feat: 新增租户管理端 TenantApi 并移除旧 API

src/Application/TakeoutSaaS.Application/App/Subscriptions/SubscriptionTenantAccess.cs

@@ -1,13 +1,9 @@
 using Microsoft.AspNetCore.Http;
-using System.Security.Claims;
 
 namespace TakeoutSaaS.Application.App.Subscriptions;
 
 internal static class SubscriptionTenantAccess
 {
-    private const string PermissionClaimType = "permission";
-    private const string PlatformAdminRole = "PlatformAdmin";
-
     public static bool ShouldIgnoreTenantFilter(IHttpContextAccessor httpContextAccessor)
     {
         var httpContext = httpContextAccessor.HttpContext;
@@ -16,24 +12,7 @@ internal static class SubscriptionTenantAccess
             // Background jobs / out-of-request execution should process across tenants.
             return true;
         }
-
-        var user = httpContext.User;
-        if (user?.Identity?.IsAuthenticated != true)
-        {
-            return false;
-        }
-
-        if (user.IsInRole(PlatformAdminRole))
-        {
-            return true;
-        }
-
-        var permissions = user.FindAll(PermissionClaimType)
-            .Select(c => c.Value?.Trim())
-            .Where(v => !string.IsNullOrWhiteSpace(v))
-            .ToHashSet(StringComparer.OrdinalIgnoreCase);
-
-        // Platform-level tenant permissions imply cross-tenant visibility.
-        return permissions.Contains("tenant:read");
+        // (空行后) 请求上下文下强制不允许跨租户
+        return false;
     }
 }