更新v1.4版本，修复了一些已知问题

2026-04-28 03:16:17 +08:00
parent 76088b0dd4
commit 3aac2395a0
26 changed files with 342 additions and 151 deletions
--- a/backend/middleware/permission.py
+++ b/backend/middleware/permission.py
@@ -26,6 +26,7 @@ async def get_current_user(request: Request) -> Dict[str, Any]:
    return {
        "user_id": getattr(request.state, 'user_id', None),
        "username": getattr(request.state, 'username', None),
+        "real_name": getattr(request.state, 'real_name', None),
        "user_type": getattr(request.state, 'user_type', None),
        "student_id": getattr(request.state, 'student_id', None),
        "role": getattr(request.state, 'role', None)
@@ -124,19 +125,23 @@ class PermissionChecker:
    async def check_can_revoke(user_id: int, record_id: int) -> bool:
        """
        检查是否可以撤销扣分记录
-        班主任：可以撤销任何记录
-        班长：可以撤销任何记录
-        考勤委员：可以撤销自己的记录
-        其他：只能撤销自己的记录
+        班主任：可以撤销/反撤销任何记录
+        班长：可以撤销/反撤销任何记录
+        考勤委员：可以撤销自己创建的记录
+        其他角色：无撤销权限
        """
-        sql = "SELECT recorder_id FROM conduct_records WHERE record_id = %s"
-        record = await execute_one(sql, (record_id,))
+        record = await execute_one(
+            "SELECT record_id, recorder_id FROM conduct_records WHERE record_id = %s",
+            (record_id,)
+        )
        if not record:
            return False
        role = await PermissionChecker.get_user_role(user_id)
-        if role in ["班主任", "班长", "志愿委员"]:
+        if role in ["班主任", "班长"]:
            return True
-        return record["recorder_id"] == user_id
+        if role == "考勤委员" and record.get("recorder_id") == user_id:
+            return True
+        return False


 def require_auth(func: Callable):