项目管理bug修复，无权限验证

2024-11-20 19:48:02 +08:00 · 2024-11-20 19:48:02 +08:00 · 601cad31eb
commit 601cad31eb
parent dfe85ce565
1 changed files with 25 additions and 9 deletions
--- a/api/manage_project.py
+++ b/api/manage_project.py
@ -25,7 +25,17 @@ async def get_project(response: Response, session: SessionDep):
    projects = session.query(Project).filter().all()
    if not projects:
        raise HTTPException(status_code=404, detail="Project not found")
-    return {"projects": projects}
+    return {
+        "projects": [
+            {
+                "name": project.name,
+                "requirement": project.requirement,
+                "start_time": project.start_time,
+                "deadline": project.deadline
+            }
+            for project in projects
+        ]
+    }

 #新增与修改项目
@router.post("/api/s1/project")
@ -77,6 +87,11 @@ async def create_project(data: dict, session: SessionDep):
        project.deadline = deadline
    else:
        # 新增项目
+        exist_project = session.exec(select(Project).where(Project.name == name)).first()
+        print(exist_project)    #测试用
+        if exist_project:
+            raise HTTPException(status_code=404, detail="Project already exists")
+
        project = Project(
            name=name,
            requirement=requirement,
@ -118,24 +133,25 @@ async def create_project(data: dict, session: SessionDep):
 #删除项目
@router.delete("/api/s1/project")
 async def delete_project(data: dict, session: SessionDep):
-    project_id = data.get("project_id")
+    project_name = data.get("name")
+
    # 权限检查：只有管理员才可以删除项目
    # if current_user.role != 1:
    #     raise HTTPException(status_code=403, detail="Only admin users can delete projects")

-    if not project_id:
-        raise HTTPException(status_code=400, detail="Project ID is required")
+    if not project_name:
+        raise HTTPException(status_code=400, detail="Project name is required")

    # 查找项目
    project = session.exec(
-        select(Project).where(Project.id == project_id)).first()
+        select(Project).where(Project.name == project_name)).first()
+
    if not project:
-        raise HTTPException(status_code=404,
-                            detail="Project not found or you do not have permission to delete this project")
+        raise HTTPException(status_code=404,detail="Project not found")

    # 删除与项目相关的用户链接
    # 先清除现有的关联
-    stmt = delete(ProjectUserLink).where(ProjectUserLink.project_id == project_id)
+    stmt = delete(ProjectUserLink).where(ProjectUserLink.project_id == project.id)
    session.execute(stmt)

    # 删除项目