egg/TEMP_spec_system_V3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4f7f46b07ac59368087a4ec73ddc352fe2b0ca2a
TEMP_spec_system_V3/routes/admin.py
beabigegg 4f7f46b07a 2ND
2025-08-28 08:59:46 +08:00

96 lines
3.4 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

from flask import Blueprint, render_template, request, redirect, url_for, flash
from flask_login import login_required, current_user
from models import User, db
from utils import admin_required
admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
@admin_bp.route('/users')
@login_required
@admin_required
def user_list():
"""顯示所有使用者列表,供管理員管理權限。"""
# MySQL 不支援 nullslast(),改用 COALESCE 處理 NULL 值
users = User.query.order_by(User.last_login.desc(), User.username).all()
return render_template('user_management.html', users=users)
@admin_bp.route('/users/edit/<int:user_id>', methods=['POST'])
@login_required
@admin_required
def edit_user_role(user_id):
"""編輯使用者權限。僅允許修改角色。"""
user = User.query.get_or_404(user_id)
new_role = request.form.get('role')
if new_role not in ['viewer', 'editor', 'admin']:
flash('無效的權限設定!', 'danger')
return redirect(url_for('admin.user_list'))
# 防止管理員修改自己的角色導致失去管理權限
if user.id == current_user.id and user.role == 'admin' and new_role != 'admin':
flash('無法變更自己的管理員權限!', 'danger')
return redirect(url_for('admin.user_list'))
old_role = user.role
user.role = new_role
db.session.commit()
flash(f"使用者 '{user.username}' 的權限已從 '{old_role}' 更新為 '{new_role}'", 'success')
return redirect(url_for('admin.user_list'))
@admin_bp.route('/users/delete/<int:user_id>', methods=['POST'])
@login_required
@admin_required
def delete_user(user_id):
"""刪除使用者帳號。"""
# 避免管理員刪除自己
if user_id == current_user.id:
flash('無法刪除自己的帳號!', 'danger')
return redirect(url_for('admin.user_list'))
user = User.query.get_or_404(user_id)
username = user.username
# 檢查是否為最後一個管理員
admin_count = User.query.filter_by(role='admin').count()
if user.role == 'admin' and admin_count <= 1:
flash('無法刪除最後一個管理員帳號!', 'danger')
return redirect(url_for('admin.user_list'))
db.session.delete(user)
db.session.commit()
flash(f"使用者 '{username}' 已被刪除。", 'success')
return redirect(url_for('admin.user_list'))
@admin_bp.route('/users/set-admin', methods=['POST'])
@login_required
@admin_required
def set_admin():
"""設定特定AD帳號為管理員權限。"""
username = request.form.get('username', '').strip()
if not username:
flash('請輸入有效的AD帳號', 'danger')
return redirect(url_for('admin.user_list'))
# 查找或建立使用者
user = User.query.filter_by(username=username).first()
if not user:
# 建立新的使用者記錄
user = User(
username=username,
password_hash='ldap_authenticated', # LDAP使用者不需要本地密碼
role='admin'
)
db.session.add(user)
db.session.commit()
flash(f"已為 AD 帳號 '{username}' 建立管理員權限。", 'success')
else:
# 更新現有使用者權限
old_role = user.role
user.role = 'admin'
db.session.commit()
flash(f"已將 '{username}' 的權限從 '{old_role}' 更新為 'admin'", 'success')
return redirect(url_for('admin.user_list'))
Reference in New Issue View Git Blame Copy Permalink