iaun
/
work-statistics


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226
							"""Admin management API routes."""
from flask_restx import Namespace, Resource, fields
from flask import request
from app.services.admin_service import AdminService
from app.utils.auth_decorator import require_auth

admin_ns = Namespace('admins', description='管理员管理接口')

# API models for Swagger documentation
admin_input = admin_ns.model('AdminInput', {
    'username': fields.String(required=True, description='用户名'),
    'password': fields.String(required=True, description='密码（至少6个字符）')
})

admin_update_input = admin_ns.model('AdminUpdateInput', {
    'id': fields.Integer(required=True, description='管理员ID'),
    'username': fields.String(description='新用户名（可选）'),
    'password': fields.String(description='新密码（可选，至少6个字符）')
})

admin_delete_input = admin_ns.model('AdminDeleteInput', {
    'id': fields.Integer(required=True, description='管理员ID')
})

admin_info = admin_ns.model('AdminInfo', {
    'id': fields.Integer(description='管理员ID'),
    'username': fields.String(description='用户名'),
    'created_at': fields.String(description='创建时间'),
    'updated_at': fields.String(description='更新时间')
})

admin_response = admin_ns.model('AdminResponse', {
    'success': fields.Boolean(description='操作是否成功'),
    'data': fields.Nested(admin_info, description='管理员信息')
})

admin_list_response = admin_ns.model('AdminListResponse', {
    'success': fields.Boolean(description='操作是否成功'),
    'data': fields.List(fields.Nested(admin_info), description='管理员列表')
})

delete_response = admin_ns.model('DeleteResponse', {
    'success': fields.Boolean(description='操作是否成功'),
    'message': fields.String(description='操作结果消息')
})

error_response = admin_ns.model('AdminErrorResponse', {
    'success': fields.Boolean(description='操作是否成功'),
    'error': fields.String(description='错误信息'),
    'code': fields.String(description='错误代码')
})


@admin_ns.route('')
class AdminList(Resource):
    """Resource for listing admins."""
    
    @admin_ns.doc('list_admins')
    @admin_ns.response(200, 'Success', admin_list_response)
    @admin_ns.response(401, 'Unauthorized', error_response)
    @require_auth
    def get(self):
        """获取所有管理员列表（不包含密码）"""
        admins = AdminService.get_all()
        return {
            'success': True,
            'data': admins
        }, 200


@admin_ns.route('/<int:admin_id>')
class AdminDetail(Resource):
    """Resource for getting a single admin."""
    
    @admin_ns.doc('get_admin')
    @admin_ns.response(200, 'Success', admin_response)
    @admin_ns.response(401, 'Unauthorized', error_response)
    @admin_ns.response(404, 'Not found', error_response)
    @require_auth
    def get(self, admin_id):
        """根据ID获取管理员信息"""
        admin, error = AdminService.get_by_id(admin_id)
        
        if error:
            return {
                'success': False,
                'error': error,
                'code': 'NOT_FOUND'
            }, 404
        
        return {
            'success': True,
            'data': admin
        }, 200


@admin_ns.route('/create')
class AdminCreate(Resource):
    """Resource for creating admins."""
    
    @admin_ns.doc('create_admin')
    @admin_ns.expect(admin_input)
    @admin_ns.response(201, 'Created', admin_response)
    @admin_ns.response(400, 'Validation error', error_response)
    @admin_ns.response(401, 'Unauthorized', error_response)
    @require_auth
    def post(self):
        """创建新管理员"""
        data = admin_ns.payload or {}
        username = data.get('username', '')
        password = data.get('password', '')
        
        admin, error = AdminService.create(username, password)
        
        if error:
            return {
                'success': False,
                'error': error,
                'code': 'VALIDATION_ERROR'
            }, 400
        
        return {
            'success': True,
            'data': admin
        }, 201


@admin_ns.route('/update')
class AdminUpdate(Resource):
    """Resource for updating admins."""
    
    @admin_ns.doc('update_admin')
    @admin_ns.expect(admin_update_input)
    @admin_ns.response(200, 'Success', admin_response)
    @admin_ns.response(400, 'Validation error', error_response)
    @admin_ns.response(401, 'Unauthorized', error_response)
    @admin_ns.response(403, 'Forbidden', error_response)
    @admin_ns.response(404, 'Not found', error_response)
    @require_auth
    def post(self):
        """更新管理员信息"""
        data = admin_ns.payload or {}
        admin_id = data.get('id')
        username = data.get('username')
        password = data.get('password')
        
        if not admin_id:
            return {
                'success': False,
                'error': 'Admin ID is required',
                'code': 'VALIDATION_ERROR'
            }, 400
        
        # Protect primary admin (ID=1) from being modified by others
        current_admin_id = request.current_admin.get('admin_id')
        if admin_id == 1 and current_admin_id != 1:
            return {
                'success': False,
                'error': '无权修改主管理员信息',
                'code': 'FORBIDDEN'
            }, 403
        
        admin, error = AdminService.update(admin_id, username=username, password=password)
        
        if error:
            if 'not found' in error.lower() or '未找到' in error:
                return {
                    'success': False,
                    'error': error,
                    'code': 'NOT_FOUND'
                }, 404
            return {
                'success': False,
                'error': error,
                'code': 'VALIDATION_ERROR'
            }, 400
        
        return {
            'success': True,
            'data': admin
        }, 200


@admin_ns.route('/delete')
class AdminDelete(Resource):
    """Resource for deleting admins."""
    
    @admin_ns.doc('delete_admin')
    @admin_ns.expect(admin_delete_input)
    @admin_ns.response(200, 'Success', delete_response)
    @admin_ns.response(400, 'Validation error', error_response)
    @admin_ns.response(401, 'Unauthorized', error_response)
    @admin_ns.response(404, 'Not found', error_response)
    @require_auth
    def post(self):
        """删除管理员"""
        data = admin_ns.payload or {}
        admin_id = data.get('id')
        
        if not admin_id:
            return {
                'success': False,
                'error': 'Admin ID is required',
                'code': 'VALIDATION_ERROR'
            }, 400
        
        current_admin_id = request.current_admin.get('admin_id')
        success, error = AdminService.delete(admin_id, current_admin_id=current_admin_id)
        
        if error:
            if 'not found' in error.lower() or '未找到' in error:
                return {
                    'success': False,
                    'error': error,
                    'code': 'NOT_FOUND'
                }, 404
            return {
                'success': False,
                'error': error,
                'code': 'VALIDATION_ERROR'
            }, 400
        
        return {
            'success': True,
            'message': 'Admin deleted successfully'
        }, 200