页面(

2026-03-12 19:00:36 +08:00
parent 1163110810
commit 109c06e1d9
6 changed files with 72 additions and 28 deletions
--- a/elastic/views.py
+++ b/elastic/views.py
@@ -23,6 +23,36 @@ from .es_connect import (
 from PIL import Image


+def _filter_results_for_user(request, results):
+    session_user_id = request.session.get("user_id")
+    if session_user_id is None:
+        return []
+        
+    me = get_user_by_id(session_user_id) or {}
+    is_admin = int(request.session.get("permission", 1)) == 0
+    
+    if is_admin:
+        return results
+        
+    uid = str(session_user_id)
+    manage_keys = me.get("manage_key", []) or []
+    
+    filtered = []
+    for r in results:
+        # 1. 自己的提交
+        if str(r.get("writer_id", "")) == uid:
+            filtered.append(r)
+            continue
+        
+        # 2. 管理的提交
+        if manage_keys:
+            r_data = str(r.get("data", ""))
+            for mk in manage_keys:
+                if mk and str(mk) in r_data:
+                    filtered.append(r)
+                    break
+    return filtered
+
 def _image_ref_to_url(request, image_ref: str) -> str:
    s = str(image_ref or '').strip()
    if not s:
@@ -132,6 +162,7 @@ def search(request):
            return JsonResponse({"status": "error", "message": "搜索关键词不能为空"}, status=400)
        
        results = search_data(query)
+        results = _filter_results_for_user(request, results)
        data = _attach_writer_names(_attach_image_urls(request, results))
        return JsonResponse({"status": "success", "data": data})
    except Exception as e:
@@ -147,6 +178,7 @@ def fuzzy_search(request):
            return JsonResponse({"status": "error", "message": "搜索关键词不能为空"}, status=400)
        
        results = search_by_any_field(keyword)
+        results = _filter_results_for_user(request, results)
        data = _attach_writer_names(_attach_image_urls(request, results))
        return JsonResponse({"status": "success", "data": data})
    except Exception as e:
@@ -156,7 +188,13 @@ def fuzzy_search(request):
 def get_all_data(request):
    """获取所有数据"""
    try:
+        session_user_id = request.session.get("user_id")
+        if session_user_id is None:
+            return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+            
        results = search_all()
+        results = _filter_results_for_user(request, results)
+                            
        data = _attach_writer_names(_attach_image_urls(request, results))
        return JsonResponse({"status": "success", "data": data})
    except Exception as e:
@@ -694,7 +732,23 @@ def manage_page(request):
        raw_results = search_all()
    else:
        uid = str(session_user_id)
-        raw_results = [r for r in search_all() if str(r.get("writer_id", "")) == uid]
+        manage_keys = me.get("manage_key", []) or []
+        
+        all_data = search_all()
+        raw_results = []
+        for r in all_data:
+            # 1. 自己的提交
+            if str(r.get("writer_id", "")) == uid:
+                raw_results.append(r)
+                continue
+            
+            # 2. 管理的提交 (检查 data 中是否包含 manage_key)
+            if manage_keys:
+                r_data = str(r.get("data", ""))
+                for mk in manage_keys:
+                    if mk and str(mk) in r_data:
+                        raw_results.append(r)
+                        break

    results = []
    for r in raw_results: