fix(authorization): allow admin tokens without accountSequence field

Admin JWT tokens from identity-service don't include the accountSequence
field (only userId, email, role, type). This caused a 400 error with
message "管理员账户序列号不能为空" when admins tried to grant authorizations.

Changes:
- Update AdminUserId value object to make accountSequence optional
- Use 'ADMIN' as default value when accountSequence is not provided
- Update all controller methods to handle optional accountSequence

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/services/authorization-service/src/api/controllers/admin-authorization.controller.ts

@@ -72,14 +72,14 @@ export class AdminAuthorizationController {
   @ApiOperation({ summary: '撤销授权（管理员）' })
   @ApiResponse({ status: 200, description: '撤销成功' })
   async revokeAuthorization(
-    @CurrentUser() user: { userId: string; accountSequence: string },
+    @CurrentUser() user: { userId: string; accountSequence?: string },
     @Param('id') authorizationId: string,
     @Body() dto: RevokeAuthorizationDto,
   ): Promise<{ message: string }> {
     const command = new RevokeAuthorizationCommand(
       authorizationId,
       dto.reason,
-      user.accountSequence,
+      user.accountSequence || 'ADMIN',
     )
     await this.applicationService.revokeAuthorization(command)
     return { message: '授权已撤销' }
@@ -90,7 +90,7 @@ export class AdminAuthorizationController {
   @ApiOperation({ summary: '授权社区（管理员）' })
   @ApiResponse({ status: 201, description: '授权成功' })
   async grantCommunity(
-    @CurrentUser() user: { userId: string; accountSequence: string },
+    @CurrentUser() user: { userId: string; accountSequence?: string },
     @Body() dto: GrantCommunityDto,
   ): Promise<{ message: string }> {
     const command = new GrantCommunityCommand(
@@ -98,7 +98,7 @@ export class AdminAuthorizationController {
       dto.accountSequence,
       dto.communityName,
       user.userId,
-      user.accountSequence,
+      user.accountSequence || 'ADMIN',
       dto.skipAssessment ?? false,
     )
     await this.applicationService.grantCommunity(command)
@@ -110,7 +110,7 @@ export class AdminAuthorizationController {
   @ApiOperation({ summary: '授权正式省公司（管理员）' })
   @ApiResponse({ status: 201, description: '授权成功' })
   async grantProvinceCompany(
-    @CurrentUser() user: { userId: string; accountSequence: string },
+    @CurrentUser() user: { userId: string; accountSequence?: string },
     @Body() dto: GrantProvinceCompanyDto,
   ): Promise<{ message: string }> {
     const command = new GrantProvinceCompanyCommand(
@@ -119,7 +119,7 @@ export class AdminAuthorizationController {
       dto.provinceCode,
       dto.provinceName,
       user.userId,
-      user.accountSequence,
+      user.accountSequence || 'ADMIN',
       dto.skipAssessment ?? false,
     )
     await this.applicationService.grantProvinceCompany(command)
@@ -131,7 +131,7 @@ export class AdminAuthorizationController {
   @ApiOperation({ summary: '授权正式市公司（管理员）' })
   @ApiResponse({ status: 201, description: '授权成功' })
   async grantCityCompany(
-    @CurrentUser() user: { userId: string; accountSequence: string },
+    @CurrentUser() user: { userId: string; accountSequence?: string },
     @Body() dto: GrantCityCompanyDto,
   ): Promise<{ message: string }> {
     const command = new GrantCityCompanyCommand(
@@ -140,7 +140,7 @@ export class AdminAuthorizationController {
       dto.cityCode,
       dto.cityName,
       user.userId,
-      user.accountSequence,
+      user.accountSequence || 'ADMIN',
       dto.skipAssessment ?? false,
     )
     await this.applicationService.grantCityCompany(command)
@@ -153,7 +153,7 @@ export class AdminAuthorizationController {
   @ApiResponse({ status: 201, description: '授权成功' })
   @ApiResponse({ status: 400, description: '验证失败（如团队内已存在相同省份授权）' })
   async grantAuthProvinceCompany(
-    @CurrentUser() user: { userId: string; accountSequence: string },
+    @CurrentUser() user: { userId: string; accountSequence?: string },
     @Body() dto: GrantAuthProvinceCompanyDto,
   ): Promise<{ message: string }> {
     const command = new GrantAuthProvinceCompanyCommand(
@@ -162,7 +162,7 @@ export class AdminAuthorizationController {
       dto.provinceCode,
       dto.provinceName,
       user.userId,
-      user.accountSequence,
+      user.accountSequence || 'ADMIN',
       dto.skipAssessment ?? false,
     )
     await this.applicationService.grantAuthProvinceCompany(command)
@@ -175,7 +175,7 @@ export class AdminAuthorizationController {
   @ApiResponse({ status: 201, description: '授权成功' })
   @ApiResponse({ status: 400, description: '验证失败（如团队内已存在相同城市授权）' })
   async grantAuthCityCompany(
-    @CurrentUser() user: { userId: string; accountSequence: string },
+    @CurrentUser() user: { userId: string; accountSequence?: string },
     @Body() dto: GrantAuthCityCompanyDto,
   ): Promise<{ message: string }> {
     const command = new GrantAuthCityCompanyCommand(
@@ -184,7 +184,7 @@ export class AdminAuthorizationController {
       dto.cityCode,
       dto.cityName,
       user.userId,
-      user.accountSequence,
+      user.accountSequence || 'ADMIN',
       dto.skipAssessment ?? false,
     )
     await this.applicationService.grantAuthCityCompany(command)

backend/services/authorization-service/src/domain/value-objects/user-id.vo.ts

@@ -34,13 +34,12 @@ export class AdminUserId {
     if (!value) {
       throw new DomainError('管理员ID不能为空')
     }
-    if (accountSequence === undefined || accountSequence === null) {
+    // 管理员账户序列号可以为空（管理员token没有accountSequence字段）
-      throw new DomainError('管理员账户序列号不能为空')
+    // 使用 'ADMIN' 作为默认值
-    }
   }
 
-  static create(value: string, accountSequence: string): AdminUserId {
+  static create(value: string, accountSequence?: string): AdminUserId {
-    return new AdminUserId(value, accountSequence)
+    return new AdminUserId(value, accountSequence || 'ADMIN')
   }
 
   equals(other: AdminUserId): boolean {