hera/oil-formula-calculator
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

dev #2

Merged
hera merged 40 commits from dev into main 2026-04-07 22:12:01 +00:00
Conversation 37 Commits 40 Files Changed 59 +11 -5
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9c85ed21b3 - Show all commits

14
backend/main.py
View File

@@ -713,7 +713,9 @@ def get_recipe(recipe_id: int):
@app.post("/api/recipes", status_code=201)
def create_recipe(recipe: RecipeIn, user=Depends(require_role("admin", "senior_editor", "editor"))):
def create_recipe(recipe: RecipeIn, user=Depends(get_current_user)):
if not user.get("id"):
raise HTTPException(401, "请先登录")
conn = get_db()
c = conn.cursor()
c.execute("INSERT INTO recipes (name, note, owner_id) VALUES (?, ?, ?)",
@@ -748,13 +750,15 @@ def _check_recipe_permission(conn, recipe_id, user):
raise HTTPException(404, "Recipe not found")
if user["role"] in ("admin", "senior_editor"):
return row
if user["role"] == "editor" and row["owner_id"] == user["id"]:
if row["owner_id"] == user.get("id"):
return row
raise HTTPException(403, "只能修改自己创建的配方")
@app.put("/api/recipes/{recipe_id}")
def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(require_role("admin", "senior_editor", "editor"))):
def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(get_current_user)):
if not user.get("id"):
raise HTTPException(401, "请先登录")
conn = get_db()
c = conn.cursor()
_check_recipe_permission(conn, recipe_id, user)
@@ -793,7 +797,9 @@ def update_recipe(recipe_id: int, update: RecipeUpdate, user=Depends(require_rol
@app.delete("/api/recipes/{recipe_id}")
def delete_recipe(recipe_id: int, user=Depends(require_role("admin", "senior_editor", "editor"))):
def delete_recipe(recipe_id: int, user=Depends(get_current_user)):
if not user.get("id"):
raise HTTPException(401, "请先登录")
conn = get_db()
row = _check_recipe_permission(conn, recipe_id, user)
# Save full snapshot for undo

2
frontend/src/stores/auth.js
View File

@@ -82,7 +82,7 @@ export const useAuthStore = defineStore('auth', () => {
function canEditRecipe(recipe) {
if (isAdmin.value || user.value.role === 'senior_editor') return true
if (user.value.role === 'editor' && recipe._owner_id === user.value.id) return true
if (recipe._owner_id === user.value.id) return true
return false
}