Per Prestige's context on transaction commands and permissions: regular players should only view their own transactions, while staff and auditors need broader read access to conduct audits without excessive friction.
Technical notes — There's no audit/role surface in treasury-rest-api (no audit controller; VerifiedToken only distinguishes PERSONAL/BUSINESS/GOVERNMENT, not staff/DOC) and all endpoints are owner-scoped. Decide the surface first: (a) an in-game permission tier on /transactions in Treasury, (b) a staff/DOC role + audit-read endpoints in treasury-rest-api, or (c) the economy-explorer audit surface (which already has audit() writes wired). Then this splits into concrete sub-tasks.
Code context — There's no audit/role surface in treasury-rest-api (no audit controller; VerifiedToken only distinguishes PERSONAL/BUSINESS/GOVERNMENT, not a staff/DOC role) and all endpoints are owner-scoped. Per Prestige's note, regular players should see only their own transactions while staff/auditors need broader read access.
Decision needed before estimating — land this as (a) an in-game permission tier on /transactions in Treasury, (b) a staff/DOC role + audit-read endpoints in treasury-rest-api, or (c) the economy-explorer audit surface (which already has audit() writes wired). Recommend deciding the surface first, then this splits into concrete sub-tasks.
State corrected Planned → Pending Release: implemented in treasury cf1b806 ("Add in-game /transactions audit tier for staff/DOC"), which is on develop only (2 commits ahead of main), so it's built but not yet released.
Delivered across both surfaces.
In-game (treasury @ cf1b806, develop): new treasury.transactions.audit permission tier — /transactions audit <player> [page] and /transactions auditaccount <accountId> [page] let staff/DOC view any player's/account's history (read-only personal-account resolution; each access logged at INFO).
Web: the explorer already let staff (admin/government) audit any account, gated by isStaff + audit-logged. To make "staff/DOC" manageable, we built a group + capability RBAC layer (the surface decision evolved into this — see the new RBAC initiative):
economy-schema V10: explorer_group / explorer_group_capability / explorer_group_member.economy-explorer: getViewer() now yields viewer.capabilities (groups ∪ legacy roles); isStaff = hasCapability('staff.audit'); a /admin/groups admin tool to define groups, attach capabilities, set a LuckPerms source node, and manage members.treasury-api-plugin: an opt-in reconciliation cron that syncs LuckPerms group membership into explorer groups.DOC-audit is now configuration: a "DOC" group granting staff.audit, fed from the doc LuckPerms group.
Committed on develop in all repos; tests green (treasury unit; explorer typecheck/lint/unit; plugin compile + diff test). Not yet pushed. Recommend splitting the RBAC/groups initiative into its own issue for tracking.
/transactions (playerName)
/transactions export (playerName)