1.每个 user 只能有 1 个 role

2.只有 admin 帐号才能是 admin role, 且 admin 帐号只能是 admin role

web/src/main/java/cn/reghao/devops/web/admin/account/controller/UserController.java

@@ -86,8 +86,8 @@ public class UserController {
     @PreAuthorize("hasRole('ROLE_ADMIN')")
     @PostMapping(value = "/role", produces = MediaType.APPLICATION_JSON_VALUE)
     public String assignRole(@Validated AccountRole accountRole) {
-        accountService.updateAccountRole(accountRole);
-        return WebResult.success();
+        Result result = accountService.updateAccountRole(accountRole);
+        return WebResult.result(result);
     }
 
     @ApiOperation(value = "启用/禁用用户")

web/src/main/java/cn/reghao/devops/web/admin/account/model/dto/AccountRole.java

@@ -3,18 +3,18 @@ package cn.reghao.devops.web.admin.account.model.dto;
 import cn.reghao.devops.web.admin.account.model.po.Role;
 import lombok.Data;
 
-import javax.validation.constraints.Size;
-import java.io.Serializable;
-import java.util.Set;
+import javax.validation.constraints.NotNull;
 
 /**
  * @author reghao
  * @date 2021-07-14 09:37:16
  */
 @Data
-public class AccountRole implements Serializable {
-    private static final long serialVersionUID = 1L;
+public class AccountRole {
+    @NotNull
     private Integer userId;
-    @Size(min = 1, max = 3, message = "用户可拥有 1~3 个角色")
-    private Set<Role> roles;
+    //@Size(min = 1, max = 1, message = "用户有且只能有 1 个角色")
+    //private Set<Role> roles;
+    @NotNull
+    private Role role;
 }

web/src/main/java/cn/reghao/devops/web/admin/account/model/dto/CreateAccountDto.java

@@ -4,8 +4,7 @@ import lombok.Getter;
 import lombok.Setter;
 
 import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.Size;
-import java.util.Set;
+import javax.validation.constraints.NotNull;
 
 /**
  * @author reghao
@@ -20,13 +19,13 @@ public class CreateAccountDto {
     private String screenName;
     @NotBlank(message = "必须指定登录密码")
     private String password;
-    @Size(min = 1, max = 3, message = "用户可拥有 1~3 个角色")
-    private Set<Integer> roleId;
+    @NotNull
+    private Integer roleId;
 
     public CreateAccountDto(String username, String password, int roleId) {
         this.username = username;
         this.screenName = username;
         this.password = password;
-        this.roleId = Set.of(roleId);
+        this.roleId = roleId;
     }
 }

web/src/main/java/cn/reghao/devops/web/admin/account/service/AccountService.java

@@ -19,7 +19,7 @@ public interface AccountService {
     Result createAccount(CreateAccountDto createAccountDto);
     void updateAccountPassword(Integer userId, String newPassword);
     void updateAccountProfile(AccountProfile accountProfile);
-    void updateAccountRole(AccountRole accountRole);
+    Result updateAccountRole(AccountRole accountRole);
     void updateAccountStatus(Integer userId, Boolean enable);
     Result deleteAccount(Integer userId);
     Page<UserVO> getUserVOByPage(PageRequest pageRequest);

web/src/main/java/cn/reghao/devops/web/admin/account/service/impl/AccountServiceImpl.java

@@ -2,6 +2,7 @@ package cn.reghao.devops.web.admin.account.service.impl;
 
 import cn.reghao.devops.web.admin.account.db.repository.RoleRepository;
 import cn.reghao.devops.web.admin.account.db.repository.UserRepository;
+import cn.reghao.devops.web.admin.account.model.constant.RoleType;
 import cn.reghao.devops.web.admin.account.model.dto.CreateAccountDto;
 import cn.reghao.devops.web.admin.account.model.po.Role;
 import cn.reghao.devops.web.admin.account.model.vo.UserVO;
@@ -47,21 +48,23 @@ public class AccountServiceImpl implements AccountService {
 
     @Override
     public Result createAccount(CreateAccountDto createAccountDto) {
-        Set<Integer> roleIds = createAccountDto.getRoleId();
-        List<Role> roles = roleRepository.findAllById(roleIds);
-        if (roles.isEmpty()) {
+        int roleId = createAccountDto.getRoleId();
+        Role role = roleRepository.findById(roleId).orElse(null);
+        if (role == null) {
             return Result.fail("role 不存在");
         }
 
+        if (role.getName().equals(RoleType.ROLE_ADMIN.name())) {
+            return Result.fail("只有 admin 用户才能拥有 admin role");
+        }
+
         String username = createAccountDto.getUsername();
         User user = userRepository.findByUsername(username);
         if (user == null) {
             String password = createAccountDto.getPassword();
             String salt = RandomString.getSalt(64);
             String encodedPassword = passwordEncoder.encode(password + salt);
-
-            Set<String> userRoles = roles.stream().map(Role::getName).collect(Collectors.toSet());
-            user = new User(username, encodedPassword, salt, userRoles);
+            user = new User(username, encodedPassword, salt, Set.of(role.getName()));
             userRepository.save(user);
             return Result.success();
         }
@@ -100,17 +103,27 @@ public class AccountServiceImpl implements AccountService {
     }
 
     @Override
-    public void updateAccountRole(AccountRole accountRole) {
+    public Result updateAccountRole(AccountRole accountRole) {
         int userId = accountRole.getUserId();
+        if (userId == 1) {
+            return Result.fail("admin 用户的 role 只能是 admin, 不能更改");
+        }
+
         User userEntity = userRepository.findById(userId).orElse(null);
         if (userEntity == null) {
-            return;
+            return Result.fail("用户不存在");
         }
 
-        Set<String> roles = accountRole.getRoles().stream().map(Role::getName).collect(Collectors.toSet());
-        userEntity.setRole(roles);
+        Role role = accountRole.getRole();
+        if (role.getName().equals(RoleType.ROLE_ADMIN.name())) {
+            return Result.fail("只有 admin 用户才能拥有 admin role");
+        }
+
+        userEntity.getRole().clear();
+        userEntity.getRole().add(role.getName());
         userRepository.save(userEntity);
         accountSessionService.deactiveSession(userEntity);
+        return Result.success();
     }
 
     @Override