142 lines
6.9 KiB
Python
142 lines
6.9 KiB
Python
import re
|
|
|
|
from django.db import transaction, IntegrityError
|
|
from rest_framework import status
|
|
from rest_framework.decorators import api_view, permission_classes, throttle_classes
|
|
from rest_framework.permissions import IsAuthenticated
|
|
from rest_framework.response import Response
|
|
from rest_framework import serializers as drf_serializers
|
|
from drf_spectacular.utils import extend_schema, inline_serializer
|
|
|
|
from config.exceptions import AppError
|
|
from apps.user.models import User, Department
|
|
from apps.user.permissions import IsRegisterPermitted
|
|
from apps.user.throttling import RegisterIpThrottle
|
|
from apps.user.audit import log_register
|
|
from apps.user.auth import (
|
|
build_user_response, REGISTERABLE_ROLES,
|
|
resolve_or_create_institution,
|
|
)
|
|
|
|
DEFAULT_PASSWORD_PREFIX = 'Pass'
|
|
|
|
|
|
@extend_schema(
|
|
summary='U2 管理员代注册',
|
|
description='CMS 管理员为他人注册账号,无需验证码。**仅超级管理员 / 医院管理员可调用**:'
|
|
'超级管理员可创建所有角色、可指定或新建任意机构;'
|
|
'医院管理员可创建内容管理员 / 医生 / 学生,且**只能在本机构内**建账号。'
|
|
'默认密码为 Pass+手机号(如 Pass13800001001),用户可自行修改。'
|
|
'**不返回 tokens**,新用户需自行登录(CMS 用 U3、移动端学生用 U4)。',
|
|
request=inline_serializer('RegisterRequest', fields={
|
|
'phone': drf_serializers.CharField(help_text='手机号'),
|
|
'real_name': drf_serializers.CharField(help_text='真实姓名'),
|
|
'role_type': drf_serializers.ChoiceField(
|
|
choices=['student', 'doctor', 'content_admin', 'hospital_admin', 'super_admin'],
|
|
required=False, default='student', help_text='角色类型(受调用者角色限制)'),
|
|
'institution_code': drf_serializers.CharField(
|
|
help_text='机构编码(超管必填;医院管理员可省略,默认本机构,若填须与本机构一致)'),
|
|
'institution_name': drf_serializers.CharField(help_text='机构名称(超管新建机构时必填)'),
|
|
'department_name': drf_serializers.CharField(required=False, help_text='科室名称'),
|
|
}),
|
|
responses={201: inline_serializer('RegisterResponse', fields={
|
|
'message': drf_serializers.CharField(),
|
|
'user': drf_serializers.DictField(help_text='用户基本信息'),
|
|
})},
|
|
tags=['认证'],
|
|
)
|
|
@api_view(['POST'])
|
|
@permission_classes([IsAuthenticated, IsRegisterPermitted])
|
|
@throttle_classes([RegisterIpThrottle])
|
|
def register(request):
|
|
"""U2 管理员代注册(仅超级管理员 / 医院管理员,无需验证码)"""
|
|
data = request.data
|
|
|
|
phone = str(data.get('phone', ''))
|
|
real_name = str(data.get('real_name', ''))
|
|
role_type = str(data.get('role_type', 'student'))
|
|
institution_code = str(data.get('institution_code', '')).strip()
|
|
institution_name = str(data.get('institution_name', '')).strip()
|
|
department_name = data.get('department_name') or ''
|
|
|
|
# ── 入参校验 ──────────────────────────────────────────────────────────────
|
|
|
|
if not re.match(r'^1[3-9]\d{9}$', phone):
|
|
raise AppError('SMS_INVALID_PHONE', '手机号格式不合法')
|
|
|
|
if not real_name or len(real_name) < 2 or len(real_name) > 20:
|
|
raise AppError('USER_INVALID_NAME', '姓名长度应在 2-20 字符之间')
|
|
|
|
actor = request.user
|
|
|
|
# 目标角色须在调用者可创建的范围内(超管可建全部;医院管理员仅内容管理员/医生/学生)
|
|
allowed_roles = REGISTERABLE_ROLES.get(actor.role_type, ())
|
|
if role_type not in allowed_roles:
|
|
raise AppError('USER_NO_REGISTER_ROLE_PERMISSION',
|
|
'您无权创建该角色账号', status_code=403)
|
|
|
|
password = f'{DEFAULT_PASSWORD_PREFIX}{phone}'
|
|
|
|
# ── 机构解析:超管任意;医院管理员仅限本机构 ─────────────────────────────
|
|
|
|
if actor.role_type == 'hospital_admin':
|
|
if not actor.institution_id:
|
|
raise AppError('USER_NO_REGISTER_INSTITUTION',
|
|
'您未归属任何机构,无法代注册', status_code=403)
|
|
institution = actor.institution
|
|
# 若显式指定机构且与本机构不一致 → 拒绝(医院管理员不能跨机构建账号)
|
|
if institution_code and institution_code != institution.code:
|
|
raise AppError('USER_INSTITUTION_SCOPE_FORBIDDEN',
|
|
'医院管理员只能在本机构内建账号', status_code=403)
|
|
else:
|
|
# super_admin:机构编码 + 名称必填,按 code 查找或新建
|
|
if not institution_code:
|
|
raise AppError('USER_INSTITUTION_CODE_REQUIRED', '机构编码不能为空')
|
|
if not institution_name:
|
|
raise AppError('USER_INSTITUTION_REQUIRED', '机构名称不能为空')
|
|
institution = resolve_or_create_institution(institution_code, institution_name)
|
|
|
|
# ── 科室解析(可选)──────────────────────────────────────────────────────
|
|
|
|
department = None
|
|
if department_name:
|
|
qs = Department.objects.filter(name=department_name, institution=institution)
|
|
cnt = qs.count()
|
|
if cnt == 0:
|
|
raise AppError('USER_DEPARTMENT_NOT_FOUND', f'科室"{department_name}"不存在')
|
|
if cnt > 1:
|
|
raise AppError('USER_DEPARTMENT_AMBIGUOUS',
|
|
f'科室"{department_name}"不唯一')
|
|
department = qs.first()
|
|
|
|
# ── 事务内创建用户 ────────────────────────────────────────────────────────
|
|
|
|
try:
|
|
with transaction.atomic():
|
|
if User.objects.filter(phone=phone).exists():
|
|
raise AppError('AUTH_PHONE_REGISTERED', '该手机号已注册')
|
|
|
|
user = User.objects.create_user(
|
|
username=phone,
|
|
password=password,
|
|
phone=phone,
|
|
real_name=real_name,
|
|
role_type=role_type,
|
|
institution=institution,
|
|
department=department,
|
|
status=1,
|
|
)
|
|
except AppError:
|
|
raise
|
|
except IntegrityError:
|
|
raise AppError('AUTH_PHONE_REGISTERED', '该手机号已注册')
|
|
|
|
# ── 善后 ──────────────────────────────────────────────────────────────────
|
|
|
|
log_register(user.id, phone)
|
|
|
|
return Response({
|
|
'message': '注册成功',
|
|
'user': build_user_response(user),
|
|
}, status=status.HTTP_201_CREATED)
|