diff --git a/inventory-backend/app/api/v1/inbound/base.py b/inventory-backend/app/api/v1/inbound/base.py index b80c317..42dd12d 100644 --- a/inventory-backend/app/api/v1/inbound/base.py +++ b/inventory-backend/app/api/v1/inbound/base.py @@ -170,7 +170,37 @@ def create(): if not data: return jsonify({"code": 400, "msg": "No data provided"}), 400 - MaterialBaseService.create_material(data) + # 获取当前用户权限 + user_permissions = get_current_user_permissions() + # 字段到权限码的映射(与 filter_item_by_permissions 一致) + field_to_perm = { + 'id': 'material_list:id', + 'companyName': 'material_list:companyName', + 'name': 'material_list:name', + 'commonName': 'material_list:commonName', + 'category': 'material_list:category', + 'type': 'material_list:type', + 'spec': 'material_list:spec', + 'unit': 'material_list:unit', + 'inventoryCount': 'material_list:inventoryCount', + 'availableCount': 'material_list:availableCount', + 'generalManual': 'material_list:files', + 'generalImage': 'material_list:files', + 'isEnabled': 'material_list:isEnabled' + } + # 过滤用户没有权限的字段 + filtered_data = {} + for key, value in data.items(): + if key in field_to_perm: + perm_code = field_to_perm[key] + if perm_code in user_permissions: + filtered_data[key] = value + # 没有权限则跳过,不包含在 filtered_data 中 + else: + # 不在映射中的字段,默认允许(例如 visibilityLevel) + filtered_data[key] = value + + MaterialBaseService.create_material(filtered_data) return jsonify({"code": 200, "msg": "新增成功"}) except ValueError as e: # 捕获业务逻辑验证错误 (如名称为空) @@ -189,7 +219,37 @@ def create(): def update(id): try: data = request.get_json() - MaterialBaseService.update_material(id, data) + # 获取当前用户权限 + user_permissions = get_current_user_permissions() + # 字段到权限码的映射(与 filter_item_by_permissions 一致) + field_to_perm = { + 'id': 'material_list:id', + 'companyName': 'material_list:companyName', + 'name': 'material_list:name', + 'commonName': 'material_list:commonName', + 'category': 'material_list:category', + 'type': 'material_list:type', + 'spec': 'material_list:spec', + 'unit': 'material_list:unit', + 'inventoryCount': 'material_list:inventoryCount', + 'availableCount': 'material_list:availableCount', + 'generalManual': 'material_list:files', + 'generalImage': 'material_list:files', + 'isEnabled': 'material_list:isEnabled' + } + # 过滤用户没有权限的字段 + filtered_data = {} + for key, value in data.items(): + if key in field_to_perm: + perm_code = field_to_perm[key] + if perm_code in user_permissions: + filtered_data[key] = value + # 没有权限则跳过,不包含在 filtered_data 中 + else: + # 不在映射中的字段,默认允许(例如 visibilityLevel) + filtered_data[key] = value + # 使用过滤后的数据调用服务 + MaterialBaseService.update_material(id, filtered_data) return jsonify({"code": 200, "msg": "修改成功"}) except Exception as e: traceback.print_exc() diff --git a/inventory-web/src/views/material/list.vue b/inventory-web/src/views/material/list.vue index 0cc1460..d6c0c99 100644 --- a/inventory-web/src/views/material/list.vue +++ b/inventory-web/src/views/material/list.vue @@ -247,12 +247,12 @@ - + - + @@ -260,7 +260,7 @@ - + - +
- + - + @@ -318,7 +318,7 @@ - + @@ -330,7 +330,7 @@ - +
- +
- + 启用 禁用 @@ -538,6 +538,19 @@ const initColumnPermissions = () => { }); }; +// 检查字段权限(用于表单) +const hasFieldPermission = (field: string) => { + if (userStore.role === 'SUPER_ADMIN' || userStore.username === 'IRIS') { + return true; + } + const code = permissionMap[field]; + // 如果permissionMap中没有该字段,默认允许 + if (!code) { + return true; + } + return userStore.hasPermission(code); +}; + const companyOptions = ref([]); const categoryOptions = ref([]); const typeOptions = ref([]);