| 638 | |
| 639 | |
| 640 | def update_user_role(instance, user, user_id=None): |
| 641 | workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping") |
| 642 | if workspace_user_role_mapping_model: |
| 643 | role_setting = instance.get('role_setting') |
| 644 | license_is_valid = DatabaseModelManage.get_model('license_is_valid') or (lambda: False) |
| 645 | license_is_valid = license_is_valid() if license_is_valid() is not None else False |
| 646 | if not role_setting or (len(role_setting) == 1 |
| 647 | and role_setting[0].get('role_id') == '' |
| 648 | and len(role_setting[0].get('workspace_ids', [])) == 0): |
| 649 | if not license_is_valid: |
| 650 | workspace_user_role_mapping_model.objects.create( |
| 651 | id=uuid.uuid7(), |
| 652 | user_id=user.id, |
| 653 | role_id=RoleConstants.USER.name, |
| 654 | workspace_id='default' |
| 655 | ) |
| 656 | return |
| 657 | |
| 658 | is_admin = workspace_user_role_mapping_model.objects.filter(user_id=user_id, |
| 659 | role_id=RoleConstants.ADMIN.name).exists() |
| 660 | |
| 661 | if str(user.id) == 'f0dd8f71-e4ee-11ee-8c84-a8a1595801ab': |
| 662 | # 需要判断当前角色的权限 不能删除系统管理员 空间管理员 普通管理员等角色 |
| 663 | # role_setting是一个数组 结构式 [{role_id:1,workspace_ids:[1,2]}] |
| 664 | # 如果role_id不包含ADMIN 就直接报错 如果WORKSPACE_MANAGE 或者USER 必须判断workspace_ids是否包含默认工作空间 不包含就报错 |
| 665 | admin_role_id = RoleConstants.ADMIN.name |
| 666 | workspace_manage_role_id = RoleConstants.WORKSPACE_MANAGE.name |
| 667 | # 判断内置的三个角色是不是不在 |
| 668 | current_role_ids = {item['role_id'] for item in role_setting} |
| 669 | initial_role = [admin_role_id, workspace_manage_role_id, RoleConstants.USER.name] |
| 670 | if not set(initial_role).issubset(current_role_ids): |
| 671 | raise AppApiException(1004, _("Cannot delete built-in role")) |
| 672 | |
| 673 | if not any(item['role_id'] == str(admin_role_id) for item in role_setting): |
| 674 | raise AppApiException(1004, _("Cannot delete built-in role")) |
| 675 | |
| 676 | # 验证 WORKSPACE_MANAGE 或 USER 是否包含默认工作空间 |
| 677 | default_workspace_id = 'default' |
| 678 | |
| 679 | for item in role_setting: |
| 680 | role_id = item['role_id'] |
| 681 | workspace_ids = item.get('workspace_ids', []) |
| 682 | |
| 683 | if role_id == str(workspace_manage_role_id) or role_id == str(RoleConstants.USER.value): |
| 684 | if default_workspace_id not in workspace_ids: |
| 685 | raise AppApiException(1004, _("Cannot delete built-in role")) |
| 686 | if is_admin: |
| 687 | workspace_user_role_mapping_model.objects.filter(user_id=user.id).delete() |
| 688 | else: |
| 689 | workspace_user_role_mapping_model.objects.filter(user_id=user.id).exclude( |
| 690 | role__type=RoleConstants.ADMIN.name).delete() |
| 691 | |
| 692 | relations = set() |
| 693 | for item in role_setting: |
| 694 | role_id = item['role_id'] |
| 695 | workspace_ids = item['workspace_ids'] if item['workspace_ids'] else ['None'] |
| 696 | for workspace_id in workspace_ids: |
| 697 | relations.add((role_id, workspace_id)) |