2025-11-28 01:06:01 +08:00
|
|
|
|
from typing import Any, List, Optional
|
|
|
|
|
|
from fastapi import APIRouter, Body, Depends, HTTPException, Query
|
2025-11-26 21:11:12 +08:00
|
|
|
|
from fastapi.encoders import jsonable_encoder
|
|
|
|
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
|
|
from sqlalchemy.future import select
|
2025-11-28 01:06:01 +08:00
|
|
|
|
from sqlalchemy import func, or_
|
2025-11-26 21:11:12 +08:00
|
|
|
|
|
|
|
|
|
|
from app.api import deps
|
|
|
|
|
|
from app.core import security
|
|
|
|
|
|
from app.db.session import get_db
|
|
|
|
|
|
from app.models.user import User
|
2025-11-28 01:06:01 +08:00
|
|
|
|
from app.schemas.user import User as UserSchema, UserCreate, UserUpdate, UserListResponse
|
2025-11-26 21:11:12 +08:00
|
|
|
|
|
|
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
|
2025-11-28 01:06:01 +08:00
|
|
|
|
@router.get("/", response_model=UserListResponse)
|
2025-11-26 21:11:12 +08:00
|
|
|
|
async def read_users(
|
|
|
|
|
|
db: AsyncSession = Depends(get_db),
|
2025-11-28 01:06:01 +08:00
|
|
|
|
skip: int = Query(0, ge=0),
|
|
|
|
|
|
limit: int = Query(20, ge=1, le=100),
|
|
|
|
|
|
search: Optional[str] = Query(None, description="搜索关键词"),
|
|
|
|
|
|
role: Optional[str] = Query(None, description="角色筛选"),
|
|
|
|
|
|
is_active: Optional[bool] = Query(None, description="状态筛选"),
|
2025-11-26 21:11:12 +08:00
|
|
|
|
current_user: User = Depends(deps.get_current_user),
|
|
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
2025-11-28 01:06:01 +08:00
|
|
|
|
获取用户列表(支持分页、搜索、筛选)
|
2025-11-26 21:11:12 +08:00
|
|
|
|
"""
|
2025-11-28 01:06:01 +08:00
|
|
|
|
query = select(User)
|
|
|
|
|
|
count_query = select(func.count(User.id))
|
|
|
|
|
|
|
|
|
|
|
|
# 搜索条件
|
|
|
|
|
|
if search:
|
|
|
|
|
|
search_filter = or_(
|
|
|
|
|
|
User.email.ilike(f"%{search}%"),
|
|
|
|
|
|
User.full_name.ilike(f"%{search}%"),
|
|
|
|
|
|
User.phone.ilike(f"%{search}%")
|
|
|
|
|
|
)
|
|
|
|
|
|
query = query.where(search_filter)
|
|
|
|
|
|
count_query = count_query.where(search_filter)
|
|
|
|
|
|
|
|
|
|
|
|
# 角色筛选
|
|
|
|
|
|
if role:
|
|
|
|
|
|
query = query.where(User.role == role)
|
|
|
|
|
|
count_query = count_query.where(User.role == role)
|
|
|
|
|
|
|
|
|
|
|
|
# 状态筛选
|
|
|
|
|
|
if is_active is not None:
|
|
|
|
|
|
query = query.where(User.is_active == is_active)
|
|
|
|
|
|
count_query = count_query.where(User.is_active == is_active)
|
|
|
|
|
|
|
|
|
|
|
|
# 获取总数
|
|
|
|
|
|
total_result = await db.execute(count_query)
|
|
|
|
|
|
total = total_result.scalar()
|
|
|
|
|
|
|
|
|
|
|
|
# 分页查询
|
|
|
|
|
|
query = query.order_by(User.created_at.desc()).offset(skip).limit(limit)
|
|
|
|
|
|
result = await db.execute(query)
|
2025-11-26 21:11:12 +08:00
|
|
|
|
users = result.scalars().all()
|
2025-11-28 01:06:01 +08:00
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
|
"users": users,
|
|
|
|
|
|
"total": total,
|
|
|
|
|
|
"skip": skip,
|
|
|
|
|
|
"limit": limit
|
|
|
|
|
|
}
|
2025-11-26 21:11:12 +08:00
|
|
|
|
|
|
|
|
|
|
@router.post("/", response_model=UserSchema)
|
|
|
|
|
|
async def create_user(
|
|
|
|
|
|
*,
|
|
|
|
|
|
db: AsyncSession = Depends(get_db),
|
|
|
|
|
|
user_in: UserCreate,
|
2025-11-28 01:06:01 +08:00
|
|
|
|
current_user: User = Depends(deps.get_current_active_superuser),
|
2025-11-26 21:11:12 +08:00
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
2025-11-28 01:06:01 +08:00
|
|
|
|
创建新用户(仅管理员)
|
2025-11-26 21:11:12 +08:00
|
|
|
|
"""
|
|
|
|
|
|
result = await db.execute(select(User).where(User.email == user_in.email))
|
|
|
|
|
|
user = result.scalars().first()
|
|
|
|
|
|
if user:
|
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
|
status_code=400,
|
2025-11-28 01:06:01 +08:00
|
|
|
|
detail="该邮箱已被注册",
|
2025-11-26 21:11:12 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
db_user = User(
|
|
|
|
|
|
email=user_in.email,
|
|
|
|
|
|
hashed_password=security.get_password_hash(user_in.password),
|
|
|
|
|
|
full_name=user_in.full_name,
|
2025-11-28 01:06:01 +08:00
|
|
|
|
phone=user_in.phone,
|
|
|
|
|
|
role=user_in.role,
|
|
|
|
|
|
is_active=user_in.is_active if user_in.is_active is not None else True,
|
|
|
|
|
|
is_superuser=user_in.is_superuser if user_in.is_superuser is not None else False,
|
2025-11-26 21:11:12 +08:00
|
|
|
|
)
|
|
|
|
|
|
db.add(db_user)
|
|
|
|
|
|
await db.commit()
|
|
|
|
|
|
await db.refresh(db_user)
|
|
|
|
|
|
return db_user
|
|
|
|
|
|
|
|
|
|
|
|
@router.get("/me", response_model=UserSchema)
|
|
|
|
|
|
async def read_user_me(
|
|
|
|
|
|
current_user: User = Depends(deps.get_current_user),
|
|
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
2025-11-28 01:06:01 +08:00
|
|
|
|
获取当前用户信息
|
2025-11-26 21:11:12 +08:00
|
|
|
|
"""
|
|
|
|
|
|
return current_user
|
|
|
|
|
|
|
2025-11-28 01:06:01 +08:00
|
|
|
|
@router.put("/me", response_model=UserSchema)
|
|
|
|
|
|
async def update_user_me(
|
|
|
|
|
|
*,
|
|
|
|
|
|
db: AsyncSession = Depends(get_db),
|
|
|
|
|
|
user_in: UserUpdate,
|
|
|
|
|
|
current_user: User = Depends(deps.get_current_user),
|
|
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
|
|
|
|
|
更新当前用户信息
|
|
|
|
|
|
"""
|
|
|
|
|
|
update_data = user_in.model_dump(exclude_unset=True)
|
|
|
|
|
|
|
|
|
|
|
|
# 普通用户不能修改自己的角色和超级管理员状态
|
|
|
|
|
|
update_data.pop('role', None)
|
|
|
|
|
|
update_data.pop('is_superuser', None)
|
|
|
|
|
|
update_data.pop('is_active', None)
|
|
|
|
|
|
|
|
|
|
|
|
# 如果更新密码
|
|
|
|
|
|
if 'password' in update_data and update_data['password']:
|
|
|
|
|
|
update_data['hashed_password'] = security.get_password_hash(update_data['password'])
|
|
|
|
|
|
update_data.pop('password', None)
|
|
|
|
|
|
|
|
|
|
|
|
for field, value in update_data.items():
|
|
|
|
|
|
setattr(current_user, field, value)
|
|
|
|
|
|
|
|
|
|
|
|
await db.commit()
|
|
|
|
|
|
await db.refresh(current_user)
|
|
|
|
|
|
return current_user
|
|
|
|
|
|
|
|
|
|
|
|
@router.get("/{user_id}", response_model=UserSchema)
|
|
|
|
|
|
async def read_user(
|
|
|
|
|
|
user_id: str,
|
|
|
|
|
|
db: AsyncSession = Depends(get_db),
|
|
|
|
|
|
current_user: User = Depends(deps.get_current_user),
|
|
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
|
|
|
|
|
获取指定用户信息
|
|
|
|
|
|
"""
|
|
|
|
|
|
result = await db.execute(select(User).where(User.id == user_id))
|
|
|
|
|
|
user = result.scalars().first()
|
|
|
|
|
|
if not user:
|
|
|
|
|
|
raise HTTPException(status_code=404, detail="用户不存在")
|
|
|
|
|
|
return user
|
|
|
|
|
|
|
|
|
|
|
|
@router.put("/{user_id}", response_model=UserSchema)
|
|
|
|
|
|
async def update_user(
|
|
|
|
|
|
user_id: str,
|
|
|
|
|
|
*,
|
|
|
|
|
|
db: AsyncSession = Depends(get_db),
|
|
|
|
|
|
user_in: UserUpdate,
|
|
|
|
|
|
current_user: User = Depends(deps.get_current_active_superuser),
|
|
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
|
|
|
|
|
更新用户信息(仅管理员)
|
|
|
|
|
|
"""
|
|
|
|
|
|
result = await db.execute(select(User).where(User.id == user_id))
|
|
|
|
|
|
user = result.scalars().first()
|
|
|
|
|
|
if not user:
|
|
|
|
|
|
raise HTTPException(status_code=404, detail="用户不存在")
|
|
|
|
|
|
|
|
|
|
|
|
update_data = user_in.model_dump(exclude_unset=True)
|
|
|
|
|
|
|
|
|
|
|
|
# 如果更新密码
|
|
|
|
|
|
if 'password' in update_data and update_data['password']:
|
|
|
|
|
|
update_data['hashed_password'] = security.get_password_hash(update_data['password'])
|
|
|
|
|
|
update_data.pop('password', None)
|
|
|
|
|
|
|
|
|
|
|
|
for field, value in update_data.items():
|
|
|
|
|
|
setattr(user, field, value)
|
|
|
|
|
|
|
|
|
|
|
|
await db.commit()
|
|
|
|
|
|
await db.refresh(user)
|
|
|
|
|
|
return user
|
|
|
|
|
|
|
|
|
|
|
|
@router.delete("/{user_id}")
|
|
|
|
|
|
async def delete_user(
|
|
|
|
|
|
user_id: str,
|
|
|
|
|
|
db: AsyncSession = Depends(get_db),
|
|
|
|
|
|
current_user: User = Depends(deps.get_current_active_superuser),
|
|
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
|
|
|
|
|
删除用户(仅管理员)
|
|
|
|
|
|
"""
|
|
|
|
|
|
if user_id == current_user.id:
|
|
|
|
|
|
raise HTTPException(status_code=400, detail="不能删除自己的账户")
|
|
|
|
|
|
|
|
|
|
|
|
result = await db.execute(select(User).where(User.id == user_id))
|
|
|
|
|
|
user = result.scalars().first()
|
|
|
|
|
|
if not user:
|
|
|
|
|
|
raise HTTPException(status_code=404, detail="用户不存在")
|
|
|
|
|
|
|
|
|
|
|
|
await db.delete(user)
|
|
|
|
|
|
await db.commit()
|
|
|
|
|
|
return {"message": "用户已删除"}
|
|
|
|
|
|
|
|
|
|
|
|
@router.post("/{user_id}/toggle-status", response_model=UserSchema)
|
|
|
|
|
|
async def toggle_user_status(
|
|
|
|
|
|
user_id: str,
|
|
|
|
|
|
db: AsyncSession = Depends(get_db),
|
|
|
|
|
|
current_user: User = Depends(deps.get_current_active_superuser),
|
|
|
|
|
|
) -> Any:
|
|
|
|
|
|
"""
|
|
|
|
|
|
切换用户状态(启用/禁用)
|
|
|
|
|
|
"""
|
|
|
|
|
|
if user_id == current_user.id:
|
|
|
|
|
|
raise HTTPException(status_code=400, detail="不能禁用自己的账户")
|
|
|
|
|
|
|
|
|
|
|
|
result = await db.execute(select(User).where(User.id == user_id))
|
|
|
|
|
|
user = result.scalars().first()
|
|
|
|
|
|
if not user:
|
|
|
|
|
|
raise HTTPException(status_code=404, detail="用户不存在")
|
|
|
|
|
|
|
|
|
|
|
|
user.is_active = not user.is_active
|
|
|
|
|
|
await db.commit()
|
|
|
|
|
|
await db.refresh(user)
|
|
|
|
|
|
return user
|
|
|
|
|
|
|
2025-11-27 18:01:57 +08:00
|
|
|
|
|
2025-12-11 19:09:10 +08:00
|
|
|
|
|
