feat: update audit platform workspace

2026-05-25 09:50:01 +08:00
parent ba8e93c0d3
commit 68d0b4c878
73 changed files with 12196 additions and 367 deletions
@@ -4,6 +4,7 @@ import json
 from typing import Any

 from fastapi import Depends, File, Form, Query, UploadFile
+from fastapi.responses import JSONResponse
 from pydantic import BaseModel, Field
 from sqlalchemy import text

@@ -34,6 +35,8 @@ from fastapi_modules.fastapi_leaudit.domian.vo.reviewPointVo import (
 )
 from fastapi_modules.fastapi_leaudit.services import IDocumentService
 from fastapi_modules.fastapi_leaudit.services.impl.documentServiceImpl import DocumentServiceImpl
+from fastapi_modules.fastapi_leaudit.services.impl.permissionServiceImpl import PermissionServiceImpl
+from fastapi_modules.fastapi_leaudit.services.permissionService import IPermissionService


 class QueueStatusVO(BaseModel):
@@ -51,6 +54,8 @@ class ReviewPointAuditDTO(BaseModel):
 class DocumentController(BaseController):
    """文档控制器。"""

+    _CROSS_REVIEW_DOCUMENT_READ_PERMISSION = "cross_review:document:read"
+
    @staticmethod
    def _tenant_context(payload: dict[str, Any]) -> dict[str, str | None]:
        return {
@@ -61,6 +66,7 @@ class DocumentController(BaseController):
    def __init__(self):
        super().__init__(prefix="", tags=["文档"])
        self.DocumentService: IDocumentService = DocumentServiceImpl()
+        self.PermissionService: IPermissionService = PermissionServiceImpl()

        @self.router.post("/upload", response_model=Result[DocumentUploadVO])
        async def UploadDocument(
@@ -69,6 +75,8 @@ class DocumentController(BaseController):
            typeId: int | None = Form(None, description="文档类型ID"),
            typeCode: str | None = Form(None, description="文档类型编码"),
            groupId: int | None = Form(None, description="二级分组ID"),
+            entryModuleId: int | None = Form(None, description="入口模块ID"),
+            entry_module_id: int | None = Form(None, description="入口模块ID，兼容蛇形字段"),
            region: str | None = Form(None, description="所属租户/地区"),
            tenant_code: str | None = Form(None, description="租户编码"),
            fileRole: str = Form("primary", description="文件角色"),
@@ -97,6 +105,7 @@ class DocumentController(BaseController):
                TypeId=typeId,
                TypeCode=typeCode,
                GroupId=groupId,
+                EntryModuleId=entryModuleId or entry_module_id,
                Region=region,
                FileRole=fileRole,
                CreatedBy=int(payload["user_id"]),
@@ -194,7 +203,11 @@ class DocumentController(BaseController):
            payload: dict[str, Any] = Depends(verify_access_token),
        ):
            """获取单个文档详情（带数据隔离校验）。"""
-            Data = await self.DocumentService.GetDocument(CurrentUserId=int(payload["user_id"]), Id=DocumentId)
+            userId = int(payload["user_id"])
+            deniedResponse = await self._deny_cross_review_document_without_permission(userId, DocumentId)
+            if deniedResponse:
+                return deniedResponse
+            Data = await self.DocumentService.GetDocument(CurrentUserId=userId, Id=DocumentId)
            return Result.success(data=Data)

        @self.router.get("/v3/review-points/{DocumentId}", response_model=Result[ReviewPointsAggregateVO])
@@ -203,7 +216,11 @@ class DocumentController(BaseController):
            payload: dict[str, Any] = Depends(verify_access_token),
        ):
            """获取评查详情页聚合数据（带数据隔离校验）。"""
-            Data = await self.DocumentService.GetReviewPoints(CurrentUserId=int(payload["user_id"]), DocumentId=DocumentId)
+            userId = int(payload["user_id"])
+            deniedResponse = await self._deny_cross_review_document_without_permission(userId, DocumentId)
+            if deniedResponse:
+                return deniedResponse
+            Data = await self.DocumentService.GetReviewPoints(CurrentUserId=userId, DocumentId=DocumentId)
            return Result.success(data=Data)

        @self.router.patch("/v3/review-points/{ReviewPointResultId}/audit", response_model=Result[ReviewPointAuditVO])
@@ -400,3 +417,17 @@ class DocumentController(BaseController):
                    },
                )
            )
+
+    async def _deny_cross_review_document_without_permission(self, UserId: int, DocumentId: int) -> JSONResponse | None:
+        if not await self.DocumentService.IsCrossReviewDocument(DocumentId):
+            return None
+        hasPermission = await self.PermissionService.HasAnyPermission(
+            UserId=UserId,
+            PermissionKeys=[self._CROSS_REVIEW_DOCUMENT_READ_PERMISSION],
+        )
+        if hasPermission:
+            return None
+        return JSONResponse(
+            status_code=403,
+            content={"code": 403, "msg": "当前用户没有查看交叉评查结果权限", "data": None},
+        )