@stamhoofd/backend 2.78.4 → 2.79.0

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts

@@ -1,9 +1,9 @@
 import { OneToManyRelation } from '@simonbackx/simple-database';
-import { ConvertArrayToPatchableArray, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { AutoEncoderPatchType, ConvertArrayToPatchableArray, Decoder, isEmptyPatch, isPatchableArray, PatchableArray, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
 import { AuditLog, BalanceItem, Document, Group, Member, MemberFactory, MemberPlatformMembership, MemberResponsibilityRecord, MemberWithRegistrations, mergeTwoMembers, Organization, Platform, RateLimiter, Registration, RegistrationPeriod, User } from '@stamhoofd/models';
-import { AuditLogReplacement, AuditLogReplacementType, AuditLogSource, AuditLogType, GroupType, MembersBlob, MemberWithRegistrationsBlob, PermissionLevel } from '@stamhoofd/structures';
+import { AuditLogReplacement, AuditLogReplacementType, AuditLogSource, AuditLogType, EmergencyContact, GroupType, MemberDetails, MemberResponsibility, MembersBlob, MemberWithRegistrationsBlob, Parent, PermissionLevel } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 
 import { Email } from '@stamhoofd/email';
@@ -207,6 +207,11 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
 
             await member.save();
 
+            // If parents changed or emergeny contacts: fetch family and merge data
+            if (patch.details && (!isEmptyPatch(patch.details?.parents) || !isEmptyPatch(patch.details?.emergencyContacts))) {
+                await PatchOrganizationMembersEndpoint.mergeDuplicateRelations(member, patch.details);
+            }
+
             // Update documents
             await Document.updateForMember(member.id);
 
@@ -257,6 +262,11 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
                     responsibilityRecord.startDate = patchResponsibility.startDate;
                 }
 
+                // Check maximum
+                if (responsibility) {
+                    await this.checkResponsbilityLimits(responsibilityRecord, responsibility);
+                }
+
                 await responsibilityRecord.save();
                 shouldUpdateSetupSteps = true;
             }
@@ -389,6 +399,9 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
 
                 model.startDate = put.startDate;
 
+                // Check maximum
+                await this.checkResponsbilityLimits(model, responsibility);
+
                 await model.save();
                 shouldUpdateSetupSteps = true;
             }
@@ -731,6 +744,129 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
         }
     }
 
+    static async mergeDuplicateRelations(member: MemberWithRegistrations, patch: AutoEncoderPatchType<MemberDetails> | MemberDetails) {
+        const _familyMembers = await Member.getFamilyWithRegistrations(member.id);
+        const familyMembers: typeof _familyMembers = [];
+        // Only modify members if we have write access to them (this avoids issues with overriding data)
+        for (const member of _familyMembers) {
+            if (await Context.auth.canAccessMember(member, PermissionLevel.Write)) {
+                familyMembers.push(member);
+            }
+        }
+
+        // Replace member with member
+        const memberIndex = familyMembers.findIndex(m => m.id === member.id);
+        if (memberIndex !== -1 && familyMembers.length >= 2) {
+            familyMembers[memberIndex] = member;
+            const parentMergeMap = MemberDetails.mergeParents(
+                familyMembers.map(m => m.details),
+                true, // Allow deletes
+            );
+            const contactsMergeMap = MemberDetails.mergeEmergencyContacts(
+                familyMembers.map(m => m.details),
+                true, // Allow deletes
+            );
+
+            // If there were patches or puts of parents or emergency contacts
+            // Make sure that those patches have been applied even after a potential merge
+            // E.g. you only changed the email, but there was a more recent parent object in a different member
+            // -> avoid losing the email change
+            const parentPatches = isPatchableArray(patch.parents) ? patch.parents.getPatches() : [];
+
+            // Add puts
+            const parentPuts = isPatchableArray(patch.parents) ? patch.parents.getPuts().map(p => p.put) : patch.parents;
+            for (const put of parentPuts) {
+                if (!parentMergeMap.get(put.id)) {
+                    // This one has not been merged
+                    continue;
+                }
+
+                const alternativeEmailsArr = new PatchableArray() as PatchableArray<string, string, string>;
+                for (const alternativeEmail of put.alternativeEmails) {
+                    alternativeEmailsArr.addPut(alternativeEmail);
+                }
+
+                const p = Parent.patch({
+                    ...put,
+                    alternativeEmails: alternativeEmailsArr,
+                    createdAt: undefined, // Not allowed to change (should have already happened + the merge method will already chose the right value)
+                    updatedAt: undefined, // Not allowed to change (should have already happened + the merge method will already chose the right value)
+                });
+
+                // Delete null values or empty strings
+                for (const key in p) {
+                    if (p[key] === null || p[key] === '') {
+                        delete p[key];
+                    }
+                }
+
+                parentPatches.push(p);
+            }
+
+            // Same for emergency contacts
+            const contactsPatches = isPatchableArray(patch.emergencyContacts) ? patch.emergencyContacts.getPatches() : [];
+
+            // Add puts
+            const contactsPuts = isPatchableArray(patch.emergencyContacts) ? patch.emergencyContacts.getPuts().map(p => p.put) : patch.emergencyContacts;
+            for (const put of contactsPuts) {
+                if (!contactsMergeMap.get(put.id)) {
+                    // This one has not been merged
+                    continue;
+                }
+                const p = EmergencyContact.patch({
+                    ...put,
+                    createdAt: undefined, // Not allowed to change (should have already happened + the merge method will already chose the right value)
+                    updatedAt: undefined, // Not allowed to change (should have already happened + the merge method will already chose the right value)
+                });
+
+                // Delete null values or empty strings
+                for (const key in p) {
+                    if (p[key] === null || p[key] === '') {
+                        delete p[key];
+                    }
+                }
+
+                contactsPatches.push(p);
+            }
+
+            // Apply patches
+            for (const parentPatch of parentPatches) {
+                for (const m of familyMembers) {
+                    const arr = new PatchableArray() as PatchableArrayAutoEncoder<Parent>;
+                    parentPatch.id = parentMergeMap.get(parentPatch.id) ?? parentPatch.id;
+                    arr.addPatch(parentPatch);
+                    m.details = m.details.patch({
+                        parents: arr,
+                    });
+                }
+            }
+
+            // Apply patches
+            for (const contactPatch of contactsPatches) {
+                for (const m of familyMembers) {
+                    const arr = new PatchableArray() as PatchableArrayAutoEncoder<EmergencyContact>;
+                    contactPatch.id = contactsMergeMap.get(contactPatch.id) ?? contactPatch.id;
+                    arr.addPatch(contactPatch);
+                    m.details = m.details.patch({
+                        emergencyContacts: arr,
+                    });
+                }
+            }
+
+            for (const m of familyMembers) {
+                m.details.cleanData();
+
+                if (await m.save() && m.id !== member.id) {
+                    // Auto link users based on data
+                    await MemberUserSyncer.onChangeMember(m);
+
+                    // Update documents
+                    await Document.updateForMember(m.id);
+                }
+            }
+        }
+    }
+
     static async findExistingMember(member: Member) {
         if (!member.details.birthDay) {
             return;
@@ -863,4 +999,41 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
             organization,
         }).createMultiple(count);
     }
+
+    async checkResponsbilityLimits(model: MemberResponsibilityRecord, responsibility: MemberResponsibility) {
+        if (responsibility.maximumMembers !== null) {
+            if (!model.getBaseStructure().isActive) {
+                return;
+            }
+
+            const query = MemberResponsibilityRecord.select()
+                .where('responsibilityId', responsibility.id)
+                .andWhere('organizationId', model.organizationId)
+                .andWhere('groupId', model.groupId)
+                .andWhere(MemberResponsibilityRecord.whereActive);
+
+            if (model.existsInDatabase) {
+                query.andWhere('id', '!=', model.id);
+            }
+
+            const count = (await query.count()) + 1;
+
+            // Because it should be possible to move around responsibilities, we allow 1 extra
+            const actualLimit = responsibility.maximumMembers <= 1 ? 2 : responsibility.maximumMembers;
+
+            if (count > actualLimit) {
+                throw new SimpleError({
+                    code: 'invalid_field',
+                    message: 'Maximum members reached',
+                    human: responsibility.maximumMembers === 1
+                        ? (model.groupId
+                                ? $t('Je kan maar één lid hebben met de functie {responsibility} in deze leeftijdsgroep', { responsibility: responsibility.name })
+                                : $t('Je kan maar één lid hebben met de functie {responsibility}', { responsibility: responsibility.name }))
+                        : (model.groupId
+                                ? $t('Je kan maximum {count} leden hebben met de functie {responsibility} in deze leeftijdsgroep', { count: responsibility.maximumMembers.toFixed(), responsibility: responsibility.name })
+                                : $t('Je kan maximum {count} leden hebben met de functie {responsibility}', { count: responsibility.maximumMembers.toFixed(), responsibility: responsibility.name })),
+                });
+            }
+        }
+    }
 }

package/src/endpoints/global/platform/PatchPlatformEnpoint.ts

@@ -49,7 +49,7 @@ export class PatchPlatformEndpoint extends Endpoint<
             throw Context.auth.error();
         }
 
-        const platform = await Platform.getShared();
+        const platform = await Platform.getForEditing();
         let shouldUpdateUserPermissions = false;
 
         if (request.body.privateConfig) {

package/src/endpoints/global/registration/PatchUserMembersEndpoint.test.ts

@@ -295,7 +295,7 @@ describe('Endpoint.PatchUserMembersEndpoint', () => {
                 ],
             });
 
-            const platform = await Platform.getShared();
+            const platform = await Platform.getForEditing();
             platform.config.recordsConfiguration.recordCategories.push(recordCategory);
             await platform.save();
 
@@ -355,7 +355,7 @@ describe('Endpoint.PatchUserMembersEndpoint', () => {
                 ],
             });
 
-            const platform = await Platform.getShared();
+            const platform = await Platform.getForEditing();
             platform.config.recordsConfiguration.recordCategories.push(recordCategory);
             await platform.save();
 

package/src/endpoints/global/registration/PatchUserMembersEndpoint.ts

@@ -1,4 +1,4 @@
-import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { AutoEncoderPatchType, Decoder, isEmptyPatch, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
 import { Document, Member, RateLimiter } from '@stamhoofd/models';
@@ -124,6 +124,12 @@ export class PatchUserMembersEndpoint extends Endpoint<Params, Query, Body, Resp
             }
 
             await member.save();
+
+            // If parents changed or emergeny contacts: fetch family and merge data
+            if (struct.details && (!isEmptyPatch(struct.details?.parents) || !isEmptyPatch(struct.details?.emergencyContacts))) {
+                await PatchOrganizationMembersEndpoint.mergeDuplicateRelations(member, struct.details);
+            }
+
             await MemberUserSyncer.onChangeMember(member);
 
             // Update documents

package/src/endpoints/global/registration/RegisterMembersEndpoint.test.ts

@@ -33,10 +33,8 @@ describe('Endpoint.RegisterMembers', () => {
         period = await new RegistrationPeriodFactory({
             startDate: new Date(2023, 0, 1),
             endDate: new Date(2023, 11, 31),
+            previousPeriodId: previousPeriod.id,
         }).create();
-
-        period.previousPeriodId = previousPeriod.id;
-        await period.save();
     });
 
     afterEach(() => {
@@ -2199,34 +2197,16 @@ describe('Endpoint.RegisterMembers', () => {
                 groupPrice: groupPrice1,
             }).create();
 
-            const group2 = await new GroupFactory({
-                organization,
-                price: 30,
-                stock: 5,
-            }).create();
-
-            const groupPrice = group2.settings.prices[0];
-
             const body = IDRegisterCheckout.create({
                 cart: IDRegisterCart.create({
-                    items: [
-                        IDRegisterItem.create({
-                            id: uuidv4(),
-                            replaceRegistrationIds: [],
-                            options: [],
-                            groupPrice,
-                            organizationId: organization.id,
-                            groupId: group2.id,
-                            memberId: member.id,
-                        }),
-                    ],
+                    items: [],
                     balanceItems: [],
                     deleteRegistrationIds: [registration.id],
                 }),
                 administrationFee: 0,
                 freeContribution: 0,
                 paymentMethod: PaymentMethod.PointOfSale,
-                totalPrice: 30,
+                totalPrice: 0,
                 customer: null,
                 asOrganizationId: organization.id,
             });

package/src/endpoints/global/registration/RegisterMembersEndpoint.ts

@@ -241,6 +241,18 @@ export class RegisterMembersEndpoint extends Endpoint<Params, Query, Body, Respo
                 });
             }
 
+            if (request.body.asOrganizationId) {
+                // Do you have write access to this group?
+                if (!await Context.auth.canRegisterMembersInGroup(group, request.body.asOrganizationId)) {
+                    throw new SimpleError({
+                        code: 'forbidden',
+                        message: 'No permission to register in this group',
+                        human: $t('Je hebt geen toegangsrechten om een lid in te schrijven voor {group}', { group: group.settings.name }),
+                        statusCode: 403,
+                    });
+                }
+            }
+
             // Check if this member is already registered in this group?
             const existingRegistrations = await Registration.where({ memberId: member.id, groupId: item.groupId, cycle: group.cycle, periodId: group.periodId, registeredAt: { sign: '!=', value: null } });
 

package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.ts

@@ -285,7 +285,7 @@ export class PatchOrganizationEndpoint extends Endpoint<Params, Query, Body, Res
                         tags: request.body.meta.tags as any,
                     });
 
-                    const platform: Platform = await Platform.getShared();
+                    const platform = await Platform.getShared();
                     const patchedMeta: OrganizationMetaData = organization.meta.patch(cleanedPatch);
                     for (const tag of patchedMeta.tags) {
                         if (!platform.config.tags.find(t => t.id === tag)) {
@@ -293,8 +293,7 @@ export class PatchOrganizationEndpoint extends Endpoint<Params, Query, Body, Res
                         }
                     }
 
-                    const platformConfig: PlatformConfig = platform.config;
-                    organization.meta.tags = TagHelper.getAllTagsFromHierarchy(patchedMeta.tags, platformConfig.tags);
+                    organization.meta.tags = TagHelper.getAllTagsFromHierarchy(patchedMeta.tags, platform.config.tags);
 
                     updateTags = true;
                 }

package/src/endpoints/organization/dashboard/registration-periods/GetOrganizationRegistrationPeriodsEndpoint.test.ts

@@ -0,0 +1,164 @@
+import { Request } from '@simonbackx/simple-endpoints';
+import { GroupFactory, Organization, OrganizationFactory, OrganizationRegistrationPeriodFactory, RegistrationPeriod, RegistrationPeriodFactory, Token, UserFactory } from '@stamhoofd/models';
+import { GroupType, PermissionLevel, Permissions, Version } from '@stamhoofd/structures';
+import { testServer } from '../../../../../tests/helpers/TestServer';
+import { PatchRegistrationPeriodsEndpoint } from './GetOrganizationRegistrationPeriodsEndpoint';
+
+const baseUrl = `/v${Version}/organization/registration-periods`;
+
+describe('Endpoint.GetOrganizationRegistrationPeriods', () => {
+    const endpoint = new PatchRegistrationPeriodsEndpoint();
+
+    let registrationPeriod1: RegistrationPeriod;
+    let registrationPeriod2: RegistrationPeriod;
+
+    const get = async (organization: Organization, token: Token) => {
+        const request = Request.buildJson('GET', baseUrl, organization.getApiHost());
+        request.headers.authorization = 'Bearer ' + token.accessToken;
+        return await testServer.test(endpoint, request);
+    };
+
+    beforeAll(async () => {
+        registrationPeriod2 = await new RegistrationPeriodFactory({
+            startDate: new Date(2022, 0, 1),
+            endDate: new Date(2022, 11, 31),
+        }).create();
+
+        registrationPeriod1 = await new RegistrationPeriodFactory({
+            startDate: new Date(2023, 0, 1),
+            endDate: new Date(2023, 11, 31),
+            previousPeriodId: registrationPeriod2.id,
+        }).create();
+    });
+
+    const initOrganization = async (registrationPeriod: RegistrationPeriod) => {
+        return await new OrganizationFactory({ period: registrationPeriod })
+            .create();
+    };
+
+    describe('groups', () => {
+        test('Should contain waiting lists', async () => {
+            // arrange
+            const organization = await initOrganization(registrationPeriod1);
+            await new OrganizationRegistrationPeriodFactory({
+                organization,
+                period: registrationPeriod1,
+            }).create();
+
+            const user = await new UserFactory({
+                organization,
+                permissions: Permissions.create({
+                    level: PermissionLevel.Full,
+                }),
+            })
+                .create();
+            const token = await Token.createToken(user);
+
+            const otherOrganization = await initOrganization(registrationPeriod1);
+
+            const waitingList1 = await new GroupFactory({
+                organization,
+                type: GroupType.WaitingList,
+            }).create();
+
+            const waitingList2 = await new GroupFactory({
+                organization,
+                type: GroupType.WaitingList,
+            }).create();
+
+            // waiting list of other organization
+            await new GroupFactory({
+                organization: otherOrganization,
+                type: GroupType.WaitingList,
+            }).create();
+
+            const groupWithWaitingList = await new GroupFactory({
+                organization,
+            }).create();
+
+            groupWithWaitingList.waitingListId = waitingList1.id;
+            await groupWithWaitingList.save();
+
+            // act
+            const result = await get(organization, token);
+
+            // assert
+            expect(result.body).toBeDefined();
+            expect(result.body.organizationPeriods.length).toBe(1);
+            const organizationPeriod = result.body.organizationPeriods[0];
+            const groups = organizationPeriod.groups;
+            expect(groups.length).toBe(3);
+            expect(groups).toEqual(expect.arrayContaining([
+                expect.objectContaining({
+                    id: groupWithWaitingList.id,
+                }),
+                expect.objectContaining({
+                    id: waitingList1.id,
+                }),
+                expect.objectContaining({
+                    id: waitingList2.id,
+                }),
+            ]));
+            expect(organizationPeriod.waitingLists.length).toBe(2);
+        });
+
+        test('Should contain only groups of the organization registration period', async () => {
+            // arrange
+            const organization = await initOrganization(registrationPeriod1);
+            await new OrganizationRegistrationPeriodFactory({
+                organization,
+                period: registrationPeriod1,
+            }).create();
+
+            const user = await new UserFactory({
+                organization,
+                permissions: Permissions.create({
+                    level: PermissionLevel.Full,
+                }),
+            })
+                .create();
+
+            const token = await Token.createToken(user);
+
+            const group1 = await new GroupFactory({
+                organization,
+                period: registrationPeriod1,
+            }).create();
+
+            const group2 = await new GroupFactory({
+                organization,
+                period: registrationPeriod1,
+            }).create();
+
+            // group list of other organization
+            const otherOrganization = await initOrganization(registrationPeriod1);
+
+            await new GroupFactory({
+                organization: otherOrganization,
+            }).create();
+
+            // group of other period
+            await new GroupFactory({
+                organization,
+                period: registrationPeriod2,
+            }).create();
+
+            // act
+            const result = await get(organization, token);
+
+            // assert
+            expect(result.body).toBeDefined();
+            expect(result.body.organizationPeriods.length).toBe(1);
+            const groups = result.body.organizationPeriods[0].groups;
+            expect(groups.length).toBe(2);
+            expect(groups).toEqual(expect.arrayContaining([
+                expect.objectContaining({
+                    id: group1.id,
+                }),
+                expect.objectContaining({
+                    id: group2.id,
+                }),
+            ]));
+        });
+    });
+});

package/src/helpers/AdminPermissionChecker.ts

@@ -1,7 +1,7 @@
 import { AutoEncoderPatchType, PatchMap } from '@simonbackx/simple-encoding';
 import { isSimpleError, isSimpleErrors, SimpleError } from '@simonbackx/simple-errors';
 import { BalanceItem, CachedBalance, Document, EmailTemplate, Event, EventNotification, Group, Member, MemberPlatformMembership, MemberWithRegistrations, Order, Organization, OrganizationRegistrationPeriod, Payment, Registration, User, Webshop } from '@stamhoofd/models';
-import { AccessRight, EventPermissionChecker, FinancialSupportSettings, GroupCategory, GroupStatus, MemberWithRegistrationsBlob, PermissionLevel, PermissionsResourceType, Platform as PlatformStruct, RecordCategory, RecordSettings } from '@stamhoofd/structures';
+import { AccessRight, EventPermissionChecker, FinancialSupportSettings, GroupCategory, GroupStatus, GroupType, MemberWithRegistrationsBlob, PermissionLevel, PermissionsResourceType, Platform as PlatformStruct, RecordCategory, RecordSettings } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 import { addTemporaryMemberAccess, hasTemporaryMemberAccess } from './TemporaryMemberAccess';
 import { MemberRecordStore } from '../services/MemberRecordStore';
@@ -185,6 +185,15 @@ export class AdminPermissionChecker {
             return true;
         }
 
+        if (group.type === GroupType.EventRegistration) {
+            // Check if we can access the event
+            const event = await Event.select().where('groupId', group.id).first(false);
+
+            if (event && event.organizationId === group.organizationId && await this.canAccessEvent(event)) {
+                return true;
+            }
+        }
+
         // Check parent categories
         const organizationPeriod = await this.getOrganizationCurrentPeriod(organization);
         const parentCategories = group.getParentCategories(organizationPeriod.settings.categories);
@@ -197,6 +206,18 @@ export class AdminPermissionChecker {
         return false;
     }
 
+    async canRegisterMembersInGroup(group: Group, asOrganizationId: string | null) {
+        if (await this.canAccessGroup(group, PermissionLevel.Write)) {
+            return true;
+        }
+        if (asOrganizationId) {
+            if (group.settings.allowRegistrationsByOrganization) {
+                return await this.hasFullAccess(asOrganizationId);
+            }
+        }
+        return false;
+    }
+
     /**
      * Will throw error if not allowed to edit/add/delete this event
      * @param event