admin
afcddfaeb9
- 新增基于 JWT 当前用户的登录恢复、角色权限、用户管理、审计日志和演示出厂重置后台接口与前端管理页。 - 重串 GT_label 导出和 GT Mask 导入逻辑:导出保留类别真实 maskid,导入仅接受灰度或 RGB 等通道 maskid 图,支持未知 maskid 策略、尺寸最近邻拉伸和导入预览。 - 统一分割结果导出体验:默认当前帧,按项目抽帧顺序和 XhXXmXXsXXXms 时间戳命名 ZIP 与图片,补齐 GT/Pro/Mix/分开 Mask 输出和映射 JSON。 - 调整工作区左侧工具栏:移除创建点/线段入口,新增画笔、橡皮擦及尺寸控制,并按绘制、布尔、导入/AI 工具分组分隔。 - 扩展 Canvas 编辑能力:画笔按语义分类绘制并可自动并入连通选中 mask,橡皮擦对选中区域扣除,优化布尔操作、选区、撤销重做和保存状态联动。 - 优化自动传播时间轴显示:同一蓝色系按传播新旧递进变暗,老传播记录达到阈值后统一旧记录色,并维护范围选择与清空后的历史显示。 - 将 AI 智能分割入口替换为更明确的 AI 元素图标,并同步侧栏、工作区和 AI 页面入口表现。 - 完善模板分类、maskid 工具函数、分类树联动、遮罩透明度、边缘平滑和传播链同步相关前端状态。 - 扩展后端项目、媒体、任务、Dashboard、模板和传播 runner 的用户隔离、任务控制、进度事件与兼容处理。 - 补充前后端测试,覆盖用户管理、GT_label 往返导入导出、GT Mask 校验和预览、画笔/橡皮擦、时间轴传播历史、导出范围、WebSocket 与 API 封装。 - 更新 AGENTS、README 和 doc 文档,记录当前接口契约、实现状态、测试计划、安装说明和 maskid/GT_label 规则。
159 lines
6.5 KiB
Python
159 lines
6.5 KiB
Python
from models import Annotation, AuditLog, Frame, Mask, ProcessingTask, Project, Template, User
|
|
from routers.auth import create_access_token, hash_password
|
|
from statuses import PROJECT_STATUS_PENDING
|
|
|
|
|
|
def test_admin_user_management_and_audit_logs(client, db_session):
|
|
created = client.post("/api/admin/users", json={
|
|
"username": "doctor",
|
|
"password": "secret123",
|
|
"role": "annotator",
|
|
"is_active": True,
|
|
})
|
|
assert created.status_code == 201
|
|
user_id = created.json()["id"]
|
|
|
|
updated = client.patch(f"/api/admin/users/{user_id}", json={
|
|
"role": "viewer",
|
|
"password": "newsecret",
|
|
"is_active": False,
|
|
})
|
|
assert updated.status_code == 200
|
|
assert updated.json()["role"] == "viewer"
|
|
assert updated.json()["is_active"] == 0
|
|
|
|
users = client.get("/api/admin/users")
|
|
assert users.status_code == 200
|
|
assert any(user["username"] == "doctor" for user in users.json())
|
|
|
|
deleted = client.delete(f"/api/admin/users/{user_id}")
|
|
assert deleted.status_code == 204
|
|
|
|
logs = client.get("/api/admin/audit-logs")
|
|
assert logs.status_code == 200
|
|
actions = [log["action"] for log in logs.json()]
|
|
assert "admin.user_created" in actions
|
|
assert "admin.user_updated" in actions
|
|
assert "admin.user_deleted" in actions
|
|
|
|
|
|
def test_admin_routes_require_admin_role(client, db_session):
|
|
user = User(username="viewer", password_hash=hash_password("secret123"), role="viewer", is_active=1)
|
|
db_session.add(user)
|
|
db_session.commit()
|
|
db_session.refresh(user)
|
|
original_auth = client.headers["Authorization"]
|
|
client.headers.update({"Authorization": f"Bearer {create_access_token(user)}"})
|
|
try:
|
|
response = client.get("/api/admin/users")
|
|
assert response.status_code == 403
|
|
finally:
|
|
client.headers.update({"Authorization": original_auth})
|
|
|
|
|
|
def test_viewer_role_is_read_only_for_business_mutations(client, db_session):
|
|
project = client.post("/api/projects", json={"name": "Readonly Check"}).json()
|
|
user = User(username="readonly", password_hash=hash_password("secret123"), role="viewer", is_active=1)
|
|
db_session.add(user)
|
|
db_session.commit()
|
|
db_session.refresh(user)
|
|
original_auth = client.headers["Authorization"]
|
|
client.headers.update({"Authorization": f"Bearer {create_access_token(user)}"})
|
|
try:
|
|
assert client.get("/api/projects").status_code == 200
|
|
assert client.post("/api/projects", json={"name": "Nope"}).status_code == 403
|
|
assert client.patch(f"/api/projects/{project['id']}", json={"name": "Nope"}).status_code == 403
|
|
assert client.post("/api/ai/annotate", json={"project_id": project["id"]}).status_code == 403
|
|
finally:
|
|
client.headers.update({"Authorization": original_auth})
|
|
|
|
|
|
def test_admin_cannot_delete_self_or_user_with_projects(client, db_session):
|
|
me = client.get("/api/auth/me").json()
|
|
assert client.delete(f"/api/admin/users/{me['id']}").status_code == 400
|
|
|
|
user = User(username="owner", password_hash=hash_password("secret123"), role="annotator", is_active=1)
|
|
db_session.add(user)
|
|
db_session.commit()
|
|
db_session.refresh(user)
|
|
db_session.add(Project(name="Owned", owner_user_id=user.id))
|
|
db_session.commit()
|
|
|
|
response = client.delete(f"/api/admin/users/{user.id}")
|
|
assert response.status_code == 409
|
|
|
|
|
|
def test_demo_factory_reset_leaves_admin_and_unparsed_demo_video(client, db_session, monkeypatch, tmp_path):
|
|
video_path = tmp_path / "Data_MyVideo_1.mp4"
|
|
video_path.write_bytes(b"demo-video")
|
|
monkeypatch.setattr("routers.admin.settings.demo_video_path", str(video_path))
|
|
uploaded = []
|
|
monkeypatch.setattr("routers.admin.upload_file", lambda object_name, data, content_type, length: uploaded.append({
|
|
"object_name": object_name,
|
|
"data": data,
|
|
"content_type": content_type,
|
|
"length": length,
|
|
}))
|
|
|
|
extra_user = User(username="doctor", password_hash=hash_password("secret123"), role="annotator", is_active=1)
|
|
db_session.add(extra_user)
|
|
db_session.commit()
|
|
db_session.refresh(extra_user)
|
|
old_project = Project(name="Old", owner_user_id=extra_user.id, video_path="uploads/old.mp4")
|
|
db_session.add(old_project)
|
|
db_session.commit()
|
|
db_session.refresh(old_project)
|
|
frame = Frame(project_id=old_project.id, frame_index=0, image_url="frames/old.jpg")
|
|
db_session.add(frame)
|
|
task = ProcessingTask(task_type="parse_video", project_id=old_project.id)
|
|
private_template = Template(
|
|
name="Private",
|
|
description="private",
|
|
color="#fff",
|
|
z_index=1,
|
|
owner_user_id=extra_user.id,
|
|
)
|
|
db_session.add_all([task, private_template])
|
|
db_session.commit()
|
|
db_session.refresh(frame)
|
|
annotation = Annotation(project_id=old_project.id, frame_id=frame.id, mask_data={"label": "old"})
|
|
db_session.add(annotation)
|
|
db_session.commit()
|
|
db_session.refresh(annotation)
|
|
db_session.add(Mask(annotation_id=annotation.id, mask_url="masks/old.png"))
|
|
db_session.add(AuditLog(actor_user_id=extra_user.id, action="old.audit"))
|
|
db_session.commit()
|
|
|
|
response = client.post("/api/admin/demo-factory-reset", json={"confirmation": "RESET_DEMO_FACTORY"})
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["message"] == "演示环境已恢复出厂设置"
|
|
assert data["admin_user"]["username"] == "admin"
|
|
assert data["project"]["name"] == "Data_MyVideo_1"
|
|
assert data["project"]["status"] == PROJECT_STATUS_PENDING
|
|
assert data["project"]["frame_count"] == 0
|
|
assert data["project"]["video_path"] == f"uploads/{data['project']['id']}/Data_MyVideo_1.mp4"
|
|
assert uploaded == [{
|
|
"object_name": data["project"]["video_path"],
|
|
"data": b"demo-video",
|
|
"content_type": "video/mp4",
|
|
"length": len(b"demo-video"),
|
|
}]
|
|
|
|
assert [user.username for user in db_session.query(User).all()] == ["admin"]
|
|
assert db_session.query(Project).count() == 1
|
|
assert db_session.query(Frame).count() == 0
|
|
assert db_session.query(Annotation).count() == 0
|
|
assert db_session.query(Mask).count() == 0
|
|
assert db_session.query(ProcessingTask).count() == 0
|
|
assert db_session.query(Template).filter(Template.owner_user_id.is_not(None)).count() == 0
|
|
assert db_session.query(AuditLog).count() == 1
|
|
assert db_session.query(AuditLog).first().action == "admin.demo_factory_reset"
|
|
|
|
|
|
def test_demo_factory_reset_requires_exact_confirmation(client):
|
|
response = client.post("/api/admin/demo-factory-reset", json={"confirmation": "reset"})
|
|
|
|
assert response.status_code == 400
|