feat(server): 新增申请核对预览快速建单接口与平台管理员判定统一

- reimbursements 新增 POST /application-preview-action，AI 工作台表格核对后直接走 UserAgentService 建单/提交，免去通用 Orchestrator 编排 - 平台管理员判定统一抽取 PLATFORM_ADMIN_IDENTITIES 常量，identity 与 role_codes 均支持 admin/superadmin，含 header 开关 - docker-compose 镜像补装 openssh-server - 同步更新差旅/交通/通信等财务规则表与 reimbursements 端点测试
2026-06-20 14:41:59 +08:00
parent 304bbe1fd4
commit 729d833edb
11 changed files with 210 additions and 5 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -32,7 +32,7 @@ services:
      - >
        apt-get update &&
        DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends
-        python3 python3-pip python3-venv fontconfig &&
+        python3 python3-pip python3-venv fontconfig openssh-server &&
        if ! fc-match 'Noto Sans CJK SC' | grep -qi 'Noto'; then if ! timeout "${CJK_FONT_INSTALL_TIMEOUT_SECONDS:-45}" sh -lc 'DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends fonts-noto-cjk fonts-noto-cjk-extra'; then printf '%s\n' '[WARN] CJK font installation timed out or failed; continuing startup without blocking the app.'; fi; fi &&
        printf '%s\n'
        '<?xml version="1.0"?>'
--- a/server/rules/finance-rules/交通工具等级标准.xlsx
+++ b/server/rules/finance-rules/交通工具等级标准.xlsx
--- a/server/rules/finance-rules/交通费用预估表.xlsx
+++ b/server/rules/finance-rules/交通费用预估表.xlsx
--- a/server/rules/finance-rules/公司通信费报销规则.xlsx
+++ b/server/rules/finance-rules/公司通信费报销规则.xlsx
--- a/server/rules/finance-rules/出差补助标准.xlsx
+++ b/server/rules/finance-rules/出差补助标准.xlsx
--- a/server/rules/finance-rules/地区淡旺季映射表.xlsx
+++ b/server/rules/finance-rules/地区淡旺季映射表.xlsx
--- a/server/rules/finance-rules/差旅职级映射表.xlsx
+++ b/server/rules/finance-rules/差旅职级映射表.xlsx
--- a/server/src/app/api/deps.py
+++ b/server/src/app/api/deps.py
@@ -8,6 +8,10 @@ from sqlalchemy.orm import Session
 from app.db.session import get_session_factory


+PLATFORM_ADMIN_IDENTITIES = {"admin", "superadmin"}
+ADMIN_HEADER_TRUE_VALUES = {"1", "true", "yes", "on"}
+
+
 def get_db() -> Generator[Session, None, None]:
    db = get_session_factory()()
    try:
@@ -124,14 +128,15 @@ def _resolve_platform_admin_flag(
    role_codes: list[str],
    header_value: str | None,
 ) -> bool:
-    if str(header_value or "").strip().lower() in {"1", "true", "yes", "on"}:
+    if str(header_value or "").strip().lower() in ADMIN_HEADER_TRUE_VALUES:
        return True

    identities = {
        str(username or "").strip().lower(),
        str(name or "").strip().lower(),
    }
-    return "admin" in identities or "admin" in {_normalize_role_code(item) for item in role_codes}
+    normalized_role_codes = {_normalize_role_code(item) for item in role_codes}
+    return bool(identities & PLATFORM_ADMIN_IDENTITIES) or bool(normalized_role_codes & PLATFORM_ADMIN_IDENTITIES)


 def require_admin_user(
--- a/server/src/app/api/v1/endpoints/reimbursements.py
+++ b/server/src/app/api/v1/endpoints/reimbursements.py
@@ -11,6 +11,9 @@ from app.api.pagination import PageNumber, PageSize, page_payload, wants_page
 from app.schemas.budget import BudgetClaimAnalysisRead
 from app.schemas.common import ErrorResponse, PaginatedResponse
 from app.schemas.reimbursement import (
+    ExpenseApplicationPreviewActionPayload,
+    ExpenseApplicationPreviewActionResponse,
+    ExpenseApplicationPreviewActionResult,
    ExpenseClaimAttachmentActionResponse,
    ExpenseClaimActionResponse,
    ExpenseClaimAttachmentRead,
@@ -27,10 +30,13 @@ from app.schemas.reimbursement import (
    TravelReimbursementCalculatorRequest,
    TravelReimbursementCalculatorResponse,
 )
+from app.schemas.ontology import OntologyParseResult, OntologyPermission
+from app.schemas.user_agent import UserAgentRequest
 from app.services.budget import BudgetService
 from app.services.expense_claims import ExpenseClaimService
 from app.services.reimbursement import ReimbursementService
 from app.services.travel_reimbursement_calculator import TravelReimbursementCalculatorService
+from app.services.user_agent import UserAgentService

 router = APIRouter()
 DbSession = Annotated[Session, Depends(get_db)]
@@ -88,6 +94,90 @@ def calculate_travel_reimbursement(
        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(error)) from error


+def _build_application_preview_action_context(
+    payload: ExpenseApplicationPreviewActionPayload,
+    current_user: CurrentUserContext,
+) -> dict[str, object]:
+    context_json = dict(payload.context_json or {})
+    context_json.setdefault("session_type", "application")
+    context_json.setdefault("entry_source", "workbench_ai_inline")
+    context_json.setdefault("document_type", "expense_application")
+    context_json.setdefault("application_stage", "expense_application")
+    context_json.setdefault("role_codes", current_user.role_codes)
+    context_json.setdefault("is_admin", current_user.is_admin)
+    context_json.setdefault("username", current_user.username)
+    context_json.setdefault("name", current_user.name)
+    context_json.setdefault("department_name", current_user.department_name)
+    context_json.setdefault("position", current_user.position)
+    context_json.setdefault("grade", current_user.grade)
+    context_json.setdefault("employee_no", current_user.employee_no)
+    context_json.setdefault("manager_name", current_user.manager_name)
+    return context_json
+
+
+@router.post(
+    "/application-preview-action",
+    response_model=ExpenseApplicationPreviewActionResponse,
+    summary="按申请核对预览快速保存或提交申请单",
+    description="用于 AI 工作台已完成表格核对后的轻量建单/提交流程，避免重复进入通用 Orchestrator 编排。",
+)
+def run_application_preview_action(
+    payload: ExpenseApplicationPreviewActionPayload,
+    db: DbSession,
+    current_user: CurrentUser,
+) -> ExpenseApplicationPreviewActionResponse:
+    context_json = _build_application_preview_action_context(payload, current_user)
+    run_id = f"application-preview-action:{payload.conversation_id or current_user.username}"
+    request = UserAgentRequest(
+        run_id=run_id,
+        user_id=payload.user_id or current_user.username or current_user.name,
+        message=payload.message,
+        ontology=OntologyParseResult(
+            scenario="expense",
+            intent="operate",
+            permission=OntologyPermission(
+                level="approval_required",
+                allowed=True,
+                reason="application preview fast action",
+            ),
+            confidence=1.0,
+            run_id=run_id,
+        ),
+        context_json=context_json,
+        tool_payload={},
+        selected_capability_codes=[],
+        degraded=False,
+        requires_confirmation=False,
+    )
+    try:
+        user_agent_response = UserAgentService(db)._build_expense_application_response(
+            request,
+            risk_flags=[],
+        )
+    except ValueError as error:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(error)) from error
+
+    return ExpenseApplicationPreviewActionResponse(
+        status="succeeded",
+        conversation_id=payload.conversation_id,
+        result=ExpenseApplicationPreviewActionResult(
+            message=user_agent_response.answer,
+            answer=user_agent_response.answer,
+            suggested_actions=[
+                action.model_dump(mode="json")
+                for action in user_agent_response.suggested_actions
+            ],
+            risk_flags=user_agent_response.risk_flags,
+            requires_confirmation=user_agent_response.requires_confirmation,
+            draft_payload=(
+                user_agent_response.draft_payload.model_dump(mode="json")
+                if user_agent_response.draft_payload is not None
+                else None
+            ),
+        ),
+    )
+
+
@router.get(
    "/claims",
    response_model=list[ExpenseClaimRead] | PaginatedResponse[ExpenseClaimRead],
--- a/server/src/app/schemas/reimbursement.py
+++ b/server/src/app/schemas/reimbursement.py
@@ -185,6 +185,29 @@ class ExpenseClaimActionResponse(BaseModel):
    status: str | None = None


+class ExpenseApplicationPreviewActionPayload(BaseModel):
+    source: str = Field(default="user_message", max_length=80)
+    user_id: str | None = Field(default=None, max_length=120)
+    conversation_id: str | None = Field(default=None, max_length=120)
+    message: str = Field(min_length=1, max_length=4000)
+    context_json: dict[str, Any] = Field(default_factory=dict)
+
+
+class ExpenseApplicationPreviewActionResult(BaseModel):
+    message: str
+    answer: str
+    suggested_actions: list[dict[str, Any]] = Field(default_factory=list)
+    risk_flags: list[str] = Field(default_factory=list)
+    requires_confirmation: bool = False
+    draft_payload: dict[str, Any] | None = None
+
+
+class ExpenseApplicationPreviewActionResponse(BaseModel):
+    status: str = "succeeded"
+    conversation_id: str | None = None
+    result: ExpenseApplicationPreviewActionResult
+
+
 class ExpenseClaimReturnPayload(BaseModel):
    reason: str | None = Field(default=None, max_length=500)
    reason_codes: list[str] = Field(default_factory=list, max_length=10)
--- a/server/tests/test_reimbursement_endpoints.py
+++ b/server/tests/test_reimbursement_endpoints.py
@@ -765,7 +765,7 @@ def test_claim_item_delete_removes_item_and_attachment(monkeypatch, tmp_path) ->
    assert deleted_meta_response.status_code == 404


-def test_claim_delete_allows_draft_owner_by_employee_id_without_employee_no_header(monkeypatch, tmp_path) -> None:
+def test_claim_delete_allows_admin_and_cleans_risk_observations(monkeypatch, tmp_path) -> None:
    monkeypatch.setattr(ExpenseClaimAttachmentStorage, "root", lambda self: tmp_path)

    client, session_factory = build_client()
@@ -800,7 +800,7 @@ def test_claim_delete_allows_draft_owner_by_employee_id_without_employee_no_head

    response = client.delete(
        f"/api/v1/reimbursements/claims/{claim_id}",
-        headers={"x-auth-username": "emp-1", "x-auth-name": "Browser Session User"},
+        headers={"x-auth-username": "admin", "x-auth-name": "Admin User"},
    )

    assert response.status_code == 200
@@ -812,3 +812,90 @@ def test_claim_delete_allows_draft_owner_by_employee_id_without_employee_no_head
        assert db.get(ExpenseClaim, claim_id) is None
        assert db.get(RiskObservation, "risk-observation-delete-1") is None
        assert db.get(RiskObservationFeedback, "risk-observation-feedback-delete-1") is None
+
+
+def test_claim_delete_allows_legacy_superadmin_without_is_admin_header(monkeypatch, tmp_path) -> None:
+    monkeypatch.setattr(ExpenseClaimAttachmentStorage, "root", lambda self: tmp_path)
+
+    client, session_factory = build_client()
+    with session_factory() as db:
+        claim, _ = seed_claim(db)
+        claim_id = claim.id
+
+    response = client.delete(
+        f"/api/v1/reimbursements/claims/{claim_id}",
+        headers={
+            "x-auth-username": "superadmin",
+            "x-auth-name": "superadmin",
+            "x-auth-role-codes": "manager",
+        },
+    )
+
+    assert response.status_code == 200
+    payload = response.json()
+    assert payload["claim_id"] == claim_id
+    assert payload["status"] == "deleted"
+
+    with session_factory() as db:
+        assert db.get(ExpenseClaim, claim_id) is None
+
+
+def test_application_preview_action_submits_without_orchestrator_run(monkeypatch, tmp_path) -> None:
+    monkeypatch.setattr(ExpenseClaimAttachmentStorage, "root", lambda self: tmp_path)
+
+    client, session_factory = build_client()
+    with session_factory() as db:
+        seed_claim(db)
+
+    response = client.post(
+        "/api/v1/reimbursements/application-preview-action",
+        headers={
+            "x-auth-username": "zhangsan@example.com",
+            "x-auth-name": "Zhang San",
+            "x-auth-employee-no": "E10001",
+            "x-auth-role-codes": "user",
+        },
+        json={
+            "source": "user_message",
+            "user_id": "zhangsan@example.com",
+            "conversation_id": "conversation-fast-submit",
+            "message": "差旅费用申请提交审批\n申请类型：差旅费用申请\n申请时间：2026-07-01 至 2026-07-03\n地点：北京\n事由：项目实施\n天数：3天\n出行方式：火车\n申请金额：1000元\n直接提交",
+            "context_json": {
+                "session_type": "application",
+                "entry_source": "workbench_ai_inline",
+                "document_type": "expense_application",
+                "application_stage": "expense_application",
+                "application_preview": {
+                    "fields": {
+                        "applicationType": "差旅费用申请",
+                        "time": "2026-07-01 至 2026-07-03",
+                        "location": "北京",
+                        "reason": "项目实施",
+                        "days": "3天",
+                        "transportMode": "火车",
+                        "amount": "1000元",
+                        "applicant": "张三",
+                        "department": "市场部",
+                        "position": "招商主管",
+                        "grade": "P4",
+                        "managerName": "李总",
+                    }
+                },
+            },
+        },
+    )
+
+    assert response.status_code == 200
+    payload = response.json()
+    assert payload["status"] == "succeeded"
+    draft_payload = payload["result"]["draft_payload"]
+    assert draft_payload["draft_type"] == "expense_application"
+    assert draft_payload["status"] == "submitted"
+    assert draft_payload["approval_stage"] == "直属领导审批"
+    assert draft_payload["claim_no"].startswith("AP-")
+
+    with session_factory() as db:
+        claim = db.get(ExpenseClaim, draft_payload["claim_id"])
+        assert claim is not None
+        assert claim.status == "submitted"
+        assert claim.employee_name == "张三"