feat(admin): owner 端用户管理 API + 页面
- 后端新增 /admin/users 路由(仅 owner):
- GET /admin/users 列出全部用户
- POST /admin/users 创建新用户(固定 role=member,API 层禁止提权)
- PATCH /admin/users/{id} 重置密码 / 启停 / 改昵称 / 改邮箱
(role 永远不可改,owner 不能禁用自己)
- DELETE /admin/users/{id} 软删除(is_active=False,保留外键完整性)
- 用户管理用软删除而非硬删除,理由:
bookmarks / subscriptions / api_tokens / article_reads 都有 user_id 外键,
硬删会污染历史数据;禁用后用户登不上,效果等同删除且可恢复
- 后端永远不返回 password_hash(UserOut 不含该字段)
- 前端 AdminUsers.vue + 路由 /admin/users + 侧栏菜单'用户管理(Admin)'
操作按钮对自己 / owner 自动隐藏(自锁 + 防误改,后端兜底拒绝)
- main.py 注册 admin_users 路由
- schemas/user.py 提供 UserOut/UserCreate/UserUpdate/UserDeleteResult
- articles.ts adminApi 加 listUsers / createUser / updateUser / deleteUser + UserOut 类型
无 alembic 迁移(user 表 role / is_active / email / display_name 字段早就有)
This commit is contained in:
xiaji
64
backend/app/schemas/user.py
Normal file
64
backend/app/schemas/user.py
Normal file
@@ -0,0 +1,64 @@
|
||||
"""User schemas(用于 owner 端管理用户)。"""
|
||||
from __future__ import annotations
|
||||
|
||||
import re
|
||||
from datetime import datetime
|
||||
|
||||
from pydantic import BaseModel, ConfigDict, EmailStr, Field, field_validator
|
||||
|
||||
from app.models.user import UserRole
|
||||
|
||||
# 用户名规则:3-32 字符,小写字母 / 数字 / 下划线 / 连字符;首字符必须为字母或数字
|
||||
# 与 create_user.py 的 CLI 行为保持一致(允许任意大小写),但前端界面化时引导用小写
|
||||
_USERNAME_RE = re.compile(r"^[a-z0-9][a-z0-9_-]{2,31}$")
|
||||
|
||||
|
||||
class UserOut(BaseModel):
|
||||
"""用户列表 / 详情(永远不返回 password_hash)。"""
|
||||
|
||||
model_config = ConfigDict(from_attributes=True)
|
||||
|
||||
id: int
|
||||
username: str
|
||||
email: str | None = None
|
||||
role: UserRole
|
||||
is_active: bool
|
||||
display_name: str | None = None
|
||||
created_at: datetime
|
||||
last_login_at: datetime | None = None
|
||||
|
||||
|
||||
class UserCreate(BaseModel):
|
||||
"""owner 创建新用户。固定 role=member(不允许提权)。"""
|
||||
|
||||
username: str = Field(min_length=3, max_length=32)
|
||||
password: str = Field(min_length=6, max_length=128)
|
||||
email: EmailStr | None = None
|
||||
display_name: str | None = Field(default=None, max_length=128)
|
||||
|
||||
@field_validator("username")
|
||||
@classmethod
|
||||
def _v_username(cls, v: str) -> str:
|
||||
if not _USERNAME_RE.match(v):
|
||||
raise ValueError(
|
||||
"用户名只能包含小写字母、数字、下划线、连字符,且首字符必须为字母或数字(3-32 字符)"
|
||||
)
|
||||
return v
|
||||
|
||||
|
||||
class UserUpdate(BaseModel):
|
||||
"""owner 修改用户。重置密码 / 启停 / 改昵称 / 改邮箱。role 永远不可改(防越权)。"""
|
||||
|
||||
password: str | None = Field(default=None, min_length=6, max_length=128)
|
||||
is_active: bool | None = None
|
||||
email: EmailStr | None = None
|
||||
display_name: str | None = Field(default=None, max_length=128)
|
||||
|
||||
|
||||
class UserDeleteResult(BaseModel):
|
||||
"""软删除响应 — 实际是禁用,user_id 用于前端确认。"""
|
||||
|
||||
id: int
|
||||
username: str
|
||||
is_active: bool
|
||||
detail: str
|
||||
Reference in New Issue
Block a user