mirror of https://github.com/jumpserver/jumpserver
perf: 优化组织管理员不能更新系统管理员
parent
2981bfffb1
commit
59d964d57a
|
@ -17,11 +17,7 @@ class UserObjectPermission(permissions.BasePermission):
|
||||||
if view.action not in ['update', 'partial_update', 'destroy']:
|
if view.action not in ['update', 'partial_update', 'destroy']:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
user = request.user
|
if not request.user.is_superuser and obj.is_superuser:
|
||||||
if user.is_superuser:
|
return False
|
||||||
return True
|
|
||||||
|
|
||||||
system_admin_id = BuiltinRole.system_admin.id
|
return True
|
||||||
return system_admin_id not in [
|
|
||||||
str(r.id) for r in obj.system_roles.all()
|
|
||||||
]
|
|
||||||
|
|
|
@ -132,6 +132,7 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
|
||||||
"last_login", "date_updated" # 日期字段
|
"last_login", "date_updated" # 日期字段
|
||||||
]
|
]
|
||||||
fields_bool = [
|
fields_bool = [
|
||||||
|
"is_superuser",
|
||||||
"is_service_account", "is_valid",
|
"is_service_account", "is_valid",
|
||||||
"is_expired", "is_active", # 布尔字段
|
"is_expired", "is_active", # 布尔字段
|
||||||
"is_otp_secret_key_bound", "can_public_key_auth",
|
"is_otp_secret_key_bound", "can_public_key_auth",
|
||||||
|
|
Loading…
Reference in New Issue