fix: allow platform root tenant to manage all tenant roles
This commit is contained in:
@@ -20,6 +20,8 @@ namespace TakeoutSaaS.AdminApi.Controllers;
|
|||||||
[Route("api/admin/v{version:apiVersion}/tenants/{tenantId:long}/roles")]
|
[Route("api/admin/v{version:apiVersion}/tenants/{tenantId:long}/roles")]
|
||||||
public sealed class TenantRolesController(IMediator mediator, ITenantProvider tenantProvider) : BaseApiController
|
public sealed class TenantRolesController(IMediator mediator, ITenantProvider tenantProvider) : BaseApiController
|
||||||
{
|
{
|
||||||
|
private const long PlatformRootTenantId = 1000000000001;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// 租户角色分页。
|
/// 租户角色分页。
|
||||||
/// </summary>
|
/// </summary>
|
||||||
@@ -31,9 +33,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
|
|||||||
[FromQuery] SearchRolesQuery query,
|
[FromQuery] SearchRolesQuery query,
|
||||||
CancellationToken cancellationToken)
|
CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
// 1. 校验路由租户与上下文一致(超管 tenantId=0 放行)
|
// 1. 校验路由租户与上下文一致(超管租户 1000000000001 放行)
|
||||||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||||||
if (currentTenantId != 0 && tenantId != currentTenantId)
|
if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
|
||||||
{
|
{
|
||||||
return ApiResponse<PagedResult<RoleDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
return ApiResponse<PagedResult<RoleDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
||||||
}
|
}
|
||||||
@@ -63,9 +65,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
|
|||||||
[ProducesResponseType(typeof(ApiResponse<RoleDetailDto>), StatusCodes.Status404NotFound)]
|
[ProducesResponseType(typeof(ApiResponse<RoleDetailDto>), StatusCodes.Status404NotFound)]
|
||||||
public async Task<ApiResponse<RoleDetailDto>> Detail(long tenantId, long roleId, CancellationToken cancellationToken)
|
public async Task<ApiResponse<RoleDetailDto>> Detail(long tenantId, long roleId, CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
// 1. 校验租户上下文(超管 tenantId=0 放行)
|
// 1. 校验租户上下文(超管租户 1000000000001 放行)
|
||||||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||||||
if (currentTenantId != 0 && tenantId != currentTenantId)
|
if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
|
||||||
{
|
{
|
||||||
return ApiResponse<RoleDetailDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
return ApiResponse<RoleDetailDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
||||||
}
|
}
|
||||||
@@ -90,9 +92,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
|
|||||||
[FromBody, Required] CreateRoleCommand command,
|
[FromBody, Required] CreateRoleCommand command,
|
||||||
CancellationToken cancellationToken)
|
CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
// 1. 校验租户上下文(超管 tenantId=0 放行)
|
// 1. 校验租户上下文(超管租户 1000000000001 放行)
|
||||||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||||||
if (currentTenantId != 0 && tenantId != currentTenantId)
|
if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
|
||||||
{
|
{
|
||||||
return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
||||||
}
|
}
|
||||||
@@ -117,9 +119,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
|
|||||||
[FromBody, Required] UpdateRoleCommand command,
|
[FromBody, Required] UpdateRoleCommand command,
|
||||||
CancellationToken cancellationToken)
|
CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
// 1. 校验租户上下文(超管 tenantId=0 放行)
|
// 1. 校验租户上下文(超管租户 1000000000001 放行)
|
||||||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||||||
if (currentTenantId != 0 && tenantId != currentTenantId)
|
if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
|
||||||
{
|
{
|
||||||
return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
return ApiResponse<RoleDto>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
||||||
}
|
}
|
||||||
@@ -144,9 +146,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
|
|||||||
[ProducesResponseType(typeof(ApiResponse<bool>), StatusCodes.Status200OK)]
|
[ProducesResponseType(typeof(ApiResponse<bool>), StatusCodes.Status200OK)]
|
||||||
public async Task<ApiResponse<bool>> Delete(long tenantId, long roleId, CancellationToken cancellationToken)
|
public async Task<ApiResponse<bool>> Delete(long tenantId, long roleId, CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
// 1. 校验租户上下文(超管 tenantId=0 放行)
|
// 1. 校验租户上下文(超管租户 1000000000001 放行)
|
||||||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||||||
if (currentTenantId != 0 && tenantId != currentTenantId)
|
if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
|
||||||
{
|
{
|
||||||
return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
||||||
}
|
}
|
||||||
@@ -171,9 +173,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
|
|||||||
long roleId,
|
long roleId,
|
||||||
CancellationToken cancellationToken)
|
CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
// 1. 校验租户上下文(超管 tenantId=0 放行)
|
// 1. 校验租户上下文(超管租户 1000000000001 放行)
|
||||||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||||||
if (currentTenantId != 0 && tenantId != currentTenantId)
|
if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
|
||||||
{
|
{
|
||||||
return ApiResponse<IReadOnlyList<PermissionDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
return ApiResponse<IReadOnlyList<PermissionDto>>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
||||||
}
|
}
|
||||||
@@ -201,9 +203,9 @@ public sealed class TenantRolesController(IMediator mediator, ITenantProvider te
|
|||||||
[FromBody, Required] BindRolePermissionsCommand command,
|
[FromBody, Required] BindRolePermissionsCommand command,
|
||||||
CancellationToken cancellationToken)
|
CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
// 1. 校验租户上下文(超管 tenantId=0 放行)
|
// 1. 校验租户上下文(超管租户 1000000000001 放行)
|
||||||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||||||
if (currentTenantId != 0 && tenantId != currentTenantId)
|
if (currentTenantId != PlatformRootTenantId && tenantId != currentTenantId)
|
||||||
{
|
{
|
||||||
return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
return ApiResponse<bool>.Error(StatusCodes.Status400BadRequest, "租户上下文不一致");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user