Files
vd_test_fixture/edc-web/app/routes/users.py
wangfq 322563dab0 feat: 用户登录/管理 + 操作日志模块
- tb_user 用户表、tb_log 日志表
- Flask-Login 认证(login/logout/权限装饰器)
- 用户管理页(admin 专有):增删改查、改密、角色设置
- 操作日志页:分页查询、按用户/类型筛选
- 测试操作区指令自动记录日志
- 所有页面加 @login_required 保护
- 默认管理员 admin/admin123(首次启动自动创建)
2026-05-28 13:58:19 +08:00

55 lines
1.6 KiB
Python

"""用户管理 API"""
from flask import Blueprint, jsonify, render_template, request
from flask_login import login_required, current_user
from werkzeug.security import generate_password_hash
from app.auth import admin_required
from app.models import get_all_users, create_user, update_user, get_user_by_username
bp = Blueprint("users", __name__, url_prefix="/users")
@bp.route("/")
@admin_required
def users_page():
return render_template("users.html")
@bp.route("/api/users")
@admin_required
def api_users():
return jsonify(get_all_users())
@bp.route("/api/users", methods=["POST"])
@admin_required
def api_create_user():
data = request.get_json()
username = data.get("username", "").strip()
password = data.get("password", "").strip()
role = data.get("role", "operator")
if not username or not password:
return jsonify({"ok": False, "error": "用户名和密码不能为空"}), 400
if get_user_by_username(username):
return jsonify({"ok": False, "error": "用户名已存在"}), 400
create_user(username, generate_password_hash(password), role)
return jsonify({"ok": True})
@bp.route("/api/users/<int:user_id>", methods=["PUT"])
@admin_required
def api_update_user(user_id):
data = request.get_json()
kwargs = {}
if "password" in data and data["password"]:
kwargs["password_hash"] = generate_password_hash(data["password"])
if "role" in data:
kwargs["role"] = data["role"]
if "is_active" in data:
kwargs["is_active"] = data["is_active"]
if kwargs:
update_user(user_id, **kwargs)
return jsonify({"ok": True})