更新v1.4版本，修复了一些已知问题

backend/middleware/permission.py

@@ -26,6 +26,7 @@ async def get_current_user(request: Request) -> Dict[str, Any]:
     return {
         "user_id": getattr(request.state, 'user_id', None),
         "username": getattr(request.state, 'username', None),
+        "real_name": getattr(request.state, 'real_name', None),
         "user_type": getattr(request.state, 'user_type', None),
         "student_id": getattr(request.state, 'student_id', None),
         "role": getattr(request.state, 'role', None)
@@ -124,19 +125,23 @@ class PermissionChecker:
     async def check_can_revoke(user_id: int, record_id: int) -> bool:
         """
         检查是否可以撤销扣分记录
-        班主任：可以撤销任何记录
-        班长：可以撤销任何记录
-        考勤委员：可以撤销自己的记录
-        其他：只能撤销自己的记录
+        班主任：可以撤销/反撤销任何记录
+        班长：可以撤销/反撤销任何记录
+        考勤委员：可以撤销自己创建的记录
+        其他角色：无撤销权限
         """
-        sql = "SELECT recorder_id FROM conduct_records WHERE record_id = %s"
-        record = await execute_one(sql, (record_id,))
+        record = await execute_one(
+            "SELECT record_id, recorder_id FROM conduct_records WHERE record_id = %s",
+            (record_id,)
+        )
         if not record:
             return False
         role = await PermissionChecker.get_user_role(user_id)
-        if role in ["班主任", "班长", "志愿委员"]:
+        if role in ["班主任", "班长"]:
             return True
-        return record["recorder_id"] == user_id
+        if role == "考勤委员" and record.get("recorder_id") == user_id:
+            return True
+        return False
 
 
 def require_auth(func: Callable):