用户管理密码验证失败的状态码从 401 修改为 403

backend/app/api/v1/endpoints/users.py

@@ -115,7 +115,7 @@ def create_user(
 
     # Verify Admin Password
     if not user_in.admin_password or not security.verify_password(user_in.admin_password, current_user.password_hash):
-        raise HTTPException(status_code=401, detail="管理员密码错误")
+        raise HTTPException(status_code=403, detail="管理员密码错误")
 
     user = db.query(User).filter(User.mobile == user_in.mobile).first()
     if user:
@@ -199,7 +199,7 @@ def batch_reset_english_name(
 
     # Verify Admin Password
     if not security.verify_password(req.admin_password, current_user.password_hash):
-        raise HTTPException(status_code=401, detail="管理员密码错误")
+        raise HTTPException(status_code=403, detail="管理员密码错误")
 
     if not req.user_ids:
         raise HTTPException(status_code=400, detail="请选择用户")
@@ -291,7 +291,7 @@ def update_user(
         else:
             # Require admin password for mobile change
             if not user_in.admin_password or not security.verify_password(user_in.admin_password, current_user.password_hash):
-                raise HTTPException(status_code=401, detail="管理员密码错误")
+                raise HTTPException(status_code=403, detail="管理员密码错误")
 
             # Check uniqueness
             existing_user = db.query(User).filter(User.mobile == update_data["mobile"]).first()
@@ -330,7 +330,7 @@ def update_user(
         else:
             # Require admin password for status change
             if not user_in.admin_password or not security.verify_password(user_in.admin_password, current_user.password_hash):
-                raise HTTPException(status_code=401, detail="管理员密码错误")
+                raise HTTPException(status_code=403, detail="管理员密码错误")
             
             # Add Log Action
             action_type = ActionType.DISABLE if update_data["status"] == "DISABLED" else ActionType.ENABLE
@@ -345,7 +345,7 @@ def update_user(
         else:
              # Require admin password for role change
             if not user_in.admin_password or not security.verify_password(user_in.admin_password, current_user.password_hash):
-                raise HTTPException(status_code=401, detail="管理员密码错误")
+                raise HTTPException(status_code=403, detail="管理员密码错误")
             
             actions.append((ActionType.CHANGE_ROLE, {"old": user.role, "new": update_data["role"]}))
 
@@ -420,7 +420,7 @@ def promote_user(
     
     # 1. Verify Password
     if not security.verify_password(req.password, current_user.password_hash):
-        raise HTTPException(status_code=401, detail="密码错误")
+        raise HTTPException(status_code=403, detail="密码错误")
         
     # 2. Verify Captcha
     if not CaptchaService.verify_captcha(req.captcha_id, req.captcha_code):