1.3.7

- Filter attendance admin/balances/workfund to users with attendance.record
  permission or admin role
- New attendance_users API action for user dropdown
- Fix missing prisma import in attendance route
- Fix user edit: empty password no longer blocks save (preprocess to undefined)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "app-ts",
-  "version": "1.3.6",
+  "version": "1.3.7",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "app-ts",
-      "version": "1.3.6",
+      "version": "1.3.7",
       "license": "ISC",
       "dependencies": {
         "@dnd-kit/core": "^6.3.1",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-ts",
-  "version": "1.3.6",
+  "version": "1.3.7",
   "description": "",
   "main": "dist/server.js",
   "scripts": {

src/admin/hooks/useAttendanceAdmin.ts

@@ -561,7 +561,9 @@ export default function useAttendanceAdmin({ alert }: AlertContext) {
   useEffect(() => {
     const loadUsers = async () => {
       try {
-        const response = await apiFetch(`${API_BASE}/users?limit=1000`);
+        const response = await apiFetch(
+          `${API_BASE}/attendance?action=attendance_users`,
+        );
         const result = await response.json();
         if (result.success) {
           const apiUsers: ApiUser[] = result.data;

src/routes/admin/attendance.ts

@@ -1,4 +1,5 @@
 import { FastifyInstance } from "fastify";
+import prisma from "../../config/database";
 import { requireAuth, requirePermission } from "../../middleware/auth";
 import { logAudit } from "../../services/audit";
 import { success, error, parseId } from "../../utils/response";
@@ -132,6 +133,38 @@ export default async function attendanceRoutes(
       return reply.send({ success: true, data });
     }
 
+    // --- action=attendance_users: users with attendance.record permission ---
+    if (action === "attendance_users") {
+      const users = await prisma.users.findMany({
+        where: {
+          is_active: true,
+          roles: {
+            is: {
+              OR: [
+                { name: "admin" },
+                {
+                  role_permissions: {
+                    some: { permissions: { name: "attendance.record" } },
+                  },
+                },
+              ],
+            },
+          },
+        },
+        select: { id: true, first_name: true, last_name: true, username: true },
+        orderBy: { last_name: "asc" },
+      });
+      return reply.send({
+        success: true,
+        data: users.map((u) => ({
+          id: u.id,
+          first_name: u.first_name,
+          last_name: u.last_name,
+          username: u.username,
+        })),
+      });
+    }
+
     // --- action=projects: active projects for attendance project switching ---
     if (action === "projects") {
       const data = await attendanceService.getActiveProjects();

src/schemas/users.schema.ts

@@ -16,7 +16,10 @@ export const CreateUserSchema = z.object({
 export const UpdateUserSchema = z.object({
   username: z.string().optional(),
   email: z.string().email("Neplatný formát e-mailu").optional(),
-  password: z.string().min(8, "Heslo musí mít alespoň 8 znaků").optional(),
+  password: z.preprocess(
+    (v) => (v === "" ? undefined : v),
+    z.string().min(8, "Heslo musí mít alespoň 8 znaků").optional(),
+  ),
   first_name: z.string().optional(),
   last_name: z.string().optional(),
   role_id: z.union([z.number(), z.string(), z.null()]).optional(),

src/services/attendance.service.ts

@@ -4,6 +4,29 @@ import { getBusinessDaysInMonth } from "../utils/czech-holidays";
 import { localDateStr } from "../utils/date";
 import { getSystemSettings } from "./system-settings";
 
+/** Get active users whose role has attendance.record permission (or admin role) */
+async function getAttendanceUsers() {
+  return prisma.users.findMany({
+    where: {
+      is_active: true,
+      roles: {
+        is: {
+          OR: [
+            { name: "admin" },
+            {
+              role_permissions: {
+                some: { permissions: { name: "attendance.record" } },
+              },
+            },
+          ],
+        },
+      },
+    },
+    select: { id: true, first_name: true, last_name: true },
+    orderBy: { last_name: "asc" },
+  });
+}
+
 type AttendanceWithRelations = Prisma.attendanceGetPayload<{
   include: {
     users: { select: { id: true; first_name: true; last_name: true } };
@@ -421,11 +444,7 @@ export async function switchProject(userId: number, projectId: number | null) {
 }
 
 export async function getBalances(year: number) {
-  const users = await prisma.users.findMany({
+  const users = await getAttendanceUsers();
-    where: { is_active: true },
-    select: { id: true, first_name: true, last_name: true },
-    orderBy: { last_name: "asc" },
-  });
 
   const balances: Record<
     string,
@@ -463,11 +482,7 @@ export async function getBalances(year: number) {
 }
 
 export async function getWorkfund(year: number) {
-  const users = await prisma.users.findMany({
+  const users = await getAttendanceUsers();
-    where: { is_active: true },
-    select: { id: true, first_name: true, last_name: true },
-    orderBy: { last_name: "asc" },
-  });
 
   const now = new Date();
   const currentYear = now.getFullYear();
@@ -734,11 +749,7 @@ export async function getPrintData(
   const monthStart = new Date(yr, mo - 1, 1);
   const monthEnd = new Date(yr, mo, 0, 23, 59, 59);
 
-  const users = await prisma.users.findMany({
+  const users = await getAttendanceUsers();
-    where: { is_active: true },
-    select: { id: true, first_name: true, last_name: true },
-    orderBy: { last_name: "asc" },
-  });
 
   const where: Record<string, unknown> = {
     shift_date: { gte: monthStart, lte: monthEnd },