chore: 提交当前变更

src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/IdentityDataSeeder.cs

@@ -5,6 +5,7 @@ using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using TakeoutSaaS.Infrastructure.Identity.Options;
+using TakeoutSaaS.Shared.Abstractions.Tenancy;
 using DomainIdentityUser = TakeoutSaaS.Domain.Identity.Entities.IdentityUser;
 
 namespace TakeoutSaaS.Infrastructure.Identity.Persistence;
@@ -20,6 +21,7 @@ public sealed class IdentityDataSeeder(IServiceProvider serviceProvider, ILogger
         var context = scope.ServiceProvider.GetRequiredService<IdentityDbContext>();
         var options = scope.ServiceProvider.GetRequiredService<IOptions<AdminSeedOptions>>().Value;
         var passwordHasher = scope.ServiceProvider.GetRequiredService<IPasswordHasher<DomainIdentityUser>>();
+        var tenantContextAccessor = scope.ServiceProvider.GetRequiredService<ITenantContextAccessor>();
 
         await context.Database.MigrateAsync(cancellationToken);
 
@@ -31,6 +33,7 @@ public sealed class IdentityDataSeeder(IServiceProvider serviceProvider, ILogger
 
         foreach (var userOptions in options.Users)
         {
+            using var tenantScope = EnterTenantScope(tenantContextAccessor, userOptions.TenantId);
             var user = await context.IdentityUsers.FirstOrDefaultAsync(x => x.Account == userOptions.Account, cancellationToken);
             var roles = NormalizeValues(userOptions.Roles);
             var permissions = NormalizeValues(userOptions.Permissions);
@@ -76,4 +79,17 @@ public sealed class IdentityDataSeeder(IServiceProvider serviceProvider, ILogger
                 .Where(v => !string.IsNullOrWhiteSpace(v))
                 .Select(v => v.Trim())
                 .Distinct(StringComparer.OrdinalIgnoreCase)];
+
+    private static IDisposable EnterTenantScope(ITenantContextAccessor accessor, Guid tenantId)
+    {
+        var previous = accessor.Current;
+        accessor.Current = new TenantContext(tenantId, null, "admin-seed");
+        return new Scope(() => accessor.Current = previous);
+    }
+
+    private sealed class Scope(Action disposeAction) : IDisposable
+    {
+        private readonly Action _disposeAction = disposeAction;
+        public void Dispose() => _disposeAction();
+    }
 }

src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/IdentityDbContext.cs

@@ -4,14 +4,20 @@ using Microsoft.EntityFrameworkCore.ChangeTracking;
 using Microsoft.EntityFrameworkCore.Metadata.Builders;
 using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
 using TakeoutSaaS.Domain.Identity.Entities;
+using TakeoutSaaS.Infrastructure.Common.Persistence;
+using TakeoutSaaS.Shared.Abstractions.Tenancy;
 
 namespace TakeoutSaaS.Infrastructure.Identity.Persistence;
 
 /// <summary>
-/// 身份认证 DbContext。
+/// 身份认证 DbContext，带多租户过滤。
 /// </summary>
-public sealed class IdentityDbContext(DbContextOptions<IdentityDbContext> options) : DbContext(options)
+public sealed class IdentityDbContext : TenantAwareDbContext
 {
+    public IdentityDbContext(DbContextOptions<IdentityDbContext> options, ITenantProvider tenantProvider)
+        : base(options, tenantProvider)
+    {
+    }
 
     public DbSet<IdentityUser> IdentityUsers => Set<IdentityUser>();
     public DbSet<MiniUser> MiniUsers => Set<MiniUser>();
@@ -20,6 +26,7 @@ public sealed class IdentityDbContext(DbContextOptions<IdentityDbContext> option
     {
         ConfigureIdentityUser(modelBuilder.Entity<IdentityUser>());
         ConfigureMiniUser(modelBuilder.Entity<MiniUser>());
+        ApplyTenantQueryFilters(modelBuilder);
     }
 
     private static void ConfigureIdentityUser(EntityTypeBuilder<IdentityUser> builder)

src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Services/JwtTokenService.cs

@@ -69,7 +69,7 @@ public sealed class JwtTokenService(IRefreshTokenStore refreshTokenStore, IOptio
     /// </summary>
     /// <param name="profile">用户档案</param>
     /// <returns>Claims 集合</returns>
-    private static IEnumerable<Claim> BuildClaims(CurrentUserProfile profile)
+    private static List<Claim> BuildClaims(CurrentUserProfile profile)
     {
         var userId = profile.UserId.ToString();
         var claims = new List<Claim>
@@ -86,15 +86,9 @@ public sealed class JwtTokenService(IRefreshTokenStore refreshTokenStore, IOptio
             claims.Add(new Claim("merchant_id", profile.MerchantId.Value.ToString()));
         }
 
-        foreach (var role in profile.Roles)
-        {
-            claims.Add(new Claim(ClaimTypes.Role, role));
-        }
+        claims.AddRange(profile.Roles.Select(role => new Claim(ClaimTypes.Role, role)));
 
-        foreach (var permission in profile.Permissions)
-        {
-            claims.Add(new Claim("permission", permission));
-        }
+        claims.AddRange(profile.Permissions.Select(permission => new Claim("permission", permission)));
 
         return claims;
     }