refactor: AdminApi 剔除租户侧能力

src/Application/TakeoutSaaS.Application/Identity/Handlers/UpdateIdentityUserCommandHandler.cs

@@ -11,7 +11,6 @@ using TakeoutSaaS.Domain.Identity.Repositories;
 using TakeoutSaaS.Shared.Abstractions.Constants;
 using TakeoutSaaS.Shared.Abstractions.Exceptions;
 using TakeoutSaaS.Shared.Abstractions.Security;
-using TakeoutSaaS.Shared.Abstractions.Tenancy;
 
 namespace TakeoutSaaS.Application.Identity.Handlers;
 
@@ -22,7 +21,6 @@ public sealed class UpdateIdentityUserCommandHandler(
     IIdentityUserRepository identityUserRepository,
     IUserRoleRepository userRoleRepository,
     IRoleRepository roleRepository,
-    ITenantProvider tenantProvider,
     ICurrentUserAccessor currentUserAccessor,
     IAdminAuthService adminAuthService,
     IIdentityOperationLogPublisher operationLogPublisher,
@@ -32,30 +30,17 @@ public sealed class UpdateIdentityUserCommandHandler(
     /// <inheritdoc />
     public async Task<UserDetailDto?> Handle(UpdateIdentityUserCommand request, CancellationToken cancellationToken)
     {
-        // 1. 获取操作者档案并判断权限
-        var currentTenantId = tenantProvider.GetCurrentTenantId();
+        // 1. 获取操作者档案（用于操作日志）
         var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
-        var isSuperAdmin = IdentityUserAccess.IsSuperAdmin(operatorProfile);
 
-        // 2. 校验跨租户访问权限
-        if (!isSuperAdmin && request.TenantId.HasValue && request.TenantId.Value != currentTenantId)
-        {
-            throw new BusinessException(ErrorCodes.Forbidden, "禁止跨租户更新用户");
-        }
-
-        // 3. 获取用户实体
+        // 2. (空行后) 获取用户实体
         var user = await identityUserRepository.GetForUpdateAsync(request.UserId, cancellationToken);
         if (user == null)
         {
             return null;
         }
 
-        if (!isSuperAdmin && user.TenantId != currentTenantId)
-        {
-            return null;
-        }
-
-        // 4. 规范化输入并校验唯一性
+        // 3. (空行后) 规范化输入并校验唯一性
         var portal = user.Portal;
         var tenantId = user.TenantId;
         if (portal == PortalType.Tenant && (!tenantId.HasValue || tenantId.Value == 0))
@@ -93,14 +78,14 @@ public sealed class UpdateIdentityUserCommandHandler(
             }
         }
 
-        // 5. 更新用户字段
+        // 4. 更新用户字段
         user.DisplayName = displayName;
         user.Phone = phone;
         user.Email = email;
         user.Avatar = string.IsNullOrWhiteSpace(request.Avatar) ? null : request.Avatar.Trim();
         user.RowVersion = request.RowVersion;
 
-        // 6. 构建操作日志消息
+        // 5. 构建操作日志消息
         var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
             ? operatorProfile.Account
             : operatorProfile.DisplayName;
@@ -128,7 +113,7 @@ public sealed class UpdateIdentityUserCommandHandler(
             Success = true
         };
 
-        // 7. 持久化用户更新并写入 Outbox
+        // 6. 持久化用户更新并写入 Outbox
         try
         {
             await operationLogPublisher.PublishAsync(logMessage, cancellationToken);
@@ -139,13 +124,13 @@ public sealed class UpdateIdentityUserCommandHandler(
             throw new BusinessException(ErrorCodes.Conflict, "用户数据已被修改，请刷新后重试");
         }
 
-        // 8. 覆盖角色绑定（仅当显式传入时）
+        // 7. 覆盖角色绑定（仅当显式传入时）
         if (roleIds != null)
         {
             await userRoleRepository.ReplaceUserRolesAsync(portal, tenantId, user.Id, roleIds, cancellationToken);
         }
 
-        // 9. 返回用户详情
+        // 8. 返回用户详情
         return await mediator.Send(new GetIdentityUserDetailQuery { UserId = user.Id }, cancellationToken);
     }