新增“用户管理”

2025-11-15 20:21:25 +08:00
parent 0f1cfdd803
commit 04b1df2130
6 changed files with 139 additions and 16 deletions
--- a/elastic/views.py
+++ b/elastic/views.py
@@ -11,7 +11,7 @@ from django.http import JsonResponse
 from django.shortcuts import render
 from django.views.decorators.http import require_http_methods
 from django.views.decorators.csrf import ensure_csrf_cookie
-from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
+from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie, csrf_protect
 from .es_connect import *
 from openai import OpenAI
 from PIL import Image
@@ -184,25 +184,53 @@ def get_data(request, doc_id):


@require_http_methods(["POST"])
-@csrf_exempt
+@csrf_protect
 def add_user(request):
-    """添加用户"""
+    if request.session.get("user_id") is None:
+        return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+    if request.session.get("permission", 1) != 0:
+        return JsonResponse({"status": "error", "message": "无权限"}, status=403)
    try:
-        data = json.loads(request.body.decode('utf-8'))
-        success = write_user_data(data)
-        if success:
-            return JsonResponse({"status": "success", "message": "用户添加成功"})
-        else:
-            return JsonResponse({"status": "error", "message": "用户添加失败"}, status=500)
-    except Exception as e:
-        return JsonResponse({"status": "error", "message": str(e)}, status=500)
+        payload = json.loads(request.body.decode("utf-8"))
+    except Exception:
+        return JsonResponse({"status": "error", "message": "JSON无效"}, status=400)
+    username = (payload.get("username") or "").strip()
+    password = (payload.get("password") or "").strip()
+    try:
+        permission = int(payload.get("permission", 1))
+    except Exception:
+        permission = 1
+    if not username:
+        return JsonResponse({"status": "error", "message": "用户名不能为空"}, status=400)
+    if password and len(password) < 6:
+        return JsonResponse({"status": "error", "message": "密码长度至少为6位"}, status=400)
+    existing = get_user_by_username(username)
+    if existing:
+        return JsonResponse({"status": "error", "message": "用户名已存在"}, status=409)
+    users = get_all_users()
+    next_id = (max([int(u.get("user_id", 0)) for u in users]) + 1) if users else 1
+    ok = write_user_data({
+        "user_id": next_id,
+        "username": username,
+        "password": password,
+        "permission": permission,
+    })
+    if not ok:
+        return JsonResponse({"status": "error", "message": "用户添加失败"}, status=500)
+    return JsonResponse({"status": "success", "message": "用户添加成功"})


@require_http_methods(["GET"])
 def get_users(request):
-    """获取所有用户"""
+    if request.session.get("user_id") is None:
+        return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+    if request.session.get("permission", 1) != 0:
+        return JsonResponse({"status": "error", "message": "无权限"}, status=403)
    try:
+        q = (request.GET.get("search") or "").strip()
        users = get_all_users()
+        if q:
+            users = [u for u in users if q in str(u.get("username", ""))]
        return JsonResponse({"status": "success", "data": users})
    except Exception as e:
        return JsonResponse({"status": "error", "message": str(e)}, status=500)
@@ -228,7 +256,7 @@ def update_user(request, username):
    """更新用户权限"""
    try:
        data = json.loads(request.body.decode('utf-8'))
-        new_permission = data.get('permission', 1)
+        new_permission = int(data.get('permission', 1))
        success = update_user_permission(username, new_permission)
        if success:
            return JsonResponse({"status": "success", "message": "用户权限更新成功"})
@@ -237,6 +265,48 @@ def update_user(request, username):
    except Exception as e:
        return JsonResponse({"status": "error", "message": str(e)}, status=500)

+@require_http_methods(["POST"])
+@csrf_protect
+def update_user_by_id_view(request, user_id):
+    if request.session.get("user_id") is None:
+        return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+    if request.session.get("permission", 1) != 0:
+        return JsonResponse({"status": "error", "message": "无权限"}, status=403)
+    try:
+        payload = json.loads(request.body.decode("utf-8"))
+    except Exception:
+        return JsonResponse({"status": "error", "message": "JSON无效"}, status=400)
+    new_username = (payload.get("username") or "").strip()
+    new_permission = payload.get("permission")
+    new_password = (payload.get("password") or "").strip()
+    if new_username:
+        other = get_user_by_username(new_username)
+        if other and int(other.get("user_id", -1)) != int(user_id):
+            return JsonResponse({"status": "error", "message": "用户名已存在"}, status=409)
+    if new_password and len(new_password) < 6:
+        return JsonResponse({"status": "error", "message": "密码长度至少为6位"}, status=400)
+    ok = update_user_by_id(
+        user_id,
+        username=new_username if new_username else None,
+        permission=int(new_permission) if new_permission is not None else None,
+        password=new_password if new_password else None,
+    )
+    if not ok:
+        return JsonResponse({"status": "error", "message": "用户更新失败"}, status=500)
+    return JsonResponse({"status": "success", "message": "用户更新成功"})
+
+@require_http_methods(["POST"])
+@csrf_protect
+def delete_user_by_id_view(request, user_id):
+    if request.session.get("user_id") is None:
+        return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+    if request.session.get("permission", 1) != 0:
+        return JsonResponse({"status": "error", "message": "无权限"}, status=403)
+    ok = delete_user_by_id(user_id)
+    if not ok:
+        return JsonResponse({"status": "error", "message": "用户删除失败"}, status=500)
+    return JsonResponse({"status": "success", "message": "用户删除成功"})
+

 # 辅助：JSON 转换（兼容 a.py 行为）
 def json_to_string(obj):
@@ -466,3 +536,17 @@ def manage_page(request):
    user_id_qs = request.GET.get("user_id")
    context = {"items": results, "user_id": user_id_qs or session_user_id}
    return render(request, "elastic/manage.html", context)
+
+@require_http_methods(["GET"])
+@ensure_csrf_cookie
+def user_manage(request):
+    session_user_id = request.session.get("user_id")
+    if session_user_id is None:
+        from django.shortcuts import redirect
+        return redirect("/accounts/login/")
+    if request.session.get("permission", 1) != 0:
+        from django.shortcuts import redirect
+        return redirect("/main/home/")
+    user_id_qs = request.GET.get("user_id")
+    context = {"user_id": user_id_qs or session_user_id}
+    return render(request, "elastic/users.html", context)