feat: 实现角色权限分配和移除功能

src/CellularManagement.Application/Features/Auth/Commands/RegisterUser/RegisterUserCommandHandler.cs

@@ -75,7 +75,7 @@ public sealed class RegisterUserCommandHandler : IRequestHandler<RegisterUserCom
                 }
 
                 // 获取默认角色
-                var defaultRole = await _roleManager.FindByNameAsync("User");
+                var defaultRole = await _roleManager.FindByNameAsync("Admin");
                 if (defaultRole == null)
                 {
                     throw new InvalidOperationException("默认用户角色不存在");

src/CellularManagement.Application/Features/Roles/Commands/AssignPermission/AssignPermissionCommand.cs

@@ -0,0 +1,18 @@
+using MediatR;
+using CellularManagement.Application.Common;
+
+namespace CellularManagement.Application.Features.Roles.Commands.AssignPermission;
+
+/// <summary>
+/// 分配权限命令
+/// </summary>
+public sealed record AssignPermissionCommand(
+    /// <summary>
+    /// 角色ID
+    /// </summary>
+    string RoleId,
+    
+    /// <summary>
+    /// 权限ID
+    /// </summary>
+    string PermissionId) : IRequest<OperationResult<AssignPermissionResponse>>; 

src/CellularManagement.Application/Features/Roles/Commands/AssignPermission/AssignPermissionCommandHandler.cs

@@ -0,0 +1,62 @@
+using System.Threading;
+using System.Threading.Tasks;
+using MediatR;
+using Microsoft.Extensions.Logging;
+using CellularManagement.Application.Common;
+using CellularManagement.Domain.Entities;
+using CellularManagement.Domain.Repositories;
+
+namespace CellularManagement.Application.Features.Roles.Commands.AssignPermission;
+
+/// <summary>
+/// 分配权限命令处理器
+/// </summary>
+public sealed class AssignPermissionCommandHandler : IRequestHandler<AssignPermissionCommand, OperationResult<AssignPermissionResponse>>
+{
+    private readonly IPermissionRepository _permissionRepository;
+    private readonly ILogger<AssignPermissionCommandHandler> _logger;
+
+    /// <summary>
+    /// 初始化处理器
+    /// </summary>
+    public AssignPermissionCommandHandler(
+        IPermissionRepository permissionRepository,
+        ILogger<AssignPermissionCommandHandler> logger)
+    {
+        _permissionRepository = permissionRepository;
+        _logger = logger;
+    }
+
+    /// <summary>
+    /// 处理分配权限请求
+    /// </summary>
+    public async Task<OperationResult<AssignPermissionResponse>> Handle(
+        AssignPermissionCommand request,
+        CancellationToken cancellationToken)
+    {
+        try
+        {
+            // 检查权限是否存在
+            var permission = await _permissionRepository.GetByIdAsync(request.PermissionId, cancellationToken);
+            if (permission == null)
+            {
+                _logger.LogWarning("权限 {PermissionId} 不存在", request.PermissionId);
+                return OperationResult<AssignPermissionResponse>.CreateFailure("权限不存在");
+            }
+
+            // 创建角色权限关联
+            var rolePermission = RolePermission.Create(request.RoleId, request.PermissionId);
+            await _permissionRepository.AddRolePermissionAsync(rolePermission, cancellationToken);
+
+            _logger.LogInformation("角色 {RoleId} 分配权限 {PermissionId} 成功", request.RoleId, request.PermissionId);
+
+            return OperationResult<AssignPermissionResponse>.CreateSuccess(
+                new AssignPermissionResponse(true));
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "角色 {RoleId} 分配权限 {PermissionId} 失败", request.RoleId, request.PermissionId);
+            return OperationResult<AssignPermissionResponse>.CreateFailure("分配权限失败，请稍后重试");
+        }
+    }
+} 

src/CellularManagement.Application/Features/Roles/Commands/AssignPermission/AssignPermissionCommandValidator.cs

@@ -0,0 +1,18 @@
+using FluentValidation;
+
+namespace CellularManagement.Application.Features.Roles.Commands.AssignPermission;
+
+/// <summary>
+/// 分配权限命令验证器
+/// </summary>
+public sealed class AssignPermissionCommandValidator : AbstractValidator<AssignPermissionCommand>
+{
+    public AssignPermissionCommandValidator()
+    {
+        RuleFor(x => x.RoleId)
+            .NotEmpty().WithMessage("角色ID不能为空");
+
+        RuleFor(x => x.PermissionId)
+            .NotEmpty().WithMessage("权限ID不能为空");
+    }
+} 

src/CellularManagement.Application/Features/Roles/Commands/AssignPermission/AssignPermissionResponse.cs

@@ -0,0 +1,10 @@
+namespace CellularManagement.Application.Features.Roles.Commands.AssignPermission;
+
+/// <summary>
+/// 分配权限响应
+/// </summary>
+public sealed record AssignPermissionResponse(
+    /// <summary>
+    /// 是否成功
+    /// </summary>
+    bool Success); 

src/CellularManagement.Application/Features/Roles/Commands/RemovePermission/RemovePermissionCommand.cs

@@ -0,0 +1,18 @@
+using MediatR;
+using CellularManagement.Application.Common;
+
+namespace CellularManagement.Application.Features.Roles.Commands.RemovePermission;
+
+/// <summary>
+/// 移除权限命令
+/// </summary>
+public sealed record RemovePermissionCommand(
+    /// <summary>
+    /// 角色ID
+    /// </summary>
+    string RoleId,
+    
+    /// <summary>
+    /// 权限ID
+    /// </summary>
+    string PermissionId) : IRequest<OperationResult<RemovePermissionResponse>>; 

src/CellularManagement.Application/Features/Roles/Commands/RemovePermission/RemovePermissionCommandHandler.cs

@@ -0,0 +1,60 @@
+using System.Threading;
+using System.Threading.Tasks;
+using MediatR;
+using Microsoft.Extensions.Logging;
+using CellularManagement.Application.Common;
+using CellularManagement.Domain.Repositories;
+
+namespace CellularManagement.Application.Features.Roles.Commands.RemovePermission;
+
+/// <summary>
+/// 移除权限命令处理器
+/// </summary>
+public sealed class RemovePermissionCommandHandler : IRequestHandler<RemovePermissionCommand, OperationResult<RemovePermissionResponse>>
+{
+    private readonly IPermissionRepository _permissionRepository;
+    private readonly ILogger<RemovePermissionCommandHandler> _logger;
+
+    /// <summary>
+    /// 初始化处理器
+    /// </summary>
+    public RemovePermissionCommandHandler(
+        IPermissionRepository permissionRepository,
+        ILogger<RemovePermissionCommandHandler> logger)
+    {
+        _permissionRepository = permissionRepository;
+        _logger = logger;
+    }
+
+    /// <summary>
+    /// 处理移除权限请求
+    /// </summary>
+    public async Task<OperationResult<RemovePermissionResponse>> Handle(
+        RemovePermissionCommand request,
+        CancellationToken cancellationToken)
+    {
+        try
+        {
+            // 检查权限是否存在
+            var permission = await _permissionRepository.GetByIdAsync(request.PermissionId, cancellationToken);
+            if (permission == null)
+            {
+                _logger.LogWarning("权限 {PermissionId} 不存在", request.PermissionId);
+                return OperationResult<RemovePermissionResponse>.CreateFailure("权限不存在");
+            }
+
+            // 移除角色权限关联
+            await _permissionRepository.DeleteRolePermissionAsync(request.RoleId, request.PermissionId, cancellationToken);
+
+            _logger.LogInformation("角色 {RoleId} 移除权限 {PermissionId} 成功", request.RoleId, request.PermissionId);
+
+            return OperationResult<RemovePermissionResponse>.CreateSuccess(
+                new RemovePermissionResponse(true));
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "角色 {RoleId} 移除权限 {PermissionId} 失败", request.RoleId, request.PermissionId);
+            return OperationResult<RemovePermissionResponse>.CreateFailure("移除权限失败，请稍后重试");
+        }
+    }
+} 

src/CellularManagement.Application/Features/Roles/Commands/RemovePermission/RemovePermissionCommandValidator.cs

@@ -0,0 +1,18 @@
+using FluentValidation;
+
+namespace CellularManagement.Application.Features.Roles.Commands.RemovePermission;
+
+/// <summary>
+/// 移除权限命令验证器
+/// </summary>
+public sealed class RemovePermissionCommandValidator : AbstractValidator<RemovePermissionCommand>
+{
+    public RemovePermissionCommandValidator()
+    {
+        RuleFor(x => x.RoleId)
+            .NotEmpty().WithMessage("角色ID不能为空");
+
+        RuleFor(x => x.PermissionId)
+            .NotEmpty().WithMessage("权限ID不能为空");
+    }
+} 

src/CellularManagement.Application/Features/Roles/Commands/RemovePermission/RemovePermissionResponse.cs

@@ -0,0 +1,10 @@
+namespace CellularManagement.Application.Features.Roles.Commands.RemovePermission;
+
+/// <summary>
+/// 移除权限响应
+/// </summary>
+public sealed record RemovePermissionResponse(
+    /// <summary>
+    /// 是否成功
+    /// </summary>
+    bool Success); 

src/CellularManagement.Domain/Specifications/AuthRequestSamples.json

@@ -0,0 +1,13 @@
+{
+  "RegisterUserCommand": {
+    "userName": "zhangsan",
+    "email": "zhangsan@example.com",
+    "password": "P@ssw0rd!",
+    "confirmPassword": "P@ssw0rd!",
+    "phoneNumber": "13800138000"
+  },
+  "AuthenticateUserCommand": {
+    "userNameOrEmail": "zhangsan",
+    "password": "P@ssw0rd!"
+  }
+} 

src/CellularManagement.Domain/Specifications/DefaultData.json

@@ -0,0 +1,74 @@
+{
+  "permissions": [
+    { "id": "p001", "name": "用户管理", "description": "管理用户信息，包括创建、修改、删除用户" },
+    { "id": "p002", "name": "角色管理", "description": "管理角色信息，包括创建、修改、删除角色" },
+    { "id": "p003", "name": "权限管理", "description": "管理权限信息，包括创建、修改、删除权限" },
+    { "id": "p004", "name": "系统配置", "description": "管理系统配置信息" },
+    { "id": "p005", "name": "数据查看", "description": "查看系统数据" },
+    { "id": "p006", "name": "数据编辑", "description": "编辑系统数据" },
+    { "id": "p007", "name": "报表生成", "description": "生成系统报表" },
+    { "id": "p008", "name": "审计日志", "description": "查看系统审计日志" },
+    { "id": "p009", "name": "API访问", "description": "访问系统API" },
+    { "id": "p010", "name": "文件管理", "description": "管理系统文件" }
+  ],
+  "roles": [
+    { "id": "r001", "name": "Admin", "description": "系统管理员，拥有所有权限" },
+    { "id": "r002", "name": "Manager", "description": "部门经理，拥有部门管理权限" },
+    { "id": "r003", "name": "User", "description": "普通用户，拥有基本操作权限" },
+    { "id": "r004", "name": "Operator", "description": "操作员，拥有特定操作权限" },
+    { "id": "r005", "name": "Finance", "description": "财务人员，拥有财务相关权限" },
+    { "id": "r006", "name": "HR", "description": "人力资源，拥有人力资源相关权限" },
+    { "id": "r007", "name": "CustomerService", "description": "客服人员，拥有客服相关权限" },
+    { "id": "r008", "name": "TechnicalSupport", "description": "技术支持，拥有技术支持相关权限" },
+    { "id": "r009", "name": "DataAnalyst", "description": "数据分析师，拥有数据分析相关权限" },
+    { "id": "r010", "name": "Auditor", "description": "审计人员，拥有审计相关权限" }
+  ],
+  "rolePermissions": [
+    { "roleId": "r001", "permissionId": "p001" },
+    { "roleId": "r001", "permissionId": "p002" },
+    { "roleId": "r001", "permissionId": "p003" },
+    { "roleId": "r001", "permissionId": "p004" },
+    { "roleId": "r001", "permissionId": "p005" },
+    { "roleId": "r001", "permissionId": "p006" },
+    { "roleId": "r001", "permissionId": "p007" },
+    { "roleId": "r001", "permissionId": "p008" },
+    { "roleId": "r001", "permissionId": "p009" },
+    { "roleId": "r001", "permissionId": "p010" },
+    { "roleId": "r002", "permissionId": "p001" },
+    { "roleId": "r002", "permissionId": "p005" },
+    { "roleId": "r002", "permissionId": "p006" },
+    { "roleId": "r002", "permissionId": "p007" },
+    { "roleId": "r003", "permissionId": "p005" },
+    { "roleId": "r003", "permissionId": "p006" },
+    { "roleId": "r004", "permissionId": "p005" },
+    { "roleId": "r004", "permissionId": "p006" },
+    { "roleId": "r004", "permissionId": "p007" },
+    { "roleId": "r005", "permissionId": "p005" },
+    { "roleId": "r005", "permissionId": "p006" },
+    { "roleId": "r005", "permissionId": "p007" },
+    { "roleId": "r006", "permissionId": "p001" },
+    { "roleId": "r006", "permissionId": "p005" },
+    { "roleId": "r006", "permissionId": "p006" },
+    { "roleId": "r007", "permissionId": "p005" },
+    { "roleId": "r007", "permissionId": "p006" },
+    { "roleId": "r008", "permissionId": "p005" },
+    { "roleId": "r008", "permissionId": "p006" },
+    { "roleId": "r008", "permissionId": "p009" },
+    { "roleId": "r009", "permissionId": "p005" },
+    { "roleId": "r009", "permissionId": "p007" },
+    { "roleId": "r010", "permissionId": "p005" },
+    { "roleId": "r010", "permissionId": "p008" }
+  ],
+  "users": [
+    { "id": "u001", "username": "admin", "email": "admin@example.com", "phoneNumber": "13800138000", "roleId": "r001" },
+    { "id": "u002", "username": "manager", "email": "manager@example.com", "phoneNumber": "13800138001", "roleId": "r002" },
+    { "id": "u003", "username": "user", "email": "user@example.com", "phoneNumber": "13800138002", "roleId": "r003" },
+    { "id": "u004", "username": "operator", "email": "operator@example.com", "phoneNumber": "13800138003", "roleId": "r004" },
+    { "id": "u005", "username": "finance", "email": "finance@example.com", "phoneNumber": "13800138004", "roleId": "r005" },
+    { "id": "u006", "username": "hr", "email": "hr@example.com", "phoneNumber": "13800138005", "roleId": "r006" },
+    { "id": "u007", "username": "customerservice", "email": "customerservice@example.com", "phoneNumber": "13800138006", "roleId": "r007" },
+    { "id": "u008", "username": "technicalsupport", "email": "technicalsupport@example.com", "phoneNumber": "13800138007", "roleId": "r008" },
+    { "id": "u009", "username": "dataanalyst", "email": "dataanalyst@example.com", "phoneNumber": "13800138008", "roleId": "r009" },
+    { "id": "u010", "username": "auditor", "email": "auditor@example.com", "phoneNumber": "13800138009", "roleId": "r010" }
+  ]
+} 

src/CellularManagement.Domain/Specifications/DefaultData.sql

@@ -0,0 +1,88 @@
+-- 权限表数据
+INSERT INTO "Permissions" ("Id", "Name", "Description", "CreatedAt") VALUES
+('p001', '用户管理', '管理用户信息，包括创建、修改、删除用户', '2023-01-01 00:00:00'),
+('p002', '角色管理', '管理角色信息，包括创建、修改、删除角色', '2023-01-01 00:00:00'),
+('p003', '权限管理', '管理权限信息，包括创建、修改、删除权限', '2023-01-01 00:00:00'),
+('p004', '系统配置', '管理系统配置信息', '2023-01-01 00:00:00'),
+('p005', '数据查看', '查看系统数据', '2023-01-01 00:00:00'),
+('p006', '数据编辑', '编辑系统数据', '2023-01-01 00:00:00'),
+('p007', '报表生成', '生成系统报表', '2023-01-01 00:00:00'),
+('p008', '审计日志', '查看系统审计日志', '2023-01-01 00:00:00'),
+('p009', 'API访问', '访问系统API', '2023-01-01 00:00:00'),
+('p010', '文件管理', '管理系统文件', '2023-01-01 00:00:00');
+
+-- 角色表数据
+INSERT INTO "Roles" ("Id", "Name", "Description", "ConcurrencyStamp", "NormalizedName") VALUES
+('r001', 'Admin', '系统管理员，拥有所有权限', 'admin-stamp', 'ADMIN'),
+('r002', 'Manager', '部门经理，拥有部门管理权限', 'manager-stamp', 'MANAGER'),
+('r003', 'User', '普通用户，拥有基本操作权限', 'user-stamp', 'USER'),
+('r004', 'Operator', '操作员，拥有特定操作权限', 'operator-stamp', 'OPERATOR'),
+('r005', 'Finance', '财务人员，拥有财务相关权限', 'finance-stamp', 'FINANCE'),
+('r006', 'HR', '人力资源，拥有人力资源相关权限', 'hr-stamp', 'HR'),
+('r007', 'CustomerService', '客服人员，拥有客服相关权限', 'cs-stamp', 'CUSTOMERSERVICE'),
+('r008', 'TechnicalSupport', '技术支持，拥有技术支持相关权限', 'ts-stamp', 'TECHNICALSUPPORT'),
+('r009', 'DataAnalyst', '数据分析师，拥有数据分析相关权限', 'da-stamp', 'DATAANALYST'),
+('r010', 'Auditor', '审计人员，拥有审计相关权限', 'auditor-stamp', 'AUDITOR');
+
+-- 角色权限关联表数据
+INSERT INTO "RolePermissions" ("RoleId", "PermissionId", "CreatedAt") VALUES
+('r001', 'p001', '2023-01-01 00:00:00'),
+('r001', 'p002', '2023-01-01 00:00:00'),
+('r001', 'p003', '2023-01-01 00:00:00'),
+('r001', 'p004', '2023-01-01 00:00:00'),
+('r001', 'p005', '2023-01-01 00:00:00'),
+('r001', 'p006', '2023-01-01 00:00:00'),
+('r001', 'p007', '2023-01-01 00:00:00'),
+('r001', 'p008', '2023-01-01 00:00:00'),
+('r001', 'p009', '2023-01-01 00:00:00'),
+('r001', 'p010', '2023-01-01 00:00:00'),
+('r002', 'p001', '2023-01-01 00:00:00'),
+('r002', 'p005', '2023-01-01 00:00:00'),
+('r002', 'p006', '2023-01-01 00:00:00'),
+('r002', 'p007', '2023-01-01 00:00:00'),
+('r003', 'p005', '2023-01-01 00:00:00'),
+('r003', 'p006', '2023-01-01 00:00:00'),
+('r004', 'p005', '2023-01-01 00:00:00'),
+('r004', 'p006', '2023-01-01 00:00:00'),
+('r004', 'p007', '2023-01-01 00:00:00'),
+('r005', 'p005', '2023-01-01 00:00:00'),
+('r005', 'p006', '2023-01-01 00:00:00'),
+('r005', 'p007', '2023-01-01 00:00:00'),
+('r006', 'p001', '2023-01-01 00:00:00'),
+('r006', 'p005', '2023-01-01 00:00:00'),
+('r006', 'p006', '2023-01-01 00:00:00'),
+('r007', 'p005', '2023-01-01 00:00:00'),
+('r007', 'p006', '2023-01-01 00:00:00'),
+('r008', 'p005', '2023-01-01 00:00:00'),
+('r008', 'p006', '2023-01-01 00:00:00'),
+('r008', 'p009', '2023-01-01 00:00:00'),
+('r009', 'p005', '2023-01-01 00:00:00'),
+('r009', 'p007', '2023-01-01 00:00:00'),
+('r010', 'p005', '2023-01-01 00:00:00'),
+('r010', 'p008', '2023-01-01 00:00:00');
+
+-- 用户表数据
+INSERT INTO "AspNetUsers" ("Id", "UserName", "Email", "EmailConfirmed", "PhoneNumber", "PhoneNumberConfirmed", "TwoFactorEnabled", "LockoutEnabled", "AccessFailedCount", "ConcurrencyStamp", "NormalizedUserName", "NormalizedEmail", "PasswordHash", "SecurityStamp", "LockoutEnd") VALUES
+('u001', 'admin', 'admin@example.com', true, '13800138000', true, false, true, 0, 'user-stamp-1', 'ADMIN', 'ADMIN@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u002', 'manager', 'manager@example.com', true, '13800138001', true, false, true, 0, 'user-stamp-2', 'MANAGER', 'MANAGER@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u003', 'user', 'user@example.com', true, '13800138002', true, false, true, 0, 'user-stamp-3', 'USER', 'USER@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u004', 'operator', 'operator@example.com', true, '13800138003', true, false, true, 0, 'user-stamp-4', 'OPERATOR', 'OPERATOR@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u005', 'finance', 'finance@example.com', true, '13800138004', true, false, true, 0, 'user-stamp-5', 'FINANCE', 'FINANCE@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u006', 'hr', 'hr@example.com', true, '13800138005', true, false, true, 0, 'user-stamp-6', 'HR', 'HR@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u007', 'customerservice', 'customerservice@example.com', true, '13800138006', true, false, true, 0, 'user-stamp-7', 'CUSTOMERSERVICE', 'CUSTOMERSERVICE@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u008', 'technicalsupport', 'technicalsupport@example.com', true, '13800138007', true, false, true, 0, 'user-stamp-8', 'TECHNICALSUPPORT', 'TECHNICALSUPPORT@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u009', 'dataanalyst', 'dataanalyst@example.com', true, '13800138008', true, false, true, 0, 'user-stamp-9', 'DATAANALYST', 'DATAANALYST@EXAMPLE.COM', 'HASH', 'SECURITY', NULL),
+('u010', 'auditor', 'auditor@example.com', true, '13800138009', true, false, true, 0, 'user-stamp-10', 'AUDITOR', 'AUDITOR@EXAMPLE.COM', 'HASH', 'SECURITY', NULL);
+
+-- 用户角色关联表数据
+INSERT INTO "UserRoles" ("UserId", "RoleId") VALUES
+('u001', 'r001'),
+('u002', 'r002'),
+('u003', 'r003'),
+('u004', 'r004'),
+('u005', 'r005'),
+('u006', 'r006'),
+('u007', 'r007'),
+('u008', 'r008'),
+('u009', 'r009'),
+('u010', 'r010'); 

src/CellularManagement.Domain/Specifications/PermissionRequestSamples.json

@@ -0,0 +1,6 @@
+{
+  "CreatePermissionCommand": {
+    "name": "CreateUser",
+    "description": "创建用户的权限"
+  }
+} 

src/CellularManagement.Domain/Specifications/RoleRequestSamples.json

@@ -0,0 +1,12 @@
+{
+  "CreateRoleCommand": {
+    "name": "Manager",
+    "description": "部门经理角色，拥有管理权限"
+  },
+  "DeleteRoleCommand": {
+    "roleId": "r001"
+  },
+  "GetRoleQuery": {
+    "roleId": "r001"
+  }
+} 

src/CellularManagement.Domain/Specifications/UserRequestSamples.json

@@ -0,0 +1,26 @@
+{
+  "CreateUserCommand": {
+    "userName": "zhangsan",
+    "email": "zhangsan@example.com",
+    "phoneNumber": "13800138000",
+    "password": "P@ssw0rd!"
+  },
+  "UpdateUserCommand": {
+    "userName": "lisi",
+    "email": "lisi@example.com",
+    "phoneNumber": "13800138001"
+  },
+  "GetAllUsersQuery": {
+    "pageNumber": 1,
+    "pageSize": 10,
+    "userName": "张三",
+    "email": "example@domain.com",
+    "phoneNumber": "138"
+  },
+  "GetUserByIdQuery": {
+    "id": "u001"
+  },
+  "DeleteUserCommand": {
+    "id": "u001"
+  }
+}