fix: 申诉查看错误

app/routes.py

@@ -1,4 +1,4 @@
-from flask import Blueprint, render_template, request, flash,redirect, url_for
+from flask import abort, Blueprint, render_template, request, flash,redirect, url_for
 from sqlalchemy import or_
 from flask_login import login_required, current_user
 from app import db
@@ -144,12 +144,17 @@ def report_detail(report_id):
     )
 # === 独立的举报处理视图 (仅限 Admin) ===
 # 这个视图只处理动作，不渲染页面。它接收来自详情页按钮的 POST 请求。
-@main.route('/admin/report/<int:report_id>/process/<action>', methods=['POST'])
+@main.route('/admin/report/<int:report_id>/process', methods=['POST'])
 @login_required
-@admin_required # 严格限制为 admin
-def process_report(report_id, action):
+@admin_required
+def process_report(report_id):
     report = Report.query.get_or_404(report_id)
-    
+    action = request.form.get('action')
+
+    if action not in ['confirm', 'invalidate']:
+        flash('无效的操作。', 'danger')
+        return redirect(url_for('main.report_detail', report_id=report_id))
+
     if action == 'confirm':
         report.status = 'approved'
         # 检查是否已在黑名单中
@@ -276,10 +281,10 @@ def reject_user(user_id):
 def create_appeal(blacklist_id):
     blacklist_entry = Blacklist.query.get_or_404(blacklist_id)
     
-    # 安全检查：确保用户只能为自己的黑名单记录申诉
-    # 注意：请根据你的 User 模型修改 current_user.reported_uid
-    if not (hasattr(current_user, 'reported_uid') and current_user.reported_uid == blacklist_entry.uid) and not (current_user.email == blacklist_entry.email):
-        abort(403) # Forbidden
+    # 安全检查：确保用户只能为自己的黑名单记录申诉（邮箱匹配 或 UID+站点匹配）
+    if not (current_user.email == blacklist_entry.email or
+            (current_user.uid == blacklist_entry.uid and current_user.pt_site == blacklist_entry.pt_site)):
+        abort(403)
     # 检查是否已有进行中的申诉
     if blacklist_entry.appeals.filter(Appeal.status.in_(['awaiting_admin_reply', 'awaiting_user_reply'])).first():
         flash('您已有一个正在进行中的申诉，请勿重复提交。', 'warning')