No description

Find a file

padreug 52c6c3f8f1 Fix RBAC role-based permissions for accounts endpoint Fixed critical bugs preventing users from seeing accounts through their assigned roles: 1. Fixed duplicate function definition (crud.py) - Removed duplicate auto_assign_default_role() that only took 1 parameter - Kept correct version with proper signature and logging - Added get_all_user_roles() helper function 2. Added role-based permissions to accounts endpoint (views_api.py) - Previously only checked direct user permissions - Now retrieves and combines both direct AND role permissions - Auto-assigns default role to new users on first access 3. Fixed permission inheritance logic (views_api.py) - Inheritance check now uses combined permissions (direct + role) - Previously only checked direct user permissions for parents - Users can now inherit access to child accounts via role permissions Changes enable proper RBAC functionality: - Users with "Employee" role (or any role) now see permitted accounts - Permission inheritance works correctly with role-based permissions - Auto-assignment of default role on first Castle access 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-11-12 03:00:17 +01:00
core	Removes core balance calculation logic	2025-11-10 01:06:51 +01:00
docs	Add UI improvements plan for bulk permission features	2025-11-11 00:05:57 +01:00
helper	HELPER FILE TO DELETE/REVISE	2025-11-10 21:44:43 +01:00
static	Set default permission type to 'submit_expense' in grant forms	2025-11-11 23:18:40 +01:00
templates/castle	Fix loading state hang when user has no permissions	2025-11-11 23:03:05 +01:00
.gitignore	initial commit	2025-10-22 12:33:45 +02:00
__init__.py	Integrate account sync with API, background tasks, and user creation	2025-11-11 01:28:59 +01:00
account_sync.py	Fix virtual parent detection by refreshing account list	2025-11-11 02:53:41 +01:00
account_utils.py	Update default expense accounts to optimized structure	2025-11-11 03:09:44 +01:00
beancount_format.py	Implement hybrid approach for balance assertions	2025-11-10 20:46:12 +01:00
CLAUDE.md	update CLAUDE.md	2025-11-10 19:32:00 +01:00
config.json	initial commit	2025-10-22 12:33:45 +02:00
crud.py	Fix RBAC role-based permissions for accounts endpoint	2025-11-12 03:00:17 +01:00
description.md	initial commit	2025-10-22 12:33:45 +02:00
fava_client.py	Optimize recent transactions with 30-day date filter	2025-11-11 22:39:22 +01:00
manifest.json	initial commit	2025-10-22 12:33:45 +02:00
MIGRATION_SQUASH_SUMMARY.md	Squash 16 migrations into single clean initial migration	2025-11-10 21:51:11 +01:00
migrations.py	Add RBAC (Role-Based Access Control) system - Phase 1	2025-11-11 23:34:28 +01:00
migrations_old.py.bak	Squash 16 migrations into single clean initial migration	2025-11-10 21:51:11 +01:00
models.py	Add RBAC (Role-Based Access Control) system - Phase 1	2025-11-11 23:34:28 +01:00
permission_management.py	Add account sync and bulk permission management	2025-11-10 23:55:26 +01:00
README.md	initial commit	2025-10-22 12:33:45 +02:00
services.py	Fixes user account creation in Fava/Beancount	2025-11-10 21:22:02 +01:00
tasks.py	Integrate account sync with API, background tasks, and user creation	2025-11-11 01:28:59 +01:00
views.py	Adds admin permissions management page	2025-11-07 18:05:30 +01:00
views_api.py	Fix RBAC role-based permissions for accounts endpoint	2025-11-12 03:00:17 +01:00

README.md

Castle Accounting Extension for LNbits

A full-featured double-entry accounting system for collective projects, integrated with LNbits Lightning payments.

Overview

Castle Accounting enables collectives like co-living spaces, makerspaces, and community projects to:

Track expenses and revenue with proper accounting
Manage individual member balances
Record contributions as equity or reimbursable expenses
Track accounts receivable (what members owe)
Generate Lightning invoices for settlements

Installation

This extension is designed to be installed in the lnbits/extensions/ directory.

cd lnbits/extensions/
# Copy or clone the castle directory here

Enable the extension through the LNbits admin interface or by adding it to your configuration.

Usage

For Members

Add an Expense: Record money you spent on behalf of the collective
- Choose "Liability" if you want reimbursement
- Choose "Equity" if it's a contribution
View Your Balance: See if the Castle owes you money or vice versa
Pay Outstanding Balance: Generate a Lightning invoice to settle what you owe

For Admins

Create Accounts Receivable: Record when someone owes the collective money
Record Revenue: Track income received by the collective
View All Transactions: See complete accounting history
Make Payments: Record payments to members

Architecture

Data Models

Account: Individual accounts in the chart of accounts
JournalEntry: Transaction header with description and date
EntryLine: Individual debit/credit lines (always balanced)

Account Types

Assets: Things the Castle owns (Cash, Bank, Accounts Receivable)
Liabilities: What the Castle owes (Accounts Payable to members)
Equity: Member contributions and retained earnings
Revenue: Income streams
Expenses: Operating costs

Database Schema

The extension creates three tables:

castle.accounts - Chart of accounts
castle.journal_entries - Transaction headers
castle.entry_lines - Debit/credit lines

API Reference

See description.md for full API documentation.

Development

To modify this extension:

Edit models in models.py
Add database migrations in migrations.py
Implement business logic in crud.py
Create API endpoints in views_api.py
Update UI in templates/castle/index.html

Contributing

Contributions welcome! Please ensure:

Journal entries always balance
User permissions are properly checked
Database transactions are atomic

License

MIT License - feel free to use and modify for your collective!