diff --git a/docker-compose.yml b/docker-compose.yml index ae513f5..70e7a52 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -32,7 +32,7 @@ services: - > apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends - python3 python3-pip python3-venv fontconfig && + python3 python3-pip python3-venv fontconfig openssh-server && if ! fc-match 'Noto Sans CJK SC' | grep -qi 'Noto'; then if ! timeout "${CJK_FONT_INSTALL_TIMEOUT_SECONDS:-45}" sh -lc 'DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends fonts-noto-cjk fonts-noto-cjk-extra'; then printf '%s\n' '[WARN] CJK font installation timed out or failed; continuing startup without blocking the app.'; fi; fi && printf '%s\n' '' diff --git a/server/rules/finance-rules/交通工具等级标准.xlsx b/server/rules/finance-rules/交通工具等级标准.xlsx index d2ecf62..e65800c 100644 Binary files a/server/rules/finance-rules/交通工具等级标准.xlsx and b/server/rules/finance-rules/交通工具等级标准.xlsx differ diff --git a/server/rules/finance-rules/交通费用预估表.xlsx b/server/rules/finance-rules/交通费用预估表.xlsx index 4975642..701ba4b 100644 Binary files a/server/rules/finance-rules/交通费用预估表.xlsx and b/server/rules/finance-rules/交通费用预估表.xlsx differ diff --git a/server/rules/finance-rules/公司通信费报销规则.xlsx b/server/rules/finance-rules/公司通信费报销规则.xlsx index 386437e..769b594 100644 Binary files a/server/rules/finance-rules/公司通信费报销规则.xlsx and b/server/rules/finance-rules/公司通信费报销规则.xlsx differ diff --git a/server/rules/finance-rules/出差补助标准.xlsx b/server/rules/finance-rules/出差补助标准.xlsx index 50c1b4c..fbf9bec 100644 Binary files a/server/rules/finance-rules/出差补助标准.xlsx and b/server/rules/finance-rules/出差补助标准.xlsx differ diff --git a/server/rules/finance-rules/地区淡旺季映射表.xlsx b/server/rules/finance-rules/地区淡旺季映射表.xlsx index b1645a0..f48c015 100644 Binary files a/server/rules/finance-rules/地区淡旺季映射表.xlsx and b/server/rules/finance-rules/地区淡旺季映射表.xlsx differ diff --git a/server/rules/finance-rules/差旅职级映射表.xlsx b/server/rules/finance-rules/差旅职级映射表.xlsx index 43d0326..b3a737e 100644 Binary files a/server/rules/finance-rules/差旅职级映射表.xlsx and b/server/rules/finance-rules/差旅职级映射表.xlsx differ diff --git a/server/src/app/api/deps.py b/server/src/app/api/deps.py index 40976b3..af1cb1c 100644 --- a/server/src/app/api/deps.py +++ b/server/src/app/api/deps.py @@ -8,6 +8,10 @@ from sqlalchemy.orm import Session from app.db.session import get_session_factory +PLATFORM_ADMIN_IDENTITIES = {"admin", "superadmin"} +ADMIN_HEADER_TRUE_VALUES = {"1", "true", "yes", "on"} + + def get_db() -> Generator[Session, None, None]: db = get_session_factory()() try: @@ -124,14 +128,15 @@ def _resolve_platform_admin_flag( role_codes: list[str], header_value: str | None, ) -> bool: - if str(header_value or "").strip().lower() in {"1", "true", "yes", "on"}: + if str(header_value or "").strip().lower() in ADMIN_HEADER_TRUE_VALUES: return True identities = { str(username or "").strip().lower(), str(name or "").strip().lower(), } - return "admin" in identities or "admin" in {_normalize_role_code(item) for item in role_codes} + normalized_role_codes = {_normalize_role_code(item) for item in role_codes} + return bool(identities & PLATFORM_ADMIN_IDENTITIES) or bool(normalized_role_codes & PLATFORM_ADMIN_IDENTITIES) def require_admin_user( diff --git a/server/src/app/api/v1/endpoints/reimbursements.py b/server/src/app/api/v1/endpoints/reimbursements.py index 371f098..c6571bb 100644 --- a/server/src/app/api/v1/endpoints/reimbursements.py +++ b/server/src/app/api/v1/endpoints/reimbursements.py @@ -11,6 +11,9 @@ from app.api.pagination import PageNumber, PageSize, page_payload, wants_page from app.schemas.budget import BudgetClaimAnalysisRead from app.schemas.common import ErrorResponse, PaginatedResponse from app.schemas.reimbursement import ( + ExpenseApplicationPreviewActionPayload, + ExpenseApplicationPreviewActionResponse, + ExpenseApplicationPreviewActionResult, ExpenseClaimAttachmentActionResponse, ExpenseClaimActionResponse, ExpenseClaimAttachmentRead, @@ -27,10 +30,13 @@ from app.schemas.reimbursement import ( TravelReimbursementCalculatorRequest, TravelReimbursementCalculatorResponse, ) +from app.schemas.ontology import OntologyParseResult, OntologyPermission +from app.schemas.user_agent import UserAgentRequest from app.services.budget import BudgetService from app.services.expense_claims import ExpenseClaimService from app.services.reimbursement import ReimbursementService from app.services.travel_reimbursement_calculator import TravelReimbursementCalculatorService +from app.services.user_agent import UserAgentService router = APIRouter() DbSession = Annotated[Session, Depends(get_db)] @@ -88,6 +94,90 @@ def calculate_travel_reimbursement( raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(error)) from error +def _build_application_preview_action_context( + payload: ExpenseApplicationPreviewActionPayload, + current_user: CurrentUserContext, +) -> dict[str, object]: + context_json = dict(payload.context_json or {}) + context_json.setdefault("session_type", "application") + context_json.setdefault("entry_source", "workbench_ai_inline") + context_json.setdefault("document_type", "expense_application") + context_json.setdefault("application_stage", "expense_application") + context_json.setdefault("role_codes", current_user.role_codes) + context_json.setdefault("is_admin", current_user.is_admin) + context_json.setdefault("username", current_user.username) + context_json.setdefault("name", current_user.name) + context_json.setdefault("department_name", current_user.department_name) + context_json.setdefault("position", current_user.position) + context_json.setdefault("grade", current_user.grade) + context_json.setdefault("employee_no", current_user.employee_no) + context_json.setdefault("manager_name", current_user.manager_name) + return context_json + + +@router.post( + "/application-preview-action", + response_model=ExpenseApplicationPreviewActionResponse, + summary="按申请核对预览快速保存或提交申请单", + description="用于 AI 工作台已完成表格核对后的轻量建单/提交流程,避免重复进入通用 Orchestrator 编排。", +) +def run_application_preview_action( + payload: ExpenseApplicationPreviewActionPayload, + db: DbSession, + current_user: CurrentUser, +) -> ExpenseApplicationPreviewActionResponse: + context_json = _build_application_preview_action_context(payload, current_user) + run_id = f"application-preview-action:{payload.conversation_id or current_user.username}" + request = UserAgentRequest( + run_id=run_id, + user_id=payload.user_id or current_user.username or current_user.name, + message=payload.message, + ontology=OntologyParseResult( + scenario="expense", + intent="operate", + permission=OntologyPermission( + level="approval_required", + allowed=True, + reason="application preview fast action", + ), + confidence=1.0, + run_id=run_id, + ), + context_json=context_json, + tool_payload={}, + selected_capability_codes=[], + degraded=False, + requires_confirmation=False, + ) + try: + user_agent_response = UserAgentService(db)._build_expense_application_response( + request, + risk_flags=[], + ) + except ValueError as error: + raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(error)) from error + + return ExpenseApplicationPreviewActionResponse( + status="succeeded", + conversation_id=payload.conversation_id, + result=ExpenseApplicationPreviewActionResult( + message=user_agent_response.answer, + answer=user_agent_response.answer, + suggested_actions=[ + action.model_dump(mode="json") + for action in user_agent_response.suggested_actions + ], + risk_flags=user_agent_response.risk_flags, + requires_confirmation=user_agent_response.requires_confirmation, + draft_payload=( + user_agent_response.draft_payload.model_dump(mode="json") + if user_agent_response.draft_payload is not None + else None + ), + ), + ) + + @router.get( "/claims", response_model=list[ExpenseClaimRead] | PaginatedResponse[ExpenseClaimRead], diff --git a/server/src/app/schemas/reimbursement.py b/server/src/app/schemas/reimbursement.py index a87889c..fe60739 100644 --- a/server/src/app/schemas/reimbursement.py +++ b/server/src/app/schemas/reimbursement.py @@ -185,6 +185,29 @@ class ExpenseClaimActionResponse(BaseModel): status: str | None = None +class ExpenseApplicationPreviewActionPayload(BaseModel): + source: str = Field(default="user_message", max_length=80) + user_id: str | None = Field(default=None, max_length=120) + conversation_id: str | None = Field(default=None, max_length=120) + message: str = Field(min_length=1, max_length=4000) + context_json: dict[str, Any] = Field(default_factory=dict) + + +class ExpenseApplicationPreviewActionResult(BaseModel): + message: str + answer: str + suggested_actions: list[dict[str, Any]] = Field(default_factory=list) + risk_flags: list[str] = Field(default_factory=list) + requires_confirmation: bool = False + draft_payload: dict[str, Any] | None = None + + +class ExpenseApplicationPreviewActionResponse(BaseModel): + status: str = "succeeded" + conversation_id: str | None = None + result: ExpenseApplicationPreviewActionResult + + class ExpenseClaimReturnPayload(BaseModel): reason: str | None = Field(default=None, max_length=500) reason_codes: list[str] = Field(default_factory=list, max_length=10) diff --git a/server/tests/test_reimbursement_endpoints.py b/server/tests/test_reimbursement_endpoints.py index 05e3ad2..4683e11 100644 --- a/server/tests/test_reimbursement_endpoints.py +++ b/server/tests/test_reimbursement_endpoints.py @@ -765,7 +765,7 @@ def test_claim_item_delete_removes_item_and_attachment(monkeypatch, tmp_path) -> assert deleted_meta_response.status_code == 404 -def test_claim_delete_allows_draft_owner_by_employee_id_without_employee_no_header(monkeypatch, tmp_path) -> None: +def test_claim_delete_allows_admin_and_cleans_risk_observations(monkeypatch, tmp_path) -> None: monkeypatch.setattr(ExpenseClaimAttachmentStorage, "root", lambda self: tmp_path) client, session_factory = build_client() @@ -800,7 +800,7 @@ def test_claim_delete_allows_draft_owner_by_employee_id_without_employee_no_head response = client.delete( f"/api/v1/reimbursements/claims/{claim_id}", - headers={"x-auth-username": "emp-1", "x-auth-name": "Browser Session User"}, + headers={"x-auth-username": "admin", "x-auth-name": "Admin User"}, ) assert response.status_code == 200 @@ -812,3 +812,90 @@ def test_claim_delete_allows_draft_owner_by_employee_id_without_employee_no_head assert db.get(ExpenseClaim, claim_id) is None assert db.get(RiskObservation, "risk-observation-delete-1") is None assert db.get(RiskObservationFeedback, "risk-observation-feedback-delete-1") is None + + +def test_claim_delete_allows_legacy_superadmin_without_is_admin_header(monkeypatch, tmp_path) -> None: + monkeypatch.setattr(ExpenseClaimAttachmentStorage, "root", lambda self: tmp_path) + + client, session_factory = build_client() + with session_factory() as db: + claim, _ = seed_claim(db) + claim_id = claim.id + + response = client.delete( + f"/api/v1/reimbursements/claims/{claim_id}", + headers={ + "x-auth-username": "superadmin", + "x-auth-name": "superadmin", + "x-auth-role-codes": "manager", + }, + ) + + assert response.status_code == 200 + payload = response.json() + assert payload["claim_id"] == claim_id + assert payload["status"] == "deleted" + + with session_factory() as db: + assert db.get(ExpenseClaim, claim_id) is None + + +def test_application_preview_action_submits_without_orchestrator_run(monkeypatch, tmp_path) -> None: + monkeypatch.setattr(ExpenseClaimAttachmentStorage, "root", lambda self: tmp_path) + + client, session_factory = build_client() + with session_factory() as db: + seed_claim(db) + + response = client.post( + "/api/v1/reimbursements/application-preview-action", + headers={ + "x-auth-username": "zhangsan@example.com", + "x-auth-name": "Zhang San", + "x-auth-employee-no": "E10001", + "x-auth-role-codes": "user", + }, + json={ + "source": "user_message", + "user_id": "zhangsan@example.com", + "conversation_id": "conversation-fast-submit", + "message": "差旅费用申请提交审批\n申请类型:差旅费用申请\n申请时间:2026-07-01 至 2026-07-03\n地点:北京\n事由:项目实施\n天数:3天\n出行方式:火车\n申请金额:1000元\n直接提交", + "context_json": { + "session_type": "application", + "entry_source": "workbench_ai_inline", + "document_type": "expense_application", + "application_stage": "expense_application", + "application_preview": { + "fields": { + "applicationType": "差旅费用申请", + "time": "2026-07-01 至 2026-07-03", + "location": "北京", + "reason": "项目实施", + "days": "3天", + "transportMode": "火车", + "amount": "1000元", + "applicant": "张三", + "department": "市场部", + "position": "招商主管", + "grade": "P4", + "managerName": "李总", + } + }, + }, + }, + ) + + assert response.status_code == 200 + payload = response.json() + assert payload["status"] == "succeeded" + draft_payload = payload["result"]["draft_payload"] + assert draft_payload["draft_type"] == "expense_application" + assert draft_payload["status"] == "submitted" + assert draft_payload["approval_stage"] == "直属领导审批" + assert draft_payload["claim_no"].startswith("AP-") + + with session_factory() as db: + claim = db.get(ExpenseClaim, draft_payload["claim_id"]) + assert claim is not None + assert claim.status == "submitted" + assert claim.employee_name == "张三"