Filters accounts by user permissions

Ensures that the account selector only displays accounts that the user has permissions for. This change modifies the `ExpensesAPI` to include a `filterByUser` parameter when fetching accounts, which is then passed to the backend to retrieve only authorized accounts. A log statement was added to confirm proper filtering.
2025-11-07 22:18:56 +01:00 · 2025-11-07 22:18:56 +01:00 · 53c14044ef
commit 53c14044ef
parent 0f795f9d18
2 changed files with 24 additions and 7 deletions
--- a/src/modules/expenses/components/AccountSelector.vue
+++ b/src/modules/expenses/components/AccountSelector.vue
@ -212,10 +212,14 @@ async function loadAccounts() {
      throw new Error('No wallet available. Please log in.')
    }

+    // Filter by user permissions to only show authorized accounts
    accountHierarchy.value = await expensesAPI.getAccountHierarchy(
      wallet.inkey,
-      props.rootAccount
+      props.rootAccount,
+      true // filterByUser
    )
+
+    console.log('[AccountSelector] Loaded user-authorized accounts:', accountHierarchy.value)
  } catch (err) {
    error.value = err instanceof Error ? err.message : 'Failed to load accounts'
    console.error('[AccountSelector] Error loading accounts:', err)
--- a/src/modules/expenses/services/ExpensesAPI.ts
+++ b/src/modules/expenses/services/ExpensesAPI.ts
@ -46,12 +46,17 @@ export class ExpensesAPI extends BaseService {
  /**
   * Get all accounts from castle
   *
-   * Note: Currently returns all accounts. Once castle API implements
-   * user permissions, use filter_by_user=true parameter.
+   * @param walletKey - Wallet key for authentication
+   * @param filterByUser - If true, only return accounts the user has permissions for
   */
-  async getAccounts(walletKey: string): Promise<Account[]> {
+  async getAccounts(walletKey: string, filterByUser: boolean = false): Promise<Account[]> {
    try {
-      const response = await fetch(`${this.baseUrl}/castle/api/v1/accounts`, {
+      const url = new URL(`${this.baseUrl}/castle/api/v1/accounts`)
+      if (filterByUser) {
+        url.searchParams.set('filter_by_user', 'true')
+      }
+
+      const response = await fetch(url.toString(), {
        method: 'GET',
        headers: this.getHeaders(walletKey),
        signal: AbortSignal.timeout(this.config?.apiConfig?.timeout || 30000)
@ -74,9 +79,17 @@ export class ExpensesAPI extends BaseService {
   *
   * Converts flat account list to nested tree based on colon-separated names
   * e.g., "Expenses:Groceries:Organic" becomes nested structure
+   *
+   * @param walletKey - Wallet key for authentication
+   * @param rootAccount - Optional root account to filter by (e.g., "Expenses")
+   * @param filterByUser - If true, only return accounts the user has permissions for
   */
-  async getAccountHierarchy(walletKey: string, rootAccount?: string): Promise<AccountNode[]> {
-    const accounts = await this.getAccounts(walletKey)
+  async getAccountHierarchy(
+    walletKey: string,
+    rootAccount?: string,
+    filterByUser: boolean = false
+  ): Promise<AccountNode[]> {
+    const accounts = await this.getAccounts(walletKey, filterByUser)

    // Filter by root account if specified
    let filteredAccounts = accounts