duxingchen/KCGL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: resolve global permission code collision with material_list prefix

Browse Source 
Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
This commit is contained in:
dxc
2026-02-27 10:43:32 +08:00
parent f178b9cd00
commit d6d9621bf3
2 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
inventory-backend/app/api/v1/inbound/base.py
View File

@ -25,8 +25,8 @@ def get_current_user_permissions():
return [] return []
# 超级管理员返回所有字段权限 # 超级管理员返回所有字段权限
if user_role == 'super_admin': if user_role == 'super_admin':
return ['id', 'companyName', 'name', 'commonName', 'category', 'type', return ['material_list:id', 'material_list:companyName', 'material_list:name', 'material_list:commonName', 'material_list:category', 'material_list:type',
'spec', 'unit', 'inventoryCount', 'availableCount', 'files', 'isEnabled'] 'material_list:spec', 'material_list:unit', 'material_list:inventoryCount', 'material_list:availableCount', 'material_list:files', 'material_list:isEnabled']
perm_dict = AuthService.get_user_permissions(user_role) perm_dict = AuthService.get_user_permissions(user_role)
# 合并菜单和元素权限 # 合并菜单和元素权限
perms = perm_dict.get('menus', []) + perm_dict.get('elements', []) perms = perm_dict.get('menus', []) + perm_dict.get('elements', [])
@ -39,19 +39,19 @@ def filter_item_by_permissions(item_dict, user_permissions):
""" """
# 字段名到权限码的映射(与前端 permissionMap 保持一致) # 字段名到权限码的映射(与前端 permissionMap 保持一致)
field_to_perm = { field_to_perm = {
'id': 'id', 'id': 'material_list:id',
'companyName': 'companyName', 'companyName': 'material_list:companyName',
'name': 'name', 'name': 'material_list:name',
'commonName': 'commonName', 'commonName': 'material_list:commonName',
'category': 'category', 'category': 'material_list:category',
'type': 'type', 'type': 'material_list:type',
'spec': 'spec', 'spec': 'material_list:spec',
'unit': 'unit', 'unit': 'material_list:unit',
'inventoryCount': 'inventoryCount', 'inventoryCount': 'material_list:inventoryCount',
'availableCount': 'availableCount', 'availableCount': 'material_list:availableCount',
'generalManual': 'files', 'generalManual': 'material_list:files',
'generalImage': 'files', 'generalImage': 'material_list:files',
'isEnabled': 'isEnabled' 'isEnabled': 'material_list:isEnabled'
} }
for field, perm_code in field_to_perm.items(): for field, perm_code in field_to_perm.items():
if field in item_dict and perm_code not in user_permissions: if field in item_dict and perm_code not in user_permissions:
@ -163,7 +163,7 @@ def export_data():
# 3. 新增接口 (POST /api/v1/inbound/base/) # 3. 新增接口 (POST /api/v1/inbound/base/)
# ============================================================================== # ==============================================================================
@inbound_base_bp.route('/', methods=['POST']) @inbound_base_bp.route('/', methods=['POST'])
@permission_required('operation') @permission_required('material_list:operation')
def create(): def create():
try: try:
data = request.get_json() data = request.get_json()
@ -185,7 +185,7 @@ def create():
# 4. 修改接口 (PUT /api/v1/inbound/base/<id>) # 4. 修改接口 (PUT /api/v1/inbound/base/<id>)
# ============================================================================== # ==============================================================================
@inbound_base_bp.route('/<int:id>', methods=['PUT']) @inbound_base_bp.route('/<int:id>', methods=['PUT'])
@permission_required('operation') @permission_required('material_list:operation')
def update(id): def update(id):
try: try:
data = request.get_json() data = request.get_json()
@ -200,7 +200,7 @@ def update(id):
# 5. 删除接口 (DELETE /api/v1/inbound/base/<id>) # 5. 删除接口 (DELETE /api/v1/inbound/base/<id>)
# ============================================================================== # ==============================================================================
@inbound_base_bp.route('/<int:id>', methods=['DELETE']) @inbound_base_bp.route('/<int:id>', methods=['DELETE'])
@permission_required('operation') @permission_required('material_list:operation')
def delete(id): def delete(id):
try: try:
MaterialBaseService.delete_material(id) MaterialBaseService.delete_material(id)

34
inventory-web/src/views/material/list.vue
View File

@ -71,7 +71,7 @@
<el-icon style="margin-right: 5px"><Download /></el-icon>导出库存统计 <el-icon style="margin-right: 5px"><Download /></el-icon>导出库存统计
</el-button> </el-button>
<el-button v-if="userStore.hasPermission('material:base:write')" type="primary" @click="handleAdd" style="margin-right: 10px"> <el-button v-if="userStore.hasPermission('material_list:operation')" type="primary" @click="handleAdd" style="margin-right: 10px">
<el-icon style="margin-right: 5px"><Plus /></el-icon>新增 <el-icon style="margin-right: 5px"><Plus /></el-icon>新增
</el-button> </el-button>
@ -210,15 +210,15 @@
:active-value="1" :active-value="1"
:inactive-value="0" :inactive-value="0"
:loading="scope.row.statusLoading" :loading="scope.row.statusLoading"
:disabled="!userStore.hasPermission('material:base:write')" :disabled="!userStore.hasPermission('material_list:operation')"
@change="handleStatusChange(scope.row)" @change="handleStatusChange(scope.row)"
/> />
</template> </template>
</el-table-column> </el-table-column>
<el-table-column v-if="userStore.hasPermission('material:base:write') || userStore.hasPermission('material:base:delete')" label="操作" min-width="150" fixed="right" align="center"> <el-table-column v-if="userStore.hasPermission('material_list:operation')" label="操作" min-width="150" fixed="right" align="center">
<template #default="scope"> <template #default="scope">
<el-button v-if="userStore.hasPermission('material:base:write')" link type="primary" size="small" @click="handleEdit(scope.row)">编辑</el-button> <el-button v-if="userStore.hasPermission('material_list:operation')" link type="primary" size="small" @click="handleEdit(scope.row)">编辑</el-button>
<el-button v-if="userStore.hasPermission('material:base:delete')" link type="danger" size="small" @click="handleDelete(scope.row)">删除</el-button> <el-button v-if="userStore.hasPermission('material_list:operation')" link type="danger" size="small" @click="handleDelete(scope.row)">删除</el-button>
</template> </template>
</el-table-column> </el-table-column>
</el-table> </el-table>
@ -507,18 +507,18 @@ const columns = reactive({
// 列与权限Code的映射关系数据库中的code // 列与权限Code的映射关系数据库中的code
const permissionMap: Record<string, string> = { const permissionMap: Record<string, string> = {
id: 'id', id: 'material_list:id',
companyName: 'companyName', companyName: 'material_list:companyName',
name: 'name', name: 'material_list:name',
commonName: 'commonName', commonName: 'material_list:commonName',
category: 'category', category: 'material_list:category',
type: 'type', type: 'material_list:type',
spec: 'spec', spec: 'material_list:spec',
unit: 'unit', unit: 'material_list:unit',
inventory: 'inventoryCount', // 前端变量是 inventory数据库Code是 inventoryCount inventory: 'material_list:inventoryCount', // 前端变量是 inventory数据库Code是 inventoryCount
available: 'availableCount', // 前端变量是 available数据库Code是 availableCount available: 'material_list:availableCount', // 前端变量是 available数据库Code是 availableCount
files: 'files', files: 'material_list:files',
isEnabled: 'isEnabled' isEnabled: 'material_list:isEnabled'
}; };
// 根据用户权限初始化列显示状态 // 根据用户权限初始化列显示状态