lnbits-exts/castle
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 2 Packages Wiki Activity Actions

Enhance RBAC user management UI and fix permission checks

Browse source 
- Add role management to "By User" tab
  - Show all users with roles and/or direct permissions
  - Add ability to assign/revoke roles from users
  - Display role chips as clickable and removable
  - Add "Assign Role" button for each user

- Fix account_id validation error in permission granting
  - Extract account_id string from Quasar q-select object
  - Apply fix to grantPermission, bulkGrantPermissions, and addRolePermission

- Fix role-based permission checking for expense submission
  - Update get_user_permissions_with_inheritance() to include role permissions
  - Ensures users with role-based permissions can submit expenses

- Improve Vue reactivity for role details dialog
  - Use spread operator to create fresh arrays
  - Add $nextTick() before showing dialog

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
padreug 2025-11-13 10:17:28 +01:00
parent 52c6c3f8f1
commit f2df2f543b
4 changed files with 1207 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

17
crud.py
View file

@ -1188,6 +1188,7 @@ async def get_user_permissions_with_inheritance(
) -> list[tuple["AccountPermission", Optional[str]]]:
"""
Get all permissions for a user on an account, including inherited permissions from parent accounts.
Includes both direct permissions AND role-based permissions.
Returns list of tuples: (permission, parent_account_name or None)
Example:
@ -1196,13 +1197,23 @@ async def get_user_permissions_with_inheritance(
"""
from .models import AccountPermission, PermissionType
# Get all user's permissions of this type
user_permissions = await get_user_permissions(user_id, permission_type)
# Get direct user permissions of this type
direct_permissions = await get_user_permissions(user_id, permission_type)
# Get role-based permissions of this type
role_permissions_list = await get_user_permissions_from_roles(user_id)
role_perms = []
for role, perms in role_permissions_list:
# Filter for the specific permission type
role_perms.extend([p for p in perms if p.permission_type == permission_type])
# Combine direct and role-based permissions
all_permissions = list(direct_permissions) + role_perms
# Find which permissions apply to this account (direct or inherited)
applicable_permissions = []
for perm in user_permissions:
for perm in all_permissions:
# Get the account for this permission
account = await get_account(perm.account_id)
if not account: