feat: 增加角色/权限管理 API 与应用层命令

src/Api/TakeoutSaaS.AdminApi/Controllers/RolesController.cs

@@ -0,0 +1,93 @@
+using System.ComponentModel.DataAnnotations;
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using TakeoutSaaS.Application.Identity.Commands;
+using TakeoutSaaS.Application.Identity.Contracts;
+using TakeoutSaaS.Application.Identity.Queries;
+using TakeoutSaaS.Module.Authorization.Attributes;
+using TakeoutSaaS.Shared.Abstractions.Results;
+using TakeoutSaaS.Shared.Web.Api;
+
+namespace TakeoutSaaS.AdminApi.Controllers;
+
+/// <summary>
+/// 角色管理。
+/// </summary>
+[ApiVersion("1.0")]
+[Authorize]
+[Route("api/admin/v{version:apiVersion}/roles")]
+public sealed class RolesController(IMediator mediator) : BaseApiController
+{
+    /// <summary>
+    /// 分页查询角色。
+    /// </summary>
+    /// <remarks>
+    /// 示例：
+    /// GET /api/admin/v1/roles?keyword=ops&amp;page=1&amp;pageSize=20
+    /// Header: Authorization: Bearer &lt;JWT&gt; + X-Tenant-Id
+    /// </remarks>
+    [HttpGet]
+    [PermissionAuthorize("identity:role:read")]
+    [ProducesResponseType(typeof(ApiResponse<PagedResult<RoleDto>>), StatusCodes.Status200OK)]
+    public async Task<ApiResponse<PagedResult<RoleDto>>> Search([FromQuery] SearchRolesQuery query, CancellationToken cancellationToken)
+    {
+        var result = await mediator.Send(query, cancellationToken);
+        return ApiResponse<PagedResult<RoleDto>>.Ok(result);
+    }
+
+    /// <summary>
+    /// 创建角色。
+    /// </summary>
+    [HttpPost]
+    [PermissionAuthorize("identity:role:create")]
+    [ProducesResponseType(typeof(ApiResponse<RoleDto>), StatusCodes.Status200OK)]
+    public async Task<ApiResponse<RoleDto>> Create([FromBody, Required] CreateRoleCommand command, CancellationToken cancellationToken)
+    {
+        var result = await mediator.Send(command, cancellationToken);
+        return ApiResponse<RoleDto>.Ok(result);
+    }
+
+    /// <summary>
+    /// 更新角色。
+    /// </summary>
+    [HttpPut("{roleId:long}")]
+    [PermissionAuthorize("identity:role:update")]
+    [ProducesResponseType(typeof(ApiResponse<RoleDto>), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(ApiResponse<RoleDto>), StatusCodes.Status404NotFound)]
+    public async Task<ApiResponse<RoleDto>> Update(long roleId, [FromBody, Required] UpdateRoleCommand command, CancellationToken cancellationToken)
+    {
+        command = command with { RoleId = roleId };
+        var result = await mediator.Send(command, cancellationToken);
+        return result is null
+            ? ApiResponse<RoleDto>.Error(StatusCodes.Status404NotFound, "角色不存在")
+            : ApiResponse<RoleDto>.Ok(result);
+    }
+
+    /// <summary>
+    /// 删除角色。
+    /// </summary>
+    [HttpDelete("{roleId:long}")]
+    [PermissionAuthorize("identity:role:delete")]
+    [ProducesResponseType(typeof(ApiResponse<bool>), StatusCodes.Status200OK)]
+    public async Task<ApiResponse<bool>> Delete(long roleId, CancellationToken cancellationToken)
+    {
+        var command = new DeleteRoleCommand { RoleId = roleId };
+        var result = await mediator.Send(command, cancellationToken);
+        return ApiResponse<bool>.Ok(result);
+    }
+
+    /// <summary>
+    /// 绑定角色权限（覆盖式）。
+    /// </summary>
+    [HttpPut("{roleId:long}/permissions")]
+    [PermissionAuthorize("identity:role:bind-permission")]
+    [ProducesResponseType(typeof(ApiResponse<bool>), StatusCodes.Status200OK)]
+    public async Task<ApiResponse<bool>> BindPermissions(long roleId, [FromBody, Required] BindRolePermissionsCommand command, CancellationToken cancellationToken)
+    {
+        command = command with { RoleId = roleId };
+        var result = await mediator.Send(command, cancellationToken);
+        return ApiResponse<bool>.Ok(result);
+    }
+}