From c3e2494b3e87e371f57c1afcbb0d2230a2395ed6 Mon Sep 17 00:00:00 2001
From: dxc <duxingchen@iris-rs.cn>
Date: Sat, 28 Feb 2026 11:23:00 +0800
Subject: [PATCH] fix: correct default sorting and export desensitization logic

Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
---
 inventory-backend/app/api/v1/inbound/base.py   | 18 +++++++++++++++++-
 .../app/services/inbound/base_service.py       |  6 +++---
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/inventory-backend/app/api/v1/inbound/base.py b/inventory-backend/app/api/v1/inbound/base.py
index 5a5d53a..ae00f80 100644
--- a/inventory-backend/app/api/v1/inbound/base.py
+++ b/inventory-backend/app/api/v1/inbound/base.py
@@ -25,7 +25,23 @@ def get_current_user_permissions():
         return []
     # 超级管理员返回所有字段权限 (忽略大小写)
     if user_role.upper() == 'SUPER_ADMIN':
-        return ['material_list:*']
+        # 返回通配符权限（供列表脱敏使用）以及所有具体权限（供导出脱敏使用）
+        return [
+            'material_list:*',
+            'material_list:id',
+            'material_list:companyName',
+            'material_list:name',
+            'material_list:commonName',
+            'material_list:category',
+            'material_list:type',
+            'material_list:spec',
+            'material_list:unit',
+            'material_list:inventoryCount',
+            'material_list:availableCount',
+            'material_list:files',
+            'material_list:isEnabled',
+            'material_list:operation'
+        ]
     perm_dict = AuthService.get_user_permissions(user_role)
     # 合并菜单和元素权限
     perms = perm_dict.get('menus', []) + perm_dict.get('elements', [])
diff --git a/inventory-backend/app/services/inbound/base_service.py b/inventory-backend/app/services/inbound/base_service.py
index 6917cb1..0d05f66 100644
--- a/inventory-backend/app/services/inbound/base_service.py
+++ b/inventory-backend/app/services/inbound/base_service.py
@@ -189,8 +189,8 @@ class MaterialBaseService:
                 else:
                     query = query.order_by(total_avail.desc())
             else:
-                # 默认按规格型号升序
-                query = query.order_by(MaterialBase.spec_model.asc())
+                # 默认排序：优先按总库存数降序，当库存相同时，再按规格型号升序
+                query = query.order_by(total_inv.desc(), MaterialBase.spec_model.asc())
 
             # 分页
             pagination = query.paginate(page=page, per_page=limit, error_out=False)
@@ -594,7 +594,7 @@ class MaterialBaseService:
                 ]
 
                 # 根据用户权限脱敏
-                if user_permissions and 'material_list:*' not in user_permissions:
+                if user_permissions is not None:
                     for field, perm_code in field_to_perm.items():
                         if perm_code not in user_permissions:
                             if field == 'category':