Merge remote-tracking branch 'origin/Django' into Django

# Conflicts: # main/templates/main/home.html
2025-11-15 09:39:24 +08:00
parent 40317b47ec 98056b2515
commit 62ee8399e8
6 changed files with 687 additions and 270 deletions
--- a/elastic/views.py
+++ b/elastic/views.py
@@ -93,21 +93,32 @@ def analytics_overview(request):
@csrf_exempt
 def delete_data(request, doc_id):
    """删除数据（需登录；管理员或作者本人）"""
-    if not request.session.get("user_id"):
+    request_user=request.session.get("user_id")
+    # request_admin=request.session.get("permisssion")
+    if request_user is None:
        return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+
+
    try:
        existing = get_by_id(doc_id)
+        user_existing=get_user_by_id(request_user)
+
        if not existing:
            return JsonResponse({"status": "error", "message": "数据不存在"}, status=404)
-        is_admin = (request.session.get("permission", 1) == 0)
+
+        is_admin = (user_existing.get('permission') ) == 0
        is_owner = str(existing.get("writer_id", "")) == str(request.session.get("user_id"))
+
        if not (is_admin or is_owner):
            return JsonResponse({"status": "error", "message": "无权限"}, status=403)
        success = delete_by_id(doc_id)
+
        if success:
            return JsonResponse({"status": "success", "message": "数据删除成功"})
        else:
            return JsonResponse({"status": "error", "message": "数据删除失败"}, status=500)
+
+
    except Exception as e:
        return JsonResponse({"status": "error", "message": str(e)}, status=500)

@@ -116,18 +127,24 @@ def delete_data(request, doc_id):
@csrf_exempt
 def update_data(request, doc_id):
    """更新数据（需登录；管理员或作者本人）"""
-    # if not request.session.get("user_id"):
-    #     return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+    request_user = request.session.get("user_id")
+    if request_user is None:
+        return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+
    try:
        payload = json.loads(request.body.decode('utf-8'))
    except Exception:
        return JsonResponse({"status": "error", "message": "JSON无效"}, status=400)
    try:
        existing = get_by_id(doc_id)
+        user_existing = get_user_by_id(request_user)
+
        if not existing:
            return JsonResponse({"status": "error", "message": "数据不存在"}, status=404)
-        is_admin = (request.session.get("permission", 1) == 0)
+
+        is_admin = (user_existing.get('permission')) == 0
        is_owner = str(existing.get("writer_id", "")) == str(request.session.get("user_id"))
+
        if not (is_admin or is_owner):
            return JsonResponse({"status": "error", "message": "无权限"}, status=403)

@@ -315,14 +332,14 @@ def upload_page(request):
 # 上传并识别（不入库）
@require_http_methods(["POST"])
 def upload(request):
-    # if not request.session.get("user_id"):
-    #     fallback_uid = request.POST.get("user_id") or request.GET.get("user_id")
-    #     if fallback_uid:
-    #         request.session["user_id"] = fallback_uid
-    #         request.session.setdefault("permission", 1)
-    #     else:
-    #         return JsonResponse({"status": "error", "message": "未登录"}, status=401)
-    #
+    if request.session.get("user_id") is None:
+        fallback_uid = request.POST.get("user_id") or request.GET.get("user_id")
+        if fallback_uid:
+            request.session["user_id"] = fallback_uid
+            request.session.setdefault("permission", 1)
+        else:
+            return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+
    file = request.FILES.get("file")
    if not file:
        return JsonResponse({"status": "error", "message": "未选择文件"}, status=400)
@@ -357,18 +374,18 @@ def upload(request):
 # 确认并入库
@require_http_methods(["POST"])
 def confirm(request):
-    # if not request.session.get("user_id"):
-    #     # 允许从payload中带入user_id作为后备（便于前端已知用户时继续操作）
-    #     try:
-    #         payload_for_uid = json.loads(request.body.decode("utf-8"))
-    #     except Exception:
-    #         payload_for_uid = {}
-    #     fb_uid = (payload_for_uid or {}).get("user_id")
-    #     if fb_uid:
-    #         request.session["user_id"] = fb_uid
-    #         request.session.setdefault("permission", 1)
-    #     else:
-    #         return JsonResponse({"status": "error", "message": "未登录"}, status=401)
+    if request.session.get("user_id") is None:
+        # 允许从payload中带入user_id作为后备（便于前端已知用户时继续操作）
+        try:
+            payload_for_uid = json.loads(request.body.decode("utf-8"))
+        except Exception:
+            payload_for_uid = {}
+        fb_uid = (payload_for_uid or {}).get("user_id")
+        if fb_uid:
+            request.session["user_id"] = fb_uid
+            request.session.setdefault("permission", 1)
+        else:
+            return JsonResponse({"status": "error", "message": "未登录"}, status=401)

    try:
        payload = json.loads(request.body.decode("utf-8"))
@@ -401,6 +418,7 @@ def manage_page(request):
    if session_user_id is None:
        from django.shortcuts import redirect
        return redirect("/accounts/login/")
+
    # is_admin = (request.session.get("permission", 1) == 0)
    raw_results = search_all()
    # if not is_admin: