feat:(REQ-3010) 迁移pudge接口

tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasRoleApi.java

@@ -3,6 +3,7 @@ package cn.axzo.tyr.client.feign;
 import cn.axzo.tyr.client.model.permission.IdentityAndAccountResp;
 import cn.axzo.tyr.client.model.permission.WorkspaceGrantAdminRoleByPhoneReq;
 import cn.axzo.tyr.client.model.permission.WorkspaceGrantAdminRoleReq;
+import cn.axzo.tyr.client.model.req.UpdateUserJobReq;
 import cn.azxo.framework.common.model.CommonResponse;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.validation.annotation.Validated;
@@ -36,4 +37,7 @@ public interface SaasRoleApi {
 	 */
 	@PostMapping("api/saas/role/grantAdminRoleByPhone")
 	CommonResponse<List<IdentityAndAccountResp>> grantAdminRoleByPhone(@RequestBody @Valid List<WorkspaceGrantAdminRoleByPhoneReq> req);
+
+	@PostMapping("api/saas/role/user/update")
+	CommonResponse<Boolean> updateUserRole(@RequestBody @Valid UpdateUserJobReq req);
 }

tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/SaasJobTypeEnum.java

@@ -0,0 +1,45 @@
+package cn.axzo.tyr.client.model.enums;
+
+import com.baomidou.mybatisplus.annotation.EnumValue;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonValue;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+import java.util.Arrays;
+
+/**
+ * @author tanjie@axzo.cn
+ * @date 2022/10/10 10:50
+ */
+@Getter
+@RequiredArgsConstructor
+public enum SaasJobTypeEnum {
+    //主岗
+    MASTER_JOB(1,"岗位"),
+    //兼岗
+    SLAVE_JOB(2,"协助岗位");
+    @EnumValue
+    @JsonValue
+    private Integer value;
+    private String desc;
+
+
+    SaasJobTypeEnum(Integer value, String desc) {
+        this.value = value;
+        this.desc = desc;
+    }
+
+    @JsonCreator(mode = JsonCreator.Mode.DELEGATING)
+    public static SaasJobTypeEnum create(Integer value){
+        return match(value);
+    }
+
+    public static SaasJobTypeEnum match(Integer saasJobType) {
+        return Arrays.stream(values()).filter(e -> e.getValue().equals(saasJobType)).findFirst().get();
+    }
+
+    public boolean isMaster() {
+        return value.equals(MASTER_JOB.getValue());
+    }
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/UpdateUserJobReq.java

@@ -0,0 +1,50 @@
+package cn.axzo.tyr.client.model.req;
+
+import cn.axzo.basics.profiles.common.enums.IdentityType;
+import cn.axzo.tyr.client.model.enums.SaasJobTypeEnum;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import java.util.Set;
+
+/**
+ * @author cn
+ * @version 1.0
+ * @description
+ * @date 2022/10/14 11:44
+ */
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode
+public class UpdateUserJobReq {
+
+    @NotNull
+    @Min(value = 1)
+    private Long workspaceId;
+    @NotNull
+    @Min(value = 1)
+    private Long identityId;
+    @NotNull
+    private IdentityType identityType;
+    @NotNull
+    @Min(value = 1)
+    private Long ouId;
+    @NotEmpty
+    private Set<RoleReq> roles;
+
+    @Getter
+    @Setter
+    @ToString
+    @EqualsAndHashCode
+    public static class RoleReq {
+        private String roleCode;
+        private Long roleId;
+        private SaasJobTypeEnum jobType;
+    }
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/WorkspaceUpdateUserRoleDTO.java

@@ -0,0 +1,46 @@
+package cn.axzo.tyr.client.model.req;
+
+import cn.axzo.basics.profiles.common.enums.IdentityType;
+import cn.axzo.tyr.client.model.enums.SaasJobTypeEnum;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+@Builder
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class WorkspaceUpdateUserRoleDTO {
+
+	/**
+	 * 工作台id，与context校验
+	 */
+	private Long workspaceId;
+
+	/**
+	 * 单位id : 必填
+	 */
+	private Long ouId;
+
+	/**
+	 * 被赋予角色的人的身份id
+	 */
+	private Long identityId;
+
+	/**
+	 * 被赋予角色的人的身份类型
+	 */
+	private IdentityType identityType;
+
+	/**
+	 * 完整的update，之前的所有RoleId都被更新
+	 */
+	private List<Long> updateRoleIds;
+
+
+	private SaasJobTypeEnum jobType = SaasJobTypeEnum.SLAVE_JOB;
+
+}

tyr-server/src/main/java/cn/axzo/tyr/server/common/util/NumUtil.java

@@ -0,0 +1,49 @@
+package cn.axzo.tyr.server.common.util;
+
+import java.util.List;
+
+public class NumUtil {
+
+	public static boolean equals(Long a, Long b) {
+		return numberEquals(a, b);
+	}
+
+	public static boolean numberEquals(Number a, Number b) {
+		if (a == null) {
+			a = 0L;
+		}
+		if (b == null) {
+			b = 0L;
+		}
+
+		return a.equals(b);
+	}
+
+	public static boolean equals(Integer a, Integer b) {
+		return numberEquals(a, b);
+	}
+
+	public static boolean notZero(Long a) {
+		if (a == null) {
+			return false;
+		}
+		return a.longValue() != 0L;
+	}
+
+	public static String joinToString(List<Long> list, String split) {
+		if (list == null || list.size() == 0)
+			return "";
+		StringBuilder sb = new StringBuilder(list.get(0).toString());
+		for (int i = 1; i < list.size(); i++) {
+			sb.append(split).append(list.get(i).toString());
+		}
+		return sb.toString();
+	}
+
+	public static boolean isZero(Long workspaceId) {
+		if(workspaceId == null)
+			return true;
+		return workspaceId == 0L;
+	}
+	
+}

tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/SaasRoleApiImpl.java

@@ -21,8 +21,10 @@ import cn.axzo.tyr.client.model.permission.IdentityAndAccountResp;
 import cn.axzo.tyr.client.model.permission.UpdateWorkspaceSupAdminDTO;
 import cn.axzo.tyr.client.model.permission.WorkspaceGrantAdminRoleByPhoneReq;
 import cn.axzo.tyr.client.model.permission.WorkspaceGrantAdminRoleReq;
+import cn.axzo.tyr.client.model.req.UpdateUserJobReq;
 import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
 import cn.axzo.tyr.server.controller.roleuser.RoleUserController;
+import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
 import cn.axzo.tyr.server.util.RpcInternalUtil;
 import cn.azxo.framework.common.model.CommonResponse;
 import cn.hutool.extra.pinyin.PinyinUtil;
@@ -49,6 +51,8 @@ public class SaasRoleApiImpl implements SaasRoleApi {
     private RegulatorProfileApi regulatorProfileApi;
     @Autowired
     private SaasAccountApi saasAccountApi;
+    @Autowired
+    private SaasRoleUserRelationService saasRoleUserRelationService;
 
     @Override
     @Transactional(rollbackFor = Exception.class)
@@ -172,4 +176,10 @@ public class SaasRoleApiImpl implements SaasRoleApi {
         });
         return CommonResponse.success(list);
     }
+
+    @Override
+    public CommonResponse<Boolean> updateUserRole(UpdateUserJobReq req) {
+        saasRoleUserRelationService.updateWorkspaceUserRolesList(req);
+        return CommonResponse.success(Boolean.TRUE);
+    }
 }

tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java

@@ -131,5 +131,13 @@ public class SaasRoleDao extends ServiceImpl<SaasRoleMapper, SaasRole> {
 				.eq(SaasRole::getRoleType, RoleTypeEnum.INIT.getValue())
 				.list();
 	}
+
+	public List<SaasRole> listRoleByIds(Set<Long> notRemoveRoleIds) {
+		return this.lambdaQuery()
+				.in(BaseEntity::getId, notRemoveRoleIds)
+				.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value)
+				.select(BaseEntity::getId, SaasRole::getRoleType)
+				.list();
+	}
 }
 

tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleUserRelationDao.java

@@ -5,6 +5,7 @@ import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum;
 import cn.axzo.tyr.client.model.BaseWorkspaceModel;
 import cn.axzo.tyr.client.model.enums.IdentityType;
+import cn.axzo.tyr.client.model.enums.SaasJobTypeEnum;
 import cn.axzo.tyr.client.model.permission.IdentityAndAccountDTO;
 import cn.axzo.tyr.client.model.permission.QueryIdentityByPermissionDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
@@ -205,5 +206,27 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
 		List<IdentityAndAccountDTO> dtoList = saasRoleUserRelationMapper.findIdentityAndAccountInfosByParams(req);
 		return dtoList;
 	}
+
+	/**
+	 * 删除用户的岗位，不包含超管和代班长的
+	 *
+	 * @param workspaceId
+	 * @param ouId
+	 * @param identityId
+	 * @param identityType
+	 * @param masterJob
+	 */
+	public void deleteButNotAdminAndNotLeader(Long workspaceId, Long ouId, Long identityId, cn.axzo.basics.profiles.common.enums.IdentityType identityType, SaasJobTypeEnum masterJob) {
+		getBaseMapper().deleteButNotAdminAndNotLeader(workspaceId, ouId, identityId, identityType, masterJob);
+	}
+
+	public void delByIdentityAndWorkspaceIdAndOuId(Long identityId, cn.axzo.basics.profiles.common.enums.IdentityType identityType, Long workspaceId, Long ouId) {
+		getBaseMapper().deleteButNotAdminAndNotLeader(workspaceId, ouId, identityId, identityType, null);
+//		lambdaUpdate().eq(SaasRoleUserRelation::getWorkspaceId, workspaceId)
+//				.eq(SaasRoleUserRelation::getIdentityId, identityId)
+//				.eq(SaasRoleUserRelation::getIdentityType, identityType)
+//				.eq(SaasRoleUserRelation::getOuId, ouId)
+//				.set(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.DELETE.value).update();
+	}
 }
 

tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRole.java

@@ -1,6 +1,7 @@
 package cn.axzo.tyr.server.repository.entity;
 
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
+import cn.axzo.tyr.client.model.permission.SaasRoleFits;
 import com.baomidou.mybatisplus.annotation.TableField;
 import com.baomidou.mybatisplus.annotation.TableName;
 import lombok.EqualsAndHashCode;
@@ -104,5 +105,10 @@ public class SaasRole extends BaseEntity<SaasRole> {
 	protected Serializable pkVal() {
 		return this.id;
 	}
+
+	public boolean isFitOuType(Integer ouType) {
+		return SaasRoleFits.isFitOuType(this.fitOuTypeBit, ouType);
+	}
+
 }
 

tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRoleUserRelation.java

@@ -2,6 +2,7 @@ package cn.axzo.tyr.server.repository.entity;
 
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.model.enums.IdentityType;
+import cn.axzo.tyr.client.model.enums.SaasJobTypeEnum;
 import com.baomidou.mybatisplus.annotation.TableName;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
@@ -73,6 +74,12 @@ public class SaasRoleUserRelation extends BaseEntity<SaasRoleUserRelation> {
 	 */
 	private Long resourceId;
 
+	/**
+	 * 岗位类型 1:主岗 2:兼岗
+	 * 一个人在一个工作台内，除非 特殊的角色(超管,无权限角色等)必定有且只有一个主岗，可以有N个兼岗
+	 */
+	private SaasJobTypeEnum jobType;
+
 	/**
 	 * 获取主键值
 	 *

tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasRoleUserRelationMapper.java

@@ -1,5 +1,7 @@
 package cn.axzo.tyr.server.repository.mapper;
 
+import cn.axzo.basics.profiles.common.enums.IdentityType;
+import cn.axzo.tyr.client.model.enums.SaasJobTypeEnum;
 import cn.axzo.tyr.client.model.permission.IdentityAndAccountDTO;
 import cn.axzo.tyr.client.model.permission.QueryIdentityByPermissionDTO;
 import cn.axzo.tyr.server.model.QueryUserRoleReq;
@@ -35,6 +37,17 @@ public interface SaasRoleUserRelationMapper extends BaseMapper<SaasRoleUserRelat
 
     List<IdentityAndAccountDTO> findIdentityAndAccountInfosByParams(@Param("req") QueryIdentityByPermissionDTO req);
 
+    /**
+     * 删除岗位，但不包括超管和带班长的
+     *
+     * @param workspaceId
+     * @param ouId
+     * @param identityId
+     * @param identityType
+     * @param jobType
+     */
+    void deleteButNotAdminAndNotLeader(@Param("workspaceId") Long workspaceId, @Param("ouId") Long ouId, @Param("identityId") Long identityId, @Param("identityType") IdentityType identityType, @Param("jobType") SaasJobTypeEnum jobType);
+
     @Data
     @Builder
     @NoArgsConstructor

tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserRelationService.java

@@ -4,6 +4,7 @@ import cn.axzo.basics.profiles.common.enums.IdentityType;
 import cn.axzo.framework.domain.page.PageResp;
 import cn.axzo.tyr.client.model.permission.IdentityAndAccountDTO;
 import cn.axzo.tyr.client.model.permission.QueryIdentityByPermissionDTO;
+import cn.axzo.tyr.client.model.req.UpdateUserJobReq;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
 import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
@@ -40,4 +41,6 @@ public interface SaasRoleUserRelationService extends IService<SaasRoleUserRelati
     Boolean deleteByPersonId(Long personId);
 
     List<IdentityAndAccountDTO> findIdentityAndAccountInfosByParams(QueryIdentityByPermissionDTO req);
+
+    void updateWorkspaceUserRolesList(UpdateUserJobReq req);
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java

@@ -2,22 +2,35 @@ package cn.axzo.tyr.server.service.impl;
 
 import cn.axzo.basics.common.BeanMapper;
 import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
+import cn.axzo.basics.common.util.AssertUtil;
+import cn.axzo.basics.profiles.api.IdentityProfileApi;
 import cn.axzo.basics.profiles.api.UserProfileServiceApi;
+import cn.axzo.basics.profiles.api.vo.request.FindIdentityProfileReq;
 import cn.axzo.basics.profiles.common.enums.IdentityType;
+import cn.axzo.basics.profiles.dto.basic.IdentityProfileDto;
 import cn.axzo.basics.profiles.dto.basic.PersonProfileDto;
 import cn.axzo.foundation.dao.support.converter.PageConverter;
 import cn.axzo.foundation.dao.support.mysql.QueryWrapperHelper;
+import cn.axzo.framework.auth.domain.ContextInfo;
+import cn.axzo.framework.auth.domain.ContextInfoHolder;
 import cn.axzo.framework.domain.page.PageResp;
+import cn.axzo.maokai.api.client.OrganizationalUnitApi;
+import cn.axzo.maokai.api.vo.response.OrganizationalUnitVO;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
+import cn.axzo.pudge.core.service.ServiceException;
 import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
+import cn.axzo.tyr.client.model.enums.SaasJobTypeEnum;
 import cn.axzo.tyr.client.model.permission.IdentityAndAccountDTO;
 import cn.axzo.tyr.client.model.permission.QueryIdentityByPermissionDTO;
+import cn.axzo.tyr.client.model.req.UpdateUserJobReq;
+import cn.axzo.tyr.client.model.req.WorkspaceUpdateUserRoleDTO;
 import cn.axzo.tyr.client.model.res.SaasRoleRes;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
 import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
 import cn.axzo.tyr.client.model.roleuser.req.PageRoleUserRelationParam;
 import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
+import cn.axzo.tyr.server.common.util.NumUtil;
 import cn.axzo.tyr.server.model.QueryUserRoleReq;
 import cn.axzo.tyr.server.model.SaasUserRoleExBO;
 import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
@@ -41,12 +54,15 @@ import org.apache.commons.lang3.BooleanUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.CollectionUtils;
 
 import javax.annotation.Resource;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -74,6 +90,10 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
     private UserProfileServiceApi userProfileServiceApi;
     @Autowired
     private RoleService roleService;
+    @Autowired
+    private IdentityProfileApi identityProfileApi;
+    @Autowired
+    private OrganizationalUnitApi organizationalUnitApi;
 
     @Override
     public List<SaasRoleUserDTO> list(RoleUserParam param) {
@@ -323,4 +343,203 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
     public List<IdentityAndAccountDTO> findIdentityAndAccountInfosByParams(QueryIdentityByPermissionDTO req) {
         return saasRoleUserRelationDao.findAccountInfosByCode(req);
     }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void updateWorkspaceUserRolesList(UpdateUserJobReq req) {
+        Set<UpdateUserJobReq.RoleReq> roles = req.getRoles();
+        if (CollectionUtils.isEmpty(roles)) {
+            return;
+        }
+        //region 排除掉超管和带班长，只修改init的
+        Set<Long> roleIds = roles.stream().map(UpdateUserJobReq.RoleReq::getRoleId).collect(Collectors.toSet());
+        List<SaasRole> saasRoles = saasRoleDao.listRoleByIds(roleIds);
+        if (CollectionUtils.isEmpty(saasRoles)) {
+            return;
+        }
+        Set<Long> couldUpdateRoleIds = saasRoles.stream().filter(e -> Objects.equals(RoleTypeEnum.INIT.getValue(), e.getRoleType())).map(BaseEntity::getId).collect(Collectors.toSet());
+        if (CollectionUtils.isEmpty(couldUpdateRoleIds)) {
+            return;
+        }
+        roles = roles.stream().filter(e -> couldUpdateRoleIds.contains(e.getRoleId())).collect(Collectors.toSet());
+        //endregion
+
+        List<UpdateUserJobReq.RoleReq> masterJobs = roles.stream().filter(e -> e.getJobType().equals(SaasJobTypeEnum.MASTER_JOB)).collect(Collectors.toList());
+        if (masterJobs.size() != 1) {
+            AssertUtil.fail("主岗必须且只能有一个");
+        }
+        Set<UpdateUserJobReq.RoleReq> slaveJobs = roles.stream().filter(e -> e.getJobType().equals(SaasJobTypeEnum.SLAVE_JOB)).collect(Collectors.toSet());
+        if (!CollectionUtils.isEmpty(slaveJobs)) {
+            WorkspaceUpdateUserRoleDTO workspaceUpdateUserRoleDTO = new WorkspaceUpdateUserRoleDTO();
+            workspaceUpdateUserRoleDTO.setWorkspaceId(req.getWorkspaceId());
+            workspaceUpdateUserRoleDTO.setOuId(req.getOuId());
+            workspaceUpdateUserRoleDTO.setIdentityId(req.getIdentityId());
+            workspaceUpdateUserRoleDTO.setIdentityType(req.getIdentityType());
+            workspaceUpdateUserRoleDTO.setUpdateRoleIds(slaveJobs.stream().map(UpdateUserJobReq.RoleReq::getRoleId).collect(Collectors.toList()));
+            //这里面会删除所有岗位(主岗,兼岗)
+            updateWorkspaceUserRolesList(Lists.newArrayList(workspaceUpdateUserRoleDTO));
+        } else {
+            //如果传入空，表示删除兼岗
+            saasRoleUserRelationDao.deleteButNotAdminAndNotLeader(req.getWorkspaceId(), req.getOuId(), req.getIdentityId(),
+                    req.getIdentityType(), SaasJobTypeEnum.SLAVE_JOB);
+        }
+        UpdateUserJobReq.RoleReq masterJob = masterJobs.get(0);
+        checkRoleInWorkspaceAndFitOu(Collections.singletonList(masterJob.getRoleId()), req.getWorkspaceId(), req.getOuId(), Collections.singletonList(RoleTypeEnum.INIT));
+        IdentityProfileDto profile = this.checkIdentity(req.getIdentityId(), req.getIdentityType());
+        //删除用户的主岗
+        saasRoleUserRelationDao.deleteButNotAdminAndNotLeader(req.getWorkspaceId(), req.getOuId(), req.getIdentityId(),
+                req.getIdentityType(), SaasJobTypeEnum.MASTER_JOB);
+
+        //添加用户主岗
+        SaasRoleUserRelation relation = new SaasRoleUserRelation();
+        relation.setRoleId(masterJob.getRoleId());
+        relation.setIdentityId(req.getIdentityId());
+        relation.setIdentityType(profile.getIdentityType().getCode());
+        relation.setIsDelete(0L);
+        relation.setNaturalPersonId(profile.getPersonProfile().getId());
+        relation.setOuId(req.getOuId());
+        relation.setResourceId(0L);
+        relation.setJobType(SaasJobTypeEnum.MASTER_JOB);
+        relation.setResourceType(0);
+        relation.setWorkspaceId(req.getWorkspaceId());
+        saasRoleUserRelationDao.save(relation);
+    }
+
+    private Boolean updateWorkspaceUserRolesList(List<WorkspaceUpdateUserRoleDTO> dtoList) {
+        Set<Long> roleIdSet = new HashSet<>();
+        for (WorkspaceUpdateUserRoleDTO dto : dtoList) {
+            roleIdSet.addAll(dto.getUpdateRoleIds());
+        }
+        // 先从数据库里拿出所有的Role by roleIds
+        // 检查一下是否有SUPER_ADMIN、ADMIN，如果有就抛异常，不能分配ADMIN、SUPER_ADMIN
+        // 检查一下所有Role都存在，且都是这个workspace、这个ou的，否则抛异常，角色列表有错
+        // 完成数据库写操作
+        // 返回
+
+        Long workspaceId = dtoList.get(0).getWorkspaceId();
+        Long ouId = dtoList.get(0).getOuId();
+        for (int i = 1; i < dtoList.size(); i++) {
+            if (!NumUtil.equals(workspaceId, dtoList.get(i).getWorkspaceId())) {
+                throw new ServiceException(String.format("批量配置角色失败，输入列表中有多个不同的工作台Id，%d != %d", workspaceId,
+                        dtoList.get(i).getWorkspaceId()));
+            }
+            if (!NumUtil.equals(ouId, dtoList.get(i).getOuId())) {
+                throw new ServiceException(
+                        String.format("批量配置角色失败，输入列表中有多个不同的单位ID，%d != %d", ouId, dtoList.get(i).getOuId()));
+            }
+
+        }
+
+        checkWorkspace(workspaceId);
+        checkRoleInWorkspaceAndFitOu(roleIdSet, workspaceId, ouId,
+                Arrays.asList(RoleTypeEnum.INIT, RoleTypeEnum.COMMON));
+        for (WorkspaceUpdateUserRoleDTO g : dtoList) {
+            if (!doUpdateWorkspaceUserRoles(g.getIdentityId(), g.getIdentityType(), g.getUpdateRoleIds(), g.getWorkspaceId(), g.getOuId(), g.getJobType())) {
+                throw new ServiceException(String.format("批量配置角色失败，失败点：用户身份ID=%d，工作台ID=%d, 角色列表=%s", g.getIdentityId(),
+                        g.getWorkspaceId(), NumUtil.joinToString(g.getUpdateRoleIds(), ",")));
+            }
+        }
+        return Boolean.TRUE;
+    }
+
+    /**
+     * 检查这些Role是这个Workspace的，也是这个OU合适的
+     *
+     * @param roleIds
+     * @param workspaceId
+     * @param typeList
+     */
+    private void checkRoleInWorkspaceAndFitOu(Collection<Long> roleIds, Long workspaceId, Long ouId,
+                                              List<RoleTypeEnum> typeList) {
+        if (CollectionUtils.isEmpty(roleIds)) {
+            return;
+        }
+        OrganizationalUnitVO ou = checkAndReturnOU(ouId);
+        List<SaasRole> roles = this.saasRoleDao.lambdaQuery().in(SaasRole::getId, roleIds)
+                .in(SaasRole::getRoleType,
+                        typeList.stream().map(RoleTypeEnum::getValue).collect(Collectors.toList()))
+                .eq(SaasRole::getIsDelete, 0).list();
+        Set<Long> roleIdSet = roles.stream().map(SaasRole::getId).collect(Collectors.toSet());
+
+        for (Long id : roleIds) {
+            if (roleIdSet.contains(id))
+                continue;
+            throw new ServiceException("无法找到角色,ID=" + id);
+        }
+
+        for (SaasRole role : roles) {
+            if (!NumUtil.equals(role.getWorkspaceId(), workspaceId)) {
+                throw new ServiceException("角色不属于当前工作台");
+            }
+            if (!role.isFitOuType(ou.getType())) {
+                throw new ServiceException(String.format("角色[%d-%s]不能适用于单位[%d-%s]", role.getId(), role.getName(),
+                        ou.getId(), ou.getName()));
+            }
+        }
+    }
+
+    private void checkWorkspace(Long workspaceId) {
+        ContextInfo contextInfo = ContextInfoHolder.get();
+        if (null != contextInfo) {
+            if (!NumUtil.equals(contextInfo.getWorkspaceId(), workspaceId)) {
+                String msg = String.format("输入的工作台与当前Context工作台不一致, contextInfo.workspace=%d, params.workspaceId=%d",
+                        contextInfo.getWorkspaceId(), workspaceId);
+                log.error(msg);
+                // 以后稍微稳定一些了再抛异常吧。
+                // throw new ServiceException(msg);
+            }
+        }
+    }
+
+    /**
+     * @param identityId
+     * @param roleIdList
+     * @param workspaceId
+     * @param ouId
+     * @param jobType
+     * @return
+     */
+    private boolean doUpdateWorkspaceUserRoles(Long identityId, IdentityType identityType, List<Long> roleIdList, Long workspaceId, Long ouId, SaasJobTypeEnum jobType) {
+        IdentityProfileDto profile = this.checkIdentity(identityId, identityType);
+        saasRoleUserRelationDao.delByIdentityAndWorkspaceIdAndOuId(identityId, identityType, workspaceId, ouId);
+        List<SaasRoleUserRelation> list = new ArrayList<>();
+        for (Long roleId : roleIdList) {
+            SaasRoleUserRelation relation = new SaasRoleUserRelation();
+            relation.setRoleId(roleId);
+            relation.setIdentityId(identityId);
+            relation.setIdentityType(profile.getIdentityType().getCode());
+            relation.setIsDelete(0L);
+            relation.setNaturalPersonId(profile.getPersonProfile().getId());
+            relation.setOuId(ouId);
+            relation.setResourceId(0L);
+            relation.setJobType(jobType);
+            relation.setResourceType(0);
+            relation.setWorkspaceId(workspaceId);
+            list.add(relation);
+        }
+        return saasRoleUserRelationDao.saveBatch(list);
+    }
+
+    private IdentityProfileDto checkIdentity(Long identityId, IdentityType identityType) {
+        if(identityId == null || NumUtil.equals(identityId, 0L))
+            throw new ServiceException("身份错误");
+
+        if (identityType == null)
+            return null;
+
+        FindIdentityProfileReq req = FindIdentityProfileReq.builder()
+                .identityId(identityId)
+                .identityType(identityType)
+                .build();
+        IdentityProfileDto profile = RpcInternalUtil.checkAndGetData(identityProfileApi.findIdentityProfile(req));
+        if (Objects.isNull(profile))
+            throw new ServiceException(String.format("找不到相关身份ID=%d的信息", identityId));
+        return profile;
+    }
+
+    private OrganizationalUnitVO checkAndReturnOU(Long ouId) {
+        if(NumUtil.isZero(ouId))
+            throw new ServiceException("单位为空");
+        return RpcInternalUtil.checkAndGetData(organizationalUnitApi.getById(ouId));
+    }
 }

tyr-server/src/main/resources/mapper/SaasRoleUserRelationMapper.xml

@@ -135,4 +135,17 @@
         </if>
         GROUP BY sa.natural_person_id,srur.identity_id,srur.identity_type,sa.id
     </select>
+
+    <update id="deleteButNotAdminAndNotLeader">
+        update saas_role_user_relation t1 inner join saas_role t2 on t1.role_id = t2.id and t2.role_type = 'init' and
+        t2.is_delete = 0
+        set t1.is_delete=t1.id
+        where t1.workspace_id = #{workspaceId}
+        and t1.ou_id = #{ouId}
+        and t1.identity_id = #{identityId}
+        and t1.identity_type = #{identityType}
+        <if test="jobType!=null">
+            and t1.job_type = #{jobType}
+        </if>
+    </update>
 </mapper>