fix: correct default sorting and export desensitization logic

Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
2026-02-28 11:23:00 +08:00
parent fed85e51c5
commit c3e2494b3e
2 changed files with 20 additions and 4 deletions
--- a/inventory-backend/app/api/v1/inbound/base.py
+++ b/inventory-backend/app/api/v1/inbound/base.py
@ -25,7 +25,23 @@ def get_current_user_permissions():
        return []
    # 超级管理员返回所有字段权限 (忽略大小写)
    if user_role.upper() == 'SUPER_ADMIN':
-        return ['material_list:*']
+        # 返回通配符权限（供列表脱敏使用）以及所有具体权限（供导出脱敏使用）
        return [
            'material_list:*',
            'material_list:id',
            'material_list:companyName',
            'material_list:name',
            'material_list:commonName',
            'material_list:category',
            'material_list:type',
            'material_list:spec',
            'material_list:unit',
            'material_list:inventoryCount',
            'material_list:availableCount',
            'material_list:files',
            'material_list:isEnabled',
            'material_list:operation'
        ]
    perm_dict = AuthService.get_user_permissions(user_role)
    # 合并菜单和元素权限
    perms = perm_dict.get('menus', []) + perm_dict.get('elements', [])
--- a/inventory-backend/app/services/inbound/base_service.py
+++ b/inventory-backend/app/services/inbound/base_service.py
@ -189,8 +189,8 @@ class MaterialBaseService:
                else:
                    query = query.order_by(total_avail.desc())
            else:
-                # 默认按规格型号升序
+                # 默认排序：优先按总库存数降序，当库存相同时，再按规格型号升序
-                query = query.order_by(MaterialBase.spec_model.asc())
+                query = query.order_by(total_inv.desc(), MaterialBase.spec_model.asc())
            # 分页
            pagination = query.paginate(page=page, per_page=limit, error_out=False)
@ -594,7 +594,7 @@ class MaterialBaseService:
                ]
                # 根据用户权限脱敏
-                if user_permissions and 'material_list:*' not in user_permissions:
+                if user_permissions is not None:
                    for field, perm_code in field_to_perm.items():
                        if perm_code not in user_permissions:
                            if field == 'category':