mirror of
https://github.com/solidtime-io/solidtime.git
synced 2026-06-15 13:32:43 +01:00
Compare commits
11 Commits
v0.12.1
...
feature/pu
| Author | SHA1 | Date | |
|---|---|---|---|
|
400a764663 | ||
|
|
58e8fa0cd9 | ||
|
|
54ed15f2e9 | ||
|
|
7d9ecd9526 | ||
|
|
3a17f80f99 | ||
|
|
e29ea2ea42 | ||
|
|
fb6e4639ce | ||
|
|
69bc41988a | ||
|
|
f7663b1c8b | ||
|
|
793bd11dcf | ||
|
|
77a62afd69 |
4
.github/workflows/build-onpremise.yml
vendored
4
.github/workflows/build-onpremise.yml
vendored
@@ -91,7 +91,7 @@ jobs:
|
||||
if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
|
||||
|
||||
- name: "Use Node.js"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
@@ -177,7 +177,7 @@ jobs:
|
||||
- build
|
||||
steps:
|
||||
- name: "Download digests"
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v6
|
||||
with:
|
||||
path: ${{ runner.temp }}/digests
|
||||
pattern: digests-*
|
||||
|
||||
10
.github/workflows/build-private.yml
vendored
10
.github/workflows/build-private.yml
vendored
@@ -22,7 +22,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Check out code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
|
||||
|
||||
@@ -68,12 +68,12 @@ jobs:
|
||||
run: cat .env
|
||||
|
||||
- name: "Use Node.js"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
- name: "Checkout billing extension"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
repository: solidtime-io/extension-billing
|
||||
path: extensions/Billing
|
||||
@@ -93,7 +93,7 @@ jobs:
|
||||
run: cd extensions/Billing && npm ci
|
||||
|
||||
- name: "Checkout services extension"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
repository: solidtime-io/extension-services
|
||||
path: extensions/Services
|
||||
@@ -111,7 +111,7 @@ jobs:
|
||||
run: cd extensions/Services && npm ci
|
||||
|
||||
- name: "Checkout invoicing extension"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
repository: solidtime-io/extension-invoicing
|
||||
path: extensions/Invoicing
|
||||
|
||||
6
.github/workflows/build-public.yml
vendored
6
.github/workflows/build-public.yml
vendored
@@ -36,7 +36,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Check out code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
|
||||
|
||||
@@ -92,7 +92,7 @@ jobs:
|
||||
if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
|
||||
|
||||
- name: "Use Node.js"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
@@ -169,7 +169,7 @@ jobs:
|
||||
- build
|
||||
steps:
|
||||
- name: "Download digests"
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v6
|
||||
with:
|
||||
path: ${{ runner.temp }}/digests
|
||||
pattern: digests-*
|
||||
|
||||
2
.github/workflows/generate-api-docs.yml
vendored
2
.github/workflows/generate-api-docs.yml
vendored
@@ -29,7 +29,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Setup PHP"
|
||||
uses: shivammathur/setup-php@v2
|
||||
|
||||
4
.github/workflows/npm-build.yml
vendored
4
.github/workflows/npm-build.yml
vendored
@@ -11,7 +11,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Setup PHP (for Ziggy)"
|
||||
uses: shivammathur/setup-php@v2
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
run: composer install -n --prefer-dist
|
||||
|
||||
- name: "Use Node.js"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
|
||||
4
.github/workflows/npm-format-check.yml
vendored
4
.github/workflows/npm-format-check.yml
vendored
@@ -9,10 +9,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Use Node.js"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
|
||||
4
.github/workflows/npm-lint.yml
vendored
4
.github/workflows/npm-lint.yml
vendored
@@ -11,10 +11,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Use Node.js"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
|
||||
4
.github/workflows/npm-publish-api.yml
vendored
4
.github/workflows/npm-publish-api.yml
vendored
@@ -11,11 +11,11 @@ jobs:
|
||||
id-token: write
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
# Setup .npmrc file to publish to npm
|
||||
- name: Install root project dependencies
|
||||
run: npm ci
|
||||
- uses: actions/setup-node@v4
|
||||
- uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
registry-url: 'https://registry.npmjs.org'
|
||||
|
||||
4
.github/workflows/npm-publish-ui.yml
vendored
4
.github/workflows/npm-publish-ui.yml
vendored
@@ -11,9 +11,9 @@ jobs:
|
||||
id-token: write
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
# Setup .npmrc file to publish to npm
|
||||
- uses: actions/setup-node@v4
|
||||
- uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
registry-url: 'https://registry.npmjs.org'
|
||||
|
||||
4
.github/workflows/npm-typecheck.yml
vendored
4
.github/workflows/npm-typecheck.yml
vendored
@@ -10,7 +10,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Setup PHP (for Ziggy)"
|
||||
uses: shivammathur/setup-php@v2
|
||||
@@ -23,7 +23,7 @@ jobs:
|
||||
run: composer install -n --prefer-dist
|
||||
|
||||
- name: "Use Node.js"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
|
||||
2
.github/workflows/phpstan.yml
vendored
2
.github/workflows/phpstan.yml
vendored
@@ -9,7 +9,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Setup PHP"
|
||||
uses: shivammathur/setup-php@v2
|
||||
|
||||
6
.github/workflows/phpunit.yml
vendored
6
.github/workflows/phpunit.yml
vendored
@@ -36,7 +36,7 @@ jobs:
|
||||
--health-retries 5
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Setup PHP"
|
||||
uses: shivammathur/setup-php@v2
|
||||
@@ -48,7 +48,7 @@ jobs:
|
||||
- name: "Run composer install"
|
||||
run: composer install -n --prefer-dist
|
||||
|
||||
- uses: actions/setup-node@v4
|
||||
- uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
@@ -68,7 +68,7 @@ jobs:
|
||||
run: php artisan test --stop-on-failure --coverage-text --coverage-clover=coverage.xml
|
||||
|
||||
- name: "Upload coverage reports to Codecov"
|
||||
uses: codecov/codecov-action@v5.4.3
|
||||
uses: codecov/codecov-action@v5.5.1
|
||||
with:
|
||||
token: ${{ secrets.CODECOV_TOKEN }}
|
||||
slug: solidtime-io/solidtime
|
||||
|
||||
4
.github/workflows/pint.yml
vendored
4
.github/workflows/pint.yml
vendored
@@ -9,9 +9,9 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Check code style"
|
||||
uses: aglipanci/laravel-pint-action@2.5
|
||||
uses: aglipanci/laravel-pint-action@2.6
|
||||
with:
|
||||
configPath: "pint.json"
|
||||
|
||||
4
.github/workflows/playwright.yml
vendored
4
.github/workflows/playwright.yml
vendored
@@ -35,10 +35,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: "Setup node"
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: '20.x'
|
||||
|
||||
|
||||
15
SECURITY.md
15
SECURITY.md
@@ -3,3 +3,18 @@
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security vulnerability regarding this project, please e-mail me to [security@solidtime.io](mailto:security@solidtime.io)!
|
||||
|
||||
## Out of scope
|
||||
|
||||
|
||||
Reports we typically won't issue an advisory for:
|
||||
|
||||
* Theoretical findings without a working PoC
|
||||
* Raw scanner output without manual validation
|
||||
* Missing/weak security headers in isolation (CSP, X-Frame-Options, HSTS, etc.)
|
||||
* SPF/DKIM/DMARC on non-mail-sending domains; missing DNSSEC/CAA; TLS cipher preferences
|
||||
* Self-XSS; CSRF on non-state-changing endpoints (logout, theme)
|
||||
* CSV / spreadsheet formula injection in exports — treated as a spreadsheet-application issue
|
||||
* Org owners or admins acting destructively within their own organization
|
||||
* Anything requiring direct DB, shell, or filesystem access on a self-hosted instance
|
||||
* Missing OAuth Scope enforcement (this is not implemented yet, but AI scanners flag it which is why it is included in this list until we actually support it)
|
||||
|
||||
@@ -304,28 +304,8 @@ class JetstreamServiceProvider extends ServiceProvider
|
||||
'owner' => [
|
||||
'id' => $owner->getKey(),
|
||||
'name' => $owner->name,
|
||||
'email' => $owner->email,
|
||||
'profile_photo_url' => $owner->profile_photo_url,
|
||||
],
|
||||
'users' => $teamModel->users->map(function (User $user): array {
|
||||
return [
|
||||
'id' => $user->getKey(),
|
||||
'name' => $user->name,
|
||||
'email' => $user->email,
|
||||
'profile_photo_url' => $user->profile_photo_url,
|
||||
'membership' => [
|
||||
'id' => $user->membership->id,
|
||||
'role' => $user->membership->role,
|
||||
],
|
||||
];
|
||||
}),
|
||||
'team_invitations' => $teamModel->teamInvitations->map(function (OrganizationInvitation $invitation): array {
|
||||
return [
|
||||
'id' => $invitation->getKey(),
|
||||
'email' => $invitation->email,
|
||||
'role' => $invitation->role,
|
||||
];
|
||||
}),
|
||||
],
|
||||
'currencies' => array_map(function (Currency $currency): string {
|
||||
return $currency->getName();
|
||||
|
||||
@@ -6,6 +6,7 @@ import { formatCentsWithOrganizationDefaults } from './utils/money';
|
||||
import {
|
||||
createProjectViaApi,
|
||||
createPublicProjectViaApi,
|
||||
createProjectMemberViaApi,
|
||||
createTaskViaApi,
|
||||
createClientViaApi,
|
||||
createTimeEntryViaApi,
|
||||
@@ -217,6 +218,59 @@ test('test that creating a non-billable project works', async ({ page }) => {
|
||||
await expect(page.getByTestId('project_table')).toContainText(newProjectName);
|
||||
});
|
||||
|
||||
test('test that creating a public project via the modal works', async ({ page }) => {
|
||||
const newProjectName = 'Public Project ' + Math.floor(1 + Math.random() * 10000);
|
||||
await goToProjectsOverview(page);
|
||||
await page.getByRole('button', { name: 'Create Project' }).click();
|
||||
await page.getByLabel('Project Name').fill(newProjectName);
|
||||
|
||||
// Visibility defaults to Private — switch it to Public
|
||||
await expect(page.getByRole('dialog').locator('#visibility')).toContainText('Private');
|
||||
await page.getByRole('dialog').locator('#visibility').click();
|
||||
await page.getByRole('option', { name: 'Public' }).click();
|
||||
|
||||
await Promise.all([
|
||||
page.getByRole('button', { name: 'Create Project' }).click(),
|
||||
page.waitForResponse(
|
||||
async (response) =>
|
||||
response.url().includes('/projects') &&
|
||||
response.request().method() === 'POST' &&
|
||||
response.status() === 201 &&
|
||||
(await response.json()).data.is_public === true
|
||||
),
|
||||
]);
|
||||
|
||||
await expect(page.getByTestId('project_table')).toContainText(newProjectName);
|
||||
});
|
||||
|
||||
test('test that changing a project to public via the edit modal works', async ({ page, ctx }) => {
|
||||
const newProjectName = 'Edit Visibility Project ' + Math.floor(1 + Math.random() * 10000);
|
||||
await createProjectViaApi(ctx, { name: newProjectName });
|
||||
|
||||
await goToProjectsOverview(page);
|
||||
await expect(page.getByText(newProjectName)).toBeVisible({ timeout: 10000 });
|
||||
|
||||
const projectRow = page.getByRole('row').filter({ hasText: newProjectName }).first();
|
||||
await projectRow.getByRole('button').click();
|
||||
await page.locator(`[aria-label='Edit Project ${newProjectName}']`).click();
|
||||
|
||||
// Loaded as Private — switch it to Public
|
||||
await expect(page.getByRole('dialog').locator('#visibility')).toContainText('Private');
|
||||
await page.getByRole('dialog').locator('#visibility').click();
|
||||
await page.getByRole('option', { name: 'Public' }).click();
|
||||
|
||||
await Promise.all([
|
||||
page.getByRole('button', { name: 'Update Project' }).click(),
|
||||
page.waitForResponse(
|
||||
async (response) =>
|
||||
response.url().includes('/projects/') &&
|
||||
response.request().method() === 'PUT' &&
|
||||
response.status() === 200 &&
|
||||
(await response.json()).data.is_public === true
|
||||
),
|
||||
]);
|
||||
});
|
||||
|
||||
test('test that switching from custom rate to default rate clears billable rate', async ({
|
||||
page,
|
||||
ctx,
|
||||
@@ -925,6 +979,39 @@ test.describe('Employee Projects Restrictions', () => {
|
||||
employee.page.locator(`[aria-label='Delete Project ${projectName}']`)
|
||||
).not.toBeVisible();
|
||||
});
|
||||
|
||||
test('employee does not see private projects they are not a member of', async ({
|
||||
ctx,
|
||||
employee,
|
||||
}) => {
|
||||
const publicName = 'EmpPublicVisible ' + Math.floor(Math.random() * 10000);
|
||||
const privateName = 'EmpPrivateHidden ' + Math.floor(Math.random() * 10000);
|
||||
await createPublicProjectViaApi(ctx, { name: publicName });
|
||||
// createProjectViaApi defaults to is_public: false (private); the employee is not a member
|
||||
await createProjectViaApi(ctx, { name: privateName });
|
||||
|
||||
await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
|
||||
await expect(employee.page.getByTestId('projects_view')).toBeVisible({ timeout: 10000 });
|
||||
|
||||
// The public project is visible — confirms the list has loaded
|
||||
await expect(employee.page.getByText(publicName)).toBeVisible({ timeout: 10000 });
|
||||
|
||||
// The private project the employee is not a member of must not appear
|
||||
await expect(employee.page.getByText(privateName)).not.toBeVisible();
|
||||
});
|
||||
|
||||
test('employee can see a private project they are a member of', async ({ ctx, employee }) => {
|
||||
const projectName = 'EmpPrivateMember ' + Math.floor(Math.random() * 10000);
|
||||
const project = await createProjectViaApi(ctx, { name: projectName });
|
||||
// Add the employee as a project member so the private project becomes visible to them
|
||||
await createProjectMemberViaApi(ctx, project.id, { member_id: employee.memberId });
|
||||
|
||||
await employee.page.goto(PLAYWRIGHT_BASE_URL + '/projects');
|
||||
await expect(employee.page.getByTestId('projects_view')).toBeVisible({ timeout: 10000 });
|
||||
|
||||
// The private project is visible because the employee is a member
|
||||
await expect(employee.page.getByText(projectName)).toBeVisible({ timeout: 10000 });
|
||||
});
|
||||
});
|
||||
|
||||
test.describe('Employee Billable Rate Visibility', () => {
|
||||
|
||||
@@ -19,6 +19,7 @@ import { Field, FieldGroup, FieldLabel } from '@/packages/ui/src/field';
|
||||
import ProjectBillableRateModal from '@/packages/ui/src/Project/ProjectBillableRateModal.vue';
|
||||
import { getOrganizationCurrencyString } from '@/utils/money';
|
||||
import ProjectEditBillableSection from '@/packages/ui/src/Project/ProjectEditBillableSection.vue';
|
||||
import ProjectVisibilitySelect from '@/packages/ui/src/Project/ProjectVisibilitySelect.vue';
|
||||
import { isAllowedToPerformPremiumAction } from '@/utils/billing';
|
||||
import { useOrganizationQuery } from '@/utils/useOrganizationQuery';
|
||||
import { getCurrentOrganizationId } from '@/utils/useUser';
|
||||
@@ -44,6 +45,7 @@ const project = ref<CreateProjectBody>({
|
||||
billable_rate: props.originalProject.billable_rate,
|
||||
is_billable: props.originalProject.is_billable,
|
||||
estimated_time: props.originalProject.estimated_time,
|
||||
is_public: props.originalProject.is_public,
|
||||
});
|
||||
|
||||
async function submit() {
|
||||
@@ -126,6 +128,7 @@ async function submitBillableRate() {
|
||||
v-if="isAllowedToPerformPremiumAction()"
|
||||
v-model="project.estimated_time"
|
||||
@submit="submit()"></EstimatedTimeSection>
|
||||
<ProjectVisibilitySelect v-model="project.is_public"></ProjectVisibilitySelect>
|
||||
</FieldGroup>
|
||||
</template>
|
||||
<template #footer>
|
||||
|
||||
@@ -13,7 +13,8 @@ export type SortColumn =
|
||||
| 'spent_time'
|
||||
| 'progress'
|
||||
| 'billable_rate'
|
||||
| 'status';
|
||||
| 'status'
|
||||
| 'visibility';
|
||||
export type SortDirection = 'asc' | 'desc';
|
||||
import { canCreateProjects } from '@/utils/permissions';
|
||||
import type { CreateProjectBody, Project, Client, CreateClientBody } from '@/packages/api/src';
|
||||
@@ -102,6 +103,10 @@ const columns = computed(() => [
|
||||
id: 'status',
|
||||
accessorFn: (row: Project) => (row.is_archived ? 1 : 0),
|
||||
},
|
||||
{
|
||||
id: 'visibility',
|
||||
accessorFn: (row: Project) => (row.is_public ? 1 : 0),
|
||||
},
|
||||
]);
|
||||
|
||||
// Columns with sortDescFirst get desc as default direction on first click.
|
||||
@@ -149,7 +154,7 @@ async function createClient(client: CreateClientBody): Promise<Client | undefine
|
||||
}
|
||||
|
||||
const gridTemplate = computed(() => {
|
||||
return `grid-template-columns: minmax(300px, 1fr) minmax(150px, auto) minmax(140px, auto) minmax(130px, auto) ${props.showBillableRate ? 'minmax(130px, auto)' : ''} minmax(120px, auto) 80px;`;
|
||||
return `grid-template-columns: minmax(300px, 1fr) minmax(150px, auto) minmax(140px, auto) minmax(130px, auto) ${props.showBillableRate ? 'minmax(130px, auto)' : ''} minmax(120px, auto) minmax(120px, auto) 80px;`;
|
||||
});
|
||||
</script>
|
||||
|
||||
@@ -171,7 +176,7 @@ const gridTemplate = computed(() => {
|
||||
:sort-direction="props.sortDirection"
|
||||
:desc-first-columns="descFirstColumns"
|
||||
@sort="handleSort"></ProjectTableHeading>
|
||||
<div v-if="sortedProjects.length === 0" class="col-span-5 py-24 text-center">
|
||||
<div v-if="sortedProjects.length === 0" class="col-span-full py-24 text-center">
|
||||
<FolderPlusIcon class="w-8 text-icon-default inline pb-2"></FolderPlusIcon>
|
||||
<h3 class="text-text-primary font-semibold">
|
||||
{{
|
||||
|
||||
@@ -86,6 +86,14 @@ function isChevronUp(column: SortColumn): boolean {
|
||||
<ChevronUpIcon v-else-if="isChevronUp('status')" class="w-4 h-4" />
|
||||
<span v-else class="w-4 h-4"></span>
|
||||
</div>
|
||||
<div
|
||||
class="px-3 py-1.5 text-left text-text-tertiary cursor-pointer hover:bg-secondary hover:text-text-primary transition-colors select-none flex items-center gap-1"
|
||||
@click="handleSort('visibility')">
|
||||
Visibility
|
||||
<ChevronDownIcon v-if="isChevronDown('visibility')" class="w-4 h-4" />
|
||||
<ChevronUpIcon v-else-if="isChevronUp('visibility')" class="w-4 h-4" />
|
||||
<span v-else class="w-4 h-4"></span>
|
||||
</div>
|
||||
<div class="relative py-1.5 pl-3 pr-4 sm:pr-6 lg:pr-8 3xl:pr-12">
|
||||
<span class="sr-only">Edit</span>
|
||||
</div>
|
||||
|
||||
@@ -7,6 +7,8 @@ import {
|
||||
PencilSquareIcon,
|
||||
ArchiveBoxIcon as ArchiveBoxIconSolid,
|
||||
TrashIcon,
|
||||
GlobeAltIcon,
|
||||
LockClosedIcon,
|
||||
} from '@heroicons/vue/20/solid';
|
||||
import { useClientsQuery } from '@/utils/useClientsQuery';
|
||||
import { useTasksQuery } from '@/utils/useTasksQuery';
|
||||
@@ -141,6 +143,17 @@ const showEditProjectModal = ref(false);
|
||||
<span>Active</span>
|
||||
</template>
|
||||
</div>
|
||||
<div
|
||||
class="whitespace-nowrap px-3 py-4 text-sm text-text-primary flex space-x-1.5 items-center font-medium">
|
||||
<template v-if="project.is_public">
|
||||
<GlobeAltIcon class="w-4 text-icon-default"></GlobeAltIcon>
|
||||
<span>Public</span>
|
||||
</template>
|
||||
<template v-else>
|
||||
<LockClosedIcon class="w-4 text-icon-default"></LockClosedIcon>
|
||||
<span>Private</span>
|
||||
</template>
|
||||
</div>
|
||||
<div
|
||||
class="relative whitespace-nowrap flex items-center pl-3 text-right text-sm font-medium pr-4 sm:pr-6 lg:pr-8 3xl:pr-12">
|
||||
<ProjectMoreOptionsDropdown
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
<script setup lang="ts">
|
||||
import { computed } from 'vue';
|
||||
import { GlobeAltIcon } from '@heroicons/vue/16/solid';
|
||||
import { DropdownMenuItem } from '@/packages/ui/src';
|
||||
import BaseFilterBadge from './BaseFilterBadge.vue';
|
||||
|
||||
type VisibilityValue = 'public' | 'private' | 'all';
|
||||
|
||||
const props = defineProps<{
|
||||
value: VisibilityValue;
|
||||
}>();
|
||||
|
||||
const emit = defineEmits<{
|
||||
remove: [];
|
||||
'update:value': [value: VisibilityValue];
|
||||
}>();
|
||||
|
||||
const visibilityOptions = [
|
||||
{ id: 'public' as const, name: 'Public' },
|
||||
{ id: 'private' as const, name: 'Private' },
|
||||
];
|
||||
|
||||
const label = computed(() => {
|
||||
return visibilityOptions.find((opt) => opt.id === props.value)?.name ?? 'Visibility';
|
||||
});
|
||||
|
||||
function updateVisibility(visibility: VisibilityValue) {
|
||||
emit('update:value', visibility);
|
||||
}
|
||||
</script>
|
||||
|
||||
<template>
|
||||
<BaseFilterBadge
|
||||
:icon="GlobeAltIcon"
|
||||
:label="label"
|
||||
filter-name="Visibility"
|
||||
@remove="emit('remove')">
|
||||
<DropdownMenuItem
|
||||
v-for="option in visibilityOptions"
|
||||
:key="option.id"
|
||||
:class="[value === option.id && 'bg-accent text-accent-foreground']"
|
||||
@click="updateVisibility(option.id)">
|
||||
{{ option.name }}
|
||||
</DropdownMenuItem>
|
||||
</BaseFilterBadge>
|
||||
</template>
|
||||
@@ -1,6 +1,6 @@
|
||||
<script setup lang="ts">
|
||||
import { computed, ref } from 'vue';
|
||||
import { UserGroupIcon, CheckCircleIcon } from '@heroicons/vue/16/solid';
|
||||
import { UserGroupIcon, CheckCircleIcon, GlobeAltIcon } from '@heroicons/vue/16/solid';
|
||||
import ListFilterIcon from '@/packages/ui/src/Icons/ListFilterIcon.vue';
|
||||
import {
|
||||
DropdownMenu,
|
||||
@@ -19,6 +19,7 @@ import { NO_CLIENT_ID } from './constants';
|
||||
|
||||
export interface ProjectFilters {
|
||||
status: 'active' | 'archived' | 'all';
|
||||
visibility: 'public' | 'private' | 'all';
|
||||
clientIds: string[];
|
||||
}
|
||||
|
||||
@@ -36,6 +37,11 @@ const statusOptions = [
|
||||
{ id: 'archived' as const, name: 'Archived' },
|
||||
];
|
||||
|
||||
const visibilityOptions = [
|
||||
{ id: 'public' as const, name: 'Public' },
|
||||
{ id: 'private' as const, name: 'Private' },
|
||||
];
|
||||
|
||||
const open = ref(false);
|
||||
|
||||
function updateStatus(status: 'active' | 'archived' | 'all') {
|
||||
@@ -46,6 +52,14 @@ function updateStatus(status: 'active' | 'archived' | 'all') {
|
||||
open.value = false;
|
||||
}
|
||||
|
||||
function updateVisibility(visibility: 'public' | 'private' | 'all') {
|
||||
emit('update:filters', {
|
||||
...props.filters,
|
||||
visibility,
|
||||
});
|
||||
open.value = false;
|
||||
}
|
||||
|
||||
function toggleClient(clientId: string) {
|
||||
const clientIds = props.filters.clientIds.includes(clientId)
|
||||
? props.filters.clientIds.filter((id) => id !== clientId)
|
||||
@@ -69,7 +83,11 @@ function toggleNoClient() {
|
||||
}
|
||||
|
||||
const hasActiveFilters = computed(() => {
|
||||
return props.filters.status !== 'all' || props.filters.clientIds.length > 0;
|
||||
return (
|
||||
props.filters.status !== 'all' ||
|
||||
props.filters.visibility !== 'all' ||
|
||||
props.filters.clientIds.length > 0
|
||||
);
|
||||
});
|
||||
</script>
|
||||
|
||||
@@ -102,6 +120,25 @@ const hasActiveFilters = computed(() => {
|
||||
</DropdownMenuSubContent>
|
||||
</DropdownMenuSub>
|
||||
|
||||
<!-- Visibility Filter -->
|
||||
<DropdownMenuSub>
|
||||
<DropdownMenuSubTrigger class="gap-2">
|
||||
<GlobeAltIcon class="h-4 w-4 text-icon-default" />
|
||||
<span>Visibility</span>
|
||||
</DropdownMenuSubTrigger>
|
||||
<DropdownMenuSubContent>
|
||||
<DropdownMenuItem
|
||||
v-for="option in visibilityOptions"
|
||||
:key="option.id"
|
||||
:class="[
|
||||
filters.visibility === option.id && 'bg-accent text-accent-foreground',
|
||||
]"
|
||||
@click="updateVisibility(option.id)">
|
||||
{{ option.name }}
|
||||
</DropdownMenuItem>
|
||||
</DropdownMenuSubContent>
|
||||
</DropdownMenuSub>
|
||||
|
||||
<!-- Client Filter -->
|
||||
<DropdownMenuSub v-if="clients.length > 0">
|
||||
<DropdownMenuSubTrigger class="gap-2">
|
||||
|
||||
@@ -109,7 +109,7 @@ const shownTasks = computed(() => {
|
||||
</div>
|
||||
</li>
|
||||
</ol>
|
||||
<div class="px-4">
|
||||
<div class="px-4 space-x-1">
|
||||
<Badge v-if="project?.billable_rate">
|
||||
{{ billableRateFormatted }}
|
||||
/ h
|
||||
@@ -118,6 +118,7 @@ const shownTasks = computed(() => {
|
||||
Default Rate
|
||||
</Badge>
|
||||
<Badge v-if="!project?.is_billable"> Non-Billable </Badge>
|
||||
<Badge>{{ project?.is_public ? 'Public' : 'Private' }}</Badge>
|
||||
</div>
|
||||
</nav>
|
||||
<div>
|
||||
|
||||
@@ -20,6 +20,7 @@ import { isAllowedToPerformPremiumAction } from '@/utils/billing';
|
||||
import { useStorage } from '@vueuse/core';
|
||||
import ProjectsFilterDropdown from '@/Components/Common/Project/ProjectsFilterDropdown.vue';
|
||||
import ProjectStatusFilterBadge from '@/Components/Common/Project/ProjectStatusFilterBadge.vue';
|
||||
import ProjectVisibilityFilterBadge from '@/Components/Common/Project/ProjectVisibilityFilterBadge.vue';
|
||||
import ProjectClientFilterBadge from '@/Components/Common/Project/ProjectClientFilterBadge.vue';
|
||||
import { NO_CLIENT_ID } from '@/Components/Common/Project/constants';
|
||||
import type { SortColumn, SortDirection } from '@/Components/Common/Project/ProjectTable.vue';
|
||||
@@ -36,6 +37,7 @@ interface ProjectTableState {
|
||||
filters: {
|
||||
clientIds: string[];
|
||||
status: 'active' | 'archived' | 'all';
|
||||
visibility: 'public' | 'private' | 'all';
|
||||
};
|
||||
}
|
||||
|
||||
@@ -47,6 +49,7 @@ const tableState = useStorage<ProjectTableState>(
|
||||
filters: {
|
||||
clientIds: [],
|
||||
status: 'all',
|
||||
visibility: 'all',
|
||||
},
|
||||
},
|
||||
undefined,
|
||||
@@ -69,6 +72,14 @@ const filteredProjects = computed(() => {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Visibility filter
|
||||
if (tableState.value.filters.visibility === 'public' && !project.is_public) {
|
||||
return false;
|
||||
}
|
||||
if (tableState.value.filters.visibility === 'private' && project.is_public) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Client filter
|
||||
const hasClientFilter = tableState.value.filters.clientIds.length > 0;
|
||||
if (hasClientFilter) {
|
||||
@@ -91,6 +102,10 @@ function removeStatusFilter() {
|
||||
tableState.value.filters.status = 'all';
|
||||
}
|
||||
|
||||
function removeVisibilityFilter() {
|
||||
tableState.value.filters.visibility = 'all';
|
||||
}
|
||||
|
||||
function removeClientFilter() {
|
||||
tableState.value.filters.clientIds = [];
|
||||
}
|
||||
@@ -152,6 +167,15 @@ const showBillableRate = computed(() => {
|
||||
tableState.filters.status = $event as 'active' | 'archived' | 'all'
|
||||
" />
|
||||
|
||||
<ProjectVisibilityFilterBadge
|
||||
v-if="tableState.filters.visibility !== 'all'"
|
||||
data-testid="visibility-filter-badge"
|
||||
:value="tableState.filters.visibility"
|
||||
@remove="removeVisibilityFilter"
|
||||
@update:value="
|
||||
tableState.filters.visibility = $event as 'public' | 'private' | 'all'
|
||||
" />
|
||||
|
||||
<ProjectClientFilterBadge
|
||||
v-if="tableState.filters.clientIds.length > 0"
|
||||
data-testid="client-filter-badge"
|
||||
|
||||
@@ -1,448 +0,0 @@
|
||||
<script setup lang="ts">
|
||||
import { computed, ref } from 'vue';
|
||||
import { router, useForm, usePage } from '@inertiajs/vue3';
|
||||
import ActionMessage from '@/Components/ActionMessage.vue';
|
||||
import ActionSection from '@/Components/ActionSection.vue';
|
||||
import ConfirmationModal from '@/Components/ConfirmationModal.vue';
|
||||
import DangerButton from '@/packages/ui/src/Buttons/DangerButton.vue';
|
||||
import DialogModal from '@/packages/ui/src/DialogModal.vue';
|
||||
import FormSection from '@/Components/FormSection.vue';
|
||||
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
|
||||
|
||||
import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
|
||||
import SecondaryButton from '@/packages/ui/src/Buttons/SecondaryButton.vue';
|
||||
import SectionBorder from '@/Components/SectionBorder.vue';
|
||||
import TextInput from '@/packages/ui/src/Input/TextInput.vue';
|
||||
import type { Organization, OrganizationInvitation, User } from '@/types/models';
|
||||
import type { Membership, Permissions, Role } from '@/types/jetstream';
|
||||
import { filterRoles } from '@/utils/roles';
|
||||
|
||||
type UserWithMembership = User & { membership: Membership };
|
||||
|
||||
const props = defineProps<{
|
||||
team: Organization;
|
||||
availableRoles: Role[];
|
||||
userPermissions: Permissions;
|
||||
}>();
|
||||
|
||||
const users = computed(() => {
|
||||
return props.team.users as Array<UserWithMembership>;
|
||||
});
|
||||
|
||||
const page = usePage<{
|
||||
auth: {
|
||||
user: User;
|
||||
};
|
||||
}>();
|
||||
|
||||
const addTeamMemberForm = useForm({
|
||||
email: '',
|
||||
role: null as string | null,
|
||||
});
|
||||
|
||||
const updateRoleForm = useForm({
|
||||
role: null as string | null,
|
||||
});
|
||||
|
||||
const leaveTeamForm = useForm({});
|
||||
const removeTeamMemberForm = useForm({});
|
||||
|
||||
const currentlyManagingRole = ref(false);
|
||||
const managingRoleFor = ref<User | null>(null);
|
||||
const confirmingLeavingTeam = ref(false);
|
||||
const teamMemberBeingRemoved = ref<User | null>(null);
|
||||
|
||||
const addTeamMember = () => {
|
||||
addTeamMemberForm.post(route('team-members.store', props.team.id), {
|
||||
errorBag: 'addTeamMember',
|
||||
preserveScroll: true,
|
||||
onSuccess: () => addTeamMemberForm.reset(),
|
||||
});
|
||||
};
|
||||
|
||||
const cancelTeamInvitation = (invitation: OrganizationInvitation) => {
|
||||
router.delete(route('team-invitations.destroy', invitation.id), {
|
||||
preserveScroll: true,
|
||||
});
|
||||
};
|
||||
|
||||
const manageRole = (teamMember: User & { membership: Membership }) => {
|
||||
managingRoleFor.value = teamMember;
|
||||
updateRoleForm.role = teamMember.membership.role;
|
||||
currentlyManagingRole.value = true;
|
||||
};
|
||||
|
||||
const updateRole = () => {
|
||||
updateRoleForm.put(
|
||||
route('team-members.update', {
|
||||
team: props.team.id,
|
||||
user: managingRoleFor.value?.id,
|
||||
}),
|
||||
{
|
||||
preserveScroll: true,
|
||||
onSuccess: () => (currentlyManagingRole.value = false),
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
const confirmLeavingTeam = () => {
|
||||
confirmingLeavingTeam.value = true;
|
||||
};
|
||||
|
||||
const leaveTeam = () => {
|
||||
leaveTeamForm.delete(route('team-members.destroy', [props.team.id, page.props.auth.user.id]));
|
||||
};
|
||||
|
||||
const confirmTeamMemberRemoval = (teamMember: User) => {
|
||||
teamMemberBeingRemoved.value = teamMember;
|
||||
};
|
||||
|
||||
const removeTeamMember = () => {
|
||||
removeTeamMemberForm.delete(
|
||||
route('team-members.destroy', {
|
||||
team: props.team.id,
|
||||
user: teamMemberBeingRemoved.value?.id,
|
||||
}),
|
||||
{
|
||||
errorBag: 'removeTeamMember',
|
||||
preserveScroll: true,
|
||||
preserveState: true,
|
||||
onSuccess: () => (teamMemberBeingRemoved.value = null),
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
const displayableRole = (role: string) => {
|
||||
return props.availableRoles.find((r) => r.key === role)?.name;
|
||||
};
|
||||
</script>
|
||||
|
||||
<template>
|
||||
<div>
|
||||
<div v-if="userPermissions.canAddTeamMembers">
|
||||
<SectionBorder />
|
||||
|
||||
<!-- Add Organization Member -->
|
||||
<FormSection @submitted="addTeamMember">
|
||||
<template #title> Add Organization Member</template>
|
||||
|
||||
<template #description>
|
||||
Add a new member to your organization, allowing them to collaborate with you.
|
||||
</template>
|
||||
|
||||
<template #form>
|
||||
<div class="col-span-6">
|
||||
<div class="max-w-xl text-sm text-muted">
|
||||
Please provide the email address of the person you would like to add to
|
||||
this organization.
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Member Email -->
|
||||
<Field class="col-span-6 sm:col-span-4">
|
||||
<FieldLabel for="email">Email</FieldLabel>
|
||||
<TextInput
|
||||
id="email"
|
||||
v-model="addTeamMemberForm.email"
|
||||
type="email"
|
||||
class="block w-full" />
|
||||
<FieldError v-if="addTeamMemberForm.errors.email">{{
|
||||
addTeamMemberForm.errors.email
|
||||
}}</FieldError>
|
||||
</Field>
|
||||
|
||||
<!-- Role -->
|
||||
<div v-if="availableRoles.length > 0" class="col-span-6 lg:col-span-4">
|
||||
<FieldLabel for="roles">Role</FieldLabel>
|
||||
<FieldError v-if="addTeamMemberForm.errors.role">{{
|
||||
addTeamMemberForm.errors.role
|
||||
}}</FieldError>
|
||||
|
||||
<div
|
||||
class="relative z-0 mt-1 border border-card-border rounded-lg cursor-pointer">
|
||||
<button
|
||||
v-for="(role, i) in filterRoles(availableRoles)"
|
||||
:key="role.key"
|
||||
type="button"
|
||||
class="relative px-4 py-3 inline-flex w-full rounded-lg focus:z-10 focus:outline-none focus:border-indigo-500 focus:ring-2 focus:ring-indigo-500"
|
||||
:class="{
|
||||
'border-t border-card-border focus:border-none rounded-t-none':
|
||||
i > 0,
|
||||
'rounded-b-none': i != Object.keys(availableRoles).length - 1,
|
||||
}"
|
||||
@click="addTeamMemberForm.role = role.key">
|
||||
<div
|
||||
:class="{
|
||||
'opacity-50':
|
||||
addTeamMemberForm.role &&
|
||||
addTeamMemberForm.role != role.key,
|
||||
}">
|
||||
<!-- Role Name -->
|
||||
<div class="flex items-center">
|
||||
<div
|
||||
class="text-sm text-text-primary"
|
||||
:class="{
|
||||
'font-semibold': addTeamMemberForm.role == role.key,
|
||||
}">
|
||||
{{ role.name }}
|
||||
</div>
|
||||
|
||||
<svg
|
||||
v-if="addTeamMemberForm.role == role.key"
|
||||
class="ms-2 h-5 w-5 text-green-400"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
fill="none"
|
||||
viewBox="0 0 24 24"
|
||||
stroke-width="1.5"
|
||||
stroke="currentColor">
|
||||
<path
|
||||
stroke-linecap="round"
|
||||
stroke-linejoin="round"
|
||||
d="M9 12.75L11.25 15 15 9.75M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
|
||||
</svg>
|
||||
</div>
|
||||
|
||||
<!-- Role Description -->
|
||||
<div class="mt-2 text-xs text-muted text-start">
|
||||
{{ role.description }}
|
||||
</div>
|
||||
</div>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<template #actions>
|
||||
<ActionMessage :on="addTeamMemberForm.recentlySuccessful" class="me-3">
|
||||
Added.
|
||||
</ActionMessage>
|
||||
|
||||
<PrimaryButton
|
||||
:class="{ 'opacity-25': addTeamMemberForm.processing }"
|
||||
:disabled="addTeamMemberForm.processing">
|
||||
Add
|
||||
</PrimaryButton>
|
||||
</template>
|
||||
</FormSection>
|
||||
</div>
|
||||
|
||||
<div v-if="team.team_invitations.length > 0 && userPermissions.canAddTeamMembers">
|
||||
<SectionBorder />
|
||||
|
||||
<!-- Organization Member Invitations -->
|
||||
<ActionSection class="mt-10 sm:mt-0">
|
||||
<template #title> Pending Organization Invitations</template>
|
||||
|
||||
<template #description>
|
||||
These people have been invited to your organization and have been sent an
|
||||
invitation email. They may join the organization by accepting the email
|
||||
invitation.
|
||||
</template>
|
||||
|
||||
<!-- Pending Organization Member Invitation List -->
|
||||
<template #content>
|
||||
<div class="space-y-6">
|
||||
<div
|
||||
v-for="invitation in team.team_invitations"
|
||||
:key="invitation.id"
|
||||
class="flex items-center justify-between">
|
||||
<div class="text-muted">
|
||||
{{ invitation.email }}
|
||||
</div>
|
||||
|
||||
<div class="flex items-center">
|
||||
<!-- Cancel Organization Invitation -->
|
||||
<button
|
||||
v-if="userPermissions.canRemoveTeamMembers"
|
||||
class="cursor-pointer ms-6 text-sm text-red-500 focus:outline-none"
|
||||
@click="cancelTeamInvitation(invitation)">
|
||||
Cancel
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
||||
</ActionSection>
|
||||
</div>
|
||||
|
||||
<div v-if="users.length > 0">
|
||||
<SectionBorder />
|
||||
|
||||
<!-- Manage Organization Members -->
|
||||
<ActionSection class="mt-10 sm:mt-0">
|
||||
<template #title> Organization Members</template>
|
||||
|
||||
<template #description>
|
||||
All of the people that are part of this organization.
|
||||
</template>
|
||||
|
||||
<!-- Organization Member List -->
|
||||
<template #content>
|
||||
<div class="space-y-6">
|
||||
<div
|
||||
v-for="user in users"
|
||||
:key="user.id"
|
||||
class="flex items-center justify-between">
|
||||
<div class="flex items-center">
|
||||
<img
|
||||
class="w-8 h-8 rounded-full object-cover"
|
||||
:src="user.profile_photo_url"
|
||||
:alt="user.name" />
|
||||
<div class="ms-4 text-text-primary">
|
||||
{{ user.name }}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="flex items-center">
|
||||
<!-- Manage Organization Member Role -->
|
||||
<button
|
||||
v-if="
|
||||
userPermissions.canUpdateTeamMembers &&
|
||||
availableRoles.length
|
||||
"
|
||||
class="ms-2 text-sm text-gray-400 underline"
|
||||
@click="manageRole(user)">
|
||||
{{ displayableRole(user.membership.role) }}
|
||||
</button>
|
||||
|
||||
<div
|
||||
v-else-if="availableRoles.length"
|
||||
class="ms-2 text-sm text-gray-400">
|
||||
{{ displayableRole(user.membership.role) }}
|
||||
</div>
|
||||
|
||||
<!-- Leave Organization -->
|
||||
<button
|
||||
v-if="page.props.auth.user.id === user.id"
|
||||
class="cursor-pointer ms-6 text-sm text-red-500"
|
||||
@click="confirmLeavingTeam">
|
||||
Leave
|
||||
</button>
|
||||
|
||||
<!-- Remove Organization Member -->
|
||||
<button
|
||||
v-else-if="userPermissions.canRemoveTeamMembers"
|
||||
class="cursor-pointer ms-6 text-sm text-red-500"
|
||||
@click="confirmTeamMemberRemoval(user)">
|
||||
Remove
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
||||
</ActionSection>
|
||||
</div>
|
||||
|
||||
<!-- Role Management Modal -->
|
||||
<DialogModal :show="currentlyManagingRole" @close="currentlyManagingRole = false">
|
||||
<template #title> Manage Role</template>
|
||||
|
||||
<template #content>
|
||||
<div v-if="managingRoleFor">
|
||||
<div
|
||||
class="relative z-0 mt-1 border border-card-border rounded-lg cursor-pointer">
|
||||
<button
|
||||
v-for="(role, i) in availableRoles"
|
||||
:key="role.key"
|
||||
type="button"
|
||||
class="relative px-4 py-3 inline-flex w-full rounded-lg focus:z-10 focus:outline-none focus:border-indigo-500 focus:ring-2 focus:ring-indigo-500"
|
||||
:class="{
|
||||
'border-t border-card-border focus:border-none rounded-t-none':
|
||||
i > 0,
|
||||
'rounded-b-none': i !== Object.keys(availableRoles).length - 1,
|
||||
}"
|
||||
@click="updateRoleForm.role = role.key">
|
||||
<div
|
||||
:class="{
|
||||
'opacity-50':
|
||||
updateRoleForm.role && updateRoleForm.role !== role.key,
|
||||
}">
|
||||
<!-- Role Name -->
|
||||
<div class="flex items-center">
|
||||
<div
|
||||
class="text-sm text-muted"
|
||||
:class="{
|
||||
'font-semibold': updateRoleForm.role === role.key,
|
||||
}">
|
||||
{{ role.name }}
|
||||
</div>
|
||||
|
||||
<svg
|
||||
v-if="updateRoleForm.role == role.key"
|
||||
class="ms-2 h-5 w-5 text-green-400"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
fill="none"
|
||||
viewBox="0 0 24 24"
|
||||
stroke-width="1.5"
|
||||
stroke="currentColor">
|
||||
<path
|
||||
stroke-linecap="round"
|
||||
stroke-linejoin="round"
|
||||
d="M9 12.75L11.25 15 15 9.75M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
|
||||
</svg>
|
||||
</div>
|
||||
|
||||
<!-- Role Description -->
|
||||
<div class="mt-2 text-xs text-muted">
|
||||
{{ role.description }}
|
||||
</div>
|
||||
</div>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<template #footer>
|
||||
<SecondaryButton @click="currentlyManagingRole = false"> Cancel </SecondaryButton>
|
||||
|
||||
<PrimaryButton
|
||||
class="ms-3"
|
||||
:class="{ 'opacity-25': updateRoleForm.processing }"
|
||||
:disabled="updateRoleForm.processing"
|
||||
@click="updateRole">
|
||||
Save
|
||||
</PrimaryButton>
|
||||
</template>
|
||||
</DialogModal>
|
||||
|
||||
<!-- Leave Organization Confirmation Modal -->
|
||||
<ConfirmationModal :show="confirmingLeavingTeam" @close="confirmingLeavingTeam = false">
|
||||
<template #title> Leave Organization</template>
|
||||
|
||||
<template #content> Are you sure you would like to leave this organization? </template>
|
||||
|
||||
<template #footer>
|
||||
<SecondaryButton @click="confirmingLeavingTeam = false"> Cancel </SecondaryButton>
|
||||
|
||||
<DangerButton
|
||||
class="ms-3"
|
||||
:class="{ 'opacity-25': leaveTeamForm.processing }"
|
||||
:disabled="leaveTeamForm.processing"
|
||||
@click="leaveTeam">
|
||||
Leave
|
||||
</DangerButton>
|
||||
</template>
|
||||
</ConfirmationModal>
|
||||
|
||||
<!-- Remove Organization Member Confirmation Modal -->
|
||||
<ConfirmationModal :show="!!teamMemberBeingRemoved" @close="teamMemberBeingRemoved = null">
|
||||
<template #title> Remove Organization Member</template>
|
||||
|
||||
<template #content>
|
||||
Are you sure you would like to remove this person from the organization?
|
||||
</template>
|
||||
|
||||
<template #footer>
|
||||
<SecondaryButton @click="teamMemberBeingRemoved = null"> Cancel </SecondaryButton>
|
||||
|
||||
<DangerButton
|
||||
class="ms-3"
|
||||
:class="{ 'opacity-25': removeTeamMemberForm.processing }"
|
||||
:disabled="removeTeamMemberForm.processing"
|
||||
@click="removeTeamMember">
|
||||
Remove
|
||||
</DangerButton>
|
||||
</template>
|
||||
</ConfirmationModal>
|
||||
</div>
|
||||
</template>
|
||||
@@ -51,9 +51,6 @@ const updateTeamName = () => {
|
||||
<div class="text-text-primary">
|
||||
{{ team.owner.name }}
|
||||
</div>
|
||||
<div class="text-text-secondary text-sm">
|
||||
{{ team.owner.email }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -35,7 +35,8 @@ watch(open, (isOpen) => {
|
||||
sortedItems.value = [...props.items].sort((a, b) => {
|
||||
const aSelected = model.value.includes(props.getKeyFromItem(a)) ? 0 : 1;
|
||||
const bSelected = model.value.includes(props.getKeyFromItem(b)) ? 0 : 1;
|
||||
return aSelected - bSelected;
|
||||
if (aSelected !== bSelected) return aSelected - bSelected;
|
||||
return props.getNameForItem(a).localeCompare(props.getNameForItem(b));
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
@@ -15,6 +15,7 @@ import { UserCircleIcon } from '@heroicons/vue/20/solid';
|
||||
import EstimatedTimeSection from '@/packages/ui/src/EstimatedTimeSection.vue';
|
||||
import { Field, FieldGroup, FieldLabel } from '../field';
|
||||
import ProjectEditBillableSection from '@/packages/ui/src/Project/ProjectEditBillableSection.vue';
|
||||
import ProjectVisibilitySelect from '@/packages/ui/src/Project/ProjectVisibilitySelect.vue';
|
||||
import type { Client } from '@/packages/api/src';
|
||||
|
||||
const show = defineModel('show', { default: false });
|
||||
@@ -41,6 +42,7 @@ const project = ref<CreateProjectBody>({
|
||||
billable_rate: null,
|
||||
is_billable: false,
|
||||
estimated_time: null,
|
||||
is_public: false,
|
||||
});
|
||||
|
||||
async function submit() {
|
||||
@@ -53,6 +55,7 @@ async function submit() {
|
||||
billable_rate: null,
|
||||
is_billable: false,
|
||||
estimated_time: null,
|
||||
is_public: false,
|
||||
};
|
||||
}
|
||||
|
||||
@@ -123,6 +126,7 @@ const currentClientName = computed(() => {
|
||||
v-if="enableEstimatedTime"
|
||||
v-model="project.estimated_time"
|
||||
@submit="submit()"></EstimatedTimeSection>
|
||||
<ProjectVisibilitySelect v-model="project.is_public"></ProjectVisibilitySelect>
|
||||
</FieldGroup>
|
||||
</template>
|
||||
<template #footer>
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
<script setup lang="ts">
|
||||
import { computed } from 'vue';
|
||||
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '..';
|
||||
import { Field, FieldDescription, FieldLabel } from '../field';
|
||||
import { GlobeAltIcon } from '@heroicons/vue/20/solid';
|
||||
|
||||
const isPublic = defineModel<boolean>({ default: false });
|
||||
|
||||
const visibility = computed({
|
||||
get: () => (isPublic.value ? 'public' : 'private'),
|
||||
set: (value: string) => {
|
||||
isPublic.value = value === 'public';
|
||||
},
|
||||
});
|
||||
|
||||
const description = computed(() =>
|
||||
isPublic.value
|
||||
? 'This project is visible to all members of the organization.'
|
||||
: 'This project is only visible to its project members.'
|
||||
);
|
||||
</script>
|
||||
|
||||
<template>
|
||||
<Field>
|
||||
<FieldLabel :icon="GlobeAltIcon" for="visibility">Visibility</FieldLabel>
|
||||
<Select v-model="visibility">
|
||||
<SelectTrigger id="visibility">
|
||||
<SelectValue />
|
||||
</SelectTrigger>
|
||||
<SelectContent>
|
||||
<SelectItem value="private">Private</SelectItem>
|
||||
<SelectItem value="public">Public</SelectItem>
|
||||
</SelectContent>
|
||||
</Select>
|
||||
<FieldDescription>{{ description }}</FieldDescription>
|
||||
</Field>
|
||||
</template>
|
||||
|
||||
<style scoped></style>
|
||||
@@ -31,7 +31,7 @@ const forwarded = useForwardPropsEmits(delegatedProps, emits);
|
||||
<div
|
||||
:class="
|
||||
cn(
|
||||
'fixed top-0 left-0 z-50 pointer-events-none w-screen h-screen flex items-start px-2 pt-3 md:pt-20 xl:pt-32 justify-center overflow-auto'
|
||||
'fixed top-0 left-0 z-50 pointer-events-none w-screen h-screen flex items-start px-2 pt-3 md:pt-14 xl:pt-24 justify-center overflow-auto'
|
||||
)
|
||||
">
|
||||
<DialogContent
|
||||
|
||||
@@ -12,7 +12,7 @@ const props = defineProps<{
|
||||
data-slot="field-group"
|
||||
:class="
|
||||
cn(
|
||||
'group/field-group @container/field-group flex w-full flex-col gap-7 data-[slot=checkbox-group]:gap-3 [&>[data-slot=field-group]]:gap-4',
|
||||
'group/field-group @container/field-group flex w-full flex-col gap-6 data-[slot=checkbox-group]:gap-3 [&>[data-slot=field-group]]:gap-4',
|
||||
props.class
|
||||
)
|
||||
">
|
||||
|
||||
4
resources/js/types/models.d.ts
vendored
4
resources/js/types/models.d.ts
vendored
@@ -22,9 +22,7 @@ export interface Organization {
|
||||
currency: string;
|
||||
created_at: string | null;
|
||||
updated_at: string | null;
|
||||
owner: User;
|
||||
users: User[];
|
||||
team_invitations: OrganizationInvitation[];
|
||||
owner: Pick<User, 'id' | 'name' | 'profile_photo_url'>;
|
||||
}
|
||||
export interface OrganizationInvitation {
|
||||
id: string;
|
||||
|
||||
@@ -29,9 +29,7 @@ export interface Organization {
|
||||
created_at: string | null;
|
||||
updated_at: string | null;
|
||||
// relations
|
||||
owner: User;
|
||||
users: User[];
|
||||
team_invitations: OrganizationInvitation[];
|
||||
owner: Pick<User, 'id' | 'name' | 'profile_photo_url'>;
|
||||
}
|
||||
|
||||
export interface OrganizationInvitation {
|
||||
|
||||
@@ -308,6 +308,22 @@ class ProjectEndpointTest extends ApiEndpointTestAbstract
|
||||
$response->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_show_endpoint_fails_if_employee_tries_to_access_public_project(): void
|
||||
{
|
||||
// Arrange
|
||||
// Employees do not have the projects:view:all permission that the show endpoint requires,
|
||||
// so they are forbidden even from public projects (they list them via the index endpoint instead).
|
||||
$data = $this->createUserWithRole(Role::Employee);
|
||||
$publicProject = Project::factory()->forOrganization($data->organization)->isPublic()->create();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->getJson(route('api.v1.projects.show', [$data->organization->getKey(), $publicProject->getKey()]));
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_store_endpoint_fails_if_user_has_no_permission_to_create_projects(): void
|
||||
{
|
||||
// Arrange
|
||||
@@ -327,6 +343,29 @@ class ProjectEndpointTest extends ApiEndpointTestAbstract
|
||||
$response->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_store_endpoint_fails_if_user_is_employee(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithRole(Role::Employee);
|
||||
$projectFake = Project::factory()->forOrganization($data->organization)->make();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->postJson(route('api.v1.projects.store', [$data->organization->getKey()]), [
|
||||
'name' => $projectFake->name,
|
||||
'color' => $projectFake->color,
|
||||
'client_id' => null,
|
||||
'is_billable' => $projectFake->is_billable,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$this->assertDatabaseMissing(Project::class, [
|
||||
'name' => $projectFake->name,
|
||||
'organization_id' => $data->organization->getKey(),
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_store_endpoint_highest_possible_billable_rate_can_be_stored_in_database(): void
|
||||
{
|
||||
// Arrange
|
||||
@@ -668,6 +707,124 @@ class ProjectEndpointTest extends ApiEndpointTestAbstract
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_store_endpoint_creates_public_project(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:create',
|
||||
]);
|
||||
$projectFake = Project::factory()->forOrganization($data->organization)->make();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->postJson(route('api.v1.projects.store', [$data->organization->getKey()]), [
|
||||
'name' => $projectFake->name,
|
||||
'color' => $projectFake->color,
|
||||
'client_id' => null,
|
||||
'is_billable' => $projectFake->is_billable,
|
||||
'is_public' => true,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(201);
|
||||
$response->assertJson(fn (AssertableJson $json) => $json
|
||||
->has('data')
|
||||
->where('data.is_public', true)
|
||||
->etc()
|
||||
);
|
||||
$this->assertDatabaseHas(Project::class, [
|
||||
'name' => $projectFake->name,
|
||||
'organization_id' => $projectFake->organization_id,
|
||||
'is_public' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_store_endpoint_creates_private_project_if_is_public_is_false(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:create',
|
||||
]);
|
||||
$projectFake = Project::factory()->forOrganization($data->organization)->make();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->postJson(route('api.v1.projects.store', [$data->organization->getKey()]), [
|
||||
'name' => $projectFake->name,
|
||||
'color' => $projectFake->color,
|
||||
'client_id' => null,
|
||||
'is_billable' => $projectFake->is_billable,
|
||||
'is_public' => false,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(201);
|
||||
$response->assertJson(fn (AssertableJson $json) => $json
|
||||
->has('data')
|
||||
->where('data.is_public', false)
|
||||
->etc()
|
||||
);
|
||||
$this->assertDatabaseHas(Project::class, [
|
||||
'name' => $projectFake->name,
|
||||
'organization_id' => $projectFake->organization_id,
|
||||
'is_public' => false,
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_store_endpoint_creates_private_project_by_default_if_is_public_is_not_given(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:create',
|
||||
]);
|
||||
$projectFake = Project::factory()->forOrganization($data->organization)->make();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->postJson(route('api.v1.projects.store', [$data->organization->getKey()]), [
|
||||
'name' => $projectFake->name,
|
||||
'color' => $projectFake->color,
|
||||
'client_id' => null,
|
||||
'is_billable' => $projectFake->is_billable,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(201);
|
||||
$response->assertJson(fn (AssertableJson $json) => $json
|
||||
->has('data')
|
||||
->where('data.is_public', false)
|
||||
->etc()
|
||||
);
|
||||
$this->assertDatabaseHas(Project::class, [
|
||||
'name' => $projectFake->name,
|
||||
'organization_id' => $projectFake->organization_id,
|
||||
'is_public' => false,
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_store_endpoint_fails_if_is_public_is_not_boolean(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:create',
|
||||
]);
|
||||
$projectFake = Project::factory()->forOrganization($data->organization)->make();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->postJson(route('api.v1.projects.store', [$data->organization->getKey()]), [
|
||||
'name' => $projectFake->name,
|
||||
'color' => $projectFake->color,
|
||||
'client_id' => null,
|
||||
'is_billable' => $projectFake->is_billable,
|
||||
'is_public' => 'public',
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(422);
|
||||
$response->assertJsonValidationErrors(['is_public']);
|
||||
}
|
||||
|
||||
public function test_update_endpoint_fails_if_user_is_not_part_of_project_organization(): void
|
||||
{
|
||||
// Arrange
|
||||
@@ -713,6 +870,30 @@ class ProjectEndpointTest extends ApiEndpointTestAbstract
|
||||
$response->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_update_endpoint_fails_if_user_is_employee(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithRole(Role::Employee);
|
||||
$project = Project::factory()->forOrganization($data->organization)->isPublic()->create();
|
||||
$this->assertBillableRateServiceIsUnused();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->putJson(route('api.v1.projects.update', [$data->organization->getKey(), $project->getKey()]), [
|
||||
'name' => 'Employee Updated Name',
|
||||
'color' => $project->color,
|
||||
'client_id' => null,
|
||||
'is_billable' => $project->is_billable,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$this->assertDatabaseMissing(Project::class, [
|
||||
'id' => $project->getKey(),
|
||||
'name' => 'Employee Updated Name',
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_update_endpoint_can_update_project_if_project_name_already_exists_in_organization_but_with_different_client(): void
|
||||
{
|
||||
// Arrange
|
||||
@@ -957,6 +1138,120 @@ class ProjectEndpointTest extends ApiEndpointTestAbstract
|
||||
$this->assertFalse($project->is_archived);
|
||||
}
|
||||
|
||||
public function test_update_endpoint_can_make_a_private_project_public(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:update',
|
||||
]);
|
||||
$project = Project::factory()->forOrganization($data->organization)->isPrivate()->create();
|
||||
$this->assertBillableRateServiceIsUnused();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->putJson(route('api.v1.projects.update', [$data->organization->getKey(), $project->getKey()]), [
|
||||
'name' => $project->name,
|
||||
'color' => $project->color,
|
||||
'is_billable' => $project->is_billable,
|
||||
'client_id' => null,
|
||||
'is_public' => true,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(200);
|
||||
$response->assertJson(fn (AssertableJson $json) => $json
|
||||
->has('data')
|
||||
->where('data.is_public', true)
|
||||
->etc()
|
||||
);
|
||||
$project->refresh();
|
||||
$this->assertTrue($project->is_public);
|
||||
}
|
||||
|
||||
public function test_update_endpoint_can_make_a_public_project_private(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:update',
|
||||
]);
|
||||
$project = Project::factory()->forOrganization($data->organization)->isPublic()->create();
|
||||
$this->assertBillableRateServiceIsUnused();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->putJson(route('api.v1.projects.update', [$data->organization->getKey(), $project->getKey()]), [
|
||||
'name' => $project->name,
|
||||
'color' => $project->color,
|
||||
'is_billable' => $project->is_billable,
|
||||
'client_id' => null,
|
||||
'is_public' => false,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(200);
|
||||
$response->assertJson(fn (AssertableJson $json) => $json
|
||||
->has('data')
|
||||
->where('data.is_public', false)
|
||||
->etc()
|
||||
);
|
||||
$project->refresh();
|
||||
$this->assertFalse($project->is_public);
|
||||
}
|
||||
|
||||
public function test_update_endpoint_keeps_project_visibility_if_is_public_is_not_given(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:update',
|
||||
]);
|
||||
$project = Project::factory()->forOrganization($data->organization)->isPublic()->create();
|
||||
$this->assertBillableRateServiceIsUnused();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->putJson(route('api.v1.projects.update', [$data->organization->getKey(), $project->getKey()]), [
|
||||
'name' => $project->name,
|
||||
'color' => $project->color,
|
||||
'is_billable' => $project->is_billable,
|
||||
'client_id' => null,
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(200);
|
||||
$response->assertJson(fn (AssertableJson $json) => $json
|
||||
->has('data')
|
||||
->where('data.is_public', true)
|
||||
->etc()
|
||||
);
|
||||
$project->refresh();
|
||||
$this->assertTrue($project->is_public);
|
||||
}
|
||||
|
||||
public function test_update_endpoint_fails_if_is_public_is_not_boolean(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'projects:update',
|
||||
]);
|
||||
$project = Project::factory()->forOrganization($data->organization)->isPublic()->create();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->putJson(route('api.v1.projects.update', [$data->organization->getKey(), $project->getKey()]), [
|
||||
'name' => $project->name,
|
||||
'color' => $project->color,
|
||||
'is_billable' => $project->is_billable,
|
||||
'client_id' => null,
|
||||
'is_public' => 'public',
|
||||
]);
|
||||
|
||||
// Assert
|
||||
$response->assertStatus(422);
|
||||
$response->assertJsonValidationErrors(['is_public']);
|
||||
$project->refresh();
|
||||
$this->assertTrue($project->is_public);
|
||||
}
|
||||
|
||||
public function test_update_endpoint_ignores_estimated_time_if_pro_features_are_disabled(): void
|
||||
{
|
||||
// Arrange
|
||||
@@ -1175,6 +1470,23 @@ class ProjectEndpointTest extends ApiEndpointTestAbstract
|
||||
$response->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_destroy_endpoint_fails_if_user_is_employee(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithRole(Role::Employee);
|
||||
$project = Project::factory()->forOrganization($data->organization)->isPublic()->create();
|
||||
Passport::actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->deleteJson(route('api.v1.projects.destroy', [$data->organization->getKey(), $project->getKey()]));
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$this->assertDatabaseHas(Project::class, [
|
||||
'id' => $project->getKey(),
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_destroy_endpoint_fails_if_project_is_still_in_use_by_a_task(): void
|
||||
{
|
||||
// Arrange
|
||||
|
||||
45
tests/Unit/Endpoint/Web/TeamShowEndpointTest.php
Normal file
45
tests/Unit/Endpoint/Web/TeamShowEndpointTest.php
Normal file
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Unit\Endpoint\Web;
|
||||
|
||||
use App\Models\OrganizationInvitation;
|
||||
use App\Providers\JetstreamServiceProvider;
|
||||
use Inertia\Testing\AssertableInertia as Assert;
|
||||
use Laravel\Jetstream\Jetstream;
|
||||
use PHPUnit\Framework\Attributes\CoversClass;
|
||||
|
||||
#[CoversClass(JetstreamServiceProvider::class)]
|
||||
class TeamShowEndpointTest extends EndpointTestAbstract
|
||||
{
|
||||
protected function setUp(): void
|
||||
{
|
||||
Jetstream::$inertiaManager = null;
|
||||
parent::setUp();
|
||||
}
|
||||
|
||||
public function test_team_show_does_not_expose_member_roster_invitations_or_owner_email(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([]);
|
||||
OrganizationInvitation::factory()->forOrganization($data->organization)->create([
|
||||
'email' => 'pending@example.com',
|
||||
]);
|
||||
$this->actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->get('/teams/'.$data->organization->getKey());
|
||||
|
||||
// Assert
|
||||
$response->assertOk();
|
||||
$response->assertInertia(fn (Assert $page) => $page
|
||||
->missing('team.users')
|
||||
->missing('team.team_invitations')
|
||||
->missing('team.owner.email')
|
||||
->has('team.owner.id')
|
||||
->has('team.owner.name')
|
||||
->has('team.owner.profile_photo_url')
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user