fix generate excel in admin account

src/controllers/time-tracking.controller.js

@@ -208,11 +208,13 @@ export const getTimeEntryWithRelations = async (req, res) => {
  */
 export const updateTimeEntry = async (req, res) => {
   try {
-    const userId = req.userId;
     const { entryId } = req.params;
     const { startTime, endTime, projectId, todoId, companyId, description } = req.body;
 
-    const entry = await timeTrackingService.updateTimeEntry(entryId, userId, {
+    const entry = await timeTrackingService.updateTimeEntry(entryId, {
+      userId: req.userId,
+      role: req.user.role,
+    }, {
       startTime,
       endTime,
       projectId,
@@ -238,10 +240,12 @@ export const updateTimeEntry = async (req, res) => {
  */
 export const deleteTimeEntry = async (req, res) => {
   try {
-    const userId = req.userId;
     const { entryId } = req.params;
 
-    const result = await timeTrackingService.deleteTimeEntry(entryId, userId);
+    const result = await timeTrackingService.deleteTimeEntry(entryId, {
+      userId: req.userId,
+      role: req.user.role,
+    });
 
     res.status(200).json(result);
   } catch (error) {

src/services/time-tracking.service.js

@@ -1,7 +1,7 @@
 import { db } from '../config/database.js';
 import { timeEntries, projects, todos, companies, users, timesheets } from '../db/schema.js';
 import { eq, and, gte, lte, desc } from 'drizzle-orm';
-import { NotFoundError, BadRequestError } from '../utils/errors.js';
+import { NotFoundError, BadRequestError, ForbiddenError } from '../utils/errors.js';
 import ExcelJS from 'exceljs';
 import fs from 'fs/promises';
 import path from 'path';
@@ -506,12 +506,13 @@ export const generateMonthlyTimesheet = async (userId, year, month) => {
 /**
  * Update time entry
  */
-export const updateTimeEntry = async (entryId, userId, data) => {
+export const updateTimeEntry = async (entryId, actor, data) => {
+  const { userId, role } = actor;
   const entry = await getTimeEntryById(entryId);
 
-  // Verify ownership
+  // Verify ownership (admin can edit anyone)
-  if (entry.userId !== userId) {
+  if (entry.userId !== userId && role !== 'admin') {
-    throw new BadRequestError('Nemáte oprávnenie upraviť tento záznam');
+    throw new ForbiddenError('Nemáte oprávnenie upraviť tento záznam');
   }
 
   if (entry.isRunning) {
@@ -567,6 +568,9 @@ export const updateTimeEntry = async (entryId, userId, data) => {
   const newEndTime = endTime ? new Date(endTime) : (entry.endTime ? new Date(entry.endTime) : null);
 
   if (newEndTime) {
+    if (newEndTime <= newStartTime) {
+      throw new BadRequestError('Čas ukončenia musí byť po čase začiatku');
+    }
     newDuration = Math.round((newEndTime - newStartTime) / 60000);
   }
 
@@ -592,12 +596,13 @@ export const updateTimeEntry = async (entryId, userId, data) => {
 /**
  * Delete time entry
  */
-export const deleteTimeEntry = async (entryId, userId) => {
+export const deleteTimeEntry = async (entryId, actor) => {
+  const { userId, role } = actor;
   const entry = await getTimeEntryById(entryId);
 
-  // Verify ownership
+  // Verify ownership (admin can delete anyone)
-  if (entry.userId !== userId) {
+  if (entry.userId !== userId && role !== 'admin') {
-    throw new BadRequestError('Nemáte oprávnenie odstrániť tento záznam');
+    throw new ForbiddenError('Nemáte oprávnenie odstrániť tento záznam');
   }
 
   if (entry.isRunning) {