fix: 权限固定为全局

src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfPermissionRepository.cs

@@ -20,7 +20,7 @@ public sealed class EfPermissionRepository(IdentityDbContext dbContext) : IPermi
         => dbContext.Permissions
             .IgnoreQueryFilters()
             .AsNoTracking()
-            .FirstOrDefaultAsync(x => x.Id == permissionId && x.TenantId == tenantId && x.DeletedAt == null, cancellationToken);
+            .FirstOrDefaultAsync(x => x.Id == permissionId && x.DeletedAt == null, cancellationToken);
 
     /// <summary>
     /// 根据权限编码获取权限。
@@ -33,7 +33,7 @@ public sealed class EfPermissionRepository(IdentityDbContext dbContext) : IPermi
         => dbContext.Permissions
             .IgnoreQueryFilters()
             .AsNoTracking()
-            .FirstOrDefaultAsync(x => x.Code == code && x.TenantId == tenantId && x.DeletedAt == null, cancellationToken);
+            .FirstOrDefaultAsync(x => x.Code == code && x.DeletedAt == null, cancellationToken);
 
     /// <summary>
     /// 根据权限编码集合批量获取权限。
@@ -51,11 +51,11 @@ public sealed class EfPermissionRepository(IdentityDbContext dbContext) : IPermi
             .Distinct()
             .ToArray();
 
-        // 2. 按租户筛选权限
+        // 2. 读取全局权限（已固定）
         return dbContext.Permissions
             .IgnoreQueryFilters()
             .AsNoTracking()
-            .Where(x => x.TenantId == tenantId && x.DeletedAt == null && normalizedCodes.Contains(x.Code))
+            .Where(x => x.DeletedAt == null && normalizedCodes.Contains(x.Code))
             .ToListAsync(cancellationToken)
             .ContinueWith(t => (IReadOnlyList<Permission>)t.Result, cancellationToken);
     }
@@ -71,7 +71,7 @@ public sealed class EfPermissionRepository(IdentityDbContext dbContext) : IPermi
         => dbContext.Permissions
             .IgnoreQueryFilters()
             .AsNoTracking()
-            .Where(x => x.TenantId == tenantId && x.DeletedAt == null && permissionIds.Contains(x.Id))
+            .Where(x => x.DeletedAt == null && permissionIds.Contains(x.Id))
             .ToListAsync(cancellationToken)
             .ContinueWith(t => (IReadOnlyList<Permission>)t.Result, cancellationToken);
 
@@ -88,7 +88,7 @@ public sealed class EfPermissionRepository(IdentityDbContext dbContext) : IPermi
         var query = dbContext.Permissions
             .IgnoreQueryFilters()
             .AsNoTracking()
-            .Where(x => x.TenantId == tenantId && x.DeletedAt == null);
+            .Where(x => x.DeletedAt == null);
         if (!string.IsNullOrWhiteSpace(keyword))
         {
             // 2. 追加关键字过滤
@@ -139,7 +139,7 @@ public sealed class EfPermissionRepository(IdentityDbContext dbContext) : IPermi
     public async Task DeleteAsync(long permissionId, long tenantId, CancellationToken cancellationToken = default)
     {
         // 1. 查询目标权限
-        var entity = await dbContext.Permissions.FirstOrDefaultAsync(x => x.Id == permissionId && x.TenantId == tenantId, cancellationToken);
+        var entity = await dbContext.Permissions.FirstOrDefaultAsync(x => x.Id == permissionId, cancellationToken);
         if (entity != null)
         {
             // 2. 删除实体

src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/IdentityDataSeeder.cs

@@ -112,25 +112,21 @@ public sealed class IdentityDataSeeder(IServiceProvider serviceProvider, ILogger
                 });
             }
 
-            // 6.6 确保权限存在
+            // 6.6 读取全局权限定义（固定权限，不再按租户生成）
             var existingPermissions = await context.Permissions
-                .Where(p => p.TenantId == userOptions.TenantId && permissions.Contains(p.Code))
+                .IgnoreQueryFilters()
+                .AsNoTracking()
+                .Where(p => permissions.Contains(p.Code))
                 .ToListAsync(cancellationToken);
-            var existingPermissionCodes = existingPermissions.Select(p => p.Code).ToHashSet(StringComparer.OrdinalIgnoreCase);
-            foreach (var code in permissions)
+            var existingPermissionCodes = existingPermissions
+                .Select(p => p.Code)
+                .ToHashSet(StringComparer.OrdinalIgnoreCase);
+            var missingPermissionCodes = permissions
+                .Where(code => !existingPermissionCodes.Contains(code))
+                .ToArray();
+            if (missingPermissionCodes.Length > 0)
             {
-                if (existingPermissionCodes.Contains(code))
-                {
-                    continue;
-                }
-
-                context.Permissions.Add(new DomainPermission
-                {
-                    TenantId = userOptions.TenantId,
-                    Code = code,
-                    Name = code,
-                    Description = $"Seed permission {code}"
-                });
+                logger.LogWarning("发现未配置的全局权限编码，已忽略：{Codes}", string.Join(", ", missingPermissionCodes));
             }
 
             // 6.7 保存基础角色/权限
@@ -140,9 +136,7 @@ public sealed class IdentityDataSeeder(IServiceProvider serviceProvider, ILogger
             var roleEntities = await context.Roles
                 .Where(r => r.TenantId == userOptions.TenantId && roles.Contains(r.Code))
                 .ToListAsync(cancellationToken);
-            var permissionEntities = await context.Permissions
-                .Where(p => p.TenantId == userOptions.TenantId && permissions.Contains(p.Code))
-                .ToListAsync(cancellationToken);
+            var permissionEntities = existingPermissions;
 
             // 6.9 重置用户角色
             var existingUserRoles = await context.UserRoles