feat: timeline UI overhaul with project/resource panel redesign, quick filters, and API improvements

Redesigned timeline project and resource panels with expanded detail views, added quick filter toolbar, improved drag handling, and enhanced vacation/entitlement router logic. Includes e2e test updates and minor API fixes. Co-Authored-By: claude-flow <ruv@ruv.net>
2026-03-15 09:28:59 +01:00
parent fa2019f521
commit a83edb2f9d
23 changed files with 2464 additions and 734 deletions
@@ -108,6 +108,23 @@ export const entitlementRouter = createTRPCRouter({
      }),
    )
    .query(async ({ ctx, input }) => {
+      // Ownership check: USER can only query their own balance
+      if (ctx.dbUser) {
+        const allowedRoles = ["ADMIN", "MANAGER", "CONTROLLER"];
+        if (!allowedRoles.includes(ctx.dbUser.systemRole)) {
+          const resource = await ctx.db.resource.findUnique({
+            where: { id: input.resourceId },
+            select: { userId: true },
+          });
+          if (!resource || resource.userId !== ctx.dbUser.id) {
+            throw new TRPCError({
+              code: "FORBIDDEN",
+              message: "You can only view your own vacation balance",
+            });
+          }
+        }
+      }
+
      const settings = await ctx.db.systemSettings.findUnique({ where: { id: "singleton" } });
      const defaultDays = settings?.vacationDefaultDays ?? 28;