feat: 为核心业务 API 全面挂载审计日志装饰器

inventory-backend/app/api/v1/bom.py

@@ -4,7 +4,7 @@ from app.models.base import MaterialBase
 from app.models.bom import BomTable
 from app.extensions import db
 from flask_jwt_extended import jwt_required, get_jwt
-from app.utils.decorators import permission_required
+from app.utils.decorators import permission_required, audit_log
 from app.services.auth_service import AuthService
 
 bom_bp = Blueprint('bom', __name__)
@@ -109,6 +109,11 @@ def get_bom_detail(bom_no):
 @bom_bp.route('/save', methods=['POST'])
 @jwt_required()
 @permission_required('bom_manage:operation')
+@audit_log(
+    module='BOM管理',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('bom_no') if request.get_json() else None
+)
 def save_bom():
     """保存或更新 BOM 配方（支持自定义 bom_no 和 多版本）"""
     try:
@@ -191,6 +196,11 @@ def get_bom_with_stock_by_no(bom_no):
 @bom_bp.route('/<path:bom_no>', methods=['DELETE'])
 @jwt_required()
 @permission_required('bom_manage:operation')
+@audit_log(
+    module='BOM管理',
+    action='删除',
+    get_target_id_fn=lambda: request.view_args.get('bom_no')
+)
 def delete_bom(bom_no):
     """
     根据 BOM 编号删除
@@ -243,6 +253,11 @@ def get_bom(parent_id):
 @bom_bp.route('', methods=['POST'])
 @jwt_required()
 @permission_required('bom_manage:operation')
+@audit_log(
+    module='BOM管理',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('bom_no') if request.get_json() else None
+)
 def save_bom_legacy():
     try:
         req_data = request.get_json()

inventory-backend/app/api/v1/inbound/base.py

@@ -2,7 +2,7 @@
 
 from flask import Blueprint, request, jsonify, send_file, g
 from app.services.inbound.base_service import MaterialBaseService
-from app.utils.decorators import login_required, permission_required
+from app.utils.decorators import login_required, permission_required, audit_log
 import traceback
 import datetime
 import json
@@ -197,6 +197,11 @@ def export_data():
 # ==============================================================================
 @inbound_base_bp.route('/', methods=['POST'])
 @permission_required('material_list:operation')
+@audit_log(
+    module='基础信息管理',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('name') if request.get_json() else None
+)
 def create():
     try:
         data = request.get_json()
@@ -253,6 +258,12 @@ def create():
 # ==============================================================================
 @inbound_base_bp.route('/<int:id>', methods=['PUT'])
 @permission_required('material_list:operation')
+@audit_log(
+    module='基础信息管理',
+    action='修改',
+    get_target_id_fn=lambda: request.view_args.get('id'),
+    get_target_name_fn=lambda: request.get_json().get('name') if request.get_json() else None
+)
 def update(id):
     try:
         data = request.get_json()
@@ -302,6 +313,11 @@ def update(id):
 # ==============================================================================
 @inbound_base_bp.route('/<int:id>', methods=['DELETE'])
 @permission_required('material_list:operation')
+@audit_log(
+    module='基础信息管理',
+    action='删除',
+    get_target_id_fn=lambda: request.view_args.get('id')
+)
 def delete(id):
     try:
         MaterialBaseService.delete_material(id)

inventory-backend/app/api/v1/inbound/buy.py

@@ -1,6 +1,6 @@
 from flask import Blueprint, request, jsonify
 from app.services.inbound.buy_service import BuyInboundService
-from app.utils.decorators import permission_required
+from app.utils.decorators import permission_required, audit_log
 import traceback
 
 inbound_buy_bp = Blueprint('stock_buy', __name__)
@@ -155,6 +155,11 @@ def get_list():
 # ------------------------------------------------------------------
 @inbound_buy_bp.route('/submit', methods=['POST'])
 @permission_required('inbound_buy:operation')
+@audit_log(
+    module='采购入库',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def submit():
     try:
         data = request.get_json()
@@ -224,6 +229,12 @@ def submit():
 # ------------------------------------------------------------------
 @inbound_buy_bp.route('/<int:id>', methods=['PUT'])
 @permission_required('inbound_buy:operation')
+@audit_log(
+    module='采购入库',
+    action='修改',
+    get_target_id_fn=lambda: request.view_args.get('id'),
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def update_buy(id):
     try:
         data = request.get_json()
@@ -283,6 +294,11 @@ def update_buy(id):
 # ------------------------------------------------------------------
 @inbound_buy_bp.route('/<int:id>', methods=['DELETE'])
 @permission_required('inbound_buy:operation')
+@audit_log(
+    module='采购入库',
+    action='删除',
+    get_target_id_fn=lambda: request.view_args.get('id')
+)
 def delete_buy(id):
     try:
         BuyInboundService.delete_inbound(id)

inventory-backend/app/api/v1/inbound/product.py

@@ -1,7 +1,7 @@
 # inventory-backend/app/api/v1/inbound/product.py
 from flask import Blueprint, request, jsonify
 from app.services.inbound.product_service import ProductInboundService
-from app.utils.decorators import permission_required
+from app.utils.decorators import permission_required, audit_log
 import traceback
 
 # === 这一行非常关键，绝对不能丢！===
@@ -123,6 +123,11 @@ def get_list():
 
 @inbound_product_bp.route('/submit', methods=['POST'])
 @permission_required('inbound_product:operation')
+@audit_log(
+    module='成品入库',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def submit():
     try:
         data = request.get_json()
@@ -141,6 +146,12 @@ def submit():
 
 @inbound_product_bp.route('/<int:id>', methods=['PUT'])
 @permission_required('inbound_product:operation')
+@audit_log(
+    module='成品入库',
+    action='修改',
+    get_target_id_fn=lambda: request.view_args.get('id'),
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def update(id):
     try:
         data = request.get_json()
@@ -158,6 +169,11 @@ def update(id):
 
 @inbound_product_bp.route('/<int:id>', methods=['DELETE'])
 @permission_required('inbound_product:operation')
+@audit_log(
+    module='成品入库',
+    action='删除',
+    get_target_id_fn=lambda: request.view_args.get('id')
+)
 def delete(id):
     try:
         ProductInboundService.delete_inbound(id)

inventory-backend/app/api/v1/inbound/semi.py

@@ -1,7 +1,7 @@
 # inventory-backend/app/api/v1/inbound/semi.py
 from flask import Blueprint, request, jsonify
 from app.services.inbound.semi_service import SemiInboundService
-from app.utils.decorators import permission_required
+from app.utils.decorators import permission_required, audit_log
 import traceback
 
 # === 这一行非常关键，绝对不能丢！===
@@ -118,6 +118,11 @@ def get_list():
 
 @inbound_semi_bp.route('/submit', methods=['POST'])
 @permission_required('inbound_semi:operation')
+@audit_log(
+    module='半成品入库',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def submit():
     try:
         data = request.get_json()
@@ -136,6 +141,12 @@ def submit():
 
 @inbound_semi_bp.route('/<int:id>', methods=['PUT'])
 @permission_required('inbound_semi:operation')
+@audit_log(
+    module='半成品入库',
+    action='修改',
+    get_target_id_fn=lambda: request.view_args.get('id'),
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def update_semi(id):
     try:
         data = request.get_json()
@@ -153,6 +164,11 @@ def update_semi(id):
 
 @inbound_semi_bp.route('/<int:id>', methods=['DELETE'])
 @permission_required('inbound_semi:operation')
+@audit_log(
+    module='半成品入库',
+    action='删除',
+    get_target_id_fn=lambda: request.view_args.get('id')
+)
 def delete_semi(id):
     try:
         SemiInboundService.delete_inbound(id)

inventory-backend/app/api/v1/inbound/service.py

@@ -3,7 +3,7 @@ from flask import request, jsonify, current_app
 from flask_jwt_extended import jwt_required
 from . import inbound_bp
 from app.services.inbound.service_service import ServiceService
-from app.utils.decorators import role_required, permission_required
+from app.utils.decorators import role_required, permission_required, audit_log
 import traceback
 
 
@@ -112,6 +112,11 @@ def get_service_list():
 
 @inbound_bp.route('/service', methods=['POST'])
 @permission_required('inbound_service:operation')
+@audit_log(
+    module='服务权益',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def create_service():
     """创建服务权益"""
     data = request.get_json()
@@ -188,6 +193,12 @@ def get_service(service_id):
 
 @inbound_bp.route('/service/<int:service_id>', methods=['PUT'])
 @permission_required('inbound_service:operation')
+@audit_log(
+    module='服务权益',
+    action='修改',
+    get_target_id_fn=lambda: request.view_args.get('service_id'),
+    get_target_name_fn=lambda: request.get_json().get('material_name') if request.get_json() else None
+)
 def update_service(service_id):
     """更新服务权益"""
     data = request.get_json()
@@ -247,6 +258,11 @@ def update_service(service_id):
 
 @inbound_bp.route('/service/<int:service_id>', methods=['DELETE'])
 @permission_required('inbound_service:operation')
+@audit_log(
+    module='服务权益',
+    action='删除',
+    get_target_id_fn=lambda: request.view_args.get('service_id')
+)
 def delete_service(service_id):
     """删除服务权益"""
     try:

inventory-backend/app/api/v1/outbound.py

@@ -1,7 +1,7 @@
 from flask import Blueprint, request, jsonify
 from app.services.outbound_service import OutboundService
 from flask_jwt_extended import jwt_required, get_jwt_identity, get_jwt
-from app.utils.decorators import permission_required
+from app.utils.decorators import permission_required, audit_log
 from app.services.auth_service import AuthService
 import traceback
 
@@ -107,6 +107,11 @@ def scan_barcode():
 # --------------------------------------------------------
 @outbound_bp.route('', methods=['POST'])
 @jwt_required()
+@audit_log(
+    module='出库管理',
+    action='新增',
+    get_target_name_fn=lambda: request.get_json().get('order_no') if request.get_json() else None
+)
 def create_outbound():
     # 权限检查：需要 outbound_create:operation 或 outbound_selection:operation 之一
     claims = get_jwt()