zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: role

Browse Source
This commit is contained in:
wxg0103 2025-07-01 18:22:33 +08:00
parent a4143eed23
commit 816bf19d86
1 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apps/users/serializers/user.py
View File

@ -35,12 +35,11 @@ from django.core.mail import send_mail
from django.utils.translation import get_language from django.utils.translation import get_language
PASSWORD_REGEX = re.compile( PASSWORD_REGEX = re.compile(
r"^(?=.*[a-z])(?=.*[_!@#$%^&*`~.()-+=])" r"^(?=.*[a-z])(?=.*[_!@#$%^&*`~.()-+=])"
r"(?:(?=.*[A-Z])|(?=.*\d))" r"(?:(?=.*[A-Z])|(?=.*\d))"
r"[a-zA-Z0-9_!@#$%^&*`~.()-+=]{6,20}$" r"[a-zA-Z0-9_!@#$%^&*`~.()-+=]{6,20}$"
) )
version, get_key = Cache_Version.SYSTEM.value version, get_key = Cache_Version.SYSTEM.value
@ -266,7 +265,7 @@ class UserManageSerializer(serializers.Serializer):
# 将角色信息添加回用户数据中 # 将角色信息添加回用户数据中
for user in result['records']: for user in result['records']:
user_id = str(user['id']) user_id = str(user['id'])
user['role'] = user_role_mapping.get(user_id, []) user['role_name'] = user_role_mapping.get(user_id, [])
user['role_setting'] = user_role_setting_mapping.get(user_id, []) user['role_setting'] = user_role_setting_mapping.get(user_id, [])
return result return result
@ -390,7 +389,7 @@ class UserManageSerializer(serializers.Serializer):
def _check_not_admin(self): def _check_not_admin(self):
user = User.objects.filter(id=self.data.get('id')).first() user = User.objects.filter(id=self.data.get('id')).first()
if user.role == RoleConstants.ADMIN.name: if user.role == RoleConstants.ADMIN.name or str(user.id) == 'f0dd8f71-e4ee-11ee-8c84-a8a1595801ab':
raise AppApiException(1004, _('Unable to delete administrator')) raise AppApiException(1004, _('Unable to delete administrator'))
def edit(self, instance, with_valid=True): def edit(self, instance, with_valid=True):
@ -540,6 +539,27 @@ def update_user_role(instance, user):
role_setting = instance.get('role_setting') role_setting = instance.get('role_setting')
if not role_setting: if not role_setting:
return return
if str(user.id) == 'f0dd8f71-e4ee-11ee-8c84-a8a1595801ab':
# 需要判断当前角色的权限 不能删除系统管理员 空间管理员 普通管理员等角色
# role_setting是一个数组 结构式 [{role_id:1,workspace_ids:[1,2]}]
# 如果role_id不包含ADMIN 就直接报错 如果WORKSPACE_MANAGE 或者USER 必须判断workspace_ids是否包含默认工作空间 不包含就报错
admin_role_id = RoleConstants.ADMIN.value
if not any(item['role_id'] == str(admin_role_id) for item in role_setting):
raise AppApiException(1004, _("Cannot delete built-in role"))
# 验证 WORKSPACE_MANAGE 或 USER 是否包含默认工作空间
workspace_manage_role_id = RoleConstants.WORKSPACE_MANAGE.value
default_workspace_id = 'default'
for item in role_setting:
role_id = item['role_id']
workspace_ids = item.get('workspace_ids', [])
if role_id == str(workspace_manage_role_id) or role_id == str(RoleConstants.USER.value):
if default_workspace_id not in workspace_ids:
raise AppApiException(1004, _("Cannot delete built-in role"))
workspace_user_role_mapping_model.objects.filter(user_id=user.id).delete() workspace_user_role_mapping_model.objects.filter(user_id=user.id).delete()
relations = set() relations = set()
for item in role_setting: for item in role_setting: