Allow all logged-in users to create/edit/delete their own recipes
Some checks failed
PR Preview / teardown-preview (pull_request) Has been skipped
Test / unit-test (push) Successful in 5s
Test / build-check (push) Successful in 4s
PR Preview / test (pull_request) Successful in 5s
PR Preview / deploy-preview (pull_request) Successful in 13s
Test / e2e-test (push) Failing after 6m48s
Some checks failed
PR Preview / teardown-preview (pull_request) Has been skipped
Test / unit-test (push) Successful in 5s
Test / build-check (push) Successful in 4s
PR Preview / test (pull_request) Successful in 5s
PR Preview / deploy-preview (pull_request) Successful in 13s
Test / e2e-test (push) Failing after 6m48s
Previously only editor+ roles could manage recipes, so viewer users saw an empty "我的配方" section. Now any authenticated user can CRUD their own recipes while admin/senior_editor retain full access. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -713,7 +713,9 @@ def get_recipe(recipe_id: int):
|
||||
|
||||
|
||||
@app.post("/api/recipes", status_code=201)
|
||||
def create_recipe(recipe: RecipeIn, user=Depends(require_role("admin", "senior_editor", "editor"))):
|
||||
def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
|
||||
if not user.get("id"):
|
||||
raise HTTPException(401, "请先登录")
|
||||
conn = get_db()
|
||||
c = conn.cursor()
|
||||
c.execute("INSERT INTO recipes (name, note, owner_id) VALUES (?, ?, ?)",
|
||||
@@ -748,13 +750,15 @@ def _check_recipe_permission(conn, recipe_id, user):
|
||||
raise HTTPException(404, "Recipe not found")
|
||||
if user["role"] in ("admin", "senior_editor"):
|
||||
return row
|
||||
if user["role"] == "editor" and row["owner_id"] == user["id"]:
|
||||
if row["owner_id"] == user.get("id"):
|
||||
return row
|
||||
raise HTTPException(403, "只能修改自己创建的配方")
|
||||
|
||||
|
||||
@app.put("/api/recipes/{recipe_id}")
|
||||
def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(require_role("admin", "senior_editor", "editor"))):
|
||||
def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(get_current_user)):
|
||||
if not user.get("id"):
|
||||
raise HTTPException(401, "请先登录")
|
||||
conn = get_db()
|
||||
c = conn.cursor()
|
||||
_check_recipe_permission(conn, recipe_id, user)
|
||||
@@ -793,7 +797,9 @@ def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(require_rol
|
||||
|
||||
|
||||
@app.delete("/api/recipes/{recipe_id}")
|
||||
def delete_recipe(recipe_id: int, user=Depends(require_role("admin", "senior_editor", "editor"))):
|
||||
def delete_recipe(recipe_id: int, user=Depends(get_current_user)):
|
||||
if not user.get("id"):
|
||||
raise HTTPException(401, "请先登录")
|
||||
conn = get_db()
|
||||
row = _check_recipe_permission(conn, recipe_id, user)
|
||||
# Save full snapshot for undo
|
||||
|
||||
Reference in New Issue
Block a user