add missing query invalidation after report create

add request classes and fix collection typing for clients, tasks and tags

.env.ci

@@ -34,7 +34,12 @@ SESSION_DRIVER=database
 SESSION_LIFETIME=120
 
 # Mail
-MAIL_MAILER=log
+MAIL_MAILER=smtp
+MAIL_HOST=localhost
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS="no-reply@solidtime.test"
 MAIL_FROM_NAME="solidtime"
 MAIL_REPLY_TO_ADDRESS="hello@solidtime.test"
@@ -56,3 +61,6 @@ TELESCOPE_ENABLED=false
 
 # Services
 GOTENBERG_URL=http://0.0.0.0:3000
+
+# Octane
+OCTANE_SERVER=frankenphp

.env.example

@@ -80,8 +80,7 @@ GOTENBERG_URL=http://gotenberg:3000
 # Local setup
 NGINX_HOST_NAME=solidtime.test
 NETWORK_NAME=reverse-proxy-docker-traefik_routing
-FORWARD_DB_PORT=5432
-FORWARD_WEB_PORT=8083
+FORWARD_DB_PORT=54329
 VITE_HOST_NAME=vite.solidtime.test
 VITE_APP_NAME="${APP_NAME}"
 #SAIL_XDEBUG_MODE=develop,debug,coverage

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +1,11 @@
-<!--
-This project is early stage. The structure and APIs are still subject to change and not stable.
-Therefore, we do not currently accept any contributions, unless you are a member of the team.
+## What does this PR do?
 
-As soon as we feel comfortable enough that the application structure is stable enough, we will open up the project for contributions.
+<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -->
 
-We do accept contributions in the [documentation repository](https://github.com/solidtime-io/docs) f.e. to add new self-hosting guides.
--->
+- Fixes #XXXX (GitHub issue number)
+
+## Checklist (DO NOT REMOVE)
+
+- [ ] I read the [contributing guide](https://github.com/solidtime-io/solidtime/blob/main/CONTRIBUTING.md)
+- [ ] I signed the [Contributor License Agreement](https://cla-assistant.io/solidtime-io/solidtime).
+- [ ] I commented my code, particularly in hard-to-understand areas

.github/workflows/build-onpremise.yml

@@ -0,0 +1,216 @@
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags:
+      - '*'
+  pull_request:
+    paths:
+      - '.github/workflows/build-onpremise.yml'
+      - 'docker/prod/**'
+  workflow_dispatch:
+
+permissions:
+  packages: write
+  contents: read
+  attestations: write
+  id-token: write
+
+env:
+  DOCKER_REPO: registry.on-premise.solidtime.io/solidtime/solidtime
+
+name: Build - On Premise
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - runs-on: "ubuntu-24.04-arm"
+            platform: "linux/arm64"
+          - runs-on: "ubuntu-24.04"
+            platform: "linux/amd64"
+    runs-on: ${{ matrix.runs-on }}
+    timeout-minutes: 90
+
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
+
+      - name: "Get build"
+        id: release-build
+        run: echo "build=$(git rev-parse --short=8 HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: "Get Previous tag (normal push)"
+        id: previoustag
+        if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+        with:
+          prefix: "v"
+
+      - name: "Get version"
+        id: release-version
+        run: |
+          if ${{ !startsWith(github.ref, 'refs/tags/v') }}; then
+            if ${{ startsWith(steps.previoustag.outputs.tag, 'v') }}; then
+              version=$(echo "${{ steps.previoustag.outputs.tag }}" | cut -c 2-)
+              echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+            else
+              echo "ERROR: No previous tag found";
+              exit 1;
+            fi
+          else
+            version=$(echo "${{ github.ref }}" | cut -c 12-)
+            echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: "Copy .env template for production"
+        run: |
+          cp .env.production .env
+          rm .env.production .env.ci .env.example
+
+      - name: "Add version to .env"
+        run: sed -i 's/APP_VERSION=0.0.0/APP_VERSION=${{ steps.release-version.outputs.app_version }}/g' .env
+
+      - name: "Add build to .env"
+        run: sed -i 's/APP_BUILD=0/APP_BUILD=${{ steps.release-build.outputs.build }}/g' .env
+
+      - name: "Output .env"
+        run: cat .env
+
+      - name: "Setup PHP with PECL extension"
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          extensions: mbstring, dom, fileinfo, pgsql
+
+      - name: "Install dependencies"
+        run: composer install --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+        if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Checkout invoicing extension"
+        uses: actions/checkout@v4
+        with:
+          repository: solidtime-io/extension-invoicing
+          path: extensions/Invoicing
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY_INVOICING_EXTENSION }}
+
+      - name: "Install composer dependencies in invoicing extension"
+        run: cd extensions/Invoicing && composer install --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+
+      - name: "Install npm dependencies in invoicing extension"
+        run: cd extensions/Invoicing && npm ci
+
+      - name: "Activate invoicing extension"
+        run: php artisan module:enable Invoicing
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Build"
+        run: npm run build
+
+      - name: "Prepare"
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: "Docker meta"
+        id: "meta"
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_REPO }}
+
+      - name: "Login to solidtime OnPremise Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: registry.on-premise.solidtime.io
+          username: ${{ secrets.ONPREMISE_USERNAME }}
+          password: ${{ secrets.ONPREMISE_TOKEN }}
+
+      - name: "Set up QEMU"
+        uses: docker/setup-qemu-action@v3
+
+      - name: "Set up Docker Buildx"
+        uses: docker/setup-buildx-action@v3
+
+      - name: "Build and push by digest"
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/prod/Dockerfile
+          build-args: |
+            DOCKER_FILES_BASE_PATH=docker/prod/
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,"name=${{ env.DOCKER_REPO }}",push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: "Export digest"
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: "Upload digest"
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    needs:
+      - build
+    steps:
+      - name: "Download digests"
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: "Login to solidtime OnPremise Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: registry.on-premise.solidtime.io
+          username: ${{ secrets.ONPREMISE_USERNAME }}
+          password: ${{ secrets.ONPREMISE_TOKEN }}
+
+      - name: "Set up Docker Buildx"
+        uses: docker/setup-buildx-action@v3
+
+      - name: "Docker meta"
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_REPO }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: "Create manifest list and push"
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.DOCKER_REPO }}@sha256:%s ' *)
+
+      - name: "Inspect image"
+        run: |
+          docker buildx imagetools inspect ${{ env.DOCKER_REPO }}:${{ steps.meta.outputs.version }}

.github/workflows/npm-format-check.yml

@@ -0,0 +1,23 @@
+name: NPM Format Check
+
+on: [push]
+
+jobs:
+  format-check:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Check code formatting"
+        run: npm run format:check 

.github/workflows/playwright.yml

@@ -6,10 +6,18 @@ jobs:
   test:
     runs-on: ubuntu-latest
     timeout-minutes: 60
+    strategy:
+      fail-fast: false
+      matrix:
+        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8]
+        shardTotal: [8]
 
     services:
       mailpit:
         image: 'axllent/mailpit:latest'
+        ports:
+          - 1025:1025
+          - 8025:8025
       pgsql_test:
         image: postgres:15
         env:
@@ -57,22 +65,63 @@ jobs:
       - name: "Build Frontend"
         run: npm run build
 
-      - name: "Run Laravel Server"
-        run: php artisan serve > /dev/null 2>&1 &
+      - name: "Install FrankenPHP"
+        run: |
+          ARCH="$(uname -m)"
+          curl -fsSL "https://github.com/dunglas/frankenphp/releases/latest/download/frankenphp-linux-${ARCH}" -o /usr/local/bin/frankenphp
+          chmod +x /usr/local/bin/frankenphp
+
+      - name: "Run Laravel Octane Server"
+        run: php artisan octane:start --server=frankenphp --host=127.0.0.1 --port=8000 --workers=4 --max-requests=500 > /dev/null 2>&1 &
+        env:
+          OCTANE_SERVER: frankenphp
 
       - name: "Install Playwright Browsers"
         run: npx playwright install --with-deps
 
       - name: "Run Playwright tests"
-        run: npx playwright test
+        run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
         env:
           PLAYWRIGHT_BASE_URL: 'http://127.0.0.1:8000'
+          MAILPIT_BASE_URL: 'http://localhost:8025'
 
-      - name: "Upload test results"
+      - name: "Upload blob report"
         uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: test-results
-          path: test-results/
-          retention-days: 30
+          name: blob-report-${{ matrix.shardIndex }}
+          path: blob-report/
+          retention-days: 7
 
+  merge-reports:
+    if: always()
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Setup node"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install dependencies"
+        run: npm ci
+
+      - name: "Download blob reports"
+        uses: actions/download-artifact@v4
+        with:
+          path: all-blob-reports
+          pattern: blob-report-*
+          merge-multiple: true
+
+      - name: "Merge reports"
+        run: npx playwright merge-reports --reporter html ./all-blob-reports
+
+      - name: "Upload merged HTML report"
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 30

.prettierignore

@@ -0,0 +1,27 @@
+# Ignore build outputs
+node_modules/
+vendor/
+storage/
+bootstrap/cache/
+public/build/
+public/hot/
+
+# Ignore lock files
+package-lock.json
+composer.lock
+
+# Ignore generated files
+*.min.js
+*.min.css
+
+# Ignore test results
+test-results/
+playwright-report/
+
+# Ignore IDE files
+.idea/
+.vscode/
+
+# Ignore OS files
+.DS_Store
+Thumbs.db 

.prettierrc.json

@@ -3,5 +3,6 @@
     "tabWidth": 4,
     "singleQuote": true,
     "bracketSameLine": true,
-    "quoteProps": "preserve"
+    "quoteProps": "preserve",
+    "printWidth": 100
 }

CONTRIBUTING.md

@@ -0,0 +1,81 @@
+# Contributing to solidtime
+
+Contributions are greatly apprecited, please make sure to read the rules and vision for solidtime before contributing. 
+
+## Rules
+
+### Issues for Bugs, Discussions for Feature requests
+
+In order to keep the issues of the repository clean we decided to only use them for bugs. Feature Requests and enhancement are handled in discussions. This also helps us to see which feature requests are popular as they can be upvoted. 
+
+### Only work on approved issues
+
+To respect your time and help us manage contributions effectively, please open an issue or start a discussion and wait for approval before submitting a pull request (PR). This does not apply to tiny fixes or changes however, please keep in mind that we might not merge PRs for various reasons. 
+
+### Contributor License Agreement
+
+You'll also notice that we’ve set up a [Contributor License Agreement (CLA)](https://cla-assistant.io/solidtime-io/solidtime), which must be signed before any PR can be merged. Don’t worry - the process is quick and only takes a few clicks.
+
+We want to be transparent about why we require the CLA and what it means for your contributions and the codebase. That’s why we’ve written a few paragraphs below outlining our plans and vision for solidtime in the **Vision** part of this document. 
+
+### Prevent Duplicate Work
+
+Before you submit a new PR, make sure that none exists already. If you plan to work on an issue, make sure to let us and others know by commenting on the issue/discussion. 
+
+### Give context
+
+Tell us what you thinking was behind the decisions you made while drafting the PR. Treat the PR itself as documentation for everyone who wants to go back and understand why certain decisions were made. 
+
+### Summarize your PR
+
+Please make sure to include a short summary at the top of your PR to make it easy for us to quickly check what the PR is about, without looking at the code changes. 
+
+### Use Github Keywords and Auto-Link Issues
+
+Use phrases like "Closes #123" or "Fixes #123" in the PR description to link the PR with the issue that you are adressing. 
+
+### Mention what you tested and how
+
+Explain how you tested and validated the implementation. 
+
+### Keep Naming consistent
+
+Look at existing code patterns and use naming conventions that already exist in the code base. 
+
+### Testing
+
+We have an exhaustive test-suite of PHPUnit (Backend) and Playwright (Frontend) testing. Whereever applicable please make sure to write add tests to the codebase. 
+
+### Linting & Formatting
+
+Make sure to run linting and formatting commands before you commit the changes. 
+
+For backend changes:
+
+```
+composer fix
+composer analyse
+```
+
+For frontend changes: 
+
+```
+npm run lint:fix
+npm run format
+```
+
+## Vision
+
+We started solidtime to provide an open infrastructure solution for time tracking—one that empowers teams and individuals to fully own their data, instead of depending on proprietary platforms. We believe infrastructure software should be open, accessible, and built to last. However, competing with established market leaders in this space requires long-term financial sustainability.
+
+solidtime is licensed under the AGPL, which we believe is the best available license to strike a balance between openness and financial viability. The AGPL gives us, as the copyright holders, certain exclusive rights that we plan to leverage to fund development. To ensure we retain those rights across the entire codebase, we've put a CLA in place that contributors must sign before submitting code.
+
+One of solidtime’s key advantages is that it's built to be self-hostable. This makes it a great solution for organizations like governments, healthcare providers, and enterprises that are required to keep data on their own infrastructure due to regulations or internal policies. These organizations may need custom licenses, integrations, or modifications that aren't suitable for the open-source version. To support them, we offer relicensed versions of solidtime along with support plans.
+
+We’ll also provide proprietary extensions for solidtime. These will be available to enterprise customers with support plans, but also to individual users or teams who don’t need support, at much more accessible price points. For companies running solidtime on their own infrastructure, this is the easiest way to support the project while gaining additional functionality. While we plan to make it easier to build custom extensions in the future, our current APIs are still highly experimental.
+
+Finally - and perhaps most importantly - we offer a hosted SaaS version called solidtime Cloud, for users who can’t or don’t want to run the software themselves. This version includes proprietary extensions, always runs the latest commit, and includes monitoring and billing features available exclusively on this hosted instance. We expect solidtime Cloud to play a critical role in funding the project long-term.
+
+Having full control over the source code’s licensing also gives us the ability to change the license of the main project in the future. That said, we have no plans to do so and would only consider it in extreme cases - for example, if a malicious actor were to directly compete with our hosted service in a way that threatens the sustainability of the project, the legal interpretation of AGPL changes in a way that would make it unreasonable to use for certain companies, or a new similar license gains wide-spread adoption. Regardless, solidtime will always remain free to self-host for individuals and companies who use it as part of their work, and all previous releases will remain licensed under AGPL.
+
+If you are using the open-source version of solidtime and want to support us, the best way to do so is to spread the word. 

README.md

@@ -35,10 +35,9 @@ If you have a **feature request**, please [**create a discussion**](https://gith
 
 ## Contributing
 
-This project is in a very early stage. The structure and APIs are still subject to change and not stable. 
-Therefore, we do not currently accept any contributions, unless you are a member of the team.
+Please open an issue or start a discussion and wait for approval before submitting a pull request. This does not apply to tiny fixes or changes however, please keep in mind that we might not merge PRs for various reasons. 
 
-As soon as we feel comfortable enough that the application structure is stable enough, we will open up the project for contributions.
+Please read the [CONTRIBUTING.md](./CONTRIBUTING.md) before sumbitting a Pull Request.
 
 We do accept contributions in the [documentation repository](https://github.com/solidtime-io/docs) f.e. to add new self-hosting guides.
 

app/Console/Kernel.php

@@ -22,13 +22,27 @@ class Kernel extends ConsoleKernel
             ->when(fn (): bool => config('scheduling.tasks.auth_send_mails_expiring_api_tokens'))
             ->everyTenMinutes();
 
-        $schedule->command('self-host:check-for-update')
-            ->when(fn (): bool => config('scheduling.tasks.self_hosting_check_for_update'))
-            ->twiceDaily();
+        if (config('app.key') && (config('scheduling.tasks.self_hosting_check_for_update') || config('scheduling.tasks.self_hosting_telemetry'))) {
+            // Convert string to a stable integer for seeding
+            /** @var int $seed Take the first 8 hex chars → 32-bit int */
+            $seed = hexdec(substr(hash('md5', config('app.key')), 0, 8));
+            $seed = abs($seed); // Ensure it's positive
+            mt_srand($seed);
+            $firstHour = mt_rand(0, 23);
+            $secondHour = ($firstHour + 12) % 24;
+            $minuteOffset = mt_rand(0, 59);
+            mt_srand(null); // Reset the random number generator
 
-        $schedule->command('self-host:telemetry')
-            ->when(fn (): bool => config('scheduling.tasks.self_hosting_telemetry'))
-            ->twiceDaily();
+            if (config('scheduling.tasks.self_hosting_check_for_update')) {
+                $schedule->command('self-host:check-for-update')
+                    ->twiceDailyAt($firstHour, $secondHour, $minuteOffset);
+            }
+
+            if (config('scheduling.tasks.self_hosting_telemetry')) {
+                $schedule->command('self-host:telemetry')
+                    ->twiceDailyAt($firstHour, $secondHour, $minuteOffset);
+            }
+        }
 
         $schedule->command('self-host:database-consistency')
             ->when(fn (): bool => config('scheduling.tasks.self_hosting_database_consistency'))

app/Enums/TimeEntryAggregationType.php

@@ -20,6 +20,7 @@ enum TimeEntryAggregationType: string
     case Client = 'client';
     case Billable = 'billable';
     case Description = 'description';
+    case Tag = 'tag';
 
     public static function fromInterval(TimeEntryAggregationTypeInterval $timeEntryAggregationTypeInterval): TimeEntryAggregationType
     {

app/Exceptions/Api/OverlappingTimeEntryApiException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class OverlappingTimeEntryApiException extends ApiException
+{
+    public const string KEY = 'overlapping_time_entry';
+}

app/Filament/Resources/TimeEntryResource.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Filament\Resources;
 
 use App\Filament\Resources\TimeEntryResource\Pages;
+use App\Models\Member;
 use App\Models\TimeEntry;
 use Filament\Forms\Components\DateTimePicker;
 use Filament\Forms\Components\Select;
@@ -16,6 +17,7 @@ use Filament\Tables;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Filters\SelectFilter;
 use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Builder;
 
 class TimeEntryResource extends Resource
 {
@@ -51,15 +53,23 @@ class TimeEntryResource extends Resource
                     ->rules([
                         'after_or_equal:start',
                     ]),
-                Select::make('user_id')
-                    ->relationship(name: 'user', titleAttribute: 'email')
-                    ->searchable(['name', 'email'])
+                Select::make('member_id')
+                    ->relationship(
+                        name: 'member',
+                        titleAttribute: 'id',
+                        modifyQueryUsing: fn (Builder $query) => $query->with(['user', 'organization'])
+                    )
+                    ->getOptionLabelFromRecordUsing(fn (Member $record): string => $record->user->email.' ('.$record->organization->name.')')
+                    ->searchable()
                     ->required(),
                 Select::make('project_id')
                     ->relationship(name: 'project', titleAttribute: 'name')
                     ->searchable(['name'])
                     ->nullable(),
-                // TODO
+                Select::make('task_id')
+                    ->relationship(name: 'task', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->nullable(),
             ]);
     }
 

app/Filament/Resources/TimeEntryResource/Pages/CreateTimeEntry.php

@@ -5,9 +5,28 @@ declare(strict_types=1);
 namespace App\Filament\Resources\TimeEntryResource\Pages;
 
 use App\Filament\Resources\TimeEntryResource;
+use App\Models\Member;
 use Filament\Resources\Pages\CreateRecord;
 
 class CreateTimeEntry extends CreateRecord
 {
     protected static string $resource = TimeEntryResource::class;
+
+    /**
+     * @param  array<string, mixed>  $data
+     * @return array<string, mixed>
+     */
+    protected function mutateFormDataBeforeCreate(array $data): array
+    {
+        if (isset($data['member_id'])) {
+            /** @var Member|null $member */
+            $member = Member::query()->find($data['member_id']);
+            if ($member !== null) {
+                $data['user_id'] = $member->user_id;
+                $data['organization_id'] = $member->organization_id;
+            }
+        }
+
+        return $data;
+    }
 }

app/Filament/Resources/TimeEntryResource/Pages/EditTimeEntry.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Filament\Resources\TimeEntryResource\Pages;
 
 use App\Filament\Resources\TimeEntryResource;
+use App\Models\Member;
 use Filament\Actions;
 use Filament\Resources\Pages\EditRecord;
 
@@ -19,4 +20,22 @@ class EditTimeEntry extends EditRecord
                 ->icon('heroicon-m-trash'),
         ];
     }
+
+    /**
+     * @param  array<string, mixed>  $data
+     * @return array<string, mixed>
+     */
+    protected function mutateFormDataBeforeSave(array $data): array
+    {
+        if (isset($data['member_id'])) {
+            /** @var Member|null $member */
+            $member = Member::query()->find($data['member_id']);
+            if ($member !== null) {
+                $data['user_id'] = $member->user_id;
+                $data['organization_id'] = $member->organization_id;
+            }
+        }
+
+        return $data;
+    }
 }

app/Http/Controllers/Api/V1/ApiTokenController.php

@@ -35,6 +35,7 @@ class ApiTokenController extends Controller
                 /** @var Builder<Client> $query */
                 $query->whereJsonContains('grant_types', 'personal_access');
             })
+            ->orderBy('created_at', 'desc')
             ->get();
 
         return new ApiTokenCollection($tokens);

app/Http/Controllers/Api/V1/ChartController.php

@@ -14,6 +14,8 @@ use Illuminate\Http\JsonResponse;
 class ChartController extends Controller
 {
     /**
+     * Get chart data for the weekly project overview.
+     *
      * @throws AuthorizationException
      *
      * @operationId weeklyProjectOverview
@@ -31,6 +33,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for the latest tasks.
+     *
      * @throws AuthorizationException
      *
      * @operationId latestTasks
@@ -48,6 +52,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for the last seven days.
+     *
      * @throws AuthorizationException
      *
      * @operationId lastSevenDays
@@ -65,6 +71,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for the latest team activity.
+     *
      * @throws AuthorizationException
      *
      * @operationId latestTeamActivity
@@ -81,6 +89,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for daily tracked hours.
+     *
      * @throws AuthorizationException
      *
      * @operationId dailyTrackedHours
@@ -92,12 +102,14 @@ class ChartController extends Controller
         $this->checkPermission($organization, 'charts:view:own');
         $user = $this->user();
 
-        $dailyTrackedHours = $dashboardService->getDailyTrackedHours($user, $organization, 60);
+        $dailyTrackedHours = $dashboardService->getDailyTrackedHours($user, $organization, 100);
 
         return response()->json($dailyTrackedHours);
     }
 
     /**
+     * Get chart data for total weekly time.
+     *
      * @throws AuthorizationException
      *
      * @operationId totalWeeklyTime
@@ -115,6 +127,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for total weekly billable time.
+     *
      * @throws AuthorizationException
      *
      * @operationId totalWeeklyBillableTime
@@ -132,6 +146,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for total weekly billable amount.
+     *
      * @throws AuthorizationException
      *
      * @operationId totalWeeklyBillableAmount
@@ -154,6 +170,8 @@ class ChartController extends Controller
     }
 
     /**
+     * Get chart data for weekly history.
+     *
      * @throws AuthorizationException
      *
      * @operationId weeklyHistory

app/Http/Controllers/Api/V1/ClientController.php

@@ -38,11 +38,17 @@ class ClientController extends Controller
     public function index(Organization $organization, ClientIndexRequest $request): ClientCollection
     {
         $this->checkPermission($organization, 'clients:view');
+        $canViewAllClients = $this->hasPermission($organization, 'clients:view:all');
+        $user = $this->user();
 
         $clientsQuery = Client::query()
             ->whereBelongsTo($organization, 'organization')
             ->orderBy('created_at', 'desc');
 
+        if (! $canViewAllClients) {
+            $clientsQuery->visibleByEmployee($user);
+        }
+
         $filterArchived = $request->getFilterArchived();
         if ($filterArchived === 'true') {
             $clientsQuery->whereNotNull('archived_at');

app/Http/Controllers/Api/V1/InvitationController.php

@@ -41,6 +41,7 @@ class InvitationController extends Controller
         $this->checkPermission($organization, 'invitations:view');
 
         $invitations = $organization->teamInvitations()
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return InvitationCollection::make($invitations);

app/Http/Controllers/Api/V1/MemberController.php

@@ -60,6 +60,7 @@ class MemberController extends Controller
         $members = Member::query()
             ->whereBelongsTo($organization, 'organization')
             ->with(['user'])
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return MemberCollection::make($members);

app/Http/Controllers/Api/V1/OrganizationController.php

@@ -46,6 +46,9 @@ class OrganizationController extends Controller
         if ($request->getEmployeesCanSeeBillableRates() !== null) {
             $organization->employees_can_see_billable_rates = $request->getEmployeesCanSeeBillableRates();
         }
+        if ($request->getEmployeesCanManageTasks() !== null) {
+            $organization->employees_can_manage_tasks = $request->getEmployeesCanManageTasks();
+        }
         if ($request->getNumberFormat() !== null) {
             $organization->number_format = $request->getNumberFormat();
         }
@@ -61,6 +64,9 @@ class OrganizationController extends Controller
         if ($request->getTimeFormat() !== null) {
             $organization->time_format = $request->getTimeFormat();
         }
+        if ($request->getPreventOverlappingTimeEntries() !== null) {
+            $organization->prevent_overlapping_time_entries = $request->getPreventOverlappingTimeEntries();
+        }
         $hasBillableRate = $request->has('billable_rate');
         if ($hasBillableRate) {
             $oldBillableRate = $organization->billable_rate;

app/Http/Controllers/Api/V1/ProjectController.php

@@ -60,7 +60,9 @@ class ProjectController extends Controller
             $projectsQuery->whereNull('archived_at');
         }
 
-        $projects = $projectsQuery->paginate(config('app.pagination_per_page_default'));
+        $projects = $projectsQuery
+            ->orderBy('created_at', 'desc')
+            ->paginate(config('app.pagination_per_page_default'));
 
         $showBillableRate = $this->member($organization)->role !== Role::Employee->value || $organization->employees_can_see_billable_rates;
 

app/Http/Controllers/Api/V1/ProjectMemberController.php

@@ -6,6 +6,7 @@ namespace App\Http\Controllers\Api\V1;
 
 use App\Exceptions\Api\InactiveUserCanNotBeUsedApiException;
 use App\Exceptions\Api\UserIsAlreadyMemberOfProjectApiException;
+use App\Http\Requests\V1\ProjectMember\ProjectMemberIndexRequest;
 use App\Http\Requests\V1\ProjectMember\ProjectMemberStoreRequest;
 use App\Http\Requests\V1\ProjectMember\ProjectMemberUpdateRequest;
 use App\Http\Resources\V1\ProjectMember\ProjectMemberCollection;
@@ -41,12 +42,13 @@ class ProjectMemberController extends Controller
      *
      * @operationId getProjectMembers
      */
-    public function index(Organization $organization, Project $project): ProjectMemberCollection
+    public function index(Organization $organization, Project $project, ProjectMemberIndexRequest $request): ProjectMemberCollection
     {
         $this->checkPermission($organization, 'project-members:view', $project);
 
         $projectMembers = ProjectMember::query()
             ->whereBelongsTo($project, 'project')
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return new ProjectMemberCollection($projectMembers);

app/Http/Controllers/Api/V1/ReportController.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;
 
 use App\Enums\Weekday;
+use App\Http\Requests\V1\Report\ReportIndexRequest;
 use App\Http\Requests\V1\Report\ReportStoreRequest;
 use App\Http\Requests\V1\Report\ReportUpdateRequest;
 use App\Http\Resources\V1\Report\DetailedReportResource;
@@ -40,7 +41,7 @@ class ReportController extends Controller
      *
      * @operationId getReports
      */
-    public function index(Organization $organization): ReportCollection
+    public function index(Organization $organization, ReportIndexRequest $request): ReportCollection
     {
         $this->checkPermission($organization, 'reports:view');
 
@@ -150,6 +151,9 @@ class ReportController extends Controller
                 $report->share_secret = null;
                 $report->public_until = null;
             }
+        } elseif ($report->is_public && $request->has('public_until')) {
+            // Allow updating expiration date on already-public reports
+            $report->public_until = $request->getPublicUntil();
         }
         $report->save();
 

app/Http/Controllers/Api/V1/TagController.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;
 
 use App\Exceptions\Api\EntityStillInUseApiException;
+use App\Http\Requests\V1\Tag\TagIndexRequest;
 use App\Http\Requests\V1\Tag\TagStoreRequest;
 use App\Http\Requests\V1\Tag\TagUpdateRequest;
 use App\Http\Resources\V1\Tag\TagCollection;
@@ -34,7 +35,7 @@ class TagController extends Controller
      *
      * @throws AuthorizationException
      */
-    public function index(Organization $organization): TagCollection
+    public function index(Organization $organization, TagIndexRequest $request): TagCollection
     {
         $this->checkPermission($organization, 'tags:view');
 

app/Http/Controllers/Api/V1/TaskController.php

@@ -11,6 +11,7 @@ use App\Http\Requests\V1\Task\TaskUpdateRequest;
 use App\Http\Resources\V1\Task\TaskCollection;
 use App\Http\Resources\V1\Task\TaskResource;
 use App\Models\Organization;
+use App\Models\Project;
 use App\Models\Task;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Http\JsonResponse;
@@ -27,6 +28,26 @@ class TaskController extends Controller
         }
     }
 
+    /**
+     * Check scoped permission and verify user has access to the project
+     *
+     * @throws AuthorizationException
+     */
+    private function checkScopedPermissionForProject(Organization $organization, Project $project, string $permission): void
+    {
+        $this->checkPermission($organization, $permission);
+
+        $user = $this->user();
+        $hasAccess = Project::query()
+            ->where('id', $project->id)
+            ->visibleByEmployee($user)
+            ->exists();
+
+        if (! $hasAccess) {
+            throw new AuthorizationException('You do not have permission to '.$permission.' in this project.');
+        }
+    }
+
     /**
      * Get tasks
      *
@@ -61,7 +82,9 @@ class TaskController extends Controller
             $query->whereNull('done_at');
         }
 
-        $tasks = $query->paginate(config('app.pagination_per_page_default'));
+        $tasks = $query
+            ->orderBy('created_at', 'desc')
+            ->paginate(config('app.pagination_per_page_default'));
 
         return new TaskCollection($tasks);
     }
@@ -75,7 +98,15 @@ class TaskController extends Controller
      */
     public function store(Organization $organization, TaskStoreRequest $request): JsonResource
     {
-        $this->checkPermission($organization, 'tasks:create');
+        /** @var Project $project */
+        $project = Project::query()->findOrFail($request->input('project_id'));
+
+        if ($this->hasPermission($organization, 'tasks:create:all')) {
+            $this->checkPermission($organization, 'tasks:create:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $project, 'tasks:create');
+        }
+
         $task = new Task;
         $task->name = $request->input('name');
         $task->project_id = $request->input('project_id');
@@ -97,7 +128,17 @@ class TaskController extends Controller
      */
     public function update(Organization $organization, Task $task, TaskUpdateRequest $request): JsonResource
     {
-        $this->checkPermission($organization, 'tasks:update', $task);
+        // Check task belongs to organization
+        if ($task->organization_id !== $organization->id) {
+            throw new AuthorizationException('Task does not belong to organization');
+        }
+
+        if ($this->hasPermission($organization, 'tasks:update:all')) {
+            $this->checkPermission($organization, 'tasks:update:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $task->project, 'tasks:update');
+        }
+
         $task->name = $request->input('name');
         if ($this->canAccessPremiumFeatures($organization) && $request->has('estimated_time')) {
             $task->estimated_time = $request->getEstimatedTime();
@@ -119,7 +160,16 @@ class TaskController extends Controller
      */
     public function destroy(Organization $organization, Task $task): JsonResponse
     {
-        $this->checkPermission($organization, 'tasks:delete', $task);
+        // Check task belongs to organization
+        if ($task->organization_id !== $organization->id) {
+            throw new AuthorizationException('Task does not belong to organization');
+        }
+
+        if ($this->hasPermission($organization, 'tasks:delete:all')) {
+            $this->checkPermission($organization, 'tasks:delete:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $task->project, 'tasks:delete');
+        }
 
         if ($task->timeEntries()->exists()) {
             throw new EntityStillInUseApiException('task', 'time_entry');

app/Http/Controllers/Api/V1/TimeEntryController.php

@@ -7,6 +7,7 @@ namespace App\Http\Controllers\Api\V1;
 use App\Enums\ExportFormat;
 use App\Enums\Role;
 use App\Exceptions\Api\FeatureIsNotAvailableInFreePlanApiException;
+use App\Exceptions\Api\OverlappingTimeEntryApiException;
 use App\Exceptions\Api\PdfRendererIsNotConfiguredException;
 use App\Exceptions\Api\TimeEntryCanNotBeRestartedApiException;
 use App\Exceptions\Api\TimeEntryStillRunningApiException;
@@ -45,6 +46,7 @@ use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Http\File;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Resources\Json\JsonResource;
+use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Blade;
@@ -56,6 +58,43 @@ use Spatie\TemporaryDirectory\TemporaryDirectory;
 
 class TimeEntryController extends Controller
 {
+    private function assertNoOverlap(Organization $organization, Member $member, \Illuminate\Support\Carbon $start, ?\Illuminate\Support\Carbon $end, ?TimeEntry $exclude = null): void
+    {
+        if (! $organization->prevent_overlapping_time_entries) {
+            return;
+        }
+
+        $query = TimeEntry::query()
+            ->where('organization_id', $organization->getKey())
+            ->where('user_id', $member->user_id)
+            ->when($exclude !== null, function (Builder $q) use ($exclude): void {
+                $q->where('id', '!=', $exclude->getKey());
+            })
+            ->where(function (Builder $q) use ($start, $end): void {
+                $q->where(function (Builder $q2) use ($start): void {
+                    $q2->where('end', '>', $start)
+                        ->where('start', '<', $start);
+                });
+
+                if ($end !== null) {
+                    $q->orWhere(function (Builder $q4) use ($end): void {
+                        $q4->where('start', '<', $end)
+                            ->where('end', '>', $end);
+                    });
+                    // Check if the new entry completely surrounds an existing entry
+                    $q->orWhere(function (Builder $q6) use ($start, $end): void {
+                        $q6->where('start', '>=', $start)
+                            ->where('end', '<=', $end);
+                    });
+                }
+
+            });
+
+        if ($query->exists()) {
+            throw new OverlappingTimeEntryApiException;
+        }
+    }
+
     protected function checkPermission(Organization $organization, string $permission, ?TimeEntry $timeEntry = null): void
     {
         parent::checkPermission($organization, $permission);
@@ -549,17 +588,15 @@ class TimeEntryController extends Controller
             throw new TimeEntryStillRunningApiException;
         }
 
+        // Overlap check for create
+        $start = Carbon::parse($request->input('start'));
+        $end = $request->input('end') !== null ? Carbon::parse($request->input('end')) : null;
+        $this->assertNoOverlap($organization, $member, $start, $end);
+
         $project = $request->input('project_id') !== null ? Project::findOrFail((string) $request->input('project_id')) : null;
         $client = $project?->client;
         $task = $request->input('task_id') !== null ? $project->tasks()->findOrFail((string) $request->input('task_id')) : null;
 
-        if ($project !== null) {
-            RecalculateSpentTimeForProject::dispatch($project);
-        }
-        if ($task !== null) {
-            RecalculateSpentTimeForTask::dispatch($task);
-        }
-
         $timeEntry = new TimeEntry;
         $timeEntry->fill($request->validated());
         $timeEntry->client()->associate($client);
@@ -569,6 +606,13 @@ class TimeEntryController extends Controller
         $timeEntry->setComputedAttributeValue('billable_rate');
         $timeEntry->save();
 
+        if ($project !== null) {
+            RecalculateSpentTimeForProject::dispatch($project);
+        }
+        if ($task !== null) {
+            RecalculateSpentTimeForTask::dispatch($task);
+        }
+
         return new TimeEntryResource($timeEntry);
     }
 
@@ -593,6 +637,13 @@ class TimeEntryController extends Controller
             throw new TimeEntryCanNotBeRestartedApiException;
         }
 
+        // Overlap check for update (exclude current)
+        /** @var Member $effectiveMember */
+        $effectiveMember = $request->has('member_id') ? Member::query()->findOrFail($request->input('member_id')) : $timeEntry->member;
+        $effectiveStart = $request->has('start') ? Carbon::parse($request->input('start')) : $timeEntry->start;
+        $effectiveEnd = $request->has('end') ? ($request->input('end') !== null ? Carbon::parse($request->input('end')) : null) : $timeEntry->end;
+        $this->assertNoOverlap($organization, $effectiveMember, $effectiveStart, $effectiveEnd, $timeEntry);
+
         $oldProject = $timeEntry->project;
         $oldTask = $timeEntry->task;
 

app/Http/Middleware/HandleInertiaRequests.php

@@ -41,6 +41,7 @@ class HandleInertiaRequests extends Middleware
     {
         $hasBilling = Module::has('Billing') && Module::isEnabled('Billing');
         $hasInvoicing = Module::has('Invoicing') && Module::isEnabled('Invoicing');
+        $hasServices = Module::has('Services') && Module::isEnabled('Services');
 
         /** @var BillingContract $billing */
         $billing = app(BillingContract::class);
@@ -50,6 +51,7 @@ class HandleInertiaRequests extends Middleware
         return array_merge(parent::share($request), [
             'has_billing_extension' => $hasBilling,
             'has_invoicing_extension' => $hasInvoicing,
+            'has_services_extension' => $hasServices,
             'billing' => $currentOrganization !== null ? [
                 'has_subscription' => $billing->hasSubscription($currentOrganization),
                 'has_trial' => $billing->hasTrial($currentOrganization),

app/Http/Requests/V1/Invitation/InvitationIndexRequest.php

@@ -21,6 +21,11 @@ class InvitationIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
         ];
     }
 }

app/Http/Requests/V1/Member/MemberIndexRequest.php

@@ -21,6 +21,11 @@ class MemberIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
         ];
     }
 }

app/Http/Requests/V1/Organization/OrganizationUpdateRequest.php

@@ -39,6 +39,12 @@ class OrganizationUpdateRequest extends BaseFormRequest
             'employees_can_see_billable_rates' => [
                 'boolean',
             ],
+            'employees_can_manage_tasks' => [
+                'boolean',
+            ],
+            'prevent_overlapping_time_entries' => [
+                'boolean',
+            ],
             'number_format' => [
                 Rule::enum(NumberFormat::class),
             ],
@@ -98,4 +104,14 @@ class OrganizationUpdateRequest extends BaseFormRequest
     {
         return $this->has('employees_can_see_billable_rates') ? $this->boolean('employees_can_see_billable_rates') : null;
     }
+
+    public function getEmployeesCanManageTasks(): ?bool
+    {
+        return $this->has('employees_can_manage_tasks') ? $this->boolean('employees_can_manage_tasks') : null;
+    }
+
+    public function getPreventOverlappingTimeEntries(): ?bool
+    {
+        return $this->has('prevent_overlapping_time_entries') ? $this->boolean('prevent_overlapping_time_entries') : null;
+    }
 }

app/Http/Requests/V1/ProjectMember/ProjectMemberIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\ProjectMember;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class ProjectMemberIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Report/ReportIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Report;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class ReportIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Report/ReportStoreRequest.php

@@ -10,9 +10,11 @@ use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
 use App\Http\Requests\V1\BaseFormRequest;
 use App\Models\Organization;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\Rule as LegacyValidationRule;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Support\Carbon;
+use Illuminate\Support\Str;
 use Illuminate\Validation\Rule;
 
 /**
@@ -23,7 +25,7 @@ class ReportStoreRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|LegacyValidationRule>>
+     * @return array<string, array<string|ValidationRule|LegacyValidationRule|\Closure>>
      */
     public function rules(): array
     {
@@ -81,7 +83,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.client_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             // Filter by project IDs, project IDs are OR combined
             'properties.project_ids' => [
@@ -90,7 +99,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.project_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'properties.tag_ids' => [
@@ -99,7 +115,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.tag_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             'properties.task_ids' => [
                 'nullable',
@@ -107,7 +130,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.task_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             'properties.group' => [
                 'required',

app/Http/Requests/V1/Tag/TagIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Tag;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class TagIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Task/TaskIndexRequest.php

@@ -26,6 +26,11 @@ class TaskIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
             'project_id' => [
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */

app/Http/Requests/V1/TimeEntry/TimeEntryAggregateExportRequest.php

@@ -16,6 +16,7 @@ use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
 use App\Models\User;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -30,7 +31,7 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -94,10 +95,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by client IDs, client IDs are OR combined
             'client_ids' => [
@@ -106,10 +112,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -118,10 +129,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -130,9 +146,14 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryAggregateRequest.php

@@ -14,6 +14,7 @@ use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
 use App\Models\User;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -28,7 +29,7 @@ class TimeEntryAggregateRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -80,10 +81,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by client IDs, client IDs are OR combined
             'client_ids' => [
@@ -92,10 +98,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -104,10 +115,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -116,9 +132,14 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryIndexExportRequest.php

@@ -6,11 +6,13 @@ namespace App\Http\Requests\V1\TimeEntry;
 
 use App\Enums\ExportFormat;
 use App\Enums\TimeEntryRoundingType;
+use App\Models\Client;
 use App\Models\Member;
 use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -25,7 +27,7 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -57,6 +59,23 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
                     return $builder->whereBelongsTo($this->organization, 'organization');
                 }),
             ],
+            // Filter by client IDs, client IDs are OR combined
+            'client_ids' => [
+                'array',
+                'min:1',
+            ],
+            'client_ids.*' => [
+                'string',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
+            ],
             // Filter by project IDs, project IDs are OR combined
             'project_ids' => [
                 'array',
@@ -64,11 +83,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'project_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -77,11 +100,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'tag_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -90,11 +117,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'task_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Task::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Task> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Task> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryIndexRequest.php

@@ -12,6 +12,7 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\Rule as RuleContract;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
@@ -26,7 +27,7 @@ class TimeEntryIndexRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|RuleContract>>
+     * @return array<string, array<string|ValidationRule|RuleContract|\Closure>>
      */
     public function rules(): array
     {
@@ -58,10 +59,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by project IDs, project IDs are OR combined
             'project_ids' => [
@@ -70,10 +76,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -82,10 +93,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -94,10 +110,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Task> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Task> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryStoreRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -42,7 +44,16 @@ class TimeEntryStoreRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:create:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -79,7 +90,7 @@ class TimeEntryStoreRequest extends BaseFormRequest
             'description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'tags' => [

app/Http/Requests/V1/TimeEntry/TimeEntryUpdateMultipleRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -54,7 +56,16 @@ class TimeEntryUpdateMultipleRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:update:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -79,7 +90,7 @@ class TimeEntryUpdateMultipleRequest extends BaseFormRequest
             'changes.description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'changes.tags' => [

app/Http/Requests/V1/TimeEntry/TimeEntryUpdateRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -42,7 +44,16 @@ class TimeEntryUpdateRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:update:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -77,7 +88,7 @@ class TimeEntryUpdateRequest extends BaseFormRequest
             'description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'tags' => [

app/Http/Resources/V1/Client/ClientCollection.php

@@ -4,9 +4,10 @@ declare(strict_types=1);
 
 namespace App\Http\Resources\V1\Client;
 
+use App\Http\Resources\PaginatedResourceCollection;
 use Illuminate\Http\Resources\Json\ResourceCollection;
 
-class ClientCollection extends ResourceCollection
+class ClientCollection extends ResourceCollection implements PaginatedResourceCollection
 {
     /**
      * The resource that this resource collects.

app/Http/Resources/V1/Organization/OrganizationResource.php

@@ -53,6 +53,10 @@ class OrganizationResource extends BaseResource
             'billable_rate' => $this->showBillableRate ? $this->resource->billable_rate : null,
             /** @var bool $employees_can_see_billable_rates Can members of the organization with role "employee" see the billable rates */
             'employees_can_see_billable_rates' => $this->resource->employees_can_see_billable_rates,
+            /** @var bool $employees_can_manage_tasks Can members of the organization with role "employee" manage tasks in public projects and projects they are assigned to */
+            'employees_can_manage_tasks' => $this->resource->employees_can_manage_tasks,
+            /** @var bool $prevent_overlapping_time_entries Prevent creating overlapping time entries (only new entries) */
+            'prevent_overlapping_time_entries' => $this->resource->prevent_overlapping_time_entries,
             /** @var string $currency Currency code (ISO 4217) */
             'currency' => $this->resource->currency,
             /** @var string $currency_symbol Currency symbol */

app/Http/Resources/V1/Tag/TagCollection.php

@@ -4,9 +4,10 @@ declare(strict_types=1);
 
 namespace App\Http\Resources\V1\Tag;
 
+use App\Http\Resources\PaginatedResourceCollection;
 use Illuminate\Http\Resources\Json\ResourceCollection;
 
-class TagCollection extends ResourceCollection
+class TagCollection extends ResourceCollection implements PaginatedResourceCollection
 {
     /**
      * The resource that this resource collects.

app/Models/Client.php

@@ -7,6 +7,7 @@ namespace App\Models;
 use App\Models\Concerns\CustomAuditable;
 use App\Models\Concerns\HasUuids;
 use Database\Factories\ClientFactory;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
@@ -62,6 +63,18 @@ class Client extends Model implements AuditableContract
         return $this->hasMany(Project::class, 'client_id');
     }
 
+    /**
+     * @param  Builder<Client>  $builder
+     * @return Builder<Client>
+     */
+    public function scopeVisibleByEmployee(Builder $builder, User $user): Builder
+    {
+        return $builder->whereHas('projects', function (Builder $builder) use ($user): Builder {
+            /** @var Builder<Project> $builder */
+            return $builder->visibleByEmployee($user);
+        });
+    }
+
     /**
      * @return Attribute<bool, never>
      */

app/Models/Organization.php

@@ -35,6 +35,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
  * @property int|null $billable_rate
  * @property string $user_id
  * @property bool $employees_can_see_billable_rates
+ * @property bool $employees_can_manage_tasks
  * @property User $owner
  * @property Carbon|null $created_at
  * @property Carbon|null $updated_at
@@ -70,6 +71,8 @@ class Organization extends JetstreamTeam implements AuditableContract
         'personal_team' => 'boolean',
         'currency' => 'string',
         'employees_can_see_billable_rates' => 'boolean',
+        'employees_can_manage_tasks' => 'boolean',
+        'prevent_overlapping_time_entries' => 'boolean',
         'number_format' => NumberFormat::class,
         'currency_format' => CurrencyFormat::class,
         'date_format' => DateFormat::class,

app/Policies/OrganizationPolicy.php

@@ -6,6 +6,7 @@ namespace App\Policies;
 
 use App\Models\Organization;
 use App\Models\User;
+use App\Service\PermissionStore;
 use Filament\Facades\Filament;
 use Illuminate\Auth\Access\HandlesAuthorization;
 
@@ -58,7 +59,7 @@ class OrganizationPolicy
             return true;
         }
 
-        return $user->ownsTeam($organization);
+        return app(PermissionStore::class)->userHas($organization, $user, 'organizations:update');
     }
 
     /**

app/Providers/JetstreamServiceProvider.php

@@ -94,8 +94,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -109,6 +112,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -157,8 +161,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -172,6 +179,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -217,8 +225,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -232,6 +243,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -256,12 +268,13 @@ class JetstreamServiceProvider extends ServiceProvider
             'projects:view',
             'tags:view',
             'tasks:view',
+            'clients:view',
             'time-entries:view:own',
             'time-entries:create:own',
             'time-entries:update:own',
             'time-entries:delete:own',
             'organizations:view',
-        ])->description('Employees have the ability to read, create, and update their own time entries and they can see the projects that they are members of.');
+        ])->description('Employees have the ability to read, create, and update their own time entries, they can see the projects that they are members of and the clients they are assigned to.');
 
         Jetstream::role(Role::Placeholder->value, 'Placeholder', [
         ])->description('Placeholders are used for importing data. They cannot log in and have no permissions.');

app/Service/DashboardService.php

@@ -266,7 +266,8 @@ class DashboardService
                ) as aggregate'))
             ->where('billable', '=', true)
             ->whereNotNull('billable_rate')
-            ->where('user_id', '=', $user->id);
+            ->where('user_id', '=', $user->getKey())
+            ->where('organization_id', '=', $organization->getKey());
 
         $query = $this->constrainDateByPossibleDates($query, $possibleDays, $timezone);
         /** @var Collection<int, object{aggregate: int}> $resultDb */

app/Service/Dto/ReportPropertiesDto.php

@@ -8,6 +8,7 @@ use App\Enums\TimeEntryAggregationType;
 use App\Enums\TimeEntryAggregationTypeInterval;
 use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Database\Eloquent\Castable;
 use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
 use Illuminate\Database\Eloquent\Model;
@@ -174,7 +175,7 @@ class ReportPropertiesDto implements Castable
             if (! is_string($id)) {
                 throw new \InvalidArgumentException('The given ID is not a string');
             }
-            if (! Str::isUuid($id)) {
+            if ($id !== TimeEntryFilter::NONE_VALUE && ! Str::isUuid($id)) {
                 throw new \InvalidArgumentException('The given ID is not a valid UUID');
             }
             $collection->push($id);

app/Service/Export/ExportService.php

@@ -167,7 +167,7 @@ class ExportService
                             $client->id,
                             $client->name,
                             $client->organization_id,
-                            $client->archived_at ?? '',
+                            $client->archived_at?->toIso8601ZuluString() ?? '',
                             $client->created_at?->toIso8601ZuluString() ?? '',
                             $client->updated_at?->toIso8601ZuluString() ?? '',
                         ]);

app/Service/Import/Importers/ClockifyTimeEntriesImporter.php

@@ -112,7 +112,7 @@ class ClockifyTimeEntriesImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($record['Description']) > 500) {
+                if (strlen($record['Description']) > 5000) {
                     throw new ImportException('Time entry description is too long');
                 }
                 $timeEntry->description = $record['Description'];

app/Service/Import/Importers/HarvestTimeEntriesImporter.php

@@ -107,7 +107,7 @@ class HarvestTimeEntriesImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($record['Notes']) > 500) {
+                if (strlen($record['Notes']) > 5000) {
                     throw new ImportException('Time entry note is too long');
                 }
                 $timeEntry->description = $record['Notes'];

app/Service/Import/Importers/SolidtimeImporter.php

@@ -247,7 +247,7 @@ class SolidtimeImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($timeEntryRow['description']) > 500) {
+                if (strlen($timeEntryRow['description']) > 5000) {
                     throw new ImportException('Time entry description is too long');
                 }
                 $timeEntry->description = $timeEntryRow['description'];

app/Service/MemberService.php

@@ -196,6 +196,7 @@ class MemberService
 
         $placeholderUser = $user->replicate();
         $placeholderUser->is_placeholder = true;
+        $placeholderUser->current_team_id = $member->organization_id;
         $placeholderUser->save();
 
         $member->user()->associate($placeholderUser);

app/Service/PermissionStore.php

@@ -71,7 +71,19 @@ class PermissionStore
         /** @var Role|null $roleObj */
         $roleObj = Jetstream::findRole($role);
 
-        return $roleObj->permissions ?? [];
+        $permissions = $roleObj->permissions ?? [];
+
+        // If the organization allows employees to manage tasks and the user is an employee,
+        // add the task management permissions for accessible projects
+        if ($role === \App\Enums\Role::Employee->value && $organization->employees_can_manage_tasks) {
+            $permissions = array_merge($permissions, [
+                'tasks:create',
+                'tasks:update',
+                'tasks:delete',
+            ]);
+        }
+
+        return $permissions;
     }
 
     /**

app/Service/TimeEntryAggregationService.php

@@ -10,6 +10,7 @@ use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
 use App\Models\Client;
 use App\Models\Project;
+use App\Models\Tag;
 use App\Models\Task;
 use App\Models\TimeEntry;
 use App\Models\User;
@@ -17,6 +18,7 @@ use Carbon\CarbonTimeZone;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Log;
 
 class TimeEntryAggregationService
@@ -45,9 +47,21 @@ class TimeEntryAggregationService
     public function getAggregatedTimeEntries(Builder $timeEntriesQuery, ?TimeEntryAggregationType $group1Type, ?TimeEntryAggregationType $group2Type, string $timezone, Weekday $startOfWeek, bool $fillGapsInTimeGroups, ?Carbon $start, ?Carbon $end, bool $showBillableRate, ?TimeEntryRoundingType $roundingType, ?int $roundingMinutes): array
     {
         $fillGapsInTimeGroupsIsPossible = $fillGapsInTimeGroups && $start !== null && $end !== null;
+        /** @var Builder<TimeEntry> $baseTotalsQuery */
+        $baseTotalsQuery = $timeEntriesQuery->clone();
         $group1Select = null;
         $group2Select = null;
         $groupBy = null;
+        // If any grouping is by tag, expand rows per tag and ensure a NULL row for entries without tags
+        if (($group1Type === TimeEntryAggregationType::Tag) || ($group2Type === TimeEntryAggregationType::Tag)) {
+            $timeEntriesQuery->crossJoin(DB::raw(
+                "LATERAL (\n".
+                "  SELECT jsonb_array_elements_text(coalesce(tags, '[]'::jsonb)) AS tag\n".
+                "  UNION ALL\n".
+                "  SELECT ''::text AS tag WHERE coalesce(jsonb_array_length(tags), 0) = 0\n".
+                ') AS tag(tag)'
+            ));
+        }
         if ($group1Type !== null) {
             $group1Select = $this->getGroupByQuery($group1Type, $timezone, $startOfWeek);
             $groupBy = ['group_1'];
@@ -84,6 +98,26 @@ class TimeEntryAggregationService
             $group1Response = [];
             $group1ResponseSum = 0;
             $group1ResponseCost = 0;
+            // If Tag is subgroup, prepare base totals per primary group without tag expansion
+            $baseTotalsPerGroup1Map = [];
+            if ($group2Type === TimeEntryAggregationType::Tag) {
+                $baseTotalsPerGroup1Query = $baseTotalsQuery->clone();
+                $baseTotalsPerGroup1 = $baseTotalsPerGroup1Query
+                    ->selectRaw(
+                        $group1Select.' as group_1,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')))) as aggregate,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')) * (coalesce(billable_rate, 0)::float/60/60))) as cost'
+                    )
+                    ->groupBy('group_1')
+                    ->get();
+                foreach ($baseTotalsPerGroup1 as $row) {
+                    /** @var object{group_1: mixed, aggregate: int|null, cost: int|null} $row */
+                    $baseTotalsPerGroup1Map[(string) ($row->group_1 ?? '')] = [
+                        'aggregate' => (int) ($row->aggregate ?? 0),
+                        'cost' => (int) ($row->cost ?? 0),
+                    ];
+                }
+            }
             foreach ($groupedAggregates as $group1 => $group1Aggregates) {
                 /** @var string|int $group1 */
                 $group2Response = [];
@@ -103,6 +137,14 @@ class TimeEntryAggregationService
                         $group2ResponseSum += (int) $aggregate->get(0)->aggregate;
                         $group2ResponseCost += (int) $aggregate->get(0)->cost;
                     }
+                    // Override primary group totals when Tag is subgroup to avoid double counting
+                    if ($group2Type === TimeEntryAggregationType::Tag) {
+                        $keyForMap = (string) $group1;
+                        if (array_key_exists($keyForMap, $baseTotalsPerGroup1Map)) {
+                            $group2ResponseSum = $baseTotalsPerGroup1Map[$keyForMap]['aggregate'];
+                            $group2ResponseCost = $baseTotalsPerGroup1Map[$keyForMap]['cost'];
+                        }
+                    }
                 } else {
                     /** @var Collection<int, object{aggregate: int, cost: int}> $group1Aggregates */
                     $group2ResponseSum = (int) $group1Aggregates->get(0)->aggregate;
@@ -121,6 +163,23 @@ class TimeEntryAggregationService
                 $group1ResponseCost += $group2ResponseCost;
             }
 
+            // If Tag is selected in any grouping, compute overall totals from base (non-tag-expanded) query to avoid double counting
+            $hasTagGrouping = ($group1Type === TimeEntryAggregationType::Tag) || ($group2Type === TimeEntryAggregationType::Tag);
+            if ($hasTagGrouping) {
+                // Reset selects and ordering on the cloned base query
+                $baseTotals = $baseTotalsQuery
+                    ->selectRaw(
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')))) as aggregate,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')) * (coalesce(billable_rate, 0)::float/60/60))) as cost'
+                    )
+                    ->first();
+                if ($baseTotals !== null) {
+                    /** @var object{aggregate: int|null, cost: int|null} $baseTotals */
+                    $group1ResponseSum = (int) ($baseTotals->aggregate ?? 0);
+                    $group1ResponseCost = (int) ($baseTotals->cost ?? 0);
+                }
+            }
+
             if ($fillGapsInTimeGroupsIsPossible) {
                 $group1Response = $this->fillGapsInTimeGroups($group1Response, $group1Type, $group2Type, $timezone, $startOfWeek, $start, $end);
             }
@@ -294,6 +353,17 @@ class TimeEntryAggregationService
                     'color' => null,
                 ];
             }
+        } elseif ($type === TimeEntryAggregationType::Tag) {
+            $tags = Tag::query()
+                ->whereIn('id', $keys)
+                ->select('id', 'name')
+                ->get();
+            foreach ($tags as $tag) {
+                $descriptorMap[$tag->id] = [
+                    'description' => $tag->name,
+                    'color' => null,
+                ];
+            }
         }
 
         return $descriptorMap;
@@ -436,6 +506,8 @@ class TimeEntryAggregationService
             return 'billable';
         } elseif ($group === TimeEntryAggregationType::Description) {
             return 'description';
+        } elseif ($group === TimeEntryAggregationType::Tag) {
+            return 'tag';
         }
     }
 

app/Service/TimeEntryFilter.php

@@ -12,6 +12,8 @@ use Illuminate\Support\Facades\Log;
 
 class TimeEntryFilter
 {
+    public const string NONE_VALUE = 'none';
+
     /**
      * @var Builder<TimeEntry>
      */
@@ -149,7 +151,17 @@ class TimeEntryFilter
         if ($clientIds === null) {
             return $this;
         }
-        $this->builder->whereIn('client_id', $clientIds);
+        $includeNone = in_array(self::NONE_VALUE, $clientIds, true);
+        $clientIds = array_values(array_filter($clientIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($clientIds, $includeNone): void {
+            if (count($clientIds) > 0) {
+                $builder->whereIn('client_id', $clientIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('client_id');
+            }
+        });
 
         return $this;
     }
@@ -162,7 +174,17 @@ class TimeEntryFilter
         if ($projectIds === null) {
             return $this;
         }
-        $this->builder->whereIn('project_id', $projectIds);
+        $includeNone = in_array(self::NONE_VALUE, $projectIds, true);
+        $projectIds = array_values(array_filter($projectIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($projectIds, $includeNone): void {
+            if (count($projectIds) > 0) {
+                $builder->whereIn('project_id', $projectIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('project_id');
+            }
+        });
 
         return $this;
     }
@@ -175,10 +197,18 @@ class TimeEntryFilter
         if ($tagIds === null) {
             return $this;
         }
-        $this->builder->where(function (Builder $builder) use ($tagIds): void {
+        $includeNone = in_array(self::NONE_VALUE, $tagIds, true);
+        $tagIds = array_values(array_filter($tagIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($tagIds, $includeNone): void {
             foreach ($tagIds as $tagId) {
                 $builder->orWhereJsonContains('tags', $tagId);
             }
+            if ($includeNone) {
+                $builder->orWhere(function (Builder $query): void {
+                    $query->whereJsonLength('tags', 0)->orWhereNull('tags');
+                });
+            }
         });
 
         return $this;
@@ -192,7 +222,17 @@ class TimeEntryFilter
         if ($taskIds === null) {
             return $this;
         }
-        $this->builder->whereIn('task_id', $taskIds);
+        $includeNone = in_array(self::NONE_VALUE, $taskIds, true);
+        $taskIds = array_values(array_filter($taskIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($taskIds, $includeNone): void {
+            if (count($taskIds) > 0) {
+                $builder->whereIn('task_id', $taskIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('task_id');
+            }
+        });
 
         return $this;
     }

app/Service/TimeEntryService.php

@@ -31,12 +31,17 @@ class TimeEntryService
             throw new LogicException('Rounding minutes must be greater than 0');
         }
         $end = 'coalesce("end", \''.Carbon::now()->toDateTimeString().'\')';
+        $start = $this->getStartSelectRawForRounding($roundingType, $roundingMinutes);
         if ($roundingType === TimeEntryRoundingType::Down) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$start.')';
         } elseif ($roundingType === TimeEntryRoundingType::Up) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.$roundingMinutes.' minutes\', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            // If end is already on a boundary, keep it; otherwise round up to next boundary
+            return 'CASE WHEN '.$end.' = date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$start.') '.
+                   'THEN '.$end.' '.
+                   'ELSE date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.$roundingMinutes.' minutes\', '.$start.') '.
+                   'END';
         } elseif ($roundingType === TimeEntryRoundingType::Nearest) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.($roundingMinutes / 2).' minutes\', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.($roundingMinutes / 2).' minutes\', '.$start.')';
         }
     }
 }

database/migrations/2025_10_02_000001_add_prevent_overlapping_time_entries_to_organizations_table.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->boolean('prevent_overlapping_time_entries')->default(false)->after('employees_can_see_billable_rates');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->dropColumn('prevent_overlapping_time_entries');
+        });
+    }
+};

database/migrations/2025_10_16_000001_extend_time_entry_description.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('time_entries', function (Blueprint $table): void {
+            $table->string('description', 5000)->change();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('time_entries', function (Blueprint $table): void {
+            $table->string('description', 500)->change();
+        });
+    }
+};

database/migrations/2025_10_24_120845_add_employees_can_manage_tasks_to_organizations_table.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->boolean('employees_can_manage_tasks')->default(false)->after('employees_can_see_billable_rates');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->dropColumn('employees_can_manage_tasks');
+        });
+    }
+};

database/schema/pgsql_test-schema.sql

@@ -435,7 +435,7 @@ CREATE TABLE public.tasks (
 
 CREATE TABLE public.time_entries (
     id uuid NOT NULL,
-    description character varying(500) NOT NULL,
+    description character varying(5000) NOT NULL,
     start timestamp(0) without time zone NOT NULL,
     "end" timestamp(0) without time zone,
     billable_rate integer,

docker-compose.yml

@@ -5,8 +5,6 @@ services:
             dockerfile: Dockerfile
             args:
                 WWWGROUP: '${WWWGROUP}'
-        ports:
-            - '${FORWARD_WEB_PORT:-8083}:80'
         image: sail-8.3/app
         labels:
             - "traefik.enable=true"
@@ -109,7 +107,7 @@ services:
             - sail
             - reverse-proxy
     playwright:
-        image: mcr.microsoft.com/playwright:v1.51.1-jammy
+        image: mcr.microsoft.com/playwright:v1.58.1-jammy
         command: ['npx', 'playwright', 'test', '--ui-port=8080', '--ui-host=0.0.0.0']
         working_dir: /src
         extra_hosts:

docker/local/minio/create_bucket.sh

@@ -2,7 +2,7 @@
 
 # Source: https://helgesver.re/articles/laravel-sail-create-minio-bucket-automatically
 
-/usr/bin/mc config host add local ${S3_ENDPOINT} ${S3_ACCESS_KEY_ID} ${S3_SECRET_ACCESS_KEY};
+/usr/bin/mc alias set local ${S3_ENDPOINT} ${S3_ACCESS_KEY_ID} ${S3_SECRET_ACCESS_KEY};
 /usr/bin/mc rm -r --force local/${S3_BUCKET};
 /usr/bin/mc mb --ignore-existing local/${S3_BUCKET};
 /usr/bin/mc anonymous set public local/${S3_BUCKET};

docker/prod/Dockerfile

@@ -16,7 +16,7 @@ RUN CGO_ENABLED=1 \
     XCADDY_GO_BUILD_FLAGS="-ldflags='-w -s' -tags=nobadger,nomysql,nopgx" \
     CGO_CFLAGS=$(php-config --includes) \
     CGO_LDFLAGS="$(php-config --ldflags) $(php-config --libs)" \
-    xcaddy build \
+    xcaddy build v2.10.0 \
         --output /usr/local/bin/frankenphp \
         --with github.com/dunglas/frankenphp=./ \
         --with github.com/dunglas/frankenphp/caddy=./caddy/ \

e2e/auth.spec.ts

@@ -1,5 +1,6 @@
 import { expect, test } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { getPasswordResetUrl } from './utils/mailpit';
 
 async function registerNewUser(page, email, password) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/register');
@@ -35,14 +36,198 @@ test('can register and delete account', async ({ page }) => {
     await registerNewUser(page, email, password);
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await page.getByRole('button', { name: 'Delete Account' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
     await page.getByPlaceholder('Password').fill(password);
-    await page.getByRole('button', { name: 'Delete Account' }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Delete Account' }).click();
     await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
     await page.goto(PLAYWRIGHT_BASE_URL + '/login');
     await page.getByLabel('Email').fill(email);
     await page.getByLabel('Password').fill(password);
     await page.getByRole('button', { name: 'Log in' }).click();
-    await expect(page.getByRole('paragraph')).toContainText(
+    await expect(page.getByRole('alert')).toContainText(
         'These credentials do not match our records.'
     );
 });
+
+test('shows error for invalid email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with non-existent email
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+
+    // Should show error message
+    await expect(page.getByText("We can't find a user with that email address.")).toBeVisible();
+});
+
+test('shows browser validation for invalid email format on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with invalid email format
+    const emailInput = page.getByLabel('Email');
+    await emailInput.fill('notanemail');
+
+    // Check for browser validation - the input should be invalid
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => !el.validity.valid);
+    expect(isInvalid).toBe(true);
+});
+
+test('shows browser validation for empty email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // The email input is required, so it should be invalid when empty
+    const emailInput = page.getByLabel('Email');
+
+    // Check for browser validation - the input should be invalid because it's required and empty
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => el.validity.valueMissing);
+    expect(isInvalid).toBe(true);
+});
+
+test('can reset password via email link', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    const newPassword = 'mynewsecurepassword456';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in new password
+    await page.getByLabel('Password', { exact: true }).fill(newPassword);
+    await page.getByLabel('Confirm Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should redirect to login page after successful reset
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try logging in with new password
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Log in' }).click();
+    await expect(page.getByTestId('dashboard_view')).toBeVisible();
+});
+
+test('shows validation error for password mismatch on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in mismatched passwords
+    await page.getByLabel('Password', { exact: true }).fill('newpassword123');
+    await page.getByLabel('Confirm Password').fill('differentpassword456');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error
+    await expect(page.getByText('The password field confirmation does not match.')).toBeVisible();
+});
+
+test('shows validation error for short password on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in short password
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error about minimum length
+    await expect(page.getByText('must be at least')).toBeVisible();
+});
+
+test('shows error for invalid login credentials', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/login');
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByLabel('Password').fill('wrongpassword123');
+    await page.getByRole('button', { name: 'Log in' }).click();
+
+    await expect(page.getByText('These credentials do not match our records.')).toBeVisible();
+});
+
+test('shows error when registering with existing email', async ({ page }) => {
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const password = 'suchagreatpassword123';
+
+    // Register first user
+    await registerNewUser(page, email, password);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try to register with the same email
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Another User');
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password', { exact: true }).fill(password);
+    await page.getByLabel('Confirm Password').fill(password);
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    // Should show error about email already taken
+    await expect(page.getByText('The resource already exists.')).toBeVisible();
+});
+
+test('shows validation error for weak password on registration', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Weak Password User');
+    await page.getByLabel('Email').fill(`weak+${Math.round(Math.random() * 10000)}@test.com`);
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    await expect(page.getByText('must be at least')).toBeVisible();
+});

e2e/calendar.spec.ts

@@ -0,0 +1,326 @@
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { test } from '../playwright/fixtures';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
+import {
+    createBillableProjectViaApi,
+    createProjectViaApi,
+    createBareTimeEntryViaApi,
+    createTimeEntryViaApi,
+} from './utils/api';
+
+async function goToCalendar(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/calendar');
+}
+
+/**
+ * These tests verify that changing the project on a time entry via the calendar
+ * updates the billable status to match the new project's is_billable setting.
+ *
+ * Issue: https://github.com/solidtime-io/solidtime/issues/981
+ */
+
+test('test that changing project in calendar edit modal from non-billable to billable updates billable status', async ({
+    page,
+    ctx,
+}) => {
+    const billableProjectName = 'Billable Cal Project ' + Math.floor(1 + Math.random() * 10000);
+
+    await createBillableProjectViaApi(ctx, { name: billableProjectName });
+    await createBareTimeEntryViaApi(ctx, 'Test billable calendar', '1h');
+
+    await goToCalendar(page);
+
+    // Click on the time entry event in the calendar
+    await page.locator('.fc-event').filter({ hasText: 'Test billable calendar' }).first().click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Verify initially non-billable
+    await expect(
+        page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Non-Billable' })
+    ).toBeVisible();
+
+    // Select the billable project
+    await page.getByRole('dialog').getByRole('button', { name: 'No Project' }).click();
+    await page.getByRole('option', { name: billableProjectName }).click();
+
+    // Verify the billable dropdown updated to Billable
+    await expect(
+        page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Billable' })
+    ).toBeVisible();
+
+    // Save and verify
+    const [updateResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Time Entry' }).click(),
+    ]);
+    const responseBody = await updateResponse.json();
+    expect(responseBody.data.billable).toBe(true);
+});
+
+test('test that changing project in calendar edit modal from billable to non-billable updates billable status', async ({
+    page,
+    ctx,
+}) => {
+    const billableProjectName = 'Billable Cal Rev Project ' + Math.floor(1 + Math.random() * 10000);
+    const nonBillableProjectName =
+        'NonBillable Cal Rev Project ' + Math.floor(1 + Math.random() * 10000);
+
+    await createBillableProjectViaApi(ctx, { name: billableProjectName });
+    await createProjectViaApi(ctx, { name: nonBillableProjectName });
+    await createBareTimeEntryViaApi(ctx, 'Test billable cal reverse', '1h');
+
+    await goToCalendar(page);
+
+    // Click on the time entry event in the calendar
+    await page
+        .locator('.fc-event')
+        .filter({ hasText: 'Test billable cal reverse' })
+        .first()
+        .click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // First assign the billable project
+    await page.getByRole('dialog').getByRole('button', { name: 'No Project' }).click();
+    await page.getByRole('option', { name: billableProjectName }).click();
+
+    // Verify billable status flipped to Billable
+    await expect(
+        page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Billable' })
+    ).toBeVisible();
+
+    // Now switch to the non-billable project
+    await page.getByRole('dialog').getByRole('button', { name: billableProjectName }).click();
+    await page.getByRole('option', { name: nonBillableProjectName }).click();
+
+    // Verify billable status reverted to Non-Billable
+    await expect(
+        page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Non-Billable' })
+    ).toBeVisible();
+
+    // Save and verify
+    const [updateResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Time Entry' }).click(),
+    ]);
+    const responseBody = await updateResponse.json();
+    expect(responseBody.data.billable).toBe(false);
+});
+
+test('test that opening calendar edit modal for a time entry with manually overridden billable status preserves that status', async ({
+    page,
+    ctx,
+}) => {
+    const billableProjectName =
+        'Billable Cal Persist Project ' + Math.floor(1 + Math.random() * 10000);
+
+    await createBillableProjectViaApi(ctx, { name: billableProjectName });
+    await createBareTimeEntryViaApi(ctx, 'Test cal persist override', '1h');
+
+    await goToCalendar(page);
+
+    // Click on the time entry event in the calendar
+    await page
+        .locator('.fc-event')
+        .filter({ hasText: 'Test cal persist override' })
+        .first()
+        .click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Assign the billable project
+    await page.getByRole('dialog').getByRole('button', { name: 'No Project' }).click();
+    await page.getByRole('option', { name: billableProjectName }).click();
+
+    // Verify it auto-set to Billable
+    await expect(
+        page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Billable' })
+    ).toBeVisible();
+
+    // Now manually override billable to Non-Billable via the dropdown
+    await page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await page.getByRole('option', { name: 'Non Billable' }).click();
+
+    // Verify it shows Non-Billable now
+    await expect(
+        page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Non-Billable' })
+    ).toBeVisible();
+
+    // Save
+    const [firstSaveResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Time Entry' }).click(),
+    ]);
+    const firstBody = await firstSaveResponse.json();
+    expect(firstBody.data.billable).toBe(false);
+
+    // Re-open the edit modal from the calendar — the project_id watcher should NOT override billable
+    await page
+        .locator('.fc-event')
+        .filter({ hasText: 'Test cal persist override' })
+        .first()
+        .click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // The billable dropdown should still show Non-Billable
+    await expect(
+        page.getByRole('dialog').getByRole('combobox').filter({ hasText: 'Non-Billable' })
+    ).toBeVisible();
+
+    // Save without changes and verify the response still has billable=false
+    const [updateResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Time Entry' }).click(),
+    ]);
+    const responseBody = await updateResponse.json();
+    expect(responseBody.data.billable).toBe(false);
+});
+
+test('test that calendar page loads and displays time entries', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Calendar display test', '1h');
+
+    await goToCalendar(page);
+
+    // Calendar container should be visible
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // The time entry should appear as a calendar event
+    await expect(
+        page.locator('.fc-event').filter({ hasText: 'Calendar display test' }).first()
+    ).toBeVisible();
+});
+
+test('test that calendar navigation buttons work', async ({ page }) => {
+    await goToCalendar(page);
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // Click the "next" button to navigate forward
+    await page.locator('button.fc-next-button').click();
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // Click the "prev" button to navigate back
+    await page.locator('button.fc-prev-button').click();
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // Navigate forward first so "today" button becomes enabled, then click it
+    await page.locator('button.fc-next-button').click();
+    await page.locator('button.fc-today-button').click();
+    await expect(page.locator('.fc')).toBeVisible();
+});
+
+test('test that editing time entry description via calendar modal works', async ({ page, ctx }) => {
+    const originalDescription = 'Edit me in calendar ' + Math.floor(1 + Math.random() * 10000);
+    const updatedDescription = 'Updated in calendar ' + Math.floor(1 + Math.random() * 10000);
+    await createBareTimeEntryViaApi(ctx, originalDescription, '1h');
+
+    await goToCalendar(page);
+
+    // Click on the time entry event
+    await page.locator('.fc-event').filter({ hasText: originalDescription }).first().click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Update the description (edit modal uses placeholder, not data-testid)
+    const descriptionInput = page.getByRole('dialog').getByPlaceholder('What did you work on?');
+    await descriptionInput.fill(updatedDescription);
+
+    // Save and verify
+    const [editResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Time Entry' }).click(),
+    ]);
+    const editBody = await editResponse.json();
+    expect(editBody.data.description).toBe(updatedDescription);
+
+    // Verify the updated description is shown in the calendar UI
+    await expect(
+        page.locator('.fc-event').filter({ hasText: updatedDescription }).first()
+    ).toBeVisible();
+    // Verify the old description is no longer shown
+    await expect(
+        page.locator('.fc-event').filter({ hasText: originalDescription })
+    ).not.toBeVisible();
+});
+
+test('test that deleting time entry from calendar modal works', async ({ page, ctx }) => {
+    const description = 'Delete me from calendar ' + Math.floor(1 + Math.random() * 10000);
+    await createBareTimeEntryViaApi(ctx, description, '1h');
+
+    await goToCalendar(page);
+
+    // Click on the time entry event
+    await page.locator('.fc-event').filter({ hasText: description }).first().click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Click the delete button
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click(),
+    ]);
+
+    // Verify the event is removed from the calendar
+    await expect(page.locator('.fc-event').filter({ hasText: description })).not.toBeVisible();
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Calendar Isolation', () => {
+    test('employee can only see their own time entries on the calendar', async ({
+        ctx,
+        employee,
+    }) => {
+        // Owner creates a time entry for today
+        const ownerDescription = 'OwnerCalEntry ' + Math.floor(Math.random() * 10000);
+        await createBareTimeEntryViaApi(ctx, ownerDescription, '1h');
+
+        // Create a time entry for the employee for today
+        const employeeDescription = 'EmpCalEntry ' + Math.floor(Math.random() * 10000);
+        await createTimeEntryViaApi(
+            { ...ctx, memberId: employee.memberId },
+            { description: employeeDescription, duration: '30min' }
+        );
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/calendar');
+        await expect(employee.page.locator('.fc')).toBeVisible({ timeout: 10000 });
+
+        // Employee's event IS visible
+        await expect(
+            employee.page.locator('.fc-event').filter({ hasText: employeeDescription }).first()
+        ).toBeVisible({ timeout: 10000 });
+
+        // Owner's event is NOT visible
+        await expect(
+            employee.page.locator('.fc-event').filter({ hasText: ownerDescription })
+        ).not.toBeVisible();
+    });
+});

e2e/clients.spec.ts

@@ -1,18 +1,23 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
+import {
+    createClientViaApi,
+    createProjectMemberViaApi,
+    createProjectViaApi,
+    createPublicProjectViaApi,
+} from './utils/api';
+import { getTableRowNames } from './utils/table';
 
-async function goToProjectsOverview(page: Page) {
+async function goToClientsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/clients');
 }
 
-// Create new project via modal
-test('test that creating and deleting a new client via the modal works', async ({
-    page,
-}) => {
-    const newClientName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
-    await goToProjectsOverview(page);
+// Create new client via modal
+test('test that creating and deleting a new client via the modal works', async ({ page }) => {
+    const newClientName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
+    await goToClientsOverview(page);
     await page.getByRole('button', { name: 'Create Client' }).click();
     await page.getByPlaceholder('Client Name').fill(newClientName);
     await Promise.all([
@@ -28,13 +33,9 @@ test('test that creating and deleting a new client via the modal works', async (
     ]);
 
     await expect(page.getByTestId('client_table')).toContainText(newClientName);
-    const moreButton = page.locator(
-        "[aria-label='Actions for Client " + newClientName + "']"
-    );
-    moreButton.click();
-    const deleteButton = page.locator(
-        "[aria-label='Delete Client " + newClientName + "']"
-    );
+    const moreButton = page.locator("[aria-label='Actions for Client " + newClientName + "']");
+    await moreButton.click();
+    const deleteButton = page.locator("[aria-label='Delete Client " + newClientName + "']");
 
     await Promise.all([
         deleteButton.click(),
@@ -45,18 +46,14 @@ test('test that creating and deleting a new client via the modal works', async (
                 response.status() === 204
         ),
     ]);
-    await expect(page.getByTestId('client_table')).not.toContainText(
-        newClientName
-    );
+    await expect(page.getByTestId('client_table')).not.toContainText(newClientName);
 });
 
-test('test that archiving and unarchiving clients works', async ({ page }) => {
+test('test that archiving and unarchiving clients works', async ({ page, ctx }) => {
     const newClientName = 'New Client ' + Math.floor(1 + Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Client' }).click();
-    await page.getByLabel('Client Name').fill(newClientName);
+    await createClientViaApi(ctx, { name: newClientName });
 
-    await page.getByRole('button', { name: 'Create Client' }).click();
+    await goToClientsOverview(page);
     await expect(page.getByText(newClientName)).toBeVisible();
 
     await page.getByRole('row').first().getByRole('button').click();
@@ -80,4 +77,226 @@ test('test that archiving and unarchiving clients works', async ({ page }) => {
     ]);
 });
 
-// TODO: Add Name Update Test
+test('test that editing a client name works', async ({ page, ctx }) => {
+    const originalName = 'Original Client ' + Math.floor(1 + Math.random() * 10000);
+    const updatedName = 'Updated Client ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: originalName });
+
+    await goToClientsOverview(page);
+    await expect(page.getByText(originalName)).toBeVisible();
+
+    // Open edit modal via actions menu
+    const moreButton = page.locator("[aria-label='Actions for Client " + originalName + "']");
+    await moreButton.click();
+    await page.getByTestId('client_edit').click();
+
+    // Update the client name
+    await page.getByPlaceholder('Client Name').fill(updatedName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Client' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify updated name is shown and old name is gone
+    await expect(page.getByTestId('client_table')).toContainText(updatedName);
+    await expect(page.getByTestId('client_table')).not.toContainText(originalName);
+});
+
+test('test that deleting a client via actions menu works', async ({ page, ctx }) => {
+    const clientName = 'DeleteMe Client ' + Math.floor(1 + Math.random() * 10000);
+
+    await createClientViaApi(ctx, { name: clientName });
+
+    await goToClientsOverview(page);
+    await expect(page.getByTestId('client_table')).toContainText(clientName);
+
+    const moreButton = page.locator("[aria-label='Actions for Client " + clientName + "']");
+    await moreButton.click();
+    const deleteButton = page.locator("[aria-label='Delete Client " + clientName + "']");
+
+    await Promise.all([
+        deleteButton.click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+    ]);
+
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+async function clearClientTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('client-table-state');
+    });
+}
+
+test('test that sorting clients by name and status works', async ({ page, ctx }) => {
+    await createClientViaApi(ctx, { name: 'AAA SortClient' });
+    await createClientViaApi(ctx, { name: 'ZZZ SortClient' });
+
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    // -- Name sorting (default is name asc) --
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortClient')).toBeLessThan(names.indexOf('ZZZ SortClient'));
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortClient')).toBeLessThan(names.indexOf('AAA SortClient'));
+
+    // -- Status sorting --
+    const statusHeader = table.getByText('Status').first();
+    await statusHeader.click(); // asc
+    await expect(statusHeader.locator('svg')).toBeVisible();
+    await statusHeader.click(); // desc
+    await expect(statusHeader.locator('svg')).toBeVisible();
+});
+
+test('test that sorting clients by project count works', async ({ page, ctx }) => {
+    const clientWithMany = await createClientViaApi(ctx, { name: 'ManyProjects Client' });
+    const clientWithNone = await createClientViaApi(ctx, { name: 'NoProjects Client' });
+
+    // Create projects for the first client
+    await createProjectViaApi(ctx, { name: 'Proj1', client_id: clientWithMany.id });
+    await createProjectViaApi(ctx, { name: 'Proj2', client_id: clientWithMany.id });
+
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    // Click Projects header - first click should sort desc (most projects first)
+    const projectsHeader = table.getByText('Projects').first();
+    await projectsHeader.click();
+    await expect(projectsHeader.locator('svg')).toBeVisible();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('ManyProjects Client')).toBeLessThan(names.indexOf('NoProjects Client'));
+
+    // Second click toggles to asc (least projects first)
+    await projectsHeader.click();
+    names = await getTableRowNames(table);
+    expect(names.indexOf('NoProjects Client')).toBeLessThan(names.indexOf('ManyProjects Client'));
+});
+
+test('test that client sort state persists after page reload', async ({ page }) => {
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    await expect(nameHeader.locator('svg')).toBeVisible();
+
+    await page.reload();
+
+    await expect(page.getByTestId('client_table')).toBeVisible();
+    await expect(
+        page.getByTestId('client_table').getByText('Name').first().locator('svg')
+    ).toBeVisible();
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Clients Restrictions', () => {
+    test('employee can view clients but cannot create', async ({ ctx, employee }) => {
+        // Create a client with a public project so the employee can see the client
+        const clientName = 'EmpViewClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+        await createPublicProjectViaApi(ctx, { name: 'EmpClientProj', client_id: client.id });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByTestId('clients_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Employee can see the client
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+
+        // Employee cannot see Create Client button
+        await expect(
+            employee.page.getByRole('button', { name: 'Create Client' })
+        ).not.toBeVisible();
+    });
+
+    test('employee cannot see edit/delete/archive actions on clients', async ({
+        ctx,
+        employee,
+    }) => {
+        const clientName = 'EmpActionsClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+        await createPublicProjectViaApi(ctx, { name: 'EmpClientActProj', client_id: client.id });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+
+        // Click the actions dropdown trigger to open the menu
+        const actionsButton = employee.page.locator(
+            `[aria-label='Actions for Client ${clientName}']`
+        );
+        await actionsButton.click();
+
+        // The dropdown menu items (Edit, Archive, Delete) should NOT be visible
+        await expect(
+            employee.page.locator(`[aria-label='Edit Client ${clientName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Archive Client ${clientName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Delete Client ${clientName}']`)
+        ).not.toBeVisible();
+    });
+
+    test('employee can see client when they are a member of its private project', async ({
+        ctx,
+        employee,
+    }) => {
+        const clientName = 'EmpPrivateClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+
+        // Create a private project under this client
+        const project = await createProjectViaApi(ctx, {
+            name: 'PrivateProj',
+            client_id: client.id,
+            is_public: false,
+        });
+
+        // Add the employee as a project member
+        await createProjectMemberViaApi(ctx, project.id, {
+            member_id: employee.memberId,
+        });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByTestId('clients_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Employee can see the client because they are a member of its private project
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+    });
+});

e2e/command-palette.spec.ts

@@ -0,0 +1,474 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+
+const TIMER_BUTTON_SELECTOR = '[data-testid="dashboard_timer"] [data-testid="timer_button"]';
+
+async function goToDashboard(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+}
+
+async function openCommandPalette(page: Page) {
+    await page.getByTestId('command_palette_button').click();
+    await expect(page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+}
+
+async function closeCommandPalette(page: Page) {
+    await page.keyboard.press('Escape');
+    await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+}
+
+async function searchInCommandPalette(page: Page, query: string) {
+    await page.locator('[role="dialog"] input').fill(query);
+    // Wait for search debounce to settle (command palette uses a debounced search)
+    await page.waitForTimeout(300);
+}
+
+async function selectCommand(page: Page, name: string) {
+    const option = page.getByRole('option', { name, exact: true });
+    await option.scrollIntoViewIfNeeded();
+    await option.click();
+}
+
+async function assertTimerIsRunning(page: Page) {
+    await expect(page.locator(TIMER_BUTTON_SELECTOR).and(page.locator(':visible'))).toHaveClass(
+        /bg-red-400\/80/,
+        {
+            timeout: 10000,
+        }
+    );
+}
+
+async function assertTimerIsStopped(page: Page) {
+    await expect(page.locator(TIMER_BUTTON_SELECTOR).and(page.locator(':visible'))).toHaveClass(
+        /bg-accent-300\/70/,
+        {
+            timeout: 10000,
+        }
+    );
+}
+
+test.describe('Command Palette', () => {
+    test.describe('Opening and Closing', () => {
+        test('opens via search button and closes with Escape', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await expect(
+                page.locator('[role="dialog"] input[placeholder*="command"]')
+            ).toBeVisible();
+
+            await closeCommandPalette(page);
+            await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+        });
+
+        test('opens with keyboard shortcut', async ({ page }) => {
+            await goToDashboard(page);
+            // Click on body to ensure page has focus
+            await page.locator('body').click();
+            // Use ControlOrMeta which resolves to Ctrl on Linux/Windows and Meta on macOS
+            await page.keyboard.press('ControlOrMeta+k');
+            await expect(page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+        });
+
+        test('clears search on close', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'dashboard');
+            await closeCommandPalette(page);
+
+            await openCommandPalette(page);
+            await expect(page.locator('[role="dialog"] input')).toHaveValue('');
+        });
+    });
+
+    test.describe('Command Display', () => {
+        test('displays navigation and timer commands', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            // Navigation commands
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Go to Time' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+
+            // Timer commands
+            await expect(page.getByRole('option', { name: 'Start Timer' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Time Entry' })).toBeVisible();
+        });
+
+        test('displays create commands', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await expect(page.getByRole('option', { name: 'Create Project' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Client' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Tag' })).toBeVisible();
+        });
+    });
+
+    test.describe('Navigation Commands', () => {
+        // Tests use element visibility assertions for consistency with codebase patterns
+        const navigationTests = [
+            ['Go to Dashboard', 'dashboard_view', '/time'],
+            ['Go to Time', 'time_view', '/dashboard'],
+            ['Go to Calendar', 'calendar_view', '/dashboard'],
+            ['Go to Projects', 'projects_view', '/dashboard'],
+            ['Go to Clients', 'clients_view', '/dashboard'],
+            ['Go to Members', 'members_view', '/dashboard'],
+            ['Go to Tags', 'tags_view', '/dashboard'],
+        ] as const;
+
+        for (const [commandName, expectedTestId, startUrl] of navigationTests) {
+            test(`${commandName}`, async ({ page }) => {
+                await page.goto(PLAYWRIGHT_BASE_URL + startUrl);
+                await openCommandPalette(page);
+                await searchInCommandPalette(page, commandName.replace('Go to ', ''));
+                await selectCommand(page, commandName);
+                await expect(page.getByTestId(expectedTestId)).toBeVisible({ timeout: 10000 });
+            });
+        }
+
+        test('Go to Profile', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Profile');
+            await selectCommand(page, 'Go to Profile');
+            // Profile page doesn't have a testId, so check for a unique element
+            await expect(page.getByRole('heading', { name: 'Profile Information' })).toBeVisible({
+                timeout: 10000,
+            });
+        });
+
+        test('Go to Reporting Overview', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Reporting Overview');
+            await selectCommand(page, 'Go to Reporting Overview');
+            await expect(page.getByTestId('reporting_view')).toBeVisible({ timeout: 10000 });
+        });
+
+        test('Go to Settings', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Settings');
+            await selectCommand(page, 'Go to Settings');
+            // Settings page uses team settings which has an h3 heading
+            await expect(
+                page.getByRole('heading', { name: 'Organization Name', level: 3 })
+            ).toBeVisible({
+                timeout: 10000,
+            });
+        });
+    });
+
+    test.describe('Search and Filtering', () => {
+        test('filters commands when searching', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'dashboard');
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+
+            await searchInCommandPalette(page, 'calendar');
+            await expect(page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+        });
+
+        test('search is case insensitive', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'DASHBOARD');
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+        });
+
+        test('partial word search works', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'proj');
+            await expect(page.getByRole('option', { name: 'Go to Projects' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Project' })).toBeVisible();
+        });
+
+        test('keyboard navigation and selection works', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await page.keyboard.press('ArrowDown');
+            await page.keyboard.press('ArrowDown');
+            await page.keyboard.press('Enter');
+
+            await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+        });
+    });
+
+    test.describe('Theme Commands', () => {
+        test('switches to dark theme', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Dark Theme');
+            await selectCommand(page, 'Switch to Dark Theme');
+            await expect(page.locator('html')).toHaveClass(/dark/);
+        });
+
+        test('switches to light theme', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Light Theme');
+            await selectCommand(page, 'Switch to Light Theme');
+            await expect(page.locator('html')).toHaveClass(/light/);
+        });
+    });
+
+    test.describe('Timer Commands', () => {
+        test('starts and stops timer', async ({ page }) => {
+            await goToDashboard(page);
+
+            // Start timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Start Timer');
+            await selectCommand(page, 'Start Timer');
+            await assertTimerIsRunning(page);
+
+            // Stop timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Stop Timer');
+            await selectCommand(page, 'Stop Timer');
+            await assertTimerIsStopped(page);
+        });
+
+        test('shows active timer commands when running', async ({ page }) => {
+            await goToDashboard(page);
+
+            // Start timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Start Timer');
+            await selectCommand(page, 'Start Timer');
+            await assertTimerIsRunning(page);
+
+            // Check active timer commands - search for them to ensure visibility
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Set Project');
+            await expect(page.getByRole('option', { name: 'Set Project' })).toBeVisible();
+        });
+    });
+
+    test.describe('Create Commands', () => {
+        test('opens create time entry modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Time Entry');
+            await selectCommand(page, 'Create Time Entry');
+            await expect(
+                page.locator('[role="dialog"]').getByText('Create manual time entry')
+            ).toBeVisible();
+        });
+
+        test('opens create project modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Project');
+            await selectCommand(page, 'Create Project');
+            await expect(
+                page.locator('[role="dialog"]').getByRole('heading', { name: 'Create Project' })
+            ).toBeVisible();
+        });
+
+        test('opens create client modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Client');
+            await selectCommand(page, 'Create Client');
+            await expect(
+                page.locator('[role="dialog"]').getByRole('heading', { name: 'Create Client' })
+            ).toBeVisible();
+        });
+
+        test('opens create tag modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Tag');
+            await selectCommand(page, 'Create Tag');
+            await expect(page.locator('[role="dialog"]').getByText('Create Tags')).toBeVisible();
+        });
+
+        test('opens invite member modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Invite Member');
+            await selectCommand(page, 'Invite Member');
+            // Modal has title with "Invite Member" text - use first() to get the title span
+            await expect(
+                page.locator('[role="dialog"]').getByText('Invite Member').first()
+            ).toBeVisible();
+        });
+    });
+
+    test.describe('Entity Search', () => {
+        test('searches for projects and navigates on selection', async ({ page }) => {
+            const projectName = 'CmdPalette' + Math.floor(Math.random() * 10000);
+
+            // Create project first
+            await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+            await page.getByRole('button', { name: 'Create Project' }).click();
+            await page.getByPlaceholder('The next big thing').fill(projectName);
+
+            await page.getByRole('button', { name: 'Create Project' }).click();
+            // Wait for project to be created and page to update
+            await expect(page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+
+            // Search from the projects page where the query cache now has the new project
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, projectName);
+
+            // Wait for entity search to return results
+            const projectOption = page.getByRole('option').filter({ hasText: projectName });
+            await expect(projectOption).toBeVisible({
+                timeout: 5000,
+            });
+
+            // Select the project from search results
+            await projectOption.click();
+        });
+    });
+
+    test.describe('Organization Switching', () => {
+        test('shows switch commands only when multiple organizations exist', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            // With only one org, no switch commands should appear
+            await searchInCommandPalette(page, 'Switch to');
+            // Check that no organization switch commands appear (only theme switch commands)
+            const switchOptions = page.getByRole('option', { name: /^Switch to (?!.*Theme)/ });
+            await expect(switchOptions).toHaveCount(0);
+        });
+
+        test('switches organization via command palette', async ({ page }) => {
+            const newOrgName = 'TestOrg' + Math.floor(Math.random() * 10000);
+
+            // Create a new organization
+            await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
+            await page.getByLabel('Organization Name').fill(newOrgName);
+            await page.getByRole('button', { name: 'Create' }).click();
+
+            // Wait for navigation to new org's dashboard
+            await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+            // Use visible switcher (desktop sidebar has one, mobile header has another)
+            const orgSwitcher = page.locator('[data-testid="organization_switcher"]:visible');
+
+            // Verify we're in the new org by checking the switcher
+            await expect(orgSwitcher).toContainText(newOrgName);
+
+            // Get the original org name from switcher dropdown
+            await orgSwitcher.click();
+            await expect(page.getByText('Switch Organizations')).toBeVisible();
+
+            // Find the other organization button (has ArrowRightIcon, not CheckCircleIcon)
+            // The button contains an SVG and a div with the org name
+            const otherOrgItem = page.locator('form button').filter({ hasText: /.+/ }).first();
+            await expect(otherOrgItem).toBeVisible();
+            const originalOrgName = (await otherOrgItem.innerText()).trim();
+            await page.keyboard.press('Escape'); // Close dropdown
+
+            // Now use command palette to switch back to original org
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Switch to');
+
+            // Should see the switch command for the original org
+            const switchCommand = page.getByRole('option', {
+                name: new RegExp(`Switch to ${originalOrgName}`),
+            });
+            await expect(switchCommand).toBeVisible();
+            await switchCommand.click();
+
+            // Wait for organization switch to complete
+            await expect(orgSwitcher).toContainText(originalOrgName, {
+                timeout: 10000,
+            });
+        });
+
+        test('organization switch commands appear in Organization group', async ({ page }) => {
+            const newOrgName = 'GroupTestOrg' + Math.floor(Math.random() * 10000);
+
+            // Create a new organization to ensure we have multiple
+            await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
+            await page.getByLabel('Organization Name').fill(newOrgName);
+            await page.getByRole('button', { name: 'Create' }).click();
+            await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+            // Open command palette and check for Organization group heading
+            await openCommandPalette(page);
+
+            // The Organization group should be visible when there are switch commands
+            await expect(page.getByText('Organization', { exact: true })).toBeVisible();
+        });
+    });
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Command Palette Restrictions', () => {
+    test('employee command palette does not show restricted navigation commands', async ({
+        employee,
+    }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Open command palette
+        await employee.page.getByTestId('command_palette_button').click();
+        await expect(employee.page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+
+        // Available navigation commands
+        await expect(employee.page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Go to Time' })).toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+
+        // Restricted commands should NOT be visible
+        await expect(
+            employee.page.getByRole('option', { name: 'Go to Members' })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Go to Settings' })
+        ).not.toBeVisible();
+    });
+
+    test('employee command palette does not show create commands for restricted entities', async ({
+        employee,
+    }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Open command palette
+        await employee.page.getByTestId('command_palette_button').click();
+        await expect(employee.page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+
+        // Search for "Create" to filter
+        await employee.page.locator('[role="dialog"] input').fill('Create');
+        await employee.page.waitForTimeout(300);
+
+        // Should NOT see create commands for restricted entities
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Project' })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Client' })
+        ).not.toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Create Tag' })).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Invite Member' })
+        ).not.toBeVisible();
+
+        // Should still see Create Time Entry (employees can create time entries)
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Time Entry' })
+        ).toBeVisible();
+    });
+});

e2e/dashboard.spec.ts

@@ -0,0 +1,198 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import {
+    assertThatTimerHasStarted,
+    assertThatTimerIsStopped,
+    newTimeEntryResponse,
+    startOrStopTimerWithButton,
+    stoppedTimeEntryResponse,
+} from './utils/currentTimeEntry';
+import {
+    createBareTimeEntryViaApi,
+    createPublicProjectViaApi,
+    createTimeEntryViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
+
+async function goToDashboard(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+}
+
+test('test that dashboard loads with all expected sections', async ({ page }) => {
+    await goToDashboard(page);
+    await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+    // Timer section (scoped to dashboard_timer to avoid matching sidebar timer)
+    await expect(page.getByTestId('time_entry_description')).toBeVisible();
+    await expect(
+        page
+            .getByTestId('dashboard_timer')
+            .getByTestId('timer_button')
+            .and(page.locator(':visible'))
+    ).toBeVisible();
+
+    // Dashboard cards
+    await expect(page.getByText('Recent Time Entries', { exact: true })).toBeVisible();
+    await expect(page.getByText('Last 7 Days', { exact: true })).toBeVisible();
+    await expect(page.getByText('Activity Graph', { exact: true })).toBeVisible();
+    await expect(page.getByText('Team Activity', { exact: true })).toBeVisible();
+
+    // Weekly overview section
+    await expect(page.getByText('This Week', { exact: true })).toBeVisible();
+});
+
+test('test that dashboard shows time entry data after creating entries', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Dashboard test entry', '1h');
+
+    await goToDashboard(page);
+    await expect(page.getByTestId('dashboard_view')).toBeVisible();
+
+    // The "Last 7 Days" or "This Week" section should reflect tracked time
+    await expect(page.getByText('This Week', { exact: true })).toBeVisible();
+});
+
+test('test that timer on dashboard can start and stop', async ({ page }) => {
+    await goToDashboard(page);
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
+
+    await page.waitForTimeout(1500);
+
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerIsStopped(page);
+});
+
+test('test that weekly overview section displays stat cards', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Stats test entry', '2h');
+
+    await goToDashboard(page);
+
+    // Verify stat card labels are visible
+    await expect(page.getByText('Spent Time')).toBeVisible();
+    await expect(page.getByText('Billable Time')).toBeVisible();
+    await expect(page.getByText('Billable Amount')).toBeVisible();
+});
+
+test('test that stopping timer refreshes dashboard data', async ({ page }) => {
+    await goToDashboard(page);
+
+    // Start timer
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
+    await page.waitForTimeout(1500);
+
+    // Stop timer and verify dashboard queries are refetched
+    await Promise.all([
+        stoppedTimeEntryResponse(page),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/charts/') &&
+                response.request().method() === 'GET' &&
+                response.status() === 200
+        ),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerIsStopped(page);
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Dashboard Restrictions', () => {
+    test('employee dashboard loads and timer is functional', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Timer should be available
+        await expect(
+            employee.page
+                .getByTestId('dashboard_timer')
+                .getByTestId('timer_button')
+                .and(employee.page.locator(':visible'))
+        ).toBeVisible();
+        await expect(employee.page.getByTestId('time_entry_description')).toBeEditable();
+    });
+
+    test('employee cannot see Team Activity card', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Other dashboard cards should be visible
+        await expect(employee.page.getByText('Recent Time Entries', { exact: true })).toBeVisible();
+
+        // Team Activity should NOT be visible for employees
+        await expect(employee.page.getByText('Team Activity', { exact: true })).not.toBeVisible();
+    });
+
+    test('employee cannot see Cost column in This Week table by default', async ({
+        ctx,
+        employee,
+    }) => {
+        const project = await createPublicProjectViaApi(ctx, {
+            name: 'EmpDashBillProj',
+            is_billable: true,
+            billable_rate: 10000,
+        });
+        await createTimeEntryViaApi(
+            { ...ctx, memberId: employee.memberId },
+            {
+                description: 'Emp dashboard cost entry',
+                duration: '1h',
+                projectId: project.id,
+                billable: true,
+            }
+        );
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // This Week table should be visible
+        await expect(employee.page.getByText('This Week', { exact: true })).toBeVisible();
+
+        // Duration column should be visible, but Cost column should NOT
+        await expect(employee.page.getByText('Duration', { exact: true })).toBeVisible();
+        await expect(employee.page.getByText('Cost', { exact: true })).not.toBeVisible();
+    });
+
+    test('employee can see Cost column in This Week table when employees_can_see_billable_rates is enabled', async ({
+        ctx,
+        employee,
+    }) => {
+        await updateOrganizationSettingViaApi(ctx, { employees_can_see_billable_rates: true });
+
+        const project = await createPublicProjectViaApi(ctx, {
+            name: 'EmpDashBillVisProj',
+            is_billable: true,
+            billable_rate: 10000,
+        });
+        await createTimeEntryViaApi(
+            { ...ctx, memberId: employee.memberId },
+            {
+                description: 'Emp dashboard cost visible entry',
+                duration: '1h',
+                projectId: project.id,
+                billable: true,
+            }
+        );
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Both Duration and Cost columns should be visible
+        await expect(employee.page.getByText('Duration', { exact: true })).toBeVisible();
+        await expect(employee.page.getByText('Cost', { exact: true })).toBeVisible();
+
+        // 1h at 100.00/h = 100.00 EUR cost should be visible
+        await expect(employee.page.getByText('100,00 EUR').first()).toBeVisible();
+    });
+});

e2e/import-export.spec.ts

@@ -0,0 +1,154 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import path from 'path';
+
+async function goToImportExport(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/import');
+}
+
+test('test that import page loads with type dropdown and file upload', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByTestId('import_view')).toBeVisible({ timeout: 10000 });
+
+    // Import section
+    await expect(page.getByRole('heading', { name: 'Import Data' })).toBeVisible();
+    await expect(page.locator('#importType')).toBeVisible();
+
+    // Export section
+    await expect(page.getByRole('heading', { name: 'Export Data' })).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Export Organization Data' })).toBeVisible();
+});
+
+test('test that selecting an import type shows instructions', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Select a Toggl import type
+    await page.getByLabel('Import Type').selectOption({ index: 1 });
+
+    // Instructions should appear
+    await expect(page.getByText('Instructions:')).toBeVisible();
+});
+
+test('test that importing without selecting type shows error', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Click Import Data without selecting a type
+    await page.getByRole('button', { name: 'Import Data' }).click();
+
+    // Should show an error notification
+    await expect(page.getByText('Please select the import type')).toBeVisible();
+});
+
+test('test that importing without selecting file shows error', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Select an import type first
+    await page.getByLabel('Import Type').selectOption({ index: 1 });
+
+    // Click Import Data without selecting a file
+    await page.getByRole('button', { name: 'Import Data' }).click();
+
+    // Should show an error notification
+    await expect(
+        page.getByText('Please select the CSV or ZIP file that you want to import')
+    ).toBeVisible();
+});
+
+test('test that export button triggers export and shows success modal', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByRole('button', { name: 'Export Organization Data' })).toBeVisible();
+
+    // Override window.open to prevent the page from navigating away to the
+    // download URL (the app uses window.open(url, '_self') which would navigate
+    // away before we can verify the success modal)
+    await page.evaluate(() => {
+        window.open = () => null;
+    });
+
+    // Click Export Organization Data and wait for the API response
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/export') &&
+                response.request().method() === 'POST' &&
+                response.status() === 200,
+            { timeout: 60000 }
+        ),
+        page.getByRole('button', { name: 'Export Organization Data' }).click(),
+    ]);
+
+    // Success modal should appear after export completes
+    await expect(page.getByText('The export was successful!')).toBeVisible();
+});
+
+test('test that import type dropdown has multiple options', async ({ page }) => {
+    await goToImportExport(page);
+
+    // The dropdown should load with options from the API
+    await page.waitForResponse(
+        (response) =>
+            response.url().includes('/importers') &&
+            response.request().method() === 'GET' &&
+            response.status() === 200
+    );
+
+    // Verify the select has options besides the default placeholder
+    const options = page.getByLabel('Import Type').locator('option');
+    const count = await options.count();
+    // Should have at least the placeholder + some import types
+    expect(count).toBeGreaterThan(1);
+});
+
+test('test that importing a generic time entries CSV works', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByTestId('import_view')).toBeVisible({ timeout: 10000 });
+
+    // Select "Generic Time Entries" import type
+    await page.getByLabel('Import Type').selectOption({ label: 'Generic Time Entries' });
+    await expect(page.getByText('Instructions:')).toBeVisible();
+
+    // Upload the test CSV file
+    const csvPath = path.resolve('resources/testfiles/generic_time_entries_import_test_1.csv');
+    await page.locator('#file-upload').setInputFiles(csvPath);
+
+    // Click Import and wait for the API response
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/import') &&
+                response.request().method() === 'POST' &&
+                response.status() === 200,
+            { timeout: 30000 }
+        ),
+        page.getByRole('button', { name: 'Import Data' }).click(),
+    ]);
+
+    // Verify success modal with import results
+    await expect(page.getByRole('heading', { name: 'Import Result' })).toBeVisible();
+    await expect(page.getByText('The import was successful!')).toBeVisible();
+
+    // The CSV has 2 time entries, 1 client, 2 projects, 1 task
+    await expect(page.getByText('Time entries created:').locator('..')).toContainText('2');
+    await expect(page.getByText('Projects created:').locator('..')).toContainText('2');
+    await expect(page.getByText('Clients created:').locator('..')).toContainText('1');
+    await expect(page.getByText('Tasks created:').locator('..')).toContainText('1');
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Import Restrictions', () => {
+    test('employee does not see Import / Export link in the sidebar', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // The Import / Export link should NOT be visible in the sidebar for employees
+        await expect(
+            employee.page.getByRole('link', { name: 'Import / Export' })
+        ).not.toBeVisible();
+    });
+});

e2e/members.spec.ts

@@ -3,65 +3,69 @@
 // TODO: Remove Invitation
 import { expect, test } from '../playwright/fixtures';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import { inviteAndAcceptMember } from './utils/members';
+import {
+    createPlaceholderMemberViaImportApi,
+    getMembersViaApi,
+    updateMemberBillableRateViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
+import { getTableRowNames } from './utils/table';
 
-async function goToMembersPage(page) {
+// Tests that invite + accept members need more time
+test.describe.configure({ timeout: 45000 });
+
+async function goToMembersPage(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/members');
 }
 
-async function openInviteMemberModal(page) {
+async function openInviteMemberModal(page: Page) {
     await Promise.all([
         page.getByRole('button', { name: 'Invite Member' }).click(),
         expect(page.getByPlaceholder('Member Email')).toBeVisible(),
     ]);
 }
 
-test('test that new manager can be invited', async ({ page }) => {
+test('test that new manager can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `manager+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Mgr', memberEmail, 'Manager');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const editorId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${editorId}@editor.test`);
-    await page.getByRole('button', { name: 'Manager' }).click();
-    await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
-        expect(page.getByRole('main')).toContainText(
-            `new+${editorId}@editor.test`
-        ),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Mgr' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Manager', { exact: true })).toBeVisible();
 });
 
-test('test that new employee can be invited', async ({ page }) => {
+test('test that new employee can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `employee+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Emp', memberEmail, 'Employee');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const editorId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${editorId}@editor.test`);
-    await page.getByRole('button', { name: 'Employee' }).click();
-    await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
-        await expect(page.getByRole('main')).toContainText(
-            `new+${editorId}@editor.test`
-        ),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Emp' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
 });
 
-test('test that new admin can be invited', async ({ page }) => {
+test('test that new admin can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `admin+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Adm', memberEmail, 'Administrator');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const adminId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${adminId}@admin.test`);
-    await page.getByRole('button', { name: 'Administrator' }).click();
-    await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
-        expect(page.getByRole('main')).toContainText(
-            `new+${adminId}@admin.test`
-        ),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Adm' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Admin', { exact: true })).toBeVisible();
 });
+
 test('test that error shows if no role is selected', async ({ page }) => {
     await goToMembersPage(page);
     await openInviteMemberModal(page);
@@ -69,9 +73,7 @@ test('test that error shows if no role is selected', async ({ page }) => {
 
     await page.getByLabel('Email').fill(`new+${noRoleId}@norole.test`);
     await Promise.all([
-        page
-            .getByRole('button', { name: 'Invite Member', exact: true })
-            .click(),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
         expect(page.getByText('Please select a role')).toBeVisible(),
     ]);
 });
@@ -83,11 +85,9 @@ test('test that organization billable rate can be updated with all existing time
     const newBillableRate = Math.round(Math.random() * 10000);
     await page.getByRole('row').first().getByRole('button').click();
     await page.getByRole('menuitem').getByText('Edit').click();
-    await page.getByText('Organization Default Rate').click();
-    await page.getByText('Custom Rate').click();
-    await page
-        .getByPlaceholder('Billable Rate')
-        .fill(newBillableRate.toString());
+    await page.getByRole('combobox').last().click();
+    await page.getByRole('option', { name: 'Custom Rate' }).click();
+    await page.getByPlaceholder('Billable Rate').fill(newBillableRate.toString());
     await page.getByRole('button', { name: 'Update Member' }).click();
 
     await Promise.all([
@@ -103,8 +103,687 @@ test('test that organization billable rate can be updated with all existing time
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.billable_rate ===
-                    newBillableRate * 100
+                (await response.json()).data.billable_rate === newBillableRate * 100
         ),
     ]);
 });
+
+test('test that switching member billable rate from custom back to default rate works', async ({
+    page,
+    ctx,
+}) => {
+    // Set a known org billable rate
+    await updateOrganizationSettingViaApi(ctx, { billable_rate: 12000 });
+
+    // Create a placeholder member with a custom billable rate
+    await createPlaceholderMemberViaImportApi(ctx, 'CustomToDefault Member');
+    const members = await getMembersViaApi(ctx);
+    const member = members.find((m) => m.name === 'CustomToDefault Member');
+    expect(member).toBeDefined();
+    await updateMemberBillableRateViaApi(ctx, member!.id, 25000);
+
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'CustomToDefault Member' });
+    await expect(memberRow).toBeVisible();
+
+    // Open edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Verify it starts on Custom Rate
+    const billableCombobox = page.getByRole('dialog').getByRole('combobox').last();
+    await expect(billableCombobox).toContainText('Custom Rate');
+
+    // Switch to Default Rate
+    await billableCombobox.click();
+    await page.getByRole('option', { name: 'Default Rate' }).click();
+    await expect(billableCombobox).toContainText('Default Rate');
+
+    // Verify the billable rate input is disabled
+    await expect(page.getByPlaceholder('Billable Rate')).toBeDisabled();
+
+    // Submit — billable_rate changes from 25000 to null, so confirmation dialog appears
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+    await expect(page.getByText('the default rate of the organization')).toBeVisible();
+
+    // Confirm the update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForRequest(
+            (request) =>
+                request.url().includes('/members/') &&
+                request.method() === 'PUT' &&
+                request.postDataJSON().billable_rate === null
+        ),
+    ]);
+
+    // Verify both dialogs are closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that default rate shows disabled input with organization billable rate', async ({
+    page,
+    ctx,
+}) => {
+    // Set a known org billable rate (150.00)
+    await updateOrganizationSettingViaApi(ctx, { billable_rate: 15000 });
+
+    await goToMembersPage(page);
+
+    // Open edit modal for the owner (who uses default rate by default)
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Verify it's on Default Rate
+    const billableCombobox = page.getByRole('dialog').getByRole('combobox').last();
+    await expect(billableCombobox).toContainText('Default Rate');
+
+    // Verify the input is disabled and shows the org rate (formatted with currency)
+    const billableInput = page.getByPlaceholder('Billable Rate');
+    await expect(billableInput).toBeDisabled();
+    await expect(billableInput).toHaveAttribute('aria-valuenow', '150');
+
+    // Close the dialog
+    await page.getByRole('button', { name: 'Cancel' }).click();
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that cancelling the billable rate confirmation dialog does not update the member', async ({
+    page,
+    ctx,
+}) => {
+    // Create a placeholder member with a custom billable rate
+    await createPlaceholderMemberViaImportApi(ctx, 'CancelConfirm Member');
+    const members = await getMembersViaApi(ctx);
+    const member = members.find((m) => m.name === 'CancelConfirm Member');
+    expect(member).toBeDefined();
+    await updateMemberBillableRateViaApi(ctx, member!.id, 10000);
+
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'CancelConfirm Member' });
+    await expect(memberRow).toBeVisible();
+
+    // Open edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change the billable rate
+    await page.getByPlaceholder('Billable Rate').fill('200');
+
+    // Click Update Member — confirmation dialog should appear
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+
+    // Set up listener to verify no PUT request is sent after cancel
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Cancel on the confirmation dialog
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify confirmation dialog is closed
+    await expect(
+        page.getByRole('heading', { name: 'Update Member Billable Rate' })
+    ).not.toBeVisible();
+
+    // Verify no API call was made
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that changing role of placeholder member is rejected', async ({ page, ctx }) => {
+    const placeholderName = 'RoleChange ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page and verify placeholder exists with role "Placeholder"
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Placeholder', { exact: true })).toBeVisible();
+
+    // Open the edit modal for the placeholder member
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change role to Employee
+    const roleSelect = page.getByRole('dialog').getByRole('combobox').first();
+    await roleSelect.click();
+    await expect(page.getByRole('option', { name: 'Employee' })).toBeVisible();
+    await page.getByRole('option', { name: 'Employee' }).click();
+    await expect(roleSelect).toContainText('Employee');
+
+    // Submit the change - the API should reject it with 400
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 400
+        ),
+    ]);
+
+    // Verify error notification is shown
+    await expect(page.getByText('Failed to update member')).toBeVisible();
+});
+
+test('test that changing member role updates the role in the member table', async ({
+    page,
+    browser,
+}) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `member+${memberId}@rolechange.test`;
+
+    // Invite and accept a new Employee member
+    await inviteAndAcceptMember(page, browser, 'Jane Smith', memberEmail, 'Employee');
+
+    // Verify the new member appears with the Employee role
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Jane Smith' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
+
+    // Open the edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change role to Manager
+    const roleSelect = page.getByRole('dialog').getByRole('combobox').first();
+    await roleSelect.click();
+    await expect(page.getByRole('option', { name: 'Manager' })).toBeVisible();
+    await page.getByRole('option', { name: 'Manager' }).click();
+    await expect(roleSelect).toContainText('Manager');
+
+    // Submit the change and verify the API call succeeds
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify dialog closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify the role updated in the table
+    await expect(memberRow.getByText('Manager', { exact: true })).toBeVisible();
+});
+
+test('test that merging a placeholder member works', async ({ page, ctx }) => {
+    const placeholderName = 'Merge Target ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    await expect(page.getByText(placeholderName)).toBeVisible();
+
+    // Find the placeholder member row and open actions menu
+    const placeholderRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await placeholderRow.getByRole('button').click();
+
+    // Click Merge
+    await page.getByTestId('member_merge').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Merge Member' })).toBeVisible();
+
+    // Select the current user (the owner) as merge target via MemberCombobox
+    // The MemberCombobox renders a Button as trigger; clicking it opens the popover with the combobox input
+    await page.getByRole('dialog').getByRole('button', { name: 'Select a member...' }).click();
+
+    // Wait for dropdown options to load
+    const firstOption = page.getByRole('option').first();
+    await expect(firstOption).toBeVisible({ timeout: 10000 });
+    await firstOption.click();
+
+    // Submit merge
+    await Promise.all([
+        page.getByRole('button', { name: 'Merge Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/member/') &&
+                response.url().includes('/merge-into') &&
+                response.ok()
+        ),
+    ]);
+
+    // Wait for merge dialog to close after successful merge
+    await expect(page.getByRole('dialog').filter({ hasText: 'Merge Member' })).not.toBeVisible();
+
+    // Verify placeholder member is no longer in the members table
+    await expect(page.getByRole('main').getByText(placeholderName)).not.toBeVisible();
+});
+
+test('test that deleting a placeholder member works', async ({ page, ctx }) => {
+    const placeholderName = 'Delete Target ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+
+    // Open actions menu and click Delete
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Delete Member' })).toBeVisible();
+
+    // Try to delete without checking the confirmation checkbox
+    await page.getByRole('button', { name: 'Delete Member' }).click();
+
+    // Should show validation error
+    await expect(
+        page.getByText('You must confirm that you understand the consequences of this action')
+    ).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Click Delete Member button and wait for API response
+    await Promise.all([
+        page.getByRole('button', { name: 'Delete Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'DELETE' &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify member is removed from the table
+    await expect(page.getByRole('main').getByText(placeholderName)).not.toBeVisible();
+});
+
+test('test that member delete modal can be cancelled', async ({ page, ctx }) => {
+    const placeholderName = 'Delete Cancel ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+
+    // Open actions menu and click Delete
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Set up listener to verify no DELETE request is sent
+    let deleteRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/members/') && request.method() === 'DELETE') {
+            deleteRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify member is still in the table
+    await expect(memberRow).toBeVisible();
+
+    // Verify no DELETE request was sent
+    expect(deleteRequestSent).toBe(false);
+});
+
+test('test that organization owner cannot be deleted', async ({ page }) => {
+    await goToMembersPage(page);
+
+    // Find the owner row (John Doe with Owner role)
+    const ownerRow = page.getByRole('row').filter({ hasText: 'Owner' });
+    await expect(ownerRow).toBeVisible();
+
+    // Open the actions menu for the owner
+    await ownerRow.getByRole('button').click();
+
+    // Click Delete
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Try to delete - should fail with 400 error
+    const responsePromise = page.waitForResponse(
+        (response) =>
+            response.url().includes('/members/') && response.request().method() === 'DELETE'
+    );
+    await page.getByRole('button', { name: 'Delete Member' }).click();
+    const response = await responsePromise;
+
+    // Verify the API returned an error status
+    expect(response.status()).toBe(400);
+
+    // Close the modal by pressing Escape
+    await page.keyboard.press('Escape');
+
+    // Refresh and verify the owner is still there
+    await goToMembersPage(page);
+    await expect(page.getByRole('row').filter({ hasText: 'Owner' })).toBeVisible();
+});
+
+// =============================================
+// Invitations Tab Tests
+// =============================================
+
+test('test that invitation shows in invitations tab and can be revoked', async ({ page }) => {
+    const inviteEmail = `invite+${Math.floor(Math.random() * 100000)}@pending.test`;
+
+    await goToMembersPage(page);
+    await openInviteMemberModal(page);
+
+    await page.getByPlaceholder('Member Email').fill(inviteEmail);
+    await page.getByRole('button', { name: 'Employee' }).click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    // Wait for modal to close
+    await expect(page.getByPlaceholder('Member Email')).not.toBeVisible();
+
+    // Switch to Invitations tab and verify the invitation is visible
+    await page.getByText('Invitations', { exact: true }).click();
+    await expect(page.getByText(inviteEmail)).toBeVisible();
+
+    // Find and click the actions menu for this invitation
+    const invitationRow = page.locator('tr, [role="row"]').filter({ hasText: inviteEmail });
+    await invitationRow.getByRole('button').click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations/') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem').getByText('Delete').click(),
+    ]);
+
+    // Verify invitation is removed
+    await expect(page.getByText(inviteEmail)).not.toBeVisible();
+});
+
+test('test that invitation can be resent', async ({ page }) => {
+    const inviteEmail = `resend+${Math.floor(Math.random() * 100000)}@invite.test`;
+
+    await goToMembersPage(page);
+    await openInviteMemberModal(page);
+
+    await page.getByPlaceholder('Member Email').fill(inviteEmail);
+    await page.getByRole('button', { name: 'Employee' }).click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    // Wait for modal to close
+    await expect(page.getByPlaceholder('Member Email')).not.toBeVisible();
+
+    // Switch to Invitations tab
+    await page.getByText('Invitations', { exact: true }).click();
+    await expect(page.getByText(inviteEmail)).toBeVisible();
+
+    // Find and click the actions menu, then resend
+    const invitationRow = page.locator('tr, [role="row"]').filter({ hasText: inviteEmail });
+    await invitationRow.getByRole('button').click();
+    // Wait for dropdown menu to appear
+    await expect(page.getByRole('menuitem').getByText('Resend Invitation')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/resend') && response.request().method() === 'POST'
+        ),
+        page.getByRole('menuitem').getByText('Resend Invitation').click(),
+    ]);
+});
+
+test('test that admin user cannot transfer ownership', async ({ page, browser }) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `admin+${memberId}@perms.test`;
+
+    // Invite and accept an admin member
+    await inviteAndAcceptMember(
+        page,
+        browser,
+        'Admin User ' + memberId,
+        memberEmail,
+        'Administrator'
+    );
+
+    // Go to members page and verify the admin exists
+    await goToMembersPage(page);
+    const adminRow = page.getByRole('row').filter({ hasText: 'Admin User' });
+    await expect(adminRow).toBeVisible();
+
+    // The owner should still be the owner
+    const ownerRow = page.getByRole('row').filter({ hasText: 'Owner' });
+    await expect(ownerRow).toBeVisible();
+
+    // Open actions menu for the admin - should NOT have "Transfer Ownership" option
+    await adminRow.getByRole('button').click();
+    await expect(page.getByRole('menuitem').getByText('Edit')).toBeVisible();
+});
+
+test('test that accepted invitation disappears from invitations tab', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `accepted+${memberId}@invite.test`;
+
+    // Invite and accept the member
+    await inviteAndAcceptMember(page, browser, 'Accepted Member', memberEmail, 'Employee');
+
+    // Go to members page and switch to Invitations tab
+    await goToMembersPage(page);
+    await page.getByRole('tab', { name: 'Invitations' }).click();
+
+    // The accepted invitation should not be visible
+    await expect(page.getByText(memberEmail)).not.toBeVisible();
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+// Helper to clear localStorage before tests that check sorting
+async function clearMemberTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('member-table-state');
+    });
+}
+
+test('test that sorting members by name, role, and status works', async ({ page, ctx }) => {
+    // Create two placeholder members with names that sort predictably around "John Doe"
+    await createPlaceholderMemberViaImportApi(ctx, 'AAA SortFirst');
+    await createPlaceholderMemberViaImportApi(ctx, 'ZZZ SortLast');
+
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // -- Name sorting (default is already name asc after clearing state) --
+    const nameHeader = table.getByText('Name').first();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('ZZZ SortLast'));
+
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortLast')).toBeLessThan(names.indexOf('AAA SortFirst'));
+
+    // -- Role sorting --
+    const roleHeader = table.getByText('Role').first();
+    await roleHeader.click(); // asc: Owner(0) < Placeholder(4)
+    names = await getTableRowNames(table);
+    const ownerIdx = names.indexOf('John Doe');
+    const placeholderIdx = names.indexOf('AAA SortFirst');
+    expect(ownerIdx).toBeLessThan(placeholderIdx);
+
+    await roleHeader.click(); // desc: Placeholder first
+    names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('John Doe'));
+
+    // -- Status sorting --
+    const statusHeader = table.getByText('Status').first();
+    await statusHeader.click(); // asc: Active(0) < Inactive(1)
+    names = await getTableRowNames(table);
+    expect(names.indexOf('John Doe')).toBeLessThan(names.indexOf('AAA SortFirst'));
+
+    await statusHeader.click(); // desc: Inactive first
+    names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('John Doe'));
+
+    // -- Email: just verify sort indicator appears --
+    const emailHeader = table.getByText('Email').first();
+    await emailHeader.click();
+    await expect(emailHeader.locator('svg')).toBeVisible();
+});
+
+test('test that member sort state persists after page reload', async ({ page }) => {
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // Click Role header twice to set descending sort
+    const roleHeader = table.getByText('Role').first();
+    await roleHeader.click();
+    await expect(roleHeader.locator('svg')).toBeVisible();
+    await roleHeader.click();
+    await expect(roleHeader.locator('svg')).toBeVisible();
+
+    // Reload the page
+    await page.reload();
+
+    // Verify the sort indicator is still visible on Role column
+    await expect(page.getByTestId('member_table')).toBeVisible();
+    await expect(
+        page.getByTestId('member_table').getByText('Role').first().locator('svg')
+    ).toBeVisible();
+});
+
+test('test that sorting members by billable rate works', async ({ page, ctx }) => {
+    // Create two placeholder members and set different billable rates
+    await createPlaceholderMemberViaImportApi(ctx, 'HighRate Member');
+    await createPlaceholderMemberViaImportApi(ctx, 'LowRate Member');
+
+    const members = await getMembersViaApi(ctx);
+    const highRateMember = members.find((m) => m.name === 'HighRate Member');
+    const lowRateMember = members.find((m) => m.name === 'LowRate Member');
+    expect(highRateMember).toBeDefined();
+    expect(lowRateMember).toBeDefined();
+
+    await updateMemberBillableRateViaApi(ctx, highRateMember!.id, 20000);
+    await updateMemberBillableRateViaApi(ctx, lowRateMember!.id, 5000);
+
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // First click = desc (highest first), null rates last
+    const billableHeader = table.getByText('Billable Rate').first();
+    await billableHeader.click();
+    await expect(billableHeader.locator('svg')).toBeVisible();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('HighRate Member')).toBeLessThan(names.indexOf('LowRate Member'));
+
+    // Second click = asc (lowest first), null rates still last
+    await billableHeader.click();
+    names = await getTableRowNames(table);
+    expect(names.indexOf('LowRate Member')).toBeLessThan(names.indexOf('HighRate Member'));
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Sidebar Navigation', () => {
+    test('employee sidebar shows correct navigation links', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Visible links
+        await expect(employee.page.getByRole('link', { name: 'Dashboard' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Time' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Calendar' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Projects' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Clients' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Tags' })).toBeVisible();
+
+        // Hidden links
+        await expect(employee.page.getByRole('link', { name: 'Members' })).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('link', { name: 'Settings', exact: true })
+        ).not.toBeVisible();
+    });
+
+    test('employee cannot see members list or invite members', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/members');
+
+        // Page loads but the members API returns 403 (no members:view permission)
+        await expect(employee.page.getByRole('heading', { name: 'Members' })).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Member table is empty — no rows rendered (only headers)
+        await expect(employee.page.getByTestId('member_table').locator('[role="row"]')).toHaveCount(
+            0
+        );
+
+        // Employee should NOT see the Invite Member button
+        await expect(
+            employee.page.getByRole('button', { name: 'Invite member' })
+        ).not.toBeVisible();
+    });
+});

e2e/organization.spec.ts

@@ -9,7 +9,10 @@ async function goToOrganizationSettings(page) {
 
 async function createTimeEntry(page, duration: string) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/time');
-    await page.getByRole('button', { name: 'Manual time entry' }).click();
+
+    // Open the dropdown menu and click "Manual time entry"
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
 
     // Fill in the time entry details
     await page.getByTestId('time_entry_description').fill('Test time entry');
@@ -35,9 +38,9 @@ test('test that organization name can be updated', async ({ page }) => {
     await page.getByLabel('Organization Name').fill('NEW ORG NAME');
     await page.getByLabel('Organization Name').press('Enter');
     await page.getByLabel('Organization Name').press('Meta+r');
-    await expect(
-        page.locator('[data-testid="organization_switcher"]:visible')
-    ).toContainText('NEW ORG NAME');
+    await expect(page.locator('[data-testid="organization_switcher"]:visible')).toContainText(
+        'NEW ORG NAME'
+    );
 });
 
 test('test that organization billable rate can be updated with all existing time entries', async ({
@@ -46,9 +49,7 @@ test('test that organization billable rate can be updated with all existing time
     await goToOrganizationSettings(page);
     const newBillableRate = Math.round(Math.random() * 10000);
     await page.getByLabel('Organization Billable Rate').click();
-    await page
-        .getByLabel('Organization Billable Rate')
-        .fill(newBillableRate.toString());
+    await page.getByLabel('Organization Billable Rate').fill(newBillableRate.toString());
     await page
         .locator('form')
         .filter({ hasText: 'Organization Billable' })
@@ -56,9 +57,7 @@ test('test that organization billable rate can be updated with all existing time
         .click();
 
     await Promise.all([
-        page
-            .getByRole('button', { name: 'Yes, update existing time entries' })
-            .click(),
+        page.getByRole('button', { name: 'Yes, update existing time entries' }).click(),
         page.waitForRequest(
             async (request) =>
                 request.url().includes('/organizations/') &&
@@ -70,15 +69,12 @@ test('test that organization billable rate can be updated with all existing time
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.billable_rate ===
-                    newBillableRate * 100
+                (await response.json()).data.billable_rate === newBillableRate * 100
         ),
     ]);
 });
 
-test('test that organization format settings can be updated', async ({
-    page,
-}) => {
+test('test that organization format settings can be updated', async ({ page }) => {
     await goToOrganizationSettings(page);
 
     // Test number format
@@ -113,8 +109,7 @@ test('test that organization format settings can be updated', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.currency_format ===
-                    'iso-code-after-with-space'
+                (await response.json()).data.currency_format === 'iso-code-after-with-space'
         ),
     ]);
 
@@ -132,8 +127,7 @@ test('test that organization format settings can be updated', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.date_format ===
-                    'slash-separated-dd-mm-yyyy'
+                (await response.json()).data.date_format === 'slash-separated-dd-mm-yyyy'
         ),
     ]);
 
@@ -169,19 +163,14 @@ test('test that organization format settings can be updated', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.interval_format ===
-                    'hours-minutes-colon-separated'
+                (await response.json()).data.interval_format === 'hours-minutes-colon-separated'
         ),
     ]);
 });
 
-test('test that format settings are reflected in the dashboard', async ({
-    page,
-}) => {
+test('test that format settings are reflected in the dashboard', async ({ page }) => {
     // check that 0h 00min is displayed
-    await expect(
-        page.getByText('0h 00min', { exact: true }).nth(0)
-    ).toBeVisible();
+    await expect(page.getByText('0h 00min', { exact: true }).nth(0)).toBeVisible();
 
     // First set the format settings
     await goToOrganizationSettings(page);
@@ -213,10 +202,8 @@ test('test that format settings are reflected in the dashboard', async ({
                 response.url().includes('/organizations/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.interval_format ===
-                    'hours-minutes-colon-separated' &&
-                (await response.json()).data.currency_format ===
-                    'symbol-after' &&
+                (await response.json()).data.interval_format === 'hours-minutes-colon-separated' &&
+                (await response.json()).data.currency_format === 'symbol-after' &&
                 (await response.json()).data.number_format === 'comma-point'
         ),
     ]);
@@ -232,17 +219,215 @@ test('test that format settings are reflected in the dashboard', async ({
     // check that 00:00 is displayed
     await expect(page.getByText('0:00', { exact: true }).nth(0)).toBeVisible();
     // check that 0h 00min is not displayed
-    await expect(
-        page.getByText('0h 00min', { exact: true }).nth(0)
-    ).not.toBeVisible();
+    await expect(page.getByText('0h 00min', { exact: true }).nth(0)).not.toBeVisible();
 
     // check that the current date is displayed in the dd/mm/yyyy format on the time page
     await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    // Wait for time entries to load so organization data is available for date formatting
+    await page.waitForResponse(
+        (response) => response.url().includes('/time-entries') && response.status() === 200
+    );
     await expect(
-        page
-            .getByText(new Date().toLocaleDateString('en-GB'), { exact: true })
-            .nth(0)
-    ).toBeVisible();
+        page.getByText(new Date().toLocaleDateString('en-GB'), { exact: true }).nth(0)
+    ).toBeVisible({ timeout: 10000 });
 });
 
-// TODO: Test 12-hour clock format
+test('test that organization time entry settings can be toggled', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    const preventOverlappingCheckbox = page.getByLabel(
+        'Prevent overlapping time entries (new entries only)'
+    );
+    const manageTasksCheckbox = page.getByLabel('Allow Employees to manage tasks');
+
+    // Get current states and toggle both
+    const wasOverlappingChecked = await preventOverlappingCheckbox.isChecked();
+    const wasManageTasksChecked = await manageTasksCheckbox.isChecked();
+
+    if (wasOverlappingChecked) {
+        await preventOverlappingCheckbox.uncheck();
+    } else {
+        await preventOverlappingCheckbox.check();
+    }
+
+    if (wasManageTasksChecked) {
+        await manageTasksCheckbox.uncheck();
+    } else {
+        await manageTasksCheckbox.check();
+    }
+
+    // Save
+    const settingsForm = page.locator('form').filter({ hasText: 'Prevent overlapping' });
+    await Promise.all([
+        settingsForm.getByRole('button', { name: 'Save' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.prevent_overlapping_time_entries ===
+                    !wasOverlappingChecked
+        ),
+    ]);
+
+    // Reload and verify both settings persisted
+    await page.reload();
+    await expect(preventOverlappingCheckbox).toBeChecked({ checked: !wasOverlappingChecked });
+    await expect(manageTasksCheckbox).toBeChecked({ checked: !wasManageTasksChecked });
+
+    // Toggle both back to restore original state
+    if (!wasOverlappingChecked) {
+        await preventOverlappingCheckbox.uncheck();
+    } else {
+        await preventOverlappingCheckbox.check();
+    }
+
+    if (!wasManageTasksChecked) {
+        await manageTasksCheckbox.uncheck();
+    } else {
+        await manageTasksCheckbox.check();
+    }
+
+    await Promise.all([
+        settingsForm.getByRole('button', { name: 'Save' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.prevent_overlapping_time_entries ===
+                    wasOverlappingChecked
+        ),
+    ]);
+});
+
+test('test that 12-hour clock format can be set', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    await page.getByLabel('Time Format').click();
+    await page.getByRole('option', { name: '12-hour clock' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Time Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.time_format === '12-hours'
+        ),
+    ]);
+
+    // Reload and verify it persisted
+    await page.reload();
+    await expect(page.getByLabel('Time Format')).toContainText('12-hour clock');
+
+    // Reset back to 24-hour
+    await page.getByLabel('Time Format').click();
+    await page.getByRole('option', { name: '24-hour clock' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Time Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.time_format === '24-hours'
+        ),
+    ]);
+});
+
+test('test that format settings persist after page reload', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    // Set a specific date format
+    await page.getByLabel('Date Format').click();
+    await page.getByRole('option', { name: 'DD/MM/YYYY' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Date Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Reload and verify it persisted
+    await page.reload();
+    await expect(page.getByLabel('Date Format')).toContainText('DD/MM/YYYY');
+});
+
+// =============================================
+// Admin Permission Tests
+// =============================================
+
+test.describe('Admin Organization Settings Access', () => {
+    test('admin can see and edit organization settings', async ({ ctx, admin }) => {
+        await admin.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
+
+        // Organization Name section is visible
+        await expect(
+            admin.page.getByRole('heading', { name: 'Organization Name', level: 3 })
+        ).toBeVisible({ timeout: 10000 });
+
+        // Editable settings sections should be visible
+        await expect(
+            admin.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
+        ).toBeVisible();
+        await expect(
+            admin.page.getByRole('heading', { name: 'Format Settings', level: 3 })
+        ).toBeVisible();
+        await expect(
+            admin.page.getByRole('heading', { name: 'Organization Settings', level: 3 })
+        ).toBeVisible();
+
+        // Save buttons should be visible (admin can update)
+        await expect(admin.page.getByRole('button', { name: 'Save' }).first()).toBeVisible();
+
+        // Delete organization should NOT be visible (owner only)
+        await expect(
+            admin.page.getByRole('heading', { name: 'Delete Organization' })
+        ).not.toBeVisible();
+    });
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Organization Settings Restrictions', () => {
+    test('employee can see org name but not editable settings', async ({ ctx, employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
+
+        // Organization Name section is visible (but inputs are disabled)
+        await expect(
+            employee.page.getByRole('heading', { name: 'Organization Name', level: 3 })
+        ).toBeVisible({ timeout: 10000 });
+
+        // Editable settings sections should NOT be visible
+        await expect(
+            employee.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('heading', { name: 'Format Settings', level: 3 })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('heading', { name: 'Organization Settings', level: 3 })
+        ).not.toBeVisible();
+
+        // Save button should not be visible (employee cannot update)
+        await expect(employee.page.getByRole('button', { name: 'Save' })).not.toBeVisible();
+    });
+});

e2e/profile.spec.ts

@@ -1,34 +1,37 @@
-import {test, expect} from '../playwright/fixtures';
-import {PLAYWRIGHT_BASE_URL} from '../playwright/config';
+import { test, expect } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL, TEST_USER_PASSWORD } from '../playwright/config';
+import type { Page } from '@playwright/test';
 
-test('test that user name can be updated', async ({page}) => {
+async function goToProfilePage(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
-    await page.getByLabel('Name', {exact: true} ).fill('NEW NAME');
+}
+
+test('test that user name can be updated', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
+    await page.getByLabel('Name', { exact: true }).fill('NEW NAME');
     await Promise.all([
-        page.getByRole('button', {name: 'Save'}).first().click(),
+        page.getByRole('button', { name: 'Save' }).first().click(),
         page.waitForResponse('**/user/profile-information'),
     ]);
     await page.reload();
-    await expect(page.getByLabel('Name', {exact: true})).toHaveValue('NEW NAME');
+    await expect(page.getByLabel('Name', { exact: true })).toHaveValue('NEW NAME');
 });
 
-test.skip('test that user email can be updated', async ({page}) => {
+test.skip('test that user email can be updated', async ({ page }) => {
     // this does not work because of email verification currently
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     const emailId = Math.round(Math.random() * 10000);
     await page.getByLabel('Email').fill(`newemail+${emailId}@test.com`);
-    await page.getByRole('button', {name: 'Save'}).first().click();
+    await page.getByRole('button', { name: 'Save' }).first().click();
     await page.reload();
-    await expect(page.getByLabel('Email')).toHaveValue(
-        `newemail+${emailId}@test.com`
-    );
+    await expect(page.getByLabel('Email')).toHaveValue(`newemail+${emailId}@test.com`);
 });
 
 async function createNewApiToken(page) {
     await page.getByLabel('API Key Name').fill('NEW API KEY');
     await Promise.all([
-        page.getByRole('button', {name: 'Create API Key'}).click(),
-        page.waitForResponse('**/users/me/api-tokens')
+        page.getByRole('button', { name: 'Create API Key' }).click(),
+        page.waitForResponse('**/users/me/api-tokens'),
     ]);
 
     await expect(page.locator('body')).toContainText('API Token created successfully');
@@ -36,34 +39,310 @@ async function createNewApiToken(page) {
     await expect(page.locator('body')).toContainText('NEW API KEY');
 }
 
-test('test that user can create an API key', async ({page}) => {
+test('test that user can create an API key', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await createNewApiToken(page);
 });
 
-test('test that user can delete an API key', async ({page}) => {
+test('test that creating an API key with empty name shows validation error', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
+
+    // Wait for the API Key Name input to be visible before interacting
+    const nameInput = page.getByLabel('API Key Name');
+    await expect(nameInput).toBeVisible();
+
+    // Ensure the API Key Name input is empty
+    await nameInput.fill('');
+
+    // Click the create button and wait for the 422 response
+    const [response] = await Promise.all([
+        page.waitForResponse('**/users/me/api-tokens'),
+        page.getByRole('button', { name: 'Create API Key' }).click(),
+    ]);
+
+    expect(response.status()).toBe(422);
+
+    // Verify that an error notification is shown with validation message about the name field
+    await expect(page.getByText('name field is required')).toBeVisible({ timeout: 5000 });
+});
+
+test('test that user can delete an API key', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await createNewApiToken(page);
     page.getByLabel('Delete API Token NEW API KEY').click();
-    await expect(page.getByRole('dialog')).toContainText('Are you sure you would like to delete this API token?');
+    await expect(page.getByRole('dialog')).toContainText(
+        'Are you sure you would like to delete this API token?'
+    );
     await Promise.all([
-        page.getByRole('dialog').getByRole('button', {name: 'Delete'}).click(),
-        page.waitForResponse('**/users/me/api-tokens')
+        page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click(),
+        page.waitForResponse('**/users/me/api-tokens'),
     ]);
     await expect(page.locator('body')).not.toContainText('NEW API KEY');
 });
 
-
-test('test that user can revoke an API key', async ({page}) => {
+test('test that user can revoke an API key', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await createNewApiToken(page);
     page.getByLabel('Revoke API Token NEW API KEY').click();
-    await expect(page.getByRole('dialog')).toContainText('Are you sure you would like to revoke this API token?');
+    await expect(page.getByRole('dialog')).toContainText(
+        'Are you sure you would like to revoke this API token?'
+    );
     await Promise.all([
-        page.getByRole('dialog').getByRole('button', {name: 'Revoke'}).click(),
-        page.waitForResponse('**/users/me/api-tokens')
+        page.getByRole('dialog').getByRole('button', { name: 'Revoke' }).click(),
+        page.waitForResponse('**/users/me/api-tokens'),
     ]);
-    await expect(page.getByRole('button', {name: 'Revoke'})).toBeHidden();
+    await expect(page.getByRole('button', { name: 'Revoke' })).toBeHidden();
     await expect(page.locator('body')).toContainText('NEW API KEY');
     await expect(page.locator('body')).toContainText('Revoked');
 });
+
+// =============================================
+// Update Password Form Tests
+// =============================================
+
+test('test that password mismatch shows error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with mismatched passwords
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill('newSecurePassword456');
+    await page.getByLabel('Confirm Password').fill('differentPassword789');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about password confirmation
+    await expect(page.getByText('confirmation does not match')).toBeVisible();
+});
+
+test('test that short password shows validation error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with a too short password
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about password length
+    await expect(page.getByText('must be at least')).toBeVisible();
+});
+
+test('test that incorrect current password shows validation error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with wrong current password
+    await page.getByLabel('Current Password').fill('wrongCurrentPassword123');
+    await page.getByLabel('New Password').fill('newSecurePassword456');
+    await page.getByLabel('Confirm Password').fill('newSecurePassword456');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about incorrect password
+    await expect(page.getByText('does not match')).toBeVisible();
+});
+
+test('test that password can be updated successfully', async ({ page }) => {
+    await goToProfilePage(page);
+    const newPassword = 'newSecurePassword456';
+
+    // Change password to new password
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill(newPassword);
+    await page.getByLabel('Confirm Password').fill(newPassword);
+
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    const responsePromise = page.waitForResponse(
+        (response) =>
+            response.url().includes('/user/password') && response.request().method() === 'PUT'
+    );
+    await passwordForm.getByRole('button', { name: 'Save' }).click();
+    const response = await responsePromise;
+
+    // Verify successful response (303 is Inertia redirect on success, means password was updated)
+    expect(response.status()).toBe(303);
+
+    // Verify no error messages are displayed
+    await expect(page.getByText('does not match')).not.toBeVisible();
+    await expect(page.getByText('must be at least')).not.toBeVisible();
+});
+
+// =============================================
+// Theme Selection Tests
+// =============================================
+
+test('test that theme can be changed to dark and light', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // The theme select is a Reka UI combobox (button), not a native <select>
+    const themeSelect = page.locator('button[role="combobox"]');
+
+    // Change theme to dark
+    await themeSelect.click();
+    await page.getByRole('option', { name: 'Dark' }).click();
+
+    // Verify the html element has 'dark' class
+    await expect(page.locator('html')).toHaveClass(/dark/);
+
+    // Change theme to light
+    await themeSelect.click();
+    await page.getByRole('option', { name: 'Light' }).click();
+
+    // Verify the html element has 'light' class and no 'dark' class
+    await expect(page.locator('html')).toHaveClass(/light/);
+    await expect(page.locator('html')).not.toHaveClass(/dark/);
+
+    // Verify localStorage persists the setting
+    const storedTheme = await page.evaluate(() => localStorage.getItem('theme'));
+    expect(storedTheme).toContain('light');
+
+    // Reload and verify the theme persists
+    await page.reload();
+    await expect(page.locator('html')).toHaveClass(/light/);
+
+    // Reset to system
+    await page.locator('button[role="combobox"]').click();
+    await page.getByRole('option', { name: 'System' }).click();
+    await expect(page.getByText('System default:')).toBeVisible();
+});
+
+// =============================================
+// Two Factor Authentication Tests
+// =============================================
+
+test('test that password confirmation modal can be cancelled without sending API request', async ({
+    page,
+}) => {
+    await goToProfilePage(page);
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Set up listener to verify no POST request is sent to confirm-password
+    let confirmPasswordRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/user/confirm-password') && request.method() === 'POST') {
+            confirmPasswordRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('dialog').getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify no confirm-password request was sent
+    expect(confirmPasswordRequestSent).toBe(false);
+});
+
+test('test that password confirmation modal shows error for incorrect password', async ({
+    page,
+}) => {
+    await goToProfilePage(page);
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Enter incorrect password and confirm
+    await page.getByPlaceholder('Password').fill('wrongpassword123');
+    await page.getByRole('dialog').getByRole('button', { name: 'Confirm' }).click();
+
+    // Should show error message (wait longer for API response)
+    await expect(page.getByRole('dialog').getByText('incorrect')).toBeVisible({ timeout: 10000 });
+});
+
+test('test that 2FA can be enabled with correct password', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Verify 2FA is not enabled
+    await expect(page.getByText('You have not enabled two factor authentication.')).toBeVisible();
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Enter correct password and confirm
+    await page.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Confirm' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/two-factor-authentication') &&
+                response.request().method() === 'POST'
+        ),
+    ]);
+
+    // Verify QR code is shown
+    await expect(page.getByRole('heading', { name: 'Finish enabling two factor' })).toBeVisible();
+    await expect(page.getByText('Setup Key:')).toBeVisible();
+    await expect(page.getByLabel('Code')).toBeVisible();
+});
+
+// =============================================
+// Logout Other Browser Sessions Tests
+// =============================================
+
+test('test that logout other browser sessions works with correct password', async ({ page }) => {
+    await goToProfilePage(page);
+
+    await page.getByRole('button', { name: 'Log Out Other Browser Sessions' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    await page.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
+    await Promise.all([
+        page
+            .getByRole('dialog')
+            .getByRole('button', { name: 'Log Out Other Browser Sessions' })
+            .click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/other-browser-sessions') &&
+                response.request().method() === 'DELETE'
+        ),
+    ]);
+});

e2e/project-members.spec.ts

@@ -1,34 +1,27 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
 import { formatCentsWithOrganizationDefaults } from './utils/money';
-import type { CurrencyFormat } from '../resources/js/packages/ui/src/utils/money';
-import { NumberFormat } from '@/packages/ui/src/utils/number';
+import { createProjectViaApi, createProjectMemberViaApi, type TestContext } from './utils/api';
 
-async function goToProjectsOverview(page: Page) {
-    await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+async function createProjectWithMemberViaApi(ctx: TestContext, page: Page, projectName: string) {
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createProjectMemberViaApi(ctx, project.id, { member_id: ctx.memberId });
+
+    // Navigate to the project detail page
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+    await expect(page.getByTestId('project_member_table').getByRole('row').first()).toBeVisible();
+    return project;
 }
 
 test('test that updating project member billable rate works for existing time entries', async ({
     page,
+    ctx,
 }) => {
-    const newProjectName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
+    const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
     const newBillableRate = Math.round(Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await page.getByLabel('Project Name').fill(newProjectName);
-
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await expect(page.getByText(newProjectName)).toBeVisible();
-
-    await page.getByText(newProjectName).click();
-    await page.getByRole('button', { name: 'Add Member' }).click();
-
-    await expect(page.getByText('Add Project Member').first()).toBeVisible();
-    await page.getByRole('button', { name: 'Select a member' }).click();
-    await page.keyboard.press('Enter');
-    await page.getByRole('button', { name: 'Add Project Member' }).click();
+    await createProjectWithMemberViaApi(ctx, page, newProjectName);
 
     await page
         .getByTestId('project_member_table')
@@ -36,9 +29,7 @@ test('test that updating project member billable rate works for existing time en
         .first()
         .getByRole('button')
         .click();
-    await page
-        .getByRole('menuitem', { name: 'Edit Project Member' })
-        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
     await page.getByLabel('Billable Rate').fill(newBillableRate.toString());
     await page.getByRole('button', { name: 'Update Project Member' }).click();
 
@@ -55,8 +46,7 @@ test('test that updating project member billable rate works for existing time en
                 response.url().includes('/project-members/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.billable_rate ===
-                    newBillableRate * 100
+                (await response.json()).data.billable_rate === newBillableRate * 100
         ),
     ]);
     await expect(
@@ -66,3 +56,197 @@ test('test that updating project member billable rate works for existing time en
             .getByText(formatCentsWithOrganizationDefaults(newBillableRate * 100))
     ).toBeVisible();
 });
+
+test('test that project member edit modal can be cancelled without sending API request', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'Cancel Test ' + Math.floor(1 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Verify the modal is open and shows the member name
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).toBeVisible();
+    await expect(page.getByRole('dialog').getByText('John Doe')).toBeVisible();
+
+    // Enter a new billable rate
+    await page.getByLabel('Billable Rate').fill('999');
+
+    // Set up listener to verify no PUT request is sent
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/project-members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the modal is closed
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+
+    // Verify no PUT request was sent
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that project member update without billable rate change skips confirmation and completes', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'No Change ' + Math.floor(1 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Click Update without changing anything - no confirmation modal since rate didn't change
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Project Member' }).click(),
+    ]);
+
+    // Verify the edit modal is closed (confirmation modal was skipped)
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+});
+
+test('test that billable rate confirmation modal can be cancelled without sending API request', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'Rate Cancel ' + Math.floor(1 + Math.random() * 10000);
+    const newBillableRate = Math.round(Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Change the billable rate
+    await page.getByLabel('Billable Rate').fill(newBillableRate.toString());
+
+    // Set up listener to verify no PUT request is sent
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/project-members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Update - this should show the confirmation modal
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Verify the confirmation modal is shown
+    await expect(page.getByText('update all existing time entries')).toBeVisible();
+
+    // Click Cancel to close the confirmation modal without updating
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the confirmation modal is closed but edit modal is still open
+    await expect(page.getByText('update all existing time entries')).not.toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).toBeVisible();
+
+    // Close the edit modal
+    await page.getByRole('dialog').getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the edit modal is closed
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+
+    // Verify no PUT request was sent
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that clearing billable rate reverts to project default', async ({ page, ctx }) => {
+    const projectName = 'Revert Default ' + Math.floor(1 + Math.random() * 10000);
+    const customRate = Math.round(100 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Verify the billable rate shows "--" (project default) initially
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).toBeVisible();
+
+    // Set a custom billable rate
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+    await page.getByLabel('Billable Rate').fill(customRate.toString());
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Confirm the billable rate update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify the custom rate is shown in the table (not "--")
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).not.toBeVisible();
+
+    // Now clear the billable rate to revert to project default
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Set billable rate to 0 to revert to project default
+    await page.getByLabel('Billable Rate').fill('0');
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Confirm the billable rate update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify the billable rate shows "--" again (project default)
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).toBeVisible();
+});

e2e/projects.spec.ts

@@ -1,19 +1,32 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
 import { formatCentsWithOrganizationDefaults } from './utils/money';
-import type { CurrencyFormat } from '../resources/js/packages/ui/src/utils/money';
+import {
+    createProjectViaApi,
+    createPublicProjectViaApi,
+    createTaskViaApi,
+    createClientViaApi,
+    createTimeEntryViaApi,
+    archiveProjectViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
 
 async function goToProjectsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
 }
 
+// Helper to clear localStorage before tests that check persistence
+async function clearProjectTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('project-table-state');
+    });
+}
+
 // Create new project via modal
-test('test that creating and deleting a new project via the modal works', async ({
-    page,
-}) => {
-    const newProjectName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
+test('test that creating and deleting a new project via the modal works', async ({ page }) => {
+    const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
     await goToProjectsOverview(page);
     await page.getByRole('button', { name: 'Create Project' }).click();
     await page.getByLabel('Project Name').fill(newProjectName);
@@ -31,16 +44,10 @@ test('test that creating and deleting a new project via the modal works', async
         ),
     ]);
 
-    await expect(page.getByTestId('project_table')).toContainText(
-        newProjectName
-    );
-    const moreButton = page.locator(
-        "[aria-label='Actions for Project " + newProjectName + "']"
-    );
-    moreButton.click();
-    const deleteButton = page.locator(
-        "[aria-label='Delete Project " + newProjectName + "']"
-    );
+    await expect(page.getByTestId('project_table')).toContainText(newProjectName);
+    const moreButton = page.locator("[aria-label='Actions for Project " + newProjectName + "']");
+    await moreButton.click();
+    const deleteButton = page.locator("[aria-label='Delete Project " + newProjectName + "']");
 
     await Promise.all([
         deleteButton.click(),
@@ -51,68 +58,88 @@ test('test that creating and deleting a new project via the modal works', async
                 response.status() === 204
         ),
     ]);
-    await expect(page.getByTestId('project_table')).not.toContainText(
-        newProjectName
-    );
+    await expect(page.getByTestId('project_table')).not.toContainText(newProjectName);
 });
 
-test('test that archiving and unarchiving projects works', async ({ page }) => {
-    const newProjectName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await page.getByLabel('Project Name').fill(newProjectName);
+// Helper to select a status filter using the new dropdown UI
+async function selectStatusFilter(page: Page, status: 'Active' | 'Archived') {
+    // Click the Filter button to open the dropdown
+    await page.getByRole('button', { name: 'Filter projects' }).click();
+    // Click on Status submenu
+    await page.getByRole('menuitem', { name: 'Status' }).click();
+    // Select the status option
+    await page.getByRole('menuitem', { name: status }).click();
+}
 
-    await page.getByRole('button', { name: 'Create Project' }).click();
+// Helper to remove status filter by clicking the X on the badge
+async function removeStatusFilter(page: Page) {
+    const statusBadge = page.getByTestId('status-filter-badge');
+    // Click the remove button (second button in the badge, contains XMarkIcon)
+    await statusBadge.locator('button').last().click();
+}
+
+test('test that archiving and unarchiving projects works', async ({ page, ctx }) => {
+    const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
+    await createProjectViaApi(ctx, { name: newProjectName });
+
+    await goToProjectsOverview(page);
+    await clearProjectTableState(page);
+    await page.reload();
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
+
+    // Archive the project
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Archive').first().click();
+
+    // Project should still be visible since default is "all" (no filter)
     await expect(page.getByText(newProjectName)).toBeVisible();
 
-    await page.getByRole('row').first().getByRole('button').click();
-    await Promise.all([
-        page.getByRole('menuitem').getByText('Archive').first().click(),
-        expect(page.getByText(newProjectName)).not.toBeVisible(),
-    ]);
-    await Promise.all([
-        page.getByRole('tab', { name: 'Archived' }).click(),
-        expect(page.getByText(newProjectName)).toBeVisible(),
-    ]);
+    // Apply Active filter - archived project should disappear
+    await selectStatusFilter(page, 'Active');
+    await expect(page.getByText(newProjectName)).not.toBeVisible();
 
+    // Remove Active filter and apply Archived filter
+    await removeStatusFilter(page);
+    await selectStatusFilter(page, 'Archived');
+    await expect(page.getByText(newProjectName)).toBeVisible();
+
+    // Unarchive the project
     await page.getByRole('row').first().getByRole('button').click();
-    await Promise.all([
-        page.getByRole('menuitem').getByText('Unarchive').first().click(),
-        expect(page.getByText(newProjectName)).not.toBeVisible(),
-    ]);
-    await Promise.all([
-        page.getByRole('tab', { name: 'Active' }).click(),
-        expect(page.getByText(newProjectName)).toBeVisible(),
-    ]);
+    await page.getByRole('menuitem').getByText('Unarchive').first().click();
+
+    // Project should disappear from Archived view
+    await expect(page.getByText(newProjectName)).not.toBeVisible();
+
+    // Remove Archived filter and apply Active filter to see the project
+    await removeStatusFilter(page);
+    await selectStatusFilter(page, 'Active');
+    await expect(page.getByText(newProjectName)).toBeVisible();
 });
 
-test('test that updating billable rate works with existing time entries', async ({
-    page,
-}) => {
-    const newProjectName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
+test('test that updating billable rate works with existing time entries', async ({ page, ctx }) => {
+    const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
     const newBillableRate = Math.round(Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await page.getByLabel('Project Name').fill(newProjectName);
+    await createProjectViaApi(ctx, { name: newProjectName });
 
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await expect(page.getByText(newProjectName)).toBeVisible();
+    await goToProjectsOverview(page);
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
 
     await page.getByRole('row').first().getByRole('button').click();
     await page.getByRole('menuitem').getByText('Edit').first().click();
-    await page.getByText('Non-Billable').click();
-    await page.getByText('Custom Rate').click();
-    await page
-        .getByPlaceholder('Billable Rate')
-        .fill(newBillableRate.toString());
+
+    // Set billable default to Billable
+    await page.getByRole('dialog').locator('#billable').click();
+    await page.getByRole('option', { name: 'Billable', exact: true }).click();
+
+    // Set billable rate to Custom Rate
+    await page.getByRole('dialog').locator('#billableRateType').click();
+    await page.getByRole('option', { name: 'Custom Rate' }).click();
+
+    await page.getByPlaceholder('Billable Rate').fill(newBillableRate.toString());
     await page.getByRole('button', { name: 'Update Project' }).click();
 
     await Promise.all([
-        page
-        .locator('button').filter({ hasText: 'Yes, update existing time' })
-        .click(),    
+        page.locator('button').filter({ hasText: 'Yes, update existing time' }).click(),
         page.waitForRequest(
             async (request) =>
                 request.url().includes('/projects/') &&
@@ -124,8 +151,7 @@ test('test that updating billable rate works with existing time entries', async
                 response.url().includes('/projects/') &&
                 response.request().method() === 'PUT' &&
                 response.status() === 200 &&
-                (await response.json()).data.billable_rate ===
-                    newBillableRate * 100
+                (await response.json()).data.billable_rate === newBillableRate * 100
         ),
     ]);
     await expect(
@@ -136,22 +162,733 @@ test('test that updating billable rate works with existing time entries', async
     ).toBeVisible();
 });
 
-// Create new project with new Client
+test('test that creating a project with default billable rate works', async ({ page }) => {
+    const newProjectName = 'Default Rate Project ' + Math.floor(1 + Math.random() * 10000);
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project Name').fill(newProjectName);
 
-// Create new project with existing Client
+    // Set billable default to Billable (leaves rate type as Default Rate)
+    await page.getByRole('dialog').locator('#billable').click();
+    await page.getByRole('option', { name: 'Billable', exact: true }).click();
 
-// Delete project via More Options
+    // Verify rate type is "Default Rate" and the rate input is disabled
+    await expect(page.getByRole('dialog').locator('#billableRateType')).toContainText(
+        'Default Rate'
+    );
+    await expect(page.getByPlaceholder('Billable Rate')).toBeDisabled();
 
-// Test that project task count is displayed correctly
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.is_billable === true &&
+                (await response.json()).data.billable_rate === null
+        ),
+    ]);
 
-// Test that active / archive / all filter works (once implemented)
+    await expect(page.getByTestId('project_table')).toContainText(newProjectName);
+});
 
-// Edit Project Modal Test
+test('test that creating a non-billable project works', async ({ page }) => {
+    const newProjectName = 'Non-Billable Project ' + Math.floor(1 + Math.random() * 10000);
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project Name').fill(newProjectName);
 
-// Add Project with billable rate
+    // Billable default should already be "Non-billable" by default
+    await expect(page.getByRole('dialog').locator('#billable')).toContainText('Non-billable');
 
-// Edit Project with billable rate
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.is_billable === false &&
+                (await response.json()).data.billable_rate === null
+        ),
+    ]);
 
-// Edit Project Member Billable Rate
+    await expect(page.getByTestId('project_table')).toContainText(newProjectName);
+});
 
-// Edit Task Name
+test('test that switching from custom rate to default rate clears billable rate', async ({
+    page,
+    ctx,
+}) => {
+    const newProjectName = 'Rate Switch Project ' + Math.floor(1 + Math.random() * 10000);
+    // Create a project with an existing custom billable rate
+    await createProjectViaApi(ctx, {
+        name: newProjectName,
+        is_billable: true,
+        billable_rate: 15000,
+    });
+
+    await goToProjectsOverview(page);
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
+
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').first().click();
+
+    // Verify it loaded as Billable with Custom Rate
+    await expect(page.getByRole('dialog').locator('#billable')).toContainText('Billable');
+    await expect(page.getByRole('dialog').locator('#billableRateType')).toContainText(
+        'Custom Rate'
+    );
+
+    // Switch to Default Rate
+    await page.getByRole('dialog').locator('#billableRateType').click();
+    await page.getByRole('option', { name: 'Default Rate' }).click();
+
+    // Rate input should now be disabled
+    await expect(page.getByPlaceholder('Billable Rate')).toBeDisabled();
+
+    // Submit — billable_rate changes from 15000 to null, so confirmation dialog appears
+    await page.getByRole('button', { name: 'Update Project' }).click();
+    await Promise.all([
+        page.locator('button').filter({ hasText: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.is_billable === true &&
+                (await response.json()).data.billable_rate === null
+        ),
+    ]);
+});
+
+test('test that switching from billable to non-billable preserves rate settings', async ({
+    page,
+    ctx,
+}) => {
+    const newProjectName = 'Billable Reset Project ' + Math.floor(1 + Math.random() * 10000);
+    // Create a project with a custom billable rate
+    await createProjectViaApi(ctx, {
+        name: newProjectName,
+        is_billable: true,
+        billable_rate: 20000,
+    });
+
+    await goToProjectsOverview(page);
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
+
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').first().click();
+
+    // Verify it loaded correctly as Billable with Custom Rate
+    await expect(page.getByRole('dialog').locator('#billable')).toContainText('Billable');
+    await expect(page.getByRole('dialog').locator('#billableRateType')).toContainText(
+        'Custom Rate'
+    );
+
+    // Switch to Non-billable
+    await page.getByRole('dialog').locator('#billable').click();
+    await page.getByRole('option', { name: 'Non-billable' }).click();
+
+    // Rate type should still be Custom Rate (not reset)
+    await expect(page.getByRole('dialog').locator('#billableRateType')).toContainText(
+        'Custom Rate'
+    );
+
+    // Submit and verify project is non-billable but keeps its custom rate
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.is_billable === false &&
+                (await response.json()).data.billable_rate === 20000
+        ),
+    ]);
+});
+
+test('test that editing an existing billable project with default rate loads correctly', async ({
+    page,
+    ctx,
+}) => {
+    const newProjectName = 'Default Rate Edit Project ' + Math.floor(1 + Math.random() * 10000);
+    // Create a project that is billable but has no custom rate (= default rate)
+    await createProjectViaApi(ctx, {
+        name: newProjectName,
+        is_billable: true,
+        billable_rate: null,
+    });
+
+    await goToProjectsOverview(page);
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
+
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').first().click();
+
+    // Verify it loaded as Billable with Default Rate
+    await expect(page.getByRole('dialog').locator('#billable')).toContainText('Billable');
+    await expect(page.getByRole('dialog').locator('#billableRateType')).toContainText(
+        'Default Rate'
+    );
+    await expect(page.getByPlaceholder('Billable Rate')).toBeDisabled();
+});
+
+// Sorting tests
+test('test that sorting projects by all columns works', async ({ page, ctx }) => {
+    // Seed projects with distinct values for each sortable column
+    const clientAlpha = await createClientViaApi(ctx, { name: 'Alpha Client' });
+    const clientBeta = await createClientViaApi(ctx, { name: 'Beta Client' });
+
+    // Project A: client Alpha, low billable rate, has estimated time, active
+    const projectA = await createProjectViaApi(ctx, {
+        name: 'AAA Project',
+        client_id: clientAlpha.id,
+        is_billable: true,
+        billable_rate: 5000,
+        estimated_time: 36000, // 10h
+    });
+    // Add 1h of time entries (10% progress)
+    await createTimeEntryViaApi(ctx, {
+        duration: '1h',
+        projectId: projectA.id,
+    });
+
+    // Project B: client Beta, high billable rate, has estimated time, archived
+    const projectB = await createProjectViaApi(ctx, {
+        name: 'BBB Project',
+        client_id: clientBeta.id,
+        is_billable: true,
+        billable_rate: 15000,
+        estimated_time: 7200, // 2h
+    });
+    // Add 1h of time entries (50% progress)
+    await createTimeEntryViaApi(ctx, {
+        duration: '1h',
+        projectId: projectB.id,
+    });
+    await archiveProjectViaApi(ctx, {
+        ...projectB,
+        client_id: clientBeta.id,
+        billable_rate: 15000,
+        estimated_time: 7200,
+    });
+
+    // Project C: no client, medium billable rate, no estimated time, active
+    const projectC = await createProjectViaApi(ctx, {
+        name: 'CCC Project',
+        is_billable: true,
+        billable_rate: 10000,
+    });
+    // Add 3h of time entries
+    await createTimeEntryViaApi(ctx, {
+        duration: '3h',
+        projectId: projectC.id,
+    });
+
+    await goToProjectsOverview(page);
+    await clearProjectTableState(page);
+    await page.reload();
+    await expect(page.getByTestId('project_table')).toBeVisible();
+    await expect(page.getByText('AAA Project')).toBeVisible();
+    await expect(page.getByText('BBB Project')).toBeVisible();
+    await expect(page.getByText('CCC Project')).toBeVisible();
+
+    // Helper to get the visual order of our seeded projects by reading
+    // all row text in a single evaluate call (avoids locator timing issues)
+    const seededNames = ['AAA Project', 'BBB Project', 'CCC Project'];
+    const getOrder = async (): Promise<string[]> => {
+        const allRowTexts = await page.evaluate(() => {
+            const table = document.querySelector('[data-testid="project_table"]');
+            if (!table) return [];
+            const rows = table.querySelectorAll('[role="row"]');
+            return Array.from(rows).map((row) => row.textContent ?? '');
+        });
+        const order: string[] = [];
+        for (const text of allRowTexts) {
+            const match = seededNames.find((name) => text.includes(name));
+            if (match) order.push(match);
+        }
+        return order;
+    };
+
+    // Helper: click a column header and wait for sort to apply.
+    // expectedFirstAmongSeeded = which of our 3 seeded projects should appear first
+    const clickSortHeader = async (headerText: string, expectedFirstAmongSeeded: string) => {
+        const header = page
+            .locator('[data-testid="project_table"] .select-none', {
+                hasText: headerText,
+            })
+            .first();
+        await header.click();
+        // Wait until the expected project appears before the others among our seeded set
+        await page.waitForFunction(
+            ({ expected, names }) => {
+                const table = document.querySelector('[data-testid="project_table"]');
+                if (!table) return false;
+                const rows = table.querySelectorAll('[role="row"]');
+                let firstSeededIdx = -1;
+                for (let i = 0; i < rows.length; i++) {
+                    const text = rows[i].textContent ?? '';
+                    if (names.some((n: string) => text.includes(n))) {
+                        firstSeededIdx = i;
+                        break;
+                    }
+                }
+                if (firstSeededIdx === -1) return false;
+                return (rows[firstSeededIdx].textContent ?? '').includes(expected);
+            },
+            { expected: expectedFirstAmongSeeded, names: seededNames },
+            { timeout: 5000 }
+        );
+    };
+
+    // --- Sort by Name ---
+    // Default is name asc (A-Z)
+    let order = await getOrder();
+    expect(order).toEqual(['AAA Project', 'BBB Project', 'CCC Project']);
+
+    // Click to toggle to Z-A
+    await clickSortHeader('Name', 'CCC Project');
+    order = await getOrder();
+    expect(order).toEqual(['CCC Project', 'BBB Project', 'AAA Project']);
+
+    // --- Sort by Client (text: first click = A-Z, no-client last) ---
+    await clickSortHeader('Client', 'AAA Project');
+    order = await getOrder();
+    expect(order).toEqual(['AAA Project', 'BBB Project', 'CCC Project']); // Alpha, Beta, No client
+
+    // Reverse: Z-A, no-client still last
+    await clickSortHeader('Client', 'BBB Project');
+    order = await getOrder();
+    expect(order).toEqual(['BBB Project', 'AAA Project', 'CCC Project']); // Beta, Alpha, No client
+
+    // --- Sort by Total Time (numeric: first click = highest first) ---
+    await clickSortHeader('Total Time', 'CCC Project');
+    order = await getOrder();
+    expect(order[0]).toBe('CCC Project'); // C=3h first, A and B tied at 1h
+
+    // Reverse: lowest first
+    await clickSortHeader('Total Time', 'AAA Project');
+    order = await getOrder();
+    expect(order[2]).toBe('CCC Project'); // C=3h last
+
+    // --- Sort by Billable Rate (numeric: first click = highest first) ---
+    await clickSortHeader('Billable Rate', 'BBB Project');
+    order = await getOrder();
+    expect(order).toEqual(['BBB Project', 'CCC Project', 'AAA Project']); // 15000, 10000, 5000
+
+    // Reverse: lowest first
+    await clickSortHeader('Billable Rate', 'AAA Project');
+    order = await getOrder();
+    expect(order).toEqual(['AAA Project', 'CCC Project', 'BBB Project']); // 5000, 10000, 15000
+
+    // --- Sort by Progress (numeric: first click = highest first, no-estimate last) ---
+    await clickSortHeader('Progress', 'BBB Project');
+    order = await getOrder();
+    expect(order).toEqual(['BBB Project', 'AAA Project', 'CCC Project']); // 50%, 10%, no estimate
+
+    // Reverse: lowest first, no-estimate still last
+    await clickSortHeader('Progress', 'AAA Project');
+    order = await getOrder();
+    expect(order).toEqual(['AAA Project', 'BBB Project', 'CCC Project']); // 10%, 50%, no estimate
+
+    // --- Sort by Status (first click = active first, archived last) ---
+    await expect(async () => {
+        await clickSortHeader('Status', 'AAA Project');
+        order = await getOrder();
+        expect(order.indexOf('BBB Project')).toBeGreaterThan(order.indexOf('AAA Project'));
+        expect(order.indexOf('BBB Project')).toBeGreaterThan(order.indexOf('CCC Project'));
+    }).toPass({ timeout: 5000 });
+
+    // Reverse: archived first
+    await expect(async () => {
+        await clickSortHeader('Status', 'BBB Project');
+        order = await getOrder();
+        expect(order.indexOf('BBB Project')).toBeLessThan(order.indexOf('AAA Project'));
+        expect(order.indexOf('BBB Project')).toBeLessThan(order.indexOf('CCC Project'));
+    }).toPass({ timeout: 5000 });
+});
+
+// Filter tests
+test('test that filtering projects by status works', async ({ page, ctx }) => {
+    const newProjectName = 'Filter Test Project ' + Math.floor(1 + Math.random() * 10000);
+    await createProjectViaApi(ctx, { name: newProjectName });
+
+    await goToProjectsOverview(page);
+    await clearProjectTableState(page);
+    await page.reload();
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
+
+    // Archive the project
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Archive').first().click();
+
+    // Project should still be visible (default is "all" - no filter)
+    await expect(page.getByText(newProjectName)).toBeVisible();
+
+    // Apply Active filter - archived project should disappear
+    await selectStatusFilter(page, 'Active');
+    await expect(page.getByText(newProjectName)).not.toBeVisible();
+
+    // Remove Active filter - project should reappear (back to "all")
+    await removeStatusFilter(page);
+    await expect(page.getByText(newProjectName)).toBeVisible();
+
+    // Apply Archived filter - project should still be visible
+    await selectStatusFilter(page, 'Archived');
+    await expect(page.getByText(newProjectName)).toBeVisible();
+
+    // Remove Archived filter and apply Active filter - project should not be visible
+    await removeStatusFilter(page);
+    await selectStatusFilter(page, 'Active');
+    await expect(page.getByText(newProjectName)).not.toBeVisible();
+});
+
+test('test that filter state persists after page reload', async ({ page }) => {
+    await goToProjectsOverview(page);
+    await clearProjectTableState(page);
+    await page.reload();
+
+    // Apply Active status filter
+    await selectStatusFilter(page, 'Active');
+
+    // Verify the filter badge is visible
+    await expect(page.getByTestId('status-filter-badge')).toBeVisible();
+
+    // Reload the page
+    await page.reload();
+
+    // Verify the filter badge is still visible after reload
+    await expect(page.getByTestId('status-filter-badge')).toBeVisible();
+});
+
+test('test that sort state persists after page reload', async ({ page }) => {
+    await goToProjectsOverview(page);
+    await clearProjectTableState(page);
+    await page.reload();
+
+    // Click on Name header twice to sort descending
+    const nameHeader = page.getByText('Name').first();
+    await nameHeader.click();
+    await expect(nameHeader.locator('svg')).toBeVisible();
+    await nameHeader.click();
+
+    // Reload the page
+    await page.reload();
+
+    // Verify descending sort indicator is visible on Name column
+    await expect(page.getByTestId('project_table')).toBeVisible();
+});
+
+test('test that custom billable rate is displayed correctly on project detail page', async ({
+    page,
+    ctx,
+}) => {
+    const newProjectName = 'Billable Rate Project ' + Math.floor(1 + Math.random() * 10000);
+    const newBillableRate = Math.round(10 + Math.random() * 1000);
+    await createProjectViaApi(ctx, { name: newProjectName });
+
+    await goToProjectsOverview(page);
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
+
+    // Edit the project to set a custom billable rate
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').first().click();
+
+    // Set billable default to Billable
+    await page.getByRole('dialog').locator('#billable').click();
+    await page.getByRole('option', { name: 'Billable', exact: true }).click();
+
+    // Set billable rate to Custom Rate
+    await page.getByRole('dialog').locator('#billableRateType').click();
+    await page.getByRole('option', { name: 'Custom Rate' }).click();
+
+    await page.getByPlaceholder('Billable Rate').fill(newBillableRate.toString());
+    await page.getByRole('button', { name: 'Update Project' }).click();
+
+    await Promise.all([
+        page.locator('button').filter({ hasText: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Navigate to the project detail page by clicking the project name
+    await page.getByText(newProjectName).first().click();
+    await page.waitForURL(/\/projects\/[a-f0-9-]+/);
+
+    // Verify the badge displays the correctly formatted billable rate
+    const expectedFormattedRate = formatCentsWithOrganizationDefaults(newBillableRate * 100);
+    await expect(page.locator('nav[aria-label="Breadcrumb"]').locator('..')).toContainText(
+        expectedFormattedRate
+    );
+});
+
+// Tests for estimated time input (Issue #460)
+test('test that creating a project with estimated time in human-readable format works', async ({
+    page,
+}) => {
+    const newProjectName = 'Estimated Time Project ' + Math.floor(1 + Math.random() * 10000);
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project Name').fill(newProjectName);
+
+    // Fill in estimated time using human-readable format
+    const estimatedTimeInput = page.getByPlaceholder('e.g. 2h 30m or 1.5');
+    await estimatedTimeInput.fill('2h 30m');
+    await estimatedTimeInput.press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                // 2h 30m = 9000 seconds
+                (await response.json()).data.estimated_time === 9000
+        ),
+    ]);
+
+    await expect(page.getByTestId('project_table')).toContainText(newProjectName);
+});
+
+test('test that creating a project with estimated time using decimal notation works', async ({
+    page,
+}) => {
+    const newProjectName = 'Decimal Estimated Project ' + Math.floor(1 + Math.random() * 10000);
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project Name').fill(newProjectName);
+
+    // Fill in estimated time using decimal notation (1.5 hours = 1h 30m)
+    const estimatedTimeInput = page.getByPlaceholder('e.g. 2h 30m or 1.5');
+    await estimatedTimeInput.fill('1.5');
+    await estimatedTimeInput.press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                // 1.5 hours = 5400 seconds
+                (await response.json()).data.estimated_time === 5400
+        ),
+    ]);
+
+    await expect(page.getByTestId('project_table')).toContainText(newProjectName);
+});
+
+test('test that creating a project with estimated time using comma decimal notation works', async ({
+    page,
+}) => {
+    const newProjectName = 'Comma Decimal Project ' + Math.floor(1 + Math.random() * 10000);
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project Name').fill(newProjectName);
+
+    // Fill in estimated time using comma decimal notation (2,5 hours = 2h 30m)
+    const estimatedTimeInput = page.getByPlaceholder('e.g. 2h 30m or 1.5');
+    await estimatedTimeInput.fill('2,5');
+    await estimatedTimeInput.press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                // 2.5 hours = 9000 seconds
+                (await response.json()).data.estimated_time === 9000
+        ),
+    ]);
+
+    await expect(page.getByTestId('project_table')).toContainText(newProjectName);
+});
+
+test('test that updating estimated time on existing project works', async ({ page, ctx }) => {
+    const newProjectName = 'Update Estimated Project ' + Math.floor(1 + Math.random() * 10000);
+    await createProjectViaApi(ctx, { name: newProjectName });
+
+    await goToProjectsOverview(page);
+    await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
+
+    // Edit the project to add estimated time
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').first().click();
+
+    // Fill in estimated time
+    const estimatedTimeInput = page.getByPlaceholder('e.g. 2h 30m or 1.5');
+    await estimatedTimeInput.fill('4h 15m');
+    await estimatedTimeInput.press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                // 4h 15m = 15300 seconds
+                (await response.json()).data.estimated_time === 15300
+        ),
+    ]);
+});
+
+test('test that estimated time input displays formatted value after blur', async ({ page }) => {
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+
+    const estimatedTimeInput = page.getByPlaceholder('e.g. 2h 30m or 1.5');
+
+    // Enter time in various formats and check the displayed value
+    await estimatedTimeInput.fill('90');
+    await estimatedTimeInput.press('Tab');
+    // 90 hours should be displayed as "90h 00min" (default format)
+    await expect(estimatedTimeInput).toHaveValue(/90h/);
+
+    await estimatedTimeInput.fill('1:30');
+    await estimatedTimeInput.press('Tab');
+    // 1:30 should be displayed as "1h 30min"
+    await expect(estimatedTimeInput).toHaveValue(/1h.*30/);
+});
+
+test('test that editing a task name on the project detail page works', async ({ page, ctx }) => {
+    const projectName = 'Task Edit Project ' + Math.floor(1 + Math.random() * 10000);
+    const originalTaskName = 'Original Task ' + Math.floor(1 + Math.random() * 10000);
+    const updatedTaskName = 'Updated Task ' + Math.floor(1 + Math.random() * 10000);
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTaskViaApi(ctx, { name: originalTaskName, project_id: project.id });
+
+    // Navigate to the project detail page
+    await goToProjectsOverview(page);
+    await expect(page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+    await page.getByText(projectName).first().click();
+    await page.waitForURL(/\/projects\/[a-f0-9-]+/);
+
+    // Verify task is visible
+    await expect(page.getByTestId('task_table')).toContainText(originalTaskName);
+
+    // Open edit modal via actions menu
+    const moreButton = page.locator("[aria-label='Actions for Task " + originalTaskName + "']");
+    await moreButton.click();
+    await page.getByTestId('task_edit').click();
+
+    // Update the task name
+    await page.locator('#taskName').fill(updatedTaskName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Task' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/tasks') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify updated name is shown and old name is gone
+    await expect(page.getByTestId('task_table')).toContainText(updatedTaskName);
+    await expect(page.getByTestId('task_table')).not.toContainText(originalTaskName);
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Projects Restrictions', () => {
+    test('employee can view public projects but cannot create', async ({ ctx, employee }) => {
+        const projectName = 'EmpViewProj ' + Math.floor(Math.random() * 10000);
+        await createPublicProjectViaApi(ctx, { name: projectName });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByTestId('projects_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Employee can see the public project
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+
+        // Employee cannot see Create Project button
+        await expect(
+            employee.page.getByRole('button', { name: 'Create Project' })
+        ).not.toBeVisible();
+    });
+
+    test('employee cannot see edit/delete/archive actions on projects', async ({
+        ctx,
+        employee,
+    }) => {
+        const projectName = 'EmpActionsProj ' + Math.floor(Math.random() * 10000);
+        await createPublicProjectViaApi(ctx, { name: projectName });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+
+        // Click the actions dropdown trigger to open the menu
+        const actionsButton = employee.page.locator(
+            `[aria-label='Actions for Project ${projectName}']`
+        );
+        await actionsButton.click();
+
+        // The dropdown menu items (Edit, Archive, Delete) should NOT be visible
+        await expect(
+            employee.page.locator(`[aria-label='Edit Project ${projectName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Archive Project ${projectName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Delete Project ${projectName}']`)
+        ).not.toBeVisible();
+    });
+});
+
+test.describe('Employee Billable Rate Visibility', () => {
+    test('employee cannot see billable rate column by default', async ({ ctx, employee }) => {
+        const projectName = 'EmpBillableProj ' + Math.floor(Math.random() * 10000);
+        await createPublicProjectViaApi(ctx, {
+            name: projectName,
+            is_billable: true,
+            billable_rate: 15000,
+        });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+
+        // Billable Rate column should not be visible to employee by default
+        await expect(employee.page.getByText('Billable Rate')).not.toBeVisible();
+    });
+
+    test('employee can see billable rate column when employees_can_see_billable_rates is enabled', async ({
+        ctx,
+        employee,
+    }) => {
+        await updateOrganizationSettingViaApi(ctx, { employees_can_see_billable_rates: true });
+
+        const projectName = 'EmpBillableVisProj ' + Math.floor(Math.random() * 10000);
+        await createPublicProjectViaApi(ctx, {
+            name: projectName,
+            is_billable: true,
+            billable_rate: 20000,
+        });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+
+        // Billable Rate column header should be visible
+        await expect(employee.page.getByText('Billable Rate')).toBeVisible();
+
+        // The project row should show the formatted billable rate
+        const projectRow = employee.page.getByRole('row').filter({ hasText: projectName });
+        await expect(projectRow).toContainText('200');
+    });
+});

e2e/reporting-detailed.spec.ts

@@ -0,0 +1,719 @@
+import { expect } from '@playwright/test';
+import { test } from '../playwright/fixtures';
+import { goToReportingDetailed, waitForDetailedReportingUpdate } from './utils/reporting';
+import {
+    createProjectViaApi,
+    createClientViaApi,
+    createTaskViaApi,
+    createTimeEntryViaApi,
+    createTimeEntryWithTagViaApi,
+    createBareTimeEntryViaApi,
+} from './utils/api';
+
+// Each test registers a new user and creates test data via API
+test.describe.configure({ timeout: 30000 });
+
+// ──────────────────────────────────────────────────
+// Basic Detailed View Tests
+// ──────────────────────────────────────────────────
+
+test('test that detailed view shows time entries correctly', async ({ page, ctx }) => {
+    const projectName = 'Detailed View Project ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    // Go to detailed reporting view
+    await goToReportingDetailed(page);
+
+    // Verify the time entry is shown with all details
+    await expect(page.getByText(projectName, { exact: true }).first()).toBeVisible();
+    await expect(page.locator('input[name="Duration"]').first()).toHaveValue('1h 00min');
+    await expect(page.getByText('Entry for ' + projectName, { exact: true }).first()).toBeVisible();
+});
+
+test('test that updating duration in detailed view works correctly', async ({ page, ctx }) => {
+    const projectName = 'Duration Update Project ' + Math.floor(Math.random() * 10000);
+    const initialDuration = '1h';
+    const updatedDuration = '2h 30min';
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: initialDuration,
+        projectId: project.id,
+    });
+
+    // Go to detailed reporting view
+    await goToReportingDetailed(page);
+
+    // Find and update the duration
+    const durationInput = page.locator('input[name="Duration"]').first();
+    await durationInput.click();
+    await durationInput.fill(updatedDuration);
+    await Promise.all([
+        durationInput.press('Enter'),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 200
+        ),
+    ]);
+
+    // Verify the new duration is displayed
+    await expect(durationInput).toHaveValue(updatedDuration);
+});
+
+// ──────────────────────────────────────────────────
+// Project Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that project multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const project1 = 'DetailProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'DetailProj2 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    // Wait for initial data load
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Open project multiselect and select project1
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify only project1 entry is shown
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Client Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that client multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const client1 = 'DetailClient1 ' + Math.floor(Math.random() * 10000);
+    const project1 = 'DetailClientProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'DetailClientProj2 ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const p1 = await createProjectViaApi(ctx, { name: project1, client_id: c1.id });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Filter by client1
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: client1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only entries for project1 (with client1) should be visible
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Task Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that task multiselect dropdown filters reporting by task', async ({ page, ctx }) => {
+    const projectName = 'TaskFilterProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'TaskFilter1 ' + Math.floor(Math.random() * 10000);
+    const task2 = 'TaskFilter2 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    const t2 = await createTaskViaApi(ctx, { name: task2, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task2}`,
+        duration: '2h',
+        projectId: project.id,
+        taskId: t2.id,
+    });
+
+    // Use the detailed view to verify task filtering (shows individual entries)
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+
+    // Open task multiselect dropdown
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+
+    // Verify both tasks appear
+    await expect(page.getByRole('option').filter({ hasText: task1 })).toBeVisible();
+    await expect(page.getByRole('option').filter({ hasText: task2 })).toBeVisible();
+
+    // Select task1
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows count of 1
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Verify only task1 entry is shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).not.toBeVisible();
+});
+
+test('test that selecting multiple tasks shows correct badge count', async ({ page, ctx }) => {
+    const projectName = 'MultiTaskProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'MultiTask1 ' + Math.floor(Math.random() * 10000);
+    const task2 = 'MultiTask2 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    const t2 = await createTaskViaApi(ctx, { name: task2, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task2}`,
+        duration: '2h',
+        projectId: project.id,
+        taskId: t2.id,
+    });
+
+    // Use the detailed view to verify task filtering
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+
+    // Select both tasks
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await page.getByRole('option').filter({ hasText: task2 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows count of 2
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('2')).toBeVisible();
+
+    // Verify both task entries are shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+});
+
+test('test that deselecting a task removes the filter', async ({ page, ctx }) => {
+    const projectName = 'TaskDeselectProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'TaskDeselect1 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+
+    // Select task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Deselect task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(
+        page.getByRole('button', { name: 'Tasks' }).first().getByText(/^\d+$/)
+    ).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Member Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that member multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'DetailMemberProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Filter by the current member
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'John Doe' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Data should still be visible since all entries belong to this member
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Verify badge shows count of 1
+    await expect(
+        page.getByRole('button', { name: 'Members' }).first().getByText('1')
+    ).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Tag Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that tag filter works on detailed reporting page', async ({ page, ctx }) => {
+    const tag1 = 'DetailTag1 ' + Math.floor(Math.random() * 10000);
+    const tag2 = 'DetailTag2 ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tag1, '1h');
+    await createTimeEntryWithTagViaApi(ctx, tag2, '2h');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag2}`).first()).toBeVisible();
+
+    // Filter by tag1
+    await page.getByRole('button', { name: 'Tags' }).click();
+    await page.getByRole('option').filter({ hasText: tag1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Billable Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that billable filter works on detailed reporting page', async ({ page, ctx }) => {
+    const projectName = 'DetailBillProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Filter by billable only
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Billable', exact: true }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+
+    // Switch to Non Billable
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Non Billable', exact: true }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+
+    // Switch back to Both
+    await page.getByRole('combobox').filter({ hasText: 'Non Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Both' }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+});
+
+// ──────────────────────────────────────────────────
+// Combined Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that combining project and task filters narrows results', async ({ page, ctx }) => {
+    const projectName = 'CombinedProj ' + Math.floor(Math.random() * 10000);
+    const otherProject = 'OtherCombProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'CombinedTask1 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: projectName });
+    const p2 = await createProjectViaApi(ctx, { name: otherProject });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: p1.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: p1.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${otherProject}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${otherProject}`).first()).toBeVisible();
+
+    // Filter by project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: projectName }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Additionally filter by task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify both badges show count of 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Verify only the combined entry is shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${otherProject}`).first()).not.toBeVisible();
+});
+
+test('test that combining client and member filters narrows results on detailed page', async ({
+    page,
+    ctx,
+}) => {
+    const client1 = 'CombClient ' + Math.floor(Math.random() * 10000);
+    const project1 = 'CombClientProj ' + Math.floor(Math.random() * 10000);
+    const project2 = 'CombNoClientProj ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const p1 = await createProjectViaApi(ctx, { name: project1, client_id: c1.id });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Filter by client
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: client1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Additionally filter by member
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'John Doe' }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only project1 entry should be visible (filtered by client + member)
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+
+    // Both badges should show count of 1
+    await expect(
+        page.getByRole('button', { name: 'Clients' }).first().getByText('1')
+    ).toBeVisible();
+    await expect(
+        page.getByRole('button', { name: 'Members' }).first().getByText('1')
+    ).toBeVisible();
+});
+
+test('test that combining tag and project filters narrows results', async ({ page, ctx }) => {
+    const tag1 = 'CombTag ' + Math.floor(Math.random() * 10000);
+    const project1 = 'CombTagProj ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+
+    // Create a time entry with a project (no tag)
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+
+    // Create a time entry with a tag (no specific project)
+    await createTimeEntryWithTagViaApi(ctx, tag1, '2h');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+
+    // Filter by project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only the project entry should be visible (tagged entry has no project)
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// "No X" Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that "No Project" filter shows entries without a project', async ({ page, ctx }) => {
+    const project1 = 'NoProj1 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare entry no project', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare entry no project').first()).toBeVisible();
+
+    // Open project dropdown and select "No Project"
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Project' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+
+    // Only the bare entry (no project) should be visible
+    await expect(page.getByText('Bare entry no project').first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Task" filter shows entries without a task', async ({ page, ctx }) => {
+    const projectName = 'NoTaskProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'NoTaskFilter1 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '30min',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Open task dropdown and select "No Task"
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Task' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Only the entry without a task should be visible
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Tag" filter shows entries without tags', async ({ page, ctx }) => {
+    const tag1 = 'NoTagFilter1 ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tag1, '1h');
+    await createBareTimeEntryViaApi(ctx, 'Entry without any tag', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText('Entry without any tag').first()).toBeVisible();
+
+    // Open tag dropdown and select "No Tag"
+    await page.getByRole('button', { name: 'Tags' }).click();
+    await page.getByRole('option').filter({ hasText: 'No Tag' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tags' }).getByText('1')).toBeVisible();
+
+    await expect(page.getByText('Entry without any tag').first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Client" filter shows entries without a client', async ({ page, ctx }) => {
+    const client1 = 'NoClientFilter ' + Math.floor(Math.random() * 10000);
+    const projectWithClient = 'NoClientProj1 ' + Math.floor(Math.random() * 10000);
+    const projectNoClient = 'NoClientProj2 ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const pWithClient = await createProjectViaApi(ctx, {
+        name: projectWithClient,
+        client_id: c1.id,
+    });
+    const pNoClient = await createProjectViaApi(ctx, { name: projectNoClient });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectWithClient}`,
+        duration: '1h',
+        projectId: pWithClient.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectNoClient}`,
+        duration: '30min',
+        projectId: pNoClient.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectWithClient}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectNoClient}`).first()).toBeVisible();
+
+    // Open client dropdown and select "No Client"
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Client' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(
+        page.getByRole('button', { name: 'Clients' }).first().getByText('1')
+    ).toBeVisible();
+
+    await expect(page.getByText(`Entry for ${projectNoClient}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectWithClient}`).first()).not.toBeVisible();
+});
+
+test('test that combining "No Project" with a project ID shows both', async ({ page, ctx }) => {
+    const project1 = 'CombNoProj ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare combined entry', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare combined entry').first()).toBeVisible();
+
+    // Select both "No Project" and the specific project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Project' }).click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Badge should show 2
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('2')
+    ).toBeVisible();
+
+    // Both entries should be visible
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare combined entry').first()).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Keyboard Navigation Tests
+// ──────────────────────────────────────────────────
+
+test('test that keyboard navigation works in multiselect dropdown', async ({ page, ctx }) => {
+    const project1 = 'KbNavProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'KbNavProj2 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+
+    // Open project dropdown
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+
+    // The search input should be focused, first item ("No Project") highlighted
+    await expect(page.getByPlaceholder('Search for a Project...')).toBeFocused();
+
+    // Press ArrowDown to move to first project, then Enter to select it
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('Enter');
+
+    // Close dropdown and verify filter applied
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Badge should show 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+});

e2e/shared-reports.spec.ts

@@ -0,0 +1,822 @@
+import { expect } from '@playwright/test';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { test } from '../playwright/fixtures';
+import {
+    createProjectViaApi,
+    createClientViaApi,
+    createTaskViaApi,
+    createTimeEntryViaApi,
+    createTimeEntryWithTagViaApi,
+    createBareTimeEntryViaApi,
+    createBillableProjectViaApi,
+    createTimeEntryWithBillableStatusViaApi,
+    createTagViaApi,
+} from './utils/api';
+import {
+    goToReporting,
+    goToReportingShared,
+    waitForReportingUpdate,
+    saveAsSharedReport,
+} from './utils/reporting';
+
+// Each test registers a new user and creates test data via API
+test.describe.configure({ timeout: 30000 });
+
+// Date picker button name patterns for different date formats
+const DATE_PICKER_BUTTON_PATTERN =
+    /^Pick a date$|^\d{4}-\d{2}-\d{2}$|^\d{2}\/\d{2}\/\d{4}$|^\d{2}\.\d{2}\.\d{4}$/;
+
+// ──────────────────────────────────────────────────
+// Shared Report Lifecycle Tests
+// ──────────────────────────────────────────────────
+
+test('test that saving a report creates a shared report and its shareable link shows correct data', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'SharedProject ' + Math.floor(Math.random() * 10000);
+    const reportName = 'SharedReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // Verify report appears on shared tab
+    await goToReportingShared(page);
+    await expect(page.getByTestId('report_table')).toBeVisible();
+    await expect(page.getByText(reportName)).toBeVisible();
+    await expect(page.getByText('Public', { exact: true })).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Copy URL' })).toBeVisible();
+
+    // Navigate to shareable link and verify report data
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectName)).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that shared report with invalid secret shows no data', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/shared-report#invalid-secret-value');
+    await expect(page.getByText('No time entries found').first()).toBeVisible();
+});
+
+test('test that a shared report can be edited to toggle public/private and then deleted', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'EditDelProject ' + Math.floor(Math.random() * 10000);
+    const reportName = 'EditDelReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    await saveAsSharedReport(page, reportName);
+
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+    await expect(page.getByText('Public', { exact: true })).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // Uncheck public and save
+    await page.getByLabel('Public').click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+
+    // Verify status changed to private
+    await expect(page.getByText('Private')).toBeVisible();
+    await expect(page.getByText('--')).toBeVisible();
+
+    // Delete the report
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem', { name: /^Delete Report/ }).click(),
+    ]);
+
+    await expect(page.getByText('No shared reports found')).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Shared Report Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that shared report respects project filter', async ({ page, ctx }) => {
+    const projectA = 'FilterProjA ' + Math.floor(Math.random() * 10000);
+    const projectB = 'FilterProjB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'FilterProjReport ' + Math.floor(Math.random() * 10000);
+
+    const projA = await createProjectViaApi(ctx, { name: projectA });
+    const projB = await createProjectViaApi(ctx, { name: projectB });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectA}`,
+        duration: '1h',
+        projectId: projA.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectB}`,
+        duration: '2h',
+        projectId: projB.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectA)).toBeVisible();
+
+    // Filter by project A
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: projectA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectA)).toBeVisible();
+    await expect(page.getByText(projectB)).not.toBeVisible();
+});
+
+test('test that shared report with No Project filter shows entries without a project', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'NoProjFilter ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoProjReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare entry no project', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by "No Project"
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Project' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    // The "No Project" group should show, but the project name should not appear as a group
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText(projectName)).not.toBeVisible();
+});
+
+test('test that shared report with No Task filter shows entries without a task', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'NoTaskProj ' + Math.floor(Math.random() * 10000);
+    const taskName = 'NoTaskFilter ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoTaskReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const task = await createTaskViaApi(ctx, { name: taskName, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${taskName}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: task.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '2h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by "No Task"
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Task' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that shared report respects task filter', async ({ page, ctx }) => {
+    const projectName = 'TaskFilterProj ' + Math.floor(Math.random() * 10000);
+    const taskA = 'TaskA ' + Math.floor(Math.random() * 10000);
+    const taskB = 'TaskB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'TaskFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const task = await createTaskViaApi(ctx, { name: taskA, project_id: project.id });
+    await createTaskViaApi(ctx, { name: taskB, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${taskA}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: task.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} no task`,
+        duration: '2h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by task A
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: taskA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText('1h 00min').first()).toBeVisible();
+    await expect(page.getByText('3h 00min')).not.toBeVisible();
+});
+
+test('test that shared report respects client filter', async ({ page, ctx }) => {
+    const clientA = 'ClientA ' + Math.floor(Math.random() * 10000);
+    const clientB = 'ClientB ' + Math.floor(Math.random() * 10000);
+    const projectA = 'ClientFilterProjA ' + Math.floor(Math.random() * 10000);
+    const projectB = 'ClientFilterProjB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'ClientFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const cliA = await createClientViaApi(ctx, { name: clientA });
+    const cliB = await createClientViaApi(ctx, { name: clientB });
+    const projA = await createProjectViaApi(ctx, { name: projectA, client_id: cliA.id });
+    const projB = await createProjectViaApi(ctx, { name: projectB, client_id: cliB.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${clientA}`,
+        duration: '1h',
+        projectId: projA.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${clientB}`,
+        duration: '2h',
+        projectId: projB.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectA)).toBeVisible();
+
+    // Filter by client A
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: clientA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectA)).toBeVisible();
+    await expect(page.getByText(projectB)).not.toBeVisible();
+});
+
+test('test that shared report respects tag filter', async ({ page, ctx }) => {
+    const tagA = 'TagA ' + Math.floor(Math.random() * 10000);
+    const tagB = 'TagB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'TagFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const tagObjA = await createTagViaApi(ctx, { name: tagA });
+    await createTagViaApi(ctx, { name: tagB });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry with ${tagA}`,
+        duration: '1h',
+        tags: [tagObjA.id],
+    });
+    await createBareTimeEntryViaApi(ctx, 'Entry no tags', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText('Total')).toBeVisible();
+
+    // Filter by tag A
+    await page.getByRole('button', { name: 'Tags' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: tagA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText('1h 00min').first()).toBeVisible();
+    await expect(page.getByText('3h 00min')).not.toBeVisible();
+});
+
+test('test that shared report respects member filter', async ({ page, ctx }) => {
+    const projectName = 'MemberFilterProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'MemberFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by current member (John Doe)
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'John Doe' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report — should still show data since all entries belong to this member
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectName)).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that shared report with billable filter only shows billable entries', async ({
+    page,
+    ctx,
+}) => {
+    const reportName = 'BillableFilterReport ' + Math.floor(Math.random() * 10000);
+
+    // Create one billable (1h) and one non-billable (2h) entry
+    await createTimeEntryWithBillableStatusViaApi(ctx, true, '1h');
+    await createTimeEntryWithBillableStatusViaApi(ctx, false, '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText('Total')).toBeVisible();
+
+    // Filter by billable only
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Billable', exact: true }).click(),
+        waitForReportingUpdate(page),
+    ]);
+
+    // Verify only 1h shows before saving
+    await expect(page.getByTestId('reporting_view').getByText('1h 00min').first()).toBeVisible();
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // Navigate to the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+
+    // Shared report should only show the 1h billable entry, not the 2h non-billable
+    await expect(page.getByText('1h 00min').first()).toBeVisible();
+    await expect(page.getByText('3h 00min')).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Report Date Picker Tests
+// ──────────────────────────────────────────────────
+
+test('test that creating a report with an expiration date works', async ({ page, ctx }) => {
+    const projectName = 'DatePickerProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'DatePickerReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Open the save report modal
+    await page.getByRole('button', { name: 'Save Report' }).click();
+    await page.getByLabel('Name').fill(reportName);
+
+    // The "Public" checkbox should be checked by default, showing the date picker
+    const datePicker = page
+        .getByRole('dialog')
+        .getByRole('button', { name: DATE_PICKER_BUTTON_PATTERN });
+    await expect(datePicker).toBeVisible();
+    await datePicker.click();
+
+    // Select a date in the next month
+    const calendarGrid = page.getByRole('grid');
+    await expect(calendarGrid).toBeVisible({ timeout: 5000 });
+    await page.getByRole('button', { name: /Next/i }).click();
+    await page.getByRole('gridcell').filter({ hasText: /^15$/ }).first().click();
+
+    // Wait for the calendar to close
+    await expect(calendarGrid).not.toBeVisible();
+
+    // Create the report and verify it includes the public_until date
+    const [response] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+        page.getByRole('dialog').getByRole('button', { name: 'Create Report' }).click(),
+    ]);
+    const responseBody = await response.json();
+    expect(responseBody.data.public_until).toBeTruthy();
+});
+
+test('test that editing a report to make it public with expiration date works', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'EditDateProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'EditDateReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Open the save report modal and create a private report
+    await page.getByRole('button', { name: 'Save Report' }).click();
+    await page.getByLabel('Name').fill(reportName);
+
+    // Uncheck "Public" to create a private report
+    await page.getByLabel('Public').click();
+
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+        page.getByRole('dialog').getByRole('button', { name: 'Create Report' }).click(),
+    ]);
+
+    // Go to shared reports and edit
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+    await expect(page.getByText('Private')).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // Check "Public" to make it public - this should show the date picker
+    await page.getByLabel('Public').click();
+
+    // The date picker should now be visible
+    const datePicker = page
+        .getByRole('dialog')
+        .getByRole('button', { name: DATE_PICKER_BUTTON_PATTERN });
+    await expect(datePicker).toBeVisible();
+    await datePicker.click();
+
+    // Select a date in the next month
+    const calendarGrid = page.getByRole('grid');
+    await expect(calendarGrid).toBeVisible({ timeout: 5000 });
+    await page.getByRole('button', { name: /Next/i }).click();
+    await page.getByRole('gridcell').filter({ hasText: /^20$/ }).first().click();
+
+    // Wait for the calendar to close
+    await expect(calendarGrid).not.toBeVisible();
+
+    // Update the report and verify it includes the public_until date
+    const [response] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+    const responseBody = await response.json();
+    expect(responseBody.data.public_until).toBeTruthy();
+    expect(responseBody.data.is_public).toBe(true);
+});
+
+test('test that shared report with No Client filter shows entries without a client', async ({
+    page,
+    ctx,
+}) => {
+    const clientName = 'NoClientCli ' + Math.floor(Math.random() * 10000);
+    const projectName = 'NoClientProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoClientReport ' + Math.floor(Math.random() * 10000);
+
+    const client = await createClientViaApi(ctx, { name: clientName });
+    const project = await createProjectViaApi(ctx, { name: projectName, client_id: client.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Entry without client', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by "No Client"
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Client' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText(projectName)).not.toBeVisible();
+});
+
+test('test that shared report with No Tag filter shows entries without tags', async ({
+    page,
+    ctx,
+}) => {
+    const tagName = 'NoTagFilter ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoTagReport ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tagName, '1h');
+    await createBareTimeEntryViaApi(ctx, 'Entry without tags', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByText('Total')).toBeVisible();
+
+    // Filter by "No Tag"
+    await page.getByRole('button', { name: 'Tags' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Tag' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that creating a report with empty name shows validation error', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'EmptyNameProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Open the save report modal
+    await page.getByRole('button', { name: 'Save Report' }).click();
+
+    // Leave name empty and try to create
+    await page.getByRole('dialog').getByRole('button', { name: 'Create Report' }).click();
+
+    // Should show validation error
+    await expect(page.getByText('The name field is required')).toBeVisible();
+});
+
+test('test that updating report name works', async ({ page, ctx }) => {
+    const projectName = 'UpdateNameProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'OriginalName ' + Math.floor(Math.random() * 10000);
+    const newReportName = 'UpdatedName ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    await saveAsSharedReport(page, reportName);
+
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // Update the name
+    await page.getByLabel('Name', { exact: true }).fill(newReportName);
+
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+
+    // Verify the name was updated in the table
+    await expect(page.getByText(newReportName)).toBeVisible();
+    await expect(page.getByText(reportName)).not.toBeVisible();
+});
+
+test('test that updating expiration date on already-public report works', async ({ page, ctx }) => {
+    const projectName = 'UpdateExpDateProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'UpdateExpDateReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Create a public report (already public by default)
+    await saveAsSharedReport(page, reportName);
+
+    // Go to shared reports and edit
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // The date picker should be visible (report is already public)
+    const datePicker = page
+        .getByRole('dialog')
+        .getByRole('button', { name: DATE_PICKER_BUTTON_PATTERN });
+    await expect(datePicker).toBeVisible();
+    await datePicker.click();
+
+    // Select the 25th of next month
+    const calendarGrid = page.getByRole('grid');
+    await expect(calendarGrid).toBeVisible({ timeout: 5000 });
+    await page.getByRole('button', { name: /Next/i }).click();
+    await page.getByRole('gridcell').filter({ hasText: /^25$/ }).first().click();
+
+    // Wait for the calendar to close
+    await expect(calendarGrid).not.toBeVisible();
+
+    // Update the report and verify it includes the correct public_until date
+    const [response] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+    const responseBody = await response.json();
+    expect(responseBody.data.public_until).toBeTruthy();
+
+    // Verify the date is the 25th of a future month
+    const returnedDate = new Date(responseBody.data.public_until);
+    expect(returnedDate.getUTCDate()).toBe(25);
+
+    // The returned date should be in the future
+    const now = new Date();
+    expect(returnedDate.getTime()).toBeGreaterThan(now.getTime());
+});
+
+// ──────────────────────────────────────────────────
+// Shared Report Cost Column Tests
+// ──────────────────────────────────────────────────
+
+test('test that shared report displays cost column correctly aligned with data rows', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'BillableProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'BillableReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createBillableProjectViaApi(ctx, {
+        name: projectName,
+        billable_rate: 10000, // 100.00 per hour
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+        billable: true,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // Navigate to the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectName)).toBeVisible();
+
+    // Verify the table header has all three columns
+    await expect(page.getByText('Name', { exact: true })).toBeVisible();
+    await expect(page.getByText('Duration', { exact: true })).toBeVisible();
+    await expect(page.getByText('Cost', { exact: true })).toBeVisible();
+
+    // Verify the Total row displays both duration and cost
+    await expect(page.getByText('Total')).toBeVisible();
+
+    // The data rows should render cost values (not just header + duration)
+    // With 1h at 100/h the cost should be displayed somewhere in the table
+    // If showCost is not passed to ReportingRow, only the header "Cost" and
+    // the Total row cost will render, but individual row costs will be missing
+    const table = page.locator('[style*="grid-template-columns"]');
+    // Count elements containing the cost value - header "Cost" + project row cost + total row cost = 3
+    // If broken (showCost not passed), the project row won't render its cost cell
+    await expect(table.getByText(/100/).first()).toBeVisible();
+
+    // Verify the cost value appears at least twice in the table
+    // (once for the data row, once for the total) beyond just the header
+    const costValues = table.getByText(/100/);
+    await expect(costValues).toHaveCount(2);
+});

e2e/tags.spec.ts

@@ -1,15 +1,15 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
+import { createTagViaApi } from './utils/api';
+import { getTableRowNames } from './utils/table';
 
 async function goToTagsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/tags');
 }
 
-// Create new project via modal
-test('test that creating and deleting a new client via the modal works', async ({
-    page,
-}) => {
+test('test that creating and deleting a new tag via the modal works', async ({ page }) => {
     const newTagName = 'New Tag ' + Math.floor(1 + Math.random() * 10000);
     await goToTagsOverview(page);
     await page.getByRole('button', { name: 'Create Tag' }).click();
@@ -27,13 +27,9 @@ test('test that creating and deleting a new client via the modal works', async (
     ]);
 
     await expect(page.getByTestId('tag_table')).toContainText(newTagName);
-    const moreButton = page.locator(
-        "[aria-label='Actions for Tag " + newTagName + "']"
-    );
+    const moreButton = page.locator("[aria-label='Actions for Tag " + newTagName + "']");
     moreButton.click();
-    const deleteButton = page.locator(
-        "[aria-label='Delete Tag " + newTagName + "']"
-    );
+    const deleteButton = page.locator("[aria-label='Delete Tag " + newTagName + "']");
 
     await Promise.all([
         deleteButton.click(),
@@ -46,3 +42,133 @@ test('test that creating and deleting a new client via the modal works', async (
     ]);
     await expect(page.getByTestId('tag_table')).not.toContainText(newTagName);
 });
+
+test('test that editing a tag name works', async ({ page, ctx }) => {
+    const originalTagName = 'Original Tag ' + Math.floor(1 + Math.random() * 10000);
+    const updatedTagName = 'Updated Tag ' + Math.floor(1 + Math.random() * 10000);
+
+    await createTagViaApi(ctx, { name: originalTagName });
+
+    await goToTagsOverview(page);
+    await expect(page.getByTestId('tag_table')).toContainText(originalTagName);
+
+    // Open actions menu and click Edit
+    const moreButton = page.locator("[aria-label='Actions for Tag " + originalTagName + "']");
+    await moreButton.click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+
+    // Update the tag name in the edit modal
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await page.getByPlaceholder('Tag Name').fill(updatedTagName);
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/tags/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Tag' }).click(),
+    ]);
+
+    // Verify the table shows the updated name
+    await expect(page.getByTestId('tag_table')).toContainText(updatedTagName);
+    await expect(page.getByTestId('tag_table')).not.toContainText(originalTagName);
+});
+
+test('test that multiple tags can be created via API and displayed in the table', async ({
+    page,
+    ctx,
+}) => {
+    const tagName1 = 'TagA ' + Math.floor(1 + Math.random() * 10000);
+    const tagName2 = 'TagB ' + Math.floor(1 + Math.random() * 10000);
+
+    await createTagViaApi(ctx, { name: tagName1 });
+    await createTagViaApi(ctx, { name: tagName2 });
+
+    await goToTagsOverview(page);
+    await expect(page.getByTestId('tag_table')).toContainText(tagName1);
+    await expect(page.getByTestId('tag_table')).toContainText(tagName2);
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+async function clearTagTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('tag-table-state');
+    });
+}
+
+test('test that sorting tags by name works', async ({ page, ctx }) => {
+    await createTagViaApi(ctx, { name: 'AAA SortTag' });
+    await createTagViaApi(ctx, { name: 'ZZZ SortTag' });
+
+    await goToTagsOverview(page);
+    await clearTagTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('tag_table');
+    await expect(table).toBeVisible();
+
+    // Default is name asc
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortTag')).toBeLessThan(names.indexOf('ZZZ SortTag'));
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortTag')).toBeLessThan(names.indexOf('AAA SortTag'));
+});
+
+test('test that tag sort state persists after page reload', async ({ page }) => {
+    await goToTagsOverview(page);
+    await clearTagTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('tag_table');
+    await expect(table).toBeVisible();
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    await expect(nameHeader.locator('svg')).toBeVisible();
+
+    await page.reload();
+
+    await expect(page.getByTestId('tag_table')).toBeVisible();
+    await expect(
+        page.getByTestId('tag_table').getByText('Name').first().locator('svg')
+    ).toBeVisible();
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Tags Restrictions', () => {
+    test('employee can view tags but cannot create', async ({ ctx, employee }) => {
+        const tagName = 'EmpViewTag ' + Math.floor(Math.random() * 10000);
+        await createTagViaApi(ctx, { name: tagName });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/tags');
+        await expect(employee.page.getByTestId('tags_view')).toBeVisible({ timeout: 10000 });
+
+        // Employee can see the tag (tags are visible to all members with tags:view)
+        await expect(employee.page.getByText(tagName)).toBeVisible({ timeout: 10000 });
+
+        // Employee cannot see Create Tag button
+        await expect(employee.page.getByRole('button', { name: 'Create Tag' })).not.toBeVisible();
+    });
+
+    test('employee cannot see edit/delete actions on tags', async ({ ctx, employee }) => {
+        const tagName = 'EmpActionsTag ' + Math.floor(Math.random() * 10000);
+        await createTagViaApi(ctx, { name: tagName });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/tags');
+        await expect(employee.page.getByText(tagName)).toBeVisible({ timeout: 10000 });
+
+        // Actions button should not be visible for employee
+        const actionsButton = employee.page.locator(`[aria-label='Actions for Tag ${tagName}']`);
+        await expect(actionsButton).not.toBeVisible();
+    });
+});

e2e/tasks.spec.ts

@@ -1,17 +1,21 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
+import {
+    createProjectViaApi,
+    createPublicProjectViaApi,
+    createTaskViaApi,
+    createClientViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
 
 async function goToProjectsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
 }
 
-// Create new project via modal
-test('test that creating and deleting a new tag in a new project works', async ({
-    page,
-}) => {
-    const newProjectName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
+test('test that creating and deleting a new task in a new project works', async ({ page }) => {
+    const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
     await goToProjectsOverview(page);
     await page.getByRole('button', { name: 'Create Project' }).click();
     await page.getByLabel('Project Name').fill(newProjectName);
@@ -29,14 +33,10 @@ test('test that creating and deleting a new tag in a new project works', async (
         ),
     ]);
 
-    await expect(page.getByTestId('project_table')).toContainText(
-        newProjectName
-    );
-
+    await expect(page.getByTestId('project_table')).toContainText(newProjectName);
     await page.getByText(newProjectName).click();
 
-    const newTaskName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
-
+    const newTaskName = 'New Task ' + Math.floor(1 + Math.random() * 10000);
     await page.getByRole('button', { name: 'Create Task' }).click();
     await page.getByPlaceholder('Task Name').fill(newTaskName);
 
@@ -55,13 +55,9 @@ test('test that creating and deleting a new tag in a new project works', async (
 
     await expect(page.getByTestId('task_table')).toContainText(newTaskName);
 
-    const taskMoreButton = page.locator(
-        "[aria-label='Actions for Task " + newTaskName + "']"
-    );
+    const taskMoreButton = page.locator("[aria-label='Actions for Task " + newTaskName + "']");
     taskMoreButton.click();
-    const taskDeleteButton = page.locator(
-        "[aria-label='Delete Task " + newTaskName + "']"
-    );
+    const taskDeleteButton = page.locator("[aria-label='Delete Task " + newTaskName + "']");
 
     await Promise.all([
         taskDeleteButton.click(),
@@ -76,13 +72,9 @@ test('test that creating and deleting a new tag in a new project works', async (
 
     await goToProjectsOverview(page);
 
-    const moreButton = page.locator(
-        "[aria-label='Actions for Project " + newProjectName + "']"
-    );
+    const moreButton = page.locator("[aria-label='Actions for Project " + newProjectName + "']");
     moreButton.click();
-    const deleteButton = page.locator(
-        "[aria-label='Delete Project " + newProjectName + "']"
-    );
+    const deleteButton = page.locator("[aria-label='Delete Project " + newProjectName + "']");
 
     await Promise.all([
         deleteButton.click(),
@@ -93,29 +85,17 @@ test('test that creating and deleting a new tag in a new project works', async (
                 response.status() === 204
         ),
     ]);
-    await expect(page.getByTestId('project_table')).not.toContainText(
-        newProjectName
-    );
+    await expect(page.getByTestId('project_table')).not.toContainText(newProjectName);
 });
 
-test('test that archiving and unarchiving tasks works', async ({ page }) => {
-    const newProjectName =
-        'New Project ' + Math.floor(1 + Math.random() * 10000);
-    const newTaskName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
+test('test that archiving and unarchiving tasks works', async ({ page, ctx }) => {
+    const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
+    const newTaskName = 'New Task ' + Math.floor(1 + Math.random() * 10000);
 
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await page.getByLabel('Project Name').fill(newProjectName);
-
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await expect(page.getByText(newProjectName)).toBeVisible();
-
-    await page.getByText(newProjectName).click();
-
-    await page.getByRole('button', { name: 'Create Task' }).click();
-    await page.getByPlaceholder('Task Name').fill(newTaskName);
-    await page.getByRole('button', { name: 'Create Task' }).click();
+    const project = await createProjectViaApi(ctx, { name: newProjectName });
+    await createTaskViaApi(ctx, { name: newTaskName, project_id: project.id });
 
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
     await expect(page.getByRole('table')).toContainText(newTaskName);
 
     await page.getByRole('row').first().getByRole('button').click();
@@ -139,14 +119,194 @@ test('test that archiving and unarchiving tasks works', async ({ page }) => {
     ]);
 });
 
-// Create new project with new Client
+test('test that editing a task name works', async ({ page, ctx }) => {
+    const projectName = 'TaskEdit Project ' + Math.floor(1 + Math.random() * 10000);
+    const originalTaskName = 'Original Task ' + Math.floor(1 + Math.random() * 10000);
+    const updatedTaskName = 'Updated Task ' + Math.floor(1 + Math.random() * 10000);
 
-// Create new project with existing Client
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTaskViaApi(ctx, { name: originalTaskName, project_id: project.id });
 
-// Delete project via More Options
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+    await expect(page.getByTestId('task_table')).toContainText(originalTaskName);
 
-// Test that project task count is displayed correctly
+    // Open actions menu and click Edit
+    const moreButton = page.locator("[aria-label='Actions for Task " + originalTaskName + "']");
+    await moreButton.click();
+    await page.getByRole('menuitem').getByText('Edit').click();
 
-// Test that active / archive / all filter works (once implemented)
+    // Update the task name
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await page.getByPlaceholder('Task Name').fill(updatedTaskName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Task' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/tasks') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
 
-// Test update task name
+    await expect(page.getByTestId('task_table')).toContainText(updatedTaskName);
+    await expect(page.getByTestId('task_table')).not.toContainText(originalTaskName);
+});
+
+test('test that creating a project with an existing client works', async ({ page, ctx }) => {
+    const clientName = 'Existing Client ' + Math.floor(1 + Math.random() * 10000);
+    const projectName = 'Project With Client ' + Math.floor(1 + Math.random() * 10000);
+
+    await createClientViaApi(ctx, { name: clientName });
+
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project Name').fill(projectName);
+
+    // Select the existing client
+    await page.getByRole('dialog').getByRole('button', { name: 'No Client' }).click();
+    await page.getByRole('option', { name: clientName }).click();
+
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.client_id !== null
+        ),
+    ]);
+
+    await expect(page.getByTestId('project_table')).toContainText(projectName);
+    await expect(page.getByTestId('project_table')).toContainText(clientName);
+});
+
+test('test that multiple tasks are displayed on project detail page', async ({ page, ctx }) => {
+    const projectName = 'TaskCount Project ' + Math.floor(1 + Math.random() * 10000);
+    const taskName1 = 'CountTask A ' + Math.floor(1 + Math.random() * 10000);
+    const taskName2 = 'CountTask B ' + Math.floor(1 + Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTaskViaApi(ctx, { name: taskName1, project_id: project.id });
+    await createTaskViaApi(ctx, { name: taskName2, project_id: project.id });
+
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+    await expect(page.getByText(taskName1)).toBeVisible();
+    await expect(page.getByText(taskName2)).toBeVisible();
+});
+
+test('test that creating a new project from the task create modal project dropdown works', async ({
+    page,
+    ctx,
+}) => {
+    const existingProjectName = 'Existing Project ' + Math.floor(1 + Math.random() * 10000);
+    const newProjectName = 'Dropdown Created Project ' + Math.floor(1 + Math.random() * 10000);
+    const newTaskName = 'Task With New Project ' + Math.floor(1 + Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: existingProjectName });
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+
+    // Open the Create Task modal
+    await page.getByRole('button', { name: 'Create Task' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await page.getByPlaceholder('Task Name').fill(newTaskName);
+
+    // Open the project dropdown (it should show the current project)
+    await page.getByRole('dialog').getByRole('button', { name: existingProjectName }).click();
+
+    // Click "Create new Project" at the bottom of the dropdown
+    await page.getByText('Create new Project').click();
+
+    // The ProjectCreateModal should appear
+    await expect(page.getByLabel('Project name')).toBeVisible();
+    await page.getByLabel('Project name').fill(newProjectName);
+
+    // Submit the project creation
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.name === newProjectName
+        ),
+    ]);
+
+    // The project dropdown trigger should now show the new project name
+    await expect(
+        page.getByRole('dialog').getByRole('button', { name: newProjectName })
+    ).toBeVisible();
+
+    // Submit the task and capture the response to get the new project ID
+    const [taskResponse] = await Promise.all([
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/tasks') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.name === newTaskName
+        ),
+        page.getByRole('button', { name: 'Create Task' }).click(),
+    ]);
+
+    const taskData = await taskResponse.json();
+    const newProjectId = taskData.data.project_id;
+
+    // Navigate to the new project's page and verify the task is there
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + newProjectId);
+    await expect(page.getByTestId('task_table')).toContainText(newTaskName);
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Tasks Restrictions', () => {
+    test('employee cannot see task management actions when employees_can_manage_tasks is disabled', async ({
+        ctx,
+        employee,
+    }) => {
+        // Create a public project with a task
+        const projectName = 'EmpTaskProj ' + Math.floor(Math.random() * 10000);
+        const taskName = 'EmpTask ' + Math.floor(Math.random() * 10000);
+        const project = await createPublicProjectViaApi(ctx, { name: projectName });
+        await createTaskViaApi(ctx, { name: taskName, project_id: project.id });
+
+        // Navigate to the project detail page
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+        await employee.page.getByText(projectName).first().click();
+        await employee.page.waitForURL(/\/projects\/[a-f0-9-]+/);
+
+        // Task should be visible
+        await expect(employee.page.getByText(taskName)).toBeVisible({ timeout: 10000 });
+
+        // Create Task button should not be visible
+        await expect(employee.page.getByRole('button', { name: 'Create Task' })).not.toBeVisible();
+
+        // Task actions button should not be visible
+        const actionsButton = employee.page.locator(`[aria-label='Actions for Task ${taskName}']`);
+        await expect(actionsButton).not.toBeVisible();
+    });
+
+    test('employee can manage tasks when employees_can_manage_tasks is enabled', async ({
+        ctx,
+        employee,
+    }) => {
+        // Enable the setting
+        await updateOrganizationSettingViaApi(ctx, { employees_can_manage_tasks: true });
+
+        const projectName = 'EmpTaskMgmtProj ' + Math.floor(Math.random() * 10000);
+        await createPublicProjectViaApi(ctx, { name: projectName });
+
+        // Navigate to the project detail page
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+        await employee.page.getByText(projectName).first().click();
+        await employee.page.waitForURL(/\/projects\/[a-f0-9-]+/);
+
+        // Create Task button SHOULD be visible
+        await expect(employee.page.getByRole('button', { name: 'Create Task' })).toBeVisible();
+    });
+});

e2e/timetracker.spec.ts

@@ -7,8 +7,12 @@ import {
     startOrStopTimerWithButton,
     stoppedTimeEntryResponse,
 } from './utils/currentTimeEntry';
-import { Page } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { newTagResponse } from './utils/tags';
+import { updateOrganizationCurrencyViaWeb } from './utils/api';
+
+// Date picker button name patterns for different date formats
+const DATE_DISPLAY_PATTERN = /^\d{4}-\d{2}-\d{2}$|^\d{2}\/\d{2}\/\d{4}$|^\d{2}\.\d{2}\.\d{4}$/;
 
 async function goToDashboard(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
@@ -18,28 +22,36 @@ test('test that starting and stopping a timer without description and project wo
     page,
 }) => {
     await goToDashboard(page);
-    await Promise.all([
-        newTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-        assertThatTimerHasStarted(page),
-    ]);
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
     await page.waitForTimeout(1500);
-    await Promise.all([
-        stoppedTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
     await assertThatTimerIsStopped(page);
 });
 
-test('test that starting and stopping a timer with a description works', async ({
-    page,
-}) => {
+test('test that billable icon shows dollar sign for USD currency', async ({ page, ctx }) => {
+    await updateOrganizationCurrencyViaWeb(ctx, 'USD');
     await goToDashboard(page);
-    // TODO: Fix flakyness by disabling description input field until timer is loaded
-    await page.waitForTimeout(500);
-    await page
-        .getByTestId('time_entry_description')
-        .fill('New Time Entry Description');
+    await page.waitForLoadState('networkidle');
+    const billableButton = page.getByRole('button', { name: 'Non Billable' }).first();
+    await expect(billableButton).toBeVisible();
+    await expect(billableButton.locator('svg')).toHaveAttribute('viewBox', '0 0 8 14');
+});
+
+test('test that billable icon shows euro sign for EUR currency', async ({ page, ctx }) => {
+    await updateOrganizationCurrencyViaWeb(ctx, 'EUR');
+    await goToDashboard(page);
+    await page.waitForLoadState('networkidle');
+    const billableButton = page.getByRole('button', { name: 'Non Billable' }).first();
+    await expect(billableButton).toBeVisible();
+    await expect(billableButton.locator('svg')).toHaveAttribute('viewBox', '0 0 12 12');
+});
+
+test('test that starting and stopping a timer with a description works', async ({ page }) => {
+    await goToDashboard(page);
+    // Wait for the description input to be editable before filling
+    await expect(page.getByTestId('time_entry_description')).toBeEditable();
+    await page.getByTestId('time_entry_description').fill('New Time Entry Description');
     await Promise.all([
         newTimeEntryResponse(page, {
             description: 'New Time Entry Description',
@@ -62,47 +74,28 @@ test('test that starting the time entry starts the live timer and that it keeps
 }) => {
     await goToDashboard(page);
 
-    await Promise.all([
-        newTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
     await assertThatTimerHasStarted(page);
-    await page.waitForTimeout(500);
-    const beforeTimerValue = await page
-        .getByTestId('time_entry_time')
-        .inputValue();
+    const beforeTimerValue = await page.getByTestId('time_entry_time').inputValue();
     await page.waitForTimeout(2000);
-    const afterWaitTimeValue = await page
-        .getByTestId('time_entry_time')
-        .inputValue();
+    const afterWaitTimeValue = await page.getByTestId('time_entry_time').inputValue();
     expect(afterWaitTimeValue).not.toEqual(beforeTimerValue);
     await page.reload();
-    await page.waitForTimeout(500);
+    await expect(page.getByTestId('time_entry_time')).toBeVisible();
 
-    const afterReloadTimerValue = await page
-        .getByTestId('time_entry_time')
-        .inputValue();
+    const afterReloadTimerValue = await page.getByTestId('time_entry_time').inputValue();
     await page.waitForTimeout(2000);
-    const afterReloadAfterWaitTimerValue = await page
-        .getByTestId('time_entry_time')
-        .inputValue();
+    const afterReloadAfterWaitTimerValue = await page.getByTestId('time_entry_time').inputValue();
     expect(afterReloadTimerValue).not.toEqual(afterReloadAfterWaitTimerValue);
 });
 
-test('test that starting and updating the description while running works', async ({
-    page,
-}) => {
+test('test that starting and updating the description while running works', async ({ page }) => {
     await goToDashboard(page);
 
-    await Promise.all([
-        newTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
     await assertThatTimerHasStarted(page);
-    await page.waitForTimeout(500);
-    await page
-        .getByTestId('time_entry_description')
-        .fill('New Time Entry Description');
+    await expect(page.getByTestId('time_entry_description')).toBeEditable();
+    await page.getByTestId('time_entry_description').fill('New Time Entry Description');
 
     await Promise.all([
         newTimeEntryResponse(page, {
@@ -111,7 +104,6 @@ test('test that starting and updating the description while running works', asyn
         }),
         page.getByTestId('time_entry_description').press('Tab'),
     ]);
-    await page.waitForTimeout(500);
     await Promise.all([
         stoppedTimeEntryResponse(page, {
             description: 'New Time Entry Description',
@@ -121,16 +113,14 @@ test('test that starting and updating the description while running works', asyn
     await assertThatTimerIsStopped(page);
 });
 
-test('test that starting and updating the time while running works', async ({
-    page,
-}) => {
+test('test that starting and updating the time while running works', async ({ page }) => {
     await goToDashboard(page);
     const [createResponse] = await Promise.all([
         newTimeEntryResponse(page),
         await startOrStopTimerWithButton(page),
     ]);
     await assertThatTimerHasStarted(page);
-    await page.waitForTimeout(500);
+    await expect(page.getByTestId('time_entry_time')).toBeEditable();
     await page.getByTestId('time_entry_time').fill('20min');
 
     await Promise.all([
@@ -138,36 +128,27 @@ test('test that starting and updating the time while running works', async ({
             return (
                 response.url().includes('/time-entries') &&
                 response.status() === 200 &&
-                (await response.headerValue('Content-Type')) ===
-                    'application/json' &&
+                (await response.headerValue('Content-Type')) === 'application/json' &&
                 (await response.json()).data.id !== null &&
                 (await response.json()).data.start !== null &&
-                (await response.json()).data.start !==
-                    (await createResponse.json()).data.start &&
+                (await response.json()).data.start !== (await createResponse.json()).data.start &&
                 (await response.json()).data.end === null &&
                 (await response.json()).data.project_id === null &&
                 (await response.json()).data.description === '' &&
                 (await response.json()).data.task_id === null &&
                 (await response.json()).data.user_id !== null &&
-                JSON.stringify((await response.json()).data.tags) ===
-                    JSON.stringify([])
+                JSON.stringify((await response.json()).data.tags) === JSON.stringify([])
             );
         }),
         page.getByTestId('time_entry_time').press('Enter'),
     ]);
 
     await expect(page.getByTestId('time_entry_time')).toHaveValue(/00:20/);
-    await page.waitForTimeout(500);
-    await Promise.all([
-        stoppedTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
     await assertThatTimerIsStopped(page);
 });
 
-test('test that entering a human readable time starts the timer on blur', async ({
-    page,
-}) => {
+test('test that entering a human readable time starts the timer on blur', async ({ page }) => {
     await goToDashboard(page);
     await page.getByTestId('time_entry_time').fill('20min');
     await Promise.all([
@@ -177,18 +158,11 @@ test('test that entering a human readable time starts the timer on blur', async
     await expect(page.getByTestId('time_entry_time')).toHaveValue(/00:20:/);
     await assertThatTimerHasStarted(page);
 
-    await Promise.all([
-        stoppedTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
-    await page.locator(
-        '[data-testid="dashboard_timer"] [data-testid="timer_button"].bg-accent-300/70'
-    );
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerIsStopped(page);
 });
 
-test('test that entering a number in the time range starts the timer on blur', async ({
-    page,
-}) => {
+test('test that entering a number in the time range starts the timer on blur', async ({ page }) => {
     await goToDashboard(page);
     await page.getByTestId('time_entry_time').fill('5');
     await Promise.all([
@@ -198,13 +172,8 @@ test('test that entering a number in the time range starts the timer on blur', a
     await expect(page.getByTestId('time_entry_time')).toHaveValue(/00:05:/);
     await assertThatTimerHasStarted(page);
 
-    await Promise.all([
-        stoppedTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
-    await page.locator(
-        '[data-testid="dashboard_timer"] [data-testid="timer_button"].bg-accent-300/70'
-    );
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerIsStopped(page);
 });
 
 test('test that entering a value with the format hh:mm in the time range starts the timer on blur', async ({
@@ -219,13 +188,8 @@ test('test that entering a value with the format hh:mm in the time range starts
     await expect(page.getByTestId('time_entry_time')).toHaveValue(/12:30:/);
     await assertThatTimerHasStarted(page);
 
-    await Promise.all([
-        stoppedTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
-    await page.locator(
-        '[data-testid="dashboard_timer"] [data-testid="timer_button"].bg-accent-300/70'
-    );
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerIsStopped(page);
 });
 
 test('test that entering a random value in the time range does not start the timer on blur', async ({
@@ -233,15 +197,11 @@ test('test that entering a random value in the time range does not start the tim
 }) => {
     await goToDashboard(page);
     await page.getByTestId('time_entry_time').fill('asdasdasd');
-    await page.getByTestId('time_entry_time').press('Tab'),
-        await page.locator(
-            '[data-testid="dashboard_timer"] [data-testid="timer_button"].bg-accent-300/70'
-        );
+    await page.getByTestId('time_entry_time').press('Tab');
+    await assertThatTimerIsStopped(page);
 });
 
-test('test that entering a time starts the timer on enter', async ({
-    page,
-}) => {
+test('test that entering a time starts the timer on enter', async ({ page }) => {
     await goToDashboard(page);
     await page.getByTestId('time_entry_time').fill('20min');
     await Promise.all([
@@ -249,10 +209,7 @@ test('test that entering a time starts the timer on enter', async ({
         page.getByTestId('time_entry_time').press('Enter'),
     ]);
     await assertThatTimerHasStarted(page);
-    await Promise.all([
-        stoppedTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
     await assertThatTimerIsStopped(page);
 });
 
@@ -269,19 +226,19 @@ test('test that adding a new tag works', async ({ page }) => {
         page.getByRole('button', { name: 'Create Tag' }).click(),
     ]);
 
+    // Wait for tags query refetch after invalidation
+    await page.waitForResponse(
+        (response) => response.url().includes('/tags') && response.status() === 200
+    );
+
     await page.getByTestId('tag_dropdown').click();
     await expect(page.getByRole('option', { name: newTagName })).toBeVisible();
 });
 
-test('test that adding a new tag when the timer is running', async ({
-    page,
-}) => {
+test('test that adding a new tag when the timer is running', async ({ page }) => {
     const newTagName = 'New Tag' + Math.floor(Math.random() * 10000);
     await goToDashboard(page);
-    await Promise.all([
-        newTimeEntryResponse(page),
-        startOrStopTimerWithButton(page),
-    ]);
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
     await assertThatTimerHasStarted(page);
     await page.getByTestId('tag_dropdown').click();
     await page.getByText('Create new tag').click();
@@ -296,7 +253,7 @@ test('test that adding a new tag when the timer is running', async ({
     await page.getByTestId('tag_dropdown').click();
     await expect(page.getByRole('option', { name: newTagName })).toBeVisible();
     await page.getByTestId('tag_dropdown_search').press('Escape');
-    await page.waitForTimeout(1000);
+    await expect(page.getByTestId('tag_dropdown_search')).not.toBeVisible();
 
     await Promise.all([
         stoppedTimeEntryResponse(page, { tags: [tagId] }),
@@ -305,18 +262,143 @@ test('test that adding a new tag when the timer is running', async ({
     await assertThatTimerIsStopped(page);
 });
 
-// test that search is working
+test('test that setting an end time with a different date via the timetracker range selector works', async ({
+    page,
+}) => {
+    await goToDashboard(page);
 
-// test that adding a tag and project and starting the timer afterwards works and sets the project and tag correctly
+    // Start a timer
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
 
-// test that changing the project works
+    // Open the time range dropdown by clicking on the time display
+    await page.getByTestId('time_entry_time').click();
+    const rangeStart = page.getByTestId('time_entry_range_start');
+    await expect(rangeStart).toBeVisible();
 
-// test that sidebar timetracker starts and stops timer
+    // Click "Set End Time" button
+    await page.getByRole('button', { name: 'Set End Time' }).click();
 
-// test that sidebar timetracker changes state when tmer on dashboard is started
+    // The end time picker should now be visible with a Confirm button
+    const rangeEnd = page.getByTestId('time_entry_range_end');
+    await expect(rangeEnd).toBeVisible();
+    const confirmButton = page.getByRole('button', { name: 'Confirm' });
+    await expect(confirmButton).toBeVisible();
 
-// test billable toggle
+    // Click the end date picker to change the date
+    const endDatePickers = page.getByRole('button', { name: DATE_DISPLAY_PATTERN });
+    // The second date picker is the end date (first is the start date)
+    const endDatePicker = endDatePickers.nth(1);
+    await expect(endDatePicker).toBeVisible();
+    await endDatePicker.click();
 
-// TODO: Test that project can be created in the time tracker row
+    // Calendar should appear
+    const calendarGrid = page.getByRole('grid');
+    await expect(calendarGrid).toBeVisible({ timeout: 5000 });
 
-// Add Test that time tracker starts on enter with description
+    // Navigate to the next month and select a day to ensure end > start
+    await page.getByRole('button', { name: /Next/i }).click();
+    await page.getByRole('gridcell').filter({ hasText: /^15$/ }).first().click();
+
+    // The dropdown should still be open after selecting a date (not auto-closed)
+    await expect(rangeEnd).toBeVisible();
+    await expect(confirmButton).toBeVisible();
+
+    // Click Confirm to finalize and verify the API call
+    const [updateResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        confirmButton.click(),
+    ]);
+    const updateBody = await updateResponse.json();
+    expect(updateBody.data.start).toBeTruthy();
+    expect(updateBody.data.end).toBeTruthy();
+});
+
+test('test that timer starts on enter with description', async ({ page }) => {
+    await goToDashboard(page);
+    await expect(page.getByTestId('time_entry_description')).toBeEditable();
+    await page.getByTestId('time_entry_description').fill('Start on Enter');
+
+    await Promise.all([
+        newTimeEntryResponse(page, { description: 'Start on Enter' }),
+        page.getByTestId('time_entry_description').press('Enter'),
+    ]);
+    await assertThatTimerHasStarted(page);
+
+    await Promise.all([
+        stoppedTimeEntryResponse(page, { description: 'Start on Enter' }),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerIsStopped(page);
+});
+
+test('test that timer started on dashboard is visible on time page', async ({ page }) => {
+    await goToDashboard(page);
+
+    // Start timer on dashboard
+    await expect(page.getByTestId('time_entry_description')).toBeEditable();
+    await page.getByTestId('time_entry_description').fill('Sync test');
+    await Promise.all([
+        newTimeEntryResponse(page, { description: 'Sync test' }),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerHasStarted(page);
+
+    // Navigate to time page
+    await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+
+    // Timer should still be running (the timer button should be red/active)
+    await expect(
+        page
+            .getByTestId('dashboard_timer')
+            .getByTestId('timer_button')
+            .and(page.locator(':visible'))
+    ).toHaveClass(/bg-red-400\/80/);
+
+    // Stop the timer
+    await Promise.all([
+        stoppedTimeEntryResponse(page, { description: 'Sync test' }),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerIsStopped(page);
+});
+
+test('test that adding a project and tag before starting timer works', async ({ page }) => {
+    const newTagName = 'TimerTag ' + Math.floor(Math.random() * 10000);
+    await goToDashboard(page);
+
+    // Create and select a tag first
+    await page.getByTestId('tag_dropdown').click();
+    await page.getByText('Create new tag').click();
+    await page.getByPlaceholder('Tag Name').fill(newTagName);
+
+    const [tagCreateResponse] = await Promise.all([
+        newTagResponse(page, { name: newTagName }),
+        page.getByRole('button', { name: 'Create Tag' }).click(),
+    ]);
+    const tagId = (await tagCreateResponse.json()).data.id;
+
+    // Wait for tags query refetch (tag is auto-selected after creation)
+    await page.waitForResponse(
+        (response) => response.url().includes('/tags') && response.status() === 200
+    );
+
+    // Fill description and start
+    await page.getByTestId('time_entry_description').fill('Entry with tag');
+    await Promise.all([
+        newTimeEntryResponse(page, { description: 'Entry with tag', tags: [tagId] }),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerHasStarted(page);
+
+    await Promise.all([
+        stoppedTimeEntryResponse(page, { description: 'Entry with tag', tags: [tagId] }),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerIsStopped(page);
+});

e2e/utils/api.ts

@@ -0,0 +1,535 @@
+import { expect } from '@playwright/test';
+import type { APIRequestContext, Page } from '@playwright/test';
+import { PLAYWRIGHT_BASE_URL } from '../../playwright/config';
+
+// ──────────────────────────────────────────────────
+// Types
+// ──────────────────────────────────────────────────
+
+export interface TestContext {
+    request: APIRequestContext;
+    orgId: string;
+    memberId: string;
+}
+
+// ──────────────────────────────────────────────────
+// Auth helpers
+// ──────────────────────────────────────────────────
+
+async function getApiHeaders(page: Page): Promise<Record<string, string>> {
+    const cookies = await page.context().cookies();
+    const xsrfCookie = cookies.find((c) => c.name === 'XSRF-TOKEN');
+    return {
+        Accept: 'application/json',
+        ...(xsrfCookie ? { 'X-XSRF-TOKEN': decodeURIComponent(xsrfCookie.value) } : {}),
+    };
+}
+
+// ──────────────────────────────────────────────────
+// Context setup
+// ──────────────────────────────────────────────────
+
+export async function setupTestContext(page: Page): Promise<TestContext> {
+    const request = page.request;
+    const headers = await getApiHeaders(page);
+    const orgId = await getOrganizationId(request, headers);
+    const memberId = await getCurrentMemberId(request, orgId, headers);
+    return { request: createAuthenticatedRequest(request, headers), orgId, memberId };
+}
+
+function createAuthenticatedRequest(
+    request: APIRequestContext,
+    headers: Record<string, string>
+): APIRequestContext {
+    // Wrap the request to always include auth headers
+    return new Proxy(request, {
+        get(target, prop) {
+            if (
+                prop === 'get' ||
+                prop === 'post' ||
+                prop === 'put' ||
+                prop === 'delete' ||
+                prop === 'patch'
+            ) {
+                return (url: string, options?: Record<string, unknown>) => {
+                    return target[prop as 'get'](url, {
+                        ...options,
+                        headers: {
+                            ...headers,
+                            ...((options?.headers as Record<string, string>) || {}),
+                        },
+                    });
+                };
+            }
+            return target[prop as keyof APIRequestContext];
+        },
+    });
+}
+
+async function getOrganizationId(
+    request: APIRequestContext,
+    headers: Record<string, string>
+): Promise<string> {
+    const response = await request.get(`${PLAYWRIGHT_BASE_URL}/api/v1/users/me/memberships`, {
+        headers,
+    });
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    return body.data[0].organization.id;
+}
+
+async function getCurrentMemberId(
+    request: APIRequestContext,
+    orgId: string,
+    headers: Record<string, string>
+): Promise<string> {
+    const response = await request.get(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${orgId}/members`,
+        { headers }
+    );
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    return body.data[0].id;
+}
+
+// ──────────────────────────────────────────────────
+// Duration parsing
+// ──────────────────────────────────────────────────
+
+function parseDurationToSeconds(duration: string): number {
+    let totalSeconds = 0;
+
+    // Match patterns like "1h", "30min", "2h 30min", "1h 7min"
+    const hourMatch = duration.match(/(\d+)\s*h/);
+    const minMatch = duration.match(/(\d+)\s*min/);
+
+    if (hourMatch) {
+        totalSeconds += parseInt(hourMatch[1], 10) * 3600;
+    }
+    if (minMatch) {
+        totalSeconds += parseInt(minMatch[1], 10) * 60;
+    }
+
+    // If no h/min pattern matched, try plain number as minutes
+    if (!hourMatch && !minMatch) {
+        const plainNumber = parseInt(duration, 10);
+        if (!isNaN(plainNumber)) {
+            totalSeconds = plainNumber * 60;
+        }
+    }
+
+    return totalSeconds;
+}
+
+function createTimestamps(duration: string): { start: string; end: string } {
+    const durationSeconds = parseDurationToSeconds(duration);
+    const now = new Date();
+    const start = new Date(now.getFullYear(), now.getMonth(), now.getDate(), 9, 0, 0);
+    const end = new Date(start.getTime() + durationSeconds * 1000);
+
+    return {
+        start: formatTimestamp(start),
+        end: formatTimestamp(end),
+    };
+}
+
+function formatTimestamp(date: Date): string {
+    return date.toISOString().replace(/\.\d{3}Z$/, 'Z');
+}
+
+function randomColor(): string {
+    const colors = [
+        '#ef5350',
+        '#ab47bc',
+        '#5c6bc0',
+        '#29b6f6',
+        '#26a69a',
+        '#9ccc65',
+        '#ffa726',
+        '#8d6e63',
+    ];
+    return colors[Math.floor(Math.random() * colors.length)];
+}
+
+// ──────────────────────────────────────────────────
+// Entity creation
+// ──────────────────────────────────────────────────
+
+export async function createPublicProjectViaApi(
+    ctx: TestContext,
+    data: {
+        name: string;
+        is_billable?: boolean;
+        billable_rate?: number | null;
+        client_id?: string | null;
+    }
+) {
+    return createProjectViaApi(ctx, {
+        ...data,
+        is_public: true,
+    });
+}
+
+export async function createProjectViaApi(
+    ctx: TestContext,
+    data: {
+        name: string;
+        color?: string;
+        is_billable?: boolean;
+        billable_rate?: number | null;
+        client_id?: string | null;
+        estimated_time?: number | null;
+        is_public?: boolean;
+    }
+) {
+    const response = await ctx.request.post(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/projects`,
+        {
+            data: {
+                name: data.name,
+                color: data.color ?? randomColor(),
+                is_billable: data.is_billable ?? false,
+                billable_rate: data.billable_rate ?? null,
+                client_id: data.client_id ?? null,
+                estimated_time: data.estimated_time ?? null,
+                is_public: data.is_public ?? false,
+            },
+        }
+    );
+    expect(response.status()).toBe(201);
+    const body = await response.json();
+    return body.data as { id: string; name: string; color: string; is_billable: boolean };
+}
+
+export async function archiveProjectViaApi(
+    ctx: TestContext,
+    project: {
+        id: string;
+        name: string;
+        color: string;
+        is_billable: boolean;
+        client_id?: string | null;
+        billable_rate?: number | null;
+        estimated_time?: number | null;
+    }
+) {
+    const response = await ctx.request.put(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/projects/${project.id}`,
+        {
+            data: {
+                name: project.name,
+                color: project.color,
+                is_billable: project.is_billable,
+                is_archived: true,
+                client_id: project.client_id ?? null,
+                billable_rate: project.billable_rate ?? null,
+                estimated_time: project.estimated_time ?? null,
+            },
+        }
+    );
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    return body.data;
+}
+
+export async function createBillableProjectViaApi(
+    ctx: TestContext,
+    data: { name: string; billable_rate?: number | null }
+) {
+    return createProjectViaApi(ctx, {
+        name: data.name,
+        is_billable: true,
+        billable_rate: data.billable_rate ?? null,
+    });
+}
+
+export async function createClientViaApi(ctx: TestContext, data: { name: string }) {
+    const response = await ctx.request.post(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/clients`,
+        { data: { name: data.name } }
+    );
+    expect(response.status()).toBe(201);
+    const body = await response.json();
+    return body.data as { id: string; name: string };
+}
+
+export async function createProjectWithClientViaApi(
+    ctx: TestContext,
+    projectName: string,
+    clientName: string
+) {
+    const client = await createClientViaApi(ctx, { name: clientName });
+    const project = await createProjectViaApi(ctx, {
+        name: projectName,
+        client_id: client.id,
+    });
+    return { project, client };
+}
+
+export async function createTaskViaApi(
+    ctx: TestContext,
+    data: { name: string; project_id: string }
+) {
+    const response = await ctx.request.post(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/tasks`,
+        {
+            data: {
+                name: data.name,
+                project_id: data.project_id,
+            },
+        }
+    );
+    expect(response.status()).toBe(201);
+    const body = await response.json();
+    return body.data as { id: string; name: string; project_id: string };
+}
+
+export async function createTagViaApi(ctx: TestContext, data: { name: string }) {
+    const response = await ctx.request.post(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/tags`,
+        { data: { name: data.name } }
+    );
+    expect(response.status()).toBe(201);
+    const body = await response.json();
+    return body.data as { id: string; name: string };
+}
+
+export async function createTimeEntryViaApi(
+    ctx: TestContext,
+    data: {
+        description?: string;
+        duration: string;
+        projectId?: string | null;
+        taskId?: string | null;
+        tags?: string[];
+        billable?: boolean;
+    }
+) {
+    const { start, end } = createTimestamps(data.duration);
+    const response = await ctx.request.post(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/time-entries`,
+        {
+            data: {
+                member_id: ctx.memberId,
+                start,
+                end,
+                description: data.description ?? '',
+                project_id: data.projectId ?? null,
+                task_id: data.taskId ?? null,
+                tags: data.tags ?? [],
+                billable: data.billable ?? false,
+            },
+        }
+    );
+    expect(response.status()).toBe(201);
+    const body = await response.json();
+    return body.data as { id: string; start: string; end: string; description: string };
+}
+
+export async function createProjectMemberViaApi(
+    ctx: TestContext,
+    projectId: string,
+    data: { member_id: string; billable_rate?: number | null }
+) {
+    const response = await ctx.request.post(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/projects/${projectId}/project-members`,
+        {
+            data: {
+                member_id: data.member_id,
+                billable_rate: data.billable_rate ?? null,
+            },
+        }
+    );
+    expect(response.status()).toBe(201);
+    const body = await response.json();
+    return body.data as { id: string; billable_rate: number | null };
+}
+
+export async function getMembersViaApi(ctx: TestContext) {
+    const response = await ctx.request.get(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/members`
+    );
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    return body.data as Array<{
+        id: string;
+        name: string;
+        email: string;
+        role: string;
+        billable_rate: number | null;
+        is_placeholder: boolean;
+    }>;
+}
+
+export async function updateMemberBillableRateViaApi(
+    ctx: TestContext,
+    memberId: string,
+    billableRate: number | null
+) {
+    const response = await ctx.request.put(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/members/${memberId}`,
+        { data: { billable_rate: billableRate } }
+    );
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    return body.data;
+}
+
+// ──────────────────────────────────────────────────
+// Composite helpers (matching existing UI helper signatures)
+// ──────────────────────────────────────────────────
+
+export async function createTimeEntryWithProjectViaApi(
+    ctx: TestContext,
+    projectName: string,
+    duration: string
+) {
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const entry = await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration,
+        projectId: project.id,
+    });
+    return { project, entry };
+}
+
+export async function createTimeEntryWithProjectAndTaskViaApi(
+    ctx: TestContext,
+    projectId: string,
+    taskName: string,
+    projectName: string,
+    duration: string
+) {
+    const task = await createTaskViaApi(ctx, { name: taskName, project_id: projectId });
+    const entry = await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${taskName}`,
+        duration,
+        projectId,
+        taskId: task.id,
+    });
+    return { task, entry };
+}
+
+export async function createTimeEntryWithTagViaApi(
+    ctx: TestContext,
+    tagName: string,
+    duration: string
+) {
+    const tag = await createTagViaApi(ctx, { name: tagName });
+    const entry = await createTimeEntryViaApi(ctx, {
+        description: `Entry with tag ${tagName}`,
+        duration,
+        tags: [tag.id],
+    });
+    return { tag, entry };
+}
+
+export async function createBareTimeEntryViaApi(
+    ctx: TestContext,
+    description: string,
+    duration: string
+) {
+    return createTimeEntryViaApi(ctx, { description, duration });
+}
+
+export async function createTimeEntryWithBillableStatusViaApi(
+    ctx: TestContext,
+    isBillable: boolean,
+    duration: string
+) {
+    return createTimeEntryViaApi(ctx, {
+        description: `Time entry ${isBillable ? 'billable' : 'non-billable'}`,
+        duration,
+        billable: isBillable,
+    });
+}
+
+// ──────────────────────────────────────────────────
+// Import helper (for placeholder member creation)
+// ──────────────────────────────────────────────────
+
+export async function createPlaceholderMemberViaImportApi(
+    ctx: TestContext,
+    placeholderName: string
+) {
+    const placeholderEmail = `placeholder+${Math.floor(Math.random() * 100000)}@solidtime-import.test`;
+    const csvContent = [
+        'User,Email,Client,Project,Task,Description,Billable,Start date,Start time,End date,End time,Tags',
+        `${placeholderName},${placeholderEmail},,,,Imported entry,No,2024-01-01,09:00:00,2024-01-01,10:00:00,`,
+    ].join('\n');
+
+    const base64Data = Buffer.from(csvContent).toString('base64');
+
+    const response = await ctx.request.post(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/import`,
+        {
+            data: {
+                type: 'toggl_time_entries',
+                data: base64Data,
+            },
+        }
+    );
+    expect(response.status()).toBe(200);
+    return await response.json();
+}
+
+// ──────────────────────────────────────────────────
+// Organization settings helpers
+// ──────────────────────────────────────────────────
+
+export async function updateOrganizationSettingViaApi(
+    ctx: TestContext,
+    settings: Record<string, unknown>
+) {
+    const response = await ctx.request.put(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}`,
+        { data: settings }
+    );
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    return body.data;
+}
+
+export async function updateOrganizationCurrencyViaWeb(
+    ctx: TestContext,
+    currency: string,
+    name: string = 'Test Organization'
+) {
+    const response = await ctx.request.put(`${PLAYWRIGHT_BASE_URL}/teams/${ctx.orgId}`, {
+        data: { name, currency },
+    });
+    expect(response.status()).toBe(200);
+}
+
+// ──────────────────────────────────────────────────
+// Bulk helpers
+// ──────────────────────────────────────────────────
+
+export async function createMultipleTimeEntriesViaApi(
+    ctx: TestContext,
+    count: number,
+    data: { description?: string; duration?: string } = {}
+) {
+    const entries = [];
+    for (let i = 0; i < count; i++) {
+        const entry = await createTimeEntryViaApi(ctx, {
+            description: data.description ?? `Bulk entry ${i + 1}`,
+            duration: data.duration ?? '30min',
+        });
+        entries.push(entry);
+    }
+    return entries;
+}
+
+// ──────────────────────────────────────────────────
+// Invitation helpers
+// ──────────────────────────────────────────────────
+
+export async function getInvitationsViaApi(ctx: TestContext) {
+    const response = await ctx.request.get(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}/invitations`
+    );
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    return body.data as Array<{ id: string; email: string; role: string }>;
+}

e2e/utils/currentTimeEntry.ts

@@ -1,15 +1,21 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 
 export async function startOrStopTimerWithButton(page: Page) {
     await page
-        .locator('[data-testid="dashboard_timer"] [data-testid="timer_button"]')
+        .getByTestId('dashboard_timer')
+        .getByTestId('timer_button')
+        .and(page.locator(':visible'))
         .click();
 }
 
 export async function assertThatTimerHasStarted(page: Page) {
-    await page.locator(
-        '[data-testid="dashboard_timer"] [data-testid="timer_button"].bg-red-400/80'
-    );
+    await expect(
+        page
+            .getByTestId('dashboard_timer')
+            .getByTestId('timer_button')
+            .and(page.locator(':visible'))
+    ).toHaveClass(/bg-red-400\/80/);
 }
 
 export function newTimeEntryResponse(
@@ -20,8 +26,7 @@ export function newTimeEntryResponse(
         return (
             response.url().includes('/time-entries') &&
             response.status() === status &&
-            (await response.headerValue('Content-Type')) ===
-                'application/json' &&
+            (await response.headerValue('Content-Type')) === 'application/json' &&
             (await response.json()).data.id !== null &&
             (await response.json()).data.start !== null &&
             (await response.json()).data.end === null &&
@@ -29,30 +34,26 @@ export function newTimeEntryResponse(
             (await response.json()).data.description === description &&
             (await response.json()).data.task_id === null &&
             (await response.json()).data.user_id !== null &&
-            JSON.stringify((await response.json()).data.tags) ===
-                JSON.stringify(tags)
+            JSON.stringify((await response.json()).data.tags) === JSON.stringify(tags)
         );
     });
 }
 
 export async function assertThatTimerIsStopped(page: Page) {
     await expect(
-        page.locator(
-            '[data-testid="dashboard_timer"] [data-testid="timer_button"]'
-        )
+        page
+            .getByTestId('dashboard_timer')
+            .getByTestId('timer_button')
+            .and(page.locator(':visible'))
     ).toHaveClass(/bg-accent-300\/70/);
 }
 
-export async function stoppedTimeEntryResponse(
-    page: Page,
-    { description = '', tags = [] } = {}
-) {
+export async function stoppedTimeEntryResponse(page: Page, { description = '', tags = [] } = {}) {
     return page.waitForResponse(async (response) => {
         return (
             response.status() === 200 &&
             response.url().includes('/time-entries/') &&
-            (await response.headerValue('Content-Type')) ===
-                'application/json' &&
+            (await response.headerValue('Content-Type')) === 'application/json' &&
             (await response.json()).data.id !== null &&
             (await response.json()).data.start !== null &&
             (await response.json()).data.end !== null &&
@@ -61,8 +62,7 @@ export async function stoppedTimeEntryResponse(
             (await response.json()).data.task_id === null &&
             (await response.json()).data.duration !== null &&
             (await response.json()).data.user_id !== null &&
-            JSON.stringify((await response.json()).data.tags) ===
-                JSON.stringify(tags)
+            JSON.stringify((await response.json()).data.tags) === JSON.stringify(tags)
         );
     });
 }

e2e/utils/mailpit.ts

@@ -0,0 +1,81 @@
+import { expect } from '@playwright/test';
+import type { APIRequestContext } from '@playwright/test';
+import { MAILPIT_BASE_URL } from '../../playwright/config';
+
+/**
+ * Search for emails in Mailpit matching the given query.
+ */
+export async function searchEmails(
+    request: APIRequestContext,
+    query: string
+): Promise<{ messages: Array<{ ID: string; Subject: string }> }> {
+    const response = await request.get(`${MAILPIT_BASE_URL}/api/v1/search?query=${query}`);
+    return response.json();
+}
+
+/**
+ * Get the full email message from Mailpit by ID.
+ */
+export async function getMessage(
+    request: APIRequestContext,
+    messageId: string
+): Promise<{ HTML: string; Text: string }> {
+    const response = await request.get(`${MAILPIT_BASE_URL}/api/v1/message/${messageId}`);
+    return response.json();
+}
+
+/**
+ * Find the invitation acceptance URL from a Mailpit email sent to the given address.
+ * Retries a few times to allow for email delivery delay.
+ */
+export async function getInvitationAcceptUrl(
+    request: APIRequestContext,
+    recipientEmail: string
+): Promise<string> {
+    let searchResult: { messages: Array<{ ID: string }> } = { messages: [] };
+
+    // Retry up to 5 times with 500ms delay to allow for email delivery
+    for (let attempt = 0; attempt < 5; attempt++) {
+        searchResult = await searchEmails(
+            request,
+            `to:${encodeURIComponent(recipientEmail)} subject:"Organization Invitation"`
+        );
+        if (searchResult.messages.length > 0) break;
+        await new Promise((resolve) => setTimeout(resolve, 500));
+    }
+    expect(searchResult.messages.length).toBeGreaterThan(0);
+
+    const message = await getMessage(request, searchResult.messages[0].ID);
+    const acceptUrlMatch = message.HTML.match(/href="([^"]*team-invitations[^"]*)"/);
+    expect(acceptUrlMatch).toBeTruthy();
+
+    return acceptUrlMatch![1].replace(/&amp;/g, '&');
+}
+
+/**
+ * Find the password reset URL from a Mailpit email sent to the given address.
+ * Retries a few times to allow for email delivery delay.
+ */
+export async function getPasswordResetUrl(
+    request: APIRequestContext,
+    recipientEmail: string
+): Promise<string> {
+    let searchResult: { messages: Array<{ ID: string }> } = { messages: [] };
+
+    // Retry up to 5 times with 500ms delay to allow for email delivery
+    for (let attempt = 0; attempt < 5; attempt++) {
+        searchResult = await searchEmails(
+            request,
+            `to:${encodeURIComponent(recipientEmail)} subject:"Reset Password"`
+        );
+        if (searchResult.messages.length > 0) break;
+        await new Promise((resolve) => setTimeout(resolve, 500));
+    }
+    expect(searchResult.messages.length).toBeGreaterThan(0);
+
+    const message = await getMessage(request, searchResult.messages[0].ID);
+    const resetUrlMatch = message.HTML.match(/href="([^"]*reset-password[^"]*)"/);
+    expect(resetUrlMatch).toBeTruthy();
+
+    return resetUrlMatch![1].replace(/&amp;/g, '&');
+}

e2e/utils/members.ts

@@ -0,0 +1,243 @@
+import { expect } from '@playwright/test';
+import type { Browser, Page } from '@playwright/test';
+import { PLAYWRIGHT_BASE_URL } from '../../playwright/config';
+import { getInvitationAcceptUrl } from './mailpit';
+import type { TestContext } from './api';
+
+/**
+ * Register a new user in a fresh browser context and return the page + context.
+ */
+export async function registerUser(
+    browser: Browser,
+    name: string,
+    email: string
+): Promise<{ page: Page; close: () => Promise<void> }> {
+    const context = await browser.newContext();
+    const page = await context.newPage();
+
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill(name);
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password', { exact: true }).fill('amazingpassword123');
+    await page.getByLabel('Confirm Password').fill('amazingpassword123');
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/dashboard');
+
+    return { page, close: () => context.close() };
+}
+
+/**
+ * Invite a user by email from the members page and accept the invitation
+ * through a second browser session, returning the accepted member to the
+ * members table as a real (non-placeholder) member.
+ *
+ * @param ownerPage   – The page of the organization owner who sends the invite
+ * @param browser     – Browser instance used to create a second context
+ * @param memberName  – Display name for the new user
+ * @param memberEmail – Email address (must not be registered yet)
+ * @param role        – Role button label: 'Employee' | 'Manager' | 'Administrator'
+ */
+export async function inviteAndAcceptMember(
+    ownerPage: Page,
+    browser: Browser,
+    memberName: string,
+    memberEmail: string,
+    role: 'Employee' | 'Manager' | 'Administrator'
+): Promise<void> {
+    // 1. Register the second user
+    const secondUser = await registerUser(browser, memberName, memberEmail);
+
+    // 2. Send invitation from the owner
+    await ownerPage.goto(PLAYWRIGHT_BASE_URL + '/members');
+    await ownerPage.getByRole('button', { name: 'Invite Member' }).click();
+    await expect(ownerPage.getByPlaceholder('Member Email')).toBeVisible();
+    await ownerPage.getByLabel('Email').fill(memberEmail);
+    await ownerPage.getByRole('button', { name: role }).click();
+    await Promise.all([
+        ownerPage.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+        expect(ownerPage.getByRole('main')).toContainText(memberEmail),
+    ]);
+
+    // 3. Retrieve the acceptance link from Mailpit and accept
+    const acceptUrl = await getInvitationAcceptUrl(secondUser.page.request, memberEmail);
+    await secondUser.page.goto(acceptUrl);
+    await secondUser.page.waitForURL(/dashboard/);
+
+    // 4. Clean up
+    await secondUser.close();
+}
+
+/**
+ * Set up an admin member in the owner's organization.
+ * Returns the admin's page, their member ID, and a cleanup function.
+ */
+export async function setupAdminUser(
+    ownerPage: Page,
+    ownerCtx: TestContext,
+    browser: Browser
+): Promise<{
+    adminPage: Page;
+    adminMemberId: string;
+    closeAdmin: () => Promise<void>;
+}> {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `admin+${memberId}@admin-perms.test`;
+    const memberName = 'Admin ' + memberId;
+
+    const admin = await registerUser(browser, memberName, memberEmail);
+
+    await ownerPage.goto(PLAYWRIGHT_BASE_URL + '/members');
+    await ownerPage.getByRole('button', { name: 'Invite Member' }).click();
+    await expect(ownerPage.getByPlaceholder('Member Email')).toBeVisible();
+    await ownerPage.getByPlaceholder('Member Email').fill(memberEmail);
+    await ownerPage.getByRole('button', { name: 'Administrator' }).click();
+    await Promise.all([
+        ownerPage.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        ownerPage.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    const acceptUrl = await getInvitationAcceptUrl(admin.page.request, memberEmail);
+    await admin.page.goto(acceptUrl);
+    await admin.page.waitForURL(/dashboard/);
+
+    await admin.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+    await expect(admin.page.getByTestId('dashboard_view')).toBeVisible({ timeout: 15000 });
+
+    const orgSwitcherText = await admin.page
+        .getByTestId('organization_switcher')
+        .first()
+        .textContent();
+    if (!orgSwitcherText?.includes("John's Organization")) {
+        const cookies = await admin.page.context().cookies();
+        const xsrfCookie = cookies.find((c) => c.name === 'XSRF-TOKEN');
+        const xsrfToken = xsrfCookie ? decodeURIComponent(xsrfCookie.value) : '';
+
+        await admin.page.request.put(`${PLAYWRIGHT_BASE_URL}/current-team`, {
+            headers: {
+                'X-XSRF-TOKEN': xsrfToken,
+                Accept: 'text/html',
+            },
+            data: { team_id: ownerCtx.orgId },
+        });
+
+        await admin.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(admin.page.getByTestId('dashboard_view')).toBeVisible({ timeout: 15000 });
+    }
+
+    const membersResponse = await ownerCtx.request.get(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ownerCtx.orgId}/members`
+    );
+    expect(membersResponse.status()).toBe(200);
+    const membersBody = await membersResponse.json();
+    const adminMember = membersBody.data.find(
+        (m: { role: string; name: string }) => m.role === 'admin' && m.name === memberName
+    );
+    expect(adminMember).toBeTruthy();
+
+    return {
+        adminPage: admin.page,
+        adminMemberId: adminMember.id,
+        closeAdmin: admin.close,
+    };
+}
+
+/**
+ * Set up an employee member in the owner's organization.
+ * Returns the employee's page, their member ID, and a cleanup function.
+ *
+ * The owner page (from the fixture) is used to invite the employee.
+ * Test data should be created via the owner's ctx.
+ *
+ * IMPORTANT: Projects must be created with is_public: true for the employee to see them,
+ * or the employee must be added as a project member via createProjectMemberViaApi.
+ * Clients are only visible to employees if they have at least one visible project.
+ * Tags are visible to all org members with tags:view permission.
+ */
+export async function setupEmployeeUser(
+    ownerPage: Page,
+    ownerCtx: TestContext,
+    browser: Browser
+): Promise<{
+    employeePage: Page;
+    employeeMemberId: string;
+    closeEmployee: () => Promise<void>;
+}> {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `employee+${memberId}@emp-perms.test`;
+    const memberName = 'Emp ' + memberId;
+
+    // Register the employee user first
+    const employee = await registerUser(browser, memberName, memberEmail);
+
+    // Send invitation from the owner
+    await ownerPage.goto(PLAYWRIGHT_BASE_URL + '/members');
+    await ownerPage.getByRole('button', { name: 'Invite Member' }).click();
+    await expect(ownerPage.getByPlaceholder('Member Email')).toBeVisible();
+    await ownerPage.getByPlaceholder('Member Email').fill(memberEmail);
+    await ownerPage.getByRole('button', { name: 'Employee' }).click();
+    await Promise.all([
+        ownerPage.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        ownerPage.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    // Accept the invitation
+    const acceptUrl = await getInvitationAcceptUrl(employee.page.request, memberEmail);
+    await employee.page.goto(acceptUrl);
+    await employee.page.waitForURL(/dashboard/);
+
+    // Navigate to dashboard explicitly and wait for it to load to ensure the correct org context.
+    await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+    await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({ timeout: 15000 });
+
+    // Verify we're on the correct organization (John's Organization).
+    const orgSwitcherText = await employee.page
+        .getByTestId('organization_switcher')
+        .first()
+        .textContent();
+    if (!orgSwitcherText?.includes("John's Organization")) {
+        // Switch to the owner's org using the PUT /current-team endpoint
+        const cookies = await employee.page.context().cookies();
+        const xsrfCookie = cookies.find((c) => c.name === 'XSRF-TOKEN');
+        const xsrfToken = xsrfCookie ? decodeURIComponent(xsrfCookie.value) : '';
+
+        await employee.page.request.put(`${PLAYWRIGHT_BASE_URL}/current-team`, {
+            headers: {
+                'X-XSRF-TOKEN': xsrfToken,
+                Accept: 'text/html',
+            },
+            data: { team_id: ownerCtx.orgId },
+        });
+
+        // Reload to pick up the new org
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({ timeout: 15000 });
+    }
+
+    // Find the employee's member ID in the owner's organization
+    const membersResponse = await ownerCtx.request.get(
+        `${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ownerCtx.orgId}/members`
+    );
+    expect(membersResponse.status()).toBe(200);
+    const membersBody = await membersResponse.json();
+    const employeeMember = membersBody.data.find(
+        (m: { role: string; name: string }) => m.role === 'employee' && m.name === memberName
+    );
+    expect(employeeMember).toBeTruthy();
+
+    return {
+        employeePage: employee.page,
+        employeeMemberId: employeeMember.id,
+        closeEmployee: employee.close,
+    };
+}

e2e/utils/money.ts

@@ -1,6 +1,6 @@
 import { formatCents } from '../../resources/js/packages/ui/src/utils/money';
 import type { CurrencyFormat } from '../../resources/js/packages/ui/src/utils/money';
-import { NumberFormat } from '../../resources/js/packages/ui/src/utils/number';
+import type { NumberFormat } from '../../resources/js/packages/ui/src/utils/number';
 
 export function formatCentsWithOrganizationDefaults(
     cents: number,
@@ -14,4 +14,4 @@ export function formatCentsWithOrganizationDefaults(
         currencySymbol,
         'point-comma' as NumberFormat
     );
-} 
+}

e2e/utils/reporting.ts

@@ -0,0 +1,320 @@
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
+import { PLAYWRIGHT_BASE_URL } from '../../playwright/config';
+
+// ──────────────────────────────────────────────────
+// Navigation
+// ──────────────────────────────────────────────────
+
+export async function goToReporting(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/reporting');
+}
+
+export async function goToReportingDetailed(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/reporting/detailed');
+}
+
+// ──────────────────────────────────────────────────
+// Entity creation
+// ──────────────────────────────────────────────────
+
+export async function createProject(page: Page, projectName: string) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+    await expect(page.getByRole('button', { name: 'Create Project' })).toBeVisible();
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project name').fill(projectName);
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+    ]);
+    await expect(page.getByText(projectName)).toBeVisible();
+}
+
+export async function createBillableProject(page: Page, projectName: string) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+    await expect(page.getByRole('button', { name: 'Create Project' })).toBeVisible();
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project name').fill(projectName);
+    await page.getByText('Non-Billable').click();
+    await page.getByText('Default Rate').click();
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+    ]);
+    await expect(page.getByText(projectName)).toBeVisible();
+}
+
+export async function createClient(page: Page, clientName: string) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+    await expect(page.getByRole('button', { name: 'Create Client' })).toBeVisible();
+    await page.getByRole('button', { name: 'Create Client' }).click();
+    await page.getByPlaceholder('Client Name').fill(clientName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Client' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+    ]);
+    await expect(page.getByText(clientName)).toBeVisible();
+}
+
+export async function createProjectWithClient(page: Page, projectName: string, clientName: string) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+    await expect(page.getByRole('button', { name: 'Create Project' })).toBeVisible();
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project name').fill(projectName);
+
+    // Select client in the project create modal
+    await page.getByRole('dialog').getByRole('button', { name: 'No Client' }).click();
+    await page.getByRole('option', { name: clientName }).click();
+
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+    ]);
+    await expect(page.getByText(projectName)).toBeVisible();
+}
+
+export async function createTask(page: Page, projectName: string, taskName: string) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+    await expect(page.getByText(projectName)).toBeVisible();
+    await page.getByText(projectName).click();
+    await page.getByRole('button', { name: 'Create Task' }).click();
+    await page.getByPlaceholder('Task Name').fill(taskName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Task' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/tasks') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+    ]);
+    await expect(page.getByText(taskName)).toBeVisible();
+}
+
+// ──────────────────────────────────────────────────
+// Time entry creation
+// ──────────────────────────────────────────────────
+
+export async function createTimeEntryWithProject(
+    page: Page,
+    projectName: string,
+    duration: string
+) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    await expect(page.getByRole('button', { name: 'Time entry actions' })).toBeVisible();
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
+
+    await page
+        .getByRole('dialog')
+        .getByRole('textbox', { name: 'Description' })
+        .fill(`Entry for ${projectName}`);
+
+    await page.getByRole('button', { name: 'No Project' }).click();
+    await page.getByRole('option').filter({ hasText: projectName }).click();
+
+    await page.locator('[role="dialog"] input[name="Duration"]').fill(duration);
+    await page.locator('[role="dialog"] input[name="Duration"]').press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Time Entry' }).click(),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 201
+        ),
+    ]);
+}
+
+export async function createTimeEntryWithProjectAndTask(
+    page: Page,
+    projectName: string,
+    taskName: string,
+    duration: string
+) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    await expect(page.getByRole('button', { name: 'Time entry actions' })).toBeVisible();
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
+
+    await page
+        .getByRole('dialog')
+        .getByRole('textbox', { name: 'Description' })
+        .fill(`Entry for ${projectName} - ${taskName}`);
+
+    // Open the project/task dropdown
+    await page.getByRole('button', { name: 'No Project' }).click();
+
+    // Expand the project's tasks by clicking the "Tasks" button
+    const projectOption = page.getByRole('option').filter({ hasText: projectName });
+    await projectOption.getByText(/Tasks/).click();
+
+    // Select the task (this also selects the project and closes the dropdown)
+    await page.getByText(taskName, { exact: true }).click();
+
+    await page.locator('[role="dialog"] input[name="Duration"]').fill(duration);
+    await page.locator('[role="dialog"] input[name="Duration"]').press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Time Entry' }).click(),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 201
+        ),
+    ]);
+}
+
+export async function createTimeEntryWithTag(page: Page, tagName: string, duration: string) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    await expect(page.getByRole('button', { name: 'Time entry actions' })).toBeVisible();
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
+
+    await page
+        .getByRole('dialog')
+        .getByRole('textbox', { name: 'Description' })
+        .fill(`Entry with tag ${tagName}`);
+
+    // Add tag
+    await page.getByRole('button', { name: 'Tags' }).click();
+    await page.getByText('Create new tag').click();
+    await page.getByPlaceholder('Tag Name').fill(tagName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Tag' }).click(),
+        page.waitForResponse(
+            (response) => response.url().includes('/tags') && response.status() === 201
+        ),
+    ]);
+
+    await page.locator('[role="dialog"] input[name="Duration"]').fill(duration);
+    await page.locator('[role="dialog"] input[name="Duration"]').press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Time Entry' }).click(),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 201
+        ),
+    ]);
+}
+
+export async function createBareTimeEntry(page: Page, description: string, duration: string) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    await expect(page.getByRole('button', { name: 'Time entry actions' })).toBeVisible();
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
+
+    await page.getByRole('dialog').getByRole('textbox', { name: 'Description' }).fill(description);
+
+    await page.locator('[role="dialog"] input[name="Duration"]').fill(duration);
+    await page.locator('[role="dialog"] input[name="Duration"]').press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Time Entry' }).click(),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 201
+        ),
+    ]);
+}
+
+export async function createTimeEntryWithBillableStatus(
+    page: Page,
+    isBillable: boolean,
+    duration: string
+) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    await expect(page.getByRole('button', { name: 'Time entry actions' })).toBeVisible();
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
+
+    await page
+        .getByRole('dialog')
+        .getByRole('textbox', { name: 'Description' })
+        .fill(`Time entry ${isBillable ? 'billable' : 'non-billable'}`);
+
+    if (isBillable) {
+        await page
+            .getByRole('dialog')
+            .getByRole('combobox')
+            .filter({ hasText: 'Non-Billable' })
+            .click();
+        await page.getByRole('option', { name: 'Billable', exact: true }).click();
+    }
+
+    await page.locator('[role="dialog"] input[name="Duration"]').fill(duration);
+    await page.locator('[role="dialog"] input[name="Duration"]').press('Tab');
+
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Time Entry' }).click(),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 201
+        ),
+    ]);
+}
+
+// ──────────────────────────────────────────────────
+// Wait helpers
+// ──────────────────────────────────────────────────
+
+export async function waitForReportingUpdate(page: Page) {
+    await page.waitForResponse(
+        (response) =>
+            response.url().includes('/time-entries/aggregate') && response.status() === 200
+    );
+}
+
+export async function waitForDetailedReportingUpdate(page: Page) {
+    await page.waitForResponse(
+        (response) =>
+            response.url().includes('/time-entries') &&
+            !response.url().includes('/aggregate') &&
+            response.request().method() === 'GET' &&
+            response.status() === 200
+    );
+}
+
+// ──────────────────────────────────────────────────
+// Shared report helpers
+// ──────────────────────────────────────────────────
+
+export async function goToReportingShared(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/reporting/shared');
+}
+
+export async function saveAsSharedReport(
+    page: Page,
+    reportName: string
+): Promise<{ shareableLink: string }> {
+    await page.getByRole('button', { name: 'Save Report' }).click();
+    await page.getByLabel('Name').fill(reportName);
+    // "Public" checkbox is checked by default
+    const [response] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+        page.getByRole('dialog').getByRole('button', { name: 'Create Report' }).click(),
+    ]);
+    const responseBody = await response.json();
+    // Wait for navigation to shared reports page
+    await page.waitForURL('**/reporting/shared');
+    return { shareableLink: responseBody.data.shareable_link };
+}

e2e/utils/table.ts

@@ -0,0 +1,16 @@
+import type { Locator } from '@playwright/test';
+
+/**
+ * Extract the first cell's text content from each row in a table.
+ * Useful for reading the ordered names/labels from a sorted table.
+ */
+export async function getTableRowNames(table: Locator): Promise<string[]> {
+    const rows = table.getByRole('row');
+    const count = await rows.count();
+    const names: string[] = [];
+    for (let i = 0; i < count; i++) {
+        const text = await rows.nth(i).locator('div').first().textContent();
+        if (text) names.push(text.trim());
+    }
+    return names;
+}

e2e/utils/tags.ts

@@ -1,11 +1,10 @@
-import { Page } from '@playwright/test';
+import type { Page } from '@playwright/test';
 
 export function newTagResponse(page: Page, { name = '' } = {}) {
     return page.waitForResponse(async (response) => {
         return (
             response.status() === 201 &&
-            (await response.headerValue('Content-Type')) ===
-                'application/json' &&
+            (await response.headerValue('Content-Type')) === 'application/json' &&
             (await response.json()).data.name === name
         );
     });

eslint.config.mjs

@@ -3,7 +3,7 @@ import eslintConfigPrettier from 'eslint-config-prettier';
 import eslintPluginVue from 'eslint-plugin-vue';
 import globals from 'globals';
 import typescriptEslint from 'typescript-eslint';
-import unusedImports from "eslint-plugin-unused-imports";
+import unusedImports from 'eslint-plugin-unused-imports';
 
 export default typescriptEslint.config(
     { ignores: ['*.d.ts', '**/coverage', '**/dist'] },
@@ -23,18 +23,21 @@ export default typescriptEslint.config(
             },
         },
         plugins: {
-            "unused-imports": unusedImports,
+            'unused-imports': unusedImports,
         },
         rules: {
-            "vue/multi-word-component-names": "off",
-            "@typescript-eslint/no-unused-vars": "off",
-            "unused-imports/no-unused-imports": "error",
-            "unused-imports/no-unused-vars": ["error", {
-                "vars": "all",
-                "varsIgnorePattern": "^_",
-                "args": "after-used",
-                "argsIgnorePattern": "^_",
-            }],
+            'vue/multi-word-component-names': 'off',
+            '@typescript-eslint/no-unused-vars': 'off',
+            'unused-imports/no-unused-imports': 'error',
+            'unused-imports/no-unused-vars': [
+                'error',
+                {
+                    'vars': 'all',
+                    'varsIgnorePattern': '^_',
+                    'args': 'after-used',
+                    'argsIgnorePattern': '^_',
+                },
+            ],
         },
     },
     eslintConfigPrettier

lang/en/exceptions.php

@@ -14,6 +14,7 @@ use App\Exceptions\Api\OnlyOwnerCanChangeOwnership;
 use App\Exceptions\Api\OnlyPlaceholdersCanBeMergedIntoAnotherMember;
 use App\Exceptions\Api\OrganizationHasNoSubscriptionButMultipleMembersException;
 use App\Exceptions\Api\OrganizationNeedsAtLeastOneOwner;
+use App\Exceptions\Api\OverlappingTimeEntryApiException;
 use App\Exceptions\Api\PdfRendererIsNotConfiguredException;
 use App\Exceptions\Api\PersonalAccessClientIsNotConfiguredException;
 use App\Exceptions\Api\ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException;
@@ -47,6 +48,7 @@ return [
         OnlyPlaceholdersCanBeMergedIntoAnotherMember::KEY => 'Only placeholders can be merged into another member',
         ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException::KEY => 'This placeholder can not be invited use the merge tool instead',
         InvitationForTheEmailAlreadyExistsApiException::KEY => 'The email has already been invited to the organization. Please wait for the user to accept the invitation or resend the invitation email.',
+        OverlappingTimeEntryApiException::KEY => 'Overlapping time entries are not allowed.',
     ],
     'unknown_error_in_admin_panel' => 'An unknown error occurred. Please check the logs.',
 ];

lang/en/validation.php

@@ -203,6 +203,7 @@ return [
     'organization' => 'The :attribute does not exist.',
     'task_belongs_to_project' => 'The :attribute is not part of the given project.',
     'project_name_already_exists' => 'A project with the same name and client already exists in the organization.',
+    'overlapping_time_entry' => 'Overlapping time entries are not allowed.',
     'tag_name_already_exists' => 'A tag with the same name already exists in the organization.',
     'client_name_already_exists' => 'A client with the same name already exists in the organization.',
     'task_name_already_exists' => 'A task with the same name already exists in the project.',

package.json

@@ -1,6 +1,10 @@
 {
     "private": true,
     "type": "module",
+    "workspaces": [
+        "resources/js/packages/ui",
+        "resources/js/packages/api"
+    ],
     "scripts": {
         "dev": "vite",
         "build": "vite build",
@@ -8,35 +12,44 @@
         "lint:fix": "eslint --fix resources/js",
         "type-check": "vue-tsc --noEmit",
         "test:e2e": "rm -rf test-results/.auth && npx playwright test",
-        "zod:generate": "npx openapi-zod-client http://localhost:80/docs/api.json --output resources/js/packages/api/src/openapi.json.client.ts --base-url /api"
+        "zod:generate": "npx openapi-zod-client http://localhost:80/docs/api.json --output resources/js/packages/api/src/openapi.json.client.ts --base-url /api",
+        "format": "prettier --write './**/*.{js,jsx,cjs,mjs,ts,tsx,cts,mts,vue}'",
+        "format:check": "prettier --check './**/*.{js,jsx,cjs,mjs,ts,tsx,cts,mts,vue}'"
     },
     "devDependencies": {
         "@eslint/eslintrc": "^3.2.0",
         "@eslint/js": "^9.19.0",
-        "@inertiajs/vue3": "^1.0.0",
+        "@inertiajs/vue3": "^2.0.0",
         "@playwright/test": "^1.41.1",
         "@tailwindcss/forms": "^0.5.9",
         "@tailwindcss/typography": "^0.5.15",
+        "@types/chroma-js": "^3.1.0",
         "@types/node": "^22.10.10",
-        "@vitejs/plugin-vue": "^5.2.1",
-        "@vue/tsconfig": "^0.5.1",
+        "@vitejs/plugin-vue": "^6.0.3",
+        "@vue/tsconfig": "^0.8.0",
         "autoprefixer": "^10.4.20",
         "axios": "^1.6.4",
         "eslint-plugin-unused-imports": "^4.1.4",
-        "laravel-vite-plugin": "^1.0.0",
+        "laravel-vite-plugin": "^2.1.0",
         "openapi-zod-client": "^1.16.2",
         "postcss": "^8.4.47",
+        "postcss-import": "^15.1.0",
         "postcss-nesting": "^12.1.5",
         "tailwindcss": "^3.4.13",
         "typescript": "^5.7.3",
-        "vite": "^6.0.11",
-        "vite-plugin-checker": "^0.8.0",
+        "vite": "^7.0.0",
+        "vite-plugin-checker": "^0.12.0",
         "vue": "^3.5.0",
-        "vue-tsc": "^2.2.0"
+        "vue-tsc": "^3.0.0"
     },
     "dependencies": {
         "@floating-ui/core": "^1.6.0",
         "@floating-ui/vue": "^1.0.6",
+        "@fullcalendar/core": "^6.1.18",
+        "@fullcalendar/daygrid": "^6.1.18",
+        "@fullcalendar/interaction": "^6.1.18",
+        "@fullcalendar/timegrid": "^6.1.18",
+        "@fullcalendar/vue3": "^6.1.18",
         "@heroicons/vue": "^2.1.1",
         "@rushstack/eslint-patch": "^1.10.5",
         "@tailwindcss/container-queries": "^0.1.1",
@@ -46,21 +59,24 @@
         "@tanstack/vue-table": "^8.21.2",
         "@vue/eslint-config-prettier": "^10.2.0",
         "@vue/eslint-config-typescript": "^14.3.0",
-        "@vueuse/core": "^12.8.2",
-        "@vueuse/integrations": "^12.5.0",
+        "@vueuse/core": "^14.2.0",
+        "@vueuse/integrations": "^14.0.0",
+        "@zodios/core": "^10.9.6",
+        "chroma-js": "3.1.2",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
         "dayjs": "^1.11.11",
-        "echarts": "^5.5.0",
-        "focus-trap": "^7.6.0",
+        "echarts": "^6.0.0",
+        "focus-trap": "^8.0.0",
         "lucide-vue-next": "^0.487.0",
         "parse-duration": "^2.0.1",
-        "pinia": "^2.1.7",
+        "pinia": "^3.0.0",
         "radix-vue": "^1.9.6",
-        "reka-ui": "^2.2.0",
+        "reka-ui": "^2.8.0",
         "tailwind-merge": "^2.6.0",
         "tailwindcss-animate": "^1.0.7",
-        "vue-echarts": "^7.0.3"
+        "vue-echarts": "^8.0.0",
+        "zod": "^3.23.8"
     },
     "overrides": {
         "vite-plugin-checker": {