From f579a459a01160278d401abe4ebf934c6c6c0f80 Mon Sep 17 00:00:00 2001
From: Hera Zhao <hera@euphon.net>
Date: Sat, 11 Apr 2026 22:05:24 +0000
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=BD=AF=E5=88=A0=E9=99=A4=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5NULL=E5=85=BC=E5=AE=B9=EF=BC=8C=E7=94=A8COALESCE?=
 =?UTF-8?q?=E9=81=BF=E5=85=8D=E5=B7=B2=E6=9C=89=E7=94=A8=E6=88=B7=E6=97=A0?=
 =?UTF-8?q?=E6=B3=95=E7=99=BB=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 backend/database.py |  1 +
 backend/main.py     | 16 ++++++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/backend/database.py b/backend/database.py
index f7be834..cdd35d3 100644
--- a/backend/database.py
+++ b/backend/database.py
@@ -248,6 +248,7 @@ def init_db():
     # Migration: soft-delete for users
     if "deleted" not in user_cols:
         c.execute("ALTER TABLE users ADD COLUMN deleted INTEGER DEFAULT 0")
+        c.execute("UPDATE users SET deleted = 0 WHERE deleted IS NULL")
     if "deleted_at" not in user_cols:
         c.execute("ALTER TABLE users ADD COLUMN deleted_at TEXT")
 
diff --git a/backend/main.py b/backend/main.py
index 9bda5b1..5a07234 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -57,7 +57,7 @@ def get_current_user(request: Request):
     if not token:
         return ANON_USER
     conn = get_db()
-    user = conn.execute("SELECT id, username, role, display_name, password, business_verified FROM users WHERE token = ? AND NOT deleted", (token,)).fetchone()
+    user = conn.execute("SELECT id, username, role, display_name, password, business_verified FROM users WHERE token = ? AND COALESCE(deleted,0)=0", (token,)).fetchone()
     conn.close()
     if not user:
         return ANON_USER
@@ -373,7 +373,7 @@ def login(body: dict):
     if not username or not password:
         raise HTTPException(400, "请输入用户名和密码")
     conn = get_db()
-    user = conn.execute("SELECT id, token, password, display_name, role FROM users WHERE username = ? AND NOT deleted", (username,)).fetchone()
+    user = conn.execute("SELECT id, token, password, display_name, role FROM users WHERE username = ? AND COALESCE(deleted,0)=0", (username,)).fetchone()
     if not user:
         conn.close()
         raise HTTPException(401, "用户名不存在")
@@ -747,7 +747,7 @@ def list_recipes(user=Depends(get_current_user)):
     if user["role"] == "admin":
         rows = conn.execute("SELECT id, name, note, owner_id, version, en_name FROM recipes ORDER BY id").fetchall()
     else:
-        admin = conn.execute("SELECT id FROM users WHERE role = 'admin' AND NOT deleted LIMIT 1").fetchone()
+        admin = conn.execute("SELECT id FROM users WHERE role = 'admin' AND COALESCE(deleted,0)=0 LIMIT 1").fetchone()
         admin_id = admin["id"] if admin else 1
         user_id = user.get("id")
         if user_id:
@@ -786,7 +786,7 @@ def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
     # Senior editors adding directly to public library: set owner to admin so everyone can see
     owner_id = user["id"]
     if user["role"] in ("senior_editor",):
-        admin = c.execute("SELECT id FROM users WHERE role = 'admin' AND NOT deleted LIMIT 1").fetchone()
+        admin = c.execute("SELECT id FROM users WHERE role = 'admin' AND COALESCE(deleted,0)=0 LIMIT 1").fetchone()
         if admin:
             owner_id = admin["id"]
     c.execute("INSERT INTO recipes (name, note, owner_id) VALUES (?, ?, ?)",
@@ -1063,7 +1063,7 @@ def delete_tag(name: str, user=Depends(require_role("admin"))):
 @app.get("/api/users")
 def list_users(user=Depends(require_role("admin"))):
     conn = get_db()
-    rows = conn.execute("SELECT id, username, token, role, display_name, created_at, business_verified FROM users WHERE NOT deleted ORDER BY id").fetchall()
+    rows = conn.execute("SELECT id, username, token, role, display_name, created_at, business_verified FROM users WHERE COALESCE(deleted,0)=0 ORDER BY id").fetchall()
     conn.close()
     return [dict(r) for r in rows]
 
@@ -1092,7 +1092,7 @@ def delete_user(user_id: int, user=Depends(require_role("admin"))):
     if user_id == user["id"]:
         raise HTTPException(400, "不能删除自己")
     conn = get_db()
-    target = conn.execute("SELECT id, username, display_name FROM users WHERE id = ? AND NOT deleted", (user_id,)).fetchone()
+    target = conn.execute("SELECT id, username, display_name FROM users WHERE id = ? AND COALESCE(deleted,0)=0", (user_id,)).fetchone()
     if not target:
         conn.close()
         raise HTTPException(404, "User not found")
@@ -1690,7 +1690,7 @@ def mark_notification_added(nid: int, user=Depends(get_current_user)):
         requester_name = body_text.split(" 搜索了")[0].strip()
         # Find the user
         requester = conn.execute(
-            "SELECT id, role FROM users WHERE (display_name = ? OR username = ?) AND NOT deleted",
+            "SELECT id, role FROM users WHERE (display_name = ? OR username = ?) AND COALESCE(deleted,0)=0",
             (requester_name, requester_name)
         ).fetchone()
         if requester:
@@ -1734,7 +1734,7 @@ def weekly_review(user=Depends(require_role("admin"))):
     conn = get_db()
 
     # 1. Pending recipes for admin review
-    admin = conn.execute("SELECT id FROM users WHERE role = 'admin' AND NOT deleted LIMIT 1").fetchone()
+    admin = conn.execute("SELECT id FROM users WHERE role = 'admin' AND COALESCE(deleted,0)=0 LIMIT 1").fetchone()
     admin_id = admin["id"] if admin else 1
     pending = conn.execute(
         "SELECT COUNT(*) as cnt FROM recipes WHERE owner_id != ?", (admin_id,)