From 5ec918a2f95ead7d44a55f19ca4d34d227c36b50 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 6 Nov 2025 02:04:11 +0000
Subject: [PATCH] Add role-based authorization entities, repositories and UI
 pages

Co-authored-by: xuzeyu91 <26290929+xuzeyu91@users.noreply.github.com>
---
 src/AntSK.Domain/AntSK.Domain.xml             | 120 ++++++++++++++++++
 .../DependencyInjection/InitExtensions.cs     |  87 +++++++++++++
 .../Permission/IPermissions_Repositories.cs   |   8 ++
 .../Setting/Permission/Permissions.cs         |  46 +++++++
 .../Permission/Permissions_Repositories.cs    |  10 ++
 .../Setting/Role/IRoles_Repositories.cs       |   8 ++
 .../Repositories/Setting/Role/Roles.cs        |  45 +++++++
 .../Setting/Role/Roles_Repositories.cs        |  10 ++
 .../IRolePermissions_Repositories.cs          |   8 ++
 .../Setting/RolePermission/RolePermissions.cs |  32 +++++
 .../RolePermissions_Repositories.cs           |  10 ++
 .../UserRole/IUserRoles_Repositories.cs       |   8 ++
 .../Setting/UserRole/UserRoles.cs             |  32 +++++
 .../UserRole/UserRoles_Repositories.cs        |  10 ++
 src/AntSK/Models/UserSession.cs               |   2 +
 src/AntSK/Pages/Setting/Role/AddRole.razor    |  61 +++++++++
 src/AntSK/Pages/Setting/Role/AddRole.razor.cs | 103 +++++++++++++++
 src/AntSK/Pages/Setting/Role/RoleList.razor   |  72 +++++++++++
 .../Pages/Setting/Role/RoleList.razor.cs      |  84 ++++++++++++
 src/AntSK/Pages/Setting/User/AddUser.razor    |  16 +++
 src/AntSK/Pages/Setting/User/AddUser.razor.cs |  50 ++++++++
 src/AntSK/Services/Auth/AntSKAuthProvider.cs  |  76 +++++++++--
 22 files changed, 887 insertions(+), 11 deletions(-)
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Role/Roles.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs
 create mode 100644 src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs
 create mode 100644 src/AntSK/Pages/Setting/Role/AddRole.razor
 create mode 100644 src/AntSK/Pages/Setting/Role/AddRole.razor.cs
 create mode 100644 src/AntSK/Pages/Setting/Role/RoleList.razor
 create mode 100644 src/AntSK/Pages/Setting/Role/RoleList.razor.cs

diff --git a/src/AntSK.Domain/AntSK.Domain.xml b/src/AntSK.Domain/AntSK.Domain.xml
index 5839d84..f58ab5f 100644
--- a/src/AntSK.Domain/AntSK.Domain.xml
+++ b/src/AntSK.Domain/AntSK.Domain.xml
@@ -836,6 +836,101 @@
             部署名，azure需要使用
             </summary>
         </member>
+        <member name="T:AntSK.Domain.Repositories.Permissions">
+            <summary>
+            权限表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Id">
+            <summary>
+            权限ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Name">
+            <summary>
+            权限名称
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Code">
+            <summary>
+            权限编码
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Type">
+            <summary>
+            权限类型（Menu-菜单权限, Operation-操作权限）
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.Description">
+            <summary>
+            权限描述
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Permissions.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
+        <member name="T:AntSK.Domain.Repositories.Roles">
+            <summary>
+            角色表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Id">
+            <summary>
+            角色ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Name">
+            <summary>
+            角色名称
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Code">
+            <summary>
+            角色编码
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.Description">
+            <summary>
+            角色描述
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.IsEnabled">
+            <summary>
+            是否启用
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.Roles.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
+        <member name="T:AntSK.Domain.Repositories.RolePermissions">
+            <summary>
+            角色权限关联表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.Id">
+            <summary>
+            关联ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.RoleId">
+            <summary>
+            角色ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.PermissionId">
+            <summary>
+            权限ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.RolePermissions.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
         <member name="P:AntSK.Domain.Repositories.Users.No">
             <summary>
             工号，用于登陆
@@ -861,6 +956,31 @@
             菜单权限
             </summary>
         </member>
+        <member name="T:AntSK.Domain.Repositories.UserRoles">
+            <summary>
+            用户角色关联表
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.Id">
+            <summary>
+            关联ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.UserId">
+            <summary>
+            用户ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.RoleId">
+            <summary>
+            角色ID
+            </summary>
+        </member>
+        <member name="P:AntSK.Domain.Repositories.UserRoles.CreateTime">
+            <summary>
+            创建时间
+            </summary>
+        </member>
         <member name="M:AntSK.Domain.Utils.ConvertUtils.IsNull(System.Object)">
             <summary>
             判断是否为空，为空返回true
diff --git a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
index 4a49eec..7783614 100644
--- a/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
+++ b/src/AntSK.Domain/Common/DependencyInjection/InitExtensions.cs
@@ -81,10 +81,97 @@ namespace AntSK.Domain.Common.DependencyInjection
                     llamafactoryStart.Value = "false";
                     _dic_Repository.Insert(llamafactoryStart);
                 }
+
+                // 初始化角色和权限
+                InitRolesAndPermissions(scope.ServiceProvider);
+
                 _logger.LogInformation("初始化数据库初始数据完成");
             }
             return app;
         }
+
+        private static void InitRolesAndPermissions(IServiceProvider serviceProvider)
+        {
+            var _roles_Repository = serviceProvider.GetRequiredService<IRoles_Repositories>();
+            var _permissions_Repository = serviceProvider.GetRequiredService<IPermissions_Repositories>();
+            var _rolePermissions_Repository = serviceProvider.GetRequiredService<IRolePermissions_Repositories>();
+
+            // 检查是否已经初始化
+            if (_roles_Repository.IsAny(r => r.Code == "Admin"))
+            {
+                return;
+            }
+
+            // 创建管理员角色
+            var adminRole = new Roles
+            {
+                Id = Guid.NewGuid().ToString(),
+                Name = "管理员",
+                Code = "Admin",
+                Description = "系统管理员，拥有所有权限",
+                IsEnabled = true,
+                CreateTime = DateTime.Now
+            };
+            _roles_Repository.Insert(adminRole);
+
+            // 创建普通用户角色
+            var userRole = new Roles
+            {
+                Id = Guid.NewGuid().ToString(),
+                Name = "普通用户",
+                Code = "User",
+                Description = "普通用户，拥有基本功能权限",
+                IsEnabled = true,
+                CreateTime = DateTime.Now
+            };
+            _roles_Repository.Insert(userRole);
+
+            // 创建菜单权限
+            var menuPermissions = new List<Permissions>
+            {
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "聊天", Code = "chat", Type = "Menu", Description = "聊天功能权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "应用", Code = "app", Type = "Menu", Description = "应用管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "知识库", Code = "kms", Type = "Menu", Description = "知识库管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "API管理", Code = "plugins.apilist", Type = "Menu", Description = "API管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "函数管理", Code = "plugins.funlist", Type = "Menu", Description = "函数管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "模型管理", Code = "modelmanager.modellist", Type = "Menu", Description = "模型管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "用户管理", Code = "setting.user", Type = "Menu", Description = "用户管理权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "聊天记录", Code = "setting.chathistory", Type = "Menu", Description = "聊天记录权限" },
+                new Permissions { Id = Guid.NewGuid().ToString(), Name = "删除向量表", Code = "setting.delkms", Type = "Menu", Description = "删除向量表权限" }
+            };
+
+            foreach (var permission in menuPermissions)
+            {
+                _permissions_Repository.Insert(permission);
+            }
+
+            // 为管理员角色分配所有权限
+            foreach (var permission in menuPermissions)
+            {
+                _rolePermissions_Repository.Insert(new RolePermissions
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    RoleId = adminRole.Id,
+                    PermissionId = permission.Id,
+                    CreateTime = DateTime.Now
+                });
+            }
+
+            // 为普通用户角色分配基本权限（聊天、应用、知识库）
+            var basicPermissions = menuPermissions.Where(p => p.Code == "chat" || p.Code == "app" || p.Code == "kms").ToList();
+            foreach (var permission in basicPermissions)
+            {
+                _rolePermissions_Repository.Insert(new RolePermissions
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    RoleId = userRole.Id,
+                    PermissionId = permission.Id,
+                    CreateTime = DateTime.Now
+                });
+            }
+
+            _logger.LogInformation("初始化角色和权限完成");
+        }
         /// <summary>
         /// 加载数据库的插件
         /// </summary>
diff --git a/src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs
new file mode 100644
index 0000000..3f89833
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Permission/IPermissions_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IPermissions_Repositories : IRepository<Permissions>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs
new file mode 100644
index 0000000..de3812b
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions.cs
@@ -0,0 +1,46 @@
+using SqlSugar;
+using System.ComponentModel.DataAnnotations;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 权限表
+    /// </summary>
+    [SugarTable("Permissions")]
+    public partial class Permissions
+    {
+        /// <summary>
+        /// 权限ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 权限名称
+        /// </summary>
+        [Required]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// 权限编码
+        /// </summary>
+        [Required]
+        public string Code { get; set; }
+
+        /// <summary>
+        /// 权限类型（Menu-菜单权限, Operation-操作权限）
+        /// </summary>
+        [Required]
+        public string Type { get; set; }
+
+        /// <summary>
+        /// 权限描述
+        /// </summary>
+        public string? Description { get; set; }
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs
new file mode 100644
index 0000000..a780c78
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Permission/Permissions_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IPermissions_Repositories), ServiceLifetime.Scoped)]
+    public class Permissions_Repositories : Repository<Permissions>, IPermissions_Repositories
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs
new file mode 100644
index 0000000..76be31b
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Role/IRoles_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IRoles_Repositories : IRepository<Roles>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Role/Roles.cs b/src/AntSK.Domain/Repositories/Setting/Role/Roles.cs
new file mode 100644
index 0000000..65c72fd
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Role/Roles.cs
@@ -0,0 +1,45 @@
+using SqlSugar;
+using System.ComponentModel.DataAnnotations;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 角色表
+    /// </summary>
+    [SugarTable("Roles")]
+    public partial class Roles
+    {
+        /// <summary>
+        /// 角色ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 角色名称
+        /// </summary>
+        [Required]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// 角色编码
+        /// </summary>
+        [Required]
+        public string Code { get; set; }
+
+        /// <summary>
+        /// 角色描述
+        /// </summary>
+        public string? Description { get; set; }
+
+        /// <summary>
+        /// 是否启用
+        /// </summary>
+        public bool IsEnabled { get; set; } = true;
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs
new file mode 100644
index 0000000..0670279
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/Role/Roles_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IRoles_Repositories), ServiceLifetime.Scoped)]
+    public class Roles_Repositories : Repository<Roles>, IRoles_Repositories
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs
new file mode 100644
index 0000000..692e1e8
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/RolePermission/IRolePermissions_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IRolePermissions_Repositories : IRepository<RolePermissions>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs
new file mode 100644
index 0000000..a2bb891
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions.cs
@@ -0,0 +1,32 @@
+using SqlSugar;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 角色权限关联表
+    /// </summary>
+    [SugarTable("RolePermissions")]
+    public partial class RolePermissions
+    {
+        /// <summary>
+        /// 关联ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 角色ID
+        /// </summary>
+        public string RoleId { get; set; }
+
+        /// <summary>
+        /// 权限ID
+        /// </summary>
+        public string PermissionId { get; set; }
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs
new file mode 100644
index 0000000..ff2e42f
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/RolePermission/RolePermissions_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IRolePermissions_Repositories), ServiceLifetime.Scoped)]
+    public class RolePermissions_Repositories : Repository<RolePermissions>, IRolePermissions_Repositories
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs
new file mode 100644
index 0000000..89955d0
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/UserRole/IUserRoles_Repositories.cs
@@ -0,0 +1,8 @@
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    public interface IUserRoles_Repositories : IRepository<UserRoles>
+    {
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs
new file mode 100644
index 0000000..85ac6d2
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles.cs
@@ -0,0 +1,32 @@
+using SqlSugar;
+
+namespace AntSK.Domain.Repositories
+{
+    /// <summary>
+    /// 用户角色关联表
+    /// </summary>
+    [SugarTable("UserRoles")]
+    public partial class UserRoles
+    {
+        /// <summary>
+        /// 关联ID
+        /// </summary>
+        [SugarColumn(IsPrimaryKey = true)]
+        public string Id { get; set; }
+
+        /// <summary>
+        /// 用户ID
+        /// </summary>
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// 角色ID
+        /// </summary>
+        public string RoleId { get; set; }
+
+        /// <summary>
+        /// 创建时间
+        /// </summary>
+        public DateTime CreateTime { get; set; } = DateTime.Now;
+    }
+}
diff --git a/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs
new file mode 100644
index 0000000..c3921df
--- /dev/null
+++ b/src/AntSK.Domain/Repositories/Setting/UserRole/UserRoles_Repositories.cs
@@ -0,0 +1,10 @@
+using AntSK.Domain.Common.DependencyInjection;
+using AntSK.Domain.Repositories.Base;
+
+namespace AntSK.Domain.Repositories
+{
+    [ServiceDescription(typeof(IUserRoles_Repositories), ServiceLifetime.Scoped)]
+    public class UserRoles_Repositories : Repository<UserRoles>, IUserRoles_Repositories
+    {
+    }
+}
diff --git a/src/AntSK/Models/UserSession.cs b/src/AntSK/Models/UserSession.cs
index a3370fb..ac60137 100644
--- a/src/AntSK/Models/UserSession.cs
+++ b/src/AntSK/Models/UserSession.cs
@@ -4,5 +4,7 @@
     {
         public string UserName { get; set; }
         public string Role { get; set; }
+        public List<string>? Roles { get; set; }
+        public List<string>? Permissions { get; set; }
     }
 }
diff --git a/src/AntSK/Pages/Setting/Role/AddRole.razor b/src/AntSK/Pages/Setting/Role/AddRole.razor
new file mode 100644
index 0000000..64c1bee
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/AddRole.razor
@@ -0,0 +1,61 @@
+@namespace AntSK.Pages.Setting.Role
+@using AntSK.Domain.Repositories
+@using AntSK.Models
+@page "/setting/role/add"
+@page "/setting/role/add/{RoleId}"
+@using AntSK.Services.Auth
+@inherits AuthComponentBase
+@using Microsoft.AspNetCore.Authorization
+@attribute [Authorize(Roles = "AntSKAdmin")]
+
+<PageContainer Title="新增角色">
+    <ChildContent>
+        <Card>
+            <Form Model="@_roleModel"
+                  Style="margin-top: 8px;"
+                  OnFinish="HandleSubmit">
+                <FormItem Label="角色名称" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Input Placeholder="请输入角色名称" @bind-Value="@context.Name" />
+                </FormItem>
+                <FormItem Label="角色编码" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Input Placeholder="请输入角色编码" @bind-Value="@context.Code" />
+                </FormItem>
+                <FormItem Label="角色描述" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Input Placeholder="请输入角色描述" @bind-Value="@context.Description" />
+                </FormItem>
+                <FormItem Label="是否启用" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Switch @bind-Checked="@context.IsEnabled" />
+                </FormItem>
+
+                <FormItem Label="权限分配" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Select Mode="multiple"
+                            @bind-Values="_permissionIds"
+                            Placeholder="选择权限"
+                            TItemValue="string"
+                            TItem="string"
+                            Size="@AntSizeLDSType.Default">
+                        <SelectOptions>
+                            @foreach (var permission in _allPermissions)
+                            {
+                                <SelectOption TItem="string" TItemValue="string" Value="@permission.Id" Label="@permission.Name" />
+                            }
+                        </SelectOptions>
+                    </Select>
+                </FormItem>
+
+                <FormItem Label=" " Style="margin-top:32px" WrapperCol="LayoutModel._submitFormLayout.WrapperCol">
+                    <Button Type="primary" OnClick="HandleSubmit">
+                        保存
+                    </Button>
+                    <Button OnClick="Back">
+                        返回
+                    </Button>
+                </FormItem>
+            </Form>
+        </Card>
+    </ChildContent>
+</PageContainer>
+
+@code {
+
+}
diff --git a/src/AntSK/Pages/Setting/Role/AddRole.razor.cs b/src/AntSK/Pages/Setting/Role/AddRole.razor.cs
new file mode 100644
index 0000000..7bd591f
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/AddRole.razor.cs
@@ -0,0 +1,103 @@
+using AntDesign;
+using AntSK.Domain.Repositories;
+using Microsoft.AspNetCore.Components;
+
+namespace AntSK.Pages.Setting.Role
+{
+    public partial class AddRole
+    {
+        [Parameter]
+        public string RoleId { get; set; }
+        [Inject] protected IRoles_Repositories _roles_Repositories { get; set; }
+        [Inject] protected IPermissions_Repositories _permissions_Repositories { get; set; }
+        [Inject] protected IRolePermissions_Repositories _rolePermissions_Repositories { get; set; }
+        [Inject] protected MessageService? Message { get; set; }
+
+        private Roles _roleModel = new Roles();
+        private List<Permissions> _allPermissions = new List<Permissions>();
+        private IEnumerable<string> _permissionIds;
+
+        protected override async Task OnInitializedAsync()
+        {
+            await base.OnInitializedAsync();
+            
+            // 加载所有权限
+            _allPermissions = _permissions_Repositories.GetList();
+
+            if (!string.IsNullOrEmpty(RoleId))
+            {
+                _roleModel = _roles_Repositories.GetFirst(p => p.Id == RoleId);
+                
+                // 加载角色已有的权限
+                var rolePermissions = _rolePermissions_Repositories.GetList(p => p.RoleId == RoleId);
+                _permissionIds = rolePermissions.Select(rp => rp.PermissionId);
+            }
+        }
+
+        private void HandleSubmit()
+        {
+            if (string.IsNullOrEmpty(RoleId))
+            {
+                //新增
+                _roleModel.Id = Guid.NewGuid().ToString();
+                _roleModel.CreateTime = DateTime.Now;
+
+                if (_roles_Repositories.IsAny(p => p.Code == _roleModel.Code))
+                {
+                    _ = Message.Error("角色编码已存在！", 2);
+                    return;
+                }
+                _roles_Repositories.Insert(_roleModel);
+
+                // 添加角色权限关联
+                if (_permissionIds != null)
+                {
+                    foreach (var permissionId in _permissionIds)
+                    {
+                        _rolePermissions_Repositories.Insert(new RolePermissions
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            RoleId = _roleModel.Id,
+                            PermissionId = permissionId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
+            }
+            else
+            {
+                //修改
+                _roles_Repositories.Update(_roleModel);
+
+                // 先删除旧的角色权限关联
+                var oldRolePermissions = _rolePermissions_Repositories.GetList(p => p.RoleId == RoleId);
+                foreach (var rp in oldRolePermissions)
+                {
+                    _rolePermissions_Repositories.Delete(rp.Id);
+                }
+
+                // 添加新的角色权限关联
+                if (_permissionIds != null)
+                {
+                    foreach (var permissionId in _permissionIds)
+                    {
+                        _rolePermissions_Repositories.Insert(new RolePermissions
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            RoleId = _roleModel.Id,
+                            PermissionId = permissionId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
+            }
+
+            Back();
+        }
+
+        private void Back()
+        {
+            NavigationManager.NavigateTo("/setting/rolelist");
+        }
+    }
+}
diff --git a/src/AntSK/Pages/Setting/Role/RoleList.razor b/src/AntSK/Pages/Setting/Role/RoleList.razor
new file mode 100644
index 0000000..035b158
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/RoleList.razor
@@ -0,0 +1,72 @@
+@namespace AntSK.Pages.Setting.Role
+@using AntSK.Domain.Repositories
+@page "/setting/rolelist"
+@inject NavigationManager NavigationManager
+@using AntSK.Services.Auth
+@inherits AuthComponentBase
+@using Microsoft.AspNetCore.Authorization
+@attribute [Authorize(Roles = "AntSKAdmin")]
+
+<div>
+    <PageContainer Title="角色管理">
+        <ChildContent>
+            <div class="standardList">
+
+                <Card Class="listCard"
+                      Title="角色列表"
+                      Style="margin-top: 24px;"
+                      BodyStyle="padding: 0 32px 40px 32px">
+                    <Extra>
+                        <div class="extraContent">
+
+                            <Search Class="extraContentSearch" Placeholder="查询" @bind-Value="_searchKeyword" OnSearch="OnSearch" />
+                        </div>
+                    </Extra>
+                    <ChildContent>
+                        <Button Type="dashed"
+                                Style="width: 100%; margin-bottom: 8px;"
+                                OnClick="AddRole">
+                            <Icon Type="plus" Theme="outline" />
+                            新增角色
+                        </Button>
+
+                        <AntList TItem="Roles"
+                                 DataSource="_data"
+                                 ItemLayout="ListItemLayout.Horizontal">
+                            <ListItem Actions="new[] {
+                            edit(()=> Edit(context.Id)),
+                            delete(async ()=>await Delete(context.Id))
+                             }" Style="width:100%">
+                                <div class="listContent" style="width:100%">
+                                    <div class="listContentItem" style="width:20%">
+                                        <b>角色名称</b>
+                                        <p>@context.Name</p>
+                                    </div>
+                                    <div class="listContentItem" style="width:20%">
+                                        <b>角色编码</b>
+                                        <p>@context.Code</p>
+                                    </div>
+                                    <div class="listContentItem" style="width:30%">
+                                        <b>描述</b>
+                                        <p>@context.Description</p>
+                                    </div>
+                                    <div class="listContentItem" style="width:15%">
+                                        <b>状态</b>
+                                        <p>@(context.IsEnabled ? "启用" : "禁用")</p>
+                                    </div>
+                                </div>
+                            </ListItem>
+                        </AntList>
+                    </ChildContent>
+                </Card>
+            </div>
+        </ChildContent>
+    </PageContainer>
+</div>
+
+@code
+{
+    RenderFragment edit(Action clickAction) =>@<a key="edit" @onclick="@clickAction">修改</a>;
+    RenderFragment delete(Action clickAction) =>@<a key="delete" @onclick="@clickAction">删除</a>;
+   
+}
diff --git a/src/AntSK/Pages/Setting/Role/RoleList.razor.cs b/src/AntSK/Pages/Setting/Role/RoleList.razor.cs
new file mode 100644
index 0000000..a199a34
--- /dev/null
+++ b/src/AntSK/Pages/Setting/Role/RoleList.razor.cs
@@ -0,0 +1,84 @@
+using AntDesign;
+using AntSK.Domain.Repositories;
+using AntSK.Models;
+using Microsoft.AspNetCore.Components;
+
+namespace AntSK.Pages.Setting.Role
+{
+    public partial class RoleList
+    {
+        private readonly BasicListFormModel _model = new BasicListFormModel();
+
+        private List<Roles> _data;
+
+        private string _searchKeyword;
+
+        [Inject]
+        protected IRoles_Repositories _roles_Repositories { get; set; }
+        [Inject]
+        protected IRolePermissions_Repositories _rolePermissions_Repositories { get; set; }
+        [Inject]
+        protected IUserRoles_Repositories _userRoles_Repositories { get; set; }
+        [Inject]
+        IConfirmService _confirmService { get; set; }
+
+        protected override async Task OnInitializedAsync()
+        {
+            await base.OnInitializedAsync();
+            await InitData();
+        }
+        private async Task InitData(string searchKey = null)
+        {
+            if (string.IsNullOrEmpty(searchKey))
+            {
+                _data = _roles_Repositories.GetList();
+            }
+            else
+            {
+                _data = _roles_Repositories.GetList(p => p.Name.Contains(searchKey) || p.Code.Contains(searchKey) || (p.Description != null && p.Description.Contains(searchKey)));
+            }
+            await InvokeAsync(StateHasChanged);
+        }
+        public async Task OnSearch()
+        {
+            await InitData(_searchKeyword);
+        }
+
+        public async Task AddRole()
+        {
+            NavigationManager.NavigateTo("/setting/role/add");
+        }
+
+        public void Edit(string roleid)
+        {
+            NavigationManager.NavigateTo("/setting/role/add/" + roleid);
+        }
+
+        public async Task Delete(string roleid)
+        {
+            var content = "是否确认删除此角色";
+            var title = "删除";
+            var result = await _confirmService.Show(content, title, ConfirmButtons.YesNo);
+            if (result == ConfirmResult.Yes)
+            {
+                // 删除角色权限关联
+                var rolePerms = _rolePermissions_Repositories.GetList(p => p.RoleId == roleid);
+                foreach (var rp in rolePerms)
+                {
+                    await _rolePermissions_Repositories.DeleteAsync(rp.Id);
+                }
+
+                // 删除用户角色关联
+                var userRoles = _userRoles_Repositories.GetList(p => p.RoleId == roleid);
+                foreach (var ur in userRoles)
+                {
+                    await _userRoles_Repositories.DeleteAsync(ur.Id);
+                }
+
+                // 删除角色
+                await _roles_Repositories.DeleteAsync(roleid);
+                await InitData("");
+            }
+        }
+    }
+}
diff --git a/src/AntSK/Pages/Setting/User/AddUser.razor b/src/AntSK/Pages/Setting/User/AddUser.razor
index 640b7ac..7df12a2 100644
--- a/src/AntSK/Pages/Setting/User/AddUser.razor
+++ b/src/AntSK/Pages/Setting/User/AddUser.razor
@@ -43,6 +43,22 @@
                     </Select>
                 </FormItem>
 
+                <FormItem Label="角色分配" LabelCol="LayoutModel._formItemLayout.LabelCol" WrapperCol="LayoutModel._formItemLayout.WrapperCol">
+                    <Select Mode="multiple"
+                            @bind-Values="_roleIds"
+                            Placeholder="选择角色"
+                            TItemValue="string"
+                            TItem="string"
+                            Size="@AntSizeLDSType.Default">
+                        <SelectOptions>
+                            @foreach (var role in _allRoles)
+                            {
+                                <SelectOption TItem="string" TItemValue="string" Value="@role.Id" Label="@role.Name" />
+                            }
+                        </SelectOptions>
+                    </Select>
+                </FormItem>
+
                 <FormItem Label=" " Style="margin-top:32px" WrapperCol="LayoutModel._submitFormLayout.WrapperCol">
                     <Button Type="primary" OnClick="HandleSubmit">
                         保存
diff --git a/src/AntSK/Pages/Setting/User/AddUser.razor.cs b/src/AntSK/Pages/Setting/User/AddUser.razor.cs
index 7b31577..26315d0 100644
--- a/src/AntSK/Pages/Setting/User/AddUser.razor.cs
+++ b/src/AntSK/Pages/Setting/User/AddUser.razor.cs
@@ -12,21 +12,34 @@ namespace AntSK.Pages.Setting.User
         [Parameter]
         public string UserId { get; set; }
         [Inject] protected IUsers_Repositories _users_Repositories { get; set; }
+        [Inject] protected IRoles_Repositories _roles_Repositories { get; set; }
+        [Inject] protected IUserRoles_Repositories _userRoles_Repositories { get; set; }
         [Inject] protected MessageService? Message { get; set; }
         [Inject] public HttpClient HttpClient { get; set; }
 
         private Users _userModel = new Users();
         private string _password = "";
         IEnumerable<string> _menuKeys;
+        IEnumerable<string> _roleIds;
 
         private List<MenuDataItem> menuList = new List<MenuDataItem>();
+        private List<Roles> _allRoles = new List<Roles>();
+
         protected override async Task OnInitializedAsync()
         {
             await base.OnInitializedAsync();
+            
+            // 加载所有角色
+            _allRoles = _roles_Repositories.GetList(r => r.IsEnabled);
+
             if (!string.IsNullOrEmpty(UserId))
             {
                 _userModel = _users_Repositories.GetFirst(p => p.Id == UserId);
                 _password = _userModel.Password;
+
+                // 加载用户已有的角色
+                var userRoles = _userRoles_Repositories.GetList(p => p.UserId == UserId);
+                _roleIds = userRoles.Select(ur => ur.RoleId);
             }
             menuList = (await HttpClient.GetFromJsonAsync<MenuDataItem[]>("data/menu.json")).ToList().Where(p => p.Key != "setting").ToList();
             _menuKeys = _userModel.MenuRole?.Split(",");
@@ -52,6 +65,21 @@ namespace AntSK.Pages.Setting.User
                 }
                 _userModel.Password = PasswordUtil.HashPassword(_userModel.Password);
                 _users_Repositories.Insert(_userModel);
+
+                // 添加用户角色关联
+                if (_roleIds != null)
+                {
+                    foreach (var roleId in _roleIds)
+                    {
+                        _userRoles_Repositories.Insert(new UserRoles
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            UserId = _userModel.Id,
+                            RoleId = roleId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
             }
             else
             {
@@ -61,6 +89,28 @@ namespace AntSK.Pages.Setting.User
                     _userModel.Password = PasswordUtil.HashPassword(_userModel.Password);
                 }
                 _users_Repositories.Update(_userModel);
+
+                // 先删除旧的用户角色关联
+                var oldUserRoles = _userRoles_Repositories.GetList(p => p.UserId == UserId);
+                foreach (var ur in oldUserRoles)
+                {
+                    _userRoles_Repositories.Delete(ur.Id);
+                }
+
+                // 添加新的用户角色关联
+                if (_roleIds != null)
+                {
+                    foreach (var roleId in _roleIds)
+                    {
+                        _userRoles_Repositories.Insert(new UserRoles
+                        {
+                            Id = Guid.NewGuid().ToString(),
+                            UserId = _userModel.Id,
+                            RoleId = roleId,
+                            CreateTime = DateTime.Now
+                        });
+                    }
+                }
             }
 
             Back();
diff --git a/src/AntSK/Services/Auth/AntSKAuthProvider.cs b/src/AntSK/Services/Auth/AntSKAuthProvider.cs
index 73526e7..9d89d19 100644
--- a/src/AntSK/Services/Auth/AntSKAuthProvider.cs
+++ b/src/AntSK/Services/Auth/AntSKAuthProvider.cs
@@ -10,6 +10,10 @@ namespace AntSK.Services.Auth
 {
     public class AntSKAuthProvider(
         IUsers_Repositories _users_Repositories,
+        IUserRoles_Repositories _userRoles_Repositories,
+        IRoles_Repositories _roles_Repositories,
+        IRolePermissions_Repositories _rolePermissions_Repositories,
+        IPermissions_Repositories _permissions_Repositories,
         ProtectedSessionStorage _protectedSessionStore
         ) : AuthenticationStateProvider
     {
@@ -29,13 +33,18 @@ namespace AntSK.Services.Auth
                     new Claim(ClaimTypes.Role, AdminRole)
                 };
                 identity = new ClaimsIdentity(claims, AdminRole);
-                await _protectedSessionStore.SetAsync("UserSession", new UserSession() { UserName = username, Role = AdminRole });
+                await _protectedSessionStore.SetAsync("UserSession", new UserSession() 
+                { 
+                    UserName = username, 
+                    Role = AdminRole,
+                    Roles = new List<string> { AdminRole },
+                    Permissions = new List<string>()
+                });
                 NotifyAuthenticationStateChanged(GetAuthenticationStateAsync());
                 return true;
             }
             else
             {
-                string UserRole = "AntSKUser";
                 if (user.IsNull())
                 {
                     return false;
@@ -44,13 +53,42 @@ namespace AntSK.Services.Auth
                 {
                     return false;
                 }
+
+                // 获取用户的角色和权限
+                var userRoles = _userRoles_Repositories.GetList(p => p.UserId == user.Id);
+                var roleIds = userRoles.Select(ur => ur.RoleId).ToList();
+                var roles = _roles_Repositories.GetList(r => roleIds.Contains(r.Id) && r.IsEnabled);
+                
+                // 获取角色的权限
+                var rolePermissions = _rolePermissions_Repositories.GetList(rp => roleIds.Contains(rp.RoleId));
+                var permissionIds = rolePermissions.Select(rp => rp.PermissionId).Distinct().ToList();
+                var permissions = _permissions_Repositories.GetList(p => permissionIds.Contains(p.Id));
+
+                // 如果没有角色，使用默认角色
+                string defaultRole = "AntSKUser";
+                var roleList = roles.Any() ? roles.Select(r => r.Code).ToList() : new List<string> { defaultRole };
+                var permissionList = permissions.Select(p => p.Code).ToList();
+
                 // 用户认证成功，创建用户的ClaimsIdentity
-                var claims = new[] { 
-                     new Claim(ClaimTypes.Name, username),
-                    new Claim(ClaimTypes.Role, UserRole)
-                     };
-                identity = new ClaimsIdentity(claims, UserRole);
-                await _protectedSessionStore.SetAsync("UserSession", new UserSession() { UserName = username, Role = UserRole });
+                var claims = new List<Claim>
+                {
+                    new Claim(ClaimTypes.Name, username)
+                };
+
+                // 添加所有角色到Claims
+                foreach (var role in roleList)
+                {
+                    claims.Add(new Claim(ClaimTypes.Role, role));
+                }
+
+                identity = new ClaimsIdentity(claims, roleList.FirstOrDefault() ?? defaultRole);
+                await _protectedSessionStore.SetAsync("UserSession", new UserSession() 
+                { 
+                    UserName = username, 
+                    Role = roleList.FirstOrDefault() ?? defaultRole,
+                    Roles = roleList,
+                    Permissions = permissionList
+                });
                 NotifyAuthenticationStateChanged(GetAuthenticationStateAsync());
                 return true;
             }
@@ -68,9 +106,25 @@ namespace AntSK.Services.Auth
             var userSession = userSessionStorageResult.Success ? userSessionStorageResult.Value : null;
             if (userSession.IsNotNull())
             {
-                var claims = new[] {
-                    new Claim(ClaimTypes.Name, userSession.UserName),
-                    new Claim( ClaimTypes.Role, userSession.Role) };
+                var claims = new List<Claim>
+                {
+                    new Claim(ClaimTypes.Name, userSession.UserName)
+                };
+
+                // 添加所有角色到Claims
+                if (userSession.Roles != null && userSession.Roles.Any())
+                {
+                    foreach (var role in userSession.Roles)
+                    {
+                        claims.Add(new Claim(ClaimTypes.Role, role));
+                    }
+                }
+                else
+                {
+                    // 向后兼容，使用单个Role
+                    claims.Add(new Claim(ClaimTypes.Role, userSession.Role));
+                }
+
                 identity = new ClaimsIdentity(claims, userSession.Role);
             }
             var user = new ClaimsPrincipal(identity);