feat: add user_status check on login, enable/disable toolbar, fix editexclouded for add user

2026-06-11 16:57:04 +08:00 · 2026-06-11 16:57:04 +08:00 · 52cd71f861
commit 52cd71f861
parent cb9f8bbb4b
4 changed files with 48 additions and 2 deletions
--- a/json/users.json
+++ b/json/users.json
@ -9,8 +9,28 @@
            "exclouded": ["id", "password", "orgid", "nick_name" ],
            "cwidth": {}
        },
-        "editexclouded": [
-            "id", "nick_name", "orgid", "last_login_fail", "last_login", "sync_from"
+        "editexclouded": ["id", "nick_name", "orgid", "last_login_fail", "last_login", "sync_from", "login_fail_count", "created_at"],
+        "record_toolbar": [
+            {
+                "label": "启用",
+                "actiontype": "dspy",
+                "url": "/rbac/users/enable_user.dspy",
+                "options": {
+                    "icon": "check",
+                    "cwidth": 16,
+                    "cheight": 9
+                }
+            },
+            {
+                "label": "禁用",
+                "actiontype": "dspy",
+                "url": "/rbac/users/disable_user.dspy",
+                "options": {
+                    "icon": "block",
+                    "cwidth": 16,
+                    "cheight": 9
+                }
+            }
        ],
        "subtables": [
 			{
--- a/rbac/check_perm.py
+++ b/rbac/check_perm.py
@ -158,6 +158,11 @@ async def checkUserPassword(request, username, password):
 			return False
 		
 		user = recs[0]
+		# Check user status (disabled)
+		user_status = getattr(user, 'user_status', '0') or '0'
+		if user_status != '0':
+			debug(f'User {username} is disabled (status={user_status})')
+			return False
 		fail_count = getattr(user, 'login_fail_count', 0) or 0
 		last_fail = getattr(user, 'last_login_fail', None)
 		
@ -209,6 +214,11 @@ async def basic_auth(sor, request):
 		return None
 	# Check lockout in Python layer (DB-agnostic)
 	user = recs[0]
+	# Check user status (disabled)
+	user_status = getattr(user, 'user_status', '0') or '0'
+	if user_status != '0':
+		debug(f'User {username} is disabled (status={user_status}) via basic auth')
+		return None
 	fail_count = getattr(user, 'login_fail_count', 0) or 0
 	last_fail = getattr(user, 'last_login_fail', None)
 	if _is_locked(fail_count, last_fail):
--- a/wwwroot/users/disable_user.dspy
+++ b/wwwroot/users/disable_user.dspy
@ -0,0 +1,8 @@
+if not params_kw.get('id'):
+	return {"widgettype":"Error","options":{"title":"Error","message":"no user selected","cwidth":16,"cheight":9,"timeout":3}}
+
+dbname = get_module_dbname('rbac')
+db = DBPools()
+async with db.sqlorContext(dbname) as sor:
+	await sor.U('users', {'id': params_kw.id, 'user_status': '1'})
+	return {"widgettype":"Message","options":{"title":"Success","message":"user disabled","cwidth":16,"cheight":9,"timeout":3}}
--- a/wwwroot/users/enable_user.dspy
+++ b/wwwroot/users/enable_user.dspy
@ -0,0 +1,8 @@
+if not params_kw.get('id'):
+	return {"widgettype":"Error","options":{"title":"Error","message":"no user selected","cwidth":16,"cheight":9,"timeout":3}}
+
+dbname = get_module_dbname('rbac')
+db = DBPools()
+async with db.sqlorContext(dbname) as sor:
+	await sor.U('users', {'id': params_kw.id, 'user_status': '0', 'login_fail_count': 0})
+	return {"widgettype":"Message","options":{"title":"Success","message":"user enabled","cwidth":16,"cheight":9,"timeout":3}}