feat: sync advanced filter fields with column permissions
Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
This commit is contained in:
@ -110,7 +110,7 @@ class MaterialBaseService:
|
||||
return total_inv, total_avail
|
||||
|
||||
@staticmethod
|
||||
def get_list(page, limit, filters=None):
|
||||
def get_list(page, limit, filters=None, user_permissions=None):
|
||||
"""
|
||||
获取基础信息列表 (带分页、高级筛选和全字段排序)
|
||||
"""
|
||||
@ -192,6 +192,18 @@ class MaterialBaseService:
|
||||
'inventoryCount': total_inv,
|
||||
'availableCount': total_avail
|
||||
}
|
||||
# 字段到权限码的映射
|
||||
field_permission_map = {
|
||||
'companyName': 'material_list:companyName',
|
||||
'name': 'material_list:name',
|
||||
'commonName': 'material_list:commonName',
|
||||
'category': 'material_list:category',
|
||||
'type': 'material_list:type',
|
||||
'spec': 'material_list:spec',
|
||||
'unit': 'material_list:unit',
|
||||
'inventoryCount': 'material_list:inventoryCount',
|
||||
'availableCount': 'material_list:availableCount'
|
||||
}
|
||||
filter_conditions = []
|
||||
for condition in advanced_filters:
|
||||
field = condition.get('field')
|
||||
@ -202,6 +214,15 @@ class MaterialBaseService:
|
||||
db_field = allowed_fields.get(field)
|
||||
if not db_field:
|
||||
continue
|
||||
# 权限校验
|
||||
if user_permissions is not None:
|
||||
perm_code = field_permission_map.get(field)
|
||||
if 'material_list:*' in user_permissions:
|
||||
# 超级管理员拥有全部权限
|
||||
pass
|
||||
elif perm_code and perm_code not in user_permissions:
|
||||
# 无权限,跳过该条件
|
||||
continue
|
||||
# 对于聚合字段 (inventoryCount, availableCount),需要使用子查询别名
|
||||
if isinstance(db_field, type(total_inv)):
|
||||
column = db_field
|
||||
|
||||
Reference in New Issue
Block a user