From 615929dd438703de9965044bfb21d3cf9f0c3f22 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Mon, 7 Mar 2022 15:03:57 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=8F=AF=E4=BB=A5?= =?UTF-8?q?=E5=88=A0=E9=99=A4=E5=B7=B2=E5=85=B3=E8=81=94=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E8=A7=92=E8=89=B2=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/rbac/api/role.py | 3 +++ apps/rbac/api/rolebinding.py | 7 ++----- apps/rbac/urls/api_urls.py | 7 +++++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/apps/rbac/api/role.py b/apps/rbac/api/role.py index edb3ec07e..e679edf67 100644 --- a/apps/rbac/api/role.py +++ b/apps/rbac/api/role.py @@ -30,6 +30,9 @@ class RoleViewSet(JMSModelViewSet): if instance.builtin: error = _("Internal role, can't be destroy") raise PermissionDenied(error) + if instance.users.count() >= 1: + error = _("The role has been bound to users, can't be destroy") + raise PermissionDenied(error) return super().perform_destroy(instance) def perform_update(self, serializer): diff --git a/apps/rbac/api/rolebinding.py b/apps/rbac/api/rolebinding.py index 3e9165323..677ef30bf 100644 --- a/apps/rbac/api/rolebinding.py +++ b/apps/rbac/api/rolebinding.py @@ -44,11 +44,8 @@ class SystemRoleBindingViewSet(RoleBindingViewSet): role_qs = self.model.objects.filter(user=user) if role_qs.count() == 1: msg = _('{} at least one system role').format(user) - raise JMSException( - code='system_role_delete_error', - detail=msg - ) - super().perform_destroy(instance) + raise JMSException(code='system_role_delete_error', detail=msg) + return super().perform_destroy(instance) class OrgRoleBindingViewSet(RoleBindingViewSet): diff --git a/apps/rbac/urls/api_urls.py b/apps/rbac/urls/api_urls.py index a587354aa..5dc080930 100644 --- a/apps/rbac/urls/api_urls.py +++ b/apps/rbac/urls/api_urls.py @@ -9,11 +9,14 @@ app_name = 'rbac' router = BulkRouter() router.register(r'roles', api.RoleViewSet, 'role') -router.register(r'system-roles', api.SystemRoleViewSet, 'system-role') -router.register(r'org-roles', api.OrgRoleViewSet, 'org-role') router.register(r'role-bindings', api.RoleBindingViewSet, 'role-binding') + +router.register(r'system-roles', api.SystemRoleViewSet, 'system-role') router.register(r'system-role-bindings', api.SystemRoleBindingViewSet, 'system-role-binding') + +router.register(r'org-roles', api.OrgRoleViewSet, 'org-role') router.register(r'org-role-bindings', api.OrgRoleBindingViewSet, 'org-role-binding') + router.register(r'permissions', api.PermissionViewSet, 'permission') system_role_router = routers.NestedDefaultRouter(router, r'system-roles', lookup='system_role')