feat: 增加 manager 角色,admin+manager 共享管理权限(用户管理除外),所有用户可自行修改密码

- auth.py: 新增 privileged_required 装饰器 (admin+manager),admin_required 仅限用户管理
- 路由权限: fixture/logs/device_logs/test_data 的 admin 检查改为 admin+manager
- 前端: 导航栏/删除按钮/配置按钮扩展为 admin+manager 可见
- 用户管理: 角色下拉增加 manager 选项,仍仅 admin 可访问
- 新增 /change-password 路由+模板,所有登录用户可自行修改密码
- edc_server models.py: role COMMENT 更新 + ALTER TABLE 迁移
This commit is contained in:
wangfq
2026-06-11 09:11:54 +08:00
parent 50451de2df
commit 000e4f8d3a
12 changed files with 119 additions and 14 deletions

View File

@@ -72,7 +72,7 @@ def api_export():
@login_required
def api_device_logs_delete():
"""删除设备日志admin 权限)"""
if current_user.role != "admin":
if current_user.role not in ("admin", "manager"):
return jsonify({"ok": False, "error": "无权限"}), 403
data = request.get_json()

View File

@@ -114,7 +114,7 @@ def build_4b_packet(addr: int, dev_type: int, test_mode: int,
@login_required
def fixture_page(dnt_id):
"""工装配置页面"""
if current_user.role != "admin":
if current_user.role not in ("admin", "manager"):
return "无权限:仅管理员可访问工装配置", 403
device = get_device_by_id(dnt_id)
if not device:
@@ -135,7 +135,7 @@ def vehicle_base_test_page():
@login_required
def api_fixture_command():
"""发送工装配置指令 (0x4A/0x4B/0x4C/0x4D/0x4E)"""
if current_user.role != "admin":
if current_user.role not in ("admin", "manager"):
return jsonify({"ok": False, "error": "无权限:仅管理员可执行工装指令"}), 403
data = request.get_json()
dnt_id = data.get("dnt_id")
@@ -226,7 +226,7 @@ def api_get_fixture_param(dnt_id):
@login_required
def api_save_fixture_param(dnt_id):
"""保存工装测试参数(仅数据库,不下发设备)"""
if current_user.role != "admin":
if current_user.role not in ("admin", "manager"):
return jsonify({"ok": False, "error": "无权限:仅管理员可修改工装参数"}), 403
data = request.get_json()
if not data:

View File

@@ -2,20 +2,20 @@
from flask import Blueprint, jsonify, render_template, request
from flask_login import login_required
from app.auth import admin_required
from app.auth import privileged_required
from app.models import get_logs
bp = Blueprint("logs", __name__, url_prefix="/logs")
@bp.route("/")
@admin_required
@privileged_required
def logs_page():
return render_template("logs.html")
@bp.route("/api/logs")
@admin_required
@privileged_required
def api_logs():
page = request.args.get("page", 1, type=int)
per_page = request.args.get("per_page", 30, type=int)

View File

@@ -84,7 +84,7 @@ def api_export():
@login_required
def api_delete():
"""删除测试数据(仅 admin"""
if current_user.role != "admin":
if current_user.role not in ("admin", "manager"):
return jsonify({"ok": False, "error": "无权限"}), 403
data = request.get_json() or {}