feat: 禁止编辑系统管理员的角色和用户组

dataelement · Jun 27, 2024 · a4b4609 · a4b4609
1 parent 027cf69
commit a4b4609
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/src/backend/bisheng/api/services/role_group_service.py b/src/backend/bisheng/api/services/role_group_service.py
@@ -115,6 +115,11 @@ def insert_user_group(self, user_group: UserGroupCreate) -> UserGroupRead:
 
     def replace_user_groups(self, request: Request, login_user: UserPayload, user_id: int, group_ids: List[int]):
         """ 覆盖用户的所在的用户组 """
+        # 判断下被操作用户是否是超级管理员
+        user_role_list = UserRoleDao.get_user_role(user_id)
+        if any(one.role_id == AdminRole for one in user_role_list):
+            raise HTTPException(status_code=500, detail='系统管理员不允许编辑')
+
         # 获取用户之前的所有分组
         old_group = UserGroupDao.get_user_group(user_id)
         old_group = [one.group_id for one in old_group]

diff --git a/src/backend/bisheng/api/v1/user.py b/src/backend/bisheng/api/v1/user.py
@@ -506,6 +506,10 @@ async def user_addrole(*,
     # 获取用户的之前的角色列表
     old_roles = UserRoleDao.get_user_roles(user_role.user_id)
     old_roles = [one.role_id for one in old_roles]
+    # 判断下被编辑角色是否是超级管理员，超级管理员不允许编辑
+    user_role_list = UserRoleDao.get_user_roles(user_role.user_id)
+    if any(one.role_id == AdminRole for one in user_role_list):
+        raise HTTPException(status_code=500, detail='系统管理员不允许编辑')
 
     if not login_user.is_admin():
         # 判断拥有哪些用户组的管理权限
@@ -593,6 +597,8 @@ async def access_refresh(*, request: Request, data: RoleRefresh, login_user: Use
     db_role = RoleDao.get_role_by_id(data.role_id)
     if not db_role:
         raise HTTPException(status_code=500, detail='角色不存在')
+    if db_role.id == AdminRole:
+        raise HTTPException(status_code=500, detail='系统管理员不允许编辑')
 
     if not login_user.check_group_admin(db_role.group_id):
         return UnAuthorizedError.return_resp()

diff --git a/src/backend/bisheng/database/models/role.py b/src/backend/bisheng/database/models/role.py
@@ -54,7 +54,7 @@ def get_role_by_groups(cls, group: List[int], keyword: str = None, page: int = 0
             limit: 每页条数
         return: 角色列表
         """
-        statement = select(Role).where(Role.id > 1)
+        statement = select(Role)
         if group:
             statement = statement.where(Role.group_id.in_(group))
         if keyword:
@@ -69,7 +69,7 @@ def count_role_by_groups(cls, group: List[int], keyword: str = None) -> int:
         """
         统计用户组内的角色数量，参数如上
         """
-        statement = select(func.count(Role.id)).where(Role.id > 1)
+        statement = select(func.count(Role.id))
         if group:
             statement = statement.where(Role.group_id.in_(group))
         if keyword: