Browse Source

fix: 添加用户不能自更新字段逻辑 & 修复用户is_active创建失败的问题

fix: 添加用户不能自更新字段逻辑 & 修复用户is_active创建失败的问题

fix: 添加用户不能自更新字段逻辑 & 修复用户is_active创建失败的问题
pull/8007/head
Jiangjie.Bai 3 years ago committed by Jiangjie.Bai
parent
commit
73cb5e10b4
  1. 28
      apps/users/serializers/user.py

28
apps/users/serializers/user.py

@ -133,6 +133,7 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
'date_joined', 'last_login', 'created_by', 'is_first_login', 'date_joined', 'last_login', 'created_by', 'is_first_login',
'wecom_id', 'dingtalk_id', 'feishu_id' 'wecom_id', 'dingtalk_id', 'feishu_id'
] ]
disallow_self_update_fields = ['is_active']
extra_kwargs = { extra_kwargs = {
'password': {'write_only': True, 'required': False, 'allow_null': True, 'allow_blank': True}, 'password': {'write_only': True, 'required': False, 'allow_null': True, 'allow_blank': True},
'public_key': {'write_only': True}, 'public_key': {'write_only': True},
@ -181,7 +182,23 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
attrs.pop(field, None) attrs.pop(field, None)
return attrs return attrs
def check_disallow_self_update_fields(self, attrs):
request = self.context.get('request')
if not request or not request.user.is_authenticated:
return attrs
if not self.instance:
return attrs
if request.user.id != self.instance.id:
return attrs
disallow_fields = set(list(attrs.keys())) & set(self.Meta.disallow_self_update_fields)
if not disallow_fields:
return attrs
# 用户自己不能更新自己的一些字段
error = 'User Cannot self-update fields: {}'.format(disallow_fields)
raise serializers.ValidationError(error)
def validate(self, attrs): def validate(self, attrs):
attrs = self.check_disallow_self_update_fields(attrs)
attrs = self.change_password_to_raw(attrs) attrs = self.change_password_to_raw(attrs)
attrs = self.clean_auth_fields(attrs) attrs = self.clean_auth_fields(attrs)
attrs.pop('password_strategy', None) attrs.pop('password_strategy', None)
@ -206,17 +223,6 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
field.set(value) field.set(value)
return instance return instance
def validate_is_active(self, is_active):
request = self.context.get('request')
if not request or not request.user.is_authenticated:
return is_active
user = request.user
if user.id == self.instance.id and not is_active:
# 用户自己不能禁用启用自己
raise serializers.ValidationError("Cannot inactive self")
return is_active
def update(self, instance, validated_data): def update(self, instance, validated_data):
save_handler = partial(super().update, instance) save_handler = partial(super().update, instance)
instance = self.save_and_set_custom_m2m_fields(validated_data, save_handler, created=False) instance = self.save_and_set_custom_m2m_fields(validated_data, save_handler, created=False)

Loading…
Cancel
Save