Adds expense approval workflow

Implements expense approval functionality, allowing superusers to review and approve or reject expense entries. This includes: - Filtering account balance calculations and user balance calculations to only include cleared journal entries. - Adding API endpoints to retrieve pending expense entries and approve/reject them. - Updating the UI to display pending expenses to superusers and provide actions to approve or reject them. This ensures better control over expenses within the system.
2025-10-23 00:26:52 +02:00 · 2025-10-23 00:26:52 +02:00 · 018a074915
commit 018a074915
parent 8221feec20
4 changed files with 232 additions and 8 deletions
--- a/views_api.py
+++ b/views_api.py
@ -16,6 +16,7 @@ from .crud import (
    create_account,
    create_journal_entry,
    create_manual_payment_request,
+    db,
    get_account,
    get_account_balance,
    get_account_by_name,
@ -281,6 +282,7 @@ async def api_create_expense_entry(
    entry_data = CreateJournalEntry(
        description=data.description + description_suffix,
        reference=data.reference,
+        flag=JournalEntryFlag.PENDING,  # Expenses require admin approval
        meta=entry_meta,
        lines=[
            CreateEntryLine(
@ -943,3 +945,109 @@ async def api_reject_manual_payment_request(
        )

    return await reject_manual_payment_request(request_id, wallet.wallet.user)
+
+
+# ===== EXPENSE APPROVAL ENDPOINTS =====
+
+
+@castle_api_router.get("/api/v1/entries/pending")
+async def api_get_pending_entries(
+    wallet: WalletTypeInfo = Depends(require_admin_key),
+) -> list[JournalEntry]:
+    """Get all pending expense entries that need approval (admin only)"""
+    from lnbits.settings import settings as lnbits_settings
+
+    if wallet.wallet.user != lnbits_settings.super_user:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Only super user can access this endpoint",
+        )
+
+    # Get all journal entries and filter for pending flag
+    all_entries = await get_all_journal_entries(limit=1000)
+    pending_entries = [e for e in all_entries if e.flag == JournalEntryFlag.PENDING]
+    return pending_entries
+
+
+@castle_api_router.post("/api/v1/entries/{entry_id}/approve")
+async def api_approve_expense_entry(
+    entry_id: str,
+    wallet: WalletTypeInfo = Depends(require_admin_key),
+) -> JournalEntry:
+    """Approve a pending expense entry (admin only)"""
+    from lnbits.settings import settings as lnbits_settings
+
+    if wallet.wallet.user != lnbits_settings.super_user:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Only super user can approve expenses",
+        )
+
+    # Get the entry
+    entry = await get_journal_entry(entry_id)
+    if not entry:
+        raise HTTPException(
+            status_code=HTTPStatus.NOT_FOUND,
+            detail="Journal entry not found",
+        )
+
+    if entry.flag != JournalEntryFlag.PENDING:
+        raise HTTPException(
+            status_code=HTTPStatus.BAD_REQUEST,
+            detail=f"Entry is not pending (current status: {entry.flag.value})",
+        )
+
+    # Update flag to cleared
+    await db.execute(
+        """
+        UPDATE journal_entries
+        SET flag = :flag
+        WHERE id = :id
+        """,
+        {"flag": JournalEntryFlag.CLEARED.value, "id": entry_id}
+    )
+
+    # Return updated entry
+    return await get_journal_entry(entry_id)
+
+
+@castle_api_router.post("/api/v1/entries/{entry_id}/reject")
+async def api_reject_expense_entry(
+    entry_id: str,
+    wallet: WalletTypeInfo = Depends(require_admin_key),
+) -> JournalEntry:
+    """Reject a pending expense entry (admin only)"""
+    from lnbits.settings import settings as lnbits_settings
+
+    if wallet.wallet.user != lnbits_settings.super_user:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Only super user can reject expenses",
+        )
+
+    # Get the entry
+    entry = await get_journal_entry(entry_id)
+    if not entry:
+        raise HTTPException(
+            status_code=HTTPStatus.NOT_FOUND,
+            detail="Journal entry not found",
+        )
+
+    if entry.flag != JournalEntryFlag.PENDING:
+        raise HTTPException(
+            status_code=HTTPStatus.BAD_REQUEST,
+            detail=f"Entry is not pending (current status: {entry.flag.value})",
+        )
+
+    # Update flag to voided
+    await db.execute(
+        """
+        UPDATE journal_entries
+        SET flag = :flag
+        WHERE id = :id
+        """,
+        {"flag": JournalEntryFlag.VOID.value, "id": entry_id}
+    )
+
+    # Return updated entry
+    return await get_journal_entry(entry_id)