feat: 增强员工管理与报销单全流程功能

- 新增员工Excel导入服务(employee_spreadsheet)及导入/导出API端点
- 员工服务增加批量创建、邮箱唯一校验、组织架构关联等能力
- 报销单提交补充身份回填、部门信息透传及预审结果展示优化
- 认证流程增加部门信息(departmentName)并在schema中同步扩展
- 用户Agent服务增加部门关联与报销单回填逻辑
- 前端员工管理页面全面重构，新增导入导出、搜索过滤、分页等功能
- 前端审批中心、审计、差旅报销等视图交互与样式优化
- 新增TableLoadingState共享组件及员工导入测试用例

web/src/utils/accessControl.js

@@ -11,22 +11,25 @@ export const DEFAULT_APP_VIEW_ORDER = [
 ]
 
 const ALWAYS_VISIBLE_VIEWS = new Set(['workbench', 'requests', 'policies'])
-const VIEW_ROLE_RULES = {
-  overview: ['finance', 'executive'],
-  approval: ['approver'],
+const VIEW_ROLE_RULES = {
+  overview: ['finance', 'executive'],
+  approval: ['approver', 'finance', 'executive'],
   audit: ['auditor', 'finance'],
   logs: ['manager'],
   employees: ['manager'],
   settings: ['manager']
 }
+const CLAIM_MANAGER_ROLE_CODES = new Set(['finance', 'executive'])
 
 function normalizedRoleCodes(user) {
   if (!user) {
     return []
   }
 
-  return Array.isArray(user.roleCodes) ? user.roleCodes.filter(Boolean) : []
-}
+  return Array.isArray(user.roleCodes)
+    ? user.roleCodes.map((item) => String(item || '').trim().toLowerCase()).filter(Boolean)
+    : []
+}
 
 export function isManagerUser(user) {
   return Boolean(user?.isAdmin) || normalizedRoleCodes(user).includes('manager')
@@ -35,8 +38,20 @@ export function isManagerUser(user) {
 export function isFinanceUser(user) {
   return normalizedRoleCodes(user).includes('finance')
 }
-
-export function canAccessAppView(user, viewId) {
+
+export function isExecutiveUser(user) {
+  return normalizedRoleCodes(user).includes('executive')
+}
+
+export function canManageExpenseClaims(user) {
+  if (Boolean(user?.isAdmin)) {
+    return true
+  }
+
+  return normalizedRoleCodes(user).some((roleCode) => CLAIM_MANAGER_ROLE_CODES.has(roleCode))
+}
+
+export function canAccessAppView(user, viewId) {
   if (!viewId || !user) {
     return false
   }