Transactions Page redesign follow-up

[kewitz]

The Transactions page redesign was shipped yesterday and the old issues were closed.
This is a follow up with improvements and missing tasks.

• Add server-side rendering.
• Refactor Transaction export endpoints from V1 to V2 and remove leaking ids to the front-end.
• Restore the "Refund Button".
• Review conditionals for accessing the "Download Receipts" button.
• Resolve Transactions access and permissions in the back-end.
• Fix comments count bug: https://sentry.io/organizations/open-collective/issues/1822712057/?project=1736806&referrer=slack
• Update the collective page Budget section to use the V2 endpoint and the new TransactionDetail component.

[Betree]

Since we need to review them. it would be great to have the permissions checks for refund and download receipts server-side as proposed in opencollective/opencollective-frontend#4719 (comment).

[kewitz]

@Betree I think these permissions are actually related to the collective and not transactions.
Perhaps we should refactor the permission check for the collectives in another PR? WDYT?

[Betree]

While most of the checks are indeed done on the collective(s), I think they still belong conceptually to Transactions because refunding and downloading receipts are an action that you do on transactions, not on collectives. Also because there are still some checks on transactions that can impact the result:

canRefundTransaction(transaction, user) {
  return !transaction.RefundTransactionId || user.isAdmin(transaction.collective.host.id);
}

canDownloadReceipt(transaction, user) {
  if (transaction.UsingVirtualCardFromCollectiveId) {
    return user.isAdmin(transaction.UsingVirtualCardFromCollectiveId);
  } else {
    return user.isAdmin(transaction.FromCollectiveId);
  }
}

[kewitz]

Refactor Transaction export endpoints from V1 to V2 and remove leaking ids to the front-end is more complex than first thought since it interacts with outside services that still rely on the UUID.