@stamhoofd/backend 2.7.0 → 2.9.0

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -2,8 +2,8 @@ import { OneToManyRelation } from '@simonbackx/simple-database';
 import { ConvertArrayToPatchableArray, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { SimpleError } from "@simonbackx/simple-errors";
-import { BalanceItem, BalanceItemPayment, Document, Group, Member, MemberFactory, MemberPlatformMembership, MemberResponsibilityRecord, MemberWithRegistrations, Organization, Payment, Platform, Registration, RegistrationPeriod, User } from '@stamhoofd/models';
-import { BalanceItemStatus, MemberWithRegistrationsBlob, MembersBlob, PaymentMethod, PaymentStatus, PermissionLevel, Registration as RegistrationStruct, User as UserStruct } from "@stamhoofd/structures";
+import { BalanceItem, Document, Group, Member, MemberFactory, MemberPlatformMembership, MemberResponsibilityRecord, MemberWithRegistrations, Organization, Platform, Registration, User } from '@stamhoofd/models';
+import { MemberWithRegistrationsBlob, MembersBlob, PermissionLevel } from "@stamhoofd/structures";
 import { Formatter } from '@stamhoofd/utility';
 
 import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
@@ -76,15 +76,6 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
         const balanceItemRegistrationIdsPerOrganization: Map<string, string[]> = new Map()
         const updateMembershipMemberIds = new Set<string>()
 
-        function addBalanceItemRegistrationId(organizationId: string, registrationId: string) {
-            const existing = balanceItemRegistrationIdsPerOrganization.get(organizationId);
-            if (existing) {
-                existing.push(registrationId)
-                return;
-            }
-            balanceItemRegistrationIdsPerOrganization.set(organizationId, [registrationId])
-        }
-
         // Loop all members one by one
         for (const put of request.body.getPuts()) {
             const struct = put.put
@@ -118,38 +109,14 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 }
             }
 
-            if (struct.registrations.length === 0) {
-                // We risk creating a new member without being able to access it manually afterwards
-
-                if ((organization && !await Context.auth.hasFullAccess(organization.id)) || (!organization && !Context.auth.hasPlatformFullAccess())) {
-                    throw new SimpleError({
-                        code: "missing_group",
-                        message: "Missing group",
-                        human: "Je moet hoofdbeheerder zijn om een lid toe te voegen zonder inschrijving in het systeem",
-                        statusCode: 400
-                    })
-                }
-            }
-
-            // Throw early
-            for (const registrationStruct of struct.registrations) {
-                const group = await getGroup(registrationStruct.groupId)
-                if (!group || group.organizationId !== registrationStruct.organizationId || !await Context.auth.canAccessGroup(group, PermissionLevel.Write)) {
-                    throw Context.auth.notFoundOrNoAccess("Je hebt niet voldoende rechten om leden toe te voegen in deze groep")
-                }
-
-                const period = await RegistrationPeriod.getByID(group.periodId)
-                if (!period || period.locked) {
-                    throw new SimpleError({
-                        code: "period_locked",
-                        message: "Deze inschrijvingsperiode is afgesloten en staat geen wijzigingen meer toe.",
-                    })
-                }
-
-                // Set organization id of member based on registrations
-                if (!organization && STAMHOOFD.userMode !== 'platform' && !member.organizationId) {
-                    member.organizationId = group.organizationId
-                }
+            // We risk creating a new member without being able to access it manually afterwards
+            if ((organization && !await Context.auth.hasFullAccess(organization.id)) || (!organization && !Context.auth.hasPlatformFullAccess())) {
+                throw new SimpleError({
+                    code: "missing_group",
+                    message: "Missing group",
+                    human: "Je moet hoofdbeheerder zijn om een lid toe te voegen in het systeem",
+                    statusCode: 400
+                })
             }
 
             if (STAMHOOFD.userMode !== 'platform' && !member.organizationId) {
@@ -167,16 +134,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             if ((STAMHOOFD.environment == "development" || STAMHOOFD.environment == "staging") && organization) {
                 if (member.details.firstName.toLocaleLowerCase() == "create" && parseInt(member.details.lastName) > 0) {
                     const count = parseInt(member.details.lastName);
-                    let group = groups[0];
-
-                    for (const registrationStruct of struct.registrations) {
-                        const g = await getGroup(registrationStruct.groupId)
-                        if (g) {
-                            group = g
-                        }
-                    }
-
-                    await this.createDummyMembers(organization, group, count)
+                    await this.createDummyMembers(organization, count)
 
                     // Skip creating this member
                     continue;
@@ -188,20 +146,6 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             balanceItemMemberIds.push(member.id)
             updateMembershipMemberIds.add(member.id)
 
-            // Add registrations
-            for (const registrationStruct of struct.registrations) {
-                const group = await getGroup(registrationStruct.groupId)
-                if (!group || group.organizationId !== registrationStruct.organizationId || !await Context.auth.canAccessGroup(group, PermissionLevel.Write)) {
-                    throw Context.auth.notFoundOrNoAccess("Je hebt niet voldoende rechten om leden toe te voegen in deze groep")
-                }
-
-                const reg = await this.addRegistration(member, registrationStruct, group)
-                addBalanceItemRegistrationId(reg.organizationId, reg.id)
-
-                // Update occupancy at the end of the call
-                updateGroups.set(group.id, group)
-            }
-
             // Auto link users based on data
             await MemberUserSyncer.onChangeMember(member)
         }
@@ -233,192 +177,6 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             // Update documents
             await Document.updateForMember(member.id)
 
-            // Update registrations
-            for (const patchRegistration of patch.registrations.getPatches()) {
-                const registration = member.registrations.find(r => r.id === patchRegistration.id)
-                if (!registration || registration.memberId != member.id || (!await Context.auth.canAccessRegistration(registration, PermissionLevel.Write))) {
-                    throw new SimpleError({
-                        code: "permission_denied",
-                        message: "You don't have permissions to access this endpoint",
-                        human: "Je hebt geen toegang om deze registratie te wijzigen"
-                    })
-                }
-
-                let group: Group | null = null
-
-                console.log('Patch registration', patchRegistration)
-
-                if (patchRegistration.group) {
-                    patchRegistration.groupId = patchRegistration.group.id
-                }
-
-                if (patchRegistration.groupId) {
-                    group = await getGroup(patchRegistration.groupId)
-                    if (group) {
-                        // We need to update group occupancy because we moved a member to it
-                        updateGroups.set(group.id, group)
-                    }
-                    const oldGroup = await getGroup(registration.groupId)
-                    if (oldGroup) {
-                        // We need to update this group occupancy because we moved one member away from it
-                        updateGroups.set(oldGroup.id, oldGroup)
-                    }
-                } else {
-                    group = await getGroup(registration.groupId)
-                }
-
-                if (!group || group.organizationId !== (patchRegistration.organizationId ?? registration.organizationId)) {
-                    throw new SimpleError({
-                        code: "invalid_field",
-                        message: "Group doesn't exist",
-                        human: "De groep naarwaar je dit lid wilt verplaatsen bestaat niet",
-                        field: "groupId"
-                    })
-                }
-
-                if (!await Context.auth.canAccessGroup(group, PermissionLevel.Write)) {
-                    throw Context.auth.error("Je hebt niet voldoende rechten om leden te verplaatsen naar deze groep")
-                }
-
-                if (patchRegistration.cycle && patchRegistration.cycle > group.cycle) {
-                    throw new SimpleError({
-                        code: "invalid_field",
-                        message: "Invalid cycle",
-                        human: "Je kan een lid niet inschrijven voor een groep die nog moet starten",
-                        field: "cycle"
-                    })
-                }
-
-                const period = await RegistrationPeriod.getByID(group.periodId)
-                if (!period || period.locked) {
-                    throw new SimpleError({
-                        code: "period_locked",
-                        message: "Deze inschrijvingsperiode is afgesloten en staat geen wijzigingen meer toe.",
-                    })
-                }
-
-                // TODO: allow group changes
-                registration.waitingList = patchRegistration.waitingList ?? registration.waitingList
-
-                if (!registration.waitingList && registration.registeredAt === null) {
-                    registration.registeredAt = new Date()
-                }
-                registration.canRegister = patchRegistration.canRegister ?? registration.canRegister
-                if (!registration.waitingList) {
-                    registration.canRegister = false
-                }
-                registration.cycle = patchRegistration.cycle ?? registration.cycle
-                registration.groupId = patchRegistration.groupId ?? registration.groupId
-                registration.group = group
-                registration.organizationId = patchRegistration.organizationId ?? registration.organizationId
-
-                // Check if we should create a placeholder payment?
-
-                if (patchRegistration.cycle !== undefined || patchRegistration.waitingList !== undefined || patchRegistration.canRegister !== undefined) {
-                    // We need to update occupancy (because cycle / waitlist change)
-                    updateGroups.set(group.id, group)
-                }
-
-                if (patchRegistration.price) {
-                    // Create balance item
-                    const balanceItem = new BalanceItem();
-                    balanceItem.registrationId = registration.id;
-                    balanceItem.price = patchRegistration.price
-                    balanceItem.description = group ? `Inschrijving ${group.settings.name}` : `Inschrijving`
-                    balanceItem.pricePaid = patchRegistration.pricePaid ?? 0
-                    balanceItem.memberId = registration.memberId;
-                    balanceItem.userId = member.users[0]?.id ?? null
-                    balanceItem.organizationId = group.organizationId
-                    balanceItem.status = BalanceItemStatus.Pending;
-                    await balanceItem.save();
-
-                    addBalanceItemRegistrationId(registration.organizationId, registration.id)
-                    balanceItemMemberIds.push(member.id)
-
-                    if (balanceItem.pricePaid > 0) {
-                        // Create an Unknown payment and attach it to the balance item
-                        const payment = new Payment();
-                        payment.userId = member.users[0]?.id ?? null
-                        payment.organizationId = member.organizationId
-                        payment.method = PaymentMethod.Unknown
-                        payment.status = PaymentStatus.Succeeded
-                        payment.price = balanceItem.pricePaid;
-                        payment.paidAt = new Date()
-                        payment.provider = null
-                        await payment.save()
-
-                        const balanceItemPayment = new BalanceItemPayment()
-                        balanceItemPayment.balanceItemId = balanceItem.id;
-                        balanceItemPayment.paymentId = payment.id;
-                        balanceItemPayment.organizationId = group.organizationId
-                        balanceItemPayment.price = payment.price;
-                        await balanceItemPayment.save();
-                    }
-                }
-
-                await registration.save()
-                updateMembershipMemberIds.add(member.id)
-            }
-
-            for (const deleteId of patch.registrations.getDeletes()) {
-                const registration = member.registrations.find(r => r.id === deleteId)
-                if (!registration || registration.memberId != member.id) {
-                    throw new SimpleError({
-                        code: "permission_denied",
-                        message: "You don't have permissions to access this endpoint",
-                        human: "Je hebt geen toegang om deze registratie te wijzigen"
-                    })
-                }
-
-                if (!await Context.auth.canAccessRegistration(registration, PermissionLevel.Write)) {
-                    throw Context.auth.error("Je hebt niet voldoende rechten om deze inschrijving te verwijderen")
-                }
-                const oldGroup = await getGroup(registration.groupId)
-                const period = oldGroup && await RegistrationPeriod.getByID(oldGroup.periodId)
-                if (!period || period.locked) {
-                    throw new SimpleError({
-                        code: "period_locked",
-                        message: "Deze inschrijvingsperiode is afgesloten en staat geen wijzigingen meer toe.",
-                    })
-                }
-
-                balanceItemMemberIds.push(member.id)     
-                updateMembershipMemberIds.add(member.id)           
-                await BalanceItem.deleteForDeletedRegistration(registration.id)
-                await registration.delete()
-                member.registrations = member.registrations.filter(r => r.id !== deleteId)
-
-                if (oldGroup) {
-                    // We need to update this group occupancy because we moved one member away from it
-                    updateGroups.set(oldGroup.id, oldGroup)
-                }
-            }
-
-            // Add registrations
-            for (const registrationStruct of patch.registrations.getPuts()) {
-                const struct = registrationStruct.put
-                const group = await getGroup(struct.groupId)
-
-                if (!group || group.organizationId !== struct.organizationId || !await Context.auth.canAccessGroup(group, PermissionLevel.Write)) {
-                    throw Context.auth.error("Je hebt niet voldoende rechten om inschrijvingen in deze groep te maken")
-                }
-                const period = await RegistrationPeriod.getByID(group.periodId)
-                if (!period || period.locked) {
-                    throw new SimpleError({
-                        code: "period_locked",
-                        message: "Deze inschrijvingsperiode is afgesloten en staat geen wijzigingen meer toe.",
-                    })
-                }
-
-                const reg = await this.addRegistration(member, struct, group)
-                balanceItemMemberIds.push(member.id)
-                updateMembershipMemberIds.add(member.id)
-                addBalanceItemRegistrationId(reg.organizationId, reg.id)
-
-                // We need to update this group occupancy because we moved one member away from it
-                updateGroups.set(group.id, group)
-            }
-
             // Update responsibilities
             for (const patchResponsibility of patch.responsibilities.getPatches()) {
                 if (!Context.auth.hasPlatformFullAccess() && !(organization && await Context.auth.hasFullAccess(organization.id))) {
@@ -570,6 +328,26 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             // Auto link users based on data
             await MemberUserSyncer.onChangeMember(member)
 
+            // Allow to remove access for certain users
+            for (const id of patch.users.getDeletes()) {
+                const user = member.users.find(u => u.id === id)
+                if (!user) {
+                    // Ignore silently
+                    continue;
+                }
+
+                if (MemberUserSyncer.doesEmailHaveAccess(member.details, user.email)) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Invalid email",
+                        human: "Je kan een account niet de toegang ontzetten tot een lid als het e-mailadres nog steeds is opgeslagen als onderdeel van de gegevens van dat lid. Verwijder eerst het e-mailadres uit de gegevens van het lid en ontkoppel daarna het account."
+                    });
+                }
+
+                // Remove access
+                await MemberUserSyncer.unlinkUser(user, member)
+            }
+
             // Add platform memberships
             for (const {put} of patch.platformMemberships.getPuts()) {
                 if (put.periodId !== platform.periodId) {
@@ -745,120 +523,9 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
         }
     }
 
-    async addRegistration(member: Member & Record<"registrations", (Registration & {group: Group})[]> & Record<"users", User[]>, registrationStruct: RegistrationStruct, group: Group) {
-        // Check if this member has this registration already.
-        // Note: we cannot use the relation here, because invalid ones or reserved ones are not loaded in there
-        const existings = await Registration.where({ 
-            memberId: member.id, 
-            groupId: registrationStruct.groupId,
-            cycle: registrationStruct.cycle
-        }, { limit: 1 })
-        const existing = existings.length > 0 ? existings[0] : null
-
-        // If the existing is invalid, delete it.
-        if (existing && !existing.registeredAt && !existing.waitingList) {
-            console.log('Deleting invalid registration', existing.id)
-            await existing.delete()
-        } else if (existing) {
-            throw new SimpleError({
-                code: "invalid_field",
-                message: "Registration already exists",
-                human: existing.waitingList ? "Dit lid staat al op de wachtlijst voor deze groep" : "Dit lid is al ingeschreven voor deze groep",
-                field: "groupId"
-            });
-        }
-
-        if (!group) {
-            throw new SimpleError({
-                code: 'invalid_field',
-                field: 'groupId',
-                message: 'Invalid groupId',
-                human: 'Deze inschrijvingsgroep is ongeldig'
-            })
-        }
-
-        const registration = new Registration()
-        registration.groupId = registrationStruct.groupId
-        registration.organizationId = group.organizationId
-        registration.periodId = group.periodId
-        registration.cycle = registrationStruct.cycle
-        registration.memberId = member.id
-        registration.registeredAt = registrationStruct.registeredAt
-        registration.waitingList = registrationStruct.waitingList
-        registration.createdAt = registrationStruct.createdAt ?? new Date()
-
-        if (registration.waitingList) {
-            registration.registeredAt = null
-        }
-        registration.canRegister = registrationStruct.canRegister
-
-        if (!registration.waitingList) {
-            registration.canRegister = false
-        }
-        registration.deactivatedAt = registrationStruct.deactivatedAt
-
-        await registration.save()
-        member.registrations.push(registration.setRelation(Registration.group, group))
-
-        if (registrationStruct.price) {
-            // Create balance item
-            const balanceItem = new BalanceItem();
-            balanceItem.registrationId = registration.id;
-            balanceItem.price = registrationStruct.price
-            balanceItem.description = group ? `Inschrijving ${group.settings.name}` : `Inschrijving`
-            balanceItem.pricePaid = registrationStruct.pricePaid ?? 0
-            balanceItem.memberId = registration.memberId;
-            balanceItem.userId = member.users[0]?.id ?? null
-            balanceItem.organizationId = group.organizationId
-            balanceItem.status = BalanceItemStatus.Pending;
-            await balanceItem.save();
-
-            if (balanceItem.pricePaid > 0) {
-                // Create an Unknown payment and attach it to the balance item
-                const payment = new Payment();
-                payment.userId = member.users[0]?.id ?? null
-                payment.organizationId = member.organizationId
-                payment.method = PaymentMethod.Unknown
-                payment.status = PaymentStatus.Succeeded
-                payment.price = balanceItem.pricePaid;
-                payment.paidAt = new Date()
-                payment.provider = null
-                await payment.save()
-
-                const balanceItemPayment = new BalanceItemPayment()
-                balanceItemPayment.balanceItemId = balanceItem.id;
-                balanceItemPayment.paymentId = payment.id;
-                balanceItemPayment.organizationId = group.organizationId
-                balanceItemPayment.price = payment.price;
-                await balanceItemPayment.save();
-            }
-        }
-
-        return registration
-    }
-
-    async createDummyMembers(organization: Organization, group: Group, count: number) {
-        const members = await new MemberFactory({ 
-            organization,
-            minAge: group.settings.minAge ?? undefined,
-            maxAge: group.settings.maxAge ?? undefined
+    async createDummyMembers(organization: Organization, count: number) {
+        await new MemberFactory({ 
+            organization
         }).createMultiple(count)
-
-        for (const m of members) {
-            const member = m.setManyRelation(Member.registrations as unknown as OneToManyRelation<"registrations", Member, Registration>, []).setManyRelation(Member.users, [])
-            const d = new Date(new Date().getTime() - Math.random() * 60 * 1000 * 60 * 24 * 60)
-
-            // Create a registration for this member for thisg roup
-            const registration = new Registration()
-            registration.organizationId = organization.id
-            registration.memberId = member.id
-            registration.groupId = group.id
-            registration.periodId = group.periodId
-            registration.cycle = group.cycle
-            registration.registeredAt = d
-
-            member.registrations.push(registration)
-            await registration.save()
-        }
     }
 }

package/src/endpoints/global/registration/GetUserBalanceEndpoint.ts

@@ -1,13 +1,13 @@
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { BalanceItem, Member } from "@stamhoofd/models";
-import { MemberBalanceItem } from "@stamhoofd/structures";
+import { BalanceItemWithPayments } from "@stamhoofd/structures";
 
 import { Context } from "../../../helpers/Context";
 
 type Params = Record<string, never>;
 type Query = undefined
 type Body = undefined
-type ResponseBody = MemberBalanceItem[]
+type ResponseBody = BalanceItemWithPayments[]
 
 export class GetUserBalanceEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
     protected doesMatch(request: Request): [true, Params] | [false] {
@@ -33,7 +33,7 @@ export class GetUserBalanceEndpoint extends Endpoint<Params, Query, Body, Respon
         const balanceItems = await BalanceItem.balanceItemsForUsersAndMembers(organization?.id ?? null, [user.id], members.map(m => m.id))
 
         return new Response(
-            await BalanceItem.getMemberStructure(balanceItems)
+            await BalanceItem.getStructureWithPayments(balanceItems)
         );
     }
 }

package/src/endpoints/global/registration/PatchUserMembersEndpoint.ts

@@ -4,10 +4,10 @@ import { SimpleError } from '@simonbackx/simple-errors';
 import { Document, Member } from '@stamhoofd/models';
 import { MemberWithRegistrationsBlob, MembersBlob } from "@stamhoofd/structures";
 
-import { Context } from '../../../helpers/Context';
-import { PatchOrganizationMembersEndpoint } from '../../global/members/PatchOrganizationMembersEndpoint';
 import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
+import { Context } from '../../../helpers/Context';
 import { MemberUserSyncer } from '../../../helpers/MemberUserSyncer';
+import { PatchOrganizationMembersEndpoint } from '../../global/members/PatchOrganizationMembersEndpoint';
 type Params = Record<string, never>;
 type Query = undefined;
 type Body = PatchableArrayAutoEncoder<MemberWithRegistrationsBlob>
@@ -48,15 +48,6 @@ export class PatchUserMembersEndpoint extends Endpoint<Params, Query, Body, Resp
             struct.details.cleanData()
             member.details = struct.details
 
-            if (!struct.details) {
-                throw new SimpleError({
-                    code: "invalid_data",
-                    message: "No details provided",
-                    human: "Opgelet! Je gebruikt een oudere versie van de inschrijvingspagina die niet langer wordt ondersteund. Herlaad de website grondig en wis je browser cache.",
-                    field: "details"
-                })
-            }
-
             // Check for duplicates and prevent creating a duplicate member by a user
             const duplicate = await PatchOrganizationMembersEndpoint.checkDuplicate(member);
             if (duplicate) {
@@ -85,6 +76,12 @@ export class PatchUserMembersEndpoint extends Endpoint<Params, Query, Body, Resp
             if (updatedMember) {
                 // Make sure we also give access to other parents
                 await MemberUserSyncer.onChangeMember(updatedMember)
+
+                if (!updatedMember.users.find(u => u.id === user.id)) {
+                    // Also link the user to the member if the email address is missing in the details
+                    await MemberUserSyncer.linkUser(user.email, updatedMember, true)
+                }
+
                 await Document.updateForMember(updatedMember.id)
             }
         }