há 1 mês atrás · a2c1291f5e
--- a/backend/services/oauth_service.py
+++ b/backend/services/oauth_service.py
@@ -14,12 +14,22 @@ from database import get_db_connection
 
				 
			
 
				 logger = logging.getLogger(__name__)
			
 
				 
			
 
				-# SSO 角色 → 本地角色映射
			
 
				+# SSO 角色 → 本地角色映射（支持中英文）
			
 
				 SSO_ROLE_MAPPING = {
			
 
				+    # 英文角色名
			
 
				     "super_admin": "admin",
			
 
				     "label_admin": "admin",
			
 
				     "admin": "admin",
			
 
				     "labeler": "annotator",
			
 
				+    "user_manager": "admin",
			
 
				+    "app_manager": "admin",
			
 
				+    # 中文角色名
			
 
				+    "超级管理员": "admin",
			
 
				+    "标注管理员": "admin",
			
 
				+    "管理员": "admin",
			
 
				+    "标注员": "annotator",
			
 
				+    "用户管理员": "admin",
			
 
				+    "应用管理员": "admin",
			
 
				 }
			
 
				 DEFAULT_LOCAL_ROLE = "viewer"
			
 
				 
			
@@ -192,6 +202,8 @@ class OAuthService:
 
				             is_superuser = bool(oauth_user_info.get("is_superuser", False))
			
 
				             role = oauth_user_info.get("role") or map_sso_roles_to_local(sso_roles, is_superuser)
			
 
				             
			
 
				+            logger.debug(f"sync_user_from_oauth: oauth_id={oauth_id}, username={username}, sso_roles={sso_roles}, computed_role={role}")
			
 
				+            
			
 
				             # 查找是否已存在该 OAuth 用户
			
 
				             cursor.execute(
			
 
				                 "SELECT * FROM users WHERE oauth_provider = %s AND oauth_id = %s",
			
@@ -202,6 +214,7 @@ class OAuthService:
 
				             if row:
			
 
				                 # 用户已存在，更新信息（包括角色）
			
 
				                 user = User.from_row(row)
			
 
				+                logger.debug(f"User exists: id={user.id}, old_role={user.role}, new_role={role}")
			
 
				                 
			
 
				                 cursor.execute("""
			
 
				                     UPDATE users 
			
@@ -210,11 +223,14 @@ class OAuthService:
 
				                 """, (username, email, role, user.id))
			
 
				                 
			
 
				                 conn.commit()
			
 
				+                logger.debug(f"User updated in database")
			
 
				                 
			
 
				                 # 重新查询更新后的用户
			
 
				                 cursor.execute("SELECT * FROM users WHERE id = %s", (user.id,))
			
 
				                 row = cursor.fetchone()
			
 
				-                return User.from_row(row)
			
 
				+                updated_user = User.from_row(row)
			
 
				+                logger.debug(f"User after update: role={updated_user.role}")
			
 
				+                return updated_user
			
 
				             else:
			
 
				                 # 新用户，创建记录
			
 
				                 user_id = f"user_{datetime.now().strftime('%Y%m%d%H%M%S')}_{secrets.token_hex(4)}"