增加了进度条，提升等待感知[ci][0.2.4]

.gitea/workflows/ci.yml

@@ -0,0 +1,101 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - Django
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 版本号（如 0.2.2），为空则自动生成
+        required: false
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  docker-ci:
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && contains(github.event.head_commit.message, '[ci]'))
+    runs-on: ubuntu-latest
+    timeout-minutes: 40
+    env:
+      DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
+      DJANGO_DEBUG: "False"
+      DJANGO_ALLOWED_HOSTS: "127.0.0.1,localhost"
+      IMAGE_NAME: achievement_inputing_ci
+      ARTIFACT_DIR: artifacts
+      SERVER_DEST_DIR: /srv/ci
+      DOWNLOAD_BASE: http://139.224.69.213:8080
+      GITEA_SERVER: ${{ github.server_url }}
+      GITEA_REPO: ${{ github.repository }}
+      RELEASE_TOKEN: ${{ secrets.token }}
+    steps:
+      - name: Ensure source present
+        env:
+          SERVER: ${{ github.server_url }}
+          REPO: ${{ github.repository }}
+          REF: ${{ github.ref }}
+          SHA: ${{ github.sha }}
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [ -f "$GITHUB_WORKSPACE/Dockerfile" ]; then exit 0; fi
+          mkdir -p "$GITHUB_WORKSPACE"
+          cd "$GITHUB_WORKSPACE"
+          git init .
+          if [ -z "$TOKEN" ]; then
+            git fetch --depth=1 "$SERVER/$REPO.git" "$REF"
+          else
+            git -c http.extraHeader="Authorization: Bearer $TOKEN" fetch --depth=1 "$SERVER/$REPO.git" "$REF"
+          fi
+          git checkout FETCH_HEAD
+      - name: Derive version
+        run: |
+          msg="${{ github.event.head_commit.message }}"
+          ver_input="${{ github.event.inputs.version }}"
+          ver=""
+          if [ -n "$ver_input" ]; then
+            ver="$ver_input"
+          else
+            ver=$(echo "$msg" | grep -Eo "\[[0-9]+(\.[0-9]+){1,}\]" | head -n1 | tr -d '[]')
+          fi
+          if [ -z "$ver" ]; then
+            ver="$(date +%Y%m%d%H%M)-${GITHUB_SHA:0:7}"
+          fi
+          echo "VERSION=$ver" >> $GITHUB_ENV
+      - name: Build application image
+        run: |
+          docker build -t "$IMAGE_NAME:$VERSION" -f "$GITHUB_WORKSPACE/Dockerfile" "$GITHUB_WORKSPACE"
+      - name: Output image info
+        run: |
+          docker image inspect "$IMAGE_NAME:$VERSION" --format '{{.Id}} {{.Size}}'
+      - name: Export image tar
+        run: |
+          ART="achievement_inputing_ci_${VERSION}.tar"
+          docker save -o "$GITHUB_WORKSPACE/$ART" "$IMAGE_NAME:$VERSION"
+          echo "$ART" > "$GITHUB_WORKSPACE/.artifact_name"
+      - name: Publish artifact locally
+        run: |
+          ART=$(cat "$GITHUB_WORKSPACE/.artifact_name")
+          mkdir -p "$GITHUB_WORKSPACE/$ARTIFACT_DIR"
+          mv "$GITHUB_WORKSPACE/$ART" "$GITHUB_WORKSPACE/$ARTIFACT_DIR/"
+          echo "artifact: $GITHUB_WORKSPACE/$ARTIFACT_DIR/$ART"
+      - name: Publish to /srv/ci
+        run: |
+          set -e
+          ART=$(cat "$GITHUB_WORKSPACE/.artifact_name")
+          cat "$GITHUB_WORKSPACE/$ARTIFACT_DIR/$ART" | docker run --rm -i -v "$SERVER_DEST_DIR:/srvci" "$IMAGE_NAME:$VERSION" sh -c "cat > /srvci/$ART && ls -l /srvci"
+          echo "published: $SERVER_DEST_DIR/$ART"
+      - name: Create release with download link
+        if: env.RELEASE_TOKEN != ''
+        run: |
+          ART=$(cat "$GITHUB_WORKSPACE/.artifact_name")
+          BRANCH=${GITHUB_REF#refs/heads/}
+          TAG="$VERSION"
+          NAME="$VERSION"
+          BASE="${DOWNLOAD_BASE%/}"
+          BASE="${BASE%/ci}"
+          DL="$BASE/$ART"
+          echo "download: $DL"
+          JSON=$(printf '{"tag_name":"%s","target_commitish":"%s","name":"%s","body":"%s"}' "$TAG" "$BRANCH" "$NAME" "$DL")
+          curl -sS -X POST "$GITEA_SERVER/api/v1/repos/$GITEA_REPO/releases" -H "Content-Type: application/json" -H "Authorization: token $RELEASE_TOKEN" -d "$JSON"

accounts/templates/accounts/register.html

@@ -20,10 +20,14 @@
     <h1>注册新用户</h1>
     <form id="regForm">
       {% csrf_token %}
-      <label for="code">注册码</label>
-      <input id="code" name="code" type="text" required />
+      <label for="code">注册码（选填）</label>
+      <input id="code" name="code" type="text" />
       <label for="email">邮箱</label>
       <input id="email" name="email" type="email" required />
+      <button id="sendCodeBtn" type="button">发送验证码</button>
+      <div id="sendMsg" class="hint"></div>
+      <label for="email_code">邮箱验证码</label>
+      <input id="email_code" name="email_code" type="text" required />
       <label for="username">用户名</label>
       <input id="username" name="username" type="text" required />
       <label for="password">密码</label>
@@ -33,7 +37,7 @@
       <button id="regBtn" type="submit">注册</button>
       <div id="error" class="error"></div>
     </form>
-    <div class="hint">仅允许持有管理员提供注册码的学生注册</div>
+    <div class="hint">有注册码请填写，否则可留空</div>
   </div>
   <script>
     function getCookie(name){const v=`; ${document.cookie}`;const p=v.split(`; ${name}=`);if(p.length===2) return p.pop().split(';').shift();}
@@ -43,20 +47,36 @@
       const code=(document.getElementById('code').value||'').trim();
       const email=(document.getElementById('email').value||'').trim();
       const username=(document.getElementById('username').value||'').trim();
+      const email_code=(document.getElementById('email_code').value||'').trim();
       const password=document.getElementById('password').value||'';
       const confirm=document.getElementById('confirm').value||'';
-      if(!code||!email||!username||!password){err.textContent='请填写所有字段';return;}
+      if(!email||!email_code||!username||!password){err.textContent='请填写所有必填字段';return;}
       if(password!==confirm){err.textContent='两次密码不一致';return;}
       const btn=document.getElementById('regBtn'); btn.disabled=true;
       try{
         const csrftoken=getCookie('csrftoken');
-        const resp=await fetch('/accounts/register/submit/',{method:'POST',credentials:'same-origin',headers:{'Content-Type':'application/json','X-CSRFToken':csrftoken||''},body:JSON.stringify({code,email,username,password})});
+        const resp=await fetch('/accounts/register/submit/',{method:'POST',credentials:'same-origin',headers:{'Content-Type':'application/json','X-CSRFToken':csrftoken||''},body:JSON.stringify({code,email,email_code,username,password})});
         const data=await resp.json();
         if(!resp.ok||!data.ok){throw new Error(data.message||'注册失败');}
         window.location.href=data.redirect_url;
       }catch(e){err.textContent=e.message||'发生错误';}
       finally{btn.disabled=false;}
     });
+    document.getElementById('sendCodeBtn').addEventListener('click',async()=>{
+      const email=(document.getElementById('email').value||'').trim();
+      const msg=document.getElementById('sendMsg');
+      msg.textContent='';
+      if(!email){msg.textContent='请输入邮箱';return;}
+      const btn=document.getElementById('sendCodeBtn'); btn.disabled=true;
+      try{
+        const csrftoken=getCookie('csrftoken');
+        const resp=await fetch('/accounts/email/send-code/',{method:'POST',credentials:'same-origin',headers:{'Content-Type':'application/json','X-CSRFToken':csrftoken||''},body:JSON.stringify({email})});
+        const data=await resp.json();
+        if(!resp.ok||!data.ok){throw new Error(data.message||'发送失败');}
+        msg.textContent='验证码已发送，请查收邮件';
+      }catch(e){msg.textContent=e.message||'发送失败';}
+      finally{btn.disabled=false;}
+    });
   </script>
 </body>
 </html>

accounts/urls.py

@@ -11,4 +11,5 @@ urlpatterns = [
     path("logout/", views.logout, name="logout"),
     path("register/", views.register_page, name="register"),
     path("register/submit/", views.register_submit, name="register_submit"),
+    path("email/send-code/", views.send_email_code, name="send_email_code"),
 ]

accounts/views.py

@@ -4,6 +4,8 @@ import os
 import io
 import random
 import string
+import time
+import smtplib
 
 from django.http import JsonResponse, HttpResponseBadRequest
 from django.shortcuts import render, redirect
@@ -183,24 +185,38 @@ def register_submit(request):
         return HttpResponseBadRequest("Invalid JSON")
     code = (payload.get("code") or "").strip()
     email = (payload.get("email") or "").strip()
+    email_code = (payload.get("email_code") or "").strip()
     username = (payload.get("username") or "").strip()
     password = (payload.get("password") or "")
-    if not code or not email or not username or not password:
+    if not email or not email_code or not username or not password:
         return HttpResponseBadRequest("Missing fields")
-    rc = get_registration_code(code)
-    if not rc:
-        return JsonResponse({"ok": False, "message": "注册码无效"}, status=400)
+    v = request.session.get("email_verify") or {}
+    if (v.get("email") or "") != email:
+        return JsonResponse({"ok": False, "message": "请先验证邮箱"}, status=400)
     try:
-        exp = rc.get("expires_at")
-        now = __import__("datetime").datetime.now(__import__("datetime").timezone.utc)
-        if hasattr(exp, 'isoformat'):
-            exp_dt = exp
-        else:
-            exp_dt = __import__("datetime").datetime.fromisoformat(str(exp))
-        if exp_dt <= now:
-            return JsonResponse({"ok": False, "message": "注册码已过期"}, status=400)
+        exp_ts = int(v.get("expires_at") or 0)
     except Exception:
-        pass
+        exp_ts = 0
+    if exp_ts < int(time.time()):
+        return JsonResponse({"ok": False, "message": "验证码已过期"}, status=400)
+    if (v.get("code") or "") != email_code:
+        return JsonResponse({"ok": False, "message": "邮箱验证码错误"}, status=400)
+    rc = None
+    if code:
+        rc = get_registration_code(code)
+        if not rc:
+            return JsonResponse({"ok": False, "message": "注册码无效"}, status=400)
+        try:
+            exp = rc.get("expires_at")
+            now = __import__("datetime").datetime.now(__import__("datetime").timezone.utc)
+            if hasattr(exp, 'isoformat'):
+                exp_dt = exp
+            else:
+                exp_dt = __import__("datetime").datetime.fromisoformat(str(exp))
+            if exp_dt <= now:
+                return JsonResponse({"ok": False, "message": "注册码已过期"}, status=400)
+        except Exception:
+            pass
     existing = es_get_user_by_username(username)
     if existing:
         return JsonResponse({"ok": False, "message": "用户名已存在"}, status=409)
@@ -212,9 +228,74 @@ def register_submit(request):
         "password": password,
         "permission": 1,
         "email": email,
-        "key": rc.get("keys") or [],
-        "manage_key": rc.get("manage_keys") or [],
+        "key": (rc.get("keys") if rc else []) or [],
+        "manage_key": (rc.get("manage_keys") if rc else []) or [],
     })
     if not ok:
         return JsonResponse({"ok": False, "message": "注册失败"}, status=500)
-    return JsonResponse({"ok": True, "redirect_url": "/accounts/login/"})
+    try:
+        if "email_verify" in request.session:
+            del request.session["email_verify"]
+    except Exception:
+        pass
+    return JsonResponse({"ok": True, "redirect_url": "/accounts/login/"})
+
+@require_http_methods(["POST"])
+@csrf_protect
+def send_email_code(request):
+    try:
+        payload = json.loads(request.body.decode("utf-8"))
+    except json.JSONDecodeError:
+        return HttpResponseBadRequest("Invalid JSON")
+    email = (payload.get("email") or "").strip()
+    if not email:
+        return HttpResponseBadRequest("Missing email")
+    if "@" not in email:
+        return JsonResponse({"ok": False, "message": "邮箱格式不正确"}, status=400)
+    verify_code = "".join(random.choice(string.digits) for _ in range(6))
+    ttl = int(os.environ.get("SMTP_CODE_TTL", "600") or 600)
+    request.session["email_verify"] = {"email": email, "code": verify_code, "expires_at": int(time.time()) + max(60, ttl)}
+    ok, msg = _send_smtp_email(email, verify_code)
+    if not ok:
+        return JsonResponse({"ok": False, "message": msg or "验证码发送失败"}, status=500)
+    return JsonResponse({"ok": True})
+
+def _send_smtp_email(to_email: str, code: str):
+    host = os.environ.get("SMTP_HOST", "")
+    port_raw = os.environ.get("SMTP_PORT", "")
+    try:
+        port = int(port_raw) if port_raw else 0
+    except Exception:
+        port = 0
+    user = os.environ.get("SMTP_USERNAME") or os.environ.get("SMTP_USER") or ""
+    password = os.environ.get("SMTP_PASSWORD", "")
+    use_tls = str(os.environ.get("SMTP_USE_TLS", "")).lower() in ("1", "true", "yes")
+    use_ssl = str(os.environ.get("SMTP_USE_SSL", "")).lower() in ("1", "true", "yes")
+    sender = os.environ.get("SMTP_FROM_EMAIL") or os.environ.get("SMTP_FROM") or user or ""
+    subject = os.environ.get("SMTP_SUBJECT") or "邮箱验证码"
+    if not host or not port or not sender:
+        return False, "缺少SMTP配置"
+    body = f"您的验证码是：{code}，10分钟内有效。"
+    msg = f"From: {sender}\r\nTo: {to_email}\r\nSubject: {subject}\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n{body}"
+    try:
+        if use_ssl:
+            server = smtplib.SMTP_SSL(host, port)
+        else:
+            server = smtplib.SMTP(host, port)
+        server.ehlo()
+        if use_tls and not use_ssl:
+            server.starttls()
+            server.ehlo()
+        if user and password:
+            server.login(user, password)
+        server.sendmail(sender, [to_email], msg.encode("utf-8"))
+        try:
+            server.quit()
+        except Exception:
+            try:
+                server.close()
+            except Exception:
+                pass
+        return True, ""
+    except Exception as e:
+        return False, str(e)

elastic/documents.py

@@ -60,6 +60,7 @@ class RegistrationCodeDocument(Document):
     code = fields.KeywordField() #具体值
     keys = fields.KeywordField(multi=True) #对应的key
     manage_keys = fields.KeywordField(multi=True) #对应的manage_key
+    created_at = fields.DateField() #创建时间
     expires_at = fields.DateField() #过期时间
     created_by = fields.LongField() #创建者id
     class Django:

elastic/es_connect.py

@@ -730,7 +730,10 @@ def get_all_users():
             users.append({
                 "user_id": hit.user_id,
                 "username": hit.username,
-                "permission": int(hit.permission)
+                "permission": int(hit.permission),
+                "email": getattr(hit, 'email', None),
+                "key": list(getattr(hit, 'key', []) or []),
+                "manage_key": list(getattr(hit, 'manage_key', []) or []),
             })
         
         return users
@@ -749,6 +752,9 @@ def get_user_by_id(user_id):
                 "user_id": hit.user_id,
                 "username": hit.username,
                 "permission": int(hit.permission),
+                "email": getattr(hit, 'email', None),
+                "key": list(getattr(hit, 'key', []) or []),
+                "manage_key": list(getattr(hit, 'manage_key', []) or []),
             }
         return None
     except Exception as e:

elastic/indexes.py

@@ -1,5 +1,5 @@
-INDEX_NAME = "wordsearch2666661"
-USER_NAME = "users11111666789"
+INDEX_NAME = "wordsearch21"
+USER_NAME = "users16"
 ACHIEVEMENT_INDEX_NAME = INDEX_NAME
 USER_INDEX_NAME = USER_NAME
-GLOBAL_INDEX_NAME = "global11111111"
+GLOBAL_INDEX_NAME = "global11121"

elastic/templates/elastic/manage.html

@@ -3,226 +3,47 @@
 <head>
   <meta charset="UTF-8" />
   <title>数据管理</title>
-  <style>
-      body {margin: 0;font-family: system-ui, -apple-system, Segoe UI, Roboto, sans-serif;background: #fafafa;}
-    /* 导航栏样式 */
-    .sidebar {position: fixed;top: 0;left: 0;width: 180px;height: 100vh;background: #1e1e2e;color: white;padding: 20px;box-shadow: 2px 0 5px rgba(0,0,0,0.1);z-index: 1000;display: flex;
-    flex-direction: column;align-items: center;}
-    .user-id {text-align: center;margin-bottom: 0px;}
-    .sidebar h3 {margin-top: 0;font-size: 18px;color: #add8e6;text-align: center; margin-bottom: 20px;}
-    .navigation-links {width: 100%;margin-top: 60px;}
-    .sidebar a,
-    .sidebar button {display: block;color: #8be9fd;text-decoration: none;margin: 10px 0;font-size: 16px;padding: 15px;border-radius: 4px;background: transparent;
-      border: none;cursor: pointer; width: calc(100% - 40px);text-align: left;transition: all 0.2s ease;}
-    .sidebar a:hover,
-    .sidebar button:hover {color: #ff79c6;background-color: rgba(139, 233, 253, 0.2);}
-    /* 主内容区 */
-    .main-content {
-      margin-left: 200px;
-      padding: 20px;
-      color: #333;
-    }
-
-    /* 原有样式保持不变 */
-    .container {
-      max-width: 1200px;
-      margin: 0 auto;
-      background: #fff;
-      border-radius: 10px;
-      box-shadow: 0 6px 18px rgba(0,0,0,0.06);
-      padding: 20px;
-    }
-    table {
-      width: 100%;
-      border-collapse: collapse;
-      margin-top: 20px;
-    }
-    th, td {
-      border-bottom: 1px solid #eee;
-      padding: 12px 8px;
-      text-align: left;
-      vertical-align: top;
-    }
-    th {
-      background-color: #f8f9fa;
-      font-weight: 600;
-    }
-    img {
-      max-width: 120px;
-      border: 1px solid #eee;
-      border-radius: 6px;
-      cursor: pointer; /* 添加指针样式 */
-    }
-    .btn {
-      padding: 6px 10px;
-      border: none;
-      border-radius: 6px;
-      cursor: pointer;
-      font-size: 14px;
-      margin: 2px;
-    }
-    .btn-primary {
-      background: #1677ff;
-      color: #fff;
-    }
-    .btn-danger {
-      background: #ff4d4f;
-      color: #fff;
-    }
-    .btn-secondary {
-      background: #f0f0f0;
-      color: #333;
-    }
-    .muted {
-      color: #666;
-      font-size: 12px;
-    }
-    .modal {
-      position: fixed;
-      inset: 0;
-      display: none;
-      background: rgba(0,0,0,0.4);
-      align-items: center;
-      justify-content: center;
-      z-index: 1000;
-    }
-    .modal .dialog {
-      width: 720px;
-      max-width: 92vw;
-      background: #fff;
-      border-radius: 10px;
-      padding: 20px;
-      max-height: 80vh;
-      overflow-y: auto;
-    }
-    textarea {
-      width: 100%;
-      min-height: 240px;
-      font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
-      font-size: 14px;
-      padding: 10px;
-      border: 1px solid #ddd;
-      border-radius: 4px;
-      resize: vertical;
-    }
-    #kvForm {
-      border: 1px solid #eee;
-      border-radius: 6px;
-      padding: 8px;
-      max-height: 300px;
-      overflow: auto;
-    }
-
-    /* 搜索区域样式 */
-    .search-container {
-      background: #f8f9fa;
-      padding: 15px;
-      border-radius: 8px;
-      margin-bottom: 20px;
-    }
-    .search-controls {
-      display: flex;
-      flex-wrap: wrap;
-      gap: 10px;
-      align-items: center;
-      margin-bottom: 10px;
-    }
-    .search-input {
-      flex: 1;
-      min-width: 200px;
-      padding: 8px 12px;
-      border: 1px solid #ddd;
-      border-radius: 4px;
-      font-size: 14px;
-    }
-    .search-result {
-      margin-top: 10px;
-      padding: 10px;
-      background: #e8f4ff;
-      border-radius: 4px;
-      font-size: 14px;
-    }
-    .search-result.empty {
-      background: #fff8e8;
-    }
-    .search-result.error {
-      background: #ffe8e8;
-    }
-
-    /* 加载动画 */
-    .loading {
-      display: inline-block;
-      width: 20px;
-      height: 20px;
-      border: 3px solid #f3f3f3;
-      border-top: 3px solid #1677ff;
-      border-radius: 50%;
-      animation: spin 1s linear infinite;
-    }
-
-    @keyframes spin {
-      0% { transform: rotate(0deg); }
-      100% { transform: rotate(360deg); }
-    }
-
-    /* 响应式调整 */
-    @media (max-width: 768px) {
-      .search-controls {
-        flex-direction: column;
-        align-items: stretch;
-      }
-      .search-input {
-        min-width: auto;
-      }
-      .btn {
-        width: 100%;
-        margin: 2px 0;
-      }
-    }
-
-    /* 图片放大模态框 */
-    .image-modal {
-      display: none;
-      position: fixed;
-      z-index: 2000;
-      left: 0;
-      top: 0;
-      width: 100%;
-      height: 100%;
-      background-color: rgba(0,0,0,0.9);
-      overflow: auto;
-    }
-
-    .image-modal-content {
-      margin: auto;
-      display: block;
-      width: 80%;
-      max-width: 800px;
-      max-height: 80%;
-      position: absolute;
-      top: 50%;
-      left: 50%;
-      transform: translate(-50%, -50%);
-      object-fit: contain; /* 保持图片比例，完整显示 */
-      border-radius: 8px;
-      box-shadow: 0 10px 30px rgba(0,0,0,0.5);
-    }
-
-    .image-modal-close {
-      position: absolute;
-      top: 15px;
-      right: 35px;
-      color: #f1f1f1;
-      font-size: 40px;
-      font-weight: bold;
-      transition: 0.3s;
-      cursor: pointer;
-      z-index: 2001;
-    }
-
-    .image-modal-close:hover {
-      color: #bbb;
-    }
+    <style>
+    body{margin:0;font-family:sans-serif;background:#fafafa}
+    .sidebar{position:fixed;top:0;left:0;width:180px;height:100vh;background:#1e1e2e;color:white;padding:20px;box-shadow:2px 0 5px rgba(0,0,0,.1);z-index:1000;display:flex;flex-direction:column;align-items:center}
+    .user-id{text-align:center;margin-bottom:0}
+    .sidebar h3{margin:0;font-size:18px;color:#add8e6;text-align:center;margin-bottom:20px}
+    .navigation-links{width:100%;margin-top:60px}
+    .sidebar a,.sidebar button{display:block;color:#8be9fd;text-decoration:none;margin:10px 0;font-size:16px;padding:15px;border-radius:4px;background:transparent;border:none;cursor:pointer;width:calc(100% - 40px);text-align:left;transition:.2s}
+    .sidebar a:hover,.sidebar button:hover{color:#ff79c6;background-color:rgba(139,233,253,.2)}
+    .main-content{margin-left:200px;padding:20px;color:#333}
+    .container{max-width:1200px;margin:0 auto;background:#fff;border-radius:10px;box-shadow:0 6px 18px rgba(0,0,0,.06);padding:20px}
+    table{width:100%;border-collapse:collapse;margin-top:20px}
+    th,td{border-bottom:1px solid #eee;padding:12px 8px;text-align:left;vertical-align:top}
+    th{background:#f8f9fa;font-weight:600}
+    img{max-width:120px;border:1px solid #eee;border-radius:6px;cursor:pointer}
+    .btn{padding:6px 10px;border:none;border-radius:6px;cursor:pointer;font-size:14px;margin:2px}
+    .btn-primary{background:#1677ff;color:#fff}
+    .btn-danger{background:#ff4d4f;color:#fff}
+    .btn-secondary{background:#f0f0f0;color:#333}
+    .muted{color:#666;font-size:12px}
+    .modal{position:fixed;inset:0;display:none;background:rgba(0,0,0,.4);align-items:center;justify-content:center;z-index:1000}
+    .modal .dialog{width:720px;max-width:92vw;background:#fff;border-radius:10px;padding:20px;max-height:80vh;overflow-y:auto}
+    textarea{width:100%;min-height:240px;font-family:monospace;font-size:14px;padding:10px;border:1px solid #ddd;border-radius:4px;resize:vertical}
+    #kvForm{border:1px solid #eee;border-radius:6px;padding:8px;max-height:300px;overflow:auto}
+    .search-container{background:#f8f9fa;padding:15px;border-radius:8px;margin-bottom:20px}
+    .search-controls{display:flex;flex-wrap:wrap;gap:10px;align-items:center;margin-bottom:10px}
+    .search-input{flex:1;min-width:200px;padding:8px 12px;border:1px solid #ddd;border-radius:4px;font-size:14px}
+    .search-result{margin-top:10px;padding:10px;background:#e8f4ff;border-radius:4px;font-size:14px}
+    .search-result.empty{background:#fff8e8}
+    .search-result.error{background:#ffe8e8}
+    .loading{display:inline-block;width:20px;height:20px;border:3px solid #f3f3f3;border-top:3px solid #1677ff;border-radius:50%;animation:spin 1s linear infinite}
+    @keyframes spin{0%{transform:rotate(0)}100%{transform:rotate(360deg)}}
+    @media(max-width:768px){.search-controls{flex-direction:column;align-items:stretch}.search-input{min-width:auto}.btn{width:100%;margin:2px 0}}
+    .image-modal{display:none;position:fixed;z-index:2000;left:0;top:0;width:100%;height:100%;background:rgba(0,0,0,.9);overflow:hidden}
+    .image-modal-content{margin:auto;display:block;position:absolute;top:50%;left:50%;transform:translate(-50%,-50%);max-width:80%;max-height:80%;object-fit:contain;border-radius:8px;box-shadow:0 10px 30px rgba(0,0,0,.5);cursor:grab;transition:transform .3s ease}
+    .image-modal-content.dragging{cursor:grabbing}
+    .image-modal-close{position:absolute;top:15px;right:35px;color:#f1f1f1;font-size:40px;font-weight:bold;transition:.3s;cursor:pointer;z-index:2001}
+    .image-modal-close:hover{color:#bbb}
+    .zoom-controls{position:absolute;bottom:30px;left:50%;transform:translateX(-50%);display:flex;gap:10px;z-index:2001}
+    .zoom-btn{background:rgba(255,255,255,.7);border:none;border-radius:50%;width:40px;height:40px;font-size:18px;cursor:pointer;display:flex;align-items:center;justify-content:center;box-shadow:0 2px 10px rgba(0,0,0,.3);transition:background .3s}
+    .zoom-btn:hover{background:rgba(255,255,255,.9)}
+    .zoom-info{position:absolute;top:15px;left:15px;color:#f1f1f1;font-size:14px;z-index:2001;background:rgba(0,0,0,.5);padding:5px 10px;border-radius:4px}
   </style>
 </head>
 <body>
@@ -302,7 +123,13 @@
 <!-- 图片放大模态框 -->
 <div id="imageModal" class="image-modal">
   <span class="image-modal-close">&times;</span>
+  <div class="zoom-info">缩放: <span id="zoomValue">100%</span></div>
   <img class="image-modal-content" id="expandedImage">
+  <div class="zoom-controls">
+    <button class="zoom-btn" id="zoomOutBtn">-</button>
+    <button class="zoom-btn" id="resetZoomBtn">1:1</button>
+    <button class="zoom-btn" id="zoomInBtn">+</button>
+  </div>
 </div>
 
 <script>
@@ -330,12 +157,29 @@ const syncFromTextBtn = document.getElementById('syncFromTextBtn');
 const imageModal = document.getElementById('imageModal');
 const expandedImage = document.getElementById('expandedImage');
 const imageModalClose = document.querySelector('.image-modal-close');
+const zoomInBtn = document.getElementById('zoomInBtn');
+const zoomOutBtn = document.getElementById('zoomOutBtn');
+const resetZoomBtn = document.getElementById('resetZoomBtn');
+const zoomValue = document.getElementById('zoomValue');
 
 // 全局变量
 let currentId = '';
 let currentWriter = '';
 let currentImage = '';
 let allDataCache = []; // 缓存所有数据，避免重复请求
+let currentSearchQuery = ''; // 记录当前搜索查询
+let isFuzzySearch = false; // 记录当前是否为模糊搜索
+let isDeleting = false; // 标记是否正在删除
+
+// 图片缩放相关变量
+let currentScale = 1;
+let currentX = 0;
+let currentY = 0;
+let isDragging = false;
+let dragStartX = 0;
+let dragStartY = 0;
+let imgStartX = 0;
+let imgStartY = 0;
 
 // 搜索功能
 async function performSearch(type) {
@@ -345,6 +189,8 @@ async function performSearch(type) {
     return;
   }
 
+  currentSearchQuery = query;
+  isFuzzySearch = type === 'fuzzy';
   showSearchLoading();
 
   try {
@@ -403,6 +249,7 @@ function showSearchMessage(message, type = '') {
 
 // 加载所有数据
 async function loadAllData() {
+  currentSearchQuery = '';
   showSearchLoading();
 
   try {
@@ -441,6 +288,7 @@ function displayAllData(data) {
 function clearSearch() {
   searchQueryInput.value = '';
   searchResultDiv.style.display = 'none';
+  currentSearchQuery = '';
 
   // 如果有缓存数据，显示全部
   if (allDataCache.length > 0) {
@@ -647,15 +495,9 @@ async function saveEdit(){
     alert('保存成功');
     closeModal();
     // 重新加载数据以显示更新
-    if (searchResultDiv.style.display !== 'none') {
+    if (currentSearchQuery) {
       // 如果当前显示的是搜索结果，重新执行搜索
-      const query = searchQueryInput.value.trim();
-      if (query) {
-        const isFuzzy = document.querySelector('.search-result').textContent.includes('模糊');
-        performSearch(isFuzzy ? 'fuzzy' : 'exact');
-      } else {
-        loadAllData();
-      }
+      performSearch(isFuzzySearch ? 'fuzzy' : 'exact');
     } else {
       loadAllData();
     }
@@ -665,8 +507,20 @@ async function saveEdit(){
 }
 
 async function doDelete(id){
+  if (isDeleting) {
+    alert('正在处理删除操作，请稍候...');
+    return;
+  }
+
   if(!confirm('确认删除该记录？此操作不可撤销')) return;
 
+  isDeleting = true;
+  const deleteButton = document.querySelector(`button[onclick="doDelete('${id}')"]`);
+  if (deleteButton) {
+    deleteButton.disabled = true;
+    deleteButton.textContent = '删除中...';
+  }
+
   try {
     const response = await fetch(`/elastic/data/${id}/delete/`, {
       method:'DELETE',
@@ -678,20 +532,32 @@ async function doDelete(id){
     if(data.status!=='success') throw new Error(data.message || '删除失败');
 
     alert('删除成功');
-    // 重新加载数据
-    if (searchResultDiv.style.display !== 'none') {
-      const query = searchQueryInput.value.trim();
-      if (query) {
-        const isFuzzy = document.querySelector('.search-result').textContent.includes('模糊');
-        performSearch(isFuzzy ? 'fuzzy' : 'exact');
-      } else {
-        loadAllData();
-      }
+    // 清空缓存，确保下次加载获取最新数据
+    allDataCache = [];
+
+    // 根据当前显示状态重新加载数据
+    if (currentSearchQuery) {
+      // 如果当前显示的是搜索结果，重新执行搜索
+      performSearch(isFuzzySearch ? 'fuzzy' : 'exact');
     } else {
-      loadAllData();
+      // 修复：重新加载所有数据时，强制刷新缓存
+      const response = await fetch('/elastic/all-data/');
+      const data = await response.json();
+      if (data.status === 'success') {
+        allDataCache = data.data || [];
+        displayAllData(allDataCache);
+      } else {
+        showSearchMessage(`加载数据失败: ${data.message || '未知错误'}`, 'error');
+      }
     }
   } catch (e) {
     alert(e.message||'删除失败');
+  } finally {
+    isDeleting = false;
+    if (deleteButton) {
+      deleteButton.disabled = false;
+      deleteButton.textContent = '删除';
+    }
   }
 }
 
@@ -727,6 +593,30 @@ document.getElementById('logoutBtn').addEventListener('click', async () => {
   }
 });
 
+// 图片缩放功能
+function updateZoom() {
+  expandedImage.style.transform = `translate(-50%, -50%) scale(${currentScale}) translate(${currentX}px, ${currentY}px)`;
+  zoomValue.textContent = `${Math.round(currentScale * 100)}%`;
+}
+
+function resetZoom() {
+  currentScale = 1;
+  currentX = 0;
+  currentY = 0;
+  updateZoom();
+}
+
+function zoomIn() {
+  currentScale *= 1.2;
+  updateZoom();
+}
+
+function zoomOut() {
+  currentScale /= 1.2;
+  if (currentScale < 0.1) currentScale = 0.1; // 最小缩放限制
+  updateZoom();
+}
+
 // 图片放大功能
 document.addEventListener('DOMContentLoaded', function() {
   // 为所有图片添加点击事件监听器
@@ -735,6 +625,9 @@ document.addEventListener('DOMContentLoaded', function() {
       const imgSrc = e.target.src;
       expandedImage.src = imgSrc;
       imageModal.style.display = 'block';
+
+      // 重置缩放状态
+      resetZoom();
     }
   });
 
@@ -749,6 +642,91 @@ document.addEventListener('DOMContentLoaded', function() {
       imageModal.style.display = 'none';
     }
   }
+
+  // 缩放按钮事件
+  zoomInBtn.addEventListener('click', zoomIn);
+  zoomOutBtn.addEventListener('click', zoomOut);
+  resetZoomBtn.addEventListener('click', resetZoom);
+
+  // 鼠标滚轮缩放
+  expandedImage.addEventListener('wheel', function(e) {
+    e.preventDefault();
+
+    if (e.deltaY < 0) {
+      zoomIn();
+    } else {
+      zoomOut();
+    }
+  });
+
+  // 拖拽功能
+  expandedImage.addEventListener('mousedown', function(e) {
+    isDragging = true;
+    dragStartX = e.clientX;
+    dragStartY = e.clientY;
+    imgStartX = currentX;
+    imgStartY = currentY;
+    expandedImage.classList.add('dragging');
+  });
+
+  document.addEventListener('mousemove', function(e) {
+    if (isDragging) {
+      const deltaX = e.clientX - dragStartX;
+      const deltaY = e.clientY - dragStartY;
+      currentX = imgStartX + deltaX / currentScale;
+      currentY = imgStartY + deltaY / currentScale;
+      updateZoom();
+    }
+  });
+
+  document.addEventListener('mouseup', function() {
+    isDragging = false;
+    expandedImage.classList.remove('dragging');
+  });
+
+  // 触摸事件支持（移动端）
+  expandedImage.addEventListener('touchstart', function(e) {
+    if (e.touches.length === 1) {
+      isDragging = true;
+      dragStartX = e.touches[0].clientX;
+      dragStartY = e.touches[0].clientY;
+      imgStartX = currentX;
+      imgStartY = currentY;
+    } else if (e.touches.length === 2) {
+      // 双指缩放
+      initialDistance = getDistance(e.touches[0], e.touches[1]);
+      initialScale = currentScale;
+    }
+  });
+
+  document.addEventListener('touchmove', function(e) {
+    e.preventDefault();
+    if (isDragging && e.touches.length === 1) {
+      const deltaX = e.touches[0].clientX - dragStartX;
+      const deltaY = e.touches[0].clientY - dragStartY;
+      currentX = imgStartX + deltaX / currentScale;
+      currentY = imgStartY + deltaY / currentScale;
+      updateZoom();
+    } else if (e.touches.length === 2) {
+      // 双指缩放
+      const currentDistance = getDistance(e.touches[0], e.touches[1]);
+      const scale = (currentDistance / initialDistance) * initialScale;
+      currentScale = Math.max(0.1, Math.min(scale, 10)); // 限制缩放范围
+      updateZoom();
+    }
+  });
+
+  document.addEventListener('touchend', function() {
+    isDragging = false;
+  });
+
+  // 计算两点间距离
+  function getDistance(touch1, touch2) {
+    return Math.sqrt(
+      Math.pow(touch2.clientX - touch1.clientX, 2) +
+      Math.pow(touch2.clientY - touch1.clientY, 2)
+    );
+  }
 });
 </script>
 </body>

elastic/templates/elastic/upload.html

@@ -43,17 +43,21 @@
     .preview-box h3 {margin-top: 0;color: #334155; }
     .preview-box img { max-width: 100%;max-height: 300px;border: 1px solid #e2e8f0;border-radius: 8px;object-fit: contain;}
     .result-box {flex: 1;}
-    .result-box h3 { margin-top: 0; color: #334155;}
-    .form-controls { display: flex;gap: 8px;margin-bottom: 12px;flex-wrap: wrap;}
-    #kvForm {border: 1px solid #e2e8f0; border-radius: 8px; padding: 12px;    max-height: 300px;  overflow: auto;margin-bottom: 12px;background: white;}
-    .form-row {display: grid;grid-template-columns: 1fr 1fr auto;gap: 8px; margin-bottom: 6px; }
-    .form-row input {padding: 8px;border: 1px solid #cbd5e1;border-radius: 4px;}
-    #resultBox { width: 100%;min-height: 200px;font-family: ui-monospace, SFMono-Regular, Menlo, monospace;font-size: 14px; padding: 12px; border: 1px solid #e2e8f0;
-      border-radius: 8px; resize: vertical;box-sizing: border-box; }
-    .status-message { padding: 10px; margin: 10px 0; border-radius: 6px; display: none; }
-    .status-message.success { background-color: #d4edda; color: #155724; border: 1px solid #c3e6cb; }
-    .status-message.error { background-color: #f8d7da;color: #721c24; border: 1px solid #f5c6cb; }
-    .action-buttons { margin-top: 16px; display: flex; gap: 8px; flex-wrap: wrap; }
+  .result-box h3 { margin-top: 0; color: #334155;}
+  .form-controls { display: flex;gap: 8px;margin-bottom: 12px;flex-wrap: wrap;}
+  #kvForm {border: 1px solid #e2e8f0; border-radius: 8px; padding: 12px;    max-height: 300px;  overflow: auto;margin-bottom: 12px;background: white;}
+  .form-row {display: grid;grid-template-columns: 1fr 1fr auto;gap: 8px; margin-bottom: 6px; }
+  .form-row input {padding: 8px;border: 1px solid #cbd5e1;border-radius: 4px;}
+  #resultBox { width: 100%;min-height: 200px;font-family: ui-monospace, SFMono-Regular, Menlo, monospace;font-size: 14px; padding: 12px; border: 1px solid #e2e8f0;
+    border-radius: 8px; resize: vertical;box-sizing: border-box; }
+  .status-message { padding: 10px; margin: 10px 0; border-radius: 6px; display: none; }
+  .status-message.success { background-color: #d4edda; color: #155724; border: 1px solid #c3e6cb; }
+  .status-message.error { background-color: #f8d7da;color: #721c24; border: 1px solid #f5c6cb; }
+  .action-buttons { margin-top: 16px; display: flex; gap: 8px; flex-wrap: wrap; }
+  .progress {position: relative; height: 12px; background: #e2e8f0; border-radius: 8px; overflow: hidden;}
+  .progress-bar {height: 100%; width: 0; background: linear-gradient(90deg, #4f46e5 0%, #60a5fa 100%); transition: width .2s ease;}
+  .progress-wrap {display:none; margin-top: 8px;}
+  .progress-text {margin-top: 6px; font-size: 12px; color: #334155;}
   </style>
 </head>
 <body>
@@ -90,6 +94,10 @@
         <button type="submit" class="btn btn-primary">上传并识别</button>
       </form>
       <div class="status-message" id="uploadMsg"></div>
+      <div class="progress-wrap" id="progressWrap">
+        <div class="progress"><div class="progress-bar" id="progressBar"></div></div>
+        <div class="progress-text" id="progressText"></div>
+      </div>
     </div>
 
     <div class="preview-container">
@@ -136,9 +144,51 @@ const kvForm = document.getElementById('kvForm');
 const addFieldBtn = document.getElementById('addFieldBtn');
 const syncFromTextBtn = document.getElementById('syncFromTextBtn');
 const dropArea = document.getElementById('dropArea');
+const progressWrap = document.getElementById('progressWrap');
+const progressBar = document.getElementById('progressBar');
+const progressText = document.getElementById('progressText');
 
 let currentImageRel = '';
 
+function setProgress(p, text){
+  const v = Math.max(0, Math.min(100, Math.round(p||0)));
+  progressBar.style.width = v + '%';
+  progressText.textContent = (text||'') + (text? ' ' : '') + v + '%';
+}
+function showProgress(){
+  progressWrap.style.display = 'block';
+}
+function hideProgress(){
+  progressWrap.style.display = 'none';
+  setProgress(0, '');
+}
+
+async function convertToJpeg(file){
+  const url = URL.createObjectURL(file);
+  let img;
+  try{
+    const blob = await fetch(url).then(r=>r.blob());
+    img = await createImageBitmap(blob);
+  }catch(e){
+    img = await new Promise((resolve,reject)=>{const i=new Image();i.onload=()=>resolve(i);i.onerror=reject;i.src=url;});
+  }
+  URL.revokeObjectURL(url);
+  const maxDim = 2000;
+  const w = img.width;
+  const h = img.height;
+  const scale = Math.min(1, maxDim/Math.max(w,h));
+  const nw = Math.round(w*scale);
+  const nh = Math.round(h*scale);
+  const canvas = document.createElement('canvas');
+  canvas.width = nw;
+  canvas.height = nh;
+  const ctx = canvas.getContext('2d');
+  ctx.drawImage(img, 0, 0, nw, nh);
+  const blob = await new Promise(resolve=>canvas.toBlob(resolve,'image/jpeg',0.82));
+  const name = (file.name||'image').replace(/\.[^/.]+$/, '') + '.jpg';
+  return new File([blob], name, {type:'image/jpeg'});
+}
+
 // 拖拽上传功能
 ['dragenter', 'dragover', 'dragleave', 'drop'].forEach(eventName => {
   dropArea.addEventListener(eventName, preventDefaults, false);
@@ -289,20 +339,39 @@ uploadForm.addEventListener('submit', async (e) => {
     return;
   }
 
+  showProgress();
+  setProgress(5, '转换为JPG');
+  let jpegFile = file;
+  try {
+    jpegFile = await convertToJpeg(file);
+    setProgress(50, '转换为JPG');
+    preview.src = URL.createObjectURL(jpegFile);
+  } catch (_) {
+    jpegFile = file;
+    setProgress(50, '转换为JPG');
+  }
   const formData = new FormData();
-  formData.append('file', file);
+  formData.append('file', jpegFile);
 
   try {
+    let prog = 50;
+    setProgress(prog, '识别中');
+    const timer = setInterval(() => {
+      prog = Math.min(95, prog + 1);
+      setProgress(prog, '识别中');
+    }, 120);
     const resp = await fetch('/elastic/upload/', {
       method: 'POST',
       credentials: 'same-origin',
       headers: { 'X-CSRFToken': getCookie('csrftoken') || '' },
       body: formData,
     });
+    clearInterval(timer);
     const data = await resp.json();
     if (!resp.ok || data.status !== 'success') {
       throw new Error(data.message || '上传识别失败');
     }
+    setProgress(100, '识别完成');
     uploadMsg.textContent = data.message || '识别成功';
     uploadMsg.className = 'status-message success';
     uploadMsg.style.display = 'block';
@@ -310,10 +379,12 @@ uploadForm.addEventListener('submit', async (e) => {
     renderFormFromObject(data.data || {});
     currentImageRel = data.image;
     confirmBtn.disabled = false;
+    setTimeout(hideProgress, 800);
   } catch (e) {
     uploadMsg.textContent = e.message || '发生错误';
     uploadMsg.className = 'status-message error';
     uploadMsg.style.display = 'block';
+    progressText.textContent = '识别失败';
   }
 });
 
@@ -381,4 +452,4 @@ document.getElementById('logoutBtn').addEventListener('click', async () => {
 });
 </script>
 </body>
-</html>
+</html>

elastic/templates/elastic/users.html

@@ -216,20 +216,49 @@
     </div>
   </div>
 
-  <!-- 主内容区域 -->
   <div class="main-content">
+    {% if is_student %}
+    <div class="card">
+      <div class="header"><h2>修改密码</h2></div>
+      <form id="selfPwdForm">
+        <input type="hidden" id="selfUserId" name="user_id" value="{{ user_id }}">
+        <div class="form-group">
+          <label for="password">新密码</label>
+          <input type="password" id="password" name="password" required>
+        </div>
+        <div class="form-group">
+          <label for="confirmPassword">确认密码</label>
+          <input type="password" id="confirmPassword" name="confirmPassword" required>
+        </div>
+        <button type="submit" class="btn btn-primary">保存</button>
+      </form>
+    </div>
+    {% else %}
+    {% if is_tutor %}
+    <div class="card">
+      <div class="header"><h2>修改本人密码</h2></div>
+      <form id="selfPwdForm">
+        <input type="hidden" id="selfUserId" name="user_id" value="{{ user_id }}">
+        <div class="form-group">
+          <label for="password">新密码</label>
+          <input type="password" id="password" name="password" required>
+        </div>
+        <div class="form-group">
+          <label for="confirmPassword">确认密码</label>
+          <input type="password" id="confirmPassword" name="confirmPassword" required>
+        </div>
+        <button type="submit" class="btn btn-primary">保存</button>
+      </form>
+    </div>
+    {% endif %}
     <div class="card">
       <div class="header">
         <h2>用户管理</h2>
-        <button id="addUserBtn" class="btn btn-primary">添加用户</button>
+        {% if is_admin %}<button id="addUserBtn" class="btn btn-primary">添加用户</button>{% endif %}
       </div>
 
-      <div class="notification success" id="successNotification">
-        操作成功！
-      </div>
-      <div class="notification error" id="errorNotification">
-        操作失败！
-      </div>
+      <div class="notification success" id="successNotification">操作成功！</div>
+      <div class="notification error" id="errorNotification">操作失败！</div>
 
       <div class="search-container">
         <input type="text" id="searchInput" placeholder="搜索用户名...">
@@ -247,12 +276,11 @@
               <th>操作</th>
             </tr>
           </thead>
-          <tbody id="usersTableBody">
-            <!-- 用户数据将通过JavaScript加载 -->
-          </tbody>
+          <tbody id="usersTableBody"></tbody>
         </table>
       </div>
     </div>
+    {% endif %}
   </div>
 
   <!-- 添加/编辑用户模态框 -->
@@ -511,7 +539,10 @@
     }
 
     // 事件监听器
-    document.getElementById('addUserBtn').addEventListener('click', openAddModal);
+    const addBtn = document.getElementById('addUserBtn');
+    if (addBtn) {
+        addBtn.addEventListener('click', openAddModal);
+    }
 
     document.getElementById('userForm').addEventListener('submit', saveUser);
 
@@ -523,15 +554,21 @@
         });
     });
 
-    document.getElementById('searchBtn').addEventListener('click', function() {
-        const searchTerm = document.getElementById('searchInput').value;
-        loadUsers(searchTerm);
-    });
+    const searchBtn = document.getElementById('searchBtn');
+    if (searchBtn) {
+        searchBtn.addEventListener('click', function() {
+            const searchTerm = document.getElementById('searchInput').value;
+            loadUsers(searchTerm);
+        });
+    }
 
-    document.getElementById('resetBtn').addEventListener('click', function() {
-        document.getElementById('searchInput').value = '';
-        loadUsers();
-    });
+    const resetBtn = document.getElementById('resetBtn');
+    if (resetBtn) {
+        resetBtn.addEventListener('click', function() {
+            document.getElementById('searchInput').value = '';
+            loadUsers();
+        });
+    }
 
     // 点击模态框外部关闭模态框
     window.addEventListener('click', function(event) {
@@ -572,7 +609,34 @@
 
     // 页面加载时获取用户列表
     document.addEventListener('DOMContentLoaded', function() {
-        loadUsers();
+        const selfForm = document.getElementById('selfPwdForm');
+        if (selfForm) {
+            selfForm.addEventListener('submit', async (e) => {
+                e.preventDefault();
+                const uid = document.getElementById('selfUserId').value;
+                const pwd = document.getElementById('password').value;
+                const cpwd = document.getElementById('confirmPassword').value;
+                if (pwd !== cpwd) { showNotification('密码和确认密码不匹配', false); return; }
+                if ((pwd || '').length < 6) { showNotification('密码长度至少为6位', false); return; }
+                try {
+                    const csrftoken = getCookie('csrftoken');
+                    const resp = await fetch(`/elastic/users/${uid}/update/`, {
+                        method: 'POST', credentials: 'same-origin',
+                        headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrftoken || '' },
+                        body: JSON.stringify({ password: pwd })
+                    });
+                    const result = await resp.json();
+                    if (resp.ok && result.status === 'success') { showNotification('修改成功'); }
+                    else { showNotification(result.message || '操作失败', false); }
+                } catch (error) {
+                    showNotification('保存失败', false);
+                }
+            });
+        }
+        const tbody = document.getElementById('usersTableBody');
+        if (tbody) {
+            loadUsers();
+        }
     });
 
     // 为表格中的编辑和删除按钮添加事件监听器

elastic/views.py

@@ -222,16 +222,27 @@ def add_user(request):
 
 @require_http_methods(["GET"])
 def get_users(request):
-    if request.session.get("user_id") is None:
+    uid = request.session.get("user_id")
+    if uid is None:
         return JsonResponse({"status": "error", "message": "未登录"}, status=401)
-    if int(request.session.get("permission", 1)) != 0:
-        return JsonResponse({"status": "error", "message": "无权限"}, status=403)
     try:
+        is_admin = int(request.session.get("permission", 1)) == 0
+        requester = get_user_by_id(uid) or {}
+        mgr_keys = set(requester.get("manage_key") or [])
         q = (request.GET.get("search") or "").strip()
         users = get_all_users()
+        if is_admin:
+            filtered = users
+        elif mgr_keys:
+            def match_manage(user):
+                ukeys = set(user.get("key") or [])
+                return bool(ukeys & mgr_keys)
+            filtered = [u for u in users if match_manage(u)]
+        else:
+            filtered = [u for u in users if str(u.get("user_id")) == str(uid)]
         if q:
-            users = [u for u in users if q in str(u.get("username", ""))]
-        return JsonResponse({"status": "success", "data": users})
+            filtered = [u for u in filtered if q in str(u.get("username", ""))]
+        return JsonResponse({"status": "success", "data": filtered})
     except Exception as e:
         return JsonResponse({"status": "error", "message": str(e)}, status=500)
 
@@ -239,10 +250,9 @@ def get_users(request):
 @require_http_methods(["POST"])
 @csrf_protect
 def update_user_by_id_view(request, user_id):
-    if request.session.get("user_id") is None:
+    uid = request.session.get("user_id")
+    if uid is None:
         return JsonResponse({"status": "error", "message": "未登录"}, status=401)
-    if int(request.session.get("permission", 1)) != 0:
-        return JsonResponse({"status": "error", "message": "无权限"}, status=403)
     try:
         payload = json.loads(request.body.decode("utf-8"))
     except Exception:
@@ -250,21 +260,41 @@ def update_user_by_id_view(request, user_id):
     new_username = (payload.get("username") or "").strip()
     new_permission = payload.get("permission")
     new_password = (payload.get("password") or "").strip()
-    if new_username:
-        other = get_user_by_username(new_username)
-        if other and int(other.get("user_id", -1)) != int(user_id):
-            return JsonResponse({"status": "error", "message": "用户名已存在"}, status=409)
     if new_password and len(new_password) < 6:
         return JsonResponse({"status": "error", "message": "密码长度至少为6位"}, status=400)
-    ok = es_update_user_by_id(
-        user_id,
-        username=new_username if new_username else None,
-        permission=int(new_permission) if new_permission is not None else None,
-        password=new_password if new_password else None,
-    )
-    if not ok:
-        return JsonResponse({"status": "error", "message": "用户更新失败"}, status=500)
-    return JsonResponse({"status": "success", "message": "用户更新成功"})
+
+    is_admin = int(request.session.get("permission", 1)) == 0
+    requester = get_user_by_id(uid) or {}
+    target = get_user_by_id(user_id) or {}
+    requester_mgr = set(requester.get("manage_key") or [])
+    target_keys = set(target.get("key") or [])
+
+    if is_admin:
+        if new_username:
+            other = get_user_by_username(new_username)
+            if other and int(other.get("user_id", -1)) != int(user_id):
+                return JsonResponse({"status": "error", "message": "用户名已存在"}, status=409)
+        ok = es_update_user_by_id(
+            user_id,
+            username=new_username if new_username else None,
+            permission=int(new_permission) if new_permission is not None else None,
+            password=new_password if new_password else None,
+        )
+        return JsonResponse({"status": "success"}) if ok else JsonResponse({"status": "error", "message": "用户更新失败"}, status=500)
+
+    if str(uid) == str(user_id):
+        if not new_password:
+            return JsonResponse({"status": "error", "message": "仅允许修改密码"}, status=400)
+        ok = es_update_user_by_id(user_id, password=new_password)
+        return JsonResponse({"status": "success"}) if ok else JsonResponse({"status": "error", "message": "用户更新失败"}, status=500)
+
+    if requester_mgr and (target_keys & requester_mgr):
+        if not new_password or new_username or new_permission is not None:
+            return JsonResponse({"status": "error", "message": "导师仅允许修改密码"}, status=403)
+        ok = es_update_user_by_id(user_id, password=new_password)
+        return JsonResponse({"status": "success"}) if ok else JsonResponse({"status": "error", "message": "用户更新失败"}, status=500)
+
+    return JsonResponse({"status": "error", "message": "无权限"}, status=403)
 
 @require_http_methods(["POST"])
 @csrf_protect
@@ -598,11 +628,16 @@ def user_manage(request):
     if session_user_id is None:
         from django.shortcuts import redirect
         return redirect("/accounts/login/")
-    if int(request.session.get("permission", 1)) != 0:
-        from django.shortcuts import redirect
-        return redirect("/main/home/")
+    is_admin = int(request.session.get("permission", 1)) == 0
+    me = get_user_by_id(session_user_id) or {}
+    has_manage = bool(me.get("manage_key"))
     user_id_qs = request.GET.get("user_id")
-    context = {"user_id": user_id_qs or session_user_id}
+    context = {
+        "user_id": user_id_qs or session_user_id,
+        "is_admin": is_admin,
+        "is_tutor": (not is_admin) and has_manage,
+        "is_student": (not is_admin) and (not has_manage),
+    }
     return render(request, "elastic/users.html", context)
 
 @require_http_methods(["GET"])

main/templates/main/home.html

@@ -42,8 +42,8 @@
       <a href="{% url 'main:home' %}" onclick="return handleNavClick(this, '/');">主页</a>
       <a href="{% url 'elastic:upload_page' %}" onclick="return handleNavClick(this, '/elastic/upload/');">图片上传与识别</a>
       <a href="{% url 'elastic:manage_page' %}" onclick="return handleNavClick(this, '/elastic/manage/');">数据管理</a>
-      {% if is_admin %}
       <a href="{% url 'elastic:user_manage' %}" onclick="return handleNavClick(this, '/elastic/user_manage/');">用户管理</a>
+      {% if is_admin %}
       <a href="{% url 'elastic:registration_code_manage_page' %}" onclick="return handleNavClick(this, '/elastic/registration-codes/manage/');">注册码管理</a>
       {% endif %}
       <a id="logoutBtn">退出登录</a>