hera/oil-formula-calculator
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: 权限变更后不显示旧通知
All checks were successful
PR Preview / teardown-preview (pull_request) Has been skipped
Details
Test / unit-test (push) Successful in 4s
Details
Test / build-check (push) Successful in 4s
Details
PR Preview / test (pull_request) Successful in 4s
Details
PR Preview / deploy-preview (pull_request) Successful in 10s
Details
Test / e2e-test (push) Successful in 51s
Details

Browse Source 
- 新增 role_changed_at 字段,改权限时记录时间
- 通知查询用 MAX(注册时间, 权限变更时间) 过滤
- 确保新增权限的用户只看到变更之后的通知

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hera Zhao
2026-04-10 10:29:03 +00:00
parent 36bdec1d16
commit 4de1c41131
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/database.py
View File

@@ -163,6 +163,8 @@ def init_db():
c.execute("ALTER TABLE users ADD COLUMN brand_bg TEXT") c.execute("ALTER TABLE users ADD COLUMN brand_bg TEXT")
if "brand_align" not in user_cols: if "brand_align" not in user_cols:
c.execute("ALTER TABLE users ADD COLUMN brand_align TEXT DEFAULT 'center'") c.execute("ALTER TABLE users ADD COLUMN brand_align TEXT DEFAULT 'center'")
if "role_changed_at" not in user_cols:
c.execute("ALTER TABLE users ADD COLUMN role_changed_at TEXT")
# Migration: add tags to user_diary # Migration: add tags to user_diary
diary_cols = [row[1] for row in c.execute("PRAGMA table_info(user_diary)").fetchall()] diary_cols = [row[1] for row in c.execute("PRAGMA table_info(user_diary)").fetchall()]

14
backend/main.py
View File

@@ -1029,7 +1029,7 @@ def update_user(user_id: int, body: UserUpdate, user=Depends(require_role("admin
if body.role == "admin": if body.role == "admin":
conn.close() conn.close()
raise HTTPException(403, "不能将用户设为管理员") raise HTTPException(403, "不能将用户设为管理员")
conn.execute("UPDATE users SET role = ? WHERE id = ?", (body.role, user_id)) conn.execute("UPDATE users SET role = ?, role_changed_at = datetime('now') WHERE id = ?", (body.role, user_id))
if body.display_name is not None: if body.display_name is not None:
conn.execute("UPDATE users SET display_name = ? WHERE id = ?", (body.display_name, user_id)) conn.execute("UPDATE users SET display_name = ? WHERE id = ?", (body.display_name, user_id))
log_audit(conn, user["id"], "update_user", "user", user_id, None, log_audit(conn, user["id"], "update_user", "user", user_id, None,
@@ -1493,15 +1493,19 @@ def get_notifications(user=Depends(get_current_user)):
if not user["id"]: if not user["id"]:
return [] return []
conn = get_db() conn = get_db()
# Only show notifications created after user registration # Only show notifications after user registration or last role change (whichever is later)
user_created = conn.execute("SELECT created_at FROM users WHERE id = ?", (user["id"],)).fetchone() user_row = conn.execute("SELECT created_at, role_changed_at FROM users WHERE id = ?", (user["id"],)).fetchone()
created_at = user_created["created_at"] if user_created else "2000-01-01" cutoff = "2000-01-01"
if user_row:
cutoff = user_row["created_at"] or cutoff
if user_row["role_changed_at"] and user_row["role_changed_at"] > cutoff:
cutoff = user_row["role_changed_at"]
rows = conn.execute( rows = conn.execute(
"SELECT id, title, body, is_read, created_at FROM notifications " "SELECT id, title, body, is_read, created_at FROM notifications "
"WHERE (target_user_id = ? OR (target_user_id IS NULL AND (target_role = ? OR target_role = 'all'))) " "WHERE (target_user_id = ? OR (target_user_id IS NULL AND (target_role = ? OR target_role = 'all'))) "
"AND created_at >= ? " "AND created_at >= ? "
"ORDER BY is_read ASC, id DESC LIMIT 200", "ORDER BY is_read ASC, id DESC LIMIT 200",
(user["id"], user["role"], created_at) (user["id"], user["role"], cutoff)
).fetchall() ).fetchall()
conn.close() conn.close()
return [dict(r) for r in rows] return [dict(r) for r in rows]