Bump the major-updates group across 1 directory with 14 updates

Bumps the major-updates group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@tanstack/vue-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/vue-query-devtools) | `5.91.0` | `6.1.33` |
| [lucide-vue-next](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-vue-next) | `0.487.0` | `1.0.0` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `2.6.1` | `3.6.0` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.4` | `10.0.1` |
| [@inertiajs/vue3](https://github.com/inertiajs/inertia/tree/HEAD/packages/vue3) | `2.3.21` | `3.3.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.19.17` | `25.9.1` |
| [laravel-vite-plugin](https://github.com/laravel/vite-plugin) | `2.1.0` | `3.1.0` |
| [postcss-import](https://github.com/postcss/postcss-import) | `15.1.0` | `16.1.1` |
| [postcss-nesting](https://github.com/csstools/postcss-plugins/tree/HEAD/plugins/postcss-nesting) | `12.1.5` | `14.0.0` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `3.4.19` | `4.3.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.2` | `8.0.15` |
| [vite-plugin-dts](https://github.com/qmhc/unplugin-dts/tree/HEAD/packages/vite-plugin-dts) | `4.5.4` | `5.0.1` |



Updates `@tanstack/vue-query-devtools` from 5.91.0 to 6.1.33
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/vue-query-devtools/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/vue-query-devtools@6.1.33/packages/vue-query-devtools)

Updates `lucide-vue-next` from 0.487.0 to 1.0.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.0.0/packages/lucide-vue-next)

Updates `tailwind-merge` from 2.6.1 to 3.6.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](https://github.com/dcastil/tailwind-merge/compare/v2.6.1...v3.6.0)

Updates `@eslint/js` from 9.39.4 to 10.0.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v10.0.1/packages/js)

Updates `@inertiajs/vue3` from 2.3.21 to 3.3.0
- [Release notes](https://github.com/inertiajs/inertia/releases)
- [Changelog](https://github.com/inertiajs/inertia/blob/3.x/CHANGELOG.md)
- [Commits](https://github.com/inertiajs/inertia/commits/v3.3.0/packages/vue3)

Updates `@types/node` from 22.19.17 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `axios` from 1.15.0 to 1.17.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.15.0...v1.17.0)

Updates `laravel-vite-plugin` from 2.1.0 to 3.1.0
- [Release notes](https://github.com/laravel/vite-plugin/releases)
- [Changelog](https://github.com/laravel/vite-plugin/blob/3.x/CHANGELOG.md)
- [Upgrade guide](https://github.com/laravel/vite-plugin/blob/3.x/UPGRADE.md)
- [Commits](https://github.com/laravel/vite-plugin/compare/v2.1.0...v3.1.0)

Updates `postcss-import` from 15.1.0 to 16.1.1
- [Release notes](https://github.com/postcss/postcss-import/releases)
- [Changelog](https://github.com/postcss/postcss-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss-import/compare/15.1.0...16.1.1)

Updates `postcss-nesting` from 12.1.5 to 14.0.0
- [Changelog](https://github.com/csstools/postcss-plugins/blob/main/plugins/postcss-nesting/CHANGELOG.md)
- [Commits](https://github.com/csstools/postcss-plugins/commits/HEAD/plugins/postcss-nesting)

Updates `tailwindcss` from 3.4.19 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/tailwindcss)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)

Updates `vite` from 7.3.2 to 8.0.15
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.15/packages/vite)

Updates `vite-plugin-dts` from 4.5.4 to 5.0.1
- [Release notes](https://github.com/qmhc/unplugin-dts/releases)
- [Changelog](https://github.com/qmhc/unplugin-dts/blob/main/packages/vite-plugin-dts/CHANGELOG.md)
- [Commits](https://github.com/qmhc/unplugin-dts/commits/vite-plugin-dts@5.0.1/packages/vite-plugin-dts)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: "@inertiajs/vue3"
  dependency-version: 3.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: "@tanstack/vue-query-devtools"
  dependency-version: 6.1.28
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: "@types/node"
  dependency-version: 25.6.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: major-updates
- dependency-name: laravel-vite-plugin
  dependency-version: 3.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: lucide-vue-next
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: postcss-import
  dependency-version: 16.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: postcss-nesting
  dependency-version: 14.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: tailwindcss
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: vite
  dependency-version: 8.0.12
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: vite-plugin-dts
  dependency-version: 5.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>

.env.ci

@@ -34,7 +34,12 @@ SESSION_DRIVER=database
 SESSION_LIFETIME=120
 
 # Mail
-MAIL_MAILER=log
+MAIL_MAILER=smtp
+MAIL_HOST=localhost
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS="no-reply@solidtime.test"
 MAIL_FROM_NAME="solidtime"
 MAIL_REPLY_TO_ADDRESS="hello@solidtime.test"
@@ -55,4 +60,7 @@ AUDITING_ENABLED=true
 TELESCOPE_ENABLED=false
 
 # Services
-GOTENBERG_URL=http://0.0.0.0:3000
+GOTENBERG_URL=http://localhost:3000
+
+# Octane
+OCTANE_SERVER=frankenphp

.env.example

@@ -77,6 +77,9 @@ TELESCOPE_ENABLED=false
 # Services
 GOTENBERG_URL=http://gotenberg:3000
 
+# Octane
+OCTANE_SERVER=frankenphp
+
 # Local setup
 NGINX_HOST_NAME=solidtime.test
 NETWORK_NAME=reverse-proxy-docker-traefik_routing

.github/workflows/build-onpremise.yml

@@ -0,0 +1,216 @@
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags:
+      - '*'
+  pull_request:
+    paths:
+      - '.github/workflows/build-onpremise.yml'
+      - 'docker/prod/**'
+  workflow_dispatch:
+
+permissions:
+  packages: write
+  contents: read
+  attestations: write
+  id-token: write
+
+env:
+  DOCKER_REPO: registry.on-premise.solidtime.io/solidtime/solidtime
+
+name: Build - On Premise
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - runs-on: "ubuntu-24.04-arm"
+            platform: "linux/arm64"
+          - runs-on: "ubuntu-24.04"
+            platform: "linux/amd64"
+    runs-on: ${{ matrix.runs-on }}
+    timeout-minutes: 90
+
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
+
+      - name: "Get build"
+        id: release-build
+        run: echo "build=$(git rev-parse --short=8 HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: "Get Previous tag (normal push)"
+        id: previoustag
+        if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+        with:
+          prefix: "v"
+
+      - name: "Get version"
+        id: release-version
+        run: |
+          if ${{ !startsWith(github.ref, 'refs/tags/v') }}; then
+            if ${{ startsWith(steps.previoustag.outputs.tag, 'v') }}; then
+              version=$(echo "${{ steps.previoustag.outputs.tag }}" | cut -c 2-)
+              echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+            else
+              echo "ERROR: No previous tag found";
+              exit 1;
+            fi
+          else
+            version=$(echo "${{ github.ref }}" | cut -c 12-)
+            echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: "Copy .env template for production"
+        run: |
+          cp .env.production .env
+          rm .env.production .env.ci .env.example
+
+      - name: "Add version to .env"
+        run: sed -i 's/APP_VERSION=0.0.0/APP_VERSION=${{ steps.release-version.outputs.app_version }}/g' .env
+
+      - name: "Add build to .env"
+        run: sed -i 's/APP_BUILD=0/APP_BUILD=${{ steps.release-build.outputs.build }}/g' .env
+
+      - name: "Output .env"
+        run: cat .env
+
+      - name: "Setup PHP with PECL extension"
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          extensions: mbstring, dom, fileinfo, pgsql
+
+      - name: "Install dependencies"
+        run: composer install --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+        if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20.x'
+
+      - name: "Checkout invoicing extension"
+        uses: actions/checkout@v4
+        with:
+          repository: solidtime-io/extension-invoicing
+          path: extensions/Invoicing
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY_INVOICING_EXTENSION }}
+
+      - name: "Install composer dependencies in invoicing extension"
+        run: cd extensions/Invoicing && composer install --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+
+      - name: "Install npm dependencies in invoicing extension"
+        run: cd extensions/Invoicing && npm ci
+
+      - name: "Activate invoicing extension"
+        run: php artisan module:enable Invoicing
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Build"
+        run: npm run build
+
+      - name: "Prepare"
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: "Docker meta"
+        id: "meta"
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_REPO }}
+
+      - name: "Login to solidtime OnPremise Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: registry.on-premise.solidtime.io
+          username: ${{ secrets.ONPREMISE_USERNAME }}
+          password: ${{ secrets.ONPREMISE_TOKEN }}
+
+      - name: "Set up QEMU"
+        uses: docker/setup-qemu-action@v3
+
+      - name: "Set up Docker Buildx"
+        uses: docker/setup-buildx-action@v3
+
+      - name: "Build and push by digest"
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/prod/Dockerfile
+          build-args: |
+            DOCKER_FILES_BASE_PATH=docker/prod/
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,"name=${{ env.DOCKER_REPO }}",push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: "Export digest"
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: "Upload digest"
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    needs:
+      - build
+    steps:
+      - name: "Download digests"
+        uses: actions/download-artifact@v6
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: "Login to solidtime OnPremise Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: registry.on-premise.solidtime.io
+          username: ${{ secrets.ONPREMISE_USERNAME }}
+          password: ${{ secrets.ONPREMISE_TOKEN }}
+
+      - name: "Set up Docker Buildx"
+        uses: docker/setup-buildx-action@v3
+
+      - name: "Docker meta"
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_REPO }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: "Create manifest list and push"
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.DOCKER_REPO }}@sha256:%s ' *)
+
+      - name: "Inspect image"
+        run: |
+          docker buildx imagetools inspect ${{ env.DOCKER_REPO }}:${{ steps.meta.outputs.version }}

.github/workflows/build-private.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: "Check out code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
 
@@ -68,12 +68,12 @@ jobs:
         run: cat .env
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
       - name: "Checkout billing extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: solidtime-io/extension-billing
           path: extensions/Billing
@@ -93,7 +93,7 @@ jobs:
         run: cd extensions/Billing && npm ci
 
       - name: "Checkout services extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: solidtime-io/extension-services
           path: extensions/Services
@@ -111,7 +111,7 @@ jobs:
         run: cd extensions/Services && npm ci
 
       - name: "Checkout invoicing extension"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: solidtime-io/extension-invoicing
           path: extensions/Invoicing

.github/workflows/build-public.yml

@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: "Check out code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
 
@@ -92,7 +92,7 @@ jobs:
         if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
@@ -169,7 +169,7 @@ jobs:
       - build
     steps:
       - name: "Download digests"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           path: ${{ runner.temp }}/digests
           pattern: digests-*

.github/workflows/generate-api-docs.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP"
         uses: shivammathur/setup-php@v2

.github/workflows/npm-build.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP (for Ziggy)"
         uses: shivammathur/setup-php@v2
@@ -24,7 +24,7 @@ jobs:
         run: composer install -n --prefer-dist
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 

.github/workflows/npm-format-check.yml

@@ -9,10 +9,10 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 

.github/workflows/npm-lint.yml

@@ -11,10 +11,10 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 

.github/workflows/npm-publish-api.yml

@@ -11,11 +11,11 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       # Setup .npmrc file to publish to npm
       - name: Install root project dependencies
         run: npm ci
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20.x'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/npm-publish-ui.yml

@@ -11,9 +11,9 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20.x'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/npm-test-unit.yml

@@ -0,0 +1,27 @@
+name: NPM Test Unit
+
+on: [push]
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      TZ: UTC
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Run vitest"
+        run: npm run test:unit

.github/workflows/npm-typecheck.yml

@@ -10,7 +10,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP (for Ziggy)"
         uses: shivammathur/setup-php@v2
@@ -23,7 +23,7 @@ jobs:
         run: composer install -n --prefer-dist
 
       - name: "Use Node.js"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 

.github/workflows/phpstan.yml

@@ -9,7 +9,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP"
         uses: shivammathur/setup-php@v2

.github/workflows/phpunit.yml

@@ -36,7 +36,7 @@ jobs:
           --health-retries 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup PHP"
         uses: shivammathur/setup-php@v2
@@ -48,7 +48,7 @@ jobs:
       - name: "Run composer install"
         run: composer install -n --prefer-dist
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
@@ -68,7 +68,7 @@ jobs:
         run: php artisan test --stop-on-failure --coverage-text --coverage-clover=coverage.xml
 
       - name: "Upload coverage reports to Codecov"
-        uses: codecov/codecov-action@v5.4.3
+        uses: codecov/codecov-action@v5.5.1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           slug: solidtime-io/solidtime

.github/workflows/pint.yml

@@ -9,9 +9,9 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Check code style"
-        uses: aglipanci/laravel-pint-action@2.5
+        uses: aglipanci/laravel-pint-action@2.6
         with:
           configPath: "pint.json"

.github/workflows/playwright.yml

@@ -6,10 +6,18 @@ jobs:
   test:
     runs-on: ubuntu-latest
     timeout-minutes: 60
+    strategy:
+      fail-fast: false
+      matrix:
+        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8]
+        shardTotal: [8]
 
     services:
       mailpit:
         image: 'axllent/mailpit:latest'
+        ports:
+          - 1025:1025
+          - 8025:8025
       pgsql_test:
         image: postgres:15
         env:
@@ -27,10 +35,10 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Setup node"
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '20.x'
 
@@ -57,22 +65,63 @@ jobs:
       - name: "Build Frontend"
         run: npm run build
 
-      - name: "Run Laravel Server"
-        run: php artisan serve > /dev/null 2>&1 &
+      - name: "Install FrankenPHP"
+        run: |
+          ARCH="$(uname -m)"
+          curl -fsSL "https://github.com/dunglas/frankenphp/releases/latest/download/frankenphp-linux-${ARCH}" -o /usr/local/bin/frankenphp
+          chmod +x /usr/local/bin/frankenphp
+
+      - name: "Run Laravel Octane Server"
+        run: php artisan octane:start --server=frankenphp --host=127.0.0.1 --port=8000 --workers=4 --max-requests=500 > /dev/null 2>&1 &
+        env:
+          OCTANE_SERVER: frankenphp
 
       - name: "Install Playwright Browsers"
         run: npx playwright install --with-deps
 
       - name: "Run Playwright tests"
-        run: npx playwright test
+        run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
         env:
           PLAYWRIGHT_BASE_URL: 'http://127.0.0.1:8000'
+          MAILPIT_BASE_URL: 'http://localhost:8025'
 
-      - name: "Upload test results"
+      - name: "Upload blob report"
         uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: test-results
-          path: test-results/
-          retention-days: 30
+          name: blob-report-${{ matrix.shardIndex }}
+          path: blob-report/
+          retention-days: 7
 
+  merge-reports:
+    if: always()
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Setup node"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install dependencies"
+        run: npm ci
+
+      - name: "Download blob reports"
+        uses: actions/download-artifact@v4
+        with:
+          path: all-blob-reports
+          pattern: blob-report-*
+          merge-multiple: true
+
+      - name: "Merge reports"
+        run: npx playwright merge-reports --reporter html ./all-blob-reports
+
+      - name: "Upload merged HTML report"
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 30

.npmrc

@@ -0,0 +1 @@
+min-release-age=7

README.md

@@ -1,4 +1,4 @@
-# solidtime - The modern Open-Source Time Tracker
+# solidtime - The modern Open-Source TimeTracker
 
 [![GitHub License](https://img.shields.io/github/license/solidtime-io/solidtime?style=flat-square)](https://github.com/solidtime-io/solidtime/blob/main/LICENSE.md)
 [![Codecov](https://img.shields.io/codecov/c/github/solidtime-io/solidtime?style=flat-square&logo=codecov)](https://codecov.io/gh/solidtime-io/solidtime)
@@ -37,6 +37,8 @@ If you have a **feature request**, please [**create a discussion**](https://gith
 
 Please open an issue or start a discussion and wait for approval before submitting a pull request. This does not apply to tiny fixes or changes however, please keep in mind that we might not merge PRs for various reasons. 
 
+**If you submit an AI slop pull request (especially without following the proper procedure), you will be banned from future contributions to solidtime.**
+
 Please read the [CONTRIBUTING.md](./CONTRIBUTING.md) before sumbitting a Pull Request.
 
 We do accept contributions in the [documentation repository](https://github.com/solidtime-io/docs) f.e. to add new self-hosting guides.

SECURITY.md

@@ -3,3 +3,18 @@
 ## Reporting a Vulnerability
 
 If you discover a security vulnerability regarding this project, please e-mail me to [security@solidtime.io](mailto:security@solidtime.io)!
+
+## Out of scope
+
+
+Reports we typically won't issue an advisory for:
+
+* Theoretical findings without a working PoC
+* Raw scanner output without manual validation
+* Missing/weak security headers in isolation (CSP, X-Frame-Options, HSTS, etc.)
+* SPF/DKIM/DMARC on non-mail-sending domains; missing DNSSEC/CAA; TLS cipher preferences
+* Self-XSS; CSRF on non-state-changing endpoints (logout, theme)
+* CSV / spreadsheet formula injection in exports — treated as a spreadsheet-application issue
+* Org owners or admins acting destructively within their own organization
+* Anything requiring direct DB, shell, or filesystem access on a self-hosted instance
+* Missing OAuth Scope enforcement (this is not implemented yet, but AI scanners flag it which is why it is included in this list until we actually support it)

app/Console/Kernel.php

@@ -22,13 +22,27 @@ class Kernel extends ConsoleKernel
             ->when(fn (): bool => config('scheduling.tasks.auth_send_mails_expiring_api_tokens'))
             ->everyTenMinutes();
 
-        $schedule->command('self-host:check-for-update')
-            ->when(fn (): bool => config('scheduling.tasks.self_hosting_check_for_update'))
-            ->twiceDaily();
+        if (config('app.key') && (config('scheduling.tasks.self_hosting_check_for_update') || config('scheduling.tasks.self_hosting_telemetry'))) {
+            // Convert string to a stable integer for seeding
+            /** @var int $seed Take the first 8 hex chars → 32-bit int */
+            $seed = hexdec(substr(hash('md5', config('app.key')), 0, 8));
+            $seed = abs($seed); // Ensure it's positive
+            mt_srand($seed);
+            $firstHour = mt_rand(0, 23);
+            $secondHour = ($firstHour + 12) % 24;
+            $minuteOffset = mt_rand(0, 59);
+            mt_srand(null); // Reset the random number generator
 
-        $schedule->command('self-host:telemetry')
-            ->when(fn (): bool => config('scheduling.tasks.self_hosting_telemetry'))
-            ->twiceDaily();
+            if (config('scheduling.tasks.self_hosting_check_for_update')) {
+                $schedule->command('self-host:check-for-update')
+                    ->twiceDailyAt($firstHour, $secondHour, $minuteOffset);
+            }
+
+            if (config('scheduling.tasks.self_hosting_telemetry')) {
+                $schedule->command('self-host:telemetry')
+                    ->twiceDailyAt($firstHour, $secondHour, $minuteOffset);
+            }
+        }
 
         $schedule->command('self-host:database-consistency')
             ->when(fn (): bool => config('scheduling.tasks.self_hosting_database_consistency'))

app/Enums/TimeEntryAggregationType.php

@@ -20,6 +20,7 @@ enum TimeEntryAggregationType: string
     case Client = 'client';
     case Billable = 'billable';
     case Description = 'description';
+    case Tag = 'tag';
 
     public static function fromInterval(TimeEntryAggregationTypeInterval $timeEntryAggregationTypeInterval): TimeEntryAggregationType
     {

app/Exceptions/Api/OverlappingTimeEntryApiException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class OverlappingTimeEntryApiException extends ApiException
+{
+    public const string KEY = 'overlapping_time_entry';
+}

app/Filament/Resources/TimeEntryResource.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Filament\Resources;
 
 use App\Filament\Resources\TimeEntryResource\Pages;
+use App\Models\Member;
 use App\Models\TimeEntry;
 use Filament\Forms\Components\DateTimePicker;
 use Filament\Forms\Components\Select;
@@ -16,6 +17,7 @@ use Filament\Tables;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Filters\SelectFilter;
 use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Builder;
 
 class TimeEntryResource extends Resource
 {
@@ -51,15 +53,23 @@ class TimeEntryResource extends Resource
                     ->rules([
                         'after_or_equal:start',
                     ]),
-                Select::make('user_id')
-                    ->relationship(name: 'user', titleAttribute: 'email')
-                    ->searchable(['name', 'email'])
+                Select::make('member_id')
+                    ->relationship(
+                        name: 'member',
+                        titleAttribute: 'id',
+                        modifyQueryUsing: fn (Builder $query) => $query->with(['user', 'organization'])
+                    )
+                    ->getOptionLabelFromRecordUsing(fn (Member $record): string => $record->user->email.' ('.$record->organization->name.')')
+                    ->searchable()
                     ->required(),
                 Select::make('project_id')
                     ->relationship(name: 'project', titleAttribute: 'name')
                     ->searchable(['name'])
                     ->nullable(),
-                // TODO
+                Select::make('task_id')
+                    ->relationship(name: 'task', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->nullable(),
             ]);
     }
 

app/Filament/Resources/TimeEntryResource/Pages/CreateTimeEntry.php

@@ -5,9 +5,28 @@ declare(strict_types=1);
 namespace App\Filament\Resources\TimeEntryResource\Pages;
 
 use App\Filament\Resources\TimeEntryResource;
+use App\Models\Member;
 use Filament\Resources\Pages\CreateRecord;
 
 class CreateTimeEntry extends CreateRecord
 {
     protected static string $resource = TimeEntryResource::class;
+
+    /**
+     * @param  array<string, mixed>  $data
+     * @return array<string, mixed>
+     */
+    protected function mutateFormDataBeforeCreate(array $data): array
+    {
+        if (isset($data['member_id'])) {
+            /** @var Member|null $member */
+            $member = Member::query()->find($data['member_id']);
+            if ($member !== null) {
+                $data['user_id'] = $member->user_id;
+                $data['organization_id'] = $member->organization_id;
+            }
+        }
+
+        return $data;
+    }
 }

app/Filament/Resources/TimeEntryResource/Pages/EditTimeEntry.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Filament\Resources\TimeEntryResource\Pages;
 
 use App\Filament\Resources\TimeEntryResource;
+use App\Models\Member;
 use Filament\Actions;
 use Filament\Resources\Pages\EditRecord;
 
@@ -19,4 +20,22 @@ class EditTimeEntry extends EditRecord
                 ->icon('heroicon-m-trash'),
         ];
     }
+
+    /**
+     * @param  array<string, mixed>  $data
+     * @return array<string, mixed>
+     */
+    protected function mutateFormDataBeforeSave(array $data): array
+    {
+        if (isset($data['member_id'])) {
+            /** @var Member|null $member */
+            $member = Member::query()->find($data['member_id']);
+            if ($member !== null) {
+                $data['user_id'] = $member->user_id;
+                $data['organization_id'] = $member->organization_id;
+            }
+        }
+
+        return $data;
+    }
 }

app/Http/Controllers/Api/V1/ApiTokenController.php

@@ -35,6 +35,7 @@ class ApiTokenController extends Controller
                 /** @var Builder<Client> $query */
                 $query->whereJsonContains('grant_types', 'personal_access');
             })
+            ->orderBy('created_at', 'desc')
             ->get();
 
         return new ApiTokenCollection($tokens);

app/Http/Controllers/Api/V1/ChartController.php

@@ -102,7 +102,7 @@ class ChartController extends Controller
         $this->checkPermission($organization, 'charts:view:own');
         $user = $this->user();
 
-        $dailyTrackedHours = $dashboardService->getDailyTrackedHours($user, $organization, 60);
+        $dailyTrackedHours = $dashboardService->getDailyTrackedHours($user, $organization, 100);
 
         return response()->json($dailyTrackedHours);
     }

app/Http/Controllers/Api/V1/ClientController.php

@@ -38,11 +38,17 @@ class ClientController extends Controller
     public function index(Organization $organization, ClientIndexRequest $request): ClientCollection
     {
         $this->checkPermission($organization, 'clients:view');
+        $canViewAllClients = $this->hasPermission($organization, 'clients:view:all');
+        $user = $this->user();
 
         $clientsQuery = Client::query()
             ->whereBelongsTo($organization, 'organization')
             ->orderBy('created_at', 'desc');
 
+        if (! $canViewAllClients) {
+            $clientsQuery->visibleByEmployee($user);
+        }
+
         $filterArchived = $request->getFilterArchived();
         if ($filterArchived === 'true') {
             $clientsQuery->whereNotNull('archived_at');

app/Http/Controllers/Api/V1/InvitationController.php

@@ -41,6 +41,7 @@ class InvitationController extends Controller
         $this->checkPermission($organization, 'invitations:view');
 
         $invitations = $organization->teamInvitations()
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return InvitationCollection::make($invitations);

app/Http/Controllers/Api/V1/MemberController.php

@@ -60,6 +60,7 @@ class MemberController extends Controller
         $members = Member::query()
             ->whereBelongsTo($organization, 'organization')
             ->with(['user'])
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return MemberCollection::make($members);

app/Http/Controllers/Api/V1/OrganizationController.php

@@ -46,6 +46,9 @@ class OrganizationController extends Controller
         if ($request->getEmployeesCanSeeBillableRates() !== null) {
             $organization->employees_can_see_billable_rates = $request->getEmployeesCanSeeBillableRates();
         }
+        if ($request->getEmployeesCanManageTasks() !== null) {
+            $organization->employees_can_manage_tasks = $request->getEmployeesCanManageTasks();
+        }
         if ($request->getNumberFormat() !== null) {
             $organization->number_format = $request->getNumberFormat();
         }
@@ -61,6 +64,9 @@ class OrganizationController extends Controller
         if ($request->getTimeFormat() !== null) {
             $organization->time_format = $request->getTimeFormat();
         }
+        if ($request->getPreventOverlappingTimeEntries() !== null) {
+            $organization->prevent_overlapping_time_entries = $request->getPreventOverlappingTimeEntries();
+        }
         $hasBillableRate = $request->has('billable_rate');
         if ($hasBillableRate) {
             $oldBillableRate = $organization->billable_rate;

app/Http/Controllers/Api/V1/ProjectController.php

@@ -60,7 +60,9 @@ class ProjectController extends Controller
             $projectsQuery->whereNull('archived_at');
         }
 
-        $projects = $projectsQuery->paginate(config('app.pagination_per_page_default'));
+        $projects = $projectsQuery
+            ->orderBy('created_at', 'desc')
+            ->paginate(config('app.pagination_per_page_default'));
 
         $showBillableRate = $this->member($organization)->role !== Role::Employee->value || $organization->employees_can_see_billable_rates;
 
@@ -76,7 +78,7 @@ class ProjectController extends Controller
      */
     public function show(Organization $organization, Project $project): JsonResource
     {
-        $this->checkPermission($organization, 'projects:view', $project);
+        $this->checkPermission($organization, 'projects:view:all', $project);
 
         // Note: There is currently no need to check if a user is a member of the project,
         // since this is only relevant for users with the role "employee" and they can not access this endpoint.

app/Http/Controllers/Api/V1/ProjectMemberController.php

@@ -6,6 +6,7 @@ namespace App\Http\Controllers\Api\V1;
 
 use App\Exceptions\Api\InactiveUserCanNotBeUsedApiException;
 use App\Exceptions\Api\UserIsAlreadyMemberOfProjectApiException;
+use App\Http\Requests\V1\ProjectMember\ProjectMemberIndexRequest;
 use App\Http\Requests\V1\ProjectMember\ProjectMemberStoreRequest;
 use App\Http\Requests\V1\ProjectMember\ProjectMemberUpdateRequest;
 use App\Http\Resources\V1\ProjectMember\ProjectMemberCollection;
@@ -41,12 +42,13 @@ class ProjectMemberController extends Controller
      *
      * @operationId getProjectMembers
      */
-    public function index(Organization $organization, Project $project): ProjectMemberCollection
+    public function index(Organization $organization, Project $project, ProjectMemberIndexRequest $request): ProjectMemberCollection
     {
         $this->checkPermission($organization, 'project-members:view', $project);
 
         $projectMembers = ProjectMember::query()
             ->whereBelongsTo($project, 'project')
+            ->orderBy('created_at', 'desc')
             ->paginate(config('app.pagination_per_page_default'));
 
         return new ProjectMemberCollection($projectMembers);

app/Http/Controllers/Api/V1/ReportController.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;
 
 use App\Enums\Weekday;
+use App\Http\Requests\V1\Report\ReportIndexRequest;
 use App\Http\Requests\V1\Report\ReportStoreRequest;
 use App\Http\Requests\V1\Report\ReportUpdateRequest;
 use App\Http\Resources\V1\Report\DetailedReportResource;
@@ -40,7 +41,7 @@ class ReportController extends Controller
      *
      * @operationId getReports
      */
-    public function index(Organization $organization): ReportCollection
+    public function index(Organization $organization, ReportIndexRequest $request): ReportCollection
     {
         $this->checkPermission($organization, 'reports:view');
 
@@ -150,6 +151,9 @@ class ReportController extends Controller
                 $report->share_secret = null;
                 $report->public_until = null;
             }
+        } elseif ($report->is_public && $request->has('public_until')) {
+            // Allow updating expiration date on already-public reports
+            $report->public_until = $request->getPublicUntil();
         }
         $report->save();
 

app/Http/Controllers/Api/V1/TagController.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;
 
 use App\Exceptions\Api\EntityStillInUseApiException;
+use App\Http\Requests\V1\Tag\TagIndexRequest;
 use App\Http\Requests\V1\Tag\TagStoreRequest;
 use App\Http\Requests\V1\Tag\TagUpdateRequest;
 use App\Http\Resources\V1\Tag\TagCollection;
@@ -34,7 +35,7 @@ class TagController extends Controller
      *
      * @throws AuthorizationException
      */
-    public function index(Organization $organization): TagCollection
+    public function index(Organization $organization, TagIndexRequest $request): TagCollection
     {
         $this->checkPermission($organization, 'tags:view');
 

app/Http/Controllers/Api/V1/TaskController.php

@@ -11,6 +11,7 @@ use App\Http\Requests\V1\Task\TaskUpdateRequest;
 use App\Http\Resources\V1\Task\TaskCollection;
 use App\Http\Resources\V1\Task\TaskResource;
 use App\Models\Organization;
+use App\Models\Project;
 use App\Models\Task;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Http\JsonResponse;
@@ -27,6 +28,26 @@ class TaskController extends Controller
         }
     }
 
+    /**
+     * Check scoped permission and verify user has access to the project
+     *
+     * @throws AuthorizationException
+     */
+    private function checkScopedPermissionForProject(Organization $organization, Project $project, string $permission): void
+    {
+        $this->checkPermission($organization, $permission);
+
+        $user = $this->user();
+        $hasAccess = Project::query()
+            ->where('id', $project->id)
+            ->visibleByEmployee($user)
+            ->exists();
+
+        if (! $hasAccess) {
+            throw new AuthorizationException('You do not have permission to '.$permission.' in this project.');
+        }
+    }
+
     /**
      * Get tasks
      *
@@ -61,7 +82,9 @@ class TaskController extends Controller
             $query->whereNull('done_at');
         }
 
-        $tasks = $query->paginate(config('app.pagination_per_page_default'));
+        $tasks = $query
+            ->orderBy('created_at', 'desc')
+            ->paginate(config('app.pagination_per_page_default'));
 
         return new TaskCollection($tasks);
     }
@@ -75,7 +98,15 @@ class TaskController extends Controller
      */
     public function store(Organization $organization, TaskStoreRequest $request): JsonResource
     {
-        $this->checkPermission($organization, 'tasks:create');
+        /** @var Project $project */
+        $project = Project::query()->findOrFail($request->input('project_id'));
+
+        if ($this->hasPermission($organization, 'tasks:create:all')) {
+            $this->checkPermission($organization, 'tasks:create:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $project, 'tasks:create');
+        }
+
         $task = new Task;
         $task->name = $request->input('name');
         $task->project_id = $request->input('project_id');
@@ -97,7 +128,17 @@ class TaskController extends Controller
      */
     public function update(Organization $organization, Task $task, TaskUpdateRequest $request): JsonResource
     {
-        $this->checkPermission($organization, 'tasks:update', $task);
+        // Check task belongs to organization
+        if ($task->organization_id !== $organization->id) {
+            throw new AuthorizationException('Task does not belong to organization');
+        }
+
+        if ($this->hasPermission($organization, 'tasks:update:all')) {
+            $this->checkPermission($organization, 'tasks:update:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $task->project, 'tasks:update');
+        }
+
         $task->name = $request->input('name');
         if ($this->canAccessPremiumFeatures($organization) && $request->has('estimated_time')) {
             $task->estimated_time = $request->getEstimatedTime();
@@ -119,7 +160,16 @@ class TaskController extends Controller
      */
     public function destroy(Organization $organization, Task $task): JsonResponse
     {
-        $this->checkPermission($organization, 'tasks:delete', $task);
+        // Check task belongs to organization
+        if ($task->organization_id !== $organization->id) {
+            throw new AuthorizationException('Task does not belong to organization');
+        }
+
+        if ($this->hasPermission($organization, 'tasks:delete:all')) {
+            $this->checkPermission($organization, 'tasks:delete:all');
+        } else {
+            $this->checkScopedPermissionForProject($organization, $task->project, 'tasks:delete');
+        }
 
         if ($task->timeEntries()->exists()) {
             throw new EntityStillInUseApiException('task', 'time_entry');

app/Http/Controllers/Api/V1/TimeEntryController.php

@@ -7,6 +7,7 @@ namespace App\Http\Controllers\Api\V1;
 use App\Enums\ExportFormat;
 use App\Enums\Role;
 use App\Exceptions\Api\FeatureIsNotAvailableInFreePlanApiException;
+use App\Exceptions\Api\OverlappingTimeEntryApiException;
 use App\Exceptions\Api\PdfRendererIsNotConfiguredException;
 use App\Exceptions\Api\TimeEntryCanNotBeRestartedApiException;
 use App\Exceptions\Api\TimeEntryStillRunningApiException;
@@ -45,17 +46,56 @@ use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Http\File;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Resources\Json\JsonResource;
+use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Str;
 use Maatwebsite\Excel\Facades\Excel;
 use Spatie\TemporaryDirectory\TemporaryDirectory;
 
 class TimeEntryController extends Controller
 {
+    private function assertNoOverlap(Organization $organization, Member $member, \Illuminate\Support\Carbon $start, ?\Illuminate\Support\Carbon $end, ?TimeEntry $exclude = null): void
+    {
+        if (! $organization->prevent_overlapping_time_entries) {
+            return;
+        }
+
+        $query = TimeEntry::query()
+            ->where('organization_id', $organization->getKey())
+            ->where('user_id', $member->user_id)
+            ->when($exclude !== null, function (Builder $q) use ($exclude): void {
+                $q->where('id', '!=', $exclude->getKey());
+            })
+            ->where(function (Builder $q) use ($start, $end): void {
+                $q->where(function (Builder $q2) use ($start): void {
+                    $q2->where('end', '>', $start)
+                        ->where('start', '<', $start);
+                });
+
+                if ($end !== null) {
+                    $q->orWhere(function (Builder $q4) use ($end): void {
+                        $q4->where('start', '<', $end)
+                            ->where('end', '>', $end);
+                    });
+                    // Check if the new entry completely surrounds an existing entry
+                    $q->orWhere(function (Builder $q6) use ($start, $end): void {
+                        $q6->where('start', '>=', $start)
+                            ->where('end', '<=', $end);
+                    });
+                }
+
+            });
+
+        if ($query->exists()) {
+            throw new OverlappingTimeEntryApiException;
+        }
+    }
+
     protected function checkPermission(Organization $organization, string $permission, ?TimeEntry $timeEntry = null): void
     {
         parent::checkPermission($organization, $permission);
@@ -207,7 +247,7 @@ class TimeEntryController extends Controller
             'user',
             'tagsRelation',
         ]);
-        $filename = 'time-entries-export-'.now()->format('Y-m-d_H-i-s').'.'.$format->getFileExtension();
+        $filename = 'time-entries-export-'.now()->format('Y-m-d_H-i-s').'-'.Str::uuid().'.'.$format->getFileExtension();
         $folderPath = 'exports';
         $path = $folderPath.'/'.$filename;
         $localizationService = LocalizationService::forOrganization($organization);
@@ -430,7 +470,7 @@ class TimeEntryController extends Controller
         $timezone = app(TimezoneService::class)->getTimezoneFromUser($this->user());
         $localizationService = LocalizationService::forOrganization($organization);
 
-        $filename = 'time-entries-report-'.now()->format('Y-m-d_H-i-s').'.'.$format->getFileExtension();
+        $filename = 'time-entries-report-'.now()->format('Y-m-d_H-i-s').'-'.Str::uuid().'.'.$format->getFileExtension();
         $folderPath = 'exports';
         $path = $folderPath.'/'.$filename;
 
@@ -549,17 +589,15 @@ class TimeEntryController extends Controller
             throw new TimeEntryStillRunningApiException;
         }
 
+        // Overlap check for create
+        $start = Carbon::parse($request->input('start'));
+        $end = $request->input('end') !== null ? Carbon::parse($request->input('end')) : null;
+        $this->assertNoOverlap($organization, $member, $start, $end);
+
         $project = $request->input('project_id') !== null ? Project::findOrFail((string) $request->input('project_id')) : null;
         $client = $project?->client;
         $task = $request->input('task_id') !== null ? $project->tasks()->findOrFail((string) $request->input('task_id')) : null;
 
-        if ($project !== null) {
-            RecalculateSpentTimeForProject::dispatch($project);
-        }
-        if ($task !== null) {
-            RecalculateSpentTimeForTask::dispatch($task);
-        }
-
         $timeEntry = new TimeEntry;
         $timeEntry->fill($request->validated());
         $timeEntry->client()->associate($client);
@@ -569,6 +607,13 @@ class TimeEntryController extends Controller
         $timeEntry->setComputedAttributeValue('billable_rate');
         $timeEntry->save();
 
+        if ($project !== null) {
+            RecalculateSpentTimeForProject::dispatch($project);
+        }
+        if ($task !== null) {
+            RecalculateSpentTimeForTask::dispatch($task);
+        }
+
         return new TimeEntryResource($timeEntry);
     }
 
@@ -584,15 +629,22 @@ class TimeEntryController extends Controller
         /** @var Member|null $member */
         $member = $request->has('member_id') ? Member::query()->findOrFail($request->input('member_id')) : null;
         if ($timeEntry->member->user_id === Auth::id() && ($member === null || $member->user_id === Auth::id())) {
-            $this->checkPermission($organization, 'time-entries:update:own');
+            $this->checkPermission($organization, 'time-entries:update:own', $timeEntry);
         } else {
-            $this->checkPermission($organization, 'time-entries:update:all');
+            $this->checkPermission($organization, 'time-entries:update:all', $timeEntry);
         }
 
         if ($timeEntry->end !== null && $request->has('end') && $request->input('end') === null) {
             throw new TimeEntryCanNotBeRestartedApiException;
         }
 
+        // Overlap check for update (exclude current)
+        /** @var Member $effectiveMember */
+        $effectiveMember = $request->has('member_id') ? Member::query()->findOrFail($request->input('member_id')) : $timeEntry->member;
+        $effectiveStart = $request->has('start') ? Carbon::parse($request->input('start')) : $timeEntry->start;
+        $effectiveEnd = $request->has('end') ? ($request->input('end') !== null ? Carbon::parse($request->input('end')) : null) : $timeEntry->end;
+        $this->assertNoOverlap($organization, $effectiveMember, $effectiveStart, $effectiveEnd, $timeEntry);
+
         $oldProject = $timeEntry->project;
         $oldTask = $timeEntry->task;
 

app/Http/Middleware/HandleInertiaRequests.php

@@ -41,6 +41,7 @@ class HandleInertiaRequests extends Middleware
     {
         $hasBilling = Module::has('Billing') && Module::isEnabled('Billing');
         $hasInvoicing = Module::has('Invoicing') && Module::isEnabled('Invoicing');
+        $hasServices = Module::has('Services') && Module::isEnabled('Services');
 
         /** @var BillingContract $billing */
         $billing = app(BillingContract::class);
@@ -50,6 +51,7 @@ class HandleInertiaRequests extends Middleware
         return array_merge(parent::share($request), [
             'has_billing_extension' => $hasBilling,
             'has_invoicing_extension' => $hasInvoicing,
+            'has_services_extension' => $hasServices,
             'billing' => $currentOrganization !== null ? [
                 'has_subscription' => $billing->hasSubscription($currentOrganization),
                 'has_trial' => $billing->hasTrial($currentOrganization),

app/Http/Requests/V1/Invitation/InvitationIndexRequest.php

@@ -21,6 +21,11 @@ class InvitationIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
         ];
     }
 }

app/Http/Requests/V1/Member/MemberIndexRequest.php

@@ -21,6 +21,11 @@ class MemberIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
         ];
     }
 }

app/Http/Requests/V1/Organization/OrganizationUpdateRequest.php

@@ -39,6 +39,12 @@ class OrganizationUpdateRequest extends BaseFormRequest
             'employees_can_see_billable_rates' => [
                 'boolean',
             ],
+            'employees_can_manage_tasks' => [
+                'boolean',
+            ],
+            'prevent_overlapping_time_entries' => [
+                'boolean',
+            ],
             'number_format' => [
                 Rule::enum(NumberFormat::class),
             ],
@@ -98,4 +104,14 @@ class OrganizationUpdateRequest extends BaseFormRequest
     {
         return $this->has('employees_can_see_billable_rates') ? $this->boolean('employees_can_see_billable_rates') : null;
     }
+
+    public function getEmployeesCanManageTasks(): ?bool
+    {
+        return $this->has('employees_can_manage_tasks') ? $this->boolean('employees_can_manage_tasks') : null;
+    }
+
+    public function getPreventOverlappingTimeEntries(): ?bool
+    {
+        return $this->has('prevent_overlapping_time_entries') ? $this->boolean('prevent_overlapping_time_entries') : null;
+    }
 }

app/Http/Requests/V1/ProjectMember/ProjectMemberIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\ProjectMember;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class ProjectMemberIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Report/ReportIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Report;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class ReportIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Report/ReportStoreRequest.php

@@ -10,9 +10,11 @@ use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
 use App\Http\Requests\V1\BaseFormRequest;
 use App\Models\Organization;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\Rule as LegacyValidationRule;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Support\Carbon;
+use Illuminate\Support\Str;
 use Illuminate\Validation\Rule;
 
 /**
@@ -23,7 +25,7 @@ class ReportStoreRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|LegacyValidationRule>>
+     * @return array<string, array<string|ValidationRule|LegacyValidationRule|\Closure>>
      */
     public function rules(): array
     {
@@ -81,7 +83,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.client_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             // Filter by project IDs, project IDs are OR combined
             'properties.project_ids' => [
@@ -90,7 +99,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.project_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'properties.tag_ids' => [
@@ -99,7 +115,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.tag_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             'properties.task_ids' => [
                 'nullable',
@@ -107,7 +130,14 @@ class ReportStoreRequest extends BaseFormRequest
             ],
             'properties.task_ids.*' => [
                 'string',
-                'uuid',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    if (! Str::isUuid($value)) {
+                        $fail('The '.$attribute.' must be a valid UUID.');
+                    }
+                },
             ],
             'properties.group' => [
                 'required',

app/Http/Requests/V1/Tag/TagIndexRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Tag;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class TagIndexRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
+        ];
+    }
+}

app/Http/Requests/V1/Task/TaskIndexRequest.php

@@ -26,6 +26,11 @@ class TaskIndexRequest extends BaseFormRequest
     public function rules(): array
     {
         return [
+            'page' => [
+                'integer',
+                'min:1',
+                'max:2147483647',
+            ],
             'project_id' => [
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */

app/Http/Requests/V1/TimeEntry/TimeEntryAggregateExportRequest.php

@@ -16,6 +16,7 @@ use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
 use App\Models\User;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -30,7 +31,7 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -94,10 +95,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by client IDs, client IDs are OR combined
             'client_ids' => [
@@ -106,10 +112,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -118,10 +129,15 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -130,9 +146,14 @@ class TimeEntryAggregateExportRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryAggregateRequest.php

@@ -14,6 +14,7 @@ use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
 use App\Models\User;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -28,7 +29,7 @@ class TimeEntryAggregateRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -80,10 +81,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by client IDs, client IDs are OR combined
             'client_ids' => [
@@ -92,10 +98,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -104,10 +115,15 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -116,9 +132,14 @@ class TimeEntryAggregateRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryIndexExportRequest.php

@@ -6,11 +6,13 @@ namespace App\Http\Requests\V1\TimeEntry;
 
 use App\Enums\ExportFormat;
 use App\Enums\TimeEntryRoundingType;
+use App\Models\Client;
 use App\Models\Member;
 use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
@@ -25,7 +27,7 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
+     * @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule|\Closure>>
      */
     public function rules(): array
     {
@@ -57,6 +59,23 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
                     return $builder->whereBelongsTo($this->organization, 'organization');
                 }),
             ],
+            // Filter by client IDs, client IDs are OR combined
+            'client_ids' => [
+                'array',
+                'min:1',
+            ],
+            'client_ids.*' => [
+                'string',
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
+            ],
             // Filter by project IDs, project IDs are OR combined
             'project_ids' => [
                 'array',
@@ -64,11 +83,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'project_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -77,11 +100,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'tag_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -90,11 +117,15 @@ class TimeEntryIndexExportRequest extends TimeEntryIndexRequest
             ],
             'task_ids.*' => [
                 'string',
-                'uuid',
-                new ExistsEloquent(Task::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Task> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                }),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Task> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryIndexRequest.php

@@ -12,6 +12,7 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Validation\Rule as RuleContract;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
@@ -26,7 +27,7 @@ class TimeEntryIndexRequest extends BaseFormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, array<string|ValidationRule|RuleContract>>
+     * @return array<string, array<string|ValidationRule|RuleContract|\Closure>>
      */
     public function rules(): array
     {
@@ -58,10 +59,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'client_ids.*' => [
                 'string',
-                ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Client> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Client::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Client> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by project IDs, project IDs are OR combined
             'project_ids' => [
@@ -70,10 +76,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'project_ids.*' => [
                 'string',
-                ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Project> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by tag IDs, tag IDs are OR combined
             'tag_ids' => [
@@ -82,10 +93,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'tag_ids.*' => [
                 'string',
-                ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Tag> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Tag::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Tag> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter by task IDs, task IDs are OR combined
             'task_ids' => [
@@ -94,10 +110,15 @@ class TimeEntryIndexRequest extends BaseFormRequest
             ],
             'task_ids.*' => [
                 'string',
-                ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
-                    /** @var Builder<Task> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->uuid(),
+                function (string $attribute, mixed $value, \Closure $fail): void {
+                    if ($value === TimeEntryFilter::NONE_VALUE) {
+                        return;
+                    }
+                    ExistsEloquent::make(Task::class, null, function (Builder $builder): Builder {
+                        /** @var Builder<Task> $builder */
+                        return $builder->whereBelongsTo($this->organization, 'organization');
+                    })->uuid()->validate($attribute, $value, $fail);
+                },
             ],
             // Filter only time entries that have a start date after the given timestamp in UTC (example: 2021-01-01T00:00:00Z)
             'start' => [

app/Http/Requests/V1/TimeEntry/TimeEntryStoreRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -42,7 +44,16 @@ class TimeEntryStoreRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:create:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -79,7 +90,7 @@ class TimeEntryStoreRequest extends BaseFormRequest
             'description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'tags' => [

app/Http/Requests/V1/TimeEntry/TimeEntryUpdateMultipleRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -54,7 +56,16 @@ class TimeEntryUpdateMultipleRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:update:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -79,7 +90,7 @@ class TimeEntryUpdateMultipleRequest extends BaseFormRequest
             'changes.description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'changes.tags' => [

app/Http/Requests/V1/TimeEntry/TimeEntryUpdateRequest.php

@@ -10,8 +10,10 @@ use App\Models\Organization;
 use App\Models\Project;
 use App\Models\Tag;
 use App\Models\Task;
+use App\Service\PermissionStore;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 
 /**
@@ -42,7 +44,16 @@ class TimeEntryUpdateRequest extends BaseFormRequest
                 'required_with:task_id',
                 ExistsEloquent::make(Project::class, null, function (Builder $builder): Builder {
                     /** @var Builder<Project> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
+                    $builder = $builder->whereBelongsTo($this->organization, 'organization');
+
+                    // If user doesn't have 'all' permission for time entries or projects, only allow access to public projects or projects they're a member of
+                    $permissionStore = app(PermissionStore::class);
+                    if (! $permissionStore->has($this->organization, 'time-entries:update:all')
+                        && ! $permissionStore->has($this->organization, 'projects:view:all')) {
+                        $builder = $builder->visibleByEmployee(Auth::user());
+                    }
+
+                    return $builder;
                 })->uuid(),
             ],
             // ID of the task that the time entry should belong to
@@ -77,7 +88,7 @@ class TimeEntryUpdateRequest extends BaseFormRequest
             'description' => [
                 'nullable',
                 'string',
-                'max:500',
+                'max:5000',
             ],
             // List of tag IDs
             'tags' => [

app/Http/Resources/V1/Client/ClientCollection.php

@@ -4,9 +4,10 @@ declare(strict_types=1);
 
 namespace App\Http\Resources\V1\Client;
 
+use App\Http\Resources\PaginatedResourceCollection;
 use Illuminate\Http\Resources\Json\ResourceCollection;
 
-class ClientCollection extends ResourceCollection
+class ClientCollection extends ResourceCollection implements PaginatedResourceCollection
 {
     /**
      * The resource that this resource collects.

app/Http/Resources/V1/Organization/OrganizationResource.php

@@ -53,6 +53,10 @@ class OrganizationResource extends BaseResource
             'billable_rate' => $this->showBillableRate ? $this->resource->billable_rate : null,
             /** @var bool $employees_can_see_billable_rates Can members of the organization with role "employee" see the billable rates */
             'employees_can_see_billable_rates' => $this->resource->employees_can_see_billable_rates,
+            /** @var bool $employees_can_manage_tasks Can members of the organization with role "employee" manage tasks in public projects and projects they are assigned to */
+            'employees_can_manage_tasks' => $this->resource->employees_can_manage_tasks,
+            /** @var bool $prevent_overlapping_time_entries Prevent creating overlapping time entries (only new entries) */
+            'prevent_overlapping_time_entries' => $this->resource->prevent_overlapping_time_entries,
             /** @var string $currency Currency code (ISO 4217) */
             'currency' => $this->resource->currency,
             /** @var string $currency_symbol Currency symbol */

app/Http/Resources/V1/Tag/TagCollection.php

@@ -4,9 +4,10 @@ declare(strict_types=1);
 
 namespace App\Http\Resources\V1\Tag;
 
+use App\Http\Resources\PaginatedResourceCollection;
 use Illuminate\Http\Resources\Json\ResourceCollection;
 
-class TagCollection extends ResourceCollection
+class TagCollection extends ResourceCollection implements PaginatedResourceCollection
 {
     /**
      * The resource that this resource collects.

app/Models/Client.php

@@ -7,6 +7,7 @@ namespace App\Models;
 use App\Models\Concerns\CustomAuditable;
 use App\Models\Concerns\HasUuids;
 use Database\Factories\ClientFactory;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
@@ -62,6 +63,18 @@ class Client extends Model implements AuditableContract
         return $this->hasMany(Project::class, 'client_id');
     }
 
+    /**
+     * @param  Builder<Client>  $builder
+     * @return Builder<Client>
+     */
+    public function scopeVisibleByEmployee(Builder $builder, User $user): Builder
+    {
+        return $builder->whereHas('projects', function (Builder $builder) use ($user): Builder {
+            /** @var Builder<Project> $builder */
+            return $builder->visibleByEmployee($user);
+        });
+    }
+
     /**
      * @return Attribute<bool, never>
      */

app/Models/Organization.php

@@ -35,6 +35,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
  * @property int|null $billable_rate
  * @property string $user_id
  * @property bool $employees_can_see_billable_rates
+ * @property bool $employees_can_manage_tasks
  * @property User $owner
  * @property Carbon|null $created_at
  * @property Carbon|null $updated_at
@@ -70,6 +71,8 @@ class Organization extends JetstreamTeam implements AuditableContract
         'personal_team' => 'boolean',
         'currency' => 'string',
         'employees_can_see_billable_rates' => 'boolean',
+        'employees_can_manage_tasks' => 'boolean',
+        'prevent_overlapping_time_entries' => 'boolean',
         'number_format' => NumberFormat::class,
         'currency_format' => CurrencyFormat::class,
         'date_format' => DateFormat::class,

app/Policies/OrganizationPolicy.php

@@ -6,6 +6,7 @@ namespace App\Policies;
 
 use App\Models\Organization;
 use App\Models\User;
+use App\Service\PermissionStore;
 use Filament\Facades\Filament;
 use Illuminate\Auth\Access\HandlesAuthorization;
 
@@ -58,7 +59,7 @@ class OrganizationPolicy
             return true;
         }
 
-        return $user->ownsTeam($organization);
+        return app(PermissionStore::class)->userHas($organization, $user, 'organizations:update');
     }
 
     /**

app/Providers/JetstreamServiceProvider.php

@@ -94,8 +94,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -109,6 +112,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -157,8 +161,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -172,6 +179,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -217,8 +225,11 @@ class JetstreamServiceProvider extends ServiceProvider
             'tasks:view',
             'tasks:view:all',
             'tasks:create',
+            'tasks:create:all',
             'tasks:update',
+            'tasks:update:all',
             'tasks:delete',
+            'tasks:delete:all',
             'time-entries:view:all',
             'time-entries:create:all',
             'time-entries:update:all',
@@ -232,6 +243,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'tags:update',
             'tags:delete',
             'clients:view',
+            'clients:view:all',
             'clients:create',
             'clients:update',
             'clients:delete',
@@ -256,12 +268,13 @@ class JetstreamServiceProvider extends ServiceProvider
             'projects:view',
             'tags:view',
             'tasks:view',
+            'clients:view',
             'time-entries:view:own',
             'time-entries:create:own',
             'time-entries:update:own',
             'time-entries:delete:own',
             'organizations:view',
-        ])->description('Employees have the ability to read, create, and update their own time entries and they can see the projects that they are members of.');
+        ])->description('Employees have the ability to read, create, and update their own time entries, they can see the projects that they are members of and the clients they are assigned to.');
 
         Jetstream::role(Role::Placeholder->value, 'Placeholder', [
         ])->description('Placeholders are used for importing data. They cannot log in and have no permissions.');
@@ -291,28 +304,8 @@ class JetstreamServiceProvider extends ServiceProvider
                             'owner' => [
                                 'id' => $owner->getKey(),
                                 'name' => $owner->name,
-                                'email' => $owner->email,
                                 'profile_photo_url' => $owner->profile_photo_url,
                             ],
-                            'users' => $teamModel->users->map(function (User $user): array {
-                                return [
-                                    'id' => $user->getKey(),
-                                    'name' => $user->name,
-                                    'email' => $user->email,
-                                    'profile_photo_url' => $user->profile_photo_url,
-                                    'membership' => [
-                                        'id' => $user->membership->id,
-                                        'role' => $user->membership->role,
-                                    ],
-                                ];
-                            }),
-                            'team_invitations' => $teamModel->teamInvitations->map(function (OrganizationInvitation $invitation): array {
-                                return [
-                                    'id' => $invitation->getKey(),
-                                    'email' => $invitation->email,
-                                    'role' => $invitation->role,
-                                ];
-                            }),
                         ],
                         'currencies' => array_map(function (Currency $currency): string {
                             return $currency->getName();

app/Service/DashboardService.php

@@ -266,7 +266,8 @@ class DashboardService
                ) as aggregate'))
             ->where('billable', '=', true)
             ->whereNotNull('billable_rate')
-            ->where('user_id', '=', $user->id);
+            ->where('user_id', '=', $user->getKey())
+            ->where('organization_id', '=', $organization->getKey());
 
         $query = $this->constrainDateByPossibleDates($query, $possibleDays, $timezone);
         /** @var Collection<int, object{aggregate: int}> $resultDb */

app/Service/Dto/ReportPropertiesDto.php

@@ -8,6 +8,7 @@ use App\Enums\TimeEntryAggregationType;
 use App\Enums\TimeEntryAggregationTypeInterval;
 use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
+use App\Service\TimeEntryFilter;
 use Illuminate\Contracts\Database\Eloquent\Castable;
 use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
 use Illuminate\Database\Eloquent\Model;
@@ -174,7 +175,7 @@ class ReportPropertiesDto implements Castable
             if (! is_string($id)) {
                 throw new \InvalidArgumentException('The given ID is not a string');
             }
-            if (! Str::isUuid($id)) {
+            if ($id !== TimeEntryFilter::NONE_VALUE && ! Str::isUuid($id)) {
                 throw new \InvalidArgumentException('The given ID is not a valid UUID');
             }
             $collection->push($id);

app/Service/Export/ExportService.php

@@ -167,7 +167,7 @@ class ExportService
                             $client->id,
                             $client->name,
                             $client->organization_id,
-                            $client->archived_at ?? '',
+                            $client->archived_at?->toIso8601ZuluString() ?? '',
                             $client->created_at?->toIso8601ZuluString() ?? '',
                             $client->updated_at?->toIso8601ZuluString() ?? '',
                         ]);

app/Service/Import/Importers/ClockifyTimeEntriesImporter.php

@@ -112,7 +112,7 @@ class ClockifyTimeEntriesImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($record['Description']) > 500) {
+                if (strlen($record['Description']) > 5000) {
                     throw new ImportException('Time entry description is too long');
                 }
                 $timeEntry->description = $record['Description'];

app/Service/Import/Importers/HarvestTimeEntriesImporter.php

@@ -107,7 +107,7 @@ class HarvestTimeEntriesImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($record['Notes']) > 500) {
+                if (strlen($record['Notes']) > 5000) {
                     throw new ImportException('Time entry note is too long');
                 }
                 $timeEntry->description = $record['Notes'];

app/Service/Import/Importers/SolidtimeImporter.php

@@ -247,7 +247,7 @@ class SolidtimeImporter extends DefaultImporter
                 $timeEntry->project_id = $projectId;
                 $timeEntry->client_id = $clientId;
                 $timeEntry->organization_id = $this->organization->id;
-                if (strlen($timeEntryRow['description']) > 500) {
+                if (strlen($timeEntryRow['description']) > 5000) {
                     throw new ImportException('Time entry description is too long');
                 }
                 $timeEntry->description = $timeEntryRow['description'];

app/Service/LocalizationService.php

@@ -96,6 +96,30 @@ class LocalizationService
         }
     }
 
+    /**
+     * Format a duration for reporting contexts (PDF reports, places that display duration
+     * directly next to cost). Promotes the verbose `Hh Mm` format to the compact `HH:MM:SS`
+     * so totals stay narrow and reconcile with cost, which is always computed to the second.
+     */
+    public function formatIntervalForReporting(CarbonInterval $interval): string
+    {
+        $promoted = [
+            IntervalFormat::HoursMinutes,
+            IntervalFormat::HoursMinutesColonSeparated,
+        ];
+        if (! in_array($this->intervalFormat, $promoted, true)) {
+            return $this->formatInterval($interval);
+        }
+
+        $previous = $this->intervalFormat;
+        $this->intervalFormat = IntervalFormat::HoursMinutesSecondsColonSeparated;
+        try {
+            return $this->formatInterval($interval);
+        } finally {
+            $this->intervalFormat = $previous;
+        }
+    }
+
     public function formatCurrency(Money $money): string
     {
         $currencyService = app(CurrencyService::class);

app/Service/MemberService.php

@@ -196,6 +196,7 @@ class MemberService
 
         $placeholderUser = $user->replicate();
         $placeholderUser->is_placeholder = true;
+        $placeholderUser->current_team_id = $member->organization_id;
         $placeholderUser->save();
 
         $member->user()->associate($placeholderUser);

app/Service/PermissionStore.php

@@ -71,7 +71,19 @@ class PermissionStore
         /** @var Role|null $roleObj */
         $roleObj = Jetstream::findRole($role);
 
-        return $roleObj->permissions ?? [];
+        $permissions = $roleObj->permissions ?? [];
+
+        // If the organization allows employees to manage tasks and the user is an employee,
+        // add the task management permissions for accessible projects
+        if ($role === \App\Enums\Role::Employee->value && $organization->employees_can_manage_tasks) {
+            $permissions = array_merge($permissions, [
+                'tasks:create',
+                'tasks:update',
+                'tasks:delete',
+            ]);
+        }
+
+        return $permissions;
     }
 
     /**

app/Service/TimeEntryAggregationService.php

@@ -10,6 +10,7 @@ use App\Enums\TimeEntryRoundingType;
 use App\Enums\Weekday;
 use App\Models\Client;
 use App\Models\Project;
+use App\Models\Tag;
 use App\Models\Task;
 use App\Models\TimeEntry;
 use App\Models\User;
@@ -17,6 +18,7 @@ use Carbon\CarbonTimeZone;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Log;
 
 class TimeEntryAggregationService
@@ -45,9 +47,21 @@ class TimeEntryAggregationService
     public function getAggregatedTimeEntries(Builder $timeEntriesQuery, ?TimeEntryAggregationType $group1Type, ?TimeEntryAggregationType $group2Type, string $timezone, Weekday $startOfWeek, bool $fillGapsInTimeGroups, ?Carbon $start, ?Carbon $end, bool $showBillableRate, ?TimeEntryRoundingType $roundingType, ?int $roundingMinutes): array
     {
         $fillGapsInTimeGroupsIsPossible = $fillGapsInTimeGroups && $start !== null && $end !== null;
+        /** @var Builder<TimeEntry> $baseTotalsQuery */
+        $baseTotalsQuery = $timeEntriesQuery->clone();
         $group1Select = null;
         $group2Select = null;
         $groupBy = null;
+        // If any grouping is by tag, expand rows per tag and ensure a NULL row for entries without tags
+        if (($group1Type === TimeEntryAggregationType::Tag) || ($group2Type === TimeEntryAggregationType::Tag)) {
+            $timeEntriesQuery->crossJoin(DB::raw(
+                "LATERAL (\n".
+                "  SELECT jsonb_array_elements_text(coalesce(tags, '[]'::jsonb)) AS tag\n".
+                "  UNION ALL\n".
+                "  SELECT ''::text AS tag WHERE coalesce(jsonb_array_length(tags), 0) = 0\n".
+                ') AS tag(tag)'
+            ));
+        }
         if ($group1Type !== null) {
             $group1Select = $this->getGroupByQuery($group1Type, $timezone, $startOfWeek);
             $groupBy = ['group_1'];
@@ -84,6 +98,26 @@ class TimeEntryAggregationService
             $group1Response = [];
             $group1ResponseSum = 0;
             $group1ResponseCost = 0;
+            // If Tag is subgroup, prepare base totals per primary group without tag expansion
+            $baseTotalsPerGroup1Map = [];
+            if ($group2Type === TimeEntryAggregationType::Tag) {
+                $baseTotalsPerGroup1Query = $baseTotalsQuery->clone();
+                $baseTotalsPerGroup1 = $baseTotalsPerGroup1Query
+                    ->selectRaw(
+                        $group1Select.' as group_1,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')))) as aggregate,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')) * (coalesce(billable_rate, 0)::float/60/60))) as cost'
+                    )
+                    ->groupBy('group_1')
+                    ->get();
+                foreach ($baseTotalsPerGroup1 as $row) {
+                    /** @var object{group_1: mixed, aggregate: int|null, cost: int|null} $row */
+                    $baseTotalsPerGroup1Map[(string) ($row->group_1 ?? '')] = [
+                        'aggregate' => (int) ($row->aggregate ?? 0),
+                        'cost' => (int) ($row->cost ?? 0),
+                    ];
+                }
+            }
             foreach ($groupedAggregates as $group1 => $group1Aggregates) {
                 /** @var string|int $group1 */
                 $group2Response = [];
@@ -103,6 +137,14 @@ class TimeEntryAggregationService
                         $group2ResponseSum += (int) $aggregate->get(0)->aggregate;
                         $group2ResponseCost += (int) $aggregate->get(0)->cost;
                     }
+                    // Override primary group totals when Tag is subgroup to avoid double counting
+                    if ($group2Type === TimeEntryAggregationType::Tag) {
+                        $keyForMap = (string) $group1;
+                        if (array_key_exists($keyForMap, $baseTotalsPerGroup1Map)) {
+                            $group2ResponseSum = $baseTotalsPerGroup1Map[$keyForMap]['aggregate'];
+                            $group2ResponseCost = $baseTotalsPerGroup1Map[$keyForMap]['cost'];
+                        }
+                    }
                 } else {
                     /** @var Collection<int, object{aggregate: int, cost: int}> $group1Aggregates */
                     $group2ResponseSum = (int) $group1Aggregates->get(0)->aggregate;
@@ -121,6 +163,23 @@ class TimeEntryAggregationService
                 $group1ResponseCost += $group2ResponseCost;
             }
 
+            // If Tag is selected in any grouping, compute overall totals from base (non-tag-expanded) query to avoid double counting
+            $hasTagGrouping = ($group1Type === TimeEntryAggregationType::Tag) || ($group2Type === TimeEntryAggregationType::Tag);
+            if ($hasTagGrouping) {
+                // Reset selects and ordering on the cloned base query
+                $baseTotals = $baseTotalsQuery
+                    ->selectRaw(
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')))) as aggregate,'.
+                        ' round(sum(extract(epoch from ('.$endRawSelect.' - '.$startRawSelect.')) * (coalesce(billable_rate, 0)::float/60/60))) as cost'
+                    )
+                    ->first();
+                if ($baseTotals !== null) {
+                    /** @var object{aggregate: int|null, cost: int|null} $baseTotals */
+                    $group1ResponseSum = (int) ($baseTotals->aggregate ?? 0);
+                    $group1ResponseCost = (int) ($baseTotals->cost ?? 0);
+                }
+            }
+
             if ($fillGapsInTimeGroupsIsPossible) {
                 $group1Response = $this->fillGapsInTimeGroups($group1Response, $group1Type, $group2Type, $timezone, $startOfWeek, $start, $end);
             }
@@ -294,6 +353,17 @@ class TimeEntryAggregationService
                     'color' => null,
                 ];
             }
+        } elseif ($type === TimeEntryAggregationType::Tag) {
+            $tags = Tag::query()
+                ->whereIn('id', $keys)
+                ->select('id', 'name')
+                ->get();
+            foreach ($tags as $tag) {
+                $descriptorMap[$tag->id] = [
+                    'description' => $tag->name,
+                    'color' => null,
+                ];
+            }
         }
 
         return $descriptorMap;
@@ -436,6 +506,8 @@ class TimeEntryAggregationService
             return 'billable';
         } elseif ($group === TimeEntryAggregationType::Description) {
             return 'description';
+        } elseif ($group === TimeEntryAggregationType::Tag) {
+            return 'tag';
         }
     }
 

app/Service/TimeEntryFilter.php

@@ -12,6 +12,8 @@ use Illuminate\Support\Facades\Log;
 
 class TimeEntryFilter
 {
+    public const string NONE_VALUE = 'none';
+
     /**
      * @var Builder<TimeEntry>
      */
@@ -60,7 +62,7 @@ class TimeEntryFilter
         if ($start === null) {
             return $this;
         }
-        $this->builder->where('start', '>', $start);
+        $this->builder->where('start', '>=', $start);
 
         return $this;
     }
@@ -149,7 +151,17 @@ class TimeEntryFilter
         if ($clientIds === null) {
             return $this;
         }
-        $this->builder->whereIn('client_id', $clientIds);
+        $includeNone = in_array(self::NONE_VALUE, $clientIds, true);
+        $clientIds = array_values(array_filter($clientIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($clientIds, $includeNone): void {
+            if (count($clientIds) > 0) {
+                $builder->whereIn('client_id', $clientIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('client_id');
+            }
+        });
 
         return $this;
     }
@@ -162,7 +174,17 @@ class TimeEntryFilter
         if ($projectIds === null) {
             return $this;
         }
-        $this->builder->whereIn('project_id', $projectIds);
+        $includeNone = in_array(self::NONE_VALUE, $projectIds, true);
+        $projectIds = array_values(array_filter($projectIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($projectIds, $includeNone): void {
+            if (count($projectIds) > 0) {
+                $builder->whereIn('project_id', $projectIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('project_id');
+            }
+        });
 
         return $this;
     }
@@ -175,10 +197,18 @@ class TimeEntryFilter
         if ($tagIds === null) {
             return $this;
         }
-        $this->builder->where(function (Builder $builder) use ($tagIds): void {
+        $includeNone = in_array(self::NONE_VALUE, $tagIds, true);
+        $tagIds = array_values(array_filter($tagIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($tagIds, $includeNone): void {
             foreach ($tagIds as $tagId) {
                 $builder->orWhereJsonContains('tags', $tagId);
             }
+            if ($includeNone) {
+                $builder->orWhere(function (Builder $query): void {
+                    $query->whereJsonLength('tags', 0)->orWhereNull('tags');
+                });
+            }
         });
 
         return $this;
@@ -192,7 +222,17 @@ class TimeEntryFilter
         if ($taskIds === null) {
             return $this;
         }
-        $this->builder->whereIn('task_id', $taskIds);
+        $includeNone = in_array(self::NONE_VALUE, $taskIds, true);
+        $taskIds = array_values(array_filter($taskIds, fn (string $id): bool => $id !== self::NONE_VALUE));
+
+        $this->builder->where(function (Builder $builder) use ($taskIds, $includeNone): void {
+            if (count($taskIds) > 0) {
+                $builder->whereIn('task_id', $taskIds);
+            }
+            if ($includeNone) {
+                $builder->orWhereNull('task_id');
+            }
+        });
 
         return $this;
     }

app/Service/TimeEntryService.php

@@ -31,12 +31,17 @@ class TimeEntryService
             throw new LogicException('Rounding minutes must be greater than 0');
         }
         $end = 'coalesce("end", \''.Carbon::now()->toDateTimeString().'\')';
+        $start = $this->getStartSelectRawForRounding($roundingType, $roundingMinutes);
         if ($roundingType === TimeEntryRoundingType::Down) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$start.')';
         } elseif ($roundingType === TimeEntryRoundingType::Up) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.$roundingMinutes.' minutes\', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            // If end is already on a boundary, keep it; otherwise round up to next boundary
+            return 'CASE WHEN '.$end.' = date_bin(\''.$roundingMinutes.' minutes\', '.$end.', '.$start.') '.
+                   'THEN '.$end.' '.
+                   'ELSE date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.$roundingMinutes.' minutes\', '.$start.') '.
+                   'END';
         } elseif ($roundingType === TimeEntryRoundingType::Nearest) {
-            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.($roundingMinutes / 2).' minutes\', '.$this->getStartSelectRawForRounding($roundingType, $roundingMinutes).')';
+            return 'date_bin(\''.$roundingMinutes.' minutes\', '.$end.' + interval \''.($roundingMinutes / 2).' minutes\', '.$start.')';
         }
     }
 }

database/migrations/2025_10_02_000001_add_prevent_overlapping_time_entries_to_organizations_table.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->boolean('prevent_overlapping_time_entries')->default(false)->after('employees_can_see_billable_rates');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->dropColumn('prevent_overlapping_time_entries');
+        });
+    }
+};

database/migrations/2025_10_16_000001_extend_time_entry_description.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('time_entries', function (Blueprint $table): void {
+            $table->string('description', 5000)->change();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('time_entries', function (Blueprint $table): void {
+            $table->string('description', 500)->change();
+        });
+    }
+};

database/migrations/2025_10_24_120845_add_employees_can_manage_tasks_to_organizations_table.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->boolean('employees_can_manage_tasks')->default(false)->after('employees_can_see_billable_rates');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('organizations', function (Blueprint $table): void {
+            $table->dropColumn('employees_can_manage_tasks');
+        });
+    }
+};

database/schema/pgsql_test-schema.sql

@@ -435,7 +435,7 @@ CREATE TABLE public.tasks (
 
 CREATE TABLE public.time_entries (
     id uuid NOT NULL,
-    description character varying(500) NOT NULL,
+    description character varying(5000) NOT NULL,
     start timestamp(0) without time zone NOT NULL,
     "end" timestamp(0) without time zone,
     billable_rate integer,

docker-compose.yml

@@ -107,7 +107,7 @@ services:
             - sail
             - reverse-proxy
     playwright:
-        image: mcr.microsoft.com/playwright:v1.51.1-jammy
+        image: mcr.microsoft.com/playwright:v1.59.1-jammy
         command: ['npx', 'playwright', 'test', '--ui-port=8080', '--ui-host=0.0.0.0']
         working_dir: /src
         extra_hosts:

docker/local/minio/create_bucket.sh

@@ -2,7 +2,7 @@
 
 # Source: https://helgesver.re/articles/laravel-sail-create-minio-bucket-automatically
 
-/usr/bin/mc config host add local ${S3_ENDPOINT} ${S3_ACCESS_KEY_ID} ${S3_SECRET_ACCESS_KEY};
+/usr/bin/mc alias set local ${S3_ENDPOINT} ${S3_ACCESS_KEY_ID} ${S3_SECRET_ACCESS_KEY};
 /usr/bin/mc rm -r --force local/${S3_BUCKET};
 /usr/bin/mc mb --ignore-existing local/${S3_BUCKET};
 /usr/bin/mc anonymous set public local/${S3_BUCKET};

docker/prod/Dockerfile

@@ -16,7 +16,7 @@ RUN CGO_ENABLED=1 \
     XCADDY_GO_BUILD_FLAGS="-ldflags='-w -s' -tags=nobadger,nomysql,nopgx" \
     CGO_CFLAGS=$(php-config --includes) \
     CGO_LDFLAGS="$(php-config --ldflags) $(php-config --libs)" \
-    xcaddy build \
+    xcaddy build v2.10.0 \
         --output /usr/local/bin/frankenphp \
         --with github.com/dunglas/frankenphp=./ \
         --with github.com/dunglas/frankenphp/caddy=./caddy/ \

e2e/auth.spec.ts

@@ -1,5 +1,6 @@
 import { expect, test } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { getPasswordResetUrl } from './utils/mailpit';
 
 async function registerNewUser(page, email, password) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/register');
@@ -35,14 +36,198 @@ test('can register and delete account', async ({ page }) => {
     await registerNewUser(page, email, password);
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await page.getByRole('button', { name: 'Delete Account' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
     await page.getByPlaceholder('Password').fill(password);
-    await page.getByRole('button', { name: 'Delete Account' }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Delete Account' }).click();
     await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
     await page.goto(PLAYWRIGHT_BASE_URL + '/login');
     await page.getByLabel('Email').fill(email);
     await page.getByLabel('Password').fill(password);
     await page.getByRole('button', { name: 'Log in' }).click();
-    await expect(page.getByRole('paragraph')).toContainText(
+    await expect(page.getByRole('alert')).toContainText(
         'These credentials do not match our records.'
     );
 });
+
+test('shows error for invalid email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with non-existent email
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+
+    // Should show error message
+    await expect(page.getByText("We can't find a user with that email address.")).toBeVisible();
+});
+
+test('shows browser validation for invalid email format on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with invalid email format
+    const emailInput = page.getByLabel('Email');
+    await emailInput.fill('notanemail');
+
+    // Check for browser validation - the input should be invalid
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => !el.validity.valid);
+    expect(isInvalid).toBe(true);
+});
+
+test('shows browser validation for empty email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // The email input is required, so it should be invalid when empty
+    const emailInput = page.getByLabel('Email');
+
+    // Check for browser validation - the input should be invalid because it's required and empty
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => el.validity.valueMissing);
+    expect(isInvalid).toBe(true);
+});
+
+test('can reset password via email link', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    const newPassword = 'mynewsecurepassword456';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in new password
+    await page.getByLabel('Password', { exact: true }).fill(newPassword);
+    await page.getByLabel('Confirm Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should redirect to login page after successful reset
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try logging in with new password
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Log in' }).click();
+    await expect(page.getByTestId('dashboard_view')).toBeVisible();
+});
+
+test('shows validation error for password mismatch on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in mismatched passwords
+    await page.getByLabel('Password', { exact: true }).fill('newpassword123');
+    await page.getByLabel('Confirm Password').fill('differentpassword456');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error
+    await expect(page.getByText('The password field confirmation does not match.')).toBeVisible();
+});
+
+test('shows validation error for short password on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in short password
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error about minimum length
+    await expect(page.getByText('must be at least')).toBeVisible();
+});
+
+test('shows error for invalid login credentials', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/login');
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByLabel('Password').fill('wrongpassword123');
+    await page.getByRole('button', { name: 'Log in' }).click();
+
+    await expect(page.getByText('These credentials do not match our records.')).toBeVisible();
+});
+
+test('shows error when registering with existing email', async ({ page }) => {
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const password = 'suchagreatpassword123';
+
+    // Register first user
+    await registerNewUser(page, email, password);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try to register with the same email
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Another User');
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password', { exact: true }).fill(password);
+    await page.getByLabel('Confirm Password').fill(password);
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    // Should show error about email already taken
+    await expect(page.getByText('The resource already exists.')).toBeVisible();
+});
+
+test('shows validation error for weak password on registration', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Weak Password User');
+    await page.getByLabel('Email').fill(`weak+${Math.round(Math.random() * 10000)}@test.com`);
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    await expect(page.getByText('must be at least')).toBeVisible();
+});

e2e/calendar-settings.spec.ts

@@ -0,0 +1,689 @@
+import type { Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { test } from '../playwright/fixtures';
+import { createBareTimeEntryViaApi, createTimeEntryWithTimestampsViaApi } from './utils/api';
+
+async function goToCalendar(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/calendar');
+    await expect(page.locator('.fc')).toBeVisible({ timeout: 10000 });
+}
+
+async function openSettingsPopover(page: Page) {
+    await page.getByRole('button', { name: 'Calendar settings' }).click();
+    await expect(page.getByText('Calendar Settings')).toBeVisible();
+}
+
+async function clearCalendarSettings(page: Page) {
+    await page.evaluate(() => localStorage.removeItem('solidtime:calendar-settings'));
+}
+
+function getCalendarTitle(page: Page) {
+    return page.getByTestId('calendar-title');
+}
+
+async function scrollCalendarToTime(page: Page, time: string) {
+    await page.evaluate((t) => {
+        const slot = document.querySelector(`.fc-timegrid-slot-lane[data-time="${t}"]`);
+        if (slot) slot.scrollIntoView({ block: 'start' });
+    }, time);
+    await page.waitForTimeout(300);
+}
+
+async function getSlotHeight(page: Page): Promise<number> {
+    return await page.evaluate(() => {
+        const slots = Array.from(document.querySelectorAll('.fc-timegrid-slot-lane'));
+        for (let i = 0; i < slots.length; i++) {
+            const h = slots[i].getBoundingClientRect().height;
+            if (h > 0) return h;
+        }
+        return 20;
+    });
+}
+
+test.describe('Calendar Settings', () => {
+    test.beforeEach(async ({ page }) => {
+        await clearCalendarSettings(page);
+    });
+
+    test('settings popover shows all fields with correct defaults', async ({ page }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        await expect(page.getByLabel('Snap Interval')).toContainText('15 min');
+        await expect(page.getByLabel('Start Time')).toContainText('12:00 AM');
+        await expect(page.getByLabel('End Time')).toContainText('12:00 AM (next)');
+        await expect(page.getByLabel('Grid Scale')).toContainText('15 min');
+    });
+
+    test('snap interval can be changed and persists across reload', async ({ page }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Change snap interval to 30 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+
+        // Close the popover by pressing Escape
+        await page.keyboard.press('Escape');
+
+        // Verify localStorage was updated
+        const stored = await page.evaluate(() =>
+            JSON.parse(localStorage.getItem('solidtime:calendar-settings') || '{}')
+        );
+        expect(stored.snapMinutes).toBe(30);
+
+        // Reload and verify persistence
+        await page.reload();
+        await expect(page.locator('.fc')).toBeVisible();
+        await openSettingsPopover(page);
+        await expect(page.getByLabel('Snap Interval')).toContainText('30 min');
+    });
+
+    test('start time change is applied to calendar and rejects invalid values', async ({
+        page,
+    }) => {
+        await goToCalendar(page);
+
+        // Verify 7 AM slot exists with default start (00:00)
+        await expect(page.locator('.fc-timegrid-slot[data-time="07:00:00"]')).not.toHaveCount(0);
+
+        await openSettingsPopover(page);
+
+        // Set end time to 6 PM first
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '6:00 PM' }).click();
+
+        // Change start time to 8 AM (valid)
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+
+        // Try to set start time to 6 PM (invalid: equals end time) — should be rejected
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '6:00 PM' }).click();
+
+        // Should be rejected — start time stays at 8 AM
+        await expect(page.getByLabel('Start Time')).toContainText('8:00 AM');
+
+        // Close the popover
+        await page.keyboard.press('Escape');
+
+        // Calendar should no longer show hours before 8 AM
+        await expect(page.locator('.fc-timegrid-slot[data-time="07:00:00"]')).toHaveCount(0);
+        await expect(page.locator('.fc-timegrid-slot[data-time="08:00:00"]')).not.toHaveCount(0);
+    });
+
+    test('end time change is applied to calendar and rejects invalid values', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Verify 19:00 slot exists with default end (24:00)
+        await expect(page.locator('.fc-timegrid-slot[data-time="19:00:00"]')).not.toHaveCount(0);
+
+        await openSettingsPopover(page);
+
+        // Set start time to 8 AM first
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+
+        // Change end time to 6 PM (valid)
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '6:00 PM' }).click();
+
+        // Try to set end time to 8 AM (invalid: equals start time) — should be rejected
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+
+        // Should be rejected — end time stays at 6 PM
+        await expect(page.getByLabel('End Time')).toContainText('6:00 PM');
+
+        // Close the popover
+        await page.keyboard.press('Escape');
+
+        // Calendar should no longer show hours at or after 6 PM
+        await expect(page.locator('.fc-timegrid-slot[data-time="18:00:00"]')).toHaveCount(0);
+        await expect(page.locator('.fc-timegrid-slot[data-time="17:00:00"]')).not.toHaveCount(0);
+    });
+
+    test('grid scale affects number of calendar slots', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Count slots with default 15-min scale
+        const defaultSlotCount = await page.locator('.fc-timegrid-slot').count();
+
+        // Change to 30 min scale (should halve the slots)
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for FullCalendar to re-render with new slot count
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot').count();
+            expect(count).toBeLessThan(defaultSlotCount);
+        }).toPass({ timeout: 5000 });
+
+        const largerSlotCount = await page.locator('.fc-timegrid-slot').count();
+
+        // Navigate away and back to get a clean calendar mount
+        await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+        await goToCalendar(page);
+
+        // Change to 5 min scale (many more slots)
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for FullCalendar to re-render with new slot count
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot').count();
+            expect(count).toBeGreaterThan(largerSlotCount);
+        }).toPass({ timeout: 5000 });
+    });
+
+    test('all settings persist across navigation', async ({ page }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Change every setting
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '6:00 AM' }).click();
+        await page.getByLabel('End Time').click();
+        await page.getByRole('option', { name: '10:00 PM' }).click();
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+
+        // Close the popover
+        await page.keyboard.press('Escape');
+
+        // Navigate away and back
+        await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+        await goToCalendar(page);
+
+        // Verify all settings persisted
+        await openSettingsPopover(page);
+        await expect(page.getByLabel('Snap Interval')).toContainText('5 min');
+        await expect(page.getByLabel('Start Time')).toContainText('6:00 AM');
+        await expect(page.getByLabel('End Time')).toContainText('10:00 PM');
+        await expect(page.getByLabel('Grid Scale')).toContainText('30 min');
+    });
+});
+
+test.describe('Calendar Toolbar', () => {
+    test('prev and next buttons navigate the calendar', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Use column headers to detect navigation (title only shows month which may not change)
+        const getHeaderTexts = async () => {
+            const headers = page.locator('.fc-col-header-cell');
+            return headers.allTextContents();
+        };
+
+        const initialHeaders = await getHeaderTexts();
+
+        // Click next
+        await page.getByRole('button', { name: 'Next', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        const nextHeaders = await getHeaderTexts();
+        expect(nextHeaders).not.toEqual(initialHeaders);
+
+        // Click prev — should go back to original
+        await page.getByRole('button', { name: 'Previous', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        const backHeaders = await getHeaderTexts();
+        expect(backHeaders).toEqual(initialHeaders);
+    });
+
+    test('today button returns to current week', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Use column headers to detect navigation (title only shows month which may not change)
+        const getHeaderTexts = async () => {
+            const headers = page.locator('.fc-col-header-cell');
+            return headers.allTextContents();
+        };
+
+        const initialHeaders = await getHeaderTexts();
+
+        // Navigate away
+        await page.getByRole('button', { name: 'Next', exact: true }).click();
+        await page.getByRole('button', { name: 'Next', exact: true }).click();
+
+        const awayHeaders = await getHeaderTexts();
+        expect(awayHeaders).not.toEqual(initialHeaders);
+
+        // Click today
+        await page.getByRole('button', { name: 'today', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        const todayHeaders = await getHeaderTexts();
+        expect(todayHeaders).toEqual(initialHeaders);
+    });
+
+    test('view switcher toggles between week and day views', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Default should be week view — verify multiple day columns exist
+        await expect(page.locator('.fc-col-header-cell')).not.toHaveCount(1);
+
+        // Switch to day view
+        await page.getByRole('tab', { name: 'day', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        // Day view should show exactly 1 day column
+        await expect(page.locator('.fc-col-header-cell')).toHaveCount(1);
+
+        // Switch back to week view
+        await page.getByRole('tab', { name: 'week', exact: true }).click();
+        await expect(page.locator('.fc')).toBeVisible();
+
+        // Week view should show multiple day columns again
+        await expect(page.locator('.fc-col-header-cell')).not.toHaveCount(1);
+    });
+});
+
+test.describe('Visual Snapping', () => {
+    test.beforeEach(async ({ page }) => {
+        await clearCalendarSettings(page);
+    });
+
+    test('snap interval of 1 minute allows fine-grained positioning', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set snap interval to 1 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '1 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Snap 1min test', '1h');
+        await goToCalendar(page);
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Get target slot at a non-15-min boundary time
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        // Drag event to a position offset from the 15-min boundary
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        const minutes = startDate.getMinutes();
+
+        // With 1-min snap, any minute value is valid (0-59)
+        expect(minutes).toBeGreaterThanOrEqual(0);
+        expect(minutes).toBeLessThanOrEqual(59);
+    });
+
+    test('snap interval of 60 minutes creates hour-aligned entries', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set snap interval to 60 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '1 hour' }).click();
+        await page.keyboard.press('Escape');
+
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Snap 60min test', '1h');
+        await goToCalendar(page);
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Get target slot
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        // Drag event
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        const minutes = startDate.getMinutes();
+
+        // With 60-min snap, minutes should be 0 (on the hour)
+        expect(minutes).toBe(0);
+    });
+
+    test('changing snap interval mid-session affects next drag', async ({ page, ctx }) => {
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Snap change test', '1h');
+        await goToCalendar(page);
+
+        // Set snap to 15 min
+        await openSettingsPopover(page);
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '15 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Drag event to 14:00 area
+        const targetSlot14 = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox14 = await targetSlot14.boundingBox();
+        expect(targetBox14).not.toBeNull();
+
+        const putResponsePromise1 = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox14!.x + targetBox14!.width / 2, targetBox14!.y + 5, {
+            steps: 10,
+        });
+        await page.mouse.up();
+
+        const putResponse1 = await putResponsePromise1;
+        expect(putResponse1.status()).toBe(200);
+
+        const body1 = await putResponse1.json();
+        const startDate1 = new Date(body1.data.start);
+        expect(startDate1.getMinutes() % 15).toBe(0);
+
+        // Wait for query re-fetch/re-renders to fully settle after drag
+        await page.waitForTimeout(1500);
+
+        // Change snap to 30 min
+        // Use Escape first to ensure no stale popover is open, then re-open
+        await page.keyboard.press('Escape');
+        await page.waitForTimeout(300);
+        await openSettingsPopover(page);
+        await page.waitForTimeout(300);
+        await page.getByLabel('Snap Interval').click({ force: true });
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Scroll the calendar so the 10:00 target area is visible
+        await scrollCalendarToTime(page, '09:00:00');
+
+        // Drag event to 10:00 area
+        const targetSlot10 = page.locator('.fc-timegrid-slot-lane[data-time="10:00:00"]').first();
+        const targetBox10 = await targetSlot10.boundingBox();
+        expect(targetBox10).not.toBeNull();
+
+        const putResponsePromise2 = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox10!.x + targetBox10!.width / 2, targetBox10!.y + 5, {
+            steps: 10,
+        });
+        await page.mouse.up();
+
+        const putResponse2 = await putResponsePromise2;
+        expect(putResponse2.status()).toBe(200);
+
+        const body2 = await putResponse2.json();
+        const startDate2 = new Date(body2.data.start);
+        expect(startDate2.getMinutes() % 30).toBe(0);
+    });
+
+    test('snap with different grid scale (slot != snap)', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set grid scale to 30 min, snap to 5 min
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for re-render with 30-min grid
+        await expect(async () => {
+            const slotCount = await page.locator('.fc-timegrid-slot-lane').count();
+            // 24 hours * 2 slots/hour = 48 slots for 30-min grid
+            expect(slotCount).toBeLessThanOrEqual(48);
+        }).toPass({ timeout: 5000 });
+
+        // Verify grid is 30-min (fewer slots than default 15-min)
+        const slotCount = await page.locator('.fc-timegrid-slot-lane').count();
+        // Default 15-min grid has 96 slots; 30-min grid should have 48
+        expect(slotCount).toBeLessThanOrEqual(48);
+
+        // Create a 1h time entry and go to calendar
+        await createBareTimeEntryViaApi(ctx, 'Grid snap test', '1h');
+        await goToCalendar(page);
+
+        // Re-apply settings since goToCalendar navigates
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '5 min', exact: true }).click();
+        await page.keyboard.press('Escape');
+
+        // Scroll so both the event (9:00) and target (14:00) are in viewport
+        await scrollCalendarToTime(page, '08:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Capture target coordinates after scroll is settled
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        // Snap is 5 min, so minutes should be divisible by 5
+        expect(startDate.getMinutes() % 5).toBe(0);
+    });
+});
+
+test.describe('Calendar Settings Effects', () => {
+    test.beforeEach(async ({ page }) => {
+        await clearCalendarSettings(page);
+    });
+
+    test('start/end time hides slots outside visible range', async ({ page, ctx }) => {
+        // Create a time entry at 6 AM today
+        const now = new Date();
+        const start = new Date(now.getFullYear(), now.getMonth(), now.getDate(), 6, 0, 0);
+        const end = new Date(start.getTime() + 3600 * 1000); // 7 AM
+        await createTimeEntryWithTimestampsViaApi(ctx, {
+            description: 'Early morning entry',
+            start: start.toISOString().replace(/\.\d{3}Z$/, 'Z'),
+            end: end.toISOString().replace(/\.\d{3}Z$/, 'Z'),
+        });
+
+        await goToCalendar(page);
+
+        // Verify 6 AM slot is visible with default settings
+        await expect(page.locator('.fc-timegrid-slot[data-time="06:00:00"]')).not.toHaveCount(0);
+
+        // Set start time to 8 AM
+        await openSettingsPopover(page);
+        await page.getByLabel('Start Time').click();
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+        await page.keyboard.press('Escape');
+
+        // 6 AM slot should be hidden
+        await expect(page.locator('.fc-timegrid-slot[data-time="06:00:00"]')).toHaveCount(0);
+
+        // 8 AM slot should be visible
+        await expect(page.locator('.fc-timegrid-slot[data-time="08:00:00"]')).not.toHaveCount(0);
+    });
+
+    test('grid scale affects event visual height proportionally', async ({ page, ctx }) => {
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Height test', '1h');
+        await goToCalendar(page);
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+        await event.scrollIntoViewIfNeeded();
+
+        // Get event height with default 15-min grid scale
+        const box15 = await event.boundingBox();
+        expect(box15).not.toBeNull();
+        const height15 = box15!.height;
+
+        // Change grid scale to 60 min
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '1 hour' }).click();
+        await page.keyboard.press('Escape');
+
+        // Wait for re-render and scroll event into view
+        await event.scrollIntoViewIfNeeded();
+        await expect(async () => {
+            const box = await event.boundingBox();
+            expect(box).not.toBeNull();
+            expect(box!.height).not.toBe(height15);
+        }).toPass({ timeout: 5000 });
+
+        const box60 = await event.boundingBox();
+        expect(box60).not.toBeNull();
+        const height60 = box60!.height;
+
+        // Event should appear smaller with larger grid scale
+        expect(height15).toBeGreaterThan(height60);
+    });
+
+    test('snap interval affects drag granularity', async ({ page, ctx }) => {
+        await goToCalendar(page);
+        await openSettingsPopover(page);
+
+        // Set snap to 30 min
+        await page.getByLabel('Snap Interval').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Create a 1h time entry
+        await createBareTimeEntryViaApi(ctx, 'Drag granularity test', '1h');
+        await goToCalendar(page);
+
+        // Scroll the calendar so the 14:00 target area is visible
+        await scrollCalendarToTime(page, '13:00:00');
+
+        const event = page.locator('.fc-event').first();
+        await expect(event).toBeVisible();
+
+        // Get target slot
+        const targetSlot = page.locator('.fc-timegrid-slot-lane[data-time="14:00:00"]').first();
+        const targetBox = await targetSlot.boundingBox();
+        expect(targetBox).not.toBeNull();
+
+        // Drag event
+        const putResponsePromise = page.waitForResponse(
+            (resp) => resp.url().includes('/time-entries/') && resp.request().method() === 'PUT'
+        );
+
+        await event.hover();
+        await page.mouse.down();
+        await page.mouse.move(targetBox!.x + targetBox!.width / 2, targetBox!.y + 5, { steps: 10 });
+        await page.mouse.up();
+
+        const putResponse = await putResponsePromise;
+        expect(putResponse.status()).toBe(200);
+
+        const body = await putResponse.json();
+        const startDate = new Date(body.data.start);
+        const minutes = startDate.getMinutes();
+
+        // With 30-min snap, minutes should be 0 or 30
+        expect(minutes % 30).toBe(0);
+    });
+
+    test('settings apply immediately without page reload', async ({ page }) => {
+        await goToCalendar(page);
+
+        // Count slots with default grid scale (15 min)
+        const defaultSlotCount = await page.locator('.fc-timegrid-slot').count();
+
+        // Change grid scale to 30 min
+        await openSettingsPopover(page);
+        await page.getByLabel('Grid Scale').click();
+        await page.getByRole('option', { name: '30 min' }).click();
+        await page.keyboard.press('Escape');
+
+        // Verify slot count changed without navigation
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot').count();
+            expect(count).toBeLessThan(defaultSlotCount);
+        }).toPass({ timeout: 5000 });
+
+        // Wait for FullCalendar to fully stabilize after re-render
+        await page.waitForTimeout(2000);
+        await expect(page.locator('.fc')).toBeVisible();
+
+        // Change start time to 8 AM
+        // FullCalendar re-render from grid scale change can make popover elements unstable.
+        // Retry the open+click sequence if it fails.
+        await expect(async () => {
+            await page.keyboard.press('Escape');
+            await page.waitForTimeout(300);
+            await page.getByRole('button', { name: 'Calendar settings' }).click();
+            await expect(page.getByText('Calendar Settings')).toBeVisible();
+            const startTimeBtn = page.getByLabel('Start Time');
+            await expect(startTimeBtn).toBeVisible();
+            await startTimeBtn.click({ timeout: 3000 });
+        }).toPass({ timeout: 10000 });
+
+        await page.getByRole('option', { name: '8:00 AM' }).click();
+        await page.keyboard.press('Escape');
+
+        // Verify 7 AM slot is hidden without reload
+        await expect(async () => {
+            const count = await page.locator('.fc-timegrid-slot[data-time="07:00:00"]').count();
+            expect(count).toBe(0);
+        }).toPass({ timeout: 5000 });
+    });
+});

e2e/clients.spec.ts

@@ -1,15 +1,23 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
+import {
+    createClientViaApi,
+    createProjectMemberViaApi,
+    createProjectViaApi,
+    createPublicProjectViaApi,
+} from './utils/api';
+import { getTableRowNames } from './utils/table';
 
-async function goToProjectsOverview(page: Page) {
+async function goToClientsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/clients');
 }
 
-// Create new project via modal
+// Create new client via modal
 test('test that creating and deleting a new client via the modal works', async ({ page }) => {
     const newClientName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
-    await goToProjectsOverview(page);
+    await goToClientsOverview(page);
     await page.getByRole('button', { name: 'Create Client' }).click();
     await page.getByPlaceholder('Client Name').fill(newClientName);
     await Promise.all([
@@ -26,7 +34,7 @@ test('test that creating and deleting a new client via the modal works', async (
 
     await expect(page.getByTestId('client_table')).toContainText(newClientName);
     const moreButton = page.locator("[aria-label='Actions for Client " + newClientName + "']");
-    moreButton.click();
+    await moreButton.click();
     const deleteButton = page.locator("[aria-label='Delete Client " + newClientName + "']");
 
     await Promise.all([
@@ -41,13 +49,11 @@ test('test that creating and deleting a new client via the modal works', async (
     await expect(page.getByTestId('client_table')).not.toContainText(newClientName);
 });
 
-test('test that archiving and unarchiving clients works', async ({ page }) => {
+test('test that archiving and unarchiving clients works', async ({ page, ctx }) => {
     const newClientName = 'New Client ' + Math.floor(1 + Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Client' }).click();
-    await page.getByLabel('Client Name').fill(newClientName);
+    await createClientViaApi(ctx, { name: newClientName });
 
-    await page.getByRole('button', { name: 'Create Client' }).click();
+    await goToClientsOverview(page);
     await expect(page.getByText(newClientName)).toBeVisible();
 
     await page.getByRole('row').first().getByRole('button').click();
@@ -71,4 +77,300 @@ test('test that archiving and unarchiving clients works', async ({ page }) => {
     ]);
 });
 
-// TODO: Add Name Update Test
+test('test that editing a client name works', async ({ page, ctx }) => {
+    const originalName = 'Original Client ' + Math.floor(1 + Math.random() * 10000);
+    const updatedName = 'Updated Client ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: originalName });
+
+    await goToClientsOverview(page);
+    await expect(page.getByText(originalName)).toBeVisible();
+
+    // Open edit modal via actions menu
+    const moreButton = page.locator("[aria-label='Actions for Client " + originalName + "']");
+    await moreButton.click();
+    await page.getByTestId('client_edit').click();
+
+    // Update the client name
+    await page.getByPlaceholder('Client Name').fill(updatedName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Client' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify updated name is shown and old name is gone
+    await expect(page.getByTestId('client_table')).toContainText(updatedName);
+    await expect(page.getByTestId('client_table')).not.toContainText(originalName);
+});
+
+test('test that deleting a client via actions menu works', async ({ page, ctx }) => {
+    const clientName = 'DeleteMe Client ' + Math.floor(1 + Math.random() * 10000);
+
+    await createClientViaApi(ctx, { name: clientName });
+
+    await goToClientsOverview(page);
+    await expect(page.getByTestId('client_table')).toContainText(clientName);
+
+    const moreButton = page.locator("[aria-label='Actions for Client " + clientName + "']");
+    await moreButton.click();
+    const deleteButton = page.locator("[aria-label='Delete Client " + clientName + "']");
+
+    await Promise.all([
+        deleteButton.click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+    ]);
+
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+// =============================================
+// Context Menu Tests
+// =============================================
+
+test('test that client context menu edit updates the client', async ({ page, ctx }) => {
+    const clientName = 'CtxEditClient ' + Math.floor(1 + Math.random() * 10000);
+    const updatedName = 'CtxUpdatedClient ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: clientName });
+    await goToClientsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: clientName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Edit' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    await page.getByPlaceholder('Client Name').fill(updatedName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Client' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    await expect(page.getByTestId('client_table')).toContainText(updatedName);
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+test('test that client context menu archive archives the client', async ({ page, ctx }) => {
+    const clientName = 'CtxArchiveClient ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: clientName });
+    await goToClientsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: clientName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('menuitem', { name: 'Archive' }).click(),
+    ]);
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+test('test that client context menu delete deletes the client', async ({ page, ctx }) => {
+    const clientName = 'CtxDeleteClient ' + Math.floor(1 + Math.random() * 10000);
+    await createClientViaApi(ctx, { name: clientName });
+    await goToClientsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: clientName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/clients') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem', { name: 'Delete' }).click(),
+    ]);
+    await expect(page.getByTestId('client_table')).not.toContainText(clientName);
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+async function clearClientTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('client-table-state');
+    });
+}
+
+test('test that sorting clients by name and status works', async ({ page, ctx }) => {
+    await createClientViaApi(ctx, { name: 'AAA SortClient' });
+    await createClientViaApi(ctx, { name: 'ZZZ SortClient' });
+
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    // -- Name sorting (default is name asc) --
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortClient')).toBeLessThan(names.indexOf('ZZZ SortClient'));
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortClient')).toBeLessThan(names.indexOf('AAA SortClient'));
+
+    // -- Status sorting --
+    const statusHeader = table.getByText('Status').first();
+    await statusHeader.click(); // asc
+    await expect(statusHeader.locator('svg')).toBeVisible();
+    await statusHeader.click(); // desc
+    await expect(statusHeader.locator('svg')).toBeVisible();
+});
+
+test('test that sorting clients by project count works', async ({ page, ctx }) => {
+    const clientWithMany = await createClientViaApi(ctx, { name: 'ManyProjects Client' });
+    const clientWithNone = await createClientViaApi(ctx, { name: 'NoProjects Client' });
+
+    // Create projects for the first client
+    await createProjectViaApi(ctx, { name: 'Proj1', client_id: clientWithMany.id });
+    await createProjectViaApi(ctx, { name: 'Proj2', client_id: clientWithMany.id });
+
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    // Click Projects header - first click should sort desc (most projects first)
+    const projectsHeader = table.getByText('Projects').first();
+    await projectsHeader.click();
+    await expect(projectsHeader.locator('svg')).toBeVisible();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('ManyProjects Client')).toBeLessThan(names.indexOf('NoProjects Client'));
+
+    // Second click toggles to asc (least projects first)
+    await projectsHeader.click();
+    names = await getTableRowNames(table);
+    expect(names.indexOf('NoProjects Client')).toBeLessThan(names.indexOf('ManyProjects Client'));
+});
+
+test('test that client sort state persists after page reload', async ({ page }) => {
+    await goToClientsOverview(page);
+    await clearClientTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('client_table');
+    await expect(table).toBeVisible();
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    await expect(nameHeader.locator('svg')).toBeVisible();
+
+    await page.reload();
+
+    await expect(page.getByTestId('client_table')).toBeVisible();
+    await expect(
+        page.getByTestId('client_table').getByText('Name').first().locator('svg')
+    ).toBeVisible();
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Clients Restrictions', () => {
+    test('employee can view clients but cannot create', async ({ ctx, employee }) => {
+        // Create a client with a public project so the employee can see the client
+        const clientName = 'EmpViewClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+        await createPublicProjectViaApi(ctx, { name: 'EmpClientProj', client_id: client.id });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByTestId('clients_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Employee can see the client
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+
+        // Employee cannot see Create Client button
+        await expect(
+            employee.page.getByRole('button', { name: 'Create Client' })
+        ).not.toBeVisible();
+    });
+
+    test('employee cannot see edit/delete/archive actions on clients', async ({
+        ctx,
+        employee,
+    }) => {
+        const clientName = 'EmpActionsClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+        await createPublicProjectViaApi(ctx, { name: 'EmpClientActProj', client_id: client.id });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+
+        // Click the actions dropdown trigger to open the menu
+        const actionsButton = employee.page.locator(
+            `[aria-label='Actions for Client ${clientName}']`
+        );
+        await actionsButton.click();
+
+        // The dropdown menu items (Edit, Archive, Delete) should NOT be visible
+        await expect(
+            employee.page.locator(`[aria-label='Edit Client ${clientName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Archive Client ${clientName}']`)
+        ).not.toBeVisible();
+        await expect(
+            employee.page.locator(`[aria-label='Delete Client ${clientName}']`)
+        ).not.toBeVisible();
+    });
+
+    test('employee can see client when they are a member of its private project', async ({
+        ctx,
+        employee,
+    }) => {
+        const clientName = 'EmpPrivateClient ' + Math.floor(Math.random() * 10000);
+        const client = await createClientViaApi(ctx, { name: clientName });
+
+        // Create a private project under this client
+        const project = await createProjectViaApi(ctx, {
+            name: 'PrivateProj',
+            client_id: client.id,
+            is_public: false,
+        });
+
+        // Add the employee as a project member
+        await createProjectMemberViaApi(ctx, project.id, {
+            member_id: employee.memberId,
+        });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/clients');
+        await expect(employee.page.getByTestId('clients_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Employee can see the client because they are a member of its private project
+        await expect(employee.page.getByText(clientName)).toBeVisible({ timeout: 10000 });
+    });
+});

e2e/command-palette.spec.ts

@@ -0,0 +1,474 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+
+const TIMER_BUTTON_SELECTOR = '[data-testid="dashboard_timer"] [data-testid="timer_button"]';
+
+async function goToDashboard(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+}
+
+async function openCommandPalette(page: Page) {
+    await page.getByTestId('command_palette_button').click();
+    await expect(page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+}
+
+async function closeCommandPalette(page: Page) {
+    await page.keyboard.press('Escape');
+    await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+}
+
+async function searchInCommandPalette(page: Page, query: string) {
+    await page.locator('[role="dialog"] input').fill(query);
+    // Wait for search debounce to settle (command palette uses a debounced search)
+    await page.waitForTimeout(300);
+}
+
+async function selectCommand(page: Page, name: string) {
+    const option = page.getByRole('option', { name, exact: true });
+    await option.scrollIntoViewIfNeeded();
+    await option.click();
+}
+
+async function assertTimerIsRunning(page: Page) {
+    await expect(page.locator(TIMER_BUTTON_SELECTOR).and(page.locator(':visible'))).toHaveClass(
+        /bg-red-400\/80/,
+        {
+            timeout: 10000,
+        }
+    );
+}
+
+async function assertTimerIsStopped(page: Page) {
+    await expect(page.locator(TIMER_BUTTON_SELECTOR).and(page.locator(':visible'))).toHaveClass(
+        /bg-accent-300\/70/,
+        {
+            timeout: 10000,
+        }
+    );
+}
+
+test.describe('Command Palette', () => {
+    test.describe('Opening and Closing', () => {
+        test('opens via search button and closes with Escape', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await expect(
+                page.locator('[role="dialog"] input[placeholder*="command"]')
+            ).toBeVisible();
+
+            await closeCommandPalette(page);
+            await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+        });
+
+        test('opens with keyboard shortcut', async ({ page }) => {
+            await goToDashboard(page);
+            // Click on body to ensure page has focus
+            await page.locator('body').click();
+            // Use ControlOrMeta which resolves to Ctrl on Linux/Windows and Meta on macOS
+            await page.keyboard.press('ControlOrMeta+k');
+            await expect(page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+        });
+
+        test('clears search on close', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'dashboard');
+            await closeCommandPalette(page);
+
+            await openCommandPalette(page);
+            await expect(page.locator('[role="dialog"] input')).toHaveValue('');
+        });
+    });
+
+    test.describe('Command Display', () => {
+        test('displays navigation and timer commands', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            // Navigation commands
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Go to Time' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+
+            // Timer commands
+            await expect(page.getByRole('option', { name: 'Start Timer' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Time Entry' })).toBeVisible();
+        });
+
+        test('displays create commands', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await expect(page.getByRole('option', { name: 'Create Project' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Client' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Tag' })).toBeVisible();
+        });
+    });
+
+    test.describe('Navigation Commands', () => {
+        // Tests use element visibility assertions for consistency with codebase patterns
+        const navigationTests = [
+            ['Go to Dashboard', 'dashboard_view', '/time'],
+            ['Go to Time', 'time_view', '/dashboard'],
+            ['Go to Calendar', 'calendar_view', '/dashboard'],
+            ['Go to Projects', 'projects_view', '/dashboard'],
+            ['Go to Clients', 'clients_view', '/dashboard'],
+            ['Go to Members', 'members_view', '/dashboard'],
+            ['Go to Tags', 'tags_view', '/dashboard'],
+        ] as const;
+
+        for (const [commandName, expectedTestId, startUrl] of navigationTests) {
+            test(`${commandName}`, async ({ page }) => {
+                await page.goto(PLAYWRIGHT_BASE_URL + startUrl);
+                await openCommandPalette(page);
+                await searchInCommandPalette(page, commandName.replace('Go to ', ''));
+                await selectCommand(page, commandName);
+                await expect(page.getByTestId(expectedTestId)).toBeVisible({ timeout: 10000 });
+            });
+        }
+
+        test('Go to Profile', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Profile');
+            await selectCommand(page, 'Go to Profile');
+            // Profile page doesn't have a testId, so check for a unique element
+            await expect(page.getByRole('heading', { name: 'Profile Information' })).toBeVisible({
+                timeout: 10000,
+            });
+        });
+
+        test('Go to Reporting Overview', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Reporting Overview');
+            await selectCommand(page, 'Go to Reporting Overview');
+            await expect(page.getByTestId('reporting_view')).toBeVisible({ timeout: 10000 });
+        });
+
+        test('Go to Settings', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Settings');
+            await selectCommand(page, 'Go to Settings');
+            // Settings page uses team settings which has an h3 heading
+            await expect(
+                page.getByRole('heading', { name: 'Organization Name', level: 3 })
+            ).toBeVisible({
+                timeout: 10000,
+            });
+        });
+    });
+
+    test.describe('Search and Filtering', () => {
+        test('filters commands when searching', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'dashboard');
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+
+            await searchInCommandPalette(page, 'calendar');
+            await expect(page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+        });
+
+        test('search is case insensitive', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'DASHBOARD');
+            await expect(page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+        });
+
+        test('partial word search works', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await searchInCommandPalette(page, 'proj');
+            await expect(page.getByRole('option', { name: 'Go to Projects' })).toBeVisible();
+            await expect(page.getByRole('option', { name: 'Create Project' })).toBeVisible();
+        });
+
+        test('keyboard navigation and selection works', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            await page.keyboard.press('ArrowDown');
+            await page.keyboard.press('ArrowDown');
+            await page.keyboard.press('Enter');
+
+            await expect(page.locator('[role="dialog"]')).not.toBeVisible();
+        });
+    });
+
+    test.describe('Theme Commands', () => {
+        test('switches to dark theme', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Dark Theme');
+            await selectCommand(page, 'Switch to Dark Theme');
+            await expect(page.locator('html')).toHaveClass(/dark/);
+        });
+
+        test('switches to light theme', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Light Theme');
+            await selectCommand(page, 'Switch to Light Theme');
+            await expect(page.locator('html')).toHaveClass(/light/);
+        });
+    });
+
+    test.describe('Timer Commands', () => {
+        test('starts and stops timer', async ({ page }) => {
+            await goToDashboard(page);
+
+            // Start timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Start Timer');
+            await selectCommand(page, 'Start Timer');
+            await assertTimerIsRunning(page);
+
+            // Stop timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Stop Timer');
+            await selectCommand(page, 'Stop Timer');
+            await assertTimerIsStopped(page);
+        });
+
+        test('shows active timer commands when running', async ({ page }) => {
+            await goToDashboard(page);
+
+            // Start timer
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Start Timer');
+            await selectCommand(page, 'Start Timer');
+            await assertTimerIsRunning(page);
+
+            // Check active timer commands - search for them to ensure visibility
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Set Project');
+            await expect(page.getByRole('option', { name: 'Set Project' })).toBeVisible();
+        });
+    });
+
+    test.describe('Create Commands', () => {
+        test('opens create time entry modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Time Entry');
+            await selectCommand(page, 'Create Time Entry');
+            await expect(
+                page.locator('[role="dialog"]').getByText('Create manual time entry')
+            ).toBeVisible();
+        });
+
+        test('opens create project modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Project');
+            await selectCommand(page, 'Create Project');
+            await expect(
+                page.locator('[role="dialog"]').getByRole('heading', { name: 'Create Project' })
+            ).toBeVisible();
+        });
+
+        test('opens create client modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Client');
+            await selectCommand(page, 'Create Client');
+            await expect(
+                page.locator('[role="dialog"]').getByRole('heading', { name: 'Create Client' })
+            ).toBeVisible();
+        });
+
+        test('opens create tag modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Create Tag');
+            await selectCommand(page, 'Create Tag');
+            await expect(page.locator('[role="dialog"]').getByText('Create Tags')).toBeVisible();
+        });
+
+        test('opens invite member modal', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Invite Member');
+            await selectCommand(page, 'Invite Member');
+            // Modal has title with "Invite Member" text - use first() to get the title span
+            await expect(
+                page.locator('[role="dialog"]').getByText('Invite Member').first()
+            ).toBeVisible();
+        });
+    });
+
+    test.describe('Entity Search', () => {
+        test('searches for projects and navigates on selection', async ({ page }) => {
+            const projectName = 'CmdPalette' + Math.floor(Math.random() * 10000);
+
+            // Create project first
+            await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+            await page.getByRole('button', { name: 'Create Project' }).click();
+            await page.getByPlaceholder('The next big thing').fill(projectName);
+
+            await page.getByRole('button', { name: 'Create Project' }).click();
+            // Wait for project to be created and page to update
+            await expect(page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+
+            // Search from the projects page where the query cache now has the new project
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, projectName);
+
+            // Wait for entity search to return results
+            const projectOption = page.getByRole('option').filter({ hasText: projectName });
+            await expect(projectOption).toBeVisible({
+                timeout: 5000,
+            });
+
+            // Select the project from search results
+            await projectOption.click();
+        });
+    });
+
+    test.describe('Organization Switching', () => {
+        test('shows switch commands only when multiple organizations exist', async ({ page }) => {
+            await goToDashboard(page);
+            await openCommandPalette(page);
+
+            // With only one org, no switch commands should appear
+            await searchInCommandPalette(page, 'Switch to');
+            // Check that no organization switch commands appear (only theme switch commands)
+            const switchOptions = page.getByRole('option', { name: /^Switch to (?!.*Theme)/ });
+            await expect(switchOptions).toHaveCount(0);
+        });
+
+        test('switches organization via command palette', async ({ page }) => {
+            const newOrgName = 'TestOrg' + Math.floor(Math.random() * 10000);
+
+            // Create a new organization
+            await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
+            await page.getByLabel('Organization Name').fill(newOrgName);
+            await page.getByRole('button', { name: 'Create' }).click();
+
+            // Wait for navigation to new org's dashboard
+            await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+            // Use visible switcher (desktop sidebar has one, mobile header has another)
+            const orgSwitcher = page.locator('[data-testid="organization_switcher"]:visible');
+
+            // Verify we're in the new org by checking the switcher
+            await expect(orgSwitcher).toContainText(newOrgName);
+
+            // Get the original org name from switcher dropdown
+            await orgSwitcher.click();
+            await expect(page.getByText('Switch Organizations')).toBeVisible();
+
+            // Find the other organization button (has ArrowRightIcon, not CheckCircleIcon)
+            // The button contains an SVG and a div with the org name
+            const otherOrgItem = page.locator('form button').filter({ hasText: /.+/ }).first();
+            await expect(otherOrgItem).toBeVisible();
+            const originalOrgName = (await otherOrgItem.innerText()).trim();
+            await page.keyboard.press('Escape'); // Close dropdown
+
+            // Now use command palette to switch back to original org
+            await openCommandPalette(page);
+            await searchInCommandPalette(page, 'Switch to');
+
+            // Should see the switch command for the original org
+            const switchCommand = page.getByRole('option', {
+                name: new RegExp(`Switch to ${originalOrgName}`),
+            });
+            await expect(switchCommand).toBeVisible();
+            await switchCommand.click();
+
+            // Wait for organization switch to complete
+            await expect(orgSwitcher).toContainText(originalOrgName, {
+                timeout: 10000,
+            });
+        });
+
+        test('organization switch commands appear in Organization group', async ({ page }) => {
+            const newOrgName = 'GroupTestOrg' + Math.floor(Math.random() * 10000);
+
+            // Create a new organization to ensure we have multiple
+            await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
+            await page.getByLabel('Organization Name').fill(newOrgName);
+            await page.getByRole('button', { name: 'Create' }).click();
+            await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+            // Open command palette and check for Organization group heading
+            await openCommandPalette(page);
+
+            // The Organization group should be visible when there are switch commands
+            await expect(page.getByText('Organization', { exact: true })).toBeVisible();
+        });
+    });
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Command Palette Restrictions', () => {
+    test('employee command palette does not show restricted navigation commands', async ({
+        employee,
+    }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Open command palette
+        await employee.page.getByTestId('command_palette_button').click();
+        await expect(employee.page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+
+        // Available navigation commands
+        await expect(employee.page.getByRole('option', { name: 'Go to Dashboard' })).toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Go to Time' })).toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Go to Calendar' })).toBeVisible();
+
+        // Restricted commands should NOT be visible
+        await expect(
+            employee.page.getByRole('option', { name: 'Go to Members' })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Go to Settings' })
+        ).not.toBeVisible();
+    });
+
+    test('employee command palette does not show create commands for restricted entities', async ({
+        employee,
+    }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Open command palette
+        await employee.page.getByTestId('command_palette_button').click();
+        await expect(employee.page.locator('[role="dialog"]')).toBeVisible({ timeout: 5000 });
+
+        // Search for "Create" to filter
+        await employee.page.locator('[role="dialog"] input').fill('Create');
+        await employee.page.waitForTimeout(300);
+
+        // Should NOT see create commands for restricted entities
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Project' })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Client' })
+        ).not.toBeVisible();
+        await expect(employee.page.getByRole('option', { name: 'Create Tag' })).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('option', { name: 'Invite Member' })
+        ).not.toBeVisible();
+
+        // Should still see Create Time Entry (employees can create time entries)
+        await expect(
+            employee.page.getByRole('option', { name: 'Create Time Entry' })
+        ).toBeVisible();
+    });
+});

e2e/dashboard.spec.ts

@@ -0,0 +1,198 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import {
+    assertThatTimerHasStarted,
+    assertThatTimerIsStopped,
+    newTimeEntryResponse,
+    startOrStopTimerWithButton,
+    stoppedTimeEntryResponse,
+} from './utils/currentTimeEntry';
+import {
+    createBareTimeEntryViaApi,
+    createPublicProjectViaApi,
+    createTimeEntryViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
+
+async function goToDashboard(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+}
+
+test('test that dashboard loads with all expected sections', async ({ page }) => {
+    await goToDashboard(page);
+    await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
+
+    // Timer section (scoped to dashboard_timer to avoid matching sidebar timer)
+    await expect(page.getByTestId('time_entry_description')).toBeVisible();
+    await expect(
+        page
+            .getByTestId('dashboard_timer')
+            .getByTestId('timer_button')
+            .and(page.locator(':visible'))
+    ).toBeVisible();
+
+    // Dashboard cards
+    await expect(page.getByText('Recent Time Entries', { exact: true })).toBeVisible();
+    await expect(page.getByText('Last 7 Days', { exact: true })).toBeVisible();
+    await expect(page.getByText('Activity Graph', { exact: true })).toBeVisible();
+    await expect(page.getByText('Team Activity', { exact: true })).toBeVisible();
+
+    // Weekly overview section
+    await expect(page.getByText('This Week', { exact: true })).toBeVisible();
+});
+
+test('test that dashboard shows time entry data after creating entries', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Dashboard test entry', '1h');
+
+    await goToDashboard(page);
+    await expect(page.getByTestId('dashboard_view')).toBeVisible();
+
+    // The "Last 7 Days" or "This Week" section should reflect tracked time
+    await expect(page.getByText('This Week', { exact: true })).toBeVisible();
+});
+
+test('test that timer on dashboard can start and stop', async ({ page }) => {
+    await goToDashboard(page);
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
+
+    await page.waitForTimeout(1500);
+
+    await Promise.all([stoppedTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerIsStopped(page);
+});
+
+test('test that weekly overview section displays stat cards', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Stats test entry', '2h');
+
+    await goToDashboard(page);
+
+    // Verify stat card labels are visible
+    await expect(page.getByText('Spent Time')).toBeVisible();
+    await expect(page.getByText('Billable Time')).toBeVisible();
+    await expect(page.getByText('Billable Amount')).toBeVisible();
+});
+
+test('test that stopping timer refreshes dashboard data', async ({ page }) => {
+    await goToDashboard(page);
+
+    // Start timer
+    await Promise.all([newTimeEntryResponse(page), startOrStopTimerWithButton(page)]);
+    await assertThatTimerHasStarted(page);
+    await page.waitForTimeout(1500);
+
+    // Stop timer and verify dashboard queries are refetched
+    await Promise.all([
+        stoppedTimeEntryResponse(page),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/charts/') &&
+                response.request().method() === 'GET' &&
+                response.status() === 200
+        ),
+        startOrStopTimerWithButton(page),
+    ]);
+    await assertThatTimerIsStopped(page);
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Dashboard Restrictions', () => {
+    test('employee dashboard loads and timer is functional', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Timer should be available
+        await expect(
+            employee.page
+                .getByTestId('dashboard_timer')
+                .getByTestId('timer_button')
+                .and(employee.page.locator(':visible'))
+        ).toBeVisible();
+        await expect(employee.page.getByTestId('time_entry_description')).toBeEditable();
+    });
+
+    test('employee cannot see Team Activity card', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Other dashboard cards should be visible
+        await expect(employee.page.getByText('Recent Time Entries', { exact: true })).toBeVisible();
+
+        // Team Activity should NOT be visible for employees
+        await expect(employee.page.getByText('Team Activity', { exact: true })).not.toBeVisible();
+    });
+
+    test('employee cannot see Cost column in This Week table by default', async ({
+        ctx,
+        employee,
+    }) => {
+        const project = await createPublicProjectViaApi(ctx, {
+            name: 'EmpDashBillProj',
+            is_billable: true,
+            billable_rate: 10000,
+        });
+        await createTimeEntryViaApi(
+            { ...ctx, memberId: employee.memberId },
+            {
+                description: 'Emp dashboard cost entry',
+                duration: '1h',
+                projectId: project.id,
+                billable: true,
+            }
+        );
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // This Week table should be visible
+        await expect(employee.page.getByText('This Week', { exact: true })).toBeVisible();
+
+        // Duration column should be visible, but Cost column should NOT
+        await expect(employee.page.getByText('Duration', { exact: true })).toBeVisible();
+        await expect(employee.page.getByText('Cost', { exact: true })).not.toBeVisible();
+    });
+
+    test('employee can see Cost column in This Week table when employees_can_see_billable_rates is enabled', async ({
+        ctx,
+        employee,
+    }) => {
+        await updateOrganizationSettingViaApi(ctx, { employees_can_see_billable_rates: true });
+
+        const project = await createPublicProjectViaApi(ctx, {
+            name: 'EmpDashBillVisProj',
+            is_billable: true,
+            billable_rate: 10000,
+        });
+        await createTimeEntryViaApi(
+            { ...ctx, memberId: employee.memberId },
+            {
+                description: 'Emp dashboard cost visible entry',
+                duration: '1h',
+                projectId: project.id,
+                billable: true,
+            }
+        );
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Both Duration and Cost columns should be visible
+        await expect(employee.page.getByText('Duration', { exact: true })).toBeVisible();
+        await expect(employee.page.getByText('Cost', { exact: true })).toBeVisible();
+
+        // 1h at 100.00/h = 100.00 EUR cost should be visible
+        await expect(employee.page.getByText('100,00 EUR').first()).toBeVisible();
+    });
+});

e2e/import-export.spec.ts

@@ -0,0 +1,154 @@
+import { expect, test } from '../playwright/fixtures';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import path from 'path';
+
+async function goToImportExport(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/import');
+}
+
+test('test that import page loads with type dropdown and file upload', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByTestId('import_view')).toBeVisible({ timeout: 10000 });
+
+    // Import section
+    await expect(page.getByRole('heading', { name: 'Import Data' })).toBeVisible();
+    await expect(page.locator('#importType')).toBeVisible();
+
+    // Export section
+    await expect(page.getByRole('heading', { name: 'Export Data' })).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Export Organization Data' })).toBeVisible();
+});
+
+test('test that selecting an import type shows instructions', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Select a Toggl import type
+    await page.getByLabel('Import Type').selectOption({ index: 1 });
+
+    // Instructions should appear
+    await expect(page.getByText('Instructions:')).toBeVisible();
+});
+
+test('test that importing without selecting type shows error', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Click Import Data without selecting a type
+    await page.getByRole('button', { name: 'Import Data' }).click();
+
+    // Should show an error notification
+    await expect(page.getByText('Please select the import type')).toBeVisible();
+});
+
+test('test that importing without selecting file shows error', async ({ page }) => {
+    await goToImportExport(page);
+
+    // Select an import type first
+    await page.getByLabel('Import Type').selectOption({ index: 1 });
+
+    // Click Import Data without selecting a file
+    await page.getByRole('button', { name: 'Import Data' }).click();
+
+    // Should show an error notification
+    await expect(
+        page.getByText('Please select the CSV or ZIP file that you want to import')
+    ).toBeVisible();
+});
+
+test('test that export button triggers export and shows success modal', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByRole('button', { name: 'Export Organization Data' })).toBeVisible();
+
+    // Override window.open to prevent the page from navigating away to the
+    // download URL (the app uses window.open(url, '_self') which would navigate
+    // away before we can verify the success modal)
+    await page.evaluate(() => {
+        window.open = () => null;
+    });
+
+    // Click Export Organization Data and wait for the API response
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/export') &&
+                response.request().method() === 'POST' &&
+                response.status() === 200,
+            { timeout: 60000 }
+        ),
+        page.getByRole('button', { name: 'Export Organization Data' }).click(),
+    ]);
+
+    // Success modal should appear after export completes
+    await expect(page.getByText('The export was successful!')).toBeVisible();
+});
+
+test('test that import type dropdown has multiple options', async ({ page }) => {
+    await goToImportExport(page);
+
+    // The dropdown should load with options from the API
+    await page.waitForResponse(
+        (response) =>
+            response.url().includes('/importers') &&
+            response.request().method() === 'GET' &&
+            response.status() === 200
+    );
+
+    // Verify the select has options besides the default placeholder
+    const options = page.getByLabel('Import Type').locator('option');
+    const count = await options.count();
+    // Should have at least the placeholder + some import types
+    expect(count).toBeGreaterThan(1);
+});
+
+test('test that importing a generic time entries CSV works', async ({ page }) => {
+    await goToImportExport(page);
+    await expect(page.getByTestId('import_view')).toBeVisible({ timeout: 10000 });
+
+    // Select "Generic Time Entries" import type
+    await page.getByLabel('Import Type').selectOption({ label: 'Generic Time Entries' });
+    await expect(page.getByText('Instructions:')).toBeVisible();
+
+    // Upload the test CSV file
+    const csvPath = path.resolve('resources/testfiles/generic_time_entries_import_test_1.csv');
+    await page.locator('#file-upload').setInputFiles(csvPath);
+
+    // Click Import and wait for the API response
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/import') &&
+                response.request().method() === 'POST' &&
+                response.status() === 200,
+            { timeout: 30000 }
+        ),
+        page.getByRole('button', { name: 'Import Data' }).click(),
+    ]);
+
+    // Verify success modal with import results
+    await expect(page.getByRole('heading', { name: 'Import Result' })).toBeVisible();
+    await expect(page.getByText('The import was successful!')).toBeVisible();
+
+    // The CSV has 2 time entries, 1 client, 2 projects, 1 task
+    await expect(page.getByText('Time entries created:').locator('..')).toContainText('2');
+    await expect(page.getByText('Projects created:').locator('..')).toContainText('2');
+    await expect(page.getByText('Clients created:').locator('..')).toContainText('1');
+    await expect(page.getByText('Tasks created:').locator('..')).toContainText('1');
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Import Restrictions', () => {
+    test('employee does not see Import / Export link in the sidebar', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // The Import / Export link should NOT be visible in the sidebar for employees
+        await expect(
+            employee.page.getByRole('link', { name: 'Import / Export' })
+        ).not.toBeVisible();
+    });
+});

e2e/members.spec.ts

@@ -3,53 +3,69 @@
 // TODO: Remove Invitation
 import { expect, test } from '../playwright/fixtures';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import type { Page } from '@playwright/test';
+import { inviteAndAcceptMember } from './utils/members';
+import {
+    createPlaceholderMemberViaImportApi,
+    getMembersViaApi,
+    updateMemberBillableRateViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
+import { getTableRowNames } from './utils/table';
 
-async function goToMembersPage(page) {
+// Tests that invite + accept members need more time
+test.describe.configure({ timeout: 45000 });
+
+async function goToMembersPage(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/members');
 }
 
-async function openInviteMemberModal(page) {
+async function openInviteMemberModal(page: Page) {
     await Promise.all([
         page.getByRole('button', { name: 'Invite Member' }).click(),
         expect(page.getByPlaceholder('Member Email')).toBeVisible(),
     ]);
 }
 
-test('test that new manager can be invited', async ({ page }) => {
+test('test that new manager can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `manager+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Mgr', memberEmail, 'Manager');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const editorId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${editorId}@editor.test`);
-    await page.getByRole('button', { name: 'Manager' }).click();
-    await Promise.all([
-        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
-        expect(page.getByRole('main')).toContainText(`new+${editorId}@editor.test`),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Mgr' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Manager', { exact: true })).toBeVisible();
 });
 
-test('test that new employee can be invited', async ({ page }) => {
+test('test that new employee can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `employee+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Emp', memberEmail, 'Employee');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const editorId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${editorId}@editor.test`);
-    await page.getByRole('button', { name: 'Employee' }).click();
-    await Promise.all([
-        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
-        await expect(page.getByRole('main')).toContainText(`new+${editorId}@editor.test`),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Emp' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
 });
 
-test('test that new admin can be invited', async ({ page }) => {
+test('test that new admin can be invited and accepted', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `admin+${memberId}@invite.test`;
+
+    await inviteAndAcceptMember(page, browser, 'Invited Adm', memberEmail, 'Administrator');
+
+    // Verify the member appears in the members table with the correct role
     await goToMembersPage(page);
-    await openInviteMemberModal(page);
-    const adminId = Math.round(Math.random() * 10000);
-    await page.getByLabel('Email').fill(`new+${adminId}@admin.test`);
-    await page.getByRole('button', { name: 'Administrator' }).click();
-    await Promise.all([
-        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
-        expect(page.getByRole('main')).toContainText(`new+${adminId}@admin.test`),
-    ]);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Invited Adm' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Admin', { exact: true })).toBeVisible();
 });
+
 test('test that error shows if no role is selected', async ({ page }) => {
     await goToMembersPage(page);
     await openInviteMemberModal(page);
@@ -69,8 +85,8 @@ test('test that organization billable rate can be updated with all existing time
     const newBillableRate = Math.round(Math.random() * 10000);
     await page.getByRole('row').first().getByRole('button').click();
     await page.getByRole('menuitem').getByText('Edit').click();
-    await page.getByText('Organization Default Rate').click();
-    await page.getByText('Custom Rate').click();
+    await page.getByRole('combobox').last().click();
+    await page.getByRole('option', { name: 'Custom Rate' }).click();
     await page.getByPlaceholder('Billable Rate').fill(newBillableRate.toString());
     await page.getByRole('button', { name: 'Update Member' }).click();
 
@@ -91,3 +107,835 @@ test('test that organization billable rate can be updated with all existing time
         ),
     ]);
 });
+
+test('test that switching member billable rate from custom back to default rate works', async ({
+    page,
+    ctx,
+}) => {
+    // Set a known org billable rate
+    await updateOrganizationSettingViaApi(ctx, { billable_rate: 12000 });
+
+    // Create a placeholder member with a custom billable rate
+    await createPlaceholderMemberViaImportApi(ctx, 'CustomToDefault Member');
+    const members = await getMembersViaApi(ctx);
+    const member = members.find((m) => m.name === 'CustomToDefault Member');
+    expect(member).toBeDefined();
+    await updateMemberBillableRateViaApi(ctx, member!.id, 25000);
+
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'CustomToDefault Member' });
+    await expect(memberRow).toBeVisible();
+
+    // Open edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Verify it starts on Custom Rate
+    const billableCombobox = page.getByRole('dialog').getByRole('combobox').last();
+    await expect(billableCombobox).toContainText('Custom Rate');
+
+    // Switch to Default Rate
+    await billableCombobox.click();
+    await page.getByRole('option', { name: 'Default Rate' }).click();
+    await expect(billableCombobox).toContainText('Default Rate');
+
+    // Verify the billable rate input is disabled
+    await expect(page.getByPlaceholder('Billable Rate')).toBeDisabled();
+
+    // Submit — billable_rate changes from 25000 to null, so confirmation dialog appears
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+    await expect(page.getByText('the default rate of the organization')).toBeVisible();
+
+    // Confirm the update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForRequest(
+            (request) =>
+                request.url().includes('/members/') &&
+                request.method() === 'PUT' &&
+                request.postDataJSON().billable_rate === null
+        ),
+    ]);
+
+    // Verify both dialogs are closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that default rate shows disabled input with organization billable rate', async ({
+    page,
+    ctx,
+}) => {
+    // Set a known org billable rate (150.00)
+    await updateOrganizationSettingViaApi(ctx, { billable_rate: 15000 });
+
+    await goToMembersPage(page);
+
+    // Open edit modal for the owner (who uses default rate by default)
+    await page.getByRole('row').first().getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Verify it's on Default Rate
+    const billableCombobox = page.getByRole('dialog').getByRole('combobox').last();
+    await expect(billableCombobox).toContainText('Default Rate');
+
+    // Verify the input is disabled and shows the org rate (formatted with currency)
+    const billableInput = page.getByPlaceholder('Billable Rate');
+    await expect(billableInput).toBeDisabled();
+    await expect(billableInput).toHaveAttribute('aria-valuenow', '150');
+
+    // Close the dialog
+    await page.getByRole('button', { name: 'Cancel' }).click();
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that cancelling the billable rate confirmation dialog does not update the member', async ({
+    page,
+    ctx,
+}) => {
+    // Create a placeholder member with a custom billable rate
+    await createPlaceholderMemberViaImportApi(ctx, 'CancelConfirm Member');
+    const members = await getMembersViaApi(ctx);
+    const member = members.find((m) => m.name === 'CancelConfirm Member');
+    expect(member).toBeDefined();
+    await updateMemberBillableRateViaApi(ctx, member!.id, 10000);
+
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'CancelConfirm Member' });
+    await expect(memberRow).toBeVisible();
+
+    // Open edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change the billable rate
+    await page.getByPlaceholder('Billable Rate').fill('200');
+
+    // Click Update Member — confirmation dialog should appear
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+
+    // Set up listener to verify no PUT request is sent after cancel
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Cancel on the confirmation dialog
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify confirmation dialog is closed
+    await expect(
+        page.getByRole('heading', { name: 'Update Member Billable Rate' })
+    ).not.toBeVisible();
+
+    // Verify no API call was made
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that changing role of placeholder member is rejected', async ({ page, ctx }) => {
+    const placeholderName = 'RoleChange ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page and verify placeholder exists with role "Placeholder"
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Placeholder', { exact: true })).toBeVisible();
+
+    // Open the edit modal for the placeholder member
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change role to Employee
+    const roleSelect = page.getByRole('dialog').getByRole('combobox').first();
+    await roleSelect.click();
+    await expect(page.getByRole('option', { name: 'Employee' })).toBeVisible();
+    await page.getByRole('option', { name: 'Employee' }).click();
+    await expect(roleSelect).toContainText('Employee');
+
+    // Submit the change - the API should reject it with 400
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 400
+        ),
+    ]);
+
+    // Verify error notification is shown
+    await expect(page.getByText('Failed to update member')).toBeVisible();
+});
+
+test('test that changing member role updates the role in the member table', async ({
+    page,
+    browser,
+}) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `member+${memberId}@rolechange.test`;
+
+    // Invite and accept a new Employee member
+    await inviteAndAcceptMember(page, browser, 'Jane Smith', memberEmail, 'Employee');
+
+    // Verify the new member appears with the Employee role
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: 'Jane Smith' });
+    await expect(memberRow).toBeVisible();
+    await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
+
+    // Open the edit modal
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change role to Manager
+    const roleSelect = page.getByRole('dialog').getByRole('combobox').first();
+    await roleSelect.click();
+    await expect(page.getByRole('option', { name: 'Manager' })).toBeVisible();
+    await page.getByRole('option', { name: 'Manager' }).click();
+    await expect(roleSelect).toContainText('Manager');
+
+    // Submit the change and verify the API call succeeds
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify dialog closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify the role updated in the table
+    await expect(memberRow.getByText('Manager', { exact: true })).toBeVisible();
+});
+
+test('test that merging a placeholder member works', async ({ page, ctx }) => {
+    const placeholderName = 'Merge Target ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    await expect(page.getByText(placeholderName)).toBeVisible();
+
+    // Find the placeholder member row and open actions menu
+    const placeholderRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await placeholderRow.getByRole('button').click();
+
+    // Click Merge
+    await page.getByTestId('member_merge').click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Merge Member' })).toBeVisible();
+
+    // Select the current user (the owner) as merge target via MemberCombobox
+    // The MemberCombobox renders a Button as trigger; clicking it opens the popover with the combobox input
+    await page.getByRole('dialog').getByRole('button', { name: 'Select a member...' }).click();
+
+    // Wait for dropdown options to load
+    const firstOption = page.getByRole('option').first();
+    await expect(firstOption).toBeVisible({ timeout: 10000 });
+    await firstOption.click();
+
+    // Submit merge
+    await Promise.all([
+        page.getByRole('button', { name: 'Merge Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/member/') &&
+                response.url().includes('/merge-into') &&
+                response.ok()
+        ),
+    ]);
+
+    // Wait for merge dialog to close after successful merge
+    await expect(page.getByRole('dialog').filter({ hasText: 'Merge Member' })).not.toBeVisible();
+
+    // Verify placeholder member is no longer in the members table
+    await expect(page.getByRole('main').getByText(placeholderName)).not.toBeVisible();
+});
+
+test('test that deleting a placeholder member works', async ({ page, ctx }) => {
+    const placeholderName = 'Delete Target ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+
+    // Open actions menu and click Delete
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Delete Member' })).toBeVisible();
+
+    // Try to delete without checking the confirmation checkbox
+    await page.getByRole('button', { name: 'Delete Member' }).click();
+
+    // Should show validation error
+    await expect(
+        page.getByText('You must confirm that you understand the consequences of this action')
+    ).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Click Delete Member button and wait for API response
+    await Promise.all([
+        page.getByRole('button', { name: 'Delete Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'DELETE' &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify member is removed from the table
+    await expect(page.getByRole('main').getByText(placeholderName)).not.toBeVisible();
+});
+
+test('test that member delete modal can be cancelled', async ({ page, ctx }) => {
+    const placeholderName = 'Delete Cancel ' + Math.floor(Math.random() * 10000);
+
+    // Create a placeholder member via import
+    await createPlaceholderMemberViaImportApi(ctx, placeholderName);
+
+    // Go to members page
+    await goToMembersPage(page);
+    const memberRow = page.getByRole('row').filter({ hasText: placeholderName });
+    await expect(memberRow).toBeVisible();
+
+    // Open actions menu and click Delete
+    await memberRow.getByRole('button').click();
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Set up listener to verify no DELETE request is sent
+    let deleteRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/members/') && request.method() === 'DELETE') {
+            deleteRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify member is still in the table
+    await expect(memberRow).toBeVisible();
+
+    // Verify no DELETE request was sent
+    expect(deleteRequestSent).toBe(false);
+});
+
+test('test that organization owner cannot be deleted', async ({ page }) => {
+    await goToMembersPage(page);
+
+    // Find the owner row (John Doe with Owner role)
+    const ownerRow = page.getByRole('row').filter({ hasText: 'Owner' });
+    await expect(ownerRow).toBeVisible();
+
+    // Open the actions menu for the owner
+    await ownerRow.getByRole('button').click();
+
+    // Click Delete
+    await page.getByRole('menuitem').getByText('Delete').click();
+
+    // Verify delete modal is shown
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Try to delete - should fail with 400 error
+    const responsePromise = page.waitForResponse(
+        (response) =>
+            response.url().includes('/members/') && response.request().method() === 'DELETE'
+    );
+    await page.getByRole('button', { name: 'Delete Member' }).click();
+    const response = await responsePromise;
+
+    // Verify the API returned an error status
+    expect(response.status()).toBe(400);
+
+    // Close the modal by pressing Escape
+    await page.keyboard.press('Escape');
+
+    // Refresh and verify the owner is still there
+    await goToMembersPage(page);
+    await expect(page.getByRole('row').filter({ hasText: 'Owner' })).toBeVisible();
+});
+
+// =============================================
+// Context Menu Tests
+// =============================================
+
+test('test that member context menu edit updates the member billable rate', async ({
+    page,
+    ctx,
+}) => {
+    const memberName = 'CtxEditMember ' + Math.floor(1 + Math.random() * 10000);
+    await createPlaceholderMemberViaImportApi(ctx, memberName);
+    await goToMembersPage(page);
+
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Edit' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Update Member' })).toBeVisible();
+
+    // Change billable rate from default to custom
+    const billableRateSelect = page.getByRole('dialog').getByRole('combobox').last();
+    await billableRateSelect.click();
+    await page.getByRole('option', { name: 'Custom Rate' }).click();
+
+    // Set a custom billable rate
+    await page.getByPlaceholder('Billable Rate').fill('150');
+
+    // Click Update Member — confirmation dialog should appear
+    await page.getByRole('button', { name: 'Update Member' }).click();
+    await expect(page.getByRole('heading', { name: 'Update Member Billable Rate' })).toBeVisible();
+
+    // Confirm the billable rate change
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time entries' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify dialog closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+});
+
+test('test that member context menu merge merges the member', async ({ page, ctx }) => {
+    const memberName = 'CtxMergeMember ' + Math.floor(1 + Math.random() * 10000);
+    await createPlaceholderMemberViaImportApi(ctx, memberName);
+    await goToMembersPage(page);
+
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Merge' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Merge Member' })).toBeVisible();
+
+    // Select the first available member as merge target
+    await page.getByRole('dialog').getByRole('button', { name: 'Select a member...' }).click();
+    const firstOption = page.getByRole('option').first();
+    await expect(firstOption).toBeVisible({ timeout: 10000 });
+    await firstOption.click();
+
+    // Submit merge
+    await Promise.all([
+        page.getByRole('button', { name: 'Merge Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/member/') &&
+                response.url().includes('/merge-into') &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify placeholder member is no longer visible
+    await expect(page.getByRole('dialog').filter({ hasText: 'Merge Member' })).not.toBeVisible();
+    await expect(page.getByRole('main').getByText(memberName)).not.toBeVisible();
+});
+
+test('test that member context menu deactivate deactivates the member', async ({
+    page,
+    browser,
+}) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `member+${memberId}@deactivate.test`;
+    const memberName = 'Deactivate Target';
+
+    // Invite and accept a new Employee member
+    await inviteAndAcceptMember(page, browser, memberName, memberEmail, 'Employee');
+
+    await goToMembersPage(page);
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+
+    // Open context menu and click Deactivate
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Deactivate' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Deactivate User' })).toBeVisible();
+
+    // Confirm deactivation
+    await Promise.all([
+        page.getByRole('button', { name: 'Deactivate' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/make-placeholder') &&
+                response.request().method() === 'POST' &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify dialog closed and member role changed to Placeholder
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+    await expect(row.getByText('Placeholder', { exact: true })).toBeVisible();
+});
+
+test('test that member context menu delete deletes the member', async ({ page, ctx }) => {
+    const memberName = 'CtxDeleteMember ' + Math.floor(1 + Math.random() * 10000);
+    await createPlaceholderMemberViaImportApi(ctx, memberName);
+    await goToMembersPage(page);
+
+    const row = page.getByRole('row').filter({ hasText: memberName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Delete' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Delete Member' })).toBeVisible();
+
+    // Check the confirmation checkbox
+    await page.getByRole('checkbox').click();
+
+    // Click Delete Member button and wait for API response
+    await Promise.all([
+        page.getByRole('button', { name: 'Delete Member' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/members/') &&
+                response.request().method() === 'DELETE' &&
+                response.ok()
+        ),
+    ]);
+
+    // Verify modal closed and member removed from table
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+    await expect(page.getByRole('main').getByText(memberName)).not.toBeVisible();
+});
+
+// =============================================
+// Invitations Tab Tests
+// =============================================
+
+test('test that invitation shows in invitations tab and can be revoked', async ({ page }) => {
+    const inviteEmail = `invite+${Math.floor(Math.random() * 100000)}@pending.test`;
+
+    await goToMembersPage(page);
+    await openInviteMemberModal(page);
+
+    await page.getByPlaceholder('Member Email').fill(inviteEmail);
+    await page.getByRole('button', { name: 'Employee' }).click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    // Wait for modal to close
+    await expect(page.getByPlaceholder('Member Email')).not.toBeVisible();
+
+    // Switch to Invitations tab and verify the invitation is visible
+    await page.getByText('Invitations', { exact: true }).click();
+    await expect(page.getByText(inviteEmail)).toBeVisible();
+
+    // Find and click the actions menu for this invitation
+    const invitationRow = page.locator('tr, [role="row"]').filter({ hasText: inviteEmail });
+    await invitationRow.getByRole('button').click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations/') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem').getByText('Delete').click(),
+    ]);
+
+    // Verify invitation is removed
+    await expect(page.getByText(inviteEmail)).not.toBeVisible();
+});
+
+test('test that invitation can be resent', async ({ page }) => {
+    const inviteEmail = `resend+${Math.floor(Math.random() * 100000)}@invite.test`;
+
+    await goToMembersPage(page);
+    await openInviteMemberModal(page);
+
+    await page.getByPlaceholder('Member Email').fill(inviteEmail);
+    await page.getByRole('button', { name: 'Employee' }).click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/invitations') &&
+                response.request().method() === 'POST' &&
+                response.status() === 204
+        ),
+        page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
+    ]);
+
+    // Wait for modal to close
+    await expect(page.getByPlaceholder('Member Email')).not.toBeVisible();
+
+    // Switch to Invitations tab
+    await page.getByText('Invitations', { exact: true }).click();
+    await expect(page.getByText(inviteEmail)).toBeVisible();
+
+    // Find and click the actions menu, then resend
+    const invitationRow = page.locator('tr, [role="row"]').filter({ hasText: inviteEmail });
+    await invitationRow.getByRole('button').click();
+    // Wait for dropdown menu to appear
+    await expect(page.getByRole('menuitem').getByText('Resend Invitation')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/resend') && response.request().method() === 'POST'
+        ),
+        page.getByRole('menuitem').getByText('Resend Invitation').click(),
+    ]);
+});
+
+test('test that admin user cannot transfer ownership', async ({ page, browser }) => {
+    const memberId = Math.floor(Math.random() * 100000);
+    const memberEmail = `admin+${memberId}@perms.test`;
+
+    // Invite and accept an admin member
+    await inviteAndAcceptMember(
+        page,
+        browser,
+        'Admin User ' + memberId,
+        memberEmail,
+        'Administrator'
+    );
+
+    // Go to members page and verify the admin exists
+    await goToMembersPage(page);
+    const adminRow = page.getByRole('row').filter({ hasText: 'Admin User' });
+    await expect(adminRow).toBeVisible();
+
+    // The owner should still be the owner
+    const ownerRow = page.getByRole('row').filter({ hasText: 'Owner' });
+    await expect(ownerRow).toBeVisible();
+
+    // Open actions menu for the admin - should NOT have "Transfer Ownership" option
+    await adminRow.getByRole('button').click();
+    await expect(page.getByRole('menuitem').getByText('Edit')).toBeVisible();
+});
+
+test('test that accepted invitation disappears from invitations tab', async ({ page, browser }) => {
+    const memberId = Math.round(Math.random() * 100000);
+    const memberEmail = `accepted+${memberId}@invite.test`;
+
+    // Invite and accept the member
+    await inviteAndAcceptMember(page, browser, 'Accepted Member', memberEmail, 'Employee');
+
+    // Go to members page and switch to Invitations tab
+    await goToMembersPage(page);
+    await page.getByRole('tab', { name: 'Invitations' }).click();
+
+    // The accepted invitation should not be visible
+    await expect(page.getByText(memberEmail)).not.toBeVisible();
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+// Helper to clear localStorage before tests that check sorting
+async function clearMemberTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('member-table-state');
+    });
+}
+
+test('test that sorting members by name, role, and status works', async ({ page, ctx }) => {
+    // Create two placeholder members with names that sort predictably around "John Doe"
+    await createPlaceholderMemberViaImportApi(ctx, 'AAA SortFirst');
+    await createPlaceholderMemberViaImportApi(ctx, 'ZZZ SortLast');
+
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // -- Name sorting (default is already name asc after clearing state) --
+    const nameHeader = table.getByText('Name').first();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('ZZZ SortLast'));
+
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortLast')).toBeLessThan(names.indexOf('AAA SortFirst'));
+
+    // -- Role sorting --
+    const roleHeader = table.getByText('Role').first();
+    await roleHeader.click(); // asc: Owner(0) < Placeholder(4)
+    names = await getTableRowNames(table);
+    const ownerIdx = names.indexOf('John Doe');
+    const placeholderIdx = names.indexOf('AAA SortFirst');
+    expect(ownerIdx).toBeLessThan(placeholderIdx);
+
+    await roleHeader.click(); // desc: Placeholder first
+    names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('John Doe'));
+
+    // -- Status sorting --
+    const statusHeader = table.getByText('Status').first();
+    await statusHeader.click(); // asc: Active(0) < Inactive(1)
+    names = await getTableRowNames(table);
+    expect(names.indexOf('John Doe')).toBeLessThan(names.indexOf('AAA SortFirst'));
+
+    await statusHeader.click(); // desc: Inactive first
+    names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortFirst')).toBeLessThan(names.indexOf('John Doe'));
+
+    // -- Email: just verify sort indicator appears --
+    const emailHeader = table.getByText('Email').first();
+    await emailHeader.click();
+    await expect(emailHeader.locator('svg')).toBeVisible();
+});
+
+test('test that member sort state persists after page reload', async ({ page }) => {
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // Click Role header twice to set descending sort
+    const roleHeader = table.getByText('Role').first();
+    await roleHeader.click();
+    await expect(roleHeader.locator('svg')).toBeVisible();
+    await roleHeader.click();
+    await expect(roleHeader.locator('svg')).toBeVisible();
+
+    // Reload the page
+    await page.reload();
+
+    // Verify the sort indicator is still visible on Role column
+    await expect(page.getByTestId('member_table')).toBeVisible();
+    await expect(
+        page.getByTestId('member_table').getByText('Role').first().locator('svg')
+    ).toBeVisible();
+});
+
+test('test that sorting members by billable rate works', async ({ page, ctx }) => {
+    // Create two placeholder members and set different billable rates
+    await createPlaceholderMemberViaImportApi(ctx, 'HighRate Member');
+    await createPlaceholderMemberViaImportApi(ctx, 'LowRate Member');
+
+    const members = await getMembersViaApi(ctx);
+    const highRateMember = members.find((m) => m.name === 'HighRate Member');
+    const lowRateMember = members.find((m) => m.name === 'LowRate Member');
+    expect(highRateMember).toBeDefined();
+    expect(lowRateMember).toBeDefined();
+
+    await updateMemberBillableRateViaApi(ctx, highRateMember!.id, 20000);
+    await updateMemberBillableRateViaApi(ctx, lowRateMember!.id, 5000);
+
+    await goToMembersPage(page);
+    await clearMemberTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('member_table');
+    await expect(table).toBeVisible();
+
+    // First click = desc (highest first), null rates last
+    const billableHeader = table.getByText('Billable Rate').first();
+    await billableHeader.click();
+    await expect(billableHeader.locator('svg')).toBeVisible();
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('HighRate Member')).toBeLessThan(names.indexOf('LowRate Member'));
+
+    // Second click = asc (lowest first), null rates still last
+    await billableHeader.click();
+    names = await getTableRowNames(table);
+    expect(names.indexOf('LowRate Member')).toBeLessThan(names.indexOf('HighRate Member'));
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Sidebar Navigation', () => {
+    test('employee sidebar shows correct navigation links', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
+        await expect(employee.page.getByTestId('dashboard_view')).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Visible links
+        await expect(employee.page.getByRole('link', { name: 'Dashboard' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Time', exact: true })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Calendar' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Projects' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Clients' })).toBeVisible();
+        await expect(employee.page.getByRole('link', { name: 'Tags' })).toBeVisible();
+
+        // Hidden links
+        await expect(employee.page.getByRole('link', { name: 'Members' })).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('link', { name: 'Settings', exact: true })
+        ).not.toBeVisible();
+    });
+
+    test('employee cannot see members list or invite members', async ({ employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/members');
+
+        // Page loads but the members API returns 403 (no members:view permission)
+        await expect(employee.page.getByRole('heading', { name: 'Members' })).toBeVisible({
+            timeout: 10000,
+        });
+
+        // Member table is empty — no rows rendered (only headers)
+        await expect(employee.page.getByTestId('member_table').locator('[role="row"]')).toHaveCount(
+            0
+        );
+
+        // Employee should NOT see the Invite Member button
+        await expect(
+            employee.page.getByRole('button', { name: 'Invite member' })
+        ).not.toBeVisible();
+    });
+});

e2e/organization.spec.ts

@@ -9,7 +9,10 @@ async function goToOrganizationSettings(page) {
 
 async function createTimeEntry(page, duration: string) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/time');
-    await page.getByRole('button', { name: 'Manual time entry' }).click();
+
+    // Open the dropdown menu and click "Manual time entry"
+    await page.getByRole('button', { name: 'Time entry actions' }).click();
+    await page.getByRole('menuitem', { name: 'Manual time entry' }).click();
 
     // Fill in the time entry details
     await page.getByTestId('time_entry_description').fill('Test time entry');
@@ -220,9 +223,211 @@ test('test that format settings are reflected in the dashboard', async ({ page }
 
     // check that the current date is displayed in the dd/mm/yyyy format on the time page
     await page.goto(PLAYWRIGHT_BASE_URL + '/time');
+    // Wait for time entries to load so organization data is available for date formatting
+    await page.waitForResponse(
+        (response) => response.url().includes('/time-entries') && response.status() === 200
+    );
     await expect(
         page.getByText(new Date().toLocaleDateString('en-GB'), { exact: true }).nth(0)
-    ).toBeVisible();
+    ).toBeVisible({ timeout: 10000 });
 });
 
-// TODO: Test 12-hour clock format
+test('test that organization time entry settings can be toggled', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    const preventOverlappingCheckbox = page.getByLabel(
+        'Prevent overlapping time entries (new entries only)'
+    );
+    const manageTasksCheckbox = page.getByLabel('Allow Employees to manage tasks');
+
+    // Get current states and toggle both
+    const wasOverlappingChecked = await preventOverlappingCheckbox.isChecked();
+    const wasManageTasksChecked = await manageTasksCheckbox.isChecked();
+
+    if (wasOverlappingChecked) {
+        await preventOverlappingCheckbox.uncheck();
+    } else {
+        await preventOverlappingCheckbox.check();
+    }
+
+    if (wasManageTasksChecked) {
+        await manageTasksCheckbox.uncheck();
+    } else {
+        await manageTasksCheckbox.check();
+    }
+
+    // Save
+    const settingsForm = page.locator('form').filter({ hasText: 'Prevent overlapping' });
+    await Promise.all([
+        settingsForm.getByRole('button', { name: 'Save' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.prevent_overlapping_time_entries ===
+                    !wasOverlappingChecked
+        ),
+    ]);
+
+    // Reload and verify both settings persisted
+    await page.reload();
+    await expect(preventOverlappingCheckbox).toBeChecked({ checked: !wasOverlappingChecked });
+    await expect(manageTasksCheckbox).toBeChecked({ checked: !wasManageTasksChecked });
+
+    // Toggle both back to restore original state
+    if (!wasOverlappingChecked) {
+        await preventOverlappingCheckbox.uncheck();
+    } else {
+        await preventOverlappingCheckbox.check();
+    }
+
+    if (!wasManageTasksChecked) {
+        await manageTasksCheckbox.uncheck();
+    } else {
+        await manageTasksCheckbox.check();
+    }
+
+    await Promise.all([
+        settingsForm.getByRole('button', { name: 'Save' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.prevent_overlapping_time_entries ===
+                    wasOverlappingChecked
+        ),
+    ]);
+});
+
+test('test that 12-hour clock format can be set', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    await page.getByLabel('Time Format').click();
+    await page.getByRole('option', { name: '12-hour clock' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Time Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.time_format === '12-hours'
+        ),
+    ]);
+
+    // Reload and verify it persisted
+    await page.reload();
+    await expect(page.getByLabel('Time Format')).toContainText('12-hour clock');
+
+    // Reset back to 24-hour
+    await page.getByLabel('Time Format').click();
+    await page.getByRole('option', { name: '24-hour clock' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Time Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200 &&
+                (await response.json()).data.time_format === '24-hours'
+        ),
+    ]);
+});
+
+test('test that format settings persist after page reload', async ({ page }) => {
+    await goToOrganizationSettings(page);
+
+    // Set a specific date format
+    await page.getByLabel('Date Format').click();
+    await page.getByRole('option', { name: 'DD/MM/YYYY' }).click();
+    await Promise.all([
+        page
+            .locator('form')
+            .filter({ hasText: 'Date Format' })
+            .getByRole('button', { name: 'Save' })
+            .click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/organizations/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Reload and verify it persisted
+    await page.reload();
+    await expect(page.getByLabel('Date Format')).toContainText('DD/MM/YYYY');
+});
+
+// =============================================
+// Admin Permission Tests
+// =============================================
+
+test.describe('Admin Organization Settings Access', () => {
+    test('admin can see and edit organization settings', async ({ ctx, admin }) => {
+        await admin.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
+
+        // Organization Name section is visible
+        await expect(
+            admin.page.getByRole('heading', { name: 'Organization Name', level: 3 })
+        ).toBeVisible({ timeout: 10000 });
+
+        // Editable settings sections should be visible
+        await expect(
+            admin.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
+        ).toBeVisible();
+        await expect(
+            admin.page.getByRole('heading', { name: 'Format Settings', level: 3 })
+        ).toBeVisible();
+        await expect(
+            admin.page.getByRole('heading', { name: 'Organization Settings', level: 3 })
+        ).toBeVisible();
+
+        // Save buttons should be visible (admin can update)
+        await expect(admin.page.getByRole('button', { name: 'Save' }).first()).toBeVisible();
+
+        // Delete organization should NOT be visible (owner only)
+        await expect(
+            admin.page.getByRole('heading', { name: 'Delete Organization' })
+        ).not.toBeVisible();
+    });
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Organization Settings Restrictions', () => {
+    test('employee can see org name but not editable settings', async ({ ctx, employee }) => {
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
+
+        // Organization Name section is visible (but inputs are disabled)
+        await expect(
+            employee.page.getByRole('heading', { name: 'Organization Name', level: 3 })
+        ).toBeVisible({ timeout: 10000 });
+
+        // Editable settings sections should NOT be visible
+        await expect(
+            employee.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('heading', { name: 'Format Settings', level: 3 })
+        ).not.toBeVisible();
+        await expect(
+            employee.page.getByRole('heading', { name: 'Organization Settings', level: 3 })
+        ).not.toBeVisible();
+
+        // Save button should not be visible (employee cannot update)
+        await expect(employee.page.getByRole('button', { name: 'Save' })).not.toBeVisible();
+    });
+});

e2e/profile.spec.ts

@@ -1,5 +1,10 @@
 import { test, expect } from '../playwright/fixtures';
-import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { PLAYWRIGHT_BASE_URL, TEST_USER_PASSWORD } from '../playwright/config';
+import type { Page } from '@playwright/test';
+
+async function goToProfilePage(page: Page) {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
+}
 
 test('test that user name can be updated', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
@@ -39,6 +44,28 @@ test('test that user can create an API key', async ({ page }) => {
     await createNewApiToken(page);
 });
 
+test('test that creating an API key with empty name shows validation error', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
+
+    // Wait for the API Key Name input to be visible before interacting
+    const nameInput = page.getByLabel('API Key Name');
+    await expect(nameInput).toBeVisible();
+
+    // Ensure the API Key Name input is empty
+    await nameInput.fill('');
+
+    // Click the create button and wait for the 422 response
+    const [response] = await Promise.all([
+        page.waitForResponse('**/users/me/api-tokens'),
+        page.getByRole('button', { name: 'Create API Key' }).click(),
+    ]);
+
+    expect(response.status()).toBe(422);
+
+    // Verify that an error notification is shown with validation message about the name field
+    await expect(page.getByText('name field is required')).toBeVisible({ timeout: 5000 });
+});
+
 test('test that user can delete an API key', async ({ page }) => {
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await createNewApiToken(page);
@@ -68,3 +95,285 @@ test('test that user can revoke an API key', async ({ page }) => {
     await expect(page.locator('body')).toContainText('NEW API KEY');
     await expect(page.locator('body')).toContainText('Revoked');
 });
+
+// =============================================
+// Update Password Form Tests
+// =============================================
+
+test('test that password mismatch shows error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with mismatched passwords
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill('newSecurePassword456');
+    await page.getByLabel('Confirm Password').fill('differentPassword789');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about password confirmation
+    await expect(page.getByText('confirmation does not match')).toBeVisible();
+});
+
+test('test that short password shows validation error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with a too short password
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about password length
+    await expect(page.getByText('must be at least')).toBeVisible();
+});
+
+test('test that incorrect current password shows validation error', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Fill in with wrong current password
+    await page.getByLabel('Current Password').fill('wrongCurrentPassword123');
+    await page.getByLabel('New Password').fill('newSecurePassword456');
+    await page.getByLabel('Confirm Password').fill('newSecurePassword456');
+
+    // Find the form containing the Confirm Password field and click its Save button
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/password') && response.request().method() === 'PUT'
+        ),
+        passwordForm.getByRole('button', { name: 'Save' }).click(),
+    ]);
+
+    // Verify error message about incorrect password
+    await expect(page.getByText('does not match')).toBeVisible();
+});
+
+test('test that password can be updated successfully', async ({ page }) => {
+    await goToProfilePage(page);
+    const newPassword = 'newSecurePassword456';
+
+    // Change password to new password
+    await page.getByLabel('Current Password').fill(TEST_USER_PASSWORD);
+    await page.getByLabel('New Password').fill(newPassword);
+    await page.getByLabel('Confirm Password').fill(newPassword);
+
+    const passwordForm = page.getByLabel('Confirm Password').locator('xpath=ancestor::form');
+    const responsePromise = page.waitForResponse(
+        (response) =>
+            response.url().includes('/user/password') && response.request().method() === 'PUT'
+    );
+    await passwordForm.getByRole('button', { name: 'Save' }).click();
+    const response = await responsePromise;
+
+    // Verify successful response (303 is Inertia redirect on success, means password was updated)
+    expect(response.status()).toBe(303);
+
+    // Verify no error messages are displayed
+    await expect(page.getByText('does not match')).not.toBeVisible();
+    await expect(page.getByText('must be at least')).not.toBeVisible();
+});
+
+// =============================================
+// Theme Selection Tests
+// =============================================
+
+test('test that theme can be changed to dark and light', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // The theme select is a Reka UI combobox (button), not a native <select>
+    const themeSelect = page.locator('button[role="combobox"]');
+
+    // Change theme to dark
+    await themeSelect.click();
+    await page.getByRole('option', { name: 'Dark' }).click();
+
+    // Verify the html element has 'dark' class
+    await expect(page.locator('html')).toHaveClass(/dark/);
+
+    // Change theme to light
+    await themeSelect.click();
+    await page.getByRole('option', { name: 'Light' }).click();
+
+    // Verify the html element has 'light' class and no 'dark' class
+    await expect(page.locator('html')).toHaveClass(/light/);
+    await expect(page.locator('html')).not.toHaveClass(/dark/);
+
+    // Verify localStorage persists the setting
+    const storedTheme = await page.evaluate(() => localStorage.getItem('theme'));
+    expect(storedTheme).toContain('light');
+
+    // Reload and verify the theme persists
+    await page.reload();
+    await expect(page.locator('html')).toHaveClass(/light/);
+
+    // Reset to system
+    await page.locator('button[role="combobox"]').click();
+    await page.getByRole('option', { name: 'System' }).click();
+    await expect(page.getByText('System default:')).toBeVisible();
+});
+
+// =============================================
+// Group similar time entries
+// =============================================
+
+test('test that group similar time entries setting can be toggled', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Get the checkbox
+    const checkbox = page.getByLabel('Group similar time entries');
+
+    // Get initial value and verify it is checked (default is true)
+    const initialValue = await checkbox.isChecked();
+    await expect(checkbox).toBeChecked();
+
+    // Toggle the checkbox
+    await checkbox.click();
+
+    // Reload
+    await page.reload();
+
+    // Verify the value is toggled
+    const afterValue = await page.getByLabel('Group similar time entries').isChecked();
+    expect(afterValue).toBe(!initialValue);
+
+    // Verify localStorage persists the setting
+    const storedValue = await page.evaluate(() =>
+        localStorage.getItem('group-similar-time-entries')
+    );
+    expect(storedValue).toBe(String(!initialValue));
+});
+
+// =============================================
+// Two Factor Authentication Tests
+// =============================================
+
+test('test that password confirmation modal can be cancelled without sending API request', async ({
+    page,
+}) => {
+    await goToProfilePage(page);
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Set up listener to verify no POST request is sent to confirm-password
+    let confirmPasswordRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/user/confirm-password') && request.method() === 'POST') {
+            confirmPasswordRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('dialog').getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify modal is closed
+    await expect(page.getByRole('dialog')).not.toBeVisible();
+
+    // Verify no confirm-password request was sent
+    expect(confirmPasswordRequestSent).toBe(false);
+});
+
+test('test that password confirmation modal shows error for incorrect password', async ({
+    page,
+}) => {
+    await goToProfilePage(page);
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Enter incorrect password and confirm
+    await page.getByPlaceholder('Password').fill('wrongpassword123');
+    await page.getByRole('dialog').getByRole('button', { name: 'Confirm' }).click();
+
+    // Should show error message (wait longer for API response)
+    await expect(page.getByRole('dialog').getByText('incorrect')).toBeVisible({ timeout: 10000 });
+});
+
+test('test that 2FA can be enabled with correct password', async ({ page }) => {
+    await goToProfilePage(page);
+
+    // Verify 2FA is not enabled
+    await expect(page.getByText('You have not enabled two factor authentication.')).toBeVisible();
+
+    // Find the Enable button in the 2FA section
+    const enableButton = page
+        .getByText('You have not enabled two factor authentication.')
+        .locator('..')
+        .getByRole('button', { name: 'Enable' });
+    await enableButton.click();
+
+    // Verify password confirmation modal appears
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Enter correct password and confirm
+    await page.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Confirm' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/two-factor-authentication') &&
+                response.request().method() === 'POST'
+        ),
+    ]);
+
+    // Verify QR code is shown
+    await expect(page.getByRole('heading', { name: 'Finish enabling two factor' })).toBeVisible();
+    await expect(page.getByText('Setup Key:')).toBeVisible();
+    await expect(page.getByLabel('Code')).toBeVisible();
+});
+
+// =============================================
+// Logout Other Browser Sessions Tests
+// =============================================
+
+test('test that logout other browser sessions works with correct password', async ({ page }) => {
+    await goToProfilePage(page);
+
+    await page.getByRole('button', { name: 'Log Out Other Browser Sessions' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    await page.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
+    await Promise.all([
+        page
+            .getByRole('dialog')
+            .getByRole('button', { name: 'Log Out Other Browser Sessions' })
+            .click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/user/other-browser-sessions') &&
+                response.request().method() === 'DELETE'
+        ),
+    ]);
+});

e2e/project-members.spec.ts

@@ -1,33 +1,27 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
 import { formatCentsWithOrganizationDefaults } from './utils/money';
-import type { CurrencyFormat } from '../resources/js/packages/ui/src/utils/money';
-import { NumberFormat } from '@/packages/ui/src/utils/number';
+import { createProjectViaApi, createProjectMemberViaApi, type TestContext } from './utils/api';
 
-async function goToProjectsOverview(page: Page) {
-    await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+async function createProjectWithMemberViaApi(ctx: TestContext, page: Page, projectName: string) {
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createProjectMemberViaApi(ctx, project.id, { member_id: ctx.memberId });
+
+    // Navigate to the project detail page
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+    await expect(page.getByTestId('project_member_table').getByRole('row').first()).toBeVisible();
+    return project;
 }
 
 test('test that updating project member billable rate works for existing time entries', async ({
     page,
+    ctx,
 }) => {
     const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
     const newBillableRate = Math.round(Math.random() * 10000);
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await page.getByLabel('Project Name').fill(newProjectName);
-
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await expect(page.getByText(newProjectName)).toBeVisible();
-
-    await page.getByText(newProjectName).click();
-    await page.getByRole('button', { name: 'Add Member' }).click();
-
-    await expect(page.getByText('Add Project Member').first()).toBeVisible();
-    await page.getByRole('button', { name: 'Select a member' }).click();
-    await page.keyboard.press('Enter');
-    await page.getByRole('button', { name: 'Add Project Member' }).click();
+    await createProjectWithMemberViaApi(ctx, page, newProjectName);
 
     await page
         .getByTestId('project_member_table')
@@ -62,3 +56,197 @@ test('test that updating project member billable rate works for existing time en
             .getByText(formatCentsWithOrganizationDefaults(newBillableRate * 100))
     ).toBeVisible();
 });
+
+test('test that project member edit modal can be cancelled without sending API request', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'Cancel Test ' + Math.floor(1 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Verify the modal is open and shows the member name
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).toBeVisible();
+    await expect(page.getByRole('dialog').getByText('John Doe')).toBeVisible();
+
+    // Enter a new billable rate
+    await page.getByLabel('Billable Rate').fill('999');
+
+    // Set up listener to verify no PUT request is sent
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/project-members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Cancel
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the modal is closed
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+
+    // Verify no PUT request was sent
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that project member update without billable rate change skips confirmation and completes', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'No Change ' + Math.floor(1 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Click Update without changing anything - no confirmation modal since rate didn't change
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Project Member' }).click(),
+    ]);
+
+    // Verify the edit modal is closed (confirmation modal was skipped)
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+});
+
+test('test that billable rate confirmation modal can be cancelled without sending API request', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'Rate Cancel ' + Math.floor(1 + Math.random() * 10000);
+    const newBillableRate = Math.round(Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Open the edit modal
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Change the billable rate
+    await page.getByLabel('Billable Rate').fill(newBillableRate.toString());
+
+    // Set up listener to verify no PUT request is sent
+    let putRequestSent = false;
+    page.on('request', (request) => {
+        if (request.url().includes('/project-members/') && request.method() === 'PUT') {
+            putRequestSent = true;
+        }
+    });
+
+    // Click Update - this should show the confirmation modal
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Verify the confirmation modal is shown
+    await expect(page.getByText('update all existing time entries')).toBeVisible();
+
+    // Click Cancel to close the confirmation modal without updating
+    await page.getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the confirmation modal is closed but edit modal is still open
+    await expect(page.getByText('update all existing time entries')).not.toBeVisible();
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).toBeVisible();
+
+    // Close the edit modal
+    await page.getByRole('dialog').getByRole('button', { name: 'Cancel' }).click();
+
+    // Verify the edit modal is closed
+    await expect(page.getByRole('heading', { name: 'Edit Project Member' })).not.toBeVisible();
+
+    // Verify no PUT request was sent
+    expect(putRequestSent).toBe(false);
+});
+
+test('test that clearing billable rate reverts to project default', async ({ page, ctx }) => {
+    const projectName = 'Revert Default ' + Math.floor(1 + Math.random() * 10000);
+    const customRate = Math.round(100 + Math.random() * 10000);
+
+    await createProjectWithMemberViaApi(ctx, page, projectName);
+
+    // Verify the billable rate shows "--" (project default) initially
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).toBeVisible();
+
+    // Set a custom billable rate
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+    await page.getByLabel('Billable Rate').fill(customRate.toString());
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Confirm the billable rate update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify the custom rate is shown in the table (not "--")
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).not.toBeVisible();
+
+    // Now clear the billable rate to revert to project default
+    await page
+        .getByTestId('project_member_table')
+        .getByRole('row')
+        .first()
+        .getByRole('button')
+        .click();
+    await page.getByRole('menuitem', { name: 'Edit Project Member' }).click();
+
+    // Set billable rate to 0 to revert to project default
+    await page.getByLabel('Billable Rate').fill('0');
+    await page.getByRole('button', { name: 'Update Project Member' }).click();
+
+    // Confirm the billable rate update
+    await Promise.all([
+        page.getByRole('button', { name: 'Yes, update existing time' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/project-members/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    // Verify the billable rate shows "--" again (project default)
+    await expect(
+        page.getByTestId('project_member_table').getByRole('row').first().getByText('--')
+    ).toBeVisible();
+});

e2e/reporting-detailed.spec.ts

@@ -0,0 +1,719 @@
+import { expect } from '@playwright/test';
+import { test } from '../playwright/fixtures';
+import { goToReportingDetailed, waitForDetailedReportingUpdate } from './utils/reporting';
+import {
+    createProjectViaApi,
+    createClientViaApi,
+    createTaskViaApi,
+    createTimeEntryViaApi,
+    createTimeEntryWithTagViaApi,
+    createBareTimeEntryViaApi,
+} from './utils/api';
+
+// Each test registers a new user and creates test data via API
+test.describe.configure({ timeout: 30000 });
+
+// ──────────────────────────────────────────────────
+// Basic Detailed View Tests
+// ──────────────────────────────────────────────────
+
+test('test that detailed view shows time entries correctly', async ({ page, ctx }) => {
+    const projectName = 'Detailed View Project ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    // Go to detailed reporting view
+    await goToReportingDetailed(page);
+
+    // Verify the time entry is shown with all details
+    await expect(page.getByText(projectName, { exact: true }).first()).toBeVisible();
+    await expect(page.locator('input[name="Duration"]').first()).toHaveValue('1:00:00');
+    await expect(page.getByText('Entry for ' + projectName, { exact: true }).first()).toBeVisible();
+});
+
+test('test that updating duration in detailed view works correctly', async ({ page, ctx }) => {
+    const projectName = 'Duration Update Project ' + Math.floor(Math.random() * 10000);
+    const initialDuration = '1h';
+    const updatedDuration = '2h 30min';
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: initialDuration,
+        projectId: project.id,
+    });
+
+    // Go to detailed reporting view
+    await goToReportingDetailed(page);
+
+    // Find and update the duration
+    const durationInput = page.locator('input[name="Duration"]').first();
+    await durationInput.click();
+    await durationInput.fill(updatedDuration);
+    await Promise.all([
+        durationInput.press('Enter'),
+        page.waitForResponse(
+            (response) => response.url().includes('/time-entries') && response.status() === 200
+        ),
+    ]);
+
+    // Verify the new duration is displayed (reporting views promote to HH:MM:SS format)
+    await expect(durationInput).toHaveValue('2:30:00');
+});
+
+// ──────────────────────────────────────────────────
+// Project Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that project multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const project1 = 'DetailProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'DetailProj2 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    // Wait for initial data load
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Open project multiselect and select project1
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify only project1 entry is shown
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Client Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that client multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const client1 = 'DetailClient1 ' + Math.floor(Math.random() * 10000);
+    const project1 = 'DetailClientProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'DetailClientProj2 ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const p1 = await createProjectViaApi(ctx, { name: project1, client_id: c1.id });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Filter by client1
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: client1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only entries for project1 (with client1) should be visible
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Task Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that task multiselect dropdown filters reporting by task', async ({ page, ctx }) => {
+    const projectName = 'TaskFilterProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'TaskFilter1 ' + Math.floor(Math.random() * 10000);
+    const task2 = 'TaskFilter2 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    const t2 = await createTaskViaApi(ctx, { name: task2, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task2}`,
+        duration: '2h',
+        projectId: project.id,
+        taskId: t2.id,
+    });
+
+    // Use the detailed view to verify task filtering (shows individual entries)
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+
+    // Open task multiselect dropdown
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+
+    // Verify both tasks appear
+    await expect(page.getByRole('option').filter({ hasText: task1 })).toBeVisible();
+    await expect(page.getByRole('option').filter({ hasText: task2 })).toBeVisible();
+
+    // Select task1
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows count of 1
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Verify only task1 entry is shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).not.toBeVisible();
+});
+
+test('test that selecting multiple tasks shows correct badge count', async ({ page, ctx }) => {
+    const projectName = 'MultiTaskProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'MultiTask1 ' + Math.floor(Math.random() * 10000);
+    const task2 = 'MultiTask2 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    const t2 = await createTaskViaApi(ctx, { name: task2, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task2}`,
+        duration: '2h',
+        projectId: project.id,
+        taskId: t2.id,
+    });
+
+    // Use the detailed view to verify task filtering
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+
+    // Select both tasks
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await page.getByRole('option').filter({ hasText: task2 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows count of 2
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('2')).toBeVisible();
+
+    // Verify both task entries are shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName} - ${task2}`).first()).toBeVisible();
+});
+
+test('test that deselecting a task removes the filter', async ({ page, ctx }) => {
+    const projectName = 'TaskDeselectProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'TaskDeselect1 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+
+    // Select task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Deselect task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(
+        page.getByRole('button', { name: 'Tasks' }).first().getByText(/^\d+$/)
+    ).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Member Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that member multiselect filters work on detailed reporting page', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'DetailMemberProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Filter by the current member
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'John Doe' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Data should still be visible since all entries belong to this member
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Verify badge shows count of 1
+    await expect(
+        page.getByRole('button', { name: 'Members' }).first().getByText('1')
+    ).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Tag Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that tag filter works on detailed reporting page', async ({ page, ctx }) => {
+    const tag1 = 'DetailTag1 ' + Math.floor(Math.random() * 10000);
+    const tag2 = 'DetailTag2 ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tag1, '1h');
+    await createTimeEntryWithTagViaApi(ctx, tag2, '2h');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag2}`).first()).toBeVisible();
+
+    // Filter by tag1
+    await page.getByRole('button', { name: 'Tags' }).click();
+    await page.getByRole('option').filter({ hasText: tag1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag2}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Billable Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that billable filter works on detailed reporting page', async ({ page, ctx }) => {
+    const projectName = 'DetailBillProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Filter by billable only
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Billable', exact: true }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+
+    // Switch to Non Billable
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Non Billable', exact: true }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+
+    // Switch back to Both
+    await page.getByRole('combobox').filter({ hasText: 'Non Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Both' }).click(),
+        waitForDetailedReportingUpdate(page),
+    ]);
+});
+
+// ──────────────────────────────────────────────────
+// Combined Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that combining project and task filters narrows results', async ({ page, ctx }) => {
+    const projectName = 'CombinedProj ' + Math.floor(Math.random() * 10000);
+    const otherProject = 'OtherCombProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'CombinedTask1 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: projectName });
+    const p2 = await createProjectViaApi(ctx, { name: otherProject });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: p1.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: p1.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${otherProject}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${otherProject}`).first()).toBeVisible();
+
+    // Filter by project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: projectName }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Additionally filter by task
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: task1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify both badges show count of 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Verify only the combined entry is shown
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${otherProject}`).first()).not.toBeVisible();
+});
+
+test('test that combining client and member filters narrows results on detailed page', async ({
+    page,
+    ctx,
+}) => {
+    const client1 = 'CombClient ' + Math.floor(Math.random() * 10000);
+    const project1 = 'CombClientProj ' + Math.floor(Math.random() * 10000);
+    const project2 = 'CombNoClientProj ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const p1 = await createProjectViaApi(ctx, { name: project1, client_id: c1.id });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).toBeVisible();
+
+    // Filter by client
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: client1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Additionally filter by member
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'John Doe' }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only project1 entry should be visible (filtered by client + member)
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project2}`).first()).not.toBeVisible();
+
+    // Both badges should show count of 1
+    await expect(
+        page.getByRole('button', { name: 'Clients' }).first().getByText('1')
+    ).toBeVisible();
+    await expect(
+        page.getByRole('button', { name: 'Members' }).first().getByText('1')
+    ).toBeVisible();
+});
+
+test('test that combining tag and project filters narrows results', async ({ page, ctx }) => {
+    const tag1 = 'CombTag ' + Math.floor(Math.random() * 10000);
+    const project1 = 'CombTagProj ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+
+    // Create a time entry with a project (no tag)
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+
+    // Create a time entry with a tag (no specific project)
+    await createTimeEntryWithTagViaApi(ctx, tag1, '2h');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+
+    // Filter by project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Only the project entry should be visible (tagged entry has no project)
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// "No X" Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that "No Project" filter shows entries without a project', async ({ page, ctx }) => {
+    const project1 = 'NoProj1 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare entry no project', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare entry no project').first()).toBeVisible();
+
+    // Open project dropdown and select "No Project"
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Project' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Verify badge shows 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+
+    // Only the bare entry (no project) should be visible
+    await expect(page.getByText('Bare entry no project').first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${project1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Task" filter shows entries without a task', async ({ page, ctx }) => {
+    const projectName = 'NoTaskProj ' + Math.floor(Math.random() * 10000);
+    const task1 = 'NoTaskFilter1 ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const t1 = await createTaskViaApi(ctx, { name: task1, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${task1}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: t1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '30min',
+        projectId: project.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectName}`).first()).toBeVisible();
+
+    // Open task dropdown and select "No Task"
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Task' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tasks' }).first().getByText('1')).toBeVisible();
+
+    // Only the entry without a task should be visible
+    await expect(page.getByText(`Entry for ${projectName} - ${task1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Tag" filter shows entries without tags', async ({ page, ctx }) => {
+    const tag1 = 'NoTagFilter1 ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tag1, '1h');
+    await createBareTimeEntryViaApi(ctx, 'Entry without any tag', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).toBeVisible();
+    await expect(page.getByText('Entry without any tag').first()).toBeVisible();
+
+    // Open tag dropdown and select "No Tag"
+    await page.getByRole('button', { name: 'Tags' }).click();
+    await page.getByRole('option').filter({ hasText: 'No Tag' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(page.getByRole('button', { name: 'Tags' }).getByText('1')).toBeVisible();
+
+    await expect(page.getByText('Entry without any tag').first()).toBeVisible();
+    await expect(page.getByText(`Entry with tag ${tag1}`).first()).not.toBeVisible();
+});
+
+test('test that "No Client" filter shows entries without a client', async ({ page, ctx }) => {
+    const client1 = 'NoClientFilter ' + Math.floor(Math.random() * 10000);
+    const projectWithClient = 'NoClientProj1 ' + Math.floor(Math.random() * 10000);
+    const projectNoClient = 'NoClientProj2 ' + Math.floor(Math.random() * 10000);
+
+    const c1 = await createClientViaApi(ctx, { name: client1 });
+    const pWithClient = await createProjectViaApi(ctx, {
+        name: projectWithClient,
+        client_id: c1.id,
+    });
+    const pNoClient = await createProjectViaApi(ctx, { name: projectNoClient });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectWithClient}`,
+        duration: '1h',
+        projectId: pWithClient.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectNoClient}`,
+        duration: '30min',
+        projectId: pNoClient.id,
+    });
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${projectWithClient}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectNoClient}`).first()).toBeVisible();
+
+    // Open client dropdown and select "No Client"
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Client' }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    await expect(
+        page.getByRole('button', { name: 'Clients' }).first().getByText('1')
+    ).toBeVisible();
+
+    await expect(page.getByText(`Entry for ${projectNoClient}`).first()).toBeVisible();
+    await expect(page.getByText(`Entry for ${projectWithClient}`).first()).not.toBeVisible();
+});
+
+test('test that combining "No Project" with a project ID shows both', async ({ page, ctx }) => {
+    const project1 = 'CombNoProj ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare combined entry', '30min');
+
+    await goToReportingDetailed(page);
+
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare combined entry').first()).toBeVisible();
+
+    // Select both "No Project" and the specific project
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await page.getByRole('option').filter({ hasText: 'No Project' }).click();
+    await page.getByRole('option').filter({ hasText: project1 }).click();
+
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Badge should show 2
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('2')
+    ).toBeVisible();
+
+    // Both entries should be visible
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+    await expect(page.getByText('Bare combined entry').first()).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Keyboard Navigation Tests
+// ──────────────────────────────────────────────────
+
+test('test that keyboard navigation works in multiselect dropdown', async ({ page, ctx }) => {
+    const project1 = 'KbNavProj1 ' + Math.floor(Math.random() * 10000);
+    const project2 = 'KbNavProj2 ' + Math.floor(Math.random() * 10000);
+
+    const p1 = await createProjectViaApi(ctx, { name: project1 });
+    const p2 = await createProjectViaApi(ctx, { name: project2 });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project1}`,
+        duration: '1h',
+        projectId: p1.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${project2}`,
+        duration: '2h',
+        projectId: p2.id,
+    });
+
+    await goToReportingDetailed(page);
+    await expect(page.getByText(`Entry for ${project1}`).first()).toBeVisible();
+
+    // Open project dropdown
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+
+    // The search input should be focused, first item ("No Project") highlighted
+    await expect(page.getByPlaceholder('Search for a Project...')).toBeFocused();
+
+    // Press ArrowDown to move to first project, then Enter to select it
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('ArrowDown');
+    await page.keyboard.press('Enter');
+
+    // Close dropdown and verify filter applied
+    await Promise.all([page.keyboard.press('Escape'), waitForDetailedReportingUpdate(page)]);
+
+    // Badge should show 1
+    await expect(
+        page.getByRole('button', { name: 'Projects' }).first().getByText('1')
+    ).toBeVisible();
+});

e2e/shared-reports.spec.ts

@@ -0,0 +1,918 @@
+import { expect } from '@playwright/test';
+import dayjs from 'dayjs';
+import utc from 'dayjs/plugin/utc.js';
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { test } from '../playwright/fixtures';
+
+dayjs.extend(utc);
+import {
+    createProjectViaApi,
+    createClientViaApi,
+    createTaskViaApi,
+    createTimeEntryViaApi,
+    createTimeEntryWithTagViaApi,
+    createBareTimeEntryViaApi,
+    createBillableProjectViaApi,
+    createTimeEntryWithBillableStatusViaApi,
+    createTagViaApi,
+    createReportViaApi,
+} from './utils/api';
+import {
+    goToReporting,
+    goToReportingShared,
+    waitForReportingUpdate,
+    saveAsSharedReport,
+} from './utils/reporting';
+
+// Each test registers a new user and creates test data via API
+test.describe.configure({ timeout: 30000 });
+
+// Date picker button name patterns for different date formats
+const DATE_PICKER_BUTTON_PATTERN =
+    /^Pick a date$|^\d{4}-\d{2}-\d{2}$|^\d{2}\/\d{2}\/\d{4}$|^\d{2}\.\d{2}\.\d{4}$/;
+
+// ──────────────────────────────────────────────────
+// Shared Report Lifecycle Tests
+// ──────────────────────────────────────────────────
+
+test('test that saving a report creates a shared report and its shareable link shows correct data', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'SharedProject ' + Math.floor(Math.random() * 10000);
+    const reportName = 'SharedReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // Verify report appears on shared tab
+    await goToReportingShared(page);
+    await expect(page.getByTestId('report_table')).toBeVisible();
+    await expect(page.getByText(reportName)).toBeVisible();
+    await expect(page.getByText('Public', { exact: true })).toBeVisible();
+    await expect(page.getByRole('button', { name: 'Copy URL' })).toBeVisible();
+
+    // Navigate to shareable link and verify report data
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectName)).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that shared report with invalid secret shows no data', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/shared-report#invalid-secret-value');
+    await expect(page.getByText('No time entries found').first()).toBeVisible();
+});
+
+test('test that a shared report can be edited to toggle public/private and then deleted', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'EditDelProject ' + Math.floor(Math.random() * 10000);
+    const reportName = 'EditDelReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    await saveAsSharedReport(page, reportName);
+
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+    await expect(page.getByText('Public', { exact: true })).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // Uncheck public and save
+    await page.getByLabel('Public').click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+
+    // Verify status changed to private
+    await expect(page.getByText('Private')).toBeVisible();
+    await expect(page.getByText('--')).toBeVisible();
+
+    // Delete the report
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem', { name: /^Delete Report/ }).click(),
+    ]);
+
+    await expect(page.getByText('No shared reports found')).toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Shared Report Filter Tests
+// ──────────────────────────────────────────────────
+
+test('test that shared report respects project filter', async ({ page, ctx }) => {
+    const projectA = 'FilterProjA ' + Math.floor(Math.random() * 10000);
+    const projectB = 'FilterProjB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'FilterProjReport ' + Math.floor(Math.random() * 10000);
+
+    const projA = await createProjectViaApi(ctx, { name: projectA });
+    const projB = await createProjectViaApi(ctx, { name: projectB });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectA}`,
+        duration: '1h',
+        projectId: projA.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectB}`,
+        duration: '2h',
+        projectId: projB.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectA)).toBeVisible();
+
+    // Filter by project A
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: projectA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectA)).toBeVisible();
+    await expect(page.getByText(projectB)).not.toBeVisible();
+});
+
+test('test that shared report with No Project filter shows entries without a project', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'NoProjFilter ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoProjReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Bare entry no project', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by "No Project"
+    await page.getByRole('button', { name: 'Projects' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Project' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    // The "No Project" group should show, but the project name should not appear as a group
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText(projectName)).not.toBeVisible();
+});
+
+test('test that shared report with No Task filter shows entries without a task', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'NoTaskProj ' + Math.floor(Math.random() * 10000);
+    const taskName = 'NoTaskFilter ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoTaskReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const task = await createTaskViaApi(ctx, { name: taskName, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} - ${taskName}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: task.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '2h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by "No Task"
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Task' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that shared report respects task filter', async ({ page, ctx }) => {
+    const projectName = 'TaskFilterProj ' + Math.floor(Math.random() * 10000);
+    const taskA = 'TaskA ' + Math.floor(Math.random() * 10000);
+    const taskB = 'TaskB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'TaskFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    const task = await createTaskViaApi(ctx, { name: taskA, project_id: project.id });
+    await createTaskViaApi(ctx, { name: taskB, project_id: project.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${taskA}`,
+        duration: '1h',
+        projectId: project.id,
+        taskId: task.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName} no task`,
+        duration: '2h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by task A
+    await page.getByRole('button', { name: 'Tasks' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: taskA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText('1:00:00').first()).toBeVisible();
+    await expect(page.getByText('3:00:00')).not.toBeVisible();
+});
+
+test('test that shared report respects client filter', async ({ page, ctx }) => {
+    const clientA = 'ClientA ' + Math.floor(Math.random() * 10000);
+    const clientB = 'ClientB ' + Math.floor(Math.random() * 10000);
+    const projectA = 'ClientFilterProjA ' + Math.floor(Math.random() * 10000);
+    const projectB = 'ClientFilterProjB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'ClientFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const cliA = await createClientViaApi(ctx, { name: clientA });
+    const cliB = await createClientViaApi(ctx, { name: clientB });
+    const projA = await createProjectViaApi(ctx, { name: projectA, client_id: cliA.id });
+    const projB = await createProjectViaApi(ctx, { name: projectB, client_id: cliB.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${clientA}`,
+        duration: '1h',
+        projectId: projA.id,
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${clientB}`,
+        duration: '2h',
+        projectId: projB.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectA)).toBeVisible();
+
+    // Filter by client A
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: clientA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectA)).toBeVisible();
+    await expect(page.getByText(projectB)).not.toBeVisible();
+});
+
+test('test that shared report respects tag filter', async ({ page, ctx }) => {
+    const tagA = 'TagA ' + Math.floor(Math.random() * 10000);
+    const tagB = 'TagB ' + Math.floor(Math.random() * 10000);
+    const reportName = 'TagFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const tagObjA = await createTagViaApi(ctx, { name: tagA });
+    await createTagViaApi(ctx, { name: tagB });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry with ${tagA}`,
+        duration: '1h',
+        tags: [tagObjA.id],
+    });
+    await createBareTimeEntryViaApi(ctx, 'Entry no tags', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText('Total')).toBeVisible();
+
+    // Filter by tag A
+    await page.getByRole('button', { name: 'Tags' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: tagA }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText('1:00:00').first()).toBeVisible();
+    await expect(page.getByText('3:00:00')).not.toBeVisible();
+});
+
+test('test that shared report respects member filter', async ({ page, ctx }) => {
+    const projectName = 'MemberFilterProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'MemberFilterReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by current member (John Doe)
+    await page.getByRole('button', { name: 'Members' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'John Doe' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report — should still show data since all entries belong to this member
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectName)).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that shared report with billable filter only shows billable entries', async ({
+    page,
+    ctx,
+}) => {
+    const reportName = 'BillableFilterReport ' + Math.floor(Math.random() * 10000);
+
+    // Create one billable (1h) and one non-billable (2h) entry
+    await createTimeEntryWithBillableStatusViaApi(ctx, true, '1h');
+    await createTimeEntryWithBillableStatusViaApi(ctx, false, '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText('Total')).toBeVisible();
+
+    // Filter by billable only
+    await page.getByRole('combobox').filter({ hasText: 'Billable' }).click();
+    await Promise.all([
+        page.getByRole('option', { name: 'Billable', exact: true }).click(),
+        waitForReportingUpdate(page),
+    ]);
+
+    // Verify only 1h shows before saving
+    await expect(page.getByTestId('reporting_view').getByText('1:00:00').first()).toBeVisible();
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // Navigate to the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+
+    // Shared report should only show the 1h billable entry, not the 2h non-billable
+    await expect(page.getByText('1:00:00').first()).toBeVisible();
+    await expect(page.getByText('3:00:00')).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Report Date Picker Tests
+// ──────────────────────────────────────────────────
+
+test('test that creating a report with an expiration date works', async ({ page, ctx }) => {
+    const projectName = 'DatePickerProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'DatePickerReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Open the save report modal
+    await page.getByRole('button', { name: 'Save Report' }).click();
+    await page.getByLabel('Name').fill(reportName);
+
+    // The "Public" checkbox should be checked by default, showing the date picker
+    const datePicker = page
+        .getByRole('dialog')
+        .getByRole('button', { name: DATE_PICKER_BUTTON_PATTERN });
+    await expect(datePicker).toBeVisible();
+    await datePicker.click();
+
+    // Select a date in the next month
+    const calendarGrid = page.getByRole('grid');
+    await expect(calendarGrid).toBeVisible({ timeout: 5000 });
+    await page.getByRole('button', { name: /Next/i }).click();
+    await page.getByRole('gridcell').filter({ hasText: /^15$/ }).first().click();
+
+    // Wait for the calendar to close
+    await expect(calendarGrid).not.toBeVisible();
+
+    // Create the report and verify it includes the public_until date
+    const [response] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+        page.getByRole('dialog').getByRole('button', { name: 'Create Report' }).click(),
+    ]);
+    const responseBody = await response.json();
+    expect(responseBody.data.public_until).toBeTruthy();
+});
+
+test('test that editing a report to make it public with expiration date works', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'EditDateProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'EditDateReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Open the save report modal and create a private report
+    await page.getByRole('button', { name: 'Save Report' }).click();
+    await page.getByLabel('Name').fill(reportName);
+
+    // Uncheck "Public" to create a private report
+    await page.getByLabel('Public').click();
+
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201
+        ),
+        page.getByRole('dialog').getByRole('button', { name: 'Create Report' }).click(),
+    ]);
+
+    // Go to shared reports and edit
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+    await expect(page.getByText('Private')).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // Check "Public" to make it public - this should show the date picker
+    await page.getByLabel('Public').click();
+
+    // The date picker should now be visible
+    const datePicker = page
+        .getByRole('dialog')
+        .getByRole('button', { name: DATE_PICKER_BUTTON_PATTERN });
+    await expect(datePicker).toBeVisible();
+    await datePicker.click();
+
+    // Select a date in the next month
+    const calendarGrid = page.getByRole('grid');
+    await expect(calendarGrid).toBeVisible({ timeout: 5000 });
+    await page.getByRole('button', { name: /Next/i }).click();
+    await page.getByRole('gridcell').filter({ hasText: /^20$/ }).first().click();
+
+    // Wait for the calendar to close
+    await expect(calendarGrid).not.toBeVisible();
+
+    // Update the report and verify it includes the public_until date
+    const [response] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+    const responseBody = await response.json();
+    expect(responseBody.data.public_until).toBeTruthy();
+    expect(responseBody.data.is_public).toBe(true);
+});
+
+test('test that shared report with No Client filter shows entries without a client', async ({
+    page,
+    ctx,
+}) => {
+    const clientName = 'NoClientCli ' + Math.floor(Math.random() * 10000);
+    const projectName = 'NoClientProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoClientReport ' + Math.floor(Math.random() * 10000);
+
+    const client = await createClientViaApi(ctx, { name: clientName });
+    const project = await createProjectViaApi(ctx, { name: projectName, client_id: client.id });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+    await createBareTimeEntryViaApi(ctx, 'Entry without client', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Filter by "No Client"
+    await page.getByRole('button', { name: 'Clients' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Client' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+    await expect(page.getByText(projectName)).not.toBeVisible();
+});
+
+test('test that shared report with No Tag filter shows entries without tags', async ({
+    page,
+    ctx,
+}) => {
+    const tagName = 'NoTagFilter ' + Math.floor(Math.random() * 10000);
+    const reportName = 'NoTagReport ' + Math.floor(Math.random() * 10000);
+
+    await createTimeEntryWithTagViaApi(ctx, tagName, '1h');
+    await createBareTimeEntryViaApi(ctx, 'Entry without tags', '2h');
+
+    await goToReporting(page);
+    await expect(page.getByText('Total')).toBeVisible();
+
+    // Filter by "No Tag"
+    await page.getByRole('button', { name: 'Tags' }).first().click();
+    await Promise.all([
+        page.getByRole('option').filter({ hasText: 'No Tag' }).click(),
+        waitForReportingUpdate(page),
+    ]);
+    await page.keyboard.press('Escape');
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // View the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText('Total')).toBeVisible();
+});
+
+test('test that creating a report with empty name shows validation error', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'EmptyNameProj ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Open the save report modal
+    await page.getByRole('button', { name: 'Save Report' }).click();
+
+    // Leave name empty and try to create
+    await page.getByRole('dialog').getByRole('button', { name: 'Create Report' }).click();
+
+    // Should show validation error
+    await expect(page.getByText('The name field is required')).toBeVisible();
+});
+
+test('test that updating report name works', async ({ page, ctx }) => {
+    const projectName = 'UpdateNameProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'OriginalName ' + Math.floor(Math.random() * 10000);
+    const newReportName = 'UpdatedName ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    await saveAsSharedReport(page, reportName);
+
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // Update the name
+    await page.getByLabel('Name', { exact: true }).fill(newReportName);
+
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+
+    // Verify the name was updated in the table
+    await expect(page.getByText(newReportName)).toBeVisible();
+    await expect(page.getByText(reportName)).not.toBeVisible();
+});
+
+test('test that updating expiration date on already-public report works', async ({ page, ctx }) => {
+    const projectName = 'UpdateExpDateProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'UpdateExpDateReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    // Create a public report (already public by default)
+    await saveAsSharedReport(page, reportName);
+
+    // Go to shared reports and edit
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+
+    // Click more options and edit
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+
+    // The date picker should be visible (report is already public)
+    const datePicker = page
+        .getByRole('dialog')
+        .getByRole('button', { name: DATE_PICKER_BUTTON_PATTERN });
+    await expect(datePicker).toBeVisible();
+    await datePicker.click();
+
+    // Select the 25th of next month
+    const calendarGrid = page.getByRole('grid');
+    await expect(calendarGrid).toBeVisible({ timeout: 5000 });
+    await page.getByRole('button', { name: /Next/i }).click();
+    await page.getByRole('gridcell').filter({ hasText: /^25$/ }).first().click();
+
+    // Wait for the calendar to close
+    await expect(calendarGrid).not.toBeVisible();
+
+    // Update the report and verify it includes the correct public_until date
+    const [response] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+    const responseBody = await response.json();
+    expect(responseBody.data.public_until).toBeTruthy();
+
+    // Verify the date is the 25th of a future month
+    const returnedDate = new Date(responseBody.data.public_until);
+    expect(returnedDate.getUTCDate()).toBe(25);
+
+    // The returned date should be in the future
+    const now = new Date();
+    expect(returnedDate.getTime()).toBeGreaterThan(now.getTime());
+});
+
+test('test that clearing the expiration date on a report works', async ({ page, ctx }) => {
+    const reportName = 'ClearExpReport ' + Math.floor(Math.random() * 10000);
+
+    // Create a public report with an expiration date via API
+    await createReportViaApi(ctx, {
+        name: reportName,
+        is_public: true,
+        public_until: dayjs().add(1, 'month').utc().format('YYYY-MM-DDTHH:mm:ss[Z]'),
+    });
+
+    // Go to shared reports and edit the report
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // The date picker should show a date (not "Pick a date")
+    await expect(
+        page.getByRole('dialog').getByRole('button', { name: 'Pick a date' })
+    ).not.toBeVisible();
+
+    // Click the clear button (X icon) to remove the expiration date
+    const clearButton = page
+        .getByRole('dialog')
+        .locator('[role="button"]')
+        .filter({ has: page.locator('svg.lucide-x') });
+    await expect(clearButton).toBeVisible();
+    await clearButton.click();
+
+    // The date picker should now show "Pick a date"
+    await expect(
+        page.getByRole('dialog').getByRole('button', { name: 'Pick a date' })
+    ).toBeVisible();
+
+    // The clear button should no longer be visible
+    await expect(clearButton).not.toBeVisible();
+
+    // Update the report and verify public_until is null
+    const [updateResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/reports/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Report' }).click(),
+    ]);
+    const updateBody = await updateResponse.json();
+    expect(updateBody.data.public_until).toBeNull();
+});
+
+test('test that date picker clear button is not visible when no date is set', async ({
+    page,
+    ctx,
+}) => {
+    const reportName = 'NoClearReport ' + Math.floor(Math.random() * 10000);
+
+    // Create a public report without an expiration date via API
+    await createReportViaApi(ctx, {
+        name: reportName,
+        is_public: true,
+        public_until: null,
+    });
+
+    // Go to shared reports and edit the report
+    await goToReportingShared(page);
+    await expect(page.getByText(reportName)).toBeVisible();
+
+    await page
+        .getByRole('button', { name: new RegExp('Actions for Project ' + reportName) })
+        .click();
+    await page.getByRole('menuitem', { name: /^Edit Report/ }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // The date picker should show "Pick a date"
+    await expect(
+        page.getByRole('dialog').getByRole('button', { name: 'Pick a date' })
+    ).toBeVisible();
+
+    // The clear button should NOT be visible
+    const clearButton = page
+        .getByRole('dialog')
+        .locator('[role="button"]')
+        .filter({ has: page.locator('svg.lucide-x') });
+    await expect(clearButton).not.toBeVisible();
+});
+
+// ──────────────────────────────────────────────────
+// Shared Report Cost Column Tests
+// ──────────────────────────────────────────────────
+
+test('test that shared report displays cost column correctly aligned with data rows', async ({
+    page,
+    ctx,
+}) => {
+    const projectName = 'BillableProj ' + Math.floor(Math.random() * 10000);
+    const reportName = 'BillableReport ' + Math.floor(Math.random() * 10000);
+
+    const project = await createBillableProjectViaApi(ctx, {
+        name: projectName,
+        billable_rate: 10000, // 100.00 per hour
+    });
+    await createTimeEntryViaApi(ctx, {
+        description: `Entry for ${projectName}`,
+        duration: '1h',
+        projectId: project.id,
+        billable: true,
+    });
+
+    await goToReporting(page);
+    await expect(page.getByTestId('reporting_view').getByText(projectName)).toBeVisible();
+
+    const { shareableLink } = await saveAsSharedReport(page, reportName);
+
+    // Navigate to the shared report
+    await page.goto(shareableLink);
+    await expect(page.getByText('Reporting')).toBeVisible();
+    await expect(page.getByText(projectName)).toBeVisible();
+
+    // Verify the table header has all three columns
+    await expect(page.getByText('Name', { exact: true })).toBeVisible();
+    await expect(page.getByText('Duration', { exact: true })).toBeVisible();
+    await expect(page.getByText('Cost', { exact: true })).toBeVisible();
+
+    // Verify the Total row displays both duration and cost
+    await expect(page.getByText('Total')).toBeVisible();
+
+    // The data rows should render cost values (not just header + duration)
+    // With 1h at 100/h the cost should be displayed somewhere in the table
+    // If showCost is not passed to ReportingRow, only the header "Cost" and
+    // the Total row cost will render, but individual row costs will be missing
+    const table = page.locator('[style*="grid-template-columns"]');
+    // Count elements containing the cost value - header "Cost" + project row cost + total row cost = 3
+    // If broken (showCost not passed), the project row won't render its cost cell
+    await expect(table.getByText(/100/).first()).toBeVisible();
+
+    // Verify the cost value appears at least twice in the table
+    // (once for the data row, once for the total) beyond just the header
+    const costValues = table.getByText(/100/);
+    await expect(costValues).toHaveCount(2);
+});

e2e/tags.spec.ts

@@ -1,13 +1,15 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
+import { createTagViaApi } from './utils/api';
+import { getTableRowNames } from './utils/table';
 
 async function goToTagsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/tags');
 }
 
-// Create new project via modal
-test('test that creating and deleting a new client via the modal works', async ({ page }) => {
+test('test that creating and deleting a new tag via the modal works', async ({ page }) => {
     const newTagName = 'New Tag ' + Math.floor(1 + Math.random() * 10000);
     await goToTagsOverview(page);
     await page.getByRole('button', { name: 'Create Tag' }).click();
@@ -40,3 +42,186 @@ test('test that creating and deleting a new client via the modal works', async (
     ]);
     await expect(page.getByTestId('tag_table')).not.toContainText(newTagName);
 });
+
+test('test that editing a tag name works', async ({ page, ctx }) => {
+    const originalTagName = 'Original Tag ' + Math.floor(1 + Math.random() * 10000);
+    const updatedTagName = 'Updated Tag ' + Math.floor(1 + Math.random() * 10000);
+
+    await createTagViaApi(ctx, { name: originalTagName });
+
+    await goToTagsOverview(page);
+    await expect(page.getByTestId('tag_table')).toContainText(originalTagName);
+
+    // Open actions menu and click Edit
+    const moreButton = page.locator("[aria-label='Actions for Tag " + originalTagName + "']");
+    await moreButton.click();
+    await page.getByRole('menuitem').getByText('Edit').click();
+
+    // Update the tag name in the edit modal
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await page.getByPlaceholder('Tag Name').fill(updatedTagName);
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/tags/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Tag' }).click(),
+    ]);
+
+    // Verify the table shows the updated name
+    await expect(page.getByTestId('tag_table')).toContainText(updatedTagName);
+    await expect(page.getByTestId('tag_table')).not.toContainText(originalTagName);
+});
+
+test('test that multiple tags can be created via API and displayed in the table', async ({
+    page,
+    ctx,
+}) => {
+    const tagName1 = 'TagA ' + Math.floor(1 + Math.random() * 10000);
+    const tagName2 = 'TagB ' + Math.floor(1 + Math.random() * 10000);
+
+    await createTagViaApi(ctx, { name: tagName1 });
+    await createTagViaApi(ctx, { name: tagName2 });
+
+    await goToTagsOverview(page);
+    await expect(page.getByTestId('tag_table')).toContainText(tagName1);
+    await expect(page.getByTestId('tag_table')).toContainText(tagName2);
+});
+
+// =============================================
+// Context Menu Tests
+// =============================================
+
+test('test that tag context menu edit updates the tag', async ({ page, ctx }) => {
+    const tagName = 'CtxEditTag ' + Math.floor(1 + Math.random() * 10000);
+    const updatedName = 'CtxUpdatedTag ' + Math.floor(1 + Math.random() * 10000);
+    await createTagViaApi(ctx, { name: tagName });
+    await goToTagsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: tagName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await page.getByRole('menuitem', { name: 'Edit' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    await page.getByPlaceholder('Tag Name').fill(updatedName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Tag' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/tags') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
+
+    await expect(page.getByTestId('tag_table')).toContainText(updatedName);
+    await expect(page.getByTestId('tag_table')).not.toContainText(tagName);
+});
+
+test('test that tag context menu delete deletes the tag', async ({ page, ctx }) => {
+    const tagName = 'CtxDeleteTag ' + Math.floor(1 + Math.random() * 10000);
+    await createTagViaApi(ctx, { name: tagName });
+    await goToTagsOverview(page);
+
+    const row = page.getByRole('row').filter({ hasText: tagName }).first();
+    await expect(row).toBeVisible();
+    await row.click({ button: 'right' });
+    await expect(page.getByRole('menu')).toBeVisible();
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/tags') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('menuitem', { name: 'Delete' }).click(),
+    ]);
+    await expect(page.getByTestId('tag_table')).not.toContainText(tagName);
+});
+
+// =============================================
+// Sorting Tests
+// =============================================
+
+async function clearTagTableState(page: Page) {
+    await page.evaluate(() => {
+        localStorage.removeItem('tag-table-state');
+    });
+}
+
+test('test that sorting tags by name works', async ({ page, ctx }) => {
+    await createTagViaApi(ctx, { name: 'AAA SortTag' });
+    await createTagViaApi(ctx, { name: 'ZZZ SortTag' });
+
+    await goToTagsOverview(page);
+    await clearTagTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('tag_table');
+    await expect(table).toBeVisible();
+
+    // Default is name asc
+    let names = await getTableRowNames(table);
+    expect(names.indexOf('AAA SortTag')).toBeLessThan(names.indexOf('ZZZ SortTag'));
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    names = await getTableRowNames(table);
+    expect(names.indexOf('ZZZ SortTag')).toBeLessThan(names.indexOf('AAA SortTag'));
+});
+
+test('test that tag sort state persists after page reload', async ({ page }) => {
+    await goToTagsOverview(page);
+    await clearTagTableState(page);
+    await page.reload();
+
+    const table = page.getByTestId('tag_table');
+    await expect(table).toBeVisible();
+
+    const nameHeader = table.getByText('Name').first();
+    await nameHeader.click(); // toggle to desc
+    await expect(nameHeader.locator('svg')).toBeVisible();
+
+    await page.reload();
+
+    await expect(page.getByTestId('tag_table')).toBeVisible();
+    await expect(
+        page.getByTestId('tag_table').getByText('Name').first().locator('svg')
+    ).toBeVisible();
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Tags Restrictions', () => {
+    test('employee can view tags but cannot create', async ({ ctx, employee }) => {
+        const tagName = 'EmpViewTag ' + Math.floor(Math.random() * 10000);
+        await createTagViaApi(ctx, { name: tagName });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/tags');
+        await expect(employee.page.getByTestId('tags_view')).toBeVisible({ timeout: 10000 });
+
+        // Employee can see the tag (tags are visible to all members with tags:view)
+        await expect(employee.page.getByText(tagName)).toBeVisible({ timeout: 10000 });
+
+        // Employee cannot see Create Tag button
+        await expect(employee.page.getByRole('button', { name: 'Create Tag' })).not.toBeVisible();
+    });
+
+    test('employee cannot see edit/delete actions on tags', async ({ ctx, employee }) => {
+        const tagName = 'EmpActionsTag ' + Math.floor(Math.random() * 10000);
+        await createTagViaApi(ctx, { name: tagName });
+
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/tags');
+        await expect(employee.page.getByText(tagName)).toBeVisible({ timeout: 10000 });
+
+        // Actions button should not be visible for employee
+        const actionsButton = employee.page.locator(`[aria-label='Actions for Tag ${tagName}']`);
+        await expect(actionsButton).not.toBeVisible();
+    });
+});

e2e/tasks.spec.ts

@@ -1,13 +1,20 @@
-import { expect, Page } from '@playwright/test';
+import { expect } from '@playwright/test';
+import type { Page } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
+import {
+    createProjectViaApi,
+    createPublicProjectViaApi,
+    createTaskViaApi,
+    createClientViaApi,
+    updateOrganizationSettingViaApi,
+} from './utils/api';
 
 async function goToProjectsOverview(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/projects');
 }
 
-// Create new project via modal
-test('test that creating and deleting a new tag in a new project works', async ({ page }) => {
+test('test that creating and deleting a new task in a new project works', async ({ page }) => {
     const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
     await goToProjectsOverview(page);
     await page.getByRole('button', { name: 'Create Project' }).click();
@@ -27,11 +34,9 @@ test('test that creating and deleting a new tag in a new project works', async (
     ]);
 
     await expect(page.getByTestId('project_table')).toContainText(newProjectName);
-
     await page.getByText(newProjectName).click();
 
-    const newTaskName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
-
+    const newTaskName = 'New Task ' + Math.floor(1 + Math.random() * 10000);
     await page.getByRole('button', { name: 'Create Task' }).click();
     await page.getByPlaceholder('Task Name').fill(newTaskName);
 
@@ -83,23 +88,14 @@ test('test that creating and deleting a new tag in a new project works', async (
     await expect(page.getByTestId('project_table')).not.toContainText(newProjectName);
 });
 
-test('test that archiving and unarchiving tasks works', async ({ page }) => {
+test('test that archiving and unarchiving tasks works', async ({ page, ctx }) => {
     const newProjectName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
-    const newTaskName = 'New Project ' + Math.floor(1 + Math.random() * 10000);
+    const newTaskName = 'New Task ' + Math.floor(1 + Math.random() * 10000);
 
-    await goToProjectsOverview(page);
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await page.getByLabel('Project Name').fill(newProjectName);
-
-    await page.getByRole('button', { name: 'Create Project' }).click();
-    await expect(page.getByText(newProjectName)).toBeVisible();
-
-    await page.getByText(newProjectName).click();
-
-    await page.getByRole('button', { name: 'Create Task' }).click();
-    await page.getByPlaceholder('Task Name').fill(newTaskName);
-    await page.getByRole('button', { name: 'Create Task' }).click();
+    const project = await createProjectViaApi(ctx, { name: newProjectName });
+    await createTaskViaApi(ctx, { name: newTaskName, project_id: project.id });
 
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
     await expect(page.getByRole('table')).toContainText(newTaskName);
 
     await page.getByRole('row').first().getByRole('button').click();
@@ -123,14 +119,194 @@ test('test that archiving and unarchiving tasks works', async ({ page }) => {
     ]);
 });
 
-// Create new project with new Client
+test('test that editing a task name works', async ({ page, ctx }) => {
+    const projectName = 'TaskEdit Project ' + Math.floor(1 + Math.random() * 10000);
+    const originalTaskName = 'Original Task ' + Math.floor(1 + Math.random() * 10000);
+    const updatedTaskName = 'Updated Task ' + Math.floor(1 + Math.random() * 10000);
 
-// Create new project with existing Client
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTaskViaApi(ctx, { name: originalTaskName, project_id: project.id });
 
-// Delete project via More Options
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+    await expect(page.getByTestId('task_table')).toContainText(originalTaskName);
 
-// Test that project task count is displayed correctly
+    // Open actions menu and click Edit
+    const moreButton = page.locator("[aria-label='Actions for Task " + originalTaskName + "']");
+    await moreButton.click();
+    await page.getByRole('menuitem').getByText('Edit').click();
 
-// Test that active / archive / all filter works (once implemented)
+    // Update the task name
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await page.getByPlaceholder('Task Name').fill(updatedTaskName);
+    await Promise.all([
+        page.getByRole('button', { name: 'Update Task' }).click(),
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/tasks') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+    ]);
 
-// Test update task name
+    await expect(page.getByTestId('task_table')).toContainText(updatedTaskName);
+    await expect(page.getByTestId('task_table')).not.toContainText(originalTaskName);
+});
+
+test('test that creating a project with an existing client works', async ({ page, ctx }) => {
+    const clientName = 'Existing Client ' + Math.floor(1 + Math.random() * 10000);
+    const projectName = 'Project With Client ' + Math.floor(1 + Math.random() * 10000);
+
+    await createClientViaApi(ctx, { name: clientName });
+
+    await goToProjectsOverview(page);
+    await page.getByRole('button', { name: 'Create Project' }).click();
+    await page.getByLabel('Project Name').fill(projectName);
+
+    // Select the existing client
+    await page.getByRole('dialog').getByRole('button', { name: 'No Client' }).click();
+    await page.getByRole('option', { name: clientName }).click();
+
+    await Promise.all([
+        page.getByRole('dialog').getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.client_id !== null
+        ),
+    ]);
+
+    await expect(page.getByTestId('project_table')).toContainText(projectName);
+    await expect(page.getByTestId('project_table')).toContainText(clientName);
+});
+
+test('test that multiple tasks are displayed on project detail page', async ({ page, ctx }) => {
+    const projectName = 'TaskCount Project ' + Math.floor(1 + Math.random() * 10000);
+    const taskName1 = 'CountTask A ' + Math.floor(1 + Math.random() * 10000);
+    const taskName2 = 'CountTask B ' + Math.floor(1 + Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: projectName });
+    await createTaskViaApi(ctx, { name: taskName1, project_id: project.id });
+    await createTaskViaApi(ctx, { name: taskName2, project_id: project.id });
+
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+    await expect(page.getByText(taskName1)).toBeVisible();
+    await expect(page.getByText(taskName2)).toBeVisible();
+});
+
+test('test that creating a new project from the task create modal project dropdown works', async ({
+    page,
+    ctx,
+}) => {
+    const existingProjectName = 'Existing Project ' + Math.floor(1 + Math.random() * 10000);
+    const newProjectName = 'Dropdown Created Project ' + Math.floor(1 + Math.random() * 10000);
+    const newTaskName = 'Task With New Project ' + Math.floor(1 + Math.random() * 10000);
+
+    const project = await createProjectViaApi(ctx, { name: existingProjectName });
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + project.id);
+
+    // Open the Create Task modal
+    await page.getByRole('button', { name: 'Create Task' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+    await page.getByPlaceholder('Task Name').fill(newTaskName);
+
+    // Open the project dropdown (it should show the current project)
+    await page.getByRole('dialog').getByRole('button', { name: existingProjectName }).click();
+
+    // Click "Create new Project" at the bottom of the dropdown
+    await page.getByText('Create new Project').click();
+
+    // The ProjectCreateModal should appear
+    await expect(page.getByLabel('Project name')).toBeVisible();
+    await page.getByLabel('Project name').fill(newProjectName);
+
+    // Submit the project creation
+    await Promise.all([
+        page.getByRole('button', { name: 'Create Project' }).click(),
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/projects') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.name === newProjectName
+        ),
+    ]);
+
+    // The project dropdown trigger should now show the new project name
+    await expect(
+        page.getByRole('dialog').getByRole('button', { name: newProjectName })
+    ).toBeVisible();
+
+    // Submit the task and capture the response to get the new project ID
+    const [taskResponse] = await Promise.all([
+        page.waitForResponse(
+            async (response) =>
+                response.url().includes('/tasks') &&
+                response.request().method() === 'POST' &&
+                response.status() === 201 &&
+                (await response.json()).data.name === newTaskName
+        ),
+        page.getByRole('button', { name: 'Create Task' }).click(),
+    ]);
+
+    const taskData = await taskResponse.json();
+    const newProjectId = taskData.data.project_id;
+
+    // Navigate to the new project's page and verify the task is there
+    await page.goto(PLAYWRIGHT_BASE_URL + '/projects/' + newProjectId);
+    await expect(page.getByTestId('task_table')).toContainText(newTaskName);
+});
+
+// =============================================
+// Employee Permission Tests
+// =============================================
+
+test.describe('Employee Tasks Restrictions', () => {
+    test('employee cannot see task management actions when employees_can_manage_tasks is disabled', async ({
+        ctx,
+        employee,
+    }) => {
+        // Create a public project with a task
+        const projectName = 'EmpTaskProj ' + Math.floor(Math.random() * 10000);
+        const taskName = 'EmpTask ' + Math.floor(Math.random() * 10000);
+        const project = await createPublicProjectViaApi(ctx, { name: projectName });
+        await createTaskViaApi(ctx, { name: taskName, project_id: project.id });
+
+        // Navigate to the project detail page
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+        await employee.page.getByText(projectName).first().click();
+        await employee.page.waitForURL(/\/projects\/[a-f0-9-]+/);
+
+        // Task should be visible
+        await expect(employee.page.getByText(taskName)).toBeVisible({ timeout: 10000 });
+
+        // Create Task button should not be visible
+        await expect(employee.page.getByRole('button', { name: 'Create Task' })).not.toBeVisible();
+
+        // Task actions button should not be visible
+        const actionsButton = employee.page.locator(`[aria-label='Actions for Task ${taskName}']`);
+        await expect(actionsButton).not.toBeVisible();
+    });
+
+    test('employee can manage tasks when employees_can_manage_tasks is enabled', async ({
+        ctx,
+        employee,
+    }) => {
+        // Enable the setting
+        await updateOrganizationSettingViaApi(ctx, { employees_can_manage_tasks: true });
+
+        const projectName = 'EmpTaskMgmtProj ' + Math.floor(Math.random() * 10000);
+        await createPublicProjectViaApi(ctx, { name: projectName });
+
+        // Navigate to the project detail page
+        await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
+        await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
+        await employee.page.getByText(projectName).first().click();
+        await employee.page.waitForURL(/\/projects\/[a-f0-9-]+/);
+
+        // Create Task button SHOULD be visible
+        await expect(employee.page.getByRole('button', { name: 'Create Task' })).toBeVisible();
+    });
+});

e2e/timesheet-overlap.spec.ts

@@ -0,0 +1,437 @@
+/**
+ * E2E coverage for the timesheet overlap-prevention logic introduced
+ * in `useTimesheetCellMutations` (Phase 1+2+3 of the overlap fix).
+ *
+ * Each test:
+ *   1. Pre-creates entries via the API to set up a deterministic
+ *      day-of-work scenario,
+ *   2. Triggers ONE cell edit through the UI,
+ *   3. Reads the resulting entries back via the API and asserts on
+ *      the start/end placement.
+ *
+ * Pre-creating rows (rather than driving the "Add row" + project picker
+ * UI) keeps the tests focused on the placement logic and out of the
+ * project-dropdown's flake surface.
+ */
+
+import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { test } from '../playwright/fixtures';
+import { expect } from '@playwright/test';
+import type { Page, Request } from '@playwright/test';
+import {
+    createProjectViaApi,
+    createTimeEntryAtHourViaApi,
+    getTimeEntriesViaApi,
+} from './utils/api';
+
+// ──────────────────────────────────────────────────
+// Helpers
+// ──────────────────────────────────────────────────
+
+async function goToTimesheet(page: Page) {
+    await page.addInitScript(() => {
+        window.localStorage.setItem('showReleaseInfo-desktop', 'false');
+    });
+    await page.goto(PLAYWRIGHT_BASE_URL + '/timesheet');
+}
+
+function getMonday(d: Date): Date {
+    const date = new Date(d);
+    const day = date.getUTCDay();
+    const diff = date.getUTCDate() - day + (day === 0 ? -6 : 1);
+    date.setUTCDate(diff);
+    date.setUTCHours(0, 0, 0, 0);
+    return date;
+}
+
+function getCurrentWeekMonday(): Date {
+    return getMonday(new Date());
+}
+
+async function waitForTimesheetLoad(page: Page) {
+    await expect(page.getByTestId('timesheet_view')).toBeVisible();
+    await expect(page.getByTestId('timesheet_week_display')).toBeVisible();
+
+    const timezoneMismatchModal = page
+        .getByRole('dialog')
+        .filter({ hasText: 'Timezone mismatch detected' });
+    if (await timezoneMismatchModal.isVisible().catch(() => false)) {
+        await timezoneMismatchModal.getByRole('button', { name: 'Cancel' }).click();
+        await expect(timezoneMismatchModal).not.toBeVisible();
+    }
+}
+
+const HOUR = 3600;
+
+function utcHourOf(iso: string): number {
+    return new Date(iso).getUTCHours();
+}
+
+function utcMinuteOf(iso: string): number {
+    return new Date(iso).getUTCMinutes();
+}
+
+function sortByStart<T extends { start: string }>(entries: T[]): T[] {
+    return [...entries].sort((a, b) => a.start.localeCompare(b.start));
+}
+
+/**
+ * Returns the locator for the row whose project name matches the given
+ * substring. Robust against ordering changes.
+ */
+function rowByProject(page: Page, projectName: string) {
+    return page.locator('[data-testid="timesheet_row"]').filter({ hasText: projectName });
+}
+
+/**
+ * Returns the locator for the input in the (row, dayIndex) cell, where
+ * the row is identified by project name.
+ */
+function cellInputByProject(page: Page, projectName: string, dayIndex: number) {
+    return rowByProject(page, projectName)
+        .locator('[data-testid="timesheet_cell"]')
+        .nth(dayIndex)
+        .locator('input');
+}
+
+/** Asserts that no entries in the list overlap each other. */
+function expectNoOverlaps(entries: Array<{ start: string; end: string | null }>) {
+    const sorted = sortByStart(entries.filter((e) => e.end !== null));
+    for (let i = 1; i < sorted.length; i++) {
+        const prev = sorted[i - 1]!;
+        const curr = sorted[i]!;
+        expect(
+            curr.start >= prev.end!,
+            `entries overlap: ${prev.start}–${prev.end} vs ${curr.start}–${curr.end}`
+        ).toBe(true);
+    }
+}
+
+// ──────────────────────────────────────────────────
+// Phase 1: createCell — overlap avoidance when cell is empty
+// ──────────────────────────────────────────────────
+
+test('extendCell on a row that has no entries on the day yet places after another row (Scenario #4)', async ({
+    page,
+    ctx,
+}) => {
+    // Setup: project A has Monday 09:00–10:00, project B has Tuesday
+    // 09:00–10:00. The B row is therefore visible on the timesheet but
+    // has an EMPTY cell on Monday. Typing into B's Monday cell exercises
+    // the createCell path (cell empty → place a new entry).
+    const monday = getCurrentWeekMonday();
+    const tuesday = new Date(monday);
+    tuesday.setUTCDate(monday.getUTCDate() + 1);
+
+    const projectA = await createProjectViaApi(ctx, { name: 'OverlapAlpha' });
+    const projectB = await createProjectViaApi(ctx, { name: 'OverlapBravo' });
+
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: monday,
+        startHour: 9,
+        durationSeconds: HOUR,
+        projectId: projectA.id,
+    });
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: tuesday,
+        startHour: 9,
+        durationSeconds: HOUR,
+        projectId: projectB.id,
+    });
+
+    await Promise.all([goToTimesheet(page), waitForTimesheetLoad(page)]);
+    await expect(page.locator('[data-testid="timesheet_row"]')).toHaveCount(2);
+
+    // Type 1h into project B's Monday cell. The createCell path should
+    // place it AFTER project A's 09:00–10:00 (i.e. at 10:00 or later),
+    // not at 09:00.
+    const input = cellInputByProject(page, 'OverlapBravo', 0);
+    await input.click();
+    await input.fill('1');
+
+    await Promise.all([
+        page.waitForResponse(
+            (resp) =>
+                resp.url().includes('/time-entries') &&
+                resp.request().method() === 'POST' &&
+                resp.status() === 201
+        ),
+        input.press('Enter'),
+    ]);
+
+    const entries = await getTimeEntriesViaApi(ctx);
+    const bMondayEntry = entries.find(
+        (e) =>
+            e.project_id === projectB.id &&
+            new Date(e.start).getTime() >= monday.getTime() &&
+            new Date(e.start).getTime() < tuesday.getTime()
+    )!;
+    expect(bMondayEntry).toBeDefined();
+    // 09:00 is blocked → must be at 10:00 or later.
+    expect(utcHourOf(bMondayEntry.start)).toBeGreaterThanOrEqual(10);
+    expectNoOverlaps(entries);
+});
+
+test('createCell refuses to cross midnight when day is full (Scenario #3)', async ({
+    page,
+    ctx,
+}) => {
+    // Setup: fill Monday 01:00–23:00 (22 hours, leaving 1h before and
+    // 1h after — neither big enough for a 3h ask). Project B is on
+    // Tuesday so the B row exists with an empty Monday cell. Typing 3h
+    // into B's Monday cell should be refused.
+    //
+    // We start at 01:00 (not 00:00) because the API's time-entry
+    // filter excludes entries whose `start` equals the query's `start`
+    // bound exactly. Using 01:00 avoids that boundary condition.
+    const monday = getCurrentWeekMonday();
+    const tuesday = new Date(monday);
+    tuesday.setUTCDate(monday.getUTCDate() + 1);
+
+    const projectFull = await createProjectViaApi(ctx, { name: 'OverlapFull' });
+    const projectNew = await createProjectViaApi(ctx, { name: 'OverlapNoRoom' });
+
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: monday,
+        startHour: 1,
+        durationSeconds: 22 * HOUR,
+        projectId: projectFull.id,
+    });
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: tuesday,
+        startHour: 9,
+        durationSeconds: HOUR,
+        projectId: projectNew.id,
+    });
+
+    await Promise.all([goToTimesheet(page), waitForTimesheetLoad(page)]);
+    await expect(page.locator('[data-testid="timesheet_row"]')).toHaveCount(2);
+
+    const input = cellInputByProject(page, 'OverlapNoRoom', 0);
+    const seenMutationRequests: string[] = [];
+    const onRequest = (request: Request) => {
+        if (request.url().includes('/time-entries') && request.method() !== 'GET') {
+            seenMutationRequests.push(request.method());
+        }
+    };
+    page.on('request', onRequest);
+    await input.click();
+    await input.fill('3');
+    await input.press('Enter');
+
+    await expect(page.getByText("This day can't fit any more work")).toBeVisible();
+    page.off('request', onRequest);
+
+    const entries = await getTimeEntriesViaApi(ctx);
+    // The new project should still only have its Tuesday entry.
+    const newEntries = entries.filter((e) => e.project_id === projectNew.id);
+    expect(seenMutationRequests).toEqual([]);
+    expect(newEntries).toHaveLength(1);
+    expect(utcHourOf(newEntries[0]!.start)).toBe(9);
+    // The Tuesday entry's date is unchanged (still Tuesday).
+    expect(new Date(newEntries[0]!.start).getUTCDay()).toBe(2);
+});
+
+// ──────────────────────────────────────────────────
+// Phase 2: extendCell — collision detection + split
+// ──────────────────────────────────────────────────
+
+test('extendCell splits the extension when another row blocks the path (Scenario #5)', async ({
+    page,
+    ctx,
+}) => {
+    // Setup:
+    //   - project A on Monday 09:00–10:00 (1h)
+    //   - project B on Monday 10:30–11:30 (1h, blocker)
+    // Bumping A's Monday cell from 1h to 3h (+2h) should:
+    //   - extend A to 09:00–10:30 (filling the 30min gap)
+    //   - place a new A entry at 11:30–13:00 (the remaining 90min)
+    const monday = getCurrentWeekMonday();
+    const projectA = await createProjectViaApi(ctx, { name: 'OverlapExtend' });
+    const projectB = await createProjectViaApi(ctx, { name: 'OverlapBlocker' });
+
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: monday,
+        startHour: 9,
+        durationSeconds: HOUR,
+        projectId: projectA.id,
+    });
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: monday,
+        startHour: 10,
+        startMinute: 30,
+        durationSeconds: HOUR,
+        projectId: projectB.id,
+    });
+
+    await Promise.all([goToTimesheet(page), waitForTimesheetLoad(page)]);
+    await expect(page.locator('[data-testid="timesheet_row"]')).toHaveCount(2);
+
+    const input = cellInputByProject(page, 'OverlapExtend', 0);
+    await input.click();
+    await input.fill('3');
+    await Promise.all([
+        page.waitForResponse(
+            (resp) =>
+                resp.url().includes('/time-entries') &&
+                resp.request().method() === 'PUT' &&
+                resp.status() === 200
+        ),
+        page.waitForResponse(
+            (resp) =>
+                resp.url().includes('/time-entries') &&
+                resp.request().method() === 'POST' &&
+                resp.status() === 201
+        ),
+        input.press('Enter'),
+    ]);
+
+    const entries = await getTimeEntriesViaApi(ctx);
+    const aEntries = entries.filter((e) => e.project_id === projectA.id);
+    const bEntries = entries.filter((e) => e.project_id === projectB.id);
+
+    // The blocker is unchanged.
+    expect(bEntries).toHaveLength(1);
+    expect(utcHourOf(bEntries[0]!.start)).toBe(10);
+    expect(utcMinuteOf(bEntries[0]!.start)).toBe(30);
+
+    // Project A should now have 2 entries.
+    expect(aEntries).toHaveLength(2);
+    const sortedA = sortByStart(aEntries);
+    // Extended entry: 09:00 → 10:30
+    expect(utcHourOf(sortedA[0]!.start)).toBe(9);
+    expect(utcHourOf(sortedA[0]!.end!)).toBe(10);
+    expect(utcMinuteOf(sortedA[0]!.end!)).toBe(30);
+    // Split remainder: 11:30 → 13:00
+    expect(utcHourOf(sortedA[1]!.start)).toBe(11);
+    expect(utcMinuteOf(sortedA[1]!.start)).toBe(30);
+
+    // No overlaps anywhere on the day.
+    expectNoOverlaps(entries);
+});
+
+test('extendCell prefers latest-end (not latest-start) when nested entries exist (Scenario #6)', async ({
+    page,
+    ctx,
+}) => {
+    // Pre-existing nested overlap on the same project:
+    //   - outer: 09:00 → 12:00 (3h)
+    //   - inner: 10:00 → 11:00 (1h, contained inside outer)
+    // The cell total is 3h + 1h = 4h. Bumping to 5h (+1h) should grow
+    // the OUTER entry's end to 13:00, not the inner.
+    const monday = getCurrentWeekMonday();
+    const project = await createProjectViaApi(ctx, { name: 'OverlapNested' });
+
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: monday,
+        startHour: 9,
+        durationSeconds: 3 * HOUR,
+        projectId: project.id,
+        description: 'outer',
+    });
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: monday,
+        startHour: 10,
+        durationSeconds: HOUR,
+        projectId: project.id,
+        description: 'inner',
+    });
+
+    await Promise.all([goToTimesheet(page), waitForTimesheetLoad(page)]);
+    await expect(page.locator('[data-testid="timesheet_row"]')).toHaveCount(1);
+
+    const input = cellInputByProject(page, 'OverlapNested', 0);
+    await input.click();
+    await input.fill('5');
+
+    await Promise.all([
+        page.waitForResponse(
+            (resp) =>
+                resp.url().includes('/time-entries') &&
+                resp.request().method() === 'PUT' &&
+                resp.status() === 200
+        ),
+        input.press('Enter'),
+    ]);
+
+    const entries = await getTimeEntriesViaApi(ctx);
+    const outer = entries.find((e) => e.description === 'outer')!;
+    const inner = entries.find((e) => e.description === 'inner')!;
+
+    expect(utcHourOf(outer.start)).toBe(9);
+    expect(utcHourOf(outer.end!)).toBe(13); // extended from 12:00 → 13:00
+    expect(utcHourOf(inner.start)).toBe(10);
+    expect(utcHourOf(inner.end!)).toBe(11); // unchanged
+});
+
+// ──────────────────────────────────────────────────
+// Phase 1+2 spillover from previous day
+// ──────────────────────────────────────────────────
+
+test('createCell handles intra-week spillover from previous day (Scenario #2)', async ({
+    page,
+    ctx,
+}) => {
+    // Setup: an entry that starts on Monday 22:00 and ends Tuesday 03:00
+    // (5h, crosses midnight INTO Tuesday). This spillover starts inside
+    // the loaded week, so the timesheet query loads it.
+    //
+    // Then we try to place 1h on Tuesday for a different project. The
+    // expected behavior: the new entry must NOT overlap the spillover.
+    // Tuesday 09:00 is well clear of the [00:00, 03:00) spillover, so
+    // 09:00 is the correct placement.
+    const monday = getCurrentWeekMonday();
+    const tuesday = new Date(monday);
+    tuesday.setUTCDate(monday.getUTCDate() + 1);
+    const wednesday = new Date(monday);
+    wednesday.setUTCDate(monday.getUTCDate() + 2);
+
+    const projectSpill = await createProjectViaApi(ctx, { name: 'OverlapSpill' });
+    const projectNew = await createProjectViaApi(ctx, { name: 'OverlapToday' });
+
+    // Monday 22:00 → Tuesday 03:00 (5h spillover into Tuesday).
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: monday,
+        startHour: 22,
+        durationSeconds: 5 * HOUR,
+        projectId: projectSpill.id,
+    });
+    // Stub Wednesday entry on the new project so its row is visible
+    // even before we type anything in Tuesday's cell.
+    await createTimeEntryAtHourViaApi(ctx, {
+        date: wednesday,
+        startHour: 9,
+        durationSeconds: HOUR,
+        projectId: projectNew.id,
+    });
+
+    await Promise.all([goToTimesheet(page), waitForTimesheetLoad(page)]);
+    await expect(page.locator('[data-testid="timesheet_row"]')).toHaveCount(2);
+
+    // Type 1h into the new project's Tuesday cell (day index 1).
+    const input = cellInputByProject(page, 'OverlapToday', 1);
+    await input.click();
+    await input.fill('1');
+
+    await Promise.all([
+        page.waitForResponse(
+            (resp) =>
+                resp.url().includes('/time-entries') &&
+                resp.request().method() === 'POST' &&
+                resp.status() === 201
+        ),
+        input.press('Enter'),
+    ]);
+
+    const entries = await getTimeEntriesViaApi(ctx);
+    const newTuesdayEntry = entries.find(
+        (e) =>
+            e.project_id === projectNew.id &&
+            new Date(e.start).getTime() >= tuesday.getTime() &&
+            new Date(e.start).getTime() < wednesday.getTime()
+    )!;
+    expect(newTuesdayEntry).toBeDefined();
+    // 09:00 is well past the spillover end (03:00) → should land at 09:00.
+    expect(utcHourOf(newTuesdayEntry.start)).toBe(9);
+    expectNoOverlaps(entries);
+});