我正在尝试使用户和管理员的登录页面相同。我通过在表单中放置一个复选框来区分它们,并且 userDashboard 的登录工作正常,但 AdminDashboard 无法正常工作,它给了我如下错误,这里我以管理员身份登录系统,但给予的特权他无法访问 admin 。他看不到任何记录或对其进行任何 CRUD 操作
127.0.0.1:5000/api/用户:1 无法加载资源:服务器响应状态为 403(FORBIDDEN)
AdminDashboard.js:25 获取用户时出错: Axios错误 代码:“ERR_BAD_REQUEST” 配置 “请求失败,状态代码 403” 姓名 :“Axios错误”
const handleLogin = async (e) => {
e.preventDefault();
try {
const response = await axios.post(
`http://127.0.0.1:5000/api/${isAdmin ? "admin/login" : "login"}`,
{ email, password },
{ withCredentials: true }
);
if (response.status === 200) {
console.log(response.data.role);
setIsAuthenticated(true); // Update parent state
setUserRole(response.data.role); // Set user role
// Role-based redirection
const roleRedirect = {
admin: "/admin-dashboard",
employee: "/user-dashboard"
};
navigate(roleRedirect[response.data.role] || "/login");
}
} catch (error) {
if (error.response && error.response.status === 401) {
setError("Invalid email or password");
} else {
setError("Something went wrong. Please try again later.");
}
}
};
useEffect(() => {
const fetchUsers = async () => {
try {
const response = await axios.get("http://127.0.0.1:5000/api/users", { withCredentials: true });
console.log("Fetch Users Response:", response); // Debug response
if (response.status === 200) {
setUsers(response.data);
}
} catch (error) {
console.error("Error fetching users:", error);
if (error.response && error.response.status === 403) {
setError("Unauthorized access: Only admins can view this page.");
navigate("/login"); // Redirect to login page if unauthorized
} else {
setError("Error fetching user data.");
}
}
};
fetchUsers(); // Trigger fetch when component mounts
}, [navigate]);
@app.route('/api/admin/login', methods=['POST'])
def admin_login():
data = request.json
user = User.query.filter_by(email=data.get('email')).first()
if user and user.role == 'admin' and bcrypt.check_password_hash(user.password_hash, data.get('password')):
session['user_id'] = user.id
session['role'] = user.role
session.permanent = True # Make the session permanent
print("Session set for admin:", session) # Debug: Check the session
return jsonify({"message": "Admin login successful", "role": user.role, "id": user.id}), 200
return jsonify({"message": "Invalid credentials or not an admin"}), 401
@app.route('/api/users', methods=['GET'])
def get_users():
print("Current session in get_users:", session) # Debug: Check session content
if 'role' in session and session['role'] == 'admin':
users = User.query.all()
users_data = [
{"id": user.id, "name": user.name, "email": user.email, "role": user.role, "department": user.department}
for user in users
]
return jsonify(users_data), 200
return jsonify({"message": "Unauthorized: Only admins can view all users"}), 403
这是关于 403 错误的前端和后端代码
您的会话内容似乎没有“管理员”角色,因此您会返回 403。