LZGZ-Ph-LT/routes/new_admin.py

from flask import Blueprint, render_template, redirect, url_for, flash, request
from flask_login import current_user
from functools import wraps
from models import db, User, Post

# 使用 new_admin 以避免任何命名冲突或缓存问题
admin_bp = Blueprint('admin', __name__, url_prefix='/admin')


def admin_required(f):
    """管理员权限装饰器 - 直接定义在此文件中以避免导入问题"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if not current_user.is_authenticated:
            return redirect(url_for('auth.login', next=request.url))
            
        if not current_user.is_admin:
            flash('需要管理员权限', 'error')
            return redirect(url_for('posts.index'))
            
        return f(*args, **kwargs)
    return decorated_function


@admin_bp.route('/')
@admin_required
def dashboard():
    """管理员仪表板"""
    pending_users = User.query.filter_by(is_approved=False).count()
    pending_posts = Post.query.filter_by(is_approved=False).count()
    
    return render_template('admin/dashboard.html', 
                         pending_users=pending_users,
                         pending_posts=pending_posts)


@admin_bp.route('/users')
@admin_required
def users():
    """待审核用户列表"""
    pending_users = User.query.filter_by(is_approved=False).order_by(User.created_at.desc()).all()
    approved_users = User.query.filter_by(is_approved=True).order_by(User.created_at.desc()).limit(20).all()
    
    return render_template('admin/users.html', 
                         pending_users=pending_users,
                         approved_users=approved_users)


@admin_bp.route('/users/<int:user_id>/approve', methods=['POST'])
@admin_required
def approve_user(user_id):
    """批准用户注册"""
    user = User.query.get_or_404(user_id)
    
    if user.is_approved:
        flash('该用户已经通过审核', 'info')
        return redirect(url_for('admin.users'))
    
    user.is_approved = True
    db.session.commit()
    
    flash(f'已批准用户 {user.username} 的注册', 'success')
    return redirect(url_for('admin.users'))


@admin_bp.route('/users/<int:user_id>/reject', methods=['POST'])
@admin_required
def reject_user(user_id):
    """拒绝用户注册"""
    user = User.query.get_or_404(user_id)
    
    if user.is_approved:
        flash('该用户已经通过审核，无法拒绝', 'error')
        return redirect(url_for('admin.users'))
    
    # 删除用户及其相关数据
    db.session.delete(user)
    db.session.commit()
    
    flash(f'已拒绝用户 {user.username} 的注册', 'success')
    return redirect(url_for('admin.users'))


@admin_bp.route('/posts')
@admin_required
def posts():
    """待审核帖子列表"""
    pending_posts = Post.query.filter_by(is_approved=False).order_by(Post.created_at.desc()).all()
    approved_posts = Post.query.filter_by(is_approved=True).order_by(Post.created_at.desc()).limit(20).all()
    
    return render_template('admin/posts.html', 
                         pending_posts=pending_posts,
                         approved_posts=approved_posts)


@admin_bp.route('/posts/<int:post_id>/approve', methods=['POST'])
@admin_required
def approve_post(post_id):
    """批准帖子发布"""
    post = Post.query.get_or_404(post_id)
    
    if post.is_approved:
        flash('该帖子已经通过审核', 'info')
        return redirect(url_for('admin.posts'))
    
    post.is_approved = True
    db.session.commit()
    
    flash('已批准该帖子发布', 'success')
    return redirect(url_for('admin.posts'))


@admin_bp.route('/posts/<int:post_id>/reject', methods=['POST'])
@admin_required
def reject_post(post_id):
    """拒绝帖子发布"""
    post = Post.query.get_or_404(post_id)
    
    if post.is_approved:
        flash('该帖子已经通过审核，无法拒绝', 'error')
        return redirect(url_for('admin.posts'))
    
    # 删除帖子
    db.session.delete(post)
    db.session.commit()
    
    flash('已拒绝该帖子发布', 'success')
    return redirect(url_for('admin.posts'))


@admin_bp.route('/create-admin', methods=['GET', 'POST'])
@admin_required
def create_admin():
    """创建新管理员"""
    if request.method == 'POST':
        username = request.form.get('username')
        email = request.form.get('email')
        password = request.form.get('password')
        confirm_password = request.form.get('confirm_password')
        
        if not all([username, email, password, confirm_password]):
            flash('请填写所有字段', 'error')
            return render_template('admin/create_admin.html')
        
        if password != confirm_password:
            flash('两次输入的密码不一致', 'error')
            return render_template('admin/create_admin.html')
        
        if len(password) < 6:
            flash('密码长度至少为6位', 'error')
            return render_template('admin/create_admin.html')
        
        # 检查用户名和邮箱是否已存在
        if User.query.filter_by(username=username).first():
            flash('用户名已被使用', 'error')
            return render_template('admin/create_admin.html')
        
        if User.query.filter_by(email=email).first():
            flash('邮箱已被使用', 'error')
            return render_template('admin/create_admin.html')
        
        # 创建新管理员
        new_admin = User(
            username=username,
            email=email,
            is_approved=True,
            is_admin=True,
            password_changed=True  # 新建管理员默认认为已知晓密码，或者后续再改
        )
        new_admin.set_password(password)
        
        db.session.add(new_admin)
        db.session.commit()
        
        flash(f'成功创建管理员账号: {username}', 'success')
        return redirect(url_for('admin.dashboard'))
    
    return render_template('admin/create_admin.html')