feat(web): 统一平台管理员判定与 AI 工作台申请预览动作接入

- authUser 抽出 resolveAuthUserAdminFlag，统一 isAdmin 解析（含 superadmin、role_codes、中英文角色名），accessControl 复用同一逻辑 - 登录态、应用外壳路由、系统状态接入统一管理员判定，LoginView 与相关 composable 配套调整 - AI 工作台申请提交改为调用新的 /application-preview-action 接口，草稿保存仍走 orchestrator；预审模型补充重叠冲突提示与阻断判断 - 同步更新 accessControl/api-request/ai 预览动作等前端测试
2026-06-20 14:42:04 +08:00
parent 729d833edb
commit 96c2e1099a
21 changed files with 1364 additions and 331 deletions
--- a/web/tests/api-request.test.mjs
+++ b/web/tests/api-request.test.mjs
@@ -94,6 +94,46 @@ async function testInjectsAuthenticatedUserHeaders() {
  assert.equal(capturedOptions.headers['x-auth-is-admin'], 'true')
 }

+async function testInjectsLegacyAdminHeaderFromSnakeCaseFlag() {
+  const sessionStorage = new Map([
+    [
+      'x-financial-auth-user',
+      JSON.stringify({
+        username: 'superadmin',
+        name: 'superadmin',
+        roleCodes: ['manager'],
+        is_admin: true
+      })
+    ]
+  ])
+
+  global.window = {
+    sessionStorage: {
+      getItem(key) {
+        return sessionStorage.get(key) ?? null
+      }
+    }
+  }
+
+  let capturedOptions = null
+
+  global.fetch = async (_url, options) => {
+    capturedOptions = options
+    return {
+      ok: true,
+      async json() {
+        return { ok: true }
+      }
+    }
+  }
+
+  await apiRequest('/reimbursements/claims/demo', { method: 'DELETE' })
+
+  assert.equal(capturedOptions.headers['x-auth-username'], 'superadmin')
+  assert.equal(capturedOptions.headers['x-auth-role-codes'], 'manager')
+  assert.equal(capturedOptions.headers['x-auth-is-admin'], 'true')
+}
+
 async function testFormatsValidationErrors() {
  global.fetch = async () => ({
    ok: false,
@@ -153,6 +193,7 @@ async function run() {
  await testUsesCustomContentTypeHeader()
  await testSupportsBlobResponses()
  await testInjectsAuthenticatedUserHeaders()
+  await testInjectsLegacyAdminHeaderFromSnakeCaseFlag()
  await testFormatsValidationErrors()
  await testRejectsWithCustomTimeoutMessage()
  console.log('api-request tests passed')