fix: enforce field-level permission checks for semi-finished and finished goods tables

inventory-web/src/views/stock/inbound/product.vue

@@ -145,7 +145,7 @@
     >
       <template v-for="col in allColumns" :key="col.prop">
         <el-table-column
-            v-if="visibleColumnProps.includes(col.prop)"
+            v-if="visibleColumnProps.includes(col.prop) && hasColumnPermission(col.prop)"
             :prop="col.prop"
             :label="col.label"
             :min-width="col.minWidth || '110'"
@@ -791,9 +791,13 @@ const initColumnPermissions = () => {
   visibleColumnProps.value = defaultVisibleCols
 }
 
-// 检查列权限（移除权限限制，始终返回 true）
+// 检查列权限
 const hasColumnPermission = (prop: string) => {
-  return true
+  if (userStore.role === 'SUPER_ADMIN' || userStore.username === 'IRIS') {
+    return true
+  }
+  const code = permissionMap[prop]
+  return code ? userStore.hasPermission(code) : false
 }
 
 const defaultVisibleCols = ['company_name', 'material_name', 'sku', 'serial_number', 'qty_stock', 'status', 'quality_status', 'product_photo', 'sale_price', 'order_id']

inventory-web/src/views/stock/inbound/semi.vue

@@ -158,7 +158,7 @@
     >
       <template v-for="col in allColumns" :key="col.prop">
         <el-table-column
-            v-if="visibleColumnProps.includes(col.prop)"
+            v-if="visibleColumnProps.includes(col.prop) && hasColumnPermission(col.prop)"
             :prop="col.prop"
             :label="col.label"
             :min-width="col.minWidth || '140'"
@@ -871,9 +871,52 @@ const initColumnPermissions = () => {
   visibleColumnProps.value = defaultColumns
 }
 
-// 检查列权限（移除权限限制，始终返回 true）
+// 列与权限Code的映射关系（数据库中的code）
+const permissionMap: Record<string, string> = {
+  id: 'inbound_semi:id',
+  base_id: 'inbound_semi:base_id',
+  company_name: 'inbound_semi:company_name',
+  material_name: 'inbound_semi:material_name',
+  spec_model: 'inbound_semi:spec_model',
+  category: 'inbound_semi:category',
+  material_type: 'inbound_semi:material_type',
+  unit: 'inbound_semi:unit',
+  sku: 'inbound_semi:sku',
+  inbound_date: 'inbound_semi:inbound_date',
+  barcode: 'inbound_semi:barcode',
+  serial_number: 'inbound_semi:serial_number',
+  batch_number: 'inbound_semi:batch_number',
+  status: 'inbound_semi:status',
+  quality_status: 'inbound_semi:quality_status',
+  in_quantity: 'inbound_semi:in_quantity',
+  qty_inbound: 'inbound_semi:qty_inbound',
+  stock_quantity: 'inbound_semi:stock_quantity',
+  qty_stock: 'inbound_semi:qty_stock',
+  available_quantity: 'inbound_semi:available_quantity',
+  qty_available: 'inbound_semi:qty_available',
+  warehouse_location: 'inbound_semi:warehouse_location',
+  warehouse_loc: 'inbound_semi:warehouse_loc',
+  bom_code: 'inbound_semi:bom_code',
+  bom_version: 'inbound_semi:bom_version',
+  work_order_code: 'inbound_semi:work_order_code',
+  raw_material_cost: 'inbound_semi:raw_material_cost',
+  unit_total_cost: 'inbound_semi:unit_total_cost',
+  total_price: 'inbound_semi:total_price',
+  production_manager: 'inbound_semi:production_manager',
+  production_start_time: 'inbound_semi:production_start_time',
+  production_end_time: 'inbound_semi:production_end_time',
+  arrival_photo: 'inbound_semi:arrival_photo',
+  quality_report_link: 'inbound_semi:quality_report_link',
+  detail_link: 'inbound_semi:detail_link',
+}
+
+// 检查列权限
 const hasColumnPermission = (prop: string) => {
-  return true
+  if (userStore.role === 'SUPER_ADMIN' || userStore.username === 'IRIS') {
+    return true
+  }
+  const code = permissionMap[prop]
+  return code ? userStore.hasPermission(code) : false
 }
 
 const defaultColumns = ['company_name', 'material_name', 'spec_model', 'unit', 'inbound_date', 'sn_bn', 'status', 'quality_status', 'bom_code', 'work_order_code', 'qty_stock', 'qty_available', 'unit_total_cost', 'arrival_photo', 'quality_report_link']