add api key e2e tests and improve labels

add api token expiry information notices
fix inconsistencies in dropdown highlighted item, indirectly fix flaky project member test
2026-06-15 13:32:43 +01:00 · 2025-02-13 13:57:47 +01:00 · 2025-02-13 13:09:55 +01:00 · 2025-02-13 12:51:28 +01:00 · 2025-02-12 18:26:27 -05:00 · 2025-02-11 14:44:59 -05:00
695 changed files with 40186 additions and 9089 deletions
--- a/.env.ci
+++ b/.env.ci
@@ -1,57 +1,58 @@
+# Application
 APP_NAME=solidtime
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
 APP_URL=http://localhost
 APP_FORCE_HTTPS=false
-SESSION_SECURE_COOKIE=false
+APP_ENABLE_REGISTRATION=true

+# Logging
 LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug

+# Database
 DB_CONNECTION=pgsql_test
-
 DB_TEST_HOST=127.0.0.1
 DB_TEST_PORT=5432
 DB_TEST_DATABASE=laravel
 DB_TEST_USERNAME=root
 DB_TEST_PASSWORD=root

-BROADCAST_DRIVER=log
+# Broadcasting
+BROADCAST_DRIVER=null
+
+# Cache
 CACHE_DRIVER=file
-FILESYSTEM_DISK=local
+
+# Queue
 QUEUE_CONNECTION=sync
+
+# Session
 SESSION_DRIVER=database
 SESSION_LIFETIME=120

-MEMCACHED_HOST=127.0.0.1
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
+# Mail
 MAIL_MAILER=log
-MAIL_FROM_ADDRESS="hello@example.com"
-MAIL_FROM_NAME="${APP_NAME}"
+MAIL_FROM_ADDRESS="no-reply@solidtime.test"
+MAIL_FROM_NAME="solidtime"
+MAIL_REPLY_TO_ADDRESS="hello@solidtime.test"
+MAIL_REPLY_TO_NAME="solidtime"

-S3_ACCESS_KEY_ID=
-S3_SECRET_ACCESS_KEY=
-S3_REGION=us-east-1
-S3_BUCKET=
-S3_USE_PATH_STYLE_ENDPOINT=false
+# Filesystems
+FILESYSTEM_DISK=local
+PUBLIC_FILESYSTEM_DISK=public

-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-PUSHER_HOST=
-PUSHER_PORT=443
-PUSHER_SCHEME=https
-PUSHER_APP_CLUSTER=mt1
+# Passport
+PASSPORT_PERSONAL_ACCESS_CLIENT_ID="9e27f54d-5dfb-4dde-99d7-834518236c92"
+PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET="EL5mXp3aF8ITjcwoOXRpbSK7zGrWhW4zTDpQXTkf"

-VITE_APP_NAME="${APP_NAME}"
-VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
-VITE_PUSHER_HOST="${PUSHER_HOST}"
-VITE_PUSHER_PORT="${PUSHER_PORT}"
-VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
-VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+# Auditing
+AUDITING_ENABLED=true
+
+# Telescope
+TELESCOPE_ENABLED=false
+
+# Services
+GOTENBERG_URL=http://0.0.0.0:3000
--- a/.env.example
+++ b/.env.example
@@ -1,17 +1,21 @@
+# Application
 APP_NAME=solidtime
 APP_ENV=local
 APP_KEY=base64:UNQNf1SXeASNkWux01Rj8EnHYx8FO0kAxWNDwktclkk=
 APP_DEBUG=true
 APP_URL=https://solidtime.test
-
+APP_FORCE_HTTPS=false
+APP_ENABLE_REGISTRATION=true
 SUPER_ADMINS=admin@example.com
+PAGINATION_PER_PAGE_DEFAULT=500

+# Logging
 LOG_CHANNEL=single
 LOG_DEPRECATIONS_CHANNEL=deprecation
 LOG_LEVEL=debug

+# Database
 DB_CONNECTION=pgsql
-
 DB_HOST=pgsql
 DB_PORT=5432
 DB_DATABASE=laravel
@@ -24,19 +28,20 @@ DB_TEST_DATABASE=laravel
 DB_TEST_USERNAME=root
 DB_TEST_PASSWORD=root

-BROADCAST_DRIVER=log
+# Broadcasting
+BROADCAST_DRIVER=null
+
+# Cache
 CACHE_DRIVER=file
-FILESYSTEM_DISK=local
+
+# Queue
 QUEUE_CONNECTION=sync
+
+# Session
 SESSION_DRIVER=database
 SESSION_LIFETIME=120

-MEMCACHED_HOST=127.0.0.1
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
+# Mail
 MAIL_MAILER=smtp
 MAIL_HOST=mailpit
 MAIL_PORT=1025
@@ -44,34 +49,39 @@ MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS="no-reply@solidtime.test"
-MAIL_FROM_NAME="${APP_NAME}"
+MAIL_FROM_NAME="solidtime"
+MAIL_REPLY_TO_ADDRESS="hello@solidtime.test"
+MAIL_REPLY_TO_NAME="solidtime"

-S3_ACCESS_KEY_ID=
-S3_SECRET_ACCESS_KEY=
+# Filesystems
+FILESYSTEM_DISK=s3
+PUBLIC_FILESYSTEM_DISK=s3
+S3_ACCESS_KEY_ID=sail
+S3_SECRET_ACCESS_KEY=password
 S3_REGION=us-east-1
-S3_BUCKET=
-S3_USE_PATH_STYLE_ENDPOINT=false
+S3_BUCKET=local
+S3_URL=http://storage.solidtime.test/local
+S3_ENDPOINT=http://storage.solidtime.test
+S3_USE_PATH_STYLE_ENDPOINT=true

-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-PUSHER_HOST=
-PUSHER_PORT=443
-PUSHER_SCHEME=https
-PUSHER_APP_CLUSTER=mt1
+# Passport
+PASSPORT_PERSONAL_ACCESS_CLIENT_ID="9e27f54d-5dfb-4dde-99d7-834518236c92"
+PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET="EL5mXp3aF8ITjcwoOXRpbSK7zGrWhW4zTDpQXTkf"

-VITE_HOST_NAME=vite.solidtime.test
-VITE_APP_NAME="${APP_NAME}"
-VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
-VITE_PUSHER_HOST="${PUSHER_HOST}"
-VITE_PUSHER_PORT="${PUSHER_PORT}"
-VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
-VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+# Auditing
+AUDITING_ENABLED=true

+# Telescope
+TELESCOPE_ENABLED=false
+
+# Services
+GOTENBERG_URL=http://gotenberg:3000
+
+# Local setup
 NGINX_HOST_NAME=solidtime.test
 NETWORK_NAME=reverse-proxy-docker-traefik_routing
-
 FORWARD_DB_PORT=5432
 FORWARD_WEB_PORT=8083
-
-PAGINATION_PER_PAGE_DEFAULT=500
+VITE_HOST_NAME=vite.solidtime.test
+VITE_APP_NAME="${APP_NAME}"
+#SAIL_XDEBUG_MODE=develop,debug,coverage
--- a/.env.production
+++ b/.env.production
@@ -1,9 +1,10 @@
 APP_NAME=solidtime
+APP_VERSION=0.0.0
+APP_BUILD=0
 VITE_APP_NAME=solidtime
 APP_ENV=production
 APP_DEBUG=false
 APP_FORCE_HTTPS=true
-SESSION_SECURE_COOKIE=true
 OCTANE_SERVER=frankenphp
 PAGINATION_PER_PAGE_DEFAULT=500

--- a/.eslintrc.cjs
+++ b/.eslintrc.cjs
@@ -1,13 +0,0 @@
-/* eslint-env node */
-require("@rushstack/eslint-patch/modern-module-resolution")
-
-module.exports = {
-    extends: ['plugin:vue/vue3-essential', '@vue/eslint-config-typescript/recommended', '@vue/eslint-config-prettier'],
-    rules: {
-        'vue/multi-word-component-names': 'off',
-        "@typescript-eslint/no-unused-vars": "off",
-        "unused-imports/no-unused-imports": "error",
-        "unused-imports/no-unused-vars": "error",
-    },
-    plugins: ['unused-imports'],
-}
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+github: solidtime-io
--- a/.github/workflows/build-private.yml
+++ b/.github/workflows/build-private.yml
@@ -15,20 +15,60 @@ name: Build - Private
 jobs:
  build:
    runs-on: ubuntu-latest
-    timeout-minutes: 10
+    timeout-minutes: 20

    steps:
      - name: "Check out code"
        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
+
+      - name: "Get build"
+        id: build
+        run: echo "build=$(git rev-parse --short=8 HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: "Get Previous tag (normal push)"
+        id: previoustag
+        if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+        with:
+          prefix: "v"
+
+      - name: "Get version"
+        id: version
+        run: |
+          if ${{ !startsWith(github.ref, 'refs/tags/v') }}; then
+            if ${{ startsWith(steps.previoustag.outputs.tag, 'v') }}; then
+              version=$(echo "${{ steps.previoustag.outputs.tag }}" | cut -c 2-)
+              echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+            else
+              echo "ERROR: No previous tag found";
+              exit 1;
+            fi
+          else
+            version=$(echo "${{ github.ref }}" | cut -c 12-)
+            echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: "Copy .env template for production"
+        run: |
+          cp .env.production .env
+          rm .env.production .env.ci .env.example
+
+      - name: "Add version to .env"
+        run: sed -i 's/APP_VERSION=0.0.0/APP_VERSION=${{ steps.version.outputs.app_version }}/g' .env
+
+      - name: "Add build to .env"
+        run: sed -i 's/APP_BUILD=0/APP_BUILD=${{ steps.build.outputs.build }}/g' .env
+
+      - name: "Output .env"
+        run: cat .env

      - name: "Use Node.js"
        uses: actions/setup-node@v4
        with:
          node-version: '20.x'

-      - name: "Copy .env template for production"
-        run: cp .env.production .env && cat .env
-
      - name: "Checkout billing extension"
        uses: actions/checkout@v4
        with:
@@ -114,6 +154,9 @@ jobs:
            type=semver,pattern={{major}}.{{minor}}
            type=sha,format=long

+      - name: "Set up QEMU"
+        uses: docker/setup-qemu-action@v3
+
      - name: "Set up Docker Buildx"
        uses: docker/setup-buildx-action@v3

@@ -125,6 +168,7 @@ jobs:
            DOCKER_FILES_BASE_PATH=docker/prod/
          file: docker/prod/Dockerfile
          push: true
+          platforms: linux/amd64
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
--- a/.github/workflows/build-public.yml
+++ b/.github/workflows/build-public.yml
@@ -14,15 +14,60 @@ on:
 name: Build - Public
 jobs:
  build:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
+    runs-on: ubuntu-22.04
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    timeout-minutes: 90

    steps:
      - name: "Check out code"
        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
+
+      - name: "Get build"
+        id: build
+        run: echo "build=$(git rev-parse --short=8 HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: "Get Previous tag (normal push)"
+        id: previoustag
+        if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+        with:
+          prefix: "v"
+
+      - name: "Get version"
+        id: version
+        run: |
+          if ${{ !startsWith(github.ref, 'refs/tags/v') }}; then
+            if ${{ startsWith(steps.previoustag.outputs.tag, 'v') }}; then
+              version=$(echo "${{ steps.previoustag.outputs.tag }}" | cut -c 2-)
+              echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+            else
+              echo "ERROR: No previous tag found";
+              exit 1;
+            fi
+          else
+            version=$(echo "${{ github.ref }}" | cut -c 12-)
+            echo "app_version=${version}" >> "$GITHUB_OUTPUT"
+          fi

      - name: "Copy .env template for production"
-        run: cp .env.production .env
+        run: |
+          cp .env.production .env
+          rm .env.production .env.ci .env.example
+
+      - name: "Add version to .env"
+        run: sed -i 's/APP_VERSION=0.0.0/APP_VERSION=${{ steps.version.outputs.app_version }}/g' .env
+
+      - name: "Add build to .env"
+        run: sed -i 's/APP_BUILD=0/APP_BUILD=${{ steps.build.outputs.build }}/g' .env
+
+      - name: "Output .env"
+        run: cat .env

      - name: "Install dependencies"
        uses: php-actions/composer@v6
@@ -48,18 +93,28 @@ jobs:
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
+      - name: "Login to GitHub Container Registry"
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
      - name: "Docker meta"
        id: "meta"
        uses: docker/metadata-action@v5
        with:
-          images: solidtime/solidtime
+          images: |
+            solidtime/solidtime
+            ghcr.io/${{ github.repository }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}

+      - name: "Set up QEMU"
+        uses: docker/setup-qemu-action@v3
+
      - name: "Set up Docker Buildx"
        uses: docker/setup-buildx-action@v3

@@ -70,7 +125,7 @@ jobs:
          file: docker/prod/Dockerfile
          build-args: |
            DOCKER_FILES_BASE_PATH=docker/prod/
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/npm-publish-api.yml
+++ b/.github/workflows/npm-publish-api.yml
@@ -0,0 +1,30 @@
+name: Publish API package to NPM
+on:
+  workflow_dispatch
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      # Setup .npmrc file to publish to npm
+      - name: Install root project dependencies
+        run: npm ci
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install dependencies
+        run: npm ci
+        working-directory: ./resources/js/packages/api
+      - name: Build package
+        run: npm run build
+        working-directory: ./resources/js/packages/api
+      - name: Publish Package
+        run: npm publish --provenance --access public
+        working-directory: ./resources/js/packages/api
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/npm-publish-ui.yml
+++ b/.github/workflows/npm-publish-ui.yml
@@ -0,0 +1,30 @@
+name: Publish UI package to NPM
+on:
+  workflow_dispatch
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install root project dependencies
+        run: npm ci
+      - name: Install package dependencies
+        run: npm ci
+        working-directory: ./resources/js/packages/ui
+      - name: Build package
+        run: npm run build
+        working-directory: ./resources/js/packages/ui
+      - name: Publish Package
+        run: npm publish --provenance --access public
+        working-directory: ./resources/js/packages/ui
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/phpunit.yml
+++ b/.github/workflows/phpunit.yml
@@ -20,7 +20,15 @@ jobs:
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
-
+      gotenberg:
+        image: gotenberg/gotenberg:8
+        ports:
+          - 3000:3000
+        options: >-
+          --health-cmd "curl --silent --fail http://localhost:3000/health"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
    steps:
      - name: "Checkout code"
        uses: actions/checkout@v4
@@ -55,7 +63,7 @@ jobs:
        run: php artisan test --stop-on-failure --coverage-text --coverage-clover=coverage.xml

      - name: "Upload coverage reports to Codecov"
-        uses: codecov/codecov-action@v4.5.0
+        uses: codecov/codecov-action@v5.3.1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          slug: solidtime-io/solidtime
--- a/.github/workflows/pint.yml
+++ b/.github/workflows/pint.yml
@@ -10,6 +10,6 @@ jobs:
        uses: actions/checkout@v4

      - name: "Check code style"
-        uses: aglipanci/laravel-pint-action@2.4
+        uses: aglipanci/laravel-pint-action@2.5
        with:
          configPath: "pint.json"
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -27,45 +27,47 @@ jobs:
      - name: "Checkout code"
        uses: actions/checkout@v4

-      - uses: actions/setup-node@v4
+      - name: "Setup node"
+        uses: actions/setup-node@v4
        with:
          node-version: '20.x'

-      - name: Setup PHP
+      - name: "Setup PHP"
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.3'
          extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv
          coverage: none

-      - name: Run composer install
+      - name: "Run composer install"
        run: composer install -n --prefer-dist

-      - name: Prepare Laravel Application
+      - name: "Prepare Laravel Application"
        run: |
          cp .env.ci .env
          php artisan key:generate
-          php artisan migrate --seed
          php artisan passport:keys
+          php artisan migrate --seed

-      - name: Install dependencies
+      - name: "Install dependencies"
        run: npm ci

-      - name: Build Frontend
+      - name: "Build Frontend"
        run: npm run build

-      - name: Run Laravel Server
+      - name: "Run Laravel Server"
        run: php artisan serve > /dev/null 2>&1 &

-      - name: Install Playwright Browsers
+      - name: "Install Playwright Browsers"
        run: npx playwright install --with-deps

-      - name: Run Playwright tests
+      - name: "Run Playwright tests"
        run: npx playwright test
        env:
          PLAYWRIGHT_BASE_URL: 'http://127.0.0.1:8000'

-      - uses: actions/upload-artifact@v4
+      - name: "Upload test results"
+        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: test-results
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 /.phpunit.cache
-/node_modules
+node_modules
+dist
 /public/build
 /public/hot
 /public/storage
--- a/README.md
+++ b/README.md
@@ -13,89 +13,25 @@ solidtime is a modern open-source time tracking application for Freelancers and

 - Time tracking: Track your time with a modern and easy-to-use interface
 - Projects: Create and manage projects and assign project members
- - Tasks: Create and manage tasks and assign tasks to project members
+ - Tasks: Create and manage tasks and assign tasks to projects
 - Clients: Create and manage clients and assign clients to projects
 - Billable rates: Set billable rates for projects, project members, organization members and organizations 
 - Multiple organizations: Create and manage multiple organizations with one account
 - Roles and permissions: Create and manage organizations
 - Import: Import your time tracking data from other time tracking applications (Supported: Toggl, Clockify, Timeentry CSV)

-## Local setup for development
+## Self Hosting

-**System requirements**
- * Docker
+If you are looking into self-hosting solidtime, you can find the guides [here](https://docs.solidtime.io/self-hosting/intro)

-First you need to download or clone the repository f.e. with `git@github.com:solidtime-io/solidtime.git`. 
+We also have an examples repository [here](https://github.com/solidtime-io/self-hosting-examples)

-After that, execute the following commands **inside the project folder**: 
+If you do not want to self-host solidtime or try it out you can sign up for [solidtime cloud](https://www.solidtime.io/)

-```bash
-docker run --rm \
-    --pull=always \
-    -v "$(pwd)":/opt \
-    -w /opt \
-    laravelsail/php83-composer:latest \
-    bash -c "composer install --ignore-platform-reqs"
+## Issues & Feature Requests

-cp .env.example .env
-
-./vendor/bin/sail up -d
-
-./vendor/bin/sail artisan key:generate
-
-./vendor/bin/sail artisan migrate:fresh --seed
-
-./vendor/bin/sail php artisan passport:install
-
-./vendor/bin/sail npm install
-
-./vendor/bin/sail npm run build
-```
-
-Make sure to set the APP_PORT and VITE_PORT inside your `.env` file to a port that is not already used by your system.
-
-By default the application will run on [localhost:8083](http://localhost:8083/)
-
-### Setup with Reverse Proxy
-
-**Additional System Requirements**
-* Traefik 2 Reverse-Proxy (https://github.com/korridor/reverse-proxy-docker-traefik)
-
-Add the following entry to your `/etc/hosts`
-
-```
-127.0.0.1 solidtime.test
-127.0.0.1 playwright.solidtime.test
-127.0.0.1 vite.solidtime.test
-127.0.0.1 mail.solidtime.test
-```
-
-### Running E2E Tests
-
-`./vendor/bin/sail up -d ` will automatically start a Playwright UI server that you can access at `https://playwright.solidtime.test`. 
-Make sure that you use HTTPS otherwise the resources will not be loaded correctly.
-
-### Recording E2E Tests
-
-To record E2E tests, you need to install and execute playwright locally (outside the Docker container) using: 
-
-```bash
-npx playwright install
-npx playwright codegen solidtime.test
-``` 
-
-### E2E Troubleshooting
-
-If E2E tests are not working at all, make sure you do not have the Vite server running and just run `npm run build` to update the version.
-If the E2E tests are not working consistently and fail with a timeout during the authentication, you might want to delete the `test-results/.auth` directory to force new test accounts to be created.
-
-### Generate ZOD Client
-
-The Zodius HTTP client is generated using the following command:
-
-```bash
-npm run zod:generate
-```
+If you find any **bugs in solidtime**, please feel free to [**open an issue**](https://github.com/solidtime-io/solidtime/issues/new) in this repository, with instructions on how to reproduce the bug. 
+If you have a **feature request**, please [**create a discussion**](https://github.com/solidtime-io/solidtime/discussions/new?category=feature-requests) in this repository.

 ## Contributing

@@ -104,6 +40,8 @@ Therefore, we do not currently accept any contributions, unless you are a member

 As soon as we feel comfortable enough that the application structure is stable enough, we will open up the project for contributions.

+We do accept contributions in the [documentation repository](https://github.com/solidtime-io/docs) f.e. to add new self-hosting guides.
+
 ## Security

 Looking to report a vulnerability? Please refer our [SECURITY.md](./SECURITY.md) file.
--- a/app/Actions/Fortify/CreateNewUser.php
+++ b/app/Actions/Fortify/CreateNewUser.php
@@ -4,16 +4,14 @@ declare(strict_types=1);

 namespace App\Actions\Fortify;

-use App\Enums\Role;
 use App\Enums\Weekday;
 use App\Events\NewsletterRegistered;
-use App\Models\Organization;
 use App\Models\User;
 use App\Service\IpLookup\IpLookupServiceContract;
 use App\Service\TimezoneService;
+use App\Service\UserService;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\DB;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\ValidationException;
 use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
@@ -34,6 +32,12 @@ class CreateNewUser implements CreatesNewUsers
     */
    public function create(array $input): User
    {
+        if (! config('app.enable_registration')) {
+            throw ValidationException::withMessages([
+                'email' => [__('Registration is disabled.')],
+            ]);
+        }
+
        Validator::make($input, [
            'name' => [
                'required',
@@ -43,9 +47,9 @@ class CreateNewUser implements CreatesNewUsers
            'email' => [
                'required',
                'string',
-                'email',
+                'email:rfc,strict',
                'max:255',
-                new UniqueEloquent(User::class, 'email', function (Builder $builder): Builder {
+                UniqueEloquent::make(User::class, 'email', function (Builder $builder): Builder {
                    /** @var Builder<User> $builder */
                    return $builder->where('is_placeholder', '=', false);
                }),
@@ -62,7 +66,10 @@ class CreateNewUser implements CreatesNewUsers
            if (app(TimezoneService::class)->isValid($input['timezone'])) {
                $timezone = $input['timezone'];
            } else {
-                Log::debug('Invalid timezone', ['timezone' => $input['timezone']]);
+                $timezone = app(TimezoneService::class)->mapLegacyTimezone($input['timezone']);
+                if ($timezone === null) {
+                    Log::debug('Invalid timezone', ['timezone' => $input['timezone']]);
+                }
            }
        }

@@ -77,30 +84,17 @@ class CreateNewUser implements CreatesNewUsers
            }
            $currency = $ipLookupResponse->currency;
        }
-
-        $user = DB::transaction(function () use ($input, $timezone, $startOfWeek, $currency) {
-            return tap(User::create([
-                'name' => $input['name'],
-                'email' => $input['email'],
-                'password' => Hash::make($input['password']),
-                'timezone' => $timezone ?? 'UTC',
-                'week_start' => $startOfWeek,
-            ]), function (User $user) use ($currency): void {
-                $organization = new Organization();
-                $organization->name = explode(' ', $user->name, 2)[0]."'s Organization";
-                $organization->personal_team = true;
-                $organization->currency = $currency ?? 'EUR';
-                $organization->owner()->associate($user);
-                $organization->save();
-
-                $organization->users()->attach(
-                    $user, [
-                        'role' => Role::Owner->value,
-                    ]
-                );
-
-                $user->ownedTeams()->save($organization);
-            });
+        $user = null;
+        DB::transaction(function () use (&$user, $input, $timezone, $startOfWeek, $currency): void {
+            $userService = app(UserService::class);
+            $user = $userService->createUser(
+                $input['name'],
+                $input['email'],
+                $input['password'],
+                $timezone ?? 'UTC',
+                $startOfWeek,
+                $currency ?? 'EUR',
+            );
        });

        $newsletterConsent = isset($input['newsletter_consent']) && (bool) $input['newsletter_consent'];
--- a/app/Actions/Fortify/UpdateUserProfileInformation.php
+++ b/app/Actions/Fortify/UpdateUserProfileInformation.php
@@ -35,7 +35,7 @@ class UpdateUserProfileInformation implements UpdatesUserProfileInformation
                'required',
                'email',
                'max:255',
-                (new UniqueEloquent(User::class, 'email'))->ignore($user->id)->query(function (Builder $query) {
+                UniqueEloquent::make(User::class, 'email')->ignore($user->id)->query(function (Builder $query) {
                    /** @var Builder<User> $query */
                    return $query->where('is_placeholder', '=', false);
                }),
--- a/app/Actions/Jetstream/AddOrganizationMember.php
+++ b/app/Actions/Jetstream/AddOrganizationMember.php
@@ -7,18 +7,16 @@ namespace App\Actions\Jetstream;
 use App\Enums\Role;
 use App\Models\Organization;
 use App\Models\User;
+use App\Service\MemberService;
 use Closure;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rule;
 use Illuminate\Validation\Rules\In;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 use Laravel\Jetstream\Contracts\AddsTeamMembers;
-use Laravel\Jetstream\Events\AddingTeamMember;
-use Laravel\Jetstream\Events\TeamMemberAdded;

 class AddOrganizationMember implements AddsTeamMembers
 {
@@ -36,15 +34,7 @@ class AddOrganizationMember implements AddsTeamMembers
            ->where('is_placeholder', '=', false)
            ->firstOrFail();

-        AddingTeamMember::dispatch($organization, $newOrganizationMember);
-
-        DB::transaction(function () use ($organization, $newOrganizationMember, $role) {
-            $organization->users()->attach(
-                $newOrganizationMember, ['role' => $role]
-            );
-        });
-
-        TeamMemberAdded::dispatch($organization, $newOrganizationMember);
+        app(MemberService::class)->addMember($newOrganizationMember, $organization, Role::from($role));
    }

    /**
@@ -71,9 +61,10 @@ class AddOrganizationMember implements AddsTeamMembers
            'email' => [
                'required',
                'email',
-                (new ExistsEloquent(User::class, 'email', function (Builder $builder) {
+                ExistsEloquent::make(User::class, 'email', function (Builder $builder) {
+                    /** @var Builder<User> $builder */
                    return $builder->where('is_placeholder', '=', false);
-                }))->withMessage(__('We were unable to find a registered user with this email address.')),
+                })->withMessage(__('We were unable to find a registered user with this email address.')),
            ],
            'role' => [
                'required',
@@ -92,7 +83,7 @@ class AddOrganizationMember implements AddsTeamMembers
     */
    protected function ensureUserIsNotAlreadyOnTeam(Organization $team, string $email): Closure
    {
-        return function ($validator) use ($team, $email) {
+        return function ($validator) use ($team, $email): void {
            $validator->errors()->addIf(
                $team->hasRealUserWithEmail($email),
                'email',
--- a/app/Actions/Jetstream/CreateOrganization.php
+++ b/app/Actions/Jetstream/CreateOrganization.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Actions\Jetstream;

 use App\Enums\Role;
+use App\Events\AfterCreateOrganization;
 use App\Models\Organization;
 use App\Models\User;
 use Illuminate\Auth\Access\AuthorizationException;
@@ -12,7 +13,6 @@ use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\ValidationException;
 use Laravel\Jetstream\Contracts\CreatesTeams;
-use Laravel\Jetstream\Events\AddingTeam;
 use Laravel\Jetstream\Jetstream;

 class CreateOrganization implements CreatesTeams
@@ -33,9 +33,7 @@ class CreateOrganization implements CreatesTeams
            'name' => ['required', 'string', 'max:255'],
        ])->validateWithBag('createTeam');

-        AddingTeam::dispatch($user);
-
-        $organization = new Organization();
+        $organization = new Organization;
        $organization->name = $input['name'];
        $organization->personal_team = false;
        $organization->owner()->associate($user);
@@ -47,10 +45,12 @@ class CreateOrganization implements CreatesTeams
            ]
        );

-        $user->ownedTeams()->save($organization);
-
        $user->switchTeam($organization);

+        // Note: The refresh is necessary for currently unknown reasons. Do not remove it.
+        $organization = $organization->refresh();
+        AfterCreateOrganization::dispatch($organization);
+
        return $organization;
    }
 }
--- a/app/Actions/Jetstream/InviteOrganizationMember.php
+++ b/app/Actions/Jetstream/InviteOrganizationMember.php
@@ -19,6 +19,6 @@ class InviteOrganizationMember implements InvitesTeamMembers
     */
    public function invite(User $user, Organization $organization, string $email, ?string $role = null): void
    {
-        throw new MovedToApiException();
+        throw new MovedToApiException;
    }
 }
--- a/app/Actions/Jetstream/RemoveOrganizationMember.php
+++ b/app/Actions/Jetstream/RemoveOrganizationMember.php
@@ -19,6 +19,6 @@ class RemoveOrganizationMember implements RemovesTeamMembers
     */
    public function remove(User $user, Organization $organization, User $teamMember): void
    {
-        throw new MovedToApiException();
+        throw new MovedToApiException;
    }
 }
--- a/app/Actions/Jetstream/UpdateMemberRole.php
+++ b/app/Actions/Jetstream/UpdateMemberRole.php
@@ -20,6 +20,6 @@ class UpdateMemberRole
     */
    public function update(User $actingUser, Organization $organization, string $userId, string $role): void
    {
-        throw new MovedToApiException();
+        throw new MovedToApiException;
    }
 }
--- a/app/Actions/Jetstream/UpdateOrganization.php
+++ b/app/Actions/Jetstream/UpdateOrganization.php
@@ -36,7 +36,7 @@ class UpdateOrganization implements UpdatesTeamNames
            'currency' => [
                'required',
                'string',
-                new CurrencyRule(),
+                new CurrencyRule,
            ],
        ])->validateWithBag('updateTeamName');

--- a/app/Actions/Jetstream/ValidateOrganizationDeletion.php
+++ b/app/Actions/Jetstream/ValidateOrganizationDeletion.php
@@ -22,7 +22,7 @@ class ValidateOrganizationDeletion
    public function validate(User $user, Organization $organization): void
    {
        if (! app(PermissionStore::class)->userHas($organization, $user, 'organizations:delete')) {
-            throw new AuthorizationException();
+            throw new AuthorizationException;
        }
    }
 }
--- a/app/Console/Commands/Admin/OrganizationDeleteCommand.php
+++ b/app/Console/Commands/Admin/OrganizationDeleteCommand.php
@@ -9,14 +9,14 @@ use App\Service\DeletionService;
 use Illuminate\Console\Command;
 use Illuminate\Support\Str;

-class DeleteOrganizationCommand extends Command
+class OrganizationDeleteCommand extends Command
 {
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
-    protected $signature = 'admin:delete-organization
+    protected $signature = 'admin:organization:delete
                { organization : The ID of the organization to delete }';

    /**
@@ -24,7 +24,7 @@ class DeleteOrganizationCommand extends Command
     *
     * @var string
     */
-    protected $description = 'Delete a organization.';
+    protected $description = 'Delete a organization';

    /**
     * Execute the console command.
--- a/app/Console/Commands/Admin/UserCreateCommand.php
+++ b/app/Console/Commands/Admin/UserCreateCommand.php
@@ -0,0 +1,92 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Admin;
+
+use App\Enums\Weekday;
+use App\Models\Organization;
+use App\Models\User;
+use App\Service\UserService;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\DB;
+use LogicException;
+
+class UserCreateCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'admin:user:create
+                { name : The name of the user }
+                { email : The email of the user }
+                { --ask-for-password : Ask for the password, otherwise the command will generate a random one }
+                { --verify-email : Verify the email address of the user }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Create a new user';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $name = $this->argument('name');
+        $email = $this->argument('email');
+        $askForPassword = (bool) $this->option('ask-for-password');
+        $verifyEmail = (bool) $this->option('verify-email');
+
+        if (User::query()->where('email', $email)->where('is_placeholder', '=', false)->exists()) {
+            $this->error('User with email "'.$email.'" already exists.');
+
+            return self::FAILURE;
+        }
+
+        if ($askForPassword) {
+            $outputPassword = false;
+            $password = $this->secret('Enter the password');
+        } else {
+            $outputPassword = true;
+            $password = bin2hex(random_bytes(16));
+        }
+
+        $user = null;
+        DB::transaction(function () use (&$user, $name, $email, $password, $verifyEmail): void {
+            $user = app(UserService::class)->createUser(
+                $name,
+                $email,
+                $password,
+                'UTC',
+                Weekday::Monday,
+                'EUR',
+                $verifyEmail
+            );
+        });
+        /** @var Organization|null $organization */
+        $organization = $user->ownedTeams->first();
+        if ($organization === null) {
+            throw new LogicException('User does not have an organization');
+        }
+
+        $this->info('Created user "'.$name.'" ("'.$email.'")');
+        $this->line('ID: '.$user->getKey());
+        $this->line('Name: '.$name);
+        $this->line('Email: '.$email);
+        if ($outputPassword) {
+            $this->line('Password: '.$password);
+        }
+        $this->line('Timezone: '.$user->timezone);
+        $this->line('Week start: '.$user->week_start->value);
+
+        // Organization
+        $this->line('Currency: '.$organization->currency);
+
+        return self::SUCCESS;
+    }
+}
--- a/app/Console/Commands/Admin/UserVerifyCommand.php
+++ b/app/Console/Commands/Admin/UserVerifyCommand.php
@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Admin;
+
+use App\Models\User;
+use Illuminate\Auth\Events\Verified;
+use Illuminate\Console\Command;
+
+class UserVerifyCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'admin:user:verify
+                { email : The email of the user to verify }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Verify the email address of an user';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $email = $this->argument('email');
+
+        $this->info('Start verifying user with email "'.$email.'"');
+
+        /** @var User|null $user */
+        $user = User::query()->where('email', $email)
+            ->where('is_placeholder', '=', false)
+            ->first();
+
+        if ($user === null) {
+            $this->error('User with email "'.$email.'" not found.');
+
+            return self::FAILURE;
+        }
+
+        if ($user->hasVerifiedEmail()) {
+            $this->info('User with email "'.$email.'" already verified.');
+
+            return self::FAILURE;
+        }
+
+        $user->markEmailAsVerified();
+        event(new Verified($user));
+
+        $this->info('User with email "'.$email.'" has been verified.');
+
+        return self::SUCCESS;
+    }
+}
--- a/app/Console/Commands/Report/ReportSetExpiredToPrivateCommand.php
+++ b/app/Console/Commands/Report/ReportSetExpiredToPrivateCommand.php
@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Report;
+
+use App\Models\Report;
+use Illuminate\Console\Command;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Carbon;
+use LogicException;
+
+class ReportSetExpiredToPrivateCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'report:set-expired-to-private '.
+        ' { --dry-run : Do not actually save anything to the database, just output what would happen }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Makes public reports private if the public_until date has passed.';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $this->comment('Makes public reports private if the public_until date has passed...');
+        $dryRun = (bool) $this->option('dry-run');
+        if ($dryRun) {
+            $this->comment('Running in dry-run mode. Nothing will be saved to the database.');
+        }
+
+        $resetReports = 0;
+        Report::query()
+            ->where('public_until', '<', Carbon::now())
+            ->orderBy('created_at', 'asc')
+            ->chunk(500, function (Collection $reports) use ($dryRun, &$resetReports): void {
+                /** @var Collection<int, Report> $reports */
+                foreach ($reports as $report) {
+                    $publicUntil = $report->public_until;
+                    if ($publicUntil === null) {
+                        throw new LogicException('public_until should not be null');
+                    }
+                    $this->info('Make report "'.$report->name.'" ('.$report->getKey().') private, expired: '.
+                        $publicUntil->toIso8601ZuluString().' ('.$publicUntil->diffForHumans().')');
+                    $resetReports++;
+                    if (! $dryRun) {
+                        $report->is_public = false;
+                        $report->share_secret = null;
+                        $report->save();
+                    }
+                }
+            });
+
+        $this->comment('Finished setting '.$resetReports.' expired reports to private...');
+
+        return self::SUCCESS;
+    }
+}
--- a/app/Console/Commands/SelfHost/SelfHostCheckForUpdateCommand.php
+++ b/app/Console/Commands/SelfHost/SelfHostCheckForUpdateCommand.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\SelfHost;
+
+use App\Service\ApiService;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Cache;
+
+class SelfHostCheckForUpdateCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'self-host:check-for-update';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = '';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $apiService = app(ApiService::class);
+
+        $latestVersion = $apiService->checkForUpdate();
+        if ($latestVersion === null) {
+            $this->error('Failed to check for update, check the logs for more information.');
+
+            return self::FAILURE;
+        }
+
+        // Note: Cache for 13 hours, because the command runs twice daily (every 12 hours).
+        Cache::put('latest_version', $latestVersion, 60 * 60 * 12);
+
+        return self::SUCCESS;
+    }
+}
--- a/app/Console/Commands/SelfHost/SelfHostGenerateKeysCommand.php
+++ b/app/Console/Commands/SelfHost/SelfHostGenerateKeysCommand.php
@@ -18,6 +18,7 @@ class SelfHostGenerateKeysCommand extends Command
     */
    protected $signature = 'self-host:generate-keys
                { --length=4096 : The length of the passport private key }
+                { --multi-line : Whether to output the keys in multiple lines }
                { --format=env : The format of the output (env, yaml) }';

    /**
@@ -34,6 +35,7 @@ class SelfHostGenerateKeysCommand extends Command
    {
        $format = $this->option('format');
        $key = RSA::createKey((int) $this->option('length'));
+        $multiLine = (bool) $this->option('multi-line');

        $publicKey = (string) $key->getPublicKey();
        $privateKey = (string) $key;
@@ -41,12 +43,17 @@ class SelfHostGenerateKeysCommand extends Command

        if ($format === 'env') {
            $this->line('APP_KEY="'.$appKey.'"');
-            $this->line('PASSPORT_PRIVATE_KEY="'.$privateKey.'"');
-            $this->line('PASSPORT_PUBLIC_KEY="'.$publicKey.'"');
+            if ($multiLine) {
+                $this->line('PASSPORT_PRIVATE_KEY="'.Str::replace("\r\n", "\n", $privateKey).'"');
+                $this->line('PASSPORT_PUBLIC_KEY="'.Str::replace("\r\n", "\n", $publicKey).'"');
+            } else {
+                $this->line('PASSPORT_PRIVATE_KEY="'.Str::replace("\r\n", '\n', $privateKey).'"');
+                $this->line('PASSPORT_PUBLIC_KEY="'.Str::replace("\r\n", '\n', $publicKey).'"');
+            }
        } elseif ($format === 'yaml') {
            $this->line('APP_KEY: "'.$appKey.'"');
-            $this->line("PASSPORT_PRIVATE_KEY: |\n  ".Str::replace("\n", "\n  ", $privateKey));
-            $this->line("PASSPORT_PUBLIC_KEY: |\n  ".Str::replace("\n", "\n  ", $publicKey));
+            $this->line("PASSPORT_PRIVATE_KEY: |\n  ".Str::replace("\r\n", "\n  ", $privateKey));
+            $this->line("PASSPORT_PUBLIC_KEY: |\n  ".Str::replace("\r\n", "\n  ", $publicKey));
        } else {
            $this->error('Invalid format');

--- a/app/Console/Commands/SelfHost/SelfHostTelemetryCommand.php
+++ b/app/Console/Commands/SelfHost/SelfHostTelemetryCommand.php
@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\SelfHost;
+
+use App\Service\ApiService;
+use Illuminate\Console\Command;
+
+class SelfHostTelemetryCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'self-host:telemetry';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = '';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $apiService = app(ApiService::class);
+
+        $success = $apiService->telemetry();
+
+        if (! $success) {
+            $this->error('Failed to send telemetry data, check the logs for more information.');
+
+            return self::FAILURE;
+
+        }
+
+        return self::SUCCESS;
+    }
+}
--- a/app/Console/Commands/TimeEntry/TimeEntrySendStillRunningMailsCommand.php
+++ b/app/Console/Commands/TimeEntry/TimeEntrySendStillRunningMailsCommand.php
@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\TimeEntry;
+
+use App\Mail\TimeEntryStillRunningMail;
+use App\Models\TimeEntry;
+use App\Models\User;
+use Illuminate\Console\Command;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Mail;
+
+class TimeEntrySendStillRunningMailsCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'time-entry:send-still-running-mails '.
+        ' { --dry-run : Do not actually send emails or save anything to the database, just output what would happen }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Sends emails to users who have running time entries for more than 8 hours.';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $this->comment('Sending still running time entry emails...');
+        $dryRun = (bool) $this->option('dry-run');
+        if ($dryRun) {
+            $this->comment('Running in dry-run mode. No emails will be sent and nothing will be saved to the database.');
+        }
+
+        $sentMails = 0;
+        TimeEntry::query()
+            ->whereNull('end')
+            ->where('start', '<', now()->subHours(8))
+            ->whereNull('still_active_email_sent_at')
+            ->with([
+                'user',
+            ])
+            ->whereHas('user', function (Builder $query): void {
+                /** @var Builder<User> $query */
+                $query->where('is_placeholder', '=', false);
+            })
+            ->orderBy('created_at', 'asc')
+            ->chunk(500, function (Collection $timeEntries) use ($dryRun, &$sentMails): void {
+                /** @var Collection<int, TimeEntry> $timeEntries */
+                foreach ($timeEntries as $timeEntry) {
+                    $user = $timeEntry->user;
+                    $this->info('Start sending email to user "'.$user->email.'" ('.$user->getKey().') for time entry '.$timeEntry->getKey());
+                    $sentMails++;
+                    if (! $dryRun) {
+                        Mail::to($user->email)
+                            ->queue(new TimeEntryStillRunningMail($timeEntry, $user));
+                        $timeEntry->still_active_email_sent_at = Carbon::now();
+                        $timeEntry->save();
+                    }
+                }
+            });
+
+        $this->comment('Finished sending '.$sentMails.' still running time entry emails...');
+
+        return self::SUCCESS;
+    }
+}
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@@ -14,7 +14,17 @@ class Kernel extends ConsoleKernel
     */
    protected function schedule(Schedule $schedule): void
    {
-        // $schedule->command('inspire')->hourly();
+        $schedule->command('time-entry:send-still-running-mails')
+            ->when(fn (): bool => config('scheduling.tasks.time_entry_send_still_running_mails'))
+            ->everyTenMinutes();
+
+        $schedule->command('self-host:check-for-update')
+            ->when(fn (): bool => config('scheduling.tasks.self_hosting_check_for_update'))
+            ->twiceDaily();
+
+        $schedule->command('self-host:telemetry')
+            ->when(fn (): bool => config('scheduling.tasks.self_hosting_telemetry'))
+            ->twiceDaily();
    }

    /**
--- a/app/Enums/ExportFormat.php
+++ b/app/Enums/ExportFormat.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Maatwebsite\Excel\Excel;
+
+enum ExportFormat: string
+{
+    case CSV = 'csv';
+    case PDF = 'pdf';
+    case XLSX = 'xlsx';
+    case ODS = 'ods';
+
+    public function getFileExtension(): string
+    {
+        return match ($this) {
+            self::CSV => 'csv',
+            self::PDF => 'pdf',
+            self::XLSX => 'xlsx',
+            self::ODS => 'ods',
+        };
+    }
+
+    public function getExportPackageType(): string
+    {
+        return match ($this) {
+            self::CSV => Excel::CSV,
+            self::PDF => Excel::MPDF,
+            self::XLSX => Excel::XLSX,
+            self::ODS => Excel::ODS,
+        };
+    }
+}
--- a/app/Enums/TimeEntryAggregationType.php
+++ b/app/Enums/TimeEntryAggregationType.php
@@ -4,8 +4,12 @@ declare(strict_types=1);

 namespace App\Enums;

+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
 enum TimeEntryAggregationType: string
 {
+    use LaravelEnumHelper;
+
    case Day = 'day';
    case Week = 'week';
    case Month = 'month';
@@ -15,6 +19,17 @@ enum TimeEntryAggregationType: string
    case Task = 'task';
    case Client = 'client';
    case Billable = 'billable';
+    case Description = 'description';
+
+    public static function fromInterval(TimeEntryAggregationTypeInterval $timeEntryAggregationTypeInterval): TimeEntryAggregationType
+    {
+        return match ($timeEntryAggregationTypeInterval) {
+            TimeEntryAggregationTypeInterval::Day => TimeEntryAggregationType::Day,
+            TimeEntryAggregationTypeInterval::Week => TimeEntryAggregationType::Week,
+            TimeEntryAggregationTypeInterval::Month => TimeEntryAggregationType::Month,
+            TimeEntryAggregationTypeInterval::Year => TimeEntryAggregationType::Year,
+        };
+    }

    public function toInterval(): ?TimeEntryAggregationTypeInterval
    {
--- a/app/Enums/Weekday.php
+++ b/app/Enums/Weekday.php
@@ -4,10 +4,13 @@ declare(strict_types=1);

 namespace App\Enums;

+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
 use Illuminate\Support\Carbon;

 enum Weekday: string
 {
+    use LaravelEnumHelper;
+
    case Monday = 'monday';
    case Tuesday = 'tuesday';
    case Wednesday = 'wednesday';
--- a/app/Events/AfterCreateOrganization.php
+++ b/app/Events/AfterCreateOrganization.php
@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use App\Models\Organization;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+/**
+ * This event is fired after an organization has been created.
+ * This event does NOT fire when an organization is created as part of a registration.
+ */
+class AfterCreateOrganization
+{
+    use Dispatchable;
+    use SerializesModels;
+
+    public Organization $organization;
+
+    public function __construct(Organization $organization)
+    {
+        $this->organization = $organization;
+    }
+}
--- a/app/Events/MemberMadeToPlaceholder.php
+++ b/app/Events/MemberMadeToPlaceholder.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use App\Models\Member;
+use App\Models\Organization;
+use Illuminate\Foundation\Events\Dispatchable;
+
+class MemberMadeToPlaceholder
+{
+    use Dispatchable;
+
+    public Organization $organization;
+
+    public Member $member;
+
+    public function __construct(Member $member, Organization $organization)
+    {
+        $this->member = $member;
+        $this->organization = $organization;
+    }
+}
--- a/app/Events/MemberRemoved.php
+++ b/app/Events/MemberRemoved.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use App\Models\Member;
+use App\Models\Organization;
+use Illuminate\Foundation\Events\Dispatchable;
+
+class MemberRemoved
+{
+    use Dispatchable;
+
+    public Organization $organization;
+
+    public Member $member;
+
+    public function __construct(Member $member, Organization $organization)
+    {
+        $this->member = $member;
+        $this->organization = $organization;
+    }
+}
--- a/app/Exceptions/Api/FeatureIsNotAvailableInFreePlanApiException.php
+++ b/app/Exceptions/Api/FeatureIsNotAvailableInFreePlanApiException.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class FeatureIsNotAvailableInFreePlanApiException extends ApiException
+{
+    public const string KEY = 'feature_is_not_available_in_free_plan';
+}
--- a/app/Exceptions/Api/OrganizationHasNoSubscriptionButMultipleMembersException.php
+++ b/app/Exceptions/Api/OrganizationHasNoSubscriptionButMultipleMembersException.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class OrganizationHasNoSubscriptionButMultipleMembersException extends ApiException
+{
+    public const string KEY = 'organization_has_no_subscription_but_multiple_members';
+}
--- a/app/Exceptions/Api/PdfRendererIsNotConfiguredException.php
+++ b/app/Exceptions/Api/PdfRendererIsNotConfiguredException.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class PdfRendererIsNotConfiguredException extends ApiException
+{
+    public const string KEY = 'pdf_renderer_is_not_configured';
+}
--- a/app/Exceptions/Api/PersonalAccessClientIsNotConfiguredException.php
+++ b/app/Exceptions/Api/PersonalAccessClientIsNotConfiguredException.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class PersonalAccessClientIsNotConfiguredException extends ApiException
+{
+    public const string KEY = 'personal_access_client_is_not_configured';
+}
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -27,7 +27,7 @@ class Handler extends ExceptionHandler
     */
    public function register(): void
    {
-        $this->reportable(function (Throwable $e) {
+        $this->reportable(function (Throwable $e): void {
            //
        });
    }
--- a/app/Extensions/Auditing/Resolvers/CustomIpAddressResolver.php
+++ b/app/Extensions/Auditing/Resolvers/CustomIpAddressResolver.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Extensions\Auditing\Resolvers;
+
+use Illuminate\Support\Facades\Request;
+use OwenIt\Auditing\Contracts\Auditable;
+use OwenIt\Auditing\Contracts\Resolver;
+
+class CustomIpAddressResolver implements Resolver
+{
+    private static function anonymizeIpAddress(string $ipAddress): string
+    {
+        /** @source https://stackoverflow.com/a/48777412 */
+        return preg_replace(
+            ['/\.\d*$/', '/[\da-f]*:[\da-f]*$/'],
+            ['.0', '0:0'],
+            $ipAddress
+        );
+    }
+
+    public static function resolve(Auditable $auditable): string
+    {
+        $ip = $auditable->preloadedResolverData['ip_address'] ?? Request::ip();
+
+        if ($ip !== null) {
+            $ip = self::anonymizeIpAddress($ip);
+        }
+
+        return $ip;
+    }
+}
--- a/app/Extensions/Scramble/ApiExceptionTypeToSchema.php
+++ b/app/Extensions/Scramble/ApiExceptionTypeToSchema.php
@@ -24,20 +24,20 @@ class ApiExceptionTypeToSchema extends ExceptionToResponseExtension

    public function toResponse(Type $type): Response
    {
-        $validationResponseBodyType = (new OpenApiTypes\ObjectType())
+        $validationResponseBodyType = (new OpenApiTypes\ObjectType)
            ->addProperty(
                'error',
-                (new OpenApiTypes\BooleanType())
+                (new OpenApiTypes\BooleanType)
                    ->setDescription('Whether the response is an error.')
            )
            ->addProperty(
                'key',
-                (new OpenApiTypes\StringType())
+                (new OpenApiTypes\StringType)
                    ->setDescription('Error key.')
            )
            ->addProperty(
                'message',
-                (new OpenApiTypes\StringType())
+                (new OpenApiTypes\StringType)
                    ->setDescription('Error message.')
            )
            ->setRequired(['error', 'key', 'message']);
--- a/app/Extensions/Scramble/PaginatedResourceCollectionTypeToSchema.php
+++ b/app/Extensions/Scramble/PaginatedResourceCollectionTypeToSchema.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Extensions\Scramble;

 use App\Http\Resources\PaginatedResourceCollection;
+use App\Http\Resources\V1\TimeEntry\TimeEntryCollection;
 use Dedoc\Scramble\Extensions\TypeToSchemaExtension;
 use Dedoc\Scramble\Support\Generator\Response;
 use Dedoc\Scramble\Support\Generator\Schema;
@@ -27,13 +28,10 @@ class PaginatedResourceCollectionTypeToSchema extends TypeToSchemaExtension
            && $type->isInstanceOf(PaginatedResourceCollection::class);
    }

-    /**
-     * @param  Generic  $type
-     */
-    public function toResponse(Type $type): ?Response
+    public function toSchema(Type $type): ?OpenApiObjectType
    {
        /** @var Type|null $collectingClassType */
-        $collectingClassType = $type->templateTypes[0];
+        $collectingClassType = $type->templateTypes[0] ?? null;

        if (! $collectingClassType instanceof ObjectType) {
            return null;
@@ -47,37 +45,62 @@ class PaginatedResourceCollectionTypeToSchema extends TypeToSchemaExtension
            return null;
        }

-        $type = new OpenApiObjectType;
-        $type->addProperty('data', (new ArrayType())->setItems($collectingType));
-        $type->addProperty(
-            'links',
-            (new OpenApiObjectType)
-                ->addProperty('first', (new StringType)->nullable(true))
-                ->addProperty('last', (new StringType)->nullable(true))
-                ->addProperty('prev', (new StringType)->nullable(true))
-                ->addProperty('next', (new StringType)->nullable(true))
-                ->setRequired(['first', 'last', 'prev', 'next'])
-        );
-        $type->addProperty(
-            'meta',
-            (new OpenApiObjectType)
-                ->addProperty('current_page', new IntegerType)
-                ->addProperty('from', (new IntegerType)->nullable(true))
-                ->addProperty('last_page', new IntegerType)
-                ->addProperty('links', (new ArrayType)->setItems(
-                    (new OpenApiObjectType)
-                        ->addProperty('url', (new StringType)->nullable(true))
-                        ->addProperty('label', new StringType)
-                        ->addProperty('active', new BooleanType)
-                        ->setRequired(['url', 'label', 'active'])
-                )->setDescription('Generated paginator links.'))
-                ->addProperty('path', (new StringType)->nullable(true)->setDescription('Base path for paginator generated URLs.'))
-                ->addProperty('per_page', (new IntegerType)->setDescription('Number of items shown per page.'))
-                ->addProperty('to', (new IntegerType)->nullable(true)->setDescription('Number of the last item in the slice.'))
-                ->addProperty('total', (new IntegerType)->setDescription('Total number of items being paginated.'))
-                ->setRequired(['current_page', 'from', 'last_page', 'links', 'path', 'per_page', 'to', 'total'])
-        );
-        $type->setRequired(['data', 'links', 'meta']);
+        $newType = new OpenApiObjectType;
+        $newType->addProperty('data', (new ArrayType)->setItems($collectingType));
+        if ($type instanceof ObjectType && $type->isInstanceOf(TimeEntryCollection::class)) {
+            $newType->addProperty(
+                'meta',
+                (new OpenApiObjectType)
+                    ->addProperty('total', (new IntegerType)->setDescription('Total number of items being paginated.'))
+                    ->setRequired(['total'])
+            );
+            $newType->setRequired(['data', 'meta']);
+        } else {
+            $newType->addProperty(
+                'links',
+                (new OpenApiObjectType)
+                    ->addProperty('first', (new StringType)->nullable(true))
+                    ->addProperty('last', (new StringType)->nullable(true))
+                    ->addProperty('prev', (new StringType)->nullable(true))
+                    ->addProperty('next', (new StringType)->nullable(true))
+                    ->setRequired(['first', 'last', 'prev', 'next'])
+            );
+            $newType->addProperty(
+                'meta',
+                (new OpenApiObjectType)
+                    ->addProperty('current_page', new IntegerType)
+                    ->addProperty('from', (new IntegerType)->nullable(true))
+                    ->addProperty('last_page', new IntegerType)
+                    ->addProperty('links', (new ArrayType)->setItems(
+                        (new OpenApiObjectType)
+                            ->addProperty('url', (new StringType)->nullable(true))
+                            ->addProperty('label', new StringType)
+                            ->addProperty('active', new BooleanType)
+                            ->setRequired(['url', 'label', 'active'])
+                    )->setDescription('Generated paginator links.'))
+                    ->addProperty('path', (new StringType)->nullable(true)->setDescription('Base path for paginator generated URLs.'))
+                    ->addProperty('per_page', (new IntegerType)->setDescription('Number of items shown per page.'))
+                    ->addProperty('to', (new IntegerType)->nullable(true)->setDescription('Number of the last item in the slice.'))
+                    ->addProperty('total', (new IntegerType)->setDescription('Total number of items being paginated.'))
+                    ->setRequired(['current_page', 'from', 'last_page', 'links', 'path', 'per_page', 'to', 'total'])
+            );
+            $newType->setRequired(['data', 'links', 'meta']);
+        }
+
+        return $newType;
+    }
+
+    /**
+     * @param  Generic  $type
+     */
+    public function toResponse(Type $type): ?Response
+    {
+        /** @var ObjectType|null $collectingClassType */
+        $collectingClassType = $type->templateTypes[0] ?? null;
+        if (! $collectingClassType instanceof ObjectType) {
+            return null;
+        }
+        $type = $this->toSchema($type);

        return Response::make(200)
            ->description('Paginated set of `'.$this->components->uniqueSchemaName($collectingClassType->name).'`')
--- a/app/Filament/Resources/AuditResource.php
+++ b/app/Filament/Resources/AuditResource.php
@@ -0,0 +1,95 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Filament\Resources\AuditResource\Pages;
+use App\Models\Audit;
+use Filament\Forms;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Columns\IconColumn;
+use Filament\Tables\Table;
+use Illuminate\Support\Str;
+use Novadaemon\FilamentPrettyJson\PrettyJson;
+
+class AuditResource extends Resource
+{
+    protected static ?string $model = Audit::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-archive-box';
+
+    protected static ?string $navigationGroup = 'System';
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                Forms\Components\TextInput::make('user_type')
+                    ->maxLength(255),
+                Forms\Components\TextInput::make('user_id'),
+                Forms\Components\TextInput::make('event')
+                    ->required()
+                    ->maxLength(255),
+                Forms\Components\TextInput::make('auditable_type')
+                    ->required()
+                    ->maxLength(255),
+                Forms\Components\TextInput::make('auditable_id')
+                    ->required(),
+                PrettyJson::make('old_values'),
+                PrettyJson::make('new_values'),
+                Forms\Components\Textarea::make('url'),
+                Forms\Components\TextInput::make('ip_address'),
+                Forms\Components\TextInput::make('user_agent')
+                    ->maxLength(1023),
+                Forms\Components\TextInput::make('tags')
+                    ->maxLength(255),
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('user.name'),
+                Tables\Columns\TextColumn::make('event'),
+                Tables\Columns\TextColumn::make('auditable_type'),
+                Tables\Columns\TextColumn::make('auditable_id'),
+                IconColumn::make('was_command')
+                    ->getStateUsing(fn (Audit $record) => Str::startsWith($record->url, 'artisan '))
+                    ->boolean(),
+                Tables\Columns\TextColumn::make('created_at')
+                    ->sortable()
+                    ->dateTime(),
+                Tables\Columns\TextColumn::make('updated_at')
+                    ->sortable()
+                    ->dateTime(),
+            ])
+            ->filters([
+                //
+            ])
+            ->actions([
+                Tables\Actions\ViewAction::make(),
+            ])
+            ->bulkActions([
+            ])
+            ->defaultSort('created_at', 'desc');
+    }
+
+    public static function getRelations(): array
+    {
+        return [
+        ];
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ListAudits::route('/'),
+            'create' => Pages\CreateAudit::route('/create'),
+            'view' => Pages\ViewAudit::route('/{record}'),
+        ];
+    }
+}
--- a/app/Filament/Resources/AuditResource/Pages/CreateAudit.php
+++ b/app/Filament/Resources/AuditResource/Pages/CreateAudit.php
@@ -0,0 +1,13 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\AuditResource\Pages;
+
+use App\Filament\Resources\AuditResource;
+use Filament\Resources\Pages\CreateRecord;
+
+class CreateAudit extends CreateRecord
+{
+    protected static string $resource = AuditResource::class;
+}
--- a/app/Filament/Resources/AuditResource/Pages/ListAudits.php
+++ b/app/Filament/Resources/AuditResource/Pages/ListAudits.php
@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\AuditResource\Pages;
+
+use App\Filament\Resources\AuditResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListAudits extends ListRecords
+{
+    protected static string $resource = AuditResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [];
+    }
+}
--- a/app/Filament/Resources/AuditResource/Pages/ViewAudit.php
+++ b/app/Filament/Resources/AuditResource/Pages/ViewAudit.php
@@ -0,0 +1,13 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\AuditResource\Pages;
+
+use App\Filament\Resources\AuditResource;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewAudit extends ViewRecord
+{
+    protected static string $resource = AuditResource::class;
+}
--- a/app/Filament/Resources/ClientResource.php
+++ b/app/Filament/Resources/ClientResource.php
@@ -60,8 +60,13 @@ class ClientResource extends Resource
            ->defaultSort('created_at', 'desc')
            ->filters([
                SelectFilter::make('organization')
+                    ->label('Organization')
                    ->relationship('organization', 'name')
                    ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
            ])
            ->actions([
                Tables\Actions\EditAction::make(),
--- a/app/Filament/Resources/ClientResource/Pages/EditClient.php
+++ b/app/Filament/Resources/ClientResource/Pages/EditClient.php
@@ -15,7 +15,8 @@ class EditClient extends EditRecord
    protected function getHeaderActions(): array
    {
        return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
        ];
    }
 }
--- a/app/Filament/Resources/ClientResource/Pages/ListClients.php
+++ b/app/Filament/Resources/ClientResource/Pages/ListClients.php
@@ -15,7 +15,8 @@ class ListClients extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/FailedJobResource.php
+++ b/app/Filament/Resources/FailedJobResource.php
@@ -0,0 +1,115 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Filament\Resources\FailedJobResource\Pages\ListFailedJobs;
+use App\Filament\Resources\FailedJobResource\Pages\ViewFailedJobs;
+use App\Models\FailedJob;
+use Filament\Forms\Components\Textarea;
+use Filament\Forms\Components\TextInput;
+use Filament\Forms\Form;
+use Filament\Notifications\Notification;
+use Filament\Resources\Resource;
+use Filament\Tables\Actions\Action;
+use Filament\Tables\Actions\BulkAction;
+use Filament\Tables\Actions\DeleteAction;
+use Filament\Tables\Actions\ViewAction;
+use Filament\Tables\Columns\TextColumn;
+use Filament\Tables\Table;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Artisan;
+use Novadaemon\FilamentPrettyJson\PrettyJson;
+
+/**
+ * @source https://gitlab.com/amvisor/filament-failed-jobs
+ */
+class FailedJobResource extends Resource
+{
+    protected static ?string $model = FailedJob::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-exclamation-circle';
+
+    protected static ?string $navigationGroup = 'System';
+
+    public static function getNavigationBadge(): ?string
+    {
+        return (string) FailedJob::query()->count();
+    }
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                TextInput::make('uuid')->disabled()->columnSpan(4),
+                TextInput::make('failed_at')->disabled(),
+                TextInput::make('id')->disabled(),
+                TextInput::make('connection')->disabled(),
+                TextInput::make('queue')->disabled(),
+
+                // make text a little bit smaller because often a complete Stack Trace is shown:
+                TextArea::make('exception')->disabled()->columnSpan(4)->extraInputAttributes(['style' => 'font-size: 80%;']),
+                PrettyJson::make('payload')->disabled()->columnSpan(4),
+            ])->columns(4);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->defaultSort('id', 'desc')
+            ->columns([
+                TextColumn::make('id')->sortable()->searchable()->toggleable(),
+                TextColumn::make('failed_at')->sortable()->searchable(false)->toggleable(),
+                TextColumn::make('exception')
+                    ->sortable()
+                    ->searchable()
+                    ->toggleable()
+                    ->wrap()
+                    ->limit(200)
+                    ->tooltip(fn (FailedJob $record) => "{$record->failed_at} UUID: {$record->uuid}; Connection: {$record->connection}; Queue: {$record->queue};"),
+                TextColumn::make('uuid')->sortable()->searchable()->toggleable(isToggledHiddenByDefault: true),
+                TextColumn::make('connection')->sortable()->searchable()->toggleable(isToggledHiddenByDefault: true),
+                TextColumn::make('queue')->sortable()->searchable()->toggleable(isToggledHiddenByDefault: true),
+            ])
+            ->filters([])
+            ->bulkActions([
+                BulkAction::make('retry')
+                    ->label('Retry')
+                    ->requiresConfirmation()
+                    ->action(function (Collection $records): void {
+                        /** @var FailedJob $record */
+                        foreach ($records as $record) {
+                            Artisan::call("queue:retry {$record->uuid}");
+                        }
+                        Notification::make()
+                            ->title("{$records->count()} jobs have been pushed back onto the queue.")
+                            ->success()
+                            ->send();
+                    }),
+            ])
+            ->actions([
+                DeleteAction::make('Delete'),
+                ViewAction::make('View'),
+                Action::make('retry')
+                    ->label('Retry')
+                    ->requiresConfirmation()
+                    ->action(function (FailedJob $record): void {
+                        Artisan::call("queue:retry {$record->uuid}");
+                        Notification::make()
+                            ->title("The job with uuid '{$record->uuid}' has been pushed back onto the queue.")
+                            ->success()
+                            ->send();
+                    }),
+            ]);
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => ListFailedJobs::route('/'),
+            'view' => ViewFailedJobs::route('/{record}'),
+
+        ];
+    }
+}
--- a/app/Filament/Resources/FailedJobResource/Pages/ListFailedJobs.php
+++ b/app/Filament/Resources/FailedJobResource/Pages/ListFailedJobs.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\FailedJobResource\Pages;
+
+use App\Filament\Resources\FailedJobResource;
+use App\Models\FailedJob;
+use Filament\Notifications\Notification;
+use Filament\Pages\Actions\Action;
+use Filament\Resources\Pages\ListRecords;
+use Illuminate\Support\Facades\Artisan;
+
+class ListFailedJobs extends ListRecords
+{
+    protected static string $resource = FailedJobResource::class;
+
+    public function getHeaderActions(): array
+    {
+        return [
+            Action::make('retry_all')
+                ->label('Retry all failed Jobs')
+                ->requiresConfirmation()
+                ->action(function (): void {
+                    Artisan::call('queue:retry all');
+                    Notification::make()
+                        ->title('All failed jobs have been pushed back onto the queue.')
+                        ->success()
+                        ->send();
+                }),
+
+            Action::make('delete_all')
+                ->label('Delete all failed Jobs')
+                ->requiresConfirmation()
+                ->color('danger')
+                ->action(function (): void {
+                    FailedJob::truncate();
+                    Notification::make()
+                        ->title('All failed jobs have been removed.')
+                        ->success()
+                        ->send();
+                }),
+        ];
+    }
+}
--- a/app/Filament/Resources/FailedJobResource/Pages/ViewFailedJobs.php
+++ b/app/Filament/Resources/FailedJobResource/Pages/ViewFailedJobs.php
@@ -0,0 +1,13 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\FailedJobResource\Pages;
+
+use App\Filament\Resources\FailedJobResource;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewFailedJobs extends ViewRecord
+{
+    protected static string $resource = FailedJobResource::class;
+}
--- a/app/Filament/Resources/OrganizationInvitationResource.php
+++ b/app/Filament/Resources/OrganizationInvitationResource.php
@@ -0,0 +1,114 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Enums\Role;
+use App\Filament\Resources\OrganizationInvitationResource\Pages;
+use App\Models\OrganizationInvitation;
+use App\Service\OrganizationInvitationService;
+use Filament\Forms;
+use Filament\Forms\Components\Select;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Table;
+use Illuminate\Support\Collection;
+
+class OrganizationInvitationResource extends Resource
+{
+    protected static ?string $model = OrganizationInvitation::class;
+
+    protected static ?string $label = 'Invitations';
+
+    protected static ?string $navigationIcon = 'heroicon-o-user-plus';
+
+    protected static ?string $navigationGroup = 'Users';
+
+    protected static ?int $navigationSort = 9;
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->columns(1)
+            ->schema([
+                Forms\Components\TextInput::make('email')
+                    ->label('Email')
+                    ->disabledOn(['edit'])
+                    ->required(),
+                Select::make('role')
+                    ->options(Role::class),
+                Forms\Components\Select::make('organization_id')
+                    ->label('Organization')
+                    ->relationship(name: 'organization', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->disabledOn(['edit'])
+                    ->required(),
+                Forms\Components\DateTimePicker::make('created_at')
+                    ->label('Created At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('updated_at')
+                    ->label('Updated At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('organization.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('email')
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('role'),
+                Tables\Columns\TextColumn::make('created_at')
+                    ->label('Created At')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('updated_at')
+                    ->label('Updated At')
+                    ->dateTime()
+                    ->sortable()
+                    ->toggleable(isToggledHiddenByDefault: true),
+            ])
+            ->defaultSort('created_at', 'desc')
+            ->filters([
+                //
+            ])
+            ->actions([
+                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\BulkActionGroup::make([
+                    Tables\Actions\BulkAction::make('resend')
+                        ->label('Resend')
+                        ->action(function (Collection $records): void {
+                            foreach ($records as $organizationInvite) {
+                                app(OrganizationInvitationService::class)->resend($organizationInvite);
+                            }
+                        }),
+                ]),
+            ]);
+    }
+
+    public static function getRelations(): array
+    {
+        return [
+        ];
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ListOrganizationInvitations::route('/'),
+            'edit' => Pages\EditOrganizationInvitation::route('/{record}/edit'),
+            'view' => Pages\ViewOrganizationInvitation::route('/{record}'),
+        ];
+    }
+}
--- a/app/Filament/Resources/OrganizationInvitationResource/Pages/EditOrganizationInvitation.php
+++ b/app/Filament/Resources/OrganizationInvitationResource/Pages/EditOrganizationInvitation.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationInvitationResource\Pages;
+
+use App\Filament\Resources\OrganizationInvitationResource;
+use Filament\Actions;
+use Filament\Resources\Pages\EditRecord;
+
+class EditOrganizationInvitation extends EditRecord
+{
+    protected static string $resource = OrganizationInvitationResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
+        ];
+    }
+}
--- a/app/Filament/Resources/OrganizationInvitationResource/Pages/ListOrganizationInvitations.php
+++ b/app/Filament/Resources/OrganizationInvitationResource/Pages/ListOrganizationInvitations.php
@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationInvitationResource\Pages;
+
+use App\Filament\Resources\OrganizationInvitationResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListOrganizationInvitations extends ListRecords
+{
+    protected static string $resource = OrganizationInvitationResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}
--- a/app/Filament/Resources/OrganizationInvitationResource/Pages/ViewOrganizationInvitation.php
+++ b/app/Filament/Resources/OrganizationInvitationResource/Pages/ViewOrganizationInvitation.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationInvitationResource\Pages;
+
+use App\Filament\Resources\OrganizationInvitationResource;
+use Filament\Actions\EditAction;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewOrganizationInvitation extends ViewRecord
+{
+    protected static string $resource = OrganizationInvitationResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            EditAction::make('edit')
+                ->icon('heroicon-s-pencil'),
+        ];
+    }
+}
--- a/app/Filament/Resources/OrganizationResource.php
+++ b/app/Filament/Resources/OrganizationResource.php
@@ -5,8 +5,11 @@ declare(strict_types=1);
 namespace App\Filament\Resources;

 use App\Filament\Resources\OrganizationResource\Pages;
+use App\Filament\Resources\OrganizationResource\RelationManagers\InvitationsRelationManager;
 use App\Filament\Resources\OrganizationResource\RelationManagers\UsersRelationManager;
 use App\Models\Organization;
+use App\Service\DeletionService;
+use App\Service\Export\ExportService;
 use App\Service\Import\Importers\ImporterProvider;
 use App\Service\Import\Importers\ImportException;
 use App\Service\Import\Importers\ReportDto;
@@ -45,10 +48,13 @@ class OrganizationResource extends Resource
                    ->maxLength(255),
                Forms\Components\Toggle::make('personal_team')
                    ->label('Is personal?')
+                    ->hiddenOn(['create'])
                    ->required(),
                Forms\Components\Select::make('user_id')
+                    ->label('Owner')
                    ->relationship(name: 'owner', titleAttribute: 'email')
                    ->searchable(['name', 'email'])
+                    ->disabledOn(['edit'])
                    ->required(),
                Forms\Components\Select::make('currency')
                    ->label('Currency')
@@ -61,6 +67,7 @@ class OrganizationResource extends Resource

                        return $select;
                    })
+                    ->required()
                    ->searchable(),
                Forms\Components\TextInput::make('billable_rate')
                    ->label('Billable rate (in Cents)')
@@ -69,13 +76,16 @@ class OrganizationResource extends Resource
                        'nullable',
                        'integer',
                        'gt:0',
+                        'max:2147483647',
                    ])
                    ->numeric(),
                Forms\Components\DateTimePicker::make('created_at')
                    ->label('Created At')
+                    ->hiddenOn(['create'])
                    ->disabled(),
                Forms\Components\DateTimePicker::make('updated_at')
                    ->label('Updated At')
+                    ->hiddenOn(['create'])
                    ->disabled(),
            ]);
    }
@@ -95,7 +105,7 @@ class OrganizationResource extends Resource
                    ->sortable(),
                Tables\Columns\TextColumn::make('currency'),
                TextColumn::make('billable_rate')
-                    ->money(fn (Organization $resource) => $resource->currency ?? 'EUR', divideBy: 100),
+                    ->money(fn (Organization $resource) => $resource->currency, divideBy: 100),
                Tables\Columns\TextColumn::make('created_at')
                    ->dateTime()
                    ->sortable(),
@@ -110,9 +120,37 @@ class OrganizationResource extends Resource
            ])
            ->actions([
                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make()
+                    ->using(function (Organization $record): void {
+                        app(DeletionService::class)->deleteOrganization($record);
+                    }),
+                Action::make('Export')
+                    ->icon('heroicon-o-arrow-down-tray')
+                    ->action(function (Organization $record) {
+                        try {
+                            $file = app(ExportService::class)->export($record);
+                            Notification::make()
+                                ->title('Export successful')
+                                ->success()
+                                ->persistent()
+                                ->send();
+
+                            return response()->streamDownload(function () use ($file): void {
+                                echo Storage::disk(config('filesystems.private'))->get($file);
+                            }, 'export.zip');
+                        } catch (\Exception $exception) {
+                            report($exception);
+                            Notification::make()
+                                ->title('Export failed')
+                                ->danger()
+                                ->body('Message: '.$exception->getMessage())
+                                ->persistent()
+                                ->send();
+                        }
+                    }),
                Action::make('Import')
                    ->icon('heroicon-o-inbox-arrow-down')
-                    ->action(function (Organization $record, array $data) {
+                    ->action(function (Organization $record, array $data): void {
                        try {
                            $file = Storage::disk(config('filament.default_filesystem_disk'))->get($data['file']);
                            if ($file === null) {
@@ -173,8 +211,6 @@ class OrganizationResource extends Resource
                    ]),
            ])
            ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                ]),
            ]);
    }

@@ -182,6 +218,7 @@ class OrganizationResource extends Resource
    {
        return [
            UsersRelationManager::class,
+            InvitationsRelationManager::class,
        ];
    }

--- a/app/Filament/Resources/OrganizationResource/Actions/DeleteOrganization.php
+++ b/app/Filament/Resources/OrganizationResource/Actions/DeleteOrganization.php
@@ -15,7 +15,6 @@ class DeleteOrganization extends DeleteAction
    protected function setUp(): void
    {
        parent::setUp();
-        // TODO: check why setting the icon is necessary
        $this->icon('heroicon-m-trash');
        $this->action(function (): void {
            $result = $this->process(function (Organization $record): bool {
--- a/app/Filament/Resources/OrganizationResource/Pages/CreateOrganization.php
+++ b/app/Filament/Resources/OrganizationResource/Pages/CreateOrganization.php
@@ -4,10 +4,33 @@ declare(strict_types=1);

 namespace App\Filament\Resources\OrganizationResource\Pages;

+use App\Enums\Role;
 use App\Filament\Resources\OrganizationResource;
+use App\Models\Organization;
 use Filament\Resources\Pages\CreateRecord;

 class CreateOrganization extends CreateRecord
 {
    protected static string $resource = OrganizationResource::class;
+
+    protected function mutateFormDataBeforeCreate(array $data): array
+    {
+        $data['personal_team'] = false;
+
+        return $data;
+    }
+
+    protected function afterCreate(): void
+    {
+        /** @var Organization $organization */
+        $organization = $this->record;
+
+        $user = $organization->owner;
+
+        $organization->users()->attach(
+            $user, [
+                'role' => Role::Owner->value,
+            ]
+        );
+    }
 }
--- a/app/Filament/Resources/OrganizationResource/Pages/ListOrganizations.php
+++ b/app/Filament/Resources/OrganizationResource/Pages/ListOrganizations.php
@@ -15,7 +15,8 @@ class ListOrganizations extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/OrganizationResource/RelationManagers/InvitationsRelationManager.php
+++ b/app/Filament/Resources/OrganizationResource/RelationManagers/InvitationsRelationManager.php
@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationResource\RelationManagers;
+
+use App\Enums\Role;
+use App\Filament\Resources\OrganizationInvitationResource;
+use App\Models\Organization;
+use App\Models\OrganizationInvitation;
+use App\Service\InvitationService;
+use Filament\Forms\Components\Select;
+use Filament\Forms\Components\TextInput;
+use Filament\Forms\Form;
+use Filament\Resources\RelationManagers\RelationManager;
+use Filament\Tables;
+use Filament\Tables\Actions\Action;
+use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Validation\Rule;
+
+class InvitationsRelationManager extends RelationManager
+{
+    protected static string $relationship = 'teamInvitations';
+
+    protected static ?string $title = 'Invitations';
+
+    public function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                TextInput::make('email')
+                    ->label('Email')
+                    ->disabledOn(['edit'])
+                    ->required(),
+                Select::make('role')
+                    ->options(Role::class)
+                    ->label('Role')
+                    ->rules([
+                        'required',
+                        'string',
+                        Rule::enum(Role::class)
+                            ->except([Role::Owner, Role::Placeholder]),
+                    ])
+                    ->required(),
+            ]);
+    }
+
+    public function table(Table $table): Table
+    {
+        return $table
+            ->recordTitleAttribute('email')
+            ->modelLabel('Invitation')
+            ->pluralModelLabel('Invitations')
+            ->columns([
+                Tables\Columns\TextColumn::make('email'),
+                Tables\Columns\TextColumn::make('role'),
+            ])
+            ->headerActions([
+                Tables\Actions\CreateAction::make()
+                    ->icon('heroicon-s-plus')
+                    ->using(function (array $data, string $model): Model {
+                        /** @var Organization $ownerRecord */
+                        $ownerRecord = $this->getOwnerRecord();
+
+                        return app(InvitationService::class)
+                            ->inviteUser($ownerRecord, $data['email'], Role::from($data['role']));
+                    }),
+            ])
+            ->actions([
+                Action::make('view')
+                    ->icon('heroicon-o-eye')
+                    ->color('gray')
+                    ->url(fn (OrganizationInvitation $record): string => OrganizationInvitationResource::getUrl('view', [
+                        'record' => $record->getKey(),
+                    ])),
+                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\BulkActionGroup::make([
+                    Tables\Actions\DetachBulkAction::make(),
+                ]),
+            ]);
+    }
+}
--- a/app/Filament/Resources/OrganizationResource/RelationManagers/UsersRelationManager.php
+++ b/app/Filament/Resources/OrganizationResource/RelationManagers/UsersRelationManager.php
@@ -5,17 +5,24 @@ declare(strict_types=1);
 namespace App\Filament\Resources\OrganizationResource\RelationManagers;

 use App\Enums\Role;
+use App\Exceptions\Api\ApiException;
 use App\Filament\Resources\UserResource;
+use App\Models\Member;
+use App\Models\Organization;
 use App\Models\User;
+use App\Service\BillableRateService;
+use App\Service\MemberService;
 use Filament\Forms\Components\Select;
 use Filament\Forms\Components\TextInput;
 use Filament\Forms\Form;
+use Filament\Notifications\Notification;
 use Filament\Resources\RelationManagers\RelationManager;
 use Filament\Tables;
 use Filament\Tables\Actions\Action;
 use Filament\Tables\Actions\AttachAction;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Table;
+use Illuminate\Validation\Rule;

 class UsersRelationManager extends RelationManager
 {
@@ -36,20 +43,40 @@ class UsersRelationManager extends RelationManager

    public function table(Table $table): Table
    {
+        /** @var Organization $organization */
+        $organization = $this->getOwnerRecord();
+
        return $table
            ->recordTitleAttribute('name')
            ->columns([
                Tables\Columns\TextColumn::make('name'),
                Tables\Columns\TextColumn::make('role'),
                TextColumn::make('billable_rate')
-                    ->money($this->getOwnerRecord()->currency ?? 'EUR', divideBy: 100),
+                    ->money($organization->currency, divideBy: 100),
            ])
            ->headerActions([
-                Tables\Actions\AttachAction::make()->form(fn (AttachAction $action): array => [
-                    $action->getRecordSelect(),
-                    Select::make('role')
-                        ->options(Role::class),
-                ]),
+                Tables\Actions\AttachAction::make()
+                    ->recordTitle(fn (User $record): string => "{$record->name} ({$record->email})")
+                    ->form(fn (AttachAction $action): array => [
+                        $action->getRecordSelect(),
+                        Select::make('role')
+                            ->required()
+                            ->options(Role::class)
+                            ->rule([
+                                'required',
+                                'string',
+                                Rule::enum(Role::class)
+                                    ->except([Role::Owner, Role::Placeholder]),
+                            ]),
+                    ])
+                    ->label('Add user')
+                    ->modalHeading('Add user')
+                    ->icon('heroicon-s-plus')
+                    ->using(function (User $record, array $data): void {
+                        /** @var Organization $organization */
+                        $organization = $this->getOwnerRecord();
+                        app(MemberService::class)->addMember($record, $organization, Role::from($data['role']), true);
+                    }),
            ])
            ->actions([
                Action::make('view')
@@ -58,13 +85,55 @@ class UsersRelationManager extends RelationManager
                    ->url(fn (User $record): string => UserResource::getUrl('view', [
                        'record' => $record->getKey(),
                    ])),
-                Tables\Actions\EditAction::make(),
-                Tables\Actions\DetachAction::make(),
+                Tables\Actions\EditAction::make()
+                    ->using(function (User $record, array $data): User {
+                        /** @var Organization $organization */
+                        $organization = $this->getOwnerRecord();
+                        /** @var Member $member */
+                        $member = $record->getRelation('membership');
+
+                        if ($data['billable_rate'] !== $member->billable_rate) {
+                            $member->billable_rate = $data['billable_rate'];
+                            app(BillableRateService::class)->updateTimeEntriesBillableRateForMember($member);
+                        }
+
+                        if ($data['role'] !== $member->role) {
+                            try {
+                                app(MemberService::class)->changeRole($member, $organization, Role::from($data['role']), true);
+                            } catch (ApiException $exception) {
+                                Notification::make()
+                                    ->danger()
+                                    ->title('Update failed')
+                                    ->body($exception->getTranslatedMessage())
+                                    ->persistent()
+                                    ->send();
+                            }
+                        }
+                        $member->save();
+
+                        return $record;
+                    }),
+                Tables\Actions\DetachAction::make()
+                    ->using(function (User $record): void {
+                        /** @var Organization $organization */
+                        $organization = $this->getOwnerRecord();
+                        $member = Member::query()
+                            ->whereBelongsTo($record, 'user')
+                            ->whereBelongsTo($organization, 'organization')
+                            ->firstOrFail();
+                        try {
+                            app(MemberService::class)->removeMember($member, $organization);
+                        } catch (ApiException $exception) {
+                            Notification::make()
+                                ->danger()
+                                ->title('Delete failed')
+                                ->body($exception->getTranslatedMessage())
+                                ->persistent()
+                                ->send();
+                        }
+                    }),
            ])
            ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                    Tables\Actions\DetachBulkAction::make(),
-                ]),
            ]);
    }
 }
--- a/app/Filament/Resources/ProjectMemberResource.php
+++ b/app/Filament/Resources/ProjectMemberResource.php
@@ -29,6 +29,7 @@ class ProjectMemberResource extends Resource
                        'nullable',
                        'integer',
                        'gt:0',
+                        'max:2147483647',
                    ])
                    ->numeric(),
                Forms\Components\Select::make('user_id')
--- a/app/Filament/Resources/ProjectMemberResource/Pages/EditProjectMember.php
+++ b/app/Filament/Resources/ProjectMemberResource/Pages/EditProjectMember.php
@@ -15,7 +15,8 @@ class EditProjectMember extends EditRecord
    protected function getHeaderActions(): array
    {
        return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
        ];
    }
 }
--- a/app/Filament/Resources/ProjectMemberResource/Pages/ListProjectMembers.php
+++ b/app/Filament/Resources/ProjectMemberResource/Pages/ListProjectMembers.php
@@ -15,7 +15,8 @@ class ListProjectMembers extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/ProjectResource.php
+++ b/app/Filament/Resources/ProjectResource.php
@@ -45,6 +45,7 @@ class ProjectResource extends Resource
                        'nullable',
                        'integer',
                        'gt:0',
+                        'max:2147483647',
                    ])
                    ->numeric(),
                Forms\Components\Select::make('organization_id')
@@ -71,8 +72,13 @@ class ProjectResource extends Resource
            ])
            ->filters([
                SelectFilter::make('organization')
+                    ->label('Organization')
                    ->relationship('organization', 'name')
                    ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
            ])
            ->defaultSort('created_at', 'desc')
            ->actions([
--- a/app/Filament/Resources/ProjectResource/Pages/EditProject.php
+++ b/app/Filament/Resources/ProjectResource/Pages/EditProject.php
@@ -15,7 +15,8 @@ class EditProject extends EditRecord
    protected function getHeaderActions(): array
    {
        return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
        ];
    }
 }
--- a/app/Filament/Resources/ProjectResource/Pages/ListProjects.php
+++ b/app/Filament/Resources/ProjectResource/Pages/ListProjects.php
@@ -15,7 +15,8 @@ class ListProjects extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/ReportResource.php
+++ b/app/Filament/Resources/ReportResource.php
@@ -0,0 +1,141 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Filament\Resources\ReportResource\Pages;
+use App\Models\Report;
+use App\Service\Dto\ReportPropertiesDto;
+use Filament\Forms;
+use Filament\Forms\Components\DateTimePicker;
+use Filament\Forms\Components\Toggle;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Actions\Action;
+use Filament\Tables\Columns\TextColumn;
+use Filament\Tables\Columns\ToggleColumn;
+use Filament\Tables\Filters\SelectFilter;
+use Filament\Tables\Table;
+use Novadaemon\FilamentPrettyJson\PrettyJson;
+
+class ReportResource extends Resource
+{
+    protected static ?string $model = Report::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-document-chart-bar';
+
+    protected static ?string $navigationGroup = 'Timetracking';
+
+    protected static ?int $navigationSort = 7;
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->columns(1)
+            ->schema([
+                Forms\Components\TextInput::make('name')
+                    ->label('Name')
+                    ->required()
+                    ->maxLength(255),
+                Forms\Components\TextInput::make('description')
+                    ->label('Description')
+                    ->nullable()
+                    ->maxLength(255),
+                Toggle::make('is_public')
+                    ->label('Is public?')
+                    ->required(),
+                DateTimePicker::make('public_until')
+                    ->label('Public until')
+                    ->nullable(),
+                Forms\Components\Select::make('organization_id')
+                    ->label('Organization')
+                    ->relationship(name: 'organization', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->disabled()
+                    ->required(),
+                Forms\Components\TextInput::make('share_secret')
+                    ->label('Share Secret')
+                    ->nullable(),
+                PrettyJson::make('properties')
+                    ->formatStateUsing(function (ReportPropertiesDto $state, Report $record): string {
+                        return $record->getRawOriginal('properties');
+                    })
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('created_at')
+                    ->label('Created At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('updated_at')
+                    ->label('Updated At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('description')
+                    ->searchable()
+                    ->sortable(),
+                ToggleColumn::make('is_public')
+                    ->label('Is public?')
+                    ->sortable(),
+                TextColumn::make('organization.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('created_at')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('updated_at')
+                    ->dateTime()
+                    ->sortable()
+                    ->toggleable(isToggledHiddenByDefault: true),
+            ])
+            ->defaultSort('created_at', 'desc')
+            ->filters([
+                SelectFilter::make('organization')
+                    ->label('Organization')
+                    ->relationship('organization', 'name')
+                    ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
+            ])
+            ->actions([
+                Action::make('public-view')
+                    ->label('Public')
+                    ->icon('heroicon-o-eye')
+                    ->color('gray')
+                    ->hidden(fn (Report $record): bool => $record->getShareableLink() === null)
+                    ->url(fn (Report $record): string => $record->getShareableLink(), true),
+                Tables\Actions\ViewAction::make(),
+                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+            ]);
+    }
+
+    public static function getRelations(): array
+    {
+        return [
+        ];
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ListReports::route('/'),
+            'edit' => Pages\EditReport::route('/{record}/edit'),
+            'view' => Pages\ViewReport::route('/{record}'),
+        ];
+    }
+}
--- a/app/Filament/Resources/ReportResource/Pages/EditReport.php
+++ b/app/Filament/Resources/ReportResource/Pages/EditReport.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\ReportResource\Pages;
+
+use App\Filament\Resources\ReportResource;
+use Filament\Actions;
+use Filament\Resources\Pages\EditRecord;
+
+class EditReport extends EditRecord
+{
+    protected static string $resource = ReportResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
+        ];
+    }
+}
--- a/app/Filament/Resources/ReportResource/Pages/ListReports.php
+++ b/app/Filament/Resources/ReportResource/Pages/ListReports.php
@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\ReportResource\Pages;
+
+use App\Filament\Resources\ReportResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListReports extends ListRecords
+{
+    protected static string $resource = ReportResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}
--- a/app/Filament/Resources/ReportResource/Pages/ViewReport.php
+++ b/app/Filament/Resources/ReportResource/Pages/ViewReport.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\ReportResource\Pages;
+
+use App\Filament\Resources\ReportResource;
+use Filament\Actions\EditAction;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewReport extends ViewRecord
+{
+    protected static string $resource = ReportResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            EditAction::make('edit')
+                ->icon('heroicon-s-pencil'),
+        ];
+    }
+}
--- a/app/Filament/Resources/TagResource.php
+++ b/app/Filament/Resources/TagResource.php
@@ -60,8 +60,13 @@ class TagResource extends Resource
            ->defaultSort('created_at', 'desc')
            ->filters([
                SelectFilter::make('organization')
+                    ->label('Organization')
                    ->relationship('organization', 'name')
                    ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
            ])
            ->actions([
                Tables\Actions\EditAction::make(),
--- a/app/Filament/Resources/TagResource/Pages/EditTag.php
+++ b/app/Filament/Resources/TagResource/Pages/EditTag.php
@@ -15,7 +15,8 @@ class EditTag extends EditRecord
    protected function getHeaderActions(): array
    {
        return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
        ];
    }
 }
--- a/app/Filament/Resources/TagResource/Pages/ListTags.php
+++ b/app/Filament/Resources/TagResource/Pages/ListTags.php
@@ -15,7 +15,8 @@ class ListTags extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/TaskResource.php
+++ b/app/Filament/Resources/TaskResource.php
@@ -61,8 +61,13 @@ class TaskResource extends Resource
            ])
            ->filters([
                SelectFilter::make('organization')
+                    ->label('Organization')
                    ->relationship('organization', 'name')
                    ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
            ])
            ->defaultSort('created_at', 'desc')
            ->actions([
--- a/app/Filament/Resources/TaskResource/Pages/EditTask.php
+++ b/app/Filament/Resources/TaskResource/Pages/EditTask.php
@@ -15,7 +15,8 @@ class EditTask extends EditRecord
    protected function getHeaderActions(): array
    {
        return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
        ];
    }
 }
--- a/app/Filament/Resources/TaskResource/Pages/ListTasks.php
+++ b/app/Filament/Resources/TaskResource/Pages/ListTasks.php
@@ -15,7 +15,8 @@ class ListTasks extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/TimeEntryResource.php
+++ b/app/Filament/Resources/TimeEntryResource.php
@@ -49,7 +49,7 @@ class TimeEntryResource extends Resource
                    ->label('End')
                    ->nullable()
                    ->rules([
-                        'after:start',
+                        'after_or_equal:start',
                    ]),
                Select::make('user_id')
                    ->relationship(name: 'user', titleAttribute: 'email')
@@ -92,8 +92,13 @@ class TimeEntryResource extends Resource
            ])
            ->filters([
                SelectFilter::make('organization')
+                    ->label('Organization')
                    ->relationship('organization', 'name')
                    ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
            ])
            ->defaultSort('created_at', 'desc')
            ->actions([
--- a/app/Filament/Resources/TimeEntryResource/Pages/EditTimeEntry.php
+++ b/app/Filament/Resources/TimeEntryResource/Pages/EditTimeEntry.php
@@ -15,7 +15,8 @@ class EditTimeEntry extends EditRecord
    protected function getHeaderActions(): array
    {
        return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
        ];
    }
 }
--- a/app/Filament/Resources/TimeEntryResource/Pages/ListTimeEntries.php
+++ b/app/Filament/Resources/TimeEntryResource/Pages/ListTimeEntries.php
@@ -15,7 +15,8 @@ class ListTimeEntries extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/TokenResource.php
+++ b/app/Filament/Resources/TokenResource.php
@@ -0,0 +1,148 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Filament\Resources\TokenResource\Pages;
+use App\Models\Passport\Client;
+use App\Models\Passport\Token;
+use Filament\Forms;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Filters\TernaryFilter;
+use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Builder;
+
+class TokenResource extends Resource
+{
+    protected static ?string $model = Token::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-key';
+
+    protected static ?string $navigationGroup = 'Auth';
+
+    protected static ?int $navigationSort = 6;
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->columns(1)
+            ->schema([
+                Forms\Components\TextInput::make('id')
+                    ->label('ID')
+                    ->disabled()
+                    ->visibleOn(['update', 'show'])
+                    ->readOnly()
+                    ->maxLength(255),
+                Forms\Components\TextInput::make('name')
+                    ->label('Name')
+                    ->required()
+                    ->maxLength(255),
+                Forms\Components\Select::make('user_id')
+                    ->label('User')
+                    ->relationship(name: 'user', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->disabled()
+                    ->required(),
+                Forms\Components\Select::make('client_id')
+                    ->label('Client')
+                    ->relationship(name: 'client', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->required(),
+                Forms\Components\Toggle::make('revoked')
+                    ->label('Revoked')
+                    ->required(),
+                Forms\Components\DateTimePicker::make('expires_at')
+                    ->label('Expires At')
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('created_at')
+                    ->label('Created At')
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('updated_at')
+                    ->label('Updated At')
+                    ->disabled(),
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('user.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('client.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\IconColumn::make('client.personal_access_client')
+                    ->boolean()
+                    ->label('API token?')
+                    ->sortable(),
+                Tables\Columns\IconColumn::make('revoked')
+                    ->boolean()
+                    ->label('Revoked?')
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('expires_at')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('created_at')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('updated_at')
+                    ->dateTime()
+                    ->sortable()
+                    ->toggleable(isToggledHiddenByDefault: true),
+            ])
+            ->defaultSort('created_at', 'desc')
+            ->filters([
+                TernaryFilter::make('is_personal_access_client')
+                    ->queries(
+                        true: function (Builder $query) {
+                            /** @var Builder<Token> $query */
+                            return $query->whereHas('client', function (Builder $query) {
+                                /** @var Builder<Client> $query */
+                                return $query->where('personal_access_client', true);
+                            });
+                        },
+                        false: function (Builder $query) {
+                            /** @var Builder<Token> $query */
+                            return $query->whereHas('client', function (Builder $query) {
+                                /** @var Builder<Client> $query */
+                                return $query->where('personal_access_client', false);
+                            });
+                        },
+                        blank: function (Builder $query) {
+                            /** @var Builder<Token> $query */
+                            return $query;
+                        },
+                    )
+                    ->label('API token?'),
+                TernaryFilter::make('revoked')
+                    ->label('Revoked?'),
+            ])
+            ->actions([
+                Tables\Actions\ViewAction::make(),
+            ])
+            ->bulkActions([
+            ]);
+    }
+
+    public static function getRelations(): array
+    {
+        return [
+        ];
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ListTokens::route('/'),
+            'view' => Pages\ViewToken::route('/{record}'),
+        ];
+    }
+}
--- a/app/Filament/Resources/TokenResource/Pages/ListTokens.php
+++ b/app/Filament/Resources/TokenResource/Pages/ListTokens.php
@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\TokenResource\Pages;
+
+use App\Filament\Resources\TokenResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListTokens extends ListRecords
+{
+    protected static string $resource = TokenResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}
--- a/app/Filament/Resources/TokenResource/Pages/ViewToken.php
+++ b/app/Filament/Resources/TokenResource/Pages/ViewToken.php
@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\TokenResource\Pages;
+
+use App\Filament\Resources\TokenResource;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewToken extends ViewRecord
+{
+    protected static string $resource = TokenResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}
--- a/app/Filament/Resources/UserResource.php
+++ b/app/Filament/Resources/UserResource.php
@@ -5,21 +5,27 @@ declare(strict_types=1);
 namespace App\Filament\Resources;

 use App\Enums\Weekday;
+use App\Exceptions\Api\ApiException;
 use App\Filament\Resources\UserResource\Pages;
 use App\Filament\Resources\UserResource\RelationManagers\OrganizationsRelationManager;
 use App\Filament\Resources\UserResource\RelationManagers\OwnedOrganizationsRelationManager;
 use App\Models\User;
+use App\Service\DeletionService;
 use App\Service\TimezoneService;
+use Brick\Money\ISOCurrencyProvider;
 use Exception;
 use Filament\Forms;
 use Filament\Forms\Components\TextInput;
 use Filament\Forms\Form;
+use Filament\Notifications\Notification;
 use Filament\Resources\Resource;
 use Filament\Tables;
 use Filament\Tables\Filters\TernaryFilter;
 use Filament\Tables\Table;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
+use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
 use STS\FilamentImpersonate\Tables\Actions\Impersonate;

 class UserResource extends Resource
@@ -34,6 +40,9 @@ class UserResource extends Resource

    public static function form(Form $form): Form
    {
+        /** @var User|null $record */
+        $record = $form->getRecord();
+
        return $form
            ->columns(1)
            ->schema([
@@ -50,12 +59,25 @@ class UserResource extends Resource
                Forms\Components\TextInput::make('email')
                    ->label('Email')
                    ->required()
+                    ->rules($record?->is_placeholder ? [] : [
+                        UniqueEloquent::make(User::class, 'email')
+                            ->ignore($record?->getKey()),
+                    ])
+                    ->rule([
+                        'email',
+                    ])
                    ->maxLength(255),
                Forms\Components\Toggle::make('is_placeholder')
-                    ->label('Is Placeholder'),
+                    ->label('Is Placeholder?')
+                    ->hiddenOn(['create'])
+                    ->disabledOn(['edit']),
                Forms\Components\DateTimePicker::make('email_verified_at')
                    ->label('Email Verified At')
+                    ->hiddenOn(['create'])
                    ->nullable(),
+                Forms\Components\Toggle::make('is_email_verified')
+                    ->label('Email Verified?')
+                    ->visibleOn(['create']),
                Forms\Components\Select::make('timezone')
                    ->label('Timezone')
                    ->options(fn (): array => app(TimezoneService::class)->getSelectOptions())
@@ -67,15 +89,39 @@ class UserResource extends Resource
                    ->required(),
                TextInput::make('password')
                    ->password()
+                    ->label('Password')
                    ->dehydrateStateUsing(fn ($state) => Hash::make($state))
                    ->dehydrated(fn ($state) => filled($state))
+                    ->hiddenOn(['create'])
                    ->required(fn (string $context): bool => $context === 'create')
                    ->maxLength(255),
+                TextInput::make('password_create')
+                    ->password()
+                    ->label('Password')
+                    ->visibleOn(['create'])
+                    ->required(fn (string $context): bool => $context === 'create')
+                    ->maxLength(255),
+                Forms\Components\Select::make('currency')
+                    ->label('Currency (Personal Organization)')
+                    ->options(function (): array {
+                        $currencies = ISOCurrencyProvider::getInstance()->getAvailableCurrencies();
+                        $select = [];
+                        foreach ($currencies as $currency) {
+                            $select[$currency->getCurrencyCode()] = $currency->getName().' ('.$currency->getCurrencyCode().')';
+                        }
+
+                        return $select;
+                    })
+                    ->required()
+                    ->visibleOn(['create'])
+                    ->searchable(),
                Forms\Components\DateTimePicker::make('created_at')
                    ->label('Created At')
+                    ->hiddenOn(['create'])
                    ->disabled(),
                Forms\Components\DateTimePicker::make('updated_at')
                    ->label('Updated At')
+                    ->hiddenOn(['create'])
                    ->disabled(),
            ]);
    }
@@ -111,9 +157,18 @@ class UserResource extends Resource
            ->filters([
                TernaryFilter::make('real_user')
                    ->queries(
-                        true: fn (Builder $query) => $query->where('is_placeholder', '=', false),
-                        false: fn (Builder $query) => $query->where('is_placeholder', '=', true),
-                        blank: fn (Builder $query) => $query,
+                        true: function (Builder $query): Builder {
+                            /** @var Builder<User> $query */
+                            return $query->where('is_placeholder', '=', false);
+                        },
+                        false: function (Builder $query): Builder {
+                            /** @var Builder<User> $query */
+                            return $query->where('is_placeholder', '=', true);
+                        },
+                        blank: function (Builder $query): Builder {
+                            /** @var Builder<User> $query */
+                            return $query;
+                        },
                    )
                    ->label('Real User?'),
                TernaryFilter::make('email_verified')
@@ -136,11 +191,22 @@ class UserResource extends Resource
                    }
                }),
                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make()
+                    ->hidden(fn (User $record) => $record->is(Auth::user()))
+                    ->using(function (User $record): void {
+                        try {
+                            app(DeletionService::class)->deleteUser($record);
+                        } catch (ApiException $exception) {
+                            Notification::make()
+                                ->danger()
+                                ->title('Delete failed')
+                                ->body($exception->getTranslatedMessage())
+                                ->persistent()
+                                ->send();
+                        }
+                    }),
            ])
            ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                    Tables\Actions\DeleteBulkAction::make(),
-                ]),
            ]);
    }

--- a/app/Filament/Resources/UserResource/Pages/CreateUser.php
+++ b/app/Filament/Resources/UserResource/Pages/CreateUser.php
@@ -4,24 +4,29 @@ declare(strict_types=1);

 namespace App\Filament\Resources\UserResource\Pages;

+use App\Enums\Weekday;
 use App\Filament\Resources\UserResource;
-use App\Models\Organization;
 use App\Models\User;
+use App\Service\UserService;
 use Filament\Resources\Pages\CreateRecord;

 class CreateUser extends CreateRecord
 {
    protected static string $resource = UserResource::class;

-    protected function afterCreate(): void
+    protected function handleRecordCreation(array $data): User
    {
-        /** @var User $user */
-        $user = $this->record;
+        $userService = app(UserService::class);
+        $user = $userService->createUser(
+            $data['name'],
+            $data['email'],
+            $data['password_create'],
+            $data['timezone'],
+            Weekday::from($data['week_start']),
+            $data['currency'],
+            (bool) $data['is_email_verified']
+        );

-        $user->ownedTeams()->save(Organization::forceCreate([
-            'user_id' => $user->id,
-            'name' => explode(' ', $user->name, 2)[0]."'s Organization",
-            'personal_team' => true,
-        ]));
+        return $user;
    }
 }
--- a/app/Filament/Resources/UserResource/Pages/ListUsers.php
+++ b/app/Filament/Resources/UserResource/Pages/ListUsers.php
@@ -15,7 +15,8 @@ class ListUsers extends ListRecords
    protected function getHeaderActions(): array
    {
        return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
        ];
    }
 }
--- a/app/Filament/Resources/UserResource/Pages/ViewUser.php
+++ b/app/Filament/Resources/UserResource/Pages/ViewUser.php
@@ -7,6 +7,7 @@ namespace App\Filament\Resources\UserResource\Pages;
 use App\Filament\Resources\UserResource;
 use Filament\Actions\EditAction;
 use Filament\Resources\Pages\ViewRecord;
+use STS\FilamentImpersonate\Pages\Actions\Impersonate;

 class ViewUser extends ViewRecord
 {
@@ -15,6 +16,7 @@ class ViewUser extends ViewRecord
    protected function getHeaderActions(): array
    {
        return [
+            Impersonate::make()->record($this->getRecord()),
            EditAction::make('edit')
                ->icon('heroicon-s-pencil'),
        ];
--- a/app/Filament/Resources/UserResource/RelationManagers/OrganizationsRelationManager.php
+++ b/app/Filament/Resources/UserResource/RelationManagers/OrganizationsRelationManager.php
@@ -5,15 +5,18 @@ declare(strict_types=1);
 namespace App\Filament\Resources\UserResource\RelationManagers;

 use App\Enums\Role;
+use App\Exceptions\Api\ApiException;
 use App\Filament\Resources\OrganizationResource;
+use App\Models\Member;
 use App\Models\Organization;
+use App\Models\User;
+use App\Service\MemberService;
 use Filament\Forms\Components\Select;
-use Filament\Forms\Components\TextInput;
 use Filament\Forms\Form;
+use Filament\Notifications\Notification;
 use Filament\Resources\RelationManagers\RelationManager;
 use Filament\Tables;
 use Filament\Tables\Actions\Action;
-use Filament\Tables\Actions\AttachAction;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Table;

@@ -27,10 +30,6 @@ class OrganizationsRelationManager extends RelationManager
            ->schema([
                Select::make('role')
                    ->options(Role::class),
-                TextInput::make('billable_rate')
-                    ->label('Billable rate (in Cents)')
-                    ->nullable()
-                    ->numeric(),
            ]);
    }

@@ -41,15 +40,11 @@ class OrganizationsRelationManager extends RelationManager
            ->columns([
                TextColumn::make('name'),
                TextColumn::make('role'),
-                TextColumn::make('billable_rate')
-                    ->money(fn (Organization $resource) => $resource->currency ?? 'EUR', divideBy: 100),
+                TextColumn::make('membership.billable_rate')
+                    ->label('Billable rate')
+                    ->money(fn (Organization $resource) => $resource->currency, divideBy: 100),
            ])
            ->headerActions([
-                Tables\Actions\AttachAction::make()->form(fn (AttachAction $action): array => [
-                    $action->getRecordSelect(),
-                    Select::make('role')
-                        ->options(Role::class),
-                ]),
            ])
            ->actions([
                Action::make('view')
@@ -58,13 +53,48 @@ class OrganizationsRelationManager extends RelationManager
                    ->url(fn (Organization $record): string => OrganizationResource::getUrl('view', [
                        'record' => $record->getKey(),
                    ])),
-                Tables\Actions\EditAction::make(),
-                Tables\Actions\DetachAction::make(),
+                Tables\Actions\EditAction::make()
+                    ->using(function (Organization $record, array $data): Organization {
+                        /** @var Member $member */
+                        $member = $record->getRelation('membership');
+
+                        if ($data['role'] !== $member->role) {
+                            try {
+                                app(MemberService::class)->changeRole($member, $record, Role::from($data['role']), true);
+                            } catch (ApiException $exception) {
+                                Notification::make()
+                                    ->danger()
+                                    ->title('Update failed')
+                                    ->body($exception->getTranslatedMessage())
+                                    ->persistent()
+                                    ->send();
+                            }
+                        }
+                        $member->save();
+
+                        return $record;
+                    }),
+                Tables\Actions\DetachAction::make()
+                    ->using(function (Organization $record): void {
+                        /** @var User $user */
+                        $user = $this->getOwnerRecord();
+                        $member = Member::query()
+                            ->whereBelongsTo($user, 'user')
+                            ->whereBelongsTo($record, 'organization')
+                            ->firstOrFail();
+                        try {
+                            app(MemberService::class)->removeMember($member, $record);
+                        } catch (ApiException $exception) {
+                            Notification::make()
+                                ->danger()
+                                ->title('Delete failed')
+                                ->body($exception->getTranslatedMessage())
+                                ->persistent()
+                                ->send();
+                        }
+                    }),
            ])
            ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                    Tables\Actions\DetachBulkAction::make(),
-                ]),
            ]);
    }
 }
--- a/app/Filament/Widgets/ActiveUserOverview.php
+++ b/app/Filament/Widgets/ActiveUserOverview.php
@@ -4,6 +4,7 @@ declare(strict_types=1);

 namespace App\Filament\Widgets;

+use App\Models\TimeEntry;
 use App\Models\User;
 use Filament\Widgets\StatsOverviewWidget as BaseWidget;
 use Filament\Widgets\StatsOverviewWidget\Stat;
@@ -13,7 +14,7 @@ class ActiveUserOverview extends BaseWidget
 {
    protected static ?int $sort = 1;

-    protected static ?string $heading = 'A Registrations';
+    protected ?string $heading = 'A Registrations';

    protected function getCards(): array
    {
@@ -21,7 +22,8 @@ class ActiveUserOverview extends BaseWidget
        $placeholderUserCount = User::query()->where('is_placeholder', '=', true)->count();
        $activeInLastWeek = User::query()
            ->where('is_placeholder', '=', false)
-            ->whereHas('timeEntries', function (Builder $query) {
+            ->whereHas('timeEntries', function (Builder $query): void {
+                /** @var Builder<TimeEntry> $query */
                $query->where('created_at', '>=', now()->subWeek())
                    ->orWhere('updated_at', '>=', now()->subWeek());
            })
--- a/app/Filament/Widgets/ServerOverview.php
+++ b/app/Filament/Widgets/ServerOverview.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Widgets;
+
+use Filament\Widgets\Widget;
+use Illuminate\Support\Facades\Cache;
+
+class ServerOverview extends Widget
+{
+    protected static string $view = 'filament.widgets.server-overview';
+
+    /**
+     * @return array<string, mixed>
+     */
+    protected function getViewData(): array
+    {
+        /** @var string|null $currentVersion */
+        $currentVersion = config('app.version');
+        /** @var string|null $build */
+        $build = config('app.build');
+        $latestVersion = Cache::get('latest_version', null);
+
+        $needsUpdate = false;
+        if ($latestVersion !== null && $currentVersion !== null && version_compare($latestVersion, $currentVersion) > 0) {
+            $needsUpdate = true;
+        }
+
+        return [
+            'version' => $currentVersion,
+            'build' => $build,
+            'environment' => config('app.env'),
+            'currentVersion' => $latestVersion,
+            'needsUpdate' => $needsUpdate,
+        ];
+    }
+}
--- a/app/Http/Controllers/Api/V1/ApiTokenController.php
+++ b/app/Http/Controllers/Api/V1/ApiTokenController.php
@@ -0,0 +1,114 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Exceptions\Api\PersonalAccessClientIsNotConfiguredException;
+use App\Http\Requests\V1\ApiToken\ApiTokenStoreRequest;
+use App\Http\Resources\V1\ApiToken\ApiTokenCollection;
+use App\Http\Resources\V1\ApiToken\ApiTokenWithAccessTokenResource;
+use App\Models\Passport\Token;
+use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Http\JsonResponse;
+
+class ApiTokenController extends Controller
+{
+    /**
+     * List all api token of the currently authenticated user
+     *
+     * This endpoint is independent of organization.
+     *
+     * @operationId getApiTokens
+     *
+     * @throws AuthorizationException
+     */
+    public function index(): ApiTokenCollection
+    {
+        $user = $this->user();
+
+        $tokens = $user->tokens()
+            ->where('client_id', '=', config('passport.personal_access_client.id'))
+            ->get();
+
+        return new ApiTokenCollection($tokens);
+    }
+
+    /**
+     * Create a new api token for the currently authenticated user
+     *
+     * The response will contain the access token that can be used to send authenticated API requests.
+     * Please note that the access token is only shown in this response and cannot be retrieved later.
+     *
+     * @operationId createApiToken
+     *
+     * @throws AuthorizationException|PersonalAccessClientIsNotConfiguredException
+     */
+    public function store(ApiTokenStoreRequest $request): ApiTokenWithAccessTokenResource
+    {
+        $user = $this->user();
+
+        if (config('passport.personal_access_client.id') === null || config('passport.personal_access_client.secret') === null) {
+            throw new PersonalAccessClientIsNotConfiguredException;
+        }
+
+        $token = $user->createToken($request->getName(), ['*']);
+        /** @var Token $tokenModel */
+        $tokenModel = $token->token;
+
+        return new ApiTokenWithAccessTokenResource($tokenModel, $token->accessToken);
+    }
+
+    /**
+     * Revoke an api token
+     *
+     * @operationId revokeApiToken
+     *
+     * @throws AuthorizationException
+     * @throws PersonalAccessClientIsNotConfiguredException
+     */
+    public function revoke(Token $apiToken): JsonResponse
+    {
+        $user = $this->user();
+
+        if (config('passport.personal_access_client.id') === null || config('passport.personal_access_client.secret') === null) {
+            throw new PersonalAccessClientIsNotConfiguredException;
+        }
+        if ($apiToken->user_id !== $user->getKey()) {
+            throw new AuthorizationException('API token does not belong to user');
+        }
+        if ($apiToken->client_id !== config('passport.personal_access_client.id')) {
+            throw new AuthorizationException('API token is not a personal access token');
+        }
+
+        $apiToken->revoke();
+
+        return response()->json(null, 204);
+    }
+
+    /**
+     * Delete an api token
+     *
+     * @operationId deleteApiToken
+     *
+     * @throws AuthorizationException|PersonalAccessClientIsNotConfiguredException
+     */
+    public function destroy(Token $apiToken): JsonResponse
+    {
+        $user = $this->user();
+
+        if (config('passport.personal_access_client.id') === null || config('passport.personal_access_client.secret') === null) {
+            throw new PersonalAccessClientIsNotConfiguredException;
+        }
+        if ($apiToken->user_id !== $user->getKey()) {
+            throw new AuthorizationException('API token does not belong to user');
+        }
+        if ($apiToken->client_id !== config('passport.personal_access_client.id')) {
+            throw new AuthorizationException('API token is not a personal access token');
+        }
+
+        $apiToken->delete();
+
+        return response()->json(null, 204);
+    }
+}
--- a/app/Http/Controllers/Api/V1/ClientController.php
+++ b/app/Http/Controllers/Api/V1/ClientController.php
@@ -66,7 +66,7 @@ class ClientController extends Controller
    {
        $this->checkPermission($organization, 'clients:create');

-        $client = new Client();
+        $client = new Client;
        $client->name = $request->input('name');
        $client->organization()->associate($organization);
        $client->save();
--- a/app/Http/Controllers/Api/V1/Controller.php
+++ b/app/Http/Controllers/Api/V1/Controller.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers\Api\V1;

 use App\Models\Organization;
+use App\Service\BillingContract;
 use App\Service\PermissionStore;
 use Illuminate\Auth\Access\AuthorizationException;

@@ -12,8 +13,7 @@ class Controller extends \App\Http\Controllers\Controller
 {
    public function __construct(
        protected PermissionStore $permissionStore,
-    ) {
-    }
+    ) {}

    /**
     * @throws AuthorizationException
@@ -21,7 +21,7 @@ class Controller extends \App\Http\Controllers\Controller
    protected function checkPermission(Organization $organization, string $permission): void
    {
        if (! $this->permissionStore->has($organization, $permission)) {
-            throw new AuthorizationException();
+            throw new AuthorizationException;
        }
    }

@@ -37,11 +37,16 @@ class Controller extends \App\Http\Controllers\Controller
                return;
            }
        }
-        throw new AuthorizationException();
+        throw new AuthorizationException;
    }

    protected function hasPermission(Organization $organization, string $permission): bool
    {
        return $this->permissionStore->has($organization, $permission);
    }
+
+    protected function canAccessPremiumFeatures(Organization $organization): bool
+    {
+        return app(BillingContract::class)->hasSubscription($organization) || app(BillingContract::class)->hasTrial($organization);
+    }
 }
--- a/app/Http/Controllers/Api/V1/ExportController.php
+++ b/app/Http/Controllers/Api/V1/ExportController.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Models\Organization;
+use App\Service\Export\ExportException;
+use App\Service\Export\ExportService;
+use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Storage;
+
+class ExportController extends Controller
+{
+    /**
+     * Export data of an organization
+     *
+     * @throws AuthorizationException
+     * @throws ExportException
+     *
+     * @operationId exportOrganization
+     */
+    public function export(Organization $organization, ExportService $exportService): JsonResponse
+    {
+        $this->checkPermission($organization, 'export');
+
+        $filepath = $exportService->export($organization);
+        $downloadUrl = Storage::disk(config('filesystems.private'))
+            ->temporaryUrl($filepath, Carbon::now()->addMinutes(10));
+
+        return new JsonResponse([
+            'success' => true,
+            'download_url' => $downloadUrl,
+        ], 200);
+    }
+}
--- a/app/Http/Controllers/Api/V1/ImportController.php
+++ b/app/Http/Controllers/Api/V1/ImportController.php
@@ -35,7 +35,7 @@ class ImportController extends Controller

        foreach ($importers as $key => $importerClass) {
            /** @var ImporterContract $importer */
-            $importer = new $importerClass();
+            $importer = new $importerClass;
            $importersResponse[] = [
                'key' => $key,
                'name' => $importer->getName(),
--- a/Show More
+++ b/Show More