feat(server): 新增申请核对预览快速建单接口与平台管理员判定统一
- reimbursements 新增 POST /application-preview-action,AI 工作台表格核对后直接走 UserAgentService 建单/提交,免去通用 Orchestrator 编排 - 平台管理员判定统一抽取 PLATFORM_ADMIN_IDENTITIES 常量,identity 与 role_codes 均支持 admin/superadmin,含 header 开关 - docker-compose 镜像补装 openssh-server - 同步更新差旅/交通/通信等财务规则表与 reimbursements 端点测试
This commit is contained in:
@@ -8,6 +8,10 @@ from sqlalchemy.orm import Session
|
||||
from app.db.session import get_session_factory
|
||||
|
||||
|
||||
PLATFORM_ADMIN_IDENTITIES = {"admin", "superadmin"}
|
||||
ADMIN_HEADER_TRUE_VALUES = {"1", "true", "yes", "on"}
|
||||
|
||||
|
||||
def get_db() -> Generator[Session, None, None]:
|
||||
db = get_session_factory()()
|
||||
try:
|
||||
@@ -124,14 +128,15 @@ def _resolve_platform_admin_flag(
|
||||
role_codes: list[str],
|
||||
header_value: str | None,
|
||||
) -> bool:
|
||||
if str(header_value or "").strip().lower() in {"1", "true", "yes", "on"}:
|
||||
if str(header_value or "").strip().lower() in ADMIN_HEADER_TRUE_VALUES:
|
||||
return True
|
||||
|
||||
identities = {
|
||||
str(username or "").strip().lower(),
|
||||
str(name or "").strip().lower(),
|
||||
}
|
||||
return "admin" in identities or "admin" in {_normalize_role_code(item) for item in role_codes}
|
||||
normalized_role_codes = {_normalize_role_code(item) for item in role_codes}
|
||||
return bool(identities & PLATFORM_ADMIN_IDENTITIES) or bool(normalized_role_codes & PLATFORM_ADMIN_IDENTITIES)
|
||||
|
||||
|
||||
def require_admin_user(
|
||||
|
||||
Reference in New Issue
Block a user