feat: 重构 RBAC1 角色权限模型

src/Application/TakeoutSaaS.Application/Identity/Handlers/SearchUserPermissionsQueryHandler.cs

@@ -1,3 +1,5 @@
+using System;
+using System.Collections.Generic;
 using System.Linq;
 using MediatR;
 using TakeoutSaaS.Application.Identity.Contracts;
@@ -13,10 +15,18 @@ namespace TakeoutSaaS.Application.Identity.Handlers;
 /// </summary>
 public sealed class SearchUserPermissionsQueryHandler(
     IIdentityUserRepository identityUserRepository,
+    IUserRoleRepository userRoleRepository,
+    IRoleRepository roleRepository,
+    IPermissionRepository permissionRepository,
+    IRolePermissionRepository rolePermissionRepository,
     ITenantProvider tenantProvider)
     : IRequestHandler<SearchUserPermissionsQuery, PagedResult<UserPermissionDto>>
 {
     private readonly IIdentityUserRepository _identityUserRepository = identityUserRepository;
+    private readonly IUserRoleRepository _userRoleRepository = userRoleRepository;
+    private readonly IRoleRepository _roleRepository = roleRepository;
+    private readonly IPermissionRepository _permissionRepository = permissionRepository;
+    private readonly IRolePermissionRepository _rolePermissionRepository = rolePermissionRepository;
     private readonly ITenantProvider _tenantProvider = tenantProvider;
 
     /// <inheritdoc />
@@ -31,6 +41,7 @@ public sealed class SearchUserPermissionsQueryHandler(
             .Take(request.PageSize)
             .ToList();
 
+        var resolved = await ResolveRolesAndPermissionsAsync(tenantId, paged, cancellationToken);
         var items = paged.Select(user => new UserPermissionDto
         {
             UserId = user.Id,
@@ -38,8 +49,8 @@ public sealed class SearchUserPermissionsQueryHandler(
             MerchantId = user.MerchantId,
             Account = user.Account,
             DisplayName = user.DisplayName,
-            Roles = user.Roles,
-            Permissions = user.Permissions,
+            Roles = resolved[user.Id].roles,
+            Permissions = resolved[user.Id].permissions,
             CreatedAt = user.CreatedAt
         }).ToList();
 
@@ -64,4 +75,57 @@ public sealed class SearchUserPermissionsQueryHandler(
                 : users.OrderBy(x => x.CreatedAt)
         };
     }
+
+    private async Task<Dictionary<long, (string[] roles, string[] permissions)>> ResolveRolesAndPermissionsAsync(
+        long tenantId,
+        IReadOnlyCollection<Domain.Identity.Entities.IdentityUser> users,
+        CancellationToken cancellationToken)
+    {
+        var userIds = users.Select(x => x.Id).ToArray();
+        var userRoleRelations = await _userRoleRepository.GetByUserIdsAsync(tenantId, userIds, cancellationToken);
+        var roleIds = userRoleRelations.Select(x => x.RoleId).Distinct().ToArray();
+
+        var roles = roleIds.Length == 0
+            ? Array.Empty<Domain.Identity.Entities.Role>()
+            : await _roleRepository.GetByIdsAsync(tenantId, roleIds, cancellationToken);
+        var roleCodeMap = roles.ToDictionary(r => r.Id, r => r.Code, comparer: EqualityComparer<long>.Default);
+
+        var rolePermissions = roleIds.Length == 0
+            ? Array.Empty<Domain.Identity.Entities.RolePermission>()
+            : await _rolePermissionRepository.GetByRoleIdsAsync(tenantId, roleIds, cancellationToken);
+        var permissionIds = rolePermissions.Select(x => x.PermissionId).Distinct().ToArray();
+
+        var permissions = permissionIds.Length == 0
+            ? Array.Empty<Domain.Identity.Entities.Permission>()
+            : await _permissionRepository.GetByIdsAsync(tenantId, permissionIds, cancellationToken);
+        var permissionCodeMap = permissions.ToDictionary(p => p.Id, p => p.Code, comparer: EqualityComparer<long>.Default);
+
+        var rolePermissionsLookup = rolePermissions
+            .GroupBy(rp => rp.RoleId)
+            .ToDictionary(g => g.Key, g => g.Select(rp => rp.PermissionId).ToArray(), comparer: EqualityComparer<long>.Default);
+
+        var result = new Dictionary<long, (string[] roles, string[] permissions)>();
+        foreach (var userId in userIds)
+        {
+            var rolesForUser = userRoleRelations.Where(ur => ur.UserId == userId).Select(ur => ur.RoleId).Distinct().ToArray();
+            var roleCodes = rolesForUser
+                .Select(rid => roleCodeMap.GetValueOrDefault(rid))
+                .Where(c => !string.IsNullOrWhiteSpace(c))
+                .Select(c => c!)
+                .Distinct(StringComparer.OrdinalIgnoreCase)
+                .ToArray();
+
+            var permissionCodes = rolesForUser
+                .SelectMany(rid => rolePermissionsLookup.GetValueOrDefault(rid) ?? Array.Empty<long>())
+                .Select(pid => permissionCodeMap.GetValueOrDefault(pid))
+                .Where(code => !string.IsNullOrWhiteSpace(code))
+                .Select(code => code!)
+                .Distinct(StringComparer.OrdinalIgnoreCase)
+                .ToArray();
+
+            result[userId] = (roleCodes, permissionCodes);
+        }
+
+        return result;
+    }
 }