fix: case-insensitive super admin role check and wildcard permission

Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>

inventory-backend/app/api/v1/inbound/base.py

@@ -23,10 +23,9 @@ def get_current_user_permissions():
     user_role = claims.get('role')
     if not user_role:
         return []
-    # 超级管理员返回所有字段权限
-    if user_role == 'super_admin':
-        return ['material_list:id', 'material_list:companyName', 'material_list:name', 'material_list:commonName', 'material_list:category', 'material_list:type',
-                'material_list:spec', 'material_list:unit', 'material_list:inventoryCount', 'material_list:availableCount', 'material_list:files', 'material_list:isEnabled']
+    # 超级管理员返回所有字段权限 (忽略大小写)
+    if user_role.upper() == 'SUPER_ADMIN':
+        return ['material_list:*']
     perm_dict = AuthService.get_user_permissions(user_role)
     # 合并菜单和元素权限
     perms = perm_dict.get('menus', []) + perm_dict.get('elements', [])
@@ -37,6 +36,9 @@ def filter_item_by_permissions(item_dict, user_permissions):
     """
     根据用户权限过滤 item 字典，无权限的字段值置为 None
     """
+    # 如果用户拥有通配符权限，则不过滤
+    if 'material_list:*' in user_permissions:
+        return item_dict
     # 字段名到权限码的映射（与前端 permissionMap 保持一致）
     field_to_perm = {
         'id': 'material_list:id',
@@ -190,6 +192,10 @@ def create():
         }
         # 过滤用户没有权限的字段
         filtered_data = {}
+        # 如果拥有通配符权限，则不过滤
+        if 'material_list:*' in user_permissions:
+            filtered_data = data
+        else:
             for key, value in data.items():
                 if key in field_to_perm:
                     perm_code = field_to_perm[key]
@@ -239,6 +245,10 @@ def update(id):
         }
         # 过滤用户没有权限的字段
         filtered_data = {}
+        # 如果拥有通配符权限，则不过滤
+        if 'material_list:*' in user_permissions:
+            filtered_data = data
+        else:
             for key, value in data.items():
                 if key in field_to_perm:
                     perm_code = field_to_perm[key]