npm - @stamhoofd/backend - Versions diffs - 2.83.5 → 2.84.1 - Mend

@stamhoofd/backend 2.83.5 → 2.84.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

package/src/endpoints/global/members/GetMembersEndpoint.ts CHANGED Viewed

@@ -1,9 +1,9 @@
 import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
-import { Member, Platform } from '@stamhoofd/models';
+import { Group, Member, Platform } from '@stamhoofd/models';
 import { SQL, applySQLSorter, compileToSQLFilter } from '@stamhoofd/sql';
-import { CountFilteredRequest, Country, CountryCode, LimitedFilteredRequest, MembersBlob, PaginatedResponse, PermissionLevel, StamhoofdFilter, assertSort, getSortFilter } from '@stamhoofd/structures';
+import { CountFilteredRequest, Country, CountryCode, GroupType, LimitedFilteredRequest, MembersBlob, PaginatedResponse, PermissionLevel, StamhoofdFilter, assertSort, getSortFilter } from '@stamhoofd/structures';
 import { DataValidator } from '@stamhoofd/utility';
 import { SQLResultNamespacedRow } from '@simonbackx/simple-database';
@@ -12,6 +12,7 @@ import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructure
 import { Context } from '../../../helpers/Context';
 import { memberFilterCompilers } from '../../../sql-filters/members';
 import { memberSorters } from '../../../sql-sorters/members';
+import { validateGroupFilter } from './helpers/validateGroupFilter';
 type Params = Record<string, never>;
 type Query = LimitedFilteredRequest;
@@ -41,75 +42,88 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
         const organization = Context.organization;
         let scopeFilter: StamhoofdFilter | undefined = undefined;
-        if (!organization && !Context.auth.canAccessAllPlatformMembers()) {
-            const tags = Context.auth.getPlatformAccessibleOrganizationTags(permissionLevel);
-            if (tags !== 'all' && tags.length === 0) {
-                throw Context.auth.error();
-            }
-            if (tags !== 'all') {
-                const platform = await Platform.getShared();
-                // Add organization scope filter
-                scopeFilter = {
-                    registrations: {
-                        $elemMatch: {
-                            organization: {
-                                tags: {
-                                    $in: tags,
-                                },
-                            },
-                            periodId: platform.periodId,
-                        },
-                    },
-                };
-            }
-        }
-        if (organization && !Context.auth.canAccessAllPlatformMembers()) {
-            // Add organization scope filter
-            const groups = await Context.auth.getAccessibleGroups(organization.id, permissionLevel);
+        // First do a quick validation of the groups, so that prevents the backend from having to add a scope filter
+        if (!Context.auth.canAccessAllPlatformMembers() && !await validateGroupFilter({ filter: q.filter, permissionLevel, key: 'registrations' })) {
+            if (!organization) {
+                const tags = Context.auth.getPlatformAccessibleOrganizationTags(permissionLevel);
+                if (tags !== 'all' && tags.length === 0) {
+                    throw Context.auth.error();
+                }
-            if (groups.length === 0) {
-                throw Context.auth.error();
-            }
+                if (tags !== 'all') {
+                    const platform = await Platform.getShared();
-            if (groups === 'all') {
-                if (await Context.auth.hasFullAccess(organization.id, permissionLevel)) {
-                    // Can access full history for now
+                    // Add organization scope filter
                     scopeFilter = {
                         registrations: {
                             $elemMatch: {
-                                organizationId: organization.id,
+                                organization: {
+                                    tags: {
+                                        $in: tags,
+                                    },
+                                },
+                                periodId: platform.periodId,
                             },
                         },
                     };
                 }
+            }
+            if (organization) {
+                // Add organization scope filter
+                if (await Context.auth.canAccessAllMembers(organization.id, permissionLevel)) {
+                    if (await Context.auth.hasFullAccess(organization.id, permissionLevel)) {
+                        // Can access full history for now
+                        scopeFilter = {
+                            registrations: {
+                                $elemMatch: {
+                                    organizationId: organization.id,
+                                },
+                            },
+                        };
+                    }
+                    else {
+                        // Can only access current period
+                        scopeFilter = {
+                            registrations: {
+                                $elemMatch: {
+                                    organizationId: organization.id,
+                                    periodId: organization.periodId,
+                                },
+                            },
+                        };
+                    }
+                }
                 else {
-                    // Can only access current period
+                    // Check which normal membership groups we have access to and filter on those
+                    const groups = await Group.getAll(organization.id, organization.periodId, true, [GroupType.Membership, GroupType.WaitingList]);
+                    Context.auth.cacheGroups(groups);
+                    const groupIds: string[] = [];
+                    for (const group of groups) {
+                        if (await Context.auth.canAccessGroup(group, permissionLevel)) {
+                            groupIds.push(group.id);
+                        }
+                    }
+                    if (groupIds.length === 0) {
+                        throw Context.auth.error({
+                            message: 'You must filter on a group of the organization you are trying to access',
+                            human: $t(`737f9ff3-8eca-40f5-8f03-d303d53de5d1`),
+                        });
+                    }
                     scopeFilter = {
                         registrations: {
                             $elemMatch: {
-                                organizationId: organization.id,
-                                periodId: organization.periodId,
+                                groupId: {
+                                    $in: groupIds,
+                                },
                             },
                         },
                     };
                 }
             }
-            else {
-                scopeFilter = {
-                    registrations: {
-                        $elemMatch: {
-                            organizationId: organization.id,
-                            periodId: organization.periodId,
-                            groupId: {
-                                $in: groups,
-                            },
-                        },
-                    },
-                };
-            }
         }
         const query = SQL
@@ -129,95 +143,10 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
             query.where(await compileToSQLFilter(q.filter, filterCompilers));
         }
-        if (q.search) {
-            let searchFilter: StamhoofdFilter | null = null;
-            // is phone?
-            if (!searchFilter && q.search.match(/^\+?[0-9\s-]+$/)) {
-                // Try to format as phone so we have 1:1 space matches
-                try {
-                    const country = (Context.i18n.country as CountryCode) || Country.Belgium;
-                    const phoneNumber = parsePhoneNumber(q.search, country);
-                    if (phoneNumber && phoneNumber.isValid()) {
-                        const formatted = phoneNumber.formatInternational();
-                        searchFilter = {
-                            $or: [
-                                {
-                                    phone: {
-                                        $eq: formatted,
-                                    },
-                                },
-                                {
-                                    parentPhone: {
-                                        $eq: formatted,
-                                    },
-                                },
-                                {
-                                    unverifiedPhone: {
-                                        $eq: formatted,
-                                    },
-                                },
-                            ],
-                        };
-                    }
-                }
-                catch (e) {
-                    console.error('Failed to parse phone number', q.search, e);
-                }
-            }
-            // Is lidnummer?
-            if (!searchFilter && (q.search.match(/^[0-9]{4}-[0-9]{6}-[0-9]{1,2}$/) || q.search.match(/^[0-9]{9,10}$/))) {
-                searchFilter = {
-                    memberNumber: {
-                        $eq: q.search,
-                    },
-                };
-            }
-            // Two search modes:
-            // e-mail or name based searching
-            if (searchFilter) {
-                // already done
-            }
-            else if (q.search.includes('@')) {
-                const isCompleteAddress = DataValidator.isEmailValid(q.search);
-                // Member email address contains, or member parent contains
-                searchFilter = {
-                    $or: [
-                        {
-                            email: {
-                                [(isCompleteAddress ? '$eq' : '$contains')]: q.search,
-                            },
-                        },
-                        {
-                            parentEmail: {
-                                [(isCompleteAddress ? '$eq' : '$contains')]: q.search,
-                            },
-                        },
-                        {
-                            unverifiedEmail: {
-                                [(isCompleteAddress ? '$eq' : '$contains')]: q.search,
-                            },
-                        },
-                    ],
-                } as any as StamhoofdFilter;
-            }
-            else {
-                searchFilter = {
-                    name: {
-                        $contains: q.search,
-                    },
-                };
-            }
-            // todo: Address search detection
+        const searchFilter = GetMembersEndpoint.buildSearchFilter(q.search);
-            if (searchFilter) {
-                query.where(await compileToSQLFilter(searchFilter, filterCompilers));
-            }
+        if (searchFilter) {
+            query.where(await compileToSQLFilter(searchFilter, filterCompilers));
         }
         if (q instanceof LimitedFilteredRequest) {
@@ -233,6 +162,99 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
         return query;
     }
+    static buildSearchFilter(search: string | null): StamhoofdFilter | null {
+        if (!search) {
+            return null;
+        }
+        let searchFilter: StamhoofdFilter | null = null;
+        // is phone?
+        if (!searchFilter && search.match(/^\+?[0-9\s-]+$/)) {
+            // Try to format as phone so we have 1:1 space matches
+            try {
+                const country = (Context.i18n.country as CountryCode) || Country.Belgium;
+                const phoneNumber = parsePhoneNumber(search, country);
+                if (phoneNumber && phoneNumber.isValid()) {
+                    const formatted = phoneNumber.formatInternational();
+                    searchFilter = {
+                        $or: [
+                            {
+                                phone: {
+                                    $eq: formatted,
+                                },
+                            },
+                            {
+                                parentPhone: {
+                                    $eq: formatted,
+                                },
+                            },
+                            {
+                                unverifiedPhone: {
+                                    $eq: formatted,
+                                },
+                            },
+                        ],
+                    };
+                }
+            }
+            catch (e) {
+                console.error('Failed to parse phone number', search, e);
+            }
+        }
+        // Is lidnummer?
+        if (!searchFilter && (search.match(/^[0-9]{4}-[0-9]{6}-[0-9]{1,2}$/) || search.match(/^[0-9]{9,10}$/))) {
+            searchFilter = {
+                memberNumber: {
+                    $eq: search,
+                },
+            };
+        }
+        // Two search modes:
+        // e-mail or name based searching
+        if (searchFilter) {
+            // already done
+        }
+        else if (search.includes('@')) {
+            const isCompleteAddress = DataValidator.isEmailValid(search);
+            // Member email address contains, or member parent contains
+            searchFilter = {
+                $or: [
+                    {
+                        email: {
+                            [(isCompleteAddress ? '$eq' : '$contains')]: search,
+                        },
+                    },
+                    {
+                        parentEmail: {
+                            [(isCompleteAddress ? '$eq' : '$contains')]: search,
+                        },
+                    },
+                    {
+                        unverifiedEmail: {
+                            [(isCompleteAddress ? '$eq' : '$contains')]: search,
+                        },
+                    },
+                ],
+            } as any as StamhoofdFilter;
+        }
+        else {
+            searchFilter = {
+                name: {
+                    $contains: search,
+                },
+            };
+        }
+        // todo: Address search detection
+        return searchFilter;
+    }
     static async buildData(requestQuery: LimitedFilteredRequest, permissionLevel = PermissionLevel.Read) {
         const query = await GetMembersEndpoint.buildQuery(requestQuery, permissionLevel);
         let data: SQLResultNamespacedRow[];

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.test.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import { PatchableArray, PatchableArrayAutoEncoder, PatchMap } from '@simonbackx
 import { Endpoint, Request } from '@simonbackx/simple-endpoints';
 import { GroupFactory, MemberFactory, OrganizationFactory, OrganizationTagFactory, Platform, RegistrationFactory, Token, UserFactory } from '@stamhoofd/models';
 import { Address, Country, EmergencyContact, MemberDetails, MemberWithRegistrationsBlob, OrganizationMetaData, OrganizationRecordsConfiguration, Parent, PatchAnswers, PermissionLevel, Permissions, PermissionsResourceType, RecordCategory, RecordSettings, RecordTextAnswer, ResourcePermissions, ReviewTime, ReviewTimes, TranslatedString } from '@stamhoofd/structures';
-import { SHExpect, TestUtils } from '@stamhoofd/test-utils';
+import { STExpect, TestUtils } from '@stamhoofd/test-utils';
 import { testServer } from '../../../../tests/helpers/TestServer';
 import { PatchOrganizationMembersEndpoint } from './PatchOrganizationMembersEndpoint';
@@ -57,7 +57,7 @@ describe('Endpoint.PatchOrganizationMembersEndpoint', () => {
             request.headers.authorization = 'Bearer ' + token.accessToken;
             await expect(testServer.test(endpoint, request))
                 .rejects
-                .toThrow(SHExpect.errorWithCode('known_member_missing_rights'));
+                .toThrow(STExpect.errorWithCode('known_member_missing_rights'));
         });
         test('The security code is not a requirement for members without additional data', async () => {
@@ -217,7 +217,7 @@ describe('Endpoint.PatchOrganizationMembersEndpoint', () => {
             const request = Request.buildJson('PATCH', baseUrl, organization.getApiHost(), arr);
             request.headers.authorization = 'Bearer ' + token.accessToken;
-            await expect(testServer.test(endpoint, request)).rejects.toThrow(SHExpect.errorWithCode('not_found'));
+            await expect(testServer.test(endpoint, request)).rejects.toThrow(STExpect.errorWithCode('not_found'));
         });
         test('An admin can edit members registered in its own organization', async () => {
@@ -493,7 +493,7 @@ describe('Endpoint.PatchOrganizationMembersEndpoint', () => {
             const request = Request.buildJson('PATCH', baseUrl, organization.getApiHost(), arr);
             request.headers.authorization = 'Bearer ' + token.accessToken;
-            await expect(testServer.test(endpoint, request)).rejects.toThrow(SHExpect.errorWithCode('permission_denied'));
+            await expect(testServer.test(endpoint, request)).rejects.toThrow(STExpect.errorWithCode('permission_denied'));
         });
         test('An admin without record category permission cannot set the records in that category', async () => {
@@ -562,7 +562,7 @@ describe('Endpoint.PatchOrganizationMembersEndpoint', () => {
             const request = Request.buildJson('PATCH', baseUrl, organization.getApiHost(), arr);
             request.headers.authorization = 'Bearer ' + token.accessToken;
-            await expect(testServer.test(endpoint, request)).rejects.toThrow(SHExpect.errorWithCode('permission_denied'));
+            await expect(testServer.test(endpoint, request)).rejects.toThrow(STExpect.errorWithCode('permission_denied'));
         });
         test('An admin can set records of the platform', async () => {
@@ -2033,7 +2033,7 @@ describe('Endpoint.PatchOrganizationMembersEndpoint', () => {
             await member3.refresh();
             // Check all contacts equal
-            const expectedParent = contact2;
+            const expectedParent = contact2.patch({ createdAt: contact1.createdAt }); // the oldest one is used
             expect(member1.details.emergencyContacts).toEqual([expectedParent]);
             expect(member2.details.emergencyContacts).toEqual([expectedParent]);

package/src/endpoints/global/members/PatchOrganizationMembersEndpoint.ts CHANGED Viewed

@@ -74,22 +74,6 @@ export class PatchOrganizationMembersEndpoint extends Endpoint<Params, Query, Bo
         const platform = await Platform.getShared();
-        // Cache
-        const groups: Group[] = [];
-        async function getGroup(id: string) {
-            const f = groups.find(g => g.id === id);
-            if (f) {
-                return f;
-            }
-            const group = await Group.getByID(id);
-            if (group) {
-                groups.push(group);
-                return group;
-            }
-            return null;
-        }
         const updateMembershipMemberIds = new Set<string>();
         const updateMembershipsForOrganizations = new Set<string>();

package/src/endpoints/global/members/helpers/validateGroupFilter.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Group } from '@stamhoofd/models';
+import { FilterWrapperMarker, PermissionLevel, StamhoofdFilter, unwrapFilter, WrapperFilter } from '@stamhoofd/structures';
+import { Context } from '../../../../helpers/Context';
+export async function validateGroupFilter({ filter, permissionLevel, key }: { filter: StamhoofdFilter; permissionLevel: PermissionLevel; key: string | null }) {
+    // Require presence of a filter
+    const requiredFilter: WrapperFilter = key
+        ? {
+                [key]: {
+                    $elemMatch: {
+                        groupId: FilterWrapperMarker,
+                    },
+                },
+            }
+        : {
+                groupId: FilterWrapperMarker,
+            };
+    const unwrapped = unwrapFilter(filter, requiredFilter);
+    if (!unwrapped.match) {
+        return false;
+    }
+    const groupIds = typeof unwrapped.markerValue === 'string'
+        ? [unwrapped.markerValue]
+        : unwrapFilter(unwrapped.markerValue as StamhoofdFilter, {
+            $in: FilterWrapperMarker,
+        })?.markerValue;
+    if (!Array.isArray(groupIds)) {
+        throw new SimpleError({
+            code: 'invalid_field',
+            field: 'filter',
+            message: 'You must filter on a group of the organization you are trying to access',
+            human: $t(`5efbaed8-004e-40b9-a822-bdb31e35fbb7`),
+        });
+    }
+    if (groupIds.length === 0) {
+        throw new SimpleError({
+            code: 'invalid_field',
+            field: 'filter',
+            message: 'Filtering on an empty list of groups is not supported',
+        });
+    }
+    for (const groupId of groupIds) {
+        if (typeof groupId !== 'string') {
+            throw new SimpleError({
+                code: 'invalid_field',
+                field: 'filter',
+                message: 'Invalid group ID in filter',
+            });
+        }
+    }
+    const groups = await Group.getByIDs(...groupIds as string[]);
+    Context.auth.cacheGroups(groups);
+    console.log('Fetching members for groups', groups.map(g => g.settings.name.toString()));
+    for (const group of groups) {
+        if (!await Context.auth.canAccessGroup(group, permissionLevel)) {
+            throw Context.auth.error({
+                message: 'You do not have access to this group',
+                human: $t(`45eedf49-0f0a-442c-a0bd-7881c2682698`, { groupName: group.settings.name }),
+            });
+        }
+    }
+    return true;
+}

package/src/endpoints/global/registration/GetPaymentRegistrations.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import { ManyToOneRelation } from '@simonbackx/simple-database';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
 import { Group, Member, Payment, Registration } from '@stamhoofd/models';
@@ -61,7 +60,7 @@ export class GetPaymentRegistrations extends Endpoint<Params, Query, Body, Respo
                 paidAt: payment.paidAt,
                 createdAt: payment.createdAt,
                 updatedAt: payment.updatedAt,
-                registrations: registrations.map(r => Member.getRegistrationWithMemberStructure(r.setRelation(Registration.group, groups.find(g => g.id === r.groupId)!))),
+                registrations: registrations.map(r => Member.getRegistrationWithTinyMemberStructure(r.setRelation(Registration.group, groups.find(g => g.id === r.groupId)!))),
             }),
         );
     }

package/src/endpoints/global/registration/GetRegistrationsCountEndpoint.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { CountFilteredRequest, CountResponse } from '@stamhoofd/structures';
+import { Context } from '../../../helpers/Context';
+import { GetRegistrationsEndpoint } from './GetRegistrationsEndpoint';
+type Params = Record<string, never>;
+type Query = CountFilteredRequest;
+type Body = undefined;
+type ResponseBody = CountResponse;
+export class GetRegistrationsCountEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = CountFilteredRequest as Decoder<CountFilteredRequest>;
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'GET') {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, '/registrations/count', {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.setOptionalOrganizationScope();
+        await Context.authenticate();
+        const query = await GetRegistrationsEndpoint.buildQuery(request.query);
+        const count = await query
+            .count();
+        return new Response(
+            CountResponse.create({
+                count,
+            }),
+        );
+    }
+}