更新！

FullCardServer/src/main/java/com/zhongshu/card/server/core/dao/org/RoleDao.java

@@ -35,4 +35,6 @@ public interface RoleDao extends MongoDao<Role>, RoleDaoExtend {
     List<Role> findByIdIn(List<String> ids);
 
     List<Role> findByOidAndNameIn(String oid, List<String> names);
+
+    List<Role> findByOidAndIsAdmin(String oid, Boolean isAdmin);
 }

FullCardServer/src/main/java/com/zhongshu/card/server/core/model/org/OrgBindUserParam.java

@@ -5,6 +5,9 @@ import com.zhongshu.card.server.core.domain.org.UserAccount;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * @author TRX
  * @date 2024/9/24
@@ -22,4 +25,7 @@ public class OrgBindUserParam {
 
     @Schema(description = "项目oid")
     private String projectOid;
+
+    @Schema(description = "角色列表")
+    private List<String> roleIds = new ArrayList<>();
 }

FullCardServer/src/main/java/com/zhongshu/card/server/core/service/org/OrganizationUserServiceImpl.java

@@ -7,7 +7,6 @@ import com.github.microservice.auth.client.service.OrganizationUserService;
 import com.github.microservice.auth.client.service.RoleService;
 import com.github.microservice.auth.security.type.AuthType;
 import com.github.microservice.core.util.bean.BeanUtil;
-import com.github.microservice.core.util.os.SystemUtil;
 import com.github.microservice.net.ResultContent;
 import com.google.common.collect.Lists;
 import com.zhongshu.card.client.model.base.ProjectOidParam;
@@ -57,8 +56,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
@@ -274,15 +271,7 @@ public class OrganizationUserServiceImpl extends SuperService {
 
             // 删除以前的角色
             List<Role> oldRoles = organizationUser.getRoles();
-            if (ObjectUtils.isNotEmpty(oldRoles)) {
-                List<String> ids = oldRoles.stream().map(it -> it.getRoleGroupId()).collect(Collectors.toList());
-                String[] userIds = new String[]{userId};
-                for (Role oldRole : oldRoles) {
-                    if (!ids.contains(oldRole.getRoleGroupId())) {
-                        roleService.removeUserFromRoleGroup(oldRole.getRoleGroupId(), userIds);
-                    }
-                }
-            }
+            roleServiceImpl.userRemoveRole(userId, oldRoles);
         }
 
         organizationUser.setOid(organization.getOid());
@@ -306,8 +295,7 @@ public class OrganizationUserServiceImpl extends SuperService {
 
         if (ObjectUtils.isNotEmpty(roles)) {
             //权限中心： 在角色组添加用户
-            String[] roleGroupIds = roles.stream().map(it -> it.getRoleGroupId()).collect(Collectors.toList()).toArray(String[]::new);
-            roleService.addUsersToRoleGroup(userId, roleGroupIds);
+            roleServiceImpl.userBindRoles(userId, roles);
         }
 
         organizationUser.setPosition(position);
@@ -358,12 +346,15 @@ public class OrganizationUserServiceImpl extends SuperService {
      */
     public ResultContent orgBindManager(Organization organization, List<UserAccount> userAccounts) {
         List<OrganizationUser> oldList = organizationUserDao.findByOrganizationAndIsAdmin(organization, Boolean.TRUE);
+
         List<String> newIds = new ArrayList<>();
+        List<Role> adminRole = roleServiceImpl.getOrgAdminRoles(organization.getOid());
         for (UserAccount userAccount : userAccounts) {
             OrgBindUserParam _param = new OrgBindUserParam();
             _param.setOrganization(organization);
             _param.setUserAccount(userAccount);
             _param.setIsAdmin(Boolean.TRUE);
+            _param.setRoleIds(adminRole.stream().map(it -> it.getId()).collect(Collectors.toList()));
             OrganizationUser temp = buildOrgUserInfo(_param);
             if (temp != null) {
                 newIds.add(temp.getId());
@@ -412,10 +403,18 @@ public class OrganizationUserServiceImpl extends SuperService {
         OrganizationUser organizationUser = null;
         if (ObjectUtils.isNotEmpty(userAccount) && ObjectUtils.isNotEmpty(organization)) {
             organizationUser = organizationUserDao.findTopByOrganizationAndUser(organization, userAccount);
+            List<Role> roles = new ArrayList<>();
             if (ObjectUtils.isEmpty(organizationUser)) {
                 organizationUser = new OrganizationUser();
                 organizationUser.setState(UserState.Normal);
                 organizationUser.setCode("");
+            } else {
+                if (ObjectUtils.isNotEmpty(organizationUser.getRoles())) {
+                    roles = organizationUser.getRoles();
+                }
+            }
+            if (ObjectUtils.isNotEmpty(param.getRoleIds())) {
+                roles.addAll(roleDao.findByIdIn(param.getRoleIds()));
             }
             organizationUser.setUser(userAccount);
             organizationUser.setName(userAccount.getName());
@@ -431,7 +430,13 @@ public class OrganizationUserServiceImpl extends SuperService {
             organizationUser.setAuthType(organization.getAuthType());
 
             organizationUser.setProjectOid(param.getProjectOid());
+            if (ObjectUtils.isNotEmpty(param.getProjectOid())) {
+                roles = roles.stream().distinct().collect(Collectors.toUnmodifiableList());
+            }
+            organizationUser.setRoles(roles);
             organizationUserDao.save(organizationUser);
+
+            roleServiceImpl.userBindRoles(organizationUser.getUserId(), roles);
         }
         return organizationUser;
     }

FullCardServer/src/main/java/com/zhongshu/card/server/core/service/user/RoleServiceImpl.java

@@ -720,6 +720,43 @@ public class RoleServiceImpl extends SuperService {
         return ResultContent.buildSuccess();
     }
 
+    /**
+     * 得到机构的 admin角色
+     *
+     * @param oid
+     * @return
+     */
+    public List<Role> getOrgAdminRoles(String oid) {
+        return roleDao.findByOidAndIsAdmin(oid, Boolean.TRUE);
+    }
+
+    /**
+     * 用户移除角色
+     *
+     * @param userId
+     * @param roles
+     * @return
+     */
+    public ResultContent userRemoveRole(String userId, List<Role> roles) {
+        if (StringUtils.isNotEmpty(userId) && ObjectUtils.isNotEmpty(roles)) {
+            String[] userIds = new String[]{userId};
+            for (Role oldRole : roles) {
+                roleService.removeUserFromRoleGroup(oldRole.getRoleGroupId(), userIds);
+            }
+        }
+        return ResultContent.buildSuccess();
+    }
+
+    public ResultContent userBindRoles(String userId, List<Role> roles) {
+        if (StringUtils.isNotEmpty(userId) && ObjectUtils.isNotEmpty(roles)) {
+            String[] roleGroupIds = roles.stream().map(it -> it.getRoleGroupId()).collect(Collectors.toList()).toArray(String[]::new);
+            roleService.addUsersToRoleGroup(userId, roleGroupIds);
+        }
+        return ResultContent.buildSuccess();
+    }
+
+    //--------------------------模型转换 start---------------------
+
     public List<RoleModel> toModels(List<Role> roles) {
         if (ObjectUtils.isNotEmpty(roles)) {
             return roles.stream().map(this::toModel).collect(Collectors.toList());