feat: 新增RBAC角色模板复制与初始化

2025-12-03 19:55:25 +08:00
parent 0c329669a9
commit ea33e6fefe
23 changed files with 1054 additions and 2 deletions
--- a/src/Application/TakeoutSaaS.Application/Identity/Handlers/CopyRoleTemplateCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/Identity/Handlers/CopyRoleTemplateCommandHandler.cs
@@ -0,0 +1,131 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using MediatR;
+using TakeoutSaaS.Application.Identity.Abstractions;
+using TakeoutSaaS.Application.Identity.Commands;
+using TakeoutSaaS.Application.Identity.Contracts;
+using TakeoutSaaS.Domain.Identity.Entities;
+using TakeoutSaaS.Domain.Identity.Repositories;
+using TakeoutSaaS.Shared.Abstractions.Constants;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
+using TakeoutSaaS.Shared.Abstractions.Tenancy;
+
+namespace TakeoutSaaS.Application.Identity.Handlers;
+
+/// <summary>
+/// 角色模板复制处理器。
+/// </summary>
+public sealed class CopyRoleTemplateCommandHandler(
+    IRoleTemplateProvider roleTemplateProvider,
+    IRoleRepository roleRepository,
+    IPermissionRepository permissionRepository,
+    IRolePermissionRepository rolePermissionRepository,
+    ITenantProvider tenantProvider)
+    : IRequestHandler<CopyRoleTemplateCommand, RoleDto>
+{
+    /// <inheritdoc />
+    public async Task<RoleDto> Handle(CopyRoleTemplateCommand request, CancellationToken cancellationToken)
+    {
+        var template = roleTemplateProvider.FindByCode(request.TemplateCode)
+            ?? throw new BusinessException(ErrorCodes.NotFound, $"角色模板 {request.TemplateCode} 不存在");
+
+        var tenantId = tenantProvider.GetCurrentTenantId();
+        var roleCode = string.IsNullOrWhiteSpace(request.RoleCode) ? template.TemplateCode : request.RoleCode.Trim();
+        var roleName = string.IsNullOrWhiteSpace(request.RoleName) ? template.Name : request.RoleName.Trim();
+        var roleDescription = request.Description ?? template.Description;
+
+        // 1. 准备或更新角色主体（幂等创建）。
+        var role = await roleRepository.FindByCodeAsync(roleCode, tenantId, cancellationToken);
+        if (role is null)
+        {
+            role = new Role
+            {
+                TenantId = tenantId,
+                Name = roleName,
+                Code = roleCode,
+                Description = roleDescription
+            };
+            await roleRepository.AddAsync(role, cancellationToken);
+        }
+        else
+        {
+            if (!string.IsNullOrWhiteSpace(request.RoleName))
+            {
+                role.Name = roleName;
+            }
+
+            if (request.Description is not null)
+            {
+                role.Description = roleDescription;
+            }
+
+            await roleRepository.UpdateAsync(role, cancellationToken);
+        }
+
+        // 2. 确保模板权限全部存在，不存在则按模板定义创建。
+        var targetPermissionCodes = template.Permissions
+            .Select(permission => permission.Code)
+            .Where(code => !string.IsNullOrWhiteSpace(code))
+            .Distinct(StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+        var existingPermissions = await permissionRepository.GetByCodesAsync(tenantId, targetPermissionCodes, cancellationToken);
+        var permissionMap = existingPermissions.ToDictionary(x => x.Code, StringComparer.OrdinalIgnoreCase);
+
+        foreach (var permissionDefinition in template.Permissions)
+        {
+            if (permissionMap.ContainsKey(permissionDefinition.Code))
+            {
+                continue;
+            }
+
+            var permission = new Permission
+            {
+                TenantId = tenantId,
+                Name = permissionDefinition.Name,
+                Code = permissionDefinition.Code,
+                Description = permissionDefinition.Description
+            };
+
+            await permissionRepository.AddAsync(permission, cancellationToken);
+            permissionMap[permissionDefinition.Code] = permission;
+        }
+
+        await roleRepository.SaveChangesAsync(cancellationToken);
+
+        // 3. 绑定缺失的权限，保留租户自定义的已有授权。
+        var rolePermissions = await rolePermissionRepository.GetByRoleIdsAsync(tenantId, new[] { role.Id }, cancellationToken);
+        var existingPermissionIds = rolePermissions
+            .Select(x => x.PermissionId)
+            .ToHashSet();
+
+        var targetPermissionIds = targetPermissionCodes
+            .Select(code => permissionMap[code].Id)
+            .ToHashSet();
+
+        var toAdd = targetPermissionIds.Except(existingPermissionIds).ToArray();
+        if (toAdd.Length > 0)
+        {
+            var relations = toAdd.Select(permissionId => new RolePermission
+            {
+                TenantId = tenantId,
+                RoleId = role.Id,
+                PermissionId = permissionId
+            });
+
+            await rolePermissionRepository.AddRangeAsync(relations, cancellationToken);
+        }
+
+        await rolePermissionRepository.SaveChangesAsync(cancellationToken);
+
+        return new RoleDto
+        {
+            Id = role.Id,
+            TenantId = role.TenantId,
+            Name = role.Name,
+            Code = role.Code,
+            Description = role.Description
+        };
+    }
+}