fix: 修复可以删除已关联用户角色的问题

apps/rbac/api/role.py

@@ -30,6 +30,9 @@ class RoleViewSet(JMSModelViewSet):
         if instance.builtin:
             error = _("Internal role, can't be destroy")
             raise PermissionDenied(error)
+        if instance.users.count() >= 1:
+            error = _("The role has been bound to users, can't be destroy")
+            raise PermissionDenied(error)
         return super().perform_destroy(instance)
 
     def perform_update(self, serializer):

apps/rbac/api/rolebinding.py

@@ -44,11 +44,8 @@ class SystemRoleBindingViewSet(RoleBindingViewSet):
         role_qs = self.model.objects.filter(user=user)
         if role_qs.count() == 1:
             msg = _('{} at least one system role').format(user)
-            raise JMSException(
+            raise JMSException(code='system_role_delete_error', detail=msg)
-                code='system_role_delete_error',
+        return super().perform_destroy(instance)
-                detail=msg
-            )
-        super().perform_destroy(instance)
 
 
 class OrgRoleBindingViewSet(RoleBindingViewSet):

apps/rbac/urls/api_urls.py

@@ -9,11 +9,14 @@ app_name = 'rbac'
 
 router = BulkRouter()
 router.register(r'roles', api.RoleViewSet, 'role')
-router.register(r'system-roles', api.SystemRoleViewSet, 'system-role')
-router.register(r'org-roles', api.OrgRoleViewSet, 'org-role')
 router.register(r'role-bindings', api.RoleBindingViewSet, 'role-binding')
+
+router.register(r'system-roles', api.SystemRoleViewSet, 'system-role')
 router.register(r'system-role-bindings', api.SystemRoleBindingViewSet, 'system-role-binding')
+
+router.register(r'org-roles', api.OrgRoleViewSet, 'org-role')
 router.register(r'org-role-bindings', api.OrgRoleBindingViewSet, 'org-role-binding')
+
 router.register(r'permissions', api.PermissionViewSet, 'permission')
 
 system_role_router = routers.NestedDefaultRouter(router, r'system-roles', lookup='system_role')