From 1257aeff5d6a5611c0c84fabffeda5a3746d5fd8 Mon Sep 17 00:00:00 2001
From: Franklin-F <dewujie64@gmail.com>
Date: Thu, 17 Apr 2025 14:03:24 +0800
Subject: [PATCH] =?UTF-8?q?=E7=AE=80=E5=8E=86=20=E8=AF=A6=E6=83=85?=
 =?UTF-8?q?=E6=89=8B=E5=8A=A8=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 authorize/api/resume_authorize.py | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/authorize/api/resume_authorize.py b/authorize/api/resume_authorize.py
index 1edffc1..c1f68f6 100644
--- a/authorize/api/resume_authorize.py
+++ b/authorize/api/resume_authorize.py
@@ -1,12 +1,13 @@
 from ninja import Router, Query
 from django.shortcuts import get_object_or_404
+from accounts.models import User
 from authorize.models import ResumeDetailAccessRequest
 from authorize.schemas import ResumeAccessRequestIn
 from resumes.models import ResumeDetail
 from utils.auth import jwt_auth
 from utils.permissions import login_required, manager_required
 
-resume_authorize_router = Router(tags=["简历授权管理"])
+resume_authorize_router = Router(tags=["简历(详情信息)授权管理"])
 
 
 @resume_authorize_router.post("/apply", auth=jwt_auth, summary="申请简历详情[普]", description="普通用户申请查看某一份简历详情")
@@ -94,3 +95,28 @@ def my_resume_request_history(request):
     ]
 
     return {"success": True, "items": data}
+
+
+@resume_authorize_router.post("/manual-authorize", auth=jwt_auth, summary="手动授权简历详情[分]", description="分管理跳过申请流程，直接授权某用户查看指定简历")
+@manager_required
+def manually_authorize_resume(request, user_id: int = Query(...), resume_id: int = Query(...)):
+    user = get_object_or_404(User, id=user_id)
+    resume = get_object_or_404(ResumeDetail, id=resume_id)
+
+    if not user.is_user():
+        return {"success": False, "message": "仅能授权给普通用户"}
+
+    if resume.source not in request.user.managed_websites.all():
+        return {"success": False, "message": "无权授权该简历"}
+
+    record, created = ResumeDetailAccessRequest.objects.get_or_create(
+        user=user,
+        resume=resume,
+        defaults={"status": "approved", "reason": "由分管理手动授权"}
+    )
+
+    if not created:
+        record.status = "approved"
+        record.save()
+
+    return {"success": True, "message": f"已手动授权 {user.username} 访问简历 {resume.id}"}