perf: user cannot delete self (#16562)

* perf: Translate * perf: Translate AccountExportTips * perf: user cannot delete self --------- Co-authored-by: wangruidong <940853815@qq.com>
2026-02-21 14:32:45 +00:00 · 2026-01-21 16:53:47 +08:00
parent 64ad6c5925
commit a3f6de293b
3 changed files with 253 additions and 129 deletions
--- a/apps/i18n/core/zh/LC_MESSAGES/django.po
+++ b/apps/i18n/core/zh/LC_MESSAGES/django.po
--- a/apps/i18n/lina/zh.json
+++ b/apps/i18n/lina/zh.json
@@ -31,7 +31,7 @@
    "AccountDiscoverTask": "账号发现",
    "AccountDiscoverTaskCreate": "创建发现帐户任务",
    "AccountDiscoverTaskUpdate": "更新发现帐户任务",
-    "AccountExportTips": "导出信息中包含账号密文涉及敏感信息，导出的格式为一个加密的zip文件（若没有设置加密密码，请前往右上角 个人设置 → 偏好设置 中进行进行设置）。",
+    "AccountExportTips": "导出信息中包含账号密文涉及敏感信息，导出的格式为一个加密的zip文件（若没有设置加密密码，请前往右上角 个人设置 → 偏好设置 中进行设置）。",
    "AccountList": "账号管理",
    "AccountOverview": "账号概览",
    "AccountPasswordChangeTrends": "账号改密趋势",
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -10,7 +10,7 @@ from rest_framework_bulk.generics import BulkModelViewSet

 from common.api import CommonApiMixin, SuggestionMixin
 from common.drf.filters import AttrRulesFilterBackend
-from common.utils import get_logger, is_uuid
+from common.utils import get_logger
 from orgs.utils import current_org, tmp_to_root_org
 from rbac.models import Role, RoleBinding
 from rbac.permissions import RBACPermission
@@ -60,6 +60,8 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, SuggestionMixin, BulkModelV
        return True

    def perform_destroy(self, instance):
+        if instance.username == self.request.user.username:
+            raise PermissionDenied(_("You cannot delete yourself. Please disable it instead."))
        if instance.username == 'admin':
            raise PermissionDenied(_("Cannot delete the admin user. Please disable it instead."))
        super().perform_destroy(instance)