Files
piano-plan/app/routes/users.py
T

146 lines
4.5 KiB
Python

# 用户管理路由
from flask import request, jsonify, render_template, session
from app.routes import main_bp
from app.models import db, User
from app.routes.auth import login_required_json, admin_required
@main_bp.route("/users")
@admin_required
def users_page():
"""用户管理页面"""
return render_template("users.html", active_nav="users")
@main_bp.route("/api/users", methods=["GET"])
@admin_required
def api_users_list():
"""用户列表"""
users = User.query.order_by(User.created_at.desc()).all()
return jsonify([u.to_dict() for u in users])
@main_bp.route("/api/users", methods=["POST"])
@admin_required
def api_users_create():
"""新增用户"""
data = request.get_json()
username = data.get("username", "").strip()
name = data.get("name", "").strip() or None
password = data.get("password", "")
role = data.get("role", "user")
if not username:
return jsonify({"error": "请输入用户名"}), 400
if not password:
return jsonify({"error": "请输入密码"}), 400
if User.query.filter_by(username=username).first():
return jsonify({"error": "用户名已存在"}), 400
if role not in ["admin", "user"]:
return jsonify({"error": "无效的角色"}), 400
try:
user = User(username=username, name=name, role=role)
user.set_password(password)
db.session.add(user)
db.session.commit()
return jsonify(user.to_dict())
except ValueError as e:
return jsonify({"error": str(e)}), 400
except Exception as e:
db.session.rollback()
return jsonify({"error": "创建失败: " + str(e)}), 500
@main_bp.route("/api/users/<int:user_id>", methods=["PUT"])
@admin_required
def api_users_update(user_id):
"""编辑用户"""
user = User.query.get_or_404(user_id)
data = request.get_json()
if "role" in data:
if data["role"] in ["admin", "user"]:
user.role = data["role"]
if "name" in data:
user.name = data["name"].strip() or None
try:
db.session.commit()
return jsonify(user.to_dict())
except Exception as e:
db.session.rollback()
return jsonify({"error": "更新失败: " + str(e)}), 500
@main_bp.route("/api/users/<int:user_id>", methods=["DELETE"])
@admin_required
def api_users_delete(user_id):
"""删除用户"""
if user_id == session.get("user_id"):
return jsonify({"error": "不能删除自己"}), 400
user = User.query.get_or_404(user_id)
try:
db.session.delete(user)
db.session.commit()
return jsonify({"message": "删除成功"})
except Exception as e:
db.session.rollback()
return jsonify({"error": "删除失败: " + str(e)}), 500
@main_bp.route("/api/users/<int:user_id>/reset-password", methods=["POST"])
@admin_required
def api_users_reset_password(user_id):
"""重置用户密码(管理员无需知道原密码)"""
user = User.query.get_or_404(user_id)
data = request.get_json()
new_password = data.get("new_password", "")
if not new_password:
return jsonify({"error": "请输入新密码"}), 400
try:
user.set_password(new_password)
db.session.commit()
return jsonify({"message": "密码重置成功"})
except ValueError as e:
return jsonify({"error": str(e)}), 400
except Exception as e:
db.session.rollback()
return jsonify({"error": "重置失败: " + str(e)}), 500
@main_bp.route("/api/users/change-password", methods=["POST"])
@login_required_json
def api_users_change_password():
"""修改当前用户密码"""
user = User.query.get(session.get("user_id"))
data = request.get_json()
old_password = data.get("old_password", "")
new_password = data.get("new_password", "")
confirm_password = data.get("confirm_password", "")
if not old_password or not new_password:
return jsonify({"error": "请填写完整"}), 400
if not user.check_password(old_password):
return jsonify({"error": "原密码错误"}), 400
if new_password != confirm_password:
return jsonify({"error": "两次密码输入不一致"}), 400
try:
user.set_password(new_password)
db.session.commit()
return jsonify({"message": "密码修改成功"})
except ValueError as e:
return jsonify({"error": str(e)}), 400
except Exception as e:
db.session.rollback()
return jsonify({"error": "修改失败: " + str(e)}), 500