139 lines
4.6 KiB
Python
139 lines
4.6 KiB
Python
from ninja import Router, Query
|
||
from django.shortcuts import get_object_or_404
|
||
from accounts.models import User
|
||
from authorize.models import WebsiteAccessRequest, ResumeDetailAccessRequest
|
||
from authorize.schemas import ResumeAccessRequestIn, AccessRequestIn, AuthorizeIn
|
||
from resumes.models import ResumeDetail
|
||
from websites.models import Website
|
||
from utils.auth import jwt_auth
|
||
from utils.permissions import manager_required, login_required
|
||
|
||
authorize_router = Router(tags=["授权管理"])
|
||
|
||
|
||
@authorize_router.post("/authorize", auth=jwt_auth)
|
||
@manager_required
|
||
def authorize_user(request, data: AuthorizeIn):
|
||
manager = request.user
|
||
target_user = get_object_or_404(User, id=data.user_id)
|
||
|
||
if target_user.role != "user":
|
||
return {"success": False, "message": "只能授权给普通用户"}
|
||
|
||
managed_ids = set(manager.managed_websites.values_list("id", flat=True))
|
||
for wid in data.website_ids:
|
||
if wid not in managed_ids:
|
||
return {"success": False, "message": f"无权授权网站ID:{wid}"}
|
||
|
||
target_user.authorized_websites.add(*data.website_ids)
|
||
|
||
# 如果用户曾申请过,设置为已批准
|
||
WebsiteAccessRequest.objects.filter(user=target_user, website_id__in=data.website_ids).update(status="approved")
|
||
|
||
return {
|
||
"success": True,
|
||
"message": f"已授权 {target_user.username} 访问 {len(data.website_ids)} 个网站",
|
||
}
|
||
|
||
|
||
@authorize_router.post("/apply", auth=jwt_auth)
|
||
@login_required
|
||
def request_access(request, data: AccessRequestIn):
|
||
user = request.user
|
||
site = get_object_or_404(Website, id=data.website_id)
|
||
|
||
# 不允许重复申请
|
||
if WebsiteAccessRequest.objects.filter(user=user, website=site, status="pending").exists():
|
||
return {"success": False, "message": "您已申请,正在等待审批"}
|
||
|
||
WebsiteAccessRequest.objects.create(user=user, website=site, reason=data.reason or "")
|
||
|
||
return {"success": True, "message": "申请已提交,等待分管理审批"}
|
||
|
||
|
||
@authorize_router.get("/pending", auth=jwt_auth)
|
||
@manager_required
|
||
def list_pending_requests(request):
|
||
manager = request.user
|
||
managed_ids = manager.managed_websites.values_list("id", flat=True)
|
||
|
||
requests = WebsiteAccessRequest.objects.filter(website_id__in=managed_ids, status="pending")
|
||
|
||
return {
|
||
"success": True,
|
||
"items": [
|
||
{
|
||
"id": r.id,
|
||
"user": r.user.username,
|
||
"website": r.website.name,
|
||
"reason": r.reason,
|
||
"created_at": r.created_at,
|
||
}
|
||
for r in requests
|
||
]
|
||
}
|
||
|
||
|
||
@authorize_router.post("/approve", auth=jwt_auth)
|
||
@manager_required
|
||
def approve_request(request, request_id: int = Query(...), approve: bool = Query(True)):
|
||
r = get_object_or_404(WebsiteAccessRequest, id=request_id)
|
||
|
||
if r.website not in request.user.managed_websites.all():
|
||
return {"success": False, "message": "无权审批此申请"}
|
||
|
||
r.status = "approved" if approve else "rejected"
|
||
r.save()
|
||
|
||
if approve:
|
||
r.user.authorized_websites.add(r.website)
|
||
|
||
return {"success": True, "message": f"已{'通过' if approve else '拒绝'} {r.user.username} 的访问申请"}
|
||
|
||
|
||
@authorize_router.get("/my-sites", auth=jwt_auth)
|
||
@login_required
|
||
def list_user_manager_websites(request):
|
||
user = request.user
|
||
|
||
if not user.is_user():
|
||
return {"success": False, "message": "仅普通用户可申请网站"}
|
||
|
||
if not user.source_manager:
|
||
return {"success": False, "message": "您尚未绑定所属分管理,无法申请网站"}
|
||
|
||
sites = user.source_manager.managed_websites.all().values("id", "name", "db_alias")
|
||
return {"success": True, "websites": list(sites)}
|
||
|
||
|
||
@authorize_router.get("/public-sites")
|
||
def list_public_websites(request):
|
||
websites = Website.objects.all().values("id", "name")
|
||
return {"success": True, "websites": list(websites)}
|
||
|
||
|
||
@authorize_router.post("/apply-resume", auth=jwt_auth)
|
||
@login_required
|
||
def apply_resume_access(request, data: ResumeAccessRequestIn):
|
||
user = request.user
|
||
|
||
if not user.is_user():
|
||
return {"success": False, "message": "仅普通用户可申请查看简历"}
|
||
|
||
resume = get_object_or_404(ResumeDetail, id=data.resume_id)
|
||
|
||
exists = ResumeDetailAccessRequest.objects.filter(
|
||
user=user, resume=resume, status="pending"
|
||
).exists()
|
||
|
||
if exists:
|
||
return {"success": False, "message": "您已申请过该简历,正在等待审批"}
|
||
|
||
ResumeDetailAccessRequest.objects.create(
|
||
user=user,
|
||
resume=resume,
|
||
reason=data.reason or ""
|
||
)
|
||
|
||
return {"success": True, "message": "申请已提交,等待审批"}
|