From d34f92ea1d4a56dcc14379987a7d14a6ec60a891 Mon Sep 17 00:00:00 2001
From: MSuMshk <2039814060@qq.com>
Date: Fri, 5 Dec 2025 23:11:03 +0800
Subject: [PATCH] fix: allow platform root tenant to manage all tenant roles

---
 .../Controllers/TenantRolesController.cs      | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantRolesController.cs b/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantRolesController.cs
index d8f1604..f932a35 100644
--- a/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantRolesController.cs
+++ b/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantRolesController.cs
@@ -20,6 +20,8 @@ namespace TakeoutSaaS.AdminApi.Controllers;
 [Route("api/admin/v{version:apiVersion}/tenants/{tenantId:long}/roles")]
 public sealed class TenantRolesController(IMediator mediator, ITenantProvider tenantProvider) : BaseApiController
 {
+    private const long PlatformRootTenantId = 1000000000001;
+
     /// <summary>
     /// 租户角色分页。
     /// </summary>
@@ -31,9 +33,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
         [FromQuery] SearchRolesQuery query,
         CancellationToken cancellationToken)
     {
-        // 1. 校验路由租户与上下文一致（超管 tenantId=0 放行）
+        // 1. 校验路由租户与上下文一致（超管租户 1000000000001 放行）
         var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
         {
             return ApiResponse<PagedResult<RoleDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
         }
@@ -63,9 +65,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
     [ProducesResponseType(typeof(ApiResponse<RoleDetailDto>), StatusCodes.Status404NotFound)]
     public async Task<ApiResponse<RoleDetailDto>> Detail(long tenantId, long roleId, CancellationToken cancellationToken)
     {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
         var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
         {
             return ApiResponse<RoleDetailDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
         }
@@ -90,9 +92,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
         [FromBody, Required] CreateRoleCommand command,
         CancellationToken cancellationToken)
     {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
         var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
         {
             return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
         }
@@ -117,9 +119,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
         [FromBody, Required] UpdateRoleCommand command,
         CancellationToken cancellationToken)
     {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
         var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
         {
             return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
         }
@@ -144,9 +146,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
     [ProducesResponseType(typeof(ApiResponse<bool>), StatusCodes.Status200OK)]
     public async Task<ApiResponse<bool>> Delete(long tenantId, long roleId, CancellationToken cancellationToken)
     {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
         var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
         {
             return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
         }
@@ -171,9 +173,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
         long roleId,
         CancellationToken cancellationToken)
     {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
         var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
         {
             return ApiResponse<IReadOnlyList<PermissionDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
         }
@@ -201,9 +203,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
         [FromBody, Required] BindRolePermissionsCommand command,
         CancellationToken cancellationToken)
     {
-        // 1. 校验租户上下文（超管 tenantId=0 放行）
+        // 1. 校验租户上下文（超管租户 1000000000001 放行）
         var currentTenantId = tenantProvider.GetCurrentTenantId();
-        if (currentTenantId != 0 && tenantId != currentTenantId)
+        if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
         {
             return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
         }