"""Admin management API routes.""" from flask_restx import Namespace, Resource, fields from flask import request from app.services.admin_service import AdminService from app.utils.auth_decorator import require_auth admin_ns = Namespace('admins', description='管理员管理接口') # API models for Swagger documentation admin_input = admin_ns.model('AdminInput', { 'username': fields.String(required=True, description='用户名'), 'password': fields.String(required=True, description='密码(至少6个字符)') }) admin_update_input = admin_ns.model('AdminUpdateInput', { 'id': fields.Integer(required=True, description='管理员ID'), 'username': fields.String(description='新用户名(可选)'), 'password': fields.String(description='新密码(可选,至少6个字符)') }) admin_delete_input = admin_ns.model('AdminDeleteInput', { 'id': fields.Integer(required=True, description='管理员ID') }) admin_info = admin_ns.model('AdminInfo', { 'id': fields.Integer(description='管理员ID'), 'username': fields.String(description='用户名'), 'created_at': fields.String(description='创建时间'), 'updated_at': fields.String(description='更新时间') }) admin_response = admin_ns.model('AdminResponse', { 'success': fields.Boolean(description='操作是否成功'), 'data': fields.Nested(admin_info, description='管理员信息') }) admin_list_response = admin_ns.model('AdminListResponse', { 'success': fields.Boolean(description='操作是否成功'), 'data': fields.List(fields.Nested(admin_info), description='管理员列表') }) delete_response = admin_ns.model('DeleteResponse', { 'success': fields.Boolean(description='操作是否成功'), 'message': fields.String(description='操作结果消息') }) error_response = admin_ns.model('AdminErrorResponse', { 'success': fields.Boolean(description='操作是否成功'), 'error': fields.String(description='错误信息'), 'code': fields.String(description='错误代码') }) @admin_ns.route('') class AdminList(Resource): """Resource for listing admins.""" @admin_ns.doc('list_admins') @admin_ns.response(200, 'Success', admin_list_response) @admin_ns.response(401, 'Unauthorized', error_response) @require_auth def get(self): """获取所有管理员列表(不包含密码)""" admins = AdminService.get_all() return { 'success': True, 'data': admins }, 200 @admin_ns.route('/') class AdminDetail(Resource): """Resource for getting a single admin.""" @admin_ns.doc('get_admin') @admin_ns.response(200, 'Success', admin_response) @admin_ns.response(401, 'Unauthorized', error_response) @admin_ns.response(404, 'Not found', error_response) @require_auth def get(self, admin_id): """根据ID获取管理员信息""" admin, error = AdminService.get_by_id(admin_id) if error: return { 'success': False, 'error': error, 'code': 'NOT_FOUND' }, 404 return { 'success': True, 'data': admin }, 200 @admin_ns.route('/create') class AdminCreate(Resource): """Resource for creating admins.""" @admin_ns.doc('create_admin') @admin_ns.expect(admin_input) @admin_ns.response(201, 'Created', admin_response) @admin_ns.response(400, 'Validation error', error_response) @admin_ns.response(401, 'Unauthorized', error_response) @require_auth def post(self): """创建新管理员""" data = admin_ns.payload or {} username = data.get('username', '') password = data.get('password', '') admin, error = AdminService.create(username, password) if error: return { 'success': False, 'error': error, 'code': 'VALIDATION_ERROR' }, 400 return { 'success': True, 'data': admin }, 201 @admin_ns.route('/update') class AdminUpdate(Resource): """Resource for updating admins.""" @admin_ns.doc('update_admin') @admin_ns.expect(admin_update_input) @admin_ns.response(200, 'Success', admin_response) @admin_ns.response(400, 'Validation error', error_response) @admin_ns.response(401, 'Unauthorized', error_response) @admin_ns.response(403, 'Forbidden', error_response) @admin_ns.response(404, 'Not found', error_response) @require_auth def post(self): """更新管理员信息""" data = admin_ns.payload or {} admin_id = data.get('id') username = data.get('username') password = data.get('password') if not admin_id: return { 'success': False, 'error': 'Admin ID is required', 'code': 'VALIDATION_ERROR' }, 400 # Protect primary admin (ID=1) from being modified by others current_admin_id = request.current_admin.get('admin_id') if admin_id == 1 and current_admin_id != 1: return { 'success': False, 'error': '无权修改主管理员信息', 'code': 'FORBIDDEN' }, 403 admin, error = AdminService.update(admin_id, username=username, password=password) if error: if 'not found' in error.lower() or '未找到' in error: return { 'success': False, 'error': error, 'code': 'NOT_FOUND' }, 404 return { 'success': False, 'error': error, 'code': 'VALIDATION_ERROR' }, 400 return { 'success': True, 'data': admin }, 200 @admin_ns.route('/delete') class AdminDelete(Resource): """Resource for deleting admins.""" @admin_ns.doc('delete_admin') @admin_ns.expect(admin_delete_input) @admin_ns.response(200, 'Success', delete_response) @admin_ns.response(400, 'Validation error', error_response) @admin_ns.response(401, 'Unauthorized', error_response) @admin_ns.response(404, 'Not found', error_response) @require_auth def post(self): """删除管理员""" data = admin_ns.payload or {} admin_id = data.get('id') if not admin_id: return { 'success': False, 'error': 'Admin ID is required', 'code': 'VALIDATION_ERROR' }, 400 current_admin_id = request.current_admin.get('admin_id') success, error = AdminService.delete(admin_id, current_admin_id=current_admin_id) if error: if 'not found' in error.lower() or '未找到' in error: return { 'success': False, 'error': error, 'code': 'NOT_FOUND' }, 404 return { 'success': False, 'error': error, 'code': 'VALIDATION_ERROR' }, 400 return { 'success': True, 'message': 'Admin deleted successfully' }, 200