From 596f366fc470ad639c3c65376ca2cdaf642de2ad Mon Sep 17 00:00:00 2001 From: dxc Date: Wed, 4 Feb 2026 15:55:20 +0800 Subject: [PATCH] =?UTF-8?q?=E8=BF=9B=E5=85=A5=E7=95=8C=E9=9D=A2=E7=9A=84?= =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inventory-backend/app/api/v1/auth.py | 25 ++-- .../app/services/auth_service.py | 47 ++++++- inventory-web/src/api/auth.ts | 13 +- inventory-web/src/views/dashboard/index.vue | 6 +- inventory-web/src/views/system/UserCreate.vue | 131 +++++++++++++----- 5 files changed, 170 insertions(+), 52 deletions(-) diff --git a/inventory-backend/app/api/v1/auth.py b/inventory-backend/app/api/v1/auth.py index f3265ac..640c39d 100644 --- a/inventory-backend/app/api/v1/auth.py +++ b/inventory-backend/app/api/v1/auth.py @@ -16,7 +16,6 @@ def login(): if not data.get('username') or not data.get('password'): return jsonify({'msg': '请输入用户名和密码'}), 400 - # 调用 Service 层逻辑 result = AuthService.login(data) response_data = { @@ -24,15 +23,11 @@ def login(): 'access_token': result.get('access_token'), 'user': result.get('user') } - return jsonify(response_data), 200 except ValueError as ve: - # [修改] 捕获业务逻辑错误(如密码错误、用户不存在),返回 401 Unauthorized return jsonify({'msg': str(ve)}), 401 - except Exception as e: - # [修改] 捕获系统级错误(如数据库连接失败),返回 500 Internal Server Error current_app.logger.error(f"Login Failed Error: {str(e)}") return jsonify({'msg': f'服务器内部错误: {str(e)}'}), 500 @@ -53,12 +48,27 @@ def create_user(): return jsonify({'msg': str(e)}), 400 -# [新增] 获取用户列表 +# [新增] 更新用户 +@auth_bp.route('/user/', methods=['PUT']) +@jwt_required() +def update_user(user_id): + try: + data = request.get_json() + claims = get_jwt() + operator_role = claims.get('role') + + result = AuthService.update_user(user_id, data, operator_role) + return jsonify({'msg': '用户更新成功', 'data': result}), 200 + + except Exception as e: + current_app.logger.error(f"User Update Failed: {str(e)}") + return jsonify({'msg': str(e)}), 400 + + @auth_bp.route('/users', methods=['GET']) @jwt_required() def get_users(): try: - # 这里可以添加分页逻辑,目前先返回所有 users = AuthService.get_all_users() return jsonify({'msg': '获取成功', 'data': users}), 200 except Exception as e: @@ -66,7 +76,6 @@ def get_users(): return jsonify({'msg': '获取用户列表失败'}), 500 -# [新增] 删除用户 @auth_bp.route('/user/', methods=['DELETE']) @jwt_required() def delete_user(user_id): diff --git a/inventory-backend/app/services/auth_service.py b/inventory-backend/app/services/auth_service.py index 6c24f00..4dc8c31 100644 --- a/inventory-backend/app/services/auth_service.py +++ b/inventory-backend/app/services/auth_service.py @@ -30,14 +30,12 @@ class AuthService: 'department': 'System' } else: - # [修改] 使用 ValueError 表示认证失败 raise ValueError("密码错误") # 2. 如果不是 IRIS,检查数据库用户 else: user = SysUser.query.filter_by(username=username).first() - # [修改] 分开判断,逻辑更清晰,且使用 ValueError if not user: raise ValueError("用户不存在") @@ -67,21 +65,17 @@ class AuthService: """ 创建新用户 (仅限管理员使用) """ - # 简单权限控制:只有超级管理员或主管可以创建用户 if operator_role not in [UserRole.SUPER_ADMIN, UserRole.SUPERVISOR]: raise Exception("权限不足:只有超级管理员或主管可以创建新用户") - # 检查重名 if SysUser.query.filter_by(username=data.get('username')).first(): raise Exception("用户名已存在") - # 默认角色处理 role = data.get('role') valid_roles = [v for k, v in UserRole.__dict__.items() if not k.startswith('__')] if role not in valid_roles: raise Exception(f"角色无效,可选角色: {valid_roles}") - # 处理 Email 为空的情况 email = data.get('email', '') if email and SysUser.query.filter_by(email=email).first(): raise Exception("邮箱已被使用") @@ -100,6 +94,47 @@ class AuthService: return new_user.to_dict() + @staticmethod + def update_user(user_id, data, operator_role): + """ + [新增] 更新用户信息 + """ + if operator_role not in [UserRole.SUPER_ADMIN, UserRole.SUPERVISOR]: + raise Exception("权限不足:只有超级管理员或主管可以修改用户信息") + + user = SysUser.query.get(user_id) + if not user: + raise Exception("用户不存在") + + # 1. 更新基本信息 + if 'role' in data: + valid_roles = [v for k, v in UserRole.__dict__.items() if not k.startswith('__')] + if data['role'] not in valid_roles: + raise Exception(f"角色无效") + user.role = data['role'] + + if 'department' in data: + user.department = data['department'] + + if 'email' in data: + # 如果修改了邮箱,且新邮箱已被其他人使用 + email = data['email'] + if email and email != user.email: + existing = SysUser.query.filter_by(email=email).first() + if existing: + raise Exception("该邮箱已被其他用户使用") + user.email = email + + # 2. 如果提供了密码,则重置密码;否则保持原密码 + new_password = data.get('password') + if new_password and str(new_password).strip(): + if len(new_password) < 6: + raise Exception("密码长度至少6位") + user.set_password(new_password) + + db.session.commit() + return user.to_dict() + @staticmethod def get_all_users(): """获取所有系统用户""" diff --git a/inventory-web/src/api/auth.ts b/inventory-web/src/api/auth.ts index 32de91f..3da6fcb 100644 --- a/inventory-web/src/api/auth.ts +++ b/inventory-web/src/api/auth.ts @@ -18,6 +18,15 @@ export function createUser(data: any) { }) } +// [新增] 更新用户 +export function updateUser(id: number, data: any) { + return request({ + url: `/v1/auth/user/${id}`, + method: 'put', + data + }) +} + // 获取当前登录用户信息 export function getUserInfo() { return request({ @@ -26,7 +35,7 @@ export function getUserInfo() { }) } -// [新增] 获取所有用户列表 +// 获取所有用户列表 export function getUserList() { return request({ url: '/v1/auth/users', @@ -34,7 +43,7 @@ export function getUserList() { }) } -// [新增] 删除用户 +// 删除用户 export function deleteUser(id: number) { return request({ url: `/v1/auth/user/${id}`, diff --git a/inventory-web/src/views/dashboard/index.vue b/inventory-web/src/views/dashboard/index.vue index ed9200b..2aa9bad 100644 --- a/inventory-web/src/views/dashboard/index.vue +++ b/inventory-web/src/views/dashboard/index.vue @@ -3,7 +3,7 @@ @@ -35,10 +35,14 @@