@stamhoofd/backend 2.63.0 → 2.64.0

package/index.ts

@@ -1,7 +1,7 @@
 import backendEnv from '@stamhoofd/backend-env';
 backendEnv.load();
 
-import { Column, Database, Migration, Model } from '@simonbackx/simple-database';
+import { Column, Database, Migration } from '@simonbackx/simple-database';
 import { CORSPreflightEndpoint, Router, RouterServer } from '@simonbackx/simple-endpoints';
 import { I18n } from '@stamhoofd/backend-i18n';
 import { CORSMiddleware, LogMiddleware, VersionMiddleware } from '@stamhoofd/backend-middleware';
@@ -10,14 +10,14 @@ import { loadLogger } from '@stamhoofd/logging';
 import { Version } from '@stamhoofd/structures';
 import { sleep } from '@stamhoofd/utility';
 
-import { stopCrons, startCrons, waitForCrons } from '@stamhoofd/crons';
+import { startCrons, stopCrons, waitForCrons } from '@stamhoofd/crons';
+import { Platform } from '@stamhoofd/models';
 import { resumeEmails } from './src/helpers/EmailResumer';
+import { SetupStepUpdater } from './src/helpers/SetupStepUpdater';
 import { ContextMiddleware } from './src/middleware/ContextMiddleware';
-import { Platform } from '@stamhoofd/models';
 import { AuditLogService } from './src/services/AuditLogService';
-import { PlatformMembershipService } from './src/services/PlatformMembershipService';
 import { DocumentService } from './src/services/DocumentService';
-import { SetupStepUpdater } from './src/helpers/SetupStepUpdater';
+import { PlatformMembershipService } from './src/services/PlatformMembershipService';
 
 process.on('unhandledRejection', (error: Error) => {
     console.error('unhandledRejection');
@@ -39,7 +39,9 @@ if (new Date().getTimezoneOffset() !== 0) {
 const seeds = async () => {
     try {
         // Internal
-        await Migration.runAll(__dirname + '/src/seeds');
+        await AuditLogService.disable(async () => {
+            await Migration.runAll(__dirname + '/src/seeds');
+        });
     }
     catch (e) {
         console.error('Failed to run seeds:');

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.63.0",
+    "version": "2.64.0",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -37,14 +37,14 @@
         "@simonbackx/simple-encoding": "2.19.0",
         "@simonbackx/simple-endpoints": "1.15.0",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.63.0",
-        "@stamhoofd/backend-middleware": "2.63.0",
-        "@stamhoofd/email": "2.63.0",
-        "@stamhoofd/models": "2.63.0",
-        "@stamhoofd/queues": "2.63.0",
-        "@stamhoofd/sql": "2.63.0",
-        "@stamhoofd/structures": "2.63.0",
-        "@stamhoofd/utility": "2.63.0",
+        "@stamhoofd/backend-i18n": "2.64.0",
+        "@stamhoofd/backend-middleware": "2.64.0",
+        "@stamhoofd/email": "2.64.0",
+        "@stamhoofd/models": "2.64.0",
+        "@stamhoofd/queues": "2.64.0",
+        "@stamhoofd/sql": "2.64.0",
+        "@stamhoofd/structures": "2.64.0",
+        "@stamhoofd/utility": "2.64.0",
         "archiver": "^7.0.1",
         "aws-sdk": "^2.885.0",
         "axios": "1.6.8",
@@ -64,5 +64,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "0dd71a1869c5931dcf844dea1ecd2167819dc5c6"
+    "gitHead": "80eebbb0b4fb84ac979041c3f8c7762863622367"
 }

package/src/crons/index.ts

@@ -2,3 +2,4 @@ import './amazon-ses.js';
 import './clearExcelCache.js';
 import './endFunctionsOfUsersWithoutRegistration.js';
 import './postmark.js';
+import './update-cached-balances.js';

package/src/crons/update-cached-balances.ts

@@ -0,0 +1,39 @@
+import { CachedBalance } from '@stamhoofd/models';
+import { registerCron } from '@stamhoofd/crons';
+
+registerCron('updateCachedBalances', updateCachedBalances);
+
+async function updateCachedBalances() {
+    // Check if between 3 - 6 AM
+    if ((new Date().getHours() > 6 || new Date().getHours() < 3) && STAMHOOFD.environment !== 'development') {
+        console.log('Not between 3 and 6 AM, skipping.');
+        return;
+    }
+
+    const balances = await CachedBalance.select().where(
+        CachedBalance.whereNeedsUpdate(),
+    ).limit(100).fetch();
+
+    // Group by object type and by organization id
+    const grouped = new Map<string, CachedBalance[]>();
+
+    for (const balance of balances) {
+        const key = balance.objectType + '-' + balance.organizationId;
+        const arr = grouped.get(key);
+
+        if (!arr) {
+            grouped.set(key, [balance]);
+            continue;
+        }
+
+        arr.push(balance);
+    }
+
+    for (const [_, balances] of grouped) {
+        const balance = balances[0];
+
+        const ids = balances.map(b => b.objectId);
+        console.log('Updating', ids.length, balance.objectType, 'for', balance.organizationId);
+        await CachedBalance.updateForObjects(balance.organizationId, ids, balance.objectType);
+    }
+}

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -2,7 +2,7 @@ import { OneToManyRelation } from '@simonbackx/simple-database';
 import { ConvertArrayToPatchableArray, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
-import { BalanceItem, Document, Group, Member, MemberFactory, MemberPlatformMembership, MemberResponsibilityRecord, MemberWithRegistrations, mergeTwoMembers, Organization, Platform, RateLimiter, Registration, User } from '@stamhoofd/models';
+import { BalanceItem, Document, Group, Member, MemberFactory, MemberPlatformMembership, MemberResponsibilityRecord, MemberWithRegistrations, mergeTwoMembers, Organization, Platform, RateLimiter, Registration, RegistrationPeriod, User } from '@stamhoofd/models';
 import { GroupType, MembersBlob, MemberWithRegistrationsBlob, PermissionLevel } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 
@@ -218,7 +218,6 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     });
                 }
 
-                const platform = await Platform.getShared();
                 const responsibility = platform.config.responsibilities.find(r => r.id === patchResponsibility.responsibilityId);
 
                 if (responsibility && !responsibility.organizationBased && !Context.auth.hasPlatformFullAccess()) {
@@ -261,7 +260,6 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     throw Context.auth.error('Je hebt niet voldoende rechten om functies van leden aan te passen');
                 }
 
-                const platform = await Platform.getShared();
                 const platformResponsibility = platform.config.responsibilities.find(r => r.id === put.responsibilityId);
                 const org = organization ?? (put.organizationId ? await Organization.getByID(put.organizationId) : null);
 
@@ -414,12 +412,25 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             // Add platform memberships
             for (const { put } of patch.platformMemberships.getPuts()) {
                 if (put.periodId !== platform.periodId) {
-                    throw new SimpleError({
-                        code: 'invalid_field',
-                        message: 'Invalid period',
-                        human: 'Je kan geen aansluitingen maken voor een andere werkjaar dan het actieve werkjaar',
-                        field: 'periodId',
-                    });
+                    const period = await RegistrationPeriod.getByID(put.periodId);
+
+                    if (!period) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'Invalid period',
+                            human: Context.i18n.$t(`Je kan geen aansluitingen meer toevoegen in dit werkjaar`),
+                            field: 'periodId',
+                        });
+                    }
+
+                    if (period?.locked) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'Invalid period',
+                            human: Context.i18n.$t(`Je kan geen aansluitingen meer toevoegen in {period} (vergrendeld)`, { period: period?.getBaseStructure().name }),
+                            field: 'periodId',
+                        });
+                    }
                 }
 
                 if (organization && put.organizationId !== organization.id) {
@@ -449,6 +460,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     .where('memberId', member.id)
                     .where('membershipTypeId', put.membershipTypeId)
                     .where('periodId', put.periodId)
+                    .where('deletedAt', null)
                     .where(
                         SQL.where(
                             SQL.where('startDate', SQLWhereSign.LessEqual, put.startDate)
@@ -481,7 +493,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 membership.organizationId = put.organizationId;
                 membership.periodId = put.periodId;
 
-                membership.startDate = put.startDate;
+                membership.startDate = new Date(Math.max(Date.now(), put.startDate.getTime()));
                 membership.endDate = put.endDate;
                 membership.expireDate = put.expireDate;
 
@@ -509,12 +521,25 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 }
 
                 if (membership.periodId !== platform.periodId) {
-                    throw new SimpleError({
-                        code: 'invalid_field',
-                        message: 'Invalid period',
-                        human: 'Je kan geen aansluitingen meer verwijderen voor een ander werkjaar dan het actieve werkjaar',
-                        field: 'periodId',
-                    });
+                    const period = await RegistrationPeriod.getByID(membership.periodId);
+
+                    if (!period) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'Invalid period',
+                            human: Context.i18n.$t(`Je kan geen aansluitingen meer verwijderen in dit werkjaar`),
+                            field: 'periodId',
+                        });
+                    }
+
+                    if (period?.locked) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'Invalid period',
+                            human: Context.i18n.$t(`Je kan geen aansluitingen meer verwijderen in {period} (vergrendeld)`, { period: period?.getBaseStructure().name }),
+                            field: 'periodId',
+                        });
+                    }
                 }
 
                 if (!membership.canDelete() && !Context.auth.hasPlatformFullAccess()) {

package/src/endpoints/global/platform/PatchPlatformEnpoint.ts

@@ -157,6 +157,8 @@ export class PatchPlatformEndpoint extends Endpoint<
             platform.periodId = period.id;
             shouldUpdateSetupSteps = true;
             shouldMoveToPeriod = period;
+
+            await platform.setPreviousPeriodId();
         }
 
         if (request.body.membershipOrganizationId !== undefined) {

package/src/endpoints/global/registration/GetUserPayableBalanceEndpoint.ts

@@ -62,18 +62,21 @@ export class GetUserPayableBalanceEndpoint extends Endpoint<Params, Query, Body,
         for (const organization of authenticatedOrganizations) {
             const items = receivableBalances.filter(b => b.organizationId === organization.id);
 
-            let amount = 0;
+            let amountOpen = 0;
             let amountPending = 0;
+            let amountPaid = 0;
 
             for (const item of items) {
-                amount += item.amount;
+                amountOpen += item.amountOpen;
                 amountPending += item.amountPending;
+                amountPaid += item.amountPaid;
             }
 
             billingStatus.organizations.push(PayableBalance.create({
                 organization,
-                amount,
+                amountOpen,
                 amountPending,
+                amountPaid,
             }));
         }
 

package/src/endpoints/global/registration/RegisterMembersEndpoint.ts

@@ -242,7 +242,7 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             }
 
             // Check if this member is already registered in this group?
-            const existingRegistrations = await Registration.where({ memberId: member.id, groupId: item.groupId, cycle: group.cycle });
+            const existingRegistrations = await Registration.where({ memberId: member.id, groupId: item.groupId, cycle: group.cycle, periodId: group.periodId, registeredAt: { sign: '!=', value: null } });
 
             for (const existingRegistration of existingRegistrations) {
                 if (item.replaceRegistrations.some(r => r.id === existingRegistration.id)) {
@@ -263,7 +263,25 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
                 }
             }
 
-            const registration = new Registration()
+            let reuseRegistration: Registration | null = null;
+
+            if (item.replaceRegistrations.length === 1) {
+                // Try to reuse this specific one
+                reuseRegistration = (await Registration.getByID(item.replaceRegistrations[0].id)) ?? null;
+            }
+
+            let startDate = item.calculatedStartDate;
+
+            if (!reuseRegistration) {
+                // Otherwise try to reuse a registration in the same period, for the same group that has been deactived for less than 7 days since the start of the new registration
+                reuseRegistration = existingRegistrations.find(r => r.deactivatedAt !== null && r.deactivatedAt.getTime() > startDate.getTime() - 7 * 24 * 60 * 60 * 1000) ?? null;
+
+                if (reuseRegistration && reuseRegistration.startDate && reuseRegistration.startDate < startDate && reuseRegistration.startDate >= group.settings.startDate && !item.trial) {
+                    startDate = reuseRegistration.startDate;
+                }
+            }
+
+            const registration = (reuseRegistration ?? new Registration())
                 .setRelation(registrationMemberRelation, member as Member)
                 .setRelation(Registration.group, group);
             registration.organizationId = organization.id;
@@ -275,6 +293,20 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             registration.groupPrice = item.groupPrice;
             registration.options = item.options;
             registration.recordAnswers = item.recordAnswers;
+            registration.startDate = startDate;
+
+            // Clear if we are reusing an existing registration
+            registration.trialUntil = null;
+            registration.pricePaid = 0;
+            registration.payingOrganizationId = null;
+
+            // NOTE: we don't reset deactivatedAt - registeredAt, because those will get reset when markValid is called later on (while keeping the original registeredAt date)
+            // registration.deactivatedAt = null;
+            // registration.registeredAt = null; // this is required to trigger platform membership updates
+
+            if (item.trial) {
+                registration.trialUntil = item.calculatedTrialUntil;
+            }
 
             if (whoWillPayNow === 'organization' && request.body.asOrganizationId) {
                 registration.payingOrganizationId = request.body.asOrganizationId;
@@ -428,6 +460,10 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
                 // Who is responsible for payment?
                 balanceItem2.memberId = registration.memberId;
 
+                if (registration.trialUntil) {
+                    balanceItem2.dueAt = registration.trialUntil;
+                }
+
                 // If the paying organization hasn't paid yet, this should be hidden and move to pending as soon as the paying organization has paid
                 balanceItem2.status = BalanceItemStatus.Hidden;
                 await balanceItem2.save();
@@ -446,6 +482,10 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             // Connect the 'pay back' balance item to this balance item. As soon as this balance item is paid, we'll mark the other one as pending so the outstanding balance for the member increases
             balanceItem.dependingBalanceItemId = balanceItem2?.id ?? null;
 
+            if (registration.trialUntil) {
+                balanceItem.dueAt = registration.trialUntil;
+            }
+
             await balanceItem.save();
             createdBalanceItems.push(balanceItem);
         }
@@ -613,7 +653,9 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             const mappedBalanceItems = new Map<BalanceItem, number>();
 
             for (const item of createdBalanceItems) {
-                mappedBalanceItems.set(item, item.price);
+                if (item.dueAt === null) {
+                    mappedBalanceItems.set(item, item.price);
+                }
             }
 
             for (const item of checkout.cart.balanceItems) {
@@ -652,6 +694,9 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             await BalanceItem.updateOutstanding([...createdBalanceItems, ...unrelatedCreatedBalanceItems]);
         }
 
+        // Reallocate
+        await BalanceItemService.reallocate([...createdBalanceItems, ...unrelatedCreatedBalanceItems], organization.id);
+
         // Update occupancy
         for (const group of groups) {
             if (registrations.some(r => r.groupId === group.id) || deactivatedRegistrationGroupIds.some(id => id === group.id)) {

package/src/endpoints/global/registration-periods/PatchRegistrationPeriodsEndpoint.ts

@@ -1,6 +1,6 @@
 import { ConvertArrayToPatchableArray, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder, patchObject } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
-import { AuditLogType, RegistrationPeriod as RegistrationPeriodStruct } from '@stamhoofd/structures';
+import { AuditLogSource, AuditLogType, RegistrationPeriod as RegistrationPeriodStruct } from '@stamhoofd/structures';
 
 import { SimpleError } from '@simonbackx/simple-errors';
 import { Platform, RegistrationPeriod } from '@stamhoofd/models';
@@ -60,6 +60,7 @@ export class PatchRegistrationPeriodsEndpoint extends Endpoint<Params, Query, Bo
             period.locked = put.locked;
             period.settings = put.settings;
             period.organizationId = organization?.id ?? null;
+            await period.setPreviousPeriodId();
 
             await period.save();
             periods.push(period);
@@ -91,6 +92,7 @@ export class PatchRegistrationPeriodsEndpoint extends Endpoint<Params, Query, Bo
                 model.settings = patchObject(model.settings, patch.settings);
             }
 
+            await model.setPreviousPeriodId();
             await model.save();
 
             // Schedule patch of all groups in this period
@@ -108,7 +110,19 @@ export class PatchRegistrationPeriodsEndpoint extends Endpoint<Params, Query, Bo
                 });
             }
 
+            // Get before deleting the model
+            const updateWhere = await RegistrationPeriod.where({ previousPeriodId: model.id });
+
+            // Now delete the model
             await model.delete();
+
+            // Update all previous period ids
+            await AuditLogService.setContext({ source: AuditLogSource.System }, async () => {
+                for (const period of updateWhere) {
+                    await period.setPreviousPeriodId();
+                    await period.save();
+                }
+            });
         }
 
         // Clear platform cache

package/src/endpoints/organization/dashboard/payments/PatchBalanceItemsEndpoint.ts

@@ -6,6 +6,7 @@ import { QueueHandler } from '@stamhoofd/queues';
 import { BalanceItemStatus, BalanceItemType, BalanceItemWithPayments, PermissionLevel } from '@stamhoofd/structures';
 
 import { Context } from '../../../../helpers/Context';
+import { BalanceItemService } from '../../../../services/BalanceItemService';
 
 type Params = Record<string, never>;
 type Query = undefined;
@@ -36,7 +37,7 @@ export class PatchBalanceItemsEndpoint extends Endpoint<Params, Query, Body, Res
             throw Context.auth.error();
         }
 
-        if (request.body.changes.length == 0) {
+        if (request.body.changes.length === 0) {
             return new Response([]);
         }
 
@@ -208,8 +209,14 @@ export class PatchBalanceItemsEndpoint extends Endpoint<Params, Query, Body, Res
 
         await BalanceItem.updateOutstanding(updateOutstandingBalance);
 
+        // Reallocate
+        await BalanceItemService.reallocate(updateOutstandingBalance, organization.id);
+
+        // Reload returnedModels
+        const returnedModelsReloaded = await BalanceItem.getByIDs(...returnedModels.map(m => m.id));
+
         return new Response(
-            await BalanceItem.getStructureWithPayments(returnedModels),
+            await BalanceItem.getStructureWithPayments(returnedModelsReloaded),
         );
     }
 

package/src/endpoints/organization/dashboard/payments/PatchPaymentsEndpoint.ts

@@ -200,6 +200,9 @@ export class PatchPaymentsEndpoint extends Endpoint<Params, Query, Body, Respons
                 }
 
                 await BalanceItem.updateOutstanding(balanceItems);
+
+                // Reallocate
+                await BalanceItemService.reallocate(balanceItems, organization.id);
             }
 
             changedPayments.push(payment);

package/src/endpoints/organization/dashboard/receivable-balances/GetReceivableBalanceEndpoint.ts

@@ -100,6 +100,26 @@ export class GetReceivableBalanceEndpoint extends Endpoint<Params, Query, Body,
                     .fetch();
                 break;
             }
+
+            case ReceivableBalanceType.registration: {
+                paymentModels = await Payment.select()
+                    .where('organizationId', organization.id)
+                    .join(
+                        SQL.join(BalanceItemPayment.table)
+                            .where(SQL.column(BalanceItemPayment.table, 'paymentId'), SQL.column(Payment.table, 'id')),
+                    )
+                    .join(
+                        SQL.join(BalanceItem.table)
+                            .where(SQL.column(BalanceItemPayment.table, 'balanceItemId'), SQL.column(BalanceItem.table, 'id')),
+                    )
+                    .where(SQL.column(BalanceItem.table, 'registrationId'), request.params.id)
+                    .andWhere(
+                        SQL.whereNot('status', PaymentStatus.Failed),
+                    )
+                    .groupBy(SQL.column(Payment.table, 'id'))
+                    .fetch();
+                break;
+            }
         }
 
         const balanceItems = await BalanceItem.getStructureWithPayments(balanceItemModels);
@@ -108,8 +128,9 @@ export class GetReceivableBalanceEndpoint extends Endpoint<Params, Query, Body,
         const balances = await CachedBalance.getForObjects([request.params.id], organization.id);
 
         const created = new CachedBalance();
-        created.amount = 0;
+        created.amountOpen = 0;
         created.amountPending = 0;
+        created.amountPaid = 0;
         created.organizationId = organization.id;
         created.objectId = request.params.id;
         created.objectType = request.params.type;

package/src/endpoints/organization/dashboard/receivable-balances/GetReceivableBalancesEndpoint.ts

@@ -49,19 +49,17 @@ export class GetReceivableBalancesEndpoint extends Endpoint<Params, Query, Body,
         scopeFilter = {
             organizationId: organization.id,
             $or: {
-                amount: { $neq: 0 },
+                amountOpen: { $neq: 0 },
                 amountPending: { $neq: 0 },
                 nextDueAt: { $neq: null },
             },
+            $not: {
+                objectType: {
+                    $in: Context.auth.hasSomePlatformAccess() ? [ReceivableBalanceType.registration] : [ReceivableBalanceType.organization, ReceivableBalanceType.registration],
+                },
+            },
         };
 
-        if (!Context.auth.hasSomePlatformAccess()) {
-            // Cannot see debt between organizations
-            scopeFilter.objectType = {
-                $neq: ReceivableBalanceType.organization,
-            };
-        }
-
         const query = CachedBalance
             .select();
 

package/src/endpoints/organization/dashboard/registration-periods/PatchOrganizationRegistrationPeriodsEndpoint.ts

@@ -346,7 +346,11 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
             model.settings.period = period.getBaseStructure();
 
             if (model.type !== GroupType.EventRegistration) {
-                model.settings.startDate = period.startDate;
+                // Note: start date is curomizable, as long as it stays between period start and end
+                if (model.settings.startDate < period.startDate || model.settings.startDate > period.endDate) {
+                    model.settings.startDate = period.startDate;
+                }
+
                 model.settings.endDate = period.endDate;
             }
         }
@@ -446,9 +450,13 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
         model.status = struct.status;
         model.type = struct.type;
         model.settings.period = period.getBaseStructure();
-        model.settings.startDate = period.startDate;
         model.settings.endDate = period.endDate;
 
+        // Note: start date is curomizable, as long as it stays between period start and end
+        if (model.settings.startDate < period.startDate || model.settings.startDate > period.endDate) {
+            model.settings.startDate = period.startDate;
+        }
+
         if (!await Context.auth.canAccessGroup(model, PermissionLevel.Full)) {
             // Create a temporary permission role for this user
             const organizationPermissions = user.permissions?.organizationPermissions?.get(organizationId);

package/src/helpers/AdminPermissionChecker.ts

@@ -263,7 +263,7 @@ export class AdminPermissionChecker {
             }
 
             const cachedBalance = await CachedBalance.getForObjects([member.id]);
-            if (cachedBalance.length === 0 || (cachedBalance[0].amount === 0 && cachedBalance[0].amountPending === 0)) {
+            if (cachedBalance.length === 0 || (cachedBalance[0].amountOpen === 0 && cachedBalance[0].amountPending === 0)) {
                 return true;
             }
         }
@@ -1063,6 +1063,7 @@ export class AdminPermissionChecker {
             for (const registration of cloned.registrations) {
                 registration.price = 0;
                 registration.pricePaid = 0;
+                registration.balances = [];
             }
         }