# inventory-backend/app/api/v1/inbound/product.py from flask import Blueprint, request, jsonify from app.services.inbound.product_service import ProductInboundService from app.utils.decorators import permission_required import traceback inbound_product_bp = Blueprint('stock_product', __name__) # ============================================================================== # 辅助函数:获取当前用户的完整权限列表(基于角色查询) # ============================================================================== def get_current_user_permissions(): """ 返回当前用户拥有的所有权限码列表(包括菜单和元素) 此函数根据角色查询数据库得到权限。 """ from flask_jwt_extended import get_jwt from app.services.auth_service import AuthService claims = get_jwt() user_role = claims.get('role') if not user_role: return [] # 超级管理员返回所有字段权限 if user_role == 'super_admin': # 返回所有以 inbound_product: 开头的权限码(这里我们返回一个特殊标记,表示全部) # 为了简单,我们返回 ['inbound_product:*'],在过滤函数中特殊处理 return ['inbound_product:*'] perm_dict = AuthService.get_user_permissions(user_role) # 合并菜单和元素权限 perms = perm_dict.get('menus', []) + perm_dict.get('elements', []) return perms def filter_item_by_permissions(item_dict, user_permissions): """ 根据用户权限过滤 item 字典,无权限的字段值置为 None """ # 字段名到权限码的映射(与前端 permissionMap 保持一致) field_to_perm = { 'id': 'inbound_product:id', 'base_id': 'inbound_product:base_id', 'company_name': 'inbound_product:company_name', 'material_name': 'inbound_product:material_name', 'category': 'inbound_product:category', 'material_type': 'inbound_product:material_type', 'spec_model': 'inbound_product:spec_model', 'unit': 'inbound_product:unit', 'sku': 'inbound_product:sku', 'inbound_date': 'inbound_product:inbound_date', 'barcode': 'inbound_product:barcode', 'serial_number': 'inbound_product:serial_number', 'status': 'inbound_product:status', 'quality_status': 'inbound_product:quality_status', 'in_quantity': 'inbound_product:in_quantity', 'stock_quantity': 'inbound_product:stock_quantity', 'available_quantity': 'inbound_product:available_quantity', 'warehouse_location': 'inbound_product:warehouse_location', 'bom_code': 'inbound_product:bom_code', 'bom_version': 'inbound_product:bom_version', 'work_order_code': 'inbound_product:work_order_code', 'order_id': 'inbound_product:order_id', 'production_manager': 'inbound_product:production_manager', 'production_start_time': 'inbound_product:production_start_time', 'production_end_time': 'inbound_product:production_end_time', 'raw_material_cost': 'inbound_product:raw_material_cost', 'manual_cost': 'inbound_product:manual_cost', 'sale_price': 'inbound_product:sale_price', 'product_photo': 'inbound_product:product_photo', 'quality_report_link': 'inbound_product:quality_report_link', 'inspection_report_link': 'inbound_product:inspection_report_link', 'detail_link': 'inbound_product:detail_link', } # 如果用户是超级管理员且有 'inbound_product:*',则不过滤 if 'inbound_product:*' in user_permissions: return item_dict for field, perm_code in field_to_perm.items(): if field in item_dict and perm_code not in user_permissions: item_dict[field] = None return item_dict # ------------------------------------------------------------------ # 0. 基础物料搜索 (关键接口:配合 Service 实现自动回填) # ------------------------------------------------------------------ @inbound_product_bp.route('/search-base', methods=['GET']) @permission_required('inbound_product') def search_base(): """ 对应前端 API: /inbound/product/search-base 功能: 模糊搜索基础物料,返回 spec, unit, category, type 等详细信息 """ try: keyword = request.args.get('keyword', '') # 调用 Service 层已修复的 search_base_material 方法 data = ProductInboundService.search_base_material(keyword) # 字段级脱敏 user_permissions = get_current_user_permissions() filtered_data = [filter_item_by_permissions(item, user_permissions) for item in data] return jsonify({"code": 200, "msg": "success", "data": filtered_data}) except Exception as e: # 捕获异常并打印堆栈,方便调试 traceback.print_exc() return jsonify({"code": 500, "msg": str(e)}), 500 # ------------------------------------------------------------------ # 0.5 [新增] BOM 搜索接口 # ------------------------------------------------------------------ @inbound_product_bp.route('/search-bom', methods=['GET']) @permission_required('inbound_product') def search_bom(): """ 供前端下拉框远程搜索使用 (搜索BOM) """ try: keyword = request.args.get('keyword', '') data = ProductInboundService.search_bom_options(keyword) return jsonify({ "code": 200, "msg": "success", "data": data }) except Exception as e: traceback.print_exc() return jsonify({"code": 500, "msg": str(e)}), 500 # ------------------------------------------------------------------ # 1. 获取列表 (支持 status 多选筛选) # ------------------------------------------------------------------ @inbound_product_bp.route('/list', methods=['GET']) @permission_required('inbound_product') def get_list(): try: page = request.args.get('page', 1, type=int) limit = request.args.get('pageSize', 15, type=int) keyword = request.args.get('keyword', '') # 接收状态参数 (逗号分隔字符串 -> 列表) statuses_str = request.args.get('statuses', '') statuses = statuses_str.split(',') if statuses_str else [] result = ProductInboundService.get_list(page, limit, keyword, statuses) # 字段级脱敏 user_permissions = get_current_user_permissions() if result.get('items'): result['items'] = [filter_item_by_permissions(item, user_permissions) for item in result['items']] return jsonify({"code": 200, "msg": "success", "data": result}) except Exception as e: traceback.print_exc() return jsonify({"code": 500, "msg": str(e)}), 500 # ------------------------------------------------------------------ # 2. 新增入库 # ------------------------------------------------------------------ @inbound_product_bp.route('/submit', methods=['POST']) @permission_required('inbound_product:operation') def submit(): try: data = request.get_json() if not data: return jsonify({"code": 400, "msg": "No data"}), 400 # 数据清洗:移除用户没有权限的字段 user_permissions = get_current_user_permissions() # 超级管理员不过滤 if 'inbound_product:*' not in user_permissions: field_to_perm = { 'id': 'inbound_product:id', 'base_id': 'inbound_product:base_id', 'company_name': 'inbound_product:company_name', 'material_name': 'inbound_product:material_name', 'category': 'inbound_product:category', 'material_type': 'inbound_product:material_type', 'spec_model': 'inbound_product:spec_model', 'unit': 'inbound_product:unit', 'sku': 'inbound_product:sku', 'inbound_date': 'inbound_product:inbound_date', 'barcode': 'inbound_product:barcode', 'serial_number': 'inbound_product:serial_number', 'status': 'inbound_product:status', 'quality_status': 'inbound_product:quality_status', 'in_quantity': 'inbound_product:in_quantity', 'stock_quantity': 'inbound_product:stock_quantity', 'available_quantity': 'inbound_product:available_quantity', 'warehouse_location': 'inbound_product:warehouse_location', 'bom_code': 'inbound_product:bom_code', 'bom_version': 'inbound_product:bom_version', 'work_order_code': 'inbound_product:work_order_code', 'order_id': 'inbound_product:order_id', 'production_manager': 'inbound_product:production_manager', 'production_start_time': 'inbound_product:production_start_time', 'production_end_time': 'inbound_product:production_end_time', 'raw_material_cost': 'inbound_product:raw_material_cost', 'manual_cost': 'inbound_product:manual_cost', 'sale_price': 'inbound_product:sale_price', 'product_photo': 'inbound_product:product_photo', 'quality_report_link': 'inbound_product:quality_report_link', 'inspection_report_link': 'inbound_product:inspection_report_link', 'detail_link': 'inbound_product:detail_link', } # 复制一份,避免遍历时修改字典 for field in list(data.keys()): perm_code = field_to_perm.get(field) if perm_code and perm_code not in user_permissions: data.pop(field, None) # 调用 Service 处理入库,获取新创建的对象 new_stock = ProductInboundService.handle_inbound(data) # 返回成功信息以及新创建的数据(包含生成的ID和SKU),供前端自动打印使用 return jsonify({ "code": 200, "msg": "入库成功", "data": new_stock.to_dict() }) except Exception as e: traceback.print_exc() return jsonify({"code": 500, "msg": str(e)}), 500 # ------------------------------------------------------------------ # 3. 更新入库 # ------------------------------------------------------------------ @inbound_product_bp.route('/', methods=['PUT']) @permission_required('inbound_product:operation') def update(id): try: data = request.get_json() # 数据清洗:移除用户没有权限的字段 user_permissions = get_current_user_permissions() # 超级管理员不过滤 if 'inbound_product:*' not in user_permissions: field_to_perm = { 'id': 'inbound_product:id', 'base_id': 'inbound_product:base_id', 'company_name': 'inbound_product:company_name', 'material_name': 'inbound_product:material_name', 'category': 'inbound_product:category', 'material_type': 'inbound_product:material_type', 'spec_model': 'inbound_product:spec_model', 'unit': 'inbound_product:unit', 'sku': 'inbound_product:sku', 'inbound_date': 'inbound_product:inbound_date', 'barcode': 'inbound_product:barcode', 'serial_number': 'inbound_product:serial_number', 'status': 'inbound_product:status', 'quality_status': 'inbound_product:quality_status', 'in_quantity': 'inbound_product:in_quantity', 'stock_quantity': 'inbound_product:stock_quantity', 'available_quantity': 'inbound_product:available_quantity', 'warehouse_location': 'inbound_product:warehouse_location', 'bom_code': 'inbound_product:bom_code', 'bom_version': 'inbound_product:bom_version', 'work_order_code': 'inbound_product:work_order_code', 'order_id': 'inbound_product:order_id', 'production_manager': 'inbound_product:production_manager', 'production_start_time': 'inbound_product:production_start_time', 'production_end_time': 'inbound_product:production_end_time', 'raw_material_cost': 'inbound_product:raw_material_cost', 'manual_cost': 'inbound_product:manual_cost', 'sale_price': 'inbound_product:sale_price', 'product_photo': 'inbound_product:product_photo', 'quality_report_link': 'inbound_product:quality_report_link', 'inspection_report_link': 'inbound_product:inspection_report_link', 'detail_link': 'inbound_product:detail_link', } # 复制一份,避免遍历时修改字典 for field in list(data.keys()): perm_code = field_to_perm.get(field) if perm_code and perm_code not in user_permissions: data.pop(field, None) ProductInboundService.update_inbound(id, data) return jsonify({"code": 200, "msg": "更新成功"}) except Exception as e: traceback.print_exc() return jsonify({"code": 500, "msg": str(e)}), 500 # ------------------------------------------------------------------ # 4. 删除 # ------------------------------------------------------------------ @inbound_product_bp.route('/', methods=['DELETE']) @permission_required('inbound_product:operation') def delete(id): try: ProductInboundService.delete_inbound(id) return jsonify({"code": 200, "msg": "删除成功"}) except Exception as e: traceback.print_exc() return jsonify({"code": 500, "msg": str(e)}), 500 # ------------------------------------------------------------------ # 5. 获取出库历史 # ------------------------------------------------------------------ @inbound_product_bp.route('//history', methods=['GET']) @permission_required('inbound_product') def get_history(id): try: data = ProductInboundService.get_outbound_history(id) return jsonify({"code": 200, "msg": "success", "data": data}) except Exception as e: traceback.print_exc() return jsonify({"code": 500, "msg": str(e)}), 500 # ------------------------------------------------------------------ # 6. 系统用户建议 # ------------------------------------------------------------------ @inbound_product_bp.route('/suggestions/users', methods=['GET']) @permission_required('inbound_product') def get_user_suggestions(): keyword = request.args.get('keyword', '') data = ProductInboundService.search_system_users(keyword) return jsonify({"code": 200, "msg": "success", "data": data}) # ------------------------------------------------------------------ # 7. 获取筛选选项 # ------------------------------------------------------------------ @inbound_product_bp.route('/options', methods=['GET']) @permission_required('inbound_product') def get_options(): try: data = ProductInboundService.get_filter_options() return jsonify({"code": 200, "msg": "success", "data": data}) except Exception as e: return jsonify({"code": 500, "msg": str(e)}), 500