页面(

2026-03-12 19:00:36 +08:00
parent 1163110810
commit 109c06e1d9
6 changed files with 72 additions and 28 deletions
--- a/elastic/es_connect.py
+++ b/elastic/es_connect.py
@@ -793,25 +793,6 @@ def write_user_data(user_data):
        print(f"用户数据写入失败: {str(e)}")
        return False

-def get_user_by_id(user_id):
-    try:
-        search = UserDocument.search()
-        search = search.query("term", user_id=user_id)
-        response = search.execute()
-
-        if response.hits:
-            hit = response.hits[0]
-            return {
-                "user_id": hit.user_id,
-                "username": hit.username,
-                "permission": hit.permission
-            }
-        return None
-
-    except Exception as e:
-        print(f"获取用户数据失败: {str(e)}")
-        return None
-
 def get_user_by_username(username):
    """
    根据用户名获取用户数据
--- a/elastic/templates/elastic/manage.html
+++ b/elastic/templates/elastic/manage.html
@@ -307,7 +307,7 @@ function renderTable(data) {

  if (!data || data.length === 0) {
    const row = document.createElement('tr');
-    row.innerHTML = '<td colspan="5" style="text-align: center; color: #999;">暂无数据</td>';
+    row.innerHTML = '<td colspan="4" style="text-align: center; color: #999;">暂无数据</td>';
    tableBody.appendChild(row);
    return;
  }
@@ -335,7 +335,16 @@ function renderTable(data) {
        </table>
      `;
    } catch (e) {
-      displayData = `<pre style="white-space:pre-wrap; word-wrap:break-word; max-height: 100px; overflow-y: auto; font-size: 12px; margin: 0;">${escapeHtml(displayData)}</pre>`;
+      displayData = `
+        <table class="inner-table">
+          <tbody>
+            <tr>
+              <td>原始数据</td>
+              <td>${escapeHtml(displayData)}</td>
+            </tr>
+          </tbody>
+        </table>
+      `;
    }

    row.innerHTML = `
--- a/elastic/views.py
+++ b/elastic/views.py
@@ -23,6 +23,36 @@ from .es_connect import (
 from PIL import Image


+def _filter_results_for_user(request, results):
+    session_user_id = request.session.get("user_id")
+    if session_user_id is None:
+        return []
+        
+    me = get_user_by_id(session_user_id) or {}
+    is_admin = int(request.session.get("permission", 1)) == 0
+    
+    if is_admin:
+        return results
+        
+    uid = str(session_user_id)
+    manage_keys = me.get("manage_key", []) or []
+    
+    filtered = []
+    for r in results:
+        # 1. 自己的提交
+        if str(r.get("writer_id", "")) == uid:
+            filtered.append(r)
+            continue
+        
+        # 2. 管理的提交
+        if manage_keys:
+            r_data = str(r.get("data", ""))
+            for mk in manage_keys:
+                if mk and str(mk) in r_data:
+                    filtered.append(r)
+                    break
+    return filtered
+
 def _image_ref_to_url(request, image_ref: str) -> str:
    s = str(image_ref or '').strip()
    if not s:
@@ -132,6 +162,7 @@ def search(request):
            return JsonResponse({"status": "error", "message": "搜索关键词不能为空"}, status=400)
        
        results = search_data(query)
+        results = _filter_results_for_user(request, results)
        data = _attach_writer_names(_attach_image_urls(request, results))
        return JsonResponse({"status": "success", "data": data})
    except Exception as e:
@@ -147,6 +178,7 @@ def fuzzy_search(request):
            return JsonResponse({"status": "error", "message": "搜索关键词不能为空"}, status=400)
        
        results = search_by_any_field(keyword)
+        results = _filter_results_for_user(request, results)
        data = _attach_writer_names(_attach_image_urls(request, results))
        return JsonResponse({"status": "success", "data": data})
    except Exception as e:
@@ -156,7 +188,13 @@ def fuzzy_search(request):
 def get_all_data(request):
    """获取所有数据"""
    try:
+        session_user_id = request.session.get("user_id")
+        if session_user_id is None:
+            return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+            
        results = search_all()
+        results = _filter_results_for_user(request, results)
+                            
        data = _attach_writer_names(_attach_image_urls(request, results))
        return JsonResponse({"status": "success", "data": data})
    except Exception as e:
@@ -694,7 +732,23 @@ def manage_page(request):
        raw_results = search_all()
    else:
        uid = str(session_user_id)
-        raw_results = [r for r in search_all() if str(r.get("writer_id", "")) == uid]
+        manage_keys = me.get("manage_key", []) or []
+        
+        all_data = search_all()
+        raw_results = []
+        for r in all_data:
+            # 1. 自己的提交
+            if str(r.get("writer_id", "")) == uid:
+                raw_results.append(r)
+                continue
+            
+            # 2. 管理的提交 (检查 data 中是否包含 manage_key)
+            if manage_keys:
+                r_data = str(r.get("data", ""))
+                for mk in manage_keys:
+                    if mk and str(mk) in r_data:
+                        raw_results.append(r)
+                        break

    results = []
    for r in raw_results: