@stamhoofd/backend 2.36.2 → 2.38.0

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.36.2",
+    "version": "2.38.0",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -36,14 +36,14 @@
         "@simonbackx/simple-encoding": "2.15.1",
         "@simonbackx/simple-endpoints": "1.14.0",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.36.2",
-        "@stamhoofd/backend-middleware": "2.36.2",
-        "@stamhoofd/email": "2.36.2",
-        "@stamhoofd/models": "2.36.2",
-        "@stamhoofd/queues": "2.36.2",
-        "@stamhoofd/sql": "2.36.2",
-        "@stamhoofd/structures": "2.36.2",
-        "@stamhoofd/utility": "2.36.2",
+        "@stamhoofd/backend-i18n": "2.38.0",
+        "@stamhoofd/backend-middleware": "2.38.0",
+        "@stamhoofd/email": "2.38.0",
+        "@stamhoofd/models": "2.38.0",
+        "@stamhoofd/queues": "2.38.0",
+        "@stamhoofd/sql": "2.38.0",
+        "@stamhoofd/structures": "2.38.0",
+        "@stamhoofd/utility": "2.38.0",
         "archiver": "^7.0.1",
         "aws-sdk": "^2.885.0",
         "axios": "1.6.8",
@@ -60,5 +60,5 @@
         "postmark": "^4.0.5",
         "stripe": "^16.6.0"
     },
-    "gitHead": "7802a792419ab01fd96ac9e0db86f7553b3e6619"
+    "gitHead": "4af6773c9729d690145d60993542452989d6219d"
 }

package/src/endpoints/admin/memberships/ChargeMembershipsEndpoint.ts

@@ -1,9 +1,8 @@
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
 import { QueueHandler } from '@stamhoofd/queues';
-import { sleep } from '@stamhoofd/utility';
 import { Context } from '../../../helpers/Context';
 import { MembershipCharger } from '../../../helpers/MembershipCharger';
-import { SimpleError } from '@simonbackx/simple-errors';
 
 
 type Params = Record<string, never>;

package/src/endpoints/admin/organizations/PatchOrganizationsEndpoint.ts

@@ -43,6 +43,10 @@ export class PatchOrganizationsEndpoint extends Endpoint<Params, Query, Body, Re
         const platform = await Platform.getShared()
 
         for (const id of request.body.getDeletes()) {
+            if (!Context.auth.hasPlatformFullAccess()) {
+                throw Context.auth.error('Enkel een platform hoofdbeheerder kan groepen verwijderen')
+            }
+
             const organization = await Organization.getByID(id);
             if (!organization) {
                 throw new SimpleError({ code: "not_found", message: "Organization not found", statusCode: 404 });
@@ -85,6 +89,10 @@ export class PatchOrganizationsEndpoint extends Endpoint<Params, Query, Body, Re
 
         // Organization creation
         for (const {put} of request.body.getPuts()) {
+            if (!Context.auth.hasPlatformFullAccess()) {
+                throw Context.auth.error('Enkel een platform hoofdbeheerder kan nieuwe groepen aanmaken')
+            }
+
             if (put.name.length < 4) {
                 if (put.name.length == 0) {
                     throw new SimpleError({

package/src/endpoints/auth/CreateAdminEndpoint.ts

@@ -1,7 +1,7 @@
 import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { SimpleError } from "@simonbackx/simple-errors";
-import { PasswordToken, sendEmailTemplate, User } from '@stamhoofd/models';
+import { PasswordToken, Platform, sendEmailTemplate, User } from '@stamhoofd/models';
 import { EmailTemplateType, Recipient, Replacement, UserPermissions, User as UserStruct, UserWithMembers } from "@stamhoofd/structures";
 import { Formatter } from '@stamhoofd/utility';
 
@@ -100,9 +100,10 @@ export class CreateAdminEndpoint extends Endpoint<Params, Query, Body, ResponseB
 
         const dateTime = Formatter.dateTime(validUntil)
         const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(admin, organization, request.i18n, validUntil)
+        const platformName =  ((await Platform.getSharedStruct()).config.name)
         
-        const name = organization?.name ?? request.i18n.t("shared.platformName")
-        const what = organization ? `de vereniging ${name} op ${request.i18n.t("shared.platformName")}` : `${request.i18n.t("shared.platformName")}`
+        const name = organization?.name ?? platformName
+        const what = organization ? `de vereniging ${name} op ${platformName}` : platformName
 
         const emailTo = admin.getEmailTo();
         const email: string = typeof emailTo === 'string' ? emailTo : emailTo[0]?.email;

package/src/endpoints/auth/PatchUserEndpoint.ts

@@ -79,7 +79,7 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
                 if (organization) {
                     editUser.permissions = UserPermissions.limitedPatch(editUser.permissions, request.body.permissions, organization.id)
 
-                    if (editUser.id === user.id && (!editUser.permissions || !editUser.permissions.forOrganization(organization)?.hasFullAccess())) {
+                    if (editUser.id === user.id && (!editUser.permissions || !editUser.permissions.forOrganization(organization)?.hasFullAccess()) && STAMHOOFD.environment !== 'development') {
                         throw new SimpleError({
                             code: "permission_denied",
                             message: "Je kan jezelf niet verwijderen als hoofdbeheerder"
@@ -96,7 +96,7 @@ export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBod
                         editUser.permissions = null
                     }
 
-                    if (editUser.id === user.id && !editUser.permissions?.platform?.hasFullAccess()) {
+                    if (editUser.id === user.id && !editUser.permissions?.platform?.hasFullAccess() && STAMHOOFD.environment !== 'development') {
                         throw new SimpleError({
                             code: "permission_denied",
                             message: "Je kan jezelf niet verwijderen als hoofdbeheerder"

package/src/endpoints/global/addresses/SearchRegionsEndpoint.ts

@@ -85,6 +85,18 @@ export class SearchRegionsEndpoint extends Endpoint<Params, Query, Body, Respons
         if (StringCompare.typoCount(request.query.query, "Nederland") < 3) {
             countries.push(Country.Netherlands)
         }
+
+        if (StringCompare.typoCount(request.query.query, "Luxemburg") < 3) {
+            countries.push(Country.Luxembourg)
+        }
+
+        if (StringCompare.typoCount(request.query.query, "Duitsland") < 3) {
+            countries.push(Country.Germany)
+        }
+
+        if (StringCompare.typoCount(request.query.query, "Frankrijk") < 3) {
+            countries.push(Country.France)
+        }
         
         return new Response(SearchRegions.create({
             cities: loadedCities.map(c => CityStruct.create(Object.assign({...c}, { province: ProvinceStruct.create(c.province) }))),

package/src/endpoints/global/email/CreateEmailEndpoint.ts

@@ -83,6 +83,8 @@ export class CreateEmailEndpoint extends Endpoint<Params, Query, Body, ResponseB
         model.fromAddress = request.body.fromAddress;
         model.fromName = request.body.fromName;
 
+        model.validateAttachments()
+
         // Check default
         if (JSON.stringify(model.json).length < 3 && model.recipientFilter.filters[0].type && EmailTemplateStruct.getDefaultForRecipient(model.recipientFilter.filters[0].type)) {
             const type = EmailTemplateStruct.getDefaultForRecipient(model.recipientFilter.filters[0].type)

package/src/endpoints/global/email/PatchEmailEndpoint.ts

@@ -89,6 +89,12 @@ export class PatchEmailEndpoint extends Endpoint<Params, Query, Body, ResponseBo
             rebuild = true;
         }
 
+        // Attachments
+        if (request.body.attachments !== undefined) {
+            model.attachments = patchObject(model.attachments, request.body.attachments);
+            model.validateAttachments()
+        }
+
         await model.save();
 
         if (rebuild) {

package/src/endpoints/global/events/PatchEventsEndpoint.ts

@@ -60,7 +60,7 @@ export class PatchEventsEndpoint extends Endpoint<Params, Query, Body, ResponseB
                 throw new SimpleError({
                     code: 'invalid_data',
                     message: 'Invalid organizationId',
-                    human: 'Je kan geen activiteiten voor een specifieke organisatie aanmaken als je geen platform hoofdbeheerder bent',
+                    human: 'Je kan activiteiten aanmaken via het administratieportaal als je geen platform hoofdbeheerder bent',
                 })
             }
             

package/src/endpoints/global/files/ExportToExcelEndpoint.ts

@@ -1,24 +1,23 @@
 /* eslint-disable @typescript-eslint/no-unsafe-argument */
-import { Decoder, EncodableObject } from '@simonbackx/simple-encoding';
+import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
-import { Email } from '@stamhoofd/email';
 import { ArchiverWriterAdapter, exportToExcel, XlsxTransformerSheet, XlsxWriter } from '@stamhoofd/excel-writer';
-import { getEmailBuilderForTemplate, Platform, RateLimiter, sendEmailTemplate } from '@stamhoofd/models';
-import { EmailTemplateType, ExcelExportRequest, ExcelExportResponse, ExcelExportType, LimitedFilteredRequest, PaginatedResponse, Recipient, Replacement, Version } from '@stamhoofd/structures';
+import { Platform, RateLimiter, sendEmailTemplate } from '@stamhoofd/models';
+import { QueueHandler } from '@stamhoofd/queues';
+import { EmailTemplateType, ExcelExportRequest, ExcelExportResponse, ExcelExportType, IPaginatedResponse, LimitedFilteredRequest, Replacement, Version } from '@stamhoofd/structures';
 import { sleep } from "@stamhoofd/utility";
 import { Context } from '../../../helpers/Context';
 import { fetchToAsyncIterator } from '../../../helpers/fetchToAsyncIterator';
 import { FileCache } from '../../../helpers/FileCache';
-import { QueueHandler } from '@stamhoofd/queues';
 
 type Params = { type: string };
 type Query = undefined;
 type Body = ExcelExportRequest;
 type ResponseBody = ExcelExportResponse;
 
-type ExcelExporter<T extends EncodableObject> = {
-    fetch(request: LimitedFilteredRequest): Promise<PaginatedResponse<T[], LimitedFilteredRequest>>
+type ExcelExporter<T> = {
+    fetch(request: LimitedFilteredRequest): Promise<IPaginatedResponse<T[], LimitedFilteredRequest>>
     sheets: XlsxTransformerSheet<T, unknown>[]
 }
 
@@ -36,7 +35,7 @@ export class ExportToExcelEndpoint extends Endpoint<Params, Query, Body, Respons
     bodyDecoder = ExcelExportRequest as Decoder<ExcelExportRequest>
 
     // Other endpoints can register exports here
-    static loaders: Map<ExcelExportType, ExcelExporter<EncodableObject>> = new Map()
+    static loaders: Map<ExcelExportType, ExcelExporter<unknown>> = new Map()
 
     protected doesMatch(request: Request): [true, Params] | [false] {
         if (request.method != "POST") {
@@ -52,7 +51,7 @@ export class ExportToExcelEndpoint extends Endpoint<Params, Query, Body, Respons
     }
 
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        const organization = await Context.setOptionalOrganizationScope();
+        await Context.setOptionalOrganizationScope();
         const {user} = await Context.authenticate()
 
         if (user.isApiUser) {
@@ -138,7 +137,7 @@ export class ExportToExcelEndpoint extends Endpoint<Params, Query, Body, Respons
         }))
     }
 
-    async job(loader: ExcelExporter<EncodableObject>, request: ExcelExportRequest, type: string): Promise<string> {
+    async job(loader: ExcelExporter<unknown>, request: ExcelExportRequest, type: string): Promise<string> {
         // Only run 1 export per user at the same time
         return await QueueHandler.schedule('user-export-to-excel-' + Context.user!.id, async () => {
             // Allow maximum 2 running Excel jobs at the same time for all users

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -10,6 +10,8 @@ import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructure
 import { Context } from '../../../helpers/Context';
 import { MemberUserSyncer } from '../../../helpers/MemberUserSyncer';
 import { SetupStepUpdater } from '../../../helpers/SetupStepsUpdater';
+import { MembershipCharger } from '../../../helpers/MembershipCharger';
+import { QueueHandler } from '@stamhoofd/queues';
 
 type Params = Record<string, never>;
 type Query = undefined;
@@ -71,9 +73,9 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             }
             return null
         }
-        const updateGroups = new Map<string, Group>();
-        const updateRegistrations = new Map<string, Registration>();
+
         const updateMembershipMemberIds = new Set<string>()
+        const updateMembershipsForOrganizations = new Set<string>()
 
         // Loop all members one by one
         for (const put of request.body.getPuts()) {
@@ -471,7 +473,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     })
                 }
 
-                if (!membership.canDelete()) {
+                if (!membership.canDelete() && !Context.auth.hasPlatformFullAccess()) {
                     throw new SimpleError({
                         code: "invalid_field",
                         message: "Invalid invoice",
@@ -479,8 +481,8 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     })
                 }
 
-                membership.deletedAt = new Date()
-                await membership.save()
+                await membership.doDelete();
+                updateMembershipsForOrganizations.add(membership.organizationId) // can influence free memberships in other members of same organization
                 updateMembershipMemberIds.add(member.id)
             }
 
@@ -489,8 +491,38 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             }
         }
 
+        await PatchOrganizationMembersEndpoint.deleteMembers(request.body.getDeletes())
+        
+        for (const member of members) {
+            if (updateMembershipMemberIds.has(member.id)) {
+                await member.updateMemberships()
+            }
+        }
+
+        if (updateMembershipsForOrganizations.size) {
+            QueueHandler.schedule('update-membership-prices', async () => {
+                for (const id of updateMembershipsForOrganizations) {
+                    await MembershipCharger.updatePrices(id)
+                }
+            }).catch(console.error);
+        }
+
+        if(shouldUpdateSetupSteps && organization) {
+            SetupStepUpdater.updateForOrganization(organization).catch(console.error);
+        }
+
+        return new Response(
+            await AuthenticatedStructures.membersBlob(members)
+        );
+    }
+
+    static async deleteMembers(ids: string[]) {
+        const updateGroups = new Set<string>();
+        const updateRegistrations = new Map<string, Registration>();
+        const updateSteps = new Set<string>();
+        
         // Loop all members one by one
-        for (const id of request.body.getDeletes()) {
+        for (const id of ids) {
             const member = await Member.getWithRegistrations(id)
             if (!member || !await Context.auth.canDeleteMember(member)) {
                 throw Context.auth.error("Je hebt niet voldoende rechten om dit lid te verwijderen")
@@ -500,16 +532,12 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             await User.deleteForDeletedMember(member.id)
             await BalanceItem.deleteForDeletedMember(member.id)
             await member.delete()
-            shouldUpdateSetupSteps = true
 
             for(const registration of member.registrations) {
                 const groupId = registration.groupId;
-                const group = await getGroup(groupId);
                 updateRegistrations.set(registration.id, registration);
-                if (group) {
-                    // We need to update this group occupancy because we moved one member away from it
-                    updateGroups.set(group.id, group)
-                }
+                updateGroups.add(groupId);
+                updateSteps.add(registration.organizationId);
             }
         }
 
@@ -517,25 +545,19 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             registration.scheduleStockUpdate();
         }
 
+        const groups = await Group.getByIDs(...Array.from(updateGroups));
+
         // Loop all groups and update occupancy if needed
-        for (const group of updateGroups.values()) {
+        for (const group of groups) {
             await group.updateOccupancy()
             await group.save()
         }
-        
-        for (const member of members) {
-            if (updateMembershipMemberIds.has(member.id)) {
-                await member.updateMemberships()
-            }
-        }
 
-        if(shouldUpdateSetupSteps && organization) {
+        const organizations = await Organization.getByIDs(...Array.from(updateSteps));
+        
+        for (const organization of organizations) {
             SetupStepUpdater.updateForOrganization(organization).catch(console.error);
         }
-
-        return new Response(
-            await AuthenticatedStructures.membersBlob(members)
-        );
     }
 
     static async checkDuplicate(member: Member) {

package/src/endpoints/global/platform/PatchPlatformEnpoint.ts

@@ -1,13 +1,15 @@
-import { AutoEncoderPatchType, Decoder, isPatch, isPatchableArray, patchObject } from "@simonbackx/simple-encoding";
+import { AutoEncoderPatchType, Decoder, isPatchableArray, patchObject } from "@simonbackx/simple-encoding";
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { Organization, Platform, RegistrationPeriod } from "@stamhoofd/models";
 import { MemberResponsibility, PlatformConfig, PlatformPremiseType, Platform as PlatformStruct } from "@stamhoofd/structures";
 
 import { SimpleError } from "@simonbackx/simple-errors";
+import { QueueHandler } from "@stamhoofd/queues";
 import { Context } from "../../../helpers/Context";
-import { SetupStepUpdater } from "../../../helpers/SetupStepsUpdater";
-import { PeriodHelper } from "../../../helpers/PeriodHelper";
+import { MembershipCharger } from "../../../helpers/MembershipCharger";
 import { MembershipHelper } from "../../../helpers/MembershipHelper";
+import { PeriodHelper } from "../../../helpers/PeriodHelper";
+import { SetupStepUpdater } from "../../../helpers/SetupStepsUpdater";
 
 type Params = Record<string, never>;
 type Query = undefined;
@@ -174,7 +176,12 @@ export class PatchPlatformEndpoint extends Endpoint<
         await platform.save();
 
         if (shouldUpdateMemberships) {
-            MembershipHelper.updateAll().catch(console.error)
+            if (!QueueHandler.isRunning('update-membership-prices')) {
+                QueueHandler.schedule('update-membership-prices', async () => {
+                    await MembershipCharger.updatePrices()
+                    await MembershipHelper.updateAll()
+                }).catch(console.error);
+            }
         }
 
         if (shouldMoveToPeriod) {

package/src/endpoints/global/registration/PatchUserMembersEndpoint.ts

@@ -134,6 +134,8 @@ export class PatchUserMembersEndpoint extends Endpoint<Params, Query, Body, Resp
             // Give access to created members
             await Member.users.reverse("members").link(user, addedMembers)
         }
+
+        await PatchOrganizationMembersEndpoint.deleteMembers(request.body.getDeletes())
         
         members = await Member.getMembersWithRegistrationForUser(user)