padreug
0e6fe3e3cd
Two critical fixes for user account access:
1. **Permission inheritance for ALL permission types**
- Previously only checked READ permission inheritance
- Now checks ALL permission types (read, submit_expense, manage)
- Fixes issue where users with submit_expense on parent virtual accounts
couldn't see child expense accounts
2. **Virtual account filtering after permission check**
- Virtual accounts are now filtered AFTER permission inheritance logic
- This allows permission inheritance to work correctly for virtual parents
- Virtual accounts are still excluded from final results for users
3. **User-specific account filtering**
- Frontend now passes filter_by_user=true to only show permitted accounts
- Prevents users from seeing accounts they don't have access to
Flow now works correctly:
- Admin grants user submit_expense permission on virtual 'Expenses:Supplies'
- Permission inheritance checks ALL permission types (not just read)
- User sees all 'Expenses:Supplies:*' child accounts (Food, Kitchen, etc.)
- Virtual parent 'Expenses:Supplies' is filtered out from final results
- User only sees real expense accounts they can submit to
Fixes loading hang and empty account list in Add Expense dialog.
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
||
|---|---|---|
| core | ||
| docs | ||
| helper | ||
| static | ||
| templates/castle | ||
| .gitignore | ||
| __init__.py | ||
| account_sync.py | ||
| account_utils.py | ||
| beancount_format.py | ||
| CLAUDE.md | ||
| config.json | ||
| crud.py | ||
| description.md | ||
| fava_client.py | ||
| manifest.json | ||
| MIGRATION_SQUASH_SUMMARY.md | ||
| migrations.py | ||
| migrations_old.py.bak | ||
| models.py | ||
| permission_management.py | ||
| README.md | ||
| services.py | ||
| tasks.py | ||
| views.py | ||
| views_api.py | ||
Castle Accounting Extension for LNbits
A full-featured double-entry accounting system for collective projects, integrated with LNbits Lightning payments.
Overview
Castle Accounting enables collectives like co-living spaces, makerspaces, and community projects to:
- Track expenses and revenue with proper accounting
- Manage individual member balances
- Record contributions as equity or reimbursable expenses
- Track accounts receivable (what members owe)
- Generate Lightning invoices for settlements
Installation
This extension is designed to be installed in the lnbits/extensions/ directory.
cd lnbits/extensions/
# Copy or clone the castle directory here
Enable the extension through the LNbits admin interface or by adding it to your configuration.
Usage
For Members
-
Add an Expense: Record money you spent on behalf of the collective
- Choose "Liability" if you want reimbursement
- Choose "Equity" if it's a contribution
-
View Your Balance: See if the Castle owes you money or vice versa
-
Pay Outstanding Balance: Generate a Lightning invoice to settle what you owe
For Admins
-
Create Accounts Receivable: Record when someone owes the collective money
-
Record Revenue: Track income received by the collective
-
View All Transactions: See complete accounting history
-
Make Payments: Record payments to members
Architecture
Data Models
- Account: Individual accounts in the chart of accounts
- JournalEntry: Transaction header with description and date
- EntryLine: Individual debit/credit lines (always balanced)
Account Types
- Assets: Things the Castle owns (Cash, Bank, Accounts Receivable)
- Liabilities: What the Castle owes (Accounts Payable to members)
- Equity: Member contributions and retained earnings
- Revenue: Income streams
- Expenses: Operating costs
Database Schema
The extension creates three tables:
castle.accounts- Chart of accountscastle.journal_entries- Transaction headerscastle.entry_lines- Debit/credit lines
API Reference
See description.md for full API documentation.
Development
To modify this extension:
- Edit models in
models.py - Add database migrations in
migrations.py - Implement business logic in
crud.py - Create API endpoints in
views_api.py - Update UI in
templates/castle/index.html
Contributing
Contributions welcome! Please ensure:
- Journal entries always balance
- User permissions are properly checked
- Database transactions are atomic
License
MIT License - feel free to use and modify for your collective!