foxerBN/crm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix generate excel in admin account

Browse Source
This commit is contained in:
richardtekula
2025-11-25 09:27:11 +01:00
parent 31297ee9a9
commit 043eeccb77
5 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/services/time-tracking.service.js
View File

@@ -1,7 +1,7 @@
import { db } from '../config/database.js';
import { timeEntries, projects, todos, companies, users, timesheets } from '../db/schema.js';
import { eq, and, gte, lte, desc } from 'drizzle-orm';
import { NotFoundError, BadRequestError } from '../utils/errors.js';
import { NotFoundError, BadRequestError, ForbiddenError } from '../utils/errors.js';
import ExcelJS from 'exceljs';
import fs from 'fs/promises';
import path from 'path';
@@ -506,12 +506,13 @@ export const generateMonthlyTimesheet = async (userId, year, month) => {
/**
* Update time entry
*/
export const updateTimeEntry = async (entryId, userId, data) => {
export const updateTimeEntry = async (entryId, actor, data) => {
const { userId, role } = actor;
const entry = await getTimeEntryById(entryId);
// Verify ownership
if (entry.userId !== userId) {
throw new BadRequestError('Nemáte oprávnenie upraviť tento záznam');
// Verify ownership (admin can edit anyone)
if (entry.userId !== userId && role !== 'admin') {
throw new ForbiddenError('Nemáte oprávnenie upraviť tento záznam');
}
if (entry.isRunning) {
@@ -567,6 +568,9 @@ export const updateTimeEntry = async (entryId, userId, data) => {
const newEndTime = endTime ? new Date(endTime) : (entry.endTime ? new Date(entry.endTime) : null);
if (newEndTime) {
if (newEndTime <= newStartTime) {
throw new BadRequestError('Čas ukončenia musí byť po čase začiatku');
}
newDuration = Math.round((newEndTime - newStartTime) / 60000);
}
@@ -592,12 +596,13 @@ export const updateTimeEntry = async (entryId, userId, data) => {
/**
* Delete time entry
*/
export const deleteTimeEntry = async (entryId, userId) => {
export const deleteTimeEntry = async (entryId, actor) => {
const { userId, role } = actor;
const entry = await getTimeEntryById(entryId);
// Verify ownership
if (entry.userId !== userId) {
throw new BadRequestError('Nemáte oprávnenie odstrániť tento záznam');
// Verify ownership (admin can delete anyone)
if (entry.userId !== userId && role !== 'admin') {
throw new ForbiddenError('Nemáte oprávnenie odstrániť tento záznam');
}
if (entry.isRunning) {