added auto timesheet generation mvp#372
Open
renzoramirez98 wants to merge 1 commit into
Open
Conversation
uppalkrish
approved these changes
May 14, 2026
Collaborator
|
Good implementation |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a backend-only MVP for auto timesheet generation.
SecureShift already had attendance capture through check-in and check-out, and I had previously worked on payroll summary reporting over completed shifts. This change builds on that flow by adding a persisted timesheet layer underneath it. When a shift is completed with valid attendance, the backend now upserts one timesheet record for the assigned guard using the existing shift and attendance data.
The implementation stays deliberately narrow. It does not change frontend behaviour, does not add dependencies, and does not alter the existing payroll summary endpoint. It also fixes the missing Shift import in the attendance controller.
What changed
Added a persisted Timesheet model with a unique { shiftId, guardId } constraint.
Added timesheet generation logic in a new service, using idempotent upsert behaviour.
Updated completeShift so that once attendance is validated and the shift is marked completed, a timesheet is generated and returned in the response.
Added read-only endpoints:
GET /api/v1/timesheets
GET /api/v1/timesheets/:id
Added role-scoped access:
admin can view all timesheets
employer can view timesheets for shifts they created
guard can view only their own timesheets
Added focused backend tests for:
timesheet service logic
timesheet controller role scoping
shift completion to timesheet generation flow
Files changed
Added:
app-backend/src/models/Timesheet.js
app-backend/src/services/timesheet.service.js
app-backend/src/controllers/timesheet.controller.js
app-backend/src/routes/timesheet.routes.js
app-backend/tests/timesheet.service.test.js
app-backend/tests/timesheet.controller.test.js
app-backend/tests/shift.complete-timesheet.test.js
Updated:
app-backend/src/controllers/shift.controller.js
app-backend/src/controllers/shiftattendance.controller.js
app-backend/src/routes/index.js
Testing
Focused backend Jest tests passed:
tests/timesheet.service.test.js
tests/timesheet.controller.test.js
tests/shift.complete-timesheet.test.js
Command used:
npm test -- --runTestsByPath tests/timesheet.service.test.js tests/timesheet.controller.test.js tests/shift.complete-timesheet.test.js
Manual Swagger testing also confirmed:
unauthorised requests to the new timesheet endpoints return 401
the new routes are exposed in Swagger and protected by auth
Notes / scope
This PR keeps the existing payroll summary flow unchanged.
The original ticket idea suggested timesheet generation on checkout. In this implementation, timesheet generation is triggered on shift completion after check-in and check-out have both been validated. I chose this so the timesheet is only created once the existing shift lifecycle has been fully satisfied.
This is an MVP only. It does not include frontend integration or broader payroll policy logic.
Comments
This builds directly on my earlier payroll-related backend work. The previous work produced payroll summaries from completed shifts and attendance data, while this PR adds the missing persisted timesheet record underneath that flow.
Evidence
Figure 1.
Focused backend Jest tests passing for timesheet generation, controller scoping, and shift completion integration.
Shows the new backend tests passing successfully across the service, controller, and completion flow.
Figure 2.
Unauthorised access correctly rejected for the timesheet list endpoint.
Shows GET /api/v1/timesheets returning 401 when called without a valid bearer token.
Figure 3.
Unauthorised access correctly rejected for the single timesheet endpoint.
Shows GET /api/v1/timesheets/{id} returning 401 when called without a valid bearer token.