Implements expense approval workflow

Adds an admin approval workflow for user-submitted expenses. This ensures that only valid expenses affect user balances. The workflow includes pending expense states, admin approval/rejection actions, balance filtering, and UI updates.
2025-10-23 00:50:15 +02:00 · 2025-10-23 00:50:15 +02:00 · 3b371e3bec
commit 3b371e3bec
parent 018a074915
4 changed files with 207 additions and 22 deletions
--- a/EXPENSE_APPROVAL.md
+++ b/EXPENSE_APPROVAL.md
@ -0,0 +1,167 @@
+# Expense Approval Workflow
+
+## Overview
+
+The Castle extension now requires admin approval for all user-submitted expenses. This prevents invalid or incorrect expenses from affecting balances until they are verified by the Castle admin.
+
+## How It Works
+
+### 1. User Submits Expense
+- User fills out the expense form with description, amount, category, etc.
+- Expense is created with `flag='!'` (PENDING status)
+- Entry is saved to the database but **does not affect balances**
+
+### 2. Admin Reviews Pending Expenses
+- Admin sees "Pending Expense Approvals" card on the main page
+- Card shows all pending expenses with:
+  - Description and amount
+  - User who submitted it
+  - Date submitted
+  - Fiat amount (if applicable)
+  - Reference number
+
+### 3. Admin Takes Action
+
+#### Option A: Approve
+- Admin clicks "Approve" button
+- Entry flag changes from `!` to `*` (CLEARED)
+- Entry **now affects balances** (user's balance updates)
+- User sees the expense in their transaction history
+- Entry appears with green checkmark icon
+
+#### Option B: Reject
+- Admin clicks "Reject" button
+- Entry flag changes from `!` to `x` (VOID)
+- Entry **never affects balances**
+- Entry appears with grey cancel icon (voided)
+
+## Balance Calculation
+
+Only entries with `flag='*'` (CLEARED) are included in balance calculations:
+
+```sql
+-- Balance query excludes pending/flagged/voided entries
+SELECT SUM(debit), SUM(credit)
+FROM entry_lines el
+JOIN journal_entries je ON el.journal_entry_id = je.id
+WHERE el.account_id = :account_id
+AND je.flag = '*'  -- Only cleared entries
+```
+
+## Transaction Flags
+
+| Flag | Symbol | Status | Affects Balance | Description |
+|------|--------|--------|----------------|-------------|
+| `*` | ✅ | CLEARED | Yes | Confirmed and reconciled |
+| `!` | ⏱️ | PENDING | No | Awaiting approval |
+| `#` | 🚩 | FLAGGED | No | Needs review |
+| `x` | ❌ | VOID | No | Cancelled/rejected |
+
+## API Endpoints
+
+### Get Pending Entries (Admin Only)
+```
+GET /castle/api/v1/entries/pending
+Authorization: Admin Key
+
+Returns: list[JournalEntry]
+```
+
+### Approve Expense (Admin Only)
+```
+POST /castle/api/v1/entries/{entry_id}/approve
+Authorization: Admin Key
+
+Returns: JournalEntry (with flag='*')
+```
+
+### Reject Expense (Admin Only)
+```
+POST /castle/api/v1/entries/{entry_id}/reject
+Authorization: Admin Key
+
+Returns: JournalEntry (with flag='x')
+```
+
+## Implementation Details
+
+### Files Modified
+
+1. **views_api.py**
+   - Line 284: Set expenses to `JournalEntryFlag.PENDING` on creation
+   - Lines 181-197: Added `/api/v1/entries/pending` endpoint
+   - Lines 972-1011: Added approve endpoint
+   - Lines 1013-1053: Added reject endpoint
+
+2. **crud.py**
+   - Lines 315-329: Updated `get_account_balance()` to filter by flag
+   - Lines 367-376: Updated fiat balance calculation to filter by flag
+   - Lines 238-269: Fixed `get_all_journal_entries()` to parse flag/meta
+
+3. **index.html**
+   - Lines 157-209: Added "Pending Expense Approvals" card
+
+4. **index.js**
+   - Line 68: Added `pendingExpenses` data property
+   - Lines 497-511: Added `loadPendingExpenses()` method
+   - Lines 545-563: Added `approveExpense()` method
+   - Lines 564-580: Added `rejectExpense()` method
+   - Line 731: Load pending expenses on page load for admins
+
+## User Experience
+
+### For Regular Users
+1. Submit expense via "Add Expense" button
+2. See expense with orange pending icon (⏱️) in transaction list
+3. Balance does NOT change yet
+4. Wait for admin approval
+
+### For Admin (Super User)
+1. See "Pending Expense Approvals" card at top of page
+2. Review expense details
+3. Click "Approve" → User's balance updates
+4. Click "Reject" → Expense is voided, no balance change
+
+## Security
+
+- All approval endpoints require admin key
+- Super user check prevents regular users from approving their own expenses
+- Voided entries are never included in balance calculations
+- Full audit trail in `meta` field tracks who created and reviewed each entry
+
+## Testing
+
+1. **Submit test expense as regular user**
+   ```
+   POST /castle/api/v1/entries/expense
+   {
+     "description": "Test groceries",
+     "amount": 50.00,
+     "currency": "EUR",
+     "expense_account": "utilities",
+     "is_equity": false
+   }
+   ```
+
+2. **Verify it's pending**
+   - Check user balance → should NOT include this expense
+   - Check transaction list → should show orange pending icon
+
+3. **Login as admin and approve**
+   - See expense in "Pending Expense Approvals"
+   - Click "Approve"
+   - Verify user balance updates
+
+4. **Submit another expense and reject it**
+   - Submit expense
+   - Admin clicks "Reject"
+   - Verify balance never changed
+   - Entry shows grey cancel icon
+
+## Future Enhancements
+
+- [ ] Email notifications when expense is approved/rejected
+- [ ] Bulk approve/reject multiple expenses
+- [ ] Admin notes when rejecting (reason for rejection)
+- [ ] Expense revision system (user can edit and resubmit rejected expenses)
+- [ ] Approval workflow with multiple approvers
--- a/crud.py
+++ b/crud.py
@ -236,18 +236,35 @@ async def get_entry_lines(journal_entry_id: str) -> list[EntryLine]:


 async def get_all_journal_entries(limit: int = 100) -> list[JournalEntry]:
-    entries = await db.fetchall(
+    entries_data = await db.fetchall(
        """
        SELECT * FROM journal_entries
        ORDER BY entry_date DESC, created_at DESC
        LIMIT :limit
        """,
        {"limit": limit},
-        JournalEntry,
    )

-    for entry in entries:
+    entries = []
+    for entry_data in entries_data:
+        # Parse flag and meta from database
+        from .models import JournalEntryFlag
+        flag = JournalEntryFlag(entry_data.get("flag", "*"))
+        meta = json.loads(entry_data.get("meta", "{}")) if entry_data.get("meta") else {}
+
+        entry = JournalEntry(
+            id=entry_data["id"],
+            description=entry_data["description"],
+            entry_date=entry_data["entry_date"],
+            created_by=entry_data["created_by"],
+            created_at=entry_data["created_at"],
+            reference=entry_data["reference"],
+            flag=flag,
+            meta=meta,
+            lines=[],
+        )
        entry.lines = await get_entry_lines(entry.id)
+        entries.append(entry)

    return entries

--- a/static/js/index.js
+++ b/static/js/index.js
@ -497,6 +497,7 @@ window.app = Vue.createApp({
    async loadPendingExpenses() {
      try {
        if (!this.isSuperUser) return
+        if (!this.g.user.wallets[0]?.adminkey) return

        const response = await LNbits.api.request(
          'GET',
--- a/views_api.py
+++ b/views_api.py
@ -178,6 +178,25 @@ async def api_get_user_entries(
    return await get_journal_entries_by_user(wallet.wallet.user, limit)


+@castle_api_router.get("/api/v1/entries/pending")
+async def api_get_pending_entries(
+    wallet: WalletTypeInfo = Depends(require_admin_key),
+) -> list[JournalEntry]:
+    """Get all pending expense entries that need approval (admin only)"""
+    from lnbits.settings import settings as lnbits_settings
+
+    if wallet.wallet.user != lnbits_settings.super_user:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Only super user can access this endpoint",
+        )
+
+    # Get all journal entries and filter for pending flag
+    all_entries = await get_all_journal_entries(limit=1000)
+    pending_entries = [e for e in all_entries if e.flag == JournalEntryFlag.PENDING]
+    return pending_entries
+
+
@castle_api_router.get("/api/v1/entries/{entry_id}")
 async def api_get_journal_entry(entry_id: str) -> JournalEntry:
    """Get a specific journal entry"""
@ -950,25 +969,6 @@ async def api_reject_manual_payment_request(
 # ===== EXPENSE APPROVAL ENDPOINTS =====


-@castle_api_router.get("/api/v1/entries/pending")
-async def api_get_pending_entries(
-    wallet: WalletTypeInfo = Depends(require_admin_key),
-) -> list[JournalEntry]:
-    """Get all pending expense entries that need approval (admin only)"""
-    from lnbits.settings import settings as lnbits_settings
-
-    if wallet.wallet.user != lnbits_settings.super_user:
-        raise HTTPException(
-            status_code=HTTPStatus.FORBIDDEN,
-            detail="Only super user can access this endpoint",
-        )
-
-    # Get all journal entries and filter for pending flag
-    all_entries = await get_all_journal_entries(limit=1000)
-    pending_entries = [e for e in all_entries if e.flag == JournalEntryFlag.PENDING]
-    return pending_entries
-
-
@castle_api_router.post("/api/v1/entries/{entry_id}/approve")
 async def api_approve_expense_entry(
    entry_id: str,