novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 重构用户角色系统为管理员标识

Browse Source 
- 将用户角色字段从role改为is_admin布尔值
- 更新相关API权限检查逻辑
- 修改数据库schema和迁移文件
- 调整前端用户显示逻辑
- 添加API响应工具函数
- 优化权限检查中间件
- 重构英雄组件为原子组件
This commit is contained in:
张翔
2026-03-12 20:45:43 +08:00
parent b207bfa7af
commit f357330ba8
22 changed files with 1078 additions and 552 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app/api/admin/content/route.ts
+18 -31
View File
@@ -1,24 +1,18 @@
import { NextRequest, NextResponse } from 'next/server';
import { NextRequest } from 'next/server';
import { db } from '@/db';
import { content } from '@/db/schema';
import { auth } from '@/lib/auth';
import { hasPermission } from '@/lib/auth/permissions';
import { checkIsAdmin, getAdminUserId } from '@/lib/auth/check-permission';
import { createAuditLog } from '@/lib/audit';
import { forbidden, badRequest, success, handleApiError, validationError } from '@/lib/api-response';
import { eq, desc, and, like, sql } from 'drizzle-orm';
import { nanoid } from 'nanoid';
export async function GET(request: NextRequest) {
try {
const session = await auth();
const { isAdmin } = await checkIsAdmin();
if (!session?.user) {
return NextResponse.json({ error: '未授权' }, { status: 401 });
}
const userRole = session.user.role as 'admin' | 'editor' | 'viewer';
if (!hasPermission(userRole, 'content', 'read')) {
return NextResponse.json({ error: '无权限' }, { status: 403 });
if (!isAdmin) {
return forbidden();
}
const { searchParams } = new URL(request.url);
@@ -61,7 +55,7 @@ export async function GET(request: NextRequest) {
const total = countResult[0]?.count || 0;
return NextResponse.json({
return success({
items,
pagination: {
page,
@@ -71,30 +65,24 @@ export async function GET(request: NextRequest) {
},
});
} catch (error) {
console.error('获取内容列表失败:', error);
return NextResponse.json({ error: '服务器错误' }, { status: 500 });
return handleApiError(error);
}
}
export async function POST(request: NextRequest) {
try {
const session = await auth();
const { isAdmin } = await checkIsAdmin();
const userId = await getAdminUserId();
if (!session?.user) {
return NextResponse.json({ error: '未授权' }, { status: 401 });
}
const userRole = session.user.role as 'admin' | 'editor' | 'viewer';
if (!hasPermission(userRole, 'content', 'create')) {
return NextResponse.json({ error: '无权限' }, { status: 403 });
if (!isAdmin || !userId) {
return forbidden();
}
const body = await request.json();
const { type, title, slug, excerpt, contentBody, coverImage, category, tags, status: contentStatus, metadata } = body;
if (!type || !title || !slug) {
return NextResponse.json({ error: '缺少必要字段' }, { status: 400 });
return validationError('缺少必要字段', { required: ['type', 'title', 'slug'] });
}
const existingContent = await db
@@ -104,7 +92,7 @@ export async function POST(request: NextRequest) {
.limit(1);
if (existingContent.length > 0) {
return NextResponse.json({ error: 'Slug 已存在' }, { status: 400 });
return badRequest('Slug 已存在');
}
const now = new Date();
@@ -122,7 +110,7 @@ export async function POST(request: NextRequest) {
tags: tags || [],
status: contentStatus || 'draft',
publishedAt: contentStatus === 'published' ? now : null,
authorId: session.user.id,
authorId: userId,
metadata: metadata || null,
createdAt: now,
updatedAt: now,
@@ -130,7 +118,7 @@ export async function POST(request: NextRequest) {
.returning();
await createAuditLog({
userId: session.user.id,
userId,
action: 'create',
resourceType: 'content',
resourceId: newContent[0]!.id,
@@ -141,9 +129,8 @@ export async function POST(request: NextRequest) {
},
});
return NextResponse.json(newContent[0], { status: 201 });
return success(newContent[0], 201);
} catch (error) {
console.error('创建内容失败:', error);
return NextResponse.json({ error: '服务器错误' }, { status: 500 });
return handleApiError(error);
}
}