update. 完善用户相关增删改查接口以及Schema模型

This commit is contained in:
2026-04-11 05:29:27 +08:00
parent a9de2d1f68
commit 7dd59de036
8 changed files with 243 additions and 130 deletions
+81 -43
View File
@@ -1,50 +1,100 @@
import secrets
from typing import List
from django.db.models import Prefetch
from django.contrib.auth.hashers import make_password
from django.db import IntegrityError
from django.db.models import Q
from django.shortcuts import get_object_or_404
from loguru import logger
from ninja import Router
from ninja.errors import HttpError
from ninja.pagination import paginate, PageNumberPagination
from users.models import User, Role
from users.schema import UserUpdate, UserOut, UserCreate
from users.models import User, Department
from users.permission import require_permissions
from users.schema import UserUpdate, UserOut, UserCreate, UserResetPassword
from utils.dept_utils import get_dept_children_ids
router = Router(tags=['users'])
@router.get("/", response=List[UserOut], summary="获取用户列表")
@paginate(PageNumberPagination, page_size=20)
def list_users(request):
# if not has_permission(request.auth.id, "user:list"):
# raise HttpError(403, "权限不足")
return User.objects.all()
@require_permissions("user:list")
def list_users(request, dept_id: int = None, q: str = None):
users = User.objects.all()
logger.debug(f"users: {len(users)}")
logger.debug(f"dept_id: {dept_id}, q: {q}")
if dept_id:
current_dept = get_object_or_404(Department, id=dept_id)
dept_ids = get_dept_children_ids(dept_id)
if current_dept.is_root:
# 包含未分配用户
users = users.filter(Q(dept_id__in=dept_ids) | Q(dept__isnull=True))
else:
users = users.filter(dept_id__in=dept_ids)
logger.debug(f"users: {len(users)}")
if q:
users = users.filter(
Q(username__icontains=q) |
Q(cname__icontains=q) |
Q(phone__icontains=q)
)
logger.debug(f"users: {len(users)}")
return users.order_by("dept_id")
@router.get("/", response=dict)
def list_users(request, page: int = 1, page_size: int = 10, username: str = None):
qs = User.objects.all().order_by("-id")
@router.post("/")
@require_permissions("user:create")
def create_user(request, data: UserCreate):
try:
if not data.password:
data.password = secrets.token_urlsafe(8)[:8]
if username:
qs = qs.filter(username__icontains=username)
logger.debug(f"用户名:{data.username}, 密码:{data.password}")
user = User.objects.create_user(
username=data.username,
email=data.email,
password=make_password(data.password)
)
total = qs.count()
start = (page - 1) * page_size
end = start + page_size
for k, v in data.dict(exclude={"password", "roles"}).items():
setattr(user, k, v)
items = list(qs[start:end].values(
"id", "username", "cname", "phone", "email",
"avatar", "dept",
"is_active", "is_staff", "is_superuser",
"last_login", "date_joined"
))
user.save()
# roles 需要手动补
for i, obj in enumerate(qs[start:end]):
items[i]["roles"] = list(obj.roles.values_list("id", flat=True))
if data.roles:
user.roles.set(data.roles)
return {"items": items, "count": total}
return {
"detail": f"用户创建成功!密码:{data.password}"
}
except IntegrityError as e:
raise HttpError(500, "用户已存在!")
@router.post("/reset-password/", summary="重置用户密码")
@require_permissions("user:reset_password")
def reset_password(request, payload: UserResetPassword):
user = get_object_or_404(User, id=payload.user_id)
if payload.new_password:
new_pass = payload.new_password
else:
new_pass = secrets.token_urlsafe(8)[:12] # 自动生成
user.password = make_password(new_pass)
user.save()
# 返回新密码(仅用于通知,前端可显示)
return {"detail": f"密码已重置: {new_pass}"}
@router.get("/{id}", response=UserOut)
@require_permissions("user:view")
def get_user(request, id: int):
obj = get_object_or_404(User, id=id)
data = obj.__dict__
@@ -52,25 +102,8 @@ def get_user(request, id: int):
return data
@router.post("/", response=UserOut)
def create_user(request, data: UserCreate):
user = User.objects.create_user(
username=data.username,
password=data.password
)
for k, v in data.dict(exclude={"password"}).items():
setattr(user, k, v)
user.save()
if data.roles:
user.roles.set(data.roles)
return user
@router.put("/{id}")
@require_permissions("user:update")
def update_user(request, id: int, data: UserUpdate):
user = get_object_or_404(User, id=id)
@@ -78,6 +111,8 @@ def update_user(request, id: int, data: UserUpdate):
user.set_password(data.password)
for k, v in data.dict(exclude_unset=True, exclude={"password", "roles"}).items():
if k == "dept":
k = "dept_id"
setattr(user, k, v)
user.save()
@@ -85,10 +120,13 @@ def update_user(request, id: int, data: UserUpdate):
if data.roles is not None:
user.roles.set(data.roles)
if data.password:
return {"detail": f"密码已重置: {data.password}"}
return {"success": True}
@router.delete("/{id}")
@require_permissions("user:delete")
def delete_user(request, id: int):
User.objects.filter(id=id).delete()
return {"success": True}