fix: harden auth flows and align api contracts
This commit is contained in:
Your Name
@@ -355,7 +355,7 @@ func (h *UserHandler) UpdateUserStatus(c *gin.Context) {
|
||||
// @Produce json
|
||||
// @Security BearerAuth
|
||||
// @Param id path int true "用户ID"
|
||||
// @Success 200 {object} Response{data=[]domain.Role} "角色列表"
|
||||
// @Success 200 {object} Response{data=[]SwaggerRole} "角色列表"
|
||||
// @Failure 403 {object} Response "无权限"
|
||||
// @Failure 404 {object} Response "用户不存在"
|
||||
// @Router /api/v1/users/{id}/roles [get]
|
||||
@@ -399,7 +399,7 @@ func (h *UserHandler) GetUserRoles(c *gin.Context) {
|
||||
// @Failure 400 {object} Response "请求参数错误"
|
||||
// @Failure 403 {object} Response "无权限"
|
||||
// @Failure 404 {object} Response "用户不存在"
|
||||
// @Router /api/v1/users/{id}/roles [post]
|
||||
// @Router /api/v1/users/{id}/roles [put]
|
||||
func (h *UserHandler) AssignRoles(c *gin.Context) {
|
||||
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
|
||||
if err != nil {
|
||||
@@ -488,7 +488,7 @@ func (h *UserHandler) BatchDelete(c *gin.Context) {
|
||||
// @Security BearerAuth
|
||||
// @Success 200 {object} Response{data=[]UserResponse} "管理员列表"
|
||||
// @Failure 403 {object} Response "无权限"
|
||||
// @Router /api/v1/users/admins [get]
|
||||
// @Router /api/v1/admin/admins [get]
|
||||
func (h *UserHandler) ListAdmins(c *gin.Context) {
|
||||
admins, err := h.userService.ListAdmins(c.Request.Context())
|
||||
if err != nil {
|
||||
@@ -515,7 +515,7 @@ func (h *UserHandler) ListAdmins(c *gin.Context) {
|
||||
// @Success 201 {object} Response{data=UserResponse} "管理员创建成功"
|
||||
// @Failure 400 {object} Response "请求参数错误"
|
||||
// @Failure 403 {object} Response "无权限"
|
||||
// @Router /api/v1/users/admins [post]
|
||||
// @Router /api/v1/admin/admins [post]
|
||||
func (h *UserHandler) CreateAdmin(c *gin.Context) {
|
||||
var req struct {
|
||||
Username string `json:"username" binding:"required"`
|
||||
@@ -556,7 +556,7 @@ func (h *UserHandler) CreateAdmin(c *gin.Context) {
|
||||
// @Failure 400 {object} Response "无效的用户ID"
|
||||
// @Failure 403 {object} Response "无权限"
|
||||
// @Failure 409 {object} Response "无法删除(最后管理员或自删)"
|
||||
// @Router /api/v1/users/admins/{id} [delete]
|
||||
// @Router /api/v1/admin/admins/{id} [delete]
|
||||
func (h *UserHandler) DeleteAdmin(c *gin.Context) {
|
||||
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user