msumshk/TakeoutSaaS.TenantApi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d1db9a11a0c6858d8381d91c24a7fbaf0d7931b
TakeoutSaaS.TenantApi/src/Application/TakeoutSaaS.Application/Identity/Handlers/BatchIdentityUserOperationCommandHandler.cs

320 lines
13 KiB
C#
Raw Blame History

using MediatR;
using System.Text.Json;
using TakeoutSaaS.Application.Identity.Abstractions;
using TakeoutSaaS.Application.Identity.Commands;
using TakeoutSaaS.Application.Identity.Contracts;
using TakeoutSaaS.Application.Identity.Events;
using TakeoutSaaS.Application.Identity.Models;
using TakeoutSaaS.Domain.Identity.Entities;
using TakeoutSaaS.Domain.Identity.Enums;
using TakeoutSaaS.Domain.Identity.Repositories;
using TakeoutSaaS.Shared.Abstractions.Constants;
using TakeoutSaaS.Shared.Abstractions.Exceptions;
using TakeoutSaaS.Shared.Abstractions.Security;
using TakeoutSaaS.Shared.Abstractions.Tenancy;
namespace TakeoutSaaS.Application.Identity.Handlers;
/// <summary>
/// 批量用户操作处理器。
/// </summary>
public sealed class BatchIdentityUserOperationCommandHandler(
IIdentityUserRepository identityUserRepository,
IUserRoleRepository userRoleRepository,
IRoleRepository roleRepository,
ITenantProvider tenantProvider,
ICurrentUserAccessor currentUserAccessor,
IAdminAuthService adminAuthService,
IIdentityOperationLogPublisher operationLogPublisher)
: IRequestHandler<BatchIdentityUserOperationCommand, BatchIdentityUserOperationResult>
{
/// <inheritdoc />
public async Task<BatchIdentityUserOperationResult> Handle(BatchIdentityUserOperationCommand request, CancellationToken cancellationToken)
{
// 1. 获取操作者档案并判断权限
var currentTenantId = tenantProvider.GetCurrentTenantId();
var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
var isSuperAdmin = IdentityUserAccess.IsSuperAdmin(operatorProfile);
// 2. (空行后) 校验跨租户访问权限
if (!isSuperAdmin && request.TenantId.HasValue && request.TenantId.Value != currentTenantId)
{
throw new BusinessException(ErrorCodes.Forbidden, "禁止跨租户批量操作用户");
}
if (isSuperAdmin && !request.TenantId.HasValue)
{
throw new BusinessException(ErrorCodes.BadRequest, "批量操作必须指定租户");
}
// 3. (空行后) 解析用户 ID 列表
var tenantId = request.TenantId ?? currentTenantId;
var userIds = ParseIds(request.UserIds, "用户");
if (userIds.Length == 0)
{
return new BatchIdentityUserOperationResult
{
SuccessCount = 0,
FailureCount = 0,
Failures = Array.Empty<BatchIdentityUserFailureItem>(),
ExportItems = Array.Empty<UserListItemDto>()
};
}
// 4. (空行后) 查询目标用户集合
var includeDeleted = request.Operation == IdentityUserBatchOperation.Restore;
var users = await identityUserRepository.GetForUpdateByIdsAsync(tenantId, userIds, includeDeleted, isSuperAdmin, cancellationToken);
var usersById = users.ToDictionary(user => user.Id, user => user, EqualityComparer<long>.Default);
// 5. (空行后) 预计算租户管理员约束
var tenantAdminRole = await roleRepository.FindByCodeAsync("tenant-admin", tenantId, cancellationToken);
var tenantAdminUserIds = tenantAdminRole == null
? Array.Empty<long>()
: (await userRoleRepository.GetByUserIdsAsync(tenantId, usersById.Keys, cancellationToken))
.Where(x => x.RoleId == tenantAdminRole.Id)
.Select(x => x.UserId)
.Distinct()
.ToArray();
var activeAdminCount = tenantAdminRole == null
? 0
: (await identityUserRepository.SearchPagedAsync(new IdentityUserSearchFilter
{
TenantId = tenantId,
RoleId = tenantAdminRole.Id,
Status = IdentityUserStatus.Active,
IncludeDeleted = false,
Page = 1,
PageSize = 1
}, isSuperAdmin, cancellationToken)).Total;
var remainingActiveAdmins = activeAdminCount;
// 6. (空行后) 执行批量操作
var failures = new List<BatchIdentityUserFailureItem>();
var successCount = 0;
var exportItems = new List<UserListItemDto>();
foreach (var userId in userIds)
{
if (!usersById.TryGetValue(userId, out var user))
{
failures.Add(new BatchIdentityUserFailureItem
{
UserId = userId,
Reason = "用户不存在"
});
continue;
}
try
{
switch (request.Operation)
{
case IdentityUserBatchOperation.Enable:
user.Status = IdentityUserStatus.Active;
user.LockedUntil = null;
user.FailedLoginCount = 0;
await identityUserRepository.SaveChangesAsync(cancellationToken);
successCount++;
break;
case IdentityUserBatchOperation.Disable:
if (user.Status == IdentityUserStatus.Active
&& tenantAdminUserIds.Contains(user.Id)
&& remainingActiveAdmins <= 1)
{
throw new BusinessException(ErrorCodes.Conflict, "至少保留一个管理员");
}
if (user.Status == IdentityUserStatus.Active && tenantAdminUserIds.Contains(user.Id))
{
remainingActiveAdmins--;
}
user.Status = IdentityUserStatus.Disabled;
user.LockedUntil = null;
await identityUserRepository.SaveChangesAsync(cancellationToken);
successCount++;
break;
case IdentityUserBatchOperation.Delete:
if (user.Status == IdentityUserStatus.Active
&& tenantAdminUserIds.Contains(user.Id)
&& remainingActiveAdmins <= 1)
{
throw new BusinessException(ErrorCodes.Conflict, "至少保留一个管理员");
}
if (user.Status == IdentityUserStatus.Active && tenantAdminUserIds.Contains(user.Id))
{
remainingActiveAdmins--;
}
await identityUserRepository.RemoveAsync(user, cancellationToken);
await identityUserRepository.SaveChangesAsync(cancellationToken);
successCount++;
break;
case IdentityUserBatchOperation.Restore:
if (!user.DeletedAt.HasValue)
{
throw new BusinessException(ErrorCodes.BadRequest, "用户未删除");
}
user.DeletedAt = null;
user.DeletedBy = null;
await identityUserRepository.SaveChangesAsync(cancellationToken);
successCount++;
break;
case IdentityUserBatchOperation.Export:
successCount++;
break;
default:
throw new BusinessException(ErrorCodes.BadRequest, "无效的批量操作类型");
}
}
catch (Exception ex) when (IsConcurrencyException(ex))
{
failures.Add(new BatchIdentityUserFailureItem
{
UserId = userId,
Reason = "用户数据已被修改,请刷新后重试"
});
}
catch (BusinessException ex)
{
failures.Add(new BatchIdentityUserFailureItem
{
UserId = userId,
Reason = ex.Message
});
}
}
// 6.1 (空行后) 处理导出数据
if (request.Operation == IdentityUserBatchOperation.Export)
{
var roleCodesLookup = await ResolveRoleCodesAsync(users, userRoleRepository, roleRepository, cancellationToken);
var now = DateTime.UtcNow;
exportItems.AddRange(users.Select(user => new UserListItemDto
{
UserId = user.Id,
TenantId = user.TenantId,
Account = user.Account,
DisplayName = user.DisplayName,
Phone = user.Phone,
Email = user.Email,
Status = user.Status,
IsLocked = user.Status == IdentityUserStatus.Locked || (user.LockedUntil.HasValue && user.LockedUntil.Value > now),
IsDeleted = user.DeletedAt.HasValue,
Roles = roleCodesLookup.TryGetValue(user.Id, out var codes) ? codes : Array.Empty<string>(),
CreatedAt = user.CreatedAt,
LastLoginAt = user.LastLoginAt
}));
}
// 7. (空行后) 构建操作日志消息
var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
? operatorProfile.Account
: operatorProfile.DisplayName;
if (string.IsNullOrWhiteSpace(operatorName))
{
operatorName = $"user:{currentUserAccessor.UserId}";
}
var logMessage = new IdentityUserOperationLogMessage
{
OperationType = "identity-user:batch",
TargetType = "identity_user",
TargetIds = JsonSerializer.Serialize(userIds),
OperatorId = currentUserAccessor.UserId.ToString(),
OperatorName = operatorName,
Parameters = JsonSerializer.Serialize(new { tenantId, operation = request.Operation.ToString() }),
Result = JsonSerializer.Serialize(new { successCount, failureCount = failures.Count }),
Success = failures.Count == 0
};
// 8. (空行后) 写入 Outbox 并保存变更
await operationLogPublisher.PublishAsync(logMessage, cancellationToken);
await identityUserRepository.SaveChangesAsync(cancellationToken);
return new BatchIdentityUserOperationResult
{
SuccessCount = successCount,
FailureCount = failures.Count,
Failures = failures,
ExportItems = exportItems
};
}
private static long[] ParseIds(string[] values, string name)
{
// 1. 空数组直接返回
if (values.Length == 0)
{
return Array.Empty<long>();
}
// 2. (空行后) 解析并去重
var ids = new List<long>(values.Length);
foreach (var value in values)
{
if (!long.TryParse(value, out var id) || id <= 0)
{
throw new BusinessException(ErrorCodes.BadRequest, $"{name} ID 无效");
}
ids.Add(id);
}
// 3. (空行后) 返回去重结果
return ids.Distinct().ToArray();
}
private static async Task<Dictionary<long, string[]>> ResolveRoleCodesAsync(
IReadOnlyList<IdentityUser> users,
IUserRoleRepository userRoleRepository,
IRoleRepository roleRepository,
CancellationToken cancellationToken)
{
// 1. 预分配字典容量
var result = new Dictionary<long, string[]>(users.Count);
// 2. (空行后) 按租户分组,降低角色查询次数
foreach (var group in users.GroupBy(user => user.TenantId))
{
var tenantId = group.Key;
var userIds = group.Select(user => user.Id).Distinct().ToArray();
if (userIds.Length == 0)
{
continue;
}
// 3. (空行后) 查询用户角色映射
var relations = await userRoleRepository.GetByUserIdsAsync(tenantId, userIds, cancellationToken);
if (relations.Count == 0)
{
continue;
}
// 4. (空行后) 查询角色并构建映射
var roleIds = relations.Select(x => x.RoleId).Distinct().ToArray();
var roles = roleIds.Length == 0
? Array.Empty<Role>()
: await roleRepository.GetByIdsAsync(tenantId, roleIds, cancellationToken);
var roleCodeMap = roles.ToDictionary(role => role.Id, role => role.Code, EqualityComparer<long>.Default);
// 5. (空行后) 组装用户角色编码列表
foreach (var relationGroup in relations.GroupBy(x => x.UserId))
{
var codes = relationGroup
.Select(x => roleCodeMap.TryGetValue(x.RoleId, out var code) ? code : null)
.OfType<string>()
.Where(code => !string.IsNullOrWhiteSpace(code))
.Distinct(StringComparer.OrdinalIgnoreCase)
.ToArray();
result[relationGroup.Key] = codes.Length == 0 ? Array.Empty<string>() : codes;
}
}
return result;
}
private static bool IsConcurrencyException(Exception exception)
=> string.Equals(exception.GetType().Name, "DbUpdateConcurrencyException", StringComparison.Ordinal);
}
Reference in New Issue View Git Blame Copy Permalink