@stamhoofd/backend 2.7.0 → 2.9.0

package/src/endpoints/global/registration/RegisterMembersEndpoint.ts

@@ -6,7 +6,7 @@ import { SimpleError } from '@simonbackx/simple-errors';
 import { I18n } from '@stamhoofd/backend-i18n';
 import { Email } from '@stamhoofd/email';
 import { BalanceItem, BalanceItemPayment, Group, Member, MemberWithRegistrations, MolliePayment, MollieToken, Organization, PayconiqPayment, Payment, Platform, RateLimiter, Registration, User } from '@stamhoofd/models';
-import { BalanceItemStatus, IDRegisterCheckout, MemberBalanceItem, PaymentMethod, PaymentMethodHelper, PaymentProvider, PaymentStatus, Payment as PaymentStruct, PermissionLevel, PlatformFamily, PlatformMember, RegisterItem, RegisterResponse, Version } from "@stamhoofd/structures";
+import { BalanceItemRelation, BalanceItemRelationType, BalanceItemStatus, BalanceItemType, IDRegisterCheckout, BalanceItemWithPayments, PaymentMethod, PaymentMethodHelper, PaymentProvider, PaymentStatus, Payment as PaymentStruct, PermissionLevel, PlatformFamily, PlatformMember, RegisterItem, RegisterResponse, Version } from "@stamhoofd/structures";
 import { Formatter } from '@stamhoofd/utility';
 
 import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
@@ -98,11 +98,14 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             }
         }
 
+        const deleteRegistrationIds = request.body.cart.deleteRegistrationIds
+        const deleteRegistrationModels = (deleteRegistrationIds.length ? (await Registration.getByIDs(...deleteRegistrationIds)) : []).filter(r => r.organizationId === organization.id)
+
         const memberIds = Formatter.uniqueArray(
-            [...request.body.cart.items.map(i => i.memberId), ...request.body.cart.deleteRegistrations.map(i => i.member.id)]
+            [...request.body.memberIds, ...deleteRegistrationModels.map(i => i.memberId)]
         )
         const members = await Member.getBlobByIds(...memberIds)
-        const groupIds = Formatter.uniqueArray(request.body.cart.items.map(i => i.groupId))
+        const groupIds = request.body.groupIds
         const groups = await Group.getByIDs(...groupIds)
 
         for (const group of groups) {
@@ -174,23 +177,21 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
 
         // Validate balance items (can only happen serverside)
         const balanceItemIds = request.body.cart.balanceItems.map(i => i.item.id)
-        let memberBalanceItems: MemberBalanceItem[] = []
-        let balanceItems: BalanceItem[] = []
+        let memberBalanceItemsStructs: BalanceItemWithPayments[] = []
+        let balanceItemsModels: BalanceItem[] = []
         if (balanceItemIds.length > 0) {
-            balanceItems = await BalanceItem.where({ id: { sign:'IN', value: balanceItemIds }, organizationId: organization.id })
-            if (balanceItems.length != balanceItemIds.length) {
+            balanceItemsModels = await BalanceItem.where({ id: { sign:'IN', value: balanceItemIds }, organizationId: organization.id })
+            if (balanceItemsModels.length != balanceItemIds.length) {
                 throw new SimpleError({
                     code: "invalid_data",
                     message: "Oeps, één of meerdere openstaande bedragen in jouw winkelmandje zijn aangepast. Herlaad de pagina en probeer opnieuw."
                 })
             }
-            memberBalanceItems = await BalanceItem.getMemberStructure(balanceItems)
+            memberBalanceItemsStructs = await BalanceItem.getStructureWithPayments(balanceItemsModels)
         }
 
-        console.log('isAdminFromSameOrganization', checkout.isAdminFromSameOrganization)
-
         // Validate the cart
-        checkout.validate({memberBalanceItems})
+        checkout.validate({memberBalanceItems: memberBalanceItemsStructs})
 
         // Recalculate the price
         checkout.updatePrices()
@@ -233,34 +234,37 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
 
             // Check if this member is already registered in this group?
             const existingRegistrations = await Registration.where({ memberId: member.id, groupId: item.groupId, cycle: group.cycle })
-            let registration: RegistrationWithMemberAndGroup | undefined = undefined;
 
             for (const existingRegistration of existingRegistrations) {
-                registration = existingRegistration
-                    .setRelation(registrationMemberRelation, member as Member)
-                    .setRelation(Registration.group, group)
-                
+                if (item.replaceRegistrations.some(r => r.id === existingRegistration.id)) {
+                    // Safe
+                    continue;
+                }
+
+                if (checkout.cart.deleteRegistrations.some(r => r.id === existingRegistration.id)) {
+                    // Safe
+                    continue;
+                }
 
                 if (existingRegistration.registeredAt !== null && existingRegistration.deactivatedAt === null) {
                     throw new SimpleError({
                         code: "already_registered",
-                        message: "Dit lid is reeds ingeschreven. Herlaad de pagina en probeer opnieuw."
+                        message: `${member.firstName} is al ingeschreven voor ${group.settings.name}. Mogelijks heb je meerdere keren proberen in te schrijven en is het intussen wel gelukt. Herlaad de pagina best even om zeker te zijn.`
                     })
                 }
             }
 
-            if (!registration) {
-                registration = new Registration()
-                    .setRelation(registrationMemberRelation, member as Member)
-                    .setRelation(Registration.group, group)
-                registration.organizationId = organization.id
-                registration.periodId = group.periodId
-            }
+            const registration = new Registration()
+                .setRelation(registrationMemberRelation, member as Member)
+                .setRelation(Registration.group, group)
+            registration.organizationId = organization.id
+            registration.periodId = group.periodId
 
             registration.memberId = member.id
             registration.groupId = group.id
-            registration.cycle = group.cycle
-            registration.price = item.calculatedPrice
+            registration.price = 0 // will get filled by balance items themselves 
+            registration.groupPrice = item.groupPrice;
+            registration.options = item.options
 
             payRegistrations.push({
                 registration,
@@ -305,36 +309,71 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
 
         console.log('Registering members using whoWillPayNow', whoWillPayNow, checkout.paymentMethod, totalPrice)
 
-        const items: BalanceItem[] = []
-        const shouldMarkValid = whoWillPayNow === 'nobody' || checkout.paymentMethod === PaymentMethod.Transfer || checkout.paymentMethod === PaymentMethod.PointOfSale
+        const createdBalanceItems: BalanceItem[] = []
+        const shouldMarkValid = whoWillPayNow === 'nobody' || checkout.paymentMethod === PaymentMethod.Transfer || checkout.paymentMethod === PaymentMethod.PointOfSale || checkout.paymentMethod === PaymentMethod.Unknown
+        
+        // Create negative balance items
+        for (const registrationStruct of [...checkout.cart.deleteRegistrations, ...checkout.cart.items.flatMap(i => i.replaceRegistrations)]) {
+            if (whoWillPayNow !== 'nobody') {
+                // this also fixes the issue that we cannot delete the registration right away if we would need to wait for a payment 
+                throw new SimpleError({
+                    code: "forbidden",
+                    message: "Permission denied: you are not allowed to delete registrations",
+                    human: "Oeps, je hebt geen toestemming om inschrijvingen te verwijderen.",
+                    statusCode: 403
+                })
+            }
 
-        // Save registrations and add extra data if needed
-        for (const bundle of payRegistrations) {
-            const registration = bundle.registration;
+            const existingRegistration = await Registration.getByID(registrationStruct.id)
+            if (!existingRegistration || existingRegistration.organizationId !== organization.id) {
+                throw new SimpleError({
+                    code: "invalid_data",
+                    message: "Oeps, één of meerdere inschrijvingen die je probeert te verwijderen lijken niet meer te bestaan. Herlaad de pagina en probeer opnieuw."
+                })
+            }
 
-            registration.reservedUntil = null
+            if (!await Context.auth.canAccessRegistration(existingRegistration, PermissionLevel.Write)) {
+                throw new SimpleError({
+                    code: "forbidden",
+                    message: "Je hebt geen toegaansrechten om deze inschrijving te verwijderen.",
+                    statusCode: 403
+                })
+            }
 
-            if (shouldMarkValid) {
-                await registration.markValid()
-            } else {
-                // Reserve registration for 30 minutes (if needed)
-                const group = groups.find(g => g.id === registration.groupId)
+            if (existingRegistration.deactivatedAt || !existingRegistration.registeredAt) {
+                throw new SimpleError({
+                    code: "invalid_data",
+                    message: "Oeps, één of meerdere inschrijvingen die je probeert te verwijderen was al verwijderd. Herlaad de pagina en probeer opnieuw."
+                })
+            }
 
-                if (group && group.settings.maxMembers !== null) {
-                    registration.reservedUntil = new Date(new Date().getTime() + 1000*60*30)
+            // We can alter right away since whoWillPayNow is nobody, and shouldMarkValid will always be true
+            // Find all balance items of this registration and set them to zero
+            await BalanceItem.deleteForDeletedRegistration(existingRegistration.id)
+            
+            // Clear the registration
+            await existingRegistration.deactivate()
+
+            const group = groups.find(g => g.id === existingRegistration.groupId)
+            if (!group) {
+                const g = await Group.getByID(existingRegistration.groupId)
+                if (g) {
+                    groups.push(g)
                 }
-                await registration.save()
             }
+        }
 
-            if (bundle.item.calculatedPrice === 0) {
-                continue;
-            }
+        async function createBalanceItem({registration, amount, unitPrice, description, type, relations}: {amount?: number, registration: RegistrationWithMemberAndGroup, unitPrice: number, description: string, relations: Map<BalanceItemRelationType, BalanceItemRelation>, type: BalanceItemType}) {
+            // NOTE: We also need to save zero-price balance items because for online payments, we need to know which registrations to activate after payment
 
             // Create balance item
             const balanceItem = new BalanceItem();
             balanceItem.registrationId = registration.id;
-            balanceItem.price = bundle.item.calculatedPrice
-            balanceItem.description = `Inschrijving ${registration.group.settings.name}`
+            balanceItem.unitPrice = unitPrice
+            balanceItem.amount = amount ?? 1
+            balanceItem.description = description
+            balanceItem.relations = relations
+            balanceItem.type = type
 
             // Who needs to receive this money?
             balanceItem.organizationId = organization.id;
@@ -353,8 +392,11 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
                 // because otherwise the total price and pricePaid for the registration would be incorrect
                 //balanceItem2.registrationId = registration.id;
 
-                balanceItem2.price = bundle.item.calculatedPrice
-                balanceItem2.description = `Inschrijving ${registration.group.settings.name}`
+                balanceItem2.unitPrice = unitPrice
+                balanceItem2.amount = amount ?? 1
+                balanceItem2.description = description
+                balanceItem2.relations = relations
+                balanceItem2.type = type
 
                 // Who needs to receive this money?
                 balanceItem2.organizationId = request.body.asOrganizationId;
@@ -366,7 +408,7 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
                 balanceItem2.status = shouldMarkValid ? BalanceItemStatus.Pending : BalanceItemStatus.Hidden
                 await balanceItem2.save();
 
-                // do not add to items array because we don't want to add this to the payment if we create a payment
+                // do not add to createdBalanceItems array because we don't want to add this to the payment if we create a payment
             } else {
                 balanceItem.memberId = registration.memberId;
                 balanceItem.userId = user.id
@@ -379,14 +421,108 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             balanceItem.dependingBalanceItemId = balanceItem2?.id ?? null
             
             await balanceItem.save();
-            items.push(balanceItem)
+            createdBalanceItems.push(balanceItem)
+        }
+
+        // Save registrations and add extra data if needed
+        for (const bundle of payRegistrations) {
+            const {item, registration} = bundle;
+            registration.reservedUntil = null
+
+            if (shouldMarkValid) {
+                await registration.markValid({skipEmail: bundle.item.replaceRegistrations.length > 0})
+            } else {
+                // Reserve registration for 30 minutes (if needed)
+                const group = groups.find(g => g.id === registration.groupId)
+
+                if (group && group.settings.maxMembers !== null) {
+                    registration.reservedUntil = new Date(new Date().getTime() + 1000*60*30)
+                }
+                await registration.save()
+            }
+
+            // Note: we should always create the balance items: even when the price is zero
+            // Otherwise we don't know which registrations to activate after payment
+            
+            if (shouldMarkValid && item.calculatedPrice === 0) {
+                continue;
+            }
+
+            // Create balance items
+            const sharedRelations: [BalanceItemRelationType, BalanceItemRelation][] = [
+                [
+                    BalanceItemRelationType.Member, 
+                    BalanceItemRelation.create({
+                        id: item.member.id,
+                        name: item.member.patchedMember.name
+                    })
+                ],
+                [
+                    BalanceItemRelationType.Group, 
+                    BalanceItemRelation.create({
+                        id: item.group.id,
+                        name: item.group.settings.name
+                    })
+                ]
+            ]
+
+            if (item.group.settings.prices.length > 1) {
+                sharedRelations.push([
+                    BalanceItemRelationType.GroupPrice, 
+                    BalanceItemRelation.create({
+                        id: item.groupPrice.id,
+                        name: item.groupPrice.name
+                    })
+                ])
+            }
+
+            // Base price
+            await createBalanceItem({
+                registration, 
+                unitPrice: item.groupPrice.price.forMember(item.member),
+                type: BalanceItemType.Registration,
+                description: `${item.member.patchedMember.name} bij ${item.group.settings.name}`,
+                relations: new Map([
+                    ...sharedRelations
+                ])
+            })
+
+            // Options
+            for (const option of item.options) {
+                await createBalanceItem({
+                    registration, 
+                    amount: option.amount,
+                    unitPrice: option.option.price.forMember(item.member),
+                    type: BalanceItemType.Registration,
+                    description: `${option.optionMenu.name}: ${option.option.name}`,
+                    relations: new Map([
+                        ...sharedRelations,
+                        [
+                            BalanceItemRelationType.GroupOptionMenu, 
+                            BalanceItemRelation.create({
+                                id: option.optionMenu.id,
+                                name: option.optionMenu.name,
+                            })
+                        ],
+                        [
+                            BalanceItemRelationType.GroupOption, 
+                            BalanceItemRelation.create({
+                                id: option.option.id,
+                                name: option.option.name,
+                            })
+                        ]
+                    ])
+                })
+            }
+
         }
         
         const oldestMember = members.slice().sort((a, b) => b.details.defaultAge - a.details.defaultAge)[0]
         if (checkout.freeContribution && !request.body.asOrganizationId) {
             // Create balance item
             const balanceItem = new BalanceItem();
-            balanceItem.price = checkout.freeContribution
+            balanceItem.type = BalanceItemType.FreeContribution
+            balanceItem.unitPrice = checkout.freeContribution
             balanceItem.description = `Vrije bijdrage`
             balanceItem.pricePaid = 0;
             balanceItem.userId = user.id
@@ -399,13 +535,14 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             }
             balanceItem.status = shouldMarkValid ? BalanceItemStatus.Pending : BalanceItemStatus.Hidden
             await balanceItem.save();
-            items.push(balanceItem)
+            createdBalanceItems.push(balanceItem)
         }
 
         if (checkout.administrationFee && whoWillPayNow !== 'nobody') {
             // Create balance item
             const balanceItem = new BalanceItem();
-            balanceItem.price = checkout.administrationFee
+            balanceItem.type = BalanceItemType.AdministrationFee
+            balanceItem.unitPrice = checkout.administrationFee
             balanceItem.description = `Administratiekosten`
             balanceItem.pricePaid = 0;
             balanceItem.organizationId = organization.id;
@@ -423,62 +560,15 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             balanceItem.status = shouldMarkValid ? BalanceItemStatus.Pending : BalanceItemStatus.Hidden
             await balanceItem.save();
 
-            items.push(balanceItem);
+            createdBalanceItems.push(balanceItem);
         }
 
         if (checkout.cart.balanceItems.length && whoWillPayNow === 'nobody') {
-            throw new Error('Not possible to pay balance items when whoWillPayNow is nobody')
-        }
-
-        // Create negative balance items
-        for (const registrationStruct of checkout.cart.deleteRegistrations) {
-            if (whoWillPayNow !== 'nobody') {
-                // this also fixes the issue that we cannot delete the registration right away if we would need to wait for a payment 
-                throw new SimpleError({
-                    code: "forbidden",
-                    message: "Permission denied: you are not allowed to delete registrations",
-                    human: "Oeps, je hebt geen toestemming om inschrijvingen te verwijderen.",
-                    statusCode: 403
-                })
-            }
-
-            const existingRegistration = await Registration.getByID(registrationStruct.id)
-            if (!existingRegistration || existingRegistration.organizationId !== organization.id) {
-                throw new SimpleError({
-                    code: "invalid_data",
-                    message: "Oeps, één of meerdere inschrijvingen die je probeert te verwijderen lijken niet meer te bestaan. Herlaad de pagina en probeer opnieuw."
-                })
-            }
-
-            if (!await Context.auth.canAccessRegistration(existingRegistration, PermissionLevel.Write)) {
-                throw new SimpleError({
-                    code: "forbidden",
-                    message: "Je hebt geen toegaansrechten om deze inschrijving te verwijderen.",
-                    statusCode: 403
-                })
-            }
-
-            if (existingRegistration.deactivatedAt || !existingRegistration.registeredAt) {
-                throw new SimpleError({
-                    code: "invalid_data",
-                    message: "Oeps, één of meerdere inschrijvingen die je probeert te verwijderen was al verwijderd. Herlaad de pagina en probeer opnieuw."
-                })
-            }
-
-            // We can alter right away since whoWillPayNow is nobody, and shouldMarkValid will always be true
-            // Find all balance items of this registration and set them to zero
-            await BalanceItem.deleteForDeletedRegistration(existingRegistration.id)
-            
-            // Clear the registration
-            await existingRegistration.deactivate()
-
-            const group = groups.find(g => g.id === existingRegistration.groupId)
-            if (!group) {
-                const g = await Group.getByID(existingRegistration.groupId)
-                if (g) {
-                    groups.push(g)
-                }
-            }
+            throw new SimpleError({
+                code: 'invalid_data',
+                message: 'Not possible to pay balance items as the organization',
+                statusCode: 400
+            })
         }
 
         let paymentUrl: string | null = null
@@ -487,19 +577,21 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
         if (whoWillPayNow !== 'nobody') {
             const mappedBalanceItems = new Map<BalanceItem, number>()
 
-            for (const item of items) {
+            for (const item of createdBalanceItems) {
                 mappedBalanceItems.set(item, item.price)
             }
 
             for (const item of checkout.cart.balanceItems) {
-                const balanceItem = balanceItems.find(i => i.id === item.item.id)
+                const balanceItem = balanceItemsModels.find(i => i.id === item.item.id)
                 if (!balanceItem) {
                     throw new Error('Balance item not found')
                 }
                 mappedBalanceItems.set(balanceItem, item.price)
-                items.push(balanceItem)
+                createdBalanceItems.push(balanceItem)
             }
 
+            // Make sure every price is accurate before creating a payment
+            await BalanceItem.updateOutstanding(createdBalanceItems, organization.id)
             const response = await this.createPayment({
                 balanceItems: mappedBalanceItems,
                 organization,
@@ -512,9 +604,10 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
                 paymentUrl = response.paymentUrl
                 payment = response.payment
             }
+        } else {
+            await BalanceItem.updateOutstanding(createdBalanceItems, organization.id)
         }
 
-        await BalanceItem.updateOutstanding(items, organization.id)
 
         // Update occupancy
         for (const group of groups) {
@@ -524,9 +617,11 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
             }
         }
 
+        const updatedMembers = await Member.getBlobByIds(...memberIds)
+
         return new Response(RegisterResponse.create({
             payment: payment ? PaymentStruct.create(payment) : null,
-            members: await AuthenticatedStructures.membersBlob(members),
+            members: await AuthenticatedStructures.membersBlob(updatedMembers),
             registrations: registrations.map(r => Member.getRegistrationWithMemberStructure(r)),
             paymentUrl
         }));

package/src/endpoints/global/registration-periods/PatchRegistrationPeriodsEndpoint.ts

@@ -2,10 +2,9 @@ import { ConvertArrayToPatchableArray, Decoder, PatchableArrayAutoEncoder, Patch
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { RegistrationPeriod as RegistrationPeriodStruct } from "@stamhoofd/structures";
 
-import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
-import { Context } from '../../../helpers/Context';
-import { Platform, RegistrationPeriod } from '@stamhoofd/models';
 import { SimpleError } from '@simonbackx/simple-errors';
+import { Platform, RegistrationPeriod } from '@stamhoofd/models';
+import { Context } from '../../../helpers/Context';
 
 type Params = Record<string, never>;
 type Query = undefined;

package/src/endpoints/organization/dashboard/email-templates/GetEmailTemplatesEndpoint.ts

@@ -1,36 +1,24 @@
-import { AutoEncoder, Data, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { AutoEncoder, Data, Decoder, EnumDecoder, field, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { EmailTemplate } from '@stamhoofd/models';
 import { EmailTemplate as EmailTemplateStruct, EmailTemplateType } from '@stamhoofd/structures';
 
 import { Context } from '../../../../helpers/Context';
+import { StringNullableDecoder } from '../../../../decoders/StringNullableDecoder';
+import { StringArrayDecoder } from '../../../../decoders/StringArrayDecoder';
 
 type Params = Record<string, never>;
 type Body = undefined;
 
-export class StringNullableDecoder<T> implements Decoder<T | null> {
-    decoder: Decoder<T>;
-
-    constructor(decoder: Decoder<T>) {
-        this.decoder = decoder;
-    }
-
-    decode(data: Data): T | null {
-        if (data.value === 'null') {
-            return null;
-        }
-
-        return data.decode(this.decoder);
-    }
-}
-
-
 class Query extends AutoEncoder {
     @field({ decoder: new StringNullableDecoder(StringDecoder), optional: true, nullable: true })
     webshopId: string|null = null
 
-    @field({ decoder: new StringNullableDecoder(StringDecoder), optional: true, nullable: true})
-    groupId: string|null = null
+    @field({ decoder: new StringNullableDecoder(new StringArrayDecoder(StringDecoder)), optional: true, nullable: true})
+    groupIds: string[]|null = null
+
+    @field({ decoder: new StringNullableDecoder(new StringArrayDecoder(new EnumDecoder(EmailTemplateType))), optional: true, nullable: true})
+    types: EmailTemplateType[]|null = null
 }
 
 type ResponseBody = EmailTemplateStruct[];
@@ -65,15 +53,24 @@ export class GetEmailTemplatesEndpoint extends Endpoint<Params, Query, Body, Res
             } 
         }
 
-        const types = [...Object.values(EmailTemplateType)].filter(type => {
+        const types = (request.query.types ?? [...Object.values(EmailTemplateType)]).filter(type => {
             if (!organization) {
-                return true;
+                return EmailTemplateStruct.allowPlatformLevel(type)
             }
             return EmailTemplateStruct.allowOrganizationLevel(type)
         })
 
         
-        const templates = organization ? (await EmailTemplate.where({ organizationId: organization.id, webshopId: request.query.webshopId ?? null, groupId: request.query.groupId ?? null, type: {sign: 'IN', value: types}})) : [];        
+        const templates = organization ? 
+            (
+                await EmailTemplate.where({ organizationId: organization.id, webshopId: request.query.webshopId ?? null, groupId: request.query.groupIds ? {sign: 'IN', value: request.query.groupIds} : null, type: {sign: 'IN', value: types}})
+            ) 
+            : (
+                // Required for event emails when logged in as the platform admin
+                (request.query.webshopId || request.query.groupIds) ? 
+                    await EmailTemplate.where({ webshopId: request.query.webshopId ?? null, groupId: request.query.groupIds ? {sign: 'IN', value: request.query.groupIds} : null, type: {sign: 'IN', value: types}}) 
+                    : []
+            );        
         const defaultTemplates = await EmailTemplate.where({ organizationId: null, type: {sign: 'IN', value: types} });
         return new Response([...templates, ...defaultTemplates].map(template => EmailTemplateStruct.create(template)))
     }

package/src/endpoints/organization/dashboard/email-templates/PatchEmailTemplatesEndpoint.ts

@@ -1,9 +1,10 @@
 import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
-import { EmailTemplate } from '@stamhoofd/models';
+import { EmailTemplate, Group, Webshop } from '@stamhoofd/models';
 import { EmailTemplate as EmailTemplateStruct, PermissionLevel } from '@stamhoofd/structures';
 
 import { Context } from '../../../../helpers/Context';
+import { SimpleError } from '@simonbackx/simple-errors';
 
 type Params = Record<string, never>;
 type Body = PatchableArrayAutoEncoder<EmailTemplateStruct>;
@@ -67,12 +68,32 @@ export class PatchEmailTemplatesEndpoint extends Endpoint<Params, Query, Body, R
                 throw Context.auth.error();
             }
 
+            if (!EmailTemplateStruct.allowPlatformLevel(struct.type) && !organization) {
+                throw Context.auth.error();
+            }
+
             const template = new EmailTemplate()
             template.id = struct.id
             template.organizationId = organization?.id ?? null
             template.webshopId = struct.webshopId
             template.groupId = struct.groupId
 
+            if (struct.groupId) {
+                const group = await Group.getByID(struct.groupId)
+                if (!group || !await Context.auth.canAccessGroup(group, PermissionLevel.Full)) {
+                    throw Context.auth.error();
+                }
+                template.organizationId = group.organizationId
+            }
+
+            if (struct.webshopId) {
+                const webshop = await Webshop.getByID(struct.webshopId)
+                if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+                    throw Context.auth.error();
+                }
+                template.organizationId = webshop.organizationId
+            }
+
             template.html = struct.html
             template.subject = struct.subject
             template.text = struct.text

package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.ts

@@ -1,8 +1,8 @@
 import { AutoEncoderPatchType, Decoder, ObjectData, patchObject } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
 import { SimpleError, SimpleErrors } from '@simonbackx/simple-errors';
-import { Organization, OrganizationRegistrationPeriod, PayconiqPayment, Platform, RegistrationPeriod, StripeAccount, User, Webshop } from '@stamhoofd/models';
-import { BuckarooSettings, OrganizationMetaData, OrganizationPatch, Organization as OrganizationStruct, PayconiqAccount, PaymentMethod, PaymentMethodHelper, PermissionLevel, UserPermissions } from "@stamhoofd/structures";
+import { Organization, OrganizationRegistrationPeriod, PayconiqPayment, Platform, RegistrationPeriod, StripeAccount, Webshop } from '@stamhoofd/models';
+import { BuckarooSettings, OrganizationMetaData, OrganizationPatch, Organization as OrganizationStruct, PayconiqAccount, PaymentMethod, PaymentMethodHelper, PermissionLevel } from "@stamhoofd/structures";
 import { Formatter } from '@stamhoofd/utility';
 
 import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures';
@@ -98,6 +98,7 @@ export class PatchOrganizationEndpoint extends Endpoint<Params, Query, Body, Res
 
             if (request.body.privateMeta && request.body.privateMeta.isPatch()) {
                 organization.privateMeta.emails = request.body.privateMeta.emails.applyTo(organization.privateMeta.emails)
+                organization.privateMeta.premises = patchObject(organization.privateMeta.premises, request.body.privateMeta.premises);
                 organization.privateMeta.roles = request.body.privateMeta.roles.applyTo(organization.privateMeta.roles)
                 organization.privateMeta.responsibilities = request.body.privateMeta.responsibilities.applyTo(organization.privateMeta.responsibilities)
                 organization.privateMeta.inheritedResponsibilityRoles = request.body.privateMeta.inheritedResponsibilityRoles.applyTo(organization.privateMeta.inheritedResponsibilityRoles)

package/src/endpoints/organization/dashboard/organization/SetOrganizationDomainEndpoint.ts

@@ -6,6 +6,7 @@ import NodeRSA from 'node-rsa';
 
 import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures';
 import { Context } from '../../../../helpers/Context';
+import { Formatter } from '@stamhoofd/utility';
 
 type Params = Record<string, never>;
 type Query = undefined;
@@ -98,7 +99,7 @@ export class SetOrganizationDomainEndpoint extends Endpoint<Params, Query, Body,
             organization.privateMeta.dnsRecords = []
 
             if (organization.privateMeta.pendingMailDomain !== null) {
-                const defaultFromDomain = "stamhoofd." + organization.privateMeta.pendingMailDomain;
+                const defaultFromDomain = Formatter.slug(STAMHOOFD.platformName) + "." + organization.privateMeta.pendingMailDomain;
                 if (organization.privateMeta.pendingRegisterDomain === null || !organization.privateMeta.pendingRegisterDomain.endsWith('.' + organization.privateMeta.pendingMailDomain)) {
                     // We set a custom domainname for webshops already
                     // This is not used at this moment
@@ -109,8 +110,7 @@ export class SetOrganizationDomainEndpoint extends Endpoint<Params, Query, Body,
                 }
 
                 if (organization.privateMeta.mailFromDomain !== organization.privateMeta.pendingRegisterDomain) {
-                        
-                    organization.privateMeta.dnsRecords.push(DNSRecord.create({
+                        organization.privateMeta.dnsRecords.push(DNSRecord.create({
                             type: DNSRecordType.CNAME,
                             name: organization.privateMeta.mailFromDomain + ".",
                             // Use shops for mail domain, to allow reuse