v0.2测试

backend/routes/admin.py

@@ -214,6 +214,9 @@ async def get_assignments(request: Request):
     获取作业列表
     """
     user = await get_current_user(request)
+    role = await PermissionChecker.get_user_role(user["user_id"])
+    if role not in ["班主任", "学习委员"]:
+        return error_response(message="无权限", code=403)
     
     result = await HomeworkService.get_assignments(user["user_id"])
     
@@ -268,10 +271,10 @@ async def create_assignment(
 
 @router.put("/homework/submission")
 async def update_submission_status(request: Request, req: UpdateHomeworkStatusRequest):
-    """
-    更新作业提交状态（科代表）
-    """
     user = await get_current_user(request)
+    role = await PermissionChecker.get_user_role(user["user_id"])
+    if role not in ["班主任", "学习委员"]:
+        return error_response(message="无权进行此操作", code=403)
     
     result = await HomeworkService.update_submission_status(
         submission_id=req.submission_id,
@@ -340,9 +343,19 @@ async def add_admin(request: Request, req: AddAdminRequest):
     """
     user = await get_current_user(request)
     
-    is_teacher = await PermissionChecker.check_is_teacher(user["user_id"])
-    if not is_teacher:
+    if not await PermissionChecker.check_is_teacher(user["user_id"]):
         return error_response(message="仅班主任可添加管理员", code=403)
+
+    # 验证角色类型是否合法
+    if req.role_type not in ["班长", "学习委员", "考勤委员", "劳动委员"]:
+        return error_response(message="无效的角色类型", code=400)
+    result = await AdminService.add_admin(
+        username=req.username,
+        real_name=req.real_name,
+        password=req.password,
+        role_type=req.role_type,
+        operator_id=user["user_id"]
+    )
     
     result = await AdminService.add_admin(
         username=req.username,