import { Controller, Get, Post, Put, Delete, Body, Param, Query, UseGuards, Headers, HttpCode, HttpStatus, } from '@nestjs/common'; import { ApiBearerAuth, ApiTags, ApiOperation, ApiResponse, ApiHeader } from '@nestjs/swagger'; import { CurrentUser } from '@common/decorators/current-user.decorator'; import { RequirePermissions } from '@common/decorators/permissions.decorator'; import { Auditable, Sensitive } from '@core/observability/audit/decorators/auditable.decorator'; import { ApprovalService } from './approval.service'; import { AdminApprovalService } from './admin-approval.service'; import { AdminAnalyticsService } from './admin-analytics.service'; import { AdminConfigService } from './admin-config.service'; import { AdminExportService } from './admin-export.service'; import { DefinitionService } from './definition.service'; import { StartApprovalDto, ApproveDto, RejectDto, ReturnDto, ForwardDto, WithdrawDto, ApproverWithdrawDto, AddSignDto, ClaimDto, UnclaimDto, ExecuteDto, PendingTasksQueryDto, InitiatedQueryDto, ProcessedQueryDto, CcQueryDto, ProcessSearchDto, RemindDto, BatchRemindDto, AdminAnalyticsQueryDto, AdminInstancesQueryDto, AdminInstancesExportDto, AdminSettingsDto, AdminTerminateDto, AdminResumeWithApproversDto, AdminApproveDto, AdminRejectDto, AdminReassignDto, AuditLogsQueryDto, CreateDefinitionDto, UpdateDefinitionDto, DefinitionsQueryDto, } from './dto/approval.dto'; @ApiTags('审批流程') @ApiBearerAuth() @Controller('approval') export class ApprovalController { constructor( private readonly approvalService: ApprovalService, private readonly adminApprovalService: AdminApprovalService, private readonly adminAnalyticsService: AdminAnalyticsService, private readonly adminExportService: AdminExportService, private readonly adminConfigService: AdminConfigService, private readonly definitionService: DefinitionService, ) {} // ==================== 流程启动 ==================== @Post('start') @Auditable() @HttpCode(HttpStatus.CREATED) @RequirePermissions('approval:start') @ApiOperation({ summary: '启动审批流程' }) @ApiResponse({ status: 201, description: '流程启动成功' }) @ApiResponse({ status: 400, description: '请求参数错误' }) @ApiResponse({ status: 404, description: '流程定义不存在' }) @ApiResponse({ status: 409, description: '流程已存在' }) @ApiHeader({ name: 'X-Idempotency-Key', description: '幂等键', required: false }) async startApproval( @Body() dto: StartApprovalDto, @CurrentUser('userId') userId: string, @Headers('X-Idempotency-Key') idempotencyKey?: string, ) { if (idempotencyKey) { dto.idempotencyKey = idempotencyKey; } return this.approvalService.startApproval(dto, userId); } // ==================== 管理员操作 (静态路由优先) ==================== @Post('admin/sync') @Auditable() @Sensitive() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:admin') @ApiOperation({ summary: '同步流程配置' }) @ApiResponse({ status: 200, description: '同步成功' }) async syncDefinitions(@CurrentUser('id') userId: string) { return this.definitionService.syncFromConfig(userId); } @Get('admin/audit-logs') @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员操作日志' }) @ApiResponse({ status: 200, description: '查询成功' }) async getAuditLogs(@Query() query: AuditLogsQueryDto) { return this.adminApprovalService.getAuditLogs(query); } /** * 管理员查看所有流程实例 */ @Get('admin/instances') @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员查看所有流程实例' }) @ApiResponse({ status: 200, description: '查询成功' }) async getAdminInstances(@Query() query: AdminInstancesQueryDto) { return this.adminAnalyticsService.getAdminInstances(query); } @Get('admin/analytics') @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员数据中心统计' }) @ApiResponse({ status: 200, description: '查询成功' }) async getAdminAnalytics(@Query() query: AdminAnalyticsQueryDto) { return this.adminAnalyticsService.getAdminAnalytics(query); } @Post('admin/instances/export') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员明细导出' }) @ApiResponse({ status: 200, description: '导出任务已创建' }) async exportAdminInstances( @Body() dto: AdminInstancesExportDto, @CurrentUser('userId') userId: string, ) { return this.adminExportService.createExportTask(dto, userId); } @Get('admin/exports') @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员导出任务列表' }) @ApiResponse({ status: 200, description: '查询成功' }) async getAdminExports(@CurrentUser('userId') userId: string) { return this.adminExportService.listExports(userId); } @Get('admin/exports/:taskId') @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员导出任务详情' }) @ApiResponse({ status: 200, description: '查询成功' }) async getAdminExportStatus(@Param('taskId') taskId: string) { return this.adminExportService.getExportStatus(taskId); } @Get('admin/settings') @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员数据中心设置' }) @ApiResponse({ status: 200, description: '查询成功' }) async getAdminSettings() { return this.adminConfigService.getSettings(); } @Put('admin/settings') @RequirePermissions('approval:admin') @ApiOperation({ summary: '更新管理员数据中心设置' }) @ApiResponse({ status: 200, description: '更新成功' }) async updateAdminSettings( @Body() dto: AdminSettingsDto, @CurrentUser('userId') userId: string, ) { return this.adminConfigService.updateSettings(dto, userId); } @Post('admin/:instanceId/terminate') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员强制结束流程' }) @ApiHeader({ name: 'X-Admin-Reason', description: '管理员操作原因', required: false }) @ApiHeader({ name: 'X-Request-Id', description: '请求 ID', required: false }) @ApiResponse({ status: 200, description: '操作成功' }) async adminTerminate( @Param('instanceId') instanceId: string, @Body() dto: AdminTerminateDto, @CurrentUser('userId') userId: string, @Headers('X-Admin-Reason') adminReason?: string, @Headers('X-Request-Id') requestId?: string, ) { return this.adminApprovalService.terminate(instanceId, dto, userId, { adminReason, requestId, }); } @Post('admin/:instanceId/resume-with-approvers') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:admin') @ApiOperation({ summary: '恢复挂起的审批流程(指派审批人)', description: 'ERR-20260501-004 配套:节点审批人解析失败导致流程 SUSPENDED 时,管理员指派审批人列表恢复流程。', }) @ApiResponse({ status: 200, description: '流程已恢复' }) async adminResumeWithApprovers( @Param('instanceId') instanceId: string, @Body() dto: AdminResumeWithApproversDto, @CurrentUser('userId') userId: string, @Headers('X-Admin-Reason') adminReason?: string, @Headers('X-Request-Id') requestId?: string, ) { return this.adminApprovalService.resumeWithApprovers(instanceId, dto, userId, { adminReason, requestId, }); } @Post('admin/:instanceId/approve') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员代审批(通过)' }) @ApiHeader({ name: 'X-Admin-Reason', description: '管理员操作原因', required: false }) @ApiHeader({ name: 'X-Request-Id', description: '请求 ID', required: false }) @ApiResponse({ status: 200, description: '操作成功' }) async adminApprove( @Param('instanceId') instanceId: string, @Body() dto: AdminApproveDto, @CurrentUser('userId') userId: string, @Headers('X-Admin-Reason') adminReason?: string, @Headers('X-Request-Id') requestId?: string, ) { return this.adminApprovalService.approve(instanceId, dto, userId, { adminReason, requestId, }); } @Post('admin/:instanceId/reject') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员代审批(驳回)' }) @ApiHeader({ name: 'X-Admin-Reason', description: '管理员操作原因', required: false }) @ApiHeader({ name: 'X-Request-Id', description: '请求 ID', required: false }) @ApiResponse({ status: 200, description: '操作成功' }) async adminReject( @Param('instanceId') instanceId: string, @Body() dto: AdminRejectDto, @CurrentUser('userId') userId: string, @Headers('X-Admin-Reason') adminReason?: string, @Headers('X-Request-Id') requestId?: string, ) { return this.adminApprovalService.reject(instanceId, dto, userId, { adminReason, requestId, }); } @Post('admin/:instanceId/reassign') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:admin') @ApiOperation({ summary: '管理员重新分配任务' }) @ApiHeader({ name: 'X-Admin-Reason', description: '管理员操作原因', required: false }) @ApiHeader({ name: 'X-Request-Id', description: '请求 ID', required: false }) @ApiResponse({ status: 200, description: '操作成功' }) async adminReassign( @Param('instanceId') instanceId: string, @Body() dto: AdminReassignDto, @CurrentUser('userId') userId: string, @Headers('X-Admin-Reason') adminReason?: string, @Headers('X-Request-Id') requestId?: string, ) { return this.adminApprovalService.reassign(instanceId, dto, userId, { adminReason, requestId, }); } // ==================== 流程定义管理 (静态路由) ==================== @Get('definitions') @RequirePermissions('approval:definition:read') @ApiOperation({ summary: '获取流程定义列表' }) @ApiResponse({ status: 200, description: '查询成功' }) async getDefinitions(@Query() query: DefinitionsQueryDto) { return this.definitionService.findAll(query); } @Post('definitions') @HttpCode(HttpStatus.CREATED) @RequirePermissions('approval:definition:create') @ApiOperation({ summary: '创建流程定义' }) @ApiResponse({ status: 201, description: '创建成功' }) @ApiResponse({ status: 409, description: 'KEY 已存在' }) async createDefinition( @Body() dto: CreateDefinitionDto, @CurrentUser('userId') userId: string, ) { return this.definitionService.create(dto, userId); } @Get('definitions/:key') @RequirePermissions('approval:definition:read') @ApiOperation({ summary: '获取流程定义详情' }) @ApiResponse({ status: 200, description: '查询成功' }) @ApiResponse({ status: 404, description: '流程定义不存在' }) async getDefinition(@Param('key') key: string) { return this.definitionService.findByKey(key); } @Put('definitions/:key') @RequirePermissions('approval:definition:update') @ApiOperation({ summary: '更新流程定义' }) @ApiResponse({ status: 200, description: '更新成功' }) @ApiResponse({ status: 404, description: '流程定义不存在' }) async updateDefinition( @Param('key') key: string, @Body() dto: UpdateDefinitionDto, @CurrentUser('userId') userId: string, ) { return this.definitionService.update(key, dto, userId); } @Delete('definitions/:key') @RequirePermissions('approval:definition:delete') @ApiOperation({ summary: '删除流程定义' }) @ApiResponse({ status: 200, description: '删除成功' }) @ApiResponse({ status: 400, description: '有运行中的实例,无法删除' }) @ApiResponse({ status: 404, description: '流程定义不存在' }) async deleteDefinition(@Param('key') key: string) { return this.definitionService.delete(key); } @Get('definitions/:key/versions') @RequirePermissions('approval:definition:read') @ApiOperation({ summary: '获取流程定义版本列表' }) @ApiResponse({ status: 200, description: '查询成功' }) @ApiResponse({ status: 404, description: '流程定义不存在' }) async getDefinitionVersions(@Param('key') key: string) { return this.definitionService.getVersions(key); } // ==================== 任务查询 (静态路由 /my/* 和 /tasks/*) ==================== @Get('my/pending') @ApiOperation({ summary: '我的待办任务' }) @ApiResponse({ status: 200, description: '查询成功' }) async getMyPendingTasks( @CurrentUser('userId') userId: string, @Query() query: PendingTasksQueryDto, ) { return this.approvalService.getMyPendingTasks(userId, query); } @Get('my/initiated') @ApiOperation({ summary: '我发起的流程' }) @ApiResponse({ status: 200, description: '查询成功' }) async getMyInitiated( @CurrentUser('userId') userId: string, @Query() query: InitiatedQueryDto, ) { return this.approvalService.getMyInitiated(userId, query); } @Get('my/processed') @ApiOperation({ summary: '我已处理的任务' }) @ApiResponse({ status: 200, description: '查询成功' }) async getMyProcessed( @CurrentUser('userId') userId: string, @Query() query: ProcessedQueryDto, ) { return this.approvalService.getMyProcessed(userId, query); } @Get('my/cc') @ApiOperation({ summary: '抄送给我的' }) @ApiResponse({ status: 200, description: '查询成功' }) async getMyCc( @CurrentUser('userId') userId: string, @Query() query: CcQueryDto, ) { return this.approvalService.getMyCc(userId, query); } @Get('my/stats') @ApiOperation({ summary: '我的任务统计' }) @ApiResponse({ status: 200, description: '查询成功' }) async getMyStats(@CurrentUser('userId') userId: string) { return this.approvalService.getMyStats(userId); } @Get('my/reminders') @ApiOperation({ summary: '我收到的催办' }) @ApiResponse({ status: 200, description: '查询成功' }) async getMyReminders( @CurrentUser('userId') userId: string, @Query() query: PendingTasksQueryDto, ) { return this.approvalService.getMyReminders(userId, query); } @Get('tasks/:taskId') @ApiOperation({ summary: '任务详情' }) @ApiResponse({ status: 200, description: '查询成功' }) @ApiResponse({ status: 403, description: '无权访问' }) @ApiResponse({ status: 404, description: '任务不存在' }) async getTaskDetail( @Param('taskId') taskId: string, @CurrentUser('userId') userId: string, ) { return this.approvalService.getTaskDetail(taskId, userId); } @Get(':instanceId/returnable-nodes') @ApiOperation({ summary: '可退回节点列表' }) @ApiResponse({ status: 200, description: '查询成功' }) async getReturnableNodes( @Param('instanceId') instanceId: string, @Query('taskId') taskId: string, @CurrentUser('userId') userId: string, ) { // 如果提供了 taskId,使用 taskId 获取可退回节点 if (taskId) { return this.approvalService.getReturnableNodes(instanceId, taskId); } // 否则返回所有可退回节点 return { nodes: [] }; } // ==================== 流程搜索 (静态路由) ==================== @Get('search') @ApiOperation({ summary: '搜索流程' }) @ApiResponse({ status: 200, description: '查询成功' }) async searchProcesses(@Query() query: ProcessSearchDto) { return this.approvalService.searchProcesses(query); } @Get('by-business') @ApiOperation({ summary: '根据业务查询流程 (Query)' }) @ApiResponse({ status: 200, description: '查询成功' }) @ApiResponse({ status: 404, description: '流程不存在' }) async getByBusinessQuery( @Query('businessType') businessType: string, @Query('businessId') businessId: string, ) { return this.approvalService.getProcessByBusiness(businessType, businessId); } @Get('by-business/:businessType/:businessId') @ApiOperation({ summary: '根据业务查询流程 (Path)' }) @ApiResponse({ status: 200, description: '查询成功' }) @ApiResponse({ status: 404, description: '流程不存在' }) async getProcessByBusiness( @Param('businessType') businessType: string, @Param('businessId') businessId: string, ) { return this.approvalService.getProcessByBusiness(businessType, businessId); } @Get('diagram/:businessType/:businessId') @ApiOperation({ summary: '根据业务查询流程图' }) @ApiResponse({ status: 200, description: '查询成功' }) async getDiagramByBusiness( @Param('businessType') businessType: string, @Param('businessId') businessId: string, ) { return this.approvalService.getDiagramByBusiness(businessType, businessId); } // ==================== 审批操作 (动态路由 /:instanceId/*) ==================== @Post(':instanceId/approve') @Auditable() @Sensitive() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:approve') @ApiOperation({ summary: '审批通过' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 400, description: '请求参数错误' }) @ApiResponse({ status: 404, description: '任务不存在' }) @ApiResponse({ status: 409, description: '任务状态冲突' }) async approve( @Param('instanceId') instanceId: string, @Body() dto: ApproveDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.approve(dto, userId); } @Post(':instanceId/reject') @Auditable() @Sensitive() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:reject') @ApiOperation({ summary: '审批驳回' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 400, description: '请求参数错误' }) @ApiResponse({ status: 404, description: '任务不存在' }) @ApiResponse({ status: 409, description: '任务状态冲突' }) async reject( @Param('instanceId') instanceId: string, @Body() dto: RejectDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.reject(dto, userId); } @Post(':instanceId/return') @Auditable() @Sensitive() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:return') @ApiOperation({ summary: '退回到指定节点' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 400, description: '目标节点不可退回' }) @ApiResponse({ status: 404, description: '任务不存在' }) async return( @Param('instanceId') instanceId: string, @Body() dto: ReturnDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.return(dto, userId); } @Post(':instanceId/forward') @Auditable() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:forward') @ApiOperation({ summary: '转发给其他人' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 404, description: '任务不存在' }) async forward( @Param('instanceId') instanceId: string, @Body() dto: ForwardDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.forward(dto, userId); } @Post(':instanceId/withdraw') @Auditable() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:withdraw') @ApiOperation({ summary: '发起人撤回' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 400, description: '流程状态不允许撤回' }) @ApiResponse({ status: 403, description: '只有发起人可以撤回' }) async withdraw( @Param('instanceId') instanceId: string, @Body() dto: WithdrawDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.withdraw(instanceId, dto, userId); } @Post(':instanceId/approver-withdraw') @Auditable() @Sensitive() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:approver-withdraw') @ApiOperation({ summary: '审批人撤回' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 403, description: '没有可撤回的审批操作' }) async approverWithdraw( @Param('instanceId') instanceId: string, @Body() dto: ApproverWithdrawDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.approverWithdraw(instanceId, dto, userId); } @Post(':instanceId/add-sign') @Auditable() @Sensitive() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:add-sign') @ApiOperation({ summary: '加签' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 404, description: '任务不存在' }) async addSign( @Param('instanceId') instanceId: string, @Body() dto: AddSignDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.addSign(instanceId, dto, userId); } @Post(':instanceId/claim') @Auditable() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:claim') @ApiOperation({ summary: '认领任务' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 400, description: '任务已被认领' }) @ApiResponse({ status: 403, description: '不在候选人列表中' }) async claim( @Param('instanceId') instanceId: string, @Body() dto: ClaimDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.claim(instanceId, dto, userId); } @Post(':instanceId/unclaim') @Auditable() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:unclaim') @ApiOperation({ summary: '取消认领' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 400, description: '任务未被认领' }) async unclaim( @Param('instanceId') instanceId: string, @Body() dto: UnclaimDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.unclaim(instanceId, dto, userId); } @Post(':instanceId/execute') @Auditable() @HttpCode(HttpStatus.OK) @RequirePermissions('approval:execute') @ApiOperation({ summary: '执行人提交' }) @ApiResponse({ status: 200, description: '操作成功' }) async execute( @Param('instanceId') instanceId: string, @Body() dto: ExecuteDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.execute(instanceId, dto, userId); } @Post(':instanceId/remind') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:remind') @ApiOperation({ summary: '催办' }) @ApiResponse({ status: 200, description: '操作成功' }) @ApiResponse({ status: 403, description: '只有发起人可以催办' }) async remind( @Param('instanceId') instanceId: string, @Body() dto: RemindDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.remind(instanceId, dto, userId); } @Post(':instanceId/batch-remind') @HttpCode(HttpStatus.OK) @RequirePermissions('approval:remind') @ApiOperation({ summary: '批量催办' }) @ApiResponse({ status: 200, description: '操作成功' }) async batchRemind( @Param('instanceId') instanceId: string, @Body() dto: BatchRemindDto, @CurrentUser('userId') userId: string, ) { return this.approvalService.batchRemind(instanceId, dto, userId); } // ==================== 流程查询 (动态路由 /:instanceId) ==================== @Get(':instanceId/status') @ApiOperation({ summary: '流程状态' }) @ApiResponse({ status: 200, description: '查询成功' }) async getProcessStatus(@Param('instanceId') instanceId: string) { return this.approvalService.getProcessStatus(instanceId); } @Get(':instanceId/history') @ApiOperation({ summary: '审批历史' }) @ApiResponse({ status: 200, description: '查询成功' }) async getProcessHistory(@Param('instanceId') instanceId: string) { return this.approvalService.getProcessHistory(instanceId); } @Get(':instanceId/diagram') @ApiOperation({ summary: '流程图数据' }) @ApiResponse({ status: 200, description: '查询成功' }) async getDiagram(@Param('instanceId') instanceId: string) { return this.approvalService.getDiagram(instanceId); } @Get(':instanceId/reminders') @ApiOperation({ summary: '获取催办记录' }) @ApiResponse({ status: 200, description: '查询成功' }) async getReminders(@Param('instanceId') instanceId: string) { return this.approvalService.getReminders(instanceId); } @Get(':instanceId') @ApiOperation({ summary: '流程详情' }) @ApiResponse({ status: 200, description: '查询成功' }) @ApiResponse({ status: 404, description: '流程不存在' }) async getProcessDetail(@Param('instanceId') instanceId: string) { return this.approvalService.getProcessDetail(instanceId); } }