feat: sync advanced filter fields with column permissions

Co-authored-by: aider (openai/DeepSeek-V3.2-Thinking) <aider@aider.chat>
2026-03-02 17:53:52 +08:00
parent cf821b78aa
commit ec8bdb2476
3 changed files with 40 additions and 14 deletions
--- a/inventory-backend/app/api/v1/inbound/base.py
+++ b/inventory-backend/app/api/v1/inbound/base.py
@ -125,7 +125,8 @@ def get_list():
            'advancedFilters': advanced_filters_list
        }

-        result = MaterialBaseService.get_list(page, limit, filters)
+        user_permissions = get_current_user_permissions()
+        result = MaterialBaseService.get_list(page, limit, filters, user_permissions)
        # 字段级脱敏
        user_permissions = get_current_user_permissions()
        if result.get('items'):
--- a/inventory-backend/app/services/inbound/base_service.py
+++ b/inventory-backend/app/services/inbound/base_service.py
@ -110,7 +110,7 @@ class MaterialBaseService:
        return total_inv, total_avail

    @staticmethod
-    def get_list(page, limit, filters=None):
+    def get_list(page, limit, filters=None, user_permissions=None):
        """
        获取基础信息列表 (带分页、高级筛选和全字段排序)
        """
@ -192,6 +192,18 @@ class MaterialBaseService:
                        'inventoryCount': total_inv,
                        'availableCount': total_avail
                    }
+                    # 字段到权限码的映射
+                    field_permission_map = {
+                        'companyName': 'material_list:companyName',
+                        'name': 'material_list:name',
+                        'commonName': 'material_list:commonName',
+                        'category': 'material_list:category',
+                        'type': 'material_list:type',
+                        'spec': 'material_list:spec',
+                        'unit': 'material_list:unit',
+                        'inventoryCount': 'material_list:inventoryCount',
+                        'availableCount': 'material_list:availableCount'
+                    }
                    filter_conditions = []
                    for condition in advanced_filters:
                        field = condition.get('field')
@ -202,6 +214,15 @@ class MaterialBaseService:
                        db_field = allowed_fields.get(field)
                        if not db_field:
                            continue
+                        # 权限校验
+                        if user_permissions is not None:
+                            perm_code = field_permission_map.get(field)
+                            if 'material_list:*' in user_permissions:
+                                # 超级管理员拥有全部权限
+                                pass
+                            elif perm_code and perm_code not in user_permissions:
+                                # 无权限，跳过该条件
+                                continue
                        # 对于聚合字段 (inventoryCount, availableCount)，需要使用子查询别名
                        if isinstance(db_field, type(total_inv)):
                            column = db_field
--- a/inventory-web/src/views/material/list.vue
+++ b/inventory-web/src/views/material/list.vue
@ -445,7 +445,7 @@
 </template>

 <script setup lang="ts">
-import { ref, reactive, onMounted, nextTick } from 'vue';
+import { ref, reactive, onMounted, nextTick, computed } from 'vue';
 import { Plus, Document, Refresh, Setting, Rank, Camera, Link, Download } from '@element-plus/icons-vue';
 import { ElMessage, ElMessageBox, ElLoading } from 'element-plus';
 import type { FormInstance, FormRules } from 'element-plus';
@ -511,17 +511,21 @@ const submitLoading = ref(false);
 const tableSize = ref<'large' | 'default' | 'small'>('large');
 const advancedFilterVisible = ref(false);
 const advancedConditions = ref([{ field: '', operator: '', value: '' }]);
-const fieldOptions = ref([
-  { value: 'companyName', label: '所属公司' },
-  { value: 'name', label: '名称' },
-  { value: 'commonName', label: '俗名' },
-  { value: 'category', label: '类别' },
-  { value: 'type', label: '类型' },
-  { value: 'spec', label: '规格型号' },
-  { value: 'unit', label: '单位' },
-  { value: 'inventoryCount', label: '库存数' },
-  { value: 'availableCount', label: '可用数' }
-]);
+const fieldOptions = computed(() => {
+  const allFields = [
+    { value: 'companyName', label: '所属公司', perm: 'material_list:companyName' },
+    { value: 'name', label: '名称', perm: 'material_list:name' },
+    { value: 'commonName', label: '俗名', perm: 'material_list:commonName' },
+    { value: 'category', label: '类别', perm: 'material_list:category' },
+    { value: 'type', label: '类型', perm: 'material_list:type' },
+    { value: 'spec', label: '规格型号', perm: 'material_list:spec' },
+    { value: 'unit', label: '单位', perm: 'material_list:unit' },
+    { value: 'inventoryCount', label: '库存数', perm: 'material_list:inventoryCount' },
+    { value: 'availableCount', label: '可用数', perm: 'material_list:availableCount' }
+  ];
+  // 根据用户权限过滤
+  return allFields.filter(item => userStore.hasPermission(item.perm));
+});
 const operatorOptions = ref([
  { value: 'eq', label: '等于' },
  { value: 'ne', label: '不等于' },