From 298ce52fc76862e061b6d8282addfb0a7e8b9142 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Sun, 14 Dec 2025 00:11:13 -0800
Subject: [PATCH] =?UTF-8?q?fix(authorization):=20=E4=BF=AE=E5=A4=8D=20gran?=
 =?UTF-8?q?tCityCompany=20=E4=B8=9A=E5=8A=A1=E9=AA=8C=E8=AF=81=E9=80=BB?=
 =?UTF-8?q?=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 添加市区域/省区域互斥检查：同一用户不能同时拥有两种身份
- 添加用户市区域唯一性检查：一个用户只能有一个市区域角色
- 添加城市全局唯一性检查：同一城市只允许一个市区域角色
- 移除错误的 validateAuthorizationRequest 调用（该方法只适用于团队角色）

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../authorization-application.service.ts      | 45 +++++++++++++------
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/backend/services/authorization-service/src/application/services/authorization-application.service.ts b/backend/services/authorization-service/src/application/services/authorization-application.service.ts
index 513fc7d4..f77b1623 100644
--- a/backend/services/authorization-service/src/application/services/authorization-application.service.ts
+++ b/backend/services/authorization-service/src/application/services/authorization-application.service.ts
@@ -304,27 +304,46 @@ export class AuthorizationApplicationService {
 
   /**
    * 管理员授权正式市公司（市区域）
-   * 需要验证团队内唯一性：同一推荐链上不能有重复的相同城市授权
+   *
+   * 业务规则：
+   * - 同一个用户不能同时拥有市区域和省区域两种身份
+   * - 同一个城市只允许一个市区域角色被授权
    */
   async grantCityCompany(command: GrantCityCompanyCommand): Promise<void> {
     const userId = UserId.create(command.userId, command.accountSequence)
     const adminId = AdminUserId.create(command.adminId, command.adminAccountSequence)
-    const regionCode = RegionCode.create(command.cityCode)
 
-    // 1. 验证团队内唯一性（同一推荐链上不能有重复的相同城市授权）
-    const validation = await this.validatorService.validateAuthorizationRequest(
-      userId,
-      RoleType.CITY_COMPANY,
-      regionCode,
-      this.referralRepository,
-      this.authorizationRepository,
+    // 1. 检查用户是否已有省区域授权（市区域和省区域互斥）
+    const existingProvinceCompany = await this.authorizationRepository.findByAccountSequenceAndRoleType(
+      command.accountSequence,
+      RoleType.PROVINCE_COMPANY,
     )
-
-    if (!validation.isValid) {
-      throw new ApplicationError(validation.errorMessage!)
+    if (existingProvinceCompany && existingProvinceCompany.status !== AuthorizationStatus.REVOKED) {
+      throw new ApplicationError(
+        `用户 ${command.accountSequence} 已拥有省区域角色「${existingProvinceCompany.regionName}」，不能同时拥有市区域角色`,
+      )
     }
 
-    // 2. 创建授权
+    // 2. 检查用户是否已有市区域授权（一个用户只能有一个市区域）
+    const existingCityCompany = await this.authorizationRepository.findByAccountSequenceAndRoleType(
+      command.accountSequence,
+      RoleType.CITY_COMPANY,
+    )
+    if (existingCityCompany && existingCityCompany.status !== AuthorizationStatus.REVOKED) {
+      throw new ApplicationError(
+        `用户 ${command.accountSequence} 已拥有市区域角色「${existingCityCompany.regionName}」，不能重复授权`,
+      )
+    }
+
+    // 3. 检查该城市是否已有市区域授权（同一城市全局唯一）
+    const existingCityRegion = await this.authorizationRepository.findCityCompanyByRegion(command.cityCode)
+    if (existingCityRegion && existingCityRegion.status !== AuthorizationStatus.REVOKED) {
+      throw new ApplicationError(
+        `城市「${command.cityName}」已有市区域角色授权给用户 ${existingCityRegion.userId.accountSequence}，不能重复授权`,
+      )
+    }
+
+    // 4. 创建授权
     const authorization = AuthorizationRole.createCityCompany({
       userId,
       cityCode: command.cityCode,