fix-security-permission-codes

inventory-backend/app/api/v1/inbound/buy.py

@@ -75,7 +75,10 @@ def filter_item_by_permissions(item_dict, user_permissions):
     if 'inbound_buy:*' in user_permissions:
         return item_dict
     for field, perm_code in field_to_perm.items():
-        if field in item_dict and perm_code not in user_permissions:
+        # 提取不带前缀的基础权限码（如 'serial_number'）
+        base_perm_code = perm_code.split(':')[-1] if ':' in perm_code else perm_code
+        # 如果用户的权限列表中，既没有长格式，也没有短格式，才将字段设为 None
+        if field in item_dict and perm_code not in user_permissions and base_perm_code not in user_permissions:
             item_dict[field] = None
     return item_dict