diff --git a/apps/users/models/user.py b/apps/users/models/user.py index c6a689c7e..836e0b383 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -209,6 +209,11 @@ class RoleMixin: from orgs.models import ROLE as ORG_ROLE return [str(role.label) for role in self.org_roles if role in ORG_ROLE] + @lazyproperty + def org_roles_value_list(self): + from orgs.models import ROLE as ORG_ROLE + return [str(role.value) for role in self.org_roles if role in ORG_ROLE] + @lazyproperty def org_role_display(self): return ' | '.join(self.org_roles_label_list) diff --git a/apps/users/serializers/profile.py b/apps/users/serializers/profile.py index 3ba22ac7b..09ab50cc0 100644 --- a/apps/users/serializers/profile.py +++ b/apps/users/serializers/profile.py @@ -32,7 +32,7 @@ class UserUpdatePasswordSerializer(serializers.ModelSerializer): def validate_new_password(self, value): from ..utils import check_password_rules - if not check_password_rules(value, user=self.instance): + if not check_password_rules(value, is_org_admin=self.instance.is_org_admin): msg = _('Password does not match security rules') raise serializers.ValidationError(msg) if self.instance.is_history_password(value): diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py index e9010e1af..9298253e4 100644 --- a/apps/users/serializers/user.py +++ b/apps/users/serializers/user.py @@ -116,6 +116,18 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer): raise serializers.ValidationError(msg) return value + @property + def is_org_admin(self): + roles = [] + role = self.initial_data.get('role') + if role: + roles.append(role) + org_roles = self.initial_data.get('org_roles') + if org_roles: + roles.extend(org_roles) + is_org_admin = User.ROLE.ADMIN.value in roles + return is_org_admin + def validate_password(self, password): from ..utils import check_password_rules password_strategy = self.initial_data.get('password_strategy') @@ -125,7 +137,7 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer): if self.instance and not password: # 更新用户, 未设置密码 return - if not check_password_rules(password, user=self.instance): + if not check_password_rules(password, is_org_admin=self.is_org_admin): msg = _('Password does not match security rules') raise serializers.ValidationError(msg) return password diff --git a/apps/users/utils.py b/apps/users/utils.py index 8b77a3fa0..8c55a99e5 100644 --- a/apps/users/utils.py +++ b/apps/users/utils.py @@ -308,7 +308,7 @@ def get_password_check_rules(user): return check_rules -def check_password_rules(password, user): +def check_password_rules(password, is_org_admin=False): pattern = r"^" if settings.SECURITY_PASSWORD_UPPER_CASE: pattern += '(?=.*[A-Z])' @@ -319,7 +319,7 @@ def check_password_rules(password, user): if settings.SECURITY_PASSWORD_SPECIAL_CHAR: pattern += '(?=.*[`~!@#\$%\^&\*\(\)-=_\+\[\]\{\}\|;:\'\",\.<>\/\?])' pattern += '[a-zA-Z\d`~!@#\$%\^&\*\(\)-=_\+\[\]\{\}\|;:\'\",\.<>\/\?]' - if user.is_org_admin: + if is_org_admin: min_length = settings.SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH else: min_length = settings.SECURITY_PASSWORD_MIN_LENGTH diff --git a/apps/users/views/profile/reset.py b/apps/users/views/profile/reset.py index 46d09ab7e..793322cc9 100644 --- a/apps/users/views/profile/reset.py +++ b/apps/users/views/profile/reset.py @@ -101,7 +101,7 @@ class UserResetPasswordView(FormView): return self.form_invalid(form) password = form.cleaned_data['new_password'] - is_ok = check_password_rules(password, user) + is_ok = check_password_rules(password, is_org_admin=user.is_org_admin) if not is_ok: error = _('* Your password does not meet the requirements') form.add_error('new_password', error)