@stamhoofd/backend 2.83.5 → 2.84.1

package/src/endpoints/global/groups/GetGroupsEndpoint.test.ts

@@ -0,0 +1,234 @@
+import { Request } from '@simonbackx/simple-endpoints';
+import { GroupFactory, Organization, OrganizationFactory, OrganizationRegistrationPeriodFactory, RegistrationPeriod, RegistrationPeriodFactory, Token, UserFactory } from '@stamhoofd/models';
+import { BundleDiscountGroupPriceSettings, GroupPrice, GroupType, LimitedFilteredRequest, StamhoofdFilter } from '@stamhoofd/structures';
+import { STExpect, TestUtils } from '@stamhoofd/test-utils';
+import { testServer } from '../../../../tests/helpers/TestServer';
+import { initAdmin, initBundleDiscount, initPlatformAdmin } from '../../../../tests/init';
+import { GetGroupsEndpoint } from './GetGroupsEndpoint';
+import { Database } from '@simonbackx/simple-database';
+
+const baseUrl = `/groups`;
+
+describe('Endpoint.GetGroupsEndpoint', () => {
+    const endpoint = new GetGroupsEndpoint();
+
+    let registrationPeriod1: RegistrationPeriod;
+    let registrationPeriod2: RegistrationPeriod;
+
+    const get = async ({ organization, token, filter }: { organization?: Organization; token: Token; filter?: StamhoofdFilter }) => {
+        const request = Request.get({
+            path: baseUrl,
+            host: organization?.getApiHost() ?? '',
+            query: new LimitedFilteredRequest({
+                limit: 100,
+                filter,
+            }),
+            headers: {
+                authorization: 'Bearer ' + token.accessToken,
+            },
+        });
+        return (await testServer.test(endpoint, request)).body.results;
+    };
+
+    beforeAll(async () => {
+        TestUtils.setPermanentEnvironment('userMode', 'platform');
+
+        registrationPeriod2 = await new RegistrationPeriodFactory({
+            startDate: new Date(2022, 0, 1),
+            endDate: new Date(2022, 11, 31),
+        }).create();
+
+        registrationPeriod1 = await new RegistrationPeriodFactory({
+            startDate: new Date(2023, 0, 1),
+            endDate: new Date(2023, 11, 31),
+            previousPeriodId: registrationPeriod2.id,
+        }).create();
+    });
+
+    afterEach(async () => {
+        await Database.delete('DELETE FROM `groups`');
+    });
+
+    const initOrganization = async (registrationPeriod: RegistrationPeriod) => {
+        const organization = await new OrganizationFactory({ period: registrationPeriod })
+            .create();
+
+        const organizationRegistrationPeriod = await new OrganizationRegistrationPeriodFactory({
+            organization,
+            period: registrationPeriod1,
+        }).create();
+
+        return { organization, organizationRegistrationPeriod };
+    };
+
+    async function initTest() {
+        const { organization, organizationRegistrationPeriod } = await initOrganization(registrationPeriod1);
+        const { organization: otherOrganization } = await initOrganization(registrationPeriod1);
+
+        const user = await new UserFactory({ organization }).create();
+        const token = await Token.createToken(user);
+
+        const waitingList = await new GroupFactory({
+            organization,
+            type: GroupType.WaitingList,
+        }).create();
+
+        const event = await new GroupFactory({
+            organization,
+            type: GroupType.EventRegistration,
+        }).create();
+
+        const group = await new GroupFactory({
+            organization,
+            type: GroupType.Membership,
+        }).create();
+
+        // Create a group that should not be returned
+        const otherGroup = await new GroupFactory({
+            organization: otherOrganization,
+            type: GroupType.Membership,
+        }).create();
+
+        return { organizationRegistrationPeriod, organization, token, waitingList, event, group, otherGroup };
+    }
+
+    it('Can return all groups for an organization', async () => {
+        const { organization, token, waitingList, event, group } = await initTest();
+        const result = await get({ organization, token });
+        expect(result).toHaveLength(3);
+        expect(result).toIncludeSameMembers([
+            expect.objectContaining({
+                id: waitingList.id,
+            }),
+            expect.objectContaining({
+                id: event.id,
+            }),
+            expect.objectContaining({
+                id: group.id,
+            }),
+        ]);
+    });
+
+    it('Can return all groups to a platform admin', async () => {
+        const { waitingList, event, group, otherGroup } = await initTest();
+        const { adminToken } = await initPlatformAdmin();
+
+        const result = await get({ token: adminToken });
+        expect(result).toHaveLength(4);
+        expect(result).toIncludeSameMembers([
+            expect.objectContaining({
+                id: waitingList.id,
+            }),
+            expect.objectContaining({
+                id: event.id,
+            }),
+            expect.objectContaining({
+                id: group.id,
+            }),
+            expect.objectContaining({
+                id: otherGroup.id,
+            }),
+        ]);
+    });
+
+    it('Cannot return all groups to a normal admin', async () => {
+        const { organization } = await initTest();
+        const { adminToken } = await initAdmin({ organization });
+        await expect(get({ token: adminToken })).rejects.toThrow(STExpect.simpleError({ code: 'permission_denied' }));
+    });
+
+    it('Can return a group by ID for an organization', async () => {
+        const { organization, token, group } = await initTest();
+        const result = await get({
+            organization,
+            token,
+            filter: {
+                id: group.id,
+            },
+        });
+        expect(result).toIncludeSameMembers([
+            expect.objectContaining({
+                id: group.id,
+            }),
+        ]);
+    });
+
+    it('Can return a group by bundle discount id', async () => {
+        const { organizationRegistrationPeriod, organization, token, group, event } = await initTest();
+        const bundleDiscount = await initBundleDiscount({ organizationRegistrationPeriod, discount: {} });
+
+        // Add a price to event with a bundle discount
+        const eventGroupPriceAdded = GroupPrice.create({
+            bundleDiscounts: new Map([
+                [bundleDiscount.id, BundleDiscountGroupPriceSettings.create({ name: bundleDiscount.name })],
+            ]),
+        });
+        event.settings.prices.push(eventGroupPriceAdded);
+        await event.save();
+
+        // Set the main group price to the group
+        group.settings.prices[0].bundleDiscounts.set(bundleDiscount.id, BundleDiscountGroupPriceSettings.create({
+            name: bundleDiscount.name,
+        }));
+        await group.save();
+
+        const result = await get({
+            organization,
+            token,
+            filter: {
+                bundleDiscounts: {
+                    [bundleDiscount.id]: {
+                        $neq: null,
+                    },
+                },
+            },
+        });
+        expect(result).toIncludeSameMembers([
+            expect.objectContaining({
+                id: event.id,
+            }),
+            expect.objectContaining({
+                id: group.id,
+            }),
+        ]);
+    });
+
+    it('Safely escapes ids', async () => {
+        const { organizationRegistrationPeriod, organization, token, group, event } = await initTest();
+        const bundleDiscount = await initBundleDiscount({ organizationRegistrationPeriod, discount: {} });
+        const id = `This Id. contains "[10] and .**' inside of it... \\"\\'"'`;
+        const differentId = `This Id. contains "[10] and .**' inside of it... "\\'"'`;
+
+        // Add a price to event with a bundle discount
+        const eventGroupPriceAdded = GroupPrice.create({
+            bundleDiscounts: new Map([
+                [id, BundleDiscountGroupPriceSettings.create({ name: bundleDiscount.name })],
+            ]),
+        });
+        event.settings.prices.push(eventGroupPriceAdded);
+        await event.save();
+
+        // Set the main group price to the group
+        group.settings.prices[0].bundleDiscounts.set(differentId, BundleDiscountGroupPriceSettings.create({
+            name: bundleDiscount.name,
+        }));
+        await group.save();
+
+        const result = await get({
+            organization,
+            token,
+            filter: {
+                bundleDiscounts: {
+                    [id]: {
+                        $neq: null,
+                    },
+                },
+            },
+        });
+        expect(result).toIncludeSameMembers([
+            expect.objectContaining({
+                id: event.id,
+            }),
+        ]);
+    });
+});

package/src/endpoints/global/groups/GetGroupsEndpoint.ts

@@ -1,34 +1,25 @@
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
-import { Group, Organization } from '@stamhoofd/models';
-import { GroupsWithOrganizations } from '@stamhoofd/structures';
+import { assertSort, CountFilteredRequest, getSortFilter, Group as GroupStruct, LimitedFilteredRequest, PaginatedResponse, StamhoofdFilter } from '@stamhoofd/structures';
 
-import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
-import { Formatter } from '@stamhoofd/utility';
-import { StringArrayDecoder } from '../../../decoders/StringArrayDecoder';
+import { Decoder } from '@simonbackx/simple-encoding';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Group } from '@stamhoofd/models';
+import { applySQLSorter, compileToModernSQLFilter, SQLModernFilterDefinitions, SQLSortDefinitions } from '@stamhoofd/sql';
 import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
 import { Context } from '../../../helpers/Context';
-import { SimpleError } from '@simonbackx/simple-errors';
-type Params = Record<string, never>;
-
-class Query extends AutoEncoder {
-    @field({ decoder: new StringArrayDecoder(StringDecoder) })
-    ids: string[];
-
-    /**
-     * List of organizations the requester already knows and doesn't need to be included in the response
-     */
-    @field({ decoder: new StringArrayDecoder(StringDecoder), optional: true })
-    excludeOrganizationIds: string[] = [];
-}
+import { groupFilterCompilers } from '../../../sql-filters/groups';
+import { groupSorters } from '../../../sql-sorters/groups';
 
+type Params = Record<string, never>;
+type Query = LimitedFilteredRequest;
 type Body = undefined;
-type ResponseBody = GroupsWithOrganizations;
+type ResponseBody = PaginatedResponse<GroupStruct[], LimitedFilteredRequest>;
+
+const filterCompilers: SQLModernFilterDefinitions = groupFilterCompilers;
+const sorters: SQLSortDefinitions<Group> = groupSorters;
 
-/**
- * Get the members of the user
- */
 export class GetGroupsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
-    queryDecoder = Query as Decoder<Query>;
+    queryDecoder = LimitedFilteredRequest as Decoder<LimitedFilteredRequest>;
 
     protected doesMatch(request: Request): [true, Params] | [false] {
         if (request.method !== 'GET') {
@@ -40,40 +31,123 @@ export class GetGroupsEndpoint extends Endpoint<Params, Query, Body, ResponseBod
         if (params) {
             return [true, params as Params];
         }
-
         return [false];
     }
 
+    static async buildQuery(q: CountFilteredRequest | LimitedFilteredRequest) {
+        const organization = Context.organization;
+        let scopeFilter: StamhoofdFilter | undefined = undefined;
+
+        if (organization) {
+            scopeFilter = {
+                organizationId: organization.id,
+            };
+        }
+
+        const query = Group.select();
+
+        if (scopeFilter) {
+            query.where(await compileToModernSQLFilter(scopeFilter, filterCompilers));
+        }
+
+        if (q.filter) {
+            query.where(await compileToModernSQLFilter(q.filter, filterCompilers));
+        }
+
+        if (q.search) {
+            let searchFilter: StamhoofdFilter | null = null;
+
+            searchFilter = {
+                id: q.search,
+            };
+
+            if (searchFilter) {
+                query.where(await compileToModernSQLFilter(searchFilter, filterCompilers));
+            }
+        }
+
+        if (q instanceof LimitedFilteredRequest) {
+            if (q.pageFilter) {
+                query.where(await compileToModernSQLFilter(q.pageFilter, filterCompilers));
+            }
+
+            q.sort = assertSort(q.sort, [{ key: 'id' }]);
+            applySQLSorter(query, q.sort, sorters);
+            query.limit(q.limit);
+        }
+
+        return query;
+    }
+
+    static async buildData(requestQuery: LimitedFilteredRequest) {
+        const query = await GetGroupsEndpoint.buildQuery(requestQuery);
+        const groups = await query.fetch();
+
+        let next: LimitedFilteredRequest | undefined;
+
+        if (groups.length >= requestQuery.limit) {
+            const lastObject = groups[groups.length - 1];
+            const nextFilter = getSortFilter(lastObject, sorters, requestQuery.sort);
+
+            next = new LimitedFilteredRequest({
+                filter: requestQuery.filter,
+                pageFilter: nextFilter,
+                sort: requestQuery.sort,
+                limit: requestQuery.limit,
+                search: requestQuery.search,
+            });
+
+            if (JSON.stringify(nextFilter) === JSON.stringify(requestQuery.pageFilter)) {
+                console.error('Found infinite loading loop for', requestQuery);
+                next = undefined;
+            }
+        }
+
+        return new PaginatedResponse<GroupStruct[], LimitedFilteredRequest>({
+            results: await AuthenticatedStructures.groups(groups),
+            next,
+        });
+    }
+
     async handle(request: DecodedRequest<Params, Query, Body>) {
-        await Context.setOptionalOrganizationScope();
+        if (request.request.getVersion() < 373) {
+            throw new SimpleError({
+                code: 'client_update_required',
+                statusCode: 400,
+                message: 'Er is een noodzakelijke update beschikbaar. Herlaad de pagina en wis indien nodig de cache van jouw browser.',
+                human: $t(`adb0e7c8-aed7-43f5-bfcc-a350f03aaabe`),
+            });
+        }
+
+        const organization = await Context.setOptionalOrganizationScope();
         await Context.optionalAuthenticate();
 
-        if (request.query.ids.length === 0) {
-            return new Response(
-                GroupsWithOrganizations.create({
-                    groups: [],
-                    organizations: [],
-                }),
-            );
+        if (!organization) {
+            if (!Context.auth.hasSomePlatformAccess()) {
+                throw Context.auth.error();
+            }
         }
 
-        if (request.query.ids.length > 100) {
+        const maxLimit = Context.auth.hasSomePlatformAccess() ? 1000 : 100;
+
+        if (request.query.limit > maxLimit) {
             throw new SimpleError({
-                code: 'too_many_ids',
-                message: "You can't request more than 100 groups at once",
+                code: 'invalid_field',
+                field: 'limit',
+                message: 'Limit can not be more than ' + maxLimit,
             });
         }
 
-        const groups = await Group.getByIDs(...request.query.ids);
-        const organizationIds = Formatter.uniqueArray(groups.map(g => g.organizationId).filter(id => !request.query.excludeOrganizationIds.includes(id)));
-
-        const organizations = organizationIds.length > 0 ? (await Organization.getByIDs(...organizationIds)) : [];
+        if (request.query.limit < 1) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                field: 'limit',
+                message: 'Limit can not be less than 1',
+            });
+        }
 
         return new Response(
-            GroupsWithOrganizations.create({
-                groups: await AuthenticatedStructures.groups(groups),
-                organizations: await AuthenticatedStructures.organizations(organizations),
-            }),
+            await GetGroupsEndpoint.buildData(request.query),
         );
     }
 }