From 92172c6ec895092c7ff6517d6f43a35ffbbdb09f Mon Sep 17 00:00:00 2001
From: seaislee1209 <seaislee129@gmail.com>
Date: Sat, 28 Mar 2026 21:15:05 +0800
Subject: [PATCH] fix: handle missing LoginProfile in disable/enable/edit

- Skip LoginProfile operations when user has no console password
- Only send non-empty fields to Volcengine UpdateUser API
- Fixes enable_user crash for users created without password

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 backend/apps/monitor/views.py |  7 ++++---
 backend/utils/iam_service.py  | 28 ++++++++++++++++++++--------
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/backend/apps/monitor/views.py b/backend/apps/monitor/views.py
index 3799f00..34db3f3 100644
--- a/backend/apps/monitor/views.py
+++ b/backend/apps/monitor/views.py
@@ -467,11 +467,12 @@ def iam_user_edit_profile_view(request, pk):
     sk = decrypt(account.secret_key_enc)
     iam = IAMService(ak, sk)
 
+    # Only pass non-empty values to Volcengine (empty strings are rejected)
     try:
         iam.update_user(user.username,
-                        display_name=display_name,
-                        email=email,
-                        phone=phone)
+                        display_name=display_name if display_name else None,
+                        email=email if email else None,
+                        phone=phone if phone else None)
     except VolcengineAPIError as e:
         return Response({'message': f'火山 API 更新失败: {e}'},
                         status=status.HTTP_400_BAD_REQUEST)
diff --git a/backend/utils/iam_service.py b/backend/utils/iam_service.py
index f2858f1..3bb63d2 100644
--- a/backend/utils/iam_service.py
+++ b/backend/utils/iam_service.py
@@ -197,14 +197,25 @@ class IAMService:
         except VolcengineAPIError:
             pass
 
+    def _has_login_profile(self, username: str) -> bool:
+        """检查用户是否有 LoginProfile"""
+        try:
+            self.get_login_profile(username)
+            return True
+        except VolcengineAPIError as e:
+            if "LoginProfileNotExist" in str(e) or "RecordNotFound" in str(e):
+                return False
+            raise
+
     def disable_user(self, username: str):
         """完全停用用户：停控制台 + 停所有 AccessKey"""
         errors = []
 
-        try:
-            self.update_login_allowed(username, False)
-        except VolcengineAPIError as e:
-            errors.append(f"停用控制台失败: {e}")
+        if self._has_login_profile(username):
+            try:
+                self.update_login_allowed(username, False)
+            except VolcengineAPIError as e:
+                errors.append(f"停用控制台失败: {e}")
 
         try:
             keys = self.list_access_keys(username)
@@ -221,10 +232,11 @@ class IAMService:
         """恢复用户：恢复控制台 + 恢复所有 AccessKey"""
         errors = []
 
-        try:
-            self.update_login_allowed(username, True)
-        except VolcengineAPIError as e:
-            errors.append(f"恢复控制台失败: {e}")
+        if self._has_login_profile(username):
+            try:
+                self.update_login_allowed(username, True)
+            except VolcengineAPIError as e:
+                errors.append(f"恢复控制台失败: {e}")
 
         try:
             keys = self.list_access_keys(username)