feat: 增加角色/权限管理 API 与应用层命令

src/Api/TakeoutSaaS.AdminApi/Controllers/PermissionsController.cs

@@ -0,0 +1,78 @@
+using System.ComponentModel.DataAnnotations;
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using TakeoutSaaS.Application.Identity.Commands;
+using TakeoutSaaS.Application.Identity.Contracts;
+using TakeoutSaaS.Application.Identity.Queries;
+using TakeoutSaaS.Module.Authorization.Attributes;
+using TakeoutSaaS.Shared.Abstractions.Results;
+using TakeoutSaaS.Shared.Web.Api;
+
+namespace TakeoutSaaS.AdminApi.Controllers;
+
+/// <summary>
+/// 权限管理。
+/// </summary>
+[ApiVersion("1.0")]
+[Authorize]
+[Route("api/admin/v{version:apiVersion}/permissions")]
+public sealed class PermissionsController(IMediator mediator) : BaseApiController
+{
+    /// <summary>
+    /// 分页查询权限。
+    /// </summary>
+    /// <remarks>
+    /// 示例：GET /api/admin/v1/permissions?keyword=order&amp;page=1&amp;pageSize=20
+    /// </remarks>
+    [HttpGet]
+    [PermissionAuthorize("identity:permission:read")]
+    [ProducesResponseType(typeof(ApiResponse<PagedResult<PermissionDto>>), StatusCodes.Status200OK)]
+    public async Task<ApiResponse<PagedResult<PermissionDto>>> Search([FromQuery] SearchPermissionsQuery query, CancellationToken cancellationToken)
+    {
+        var result = await mediator.Send(query, cancellationToken);
+        return ApiResponse<PagedResult<PermissionDto>>.Ok(result);
+    }
+
+    /// <summary>
+    /// 创建权限。
+    /// </summary>
+    [HttpPost]
+    [PermissionAuthorize("identity:permission:create")]
+    [ProducesResponseType(typeof(ApiResponse<PermissionDto>), StatusCodes.Status200OK)]
+    public async Task<ApiResponse<PermissionDto>> Create([FromBody, Required] CreatePermissionCommand command, CancellationToken cancellationToken)
+    {
+        var result = await mediator.Send(command, cancellationToken);
+        return ApiResponse<PermissionDto>.Ok(result);
+    }
+
+    /// <summary>
+    /// 更新权限。
+    /// </summary>
+    [HttpPut("{permissionId:long}")]
+    [PermissionAuthorize("identity:permission:update")]
+    [ProducesResponseType(typeof(ApiResponse<PermissionDto>), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(ApiResponse<PermissionDto>), StatusCodes.Status404NotFound)]
+    public async Task<ApiResponse<PermissionDto>> Update(long permissionId, [FromBody, Required] UpdatePermissionCommand command, CancellationToken cancellationToken)
+    {
+        command = command with { PermissionId = permissionId };
+        var result = await mediator.Send(command, cancellationToken);
+        return result is null
+            ? ApiResponse<PermissionDto>.Error(StatusCodes.Status404NotFound, "权限不存在")
+            : ApiResponse<PermissionDto>.Ok(result);
+    }
+
+    /// <summary>
+    /// 删除权限。
+    /// </summary>
+    [HttpDelete("{permissionId:long}")]
+    [PermissionAuthorize("identity:permission:delete")]
+    [ProducesResponseType(typeof(ApiResponse<bool>), StatusCodes.Status200OK)]
+    public async Task<ApiResponse<bool>> Delete(long permissionId, CancellationToken cancellationToken)
+    {
+        var command = new DeletePermissionCommand { PermissionId = permissionId };
+        var result = await mediator.Send(command, cancellationToken);
+        return ApiResponse<bool>.Ok(result);
+    }
+}