Initial commit

backend/pb_migrations/1736617000_update_users_supervisor.js

@@ -0,0 +1,53 @@
+migrate((db) => {
+    const dao = new Dao(db);
+
+    // 1. Update 'users' collection
+    const usersCollection = dao.findCollectionByNameOrId("users");
+
+    usersCollection.schema.addField(new SchemaField({
+        name: "is_supervisor",
+        type: "bool",
+        required: false,
+        options: {}
+    }));
+
+    usersCollection.schema.addField(new SchemaField({
+        name: "supervisor",
+        type: "relation",
+        required: false,
+        options: {
+            collectionId: usersCollection.id,
+            cascadeDelete: false,
+            maxSelect: 1,
+            displayFields: ["name", "email"]
+        }
+    }));
+
+    dao.saveCollection(usersCollection);
+
+    // 2. Update 'time_entries' collection rules
+    const timeEntries = dao.findCollectionByNameOrId("time_entries");
+
+    // Allow if owner OR if user's supervisor is requestor
+    const rule = "@request.auth.id = user.id || user.supervisor.id = @request.auth.id";
+
+    timeEntries.listRule = rule;
+    timeEntries.viewRule = rule;
+    // create/update/delete usually restricted to owner, supervisors maybe read-only for now?
+    // Plan said "view", so list/view is enough.
+
+    dao.saveCollection(timeEntries);
+
+}, (db) => {
+    // Revert logic (simplified)
+    const dao = new Dao(db);
+    const usersCollection = dao.findCollectionByNameOrId("users");
+    usersCollection.schema.removeField("is_supervisor");
+    usersCollection.schema.removeField("supervisor");
+    dao.saveCollection(usersCollection);
+
+    const timeEntries = dao.findCollectionByNameOrId("time_entries");
+    timeEntries.listRule = "@request.auth.id = user.id";
+    timeEntries.viewRule = "@request.auth.id = user.id";
+    dao.saveCollection(timeEntries);
+})