diff --git a/inventory/tests/test_views.py b/inventory/tests/test_views.py
index b115508..50e1be2 100644
--- a/inventory/tests/test_views.py
+++ b/inventory/tests/test_views.py
@@ -62,7 +62,7 @@ class ViewTestCase(TestCase):
         # 创建会员等级
         self.member_level = MemberLevel.objects.create(
             name='普通会员',
-            discount=95,  # 95%
+            discount=Decimal('0.95'),  # 95%
             points_threshold=0,
             color='#FF5733'
         )
@@ -165,6 +165,34 @@ class InventoryViewTest(ViewTestCase):
         self.inventory.refresh_from_db()
         self.assertEqual(self.inventory.quantity, 150)  # 100 + 50
 
+
+class MemberApiViewTest(ViewTestCase):
+    """测试会员相关 API 视图"""
+
+    def test_member_search_requires_login(self):
+        """未登录用户不能通过手机号查询会员隐私信息"""
+        url = reverse('member_search_by_phone', args=[self.member.phone])
+
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 302)
+        self.assertIn('/accounts/login/', response['Location'])
+        self.assertIn('next=', response['Location'])
+
+    def test_member_search_returns_data_for_authenticated_user(self):
+        """登录用户仍可使用会员搜索 API"""
+        self.client.login(username='testuser', password='12345')
+        url = reverse('member_search_by_phone', args=[self.member.phone])
+
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertTrue(data['success'])
+        self.assertEqual(data['member_id'], self.member.id)
+        self.assertEqual(data['member_phone'], self.member.phone)
+
+
 class SaleViewTest(ViewTestCase):
     """测试销售相关视图"""
     
diff --git a/inventory/views/member.py b/inventory/views/member.py
index 2fa975b..e7d9448 100644
--- a/inventory/views/member.py
+++ b/inventory/views/member.py
@@ -22,6 +22,7 @@ import uuid
 from datetime import datetime, timedelta
 
 
+@login_required
 def member_search_by_phone(request, phone):
     """
     根据手机号搜索会员的API