From 96a58bd8c07f52888e14ca12faae9bfb4c8712ba Mon Sep 17 00:00:00 2001 From: GuoQing Zhang Date: Fri, 28 Jun 2024 15:14:43 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E8=8E=B7=E5=8F=96=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=BB=84=E8=A7=92=E8=89=B2=E5=88=97=E8=A1=A8=E6=97=B6?= =?UTF-8?q?=E4=B8=8D=E8=BF=94=E5=9B=9E=E7=B3=BB=E7=BB=9F=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E5=91=98=E8=A7=92=E8=89=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/bisheng/api/services/role_group_service.py | 6 ++++-- src/backend/bisheng/api/v1/user.py | 2 ++ src/backend/bisheng/database/models/role.py | 6 +++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/backend/bisheng/api/services/role_group_service.py b/src/backend/bisheng/api/services/role_group_service.py index ef70f504d..7616dfde2 100644 --- a/src/backend/bisheng/api/services/role_group_service.py +++ b/src/backend/bisheng/api/services/role_group_service.py @@ -3,7 +3,7 @@ from uuid import UUID from fastapi.encoders import jsonable_encoder -from fastapi import Request +from fastapi import Request, HTTPException from bisheng.api.services.assistant import AssistantService from bisheng.api.services.audit_log import AuditLogService @@ -16,7 +16,9 @@ from bisheng.database.models.group import Group, GroupCreate, GroupDao, GroupRead, DefaultGroup from bisheng.database.models.group_resource import GroupResourceDao, ResourceTypeEnum from bisheng.database.models.knowledge import KnowledgeDao +from bisheng.database.models.role import AdminRole from bisheng.database.models.user import User, UserDao +from bisheng.database.models.user_role import UserRoleDao from bisheng.database.models.user_group import UserGroupCreate, UserGroupDao, UserGroupRead from loguru import logger @@ -141,7 +143,7 @@ def insert_user_group(self, user_group: UserGroupCreate) -> UserGroupRead: def replace_user_groups(self, request: Request, login_user: UserPayload, user_id: int, group_ids: List[int]): """ 覆盖用户的所在的用户组 """ # 判断下被操作用户是否是超级管理员 - user_role_list = UserRoleDao.get_user_role(user_id) + user_role_list = UserRoleDao.get_user_roles(user_id) if any(one.role_id == AdminRole for one in user_role_list): raise HTTPException(status_code=500, detail='系统管理员不允许编辑') diff --git a/src/backend/bisheng/api/v1/user.py b/src/backend/bisheng/api/v1/user.py index d112d2db1..937478552 100644 --- a/src/backend/bisheng/api/v1/user.py +++ b/src/backend/bisheng/api/v1/user.py @@ -510,6 +510,8 @@ async def user_addrole(*, user_role_list = UserRoleDao.get_user_roles(user_role.user_id) if any(one.role_id == AdminRole for one in user_role_list): raise HTTPException(status_code=500, detail='系统管理员不允许编辑') + if any(one == AdminRole for one in user_role.role_id): + raise HTTPException(status_code=500, detail='不允许设置为系统管理员') if not login_user.is_admin(): # 判断拥有哪些用户组的管理权限 diff --git a/src/backend/bisheng/database/models/role.py b/src/backend/bisheng/database/models/role.py index da69dda3b..66f121688 100644 --- a/src/backend/bisheng/database/models/role.py +++ b/src/backend/bisheng/database/models/role.py @@ -47,14 +47,14 @@ class RoleDao(RoleBase): @classmethod def get_role_by_groups(cls, group: List[int], keyword: str = None, page: int = 0, limit: int = 0) -> List[Role]: """ - 获取用户组内的角色列表 + 获取用户组内的角色列表, 不包含系统管理员角色 params: group: 用户组ID列表 page: 页数 limit: 每页条数 return: 角色列表 """ - statement = select(Role) + statement = select(Role).where(Role.id > AdminRole) if group: statement = statement.where(Role.group_id.in_(group)) if keyword: @@ -69,7 +69,7 @@ def count_role_by_groups(cls, group: List[int], keyword: str = None) -> int: """ 统计用户组内的角色数量,参数如上 """ - statement = select(func.count(Role.id)) + statement = select(func.count(Role.id)).where(Role.id > AdminRole) if group: statement = statement.where(Role.group_id.in_(group)) if keyword: