240241002/ai_v
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67f2621a69
ai_v/blueprints/admin.py
公司git 67f2621a69 feat(payment): 集成支付宝支付与订单管理功能 
- 在应用中注册支付蓝图(payment_bp)以支持支付接口
- 配置支付宝相关秘钥、回调地址及环境选项
- 新增订单模型(Order),支持订单数据存储与管理
- 管理后台接口添加订单列表查询功能,支持超级管理员访问
- 购买页面与表单修改,支持不同套餐的购买提交
- 支付成功页面提示,显示订单编号及积分到账信息
- 移除买积分按钮禁用逻辑,开放购买功能
2026-01-14 17:00:43 +08:00

209 lines
6.6 KiB
Python
Raw Blame History

from flask import Blueprint, request, jsonify
from extensions import db
from models import User, Role, Permission, SystemDict, SystemNotification, Order
from middlewares.auth import permission_required
admin_bp = Blueprint('admin', __name__, url_prefix='/api/admin')
# --- 角色管理 ---
@admin_bp.route('/roles', methods=['GET'])
@permission_required('manage_rbac')
def get_roles():
roles = Role.query.all()
return jsonify({
"roles": [{
"id": r.id,
"name": r.name,
"description": r.description,
"permissions": [p.name for p in r.permissions]
} for r in roles]
})
@admin_bp.route('/roles', methods=['POST'])
@permission_required('manage_rbac')
def save_role():
data = request.json
role_id = data.get('id')
if role_id:
role = Role.query.get(role_id)
if not role: return jsonify({"error": "角色不存在"}), 404
role.name = data['name']
role.description = data.get('description')
else:
role = Role(name=data['name'], description=data.get('description'))
db.session.add(role)
if 'permissions' in data:
perms = Permission.query.filter(Permission.name.in_(data['permissions'])).all()
role.permissions = perms
db.session.commit()
return jsonify({"message": "角色保存成功"})
@admin_bp.route('/roles/delete', methods=['POST'])
@permission_required('manage_rbac')
def delete_role():
data = request.json
role = Role.query.get(data.get('id'))
if role:
if role.name == '超级管理员':
return jsonify({"error": "不能删除超级管理员角色"}), 400
db.session.delete(role)
db.session.commit()
return jsonify({"message": "角色删除成功"})
return jsonify({"error": "角色不存在"}), 404
# --- 权限管理 ---
@admin_bp.route('/permissions', methods=['GET'])
@permission_required('manage_rbac')
def get_permissions():
perms = Permission.query.all()
return jsonify({
"permissions": [{"name": p.name, "description": p.description} for p in perms]
})
# --- 用户角色分配 ---
@admin_bp.route('/users', methods=['GET'])
@permission_required('manage_users')
def get_users():
users = User.query.all()
return jsonify({
"users": [{
"id": u.id,
"phone": u.phone,
"role": u.role.name if u.role else "未分配"
} for u in users]
})
@admin_bp.route('/users/assign', methods=['POST'])
@permission_required('manage_users')
def assign_role():
data = request.json
user = User.query.get(data['user_id'])
role = Role.query.get(data['role_id'])
if user and role:
user.role = role
db.session.commit()
return jsonify({"message": "角色分配成功"})
return jsonify({"error": "用户或角色不存在"}), 404
# --- 字典管理 ---
@admin_bp.route('/dicts', methods=['GET'])
@permission_required('manage_dicts')
def get_dicts():
dict_type = request.args.get('type')
query = SystemDict.query
if dict_type:
query = query.filter_by(dict_type=dict_type)
dicts = query.order_by(SystemDict.dict_type, SystemDict.sort_order.desc()).all()
return jsonify({
"dicts": [{
"id": d.id,
"dict_type": d.dict_type,
"label": d.label,
"value": d.value,
"cost": d.cost,
"is_active": d.is_active,
"sort_order": d.sort_order
} for d in dicts]
})
@admin_bp.route('/dicts', methods=['POST'])
@permission_required('manage_dicts')
def save_dict():
data = request.json
dict_id = data.get('id')
if dict_id:
d = SystemDict.query.get(dict_id)
if not d: return jsonify({"error": "记录不存在"}), 404
else:
d = SystemDict()
db.session.add(d)
d.dict_type = data['dict_type']
d.label = data['label']
d.value = data['value']
d.cost = data.get('cost', 0)
d.is_active = data.get('is_active', True)
d.sort_order = data.get('sort_order', 0)
db.session.commit()
return jsonify({"message": "保存成功"})
@admin_bp.route('/dicts/delete', methods=['POST'])
@permission_required('manage_dicts')
def delete_dict():
data = request.json
d = SystemDict.query.get(data.get('id'))
if d:
db.session.delete(d)
db.session.commit()
return jsonify({"message": "删除成功"})
return jsonify({"error": "记录不存在"}), 404
# --- 通知管理 ---
@admin_bp.route('/notifications', methods=['GET'])
@permission_required('manage_notifications')
def get_notifications():
notifs = SystemNotification.query.order_by(SystemNotification.created_at.desc()).all()
return jsonify({
"notifications": [{
"id": n.id,
"title": n.title,
"content": n.content,
"is_active": n.is_active,
"created_at": n.created_at.strftime('%Y-%m-%d %H:%M')
} for n in notifs]
})
@admin_bp.route('/notifications', methods=['POST'])
@permission_required('manage_notifications')
def save_notification():
data = request.json
notif_id = data.get('id')
if notif_id:
n = SystemNotification.query.get(notif_id)
if not n: return jsonify({"error": "通知不存在"}), 404
else:
n = SystemNotification()
db.session.add(n)
n.title = data['title']
n.content = data['content']
n.is_active = data.get('is_active', True)
db.session.commit()
return jsonify({"message": "通知保存成功"})
@admin_bp.route('/notifications/delete', methods=['POST'])
@permission_required('manage_notifications')
def delete_notification():
data = request.json
n = SystemNotification.query.get(data.get('id'))
if n:
db.session.delete(n)
db.session.commit()
return jsonify({"message": "通知删除成功"})
return jsonify({"error": "通知不存在"}), 404
# --- 订单管理 ---
@admin_bp.route('/orders', methods=['GET'])
@permission_required('manage_system') # 仅限超级管理员
def get_orders():
orders = Order.query.order_by(Order.created_at.desc()).all()
return jsonify({
"orders": [{
"id": o.id,
"out_trade_no": o.out_trade_no,
"user_phone": o.user.phone if o.user else "未知",
"amount": float(o.amount),
"points": o.points,
"status": o.status,
"trade_no": o.trade_no,
"created_at": o.created_at.strftime('%Y-%m-%d %H:%M:%S'),
"paid_at": o.paid_at.strftime('%Y-%m-%d %H:%M:%S') if o.paid_at else None
} for o in orders]
})
Reference in New Issue View Git Blame Copy Permalink