добрался до точки сохнанения

src/api/companies-management-api.ts

@@ -52,6 +52,15 @@ class companyManagementApi {
             dates: z.array(z.date()),
           }),
         ),
+
+        employees: z.array(
+          z.object({
+            user_id: z.string(),
+            user_name: z.string(),
+            role_id: z.string(),
+            role_name: z.string(),
+          }),
+        ),
       }),
     }),
   };

src/api/events-management-api.ts

@@ -8,6 +8,25 @@ class eventsManagementApi {
         timezone: z.string().optional(),
         dates: z.array(z.string()),
         companyId: z.string(),
+        rolesToAdd: z.array(
+          z.object({
+            roleId: z.string(),
+            name: z.string(),
+            description: z.string(),
+            permissions: z.array(
+              z.object({
+                permissionId: z.string(),
+                permissionValueId: z.string(),
+              }),
+            ),
+          }),
+        ),
+        staff: z.array(
+          z.object({
+            userId: z.string(),
+            roleId: z.string(),
+          }),
+        ),
       })
       .strict(),
     res: z.object({
@@ -16,6 +35,19 @@ class eventsManagementApi {
     }),
   };
 
+  ZGetEventSystemRoles = {
+    res: z.object({
+      code: z.enum(["success"]),
+      roles: z.array(
+        z.object({
+          role_id: z.string(),
+          name: z.string(),
+          description: z.string(),
+        }),
+      ),
+    }),
+  };
+
   ZGetEvent = {
     req: z.object({ eventId: z.string() }).strict(),
     res: z.object({
@@ -42,6 +74,13 @@ class eventsManagementApi {
             name: z.string(),
           }),
         ),
+
+        taskBlocks: z.array(
+          z.object({
+            task_block_id: z.string(),
+            name: z.string(),
+          }),
+        ),
       }),
     }),
   };

src/api/locations-management-api.ts

@@ -5,7 +5,13 @@ class locationsManagementApi {
     req: z
       .object({
         name: z.string(),
-        companyId: z.string(),
+        eventId: z.string(),
+        rooms: z.array(
+          z.object({
+            name: z.string(),
+            parentId: z.string().nullable(),
+          }),
+        ),
       })
       .strict(),
 
@@ -14,10 +20,10 @@ class locationsManagementApi {
     }),
   };
 
-  ZGetCompanyLocations = {
+  ZGetEventLocations = {
     req: z
       .object({
-        companyId: z.string(),
+        eventId: z.string(),
       })
       .strict(),
 
@@ -27,37 +33,13 @@ class locationsManagementApi {
         z.object({
           location_id: z.string(),
           name: z.string(),
-        }),
-      ),
-    }),
-  };
-
-  ZCreateRoom = {
-    req: z
-      .object({
-        name: z.string(),
-        locationId: z.string(),
-      })
-      .strict(),
-
-    res: z.object({
-      code: z.enum(["success"]),
-    }),
-  };
-
-  ZGetLocationRooms = {
-    req: z
-      .object({
-        locationId: z.string(),
-      })
-      .strict(),
-
-    res: z.object({
-      code: z.enum(["success"]),
-      rooms: z.array(
-        z.object({
-          room_id: z.string(),
-          name: z.string(),
+          rooms: z.array(
+            z.object({
+              room_id: z.string(),
+              name: z.string(),
+              parent_id: z.string().nullable(),
+            }),
+          ),
         }),
       ),
     }),

src/api/tasks-management-api.ts

@@ -25,19 +25,6 @@ class tasksManagementApi {
     }),
   };
 
-  ZGetEventTaskBlocks = {
-    req: z.object({ eventId: z.string() }).strict(),
-    res: z.object({
-      code: z.enum(["success"]),
-      taskBlocks: z.array(
-        z.object({
-          task_block_id: z.string(),
-          name: z.string(),
-        }),
-      ),
-    }),
-  };
-
   ZCreateTask = {
     req: z
       .object({

src/db/db-shema.ts

@@ -1,5 +1,6 @@
 import { z } from "zod";
 
+// TODO добавть везде uuid
 const ZDbShema = {
   events_management: {
     events: {
@@ -71,6 +72,7 @@ const ZDbShema = {
       room_id: z.string(),
       name: z.string(),
       location_id: z.string(),
+      parent_id: z.string().nullable(),
     },
 
     event_locations: {
@@ -121,6 +123,7 @@ const ZDbShema = {
       name: z.string(),
       description: z.string(),
       entity_id: z.string().nullable(),
+      entity_type_id: z.string(),
       is_system: z.boolean(),
     },
 

src/modules/companies-management/companies-router.ts

@@ -107,7 +107,7 @@ router.post("/get-user-companies", async (req, res, next) => {
         join permissions_management.cached_user_permissions cup on
           c.company_id = cup.entity_id
         where
-          cup.user_id = ${userId}
+          cup.user_id = ${userId} and entity_type_id = 'company' and permission_id = 'view_company' and permission_value_id = 'view_company_true'
         `,
     );
 
@@ -142,17 +142,50 @@ router.post("/get-company", async (req, res, next) => {
           name: ZDbShema.companies_management.companies.name,
           owner_id: ZDbShema.companies_management.companies.owner_id,
           timezone: ZDbShema.companies_management.companies.timezone,
+          employees: z.array(
+            z.object({
+              user_id: ZDbShema.permissions_management.user_roles.user_id,
+              user_name: ZDbShema.users_management.users.name,
+              role_id: ZDbShema.permissions_management.user_roles.role_id,
+              role_name: ZDbShema.permissions_management.roles.name,
+            }),
+          ),
         }),
       )`
         select
           c.company_id,
           c."name",
           c.owner_id,
-          c.timezone
+          c.timezone,
+          coalesce(
+                      json_agg(
+                        json_build_object(
+            'user_id',
+          ur.user_id,
+          'user_name',
+          u.name,
+          'role_id',
+          ur.role_id,
+          'role_name',
+          r."name" 
+                        )
+                      ) filter (
+        where
+          ur.user_id is not null),
+          '[]'::json
+                    ) as employees
         from
           companies_management.companies c
+        left join permissions_management.user_roles ur on
+          c.company_id = ur.entity_id
+        join permissions_management.roles r on
+          ur.role_id = r.role_id
+        join users_management.users u on
+          ur.user_id = u.user_id
         where
           c.company_id = ${companyId}
+        group by
+          c.company_id
         `,
     );
 

src/modules/companies-management/companies-service.ts

@@ -4,6 +4,7 @@ import { db } from "#db";
 import { sql } from "slonik";
 import { z } from "zod";
 import { ZDbShema } from "#db/db-shema.js";
+import { logger } from "#plugins/logger.js";
 
 class companiesService {
   async getUserCompanyEvents(
@@ -22,32 +23,31 @@ class companiesService {
           dates: z.array(ZDbShema.events_management.event_dates.date),
         }),
       )`
-            select
-              e.event_id,
-              e.local_name,
-              e.timezone,
-              e.company_id,
-              ARRAY_AGG(ed."date") as dates
-            from
-              events_management.events e
-            join 
-              permissions_management.cached_user_permissions cup 
-            on
-              e.company_id = cup.entity_id
-            left join 
-              events_management.event_dates ed 
-            on
-              e.event_id = ed.event_id
-            where
-              e.company_id = ${companyId}
-              and
-              cup.user_id = ${userId}
-              and cup.permission_value_id = ${requiredPermission}
-            group by
-              e.event_id,
-              e.local_name,
-              e.timezone,
-              e.company_id;
+        SELECT
+          e.event_id,
+          e.local_name,
+          e.timezone,
+          e.company_id,
+          COALESCE(ARRAY_REMOVE(ARRAY_AGG(ed."date"), NULL), '{}') AS dates
+        FROM
+          events_management.events e
+        JOIN 
+          permissions_management.cached_user_permissions cup 
+        ON
+          e.event_id = cup.entity_id
+        LEFT JOIN 
+          events_management.event_dates ed 
+        ON
+          e.event_id = ed.event_id
+        WHERE
+          e.company_id = ${companyId}
+          AND cup.user_id = ${userId}
+          AND cup.permission_value_id = ${requiredPermission}
+        GROUP BY
+          e.event_id,
+          e.local_name,
+          e.timezone,
+          e.company_id;
             `,
     );
 

src/modules/entities-management/entityes-service.ts

@@ -5,13 +5,14 @@ class entityesService {
   async createEntity(
     entityId: string,
     entityTypeId: "company" | "event" | "task_block" | "task",
+    parentId?: string,
   ) {
     await db.query(
       sql.unsafe`
       insert into entities_management.entities 
-        (entity_id, entity_type_id)
+        (entity_id, entity_type_id, parent_id)
       values 
-        (${entityId}, ${entityTypeId})`,
+        (${entityId}, ${entityTypeId}, ${parentId || null})`,
     );
   }
 }

src/modules/events-management/events-router.ts

@@ -30,14 +30,14 @@ import { UserUtils } from "#utils/user-utils.js";
 import { CheckPermissionsService } from "#modules/permissions-management/check-permissions-service.js";
 import { EntityesService } from "#modules/entities-management/entityes-service.js";
 import { RouterUtils } from "#utils/router-utils.js";
-import { config } from "#config";
+import { AllPermissionsValues } from "#modules/permissions-management/permissions-types.js";
 
 dayjs.extend(utc);
 
 router.post("/create-event", async (req, res, next) => {
   try {
     // валидация запроса
-    const { localName, dates, timezone, companyId } =
+    const { localName, dates, timezone, companyId, rolesToAdd, staff } =
       EventsManagementApi.ZCreateEvent.req.parse(req.body);
 
     const userId = UserUtils.getUserFromReq(req).userId;
@@ -75,10 +75,11 @@ router.post("/create-event", async (req, res, next) => {
 
     const eventId = uuidv7();
 
-    // createEntity
+    // создаём ентити
+    // TODO заменить на процедуру
     await EntityesService.createEntity(eventId, "event");
 
-    // get event
+    // создаём ивент
     await db.query(
       sql.unsafe`
       insert into events_management.events 
@@ -87,7 +88,7 @@ router.post("/create-event", async (req, res, next) => {
         (${eventId}, ${localName}, ${tz}, ${companyId})`,
     );
 
-    // get dates
+    // вставляем даты ивента
     for (const date of dates) {
       await db.query(
         sql.unsafe`
@@ -98,20 +99,43 @@ router.post("/create-event", async (req, res, next) => {
       );
     }
 
-    // add role to user
-    const MANAGER_ROLE_ID = config.EVENT_DEFAULT_ROLE_MANAGER_ID;
-    if (!MANAGER_ROLE_ID) {
-      throw Error("EVENT_DEFAULT_ROLE_MANAGER_ID is not defined");
+    // вставляем новые роли ивента
+    for (const role of rolesToAdd) {
+      // роль
+      await db.query(
+        sql.unsafe`
+        insert into 
+          permissions_management.roles
+        (role_id, name, description, entity_id, is_system)
+        values
+          (${role.roleId}, ${role.name}, ${role.description}, ${eventId}, false)`,
+      );
+
+      // права
+      for (const permission of role.permissions) {
+        await db.query(
+          sql.unsafe`
+          insert into permissions_management.non_default_roles_overrides
+            (entity_id, role_id, permission_id, permission_value_id)
+          values
+            (${eventId}, ${role.roleId}, ${permission.permissionId}, ${permission.permissionValueId})
+    `,
+        );
+      }
     }
 
-    await db.query(
-      sql.unsafe`
+    // добавляем юзеров
+
+    for (const user of staff) {
+      await db.query(
+        sql.unsafe`
       insert into 
         permissions_management.user_roles
-      (user_id, role_id)
+      (user_id, role_id, entity_id)
       values
-        (${userId}, ${MANAGER_ROLE_ID})`,
-    );
+        (${user.userId}, ${user.roleId}, ${eventId})`,
+      );
+    }
 
     RouterUtils.validAndSendResponse(
       EventsManagementApi.ZCreateEvent.res,
@@ -126,6 +150,37 @@ router.post("/create-event", async (req, res, next) => {
   }
 });
 
+router.post("/get-event-system-roles", async (req, res, next) => {
+  try {
+    const systemRoles = await db.any(sql.type(
+      z.object({
+        role_id: ZDbShema.permissions_management.roles.role_id,
+        name: ZDbShema.permissions_management.roles.name,
+        description: ZDbShema.permissions_management.roles.description,
+      }),
+    )`
+      select
+        *
+      from
+        permissions_management.roles
+      where
+        is_system = true
+        and entity_type_id = 'event'
+    `);
+
+    RouterUtils.validAndSendResponse(
+      EventsManagementApi.ZGetEventSystemRoles.res,
+      res,
+      {
+        code: "success",
+        roles: [...systemRoles],
+      },
+    );
+  } catch (e) {
+    next(e);
+  }
+});
+
 router.post("/get-event", async (req, res, next) => {
   try {
     // валидация запроса
@@ -140,6 +195,7 @@ router.post("/get-event", async (req, res, next) => {
       "view_event_true",
     );
 
+    // TODO проверить везде ARRAY_AGG
     // event
     const DbEventsTypes = ZDbShema.events_management.events;
     const event = await db.maybeOne(
@@ -224,13 +280,38 @@ router.post("/get-event", async (req, res, next) => {
           select
             room_id, name, location_id
           from
-            location_management.rooms
+            locations_management.rooms
           where
             room_id in (${sql.join(eventRoomsIdsArr, sql.fragment`, `)})
           `,
       );
     }
 
+    // task-blocks
+    // TODO вынести
+    const REQUIRED_PERMISSION: AllPermissionsValues = "view_task_block_true";
+    const taskBlocks = await db.any(
+      sql.type(
+        z.object({
+          task_block_id: ZDbShema.tasks_management.task_blocks.task_block_id,
+          name: ZDbShema.tasks_management.task_blocks.name,
+        }),
+      )`
+        select
+          tb.task_block_id,
+          tb.name
+        from
+          tasks_management.task_blocks tb
+          -- permissions
+        join permissions_management.cached_user_permissions cup on
+          tb.task_block_id = cup.entity_id
+        where
+          tb.event_id = ${eventId} and
+          cup.user_id = ${userId} and
+          cup.permission_value_id = ${REQUIRED_PERMISSION}
+        `,
+    );
+
     // res
     RouterUtils.validAndSendResponse(EventsManagementApi.ZGetEvent.res, res, {
       code: "success",
@@ -238,6 +319,7 @@ router.post("/get-event", async (req, res, next) => {
         ...event,
         programPoints: [...programPoints],
         rooms: [...rooms],
+        taskBlocks: [...taskBlocks],
       },
     });
   } catch (e) {
@@ -257,8 +339,8 @@ router.post("/create-program-point", async (req, res, next) => {
     await CheckPermissionsService.checkEntityPermission(
       eventId,
       userId,
-      "create_program_point",
-      "create_program_point_true",
+      "edit_event",
+      "edit_event_true",
     );
 
     const programPointId = uuidv7();
@@ -291,25 +373,13 @@ router.post("/update-event", async (req, res, next) => {
 
     const userId = UserUtils.getUserFromReq(req).userId;
 
-    if (localName) {
-      // проверка прав
-      await CheckPermissionsService.checkEntityPermission(
-        eventId,
-        userId,
-        "edit_event_name",
-        "edit_event_name_true",
-      );
-    }
-
-    if (timezone) {
-      // проверка прав
-      await CheckPermissionsService.checkEntityPermission(
-        eventId,
-        userId,
-        "edit_event_timezone",
-        "edit_event_timezone_true",
-      );
-    }
+    // проверка прав
+    await CheckPermissionsService.checkEntityPermission(
+      eventId,
+      userId,
+      "edit_event",
+      "edit_event_true",
+    );
 
     // change localName, timezone
     await db.query(
@@ -333,14 +403,6 @@ router.post("/update-event", async (req, res, next) => {
 
     // change dates
     if (dates) {
-      // проверка прав
-      await CheckPermissionsService.checkEntityPermission(
-        eventId,
-        userId,
-        "edit_event_dates",
-        "edit_event_dates_true",
-      );
-
       await db.query(
         sql.unsafe`
         delete from events_management.event_dates
@@ -402,8 +464,8 @@ router.post("/update-program-point", async (req, res, next) => {
     await CheckPermissionsService.checkEntityPermission(
       eventId,
       userId,
-      "edit_event_program_points",
-      "edit_event_program_points_true",
+      "edit_event",
+      "edit_event_true",
     );
 
     // point

src/modules/locations-management/locations-router.ts

@@ -27,23 +27,22 @@ import { UserUtils } from "#utils/user-utils.js";
 import { LocationsManagementApi } from "#api/locations-management-api.js";
 import { CheckPermissionsService } from "#modules/permissions-management/check-permissions-service.js";
 import { RouterUtils } from "#utils/router-utils.js";
-import { ApiError } from "#exceptions/api-error.js";
 
 dayjs.extend(utc);
 
 router.post("/create-location", async (req, res, next) => {
   try {
     // валидация запроса
-    const { name, companyId } =
+    const { name, eventId, rooms } =
       LocationsManagementApi.ZCreateLocation.req.parse(req.body);
 
     const userId = UserUtils.getUserFromReq(req).userId;
 
     await CheckPermissionsService.checkEntityPermission(
-      companyId,
+      eventId,
       userId,
-      "create_location",
-      "create_location_true",
+      "edit_event",
+      "edit_event_true",
     );
 
     const locationId = uuidv7();
@@ -51,11 +50,24 @@ router.post("/create-location", async (req, res, next) => {
     // location
     await db.query(
       sql.unsafe`
-         insert into location_management.locations
-           (location_id, name, company_id)
+         insert into locations_management.locations
+           (location_id, name, event_id)
          values
-           (${locationId}, ${name}, ${companyId})`,
-    );
+           (${locationId}, ${name}, ${eventId})`,
+    );
+
+    // rooms
+    for (const room of rooms) {
+      const roomId = uuidv7();
+      await db.query(
+        sql.unsafe`
+          insert into locations_management.rooms
+            (room_id, location_id, name, parent_id)
+          values
+            (${roomId}, ${locationId}, ${room.name}, ${room.parentId})
+        `,
+      );
+    }
 
     RouterUtils.validAndSendResponse(
       LocationsManagementApi.ZCreateLocation.res,
@@ -69,41 +81,58 @@ router.post("/create-location", async (req, res, next) => {
   }
 });
 
-// TODO заменить на ивент
-router.post("/get-company-locations", async (req, res, next) => {
+router.post("/get-event-locations", async (req, res, next) => {
   try {
     // валидация запроса
-    const { companyId } = LocationsManagementApi.ZGetCompanyLocations.req.parse(
+    const { eventId } = LocationsManagementApi.ZGetEventLocations.req.parse(
       req.body,
     );
 
     const userId = UserUtils.getUserFromReq(req).userId;
 
+    await CheckPermissionsService.checkEntityPermission(
+      eventId,
+      userId,
+      "edit_event",
+      "edit_event_true",
+    );
+
     const locations = await db.any(
       sql.type(
         z.object({
           location_id: ZDbShema.locations_management.locations.location_id,
           name: ZDbShema.locations_management.locations.name,
+          rooms: z.array(
+            z.object({
+              room_id: ZDbShema.locations_management.rooms.room_id,
+              name: ZDbShema.locations_management.rooms.name,
+              parent_id: ZDbShema.locations_management.rooms.parent_id,
+            }),
+          ),
         }),
       )` 
-              select
-                l.location_id,
-                l.name
-              from
-                locations_management.locations l
-              join permissions_management.cached_user_permissions cup on
-                l.company_id = cup.entity_id
-              where
-                cup.entity_id = ${companyId}
-                and
-                cup.user_id = ${userId}
-                and
-                cup.permission_value_id = 'locations_view_true'
+        SELECT
+            l.location_id,
+            l.name,
+            COALESCE(
+                json_agg(
+                    jsonb_build_object(
+                        'room_id', r.room_id,
+                        'name', r.name,
+                        'parent_id', r.parent_id
+                    )
+                ) FILTER (WHERE r.room_id IS NOT NULL),
+                '[]'::json
+            ) AS rooms
+        FROM locations_management.locations l
+        LEFT JOIN locations_management.rooms r ON l.location_id = r.location_id
+        WHERE l.event_id = ${eventId}
+        GROUP BY l.location_id, l.name;
               `,
     );
 
     RouterUtils.validAndSendResponse(
-      LocationsManagementApi.ZGetCompanyLocations.res,
+      LocationsManagementApi.ZGetEventLocations.res,
       res,
       {
         code: "success",
@@ -114,129 +143,3 @@ router.post("/get-company-locations", async (req, res, next) => {
     next(e);
   }
 });
-
-router.post("/create-room", async (req, res, next) => {
-  try {
-    // валидация запроса
-    const { name, locationId } = LocationsManagementApi.ZCreateRoom.req.parse(
-      req.body,
-    );
-
-    const userId = UserUtils.getUserFromReq(req).userId;
-
-    // get location company
-    const companyId = await db.maybeOneFirst(
-      sql.type(
-        z.object({
-          company_id: ZDbShema.locations_management.locations.company_id,
-        }),
-      )`
-      select
-        company_id
-      from
-        locations_management.locations
-      where
-        location_id = ${locationId}
-      `,
-    );
-
-    if (!companyId) {
-      throw ApiError.BadRequest("Location not found", "Location not found");
-    }
-
-    // проверка прав
-    await CheckPermissionsService.checkEntityPermission(
-      companyId,
-      userId,
-      "create_room",
-      "create_room_true",
-    );
-
-    const roomId = uuidv7();
-
-    await db.query(
-      sql.unsafe`
-      insert into locations_management.rooms 
-        (room_id, name, location_id) 
-      values 
-        (${roomId}, ${name}, ${locationId})`,
-    );
-
-    RouterUtils.validAndSendResponse(
-      LocationsManagementApi.ZCreateRoom.res,
-      res,
-      {
-        code: "success",
-      },
-    );
-  } catch (e) {
-    next(e);
-  }
-});
-
-router.post("/get-location-rooms", async (req, res, next) => {
-  try {
-    // валидация запроса
-    const { locationId } = LocationsManagementApi.ZGetLocationRooms.req.parse(
-      req.body,
-    );
-    const userId = UserUtils.getUserFromReq(req).userId;
-
-    // get location company
-    const companyId = await db.maybeOneFirst(
-      sql.type(
-        z.object({
-          company_id: ZDbShema.locations_management.locations.company_id,
-        }),
-      )`
-          select
-            company_id
-          from
-            locations_management.locations
-          where
-            location_id = ${locationId}
-          `,
-    );
-
-    if (!companyId) {
-      throw ApiError.BadRequest("Location not found", "Location not found");
-    }
-
-    // проверка прав
-    await CheckPermissionsService.checkEntityPermission(
-      companyId,
-      userId,
-      "locations_view",
-      "locations_view_true",
-    );
-
-    const rooms = await db.any(
-      sql.type(
-        z.object({
-          room_id: ZDbShema.locations_management.rooms.room_id,
-          name: ZDbShema.locations_management.rooms.name,
-        }),
-      )`
-        select
-          room_id,
-          name
-        from
-          locations_management.rooms
-        where
-          location_id = ${locationId}
-        `,
-    );
-
-    // res
-    RouterUtils.validAndSendResponse(
-      LocationsManagementApi.ZGetLocationRooms.res,
-      res,
-      {
-        code: "success",
-        rooms: [...rooms],
-      },
-    );
-  } catch (e) {
-    next(e);
-  }
-});

src/modules/permissions-management/permissions-types.ts

@@ -32,57 +32,38 @@ export const PERMISSIONS = {
     entityType: "event",
     values: ["view_event_true", "view_event_false"],
   },
-  create_program_point: {
+  edit_event: {
     entityType: "event",
-    values: ["create_program_point_true", "create_program_point_false"],
-  },
-  edit_event_name: {
-    entityType: "event",
-    values: ["edit_event_name_true", "edit_event_name_false"],
-  },
-  edit_event_dates: {
-    entityType: "event",
-    values: ["edit_event_dates_true", "edit_event_dates_false"],
-  },
-  edit_event_timezone: {
-    entityType: "event",
-    values: ["edit_event_timezone_true", "edit_event_timezone_false"],
-  },
-  edit_event_program_points: {
-    entityType: "event",
-    values: [
-      "edit_event_program_points_true",
-      "edit_event_program_points_false",
-    ],
+    values: ["edit_event_true", "edit_event_false"],
   },
+
   create_task_block: {
     entityType: "event",
     values: ["create_task_block_true", "create_task_block_false"],
   },
-  create_location: {
-    entityType: "event",
-    values: ["create_location_true", "create_location_false"],
-  },
-  locations_view: {
-    entityType: "event",
-    values: ["locations_view_true", "locations_view_false"],
-  },
-  create_room: {
-    entityType: "event",
-    values: ["create_room_true", "create_room_false"],
-  },
 
   // task block
+  view_task_block: {
+    entityType: "task_block",
+    values: ["view_task_block_true", "view_task_block_false"],
+  },
+
   edit_task_block: {
     entityType: "task_block",
     values: ["edit_task_block_true", "edit_task_block_false"],
   },
+
   create_task: {
     entityType: "task_block",
     values: ["create_task_true", "create_task_false"],
   },
 
   // task
+  view_task: {
+    entityType: "task",
+    values: ["view_task_true", "view_task_false"],
+  },
+
   edit_task: {
     entityType: "task",
     values: ["edit_task_true", "edit_task_false"],

src/modules/tasks-management/task-blocks-router.ts

@@ -54,7 +54,7 @@ router.post("/create-task-block", async (req, res, next) => {
     const blockId = uuidv7();
 
     // create entity
-    await EntityesService.createEntity(blockId, "task_block");
+    await EntityesService.createEntity(blockId, "task_block", eventId);
 
     // create block
     await db.query(
@@ -130,46 +130,3 @@ router.post("/update-task-block", async (req, res, next) => {
     next(e);
   }
 });
-
-router.post("/get-event-task-blocks", async (req, res, next) => {
-  try {
-    // валидация запроса
-    const { eventId } = TasksManagementApi.ZGetEventTaskBlocks.req.parse(
-      req.body,
-    );
-
-    const userId = UserUtils.getUserFromReq(req).userId;
-
-    const REQUIRED_PERMISSION = "task_block_view_true";
-    const taskBlocks = await db.any(
-      sql.type(
-        z.object({
-          task_block_id: ZDbShema.tasks_management.task_blocks.task_block_id,
-          name: ZDbShema.tasks_management.task_blocks.name,
-        }),
-      )`
-        select
-          tb.task_block_id,
-          tb.name
-        from
-          tasks_management.task_blocks tb
-          -- permissions
-        join permissions_management.cached_user_permissions cup on
-          tb.event_id = cup.entity_id
-        where
-          tb.event_id = ${eventId} and
-          cup.user_id = ${userId} and
-          cup.permission_value_id = ${REQUIRED_PERMISSION}
-        `,
-    );
-
-    // res
-    RouterUtils.validAndSendResponse(
-      TasksManagementApi.ZGetEventTaskBlocks.res,
-      res,
-      { code: "success", taskBlocks: [...taskBlocks] },
-    );
-  } catch (e) {
-    next(e);
-  }
-});

src/modules/tasks-management/tasks-router.ts

@@ -61,7 +61,7 @@ router.post("/create-task", async (req, res, next) => {
     const taskId = uuidv7();
 
     // create entity
-    await EntityesService.createEntity(taskId, "task");
+    await EntityesService.createEntity(taskId, "task", taskBlockId);
 
     // create task
     await db.query(