npm - @stamhoofd/backend - Versions diffs - 2.99.0 → 2.100.0 - Mend

@stamhoofd/backend 2.99.0 → 2.100.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.test.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import { Request } from '@simonbackx/simple-endpoints';
-import { GroupFactory, Organization, OrganizationFactory, Token, User, UserFactory, Webshop, WebshopFactory } from '@stamhoofd/models';
-import { AccessRight, MemberResponsibility, OrganizationPrivateMetaData, Organization as OrganizationStruct, PermissionLevel, PermissionRoleDetailed, PermissionRoleForResponsibility, Permissions, PermissionsResourceType, ResourcePermissions, Version } from '@stamhoofd/structures';
+import { GroupFactory, Organization, OrganizationFactory, OrganizationRegistrationPeriod, RegistrationPeriodFactory, Token, User, UserFactory, Webshop, WebshopFactory } from '@stamhoofd/models';
+import { AccessRight, MemberResponsibility, OrganizationPrivateMetaData, OrganizationRegistrationPeriod as OrganizationRegistrationPeriodStruct, Organization as OrganizationStruct, PermissionLevel, PermissionRoleDetailed, PermissionRoleForResponsibility, Permissions, PermissionsResourceType, ResourcePermissions, Version } from '@stamhoofd/structures';
 import { AutoEncoderPatchType, PatchableArray, PatchableArrayAutoEncoder, PatchMap } from '@simonbackx/simple-encoding';
+import { STExpect, TestUtils } from '@stamhoofd/test-utils';
 import { testServer } from '../../../../../tests/helpers/TestServer';
 import { PatchOrganizationEndpoint } from './PatchOrganizationEndpoint';
@@ -10,6 +11,10 @@ describe('Endpoint.PatchOrganization', () => {
     // Test endpoint
     const endpoint = new PatchOrganizationEndpoint();
+    beforeEach(async () => {
+        TestUtils.setEnvironment('userMode', 'platform');
+    });
     const patchOrganization = async ({ patch, organization, token }: { patch: AutoEncoderPatchType<OrganizationStruct> | OrganizationStruct; organization: Organization; token: Token }) => {
         const request = Request.buildJson('PATCH', `/v${Version}/organization`, organization.getApiHost(), patch);
         request.headers.authorization = 'Bearer ' + token.accessToken;
@@ -1274,4 +1279,64 @@ describe('Endpoint.PatchOrganization', () => {
             });
         });
     });
+    describe('userMode organization', () => {
+        beforeEach(async () => {
+            TestUtils.setEnvironment('userMode', 'organization');
+        });
+        test("Can't set period that belongs to no organization", async () => {
+            const initialPeriod = await new RegistrationPeriodFactory({}).create();
+            const organization = await new OrganizationFactory({ }).create();
+            organization.periodId = initialPeriod.id;
+            await organization.save();
+            const user = await new UserFactory({ organization, permissions: Permissions.create({ level: PermissionLevel.Full }) }).create();
+            const token = await Token.createToken(user);
+            const newPeriod = await new RegistrationPeriodFactory({}).create();
+            const newOrganizationPeriod = new OrganizationRegistrationPeriod();
+            newOrganizationPeriod.organizationId = organization.id;
+            newOrganizationPeriod.periodId = newPeriod.id;
+            await newOrganizationPeriod.save();
+            const patch = OrganizationStruct.patch({
+                id: organization.id,
+                period: OrganizationRegistrationPeriodStruct.patch({ id: newOrganizationPeriod.id }),
+            });
+            await expect(patchOrganization({ patch, organization, token })).rejects.toThrow(
+                STExpect.simpleError({ code: 'invalid_field', field: 'period' }),
+            );
+        });
+        test("Can't set period that belongs to other organization", async () => {
+            const initialPeriod = await new RegistrationPeriodFactory({}).create();
+            const organization = await new OrganizationFactory({ }).create();
+            organization.periodId = initialPeriod.id;
+            await organization.save();
+            const user = await new UserFactory({ organization, permissions: Permissions.create({ level: PermissionLevel.Full }) }).create();
+            const token = await Token.createToken(user);
+            const otherOrganization = await new OrganizationFactory({ }).create();
+            const newPeriod = await new RegistrationPeriodFactory({ organization: otherOrganization }).create();
+            const newOrganizationPeriod = new OrganizationRegistrationPeriod();
+            newOrganizationPeriod.organizationId = otherOrganization.id;
+            newOrganizationPeriod.periodId = newPeriod.id;
+            await newOrganizationPeriod.save();
+            const patch = OrganizationStruct.patch({
+                id: organization.id,
+                period: OrganizationRegistrationPeriodStruct.patch({ id: newOrganizationPeriod.id }),
+            });
+            await expect(patchOrganization({ patch, organization, token })).rejects.toThrow(
+                STExpect.simpleError({ code: 'invalid_field', field: 'period' }),
+            );
+        });
+    });
 });

package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.ts CHANGED Viewed

@@ -355,7 +355,7 @@ export class PatchOrganizationEndpoint extends Endpoint<Params, Query, Body, Res
                 organization.uri = request.body.uri;
             }
-            if (request.body.period && request.body.period.id !== organization.periodId) {
+            if (request.body.period) {
                 const organizationPeriod = await OrganizationRegistrationPeriod.getByID(request.body.period.id);
                 if (!organizationPeriod || organizationPeriod.organizationId !== organization.id) {
                     throw new SimpleError({
@@ -366,37 +366,49 @@ export class PatchOrganizationEndpoint extends Endpoint<Params, Query, Body, Res
                     });
                 }
-                const period = await RegistrationPeriod.getByID(organizationPeriod.periodId);
-                if (!period || (period.organizationId && period.organizationId !== organization.id)) {
-                    throw new SimpleError({
-                        code: 'invalid_field',
-                        message: 'The period you want to set does not exist (anymore)',
-                        human: $t('a3795bf6-ed50-4aa6-9caf-33820292c159'),
-                        field: 'period',
-                    });
-                }
+                if (organizationPeriod.periodId !== organization.periodId) {
+                    const period = await RegistrationPeriod.getByID(organizationPeriod.periodId);
+                    if (!period || (period.organizationId && period.organizationId !== organization.id)) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'The period you want to set does not exist (anymore)',
+                            human: $t('a3795bf6-ed50-4aa6-9caf-33820292c159'),
+                            field: 'period',
+                        });
+                    }
-                if (period.locked) {
-                    throw new SimpleError({
-                        code: 'invalid_field',
-                        message: 'The period you want to set is already closed',
-                        human: $t('b6bc2fef-71ac-43a1-b430-50945427a9e3'),
-                        field: 'period',
-                    });
-                }
+                    if (STAMHOOFD.userMode === 'organization' && period.organizationId === null) {
+                    // period should always have organization id if userMode is organization
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'The period has no organization id',
+                            human: $t('d004e93c-e67f-48ab-bf3d-7b4ad86c7a38'),
+                            field: 'period',
+                        });
+                    }
-                const maximumStart = 1000 * 60 * 60 * 24 * 31 * 2; // 2 months in advance
-                if (period.startDate > new Date(Date.now() + maximumStart) && STAMHOOFD.environment !== 'development') {
-                    throw new SimpleError({
-                        code: 'invalid_field',
-                        message: 'The period you want to set has not started yet',
-                        human: $t('e0fff936-3f3c-46b8-adcf-c723c33907a2'),
-                        field: 'period',
-                    });
-                }
+                    if (period.locked) {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'The period you want to set is already closed',
+                            human: $t('b6bc2fef-71ac-43a1-b430-50945427a9e3'),
+                            field: 'period',
+                        });
+                    }
+                    const maximumStart = 1000 * 60 * 60 * 24 * 31 * 2; // 2 months in advance
+                    if (period.startDate > new Date(Date.now() + maximumStart) && STAMHOOFD.environment !== 'development') {
+                        throw new SimpleError({
+                            code: 'invalid_field',
+                            message: 'The period you want to set has not started yet',
+                            human: $t('e0fff936-3f3c-46b8-adcf-c723c33907a2'),
+                            field: 'period',
+                        });
+                    }
-                organization.periodId = period.id;
-                shouldUpdateSetupSteps = true;
+                    organization.periodId = period.id;
+                    shouldUpdateSetupSteps = true;
+                }
             }
             // Save the organization

package/src/endpoints/organization/dashboard/registration-periods/GetOrganizationRegistrationPeriodsEndpoint.test.ts CHANGED Viewed

@@ -114,10 +114,26 @@ describe('Endpoint.GetOrganizationRegistrationPeriods', () => {
         test('Should not contain groups of other organizations or periods', async () => {
             // arrange
-            const organization = await initOrganization(registrationPeriod1);
+            const period2 = await new RegistrationPeriodFactory({
+                startDate: new Date(2022, 0, 1),
+                endDate: new Date(2022, 11, 31),
+            }).create();
+            const period = await new RegistrationPeriodFactory({
+                startDate: new Date(2023, 0, 1),
+                endDate: new Date(2023, 11, 31),
+                previousPeriodId: period2.id,
+            }).create();
+            const organization = await initOrganization(period);
+            period.organizationId = organization.id;
+            await period.save();
+            period2.organizationId = organization.id;
+            await period2.save();
             const organizationPeriod = await new OrganizationRegistrationPeriodFactory({
                 organization,
-                period: registrationPeriod1,
+                period,
             }).create();
             const user = await new UserFactory({
@@ -132,12 +148,12 @@ describe('Endpoint.GetOrganizationRegistrationPeriods', () => {
             const group1 = await new GroupFactory({
                 organization,
-                period: registrationPeriod1,
+                period,
             }).create();
             const group2 = await new GroupFactory({
                 organization,
-                period: registrationPeriod1,
+                period,
             }).create();
             // Make sure the groups are in a category of the organization period
@@ -147,15 +163,23 @@ describe('Endpoint.GetOrganizationRegistrationPeriods', () => {
             await organizationPeriod.save();
             // group list of other organization
-            const otherOrganization = await initOrganization(registrationPeriod1);
+            const otherPeriod = await new RegistrationPeriodFactory({
+                startDate: new Date(2023, 0, 1),
+                endDate: new Date(2023, 11, 31),
+            }).create();
+            const otherOrganization = await initOrganization(otherPeriod);
+            otherPeriod.organizationId = otherOrganization.id;
+            await otherPeriod.save();
             const otherOrganizationPeriod = await new OrganizationRegistrationPeriodFactory({
                 organization: otherOrganization,
-                period: registrationPeriod1,
+                period: otherPeriod,
             }).create();
             const otherGroup1 = await new GroupFactory({
                 organization: otherOrganization,
-                period: registrationPeriod1,
+                period: otherPeriod,
             }).create();
             // Add the group to the other organization's period
@@ -165,7 +189,7 @@ describe('Endpoint.GetOrganizationRegistrationPeriods', () => {
             // group of other period
             await new GroupFactory({
                 organization,
-                period: registrationPeriod2,
+                period: period2,
             }).create();
             // act

package/src/endpoints/organization/dashboard/registration-periods/PatchOrganizationRegistrationPeriodsEndpoint.test.ts ADDED Viewed

@@ -0,0 +1,206 @@
+import { Request } from '@simonbackx/simple-endpoints';
+import { GroupFactory, Organization, OrganizationFactory, OrganizationRegistrationPeriod, OrganizationRegistrationPeriodFactory, RegistrationPeriodFactory, Token, UserFactory } from '@stamhoofd/models';
+import { GroupSettings, Group as GroupStruct, OrganizationRegistrationPeriod as OrganizationRegistrationPeriodStruct, PermissionLevel, Permissions, Version } from '@stamhoofd/structures';
+import { PatchableArray, PatchableArrayAutoEncoder } from '@simonbackx/simple-encoding';
+import { STExpect, TestUtils } from '@stamhoofd/test-utils';
+import { testServer } from '../../../../../tests/helpers/TestServer';
+import { PatchOrganizationRegistrationPeriodsEndpoint } from './PatchOrganizationRegistrationPeriodsEndpoint';
+describe('Endpoint.PatchOrganizationRegistrationPeriods', () => {
+    // Test endpoint
+    const endpoint = new PatchOrganizationRegistrationPeriodsEndpoint();
+    beforeEach(async () => {
+        TestUtils.setEnvironment('userMode', 'platform');
+    });
+    const patchOrganizationRegistrationPeriods = async ({ patch, organization, token }: { patch: PatchableArrayAutoEncoder<OrganizationRegistrationPeriodStruct>; organization: Organization; token: Token }) => {
+        const request = Request.buildJson('PATCH', `/v${Version}/organization/registration-periods`, organization.getApiHost(), patch);
+        request.headers.authorization = 'Bearer ' + token.accessToken;
+        return await testServer.test(endpoint, request);
+    };
+    describe('userMode organization', () => {
+        beforeEach(async () => {
+            TestUtils.setEnvironment('userMode', 'organization');
+        });
+        test('should not be able to patch registration periods with global period', async () => {
+            const organization = await new OrganizationFactory({ }).create();
+            // create global period
+            const newPeriod = await new RegistrationPeriodFactory({}).create();
+            // create organization registration period linked to global period
+            const newOrganizationPeriod = new OrganizationRegistrationPeriod();
+            newOrganizationPeriod.organizationId = organization.id;
+            newOrganizationPeriod.periodId = newPeriod.id;
+            await newOrganizationPeriod.save();
+            const user = await new UserFactory({
+                organization,
+                permissions: Permissions.create({ level: PermissionLevel.Full }),
+            }).create();
+            const token = await Token.createToken(user);
+            const patch: PatchableArrayAutoEncoder<OrganizationRegistrationPeriodStruct> = new PatchableArray();
+            patch.addPatch(OrganizationRegistrationPeriodStruct.patch({
+                id: newOrganizationPeriod.id,
+                groups: new PatchableArray(),
+            }));
+            // patch organization registration period should fail
+            await expect(patchOrganizationRegistrationPeriods({ patch, organization, token })).rejects.toThrow(
+                STExpect.simpleError({ code: 'not_found' }),
+            );
+        });
+        test('should be able to patch registration periods', async () => {
+            const organization = await new OrganizationFactory({ }).create();
+            // create period
+            const newPeriod = await new RegistrationPeriodFactory({ organization }).create();
+            // create organization registration period
+            const newOrganizationPeriod = new OrganizationRegistrationPeriod();
+            newOrganizationPeriod.organizationId = organization.id;
+            newOrganizationPeriod.periodId = newPeriod.id;
+            await newOrganizationPeriod.save();
+            const user = await new UserFactory({
+                organization,
+                permissions: Permissions.create({ level: PermissionLevel.Full }),
+            }).create();
+            const token = await Token.createToken(user);
+            const patch: PatchableArrayAutoEncoder<OrganizationRegistrationPeriodStruct> = new PatchableArray();
+            patch.addPatch(OrganizationRegistrationPeriodStruct.patch({
+                id: newOrganizationPeriod.id,
+                groups: new PatchableArray(),
+            }));
+            // patch organization registration period should not fail
+            const response = await patchOrganizationRegistrationPeriods({ patch, organization, token });
+            expect(response.body).toBeDefined();
+        });
+        test('should not be able to create registration periods with global period', async () => {
+            const organization = await new OrganizationFactory({ }).create();
+            // create global period
+            const newPeriod = await new RegistrationPeriodFactory({}).create();
+            // create organization registration period linked to global period
+            const newOrganizationPeriod = OrganizationRegistrationPeriodStruct.create({
+                period: newPeriod.getStructure(),
+            });
+            const user = await new UserFactory({
+                organization,
+                permissions: Permissions.create({ level: PermissionLevel.Full }),
+            }).create();
+            const token = await Token.createToken(user);
+            const patch: PatchableArrayAutoEncoder<OrganizationRegistrationPeriodStruct> = new PatchableArray();
+            patch.addPut(newOrganizationPeriod);
+            // patch organization registration period should fail
+            await expect(patchOrganizationRegistrationPeriods({ patch, organization, token })).rejects.toThrow(
+                STExpect.simpleError({ code: 'invalid_period' }),
+            );
+        });
+        test('should be able to create registration periods', async () => {
+            const organization = await new OrganizationFactory({ }).create();
+            // create period
+            const startDate = new Date(Date.now() + 5 * 24 * 60 * 60 * 1000);
+            const endDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
+            const newPeriod = await new RegistrationPeriodFactory({
+                organization,
+                startDate,
+                endDate,
+            }).create();
+            // create organization registration period
+            const newOrganizationPeriod = OrganizationRegistrationPeriodStruct.create({
+                period: newPeriod.getStructure(),
+            });
+            const user = await new UserFactory({
+                organization,
+                permissions: Permissions.create({ level: PermissionLevel.Full }),
+            }).create();
+            const token = await Token.createToken(user);
+            const patch: PatchableArrayAutoEncoder<OrganizationRegistrationPeriodStruct> = new PatchableArray();
+            patch.addPut(newOrganizationPeriod);
+            // patch organization registration period should not fail
+            const response = await patchOrganizationRegistrationPeriods({ patch, organization, token });
+            expect(response.body).toBeDefined();
+        });
+        test('should not be able to patch groups of other organization', async () => {
+            const organization = await new OrganizationFactory({ }).create();
+            const otherOrganization = await new OrganizationFactory({ }).create();
+            // create period
+            const startDate = new Date(Date.now() + 5 * 24 * 60 * 60 * 1000);
+            const endDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
+            const newPeriod = await new RegistrationPeriodFactory({
+                organization,
+                startDate,
+                endDate,
+            }).create();
+            // create organization registration period
+            const newOrganizationPeriod = await new OrganizationRegistrationPeriodFactory({
+                organization,
+                period: newPeriod,
+            }).create();
+            const user = await new UserFactory({
+                organization,
+                permissions: Permissions.create({ level: PermissionLevel.Full }),
+            }).create();
+            const token = await Token.createToken(user);
+            // create group
+            const group = await new GroupFactory({ organization: otherOrganization }).create();
+            const patch: PatchableArrayAutoEncoder<OrganizationRegistrationPeriodStruct> = new PatchableArray();
+            const groupsPatch: PatchableArrayAutoEncoder<GroupStruct> = new PatchableArray();
+            // patch group
+            groupsPatch.addPatch(GroupStruct.patch({
+                id: group.id,
+                settings: GroupSettings.patch({
+                    name: 'new name',
+                }),
+            }));
+            patch.addPatch(OrganizationRegistrationPeriodStruct.patch({
+                id: newOrganizationPeriod.id,
+                groups: groupsPatch,
+            }));
+            // patch organization registration period should fail because of group of other organization
+            await expect(patchOrganizationRegistrationPeriods({ patch, organization, token })).rejects.toThrow(
+                STExpect.simpleError({ code: 'permission_denied' }),
+            );
+        });
+    });
+});

package/src/endpoints/organization/dashboard/registration-periods/PatchOrganizationRegistrationPeriodsEndpoint.ts CHANGED Viewed

@@ -54,6 +54,7 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
         for (const patch of request.body.getPatches()) {
             const organizationPeriod = await OrganizationRegistrationPeriod.getByID(patch.id);
             if (!organizationPeriod || organizationPeriod.organizationId !== organization.id) {
                 throw new SimpleError({
                     code: 'not_found',
@@ -65,7 +66,7 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
             const period = await RegistrationPeriod.getByID(organizationPeriod.periodId);
-            if (!period) {
+            if (!period || (STAMHOOFD.userMode === 'organization' && period.organizationId !== organization.id)) {
                 throw new SimpleError({
                     code: 'not_found',
                     message: 'Period not found',
@@ -287,6 +288,14 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
             });
         }
+        if (STAMHOOFD.userMode === 'organization' && period.organizationId !== organization.id) {
+            throw new SimpleError({
+                code: 'invalid_period',
+                message: 'Period has different organization id',
+                statusCode: 400,
+            });
+        }
         if (period?.locked) {
             throw new SimpleError({
                 code: 'locked_period',
@@ -403,6 +412,14 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
         }
         if (period) {
+            if (STAMHOOFD.userMode === 'organization' && period.organizationId !== model.organizationId) {
+                throw new SimpleError({
+                    code: 'invalid_period',
+                    message: 'Period has different organization id',
+                    statusCode: 400,
+                });
+            }
             model.periodId = period.id;
             model.settings.period = period.getBaseStructure();
@@ -479,6 +496,15 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
                     if (!requiredPeriod) {
                         throw new Error('Unexpected missing period when creating waiting list');
                     }
+                    if (STAMHOOFD.userMode === 'organization' && requiredPeriod.organizationId !== model.organizationId) {
+                        throw new SimpleError({
+                            code: 'invalid_period',
+                            message: 'Period has different organization id',
+                            statusCode: 400,
+                        });
+                    }
                     const group = await PatchOrganizationRegistrationPeriodsEndpoint.createGroup(
                         patch.waitingList,
                         model.organizationId,
@@ -524,6 +550,14 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
             });
         }
+        if (STAMHOOFD.userMode === 'organization' && (period.organizationId !== organizationId)) {
+            throw new SimpleError({
+                code: 'invalid_period',
+                message: 'Period has different organization id',
+                statusCode: 400,
+            });
+        }
         const user = Context.auth.user;
         const model = new Group();

package/src/helpers/AuthenticatedStructures.ts CHANGED Viewed

@@ -5,8 +5,8 @@ import { Sorter } from '@stamhoofd/utility';
 import { SQL } from '@stamhoofd/sql';
 import { Formatter } from '@stamhoofd/utility';
-import { Context } from './Context';
 import { BalanceItemService } from '../services/BalanceItemService';
+import { Context } from './Context';
 /**
  * Builds authenticated structures for the current user