alibaba · KomachiSion · Dec 6, 2024 · Dec 5, 2024 · Dec 5, 2024 · Dec 5, 2024
diff --git a/...os/config/server/service/repository/extrnal/ExternalConfigInfoPersistServiceImplTest.java b/...os/config/server/service/repository/extrnal/ExternalConfigInfoPersistServiceImplTest.java
@@ -1307,8 +1307,7 @@ void testBuildFindConfigInfoStateSql() {
                 TableConstant.CONFIG_INFO);
         String select = configInfoMapper.select(Arrays.asList("id", "data_id", "group_id", "tenant_id", "gmt_modified"),
                 Arrays.asList("data_id", "group_id", "tenant_id"));
-        assertEquals(
-                "SELECT id,data_id,group_id,tenant_id,gmt_modified FROM config_info WHERE data_id = ? AND group_id = ? AND tenant_id = ?",
+        assertEquals("SELECT id,data_id,group_id,tenant_id,gmt_modified FROM config_info WHERE data_id = ? AND group_id = ? AND tenant_id = ?",
                 select);
     }
 

diff --git a/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java b/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java
@@ -236,6 +236,12 @@ public void addRole(String role, String username) {
             throw new IllegalArgumentException(
                     "role '" + AuthConstants.GLOBAL_ADMIN_ROLE + "' is not permitted to create!");
         }
+
+        if (isUserBoundToRole(role, username)) {
+            throw new IllegalArgumentException(
+                    "user '" + username + "' already bound to the role '" + role + "'!");
+        }
+
         rolePersistService.addRole(role, username);
         roleSet.add(role);
     }
@@ -394,5 +400,23 @@ public Result<Boolean> isDuplicatePermission(String role, String resource, Strin
         }
         return Result.success(Boolean.FALSE);
     }
+
+    /**
+     * judge whether the user is already bound to the role.
+     *
+     * @param role     role name
+     * @param username user name
+     * @return true if the user is already bound to the role.
+     */
+    public boolean isUserBoundToRole(String role, String username) {
+        Page<RoleInfo> roleInfoPage = rolePersistService.getRolesByUserNameAndRoleName(username,
+                role, DEFAULT_PAGE_NO, 1);
+        if (roleInfoPage == null) {
+            return false;
+        }
+        List<RoleInfo> roleInfos = roleInfoPage.getPageItems();
+        return CollectionUtils.isNotEmpty(roleInfos) && roleInfos.stream()
+                .anyMatch(roleInfo -> role.equals(roleInfo.getRole()));
+    }
 
 }
diff --git a/...ugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java b/...ugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java
@@ -218,4 +218,15 @@ void duplicatePermission() {
         when(spy.getPermissions("admin")).thenReturn(permissionInfos);
         spy.isDuplicatePermission("admin", "test", "r");
     }
+
+    @Test
+    void isUserBoundToRole() {
+        String role = "TEST";
+        String userName = "nacos";
+        assertFalse(nacosRoleService.isUserBoundToRole("", userName));
+        assertFalse(nacosRoleService.isUserBoundToRole(role, ""));
+        assertFalse(nacosRoleService.isUserBoundToRole("", null));
+        assertFalse(nacosRoleService.isUserBoundToRole(null, ""));
+        assertFalse(nacosRoleService.isUserBoundToRole(role, userName));
+    }
 }