export const DEFAULT_APP_VIEW_ORDER = [ 'overview', 'workbench', 'documents', 'budget', 'policies', 'audit', 'logs', 'employees', 'settings' ] const ALWAYS_VISIBLE_VIEWS = new Set(['workbench', 'documents', 'policies']) const VIEW_ROLE_RULES = { overview: ['finance', 'executive'], budget: ['budget_monitor', 'executive'], audit: ['finance'], logs: ['manager'], employees: ['manager'], settings: ['manager'] } const CLAIM_MANAGER_ROLE_CODES = new Set(['executive']) const CLAIM_RETURN_ROLE_CODES = new Set(['finance', 'executive', 'manager', 'approver']) const CLAIM_LEADER_APPROVAL_ROLE_CODES = new Set(['manager', 'approver']) function normalizedRoleCodes(user) { if (!user) { return [] } return Array.isArray(user.roleCodes) ? user.roleCodes .map((item) => normalizeRoleCode(item)) .filter(Boolean) : [] } function normalizeRoleCode(value) { const roleCode = String(value || '').trim().toLowerCase() return roleCode === 'auditor' ? 'budget_monitor' : roleCode } function hasPlatformAdminIdentity(user) { if (!user) { return false } const username = String(user.username || user.account || '').trim().toLowerCase() const role = String(user.role || '').trim().toLowerCase() const roleCodes = normalizedRoleCodes(user) return ( Boolean(user.isAdmin) || username === 'admin' || role === 'admin' || role === '管理员' || role === '系统管理员' || roleCodes.includes('admin') ) } export function isManagerUser(user) { return hasPlatformAdminIdentity(user) || normalizedRoleCodes(user).includes('manager') } export function isPlatformAdminUser(user) { return hasPlatformAdminIdentity(user) } export function isFinanceUser(user) { return normalizedRoleCodes(user).includes('finance') } export function isExecutiveUser(user) { return normalizedRoleCodes(user).includes('executive') } export function isBudgetMonitorUser(user) { return normalizedRoleCodes(user).includes('budget_monitor') } export function canEditBudgetCenter(user) { return isPlatformAdminUser(user) || isExecutiveUser(user) } export function canSwitchBudgetDepartments(user) { return isPlatformAdminUser(user) || isExecutiveUser(user) } export function canManageExpenseClaims(user) { if (isPlatformAdminUser(user)) { return true } return normalizedRoleCodes(user).some((roleCode) => CLAIM_MANAGER_ROLE_CODES.has(roleCode)) } export function canDeleteArchivedExpenseClaims(user) { return isPlatformAdminUser(user) } export function canReturnExpenseClaims(user) { if (isPlatformAdminUser(user)) { return true } return normalizedRoleCodes(user).some((roleCode) => CLAIM_RETURN_ROLE_CODES.has(roleCode)) } export function canApproveLeaderExpenseClaims(user) { if (isPlatformAdminUser(user)) { return true } return normalizedRoleCodes(user).some((roleCode) => CLAIM_LEADER_APPROVAL_ROLE_CODES.has(roleCode)) } export function canAccessAppView(user, viewId) { if (!viewId || !user) { return false } if (!DEFAULT_APP_VIEW_ORDER.includes(viewId)) { return false } if (viewId === 'budget') { if (isPlatformAdminUser(user)) { return true } const roleCodes = normalizedRoleCodes(user) return VIEW_ROLE_RULES.budget.some((roleCode) => roleCodes.includes(roleCode)) } if (isManagerUser(user)) { return true } if (ALWAYS_VISIBLE_VIEWS.has(viewId)) { return true } const requiredRoles = VIEW_ROLE_RULES[viewId] || [] const roleCodes = normalizedRoleCodes(user) return requiredRoles.some((roleCode) => roleCodes.includes(roleCode)) } export function getAccessibleViewIds(user) { return DEFAULT_APP_VIEW_ORDER.filter((viewId) => canAccessAppView(user, viewId)) } export function filterNavItemsByAccess(navItems, user) { return navItems.filter((item) => canAccessAppView(user, item.id)) } export function resolveDefaultAuthorizedRoute(user) { const firstVisibleView = getAccessibleViewIds(user)[0] return { name: `app-${firstVisibleView || 'workbench'}` } }