feat: 配置功能仅admin可用,operator隐藏配置按钮+后端403拦截

- devices.html: 注入 USER_ROLE 全局变量
- devices.js: 配置按钮仅 USER_ROLE===admin 时渲染
- fixture.py: 页面/指令/保存三个路由均校验 admin 角色
This commit is contained in:
wangfq
2026-06-09 15:36:08 +08:00
parent e863dfbe2f
commit 8aaa8440d1
3 changed files with 10 additions and 1 deletions

View File

@@ -114,6 +114,8 @@ def build_4b_packet(addr: int, dev_type: int, test_mode: int,
@login_required
def fixture_page(dnt_id):
"""工装配置页面"""
if current_user.role != "admin":
return "无权限:仅管理员可访问工装配置", 403
device = get_device_by_id(dnt_id)
if not device:
return "设备不存在", 404
@@ -133,6 +135,8 @@ def vehicle_base_test_page():
@login_required
def api_fixture_command():
"""发送工装配置指令 (0x4A/0x4B/0x4C/0x4D/0x4E)"""
if current_user.role != "admin":
return jsonify({"ok": False, "error": "无权限:仅管理员可执行工装指令"}), 403
data = request.get_json()
dnt_id = data.get("dnt_id")
cmd = data.get("cmd", "").upper()
@@ -220,6 +224,8 @@ def api_get_fixture_param(dnt_id):
@login_required
def api_save_fixture_param(dnt_id):
"""保存工装测试参数(仅数据库,不下发设备)"""
if current_user.role != "admin":
return jsonify({"ok": False, "error": "无权限:仅管理员可修改工装参数"}), 403
data = request.get_json()
if not data:
return jsonify({"ok": False, "error": "数据为空"}), 400