duxingchen/KCGL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add permission management to inbound service module

Browse Source 
Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
This commit is contained in:
dxc
2026-02-27 13:12:45 +08:00
parent 1d2e8feced
commit 1ad477eda8
2 changed files with 106 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
inventory-backend/app/api/v1/inbound/service.py
View File

@ -3,21 +3,73 @@ from flask import request, jsonify, current_app
from flask_jwt_extended import jwt_required from flask_jwt_extended import jwt_required
from . import inbound_bp from . import inbound_bp
from app.services.inbound.service_service import ServiceService from app.services.inbound.service_service import ServiceService
from app.utils.decorators import role_required from app.utils.decorators import role_required, permission_required
import traceback import traceback
# ==============================================================================
# 辅助函数:获取当前用户的完整权限列表(基于角色查询)
# ==============================================================================
def get_current_user_permissions():
"""
返回当前用户拥有的所有权限码列表(包括菜单和元素)
此函数根据角色查询数据库得到权限。
"""
from flask_jwt_extended import get_jwt
from app.services.auth_service import AuthService
claims = get_jwt()
user_role = claims.get('role')
if not user_role:
return []
# 超级管理员返回所有字段权限
if user_role == 'super_admin':
return ['inbound_service:*']
perm_dict = AuthService.get_user_permissions(user_role)
# 合并菜单和元素权限
perms = perm_dict.get('menus', []) + perm_dict.get('elements', [])
return perms
def filter_item_by_permissions(item_dict, user_permissions):
"""
根据用户权限过滤 item 字典,无权限的字段值置为 None
"""
# 字段名到权限码的映射(与前端 permissionMap 保持一致)
field_to_perm = {
'id': 'inbound_service:id',
'base_id': 'inbound_service:base_id',
'sku': 'inbound_service:sku',
'material_name': 'inbound_service:material_name',
'provider_name': 'inbound_service:provider_name',
'sale_price': 'inbound_service:sale_price',
'description': 'inbound_service:description',
'created_at': 'inbound_service:created_at',
'material_type': 'inbound_service:material_type',
'category': 'inbound_service:category',
'spec_model': 'inbound_service:spec_model',
'unit': 'inbound_service:unit',
}
if 'inbound_service:*' in user_permissions:
return item_dict
for field, perm_code in field_to_perm.items():
if field in item_dict and perm_code not in user_permissions:
item_dict[field] = None
return item_dict
@inbound_bp.route('/service/search-base', methods=['GET']) @inbound_bp.route('/service/search-base', methods=['GET'])
@jwt_required() @permission_required('inbound_service')
def search_base(): def search_base():
"""搜索基础物料""" """搜索基础物料"""
keyword = request.args.get('keyword', '') keyword = request.args.get('keyword', '')
try: try:
data = ServiceService.search_base_material(keyword) data = ServiceService.search_base_material(keyword)
user_permissions = get_current_user_permissions()
filtered_data = [filter_item_by_permissions(item, user_permissions) for item in data]
return jsonify({ return jsonify({
'code': 200, 'code': 200,
'msg': 'success', 'msg': 'success',
'data': data 'data': filtered_data
}) })
except Exception as e: except Exception as e:
current_app.logger.error(f'搜索基础物料失败: {str(e)}') current_app.logger.error(f'搜索基础物料失败: {str(e)}')
@ -25,7 +77,7 @@ def search_base():
@inbound_bp.route('/service', methods=['GET']) @inbound_bp.route('/service', methods=['GET'])
@jwt_required() @permission_required('inbound_service')
def get_service_list(): def get_service_list():
"""获取服务权益列表""" """获取服务权益列表"""
page = request.args.get('page', 1, type=int) page = request.args.get('page', 1, type=int)
@ -44,6 +96,9 @@ def get_service_list():
end_date=end_date, end_date=end_date,
provider_name=provider_name provider_name=provider_name
) )
user_permissions = get_current_user_permissions()
if result.get('items'):
result['items'] = [filter_item_by_permissions(item, user_permissions) for item in result['items']]
return jsonify({ return jsonify({
'code': 200, 'code': 200,
'msg': 'success', 'msg': 'success',
@ -56,8 +111,7 @@ def get_service_list():
@inbound_bp.route('/service', methods=['POST']) @inbound_bp.route('/service', methods=['POST'])
@jwt_required() @permission_required('inbound_service:operation')
@role_required('admin,manager')
def create_service(): def create_service():
"""创建服务权益""" """创建服务权益"""
data = request.get_json() data = request.get_json()
@ -72,10 +126,12 @@ def create_service():
try: try:
service = ServiceService.create_service(data) service = ServiceService.create_service(data)
user_permissions = get_current_user_permissions()
filtered_data = filter_item_by_permissions(service.to_dict(), user_permissions)
return jsonify({ return jsonify({
'code': 201, 'code': 201,
'msg': '创建成功', 'msg': '创建成功',
'data': service.to_dict() 'data': filtered_data
}), 201 }), 201
except ValueError as e: except ValueError as e:
return jsonify({'code': 400, 'msg': str(e)}), 400 return jsonify({'code': 400, 'msg': str(e)}), 400
@ -86,15 +142,17 @@ def create_service():
@inbound_bp.route('/service/<int:service_id>', methods=['GET']) @inbound_bp.route('/service/<int:service_id>', methods=['GET'])
@jwt_required() @permission_required('inbound_service')
def get_service(service_id): def get_service(service_id):
"""获取单个服务权益详情""" """获取单个服务权益详情"""
try: try:
service = ServiceService.get_service(service_id) service = ServiceService.get_service(service_id)
user_permissions = get_current_user_permissions()
filtered_data = filter_item_by_permissions(service.to_dict(), user_permissions)
return jsonify({ return jsonify({
'code': 200, 'code': 200,
'msg': 'success', 'msg': 'success',
'data': service.to_dict() 'data': filtered_data
}) })
except ValueError as e: except ValueError as e:
return jsonify({'code': 404, 'msg': str(e)}), 404 return jsonify({'code': 404, 'msg': str(e)}), 404
@ -104,8 +162,7 @@ def get_service(service_id):
@inbound_bp.route('/service/<int:service_id>', methods=['PUT']) @inbound_bp.route('/service/<int:service_id>', methods=['PUT'])
@jwt_required() @permission_required('inbound_service:operation')
@role_required('admin,manager')
def update_service(service_id): def update_service(service_id):
"""更新服务权益""" """更新服务权益"""
data = request.get_json() data = request.get_json()
@ -124,10 +181,12 @@ def update_service(service_id):
try: try:
service = ServiceService.update_service(service_id, filtered_data) service = ServiceService.update_service(service_id, filtered_data)
user_permissions = get_current_user_permissions()
filtered_service = filter_item_by_permissions(service.to_dict(), user_permissions)
return jsonify({ return jsonify({
'code': 200, 'code': 200,
'msg': '更新成功', 'msg': '更新成功',
'data': service.to_dict() 'data': filtered_service
}) })
except ValueError as e: except ValueError as e:
return jsonify({'code': 404, 'msg': str(e)}), 404 return jsonify({'code': 404, 'msg': str(e)}), 404
@ -137,8 +196,7 @@ def update_service(service_id):
@inbound_bp.route('/service/<int:service_id>', methods=['DELETE']) @inbound_bp.route('/service/<int:service_id>', methods=['DELETE'])
@jwt_required() @permission_required('inbound_service:operation')
@role_required('admin,manager')
def delete_service(service_id): def delete_service(service_id):
"""删除服务权益""" """删除服务权益"""
try: try:
@ -155,7 +213,7 @@ def delete_service(service_id):
@inbound_bp.route('/service/suggestions/providers', methods=['GET']) @inbound_bp.route('/service/suggestions/providers', methods=['GET'])
@jwt_required() @permission_required('inbound_service')
def get_provider_suggestions(): def get_provider_suggestions():
base_id = request.args.get('base_id', type=int) base_id = request.args.get('base_id', type=int)
if not base_id: if not base_id:
@ -165,7 +223,7 @@ def get_provider_suggestions():
@inbound_bp.route('/service/suggestions/users', methods=['GET']) @inbound_bp.route('/service/suggestions/users', methods=['GET'])
@jwt_required() @permission_required('inbound_service')
def get_user_suggestions(): def get_user_suggestions():
keyword = request.args.get('keyword', '') keyword = request.args.get('keyword', '')
data = ServiceService.search_system_users(keyword) data = ServiceService.search_system_users(keyword)
@ -173,7 +231,7 @@ def get_user_suggestions():
@inbound_bp.route('/service/options', methods=['GET']) @inbound_bp.route('/service/options', methods=['GET'])
@jwt_required() @permission_required('inbound_service')
def get_options(): def get_options():
try: try:
data = ServiceService.get_filter_options() data = ServiceService.get_filter_options()

38
inventory-web/src/views/stock/inbound/service.vue
View File

@ -45,21 +45,21 @@
<el-form-item> <el-form-item>
<el-button type="primary" @click="handleSearch">搜索</el-button> <el-button type="primary" @click="handleSearch">搜索</el-button>
<el-button @click="resetSearch">重置</el-button> <el-button @click="resetSearch">重置</el-button>
<el-button type="success" @click="handleAdd">新增服务</el-button> <el-button v-if="userStore.hasPermission('inbound_service:operation')" type="success" @click="handleAdd">新增服务</el-button>
</el-form-item> </el-form-item>
</el-form> </el-form>
</div> </div>
<el-table :data="tableData" border stripe style="width: 100%;" v-loading="loading"> <el-table :data="tableData" border stripe style="width: 100%;" v-loading="loading">
<el-table-column prop="sku" label="SKU" width="200" /> <el-table-column v-if="hasColumnPermission('sku')" prop="sku" label="SKU" width="200" />
<el-table-column prop="material_name" label="物料名称" /> <el-table-column v-if="hasColumnPermission('material_name')" prop="material_name" label="物料名称" />
<el-table-column prop="provider_name" label="服务商" width="150" /> <el-table-column v-if="hasColumnPermission('provider_name')" prop="provider_name" label="服务商" width="150" />
<el-table-column prop="sale_price" label="售价" width="120"> <el-table-column v-if="hasColumnPermission('sale_price')" prop="sale_price" label="售价" width="120">
<template #default="{row}">{{ row.sale_price.toFixed(2) }}</template> <template #default="{row}">{{ row.sale_price.toFixed(2) }}</template>
</el-table-column> </el-table-column>
<el-table-column prop="description" label="简介" show-overflow-tooltip /> <el-table-column v-if="hasColumnPermission('description')" prop="description" label="简介" show-overflow-tooltip />
<el-table-column prop="created_at" label="创建时间" width="160" /> <el-table-column v-if="hasColumnPermission('created_at')" prop="created_at" label="创建时间" width="160" />
<el-table-column label="操作" width="180" fixed="right"> <el-table-column v-if="userStore.hasPermission('inbound_service:operation')" label="操作" width="180" fixed="right">
<template #default="{row}"> <template #default="{row}">
<el-button size="small" @click="handleEdit(row)">编辑</el-button> <el-button size="small" @click="handleEdit(row)">编辑</el-button>
<el-button size="small" type="danger" @click="handleDelete(row)">删除</el-button> <el-button size="small" type="danger" @click="handleDelete(row)">删除</el-button>
@ -198,6 +198,7 @@ import { ref, reactive, onMounted } from 'vue'
import { InfoFilled, Box, House } from '@element-plus/icons-vue' import { InfoFilled, Box, House } from '@element-plus/icons-vue'
import type { FormInstance, FormRules } from 'element-plus' import type { FormInstance, FormRules } from 'element-plus'
import { ElMessage, ElMessageBox } from 'element-plus' import { ElMessage, ElMessageBox } from 'element-plus'
import { useUserStore } from '@/stores/user'
import { import {
getServiceList, getServiceList,
createService, createService,
@ -212,6 +213,27 @@ import {
type MaterialBaseItem type MaterialBaseItem
} from '@/api/inbound/service' } from '@/api/inbound/service'
const userStore = useUserStore()
// 列与权限Code的映射关系数据库中的code
const permissionMap: Record<string, string> = {
sku: 'inbound_service:sku',
material_name: 'inbound_service:material_name',
provider_name: 'inbound_service:provider_name',
sale_price: 'inbound_service:sale_price',
description: 'inbound_service:description',
created_at: 'inbound_service:created_at',
}
// 检查列权限
const hasColumnPermission = (prop: string) => {
if (userStore.role === 'SUPER_ADMIN' || userStore.username === 'IRIS') {
return true
}
const code = permissionMap[prop]
return code ? userStore.hasPermission(code) : false
}
// 表格数据 // 表格数据
const tableData = ref<ServiceItem[]>([]) const tableData = ref<ServiceItem[]>([])
const loading = ref(false) const loading = ref(false)