项目管理bug修复,无权限验证
This commit is contained in:
parent
dfe85ce565
commit
601cad31eb
@ -25,7 +25,17 @@ async def get_project(response: Response, session: SessionDep):
|
|||||||
projects = session.query(Project).filter().all()
|
projects = session.query(Project).filter().all()
|
||||||
if not projects:
|
if not projects:
|
||||||
raise HTTPException(status_code=404, detail="Project not found")
|
raise HTTPException(status_code=404, detail="Project not found")
|
||||||
return {"projects": projects}
|
return {
|
||||||
|
"projects": [
|
||||||
|
{
|
||||||
|
"name": project.name,
|
||||||
|
"requirement": project.requirement,
|
||||||
|
"start_time": project.start_time,
|
||||||
|
"deadline": project.deadline
|
||||||
|
}
|
||||||
|
for project in projects
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
#新增与修改项目
|
#新增与修改项目
|
||||||
@router.post("/api/s1/project")
|
@router.post("/api/s1/project")
|
||||||
@ -77,6 +87,11 @@ async def create_project(data: dict, session: SessionDep):
|
|||||||
project.deadline = deadline
|
project.deadline = deadline
|
||||||
else:
|
else:
|
||||||
# 新增项目
|
# 新增项目
|
||||||
|
exist_project = session.exec(select(Project).where(Project.name == name)).first()
|
||||||
|
print(exist_project) #测试用
|
||||||
|
if exist_project:
|
||||||
|
raise HTTPException(status_code=404, detail="Project already exists")
|
||||||
|
|
||||||
project = Project(
|
project = Project(
|
||||||
name=name,
|
name=name,
|
||||||
requirement=requirement,
|
requirement=requirement,
|
||||||
@ -117,25 +132,26 @@ async def create_project(data: dict, session: SessionDep):
|
|||||||
|
|
||||||
#删除项目
|
#删除项目
|
||||||
@router.delete("/api/s1/project")
|
@router.delete("/api/s1/project")
|
||||||
async def delete_project(data : dict, session: SessionDep):
|
async def delete_project(data: dict, session: SessionDep):
|
||||||
project_id = data.get("project_id")
|
project_name = data.get("name")
|
||||||
|
|
||||||
# 权限检查:只有管理员才可以删除项目
|
# 权限检查:只有管理员才可以删除项目
|
||||||
# if current_user.role != 1:
|
# if current_user.role != 1:
|
||||||
# raise HTTPException(status_code=403, detail="Only admin users can delete projects")
|
# raise HTTPException(status_code=403, detail="Only admin users can delete projects")
|
||||||
|
|
||||||
if not project_id:
|
if not project_name:
|
||||||
raise HTTPException(status_code=400, detail="Project ID is required")
|
raise HTTPException(status_code=400, detail="Project name is required")
|
||||||
|
|
||||||
# 查找项目
|
# 查找项目
|
||||||
project = session.exec(
|
project = session.exec(
|
||||||
select(Project).where(Project.id == project_id)).first()
|
select(Project).where(Project.name == project_name)).first()
|
||||||
|
|
||||||
if not project:
|
if not project:
|
||||||
raise HTTPException(status_code=404,
|
raise HTTPException(status_code=404,detail="Project not found")
|
||||||
detail="Project not found or you do not have permission to delete this project")
|
|
||||||
|
|
||||||
# 删除与项目相关的用户链接
|
# 删除与项目相关的用户链接
|
||||||
# 先清除现有的关联
|
# 先清除现有的关联
|
||||||
stmt = delete(ProjectUserLink).where(ProjectUserLink.project_id == project_id)
|
stmt = delete(ProjectUserLink).where(ProjectUserLink.project_id == project.id)
|
||||||
session.execute(stmt)
|
session.execute(stmt)
|
||||||
|
|
||||||
# 删除项目
|
# 删除项目
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user