From 04b1df2130e1b24039534f49857e3900b5a14726 Mon Sep 17 00:00:00 2001 From: Viajero-tect <2737079298@qq.com> Date: Sat, 15 Nov 2025 20:21:25 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E2=80=9C=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E7=AE=A1=E7=90=86=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- db.sqlite3 | Bin 131072 -> 131072 bytes elastic/es_connect.py | 34 +++++++++ elastic/templates/elastic/users.html | 6 +- elastic/urls.py | 2 + elastic/views.py | 110 +++++++++++++++++++++++---- main/templates/main/home.html | 3 + 6 files changed, 139 insertions(+), 16 deletions(-) diff --git a/db.sqlite3 b/db.sqlite3 index bc4f13bb739d39318150c925877d177a9add6522..fb0e91432c6bfa8855172ad5addc19209f94e061 100644 GIT binary patch delta 652 zcmaiy&5qJg7>2165|VMI7obrlnOQP9=K$p=ZYl#a{bO37rLd_`aA-ND1xo4ZLLhSi z>X3;`cW#N9L~h27m*Gk=#)XN7<(D^a-aJpflqFJuru#gae zur{?th3(2wc~ouS4pGavN+jc2?eU7Bx;~LIGf^_+XkHrErI3$IEJgs!cHR)9;jk>Y zWYXij1p-omCnOUPU6;v7ac$c~5pbZ7+pNZgLlb*W3u|L_0u_nCeuJItMv) z2(nBpMp3^MtjC+=Vn639vop4u?={vZJT#F;bcBbT?S^9M_uX|We!I>w9BzB9riV=@ zZ|$;qTj%{wTdzi)W?{A~%wH>iILGDyNS3EGomxd}=;AB@le*9yFfAqwbnQZ}*@3Sr zYFcgmixWZy6u?^i_~r4}*dzKbM&Hp}di!t!40`Qs&dyE`Bx>IS#BaBo?RG5NJ7B5*FULQ8`$0Yb2_PoYQvd(} delta 481 zcmZ|KyH3JT0LJlFFkw*p02;-C5!2IhXdy1hwHE@|8@OPLA_y&Tia=QeeE=_zIO^m| z42gXcCl?>XNyWrTO}_p6{YN9;Xym(I$1^t@aXj;M_;}@;VuZLhU458u`)^l$W68Um zy@0VvXXZcOIp!UtHc(E=4tc2pL^(v~9X2A$P0dm4c3PJevpPY826q^iWB`d_*vrD+CY_-L zZ4xwWNZS>|K7$S-$MCCc?0lC^y7#-XVX3x}A%6^TuP$VD#!~WOZpa}g45eJ!G8+k_ zRM(QlCW1;*0X)(=t-lB?U}=h(i1*Jcx7ZS4VuVS!ggf6R%f!T-1p>q?7Wi9c&^`U+ fXn-u_xpZf)JHy{|;8&e@(-Xu0fA-$Jec)T4y!e%t diff --git a/elastic/es_connect.py b/elastic/es_connect.py index a8fce2c..46c2575 100644 --- a/elastic/es_connect.py +++ b/elastic/es_connect.py @@ -531,3 +531,37 @@ def update_user_permission(username, new_permission): except Exception as e: print(f"更新用户权限失败: {str(e)}") return False + +def delete_user_by_id(user_id): + try: + search = UserDocument.search() + search = search.query("term", user_id=int(user_id)) + response = search.execute() + if response.hits: + user = response.hits[0] + user.delete() + return True + return False + except Exception as e: + print(f"删除用户失败: {str(e)}") + return False + +def update_user_by_id(user_id, username=None, permission=None, password=None): + try: + search = UserDocument.search() + search = search.query("term", user_id=int(user_id)) + response = search.execute() + if response.hits: + user = response.hits[0] + if username is not None: + user.username = username + if permission is not None: + user.permission = int(permission) + if password is not None: + user.password = password + user.save() + return True + return False + except Exception as e: + print(f"更新用户失败: {str(e)}") + return False diff --git a/elastic/templates/elastic/users.html b/elastic/templates/elastic/users.html index ea2008c..406dc68 100644 --- a/elastic/templates/elastic/users.html +++ b/elastic/templates/elastic/users.html @@ -322,8 +322,8 @@
@@ -408,7 +408,7 @@ const row = document.createElement('tr'); // 根据权限值显示权限名称 - const permissionText = user.permission === 1 ? '管理员' : '普通用户'; + const permissionText = user.permission === 0 ? '管理员' : '普通用户'; row.innerHTML = ` ${user.user_id} diff --git a/elastic/urls.py b/elastic/urls.py index d5aa741..39ae962 100644 --- a/elastic/urls.py +++ b/elastic/urls.py @@ -24,6 +24,8 @@ urlpatterns = [ path('users/add/', views.add_user, name='add_user'), path('users//delete/', views.delete_user, name='delete_user'), path('users//update/', views.update_user, name='update_user'), + path('users//delete/', views.delete_user_by_id_view, name='delete_user_by_id'), + path('users//update/', views.update_user_by_id_view, name='update_user_by_id'), # 图片上传与确认 path('upload-page/', views.upload_page, name='upload_page'), diff --git a/elastic/views.py b/elastic/views.py index 92678f5..19db34c 100644 --- a/elastic/views.py +++ b/elastic/views.py @@ -11,7 +11,7 @@ from django.http import JsonResponse from django.shortcuts import render from django.views.decorators.http import require_http_methods from django.views.decorators.csrf import ensure_csrf_cookie -from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie +from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie, csrf_protect from .es_connect import * from openai import OpenAI from PIL import Image @@ -184,25 +184,53 @@ def get_data(request, doc_id): @require_http_methods(["POST"]) -@csrf_exempt +@csrf_protect def add_user(request): - """添加用户""" + if request.session.get("user_id") is None: + return JsonResponse({"status": "error", "message": "未登录"}, status=401) + if request.session.get("permission", 1) != 0: + return JsonResponse({"status": "error", "message": "无权限"}, status=403) try: - data = json.loads(request.body.decode('utf-8')) - success = write_user_data(data) - if success: - return JsonResponse({"status": "success", "message": "用户添加成功"}) - else: - return JsonResponse({"status": "error", "message": "用户添加失败"}, status=500) - except Exception as e: - return JsonResponse({"status": "error", "message": str(e)}, status=500) + payload = json.loads(request.body.decode("utf-8")) + except Exception: + return JsonResponse({"status": "error", "message": "JSON无效"}, status=400) + username = (payload.get("username") or "").strip() + password = (payload.get("password") or "").strip() + try: + permission = int(payload.get("permission", 1)) + except Exception: + permission = 1 + if not username: + return JsonResponse({"status": "error", "message": "用户名不能为空"}, status=400) + if password and len(password) < 6: + return JsonResponse({"status": "error", "message": "密码长度至少为6位"}, status=400) + existing = get_user_by_username(username) + if existing: + return JsonResponse({"status": "error", "message": "用户名已存在"}, status=409) + users = get_all_users() + next_id = (max([int(u.get("user_id", 0)) for u in users]) + 1) if users else 1 + ok = write_user_data({ + "user_id": next_id, + "username": username, + "password": password, + "permission": permission, + }) + if not ok: + return JsonResponse({"status": "error", "message": "用户添加失败"}, status=500) + return JsonResponse({"status": "success", "message": "用户添加成功"}) @require_http_methods(["GET"]) def get_users(request): - """获取所有用户""" + if request.session.get("user_id") is None: + return JsonResponse({"status": "error", "message": "未登录"}, status=401) + if request.session.get("permission", 1) != 0: + return JsonResponse({"status": "error", "message": "无权限"}, status=403) try: + q = (request.GET.get("search") or "").strip() users = get_all_users() + if q: + users = [u for u in users if q in str(u.get("username", ""))] return JsonResponse({"status": "success", "data": users}) except Exception as e: return JsonResponse({"status": "error", "message": str(e)}, status=500) @@ -228,7 +256,7 @@ def update_user(request, username): """更新用户权限""" try: data = json.loads(request.body.decode('utf-8')) - new_permission = data.get('permission', 1) + new_permission = int(data.get('permission', 1)) success = update_user_permission(username, new_permission) if success: return JsonResponse({"status": "success", "message": "用户权限更新成功"}) @@ -237,6 +265,48 @@ def update_user(request, username): except Exception as e: return JsonResponse({"status": "error", "message": str(e)}, status=500) +@require_http_methods(["POST"]) +@csrf_protect +def update_user_by_id_view(request, user_id): + if request.session.get("user_id") is None: + return JsonResponse({"status": "error", "message": "未登录"}, status=401) + if request.session.get("permission", 1) != 0: + return JsonResponse({"status": "error", "message": "无权限"}, status=403) + try: + payload = json.loads(request.body.decode("utf-8")) + except Exception: + return JsonResponse({"status": "error", "message": "JSON无效"}, status=400) + new_username = (payload.get("username") or "").strip() + new_permission = payload.get("permission") + new_password = (payload.get("password") or "").strip() + if new_username: + other = get_user_by_username(new_username) + if other and int(other.get("user_id", -1)) != int(user_id): + return JsonResponse({"status": "error", "message": "用户名已存在"}, status=409) + if new_password and len(new_password) < 6: + return JsonResponse({"status": "error", "message": "密码长度至少为6位"}, status=400) + ok = update_user_by_id( + user_id, + username=new_username if new_username else None, + permission=int(new_permission) if new_permission is not None else None, + password=new_password if new_password else None, + ) + if not ok: + return JsonResponse({"status": "error", "message": "用户更新失败"}, status=500) + return JsonResponse({"status": "success", "message": "用户更新成功"}) + +@require_http_methods(["POST"]) +@csrf_protect +def delete_user_by_id_view(request, user_id): + if request.session.get("user_id") is None: + return JsonResponse({"status": "error", "message": "未登录"}, status=401) + if request.session.get("permission", 1) != 0: + return JsonResponse({"status": "error", "message": "无权限"}, status=403) + ok = delete_user_by_id(user_id) + if not ok: + return JsonResponse({"status": "error", "message": "用户删除失败"}, status=500) + return JsonResponse({"status": "success", "message": "用户删除成功"}) + # 辅助:JSON 转换(兼容 a.py 行为) def json_to_string(obj): @@ -466,3 +536,17 @@ def manage_page(request): user_id_qs = request.GET.get("user_id") context = {"items": results, "user_id": user_id_qs or session_user_id} return render(request, "elastic/manage.html", context) + +@require_http_methods(["GET"]) +@ensure_csrf_cookie +def user_manage(request): + session_user_id = request.session.get("user_id") + if session_user_id is None: + from django.shortcuts import redirect + return redirect("/accounts/login/") + if request.session.get("permission", 1) != 0: + from django.shortcuts import redirect + return redirect("/main/home/") + user_id_qs = request.GET.get("user_id") + context = {"user_id": user_id_qs or session_user_id} + return render(request, "elastic/users.html", context) diff --git a/main/templates/main/home.html b/main/templates/main/home.html index 83ba9bc..6bef3af 100644 --- a/main/templates/main/home.html +++ b/main/templates/main/home.html @@ -141,6 +141,9 @@ 主页 图片上传与识别 数据管理 + {% if is_admin %} + 用户管理 + {% endif %}
{% csrf_token %}