fix-security-correct-field-permission-mapping-and-403-denial

query_permissions.py

@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+import psycopg2
+
+# 数据库连接配置 (从 docker-compose.yml 获取)
+DB_CONFIG = {
+    'host': 'localhost',
+    'port': 5435,
+    'user': 'test',
+    'password': '1234',
+    'database': 'inventory_system'
+}
+
+def query_permissions():
+    conn = psycopg2.connect(**DB_CONFIG)
+    cursor = conn.cursor()
+    
+    print('=' * 60)
+    print('查询: 角色为 PURCHASER 且 type=element 的所有权限记录')
+    print('=' * 60)
+    
+    # 查询 PURCHASER 角色的元素权限
+    cursor.execute('''
+        SELECT role_code, target_code, type 
+        FROM sys_role_permission 
+        WHERE role_code = 'PURCHASER' AND type = 'element'
+        ORDER BY target_code
+    ''')
+    
+    rows = cursor.fetchall()
+    print(f'找到 {len(rows)} 条记录:\n')
+    
+    for row in rows:
+        print(f'  role_code: {row[0]}')
+        print(f'  target_code: {row[1]}')
+        print(f'  type: {row[2]}')
+        print('-' * 40)
+    
+    # 如果没有结果，查询所有角色看看有什么
+    if not rows:
+        print('\n没有找到 PURCHASER 的记录，查询所有 element 权限...\n')
+        cursor.execute('''
+            SELECT DISTINCT role_code, type 
+            FROM sys_role_permission 
+            WHERE type = 'element'
+            ORDER BY role_code
+        ''')
+        all_roles = cursor.fetchall()
+        print(f'数据库中有以下角色有 element 权限: {all_roles}')
+    
+    conn.close()
+
+if __name__ == '__main__':
+    query_permissions()