个股论坛重做
This commit is contained in:
@@ -75,6 +75,67 @@ def login_required(f):
|
||||
return decorated_function
|
||||
|
||||
|
||||
def get_user_admin_info(user_id):
|
||||
"""获取用户管理员信息"""
|
||||
try:
|
||||
with get_db_engine().connect() as conn:
|
||||
sql = text("""
|
||||
SELECT role, permissions
|
||||
FROM community_admins
|
||||
WHERE user_id = :user_id
|
||||
""")
|
||||
result = conn.execute(sql, {'user_id': int(user_id)}).fetchone()
|
||||
if result:
|
||||
import json
|
||||
permissions = result.permissions
|
||||
if isinstance(permissions, str):
|
||||
permissions = json.loads(permissions)
|
||||
return {
|
||||
'role': result.role,
|
||||
'permissions': permissions or {},
|
||||
'isAdmin': result.role == 'admin',
|
||||
'isModerator': result.role in ['admin', 'moderator']
|
||||
}
|
||||
except Exception as e:
|
||||
print(f"[Community API] 获取管理员信息失败: {e}")
|
||||
return None
|
||||
|
||||
|
||||
def check_permission(user_id, permission):
|
||||
"""检查用户是否有指定权限"""
|
||||
admin_info = get_user_admin_info(user_id)
|
||||
if not admin_info:
|
||||
return False
|
||||
if admin_info['isAdmin']:
|
||||
return True
|
||||
return admin_info['permissions'].get(permission, False)
|
||||
|
||||
|
||||
def admin_required(permission=None):
|
||||
"""管理员权限验证装饰器"""
|
||||
def decorator(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
user = get_current_user()
|
||||
if not user:
|
||||
return jsonify({'code': 401, 'message': '请先登录'}), 401
|
||||
g.current_user = user
|
||||
|
||||
# 检查权限
|
||||
if permission:
|
||||
if not check_permission(user['id'], permission):
|
||||
return jsonify({'code': 403, 'message': '无权限执行此操作'}), 403
|
||||
else:
|
||||
admin_info = get_user_admin_info(user['id'])
|
||||
if not admin_info:
|
||||
return jsonify({'code': 403, 'message': '需要管理员权限'}), 403
|
||||
|
||||
g.admin_info = get_user_admin_info(user['id'])
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
return decorator
|
||||
|
||||
|
||||
def api_response(data=None, message='success', code=200):
|
||||
"""统一 API 响应格式"""
|
||||
return jsonify({
|
||||
@@ -92,6 +153,33 @@ def api_error(message, code=400):
|
||||
}), code if code >= 400 else 400
|
||||
|
||||
|
||||
# ============================================================
|
||||
# 用户管理员状态 API
|
||||
# ============================================================
|
||||
|
||||
@community_bp.route('/me/admin-status', methods=['GET'])
|
||||
@login_required
|
||||
def get_my_admin_status():
|
||||
"""获取当前用户的管理员状态"""
|
||||
user = g.current_user
|
||||
admin_info = get_user_admin_info(user['id'])
|
||||
|
||||
if admin_info:
|
||||
return api_response({
|
||||
'isAdmin': admin_info['isAdmin'],
|
||||
'isModerator': admin_info['isModerator'],
|
||||
'role': admin_info['role'],
|
||||
'permissions': admin_info['permissions']
|
||||
})
|
||||
else:
|
||||
return api_response({
|
||||
'isAdmin': False,
|
||||
'isModerator': False,
|
||||
'role': None,
|
||||
'permissions': {}
|
||||
})
|
||||
|
||||
|
||||
# ============================================================
|
||||
# 频道相关 API
|
||||
# ============================================================
|
||||
|
||||
Reference in New Issue
Block a user