feat(finance): personal vs company scope for banking + finance entries
User-level data privacy on finance entities. Bireysel = sadece sahibi
görür/düzenler/siler, Şirket = takım görür (mevcut davranış).
Schema additions (4 tables, all enum company|personal default 'company'):
- bank_accounts.scope
- bank_loans.scope
- credit_cards.scope
- finance_entries.scope
+ tenantId_scope index on each.
Inherited fields (no own scope, parent's used):
- loan_installments → from bank_loan
- credit_card_statements → from credit_card
Permissions (lib/appwrite/scope-permissions.ts):
- scopedRowPermissions(tenantId, createdBy, scope):
* company: Permission.read/update Role.team(tenantId), delete Role.team
owner|admin (current behavior)
* personal: read/update/delete Role.user(createdBy) only
- canAccessRow(row, userId): true if scope=company OR createdBy=userId.
Used as a defense-in-depth check inside actions because we use the
admin SDK (which bypasses row-level perms).
Action updates:
- bank-account-actions, loan-actions, credit-card-actions, finance-actions:
pickFormFields includes scope; create uses scopedRowPermissions; update
re-applies perms when scope changes; update/delete check canAccessRow
on top of the existing tenantId check.
- loan installment payment & credit card statement payment auto-create
finance entries that inherit the parent's scope, so a personal loan
installment doesn't create a company income/expense.
Query updates (all accept optional currentUserId):
- listBankAccounts, listLoans, listCreditCards, listFinanceEntries:
pull all tenant rows then in-JS filter via canAccessRow.
- getBankAccountBalances respects visible accounts only.
- listAllInstallments / listStatements: filter to only those whose
parent loan/card is visible.
UI:
- New shared component components/finance/scope-toggle.tsx with
ScopeToggle (form input) and ScopeBadge (visual marker).
- Bank, loan, card form sheets and the finance form sheet now include
a Şirket/Bireysel toggle at the top.
- Bank account cards display ScopeBadge for personal entries.
- Page-level queries everywhere now pass ctx.user.id so each user only
sees their personal rows + the team's company rows.
Reports & Dashboard:
- getDashboardData filters finance entries to scope=company only — so
team-level metrics never include any user's personal data.
- getFinancialReport (CFO view): bank accounts, loans, cards, finance
entries, installments and statements all filtered to company scope.
Personal entities never appear in reports anywhere.
Invoice → finance entry sync explicitly tags scope=company since invoices
are inherently company-scope.
This commit is contained in:
kovakmedya
@@ -21,6 +21,7 @@ import {
|
||||
updateBankAccountAction,
|
||||
} from "@/lib/appwrite/bank-account-actions";
|
||||
import { initialBankAccountState } from "@/lib/appwrite/bank-account-types";
|
||||
import { ScopeToggle } from "@/components/finance/scope-toggle";
|
||||
|
||||
import type { BankAccountRow } from "./types";
|
||||
|
||||
@@ -60,6 +61,8 @@ export function BankFormSheet({ open, onOpenChange, account }: Props) {
|
||||
{isEdit && account && <input type="hidden" name="id" value={account.id} />}
|
||||
|
||||
<div className="flex-1 space-y-4 overflow-y-auto px-6 py-5">
|
||||
<ScopeToggle defaultValue={(account as { scope?: "company" | "personal" } | null)?.scope ?? "company"} />
|
||||
|
||||
<div className="grid gap-4 md:grid-cols-2">
|
||||
<div className="grid gap-2">
|
||||
<Label htmlFor="bankName">Banka *</Label>
|
||||
|
||||
@@ -36,6 +36,7 @@ import {
|
||||
deleteBankAccountAction,
|
||||
} from "@/lib/appwrite/bank-account-actions";
|
||||
import { formatTRY } from "@/lib/format";
|
||||
import { ScopeBadge } from "@/components/finance/scope-toggle";
|
||||
import { cn } from "@/lib/utils";
|
||||
|
||||
import { BankFormSheet } from "./bank-form-sheet";
|
||||
@@ -229,6 +230,7 @@ function AccountCard({
|
||||
Arşivli
|
||||
</Badge>
|
||||
)}
|
||||
<ScopeBadge scope={account.scope} />
|
||||
</div>
|
||||
<p className="text-muted-foreground mt-0.5 truncate text-sm">{account.accountName}</p>
|
||||
{account.iban && (
|
||||
|
||||
@@ -7,4 +7,5 @@ export type BankAccountRow = {
|
||||
notes: string;
|
||||
archived: boolean;
|
||||
balance: number;
|
||||
scope: "company" | "personal";
|
||||
};
|
||||
|
||||
@@ -21,8 +21,8 @@ export default async function BanksPage() {
|
||||
}
|
||||
|
||||
const [accounts, balances] = await Promise.all([
|
||||
listBankAccounts(ctx.tenantId),
|
||||
getBankAccountBalances(ctx.tenantId),
|
||||
listBankAccounts(ctx.tenantId, ctx.user.id),
|
||||
getBankAccountBalances(ctx.tenantId, ctx.user.id),
|
||||
]);
|
||||
|
||||
return (
|
||||
@@ -45,6 +45,7 @@ export default async function BanksPage() {
|
||||
notes: a.notes ?? "",
|
||||
archived: Boolean(a.archived),
|
||||
balance: balances.get(a.$id) ?? a.openingBalance ?? 0,
|
||||
scope: (a.scope ?? "company") as "company" | "personal",
|
||||
}))}
|
||||
/>
|
||||
</div>
|
||||
|
||||
@@ -28,6 +28,7 @@ import {
|
||||
updateCreditCardAction,
|
||||
} from "@/lib/appwrite/credit-card-actions";
|
||||
import { initialCreditCardState } from "@/lib/appwrite/credit-card-types";
|
||||
import { ScopeToggle } from "@/components/finance/scope-toggle";
|
||||
|
||||
import type { BankAccountOption, CreditCardRow } from "./types";
|
||||
|
||||
@@ -78,6 +79,8 @@ export function CardFormSheet({
|
||||
{isEdit && card && <input type="hidden" name="id" value={card.id} />}
|
||||
|
||||
<div className="flex-1 space-y-4 overflow-y-auto px-6 py-5">
|
||||
<ScopeToggle defaultValue={card?.scope ?? "company"} />
|
||||
|
||||
<div className="grid gap-4 md:grid-cols-2">
|
||||
<div className="grid gap-2">
|
||||
<Label htmlFor="bankName">Banka *</Label>
|
||||
|
||||
@@ -11,6 +11,7 @@ export type CreditCardRow = {
|
||||
bankAccountLabel: string;
|
||||
archived: boolean;
|
||||
notes: string;
|
||||
scope: "company" | "personal";
|
||||
};
|
||||
|
||||
export type StatementRow = {
|
||||
|
||||
@@ -22,9 +22,9 @@ export default async function CardsPage() {
|
||||
}
|
||||
|
||||
const [cards, statements, bankAccounts] = await Promise.all([
|
||||
listCreditCards(ctx.tenantId),
|
||||
listStatements(ctx.tenantId),
|
||||
listBankAccounts(ctx.tenantId),
|
||||
listCreditCards(ctx.tenantId, ctx.user.id),
|
||||
listStatements(ctx.tenantId, ctx.user.id),
|
||||
listBankAccounts(ctx.tenantId, ctx.user.id),
|
||||
]);
|
||||
|
||||
const bankMap = new Map(
|
||||
@@ -55,6 +55,7 @@ export default async function CardsPage() {
|
||||
bankAccountLabel: c.bankAccountId ? bankMap.get(c.bankAccountId) ?? "" : "",
|
||||
archived: Boolean(c.archived),
|
||||
notes: c.notes ?? "",
|
||||
scope: (c.scope ?? "company") as "company" | "personal",
|
||||
}))}
|
||||
statements={statements.map((s) => ({
|
||||
id: s.$id,
|
||||
|
||||
@@ -28,6 +28,7 @@ import {
|
||||
updateFinanceEntryAction,
|
||||
} from "@/lib/appwrite/finance-actions";
|
||||
import { initialFinanceState } from "@/lib/appwrite/finance-types";
|
||||
import { ScopeToggle } from "@/components/finance/scope-toggle";
|
||||
|
||||
import type { BankAccountOption, Customer, FinanceRow, FinanceType } from "./types";
|
||||
|
||||
@@ -95,6 +96,10 @@ export function FinanceFormSheet({
|
||||
{isEdit && entry && <input type="hidden" name="id" value={entry.id} />}
|
||||
|
||||
<div className="flex-1 space-y-4 overflow-y-auto px-6 py-5">
|
||||
<ScopeToggle
|
||||
defaultValue={(entry as { scope?: "company" | "personal" } | null | undefined)?.scope ?? "company"}
|
||||
/>
|
||||
|
||||
<div className="grid gap-4 md:grid-cols-2">
|
||||
<div className="grid gap-2">
|
||||
<Label htmlFor="type">Tür *</Label>
|
||||
|
||||
@@ -26,6 +26,7 @@ import { Textarea } from "@/components/ui/textarea";
|
||||
import { createLoanAction } from "@/lib/appwrite/loan-actions";
|
||||
import { initialLoanState } from "@/lib/appwrite/loan-types";
|
||||
import { formatTRY } from "@/lib/format";
|
||||
import { ScopeToggle } from "@/components/finance/scope-toggle";
|
||||
|
||||
import type { BankAccountOption } from "./types";
|
||||
|
||||
@@ -85,6 +86,8 @@ export function LoanFormSheet({
|
||||
className="flex flex-1 flex-col"
|
||||
>
|
||||
<div className="flex-1 space-y-4 overflow-y-auto px-6 py-5">
|
||||
<ScopeToggle />
|
||||
|
||||
<div className="grid gap-4 md:grid-cols-2">
|
||||
<div className="grid gap-2">
|
||||
<Label htmlFor="bankName">Banka *</Label>
|
||||
|
||||
@@ -17,6 +17,7 @@ export type LoanRow = {
|
||||
paidAmount: number;
|
||||
remainingCount: number;
|
||||
nextDue: string | null;
|
||||
scope: "company" | "personal";
|
||||
};
|
||||
|
||||
export type InstallmentRow = {
|
||||
|
||||
@@ -19,9 +19,9 @@ export default async function LoansPage() {
|
||||
}
|
||||
|
||||
const [loans, installments, bankAccounts] = await Promise.all([
|
||||
listLoans(ctx.tenantId),
|
||||
listAllInstallments(ctx.tenantId),
|
||||
listBankAccounts(ctx.tenantId),
|
||||
listLoans(ctx.tenantId, ctx.user.id),
|
||||
listAllInstallments(ctx.tenantId, ctx.user.id),
|
||||
listBankAccounts(ctx.tenantId, ctx.user.id),
|
||||
]);
|
||||
|
||||
const bankMap = new Map(
|
||||
@@ -90,6 +90,7 @@ export default async function LoansPage() {
|
||||
paidAmount: m.paidAmount,
|
||||
remainingCount: m.remainingCount,
|
||||
nextDue: m.nextDue,
|
||||
scope: (l.scope ?? "company") as "company" | "personal",
|
||||
};
|
||||
})}
|
||||
installments={installments.map((i) => ({
|
||||
|
||||
@@ -20,9 +20,9 @@ export default async function FinancePage() {
|
||||
}
|
||||
|
||||
const [entries, customers, bankAccounts] = await Promise.all([
|
||||
listFinanceEntries(ctx.tenantId),
|
||||
listFinanceEntries(ctx.tenantId, ctx.user.id),
|
||||
listCustomers(ctx.tenantId),
|
||||
listBankAccounts(ctx.tenantId),
|
||||
listBankAccounts(ctx.tenantId, ctx.user.id),
|
||||
]);
|
||||
|
||||
const customerMap = new Map(customers.map((c) => [c.$id, c.name]));
|
||||
|
||||
Reference in New Issue
Block a user