This serves as a clean-up for any and all data validation we need for admin, supervisor, and associate updateTimesheet endpoint(s)
[ ] Add in an editing lock system that will write in a userId when a timesheet is being edited by a certain role/user, and will prevent others from editing while it's locked
[ ] Only allow whitelisted attributes to be modified from the timesheet - they should not be able to overwrite certain fields such as the timesheetID, the startDate, etc.
[ ] For AssociateSupervisor and Admin fields, they should only be able to update these attributes if they are the relevant person for each. I.e. Associate should only be modified if they are the employee
This serves as a clean-up for any and all data validation we need for admin, supervisor, and associate updateTimesheet endpoint(s)
AssociateSupervisorandAdminfields, they should only be able to update these attributes if they are the relevant person for each. I.e. Associate should only be modified if they are the employee