From de0a5c8db23a0a4c2acf33fee8a572ed73441fa4 Mon Sep 17 00:00:00 2001 From: dxc Date: Tue, 10 Mar 2026 17:27:54 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=A8=E5=B1=80=E5=AE=A1=E8=AE=A1=E6=97=A5?= =?UTF-8?q?=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inventory-backend/app/api/v1/auth.py | 17 +++++++++++++++- inventory-backend/app/api/v1/permission.py | 6 ++++++ inventory-backend/app/api/v1/transactions.py | 12 ++++++++++- inventory-backend/app/api/v1/warehouse.py | 21 ++++++++++++++++++++ 4 files changed, 54 insertions(+), 2 deletions(-) diff --git a/inventory-backend/app/api/v1/auth.py b/inventory-backend/app/api/v1/auth.py index 4eefa91..46560ec 100644 --- a/inventory-backend/app/api/v1/auth.py +++ b/inventory-backend/app/api/v1/auth.py @@ -2,7 +2,7 @@ from flask import Blueprint, request, jsonify, current_app from flask_jwt_extended import jwt_required, get_jwt from app.services.auth_service import AuthService -from app.utils.decorators import permission_required +from app.utils.decorators import permission_required, audit_log auth_bp = Blueprint('auth', __name__) @@ -107,6 +107,11 @@ def refresh(): @auth_bp.route('/user/create', methods=['POST']) @jwt_required() @permission_required('system_user:operation') +@audit_log( + module='用户管理', + action='新增', + get_target_name_fn=lambda: request.get_json().get('username') if request.get_json() else None +) def create_user(): try: data = request.get_json() @@ -151,6 +156,11 @@ def create_user(): @auth_bp.route('/user/', methods=['PUT']) @jwt_required() @permission_required('system_user:operation') +@audit_log( + module='用户管理', + action='修改', + get_target_id_fn=lambda: request.view_args.get('user_id') +) def update_user(user_id): try: data = request.get_json() @@ -207,6 +217,11 @@ def get_users(): @auth_bp.route('/user/', methods=['DELETE']) @jwt_required() @permission_required('system_user:operation') +@audit_log( + module='用户管理', + action='删除', + get_target_id_fn=lambda: request.view_args.get('user_id') +) def delete_user(user_id): try: claims = get_jwt() diff --git a/inventory-backend/app/api/v1/permission.py b/inventory-backend/app/api/v1/permission.py index e6efa6d..4bda5a1 100644 --- a/inventory-backend/app/api/v1/permission.py +++ b/inventory-backend/app/api/v1/permission.py @@ -2,6 +2,7 @@ from flask import Blueprint, request, jsonify, current_app from flask_jwt_extended import jwt_required from app.services.permission_service import PermissionService +from app.utils.decorators import audit_log permission_bp = Blueprint('permission', __name__) @@ -34,6 +35,11 @@ def get_role_perms(role_code): @permission_bp.route('/assign', methods=['POST']) @jwt_required() +@audit_log( + module='权限管理', + action='分配', + get_target_name_fn=lambda: request.get_json().get('role_code') if request.get_json() else None +) def assign_perms(): """保存权限分配""" try: diff --git a/inventory-backend/app/api/v1/transactions.py b/inventory-backend/app/api/v1/transactions.py index 825027e..b4f5d35 100644 --- a/inventory-backend/app/api/v1/transactions.py +++ b/inventory-backend/app/api/v1/transactions.py @@ -1,6 +1,6 @@ from flask import Blueprint, jsonify, request # .material -> .base refactor checked from flask_jwt_extended import jwt_required, get_jwt_identity, get_jwt -from app.utils.decorators import permission_required +from app.utils.decorators import permission_required, audit_log from app.services.auth_service import AuthService from app.services.trans_service import TransService import traceback @@ -59,6 +59,11 @@ def filter_item_by_permissions(item_dict, user_permissions, prefix='op_records') @trans_bp.route('/borrow', methods=['POST']) @jwt_required() @permission_required('op_borrow:operation') +@audit_log( + module='借库管理', + action='新增', + get_target_name_fn=lambda: request.get_json().get('borrow_no') if request.get_json() else None +) def create_borrow(): data = request.get_json() # 数据清洗:移除用户没有权限的字段 @@ -108,6 +113,11 @@ def scan_borrowed_item(): @trans_bp.route('/return', methods=['POST']) @jwt_required() @permission_required('op_return:operation') +@audit_log( + module='借库管理', + action='归还', + get_target_name_fn=lambda: request.get_json().get('borrow_no') if request.get_json() else None +) def submit_return(): data = request.get_json() # 数据清洗:移除用户没有权限的字段 diff --git a/inventory-backend/app/api/v1/warehouse.py b/inventory-backend/app/api/v1/warehouse.py index 8e24d09..9d1fdd5 100644 --- a/inventory-backend/app/api/v1/warehouse.py +++ b/inventory-backend/app/api/v1/warehouse.py @@ -1,7 +1,9 @@ # inventory-backend/app/api/v1/warehouse.py from flask import Blueprint, request, jsonify +from flask_jwt_extended import jwt_required from app.extensions import db from app.models.system import SysWarehouseLocation +from app.utils.decorators import audit_log warehouse_bp = Blueprint('warehouse', __name__, url_prefix='/api/v1/warehouse') @@ -49,6 +51,12 @@ def get_tree(): @warehouse_bp.route('', methods=['POST']) +@jwt_required() +@audit_log( + module='库位管理', + action='新增', + get_target_name_fn=lambda: request.get_json().get('name') if request.get_json() else None +) def create_location(): """ 创建库位 @@ -100,6 +108,13 @@ def create_location(): @warehouse_bp.route('/', methods=['PUT']) +@jwt_required() +@audit_log( + module='库位管理', + action='修改', + get_target_id_fn=lambda: request.view_args.get('location_id'), + get_target_name_fn=lambda: request.get_json().get('name') if request.get_json() else None +) def update_location(location_id): """ 更新库位 @@ -144,6 +159,12 @@ def update_location(location_id): @warehouse_bp.route('/', methods=['DELETE']) +@jwt_required() +@audit_log( + module='库位管理', + action='删除', + get_target_id_fn=lambda: request.view_args.get('location_id') +) def delete_location(location_id): """ 删除库位(级联删除子库位)