duxingchen/KCGL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

进入界面的调整

Browse Source
This commit is contained in:
dxc
2026-02-04 15:55:20 +08:00
parent c1c525b699
commit 596f366fc4
5 changed files with 170 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
inventory-backend/app/api/v1/auth.py
View File

@ -16,7 +16,6 @@ def login():
if not data.get('username') or not data.get('password'):
return jsonify({'msg': '请输入用户名和密码'}), 400
# 调用 Service 层逻辑
result = AuthService.login(data)
response_data = {
@ -24,15 +23,11 @@ def login():
'access_token': result.get('access_token'),
'user': result.get('user')
}
return jsonify(response_data), 200
except ValueError as ve:
# [修改] 捕获业务逻辑错误(如密码错误、用户不存在),返回 401 Unauthorized
return jsonify({'msg': str(ve)}), 401
except Exception as e:
# [修改] 捕获系统级错误(如数据库连接失败),返回 500 Internal Server Error
current_app.logger.error(f"Login Failed Error: {str(e)}")
return jsonify({'msg': f'服务器内部错误: {str(e)}'}), 500
@ -53,12 +48,27 @@ def create_user():
return jsonify({'msg': str(e)}), 400
# [新增] 获取用户列表
# [新增] 更新用户
@auth_bp.route('/user/<int:user_id>', methods=['PUT'])
@jwt_required()
def update_user(user_id):
try:
data = request.get_json()
claims = get_jwt()
operator_role = claims.get('role')
result = AuthService.update_user(user_id, data, operator_role)
return jsonify({'msg': '用户更新成功', 'data': result}), 200
except Exception as e:
current_app.logger.error(f"User Update Failed: {str(e)}")
return jsonify({'msg': str(e)}), 400
@auth_bp.route('/users', methods=['GET'])
@jwt_required()
def get_users():
try:
# 这里可以添加分页逻辑,目前先返回所有
users = AuthService.get_all_users()
return jsonify({'msg': '获取成功', 'data': users}), 200
except Exception as e:
@ -66,7 +76,6 @@ def get_users():
return jsonify({'msg': '获取用户列表失败'}), 500
# [新增] 删除用户
@auth_bp.route('/user/<int:user_id>', methods=['DELETE'])
@jwt_required()
def delete_user(user_id):

47
inventory-backend/app/services/auth_service.py
View File

@ -30,14 +30,12 @@ class AuthService:
'department': 'System'
}
else:
# [修改] 使用 ValueError 表示认证失败
raise ValueError("密码错误")
# 2. 如果不是 IRIS检查数据库用户
else:
user = SysUser.query.filter_by(username=username).first()
# [修改] 分开判断,逻辑更清晰,且使用 ValueError
if not user:
raise ValueError("用户不存在")
@ -67,21 +65,17 @@ class AuthService:
"""
创建新用户 (仅限管理员使用)
"""
# 简单权限控制:只有超级管理员或主管可以创建用户
if operator_role not in [UserRole.SUPER_ADMIN, UserRole.SUPERVISOR]:
raise Exception("权限不足:只有超级管理员或主管可以创建新用户")
# 检查重名
if SysUser.query.filter_by(username=data.get('username')).first():
raise Exception("用户名已存在")
# 默认角色处理
role = data.get('role')
valid_roles = [v for k, v in UserRole.__dict__.items() if not k.startswith('__')]
if role not in valid_roles:
raise Exception(f"角色无效,可选角色: {valid_roles}")
# 处理 Email 为空的情况
email = data.get('email', '')
if email and SysUser.query.filter_by(email=email).first():
raise Exception("邮箱已被使用")
@ -100,6 +94,47 @@ class AuthService:
return new_user.to_dict()
@staticmethod
def update_user(user_id, data, operator_role):
"""
[新增] 更新用户信息
"""
if operator_role not in [UserRole.SUPER_ADMIN, UserRole.SUPERVISOR]:
raise Exception("权限不足:只有超级管理员或主管可以修改用户信息")
user = SysUser.query.get(user_id)
if not user:
raise Exception("用户不存在")
# 1. 更新基本信息
if 'role' in data:
valid_roles = [v for k, v in UserRole.__dict__.items() if not k.startswith('__')]
if data['role'] not in valid_roles:
raise Exception(f"角色无效")
user.role = data['role']
if 'department' in data:
user.department = data['department']
if 'email' in data:
# 如果修改了邮箱,且新邮箱已被其他人使用
email = data['email']
if email and email != user.email:
existing = SysUser.query.filter_by(email=email).first()
if existing:
raise Exception("该邮箱已被其他用户使用")
user.email = email
# 2. 如果提供了密码,则重置密码;否则保持原密码
new_password = data.get('password')
if new_password and str(new_password).strip():
if len(new_password) < 6:
raise Exception("密码长度至少6位")
user.set_password(new_password)
db.session.commit()
return user.to_dict()
@staticmethod
def get_all_users():
"""获取所有系统用户"""