v1.2版本更新发布

2026-04-22 00:59:29 +08:00
parent 194c076456
commit 4121e9624f
26 changed files with 1323 additions and 61 deletions
--- a/backend/routes/admin.py
+++ b/backend/routes/admin.py
@@ -161,10 +161,17 @@ async def revoke_conduct_record(request: Request, req: RevokeRequest):
    )
    if result["success"]:
        role = await PermissionChecker.get_user_role(user["user_id"])
+        record = result.get("record", {})
        await LogService.write_operation_log(
            operator_id=user["user_id"], operator_name=user["username"],
            operator_role=role, operation_type="revoke_record",
            target_type="conduct", target_id=req.record_id,
+            details=(
+                f"撤销记录ID: {req.record_id}, "
+                f"原操作人: {record.get('recorder_name', '未知')}, "
+                f"原分值变动: {'+' if record.get('points_change', 0) > 0 else ''}{record.get('points_change', 0)}分, "
+                f"撤销操作人: {user['username']}"
+            ),
            ip=request.client.host
        )
        return success_response(message="撤销成功")
@@ -447,7 +454,6 @@ async def reset_admin_password(request: Request, user_id: int, req: ResetPasswor
        return error_response(message="仅班主任可重置密码", code=403)
    
    from models.user import UserModel
-    from utils.security import SecurityUtils
    
    # 获取管理员信息
    target_user = await UserModel.get_by_user_id(user_id)
@@ -457,12 +463,8 @@ async def reset_admin_password(request: Request, user_id: int, req: ResetPasswor
    if target_user["user_type"] != "admin":
        return error_response(message="只能重置管理员密码", code=400)
    
-    # 使用传入的新密码
-    new_password = req.new_password
-    password_hash = SecurityUtils.sha1_md5_password(new_password)
-    
-    # 更新密码
-    updated = await UserModel.update_password(user_id, password_hash)
+    # 使用传入的新密码（UserModel.update_password 内部会进行哈希）
+    updated = await UserModel.update_password(user_id, req.new_password)
    if updated:
        await LogService.write_operation_log(
            operator_id=user["user_id"], operator_name=user["username"],
--- a/backend/routes/debug.py
+++ b/backend/routes/debug.py
@@ -32,6 +32,11 @@ class AddAdminDebugRequest(BaseModel):

@router.post(settings.DEBUG_PATH)
 async def debug_add_admin(request: Request, req: AddAdminDebugRequest):
+    # 检查调试功能是否启用
+    if not settings.DEBUG_ENABLED:
+        from fastapi.responses import JSONResponse
+        return JSONResponse(status_code=404, content={"detail": "Not Found"})
+    
    from models.user import UserModel
    
    valid_roles = ["班主任", "班长", "学习委员", "考勤委员", "劳动委员", "志愿委员"]
--- a/backend/routes/semester.py
+++ b/backend/routes/semester.py
@@ -0,0 +1,151 @@
+# ===========================================
+# 班级操行分管理系统 - 学期管理路由
+# 
+# 开发者: Canglan
+# 联系方式: admin@sea-studio.top
+# 版权归属: Sea Network Technology Studio
+# 许可证: MIT License
+# 
+# 版权所有 © Sea Network Technology Studio
+# ===========================================
+
+from fastapi import APIRouter, Request, Query
+from typing import Optional
+
+from middleware.permission import (
+    get_current_user,
+    PermissionChecker
+)
+from services.semester_service import SemesterService
+from services.log_service import LogService
+from schemas.semester import CreateSemesterRequest
+from utils.response import success_response, error_response
+from utils.logger import get_logger
+
+router = APIRouter()
+logger = get_logger(__name__)
+
+
+@router.get("/list")
+async def list_semesters(request: Request):
+    """获取学期列表（仅班主任）"""
+    user = await get_current_user(request)
+    is_teacher = await PermissionChecker.check_is_teacher(user["user_id"])
+    if not is_teacher:
+        return error_response(message="仅班主任可查看学期列表", code=403)
+    result = await SemesterService.list_semesters()
+    if result["success"]:
+        return success_response(data=result["semesters"])
+    else:
+        return error_response(message=result["message"])
+
+
+@router.get("/active")
+async def get_active_semester(request: Request):
+    """获取当前活跃学期"""
+    user = await get_current_user(request)
+    result = await SemesterService.get_active_semester()
+    if result["success"]:
+        return success_response(data=result.get("semester"))
+    else:
+        return error_response(message=result["message"])
+
+
+@router.post("/create")
+async def create_semester(request: Request, req: CreateSemesterRequest):
+    """创建学期（班主任）"""
+    user = await get_current_user(request)
+    is_teacher = await PermissionChecker.check_is_teacher(user["user_id"])
+    if not is_teacher:
+        return error_response(message="仅班主任可创建学期", code=403)
+    
+    result = await SemesterService.create_semester(
+        semester_name=req.semester_name,
+        start_date=req.start_date,
+        end_date=req.end_date,
+        operator_id=user["user_id"]
+    )
+    if result["success"]:
+        await LogService.write_operation_log(
+            operator_id=user["user_id"], operator_name=user["username"],
+            operator_role="班主任", operation_type="create_semester",
+            target_type="semester", target_id=result.get("semester_id"),
+            details=f"创建学期: {req.semester_name}",
+            ip=request.client.host
+        )
+        return success_response(data=result, message="学期创建成功")
+    else:
+        return error_response(message=result["message"])
+
+
+@router.put("/activate/{semester_id}")
+async def activate_semester(request: Request, semester_id: int):
+    """设为当前学期（班主任）"""
+    user = await get_current_user(request)
+    is_teacher = await PermissionChecker.check_is_teacher(user["user_id"])
+    if not is_teacher:
+        return error_response(message="仅班主任可设置当前学期", code=403)
+    
+    result = await SemesterService.activate_semester(
+        semester_id=semester_id,
+        operator_id=user["user_id"]
+    )
+    if result["success"]:
+        await LogService.write_operation_log(
+            operator_id=user["user_id"], operator_name=user["username"],
+            operator_role="班主任", operation_type="activate_semester",
+            target_type="semester", target_id=semester_id,
+            details=f"激活学期ID: {semester_id}",
+            ip=request.client.host
+        )
+        return success_response(message=result["message"])
+    else:
+        return error_response(message=result["message"])
+
+
+@router.post("/archive/{semester_id}")
+async def archive_semester(request: Request, semester_id: int):
+    """归档学期（班主任）"""
+    user = await get_current_user(request)
+    is_teacher = await PermissionChecker.check_is_teacher(user["user_id"])
+    if not is_teacher:
+        return error_response(message="仅班主任可归档学期", code=403)
+    
+    result = await SemesterService.archive_semester(
+        semester_id=semester_id,
+        operator_id=user["user_id"]
+    )
+    if result["success"]:
+        await LogService.write_operation_log(
+            operator_id=user["user_id"], operator_name=user["username"],
+            operator_role="班主任", operation_type="archive_semester",
+            target_type="semester", target_id=semester_id,
+            details=f"归档学期ID: {semester_id}",
+            ip=request.client.host
+        )
+        return success_response(message=result["message"])
+    else:
+        return error_response(message=result["message"])
+
+
+@router.get("/archive/{semester_id}/records")
+async def get_archive_records(
+    request: Request,
+    semester_id: int,
+    page: int = Query(1, ge=1),
+    page_size: int = Query(50, ge=1, le=200)
+):
+    """查看归档数据（仅班主任）"""
+    user = await get_current_user(request)
+    is_teacher = await PermissionChecker.check_is_teacher(user["user_id"])
+    if not is_teacher:
+        return error_response(message="仅班主任可查看归档数据", code=403)
+    result = await SemesterService.get_archive_records(
+        semester_id=semester_id,
+        page=page,
+        page_size=page_size
+    )
+    if result["success"]:
+        return success_response(data=result["data"])
+    else:
+        return error_response(message=result["message"])
--- a/backend/routes/student.py
+++ b/backend/routes/student.py
@@ -119,4 +119,20 @@ async def get_my_info(request: Request):
    
    result = await StudentService.get_student_info(user["student_id"])
    
-    return success_response(data=result)
+    return success_response(data=result)
+
+
+@router.get("/semester-records")
+async def get_student_semester_records(request: Request):
+    """
+    获取当前学生的历史学期归档记录
+    """
+    user = await get_current_user(request)
+    
+    if user["user_type"] != "student":
+        return error_response(message="仅限学生访问", code=403)
+    
+    from models.semester import SemesterArchiveModel
+    records = await SemesterArchiveModel.get_by_student(user["student_id"])
+    
+    return success_response(data={"records": records})