|
|
@@ -14,12 +14,22 @@ from database import get_db_connection
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
-# SSO 角色 → 本地角色映射
|
|
|
+# SSO 角色 → 本地角色映射(支持中英文)
|
|
|
SSO_ROLE_MAPPING = {
|
|
|
+ # 英文角色名
|
|
|
"super_admin": "admin",
|
|
|
"label_admin": "admin",
|
|
|
"admin": "admin",
|
|
|
"labeler": "annotator",
|
|
|
+ "user_manager": "admin",
|
|
|
+ "app_manager": "admin",
|
|
|
+ # 中文角色名
|
|
|
+ "超级管理员": "admin",
|
|
|
+ "标注管理员": "admin",
|
|
|
+ "管理员": "admin",
|
|
|
+ "标注员": "annotator",
|
|
|
+ "用户管理员": "admin",
|
|
|
+ "应用管理员": "admin",
|
|
|
}
|
|
|
DEFAULT_LOCAL_ROLE = "viewer"
|
|
|
|
|
|
@@ -192,6 +202,8 @@ class OAuthService:
|
|
|
is_superuser = bool(oauth_user_info.get("is_superuser", False))
|
|
|
role = oauth_user_info.get("role") or map_sso_roles_to_local(sso_roles, is_superuser)
|
|
|
|
|
|
+ logger.debug(f"sync_user_from_oauth: oauth_id={oauth_id}, username={username}, sso_roles={sso_roles}, computed_role={role}")
|
|
|
+
|
|
|
# 查找是否已存在该 OAuth 用户
|
|
|
cursor.execute(
|
|
|
"SELECT * FROM users WHERE oauth_provider = %s AND oauth_id = %s",
|
|
|
@@ -202,6 +214,7 @@ class OAuthService:
|
|
|
if row:
|
|
|
# 用户已存在,更新信息(包括角色)
|
|
|
user = User.from_row(row)
|
|
|
+ logger.debug(f"User exists: id={user.id}, old_role={user.role}, new_role={role}")
|
|
|
|
|
|
cursor.execute("""
|
|
|
UPDATE users
|
|
|
@@ -210,11 +223,14 @@ class OAuthService:
|
|
|
""", (username, email, role, user.id))
|
|
|
|
|
|
conn.commit()
|
|
|
+ logger.debug(f"User updated in database")
|
|
|
|
|
|
# 重新查询更新后的用户
|
|
|
cursor.execute("SELECT * FROM users WHERE id = %s", (user.id,))
|
|
|
row = cursor.fetchone()
|
|
|
- return User.from_row(row)
|
|
|
+ updated_user = User.from_row(row)
|
|
|
+ logger.debug(f"User after update: role={updated_user.role}")
|
|
|
+ return updated_user
|
|
|
else:
|
|
|
# 新用户,创建记录
|
|
|
user_id = f"user_{datetime.now().strftime('%Y%m%d%H%M%S')}_{secrets.token_hex(4)}"
|
