fastapi-practices · wu-clan · Jul 23, 2024 · Jul 23, 2024 · Jul 23, 2024
diff --git a/backend/app/admin/crud/crud_user.py b/backend/app/admin/crud/crud_user.py
@@ -76,10 +76,10 @@ async def create(self, db: AsyncSession, obj: RegisterUserParam, *, social: bool
             salt = text_captcha(5)
             obj.password = await get_hash_password(f'{obj.password}{salt}')
             dict_obj = obj.model_dump()
-            dict_obj.update({'salt': salt})
+            dict_obj.update({'is_staff': True, 'salt': salt})
         else:
             dict_obj = obj.model_dump()
-            dict_obj.update({'salt': None})
+            dict_obj.update({'is_staff': True, 'salt': None})
         new_user = self.model(**dict_obj)
         db.add(new_user)
 
@@ -163,17 +163,15 @@ async def check_email(self, db: AsyncSession, email: str) -> User | None:
         """
         return await self.select_model_by_column(db, 'email', email)
 
-    async def reset_password(self, db: AsyncSession, pk: int, password: str, salt: str) -> int:
+    async def reset_password(self, db: AsyncSession, pk: int, new_pwd: str) -> int:
         """
         重置用户密码
 
         :param db:
         :param pk:
-        :param password:
-        :param salt:
+        :param new_pwd:
         :return:
         """
-        new_pwd = await get_hash_password(f'{password}{salt}')
         return await self.update_model(db, pk, {'password': new_pwd})
 
     async def get_list(self, dept: int = None, username: str = None, phone: str = None, status: int = None) -> Select:
@@ -249,38 +247,38 @@ async def get_multi_login(self, db: AsyncSession, user_id: int) -> bool:
         user = await self.get(db, user_id)
         return user.is_multi_login
 
-    async def set_super(self, db: AsyncSession, user_id: int) -> int:
+    async def set_super(self, db: AsyncSession, user_id: int, _super: bool) -> int:
         """
         设置用户超级管理员
 
         :param db:
         :param user_id:
+        :param _super:
         :return:
         """
-        super_status = await self.get_super(db, user_id)
-        return await self.update_model(db, user_id, {'is_superuser': False if super_status else True})
+        return await self.update_model(db, user_id, {'is_superuser': _super})
 
-    async def set_staff(self, db: AsyncSession, user_id: int) -> int:
+    async def set_staff(self, db: AsyncSession, user_id: int, staff: bool) -> int:
         """
         设置用户后台登录
 
         :param db:
         :param user_id:
+        :param staff:
         :return:
         """
-        staff_status = await self.get_staff(db, user_id)
-        return await self.update_model(db, user_id, {'is_staff': False if staff_status else True})
+        return await self.update_model(db, user_id, {'is_staff': staff})
 
-    async def set_status(self, db: AsyncSession, user_id: int) -> int:
+    async def set_status(self, db: AsyncSession, user_id: int, status: bool) -> int:
         """
         设置用户状态
 
         :param db:
         :param user_id:
+        :param status:
         :return:
         """
-        status = await self.get_status(db, user_id)
-        return await self.update_model(db, user_id, {'status': False if status else True})
+        return await self.update_model(db, user_id, {'status': status})
 
     async def set_multi_login(self, db: AsyncSession, user_id: int) -> int:
         """

diff --git a/backend/app/admin/service/user_service.py b/backend/app/admin/service/user_service.py
@@ -18,7 +18,7 @@
     UpdateUserRoleParam,
 )
 from backend.common.exception import errors
-from backend.common.security.jwt import get_token, password_verify, superuser_verify
+from backend.common.security.jwt import get_hash_password, get_token, password_verify, superuser_verify
 from backend.core.conf import settings
 from backend.database.db_mysql import async_db_session
 from backend.database.db_redis import redis_client
@@ -76,7 +76,8 @@ async def pwd_reset(*, request: Request, obj: ResetPasswordParam) -> int:
             np2 = obj.confirm_password
             if np1 != np2:
                 raise errors.ForbiddenError(msg='两次密码输入不一致')
-            count = await user_dao.reset_password(db, request.user.id, obj.new_password, request.user.salt)
+            new_pwd = await get_hash_password(f'{obj.new_password}{request.user.salt}')
+            count = await user_dao.reset_password(db, request.user.id, new_pwd)
             prefix = [
                 f'{settings.TOKEN_REDIS_PREFIX}:{request.user.id}:',
                 f'{settings.TOKEN_REFRESH_REDIS_PREFIX}:{request.user.id}:',
@@ -156,9 +157,11 @@ async def update_permission(*, request: Request, pk: int) -> int:
             if not await user_dao.get(db, pk):
                 raise errors.NotFoundError(msg='用户不存在')
             else:
-                if pk == request.user.id:
+                user_id = request.user.id
+                if pk == user_id:
                     raise errors.ForbiddenError(msg='禁止修改自身管理员权限')
-                count = await user_dao.set_super(db, pk)
+                super_status = await user_dao.get_super(db, user_id)
+                count = await user_dao.set_super(db, pk, False if super_status else True)
                 return count
 
     @staticmethod
@@ -168,9 +171,11 @@ async def update_staff(*, request: Request, pk: int) -> int:
             if not await user_dao.get(db, pk):
                 raise errors.NotFoundError(msg='用户不存在')
             else:
-                if pk == request.user.id:
+                user_id = request.user.id
+                if pk == user_id:
                     raise errors.ForbiddenError(msg='禁止修改自身后台管理登陆权限')
-                count = await user_dao.set_staff(db, pk)
+                staff_status = await user_dao.get_staff(db, user_id)
+                count = await user_dao.set_staff(db, pk, False if staff_status else True)
                 return count
 
     @staticmethod
@@ -180,9 +185,11 @@ async def update_status(*, request: Request, pk: int) -> int:
             if not await user_dao.get(db, pk):
                 raise errors.NotFoundError(msg='用户不存在')
             else:
-                if pk == request.user.id:
+                user_id = request.user.id
+                if pk == user_id:
                     raise errors.ForbiddenError(msg='禁止修改自身状态')
-                count = await user_dao.set_status(db, pk)
+                status = await user_dao.get_status(db, user_id)
+                count = await user_dao.set_status(db, pk, False if status else True)
                 return count
 
     @staticmethod