@stamhoofd/backend 2.91.0 → 2.92.0

package/src/endpoints/organization/webshops/PlaceOrderEndpoint.ts

@@ -3,7 +3,7 @@ import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
 import { Email } from '@stamhoofd/email';
-import { BalanceItem, BalanceItemPayment, MolliePayment, MollieToken, Order, PayconiqPayment, Payment, RateLimiter, Webshop, WebshopDiscountCode, WebshopUitpasNumber } from '@stamhoofd/models';
+import { BalanceItem, BalanceItemPayment, MolliePayment, MollieToken, Order, PayconiqPayment, Payment, RateLimiter, Webshop, WebshopDiscountCode } from '@stamhoofd/models';
 import { QueueHandler } from '@stamhoofd/queues';
 import { AuditLogSource, BalanceItemRelation, BalanceItemRelationType, BalanceItemStatus, BalanceItemType, OrderData, OrderResponse, Order as OrderStruct, PaymentCustomer, PaymentMethod, PaymentMethodHelper, PaymentProvider, PaymentStatus, Payment as PaymentStruct, TranslatedString, Version, WebshopAuthType, Webshop as WebshopStruct } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
@@ -133,72 +133,7 @@ export class PlaceOrderEndpoint extends Endpoint<Params, Query, Body, ResponseBo
             request.body.validate(webshopStruct, organization.meta, request.i18n, false, Context.user?.getStructure());
             request.body.update(webshopStruct);
 
-            // UiTPAS numbers validation
-            const articlesWithUitpasSocialTariff = request.body.cart.items.filter(item => item.productPrice.uitpasBaseProductPriceId !== null);
-            for (const item of articlesWithUitpasSocialTariff) {
-                const uitpasNumbersOnly = item.uitpasNumbers.map(p => p.uitpasNumber);
-
-                // verify the amount of UiTPAS numbers
-                if (uitpasNumbersOnly.length !== item.amount) {
-                    throw new SimpleError({
-                        code: 'amount_of_uitpas_numbers_mismatch',
-                        message: 'The number of UiTPAS numbers and items with UiTPAS social tariff does not match',
-                        human: $t('6140c642-69b2-43d6-80ba-2af4915c5837'),
-                        field: 'cart.items.uitpasNumbers',
-                    });
-                }
-
-                // verify the UiTPAS numbers are unique (within the order)
-                if (uitpasNumbersOnly.length !== Formatter.uniqueArray(uitpasNumbersOnly).length) {
-                    throw new SimpleError({
-                        code: 'duplicate_uitpas_numbers',
-                        message: 'Duplicate uitpas numbers used',
-                        human: $t('d9ec27f3-dafa-41e8-bcfb-9da564a4a675'),
-                        field: 'cart.items.uitpasNumbers',
-                    });
-                }
-
-                // verify the UiTPAS numbers are not already used for this product
-                const hasBeenUsed = await WebshopUitpasNumber.areUitpasNumbersUsed(webshop.id, item.product.id, uitpasNumbersOnly);
-                if (hasBeenUsed) {
-                    throw new SimpleError({
-                        code: 'uitpas_number_already_used',
-                        message: 'One or more uitpas numbers are already used',
-                        human: $t('1ef059c2-e758-4cfa-bc2b-16a581029450'),
-                        field: 'cart.items.uitpasNumbers',
-                    });
-                }
-
-                // verify the UiTPAS numbers are valid for social tariff (static check + API call to UiTPAS)
-                if (item.product.uitpasEvent) {
-                    const basePrice = item.product.prices.find(p => p.id === item.productPrice.uitpasBaseProductPriceId)?.price ?? 0;
-                    const reducedPrices = await UitpasService.getSocialTariffForUitpasNumbers(organization.id, uitpasNumbersOnly, basePrice, item.product.uitpasEvent.url);
-                    const expectedReducedPrices = item.uitpasNumbers;
-                    if (reducedPrices.length < expectedReducedPrices.length) {
-                        // should not happen
-                        throw new SimpleError({
-                            code: 'uitpas_social_tariff_price_mismatch',
-                            message: 'UiTPAS wrong number of prices retruned',
-                            human: $t('2d1983fa-2224-422f-9ea0-fdae77cb4914'),
-                            field: 'cart.items.uitpasNumbers',
-                        });
-                    }
-                    for (let i = 0; i < expectedReducedPrices.length; i++) {
-                        if (reducedPrices[i].price !== expectedReducedPrices[i].price) {
-                            throw new SimpleError({
-                                code: 'uitpas_social_tariff_price_mismatch',
-                                message: 'UiTPAS social tariff have a different price',
-                                human: $t('2f4b9572-4b9c-42e0-91f1-b0984624d225', { correctPrice: Formatter.price(reducedPrices[i].price), orderPrice: Formatter.price(expectedReducedPrices[i].price) }),
-                                field: 'uitpasNumbers.' + i.toString(),
-                            });
-                        }
-                        item.uitpasNumbers[i].uitpasTariffId = reducedPrices[i].uitpasTariffId;
-                    }
-                }
-                else {
-                    await UitpasService.checkUitpasNumbers(uitpasNumbersOnly); // Throws if invalid
-                }
-            }
+            request.body.cart = await UitpasService.validateCart(organization.id, webshop.id, request.body.cart);
 
             const order = new Order().setRelation(Order.webshop, webshop);
             order.data = request.body; // TODO: validate

package/src/helpers/AdminPermissionChecker.ts

@@ -1,6 +1,6 @@
 import { AutoEncoderPatchType, PatchMap } from '@simonbackx/simple-encoding';
 import { isSimpleError, isSimpleErrors, SimpleError } from '@simonbackx/simple-errors';
-import { BalanceItem, CachedBalance, Document, EmailTemplate, Event, EventNotification, Group, Member, MemberPlatformMembership, MemberWithRegistrations, Order, Organization, OrganizationRegistrationPeriod, Payment, Registration, User, Webshop } from '@stamhoofd/models';
+import { BalanceItem, CachedBalance, Document, Email, EmailTemplate, Event, EventNotification, Group, Member, MemberPlatformMembership, MemberWithRegistrations, Order, Organization, OrganizationRegistrationPeriod, Payment, Registration, User, Webshop } from '@stamhoofd/models';
 import { AccessRight, EmailTemplate as EmailTemplateStruct, EventPermissionChecker, FinancialSupportSettings, GroupCategory, GroupStatus, GroupType, MemberWithRegistrationsBlob, PermissionLevel, PermissionsResourceType, Platform as PlatformStruct, RecordSettings, ResourcePermissions } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 import { MemberRecordStore } from '../services/MemberRecordStore';
@@ -709,7 +709,7 @@ export class AdminPermissionChecker {
         }
 
         if (!template.organizationId) {
-            return this.hasPlatformFullAccess();
+            return this.hasPlatformFullAccess() || !!this.platformPermissions?.hasAccessRight(AccessRight.ManageEmailTemplates);
         }
 
         if (await this.hasFullAccess(template.organizationId)) {
@@ -734,6 +734,11 @@ export class AdminPermissionChecker {
             return true;
         }
 
+        const o = await this.getOrganizationPermissions(template.organizationId);
+        if (o && o.hasAccessRight(AccessRight.ManageEmailTemplates)) {
+            return true;
+        }
+
         return false;
     }
 
@@ -845,8 +850,79 @@ export class AdminPermissionChecker {
         return this.hasSomeAccess(organizationId);
     }
 
-    canSendEmails() {
-        return !!this.user.permissions;
+    async canSendEmails(organizationId: Organization | string | null) {
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasAccessRightForSomeResourceOfType(PermissionsResourceType.Senders, AccessRight.SendMessages) ?? false;
+        }
+        return this.platformPermissions?.hasAccessRightForSomeResourceOfType(PermissionsResourceType.Senders, AccessRight.SendMessages) ?? false;
+    }
+
+    /**
+     * Fast check if this user can read at least one email in the system.
+     */
+    async canReadEmails(organizationId: Organization | string | null) {
+        if (await this.canSendEmails(organizationId)) {
+            // A user can reads its own emails, so they can read.
+            return true;
+        }
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasAccessForSomeResourceOfType(PermissionsResourceType.Senders, PermissionLevel.Read) ?? false;
+        }
+        return this.platformPermissions?.hasAccessForSomeResourceOfType(PermissionsResourceType.Senders, PermissionLevel.Read) ?? false;
+    }
+
+    async canReadAllEmails(organizationId: Organization | string | null, senderId = ''): Promise<boolean> {
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasResourceAccess(PermissionsResourceType.Senders, senderId, PermissionLevel.Read) ?? false;
+        }
+        return this.platformPermissions?.hasResourceAccess(PermissionsResourceType.Senders, senderId, PermissionLevel.Read) ?? false;
+    }
+
+    async canAccessEmail(email: Email, level: PermissionLevel = PermissionLevel.Read): Promise<boolean> {
+        if (!this.checkScope(email.organizationId)) {
+            return false;
+        }
+
+        if (email.userId === this.user.id) {
+            // User can always read their own emails
+            // Note; for sending we'll always need to use 'canSendEmailsFrom' externally
+            return true;
+        }
+
+        if (email.organizationId) {
+            const organizationPermissions = await this.getOrganizationPermissions(email.organizationId);
+            if (!organizationPermissions) {
+                return false;
+            }
+            if (!email.senderId) {
+                return organizationPermissions.hasResourceAccess(PermissionsResourceType.Senders, '', level);
+            }
+            return organizationPermissions.hasResourceAccess(PermissionsResourceType.Senders, email.senderId, level);
+        }
+
+        // Platform email
+        const platformPermissions = this.platformPermissions;
+        if (!platformPermissions) {
+            return false;
+        }
+        if (!email.senderId) {
+            return platformPermissions.hasResourceAccess(PermissionsResourceType.Senders, '', level);
+        }
+        return platformPermissions.hasResourceAccess(PermissionsResourceType.Senders, email.senderId, level);
+    }
+
+    async canSendEmail(email: Email): Promise<boolean> {
+        if (email.senderId) {
+            return await this.canSendEmailsFrom(email.organizationId, email.senderId);
+        }
+        return await this.canSendEmails(email.organizationId);
+    }
+
+    async canSendEmailsFrom(organizationId: Organization | string | null, senderId: string): Promise<boolean> {
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasResourceAccessRight(PermissionsResourceType.Senders, senderId, AccessRight.SendMessages) ?? false;
+        }
+        return this.platformPermissions?.hasResourceAccessRight(PermissionsResourceType.Senders, senderId, AccessRight.SendMessages) ?? false;
     }
 
     async canReadEmailTemplates(organizationId: string) {
@@ -909,7 +985,7 @@ export class AdminPermissionChecker {
      */
     async hasSomeAccess(organizationOrId: string | Organization): Promise<boolean> {
         const organizationPermissions = await this.getOrganizationPermissions(organizationOrId);
-        return !!organizationPermissions;
+        return !!organizationPermissions && !organizationPermissions.isEmpty;
     }
 
     async canManageAdmins(organizationId: string) {