1.4.0

Admins were seeing all requests on their own requests page.
Added mine=1 param to force user_id filter regardless of role.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "app-ts",
-  "version": "1.3.9",
+  "version": "1.4.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "app-ts",
-      "version": "1.3.9",
+      "version": "1.4.0",
       "license": "ISC",
       "dependencies": {
         "@dnd-kit/core": "^6.3.1",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-ts",
-  "version": "1.3.9",
+  "version": "1.4.0",
   "description": "",
   "main": "dist/server.js",
   "scripts": {

src/admin/pages/LeaveRequests.tsx

@@ -61,7 +61,7 @@ export default function LeaveRequests() {
 
   const fetchRequests = useCallback(async () => {
     try {
-      const response = await apiFetch(`${API_BASE}/leave-requests`);
+      const response = await apiFetch(`${API_BASE}/leave-requests?mine=1`);
       if (response.status === 401) return;
       const result = await response.json();
       if (result.success) {

src/routes/admin/leave-requests.ts

@@ -29,7 +29,7 @@ export default async function leaveRequestsRoutes(
     const isAdmin = authData.permissions.includes("attendance.approve");
 
     const where: Record<string, unknown> = {};
-    if (!isAdmin) where.user_id = authData.userId;
+    if (!isAdmin || query.mine === "1") where.user_id = authData.userId;
     else if (query.user_id) where.user_id = Number(query.user_id);
     if (query.status) where.status = String(query.status);