@stamhoofd/backend 2.4.0 → 2.6.0

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.4.0",
+    "version": "2.6.0",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -48,7 +48,7 @@
         "node-rsa": "1.1.1",
         "openid-client": "^5.4.0",
         "postmark": "4.0.2",
-        "stripe": "^11.5.0"
+        "stripe": "^16.6.0"
     },
-    "gitHead": "5313c328ca0e90544bf198bc6bebc90d7dced2aa"
+    "gitHead": "7a3f9f6c08058dc8b671befbfad73184afdc6d7c"
 }

package/src/endpoints/admin/invoices/GetInvoicesEndpoint.ts

@@ -169,7 +169,7 @@ export class GetInvoicesEndpoint extends Endpoint<Params, Query, Body, ResponseB
                 STInvoicePrivate.create({
                     ...invoice,
                     payment: payment ? PaymentStruct.create(payment) : null,
-                    organization: organization ? (await organization.getStructure({emptyGroups: true})) : undefined,
+                    organization: organization ? organization.getBaseStructure() : undefined,
                     settlement: payment?.settlement ?? null,
                 })
             )

package/src/endpoints/global/events/PatchEventsEndpoint.ts

@@ -1,6 +1,6 @@
 import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, patchObject, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
-import { Event, Organization, Platform, RegistrationPeriod } from '@stamhoofd/models';
+import { Event, Group, Organization, Platform, RegistrationPeriod } from '@stamhoofd/models';
 import { Event as EventStruct, GroupType, PermissionLevel } from "@stamhoofd/structures";
 
 import { SimpleError } from '@simonbackx/simple-errors';
@@ -80,6 +80,12 @@ export class PatchEventsEndpoint extends Endpoint<Params, Query, Body, ResponseB
             event.startDate = put.startDate
             event.endDate = put.endDate
             event.meta = put.meta
+            event.typeId = await PatchEventsEndpoint.validateEventType(put.typeId)
+            await PatchEventsEndpoint.checkEventLimits(event)
+
+            if (!(await Context.auth.canAccessEvent(event, PermissionLevel.Full))) {
+                throw Context.auth.error()
+            }
 
             if (put.group) {
                 const period = await RegistrationPeriod.getByDate(event.startDate)
@@ -99,14 +105,8 @@ export class PatchEventsEndpoint extends Endpoint<Params, Query, Body, ResponseB
                     put.group.organizationId,
                     period.id
                 )
+                await event.syncGroupRequirements(group)
                 event.groupId = group.id
-
-            }
-            event.typeId = await PatchEventsEndpoint.validateEventType(put.typeId)
-            await PatchEventsEndpoint.checkEventLimits(event)
-
-            if (!(await Context.auth.canAccessEvent(event, PermissionLevel.Full))) {
-                throw Context.auth.error()
             }
 
             await event.save()
@@ -130,7 +130,6 @@ export class PatchEventsEndpoint extends Endpoint<Params, Query, Body, ResponseB
             event.endDate = patch.endDate ?? event.endDate
             event.meta = patchObject(event.meta, patch.meta)
 
-
             if (patch.organizationId !== undefined) {
                 if (organization?.id && patch.organizationId !== organization.id) {
                     throw new SimpleError({
@@ -210,6 +209,14 @@ export class PatchEventsEndpoint extends Endpoint<Params, Query, Body, ResponseB
             }
 
             await event.save()
+
+            if (event.groupId) {
+                const group = await Group.getByID(event.groupId)
+                if (group) {
+                    await event.syncGroupRequirements(group)
+                }
+            }
+ 
             events.push(event)
         }
 

package/src/endpoints/global/members/GetMembersEndpoint.ts

@@ -157,6 +157,15 @@ const filterCompilers: SQLFilterDefinitions = {
         .where(
             SQL.column('memberId'),
             SQL.column('members', 'id'),
+        ).whereNot(
+            SQL.column('registeredAt'),
+            null,
+        ).where(
+            SQL.column('deactivatedAt'),
+            null,
+        ).where(
+            SQL.column('groups', 'deletedAt'),
+            null
         ),
         {
             ...registrationFilterCompilers,
@@ -245,9 +254,12 @@ const filterCompilers: SQLFilterDefinitions = {
         ).whereNot(
             SQL.column('registeredAt'),
             null,
-        ).whereNot(
-            SQL.column('groups', 'status'),
-            GroupStatus.Archived
+        ).where(
+            SQL.column('deactivatedAt'),
+            null,
+        ).where(
+            SQL.column('groups', 'deletedAt'),
+            null
         ),
         registrationFilterCompilers
     ),
@@ -276,9 +288,9 @@ const filterCompilers: SQLFilterDefinitions = {
         ).whereNot(
             SQL.column('registeredAt'),
             null,
-        ).whereNot(
-            SQL.column('groups', 'status'),
-            GroupStatus.Archived
+        ).where(
+            SQL.column('groups', 'deletedAt'),
+            null
         ),
         organizationFilterCompilers
     ),

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -106,16 +106,29 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 duplicate.details.merge(member.details)
                 member = duplicate
 
-                // Only save after checking permissions
+                // You need write permissions, because a user can potentially earn write permissions on a member
+                // by registering it
+                if (!await Context.auth.canAccessMember(duplicate, PermissionLevel.Write)) {
+                    throw new SimpleError({
+                        code: "known_member_missing_rights",
+                        message: "Creating known member without sufficient access rights",
+                        human: "Dit lid is al bekend in het systeem, maar je hebt er geen toegang tot. Vraag iemand met de juiste toegangsrechten om dit lid voor jou toe te voegen, of vraag het lid om zelf in te schrijven via het ledenportaal.",
+                        statusCode: 400
+                    })
+                }
             }
 
             if (struct.registrations.length === 0) {
-                 throw new SimpleError({
-                    code: "missing_group",
-                    message: "Missing group",
-                    human: "Schrijf een nieuw lid altijd in voor minstens één groep",
-                    statusCode: 400
-                })
+                // We risk creating a new member without being able to access it manually afterwards
+
+                if ((organization && !await Context.auth.hasFullAccess(organization.id)) || (!organization && !Context.auth.hasPlatformFullAccess())) {
+                    throw new SimpleError({
+                        code: "missing_group",
+                        message: "Missing group",
+                        human: "Je moet hoofdbeheerder zijn om een lid toe te voegen zonder inschrijving in het systeem",
+                        statusCode: 400
+                    })
+                }
             }
 
             // Throw early
@@ -223,7 +236,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             // Update registrations
             for (const patchRegistration of patch.registrations.getPatches()) {
                 const registration = member.registrations.find(r => r.id === patchRegistration.id)
-                if (!registration || registration.memberId != member.id) {
+                if (!registration || registration.memberId != member.id || (!await Context.auth.canAccessRegistration(registration, PermissionLevel.Write))) {
                     throw new SimpleError({
                         code: "permission_denied",
                         message: "You don't have permissions to access this endpoint",

package/src/endpoints/global/organizations/GetOrganizationFromDomainEndpoint.ts

@@ -4,6 +4,7 @@ import { SimpleError } from '@simonbackx/simple-errors';
 import { Organization } from '@stamhoofd/models';
 import { Organization as OrganizationStruct } from "@stamhoofd/structures";
 import { GoogleTranslateHelper } from "@stamhoofd/utility";
+import { AuthenticatedStructures } from "../../../helpers/AuthenticatedStructures";
 type Params = Record<string, never>;
 
 class Query extends AutoEncoder {
@@ -60,7 +61,7 @@ export class GetOrganizationFromDomainEndpoint extends Endpoint<Params, Query, B
                         statusCode: 404
                     })
                 }
-                return new Response(await organization.getStructure());
+                return new Response(await AuthenticatedStructures.organization(organization));
             }
         }
 
@@ -75,6 +76,6 @@ export class GetOrganizationFromDomainEndpoint extends Endpoint<Params, Query, B
                 statusCode: 404
             })
         }
-        return new Response(await organization.getStructure());
+        return new Response(await AuthenticatedStructures.organization(organization));
     }
 }

package/src/endpoints/global/organizations/GetOrganizationFromUriEndpoint.ts

@@ -4,6 +4,7 @@ import { SimpleError } from '@simonbackx/simple-errors';
 import { Organization } from '@stamhoofd/models';
 import { Organization as OrganizationStruct } from "@stamhoofd/structures";
 import { GoogleTranslateHelper } from "@stamhoofd/utility";
+import { AuthenticatedStructures } from "../../../helpers/AuthenticatedStructures";
 type Params = Record<string, never>;
 
 class Query extends AutoEncoder {
@@ -44,6 +45,6 @@ export class GetOrganizationFromUriEndpoint extends Endpoint<Params, Query, Body
                 statusCode: 404
             })
         }
-        return new Response(await organization.getStructure());
+        return new Response(await AuthenticatedStructures.organization(organization));
     }
 }

package/src/endpoints/global/organizations/SearchOrganizationEndpoint.ts

@@ -2,6 +2,7 @@ import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-e
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { Organization } from "@stamhoofd/models";
 import { Organization as OrganizationStruct,OrganizationSimple } from "@stamhoofd/structures"; 
+import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
 
 type Params = Record<string, never>;
 
@@ -57,6 +58,6 @@ export class SearchOrganizationEndpoint extends Endpoint<Params, Query, Body, Re
         if (request.request.getVersion() < 169) {
             return new Response(organizations.map(o => OrganizationSimple.create(o)));
         }
-        return new Response(await Promise.all(organizations.map(o => o.getStructure())));
+        return new Response(await Promise.all(organizations.map(o => AuthenticatedStructures.organization(o))));
     }
 }

package/src/endpoints/global/payments/StripeWebhookEndpoint.ts

@@ -18,6 +18,12 @@ class Body extends AutoEncoder {
     @field({ decoder: StringDecoder })
     id: string
 
+    /**
+     * Events for direct charges
+     */
+    @field({ decoder: StringDecoder, nullable: true, optional: true })
+    account: string|null = null
+
     @field({ decoder: AnyDecoder })
     data: any
 }