fix: allow platform root tenant to manage all tenant roles

2025-12-05 23:11:03 +08:00
parent d7772b0f8d
commit d34f92ea1d
1 changed files with 16 additions and 14 deletions
--- a/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantRolesController.cs
+++ b/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantRolesController.cs
@@ -20,6 +20,8 @@ namespace TakeoutSaaS.AdminApi.Controllers;
 [Route("api/admin/v{version:apiVersion}/tenants/{tenantId:long}/roles")]
 public sealed class TenantRolesController(IMediator mediator, ITenantProvider tenantProvider) : BaseApiController
 {
+    private const long PlatformRootTenantId = 1000000000001;
+
    /// <summary>
    /// 租户角色分页。
    /// </summary>
@@ -31,9 +33,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
        [FromQuery] SearchRolesQuery query,
        CancellationToken cancellationToken)
    {
-        // 1. 校验路由租户与上下文一致（超管 tenantId=0 放行）
+        // 1. 校验路由租户与上下文一致（超管租户 1000000000001 放行）
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
        {
            return ApiResponse<PagedResult<RoleDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
        }
@@ -63,9 +65,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
    [ProducesResponseType(typeof(ApiResponse<RoleDetailDto>), StatusCodes.Status404NotFound)]
    public async Task<ApiResponse<RoleDetailDto>> Detail(long tenantId, long roleId, CancellationToken cancellationToken)
    {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
        {
            return ApiResponse<RoleDetailDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
        }
@@ -90,9 +92,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
        [FromBody, Required] CreateRoleCommand command,
        CancellationToken cancellationToken)
    {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
        {
            return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
        }
@@ -117,9 +119,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
        [FromBody, Required] UpdateRoleCommand command,
        CancellationToken cancellationToken)
    {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
        {
            return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
        }
@@ -144,9 +146,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
    [ProducesResponseType(typeof(ApiResponse<bool>), StatusCodes.Status200OK)]
    public async Task<ApiResponse<bool>> Delete(long tenantId, long roleId, CancellationToken cancellationToken)
    {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
        {
            return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
        }
@@ -171,9 +173,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
        long roleId,
        CancellationToken cancellationToken)
    {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
        {
            return ApiResponse<IReadOnlyList<PermissionDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
        }
@@ -201,9 +203,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
        [FromBody, Required] BindRolePermissionsCommand command,
        CancellationToken cancellationToken)
    {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
        {
            return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
        }