diff --git a/backend/app/admin/crud/crud_user.py b/backend/app/admin/crud/crud_user.py index 17bc43fb..b53961a0 100644 --- a/backend/app/admin/crud/crud_user.py +++ b/backend/app/admin/crud/crud_user.py @@ -76,10 +76,10 @@ async def create(self, db: AsyncSession, obj: RegisterUserParam, *, social: bool salt = text_captcha(5) obj.password = await get_hash_password(f'{obj.password}{salt}') dict_obj = obj.model_dump() - dict_obj.update({'salt': salt}) + dict_obj.update({'is_staff': True, 'salt': salt}) else: dict_obj = obj.model_dump() - dict_obj.update({'salt': None}) + dict_obj.update({'is_staff': True, 'salt': None}) new_user = self.model(**dict_obj) db.add(new_user) @@ -163,17 +163,15 @@ async def check_email(self, db: AsyncSession, email: str) -> User | None: """ return await self.select_model_by_column(db, 'email', email) - async def reset_password(self, db: AsyncSession, pk: int, password: str, salt: str) -> int: + async def reset_password(self, db: AsyncSession, pk: int, new_pwd: str) -> int: """ 重置用户密码 :param db: :param pk: - :param password: - :param salt: + :param new_pwd: :return: """ - new_pwd = await get_hash_password(f'{password}{salt}') return await self.update_model(db, pk, {'password': new_pwd}) async def get_list(self, dept: int = None, username: str = None, phone: str = None, status: int = None) -> Select: @@ -249,38 +247,38 @@ async def get_multi_login(self, db: AsyncSession, user_id: int) -> bool: user = await self.get(db, user_id) return user.is_multi_login - async def set_super(self, db: AsyncSession, user_id: int) -> int: + async def set_super(self, db: AsyncSession, user_id: int, _super: bool) -> int: """ 设置用户超级管理员 :param db: :param user_id: + :param _super: :return: """ - super_status = await self.get_super(db, user_id) - return await self.update_model(db, user_id, {'is_superuser': False if super_status else True}) + return await self.update_model(db, user_id, {'is_superuser': _super}) - async def set_staff(self, db: AsyncSession, user_id: int) -> int: + async def set_staff(self, db: AsyncSession, user_id: int, staff: bool) -> int: """ 设置用户后台登录 :param db: :param user_id: + :param staff: :return: """ - staff_status = await self.get_staff(db, user_id) - return await self.update_model(db, user_id, {'is_staff': False if staff_status else True}) + return await self.update_model(db, user_id, {'is_staff': staff}) - async def set_status(self, db: AsyncSession, user_id: int) -> int: + async def set_status(self, db: AsyncSession, user_id: int, status: bool) -> int: """ 设置用户状态 :param db: :param user_id: + :param status: :return: """ - status = await self.get_status(db, user_id) - return await self.update_model(db, user_id, {'status': False if status else True}) + return await self.update_model(db, user_id, {'status': status}) async def set_multi_login(self, db: AsyncSession, user_id: int) -> int: """ diff --git a/backend/app/admin/service/user_service.py b/backend/app/admin/service/user_service.py index e27205b8..8da24f56 100644 --- a/backend/app/admin/service/user_service.py +++ b/backend/app/admin/service/user_service.py @@ -18,7 +18,7 @@ UpdateUserRoleParam, ) from backend.common.exception import errors -from backend.common.security.jwt import get_token, password_verify, superuser_verify +from backend.common.security.jwt import get_hash_password, get_token, password_verify, superuser_verify from backend.core.conf import settings from backend.database.db_mysql import async_db_session from backend.database.db_redis import redis_client @@ -76,7 +76,8 @@ async def pwd_reset(*, request: Request, obj: ResetPasswordParam) -> int: np2 = obj.confirm_password if np1 != np2: raise errors.ForbiddenError(msg='两次密码输入不一致') - count = await user_dao.reset_password(db, request.user.id, obj.new_password, request.user.salt) + new_pwd = await get_hash_password(f'{obj.new_password}{request.user.salt}') + count = await user_dao.reset_password(db, request.user.id, new_pwd) prefix = [ f'{settings.TOKEN_REDIS_PREFIX}:{request.user.id}:', f'{settings.TOKEN_REFRESH_REDIS_PREFIX}:{request.user.id}:', @@ -156,9 +157,11 @@ async def update_permission(*, request: Request, pk: int) -> int: if not await user_dao.get(db, pk): raise errors.NotFoundError(msg='用户不存在') else: - if pk == request.user.id: + user_id = request.user.id + if pk == user_id: raise errors.ForbiddenError(msg='禁止修改自身管理员权限') - count = await user_dao.set_super(db, pk) + super_status = await user_dao.get_super(db, user_id) + count = await user_dao.set_super(db, pk, False if super_status else True) return count @staticmethod @@ -168,9 +171,11 @@ async def update_staff(*, request: Request, pk: int) -> int: if not await user_dao.get(db, pk): raise errors.NotFoundError(msg='用户不存在') else: - if pk == request.user.id: + user_id = request.user.id + if pk == user_id: raise errors.ForbiddenError(msg='禁止修改自身后台管理登陆权限') - count = await user_dao.set_staff(db, pk) + staff_status = await user_dao.get_staff(db, user_id) + count = await user_dao.set_staff(db, pk, False if staff_status else True) return count @staticmethod @@ -180,9 +185,11 @@ async def update_status(*, request: Request, pk: int) -> int: if not await user_dao.get(db, pk): raise errors.NotFoundError(msg='用户不存在') else: - if pk == request.user.id: + user_id = request.user.id + if pk == user_id: raise errors.ForbiddenError(msg='禁止修改自身状态') - count = await user_dao.set_status(db, pk) + status = await user_dao.get_status(db, user_id) + count = await user_dao.set_status(db, pk, False if status else True) return count @staticmethod