18351212e8
- 问题从文件系统迁移到数据库 problems 表 - 移除 PROBLEMS_DIR 配置和文件读取逻辑 - student.html 完整重写:编辑/添加/删除问题,生成方案进度显示 - 学员详情页支持独立URL访问 (/student/<id>) - 统一侧边栏到 base.html - 更新文档:DEPLOYMENT_SOP, MODELS, STRUCTURE, FRONTEND_ARCH - 部署到生产环境 v1.2.0
141 lines
4.3 KiB
Python
141 lines
4.3 KiB
Python
# 用户管理路由
|
|
|
|
from flask import request, jsonify, render_template, session
|
|
from app.routes import main_bp
|
|
from app.models import db, User
|
|
from app.routes.auth import login_required_json, admin_required
|
|
|
|
|
|
@main_bp.route("/users")
|
|
@admin_required
|
|
def users_page():
|
|
"""用户管理页面"""
|
|
return render_template("users.html", active_nav="users")
|
|
|
|
|
|
@main_bp.route("/api/users", methods=["GET"])
|
|
@admin_required
|
|
def api_users_list():
|
|
"""用户列表"""
|
|
users = User.query.order_by(User.created_at.desc()).all()
|
|
return jsonify([u.to_dict() for u in users])
|
|
|
|
|
|
@main_bp.route("/api/users", methods=["POST"])
|
|
@admin_required
|
|
def api_users_create():
|
|
"""新增用户"""
|
|
data = request.get_json()
|
|
username = data.get("username", "").strip()
|
|
password = data.get("password", "")
|
|
role = data.get("role", "user")
|
|
|
|
if not username or not password:
|
|
return jsonify({"error": "请输入用户名和密码"}), 400
|
|
|
|
if User.query.filter_by(username=username).first():
|
|
return jsonify({"error": "用户名已存在"}), 400
|
|
|
|
if role not in ["admin", "user"]:
|
|
return jsonify({"error": "无效的角色"}), 400
|
|
|
|
try:
|
|
user = User(username=username, role=role)
|
|
user.set_password(password)
|
|
db.session.add(user)
|
|
db.session.commit()
|
|
return jsonify(user.to_dict())
|
|
except ValueError as e:
|
|
return jsonify({"error": str(e)}), 400
|
|
except Exception as e:
|
|
db.session.rollback()
|
|
return jsonify({"error": "创建失败: " + str(e)}), 500
|
|
|
|
|
|
@main_bp.route("/api/users/<int:user_id>", methods=["PUT"])
|
|
@admin_required
|
|
def api_users_update(user_id):
|
|
"""编辑用户(仅管理员可改角色)"""
|
|
user = User.query.get_or_404(user_id)
|
|
data = request.get_json()
|
|
|
|
if "role" in data:
|
|
if data["role"] in ["admin", "user"]:
|
|
user.role = data["role"]
|
|
|
|
try:
|
|
db.session.commit()
|
|
return jsonify(user.to_dict())
|
|
except Exception as e:
|
|
db.session.rollback()
|
|
return jsonify({"error": "更新失败: " + str(e)}), 500
|
|
|
|
|
|
@main_bp.route("/api/users/<int:user_id>", methods=["DELETE"])
|
|
@admin_required
|
|
def api_users_delete(user_id):
|
|
"""删除用户"""
|
|
if user_id == session.get("user_id"):
|
|
return jsonify({"error": "不能删除自己"}), 400
|
|
|
|
user = User.query.get_or_404(user_id)
|
|
try:
|
|
db.session.delete(user)
|
|
db.session.commit()
|
|
return jsonify({"message": "删除成功"})
|
|
except Exception as e:
|
|
db.session.rollback()
|
|
return jsonify({"error": "删除失败: " + str(e)}), 500
|
|
|
|
|
|
@main_bp.route("/api/users/<int:user_id>/reset-password", methods=["POST"])
|
|
@admin_required
|
|
def api_users_reset_password(user_id):
|
|
"""重置用户密码(管理员无需知道原密码)"""
|
|
user = User.query.get_or_404(user_id)
|
|
data = request.get_json()
|
|
new_password = data.get("new_password", "")
|
|
|
|
if not new_password:
|
|
return jsonify({"error": "请输入新密码"}), 400
|
|
|
|
try:
|
|
user.set_password(new_password)
|
|
db.session.commit()
|
|
return jsonify({"message": "密码重置成功"})
|
|
except ValueError as e:
|
|
return jsonify({"error": str(e)}), 400
|
|
except Exception as e:
|
|
db.session.rollback()
|
|
return jsonify({"error": "重置失败: " + str(e)}), 500
|
|
|
|
|
|
@main_bp.route("/api/users/change-password", methods=["POST"])
|
|
@login_required_json
|
|
def api_users_change_password():
|
|
"""修改当前用户密码"""
|
|
user = User.query.get(session.get("user_id"))
|
|
data = request.get_json()
|
|
old_password = data.get("old_password", "")
|
|
new_password = data.get("new_password", "")
|
|
confirm_password = data.get("confirm_password", "")
|
|
|
|
if not old_password or not new_password:
|
|
return jsonify({"error": "请填写完整"}), 400
|
|
|
|
if not user.check_password(old_password):
|
|
return jsonify({"error": "原密码错误"}), 400
|
|
|
|
if new_password != confirm_password:
|
|
return jsonify({"error": "两次密码输入不一致"}), 400
|
|
|
|
try:
|
|
user.set_password(new_password)
|
|
db.session.commit()
|
|
return jsonify({"message": "密码修改成功"})
|
|
except ValueError as e:
|
|
return jsonify({"error": str(e)}), 400
|
|
except Exception as e:
|
|
db.session.rollback()
|
|
return jsonify({"error": "修改失败: " + str(e)}), 500
|