From f7692a6db6aeb44c9c45e92065403476b37932b7 Mon Sep 17 00:00:00 2001
From: xiaji <rembme@163.com>
Date: Wed, 28 Jan 2026 21:39:41 +0800
Subject: [PATCH] =?UTF-8?q?feat(views):=20=E4=B8=BA=E6=89=80=E6=9C=89?=
 =?UTF-8?q?=E8=A7=86=E5=9B=BE=E6=B7=BB=E5=8A=A0=E7=99=BB=E5=BD=95=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E8=A3=85=E9=A5=B0=E5=99=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

为保护用户数据安全，防止未授权访问，在所有需要用户认证的视图函数上添加@login_required装饰器
---
 core/views.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/core/views.py b/core/views.py
index 26c703e..08c056a 100644
--- a/core/views.py
+++ b/core/views.py
@@ -88,6 +88,7 @@ def index(request):
     return render(request, 'core/index.html', context)
 
 # 昨日记录视图
+@login_required
 def yesterday_records(request):
     """昨日记录"""
     logger.info("用户访问昨日记录页面")
@@ -109,6 +110,7 @@ def yesterday_records(request):
     return render(request, 'core/yesterday_records.html', context)
 
 # 添加阅读记录
+@login_required
 def add_reading(request):
     """添加阅读记录"""
     if request.method == 'POST':
@@ -126,6 +128,7 @@ def add_reading(request):
     return render(request, 'core/add_reading.html', context)
 
 # 编辑阅读记录
+@login_required
 def edit_reading(request, pk):
     """编辑阅读记录"""
     reading = get_object_or_404(ReadingRecord, pk=pk)
@@ -142,6 +145,7 @@ def edit_reading(request, pk):
     return render(request, 'core/edit_reading.html', context)
 
 # 删除阅读记录
+@login_required
 def delete_reading(request, pk):
     """删除阅读记录"""
     reading = get_object_or_404(ReadingRecord, pk=pk)
@@ -154,6 +158,7 @@ def delete_reading(request, pk):
     return render(request, 'core/delete_reading.html', context)
 
 # 添加感悟记录
+@login_required
 def add_insight(request):
     """添加感悟记录"""
     family_members = FamilyMember.objects.all()
@@ -172,6 +177,7 @@ def add_insight(request):
     return render(request, 'core/add_insight.html', context)
 
 # 编辑感悟记录
+@login_required
 def edit_insight(request, pk):
     """编辑感悟记录"""
     insight = get_object_or_404(InsightRecord, pk=pk)
@@ -189,6 +195,7 @@ def edit_insight(request, pk):
     return render(request, 'core/edit_insight.html', context)
 
 # 删除感悟记录
+@login_required
 def delete_insight(request, pk):
     """删除感悟记录"""
     insight = get_object_or_404(InsightRecord, pk=pk)
@@ -201,6 +208,7 @@ def delete_insight(request, pk):
     return render(request, 'core/delete_insight.html', context)
 
 # 今日记录视图
+@login_required
 def today_records(request):
     """今日记录"""
     logger.info("用户访问今日记录页面")
@@ -220,6 +228,7 @@ def today_records(request):
     
     return render(request, 'core/today_records.html', context)
 
+@login_required
 # 添加今日阅读记录
 def add_today_reading(request):
     """添加今日阅读记录"""
@@ -266,6 +275,7 @@ def delete_today_reading(request, pk):
     return render(request, 'core/delete_reading.html', context)
 
 # 添加今日感悟记录
+@login_required
 def add_today_insight(request):
     """添加今日感悟记录"""
     family_members = FamilyMember.objects.all()
@@ -346,6 +356,7 @@ def add_summary(request):
     return render(request, 'core/add_summary.html', context)
 
 # 编辑汇总记录
+@login_required
 def edit_summary(request, pk):
     """编辑汇总记录"""
     summary = get_object_or_404(Summary, pk=pk)
@@ -364,6 +375,7 @@ def edit_summary(request, pk):
     return render(request, 'core/edit_summary.html', context)
 
 # 删除汇总记录
+@login_required
 def delete_summary(request, pk):
     """删除汇总记录"""
     summary = get_object_or_404(Summary, pk=pk)
@@ -376,6 +388,7 @@ def delete_summary(request, pk):
     return render(request, 'core/delete_summary.html', context)
 
 # 家庭事项视图
+@login_required
 def family_tasks(request):
     """家庭事项"""
     logger.info("用户访问家庭事项页面")
@@ -419,6 +432,7 @@ def edit_family_task(request, pk):
     return render(request, 'core/edit_family_task.html', context)
 
 # 删除家庭事项
+@login_required
 def delete_family_task(request, pk):
     """删除家庭事项"""
     task = get_object_or_404(FamilyTask, pk=pk)
@@ -447,6 +461,7 @@ def today_plan(request):
     return render(request, 'core/today_plan.html', context)
 
 # 添加今日计划
+@login_required
 def add_today_plan(request):
     """添加今日计划"""
     family_members = FamilyMember.objects.all()
@@ -492,6 +507,7 @@ def delete_today_plan(request, pk):
     return render(request, 'core/delete_today_plan.html', context)
 
 # 切换今日计划状态
+@login_required
 def toggle_today_plan(request, pk):
     """切换今日计划状态"""
     plan = get_object_or_404(TodayPlan, pk=pk)
@@ -507,6 +523,7 @@ def toggle_today_plan(request, pk):
     return redirect('today_plan')
 
 # 生成报告
+@login_required
 def generate_report(request):
     """生成报告"""
     logger.info("用户访问报告生成页面")
@@ -588,6 +605,7 @@ def view_report(request, date):
     return render(request, 'core/report.html', context)
 
 # 生成PDF报告
+@login_required
 def generate_pdf_report(request, date):
     """生成PDF报告"""
     if not is_weasyprint_available():
@@ -679,6 +697,7 @@ def preview_pdf_report(request, date):
         return HttpResponse(f"预览PDF报告失败: {str(e)}", status=500)
 
 # 系统配置
+@login_required
 def system_settings(request):
     """系统配置"""
     logger.info("用户访问系统配置页面")
@@ -778,6 +797,7 @@ def send_email(request):
     return send_email_view(request)
 
 # PDF文件列表
+@login_required
 def pdf_list(request):
     """显示服务器上已有的PDF文件列表"""
     logger.info("用户访问PDF文件列表页面")