refactor: 收紧角色与商户跨租户能力

src/Application/TakeoutSaaS.Application/Identity/Handlers/BindRolePermissionsCommandHandler.cs

@@ -1,6 +1,8 @@
 using MediatR;
 using TakeoutSaaS.Application.Identity.Commands;
 using TakeoutSaaS.Domain.Identity.Repositories;
+using TakeoutSaaS.Shared.Abstractions.Constants;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
 using TakeoutSaaS.Shared.Abstractions.Tenancy;
 
 namespace TakeoutSaaS.Application.Identity.Handlers;
@@ -22,9 +24,21 @@ public sealed class BindRolePermissionsCommandHandler(
     public async Task<bool> Handle(BindRolePermissionsCommand request, CancellationToken cancellationToken)
     {
         // 1. 获取租户上下文
-        var tenantId = request.TenantId ?? tenantProvider.GetCurrentTenantId();
+        var currentTenantId = tenantProvider.GetCurrentTenantId();
+        if (currentTenantId <= 0)
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "缺少租户标识");
+        }
+
+        // 2. (空行后) 禁止跨租户操作
+        if (request.TenantId.HasValue && request.TenantId.Value != currentTenantId)
+        {
+            throw new BusinessException(ErrorCodes.Forbidden, "禁止跨租户操作角色权限");
+        }
+
+        // 3. (空行后) 覆盖式绑定权限
+        var tenantId = currentTenantId;
 
-        // 2. 覆盖式绑定权限
         var distinctPermissionIds = request.PermissionIds
             .Where(id => id > 0)
             .Distinct()
@@ -33,7 +47,7 @@ public sealed class BindRolePermissionsCommandHandler(
         await rolePermissionRepository.ReplaceRolePermissionsAsync(tenantId, request.RoleId, distinctPermissionIds, cancellationToken);
         await rolePermissionRepository.SaveChangesAsync(cancellationToken);
 
-        // 3. 返回执行结果
+        // 4. (空行后) 返回执行结果
         return true;
     }
 }