From d3f0eea0ec82d18516ad3c823e5713822dd72595 Mon Sep 17 00:00:00 2001
From: Zhenyu Zheng <zheng.zhenyu@outlook.com>
Date: Tue, 10 Feb 2026 20:15:49 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E7=BC=96=E8=BE=91=E5=92=8C=E5=88=A0=E9=99=A4=E5=8A=9F=E8=83=BD?=
 =?UTF-8?q?=EF=BC=8C=E4=BF=AE=E5=A4=8D=E7=99=BB=E5=BD=95=E9=A1=B5logo?=
 =?UTF-8?q?=E9=BB=91=E8=89=B2=E8=83=8C=E6=99=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 后端新增 PATCH/DELETE /auth/users/{user_id} 端点，支持编辑和删除用户
- 添加安全保护：不能删除自己、不能删除/降级最后一个超级管理员
- 前端用户管理页面新增操作列（编辑、删除按钮）和编辑对话框
- 修复登录页logo图片透明背景渲染为黑色的问题
- 清理旧的 logo.svg 文件
---
 backend/app/api/auth.py           |  98 ++++++++++++++++++++++-
 backend/app/schemas/user.py       |   1 +
 frontend/public/logo.svg          |  45 -----------
 frontend/src/api/auth.ts          |  14 ++++
 frontend/src/views/Login.vue      |   3 +
 frontend/src/views/UserManage.vue | 128 +++++++++++++++++++++++++++++-
 logo.svg                          |  45 -----------
 7 files changed, 241 insertions(+), 93 deletions(-)
 delete mode 100644 frontend/public/logo.svg
 delete mode 100644 logo.svg

diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py
index 34d2d62..32bfd2c 100644
--- a/backend/app/api/auth.py
+++ b/backend/app/api/auth.py
@@ -11,7 +11,7 @@
 from app.models import User
 from app.models.password_reset import PasswordResetToken
 from app.schemas import (
-    LoginRequest, Token, UserCreate, UserOut, UserInfoResponse,
+    LoginRequest, Token, UserCreate, UserUpdate, UserOut, UserInfoResponse,
     InitialSetupRequest, PasswordResetRequest,
     PasswordResetConfirm, SystemStatusResponse,
 )
@@ -245,6 +245,102 @@ def list_all_users(
     return users
 
 
+@router.patch("/users/{user_id}", response_model=UserOut)
+def update_user(
+    user_id: int,
+    user_update: UserUpdate,
+    current_user: User = Depends(get_current_active_superuser),
+    db: Session = Depends(get_db),
+):
+    """
+    Update a user's information. Only superusers can update users.
+    """
+    target_user = db.query(User).filter(User.id == user_id).first()
+    if not target_user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="用户不存在",
+        )
+
+    # Prevent demoting yourself
+    if user_update.is_superuser is False and target_user.id == current_user.id:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="不能取消自己的超级管理员权限",
+        )
+
+    # Prevent demoting the last superuser
+    if user_update.is_superuser is False and target_user.is_superuser:
+        superuser_count = db.query(User).filter(
+            User.is_superuser == True, User.is_default_admin == False  # noqa: E712
+        ).count()
+        if superuser_count <= 1:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="不能取消最后一个超级管理员的权限",
+            )
+
+    # Check email uniqueness if updating email
+    if user_update.email is not None:
+        existing = db.query(User).filter(
+            User.email == user_update.email, User.id != user_id
+        ).first()
+        if existing:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="该邮箱已被其他用户使用",
+            )
+
+    # Apply updates
+    update_data = user_update.model_dump(exclude_unset=True)
+    if "password" in update_data:
+        target_user.hashed_password = get_password_hash(update_data.pop("password"))
+    for field, value in update_data.items():
+        setattr(target_user, field, value)
+
+    db.commit()
+    db.refresh(target_user)
+    return target_user
+
+
+@router.delete("/users/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_user(
+    user_id: int,
+    current_user: User = Depends(get_current_active_superuser),
+    db: Session = Depends(get_db),
+):
+    """
+    Delete a user. Only superusers can delete users.
+    """
+    target_user = db.query(User).filter(User.id == user_id).first()
+    if not target_user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="用户不存在",
+        )
+
+    # Cannot delete yourself
+    if target_user.id == current_user.id:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="不能删除自己的账号",
+        )
+
+    # Cannot delete the last superuser
+    if target_user.is_superuser:
+        superuser_count = db.query(User).filter(
+            User.is_superuser == True, User.is_default_admin == False  # noqa: E712
+        ).count()
+        if superuser_count <= 1:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="不能删除最后一个超级管理员",
+            )
+
+    db.delete(target_user)
+    db.commit()
+
+
 @router.post("/password-reset/request", status_code=status.HTTP_200_OK)
 def request_password_reset(
     reset_request: PasswordResetRequest,
diff --git a/backend/app/schemas/user.py b/backend/app/schemas/user.py
index d021db7..08e7dc7 100644
--- a/backend/app/schemas/user.py
+++ b/backend/app/schemas/user.py
@@ -20,6 +20,7 @@ class UserUpdate(BaseModel):
     full_name: Optional[str] = None
     password: Optional[str] = Field(None, min_length=6, max_length=100)
     is_active: Optional[bool] = None
+    is_superuser: Optional[bool] = None
 
 
 class UserOut(UserBase):
diff --git a/frontend/public/logo.svg b/frontend/public/logo.svg
deleted file mode 100644
index a899ad7..0000000
--- a/frontend/public/logo.svg
+++ /dev/null
@@ -1,45 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 200" width="200" height="200">
-  <defs>
-    <!-- 主渐变 -->
-    <linearGradient id="mainGradient" x1="0%" y1="0%" x2="100%" y2="100%">
-      <stop offset="0%" style="stop-color:#6366F1;stop-opacity:1" />
-      <stop offset="100%" style="stop-color:#8B5CF6;stop-opacity:1" />
-    </linearGradient>
-    <!-- 辅助渐变 -->
-    <linearGradient id="accentGradient" x1="0%" y1="0%" x2="100%" y2="100%">
-      <stop offset="0%" style="stop-color:#06B6D4;stop-opacity:1" />
-      <stop offset="100%" style="stop-color:#3B82F6;stop-opacity:1" />
-    </linearGradient>
-  </defs>
-  
-  <!-- 外层六边形轮廓 -->
-  <g transform="translate(100, 100)">
-    <path d="M 0,-50 L 43,-25 L 43,25 L 0,50 L -43,25 L -43,-25 Z" 
-          fill="none" stroke="url(#mainGradient)" stroke-width="2" opacity="0.3"/>
-  </g>
-  
-  <!-- 中层六边形 -->
-  <g transform="translate(100, 100)">
-    <path d="M 0,-36 L 31,-18 L 31,18 L 0,36 L -31,18 L -31,-18 Z" 
-          fill="url(#accentGradient)" opacity="0.15" stroke="none"/>
-  </g>
-  
-  <!-- 中央六边形 - 核心 -->
-  <g transform="translate(100, 100)">
-    <path d="M 0,-28 L 24,-14 L 24,14 L 0,28 L -24,14 L -24,-14 Z" 
-          fill="url(#mainGradient)" stroke="none"/>
-    
-    <!-- 内部文档图标 -->
-    <rect x="-10" y="-8" width="20" height="3" rx="1" fill="white" opacity="0.95"/>
-    <rect x="-10" y="-2" width="20" height="3" rx="1" fill="white" opacity="0.95"/>
-    <rect x="-10" y="4" width="12" height="3" rx="1" fill="white" opacity="0.95"/>
-  </g>
-  
-  <!-- 六个小圆点 - 在外层六边形的顶点 -->
-  <circle cx="100" cy="50" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="143" cy="75" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="143" cy="125" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="100" cy="150" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="57" cy="125" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="57" cy="75" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-</svg>
diff --git a/frontend/src/api/auth.ts b/frontend/src/api/auth.ts
index e185372..03cf913 100644
--- a/frontend/src/api/auth.ts
+++ b/frontend/src/api/auth.ts
@@ -83,3 +83,17 @@ export async function listAllUsers(): Promise<User[]> {
   const { data } = await apiClient.get<User[]>('/auth/users')
   return data
 }
+
+export async function updateUser(userId: number, userData: {
+  email?: string
+  full_name?: string
+  is_superuser?: boolean
+  is_active?: boolean
+}): Promise<User> {
+  const { data } = await apiClient.patch<User>(`/auth/users/${userId}`, userData)
+  return data
+}
+
+export async function deleteUser(userId: number): Promise<void> {
+  await apiClient.delete(`/auth/users/${userId}`)
+}
diff --git a/frontend/src/views/Login.vue b/frontend/src/views/Login.vue
index c72250c..c63dc6e 100644
--- a/frontend/src/views/Login.vue
+++ b/frontend/src/views/Login.vue
@@ -164,6 +164,9 @@ const handleLogin = async () => {
     height: auto;
     margin: 0 auto 16px;
     display: block;
+    background-color: #fff;
+    border-radius: 8px;
+    padding: 8px;
   }
 
   h2 {
diff --git a/frontend/src/views/UserManage.vue b/frontend/src/views/UserManage.vue
index fed0d09..af9d029 100644
--- a/frontend/src/views/UserManage.vue
+++ b/frontend/src/views/UserManage.vue
@@ -29,6 +29,17 @@
         <el-table-column prop="created_at" label="创建时间" width="180">
           <template #default="{ row }">{{ formatDate(row.created_at) }}</template>
         </el-table-column>
+        <el-table-column label="操作" width="150" fixed="right">
+          <template #default="{ row }">
+            <el-button size="small" @click="showEditDialog(row)">编辑</el-button>
+            <el-button
+              v-if="row.id !== currentUser?.id"
+              size="small"
+              type="danger"
+              @click="handleDelete(row)"
+            >删除</el-button>
+          </template>
+        </el-table-column>
       </el-table>
     </el-card>
 
@@ -71,21 +82,64 @@
         <el-button type="primary" @click="handleRegister" :loading="submitting">注册</el-button>
       </template>
     </el-dialog>
+
+    <!-- Edit User Dialog -->
+    <el-dialog v-model="editDialogVisible" title="编辑用户" width="480px">
+      <el-form
+        ref="editFormRef"
+        :model="editForm"
+        :rules="editRules"
+        label-width="80px"
+      >
+        <el-form-item label="用户名">
+          <el-input :model-value="editForm.username" disabled />
+        </el-form-item>
+        <el-form-item label="邮箱" prop="email">
+          <el-input v-model="editForm.email" placeholder="邮箱地址" />
+        </el-form-item>
+        <el-form-item label="姓名">
+          <el-input v-model="editForm.full_name" placeholder="姓名（可选）" />
+        </el-form-item>
+        <el-form-item label="状态">
+          <el-switch
+            v-model="editForm.is_active"
+            active-text="活跃"
+            inactive-text="禁用"
+            :disabled="editForm.id === currentUser?.id"
+          />
+        </el-form-item>
+        <el-form-item label="用户类型">
+          <el-checkbox v-model="editForm.is_superuser">
+            超级管理员
+          </el-checkbox>
+        </el-form-item>
+      </el-form>
+      <template #footer>
+        <el-button @click="editDialogVisible = false">取消</el-button>
+        <el-button type="primary" @click="handleEdit" :loading="submitting">保存</el-button>
+      </template>
+    </el-dialog>
   </div>
 </template>
 
 <script setup lang="ts">
 import { ref, onMounted } from 'vue'
-import { ElMessage, type FormInstance, type FormRules } from 'element-plus'
+import { ElMessage, ElMessageBox, type FormInstance, type FormRules } from 'element-plus'
 import { Plus } from '@element-plus/icons-vue'
-import { listAllUsers, register } from '../api/auth'
+import { listAllUsers, register, updateUser, deleteUser } from '../api/auth'
+import { useAuthStore } from '../stores/auth'
 import type { User } from '../stores/auth'
 
+const authStore = useAuthStore()
+const currentUser = authStore.user
+
 const users = ref<User[]>([])
 const loading = ref(false)
 const registerDialogVisible = ref(false)
+const editDialogVisible = ref(false)
 const submitting = ref(false)
 const registerFormRef = ref<FormInstance>()
+const editFormRef = ref<FormInstance>()
 
 const registerForm = ref({
   username: '',
@@ -95,6 +149,15 @@ const registerForm = ref({
   is_superuser: false,
 })
 
+const editForm = ref({
+  id: 0,
+  username: '',
+  email: '',
+  full_name: '',
+  is_active: true,
+  is_superuser: false,
+})
+
 const registerRules: FormRules = {
   username: [
     { required: true, message: '请输入用户名', trigger: 'blur' },
@@ -110,6 +173,13 @@ const registerRules: FormRules = {
   ],
 }
 
+const editRules: FormRules = {
+  email: [
+    { required: true, message: '请输入邮箱', trigger: 'blur' },
+    { type: 'email', message: '请输入有效的邮箱地址', trigger: 'blur' },
+  ],
+}
+
 async function loadUsers() {
   loading.value = true
   try {
@@ -126,6 +196,18 @@ function showRegisterDialog() {
   registerDialogVisible.value = true
 }
 
+function showEditDialog(user: User) {
+  editForm.value = {
+    id: user.id,
+    username: user.username,
+    email: user.email,
+    full_name: user.full_name || '',
+    is_active: user.is_active,
+    is_superuser: user.is_superuser,
+  }
+  editDialogVisible.value = true
+}
+
 async function handleRegister() {
   if (!registerFormRef.value) return
   await registerFormRef.value.validate()
@@ -149,6 +231,48 @@ async function handleRegister() {
   }
 }
 
+async function handleEdit() {
+  if (!editFormRef.value) return
+  await editFormRef.value.validate()
+
+  submitting.value = true
+  try {
+    await updateUser(editForm.value.id, {
+      email: editForm.value.email,
+      full_name: editForm.value.full_name || undefined,
+      is_active: editForm.value.is_active,
+      is_superuser: editForm.value.is_superuser,
+    })
+    ElMessage.success('用户信息已更新')
+    editDialogVisible.value = false
+    await loadUsers()
+  } catch (e: any) {
+    ElMessage.error(e?.response?.data?.detail || '更新失败')
+  } finally {
+    submitting.value = false
+  }
+}
+
+async function handleDelete(user: User) {
+  try {
+    await ElMessageBox.confirm(
+      `确定要删除用户「${user.username}」吗？此操作不可恢复。`,
+      '确认删除',
+      { confirmButtonText: '删除', cancelButtonText: '取消', type: 'warning' },
+    )
+  } catch {
+    return
+  }
+
+  try {
+    await deleteUser(user.id)
+    ElMessage.success('用户已删除')
+    await loadUsers()
+  } catch (e: any) {
+    ElMessage.error(e?.response?.data?.detail || '删除失败')
+  }
+}
+
 function formatDate(d: string) {
   return new Date(d).toLocaleString('zh-CN')
 }
diff --git a/logo.svg b/logo.svg
deleted file mode 100644
index a899ad7..0000000
--- a/logo.svg
+++ /dev/null
@@ -1,45 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 200" width="200" height="200">
-  <defs>
-    <!-- 主渐变 -->
-    <linearGradient id="mainGradient" x1="0%" y1="0%" x2="100%" y2="100%">
-      <stop offset="0%" style="stop-color:#6366F1;stop-opacity:1" />
-      <stop offset="100%" style="stop-color:#8B5CF6;stop-opacity:1" />
-    </linearGradient>
-    <!-- 辅助渐变 -->
-    <linearGradient id="accentGradient" x1="0%" y1="0%" x2="100%" y2="100%">
-      <stop offset="0%" style="stop-color:#06B6D4;stop-opacity:1" />
-      <stop offset="100%" style="stop-color:#3B82F6;stop-opacity:1" />
-    </linearGradient>
-  </defs>
-  
-  <!-- 外层六边形轮廓 -->
-  <g transform="translate(100, 100)">
-    <path d="M 0,-50 L 43,-25 L 43,25 L 0,50 L -43,25 L -43,-25 Z" 
-          fill="none" stroke="url(#mainGradient)" stroke-width="2" opacity="0.3"/>
-  </g>
-  
-  <!-- 中层六边形 -->
-  <g transform="translate(100, 100)">
-    <path d="M 0,-36 L 31,-18 L 31,18 L 0,36 L -31,18 L -31,-18 Z" 
-          fill="url(#accentGradient)" opacity="0.15" stroke="none"/>
-  </g>
-  
-  <!-- 中央六边形 - 核心 -->
-  <g transform="translate(100, 100)">
-    <path d="M 0,-28 L 24,-14 L 24,14 L 0,28 L -24,14 L -24,-14 Z" 
-          fill="url(#mainGradient)" stroke="none"/>
-    
-    <!-- 内部文档图标 -->
-    <rect x="-10" y="-8" width="20" height="3" rx="1" fill="white" opacity="0.95"/>
-    <rect x="-10" y="-2" width="20" height="3" rx="1" fill="white" opacity="0.95"/>
-    <rect x="-10" y="4" width="12" height="3" rx="1" fill="white" opacity="0.95"/>
-  </g>
-  
-  <!-- 六个小圆点 - 在外层六边形的顶点 -->
-  <circle cx="100" cy="50" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="143" cy="75" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="143" cy="125" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="100" cy="150" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="57" cy="125" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-  <circle cx="57" cy="75" r="3" fill="url(#mainGradient)" opacity="0.6"/>
-</svg>