попытка сделать роли

src/api/companies-management-api.ts

@@ -60,6 +60,40 @@ class companyManagementApi {
       }),
     }),
   };
+
+  ZGetCompanyByEvent = {
+    req: z.object({
+      eventId: z.string().uuid(),
+    }),
+    res: z.object({
+      code: z.enum(["success"]),
+      company: z.object({
+        company_id: z.string().uuid(),
+        name: z.string(),
+        owner_id: z.string().uuid(),
+        timezone: z.string(),
+
+        events: z.array(
+          z.object({
+            event_id: z.string().uuid(),
+            local_name: z.string(),
+            timezone: z.string(),
+            company_id: z.string().uuid(),
+            dates: z.array(z.date()),
+          }),
+        ),
+
+        employees: z.array(
+          z.object({
+            user_id: z.string().uuid(),
+            user_name: z.string(),
+            role_id: z.string().uuid(),
+            role_name: z.string(),
+          }),
+        ),
+      }),
+    }),
+  };
 }
 
 export const CompanyManagementApi = new companyManagementApi();

src/api/events-management-api.ts

@@ -88,6 +88,15 @@ class eventsManagementApi {
             role_name: z.string(),
           }),
         ),
+
+        roles: z.array(
+          z.object({
+            role_id: z.string().uuid(),
+            name: z.string(),
+            description: z.string(),
+            is_system: z.boolean(),
+          }),
+        ),
       }),
     }),
   };
@@ -95,10 +104,11 @@ class eventsManagementApi {
   ZCreateProgramPoint = {
     req: z.object({
       eventId: z.string().uuid(),
+
       name: z.string(),
       startDate: z.string(),
       endDate: z.string(),
-      roomId: z.string().uuid().optional(),
+      roomId: z.string().uuid().nullable(),
       isInternal: z.boolean(),
     }),
     res: z.object({
@@ -112,19 +122,16 @@ class eventsManagementApi {
       localName: z.string().optional(),
       timezone: z.string().optional(),
       dates: z.array(z.string()).optional(),
-    }),
-    res: z.object({
-      code: z.enum(["success"]),
-    }),
-  };
 
-  ZUpdateProgramPoint = {
-    req: z.object({
-      programPointId: z.string().uuid(),
-      name: z.string(),
-      startDate: z.string(),
-      endDate: z.string(),
-      roomId: z.string().uuid().optional(),
+      programPoint: z
+        .object({
+          programPointId: z.string().uuid(),
+          name: z.string(),
+          startDate: z.string(),
+          endDate: z.string(),
+          roomId: z.string().uuid().nullable(),
+        })
+        .optional(),
     }),
     res: z.object({
       code: z.enum(["success"]),

src/api/permissions-api.ts

@@ -0,0 +1,41 @@
+import { z } from "zod";
+
+class permissionsApi {
+  private ZEntityPermission = z.object({
+    permission_id: z.string().uuid(),
+    possible_entity_type: z.string(),
+    overrided_permission_value_id: z.string().uuid(),
+  });
+
+  private ZEntity = z.lazy(() =>
+    z.object({
+      current_entity_id: z.string(),
+      current_entity_type_id: z.string(),
+      entity_permissions: z.array(this.ZEntityPermission),
+      children: z.array(this.ZEntity).optional(),
+    }),
+  );
+
+  ZRole = z.object({
+    role_id: z.string().uuid(),
+    entities: z.array(this.ZEntity),
+  });
+
+  // private ZShortEventRole = z.object({
+  //     role_id: z.string().uuid(),
+  //     name: z.string(),
+  //     description: z.string(),
+  // });
+
+  public ZGetRolePermissions = {
+    req: z.object({
+      roleId: z.string().uuid(),
+    }),
+    res: z.object({
+      code: z.enum(["success"]),
+      role: this.ZRole,
+    }),
+  };
+}
+
+export const PermissionsApi = new permissionsApi();

src/modules/companies-management/companies-router.ts

@@ -135,59 +135,67 @@ router.post("/get-company", async (req, res, next) => {
       "view_company_true",
     );
 
-    const company = await db.maybeOne(
+    const company = await CompaniesService.getCompanyById(companyId);
+
+    if (!company) {
+      throw ApiError.BadRequest("Company not found", "Компания не найдена");
+    }
+
+    const REQUIRED_PERMISSION = "view_event_true";
+
+    const events = await CompaniesService.getUserCompanyEvents(
+      userId,
+      company.company_id,
+      REQUIRED_PERMISSION,
+    );
+
+    RouterUtils.validAndSendResponse(
+      CompanyManagementApi.ZGetCompany.res,
+      res,
+      { code: "success", company: { ...company, events: [...events] } },
+    );
+  } catch (e) {
+    next(e);
+  }
+});
+
+router.post("/get-company-by-event", async (req, res, next) => {
+  try {
+    // валидация запроса
+    const { eventId } = CompanyManagementApi.ZGetCompanyByEvent.req.parse(
+      req.body,
+    );
+
+    const userId = UserUtils.getUserFromReq(req).userId;
+
+    await CheckPermissionsService.checkEntityPermission(
+      eventId,
+      userId,
+      "view_event",
+      "view_event_true",
+    );
+
+    const companyId = await db.maybeOneFirst(
       sql.type(
         z.object({
           company_id: ZDbShema.companies_management.companies.company_id,
-          name: ZDbShema.companies_management.companies.name,
-          owner_id: ZDbShema.companies_management.companies.owner_id,
-          timezone: ZDbShema.companies_management.companies.timezone,
-          employees: z.array(
-            z.object({
-              user_id: ZDbShema.permissions_management.user_roles.user_id,
-              user_name: ZDbShema.users_management.users.name,
-              role_id: ZDbShema.permissions_management.user_roles.role_id,
-              role_name: ZDbShema.permissions_management.roles.name,
-            }),
-          ),
         }),
       )`
         select
-          c.company_id,
-          c."name",
-          c.owner_id,
-          c.timezone,
-          coalesce(
-                      json_agg(
-                        json_build_object(
-            'user_id',
-          ur.user_id,
-          'user_name',
-          u.name,
-          'role_id',
-          ur.role_id,
-          'role_name',
-          r."name" 
-                        )
-                      ) filter (
-        where
-          ur.user_id is not null),
-          '[]'::json
-                    ) as employees
+          c.company_id
         from
           companies_management.companies c
-        left join permissions_management.user_roles ur on
-          c.company_id = ur.entity_id
-        join permissions_management.roles r on
-          ur.role_id = r.role_id
-        join users_management.users u on
-          ur.user_id = u.user_id
+        join events_management.events e on
+          c.company_id = e.company_id
         where
-          c.company_id = ${companyId}
-        group by
-          c.company_id
-        `,
+          e.event_id = ${eventId} 
+      `,
     );
+    if (!companyId) {
+      throw ApiError.BadRequest("Company not found", "Компания не найдена");
+    }
+
+    const company = await CompaniesService.getCompanyById(companyId);
 
     if (!company) {
       throw ApiError.BadRequest("Company not found", "Компания не найдена");
@@ -202,7 +210,7 @@ router.post("/get-company", async (req, res, next) => {
     );
 
     RouterUtils.validAndSendResponse(
-      CompanyManagementApi.ZGetCompany.res,
+      CompanyManagementApi.ZGetCompanyByEvent.res,
       res,
       { code: "success", company: { ...company, events: [...events] } },
     );

src/modules/companies-management/companies-service.ts

@@ -52,6 +52,64 @@ class companiesService {
 
     return events;
   }
+
+  async getCompanyById(companyId: string) {
+    const company = await db.maybeOne(
+      sql.type(
+        z.object({
+          company_id: ZDbShema.companies_management.companies.company_id,
+          name: ZDbShema.companies_management.companies.name,
+          owner_id: ZDbShema.companies_management.companies.owner_id,
+          timezone: ZDbShema.companies_management.companies.timezone,
+          employees: z.array(
+            z.object({
+              user_id: ZDbShema.permissions_management.user_roles.user_id,
+              user_name: ZDbShema.users_management.users.name,
+              role_id: ZDbShema.permissions_management.user_roles.role_id,
+              role_name: ZDbShema.permissions_management.roles.name,
+            }),
+          ),
+        }),
+      )`
+        select
+          c.company_id,
+          c."name",
+          c.owner_id,
+          c.timezone,
+          coalesce(
+                      json_agg(
+                        json_build_object(
+            'user_id',
+          ur.user_id,
+          'user_name',
+          u.name,
+          'role_id',
+          ur.role_id,
+          'role_name',
+          r."name" 
+                        )
+                      ) filter (
+        where
+          ur.user_id is not null),
+          '[]'::json
+                    ) as employees
+        from
+          companies_management.companies c
+        left join permissions_management.user_roles ur on
+          c.company_id = ur.entity_id
+        join permissions_management.roles r on
+          ur.role_id = r.role_id
+        join users_management.users u on
+          ur.user_id = u.user_id
+        where
+          c.company_id = ${companyId}
+        group by
+          c.company_id
+        `,
+    );
+
+    return company;
+  }
 }
 
 export const CompaniesService = new companiesService();

src/modules/events-management/events-router.ts

@@ -335,6 +335,27 @@ router.post("/get-event", async (req, res, next) => {
         `,
     );
 
+    const roles = await db.any(
+      sql.type(
+        z.object({
+          role_id: ZDbShema.permissions_management.roles.role_id,
+          name: ZDbShema.permissions_management.roles.name,
+          description: ZDbShema.permissions_management.roles.description,
+          is_system: ZDbShema.permissions_management.roles.is_system,
+        }),
+      )`
+        select
+          r.role_id,
+          r.name,
+          r.description,
+          r.is_system
+        from
+          permissions_management.roles r
+        where
+          entity_type_id = 'event' and (is_system or entity_id = ${eventId})
+        `,
+    );
+
     // res
     RouterUtils.validAndSendResponse(EventsManagementApi.ZGetEvent.res, res, {
       code: "success",
@@ -344,6 +365,7 @@ router.post("/get-event", async (req, res, next) => {
         rooms: [...rooms],
         taskBlocks: [...taskBlocks],
         staff: [...staff],
+        roles: [...roles],
       },
     });
   } catch (e) {
@@ -375,7 +397,7 @@ router.post("/create-program-point", async (req, res, next) => {
         insert into events_management.program_points
           (program_point_id, name, start_date, end_date, room_id, event_id, is_internal)
         values
-          (${programPointId}, ${name}, ${startDate}, ${endDate}, ${roomId || null}, ${eventId}, ${isInternal})
+          (${programPointId}, ${name}, ${startDate}, ${endDate}, ${roomId}, ${eventId}, ${isInternal})
       `,
     );
 
@@ -392,7 +414,7 @@ router.post("/create-program-point", async (req, res, next) => {
 router.post("/update-event", async (req, res, next) => {
   try {
     // валидация запроса
-    const { eventId, localName, dates, timezone } =
+    const { eventId, localName, dates, timezone, programPoint } =
       EventsManagementApi.ZUpdateEvent.req.parse(req.body);
 
     const userId = UserUtils.getUserFromReq(req).userId;
@@ -445,68 +467,22 @@ router.post("/update-event", async (req, res, next) => {
       }
     }
 
-    RouterUtils.validAndSendResponse(
-      EventsManagementApi.ZUpdateEvent.res,
-      res,
-      {
-        code: "success",
-      },
-    );
-  } catch (e) {
-    next(e);
-  }
-});
-
-router.post("/update-program-point", async (req, res, next) => {
-  try {
-    // валидация запроса
-    const { programPointId, name, startDate, endDate, roomId } =
-      EventsManagementApi.ZUpdateProgramPoint.req.parse(req.body);
-
-    const userId = UserUtils.getUserFromReq(req).userId;
-
-    const eventId = await db.maybeOneFirst(
-      sql.type(
-        z.object({
-          event_id: ZDbShema.events_management.events.event_id,
-        }),
-      )`
-      select
-        event_id
-      from
-        events_management.program_points
-      where 
-        program_point_id = ${programPointId}
-      `,
-    );
-
-    if (!eventId) {
-      throw ApiError.BadRequest("Point not found", "Point not found");
+    if (programPoint) {
+      await db.query(
+        sql.unsafe`
+        update events_management.program_points
+        set
+          name = ${programPoint.name},
+          start_date = ${programPoint.startDate},
+          end_date = ${programPoint.endDate},
+          room_id = ${programPoint.roomId}
+        where
+          program_point_id = ${programPoint.programPointId}`,
+      );
     }
 
-    // проверка прав
-    await CheckPermissionsService.checkEntityPermission(
-      eventId,
-      userId,
-      "edit_event",
-      "edit_event_true",
-    );
-
-    // point
-    await db.query(
-      sql.unsafe`
-      update events_management.program_points
-      set
-        name = ${name},
-        start_date = ${startDate},
-        end_date = ${endDate},
-        room_id = ${roomId || null}
-      where
-        program_point_id = ${programPointId}`,
-    );
-
     RouterUtils.validAndSendResponse(
-      EventsManagementApi.ZUpdateProgramPoint.res,
+      EventsManagementApi.ZUpdateEvent.res,
       res,
       {
         code: "success",

src/modules/permissions-management/permissions-router.ts

@@ -0,0 +1,83 @@
+// router
+import express from "express";
+const router = express.Router();
+export default router;
+
+// db
+import { db } from "#db";
+import { ZDbShema } from "#db-shema";
+import { sql } from "slonik";
+
+// error
+// import { ApiError } from "#exceptions/api-error.ts";
+
+// dayjs
+import dayjs from "dayjs";
+import utc from "dayjs/plugin/utc.js";
+dayjs.extend(utc);
+import timezone from "dayjs/plugin/timezone.js";
+dayjs.extend(timezone);
+
+// other
+import { z } from "zod";
+
+// import { logger } from "#logger";
+import { UserUtils } from "#utils/user-utils.js";
+
+import { CheckPermissionsService } from "#modules/permissions-management/check-permissions-service.js";
+import { RouterUtils } from "#utils/router-utils.js";
+import { PermissionsApi } from "#api/permissions-api.js";
+import { ApiError } from "#exceptions/api-error.js";
+
+router.post("/get-role-permissions", async (req, res, next) => {
+  try {
+    // валидация запроса
+    const { roleId } = PermissionsApi.ZGetRolePermissions.req.parse(req.body);
+
+    const eventId = await db.maybeOneFirst(
+      sql.type(
+        z.object({
+          event_id: ZDbShema.events_management.events.event_id,
+        }),
+      )`
+            select
+                event_id
+            from
+                permissions_management.roles
+            where 
+                role_id = ${roleId}
+            `,
+    );
+
+    if (!eventId) {
+      throw ApiError.BadRequest("Role not found", "Role not found");
+    }
+
+    const userId = UserUtils.getUserFromReq(req).userId;
+
+    await CheckPermissionsService.checkEntityPermission(
+      userId,
+      eventId,
+      "view_event",
+      "view_event_true",
+    );
+
+    const role = await db.maybeOneFirst(
+      sql.type(z.object({ get_role_tree: PermissionsApi.ZRole }))`
+          select get_role_tree(${roleId})
+            `,
+    );
+
+    if (!role) {
+      throw ApiError.BadRequest("Role not found", "Role not found");
+    }
+
+    RouterUtils.validAndSendResponse(
+      PermissionsApi.ZGetRolePermissions.res,
+      res,
+      { code: "success", role },
+    );
+  } catch (e) {
+    next(e);
+  }
+});