diff --git a/edc-web/app/routes/fixture.py b/edc-web/app/routes/fixture.py
index 939f551..c58df62 100644
--- a/edc-web/app/routes/fixture.py
+++ b/edc-web/app/routes/fixture.py
@@ -114,6 +114,8 @@ def build_4b_packet(addr: int, dev_type: int, test_mode: int,
@login_required
def fixture_page(dnt_id):
"""工装配置页面"""
+ if current_user.role != "admin":
+ return "无权限:仅管理员可访问工装配置", 403
device = get_device_by_id(dnt_id)
if not device:
return "设备不存在", 404
@@ -133,6 +135,8 @@ def vehicle_base_test_page():
@login_required
def api_fixture_command():
"""发送工装配置指令 (0x4A/0x4B/0x4C/0x4D/0x4E)"""
+ if current_user.role != "admin":
+ return jsonify({"ok": False, "error": "无权限:仅管理员可执行工装指令"}), 403
data = request.get_json()
dnt_id = data.get("dnt_id")
cmd = data.get("cmd", "").upper()
@@ -220,6 +224,8 @@ def api_get_fixture_param(dnt_id):
@login_required
def api_save_fixture_param(dnt_id):
"""保存工装测试参数(仅数据库,不下发设备)"""
+ if current_user.role != "admin":
+ return jsonify({"ok": False, "error": "无权限:仅管理员可修改工装参数"}), 403
data = request.get_json()
if not data:
return jsonify({"ok": False, "error": "数据为空"}), 400
diff --git a/edc-web/app/static/js/devices.js b/edc-web/app/static/js/devices.js
index 84ad17e..29606ae 100644
--- a/edc-web/app/static/js/devices.js
+++ b/edc-web/app/static/js/devices.js
@@ -22,7 +22,7 @@ function renderTable(devices) {
| ${d.last_login || '-'} |
-
+ ${USER_ROLE === 'admin' ? `` : ''}
|
`).join("");
diff --git a/edc-web/app/templates/devices.html b/edc-web/app/templates/devices.html
index 3350dfb..363b64c 100644
--- a/edc-web/app/templates/devices.html
+++ b/edc-web/app/templates/devices.html
@@ -20,5 +20,8 @@
{% endblock %}
{% block scripts %}
+
{% endblock %}