Upload 60 files

app/main.py

@@ -9,9 +9,10 @@ from starlette.middleware.sessions import SessionMiddleware
 from app.auth import get_current_admin, get_current_user
 from app.config import ROOT_DIR, settings
 from app.database import SessionLocal
+from app.models import Admin, User
 from app.routes import admin, auth, media, user
 from app.services.bootstrap import initialize_database, seed_super_admin
-from app.web import redirect, templates
+from app.web import local_now, redirect, templates
 
 
 app = FastAPI(title=settings.app_name)
@@ -29,6 +30,35 @@ def on_startup() -> None:
         db.close()
 
 
+@app.middleware("http")
+async def track_presence(request: Request, call_next):
+    response = await call_next(request)
+    if request.url.path.startswith("/static"):
+        return response
+
+    admin_id = request.session.get("admin_id")
+    user_id = request.session.get("user_id")
+    if not admin_id and not user_id:
+        return response
+
+    db = SessionLocal()
+    try:
+        if admin_id:
+            admin = db.get(Admin, admin_id)
+            if admin:
+                admin.last_seen_at = local_now()
+                db.add(admin)
+        elif user_id:
+            user = db.get(User, user_id)
+            if user:
+                user.last_seen_at = local_now()
+                db.add(user)
+        db.commit()
+    finally:
+        db.close()
+    return response
+
+
 @app.get("/")
 def index(request: Request):
     db = SessionLocal()

app/models.py

@@ -26,10 +26,16 @@ class Admin(TimestampMixin, Base):
     password_hash: Mapped[str] = mapped_column(String(255))
     role: Mapped[str] = mapped_column(String(32), default="admin")
     is_active: Mapped[bool] = mapped_column(Boolean, default=True)
+    last_seen_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
 
     created_activities: Mapped[list["Activity"]] = relationship(back_populates="created_by")
     reviewed_submissions: Mapped[list["Submission"]] = relationship(
-        back_populates="reviewed_by"
+        back_populates="reviewed_by",
+        foreign_keys="Submission.reviewed_by_id",
+    )
+    assigned_submissions: Mapped[list["Submission"]] = relationship(
+        back_populates="assigned_admin",
+        foreign_keys="Submission.assigned_admin_id",
     )
 
 
@@ -41,6 +47,7 @@ class Group(TimestampMixin, Base):
     max_members: Mapped[int] = mapped_column(Integer, default=6)
 
     members: Mapped[list["User"]] = relationship(back_populates="group")
+    submissions: Mapped[list["Submission"]] = relationship(back_populates="group")
 
 
 class User(TimestampMixin, Base):
@@ -52,6 +59,7 @@ class User(TimestampMixin, Base):
     password_hash: Mapped[str] = mapped_column(String(255))
     is_active: Mapped[bool] = mapped_column(Boolean, default=True)
     group_id: Mapped[Optional[int]] = mapped_column(ForeignKey("groups.id"), nullable=True)
+    last_seen_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
 
     group: Mapped[Optional["Group"]] = relationship(back_populates="members")
     submissions: Mapped[list["Submission"]] = relationship(back_populates="user")
@@ -90,7 +98,9 @@ class Task(TimestampMixin, Base):
     image_mime: Mapped[str] = mapped_column(String(120), default="image/jpeg")
     image_filename: Mapped[str] = mapped_column(String(255), default="task.jpg")
 
-    clue_image_data: Mapped[Optional[bytes]] = mapped_column(LONGBLOB, deferred=True, nullable=True)
+    clue_image_data: Mapped[Optional[bytes]] = mapped_column(
+        LONGBLOB, deferred=True, nullable=True
+    )
     clue_image_mime: Mapped[Optional[str]] = mapped_column(String(120), nullable=True)
     clue_image_filename: Mapped[Optional[str]] = mapped_column(String(255), nullable=True)
     clue_release_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
@@ -103,11 +113,14 @@ class Task(TimestampMixin, Base):
 
 class Submission(TimestampMixin, Base):
     __tablename__ = "submissions"
-    __table_args__ = (UniqueConstraint("user_id", "task_id", name="uq_user_task_submission"),)
+    __table_args__ = (
+        UniqueConstraint("group_id", "task_id", name="uq_group_task_submission"),
+    )
 
     id: Mapped[int] = mapped_column(primary_key=True)
     task_id: Mapped[int] = mapped_column(ForeignKey("tasks.id"))
     user_id: Mapped[int] = mapped_column(ForeignKey("users.id"))
+    group_id: Mapped[Optional[int]] = mapped_column(ForeignKey("groups.id"), nullable=True)
 
     stored_filename: Mapped[str] = mapped_column(String(255))
     original_filename: Mapped[str] = mapped_column(String(255))
@@ -120,9 +133,23 @@ class Submission(TimestampMixin, Base):
     reviewed_by_id: Mapped[Optional[int]] = mapped_column(
         ForeignKey("admins.id"), nullable=True
     )
+    assigned_admin_id: Mapped[Optional[int]] = mapped_column(
+        ForeignKey("admins.id"), nullable=True
+    )
+    assigned_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
     reviewed_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
     approved_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
 
     task: Mapped["Task"] = relationship(back_populates="submissions")
     user: Mapped["User"] = relationship(back_populates="submissions")
-    reviewed_by: Mapped[Optional["Admin"]] = relationship(back_populates="reviewed_submissions")
+    group: Mapped[Optional["Group"]] = relationship(back_populates="submissions")
+    reviewed_by: Mapped[Optional["Admin"]] = relationship(
+        back_populates="reviewed_submissions",
+        foreign_keys=[reviewed_by_id],
+    )
+    assigned_admin: Mapped[Optional["Admin"]] = relationship(
+        back_populates="assigned_submissions",
+        foreign_keys=[assigned_admin_id],
+    )
+
+

app/routes/admin.py

@@ -6,13 +6,16 @@ from datetime import datetime, timedelta
 from pathlib import Path
 
 from fastapi import APIRouter, Depends, HTTPException, Request
-from fastapi.responses import StreamingResponse
+from fastapi.responses import JSONResponse, StreamingResponse
 from sqlalchemy.orm import Session, joinedload
 
 from app.database import get_db
 from app.models import Activity, Admin, Group, Submission, Task, User
 from app.security import hash_password
 from app.services.images import compress_to_limit, read_and_validate_upload
+from app.services.leaderboard import build_leaderboard
+from app.services.presence import is_online
+from app.services.review_queue import online_admins, rebalance_pending_reviews
 from app.web import add_flash, local_now, redirect, render
 
 
@@ -23,6 +26,9 @@ def require_admin(request: Request, db: Session) -> Admin | None:
     admin = db.query(Admin).filter(Admin.id == (request.session.get("admin_id") or 0)).first()
     if not admin or not admin.is_active:
         return None
+    admin.last_seen_at = local_now()
+    db.add(admin)
+    db.flush()
     return admin
 
 
@@ -46,14 +52,20 @@ def parse_optional_group(group_id_value: str | None, db: Session) -> Group | Non
     )
 
 
-def ensure_group_capacity(group: Group | None, current_user: User | None = None) -> None:
+def ensure_group_capacity(group: Group | None, current_users: list[User] | None = None) -> None:
     if not group:
         return
+    current_users = current_users or []
     current_count = len(group.members)
-    if current_user and current_user.group_id == group.id:
-        current_count -= 1
-    if current_count >= group.max_members:
-        raise ValueError(f"{group.name} 已满员，请调整人数上限或选择其他小组。")
+    incoming_count = 0
+    for user in current_users:
+        belongs_to_target = user.group_id == group.id or (
+            getattr(user, "group", None) is not None and getattr(user.group, "id", None) == group.id
+        )
+        if not belongs_to_target:
+            incoming_count += 1
+    if current_count + incoming_count > group.max_members:
+        raise ValueError(f"{group.name} 的人数上限不足，请调整人数上限或减少选中人数。")
 
 
 def parse_activity_fields(form) -> dict:
@@ -124,6 +136,97 @@ def cleanup_submission_files(submissions: list[Submission]) -> None:
             file_path.unlink(missing_ok=True)
 
 
+def serialize_submission(submission: Submission) -> dict:
+    return {
+        "id": submission.id,
+        "task_title": submission.task.title if submission.task else "",
+        "activity_title": submission.task.activity.title if submission.task and submission.task.activity else "",
+        "group_name": submission.group.name if submission.group else "未分组",
+        "uploader_name": submission.user.full_name if submission.user else "未知成员",
+        "student_id": submission.user.student_id if submission.user else "",
+        "status": submission.status,
+        "feedback": submission.feedback,
+        "created_at": submission.created_at.strftime("%Y-%m-%d %H:%M") if submission.created_at else "-",
+        "reviewed_at": submission.reviewed_at.strftime("%Y-%m-%d %H:%M") if submission.reviewed_at else None,
+        "reviewed_by_name": submission.reviewed_by.display_name if submission.reviewed_by else None,
+        "assigned_admin_name": submission.assigned_admin.display_name if submission.assigned_admin else None,
+        "image_url": f"/media/submissions/{submission.id}",
+        "download_url": f"/media/submissions/{submission.id}?download=1",
+    }
+
+
+def serialize_presence_entry(name: str, role_label: str, last_seen_at, now: datetime) -> dict:
+    return {
+        "name": name,
+        "role_label": role_label,
+        "last_seen_at": last_seen_at.strftime("%Y-%m-%d %H:%M") if last_seen_at else "-",
+        "is_online": is_online(last_seen_at, now),
+    }
+
+
+def recent_reviews_query(db: Session, activity_id: int | None = None):
+    query = (
+        db.query(Submission)
+        .options(
+            joinedload(Submission.user),
+            joinedload(Submission.group),
+            joinedload(Submission.task).joinedload(Task.activity),
+            joinedload(Submission.reviewed_by),
+            joinedload(Submission.assigned_admin),
+        )
+        .filter(Submission.status.in_(["approved", "rejected"]))
+        .order_by(Submission.reviewed_at.desc(), Submission.id.desc())
+    )
+    if activity_id is not None:
+        query = query.join(Submission.task).filter(Task.activity_id == activity_id)
+    return query
+
+
+def pick_replacement_user(
+    db: Session,
+    group_id: int | None,
+    task_id: int,
+    excluded_ids: set[int],
+) -> User | None:
+    if not group_id:
+        return None
+    candidates = (
+        db.query(User)
+        .filter(User.group_id == group_id, User.id.notin_(excluded_ids))
+        .order_by(User.id.asc())
+        .all()
+    )
+    for candidate in candidates:
+        existing_submission = (
+            db.query(Submission.id)
+            .filter(Submission.user_id == candidate.id, Submission.task_id == task_id)
+            .first()
+        )
+        if not existing_submission:
+            return candidate
+    return None
+
+
+def delete_users_and_handle_submissions(db: Session, users: list[User]) -> tuple[int, int]:
+    excluded_ids = {user.id for user in users}
+    removed_submission_count = 0
+
+    for user in users:
+        submissions = db.query(Submission).filter(Submission.user_id == user.id).all()
+        for submission in submissions:
+            replacement = pick_replacement_user(db, submission.group_id, submission.task_id, excluded_ids)
+            if replacement:
+                submission.user_id = replacement.id
+                db.add(submission)
+                continue
+            cleanup_submission_files([submission])
+            db.delete(submission)
+            removed_submission_count += 1
+        db.delete(user)
+
+    return len(users), removed_submission_count
+
+
 async def collect_task_payloads(
     form,
     title_key: str,
@@ -182,12 +285,17 @@ def admin_dashboard(request: Request, db: Session = Depends(get_db)):
     if not admin:
         return redirect("/admin")
 
+    now = local_now()
+    admin_rows = db.query(Admin).order_by(Admin.id.asc()).all()
+    user_rows = db.query(User).order_by(User.id.asc()).all()
     stats = {
-        "user_count": db.query(User).count(),
+        "user_count": len(user_rows),
         "group_count": db.query(Group).count(),
         "activity_count": db.query(Activity).count(),
         "pending_count": db.query(Submission).filter(Submission.status == "pending").count(),
-        "admin_count": db.query(Admin).count(),
+        "admin_count": len(admin_rows),
+        "online_admin_count": sum(1 for item in admin_rows if is_online(item.last_seen_at, now)),
+        "online_user_count": sum(1 for item in user_rows if is_online(item.last_seen_at, now)),
     }
     recent_activities = (
         db.query(Activity)
@@ -196,6 +304,19 @@ def admin_dashboard(request: Request, db: Session = Depends(get_db)):
         .limit(5)
         .all()
     )
+    online_overview = None
+    if admin.role == "superadmin":
+        online_overview = {
+            "admins": [
+                serialize_presence_entry(item.display_name, "管理员", item.last_seen_at, now)
+                for item in admin_rows
+            ],
+            "users": [
+                serialize_presence_entry(item.full_name, "用户", item.last_seen_at, now)
+                for item in user_rows
+            ],
+        }
+
     return render(
         request,
         "admin_dashboard.html",
@@ -204,6 +325,7 @@ def admin_dashboard(request: Request, db: Session = Depends(get_db)):
             "admin": admin,
             "stats": stats,
             "recent_activities": recent_activities,
+            "online_overview": online_overview,
         },
     )
 
@@ -220,8 +342,7 @@ def admin_users(request: Request, db: Session = Depends(get_db)):
         request,
         "admin_users.html",
         {"page_title": "用户管理", "admin": admin, "users": users, "groups": groups},
-    )
-
+    )
 
 @router.post("/admin/users")
 async def create_user(request: Request, db: Session = Depends(get_db)):
@@ -243,7 +364,7 @@ async def create_user(request: Request, db: Session = Depends(get_db)):
         return redirect("/admin/users")
 
     try:
-        ensure_group_capacity(group)
+        ensure_group_capacity(group, [])
     except ValueError as exc:
         add_flash(request, "error", str(exc))
         return redirect("/admin/users")
@@ -260,6 +381,108 @@ async def create_user(request: Request, db: Session = Depends(get_db)):
     return redirect("/admin/users")
 
 
+@router.post("/admin/users/import")
+async def import_users(request: Request, db: Session = Depends(get_db)):
+    admin = require_admin(request, db)
+    if not admin:
+        return redirect("/admin")
+
+    form = await request.form()
+    raw_lines = str(form.get("import_text", "")).splitlines()
+    group = parse_optional_group(form.get("group_id"), db)
+
+    parsed_users = []
+    skipped = []
+    seen_student_ids = set()
+    for index, line in enumerate(raw_lines, start=1):
+        line = line.strip()
+        if not line:
+            continue
+        parts = line.split()
+        if len(parts) < 2:
+            skipped.append(f"第 {index} 行格式不正确")
+            continue
+        student_id = parts[-1].strip()
+        full_name = " ".join(parts[:-1]).strip()
+        if not full_name or not student_id:
+            skipped.append(f"第 {index} 行格式不正确")
+            continue
+        if student_id in seen_student_ids or db.query(User).filter(User.student_id == student_id).first():
+            skipped.append(f"{student_id} 已存在，已跳过")
+            continue
+        seen_student_ids.add(student_id)
+        parsed_users.append(
+            User(
+                student_id=student_id,
+                full_name=full_name,
+                password_hash=hash_password(student_id[-6:] if len(student_id) >= 6 else student_id),
+                group=group,
+            )
+        )
+
+    try:
+        ensure_group_capacity(group, parsed_users)
+    except ValueError as exc:
+        add_flash(request, "error", str(exc))
+        return redirect("/admin/users")
+
+    for user in parsed_users:
+        db.add(user)
+    db.commit()
+
+    message = f"成功导入 {len(parsed_users)} 位用户。"
+    if skipped:
+        message += " 跳过：" + "；".join(skipped[:5])
+    add_flash(request, "success", message)
+    return redirect("/admin/users")
+
+
+@router.post("/admin/users/bulk")
+async def bulk_manage_users(request: Request, db: Session = Depends(get_db)):
+    admin = require_admin(request, db)
+    if not admin:
+        return redirect("/admin")
+
+    form = await request.form()
+    selected_ids = [int(value) for value in form.getlist("user_ids") if str(value).isdigit()]
+    action = str(form.get("bulk_action", "")).strip()
+    if not selected_ids:
+        add_flash(request, "error", "请先勾选用户。")
+        return redirect("/admin/users")
+
+    users = db.query(User).options(joinedload(User.group)).filter(User.id.in_(selected_ids)).all()
+    if not users:
+        add_flash(request, "error", "未找到选中的用户。")
+        return redirect("/admin/users")
+
+    if action == "assign_group":
+        group = parse_optional_group(form.get("group_id"), db)
+        try:
+            ensure_group_capacity(group, users)
+        except ValueError as exc:
+            add_flash(request, "error", str(exc))
+            return redirect("/admin/users")
+        for user in users:
+            user.group = group
+            db.add(user)
+        db.commit()
+        add_flash(request, "success", f"已批量更新 {len(users)} 位用户的小组。")
+        return redirect("/admin/users")
+
+    if action == "delete":
+        removed_user_count, removed_submission_count = delete_users_and_handle_submissions(db, users)
+        db.commit()
+        add_flash(
+            request,
+            "success",
+            f"已删除 {removed_user_count} 位用户，清理 {removed_submission_count} 条无可继承的打卡记录。",
+        )
+        return redirect("/admin/users")
+
+    add_flash(request, "error", "批量操作无效。")
+    return redirect("/admin/users")
+
+
 @router.post("/admin/users/{user_id}/group")
 async def assign_user_group(user_id: int, request: Request, db: Session = Depends(get_db)):
     admin = require_admin(request, db)
@@ -273,7 +496,7 @@ async def assign_user_group(user_id: int, request: Request, db: Session = Depend
     form = await request.form()
     group = parse_optional_group(form.get("group_id"), db)
     try:
-        ensure_group_capacity(group, current_user=user)
+        ensure_group_capacity(group, [user])
     except ValueError as exc:
         add_flash(request, "error", str(exc))
         return redirect("/admin/users")
@@ -292,11 +515,64 @@ def admin_admins(request: Request, db: Session = Depends(get_db)):
         add_flash(request, "error", "只有超级管理员可以管理管理员账号。")
         return redirect("/admin/dashboard")
 
+    now = local_now()
     admins = db.query(Admin).order_by(Admin.created_at.desc()).all()
+    users = db.query(User).options(joinedload(User.group)).order_by(User.full_name.asc()).all()
+    admin_statuses = [
+        {**serialize_presence_entry(item.display_name, item.role, item.last_seen_at, now), "username": item.username}
+        for item in admins
+    ]
+    user_statuses = [
+        {
+            **serialize_presence_entry(item.full_name, "用户", item.last_seen_at, now),
+            "group_name": item.group.name if item.group else "未分组",
+        }
+        for item in users
+    ]
     return render(
         request,
         "admin_admins.html",
-        {"page_title": "管理员管理", "admin": admin, "admins": admins},
+        {
+            "page_title": "管理员管理",
+            "admin": admin,
+            "admins": admins,
+            "admin_statuses": admin_statuses,
+            "user_statuses": user_statuses,
+        },
+    )
+
+
+@router.get("/api/admin/presence/overview")
+def presence_overview(request: Request, db: Session = Depends(get_db)):
+    admin = require_super_admin(request, db)
+    if not admin:
+        return JSONResponse({"error": "forbidden"}, status_code=403)
+
+    now = local_now()
+    admins = db.query(Admin).order_by(Admin.display_name.asc()).all()
+    users = db.query(User).options(joinedload(User.group)).order_by(User.full_name.asc()).all()
+    return JSONResponse(
+        {
+            "admins": [
+                {
+                    "name": item.display_name,
+                    "username": item.username,
+                    "role": item.role,
+                    "is_online": is_online(item.last_seen_at, now),
+                    "last_seen_at": item.last_seen_at.strftime("%Y-%m-%d %H:%M") if item.last_seen_at else "-",
+                }
+                for item in admins
+            ],
+            "users": [
+                {
+                    "name": item.full_name,
+                    "group_name": item.group.name if item.group else "未分组",
+                    "is_online": is_online(item.last_seen_at, now),
+                    "last_seen_at": item.last_seen_at.strftime("%Y-%m-%d %H:%M") if item.last_seen_at else "-",
+                }
+                for item in users
+            ],
+        }
     )
 
 
@@ -329,8 +605,7 @@ async def create_admin(request: Request, db: Session = Depends(get_db)):
     db.add(new_admin)
     db.commit()
     add_flash(request, "success", f"管理员 {display_name} 已创建。")
-    return redirect("/admin/admins")
-
+    return redirect("/admin/admins")
 
 @router.get("/admin/groups")
 def admin_groups(request: Request, db: Session = Depends(get_db)):
@@ -450,10 +725,16 @@ def edit_activity_page(activity_id: int, request: Request, db: Session = Depends
     if not activity:
         raise HTTPException(status_code=404, detail="活动不存在")
 
+    leaderboard = build_leaderboard(db, activity.id)
     return render(
         request,
         "admin_activity_edit.html",
-        {"page_title": f"编辑活动 · {activity.title}", "admin": admin, "activity": activity},
+        {
+            "page_title": f"编辑活动 · {activity.title}",
+            "admin": admin,
+            "activity": activity,
+            "leaderboard": leaderboard,
+        },
     )
 
 
@@ -543,30 +824,16 @@ async def update_activity(activity_id: int, request: Request, db: Session = Depe
                 raise ValueError("任务数据无效，请刷新页面后重试。")
             seen_task_ids.add(task_id)
 
-            title = (
-                str(existing_task_titles[index]).strip()
-                if index < len(existing_task_titles)
-                else ""
-            )
-            description = (
-                str(existing_task_descriptions[index]).strip()
-                if index < len(existing_task_descriptions)
-                else ""
-            )
+            title = str(existing_task_titles[index]).strip() if index < len(existing_task_titles) else ""
+            description = str(existing_task_descriptions[index]).strip() if index < len(existing_task_descriptions) else ""
             if not title:
                 raise ValueError(f"第 {index + 1} 个已有任务标题不能为空。")
 
             task.title = title
             task.description = description
 
-            primary_upload = (
-                existing_task_images[index] if index < len(existing_task_images) else None
-            )
-            clue_upload = (
-                existing_task_clue_images[index]
-                if index < len(existing_task_clue_images)
-                else None
-            )
+            primary_upload = existing_task_images[index] if index < len(existing_task_images) else None
+            clue_upload = existing_task_clue_images[index] if index < len(existing_task_clue_images) else None
 
             if primary_upload and getattr(primary_upload, "filename", ""):
                 primary_raw = await read_and_validate_upload(primary_upload)
@@ -629,21 +896,11 @@ async def delete_task(task_id: int, request: Request, db: Session = Depends(get_
     if not admin:
         return redirect("/admin")
 
-    task = (
-        db.query(Task)
-        .options(joinedload(Task.submissions))
-        .filter(Task.id == task_id)
-        .first()
-    )
+    task = db.query(Task).options(joinedload(Task.submissions)).filter(Task.id == task_id).first()
     if not task:
         raise HTTPException(status_code=404, detail="任务不存在")
 
-    activity = (
-        db.query(Activity)
-        .options(joinedload(Activity.tasks))
-        .filter(Activity.id == task.activity_id)
-        .first()
-    )
+    activity = db.query(Activity).options(joinedload(Activity.tasks)).filter(Activity.id == task.activity_id).first()
     if not activity:
         raise HTTPException(status_code=404, detail="活动不存在")
     if len(activity.tasks) <= 1:
@@ -652,7 +909,6 @@ async def delete_task(task_id: int, request: Request, db: Session = Depends(get_
 
     cleanup_submission_files(task.submissions)
     activity_id = activity.id
-
     db.delete(task)
     db.flush()
 
@@ -670,9 +926,7 @@ async def delete_task(task_id: int, request: Request, db: Session = Depends(get_
 
 
 @router.post("/admin/activities/{activity_id}/visibility")
-async def update_leaderboard_visibility(
-    activity_id: int, request: Request, db: Session = Depends(get_db)
-):
+async def update_leaderboard_visibility(activity_id: int, request: Request, db: Session = Depends(get_db)):
     admin = require_admin(request, db)
     if not admin:
         return redirect("/admin")
@@ -686,8 +940,7 @@ async def update_leaderboard_visibility(
     db.add(activity)
     db.commit()
     add_flash(request, "success", f"已更新 {activity.title} 的排行榜可见性。")
-    return redirect("/admin/activities")
-
+    return redirect("/admin/activities")
 
 @router.get("/admin/reviews")
 def admin_reviews(request: Request, db: Session = Depends(get_db)):
@@ -695,24 +948,14 @@ def admin_reviews(request: Request, db: Session = Depends(get_db)):
     if not admin:
         return redirect("/admin")
 
-    status_filter = request.query_params.get("status", "pending")
     activity_filter = request.query_params.get("activity_id", "")
+    activity_id = int(activity_filter) if activity_filter.isdigit() else None
 
-    query = (
-        db.query(Submission)
-        .options(
-            joinedload(Submission.user),
-            joinedload(Submission.task).joinedload(Task.activity),
-            joinedload(Submission.reviewed_by),
-        )
-        .order_by(Submission.created_at.desc())
-    )
-    if status_filter:
-        query = query.filter(Submission.status == status_filter)
-    if activity_filter.isdigit():
-        query = query.join(Submission.task).filter(Task.activity_id == int(activity_filter))
-
-    submissions = query.all()
+    pending_submissions = rebalance_pending_reviews(db, activity_id)
+    assigned_submissions = [
+        submission for submission in pending_submissions if submission.assigned_admin_id == admin.id
+    ]
+    recent_submissions = recent_reviews_query(db, activity_id).limit(20).all()
     activities = db.query(Activity).order_by(Activity.start_at.desc()).all()
     return render(
         request,
@@ -720,22 +963,60 @@ def admin_reviews(request: Request, db: Session = Depends(get_db)):
         {
             "page_title": "审核中心",
             "admin": admin,
-            "submissions": submissions,
             "activities": activities,
-            "status_filter": status_filter,
             "activity_filter": activity_filter,
+            "assigned_submissions": assigned_submissions,
+            "recent_submissions": recent_submissions,
+            "online_admin_count": len(online_admins(db)),
         },
     )
 
 
+@router.get("/api/admin/reviews/feed")
+def review_feed(request: Request, db: Session = Depends(get_db)):
+    admin = require_admin(request, db)
+    if not admin:
+        return JSONResponse({"error": "forbidden"}, status_code=403)
+
+    activity_filter = request.query_params.get("activity_id", "")
+    activity_id = int(activity_filter) if activity_filter.isdigit() else None
+    pending_submissions = rebalance_pending_reviews(db, activity_id)
+    assigned_submissions = [
+        submission for submission in pending_submissions if submission.assigned_admin_id == admin.id
+    ]
+    recent_submissions = recent_reviews_query(db, activity_id).limit(20).all()
+    return JSONResponse(
+        {
+            "online_admin_count": len(online_admins(db)),
+            "assigned_submissions": [serialize_submission(submission) for submission in assigned_submissions],
+            "recent_submissions": [serialize_submission(submission) for submission in recent_submissions],
+        }
+    )
+
+
 @router.post("/admin/submissions/{submission_id}/review")
 async def review_submission(submission_id: int, request: Request, db: Session = Depends(get_db)):
     admin = require_admin(request, db)
     if not admin:
+        if request.headers.get("X-Requested-With") == "fetch":
+            return JSONResponse({"error": "forbidden"}, status_code=403)
         return redirect("/admin")
 
-    submission = db.get(Submission, submission_id)
+    submission = (
+        db.query(Submission)
+        .options(
+            joinedload(Submission.task).joinedload(Task.activity),
+            joinedload(Submission.user),
+            joinedload(Submission.group),
+            joinedload(Submission.reviewed_by),
+            joinedload(Submission.assigned_admin),
+        )
+        .filter(Submission.id == submission_id)
+        .first()
+    )
     if not submission:
+        if request.headers.get("X-Requested-With") == "fetch":
+            return JSONResponse({"error": "not_found"}, status_code=404)
         raise HTTPException(status_code=404, detail="提交记录不存在")
 
     form = await request.form()
@@ -743,16 +1024,31 @@ async def review_submission(submission_id: int, request: Request, db: Session =
     feedback = str(form.get("feedback", "")).strip() or None
 
     if decision not in {"approved", "rejected"}:
+        if request.headers.get("X-Requested-With") == "fetch":
+            return JSONResponse({"error": "invalid_decision"}, status_code=400)
         add_flash(request, "error", "审核操作无效。")
         return redirect("/admin/reviews")
 
+    if submission.status != "pending":
+        message = "该提交已被其他管理员处理，页面即将刷新到最新状态。"
+        if request.headers.get("X-Requested-With") == "fetch":
+            return JSONResponse({"error": "already_reviewed", "message": message}, status_code=409)
+        add_flash(request, "info", message)
+        return redirect("/admin/reviews")
+
     submission.status = decision
     submission.feedback = feedback
     submission.reviewed_by_id = admin.id
+    submission.assigned_admin_id = admin.id
+    submission.assigned_at = submission.assigned_at or local_now()
     submission.reviewed_at = local_now()
     submission.approved_at = submission.created_at if decision == "approved" else None
     db.add(submission)
     db.commit()
+    db.refresh(submission)
+
+    if request.headers.get("X-Requested-With") == "fetch":
+        return JSONResponse({"ok": True, "submission": serialize_submission(submission)})
 
     add_flash(request, "success", "审核结果已保存。")
     return redirect("/admin/reviews")
@@ -772,10 +1068,7 @@ async def download_selected_submissions(request: Request, db: Session = Depends(
 
     submissions = (
         db.query(Submission)
-        .options(
-            joinedload(Submission.user),
-            joinedload(Submission.task).joinedload(Task.activity),
-        )
+        .options(joinedload(Submission.user), joinedload(Submission.group), joinedload(Submission.task).joinedload(Task.activity))
         .filter(Submission.id.in_(selected_ids))
         .all()
     )
@@ -789,9 +1082,9 @@ async def download_selected_submissions(request: Request, db: Session = Depends(
             suffix = file_path.suffix or ".jpg"
             activity_title = submission.task.activity.title.replace("/", "_")
             task_title = submission.task.title.replace("/", "_")
-            student_id = submission.user.student_id.replace("/", "_")
-            full_name = submission.user.full_name.replace("/", "_")
-            archive_name = f"{activity_title}/{task_title}/{student_id}_{full_name}{suffix}"
+            group_name = (submission.group.name if submission.group else "未分组").replace("/", "_")
+            uploader_name = (submission.user.full_name if submission.user else "unknown").replace("/", "_")
+            archive_name = f"{activity_title}/{group_name}/{task_title}_{uploader_name}{suffix}"
             zip_file.write(file_path, archive_name)
 
     archive.seek(0)
@@ -801,3 +1094,6 @@ async def download_selected_submissions(request: Request, db: Session = Depends(
         media_type="application/zip",
         headers={"Content-Disposition": f'attachment; filename="{filename}"'},
     )
+
+
+

app/routes/auth.py

@@ -1,18 +1,63 @@
 from __future__ import annotations
 
 from fastapi import APIRouter, Depends, Form, Request
-from sqlalchemy.orm import Session
+from fastapi.responses import JSONResponse
+from sqlalchemy.orm import Session, joinedload
 
 from app.auth import get_current_admin, get_current_user, sign_in_admin, sign_in_user, sign_out
 from app.database import get_db
-from app.models import Admin, User
-from app.security import verify_password
+from app.models import Admin, Group, User
+from app.security import hash_password, verify_password
 from app.web import add_flash, redirect, render
 
 
 router = APIRouter()
 
 
+def load_account_context(request: Request, db: Session):
+    admin = get_current_admin(request, db)
+    user = get_current_user(request, db)
+    if admin:
+        groups = db.query(Group).options(joinedload(Group.members)).order_by(Group.name.asc()).all()
+        group_cards = [
+            {
+                "name": group.name,
+                "members": [member.full_name for member in group.members],
+            }
+            for group in groups
+        ]
+        return {
+            "admin": admin,
+            "user": None,
+            "identity_name": admin.display_name,
+            "identity_label": "管理员账号",
+            "group_cards": group_cards,
+        }
+    if user:
+        user = (
+            db.query(User)
+            .options(joinedload(User.group).joinedload(Group.members))
+            .filter(User.id == user.id)
+            .first()
+        )
+        group_cards = []
+        if user and user.group:
+            group_cards.append(
+                {
+                    "name": user.group.name,
+                    "members": [member.full_name for member in user.group.members],
+                }
+            )
+        return {
+            "admin": None,
+            "user": user,
+            "identity_name": user.full_name if user else "",
+            "identity_label": "用户账号",
+            "group_cards": group_cards,
+        }
+    return None
+
+
 @router.get("/login")
 def login_page(request: Request, db: Session = Depends(get_db)):
     if get_current_user(request, db):
@@ -68,4 +113,58 @@ def admin_login_submit(
 @router.get("/admin/logout")
 def admin_logout(request: Request):
     sign_out(request)
-    return redirect("/admin")
+    return redirect("/admin")
+
+
+@router.get("/account")
+def account_page(request: Request, db: Session = Depends(get_db)):
+    account_context = load_account_context(request, db)
+    if not account_context:
+        return redirect("/login")
+    return render(
+        request,
+        "account.html",
+        {
+            "page_title": "账号中心",
+            **account_context,
+        },
+    )
+
+
+@router.post("/account/password")
+def change_password(
+    request: Request,
+    current_password: str = Form(...),
+    new_password: str = Form(...),
+    confirm_password: str = Form(...),
+    db: Session = Depends(get_db),
+):
+    admin = get_current_admin(request, db)
+    user = get_current_user(request, db)
+    if not admin and not user:
+        return redirect("/login")
+
+    identity = admin or user
+    password_hash = identity.password_hash
+    if not verify_password(current_password, password_hash):
+        add_flash(request, "error", "当前密码不正确。")
+        return redirect("/account")
+    if len(new_password.strip()) < 6:
+        add_flash(request, "error", "新密码至少需要 6 位。")
+        return redirect("/account")
+    if new_password != confirm_password:
+        add_flash(request, "error", "两次输入的新密码不一致。")
+        return redirect("/account")
+
+    identity.password_hash = hash_password(new_password)
+    db.add(identity)
+    db.commit()
+    add_flash(request, "success", "密码已更新，下次登录请使用新密码。")
+    return redirect("/account")
+
+
+@router.get("/api/presence/ping")
+def presence_ping(request: Request, db: Session = Depends(get_db)):
+    if not get_current_admin(request, db) and not get_current_user(request, db):
+        return JSONResponse({"ok": False}, status_code=401)
+    return JSONResponse({"ok": True})

app/routes/media.py

@@ -8,7 +8,7 @@ from sqlalchemy.orm import Session, joinedload
 
 from app.auth import get_current_admin, get_current_user
 from app.database import get_db
-from app.models import Submission, Task
+from app.models import Submission, Task, User
 from app.web import local_now
 
 
@@ -54,8 +54,9 @@ def submission_image(submission_id: int, request: Request, db: Session = Depends
         raise HTTPException(status_code=404, detail="Submission not found")
 
     user = get_current_user(request, db)
-    if not admin and (not user or user.id != submission.user_id):
-        raise HTTPException(status_code=403, detail="Forbidden")
+    if not admin:
+        if not user or not user.group_id or user.group_id != submission.group_id:
+            raise HTTPException(status_code=403, detail="Forbidden")
 
     file_path = Path(submission.file_path)
     if not file_path.exists():

app/routes/user.py

@@ -9,7 +9,13 @@ from sqlalchemy.orm import Session, joinedload
 from app.auth import get_current_user
 from app.config import settings
 from app.database import get_db
-from app.models import Activity, Submission, Task, User
+from app.models import Activity, Group, Submission, Task, User
+from app.services.group_progress import (
+    build_group_progress,
+    build_group_submission_map,
+    get_activity_with_group_context,
+    pick_primary_submission,
+)
 from app.services.images import compress_to_limit, persist_submission_image, read_and_validate_upload
 from app.services.leaderboard import build_leaderboard
 from app.web import add_flash, local_now, redirect, render
@@ -21,12 +27,15 @@ router = APIRouter()
 def require_user(request: Request, db: Session) -> User | None:
     user = (
         db.query(User)
-        .options(joinedload(User.group), joinedload(User.submissions))
+        .options(joinedload(User.group).joinedload(Group.members), joinedload(User.submissions))
         .filter(User.id == (request.session.get("user_id") or 0))
         .first()
     )
     if not user or not user.is_active:
         return None
+    user.last_seen_at = local_now()
+    db.add(user)
+    db.flush()
     return user
 
 
@@ -36,31 +45,24 @@ def dashboard(request: Request, db: Session = Depends(get_db)):
     if not user:
         return redirect("/login")
 
-    activities = db.query(Activity).options(joinedload(Activity.tasks)).order_by(Activity.start_at.asc()).all()
-    submission_by_task = {submission.task_id: submission for submission in user.submissions}
+    activities = (
+        db.query(Activity)
+        .options(joinedload(Activity.tasks).joinedload(Task.submissions))
+        .order_by(Activity.start_at.asc())
+        .all()
+    )
 
     activity_cards = []
     now = local_now()
     for activity in activities:
-        total_tasks = len(activity.tasks)
-        approved_count = sum(
-            1
-            for task in activity.tasks
-            if submission_by_task.get(task.id)
-            and submission_by_task[task.id].status == "approved"
-        )
-        pending_count = sum(
-            1
-            for task in activity.tasks
-            if submission_by_task.get(task.id)
-            and submission_by_task[task.id].status == "pending"
-        )
+        progress = build_group_progress(activity, user.group_id)
         activity_cards.append(
             {
                 "activity": activity,
-                "total_tasks": total_tasks,
-                "approved_count": approved_count,
-                "pending_count": pending_count,
+                "total_tasks": progress["total_tasks"],
+                "approved_count": progress["approved_count"],
+                "pending_count": progress["pending_count"],
+                "rejected_count": progress["rejected_count"],
                 "is_active": activity.start_at <= now <= activity.deadline_at,
                 "is_overdue": now > activity.deadline_at,
             }
@@ -83,29 +85,20 @@ def activity_detail(activity_id: int, request: Request, db: Session = Depends(ge
     if not user:
         return redirect("/login")
 
-    activity = (
-        db.query(Activity)
-        .options(joinedload(Activity.tasks).joinedload(Task.submissions))
-        .filter(Activity.id == activity_id)
-        .first()
-    )
+    activity = get_activity_with_group_context(db, activity_id)
     if not activity:
         raise HTTPException(status_code=404, detail="活动不存在")
 
-    submission_by_task = {}
-    for task in activity.tasks:
-        for submission in task.submissions:
-            if submission.user_id == user.id:
-                submission_by_task[task.id] = submission
-                break
-
     now = local_now()
-    leaderboard = build_leaderboard(db, activity.id) if activity.leaderboard_visible else []
+    group_submission_by_task = build_group_submission_map(activity, user.group_id)
+    group_progress = build_group_progress(activity, user.group_id)
     clue_states = {
         task.id: bool(task.clue_image_filename and task.clue_release_at and now >= task.clue_release_at)
         for task in activity.tasks
     }
 
+    leaderboard = build_leaderboard(db, activity.id) if activity.leaderboard_visible else []
+
     return render(
         request,
         "activity_detail.html",
@@ -113,7 +106,8 @@ def activity_detail(activity_id: int, request: Request, db: Session = Depends(ge
             "page_title": activity.title,
             "user": user,
             "activity": activity,
-            "submission_by_task": submission_by_task,
+            "group_submission_by_task": group_submission_by_task,
+            "group_progress": group_progress,
             "leaderboard": leaderboard,
             "clue_states": clue_states,
             "now": now,
@@ -132,6 +126,9 @@ async def submit_task(
     user = require_user(request, db)
     if not user:
         return redirect("/login")
+    if not user.group_id:
+        add_flash(request, "error", "你当前还没有加入小组，暂时无法参与小组打卡。")
+        return redirect(f"/activities/{activity_id}")
 
     activity = db.query(Activity).filter(Activity.id == activity_id).first()
     task = db.query(Task).filter(Task.id == task_id, Task.activity_id == activity_id).first()
@@ -153,13 +150,15 @@ async def submit_task(
         add_flash(request, "error", str(exc))
         return redirect(f"/activities/{activity_id}")
 
-    submission = (
+    group_submissions = (
         db.query(Submission)
-        .filter(Submission.user_id == user.id, Submission.task_id == task.id)
-        .first()
+        .filter(Submission.group_id == user.group_id, Submission.task_id == task.id)
+        .order_by(Submission.created_at.asc(), Submission.id.asc())
+        .all()
     )
+    submission = pick_primary_submission(group_submissions)
     if submission and submission.status == "approved":
-        add_flash(request, "info", "该打卡点已经审核通过，无需重复提交。")
+        add_flash(request, "info", "你的小组已经完成了这个打卡点，无需重复提交。")
         return redirect(f"/activities/{activity_id}")
 
     if submission and submission.file_path:
@@ -176,9 +175,11 @@ async def submit_task(
     )
 
     if not submission:
-        submission = Submission(task_id=task.id, user_id=user.id)
+        submission = Submission(task_id=task.id, user_id=user.id, group_id=user.group_id)
         db.add(submission)
 
+    submission.user_id = user.id
+    submission.group_id = user.group_id
     submission.stored_filename = stored_filename
     submission.original_filename = photo.filename or stored_filename
     submission.file_path = file_path
@@ -187,12 +188,14 @@ async def submit_task(
     submission.status = "pending"
     submission.feedback = None
     submission.reviewed_by_id = None
+    submission.assigned_admin_id = None
+    submission.assigned_at = None
     submission.reviewed_at = None
     submission.approved_at = None
     submission.created_at = now
     db.commit()
 
-    add_flash(request, "success", "图片已提交，等待管理员审核。")
+    add_flash(request, "success", "小组图片已提交，等待管理员审核。")
     return redirect(f"/activities/{activity_id}")
 
 
@@ -216,4 +219,54 @@ def activity_clues(activity_id: int, request: Request, db: Session = Depends(get
         ],
         "server_time": now.isoformat(timespec="seconds"),
     }
-    return JSONResponse(payload)
+    return JSONResponse(payload)
+
+
+@router.get("/api/activities/{activity_id}/status")
+def activity_status(activity_id: int, request: Request, db: Session = Depends(get_db)):
+    user = require_user(request, db)
+    if not user:
+        return JSONResponse({"error": "unauthorized"}, status_code=401)
+
+    activity = get_activity_with_group_context(db, activity_id)
+    if not activity:
+        return JSONResponse({"error": "not_found"}, status_code=404)
+
+    submission_map = build_group_submission_map(activity, user.group_id)
+    progress = build_group_progress(activity, user.group_id)
+    leaderboard = build_leaderboard(db, activity.id) if activity.leaderboard_visible else []
+    now = local_now()
+    can_upload_now = bool(user.group_id) and activity.start_at <= now <= activity.deadline_at
+
+    tasks_payload = []
+    for task in activity.tasks:
+        submission = submission_map.get(task.id)
+        tasks_payload.append(
+            {
+                "task_id": task.id,
+                "status": submission.status if submission else "idle",
+                "feedback": submission.feedback if submission else None,
+                "submission_id": submission.id if submission else None,
+                "submitted_at": submission.created_at.strftime("%Y-%m-%d %H:%M") if submission else None,
+                "uploader_name": submission.user.full_name if submission and submission.user else None,
+                "reviewer_name": submission.reviewed_by.display_name if submission and submission.reviewed_by else None,
+                "can_upload": can_upload_now and (not submission or submission.status != "approved"),
+            }
+        )
+
+    return JSONResponse(
+        {
+            "activity_id": activity.id,
+            "progress": progress,
+            "tasks": tasks_payload,
+            "leaderboard": [
+                {
+                    "group_name": row["group_name"],
+                    "completed_count": row["completed_count"],
+                    "member_count": row["member_count"],
+                    "total_elapsed": row["total_elapsed_minutes"],
+                }
+                for row in leaderboard
+            ],
+        }
+    )

app/services/bootstrap.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+from sqlalchemy import inspect, text
 from sqlalchemy.orm import Session
 
 from app.config import settings
@@ -8,9 +9,97 @@ from app.models import Admin
 from app.security import hash_password, verify_password
 
 
+def ensure_column(table_name: str, column_name: str, ddl: str) -> None:
+    inspector = inspect(engine)
+    if table_name not in inspector.get_table_names():
+        return
+    columns = {column["name"] for column in inspector.get_columns(table_name)}
+    if column_name in columns:
+        return
+    with engine.begin() as connection:
+        connection.execute(text(f"ALTER TABLE {table_name} ADD COLUMN {ddl}"))
+
+
+def submission_indexes() -> tuple[set[str], set[str]]:
+    inspector = inspect(engine)
+    unique_names = {
+        item["name"]
+        for item in inspector.get_unique_constraints("submissions")
+        if item.get("name")
+    }
+    index_names = {
+        item["name"]
+        for item in inspector.get_indexes("submissions")
+        if item.get("name")
+    }
+    return unique_names, index_names
+
+
+def ensure_submission_constraints() -> None:
+    inspector = inspect(engine)
+    if "submissions" not in inspector.get_table_names():
+        return
+
+    unique_names, index_names = submission_indexes()
+    with engine.begin() as connection:
+        if "uq_user_task_submission" in unique_names or "uq_user_task_submission" in index_names:
+            try:
+                connection.execute(text("ALTER TABLE submissions DROP INDEX uq_user_task_submission"))
+            except Exception:
+                pass
+
+    unique_names, index_names = submission_indexes()
+    if "uq_group_task_submission" in unique_names or "uq_group_task_submission" in index_names:
+        return
+
+    with engine.begin() as connection:
+        try:
+            connection.execute(
+                text(
+                    "ALTER TABLE submissions ADD CONSTRAINT uq_group_task_submission UNIQUE (group_id, task_id)"
+                )
+            )
+        except Exception:
+            # Existing historical duplicates may prevent the unique key from being created.
+            # The application layer will still favor a single canonical submission per group/task.
+            pass
+
+
+def upgrade_schema() -> None:
+    ensure_column("admins", "last_seen_at", "last_seen_at DATETIME NULL")
+    ensure_column("users", "last_seen_at", "last_seen_at DATETIME NULL")
+    ensure_column("activities", "leaderboard_visible", "leaderboard_visible TINYINT(1) NOT NULL DEFAULT 1")
+    ensure_column("activities", "clue_interval_minutes", "clue_interval_minutes INT NULL")
+    ensure_column("tasks", "display_order", "display_order INT NOT NULL DEFAULT 1")
+    ensure_column("tasks", "clue_image_data", "clue_image_data LONGBLOB NULL")
+    ensure_column("tasks", "clue_image_mime", "clue_image_mime VARCHAR(120) NULL")
+    ensure_column("tasks", "clue_image_filename", "clue_image_filename VARCHAR(255) NULL")
+    ensure_column("tasks", "clue_release_at", "clue_release_at DATETIME NULL")
+    ensure_column("submissions", "group_id", "group_id INT NULL")
+    ensure_column("submissions", "assigned_admin_id", "assigned_admin_id INT NULL")
+    ensure_column("submissions", "assigned_at", "assigned_at DATETIME NULL")
+    ensure_column("submissions", "reviewed_at", "reviewed_at DATETIME NULL")
+    ensure_column("submissions", "approved_at", "approved_at DATETIME NULL")
+
+    with engine.begin() as connection:
+        connection.execute(
+            text(
+                """
+                UPDATE submissions AS s
+                JOIN users AS u ON s.user_id = u.id
+                SET s.group_id = u.group_id
+                WHERE s.group_id IS NULL
+                """
+            )
+        )
+
+    ensure_submission_constraints()
+
+
 def initialize_database() -> None:
     settings.upload_root.mkdir(parents=True, exist_ok=True)
     Base.metadata.create_all(bind=engine)
+    upgrade_schema()
 
 
 def seed_super_admin(db: Session) -> None:
@@ -36,3 +125,4 @@ def seed_super_admin(db: Session) -> None:
     if changed:
         db.add(admin)
         db.commit()
+

app/services/group_progress.py

@@ -0,0 +1,99 @@
+from __future__ import annotations
+
+from datetime import datetime
+
+from sqlalchemy.orm import Session, joinedload
+
+from app.models import Activity, Submission, Task, User
+
+
+def get_activity_with_group_context(db: Session, activity_id: int) -> Activity | None:
+    return (
+        db.query(Activity)
+        .options(
+            joinedload(Activity.tasks)
+            .joinedload(Task.submissions)
+            .joinedload(Submission.user)
+            .joinedload(User.group),
+            joinedload(Activity.tasks)
+            .joinedload(Task.submissions)
+            .joinedload(Submission.group),
+            joinedload(Activity.tasks)
+            .joinedload(Task.submissions)
+            .joinedload(Submission.reviewed_by),
+            joinedload(Activity.tasks)
+            .joinedload(Task.submissions)
+            .joinedload(Submission.assigned_admin),
+        )
+        .filter(Activity.id == activity_id)
+        .first()
+    )
+
+
+def pick_primary_submission(submissions: list[Submission]) -> Submission | None:
+    if not submissions:
+        return None
+
+    approved = [submission for submission in submissions if submission.status == "approved"]
+    if approved:
+        return min(
+            approved,
+            key=lambda item: ((item.approved_at or item.created_at or datetime.min), item.id),
+        )
+
+    pending = [submission for submission in submissions if submission.status == "pending"]
+    if pending:
+        return max(
+            pending,
+            key=lambda item: ((item.created_at or datetime.min), item.id),
+        )
+
+    rejected = [submission for submission in submissions if submission.status == "rejected"]
+    if rejected:
+        return max(
+            rejected,
+            key=lambda item: ((item.created_at or datetime.min), item.id),
+        )
+
+    return max(
+        submissions,
+        key=lambda item: ((item.created_at or datetime.min), item.id),
+    )
+
+
+def build_group_submission_map(activity: Activity, group_id: int | None) -> dict[int, Submission]:
+    if not activity or not group_id:
+        return {}
+
+    group_submissions: dict[int, Submission] = {}
+    for task in activity.tasks:
+        task_submissions = [submission for submission in task.submissions if submission.group_id == group_id]
+        primary_submission = pick_primary_submission(task_submissions)
+        if primary_submission:
+            group_submissions[task.id] = primary_submission
+    return group_submissions
+
+
+def build_group_progress(activity: Activity, group_id: int | None) -> dict:
+    total_tasks = len(activity.tasks) if activity else 0
+    if not activity or not group_id:
+        return {
+            "total_tasks": total_tasks,
+            "approved_count": 0,
+            "pending_count": 0,
+            "rejected_count": 0,
+            "completion_ratio": 0,
+        }
+
+    submission_map = build_group_submission_map(activity, group_id)
+    approved_count = sum(1 for submission in submission_map.values() if submission.status == "approved")
+    pending_count = sum(1 for submission in submission_map.values() if submission.status == "pending")
+    rejected_count = sum(1 for submission in submission_map.values() if submission.status == "rejected")
+
+    return {
+        "total_tasks": total_tasks,
+        "approved_count": approved_count,
+        "pending_count": pending_count,
+        "rejected_count": rejected_count,
+        "completion_ratio": 0 if total_tasks == 0 else approved_count / total_tasks,
+    }

app/services/leaderboard.py

@@ -3,51 +3,50 @@
 from collections import defaultdict
 from datetime import timedelta
 
-from sqlalchemy.orm import Session, joinedload
+from sqlalchemy.orm import Session
 
-from app.models import Activity, Submission, Task, User
+from app.models import Group
+from app.services.group_progress import get_activity_with_group_context, pick_primary_submission
 
 
 def build_leaderboard(db: Session, activity_id: int) -> list[dict]:
-    activity = (
-        db.query(Activity)
-        .options(
-            joinedload(Activity.tasks)
-            .joinedload(Task.submissions)
-            .joinedload(Submission.user)
-            .joinedload(User.group)
-        )
-        .filter(Activity.id == activity_id)
-        .first()
-    )
+    activity = get_activity_with_group_context(db, activity_id)
     if not activity:
         return []
 
-    group_stats: dict[str, dict] = defaultdict(
-        lambda: {"completed_count": 0, "total_elapsed": timedelta(), "members": set()}
-    )
+    rows_by_group: dict[int, dict] = {}
+    known_groups = {
+        group.id: group
+        for group in db.query(Group).order_by(Group.name.asc()).all()
+    }
 
     for task in activity.tasks:
+        submissions_by_group = defaultdict(list)
         for submission in task.submissions:
-            if submission.status != "approved" or not submission.user:
+            if not submission.group_id:
                 continue
-            group_name = submission.user.group.name if submission.user.group else "未分组"
-            elapsed = max(submission.created_at - activity.start_at, timedelta())
-            stats = group_stats[group_name]
-            stats["completed_count"] += 1
-            stats["total_elapsed"] += elapsed
-            stats["members"].add(submission.user.full_name)
-
-    rows = []
-    for group_name, stats in group_stats.items():
-        rows.append(
-            {
-                "group_name": group_name,
-                "completed_count": stats["completed_count"],
-                "total_elapsed": stats["total_elapsed"],
-                "member_count": len(stats["members"]),
-                "total_elapsed_minutes": int(stats["total_elapsed"].total_seconds() // 60),
-            }
-        )
-    rows.sort(key=lambda item: (-item["completed_count"], item["total_elapsed"]))
+            submissions_by_group[submission.group_id].append(submission)
+
+        for group_id, group_submissions in submissions_by_group.items():
+            submission = pick_primary_submission(group_submissions)
+            if not submission or submission.status != "approved":
+                continue
+
+            if group_id not in rows_by_group:
+                group = submission.group or known_groups.get(group_id)
+                rows_by_group[group_id] = {
+                    "group_name": group.name if group else "未命名小组",
+                    "completed_count": 0,
+                    "total_elapsed": timedelta(),
+                    "member_count": len(group.members) if group else 0,
+                }
+            row = rows_by_group[group_id]
+            elapsed = max((submission.approved_at or submission.created_at) - activity.start_at, timedelta())
+            row["completed_count"] += 1
+            row["total_elapsed"] += elapsed
+
+    rows = list(rows_by_group.values())
+    rows.sort(key=lambda item: (-item["completed_count"], item["total_elapsed"], item["group_name"]))
+    for row in rows:
+        row["total_elapsed_minutes"] = int(row["total_elapsed"].total_seconds() // 60)
     return rows

app/services/presence.py

@@ -0,0 +1,19 @@
+from __future__ import annotations
+
+from datetime import timedelta
+
+from app.web import local_now
+
+
+ONLINE_WINDOW_SECONDS = 75
+
+
+def online_cutoff(reference_time=None):
+    now = reference_time or local_now()
+    return now - timedelta(seconds=ONLINE_WINDOW_SECONDS)
+
+
+def is_online(last_seen_at, reference_time=None) -> bool:
+    if not last_seen_at:
+        return False
+    return last_seen_at >= online_cutoff(reference_time)

app/services/review_queue.py

@@ -0,0 +1,71 @@
+from __future__ import annotations
+
+from sqlalchemy.orm import Session, joinedload
+
+from app.models import Admin, Submission, Task
+from app.services.presence import is_online
+from app.web import local_now
+
+
+def online_admins(db: Session) -> list[Admin]:
+    now = local_now()
+    admins = db.query(Admin).filter(Admin.is_active.is_(True)).order_by(Admin.id.asc()).all()
+    return [admin for admin in admins if is_online(admin.last_seen_at, now)]
+
+
+def rebalance_pending_reviews(db: Session, activity_id: int | None = None) -> list[Submission]:
+    pending_query = (
+        db.query(Submission)
+        .options(
+            joinedload(Submission.user),
+            joinedload(Submission.group),
+            joinedload(Submission.task).joinedload(Task.activity),
+            joinedload(Submission.assigned_admin),
+            joinedload(Submission.reviewed_by),
+        )
+        .filter(Submission.status == "pending")
+        .order_by(Submission.created_at.asc(), Submission.id.asc())
+    )
+    if activity_id is not None:
+        pending_query = pending_query.join(Submission.task).filter(Task.activity_id == activity_id)
+
+    pending_submissions = pending_query.all()
+    admins = online_admins(db)
+    if not admins:
+        return pending_submissions
+
+    now = local_now()
+    active_ids = {admin.id for admin in admins}
+    buckets: dict[int, list[Submission]] = {admin.id: [] for admin in admins}
+    changed = False
+
+    for submission in pending_submissions:
+        if submission.assigned_admin_id in active_ids:
+            buckets[submission.assigned_admin_id].append(submission)
+
+    for submission in pending_submissions:
+        if submission.assigned_admin_id in active_ids:
+            continue
+        target_admin = min(admins, key=lambda item: (len(buckets[item.id]), item.id))
+        submission.assigned_admin_id = target_admin.id
+        submission.assigned_at = now
+        buckets[target_admin.id].append(submission)
+        changed = True
+
+    while True:
+        source_admin = max(admins, key=lambda item: (len(buckets[item.id]), -item.id))
+        target_admin = min(admins, key=lambda item: (len(buckets[item.id]), item.id))
+        if len(buckets[source_admin.id]) - len(buckets[target_admin.id]) <= 1:
+            break
+
+        buckets[source_admin.id].sort(key=lambda item: (item.created_at, item.id))
+        moved_submission = buckets[source_admin.id].pop()
+        moved_submission.assigned_admin_id = target_admin.id
+        moved_submission.assigned_at = now
+        buckets[target_admin.id].append(moved_submission)
+        changed = True
+
+    if changed:
+        db.commit()
+        pending_submissions = pending_query.all()
+    return pending_submissions

app/static/style.css

@@ -892,3 +892,204 @@ textarea {
     grid-template-columns: 1fr;
   }
 }
+
+.users-admin-grid,
+.presence-admin-grid,
+.review-live-grid {
+  grid-template-columns: 1fr 1fr;
+}
+
+.bulk-toolbar {
+  display: grid;
+  grid-template-columns: 1fr 1fr auto;
+  gap: 14px;
+  margin-bottom: 18px;
+  align-items: end;
+}
+
+.leaderboard-hero {
+  align-items: stretch;
+}
+
+.hero-split-main {
+  display: grid;
+  gap: 14px;
+  flex: 1 1 55%;
+}
+
+.hero-side-rank {
+  width: min(420px, 100%);
+  padding: 18px 20px;
+}
+
+.inset-rank-card {
+  background: linear-gradient(180deg, rgba(255, 255, 255, 0.82), rgba(231, 248, 233, 0.82));
+}
+
+.compact-head {
+  margin-bottom: 12px;
+}
+
+.task-carousel-shell {
+  display: grid;
+  gap: 18px;
+}
+
+.task-carousel-head {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 14px;
+}
+
+.carousel-controls {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.task-flip-book {
+  position: relative;
+  min-height: 720px;
+}
+
+.task-page {
+  position: absolute;
+  inset: 0;
+  opacity: 0;
+  pointer-events: none;
+  transform: perspective(1200px) rotateY(10deg) translateX(24px) scale(0.98);
+  transition: opacity 0.45s ease, transform 0.45s ease;
+}
+
+.task-page.is-active {
+  opacity: 1;
+  pointer-events: auto;
+  transform: perspective(1200px) rotateY(0deg) translateX(0) scale(1);
+  z-index: 2;
+}
+
+.task-page.is-left {
+  transform: perspective(1200px) rotateY(-12deg) translateX(-26px) scale(0.97);
+}
+
+.task-page-inner {
+  display: grid;
+  gap: 18px;
+}
+
+.task-page-grid {
+  display: grid;
+  grid-template-columns: minmax(0, 1.05fr) minmax(0, 0.95fr);
+  gap: 22px;
+}
+
+.task-page-content {
+  display: grid;
+  gap: 14px;
+  align-content: start;
+}
+
+.task-page-media {
+  display: grid;
+  gap: 12px;
+}
+
+.is-hidden {
+  display: none !important;
+}
+
+.clue-modal {
+  position: fixed;
+  inset: 0;
+  display: none;
+  align-items: center;
+  justify-content: center;
+  z-index: 50;
+  padding: 24px;
+}
+
+.clue-modal.is-open {
+  display: flex;
+}
+
+.clue-modal-backdrop {
+  position: absolute;
+  inset: 0;
+  background: linear-gradient(135deg, rgba(24, 57, 34, 0.78), rgba(76, 148, 97, 0.48), rgba(246, 184, 91, 0.42));
+  backdrop-filter: blur(16px);
+}
+
+.clue-modal-dialog {
+  position: relative;
+  z-index: 1;
+  width: min(760px, 100%);
+  display: grid;
+  gap: 12px;
+}
+
+.clue-close-btn {
+  justify-self: end;
+}
+
+.clue-gradient-panel {
+  padding: 18px;
+  border-radius: 30px;
+  background: linear-gradient(145deg, rgba(255, 255, 255, 0.94), rgba(223, 245, 228, 0.86), rgba(255, 241, 214, 0.9));
+  box-shadow: 0 30px 90px rgba(20, 51, 29, 0.28);
+}
+
+.clue-gradient-panel img {
+  width: 100%;
+  border-radius: 24px;
+  max-height: 72vh;
+  object-fit: contain;
+  background: rgba(255, 255, 255, 0.72);
+}
+
+.review-live-grid .review-grid {
+  grid-template-columns: 1fr;
+}
+
+.presence-item,
+.activity-actions {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+}
+
+.inset-rank-card::after,
+.hero-side-rank::after {
+  display: none;
+}
+
+@media (max-width: 1080px) {
+  .leaderboard-hero,
+  .task-page-grid,
+  .users-admin-grid,
+  .presence-admin-grid,
+  .review-live-grid {
+    grid-template-columns: 1fr;
+  }
+
+  .hero-side-rank {
+    width: 100%;
+  }
+}
+
+@media (max-width: 720px) {
+  .bulk-toolbar,
+  .task-carousel-head,
+  .carousel-controls,
+  .presence-item,
+  .activity-actions {
+    grid-template-columns: 1fr;
+    flex-direction: column;
+    align-items: stretch;
+  }
+
+  .task-flip-book {
+    min-height: 900px;
+  }
+}

app/templates/account.html

@@ -0,0 +1,69 @@
+{% extends 'base.html' %}
+
+{% block content %}
+  <section class="hero-card">
+    <div>
+      <p class="eyebrow">Account Center</p>
+      <h2>{{ identity_name }}</h2>
+      <p class="lead">可以在这里修改登录密码，并查看与你相关的小组成员名单。</p>
+    </div>
+    <div class="hero-badges">
+      <span class="pill">{{ identity_label }}</span>
+      <span class="pill">{{ group_cards|length }} 个小组视图</span>
+    </div>
+  </section>
+
+  <section class="page-grid admin-page-grid">
+    <article class="glass-card form-panel">
+      <div class="section-head">
+        <div>
+          <p class="eyebrow">Password</p>
+          <h3>修改密码</h3>
+        </div>
+      </div>
+      <form method="post" action="/account/password" class="form-stack">
+        <label>
+          <span>当前密码</span>
+          <input type="password" name="current_password" required />
+        </label>
+        <label>
+          <span>新密码</span>
+          <input type="password" name="new_password" required />
+        </label>
+        <label>
+          <span>确认新密码</span>
+          <input type="password" name="confirm_password" required />
+        </label>
+        <button class="btn btn-primary" type="submit">更新密码</button>
+      </form>
+    </article>
+
+    <article class="glass-card table-panel">
+      <div class="section-head">
+        <div>
+          <p class="eyebrow">Groups</p>
+          <h3>小组信息</h3>
+        </div>
+      </div>
+      <div class="stack-list">
+        {% for group_card in group_cards %}
+          <article class="stack-item stack-item-block">
+            <div>
+              <strong>{{ group_card.name }}</strong>
+              <p class="muted">仅展示成员姓名</p>
+            </div>
+            <div class="chip-row">
+              {% for member_name in group_card.members %}
+                <span class="chip">{{ member_name }}</span>
+              {% else %}
+                <span class="chip">暂无成员</span>
+              {% endfor %}
+            </div>
+          </article>
+        {% else %}
+          <p class="muted">当前没有可查看的小组信息。</p>
+        {% endfor %}
+      </div>
+    </article>
+  </section>
+{% endblock %}

app/templates/activity_detail.html

@@ -1,190 +1,350 @@
 {% extends 'base.html' %}
 
 {% block content %}
-  <section class="hero-card activity-hero">
-    <div>
+  <section class="hero-card leaderboard-hero">
+    <div class="hero-split-main">
       <a class="ghost-link" href="/dashboard">返回活动列表</a>
       <p class="eyebrow">Activity Detail</p>
       <h2>{{ activity.title }}</h2>
       <p class="lead">{{ activity.description or '管理员暂未填写活动说明。' }}</p>
+      <div class="hero-badges">
+        <span class="pill">开始 {{ activity.start_at|datetime_local }}</span>
+        <span class="pill">截止 {{ activity.deadline_at|datetime_local }}</span>
+        <span class="pill" id="hero-progress-pill">小组完成 {{ group_progress.approved_count }}/{{ group_progress.total_tasks }}</span>
+      </div>
     </div>
-    <div class="hero-badges">
-      <span class="pill">开始 {{ activity.start_at|datetime_local }}</span>
-      <span class="pill">截止 {{ activity.deadline_at|datetime_local }}</span>
-      <span class="pill">{{ activity.tasks|length }} 个任务</span>
-    </div>
-  </section>
 
-  <section class="task-grid">
-    {% for task in activity.tasks %}
-      {% set submission = submission_by_task.get(task.id) %}
-      {% set clue_ready = clue_states.get(task.id) %}
-      <article class="glass-card task-card" data-task-card data-task-id="{{ task.id }}" data-clue-released="{{ 'true' if clue_ready else 'false' }}">
-        <div class="task-card-head">
-          <div>
-            <p class="eyebrow">Task {{ loop.index }}</p>
-            <h3>{{ task.title }}</h3>
-          </div>
-          <button
-            class="clue-toggle {% if clue_ready %}is-ready{% endif %}"
-            type="button"
-            data-clue-toggle
-            data-primary-url="/media/tasks/{{ task.id }}/image"
-            data-clue-url="/media/tasks/{{ task.id }}/clue"
-            {% if not task.clue_image_filename %}disabled{% endif %}
-            title="{% if clue_ready %}点击查看线索{% elif task.clue_image_filename %}线索尚未发布{% else %}未设置线索图{% endif %}"
-          >
-            💡
-          </button>
+    <div class="hero-side-rank glass-card inset-rank-card" id="leaderboard-panel">
+      <div class="section-head compact-head">
+        <div>
+          <p class="eyebrow">Live Ranking</p>
+          <h3>实时排行榜</h3>
         </div>
-        <p class="muted task-description">{{ task.description or '到达对应打卡点后上传一张清晰照片。' }}</p>
-
-        <div class="task-media-wrap">
-          <img
-            src="/media/tasks/{{ task.id }}/image"
-            alt="{{ task.title }}"
-            class="task-media"
-            data-task-image
-          />
-          {% if task.clue_release_at %}
-            <div class="release-note">线索发布时间：{{ task.clue_release_at|datetime_local }}</div>
-          {% endif %}
+        {% if not activity.leaderboard_visible %}
+          <span class="status-badge">管理员已隐藏</span>
+        {% endif %}
+      </div>
+      {% if activity.leaderboard_visible %}
+        <div class="rank-table-wrap">
+          <table class="rank-table" id="leaderboard-table">
+            <thead>
+              <tr>
+                <th>排名</th>
+                <th>小组</th>
+                <th>完成</th>
+                <th>人数</th>
+                <th>耗时</th>
+              </tr>
+            </thead>
+            <tbody>
+              {% for row in leaderboard %}
+                <tr>
+                  <td>#{{ loop.index }}</td>
+                  <td>{{ row.group_name }}</td>
+                  <td>{{ row.completed_count }}</td>
+                  <td>{{ row.member_count }}</td>
+                  <td>{{ row.total_elapsed|duration_human }}</td>
+                </tr>
+              {% else %}
+                <tr>
+                  <td colspan="5">还没有通过审核的打卡记录。</td>
+                </tr>
+              {% endfor %}
+            </tbody>
+          </table>
         </div>
+      {% else %}
+        <p class="muted">当前活动的排行榜暂不对用户开放。</p>
+      {% endif %}
+    </div>
+  </section>
 
-        <div class="task-status-row">
-          {% if submission %}
-            {% if submission.status == 'approved' %}
-              <span class="status-badge status-approved">打卡成功</span>
-            {% elif submission.status == 'rejected' %}
-              <span class="status-badge status-rejected">打卡失败</span>
-            {% else %}
-              <span class="status-badge">等待审核</span>
-            {% endif %}
-            <span class="mini-note">最近提交：{{ submission.created_at|datetime_local }}</span>
-          {% else %}
-            <span class="status-badge">尚未上传</span>
-          {% endif %}
-        </div>
+  {% if not user.group %}
+    <section class="glass-card empty-state">
+      <h3>你还没有加入小组</h3>
+      <p>当前活动采用小组共享进度模式，请先联系管理员分组后再参与打��。</p>
+    </section>
+  {% endif %}
 
-        {% if submission and submission.feedback %}
-          <p class="feedback-box">审核备注：{{ submission.feedback }}</p>
-        {% endif %}
+  <section class="task-carousel-shell">
+    <div class="task-carousel-head">
+      <div class="chip-row">
+        <span class="chip" id="approved-progress-chip">已完成 {{ group_progress.approved_count }}</span>
+        <span class="chip" id="pending-progress-chip">待审核 {{ group_progress.pending_count }}</span>
+        <span class="chip" id="rejected-progress-chip">被驳回 {{ group_progress.rejected_count }}</span>
+      </div>
+      <div class="carousel-controls">
+        <button class="btn btn-secondary small-btn" type="button" id="prev-task-btn">上一张</button>
+        <span class="mini-note" id="task-counter">1 / {{ activity.tasks|length }}</span>
+        <button class="btn btn-secondary small-btn" type="button" id="next-task-btn">下一张</button>
+      </div>
+    </div>
 
-        {% if submission %}
-          <div class="submission-preview">
-            <span class="mini-note">我的提交预览</span>
-            <img src="/media/submissions/{{ submission.id }}" alt="{{ task.title }} 提交预览" />
-          </div>
-        {% endif %}
+    <div class="task-flip-book" id="task-flip-book">
+      {% for task in activity.tasks %}
+        {% set submission = group_submission_by_task.get(task.id) %}
+        {% set clue_ready = clue_states.get(task.id) %}
+        <article class="glass-card task-page {% if loop.first %}is-active{% endif %}" data-task-page data-task-index="{{ loop.index0 }}" data-task-id="{{ task.id }}" data-clue-released="{{ 'true' if clue_ready else 'false' }}">
+          <div class="task-page-inner">
+            <div class="task-card-head">
+              <div>
+                <p class="eyebrow">Task {{ loop.index }}</p>
+                <h3>{{ task.title }}</h3>
+              </div>
+              <button
+                class="clue-toggle {% if clue_ready %}is-ready{% endif %}"
+                type="button"
+                data-clue-toggle
+                data-clue-url="/media/tasks/{{ task.id }}/clue"
+                {% if not task.clue_image_filename %}disabled{% endif %}
+                title="{% if clue_ready %}查看线索提示图{% elif task.clue_image_filename %}线索尚未发布{% else %}未设置线索图{% endif %}"
+              >
+                💡
+              </button>
+            </div>
 
-        <form action="/activities/{{ activity.id }}/tasks/{{ task.id }}/submit" method="post" enctype="multipart/form-data" class="upload-form">
-          <label class="upload-label">
-            <span>上传打卡照片</span>
-            <input type="file" name="photo" accept="image/*" {% if submission and submission.status == 'approved' %}disabled{% endif %} required />
-          </label>
-          <button class="btn btn-primary" type="submit" {% if submission and submission.status == 'approved' %}disabled{% endif %}>提交审核</button>
-        </form>
-      </article>
-    {% endfor %}
-  </section>
+            <div class="task-page-grid">
+              <div class="task-page-media">
+                <img src="/media/tasks/{{ task.id }}/image" alt="{{ task.title }}" class="task-media" />
+                {% if task.clue_release_at %}
+                  <div class="release-note">线索发布时间：{{ task.clue_release_at|datetime_local }}</div>
+                {% endif %}
+              </div>
 
-  <section class="glass-card leaderboard-card">
-    <div class="section-head">
-      <div>
-        <p class="eyebrow">Live Ranking</p>
-        <h3>实时排行榜</h3>
-      </div>
-      {% if not activity.leaderboard_visible %}
-        <span class="status-badge">管理员已隐藏</span>
-      {% endif %}
+              <div class="task-page-content">
+                <p class="muted task-description">{{ task.description or '到达对应打卡点后，由小组任意成员上传一张清晰照片即可。' }}</p>
+                <div class="task-status-row" data-status-wrap>
+                  {% if submission %}
+                    {% if submission.status == 'approved' %}
+                      <span class="status-badge status-approved">小组打卡成功</span>
+                    {% elif submission.status == 'rejected' %}
+                      <span class="status-badge status-rejected">小组打卡失败</span>
+                    {% else %}
+                      <span class="status-badge">等待审核</span>
+                    {% endif %}
+                    <span class="mini-note" data-status-note>上传人：{{ submission.user.full_name if submission.user else '未知成员' }} · {{ submission.created_at|datetime_local }}</span>
+                  {% else %}
+                    <span class="status-badge">尚未上传</span>
+                    <span class="mini-note" data-status-note>当前点位还没有小组提交记录。</span>
+                  {% endif %}
+                </div>
+
+                <p class="feedback-box {% if not submission or not submission.feedback %}is-hidden{% endif %}" data-feedback-box>
+                  审核备注：{{ submission.feedback if submission and submission.feedback else '' }}
+                </p>
+
+                {% if submission %}
+                  <div class="submission-preview" data-preview-wrap>
+                    <span class="mini-note">当前小组提交预览</span>
+                    <img src="/media/submissions/{{ submission.id }}" alt="{{ task.title }} 提交预览" data-preview-image />
+                  </div>
+                {% else %}
+                  <div class="submission-preview is-hidden" data-preview-wrap>
+                    <span class="mini-note">当前小组提交预览</span>
+                    <img src="" alt="提交预览" data-preview-image />
+                  </div>
+                {% endif %}
+
+                <form action="/activities/{{ activity.id }}/tasks/{{ task.id }}/submit" method="post" enctype="multipart/form-data" class="upload-form" data-upload-form>
+                  <label class="upload-label">
+                    <span>上传小组打卡照片</span>
+                    <input type="file" name="photo" accept="image/*" data-upload-input {% if submission and submission.status == 'approved' or not user.group %}disabled{% endif %} required />
+                  </label>
+                  <button class="btn btn-primary" type="submit" data-upload-submit {% if submission and submission.status == 'approved' or not user.group %}disabled{% endif %}>提交审核</button>
+                </form>
+              </div>
+            </div>
+          </div>
+        </article>
+      {% endfor %}
     </div>
+  </section>
 
-    {% if activity.leaderboard_visible %}
-      <div class="rank-table-wrap">
-        <table class="rank-table">
-          <thead>
-            <tr>
-              <th>排名</th>
-              <th>小组</th>
-              <th>完成打卡点</th>
-              <th>成员数</th>
-              <th>总耗时</th>
-            </tr>
-          </thead>
-          <tbody>
-            {% for row in leaderboard %}
-              <tr>
-                <td>#{{ loop.index }}</td>
-                <td>{{ row.group_name }}</td>
-                <td>{{ row.completed_count }}</td>
-                <td>{{ row.member_count }}</td>
-                <td>{{ row.total_elapsed|duration_human }}</td>
-              </tr>
-            {% else %}
-              <tr>
-                <td colspan="5">还没有通过审核的打卡记录，排行榜会在成功打卡后自动更新。</td>
-              </tr>
-            {% endfor %}
-          </tbody>
-        </table>
+  <div class="clue-modal" id="clue-modal" aria-hidden="true">
+    <div class="clue-modal-backdrop"></div>
+    <div class="clue-modal-dialog">
+      <button class="btn btn-ghost small-btn clue-close-btn" type="button" id="clue-close-btn">关闭</button>
+      <div class="clue-gradient-panel">
+        <img src="" alt="线索提示图" id="clue-modal-image" />
       </div>
-    {% else %}
-      <p class="muted">当前活动的排行榜暂不对用户开放。</p>
-    {% endif %}
-  </section>
+    </div>
+  </div>
 
   <script>
     (() => {
-      const cards = Array.from(document.querySelectorAll('[data-task-card]'));
+      const pages = Array.from(document.querySelectorAll('[data-task-page]'));
+      if (!pages.length) return;
+
+      const counter = document.getElementById('task-counter');
+      const prevBtn = document.getElementById('prev-task-btn');
+      const nextBtn = document.getElementById('next-task-btn');
+      const clueModal = document.getElementById('clue-modal');
+      const clueModalImage = document.getElementById('clue-modal-image');
+      const clueCloseBtn = document.getElementById('clue-close-btn');
+      const heroProgressPill = document.getElementById('hero-progress-pill');
+      const approvedProgressChip = document.getElementById('approved-progress-chip');
+      const pendingProgressChip = document.getElementById('pending-progress-chip');
+      const rejectedProgressChip = document.getElementById('rejected-progress-chip');
+      let currentIndex = 0;
       const seenReleased = new Set(
-        cards.filter((card) => card.dataset.clueReleased === 'true').map((card) => card.dataset.taskId)
+        pages.filter((page) => page.dataset.clueReleased === 'true').map((page) => page.dataset.taskId)
       );
 
-      cards.forEach((card) => {
-        const button = card.querySelector('[data-clue-toggle]');
-        const image = card.querySelector('[data-task-image]');
-        if (!button || !image) return;
+      const formatStatusNote = (item) => {
+        if (!item.uploader_name) {
+          return '当前点位还没有小组提交记录。';
+        }
+        const parts = [`上传人：${item.uploader_name}`];
+        if (item.submitted_at) parts.push(item.submitted_at);
+        if (item.reviewer_name && item.status !== 'pending') parts.push(`审核人：${item.reviewer_name}`);
+        return parts.join(' · ');
+      };
+
+      const setActivePage = (index) => {
+        currentIndex = (index + pages.length) % pages.length;
+        pages.forEach((page, pageIndex) => {
+          page.classList.toggle('is-active', pageIndex === currentIndex);
+          page.classList.toggle('is-left', pageIndex < currentIndex);
+        });
+        if (counter) counter.textContent = `${currentIndex + 1} / ${pages.length}`;
+      };
+
+      prevBtn?.addEventListener('click', () => setActivePage(currentIndex - 1));
+      nextBtn?.addEventListener('click', () => setActivePage(currentIndex + 1));
+      setActivePage(0);
+
+      const closeClueModal = () => {
+        clueModal?.classList.remove('is-open');
+        if (clueModal) clueModal.setAttribute('aria-hidden', 'true');
+      };
+
+      clueCloseBtn?.addEventListener('click', closeClueModal);
+      clueModal?.addEventListener('click', (event) => {
+        if (event.target === clueModal || event.target.classList.contains('clue-modal-backdrop')) {
+          closeClueModal();
+        }
+      });
 
+      pages.forEach((page) => {
+        const button = page.querySelector('[data-clue-toggle]');
+        if (!button) return;
         button.addEventListener('click', () => {
           if (!button.classList.contains('is-ready')) return;
-          const showingClue = button.dataset.mode === 'clue';
-          image.src = showingClue ? button.dataset.primaryUrl : button.dataset.clueUrl;
-          button.dataset.mode = showingClue ? 'primary' : 'clue';
-          button.classList.toggle('is-clue-view', !showingClue);
+          if (clueModalImage) clueModalImage.src = button.dataset.clueUrl;
+          clueModal?.classList.add('is-open');
+          clueModal?.setAttribute('aria-hidden', 'false');
         });
       });
 
-      const isMobileLike = window.matchMedia('(pointer: coarse)').matches;
+      const refreshLeaderboard = (rows) => {
+        const table = document.getElementById('leaderboard-table');
+        if (!table) return;
+        const body = table.querySelector('tbody');
+        if (!body) return;
+        if (!rows.length) {
+          body.innerHTML = '<tr><td colspan="5">还没有通过审核的打卡记录。</td></tr>';
+          return;
+        }
+        body.innerHTML = rows.map((row, index) => `
+          <tr>
+            <td>#${index + 1}</td>
+            <td>${row.group_name}</td>
+            <td>${row.completed_count}</td>
+            <td>${row.member_count}</td>
+            <td>${row.total_elapsed} 分钟</td>
+          </tr>`).join('');
+      };
 
-      const poll = async () => {
+      const refreshStatuses = async () => {
         try {
-          const response = await fetch('/api/activities/{{ activity.id }}/clues', { headers: { 'X-Requested-With': 'fetch' } });
-          if (!response.ok) return;
-          const payload = await response.json();
-          (payload.released_task_ids || []).forEach((taskId) => {
+          const statusResponse = await fetch('/api/activities/{{ activity.id }}/status', { headers: { 'X-Requested-With': 'fetch' } });
+          if (statusResponse.ok) {
+            const payload = await statusResponse.json();
+            const progress = payload.progress || {};
+            if (heroProgressPill) {
+              heroProgressPill.textContent = `小组完成 ${progress.approved_count || 0}/${progress.total_tasks || 0}`;
+            }
+            if (approvedProgressChip) {
+              approvedProgressChip.textContent = `已完成 ${progress.approved_count || 0}`;
+            }
+            if (pendingProgressChip) {
+              pendingProgressChip.textContent = `待审核 ${progress.pending_count || 0}`;
+            }
+            if (rejectedProgressChip) {
+              rejectedProgressChip.textContent = `被驳回 ${progress.rejected_count || 0}`;
+            }
+
+            (payload.tasks || []).forEach((item) => {
+              const page = pages.find((entry) => entry.dataset.taskId === String(item.task_id));
+              if (!page) return;
+              const statusWrap = page.querySelector('[data-status-wrap]');
+              const feedbackBox = page.querySelector('[data-feedback-box]');
+              const previewWrap = page.querySelector('[data-preview-wrap]');
+              const previewImage = page.querySelector('[data-preview-image]');
+              const uploadInput = page.querySelector('[data-upload-input]');
+              const uploadSubmit = page.querySelector('[data-upload-submit]');
+              let badge = '<span class="status-badge">尚未上传</span>';
+              if (item.status === 'approved') {
+                badge = '<span class="status-badge status-approved">小组打卡成功</span>';
+              } else if (item.status === 'rejected') {
+                badge = '<span class="status-badge status-rejected">小组打卡失败</span>';
+              } else if (item.status === 'pending') {
+                badge = '<span class="status-badge">等待审核</span>';
+              }
+              if (statusWrap) {
+                statusWrap.innerHTML = `${badge}<span class="mini-note" data-status-note>${formatStatusNote(item)}</span>`;
+              }
+              if (feedbackBox) {
+                feedbackBox.textContent = item.feedback ? `审核备注：${item.feedback}` : '';
+                feedbackBox.classList.toggle('is-hidden', !item.feedback);
+              }
+              if (previewWrap && previewImage) {
+                if (item.submission_id) {
+                  previewWrap.classList.remove('is-hidden');
+                  const version = encodeURIComponent(item.submitted_at || Date.now());
+                  previewImage.src = `/media/submissions/${item.submission_id}?ts=${version}`;
+                } else {
+                  previewWrap.classList.add('is-hidden');
+                  previewImage.src = '';
+                }
+              }
+              if (uploadInput) {
+                uploadInput.disabled = !item.can_upload;
+              }
+              if (uploadSubmit) {
+                uploadSubmit.disabled = !item.can_upload;
+              }
+            });
+            refreshLeaderboard(payload.leaderboard || []);
+          }
+
+          const clueResponse = await fetch('/api/activities/{{ activity.id }}/clues', { headers: { 'X-Requested-With': 'fetch' } });
+          if (!clueResponse.ok) return;
+          const cluePayload = await clueResponse.json();
+          (cluePayload.released_task_ids || []).forEach((taskId) => {
             const stringId = String(taskId);
-            const card = cards.find((item) => item.dataset.taskId === stringId);
-            if (!card) return;
-            const button = card.querySelector('[data-clue-toggle]');
+            const page = pages.find((entry) => entry.dataset.taskId === stringId);
+            if (!page) return;
+            const button = page.querySelector('[data-clue-toggle]');
             if (!button) return;
             button.classList.add('is-ready');
-            card.dataset.clueReleased = 'true';
+            button.title = '查看线索提示图';
             if (!seenReleased.has(stringId)) {
               seenReleased.add(stringId);
-              card.classList.add('pulse-highlight');
-              setTimeout(() => card.classList.remove('pulse-highlight'), 1800);
-              if (isMobileLike && navigator.vibrate) {
+              page.classList.add('pulse-highlight');
+              setTimeout(() => page.classList.remove('pulse-highlight'), 1800);
+              if (window.matchMedia('(pointer: coarse)').matches && navigator.vibrate) {
                 navigator.vibrate([220, 80, 220]);
               }
             }
           });
         } catch (error) {
-          console.debug('clue polling skipped', error);
+          console.debug('task status refresh skipped', error);
         }
       };
 
-      window.setInterval(poll, 20000);
+      refreshStatuses();
+      window.setInterval(refreshStatuses, 10000);
     })();
   </script>
 {% endblock %}
-

app/templates/admin_activity_edit.html

@@ -51,6 +51,48 @@
       </label>
     </section>
 
+    <section class="glass-card leaderboard-card wide-panel">
+      <div class="section-head compact-head">
+        <div>
+          <p class="eyebrow">Live Ranking</p>
+          <h3>活动实时排行榜</h3>
+          <p class="mini-note">管理员始终可见，用于现场统筹和审核判断；用户是否可见由上方开关控制。</p>
+        </div>
+        <div class="chip-row">
+          <span class="chip">用户端{{ '可见' if activity.leaderboard_visible else '隐藏' }}</span>
+          <span class="chip">按完成点位数优先，再按总耗时排序</span>
+        </div>
+      </div>
+      <div class="rank-table-wrap">
+        <table class="rank-table">
+          <thead>
+            <tr>
+              <th>排名</th>
+              <th>小组</th>
+              <th>完成</th>
+              <th>人数</th>
+              <th>总耗时</th>
+            </tr>
+          </thead>
+          <tbody>
+            {% for row in leaderboard %}
+              <tr>
+                <td>#{{ loop.index }}</td>
+                <td>{{ row.group_name }}</td>
+                <td>{{ row.completed_count }}</td>
+                <td>{{ row.member_count }}</td>
+                <td>{{ row.total_elapsed|duration_human }}</td>
+              </tr>
+            {% else %}
+              <tr>
+                <td colspan="5">当前还没有通过审核的小组打卡记录。</td>
+              </tr>
+            {% endfor %}
+          </tbody>
+        </table>
+      </div>
+    </section>
+
     <section class="glass-card form-panel wide-panel">
       <div class="section-head">
         <div>

app/templates/admin_admins.html

@@ -1,7 +1,7 @@
 {% extends 'base.html' %}
 
 {% block content %}
-  <section class="page-grid admin-page-grid">
+  <section class="page-grid admin-page-grid presence-admin-grid">
     <article class="glass-card form-panel">
       <div class="section-head">
         <div>
@@ -59,4 +59,98 @@
       </div>
     </article>
   </section>
+
+  <section class="page-grid admin-page-grid presence-admin-grid">
+    <article class="glass-card table-panel">
+      <div class="section-head">
+        <div>
+          <p class="eyebrow">Presence</p>
+          <h3>管理员在线状态</h3>
+        </div>
+      </div>
+      <div class="stack-list" id="admin-presence-list">
+        {% for item in admin_statuses %}
+          <div class="stack-item presence-item">
+            <div>
+              <strong>{{ item.name }}</strong>
+              <p class="muted">{{ item.username }} · {{ item.role_label }}</p>
+            </div>
+            <span class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}">
+              {{ '在线' if item.is_online else '离线' }} · {{ item.last_seen_at }}
+            </span>
+          </div>
+        {% endfor %}
+      </div>
+    </article>
+
+    <article class="glass-card table-panel">
+      <div class="section-head">
+        <div>
+          <p class="eyebrow">Presence</p>
+          <h3>所有用户在线状态</h3>
+        </div>
+      </div>
+      <div class="stack-list" id="user-presence-list">
+        {% for item in user_statuses %}
+          <div class="stack-item presence-item">
+            <div>
+              <strong>{{ item.name }}</strong>
+              <p class="muted">{{ item.group_name }}</p>
+            </div>
+            <span class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}">
+              {{ '在线' if item.is_online else '离线' }} · {{ item.last_seen_at }}
+            </span>
+          </div>
+        {% endfor %}
+      </div>
+    </article>
+  </section>
+
+  <script>
+    (() => {
+      const adminList = document.getElementById('admin-presence-list');
+      const userList = document.getElementById('user-presence-list');
+      if (!adminList || !userList) return;
+
+      const renderItems = (container, items, formatter) => {
+        container.innerHTML = items.map(formatter).join('');
+      };
+
+      const adminFormatter = (item) => `
+        <div class="stack-item presence-item">
+          <div>
+            <strong>${item.name}</strong>
+            <p class="muted">${item.username} · ${item.role}</p>
+          </div>
+          <span class="status-badge ${item.is_online ? 'status-approved' : 'status-rejected'}">
+            ${item.is_online ? '在线' : '离线'} · ${item.last_seen_at}
+          </span>
+        </div>`;
+
+      const userFormatter = (item) => `
+        <div class="stack-item presence-item">
+          <div>
+            <strong>${item.name}</strong>
+            <p class="muted">${item.group_name}</p>
+          </div>
+          <span class="status-badge ${item.is_online ? 'status-approved' : 'status-rejected'}">
+            ${item.is_online ? '在线' : '离线'} · ${item.last_seen_at}
+          </span>
+        </div>`;
+
+      const refreshPresence = async () => {
+        try {
+          const response = await fetch('/api/admin/presence/overview', { headers: { 'X-Requested-With': 'fetch' } });
+          if (!response.ok) return;
+          const payload = await response.json();
+          renderItems(adminList, payload.admins || [], adminFormatter);
+          renderItems(userList, payload.users || [], userFormatter);
+        } catch (error) {
+          console.debug('presence refresh skipped', error);
+        }
+      };
+
+      window.setInterval(refreshPresence, 15000);
+    })();
+  </script>
 {% endblock %}

app/templates/admin_dashboard.html

@@ -10,6 +10,7 @@
     <div class="hero-badges">
       <span class="pill">角色 {{ '超级管理员' if admin.role == 'superadmin' else '管理员' }}</span>
       <span class="pill">待审核 {{ stats.pending_count }} 项</span>
+      <span class="pill">在线管理员 {{ stats.online_admin_count }}</span>
     </div>
   </section>
 
@@ -27,8 +28,8 @@
       <strong>{{ stats.activity_count }}</strong>
     </article>
     <article class="glass-card stat-card">
-      <span>管理员数量</span>
-      <strong>{{ stats.admin_count }}</strong>
+      <span>在线用户</span>
+      <strong>{{ stats.online_user_count }}</strong>
     </article>
   </section>
 
@@ -70,4 +71,48 @@
       </div>
     </article>
   </section>
+
+  {% if online_overview %}
+    <section class="page-grid admin-page-grid">
+      <article class="glass-card table-panel">
+        <div class="section-head">
+          <div>
+            <p class="eyebrow">Presence</p>
+            <h3>管理员在线状态</h3>
+          </div>
+        </div>
+        <div class="stack-list">
+          {% for item in online_overview.admins %}
+            <div class="stack-item">
+              <strong>{{ item.name }}</strong>
+              <span class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}">
+                {{ '在线' if item.is_online else '离线' }} · {{ item.last_seen_at }}
+              </span>
+            </div>
+          {% endfor %}
+        </div>
+      </article>
+
+      <article class="glass-card table-panel">
+        <div class="section-head">
+          <div>
+            <p class="eyebrow">Presence</p>
+            <h3>用户在线状态</h3>
+          </div>
+        </div>
+        <div class="stack-list">
+          {% for item in online_overview.users[:18] %}
+            <div class="stack-item">
+              <strong>{{ item.name }}</strong>
+              <span class="status-badge {% if item.is_online %}status-approved{% else %}status-rejected{% endif %}">
+                {{ '在线' if item.is_online else '离线' }} · {{ item.last_seen_at }}
+              </span>
+            </div>
+          {% else %}
+            <p class="muted">暂无用户。</p>
+          {% endfor %}
+        </div>
+      </article>
+    </section>
+  {% endif %}
 {% endblock %}

app/templates/admin_reviews.html

@@ -5,22 +5,18 @@
     <div class="section-head">
       <div>
         <p class="eyebrow">Review Center</p>
-        <h3>图片审核与批量下载</h3>
+        <h3>实时审核中心</h3>
+        <p class="mini-note" id="review-live-note">待审核内容会自动分配给在线管理员，页面会持续刷新。</p>
+      </div>
+      <div class="hero-badges">
+        <span class="pill" id="online-admin-pill">当前在线管理员 {{ online_admin_count }}</span>
+        <form id="download-form" method="post" action="/admin/reviews/download" class="inline-form">
+          <button class="btn btn-primary" type="submit">下载已勾选图片</button>
+        </form>
       </div>
-      <form id="download-form" method="post" action="/admin/reviews/download" class="inline-form">
-        <button class="btn btn-primary" type="submit">下载已勾选图片</button>
-      </form>
     </div>
 
     <form method="get" action="/admin/reviews" class="form-grid cols-3 review-filter-form">
-      <label>
-        <span>审核状态</span>
-        <select name="status">
-          <option value="pending" {% if status_filter == 'pending' %}selected{% endif %}>待审核</option>
-          <option value="approved" {% if status_filter == 'approved' %}selected{% endif %}>已通过</option>
-          <option value="rejected" {% if status_filter == 'rejected' %}selected{% endif %}>已驳回</option>
-        </select>
-      </label>
       <label>
         <span>活动筛选</span>
         <select name="activity_id">
@@ -37,49 +33,204 @@
     </form>
   </section>
 
-  <section class="review-grid">
-    {% for submission in submissions %}
-      <article class="glass-card review-card">
-        <div class="card-topline">
-          <label class="checkbox-row compact-checkbox">
-            <input type="checkbox" name="submission_ids" value="{{ submission.id }}" form="download-form" />
-            <span>加入下载</span>
-          </label>
-          {% if submission.status == 'approved' %}
-            <span class="status-badge status-approved">打卡成功</span>
-          {% elif submission.status == 'rejected' %}
-            <span class="status-badge status-rejected">打卡失败</span>
-          {% else %}
-            <span class="status-badge">待审核</span>
-          {% endif %}
+  <section class="page-grid admin-page-grid review-live-grid">
+    <article class="glass-card table-panel">
+      <div class="section-head">
+        <div>
+          <p class="eyebrow">Assigned Queue</p>
+          <h3>分配给我的待审核任务</h3>
         </div>
-        <h3>{{ submission.task.title }}</h3>
-        <p class="muted">{{ submission.task.activity.title }}</p>
-        <p class="muted">{{ submission.user.full_name }} · {{ submission.user.student_id }}</p>
-        <img class="review-image" src="/media/submissions/{{ submission.id }}" alt="{{ submission.task.title }}" />
-        <p class="mini-note">提交时间：{{ submission.created_at|datetime_local }}</p>
-        {% if submission.feedback %}
-          <p class="feedback-box">当前备注：{{ submission.feedback }}</p>
-        {% endif %}
-        <a class="btn btn-ghost full-width-btn" href="/media/submissions/{{ submission.id }}?download=1">单张下载</a>
-        <form method="post" action="/admin/submissions/{{ submission.id }}/review" class="form-stack compact-form">
-          <label>
-            <span>审核备注</span>
-            <textarea name="feedback" rows="2" placeholder="可填写通过说明或驳回原因">{{ submission.feedback or '' }}</textarea>
-          </label>
-          <div class="action-grid two-actions">
-            <button class="btn btn-primary" type="submit" name="decision" value="approved">审核通过</button>
-            <button class="btn btn-danger" type="submit" name="decision" value="rejected">审核驳回</button>
-          </div>
-        </form>
-      </article>
-    {% else %}
-      <article class="empty-state">
-        <h3>当前没有符合条件的提交记录</h3>
-        <p>切换筛选条件后再看看，或者等待用户上传打卡照片。</p>
-      </article>
-    {% endfor %}
+      </div>
+      <div class="review-grid" id="assigned-review-grid">
+        {% for submission in assigned_submissions %}
+          <article class="glass-card review-card" data-review-card data-submission-id="{{ submission.id }}">
+            <div class="card-topline">
+              <label class="checkbox-row compact-checkbox">
+                <input type="checkbox" name="submission_ids" value="{{ submission.id }}" form="download-form" />
+                <span>加入下载</span>
+              </label>
+              <span class="status-badge">待审核</span>
+            </div>
+            <h3>{{ submission.task.title }}</h3>
+            <p class="muted">{{ submission.task.activity.title }}</p>
+            <p class="muted">{{ submission.group.name if submission.group else '未分组' }} · 上传人 {{ submission.user.full_name if submission.user else '未知成员' }}</p>
+            <img class="review-image" src="/media/submissions/{{ submission.id }}" alt="{{ submission.task.title }}" />
+            <p class="mini-note">提交时间：{{ submission.created_at|datetime_local }}</p>
+            <a class="btn btn-ghost full-width-btn" href="/media/submissions/{{ submission.id }}?download=1">单张下载</a>
+            <form method="post" action="/admin/submissions/{{ submission.id }}/review" class="form-stack compact-form review-action-form">
+              <label>
+                <span>审核备注</span>
+                <textarea name="feedback" rows="2" placeholder="可填写通过说明或驳回原因"></textarea>
+              </label>
+              <div class="action-grid two-actions">
+                <button class="btn btn-primary" type="submit" name="decision" value="approved">审核通过</button>
+                <button class="btn btn-danger" type="submit" name="decision" value="rejected">审核驳回</button>
+              </div>
+            </form>
+          </article>
+        {% else %}
+          <article class="empty-state" id="assigned-empty-state">
+            <h3>当前还没有分配给你的待审核内容</h3>
+            <p>保持页面打开，系统会自动把新的待审核任务分配给在线管理员。</p>
+          </article>
+        {% endfor %}
+      </div>
+    </article>
+
+    <article class="glass-card table-panel">
+      <div class="section-head">
+        <div>
+          <p class="eyebrow">Recent Reviews</p>
+          <h3>最近审核结果</h3>
+        </div>
+      </div>
+      <div class="stack-list" id="recent-review-list">
+        {% for submission in recent_submissions %}
+          <article class="stack-item stack-item-block">
+            <div>
+              <strong>{{ submission.task.activity.title }} · {{ submission.task.title }}</strong>
+              <p class="muted">{{ submission.group.name if submission.group else '未分组' }} · {{ submission.user.full_name if submission.user else '未知成员' }}</p>
+            </div>
+            <div class="chip-row">
+              <span class="status-badge {% if submission.status == 'approved' %}status-approved{% else %}status-rejected{% endif %}">
+                {{ '通过' if submission.status == 'approved' else '驳回' }}
+              </span>
+              <span class="chip">{{ submission.reviewed_by.display_name if submission.reviewed_by else '未知管理员' }}</span>
+              <span class="chip">{{ submission.reviewed_at|datetime_local if submission.reviewed_at else '-' }}</span>
+            </div>
+          </article>
+        {% else %}
+          <p class="muted">还没有最近审核记录。</p>
+        {% endfor %}
+      </div>
+    </article>
   </section>
+
+  <script>
+    (() => {
+      const assignedGrid = document.getElementById('assigned-review-grid');
+      const recentList = document.getElementById('recent-review-list');
+      const onlineAdminPill = document.getElementById('online-admin-pill');
+      const activityFilter = '{{ activity_filter }}';
+      const selectedIds = new Set(
+        Array.from(document.querySelectorAll('input[name="submission_ids"]:checked')).map((item) => item.value)
+      );
+
+      const syncSelection = (target) => {
+        if (!target || target.name !== 'submission_ids') return;
+        if (target.checked) {
+          selectedIds.add(target.value);
+        } else {
+          selectedIds.delete(target.value);
+        }
+      };
+
+      document.addEventListener('change', (event) => {
+        syncSelection(event.target);
+      });
+
+      const cardHtml = (item) => `
+        <article class="glass-card review-card" data-review-card data-submission-id="${item.id}">
+          <div class="card-topline">
+            <label class="checkbox-row compact-checkbox">
+              <input type="checkbox" name="submission_ids" value="${item.id}" form="download-form" ${selectedIds.has(String(item.id)) ? 'checked' : ''} />
+              <span>加入下载</span>
+            </label>
+            <span class="status-badge">待审核</span>
+          </div>
+          <h3>${item.task_title}</h3>
+          <p class="muted">${item.activity_title}</p>
+          <p class="muted">${item.group_name} · 上传人 ${item.uploader_name}</p>
+          <img class="review-image" src="${item.image_url}" alt="${item.task_title}" />
+          <p class="mini-note">提交时间：${item.created_at}</p>
+          <a class="btn btn-ghost full-width-btn" href="${item.download_url}">单张下载</a>
+          <form method="post" action="/admin/submissions/${item.id}/review" class="form-stack compact-form review-action-form">
+            <label>
+              <span>审核备注</span>
+              <textarea name="feedback" rows="2" placeholder="可填写通过说明或驳回原因"></textarea>
+            </label>
+            <div class="action-grid two-actions">
+              <button class="btn btn-primary" type="submit" name="decision" value="approved">审核通过</button>
+              <button class="btn btn-danger" type="submit" name="decision" value="rejected">审核驳回</button>
+            </div>
+          </form>
+        </article>`;
+
+      const recentHtml = (item) => `
+        <article class="stack-item stack-item-block">
+          <div>
+            <strong>${item.activity_title} · ${item.task_title}</strong>
+            <p class="muted">${item.group_name} · ${item.uploader_name}</p>
+          </div>
+          <div class="chip-row">
+            <span class="status-badge ${item.status === 'approved' ? 'status-approved' : 'status-rejected'}">
+              ${item.status === 'approved' ? '通过' : '驳回'}
+            </span>
+            <span class="chip">${item.reviewed_by_name || '未知管理员'}</span>
+            <span class="chip">${item.reviewed_at || '-'}</span>
+          </div>
+        </article>`;
+
+      const attachReviewForms = () => {
+        document.querySelectorAll('.review-action-form').forEach((form) => {
+          if (form.dataset.bound === 'true') return;
+          form.dataset.bound = 'true';
+          form.addEventListener('submit', async (event) => {
+            event.preventDefault();
+            const submitter = event.submitter;
+            const formData = new FormData(form);
+            if (submitter) {
+              formData.set(submitter.name, submitter.value);
+            }
+            const response = await fetch(form.action, {
+              method: 'POST',
+              headers: { 'X-Requested-With': 'fetch' },
+              body: formData,
+            });
+            if (!response.ok) {
+              refreshFeed();
+              return;
+            }
+            refreshFeed();
+          });
+        });
+      };
+
+      const refreshFeed = async () => {
+        try {
+          const search = activityFilter ? `?activity_id=${activityFilter}` : '';
+          const response = await fetch(`/api/admin/reviews/feed${search}`, { headers: { 'X-Requested-With': 'fetch' } });
+          if (!response.ok) return;
+          const payload = await response.json();
+
+          if (onlineAdminPill) {
+            onlineAdminPill.textContent = `当前在线管理员 ${payload.online_admin_count || 0}`;
+          }
+
+          if (payload.assigned_submissions && payload.assigned_submissions.length) {
+            assignedGrid.innerHTML = payload.assigned_submissions.map(cardHtml).join('');
+          } else {
+            assignedGrid.innerHTML = `
+              <article class="empty-state" id="assigned-empty-state">
+                <h3>当前还没有分配给你的待审核内容</h3>
+                <p>保持页面打开，系统会自动把新的待审核任务分配给在线管理员。</p>
+              </article>`;
+          }
+
+          if (payload.recent_submissions && payload.recent_submissions.length) {
+            recentList.innerHTML = payload.recent_submissions.map(recentHtml).join('');
+          } else {
+            recentList.innerHTML = '<p class="muted">还没有最近审核记录。</p>';
+          }
+          attachReviewForms();
+        } catch (error) {
+          console.debug('review feed refresh skipped', error);
+        }
+      };
+
+      attachReviewForms();
+      refreshFeed();
+      window.setInterval(refreshFeed, 5000);
+    })();
+  </script>
 {% endblock %}
-
-

app/templates/admin_users.html

@@ -1,7 +1,7 @@
 {% extends 'base.html' %}
 
 {% block content %}
-  <section class="page-grid admin-page-grid">
+  <section class="page-grid admin-page-grid users-admin-grid">
     <article class="glass-card form-panel">
       <div class="section-head">
         <div>
@@ -37,49 +37,115 @@
       </form>
     </article>
 
-    <article class="glass-card table-panel">
+    <article class="glass-card form-panel">
       <div class="section-head">
         <div>
-          <p class="eyebrow">Users</p>
-          <h3>用户列表</h3>
+          <p class="eyebrow">Batch Import</p>
+          <h3>批量导入用户</h3>
         </div>
       </div>
-      <div class="table-shell">
-        <table class="data-table">
-          <thead>
-            <tr>
-              <th>学号</th>
-              <th>姓名</th>
-              <th>当前小组</th>
-              <th>调整小组</th>
-            </tr>
-          </thead>
-          <tbody>
-            {% for user_item in users %}
-              <tr>
-                <td>{{ user_item.student_id }}</td>
-                <td>{{ user_item.full_name }}</td>
-                <td>{{ user_item.group.name if user_item.group else '未分组' }}</td>
-                <td>
-                  <form method="post" action="/admin/users/{{ user_item.id }}/group" class="inline-form">
-                    <select name="group_id">
-                      <option value="">未分组</option>
-                      {% for group in groups %}
-                        <option value="{{ group.id }}" {% if user_item.group_id == group.id %}selected{% endif %}>{{ group.name }}</option>
-                      {% endfor %}
-                    </select>
-                    <button class="btn btn-secondary small-btn" type="submit">保存</button>
-                  </form>
-                </td>
-              </tr>
-            {% else %}
-              <tr>
-                <td colspan="4">还没有用户，请先录入。</td>
-              </tr>
+      <form method="post" action="/admin/users/import" class="form-stack">
+        <label>
+          <span>每行一人，格式：姓名 学号</span>
+          <textarea name="import_text" rows="8" placeholder="张三 20230001&#10;李四 20230002"></textarea>
+        </label>
+        <label>
+          <span>导入后分配到小组</span>
+          <select name="group_id">
+            <option value="">暂不分组</option>
+            {% for group in groups %}
+              <option value="{{ group.id }}">{{ group.name }}（{{ group.members|length }}/{{ group.max_members }}）</option>
             {% endfor %}
-          </tbody>
-        </table>
-      </div>
+          </select>
+        </label>
+        <p class="mini-note">默认密码为学号后六位，不足六位则使用完整学号。</p>
+        <button class="btn btn-secondary" type="submit">开始导入</button>
+      </form>
     </article>
   </section>
+
+  <section class="glass-card table-panel">
+    <div class="section-head">
+      <div>
+        <p class="eyebrow">Users</p>
+        <h3>用户列表与批量操作</h3>
+      </div>
+    </div>
+
+    <form id="bulk-users-form" method="post" action="/admin/users/bulk" class="bulk-toolbar">
+      <label>
+        <span>批量操作</span>
+        <select name="bulk_action" required>
+          <option value="assign_group">批量分组</option>
+          <option value="delete">批量删除</option>
+        </select>
+      </label>
+      <label>
+        <span>目标小组</span>
+        <select name="group_id">
+          <option value="">未分组</option>
+          {% for group in groups %}
+            <option value="{{ group.id }}">{{ group.name }}</option>
+          {% endfor %}
+        </select>
+      </label>
+      <button class="btn btn-primary" type="submit">执行批量操作</button>
+    </form>
+
+    <div class="table-shell">
+      <table class="data-table">
+        <thead>
+          <tr>
+            <th>
+              <input type="checkbox" data-check-all />
+            </th>
+            <th>学号</th>
+            <th>姓名</th>
+            <th>当前小组</th>
+            <th>调整小组</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for user_item in users %}
+            <tr>
+              <td>
+                <input type="checkbox" name="user_ids" value="{{ user_item.id }}" data-user-check form="bulk-users-form" />
+              </td>
+              <td>{{ user_item.student_id }}</td>
+              <td>{{ user_item.full_name }}</td>
+              <td>{{ user_item.group.name if user_item.group else '未分组' }}</td>
+              <td>
+                <form method="post" action="/admin/users/{{ user_item.id }}/group" class="inline-form">
+                  <select name="group_id">
+                    <option value="">未分组</option>
+                    {% for group in groups %}
+                      <option value="{{ group.id }}" {% if user_item.group_id == group.id %}selected{% endif %}>{{ group.name }}</option>
+                    {% endfor %}
+                  </select>
+                  <button class="btn btn-secondary small-btn" type="submit">保存</button>
+                </form>
+              </td>
+            </tr>
+          {% else %}
+            <tr>
+              <td colspan="5">还没有用户，请先录入。</td>
+            </tr>
+          {% endfor %}
+        </tbody>
+      </table>
+    </div>
+  </section>
+
+  <script>
+    (() => {
+      const checkAll = document.querySelector('[data-check-all]');
+      const checks = Array.from(document.querySelectorAll('[data-user-check]'));
+      if (!checkAll || checks.length === 0) return;
+      checkAll.addEventListener('change', () => {
+        checks.forEach((checkbox) => {
+          checkbox.checked = checkAll.checked;
+        });
+      });
+    })();
+  </script>
 {% endblock %}

app/templates/base.html

@@ -20,6 +20,7 @@
         <nav class="topnav">
           {% if user %}
             <a href="/dashboard">活动广场</a>
+            <a href="/account">账号中心</a>
             <a href="/logout">退出登录</a>
           {% elif admin %}
             <a href="/admin/dashboard">总览</a>
@@ -27,6 +28,7 @@
             <a href="/admin/groups">小组</a>
             <a href="/admin/activities">活动</a>
             <a href="/admin/reviews">审核</a>
+            <a href="/account">账号中心</a>
             {% if admin.role == 'superadmin' %}
               <a href="/admin/admins">管理员</a>
             {% endif %}
@@ -41,5 +43,17 @@
         {% block content %}{% endblock %}
       </main>
     </div>
+
+    {% if user or admin %}
+      <script>
+        (() => {
+          const ping = () => {
+            fetch('/api/presence/ping', { headers: { 'X-Requested-With': 'fetch' } }).catch(() => null);
+          };
+          ping();
+          window.setInterval(ping, 20000);
+        })();
+      </script>
+    {% endif %}
   </body>
 </html>

app/templates/dashboard.html

@@ -4,7 +4,7 @@
   <section class="hero-card">
     <div>
       <p class="eyebrow">Welcome Back</p>
-      <h2>{{ user.full_name }}，今天也一起去打卡吧</h2>
+      <h2>{{ user.full_name }}，和你的小组一起继续前进吧</h2>
       <p class="lead">
         当前小组：<strong>{{ user.group.name if user.group else '暂未分组' }}</strong>
       </p>
@@ -12,6 +12,7 @@
     <div class="hero-badges">
       <span class="pill">学号 {{ user.student_id }}</span>
       <span class="pill">{{ activity_cards|length }} 个活动</span>
+      <span class="pill">共享进度模式</span>
     </div>
   </section>
 
@@ -40,26 +41,26 @@
             <strong>{{ card.activity.deadline_at|datetime_local }}</strong>
           </div>
           <div>
-            <span>任务数量</span>
-            <strong>{{ card.total_tasks }}</strong>
+            <span>已完成点位</span>
+            <strong>{{ card.approved_count }}/{{ card.total_tasks }}</strong>
           </div>
           <div>
-            <span>已通过</span>
-            <strong>{{ card.approved_count }}</strong>
+            <span>待审核点位</span>
+            <strong>{{ card.pending_count }}</strong>
           </div>
         </div>
         <div class="progress-line">
           <div style="width: {{ 0 if card.total_tasks == 0 else (card.approved_count / card.total_tasks * 100)|round(0) }}%"></div>
         </div>
         <div class="card-footer">
-          <span class="mini-note">待审核 {{ card.pending_count }} 项</span>
+          <span class="mini-note">驳回 {{ card.rejected_count }} 项 · 小组共享</span>
           <a class="btn btn-primary" href="/activities/{{ card.activity.id }}">查看任务</a>
         </div>
       </article>
     {% else %}
       <article class="empty-state">
         <h3>还没有活动</h3>
-        <p>管理员发布活动后，这里会展示你的任务卡片与打卡进度。</p>
+        <p>管理员发布活动后，这里会展示你所在小组的共享任务进度。</p>
       </article>
     {% endfor %}
   </section>