feat(server): 新增申请核对预览快速建单接口与平台管理员判定统一

- reimbursements 新增 POST /application-preview-action,AI 工作台表格核对后直接走 UserAgentService 建单/提交,免去通用 Orchestrator 编排
- 平台管理员判定统一抽取 PLATFORM_ADMIN_IDENTITIES 常量,identity 与 role_codes 均支持 admin/superadmin,含 header 开关
- docker-compose 镜像补装 openssh-server
- 同步更新差旅/交通/通信等财务规则表与 reimbursements 端点测试
This commit is contained in:
caoxiaozhu
2026-06-20 14:41:59 +08:00
parent 304bbe1fd4
commit 729d833edb
11 changed files with 210 additions and 5 deletions

View File

@@ -8,6 +8,10 @@ from sqlalchemy.orm import Session
from app.db.session import get_session_factory
PLATFORM_ADMIN_IDENTITIES = {"admin", "superadmin"}
ADMIN_HEADER_TRUE_VALUES = {"1", "true", "yes", "on"}
def get_db() -> Generator[Session, None, None]:
db = get_session_factory()()
try:
@@ -124,14 +128,15 @@ def _resolve_platform_admin_flag(
role_codes: list[str],
header_value: str | None,
) -> bool:
if str(header_value or "").strip().lower() in {"1", "true", "yes", "on"}:
if str(header_value or "").strip().lower() in ADMIN_HEADER_TRUE_VALUES:
return True
identities = {
str(username or "").strip().lower(),
str(name or "").strip().lower(),
}
return "admin" in identities or "admin" in {_normalize_role_code(item) for item in role_codes}
normalized_role_codes = {_normalize_role_code(item) for item in role_codes}
return bool(identities & PLATFORM_ADMIN_IDENTITIES) or bool(normalized_role_codes & PLATFORM_ADMIN_IDENTITIES)
def require_admin_user(