B4L/buildfor_life_budget
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add accountant role and financial_exported audit event

Browse Source 
- New 'accountant' role in companyRoleEnum (orthogonal like 'hr')
- meetsMinRole and requireCompanyRole now exclude accountant from
  hierarchy along with hr
- Settings UI exposes accountant in the role checkbox lists for both
  add-member and edit-member forms
- New 'financial_exported' value added to companyLogEventEnum, ready
  for the upcoming export feature

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alexander Grabowski
2026-04-15 09:39:18 +07:00
parent 23b00b2cfc
commit 0bfbcef043
4 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/server/authorization.ts
+8 -5
View File
@@ -38,12 +38,15 @@ export function hasRole(roles: CompanyRole[], target: CompanyRole): boolean {
return roles.includes(target);
}
/** Does any hierarchical role in the set meet or exceed the minimum rank? `hr` does not count. */
export function meetsMinRole(roles: CompanyRole[], min: Exclude<CompanyRole, 'hr'>): boolean {
/** Does any hierarchical role in the set meet or exceed the minimum rank? `hr` and `accountant` do not count. */
export function meetsMinRole(
roles: CompanyRole[],
min: Exclude<CompanyRole, 'hr' | 'accountant'>
): boolean {
const minRank = ROLE_HIERARCHY[min];
for (const r of roles) {
if (r === 'hr') continue;
const rank = ROLE_HIERARCHY[r as Exclude<CompanyRole, 'hr'>];
if (r === 'hr' || r === 'accountant') continue;
const rank = ROLE_HIERARCHY[r as Exclude<CompanyRole, 'hr' | 'accountant'>];
if (rank >= minRank) return true;
}
return false;
@@ -56,7 +59,7 @@ export function meetsMinRole(roles: CompanyRole[], min: Exclude<CompanyRole, 'hr
export async function requireCompanyRole(
locals: App.Locals,
companyId: string,
minRole: Exclude<CompanyRole, 'hr'>
minRole: Exclude<CompanyRole, 'hr' | 'accountant'>
): Promise<{ user: NonNullable<App.Locals['user']>; roles: CompanyRole[] }> {
const user = requireAuth(locals);
src/lib/server/db/schema.ts
+3 -2
View File
@@ -15,7 +15,7 @@ import {
// ── Enums ──────────────────────────────────────────────
export const companyRoleEnum = pgEnum('company_role', ['admin', 'manager', 'user', 'viewer', 'hr']);
export const companyRoleEnum = pgEnum('company_role', ['admin', 'manager', 'user', 'viewer', 'hr', 'accountant']);
export const expenseStatusEnum = pgEnum('expense_status', ['pending', 'approved', 'rejected']);
// ── Users ──────────────────────────────────────────────
@@ -697,7 +697,8 @@ export const companyLogEventEnum = pgEnum('company_log_event', [
'package_delivered',
'package_status_refreshed',
'shipping_account_added',
'shipping_account_removed'
'shipping_account_removed',
'financial_exported'
]);
export const companyLog = pgTable(