019e9702fc
fix: use setValue() on codeid field widget instead of direct value assignment
2026-05-30 13:36:54 +08:00
cec79caf88
fix: phone login form.setValue is not a function - use name_inputs direct value set
2026-05-30 13:35:07 +08:00
fa9f7f5146
fix: wrap Tabular in VBox with cheight for proper scrolling
2026-05-29 22:09:56 +08:00
342fc6652a
refactor: rewrite SMS login UI using pure bricks patterns
...
- login.ui: use actiontype:urlwidget for Form submit → code_login.dspy
- Removed custom JavaScript (phone_login.js)
- Send code button: minimal script action to fetch and set form value
- Login flow: bricks returns Message/Error/VBox widgets directly
- Multi-account selection: code_login.dspy returns VBox with Buttons
2026-05-29 11:58:30 +08:00
8528eebf10
revert: restore gen_sms_code.dspy (API used by other systems)
2026-05-29 11:38:35 +08:00
e65fddbe61
revert: restore phone_login.dspy to original (API used by other systems)
2026-05-29 11:37:39 +08:00
cf186a632b
fix: revert uitype to 'hide' (bricks framework uses 'hide' not 'hidden')
2026-05-29 11:36:05 +08:00
567513789e
feat: rewrite SMS login UI with fetch-based flow matching phone_login.dspy API
...
- login.ui: SMS tab now uses fetch for gen_sms_code.dspy and phone_login.dspy
- Added _webbricks_=1 to fetch URLs (prevents HTML wrapping)
- Added 60s countdown timer on send-code button
- Added multi-account selection UI (status=choose response)
- Fixed uitype 'hide' -> 'hidden' for codeid field
- Dispatches user_logined event after successful phone login
- gen_sms_code.dspy: improved error message for SMS service config issues
- phone_login.dspy: added mark_used parameter for multi-account flow
- phone_login.js: sageSelectAccount handler for account selection
2026-05-29 11:31:39 +08:00
cfd3810a0a
fix: remove _webbricks_=1 from SMS code generation API call
...
The _webbricks_=1 parameter was causing the response to be wrapped as a widget instead of plain JSON, which prevented the frontend from correctly parsing the response and setting the codeid field.
Now the API returns plain JSON {status: 'ok', data: {key: '...'}} and the form's hidden codeid field gets properly set after successful SMS generation.
2026-05-28 18:39:25 +08:00
969a72b528
fix: SMS verification code URL - replace undefined bricks.app.baseUrl with entire_url template
...
The send verification code button was sending requests to https://token.opencomputing.cn/undefined/rbac/gen_sms_code.dspy because bricks.app.baseUrl doesn't exist in the bricks framework (it uses baseURI on widgets).
Fix: Use Jinja2 entire_url() template function like all other URLs in the file.
2026-05-28 18:24:39 +08:00
ff03efb50a
fix: Button label更新改用set_otext()支持国际化
...
set_text()直接设置innerHTML跳过i18n翻译,
set_otext()会先调用i18n._()翻译再set_text,
与Button初始化时i18n:true的配置保持一致。
2026-05-28 17:00:57 +08:00
f44104b8a5
fix: Button label更新使用text_w.set_text()替代options.label赋值
...
根因:
1. script上下文中this为undefined,无法通过this.options.label访问
2. btn.options.label只修改属性不更新DOM,需调用text_w.set_text()
3. Button内部label是bricks.Text子组件(text_w),需通过其API更新
2026-05-28 16:52:26 +08:00
53111aa2fd
fix: Form.getValue()返回FormData对象,改用_getValue()获取普通对象
...
根因:bricks Form的getValue()内部调用get_formdata()返回浏览器
原生FormData对象,不支持.cell_no属性访问。
改用_getValue()返回{name:value}普通JS对象。
2026-05-28 16:27:56 +08:00
92627c9c96
fix: 手机验证码tab改用VBox+独立Button,避免toolbar tool触发submit导致tab跳转
...
根因:Form toolbar tool点击会同时触发Form的submit事件,
submit的urlwidget替换Form后TabPanel重置到第一个tab。
改为VBox包裹Form和独立Button,Button通过bricks.getWidgetById
读取Form值,fetch加_webbricks_=1确保返回纯JSON。
2026-05-28 15:03:50 +08:00
7200ee43a0
fix: 手机验证码gen_code按钮用datawidget/datamethod传表单值给script
...
原script中this.getValue()在toolbar tool事件上下文中拿不到表单数据,
改用datawidget/datamethod机制将表单值通过params传入script。
回写codeid用.bind(this)保持Form引用。
2026-05-28 14:10:37 +08:00
de21b9fd38
feat: 手机验证码登录对接 + 注册tab + user_logined事件派发
...
- 新增 code_login.dspy: 接收前端表单(cell_no/codeid/check_code)
映射到sms_engine验证,返回UI widget含自动登录binds
- 修复 login.ui 手机验证码tab: gen_code按钮改用script调用
gen_sms_code.dspy并回写key到隐藏字段,submit指向code_login.dspy
- login.ui 新增注册tab: 用户名/手机号/密码/确认密码表单
- register.dspy: 注册成功后自动remember_user并返回含binds的
Message widget(加载userinfo、销毁登录窗、派发user_logined)
- up_login.dspy: 补充user_logined事件派发bind
- load_path.py: code_login.dspy加入any权限,gen_sms_code.dspy
从logined移至any(验证码发送在登录前)
2026-05-28 13:50:17 +08:00
54b0f3d7b6
fix: dispatch user_logined event after successful login
...
After login message is dismissed, dispatches 'user_logined' on bricks.app
so the sidebar menu reloads without requiring manual page reload.
2026-05-28 13:42:03 +08:00
9d2a94131a
feat: improve logout.dspy with refresh button
...
After logout, show success message with a button to reload the page,
which triggers the sidebar menu to re-render with unauthenticated state.
2026-05-27 17:58:15 +08:00
835a2ff3f7
fix: add filler css + overflowY:auto to content container
2026-05-26 13:57:42 +08:00
1b21f46336
feat: add index.ui as module entry with user management, path roles, and unauth file scan cards
2026-05-26 12:11:32 +08:00
f8c8a4ce4d
refactor: move RBAC tools logic to rbac/rbac_tools.py, dspy files call via request._run_ns
2026-05-26 09:32:38 +08:00
0b456486db
feat: add RBAC tools — list_path_roles, find_unauth_files, and permission registration script
2026-05-26 09:18:04 +08:00
c53c16d54c
feat: add RBAC tools — list_path_roles and find_unauth_files
2026-05-26 09:12:33 +08:00
04552941e5
bugfix
2026-05-22 16:54:08 +08:00
0ac6c83ead
bugfix
2026-05-18 16:00:42 +08:00
d168326f09
bugfix
2026-05-18 15:31:00 +08:00
3f2001378e
bugfix
2026-05-18 15:25:43 +08:00
d96444cf60
fix: replace getID() with uuid() in dspy context
2026-05-13 11:50:24 +08:00
cd82b345aa
fix: use dappid+userid for downapikey query/insert, matching actual table schema
2026-05-13 11:44:34 +08:00
f313877f4b
fix: remove non-existent kwdownapikey table, use downapikey directly for per-user apikey lookup
2026-05-13 11:22:04 +08:00
fe7025ac0f
fix: use kwdownapikey for per-user apikey existence check to prevent same org sharing apikey
2026-05-12 20:12:19 +08:00
d57d165a08
fix: add openCustomerAccounts call and fix sync message in usersync
2026-05-12 18:54:15 +08:00
59c321d941
fix: check user existence and register user/org if missing using rbac functions
2026-05-12 18:46:02 +08:00
e7193933ae
fix: ensure user and org are created in users table before apikey creation in usersync
2026-05-12 18:37:23 +08:00
2fb9098699
fix: correct indentation in batch loop, fix for-else bug causing continue syntax error
2026-05-12 18:30:56 +08:00
3bb57dafd7
fix: convert tabs to spaces in usersync/index.dspy to resolve TabError
2026-05-12 18:20:24 +08:00
f1ed6ad151
fix: verify user exists before returning existing apikey in usersync, clean stale downapikey records
2026-05-12 18:13:50 +08:00
09acce0637
fix: remove ServerEnv() usage in dspy script, change expires_at to expired_date
2026-05-12 18:03:32 +08:00
fb5a24c240
fix: add POST method to register form submit binding
2026-05-12 10:41:50 +08:00
ceb26adf53
feat: 添加用户同步接口 /rbac/usersync/
...
- 新增POST接口支持单个和批量用户同步到dapi模块
- 返回每个用户的dapi apikey
- 优先调用dapi模块的create_user_apikey函数
- 添加API说明书文档
2026-05-11 15:10:56 +08:00
ccf66ecd23
bugfix
2026-04-26 20:27:54 +08:00
0d5878f2ea
bugfix
2026-04-26 20:25:05 +08:00
a460c0b888
bugfix
2026-04-26 20:24:53 +08:00
fdabfc2261
bugfix
2026-04-26 20:14:56 +08:00
90e9e943b2
bugfix
2026-04-26 15:14:33 +08:00
7b36e2d159
bugfix
2026-04-26 15:02:32 +08:00
59f68c3141
bugfix
2026-04-26 15:01:05 +08:00
afceb713b7
bugfix
2026-04-26 12:29:35 +08:00
c0c9d0a489
fix: change datetime.now() to datetime.datetime.now() in up_login.dspy
...
ahserver pre-loads 'import datetime' module, so datetime class must be
accessed as datetime.datetime, not directly as datetime (which was only
valid when 'from datetime import datetime' was used).
2026-04-26 11:37:30 +08:00
1b5ae8aba9
fix: remove unnecessary 'from datetime import datetime' in up_login.dspy
...
datetime module is pre-loaded by ahserver framework, import statements
are not needed and not supported in .dspy files.
2026-04-26 11:32:48 +08:00
