feat: block deactivating user who is tenant contact

2026-03-25 17:14:11 +08:00
parent 1856c55c04
commit 1794f8f209
2 changed files with 25 additions and 0 deletions
--- a/api/app/services/user_service.py
+++ b/api/app/services/user_service.py
@@ -250,6 +250,20 @@ def deactivate_user(db: Session, user_id_to_deactivate: uuid.UUID, current_user:
                    }
                )

+        # 检查是否为租户联系人
+        from app.models.tenant_model import Tenants
+        tenant = db.query(Tenants).filter(Tenants.id == db_user.tenant_id).first()
+        if tenant and tenant.contact_email and tenant.contact_email == db_user.email:
+            business_logger.warning(f"尝试停用租户联系人: {db_user.email}, tenant_id={db_user.tenant_id}")
+            raise BusinessException(
+                "该管理员是租户联系人，请先在租户信息中更换联系邮箱，再禁用此管理员",
+                code=BizCode.FORBIDDEN,
+                context={
+                    "user_id": str(user_id_to_deactivate),
+                    "tenant_id": str(db_user.tenant_id)
+                }
+            )
+
        # 停用用户
        business_logger.debug(f"执行用户停用: {db_user.username} (ID: {user_id_to_deactivate})")
        db_user.is_active = False