feat: 新增员工行为画像算法与费用风险标签体系

后端新增员工行为画像算法模块，支持标签规则引擎和评分计算，完善员工模型、银行信息、序列化和导入逻辑，优化报销审批流和工作流常量，增强 Hermes 同步和知识同步能力，前端新增费用画像详情弹窗、雷达图和风险卡片组件，完善登录页和工作台样式，优化文档中心和归档中心交互，补充单元测试。
2026-05-28 12:09:49 +08:00
parent 04cd6d0f81
commit 8a4a777be7
96 changed files with 9835 additions and 704 deletions
--- a/web/src/utils/accessControl.js
+++ b/web/src/utils/accessControl.js
@@ -1,239 +1,239 @@
-export const DEFAULT_APP_VIEW_ORDER = [
-  'overview',
-  'workbench',
-  'documents',
-  'budget',
-  'policies',
-  'audit',
-  'digitalEmployees',
-  'logs',
+export const DEFAULT_APP_VIEW_ORDER = [
+  'workbench',
+  'documents',
+  'budget',
+  'audit',
+  'overview',
+  'policies',
+  'digitalEmployees',
+  'logs',
  'employees',
  'settings'
 ]

-const ALWAYS_VISIBLE_VIEWS = new Set(['workbench', 'documents', 'policies'])
-const VIEW_ROLE_RULES = {
-  overview: ['finance', 'executive'],
-  budget: ['budget_monitor', 'executive'],
-  audit: ['finance'],
-  digitalEmployees: ['finance'],
-  logs: ['manager'],
-  employees: ['manager'],
-  settings: ['manager']
-}
-const CLAIM_MANAGER_ROLE_CODES = new Set(['executive'])
-const CLAIM_RETURN_ROLE_CODES = new Set(['finance', 'executive', 'manager', 'approver', 'budget_monitor'])
-const CLAIM_LEADER_APPROVAL_ROLE_CODES = new Set(['manager', 'approver'])
-const CLAIM_BUDGET_APPROVAL_GRADE = 'P8'
+const ALWAYS_VISIBLE_VIEWS = new Set(['workbench', 'documents', 'policies'])
+const VIEW_ROLE_RULES = {
+  overview: ['finance', 'executive'],
+  budget: ['budget_monitor', 'executive'],
+  audit: ['finance'],
+  digitalEmployees: ['finance'],
+  logs: ['manager'],
+  employees: ['manager'],
+  settings: ['manager']
+}
+const CLAIM_MANAGER_ROLE_CODES = new Set(['executive'])
+const CLAIM_RETURN_ROLE_CODES = new Set(['finance', 'executive', 'manager', 'approver', 'budget_monitor'])
+const CLAIM_LEADER_APPROVAL_ROLE_CODES = new Set(['manager', 'approver'])
+const CLAIM_BUDGET_APPROVAL_GRADE = 'P8'

-function normalizedRoleCodes(user) {
-  if (!user) {
-    return []
-  }
-
-  return Array.isArray(user.roleCodes)
-    ? user.roleCodes
-        .map((item) => normalizeRoleCode(item))
-        .filter(Boolean)
-    : []
-}
-
-function normalizeRoleCode(value) {
-  const roleCode = String(value || '').trim().toLowerCase()
-  return roleCode === 'auditor' ? 'budget_monitor' : roleCode
-}
-
-function normalizeComparableText(value) {
-  return String(value || '').trim()
-}
-
-function collectIdentityNames(...values) {
-  return values
-    .map((value) => normalizeComparableText(value))
-    .filter(Boolean)
-}
-
-function identityIntersects(leftValues, rightValues) {
-  const rightSet = new Set(rightValues)
-  return leftValues.some((item) => rightSet.has(item))
-}
-
-function normalizedGrade(user) {
-  return String(user?.grade || user?.employeeGrade || '').trim().toUpperCase()
-}
-
-function departmentIntersects(request, user) {
-  const requestDepartments = collectIdentityNames(
-    request?.dept,
-    request?.departmentName,
-    request?.department_name
-  )
-  const currentDepartments = collectIdentityNames(
-    user?.department,
-    user?.departmentName,
-    user?.department_name
-  )
-
-  return requestDepartments.length > 0 && identityIntersects(requestDepartments, currentDepartments)
-}
-
-function hasPlatformAdminIdentity(user) {
-  if (!user) {
-    return false
-  }
-
-  const username = String(user.username || user.account || '').trim().toLowerCase()
-  const role = String(user.role || '').trim().toLowerCase()
-  const roleCodes = normalizedRoleCodes(user)
-
-  return (
-    Boolean(user.isAdmin)
-    || username === 'admin'
-    || role === 'admin'
-    || role === '管理员'
-    || role === '系统管理员'
-    || roleCodes.includes('admin')
-  )
-}
-
-export function isManagerUser(user) {
-  return hasPlatformAdminIdentity(user) || normalizedRoleCodes(user).includes('manager')
-}
-
-export function isPlatformAdminUser(user) {
-  return hasPlatformAdminIdentity(user)
-}
-
-export function isFinanceUser(user) {
-  return normalizedRoleCodes(user).includes('finance')
-}
+function normalizedRoleCodes(user) {
+  if (!user) {
+    return []
+  }

-export function isExecutiveUser(user) {
-  return normalizedRoleCodes(user).includes('executive')
-}
-
-export function isBudgetMonitorUser(user) {
-  return normalizedRoleCodes(user).includes('budget_monitor')
-}
-
-export function canEditBudgetCenter(user) {
-  return isPlatformAdminUser(user) || isExecutiveUser(user)
-}
-
-export function canSwitchBudgetDepartments(user) {
-  return isPlatformAdminUser(user) || isExecutiveUser(user)
-}
-
-export function canManageExpenseClaims(user) {
-  if (isPlatformAdminUser(user)) {
-    return true
-  }
-
-  return normalizedRoleCodes(user).some((roleCode) => CLAIM_MANAGER_ROLE_CODES.has(roleCode))
-}
-
-export function canDeleteArchivedExpenseClaims(user) {
-  return isPlatformAdminUser(user)
-}
-
-export function canReturnExpenseClaims(user) {
-  if (isPlatformAdminUser(user)) {
-    return true
-  }
+  return Array.isArray(user.roleCodes)
+    ? user.roleCodes
+        .map((item) => normalizeRoleCode(item))
+        .filter(Boolean)
+    : []
+}
+
+function normalizeRoleCode(value) {
+  const roleCode = String(value || '').trim().toLowerCase()
+  return roleCode === 'auditor' ? 'budget_monitor' : roleCode
+}
+
+function normalizeComparableText(value) {
+  return String(value || '').trim()
+}
+
+function collectIdentityNames(...values) {
+  return values
+    .map((value) => normalizeComparableText(value))
+    .filter(Boolean)
+}
+
+function identityIntersects(leftValues, rightValues) {
+  const rightSet = new Set(rightValues)
+  return leftValues.some((item) => rightSet.has(item))
+}
+
+function normalizedGrade(user) {
+  return String(user?.grade || user?.employeeGrade || '').trim().toUpperCase()
+}
+
+function departmentIntersects(request, user) {
+  const requestDepartments = collectIdentityNames(
+    request?.dept,
+    request?.departmentName,
+    request?.department_name
+  )
+  const currentDepartments = collectIdentityNames(
+    user?.department,
+    user?.departmentName,
+    user?.department_name
+  )
+
+  return requestDepartments.length > 0 && identityIntersects(requestDepartments, currentDepartments)
+}
+
+function hasPlatformAdminIdentity(user) {
+  if (!user) {
+    return false
+  }
+
+  const username = String(user.username || user.account || '').trim().toLowerCase()
+  const role = String(user.role || '').trim().toLowerCase()
+  const roleCodes = normalizedRoleCodes(user)
+
+  return (
+    Boolean(user.isAdmin)
+    || username === 'admin'
+    || role === 'admin'
+    || role === '管理员'
+    || role === '系统管理员'
+    || roleCodes.includes('admin')
+  )
+}
+
+export function isManagerUser(user) {
+  return hasPlatformAdminIdentity(user) || normalizedRoleCodes(user).includes('manager')
+}
+
+export function isPlatformAdminUser(user) {
+  return hasPlatformAdminIdentity(user)
+}
+
+export function isFinanceUser(user) {
+  return normalizedRoleCodes(user).includes('finance')
+}
+
+export function isExecutiveUser(user) {
+  return normalizedRoleCodes(user).includes('executive')
+}
+
+export function isBudgetMonitorUser(user) {
+  return normalizedRoleCodes(user).includes('budget_monitor')
+}
+
+export function canEditBudgetCenter(user) {
+  return isPlatformAdminUser(user) || isExecutiveUser(user)
+}
+
+export function canSwitchBudgetDepartments(user) {
+  return isPlatformAdminUser(user) || isExecutiveUser(user)
+}
+
+export function canManageExpenseClaims(user) {
+  if (isPlatformAdminUser(user)) {
+    return true
+  }
+
+  return normalizedRoleCodes(user).some((roleCode) => CLAIM_MANAGER_ROLE_CODES.has(roleCode))
+}
+
+export function canDeleteArchivedExpenseClaims(user) {
+  return isPlatformAdminUser(user)
+}
+
+export function canReturnExpenseClaims(user) {
+  if (isPlatformAdminUser(user)) {
+    return true
+  }

  return normalizedRoleCodes(user).some((roleCode) => CLAIM_RETURN_ROLE_CODES.has(roleCode))
 }

-export function canApproveLeaderExpenseClaims(user) {
-  if (isPlatformAdminUser(user)) {
-    return true
-  }
-
-  return normalizedRoleCodes(user).some((roleCode) => CLAIM_LEADER_APPROVAL_ROLE_CODES.has(roleCode))
-}
-
-export function canApproveBudgetExpenseApplications(user, request = null) {
-  if (isPlatformAdminUser(user)) {
-    return true
-  }
-
-  const roleCodes = normalizedRoleCodes(user)
-  if (roleCodes.includes('executive')) {
-    return true
-  }
-  if (!roleCodes.includes('budget_monitor')) {
-    return false
-  }
-  if (normalizedGrade(user) !== CLAIM_BUDGET_APPROVAL_GRADE) {
-    return false
-  }
-
-  return request ? departmentIntersects(request, user) : true
-}
-
-export function isCurrentRequestApplicant(request, user) {
-  const applicantNames = collectIdentityNames(
-    request?.person,
-    request?.employeeName,
-    request?.employee_name,
-    request?.profileName,
-    request?.applicant
-  )
-  const currentNames = collectIdentityNames(
-    user?.name,
-    user?.username,
-    user?.email,
-    user?.employeeNo,
-    user?.employee_no
-  )
-
-  return applicantNames.length > 0 && identityIntersects(applicantNames, currentNames)
-}
-
-export function isCurrentDirectManagerForRequest(request, user) {
-  if (isCurrentRequestApplicant(request, user)) {
-    return false
-  }
-
-  const managerNames = collectIdentityNames(
-    request?.profileManager,
-    request?.managerName,
-    request?.manager_name,
-    request?.directManagerName,
-    request?.direct_manager_name,
-    request?.manager
-  )
-  const currentNames = collectIdentityNames(
-    user?.name,
-    user?.username,
-    user?.email,
-    user?.employeeNo,
-    user?.employee_no
-  )
-
-  return managerNames.length > 0 && identityIntersects(managerNames, currentNames)
-}
-
-export function canAccessAppView(user, viewId) {
-  if (!viewId || !user) {
-    return false
-  }
-
-  if (!DEFAULT_APP_VIEW_ORDER.includes(viewId)) {
-    return false
-  }
-
-  if (viewId === 'budget') {
-    if (isPlatformAdminUser(user)) {
-      return true
-    }
-    const roleCodes = normalizedRoleCodes(user)
-    return VIEW_ROLE_RULES.budget.some((roleCode) => roleCodes.includes(roleCode))
-  }
-
-  if (isManagerUser(user)) {
-    return true
-  }
+export function canApproveLeaderExpenseClaims(user) {
+  if (isPlatformAdminUser(user)) {
+    return true
+  }
+
+  return normalizedRoleCodes(user).some((roleCode) => CLAIM_LEADER_APPROVAL_ROLE_CODES.has(roleCode))
+}
+
+export function canApproveBudgetExpenseApplications(user, request = null) {
+  if (isPlatformAdminUser(user)) {
+    return true
+  }
+
+  const roleCodes = normalizedRoleCodes(user)
+  if (roleCodes.includes('executive')) {
+    return true
+  }
+  if (!roleCodes.includes('budget_monitor')) {
+    return false
+  }
+  if (normalizedGrade(user) !== CLAIM_BUDGET_APPROVAL_GRADE) {
+    return false
+  }
+
+  return request ? departmentIntersects(request, user) : true
+}
+
+export function isCurrentRequestApplicant(request, user) {
+  const applicantNames = collectIdentityNames(
+    request?.person,
+    request?.employeeName,
+    request?.employee_name,
+    request?.profileName,
+    request?.applicant
+  )
+  const currentNames = collectIdentityNames(
+    user?.name,
+    user?.username,
+    user?.email,
+    user?.employeeNo,
+    user?.employee_no
+  )
+
+  return applicantNames.length > 0 && identityIntersects(applicantNames, currentNames)
+}
+
+export function isCurrentDirectManagerForRequest(request, user) {
+  if (isCurrentRequestApplicant(request, user)) {
+    return false
+  }
+
+  const managerNames = collectIdentityNames(
+    request?.profileManager,
+    request?.managerName,
+    request?.manager_name,
+    request?.directManagerName,
+    request?.direct_manager_name,
+    request?.manager
+  )
+  const currentNames = collectIdentityNames(
+    user?.name,
+    user?.username,
+    user?.email,
+    user?.employeeNo,
+    user?.employee_no
+  )
+
+  return managerNames.length > 0 && identityIntersects(managerNames, currentNames)
+}
+
+export function canAccessAppView(user, viewId) {
+  if (!viewId || !user) {
+    return false
+  }
+
+  if (!DEFAULT_APP_VIEW_ORDER.includes(viewId)) {
+    return false
+  }
+
+  if (viewId === 'budget') {
+    if (isPlatformAdminUser(user)) {
+      return true
+    }
+    const roleCodes = normalizedRoleCodes(user)
+    return VIEW_ROLE_RULES.budget.some((roleCode) => roleCodes.includes(roleCode))
+  }
+
+  if (isManagerUser(user)) {
+    return true
+  }

  if (ALWAYS_VISIBLE_VIEWS.has(viewId)) {
    return true