feat: add RBAC for inventory stocktake module

Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>

inventory-backend/app/api/v1/inbound/stock.py

@@ -2,6 +2,7 @@ from flask import Blueprint, jsonify, request
 from app.extensions import db
 # ★★★ 修复点：必须引入 datetime，否则下方更新时间时会报错 500 ★★★
 from datetime import datetime
+from app.utils.decorators import permission_required
 
 # 导入模型
 from app.models.inbound.buy import StockBuy
@@ -24,6 +25,7 @@ bp = Blueprint('stock_ops', __name__)
 
 
 @bp.route('/all', methods=['GET'])
+@permission_required('inventory_stocktake')
 def get_all_stock():
     """
     获取所有库存 > 0 的物品
@@ -63,6 +65,7 @@ def get_all_stock():
 # --- 草稿箱接口 ---
 
 @bp.route('/draft/list', methods=['GET'])
+@permission_required('inventory_stocktake')
 def get_drafts():
     """获取当前用户的盘点进度"""
     user_id = request.args.get('user_id', 'admin')
@@ -71,6 +74,7 @@ def get_drafts():
 
 
 @bp.route('/draft/add', methods=['POST'])
+@permission_required('inventory_stocktake:operation')
 def add_draft():
     """扫码同步 (支持更新数量)"""
     try:
@@ -100,6 +104,7 @@ def add_draft():
 
 
 @bp.route('/draft/clear', methods=['POST'])
+@permission_required('inventory_stocktake:operation')
 def clear_draft():
     """清空进度"""
     data = request.json
@@ -113,6 +118,7 @@ def clear_draft():
 # --- 打印接口 ---
 
 @bp.route('/print/selection', methods=['POST'])
+@permission_required('inventory_stocktake:operation')
 def print_selection():
     try:
         data = request.json
@@ -126,6 +132,7 @@ def print_selection():
 
 
 @bp.route('/print/stocktake', methods=['POST'])
+@permission_required('inventory_stocktake:operation')
 def print_stocktake():
     try:
         data = request.json
@@ -133,4 +140,4 @@ def print_stocktake():
         success, msg = printer.print_stocktake_report(data)
         return jsonify({"message": "盘点报告已发送" if success else msg}), 200 if success else 500
     except Exception as e:
-        return jsonify({"message": str(e)}), 500
+        return jsonify({"message": str(e)}), 500