.env

@@ -1,3 +1,3 @@
 ALGORITHM=HS256
-DATABASE_URL=mysql://shixun:TEzzsLddDRdDwXdE@120.53.31.148:3306/shixun
+DATABASE_URL=sqlite:///test.db
 SECRET_KEY=your_secret_key

.idea/CostEvalPlatform.iml

@@ -2,7 +2,7 @@
 <module type="PYTHON_MODULE" version="4">
   <component name="NewModuleRootManager">
     <content url="file://$MODULE_DIR$" />
-    <orderEntry type="jdk" jdkName="demo1" jdkType="Python SDK" />
+    <orderEntry type="jdk" jdkName="Python 3.11" jdkType="Python SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
 </module>

.idea/deployment.xml

@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="PublishConfigData" serverName="ecs2" remoteFilesAllowedToDisappearOnAutoupload="false">
-    <serverData>
-      <paths name="ecs2">
-        <serverdata>
-          <mappings>
-            <mapping deploy="./shixun/" local="$PROJECT_DIR$" web="/" />
-          </mappings>
-        </serverdata>
-      </paths>
-    </serverData>
-  </component>
-</project>

.idea/misc.xml

@@ -28,5 +28,5 @@
       </profile-state>
     </entry>
   </component>
-  <component name="ProjectRootManager" version="2" project-jdk-name="demo1" project-jdk-type="Python SDK" />
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.11" project-jdk-type="Python SDK" />
 </project>

.idea/webServers.xml

@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="WebServers">
-    <option name="servers">
-      <webServer id="c90c26ce-7c47-4054-9829-4cec3d848165" name="ecs2" url="http://ecs2.heshunme.xyz:10000">
-        <fileTransfer rootFolder="/root" accessType="SFTP" host="ecs2.heshunme.xyz" port="22" sshConfigId="f1f6e1a9-94a6-4cd9-ba1a-ad35f1bc3d3e" sshConfig="root@ecs2.heshunme.xyz:22 key" keyPair="true">
-          <advancedOptions>
-            <advancedOptions dataProtectionLevel="Private" keepAliveTimeout="0" passiveMode="true" shareSSLContext="true" />
-          </advancedOptions>
-        </fileTransfer>
-      </webServer>
-    </option>
-  </component>
-</project>

api/login_reg.py

@@ -20,7 +20,7 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None, s
     if expires_delta:
         expire = datetime.utcnow() + expires_delta
     else:
-        expire = datetime.utcnow() + timedelta(days=15)
+        expire = datetime.utcnow() + timedelta(minutes=15)
     to_encode.update({"exp": expire})
     print(settings, type(settings))
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
@@ -43,14 +43,7 @@ async def login(response: Response, user_data: dict, session: SessionDep):
     token = create_access_token(data={"id": user.id, "role": user.role, "tanant_id": user.tenant.id})
 
     # 设置cookie
-    response.set_cookie(
-        key="session_token",
-        value=token,
-        httponly=True,
-        # domain=".ecs2.heshunme.xyz",  # 确保域正确
-        samesite="none",  # 根据需要设置samesite属性
-        secure=True,
-    )
+    response.set_cookie(key="session_token", value=token, httponly=True)
 
     # 关闭数据库会话
     session.close()

api/manage_project.py

@@ -2,14 +2,19 @@
 # @Time    : 2024/11/19 下午8:05
 # @FileName: manage_project.py
 # @Software: PyCharm
-from datetime import datetime
-from typing import List
-
-from fastapi import APIRouter
+from fastapi import HTTPException, Response, Depends, APIRouter
+from typing import Optional, Annotated
+from datetime import datetime, timedelta
+from jose import JWTError, jwt
 from sqlalchemy import delete
 
+from sqlmodel import select
+
+from models import Tenant, User, Project, ProjectUserLink
 from dependencies import *
-from models import Project, ProjectUserLink
+from fastapi import APIRouter
+
+from typing import List
 
 router = APIRouter()
 TenantRole = 1
@@ -40,15 +45,17 @@ async def get_project(response: Response, session: SessionDep, current_user: Use
         raise HTTPException(status_code=404, detail="Project not found or you have no projects.")
 
     # 返回项目的基本信息
-    return [
-        {
-            "name": project.name,
-            "requirement": project.requirement,
-            "start_time": project.start_time,
-            "deadline": project.deadline
-        }
-        for project in projects
-    ]
+    return {
+        "projects": [
+            {
+                "name": project.name,
+                "requirement": project.requirement,
+                "start_time": project.start_time,
+                "deadline": project.deadline
+            }
+            for project in projects
+        ]
+    }
 
 
 # 新增与修改项目
@@ -57,67 +64,87 @@ async def create_project(data: dict, session: SessionDep, current_user: User = D
     if current_user.role != 1:
         raise HTTPException(status_code=403, detail="Only Tenant admin users can add or update projects.")
 
-    # project_id = data.get("project_id")
-    name = data.get("name")
-    requirement = data.get("requirement")
-    start_time_str = data.get("start_time")
-    deadline_str = data.get("deadline")
-    estimators = data.get("estimator")
-    auditors = data.get("auditor")
+    project_id = data.get("project_id")
+    name = data["name"]
+    requirement = data["requirement"]
+    start_time_str = data["start_time"]
+    deadline_str = data["deadline"]
+    estimators = data["estimators"]
+    auditors = data["auditors"]
 
     # 验证是否缺少必要参数
     if not name or not requirement or not start_time_str or not deadline_str:
-        raise HTTPException(status_code=400, detail="Need more details")
+        raise HTTPException(status_code=400, detail="Need more name/requirement/start_time/deadline")
 
     # 验证开始时间是否早于结束时间
-    # 去掉 'Z' 和毫秒部分
-    start_time_str = start_time_str.split('.')[0].rstrip('Z')
-    deadline_str = deadline_str.split('.')[0].rstrip('Z')
-
     start_time = datetime.strptime(start_time_str, "%Y-%m-%dT%H:%M:%S")
     deadline = datetime.strptime(deadline_str, "%Y-%m-%dT%H:%M:%S")
-
     if start_time > deadline:
         raise HTTPException(status_code=400, detail="Start time must be before deadline")
 
-    # 验证是否有传入评估/审核员
-    if not estimators or not auditors:
-        raise HTTPException(status_code=400, detail="Need more estimators or auditors")
-
-    users: List[User] = []
     # 验证评估审核员是否存在
-    for username in estimators + auditors:
-        query_estimator = select(User).where(User.username == username)
-        if user := session.exec(query_estimator).first():
-            users.append(user)
+    query_estimators = select(User).where(User.username.in_(estimators))
+    users_estimators = session.exec(query_estimators).all()
+    query_auditors = select(User).where(User.username.in_(auditors))
+    users_auditors = session.exec(query_auditors).all()
+    # 提取出所有查询到的
+    existing_estimators = {user.username for user in users_estimators}
+    existing_auditors = {user.username for user in users_auditors}
 
-    project = session.exec(select(Project).where(Project.name == name)).first()
-    if project and project.owner_id != current_user.tenant_id:
-        raise HTTPException(status_code=403, detail="You do not have permission to modify this project.")
+    # 验证是否所有的username都存在于数据库中
+    missing_usernames = (set(auditors) | set(estimators)) - existing_estimators - existing_auditors
+
+    if missing_usernames:
+        raise HTTPException(status_code=404, detail=f"Missing usernames:{missing_usernames}")
 
     # 更新项目还是新增项目
-    if project:
+    if project_id:
+        # 查找现有项目
+        project = session.get(Project, project_id)
+        if not project:
+            raise HTTPException(status_code=404, detail="Project not found")
+
         # 更新项目内容
         project.name = name
         project.requirement = requirement
         project.start_time = start_time
         project.deadline = deadline
     else:
+        # 新增项目
+        exist_project = session.exec(select(Project).where(Project.name == name)).first()
+        print(exist_project)  # 测试用
+        if exist_project:
+            raise HTTPException(status_code=404, detail="Project already exists")
+
         project = Project(
             name=name,
             requirement=requirement,
             start_time=start_time,
             deadline=deadline,
-            owner_id=current_user.tenant_id,
+            owner_id=1  # 假设owner_id是1，之后应该是通过token获取owner_id吧
         )
+        session.add(project)
 
     # 处理项目和用户的关联
     # 先清除现有的关联
     # 生成删除语句并执行
-    project.users = []
-    project.users = users
-    session.add(project)
-    session.commit()
+    print(project_id)  # 测试用
+    stmt = delete(ProjectUserLink).where(ProjectUserLink.project_id == project.id)
+    session.execute(stmt)
+    session.commit()  # 提交事务
+
+    # 重新建立与评估员和审核员的关系
+    for username in estimators:
+        user = next((user for user in users_estimators if user.username == username), None)
+        if user:
+            project_user_link = ProjectUserLink(project_id=project.id, user_id=user.id)
+            session.add(project_user_link)
+
+    for username in auditors:
+        user = next((user for user in users_auditors if user.username == username), None)
+        if user:
+            project_user_link = ProjectUserLink(project_id=project.id, user_id=user.id)
+            session.add(project_user_link)
 
     # 提交事务
     session.commit()
@@ -130,12 +157,15 @@ async def create_project(data: dict, session: SessionDep, current_user: User = D
 
 # 删除项目
 @router.delete("/api/s1/project")
-async def delete_project(name: str, session: SessionDep, current_user: User = Depends(get_current_user)):
+async def delete_project(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
     if current_user.role != 1:
         raise HTTPException(status_code=403, detail="Only Tenant admin users can delete projects.")
 
-    # project_name = data.get("name")
-    project_name = name
+    project_name = data.get("name")
+
+    # 权限检查：只有管理员才可以删除项目
+    # if current_user.role != 1:
+    #     raise HTTPException(status_code=403, detail="Only admin users can delete projects")
 
     if not project_name:
         raise HTTPException(status_code=400, detail="Project name is required")

api/manage_tanant.py

@@ -3,20 +3,28 @@
 # @FileName: manage_tanant.py
 # @Software: PyCharm
 from fastapi import APIRouter
+from fastapi import HTTPException, Response, Depends, APIRouter
+from typing import Optional, Annotated
+from datetime import datetime, timedelta
+from jose import JWTError, jwt
 from sqlalchemy import delete
 
+from sqlmodel import select
+
+from models import Tenant, User, Project
 from dependencies import *
 
 router = APIRouter()
 
 from fastapi import HTTPException, Response
+from sqlalchemy.orm import Session
 from models import Tenant, User  # 假设你已导入 Tenant 和 User 模型
 from dependencies import SessionDep  # 假设 SessionDep 是数据库会话的依赖
 
-
-# 列举所有租户
+#列举所有租户
 @router.get("/api/s1/tenant")
 async def get_tenant(response: Response, session: SessionDep, current_user: User = Depends(get_current_user)):
+
     if current_user.role != 0:
         raise HTTPException(status_code=403, detail="Only Superadmin can list all tenants.")
 
@@ -43,7 +51,6 @@ async def get_tenant(response: Response, session: SessionDep, current_user: User
 
     return {"tenants": tenant_data}
 
-
 # 新增和修改租户
 @router.post("/api/s1/tenant")
 async def create_or_update_tenant(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
@@ -102,22 +109,23 @@ async def create_or_update_tenant(data: dict, session: SessionDep, current_user:
 
         user = session.exec(user_query).first()
 
-        # 如果找不到对应的用户，抛出错误
+        #如果找不到对应的用户，抛出错误
         if not user:
             raise HTTPException(status_code=404, detail="User not found")
         user.password = password
         session.add(user)
         session.commit()
+        print(user) #测试用
         return {"message": "Tenant and User update successfully"}
 
-
-# 删除租户
+#删除租户
 @router.delete("/api/s1/tenant")
-async def delete_tenant(name: str, user_num: int, session: SessionDep, current_user: User = Depends(get_current_user)):
+async def delete_tenant(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
+
     if current_user.role != 0:
         raise HTTPException(status_code=403, detail="Only Superadmin can delete tenants.")
 
-    tenant_name = name
+    tenant_name = data.get("name")
 
     if not tenant_name:
         raise HTTPException(status_code=400, detail="Tenant name is required")
@@ -136,4 +144,4 @@ async def delete_tenant(name: str, user_num: int, session: SessionDep, current_u
     session.delete(tenant)
     session.commit()
 
-    return {"detail": "Tenant deleted successfully"}
+    return {"detail": "Tenant deleted successfully"}

api/manage_user.py

@@ -3,7 +3,7 @@
 # @Author  : 河瞬
 # @FileName: manage_user.py
 # @Software: PyCharm
-from fastapi import HTTPException, APIRouter, Depends
+from fastapi import HTTPException, APIRouter, Depends, Request
 from sqlmodel import select
 
 from dependencies import SessionDep, get_current_user
@@ -14,7 +14,7 @@ router = APIRouter()
 
 # 枚举成员
 @router.get("/api/s1/user")
-async def list_users(session: SessionDep, current_user: User = Depends(get_current_user)):
+async def list_users(request: Request, session: SessionDep, current_user: User = Depends(get_current_user)):
     if current_user.role != 1:
         raise HTTPException(status_code=403, detail="Only admin users can list users")
 
@@ -30,7 +30,7 @@ async def add_or_update_user(data: dict, session: SessionDep, current_user: User
         raise HTTPException(status_code=403, detail="Only admin users can add or update users")
 
     username = data.get("username")
-    password = data.get("password", None)
+    password = data.get("password")
     role = data.get("role")
     if role not in ["auditor", "estimator"]:
         raise HTTPException(status_code=400, detail="Invalid role")
@@ -42,7 +42,7 @@ async def add_or_update_user(data: dict, session: SessionDep, current_user: User
     user = session.exec(select(User).where(User.username == username, User.tenant_id == current_user.tenant_id)).first()
 
     if user:
-        if password:
+        if password and password != "":
             user.password = password
         user.role = role
         session.add(user)

config.py

@@ -14,6 +14,5 @@ class Settings(BaseSettings):
     class Config:
         env_file = ".env"
 
-
 if __name__ == '__main__':
-    print(Settings().ALGORITHM)
+    print(Settings().ALGORITHM)

main.py

@@ -22,12 +22,9 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(lifespan=lifespan)
 
-# noinspection PyTypeChecker
 app.add_middleware(
     CORSMiddleware,
-    # allow_origins=["*"],
-    allow_origins=["http://localhost:8080", "http://localhost:5000"],
-    # 允许所有来源，也可以指定具体的来源，例如 ["http://example.com", "https://example.com"]
+    allow_origins=["*"],  # 允许所有来源，也可以指定具体的来源，例如 ["http://example.com", "https://example.com"]
     allow_credentials=True,  # 允许携带凭证（如cookies）
     allow_methods=["*"],  # 允许所有方法，也可以指定具体的方法，例如 ["GET", "POST", "PUT", "DELETE"]
     allow_headers=["*"],  # 允许所有头部，也可以指定具体的头部，例如 ["Content-Type", "Authorization"]

requirements.txt

@@ -4,5 +4,4 @@ uvicorn~=0.32.0
 pydantic~=2.9.2
 pydantic-settings~=2.6.1
 mysqlclient
-sqlmodel~=0.0.22
-sqlalchemy~=2.0.36
+sqlmodel~=0.0.22

test/test_login_reg.py

@@ -18,7 +18,7 @@ def create_db_and_tables():
 
 # 创建一个测试客户端
 client = TestClient(app)
-session: Session | None = None
+session: Session = None
 
 
 class TestLoginReg(unittest.TestCase):
@@ -69,7 +69,7 @@ class TestLoginReg(unittest.TestCase):
         # 发送登录请求
         response = client.post("/api/s1/login", json={"username": "testuser", "password": "testpassword"})
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(), {'message': 'Login successful', 'role': 1})
+        self.assertEqual(response.json(), {"message": "Login successful"})
 
     def test_register(self):
         # 发送注册请求