perf: 优化组织管理员不能更新系统管理员

apps/users/permissions.py

@@ -17,11 +17,7 @@ class UserObjectPermission(permissions.BasePermission):
         if view.action not in ['update', 'partial_update', 'destroy']:
             return True
 
-        user = request.user
-        if user.is_superuser:
-            return True
+        if not request.user.is_superuser and obj.is_superuser:
+            return False
 
-        system_admin_id = BuiltinRole.system_admin.id
-        return system_admin_id not in [
-            str(r.id) for r in obj.system_roles.all()
-        ]
+        return True

apps/users/serializers/user.py

@@ -132,6 +132,7 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
             "last_login", "date_updated"  # 日期字段
         ]
         fields_bool = [
+            "is_superuser",
             "is_service_account", "is_valid",
             "is_expired", "is_active",  # 布尔字段
             "is_otp_secret_key_bound", "can_public_key_auth",