From 83a6cc88ce0ad9b41d73fdb1f5aa9495ad3796aa Mon Sep 17 00:00:00 2001
From: hyh <hongyuanhua@changeself.com>
Date: Thu, 15 May 2025 15:30:13 +0800
Subject: [PATCH] =?UTF-8?q?feat(auth):=20=E4=BC=98=E5=8C=96=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E8=AE=A4=E8=AF=81=E6=97=B6=E7=9A=84=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E6=A3=80=E6=9F=A5=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. 添加 IRolePermissionRepository 依赖注入 2. 实现用户角色权限的完整获取 3. 优化权限信息的存储结构 4. 使用权限代码作为权限标识 5. 避免重复权限的存储
---
 .../AuthenticateUserCommandHandler.cs         | 22 +++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs b/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs
index 272ec5d..00f8f1c 100644
--- a/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs
+++ b/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs
@@ -19,6 +19,7 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
     private readonly IJwtProvider _jwtProvider;
     private readonly ILogger<AuthenticateUserCommandHandler> _logger;
     private readonly IUserRoleRepository _userRoleRepository;
+    private readonly IRolePermissionRepository _rolePermissionRepository;
 
     /// <summary>
     /// 初始化处理器
@@ -27,12 +28,14 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
         UserManager<AppUser> userManager,
         IJwtProvider jwtProvider,
         ILogger<AuthenticateUserCommandHandler> logger,
-        IUserRoleRepository userRoleRepository)
+        IUserRoleRepository userRoleRepository,
+        IRolePermissionRepository rolePermissionRepository)
     {
         _userManager = userManager;
         _jwtProvider = jwtProvider;
         _logger = logger;
         _userRoleRepository = userRoleRepository;
+        _rolePermissionRepository = rolePermissionRepository;
     }
 
     /// <summary>
@@ -85,6 +88,20 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
             // 添加角色声明
             claims.AddRange(roles.Select(role => new Claim(ClaimTypes.Role, role)));
 
+            // 获取所有角色的权限
+            var permissions = new Dictionary<string, bool>();
+            foreach (var role in roles)
+            {
+                var rolePermissions = await _rolePermissionRepository.GetRolePermissionsWithDetailsAsync(role, cancellationToken);
+                foreach (var rolePermission in rolePermissions)
+                {
+                    if (!permissions.ContainsKey(rolePermission.Permission.Code))
+                    {
+                        permissions[rolePermission.Permission.Code] = true;
+                    }
+                }
+            }
+
             // 生成访问令牌
             var accessToken = _jwtProvider.GenerateAccessToken(claims);
 
@@ -100,7 +117,8 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
                 user.UserName!,
                 user.Email!,
                 user.PhoneNumber,
-                roles);
+                roles,
+                permissions);
 
             _logger.LogInformation("用户 {UserName} 认证成功", request.UserName);