padreug
c086916be8
Implemented comprehensive REST API for role-based access control:
Role Management Endpoints (Admin only):
- GET /api/v1/admin/roles - List all roles with user/permission counts
- POST /api/v1/admin/roles - Create new role
- GET /api/v1/admin/roles/{role_id} - Get role details with permissions and users
- PUT /api/v1/admin/roles/{role_id} - Update role (name, description, is_default)
- DELETE /api/v1/admin/roles/{role_id} - Delete role (cascades to permissions/assignments)
Role Permission Endpoints (Admin only):
- POST /api/v1/admin/roles/{role_id}/permissions - Add permission to role
- DELETE /api/v1/admin/roles/{role_id}/permissions/{permission_id} - Remove permission
User Role Assignment Endpoints (Admin only):
- POST /api/v1/admin/user-roles - Assign user to role (with optional expiration)
- GET /api/v1/admin/user-roles/{user_id} - Get user's role assignments
- DELETE /api/v1/admin/user-roles/{user_role_id} - Revoke role assignment
User Endpoints:
- GET /api/v1/users/me/roles - Get current user's roles and effective permissions
(includes both role-based and direct permissions)
All endpoints include:
- Proper error handling with HTTP status codes
- Admin key requirement for management operations
- Rich response data with timestamps and metadata
- Role details enriched with user counts and permission counts
Next: Implement Roles tab UI and JavaScript integration
🤖 Generated with Claude Code
|
||
|---|---|---|
| core | ||
| docs | ||
| helper | ||
| static | ||
| templates/castle | ||
| .gitignore | ||
| __init__.py | ||
| account_sync.py | ||
| account_utils.py | ||
| beancount_format.py | ||
| CLAUDE.md | ||
| config.json | ||
| crud.py | ||
| description.md | ||
| fava_client.py | ||
| manifest.json | ||
| MIGRATION_SQUASH_SUMMARY.md | ||
| migrations.py | ||
| migrations_old.py.bak | ||
| models.py | ||
| permission_management.py | ||
| README.md | ||
| services.py | ||
| tasks.py | ||
| views.py | ||
| views_api.py | ||
Castle Accounting Extension for LNbits
A full-featured double-entry accounting system for collective projects, integrated with LNbits Lightning payments.
Overview
Castle Accounting enables collectives like co-living spaces, makerspaces, and community projects to:
- Track expenses and revenue with proper accounting
- Manage individual member balances
- Record contributions as equity or reimbursable expenses
- Track accounts receivable (what members owe)
- Generate Lightning invoices for settlements
Installation
This extension is designed to be installed in the lnbits/extensions/ directory.
cd lnbits/extensions/
# Copy or clone the castle directory here
Enable the extension through the LNbits admin interface or by adding it to your configuration.
Usage
For Members
-
Add an Expense: Record money you spent on behalf of the collective
- Choose "Liability" if you want reimbursement
- Choose "Equity" if it's a contribution
-
View Your Balance: See if the Castle owes you money or vice versa
-
Pay Outstanding Balance: Generate a Lightning invoice to settle what you owe
For Admins
-
Create Accounts Receivable: Record when someone owes the collective money
-
Record Revenue: Track income received by the collective
-
View All Transactions: See complete accounting history
-
Make Payments: Record payments to members
Architecture
Data Models
- Account: Individual accounts in the chart of accounts
- JournalEntry: Transaction header with description and date
- EntryLine: Individual debit/credit lines (always balanced)
Account Types
- Assets: Things the Castle owns (Cash, Bank, Accounts Receivable)
- Liabilities: What the Castle owes (Accounts Payable to members)
- Equity: Member contributions and retained earnings
- Revenue: Income streams
- Expenses: Operating costs
Database Schema
The extension creates three tables:
castle.accounts- Chart of accountscastle.journal_entries- Transaction headerscastle.entry_lines- Debit/credit lines
API Reference
See description.md for full API documentation.
Development
To modify this extension:
- Edit models in
models.py - Add database migrations in
migrations.py - Implement business logic in
crud.py - Create API endpoints in
views_api.py - Update UI in
templates/castle/index.html
Contributing
Contributions welcome! Please ensure:
- Journal entries always balance
- User permissions are properly checked
- Database transactions are atomic
License
MIT License - feel free to use and modify for your collective!