feat: add RBAC for inventory stocktake module

Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
2026-02-27 13:36:10 +08:00
parent 1ad477eda8
commit 38f0bbe41d
2 changed files with 14 additions and 6 deletions
--- a/inventory-backend/app/api/v1/inbound/stock.py
+++ b/inventory-backend/app/api/v1/inbound/stock.py
@ -2,6 +2,7 @@ from flask import Blueprint, jsonify, request
 from app.extensions import db
 # ★★★ 修复点：必须引入 datetime，否则下方更新时间时会报错 500 ★★★
 from datetime import datetime
 from app.utils.decorators import permission_required
 # 导入模型
 from app.models.inbound.buy import StockBuy
@ -24,6 +25,7 @@ bp = Blueprint('stock_ops', __name__)
@bp.route('/all', methods=['GET'])
@permission_required('inventory_stocktake')
 def get_all_stock():
    """
    获取所有库存 > 0 的物品
@ -63,6 +65,7 @@ def get_all_stock():
 # --- 草稿箱接口 ---
@bp.route('/draft/list', methods=['GET'])
@permission_required('inventory_stocktake')
 def get_drafts():
    """获取当前用户的盘点进度"""
    user_id = request.args.get('user_id', 'admin')
@ -71,6 +74,7 @@ def get_drafts():
@bp.route('/draft/add', methods=['POST'])
@permission_required('inventory_stocktake:operation')
 def add_draft():
    """扫码同步 (支持更新数量)"""
    try:
@ -100,6 +104,7 @@ def add_draft():
@bp.route('/draft/clear', methods=['POST'])
@permission_required('inventory_stocktake:operation')
 def clear_draft():
    """清空进度"""
    data = request.json
@ -113,6 +118,7 @@ def clear_draft():
 # --- 打印接口 ---
@bp.route('/print/selection', methods=['POST'])
@permission_required('inventory_stocktake:operation')
 def print_selection():
    try:
        data = request.json
@ -126,6 +132,7 @@ def print_selection():
@bp.route('/print/stocktake', methods=['POST'])
@permission_required('inventory_stocktake:operation')
 def print_stocktake():
    try:
        data = request.json
--- a/inventory-web/src/views/stock/stocktake/index.vue
+++ b/inventory-web/src/views/stock/stocktake/index.vue
@ -43,7 +43,7 @@
            <el-tag v-else-if="syncStatus === 'syncing'" type="warning" size="small" effect="dark" round>同步中...</el-tag>
            <el-tag v-else type="danger" size="small" effect="dark" round>同步失败</el-tag>
          </div>
-          <el-button type="info" text bg size="small" @click="pauseSession" :icon="VideoPause">
+          <el-button v-if="userStore.hasPermission('inventory_stocktake:operation')" type="info" text bg size="small" @click="pauseSession" :icon="VideoPause">
            暂停
          </el-button>
        </div>
@ -84,7 +84,7 @@
            </el-button>
          </el-col>
          <el-col :span="12">
-            <el-button type="danger" size="large" class="w-100 action-btn" @click="openFinishDialog" :icon="Checked">
+            <el-button v-if="userStore.hasPermission('inventory_stocktake:operation')" type="danger" size="large" class="w-100 action-btn" @click="openFinishDialog" :icon="Checked">
              结束盘点
            </el-button>
          </el-col>
@ -139,7 +139,7 @@
      <template #footer>
        <div class="dialog-footer">
          <el-button @click="showQtyDialog = false">取消</el-button>
-          <el-button type="primary" @click="handleManualConfirm" size="large">确认数量</el-button>
+          <el-button v-if="userStore.hasPermission('inventory_stocktake:operation')" type="primary" @click="handleManualConfirm" size="large">确认数量</el-button>
        </div>
      </template>
    </el-dialog>
@ -190,6 +190,7 @@
            <el-table-column label="操作" width="90" align="center" fixed="right">
              <template #default="scope">
                <el-button
                    v-if="userStore.hasPermission('inventory_stocktake:operation')"
                    type="primary"
                    link
                    icon="Edit"
@ -237,7 +238,7 @@
          <el-button @click="showFinishDialog = false">返回修改</el-button>
          <div class="footer-right">
            <el-button type="success" @click="exportToExcel" :icon="Download">导出Excel</el-button>
-            <el-button type="danger" @click="finishStocktake" :loading="printing" :icon="Checked">结束</el-button>
+            <el-button v-if="userStore.hasPermission('inventory_stocktake:operation')" type="danger" @click="finishStocktake" :loading="printing" :icon="Checked">结束</el-button>
          </div>
        </div>
      </template>