权限拦截新增租户套餐权限

src/platform/ZhonTai.Admin/Services/Auth/AuthService.cs

@@ -35,6 +35,8 @@ using ZhonTai.Admin.Core.Captcha;
 using Newtonsoft.Json;
 using Lazy.SlideCaptcha.Core.Validator;
 using static Lazy.SlideCaptcha.Core.ValidateResult;
+using ZhonTai.Admin.Domain.PkgPermission;
+using ZhonTai.Admin.Domain.TenantPkg;
 
 namespace ZhonTai.Admin.Services.Auth;
 
@@ -155,6 +157,12 @@ public class AuthService : BaseService, IAuthService, IDynamicApi
                        db.Select<TenantPermissionEntity>()
                        .Where(b => b.PermissionId == a.Id && b.TenantId == User.TenantId)
                        .Any()
+
+                       ||
+
+                       db.Select<TenantPkgEntity, PkgPermissionEntity>()
+                       .Where((b, c) => b.PkgId == c.PkgId && b.TenantId == User.TenantId && c.PermissionId == a.Id)
+                       .Any()
                    );
                 }
                 else
@@ -210,6 +218,12 @@ public class AuthService : BaseService, IAuthService, IDynamicApi
                        db.Select<TenantPermissionEntity>()
                        .Where(b => b.PermissionId == a.Id && b.TenantId == User.TenantId)
                        .Any()
+
+                       ||
+
+                       db.Select<TenantPkgEntity, PkgPermissionEntity>()
+                       .Where((b, c) => b.PkgId == c.PkgId && b.TenantId == User.TenantId && c.PermissionId == a.Id)
+                       .Any()
                     );
                 }
                 else

src/platform/ZhonTai.Admin/Services/Permission/PermissionService.cs

@@ -19,6 +19,10 @@ using ZhonTai.DynamicApi.Attributes;
 using ZhonTai.Admin.Core.Consts;
 using FreeSql;
 using ZhonTai.Admin.Domain.Tenant;
+using ZhonTai.Admin.Domain.PkgPermission;
+using ZhonTai.Admin.Domain.TenantPkg;
+using ZhonTai.Admin.Domain.Api;
+using ZhonTai.Admin.Services.User.Dto;
 
 namespace ZhonTai.Admin.Services.Permission;
 
@@ -148,6 +152,12 @@ public class PermissionService : BaseService, IPermissionService, IDynamicApi
                 _tenantPermissionRepository
                 .Where(b => b.PermissionId == a.Id && b.TenantId == User.TenantId)
                 .Any()
+
+                ||
+
+                _permissionRepository.Orm.Select<TenantPkgEntity, PkgPermissionEntity>()
+                .Where((b, c) => b.PkgId == c.PkgId && b.TenantId == User.TenantId && c.PermissionId == a.Id)
+                .Any()
             )
             .AsTreeCte(up: true)
             .ToListAsync(a => new { a.Id, a.ParentId, a.Label, a.Type, a.Sort });
@@ -417,8 +427,19 @@ public class PermissionService : BaseService, IPermissionService, IDynamicApi
         if (_appConfig.Tenant && User.TenantType == TenantType.Tenant)
         {
             var cloud = ServiceProvider.GetRequiredService<FreeSqlCloud>();
-            var tenantPermissionIds = await cloud.Use(DbKeys.AppDb).Select<TenantPermissionEntity>().Where(d => d.TenantId == User.TenantId).ToListAsync(m => m.PermissionId);
-            insertPermissionIds = insertPermissionIds.Where(d => tenantPermissionIds.Contains(d));
+            var mainDb = cloud.Use(DbKeys.AppDb);
+            var tenantPermissionIds = await mainDb.Select<TenantPermissionEntity>()
+                .Where(a => a.TenantId == User.TenantId).ToListAsync(a => a.PermissionId);
+
+            var pkgPermissionIds = await mainDb.Select<PkgPermissionEntity>()
+                .Where(a => 
+                    mainDb.Select<TenantPkgEntity>()
+                    .Where((b) => b.PkgId == a.PkgId && b.TenantId == User.TenantId)
+                    .Any()
+                )
+                .ToListAsync(a => a.PermissionId);
+
+            insertPermissionIds = insertPermissionIds.Where(d => tenantPermissionIds.Contains(d) || pkgPermissionIds.Contains(d));
         }
 
         if (insertPermissionIds.Any())
@@ -479,6 +500,7 @@ public class PermissionService : BaseService, IPermissionService, IDynamicApi
         }
 
         //清除租户下所有用户权限缓存
+        using var _ = _userRepository.DataFilter.Disable(FilterNames.Tenant);
         var userIds = await _userRepository.Select.Where(a => a.TenantId == input.TenantId).ToListAsync(a => a.Id);
         if(userIds.Any())
         {

src/platform/ZhonTai.Admin/Services/Pkg/PkgService.cs

@@ -192,6 +192,7 @@ public class PkgService : BaseService, IDynamicApi
 
         //清除套餐下所有用户权限缓存
         var tenantIds = await _tenantPkgRepository.Select.Where(a => a.PkgId == input.PkgId).ToListAsync(a => a.TenantId);
+        using var _ = _userRepository.DataFilter.Disable(FilterNames.Tenant);
         var userIds = await _userRepository.Select.Where(a => tenantIds.Contains(a.TenantId.Value)).ToListAsync(a => a.Id);
         if (userIds.Any())
         {

src/platform/ZhonTai.Admin/Services/Tenant/TenantService.cs

@@ -25,8 +25,6 @@ using System.Collections.Generic;
 using Yitter.IdGenerator;
 using ZhonTai.Admin.Domain.Pkg;
 using ZhonTai.Admin.Domain.TenantPkg;
-using ZhonTai.Admin.Core.Auth;
-using ZhonTai.Admin.Core.Entities;
 
 namespace ZhonTai.Admin.Services.Tenant;
 

src/platform/ZhonTai.Admin/Services/User/UserService.cs

@@ -3,7 +3,6 @@ using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
 using ZhonTai.Admin.Core.Attributes;
 using ZhonTai.Admin.Core.Configs;
 using ZhonTai.Common.Helpers;
@@ -32,6 +31,8 @@ using Microsoft.AspNetCore.Identity;
 using ZhonTai.Admin.Services.File;
 using System.Linq.Expressions;
 using System;
+using ZhonTai.Admin.Domain.PkgPermission;
+using ZhonTai.Admin.Domain.TenantPkg;
 
 namespace ZhonTai.Admin.Services.User;
 
@@ -274,11 +275,19 @@ public partial class UserService : BaseService, IUserService, IDynamicApi
                 var cloud = LazyGetRequiredService<FreeSqlCloud>();
                 var db = cloud.Use(DbKeys.AppDb);
 
-                return await db.Select<ApiEntity>()
+                var tenantPermissions = await db.Select<ApiEntity>()
                 .Where(a => db.Select<TenantPermissionEntity, PermissionApiEntity>()
                 .InnerJoin((b, c) => b.PermissionId == c.PermissionId && b.TenantId == User.TenantId)
                 .Where((b, c) => c.ApiId == a.Id).Any())
                 .ToListAsync<UserPermissionsOutput>();
+
+                var pkgPermissions = await db.Select<ApiEntity>()
+                .Where(a => db.Select<TenantPkgEntity, PkgPermissionEntity, PermissionApiEntity>()
+                .InnerJoin((b, c, d) => b.PkgId == c.PkgId && c.PermissionId == d.PermissionId && b.TenantId == User.TenantId)
+                .Where((b, c, d) => d.ApiId == a.Id).Any())
+                .ToListAsync<UserPermissionsOutput>();
+
+                return tenantPermissions.Union(pkgPermissions).Distinct().ToList();
             }
 
             return await _apiRepository
@@ -651,6 +660,10 @@ public partial class UserService : BaseService, IUserService, IDynamicApi
         {
             throw ResultOutput.Exception("平台管理员禁止禁用");
         }
+        if (entity.Type == UserType.TenantAdmin)
+        {
+            throw ResultOutput.Exception("企业管理员禁止禁用");
+        }
         entity.Enabled = input.Enabled;
         await _userRepository.UpdateAsync(entity);
     }
@@ -669,11 +682,16 @@ public partial class UserService : BaseService, IUserService, IDynamicApi
             throw ResultOutput.Exception("用户不存在");
         }
 
-        if(user.Type == UserType.PlatformAdmin || user.Type == UserType.TenantAdmin)
+        if(user.Type == UserType.PlatformAdmin)
         {
             throw ResultOutput.Exception($"平台管理员禁止删除");
         }
 
+        if (user.Type == UserType.TenantAdmin)
+        {
+            throw ResultOutput.Exception($"企业管理员禁止删除");
+        }
+
         //删除用户角色
         await _userRoleRepository.DeleteAsync(a => a.UserId == id);
         //删除用户所属部门