feat: add field-level permission control for inbound modules
Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
This commit is contained in:
@ -158,8 +158,56 @@ def get_list():
|
||||
@permission_required('inbound_product:operation')
|
||||
def submit():
|
||||
try:
|
||||
data = request.get_json()
|
||||
if not data:
|
||||
return jsonify({"code": 400, "msg": "No data"}), 400
|
||||
|
||||
# 数据清洗:移除用户没有权限的字段
|
||||
user_permissions = get_current_user_permissions()
|
||||
# 超级管理员不过滤
|
||||
if 'inbound_product:*' not in user_permissions:
|
||||
field_to_perm = {
|
||||
'id': 'inbound_product:id',
|
||||
'base_id': 'inbound_product:base_id',
|
||||
'company_name': 'inbound_product:company_name',
|
||||
'material_name': 'inbound_product:material_name',
|
||||
'category': 'inbound_product:category',
|
||||
'material_type': 'inbound_product:material_type',
|
||||
'spec_model': 'inbound_product:spec_model',
|
||||
'unit': 'inbound_product:unit',
|
||||
'sku': 'inbound_product:sku',
|
||||
'inbound_date': 'inbound_product:inbound_date',
|
||||
'barcode': 'inbound_product:barcode',
|
||||
'serial_number': 'inbound_product:serial_number',
|
||||
'status': 'inbound_product:status',
|
||||
'quality_status': 'inbound_product:quality_status',
|
||||
'in_quantity': 'inbound_product:in_quantity',
|
||||
'stock_quantity': 'inbound_product:stock_quantity',
|
||||
'available_quantity': 'inbound_product:available_quantity',
|
||||
'warehouse_location': 'inbound_product:warehouse_location',
|
||||
'bom_code': 'inbound_product:bom_code',
|
||||
'bom_version': 'inbound_product:bom_version',
|
||||
'work_order_code': 'inbound_product:work_order_code',
|
||||
'order_id': 'inbound_product:order_id',
|
||||
'production_manager': 'inbound_product:production_manager',
|
||||
'production_start_time': 'inbound_product:production_start_time',
|
||||
'production_end_time': 'inbound_product:production_end_time',
|
||||
'raw_material_cost': 'inbound_product:raw_material_cost',
|
||||
'manual_cost': 'inbound_product:manual_cost',
|
||||
'sale_price': 'inbound_product:sale_price',
|
||||
'product_photo': 'inbound_product:product_photo',
|
||||
'quality_report_link': 'inbound_product:quality_report_link',
|
||||
'inspection_report_link': 'inbound_product:inspection_report_link',
|
||||
'detail_link': 'inbound_product:detail_link',
|
||||
}
|
||||
# 复制一份,避免遍历时修改字典
|
||||
for field in list(data.keys()):
|
||||
perm_code = field_to_perm.get(field)
|
||||
if perm_code and perm_code not in user_permissions:
|
||||
data.pop(field, None)
|
||||
|
||||
# 调用 Service 处理入库,获取新创建的对象
|
||||
new_stock = ProductInboundService.handle_inbound(request.get_json())
|
||||
new_stock = ProductInboundService.handle_inbound(data)
|
||||
|
||||
# 返回成功信息以及新创建的数据(包含生成的ID和SKU),供前端自动打印使用
|
||||
return jsonify({
|
||||
@ -179,7 +227,52 @@ def submit():
|
||||
@permission_required('inbound_product:operation')
|
||||
def update(id):
|
||||
try:
|
||||
ProductInboundService.update_inbound(id, request.get_json())
|
||||
data = request.get_json()
|
||||
# 数据清洗:移除用户没有权限的字段
|
||||
user_permissions = get_current_user_permissions()
|
||||
# 超级管理员不过滤
|
||||
if 'inbound_product:*' not in user_permissions:
|
||||
field_to_perm = {
|
||||
'id': 'inbound_product:id',
|
||||
'base_id': 'inbound_product:base_id',
|
||||
'company_name': 'inbound_product:company_name',
|
||||
'material_name': 'inbound_product:material_name',
|
||||
'category': 'inbound_product:category',
|
||||
'material_type': 'inbound_product:material_type',
|
||||
'spec_model': 'inbound_product:spec_model',
|
||||
'unit': 'inbound_product:unit',
|
||||
'sku': 'inbound_product:sku',
|
||||
'inbound_date': 'inbound_product:inbound_date',
|
||||
'barcode': 'inbound_product:barcode',
|
||||
'serial_number': 'inbound_product:serial_number',
|
||||
'status': 'inbound_product:status',
|
||||
'quality_status': 'inbound_product:quality_status',
|
||||
'in_quantity': 'inbound_product:in_quantity',
|
||||
'stock_quantity': 'inbound_product:stock_quantity',
|
||||
'available_quantity': 'inbound_product:available_quantity',
|
||||
'warehouse_location': 'inbound_product:warehouse_location',
|
||||
'bom_code': 'inbound_product:bom_code',
|
||||
'bom_version': 'inbound_product:bom_version',
|
||||
'work_order_code': 'inbound_product:work_order_code',
|
||||
'order_id': 'inbound_product:order_id',
|
||||
'production_manager': 'inbound_product:production_manager',
|
||||
'production_start_time': 'inbound_product:production_start_time',
|
||||
'production_end_time': 'inbound_product:production_end_time',
|
||||
'raw_material_cost': 'inbound_product:raw_material_cost',
|
||||
'manual_cost': 'inbound_product:manual_cost',
|
||||
'sale_price': 'inbound_product:sale_price',
|
||||
'product_photo': 'inbound_product:product_photo',
|
||||
'quality_report_link': 'inbound_product:quality_report_link',
|
||||
'inspection_report_link': 'inbound_product:inspection_report_link',
|
||||
'detail_link': 'inbound_product:detail_link',
|
||||
}
|
||||
# 复制一份,避免遍历时修改字典
|
||||
for field in list(data.keys()):
|
||||
perm_code = field_to_perm.get(field)
|
||||
if perm_code and perm_code not in user_permissions:
|
||||
data.pop(field, None)
|
||||
|
||||
ProductInboundService.update_inbound(id, data)
|
||||
return jsonify({"code": 200, "msg": "更新成功"})
|
||||
except Exception as e:
|
||||
traceback.print_exc()
|
||||
|
||||
Reference in New Issue
Block a user