From 8aaa8440d1cdf3f5fa23e31619739aa6a764d358 Mon Sep 17 00:00:00 2001
From: wangfq <wangfq@collectpublish.net>
Date: Tue, 9 Jun 2026 15:36:08 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E9=85=8D=E7=BD=AE=E5=8A=9F=E8=83=BD?=
 =?UTF-8?q?=E4=BB=85admin=E5=8F=AF=E7=94=A8=EF=BC=8Coperator=E9=9A=90?=
 =?UTF-8?q?=E8=97=8F=E9=85=8D=E7=BD=AE=E6=8C=89=E9=92=AE+=E5=90=8E?=
 =?UTF-8?q?=E7=AB=AF403=E6=8B=A6=E6=88=AA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- devices.html: 注入 USER_ROLE 全局变量
- devices.js: 配置按钮仅 USER_ROLE===admin 时渲染
- fixture.py: 页面/指令/保存三个路由均校验 admin 角色
---
 edc-web/app/routes/fixture.py      | 6 ++++++
 edc-web/app/static/js/devices.js   | 2 +-
 edc-web/app/templates/devices.html | 3 +++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/edc-web/app/routes/fixture.py b/edc-web/app/routes/fixture.py
index 939f551..c58df62 100644
--- a/edc-web/app/routes/fixture.py
+++ b/edc-web/app/routes/fixture.py
@@ -114,6 +114,8 @@ def build_4b_packet(addr: int, dev_type: int, test_mode: int,
 @login_required
 def fixture_page(dnt_id):
     """工装配置页面"""
+    if current_user.role != "admin":
+        return "无权限：仅管理员可访问工装配置", 403
     device = get_device_by_id(dnt_id)
     if not device:
         return "设备不存在", 404
@@ -133,6 +135,8 @@ def vehicle_base_test_page():
 @login_required
 def api_fixture_command():
     """发送工装配置指令 (0x4A/0x4B/0x4C/0x4D/0x4E)"""
+    if current_user.role != "admin":
+        return jsonify({"ok": False, "error": "无权限：仅管理员可执行工装指令"}), 403
     data = request.get_json()
     dnt_id = data.get("dnt_id")
     cmd = data.get("cmd", "").upper()
@@ -220,6 +224,8 @@ def api_get_fixture_param(dnt_id):
 @login_required
 def api_save_fixture_param(dnt_id):
     """保存工装测试参数（仅数据库，不下发设备）"""
+    if current_user.role != "admin":
+        return jsonify({"ok": False, "error": "无权限：仅管理员可修改工装参数"}), 403
     data = request.get_json()
     if not data:
         return jsonify({"ok": False, "error": "数据为空"}), 400
diff --git a/edc-web/app/static/js/devices.js b/edc-web/app/static/js/devices.js
index 84ad17e..29606ae 100644
--- a/edc-web/app/static/js/devices.js
+++ b/edc-web/app/static/js/devices.js
@@ -22,7 +22,7 @@ function renderTable(devices) {
             <td>${d.last_login || '-'}</td>
             <td>
                 <button class="btn-test" onclick="location.href='/test/${d.id}'">测试</button>
-                <button class="btn-config" onclick="location.href='/fixture/${d.id}'">配置</button>
+                ${USER_ROLE === 'admin' ? `<button class="btn-config" onclick="location.href='/fixture/${d.id}'">配置</button>` : ''}
             </td>
         </tr>
     `).join("");
diff --git a/edc-web/app/templates/devices.html b/edc-web/app/templates/devices.html
index 3350dfb..363b64c 100644
--- a/edc-web/app/templates/devices.html
+++ b/edc-web/app/templates/devices.html
@@ -20,5 +20,8 @@
 {% endblock %}
 
 {% block scripts %}
+<script>
+    const USER_ROLE = "{{ current_user.role }}";
+</script>
 <script src="{{ url_for('static', filename='js/devices.js') }}"></script>
 {% endblock %}