个股论坛重做

community_api.py

@@ -324,9 +324,43 @@ def get_channel_admin_status(channel_id):
 @community_bp.route('/channels/<channel_id>/admins', methods=['GET'])
 @login_required
 def get_channel_admins(channel_id):
-    """获取频道管理员列表"""
+    """获取频道管理员列表（包含超级管理员）"""
     try:
+        import json
+        admins = []
+
         with get_db_engine().connect() as conn:
+            # 1. 先获取全局超级管理员
+            super_admin_sql = text("""
+                SELECT ca.user_id, u.username, u.avatar
+                FROM community_admins ca
+                LEFT JOIN users u ON ca.user_id = u.id
+                WHERE ca.role = 'admin'
+            """)
+            super_admins = conn.execute(super_admin_sql).fetchall()
+
+            for row in super_admins:
+                admins.append({
+                    'userId': str(row.user_id),
+                    'username': row.username,
+                    'avatar': row.avatar,
+                    'role': 'super_admin',  # 特殊标记
+                    'isSuperAdmin': True,
+                    'permissions': {
+                        'delete_channel': True,
+                        'edit_channel': True,
+                        'manage_admins': True,
+                        'pin_messages': True,
+                        'delete_messages': True,
+                        'slow_mode': True,
+                        'lock_channel': True
+                    },
+                    'createdAt': None
+                })
+
+            # 2. 获取频道管理员（排除已在超级管理员列表中的用户）
+            super_admin_ids = [str(row.user_id) for row in super_admins]
+
             sql = text("""
                 SELECT cca.user_id, cca.role, cca.permissions, cca.created_at,
                        u.username, u.avatar
@@ -342,9 +376,11 @@ def get_channel_admins(channel_id):
             """)
             result = conn.execute(sql, {'channel_id': channel_id}).fetchall()
 
-            admins = []
             for row in result:
-                import json
+                # 跳过已在超级管理员列表中的用户
+                if str(row.user_id) in super_admin_ids:
+                    continue
+
                 permissions = row.permissions
                 if isinstance(permissions, str):
                     permissions = json.loads(permissions)
@@ -354,6 +390,7 @@ def get_channel_admins(channel_id):
                     'username': row.username,
                     'avatar': row.avatar,
                     'role': row.role,
+                    'isSuperAdmin': False,
                     'permissions': permissions or {},
                     'createdAt': row.created_at.isoformat() if row.created_at else None
                 })
@@ -742,6 +779,27 @@ def send_message(channel_id):
         user = g.current_user
         data = request.get_json()
 
+        # 检查频道类型和权限
+        with get_db_engine().connect() as conn:
+            channel_sql = text("""
+                SELECT type, is_readonly FROM community_channels WHERE id = :channel_id
+            """)
+            channel = conn.execute(channel_sql, {'channel_id': channel_id}).fetchone()
+            if not channel:
+                return api_error('频道不存在', 404)
+
+            # 公告频道只有管理员可以发消息
+            if channel.type == 'announcement':
+                admin_info = get_channel_admin_info(channel_id, user['id'])
+                if not admin_info or not admin_info.get('isAdmin'):
+                    return api_error('只有管理员可以在公告频道发送消息', 403)
+
+            # 只读频道不能发消息
+            if channel.is_readonly:
+                admin_info = get_channel_admin_info(channel_id, user['id'])
+                if not admin_info or not admin_info.get('isAdmin'):
+                    return api_error('该频道为只读频道', 403)
+
         content = data.get('content', '').strip()
         if not content:
             return api_error('消息内容不能为空')