from __future__ import annotations ROLE_DISPLAY_ORDER = { "manager": 1, "finance": 2, "approver": 3, "executive": 4, "auditor": 5, "user": 6, } ROLE_DEFINITIONS = [ { "role_code": "user", "name": "使用者", "description": "可以发起报销、查看个人单据和使用 AI 助手。", }, { "role_code": "finance", "name": "财务人员", "description": "可以处理复核、查看财务知识与风险校验结果。", }, { "role_code": "manager", "name": "管理员", "description": "可以维护员工档案、组织结构和角色权限。", }, { "role_code": "executive", "name": "高级管理人员", "description": "可以查看跨部门数据看板与关键审批结果。", }, { "role_code": "approver", "name": "审批负责人", "description": "可以处理审批中心中的待审单据。", }, { "role_code": "auditor", "name": "审计观察员", "description": "可以查看变更记录和权限调整历史。", }, ] ROLE_PERMISSION_MAP = { "user": ["可发起差旅申请与报销", "可查看个人单据与票据识别结果"], "finance": ["可处理财务复核任务", "可查看风险校验与财务知识库"], "manager": ["可维护员工档案与组织结构", "可配置系统角色与访问边界"], "executive": ["可查看跨部门经营看板", "可处理高金额报销最终审批"], "approver": ["可处理本部门待审单据", "可查看审批链路与 SLA 状态"], "auditor": ["可查看权限变更与审计留痕", "可导出员工权限观察记录"], }