项目管理对注释进行了修改，租户管理权限验证完成。

api/manage_project.py

@@ -57,10 +57,10 @@ async def get_project(response: Response, session: SessionDep, current_user: Use
         ]
     }
 
+
 # 新增与修改项目
 @router.post("/api/s1/project")
 async def create_project(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
-
     if current_user.role != 1:
         raise HTTPException(status_code=403, detail="Only Tenant admin users can add or update projects.")
 
@@ -154,10 +154,10 @@ async def create_project(data: dict, session: SessionDep, current_user: User = D
             "information": project,
             }
 
+
 # 删除项目
 @router.delete("/api/s1/project")
 async def delete_project(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
-
     if current_user.role != 1:
         raise HTTPException(status_code=403, detail="Only Tenant admin users can delete projects.")
 

api/manage_tanant.py

@@ -23,7 +23,11 @@ from dependencies import SessionDep  # 假设 SessionDep 是数据库会话的
 
 #列举所有租户
 @router.get("/api/s1/tenant")
-async def get_tenant(response: Response, session: SessionDep):
+async def get_tenant(response: Response, session: SessionDep, current_user: User = Depends(get_current_user)):
+
+    if current_user.role != 0:
+        raise HTTPException(status_code=403, detail="Only Superadmin can list all tenants.")
+
     tenants = session.query(Tenant).all()  # 获取所有租户
     if not tenants:
         raise HTTPException(status_code=404, detail="No tenants found")
@@ -49,44 +53,21 @@ async def get_tenant(response: Response, session: SessionDep):
 
 # 新增和修改租户
 @router.post("/api/s1/tenant")
-async def create_or_update_tenant(data: dict, session: SessionDep):
+async def create_or_update_tenant(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
-    name = data["name"]
+    if current_user.role != 0:
-    username = data["username"]
+        raise HTTPException(status_code=403, detail="Only Superadmin can add or update tenants.")
-    password = data.get("password", "")  # 默认为空字符串
+
+    name = data.get("name")
+    username = data.get("username")
+    password = data.get("password")
 
     # 验证是否缺少必要参数
-    if not name or not username:
+    if not name:
-        raise HTTPException(status_code=400, detail="Need more name/username")
+        raise HTTPException(status_code=400, detail="Need more name")
 
-    # 查找用户
+    if username:
-    user_query = select(User).where(User.username == username)
+        # 如果 username 不为空，判断为新建租户
-    existing_user = session.exec(user_query).first()
+        # 检查租户名是否已存在
-
-    # 如果密码为空，更新租户信息
-    if password == "":
-        print("密码为空")   #测试用
-        # 如果用户不存在，返回错误
-        if not existing_user:
-            raise HTTPException(status_code=404, detail="User not found")
-        else:
-            # 如果找到了对应的 User
-            # 使用 user.tenant_id 查找对应的 Tenant
-            tenant = session.get(Tenant, existing_user.tenant_id)
-            # 如果 Tenant 存在，更新 Tenant 的 name 字段
-            if tenant:
-                tenant.name = name
-                session.commit()  # 提交更新
-            else:
-                raise HTTPException(status_code=404, detail="Tenant not found")
-            return {"message": "Tenant and User update successfully"}
-    else:
-        print("密码不为空")  #测试用
-        # 如果密码不为空，执行创建新租户和用户的操作
-        if existing_user:
-            # 如果用户已存在，返回错误
-            raise HTTPException(status_code=409, detail="User already exists")
-
-        # 检查租户是否已存在
         tenant_query = select(Tenant).where(Tenant.name == name)
         existing_tenant = session.exec(tenant_query).first()
 
@@ -94,11 +75,7 @@ async def create_or_update_tenant(data: dict, session: SessionDep):
             raise HTTPException(status_code=409, detail="Tenant name already exists")
 
         # 创建新租户
-        tenant = Tenant(
+        tenant = Tenant(name=name)
-            name=name,
-            username=username,
-            password=password,  # 实际使用时应加密密码
-        )
         session.add(tenant)
         session.commit()
         session.refresh(tenant)
@@ -106,7 +83,7 @@ async def create_or_update_tenant(data: dict, session: SessionDep):
         # 创建新用户
         user = User(
             username=username,
-            password=password,  # 同样需要加密密码
+            password=password,  # 记得加密密码
             role=1,  # 默认role为1
             tenant_id=tenant.id,
         )
@@ -114,13 +91,40 @@ async def create_or_update_tenant(data: dict, session: SessionDep):
 
         # 提交事务
         session.commit()
-        session.refresh(tenant)
 
         return {"message": "Tenant and User added successfully"}
 
+    else:
+        # 如果 username 为空，执行更新操作
+        # 根据租户名称查找 Tenant
+        tenant_query = select(Tenant).where(Tenant.name == name)
+        tenant = session.exec(tenant_query).first()
+
+        # 如果找不到对应的租户，抛出错误
+        if not tenant:
+            raise HTTPException(status_code=404, detail="Tenant not found")
+
+        # 找到租户后，根据 tenant_id 查找该租户下的所有用户
+        user_query = select(User).where(User.tenant_id == tenant.id)
+
+        user = session.exec(user_query).first()
+
+        #如果找不到对应的用户，抛出错误
+        if not user:
+            raise HTTPException(status_code=404, detail="User not found")
+        user.password = password
+        session.add(user)
+        session.commit()
+        print(user) #测试用
+        return {"message": "Tenant and User update successfully"}
+
 #删除租户
 @router.delete("/api/s1/tenant")
-async def delete_tenant(data: dict, session: SessionDep):
+async def delete_tenant(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
+
+    if current_user.role != 0:
+        raise HTTPException(status_code=403, detail="Only Superadmin can delete tenants.")
+
     tenant_name = data.get("name")
 
     if not tenant_name: