Skip to content

Commit

Permalink
feat:获取用户组角色列表时不返回系统管理员角色
Browse files Browse the repository at this point in the history
  • Loading branch information
@zgqgit
zgqgit committed Jun 28, 2024
1 parent 15ac5e9 commit 96a58bd
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 5 deletions.
6 changes: 4 additions & 2 deletions src/backend/bisheng/api/services/role_group_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
from uuid import UUID

from fastapi.encoders import jsonable_encoder
from fastapi import Request
from fastapi import Request, HTTPException

from bisheng.api.services.assistant import AssistantService
from bisheng.api.services.audit_log import AuditLogService
Expand All @@ -16,7 +16,9 @@
from bisheng.database.models.group import Group, GroupCreate, GroupDao, GroupRead, DefaultGroup
from bisheng.database.models.group_resource import GroupResourceDao, ResourceTypeEnum
from bisheng.database.models.knowledge import KnowledgeDao
from bisheng.database.models.role import AdminRole
from bisheng.database.models.user import User, UserDao
from bisheng.database.models.user_role import UserRoleDao
from bisheng.database.models.user_group import UserGroupCreate, UserGroupDao, UserGroupRead
from loguru import logger

Expand Down Expand Up @@ -141,7 +143,7 @@ def insert_user_group(self, user_group: UserGroupCreate) -> UserGroupRead:
def replace_user_groups(self, request: Request, login_user: UserPayload, user_id: int, group_ids: List[int]):
""" 覆盖用户的所在的用户组 """
# 判断下被操作用户是否是超级管理员
user_role_list = UserRoleDao.get_user_role(user_id)
user_role_list = UserRoleDao.get_user_roles(user_id)
if any(one.role_id == AdminRole for one in user_role_list):
raise HTTPException(status_code=500, detail='系统管理员不允许编辑')

Expand Down
2 changes: 2 additions & 0 deletions src/backend/bisheng/api/v1/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,6 +510,8 @@ async def user_addrole(*,
user_role_list = UserRoleDao.get_user_roles(user_role.user_id)
if any(one.role_id == AdminRole for one in user_role_list):
raise HTTPException(status_code=500, detail='系统管理员不允许编辑')
if any(one == AdminRole for one in user_role.role_id):
raise HTTPException(status_code=500, detail='不允许设置为系统管理员')

if not login_user.is_admin():
# 判断拥有哪些用户组的管理权限
Expand Down
6 changes: 3 additions & 3 deletions src/backend/bisheng/database/models/role.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,14 @@ class RoleDao(RoleBase):
@classmethod
def get_role_by_groups(cls, group: List[int], keyword: str = None, page: int = 0, limit: int = 0) -> List[Role]:
"""
获取用户组内的角色列表
获取用户组内的角色列表, 不包含系统管理员角色
params:
group: 用户组ID列表
page: 页数
limit: 每页条数
return: 角色列表
"""
statement = select(Role)
statement = select(Role).where(Role.id > AdminRole)
if group:
statement = statement.where(Role.group_id.in_(group))
if keyword:
Expand All @@ -69,7 +69,7 @@ def count_role_by_groups(cls, group: List[int], keyword: str = None) -> int:
"""
统计用户组内的角色数量,参数如上
"""
statement = select(func.count(Role.id))
statement = select(func.count(Role.id)).where(Role.id > AdminRole)
if group:
statement = statement.where(Role.group_id.in_(group))
if keyword:
Expand Down

0 comments on commit 96a58bd

Please sign in to comment.