fix(authorization-service): 社区授权唯一性约束

- 一个用户只能拥有一个社区角色 - 社区名称全局唯一，不允许重复 - 添加 findCommunityByName repository 方法 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-14 00:04:24 -08:00 · 2025-12-14 00:04:24 -08:00 · 10ce981111
parent 95e1cdffba
commit 10ce981111
3 changed files with 38 additions and 0 deletions
--- a/backend/services/authorization-service/src/application/services/authorization-application.service.ts
+++ b/backend/services/authorization-service/src/application/services/authorization-application.service.ts
@ -225,11 +225,35 @@ export class AuthorizationApplicationService {

  /**
   * 管理员直接授权社区
+   *
+   * 业务规则：
+   * - 一个用户只能拥有一个社区角色
+   * - 社区名称全局唯一，不允许重复
   */
  async grantCommunity(command: GrantCommunityCommand): Promise<void> {
    const userId = UserId.create(command.userId, command.accountSequence)
    const adminId = AdminUserId.create(command.adminId, command.adminAccountSequence)

+    // 1. 检查用户是否已有社区角色
+    const existingUserCommunity = await this.authorizationRepository.findByAccountSequenceAndRoleType(
+      command.accountSequence,
+      RoleType.COMMUNITY,
+    )
+    if (existingUserCommunity) {
+      throw new ApplicationError(
+        `用户 ${command.accountSequence} 已拥有社区角色「${existingUserCommunity.displayTitle}」，不能重复授权`,
+      )
+    }
+
+    // 2. 检查社区名称是否已被使用
+    const existingCommunityName = await this.authorizationRepository.findCommunityByName(command.communityName)
+    if (existingCommunityName) {
+      throw new ApplicationError(
+        `社区名称「${command.communityName}」已被使用，请选择其他名称`,
+      )
+    }
+
+    // 3. 创建社区授权
    const authorization = AuthorizationRole.createCommunity({
      userId,
      communityName: command.communityName,
--- a/backend/services/authorization-service/src/domain/repositories/authorization-role.repository.ts
+++ b/backend/services/authorization-service/src/domain/repositories/authorization-role.repository.ts
@ -92,4 +92,8 @@ export interface IAuthorizationRoleRepository {
    checkDate: Date,
    limit: number,
  ): Promise<AuthorizationRole[]>
+  /**
+   * 根据社区名称查找社区授权（用于社区名称全局唯一性校验）
+   */
+  findCommunityByName(communityName: string): Promise<AuthorizationRole | null>
 }
--- a/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
+++ b/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
@ -389,6 +389,16 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
    return records.map((record) => this.toDomain(record))
  }

+  async findCommunityByName(communityName: string): Promise<AuthorizationRole | null> {
+    const record = await this.prisma.authorizationRole.findFirst({
+      where: {
+        roleType: RoleType.COMMUNITY,
+        regionCode: communityName,
+      },
+    })
+    return record ? this.toDomain(record) : null
+  }
+
  private toDomain(record: any): AuthorizationRole {
    const props: AuthorizationRoleProps = {
      authorizationId: AuthorizationId.create(record.id),