adalal/solidtime
1
0
Fork 0
mirror of https://github.com/solidtime-io/solidtime.git synced 2026-06-15 13:32:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: adalal:feature/public_projects
Branches Tags
adalal:main adalal:dependabot/npm_and_yarn/main/major-updates-87a9fdc274 adalal:dependabot/composer/main/minor-updates-6d1cf0063b adalal:dependabot/npm_and_yarn/main/minor-updates-3390c8c2e1 adalal:feature/user-management adalal:dependabot/github_actions/main/codecov/codecov-action-7.0.0 adalal:dependabot/github_actions/main/docker/setup-qemu-action-4 adalal:feature/timesheets adalal:feature/openapi_invoice_clone adalal:feature/update_openapi_invoice_copy adalal:feature/public_projects adalal:dependabot/github_actions/main/docker/login-action-4 adalal:dependabot/github_actions/main/actions/download-artifact-8 adalal:dependabot/github_actions/main/docker/metadata-action-6 adalal:feature/docker_runtime_uid_remap adalal:fix/dropdown-alphabetical-sort adalal:dependabot/npm_and_yarn/npm_and_yarn-eeacf2bf74 adalal:feature/e2e_setup_data_api_fix adalal:feature/calendar_settings adalal:feature/upgrade_inertia adalal:claude/fix-issue-997-qdXZK adalal:feature/fix_rounding_up_on_boundaries adalal:feature/change_calendar_header_duration_basis_to_minutes adalal:feature/project_table_sorting_filtering adalal:feature/fix_acl_time_entries_private_projects adalal:feature/move_date_components_to_ui_package adalal:feature/employee_create_task_permission adalal:feature/update_packages adalal:hotfix/exporter_client_archived_at adalal:feature/add_support_for_hhmmss_input_format adalal:feature/add_set_end_time_to_timetracker adalal:pullrequests/GROSSWEBER/employee-assigned-clients adalal:feature/add_discard_option adalal:feature/add_restrict_overlap_option adalal:feature/reporting_tag_grouping adalal:feature/tag_grouping adalal:feature/sidebar_dropdowns adalal:feature/calendar_view adalal:feature/add_shared_report_e2e_tests adalal:feature/on-premise-build adalal:feature/fix_billable_filter_reporting adalal:feature/add_contribution_guidelines adalal:feature/add_strict_js_formatting adalal:feature/fix_font_embed adalal:feature/fix-modules-service-provider adalal:feature/fix_time_entry_row_inconsistency adalal:dependabot/composer/composer-3c676574cc adalal:dependabot/npm_and_yarn/npm_and_yarn-1db02b7bbb adalal:feature/rounding adalal:feature/expiring-api-tokens adalal:feature/dependencies_update adalal:feature/fix_last_seven_days_labels adalal:feature/consistency_fixes adalal:feature/delete_member_with_related adalal:feature/12_hour_format_timepicker_support adalal:feature/fix_system_theme_change adalal:feature/postgres_versions adalal:feature/github_actions_permissions adalal:feature/parallel_tests_in_github_action adalal:feature/consistency_checks adalal:feature/base_request adalal:feature/formatting_options_frontend adalal:hotfix/fix_query_invalidation_on_detailed_update adalal:feature/fix_shared_report_currency adalal:feature/add_reporting_e2e_tests adalal:feature/more_validation_for_clockify_importer adalal:feature/fix_import_issue_with_duplicate_project_names adalal:feature/number_and_date_formats adalal:feature/light_mode adalal:feature/chart-api adalal:feature/hide_billable_amounts_for_employees adalal:feature/fix_bug_in_merge_into adalal:feature/fix_timepicker_dropdown adalal:feature/fix_toggl_import_timezone adalal:feature/api_tokens adalal:feature/fix_docker_image adalal:feature/try_to_fix_build adalal:feature/improve_recently_tracked_dropdown adalal:feature/improve_focus_states adalal:feature/disable_registration adalal:feature/fix_tests adalal:feature/update_ui_package adalal:feature/roles_for_project_members adalal:feature/tanstack_tables
adalal:v0.14.0 adalal:v0.13.0 adalal:v0.12.2 adalal:v0.12.1 adalal:v0.12.0 adalal:v0.11.6 adalal:v0.11.5 adalal:v0.11.4 adalal:v0.11.3 adalal:v0.11.2 adalal:v0.11.1 adalal:v0.11.0 adalal:v0.10.0 adalal:v0.9.0 adalal:v0.8.0 adalal:v0.7.0 adalal:v0.6.0 adalal:v0.5.0 adalal:v0.4.0 adalal:v0.3.1 adalal:v0.3.0 adalal:v0.2.0 adalal:v0.1.0 adalal:v0.0.3 adalal:v0.0.2 adalal:0.0.2 adalal:v0.0.1 adalal:0.0.1
...
compare: adalal:feature/update_openapi_invoice_copy
Branches Tags
adalal:dependabot/npm_and_yarn/main/major-updates-87a9fdc274 adalal:dependabot/composer/main/minor-updates-6d1cf0063b adalal:dependabot/npm_and_yarn/main/minor-updates-3390c8c2e1 adalal:feature/user-management adalal:dependabot/github_actions/main/codecov/codecov-action-7.0.0 adalal:dependabot/github_actions/main/docker/setup-qemu-action-4 adalal:main adalal:feature/timesheets adalal:feature/openapi_invoice_clone adalal:feature/update_openapi_invoice_copy adalal:feature/public_projects adalal:dependabot/github_actions/main/docker/login-action-4 adalal:dependabot/github_actions/main/actions/download-artifact-8 adalal:dependabot/github_actions/main/docker/metadata-action-6 adalal:feature/docker_runtime_uid_remap adalal:fix/dropdown-alphabetical-sort adalal:dependabot/npm_and_yarn/npm_and_yarn-eeacf2bf74 adalal:feature/e2e_setup_data_api_fix adalal:feature/calendar_settings adalal:feature/upgrade_inertia adalal:claude/fix-issue-997-qdXZK adalal:feature/fix_rounding_up_on_boundaries adalal:feature/change_calendar_header_duration_basis_to_minutes adalal:feature/project_table_sorting_filtering adalal:feature/fix_acl_time_entries_private_projects adalal:feature/move_date_components_to_ui_package adalal:feature/employee_create_task_permission adalal:feature/update_packages adalal:hotfix/exporter_client_archived_at adalal:feature/add_support_for_hhmmss_input_format adalal:feature/add_set_end_time_to_timetracker adalal:pullrequests/GROSSWEBER/employee-assigned-clients adalal:feature/add_discard_option adalal:feature/add_restrict_overlap_option adalal:feature/reporting_tag_grouping adalal:feature/tag_grouping adalal:feature/sidebar_dropdowns adalal:feature/calendar_view adalal:feature/add_shared_report_e2e_tests adalal:feature/on-premise-build adalal:feature/fix_billable_filter_reporting adalal:feature/add_contribution_guidelines adalal:feature/add_strict_js_formatting adalal:feature/fix_font_embed adalal:feature/fix-modules-service-provider adalal:feature/fix_time_entry_row_inconsistency adalal:dependabot/composer/composer-3c676574cc adalal:dependabot/npm_and_yarn/npm_and_yarn-1db02b7bbb adalal:feature/rounding adalal:feature/expiring-api-tokens adalal:feature/dependencies_update adalal:feature/fix_last_seven_days_labels adalal:feature/consistency_fixes adalal:feature/delete_member_with_related adalal:feature/12_hour_format_timepicker_support adalal:feature/fix_system_theme_change adalal:feature/postgres_versions adalal:feature/github_actions_permissions adalal:feature/parallel_tests_in_github_action adalal:feature/consistency_checks adalal:feature/base_request adalal:feature/formatting_options_frontend adalal:hotfix/fix_query_invalidation_on_detailed_update adalal:feature/fix_shared_report_currency adalal:feature/add_reporting_e2e_tests adalal:feature/more_validation_for_clockify_importer adalal:feature/fix_import_issue_with_duplicate_project_names adalal:feature/number_and_date_formats adalal:feature/light_mode adalal:feature/chart-api adalal:feature/hide_billable_amounts_for_employees adalal:feature/fix_bug_in_merge_into adalal:feature/fix_timepicker_dropdown adalal:feature/fix_toggl_import_timezone adalal:feature/api_tokens adalal:feature/fix_docker_image adalal:feature/try_to_fix_build adalal:feature/improve_recently_tracked_dropdown adalal:feature/improve_focus_states adalal:feature/disable_registration adalal:feature/fix_tests adalal:feature/update_ui_package adalal:feature/roles_for_project_members adalal:feature/tanstack_tables
adalal:v0.14.0 adalal:v0.13.0 adalal:v0.12.2 adalal:v0.12.1 adalal:v0.12.0 adalal:v0.11.6 adalal:v0.11.5 adalal:v0.11.4 adalal:v0.11.3 adalal:v0.11.2 adalal:v0.11.1 adalal:v0.11.0 adalal:v0.10.0 adalal:v0.9.0 adalal:v0.8.0 adalal:v0.7.0 adalal:v0.6.0 adalal:v0.5.0 adalal:v0.4.0 adalal:v0.3.1 adalal:v0.3.0 adalal:v0.2.0 adalal:v0.1.0 adalal:v0.0.3 adalal:v0.0.2 adalal:0.0.2 adalal:v0.0.1 adalal:0.0.1

24 Commits
feature/pu ... feature/up

Author SHA1 Message Date
Gregor Vostrak
fb4bb6ef33 add invoice copy to openapi client 2026-05-29 15:34:54 +02:00
Gregor Vostrak
dc5e8e7de2 move banners on login and register cards into the cards 2026-05-29 15:33:35 +02:00
Gregor Vostrak
5821f7c688 add pending email cancel button 2026-05-29 15:31:33 +02:00
Constantin Graf
22e865a69e Replaces all Jetstream model trait functions and relations 2026-05-29 12:40:06 +02:00
Constantin Graf
5391a7abc8 Add reset pending email endpoint to user controller 2026-05-28 20:45:27 +02:00
Gregor Vostrak
c8623b7e70 move user delete to api endpoint 2026-05-27 19:06:39 +02:00
Gregor Vostrak
3b1702221b use api routes for profile information updates 2026-05-27 18:20:10 +02:00
Gregor Vostrak
4432174439 show null billable rate as empty not as 0 to avoid confusion 2026-05-27 13:12:59 +02:00
Gregor Vostrak
ccb16118a9 fix e2e selectors to adapt to reka-ui change; 2026-05-27 13:12:10 +02:00
Gregor Vostrak
dad686d107 add pending email to UserResource and update openapi client 2026-05-26 18:02:15 +02:00
Gregor Vostrak
414b5d3294 update ui package dependencies; update lucide imports 2026-05-26 17:30:30 +02:00
Gregor Vostrak
e9217df338 add user endpoint tests for idempotence email update, unauthenticated 
update and invalid email
 2026-05-26 17:21:40 +02:00
Gregor Vostrak
96a0c21b5e update npm dependencies 2026-05-26 17:19:42 +02:00
Gregor Vostrak
8e7c8a1e1b add profile page e2e tests 2026-05-26 17:11:28 +02:00
Gregor Vostrak
6299e242a9 update email address change info to use session based banners 2026-05-26 14:03:30 +02:00
Gregor Vostrak
c573d31ef9 add 1MB photo upload limit 2026-05-26 13:59:44 +02:00
Gregor Vostrak
00ffabe108 add photo delete logic to user update endpoint 2026-05-26 13:23:31 +02:00
Constantin Graf
5b756be058 Updated composer dependencies 2026-05-22 16:18:02 +02:00
Constantin Graf
dc70eb7130 Add more tests 2026-05-22 16:06:51 +02:00
Constantin Graf
c2a8eac65f Add migration to lower case the user emails 2026-05-21 23:22:27 +02:00
Constantin Graf
28ecfc63a3 Migrate permission away from Jetstream; Moved update user to REST API 2026-05-21 23:22:09 +02:00
Gregor Vostrak
433a6f3770 rephrase logged out user invite accept message to clarify that the 
invite was accepted
 2026-05-20 22:10:10 +02:00
Gregor Vostrak
0ba20fd24c add banners for invitation accept 2026-05-20 21:42:02 +02:00
Constantin Graf
3267acb161 Updated invitation flow, Moved jetstream function to REST endpoints; Lower case email 2026-05-20 16:25:17 +02:00
159 changed files with 7413 additions and 2988 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -42,3 +42,4 @@ yarn-error.log
/data
/config/caddy
/config/composer
/AGENTS.md

16
app/Actions/Fortify/UpdateUserProfileInformation.php
View File

@@ -5,9 +5,12 @@ declare(strict_types=1);
namespace App\Actions\Fortify;
use App\Enums\Weekday;
use App\Mail\VerifyUpdatedEmailMail;
use App\Models\User;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str;
use Illuminate\Validation\Rule;
use Illuminate\Validation\ValidationException;
use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
@@ -24,6 +27,10 @@ class UpdateUserProfileInformation implements UpdatesUserProfileInformation
*/
public function update(User $user, array $input): void
{
if (isset($input['email']) && is_string($input['email'])) {
$input['email'] = Str::lower($input['email']);
}
Validator::make($input, [
'name' => [
'required',
@@ -58,16 +65,17 @@ class UpdateUserProfileInformation implements UpdatesUserProfileInformation
$user->updateProfilePhoto($input['photo']);
}
if ($input['email'] !== $user->email) {
$email = Str::lower((string) $input['email']);
if ($email !== Str::lower($user->email)) {
$user->forceFill([
'name' => $input['name'],
'email' => $input['email'],
'email_verified_at' => null,
'pending_email' => $email,
'timezone' => $input['timezone'],
'week_start' => $input['week_start'],
])->save();
$user->sendEmailVerificationNotification();
Mail::to($email)->send(new VerifyUpdatedEmailMail($user, $email));
} else {
$user->forceFill([
'name' => $input['name'],

77
app/Actions/Jetstream/AddOrganizationMember.php
View File

@@ -4,18 +4,9 @@ declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Enums\Role;
use App\Exceptions\MovedToApiException;
use App\Models\Organization;
use App\Models\User;
use App\Service\MemberService;
use Closure;
use Illuminate\Contracts\Validation\ValidationRule;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
use Illuminate\Validation\Rules\In;
use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
use Laravel\Jetstream\Contracts\AddsTeamMembers;
class AddOrganizationMember implements AddsTeamMembers
@@ -25,70 +16,6 @@ class AddOrganizationMember implements AddsTeamMembers
*/
public function add(User $owner, Organization $organization, string $email, ?string $role = null): void
{
Gate::forUser($owner)->authorize('addTeamMember', $organization); // TODO: refactor after owner refactoring
$this->validate($organization, $email, $role);
$newOrganizationMember = User::query()
->where('email', $email)
->where('is_placeholder', '=', false)
->firstOrFail();
app(MemberService::class)->addMember($newOrganizationMember, $organization, Role::from($role));
}
/**
* Validate the add member operation.
*/
protected function validate(Organization $organization, string $email, ?string $role): void
{
Validator::make([
'email' => $email,
'role' => $role,
], $this->rules())->after(
$this->ensureUserIsNotAlreadyOnTeam($organization, $email)
)->validateWithBag('addTeamMember');
}
/**
* Get the validation rules for adding a team member.
*
* @return array<string, array<ValidationRule|Rule|string|In>>
*/
protected function rules(): array
{
return [
'email' => [
'required',
'email',
ExistsEloquent::make(User::class, 'email', function (Builder $builder) {
/** @var Builder<User> $builder */
return $builder->where('is_placeholder', '=', false);
})->withMessage(__('We were unable to find a registered user with this email address.')),
],
'role' => [
'required',
'string',
Rule::in([
Role::Admin->value,
Role::Manager->value,
Role::Employee->value,
]),
],
];
}
/**
* Ensure that the user is not already on the team.
*/
protected function ensureUserIsNotAlreadyOnTeam(Organization $team, string $email): Closure
{
return function ($validator) use ($team, $email): void {
$validator->errors()->addIf(
$team->hasRealUserWithEmail($email),
'email',
__('This user already belongs to the team.')
);
};
throw new MovedToApiException;
}
}

7
app/Actions/Jetstream/CreateOrganization.php
View File

@@ -9,6 +9,7 @@ use App\Models\Organization;
use App\Models\User;
use App\Service\IpLookup\IpLookupServiceContract;
use App\Service\OrganizationService;
use App\Service\UserService;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Validator;
@@ -25,6 +26,8 @@ class CreateOrganization implements CreatesTeams
*
* @throws AuthorizationException
* @throws ValidationException
*
* @deprecated Use REST endpoint instead
*/
public function create(User $user, array $input): Organization
{
@@ -48,10 +51,8 @@ class CreateOrganization implements CreatesTeams
$currency
);
$user->switchTeam($organization);
app(UserService::class)->switchCurrentOrganization($user, $organization);
// Note: The refresh is necessary for currently unknown reasons. Do not remove it.
$organization = $organization->refresh();
AfterCreateOrganization::dispatch($organization);
return $organization;

2
app/Actions/Jetstream/DeleteOrganization.php
View File

@@ -12,6 +12,8 @@ class DeleteOrganization implements DeletesTeams
{
/**
* Delete the given team.
*
* @deprecated Use REST endpoint instead
*/
public function delete(Organization $organization): void
{

2
app/Actions/Jetstream/DeleteUser.php
View File

@@ -16,6 +16,8 @@ class DeleteUser implements DeletesUsers
* Delete the given user.
*
* @throws ValidationException
*
* @deprecated Use REST endpoint instead
*/
public function delete(User $user): void
{

2
app/Actions/Jetstream/ValidateOrganizationDeletion.php
View File

@@ -18,6 +18,8 @@ class ValidateOrganizationDeletion
* @param Organization $organization Organization to be deleted
*
* @throws AuthorizationException
*
* @deprecated Use REST endpoint instead
*/
public function validate(User $user, Organization $organization): void
{

2
app/Console/Commands/Admin/UserCreateCommand.php
View File

@@ -69,7 +69,7 @@ class UserCreateCommand extends Command
);
});
/** @var Organization|null $organization */
$organization = $user->ownedTeams->first();
$organization = $user->ownedOrganizations->first();
if ($organization === null) {
throw new LogicException('User does not have an organization');
}

28
app/Events/MemberAdded.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Events;
use App\Models\Member;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Foundation\Events\Dispatchable;
class MemberAdded
{
use Dispatchable;
public Member $member;
public Organization $organization;
public User $user;
public function __construct(Member $member, Organization $organization, User $user)
{
$this->member = $member;
$this->organization = $organization;
$this->user = $user;
}
}

28
app/Events/MemberAdding.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Events;
use App\Enums\Role;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Foundation\Events\Dispatchable;
class MemberAdding
{
use Dispatchable;
public User $user;
public Organization $organization;
public Role $role;
public function __construct(User $user, Organization $organization, Role $role)
{
$this->user = $user;
$this->organization = $organization;
$this->role = $role;
}
}

10
app/Exceptions/Api/UserResendEmailVerificationNoPendingEmailApiException.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
declare(strict_types=1);
namespace App\Exceptions\Api;
class UserResendEmailVerificationNoPendingEmailApiException extends ApiException
{
public const string KEY = 'user_resend_email_verification_no_pending_email';
}

2
app/Filament/Resources/FailedJobResource.php
View File

@@ -50,7 +50,7 @@ class FailedJobResource extends Resource
TextInput::make('queue')->disabled(),
// make text a little bit smaller because often a complete Stack Trace is shown:
TextArea::make('exception')->disabled()->columnSpan(4)->extraInputAttributes(['style' => 'font-size: 80%;']),
Textarea::make('exception')->disabled()->columnSpan(4)->extraInputAttributes(['style' => 'font-size: 80%;']),
PrettyJsonField::make('payload')->disabled()->columnSpan(4),
])->columns(4);
}

2
app/Filament/Resources/OrganizationInvitationResource.php
View File

@@ -39,7 +39,7 @@ class OrganizationInvitationResource extends Resource
->required(),
Select::make('role')
->options(Role::class),
Forms\Components\Select::make('organization_id')
Select::make('organization_id')
->label('Organization')
->relationship(name: 'organization', titleAttribute: 'name')
->searchable(['name'])

16
app/Filament/Resources/OrganizationResource.php
View File

@@ -55,7 +55,7 @@ class OrganizationResource extends Resource
->label('Is personal?')
->hiddenOn(['create'])
->required(),
Forms\Components\Select::make('user_id')
Select::make('user_id')
->label('Owner')
->relationship(name: 'owner', titleAttribute: 'email')
->searchable(['name', 'email'])
@@ -76,7 +76,7 @@ class OrganizationResource extends Resource
Select::make('time_format')
->options(TimeFormat::toSelectArray())
->required(),
Forms\Components\Select::make('currency')
Select::make('currency')
->label('Currency')
->options(function (): array {
$currencies = ISOCurrencyProvider::getInstance()->getAvailableCurrencies();
@@ -114,22 +114,22 @@ class OrganizationResource extends Resource
{
return $table
->columns([
Tables\Columns\TextColumn::make('name')
TextColumn::make('name')
->searchable()
->sortable(),
Tables\Columns\IconColumn::make('personal_team')
->boolean()
->label('Is personal?')
->sortable(),
Tables\Columns\TextColumn::make('owner.email')
TextColumn::make('owner.email')
->sortable(),
Tables\Columns\TextColumn::make('currency'),
TextColumn::make('currency'),
TextColumn::make('billable_rate')
->money(fn (Organization $resource) => $resource->currency, divideBy: 100),
Tables\Columns\TextColumn::make('created_at')
TextColumn::make('created_at')
->dateTime()
->sortable(),
Tables\Columns\TextColumn::make('updated_at')
TextColumn::make('updated_at')
->dateTime()
->sortable()
->toggleable(isToggledHiddenByDefault: true),
@@ -223,7 +223,7 @@ class OrganizationResource extends Resource
return $select;
}),
Forms\Components\Select::make('timezone')
Select::make('timezone')
->label('Timezone')
->options(fn (): array => app(TimezoneService::class)->getSelectOptions())
->searchable()

2
app/Filament/Resources/OrganizationResource/RelationManagers/InvitationsRelationManager.php
View File

@@ -21,7 +21,7 @@ use Illuminate\Validation\Rule;
class InvitationsRelationManager extends RelationManager
{
protected static string $relationship = 'teamInvitations';
protected static string $relationship = 'organizationInvitations';
protected static ?string $title = 'Invitations';

6
app/Filament/Resources/OrganizationResource/RelationManagers/UsersRelationManager.php
View File

@@ -49,13 +49,13 @@ class UsersRelationManager extends RelationManager
return $table
->recordTitleAttribute('name')
->columns([
Tables\Columns\TextColumn::make('name'),
Tables\Columns\TextColumn::make('role'),
TextColumn::make('name'),
TextColumn::make('role'),
TextColumn::make('billable_rate')
->money($organization->currency, divideBy: 100),
])
->headerActions([
Tables\Actions\AttachAction::make()
AttachAction::make()
->recordTitle(fn (User $record): string => "{$record->name} ({$record->email})")
->form(fn (AttachAction $action): array => [
$action->getRecordSelect(),

12
app/Filament/Resources/ReportResource.php
View File

@@ -63,11 +63,11 @@ class ReportResource extends Resource
return $record->getRawOriginal('properties');
})
->disabled(),
Forms\Components\DateTimePicker::make('created_at')
DateTimePicker::make('created_at')
->label('Created At')
->hiddenOn(['create'])
->disabled(),
Forms\Components\DateTimePicker::make('updated_at')
DateTimePicker::make('updated_at')
->label('Updated At')
->hiddenOn(['create'])
->disabled(),
@@ -78,10 +78,10 @@ class ReportResource extends Resource
{
return $table
->columns([
Tables\Columns\TextColumn::make('name')
TextColumn::make('name')
->searchable()
->sortable(),
Tables\Columns\TextColumn::make('description')
TextColumn::make('description')
->searchable()
->sortable(),
ToggleColumn::make('is_public')
@@ -90,10 +90,10 @@ class ReportResource extends Resource
TextColumn::make('organization.name')
->searchable()
->sortable(),
Tables\Columns\TextColumn::make('created_at')
TextColumn::make('created_at')
->dateTime()
->sortable(),
Tables\Columns\TextColumn::make('updated_at')
TextColumn::make('updated_at')
->dateTime()
->sortable()
->toggleable(isToggledHiddenByDefault: true),

6
app/Filament/Resources/TimeEntryResource.php
View File

@@ -93,11 +93,11 @@ class TimeEntryResource extends Resource
($record->end?->toDateTimeString('minute') ?? '...').')';
})
->label('Time'),
Tables\Columns\TextColumn::make('organization.name')
TextColumn::make('organization.name')
->sortable(),
Tables\Columns\TextColumn::make('created_at')
TextColumn::make('created_at')
->sortable(),
Tables\Columns\TextColumn::make('updated_at')
TextColumn::make('updated_at')
->sortable(),
])
->filters([

12
app/Filament/Resources/UserResource.php
View File

@@ -12,6 +12,7 @@ use App\Filament\Resources\UserResource\RelationManagers\OwnedOrganizationsRelat
use App\Models\User;
use App\Service\DeletionService;
use App\Service\TimezoneService;
use App\Service\UserService;
use Brick\Money\ISOCurrencyProvider;
use Exception;
use Filament\Forms;
@@ -47,17 +48,17 @@ class UserResource extends Resource
return $form
->columns(1)
->schema([
Forms\Components\TextInput::make('id')
TextInput::make('id')
->label('ID')
->disabled()
->visibleOn(['update', 'show'])
->readOnly()
->maxLength(255),
Forms\Components\TextInput::make('name')
TextInput::make('name')
->label('Name')
->required()
->maxLength(255),
Forms\Components\TextInput::make('email')
TextInput::make('email')
->label('Email')
->required()
->rules($record?->is_placeholder ? [] : [
@@ -179,7 +180,7 @@ class UserResource extends Resource
])
->actions([
Impersonate::make()->before(function (User $record): void {
if ($record->currentTeam === null) {
if ($record->currentOrganization === null) {
$organization = $record->organizations()->where('personal_team', '=', true)->first();
if ($organization === null) {
$organization = $record->organizations()->first();
@@ -187,8 +188,7 @@ class UserResource extends Resource
if ($organization === null) {
throw new Exception('User has no organization');
}
$record->currentTeam()->associate($organization);
$record->save();
app(UserService::class)->switchCurrentOrganization($record, $organization);
}
}),
Tables\Actions\EditAction::make(),

2
app/Filament/Resources/UserResource/RelationManagers/OwnedOrganizationsRelationManager.php
View File

@@ -16,7 +16,7 @@ class OwnedOrganizationsRelationManager extends RelationManager
{
protected static ?string $title = 'Owned Organizations';
protected static string $relationship = 'ownedTeams';
protected static string $relationship = 'ownedOrganizations';
public function form(Form $form): Form
{

2
app/Http/Controllers/Api/V1/ApiTokenController.php
View File

@@ -20,7 +20,7 @@ class ApiTokenController extends Controller
/**
* List all api token of the currently authenticated user
*
* This endpoint is independent of organization.
* This endpoint is independent of the organization.
*
* @operationId getApiTokens
*

2
app/Http/Controllers/Api/V1/InvitationController.php
View File

@@ -40,7 +40,7 @@ class InvitationController extends Controller
{
$this->checkPermission($organization, 'invitations:view');
$invitations = $organization->teamInvitations()
$invitations = $organization->organizationInvitations()
->orderBy('created_at', 'desc')
->paginate(config('app.pagination_per_page_default'));

49
app/Http/Controllers/Api/V1/OrganizationController.php
View File

@@ -5,11 +5,18 @@ declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Enums\Role;
use App\Events\AfterCreateOrganization;
use App\Http\Requests\V1\Organization\OrganizationStoreRequest;
use App\Http\Requests\V1\Organization\OrganizationUpdateRequest;
use App\Http\Resources\V1\Organization\OrganizationResource;
use App\Models\Organization;
use App\Service\BillableRateService;
use App\Service\DeletionService;
use App\Service\IpLookup\IpLookupServiceContract;
use App\Service\OrganizationService;
use App\Service\UserService;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Http\JsonResponse;
class OrganizationController extends Controller
{
@@ -80,4 +87,46 @@ class OrganizationController extends Controller
return new OrganizationResource($organization, true);
}
/**
* Create organization
*
* @operationId createOrganization
*/
public function store(OrganizationStoreRequest $request, OrganizationService $organizationService): OrganizationResource
{
$user = $this->user();
$ipLookupResponse = app(IpLookupServiceContract::class)->lookup($request->ip());
$currency = $ipLookupResponse?->currency;
$organization = $organizationService->createOrganization(
$request->getName(),
$user,
false,
$currency
);
app(UserService::class)->switchCurrentOrganization($user, $organization);
AfterCreateOrganization::dispatch($organization);
return new OrganizationResource($organization, true);
}
/**
* Delete organization
*
* @operationId deleteOrganization
*
* @throws AuthorizationException
*/
public function destroy(Organization $organization, DeletionService $deletionService): JsonResponse
{
$this->checkPermission($organization, 'organizations:delete');
$deletionService->deleteOrganization($organization);
return response()->json(null, 204);
}
}

2
app/Http/Controllers/Api/V1/TimeEntryController.php
View File

@@ -59,7 +59,7 @@ use Spatie\TemporaryDirectory\TemporaryDirectory;
class TimeEntryController extends Controller
{
private function assertNoOverlap(Organization $organization, Member $member, \Illuminate\Support\Carbon $start, ?\Illuminate\Support\Carbon $end, ?TimeEntry $exclude = null): void
private function assertNoOverlap(Organization $organization, Member $member, Carbon $start, ?Carbon $end, ?TimeEntry $exclude = null): void
{
if (! $organization->prevent_overlapping_time_entries) {
return;

149
app/Http/Controllers/Api/V1/UserController.php
View File

@@ -4,15 +4,26 @@ declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Exceptions\Api\CanNotDeleteUserWhoIsOwnerOfOrganizationWithMultipleMembers;
use App\Exceptions\Api\UserResendEmailVerificationNoPendingEmailApiException;
use App\Http\Requests\V1\User\UserUpdateRequest;
use App\Http\Resources\V1\User\UserResource;
use App\Mail\VerifyUpdatedEmailMail;
use App\Models\User;
use App\Service\DeletionService;
use App\Support\Base64File;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Str;
class UserController extends Controller
{
/**
* Get the current user
*
* This endpoint is independent of organization.
* This endpoint is independent of the organization.
*
* @operationId getMe
*
@@ -24,4 +35,140 @@ class UserController extends Controller
return new UserResource($user);
}
/**
* Update the current user
*
* This endpoint is independent of the organization.
*
* @operationId updateUser
*/
public function update(User $user, UserUpdateRequest $request): UserResource
{
if ($user->getKey() !== $this->user()->getKey()) {
throw new AuthorizationException;
}
if ($request->hasPhotoKey()) {
$photoDisk = (string) config('jetstream.profile_photo_disk', 'public');
$previousPhotoPath = $user->profile_photo_path;
$newPhoto = $request->getPhoto();
if ($newPhoto === null) {
$user->profile_photo_path = null;
} else {
$decoded = Base64File::decode($newPhoto);
assert($decoded !== null);
$extension = Base64File::extension($decoded['mime_type']);
assert($extension !== null);
$photoPath = 'profile-photos/'.Str::uuid().'.'.$extension;
Storage::disk($photoDisk)->put($photoPath, $decoded['data'], 'public');
$user->profile_photo_path = $photoPath;
}
if ($previousPhotoPath !== null) {
Storage::disk($photoDisk)->delete($previousPhotoPath);
}
}
$emailToVerify = null;
$email = $request->getEmail();
if ($email !== null && $email !== Str::lower($user->email)) {
$emailToVerify = $email;
$user->pending_email = $email;
}
if ($request->getName() !== null) {
$user->name = $request->getName();
}
if ($request->getTimezone() !== null) {
$user->timezone = $request->getTimezone();
}
if ($request->getWeekStart() !== null) {
$user->week_start = $request->getWeekStart();
}
$user->save();
if ($emailToVerify !== null) {
Mail::to($emailToVerify)->send(new VerifyUpdatedEmailMail($user, $emailToVerify));
}
return new UserResource($user);
}
/**
* Reset the pending email for a user.
*
* This endpoint is independent of the organization.
*
* @operationId resetUserPendingEmail
*
* @throws AuthorizationException Thrown when the authenticated user does not match the user whose email is pending verification.
*/
public function resetPendingEmail(User $user): JsonResponse
{
if ($user->getKey() !== $this->user()->getKey()) {
throw new AuthorizationException;
}
$user->pending_email = null;
$user->save();
return response()->json(null, 204);
}
/**
* Resend the pending email update verification email.
*
* This endpoint is independent of the organization.
*
* @operationId resendUserEmailVerification
*
* @throws AuthorizationException Thrown when the authenticated user does not match the user whose email is pending verification.
* @throws UserResendEmailVerificationNoPendingEmailApiException Thrown when the user does not have a pending email to verify.
*/
public function resendEmailVerification(User $user): JsonResponse
{
if ($user->getKey() !== $this->user()->getKey()) {
throw new AuthorizationException;
}
if ($user->pending_email === null) {
throw new UserResendEmailVerificationNoPendingEmailApiException;
}
Mail::to($user->pending_email)
->queue(new VerifyUpdatedEmailMail($user, $user->pending_email));
return response()->json(null, 204);
}
/**
* Handles the deletion of a user.
*
* This endpoint is independent of the organization.
*
* @operationId deleteUser
*
* @param User $user The user instance to be deleted.
* @param DeletionService $deletionService The service responsible for performing the user deletion.
* @return JsonResponse A JSON response with a 204 No Content status upon successful deletion.
*
* @throws AuthorizationException Thrown when the authenticated user does not match the user to be deleted.
* @throws CanNotDeleteUserWhoIsOwnerOfOrganizationWithMultipleMembers Thrown when the user to be deleted is the owner of an organization with multiple members.
*/
public function destroy(User $user, DeletionService $deletionService): JsonResponse
{
if ($user->getKey() !== $this->user()->getKey()) {
throw new AuthorizationException;
}
$deletionService->deleteUser($user);
return response()->json(null, 204);
}
}

2
app/Http/Controllers/Api/V1/UserMembershipController.php
View File

@@ -14,7 +14,7 @@ class UserMembershipController extends Controller
/**
* Get the memberships of the current user
*
* This endpoint is independent of organization.
* This endpoint is independent of the organization.
*
* @operationId getMyMemberships
*

2
app/Http/Controllers/Api/V1/UserTimeEntryController.php
View File

@@ -17,7 +17,7 @@ class UserTimeEntryController extends Controller
/**
* Get the active time entry of the current user
*
* This endpoint is independent of organization.
* This endpoint is independent of the organization.
*
* @operationId getMyActiveTimeEntry
*/

2
app/Http/Controllers/Controller.php
View File

@@ -59,7 +59,7 @@ class Controller extends BaseController
protected function currentOrganization(): Organization
{
$user = $this->user();
$organization = $user->currentTeam;
$organization = $user->currentOrganization;
if ($organization === null) {
$organization = $user->organizations()->first();
}

19
app/Http/Controllers/Web/DashboardController.php
View File

@@ -4,30 +4,13 @@ declare(strict_types=1);
namespace App\Http\Controllers\Web;
use App\Enums\Role;
use App\Service\DashboardService;
use App\Service\PermissionStore;
use Illuminate\Auth\Access\AuthorizationException;
use Inertia\Inertia;
use Inertia\Response;
class DashboardController extends Controller
{
/**
* @throws AuthorizationException
*/
public function dashboard(DashboardService $dashboardService, PermissionStore $permissionStore): Response
public function dashboard(): Response
{
$user = $this->user();
$organization = $this->currentOrganization();
$latestTeamActivity = null;
if ($permissionStore->has($organization, 'time-entries:view:all')) {
$latestTeamActivity = $dashboardService->latestTeamActivity($organization);
}
$showBillableRate = $this->member($organization)->role !== Role::Employee->value || $organization->employees_can_see_billable_rates;
return Inertia::render('Dashboard');
}
}

75
app/Http/Controllers/Web/OrganizationInvitationController.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Web;
use App\Enums\Role;
use App\Models\OrganizationInvitation;
use App\Models\User;
use App\Service\MemberService;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Auth;
use RuntimeException;
class OrganizationInvitationController extends Controller
{
public function accept(OrganizationInvitation $invitation, MemberService $memberService): RedirectResponse
{
$email = strtolower($invitation->email);
$role = Role::tryFrom($invitation->role);
if ($role === null || $role === Role::Owner || $role === Role::Placeholder) {
throw new RuntimeException('Invalid role');
}
$organization = $invitation->organization;
$invitee = User::query()
->where('email', $email)
->where('is_placeholder', '=', false)
->first();
// No account yet — finish on registration.
if ($invitee === null) {
if ($invitation->accepted_at === null) {
$invitation->accepted_at = now();
$invitation->save();
}
return redirect(route('register'))
->with('bannerText', __('Please create an account to finish joining the :organization organization.', [
'organization' => $organization->name,
]))
->with('bannerStyle', 'info');
}
$alreadyMember = $memberService->isEmailAlreadyMember($organization, $email);
if (! $alreadyMember) {
$memberService->addMember($invitee, $organization, $role);
$invitation->delete();
}
// Logged out — banner on /login.
if (! Auth::check()) {
return redirect(route('login'))
->with('bannerText', __('Great! You have accepted the invitation to join the :organization organization. Please log in to access it.', [
'organization' => $organization->name,
]))
->with('bannerStyle', 'success');
}
// Logged in — banner on /dashboard.
if ($alreadyMember) {
return redirect(route('dashboard'))
->with('bannerText', __('You are already a member of the :organization organization.', [
'organization' => $organization->name,
]))
->with('bannerStyle', 'danger');
}
return redirect(route('dashboard'))
->with('bannerText', __('Great! You have accepted the invitation to join the :organization organization.', [
'organization' => $organization->name,
]))
->with('bannerStyle', 'success');
}
}

53
app/Http/Controllers/Web/UserController.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Web;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Carbon;
use Illuminate\Support\Str;
class UserController extends Controller
{
public function verifyEmailChange(Request $request, User $user): RedirectResponse
{
if ($request->user()?->getAuthIdentifier() !== $user->getKey()) {
abort(403);
}
$email = $request->query('email');
if (! is_string($email)) {
abort(403);
}
$email = Str::lower($email);
if ($user->pending_email !== $email) {
abort(403);
}
$emailAlreadyInUse = User::query()
->where('email', '=', $email)
->where('is_placeholder', '=', false)
->whereKeyNot($user->getKey())
->exists();
if ($emailAlreadyInUse) {
return redirect(route('dashboard'))
->with('bannerStyle', 'danger')
->with('bannerText', __('The email address is already in use.'));
}
$user->email = $email;
$user->pending_email = null;
$user->email_verified_at = Carbon::now();
$user->save();
return redirect(route('dashboard'))
->with('bannerStyle', 'success')
->with('bannerText', __('Your email address has been updated successfully.'));
}
}

88
app/Http/Kernel.php
View File

@@ -4,9 +4,37 @@ declare(strict_types=1);
namespace App\Http;
use App\Http\Middleware\Authenticate;
use App\Http\Middleware\CheckOrganizationBlocked;
use App\Http\Middleware\EncryptCookies;
use App\Http\Middleware\EnsureEmailIsVerified;
use App\Http\Middleware\ForceHttps;
use App\Http\Middleware\ForceJsonResponse;
use App\Http\Middleware\HandleInertiaRequests;
use App\Http\Middleware\PreventRequestsDuringMaintenance;
use App\Http\Middleware\RedirectIfAuthenticated;
use App\Http\Middleware\ShareInertiaData;
use App\Http\Middleware\TrimStrings;
use App\Http\Middleware\TrustProxies;
use App\Http\Middleware\ValidateSignature;
use App\Http\Middleware\VerifyCsrfToken;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Auth\Middleware\RequirePassword;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
use Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests;
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
use Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets;
use Illuminate\Http\Middleware\HandleCors;
use Illuminate\Http\Middleware\SetCacheHeaders;
use Illuminate\Routing\Middleware\SubstituteBindings;
use Illuminate\Routing\Middleware\ThrottleRequests;
use Illuminate\Session\Middleware\AuthenticateSession;
use Illuminate\Session\Middleware\StartSession;
use Illuminate\View\Middleware\ShareErrorsFromSession;
use Laravel\Passport\Http\Middleware\CreateFreshApiToken;
class Kernel extends HttpKernel
{
@@ -18,13 +46,13 @@ class Kernel extends HttpKernel
* @var array<int, class-string|string>
*/
protected $middleware = [
\App\Http\Middleware\ForceHttps::class,
\App\Http\Middleware\TrustProxies::class,
\Illuminate\Http\Middleware\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
ForceHttps::class,
TrustProxies::class,
HandleCors::class,
PreventRequestsDuringMaintenance::class,
ValidatePostSize::class,
TrimStrings::class,
ConvertEmptyStringsToNull::class,
];
/**
@@ -34,21 +62,21 @@ class Kernel extends HttpKernel
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\HandleInertiaRequests::class,
\App\Http\Middleware\ShareInertiaData::class,
\Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
HandleInertiaRequests::class,
ShareInertiaData::class,
AddLinkHeadersForPreloadedAssets::class,
CreateFreshApiToken::class,
],
'api' => [
\Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
ThrottleRequests::class.':api',
SubstituteBindings::class,
ForceJsonResponse::class,
],
@@ -64,17 +92,17 @@ class Kernel extends HttpKernel
* @var array<string, class-string|string>
*/
protected $middlewareAliases = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
'signed' => \App\Http\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \App\Http\Middleware\EnsureEmailIsVerified::class,
'auth' => Authenticate::class,
'auth.basic' => AuthenticateWithBasicAuth::class,
'auth.session' => AuthenticateSession::class,
'cache.headers' => SetCacheHeaders::class,
'can' => Authorize::class,
'guest' => RedirectIfAuthenticated::class,
'password.confirm' => RequirePassword::class,
'precognitive' => HandlePrecognitiveRequests::class,
'signed' => ValidateSignature::class,
'throttle' => ThrottleRequests::class,
'verified' => EnsureEmailIsVerified::class,
'check-organization-blocked' => CheckOrganizationBlocked::class,
];
}

2
app/Http/Middleware/ForceHttps.php
View File

@@ -14,7 +14,7 @@ class ForceHttps
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
* @param Closure(Request): (Response) $next
*/
public function handle(Request $request, Closure $next, string ...$guards): Response
{

2
app/Http/Middleware/ForceJsonResponse.php
View File

@@ -13,7 +13,7 @@ class ForceJsonResponse
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
* @param Closure(Request): (Response) $next
*/
public function handle(Request $request, Closure $next, string ...$guards): Response
{

4
app/Http/Middleware/HandleInertiaRequests.php
View File

@@ -46,7 +46,7 @@ class HandleInertiaRequests extends Middleware
/** @var BillingContract $billing */
$billing = app(BillingContract::class);
$currentOrganization = $request->user()?->currentTeam;
$currentOrganization = $request->user()?->currentOrganization;
return array_merge(parent::share($request), [
'has_billing_extension' => $hasBilling,
@@ -60,6 +60,8 @@ class HandleInertiaRequests extends Middleware
] : null,
'flash' => [
'message' => fn () => $request->session()->get('message'),
'bannerText' => fn () => $request->session()->get('bannerText'),
'bannerStyle' => fn () => $request->session()->get('bannerStyle'),
],
]);
}

2
app/Http/Middleware/RedirectIfAuthenticated.php
View File

@@ -15,7 +15,7 @@ class RedirectIfAuthenticated
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
* @param Closure(Request): (Response) $next
*/
public function handle(Request $request, Closure $next, string ...$guards): Response
{

1
app/Http/Middleware/ShareInertiaData.php
View File

@@ -39,7 +39,6 @@ class ShareInertiaData
'canUpdatePassword' => Features::enabled(Features::updatePasswords()),
'canUpdateProfileInformation' => Features::canUpdateProfileInformation(),
'hasEmailVerification' => Features::enabled(Features::emailVerification()),
'flash' => $request->session()->get('flash', []),
'hasAccountDeletionFeatures' => Jetstream::hasAccountDeletionFeatures(),
'hasApiFeatures' => Jetstream::hasApiFeatures(),
'hasTeamFeatures' => Jetstream::hasTeamFeatures(),

3
app/Http/Requests/V1/Member/MemberMergeIntoRequest.php
View File

@@ -7,6 +7,7 @@ namespace App\Http\Requests\V1\Member;
use App\Http\Requests\V1\BaseFormRequest;
use App\Models\Member;
use App\Models\Organization;
use Illuminate\Contracts\Validation\Rule;
use Illuminate\Contracts\Validation\ValidationRule;
use Illuminate\Database\Eloquent\Builder;
use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
@@ -19,7 +20,7 @@ class MemberMergeIntoRequest extends BaseFormRequest
/**
* Get the validation rules that apply to the request.
*
* @return array<string, array<string|ValidationRule|\Illuminate\Contracts\Validation\Rule>>
* @return array<string, array<string|ValidationRule|Rule>>
*/
public function rules(): array
{

36
app/Http/Requests/V1/Organization/OrganizationStoreRequest.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\V1\Organization;
use App\Http\Requests\V1\BaseFormRequest;
use App\Models\Organization;
use Illuminate\Contracts\Validation\Rule;
/**
* @property Organization $organization Organization from model binding
*/
class OrganizationStoreRequest extends BaseFormRequest
{
/**
* Get the validation rules that apply to the request.
*
* @return array<string, array<string|Rule>>
*/
public function rules(): array
{
return [
'name' => [
'required',
'string',
'max:255',
],
];
}
public function getName(): string
{
return (string) $this->input('name');
}
}

95
app/Http/Requests/V1/User/UserUpdateRequest.php Normal file
View File

@@ -0,0 +1,95 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\V1\User;
use App\Enums\Weekday;
use App\Http\Requests\V1\BaseFormRequest;
use App\Models\User;
use App\Rules\Base64ImageRule;
use Illuminate\Contracts\Validation\ValidationRule;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Str;
use Illuminate\Validation\Rule;
use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
/**
* @property User $user User from model binding
*/
class UserUpdateRequest extends BaseFormRequest
{
protected function prepareForValidation(): void
{
if ($this->has('email') && is_string($this->input('email'))) {
$this->merge([
'email' => Str::lower((string) $this->input('email')),
]);
}
}
/**
* Get the validation rules that apply to the request.
*
* @return array<string, array<string|\Illuminate\Contracts\Validation\Rule|ValidationRule>>
*/
public function rules(): array
{
return [
'name' => [
'string',
'max:255',
],
'email' => [
'email',
'max:255',
UniqueEloquent::make(User::class, 'email')->ignore($this->user->id)->query(function (Builder $query) {
/** @var Builder<User> $query */
return $query->where('is_placeholder', '=', false);
}),
],
'photo' => [
'nullable',
new Base64ImageRule,
],
'timezone' => [
'timezone:all',
],
'week_start' => [
Rule::enum(Weekday::class),
],
];
}
public function getName(): ?string
{
return $this->has('name') ? (string) $this->input('name') : null;
}
public function getEmail(): ?string
{
return $this->has('email') ? Str::lower((string) $this->input('email')) : null;
}
public function getTimezone(): ?string
{
return $this->has('timezone') ? (string) $this->input('timezone') : null;
}
public function getWeekStart(): ?Weekday
{
return $this->has('week_start') ? Weekday::from($this->input('week_start')) : null;
}
public function hasPhotoKey(): bool
{
return $this->has('photo');
}
public function getPhoto(): ?string
{
$value = $this->input('photo');
return is_string($value) ? $value : null;
}
}

2
app/Http/Resources/V1/User/UserResource.php
View File

@@ -28,6 +28,8 @@ class UserResource extends BaseResource
'name' => $this->resource->name,
/** @var string $email Email of user */
'email' => $this->resource->email,
/** @var string|null $pending_email Email address awaiting verification (set when the user has requested an email change but not yet verified the new address) */
'pending_email' => $this->resource->pending_email,
/** @var string $profile_photo_url Profile photo URL */
'profile_photo_url' => $this->resource->profile_photo_url,
/** @var string $timezone Timezone (f.e. Europe/Berlin or America/New_York) */

43
app/Listeners/RemovePlaceholder.php
View File

@@ -1,43 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Listeners;
use App\Models\Member;
use App\Models\User;
use App\Service\MemberService;
use Illuminate\Database\Eloquent\Builder;
use Laravel\Jetstream\Events\TeamMemberAdded;
class RemovePlaceholder
{
/**
* Handle the event.
*/
public function handle(TeamMemberAdded $event): void
{
$memberService = app(MemberService::class);
$member = Member::query()
->whereBelongsTo($event->team, 'organization')
->whereBelongsTo($event->user, 'user')
->firstOrFail();
$placeholders = Member::query()
->whereHas('user', function (Builder $query) use ($event): void {
/** @var Builder<User> $query */
$query->where('is_placeholder', '=', true)
->where('email', '=', $event->user->email);
})
->whereBelongsTo($event->team, 'organization')
->with(['user'])
->get();
foreach ($placeholders as $placeholder) {
/** @var Member $placeholder */
$placeholderUser = $placeholder->user;
$memberService->assignOrganizationEntitiesToDifferentMember($event->team, $placeholder, $member);
$placeholder->delete();
$placeholderUser->delete();
}
}
}

10
app/Mail/OrganizationInvitationMail.php
View File

@@ -8,6 +8,7 @@ use App\Models\OrganizationInvitation;
use Illuminate\Bus\Queueable;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\URL;
class OrganizationInvitationMail extends Mailable
@@ -32,9 +33,12 @@ class OrganizationInvitationMail extends Mailable
public function build(): self
{
return $this->markdown('emails.organization-invitation', [
'acceptUrl' => URL::signedRoute('team-invitations.accept', [
'invitation' => $this->invitation,
]),
'acceptUrl' => URL::to(URL::signedRoute(
'organization-invitations.accept',
['invitation' => $this->invitation->getKey()],
Carbon::now()->addDays(90),
false
)),
])->subject(__('Organization Invitation'));
}
}

48
app/Mail/VerifyUpdatedEmailMail.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
declare(strict_types=1);
namespace App\Mail;
use App\Models\User;
use Illuminate\Bus\Queueable;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\URL;
use Illuminate\Support\Str;
class VerifyUpdatedEmailMail extends Mailable
{
use Queueable, SerializesModels;
public User $user;
public string $email;
public function __construct(User $user, string $email)
{
$this->user = $user;
$this->email = Str::lower($email);
}
/**
* Build the message.
*/
public function build(): self
{
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
Carbon::now()->addMinutes((int) config('auth.verification.expire', 60)),
[
'user' => $this->user->getKey(),
'email' => $this->email,
],
false
);
return $this->markdown('emails.verify-updated-email', [
'verificationUrl' => URL::to($verificationUrl),
])->subject(__('Verify Email Address'));
}
}

32
app/Models/Organization.php
View File

@@ -24,6 +24,7 @@ use Illuminate\Support\Str;
use Laravel\Jetstream\Events\TeamCreated;
use Laravel\Jetstream\Events\TeamDeleted;
use Laravel\Jetstream\Events\TeamUpdated;
use Laravel\Jetstream\Team;
use Laravel\Jetstream\Team as JetstreamTeam;
use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
@@ -36,12 +37,13 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
* @property string $user_id
* @property bool $employees_can_see_billable_rates
* @property bool $employees_can_manage_tasks
* @property bool $prevent_overlapping_time_entries
* @property User $owner
* @property Carbon|null $created_at
* @property Carbon|null $updated_at
* @property Collection<int, User> $users
* @property Collection<int, User> $realUsers
* @property-read Collection<int, OrganizationInvitation> $teamInvitations
* @property-read Collection<int, OrganizationInvitation> $organizationInvitations
* @property Member $membership
* @property NumberFormat $number_format
* @property CurrencyFormat $currency_format
@@ -49,7 +51,6 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
* @property IntervalFormat $interval_format
* @property TimeFormat $time_format
*
* @method HasMany<OrganizationInvitation, $this> teamInvitations()
* @method static OrganizationFactory factory()
*/
class Organization extends JetstreamTeam implements AuditableContract
@@ -109,23 +110,6 @@ class Organization extends JetstreamTeam implements AuditableContract
protected $attributes = [
];
/**
* Get all the non-placeholder users of the organization including its owner.
*
* @return Collection<int, User>
*/
public function allRealUsers(): Collection
{
return $this->realUsers->merge([$this->owner]);
}
public function hasRealUserWithEmail(string $email): bool
{
return $this->allRealUsers()->contains(function (User $user) use ($email): bool {
return $user->email === $email;
});
}
/**
* Get all the users that belong to the team.
*
@@ -170,13 +154,21 @@ class Organization extends JetstreamTeam implements AuditableContract
->where('is_placeholder', false);
}
/**
* @return HasMany<OrganizationInvitation, $this>
*/
public function organizationInvitations(): HasMany
{
return $this->hasMany(OrganizationInvitation::class, 'organization_id');
}
/**
* This method prevents an unhandled exception when the ID is not a UUID.
* Normally this can be fixed with a route pattern, but Jetstream does not use route model binding.
*
* @param array<string> $columns
*/
public function findOrFail(string $id, array $columns = ['*']): \Laravel\Jetstream\Team
public function findOrFail(string $id, array $columns = ['*']): Team
{
if (! Str::isUuid($id)) {
throw (new ModelNotFoundException)->setModel(

15
app/Models/OrganizationInvitation.php
View File

@@ -18,6 +18,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
* @property string $email
* @property string $role
* @property string $organization_id
* @property Carbon|null $accepted_at
* @property Carbon|null $updated_at
* @property Carbon|null $created_at
* @property-read Organization $organization
@@ -41,14 +42,16 @@ class OrganizationInvitation extends JetstreamTeamInvitation implements Auditabl
protected $table = 'organization_invitations';
/**
* The attributes that are mass assignable.
* Get the attributes that should be cast.
*
* @var array<int, string>
* @return array<string, string>
*/
protected $fillable = [
'email',
'role',
];
public function casts(): array
{
return [
'accepted_at' => 'datetime',
];
}
/**
* Get the organization that the invitation belongs to.

45
app/Models/User.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Models;
use App\Enums\Role;
use App\Enums\Weekday;
use App\Models\Concerns\CustomAuditable;
use App\Models\Concerns\HasUuids;
@@ -36,6 +37,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
* @property string $id
* @property string $name
* @property string $email
* @property string|null $pending_email
* @property Carbon|null $email_verified_at
* @property string|null $password
* @property string|null $two_factor_secret
@@ -51,6 +53,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
* @property Carbon|null $updated_at
* @property string|null $current_team_id
* @property Collection<int, Organization> $organizations
* @property Collection<int, Organization> $ownedOrganizations
* @property Collection<int, TimeEntry> $timeEntries
* @property Member $membership
*
@@ -105,6 +108,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
protected $casts = [
'name' => 'string',
'email' => 'string',
'pending_email' => 'string',
'email_verified_at' => 'datetime',
'is_admin' => 'boolean',
'is_placeholder' => 'boolean',
@@ -129,16 +133,39 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
{
return Attribute::get(function (): string {
return $this->profile_photo_path
? Storage::disk($this->profilePhotoDisk())->url($this->profile_photo_path)
? Storage::disk(config('filesystems.public'))->url($this->profile_photo_path)
: $this->defaultProfilePhotoUrl();
});
}
/**
* Get the default profile photo URL if no profile photo has been uploaded.
*/
protected function defaultProfilePhotoUrl(): string
{
$name = trim(collect(explode(' ', $this->name))->map(function ($segment) {
return mb_substr($segment, 0, 1);
})->join(' '));
return 'https://ui-avatars.com/api/?name='.urlencode($name).'&color=7F9CF5&background=EBF4FF';
}
public function canAccessPanel(Panel $panel): bool
{
return in_array($this->email, config('auth.super_admins', []), true) && $this->hasVerifiedEmail();
}
public function isMemberOfOrganization(Organization $organization): bool
{
if ($this->relationLoaded('organizations')) {
return $this->organizations->contains(function (Organization $o) use ($organization): bool {
return $o->getKey() === $organization->getKey();
});
}
return $this->organizations()->whereKey($organization->getKey())->exists();
}
public function canBeImpersonated(): bool
{
return $this->is_placeholder === false;
@@ -159,6 +186,14 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
->as('membership');
}
/**
* @return BelongsToMany<Organization, $this, Pivot, 'membership'>
*/
public function ownedOrganizations(): BelongsToMany
{
return $this->organizations()->wherePivot('role', Role::Owner->value);
}
/**
* @return HasMany<TimeEntry, $this>
*/
@@ -213,12 +248,8 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
*/
public function scopeBelongsToOrganization(Builder $builder, Organization $organization): Builder
{
return $builder->where(function (Builder $builder) use ($organization): Builder {
return $builder->whereHas('organizations', function (Builder $query) use ($organization): void {
$query->whereKey($organization->getKey());
})->orWhereHas('ownedTeams', function (Builder $query) use ($organization): void {
$query->whereKey($organization->getKey());
});
return $builder->whereHas('organizations', function (Builder $query) use ($organization): void {
$query->whereKey($organization->getKey());
});
}
}

16
app/Policies/OrganizationPolicy.php
View File

@@ -35,7 +35,7 @@ class OrganizationPolicy
return true;
}
return $user->belongsToTeam($organization);
return $user->isMemberOfOrganization($organization);
}
/**
@@ -62,18 +62,6 @@ class OrganizationPolicy
return app(PermissionStore::class)->userHas($organization, $user, 'organizations:update');
}
/**
* Determine whether the user can add team members.
*/
public function addTeamMember(User $user, Organization $organization): bool
{
if (Filament::isServing()) {
return true;
}
return true;
}
/**
* Determine whether the user can update team member permissions.
*/
@@ -109,6 +97,6 @@ class OrganizationPolicy
return true;
}
return $user->ownsTeam($organization);
return app(PermissionStore::class)->userHas($organization, $user, 'organizations:delete');
}
}

5
app/Providers/EventServiceProvider.php
View File

@@ -4,11 +4,9 @@ declare(strict_types=1);
namespace App\Providers;
use App\Listeners\RemovePlaceholder;
use Illuminate\Auth\Events\Registered;
use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
use Laravel\Jetstream\Events\TeamMemberAdded;
class EventServiceProvider extends ServiceProvider
{
@@ -21,9 +19,6 @@ class EventServiceProvider extends ServiceProvider
Registered::class => [
SendEmailVerificationNotification::class,
],
TeamMemberAdded::class => [
RemovePlaceholder::class,
],
];
/**

9
app/Providers/FortifyServiceProvider.php
View File

@@ -17,6 +17,7 @@ use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Inertia\Inertia;
use Laravel\Fortify\Contracts\TwoFactorLoginResponse;
use Laravel\Fortify\Fortify;
use Laravel\Fortify\Http\Responses\LoginResponse;
@@ -41,6 +42,14 @@ class FortifyServiceProvider extends ServiceProvider
Fortify::updateUserPasswordsUsing(UpdateUserPassword::class);
Fortify::resetUserPasswordsUsing(ResetUserPassword::class);
Fortify::registerView(function () {
return Inertia::render('Auth/Register', [
'terms_url' => config('auth.terms_url'),
'privacy_policy_url' => config('auth.privacy_policy_url'),
'newsletter_consent' => config('auth.newsletter_consent'),
]);
});
Fortify::authenticateUsing(function (Request $request): ?User {
/** @var User|null $user */
$user = User::query()

214
app/Providers/JetstreamServiceProvider.php
View File

@@ -13,20 +13,18 @@ use App\Actions\Jetstream\RemoveOrganizationMember;
use App\Actions\Jetstream\UpdateMemberRole;
use App\Actions\Jetstream\UpdateOrganization;
use App\Actions\Jetstream\ValidateOrganizationDeletion;
use App\Enums\Role;
use App\Enums\Weekday;
use App\Models\Member;
use App\Models\Organization;
use App\Models\OrganizationInvitation;
use App\Models\User;
use App\Service\PermissionStore;
use App\Service\TimezoneService;
use Brick\Money\Currency;
use Brick\Money\ISOCurrencyProvider;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;
use Inertia\Inertia;
use Laravel\Fortify\Fortify;
use Laravel\Jetstream\Actions\UpdateTeamMemberRole;
use Laravel\Jetstream\Actions\ValidateTeamDeletion;
use Laravel\Jetstream\Jetstream;
@@ -60,13 +58,6 @@ class JetstreamServiceProvider extends ServiceProvider
Jetstream::useTeamInvitationModel(OrganizationInvitation::class);
app()->singleton(UpdateTeamMemberRole::class, UpdateMemberRole::class);
app()->singleton(ValidateTeamDeletion::class, ValidateOrganizationDeletion::class);
Fortify::registerView(function () {
return Inertia::render('Auth/Register', [
'terms_url' => config('auth.terms_url'),
'privacy_policy_url' => config('auth.privacy_policy_url'),
'newsletter_consent' => config('auth.newsletter_consent'),
]);
});
Gate::define('removeTeamMember', function (User $user, Organization $team) {
return false;
});
@@ -79,205 +70,10 @@ class JetstreamServiceProvider extends ServiceProvider
{
Jetstream::defaultApiTokenPermissions([]);
Jetstream::role(Role::Owner->value, 'Owner', [
'charts:view:own',
'charts:view:all',
'projects:view',
'projects:view:all',
'projects:create',
'projects:update',
'projects:delete',
'project-members:view',
'project-members:create',
'project-members:update',
'project-members:delete',
'tasks:view',
'tasks:view:all',
'tasks:create',
'tasks:create:all',
'tasks:update',
'tasks:update:all',
'tasks:delete',
'tasks:delete:all',
'time-entries:view:all',
'time-entries:create:all',
'time-entries:update:all',
'time-entries:delete:all',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'tags:view',
'tags:create',
'tags:update',
'tags:delete',
'clients:view',
'clients:view:all',
'clients:create',
'clients:update',
'clients:delete',
'organizations:view',
'organizations:update',
'organizations:delete',
'import',
'export',
'invitations:view',
'invitations:create',
'invitations:resend',
'invitations:remove',
'members:view',
'members:invite-placeholder',
'members:change-ownership',
'members:make-placeholder',
'members:merge-into',
'members:update',
'members:delete',
'billing',
'reports:view',
'reports:create',
'reports:update',
'reports:delete',
'invoices:view',
'invoices:create',
'invoices:update',
'invoices:download',
'invoices:delete',
'invoice-settings:view',
'invoice-settings:update',
])->description('Owner users can perform any action. There is only one owner per organization.');
Jetstream::role(Role::Admin->value, 'Administrator', [
'charts:view:own',
'charts:view:all',
'projects:view',
'projects:view:all',
'projects:create',
'projects:update',
'projects:delete',
'project-members:view',
'project-members:create',
'project-members:update',
'project-members:delete',
'tasks:view',
'tasks:view:all',
'tasks:create',
'tasks:create:all',
'tasks:update',
'tasks:update:all',
'tasks:delete',
'tasks:delete:all',
'time-entries:view:all',
'time-entries:create:all',
'time-entries:update:all',
'time-entries:delete:all',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'tags:view',
'tags:create',
'tags:update',
'tags:delete',
'clients:view',
'clients:view:all',
'clients:create',
'clients:update',
'clients:delete',
'organizations:view',
'organizations:update',
'import',
'export',
'invitations:view',
'invitations:create',
'invitations:resend',
'invitations:remove',
'members:view',
'members:invite-placeholder',
'members:make-placeholder',
'members:merge-into',
'members:delete',
'members:update',
'reports:view',
'reports:create',
'reports:update',
'reports:delete',
'invoices:view',
'invoices:create',
'invoices:update',
'invoices:download',
'invoices:delete',
'invoice-settings:view',
'invoice-settings:update',
])->description('Administrator users can perform any action, except accessing the billing dashboard.');
Jetstream::role(Role::Manager->value, 'Manager', [
'charts:view:own',
'charts:view:all',
'projects:view',
'projects:view:all',
'projects:create',
'projects:update',
'projects:delete',
'project-members:view',
'project-members:create',
'project-members:update',
'project-members:delete',
'tasks:view',
'tasks:view:all',
'tasks:create',
'tasks:create:all',
'tasks:update',
'tasks:update:all',
'tasks:delete',
'tasks:delete:all',
'time-entries:view:all',
'time-entries:create:all',
'time-entries:update:all',
'time-entries:delete:all',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'tags:view',
'tags:create',
'tags:update',
'tags:delete',
'clients:view',
'clients:view:all',
'clients:create',
'clients:update',
'clients:delete',
'organizations:view',
'invitations:view',
'members:view',
'reports:view',
'reports:create',
'reports:update',
'reports:delete',
'invoices:view',
'invoices:create',
'invoices:update',
'invoices:download',
'invoices:delete',
'invoice-settings:view',
'invoice-settings:update',
])->description('Managers have full access to all projects, time entries, ect. but cannot manage the organization (add/remove member, edit the organization, ect.).');
Jetstream::role(Role::Employee->value, 'Employee', [
'charts:view:own',
'projects:view',
'tags:view',
'tasks:view',
'clients:view',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'organizations:view',
])->description('Employees have the ability to read, create, and update their own time entries, they can see the projects that they are members of and the clients they are assigned to.');
Jetstream::role(Role::Placeholder->value, 'Placeholder', [
])->description('Placeholders are used for importing data. They cannot log in and have no permissions.');
foreach (PermissionStore::roleDefinitions() as $role => $definition) {
Jetstream::role($role, $definition['name'], $definition['permissions'])
->description($definition['description']);
}
Jetstream::inertia()
->whenRendering(

45
app/Rules/Base64ImageRule.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
declare(strict_types=1);
namespace App\Rules;
use App\Support\Base64File;
use Closure;
use Illuminate\Contracts\Validation\ValidationRule;
use Illuminate\Translation\PotentiallyTranslatedString;
class Base64ImageRule implements ValidationRule
{
private const array ALLOWED_MIME_TYPES = [
'image/jpeg',
'image/png',
];
private const int MAX_BYTES = 1024 * 1024;
/**
* Run the validation rule.
*
* @param Closure(string): PotentiallyTranslatedString $fail
*/
public function validate(string $attribute, mixed $value, Closure $fail): void
{
if (! is_string($value)) {
$fail(__('validation.string'));
return;
}
$file = Base64File::decode($value);
if ($file === null || ! in_array($file['mime_type'], self::ALLOWED_MIME_TYPES, true)) {
$fail(__('validation.mimes', ['values' => 'jpg, png']));
return;
}
if (strlen($file['data']) > self::MAX_BYTES) {
$fail(__('validation.max.file', ['max' => (string) (self::MAX_BYTES / 1024)]));
}
}
}

2
app/Service/DeletionService.php
View File

@@ -173,7 +173,7 @@ class DeletionService
$user->authCodes()->delete();
// Note: Since the deletion of the profile photo is not reversible via a database rollback this needs to be done last
$user->deleteProfilePhoto();
$this->userService->deleteProfilePhoto($user);
$user->delete();

43
app/Service/InvitationService.php
View File

@@ -8,9 +8,11 @@ use App\Enums\Role;
use App\Exceptions\Api\InvitationForTheEmailAlreadyExistsApiException;
use App\Exceptions\Api\UserIsAlreadyMemberOfOrganizationApiException;
use App\Mail\OrganizationInvitationMail;
use App\Models\Member;
use App\Models\Organization;
use App\Models\OrganizationInvitation;
use App\Models\User;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Mail;
use Laravel\Jetstream\Events\InvitingTeamMember;
@@ -21,11 +23,7 @@ class InvitationService
*/
public function inviteUser(Organization $organization, string $email, Role $role): OrganizationInvitation
{
if (Member::query()
->whereBelongsTo($organization, 'organization')
->whereRelation('user', 'email', '=', $email)
->where('role', '!=', Role::Placeholder->value)
->exists()) {
if (app(MemberService::class)->isEmailAlreadyMember($organization, $email)) {
throw new UserIsAlreadyMemberOfOrganizationApiException;
}
@@ -48,4 +46,37 @@ class InvitationService
return $invitation;
}
/**
* @return Collection<int, Organization>
*/
public function processAcceptedInvitations(User $user): Collection
{
$organizations = new Collection;
$invitations = OrganizationInvitation::query()
->where('email', $user->email)
->whereNotNull('accepted_at')
->get();
foreach ($invitations as $invitation) {
$organization = $invitation->organization;
$role = Role::tryFrom($invitation->role);
if ($role === null) {
Log::error('Invalid role in invitation', [
'invitation' => $invitation->getKey(),
'role' => $invitation->role,
]);
continue;
}
app(MemberService::class)->addMember($user, $organization, $role);
$invitation->delete();
$organizations->push($organization);
}
return $organizations;
}
}

43
app/Service/MemberService.php
View File

@@ -5,6 +5,8 @@ declare(strict_types=1);
namespace App\Service;
use App\Enums\Role;
use App\Events\MemberAdded;
use App\Events\MemberAdding;
use App\Events\MemberRemoved;
use App\Exceptions\Api\CanNotRemoveOwnerFromOrganization;
use App\Exceptions\Api\ChangingRoleOfPlaceholderIsNotAllowed;
@@ -36,7 +38,8 @@ class MemberService
public function addMember(User $user, Organization $organization, Role $role, bool $asSuperAdmin = false): Member
{
if (! $asSuperAdmin) {
AddingTeamMember::dispatch($organization, $user);
MemberAdding::dispatch($user, $organization, $role);
AddingTeamMember::dispatch($organization, $user); // Legacy event
}
$member = new Member;
@@ -49,14 +52,37 @@ class MemberService
$user->currentOrganization()->associate($organization);
$user->save();
});
$this->mergePlaceholderMembersIntoExistingMember($member, $organization, $user);
if (! $asSuperAdmin) {
TeamMemberAdded::dispatch($organization, $user);
MemberAdded::dispatch($member, $organization, $user);
TeamMemberAdded::dispatch($organization, $user); // Legacy event
}
return $member;
}
private function mergePlaceholderMembersIntoExistingMember(Member $member, Organization $organization, User $user): void
{
$placeholders = Member::query()
->whereHas('user', function (Builder $query) use ($user): void {
/** @var Builder<User> $query */
$query->where('is_placeholder', '=', true)
->where('email', '=', $user->email);
})
->whereBelongsTo($organization, 'organization')
->with(['user'])
->get();
foreach ($placeholders as $placeholder) {
/** @var Member $placeholder */
$placeholderUser = $placeholder->user;
$this->assignOrganizationEntitiesToDifferentMember($organization, $placeholder, $member);
$placeholder->delete();
$placeholderUser->delete();
}
}
/**
* @throws CanNotRemoveOwnerFromOrganization
* @throws EntityStillInUseApiException
@@ -71,7 +97,7 @@ class MemberService
$isPlaceholder = $user->is_placeholder;
if (! $isPlaceholder && $user->current_team_id === $member->organization_id) {
$user->currentTeam()->disassociate();
$user->currentOrganization()->disassociate();
$user->save();
}
@@ -190,7 +216,7 @@ class MemberService
{
$user = $member->user;
if ($user->current_team_id === $member->organization_id) {
$user->currentTeam()->disassociate();
$user->currentOrganization()->disassociate();
$user->save();
}
@@ -209,4 +235,13 @@ class MemberService
$this->userService->makeSureUserHasCurrentOrganization($user);
}
}
public function isEmailAlreadyMember(Organization $organization, string $email): bool
{
return Member::query()
->whereBelongsTo($organization, 'organization')
->whereRelation('user', 'email', '=', $email)
->where('role', '!=', Role::Placeholder->value)
->exists();
}
}

270
app/Service/PermissionStore.php
View File

@@ -4,14 +4,238 @@ declare(strict_types=1);
namespace App\Service;
use App\Enums\Role;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Laravel\Jetstream\Jetstream;
use Laravel\Jetstream\Role;
class PermissionStore
{
/**
* @var array<string, array{name: string, permissions: array<string>, description: string}>
*/
private const array ROLE_DEFINITIONS = [
'owner' => [
'name' => 'Owner',
'permissions' => [
'charts:view:own',
'charts:view:all',
'projects:view',
'projects:view:all',
'projects:create',
'projects:update',
'projects:delete',
'project-members:view',
'project-members:create',
'project-members:update',
'project-members:delete',
'tasks:view',
'tasks:view:all',
'tasks:create',
'tasks:create:all',
'tasks:update',
'tasks:update:all',
'tasks:delete',
'tasks:delete:all',
'time-entries:view:all',
'time-entries:create:all',
'time-entries:update:all',
'time-entries:delete:all',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'tags:view',
'tags:create',
'tags:update',
'tags:delete',
'clients:view',
'clients:view:all',
'clients:create',
'clients:update',
'clients:delete',
'organizations:view',
'organizations:update',
'organizations:delete',
'import',
'export',
'invitations:view',
'invitations:create',
'invitations:resend',
'invitations:remove',
'members:view',
'members:invite-placeholder',
'members:change-ownership',
'members:make-placeholder',
'members:merge-into',
'members:update',
'members:delete',
'billing',
'reports:view',
'reports:create',
'reports:update',
'reports:delete',
'invoices:view',
'invoices:create',
'invoices:update',
'invoices:download',
'invoices:delete',
'invoice-settings:view',
'invoice-settings:update',
],
'description' => 'Owner users can perform any action. There is only one owner per organization.',
],
'admin' => [
'name' => 'Administrator',
'permissions' => [
'charts:view:own',
'charts:view:all',
'projects:view',
'projects:view:all',
'projects:create',
'projects:update',
'projects:delete',
'project-members:view',
'project-members:create',
'project-members:update',
'project-members:delete',
'tasks:view',
'tasks:view:all',
'tasks:create',
'tasks:create:all',
'tasks:update',
'tasks:update:all',
'tasks:delete',
'tasks:delete:all',
'time-entries:view:all',
'time-entries:create:all',
'time-entries:update:all',
'time-entries:delete:all',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'tags:view',
'tags:create',
'tags:update',
'tags:delete',
'clients:view',
'clients:view:all',
'clients:create',
'clients:update',
'clients:delete',
'organizations:view',
'organizations:update',
'import',
'export',
'invitations:view',
'invitations:create',
'invitations:resend',
'invitations:remove',
'members:view',
'members:invite-placeholder',
'members:make-placeholder',
'members:merge-into',
'members:delete',
'members:update',
'reports:view',
'reports:create',
'reports:update',
'reports:delete',
'invoices:view',
'invoices:create',
'invoices:update',
'invoices:download',
'invoices:delete',
'invoice-settings:view',
'invoice-settings:update',
],
'description' => 'Administrator users can perform any action, except accessing the billing dashboard.',
],
'manager' => [
'name' => 'Manager',
'permissions' => [
'charts:view:own',
'charts:view:all',
'projects:view',
'projects:view:all',
'projects:create',
'projects:update',
'projects:delete',
'project-members:view',
'project-members:create',
'project-members:update',
'project-members:delete',
'tasks:view',
'tasks:view:all',
'tasks:create',
'tasks:create:all',
'tasks:update',
'tasks:update:all',
'tasks:delete',
'tasks:delete:all',
'time-entries:view:all',
'time-entries:create:all',
'time-entries:update:all',
'time-entries:delete:all',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'tags:view',
'tags:create',
'tags:update',
'tags:delete',
'clients:view',
'clients:view:all',
'clients:create',
'clients:update',
'clients:delete',
'organizations:view',
'invitations:view',
'members:view',
'reports:view',
'reports:create',
'reports:update',
'reports:delete',
'invoices:view',
'invoices:create',
'invoices:update',
'invoices:download',
'invoices:delete',
'invoice-settings:view',
'invoice-settings:update',
],
'description' => 'Managers have full access to all projects, time entries, ect. but cannot manage the organization (add/remove member, edit the organization, ect.).',
],
'employee' => [
'name' => 'Employee',
'permissions' => [
'charts:view:own',
'projects:view',
'tags:view',
'tasks:view',
'clients:view',
'time-entries:view:own',
'time-entries:create:own',
'time-entries:update:own',
'time-entries:delete:own',
'organizations:view',
],
'description' => 'Employees have the ability to read, create, and update their own time entries, they can see the projects that they are members of and the clients they are assigned to.',
],
'placeholder' => [
'name' => 'Placeholder',
'permissions' => [],
'description' => 'Placeholders are used for importing data. They cannot log in and have no permissions.',
],
];
/**
* @var array<string, array<string>>
*/
private static array $customRolePermissions = [];
/**
* @var array<string, array<string>>
*/
@@ -22,6 +246,37 @@ class PermissionStore
$this->permissionCache = [];
}
/**
* @return array<string, array{name: string, permissions: array<string>, description: string}>
*/
public static function roleDefinitions(): array
{
return self::ROLE_DEFINITIONS;
}
/**
* @param array<string> $permissions
*/
public static function registerCustomRole(string $role, array $permissions): void
{
self::$customRolePermissions[$role] = $permissions;
}
public static function resetCustomRoles(): void
{
self::$customRolePermissions = [];
}
/**
* @return array<string>
*/
public static function permissionsForRole(string $role): array
{
return self::$customRolePermissions[$role]
?? self::ROLE_DEFINITIONS[$role]['permissions']
?? [];
}
public function has(Organization $organization, string $permission): bool
{
/** @var User|null $user */
@@ -36,7 +291,7 @@ class PermissionStore
public function userHas(Organization $organization, User $user, string $permission): bool
{
if (! isset($this->permissionCache[$user->getKey().'|'.$organization->getKey()])) {
if (! $user->belongsToTeam($organization)) {
if (! $user->isMemberOfOrganization($organization)) {
return false;
}
@@ -54,7 +309,7 @@ class PermissionStore
*/
private function getPermissionsByUser(Organization $organization, User $user): array
{
if (! $user->belongsToTeam($organization)) {
if (! $user->isMemberOfOrganization($organization)) {
return [];
}
@@ -68,14 +323,11 @@ class PermissionStore
return [];
}
/** @var Role|null $roleObj */
$roleObj = Jetstream::findRole($role);
$permissions = $roleObj->permissions ?? [];
$permissions = self::permissionsForRole($role);
// If the organization allows employees to manage tasks and the user is an employee,
// add the task management permissions for accessible projects
if ($role === \App\Enums\Role::Employee->value && $organization->employees_can_manage_tasks) {
if ($role === Role::Employee->value && $organization->employees_can_manage_tasks) {
$permissions = array_merge($permissions, [
'tasks:create',
'tasks:update',

10
app/Service/ReportExport/CsvExport.php
View File

@@ -10,6 +10,9 @@ use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\File;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Storage;
use League\Csv\CannotInsertRecord;
use League\Csv\Exception;
use League\Csv\UnavailableStream;
use League\Csv\Writer;
use Spatie\TemporaryDirectory\TemporaryDirectory;
@@ -58,9 +61,9 @@ abstract class CsvExport
abstract public function mapRow(Model $model): array;
/**
* @throws \League\Csv\CannotInsertRecord
* @throws \League\Csv\Exception
* @throws \League\Csv\UnavailableStream
* @throws CannotInsertRecord
* @throws Exception
* @throws UnavailableStream
*/
public function export(): void
{
@@ -72,6 +75,7 @@ abstract class CsvExport
$writer->insertOne(static::HEADER);
$this->builder->chunk($this->chunk, function (Collection $models) use ($writer): void {
/** @var T $model */
foreach ($models as $model) {
$data = $this->mapRow($model);
$row = $this->convertRow($data);

51
app/Service/UserService.php
View File

@@ -19,6 +19,7 @@ use App\Models\TimeEntry;
use App\Models\User;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Storage;
class UserService
{
@@ -38,7 +39,7 @@ class UserService
): User {
$user = new User;
$user->name = $name;
$user->email = $email;
$user->email = strtolower($email);
$user->password = Hash::make($password);
$user->timezone = $timezone;
$user->week_start = $weekStart;
@@ -47,19 +48,21 @@ class UserService
}
$user->save();
$organization = app(OrganizationService::class)->createOrganization(
$this->getOrganizationNameForUserName($user->name),
$user,
true,
$currency,
$numberFormat,
$currencyFormat,
$dateFormat,
$intervalFormat,
$timeFormat,
);
$organizations = app(InvitationService::class)->processAcceptedInvitations($user);
$user->ownedTeams()->save($organization);
if ($organizations->isEmpty()) {
$organization = app(OrganizationService::class)->createOrganization(
$this->getOrganizationNameForUserName($user->name),
$user,
true,
$currency,
$numberFormat,
$currencyFormat,
$dateFormat,
$intervalFormat,
$timeFormat,
);
}
return $user;
}
@@ -100,13 +103,17 @@ class UserService
true
);
// Set the organization as the user's current organization
$user->currentOrganization()->associate($organization);
$user->save();
$this->switchCurrentOrganization($user, $organization);
AfterCreateOrganization::dispatch($organization);
}
public function switchCurrentOrganization(User $user, Organization $organization): void
{
$user->currentOrganization()->associate($organization);
$user->save();
}
public function getOrganizationNameForUserName(string $username): string
{
return explode(' ', $username, 2)[0]."'s Organization";
@@ -154,4 +161,16 @@ class UserService
$oldOwner->save();
}
}
public function deleteProfilePhoto(User $user): void
{
if ($user->profile_photo_path === null) {
return;
}
Storage::disk(config('filesystems.public'))->delete($user->profile_photo_path);
$user->profile_photo_path = null;
$user->save();
}
}

45
app/Support/Base64File.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
declare(strict_types=1);
namespace App\Support;
use Symfony\Component\Mime\MimeTypes;
class Base64File
{
/**
* @return array{data: string, mime_type: string}|null
*/
public static function decode(string $value): ?array
{
if (str_contains($value, ',')) {
[, $value] = explode(',', $value, 2);
}
$value = preg_replace('/\s+/', '', $value);
if ($value === null || $value === '') {
return null;
}
$decoded = base64_decode($value, true);
if ($decoded === false) {
return null;
}
$mimeType = (new \finfo(FILEINFO_MIME_TYPE))->buffer($decoded);
if ($mimeType === false) {
return null;
}
return [
'data' => $decoded,
'mime_type' => $mimeType,
];
}
public static function extension(string $mimeType): ?string
{
return MimeTypes::getDefault()->getExtensions($mimeType)[0] ?? null;
}
}

12
bootstrap/app.php
View File

@@ -1,6 +1,10 @@
<?php
declare(strict_types=1);
use App\Exceptions\Handler;
use App\Http\Kernel;
use Illuminate\Contracts\Debug\ExceptionHandler;
use Illuminate\Foundation\Application;
/*
|--------------------------------------------------------------------------
@@ -13,7 +17,7 @@ declare(strict_types=1);
|
*/
$app = new Illuminate\Foundation\Application(
$app = new Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
@@ -30,7 +34,7 @@ $app = new Illuminate\Foundation\Application(
$app->singleton(
Illuminate\Contracts\Http\Kernel::class,
App\Http\Kernel::class
Kernel::class
);
$app->singleton(
@@ -39,8 +43,8 @@ $app->singleton(
);
$app->singleton(
Illuminate\Contracts\Debug\ExceptionHandler::class,
App\Exceptions\Handler::class
ExceptionHandler::class,
Handler::class
);
/*

3383
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

21
config/app.php
View File

@@ -7,6 +7,13 @@ use App\Enums\DateFormat;
use App\Enums\IntervalFormat;
use App\Enums\NumberFormat;
use App\Enums\TimeFormat;
use App\Providers\AppServiceProvider;
use App\Providers\AuthServiceProvider;
use App\Providers\EventServiceProvider;
use App\Providers\Filament\AdminPanelProvider;
use App\Providers\FortifyServiceProvider;
use App\Providers\JetstreamServiceProvider;
use App\Providers\RouteServiceProvider;
use Illuminate\Support\Facades\Facade;
use Illuminate\Support\ServiceProvider;
use Nwidart\Modules\LaravelModulesServiceProvider;
@@ -190,13 +197,13 @@ return [
/*
* Application Service Providers...
*/
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\Filament\AdminPanelProvider::class,
App\Providers\RouteServiceProvider::class,
App\Providers\FortifyServiceProvider::class,
App\Providers\JetstreamServiceProvider::class,
AppServiceProvider::class,
AuthServiceProvider::class,
EventServiceProvider::class,
AdminPanelProvider::class,
RouteServiceProvider::class,
FortifyServiceProvider::class,
JetstreamServiceProvider::class,
// Warning: Do not add TelescopeServiceProvider here since it is already conditionally registered in AppServiceProvider
LaravelModulesServiceProvider::class,
])->toArray(),

15
config/audit.php
View File

@@ -1,6 +1,11 @@
<?php
declare(strict_types=1);
use App\Extensions\Auditing\Resolvers\CustomIpAddressResolver;
use OwenIt\Auditing\Models\Audit;
use OwenIt\Auditing\Resolvers\UrlResolver;
use OwenIt\Auditing\Resolvers\UserAgentResolver;
use OwenIt\Auditing\Resolvers\UserResolver;
return [
@@ -15,7 +20,7 @@ return [
|
*/
'implementation' => OwenIt\Auditing\Models\Audit::class,
'implementation' => Audit::class,
/*
|--------------------------------------------------------------------------
@@ -32,7 +37,7 @@ return [
'web',
'api',
],
'resolver' => OwenIt\Auditing\Resolvers\UserResolver::class,
'resolver' => UserResolver::class,
],
/*
@@ -44,9 +49,9 @@ return [
|
*/
'resolvers' => [
'ip_address' => App\Extensions\Auditing\Resolvers\CustomIpAddressResolver::class,
'user_agent' => OwenIt\Auditing\Resolvers\UserAgentResolver::class,
'url' => OwenIt\Auditing\Resolvers\UrlResolver::class,
'ip_address' => CustomIpAddressResolver::class,
'user_agent' => UserAgentResolver::class,
'url' => UrlResolver::class,
],
/*

3
config/auth.php
View File

@@ -1,6 +1,7 @@
<?php
declare(strict_types=1);
use App\Models\User;
return [
@@ -69,7 +70,7 @@ return [
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
'model' => User::class,
],
],

3
config/excel.php
View File

@@ -2,6 +2,7 @@
declare(strict_types=1);
use Maatwebsite\Excel\DefaultValueBinder;
use Maatwebsite\Excel\Excel;
use PhpOffice\PhpSpreadsheet\Reader\Csv;
@@ -226,7 +227,7 @@ return [
|
*/
'value_binder' => [
'default' => Maatwebsite\Excel\DefaultValueBinder::class,
'default' => DefaultValueBinder::class,
],
'cache' => [

15
database/factories/OrganizationInvitationFactory.php
View File

@@ -25,9 +25,24 @@ class OrganizationInvitationFactory extends Factory
'email' => $this->faker->unique()->safeEmail(),
'role' => Role::Employee->value,
'organization_id' => Organization::factory(),
'accepted_at' => null,
];
}
public function role(Role $role): self
{
return $this->state(fn (array $attributes) => [
'role' => $role->value,
]);
}
public function accepted(): self
{
return $this->state(fn (array $attributes): array => [
'accepted_at' => $this->faker->dateTime(),
]);
}
public function forOrganization(Organization $organization): self
{
return $this->state(fn (array $attributes) => [

6
database/factories/UserFactory.php
View File

@@ -9,6 +9,7 @@ use App\Enums\Weekday;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Http\FileHelpers;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Str;
@@ -27,6 +28,7 @@ class UserFactory extends Factory
return [
'name' => $this->faker->name(),
'email' => $this->faker->unique()->safeEmail(),
'pending_email' => null,
'email_verified_at' => now(),
'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password
'two_factor_secret' => null,
@@ -90,7 +92,7 @@ class UserFactory extends Factory
public function withProfilePicture(): static
{
$profilePhoto = $this->faker->image(null, 500, 500);
/** @see \Illuminate\Http\FileHelpers::hashName */
/** @see FileHelpers::hashName */
$path = 'profile-photos/'.Str::random(40).'.png';
Storage::disk(config('jetstream.profile_photo_disk', 'public'))->put($path, $profilePhoto);
@@ -118,7 +120,7 @@ class UserFactory extends Factory
$organization->owner()->associate($user);
$organization->users()->attach($user, ['role' => Role::Owner->value]);
$user->currentTeam()->associate($organization);
$user->currentOrganization()->associate($organization);
$user->save();
});
}

30
database/migrations/2026_02_11_143746_add_accepted_at_to_organization_invitations_table.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::table('organization_invitations', function (Blueprint $table): void {
$table->timestamp('accepted_at')->nullable()->after('email');
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::table('organization_invitations', function (Blueprint $table): void {
$table->dropColumn('accepted_at');
});
}
};

30
database/migrations/2026_05_21_000001_add_pending_email_to_users_table.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::table('users', function (Blueprint $table): void {
$table->string('pending_email')->nullable()->after('email');
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::table('users', function (Blueprint $table): void {
$table->dropColumn('pending_email');
});
}
};

64
database/migrations/2026_05_21_000002_lowercase_user_emails.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Support\Facades\DB;
return new class extends Migration
{
/**
* Run the migrations.
*
* @throws RuntimeException
*/
public function up(): void
{
$duplicateEmails = DB::table('users')
->selectRaw('LOWER(email) as normalized_email')
->selectRaw('COUNT(*) as user_count')
->selectRaw("STRING_AGG(id::text || ' <' || email || '>', ', ' ORDER BY email) as users")
->where('is_placeholder', false)
->groupByRaw('LOWER(email)')
->havingRaw('COUNT(*) > 1')
->orderBy('normalized_email')
->get();
if ($duplicateEmails->isNotEmpty()) {
$duplicateEmailMessage = $duplicateEmails
->take(20)
->map(fn (stdClass $duplicateEmail): string => sprintf(
'%s (%d users: %s)',
$duplicateEmail->normalized_email,
$duplicateEmail->user_count,
$duplicateEmail->users,
))
->implode('; ');
$remainingDuplicateCount = $duplicateEmails->count() - 20;
$remainingDuplicateMessage = $remainingDuplicateCount > 0
? sprintf('; and %d more duplicate normalized emails', $remainingDuplicateCount)
: '';
throw new RuntimeException(
'Cannot lowercase users.email because doing so would create duplicate non-placeholder user emails and violate the unique index on users.email for non-placeholder users. Resolve these case-insensitive duplicates first: '.
$duplicateEmailMessage.
$remainingDuplicateMessage
);
}
DB::table('users')
->whereRaw('email <> LOWER(email)')
->update([
'email' => DB::raw('LOWER(email)'),
]);
}
/**
* Reverse the migrations.
*/
public function down(): void
{
//
}
};

158
e2e/invitation-accept.spec.ts Normal file
View File

@@ -0,0 +1,158 @@
import { expect, test } from '../playwright/fixtures';
import { PLAYWRIGHT_BASE_URL, TEST_USER_PASSWORD } from '../playwright/config';
import { getInvitationAcceptUrl } from './utils/mailpit';
import { registerUser } from './utils/members';
// Invitation acceptance flows touch mail delivery + redirects.
test.describe.configure({ timeout: 45000 });
test.describe('invitation accept banners', () => {
test('shows success banner on dashboard when a logged-in registered user accepts an invitation', async ({
page,
browser,
}) => {
const memberId = Math.floor(Math.random() * 100000);
const memberEmail = `success+${memberId}@invite-banner.test`;
// Invitee already has an account and is logged in.
const invitee = await registerUser(browser, 'Banner Success', memberEmail);
// Owner sends the invitation.
await page.goto(PLAYWRIGHT_BASE_URL + '/members');
await page.getByRole('button', { name: 'Invite Member' }).click();
await expect(page.getByPlaceholder('Member Email')).toBeVisible();
await page.getByLabel('Email').fill(memberEmail);
await page.getByRole('button', { name: 'Employee' }).click();
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/invitations') &&
response.request().method() === 'POST' &&
response.status() === 204
),
page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
]);
// Invitee clicks the email link.
const acceptUrl = await getInvitationAcceptUrl(invitee.page.request, memberEmail);
await invitee.page.goto(acceptUrl);
await invitee.page.waitForURL(/\/dashboard$/);
const banner = invitee.page.getByTestId('banner');
await expect(banner).toBeVisible();
await expect(banner).toContainText(
/Great! You have accepted the invitation to join the .* organization\./
);
await invitee.close();
});
test('shows info banner on login screen when a registered-but-logged-out invitee clicks the accept link', async ({
page,
browser,
}) => {
const memberId = Math.floor(Math.random() * 100000);
const memberEmail = `loggedout+${memberId}@invite-banner.test`;
// Invitee has an account, but the context that clicks the link has no session.
const invitee = await registerUser(browser, 'Banner Loggedout', memberEmail);
await invitee.close();
// Owner sends the invitation.
await page.goto(PLAYWRIGHT_BASE_URL + '/members');
await page.getByRole('button', { name: 'Invite Member' }).click();
await expect(page.getByPlaceholder('Member Email')).toBeVisible();
await page.getByLabel('Email').fill(memberEmail);
await page.getByRole('button', { name: 'Employee' }).click();
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/invitations') &&
response.request().method() === 'POST' &&
response.status() === 204
),
page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
]);
// Open the accept link in a fresh browser context (no session).
const context = await browser.newContext();
const inviteePage = await context.newPage();
const acceptUrl = await getInvitationAcceptUrl(inviteePage.request, memberEmail);
await inviteePage.goto(acceptUrl);
await inviteePage.waitForURL(/\/login$/);
const banner = inviteePage.getByTestId('banner');
await expect(banner).toBeVisible();
await expect(banner).toContainText(
/Great! You have accepted the invitation to join the .* organization\. Please log in to access it\./
);
// Logging in lands the invitee on the dashboard — they were already added silently
// by the accept controller, so the inviter's members list shows them.
await inviteePage.getByLabel('Email').fill(memberEmail);
await inviteePage.getByLabel('Password', { exact: true }).fill(TEST_USER_PASSWORD);
await inviteePage.getByRole('button', { name: 'Log in' }).click();
await inviteePage.waitForURL(/\/dashboard/);
await page.goto(PLAYWRIGHT_BASE_URL + '/members');
const memberRow = page.getByRole('row').filter({ hasText: 'Banner Loggedout' });
await expect(memberRow).toBeVisible();
await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
await context.close();
});
test('shows info banner on register screen when an unregistered email accepts an invitation, then auto-joins on registration', async ({
page,
browser,
}) => {
const memberId = Math.floor(Math.random() * 100000);
const memberEmail = `info+${memberId}@invite-banner.test`;
// Owner invites an email that has no account yet.
await page.goto(PLAYWRIGHT_BASE_URL + '/members');
await page.getByRole('button', { name: 'Invite Member' }).click();
await expect(page.getByPlaceholder('Member Email')).toBeVisible();
await page.getByLabel('Email').fill(memberEmail);
await page.getByRole('button', { name: 'Employee' }).click();
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/invitations') &&
response.request().method() === 'POST' &&
response.status() === 204
),
page.getByRole('button', { name: 'Invite Member', exact: true }).click(),
]);
// Open the accept link in a fresh browser context (no session).
const context = await browser.newContext();
const inviteePage = await context.newPage();
const acceptUrl = await getInvitationAcceptUrl(inviteePage.request, memberEmail);
await inviteePage.goto(acceptUrl);
await inviteePage.waitForURL(/\/register$/);
const banner = inviteePage.getByTestId('banner');
await expect(banner).toBeVisible();
await expect(banner).toContainText(
/Please create an account to finish joining the .* organization\./
);
// Complete registration — the invitee should auto-join the inviter's org
// (no fresh personal organization is created on top).
await inviteePage.getByLabel('Name').fill('Banner Info');
await inviteePage.getByLabel('Email').fill(memberEmail);
await inviteePage.getByLabel('Password', { exact: true }).fill(TEST_USER_PASSWORD);
await inviteePage.getByLabel('Confirm Password').fill(TEST_USER_PASSWORD);
await inviteePage.getByLabel('I agree to the Terms of').click();
await inviteePage.getByRole('button', { name: 'Register' }).click();
await inviteePage.waitForURL(/\/dashboard/);
await page.goto(PLAYWRIGHT_BASE_URL + '/members');
const memberRow = page.getByRole('row').filter({ hasText: 'Banner Info' });
await expect(memberRow).toBeVisible();
await expect(memberRow.getByText('Employee', { exact: true })).toBeVisible();
await context.close();
});
});

370
e2e/profile.spec.ts
View File

@@ -1,30 +1,374 @@
import { test, expect } from '../playwright/fixtures';
import { PLAYWRIGHT_BASE_URL, TEST_USER_PASSWORD } from '../playwright/config';
import {
countEmailsWithSubject,
getEmailChangeVerificationUrl,
waitForEmailCount,
} from './utils/mailpit';
import { getCurrentUserViaApi } from './utils/api';
import { registerUser } from './utils/members';
import type { Page } from '@playwright/test';
import path from 'path';
async function goToProfilePage(page: Page) {
await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
}
test('test that user name can be updated', async ({ page }) => {
await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
function profileInformationForm(page: Page) {
return page
.getByRole('heading', { name: 'Profile Information', exact: true })
.locator('xpath=ancestor::*[descendant::form][1]');
}
async function saveProfileForm(page: Page): Promise<void> {
const form = profileInformationForm(page);
await form.getByRole('button', { name: 'Save' }).click();
await expect(form.getByText('Saved.', { exact: true })).toBeVisible();
}
test('user name can be updated', async ({ page }) => {
await goToProfilePage(page);
await page.getByLabel('Name', { exact: true }).fill('NEW NAME');
await Promise.all([
page.getByRole('button', { name: 'Save' }).first().click(),
page.waitForResponse('**/user/profile-information'),
]);
await saveProfileForm(page);
await page.reload();
await expect(page.getByLabel('Name', { exact: true })).toHaveValue('NEW NAME');
});
test.skip('test that user email can be updated', async ({ page }) => {
// this does not work because of email verification currently
await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
const emailId = Math.round(Math.random() * 10000);
await page.getByLabel('Email').fill(`newemail+${emailId}@test.com`);
await page.getByRole('button', { name: 'Save' }).first().click();
test('timezone change persists across reload', async ({ page }) => {
await goToProfilePage(page);
await page.getByLabel('Timezone').selectOption('America/New_York');
await saveProfileForm(page);
await page.reload();
await expect(page.getByLabel('Email')).toHaveValue(`newemail+${emailId}@test.com`);
await expect(page.getByLabel('Timezone')).toHaveValue('America/New_York');
});
test('week-start change persists across reload', async ({ page }) => {
await goToProfilePage(page);
await page.getByLabel('Start of the week').selectOption('sunday');
await saveProfileForm(page);
await page.reload();
await expect(page.getByLabel('Start of the week')).toHaveValue('sunday');
});
test('profile photo can be uploaded, persists across reload, and can be removed', async ({
page,
}) => {
await goToProfilePage(page);
const form = profileInformationForm(page);
const profilePhoto = form.getByRole('img', { name: 'John Doe' });
await expect(profilePhoto).toBeVisible();
await expect(profilePhoto).toHaveAttribute('src', /ui-avatars\.com/);
await expect(form.getByRole('button', { name: 'Remove Photo' })).toBeHidden();
await form.locator('#photo').setInputFiles(path.resolve('resources/testfiles/test.png'));
await saveProfileForm(page);
await expect(profilePhoto).toHaveAttribute('src', /profile-photos/);
await expect(form.getByRole('button', { name: 'Remove Photo' })).toBeVisible();
await page.reload();
const reloadedForm = profileInformationForm(page);
const reloadedProfilePhoto = reloadedForm.getByRole('img', { name: 'John Doe' });
await expect(reloadedProfilePhoto).toHaveAttribute('src', /profile-photos/);
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/api/v1/users/') &&
response.request().method() === 'PUT' &&
response.status() === 200
),
reloadedForm.getByRole('button', { name: 'Remove Photo' }).click(),
]);
await expect(reloadedProfilePhoto).toHaveAttribute('src', /ui-avatars\.com/);
await expect(reloadedForm.getByRole('button', { name: 'Remove Photo' })).toBeHidden();
await page.reload();
const finalForm = profileInformationForm(page);
await expect(finalForm.getByRole('img', { name: 'John Doe' })).toHaveAttribute(
'src',
/ui-avatars\.com/
);
await expect(finalForm.getByRole('button', { name: 'Remove Photo' })).toBeHidden();
});
test('field-level validation errors render inline when the server returns 422', async ({
page,
}) => {
await goToProfilePage(page);
const form = profileInformationForm(page);
await form.getByLabel('Name').fill('a'.repeat(256));
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/api/v1/users/') &&
response.request().method() === 'PUT' &&
response.status() === 422
),
form.getByRole('button', { name: 'Save' }).click(),
]);
await expect(form.getByRole('alert').filter({ hasText: /255 characters/i })).toBeVisible();
});
test('submitting a new email keeps the current email displayed after reload', async ({
page,
ctx,
}) => {
const { email: oldEmail } = await getCurrentUserViaApi(ctx);
const newEmail = `newemail+${Date.now()}@test.com`;
await goToProfilePage(page);
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
await page.reload();
await expect(page.getByLabel('Email')).toHaveValue(oldEmail);
});
test('submitting a new email sends a verification email to the new address', async ({
page,
request,
}) => {
await goToProfilePage(page);
const newEmail = `newemail+${Date.now()}@test.com`;
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
expect(await waitForEmailCount(request, newEmail, 'Verify Email Address', 1)).toBeGreaterThan(
0
);
});
test('mixed-case email is lower-cased before the verification mail is sent', async ({
page,
request,
}) => {
await goToProfilePage(page);
const stamp = Date.now();
const mixedCase = `MixedCase+${stamp}@Example.COM`;
const lowerCased = `mixedcase+${stamp}@example.com`;
await page.getByLabel('Email').fill(mixedCase);
await saveProfileForm(page);
const verifyUrl = await getEmailChangeVerificationUrl(request, lowerCased);
expect(new URL(verifyUrl).searchParams.get('email')).toBe(lowerCased);
});
test('re-submitting the current email does not send a verification email', async ({
page,
ctx,
request,
}) => {
const { email: currentEmail } = await getCurrentUserViaApi(ctx);
const beforeCount = await countEmailsWithSubject(request, currentEmail, 'Verify Email Address');
await goToProfilePage(page);
await page.getByLabel('Email').fill(currentEmail);
await saveProfileForm(page);
await new Promise((r) => setTimeout(r, 1000));
const afterCount = await countEmailsWithSubject(request, currentEmail, 'Verify Email Address');
expect(afterCount).toBe(beforeCount);
});
test('after submitting a new email the pending-email banner is shown with a resend button', async ({
page,
}) => {
await goToProfilePage(page);
const newEmail = `pending+${Date.now()}@test.com`;
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
await expect(page.getByText(`A verification link was sent to`)).toBeVisible();
await expect(page.getByText(newEmail)).toBeVisible();
await expect(page.getByRole('button', { name: 'Resend verification email' })).toBeVisible();
});
test('clicking resend sends a second verification email and shows confirmation', async ({
page,
request,
}) => {
await goToProfilePage(page);
const newEmail = `resend+${Date.now()}@test.com`;
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
const beforeCount = await waitForEmailCount(request, newEmail, 'Verify Email Address', 1);
await page.getByRole('button', { name: 'Resend verification email' }).click();
await expect(page.getByText('Verification email sent.')).toBeVisible();
const afterCount = await waitForEmailCount(
request,
newEmail,
'Verify Email Address',
beforeCount + 1
);
expect(afterCount).toBeGreaterThan(beforeCount);
});
test('cancelling a pending email change clears it and hides the banner', async ({ page, ctx }) => {
const { email: currentEmail } = await getCurrentUserViaApi(ctx);
const newEmail = `cancel+${Date.now()}@test.com`;
await goToProfilePage(page);
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
// The pending-email banner is shown with the cancel control.
await expect(page.getByText('A verification link was sent to')).toBeVisible();
await expect(page.getByText(newEmail)).toBeVisible();
const cancelButton = page.getByRole('button', { name: 'Cancel email change' });
await expect(cancelButton).toBeVisible();
// Cancelling clears the pending email server-side (204).
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/reset-pending-email') &&
response.request().method() === 'POST' &&
response.status() === 204
),
cancelButton.click(),
]);
// The banner disappears and the email field still shows the current address.
await expect(page.getByText('A verification link was sent to')).toBeHidden();
await expect(page.getByLabel('Email')).toHaveValue(currentEmail);
// The cancellation is persistent — still gone after a reload.
await page.reload();
await expect(page.getByText('A verification link was sent to')).toBeHidden();
await expect(page.getByLabel('Email')).toHaveValue(currentEmail);
});
test('re-submitting the same pending email does not send another verification email', async ({
page,
request,
}) => {
await goToProfilePage(page);
const newEmail = `dup+${Date.now()}@test.com`;
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
const beforeCount = await waitForEmailCount(request, newEmail, 'Verify Email Address', 1);
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
await new Promise((r) => setTimeout(r, 1000));
const afterCount = await countEmailsWithSubject(request, newEmail, 'Verify Email Address');
expect(afterCount).toBe(beforeCount);
});
test('clicking the verification link swaps the email and shows a success banner', async ({
page,
}) => {
await goToProfilePage(page);
const newEmail = `verify+${Date.now()}@test.com`;
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
const verifyUrl = await getEmailChangeVerificationUrl(page.request, newEmail);
await page.goto(verifyUrl);
await page.waitForURL(/\/dashboard/);
const banner = page.getByTestId('banner');
await expect(banner).toBeVisible();
await expect(banner).toContainText('Your email address has been updated successfully.');
await goToProfilePage(page);
await expect(page.getByLabel('Email')).toHaveValue(newEmail);
});
test('visiting another users verification link is forbidden', async ({ page, browser }) => {
await goToProfilePage(page);
const newEmail = `victim+${Date.now()}@test.com`;
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
const verifyUrl = await getEmailChangeVerificationUrl(page.request, newEmail);
const other = await registerUser(browser, 'Other User', `other+${Date.now()}@test.com`);
try {
const response = await other.page.goto(verifyUrl);
expect(response?.status()).toBe(403);
} finally {
await other.close();
}
});
test('a stale verification link from a previous submission is rejected', async ({ page }) => {
await goToProfilePage(page);
const stamp = Date.now();
const olderEmail = `older+${stamp}@test.com`;
const newerEmail = `newer+${stamp}@test.com`;
await page.getByLabel('Email').fill(olderEmail);
await saveProfileForm(page);
const staleUrl = await getEmailChangeVerificationUrl(page.request, olderEmail);
await page.getByLabel('Email').fill(newerEmail);
await saveProfileForm(page);
const response = await page.goto(staleUrl);
expect(response?.status()).toBe(403);
});
test('visiting the verification link while logged out redirects to login', async ({
page,
browser,
}) => {
await goToProfilePage(page);
const newEmail = `loggedout+${Date.now()}@test.com`;
await page.getByLabel('Email').fill(newEmail);
await saveProfileForm(page);
const verifyUrl = await getEmailChangeVerificationUrl(page.request, newEmail);
const anonContext = await browser.newContext();
try {
const anonPage = await anonContext.newPage();
await anonPage.goto(verifyUrl);
await anonPage.waitForURL(/\/login/);
} finally {
await anonContext.close();
}
});
test('delete account shows an error when the password is wrong', async ({ page }) => {
await goToProfilePage(page);
await page.getByRole('button', { name: 'Delete Account' }).click();
const dialog = page.getByRole('dialog');
await dialog.getByPlaceholder('Password').fill('not-the-real-password');
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/user/confirm-password') &&
response.request().method() === 'POST' &&
response.status() === 422
),
dialog.getByRole('button', { name: 'Delete Account' }).click(),
]);
await expect(dialog.getByRole('alert')).toBeVisible();
await expect(dialog).toBeVisible();
});
test('delete account succeeds with the correct password and logs the user out', async ({
page,
}) => {
await goToProfilePage(page);
await page.getByRole('button', { name: 'Delete Account' }).click();
const dialog = page.getByRole('dialog');
await dialog.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/api/v1/users/') &&
response.request().method() === 'DELETE' &&
response.status() === 204
),
dialog.getByRole('button', { name: 'Delete Account' }).click(),
]);
await page.waitForURL(/\/login/);
});
async function createNewApiToken(page) {

6
e2e/shared-reports.spec.ts
View File

@@ -469,7 +469,7 @@ test('test that creating a report with an expiration date works', async ({ page,
await datePicker.click();
// Select a date in the next month
const calendarGrid = page.getByRole('grid');
const calendarGrid = page.getByRole('gridcell').first();
await expect(calendarGrid).toBeVisible({ timeout: 5000 });
await page.getByRole('button', { name: /Next/i }).click();
await page.getByRole('gridcell').filter({ hasText: /^15$/ }).first().click();
@@ -547,7 +547,7 @@ test('test that editing a report to make it public with expiration date works',
await datePicker.click();
// Select a date in the next month
const calendarGrid = page.getByRole('grid');
const calendarGrid = page.getByRole('gridcell').first();
await expect(calendarGrid).toBeVisible({ timeout: 5000 });
await page.getByRole('button', { name: /Next/i }).click();
await page.getByRole('gridcell').filter({ hasText: /^20$/ }).first().click();
@@ -741,7 +741,7 @@ test('test that updating expiration date on already-public report works', async
await datePicker.click();
// Select the 25th of next month
const calendarGrid = page.getByRole('grid');
const calendarGrid = page.getByRole('gridcell').first();
await expect(calendarGrid).toBeVisible({ timeout: 5000 });
await page.getByRole('button', { name: /Next/i }).click();
await page.getByRole('gridcell').filter({ hasText: /^25$/ }).first().click();

6
e2e/time.spec.ts
View File

@@ -462,7 +462,7 @@ test('test that setting a date in the create modal works', async ({ page }) => {
await startDatePicker.click();
// Wait for calendar to appear
const calendarGrid = page.getByRole('grid');
const calendarGrid = page.getByRole('gridcell').first();
await expect(calendarGrid).toBeVisible({ timeout: 5000 });
// Navigate to previous month and select the 15th (a day that's always in the middle of the month)
@@ -515,7 +515,7 @@ test('test that updating the date via the time entry row range selector works',
await startDatePicker.click();
// Wait for the calendar to appear and select a day
const calendarGrid = page.getByRole('grid');
const calendarGrid = page.getByRole('gridcell').first();
await expect(calendarGrid).toBeVisible({ timeout: 5000 });
// Navigate to previous month and select the 5th
@@ -568,7 +568,7 @@ test('test that updating the end date via the time entry row range selector work
await endDatePicker.click();
// Wait for the calendar to appear
const calendarGrid = page.getByRole('grid');
const calendarGrid = page.getByRole('gridcell').first();
await expect(calendarGrid).toBeVisible({ timeout: 5000 });
// Navigate to next month and select the 20th (to ensure end > start)

2
e2e/timetracker.spec.ts
View File

@@ -293,7 +293,7 @@ test('test that setting an end time with a different date via the timetracker ra
await endDatePicker.click();
// Calendar should appear
const calendarGrid = page.getByRole('grid');
const calendarGrid = page.getByRole('gridcell').first();
await expect(calendarGrid).toBeVisible({ timeout: 5000 });
// Navigate to the next month and select a day to ensure end > start

13
e2e/utils/api.ts
View File

@@ -649,6 +649,19 @@ export async function createTimeEntryWithTimestampsViaApi(
// User profile helpers
// ──────────────────────────────────────────────────
export async function getCurrentUserViaApi(ctx: TestContext) {
const response = await ctx.request.get(`${PLAYWRIGHT_BASE_URL}/api/v1/users/me`);
expect(response.status()).toBe(200);
const body = await response.json();
return body.data as {
id: string;
name: string;
email: string;
timezone: string;
week_start: string;
};
}
export async function updateUserProfileViaWeb(
page: Page,
settings: { timezone?: string; week_start?: string }

65
e2e/utils/mailpit.ts
View File

@@ -46,7 +46,9 @@ export async function getInvitationAcceptUrl(
expect(searchResult.messages.length).toBeGreaterThan(0);
const message = await getMessage(request, searchResult.messages[0].ID);
const acceptUrlMatch = message.HTML.match(/href="([^"]*team-invitations[^"]*)"/);
const acceptUrlMatch = message.HTML.match(
/href="([^"]*(?:organization-invitations|team-invitations)[^"]*)"/
);
expect(acceptUrlMatch).toBeTruthy();
return acceptUrlMatch![1].replace(/&amp;/g, '&');
@@ -79,3 +81,64 @@ export async function getPasswordResetUrl(
return resetUrlMatch![1].replace(/&amp;/g, '&');
}
/**
* Count emails matching the given subject sent to the given address.
*/
export async function countEmailsWithSubject(
request: APIRequestContext,
recipientEmail: string,
subject: string
): Promise<number> {
const searchResult = await searchEmails(
request,
`to:${encodeURIComponent(recipientEmail)} subject:"${subject}"`
);
return searchResult.messages.length;
}
/**
* Poll Mailpit until the count of matching emails reaches `min`, or 5 attempts
* (~2.5s) elapse. Returns the final count.
*/
export async function waitForEmailCount(
request: APIRequestContext,
recipientEmail: string,
subject: string,
min: number
): Promise<number> {
let count = 0;
for (let attempt = 0; attempt < 5; attempt++) {
count = await countEmailsWithSubject(request, recipientEmail, subject);
if (count >= min) break;
await new Promise((r) => setTimeout(r, 500));
}
return count;
}
/**
* Find the email-change verification URL from a Mailpit email sent to the given address.
* Retries a few times to allow for email delivery delay.
*/
export async function getEmailChangeVerificationUrl(
request: APIRequestContext,
recipientEmail: string
): Promise<string> {
let searchResult: { messages: Array<{ ID: string }> } = { messages: [] };
for (let attempt = 0; attempt < 5; attempt++) {
searchResult = await searchEmails(
request,
`to:${encodeURIComponent(recipientEmail)} subject:"Verify Email Address"`
);
if (searchResult.messages.length > 0) break;
await new Promise((resolve) => setTimeout(resolve, 500));
}
expect(searchResult.messages.length).toBeGreaterThan(0);
const message = await getMessage(request, searchResult.messages[0].ID);
const verifyUrlMatch = message.HTML.match(/href="([^"]*verify-email-change[^"]*)"/);
expect(verifyUrlMatch).toBeTruthy();
return verifyUrlMatch![1].replace(/&amp;/g, '&');
}

2
lang/en/exceptions.php
View File

@@ -23,6 +23,7 @@ use App\Exceptions\Api\TimeEntryStillRunningApiException;
use App\Exceptions\Api\UserIsAlreadyMemberOfOrganizationApiException;
use App\Exceptions\Api\UserIsAlreadyMemberOfProjectApiException;
use App\Exceptions\Api\UserNotPlaceholderApiException;
use App\Exceptions\Api\UserResendEmailVerificationNoPendingEmailApiException;
use App\Service\Export\ExportException;
return [
@@ -49,6 +50,7 @@ return [
ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException::KEY => 'This placeholder can not be invited use the merge tool instead',
InvitationForTheEmailAlreadyExistsApiException::KEY => 'The email has already been invited to the organization. Please wait for the user to accept the invitation or resend the invitation email.',
OverlappingTimeEntryApiException::KEY => 'Overlapping time entries are not allowed.',
UserResendEmailVerificationNoPendingEmailApiException::KEY => 'Resend email not possible, no pending email.',
],
'unknown_error_in_admin_panel' => 'An unknown error occurred. Please check the logs.',
];

1903
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

85
package.json
View File

@@ -18,61 +18,62 @@
"format:check": "prettier --check './**/*.{js,jsx,cjs,mjs,ts,tsx,cts,mts,vue}'"
},
"devDependencies": {
"@eslint/eslintrc": "^3.2.0",
"@eslint/js": "^9.19.0",
"@inertiajs/vue3": "^2.0.0",
"@playwright/test": "^1.41.1",
"@tailwindcss/forms": "^0.5.9",
"@tailwindcss/typography": "^0.5.15",
"@types/chroma-js": "^3.1.0",
"@types/node": "^22.10.10",
"@vitejs/plugin-vue": "^6.0.3",
"@vue/tsconfig": "^0.8.0",
"autoprefixer": "^10.4.20",
"axios": "^1.6.4",
"eslint-plugin-unused-imports": "^4.1.4",
"@eslint/eslintrc": "^3.3.5",
"@eslint/js": "^9.39.4",
"@inertiajs/vue3": "^2.3.23",
"@playwright/test": "^1.60.0",
"@tailwindcss/forms": "^0.5.11",
"@tailwindcss/typography": "^0.5.19",
"@types/chroma-js": "^3.1.2",
"@types/node": "^22.19.19",
"@vitejs/plugin-vue": "^6.0.6",
"@vue/tsconfig": "^0.8.1",
"autoprefixer": "^10.5.0",
"axios": "^1.16.0",
"eslint-plugin-unused-imports": "^4.4.1",
"laravel-vite-plugin": "^2.1.0",
"openapi-zod-client": "^1.16.2",
"postcss": "^8.4.47",
"openapi-zod-client": "^1.18.3",
"postcss": "^8.5.14",
"postcss-import": "^15.1.0",
"postcss-nesting": "^12.1.5",
"tailwindcss": "^3.4.13",
"typescript": "^5.7.3",
"vite": "^7.0.0",
"tailwindcss": "^3.4.19",
"typescript": "^5.9.3",
"vite": "^7.3.3",
"vite-plugin-checker": "^0.12.0",
"vue": "^3.5.0",
"vue-tsc": "^3.0.0"
"vue": "^3.5.34",
"vue-tsc": "^3.2.8"
},
"dependencies": {
"@floating-ui/core": "^1.6.0",
"@floating-ui/vue": "^1.0.6",
"@heroicons/vue": "^2.1.1",
"@rushstack/eslint-patch": "^1.10.5",
"@floating-ui/core": "^1.7.5",
"@floating-ui/vue": "^1.1.11",
"@heroicons/vue": "^2.2.0",
"@lucide/vue": "^1.14.0",
"@rushstack/eslint-patch": "^1.16.1",
"@tailwindcss/container-queries": "^0.1.1",
"@tanstack/vue-form": "^1.3.1",
"@tanstack/vue-query": "^5.56.2",
"@tanstack/vue-query-devtools": "^5.58.0",
"@tanstack/vue-table": "^8.21.2",
"@tanstack/vue-form": "^1.32.0",
"@tanstack/vue-query": "^5.100.10",
"@tanstack/vue-query-devtools": "^5.91.0",
"@tanstack/vue-table": "^8.21.3",
"@vue/eslint-config-prettier": "^10.2.0",
"@vue/eslint-config-typescript": "^14.3.0",
"@vueuse/core": "^14.2.1",
"@vueuse/integrations": "^14.0.0",
"@vue/eslint-config-typescript": "^14.7.0",
"@vueuse/core": "^14.3.0",
"@vueuse/integrations": "^14.3.0",
"@zodios/core": "^10.9.6",
"chroma-js": "3.1.2",
"chroma-js": "^3.2.0",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"dayjs": "^1.11.11",
"dayjs": "^1.11.20",
"echarts": "^6.0.0",
"focus-trap": "^8.0.0",
"lucide-vue-next": "^0.487.0",
"parse-duration": "^2.0.1",
"pinia": "^3.0.0",
"radix-vue": "^1.9.6",
"reka-ui": "^2.8.2",
"tailwind-merge": "^2.6.0",
"focus-trap": "^8.2.0",
"parse-duration": "^2.1.6",
"pinia": "^3.0.4",
"radix-vue": "^1.9.17",
"reka-ui": "^2.9.7",
"tailwind-merge": "^2.6.1",
"tailwindcss-animate": "^1.0.7",
"vue-echarts": "^8.0.0",
"zod": "^3.23.8"
"vue-draggable-plus": "^0.6.1",
"vue-echarts": "^8.0.1",
"zod": "^3.25.76"
},
"overrides": {
"vite-plugin-checker": {

1
phpstan.neon
View File

@@ -14,5 +14,4 @@ parameters:
noEnvCallsOutsideOfConfig: true
ignoreErrors:
- '# is not subtype of native type Illuminate\\Database\\Eloquent\\Builder#'
- '# is not subtype of native type Illuminate\\Database\\Eloquent\\Relations\\Relation#'

4
playwright/fixtures.ts
View File

@@ -32,6 +32,9 @@ export const test = baseTest.extend<
const email = `john+${Date.now()}_${Math.floor(Math.random() * 10000)}@doe.com`;
const password = TEST_USER_PASSWORD;
const name = 'John Doe';
const timezone = await page.evaluate(
() => Intl.DateTimeFormat().resolvedOptions().timeZone
);
// Use page.context().request() so cookies are automatically shared with the page
const request = page.context().request;
@@ -64,6 +67,7 @@ export const test = baseTest.extend<
password,
password_confirmation: password,
terms: 'on',
timezone,
},
maxRedirects: 0,
});

73
resources/js/Components/Banner.vue
View File

@@ -1,36 +1,53 @@
<script setup lang="ts">
import { ref, watchEffect } from 'vue';
import { ref } from 'vue';
import { usePage } from '@inertiajs/vue3';
const ALLOWED_STYLES = ['success', 'danger', 'info', 'warning'] as const;
type BannerStyle = (typeof ALLOWED_STYLES)[number];
withDefaults(
defineProps<{
// Render as a self-contained rounded alert that sits inside a card
// (e.g. the auth card on login/register) instead of a full-width page banner.
card?: boolean;
}>(),
{ card: false }
);
const page = usePage<{
jetstream: {
flash: {
banner: string;
bannerStyle: string;
};
flash: {
bannerText?: string;
bannerStyle?: string;
};
}>();
const show = ref(true);
const style = ref('success');
const message = ref('');
const rawStyle = page.props.flash?.bannerStyle;
const message = page.props.flash?.bannerText ?? '';
const style: BannerStyle = (ALLOWED_STYLES as readonly string[]).includes(rawStyle ?? '')
? (rawStyle as BannerStyle)
: 'success';
watchEffect(async () => {
style.value = page.props.jetstream.flash?.bannerStyle || 'success';
message.value = page.props.jetstream.flash?.banner || '';
show.value = true;
});
const show = ref(true);
</script>
<template>
<div>
<div v-if="show && message" class="bg-secondary border-b border-border-secondary">
<div class="mx-auto py-1 px-3 sm:px-6 lg:px-8">
<div
v-if="show && message"
data-testid="banner"
:class="
card
? 'bg-secondary border border-border-secondary rounded-lg mb-4'
: 'bg-secondary border-b border-border-secondary'
">
<div :class="card ? 'py-2 px-3' : 'mx-auto py-1 px-3 sm:px-6 lg:px-8'">
<div class="flex items-center justify-between flex-wrap">
<div class="w-0 flex-1 flex items-center min-w-0">
<div
class="w-0 flex-1 flex min-w-0"
:class="card ? 'items-start' : 'items-center'">
<span class="flex">
<svg
v-if="style == 'success'"
v-if="style === 'success'"
class="h-6 w-6 text-text-secondary"
xmlns="http://www.w3.org/2000/svg"
fill="none"
@@ -44,7 +61,7 @@ watchEffect(async () => {
</svg>
<svg
v-if="style == 'danger'"
v-if="style === 'danger'"
class="h-5 w-5 text-text-primary"
xmlns="http://www.w3.org/2000/svg"
fill="none"
@@ -56,9 +73,25 @@ watchEffect(async () => {
stroke-linejoin="round"
d="M12 9v3.75m-9.303 3.376c-.866 1.5.217 3.374 1.948 3.374h14.71c1.73 0 2.813-1.874 1.948-3.374L13.949 3.378c-.866-1.5-3.032-1.5-3.898 0L2.697 16.126zM12 15.75h.007v.008H12v-.008z" />
</svg>
<svg
v-if="style === 'info'"
class="h-6 w-6 text-text-secondary"
xmlns="http://www.w3.org/2000/svg"
fill="none"
viewBox="0 0 24 24"
stroke-width="1.5"
stroke="currentColor">
<path
stroke-linecap="round"
stroke-linejoin="round"
d="M11.25 11.25l.041-.02a.75.75 0 011.063.852l-.708 2.836a.75.75 0 001.063.853l.041-.021M21 12a9 9 0 11-18 0 9 9 0 0118 0zm-9-3.75h.008v.008H12V8.25z" />
</svg>
</span>
<p class="ms-3 font-medium text-sm text-text-primary truncate">
<p
class="ms-3 font-medium text-sm text-text-primary"
:class="{ truncate: !card }">
{{ message }}
</p>
</div>

2
resources/js/Components/Common/Member/MemberCombobox.vue
View File

@@ -2,7 +2,7 @@
import { computed, nextTick, ref, watch } from 'vue';
import { useMembersQuery } from '@/utils/useMembersQuery';
import { UserIcon } from '@heroicons/vue/24/solid';
import { ChevronDown } from 'lucide-vue-next';
import { ChevronDown } from '@lucide/vue';
import type { ProjectMember } from '@/packages/api/src';
import type { Member } from '@/packages/api/src';
import {

2
resources/js/Components/Common/Project/ProjectDropdown.vue
View File

@@ -10,7 +10,7 @@ import {
ComboboxRoot,
ComboboxViewport,
} from 'radix-vue';
import { Check, Plus } from 'lucide-vue-next';
import { Check, Plus } from '@lucide/vue';
import type { CreateClientBody, CreateProjectBody, Project } from '@/packages/api/src';
import { UseFocusTrap } from '@vueuse/integrations/useFocusTrap/component';
import ProjectCreateModal from '@/packages/ui/src/Project/ProjectCreateModal.vue';

2
resources/js/Components/Common/Project/ProjectEditModal.vue
View File

@@ -12,7 +12,7 @@ import ClientDropdown from '@/packages/ui/src/Client/ClientDropdown.vue';
import { useClientsQuery } from '@/utils/useClientsQuery';
import ProjectColorSelector from '@/packages/ui/src/Project/ProjectColorSelector.vue';
import { Button } from '@/packages/ui/src/Buttons';
import { ChevronDown } from 'lucide-vue-next';
import { ChevronDown } from '@lucide/vue';
import { UserCircleIcon } from '@heroicons/vue/20/solid';
import EstimatedTimeSection from '@/packages/ui/src/EstimatedTimeSection.vue';
import { Field, FieldGroup, FieldLabel } from '@/packages/ui/src/field';

2
resources/js/Components/Common/Reporting/ReportingOverview.vue
View File

@@ -5,7 +5,7 @@ import {
EllipsisVerticalIcon,
LockClosedIcon,
} from '@heroicons/vue/20/solid';
import { SaveIcon } from 'lucide-vue-next';
import { SaveIcon } from '@lucide/vue';
import { getOrganizationCurrencyString } from '@/utils/money';
import {
formatReportingDuration,

2
resources/js/Components/Common/Task/TaskCreateModal.vue
View File

@@ -11,7 +11,7 @@ import EstimatedTimeSection from '@/packages/ui/src/EstimatedTimeSection.vue';
import { isAllowedToPerformPremiumAction } from '@/utils/billing';
import { Field, FieldGroup, FieldLabel } from '@/packages/ui/src/field';
import { Button } from '@/packages/ui/src/Buttons';
import { ChevronDown } from 'lucide-vue-next';
import { ChevronDown } from '@lucide/vue';
import { FolderIcon } from '@heroicons/vue/20/solid';
const { createTask } = useTasksStore();

4
resources/js/Components/ui/alert-dialog/AlertDialogAction.vue
View File

@@ -2,7 +2,7 @@
import { buttonVariants } from '@/packages/ui/src';
import { AlertDialogAction, type AlertDialogActionProps } from 'reka-ui';
import { computed, type HTMLAttributes } from 'vue';
import { twMerge } from 'tailwind-merge';
import { cn } from '@/lib/utils';
const props = defineProps<AlertDialogActionProps & { class?: HTMLAttributes['class'] }>();
const delegatedProps = computed(() => {
@@ -13,7 +13,7 @@ const delegatedProps = computed(() => {
</script>
<template>
<AlertDialogAction v-bind="delegatedProps" :class="twMerge(buttonVariants(), props.class)">
<AlertDialogAction v-bind="delegatedProps" :class="cn(buttonVariants(), props.class)">
<slot />
</AlertDialogAction>
</template>

4
resources/js/Components/ui/alert-dialog/AlertDialogCancel.vue
View File

@@ -2,7 +2,7 @@
import { buttonVariants } from '@/packages/ui/src';
import { AlertDialogCancel, type AlertDialogCancelProps } from 'reka-ui';
import { computed, type HTMLAttributes } from 'vue';
import { twMerge } from 'tailwind-merge';
import { cn } from '@/lib/utils';
const props = defineProps<AlertDialogCancelProps & { class?: HTMLAttributes['class'] }>();
@@ -16,7 +16,7 @@ const delegatedProps = computed(() => {
<template>
<AlertDialogCancel
v-bind="delegatedProps"
:class="twMerge(buttonVariants({ variant: 'outline' }), 'mt-2 sm:mt-0', props.class)">
:class="cn(buttonVariants({ variant: 'outline' }), 'mt-2 sm:mt-0', props.class)">
<slot />
</AlertDialogCancel>
</template>

2
resources/js/Layouts/AppLayout.vue
View File

@@ -18,7 +18,7 @@ import {
XMarkIcon,
DocumentTextIcon,
} from '@heroicons/vue/20/solid';
import { PanelLeft } from 'lucide-vue-next';
import { PanelLeft } from '@lucide/vue';
import NavigationSidebarItem from '@/Components/NavigationSidebarItem.vue';
import UserSettingsIcon from '@/Components/UserSettingsIcon.vue';
import MainContainer from '@/packages/ui/src/MainContainer.vue';

3
resources/js/Pages/Auth/Login.vue
View File

@@ -2,6 +2,7 @@
import { Head, Link, useForm, usePage } from '@inertiajs/vue3';
import AuthenticationCard from '@/Components/AuthenticationCard.vue';
import AuthenticationCardLogo from '@/Components/AuthenticationCardLogo.vue';
import Banner from '@/Components/Banner.vue';
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
import TextInput from '@/packages/ui/src/Input/TextInput.vue';
@@ -49,6 +50,8 @@ const page = usePage<{
</Link>
</template>
<Banner card />
<div v-if="status" class="mb-4 font-medium text-sm text-green-400">
{{ status }}
</div>

3
resources/js/Pages/Auth/Register.vue
View File

@@ -2,6 +2,7 @@
import { Head, Link, useForm, usePage } from '@inertiajs/vue3';
import AuthenticationCard from '@/Components/AuthenticationCard.vue';
import AuthenticationCardLogo from '@/Components/AuthenticationCardLogo.vue';
import Banner from '@/Components/Banner.vue';
import Checkbox from '@/packages/ui/src/Input/Checkbox.vue';
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
@@ -55,6 +56,8 @@ const page = usePage<{
</Link>
</template>
<Banner card />
<div
v-if="page.props.flash?.message"
class="bg-red-400 text-black text-center w-full px-3 py-1 mb-4 rounded-lg">

69
resources/js/Pages/Profile/Partials/DeleteUserForm.vue
View File

@@ -1,40 +1,57 @@
<script setup lang="ts">
import { ref } from 'vue';
import { useForm } from '@inertiajs/vue3';
import axios from 'axios';
import ActionSection from '@/Components/ActionSection.vue';
import DangerButton from '@/packages/ui/src/Buttons/DangerButton.vue';
import DialogModal from '@/packages/ui/src/DialogModal.vue';
import { Field, FieldError } from '@/packages/ui/src/field';
import SecondaryButton from '@/packages/ui/src/Buttons/SecondaryButton.vue';
import TextInput from '@/packages/ui/src/Input/TextInput.vue';
import { useDeleteUserMutation, useUserQuery } from '@/utils/useUserQuery';
const { user } = useUserQuery();
const deleteUserMutation = useDeleteUserMutation();
const confirmingUserDeletion = ref(false);
const passwordInput = ref<HTMLElement | null>(null);
const passwordInput = ref<HTMLInputElement | null>(null);
const password = ref('');
const passwordError = ref('');
const processing = ref(false);
const form = useForm({
password: '',
});
const confirmUserDeletion = () => {
function confirmUserDeletion() {
confirmingUserDeletion.value = true;
setTimeout(() => passwordInput.value?.focus(), 250);
};
}
const deleteUser = () => {
form.delete(route('current-user.destroy'), {
preserveScroll: true,
onSuccess: () => closeModal(),
onError: () => passwordInput.value?.focus(),
onFinish: () => form.reset(),
});
};
async function deleteUser() {
if (!user.value || processing.value) return;
processing.value = true;
passwordError.value = '';
try {
await axios.post(route('password.confirm'), { password: password.value });
} catch (error) {
processing.value = false;
if (axios.isAxiosError(error) && error.response?.status === 422) {
passwordError.value = error.response.data?.errors?.password?.[0] ?? 'Invalid password.';
} else {
passwordError.value = 'Could not confirm password. Please try again.';
}
passwordInput.value?.focus();
return;
}
try {
await deleteUserMutation.mutateAsync(user.value.id);
window.location.href = '/';
} catch {
processing.value = false;
}
}
const closeModal = () => {
function closeModal() {
confirmingUserDeletion.value = false;
form.reset();
};
password.value = '';
passwordError.value = '';
}
</script>
<template>
@@ -66,16 +83,14 @@ const closeModal = () => {
<Field class="mt-4">
<TextInput
ref="passwordInput"
v-model="form.password"
v-model="password"
type="password"
class="block w-3/4"
placeholder="Password"
autocomplete="current-password"
@keyup.enter="deleteUser" />
<FieldError v-if="form.errors.password">{{
form.errors.password
}}</FieldError>
<FieldError v-if="passwordError">{{ passwordError }}</FieldError>
</Field>
</template>
@@ -84,8 +99,8 @@ const closeModal = () => {
<DangerButton
class="ms-3"
:class="{ 'opacity-25': form.processing }"
:disabled="form.processing"
:class="{ 'opacity-25': processing }"
:disabled="processing"
@click="deleteUser">
Delete Account
</DangerButton>

328
resources/js/Pages/Profile/Partials/UpdateProfileInformationForm.vue
View File

@@ -1,93 +1,190 @@
<script setup lang="ts">
import { ref } from 'vue';
import { Link, router, useForm, usePage } from '@inertiajs/vue3';
import { computed, onBeforeUnmount, ref, watch } from 'vue';
import { usePage } from '@inertiajs/vue3';
import axios from 'axios';
import ActionMessage from '@/Components/ActionMessage.vue';
import FormSection from '@/Components/FormSection.vue';
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
import { Field, FieldError, FieldLabel } from '@/packages/ui/src/field';
import { Button } from '@/packages/ui/src/Buttons';
import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
import SecondaryButton from '@/packages/ui/src/Buttons/SecondaryButton.vue';
import TextInput from '@/packages/ui/src/Input/TextInput.vue';
import type { User } from '@/types/models';
import {
useResendUserEmailVerificationMutation,
useResetUserPendingEmailMutation,
useUpdateUserMutation,
useUserQuery,
} from '@/utils/useUserQuery';
import type { UpdateUserBody, User } from '@/packages/api/src';
const props = defineProps<{
user: User;
}>();
const { user } = useUserQuery();
const updateUser = useUpdateUserMutation();
const resendVerification = useResendUserEmailVerificationMutation();
const resetPendingEmail = useResetUserPendingEmailMutation();
const form = useForm({
_method: 'PUT',
name: props.user.name,
email: props.user.email,
photo: null as File | null,
timezone: props.user.timezone,
week_start: props.user.week_start,
});
const name = ref('');
const email = ref('');
const timezone = ref('');
const weekStart = ref('');
const verificationLinkSent = ref<boolean | null>(null);
const photoPreview = ref<ArrayBuffer | undefined | string | null>(null);
const photoBase64 = ref<string | null>(null);
const photoPreview = ref<string | null>(null);
const photoInput = ref<HTMLInputElement | null>(null);
const updateProfileInformation = () => {
if (photoInput.value && photoInput.value.files && photoInput.value.files?.length > 0) {
form.photo = photoInput.value?.files[0] ?? null;
const recentlySaved = ref(false);
const resendCooldown = ref(false);
let resendCooldownTimer: ReturnType<typeof setTimeout> | null = null;
function seedForm(u: User) {
name.value = u.name;
email.value = u.email;
timezone.value = u.timezone;
weekStart.value = u.week_start;
}
watch(
user,
(u, prev) => {
if (u && prev === undefined) seedForm(u);
},
{ immediate: true }
);
const isUserLoaded = computed(() => user.value !== undefined);
const isSaveDisabled = computed(() => !isUserLoaded.value || updateUser.isPending.value);
const pendingEmail = computed(() => user.value?.pending_email ?? null);
const hasUploadedPhoto = computed(() => {
const url = user.value?.profile_photo_url;
return !!url && !url.includes('ui-avatars.com');
});
const fieldErrors = computed<Record<string, string>>(() => {
const err = updateUser.error.value;
if (!axios.isAxiosError(err) || err.response?.status !== 422) return {};
const raw = err.response.data?.errors as Record<string, string[]> | undefined;
if (!raw) return {};
const flat: Record<string, string> = {};
for (const [key, messages] of Object.entries(raw)) {
if (Array.isArray(messages) && messages[0]) flat[key] = messages[0];
}
return flat;
});
function buildPayload(): UpdateUserBody {
if (!user.value) return {};
const body: UpdateUserBody = {};
if (name.value !== user.value.name) body.name = name.value;
const typedEmail = email.value.trim().toLowerCase();
const currentEmail = user.value.email.toLowerCase();
const currentPending = (user.value.pending_email ?? '').toLowerCase();
if (typedEmail !== currentEmail && typedEmail !== currentPending) {
body.email = email.value.trim();
}
form.post(route('user-profile-information.update'), {
errorBag: 'updateProfileInformation',
preserveScroll: true,
onSuccess: () => clearPhotoFileInput(),
});
};
if (timezone.value !== user.value.timezone) body.timezone = timezone.value;
if (weekStart.value !== user.value.week_start) {
body.week_start = weekStart.value as UpdateUserBody['week_start'];
}
if (photoBase64.value !== null) body.photo = photoBase64.value;
return body;
}
const sendEmailVerification = () => {
verificationLinkSent.value = true;
};
function clearPhotoInput() {
if (photoInput.value) photoInput.value.value = '';
photoBase64.value = null;
photoPreview.value = null;
}
const selectNewPhoto = () => {
function selectNewPhoto() {
if (!isUserLoaded.value) return;
photoInput.value?.click();
};
}
const updatePhotoPreview = () => {
if (photoInput.value?.files) {
const photo = photoInput.value?.files[0];
if (!photo) return;
function readSelectedPhoto() {
if (!isUserLoaded.value) return;
const file = photoInput.value?.files?.[0];
if (!file) return;
const reader = new FileReader();
reader.onload = (e) => {
const dataUrl = e.target?.result as string;
photoBase64.value = dataUrl;
photoPreview.value = dataUrl;
};
reader.readAsDataURL(file);
}
const reader = new FileReader();
reader.onload = (e) => {
photoPreview.value = e.target?.result;
};
reader.readAsDataURL(photo);
async function save() {
if (isSaveDisabled.value || !user.value) return;
const body = buildPayload();
if (Object.keys(body).length === 0) {
flashSaved();
return;
}
};
const deletePhoto = () => {
router.delete(route('current-user-photo.destroy'), {
preserveScroll: true,
onSuccess: () => {
photoPreview.value = null;
clearPhotoFileInput();
},
});
};
const clearPhotoFileInput = () => {
if (photoInput.value?.value) {
photoInput.value.value = '';
try {
const updated = await updateUser.mutateAsync({ userId: user.value.id, body });
seedForm(updated);
clearPhotoInput();
flashSaved();
} catch {
// 422: field errors render via fieldErrors. Other errors: toast handled in the mutation.
}
};
}
async function removePhoto() {
if (!isUserLoaded.value || updateUser.isPending.value || !user.value) return;
try {
await updateUser.mutateAsync({ userId: user.value.id, body: { photo: null } });
clearPhotoInput();
} catch {
// notification handled by mutation
}
}
async function clickResend() {
if (!user.value || resendCooldown.value || resendVerification.isPending.value) return;
try {
await resendVerification.mutateAsync(user.value.id);
resendCooldown.value = true;
if (resendCooldownTimer) clearTimeout(resendCooldownTimer);
resendCooldownTimer = setTimeout(() => {
resendCooldown.value = false;
}, 5000);
} catch {
// notification handled by mutation
}
}
async function clickCancelEmailChange() {
if (!user.value || resetPendingEmail.isPending.value) return;
try {
// Clears pending_email on the server; the pending banner hides once the
// me query refetches. The email field already shows the current address.
await resetPendingEmail.mutateAsync(user.value.id);
} catch {
// notification handled by mutation
}
}
function flashSaved() {
recentlySaved.value = true;
setTimeout(() => (recentlySaved.value = false), 2000);
}
onBeforeUnmount(() => {
if (resendCooldownTimer) clearTimeout(resendCooldownTimer);
});
const page = usePage<{
jetstream: {
managesProfilePhotos: boolean;
hasEmailVerification: boolean;
};
jetstream: { managesProfilePhotos: boolean };
timezones: Record<string, string>;
weekdays: Record<string, string>;
}>();
</script>
<template>
<FormSection @submitted="updateProfileInformation">
<template #title> Profile Information</template>
<FormSection @submitted="save">
<template #title>Profile Information</template>
<template #description>
Update your account's profile information and email address.
@@ -96,44 +193,51 @@ const page = usePage<{
<template #form>
<!-- Profile Photo -->
<div v-if="page.props.jetstream.managesProfilePhotos" class="col-span-6 sm:col-span-4">
<!-- Profile Photo File Input -->
<input
id="photo"
ref="photoInput"
type="file"
accept="image/jpeg,image/png"
class="hidden"
@change="updatePhotoPreview" />
:disabled="!isUserLoaded"
@change="readSelectedPhoto" />
<FieldLabel for="photo">Photo</FieldLabel>
<!-- Current Profile Photo -->
<div v-show="!photoPreview" class="mt-2">
<img
v-if="user"
:src="user.profile_photo_url"
:alt="user.name"
class="rounded-full h-20 w-20 object-cover" />
</div>
<!-- New Profile Photo Preview -->
<div v-show="photoPreview" class="mt-2">
<span
class="block rounded-full w-20 h-20 bg-cover bg-no-repeat bg-center"
:style="'background-image: url(\'' + photoPreview + '\');'" />
</div>
<SecondaryButton class="mt-2 me-2" type="button" @click.prevent="selectNewPhoto">
<SecondaryButton
class="mt-2 me-2"
type="button"
:disabled="!isUserLoaded"
@click.prevent="selectNewPhoto">
Select A New Photo
</SecondaryButton>
<SecondaryButton
v-if="user.profile_photo_path"
v-if="hasUploadedPhoto"
type="button"
class="mt-2"
@click.prevent="deletePhoto">
:disabled="!isUserLoaded || updateUser.isPending.value"
@click.prevent="removePhoto">
Remove Photo
</SecondaryButton>
<FieldError v-if="form.errors.photo">{{ form.errors.photo }}</FieldError>
<FieldError v-if="fieldErrors.photo" class="mt-2">
{{ fieldErrors.photo }}
</FieldError>
</div>
<!-- Name -->
@@ -141,12 +245,13 @@ const page = usePage<{
<FieldLabel for="name">Name</FieldLabel>
<TextInput
id="name"
v-model="form.name"
v-model="name"
type="text"
class="block w-full"
required
:disabled="!isUserLoaded"
autocomplete="name" />
<FieldError v-if="form.errors.name">{{ form.errors.name }}</FieldError>
<FieldError v-if="fieldErrors.name">{{ fieldErrors.name }}</FieldError>
</Field>
<!-- Email -->
@@ -154,34 +259,39 @@ const page = usePage<{
<FieldLabel for="email">Email</FieldLabel>
<TextInput
id="email"
v-model="form.email"
v-model="email"
type="email"
class="block w-full"
required
:disabled="!isUserLoaded"
autocomplete="username" />
<FieldError v-if="form.errors.email">{{ form.errors.email }}</FieldError>
<FieldError v-if="fieldErrors.email">{{ fieldErrors.email }}</FieldError>
<div
v-if="
page.props.jetstream.hasEmailVerification && user.email_verified_at === null
">
<p class="text-sm mt-2 text-text-primary">
Your email address is unverified.
<Link
:href="route('verification.send')"
method="post"
as="button"
class="underline text-sm text-text-secondary hover:text-text-secondary rounded-md focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 dark:focus:ring-offset-gray-800"
@click.prevent="sendEmailVerification">
Click here to re-send the verification email.
</Link>
<div v-if="pendingEmail" class="mt-2 text-sm">
<p class="text-text-primary">
A verification link was sent to
<span class="font-medium">{{ pendingEmail }}</span
>. Click the link in the email to confirm the change.
</p>
<div
v-show="verificationLinkSent"
class="mt-2 font-medium text-sm text-green-400">
A new verification link has been sent to your email address.
<div class="mt-2 -ms-3 flex flex-wrap items-center gap-x-1 gap-y-1">
<Button
v-if="!resendCooldown"
variant="ghost"
size="sm"
type="button"
:disabled="!isUserLoaded || resendVerification.isPending.value"
@click="clickResend">
Resend verification email
</Button>
<p v-else class="ms-3 font-medium text-green-400">Verification email sent.</p>
<Button
variant="ghost"
size="sm"
type="button"
:disabled="!isUserLoaded || resetPendingEmail.isPending.value"
@click="clickCancelEmailChange">
Cancel email change
</Button>
</div>
</div>
</Field>
@@ -191,19 +301,20 @@ const page = usePage<{
<FieldLabel for="timezone">Timezone</FieldLabel>
<select
id="timezone"
v-model="form.timezone"
v-model="timezone"
name="timezone"
required
:disabled="!isUserLoaded"
class="block w-full border-input-border bg-input-background text-text-primary focus:border-input-border-active rounded-md shadow-sm">
<option value="" disabled>Select a Timezone</option>
<option
v-for="(timezoneTranslated, timezoneKey) in $page.props.timezones"
:key="timezoneKey"
:value="timezoneKey">
v-for="(timezoneTranslated, timezoneValue) in page.props.timezones"
:key="timezoneValue"
:value="timezoneValue">
{{ timezoneTranslated }}
</option>
</select>
<FieldError v-if="form.errors.timezone">{{ form.errors.timezone }}</FieldError>
<FieldError v-if="fieldErrors.timezone">{{ fieldErrors.timezone }}</FieldError>
</Field>
<!-- Week start -->
@@ -211,26 +322,27 @@ const page = usePage<{
<FieldLabel for="week_start">Start of the week</FieldLabel>
<select
id="week_start"
v-model="form.week_start"
v-model="weekStart"
name="week_start"
required
:disabled="!isUserLoaded"
class="block w-full border-input-border bg-input-background text-text-primary focus:border-input-border-active rounded-md shadow-sm">
<option value="" disabled>Select a week day</option>
<option
v-for="(weekdayTranslated, weekdayKey) in $page.props.weekdays"
:key="weekdayKey"
:value="weekdayKey">
v-for="(weekdayTranslated, weekdayValue) in page.props.weekdays"
:key="weekdayValue"
:value="weekdayValue">
{{ weekdayTranslated }}
</option>
</select>
<FieldError v-if="form.errors.week_start">{{ form.errors.week_start }}</FieldError>
<FieldError v-if="fieldErrors.week_start">{{ fieldErrors.week_start }}</FieldError>
</Field>
</template>
<template #actions>
<ActionMessage :on="form.recentlySuccessful" class="me-3"> Saved. </ActionMessage>
<ActionMessage :on="recentlySaved" class="me-3"> Saved. </ActionMessage>
<PrimaryButton :class="{ 'opacity-25': form.processing }" :disabled="form.processing">
<PrimaryButton :class="{ 'opacity-25': isSaveDisabled }" :disabled="isSaveDisabled">
Save
</PrimaryButton>
</template>

2
resources/js/Pages/Profile/Show.vue
View File

@@ -39,7 +39,7 @@ const page = usePage<{
<div>
<div class="max-w-7xl mx-auto py-10 sm:px-6 lg:px-8">
<div v-if="page.props.jetstream.canUpdateProfileInformation">
<UpdateProfileInformationForm :user="page.props.auth.user" />
<UpdateProfileInformationForm />
<SectionBorder />
</div>

3
resources/js/packages/api/package.json
View File

@@ -12,6 +12,7 @@
},
"scripts": {
"build": "vite build",
"watch": "vite build --watch",
"test": "echo \"Error: no test specified\" && exit 1"
},
"files": [
@@ -28,7 +29,7 @@
"author": "solidtime",
"license": "AGPL-3.0",
"devDependencies": {
"vite-plugin-dts": "^4.0.3"
"vite-plugin-dts": "^4.5.4"
},
"peerDependencies": {
"@zodios/core": "^10.9.6",

3
resources/js/packages/api/src/index.ts
View File

@@ -122,6 +122,9 @@ export type CreateInvoiceBody = ZodiosBodyByAlias<SolidTimeApi, 'createInvoice'>
export type UpdateInvoiceBody = ZodiosBodyByAlias<SolidTimeApi, 'updateInvoice'>;
export type User = ZodiosResponseByAlias<SolidTimeApi, 'getMe'>['data'];
export type UpdateUserBody = ZodiosBodyByAlias<SolidTimeApi, 'updateUser'>;
const api = createApiClient('/api', { validate: 'none' });
export { createApiClient, api };

206
resources/js/packages/api/src/openapi.json.client.ts
View File

@@ -688,11 +688,22 @@ const UserResource = z
id: z.string(),
name: z.string(),
email: z.string(),
pending_email: z.union([z.string(), z.null()]),
profile_photo_url: z.string(),
timezone: z.string(),
week_start: Weekday,
})
.passthrough();
const UserUpdateRequest = z
.object({
name: z.string(),
email: z.string(),
photo: z.union([z.string(), z.null()]),
timezone: z.string(),
week_start: Weekday,
})
.partial()
.passthrough();
const PersonalMembershipResource = z
.object({
id: z.string(),
@@ -764,6 +775,7 @@ export const schemas = {
TimeEntryUpdateMultipleRequest,
TimeEntryUpdateRequest,
UserResource,
UserUpdateRequest,
PersonalMembershipResource,
};
@@ -1886,6 +1898,54 @@ const endpoints = makeApi([
},
],
},
{
method: 'post',
path: '/v1/organizations/:organization/invoices/:invoice/copy',
alias: 'copyInvoice',
requestFormat: 'json',
parameters: [
{
name: 'body',
type: 'Body',
schema: z.object({ reference: z.string() }).passthrough(),
},
{
name: 'organization',
type: 'Path',
schema: z.string(),
},
{
name: 'invoice',
type: 'Path',
schema: z.string(),
},
],
response: z.object({ data: DetailedInvoiceResource }).passthrough(),
errors: [
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 404,
description: `Not found`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 422,
description: `Validation error`,
schema: z
.object({ message: z.string(), errors: z.record(z.array(z.string())) })
.passthrough(),
},
],
},
{
method: 'get',
path: '/v1/organizations/:organization/invoices/:invoice',
@@ -4419,7 +4479,7 @@ The report is considered public if the &#x60;is_public&#x60; field is set to &#x
method: 'get',
path: '/v1/users/me',
alias: 'getMe',
description: `This endpoint is independent of organization.`,
description: `This endpoint is independent of the organization.`,
requestFormat: 'json',
response: z.object({ data: UserResource }).passthrough(),
errors: [
@@ -4435,6 +4495,150 @@ The report is considered public if the &#x60;is_public&#x60; field is set to &#x
},
],
},
{
method: 'put',
path: '/v1/users/:user',
alias: 'updateUser',
description: `This endpoint is independent of the organization.`,
requestFormat: 'json',
parameters: [
{
name: 'body',
type: 'Body',
schema: UserUpdateRequest,
},
{
name: 'user',
type: 'Path',
schema: z.string(),
},
],
response: z.object({ data: UserResource }).passthrough(),
errors: [
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 422,
description: `Validation error`,
schema: z
.object({ message: z.string(), errors: z.record(z.array(z.string())) })
.passthrough(),
},
],
},
{
method: 'delete',
path: '/v1/users/:user',
alias: 'deleteUser',
description: `This endpoint is independent of the organization.`,
requestFormat: 'json',
parameters: [
{
name: 'user',
type: 'Path',
schema: z.string(),
},
],
response: z.void(),
errors: [
{
status: 400,
description: `API exception`,
schema: z
.object({ error: z.boolean(), key: z.string(), message: z.string() })
.passthrough(),
},
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 404,
description: `Not found`,
schema: z.object({ message: z.string() }).passthrough(),
},
],
},
{
method: 'post',
path: '/v1/users/:user/reset-pending-email',
alias: 'resetUserPendingEmail',
description: `This endpoint is independent of the organization.`,
requestFormat: 'json',
parameters: [
{
name: 'user',
type: 'Path',
schema: z.string(),
},
],
response: z.void(),
errors: [
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 404,
description: `Not found`,
schema: z.object({ message: z.string() }).passthrough(),
},
],
},
{
method: 'post',
path: '/v1/users/:user/resend-email-verification',
alias: 'resendUserEmailVerification',
description: `This endpoint is independent of the organization.`,
requestFormat: 'json',
parameters: [
{
name: 'user',
type: 'Path',
schema: z.string(),
},
],
response: z.void(),
errors: [
{
status: 400,
description: `API exception`,
schema: z
.object({ error: z.boolean(), key: z.string(), message: z.string() })
.passthrough(),
},
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
],
},
{
method: 'get',
path: '/v1/users/me/api-tokens',

8
resources/js/packages/ui/package.json
View File

@@ -48,10 +48,10 @@
"author": "solidtime",
"license": "AGPL-3.0",
"devDependencies": {
"@types/chroma-js": "^3.1.0",
"@types/chroma-js": "^3.1.2",
"@zodios/core": "^10.9.6",
"vite-plugin-dts": "^4.0.3",
"zod": "^3.23.8"
"vite-plugin-dts": "^4.5.4",
"zod": "^3.25.76"
},
"peerDependencies": {
"@floating-ui/vue": "^1.1.4",
@@ -64,7 +64,7 @@
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"dayjs": "^1.11.13",
"lucide-vue-next": ">=0.453.0",
"@lucide/vue": ">=1.0.0",
"@internationalized/date": "^3.0.0",
"parse-duration": "^2.0.1",
"radix-vue": "^1.9.0",

Some files were not shown because too many files have changed in this diff Show More