diff --git a/config/src/test/java/com/alibaba/nacos/config/server/service/repository/extrnal/ExternalConfigInfoPersistServiceImplTest.java b/config/src/test/java/com/alibaba/nacos/config/server/service/repository/extrnal/ExternalConfigInfoPersistServiceImplTest.java index eb2cca3101..30952101a7 100644 --- a/config/src/test/java/com/alibaba/nacos/config/server/service/repository/extrnal/ExternalConfigInfoPersistServiceImplTest.java +++ b/config/src/test/java/com/alibaba/nacos/config/server/service/repository/extrnal/ExternalConfigInfoPersistServiceImplTest.java @@ -1307,8 +1307,7 @@ void testBuildFindConfigInfoStateSql() { TableConstant.CONFIG_INFO); String select = configInfoMapper.select(Arrays.asList("id", "data_id", "group_id", "tenant_id", "gmt_modified"), Arrays.asList("data_id", "group_id", "tenant_id")); - assertEquals( - "SELECT id,data_id,group_id,tenant_id,gmt_modified FROM config_info WHERE data_id = ? AND group_id = ? AND tenant_id = ?", + assertEquals("SELECT id,data_id,group_id,tenant_id,gmt_modified FROM config_info WHERE data_id = ? AND group_id = ? AND tenant_id = ?", select); } diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java index e2907d1a37..22d6f8e74b 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java @@ -236,6 +236,12 @@ public void addRole(String role, String username) { throw new IllegalArgumentException( "role '" + AuthConstants.GLOBAL_ADMIN_ROLE + "' is not permitted to create!"); } + + if (isUserBoundToRole(role, username)) { + throw new IllegalArgumentException( + "user '" + username + "' already bound to the role '" + role + "'!"); + } + rolePersistService.addRole(role, username); roleSet.add(role); } @@ -394,5 +400,23 @@ public Result isDuplicatePermission(String role, String resource, Strin } return Result.success(Boolean.FALSE); } + + /** + * judge whether the user is already bound to the role. + * + * @param role role name + * @param username user name + * @return true if the user is already bound to the role. + */ + public boolean isUserBoundToRole(String role, String username) { + Page roleInfoPage = rolePersistService.getRolesByUserNameAndRoleName(username, + role, DEFAULT_PAGE_NO, 1); + if (roleInfoPage == null) { + return false; + } + List roleInfos = roleInfoPage.getPageItems(); + return CollectionUtils.isNotEmpty(roleInfos) && roleInfos.stream() + .anyMatch(roleInfo -> role.equals(roleInfo.getRole())); + } } diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java b/plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java index 5405b9ce52..7e91431ad7 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java @@ -218,4 +218,15 @@ void duplicatePermission() { when(spy.getPermissions("admin")).thenReturn(permissionInfos); spy.isDuplicatePermission("admin", "test", "r"); } + + @Test + void isUserBoundToRole() { + String role = "TEST"; + String userName = "nacos"; + assertFalse(nacosRoleService.isUserBoundToRole("", userName)); + assertFalse(nacosRoleService.isUserBoundToRole(role, "")); + assertFalse(nacosRoleService.isUserBoundToRole("", null)); + assertFalse(nacosRoleService.isUserBoundToRole(null, "")); + assertFalse(nacosRoleService.isUserBoundToRole(role, userName)); + } }