feat: add rag backend and review access fixes

2026-05-08 10:58:24 +08:00
parent 1c84209f38
commit 9c86bf59e5
32 changed files with 3877 additions and 23 deletions
@@ -618,6 +618,15 @@ class DocumentServiceImpl(IDocumentService):
            currentUser = await self._getCurrentUserContext(CurrentUserId)
            documentColumns = await self._loadDocumentColumns(Session)
            detail = await self._getDocumentDetail(Session, DocumentId, CurrentUserId, currentUser, documentColumns)
+            if not detail and await self._hasCrossReviewDocumentAccess(Session, DocumentId, CurrentUserId):
+                detail = await self._getDocumentDetail(
+                    Session,
+                    DocumentId,
+                    CurrentUserId,
+                    currentUser,
+                    documentColumns,
+                    BypassScopeCheck=True,
+                )
            if not detail:
                raise LeauditException(StatusCodeEnum.HTTP_404_NOT_FOUND, "文档不存在或无权访问")

@@ -679,6 +688,15 @@ class DocumentServiceImpl(IDocumentService):
            currentUser = await self._getCurrentUserContext(CurrentUserId)
            documentColumns = await self._loadDocumentColumns(Session)
            detail = await self._getDocumentDetail(Session, documentId, CurrentUserId, currentUser, documentColumns)
+            if not detail and await self._hasCrossReviewDocumentAccess(Session, documentId, CurrentUserId):
+                detail = await self._getDocumentDetail(
+                    Session,
+                    documentId,
+                    CurrentUserId,
+                    currentUser,
+                    documentColumns,
+                    BypassScopeCheck=True,
+                )
            if not detail:
                raise LeauditException(StatusCodeEnum.HTTP_404_NOT_FOUND, "文档不存在或无权访问")

@@ -742,6 +760,15 @@ class DocumentServiceImpl(IDocumentService):
            currentUser = await self._getCurrentUserContext(CurrentUserId)
            documentColumns = await self._loadDocumentColumns(Session)
            detail = await self._getDocumentDetail(Session, DocumentId, CurrentUserId, currentUser, documentColumns)
+            if not detail and await self._hasCrossReviewDocumentAccess(Session, DocumentId, CurrentUserId):
+                detail = await self._getDocumentDetail(
+                    Session,
+                    DocumentId,
+                    CurrentUserId,
+                    currentUser,
+                    documentColumns,
+                    BypassScopeCheck=True,
+                )
            if not detail:
                raise LeauditException(StatusCodeEnum.HTTP_404_NOT_FOUND, "文档不存在或无权访问")

@@ -1601,19 +1628,21 @@ class DocumentServiceImpl(IDocumentService):
        CurrentUserId: int,
        CurrentUser: dict[str, Any],
        DocumentColumns: set[str],
+        BypassScopeCheck: bool = False,
    ) -> DocumentDetailVO | None:
        """查询单文档详情，并附带历史版本。"""
        params: dict[str, object] = {"id": DocumentId}
        filters = ["d.id = :id", "d.deleted_at IS NULL", "f.is_active = true", "f.file_role = 'primary'"]
-        filters.extend(
-            self._buildDocumentScopeFilters(
-                CurrentUserId=CurrentUserId,
-                CurrentUser=CurrentUser,
-                Params=params,
-                DocumentAlias="d",
-                FileAlias="f",
+        if not BypassScopeCheck:
+            filters.extend(
+                self._buildDocumentScopeFilters(
+                    CurrentUserId=CurrentUserId,
+                    CurrentUser=CurrentUser,
+                    Params=params,
+                    DocumentAlias="d",
+                    FileAlias="f",
+                )
            )
-        )
        whereClause = " AND ".join(filters)

        groupIdSelectExpr = "d.group_id" if "group_id" in DocumentColumns else "NULL::bigint"
@@ -1832,6 +1861,38 @@ class DocumentServiceImpl(IDocumentService):
            attachments=attachments,
        )

+    async def _hasCrossReviewDocumentAccess(self, Session, DocumentId: int, CurrentUserId: int) -> bool:
+        """判断当前用户是否作为交叉评查任务成员拥有文档访问权。"""
+        if not await self._tableExists(Session, "leaudit_cross_review_task_documents"):
+            return False
+        if not await self._tableExists(Session, "leaudit_cross_review_task_members"):
+            return False
+        if not await self._tableExists(Session, "leaudit_cross_review_tasks"):
+            return False
+
+        row = (
+            await Session.execute(
+                text(
+                    """
+                    SELECT 1
+                    FROM leaudit_cross_review_task_documents td
+                    JOIN leaudit_cross_review_task_members tm
+                      ON tm.task_id = td.task_id
+                    JOIN leaudit_cross_review_tasks t
+                      ON t.id = td.task_id
+                    WHERE td.document_id = :document_id
+                      AND tm.user_id = :user_id
+                      AND td.delete_time IS NULL
+                      AND tm.delete_time IS NULL
+                      AND t.delete_time IS NULL
+                    LIMIT 1
+                    """
+                ),
+                {"document_id": DocumentId, "user_id": CurrentUserId},
+            )
+        ).first()
+        return bool(row)
+
    def _buildDocumentScopeFilters(
        self,
        CurrentUserId: int,