fix: 修复门店租户写入与跨租户查看

2026-01-19 20:22:12 +08:00
parent abd5752ad1
commit 30e54e2bea
13 changed files with 192 additions and 39 deletions
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CalculateStoreFeeQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CalculateStoreFeeQueryHandler.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Application.App.Stores.Services;
@@ -17,6 +18,7 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class CalculateStoreFeeQueryHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor,
    IStoreFeeCalculationService feeCalculationService)
    : IRequestHandler<CalculateStoreFeeQuery, StoreFeeCalculationResultDto>
 {
@@ -24,7 +26,8 @@ public sealed class CalculateStoreFeeQueryHandler(
    public async Task<StoreFeeCalculationResultDto> Handle(CalculateStoreFeeQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var tenantId = tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CheckStoreQualificationsQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CheckStoreQualificationsQueryHandler.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Enums;
@@ -14,14 +15,16 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class CheckStoreQualificationsQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider)
+    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor)
    : IRequestHandler<CheckStoreQualificationsQuery, StoreQualificationCheckResultDto>
 {
    /// <inheritdoc />
    public async Task<StoreQualificationCheckResultDto> Handle(CheckStoreQualificationsQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var tenantId = tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreCommandHandler.cs
@@ -1,8 +1,10 @@
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
 using TakeoutSaaS.Application.App.Stores.Dto;
+using TakeoutSaaS.Domain.Merchants.Repositories;
 using TakeoutSaaS.Domain.Stores.Entities;
 using TakeoutSaaS.Domain.Stores.Enums;
 using TakeoutSaaS.Domain.Stores.Repositories;
@@ -17,17 +19,30 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class CreateStoreCommandHandler(
    IStoreRepository storeRepository,
+    IMerchantRepository merchantRepository,
    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor,
    ILogger<CreateStoreCommandHandler> logger)
    : IRequestHandler<CreateStoreCommand, StoreDto>
 {
    /// <inheritdoc />
    public async Task<StoreDto> Handle(CreateStoreCommand request, CancellationToken cancellationToken)
    {
-        // 1. 校验门店坐标唯一性（100 米内禁止重复）
+        // 1. 校验商户存在并解析租户
+        var currentTenantId = tenantProvider.GetCurrentTenantId();
+        var allowCrossTenant = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
+        var merchant = allowCrossTenant
+            ? await merchantRepository.FindByIdAsync(request.MerchantId, cancellationToken)
+            : await merchantRepository.FindByIdAsync(request.MerchantId, currentTenantId, cancellationToken);
+        if (merchant == null)
+        {
+            throw new BusinessException(ErrorCodes.NotFound, "商户不存在");
+        }
+        var tenantId = merchant.TenantId;
+
+        // 2. (空行后) 校验门店坐标唯一性（100 米内禁止重复）
        if (request.Longitude.HasValue && request.Latitude.HasValue)
        {
-            var tenantId = tenantProvider.GetCurrentTenantId();
            var isDuplicate = await storeRepository.ExistsStoreWithinDistanceAsync(
                request.MerchantId,
                tenantId,
@@ -41,16 +56,17 @@ public sealed class CreateStoreCommandHandler(
            }
        }

-        // 2. (空行后) 计算审核与经营状态
+        // 3. (空行后) 计算审核与经营状态
        var now = DateTime.UtcNow;
        var isSameEntity = request.OwnershipType == StoreOwnershipType.SameEntity;
        var auditStatus = isSameEntity ? StoreAuditStatus.Activated : StoreAuditStatus.Draft;
        var businessStatus = StoreBusinessStatus.Resting;
        DateTime? activatedAt = isSameEntity ? now : null;

-        // 3. (空行后) 构建实体
+        // 4. (空行后) 构建实体
        var store = new Store
        {
+            TenantId = tenantId,
            MerchantId = request.MerchantId,
            Code = request.Code.Trim(),
            Name = request.Name.Trim(),
@@ -79,10 +95,14 @@ public sealed class CreateStoreCommandHandler(
            SupportsQueueing = request.SupportsQueueing
        };

-        // 4. (空行后) 持久化并初始化费用配置
+        // 5. (空行后) 持久化门店以获取标识
        await storeRepository.AddStoreAsync(store, cancellationToken);
+        await storeRepository.SaveChangesAsync(cancellationToken);
+
+        // 6. (空行后) 初始化费用配置
        await storeRepository.AddStoreFeeAsync(new StoreFee
        {
+            TenantId = tenantId,
            StoreId = store.Id,
            MinimumOrderAmount = 0m,
            BaseDeliveryFee = 0m,
@@ -92,7 +112,7 @@ public sealed class CreateStoreCommandHandler(
        await storeRepository.SaveChangesAsync(cancellationToken);
        logger.LogInformation("创建门店 {StoreId} - {StoreName}", store.Id, store.Name);

-        // 5. (空行后) 返回 DTO
+        // 7. (空行后) 返回 DTO
        return StoreMapping.ToDto(store);
    }
 }
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreByIdQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreByIdQueryHandler.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
@@ -13,13 +14,15 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class GetStoreByIdQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider)
+    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor)
    : IRequestHandler<GetStoreByIdQuery, StoreDto?>
 {
    /// <inheritdoc />
    public async Task<StoreDto?> Handle(GetStoreByIdQuery request, CancellationToken cancellationToken)
    {
-        var tenantId = tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        return store == null ? null : StoreMapping.ToDto(store);
    }
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreFeeQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreFeeQueryHandler.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Entities;
@@ -14,14 +15,16 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class GetStoreFeeQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider)
+    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor)
    : IRequestHandler<GetStoreFeeQuery, StoreFeeDto?>
 {
    /// <inheritdoc />
    public async Task<StoreFeeDto?> Handle(GetStoreFeeQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var tenantId = tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreBusinessHoursQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreBusinessHoursQueryHandler.cs
@@ -1,5 +1,6 @@
 using System.Linq;
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Repositories;
@@ -12,17 +13,20 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class ListStoreBusinessHoursQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider)
+    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor)
    : IRequestHandler<ListStoreBusinessHoursQuery, IReadOnlyList<StoreBusinessHourDto>>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
+    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;

    /// <inheritdoc />
    public async Task<IReadOnlyList<StoreBusinessHourDto>> Handle(ListStoreBusinessHoursQuery request, CancellationToken cancellationToken)
    {
        // 1. 查询时段列表
-        var tenantId = _tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
        var hours = await _storeRepository.GetBusinessHoursAsync(request.StoreId, tenantId, cancellationToken);

        // 2. 映射 DTO
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreDeliveryZonesQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreDeliveryZonesQueryHandler.cs
@@ -1,5 +1,6 @@
 using System.Linq;
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Repositories;
@@ -12,17 +13,20 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class ListStoreDeliveryZonesQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider)
+    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor)
    : IRequestHandler<ListStoreDeliveryZonesQuery, IReadOnlyList<StoreDeliveryZoneDto>>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
+    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;

    /// <inheritdoc />
    public async Task<IReadOnlyList<StoreDeliveryZoneDto>> Handle(ListStoreDeliveryZonesQuery request, CancellationToken cancellationToken)
    {
        // 1. 查询配送区域
-        var tenantId = _tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
        var zones = await _storeRepository.GetDeliveryZonesAsync(request.StoreId, tenantId, cancellationToken);

        // 2. 映射 DTO
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreQualificationsQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreQualificationsQueryHandler.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Repositories;
@@ -13,14 +14,16 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class ListStoreQualificationsQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider)
+    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor)
    : IRequestHandler<ListStoreQualificationsQuery, IReadOnlyList<StoreQualificationDto>>
 {
    /// <inheritdoc />
    public async Task<IReadOnlyList<StoreQualificationDto>> Handle(ListStoreQualificationsQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var tenantId = tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/SearchStoresQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/SearchStoresQueryHandler.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
@@ -13,13 +14,15 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class SearchStoresQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider)
+    ITenantProvider tenantProvider,
+    IHttpContextAccessor httpContextAccessor)
    : IRequestHandler<SearchStoresQuery, PagedResult<StoreDto>>
 {
    /// <inheritdoc />
    public async Task<PagedResult<StoreDto>> Handle(SearchStoresQuery request, CancellationToken cancellationToken)
    {
-        var tenantId = tenantProvider.GetCurrentTenantId();
+        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
+        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
        var stores = await storeRepository.SearchAsync(
            tenantId,
            request.MerchantId,
@@ -28,6 +31,7 @@ public sealed class SearchStoresQueryHandler(
            request.BusinessStatus,
            request.OwnershipType,
            request.Keyword,
+            ignoreTenantFilter,
            cancellationToken);

        var sorted = ApplySorting(stores, request.SortBy, request.SortDescending);
--- a/src/Application/TakeoutSaaS.Application/App/Stores/StoreTenantAccess.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/StoreTenantAccess.cs
@@ -0,0 +1,45 @@
+using Microsoft.AspNetCore.Http;
+using System;
+using System.Linq;
+
+namespace TakeoutSaaS.Application.App.Stores;
+
+internal static class StoreTenantAccess
+{
+    private const string PermissionClaimType = "permission";
+    private const string ViewAllStoresPermission = "store:read:all";
+    private static readonly string[] PlatformRoleCodes =
+    {
+        "super-admin",
+        "SUPER_ADMIN",
+        "PlatformAdmin",
+        "platform-admin"
+    };
+
+    public static bool ShouldIgnoreTenantFilter(IHttpContextAccessor httpContextAccessor)
+    {
+        var httpContext = httpContextAccessor.HttpContext;
+        if (httpContext == null)
+        {
+            return false;
+        }
+
+        var user = httpContext.User;
+        if (user?.Identity?.IsAuthenticated != true)
+        {
+            return false;
+        }
+
+        if (PlatformRoleCodes.Any(user.IsInRole))
+        {
+            return true;
+        }
+
+        var permissions = user.FindAll(PermissionClaimType)
+            .Select(c => c.Value?.Trim())
+            .Where(value => !string.IsNullOrWhiteSpace(value))
+            .ToHashSet(StringComparer.OrdinalIgnoreCase);
+
+        return permissions.Contains(ViewAllStoresPermission);
+    }
+}