refactor: 移除门店跨租户访问入口

2026-01-29 14:50:49 +00:00
parent 52fb4fde72
commit f9053356c2
25 changed files with 98 additions and 282 deletions
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/BatchUpdateBusinessHoursCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/BatchUpdateBusinessHoursCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -19,7 +18,6 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class BatchUpdateBusinessHoursCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<BatchUpdateBusinessHoursCommandHandler> logger)
    : IRequestHandler<BatchUpdateBusinessHoursCommand, IReadOnlyList<StoreBusinessHourDto>>
 {
@@ -27,8 +25,7 @@ public sealed class BatchUpdateBusinessHoursCommandHandler(
    public async Task<IReadOnlyList<StoreBusinessHourDto>> Handle(BatchUpdateBusinessHoursCommand request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CalculateStoreFeeQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CalculateStoreFeeQueryHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Application.App.Stores.Services;
@@ -18,7 +17,6 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class CalculateStoreFeeQueryHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    IStoreFeeCalculationService feeCalculationService)
    : IRequestHandler<CalculateStoreFeeQuery, StoreFeeCalculationResultDto>
 {
@@ -26,8 +24,7 @@ public sealed class CalculateStoreFeeQueryHandler(
    public async Task<StoreFeeCalculationResultDto> Handle(CalculateStoreFeeQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CheckStoreDeliveryZoneQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CheckStoreDeliveryZoneQueryHandler.cs
@@ -1,6 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
-using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Application.App.Stores.Services;
@@ -17,7 +15,6 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class CheckStoreDeliveryZoneQueryHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    IDeliveryZoneService deliveryZoneService)
    : IRequestHandler<CheckStoreDeliveryZoneQuery, StoreDeliveryCheckResultDto>
 {
@@ -25,8 +22,7 @@ public sealed class CheckStoreDeliveryZoneQueryHandler(
    public async Task<StoreDeliveryCheckResultDto> Handle(CheckStoreDeliveryZoneQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CheckStoreQualificationsQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CheckStoreQualificationsQueryHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Enums;
@@ -15,16 +14,14 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class CheckStoreQualificationsQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<CheckStoreQualificationsQuery, StoreQualificationCheckResultDto>
 {
    /// <inheritdoc />
    public async Task<StoreQualificationCheckResultDto> Handle(CheckStoreQualificationsQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -21,7 +20,6 @@ public sealed class CreateStoreCommandHandler(
    IStoreRepository storeRepository,
    IMerchantRepository merchantRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<CreateStoreCommandHandler> logger)
    : IRequestHandler<CreateStoreCommand, StoreDto>
 {
@@ -30,10 +28,7 @@ public sealed class CreateStoreCommandHandler(
    {
        // 1. 校验商户存在并解析租户
        var currentTenantId = tenantProvider.GetCurrentTenantId();
-        var allowCrossTenant = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var merchant = allowCrossTenant
-            ? await merchantRepository.FindByIdAsync(request.MerchantId, cancellationToken)
-            : await merchantRepository.FindByIdAsync(request.MerchantId, currentTenantId, cancellationToken);
+        var merchant = await merchantRepository.FindByIdAsync(request.MerchantId, currentTenantId, cancellationToken);
        if (merchant == null)
        {
            throw new BusinessException(ErrorCodes.NotFound, "商户不存在");
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreDeliveryZoneCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreDeliveryZoneCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -19,7 +18,6 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class CreateStoreDeliveryZoneCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    IGeoJsonValidationService geoJsonValidationService,
    ILogger<CreateStoreDeliveryZoneCommandHandler> logger)
    : IRequestHandler<CreateStoreDeliveryZoneCommand, StoreDeliveryZoneDto>
@@ -28,8 +26,7 @@ public sealed class CreateStoreDeliveryZoneCommandHandler(
    public async Task<StoreDeliveryZoneDto> Handle(CreateStoreDeliveryZoneCommand request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreHolidayCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/CreateStoreHolidayCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -19,21 +18,18 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class CreateStoreHolidayCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<CreateStoreHolidayCommandHandler> logger)
    : IRequestHandler<CreateStoreHolidayCommand, StoreHolidayDto>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
-    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;
    private readonly ILogger<CreateStoreHolidayCommandHandler> _logger = logger;

    /// <inheritdoc />
    public async Task<StoreHolidayDto> Handle(CreateStoreHolidayCommand request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
+        var tenantId = _tenantProvider.GetCurrentTenantId();
        var store = await _storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/DeleteStoreDeliveryZoneCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/DeleteStoreDeliveryZoneCommandHandler.cs
@@ -1,7 +1,5 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
-using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
 using TakeoutSaaS.Domain.Stores.Repositories;
 using TakeoutSaaS.Shared.Abstractions.Tenancy;
@@ -14,21 +12,18 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class DeleteStoreDeliveryZoneCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<DeleteStoreDeliveryZoneCommandHandler> logger)
    : IRequestHandler<DeleteStoreDeliveryZoneCommand, bool>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
-    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;
    private readonly ILogger<DeleteStoreDeliveryZoneCommandHandler> _logger = logger;

    /// <inheritdoc />
    public async Task<bool> Handle(DeleteStoreDeliveryZoneCommand request, CancellationToken cancellationToken)
    {
        // 1. 读取区域
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
+        var tenantId = _tenantProvider.GetCurrentTenantId();
        var existing = await _storeRepository.FindDeliveryZoneByIdAsync(request.DeliveryZoneId, tenantId, cancellationToken);
        if (existing is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/DeleteStoreHolidayCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/DeleteStoreHolidayCommandHandler.cs
@@ -1,7 +1,5 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
-using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
 using TakeoutSaaS.Domain.Stores.Repositories;
 using TakeoutSaaS.Shared.Abstractions.Tenancy;
@@ -14,21 +12,18 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class DeleteStoreHolidayCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<DeleteStoreHolidayCommandHandler> logger)
    : IRequestHandler<DeleteStoreHolidayCommand, bool>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
-    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;
    private readonly ILogger<DeleteStoreHolidayCommandHandler> _logger = logger;

    /// <inheritdoc />
    public async Task<bool> Handle(DeleteStoreHolidayCommand request, CancellationToken cancellationToken)
    {
        // 1. 读取配置
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
+        var tenantId = _tenantProvider.GetCurrentTenantId();
        var existing = await _storeRepository.FindHolidayByIdAsync(request.HolidayId, tenantId, cancellationToken);
        if (existing is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreByIdQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreByIdQueryHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
@@ -14,15 +13,13 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class GetStoreByIdQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<GetStoreByIdQuery, StoreDto?>
 {
    /// <inheritdoc />
    public async Task<StoreDto?> Handle(GetStoreByIdQuery request, CancellationToken cancellationToken)
    {
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        return store == null ? null : StoreMapping.ToDto(store);
    }
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreFeeQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/GetStoreFeeQueryHandler.cs
@@ -1,5 +1,5 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
+using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Entities;
@@ -15,16 +15,14 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class GetStoreFeeQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<GetStoreFeeQuery, StoreFeeDto?>
 {
    /// <inheritdoc />
    public async Task<StoreFeeDto?> Handle(GetStoreFeeQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListExpiringStoreQualificationsQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListExpiringStoreQualificationsQueryHandler.cs
@@ -6,6 +6,8 @@ using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Enums;
 using TakeoutSaaS.Shared.Abstractions.Constants;
 using TakeoutSaaS.Shared.Abstractions.Data;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
+using TakeoutSaaS.Shared.Abstractions.Tenancy;

 namespace TakeoutSaaS.Application.App.Stores.Handlers;

@@ -13,7 +15,8 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// 资质预警查询处理器。
 /// </summary>
 public sealed class ListExpiringStoreQualificationsQueryHandler(
-    IDapperExecutor dapperExecutor)
+    IDapperExecutor dapperExecutor,
+    ITenantProvider tenantProvider)
    : IRequestHandler<ListExpiringStoreQualificationsQuery, StoreQualificationAlertResultDto>
 {
    /// <inheritdoc />
@@ -33,21 +36,34 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
        var now = DateOnly.FromDateTime(DateTime.UtcNow);
        var expiringBefore = now.AddDays(daysThreshold);

-        // 2. (空行后) 执行查询
+        // 2. (空行后) 读取当前租户并校验跨租户
+        var currentTenantId = tenantProvider.GetCurrentTenantId();
+        if (currentTenantId <= 0)
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "缺少租户标识");
+        }
+
+        if (request.TenantId.HasValue && request.TenantId.Value != currentTenantId)
+        {
+            throw new BusinessException(ErrorCodes.Forbidden, "禁止跨租户查询资质预警");
+        }
+        var tenantId = currentTenantId;
+
+        // 3. (空行后) 执行查询
        return await dapperExecutor.QueryAsync(
            DatabaseConstants.AppDataSource,
            DatabaseConnectionRole.Read,
            async (connection, token) =>
            {
-                // 2.1 统计汇总
-                var summary = await ExecuteSummaryAsync(connection, now, expiringBefore, request.TenantId, token);
+                // 3.1 统计汇总
+                var summary = await ExecuteSummaryAsync(connection, now, expiringBefore, tenantId, token);

-                // 2.2 (空行后) 统计总数
+                // 3.2 (空行后) 统计总数
                var total = await ExecuteScalarIntAsync(
                    connection,
                    BuildCountSql(),
                    [
-                        ("tenantId", request.TenantId),
+                        ("tenantId", tenantId),
                        ("expiredOnly", request.Expired),
                        ("now", now),
                        ("expiringBefore", expiringBefore)
@@ -58,12 +74,12 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
                    return BuildResult([], page, pageSize, total, summary);
                }

-                // 2.3 (空行后) 查询列表
+                // 3.3 (空行后) 查询列表
                await using var listCommand = CreateCommand(
                    connection,
                    BuildListSql(),
                    [
-                        ("tenantId", request.TenantId),
+                        ("tenantId", tenantId),
                        ("expiredOnly", request.Expired),
                        ("now", now),
                        ("expiringBefore", expiringBefore),
@@ -77,7 +93,7 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
                    return BuildResult([], page, pageSize, total, summary);
                }

-                // 2.4 (空行后) 初始化字段序号
+                // 3.4 (空行后) 初始化字段序号
                var qualificationIdOrdinal = reader.GetOrdinal("QualificationId");
                var storeIdOrdinal = reader.GetOrdinal("StoreId");
                var storeNameOrdinal = reader.GetOrdinal("StoreName");
@@ -88,7 +104,7 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
                var expiresAtOrdinal = reader.GetOrdinal("ExpiresAt");
                var businessStatusOrdinal = reader.GetOrdinal("BusinessStatus");

-                // 2.5 (空行后) 读取并映射
+                // 3.5 (空行后) 读取并映射
                List<StoreQualificationAlertDto> items = [];
                while (await reader.ReadAsync(token))
                {
@@ -116,7 +132,7 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
                    });
                }

-                // 2.6 (空行后) 组装结果
+                // 3.6 (空行后) 组装结果
                return BuildResult(items, page, pageSize, total, summary);
            },
            cancellationToken);
@@ -148,7 +164,7 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
        IDbConnection connection,
        DateOnly now,
        DateOnly expiringBefore,
-        long? tenantId,
+        long tenantId,
        CancellationToken cancellationToken)
    {
        await using var command = CreateCommand(
@@ -186,7 +202,7 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
            join public.tenants t on t."Id" = s."TenantId" and t."DeletedAt" is null
            where q."DeletedAt" is null
              and q."ExpiresAt" is not null
-              and (@tenantId::bigint is null or s."TenantId" = @tenantId)
+              and s."TenantId" = @tenantId
              and (
                (@expiredOnly::boolean = true and q."ExpiresAt" < @now)
                or (@expiredOnly::boolean = false and q."ExpiresAt" <= @expiringBefore)
@@ -212,7 +228,7 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
            join public.tenants t on t."Id" = s."TenantId" and t."DeletedAt" is null
            where q."DeletedAt" is null
              and q."ExpiresAt" is not null
-              and (@tenantId::bigint is null or s."TenantId" = @tenantId)
+              and s."TenantId" = @tenantId
              and (
                (@expiredOnly::boolean = true and q."ExpiresAt" < @now)
                or (@expiredOnly::boolean = false and q."ExpiresAt" <= @expiringBefore)
@@ -234,7 +250,7 @@ public sealed class ListExpiringStoreQualificationsQueryHandler(
            join public.tenants t on t."Id" = s."TenantId" and t."DeletedAt" is null
            where q."DeletedAt" is null
              and q."ExpiresAt" is not null
-              and (@tenantId::bigint is null or s."TenantId" = @tenantId);
+              and s."TenantId" = @tenantId;
            """;
    }

--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreBusinessHoursQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreBusinessHoursQueryHandler.cs
@@ -1,6 +1,6 @@
 using System.Linq;
 using MediatR;
-using Microsoft.AspNetCore.Http;
+using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Repositories;
@@ -13,20 +13,17 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class ListStoreBusinessHoursQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<ListStoreBusinessHoursQuery, IReadOnlyList<StoreBusinessHourDto>>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
-    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;

    /// <inheritdoc />
    public async Task<IReadOnlyList<StoreBusinessHourDto>> Handle(ListStoreBusinessHoursQuery request, CancellationToken cancellationToken)
    {
        // 1. 查询时段列表
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
+        var tenantId = _tenantProvider.GetCurrentTenantId();
        var hours = await _storeRepository.GetBusinessHoursAsync(request.StoreId, tenantId, cancellationToken);

        // 2. 映射 DTO
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreDeliveryZonesQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreDeliveryZonesQueryHandler.cs
@@ -1,6 +1,6 @@
 using System.Linq;
 using MediatR;
-using Microsoft.AspNetCore.Http;
+using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Repositories;
@@ -13,20 +13,17 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class ListStoreDeliveryZonesQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<ListStoreDeliveryZonesQuery, IReadOnlyList<StoreDeliveryZoneDto>>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
-    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;

    /// <inheritdoc />
    public async Task<IReadOnlyList<StoreDeliveryZoneDto>> Handle(ListStoreDeliveryZonesQuery request, CancellationToken cancellationToken)
    {
        // 1. 查询配送区域
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
+        var tenantId = _tenantProvider.GetCurrentTenantId();
        var zones = await _storeRepository.GetDeliveryZonesAsync(request.StoreId, tenantId, cancellationToken);

        // 2. 映射 DTO
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreHolidaysQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreHolidaysQueryHandler.cs
@@ -1,6 +1,5 @@
 using System.Linq;
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
@@ -14,20 +13,17 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class ListStoreHolidaysQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<ListStoreHolidaysQuery, IReadOnlyList<StoreHolidayDto>>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
-    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;

    /// <inheritdoc />
    public async Task<IReadOnlyList<StoreHolidayDto>> Handle(ListStoreHolidaysQuery request, CancellationToken cancellationToken)
    {
        // 1. 查询节假日
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
+        var tenantId = _tenantProvider.GetCurrentTenantId();
        var holidays = await _storeRepository.GetHolidaysAsync(request.StoreId, tenantId, cancellationToken);

        // 2. 映射 DTO
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreQualificationsQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/ListStoreQualificationsQueryHandler.cs
@@ -1,5 +1,5 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
+using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
 using TakeoutSaaS.Domain.Stores.Repositories;
@@ -14,16 +14,14 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class ListStoreQualificationsQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<ListStoreQualificationsQuery, IReadOnlyList<StoreQualificationDto>>
 {
    /// <inheritdoc />
    public async Task<IReadOnlyList<StoreQualificationDto>> Handle(ListStoreQualificationsQuery request, CancellationToken cancellationToken)
    {
        // 1. 校验门店存在
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/SearchStoresQueryHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/SearchStoresQueryHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Dto;
 using TakeoutSaaS.Application.App.Stores.Queries;
@@ -14,15 +13,13 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 /// </summary>
 public sealed class SearchStoresQueryHandler(
    IStoreRepository storeRepository,
-    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor)
+    ITenantProvider tenantProvider)
    : IRequestHandler<SearchStoresQuery, PagedResult<StoreDto>>
 {
    /// <inheritdoc />
    public async Task<PagedResult<StoreDto>> Handle(SearchStoresQuery request, CancellationToken cancellationToken)
    {
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var stores = await storeRepository.SearchAsync(
            tenantId,
            request.MerchantId,
@@ -31,7 +28,6 @@ public sealed class SearchStoresQueryHandler(
            request.BusinessStatus,
            request.OwnershipType,
            request.Keyword,
-            ignoreTenantFilter,
            cancellationToken);

        var sorted = ApplySorting(stores, request.SortBy, request.SortDescending);
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -19,7 +18,6 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class UpdateStoreCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<UpdateStoreCommandHandler> logger)
    : IRequestHandler<UpdateStoreCommand, StoreDto?>
 {
@@ -27,8 +25,7 @@ public sealed class UpdateStoreCommandHandler(
    public async Task<StoreDto?> Handle(UpdateStoreCommand request, CancellationToken cancellationToken)
    {
        // 1. 读取门店
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var existing = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (existing == null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreDeliveryZoneCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreDeliveryZoneCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -19,7 +18,6 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class UpdateStoreDeliveryZoneCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    IGeoJsonValidationService geoJsonValidationService,
    ILogger<UpdateStoreDeliveryZoneCommandHandler> logger)
    : IRequestHandler<UpdateStoreDeliveryZoneCommand, StoreDeliveryZoneDto?>
@@ -28,8 +26,7 @@ public sealed class UpdateStoreDeliveryZoneCommandHandler(
    public async Task<StoreDeliveryZoneDto?> Handle(UpdateStoreDeliveryZoneCommand request, CancellationToken cancellationToken)
    {
        // 1. 读取区域
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var existing = await storeRepository.FindDeliveryZoneByIdAsync(request.DeliveryZoneId, tenantId, cancellationToken);
        if (existing is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreFeeCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreFeeCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -19,7 +18,6 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class UpdateStoreFeeCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<UpdateStoreFeeCommandHandler> logger)
    : IRequestHandler<UpdateStoreFeeCommand, StoreFeeDto>
 {
@@ -27,8 +25,7 @@ public sealed class UpdateStoreFeeCommandHandler(
    public async Task<StoreFeeDto> Handle(UpdateStoreFeeCommand request, CancellationToken cancellationToken)
    {
        // 1. 校验门店状态
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : tenantProvider.GetCurrentTenantId();
+        var tenantId = tenantProvider.GetCurrentTenantId();
        var store = await storeRepository.FindByIdAsync(request.StoreId, tenantId, cancellationToken);
        if (store is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreHolidayCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Handlers/UpdateStoreHolidayCommandHandler.cs
@@ -1,5 +1,4 @@
 using MediatR;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using TakeoutSaaS.Application.App.Stores;
 using TakeoutSaaS.Application.App.Stores.Commands;
@@ -19,21 +18,18 @@ namespace TakeoutSaaS.Application.App.Stores.Handlers;
 public sealed class UpdateStoreHolidayCommandHandler(
    IStoreRepository storeRepository,
    ITenantProvider tenantProvider,
-    IHttpContextAccessor httpContextAccessor,
    ILogger<UpdateStoreHolidayCommandHandler> logger)
    : IRequestHandler<UpdateStoreHolidayCommand, StoreHolidayDto?>
 {
    private readonly IStoreRepository _storeRepository = storeRepository;
    private readonly ITenantProvider _tenantProvider = tenantProvider;
-    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;
    private readonly ILogger<UpdateStoreHolidayCommandHandler> _logger = logger;

    /// <inheritdoc />
    public async Task<StoreHolidayDto?> Handle(UpdateStoreHolidayCommand request, CancellationToken cancellationToken)
    {
        // 1. 读取配置
-        var ignoreTenantFilter = StoreTenantAccess.ShouldIgnoreTenantFilter(_httpContextAccessor);
-        var tenantId = ignoreTenantFilter ? 0 : _tenantProvider.GetCurrentTenantId();
+        var tenantId = _tenantProvider.GetCurrentTenantId();
        var existing = await _storeRepository.FindHolidayByIdAsync(request.HolidayId, tenantId, cancellationToken);
        if (existing is null)
        {
--- a/src/Application/TakeoutSaaS.Application/App/Stores/Queries/ListExpiringStoreQualificationsQuery.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/Queries/ListExpiringStoreQualificationsQuery.cs
@@ -14,7 +14,7 @@ public sealed record ListExpiringStoreQualificationsQuery : IRequest<StoreQualif
    public int? DaysThreshold { get; init; }

    /// <summary>
-    /// 租户 ID（可选）。
+    /// 租户 ID（可选，默认当前租户；禁止跨租户）。
    /// </summary>
    public long? TenantId { get; init; }

--- a/src/Application/TakeoutSaaS.Application/App/Stores/StoreTenantAccess.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Stores/StoreTenantAccess.cs
@@ -1,12 +0,0 @@
-using Microsoft.AspNetCore.Http;
-
-namespace TakeoutSaaS.Application.App.Stores;
-
-internal static class StoreTenantAccess
-{
-    public static bool ShouldIgnoreTenantFilter(IHttpContextAccessor httpContextAccessor)
-    {
-        // 1. 租户管理端不允许跨租户访问门店数据
-        return false;
-    }
-}