Merge pull request #997 from bigcapitalhq/fix/model-timestamps-missing-columns

fix(models): remove timestamps from models where tables lack createdAt/updatedAt columns

packages/server/src/common/config/s3.ts

@@ -6,4 +6,5 @@ export default registerAs('s3', () => ({
   secretAccessKey: process.env.S3_SECRET_ACCESS_KEY,
   endpoint: process.env.S3_ENDPOINT,
   bucket: process.env.S3_BUCKET,
+  forcePathStyle: process.env.S3_FORCE_PATH_STYLE === 'true',
 }));

packages/server/src/i18n/en/cash_flow_statement.json

@@ -9,5 +9,10 @@
   "net_cash_financing": "Net cash provided by financing activities",
   "cash_beginning_period": "Cash at beginning of period",
   "net_cash_increase": "NET CASH INCREASE FOR PERIOD",
-  "cash_end_period": "CASH AT END OF PERIOD"
+  "cash_end_period": "CASH AT END OF PERIOD",
+  "account_name": "Account name",
+  "total": "Total",
+  "sheet_name": "Statement of Cash Flow",
+  "from_date": "From",
+  "to_date": "To"
 }

packages/server/src/i18n/en/contact_summary_balance.json

@@ -0,0 +1,5 @@
+{
+  "account_name": "Account name",
+  "total": "Total",
+  "percentage_column": "% of Column"
+}

packages/server/src/i18n/en/inventory_item_details.json

@@ -0,0 +1,14 @@
+{
+  "opening_balance": "Opening balance",
+  "closing_balance": "Closing balance",
+  "date": "Date",
+  "transaction_type": "Transaction type",
+  "transaction_number": "Transaction #",
+  "quantity": "Quantity",
+  "rate": "Rate",
+  "total": "Total",
+  "value": "Value",
+  "profit_margin": "Profit Margin",
+  "running_quantity": "Running quantity",
+  "running_value": "Running Value"
+}

packages/server/src/i18n/en/transactions_by_contact.json

@@ -0,0 +1,4 @@
+{
+  "opening_balance": "Opening balance",
+  "closing_balance": "Closing balance"
+}

packages/server/src/i18n/en/trial_balance_sheet.json

@@ -0,0 +1,6 @@
+{
+  "account": "Account",
+  "debit": "Debit",
+  "credit": "Credit",
+  "total": "Total"
+}

packages/server/src/models/Model.ts

@@ -1,5 +1,6 @@
-import { QueryBuilder, Model } from 'objection';
+import { QueryBuilder, Model, mixin } from 'objection';
 import { ModelHasRelationsError } from '@/common/exceptions/ModelHasRelations.exception';
+import { withDateSessionMixin } from './withDateSessionMixin';
 
 interface PaginationResult<M extends Model> {
   results: M[];
@@ -69,6 +70,7 @@ export class PaginationQueryBuilder<
     dependentRelationNames.forEach((relationName: string) => {
       recordQuery.withGraphFetched(relationName);
     });
+
     const record = await recordQuery;
 
     const hasRelations = dependentRelationNames.some((name) => {
@@ -97,7 +99,7 @@ export class BaseQueryBuilder<
   }
 }
 
-export class BaseModel extends Model {
+export class BaseModel extends mixin(Model, [withDateSessionMixin]) {
   public readonly id: number;
   public readonly tableName: string;
 

packages/server/src/models/withDateSessionMixin.ts

@@ -0,0 +1,40 @@
+import * as moment from 'moment';
+import { Model } from 'objection';
+
+type Constructor<T = {}> = new (...args: any[]) => T;
+
+export const withDateSessionMixin = <T extends Constructor<Model>>(BaseModel: T) => {
+  return class DateSession extends BaseModel {
+    constructor(...args: any[]) {
+      super(...args);
+    }
+
+    get timestamps() {
+      return [];
+    }
+    
+    $beforeUpdate(opt, context) {
+      const maybePromise = super.$beforeUpdate(opt, context);
+
+      return Promise.resolve(maybePromise).then(() => {
+        const key = this.timestamps[1];
+
+        if (key && !this[key]) {
+          this[key] = moment().format('YYYY/MM/DD HH:mm:ss');
+        }
+      });
+    }
+
+    $beforeInsert(context) {
+      const maybePromise = super.$beforeInsert(context);
+
+      return Promise.resolve(maybePromise).then(() => {
+        const key = this.timestamps[0];
+
+        if (key && !this[key]) {
+          this[key] = moment().format('YYYY/MM/DD HH:mm:ss');
+        }
+      });
+    }
+  }
+}

packages/server/src/modules/Accounts/Accounts.controller.ts

@@ -9,6 +9,7 @@ import {
   ParseIntPipe,
   Put,
   HttpCode,
+  UseGuards,
 } from '@nestjs/common';
 import { AccountsApplication } from './AccountsApplication.service';
 import { CreateAccountDTO } from './CreateAccount.dto';
@@ -32,6 +33,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { AccountAction } from './Accounts.types';
 
 @Controller('accounts')
 @ApiTags('Accounts')
@@ -40,11 +46,13 @@ import {
 @ApiExtraModels(GetAccountTransactionResponseDto)
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class AccountsController {
   constructor(private readonly accountsApplication: AccountsApplication) { }
 
   @Post('validate-bulk-delete')
   @HttpCode(200)
+  @RequirePermission(AccountAction.DELETE, AbilitySubject.Account)
   @ApiOperation({
     summary:
       'Validates which accounts can be deleted and returns counts of deletable and non-deletable accounts.',
@@ -67,6 +75,7 @@ export class AccountsController {
 
   @Post('bulk-delete')
   @HttpCode(200)
+  @RequirePermission(AccountAction.DELETE, AbilitySubject.Account)
   @ApiOperation({ summary: 'Deletes multiple accounts in bulk.' })
   @ApiResponse({
     status: 200,
@@ -81,6 +90,7 @@ export class AccountsController {
   }
 
   @Post()
+  @RequirePermission(AccountAction.CREATE, AbilitySubject.Account)
   @ApiOperation({ summary: 'Create an account' })
   @ApiResponse({
     status: 200,
@@ -91,6 +101,7 @@ export class AccountsController {
   }
 
   @Put(':id')
+  @RequirePermission(AccountAction.EDIT, AbilitySubject.Account)
   @ApiOperation({ summary: 'Edit the given account.' })
   @ApiResponse({
     status: 200,
@@ -111,6 +122,7 @@ export class AccountsController {
   }
 
   @Delete(':id')
+  @RequirePermission(AccountAction.DELETE, AbilitySubject.Account)
   @ApiOperation({ summary: 'Delete the given account.' })
   @ApiResponse({
     status: 200,
@@ -129,6 +141,7 @@ export class AccountsController {
 
   @Post(':id/activate')
   @HttpCode(200)
+  @RequirePermission(AccountAction.EDIT, AbilitySubject.Account)
   @ApiOperation({ summary: 'Activate the given account.' })
   @ApiResponse({
     status: 200,
@@ -147,6 +160,7 @@ export class AccountsController {
 
   @Post(':id/inactivate')
   @HttpCode(200)
+  @RequirePermission(AccountAction.EDIT, AbilitySubject.Account)
   @ApiOperation({ summary: 'Inactivate the given account.' })
   @ApiResponse({
     status: 200,
@@ -164,6 +178,7 @@ export class AccountsController {
   }
 
   @Get('types')
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the account types.' })
   @ApiResponse({
     status: 200,
@@ -180,6 +195,7 @@ export class AccountsController {
   }
 
   @Get('transactions')
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the account transactions.' })
   @ApiResponse({
     status: 200,
@@ -198,6 +214,7 @@ export class AccountsController {
   }
 
   @Get(':id')
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the account details.' })
   @ApiResponse({
     status: 200,
@@ -216,6 +233,7 @@ export class AccountsController {
   }
 
   @Get()
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the accounts.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Accounts/Accounts.module.ts

@@ -21,6 +21,7 @@ import { AccountsExportable } from './AccountsExportable.service';
 import { AccountsImportable } from './AccountsImportable.service';
 import { BulkDeleteAccountsService } from './BulkDeleteAccounts.service';
 import { ValidateBulkDeleteAccountsService } from './ValidateBulkDeleteAccounts.service';
+import { AccountsSettingsService } from './AccountsSettings.service';
 
 const models = [RegisterTenancyModel(BankAccount)];
 
@@ -29,6 +30,7 @@ const models = [RegisterTenancyModel(BankAccount)];
   controllers: [AccountsController],
   providers: [
     AccountsApplication,
+    AccountsSettingsService,
     CreateAccountService,
     TenancyContext,
     CommandAccountValidators,
@@ -49,9 +51,10 @@ const models = [RegisterTenancyModel(BankAccount)];
   exports: [
     AccountRepository,
     CreateAccountService,
+    AccountsSettingsService,
     ...models,
     AccountsExportable,
-    AccountsImportable
+    AccountsImportable,
   ],
 })
 export class AccountsModule {}

packages/server/src/modules/Accounts/AccountsSettings.service.ts

@@ -0,0 +1,33 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { SettingsStore } from '../Settings/SettingsStore';
+import { SETTINGS_PROVIDER } from '../Settings/Settings.types';
+
+export interface IAccountsSettings {
+  accountCodeRequired: boolean;
+  accountCodeUnique: boolean;
+}
+
+@Injectable()
+export class AccountsSettingsService {
+  constructor(
+    @Inject(SETTINGS_PROVIDER)
+    private readonly settingsStore: () => SettingsStore,
+  ) {}
+
+  /**
+   * Retrieves account settings (account code required, account code unique).
+   */
+  public async getAccountsSettings(): Promise<IAccountsSettings> {
+    const settingsStore = await this.settingsStore();
+    return {
+      accountCodeRequired: settingsStore.get(
+        { group: 'accounts', key: 'account_code_required' },
+        false,
+      ),
+      accountCodeUnique: settingsStore.get(
+        { group: 'accounts', key: 'account_code_unique' },
+        true,
+      ),
+    };
+  }
+}

packages/server/src/modules/Accounts/CommandAccountValidators.service.ts

@@ -106,6 +106,20 @@ export class CommandAccountValidators {
     }
   }
 
+  /**
+   * Throws error if account code is missing or blank when required.
+   * @param {string|undefined} code - Account code.
+   */
+  public validateAccountCodeRequiredOrThrow(code: string | undefined) {
+    const trimmed = typeof code === 'string' ? code.trim() : '';
+    if (!trimmed) {
+      throw new ServiceError(
+        ERRORS.ACCOUNT_CODE_REQUIRED,
+        'Account code is required.',
+      );
+    }
+  }
+
   /**
    * Validates the account name uniquiness.
    * @param {string} accountName - Account name.

packages/server/src/modules/Accounts/CreateAccount.service.ts

@@ -15,6 +15,7 @@ import { events } from '@/common/events/events';
 import { CreateAccountDTO } from './CreateAccount.dto';
 import { PartialModelObject } from 'objection';
 import { TenantModelProxy } from '../System/models/TenantBaseModel';
+import { AccountsSettingsService } from './AccountsSettings.service';
 
 @Injectable()
 export class CreateAccountService {
@@ -32,6 +33,7 @@ export class CreateAccountService {
     private readonly uow: UnitOfWork,
     private readonly validator: CommandAccountValidators,
     private readonly tenancyContext: TenancyContext,
+    private readonly accountsSettings: AccountsSettingsService,
   ) {}
 
   /**
@@ -43,14 +45,21 @@ export class CreateAccountService {
     baseCurrency: string,
     params?: CreateAccountParams,
   ) => {
+    const { accountCodeRequired, accountCodeUnique } =
+      await this.accountsSettings.getAccountsSettings();
+
+    // Validate account code required when setting is enabled.
+    if (accountCodeRequired) {
+      this.validator.validateAccountCodeRequiredOrThrow(accountDTO.code);
+    }
+    // Validate the account code uniquiness when setting is enabled.
+    if (accountCodeUnique && accountDTO.code?.trim()) {
+      await this.validator.isAccountCodeUniqueOrThrowError(accountDTO.code);
+    }
     // Validate account name uniquiness.
     if (!params.ignoreUniqueName) {
       await this.validator.validateAccountNameUniquiness(accountDTO.name);
     }
-    // Validate the account code uniquiness.
-    if (accountDTO.code) {
-      await this.validator.isAccountCodeUniqueOrThrowError(accountDTO.code);
-    }
     // Retrieve the account type meta or throw service error if not found.
     this.validator.getAccountTypeOrThrowError(accountDTO.accountType);
 

packages/server/src/modules/Accounts/EditAccount.service.ts

@@ -7,6 +7,7 @@ import { UnitOfWork } from '../Tenancy/TenancyDB/UnitOfWork.service';
 import { events } from '@/common/events/events';
 import { EditAccountDTO } from './EditAccount.dto';
 import { TenantModelProxy } from '../System/models/TenantBaseModel';
+import { AccountsSettingsService } from './AccountsSettings.service';
 
 @Injectable()
 export class EditAccount {
@@ -17,7 +18,8 @@ export class EditAccount {
 
     @Inject(Account.name)
     private readonly accountModel: TenantModelProxy<typeof Account>,
-  ) { }
+    private readonly accountsSettings: AccountsSettingsService,
+  ) {}
 
   /**
    * Authorize the account editing.
@@ -30,6 +32,24 @@ export class EditAccount {
     accountDTO: EditAccountDTO,
     oldAccount: Account,
   ) => {
+    const { accountCodeRequired, accountCodeUnique } =
+      await this.accountsSettings.getAccountsSettings();
+
+    // Validate account code required when setting is enabled.
+    if (accountCodeRequired) {
+      this.validator.validateAccountCodeRequiredOrThrow(accountDTO.code);
+    }
+    // Validate the account code uniquiness when setting is enabled.
+    if (
+      accountCodeUnique &&
+      accountDTO.code?.trim() &&
+      accountDTO.code !== oldAccount.code
+    ) {
+      await this.validator.isAccountCodeUniqueOrThrowError(
+        accountDTO.code,
+        oldAccount.id,
+      );
+    }
     // Validate account name uniquiness.
     await this.validator.validateAccountNameUniquiness(
       accountDTO.name,
@@ -40,13 +60,6 @@ export class EditAccount {
       oldAccount,
       accountDTO,
     );
-    // Validate the account code not exists on the storage.
-    if (accountDTO.code && accountDTO.code !== oldAccount.code) {
-      await this.validator.isAccountCodeUniqueOrThrowError(
-        accountDTO.code,
-        oldAccount.id,
-      );
-    }
     // Retrieve the parent account of throw not found service error.
     if (accountDTO.parentAccountId) {
       const parentAccount = await this.validator.getParentAccountOrThrowError(

packages/server/src/modules/Accounts/constants.ts

@@ -3,6 +3,7 @@ export const ERRORS = {
   ACCOUNT_TYPE_NOT_FOUND: 'account_type_not_found',
   PARENT_ACCOUNT_NOT_FOUND: 'parent_account_not_found',
   ACCOUNT_CODE_NOT_UNIQUE: 'account_code_not_unique',
+  ACCOUNT_CODE_REQUIRED: 'account_code_required',
   ACCOUNT_NAME_NOT_UNIQUE: 'account_name_not_unqiue',
   PARENT_ACCOUNT_HAS_DIFFERENT_TYPE: 'parent_has_different_type',
   ACCOUNT_TYPE_NOT_ALLOWED_TO_CHANGE: 'account_type_not_allowed_to_changed',

packages/server/src/modules/Attachments/LinkAttachment.ts

@@ -1,5 +1,5 @@
 import { ModuleRef } from '@nestjs/core';
-import bluebird from 'bluebird';
+import * as bluebird from 'bluebird';
 import { Knex } from 'knex';
 import {
   validateLinkModelEntryExists,
@@ -53,7 +53,8 @@ export class LinkAttachment {
     const foundLinkModel = await LinkModel().query(trx).findById(modelId);
     validateLinkModelEntryExists(foundLinkModel);
 
-    const foundLinks = await this.documentLinkModel().query(trx)
+    const foundLinks = await this.documentLinkModel()
+      .query(trx)
       .where('modelRef', modelRef)
       .where('modelId', modelId)
       .where('documentId', foundFile.id);

packages/server/src/modules/Auth/Auth.controller.ts

@@ -65,7 +65,7 @@ export class AuthController {
     return this.authApp.signUp(signupDto);
   }
 
-  @Post('/signup/confirm')
+  @Post('/signup/verify')
   @ApiOperation({ summary: 'Confirm user signup' })
   @ApiBody({
     schema: {

packages/server/src/modules/Auth/AuthMailMessages.esrvice.ts

@@ -20,7 +20,7 @@ export class AuthenticationMailMesssages {
    * @returns {Mail}
    */
   resetPasswordMessage(user: ModelObject<SystemUser>, token: string) {
-    const baseURL = this.configService.get('baseURL');
+    const baseURL = this.configService.get('app.baseUrl');
 
     return new Mail()
       .setSubject('Bigcapital - Password Reset')
@@ -54,7 +54,7 @@ export class AuthenticationMailMesssages {
    * @returns {Mail}
    */
   signupVerificationMail(email: string, fullName: string, token: string) {
-    const baseURL = this.configService.get('baseURL');
+    const baseURL = this.configService.get('app.baseUrl');
     const verifyUrl = `${baseURL}/auth/email_confirmation?token=${token}&email=${email}`;
 
     return new Mail()

packages/server/src/modules/Auth/Authed.controller.ts

@@ -7,17 +7,13 @@ import {
 import { GetAuthenticatedAccount } from './queries/GetAuthedAccount.service';
 import { Controller, Get, Post } from '@nestjs/common';
 import { Throttle } from '@nestjs/throttler';
-import { IgnoreTenantSeededRoute } from '../Tenancy/EnsureTenantIsSeeded.guards';
-import { IgnoreTenantInitializedRoute } from '../Tenancy/EnsureTenantIsInitialized.guard';
+import { TenantAgnosticRoute } from '../Tenancy/TenancyGlobal.guard';
 import { AuthenticationApplication } from './AuthApplication.sevice';
-import { TenancyContext } from '../Tenancy/TenancyContext.service';
 import { IgnoreUserVerifiedRoute } from './guards/EnsureUserVerified.guard';
 
 @Controller('/auth')
 @ApiTags('Auth')
-@ApiExcludeController()
-@IgnoreTenantSeededRoute()
-@IgnoreTenantInitializedRoute()
+@TenantAgnosticRoute()
 @IgnoreUserVerifiedRoute()
 @Throttle({ auth: {} })
 export class AuthedController {

packages/server/src/modules/Auth/commands/AuthSignup.service.ts

@@ -13,7 +13,6 @@ import {
   IAuthSignedUpEventPayload,
   IAuthSigningUpEventPayload,
 } from '../Auth.interfaces';
-import { defaultTo } from 'ramda';
 import { ERRORS } from '../Auth.constants';
 import { hashPassword } from '../Auth.utils';
 import { ClsService } from 'nestjs-cls';
@@ -51,7 +50,7 @@ export class AuthSignupService {
     const signupConfirmation = this.configService.get('signupConfirmation');
 
     const verifyTokenCrypto = crypto.randomBytes(64).toString('hex');
-    const verifiedEnabed = defaultTo(signupConfirmation.enabled, false);
+    const verifiedEnabed = signupConfirmation.enabled ?? false;
     const verifyToken = verifiedEnabed ? verifyTokenCrypto : '';
     const verified = !verifiedEnabed;
     

packages/server/src/modules/Auth/commands/AuthSignupConfirmResend.service.ts

@@ -4,7 +4,6 @@ import { SystemUser } from '@/modules/System/models/SystemUser';
 import { ServiceError } from '@/modules/Items/ServiceError';
 import { ERRORS } from '../Auth.constants';
 import { events } from '@/common/events/events';
-import { ModelObject } from 'objection';
 import { ISignUpConfigmResendedEventPayload } from '../Auth.interfaces';
 import { TenancyContext } from '@/modules/Tenancy/TenancyContext.service';
 

packages/server/src/modules/BankRules/dtos/BankRule.dto.ts

@@ -16,7 +16,7 @@ import { ToNumber } from '@/common/decorators/Validators';
 
 class BankRuleConditionDto {
   @IsNotEmpty()
-  @IsIn(['description', 'amount'])
+  @IsIn(['description', 'amount', 'payee'])
   field: string;
 
   @IsNotEmpty()

packages/server/src/modules/BankingTranasctionsRegonize/_types.ts

@@ -15,8 +15,13 @@ export const RecognizeUncategorizedTransactionsJob =
 export const RecognizeUncategorizedTransactionsQueue =
   'recognize-uncategorized-transactions-queue';
 
-
 export interface RecognizeUncategorizedTransactionsJobPayload extends TenantJobPayload {
   ruleId: number,
-  transactionsCriteria: any;
+  transactionsCriteria?: RecognizeTransactionsCriteria;
+  /**
+   * When true, first reverts recognized transactions before recognizing again.
+   * Used when a bank rule is edited to ensure transactions previously recognized
+   * by lower-priority rules are re-evaluated against the updated rule.
+   */
+  shouldRevert?: boolean;
 }

packages/server/src/modules/BankingTranasctionsRegonize/commands/RecognizeTranasctions.service.ts

@@ -93,6 +93,10 @@ export class RecognizeTranasctionsService {
           q.whereIn('id', rulesIds);
         }
         q.withGraphFetched('conditions');
+
+        // Order by the 'order' field to ensure higher priority rules (lower order values)
+        // are matched first.
+        q.orderBy('order', 'asc');
       });
 
     const bankRulesByAccountId = transformToMapBy(

packages/server/src/modules/BankingTranasctionsRegonize/events/TriggerRecognizedTransactions.ts

@@ -69,10 +69,13 @@ export class TriggerRecognizedTransactionsSubscriber {
     const tenantPayload = await this.tenancyContect.getTenantJobPayload();
     const payload = {
       ruleId: bankRule.id,
+      shouldRevert: true,
       ...tenantPayload,
     } as RecognizeUncategorizedTransactionsJobPayload;
 
     // Re-recognize the transactions based on the new rules.
+    // Setting shouldRevert to true ensures that transactions previously recognized
+    // by this or lower-priority rules are re-evaluated against the updated rule.
     await this.recognizeTransactionsQueue.add(
       RecognizeUncategorizedTransactionsJob,
       payload,

packages/server/src/modules/BankingTranasctionsRegonize/jobs/RecognizeTransactionsJob.ts

@@ -3,6 +3,7 @@ import { Processor, WorkerHost } from '@nestjs/bullmq';
 import { Scope } from '@nestjs/common';
 import { ClsService, UseCls } from 'nestjs-cls';
 import { RecognizeTranasctionsService } from '../commands/RecognizeTranasctions.service';
+import { RevertRecognizedTransactionsService } from '../commands/RevertRecognizedTransactions.service';
 import {
   RecognizeUncategorizedTransactionsJobPayload,
   RecognizeUncategorizedTransactionsQueue,
@@ -15,10 +16,12 @@ import {
 export class RegonizeTransactionsPrcessor extends WorkerHost {
   /**
    * @param {RecognizeTranasctionsService} recognizeTranasctionsService -
+   * @param {RevertRecognizedTransactionsService} revertRecognizedTransactionsService -
    * @param {ClsService} clsService -
    */
   constructor(
     private readonly recognizeTranasctionsService: RecognizeTranasctionsService,
+    private readonly revertRecognizedTransactionsService: RevertRecognizedTransactionsService,
     private readonly clsService: ClsService,
   ) {
     super();
@@ -29,12 +32,21 @@ export class RegonizeTransactionsPrcessor extends WorkerHost {
    */
   @UseCls()
   async process(job: Job<RecognizeUncategorizedTransactionsJobPayload>) {
-    const { ruleId, transactionsCriteria } = job.data;
+    const { ruleId, transactionsCriteria, shouldRevert } = job.data;
 
     this.clsService.set('organizationId', job.data.organizationId);
     this.clsService.set('userId', job.data.userId);
 
     try {
+      // If shouldRevert is true, first revert recognized transactions before re-recognizing.
+      // This is used when a bank rule is edited to ensure transactions previously recognized
+      // by lower-priority rules are re-evaluated against the updated rule.
+      if (shouldRevert) {
+        await this.revertRecognizedTransactionsService.revertRecognizedTransactions(
+          ruleId,
+          transactionsCriteria,
+        );
+      }
       await this.recognizeTranasctionsService.recognizeTransactions(
         ruleId,
         transactionsCriteria,

packages/server/src/modules/BankingTransactions/BankingTransactions.module.ts

@@ -24,6 +24,7 @@ import { GetBankAccountsService } from './queries/GetBankAccounts.service';
 import { DynamicListModule } from '../DynamicListing/DynamicList.module';
 import { BankAccount } from './models/BankAccount';
 import { LedgerModule } from '../Ledger/Ledger.module';
+import { TenancyModule } from '../Tenancy/Tenancy.module';
 import { GetBankAccountTransactionsService } from './queries/GetBankAccountTransactions/GetBankAccountTransactions.service';
 import { GetBankAccountTransactionsRepository } from './queries/GetBankAccountTransactions/GetBankAccountTransactionsRepo.service';
 import { GetUncategorizedTransactions } from './queries/GetUncategorizedTransactions';
@@ -46,6 +47,7 @@ const models = [
     LedgerModule,
     BranchesModule,
     DynamicListModule,
+    TenancyModule,
     ...models,
   ],
   controllers: [

packages/server/src/modules/BankingTransactions/constants.ts

@@ -27,7 +27,7 @@ export enum CASHFLOW_DIRECTION {
 }
 
 export enum CASHFLOW_TRANSACTION_TYPE {
-  ONWERS_DRAWING = 'OwnerDrawing',
+  OWNERS_DRAWING = 'OwnerDrawing',
   OWNER_CONTRIBUTION = 'OwnerContribution',
   OTHER_INCOME = 'OtherIncome',
   TRANSFER_FROM_ACCOUNT = 'TransferFromAccount',
@@ -36,7 +36,7 @@ export enum CASHFLOW_TRANSACTION_TYPE {
 }
 
 export const CASHFLOW_TRANSACTION_TYPE_META = {
-  [`${CASHFLOW_TRANSACTION_TYPE.ONWERS_DRAWING}`]: {
+  [`${CASHFLOW_TRANSACTION_TYPE.OWNERS_DRAWING}`]: {
     type: 'OwnerDrawing',
     direction: CASHFLOW_DIRECTION.OUT,
     creditType: [ACCOUNT_TYPE.EQUITY],

packages/server/src/modules/BankingTransactions/queries/GetBankAccountTransactions/GetBankAccountTransactions.service.ts

@@ -4,12 +4,14 @@ import { GetBankAccountTransactionsRepository } from './GetBankAccountTransactio
 import { GetBankAccountTransactions } from './GetBankAccountTransactions';
 import { GetBankTransactionsQueryDto } from '../../dtos/GetBankTranasctionsQuery.dto';
 import { I18nService } from 'nestjs-i18n';
+import { TenancyContext } from '@/modules/Tenancy/TenancyContext.service';
 
 @Injectable()
 export class GetBankAccountTransactionsService {
   constructor(
     private readonly getBankAccountTransactionsRepository: GetBankAccountTransactionsRepository,
-    private readonly i18nService: I18nService
+    private readonly i18nService: I18nService,
+    private readonly tenancyContext: TenancyContext,
   ) {}
 
   /**
@@ -28,11 +30,16 @@ export class GetBankAccountTransactionsService {
 
     await this.getBankAccountTransactionsRepository.asyncInit();
 
+    // Retrieve the tenant metadata to get the date format.
+    const tenantMetadata = await this.tenancyContext.getTenantMetadata();
+    const dateFormat = tenantMetadata?.dateFormat;
+
     // Retrieve the computed report.
     const report = new GetBankAccountTransactions(
       this.getBankAccountTransactionsRepository,
       parsedQuery,
-      this.i18nService
+      this.i18nService,
+      dateFormat,
     );
     const transactions = report.reportData();
     const pagination = this.getBankAccountTransactionsRepository.pagination;

packages/server/src/modules/BankingTransactions/queries/GetBankAccountTransactions/GetBankAccountTransactions.ts

@@ -24,17 +24,20 @@ export class GetBankAccountTransactions extends FinancialSheet {
    * @param {IAccountTransaction[]} transactions -
    * @param {number} openingBalance -
    * @param {ICashflowAccountTransactionsQuery} query -
+   * @param {string} dateFormat - The date format from organization settings.
    */
   constructor(
     repo: GetBankAccountTransactionsRepository,
     query: ICashflowAccountTransactionsQuery,
     i18n: I18nService,
+    dateFormat?: string,
   ) {
     super();
 
     this.repo = repo;
     this.query = query;
     this.i18n = i18n;
+    this.dateFormat = dateFormat || this.dateFormat;
 
     this.runningBalance = runningBalance(this.repo.openingBalance);
   }
@@ -98,7 +101,7 @@ export class GetBankAccountTransactions extends FinancialSheet {
 
     return {
       date: transaction.date,
-      formattedDate: moment(transaction.date).format('YYYY-MM-DD'),
+      formattedDate: this.getDateFormatted(transaction.date),
 
       withdrawal: transaction.credit,
       deposit: transaction.debit,

packages/server/src/modules/BillLandedCosts/models/BillLandedCostEntry.ts

@@ -13,6 +13,13 @@ export class BillLandedCostEntry extends BaseModel {
     return 'bill_located_cost_entries';
   }
 
+  /**
+   * Timestamps columns.
+   */
+  get timestamps() {
+    return [];
+  }
+
   /**
    * Relationship mapping.
    */

packages/server/src/modules/BillPayments/BillPayments.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { BillPaymentsApplication } from './BillPaymentsApplication.service';
 import {
@@ -26,12 +27,18 @@ import { BillPaymentsPages } from './commands/BillPaymentsPages.service';
 import { BillPaymentResponseDto } from './dtos/BillPaymentResponse.dto';
 import { PaginatedResponseDto } from '@/common/dtos/PaginatedResults.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { IPaymentMadeAction } from './types/BillPayments.types';
 
 @Controller('bill-payments')
 @ApiTags('Bill Payments')
 @ApiExtraModels(BillPaymentResponseDto)
 @ApiExtraModels(PaginatedResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class BillPaymentsController {
   constructor(
     private billPaymentsApplication: BillPaymentsApplication,
@@ -39,12 +46,14 @@ export class BillPaymentsController {
   ) {}
 
   @Post()
+  @RequirePermission(IPaymentMadeAction.Create, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Create a new bill payment.' })
   public createBillPayment(@Body() billPaymentDTO: CreateBillPaymentDto) {
     return this.billPaymentsApplication.createBillPayment(billPaymentDTO);
   }
 
   @Delete(':billPaymentId')
+  @RequirePermission(IPaymentMadeAction.Delete, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Delete the given bill payment.' })
   @ApiParam({
     name: 'billPaymentId',
@@ -59,6 +68,7 @@ export class BillPaymentsController {
   }
 
   @Put(':billPaymentId')
+  @RequirePermission(IPaymentMadeAction.Edit, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Edit the given bill payment.' })
   @ApiParam({
     name: 'billPaymentId',
@@ -77,6 +87,7 @@ export class BillPaymentsController {
   }
 
   @Get('/new-page/entries')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({
     summary:
       'Retrieves the payable entries of the new page once vendor be selected.',
@@ -95,6 +106,7 @@ export class BillPaymentsController {
   }
 
   @Get(':billPaymentId/bills')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Retrieves the bills of the given bill payment.' })
   @ApiParam({
     name: 'billPaymentId',
@@ -107,6 +119,7 @@ export class BillPaymentsController {
   }
 
   @Get('/:billPaymentId/edit-page')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({
     summary: 'Retrieves the edit page of the given bill payment.',
   })
@@ -126,6 +139,7 @@ export class BillPaymentsController {
   }
 
   @Get(':billPaymentId')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Retrieves the bill payment details.' })
   @ApiResponse({
     status: 200,
@@ -145,6 +159,7 @@ export class BillPaymentsController {
   }
 
   @Get()
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Retrieves the bill payments list.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Bills/Bills.controller.ts

@@ -17,6 +17,7 @@ import {
   Get,
   Query,
   HttpCode,
+  UseGuards,
 } from '@nestjs/common';
 import { BillsApplication } from './Bills.application';
 import { IBillsFilter } from './Bills.types';
@@ -28,6 +29,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { BillAction } from './Bills.types';
 
 @Controller('bills')
 @ApiTags('Bills')
@@ -35,10 +41,12 @@ import {
 @ApiExtraModels(PaginatedResponseDto)
 @ApiCommonHeaders()
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class BillsController {
   constructor(private billsApplication: BillsApplication) { }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(BillAction.Delete, AbilitySubject.Bill)
   @ApiOperation({
     summary: 'Validate which bills can be deleted and return the results.',
   })
@@ -58,6 +66,7 @@ export class BillsController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(BillAction.Delete, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Deletes multiple bills.' })
   @HttpCode(200)
   @ApiResponse({
@@ -73,12 +82,14 @@ export class BillsController {
   }
 
   @Post()
+  @RequirePermission(BillAction.Create, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Create a new bill.' })
   createBill(@Body() billDTO: CreateBillDto) {
     return this.billsApplication.createBill(billDTO);
   }
 
   @Put(':id')
+  @RequirePermission(BillAction.Edit, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Edit the given bill.' })
   @ApiParam({
     name: 'id',
@@ -91,6 +102,7 @@ export class BillsController {
   }
 
   @Delete(':id')
+  @RequirePermission(BillAction.Delete, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Delete the given bill.' })
   @ApiParam({
     name: 'id',
@@ -103,6 +115,7 @@ export class BillsController {
   }
 
   @Get()
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Retrieves the bills.' })
   @ApiResponse({
     status: 200,
@@ -132,6 +145,7 @@ export class BillsController {
   }
 
   @Get(':id/payment-transactions')
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({
     summary: 'Retrieve the specific bill associated payment transactions.',
   })
@@ -146,6 +160,7 @@ export class BillsController {
   }
 
   @Get(':id')
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Retrieves the bill details.' })
   @ApiResponse({
     status: 200,
@@ -165,6 +180,7 @@ export class BillsController {
   }
 
   @Patch(':id/open')
+  @RequirePermission(BillAction.Edit, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Open the given bill.' })
   @ApiParam({
     name: 'id',
@@ -177,6 +193,7 @@ export class BillsController {
   }
 
   @Get('due')
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Retrieves the due bills.' })
   getDueBills(@Body('vendorId') vendorId?: number) {
     return this.billsApplication.getDueBills(vendorId);

packages/server/src/modules/Bills/dtos/BillResponse.dto.ts

@@ -1,6 +1,8 @@
 import { ApiProperty } from '@nestjs/swagger';
+import { Type } from 'class-transformer';
 import { ItemEntryDto } from '@/modules/TransactionItemEntry/dto/ItemEntry.dto';
 import { AttachmentLinkDto } from '@/modules/Attachments/dtos/Attachment.dto';
+import { BranchResponseDto } from '@/modules/Branches/dtos/BranchResponse.dto';
 import { DiscountType } from '@/common/types/Discount';
 
 export class BillResponseDto {
@@ -89,6 +91,14 @@ export class BillResponseDto {
   })
   branchId?: number;
 
+  @ApiProperty({
+    description: 'Branch details',
+    type: () => BranchResponseDto,
+    required: false,
+  })
+  @Type(() => BranchResponseDto)
+  branch?: BranchResponseDto;
+
   @ApiProperty({
     description: 'The ID of the project',
     example: 301,

packages/server/src/modules/Bills/queries/Bill.transformer.ts

@@ -30,6 +30,7 @@ export class BillTransformer extends Transformer {
       'taxes',
       'entries',
       'attachments',
+      'branch',
     ];
   };
 

packages/server/src/modules/Branches/Branches.module.ts

@@ -31,6 +31,12 @@ import { ValidateBranchExistance } from './integrations/ValidateBranchExistance'
 import { ManualJournalBranchesValidator } from './integrations/ManualJournals/ManualJournalsBranchesValidator';
 import { CashflowTransactionsActivateBranches } from './integrations/Cashflow/CashflowActivateBranches';
 import { ExpensesActivateBranches } from './integrations/Expense/ExpensesActivateBranches';
+import { BillActivateBranches } from './integrations/Purchases/BillBranchesActivate';
+import { VendorCreditActivateBranches } from './integrations/Purchases/VendorCreditBranchesActivate';
+import { BillPaymentsActivateBranches } from './integrations/Purchases/PaymentMadeBranchesActivate';
+import { BillBranchesActivateSubscriber } from './subscribers/Activate/BillBranchesActivateSubscriber';
+import { VendorCreditBranchesActivateSubscriber } from './subscribers/Activate/VendorCreditBranchesActivateSubscriber';
+import { PaymentMadeActivateBranchesSubscriber } from './subscribers/Activate/PaymentMadeBranchesActivateSubscriber';
 import { FeaturesModule } from '../Features/Features.module';
 
 @Module({
@@ -66,7 +72,13 @@ import { FeaturesModule } from '../Features/Features.module';
     ValidateBranchExistance,
     ManualJournalBranchesValidator,
     CashflowTransactionsActivateBranches,
-    ExpensesActivateBranches
+    ExpensesActivateBranches,
+    BillActivateBranches,
+    VendorCreditActivateBranches,
+    BillPaymentsActivateBranches,
+    BillBranchesActivateSubscriber,
+    VendorCreditBranchesActivateSubscriber,
+    PaymentMadeActivateBranchesSubscriber
   ],
   exports: [
     BranchesSettingsService,

packages/server/src/modules/Branches/integrations/Purchases/BillBranchesActivate.ts

@@ -1,11 +1,14 @@
 import { Knex } from 'knex';
-import { Injectable } from '@nestjs/common';
+import { Inject, Injectable } from '@nestjs/common';
 import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
 import { Bill } from '@/modules/Bills/models/Bill';
 
 @Injectable()
 export class BillActivateBranches {
-  constructor(private readonly billModel: TenantModelProxy<typeof Bill>) {}
+  constructor(
+    @Inject(Bill.name)
+    private readonly billModel: TenantModelProxy<typeof Bill>,
+  ) {}
 
   /**
    * Updates all bills transactions with the primary branch.
@@ -17,7 +20,7 @@ export class BillActivateBranches {
     primaryBranchId: number,
     trx?: Knex.Transaction,
   ) => {
-    // Updates the sale invoice with primary branch.
-    await Bill.query(trx).update({ branchId: primaryBranchId });
+    // Updates the bills with primary branch.
+    await this.billModel().query(trx).update({ branchId: primaryBranchId });
   };
 }

packages/server/src/modules/Branches/integrations/Purchases/PaymentMadeBranchesActivate.ts

@@ -1,11 +1,12 @@
 import { Knex } from 'knex';
+import { Inject, Injectable } from '@nestjs/common';
 import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
 import { BillPayment } from '@/modules/BillPayments/models/BillPayment';
-import { Injectable } from '@nestjs/common';
 
 @Injectable()
 export class BillPaymentsActivateBranches {
   constructor(
+    @Inject(BillPayment.name)
     private readonly billPaymentModel: TenantModelProxy<typeof BillPayment>,
   ) {}
 

packages/server/src/modules/Branches/integrations/Purchases/VendorCreditBranchesActivate.ts

@@ -1,11 +1,12 @@
 import { Knex } from 'knex';
-import { Injectable } from '@nestjs/common';
+import { Inject, Injectable } from '@nestjs/common';
 import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
 import { VendorCredit } from '@/modules/VendorCredit/models/VendorCredit';
 
 @Injectable()
 export class VendorCreditActivateBranches {
   constructor(
+    @Inject(VendorCredit.name)
     private readonly vendorCreditModel: TenantModelProxy<typeof VendorCredit>,
   ) {}
 

packages/server/src/modules/Branches/models/Branch.model.ts

@@ -29,7 +29,7 @@ export class Branch extends BaseModel{
    * Timestamps columns.
    */
   get timestamps() {
-    return ['created_at', 'updated_at'];
+    return ['createdAt', 'updatedAt'];
   }
 
   /**

packages/server/src/modules/Branches/subscribers/Activate/BillBranchesActivateSubscriber.ts

@@ -0,0 +1,28 @@
+import { IBranchesActivatedPayload } from '../../Branches.types';
+import { events } from '@/common/events/events';
+import { Injectable } from '@nestjs/common';
+import { BillActivateBranches } from '../../integrations/Purchases/BillBranchesActivate';
+import { OnEvent } from '@nestjs/event-emitter';
+
+@Injectable()
+export class BillBranchesActivateSubscriber {
+  constructor(
+    private readonly billActivateBranches: BillActivateBranches,
+  ) { }
+
+  /**
+   * Updates bills transactions with the primary branch once
+   * the multi-branches is activated.
+   * @param {IBranchesActivatedPayload}
+   */
+  @OnEvent(events.branch.onActivated)
+  async updateBillsWithBranchOnActivated({
+    primaryBranch,
+    trx,
+  }: IBranchesActivatedPayload) {
+    await this.billActivateBranches.updateBillsWithBranch(
+      primaryBranch.id,
+      trx,
+    );
+  }
+}

packages/server/src/modules/Branches/subscribers/Activate/VendorCreditBranchesActivateSubscriber.ts

@@ -0,0 +1,28 @@
+import { IBranchesActivatedPayload } from '../../Branches.types';
+import { events } from '@/common/events/events';
+import { Injectable } from '@nestjs/common';
+import { VendorCreditActivateBranches } from '../../integrations/Purchases/VendorCreditBranchesActivate';
+import { OnEvent } from '@nestjs/event-emitter';
+
+@Injectable()
+export class VendorCreditBranchesActivateSubscriber {
+  constructor(
+    private readonly vendorCreditActivateBranches: VendorCreditActivateBranches,
+  ) { }
+
+  /**
+   * Updates vendor credits transactions with the primary branch once
+   * the multi-branches is activated.
+   * @param {IBranchesActivatedPayload}
+   */
+  @OnEvent(events.branch.onActivated)
+  async updateVendorCreditsWithBranchOnActivated({
+    primaryBranch,
+    trx,
+  }: IBranchesActivatedPayload) {
+    await this.vendorCreditActivateBranches.updateVendorCreditsWithBranch(
+      primaryBranch.id,
+      trx,
+    );
+  }
+}

packages/server/src/modules/Contacts/types/Contacts.types.ts

@@ -10,7 +10,7 @@ export interface IContactAddress {
   billingAddressCity: string;
   billingAddressCountry: string;
   billingAddressEmail: string;
-  billingAddressZipcode: string;
+  billingAddressPostcode: string;
   billingAddressPhone: string;
   billingAddressState: string;
 
@@ -19,7 +19,7 @@ export interface IContactAddress {
   shippingAddressCity: string;
   shippingAddressCountry: string;
   shippingAddressEmail: string;
-  shippingAddressZipcode: string;
+  shippingAddressPostcode: string;
   shippingAddressPhone: string;
   shippingAddressState: string;
 }
@@ -29,7 +29,7 @@ export interface IContactAddressDTO {
   billingAddressCity?: string;
   billingAddressCountry?: string;
   billingAddressEmail?: string;
-  billingAddressZipcode?: string;
+  billingAddressPostcode?: string;
   billingAddressPhone?: string;
   billingAddressState?: string;
 
@@ -38,7 +38,7 @@ export interface IContactAddressDTO {
   shippingAddressCity?: string;
   shippingAddressCountry?: string;
   shippingAddressEmail?: string;
-  shippingAddressZipcode?: string;
+  shippingAddressPostcode?: string;
   shippingAddressPhone?: string;
   shippingAddressState?: string;
 }

packages/server/src/modules/CreditNoteRefunds/CreditNoteRefunds.controller.ts

@@ -1,20 +1,35 @@
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
-import { Body, Controller, Delete, Get, Param, Post } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
 import { ICreditNoteRefundDTO } from '../CreditNotes/types/CreditNotes.types';
 import { CreditNotesRefundsApplication } from './CreditNotesRefundsApplication.service';
 import { RefundCreditNote } from './models/RefundCreditNote';
 import { CreditNoteRefundDto } from './dto/CreditNoteRefund.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CreditNoteAction } from '../CreditNotes/types/CreditNotes.types';
 
 @Controller('credit-notes')
 @ApiTags('Credit Note Refunds')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CreditNoteRefundsController {
   constructor(
     private readonly creditNotesRefundsApplication: CreditNotesRefundsApplication,
   ) {}
 
   @Get(':creditNoteId/refunds')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Retrieve the credit note graph.' })
   getCreditNoteRefunds(@Param('creditNoteId') creditNoteId: number) {
     return this.creditNotesRefundsApplication.getCreditNoteRefunds(
@@ -29,6 +44,7 @@ export class CreditNoteRefundsController {
    * @returns {Promise<RefundCreditNote>}
    */
   @Post(':creditNoteId/refunds')
+  @RequirePermission(CreditNoteAction.Refund, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Create a refund for the given credit note.' })
   createRefundCreditNote(
     @Param('creditNoteId') creditNoteId: number,
@@ -46,6 +62,7 @@ export class CreditNoteRefundsController {
    * @returns {Promise<void>}
    */
   @Delete('refunds/:refundCreditId')
+  @RequirePermission(CreditNoteAction.Refund, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Delete a refund for the given credit note.' })
   deleteRefundCreditNote(
     @Param('refundCreditId') refundCreditId: number,

packages/server/src/modules/CreditNoteRefunds/models/RefundCreditNote.ts

@@ -34,7 +34,7 @@ export class RefundCreditNote extends BaseModel {
    * Timestamps columns.
    */
   get timestamps() {
-    return ['created_at', 'updated_at'];
+    return ['createdAt', 'updatedAt'];
   }
 
   /**

packages/server/src/modules/CreditNotes/CreditNotes.controller.ts

@@ -18,6 +18,7 @@ import {
   Put,
   Query,
   Res,
+  UseGuards,
 } from '@nestjs/common';
 import { CreditNoteApplication } from './CreditNoteApplication.service';
 import { ICreditNotesQueryDTO } from './types/CreditNotes.types';
@@ -30,6 +31,11 @@ import {
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
 import { AcceptType } from '@/constants/accept-type';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CreditNoteAction } from './types/CreditNotes.types';
 
 @Controller('credit-notes')
 @ApiTags('Credit Notes')
@@ -37,6 +43,7 @@ import { AcceptType } from '@/constants/accept-type';
 @ApiExtraModels(PaginatedResponseDto)
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CreditNotesController {
   /**
    * @param {CreditNoteApplication} creditNoteApplication - The credit note application service.
@@ -44,6 +51,7 @@ export class CreditNotesController {
   constructor(private creditNoteApplication: CreditNoteApplication) { }
 
   @Post()
+  @RequirePermission(CreditNoteAction.Create, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Create a new credit note' })
   @ApiResponse({ status: 201, description: 'Credit note successfully created' })
   @ApiResponse({ status: 400, description: 'Invalid input data' })
@@ -52,6 +60,7 @@ export class CreditNotesController {
   }
 
   @Get('state')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Get credit note state' })
   @ApiResponse({ status: 200, description: 'Returns the credit note state' })
   getCreditNoteState() {
@@ -59,6 +68,7 @@ export class CreditNotesController {
   }
 
   @Get(':id')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Get a specific credit note by ID' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({
@@ -92,6 +102,7 @@ export class CreditNotesController {
   }
 
   @Get()
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Get all credit notes' })
   @ApiResponse({
     status: 200,
@@ -115,6 +126,7 @@ export class CreditNotesController {
   }
 
   @Put(':id')
+  @RequirePermission(CreditNoteAction.Edit, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Update a credit note' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({ status: 200, description: 'Credit note successfully updated' })
@@ -131,6 +143,7 @@ export class CreditNotesController {
   }
 
   @Put(':id/open')
+  @RequirePermission(CreditNoteAction.Edit, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Open a credit note' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({ status: 200, description: 'Credit note successfully opened' })
@@ -140,6 +153,7 @@ export class CreditNotesController {
   }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(CreditNoteAction.Delete, AbilitySubject.CreditNote)
   @ApiOperation({
     summary:
       'Validates which credit notes can be deleted and returns the results.',
@@ -161,6 +175,7 @@ export class CreditNotesController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(CreditNoteAction.Delete, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Deletes multiple credit notes.' })
   @ApiResponse({
     status: 200,
@@ -173,6 +188,7 @@ export class CreditNotesController {
   }
 
   @Delete(':id')
+  @RequirePermission(CreditNoteAction.Delete, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Delete a credit note' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({ status: 200, description: 'Credit note successfully deleted' })

packages/server/src/modules/CreditNotes/models/CreditNote.ts

@@ -56,7 +56,7 @@ export class CreditNote extends TenantBaseModel {
    * Timestamps columns.
    */
   get timestamps() {
-    return ['created_at', 'updated_at'];
+    return ['createdAt', 'updatedAt'];
   }
 
   /**

packages/server/src/modules/CreditNotesApplyInvoice/CreditNotesApplyInvoice.controller.ts

@@ -1,15 +1,39 @@
-import { Body, Controller, Get, Param, Post } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
 import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { GetCreditNoteAssociatedAppliedInvoices } from './queries/GetCreditNoteAssociatedAppliedInvoices.service';
+import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CreditNoteAction } from '../CreditNotes/types/CreditNotes.types';
+import { GetCreditNoteAssociatedInvoicesToApply } from './queries/GetCreditNoteAssociatedInvoicesToApply.service';
+import { CreditNoteApplyToInvoices } from './commands/CreditNoteApplyToInvoices.service';
+import { DeleteCreditNoteApplyToInvoices } from './commands/DeleteCreditNoteApplyToInvoices.service';
+import { ApplyCreditNoteToInvoicesDto } from './dtos/ApplyCreditNoteToInvoices.dto';
 
 @Controller('credit-notes')
 @ApiTags('Credit Notes Apply Invoice')
+@ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CreditNotesApplyInvoiceController {
   constructor(
     private readonly getCreditNoteAssociatedAppliedInvoicesService: GetCreditNoteAssociatedAppliedInvoices,
+    private readonly getCreditNoteAssociatedInvoicesToApplyService: GetCreditNoteAssociatedInvoicesToApply,
+    private readonly creditNoteApplyToInvoicesService: CreditNoteApplyToInvoices,
+    private readonly deleteCreditNoteApplyToInvoicesService: DeleteCreditNoteApplyToInvoices,
   ) {}
 
   @Get(':creditNoteId/applied-invoices')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Applied credit note to invoices' })
   @ApiResponse({
     status: 200,
@@ -23,7 +47,25 @@ export class CreditNotesApplyInvoiceController {
     );
   }
 
+  @Get(':creditNoteId/apply-invoices')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
+  @ApiOperation({ summary: 'Get credit note associated invoices to apply' })
+  @ApiResponse({
+    status: 200,
+    description: 'Credit note associated invoices to apply',
+  })
+  @ApiResponse({ status: 404, description: 'Credit note not found' })
+  @ApiResponse({ status: 400, description: 'Invalid input data' })
+  getCreditNoteAssociatedInvoicesToApply(
+    @Param('creditNoteId') creditNoteId: number,
+  ) {
+    return this.getCreditNoteAssociatedInvoicesToApplyService.getCreditAssociatedInvoicesToApply(
+      creditNoteId,
+    );
+  }
+
   @Post(':creditNoteId/apply-invoices')
+  @RequirePermission(CreditNoteAction.Edit, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Apply credit note to invoices' })
   @ApiResponse({
     status: 200,
@@ -31,9 +73,32 @@ export class CreditNotesApplyInvoiceController {
   })
   @ApiResponse({ status: 404, description: 'Credit note not found' })
   @ApiResponse({ status: 400, description: 'Invalid input data' })
-  applyCreditNoteToInvoices(@Param('creditNoteId') creditNoteId: number) {
-    return this.getCreditNoteAssociatedAppliedInvoicesService.getCreditAssociatedAppliedInvoices(
+  applyCreditNoteToInvoices(
+    @Param('creditNoteId') creditNoteId: number,
+    @Body() applyDto: ApplyCreditNoteToInvoicesDto,
+  ) {
+    return this.creditNoteApplyToInvoicesService.applyCreditNoteToInvoices(
       creditNoteId,
+      applyDto,
+    );
+  }
+
+  @Delete('applied-invoices/:applyCreditToInvoicesId')
+  @RequirePermission(CreditNoteAction.Edit, AbilitySubject.CreditNote)
+  @ApiOperation({ summary: 'Delete applied credit note to invoice' })
+  @ApiResponse({
+    status: 200,
+    description: 'Credit note application successfully deleted',
+  })
+  @ApiResponse({
+    status: 404,
+    description: 'Credit note application not found',
+  })
+  deleteApplyCreditNoteToInvoices(
+    @Param('applyCreditToInvoicesId') applyCreditToInvoicesId: number,
+  ) {
+    return this.deleteCreditNoteApplyToInvoicesService.deleteApplyCreditNoteToInvoices(
+      applyCreditToInvoicesId,
     );
   }
 }

packages/server/src/modules/CreditNotesApplyInvoice/CreditNotesApplyInvoice.module.ts

@@ -9,6 +9,8 @@ import { CreditNotesModule } from '../CreditNotes/CreditNotes.module';
 import { GetCreditNoteAssociatedAppliedInvoices } from './queries/GetCreditNoteAssociatedAppliedInvoices.service';
 import { GetCreditNoteAssociatedInvoicesToApply } from './queries/GetCreditNoteAssociatedInvoicesToApply.service';
 import { CreditNotesApplyInvoiceController } from './CreditNotesApplyInvoice.controller';
+import { CreditNoteApplySyncCreditSubscriber } from './subscribers/CreditNoteApplySyncCreditSubscriber';
+import { CreditNoteApplySyncInvoicesCreditedAmountSubscriber } from './subscribers/CreditNoteApplySyncInvoicesSubscriber';
 
 @Module({
   providers: [
@@ -19,6 +21,8 @@ import { CreditNotesApplyInvoiceController } from './CreditNotesApplyInvoice.con
     CreditNoteApplySyncCredit,
     GetCreditNoteAssociatedAppliedInvoices,
     GetCreditNoteAssociatedInvoicesToApply,
+    CreditNoteApplySyncCreditSubscriber,
+    CreditNoteApplySyncInvoicesCreditedAmountSubscriber,
   ],
   exports: [DeleteCustomerLinkedCreditNoteService],
   imports: [PaymentsReceivedModule, forwardRef(() => CreditNotesModule)],

packages/server/src/modules/CreditNotesApplyInvoice/commands/CreditNoteApplySyncInvoices.service.ts

@@ -1,6 +1,6 @@
 import { Knex } from 'knex';
 import { Injectable, Inject } from '@nestjs/common';
-import Bluebird from 'bluebird';
+import * as Bluebird from 'bluebird';
 import { ICreditNoteAppliedToInvoice } from '../types/CreditNoteApplyInvoice.types';
 import { SaleInvoice } from '@/modules/SaleInvoices/models/SaleInvoice';
 import { CreditNoteAppliedInvoice } from '../models/CreditNoteAppliedInvoice';

packages/server/src/modules/CreditNotesApplyInvoice/commands/CreditNoteApplyToInvoices.service.ts

@@ -2,6 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
 import { Knex } from 'knex';
 import { sumBy } from 'lodash';
 import {
+  ICreditNoteAppliedToInvoice,
   ICreditNoteAppliedToInvoiceModel,
   IApplyCreditToInvoicesDTO,
   IApplyCreditToInvoicesCreatedPayload,
@@ -17,6 +18,7 @@ import { CreditNote } from '@/modules/CreditNotes/models/CreditNote';
 import { CreditNoteAppliedInvoice } from '../models/CreditNoteAppliedInvoice';
 import { CommandCreditNoteDTOTransform } from '@/modules/CreditNotes/commands/CommandCreditNoteDTOTransform.service';
 import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
+import { ApplyCreditNoteToInvoicesDto } from '../dtos/ApplyCreditNoteToInvoices.dto';
 
 @Injectable()
 export class CreditNoteApplyToInvoices {
@@ -48,7 +50,7 @@ export class CreditNoteApplyToInvoices {
    */
   public async applyCreditNoteToInvoices(
     creditNoteId: number,
-    applyCreditToInvoicesDTO: IApplyCreditToInvoicesDTO,
+    applyCreditToInvoicesDTO: ApplyCreditNoteToInvoicesDto,
   ): Promise<CreditNoteAppliedInvoice[]> {
     // Saves the credit note or throw not found service error.
     const creditNote = await this.creditNoteModel()
@@ -71,7 +73,7 @@ export class CreditNoteApplyToInvoices {
     // Validate invoices has remaining amount to apply.
     this.validateInvoicesRemainingAmount(
       appliedInvoicesEntries,
-      creditNoteAppliedModel.amount,
+      creditNoteAppliedModel.entries,
     );
     // Validate the credit note remaining amount.
     this.creditNoteDTOTransform.validateCreditRemainingAmount(
@@ -122,18 +124,20 @@ export class CreditNoteApplyToInvoices {
   };
 
   /**
-   * Validate the invoice remaining amount.
+   * Validate each invoice has sufficient remaining amount for the applied credit.
    * @param {ISaleInvoice[]} invoices
-   * @param {number} amount
+   * @param {ICreditNoteAppliedToInvoice[]} entries
    */
   private validateInvoicesRemainingAmount = (
     invoices: SaleInvoice[],
-    amount: number,
+    entries: ICreditNoteAppliedToInvoice[],
   ) => {
-    const invalidInvoices = invoices.filter(
-      (invoice) => invoice.dueAmount < amount,
-    );
-    if (invalidInvoices.length > 0) {
+    const invoiceMap = new Map(invoices.map((inv) => [inv.id, inv]));
+    const invalidEntries = entries.filter((entry) => {
+      const invoice = invoiceMap.get(entry.invoiceId);
+      return invoice != null && invoice.dueAmount < entry.amount;
+    });
+    if (invalidEntries.length > 0) {
       throw new ServiceError(ERRORS.INVOICES_HAS_NO_REMAINING_AMOUNT);
     }
   };

packages/server/src/modules/CreditNotesApplyInvoice/dtos/ApplyCreditNoteToInvoices.dto.ts

@@ -0,0 +1,38 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { Type } from 'class-transformer';
+import {
+  ArrayMinSize,
+  IsArray,
+  IsInt,
+  IsNotEmpty,
+  IsNumber,
+  ValidateNested,
+} from 'class-validator';
+
+export class ApplyCreditNoteInvoiceEntryDto {
+  @IsNotEmpty()
+  @IsInt()
+  @ApiProperty({ description: 'Invoice ID to apply credit to', example: 1 })
+  invoiceId: number;
+
+  @IsNotEmpty()
+  @IsNumber()
+  @ApiProperty({ description: 'Amount to apply', example: 100.5 })
+  amount: number;
+}
+
+export class ApplyCreditNoteToInvoicesDto {
+  @IsArray()
+  @ArrayMinSize(1)
+  @ValidateNested({ each: true })
+  @Type(() => ApplyCreditNoteInvoiceEntryDto)
+  @ApiProperty({
+    description: 'Entries of invoice ID and amount to apply',
+    type: [ApplyCreditNoteInvoiceEntryDto],
+    example: [
+      { invoice_id: 1, amount: 100.5 },
+      { invoice_id: 2, amount: 50 },
+    ],
+  })
+  entries: ApplyCreditNoteInvoiceEntryDto[];
+}

packages/server/src/modules/CreditNotesApplyInvoice/models/CreditNoteAppliedInvoice.ts

@@ -26,7 +26,7 @@ export class CreditNoteAppliedInvoice extends BaseModel {
    * Timestamps columns.
    */
   get timestamps() {
-    return ['created_at', 'updated_at'];
+    return ['createdAt', 'updatedAt'];
   }
 
   /**

packages/server/src/modules/CreditNotesApplyInvoice/subscribers/CreditNoteApplySyncInvoicesSubscriber.ts

@@ -8,7 +8,7 @@ import { CreditNoteApplySyncInvoicesCreditedAmount } from '../commands/CreditNot
 import { events } from '@/common/events/events';
 
 @Injectable()
-export default class CreditNoteApplySyncInvoicesCreditedAmountSubscriber {
+export class CreditNoteApplySyncInvoicesCreditedAmountSubscriber {
   constructor(
     private readonly syncInvoicesWithCreditNote: CreditNoteApplySyncInvoicesCreditedAmount,
   ) {}

packages/server/src/modules/CreditNotesApplyInvoice/types/CreditNoteApplyInvoice.types.ts

@@ -29,6 +29,7 @@ export interface IApplyCreditToInvoicesDeletedPayload {
 export interface ICreditNoteAppliedToInvoice {
   amount: number;
   creditNoteId: number;
+  invoiceId: number;
 }
 export interface ICreditNoteAppliedToInvoiceModel {
   amount: number;

packages/server/src/modules/Customers/Customers.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { CustomersApplication } from './CustomersApplication.service';
 import { CustomerOpeningBalanceEditDto } from './dtos/CustomerOpeningBalanceEdit.dto';
@@ -26,15 +27,22 @@ import {
   ValidateBulkDeleteCustomersResponseDto,
 } from './dtos/BulkDeleteCustomers.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CustomerAction } from './types/Customers.types';
 
 @Controller('customers')
 @ApiTags('Customers')
 @ApiExtraModels(CustomerResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CustomersController {
   constructor(private customersApplication: CustomersApplication) { }
 
   @Get(':id')
+  @RequirePermission(CustomerAction.View, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Retrieves the customer details.' })
   @ApiResponse({
     status: 200,
@@ -46,6 +54,7 @@ export class CustomersController {
   }
 
   @Get()
+  @RequirePermission(CustomerAction.View, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Retrieves the customers paginated list.' })
   @ApiResponse({
     status: 200,
@@ -60,6 +69,7 @@ export class CustomersController {
   }
 
   @Post()
+  @RequirePermission(CustomerAction.Create, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Create a new customer.' })
   @ApiResponse({
     status: 201,
@@ -71,6 +81,7 @@ export class CustomersController {
   }
 
   @Put(':id')
+  @RequirePermission(CustomerAction.Edit, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Edit the given customer.' })
   @ApiResponse({
     status: 200,
@@ -85,6 +96,7 @@ export class CustomersController {
   }
 
   @Delete(':id')
+  @RequirePermission(CustomerAction.Delete, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Delete the given customer.' })
   @ApiResponse({
     status: 200,
@@ -95,6 +107,7 @@ export class CustomersController {
   }
 
   @Put(':id/opening-balance')
+  @RequirePermission(CustomerAction.Edit, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Edit the opening balance of the given customer.' })
   @ApiResponse({
     status: 200,
@@ -112,6 +125,7 @@ export class CustomersController {
   }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(CustomerAction.Delete, AbilitySubject.Customer)
   @ApiOperation({
     summary:
       'Validates which customers can be deleted and returns counts of deletable and non-deletable customers.',
@@ -131,6 +145,7 @@ export class CustomersController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(CustomerAction.Delete, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Deletes multiple customers in bulk.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Customers/dtos/ContactAddress.dto.ts

@@ -27,10 +27,10 @@ export class ContactAddressDto {
   @IsEmail()
   billingAddressEmail?: string;
 
-  @ApiProperty({ required: false, description: 'Billing address zipcode' })
+  @ApiProperty({ required: false, description: 'Billing address postcode' })
   @IsOptional()
   @IsString()
-  billingAddressZipcode?: string;
+  billingAddressPostcode?: string;
 
   @ApiProperty({ required: false, description: 'Billing address phone' })
   @IsOptional()
@@ -67,10 +67,10 @@ export class ContactAddressDto {
   @IsEmail()
   shippingAddressEmail?: string;
 
-  @ApiProperty({ required: false, description: 'Shipping address zipcode' })
+  @ApiProperty({ required: false, description: 'Shipping address postcode' })
   @IsOptional()
   @IsString()
-  shippingAddressZipcode?: string;
+  shippingAddressPostcode?: string;
 
   @ApiProperty({ required: false, description: 'Shipping address phone' })
   @IsOptional()

packages/server/src/modules/Expenses/Expenses.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { ExpensesApplication } from './ExpensesApplication.service';
 import { IExpensesFilter } from './Expenses.types';
@@ -25,6 +26,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ExpenseAction } from './Expenses.types';
 
 @Controller('expenses')
 @ApiTags('Expenses')
@@ -34,10 +40,12 @@ import {
   ValidateBulkDeleteResponseDto,
 )
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ExpensesController {
   constructor(private readonly expensesApplication: ExpensesApplication) { }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(ExpenseAction.Delete, AbilitySubject.Expense)
   @ApiOperation({
     summary: 'Validate which expenses can be deleted and return the results.',
   })
@@ -58,6 +66,7 @@ export class ExpensesController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(ExpenseAction.Delete, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Deletes multiple expenses.' })
   @ApiResponse({
     status: 200,
@@ -76,6 +85,7 @@ export class ExpensesController {
    * @param {IExpenseCreateDTO} expenseDTO
    */
   @Post()
+  @RequirePermission(ExpenseAction.Create, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Create a new expense transaction.' })
   public createExpense(@Body() expenseDTO: CreateExpenseDto) {
     return this.expensesApplication.createExpense(expenseDTO);
@@ -87,6 +97,7 @@ export class ExpensesController {
    * @param {IExpenseEditDTO} expenseDTO
    */
   @Put(':id')
+  @RequirePermission(ExpenseAction.Edit, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Edit the given expense transaction.' })
   public editExpense(
     @Param('id') expenseId: number,
@@ -100,6 +111,7 @@ export class ExpensesController {
    * @param {number} expenseId
    */
   @Delete(':id')
+  @RequirePermission(ExpenseAction.Delete, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Delete the given expense transaction.' })
   public deleteExpense(@Param('id') expenseId: number) {
     return this.expensesApplication.deleteExpense(expenseId);
@@ -110,6 +122,7 @@ export class ExpensesController {
    * @param {number} expenseId
    */
   @Post(':id/publish')
+  @RequirePermission(ExpenseAction.Edit, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Publish the given expense transaction.' })
   public publishExpense(@Param('id') expenseId: number) {
     return this.expensesApplication.publishExpense(expenseId);
@@ -119,6 +132,7 @@ export class ExpensesController {
    * Get the expense transaction details.
    */
   @Get()
+  @RequirePermission(ExpenseAction.View, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Get the expense transactions.' })
   @ApiResponse({
     status: 200,
@@ -146,6 +160,7 @@ export class ExpensesController {
    * @param {number} expenseId
    */
   @Get(':id')
+  @RequirePermission(ExpenseAction.View, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Get the expense transaction details.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/common/FinancialSheet.ts

@@ -15,6 +15,7 @@ export class FinancialSheet {
     negativeFormat: 'mines',
   };
   public baseCurrency: string;
+  public dateFormat: string = 'YYYY MMM DD';
 
   /**
    * Transformes the number format query to settings
@@ -140,13 +141,19 @@ export class FinancialSheet {
    * @param {string} format
    * @returns
    */
-  protected getDateMeta(date: moment.MomentInput, format = 'YYYY-MM-DD') {
+  protected getDateMeta(date: moment.MomentInput, format?: string) {
+    const dateFormat = format || this.dateFormat || 'YYYY MMM DD';
     return {
-      formattedDate: moment(date).format(format),
+      formattedDate: moment(date).format(dateFormat),
       date: moment(date).toDate(),
     };
   }
 
+  protected getDateFormatted(date: moment.MomentInput, format?: string) {
+    const dateFormat = format || this.dateFormat || 'YYYY MMM DD';
+    return moment(date).format(dateFormat);
+  }
+
   getPercentageBasis = (base, amount) => {
     return base ? amount / base : 0;
   };

packages/server/src/modules/FinancialStatements/modules/APAgingSummary/APAgingSummary.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { APAgingSummaryApplication } from './APAgingSummaryApplication';
 import { AcceptType } from '@/constants/accept-type';
 import {
@@ -11,14 +11,21 @@ import {
 import { APAgingSummaryQueryDto } from './APAgingSummaryQuery.dto';
 import { APAgingSummaryResponseExample } from './APAgingSummary.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('reports/payable-aging-summary')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class APAgingSummaryController {
   constructor(private readonly APAgingSummaryApp: APAgingSummaryApplication) { }
 
   @Get()
+  @RequirePermission(ReportsAction.READ_AP_AGING_SUMMARY, AbilitySubject.Report)
   @ApiOperation({ summary: 'Get payable aging summary' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/modules/APAgingSummary/APAgingSummaryService.ts

@@ -32,18 +32,19 @@ export class APAgingSummaryService {
     this.APAgingSummaryRepository.setFilter(filter);
     await this.APAgingSummaryRepository.load();
 
+    // Retrieve the aging summary report meta first to get date format.
+    const meta = await this.APAgingSummaryMeta.meta(filter);
+
     // A/P aging summary report instance.
     const APAgingSummaryReport = new APAgingSummarySheet(
       filter,
       this.APAgingSummaryRepository,
+      { baseCurrency: meta.baseCurrency, dateFormat: meta.dateFormat },
     );
     // A/P aging summary report data and columns.
     const data = APAgingSummaryReport.reportData();
     const columns = APAgingSummaryReport.reportColumns();
 
-    // Retrieve the aging summary report meta.
-    const meta = await this.APAgingSummaryMeta.meta(filter);
-
     // Triggers `onPayableAgingViewed` event.
     await this.eventPublisher.emitAsync(events.reports.onPayableAgingViewed, {
       query,

packages/server/src/modules/FinancialStatements/modules/APAgingSummary/APAgingSummarySheet.ts

@@ -14,6 +14,7 @@ import { allPassedConditionsPass } from '@/utils/all-conditions-passed';
 import { APAgingSummaryRepository } from './APAgingSummaryRepository';
 import { Bill } from '@/modules/Bills/models/Bill';
 import { APAgingSummaryQueryDto } from './APAgingSummaryQuery.dto';
+import { IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 
 export class APAgingSummarySheet extends AgingSummaryReport {
   readonly repository: APAgingSummaryRepository;
@@ -31,12 +32,14 @@ export class APAgingSummarySheet extends AgingSummaryReport {
   constructor(
     query: APAgingSummaryQueryDto,
     repository: APAgingSummaryRepository,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.query = query;
     this.repository = repository;
     this.numberFormat = this.query.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
 
     this.overdueInvoicesByContactId = this.repository.overdueBillsByVendorId;
     this.currentInvoicesByContactId = this.repository.dueBillsByVendorId;

packages/server/src/modules/FinancialStatements/modules/ARAgingSummary/ARAgingSummary.controller.ts

@@ -1,5 +1,4 @@
-import { Controller, Get, Headers } from '@nestjs/common';
-import { Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { ARAgingSummaryApplication } from './ARAgingSummaryApplication';
 import { AcceptType } from '@/constants/accept-type';
 import { Response } from 'express';
@@ -12,14 +11,21 @@ import {
 import { ARAgingSummaryQueryDto } from './ARAgingSummaryQuery.dto';
 import { ARAgingSummaryResponseExample } from './ARAgingSummary.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('reports/receivable-aging-summary')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ARAgingSummaryController {
   constructor(private readonly ARAgingSummaryApp: ARAgingSummaryApplication) {}
 
   @Get()
+  @RequirePermission(ReportsAction.READ_AR_AGING_SUMMARY, AbilitySubject.Report)
   @ApiOperation({ summary: 'Get receivable aging summary' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/modules/ARAgingSummary/ARAgingSummaryService.ts

@@ -28,18 +28,19 @@ export class ARAgingSummaryService {
     this.ARAgingSummaryRepository.setFilter(filter);
     await this.ARAgingSummaryRepository.load();
 
+    // Retrieve the aging summary report meta first to get date format.
+    const meta = await this.ARAgingSummaryMeta.meta(filter);
+
     // A/R aging summary report instance.
     const ARAgingSummaryReport = new ARAgingSummarySheet(
       filter,
       this.ARAgingSummaryRepository,
+      { baseCurrency: meta.baseCurrency, dateFormat: meta.dateFormat },
     );
     // A/R aging summary report data and columns.
     const data = ARAgingSummaryReport.reportData();
     const columns = ARAgingSummaryReport.reportColumns();
 
-    // Retrieve the aging summary report meta.
-    const meta = await this.ARAgingSummaryMeta.meta(filter);
-
     // Triggers `onReceivableAgingViewed` event.
     await this.eventPublisher.emitAsync(
       events.reports.onReceivableAgingViewed,

packages/server/src/modules/FinancialStatements/modules/ARAgingSummary/ARAgingSummarySheet.ts

@@ -14,6 +14,7 @@ import { ARAgingSummaryRepository } from './ARAgingSummaryRepository';
 import { Customer } from '@/modules/Customers/models/Customer';
 import { SaleInvoice } from '@/modules/SaleInvoices/models/SaleInvoice';
 import { ARAgingSummaryQueryDto } from './ARAgingSummaryQuery.dto';
+import { IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 
 export class ARAgingSummarySheet extends AgingSummaryReport {
   readonly query: ARAgingSummaryQueryDto;
@@ -32,16 +33,19 @@ export class ARAgingSummarySheet extends AgingSummaryReport {
    * Constructor method.
    * @param {ARAgingSummaryQueryDto} query - Query
    * @param {ARAgingSummaryRepository} repository - Repository.
+   * @param {IFinancialReportMeta} meta - Report meta.
    */
   constructor(
     query: ARAgingSummaryQueryDto,
     repository: ARAgingSummaryRepository,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.query = query;
     this.repository = repository;
     this.numberFormat = this.query.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
 
     this.overdueInvoicesByContactId =
       this.repository.overdueInvoicesByContactId;

packages/server/src/modules/FinancialStatements/modules/AgingSummary/AgingSummaryMeta.ts

@@ -13,7 +13,7 @@ export class AgingSummaryMeta {
    */
   public async meta(query: IAgingSummaryQuery): Promise<IAgingSummaryMeta> {
     const commonMeta = await this.financialSheetMeta.meta();
-    const formattedAsDate = moment(query.asDate).format('YYYY/MM/DD');
+    const formattedAsDate = moment(query.asDate).format(commonMeta.dateFormat);
     const formattedDateRange = `As ${formattedAsDate}`;
 
     return {

packages/server/src/modules/FinancialStatements/modules/BalanceSheet/BalanceSheet.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { AcceptType } from '@/constants/accept-type';
 import { BalanceSheetApplication } from './BalanceSheetApplication';
 import {
@@ -11,10 +11,16 @@ import {
 import { BalanceSheetQueryDto } from './BalanceSheet.dto';
 import { BalanceSheetResponseExample } from './BalanceSheet.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/balance-sheet')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class BalanceSheetStatementController {
   constructor(private readonly balanceSheetApp: BalanceSheetApplication) {}
 
@@ -25,6 +31,7 @@ export class BalanceSheetStatementController {
    * @param {string} acceptHeader - Accept header.
    */
   @Get('')
+  @RequirePermission(ReportsAction.READ_BALANCE_SHEET, AbilitySubject.Report)
   @ApiOperation({ summary: 'Get balance sheet statement' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/modules/BalanceSheet/BalanceSheet.dto.ts

@@ -24,14 +24,14 @@ export class BalanceSheetQueryDto extends FinancialSheetBranchesQueryDto {
   displayColumnsType: 'total' | 'date_periods' = 'total';
 
   @ApiProperty({
-    enum: ['day', 'month', 'year'],
+    enum: ['day', 'month', 'year', 'quarter'],
     default: 'year',
     description: 'Time period for column display',
   })
   @IsString()
   @IsOptional()
-  @IsEnum(['day', 'month', 'year'])
-  displayColumnsBy: 'day' | 'month' | 'year' = 'year';
+  @IsEnum(['day', 'month', 'year', 'quarter'])
+  displayColumnsBy: 'day' | 'month' | 'year' | 'quarter' = 'year';
 
   @ApiProperty({
     description: 'Start date for the balance sheet period',

packages/server/src/modules/FinancialStatements/modules/BalanceSheet/BalanceSheet.ts

@@ -19,7 +19,7 @@ import { BalanceSheetFiltering } from './BalanceSheetFiltering';
 import { BalanceSheetNetIncome } from './BalanceSheetNetIncome';
 import { BalanceSheetAggregators } from './BalanceSheetAggregators';
 import { BalanceSheetAccounts } from './BalanceSheetAccounts';
-import { INumberFormatQuery } from '../../types/Report.types';
+import { INumberFormatQuery, IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 import { FinancialSheet } from '../../common/FinancialSheet';
 
 export class BalanceSheet extends R.pipe(
@@ -66,21 +66,23 @@ export class BalanceSheet extends R.pipe(
   /**
    * Constructor method.
    * @param {IBalanceSheetQuery} query -
-   * @param {IAccount[]} accounts -
-   * @param {string} baseCurrency -
+   * @param {BalanceSheetRepository} repository -
+   * @param {I18nService} i18n -
+   * @param {IFinancialReportMeta} meta -
    */
   constructor(
     query: IBalanceSheetQuery,
     repository: BalanceSheetRepository,
-    baseCurrency: string,
     i18n: I18nService,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.query = new BalanceSheetQuery(query);
     this.repository = repository;
-    this.baseCurrency = baseCurrency;
+    this.baseCurrency = meta.baseCurrency;
     this.numberFormat = this.query.query.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
     this.i18n = i18n;
   }
 

packages/server/src/modules/FinancialStatements/modules/BalanceSheet/BalanceSheetInjectable.ts

@@ -40,19 +40,19 @@ export class BalanceSheetInjectable {
     // Loads all resources.
     await this.balanceSheetRepository.asyncInitialize(filter);
 
+    // Balance sheet meta first to get date format.
+    const meta = await this.balanceSheetMeta.meta(filter);
+
     // Balance sheet report instance.
     const balanceSheetInstanace = new BalanceSheet(
       filter,
       this.balanceSheetRepository,
-      tenantMetadata.baseCurrency,
       this.i18n,
+      { baseCurrency: tenantMetadata.baseCurrency, dateFormat: meta.dateFormat },
     );
     // Balance sheet data.
     const data = balanceSheetInstanace.reportData();
 
-    // Balance sheet meta.
-    const meta = await this.balanceSheetMeta.meta(filter);
-
     // Triggers `onBalanceSheetViewed` event.
     await this.eventPublisher.emitAsync(events.reports.onBalanceSheetViewed, {
       query,

packages/server/src/modules/FinancialStatements/modules/BalanceSheet/BalanceSheetMeta.ts

@@ -13,7 +13,7 @@ export class BalanceSheetMetaInjectable {
    */
   public async meta(query: IBalanceSheetQuery): Promise<IBalanceSheetMeta> {
     const commonMeta = await this.financialSheetMeta.meta();
-    const formattedAsDate = moment(query.toDate).format('YYYY/MM/DD');
+    const formattedAsDate = moment(query.toDate).format(commonMeta.dateFormat);
     const formattedDateRange = `As ${formattedAsDate}`;
     const sheetName = 'Balance Sheet Statement';
 

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/CashFlow.ts

@@ -27,7 +27,7 @@ import { DISPLAY_COLUMNS_BY } from './constants';
 import { FinancialSheetStructure } from '../../common/FinancialSheetStructure';
 import { Account } from '@/modules/Accounts/models/Account.model';
 import { ILedger } from '@/modules/Ledger/types/Ledger.types';
-import { INumberFormatQuery } from '../../types/Report.types';
+import { INumberFormatQuery, IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 import { transformToMapBy } from '@/utils/transform-to-map-by';
 import { accumSum } from '@/utils/accum-sum';
 import { ModelObject } from 'objection';
@@ -62,12 +62,12 @@ export class CashFlowStatement extends R.pipe(
     cashLedger: ILedger,
     netIncomeLedger: ILedger,
     query: ICashFlowStatementQuery,
-    baseCurrency: string,
     i18n: I18nService,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
-    this.baseCurrency = baseCurrency;
+    this.baseCurrency = meta.baseCurrency;
     this.i18n = i18n;
     this.ledger = ledger;
     this.cashLedger = cashLedger;
@@ -76,6 +76,7 @@ export class CashFlowStatement extends R.pipe(
     this.accountsByRootType = transformToMapBy(accounts, 'accountRootType');
     this.query = query;
     this.numberFormat = this.query.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
     this.dateRangeSet = [];
     this.comparatorDateType =
       query.displayColumnsType === 'total' ? 'day' : query.displayColumnsBy;

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/CashFlowService.ts

@@ -85,6 +85,9 @@ export class CashFlowStatementService {
     const cashLedger = Ledger.fromTransactions(cashAtBeginningTransactions);
     const netIncomeLedger = Ledger.fromTransactions(netIncome);
 
+    // Retrieve the cashflow sheet meta first to get date format.
+    const meta = await this.cashflowSheetMeta.meta(filter);
+
     // Cash flow statement.
     const cashFlowInstance = new CashFlowStatement(
       accounts,
@@ -92,11 +95,9 @@ export class CashFlowStatementService {
       cashLedger,
       netIncomeLedger,
       filter,
-      tenant.metadata.baseCurrency,
       this.i18n,
+      { baseCurrency: tenant.metadata.baseCurrency, dateFormat: meta.dateFormat },
     );
-    // Retrieve the cashflow sheet meta.
-    const meta = await this.cashflowSheetMeta.meta(filter);
 
     return {
       data: cashFlowInstance.reportData(),

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/CashFlowStatementQuery.dto.ts

@@ -34,13 +34,13 @@ export class CashFlowStatementQueryDto extends FinancialSheetBranchesQueryDto {
   @ApiProperty({
     description: 'Display columns by time period',
     required: false,
-    enum: ['day', 'month', 'year'],
+    enum: ['day', 'month', 'year', 'quarter'],
     default: 'year',
   })
   @IsString()
   @IsOptional()
-  @IsEnum(['day', 'month', 'year'])
-  displayColumnsBy: 'day' | 'month' | 'year' = 'year';
+  @IsEnum(['day', 'month', 'year', 'quarter'])
+  displayColumnsBy: 'day' | 'month' | 'year' | 'quarter' = 'year';
 
   @ApiProperty({
     description: 'Type of column display',

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/CashFlowTable.ts

@@ -239,7 +239,7 @@ export class CashFlowTable {
     section: ICashFlowStatementSection,
   ): ICashFlowStatementSection => {
     const label = section.footerLabel
-      ? section.footerLabel
+      ? this.i18n.t(section.footerLabel)
       : this.i18n.t('financial_sheet.total_row', {
           args: { value: section.label },
         });
@@ -302,7 +302,7 @@ export class CashFlowTable {
    * @returns {ITableColumn}
    */
   private totalColumns = (): ITableColumn[] => {
-    return [{ key: 'total', label: this.i18n.t('Total') }];
+    return [{ key: 'total', label: this.i18n.t('cash_flow_statement.total') }];
   };
 
   /**
@@ -366,7 +366,7 @@ export class CashFlowTable {
    */
   public tableColumns = (): ITableColumn[] => {
     return R.compose(
-      R.concat([{ key: 'name', label: this.i18n.t('Account name') }]),
+      R.concat([{ key: 'name', label: this.i18n.t('cash_flow_statement.account_name') }]),
       R.when(
         R.always(this.isDisplayColumnsBy(DISPLAY_COLUMNS_BY.DATE_PERIODS)),
         R.concat(this.datePeriodsColumns()),

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/Cashflow.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { AcceptType } from '@/constants/accept-type';
 import { CashflowSheetApplication } from './CashflowSheetApplication';
 import {
@@ -11,14 +11,21 @@ import {
 import { CashFlowStatementQueryDto } from './CashFlowStatementQuery.dto';
 import { CashflowStatementResponseExample } from './CashflowStatement.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('reports/cashflow-statement')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CashflowController {
   constructor(private readonly cashflowSheetApp: CashflowSheetApplication) { }
 
   @Get()
+  @RequirePermission(ReportsAction.READ_CASHFLOW, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'Cashflow statement report',

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/CashflowSheetMeta.ts

@@ -1,5 +1,6 @@
 import * as moment from 'moment';
 import { Injectable } from '@nestjs/common';
+import { I18nService } from 'nestjs-i18n';
 import { FinancialSheetMeta } from '../../common/FinancialSheetMeta';
 import {
   ICashFlowStatementMeta,
@@ -8,7 +9,10 @@ import {
 
 @Injectable()
 export class CashflowSheetMeta {
-  constructor(private readonly financialSheetMeta: FinancialSheetMeta) {}
+  constructor(
+    private readonly financialSheetMeta: FinancialSheetMeta,
+    private readonly i18n: I18nService,
+  ) {}
 
   /**
    * Cashflow sheet meta.
@@ -19,11 +23,13 @@ export class CashflowSheetMeta {
     query: ICashFlowStatementQuery,
   ): Promise<ICashFlowStatementMeta> {
     const meta = await this.financialSheetMeta.meta();
-    const formattedToDate = moment(query.toDate).format('YYYY/MM/DD');
-    const formattedFromDate = moment(query.fromDate).format('YYYY/MM/DD');
-    const formattedDateRange = `From ${formattedFromDate} | To ${formattedToDate}`;
+    const formattedToDate = moment(query.toDate).format(meta.dateFormat);
+    const formattedFromDate = moment(query.fromDate).format(meta.dateFormat);
+    const fromLabel = this.i18n.t('cash_flow_statement.from_date');
+    const toLabel = this.i18n.t('cash_flow_statement.to_date');
+    const formattedDateRange = `${fromLabel} ${formattedFromDate} | ${toLabel} ${formattedToDate}`;
 
-    const sheetName = 'Statement of Cash Flow';
+    const sheetName = this.i18n.t('cash_flow_statement.sheet_name');
 
     return {
       ...meta,

packages/server/src/modules/FinancialStatements/modules/CustomerBalanceSummary/CustomerBalanceSummary.ts

@@ -8,7 +8,7 @@ import {
 import { ContactBalanceSummaryReport } from '../ContactBalanceSummary/ContactBalanceSummary';
 import { ILedger } from '@/modules/Ledger/types/Ledger.types';
 import { ModelObject } from 'objection';
-import { INumberFormatQuery } from '../../types/Report.types';
+import { INumberFormatQuery, IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 import { Customer } from '@/modules/Customers/models/Customer';
 
 export class CustomerBalanceSummaryReport extends ContactBalanceSummaryReport {
@@ -23,21 +23,22 @@ export class CustomerBalanceSummaryReport extends ContactBalanceSummaryReport {
    * @param {IJournalPoster} receivableLedger
    * @param {ICustomer[]} customers
    * @param {ICustomerBalanceSummaryQuery} filter
-   * @param {string} baseCurrency
+   * @param {IFinancialReportMeta} meta
    */
   constructor(
     ledger: ILedger,
     customers: ModelObject<Customer>[],
     filter: ICustomerBalanceSummaryQuery,
-    baseCurrency: string
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.ledger = ledger;
-    this.baseCurrency = baseCurrency;
+    this.baseCurrency = meta.baseCurrency;
     this.customers = customers;
     this.filter = filter;
     this.numberFormat = this.filter.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
   }
 
   /**

packages/server/src/modules/FinancialStatements/modules/CustomerBalanceSummary/CustomerBalanceSummaryMeta.ts

@@ -19,7 +19,7 @@ export class CustomerBalanceSummaryMeta {
     query: ICustomerBalanceSummaryQuery,
   ): Promise<ICustomerBalanceSummaryMeta> {
     const commonMeta = await this.financialSheetMeta.meta();
-    const formattedAsDate = moment(query.asDate).format('YYYY/MM/DD');
+    const formattedAsDate = moment(query.asDate).format(commonMeta.dateFormat);
     const formattedDateRange = `As ${formattedAsDate}`;
 
     return {

packages/server/src/modules/FinancialStatements/modules/CustomerBalanceSummary/CustomerBalanceSummaryService.ts

@@ -63,15 +63,16 @@ export class CustomerBalanceSummaryService {
     // Ledger query.
     const ledger = new Ledger(customersEntries);
 
+    // Retrieve the customer balance summary meta first to get date format.
+    const meta = await this.customerBalanceSummaryMeta.meta(filter);
+
     // Report instance.
     const report = new CustomerBalanceSummaryReport(
       ledger,
       customers,
       filter,
-      tenantMetadata.baseCurrency,
+      { baseCurrency: tenantMetadata.baseCurrency, dateFormat: meta.dateFormat },
     );
-    // Retrieve the customer balance summary meta.
-    const meta = await this.customerBalanceSummaryMeta.meta(filter);
 
     // Triggers `onCustomerBalanceSummaryViewed` event.
     await this.eventPublisher.emitAsync(

packages/server/src/modules/FinancialStatements/modules/CustomerBalanceSummary/CustomerBalanceSummaryTableRows.ts

@@ -91,7 +91,7 @@ export class CustomerBalanceSummaryTable {
    */
   private getTotalColumnsAccessor = (): IColumnMapperMeta[] => {
     const columns = [
-      { key: 'name', value: this.i18n.t('Total') },
+      { key: 'name', value: this.i18n.t('contact_summary_balance.total') },
       { key: 'total', accessor: 'total.formattedAmount' },
     ];
     // @ts-ignore

packages/server/src/modules/FinancialStatements/modules/GeneralLedger/GeneralLedger.controller.ts

@@ -5,22 +5,29 @@ import {
   ApiTags,
 } from '@nestjs/swagger';
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { GeneralLedgerApplication } from './GeneralLedgerApplication';
 import { AcceptType } from '@/constants/accept-type';
 import { GeneralLedgerQueryDto } from './GeneralLedgerQuery.dto';
 import { GeneralLedgerResponseExample } from './GeneralLedger.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/general-ledger')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class GeneralLedgerController {
   constructor(
     private readonly generalLedgerApplication: GeneralLedgerApplication,
   ) {}
 
   @Get()
+  @RequirePermission(ReportsAction.READ_GENERAL_LEDGET, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'General ledger report',

packages/server/src/modules/FinancialStatements/modules/GeneralLedger/GeneralLedger.ts

@@ -19,6 +19,7 @@ import { Account } from '@/modules/Accounts/models/Account.model';
 import { ModelObject } from 'objection';
 import { flatToNestedArray } from '@/utils/flat-to-nested-array';
 import { getTransactionTypeLabel } from '@/modules/BankingTransactions/utils';
+import { IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 
 export class GeneralLedgerSheet extends R.compose(FinancialSheetStructure)(
   FinancialSheet,
@@ -33,18 +34,21 @@ export class GeneralLedgerSheet extends R.compose(FinancialSheetStructure)(
    * @param {IGeneralLedgerSheetQuery} query -
    * @param {GeneralLedgerRepository} repository -
    * @param {I18nService} i18n -
+   * @param {IFinancialReportMeta} meta -
    */
   constructor(
     query: IGeneralLedgerSheetQuery,
     repository: GeneralLedgerRepository,
     i18n: I18nService,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.query = query;
     this.numberFormat = this.query.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
     this.repository = repository;
-    this.baseCurrency = this.repository.tenant.metadata.baseCurrency;
+    this.baseCurrency = meta.baseCurrency;
     this.i18n = i18n;
   }
 
@@ -87,7 +91,7 @@ export class GeneralLedgerSheet extends R.compose(FinancialSheetStructure)(
     return {
       id: entry.id,
       date: entry.date,
-      dateFormatted: moment(entry.date).format('YYYY MMM DD'),
+      dateFormatted: moment(entry.date).format(this.dateFormat),
 
       referenceType: entry.transactionType,
       referenceId: entry.transactionId,

packages/server/src/modules/FinancialStatements/modules/GeneralLedger/GeneralLedger.types.ts

@@ -6,6 +6,7 @@ export interface IGeneralLedgerSheetQuery {
   toDate: Date | string;
   basis: string;
   numberFormat: IGeneralLedgerNumberFormat;
+  dateFormat?: string;
   noneTransactions: boolean;
   accountsIds: number[];
   branchesIds?: number[];

packages/server/src/modules/FinancialStatements/modules/GeneralLedger/GeneralLedgerMeta.ts

@@ -19,8 +19,8 @@ export class GeneralLedgerMeta {
   ): Promise<IGeneralLedgerMeta> {
     const commonMeta = await this.financialSheetMeta.meta();
 
-    const formattedToDate = moment(query.toDate).format('YYYY/MM/DD');
-    const formattedFromDate = moment(query.fromDate).format('YYYY/MM/DD');
+    const formattedToDate = moment(query.toDate).format(commonMeta.dateFormat);
+    const formattedFromDate = moment(query.fromDate).format(commonMeta.dateFormat);
     const formattedDateRange = `From ${formattedFromDate} | To ${formattedToDate}`;
 
     return {

packages/server/src/modules/FinancialStatements/modules/GeneralLedger/GeneralLedgerService.ts

@@ -37,18 +37,19 @@ export class GeneralLedgerService {
     this.generalLedgerRepository.setFilter(filter);
     await this.generalLedgerRepository.asyncInitialize();
 
+    // Retrieve general ledger report metadata first to get the date format.
+    const meta = await this.generalLedgerMeta.meta(filter);
+
     // General ledger report instance.
     const generalLedgerInstance = new GeneralLedgerSheet(
       filter,
       this.generalLedgerRepository,
       this.i18n,
+      { baseCurrency: meta.baseCurrency, dateFormat: meta.dateFormat },
     );
     // Retrieve general ledger report data.
     const reportData = generalLedgerInstance.reportData();
 
-    // Retrieve general ledger report metadata.
-    const meta = await this.generalLedgerMeta.meta(filter);
-
     // Triggers `onGeneralLedgerViewed` event.
     await this.eventEmitter.emitAsync(events.reports.onGeneralLedgerViewed, {});
 

packages/server/src/modules/FinancialStatements/modules/InventoryItemDetails/InventoryItemDetails.service.ts

@@ -8,6 +8,7 @@ import { InventoryDetails } from './InventoryItemDetails';
 import { InventoryItemDetailsRepository } from './InventoryItemDetailsRepository';
 import { InventoryDetailsMetaInjectable } from './InventoryItemDetailsMeta';
 import { getInventoryItemDetailsDefaultQuery } from './constant';
+import { TenancyContext } from '@/modules/Tenancy/TenancyContext.service';
 
 @Injectable()
 export class InventoryDetailsService {
@@ -15,6 +16,7 @@ export class InventoryDetailsService {
     private readonly inventoryItemDetailsRepository: InventoryItemDetailsRepository,
     private readonly inventoryDetailsMeta: InventoryDetailsMetaInjectable,
     private readonly i18n: I18nService,
+    private readonly tenancyContext: TenancyContext,
   ) {}
 
   /**
@@ -34,13 +36,16 @@ export class InventoryDetailsService {
     this.inventoryItemDetailsRepository.setFilter(filter);
     await this.inventoryItemDetailsRepository.asyncInit();
 
+    // Retrieve the meta first to get date format.
+    const meta = await this.inventoryDetailsMeta.meta(query);
+
     // Inventory details report mapper.
     const inventoryDetailsInstance = new InventoryDetails(
       filter,
       this.inventoryItemDetailsRepository,
       this.i18n,
+      { baseCurrency: meta.baseCurrency, dateFormat: meta.dateFormat },
     );
-    const meta = await this.inventoryDetailsMeta.meta(query);
 
     return {
       data: inventoryDetailsInstance.reportData(),

packages/server/src/modules/FinancialStatements/modules/InventoryItemDetails/InventoryItemDetails.ts

@@ -17,6 +17,8 @@ import { Item } from '@/modules/Items/models/Item';
 import {
   IFormatNumberSettings,
   INumberFormatQuery,
+  IFinancialReportMeta,
+  DEFAULT_REPORT_META,
 } from '../../types/Report.types';
 import { InventoryTransaction } from '@/modules/InventoryCost/models/InventoryTransaction';
 import { InventoryItemDetailsRepository } from './InventoryItemDetailsRepository';
@@ -35,11 +37,13 @@ export class InventoryDetails extends FinancialSheet {
    * Constructor method.
    * @param {InventoryItemDetailsRepository} repository - The repository.
    * @param {I18nService} i18n - The i18n service.
+   * @param {IFinancialReportMeta} meta - Report meta.
    */
   constructor(
     filter: IInventoryDetailsQuery,
     repository: InventoryItemDetailsRepository,
     i18n: I18nService,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
@@ -48,6 +52,7 @@ export class InventoryDetails extends FinancialSheet {
     this.query = filter;
     this.numberFormat = this.query.numberFormat;
     this.i18n = i18n;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
   }
 
   /**
@@ -89,7 +94,7 @@ export class InventoryDetails extends FinancialSheet {
    */
   public getDateMeta(date: Date | string): IInventoryDetailsDate {
     return {
-      formattedDate: moment(date).format('YYYY-MM-DD'),
+      formattedDate: moment(date).format(this.dateFormat),
       date: moment(date).toDate(),
     };
   }

packages/server/src/modules/FinancialStatements/modules/InventoryItemDetails/InventoryItemDetailsMeta.ts

@@ -19,8 +19,8 @@ export class InventoryDetailsMetaInjectable {
   ): Promise<IInventoryItemDetailMeta> {
     const commonMeta = await this.financialSheetMeta.meta();
 
-    const formattedFromDate = moment(query.fromDate).format('YYYY/MM/DD');
-    const formattedToDay = moment(query.toDate).format('YYYY/MM/DD');
+    const formattedFromDate = moment(query.fromDate).format(commonMeta.dateFormat);
+    const formattedToDay = moment(query.toDate).format(commonMeta.dateFormat);
     const formattedDateRange = `From ${formattedFromDate} | To ${formattedToDay}`;
 
     const sheetName = 'Inventory Item Details';

packages/server/src/modules/FinancialStatements/modules/InventoryItemDetails/InventoryItemDetailsTable.ts

@@ -93,7 +93,7 @@ export class InventoryItemDetailsTable {
   ): ITableRow => {
     const columns: Array<IColumnMapperMeta> = [
       { key: 'date', accessor: 'date.formattedDate' },
-      { key: 'closing', value: this.i18n.t('Opening balance') },
+      { key: 'closing', value: this.i18n.t('inventory_item_details.opening_balance') },
       { key: 'empty', value: '' },
       { key: 'quantity', accessor: 'quantity.formattedNumber' },
       { key: 'empty', value: '' },
@@ -115,7 +115,7 @@ export class InventoryItemDetailsTable {
   ): ITableRow => {
     const columns: Array<IColumnMapperMeta> = [
       { key: 'date', accessor: 'date.formattedDate' },
-      { key: 'closing', value: this.i18n.t('Closing balance') },
+      { key: 'closing', value: this.i18n.t('inventory_item_details.closing_balance') },
       { key: 'empty', value: '' },
       { key: 'quantity', accessor: 'quantity.formattedNumber' },
       { key: 'empty', value: '' },
@@ -193,16 +193,16 @@ export class InventoryItemDetailsTable {
    */
   public tableColumns = (): ITableColumn[] => {
     return [
-      { key: 'date', label: this.i18n.t('Date') },
-      { key: 'transaction_type', label: this.i18n.t('Transaction type') },
-      { key: 'transaction_id', label: this.i18n.t('Transaction #') },
-      { key: 'quantity', label: this.i18n.t('Quantity') },
-      { key: 'rate', label: this.i18n.t('Rate') },
-      { key: 'total', label: this.i18n.t('Total') },
-      { key: 'value', label: this.i18n.t('Value') },
-      { key: 'profit_margin', label: this.i18n.t('Profit Margin') },
-      { key: 'running_quantity', label: this.i18n.t('Running quantity') },
-      { key: 'running_value', label: this.i18n.t('Running Value') },
+      { key: 'date', label: this.i18n.t('inventory_item_details.date') },
+      { key: 'transaction_type', label: this.i18n.t('inventory_item_details.transaction_type') },
+      { key: 'transaction_id', label: this.i18n.t('inventory_item_details.transaction_number') },
+      { key: 'quantity', label: this.i18n.t('inventory_item_details.quantity') },
+      { key: 'rate', label: this.i18n.t('inventory_item_details.rate') },
+      { key: 'total', label: this.i18n.t('inventory_item_details.total') },
+      { key: 'value', label: this.i18n.t('inventory_item_details.value') },
+      { key: 'profit_margin', label: this.i18n.t('inventory_item_details.profit_margin') },
+      { key: 'running_quantity', label: this.i18n.t('inventory_item_details.running_quantity') },
+      { key: 'running_value', label: this.i18n.t('inventory_item_details.running_value') },
     ];
   };
 }

packages/server/src/modules/FinancialStatements/modules/InventoryValuationSheet/InventoryValuationSheet.ts

@@ -12,6 +12,7 @@ import { InventoryCostLotTracker } from '@/modules/InventoryCost/models/Inventor
 import { FinancialSheet } from '../../common/FinancialSheet';
 import { InventoryValuationSheetRepository } from './InventoryValuationSheetRepository';
 import { allPassedConditionsPass } from '@/utils/all-conditions-passed';
+import { IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 
 export class InventoryValuationSheet extends FinancialSheet {
   readonly query: IInventoryValuationReportQuery;
@@ -21,16 +22,19 @@ export class InventoryValuationSheet extends FinancialSheet {
    * Constructor method.
    * @param {IInventoryValuationReportQuery} query - Inventory valuation query.
    * @param {InventoryValuationSheetRepository} repository - Inventory valuation sheet repository.
+   * @param {IFinancialReportMeta} meta - Report meta.
    */
   constructor(
     query: IInventoryValuationReportQuery,
     repository: InventoryValuationSheetRepository,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.query = query;
     this.repository = repository;
     this.numberFormat = this.query.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
   }
 
   /**

packages/server/src/modules/FinancialStatements/modules/InventoryValuationSheet/InventoryValuationSheetMeta.ts

@@ -18,7 +18,7 @@ export class InventoryValuationMetaInjectable {
     query: IInventoryValuationReportQuery,
   ): Promise<IInventoryValuationSheetMeta> {
     const commonMeta = await this.financialSheetMeta.meta();
-    const formattedAsDate = moment(query.asDate).format('YYYY/MM/DD');
+    const formattedAsDate = moment(query.asDate).format(commonMeta.dateFormat);
     const formattedDateRange = `As ${formattedAsDate}`;
 
     return {

packages/server/src/modules/FinancialStatements/modules/InventoryValuationSheet/InventoryValuationSheetService.ts

@@ -34,16 +34,17 @@ export class InventoryValuationSheetService {
     this.inventoryValuationSheetRepository.setFilter(filter);
     await this.inventoryValuationSheetRepository.asyncInit();
 
+    // Retrieves the inventorty valuation meta first to get date format.
+    const meta = await this.inventoryValuationMeta.meta(filter);
+
     const inventoryValuationInstance = new InventoryValuationSheet(
       filter,
       this.inventoryValuationSheetRepository,
+      { baseCurrency: meta.baseCurrency, dateFormat: meta.dateFormat },
     );
     // Retrieve the inventory valuation report data.
     const inventoryValuationData = inventoryValuationInstance.reportData();
 
-    // Retrieves the inventorty valuation meta.
-    const meta = await this.inventoryValuationMeta.meta(filter);
-
     // Triggers `onInventoryValuationViewed` event.
     await this.eventPublisher.emitAsync(
       events.reports.onInventoryValuationViewed,

packages/server/src/modules/FinancialStatements/modules/JournalSheet/JournalSheet.controller.ts

@@ -1,4 +1,4 @@
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { Response } from 'express';
 import { AcceptType } from '@/constants/accept-type';
 import { JournalSheetApplication } from './JournalSheetApplication';
@@ -11,14 +11,21 @@ import {
 import { JournalSheetQueryDto } from './JournalSheetQuery.dto';
 import { JournalSheetResponseExample } from './JournalSheet.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/journal')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class JournalSheetController {
   constructor(private readonly journalSheetApp: JournalSheetApplication) {}
 
   @Get()
+  @RequirePermission(ReportsAction.READ_JOURNAL, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'Journal report',

packages/server/src/modules/FinancialStatements/modules/JournalSheet/JournalSheet.ts

@@ -11,6 +11,7 @@ import { FinancialSheet } from '../../common/FinancialSheet';
 import { JournalSheetRepository } from './JournalSheetRepository';
 import { ILedgerEntry } from '@/modules/Ledger/types/Ledger.types';
 import { getTransactionTypeLabel } from '@/modules/BankingTransactions/utils';
+import { IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 
 export class JournalSheet extends FinancialSheet {
   readonly query: IJournalReportQuery;
@@ -22,20 +23,24 @@ export class JournalSheet extends FinancialSheet {
    * @param {IJournalReportQuery} query -
    * @param {JournalSheetRepository} repository -
    * @param {I18nService} i18n -
+   * @param {IFinancialReportMeta} meta -
    */
   constructor(
     query: IJournalReportQuery,
     repository: JournalSheetRepository,
     i18n: I18nService,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.query = query;
     this.repository = repository;
+    this.baseCurrency = meta.baseCurrency;
     this.numberFormat = {
       ...this.numberFormat,
       ...this.query.numberFormat,
     };
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
     this.i18n = i18n;
   }
 
@@ -94,7 +99,7 @@ export class JournalSheet extends FinancialSheet {
 
     return {
       date: moment(groupEntry.date).toDate(),
-      dateFormatted: moment(groupEntry.date).format('YYYY MMM DD'),
+      dateFormatted: moment(groupEntry.date).format(this.dateFormat),
 
       transactionType: groupEntry.transactionType,
       referenceId: groupEntry.transactionId,

packages/server/src/modules/FinancialStatements/modules/JournalSheet/JournalSheet.types.ts

@@ -8,6 +8,7 @@ export interface IJournalReportQuery {
     noCents: boolean;
     divideOn1000: boolean;
   };
+  dateFormat?: string;
   transactionType: string;
   transactionId: string;
 

packages/server/src/modules/FinancialStatements/modules/JournalSheet/JournalSheetMeta.ts

@@ -17,8 +17,8 @@ export class JournalSheetMeta {
   ): Promise<IJournalSheetMeta> {
     const common = await this.financialSheetMeta.meta();
 
-    const formattedToDate = moment(query.toDate).format('YYYY/MM/DD');
-    const formattedFromDate = moment(query.fromDate).format('YYYY/MM/DD');
+    const formattedToDate = moment(query.toDate).format(common.dateFormat);
+    const formattedFromDate = moment(query.fromDate).format(common.dateFormat);
     const formattedDateRange = `From ${formattedFromDate} | To ${formattedToDate}`;
 
     return {

packages/server/src/modules/FinancialStatements/modules/JournalSheet/JournalSheetService.ts

@@ -30,18 +30,19 @@ export class JournalSheetService {
     this.journalRepository.setFilter(query);
     await this.journalRepository.load();
 
+    // Retrieve the journal sheet meta first to get the date format.
+    const meta = await this.journalSheetMeta.meta(filter);
+
     // Journal report instance.
     const journalSheetInstance = new JournalSheet(
       filter,
       this.journalRepository,
       this.i18n,
+      { baseCurrency: meta.baseCurrency, dateFormat: meta.dateFormat },
     );
     // Retrieve journal report columns.
     const journalSheetData = journalSheetInstance.reportData();
 
-    // Retrieve the journal sheet meta.
-    const meta = await this.journalSheetMeta.meta(filter);
-
     // Triggers `onJournalViewed` event.
     await this.eventPublisher.emitAsync(events.reports.onJournalViewed, {
       query,

packages/server/src/modules/FinancialStatements/modules/ProfitLossSheet/ProfitLossSheet.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { ProfitLossSheetApplication } from './ProfitLossSheetApplication';
 import { AcceptType } from '@/constants/accept-type';
 import {
@@ -11,10 +11,16 @@ import {
 import { ProfitLossSheetQueryDto } from './ProfitLossSheetQuery.dto';
 import { ProfitLossSheetResponseExample } from './ProfitLossSheet.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/profit-loss-sheet')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ProfitLossSheetController {
   constructor(
     private readonly profitLossSheetApp: ProfitLossSheetApplication,
@@ -27,6 +33,7 @@ export class ProfitLossSheetController {
    * @param {string} acceptHeader
    */
   @Get('/')
+  @RequirePermission(ReportsAction.READ_PROFIT_LOSS, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'Profit & loss statement',

packages/server/src/modules/FinancialStatements/modules/ProfitLossSheet/ProfitLossSheet.ts

@@ -28,6 +28,7 @@ import { FinancialSheetStructure } from '../../common/FinancialSheetStructure';
 import { FinancialSheet } from '../../common/FinancialSheet';
 import { Account } from '@/modules/Accounts/models/Account.model';
 import { flatToNestedArray } from '@/utils/flat-to-nested-array';
+import { IFinancialReportMeta, DEFAULT_REPORT_META } from '../../types/Report.types';
 
 export default class ProfitLossSheet extends R.pipe(
   ProfitLossSheetPreviousYear,
@@ -71,20 +72,24 @@ export default class ProfitLossSheet extends R.pipe(
 
   /**
    * Constructor method.
+   * @param {ProfitLossSheetRepository} repository -
    * @param {IProfitLossSheetQuery} query -
-   * @param {IAccount[]} accounts -
-   * @param {IJournalPoster} transactionsJournal -
+   * @param {I18nService} i18n -
+   * @param {IFinancialReportMeta} meta -
    */
   constructor(
     repository: ProfitLossSheetRepository,
     query: IProfitLossSheetQuery,
     i18n: I18nService,
+    meta: IFinancialReportMeta,
   ) {
     super();
 
     this.query = new ProfitLossSheetQuery(query);
     this.repository = repository;
+    this.baseCurrency = meta.baseCurrency;
     this.numberFormat = this.query.query.numberFormat;
+    this.dateFormat = meta.dateFormat || DEFAULT_REPORT_META.dateFormat;
     this.i18n = i18n;
   }