114 lines
3.6 KiB
Python
114 lines
3.6 KiB
Python
from rest_framework import generics
|
|
from rest_framework.decorators import api_view, permission_classes
|
|
from rest_framework.permissions import AllowAny, IsAuthenticated
|
|
from rest_framework.response import Response
|
|
from rest_framework_simplejwt.views import TokenObtainPairView
|
|
from rest_framework.exceptions import PermissionDenied
|
|
from django.shortcuts import get_object_or_404
|
|
from .models import User
|
|
from .serializers import UserSerializer, UserCreateSerializer, CustomTokenObtainPairSerializer, ChangePasswordSerializer
|
|
|
|
RESET_PASSWORD = "abc!0000"
|
|
|
|
|
|
class CustomTokenObtainPairView(TokenObtainPairView):
|
|
"""
|
|
自定义JWT令牌获取视图
|
|
"""
|
|
serializer_class = CustomTokenObtainPairSerializer
|
|
permission_classes = [AllowAny]
|
|
|
|
|
|
class UserListView(generics.ListCreateAPIView):
|
|
"""
|
|
用户列表和创建视图
|
|
"""
|
|
serializer_class = UserSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get_queryset(self):
|
|
if self.request.user.role == 'admin':
|
|
return User.objects.all()
|
|
return User.objects.filter(id=self.request.user.id)
|
|
|
|
def get_serializer_class(self):
|
|
if self.request.method == 'POST':
|
|
return UserCreateSerializer
|
|
return UserSerializer
|
|
|
|
def perform_create(self, serializer):
|
|
# 只有管理员可以创建用户
|
|
if self.request.user.role != 'admin':
|
|
raise PermissionDenied("只有管理员可以创建用户")
|
|
serializer.save()
|
|
|
|
|
|
class UserDetailView(generics.RetrieveUpdateDestroyAPIView):
|
|
"""
|
|
用户详情视图
|
|
"""
|
|
queryset = User.objects.all()
|
|
serializer_class = UserSerializer
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def perform_update(self, serializer):
|
|
# 普通用户只能修改自己的信息
|
|
if self.request.user.role != 'admin' and self.request.user.id != self.get_object().id:
|
|
raise PermissionDenied("无权修改其他用户信息")
|
|
|
|
if self.request.user.role != 'admin':
|
|
allowed_fields = {'first_name', 'last_name', 'email', 'phone'}
|
|
for field in list(serializer.validated_data.keys()):
|
|
if field not in allowed_fields:
|
|
serializer.validated_data.pop(field)
|
|
|
|
serializer.save()
|
|
|
|
def perform_destroy(self, instance):
|
|
# 只有管理员可以删除用户
|
|
if self.request.user.role != 'admin':
|
|
raise PermissionDenied("只有管理员可以删除用户")
|
|
instance.delete()
|
|
|
|
|
|
@api_view(['GET'])
|
|
@permission_classes([IsAuthenticated])
|
|
def current_user(request):
|
|
"""
|
|
获取当前用户信息
|
|
"""
|
|
serializer = UserSerializer(request.user)
|
|
return Response(serializer.data)
|
|
|
|
|
|
@api_view(['POST'])
|
|
@permission_classes([IsAuthenticated])
|
|
def change_password(request):
|
|
"""
|
|
修改当前用户密码
|
|
"""
|
|
serializer = ChangePasswordSerializer(data=request.data)
|
|
serializer.is_valid(raise_exception=True)
|
|
|
|
if not request.user.check_password(serializer.validated_data['old_password']):
|
|
return Response({"detail": "原密码不正确"}, status=400)
|
|
|
|
request.user.set_password(serializer.validated_data['new_password'])
|
|
request.user.save()
|
|
return Response({"status": "密码已更新"})
|
|
|
|
|
|
@api_view(['POST'])
|
|
@permission_classes([IsAuthenticated])
|
|
def reset_password(request, pk):
|
|
"""
|
|
管理员重置用户密码
|
|
"""
|
|
if request.user.role != 'admin':
|
|
raise PermissionDenied("只有管理员可以重置密码")
|
|
|
|
user = get_object_or_404(User, pk=pk)
|
|
user.set_password(RESET_PASSWORD)
|
|
user.save()
|
|
return Response({"status": "密码已重置", "reset_password": RESET_PASSWORD})
|