event-admin-back/src/modules/companies-management/companies-router.ts

// router
import express from "express";
const router = express.Router();
export default router;

// db
import { db } from "#db";
import { ZDbShema } from "#db-shema";
import { sql } from "slonik";

// api
import { CompanyManagementApi } from "#api/companies-management-api.js";

// error
// import { ApiError } from "#exceptions/api-error.ts";

// dayjs
import dayjs from "dayjs";
import utc from "dayjs/plugin/utc.js";
dayjs.extend(utc);
import timezone from "dayjs/plugin/timezone.js";
dayjs.extend(timezone);

// other
import { z } from "zod";

import { v7 as uuidv7 } from "uuid";
// import { logger } from "#logger";
import { UserUtils } from "#utils/user-utils.js";
import { EntityesService } from "#modules/entities-management/entityes-service.js";
import { RouterUtils } from "#utils/router-utils.js";
import { ApiError } from "#exceptions/api-error.js";
import { CompaniesService } from "./companies-service.js";
import { CheckPermissionsService } from "#modules/permissions-management/check-permissions-service.js";
import { config } from "#config";

dayjs.extend(utc);

// TODO транзакции
router.post("/create-company", async (req, res, next) => {
  try {
    // валидация запроса
    const { name, timezone } = CompanyManagementApi.ZCreateCompany.req.parse(
      req.body,
    );

    const userId = UserUtils.getUserFromReq(req).userId;

    const companyId = uuidv7();

    // entity
    await EntityesService.createEntity(companyId, "company");

    // company
    await db.query(
      sql.unsafe`
      insert into companies_management.companies
        (company_id, name, owner_id, timezone)
      values
        (${companyId}, ${name}, ${userId}, ${timezone})`,
    );

    // добавляем юзера в компанию
    const MANAGER_ROLE_ID = config.COMPANY_DEFAULT_ROLE_MANAGER_ID;
    if (!MANAGER_ROLE_ID) {
      throw Error("COMPANY_DEFAULT_ROLE_MANAGER_ID is not defined");
    }

    await db.query(
      sql.unsafe`
      insert into permissions_management.user_roles
        (user_id, role_id, entity_id)
      values
        (${userId}, ${MANAGER_ROLE_ID}, ${companyId})`,
    );

    RouterUtils.validAndSendResponse(
      CompanyManagementApi.ZCreateCompany.res,
      res,
      { code: "success" },
    );
  } catch (e) {
    next(e);
  }
});

router.post("/get-user-companies", async (req, res, next) => {
  try {
    const userId = UserUtils.getUserFromReq(req).userId;

    const companies = await db.any(
      sql.type(
        z.object({
          company_id: ZDbShema.companies_management.companies.company_id,
          name: ZDbShema.companies_management.companies.name,
          owner_id: ZDbShema.companies_management.companies.owner_id,
          timezone: ZDbShema.companies_management.companies.timezone,
        }),
      )`
        select
          c.company_id,
          c."name",
          c.owner_id,
          c.timezone
        from
          companies_management.companies c
        join permissions_management.cached_user_permissions cup on
          c.company_id = cup.entity_id
        where
          cup.user_id = ${userId} and entity_type_id = 'company' and permission_id = 'view_company' and permission_value_id = 'view_company_true'
        `,
    );

    RouterUtils.validAndSendResponse(
      CompanyManagementApi.ZGetUserCompanies.res,
      res,
      { code: "success", companies: [...companies] },
    );
  } catch (e) {
    next(e);
  }
});

router.post("/get-company", async (req, res, next) => {
  try {
    // валидация запроса
    const { companyId } = CompanyManagementApi.ZGetCompany.req.parse(req.body);

    const userId = UserUtils.getUserFromReq(req).userId;

    await CheckPermissionsService.checkEntityPermission(
      companyId,
      userId,
      "view_company",
      "view_company_true",
    );

    const company = await db.maybeOne(
      sql.type(
        z.object({
          company_id: ZDbShema.companies_management.companies.company_id,
          name: ZDbShema.companies_management.companies.name,
          owner_id: ZDbShema.companies_management.companies.owner_id,
          timezone: ZDbShema.companies_management.companies.timezone,
          employees: z.array(
            z.object({
              user_id: ZDbShema.permissions_management.user_roles.user_id,
              user_name: ZDbShema.users_management.users.name,
              role_id: ZDbShema.permissions_management.user_roles.role_id,
              role_name: ZDbShema.permissions_management.roles.name,
            }),
          ),
        }),
      )`
        select
          c.company_id,
          c."name",
          c.owner_id,
          c.timezone,
          coalesce(
                      json_agg(
                        json_build_object(
            'user_id',
          ur.user_id,
          'user_name',
          u.name,
          'role_id',
          ur.role_id,
          'role_name',
          r."name" 
                        )
                      ) filter (
        where
          ur.user_id is not null),
          '[]'::json
                    ) as employees
        from
          companies_management.companies c
        left join permissions_management.user_roles ur on
          c.company_id = ur.entity_id
        join permissions_management.roles r on
          ur.role_id = r.role_id
        join users_management.users u on
          ur.user_id = u.user_id
        where
          c.company_id = ${companyId}
        group by
          c.company_id
        `,
    );

    if (!company) {
      throw ApiError.BadRequest("Company not found", "Компания не найдена");
    }

    const REQUIRED_PERMISSION = "view_event_true";

    const events = await CompaniesService.getUserCompanyEvents(
      userId,
      company.company_id,
      REQUIRED_PERMISSION,
    );

    RouterUtils.validAndSendResponse(
      CompanyManagementApi.ZGetCompany.res,
      res,
      { code: "success", company: { ...company, events: [...events] } },
    );
  } catch (e) {
    next(e);
  }
});