Expose SUBMIT_INCOME in permission management UI

Adds the new permission type to the grant/bulk-grant dialog dropdown (static/js/permissions.js) so admins can grant 'Submit Income' on revenue accounts the same way they grant 'Submit Expense' on expense accounts. Without this, the backend's SUBMIT_INCOME check on the new income endpoint is ungranted-able from the UI and users see a 403. Uses 'teal' + the 'payments' icon to distinguish income-grant badges from green-and-add_circle expense-grant badges in the role/account permission lists. Also updates a stale comment in migrations.py listing the valid permission_type values. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 19:55:28 +02:00 · 2026-05-16 19:55:28 +02:00 · 61952d0015
commit 61952d0015
parent 93b5c2677c
2 changed files with 10 additions and 1 deletions
--- a/migrations.py
+++ b/migrations.py
@ -240,7 +240,7 @@ async def m001_initial(db):
    # ACCOUNT PERMISSIONS TABLE
    # =========================================================================
    # Granular access control for accounts
-    # Permission types: read, submit_expense, manage
+    # Permission types: read, submit_expense, submit_income, manage
    # Supports hierarchical inheritance (parent account permissions cascade)

    await db.execute(