padreug
46e910ba25
Implemented comprehensive role-based permission management system:
Database:
- Added m004_add_rbac_tables migration
- roles table: Define named permission bundles (Employee, Contractor, etc.)
- role_permissions table: Map roles to account permissions
- user_roles table: Assign users to roles with optional expiration
- Created 4 default roles: Employee (default), Contractor, Accountant, Manager
Models (models.py):
- Role, CreateRole, UpdateRole
- RolePermission, CreateRolePermission
- UserRole, AssignUserRole
- RoleWithPermissions, UserWithRoles
CRUD Operations (crud.py):
- Role management: create_role, get_role, get_all_roles, update_role, delete_role
- get_default_role() - get auto-assigned role for new users
- Role permissions: create_role_permission, get_role_permissions, delete_role_permission
- User role assignment: assign_user_role, get_user_roles, revoke_user_role
- Helper functions:
- get_user_permissions_from_roles() - resolve user permissions via roles
- check_user_has_role_permission() - check role-based access
- auto_assign_default_role() - auto-assign default role to new users
Permission Resolution Order:
1. Individual account_permissions (direct grants/exceptions)
2. Role-based permissions (via user_roles → role_permissions)
3. Inherited permissions (hierarchical account names)
4. Deny by default
Next: API endpoints, UI, and permission resolution logic integration
🤖 Generated with Claude Code
|
||
|---|---|---|
| core | ||
| docs | ||
| helper | ||
| static | ||
| templates/castle | ||
| .gitignore | ||
| __init__.py | ||
| account_sync.py | ||
| account_utils.py | ||
| beancount_format.py | ||
| CLAUDE.md | ||
| config.json | ||
| crud.py | ||
| description.md | ||
| fava_client.py | ||
| manifest.json | ||
| MIGRATION_SQUASH_SUMMARY.md | ||
| migrations.py | ||
| migrations_old.py.bak | ||
| models.py | ||
| permission_management.py | ||
| README.md | ||
| services.py | ||
| tasks.py | ||
| views.py | ||
| views_api.py | ||
Castle Accounting Extension for LNbits
A full-featured double-entry accounting system for collective projects, integrated with LNbits Lightning payments.
Overview
Castle Accounting enables collectives like co-living spaces, makerspaces, and community projects to:
- Track expenses and revenue with proper accounting
- Manage individual member balances
- Record contributions as equity or reimbursable expenses
- Track accounts receivable (what members owe)
- Generate Lightning invoices for settlements
Installation
This extension is designed to be installed in the lnbits/extensions/ directory.
cd lnbits/extensions/
# Copy or clone the castle directory here
Enable the extension through the LNbits admin interface or by adding it to your configuration.
Usage
For Members
-
Add an Expense: Record money you spent on behalf of the collective
- Choose "Liability" if you want reimbursement
- Choose "Equity" if it's a contribution
-
View Your Balance: See if the Castle owes you money or vice versa
-
Pay Outstanding Balance: Generate a Lightning invoice to settle what you owe
For Admins
-
Create Accounts Receivable: Record when someone owes the collective money
-
Record Revenue: Track income received by the collective
-
View All Transactions: See complete accounting history
-
Make Payments: Record payments to members
Architecture
Data Models
- Account: Individual accounts in the chart of accounts
- JournalEntry: Transaction header with description and date
- EntryLine: Individual debit/credit lines (always balanced)
Account Types
- Assets: Things the Castle owns (Cash, Bank, Accounts Receivable)
- Liabilities: What the Castle owes (Accounts Payable to members)
- Equity: Member contributions and retained earnings
- Revenue: Income streams
- Expenses: Operating costs
Database Schema
The extension creates three tables:
castle.accounts- Chart of accountscastle.journal_entries- Transaction headerscastle.entry_lines- Debit/credit lines
API Reference
See description.md for full API documentation.
Development
To modify this extension:
- Edit models in
models.py - Add database migrations in
migrations.py - Implement business logic in
crud.py - Create API endpoints in
views_api.py - Update UI in
templates/castle/index.html
Contributing
Contributions welcome! Please ensure:
- Journal entries always balance
- User permissions are properly checked
- Database transactions are atomic
License
MIT License - feel free to use and modify for your collective!