|
35 | 35 | from django.utils.translation import get_language |
36 | 36 |
|
37 | 37 | PASSWORD_REGEX = re.compile( |
38 | | - r"^(?=.*[a-z])(?=.*[_!@#$%^&*`~.()-+=])" |
39 | | - r"(?:(?=.*[A-Z])|(?=.*\d))" |
| 38 | + r"^(?=.*[a-z])(?=.*[_!@#$%^&*`~.()-+=])" |
| 39 | + r"(?:(?=.*[A-Z])|(?=.*\d))" |
40 | 40 | r"[a-zA-Z0-9_!@#$%^&*`~.()-+=]{6,20}$" |
41 | 41 | ) |
42 | 42 |
|
43 | | - |
44 | 43 | version, get_key = Cache_Version.SYSTEM.value |
45 | 44 |
|
46 | 45 |
|
@@ -266,7 +265,7 @@ def _get_user_roles(user_ids): |
266 | 265 | # 将角色信息添加回用户数据中 |
267 | 266 | for user in result['records']: |
268 | 267 | user_id = str(user['id']) |
269 | | - user['role'] = user_role_mapping.get(user_id, []) |
| 268 | + user['role_name'] = user_role_mapping.get(user_id, []) |
270 | 269 | user['role_setting'] = user_role_setting_mapping.get(user_id, []) |
271 | 270 | return result |
272 | 271 |
|
@@ -390,7 +389,7 @@ def delete(self, with_valid=True): |
390 | 389 |
|
391 | 390 | def _check_not_admin(self): |
392 | 391 | user = User.objects.filter(id=self.data.get('id')).first() |
393 | | - if user.role == RoleConstants.ADMIN.name: |
| 392 | + if user.role == RoleConstants.ADMIN.name or str(user.id) == 'f0dd8f71-e4ee-11ee-8c84-a8a1595801ab': |
394 | 393 | raise AppApiException(1004, _('Unable to delete administrator')) |
395 | 394 |
|
396 | 395 | def edit(self, instance, with_valid=True): |
@@ -540,6 +539,27 @@ def update_user_role(instance, user): |
540 | 539 | role_setting = instance.get('role_setting') |
541 | 540 | if not role_setting: |
542 | 541 | return |
| 542 | + if str(user.id) == 'f0dd8f71-e4ee-11ee-8c84-a8a1595801ab': |
| 543 | + # 需要判断当前角色的权限 不能删除系统管理员 空间管理员 普通管理员等角色 |
| 544 | + # role_setting是一个数组 结构式 [{role_id:1,workspace_ids:[1,2]}] |
| 545 | + # 如果role_id不包含ADMIN 就直接报错 如果WORKSPACE_MANAGE 或者USER 必须判断workspace_ids是否包含默认工作空间 不包含就报错 |
| 546 | + admin_role_id = RoleConstants.ADMIN.value |
| 547 | + |
| 548 | + if not any(item['role_id'] == str(admin_role_id) for item in role_setting): |
| 549 | + raise AppApiException(1004, _("Cannot delete built-in role")) |
| 550 | + |
| 551 | + # 验证 WORKSPACE_MANAGE 或 USER 是否包含默认工作空间 |
| 552 | + workspace_manage_role_id = RoleConstants.WORKSPACE_MANAGE.value |
| 553 | + default_workspace_id = 'default' |
| 554 | + |
| 555 | + for item in role_setting: |
| 556 | + role_id = item['role_id'] |
| 557 | + workspace_ids = item.get('workspace_ids', []) |
| 558 | + |
| 559 | + if role_id == str(workspace_manage_role_id) or role_id == str(RoleConstants.USER.value): |
| 560 | + if default_workspace_id not in workspace_ids: |
| 561 | + raise AppApiException(1004, _("Cannot delete built-in role")) |
| 562 | + |
543 | 563 | workspace_user_role_mapping_model.objects.filter(user_id=user.id).delete() |
544 | 564 | relations = set() |
545 | 565 | for item in role_setting: |
|
0 commit comments