fix(outbound+trans): 修复POST接口错误数据清洗导致的sku/quantity字段被清除Bug，并新增出库审批工作流全链路

2026-04-28 16:02:34 +08:00
parent 97e7618bf3
commit 62c0e3738e
12 changed files with 1248 additions and 112 deletions
--- a/inventory-backend/app/api/v1/transactions.py
+++ b/inventory-backend/app/api/v1/transactions.py
@ -66,26 +66,6 @@ def filter_item_by_permissions(item_dict, user_permissions, prefix='op_records')
 )
 def create_borrow():
    data = request.get_json()
-    # 数据清洗：移除用户没有权限的字段
-    user_permissions = get_current_user_permissions()
-    # 超级管理员不过滤
-    if '*' not in user_permissions:
-        field_to_perm = {
-            'borrow_no': 'op_records:borrow_no',
-            'borrower_name': 'op_records:borrower_name',
-            'sku': 'op_records:sku',
-            'borrow_time': 'op_records:borrow_time',
-            'return_time': 'op_records:return_time',
-            'status': 'op_records:status',
-            'expected_return_time': 'op_records:expected_return_time',
-            'return_location': 'op_records:return_location',
-            'borrow_signature': 'op_records:borrow_signature',
-            'return_signature': 'op_records:return_signature',
-        }
-        for field in list(data.keys()):
-            perm_code = field_to_perm.get(field)
-            if perm_code and perm_code not in user_permissions:
-                data.pop(field, None)
    try:
        no = TransService.create_borrow(data)
        return jsonify({'code': 200, 'msg': '借用成功', 'data': {'borrow_no': no}})
@ -120,26 +100,6 @@ def scan_borrowed_item():
 )
 def submit_return():
    data = request.get_json()
-    # 数据清洗：移除用户没有权限的字段
-    user_permissions = get_current_user_permissions()
-    # 超级管理员不过滤
-    if '*' not in user_permissions:
-        field_to_perm = {
-            'borrow_no': 'op_records:borrow_no',
-            'borrower_name': 'op_records:borrower_name',
-            'sku': 'op_records:sku',
-            'borrow_time': 'op_records:borrow_time',
-            'return_time': 'op_records:return_time',
-            'status': 'op_records:status',
-            'expected_return_time': 'op_records:expected_return_time',
-            'return_location': 'op_records:return_location',
-            'borrow_signature': 'op_records:borrow_signature',
-            'return_signature': 'op_records:return_signature',
-        }
-        for field in list(data.keys()):
-            perm_code = field_to_perm.get(field)
-            if perm_code and perm_code not in user_permissions:
-                data.pop(field, None)
    user = get_jwt_identity()  # 库管
    try:
        TransService.process_return(data, operator_name=user)