From af1b41994c70d07621f0fe7b66b7ebe07a211c89 Mon Sep 17 00:00:00 2001 From: BOHA Date: Fri, 27 Mar 2026 17:32:22 +0100 Subject: [PATCH] fix: attendance shows only users with attendance.record permission - Filter attendance admin/balances/workfund to users with attendance.record permission or admin role - New attendance_users API action for user dropdown - Fix missing prisma import in attendance route - Fix user edit: empty password no longer blocks save (preprocess to undefined) Co-Authored-By: Claude Opus 4.6 (1M context) --- src/admin/hooks/useAttendanceAdmin.ts | 4 ++- src/routes/admin/attendance.ts | 33 +++++++++++++++++++++ src/schemas/users.schema.ts | 5 +++- src/services/attendance.service.ts | 41 +++++++++++++++++---------- 4 files changed, 66 insertions(+), 17 deletions(-) diff --git a/src/admin/hooks/useAttendanceAdmin.ts b/src/admin/hooks/useAttendanceAdmin.ts index 4b978f3..913a94a 100644 --- a/src/admin/hooks/useAttendanceAdmin.ts +++ b/src/admin/hooks/useAttendanceAdmin.ts @@ -561,7 +561,9 @@ export default function useAttendanceAdmin({ alert }: AlertContext) { useEffect(() => { const loadUsers = async () => { try { - const response = await apiFetch(`${API_BASE}/users?limit=1000`); + const response = await apiFetch( + `${API_BASE}/attendance?action=attendance_users`, + ); const result = await response.json(); if (result.success) { const apiUsers: ApiUser[] = result.data; diff --git a/src/routes/admin/attendance.ts b/src/routes/admin/attendance.ts index 5f0a577..fd22363 100644 --- a/src/routes/admin/attendance.ts +++ b/src/routes/admin/attendance.ts @@ -1,4 +1,5 @@ import { FastifyInstance } from "fastify"; +import prisma from "../../config/database"; import { requireAuth, requirePermission } from "../../middleware/auth"; import { logAudit } from "../../services/audit"; import { success, error, parseId } from "../../utils/response"; @@ -132,6 +133,38 @@ export default async function attendanceRoutes( return reply.send({ success: true, data }); } + // --- action=attendance_users: users with attendance.record permission --- + if (action === "attendance_users") { + const users = await prisma.users.findMany({ + where: { + is_active: true, + roles: { + is: { + OR: [ + { name: "admin" }, + { + role_permissions: { + some: { permissions: { name: "attendance.record" } }, + }, + }, + ], + }, + }, + }, + select: { id: true, first_name: true, last_name: true, username: true }, + orderBy: { last_name: "asc" }, + }); + return reply.send({ + success: true, + data: users.map((u) => ({ + id: u.id, + first_name: u.first_name, + last_name: u.last_name, + username: u.username, + })), + }); + } + // --- action=projects: active projects for attendance project switching --- if (action === "projects") { const data = await attendanceService.getActiveProjects(); diff --git a/src/schemas/users.schema.ts b/src/schemas/users.schema.ts index 9d069e5..13cc299 100644 --- a/src/schemas/users.schema.ts +++ b/src/schemas/users.schema.ts @@ -16,7 +16,10 @@ export const CreateUserSchema = z.object({ export const UpdateUserSchema = z.object({ username: z.string().optional(), email: z.string().email("Neplatný formát e-mailu").optional(), - password: z.string().min(8, "Heslo musí mít alespoň 8 znaků").optional(), + password: z.preprocess( + (v) => (v === "" ? undefined : v), + z.string().min(8, "Heslo musí mít alespoň 8 znaků").optional(), + ), first_name: z.string().optional(), last_name: z.string().optional(), role_id: z.union([z.number(), z.string(), z.null()]).optional(), diff --git a/src/services/attendance.service.ts b/src/services/attendance.service.ts index 52ec1dd..9b95769 100644 --- a/src/services/attendance.service.ts +++ b/src/services/attendance.service.ts @@ -4,6 +4,29 @@ import { getBusinessDaysInMonth } from "../utils/czech-holidays"; import { localDateStr } from "../utils/date"; import { getSystemSettings } from "./system-settings"; +/** Get active users whose role has attendance.record permission (or admin role) */ +async function getAttendanceUsers() { + return prisma.users.findMany({ + where: { + is_active: true, + roles: { + is: { + OR: [ + { name: "admin" }, + { + role_permissions: { + some: { permissions: { name: "attendance.record" } }, + }, + }, + ], + }, + }, + }, + select: { id: true, first_name: true, last_name: true }, + orderBy: { last_name: "asc" }, + }); +} + type AttendanceWithRelations = Prisma.attendanceGetPayload<{ include: { users: { select: { id: true; first_name: true; last_name: true } }; @@ -421,11 +444,7 @@ export async function switchProject(userId: number, projectId: number | null) { } export async function getBalances(year: number) { - const users = await prisma.users.findMany({ - where: { is_active: true }, - select: { id: true, first_name: true, last_name: true }, - orderBy: { last_name: "asc" }, - }); + const users = await getAttendanceUsers(); const balances: Record< string, @@ -463,11 +482,7 @@ export async function getBalances(year: number) { } export async function getWorkfund(year: number) { - const users = await prisma.users.findMany({ - where: { is_active: true }, - select: { id: true, first_name: true, last_name: true }, - orderBy: { last_name: "asc" }, - }); + const users = await getAttendanceUsers(); const now = new Date(); const currentYear = now.getFullYear(); @@ -734,11 +749,7 @@ export async function getPrintData( const monthStart = new Date(yr, mo - 1, 1); const monthEnd = new Date(yr, mo, 0, 23, 59, 59); - const users = await prisma.users.findMany({ - where: { is_active: true }, - select: { id: true, first_name: true, last_name: true }, - orderBy: { last_name: "asc" }, - }); + const users = await getAttendanceUsers(); const where: Record = { shift_date: { gte: monthStart, lte: monthEnd },