table_game/backend/app/routers/admin_announcement.py

from fastapi import APIRouter, HTTPException
from pydantic import BaseModel
from datetime import datetime
from ..db import get_connection
from ..utils.jwt_handler import verify_token

router = APIRouter()

class CreateAnnouncementRequest(BaseModel):
    token: str
    text: str
    start_time: datetime
    end_time: datetime
    color: str = "#ffffff"

class DeleteAnnouncementRequest(BaseModel):
    token: str
    announcement_id: int

def _verify_admin_permission(token: str):
    """公共权限验证方法"""
    try:
        payload = verify_token(token)
        username = payload["sub"]
    except ValueError as e:
        raise HTTPException(status_code=401, detail=str(e))

    connection = get_connection()
    try:
        cursor = connection.cursor(dictionary=True)
        cursor.execute("SELECT user_type FROM users WHERE username = %s;", (username,))
        admin_user = cursor.fetchone()

        if not admin_user or admin_user["user_type"] != "admin":
            raise HTTPException(status_code=403, detail="Permission denied")
        return username
    finally:
        cursor.close()
        connection.close()

@router.post("/create")
def create_announcement(request: CreateAnnouncementRequest):
    _verify_admin_permission(request.token)
    conn = get_connection()
    try:
        cursor = conn.cursor()
        cursor.execute("""
            INSERT INTO announcements 
            (text, start_time, end_time, color)
            VALUES (%s, %s, %s, %s)
        """, (request.text,
              request.start_time, request.end_time, request.color))
        conn.commit()
        return {"message": "公告创建成功"}
    finally:
        cursor.close()
        conn.close()

@router.post("/delete")
def delete_announcement(request: DeleteAnnouncementRequest):
    _verify_admin_permission(request.token)
    conn = get_connection()
    try:
        cursor = conn.cursor()
        cursor.execute("DELETE FROM announcements WHERE id = %s",
                      (request.announcement_id,))
        conn.commit()
        return {"message": "公告删除成功"}
    finally:
        cursor.close()
        conn.close()

@router.get("/list")
def get_all_announcements():
    conn = get_connection()
    try:
        cursor = conn.cursor(dictionary=True)
        cursor.execute("""
            SELECT id, text, start_time, end_time, color, created_at 
            FROM announcements  
            ORDER BY created_at DESC
        """)
        return cursor.fetchall()
    finally:
        cursor.close()
        conn.close()