fix: resolve global permission code collision with material_list prefix

Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
2026-02-27 10:43:32 +08:00
parent f178b9cd00
commit d6d9621bf3
2 changed files with 35 additions and 35 deletions
--- a/inventory-backend/app/api/v1/inbound/base.py
+++ b/inventory-backend/app/api/v1/inbound/base.py
@ -25,8 +25,8 @@ def get_current_user_permissions():
        return []
    # 超级管理员返回所有字段权限
    if user_role == 'super_admin':
-        return ['id', 'companyName', 'name', 'commonName', 'category', 'type',
-                'spec', 'unit', 'inventoryCount', 'availableCount', 'files', 'isEnabled']
+        return ['material_list:id', 'material_list:companyName', 'material_list:name', 'material_list:commonName', 'material_list:category', 'material_list:type',
+                'material_list:spec', 'material_list:unit', 'material_list:inventoryCount', 'material_list:availableCount', 'material_list:files', 'material_list:isEnabled']
    perm_dict = AuthService.get_user_permissions(user_role)
    # 合并菜单和元素权限
    perms = perm_dict.get('menus', []) + perm_dict.get('elements', [])
@ -39,19 +39,19 @@ def filter_item_by_permissions(item_dict, user_permissions):
    """
    # 字段名到权限码的映射（与前端 permissionMap 保持一致）
    field_to_perm = {
-        'id': 'id',
-        'companyName': 'companyName',
-        'name': 'name',
-        'commonName': 'commonName',
-        'category': 'category',
-        'type': 'type',
-        'spec': 'spec',
-        'unit': 'unit',
-        'inventoryCount': 'inventoryCount',
-        'availableCount': 'availableCount',
-        'generalManual': 'files',
-        'generalImage': 'files',
-        'isEnabled': 'isEnabled'
+        'id': 'material_list:id',
+        'companyName': 'material_list:companyName',
+        'name': 'material_list:name',
+        'commonName': 'material_list:commonName',
+        'category': 'material_list:category',
+        'type': 'material_list:type',
+        'spec': 'material_list:spec',
+        'unit': 'material_list:unit',
+        'inventoryCount': 'material_list:inventoryCount',
+        'availableCount': 'material_list:availableCount',
+        'generalManual': 'material_list:files',
+        'generalImage': 'material_list:files',
+        'isEnabled': 'material_list:isEnabled'
    }
    for field, perm_code in field_to_perm.items():
        if field in item_dict and perm_code not in user_permissions:
@ -163,7 +163,7 @@ def export_data():
 # 3. 新增接口 (POST /api/v1/inbound/base/)
 # ==============================================================================
@inbound_base_bp.route('/', methods=['POST'])
-@permission_required('operation')
+@permission_required('material_list:operation')
 def create():
    try:
        data = request.get_json()
@ -185,7 +185,7 @@ def create():
 # 4. 修改接口 (PUT /api/v1/inbound/base/<id>)
 # ==============================================================================
@inbound_base_bp.route('/<int:id>', methods=['PUT'])
-@permission_required('operation')
+@permission_required('material_list:operation')
 def update(id):
    try:
        data = request.get_json()
@ -200,7 +200,7 @@ def update(id):
 # 5. 删除接口 (DELETE /api/v1/inbound/base/<id>)
 # ==============================================================================
@inbound_base_bp.route('/<int:id>', methods=['DELETE'])
-@permission_required('operation')
+@permission_required('material_list:operation')
 def delete(id):
    try:
        MaterialBaseService.delete_material(id)