template);
 
             await template.save();
 
@@ -113,13 +105,8 @@ export class PatchDocumentTemplatesEndpoint extends Endpoint<Params, Query, Body
                 template.year = patch.year;
             }
 
-            if (shouldCheckIfAlreadyHasFiscalDocument && await this.doesYearAlreadyHaveFiscalDocument(template)) {
-                throw new SimpleError({
-                    code: 'double_fiscal_document',
-                    field: 'year',
-                    message: 'This year already has a fiscal document',
-                    human: $t('475f5f96-86bf-4124-a005-9904aaf72b37'),
-                });
+            if (shouldCheckIfAlreadyHasFiscalDocument) {
+                await this.throwErrorIfAddMoreThanOneFiscalDocumentInYear(template);
             }
 
             await template.save();
@@ -149,7 +136,11 @@ export class PatchDocumentTemplatesEndpoint extends Endpoint<Params, Query, Body
         );
     }
 
-    private async doesYearAlreadyHaveFiscalDocument(template: DocumentTemplate) {
+    private async throwErrorIfAddMoreThanOneFiscalDocumentInYear(template: DocumentTemplate): Promise<void> {
+        if (template.privateSettings.templateDefinition.type !== 'fiscal') {
+            return;
+        }
+
         let query = SQL.select().from(SQL.table(DocumentTemplate.table))
             .where(SQL.column('organizationId'), template.organizationId)
             .where(SQL.column('year'), template.year)
@@ -162,6 +153,13 @@ export class PatchDocumentTemplatesEndpoint extends Endpoint<Params, Query, Body
 
         const result = await query.limit(1).count();
 
-        return result > 0;
+        if (result > 0) {
+            throw new SimpleError({
+                code: 'double_fiscal_document',
+                field: 'year',
+                message: 'This year already has a fiscal document',
+                human: $t('475f5f96-86bf-4124-a005-9904aaf72b37'),
+            });
+        }
     }
 }

package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.ts

@@ -5,14 +5,14 @@ import { Organization, OrganizationRegistrationPeriod, PayconiqPayment, Platform
 import { BuckarooSettings, Company, MemberResponsibility, OrganizationMetaData, Organization as OrganizationStruct, PayconiqAccount, PaymentMethod, PaymentMethodHelper, PermissionLevel, PermissionRoleDetailed, PermissionRoleForResponsibility, PermissionsResourceType, ResourcePermissions, UitpasClientCredentialsStatus } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 
-import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures';
-import { BuckarooHelper } from '../../../../helpers/BuckarooHelper';
-import { Context } from '../../../../helpers/Context';
-import { MemberUserSyncer } from '../../../../helpers/MemberUserSyncer';
-import { SetupStepUpdater } from '../../../../helpers/SetupStepUpdater';
-import { TagHelper } from '../../../../helpers/TagHelper';
-import { ViesHelper } from '../../../../helpers/ViesHelper';
-import { UitpasService } from '../../../../services/uitpas/UitpasService';
+import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures.js';
+import { BuckarooHelper } from '../../../../helpers/BuckarooHelper.js';
+import { Context } from '../../../../helpers/Context.js';
+import { MemberUserSyncer } from '../../../../helpers/MemberUserSyncer.js';
+import { SetupStepUpdater } from '../../../../helpers/SetupStepUpdater.js';
+import { TagHelper } from '../../../../helpers/TagHelper.js';
+import { ViesHelper } from '../../../../helpers/ViesHelper.js';
+import { UitpasService } from '../../../../services/uitpas/UitpasService.js';
 
 type Params = Record<string, never>;
 type Query = undefined;

package/src/seeds/1765896674-document-update-year.test.ts

@@ -150,10 +150,10 @@ describe('migration.document-update-year', () => {
             const updatedDocument3 = await DocumentTemplate.getByID(document3.id);
 
             // take most frequent year and prefer date of document creation
-            expect(updatedDocument1?.year).toBe(2021);
+            expect(updatedDocument1?.year).toBe(2020);
             // should take 2020 because document was created in 2020
             expect(updatedDocument2?.year).toBe(2020);
-            expect(updatedDocument3?.year).toBe(2021);
+            expect(updatedDocument3?.year).toBe(2020);
         });
     });
 

package/src/seeds/1765896674-document-update-year.ts

@@ -28,27 +28,18 @@ export async function migrateDocumentYears() {
                 const yearMap = new Map<number, number>();
 
                 for (const group of groupModels) {
-                    const startYear = group.settings.startDate.getFullYear();
-                    const endYear = group.settings.endDate.getFullYear();
+                    const y = group.settings.startDate.getFullYear();
 
-                    for (let y = startYear; y <= endYear; y++) {
-                        const count = yearMap.get(y) ?? 0;
-                        yearMap.set(y, count + 1);
-                    }
+                    const count = yearMap.get(y) ?? 0;
+                    yearMap.set(y, count + 1);
                 }
 
                 // find the year with the highest count
                 let topYear = 0;
                 let topCount = 0;
-                const yearBeforeCreation = document.createdAt.getFullYear() - 1;
 
                 for (const [year, count] of yearMap) {
-                    if (count > topCount
-                        // prefer the year before creation
-                        || (count === topCount && year === yearBeforeCreation)
-                        // next prefer the most recent year
-                        || (topYear !== yearBeforeCreation && year > topYear)
-                    ) {
+                    if (count > topCount) {
                         topYear = year;
                         topCount = count;
                     }

package/src/services/InvoiceService.ts

@@ -0,0 +1,114 @@
+import { SimpleError } from '@simonbackx/simple-errors';
+import { BalanceItem, BalanceItemPayment, Invoice, Organization, Payment } from '@stamhoofd/models';
+import { InvoicedBalanceItem as InvoicedBalanceItemStruct, Invoice as InvoiceStruct } from '@stamhoofd/structures';
+import { Formatter } from '@stamhoofd/utility';
+
+export class InvoiceService {
+    static async invoicePayment(payment: Payment) {
+        if (!payment.customer) {
+            throw new SimpleError({
+                code: 'missing_customer',
+                message: 'Missing customer',
+                field: 'customer',
+                human: $t('Er kan geen factuur aangemaakt worden omdat de klantgegevens ontbreken voor deze betaling'),
+            });
+        }
+
+        if (payment.price % 100 !== 0) {
+            throw new SimpleError({
+                code: 'invalid_price_decimals',
+                message: 'Cannot invoice a payment with a price having more than two decimals',
+            });
+        }
+
+        const organization = payment.organizationId ? await Organization.getByID(payment.organizationId) : null;
+        if (!organization) {
+            throw new SimpleError({
+                code: 'missing_organization',
+                message: 'Cannot invoice a payment without corresponding organization',
+                statusCode: 500,
+            });
+        }
+
+        // Find default company
+        const seller = organization.meta.companies[0];
+
+        if (!seller) {
+            throw new SimpleError({
+                code: 'missing_company',
+                message: 'Missing invoice settings (companies)',
+                human: $t('Het is niet mogelijk om facturen uit te schrijven omdat er nog geen facturatiegegevens zijn ingesteld voor {organization-name}', {
+                    'organization-name': organization.name,
+                }),
+            });
+        }
+
+        const items: InvoicedBalanceItemStruct[] = [];
+        const balanceItemPayments = await BalanceItemPayment.select().where('paymentId', payment.id).fetch();
+        const balanceItems = await BalanceItem.getByIDs(...Formatter.uniqueArray(balanceItemPayments.map(d => d.balanceItemId)));
+
+        for (const balanceItemPayment of balanceItemPayments) {
+            const balanceItem = balanceItems.find(b => b.id === balanceItemPayment.balanceItemId);
+            if (!balanceItem) {
+                throw new SimpleError({
+                    code: 'missing_balance_item',
+                    message: 'Balance item missing for balanceItemPayment ' + balanceItemPayment.id,
+                    statusCode: 500,
+                });
+            }
+
+            const item = InvoicedBalanceItemStruct.createFor(balanceItem.getStructure(), balanceItemPayment.price);
+            items.push(item);
+        }
+
+        const struct = InvoiceStruct.create({
+            organizationId: organization.id,
+            seller,
+            customer: payment.customer,
+            payingOrganizationId: payment.payingOrganizationId,
+            items,
+        });
+
+        struct.calculateVAT();
+
+        if (struct.totalBalanceInvoicedAmount <= 0) {
+            throw new SimpleError({
+                code: 'invalid_invoiced_amount',
+                message: 'Unexpected 0 totalBalanceInvoicedAmount',
+            });
+        }
+
+        if (struct.totalWithVAT % 100 !== 0) {
+            throw new SimpleError({
+                code: 'invalid_price_decimals',
+                message: 'Unexpected invoice total price with more than two decimals',
+                statusCode: 500,
+            });
+        }
+
+        // Update payableRoundingAmount to match payment price
+        const difference = payment.price - struct.totalWithVAT;
+        if (Math.abs(difference) > 10_00) {
+            // Difference of more than 10 cent!
+            throw new SimpleError({
+                code: 'unexpected_price_difference',
+                message: 'The invoice and payment amounts differ by more than €0.10.',
+                statusCode: 500,
+            });
+        }
+
+        if (difference % 100 !== 0) {
+            throw new SimpleError({
+                code: 'invalid_price_decimals',
+                message: 'Unexpected payableRoundingAmount with more than two decimals',
+                statusCode: 500,
+            });
+        }
+
+        struct.payableRoundingAmount = difference;
+
+        // Todo: check we are not invoicing more than maximum invoiceable for these items
+
+        return await Invoice.createFrom(organization, struct);
+    }
+}