6th

2025-09-01 16:42:41 +08:00
parent 22a231d78c
commit 00061adeb7
23 changed files with 858 additions and 3584 deletions
--- a/backend/models.py
+++ b/backend/models.py
@@ -85,19 +85,19 @@ class TodoItem(db.Model):
    
    def can_edit(self, user_ad):
        """Check if user can edit this todo"""
-        if self.creator_ad == user_ad:
-            return True
-        return any(r.ad_account == user_ad for r in self.responsible_users)
+        # Only creator can edit
+        return self.creator_ad == user_ad
    
    def can_view(self, user_ad):
        """Check if user can view this todo"""
        # Public todos can be viewed by anyone
        if self.is_public:
            return True
-        # Private todos can be viewed by creator, responsible users, and followers
-        if self.can_edit(user_ad):
+        # Private todos can be viewed by creator and responsible users only
+        if self.creator_ad == user_ad:
            return True
-        return any(f.ad_account == user_ad for f in self.followers)
+        # Check if user is a responsible user
+        return any(r.ad_account == user_ad for r in self.responsible_users)
    
    def can_follow(self, user_ad):
        """Check if user can follow this todo"""
@@ -154,7 +154,8 @@ class TodoAuditLog(db.Model):
    actor_ad = db.Column(db.String(128), nullable=False)
    todo_id = db.Column(CHAR(36), db.ForeignKey('todo_item.id', ondelete='SET NULL'))
    action = db.Column(ENUM('CREATE', 'UPDATE', 'DELETE', 'COMPLETE', 'IMPORT', 
-                           'MAIL_SENT', 'MAIL_FAIL', 'FIRE_EMAIL', 'DIGEST_EMAIL', 'BULK_REMINDER'), nullable=False)
+                           'MAIL_SENT', 'MAIL_FAIL', 'FIRE_EMAIL', 'DIGEST_EMAIL', 'BULK_REMINDER',
+                           'FOLLOW', 'UNFOLLOW'), nullable=False)
    detail = db.Column(JSON)
    created_at = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)