@stamhoofd/backend 2.120.5 → 2.121.0

package/src/endpoints/global/registration-invitations/PatchRegistrationInvitationsEndpoint.ts

@@ -0,0 +1,168 @@
+import type { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder } from '@simonbackx/simple-encoding';
+import { PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
+import { Endpoint, Response } from '@simonbackx/simple-endpoints';
+import type { RegistrationInvitation as RegistrationInvitationStruct } from '@stamhoofd/structures';
+import { GroupType, PermissionLevel, RegistrationInvitationRequest } from '@stamhoofd/structures';
+
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Group, Member, RegistrationInvitation } from '@stamhoofd/models';
+import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures.js';
+import { Context } from '../../../helpers/Context.js';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PatchableArrayAutoEncoder<RegistrationInvitationRequest>;
+type ResponseBody = RegistrationInvitationStruct[];
+
+export class PatchRegistrationInvitationsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+     
+    bodyDecoder = new PatchableArrayDecoder(
+        RegistrationInvitationRequest as Decoder<RegistrationInvitationRequest>,
+        RegistrationInvitationRequest.patchType() as Decoder<AutoEncoderPatchType<RegistrationInvitationRequest>>,
+        StringDecoder);
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'PATCH') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/registration-invitations', {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate();
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error();
+        }
+
+        const invitations: RegistrationInvitation[] = [];
+        let duplicateCount = 0;
+
+        const puts = request.body.getPuts();
+        for (const { put } of puts) {
+            await this.checkCanCreateRegistrationInvitation(put, organization.id);
+
+            const invitation = new RegistrationInvitation();
+            invitation.id = put.id;
+            invitation.organizationId = organization.id;
+            invitation.groupId = put.groupId;
+            invitation.memberId = put.memberId;
+
+            try {
+                await invitation.save();
+                invitations.push(invitation);
+            } catch (e) {
+                // update if duplicate
+                if (e.code === 'ER_DUP_ENTRY') {
+                    const duplicate = await RegistrationInvitation.select()
+                        .where('groupId', invitation.groupId)
+                        .andWhere('memberId', invitation.memberId)
+                        .first(false);
+                    
+                    if (duplicate) {
+                        invitations.push(duplicate);
+                    }
+
+                    duplicateCount += 1;
+                    continue;
+                } else {
+                    throw e;
+                }
+            }
+        }
+
+        if (request.body.getPatches().length > 0) {
+            throw new SimpleError({
+                code: 'patch_not_supported',
+                statusCode: 405,
+                message: 'Patching invitations is not supported. Only puts and deletes are supported.',
+            });
+        }
+
+        for (const id of request.body.getDeletes()) {
+            const invitation = await RegistrationInvitation.getByID(id);
+            if (!invitation) {
+                throw new SimpleError({
+                    code: 'not_found',
+                    statusCode: 404,
+                    message: 'Registration invitation not found',
+                });
+            }
+
+            // Anyone with write access to the group can delete invitations for the group
+            const group = await Group.getByID(invitation.groupId);
+    
+            if (!group || !await Context.auth.canAccessGroup(group, PermissionLevel.Write)) {
+                throw Context.auth.error($t(`%1UN`));
+            }
+
+            await invitation.delete();
+        }
+
+        // show an error if all puts were duplicates
+        if (puts.length > 0 && puts.length === duplicateCount) {
+            throw new SimpleError({
+                code: 'duplicate_entry',
+                statusCode: 409,
+                message: 'Duplicate entry',
+                human: puts.length === 1 ? $t(`%1RS`) : $t(`%1RP`),
+            });
+        }
+
+        return new Response(
+            await AuthenticatedStructures.registrationInvitations(invitations),
+        );
+    }
+
+    /**
+     * Will throw if not allowed to invite.
+     * @param invitation
+     * @param organizationId id of organization to invite for, should match the organizationId in the invitation
+     */
+    private async checkCanCreateRegistrationInvitation(invitation: RegistrationInvitationRequest, organizationId: string) {
+        const group = await Group.getByID(invitation.groupId);
+
+        if (!group || group.organizationId !== organizationId || !await Context.auth.canAccessGroup(group, PermissionLevel.Write)) {
+            throw Context.auth.error($t(`%1ST`));
+        }
+
+        // cannot invite for waiting list
+        if (group.type === GroupType.WaitingList) {
+            throw new SimpleError({
+                code: 'bad_group',
+                statusCode: 400,
+                message: 'Not allowed to invite for waiting list',
+            });
+        }
+
+        const member = await Member.getByIdWithUsersAndRegistrations(invitation.memberId);
+        
+        if (!member
+            // in userMode 'organization' we can only invite members from the same organization
+            || (STAMHOOFD.userMode === 'organization' && member.organizationId !== organizationId)
+            // read access is suficient
+            || !await Context.auth.canAccessMember(member, PermissionLevel.Read)
+            ) {
+                throw Context.auth.error($t(`%1Qv`));
+        }
+
+        // cannot invite if already registered
+        if (member.registrations.some(r => r.groupId === group.id && r.registeredAt !== null && r.deactivatedAt === null)) {
+            throw new SimpleError({
+                code: 'bad_group',
+                statusCode: 400,
+                message: 'The member is already registered for this group',
+                human: $t('%1S2'),
+            })
+        }
+    }
+}

package/src/endpoints/organization/dashboard/balance-items/PatchBalanceItemsEndpoint.ts

@@ -188,10 +188,25 @@ export class PatchBalanceItemsEndpoint extends Endpoint<Params, Query, Body, Res
                 model.unitPrice = patch.unitPrice ?? model.unitPrice;
                 model.amount = patch.amount ?? model.amount;
                 model.dueAt = patch.dueAt === undefined ? model.dueAt : patch.dueAt;
+
+                const VATPercentageBefore = model.VATPercentage;
+                const includedBefore = model.VATIncluded;
+                const excemptBefore = model.VATExcempt
+
                 model.VATIncluded = patch.VATIncluded === undefined ? model.VATIncluded : patch.VATIncluded;
                 model.VATPercentage = patch.VATPercentage === undefined ? model.VATPercentage : patch.VATPercentage;
                 model.VATExcempt = patch.VATExcempt === undefined ? model.VATExcempt : patch.VATExcempt;
 
+                if (model.priceInvoiced !== 0) {
+                    if (model.VATPercentage !== VATPercentageBefore || model.VATIncluded !== includedBefore || model.VATExcempt !== excemptBefore) {
+                        throw new SimpleError({
+                            code: 'invoiced',
+                            message: 'You cannot change VAT settings of balance items when the balance item has been invoiced',
+                            human: $t('%1Rt')
+                        })
+                    }
+                }
+
                 if ((patch.dueAt !== undefined || patch.unitPrice !== undefined) && model.dueAt && model.price < 0) {
                     throw new SimpleError({
                         code: 'invalid_price',

package/src/endpoints/{global → organization/dashboard}/billing/DeactivatePackageEndpoint.ts

@@ -1,10 +1,9 @@
-import type { DecodedRequest, Request} from '@simonbackx/simple-endpoints';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
 import { Endpoint, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
-import { STPackage } from '@stamhoofd/models';
 
-import { Context } from '../../../helpers/Context.js';
-import { STPackageService } from '../../../services/STPackageService.js';
+import { Context } from '../../../../helpers/Context.js';
+import { STPackageService } from '../../../../services/STPackageService.js';
 type Params = { id: string };
 type Query = undefined;
 type ResponseBody = undefined;

package/src/endpoints/organization/dashboard/billing/DeleteOrganizationMandateEndpoint.ts

@@ -0,0 +1,62 @@
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
+import { Endpoint, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Organization } from '@stamhoofd/models';
+import { Context } from '../../../../helpers/Context.js';
+import { PaymentMandateService } from '../../../../services/PaymentMandateService.js';
+
+type Params = { id: string, sellingOrganizationId: string };
+type Query = undefined;
+type Body = undefined;
+type ResponseBody = undefined
+
+export class DeleteOrganizationMandateEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'DELETE') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/billing/@sellingOrganizationId/mandates/@id', {sellingOrganizationId: String, id: String});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const payingOrganization = await Context.setOrganizationScope();
+        const { user } = await Context.authenticate();
+
+       const id = request.params.sellingOrganizationId;
+        if (!id) {
+            throw new SimpleError({
+                code: 'unavailable',
+                message: 'This is temporarily unavailable',
+                human: $t('%1Rz')
+            })
+        }
+        
+        const sellingOrganization = await Organization.getByID(id);
+        if (!sellingOrganization || !sellingOrganization.active) {
+            throw new SimpleError({
+                statusCode: 404,
+                code: 'not_found',
+                message: 'Selling organization not found',
+                human: $t('%1R5'),
+                field: 'sellingOrganization'
+            })
+        }
+
+        await PaymentMandateService.deleteMandate({
+            mandateId: request.params.id,
+            sellingOrganization,
+            user,
+            payingOrganization
+        })
+
+        const r = new Response(undefined);
+        r.status = 201;
+        return r;
+    }
+}

package/src/endpoints/organization/dashboard/billing/GetOrganizationDetailedPayableBalanceCollectionEndpoint.ts

@@ -0,0 +1,56 @@
+import type { DecodedRequest, Request} from '@simonbackx/simple-endpoints';
+import { Endpoint, Response } from '@simonbackx/simple-endpoints';
+import type { DetailedPayableBalanceCollection} from '@stamhoofd/structures';
+import { PaymentStatus } from '@stamhoofd/structures';
+
+import { BalanceItem, Payment } from '@stamhoofd/models';
+import { SQL } from '@stamhoofd/sql';
+import { Context } from '../../../../helpers/Context.js';
+import { GetUserDetailedPayableBalanceEndpoint } from '../../../global/registration/GetUserDetailedPayableBalanceEndpoint.js';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type ResponseBody = DetailedPayableBalanceCollection;
+type Body = undefined;
+
+export class GetOrganizationDetailedPayableBalanceCollectionEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'GET') {
+            return [false];
+        }
+
+        const params = request.getVersion() >= 339
+            ? Endpoint.parseParameters(request.url, '/organization/payable-balance/detailed', {})
+            : (
+                    request.getVersion() <= 334
+                        ? Endpoint.parseParameters(request.url, '/organization/billing/status', {})
+                        : Endpoint.parseParameters(request.url, '/organization/billing/status/detailed', {})
+                );
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate();
+
+        // If the user has permission, we'll also search if he has access to the organization's key
+        if (!await Context.auth.canManageFinances(organization.id)) {
+            throw Context.auth.error();
+        }
+
+        const balanceItemModels = await BalanceItem.balanceItemsForOrganization(organization.id);
+
+        const paymentModels = await Payment.select()
+            .where('payingOrganizationId', organization.id)
+            .andWhere(
+                SQL.whereNot('status', PaymentStatus.Failed),
+            )
+            .fetch();
+
+        return new Response(await GetUserDetailedPayableBalanceEndpoint.getDetailedBillingStatus(balanceItemModels, paymentModels));
+    }
+}

package/src/endpoints/organization/dashboard/billing/GetOrganizationDetailedPayableBalanceEndpoint.ts

@@ -1,31 +1,24 @@
-import type { DecodedRequest, Request} from '@simonbackx/simple-endpoints';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
 import { Endpoint, Response } from '@simonbackx/simple-endpoints';
-import type { DetailedPayableBalanceCollection} from '@stamhoofd/structures';
-import { PaymentStatus } from '@stamhoofd/structures';
+import { DetailedPayableBalance, PaymentStatus } from '@stamhoofd/structures';
 
-import { BalanceItem, Payment } from '@stamhoofd/models';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { BalanceItem, Organization, Payment } from '@stamhoofd/models';
 import { SQL } from '@stamhoofd/sql';
+import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures.js';
 import { Context } from '../../../../helpers/Context.js';
-import { GetUserDetailedPayableBalanceEndpoint } from '../../../global/registration/GetUserDetailedPayableBalanceEndpoint.js';
 
-type Params = Record<string, never>;
+type Params = { sellingOrganizationId: string };
 type Query = undefined;
-type ResponseBody = DetailedPayableBalanceCollection;
+type ResponseBody = DetailedPayableBalance;
 type Body = undefined;
 
-export class GetOrganizationDetailedPayableBalanceEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+export class GetOrganizationDetailedPayableBalancendpoint extends Endpoint<Params, Query, Body, ResponseBody> {
     protected doesMatch(request: Request): [true, Params] | [false] {
         if (request.method !== 'GET') {
             return [false];
         }
-
-        const params = request.getVersion() >= 339
-            ? Endpoint.parseParameters(request.url, '/organization/payable-balance/detailed', {})
-            : (
-                    request.getVersion() <= 334
-                        ? Endpoint.parseParameters(request.url, '/organization/billing/status', {})
-                        : Endpoint.parseParameters(request.url, '/organization/billing/status/detailed', {})
-                );
+        const params = Endpoint.parseParameters(request.url, '/billing/@sellingOrganizationId/payable-balance', {sellingOrganizationId: String});
 
         if (params) {
             return [true, params as Params];
@@ -33,7 +26,7 @@ export class GetOrganizationDetailedPayableBalanceEndpoint extends Endpoint<Para
         return [false];
     }
 
-    async handle(_: DecodedRequest<Params, Query, Body>) {
+    async handle(request: DecodedRequest<Params, Query, Body>) {
         const organization = await Context.setOrganizationScope();
         await Context.authenticate();
 
@@ -42,15 +35,45 @@ export class GetOrganizationDetailedPayableBalanceEndpoint extends Endpoint<Para
             throw Context.auth.error();
         }
 
-        const balanceItemModels = await BalanceItem.balanceItemsForOrganization(organization.id);
+        const id = request.params.sellingOrganizationId;
+        if (!id) {
+            throw new SimpleError({
+                code: 'unavailable',
+                message: 'This is temporarily unavailable',
+                human: $t('%1Rz')
+            })
+        }
+        
+        const sellingOrganization = await Organization.getByID(id);
+        if (!sellingOrganization || !sellingOrganization.active) {
+            throw new SimpleError({
+                statusCode: 404,
+                code: 'not_found',
+                message: 'Selling organization not found',
+                human: $t('%1R5'),
+                field: 'sellingOrganization'
+            })
+        }
+
+        const balanceItemModels = await BalanceItem.balanceItemsForOrganization(organization.id, request.params.sellingOrganizationId);
 
         const paymentModels = await Payment.select()
             .where('payingOrganizationId', organization.id)
+            .where('organizationId', request.params.sellingOrganizationId)
             .andWhere(
                 SQL.whereNot('status', PaymentStatus.Failed),
             )
             .fetch();
 
-        return new Response(await GetUserDetailedPayableBalanceEndpoint.getDetailedBillingStatus(balanceItemModels, paymentModels));
+        const balanceItems = await BalanceItem.getStructureWithPayments(balanceItemModels);
+        const payments = await AuthenticatedStructures.paymentsGeneral(paymentModels, false);
+
+        const balance = DetailedPayableBalance.create({
+            organization: await AuthenticatedStructures.organization(sellingOrganization),
+            balanceItems,
+            payments,
+        });
+
+        return new Response(balance);
     }
 }

package/src/endpoints/organization/dashboard/billing/GetOrganizationMandatesEndpoint.ts

@@ -0,0 +1,64 @@
+import type { Decoder } from '@simonbackx/simple-encoding';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
+import { Endpoint, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Organization } from '@stamhoofd/models';
+import { OrganizationCheckout } from '@stamhoofd/structures';
+import type { PaymentMandate } from '@stamhoofd/structures/PaymentMandate.js';
+import { Context } from '../../../../helpers/Context.js';
+import { PaymentMandateService } from '../../../../services/PaymentMandateService.js';
+
+type Params = { sellingOrganizationId: string };
+type Query = undefined;
+type Body = undefined;
+type ResponseBody = PaymentMandate[];
+
+export class GetOrganizationMandatesEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = OrganizationCheckout as Decoder<Query>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'GET') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/billing/@sellingOrganizationId/mandates', {sellingOrganizationId: String});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const payingOrganization = await Context.setOrganizationScope();
+        const { user } = await Context.authenticate();
+
+        const id = request.params.sellingOrganizationId;
+        if (!id) {
+            throw new SimpleError({
+                code: 'unavailable',
+                message: 'This is temporarily unavailable',
+                human: $t('%1Rz')
+            })
+        }
+        
+        const sellingOrganization = await Organization.getByID(id);
+        if (!sellingOrganization || !sellingOrganization.active) {
+            throw new SimpleError({
+                statusCode: 404,
+                code: 'not_found',
+                message: 'Selling organization not found',
+                human: $t('%1R5'),
+                field: 'sellingOrganization'
+            })
+        }
+
+        const mandates = await PaymentMandateService.getMandates({
+            sellingOrganization,
+            user,
+            payingOrganization
+        })
+
+       return new Response(PaymentMandateService.groupByMandate(mandates).mandates);
+    }
+}

package/src/endpoints/organization/dashboard/billing/GetPackagesEndpoint.ts

@@ -3,13 +3,21 @@ import { Endpoint, Response } from '@simonbackx/simple-endpoints';
 import { OrganizationPackagesStatus, STPackage as STPackageStruct } from '@stamhoofd/structures';
 import { Context } from '../../../../helpers/Context.js';
 import { STPackageService } from '../../../../services/STPackageService.js';
+import type { Decoder} from '@simonbackx/simple-encoding';
+import { AutoEncoder, BooleanDecoder, field } from '@simonbackx/simple-encoding';
 
 type Params = Record<string, never>;
-type Query = undefined;
+class Query extends AutoEncoder {
+    @field({ decoder: BooleanDecoder })
+    includeExpired = false;
+}
+
 type ResponseBody = OrganizationPackagesStatus;
 type Body = undefined;
 
 export class GetPackagesEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>;
+    
     protected doesMatch(request: Request): [true, Params] | [false] {
         if (request.method !== 'GET') {
             return [false];
@@ -23,7 +31,7 @@ export class GetPackagesEndpoint extends Endpoint<Params, Query, Body, ResponseB
         return [false];
     }
 
-    async handle(_: DecodedRequest<Params, Query, Body>) {
+    async handle({query}: DecodedRequest<Params, Query, Body>) {
         const organization = await Context.setOrganizationScope();
         await Context.authenticate();
 
@@ -32,7 +40,7 @@ export class GetPackagesEndpoint extends Endpoint<Params, Query, Body, ResponseB
             throw Context.auth.error();
         }
 
-        const packages = Context.auth.hasPlatformFullAccess() ? await STPackageService.getValidPackagesWithExpired(organization.id) : await STPackageService.getActivePackages(organization.id);
+        const packages = query.includeExpired ? await STPackageService.getValidPackagesWithExpired(organization.id) : await STPackageService.getActivePackages(organization.id);
 
         return new Response(OrganizationPackagesStatus.create({
             packages: packages.map(p => STPackageStruct.create(p)),