From 6e914f1e96b6355de8a9e8ebd4ba35aa00d660ce Mon Sep 17 00:00:00 2001 From: dxc Date: Fri, 27 Feb 2026 12:08:57 +0800 Subject: [PATCH] feat: add RBAC permission control for semi inbound module Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) --- inventory-backend/app/api/v1/inbound/semi.py | 95 ++++++++++++++++++- .../src/views/stock/inbound/semi.vue | 86 ++++++++++++++++- 2 files changed, 173 insertions(+), 8 deletions(-) diff --git a/inventory-backend/app/api/v1/inbound/semi.py b/inventory-backend/app/api/v1/inbound/semi.py index 39d2388..75e10d5 100644 --- a/inventory-backend/app/api/v1/inbound/semi.py +++ b/inventory-backend/app/api/v1/inbound/semi.py @@ -1,16 +1,90 @@ # inventory-backend/app/api/v1/inbound/semi.py from flask import Blueprint, request, jsonify from app.services.inbound.semi_service import SemiInboundService +from app.utils.decorators import permission_required import traceback # 定义蓝图 inbound_semi_bp = Blueprint('stock_semi', __name__) +# ============================================================================== +# 辅助函数:获取当前用户的完整权限列表(基于角色查询) +# ============================================================================== +def get_current_user_permissions(): + """ + 返回当前用户拥有的所有权限码列表(包括菜单和元素) + 此函数根据角色查询数据库得到权限。 + """ + from flask_jwt_extended import get_jwt + from app.services.auth_service import AuthService + claims = get_jwt() + user_role = claims.get('role') + if not user_role: + return [] + # 超级管理员返回所有字段权限 + if user_role == 'super_admin': + # 返回所有以 inbound_semi: 开头的权限码(这里我们返回一个特殊标记,表示全部) + # 为了简单,我们返回 ['inbound_semi:*'],在过滤函数中特殊处理 + return ['inbound_semi:*'] + perm_dict = AuthService.get_user_permissions(user_role) + # 合并菜单和元素权限 + perms = perm_dict.get('menus', []) + perm_dict.get('elements', []) + return perms + + +def filter_item_by_permissions(item_dict, user_permissions): + """ + 根据用户权限过滤 item 字典,无权限的字段值置为 None + """ + # 字段名到权限码的映射(与前端 permissionMap 保持一致) + field_to_perm = { + 'id': 'inbound_semi:id', + 'base_id': 'inbound_semi:base_id', + 'company_name': 'inbound_semi:company_name', + 'material_name': 'inbound_semi:material_name', + 'category': 'inbound_semi:category', + 'material_type': 'inbound_semi:material_type', + 'spec_model': 'inbound_semi:spec_model', + 'unit': 'inbound_semi:unit', + 'sku': 'inbound_semi:sku', + 'inbound_date': 'inbound_semi:inbound_date', + 'barcode': 'inbound_semi:barcode', + 'serial_number': 'inbound_semi:serial_number', + 'batch_number': 'inbound_semi:batch_number', + 'status': 'inbound_semi:status', + 'quality_status': 'inbound_semi:quality_status', + 'in_quantity': 'inbound_semi:in_quantity', + 'stock_quantity': 'inbound_semi:stock_quantity', + 'available_quantity': 'inbound_semi:available_quantity', + 'warehouse_location': 'inbound_semi:warehouse_location', + 'bom_code': 'inbound_semi:bom_code', + 'bom_version': 'inbound_semi:bom_version', + 'work_order_code': 'inbound_semi:work_order_code', + 'raw_material_cost': 'inbound_semi:raw_material_cost', + 'manual_cost': 'inbound_semi:manual_cost', + 'unit_total_cost': 'inbound_semi:unit_total_cost', + 'production_manager': 'inbound_semi:production_manager', + 'production_start_time': 'inbound_semi:production_start_time', + 'production_end_time': 'inbound_semi:production_end_time', + 'arrival_photo': 'inbound_semi:arrival_photo', + 'quality_report_link': 'inbound_semi:quality_report_link', + 'detail_link': 'inbound_semi:detail_link', + } + # 如果用户是超级管理员且有 'inbound_semi:*',则不过滤 + if 'inbound_semi:*' in user_permissions: + return item_dict + for field, perm_code in field_to_perm.items(): + if field in item_dict and perm_code not in user_permissions: + item_dict[field] = None + return item_dict + + # ------------------------------------------------------------------ # 0. 基础物料搜索 (复用逻辑) # ------------------------------------------------------------------ @inbound_semi_bp.route('/search-base', methods=['GET']) +@permission_required('inbound_semi') def search_base(): """ 供前端下拉框远程搜索使用 (搜索半成品类型的基础物料) @@ -20,10 +94,13 @@ def search_base(): keyword = request.args.get('keyword', '') # 这里复用 Service 中的搜索逻辑 data = SemiInboundService.search_base_material(keyword) + # 字段级脱敏 + user_permissions = get_current_user_permissions() + filtered_data = [filter_item_by_permissions(item, user_permissions) for item in data] return jsonify({ "code": 200, "msg": "success", - "data": data + "data": filtered_data }) except Exception as e: traceback.print_exc() @@ -33,6 +110,7 @@ def search_base(): # 0.5 [新增] BOM 搜索接口 # ------------------------------------------------------------------ @inbound_semi_bp.route('/search-bom', methods=['GET']) +@permission_required('inbound_semi') def search_bom(): """ 供前端下拉框远程搜索使用 (搜索BOM) @@ -55,6 +133,7 @@ def search_bom(): # 1. 获取半成品列表 # ------------------------------------------------------------------ @inbound_semi_bp.route('/list', methods=['GET']) +@permission_required('inbound_semi') def get_list(): try: page = request.args.get('page', 1, type=int) @@ -67,6 +146,10 @@ def get_list(): statuses = statuses_str.split(',') if statuses_str else [] result = SemiInboundService.get_list(page, limit, keyword, statuses) + # 字段级脱敏 + user_permissions = get_current_user_permissions() + if result.get('items'): + result['items'] = [filter_item_by_permissions(item, user_permissions) for item in result['items']] return jsonify({"code": 200, "msg": "success", "data": result}) except Exception as e: traceback.print_exc() @@ -77,6 +160,7 @@ def get_list(): # 2. 新增半成品入库 (修改:返回创建的对象数据) # ------------------------------------------------------------------ @inbound_semi_bp.route('/submit', methods=['POST']) +@permission_required('inbound_semi:operation') def submit(): try: data = request.get_json() @@ -101,6 +185,7 @@ def submit(): # 3. 更新半成品入库信息 # ------------------------------------------------------------------ @inbound_semi_bp.route('/', methods=['PUT']) +@permission_required('inbound_semi:operation') def update_semi(id): try: data = request.get_json() @@ -115,8 +200,9 @@ def update_semi(id): # 4. 删除半成品入库记录 # ------------------------------------------------------------------ @inbound_semi_bp.route('/', methods=['DELETE']) +@permission_required('inbound_semi:operation') def delete_semi(id): - try: + try { SemiInboundService.delete_inbound(id) return jsonify({"code": 200, "msg": "删除成功"}) except Exception as e: @@ -128,6 +214,7 @@ def delete_semi(id): # 5. [新增] 获取关联出库历史 # ------------------------------------------------------------------ @inbound_semi_bp.route('//history', methods=['GET']) +@permission_required('inbound_semi') def get_history(id): try: data = SemiInboundService.get_outbound_history(id) @@ -145,6 +232,7 @@ def get_history(id): # 6. 系统用户建议 # ------------------------------------------------------------------ @inbound_semi_bp.route('/suggestions/users', methods=['GET']) +@permission_required('inbound_semi') def get_user_suggestions(): keyword = request.args.get('keyword', '') data = SemiInboundService.search_system_users(keyword) @@ -155,9 +243,10 @@ def get_user_suggestions(): # 7. 获取筛选选项 # ------------------------------------------------------------------ @inbound_semi_bp.route('/options', methods=['GET']) +@permission_required('inbound_semi') def get_options(): try: data = SemiInboundService.get_filter_options() return jsonify({"code": 200, "msg": "success", "data": data}) except Exception as e: - return jsonify({"code": 500, "msg": str(e)}), 500 \ No newline at end of file + return jsonify({"code": 500, "msg": str(e)}), 500 diff --git a/inventory-web/src/views/stock/inbound/semi.vue b/inventory-web/src/views/stock/inbound/semi.vue index c3b3d62..b917862 100644 --- a/inventory-web/src/views/stock/inbound/semi.vue +++ b/inventory-web/src/views/stock/inbound/semi.vue @@ -69,7 +69,7 @@
- 半成品入库 + 半成品入库 @@ -80,13 +80,13 @@
基础信息
- {{ c.label }} + {{ c.label }}
生产与库存
- {{ c.label }} + {{ c.label }} @@ -189,7 +189,7 @@ - +