From 4044355ae74d498eaf005dc8679fa48e8d64ab94 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 6 Nov 2025 01:52:10 +0000
Subject: [PATCH 1/6] Initial plan


From 08d3a0aa3da48719254f29214e139663e576372f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 6 Nov 2025 01:57:38 +0000
Subject: [PATCH 2/6] Initial analysis - Planning role-based authorization
 implementation

Co-authored-by: xuzeyu91 <26290929+xuzeyu91@users.noreply.github.com>
---
 src/AntSK.Domain/AntSK.Domain.xml | 60 +++++++++++++++----------------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/src/AntSK.Domain/AntSK.Domain.xml b/src/AntSK.Domain/AntSK.Domain.xml
index 0214e9e..5839d84 100644
--- a/src/AntSK.Domain/AntSK.Domain.xml
+++ b/src/AntSK.Domain/AntSK.Domain.xml
@@ -479,36 +479,6 @@
             接口描述
             </summary>
         </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.FileName">
-            <summary>
-            文件名称
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.Url">
-            <summary>
-            地址
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.Type">
-            <summary>
-            类型 file，url
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.DataCount">
-            <summary>
-            数据数量
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.CreateTime">
-            <summary>
-            创建时间
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.Status">
-            <summary>
-            状态
-            </summary>
-        </member>
         <member name="P:AntSK.Domain.Repositories.Kmss.Icon">
             <summary>
             图标
@@ -549,6 +519,36 @@
             段落之间重叠标记的数量。
             </summary>
         </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.FileName">
+            <summary>
+            文件名称
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.Url">
+            <summary>
+            地址
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.Type">
+            <summary>
+            类型 file，url
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.DataCount">
+            <summary>
+            数据数量
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.Status">
+            <summary>
+            状态
+            </summary>
+        </member>
         <member name="M:AntSK.Domain.Repositories.Base.Repository`1.GetList">
             <summary>
             获取所有list

From 5ec918a2f95ead7d44a55f19ca4d34d227c36b50 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 6 Nov 2025 02:04:11 +0000
Subject: [PATCH 3/6] Add role-based authorization entities, repositories and
 UI pages

Co-authored-by: xuzeyu91 <26290929+xuzeyu91@users.noreply.github.com>
---
 src/AntSK.Domain/AntSK.Domain.xml             | 120 ++++++++++++++++++
 .../DependencyInjection/InitExtensions.cs     |  87 +++++++++++++
 .../Permission/IPermissions_Repositories.cs   |   8 ++
 .../Setting/Permission/Permissions.cs         |  46 +++++++
 .../Permission/Permissions_Repositories.cs    |  10 ++
 .../Setting/Role/IRoles_Repositories.cs       |   8 ++
 .../Repositories/Setting/Role/Roles.cs        |  45 +++++++
 .../Setting/Role/Roles_Repositories.cs        |  10 ++
 .../IRolePermissions_Repositories.cs          |   8 ++
 .../Setting/RolePermission/RolePermissions.cs |  32 +++++
 .../RolePermissions_Repositories.cs           |  10 ++
 .../UserRole/IUserRoles_Repositories.cs       |   8 ++
 .../Setting/UserRole/UserRoles.cs             |  32 +++++
 .../UserRole/UserRoles_Repositories.cs        |  10 ++
 src/AntSK/Models/UserSession.cs               |   2 +
 src/AntSK/Pages/Setting/Role/AddRole.razor    |  61 +++++++++
 src/AntSK/Pages/Setting/Role/AddRole.razor.cs | 103 +++++++++++++++
 src/AntSK/Pages/Setting/Role/RoleList.razor   |  72 +++++++++++
 .../Pages/Setting/Role/RoleList.razor.cs      |  84 ++++++++++++
 src/AntSK/Pages/Setting/User/AddUser.razor    |  16 +++
 src/AntSK/Pages/Setting/User/AddUser.razor.cs |  50 ++++++++
 src/AntSK/Services/Auth/AntSKAuthProvider.cs  |  76 +++++++++--
 22 files changed, 887 insertions(+), 11 deletions(-)
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Role/Roles.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs
 create mode 100644 src/AntSK/Pages/Setting/Role/AddRole.razor
 create mode 100644 src/AntSK/Pages/Setting/Role/AddRole.razor.cs
 create mode 100644 src/AntSK/Pages/Setting/Role/RoleList.razor
 create mode 100644 src/AntSK/Pages/Setting/Role/RoleList.razor.cs

diff --git a/src/AntSK.Domain/AntSK.Domain.xml b/src/AntSK.Domain/AntSK.Domain.xml
index 5839d84..f58ab5f 100644
--- a/src/AntSK.Domain/AntSK.Domain.xml
+++ b/src/AntSK.Domain/AntSK.Domain.xml
@@ -836,6 +836,101 @@
             部署名，azure需要使用
             </summary>
         </member>
+        <member name="T:AntSK.Domain.Repositories.Permissions">
+            <summary>
+            权限表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Id">
+            <summary>
+            权限ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Name">
+            <summary>
+            权限名称
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Code">
+            <summary>
+            权限编码
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Type">
+            <summary>
+            权限类型（Menu-菜单权限, Operation-操作权限）
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Description">
+            <summary>
+            权限描述
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
+        <member name="T:AntSK.Domain.Repositories.Roles">
+            <summary>
+            角色表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Id">
+            <summary>
+            角色ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Name">
+            <summary>
+            角色名称
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Code">
+            <summary>
+            角色编码
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Description">
+            <summary>
+            角色描述
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.IsEnabled">
+            <summary>
+            是否启用
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
+        <member name="T:AntSK.Domain.Repositories.RolePermissions">
+            <summary>
+            角色权限关联表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.Id">
+            <summary>
+            关联ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.RoleId">
+            <summary>
+            角色ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.PermissionId">
+            <summary>
+            权限ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
         <member name="P:AntSK.Domain.Repositories.Users.No">
             <summary>
             工号，用于登陆
@@ -861,6 +956,31 @@
             菜单权限
             </summary>
         </member>
+        <member name="T:AntSK.Domain.Repositories.UserRoles">
+            <summary>
+            用户角色关联表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.Id">
+            <summary>
+            关联ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.UserId">
+            <summary>
+            用户ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.RoleId">
+            <summary>
+            角色ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
         <member name="M:AntSK.Domain.Utils.ConvertUtils.IsNull(System.Object)">
             <summary>
             判断是否为空，为空返回true
diff --git a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
index 4a49eec..7783614 100644
--- a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
+++ b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
@@ -81,10 +81,97 @@ namespace AntSK.Domain.Common.DependencyInjection
                     llamafactoryStart.Value = "false";
                     _dic_Repository.Insert(llamafactoryStart);
                 }
+
+                // 初始化角色和权限
+                InitRolesAndPermissions(scope.ServiceProvider);
+
                 _logger.LogInformation("初始化数据库初始数据完成");
             }
             return app;
         }
+
+        private static void InitRolesAndPermissions(IServiceProvider serviceProvider)
+        {
+            var _roles_Repository = serviceProvider.GetRequiredService<IRoles_Repositories>();
+            var _permissions_Repository = serviceProvider.GetRequiredService<IPermissions_Repositories>();
+            var _rolePermissions_Repository = serviceProvider.GetRequiredService<IRolePermissions_Repositories>();
+
+            // 检查是否已经初始化
+            if (_roles_Repository.IsAny(r => r.Code == "Admin"))
+            {
+                return;
+            }
+
+            // 创建管理员角色
+            var adminRole = new Roles
+            {
+                Id = Guid.NewGuid().ToString(),
+                Name = "管理员",
+                Code = "Admin",
+                Description = "系统管理员，拥有所有权限",
+                IsEnabled = true,
+                CreateTime = DateTime.Now
+            };
+            _roles_Repository.Insert(adminRole);
+
+            // 创建普通用户角色
+            var userRole = new Roles
+            {
+                Id = Guid.NewGuid().ToString(),
+                Name = "普通用户",
+                Code = "User",
+                Description = "普通用户，拥有基本功能权限",
+                IsEnabled = true,
+                CreateTime = DateTime.Now
+            };
+            _roles_Repository.Insert(userRole);
+
+            // 创建菜单权限
+            var menuPermissions = new List<Permissions>
+            {
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "聊天", Code = "chat", Type = "Menu", Description = "聊天功能权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "应用", Code = "app", Type = "Menu", Description = "应用管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "知识库", Code = "kms", Type = "Menu", Description = "知识库管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "API管理", Code = "plugins.apilist", Type = "Menu", Description = "API管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "函数管理", Code = "plugins.funlist", Type = "Menu", Description = "函数管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "模型管理", Code = "modelmanager.modellist", Type = "Menu", Description = "模型管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "用户管理", Code = "setting.user", Type = "Menu", Description = "用户管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "聊天记录", Code = "setting.chathistory", Type = "Menu", Description = "聊天记录权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "删除向量表", Code = "setting.delkms", Type = "Menu", Description = "删除向量表权限" }
+            };
+
+            foreach (var permission in menuPermissions)
+            {
+                _permissions_Repository.Insert(permission);
+            }
+
+            // 为管理员角色分配所有权限
+            foreach (var permission in menuPermissions)
+            {
+                _rolePermissions_Repository.Insert(new RolePermissions
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    RoleId = adminRole.Id,
+                    PermissionId = permission.Id,
+                    CreateTime = DateTime.Now
+                });
+            }
+
+            // 为普通用户角色分配基本权限（聊天、应用、知识库）
+            var basicPermissions = menuPermissions.Where(p => p.Code == "chat" || p.Code == "app" || p.Code == "kms").ToList();
+            foreach (var permission in basicPermissions)
+            {
+                _rolePermissions_Repository.Insert(new RolePermissions
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    RoleId = userRole.Id,
+                    PermissionId = permission.Id,
+                    CreateTime = DateTime.Now
+                });
+            }
+
+            _logger.LogInformation("初始化角色和权限完成");
+        }
         /// <summary>
         /// 加载数据库的插件
         /// </summary>
diff --git a/src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs
new file mode 100644
index 0000000..3f89833
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IPermissions_Repositories : IRepository<Permissions>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs
new file mode 100644
index 0000000..de3812b
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs
@@ -0,0 +1,46 @@
+using SqlSugar;
+using System.ComponentModel.DataAnnotations;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 权限表
+    /// </summary>
+    [SugarTable("Permissions")]
+    public partial class Permissions
+    {
+        /// <summary>
+        /// 权限ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 权限名称
+        /// </summary>
+        [Required]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// 权限编码
+        /// </summary>
+        [Required]
+        public string Code { get; set; }
+
+        /// <summary>
+        /// 权限类型（Menu-菜单权限, Operation-操作权限）
+        /// </summary>
+        [Required]
+        public string Type { get; set; }
+
+        /// <summary>
+        /// 权限描述
+        /// </summary>
+        public string? Description { get; set; }
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs
new file mode 100644
index 0000000..a780c78
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IPermissions_Repositories), ServiceLifetime.Scoped)]
+    public class Permissions_Repositories : Repository<Permissions>, IPermissions_Repositories
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs
new file mode 100644
index 0000000..76be31b
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IRoles_Repositories : IRepository<Roles>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Role/Roles.cs b/src/AntSK.Domain/Repositories/Setting/Role/Roles.cs
new file mode 100644
index 0000000..65c72fd
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Role/Roles.cs
@@ -0,0 +1,45 @@
+using SqlSugar;
+using System.ComponentModel.DataAnnotations;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 角色表
+    /// </summary>
+    [SugarTable("Roles")]
+    public partial class Roles
+    {
+        /// <summary>
+        /// 角色ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 角色名称
+        /// </summary>
+        [Required]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// 角色编码
+        /// </summary>
+        [Required]
+        public string Code { get; set; }
+
+        /// <summary>
+        /// 角色描述
+        /// </summary>
+        public string? Description { get; set; }
+
+        /// <summary>
+        /// 是否启用
+        /// </summary>
+        public bool IsEnabled { get; set; } = true;
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs
new file mode 100644
index 0000000..0670279
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IRoles_Repositories), ServiceLifetime.Scoped)]
+    public class Roles_Repositories : Repository<Roles>, IRoles_Repositories
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs
new file mode 100644
index 0000000..692e1e8
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IRolePermissions_Repositories : IRepository<RolePermissions>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs
new file mode 100644
index 0000000..a2bb891
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs
@@ -0,0 +1,32 @@
+using SqlSugar;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 角色权限关联表
+    /// </summary>
+    [SugarTable("RolePermissions")]
+    public partial class RolePermissions
+    {
+        /// <summary>
+        /// 关联ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 角色ID
+        /// </summary>
+        public string RoleId { get; set; }
+
+        /// <summary>
+        /// 权限ID
+        /// </summary>
+        public string PermissionId { get; set; }
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs
new file mode 100644
index 0000000..ff2e42f
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IRolePermissions_Repositories), ServiceLifetime.Scoped)]
+    public class RolePermissions_Repositories : Repository<RolePermissions>, IRolePermissions_Repositories
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs
new file mode 100644
index 0000000..89955d0
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IUserRoles_Repositories : IRepository<UserRoles>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs
new file mode 100644
index 0000000..85ac6d2
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs
@@ -0,0 +1,32 @@
+using SqlSugar;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 用户角色关联表
+    /// </summary>
+    [SugarTable("UserRoles")]
+    public partial class UserRoles
+    {
+        /// <summary>
+        /// 关联ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 用户ID
+        /// </summary>
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// 角色ID
+        /// </summary>
+        public string RoleId { get; set; }
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs
new file mode 100644
index 0000000..c3921df
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IUserRoles_Repositories), ServiceLifetime.Scoped)]
+    public class UserRoles_Repositories : Repository<UserRoles>, IUserRoles_Repositories
+    {
+    }
+}
diff --git a/src/AntSK/Models/UserSession.cs b/src/AntSK/Models/UserSession.cs
index a3370fb..ac60137 100644
--- a/src/AntSK/Models/UserSession.cs
+++ b/src/AntSK/Models/UserSession.cs
@@ -4,5 +4,7 @@
     {
         public string UserName { get; set; }
         public string Role { get; set; }
+        public List<string>? Roles { get; set; }
+        public List<string>? Permissions { get; set; }
     }
 }
diff --git a/src/AntSK/Pages/Setting/Role/AddRole.razor b/src/AntSK/Pages/Setting/Role/AddRole.razor
new file mode 100644
index 0000000..64c1bee
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/AddRole.razor
@@ -0,0 +1,61 @@
+@namespace AntSK.Pages.Setting.Role
+@using AntSK.Domain.Repositories
+@using AntSK.Models
+@page "/setting/role/add"
+@page "/setting/role/add/{RoleId}"
+@using AntSK.Services.Auth
+@inherits AuthComponentBase
+@using Microsoft.AspNetCore.Authorization
+@attribute [Authorize(Roles = "AntSKAdmin")]
+
+<PageContainer Title="新增角色">
+    <ChildContent>
+        <Card>
+            <Form Model="@_roleModel"
+                  Style="margin-top: 8px;"
+                  OnFinish="HandleSubmit">
+                <FormItem Label="角色名称" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Input Placeholder="请输入角色名称" @bind-Value="@context.Name" />
+                </FormItem>
+                <FormItem Label="角色编码" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Input Placeholder="请输入角色编码" @bind-Value="@context.Code" />
+                </FormItem>
+                <FormItem Label="角色描述" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Input Placeholder="请输入角色描述" @bind-Value="@context.Description" />
+                </FormItem>
+                <FormItem Label="是否启用" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Switch @bind-Checked="@context.IsEnabled" />
+                </FormItem>
+
+                <FormItem Label="权限分配" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Select Mode="multiple"
+                            @bind-Values="_permissionIds"
+                            Placeholder="选择权限"
+                            TItemValue="string"
+                            TItem="string"
+                            Size="@AntSizeLDSType.Default">
+                        <SelectOptions>
+                            @foreach (var permission in _allPermissions)
+                            {
+                                <SelectOption TItem="string" TItemValue="string" Value="@permission.Id" Label="@permission.Name" />
+                            }
+                        </SelectOptions>
+                    </Select>
+                </FormItem>
+
+                <FormItem Label=" " Style="margin-top:32px" WrapperCol="LayoutModel._submitFormLayout.WrapperCol">
+                    <Button Type="primary" OnClick="HandleSubmit">
+                        保存
+                    </Button>
+                    <Button OnClick="Back">
+                        返回
+                    </Button>
+                </FormItem>
+            </Form>
+        </Card>
+    </ChildContent>
+</PageContainer>
+
+@code {
+
+}
diff --git a/src/AntSK/Pages/Setting/Role/AddRole.razor.cs b/src/AntSK/Pages/Setting/Role/AddRole.razor.cs
new file mode 100644
index 0000000..7bd591f
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/AddRole.razor.cs
@@ -0,0 +1,103 @@
+using AntDesign;
+using AntSK.Domain.Repositories;
+using Microsoft.AspNetCore.Components;
+
+namespace AntSK.Pages.Setting.Role
+{
+    public partial class AddRole
+    {
+        [Parameter]
+        public string RoleId { get; set; }
+        [Inject] protected IRoles_Repositories _roles_Repositories { get; set; }
+        [Inject] protected IPermissions_Repositories _permissions_Repositories { get; set; }
+        [Inject] protected IRolePermissions_Repositories _rolePermissions_Repositories { get; set; }
+        [Inject] protected MessageService? Message { get; set; }
+
+        private Roles _roleModel = new Roles();
+        private List<Permissions> _allPermissions = new List<Permissions>();
+        private IEnumerable<string> _permissionIds;
+
+        protected override async Task OnInitializedAsync()
+        {
+            await base.OnInitializedAsync();
+            
+            // 加载所有权限
+            _allPermissions = _permissions_Repositories.GetList();
+
+            if (!string.IsNullOrEmpty(RoleId))
+            {
+                _roleModel = _roles_Repositories.GetFirst(p => p.Id == RoleId);
+                
+                // 加载角色已有的权限
+                var rolePermissions = _rolePermissions_Repositories.GetList(p => p.RoleId == RoleId);
+                _permissionIds = rolePermissions.Select(rp => rp.PermissionId);
+            }
+        }
+
+        private void HandleSubmit()
+        {
+            if (string.IsNullOrEmpty(RoleId))
+            {
+                //新增
+                _roleModel.Id = Guid.NewGuid().ToString();
+                _roleModel.CreateTime = DateTime.Now;
+
+                if (_roles_Repositories.IsAny(p => p.Code == _roleModel.Code))
+                {
+                    _ = Message.Error("角色编码已存在！", 2);
+                    return;
+                }
+                _roles_Repositories.Insert(_roleModel);
+
+                // 添加角色权限关联
+                if (_permissionIds != null)
+                {
+                    foreach (var permissionId in _permissionIds)
+                    {
+                        _rolePermissions_Repositories.Insert(new RolePermissions
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            RoleId = _roleModel.Id,
+                            PermissionId = permissionId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
+            }
+            else
+            {
+                //修改
+                _roles_Repositories.Update(_roleModel);
+
+                // 先删除旧的角色权限关联
+                var oldRolePermissions = _rolePermissions_Repositories.GetList(p => p.RoleId == RoleId);
+                foreach (var rp in oldRolePermissions)
+                {
+                    _rolePermissions_Repositories.Delete(rp.Id);
+                }
+
+                // 添加新的角色权限关联
+                if (_permissionIds != null)
+                {
+                    foreach (var permissionId in _permissionIds)
+                    {
+                        _rolePermissions_Repositories.Insert(new RolePermissions
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            RoleId = _roleModel.Id,
+                            PermissionId = permissionId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
+            }
+
+            Back();
+        }
+
+        private void Back()
+        {
+            NavigationManager.NavigateTo("/setting/rolelist");
+        }
+    }
+}
diff --git a/src/AntSK/Pages/Setting/Role/RoleList.razor b/src/AntSK/Pages/Setting/Role/RoleList.razor
new file mode 100644
index 0000000..035b158
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/RoleList.razor
@@ -0,0 +1,72 @@
+@namespace AntSK.Pages.Setting.Role
+@using AntSK.Domain.Repositories
+@page "/setting/rolelist"
+@inject NavigationManager NavigationManager
+@using AntSK.Services.Auth
+@inherits AuthComponentBase
+@using Microsoft.AspNetCore.Authorization
+@attribute [Authorize(Roles = "AntSKAdmin")]
+
+<div>
+    <PageContainer Title="角色管理">
+        <ChildContent>
+            <div class="standardList">
+
+                <Card Class="listCard"
+                      Title="角色列表"
+                      Style="margin-top: 24px;"
+                      BodyStyle="padding: 0 32px 40px 32px">
+                    <Extra>
+                        <div class="extraContent">
+
+                            <Search Class="extraContentSearch" Placeholder="查询" @bind-Value="_searchKeyword" OnSearch="OnSearch" />
+                        </div>
+                    </Extra>
+                    <ChildContent>
+                        <Button Type="dashed"
+                                Style="width: 100%; margin-bottom: 8px;"
+                                OnClick="AddRole">
+                            <Icon Type="plus" Theme="outline" />
+                            新增角色
+                        </Button>
+
+                        <AntList TItem="Roles"
+                                 DataSource="_data"
+                                 ItemLayout="ListItemLayout.Horizontal">
+                            <ListItem Actions="new[] {
+                            edit(()=> Edit(context.Id)),
+                            delete(async ()=>await Delete(context.Id))
+                             }" Style="width:100%">
+                                <div class="listContent" style="width:100%">
+                                    <div class="listContentItem" style="width:20%">
+                                        <b>角色名称</b>
+                                        <p>@context.Name</p>
+                                    </div>
+                                    <div class="listContentItem" style="width:20%">
+                                        <b>角色编码</b>
+                                        <p>@context.Code</p>
+                                    </div>
+                                    <div class="listContentItem" style="width:30%">
+                                        <b>描述</b>
+                                        <p>@context.Description</p>
+                                    </div>
+                                    <div class="listContentItem" style="width:15%">
+                                        <b>状态</b>
+                                        <p>@(context.IsEnabled ? "启用" : "禁用")</p>
+                                    </div>
+                                </div>
+                            </ListItem>
+                        </AntList>
+                    </ChildContent>
+                </Card>
+            </div>
+        </ChildContent>
+    </PageContainer>
+</div>
+
+@code
+{
+    RenderFragment edit(Action clickAction) =>@<a key="edit" @onclick="@clickAction">修改</a>;
+    RenderFragment delete(Action clickAction) =>@<a key="delete" @onclick="@clickAction">删除</a>;
+   
+}
diff --git a/src/AntSK/Pages/Setting/Role/RoleList.razor.cs b/src/AntSK/Pages/Setting/Role/RoleList.razor.cs
new file mode 100644
index 0000000..a199a34
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/RoleList.razor.cs
@@ -0,0 +1,84 @@
+using AntDesign;
+using AntSK.Domain.Repositories;
+using AntSK.Models;
+using Microsoft.AspNetCore.Components;
+
+namespace AntSK.Pages.Setting.Role
+{
+    public partial class RoleList
+    {
+        private readonly BasicListFormModel _model = new BasicListFormModel();
+
+        private List<Roles> _data;
+
+        private string _searchKeyword;
+
+        [Inject]
+        protected IRoles_Repositories _roles_Repositories { get; set; }
+        [Inject]
+        protected IRolePermissions_Repositories _rolePermissions_Repositories { get; set; }
+        [Inject]
+        protected IUserRoles_Repositories _userRoles_Repositories { get; set; }
+        [Inject]
+        IConfirmService _confirmService { get; set; }
+
+        protected override async Task OnInitializedAsync()
+        {
+            await base.OnInitializedAsync();
+            await InitData();
+        }
+        private async Task InitData(string searchKey = null)
+        {
+            if (string.IsNullOrEmpty(searchKey))
+            {
+                _data = _roles_Repositories.GetList();
+            }
+            else
+            {
+                _data = _roles_Repositories.GetList(p => p.Name.Contains(searchKey) || p.Code.Contains(searchKey) || (p.Description != null && p.Description.Contains(searchKey)));
+            }
+            await InvokeAsync(StateHasChanged);
+        }
+        public async Task OnSearch()
+        {
+            await InitData(_searchKeyword);
+        }
+
+        public async Task AddRole()
+        {
+            NavigationManager.NavigateTo("/setting/role/add");
+        }
+
+        public void Edit(string roleid)
+        {
+            NavigationManager.NavigateTo("/setting/role/add/" + roleid);
+        }
+
+        public async Task Delete(string roleid)
+        {
+            var content = "是否确认删除此角色";
+            var title = "删除";
+            var result = await _confirmService.Show(content, title, ConfirmButtons.YesNo);
+            if (result == ConfirmResult.Yes)
+            {
+                // 删除角色权限关联
+                var rolePerms = _rolePermissions_Repositories.GetList(p => p.RoleId == roleid);
+                foreach (var rp in rolePerms)
+                {
+                    await _rolePermissions_Repositories.DeleteAsync(rp.Id);
+                }
+
+                // 删除用户角色关联
+                var userRoles = _userRoles_Repositories.GetList(p => p.RoleId == roleid);
+                foreach (var ur in userRoles)
+                {
+                    await _userRoles_Repositories.DeleteAsync(ur.Id);
+                }
+
+                // 删除角色
+                await _roles_Repositories.DeleteAsync(roleid);
+                await InitData("");
+            }
+        }
+    }
+}
diff --git a/src/AntSK/Pages/Setting/User/AddUser.razor b/src/AntSK/Pages/Setting/User/AddUser.razor
index 640b7ac..7df12a2 100644
--- a/src/AntSK/Pages/Setting/User/AddUser.razor
+++ b/src/AntSK/Pages/Setting/User/AddUser.razor
@@ -43,6 +43,22 @@
                     </Select>
                 </FormItem>
 
+                <FormItem Label="角色分配" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Select Mode="multiple"
+                            @bind-Values="_roleIds"
+                            Placeholder="选择角色"
+                            TItemValue="string"
+                            TItem="string"
+                            Size="@AntSizeLDSType.Default">
+                        <SelectOptions>
+                            @foreach (var role in _allRoles)
+                            {
+                                <SelectOption TItem="string" TItemValue="string" Value="@role.Id" Label="@role.Name" />
+                            }
+                        </SelectOptions>
+                    </Select>
+                </FormItem>
+
                 <FormItem Label=" " Style="margin-top:32px" WrapperCol="LayoutModel._submitFormLayout.WrapperCol">
                     <Button Type="primary" OnClick="HandleSubmit">
                         保存
diff --git a/src/AntSK/Pages/Setting/User/AddUser.razor.cs b/src/AntSK/Pages/Setting/User/AddUser.razor.cs
index 7b31577..26315d0 100644
--- a/src/AntSK/Pages/Setting/User/AddUser.razor.cs
+++ b/src/AntSK/Pages/Setting/User/AddUser.razor.cs
@@ -12,21 +12,34 @@ namespace AntSK.Pages.Setting.User
         [Parameter]
         public string UserId { get; set; }
         [Inject] protected IUsers_Repositories _users_Repositories { get; set; }
+        [Inject] protected IRoles_Repositories _roles_Repositories { get; set; }
+        [Inject] protected IUserRoles_Repositories _userRoles_Repositories { get; set; }
         [Inject] protected MessageService? Message { get; set; }
         [Inject] public HttpClient HttpClient { get; set; }
 
         private Users _userModel = new Users();
         private string _password = "";
         IEnumerable<string> _menuKeys;
+        IEnumerable<string> _roleIds;
 
         private List<MenuDataItem> menuList = new List<MenuDataItem>();
+        private List<Roles> _allRoles = new List<Roles>();
+
         protected override async Task OnInitializedAsync()
         {
             await base.OnInitializedAsync();
+            
+            // 加载所有角色
+            _allRoles = _roles_Repositories.GetList(r => r.IsEnabled);
+
             if (!string.IsNullOrEmpty(UserId))
             {
                 _userModel = _users_Repositories.GetFirst(p => p.Id == UserId);
                 _password = _userModel.Password;
+
+                // 加载用户已有的角色
+                var userRoles = _userRoles_Repositories.GetList(p => p.UserId == UserId);
+                _roleIds = userRoles.Select(ur => ur.RoleId);
             }
             menuList = (await HttpClient.GetFromJsonAsync<MenuDataItem[]>("data/menu.json")).ToList().Where(p => p.Key != "setting").ToList();
             _menuKeys = _userModel.MenuRole?.Split(",");
@@ -52,6 +65,21 @@ namespace AntSK.Pages.Setting.User
                 }
                 _userModel.Password = PasswordUtil.HashPassword(_userModel.Password);
                 _users_Repositories.Insert(_userModel);
+
+                // 添加用户角色关联
+                if (_roleIds != null)
+                {
+                    foreach (var roleId in _roleIds)
+                    {
+                        _userRoles_Repositories.Insert(new UserRoles
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            UserId = _userModel.Id,
+                            RoleId = roleId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
             }
             else
             {
@@ -61,6 +89,28 @@ namespace AntSK.Pages.Setting.User
                     _userModel.Password = PasswordUtil.HashPassword(_userModel.Password);
                 }
                 _users_Repositories.Update(_userModel);
+
+                // 先删除旧的用户角色关联
+                var oldUserRoles = _userRoles_Repositories.GetList(p => p.UserId == UserId);
+                foreach (var ur in oldUserRoles)
+                {
+                    _userRoles_Repositories.Delete(ur.Id);
+                }
+
+                // 添加新的用户角色关联
+                if (_roleIds != null)
+                {
+                    foreach (var roleId in _roleIds)
+                    {
+                        _userRoles_Repositories.Insert(new UserRoles
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            UserId = _userModel.Id,
+                            RoleId = roleId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
             }
 
             Back();
diff --git a/src/AntSK/Services/Auth/AntSKAuthProvider.cs b/src/AntSK/Services/Auth/AntSKAuthProvider.cs
index 73526e7..9d89d19 100644
--- a/src/AntSK/Services/Auth/AntSKAuthProvider.cs
+++ b/src/AntSK/Services/Auth/AntSKAuthProvider.cs
@@ -10,6 +10,10 @@ namespace AntSK.Services.Auth
 {
     public class AntSKAuthProvider(
         IUsers_Repositories _users_Repositories,
+        IUserRoles_Repositories _userRoles_Repositories,
+        IRoles_Repositories _roles_Repositories,
+        IRolePermissions_Repositories _rolePermissions_Repositories,
+        IPermissions_Repositories _permissions_Repositories,
         ProtectedSessionStorage _protectedSessionStore
         ) : AuthenticationStateProvider
     {
@@ -29,13 +33,18 @@ namespace AntSK.Services.Auth
                     new Claim(ClaimTypes.Role, AdminRole)
                 };
                 identity = new ClaimsIdentity(claims, AdminRole);
-                await _protectedSessionStore.SetAsync("UserSession", new UserSession() { UserName = username, Role = AdminRole });
+                await _protectedSessionStore.SetAsync("UserSession", new UserSession() 
+                { 
+                    UserName = username, 
+                    Role = AdminRole,
+                    Roles = new List<string> { AdminRole },
+                    Permissions = new List<string>()
+                });
                 NotifyAuthenticationStateChanged(GetAuthenticationStateAsync());
                 return true;
             }
             else
             {
-                string UserRole = "AntSKUser";
                 if (user.IsNull())
                 {
                     return false;
@@ -44,13 +53,42 @@ namespace AntSK.Services.Auth
                 {
                     return false;
                 }
+
+                // 获取用户的角色和权限
+                var userRoles = _userRoles_Repositories.GetList(p => p.UserId == user.Id);
+                var roleIds = userRoles.Select(ur => ur.RoleId).ToList();
+                var roles = _roles_Repositories.GetList(r => roleIds.Contains(r.Id) && r.IsEnabled);
+                
+                // 获取角色的权限
+                var rolePermissions = _rolePermissions_Repositories.GetList(rp => roleIds.Contains(rp.RoleId));
+                var permissionIds = rolePermissions.Select(rp => rp.PermissionId).Distinct().ToList();
+                var permissions = _permissions_Repositories.GetList(p => permissionIds.Contains(p.Id));
+
+                // 如果没有角色，使用默认角色
+                string defaultRole = "AntSKUser";
+                var roleList = roles.Any() ? roles.Select(r => r.Code).ToList() : new List<string> { defaultRole };
+                var permissionList = permissions.Select(p => p.Code).ToList();
+
                 // 用户认证成功，创建用户的ClaimsIdentity
-                var claims = new[] { 
-                     new Claim(ClaimTypes.Name, username),
-                    new Claim(ClaimTypes.Role, UserRole)
-                     };
-                identity = new ClaimsIdentity(claims, UserRole);
-                await _protectedSessionStore.SetAsync("UserSession", new UserSession() { UserName = username, Role = UserRole });
+                var claims = new List<Claim>
+                {
+                    new Claim(ClaimTypes.Name, username)
+                };
+
+                // 添加所有角色到Claims
+                foreach (var role in roleList)
+                {
+                    claims.Add(new Claim(ClaimTypes.Role, role));
+                }
+
+                identity = new ClaimsIdentity(claims, roleList.FirstOrDefault() ?? defaultRole);
+                await _protectedSessionStore.SetAsync("UserSession", new UserSession() 
+                { 
+                    UserName = username, 
+                    Role = roleList.FirstOrDefault() ?? defaultRole,
+                    Roles = roleList,
+                    Permissions = permissionList
+                });
                 NotifyAuthenticationStateChanged(GetAuthenticationStateAsync());
                 return true;
             }
@@ -68,9 +106,25 @@ namespace AntSK.Services.Auth
             var userSession = userSessionStorageResult.Success ? userSessionStorageResult.Value : null;
             if (userSession.IsNotNull())
             {
-                var claims = new[] {
-                    new Claim(ClaimTypes.Name, userSession.UserName),
-                    new Claim( ClaimTypes.Role, userSession.Role) };
+                var claims = new List<Claim>
+                {
+                    new Claim(ClaimTypes.Name, userSession.UserName)
+                };
+
+                // 添加所有角色到Claims
+                if (userSession.Roles != null && userSession.Roles.Any())
+                {
+                    foreach (var role in userSession.Roles)
+                    {
+                        claims.Add(new Claim(ClaimTypes.Role, role));
+                    }
+                }
+                else
+                {
+                    // 向后兼容，使用单个Role
+                    claims.Add(new Claim(ClaimTypes.Role, userSession.Role));
+                }
+
                 identity = new ClaimsIdentity(claims, userSession.Role);
             }
             var user = new ClaimsPrincipal(identity);

From ea8dd2147848766d62e1a922096de67aa68e48bb Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 6 Nov 2025 02:05:38 +0000
Subject: [PATCH 4/6] Add role management menu entry and update seed data

Co-authored-by: xuzeyu91 <26290929+xuzeyu91@users.noreply.github.com>
---
 .../Common/DependencyInjection/InitExtensions.cs             | 1 +
 src/AntSK/wwwroot/data/menu.json                             | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
index 7783614..555eab4 100644
--- a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
+++ b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
@@ -136,6 +136,7 @@ namespace AntSK.Domain.Common.DependencyInjection
                 new Permissions { Id = Guid.NewGuid().ToString(), Name = "函数管理", Code = "plugins.funlist", Type = "Menu", Description = "函数管理权限" },
                 new Permissions { Id = Guid.NewGuid().ToString(), Name = "模型管理", Code = "modelmanager.modellist", Type = "Menu", Description = "模型管理权限" },
                 new Permissions { Id = Guid.NewGuid().ToString(), Name = "用户管理", Code = "setting.user", Type = "Menu", Description = "用户管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "角色管理", Code = "setting.role", Type = "Menu", Description = "角色管理权限" },
                 new Permissions { Id = Guid.NewGuid().ToString(), Name = "聊天记录", Code = "setting.chathistory", Type = "Menu", Description = "聊天记录权限" },
                 new Permissions { Id = Guid.NewGuid().ToString(), Name = "删除向量表", Code = "setting.delkms", Type = "Menu", Description = "删除向量表权限" }
             };
diff --git a/src/AntSK/wwwroot/data/menu.json b/src/AntSK/wwwroot/data/menu.json
index 1e8ae10..78a9b4a 100644
--- a/src/AntSK/wwwroot/data/menu.json
+++ b/src/AntSK/wwwroot/data/menu.json
@@ -59,6 +59,11 @@
         "name": "用户管理",
         "key": "setting.user"
       },
+      {
+        "path": "/setting/rolelist",
+        "name": "角色管理",
+        "key": "setting.role"
+      },
       {
         "path": "/setting/chathistory",
         "name": "聊天记录",

From 1a3881e7a41f151f945d9911d78361dc74fda04f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 6 Nov 2025 02:08:14 +0000
Subject: [PATCH 5/6] Fix role code consistency and add RBAC documentation

Co-authored-by: xuzeyu91 <26290929+xuzeyu91@users.noreply.github.com>
---
 docs/RBAC_README.md                           | 140 ++++++++++++++++++
 .../DependencyInjection/InitExtensions.cs     |   6 +-
 2 files changed, 143 insertions(+), 3 deletions(-)
 create mode 100644 docs/RBAC_README.md

diff --git a/docs/RBAC_README.md b/docs/RBAC_README.md
new file mode 100644
index 0000000..b989c7a
--- /dev/null
+++ b/docs/RBAC_README.md
@@ -0,0 +1,140 @@
+# 角色基础授权系统 (Role-Based Access Control)
+
+## 概述
+
+本系统实现了完整的角色基础授权功能，支持将权限绑定到角色，角色再绑定给用户，提供灵活的权限管理能力。
+
+## 数据库结构
+
+### 核心表
+
+1. **Roles (角色表)**
+   - Id: 角色ID (主键)
+   - Name: 角色名称
+   - Code: 角色编码 (用于授权验证)
+   - Description: 角色描述
+   - IsEnabled: 是否启用
+   - CreateTime: 创建时间
+
+2. **Permissions (权限表)**
+   - Id: 权限ID (主键)
+   - Name: 权限名称
+   - Code: 权限编码 (用于授权验证)
+   - Type: 权限类型 (Menu-菜单权限, Operation-操作权限)
+   - Description: 权限描述
+   - CreateTime: 创建时间
+
+3. **RolePermissions (角色权限关联表)**
+   - Id: 关联ID (主键)
+   - RoleId: 角色ID
+   - PermissionId: 权限ID
+   - CreateTime: 创建时间
+
+4. **UserRoles (用户角色关联表)**
+   - Id: 关联ID (主键)
+   - UserId: 用户ID
+   - RoleId: 角色ID
+   - CreateTime: 创建时间
+
+## 默认角色和权限
+
+系统首次运行时会自动初始化以下角色和权限：
+
+### 默认角色
+
+1. **AntSKAdmin (管理员)**
+   - 拥有系统所有权限
+   - 可以管理用户、角色、权限等
+
+2. **AntSKUser (普通用户)**
+   - 拥有基本功能权限
+   - 包括：聊天、应用、知识库
+
+### 默认权限
+
+系统包含以下菜单权限：
+- chat: 聊天
+- app: 应用
+- kms: 知识库
+- plugins.apilist: API管理
+- plugins.funlist: 函数管理
+- modelmanager.modellist: 模型管理
+- setting.user: 用户管理
+- setting.role: 角色管理
+- setting.chathistory: 聊天记录
+- setting.delkms: 删除向量表
+
+## 使用说明
+
+### 1. 角色管理
+
+访问 `/setting/rolelist` 可以进行角色管理：
+- 查看所有角色
+- 创建新角色
+- 编辑角色信息
+- 为角色分配权限
+- 删除角色
+
+### 2. 用户管理
+
+访问 `/setting/userlist` 可以进行用户管理：
+- 创建用户时可以分配角色
+- 编辑用户时可以修改角色分配
+- 用户可以拥有多个角色
+
+### 3. 授权验证
+
+系统支持两种授权方式：
+
+**方式一：基于角色的授权**
+```csharp
+@attribute [Authorize(Roles = "AntSKAdmin")]
+```
+
+**方式二：基于多角色的授权**
+```csharp
+@attribute [Authorize(Roles = "AntSKAdmin,AntSKUser")]
+```
+
+## 技术实现
+
+### 认证流程
+
+1. 用户登录时，系统从数据库加载用户的角色和权限
+2. 将所有角色添加到用户的Claims中
+3. 将权限列表存储到UserSession中供后续使用
+4. 支持多个角色同时验证
+
+### 向后兼容
+
+- 保留了原有的MenuRole字段，支持逐步迁移
+- 硬编码的管理员账号继续使用AntSKAdmin角色
+- 新用户如果没有分配角色，默认使用AntSKUser角色
+
+## 安全性
+
+1. **角色验证**: 只有AntSKAdmin角色可以访问角色和用户管理页面
+2. **级联删除**: 删除角色时会自动删除相关的角色权限和用户角色关联
+3. **启用状态**: 角色支持启用/禁用状态，禁用的角色不会加载权限
+4. **多层级保护**: 数据库层、业务层、UI层都有权限验证
+
+## 扩展建议
+
+1. **操作权限**: 可以在Permissions表中添加Type为"Operation"的权限，用于控制具体操作
+2. **权限缓存**: 可以考虑添加权限缓存机制，提高性能
+3. **审计日志**: 可以添加角色和权限变更的审计日志
+4. **批量操作**: 可以添加批量分配角色、批量分配权限的功能
+
+## 常见问题
+
+**Q: 如何添加新的权限？**
+A: 可以通过代码在InitRolesAndPermissions方法中添加，或者后续可以开发权限管理UI。
+
+**Q: 用户可以有多个角色吗？**
+A: 可以。系统支持一个用户拥有多个角色，最终拥有所有角色的权限并集。
+
+**Q: 如何处理权限冲突？**
+A: 系统采用"允许优先"策略，只要用户的任一角色拥有某项权限，用户就拥有该权限。
+
+**Q: 删除角色会影响已登录的用户吗？**
+A: 会的。用户下次登录时会重新加载角色和权限，已删除的角色将不再生效。
diff --git a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
index 555eab4..911b1ca 100644
--- a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
+++ b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
@@ -97,7 +97,7 @@ namespace AntSK.Domain.Common.DependencyInjection
             var _rolePermissions_Repository = serviceProvider.GetRequiredService<IRolePermissions_Repositories>();
 
             // 检查是否已经初始化
-            if (_roles_Repository.IsAny(r => r.Code == "Admin"))
+            if (_roles_Repository.IsAny(r => r.Code == "AntSKAdmin"))
             {
                 return;
             }
@@ -107,7 +107,7 @@ namespace AntSK.Domain.Common.DependencyInjection
             {
                 Id = Guid.NewGuid().ToString(),
                 Name = "管理员",
-                Code = "Admin",
+                Code = "AntSKAdmin",
                 Description = "系统管理员，拥有所有权限",
                 IsEnabled = true,
                 CreateTime = DateTime.Now
@@ -119,7 +119,7 @@ namespace AntSK.Domain.Common.DependencyInjection
             {
                 Id = Guid.NewGuid().ToString(),
                 Name = "普通用户",
-                Code = "User",
+                Code = "AntSKUser",
                 Description = "普通用户，拥有基本功能权限",
                 IsEnabled = true,
                 CreateTime = DateTime.Now

From abed362ff2929e512cf2bf00741c84d7ac8814b5 Mon Sep 17 00:00:00 2001
From: xuzeyu <286513187@qq.com>
Date: Thu, 6 Nov 2025 10:29:38 +0800
Subject: [PATCH 6/6] =?UTF-8?q?=E9=87=8D=E6=9E=84=E5=92=8C=E4=BC=98?=
 =?UTF-8?q?=E5=8C=96=E9=A2=86=E5=9F=9F=E6=A8=A1=E5=9E=8B=E5=B1=9E=E6=80=A7?=
 =?UTF-8?q?=E4=B8=8E=E5=85=B3=E8=81=94=E7=B1=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

重命名 `AntSK.Domain.Repositories.Kmss` 的多个属性为 `KmsDetails`，以更清晰地表达其含义，例如将 `Kmss.Icon` 替换为 `KmsDetails.FileName`，`Kmss.Name` 替换为 `KmsDetails.Url` 等。

新增 `RolePermissions` 类及其相关属性，用于表示角色权限关联表。

将 `RolePermissions` 替换为 `UserRoles`，并调整相关属性名称和描述以匹配用户角色关联表的语义。

删除了 `UserRoles` 类及其相关属性，移除冗余定义。

保留部分未修改的成员，确保现有功能的完整性。
---
 src/AntSK.Domain/AntSK.Domain.xml | 130 +++++++++++++++---------------
 1 file changed, 65 insertions(+), 65 deletions(-)

diff --git a/src/AntSK.Domain/AntSK.Domain.xml b/src/AntSK.Domain/AntSK.Domain.xml
index f58ab5f..7ca39a9 100644
--- a/src/AntSK.Domain/AntSK.Domain.xml
+++ b/src/AntSK.Domain/AntSK.Domain.xml
@@ -479,6 +479,36 @@
             接口描述
             </summary>
         </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.FileName">
+            <summary>
+            文件名称
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.Url">
+            <summary>
+            地址
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.Type">
+            <summary>
+            类型 file，url
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.DataCount">
+            <summary>
+            数据数量
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.KmsDetails.Status">
+            <summary>
+            状态
+            </summary>
+        </member>
         <member name="P:AntSK.Domain.Repositories.Kmss.Icon">
             <summary>
             图标
@@ -519,36 +549,6 @@
             段落之间重叠标记的数量。
             </summary>
         </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.FileName">
-            <summary>
-            文件名称
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.Url">
-            <summary>
-            地址
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.Type">
-            <summary>
-            类型 file，url
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.DataCount">
-            <summary>
-            数据数量
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.CreateTime">
-            <summary>
-            创建时间
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.KmsDetails.Status">
-            <summary>
-            状态
-            </summary>
-        </member>
         <member name="M:AntSK.Domain.Repositories.Base.Repository`1.GetList">
             <summary>
             获取所有list
@@ -871,6 +871,31 @@
             创建时间
             </summary>
         </member>
+        <member name="T:AntSK.Domain.Repositories.RolePermissions">
+            <summary>
+            角色权限关联表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.Id">
+            <summary>
+            关联ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.RoleId">
+            <summary>
+            角色ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.PermissionId">
+            <summary>
+            权限ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
         <member name="T:AntSK.Domain.Repositories.Roles">
             <summary>
             角色表
@@ -906,27 +931,27 @@
             创建时间
             </summary>
         </member>
-        <member name="T:AntSK.Domain.Repositories.RolePermissions">
+        <member name="T:AntSK.Domain.Repositories.UserRoles">
             <summary>
-            角色权限关联表
+            用户角色关联表
             </summary>
         </member>
-        <member name="P:AntSK.Domain.Repositories.RolePermissions.Id">
+        <member name="P:AntSK.Domain.Repositories.UserRoles.Id">
             <summary>
             关联ID
             </summary>
         </member>
-        <member name="P:AntSK.Domain.Repositories.RolePermissions.RoleId">
+        <member name="P:AntSK.Domain.Repositories.UserRoles.UserId">
+            <summary>
+            用户ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.RoleId">
             <summary>
             角色ID
             </summary>
         </member>
-        <member name="P:AntSK.Domain.Repositories.RolePermissions.PermissionId">
-            <summary>
-            权限ID
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.RolePermissions.CreateTime">
+        <member name="P:AntSK.Domain.Repositories.UserRoles.CreateTime">
             <summary>
             创建时间
             </summary>
@@ -956,31 +981,6 @@
             菜单权限
             </summary>
         </member>
-        <member name="T:AntSK.Domain.Repositories.UserRoles">
-            <summary>
-            用户角色关联表
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.UserRoles.Id">
-            <summary>
-            关联ID
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.UserRoles.UserId">
-            <summary>
-            用户ID
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.UserRoles.RoleId">
-            <summary>
-            角色ID
-            </summary>
-        </member>
-        <member name="P:AntSK.Domain.Repositories.UserRoles.CreateTime">
-            <summary>
-            创建时间
-            </summary>
-        </member>
         <member name="M:AntSK.Domain.Utils.ConvertUtils.IsNull(System.Object)">
             <summary>
             判断是否为空，为空返回true