Updated the PR template

allow admins to delete members
fix Dialog cloes on click outside of content

.env.ci

@@ -1,57 +1,58 @@
+# Application
 APP_NAME=solidtime
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
 APP_URL=http://localhost
 APP_FORCE_HTTPS=false
-SESSION_SECURE_COOKIE=false
+APP_ENABLE_REGISTRATION=true
 
+# Logging
 LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
+# Database
 DB_CONNECTION=pgsql_test
-
 DB_TEST_HOST=127.0.0.1
 DB_TEST_PORT=5432
 DB_TEST_DATABASE=laravel
 DB_TEST_USERNAME=root
 DB_TEST_PASSWORD=root
 
-BROADCAST_DRIVER=log
+# Broadcasting
+BROADCAST_DRIVER=null
+
+# Cache
 CACHE_DRIVER=file
-FILESYSTEM_DISK=local
+
+# Queue
 QUEUE_CONNECTION=sync
+
+# Session
 SESSION_DRIVER=database
 SESSION_LIFETIME=120
 
-MEMCACHED_HOST=127.0.0.1
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
+# Mail
 MAIL_MAILER=log
-MAIL_FROM_ADDRESS="hello@example.com"
-MAIL_FROM_NAME="${APP_NAME}"
+MAIL_FROM_ADDRESS="no-reply@solidtime.test"
+MAIL_FROM_NAME="solidtime"
+MAIL_REPLY_TO_ADDRESS="hello@solidtime.test"
+MAIL_REPLY_TO_NAME="solidtime"
 
-S3_ACCESS_KEY_ID=
-S3_SECRET_ACCESS_KEY=
-S3_REGION=us-east-1
-S3_BUCKET=
-S3_USE_PATH_STYLE_ENDPOINT=false
+# Filesystems
+FILESYSTEM_DISK=local
+PUBLIC_FILESYSTEM_DISK=public
 
-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-PUSHER_HOST=
-PUSHER_PORT=443
-PUSHER_SCHEME=https
-PUSHER_APP_CLUSTER=mt1
+# Passport
+PASSPORT_PERSONAL_ACCESS_CLIENT_ID="9e27f54d-5dfb-4dde-99d7-834518236c92"
+PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET="EL5mXp3aF8ITjcwoOXRpbSK7zGrWhW4zTDpQXTkf"
 
-VITE_APP_NAME="${APP_NAME}"
-VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
-VITE_PUSHER_HOST="${PUSHER_HOST}"
-VITE_PUSHER_PORT="${PUSHER_PORT}"
-VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
-VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+# Auditing
+AUDITING_ENABLED=true
+
+# Telescope
+TELESCOPE_ENABLED=false
+
+# Services
+GOTENBERG_URL=http://0.0.0.0:3000

.env.example

@@ -1,18 +1,21 @@
+# Application
 APP_NAME=solidtime
 APP_ENV=local
 APP_KEY=base64:UNQNf1SXeASNkWux01Rj8EnHYx8FO0kAxWNDwktclkk=
 APP_DEBUG=true
 APP_URL=https://solidtime.test
-AUDITING_ENABLED=true
-
+APP_FORCE_HTTPS=false
+APP_ENABLE_REGISTRATION=true
 SUPER_ADMINS=admin@example.com
+PAGINATION_PER_PAGE_DEFAULT=500
 
+# Logging
 LOG_CHANNEL=single
 LOG_DEPRECATIONS_CHANNEL=deprecation
 LOG_LEVEL=debug
 
+# Database
 DB_CONNECTION=pgsql
-
 DB_HOST=pgsql
 DB_PORT=5432
 DB_DATABASE=laravel
@@ -25,18 +28,20 @@ DB_TEST_DATABASE=laravel
 DB_TEST_USERNAME=root
 DB_TEST_PASSWORD=root
 
-BROADCAST_DRIVER=log
+# Broadcasting
+BROADCAST_DRIVER=null
+
+# Cache
 CACHE_DRIVER=file
+
+# Queue
 QUEUE_CONNECTION=sync
+
+# Session
 SESSION_DRIVER=database
 SESSION_LIFETIME=120
 
-MEMCACHED_HOST=127.0.0.1
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
+# Mail
 MAIL_MAILER=smtp
 MAIL_HOST=mailpit
 MAIL_PORT=1025
@@ -44,17 +49,11 @@ MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS="no-reply@solidtime.test"
-MAIL_FROM_NAME="${APP_NAME}"
+MAIL_FROM_NAME="solidtime"
+MAIL_REPLY_TO_ADDRESS="hello@solidtime.test"
+MAIL_REPLY_TO_NAME="solidtime"
 
-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-PUSHER_HOST=
-PUSHER_PORT=443
-PUSHER_SCHEME=https
-PUSHER_APP_CLUSTER=mt1
-
-# Storage
+# Filesystems
 FILESYSTEM_DISK=s3
 PUBLIC_FILESYSTEM_DISK=s3
 S3_ACCESS_KEY_ID=sail
@@ -65,18 +64,23 @@ S3_URL=http://storage.solidtime.test/local
 S3_ENDPOINT=http://storage.solidtime.test
 S3_USE_PATH_STYLE_ENDPOINT=true
 
-VITE_HOST_NAME=vite.solidtime.test
-VITE_APP_NAME="${APP_NAME}"
-VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
-VITE_PUSHER_HOST="${PUSHER_HOST}"
-VITE_PUSHER_PORT="${PUSHER_PORT}"
-VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
-VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+# Passport
+PASSPORT_PERSONAL_ACCESS_CLIENT_ID="9e27f54d-5dfb-4dde-99d7-834518236c92"
+PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET="EL5mXp3aF8ITjcwoOXRpbSK7zGrWhW4zTDpQXTkf"
 
+# Auditing
+AUDITING_ENABLED=true
+
+# Telescope
+TELESCOPE_ENABLED=false
+
+# Services
+GOTENBERG_URL=http://gotenberg:3000
+
+# Local setup
 NGINX_HOST_NAME=solidtime.test
 NETWORK_NAME=reverse-proxy-docker-traefik_routing
-
-FORWARD_DB_PORT=5432
-FORWARD_WEB_PORT=8083
-
-PAGINATION_PER_PAGE_DEFAULT=500
+FORWARD_DB_PORT=54329
+VITE_HOST_NAME=vite.solidtime.test
+VITE_APP_NAME="${APP_NAME}"
+#SAIL_XDEBUG_MODE=develop,debug,coverage

.env.production

@@ -5,7 +5,6 @@ VITE_APP_NAME=solidtime
 APP_ENV=production
 APP_DEBUG=false
 APP_FORCE_HTTPS=true
-SESSION_SECURE_COOKIE=true
 OCTANE_SERVER=frankenphp
 PAGINATION_PER_PAGE_DEFAULT=500
 

.eslintrc.cjs

@@ -1,13 +0,0 @@
-/* eslint-env node */
-require("@rushstack/eslint-patch/modern-module-resolution")
-
-module.exports = {
-    extends: ['plugin:vue/vue3-essential', '@vue/eslint-config-typescript/recommended', '@vue/eslint-config-prettier'],
-    rules: {
-        'vue/multi-word-component-names': 'off',
-        "@typescript-eslint/no-unused-vars": "off",
-        "unused-imports/no-unused-imports": "error",
-        "unused-imports/no-unused-vars": "error",
-    },
-    plugins: ['unused-imports'],
-}

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: solidtime-io

.github/ISSUE_TEMPLATE/1_bug_report.yml

@@ -0,0 +1,47 @@
+name: Bug Report
+description: "Report a bug"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Before creating a new bug report, please check that there isn't already a similar issue.
+
+  - type: textarea
+    attributes:
+      label: Description
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: "Steps To Reproduce"
+      description: How do you trigger this bug? Please walk us through it step by step.
+      value: |
+        1.
+        2.
+        3.
+        ...
+    validations:
+      required: false
+
+  - type: dropdown
+    attributes:
+      label: "Self-hosted or Cloud?"
+      options:
+        - Self-Hosted
+        - solidtime Cloud
+        - Both
+
+  - type: input
+    attributes:
+      label: "Version of solidtime: (for self-hosted)"
+    validations:
+      required: false
+
+  - type: input
+    attributes:
+      label: "solidtime self-hosting guide: (for self-hosted)"
+      description: "Did you use the official guide to self-host solidtime? If yes, which one?"
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 🚀 Feature Request
+    url: https://github.com/solidtime-io/solidtime/discussions/new?category=feature-requests
+    about: Share ideas for new features
+  - name: ❓ Ask a Question
+    url: https://github.com/solidtime-io/solidtime/discussions/new?category=general
+    about: Ask the community for help

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,11 @@
+## What does this PR do?
+
+<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -->
+
+- Fixes #XXXX (GitHub issue number)
+
+## Checklist (DO NOT REMOVE)
+
+- [ ] I read the [contributing guide](https://github.com/solidtime-io/solidtime/blob/main/CONTRIBUTING.md)
+- [ ] I signed the [Contributor License Agreement](https://cla-assistant.io/solidtime-io/solidtime).
+- [ ] I commented my code, particularly in hard-to-understand areas

.github/workflows/build-private.yml

@@ -10,6 +10,8 @@ on:
       - '.github/workflows/build-private.yml'
       - 'docker/prod/**'
   workflow_dispatch:
+permissions:
+  contents: read
 
 name: Build - Private
 jobs:
@@ -17,6 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 20
 
+
     steps:
       - name: "Check out code"
         uses: actions/checkout@v4
@@ -107,6 +110,24 @@ jobs:
       - name: "Install npm dependencies in services extension"
         run: cd extensions/Services && npm ci
 
+      - name: "Checkout invoicing extension"
+        uses: actions/checkout@v4
+        with:
+          repository: solidtime-io/extension-invoicing
+          path: extensions/Invoicing
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY_INVOICING_EXTENSION }}
+
+      - name: "Install composer dependencies in invoicing extension"
+        uses: php-actions/composer@v6
+        with:
+          working_dir: "extensions/Invoicing"
+          command: install
+          only_args: --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+          php_version: 8.3
+
+      - name: "Install npm dependencies in invoicing extension"
+        run: cd extensions/Invoicing && npm ci
+
       - name: "Setup PHP with PECL extension"
         uses: shivammathur/setup-php@v2
         with:
@@ -127,6 +148,9 @@ jobs:
       - name: "Activate services extension"
         run: php artisan module:enable Services
 
+      - name: "Activate invoicing extension"
+        run: php artisan module:enable Invoicing
+
       - name: "Install npm dependencies"
         run: npm ci
 

.github/workflows/build-public.yml

@@ -11,15 +11,27 @@ on:
       - 'docker/prod/**'
   workflow_dispatch:
 
+permissions:
+  packages: write
+  contents: read
+  attestations: write
+  id-token: write
+
+env:
+  DOCKERHUB_REPO: solidtime/solidtime
+  GHCR_REPO: ghcr.io/solidtime-io/solidtime
+
 name: Build - Public
 jobs:
   build:
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
-      attestations: write
-      id-token: write
+    strategy:
+      matrix:
+        include:
+          - runs-on: "ubuntu-24.04-arm"
+            platform: "linux/arm64"
+          - runs-on: "ubuntu-24.04"
+            platform: "linux/amd64"
+    runs-on: ${{ matrix.runs-on }}
     timeout-minutes: 90
 
     steps:
@@ -29,7 +41,7 @@ jobs:
           fetch-depth: 0 # Required for WyriHaximus/github-action-get-previous-tag
 
       - name: "Get build"
-        id: build
+        id: release-build
         run: echo "build=$(git rev-parse --short=8 HEAD)" >> "$GITHUB_OUTPUT"
 
       - name: "Get Previous tag (normal push)"
@@ -40,7 +52,7 @@ jobs:
           prefix: "v"
 
       - name: "Get version"
-        id: version
+        id: release-version
         run: |
           if ${{ !startsWith(github.ref, 'refs/tags/v') }}; then
             if ${{ startsWith(steps.previoustag.outputs.tag, 'v') }}; then
@@ -61,21 +73,23 @@ jobs:
           rm .env.production .env.ci .env.example
 
       - name: "Add version to .env"
-        run: sed -i 's/APP_VERSION=0.0.0/APP_VERSION=${{ steps.version.outputs.app_version }}/g' .env
+        run: sed -i 's/APP_VERSION=0.0.0/APP_VERSION=${{ steps.release-version.outputs.app_version }}/g' .env
 
       - name: "Add build to .env"
-        run: sed -i 's/APP_BUILD=0/APP_BUILD=${{ steps.build.outputs.build }}/g' .env
+        run: sed -i 's/APP_BUILD=0/APP_BUILD=${{ steps.release-build.outputs.build }}/g' .env
 
       - name: "Output .env"
         run: cat .env
 
-      - name: "Install dependencies"
-        uses: php-actions/composer@v6
-        if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
+      - name: "Setup PHP with PECL extension"
+        uses: shivammathur/setup-php@v2
         with:
-          command: install
-          only_args: --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
-          php_version: 8.3
+          php-version: '8.3'
+          extensions: mbstring, dom, fileinfo, pgsql
+
+      - name: "Install dependencies"
+        run: composer install --no-dev --no-ansi --no-interaction --prefer-dist --ignore-platform-reqs --classmap-authoritative
+        if: steps.cache-vendor.outputs.cache-hit != 'true' # Skip if cache hit
 
       - name: "Use Node.js"
         uses: actions/setup-node@v4
@@ -88,29 +102,31 @@ jobs:
       - name: "Build"
         run: npm run build
 
-      - name: "Login to GitHub Container Registry"
+      - name: "Prepare"
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: "Docker meta"
+        id: "meta"
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKERHUB_REPO }}
+            ${{ env.GHCR_REPO }}
+
+      - name: "Login to Docker Hub Container Registry"
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: "Login to GitHub Container Registry"
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: "Docker meta"
-        id: "meta"
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            solidtime/solidtime
-            ghcr.io/${{ github.repository }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
 
       - name: "Set up QEMU"
         uses: docker/setup-qemu-action@v3
@@ -118,16 +134,85 @@ jobs:
       - name: "Set up Docker Buildx"
         uses: docker/setup-buildx-action@v3
 
-      - name: "Build and push"
+      - name: "Build and push by digest"
+        id: build
         uses: docker/build-push-action@v6
         with:
           context: .
           file: docker/prod/Dockerfile
           build-args: |
             DOCKER_FILES_BASE_PATH=docker/prod/
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,"name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=true
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      - name: "Export digest"
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: "Upload digest"
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    needs:
+      - build
+    steps:
+      - name: "Download digests"
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: "Login to Docker Hub"
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: "Login to GHCR"
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: "Set up Docker Buildx"
+        uses: docker/setup-buildx-action@v3
+
+      - name: "Docker meta"
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKERHUB_REPO }}
+            ${{ env.GHCR_REPO }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: "Create manifest list and push"
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
+
+      - name: "Inspect image"
+        run: |
+          docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }}

.github/workflows/generate-api-docs.yml

@@ -3,6 +3,9 @@ on:
   push:
     branches:
       - main
+permissions:
+  contents: read
+
 jobs:
   api_docs:
     runs-on: ubuntu-latest

.github/workflows/npm-build.yml

@@ -1,6 +1,8 @@
 name: NPM Build
 
 on: [push]
+permissions:
+  contents: read
 
 jobs:
   build:

.github/workflows/npm-format-check.yml

@@ -0,0 +1,23 @@
+name: NPM Format Check
+
+on: [push]
+
+jobs:
+  format-check:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: "Use Node.js"
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: "Install npm dependencies"
+        run: npm ci
+
+      - name: "Check code formatting"
+        run: npm run format:check 

.github/workflows/npm-lint.yml

@@ -1,6 +1,8 @@
 name: NPM Lint
 
 on: [push]
+permissions:
+  contents: read
 
 jobs:
   build:

.github/workflows/npm-publish-api.yml

@@ -1,6 +1,8 @@
 name: Publish API package to NPM
 on:
   workflow_dispatch
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -8,7 +10,8 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - name: "Checkout code"
+        uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm
       - name: Install root project dependencies
         run: npm ci

.github/workflows/npm-publish-ui.yml

@@ -1,6 +1,8 @@
 name: Publish UI package to NPM
 on:
   workflow_dispatch
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -8,7 +10,8 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - name: "Checkout code"
+        uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:

.github/workflows/npm-typecheck.yml

@@ -1,7 +1,8 @@
 name: NPM Typecheck
 
 on: [push]
-
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/phpstan.yml

@@ -1,5 +1,7 @@
 name: Static code analysis (PHPStan)
 on: push
+permissions:
+  contents: read
 jobs:
   phpstan:
     runs-on: ubuntu-latest

.github/workflows/phpunit.yml

@@ -1,13 +1,18 @@
 name: PHPUnit Tests
 on: push
+permissions:
+  contents: read
 jobs:
   phpunit:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    strategy:
+      matrix:
+        postgres_version: [ 15, 16, 17 ]
 
     services:
       pgsql_test:
-        image: postgres:15
+        image: postgres:${{ matrix.postgres_version }}
         env:
           PGPASSWORD: 'root'
           POSTGRES_DB: 'laravel'
@@ -20,7 +25,15 @@ jobs:
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
-
+      gotenberg:
+        image: gotenberg/gotenberg:8
+        ports:
+          - 3000:3000
+        options: >-
+          --health-cmd "curl --silent --fail http://localhost:3000/health"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -55,7 +68,7 @@ jobs:
         run: php artisan test --stop-on-failure --coverage-text --coverage-clover=coverage.xml
 
       - name: "Upload coverage reports to Codecov"
-        uses: codecov/codecov-action@v4.5.0
+        uses: codecov/codecov-action@v5.4.3
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           slug: solidtime-io/solidtime

.github/workflows/pint.yml

@@ -1,5 +1,7 @@
 name: PHP Linting
 on: push
+permissions:
+  contents: read
 jobs:
   pint:
     runs-on: ubuntu-latest
@@ -10,6 +12,6 @@ jobs:
         uses: actions/checkout@v4
 
       - name: "Check code style"
-        uses: aglipanci/laravel-pint-action@2.4
+        uses: aglipanci/laravel-pint-action@2.5
         with:
           configPath: "pint.json"

.github/workflows/playwright.yml

@@ -1,5 +1,7 @@
 name: Playwright Tests
 on: [push]
+permissions:
+  contents: read
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -27,45 +29,47 @@ jobs:
       - name: "Checkout code"
         uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v4
+      - name: "Setup node"
+        uses: actions/setup-node@v4
         with:
           node-version: '20.x'
 
-      - name: Setup PHP
+      - name: "Setup PHP"
         uses: shivammathur/setup-php@v2
         with:
           php-version: '8.3'
           extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv
           coverage: none
 
-      - name: Run composer install
+      - name: "Run composer install"
         run: composer install -n --prefer-dist
 
-      - name: Prepare Laravel Application
+      - name: "Prepare Laravel Application"
         run: |
           cp .env.ci .env
           php artisan key:generate
-          php artisan migrate --seed
           php artisan passport:keys
+          php artisan migrate --seed
 
-      - name: Install dependencies
+      - name: "Install dependencies"
         run: npm ci
 
-      - name: Build Frontend
+      - name: "Build Frontend"
         run: npm run build
 
-      - name: Run Laravel Server
+      - name: "Run Laravel Server"
         run: php artisan serve > /dev/null 2>&1 &
 
-      - name: Install Playwright Browsers
+      - name: "Install Playwright Browsers"
         run: npx playwright install --with-deps
 
-      - name: Run Playwright tests
+      - name: "Run Playwright tests"
         run: npx playwright test
         env:
           PLAYWRIGHT_BASE_URL: 'http://127.0.0.1:8000'
 
-      - uses: actions/upload-artifact@v4
+      - name: "Upload test results"
+        uses: actions/upload-artifact@v4
         if: always()
         with:
           name: test-results

.prettierignore

@@ -0,0 +1,27 @@
+# Ignore build outputs
+node_modules/
+vendor/
+storage/
+bootstrap/cache/
+public/build/
+public/hot/
+
+# Ignore lock files
+package-lock.json
+composer.lock
+
+# Ignore generated files
+*.min.js
+*.min.css
+
+# Ignore test results
+test-results/
+playwright-report/
+
+# Ignore IDE files
+.idea/
+.vscode/
+
+# Ignore OS files
+.DS_Store
+Thumbs.db 

.prettierrc.json

@@ -3,5 +3,6 @@
     "tabWidth": 4,
     "singleQuote": true,
     "bracketSameLine": true,
-    "quoteProps": "preserve"
+    "quoteProps": "preserve",
+    "printWidth": 100
 }

CONTRIBUTING.md

@@ -0,0 +1,81 @@
+# Contributing to solidtime
+
+Contributions are greatly apprecited, please make sure to read the rules and vision for solidtime before contributing. 
+
+## Rules
+
+### Issues for Bugs, Discussions for Feature requests
+
+In order to keep the issues of the repository clean we decided to only use them for bugs. Feature Requests and enhancement are handled in discussions. This also helps us to see which feature requests are popular as they can be upvoted. 
+
+### Only work on approved issues
+
+To respect your time and help us manage contributions effectively, please open an issue or start a discussion and wait for approval before submitting a pull request (PR). This does not apply to tiny fixes or changes however, please keep in mind that we might not merge PRs for various reasons. 
+
+### Contributor License Agreement
+
+You'll also notice that we’ve set up a [Contributor License Agreement (CLA)](https://cla-assistant.io/solidtime-io/solidtime), which must be signed before any PR can be merged. Don’t worry - the process is quick and only takes a few clicks.
+
+We want to be transparent about why we require the CLA and what it means for your contributions and the codebase. That’s why we’ve written a few paragraphs below outlining our plans and vision for solidtime in the **Vision** part of this document. 
+
+### Prevent Duplicate Work
+
+Before you submit a new PR, make sure that none exists already. If you plan to work on an issue, make sure to let us and others know by commenting on the issue/discussion. 
+
+### Give context
+
+Tell us what you thinking was behind the decisions you made while drafting the PR. Treat the PR itself as documentation for everyone who wants to go back and understand why certain decisions were made. 
+
+### Summarize your PR
+
+Please make sure to include a short summary at the top of your PR to make it easy for us to quickly check what the PR is about, without looking at the code changes. 
+
+### Use Github Keywords and Auto-Link Issues
+
+Use phrases like "Closes #123" or "Fixes #123" in the PR description to link the PR with the issue that you are adressing. 
+
+### Mention what you tested and how
+
+Explain how you tested and validated the implementation. 
+
+### Keep Naming consistent
+
+Look at existing code patterns and use naming conventions that already exist in the code base. 
+
+### Testing
+
+We have an exhaustive test-suite of PHPUnit (Backend) and Playwright (Frontend) testing. Whereever applicable please make sure to write add tests to the codebase. 
+
+### Linting & Formatting
+
+Make sure to run linting and formatting commands before you commit the changes. 
+
+For backend changes:
+
+```
+composer fix
+composer analyse
+```
+
+For frontend changes: 
+
+```
+npm run lint:fix
+npm run format
+```
+
+## Vision
+
+We started solidtime to provide an open infrastructure solution for time tracking—one that empowers teams and individuals to fully own their data, instead of depending on proprietary platforms. We believe infrastructure software should be open, accessible, and built to last. However, competing with established market leaders in this space requires long-term financial sustainability.
+
+solidtime is licensed under the AGPL, which we believe is the best available license to strike a balance between openness and financial viability. The AGPL gives us, as the copyright holders, certain exclusive rights that we plan to leverage to fund development. To ensure we retain those rights across the entire codebase, we've put a CLA in place that contributors must sign before submitting code.
+
+One of solidtime’s key advantages is that it's built to be self-hostable. This makes it a great solution for organizations like governments, healthcare providers, and enterprises that are required to keep data on their own infrastructure due to regulations or internal policies. These organizations may need custom licenses, integrations, or modifications that aren't suitable for the open-source version. To support them, we offer relicensed versions of solidtime along with support plans.
+
+We’ll also provide proprietary extensions for solidtime. These will be available to enterprise customers with support plans, but also to individual users or teams who don’t need support, at much more accessible price points. For companies running solidtime on their own infrastructure, this is the easiest way to support the project while gaining additional functionality. While we plan to make it easier to build custom extensions in the future, our current APIs are still highly experimental.
+
+Finally - and perhaps most importantly - we offer a hosted SaaS version called solidtime Cloud, for users who can’t or don’t want to run the software themselves. This version includes proprietary extensions, always runs the latest commit, and includes monitoring and billing features available exclusively on this hosted instance. We expect solidtime Cloud to play a critical role in funding the project long-term.
+
+Having full control over the source code’s licensing also gives us the ability to change the license of the main project in the future. That said, we have no plans to do so and would only consider it in extreme cases - for example, if a malicious actor were to directly compete with our hosted service in a way that threatens the sustainability of the project, the legal interpretation of AGPL changes in a way that would make it unreasonable to use for certain companies, or a new similar license gains wide-spread adoption. Regardless, solidtime will always remain free to self-host for individuals and companies who use it as part of their work, and all previous releases will remain licensed under AGPL.
+
+If you are using the open-source version of solidtime and want to support us, the best way to do so is to spread the word. 

README.md

@@ -13,7 +13,7 @@ solidtime is a modern open-source time tracking application for Freelancers and
 
  - Time tracking: Track your time with a modern and easy-to-use interface
  - Projects: Create and manage projects and assign project members
- - Tasks: Create and manage tasks and assign tasks to project members
+ - Tasks: Create and manage tasks and assign tasks to projects
  - Clients: Create and manage clients and assign clients to projects
  - Billable rates: Set billable rates for projects, project members, organization members and organizations 
  - Multiple organizations: Create and manage multiple organizations with one account
@@ -28,12 +28,18 @@ We also have an examples repository [here](https://github.com/solidtime-io/self-
 
 If you do not want to self-host solidtime or try it out you can sign up for [solidtime cloud](https://www.solidtime.io/)
 
+## Issues & Feature Requests
+
+If you find any **bugs in solidtime**, please feel free to [**open an issue**](https://github.com/solidtime-io/solidtime/issues/new) in this repository, with instructions on how to reproduce the bug. 
+If you have a **feature request**, please [**create a discussion**](https://github.com/solidtime-io/solidtime/discussions/new?category=feature-requests) in this repository.
+
 ## Contributing
 
-This project is in a very early stage. The structure and APIs are still subject to change and not stable. 
-Therefore, we do not currently accept any contributions, unless you are a member of the team.
+Please open an issue or start a discussion and wait for approval before submitting a pull request. This does not apply to tiny fixes or changes however, please keep in mind that we might not merge PRs for various reasons. 
 
-As soon as we feel comfortable enough that the application structure is stable enough, we will open up the project for contributions.
+Please read the [CONTRIBUTING.md](./CONTRIBUTING.md) before sumbitting a Pull Request.
+
+We do accept contributions in the [documentation repository](https://github.com/solidtime-io/docs) f.e. to add new self-hosting guides.
 
 ## Security
 

app/Actions/Fortify/CreateNewUser.php

@@ -4,16 +4,14 @@ declare(strict_types=1);
 
 namespace App\Actions\Fortify;
 
-use App\Enums\Role;
 use App\Enums\Weekday;
 use App\Events\NewsletterRegistered;
-use App\Models\Organization;
 use App\Models\User;
 use App\Service\IpLookup\IpLookupServiceContract;
 use App\Service\TimezoneService;
+use App\Service\UserService;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\DB;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\ValidationException;
 use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
@@ -28,12 +26,18 @@ class CreateNewUser implements CreatesNewUsers
     /**
      * Create a newly registered user.
      *
-     * @param  array<string, string>  $input
+     * @param  array<string, mixed>  $input
      *
      * @throws ValidationException
      */
     public function create(array $input): User
     {
+        if (! config('app.enable_registration')) {
+            throw ValidationException::withMessages([
+                'email' => [__('Registration is disabled.')],
+            ]);
+        }
+
         Validator::make($input, [
             'name' => [
                 'required',
@@ -43,7 +47,7 @@ class CreateNewUser implements CreatesNewUsers
             'email' => [
                 'required',
                 'string',
-                'email',
+                'email:rfc,strict',
                 'max:255',
                 UniqueEloquent::make(User::class, 'email', function (Builder $builder): Builder {
                     /** @var Builder<User> $builder */
@@ -72,6 +76,11 @@ class CreateNewUser implements CreatesNewUsers
         $ipLookupResponse = app(IpLookupServiceContract::class)->lookup(request()->ip());
 
         $startOfWeek = Weekday::Monday;
+        $numberFormat = null;
+        $currencyFormat = null;
+        $dateFormat = null;
+        $intervalFormat = null;
+        $timeFormat = null;
         $currency = null;
         if ($ipLookupResponse !== null) {
             $startOfWeek = $ipLookupResponse->startOfWeek ?? Weekday::Monday;
@@ -81,30 +90,21 @@ class CreateNewUser implements CreatesNewUsers
             $currency = $ipLookupResponse->currency;
         }
         $user = null;
-        $organization = null;
-        DB::transaction(function () use (&$user, &$organization, $input, $timezone, $startOfWeek, $currency): void {
-            $user = User::create([
-                'name' => $input['name'],
-                'email' => $input['email'],
-                'password' => Hash::make($input['password']),
-                'timezone' => $timezone ?? 'UTC',
-                'week_start' => $startOfWeek,
-            ]);
-
-            $organization = new Organization;
-            $organization->name = explode(' ', $user->name, 2)[0]."'s Organization";
-            $organization->personal_team = true;
-            $organization->currency = $currency ?? 'EUR';
-            $organization->owner()->associate($user);
-            $organization->save();
-
-            $organization->users()->attach(
-                $user, [
-                    'role' => Role::Owner->value,
-                ]
+        DB::transaction(function () use (&$user, $input, $timezone, $startOfWeek, $currency, $numberFormat, $currencyFormat, $dateFormat, $intervalFormat, $timeFormat): void {
+            $userService = app(UserService::class);
+            $user = $userService->createUser(
+                $input['name'],
+                $input['email'],
+                $input['password'],
+                $timezone ?? 'UTC',
+                $startOfWeek,
+                $currency,
+                $numberFormat,
+                $currencyFormat,
+                $dateFormat,
+                $intervalFormat,
+                $timeFormat
             );
-
-            $user->ownedTeams()->save($organization);
         });
 
         $newsletterConsent = isset($input['newsletter_consent']) && (bool) $input['newsletter_consent'];

app/Actions/Fortify/UpdateUserProfileInformation.php

@@ -6,7 +6,6 @@ namespace App\Actions\Fortify;
 
 use App\Enums\Weekday;
 use App\Models\User;
-use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rule;
@@ -59,8 +58,7 @@ class UpdateUserProfileInformation implements UpdatesUserProfileInformation
             $user->updateProfilePhoto($input['photo']);
         }
 
-        if ($input['email'] !== $user->email &&
-            $user instanceof MustVerifyEmail) {
+        if ($input['email'] !== $user->email) {
             $user->forceFill([
                 'name' => $input['name'],
                 'email' => $input['email'],

app/Actions/Jetstream/AddOrganizationMember.php

@@ -7,18 +7,16 @@ namespace App\Actions\Jetstream;
 use App\Enums\Role;
 use App\Models\Organization;
 use App\Models\User;
+use App\Service\MemberService;
 use Closure;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rule;
 use Illuminate\Validation\Rules\In;
 use Korridor\LaravelModelValidationRules\Rules\ExistsEloquent;
 use Laravel\Jetstream\Contracts\AddsTeamMembers;
-use Laravel\Jetstream\Events\AddingTeamMember;
-use Laravel\Jetstream\Events\TeamMemberAdded;
 
 class AddOrganizationMember implements AddsTeamMembers
 {
@@ -36,15 +34,7 @@ class AddOrganizationMember implements AddsTeamMembers
             ->where('is_placeholder', '=', false)
             ->firstOrFail();
 
-        AddingTeamMember::dispatch($organization, $newOrganizationMember);
-
-        DB::transaction(function () use ($organization, $newOrganizationMember, $role): void {
-            $organization->users()->attach(
-                $newOrganizationMember, ['role' => $role]
-            );
-        });
-
-        TeamMemberAdded::dispatch($organization, $newOrganizationMember);
+        app(MemberService::class)->addMember($newOrganizationMember, $organization, Role::from($role));
     }
 
     /**
@@ -67,7 +57,7 @@ class AddOrganizationMember implements AddsTeamMembers
      */
     protected function rules(): array
     {
-        return array_filter([
+        return [
             'email' => [
                 'required',
                 'email',
@@ -85,7 +75,7 @@ class AddOrganizationMember implements AddsTeamMembers
                     Role::Employee->value,
                 ]),
             ],
-        ]);
+        ];
     }
 
     /**

app/Actions/Jetstream/CreateOrganization.php

@@ -4,10 +4,11 @@ declare(strict_types=1);
 
 namespace App\Actions\Jetstream;
 
-use App\Enums\Role;
 use App\Events\AfterCreateOrganization;
 use App\Models\Organization;
 use App\Models\User;
+use App\Service\IpLookup\IpLookupServiceContract;
+use App\Service\OrganizationService;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Validator;
@@ -33,16 +34,18 @@ class CreateOrganization implements CreatesTeams
             'name' => ['required', 'string', 'max:255'],
         ])->validateWithBag('createTeam');
 
-        $organization = new Organization;
-        $organization->name = $input['name'];
-        $organization->personal_team = false;
-        $organization->owner()->associate($user);
-        $organization->save();
+        $ipLookupResponse = app(IpLookupServiceContract::class)->lookup(request()->ip());
 
-        $organization->users()->attach(
-            $user, [
-                'role' => Role::Owner->value,
-            ]
+        $currency = null;
+        if ($ipLookupResponse !== null) {
+            $currency = $ipLookupResponse->currency;
+        }
+
+        $organization = app(OrganizationService::class)->createOrganization(
+            $input['name'],
+            $user,
+            false,
+            $currency
         );
 
         $user->switchTeam($organization);

app/Console/Commands/Admin/UserCreateCommand.php

@@ -0,0 +1,92 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Admin;
+
+use App\Enums\Weekday;
+use App\Models\Organization;
+use App\Models\User;
+use App\Service\UserService;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\DB;
+use LogicException;
+
+class UserCreateCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'admin:user:create
+                { name : The name of the user }
+                { email : The email of the user }
+                { --ask-for-password : Ask for the password, otherwise the command will generate a random one }
+                { --verify-email : Verify the email address of the user }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Create a new user';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $name = $this->argument('name');
+        $email = $this->argument('email');
+        $askForPassword = (bool) $this->option('ask-for-password');
+        $verifyEmail = (bool) $this->option('verify-email');
+
+        if (User::query()->where('email', $email)->where('is_placeholder', '=', false)->exists()) {
+            $this->error('User with email "'.$email.'" already exists.');
+
+            return self::FAILURE;
+        }
+
+        if ($askForPassword) {
+            $outputPassword = false;
+            $password = $this->secret('Enter the password');
+        } else {
+            $outputPassword = true;
+            $password = bin2hex(random_bytes(16));
+        }
+
+        $user = null;
+        DB::transaction(function () use (&$user, $name, $email, $password, $verifyEmail): void {
+            $user = app(UserService::class)->createUser(
+                $name,
+                $email,
+                $password,
+                'UTC',
+                Weekday::Monday,
+                null,
+                verifyEmail: $verifyEmail
+            );
+        });
+        /** @var Organization|null $organization */
+        $organization = $user->ownedTeams->first();
+        if ($organization === null) {
+            throw new LogicException('User does not have an organization');
+        }
+
+        $this->info('Created user "'.$name.'" ("'.$email.'")');
+        $this->line('ID: '.$user->getKey());
+        $this->line('Name: '.$name);
+        $this->line('Email: '.$email);
+        if ($outputPassword) {
+            $this->line('Password: '.$password);
+        }
+        $this->line('Timezone: '.$user->timezone);
+        $this->line('Week start: '.$user->week_start->value);
+
+        // Organization
+        $this->line('Currency: '.$organization->currency);
+
+        return self::SUCCESS;
+    }
+}

app/Console/Commands/Admin/UserVerifyCommand.php

@@ -35,7 +35,9 @@ class UserVerifyCommand extends Command
         $this->info('Start verifying user with email "'.$email.'"');
 
         /** @var User|null $user */
-        $user = User::where('email', $email)->first();
+        $user = User::query()->where('email', $email)
+            ->where('is_placeholder', '=', false)
+            ->first();
 
         if ($user === null) {
             $this->error('User with email "'.$email.'" not found.');

app/Console/Commands/Auth/AuthSendReminderForExpiringApiTokensCommand.php

@@ -0,0 +1,108 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Auth;
+
+use App\Mail\AuthApiTokenExpirationReminderMail;
+use App\Mail\AuthApiTokenExpiredMail;
+use App\Models\Passport\Token;
+use App\Models\User;
+use Illuminate\Console\Command;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Mail;
+
+class AuthSendReminderForExpiringApiTokensCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'auth:send-mails-expiring-api-tokens '.
+        ' { --dry-run : Do not actually send emails or save anything to the database, just output what would happen }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Sends emails about expiring API tokens, one week before and when they expired.';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $dryRun = (bool) $this->option('dry-run');
+        if ($dryRun) {
+            $this->comment('Running in dry-run mode. No emails will be sent and nothing will be saved to the database.');
+        }
+
+        $this->comment('Sending reminder emails about expiring API tokens...');
+        $sentMails = 0;
+        Token::query()
+            ->where('expires_at', '<=', Carbon::now()->addDays(7))
+            ->whereNull('reminder_sent_at')
+            ->with([
+                'client',
+                'user',
+            ])
+            ->whereHas('user', function (Builder $query): void {
+                /** @var Builder<User> $query */
+                $query->where('is_placeholder', '=', false);
+            })
+            ->isApiToken(true)
+            ->orderBy('created_at', 'asc')
+            ->chunk(500, function (Collection $tokens) use ($dryRun, &$sentMails): void {
+                /** @var Collection<int, Token> $tokens */
+                foreach ($tokens as $token) {
+                    $user = $token->user;
+                    $this->info('Start sending email to user "'.$user->email.'" ('.$user->getKey().') reminding about API token '.$token->getKey());
+                    $sentMails++;
+                    if (! $dryRun) {
+                        Mail::to($user->email)
+                            ->queue(new AuthApiTokenExpirationReminderMail($token, $user));
+                        $token->reminder_sent_at = Carbon::now();
+                        $token->save();
+                    }
+                }
+            });
+        $this->comment('Finished sending '.$sentMails.' expiring API token emails...');
+
+        $this->comment('Sent emails about expired API tokens');
+        $sentMails = 0;
+        Token::query()
+            ->where('expires_at', '<=', Carbon::now())
+            ->whereNull('expired_info_sent_at')
+            ->with([
+                'client',
+                'user',
+            ])
+            ->whereHas('user', function (Builder $query): void {
+                /** @var Builder<User> $query */
+                $query->where('is_placeholder', '=', false);
+            })
+            ->isApiToken(true)
+            ->orderBy('created_at', 'asc')
+            ->chunk(500, function (Collection $tokens) use ($dryRun, &$sentMails): void {
+                /** @var Collection<int, Token> $tokens */
+                foreach ($tokens as $token) {
+                    $user = $token->user;
+                    $this->info('Start sending email to user "'.$user->email.'" ('.$user->getKey().') about expired API token '.$token->getKey());
+                    $sentMails++;
+                    if (! $dryRun) {
+                        Mail::to($user->email)
+                            ->queue(new AuthApiTokenExpiredMail($token, $user));
+                        $token->expired_info_sent_at = Carbon::now();
+                        $token->save();
+                    }
+                }
+            });
+        $this->comment('Finished sending '.$sentMails.' expired API token emails...');
+
+        return self::SUCCESS;
+    }
+}

app/Console/Commands/Correction/CorrectionPlaceholderMembersCommand.php

@@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Correction;
+
+use App\Enums\Role;
+use App\Models\Member;
+use App\Models\User;
+use Illuminate\Console\Command;
+use Illuminate\Database\Eloquent\Builder;
+
+class CorrectionPlaceholderMembersCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'correction:placeholder-members '.
+        ' { --dry-run : Do not actually save anything to the database, just output what would happen }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Sets all members who belong to a placeholder user to role placeholder';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $this->comment('Sets all members who belong to a placeholder user to role placeholder...');
+        $dryRun = (bool) $this->option('dry-run');
+        if ($dryRun) {
+            $this->comment('Running in dry-run mode. Nothing will be saved to the database.');
+        }
+
+        $members = Member::query()
+            ->where('role', '!=', Role::Placeholder->value)
+            ->whereHas('user', function (Builder $builder): void {
+                /** @var Builder<User> $builder */
+                $builder->where('is_placeholder', '=', true);
+            })
+            ->get();
+        foreach ($members as $member) {
+            /** @var Member $member */
+            $member->role = Role::Placeholder->value;
+            if (! $dryRun) {
+                $member->save();
+            }
+            $this->line('Set role of member (id='.$member->getKey().') to placeholder');
+        }
+
+        return self::SUCCESS;
+    }
+}

app/Console/Commands/Report/ReportSetExpiredToPrivateCommand.php

@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Report;
+
+use App\Models\Report;
+use Illuminate\Console\Command;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Carbon;
+use LogicException;
+
+class ReportSetExpiredToPrivateCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'report:set-expired-to-private '.
+        ' { --dry-run : Do not actually save anything to the database, just output what would happen }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Makes public reports private if the public_until date has passed.';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $this->comment('Makes public reports private if the public_until date has passed...');
+        $dryRun = (bool) $this->option('dry-run');
+        if ($dryRun) {
+            $this->comment('Running in dry-run mode. Nothing will be saved to the database.');
+        }
+
+        $resetReports = 0;
+        Report::query()
+            ->where('public_until', '<', Carbon::now())
+            ->orderBy('created_at', 'asc')
+            ->chunk(500, function (Collection $reports) use ($dryRun, &$resetReports): void {
+                /** @var Collection<int, Report> $reports */
+                foreach ($reports as $report) {
+                    $publicUntil = $report->public_until;
+                    if ($publicUntil === null) {
+                        throw new LogicException('public_until should not be null');
+                    }
+                    $this->info('Make report "'.$report->name.'" ('.$report->getKey().') private, expired: '.
+                        $publicUntil->toIso8601ZuluString().' ('.$publicUntil->diffForHumans().')');
+                    $resetReports++;
+                    if (! $dryRun) {
+                        $report->is_public = false;
+                        $report->share_secret = null;
+                        $report->save();
+                    }
+                }
+            });
+
+        $this->comment('Finished setting '.$resetReports.' expired reports to private...');
+
+        return self::SUCCESS;
+    }
+}

app/Console/Commands/SelfHost/SelfHostDatabaseConsistency.php

@@ -0,0 +1,123 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\SelfHost;
+
+use Illuminate\Console\Command;
+use Illuminate\Database\Query\Builder;
+use Illuminate\Database\Query\JoinClause;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
+
+class SelfHostDatabaseConsistency extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'self-host:database-consistency';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = '';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $hadAProblem = false;
+
+        // Task need to be part of project in time entries
+        $problems = DB::table('time_entries')
+            ->select(['time_entries.id as id'])
+            ->join('tasks', 'time_entries.task_id', '=', 'tasks.id')
+            ->where('tasks.project_id', '!=', DB::raw('time_entries.project_id'))
+            ->get();
+        $this->logProblems($problems, 'Time entries have a task that does not belong to the project of the time entry', $hadAProblem);
+
+        // Client id is the client id of the project
+        $problems = DB::table('time_entries')
+            ->select(['time_entries.id as id'])
+            ->join('projects', 'time_entries.project_id', '=', 'projects.id')
+            ->where(DB::raw('coalesce(projects.client_id::varchar, \'\')'), '!=', DB::raw('coalesce(time_entries.client_id::varchar, \'\')'))
+            ->get();
+        $this->logProblems($problems, 'Time entries have a client that does not match the client of the project', $hadAProblem);
+
+        // Client id can only be not null if the project id is not null
+        $problems = DB::table('time_entries')
+            ->select(['time_entries.id as id'])
+            ->whereNotNull('client_id')
+            ->whereNull('project_id')
+            ->get();
+        $this->logProblems($problems, 'Time entries have a client but no project', $hadAProblem);
+
+        // Every user needs to be a member of at least one organization
+        $problems = DB::table('users')
+            ->select(['users.id as id'])
+            ->leftJoin('members', 'users.id', '=', 'members.user_id')
+            ->whereNull('members.id')
+            ->get();
+        $this->logProblems($problems, 'Users are not member of any organization', $hadAProblem);
+
+        // Every organization needs at least an owner
+        $problems = DB::table('organizations')
+            ->select(['organizations.id as id'])
+            ->leftJoin('members', function (JoinClause $join): void {
+                $join->on('organizations.id', '=', 'members.organization_id')
+                    ->where('members.role', '=', 'owner');
+            })
+            ->whereNull('members.id')
+            ->get();
+        $this->logProblems($problems, 'Organizations without an owner', $hadAProblem);
+
+        // Every member can only have one running time entry
+        $problems = DB::table('time_entries')
+            ->select(['user_id as id'])
+            ->whereNull('end')
+            ->groupBy('user_id')
+            ->havingRaw('count(*) > 1')
+            ->get(['user_id', DB::raw('count(*) as count')]);
+        $this->logProblems($problems, 'Users with more than one running time entry', $hadAProblem);
+
+        // Users have a current organization that they are not a member of
+        $problems = DB::table('users')
+            ->select(['users.id as id'])
+            ->whereNotNull('current_team_id')
+            ->whereNotIn('current_team_id', function (Builder $query): void {
+                $query->select('organization_id')
+                    ->from('members')
+                    ->whereColumn('members.user_id', 'users.id');
+            })->get();
+        $this->logProblems($problems, 'Users have a current organization that they are not a member of', $hadAProblem);
+
+        return $hadAProblem ? self::FAILURE : self::SUCCESS;
+    }
+
+    /**
+     * @param  Collection<int, \stdClass>  $problems
+     */
+    private function logProblems(Collection $problems, string $message, bool &$hadAProblem): void
+    {
+        $message = 'Consistency problem: '.$message;
+        if ($problems->isNotEmpty()) {
+            $ids = $problems->pluck('id');
+            $hadAProblem = true;
+            Log::error($message, [
+                'ids' => $ids,
+            ]);
+
+            $error = $message;
+            foreach ($ids as $id) {
+                $error .= "\n  - ".$id;
+            }
+            $this->error($error);
+        }
+    }
+}

app/Console/Commands/SelfHost/SelfHostGenerateKeysCommand.php

@@ -18,6 +18,7 @@ class SelfHostGenerateKeysCommand extends Command
      */
     protected $signature = 'self-host:generate-keys
                 { --length=4096 : The length of the passport private key }
+                { --multi-line : Whether to output the keys in multiple lines }
                 { --format=env : The format of the output (env, yaml) }';
 
     /**
@@ -34,6 +35,7 @@ class SelfHostGenerateKeysCommand extends Command
     {
         $format = $this->option('format');
         $key = RSA::createKey((int) $this->option('length'));
+        $multiLine = (bool) $this->option('multi-line');
 
         $publicKey = (string) $key->getPublicKey();
         $privateKey = (string) $key;
@@ -41,12 +43,17 @@ class SelfHostGenerateKeysCommand extends Command
 
         if ($format === 'env') {
             $this->line('APP_KEY="'.$appKey.'"');
-            $this->line('PASSPORT_PRIVATE_KEY="'.$privateKey.'"');
-            $this->line('PASSPORT_PUBLIC_KEY="'.$publicKey.'"');
+            if ($multiLine) {
+                $this->line('PASSPORT_PRIVATE_KEY="'.Str::replace("\r\n", "\n", $privateKey).'"');
+                $this->line('PASSPORT_PUBLIC_KEY="'.Str::replace("\r\n", "\n", $publicKey).'"');
+            } else {
+                $this->line('PASSPORT_PRIVATE_KEY="'.Str::replace("\r\n", '\n', $privateKey).'"');
+                $this->line('PASSPORT_PUBLIC_KEY="'.Str::replace("\r\n", '\n', $publicKey).'"');
+            }
         } elseif ($format === 'yaml') {
             $this->line('APP_KEY: "'.$appKey.'"');
-            $this->line("PASSPORT_PRIVATE_KEY: |\n  ".Str::replace("\n", "\n  ", $privateKey));
-            $this->line("PASSPORT_PUBLIC_KEY: |\n  ".Str::replace("\n", "\n  ", $publicKey));
+            $this->line("PASSPORT_PRIVATE_KEY: |\n  ".Str::replace("\r\n", "\n  ", $privateKey));
+            $this->line("PASSPORT_PUBLIC_KEY: |\n  ".Str::replace("\r\n", "\n  ", $publicKey));
         } else {
             $this->error('Invalid format');
 

app/Console/Kernel.php

@@ -18,6 +18,10 @@ class Kernel extends ConsoleKernel
             ->when(fn (): bool => config('scheduling.tasks.time_entry_send_still_running_mails'))
             ->everyTenMinutes();
 
+        $schedule->command('auth:send-mails-expiring-api-tokens')
+            ->when(fn (): bool => config('scheduling.tasks.auth_send_mails_expiring_api_tokens'))
+            ->everyTenMinutes();
+
         $schedule->command('self-host:check-for-update')
             ->when(fn (): bool => config('scheduling.tasks.self_hosting_check_for_update'))
             ->twiceDaily();
@@ -25,6 +29,10 @@ class Kernel extends ConsoleKernel
         $schedule->command('self-host:telemetry')
             ->when(fn (): bool => config('scheduling.tasks.self_hosting_telemetry'))
             ->twiceDaily();
+
+        $schedule->command('self-host:database-consistency')
+            ->when(fn (): bool => config('scheduling.tasks.self_hosting_database_consistency'))
+            ->everySixHours();
     }
 
     /**

app/Enums/CurrencyFormat.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
+enum CurrencyFormat: string
+{
+    use LaravelEnumHelper;
+
+    case ISOCodeBeforeWithSpace = 'iso-code-before-with-space';
+    case ISOCodeAfterWithSpace = 'iso-code-after-with-space';
+
+    case SymbolBefore = 'symbol-before';
+
+    case SymbolAfter = 'symbol-after';
+
+    case SymbolBeforeWithSpace = 'symbol-before-with-space';
+
+    case SymbolAfterWithSpace = 'symbol-after-with-space';
+
+    /**
+     * @return array<string, string>
+     */
+    public static function toSelectArray(): array
+    {
+        $selectArray = [];
+        foreach (self::values() as $value) {
+            $selectArray[(string) $value] = (string) __('enum.currency_format.'.$value);
+        }
+
+        return $selectArray;
+    }
+}

app/Enums/DateFormat.php

@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
+enum DateFormat: string
+{
+    use LaravelEnumHelper;
+
+    case PointSeparatedDMYYYY = 'point-separated-d-m-yyyy';
+    case SlashSeparatedMMDDYYYY = 'slash-separated-mm-dd-yyyy';
+
+    case SlashSeparatedDDMMYYYY = 'slash-separated-dd-mm-yyyy';
+
+    case HyphenSeparatedDDMMYYY = 'hyphen-separated-dd-mm-yyyy';
+
+    case HyphenSeparatedMMDDDYYYY = 'hyphen-separated-mm-dd-yyyy';
+
+    case HyphenSeparatedYYYYMMDD = 'hyphen-separated-yyyy-mm-dd';
+
+    public function toCarbonFormat(): string
+    {
+        return match ($this->value) {
+            self::PointSeparatedDMYYYY->value => 'j.n.Y',
+            self::SlashSeparatedMMDDYYYY->value => 'm/d/Y',
+            self::SlashSeparatedDDMMYYYY->value => 'd/m/Y',
+            self::HyphenSeparatedDDMMYYY->value => 'd-m-Y',
+            self::HyphenSeparatedMMDDDYYYY->value => 'm-d-Y',
+            self::HyphenSeparatedYYYYMMDD->value => 'Y-m-d',
+        };
+    }
+
+    /**
+     * @return array<string, string>
+     */
+    public static function toSelectArray(): array
+    {
+        $selectArray = [];
+        foreach (self::values() as $value) {
+            $selectArray[(string) $value] = (string) __('enum.date_format.'.$value);
+        }
+
+        return $selectArray;
+    }
+}

app/Enums/ExportFormat.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Maatwebsite\Excel\Excel;
+
+enum ExportFormat: string
+{
+    case CSV = 'csv';
+    case PDF = 'pdf';
+    case XLSX = 'xlsx';
+    case ODS = 'ods';
+
+    public function getFileExtension(): string
+    {
+        return match ($this) {
+            self::CSV => 'csv',
+            self::PDF => 'pdf',
+            self::XLSX => 'xlsx',
+            self::ODS => 'ods',
+        };
+    }
+
+    public function getExportPackageType(): string
+    {
+        return match ($this) {
+            self::CSV => Excel::CSV,
+            self::PDF => Excel::MPDF,
+            self::XLSX => Excel::XLSX,
+            self::ODS => Excel::ODS,
+        };
+    }
+}

app/Enums/IntervalFormat.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
+enum IntervalFormat: string
+{
+    use LaravelEnumHelper;
+
+    case Decimal = 'decimal';
+    case HoursMinutes = 'hours-minutes';
+
+    case HoursMinutesColonSeparated = 'hours-minutes-colon-separated';
+
+    case HoursMinutesSecondsColonSeparated = 'hours-minutes-seconds-colon-separated';
+
+    /**
+     * @return array<string, string>
+     */
+    public static function toSelectArray(): array
+    {
+        $selectArray = [];
+        foreach (self::values() as $value) {
+            $selectArray[(string) $value] = (string) __('enum.interval_format.'.$value);
+        }
+
+        return $selectArray;
+    }
+}

app/Enums/NumberFormat.php

@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
+/**
+ * @info https://en.wikipedia.org/wiki/Decimal_separator
+ */
+enum NumberFormat: string
+{
+    use LaravelEnumHelper;
+
+    case ThousandsPointDecimalComma = 'point-comma';
+
+    case ThousandsCommaDecimalPoint = 'comma-point';
+    case ThousandsSpaceDecimalComma = 'space-comma';
+
+    case ThousandsSpaceDecimalPoint = 'space-point';
+
+    case ThousandsApostropheDecimalPoint = 'apostrophe-point';
+
+    /**
+     * @return array<string, string>
+     */
+    public static function toSelectArray(): array
+    {
+        $selectArray = [];
+        foreach (self::values() as $value) {
+            $selectArray[(string) $value] = (string) __('enum.number_format.'.$value);
+        }
+
+        return $selectArray;
+    }
+}

app/Enums/TimeEntryAggregationType.php

@@ -4,8 +4,12 @@ declare(strict_types=1);
 
 namespace App\Enums;
 
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
 enum TimeEntryAggregationType: string
 {
+    use LaravelEnumHelper;
+
     case Day = 'day';
     case Week = 'week';
     case Month = 'month';
@@ -17,6 +21,16 @@ enum TimeEntryAggregationType: string
     case Billable = 'billable';
     case Description = 'description';
 
+    public static function fromInterval(TimeEntryAggregationTypeInterval $timeEntryAggregationTypeInterval): TimeEntryAggregationType
+    {
+        return match ($timeEntryAggregationTypeInterval) {
+            TimeEntryAggregationTypeInterval::Day => TimeEntryAggregationType::Day,
+            TimeEntryAggregationTypeInterval::Week => TimeEntryAggregationType::Week,
+            TimeEntryAggregationTypeInterval::Month => TimeEntryAggregationType::Month,
+            TimeEntryAggregationTypeInterval::Year => TimeEntryAggregationType::Year,
+        };
+    }
+
     public function toInterval(): ?TimeEntryAggregationTypeInterval
     {
         return match ($this) {

app/Enums/TimeEntryRoundingType.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
+enum TimeEntryRoundingType: string
+{
+    use LaravelEnumHelper;
+
+    case Up = 'up';
+    case Down = 'down';
+    case Nearest = 'nearest';
+}

app/Enums/TimeFormat.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Enums;
+
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
+
+enum TimeFormat: string
+{
+    use LaravelEnumHelper;
+
+    case TwelveHours = '12-hours';
+    case TwentyFourHours = '24-hours';
+
+    /**
+     * @return array<string, string>
+     */
+    public static function toSelectArray(): array
+    {
+        $selectArray = [];
+        foreach (self::values() as $value) {
+            $selectArray[(string) $value] = (string) __('enum.time_format.'.$value);
+        }
+
+        return $selectArray;
+    }
+}

app/Enums/Weekday.php

@@ -4,10 +4,13 @@ declare(strict_types=1);
 
 namespace App\Enums;
 
+use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
 use Illuminate\Support\Carbon;
 
 enum Weekday: string
 {
+    use LaravelEnumHelper;
+
     case Monday = 'monday';
     case Tuesday = 'tuesday';
     case Wednesday = 'wednesday';

app/Events/DatabaseSeederAfterSeed.php

@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use Illuminate\Foundation\Events\Dispatchable;
+
+class DatabaseSeederAfterSeed
+{
+    use Dispatchable;
+
+    public function __construct() {}
+}

app/Events/DatabaseSeederBeforeDelete.php

@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Events;
+
+use Illuminate\Foundation\Events\Dispatchable;
+
+class DatabaseSeederBeforeDelete
+{
+    use Dispatchable;
+
+    public function __construct() {}
+}

app/Exceptions/Api/ChangingRoleOfPlaceholderIsNotAllowed.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class ChangingRoleOfPlaceholderIsNotAllowed extends ApiException
+{
+    public const string KEY = 'changing_role_of_placeholder_is_not_allowed';
+}

app/Exceptions/Api/FeatureIsNotAvailableInFreePlanApiException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class FeatureIsNotAvailableInFreePlanApiException extends ApiException
+{
+    public const string KEY = 'feature_is_not_available_in_free_plan';
+}

app/Exceptions/Api/InvitationForTheEmailAlreadyExistsApiException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class InvitationForTheEmailAlreadyExistsApiException extends ApiException
+{
+    public const string KEY = 'invitation_for_the_email_already_exists';
+}

app/Exceptions/Api/OnlyPlaceholdersCanBeMergedIntoAnotherMember.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class OnlyPlaceholdersCanBeMergedIntoAnotherMember extends ApiException
+{
+    public const string KEY = 'only_placeholders_can_be_merged_into_another_member';
+}

app/Exceptions/Api/PdfRendererIsNotConfiguredException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class PdfRendererIsNotConfiguredException extends ApiException
+{
+    public const string KEY = 'pdf_renderer_is_not_configured';
+}

app/Exceptions/Api/PersonalAccessClientIsNotConfiguredException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class PersonalAccessClientIsNotConfiguredException extends ApiException
+{
+    public const string KEY = 'personal_access_client_is_not_configured';
+}

app/Exceptions/Api/ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException extends ApiException
+{
+    public const string KEY = 'this_placeholder_can_not_be_invited_use_the_merge_tool_instead_api_exception';
+}

app/Extensions/Scramble/PaginatedResourceCollectionTypeToSchema.php

@@ -41,9 +41,7 @@ class PaginatedResourceCollectionTypeToSchema extends TypeToSchemaExtension
             return null;
         }
 
-        if (! ($collectingType = $this->openApiTransformer->transform($collectingClassType))) {
-            return null;
-        }
+        $collectingType = $this->openApiTransformer->transform($collectingClassType);
 
         $newType = new OpenApiObjectType;
         $newType->addProperty('data', (new ArrayType)->setItems($collectingType));

app/Filament/Resources/AuditResource.php

@@ -13,7 +13,7 @@ use Filament\Tables;
 use Filament\Tables\Columns\IconColumn;
 use Filament\Tables\Table;
 use Illuminate\Support\Str;
-use Novadaemon\FilamentPrettyJson\PrettyJson;
+use Novadaemon\FilamentPrettyJson\Form\PrettyJsonField;
 
 class AuditResource extends Resource
 {
@@ -38,8 +38,8 @@ class AuditResource extends Resource
                     ->maxLength(255),
                 Forms\Components\TextInput::make('auditable_id')
                     ->required(),
-                PrettyJson::make('old_values'),
-                PrettyJson::make('new_values'),
+                PrettyJsonField::make('old_values'),
+                PrettyJsonField::make('new_values'),
                 Forms\Components\Textarea::make('url'),
                 Forms\Components\TextInput::make('ip_address'),
                 Forms\Components\TextInput::make('user_agent')

app/Filament/Resources/ClientResource.php

@@ -60,8 +60,13 @@ class ClientResource extends Resource
             ->defaultSort('created_at', 'desc')
             ->filters([
                 SelectFilter::make('organization')
+                    ->label('Organization')
                     ->relationship('organization', 'name')
                     ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
             ])
             ->actions([
                 Tables\Actions\EditAction::make(),

app/Filament/Resources/ClientResource/Pages/EditClient.php

@@ -15,7 +15,8 @@ class EditClient extends EditRecord
     protected function getHeaderActions(): array
     {
         return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
         ];
     }
 }

app/Filament/Resources/ClientResource/Pages/ListClients.php

@@ -15,7 +15,8 @@ class ListClients extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/FailedJobResource.php

@@ -15,12 +15,13 @@ use Filament\Resources\Resource;
 use Filament\Tables\Actions\Action;
 use Filament\Tables\Actions\BulkAction;
 use Filament\Tables\Actions\DeleteAction;
+use Filament\Tables\Actions\DeleteBulkAction;
 use Filament\Tables\Actions\ViewAction;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Table;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Artisan;
-use Novadaemon\FilamentPrettyJson\PrettyJson;
+use Novadaemon\FilamentPrettyJson\Form\PrettyJsonField;
 
 /**
  * @source https://gitlab.com/amvisor/filament-failed-jobs
@@ -50,7 +51,7 @@ class FailedJobResource extends Resource
 
                 // make text a little bit smaller because often a complete Stack Trace is shown:
                 TextArea::make('exception')->disabled()->columnSpan(4)->extraInputAttributes(['style' => 'font-size: 80%;']),
-                PrettyJson::make('payload')->disabled()->columnSpan(4),
+                PrettyJsonField::make('payload')->disabled()->columnSpan(4),
             ])->columns(4);
     }
 
@@ -75,7 +76,8 @@ class FailedJobResource extends Resource
             ->filters([])
             ->bulkActions([
                 BulkAction::make('retry')
-                    ->label('Retry')
+                    ->icon('heroicon-o-arrow-path')
+                    ->label('Retry selected')
                     ->requiresConfirmation()
                     ->action(function (Collection $records): void {
                         /** @var FailedJob $record */
@@ -87,11 +89,13 @@ class FailedJobResource extends Resource
                             ->success()
                             ->send();
                     }),
+                DeleteBulkAction::make(),
             ])
             ->actions([
-                DeleteAction::make('Delete'),
-                ViewAction::make('View'),
+                DeleteAction::make(),
+                ViewAction::make(),
                 Action::make('retry')
+                    ->icon('heroicon-o-arrow-path')
                     ->label('Retry')
                     ->requiresConfirmation()
                     ->action(function (FailedJob $record): void {
@@ -109,7 +113,6 @@ class FailedJobResource extends Resource
         return [
             'index' => ListFailedJobs::route('/'),
             'view' => ViewFailedJobs::route('/{record}'),
-
         ];
     }
 }

app/Filament/Resources/FailedJobResource/Pages/ListFailedJobs.php

@@ -6,8 +6,8 @@ namespace App\Filament\Resources\FailedJobResource\Pages;
 
 use App\Filament\Resources\FailedJobResource;
 use App\Models\FailedJob;
+use Filament\Actions\Action;
 use Filament\Notifications\Notification;
-use Filament\Pages\Actions\Action;
 use Filament\Resources\Pages\ListRecords;
 use Illuminate\Support\Facades\Artisan;
 
@@ -19,7 +19,8 @@ class ListFailedJobs extends ListRecords
     {
         return [
             Action::make('retry_all')
-                ->label('Retry all failed Jobs')
+                ->icon('heroicon-o-arrow-path')
+                ->label('Retry all')
                 ->requiresConfirmation()
                 ->action(function (): void {
                     Artisan::call('queue:retry all');
@@ -30,7 +31,8 @@ class ListFailedJobs extends ListRecords
                 }),
 
             Action::make('delete_all')
-                ->label('Delete all failed Jobs')
+                ->icon('heroicon-o-trash')
+                ->label('Delete all')
                 ->requiresConfirmation()
                 ->color('danger')
                 ->action(function (): void {

app/Filament/Resources/OrganizationInvitationResource.php

@@ -0,0 +1,114 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Enums\Role;
+use App\Filament\Resources\OrganizationInvitationResource\Pages;
+use App\Models\OrganizationInvitation;
+use App\Service\OrganizationInvitationService;
+use Filament\Forms;
+use Filament\Forms\Components\Select;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Table;
+use Illuminate\Support\Collection;
+
+class OrganizationInvitationResource extends Resource
+{
+    protected static ?string $model = OrganizationInvitation::class;
+
+    protected static ?string $label = 'Invitations';
+
+    protected static ?string $navigationIcon = 'heroicon-o-user-plus';
+
+    protected static ?string $navigationGroup = 'Users';
+
+    protected static ?int $navigationSort = 9;
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->columns(1)
+            ->schema([
+                Forms\Components\TextInput::make('email')
+                    ->label('Email')
+                    ->disabledOn(['edit'])
+                    ->required(),
+                Select::make('role')
+                    ->options(Role::class),
+                Forms\Components\Select::make('organization_id')
+                    ->label('Organization')
+                    ->relationship(name: 'organization', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->disabledOn(['edit'])
+                    ->required(),
+                Forms\Components\DateTimePicker::make('created_at')
+                    ->label('Created At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('updated_at')
+                    ->label('Updated At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('organization.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('email')
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('role'),
+                Tables\Columns\TextColumn::make('created_at')
+                    ->label('Created At')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('updated_at')
+                    ->label('Updated At')
+                    ->dateTime()
+                    ->sortable()
+                    ->toggleable(isToggledHiddenByDefault: true),
+            ])
+            ->defaultSort('created_at', 'desc')
+            ->filters([
+                //
+            ])
+            ->actions([
+                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\BulkActionGroup::make([
+                    Tables\Actions\BulkAction::make('resend')
+                        ->label('Resend')
+                        ->action(function (Collection $records): void {
+                            foreach ($records as $organizationInvite) {
+                                app(OrganizationInvitationService::class)->resend($organizationInvite);
+                            }
+                        }),
+                ]),
+            ]);
+    }
+
+    public static function getRelations(): array
+    {
+        return [
+        ];
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ListOrganizationInvitations::route('/'),
+            'edit' => Pages\EditOrganizationInvitation::route('/{record}/edit'),
+            'view' => Pages\ViewOrganizationInvitation::route('/{record}'),
+        ];
+    }
+}

app/Filament/Resources/OrganizationInvitationResource/Pages/EditOrganizationInvitation.php

@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationInvitationResource\Pages;
+
+use App\Filament\Resources\OrganizationInvitationResource;
+use Filament\Actions;
+use Filament\Resources\Pages\EditRecord;
+
+class EditOrganizationInvitation extends EditRecord
+{
+    protected static string $resource = OrganizationInvitationResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
+        ];
+    }
+}

app/Filament/Resources/OrganizationInvitationResource/Pages/ListOrganizationInvitations.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationInvitationResource\Pages;
+
+use App\Filament\Resources\OrganizationInvitationResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListOrganizationInvitations extends ListRecords
+{
+    protected static string $resource = OrganizationInvitationResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}

app/Filament/Resources/OrganizationInvitationResource/Pages/ViewOrganizationInvitation.php

@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationInvitationResource\Pages;
+
+use App\Filament\Resources\OrganizationInvitationResource;
+use Filament\Actions\EditAction;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewOrganizationInvitation extends ViewRecord
+{
+    protected static string $resource = OrganizationInvitationResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            EditAction::make('edit')
+                ->icon('heroicon-s-pencil'),
+        ];
+    }
+}

app/Filament/Resources/OrganizationResource.php

@@ -4,9 +4,16 @@ declare(strict_types=1);
 
 namespace App\Filament\Resources;
 
+use App\Enums\CurrencyFormat;
+use App\Enums\DateFormat;
+use App\Enums\IntervalFormat;
+use App\Enums\NumberFormat;
+use App\Enums\TimeFormat;
 use App\Filament\Resources\OrganizationResource\Pages;
+use App\Filament\Resources\OrganizationResource\RelationManagers\InvitationsRelationManager;
 use App\Filament\Resources\OrganizationResource\RelationManagers\UsersRelationManager;
 use App\Models\Organization;
+use App\Service\DeletionService;
 use App\Service\Export\ExportService;
 use App\Service\Import\Importers\ImporterProvider;
 use App\Service\Import\Importers\ImportException;
@@ -46,10 +53,28 @@ class OrganizationResource extends Resource
                     ->maxLength(255),
                 Forms\Components\Toggle::make('personal_team')
                     ->label('Is personal?')
+                    ->hiddenOn(['create'])
                     ->required(),
                 Forms\Components\Select::make('user_id')
+                    ->label('Owner')
                     ->relationship(name: 'owner', titleAttribute: 'email')
                     ->searchable(['name', 'email'])
+                    ->disabledOn(['edit'])
+                    ->required(),
+                Select::make('date_format')
+                    ->options(DateFormat::toSelectArray())
+                    ->required(),
+                Select::make('currency_format')
+                    ->options(CurrencyFormat::toSelectArray())
+                    ->required(),
+                Select::make('interval_format')
+                    ->options(IntervalFormat::toSelectArray())
+                    ->required(),
+                Select::make('number_format')
+                    ->options(NumberFormat::toSelectArray())
+                    ->required(),
+                Select::make('time_format')
+                    ->options(TimeFormat::toSelectArray())
                     ->required(),
                 Forms\Components\Select::make('currency')
                     ->label('Currency')
@@ -62,6 +87,7 @@ class OrganizationResource extends Resource
 
                         return $select;
                     })
+                    ->required()
                     ->searchable(),
                 Forms\Components\TextInput::make('billable_rate')
                     ->label('Billable rate (in Cents)')
@@ -75,9 +101,11 @@ class OrganizationResource extends Resource
                     ->numeric(),
                 Forms\Components\DateTimePicker::make('created_at')
                     ->label('Created At')
+                    ->hiddenOn(['create'])
                     ->disabled(),
                 Forms\Components\DateTimePicker::make('updated_at')
                     ->label('Updated At')
+                    ->hiddenOn(['create'])
                     ->disabled(),
             ]);
     }
@@ -97,7 +125,7 @@ class OrganizationResource extends Resource
                     ->sortable(),
                 Tables\Columns\TextColumn::make('currency'),
                 TextColumn::make('billable_rate')
-                    ->money(fn (Organization $resource) => $resource->currency ?? 'EUR', divideBy: 100),
+                    ->money(fn (Organization $resource) => $resource->currency, divideBy: 100),
                 Tables\Columns\TextColumn::make('created_at')
                     ->dateTime()
                     ->sortable(),
@@ -112,6 +140,10 @@ class OrganizationResource extends Resource
             ])
             ->actions([
                 Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make()
+                    ->using(function (Organization $record): void {
+                        app(DeletionService::class)->deleteOrganization($record);
+                    }),
                 Action::make('Export')
                     ->icon('heroicon-o-arrow-down-tray')
                     ->action(function (Organization $record) {
@@ -199,8 +231,6 @@ class OrganizationResource extends Resource
                     ]),
             ])
             ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                ]),
             ]);
     }
 
@@ -208,6 +238,7 @@ class OrganizationResource extends Resource
     {
         return [
             UsersRelationManager::class,
+            InvitationsRelationManager::class,
         ];
     }
 

app/Filament/Resources/OrganizationResource/Actions/DeleteOrganization.php

@@ -15,7 +15,6 @@ class DeleteOrganization extends DeleteAction
     protected function setUp(): void
     {
         parent::setUp();
-        // TODO: check why setting the icon is necessary
         $this->icon('heroicon-m-trash');
         $this->action(function (): void {
             $result = $this->process(function (Organization $record): bool {

app/Filament/Resources/OrganizationResource/Pages/CreateOrganization.php

@@ -4,10 +4,33 @@ declare(strict_types=1);
 
 namespace App\Filament\Resources\OrganizationResource\Pages;
 
+use App\Enums\Role;
 use App\Filament\Resources\OrganizationResource;
+use App\Models\Organization;
 use Filament\Resources\Pages\CreateRecord;
 
 class CreateOrganization extends CreateRecord
 {
     protected static string $resource = OrganizationResource::class;
+
+    protected function mutateFormDataBeforeCreate(array $data): array
+    {
+        $data['personal_team'] = false;
+
+        return $data;
+    }
+
+    protected function afterCreate(): void
+    {
+        /** @var Organization $organization */
+        $organization = $this->record;
+
+        $user = $organization->owner;
+
+        $organization->users()->attach(
+            $user, [
+                'role' => Role::Owner->value,
+            ]
+        );
+    }
 }

app/Filament/Resources/OrganizationResource/Pages/ListOrganizations.php

@@ -15,7 +15,8 @@ class ListOrganizations extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/OrganizationResource/RelationManagers/InvitationsRelationManager.php

@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\OrganizationResource\RelationManagers;
+
+use App\Enums\Role;
+use App\Filament\Resources\OrganizationInvitationResource;
+use App\Models\Organization;
+use App\Models\OrganizationInvitation;
+use App\Service\InvitationService;
+use Filament\Forms\Components\Select;
+use Filament\Forms\Components\TextInput;
+use Filament\Forms\Form;
+use Filament\Resources\RelationManagers\RelationManager;
+use Filament\Tables;
+use Filament\Tables\Actions\Action;
+use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Validation\Rule;
+
+class InvitationsRelationManager extends RelationManager
+{
+    protected static string $relationship = 'teamInvitations';
+
+    protected static ?string $title = 'Invitations';
+
+    public function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                TextInput::make('email')
+                    ->label('Email')
+                    ->disabledOn(['edit'])
+                    ->required(),
+                Select::make('role')
+                    ->options(Role::class)
+                    ->label('Role')
+                    ->rules([
+                        'required',
+                        'string',
+                        Rule::enum(Role::class)
+                            ->except([Role::Owner, Role::Placeholder]),
+                    ])
+                    ->required(),
+            ]);
+    }
+
+    public function table(Table $table): Table
+    {
+        return $table
+            ->recordTitleAttribute('email')
+            ->modelLabel('Invitation')
+            ->pluralModelLabel('Invitations')
+            ->columns([
+                Tables\Columns\TextColumn::make('email'),
+                Tables\Columns\TextColumn::make('role'),
+            ])
+            ->headerActions([
+                Tables\Actions\CreateAction::make()
+                    ->icon('heroicon-s-plus')
+                    ->using(function (array $data, string $model): Model {
+                        /** @var Organization $ownerRecord */
+                        $ownerRecord = $this->getOwnerRecord();
+
+                        return app(InvitationService::class)
+                            ->inviteUser($ownerRecord, $data['email'], Role::from($data['role']));
+                    }),
+            ])
+            ->actions([
+                Action::make('view')
+                    ->icon('heroicon-o-eye')
+                    ->color('gray')
+                    ->url(fn (OrganizationInvitation $record): string => OrganizationInvitationResource::getUrl('view', [
+                        'record' => $record->getKey(),
+                    ])),
+                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\BulkActionGroup::make([
+                    Tables\Actions\DetachBulkAction::make(),
+                ]),
+            ]);
+    }
+}

app/Filament/Resources/OrganizationResource/RelationManagers/UsersRelationManager.php

@@ -5,17 +5,24 @@ declare(strict_types=1);
 namespace App\Filament\Resources\OrganizationResource\RelationManagers;
 
 use App\Enums\Role;
+use App\Exceptions\Api\ApiException;
 use App\Filament\Resources\UserResource;
+use App\Models\Member;
+use App\Models\Organization;
 use App\Models\User;
+use App\Service\BillableRateService;
+use App\Service\MemberService;
 use Filament\Forms\Components\Select;
 use Filament\Forms\Components\TextInput;
 use Filament\Forms\Form;
+use Filament\Notifications\Notification;
 use Filament\Resources\RelationManagers\RelationManager;
 use Filament\Tables;
 use Filament\Tables\Actions\Action;
 use Filament\Tables\Actions\AttachAction;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Table;
+use Illuminate\Validation\Rule;
 
 class UsersRelationManager extends RelationManager
 {
@@ -36,20 +43,40 @@ class UsersRelationManager extends RelationManager
 
     public function table(Table $table): Table
     {
+        /** @var Organization $organization */
+        $organization = $this->getOwnerRecord();
+
         return $table
             ->recordTitleAttribute('name')
             ->columns([
                 Tables\Columns\TextColumn::make('name'),
                 Tables\Columns\TextColumn::make('role'),
                 TextColumn::make('billable_rate')
-                    ->money($this->getOwnerRecord()->currency ?? 'EUR', divideBy: 100),
+                    ->money($organization->currency, divideBy: 100),
             ])
             ->headerActions([
-                Tables\Actions\AttachAction::make()->form(fn (AttachAction $action): array => [
-                    $action->getRecordSelect(),
-                    Select::make('role')
-                        ->options(Role::class),
-                ]),
+                Tables\Actions\AttachAction::make()
+                    ->recordTitle(fn (User $record): string => "{$record->name} ({$record->email})")
+                    ->form(fn (AttachAction $action): array => [
+                        $action->getRecordSelect(),
+                        Select::make('role')
+                            ->required()
+                            ->options(Role::class)
+                            ->rule([
+                                'required',
+                                'string',
+                                Rule::enum(Role::class)
+                                    ->except([Role::Owner, Role::Placeholder]),
+                            ]),
+                    ])
+                    ->label('Add user')
+                    ->modalHeading('Add user')
+                    ->icon('heroicon-s-plus')
+                    ->using(function (User $record, array $data): void {
+                        /** @var Organization $organization */
+                        $organization = $this->getOwnerRecord();
+                        app(MemberService::class)->addMember($record, $organization, Role::from($data['role']), true);
+                    }),
             ])
             ->actions([
                 Action::make('view')
@@ -58,13 +85,55 @@ class UsersRelationManager extends RelationManager
                     ->url(fn (User $record): string => UserResource::getUrl('view', [
                         'record' => $record->getKey(),
                     ])),
-                Tables\Actions\EditAction::make(),
-                Tables\Actions\DetachAction::make(),
+                Tables\Actions\EditAction::make()
+                    ->using(function (User $record, array $data): User {
+                        /** @var Organization $organization */
+                        $organization = $this->getOwnerRecord();
+                        /** @var Member $member */
+                        $member = $record->getRelation('membership');
+
+                        if ($data['billable_rate'] !== $member->billable_rate) {
+                            $member->billable_rate = $data['billable_rate'];
+                            app(BillableRateService::class)->updateTimeEntriesBillableRateForMember($member);
+                        }
+
+                        if ($data['role'] !== $member->role) {
+                            try {
+                                app(MemberService::class)->changeRole($member, $organization, Role::from($data['role']), true);
+                            } catch (ApiException $exception) {
+                                Notification::make()
+                                    ->danger()
+                                    ->title('Update failed')
+                                    ->body($exception->getTranslatedMessage())
+                                    ->persistent()
+                                    ->send();
+                            }
+                        }
+                        $member->save();
+
+                        return $record;
+                    }),
+                Tables\Actions\DetachAction::make()
+                    ->using(function (User $record): void {
+                        /** @var Organization $organization */
+                        $organization = $this->getOwnerRecord();
+                        $member = Member::query()
+                            ->whereBelongsTo($record, 'user')
+                            ->whereBelongsTo($organization, 'organization')
+                            ->firstOrFail();
+                        try {
+                            app(MemberService::class)->removeMember($member, $organization);
+                        } catch (ApiException $exception) {
+                            Notification::make()
+                                ->danger()
+                                ->title('Delete failed')
+                                ->body($exception->getTranslatedMessage())
+                                ->persistent()
+                                ->send();
+                        }
+                    }),
             ])
             ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                    Tables\Actions\DetachBulkAction::make(),
-                ]),
             ]);
     }
 }

app/Filament/Resources/ProjectMemberResource/Pages/EditProjectMember.php

@@ -15,7 +15,8 @@ class EditProjectMember extends EditRecord
     protected function getHeaderActions(): array
     {
         return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
         ];
     }
 }

app/Filament/Resources/ProjectMemberResource/Pages/ListProjectMembers.php

@@ -15,7 +15,8 @@ class ListProjectMembers extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/ProjectResource.php

@@ -72,8 +72,13 @@ class ProjectResource extends Resource
             ])
             ->filters([
                 SelectFilter::make('organization')
+                    ->label('Organization')
                     ->relationship('organization', 'name')
                     ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
             ])
             ->defaultSort('created_at', 'desc')
             ->actions([

app/Filament/Resources/ProjectResource/Pages/EditProject.php

@@ -15,7 +15,8 @@ class EditProject extends EditRecord
     protected function getHeaderActions(): array
     {
         return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
         ];
     }
 }

app/Filament/Resources/ProjectResource/Pages/ListProjects.php

@@ -15,7 +15,8 @@ class ListProjects extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/ReportResource.php

@@ -0,0 +1,141 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Filament\Resources\ReportResource\Pages;
+use App\Models\Report;
+use App\Service\Dto\ReportPropertiesDto;
+use Filament\Forms;
+use Filament\Forms\Components\DateTimePicker;
+use Filament\Forms\Components\Toggle;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Actions\Action;
+use Filament\Tables\Columns\TextColumn;
+use Filament\Tables\Columns\ToggleColumn;
+use Filament\Tables\Filters\SelectFilter;
+use Filament\Tables\Table;
+use Novadaemon\FilamentPrettyJson\Form\PrettyJsonField;
+
+class ReportResource extends Resource
+{
+    protected static ?string $model = Report::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-document-chart-bar';
+
+    protected static ?string $navigationGroup = 'Timetracking';
+
+    protected static ?int $navigationSort = 7;
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->columns(1)
+            ->schema([
+                Forms\Components\TextInput::make('name')
+                    ->label('Name')
+                    ->required()
+                    ->maxLength(255),
+                Forms\Components\TextInput::make('description')
+                    ->label('Description')
+                    ->nullable()
+                    ->maxLength(255),
+                Toggle::make('is_public')
+                    ->label('Is public?')
+                    ->required(),
+                DateTimePicker::make('public_until')
+                    ->label('Public until')
+                    ->nullable(),
+                Forms\Components\Select::make('organization_id')
+                    ->label('Organization')
+                    ->relationship(name: 'organization', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->disabled()
+                    ->required(),
+                Forms\Components\TextInput::make('share_secret')
+                    ->label('Share Secret')
+                    ->nullable(),
+                PrettyJsonField::make('properties')
+                    ->formatStateUsing(function (ReportPropertiesDto $state, Report $record): string {
+                        return $record->getRawOriginal('properties');
+                    })
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('created_at')
+                    ->label('Created At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('updated_at')
+                    ->label('Updated At')
+                    ->hiddenOn(['create'])
+                    ->disabled(),
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('description')
+                    ->searchable()
+                    ->sortable(),
+                ToggleColumn::make('is_public')
+                    ->label('Is public?')
+                    ->sortable(),
+                TextColumn::make('organization.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('created_at')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('updated_at')
+                    ->dateTime()
+                    ->sortable()
+                    ->toggleable(isToggledHiddenByDefault: true),
+            ])
+            ->defaultSort('created_at', 'desc')
+            ->filters([
+                SelectFilter::make('organization')
+                    ->label('Organization')
+                    ->relationship('organization', 'name')
+                    ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
+            ])
+            ->actions([
+                Action::make('public-view')
+                    ->label('Public')
+                    ->icon('heroicon-o-eye')
+                    ->color('gray')
+                    ->hidden(fn (Report $record): bool => $record->getShareableLink() === null)
+                    ->url(fn (Report $record): string => $record->getShareableLink(), true),
+                Tables\Actions\ViewAction::make(),
+                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+            ]);
+    }
+
+    public static function getRelations(): array
+    {
+        return [
+        ];
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ListReports::route('/'),
+            'edit' => Pages\EditReport::route('/{record}/edit'),
+            'view' => Pages\ViewReport::route('/{record}'),
+        ];
+    }
+}

app/Filament/Resources/ReportResource/Pages/EditReport.php

@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\ReportResource\Pages;
+
+use App\Filament\Resources\ReportResource;
+use Filament\Actions;
+use Filament\Resources\Pages\EditRecord;
+
+class EditReport extends EditRecord
+{
+    protected static string $resource = ReportResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
+        ];
+    }
+}

app/Filament/Resources/ReportResource/Pages/ListReports.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\ReportResource\Pages;
+
+use App\Filament\Resources\ReportResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListReports extends ListRecords
+{
+    protected static string $resource = ReportResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}

app/Filament/Resources/ReportResource/Pages/ViewReport.php

@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\ReportResource\Pages;
+
+use App\Filament\Resources\ReportResource;
+use Filament\Actions\EditAction;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewReport extends ViewRecord
+{
+    protected static string $resource = ReportResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            EditAction::make('edit')
+                ->icon('heroicon-s-pencil'),
+        ];
+    }
+}

app/Filament/Resources/TagResource.php

@@ -60,8 +60,13 @@ class TagResource extends Resource
             ->defaultSort('created_at', 'desc')
             ->filters([
                 SelectFilter::make('organization')
+                    ->label('Organization')
                     ->relationship('organization', 'name')
                     ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
             ])
             ->actions([
                 Tables\Actions\EditAction::make(),

app/Filament/Resources/TagResource/Pages/EditTag.php

@@ -15,7 +15,8 @@ class EditTag extends EditRecord
     protected function getHeaderActions(): array
     {
         return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
         ];
     }
 }

app/Filament/Resources/TagResource/Pages/ListTags.php

@@ -15,7 +15,8 @@ class ListTags extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/TaskResource.php

@@ -61,8 +61,13 @@ class TaskResource extends Resource
             ])
             ->filters([
                 SelectFilter::make('organization')
+                    ->label('Organization')
                     ->relationship('organization', 'name')
                     ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
             ])
             ->defaultSort('created_at', 'desc')
             ->actions([

app/Filament/Resources/TaskResource/Pages/EditTask.php

@@ -15,7 +15,8 @@ class EditTask extends EditRecord
     protected function getHeaderActions(): array
     {
         return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
         ];
     }
 }

app/Filament/Resources/TaskResource/Pages/ListTasks.php

@@ -15,7 +15,8 @@ class ListTasks extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/TimeEntryResource.php

@@ -92,8 +92,13 @@ class TimeEntryResource extends Resource
             ])
             ->filters([
                 SelectFilter::make('organization')
+                    ->label('Organization')
                     ->relationship('organization', 'name')
                     ->searchable(),
+                SelectFilter::make('organization_id')
+                    ->label('Organization ID')
+                    ->relationship('organization', 'id')
+                    ->searchable(),
             ])
             ->defaultSort('created_at', 'desc')
             ->actions([

app/Filament/Resources/TimeEntryResource/Pages/EditTimeEntry.php

@@ -15,7 +15,8 @@ class EditTimeEntry extends EditRecord
     protected function getHeaderActions(): array
     {
         return [
-            Actions\DeleteAction::make(),
+            Actions\DeleteAction::make()
+                ->icon('heroicon-m-trash'),
         ];
     }
 }

app/Filament/Resources/TimeEntryResource/Pages/ListTimeEntries.php

@@ -15,7 +15,8 @@ class ListTimeEntries extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/TokenResource.php

@@ -0,0 +1,143 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources;
+
+use App\Filament\Resources\TokenResource\Pages;
+use App\Models\Passport\Token;
+use Filament\Forms;
+use Filament\Forms\Form;
+use Filament\Resources\Resource;
+use Filament\Tables;
+use Filament\Tables\Filters\TernaryFilter;
+use Filament\Tables\Table;
+use Illuminate\Database\Eloquent\Builder;
+
+class TokenResource extends Resource
+{
+    protected static ?string $model = Token::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-key';
+
+    protected static ?string $navigationGroup = 'Auth';
+
+    protected static ?int $navigationSort = 6;
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->columns(1)
+            ->schema([
+                Forms\Components\TextInput::make('id')
+                    ->label('ID')
+                    ->disabled()
+                    ->visibleOn(['update', 'show'])
+                    ->readOnly()
+                    ->maxLength(255),
+                Forms\Components\TextInput::make('name')
+                    ->label('Name')
+                    ->required()
+                    ->maxLength(255),
+                Forms\Components\Select::make('owner_id')
+                    ->label('User')
+                    ->relationship(name: 'user', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->disabled()
+                    ->required(),
+                Forms\Components\Select::make('client_id')
+                    ->label('Client')
+                    ->relationship(name: 'client', titleAttribute: 'name')
+                    ->searchable(['name'])
+                    ->required(),
+                Forms\Components\Toggle::make('revoked')
+                    ->label('Revoked')
+                    ->required(),
+                Forms\Components\DateTimePicker::make('expires_at')
+                    ->label('Expires At')
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('created_at')
+                    ->label('Created At')
+                    ->disabled(),
+                Forms\Components\DateTimePicker::make('updated_at')
+                    ->label('Updated At')
+                    ->disabled(),
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('user.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('client.name')
+                    ->searchable()
+                    ->sortable(),
+                Tables\Columns\IconColumn::make('personal_access_client')
+                    ->state(function (Token $token): bool {
+                        return in_array('personal_access', $token->client->grant_types ?? [], true);
+                    })
+                    ->boolean()
+                    ->label('API token?'),
+                Tables\Columns\IconColumn::make('revoked')
+                    ->boolean()
+                    ->label('Revoked?')
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('expires_at')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('created_at')
+                    ->dateTime()
+                    ->sortable(),
+                Tables\Columns\TextColumn::make('updated_at')
+                    ->dateTime()
+                    ->sortable()
+                    ->toggleable(isToggledHiddenByDefault: true),
+            ])
+            ->defaultSort('created_at', 'desc')
+            ->filters([
+                TernaryFilter::make('is_personal_access_client')
+                    ->queries(
+                        true: function (Builder $query) {
+                            /** @var Builder<Token> $query */
+                            return $query->isApiToken();
+                        },
+                        false: function (Builder $query) {
+                            /** @var Builder<Token> $query */
+                            return $query->isApiToken(false);
+                        },
+                        blank: function (Builder $query) {
+                            /** @var Builder<Token> $query */
+                            return $query;
+                        },
+                    )
+                    ->label('API token?'),
+                TernaryFilter::make('revoked')
+                    ->label('Revoked?'),
+            ])
+            ->actions([
+                Tables\Actions\ViewAction::make(),
+            ])
+            ->bulkActions([
+            ]);
+    }
+
+    public static function getRelations(): array
+    {
+        return [
+        ];
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ListTokens::route('/'),
+            'view' => Pages\ViewToken::route('/{record}'),
+        ];
+    }
+}

app/Filament/Resources/TokenResource/Pages/ListTokens.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\TokenResource\Pages;
+
+use App\Filament\Resources\TokenResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListTokens extends ListRecords
+{
+    protected static string $resource = TokenResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}

app/Filament/Resources/TokenResource/Pages/ViewToken.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\TokenResource\Pages;
+
+use App\Filament\Resources\TokenResource;
+use Filament\Resources\Pages\ViewRecord;
+
+class ViewToken extends ViewRecord
+{
+    protected static string $resource = TokenResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+        ];
+    }
+}

app/Filament/Resources/UserResource.php

@@ -5,21 +5,28 @@ declare(strict_types=1);
 namespace App\Filament\Resources;
 
 use App\Enums\Weekday;
+use App\Exceptions\Api\ApiException;
 use App\Filament\Resources\UserResource\Pages;
 use App\Filament\Resources\UserResource\RelationManagers\OrganizationsRelationManager;
 use App\Filament\Resources\UserResource\RelationManagers\OwnedOrganizationsRelationManager;
 use App\Models\User;
+use App\Service\DeletionService;
 use App\Service\TimezoneService;
+use Brick\Money\ISOCurrencyProvider;
 use Exception;
 use Filament\Forms;
 use Filament\Forms\Components\TextInput;
 use Filament\Forms\Form;
+use Filament\Notifications\Notification;
 use Filament\Resources\Resource;
 use Filament\Tables;
 use Filament\Tables\Filters\TernaryFilter;
 use Filament\Tables\Table;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
+use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
 use STS\FilamentImpersonate\Tables\Actions\Impersonate;
 
 class UserResource extends Resource
@@ -34,6 +41,9 @@ class UserResource extends Resource
 
     public static function form(Form $form): Form
     {
+        /** @var User|null $record */
+        $record = $form->getRecord();
+
         return $form
             ->columns(1)
             ->schema([
@@ -50,12 +60,25 @@ class UserResource extends Resource
                 Forms\Components\TextInput::make('email')
                     ->label('Email')
                     ->required()
+                    ->rules($record?->is_placeholder ? [] : [
+                        UniqueEloquent::make(User::class, 'email')
+                            ->ignore($record?->getKey()),
+                    ])
+                    ->rule([
+                        'email',
+                    ])
                     ->maxLength(255),
                 Forms\Components\Toggle::make('is_placeholder')
-                    ->label('Is Placeholder'),
+                    ->label('Is Placeholder?')
+                    ->hiddenOn(['create'])
+                    ->disabledOn(['edit']),
                 Forms\Components\DateTimePicker::make('email_verified_at')
                     ->label('Email Verified At')
+                    ->hiddenOn(['create'])
                     ->nullable(),
+                Forms\Components\Toggle::make('is_email_verified')
+                    ->label('Email Verified?')
+                    ->visibleOn(['create']),
                 Forms\Components\Select::make('timezone')
                     ->label('Timezone')
                     ->options(fn (): array => app(TimezoneService::class)->getSelectOptions())
@@ -67,15 +90,39 @@ class UserResource extends Resource
                     ->required(),
                 TextInput::make('password')
                     ->password()
+                    ->label('Password')
                     ->dehydrateStateUsing(fn ($state) => Hash::make($state))
                     ->dehydrated(fn ($state) => filled($state))
+                    ->hiddenOn(['create'])
                     ->required(fn (string $context): bool => $context === 'create')
                     ->maxLength(255),
+                TextInput::make('password_create')
+                    ->password()
+                    ->label('Password')
+                    ->visibleOn(['create'])
+                    ->required(fn (string $context): bool => $context === 'create')
+                    ->maxLength(255),
+                Forms\Components\Select::make('currency')
+                    ->label('Currency (Personal Organization)')
+                    ->options(function (): array {
+                        $currencies = ISOCurrencyProvider::getInstance()->getAvailableCurrencies();
+                        $select = [];
+                        foreach ($currencies as $currency) {
+                            $select[$currency->getCurrencyCode()] = $currency->getName().' ('.$currency->getCurrencyCode().')';
+                        }
+
+                        return $select;
+                    })
+                    ->required()
+                    ->visibleOn(['create'])
+                    ->searchable(),
                 Forms\Components\DateTimePicker::make('created_at')
                     ->label('Created At')
+                    ->hiddenOn(['create'])
                     ->disabled(),
                 Forms\Components\DateTimePicker::make('updated_at')
                     ->label('Updated At')
+                    ->hiddenOn(['create'])
                     ->disabled(),
             ]);
     }
@@ -145,11 +192,30 @@ class UserResource extends Resource
                     }
                 }),
                 Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make()
+                    ->hidden(fn (User $record) => $record->is(Auth::user()))
+                    ->using(function (User $record): void {
+                        try {
+                            app(DeletionService::class)->deleteUser($record);
+                        } catch (ApiException $exception) {
+                            Notification::make()
+                                ->danger()
+                                ->title('Delete failed')
+                                ->body($exception->getTranslatedMessage())
+                                ->persistent()
+                                ->send();
+                        }
+                    }),
             ])
             ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                    Tables\Actions\DeleteBulkAction::make(),
-                ]),
+                Tables\Actions\BulkAction::make('Resend verification email')
+                    ->icon('heroicon-o-paper-airplane')
+                    ->action(function (Collection $records): void {
+                        foreach ($records as $user) {
+                            /** @var User $user */
+                            $user->sendEmailVerificationNotification();
+                        }
+                    }),
             ]);
     }
 

app/Filament/Resources/UserResource/Pages/CreateUser.php

@@ -4,24 +4,29 @@ declare(strict_types=1);
 
 namespace App\Filament\Resources\UserResource\Pages;
 
+use App\Enums\Weekday;
 use App\Filament\Resources\UserResource;
-use App\Models\Organization;
 use App\Models\User;
+use App\Service\UserService;
 use Filament\Resources\Pages\CreateRecord;
 
 class CreateUser extends CreateRecord
 {
     protected static string $resource = UserResource::class;
 
-    protected function afterCreate(): void
+    protected function handleRecordCreation(array $data): User
     {
-        /** @var User $user */
-        $user = $this->record;
+        $userService = app(UserService::class);
+        $user = $userService->createUser(
+            $data['name'],
+            $data['email'],
+            $data['password_create'],
+            $data['timezone'],
+            Weekday::from($data['week_start']),
+            $data['currency'],
+            verifyEmail: (bool) $data['is_email_verified']
+        );
 
-        $user->ownedTeams()->save(Organization::forceCreate([
-            'user_id' => $user->id,
-            'name' => explode(' ', $user->name, 2)[0]."'s Organization",
-            'personal_team' => true,
-        ]));
+        return $user;
     }
 }

app/Filament/Resources/UserResource/Pages/ListUsers.php

@@ -15,7 +15,8 @@ class ListUsers extends ListRecords
     protected function getHeaderActions(): array
     {
         return [
-            Actions\CreateAction::make(),
+            Actions\CreateAction::make()
+                ->icon('heroicon-s-plus'),
         ];
     }
 }

app/Filament/Resources/UserResource/Pages/ViewUser.php

@@ -7,6 +7,7 @@ namespace App\Filament\Resources\UserResource\Pages;
 use App\Filament\Resources\UserResource;
 use Filament\Actions\EditAction;
 use Filament\Resources\Pages\ViewRecord;
+use STS\FilamentImpersonate\Pages\Actions\Impersonate;
 
 class ViewUser extends ViewRecord
 {
@@ -15,6 +16,7 @@ class ViewUser extends ViewRecord
     protected function getHeaderActions(): array
     {
         return [
+            Impersonate::make()->record($this->getRecord()),
             EditAction::make('edit')
                 ->icon('heroicon-s-pencil'),
         ];

app/Filament/Resources/UserResource/RelationManagers/OrganizationsRelationManager.php

@@ -5,15 +5,18 @@ declare(strict_types=1);
 namespace App\Filament\Resources\UserResource\RelationManagers;
 
 use App\Enums\Role;
+use App\Exceptions\Api\ApiException;
 use App\Filament\Resources\OrganizationResource;
+use App\Models\Member;
 use App\Models\Organization;
+use App\Models\User;
+use App\Service\MemberService;
 use Filament\Forms\Components\Select;
-use Filament\Forms\Components\TextInput;
 use Filament\Forms\Form;
+use Filament\Notifications\Notification;
 use Filament\Resources\RelationManagers\RelationManager;
 use Filament\Tables;
 use Filament\Tables\Actions\Action;
-use Filament\Tables\Actions\AttachAction;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Table;
 
@@ -27,10 +30,6 @@ class OrganizationsRelationManager extends RelationManager
             ->schema([
                 Select::make('role')
                     ->options(Role::class),
-                TextInput::make('billable_rate')
-                    ->label('Billable rate (in Cents)')
-                    ->nullable()
-                    ->numeric(),
             ]);
     }
 
@@ -41,15 +40,11 @@ class OrganizationsRelationManager extends RelationManager
             ->columns([
                 TextColumn::make('name'),
                 TextColumn::make('role'),
-                TextColumn::make('billable_rate')
-                    ->money(fn (Organization $resource) => $resource->currency ?? 'EUR', divideBy: 100),
+                TextColumn::make('membership.billable_rate')
+                    ->label('Billable rate')
+                    ->money(fn (Organization $resource) => $resource->currency, divideBy: 100),
             ])
             ->headerActions([
-                Tables\Actions\AttachAction::make()->form(fn (AttachAction $action): array => [
-                    $action->getRecordSelect(),
-                    Select::make('role')
-                        ->options(Role::class),
-                ]),
             ])
             ->actions([
                 Action::make('view')
@@ -58,13 +53,48 @@ class OrganizationsRelationManager extends RelationManager
                     ->url(fn (Organization $record): string => OrganizationResource::getUrl('view', [
                         'record' => $record->getKey(),
                     ])),
-                Tables\Actions\EditAction::make(),
-                Tables\Actions\DetachAction::make(),
+                Tables\Actions\EditAction::make()
+                    ->using(function (Organization $record, array $data): Organization {
+                        /** @var Member $member */
+                        $member = $record->getRelation('membership');
+
+                        if ($data['role'] !== $member->role) {
+                            try {
+                                app(MemberService::class)->changeRole($member, $record, Role::from($data['role']), true);
+                            } catch (ApiException $exception) {
+                                Notification::make()
+                                    ->danger()
+                                    ->title('Update failed')
+                                    ->body($exception->getTranslatedMessage())
+                                    ->persistent()
+                                    ->send();
+                            }
+                        }
+                        $member->save();
+
+                        return $record;
+                    }),
+                Tables\Actions\DetachAction::make()
+                    ->using(function (Organization $record): void {
+                        /** @var User $user */
+                        $user = $this->getOwnerRecord();
+                        $member = Member::query()
+                            ->whereBelongsTo($user, 'user')
+                            ->whereBelongsTo($record, 'organization')
+                            ->firstOrFail();
+                        try {
+                            app(MemberService::class)->removeMember($member, $record);
+                        } catch (ApiException $exception) {
+                            Notification::make()
+                                ->danger()
+                                ->title('Delete failed')
+                                ->body($exception->getTranslatedMessage())
+                                ->persistent()
+                                ->send();
+                        }
+                    }),
             ])
             ->bulkActions([
-                Tables\Actions\BulkActionGroup::make([
-                    Tables\Actions\DetachBulkAction::make(),
-                ]),
             ]);
     }
 }

app/Filament/Widgets/ActiveUserOverview.php

@@ -14,7 +14,7 @@ class ActiveUserOverview extends BaseWidget
 {
     protected static ?int $sort = 1;
 
-    protected static ?string $heading = 'A Registrations';
+    protected ?string $heading = 'A Registrations';
 
     protected function getCards(): array
     {

app/Http/Controllers/Api/V1/ApiTokenController.php

@@ -0,0 +1,120 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Exceptions\Api\PersonalAccessClientIsNotConfiguredException;
+use App\Http\Requests\V1\ApiToken\ApiTokenStoreRequest;
+use App\Http\Resources\V1\ApiToken\ApiTokenCollection;
+use App\Http\Resources\V1\ApiToken\ApiTokenWithAccessTokenResource;
+use App\Models\Passport\Client;
+use App\Models\Passport\Token;
+use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Str;
+
+class ApiTokenController extends Controller
+{
+    /**
+     * List all api token of the currently authenticated user
+     *
+     * This endpoint is independent of organization.
+     *
+     * @operationId getApiTokens
+     *
+     * @throws AuthorizationException
+     */
+    public function index(): ApiTokenCollection
+    {
+        $user = $this->user();
+
+        $tokens = $user->tokens()
+            ->whereHas('client', function (Builder $query): void {
+                /** @var Builder<Client> $query */
+                $query->whereJsonContains('grant_types', 'personal_access');
+            })
+            ->get();
+
+        return new ApiTokenCollection($tokens);
+    }
+
+    /**
+     * Create a new api token for the currently authenticated user
+     *
+     * The response will contain the access token that can be used to send authenticated API requests.
+     * Please note that the access token is only shown in this response and cannot be retrieved later.
+     *
+     * @operationId createApiToken
+     *
+     * @throws AuthorizationException|PersonalAccessClientIsNotConfiguredException
+     */
+    public function store(ApiTokenStoreRequest $request): ApiTokenWithAccessTokenResource
+    {
+        $user = $this->user();
+
+        try {
+            $token = $user->createToken($request->getName(), ['*']);
+
+            /** @var Token $tokenModel */
+            $tokenModel = $token->getToken();
+
+            return new ApiTokenWithAccessTokenResource($tokenModel, $token->accessToken);
+        } catch (\RuntimeException $exception) {
+            report($exception);
+            if (Str::contains($exception->getMessage(), ['Personal access client not found'])) {
+                throw new PersonalAccessClientIsNotConfiguredException;
+            }
+
+            throw $exception;
+        }
+    }
+
+    /**
+     * Revoke an api token
+     *
+     * @operationId revokeApiToken
+     *
+     * @throws AuthorizationException
+     * @throws PersonalAccessClientIsNotConfiguredException
+     */
+    public function revoke(Token $apiToken): JsonResponse
+    {
+        $user = $this->user();
+
+        if ($apiToken->user_id !== $user->getKey()) {
+            throw new AuthorizationException('API token does not belong to user');
+        }
+        if (! ($apiToken->client?->hasGrantType('personal_access') ?? false)) {
+            throw new AuthorizationException('API token is not a personal access token');
+        }
+
+        $apiToken->revoke();
+
+        return response()->json(null, 204);
+    }
+
+    /**
+     * Delete an api token
+     *
+     * @operationId deleteApiToken
+     *
+     * @throws AuthorizationException|PersonalAccessClientIsNotConfiguredException
+     */
+    public function destroy(Token $apiToken): JsonResponse
+    {
+        $user = $this->user();
+
+        if ($apiToken->user_id !== $user->getKey()) {
+            throw new AuthorizationException('API token does not belong to user');
+        }
+        if (! ($apiToken->client?->hasGrantType('personal_access') ?? false)) {
+            throw new AuthorizationException('API token is not a personal access token');
+        }
+
+        $apiToken->delete();
+
+        return response()->json(null, 204);
+    }
+}