1.4.5

- Header with red accent border, larger invoice number
- Address blocks in connected table grid with equal heights
- Customer and bank info highlighted with gray background
- Bank info uses same row layout as dates (aligned labels/values)
- Labels nowrap, values right-aligned
- Item font size 8pt, table header border gray
- Removed duplicate separator lines

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "app-ts",
-  "version": "1.3.5",
+  "version": "1.4.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "app-ts",
-      "version": "1.3.5",
+      "version": "1.4.5",
       "license": "ISC",
       "dependencies": {
         "@dnd-kit/core": "^6.3.1",
@@ -2089,9 +2089,9 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "5.0.4",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
-      "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^4.0.2"
@@ -3086,9 +3086,9 @@
       "license": "BSD-3-Clause"
     },
     "node_modules/fastify": {
-      "version": "5.8.2",
-      "resolved": "https://registry.npmjs.org/fastify/-/fastify-5.8.2.tgz",
-      "integrity": "sha512-lZmt3navvZG915IE+f7/TIVamxIwmBd+OMB+O9WBzcpIwOo6F0LTh0sluoMFk5VkrKTvvrwIaoJPkir4Z+jtAg==",
+      "version": "5.8.4",
+      "resolved": "https://registry.npmjs.org/fastify/-/fastify-5.8.4.tgz",
+      "integrity": "sha512-sa42J1xylbBAYUWALSBoyXKPDUvM3OoNOibIefA+Oha57FryXKKCZarA1iDntOCWp3O35voZLuDg2mdODXtPzQ==",
       "funding": [
         {
           "type": "github",
@@ -4282,9 +4282,9 @@
       "license": "MIT"
     },
     "node_modules/nodemailer": {
-      "version": "8.0.2",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.2.tgz",
-      "integrity": "sha512-zbj002pZAIkWQFxyAaqoxvn+zoIwRnS40hgjqTXudKOOJkiFFgBeNqjgD3/YCR12sZnrghWYBY+yP1ZucdDRpw==",
+      "version": "8.0.4",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.4.tgz",
+      "integrity": "sha512-k+jf6N8PfQJ0Fe8ZhJlgqU5qJU44Lpvp2yvidH3vp1lPnVQMgi4yEEMPXg5eJS1gFIJTVq1NHBk7Ia9ARdSBdQ==",
       "license": "MIT-0",
       "engines": {
         "node": ">=6.0.0"
@@ -4540,9 +4540,9 @@
       "license": "ISC"
     },
     "node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-ts",
-  "version": "1.3.5",
+  "version": "1.4.5",
   "description": "",
   "main": "dist/server.js",
   "scripts": {

src/admin/hooks/useAttendanceAdmin.ts

@@ -561,7 +561,9 @@ export default function useAttendanceAdmin({ alert }: AlertContext) {
   useEffect(() => {
     const loadUsers = async () => {
       try {
-        const response = await apiFetch(`${API_BASE}/users?limit=1000`);
+        const response = await apiFetch(
+          `${API_BASE}/attendance?action=attendance_users`,
+        );
         const result = await response.json();
         if (result.success) {
           const apiUsers: ApiUser[] = result.data;

src/admin/pages/Dashboard.tsx

@@ -493,7 +493,7 @@ export default function Dashboard() {
                     </span>
                   </div>
                   <div className="dash-stat-row">
-                    <span>Prošlé</span>
+                    <span>Zneplatněné</span>
                     <span className="admin-badge admin-badge-warning">
                       {dashData.offers.expired_count}
                     </span>

src/admin/pages/LeaveRequests.tsx

@@ -61,7 +61,7 @@ export default function LeaveRequests() {
 
   const fetchRequests = useCallback(async () => {
     try {
-      const response = await apiFetch(`${API_BASE}/leave-requests`);
+      const response = await apiFetch(`${API_BASE}/leave-requests?mine=1`);
       if (response.status === 401) return;
       const result = await response.json();
       if (result.success) {

src/admin/pages/TripsAdmin.tsx

@@ -127,7 +127,7 @@ export default function TripsAdmin() {
       try {
         const [vRes, uRes, csRes] = await Promise.all([
           apiFetch(`${API_BASE}/vehicles`),
-          apiFetch(`${API_BASE}/users?limit=1000`),
+          apiFetch(`${API_BASE}/trips/users`),
           apiFetch(`${API_BASE}/company-settings`),
         ]);
         const vJson = await vRes.json();
@@ -136,14 +136,7 @@ export default function TripsAdmin() {
         if (vJson.success) setVehicles(vJson.data);
         if (csJson.success) setCompanyName(csJson.data.company_name || "");
         if (uJson.success) {
-          setUsers(
-            uJson.data.map(
-              (u: { id: number; first_name: string; last_name: string }) => ({
-                id: u.id,
-                name: `${u.first_name} ${u.last_name}`,
-              }),
-            ),
-          );
+          setUsers(uJson.data);
         }
       } catch {
         // silently fail, filters will just be empty

src/routes/admin/attendance.ts

@@ -1,4 +1,5 @@
 import { FastifyInstance } from "fastify";
+import prisma from "../../config/database";
 import { requireAuth, requirePermission } from "../../middleware/auth";
 import { logAudit } from "../../services/audit";
 import { success, error, parseId } from "../../utils/response";
@@ -132,6 +133,38 @@ export default async function attendanceRoutes(
       return reply.send({ success: true, data });
     }
 
+    // --- action=attendance_users: users with attendance.record permission ---
+    if (action === "attendance_users") {
+      const users = await prisma.users.findMany({
+        where: {
+          is_active: true,
+          roles: {
+            is: {
+              OR: [
+                { name: "admin" },
+                {
+                  role_permissions: {
+                    some: { permissions: { name: "attendance.record" } },
+                  },
+                },
+              ],
+            },
+          },
+        },
+        select: { id: true, first_name: true, last_name: true, username: true },
+        orderBy: { last_name: "asc" },
+      });
+      return reply.send({
+        success: true,
+        data: users.map((u) => ({
+          id: u.id,
+          first_name: u.first_name,
+          last_name: u.last_name,
+          username: u.username,
+        })),
+      });
+    }
+
     // --- action=projects: active projects for attendance project switching ---
     if (action === "projects") {
       const data = await attendanceService.getActiveProjects();

src/routes/admin/dashboard.ts

@@ -142,8 +142,8 @@ export default async function dashboardRoutes(
       const [openCount, convertedCount, expiredCount, createdThisMonth] =
         await Promise.all([
           prisma.quotations.count({ where: { status: "active" } }),
-          prisma.quotations.count({ where: { status: "converted" } }),
-          prisma.quotations.count({ where: { status: "expired" } }),
+          prisma.quotations.count({ where: { status: "ordered" } }),
+          prisma.quotations.count({ where: { status: "invalidated" } }),
           prisma.quotations.count({
             where: { created_at: { gte: monthStart, lt: monthEnd } },
           }),

src/routes/admin/invoices-pdf.ts

@@ -427,7 +427,7 @@ export default async function invoicesPdfRoutes(
           return `<tr>
             <td class="row-num">${i + 1}</td>
             <td class="desc">${escapeHtml(item.description)}</td>
-            <td class="center">${formatNum(qty, qtyDecimals)}</td>
+            <td class="center">${formatNum(qty, qtyDecimals)}${item.unit ? ` / ${escapeHtml(item.unit)}` : ""}</td>
             <td class="right">${formatNum(unitPrice)}</td>
             <td class="right">${formatNum(lineSubtotal)}</td>
             <td class="center">${applyVat ? Math.floor(vatRate) : 0}%</td>
@@ -515,76 +515,31 @@ export default async function invoicesPdfRoutes(
 
   .accent { color: #de3a3a; }
 
-  /* Hlavicka */
+  /* ── Hlavicka ── */
   .invoice-header {
     display: flex;
     justify-content: space-between;
-    align-items: flex-start;
-    margin-bottom: 0;
-    padding-bottom: 1mm;
+    align-items: center;
+    margin-bottom: 3mm;
+    padding-bottom: 3mm;
+    border-bottom: 2pt solid #de3a3a;
   }
   .invoice-header .left {
     display: flex;
-    align-items: flex-start;
+    align-items: center;
     gap: 3mm;
   }
-  .logo-header {
-    text-align: left;
-  }
+  .logo-header { text-align: left; }
   .company-title {
     font-size: 12pt;
     font-weight: 700;
-    margin-top: 2mm;
   }
   .invoice-title {
-    font-size: 10pt;
+    font-size: 13pt;
     font-weight: 700;
     color: #de3a3a;
     text-align: right;
-    margin-top: 2mm;
-  }
-
-  /* Adresy - dva sloupce, stejna vyska */
-  .addresses-row {
-    display: flex;
-    gap: 8mm;
-    align-items: stretch;
-    margin-bottom: 0;
-  }
-  .addresses-row .address-block {
-    flex: 1;
-    padding-bottom: 2mm;
-    border-bottom: 0.5pt solid #e0e0e0;
-  }
-
-  /* Detaily pod adresami */
-  .details-row {
-    display: flex;
-    gap: 8mm;
-    margin-bottom: 3mm;
-  }
-  .details-row .col { flex: 1; }
-
-  /* Adresy - styl z nabidek */
-  .address-block {
-    margin-bottom: 0;
-  }
-  .address-label {
-    font-size: 8pt;
-    font-weight: 600;
-    color: #646464;
-    line-height: 1.5;
-  }
-  .address-name {
-    font-size: 9pt;
-    font-weight: 700;
-    color: #1a1a1a;
-    line-height: 1.5;
-  }
-  .address-line {
-    font-size: 8.5pt;
-    color: #1a1a1a;
-    line-height: 1.5;
+    letter-spacing: 0.03em;
   }
 
   .logo {
@@ -593,46 +548,68 @@ export default async function invoicesPdfRoutes(
     object-fit: contain;
   }
 
-  /* Separator */
-  .header-separator {
-    border: none;
-    border-top: 0.5pt solid #e0e0e0;
-    margin: 2mm 0 3mm 0;
+  /* ── Adresy ── */
+  .header-grid {
+    border: 0.5pt solid #d0d0d0;
+    border-collapse: collapse;
+    width: 100%;
+    margin-bottom: 3mm;
   }
-
-  /* Banka */
-  .bank-box {
-    font-size: 8pt;
-    line-height: 1.4;
-    padding-top: 2mm;
+  .header-grid td {
+    padding: 3mm 4mm;
+    border: 0.5pt solid #d0d0d0;
+    vertical-align: top;
+    width: 50%;
   }
-  .bank-box .lbl {
-    font-weight: 600;
+  .header-grid td.addr-customer {
+    background: #f5f5f5;
+  }
+  .header-grid td.details-bank {
+    background: #f5f5f5;
+  }
+  .address-label {
+    font-size: 7pt;
+    font-weight: 700;
+    color: #de3a3a;
+    text-transform: uppercase;
+    letter-spacing: 0.08em;
+    margin-bottom: 1mm;
+  }
+  .address-name {
+    font-size: 10pt;
+    font-weight: 700;
     color: #1a1a1a;
-    display: inline-block;
-    min-width: 16mm;
+    line-height: 1.3;
+    margin-bottom: 1mm;
+  }
+  .address-line {
+    font-size: 8pt;
+    color: #444;
+    line-height: 1.5;
   }
 
-  /* Datumy */
-  .dates-box {
-    font-size: 8pt;
-    line-height: 1.4;
-    padding-top: 2mm;
-  }
-  .dates-row {
+  /* ── Detaily (banka + datumy) — inside header-grid ── */
+
+  .info-row {
     display: flex;
-    align-items: center;
-    margin-bottom: 0.5mm;
+    align-items: baseline;
+    font-size: 8pt;
+    padding: 1mm 0;
+    border-bottom: 0.5pt solid #f0f0f0;
   }
-  .dates-row .lbl {
-    flex: 1;
-    color: #1a1a1a;
+  .info-row:last-child { border-bottom: none; }
+  .info-row .lbl {
+    color: #666;
+    font-weight: 400;
+    flex-shrink: 0;
+    white-space: nowrap;
+    margin-right: 3mm;
   }
-  .dates-row .val {
+  .info-row .val {
     font-weight: 600;
-    min-width: 22mm;
-    text-align: center;
-    padding: 0.5mm 2mm;
+    color: #1a1a1a;
+    text-align: right;
+    margin-left: auto;
   }
 
   /* VS/KS blok */
@@ -642,25 +619,16 @@ export default async function invoicesPdfRoutes(
     padding-top: 2mm;
   }
 
-  /* Konecny prijemce */
-  .recipient-box {
-    font-size: 8pt;
-    margin-top: 2mm;
-    padding-top: 2mm;
-    border-top: 0.5pt solid #e0e0e0;
-  }
-  .recipient-box .lbl {
-    font-weight: 600;
-    font-style: italic;
-    color: #646464;
-  }
-
-  /* Polozky tabulka - styl z nabidek */
+  /* ── Polozky ── */
   .billing-label {
-    font-weight: 600;
-    color: #de3a3a;
-    font-size: 8.5pt;
-    padding: 3px 5px;
+    font-weight: 700;
+    color: #1a1a1a;
+    font-size: 9pt;
+    padding: 2mm 0 1mm 0;
+    border-bottom: 1.5pt solid #de3a3a;
+    margin-bottom: 0;
+    text-transform: uppercase;
+    letter-spacing: 0.03em;
   }
 
   table.items {
@@ -678,7 +646,7 @@ export default async function invoicesPdfRoutes(
     text-align: left;
     letter-spacing: 0.02em;
     text-transform: uppercase;
-    border-bottom: 1pt solid #1a1a1a;
+    border-bottom: 0.5pt solid #d0d0d0;
     white-space: nowrap;
   }
   table.items thead th.center { text-align: center; }
@@ -698,8 +666,8 @@ export default async function invoicesPdfRoutes(
     font-size: 8pt;
   }
   table.items tbody td.desc {
-    font-size: 9.5pt;
-    font-weight: 500;
+    font-size: 8pt;
+    font-weight: 600;
     color: #1a1a1a;
   }
   table.items tbody td.total-cell { font-weight: 700; }
@@ -898,55 +866,49 @@ ${indentCSS}
     <div class="invoice-title">${escapeHtml(t.heading)} ${invoiceNumber}</div>
   </div>
 
-  <hr class="header-separator" />
-
-  <!-- Dodavatel / Odberatel - stejna vyska -->
-  <div class="addresses-row">
-    <div class="address-block">
+  <!-- Dodavatel / Odberatel + Banka / Datumy -->
+  <table class="header-grid" cellspacing="0">
+    <tr>
+      <td>
         <div class="address-label">${escapeHtml(t.supplier)}</div>
         <div class="address-name">${escapeHtml(supp.name)}</div>
         ${suppLinesHtml}
-    </div>
-    <div class="address-block">
+      </td>
+      <td class="addr-customer">
         <div class="address-label">${escapeHtml(t.customer)}</div>
         <div class="address-name">${escapeHtml(cust.name)}</div>
         ${custLinesHtml}
-    </div>
-  </div>
-
-  <!-- Banka + VS / Datumy -->
-  <div class="details-row">
-    <div class="col">
-      <div class="bank-box">
-        <span class="lbl">${escapeHtml(t.bank)}</span> ${escapeHtml(invoice.bank_name)}<br>
-        <span class="lbl">${escapeHtml(t.swift)}</span> ${escapeHtml(invoice.bank_swift)}<br>
-        <span class="lbl">${escapeHtml(t.iban)}</span> ${escapeHtml(invoice.bank_iban)}<br>
-        <span class="lbl">${escapeHtml(t.account_no)}</span> ${escapeHtml(invoice.bank_account)}
-      </div>
+      </td>
+    </tr>
+    <tr>
+      <td class="details-bank">
+        <div class="info-row"><span class="lbl">${escapeHtml(t.bank)}</span> <span class="val">${escapeHtml(invoice.bank_name)}</span></div>
+        <div class="info-row"><span class="lbl">${escapeHtml(t.swift)}</span> <span class="val">${escapeHtml(invoice.bank_swift)}</span></div>
+        <div class="info-row"><span class="lbl">${escapeHtml(t.iban)}</span> <span class="val">${escapeHtml(invoice.bank_iban)}</span></div>
+        <div class="info-row"><span class="lbl">${escapeHtml(t.account_no)}</span> <span class="val">${escapeHtml(invoice.bank_account)}</span></div>
         <div class="vs-block">
           ${escapeHtml(t.var_symbol)} <strong>${invoiceNumber}</strong>
           &nbsp;&nbsp;&nbsp; ${escapeHtml(t.const_symbol)} <strong>${escapeHtml(invoice.constant_symbol)}</strong><br>
           ${orderNumber ? `${escapeHtml(t.order_no)} ${orderNumber}` : ""}
         </div>
-    </div>
-    <div class="col">
-      <div class="dates-box">
-        <div class="dates-row"><span class="lbl">${escapeHtml(t.issue_date)}</span> <span class="val">${escapeHtml(formatDate(invoice.issue_date))}</span></div>
-        <div class="dates-row"><span class="lbl">${escapeHtml(t.due_date)}</span> <span class="val">${escapeHtml(formatDate(invoice.due_date))}</span></div>
-        <div class="dates-row"><span class="lbl">${escapeHtml(t.tax_date)}</span> <span class="val">${escapeHtml(formatDate(invoice.tax_date))}</span></div>
-        <div class="dates-row"><span class="lbl">${escapeHtml(t.payment_method)}</span> <span class="val">${escapeHtml(invoice.payment_method)}</span></div>
-      </div>
-    </div>
-  </div>
+      </td>
+      <td>
+        <div class="info-row"><span class="lbl">${escapeHtml(t.issue_date)}</span> <span class="val">${escapeHtml(formatDate(invoice.issue_date))}</span></div>
+        <div class="info-row"><span class="lbl">${escapeHtml(t.due_date)}</span> <span class="val">${escapeHtml(formatDate(invoice.due_date))}</span></div>
+        <div class="info-row"><span class="lbl">${escapeHtml(t.tax_date)}</span> <span class="val">${escapeHtml(formatDate(invoice.tax_date))}</span></div>
+        <div class="info-row"><span class="lbl">${escapeHtml(t.payment_method)}</span> <span class="val">${escapeHtml(invoice.payment_method)}</span></div>
+      </td>
+    </tr>
+  </table>
 
   <!-- Polozky -->
   <div class="billing-label">${escapeHtml(invoice.billing_text || t.billing)}</div>
   <table class="items">
     <thead>
       <tr>
-        <th class="center" style="width:5%">${escapeHtml(t.col_no)}</th>
-        <th style="width:30%">${escapeHtml(t.col_desc)}</th>
-        <th class="center" style="width:9%">${escapeHtml(t.col_qty)}</th>
+        <th class="center" style="width:4%">${escapeHtml(t.col_no)}</th>
+        <th style="width:28%">${escapeHtml(t.col_desc)}</th>
+        <th class="center" style="width:12%">${escapeHtml(t.col_qty)}</th>
         <th class="right" style="width:11%">${escapeHtml(t.col_unit_price)}</th>
         <th class="right" style="width:11%">${escapeHtml(t.col_price)}</th>
         <th class="center" style="width:7%">${escapeHtml(t.col_vat_pct)}</th>

src/routes/admin/leave-requests.ts

@@ -29,7 +29,7 @@ export default async function leaveRequestsRoutes(
     const isAdmin = authData.permissions.includes("attendance.approve");
 
     const where: Record<string, unknown> = {};
-    if (!isAdmin) where.user_id = authData.userId;
+    if (!isAdmin || query.mine === "1") where.user_id = authData.userId;
     else if (query.user_id) where.user_id = Number(query.user_id);
     if (query.status) where.status = String(query.status);
 

src/routes/admin/offers-pdf.ts

@@ -517,7 +517,7 @@ ${indentCSS}
   }
   table.items tbody td.desc {
     font-size: 10pt;
-    font-weight: 500;
+    font-weight: 600;
     color: #1a1a1a;
   }
   table.items tbody td.total-cell {

src/routes/admin/trips.ts

@@ -66,6 +66,45 @@ export default async function tripsRoutes(
     });
   });
 
+  // GET /api/admin/trips/users — users with trips.record permission
+  fastify.get(
+    "/users",
+    { preHandler: requireAuth },
+    async (_request, reply) => {
+      const users = await prisma.users.findMany({
+        where: {
+          is_active: true,
+          roles: {
+            is: {
+              OR: [
+                { name: "admin" },
+                {
+                  role_permissions: {
+                    some: { permissions: { name: "trips.record" } },
+                  },
+                },
+              ],
+            },
+          },
+        },
+        select: {
+          id: true,
+          first_name: true,
+          last_name: true,
+          username: true,
+        },
+        orderBy: { last_name: "asc" },
+      });
+      return success(
+        reply,
+        users.map((u) => ({
+          id: u.id,
+          name: `${u.first_name} ${u.last_name}`.trim() || u.username,
+        })),
+      );
+    },
+  );
+
   // GET /api/admin/trips/print — print data for trip report
   fastify.get(
     "/print",

src/schemas/attendance.schema.ts

@@ -39,7 +39,9 @@ export const AttendanceBalancesSchema = z.object({
 
 export const AttendanceBulkSchema = z.object({
   month: z.string().regex(/^\d{4}-\d{2}$/, "Měsíc je povinný (formát YYYY-MM)"),
-  user_ids: z.array(z.number()).min(1, "Vyberte alespoň jednoho zaměstnance"),
+  user_ids: z
+    .array(z.union([z.number(), z.string()]).transform((v) => Number(v)))
+    .min(1, "Vyberte alespoň jednoho zaměstnance"),
   arrival_time: z.string().optional().default("08:00"),
   departure_time: z.string().optional().default("16:30"),
   break_start_time: z.string().optional().default("12:00"),

src/schemas/users.schema.ts

@@ -16,7 +16,10 @@ export const CreateUserSchema = z.object({
 export const UpdateUserSchema = z.object({
   username: z.string().optional(),
   email: z.string().email("Neplatný formát e-mailu").optional(),
-  password: z.string().min(8, "Heslo musí mít alespoň 8 znaků").optional(),
+  password: z.preprocess(
+    (v) => (v === "" ? undefined : v),
+    z.string().min(8, "Heslo musí mít alespoň 8 znaků").optional(),
+  ),
   first_name: z.string().optional(),
   last_name: z.string().optional(),
   role_id: z.union([z.number(), z.string(), z.null()]).optional(),

src/services/attendance.service.ts

@@ -1,9 +1,32 @@
 import { attendance_leave_type, Prisma } from "@prisma/client";
 import prisma from "../config/database";
-import { getBusinessDaysInMonth } from "../utils/czech-holidays";
+import { getBusinessDaysInMonth, isHoliday } from "../utils/czech-holidays";
 import { localDateStr } from "../utils/date";
 import { getSystemSettings } from "./system-settings";
 
+/** Get active users whose role has attendance.record permission (or admin role) */
+async function getAttendanceUsers() {
+  return prisma.users.findMany({
+    where: {
+      is_active: true,
+      roles: {
+        is: {
+          OR: [
+            { name: "admin" },
+            {
+              role_permissions: {
+                some: { permissions: { name: "attendance.record" } },
+              },
+            },
+          ],
+        },
+      },
+    },
+    select: { id: true, first_name: true, last_name: true },
+    orderBy: { last_name: "asc" },
+  });
+}
+
 type AttendanceWithRelations = Prisma.attendanceGetPayload<{
   include: {
     users: { select: { id: true; first_name: true; last_name: true } };
@@ -421,11 +444,7 @@ export async function switchProject(userId: number, projectId: number | null) {
 }
 
 export async function getBalances(year: number) {
-  const users = await prisma.users.findMany({
-    where: { is_active: true },
-    select: { id: true, first_name: true, last_name: true },
-    orderBy: { last_name: "asc" },
-  });
+  const users = await getAttendanceUsers();
 
   const balances: Record<
     string,
@@ -463,11 +482,7 @@ export async function getBalances(year: number) {
 }
 
 export async function getWorkfund(year: number) {
-  const users = await prisma.users.findMany({
-    where: { is_active: true },
-    select: { id: true, first_name: true, last_name: true },
-    orderBy: { last_name: "asc" },
-  });
+  const users = await getAttendanceUsers();
 
   const now = new Date();
   const currentYear = now.getFullYear();
@@ -734,11 +749,7 @@ export async function getPrintData(
   const monthStart = new Date(yr, mo - 1, 1);
   const monthEnd = new Date(yr, mo, 0, 23, 59, 59);
 
-  const users = await prisma.users.findMany({
-    where: { is_active: true },
-    select: { id: true, first_name: true, last_name: true },
-    orderBy: { last_name: "asc" },
-  });
+  const users = await getAttendanceUsers();
 
   const where: Record<string, unknown> = {
     shift_date: { gte: monthStart, lte: monthEnd },
@@ -1083,6 +1094,20 @@ export async function bulkCreateAttendance(data: BulkAttendanceData) {
       }
 
       const shiftDate = new Date(Date.UTC(yr, mo - 1, day, 12, 0, 0));
+
+      if (isHoliday(dateStr)) {
+        await prisma.attendance.create({
+          data: {
+            user_id: userId,
+            shift_date: shiftDate,
+            leave_type: "holiday",
+            leave_hours: 8,
+          },
+        });
+        inserted++;
+        continue;
+      }
+
       await prisma.attendance.create({
         data: {
           user_id: userId,