@stamhoofd/backend 2.3.1 → 2.5.0

package/src/endpoints/global/members/GetMembersEndpoint.ts

@@ -2,9 +2,9 @@
 import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
-import { Member, MemberWithRegistrations, Platform } from '@stamhoofd/models';
-import { SQL, SQLAge, SQLConcat, SQLFilterDefinitions, SQLOrderBy, SQLOrderByDirection, SQLScalar, SQLSortDefinitions, baseSQLFilterCompilers, compileToSQLFilter, compileToSQLSorter, createSQLColumnFilterCompiler, createSQLExpressionFilterCompiler, createSQLFilterNamespace, createSQLRelationFilterCompiler, joinSQLQuery } from "@stamhoofd/sql";
-import { CountFilteredRequest, GroupStatus, LimitedFilteredRequest, MembersBlob, PaginatedResponse, PermissionLevel, StamhoofdFilter, getSortFilter } from '@stamhoofd/structures';
+import { Email, Member, MemberWithRegistrations, Platform } from '@stamhoofd/models';
+import { SQL, SQLAge, SQLConcat, SQLFilterDefinitions, SQLJSONValue, SQLOrderBy, SQLOrderByDirection, SQLScalar, SQLSortDefinitions, baseSQLFilterCompilers, compileToSQLFilter, compileToSQLSorter, createSQLColumnFilterCompiler, createSQLExpressionFilterCompiler, createSQLFilterNamespace, createSQLRelationFilterCompiler, joinSQLQuery } from "@stamhoofd/sql";
+import { CountFilteredRequest, EmailRecipientFilterType, GroupStatus, LimitedFilteredRequest, MembersBlob, PaginatedResponse, PermissionLevel, StamhoofdFilter, getSortFilter, mergeFilters } from '@stamhoofd/structures';
 import { DataValidator, Formatter } from '@stamhoofd/utility';
 
 import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
@@ -16,6 +16,44 @@ type Query = LimitedFilteredRequest;
 type Body = undefined;
 type ResponseBody = PaginatedResponse<MembersBlob, LimitedFilteredRequest>
 
+Email.recipientLoaders.set(EmailRecipientFilterType.Members, {
+    fetch: async (query: LimitedFilteredRequest) => {
+        const result = await GetMembersEndpoint.buildData(query)
+
+        return new PaginatedResponse({
+            results: result.results.members.flatMap(m => m.getEmailRecipients(['member'])),
+            next: result.next
+        });
+    },
+
+    count: async (query: LimitedFilteredRequest) => {
+        query.filter = mergeFilters([query.filter, {
+            'email': {
+                $neq: null
+            }
+        }])
+        const q = await GetMembersEndpoint.buildQuery(query)
+        return await q.count();
+    }
+});
+Email.recipientLoaders.set(EmailRecipientFilterType.MemberParents, {
+    fetch: async (query: LimitedFilteredRequest) => {
+        const result = await GetMembersEndpoint.buildData(query)
+
+        return new PaginatedResponse({
+            results: result.results.members.flatMap(m => m.getEmailRecipients(['parents'])),
+            next: result.next
+        });
+    },
+
+    count: async (query: LimitedFilteredRequest) => {
+        const q = await GetMembersEndpoint.buildQuery(query)
+        return await q.sum(
+            SQL.jsonLength(SQL.column('details'), '$.value.parents[*].email')
+        );
+    }
+});
+
 const registrationFilterCompilers: SQLFilterDefinitions = {
     ...baseSQLFilterCompilers,
     "price": createSQLColumnFilterCompiler('price'),
@@ -131,6 +169,14 @@ const filterCompilers: SQLFilterDefinitions = {
         .from(
             SQL.table('member_responsibility_records')
         )
+        .join(
+            SQL.leftJoin(
+                SQL.table('groups')
+            ).where(
+                SQL.column('groups', 'id'),
+                SQL.column('member_responsibility_records', 'groupId')
+            )
+        )
         .where(
             SQL.column('memberId'),
             SQL.column('members', 'id'),
@@ -143,6 +189,11 @@ const filterCompilers: SQLFilterDefinitions = {
             "organizationId": createSQLColumnFilterCompiler(SQL.column('member_responsibility_records', 'organizationId')),
             "startDate": createSQLColumnFilterCompiler(SQL.column('member_responsibility_records', 'startDate')),
             "endDate": createSQLColumnFilterCompiler(SQL.column('member_responsibility_records', 'endDate')),
+            "group": createSQLFilterNamespace({
+                ...baseSQLFilterCompilers,
+                id: createSQLColumnFilterCompiler(SQL.column('groups', 'id')),
+                defaultAgeGroupId: createSQLColumnFilterCompiler(SQL.column('groups', 'defaultAgeGroupId')),
+            })
         }
     ),
 
@@ -154,6 +205,10 @@ const filterCompilers: SQLFilterDefinitions = {
         .where(
             SQL.column('memberId'),
             SQL.column('members', 'id'),
+        )
+        .where(
+            SQL.column('deletedAt'),
+            null,
         ),
         {
             ...baseSQLFilterCompilers,
@@ -297,7 +352,6 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
             if (tags != 'all' && tags.length === 0) {
                 throw Context.auth.error()
             }
-
         
             if (tags !== 'all') {
                 const platform = await Platform.getShared()
@@ -328,17 +382,35 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
 
         if (organization) {
             // Add organization scope filter
-            scopeFilter = {
-                registrations: {
-                    $elemMatch: {
-                        organizationId: organization.id,
-                        periodId: organization.periodId,
-                        registeredAt: {
-                            $neq: null
+            const groups = await Context.auth.getAccessibleGroups(organization.id)
+
+            if (groups === 'all') {
+                scopeFilter = {
+                    registrations: {
+                        $elemMatch: {
+                            organizationId: organization.id,
+                            registeredAt: {
+                                $neq: null
+                            }
                         }
                     }
-                }
-            };
+                };
+            } else {
+                scopeFilter = {
+                    registrations: {
+                        $elemMatch: {
+                            organizationId: organization.id,
+                            periodId: organization.periodId,
+                            groupId: {
+                                $in: groups
+                            },
+                            registeredAt: {
+                                $neq: null
+                            }
+                        }
+                    }
+                };
+            }
         }
         
         const query = SQL
@@ -408,29 +480,8 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
         return query
     }
 
-    async handle(request: DecodedRequest<Params, Query, Body>) {
-        await Context.setOptionalOrganizationScope();
-        await Context.authenticate()
-
-        const maxLimit = Context.auth.hasSomePlatformAccess() ? 1000 : 100;
-
-        if (request.query.limit > maxLimit) {
-            throw new SimpleError({
-                code: 'invalid_field',
-                field: 'limit',
-                message: 'Limit can not be more than ' + maxLimit
-            })
-        }
-
-        if (request.query.limit < 1) {
-            throw new SimpleError({
-                code: 'invalid_field',
-                field: 'limit',
-                message: 'Limit can not be less than 1'
-            })
-        }
-        
-        const query = await GetMembersEndpoint.buildQuery(request.query)
+    static async buildData(requestQuery: LimitedFilteredRequest) {
+        const query = await GetMembersEndpoint.buildQuery(requestQuery)
         const data = await query.fetch()
         
         const memberIds = data.map((r) => {
@@ -452,29 +503,54 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
 
         let next: LimitedFilteredRequest|undefined;
 
-        if (memberIds.length >= request.query.limit) {
+        if (memberIds.length >= requestQuery.limit) {
             const lastObject = members[members.length - 1];
-            const nextFilter = getSortFilter(lastObject, sorters, request.query.sort);
+            const nextFilter = getSortFilter(lastObject, sorters, requestQuery.sort);
 
             next = new LimitedFilteredRequest({
-                filter: request.query.filter,
+                filter: requestQuery.filter,
                 pageFilter: nextFilter,
-                sort: request.query.sort,
-                limit: request.query.limit,
-                search: request.query.search
+                sort: requestQuery.sort,
+                limit: requestQuery.limit,
+                search: requestQuery.search
             })
 
-            if (JSON.stringify(nextFilter) === JSON.stringify(request.query.pageFilter)) {
-                console.error('Found infinite loading loop for', request.query);
+            if (JSON.stringify(nextFilter) === JSON.stringify(requestQuery.pageFilter)) {
+                console.error('Found infinite loading loop for', requestQuery);
                 next = undefined;
             }
         }
 
-        return new Response(
-            new PaginatedResponse<MembersBlob, LimitedFilteredRequest>({
-                results: await AuthenticatedStructures.membersBlob(members),
-                next
+        return new PaginatedResponse<MembersBlob, LimitedFilteredRequest>({
+            results: await AuthenticatedStructures.membersBlob(members),
+            next
+        });
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.setOptionalOrganizationScope();
+        await Context.authenticate()
+
+        const maxLimit = Context.auth.hasSomePlatformAccess() ? 1000 : 100;
+
+        if (request.query.limit > maxLimit) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                field: 'limit',
+                message: 'Limit can not be more than ' + maxLimit
             })
+        }
+
+        if (request.query.limit < 1) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                field: 'limit',
+                message: 'Limit can not be less than 1'
+            })
+        }
+        
+        return new Response(
+            await GetMembersEndpoint.buildData(request.query)
         );
     }
 }

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -2,12 +2,13 @@ import { OneToManyRelation } from '@simonbackx/simple-database';
 import { ConvertArrayToPatchableArray, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { SimpleError } from "@simonbackx/simple-errors";
-import { BalanceItem, MemberPlatformMembership, BalanceItemPayment, Document, Group, Member, MemberFactory, MemberResponsibilityRecord, MemberWithRegistrations, Organization, Payment, Platform, Registration, RegistrationPeriod, User } from '@stamhoofd/models';
-import { BalanceItemStatus, MemberPlatformMembership as MemberPlatformMembershipStruct, MemberWithRegistrationsBlob, MembersBlob, PaymentMethod, PaymentStatus, PermissionLevel, Registration as RegistrationStruct, User as UserStruct } from "@stamhoofd/structures";
+import { BalanceItem, BalanceItemPayment, Document, Group, Member, MemberFactory, MemberPlatformMembership, MemberResponsibilityRecord, MemberWithRegistrations, Organization, Payment, Platform, Registration, RegistrationPeriod, User } from '@stamhoofd/models';
+import { BalanceItemStatus, MemberWithRegistrationsBlob, MembersBlob, PaymentMethod, PaymentStatus, PermissionLevel, Registration as RegistrationStruct, User as UserStruct } from "@stamhoofd/structures";
 import { Formatter } from '@stamhoofd/utility';
 
 import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
 import { Context } from '../../../helpers/Context';
+import { MemberUserSyncer } from '../../../helpers/MemberUserSyncer';
 
 type Params = Record<string, never>;
 type Query = undefined;
@@ -105,16 +106,29 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 duplicate.details.merge(member.details)
                 member = duplicate
 
-                // Only save after checking permissions
+                // You need write permissions, because a user can potentially earn write permissions on a member
+                // by registering it
+                if (!await Context.auth.canAccessMember(duplicate, PermissionLevel.Write)) {
+                    throw new SimpleError({
+                        code: "known_member_missing_rights",
+                        message: "Creating known member without sufficient access rights",
+                        human: "Dit lid is al bekend in het systeem, maar je hebt er geen toegang tot. Vraag iemand met de juiste toegangsrechten om dit lid voor jou toe te voegen, of vraag het lid om zelf in te schrijven via het ledenportaal.",
+                        statusCode: 400
+                    })
+                }
             }
 
             if (struct.registrations.length === 0) {
-                 throw new SimpleError({
-                    code: "missing_group",
-                    message: "Missing group",
-                    human: "Schrijf een nieuw lid altijd in voor minstens één groep",
-                    statusCode: 400
-                })
+                // We risk creating a new member without being able to access it manually afterwards
+
+                if ((organization && !await Context.auth.hasFullAccess(organization.id)) || (!organization && !Context.auth.hasPlatformFullAccess())) {
+                    throw new SimpleError({
+                        code: "missing_group",
+                        message: "Missing group",
+                        human: "Je moet hoofdbeheerder zijn om een lid toe te voegen zonder inschrijving in het systeem",
+                        statusCode: 400
+                    })
+                }
             }
 
             // Throw early
@@ -188,13 +202,8 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 updateGroups.set(group.id, group)
             }
 
-            // Add users if they don't exist (only placeholders allowed)
-            for (const placeholder of struct.users) {
-                await PatchOrganizationMembersEndpoint.linkUser(placeholder, member)
-            }
-
             // Auto link users based on data
-            await PatchOrganizationMembersEndpoint.updateManagers(member)
+            await MemberUserSyncer.onChangeMember(member)
         }
 
         // Loop all members one by one
@@ -227,7 +236,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             // Update registrations
             for (const patchRegistration of patch.registrations.getPatches()) {
                 const registration = member.registrations.find(r => r.id === patchRegistration.id)
-                if (!registration || registration.memberId != member.id) {
+                if (!registration || registration.memberId != member.id || (!await Context.auth.canAccessRegistration(registration, PermissionLevel.Write))) {
                     throw new SimpleError({
                         code: "permission_denied",
                         message: "You don't have permissions to access this endpoint",
@@ -428,7 +437,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 const platform = await Platform.getShared()
                 const responsibility = platform.config.responsibilities.find(r => r.id === patchResponsibility.responsibilityId)
 
-                if (responsibility && !responsibility.assignableByOrganizations && !Context.auth.hasPlatformFullAccess()) {
+                if (responsibility && !responsibility.organizationBased && !Context.auth.hasPlatformFullAccess()) {
                     throw Context.auth.error("Je hebt niet voldoende rechten om deze functie aan te passen")
                 }
                 
@@ -458,38 +467,88 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 await responsibilityRecord.save()
             }
 
-            // Update responsibilities
+            // Create responsibilities
             for (const {put} of patch.responsibilities.getPuts()) {
                 if (!Context.auth.hasPlatformFullAccess() && !(organization && await Context.auth.hasFullAccess(organization.id))) {
                     throw Context.auth.error("Je hebt niet voldoende rechten om functies van leden aan te passen")
                 }
 
                 const platform = await Platform.getShared()
-                const responsibility = platform.config.responsibilities.find(r => r.id === put.responsibilityId)
+                const platformResponsibility = platform.config.responsibilities.find(r => r.id === put.responsibilityId)
+                const org = organization ?? (put.organizationId ? await Organization.getByID(put.organizationId) : null)
+
+                if (!org && put.organizationId) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Invalid organization",
+                        human: "Deze vereniging bestaat niet",
+                        field: "organizationId"
+                    })
+                }
+                const responsibility = platformResponsibility ?? org?.privateMeta.responsibilities.find(r => r.id === put.responsibilityId)
 
-                if (!responsibility || (!responsibility.assignableByOrganizations && !Context.auth.hasPlatformFullAccess())) {
-                    throw Context.auth.error("Je hebt niet voldoende rechten om deze functie toe te kennen")
+                if (!responsibility) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Invalid responsibility",
+                        human: "Deze functie bestaat niet",
+                        field: "responsibilityId"
+                    })
+                }
+
+                if (!org && responsibility.organizationBased) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Invalid organization",
+                        human: "Deze functie kan niet worden toegewezen aan deze vereniging",
+                        field: "organizationId"
+                    })
                 }
 
                 const model = new MemberResponsibilityRecord()
                 model.memberId = member.id
                 model.responsibilityId = responsibility.id
+                model.organizationId = org?.id ?? null
 
-                if (responsibility.assignableByOrganizations) {
-                    if (organization) {
-                        model.organizationId = organization.id
-                    } else {
-                        if (!put.organizationId) {
-                            if (!Context.auth.hasPlatformFullAccess()) {
-                                throw Context.auth.error("Je hebt niet voldoende rechten om deze functie toe te kennen")
-                            }
-                        } else if (!await Context.auth.hasFullAccess(put.organizationId)) {
-                            throw Context.auth.error("Je hebt niet voldoende rechten om functies van leden toe te kennen voor deze vereniging")
-                        }
-                        model.organizationId = put.organizationId
+                if (responsibility.organizationTagIds !== null && (!org || !org.meta.matchTags(responsibility.organizationTagIds))) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Invalid organization",
+                        human: "Deze functie is niet beschikbaar voor deze vereniging",
+                        field: "organizationId"
+                    })
+                }
+
+                if (responsibility.defaultAgeGroupIds !== null) {
+                    if (!put.groupId) {
+                        throw new SimpleError({
+                            code: "invalid_field",
+                            message: "Missing groupId",
+                            human: "Kies een leeftijdsgroep waarvoor je deze functie wilt toekennen",
+                            field: "groupId"
+                        })
                     }
-                } else {
-                    model.organizationId = null
+
+                    const group = await Group.getByID(put.groupId)
+                    if (!group || group.organizationId !== model.organizationId) {
+                        throw new SimpleError({
+                            code: "invalid_field",
+                            message: "Invalid groupId",
+                            human: "Deze leeftijdsgroep bestaat niet",
+                            field: "groupId"
+                        })
+                    }
+
+                    if (group.defaultAgeGroupId === null || !responsibility.defaultAgeGroupIds.includes(group.defaultAgeGroupId)) {
+                        throw new SimpleError({
+                            code: "invalid_field",
+                            message: "Invalid groupId",
+                            human: "Deze leeftijdsgroep komt niet in aanmerking voor deze functie",
+                            field: "groupId"
+                        })
+                    }
+
+                    model.groupId = group.id
                 }
                 
                 // Allow patching begin and end date
@@ -499,25 +558,17 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     throw Context.auth.error("Je kan de startdatum van een functie niet in de toekomst zetten")
                 }
 
+                if (put.endDate && put.endDate > new Date(Date.now() + 60*1000)) {
+                    throw Context.auth.error("Je kan de einddatum van een functie niet in de toekomst zetten - kijk indien nodig je systeemtijd na")
+                }
+
                 model.startDate = put.startDate
 
                 await model.save()
             }
 
-            // Link users
-            for (const placeholder of patch.users.getPuts()) {
-                await PatchOrganizationMembersEndpoint.linkUser(placeholder.put, member)
-            }
-
-            // Unlink users
-            for (const userId of patch.users.getDeletes()) {
-                await PatchOrganizationMembersEndpoint.unlinkUser(userId, member)
-            }
-
             // Auto link users based on data
-            if (patch.users.changes.length || patch.details) {
-                await PatchOrganizationMembersEndpoint.updateManagers(member)
-            }
+            await MemberUserSyncer.onChangeMember(member)
 
             // Add platform memberships
             for (const {put} of patch.platformMemberships.getPuts()) {
@@ -571,6 +622,8 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
 
                 await membership.calculatePrice()
                 await membership.save()
+
+                updateMembershipMemberIds.add(member.id)           
             }
 
             // Delete platform memberships
@@ -599,7 +652,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     })
                 }
 
-                if (membership.invoiceId || membership.invoiceItemDetailId) {
+                if (!membership.canDelete()) {
                     throw new SimpleError({
                         code: "invalid_field",
                         message: "Invalid invoice",
@@ -607,9 +660,12 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     })
                 }
 
-                await membership.delete()
+                membership.deletedAt = new Date()
+                await membership.save()
+                updateMembershipMemberIds.add(member.id)
             }
 
+
             if (!members.find(m => m.id === member.id)) {
                 members.push(member)
             }
@@ -622,6 +678,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 throw Context.auth.error("Je hebt niet voldoende rechten om dit lid te verwijderen")
             }
 
+            await MemberUserSyncer.onDeleteMember(member)
             await User.deleteForDeletedMember(member.id)
             await BalanceItem.deleteForDeletedMember(member.id)
             await member.delete()
@@ -804,71 +861,4 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             await registration.save()
         }
     }
-
-    static async updateManagers(member: MemberWithRegistrations) {
-        // Check accounts
-        const managers = member.details.getManagerEmails()
-
-        for(const email of managers) {
-            const u = member.users.find(u => u.email.toLocaleLowerCase() === email.toLocaleLowerCase())
-            if (!u) {
-                console.log("Linking user "+email+" to member "+member.id)
-                await PatchOrganizationMembersEndpoint.linkUser(UserStruct.create({
-                    firstName: member.details.parents.find(p => p.email === email)?.firstName,
-                    lastName: member.details.parents.find(p => p.email === email)?.lastName,
-                    email,
-                }), member)
-            }
-        }
-
-        // Delete accounts that should no longer have access
-        for (const u of member.users) {
-            if (!u.hasAccount()) {
-                // And not in managers list (case insensitive)
-                if (!managers.find(m => m.toLocaleLowerCase() === u.email.toLocaleLowerCase())) {
-                    console.log("Unlinking user "+u.email+" from member "+member.id)
-                    await PatchOrganizationMembersEndpoint.unlinkUser(u.id, member)
-                }
-            }
-        }
-    }
-
-    static async linkUser(user: UserStruct, member: MemberWithRegistrations) {
-        const email = user.email
-        let u = await User.getForAuthentication(member.organizationId, email, {allowWithoutAccount: true});
-        if (u) {
-            console.log("Giving an existing user access to a member: "+u.id)
-        } else {
-            u = new User()
-            u.organizationId = member.organizationId
-            u.email = email
-            u.firstName = user.firstName
-            u.lastName = user.lastName
-            await u.save()
-
-            console.log("Created new (placeholder) user that has access to a member: "+u.id)
-        }
-
-        await Member.users.reverse("members").link(u, [member])
-
-        // Update model relation to correct response
-        member.users.push(u)
-    }
-
-    static async unlinkUser(userId: string, member: MemberWithRegistrations) {
-        console.log("Removing access for "+ userId +" to member "+member.id)
-        const existingIndex = member.users.findIndex(u => u.id === userId)
-        if (existingIndex === -1) {
-            throw new SimpleError({
-                code: "user_not_found",
-                message: "Unlinking a user that doesn't exists anymore",
-                human: "Je probeert de toegang van een account tot een lid te verwijderen, maar dat account bestaat niet (meer)"
-            })
-        }
-        const existing = member.users[existingIndex]
-        await Member.users.reverse("members").unlink(existing, member)
-
-        // Update model relation to correct response
-        member.users.splice(existingIndex, 1)
-    }
 }

package/src/endpoints/global/organizations/GetOrganizationFromDomainEndpoint.ts

@@ -4,6 +4,7 @@ import { SimpleError } from '@simonbackx/simple-errors';
 import { Organization } from '@stamhoofd/models';
 import { Organization as OrganizationStruct } from "@stamhoofd/structures";
 import { GoogleTranslateHelper } from "@stamhoofd/utility";
+import { AuthenticatedStructures } from "../../../helpers/AuthenticatedStructures";
 type Params = Record<string, never>;
 
 class Query extends AutoEncoder {
@@ -60,7 +61,7 @@ export class GetOrganizationFromDomainEndpoint extends Endpoint<Params, Query, B
                         statusCode: 404
                     })
                 }
-                return new Response(await organization.getStructure());
+                return new Response(await AuthenticatedStructures.organization(organization));
             }
         }
 
@@ -75,6 +76,6 @@ export class GetOrganizationFromDomainEndpoint extends Endpoint<Params, Query, B
                 statusCode: 404
             })
         }
-        return new Response(await organization.getStructure());
+        return new Response(await AuthenticatedStructures.organization(organization));
     }
 }

package/src/endpoints/global/organizations/GetOrganizationFromUriEndpoint.ts

@@ -4,6 +4,7 @@ import { SimpleError } from '@simonbackx/simple-errors';
 import { Organization } from '@stamhoofd/models';
 import { Organization as OrganizationStruct } from "@stamhoofd/structures";
 import { GoogleTranslateHelper } from "@stamhoofd/utility";
+import { AuthenticatedStructures } from "../../../helpers/AuthenticatedStructures";
 type Params = Record<string, never>;
 
 class Query extends AutoEncoder {
@@ -44,6 +45,6 @@ export class GetOrganizationFromUriEndpoint extends Endpoint<Params, Query, Body
                 statusCode: 404
             })
         }
-        return new Response(await organization.getStructure());
+        return new Response(await AuthenticatedStructures.organization(organization));
     }
 }

package/src/endpoints/global/organizations/SearchOrganizationEndpoint.ts

@@ -2,6 +2,7 @@ import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-e
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { Organization } from "@stamhoofd/models";
 import { Organization as OrganizationStruct,OrganizationSimple } from "@stamhoofd/structures"; 
+import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
 
 type Params = Record<string, never>;
 
@@ -57,6 +58,6 @@ export class SearchOrganizationEndpoint extends Endpoint<Params, Query, Body, Re
         if (request.request.getVersion() < 169) {
             return new Response(organizations.map(o => OrganizationSimple.create(o)));
         }
-        return new Response(await Promise.all(organizations.map(o => o.getStructure())));
+        return new Response(await Promise.all(organizations.map(o => AuthenticatedStructures.organization(o))));
     }
 }

package/src/endpoints/global/platform/GetPlatformAdminsEndpoint.ts

@@ -3,6 +3,7 @@ import { User } from '@stamhoofd/models';
 import { User as UserStruct } from "@stamhoofd/structures";
 
 import { Context } from "../../../helpers/Context";
+import { AuthenticatedStructures } from "../../../helpers/AuthenticatedStructures";
 type Params = Record<string, never>;
 type Query = undefined;
 type Body = undefined
@@ -38,7 +39,7 @@ export class GetPlatformAdminsEndpoint extends Endpoint<Params, Query, Body, Res
         admins = admins.filter(a => !!a.permissions?.globalPermissions)
 
         return new Response(
-            admins.map(a => UserStruct.create({...a, hasAccount: a.hasAccount()}))
+            await AuthenticatedStructures.usersWithMembers(admins)
         );
     }
 }