feat: 用户软删除+30天自动清理,操作日志共享配方统一显示
Some checks failed
PR Preview / teardown-preview (pull_request) Has been skipped
Test / unit-test (push) Successful in 5s
Test / build-check (push) Successful in 4s
PR Preview / test (pull_request) Successful in 5s
PR Preview / deploy-preview (pull_request) Successful in 17s
Test / e2e-test (push) Has been cancelled
Some checks failed
PR Preview / teardown-preview (pull_request) Has been skipped
Test / unit-test (push) Successful in 5s
Test / build-check (push) Successful in 4s
PR Preview / test (pull_request) Successful in 5s
PR Preview / deploy-preview (pull_request) Successful in 17s
Test / e2e-test (push) Has been cancelled
用户删除改为软删除(deleted标记),撤销时数据完整恢复(配方/收藏/库存等)。 30天后自动硬删除清理。操作日志中共享配方和采纳配方统一显示为"共享配方"。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -57,7 +57,7 @@ def get_current_user(request: Request):
|
||||
if not token:
|
||||
return ANON_USER
|
||||
conn = get_db()
|
||||
user = conn.execute("SELECT id, username, role, display_name, password, business_verified FROM users WHERE token = ?", (token,)).fetchone()
|
||||
user = conn.execute("SELECT id, username, role, display_name, password, business_verified FROM users WHERE token = ? AND NOT deleted", (token,)).fetchone()
|
||||
conn.close()
|
||||
if not user:
|
||||
return ANON_USER
|
||||
@@ -373,7 +373,7 @@ def login(body: dict):
|
||||
if not username or not password:
|
||||
raise HTTPException(400, "请输入用户名和密码")
|
||||
conn = get_db()
|
||||
user = conn.execute("SELECT id, token, password, display_name, role FROM users WHERE username = ?", (username,)).fetchone()
|
||||
user = conn.execute("SELECT id, token, password, display_name, role FROM users WHERE username = ? AND NOT deleted", (username,)).fetchone()
|
||||
if not user:
|
||||
conn.close()
|
||||
raise HTTPException(401, "用户名不存在")
|
||||
@@ -747,7 +747,7 @@ def list_recipes(user=Depends(get_current_user)):
|
||||
if user["role"] == "admin":
|
||||
rows = conn.execute("SELECT id, name, note, owner_id, version, en_name FROM recipes ORDER BY id").fetchall()
|
||||
else:
|
||||
admin = conn.execute("SELECT id FROM users WHERE role = 'admin' LIMIT 1").fetchone()
|
||||
admin = conn.execute("SELECT id FROM users WHERE role = 'admin' AND NOT deleted LIMIT 1").fetchone()
|
||||
admin_id = admin["id"] if admin else 1
|
||||
user_id = user.get("id")
|
||||
if user_id:
|
||||
@@ -786,7 +786,7 @@ def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
|
||||
# Senior editors adding directly to public library: set owner to admin so everyone can see
|
||||
owner_id = user["id"]
|
||||
if user["role"] in ("senior_editor",):
|
||||
admin = c.execute("SELECT id FROM users WHERE role = 'admin' LIMIT 1").fetchone()
|
||||
admin = c.execute("SELECT id FROM users WHERE role = 'admin' AND NOT deleted LIMIT 1").fetchone()
|
||||
if admin:
|
||||
owner_id = admin["id"]
|
||||
c.execute("INSERT INTO recipes (name, note, owner_id) VALUES (?, ?, ?)",
|
||||
@@ -800,7 +800,9 @@ def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
|
||||
for tag in recipe.tags:
|
||||
c.execute("INSERT OR IGNORE INTO tags (name) VALUES (?)", (tag,))
|
||||
c.execute("INSERT OR IGNORE INTO recipe_tags (recipe_id, tag_name) VALUES (?, ?)", (rid, tag))
|
||||
log_audit(conn, user["id"], "create_recipe", "recipe", rid, recipe.name)
|
||||
# Only log for admin/senior_editor direct adds (share); others wait for adopt
|
||||
if user["role"] in ("admin", "senior_editor"):
|
||||
log_audit(conn, user["id"], "share_recipe", "recipe", rid, recipe.name)
|
||||
who = user.get("display_name") or user["username"]
|
||||
if user["role"] == "senior_editor":
|
||||
# Senior editor adds directly — just inform admin
|
||||
@@ -1061,7 +1063,7 @@ def delete_tag(name: str, user=Depends(require_role("admin"))):
|
||||
@app.get("/api/users")
|
||||
def list_users(user=Depends(require_role("admin"))):
|
||||
conn = get_db()
|
||||
rows = conn.execute("SELECT id, username, token, role, display_name, created_at, business_verified FROM users ORDER BY id").fetchall()
|
||||
rows = conn.execute("SELECT id, username, token, role, display_name, created_at, business_verified FROM users WHERE NOT deleted ORDER BY id").fetchall()
|
||||
conn.close()
|
||||
return [dict(r) for r in rows]
|
||||
|
||||
@@ -1090,14 +1092,12 @@ def delete_user(user_id: int, user=Depends(require_role("admin"))):
|
||||
if user_id == user["id"]:
|
||||
raise HTTPException(400, "不能删除自己")
|
||||
conn = get_db()
|
||||
target = conn.execute("SELECT id, username, token, role, display_name FROM users WHERE id = ?", (user_id,)).fetchone()
|
||||
target = conn.execute("SELECT id, username, display_name FROM users WHERE id = ? AND NOT deleted", (user_id,)).fetchone()
|
||||
if not target:
|
||||
conn.close()
|
||||
raise HTTPException(404, "User not found")
|
||||
snapshot = dict(target)
|
||||
conn.execute("DELETE FROM users WHERE id = ?", (user_id,))
|
||||
log_audit(conn, user["id"], "delete_user", "user", user_id, target["username"],
|
||||
json.dumps(snapshot, ensure_ascii=False))
|
||||
conn.execute("UPDATE users SET deleted = 1, deleted_at = datetime('now') WHERE id = ?", (user_id,))
|
||||
log_audit(conn, user["id"], "delete_user", "user", user_id, target["username"])
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return {"ok": True}
|
||||
@@ -1141,11 +1141,15 @@ def undo_action(log_id: int, user=Depends(require_role("admin"))):
|
||||
|
||||
action = entry["action"]
|
||||
detail = entry["detail"]
|
||||
if not detail:
|
||||
|
||||
if action == "delete_user":
|
||||
# Soft-delete undo — no snapshot needed
|
||||
pass
|
||||
elif not detail:
|
||||
conn.close()
|
||||
raise HTTPException(400, "此操作无法撤销(无快照数据)")
|
||||
|
||||
snapshot = json.loads(detail)
|
||||
snapshot = json.loads(detail) if detail else {}
|
||||
|
||||
if action == "delete_recipe":
|
||||
# Restore recipe from snapshot
|
||||
@@ -1176,16 +1180,15 @@ def undo_action(log_id: int, user=Depends(require_role("admin"))):
|
||||
return {"ok": True}
|
||||
|
||||
elif action == "delete_user":
|
||||
try:
|
||||
conn.execute(
|
||||
"INSERT INTO users (username, token, role, display_name) VALUES (?, ?, ?, ?)",
|
||||
(snapshot["username"], snapshot["token"], snapshot["role"], snapshot.get("display_name", "")))
|
||||
log_audit(conn, user["id"], "undo_delete_user", "user", snapshot["username"], snapshot.get("display_name"),
|
||||
json.dumps({"original_log_id": log_id}))
|
||||
conn.commit()
|
||||
except Exception:
|
||||
target_id = entry["target_id"]
|
||||
target_user = conn.execute("SELECT id, username, display_name, deleted FROM users WHERE id = ?", (target_id,)).fetchone()
|
||||
if not target_user or not target_user["deleted"]:
|
||||
conn.close()
|
||||
raise HTTPException(400, "恢复失败(用户名可能已被占用)")
|
||||
raise HTTPException(400, "该用户未被删除或不存在")
|
||||
conn.execute("UPDATE users SET deleted = 0, deleted_at = NULL WHERE id = ?", (target_id,))
|
||||
log_audit(conn, user["id"], "undo_delete_user", "user", target_user["username"], target_user["display_name"],
|
||||
json.dumps({"original_log_id": log_id}))
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return {"ok": True}
|
||||
|
||||
@@ -1687,7 +1690,7 @@ def mark_notification_added(nid: int, user=Depends(get_current_user)):
|
||||
requester_name = body_text.split(" 搜索了")[0].strip()
|
||||
# Find the user
|
||||
requester = conn.execute(
|
||||
"SELECT id, role FROM users WHERE display_name = ? OR username = ?",
|
||||
"SELECT id, role FROM users WHERE (display_name = ? OR username = ?) AND NOT deleted",
|
||||
(requester_name, requester_name)
|
||||
).fetchone()
|
||||
if requester:
|
||||
@@ -1731,7 +1734,7 @@ def weekly_review(user=Depends(require_role("admin"))):
|
||||
conn = get_db()
|
||||
|
||||
# 1. Pending recipes for admin review
|
||||
admin = conn.execute("SELECT id FROM users WHERE role = 'admin' LIMIT 1").fetchone()
|
||||
admin = conn.execute("SELECT id FROM users WHERE role = 'admin' AND NOT deleted LIMIT 1").fetchone()
|
||||
admin_id = admin["id"] if admin else 1
|
||||
pending = conn.execute(
|
||||
"SELECT COUNT(*) as cnt FROM recipes WHERE owner_id != ?", (admin_id,)
|
||||
@@ -1800,9 +1803,30 @@ def delete_category(cat_id: int, user=Depends(require_role("admin"))):
|
||||
FRONTEND_DIR = os.environ.get("FRONTEND_DIR", "/app/frontend")
|
||||
|
||||
|
||||
def purge_deleted_users():
|
||||
"""Hard-delete users that were soft-deleted more than 30 days ago, along with their related data."""
|
||||
conn = get_db()
|
||||
expired = conn.execute(
|
||||
"SELECT id FROM users WHERE deleted AND deleted_at < datetime('now', '-30 days')"
|
||||
).fetchall()
|
||||
for row in expired:
|
||||
uid = row["id"]
|
||||
conn.execute("DELETE FROM user_diary WHERE user_id = ?", (uid,))
|
||||
conn.execute("DELETE FROM user_favorites WHERE user_id = ?", (uid,))
|
||||
conn.execute("DELETE FROM user_inventory WHERE user_id = ?", (uid,))
|
||||
conn.execute("DELETE FROM business_applications WHERE user_id = ?", (uid,))
|
||||
conn.execute("DELETE FROM notifications WHERE target_user_id = ?", (uid,))
|
||||
conn.execute("DELETE FROM users WHERE id = ?", (uid,))
|
||||
if expired:
|
||||
conn.commit()
|
||||
print(f"[CLEANUP] Purged {len(expired)} users deleted >30 days ago")
|
||||
conn.close()
|
||||
|
||||
|
||||
@app.on_event("startup")
|
||||
def startup():
|
||||
init_db()
|
||||
purge_deleted_users()
|
||||
defaults_path = os.path.join(os.path.dirname(__file__), "defaults.json")
|
||||
if os.path.exists(defaults_path):
|
||||
with open(defaults_path) as f:
|
||||
|
||||
Reference in New Issue
Block a user