@stamhoofd/backend 2.73.3 → 2.75.0

package/src/endpoints/global/events/PatchEventNotificationsEndpoint.ts

@@ -0,0 +1,288 @@
+import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, patchObject, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { Event, EventNotification, RegistrationPeriod, Platform } from '@stamhoofd/models';
+import { EmailTemplateType, EventNotificationStatus, EventNotification as EventNotificationStruct, PermissionLevel, RecordCategory } from '@stamhoofd/structures';
+
+import { isSimpleError, isSimpleErrors, SimpleError } from '@simonbackx/simple-errors';
+import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
+import { Context } from '../../../helpers/Context';
+import { EventNotificationService } from '../../../services/EventNotificationService';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PatchableArrayAutoEncoder<EventNotificationStruct>;
+type ResponseBody = EventNotificationStruct[];
+
+export class PatchEventNotificationsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new PatchableArrayDecoder(EventNotificationStruct as Decoder<EventNotificationStruct>, EventNotificationStruct.patchType() as Decoder<AutoEncoderPatchType<EventNotificationStruct>>, StringDecoder);
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'PATCH') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/event-notifications', {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOptionalOrganizationScope();
+        const { user } = await Context.authenticate();
+
+        if (organization) {
+            if (!await Context.auth.hasSomeAccess(organization.id)) {
+                throw Context.auth.error();
+            }
+        }
+        else {
+            if (!Context.auth.hasSomePlatformAccess()) {
+                throw Context.auth.error();
+            }
+        }
+
+        const notifications: EventNotification[] = [];
+
+        for (const { put } of request.body.getPuts()) {
+            if (put.events.length === 0) {
+                // Required for authentication
+                throw new SimpleError({
+                    code: 'invalid_field',
+                    message: 'At least one event is required',
+                    field: 'events',
+                });
+            }
+
+            const notification = new EventNotification();
+            notification.organizationId = put.organization.id;
+            notification.typeId = put.typeId;
+            const type = await this.validateType(notification);
+
+            const validatedEvents: Event[] = [];
+
+            for (const [index, event] of put.events.entries()) {
+                const model = await Event.getByID(event.id);
+                if (!model || model.organizationId !== notification.organizationId) {
+                    throw new SimpleError({
+                        code: 'invalid_field',
+                        message: 'Invalid event',
+                        human: 'Dit evenement bestaat niet of is niet van jouw organisatie',
+                        field: 'events',
+                    });
+                }
+                if (!await Context.auth.canAccessEvent(model)) {
+                    throw Context.auth.error('Cannot access event');
+                }
+                validatedEvents.push(model);
+
+                if (index === 0) {
+                    notification.startDate = model.startDate;
+                    notification.endDate = model.endDate;
+                    const period = await RegistrationPeriod.getByDate(event.startDate);
+
+                    if (!period) {
+                        throw new SimpleError({
+                            code: 'invalid_period',
+                            message: 'No period found for this start date',
+                            human: Context.i18n.$t('5959a6a9-064a-413c-871f-c74a145ed569'),
+                            field: 'startDate',
+                        });
+                    }
+
+                    if (period.locked) {
+                        throw new SimpleError({
+                            code: 'invalid_period',
+                            message: 'Period is locked',
+                            human: Context.i18n.$t('97616151-90c3-4644-8854-e228c4f355f5'),
+                            field: 'startDate',
+                        });
+                    }
+
+                    notification.periodId = period.id;
+                }
+                else {
+                    await this.validateEventDate(notification, model);
+                }
+            }
+
+            notification.recordAnswers = put.recordAnswers;
+            await EventNotificationService.cleanAnswers(notification);
+            notification.createdBy = user.id;
+            notification.status = EventNotificationStatus.Draft;
+
+            // More + validation
+
+            await notification.save();
+
+            // Link events
+            await EventNotification.events.link(notification, validatedEvents);
+
+            notifications.push(notification);
+        }
+
+        const patchingNotifications = await EventNotification.getByIDs(...request.body.getPatches().map(p => p.id));
+
+        for (const patch of request.body.getPatches()) {
+            const notification = patchingNotifications.find(e => e.id === patch.id);
+
+            if (!notification) {
+                throw new SimpleError({
+                    code: 'not_found',
+                    message: 'EventNotification not found',
+                    human: Context.i18n.$t('a0c39573-d44e-4ac0-aaeb-f9062fa1b3ce'),
+                });
+            }
+
+            let requiredPermissionLevel = PermissionLevel.Write;
+
+            if (
+                notification.status === EventNotificationStatus.Pending
+                || notification.status === EventNotificationStatus.Accepted
+                || (patch.status && patch.status !== EventNotificationStatus.Pending)
+                || patch.feedbackText !== undefined
+            ) {
+                requiredPermissionLevel = PermissionLevel.Full;
+            }
+
+            if (!await Context.auth.canAccessEventNotification(notification, requiredPermissionLevel)) {
+                // Requires `OrganizationEventNotificationReviewer` access right for the organization
+                if (notification.status === EventNotificationStatus.Pending) {
+                    throw Context.auth.error(Context.i18n.$t('c5dcd14a-868e-4eba-a5dd-409932e44ce9'));
+                }
+                if (notification.status === EventNotificationStatus.Accepted) {
+                    throw Context.auth.error(Context.i18n.$t('289e2f29-cdc9-4f44-92de-d7188d6563d7'));
+                }
+                throw Context.auth.error(Context.i18n.$t('b47ce42b-ac72-451e-b871-deb07d93b5fa'));
+            }
+
+            const period = await RegistrationPeriod.getByID(notification.periodId);
+            if (!period) {
+                throw new SimpleError({
+                    code: 'not_found',
+                    message: 'Period not found',
+                    human: Context.i18n.$t('16a3b696-f8da-4b2b-94b7-49c85ee1c38c'),
+                });
+            }
+
+            if (period.locked) {
+                throw new SimpleError({
+                    code: 'invalid_period',
+                    message: 'Period is locked',
+                    human: Context.i18n.$t('43cc054d-cf2f-432b-9259-e7764dc929e3'),
+                });
+            }
+
+            // Save answers
+            notification.recordAnswers = patchObject(notification.recordAnswers, patch.recordAnswers);
+            if (patch.recordAnswers?.size) {
+                await EventNotificationService.cleanAnswers(notification);
+            }
+            notification.feedbackText = patchObject(notification.feedbackText, patch.feedbackText);
+
+            if (patch.status && patch.status !== notification.status) {
+                if (patch.status !== EventNotificationStatus.Rejected && patch.status !== EventNotificationStatus.Draft) {
+                    // Only allowed if complete
+                    await this.validateAnswers(notification);
+                }
+                notification.status = patch.status; // checks already happened
+                if (patch.status === EventNotificationStatus.Pending) {
+                    notification.submittedBy = user.id;
+                    notification.submittedAt = new Date();
+                }
+
+                if (patch.status === EventNotificationStatus.Pending) {
+                    await EventNotificationService.sendSubmitterEmail(EmailTemplateType.EventNotificationSubmittedCopy, notification);
+                    await EventNotificationService.sendReviewerEmail(EmailTemplateType.EventNotificationSubmittedReviewer, notification);
+                }
+
+                if (patch.status === EventNotificationStatus.Accepted) {
+                    await EventNotificationService.sendSubmitterEmail(EmailTemplateType.EventNotificationAccepted, notification);
+                }
+
+                if (patch.status === EventNotificationStatus.Rejected) {
+                    await EventNotificationService.sendSubmitterEmail(EmailTemplateType.EventNotificationRejected, notification);
+                }
+            }
+
+            await notification.save();
+            notifications.push(notification);
+        }
+
+        for (const id of request.body.getDeletes()) {
+            const notification = await EventNotification.getByID(id);
+
+            if (!notification) {
+                throw new SimpleError({
+                    code: 'not_found',
+                    message: 'EventNotification not found',
+                    human: Context.i18n.$t('a0c39573-d44e-4ac0-aaeb-f9062fa1b3ce'),
+                });
+            }
+
+            if (!await Context.auth.canAccessEventNotification(notification, PermissionLevel.Full)) {
+                throw Context.auth.error();
+            }
+
+            await notification.delete();
+        }
+
+        const structures = await AuthenticatedStructures.eventNotifications(notifications);
+        return new Response(
+            structures,
+        );
+    }
+
+    async validateType(notification: EventNotification) {
+        const platform = await Platform.getSharedPrivateStruct();
+        const type = platform.config.eventNotificationTypes.find(t => t.id === notification.typeId);
+
+        if (!type) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                message: 'Invalid type',
+                human: Context.i18n.$t('4d8be2b1-559a-4c16-a76f-67a8ba85de7f'),
+                field: 'typeId',
+            });
+        }
+
+        return type;
+    }
+
+    async validateAnswers(notification: EventNotification) {
+        const type = await this.validateType(notification);
+        const struct = await AuthenticatedStructures.eventNotification(notification);
+
+        try {
+            RecordCategory.validate(type.recordCategories, struct);
+        }
+        catch (e) {
+            if (isSimpleError(e) || isSimpleErrors(e)) {
+                e.addNamespace('recordAnswers');
+            }
+            throw e;
+        }
+    }
+
+    async validateEventDate(notification: EventNotification, event: Event) {
+        if (notification.startDate !== event.startDate) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                message: 'Invalid start date',
+                human: Context.i18n.$t('daa3726b-9b63-4f36-b41b-8f25d1b89cf4'),
+                field: 'startDate',
+            });
+        }
+
+        if (notification.endDate !== event.endDate) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                message: 'Invalid end date',
+                human: Context.i18n.$t('d326210d-ecc0-421c-b38b-d12ae0209420'),
+                field: 'endDate',
+            });
+        }
+    }
+}

package/src/endpoints/global/events/PatchEventsEndpoint.ts

@@ -11,7 +11,7 @@ import { Context } from '../../../helpers/Context';
 import { AuditLogService } from '../../../services/AuditLogService';
 import { PatchOrganizationRegistrationPeriodsEndpoint } from '../../organization/dashboard/registration-periods/PatchOrganizationRegistrationPeriodsEndpoint';
 
-type Params = { id: string };
+type Params = Record<string, never>;
 type Query = undefined;
 type Body = PatchableArrayAutoEncoder<EventStruct>;
 type ResponseBody = EventStruct[];
@@ -24,7 +24,7 @@ export class PatchEventsEndpoint extends Endpoint<Params, Query, Body, ResponseB
             return [false];
         }
 
-        const params = Endpoint.parseParameters(request.url, '/events', { id: String });
+        const params = Endpoint.parseParameters(request.url, '/events', {});
 
         if (params) {
             return [true, params as Params];

package/src/endpoints/global/files/UploadFile.ts

@@ -9,9 +9,14 @@ import { v4 as uuidv4 } from 'uuid';
 
 import { Context } from '../../../helpers/Context';
 import { limiter } from './UploadImage';
+import { AutoEncoder, BooleanDecoder, Decoder, field } from '@simonbackx/simple-encoding';
 
 type Params = Record<string, never>;
-type Query = Record<string, never>;
+class Query extends AutoEncoder {
+    @field({ decoder: BooleanDecoder, optional: true, field: 'private' })
+    isPrivate: boolean = false;
+}
+
 type Body = undefined;
 type ResponseBody = File;
 
@@ -33,6 +38,8 @@ interface FormidableFile {
 }
 
 export class UploadFile extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>;
+
     protected doesMatch(request: Request): [true, Params] | [false] {
         if (request.method !== 'POST') {
             return [false];
@@ -121,15 +128,47 @@ export class UploadFile extends Endpoint<Params, Query, Body, ResponseBody> {
 
         // Also include the source, in private mode
         const fileId = uuidv4();
-        const uploadExt = file.mimetype == 'application/pdf' ? 'pdf' : 'pdf';
+        let uploadExt = '';
+
+        switch (file.mimetype?.toLocaleLowerCase()) {
+            case 'image/jpeg':
+            case 'image/jpg':
+                uploadExt = 'jpg';
+                break;
+            case 'image/png':
+                uploadExt = 'png';
+                break;
+            case 'image/gif':
+                uploadExt = 'gif';
+                break;
+            case 'image/webp':
+                uploadExt = 'webp';
+                break;
+            case 'image/svg+xml':
+                uploadExt = 'svg';
+                break;
+            case 'application/pdf':
+                uploadExt = 'pdf';
+                break;
+            case 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet':
+            case 'application/vnd.ms-excel':
+                uploadExt = 'xlsx';
+                break;
+
+            case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document':
+            case 'application/msword':
+                uploadExt = 'docx';
+                break;
+        }
+
         const filenameWithoutExt = file.originalFilename?.split('.').slice(0, -1).join('.') ?? fileId;
-        const key = prefix + (STAMHOOFD.environment ?? 'development') + '/' + fileId + '/' + (Formatter.slug(filenameWithoutExt) + '.' + uploadExt);
+        const key = prefix + (STAMHOOFD.environment ?? 'development') + '/' + fileId + '/' + (Formatter.slug(filenameWithoutExt) + (uploadExt ? ('.' + uploadExt) : ''));
         const params = {
             Bucket: STAMHOOFD.SPACES_BUCKET,
             Key: key,
             Body: fileContent, // TODO
             ContentType: file.mimetype ?? 'application/pdf',
-            ACL: 'public-read',
+            ACL: request.query.isPrivate ? 'private' : 'public-read',
         };
 
         const fileStruct = new File({
@@ -138,8 +177,21 @@ export class UploadFile extends Endpoint<Params, Query, Body, ResponseBody> {
             path: key,
             size: fileContent.length,
             name: file.originalFilename,
+            isPrivate: request.query.isPrivate,
         });
 
+        // Generate an upload signature for this file if it is private
+        if (request.query.isPrivate) {
+            if (!await fileStruct.sign()) {
+                throw new SimpleError({
+                    code: 'failed_to_sign',
+                    message: 'Failed to sign file',
+                    human: $t('Er ging iet mis bij het uploaden van jouw bestand. Probeer het later opnieuw (foutcode: SIGN).'),
+                    statusCode: 500,
+                });
+            }
+        }
+
         await s3.putObject(params).promise();
 
         return new Response(fileStruct);

package/src/endpoints/global/files/UploadImage.ts

@@ -1,4 +1,4 @@
-import { Decoder, ObjectData } from '@simonbackx/simple-encoding';
+import { AutoEncoder, BooleanDecoder, Decoder, field, ObjectData } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
 import { Image, RateLimiter } from '@stamhoofd/models';
@@ -9,7 +9,10 @@ import { promises as fs } from 'fs';
 import { Context } from '../../../helpers/Context';
 
 type Params = Record<string, never>;
-type Query = Record<string, never>;
+class Query extends AutoEncoder {
+    @field({ decoder: BooleanDecoder, optional: true, field: 'private' })
+    isPrivate: boolean = false;
+}
 type Body = undefined;
 type ResponseBody = ImageStruct;
 
@@ -41,6 +44,8 @@ export const limiter = new RateLimiter({
 });
 
 export class UploadImage extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>;
+
     protected doesMatch(request: Request): [true, Params] | [false] {
         if (request.method !== 'POST') {
             return [false];
@@ -114,6 +119,7 @@ export class UploadImage extends Endpoint<Params, Query, Body, ResponseBody> {
                     }));
                     return;
                 }
+
                 try {
                     const resolutions = new ObjectData(JSON.parse(fields.resolutions[0]), { version: request.request.getVersion() }).array(ResolutionRequest as Decoder<ResolutionRequest>);
                     resolve([files.file[0], resolutions]);
@@ -125,7 +131,7 @@ export class UploadImage extends Endpoint<Params, Query, Body, ResponseBody> {
         });
 
         const fileContent = await fs.readFile(file.filepath);
-        const image = await Image.create(fileContent, file.mimetype ?? undefined, resolutions);
+        const image = await Image.create(fileContent, file.mimetype ?? undefined, resolutions, request.query.isPrivate);
         return new Response(ImageStruct.create(image));
     }
 }

package/src/endpoints/global/members/GetMembersEndpoint.ts

@@ -2,7 +2,7 @@ import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
 import { Member, Platform } from '@stamhoofd/models';
-import { SQL, compileToSQLFilter, compileToSQLSorter } from '@stamhoofd/sql';
+import { SQL, compileToSQLFilter, applySQLSorter } from '@stamhoofd/sql';
 import { CountFilteredRequest, Country, CountryCode, LimitedFilteredRequest, MembersBlob, PaginatedResponse, PermissionLevel, StamhoofdFilter, assertSort, getSortFilter } from '@stamhoofd/structures';
 import { DataValidator } from '@stamhoofd/utility';
 
@@ -231,7 +231,7 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
             }
 
             q.sort = assertSort(q.sort, [{ key: 'id' }]);
-            query.orderBy(compileToSQLSorter(q.sort, sorters));
+            applySQLSorter(query, q.sort, sorters);
             query.limit(q.limit);
         }
 

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -428,7 +428,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                         throw new SimpleError({
                             code: 'invalid_field',
                             message: 'Invalid period',
-                            human: Context.i18n.$t(`Je kan geen aansluitingen meer toevoegen in dit werkjaar`),
+                            human: Context.i18n.$t(`62103514-05f5-4dc0-a5cc-c9321f21c63d`),
                             field: 'periodId',
                         });
                     }
@@ -437,7 +437,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                         throw new SimpleError({
                             code: 'invalid_field',
                             message: 'Invalid period',
-                            human: Context.i18n.$t(`Je kan geen aansluitingen meer toevoegen in {period} (vergrendeld)`, { period: period?.getBaseStructure().name }),
+                            human: Context.i18n.$t(`745f5355-3398-406d-842e-5c9f7a700e91`, { period: period?.getBaseStructure().name }),
                             field: 'periodId',
                         });
                     }
@@ -532,6 +532,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                 membership.startDate = new Date(Math.max(Date.now(), put.startDate.getTime()));
                 membership.endDate = put.endDate;
                 membership.expireDate = put.expireDate;
+                membership.locked = put.locked;
 
                 await membership.calculatePrice(member);
                 await membership.save();
@@ -563,7 +564,7 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                         throw new SimpleError({
                             code: 'invalid_field',
                             message: 'Invalid period',
-                            human: Context.i18n.$t(`Je kan geen aansluitingen meer verwijderen in dit werkjaar`),
+                            human: Context.i18n.$t(`1f1d657d-bc73-4cae-9025-b3ec67a705e7`),
                             field: 'periodId',
                         });
                     }
@@ -572,13 +573,21 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                         throw new SimpleError({
                             code: 'invalid_field',
                             message: 'Invalid period',
-                            human: Context.i18n.$t(`Je kan geen aansluitingen meer verwijderen in {period} (vergrendeld)`, { period: period?.getBaseStructure().name }),
+                            human: Context.i18n.$t(`2e615670-813a-414f-b06c-f76136891bf8`, { period: period?.getBaseStructure().name }),
                             field: 'periodId',
                         });
                     }
                 }
 
-                if (!membership.canDelete() && !Context.auth.hasPlatformFullAccess()) {
+                if (!membership.canDelete(Context.auth.hasPlatformFullAccess())) {
+                    if (membership.locked) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'Invalid invoice',
+                            human: 'Je kan geen aansluiting verwijderen die vergrendeld is',
+                        });
+                    }
+
                     throw new SimpleError({
                         code: 'invalid_field',
                         message: 'Invalid invoice',

package/src/endpoints/global/platform/GetPlatformAdminsEndpoint.ts

@@ -32,11 +32,7 @@ export class GetPlatformAdminsEndpoint extends Endpoint<Params, Query, Body, Res
         }
 
         // Get all admins
-        let admins = await User.where({ organizationId: null, permissions: { sign: '!=', value: null } });
-
-        // Hide api accounts
-        admins = admins.filter(a => !a.isApiUser);
-        admins = admins.filter(a => !!a.permissions?.globalPermissions);
+        const admins = await User.getPlatformAdmins();
 
         return new Response(
             await AuthenticatedStructures.usersWithMembers(admins),

package/src/endpoints/global/platform/PatchPlatformEnpoint.ts

@@ -154,6 +154,13 @@ export class PatchPlatformEndpoint extends Endpoint<
                     message: 'Invalid period',
                 });
             }
+            if (period.locked) {
+                throw new SimpleError({
+                    code: 'cannot_set_locked_period',
+                    message: 'Platform period cannot be set to a locked period',
+                    human: 'Er kan niet overgeschakeld worden naar een vergrendeld werkjaar',
+                });
+            }
             platform.periodId = period.id;
             shouldUpdateSetupSteps = true;
             shouldMoveToPeriod = period;

package/src/endpoints/global/registration/GetUserDocumentsEndpoint.ts

@@ -12,7 +12,7 @@ type ResponseBody = DocumentStruct[];
 /**
  * Get the members of the user
  */
-export class GetUserMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+export class GetUserDocumentsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
     protected doesMatch(request: Request): [true, Params] | [false] {
         if (request.method !== 'GET') {
             return [false];