php实现审批

PHP 审批系统实现方法

审批系统通常涉及表单提交、流程控制和状态管理。以下是实现审批功能的几种方法：

数据库设计 创建审批相关的数据库表，例如：

CREATE TABLE approvals (
    id INT AUTO_INCREMENT PRIMARY KEY,
    user_id INT,
    content TEXT,
    status ENUM('pending', 'approved', 'rejected') DEFAULT 'pending',
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
);

基础审批功能 使用PHP处理审批请求：

// 提交审批
$stmt = $pdo->prepare("INSERT INTO approvals (user_id, content) VALUES (?, ?)");
$stmt->execute([$userId, $content]);

// 审批处理
$stmt = $pdo->prepare("UPDATE approvals SET status = ? WHERE id = ?");
$stmt->execute([$status, $approvalId]);

工作流审批 对于多级审批，需要更复杂的流程控制：

// 多级审批表结构
CREATE TABLE approval_steps (
    id INT AUTO_INCREMENT PRIMARY KEY,
    approval_id INT,
    step INT,
    approver_id INT,
    status ENUM('pending', 'approved', 'rejected') DEFAULT 'pending',
    comments TEXT
);

// 处理单步审批
$stmt = $pdo->prepare("UPDATE approval_steps SET status = ? WHERE approval_id = ? AND step = ?");
$stmt->execute([$decision, $approvalId, $currentStep]);

权限控制 确保只有有权限的用户可以审批：

function canApprove($userId, $approvalId) {
    $stmt = $pdo->prepare("SELECT COUNT(*) FROM approval_steps WHERE approval_id = ? AND approver_id = ? AND status = 'pending'");
    $stmt->execute([$approvalId, $userId]);
    return $stmt->fetchColumn() > 0;
}

通知功能 审批状态变化时发送通知：

function sendApprovalNotification($approvalId, $message) {
    $stmt = $pdo->prepare("SELECT user_id FROM approvals WHERE id = ?");
    $stmt->execute([$approvalId]);
    $userId = $stmt->fetchColumn();

    // 这里实现邮件或系统通知
}

审批记录 保留完整的审批历史：

CREATE TABLE approval_history (
    id INT AUTO_INCREMENT PRIMARY KEY,
    approval_id INT,
    action VARCHAR(50),
    user_id INT,
    timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    comments TEXT
);

function logApprovalAction($approvalId, $action, $userId, $comments = '') {
    $stmt = $pdo->prepare("INSERT INTO approval_history (approval_id, action, user_id, comments) VALUES (?, ?, ?, ?)");
    $stmt->execute([$approvalId, $action, $userId, $comments]);
}

审批系统扩展功能

条件审批 根据不同条件路由审批流程：

function getNextApprovers($approvalId) {
    // 根据业务规则确定下一审批人
    $rules = getBusinessRules($approvalId);
    return queryNextApproversBasedOnRules($rules);
}

批量审批 处理批量审批请求：

function batchApprove(array $approvalIds, $userId) {
    $pdo->beginTransaction();
    try {
        foreach ($approvalIds as $id) {
            if (canApprove($userId, $id)) {
                approveItem($id, $userId);
            }
        }
        $pdo->commit();
    } catch (Exception $e) {
        $pdo->rollBack();
        throw $e;
    }
}

审批统计 生成审批数据报表：

function getApprovalStats($startDate, $endDate) {
    $stmt = $pdo->prepare("
        SELECT status, COUNT(*) as count 
        FROM approvals 
        WHERE created_at BETWEEN ? AND ?
        GROUP BY status
    ");
    $stmt->execute([$startDate, $endDate]);
    return $stmt->fetchAll(PDO::FETCH_ASSOC);
}

安全注意事项

输入验证 对所有审批相关输入进行严格过滤：

$approvalId = filter_input(INPUT_POST, 'id', FILTER_VALIDATE_INT);
if (!$approvalId) {
    throw new InvalidArgumentException('Invalid approval ID');
}

CSRF防护 审批操作需要CSRF保护：

session_start();
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
    die('Invalid CSRF token');
}

审计日志 记录所有审批操作：

function logApprovalAttempt($userId, $action, $success) {
    $stmt = $pdo->prepare("INSERT INTO audit_log (user_id, action, success, ip_address) VALUES (?, ?, ?, ?)");
    $stmt->execute([$userId, $action, $success, $_SERVER['REMOTE_ADDR']]);
}

以上代码示例提供了PHP实现审批系统的基础框架，可以根据具体业务需求进行扩展和调整。