fix: 彻底移除 op_records 字段级权限过滤，所有字段对普通角色可见

2026-05-15 10:40:53 +08:00
parent 1e341ab6aa
commit d736d5d4a9
2 changed files with 15 additions and 12 deletions
--- a/inventory-backend/app/api/v1/transactions.py
+++ b/inventory-backend/app/api/v1/transactions.py
@ -35,16 +35,17 @@ def filter_item_by_permissions(item_dict, user_permissions, prefix='op_records')
    """
    # 字段名到权限码的映射（与前端 permissionMap 保持一致）
    field_to_perm = {
-        'borrow_no': f'{prefix}:borrow_no',
-        'borrower_name': f'{prefix}:borrower_name',
-        # 'sku': f'{prefix}:sku',   # SKU 字段不再参与权限过滤，直接返回
-        'borrow_time': f'{prefix}:borrow_time',
-        'return_time': f'{prefix}:return_time',
-        'status': f'{prefix}:status',
-        'expected_return_time': f'{prefix}:expected_return_time',
-        'return_location': f'{prefix}:return_location',
-        'borrow_signature': f'{prefix}:borrow_signature',
-        'return_signature': f'{prefix}:return_signature',
+        # 'borrow_no': f'{prefix}:borrow_no',
+        # 'borrower_name': f'{prefix}:borrower_name',
+        # 'sku': f'{prefix}:sku',
+        # 'borrow_time': f'{prefix}:borrow_time',
+        # 'return_time': f'{prefix}:return_time',
+        # 'return_operator': f'{prefix}:return_operator',
+        # 'status': f'{prefix}:status',
+        # 'expected_return_time': f'{prefix}:expected_return_time',
+        # 'return_location': f'{prefix}:return_location',
+        # 'borrow_signature': f'{prefix}:borrow_signature',
+        # 'return_signature': f'{prefix}:return_signature',
    }
    # 如果用户是超级管理员且有 '*'，则不过滤
    if '*' in user_permissions:
--- a/inventory-web/src/views/transaction/records.vue
+++ b/inventory-web/src/views/transaction/records.vue
@ -56,6 +56,7 @@
        </template>
      </el-table-column>
      <el-table-column v-if="hasColumnPermission('borrow_time')" prop="borrow_time" label="借出时间" width="160" sortable />
+      <el-table-column v-if="hasColumnPermission('return_operator')" prop="return_operator" label="归还人" width="100" />

      <el-table-column v-if="hasColumnPermission('expected_return_time') || hasColumnPermission('return_time')" label="归还时间 / 预计" min-width="200">
        <template #default="{row}">
@ -173,8 +174,9 @@ const hasColumnPermission = (prop: string) => {
  if (userStore.role === 'SUPER_ADMIN' || userStore.username === 'IRIS') {
    return true
  }
-  // SKU 字段不再参与权限过滤，始终可见
-  if (prop === 'sku') {
+  // SKU / return_time / return_operator 不再参与权限过滤，始终可见
+  const alwaysVisible = ['sku', 'return_time', 'return_operator', 'expected_return_time', 'status', 'return_location', 'borrow_no', 'borrower_name', 'borrow_time']
+  if (alwaysVisible.includes(prop)) {
    return true
  }
  const code = permissionMap[prop]