hera/oil-formula-calculator
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Allow all logged-in users to create/edit/delete their own recipes
Some checks failed
PR Preview / teardown-preview (pull_request) Has been skipped
Details
Test / unit-test (push) Successful in 5s
Details
Test / build-check (push) Successful in 4s
Details
PR Preview / test (pull_request) Successful in 5s
Details
PR Preview / deploy-preview (pull_request) Successful in 13s
Details
Test / e2e-test (push) Failing after 6m48s
Details

Browse Source 
Previously only editor+ roles could manage recipes, so viewer users
saw an empty "我的配方" section. Now any authenticated user can CRUD
their own recipes while admin/senior_editor retain full access.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hera Zhao
2026-04-06 22:30:24 +00:00
parent a27c30ea7c
commit 9c85ed21b3
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/main.py
View File

@@ -713,7 +713,9 @@ def get_recipe(recipe_id: int):
@app.post("/api/recipes", status_code=201) @app.post("/api/recipes", status_code=201)
def create_recipe(recipe: RecipeIn, user=Depends(require_role("admin", "senior_editor", "editor"))): def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
if not user.get("id"):
raise HTTPException(401, "请先登录")
conn = get_db() conn = get_db()
c = conn.cursor() c = conn.cursor()
c.execute("INSERT INTO recipes (name, note, owner_id) VALUES (?, ?, ?)", c.execute("INSERT INTO recipes (name, note, owner_id) VALUES (?, ?, ?)",
@@ -748,13 +750,15 @@ def _check_recipe_permission(conn, recipe_id, user):
raise HTTPException(404, "Recipe not found") raise HTTPException(404, "Recipe not found")
if user["role"] in ("admin", "senior_editor"): if user["role"] in ("admin", "senior_editor"):
return row return row
if user["role"] == "editor" and row["owner_id"] == user["id"]: if row["owner_id"] == user.get("id"):
return row return row
raise HTTPException(403, "只能修改自己创建的配方") raise HTTPException(403, "只能修改自己创建的配方")
@app.put("/api/recipes/{recipe_id}") @app.put("/api/recipes/{recipe_id}")
def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(require_role("admin", "senior_editor", "editor"))): def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(get_current_user)):
if not user.get("id"):
raise HTTPException(401, "请先登录")
conn = get_db() conn = get_db()
c = conn.cursor() c = conn.cursor()
_check_recipe_permission(conn, recipe_id, user) _check_recipe_permission(conn, recipe_id, user)
@@ -793,7 +797,9 @@ def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(require_rol
@app.delete("/api/recipes/{recipe_id}") @app.delete("/api/recipes/{recipe_id}")
def delete_recipe(recipe_id: int, user=Depends(require_role("admin", "senior_editor", "editor"))): def delete_recipe(recipe_id: int, user=Depends(get_current_user)):
if not user.get("id"):
raise HTTPException(401, "请先登录")
conn = get_db() conn = get_db()
row = _check_recipe_permission(conn, recipe_id, user) row = _check_recipe_permission(conn, recipe_id, user)
# Save full snapshot for undo # Save full snapshot for undo

2
frontend/src/stores/auth.js
View File

@@ -82,7 +82,7 @@ export const useAuthStore = defineStore('auth', () => {
function canEditRecipe(recipe) { function canEditRecipe(recipe) {
if (isAdmin.value || user.value.role === 'senior_editor') return true if (isAdmin.value || user.value.role === 'senior_editor') return true
if (user.value.role === 'editor' && recipe._owner_id === user.value.id) return true if (recipe._owner_id === user.value.id) return true
return false return false
} }