@stamhoofd/backend 2.26.0 → 2.27.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@stamhoofd/backend",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.27.2",
|
|
4
4
|
"main": "./dist/index.js",
|
|
5
5
|
"exports": {
|
|
6
6
|
".": {
|
|
@@ -36,14 +36,14 @@
|
|
|
36
36
|
"@simonbackx/simple-encoding": "2.15.1",
|
|
37
37
|
"@simonbackx/simple-endpoints": "1.14.0",
|
|
38
38
|
"@simonbackx/simple-logging": "^1.0.1",
|
|
39
|
-
"@stamhoofd/backend-i18n": "2.
|
|
40
|
-
"@stamhoofd/backend-middleware": "2.
|
|
41
|
-
"@stamhoofd/email": "2.
|
|
42
|
-
"@stamhoofd/models": "2.
|
|
43
|
-
"@stamhoofd/queues": "2.
|
|
44
|
-
"@stamhoofd/sql": "2.
|
|
45
|
-
"@stamhoofd/structures": "2.
|
|
46
|
-
"@stamhoofd/utility": "2.
|
|
39
|
+
"@stamhoofd/backend-i18n": "2.27.2",
|
|
40
|
+
"@stamhoofd/backend-middleware": "2.27.2",
|
|
41
|
+
"@stamhoofd/email": "2.27.2",
|
|
42
|
+
"@stamhoofd/models": "2.27.2",
|
|
43
|
+
"@stamhoofd/queues": "2.27.2",
|
|
44
|
+
"@stamhoofd/sql": "2.27.2",
|
|
45
|
+
"@stamhoofd/structures": "2.27.2",
|
|
46
|
+
"@stamhoofd/utility": "2.27.2",
|
|
47
47
|
"archiver": "^7.0.1",
|
|
48
48
|
"aws-sdk": "^2.885.0",
|
|
49
49
|
"axios": "1.6.8",
|
|
@@ -60,5 +60,5 @@
|
|
|
60
60
|
"postmark": "4.0.2",
|
|
61
61
|
"stripe": "^16.6.0"
|
|
62
62
|
},
|
|
63
|
-
"gitHead": "
|
|
63
|
+
"gitHead": "4c7804970b02fa339d884ace0105a6efc6dab179"
|
|
64
64
|
}
|
|
@@ -81,6 +81,9 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
|
|
|
81
81
|
let deleteUnreachable = false
|
|
82
82
|
const allowedIds: string[] = []
|
|
83
83
|
|
|
84
|
+
//#region prevent patch category lock if no full platform access
|
|
85
|
+
const originalCategories = organizationPeriod.settings.categories;
|
|
86
|
+
|
|
84
87
|
if (await Context.auth.hasFullAccess(organization.id)) {
|
|
85
88
|
if (patch.settings) {
|
|
86
89
|
if(patch.settings.categories) {
|
|
@@ -117,6 +120,49 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
|
|
|
117
120
|
}
|
|
118
121
|
}
|
|
119
122
|
|
|
123
|
+
//#region handle locked categories
|
|
124
|
+
if(!Context.auth.hasPlatformFullAccess()) {
|
|
125
|
+
const categoriesAfterPatch = organizationPeriod.settings.categories;
|
|
126
|
+
|
|
127
|
+
for(const categoryBefore of originalCategories) {
|
|
128
|
+
const locked = categoryBefore.settings.locked;
|
|
129
|
+
|
|
130
|
+
if(locked) {
|
|
131
|
+
// todo: use existing function, now a category could still be deleted if the category is moved to another category and that catetory is deleted
|
|
132
|
+
const categoryId = categoryBefore.id;
|
|
133
|
+
const refCountBefore = originalCategories.filter(c => c.categoryIds.includes(categoryId)).length;
|
|
134
|
+
const refCountAfter = categoriesAfterPatch.filter(c => c.categoryIds.includes(categoryId)).length;
|
|
135
|
+
const isDeleted = refCountAfter < refCountBefore;
|
|
136
|
+
|
|
137
|
+
if(isDeleted) {
|
|
138
|
+
throw Context.auth.error('Je hebt geen toegangsrechten om deze vergrendelde categorie te verwijderen.')
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
const categoryAfter = categoriesAfterPatch.find(c => c.id === categoryBefore.id);
|
|
143
|
+
|
|
144
|
+
if(!categoryAfter) {
|
|
145
|
+
if(locked) {
|
|
146
|
+
throw Context.auth.error('Je hebt geen toegangsrechten om deze vergrendelde categorie te verwijderen.')
|
|
147
|
+
}
|
|
148
|
+
} else if(locked !== categoryAfter.settings.locked) {
|
|
149
|
+
throw Context.auth.error('Je hebt geen toegangsrechten om deze categorie te vergrendelen of ontgrendelen.')
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
if(!locked || !categoryAfter) {
|
|
153
|
+
continue;
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
const settingsBefore = categoryBefore.settings;
|
|
157
|
+
const settingsAfter = categoryAfter.settings;
|
|
158
|
+
|
|
159
|
+
if(settingsBefore.name !== settingsAfter.name) {
|
|
160
|
+
throw Context.auth.error('Je hebt geen toegangsrechten de naam van deze vergrendelde categorie te wijzigen.')
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
//#endregion
|
|
165
|
+
|
|
120
166
|
await organizationPeriod.save();
|
|
121
167
|
|
|
122
168
|
// Check changes to groups
|