refactor: 管理端去租户过滤并Portal化RBAC菜单

src/Application/TakeoutSaaS.Application/Identity/Handlers/CopyRoleTemplateCommandHandler.cs

@@ -2,6 +2,7 @@ using MediatR;
 using TakeoutSaaS.Application.Identity.Commands;
 using TakeoutSaaS.Application.Identity.Contracts;
 using TakeoutSaaS.Domain.Identity.Entities;
+using TakeoutSaaS.Domain.Identity.Enums;
 using TakeoutSaaS.Domain.Identity.Repositories;
 using TakeoutSaaS.Shared.Abstractions.Constants;
 using TakeoutSaaS.Shared.Abstractions.Exceptions;
@@ -36,16 +37,20 @@ public sealed class CopyRoleTemplateCommandHandler(
 
         // 2. 计算角色名称/编码与描述
         var tenantId = tenantProvider.GetCurrentTenantId();
+        
+        // 3. 固定复制为租户侧角色
+        var portal = PortalType.Tenant;
         var roleCode = string.IsNullOrWhiteSpace(request.RoleCode) ? template.TemplateCode : request.RoleCode.Trim();
         var roleName = string.IsNullOrWhiteSpace(request.RoleName) ? template.Name : request.RoleName.Trim();
         var roleDescription = request.Description ?? template.Description;
 
-        // 1. 准备或更新角色主体（幂等创建）。
-        var role = await roleRepository.FindByCodeAsync(roleCode, tenantId, cancellationToken);
+        // 4. 准备或更新角色主体（幂等创建）。
+        var role = await roleRepository.FindByCodeAsync(portal, tenantId, roleCode, cancellationToken);
         if (role is null)
         {
             role = new Role
             {
+                Portal = portal,
                 TenantId = tenantId,
                 Name = roleName,
                 Code = roleCode,
@@ -68,8 +73,8 @@ public sealed class CopyRoleTemplateCommandHandler(
             await roleRepository.UpdateAsync(role, cancellationToken);
         }
 
-        // 3. 确保模板权限全部存在，不存在则按模板定义创建。
-        var existingPermissions = await permissionRepository.GetByCodesAsync(tenantId, permissionCodes, cancellationToken);
+        // 5. 确保模板权限全部存在，不存在则按模板定义创建。
+        var existingPermissions = await permissionRepository.GetByCodesAsync(permissionCodes, cancellationToken);
         var permissionMap = existingPermissions.ToDictionary(x => x.Code, StringComparer.OrdinalIgnoreCase);
 
         foreach (var code in permissionCodes)
@@ -81,7 +86,6 @@ public sealed class CopyRoleTemplateCommandHandler(
 
             var permission = new Permission
             {
-                TenantId = tenantId,
                 Name = code,
                 Code = code,
                 Description = code
@@ -93,8 +97,8 @@ public sealed class CopyRoleTemplateCommandHandler(
 
         await roleRepository.SaveChangesAsync(cancellationToken);
 
-        // 4. 绑定缺失的权限，保留租户自定义的已有授权。
-        var rolePermissions = await rolePermissionRepository.GetByRoleIdsAsync(tenantId, new[] { role.Id }, cancellationToken);
+        // 6. 绑定缺失的权限，保留租户自定义的已有授权。
+        var rolePermissions = await rolePermissionRepository.GetByRoleIdsAsync(portal, tenantId, new[] { role.Id }, cancellationToken);
         var existingPermissionIds = rolePermissions
             .Select(x => x.PermissionId)
             .ToHashSet();
@@ -108,6 +112,7 @@ public sealed class CopyRoleTemplateCommandHandler(
         {
             var relations = toAdd.Select(permissionId => new RolePermission
             {
+                Portal = portal,
                 TenantId = tenantId,
                 RoleId = role.Id,
                 PermissionId = permissionId
@@ -121,6 +126,7 @@ public sealed class CopyRoleTemplateCommandHandler(
         return new RoleDto
         {
             Id = role.Id,
+            Portal = role.Portal,
             TenantId = role.TenantId,
             Name = role.Name,
             Code = role.Code,