MCPcopy
hub / github.com/1Panel-dev/MaxKB / update_user_role

Function update_user_role

apps/users/serializers/user.py:640–708  ·  view source on GitHub ↗
(instance, user, user_id=None)

Source from the content-addressed store, hash-verified

638
639
640def update_user_role(instance, user, user_id=None):
641 workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
642 if workspace_user_role_mapping_model:
643 role_setting = instance.get('role_setting')
644 license_is_valid = DatabaseModelManage.get_model('license_is_valid') or (lambda: False)
645 license_is_valid = license_is_valid() if license_is_valid() is not None else False
646 if not role_setting or (len(role_setting) == 1
647 and role_setting[0].get('role_id') == ''
648 and len(role_setting[0].get('workspace_ids', [])) == 0):
649 if not license_is_valid:
650 workspace_user_role_mapping_model.objects.create(
651 id=uuid.uuid7(),
652 user_id=user.id,
653 role_id=RoleConstants.USER.name,
654 workspace_id='default'
655 )
656 return
657
658 is_admin = workspace_user_role_mapping_model.objects.filter(user_id=user_id,
659 role_id=RoleConstants.ADMIN.name).exists()
660
661 if str(user.id) == 'f0dd8f71-e4ee-11ee-8c84-a8a1595801ab':
662 # 需要判断当前角色的权限 不能删除系统管理员 空间管理员 普通管理员等角色
663 # role_setting是一个数组 结构式 [{role_id:1,workspace_ids:[1,2]}]
664 # 如果role_id不包含ADMIN 就直接报错 如果WORKSPACE_MANAGE 或者USER 必须判断workspace_ids是否包含默认工作空间 不包含就报错
665 admin_role_id = RoleConstants.ADMIN.name
666 workspace_manage_role_id = RoleConstants.WORKSPACE_MANAGE.name
667 # 判断内置的三个角色是不是不在
668 current_role_ids = {item['role_id'] for item in role_setting}
669 initial_role = [admin_role_id, workspace_manage_role_id, RoleConstants.USER.name]
670 if not set(initial_role).issubset(current_role_ids):
671 raise AppApiException(1004, _("Cannot delete built-in role"))
672
673 if not any(item['role_id'] == str(admin_role_id) for item in role_setting):
674 raise AppApiException(1004, _("Cannot delete built-in role"))
675
676 # 验证 WORKSPACE_MANAGE 或 USER 是否包含默认工作空间
677 default_workspace_id = 'default'
678
679 for item in role_setting:
680 role_id = item['role_id']
681 workspace_ids = item.get('workspace_ids', [])
682
683 if role_id == str(workspace_manage_role_id) or role_id == str(RoleConstants.USER.value):
684 if default_workspace_id not in workspace_ids:
685 raise AppApiException(1004, _("Cannot delete built-in role"))
686 if is_admin:
687 workspace_user_role_mapping_model.objects.filter(user_id=user.id).delete()
688 else:
689 workspace_user_role_mapping_model.objects.filter(user_id=user.id).exclude(
690 role__type=RoleConstants.ADMIN.name).delete()
691
692 relations = set()
693 for item in role_setting:
694 role_id = item['role_id']
695 workspace_ids = item['workspace_ids'] if item['workspace_ids'] else ['None']
696 for workspace_id in workspace_ids:
697 relations.add((role_id, workspace_id))

Callers 2

saveMethod · 0.85
editMethod · 0.85

Calls 5

AppApiExceptionClass · 0.90
get_modelMethod · 0.45
getMethod · 0.45
deleteMethod · 0.45
addMethod · 0.45

Tested by

no test coverage detected