Add multi-tenant support for roles and menus

shaofan
1 parent 402685bc
Showing 13 changed files with 493 additions and 37 deletions
src/main/java/com/diligrp/rider/controller/AdminSubstationRoleController.java
src/main/java/com/diligrp/rider/controller/AdminSubstationUserController.java
src/main/java/com/diligrp/rider/entity/SysRole.java
src/main/java/com/diligrp/rider/service/RoleScopeGuardService.java
src/main/java/com/diligrp/rider/service/SystemRoleService.java
src/main/java/com/diligrp/rider/service/impl/AdminMenuServiceImpl.java
src/main/java/com/diligrp/rider/service/impl/AdminUserManageServiceImpl.java
src/main/java/com/diligrp/rider/service/impl/MenuBootstrapServiceImpl.java
src/main/java/com/diligrp/rider/service/impl/RoleScopeGuardServiceImpl.java
src/main/java/com/diligrp/rider/service/impl/SubstationServiceImpl.java
src/main/java/com/diligrp/rider/service/impl/SystemRoleMenuServiceImpl.java
src/main/java/com/diligrp/rider/service/impl/SystemRoleServiceImpl.java
src/main/resources/schema.sql
+package com.diligrp.rider.controller;
+
+import com.diligrp.rider.common.exception.BizException;
+import com.diligrp.rider.common.result.Result;
+import com.diligrp.rider.dto.AdminRoleMenuAssignDTO;
+import com.diligrp.rider.dto.AdminRoleSaveDTO;
+import com.diligrp.rider.service.SystemRoleService;
+import com.diligrp.rider.service.impl.SystemRoleMenuServiceImpl;
+import com.diligrp.rider.vo.AdminRoleMenuTreeVO;
+import com.diligrp.rider.vo.AdminRoleVO;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+/**
+ * 分站管理员侧角色管理接口（/api/admin/system/role/**）
+ * 每个分站只能看到/操作自己 cityId 下的角色，菜单只能分配 SUBSTATION/BOTH scope
+ */
+@RestController
+@RequestMapping("/api/admin/system/role")
+@RequiredArgsConstructor
+public class AdminSubstationRoleController {
+
+    private final SystemRoleService systemRoleService;
+    private final SystemRoleMenuServiceImpl systemRoleMenuService;
+
+    @GetMapping("/list")
+    public Result<List<AdminRoleVO>> list(HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        return Result.success(systemRoleService.listByCityId(cityId));
+    }
+
+    @PostMapping("/add")
+    public Result<Void> add(@Valid @RequestBody AdminRoleSaveDTO dto, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        systemRoleService.addForCity(dto, cityId);
+        return Result.success();
+    }
+
+    @PutMapping("/edit")
+    public Result<Void> edit(@Valid @RequestBody AdminRoleSaveDTO dto, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        systemRoleService.editForCity(dto, cityId);
+        return Result.success();
+    }
+
+    @PostMapping("/ban")
+    public Result<Void> ban(@RequestParam Long id, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        systemRoleService.banForCity(id, cityId);
+        return Result.success();
+    }
+
+    @PostMapping("/cancelBan")
+    public Result<Void> cancelBan(@RequestParam Long id, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        systemRoleService.cancelBanForCity(id, cityId);
+        return Result.success();
+    }
+
+    @DeleteMapping("/del")
+    public Result<Void> del(@RequestParam Long id, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        systemRoleService.delForCity(id, cityId);
+        return Result.success();
+    }
+
+    @GetMapping("/{roleId}/menu-tree")
+    public Result<List<AdminRoleMenuTreeVO>> menuTree(@PathVariable Long roleId,
+                                                       HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        return Result.success(systemRoleMenuService.getRoleMenuTreeForCity(roleId, cityId));
+    }
+
+    @PostMapping("/{roleId}/menus")
+    public Result<Void> assignMenus(@PathVariable Long roleId,
+                                     @Valid @RequestBody AdminRoleMenuAssignDTO dto,
+                                     HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        systemRoleMenuService.assignMenusForCity(roleId, dto, cityId);
+        return Result.success();
+    }
+
+    private Long resolveCityId(HttpServletRequest request) {
+        Long cityId = (Long) request.getAttribute("cityId");
+        if (cityId == null || cityId < 1) {
+            throw new BizException("当前账号未绑定有效城市");
+        }
+        return cityId;
+    }
+}
+package com.diligrp.rider.controller;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
+import com.diligrp.rider.common.enums.AdminRoleScopeEnum;
+import com.diligrp.rider.common.exception.BizException;
+import com.diligrp.rider.common.result.Result;
+import com.diligrp.rider.dto.ChangePasswordDTO;
+import com.diligrp.rider.entity.Substation;
+import com.diligrp.rider.mapper.SubstationMapper;
+import com.diligrp.rider.service.RoleScopeGuardService;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import org.springframework.util.DigestUtils;
+import org.springframework.web.bind.annotation.*;
+
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+
+/**
+ * 分站管理员侧子账号管理接口（/api/admin/substation-user/**）
+ * 分站管理员只能管理本 cityId 下的账号
+ */
+@RestController
+@RequestMapping("/api/admin/substation-user")
+@RequiredArgsConstructor
+public class AdminSubstationUserController {
+
+    private final SubstationMapper substationMapper;
+    private final RoleScopeGuardService roleScopeGuardService;
+
+    @GetMapping("/list")
+    public Result<List<Substation>> list(@RequestParam(required = false) String keyword,
+                                          HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        Long selfId = (Long) request.getAttribute("adminId");
+        LambdaQueryWrapper<Substation> wrapper = new LambdaQueryWrapper<Substation>()
+                .eq(Substation::getCityId, cityId)
+                .ne(Substation::getId, selfId)   // 不返回自己
+                .orderByDesc(Substation::getId);
+        if (keyword != null && !keyword.isBlank()) {
+            wrapper.and(w -> w.like(Substation::getUserLogin, keyword)
+                    .or().like(Substation::getUserNickname, keyword)
+                    .or().like(Substation::getMobile, keyword));
+        }
+        List<Substation> list = substationMapper.selectList(wrapper);
+        // 隐藏密码字段
+        list.forEach(s -> s.setUserPass(null));
+        return Result.success(list);
+    }
+
+    @PostMapping("/add")
+    public Result<Void> add(@RequestBody Substation substation, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        substation.setCityId(cityId);
+
+        Long loginExists = substationMapper.selectCount(new LambdaQueryWrapper<Substation>()
+                .eq(Substation::getUserLogin, substation.getUserLogin()));
+        if (loginExists > 0) {
+            throw new BizException("账号已存在，请更换");
+        }
+        // 校验角色必须是 SUBSTATION scope 且属于本租户或全局
+        roleScopeGuardService.requireRole(substation.getRoleId(), AdminRoleScopeEnum.SUBSTATION.name(), cityId);
+
+        substation.setUserPass(encryptPass(substation.getUserPass()));
+        substation.setUserStatus(1);
+        substation.setCreateTime(System.currentTimeMillis() / 1000);
+        substationMapper.insert(substation);
+        return Result.success();
+    }
+
+    @PutMapping("/edit")
+    public Result<Void> edit(@RequestBody Substation substation, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        Substation existing = requireOwned(substation.getId(), cityId);
+
+        // 校验角色归属
+        roleScopeGuardService.requireRole(substation.getRoleId(), AdminRoleScopeEnum.SUBSTATION.name(), cityId);
+
+        substation.setCityId(existing.getCityId()); // 不允许修改城市
+        if (substation.getUserPass() == null || substation.getUserPass().isBlank()) {
+            substation.setUserPass(null);
+        } else {
+            substation.setUserPass(encryptPass(substation.getUserPass()));
+        }
+        substationMapper.updateById(substation);
+        return Result.success();
+    }
+
+    @PostMapping("/ban")
+    public Result<Void> ban(@RequestParam Long id, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        requireOwned(id, cityId);
+        substationMapper.update(null, new LambdaUpdateWrapper<Substation>()
+                .eq(Substation::getId, id).set(Substation::getUserStatus, 0));
+        return Result.success();
+    }
+
+    @PostMapping("/cancelBan")
+    public Result<Void> cancelBan(@RequestParam Long id, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        requireOwned(id, cityId);
+        substationMapper.update(null, new LambdaUpdateWrapper<Substation>()
+                .eq(Substation::getId, id).set(Substation::getUserStatus, 1));
+        return Result.success();
+    }
+
+    @DeleteMapping("/del")
+    public Result<Void> del(@RequestParam Long id, HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        requireOwned(id, cityId);
+        substationMapper.deleteById(id);
+        return Result.success();
+    }
+
+    @PostMapping("/changePassword")
+    public Result<Void> changePassword(@RequestParam Long id,
+                                        @Valid @RequestBody ChangePasswordDTO dto,
+                                        HttpServletRequest request) {
+        Long cityId = resolveCityId(request);
+        Substation sub = requireOwned(id, cityId);
+        if (!encryptPass(dto.getOldPassword()).equals(sub.getUserPass())) {
+            throw new BizException("原密码不正确");
+        }
+        if (encryptPass(dto.getNewPassword()).equals(sub.getUserPass())) {
+            throw new BizException("新密码不能与原密码相同");
+        }
+        substationMapper.update(null, new LambdaUpdateWrapper<Substation>()
+                .eq(Substation::getId, id)
+                .set(Substation::getUserPass, encryptPass(dto.getNewPassword())));
+        return Result.success();
+    }
+
+    private Substation requireOwned(Long id, Long cityId) {
+        Substation sub = substationMapper.selectById(id);
+        if (sub == null) {
+            throw new BizException("账号不存在");
+        }
+        if (!cityId.equals(sub.getCityId())) {
+            throw new BizException("无权操作其他租户的账号");
+        }
+        return sub;
+    }
+
+    private Long resolveCityId(HttpServletRequest request) {
+        Long cityId = (Long) request.getAttribute("cityId");
+        if (cityId == null || cityId < 1) {
+            throw new BizException("当前账号未绑定有效城市");
+        }
+        return cityId;
+    }
+
+    private String encryptPass(String pass) {
+        return DigestUtils.md5DigestAsHex(pass.getBytes(StandardCharsets.UTF_8));
+    }
+}
@@ -18,6 +18,9 @@ public class SysRole {
  
     private String roleScope;
  
+    /** 所属租户ID：0=平台全局角色，>0=分站租户专属角色 */
+    private Long cityId;
+
     private Integer status;
  
     private Long createTime;
@@ -4,4 +4,7 @@ import com.diligrp.rider.entity.SysRole;
  
 public interface RoleScopeGuardService {
     SysRole requireRole(Long roleId, String requiredScope);
+
+    /** 分站侧调用：额外校验角色属于该租户或是全局角色 */
+    SysRole requireRole(Long roleId, String requiredScope, Long cityId);
 }
@@ -6,15 +6,36 @@ import com.diligrp.rider.vo.AdminRoleVO;
 import java.util.List;
  
 public interface SystemRoleService {
+    /** 平台侧调用：只返回平台全局角色（city_id=0） */
     List<AdminRoleVO> list(boolean includeDisabled);
  
+    /** 分站侧调用：只返回该租户自己的角色（city_id=cityId） */
+    List<AdminRoleVO> listByCityId(Long cityId);
+
+    /** 平台侧新增角色（city_id=0） */
     void add(AdminRoleSaveDTO dto);
  
+    /** 分站侧新增角色（city_id=cityId） */
+    void addForCity(AdminRoleSaveDTO dto, Long cityId);
+
+    /** 平台侧编辑（只能编辑 city_id=0 的角色） */
     void edit(AdminRoleSaveDTO dto);
  
+    /** 分站侧编辑（只能编辑本 cityId 的角色） */
+    void editForCity(AdminRoleSaveDTO dto, Long cityId);
+
     void ban(Long id);
  
+    /** 分站侧禁用（校验 cityId 归属） */
+    void banForCity(Long id, Long cityId);
+
     void cancelBan(Long id);
  
+    /** 分站侧启用（校验 cityId 归属） */
+    void cancelBanForCity(Long id, Long cityId);
+
     void del(Long id);
+
+    /** 分站侧删除（只能删除本 cityId 的角色） */
+    void delForCity(Long id, Long cityId);
 }
@@ -47,8 +47,10 @@ public class AdminMenuServiceImpl implements AdminMenuService {
             role = sysRoleMapper.selectById(roleId);
         }
         if (role == null) {
+            // Fallback：找全局内置角色（city_id=0）
             role = sysRoleMapper.selectOne(new LambdaQueryWrapper<SysRole>()
                     .eq(SysRole::getCode, fallbackCode)
+                    .eq(SysRole::getCityId, 0L)
                     .eq(SysRole::getStatus, 1)
                     .last("LIMIT 1"));
         }
@@ -40,7 +40,7 @@ public class AdminUserManageServiceImpl implements AdminUserManageService {
         if (exists > 0) {
             throw new BizException("账号已存在，请更换");
         }
-        roleScopeGuardService.requireRole(adminUser.getRoleId(), AdminRoleScopeEnum.PLATFORM.name());
+        roleScopeGuardService.requireRole(adminUser.getRoleId(), AdminRoleScopeEnum.PLATFORM.name(), 0L);
         adminUser.setUserPass(encryptPass(adminUser.getUserPass()));
         adminUser.setUserStatus(1);
         adminUser.setCreateTime(System.currentTimeMillis() / 1000);
@@ -53,7 +53,7 @@ public class AdminUserManageServiceImpl implements AdminUserManageService {
         if (existing == null) {
             throw new BizException("平台账号不存在");
         }
-        roleScopeGuardService.requireRole(adminUser.getRoleId(), AdminRoleScopeEnum.PLATFORM.name());
+        roleScopeGuardService.requireRole(adminUser.getRoleId(), AdminRoleScopeEnum.PLATFORM.name(), 0L);
         if (adminUser.getUserPass() == null || adminUser.getUserPass().isBlank()) {
             adminUser.setUserPass(null);
         } else {
@@ -60,10 +60,12 @@ public class MenuBootstrapServiceImpl implements MenuBootstrapService {
         defaults.add(menu("dashboard", "工作台", "MENU", "/dashboard", "HomeOutlined", 0L, MenuScopeEnum.BOTH, 10));
         defaults.add(menu("city.manage", "租户管理", "MENU", "/city", "GlobalOutlined", 0L, MenuScopeEnum.PLATFORM, 20));
         defaults.add(menu("substation.manage", "分站管理", "MENU", "/substation", "ApartmentOutlined", 0L, MenuScopeEnum.PLATFORM, 30));
+        defaults.add(menu("substation.user", "分站账号", "MENU", "/substation/user", "TeamOutlined", 0L, MenuScopeEnum.SUBSTATION, 31));
         defaults.add(menu("merchant.root", "商家管理", "DIR", "", "ShopOutlined", 0L, MenuScopeEnum.PLATFORM, 40));
         defaults.add(menu("merchant.enter", "入驻申请", "MENU", "/merchant/enter", "", 0L, MenuScopeEnum.PLATFORM, 41));
         defaults.add(menu("merchant.store", "店铺管理", "MENU", "/merchant/store", "", 0L, MenuScopeEnum.PLATFORM, 42));
         defaults.add(menu("rider.list", "骑手管理", "MENU", "/rider", "UserOutlined", 0L, MenuScopeEnum.BOTH, 50));
+        defaults.add(menu("rider.level", "骑手等级", "MENU", "/rider/level", "TrophyOutlined", 0L, MenuScopeEnum.BOTH, 55));
         defaults.add(menu("rider.evaluate", "骑手评价", "MENU", "/rider/evaluate", "StarOutlined", 0L, MenuScopeEnum.BOTH, 60));
         defaults.add(menu("order.root", "订单管理", "DIR", "", "UnorderedListOutlined", 0L, MenuScopeEnum.BOTH, 70));
         defaults.add(menu("order.list", "订单列表", "MENU", "/order", "", 0L, MenuScopeEnum.BOTH, 71));
@@ -80,6 +82,10 @@ public class MenuBootstrapServiceImpl implements MenuBootstrapService {
         defaults.add(menu("system.role", "角色管理", "MENU", "/system/role", "", 0L, MenuScopeEnum.PLATFORM, 102));
         defaults.add(menu("system.role_menu", "角色菜单", "MENU", "/system/role-menu", "", 0L, MenuScopeEnum.PLATFORM, 103));
         defaults.add(menu("admin.user", "平台账号", "MENU", "/admin-user", "", 0L, MenuScopeEnum.PLATFORM, 104));
+        // 分站管理员专属：站点管理目录
+        defaults.add(menu("system.sub_root", "站点管理", "DIR", "", "SettingOutlined", 0L, MenuScopeEnum.SUBSTATION, 110));
+        defaults.add(menu("system.sub_role", "角色管理", "MENU", "/substation/role", "", 0L, MenuScopeEnum.SUBSTATION, 111));
+        defaults.add(menu("system.sub_role_menu", "角色菜单", "MENU", "/substation/role-menu", "", 0L, MenuScopeEnum.SUBSTATION, 112));
  
         Map<String, SysMenu> persisted = new LinkedHashMap<>();
         for (SysMenu menu : defaults) {
@@ -111,6 +117,11 @@ public class MenuBootstrapServiceImpl implements MenuBootstrapService {
         persisted.get("system.role_menu").setListOrder(103);
         persisted.get("admin.user").setParentId(persisted.get("system.root").getId());
         persisted.get("admin.user").setListOrder(104);
+        // 分站专属菜单父节点
+        persisted.get("system.sub_role").setParentId(persisted.get("system.sub_root").getId());
+        persisted.get("system.sub_role").setListOrder(111);
+        persisted.get("system.sub_role_menu").setParentId(persisted.get("system.sub_root").getId());
+        persisted.get("system.sub_role_menu").setListOrder(112);
  
         for (SysMenu menu : persisted.values()) {
             sysMenuMapper.updateById(menu);
@@ -16,6 +16,11 @@ public class RoleScopeGuardServiceImpl implements RoleScopeGuardService {
  
     @Override
     public SysRole requireRole(Long roleId, String requiredScope) {
+        return requireRole(roleId, requiredScope, null);
+    }
+
+    @Override
+    public SysRole requireRole(Long roleId, String requiredScope, Long cityId) {
         if (roleId == null || roleId < 1) {
             throw new BizException("角色不能为空");
         }
@@ -29,6 +34,14 @@ public class RoleScopeGuardServiceImpl implements RoleScopeGuardService {
         if (!requiredScope.equals(role.getRoleScope())) {
             throw new BizException("角色归属不匹配");
         }
+        // cityId != null 时，要求角色属于该租户或是全局角色（city_id=0）
+        if (cityId != null) {
+            boolean isGlobal = role.getCityId() == null || role.getCityId() == 0L;
+            boolean isOwned = cityId.equals(role.getCityId());
+            if (!isGlobal && !isOwned) {
+                throw new BizException("角色不属于当前租户");
+            }
+        }
         return role;
     }
 }
@@ -44,7 +44,7 @@ public class SubstationServiceImpl implements SubstationService {
                 .eq(Substation::getUserLogin, substation.getUserLogin()));
         if (loginExists > 0) throw new BizException("账号已存在，请更换");
  
-        roleScopeGuardService.requireRole(substation.getRoleId(), AdminRoleScopeEnum.SUBSTATION.name());
+        roleScopeGuardService.requireRole(substation.getRoleId(), AdminRoleScopeEnum.SUBSTATION.name(), substation.getCityId());
         substation.setUserPass(encryptPass(substation.getUserPass()));
         substation.setUserStatus(1);
         substation.setCreateTime(System.currentTimeMillis() / 1000);
@@ -55,7 +55,7 @@ public class SubstationServiceImpl implements SubstationService {
     public void edit(Substation substation) {
         Substation existing = substationMapper.selectById(substation.getId());
         if (existing == null) throw new BizException("分站管理员不存在");
-        roleScopeGuardService.requireRole(substation.getRoleId(), AdminRoleScopeEnum.SUBSTATION.name());
+        roleScopeGuardService.requireRole(substation.getRoleId(), AdminRoleScopeEnum.SUBSTATION.name(), existing.getCityId());
         // 密码为空则不更新
         if (substation.getUserPass() == null || substation.getUserPass().isBlank()) {
             substation.setUserPass(null);
@@ -30,10 +30,47 @@ public class SystemRoleMenuServiceImpl implements SystemRoleMenuService {
     private final SysRoleMenuMapper sysRoleMenuMapper;
     private final SystemMenuServiceImpl systemMenuService;
  
+    // ----------------------------------------------------------------
+    // 平台侧：不限菜单 scope（平台管理员可分配所有菜单）
+    // ----------------------------------------------------------------
+
     @Override
     public List<AdminRoleMenuTreeVO> getRoleMenuTree(Long roleId) {
-        SysRole role = requireRole(roleId);
+        SysRole role = requireRole(roleId, null);
+        List<SysMenu> allowedMenus = filterMenusByScope(systemMenuService.listAllMenus(), role);
+        return buildCheckedTree(roleId, allowedMenus);
+    }
+
+    @Override
+    @Transactional
+    public void assignMenus(Long roleId, AdminRoleMenuAssignDTO dto) {
+        SysRole role = requireRole(roleId, null);
         List<SysMenu> allowedMenus = filterMenusByScope(systemMenuService.listAllMenus(), role);
+        doAssignMenus(roleId, dto, allowedMenus);
+    }
+
+    // ----------------------------------------------------------------
+    // 分站侧：仅允许 SUBSTATION / BOTH scope 的菜单，且校验角色归属 cityId
+    // ----------------------------------------------------------------
+
+    public List<AdminRoleMenuTreeVO> getRoleMenuTreeForCity(Long roleId, Long cityId) {
+        SysRole role = requireRole(roleId, cityId);
+        List<SysMenu> allowedMenus = filterSubstationMenus(systemMenuService.listAllMenus());
+        return buildCheckedTree(roleId, allowedMenus);
+    }
+
+    @Transactional
+    public void assignMenusForCity(Long roleId, AdminRoleMenuAssignDTO dto, Long cityId) {
+        SysRole role = requireRole(roleId, cityId);
+        List<SysMenu> allowedMenus = filterSubstationMenus(systemMenuService.listAllMenus());
+        doAssignMenus(roleId, dto, allowedMenus);
+    }
+
+    // ----------------------------------------------------------------
+    // 私有工具
+    // ----------------------------------------------------------------
+
+    private List<AdminRoleMenuTreeVO> buildCheckedTree(Long roleId, List<SysMenu> allowedMenus) {
         List<SysRoleMenu> assigned = sysRoleMenuMapper.selectList(new LambdaQueryWrapper<SysRoleMenu>()
                 .eq(SysRoleMenu::getRoleId, roleId));
         Set<Long> assignedIds = assigned.stream().map(SysRoleMenu::getMenuId).collect(Collectors.toSet());
@@ -44,11 +81,7 @@ public class SystemRoleMenuServiceImpl implements SystemRoleMenuService {
         return systemMenuService.buildTree(allowedMenus, checkedMap, false);
     }
  
-    @Override
-    @Transactional
-    public void assignMenus(Long roleId, AdminRoleMenuAssignDTO dto) {
-        SysRole role = requireRole(roleId);
-        List<SysMenu> allowedMenus = filterMenusByScope(systemMenuService.listAllMenus(), role);
+    private void doAssignMenus(Long roleId, AdminRoleMenuAssignDTO dto, List<SysMenu> allowedMenus) {
         Set<Long> allowedIds = allowedMenus.stream().map(SysMenu::getId).collect(Collectors.toSet());
         List<Long> menuIds = dto.getMenuIds() == null ? List.of() : dto.getMenuIds();
         for (Long menuId : menuIds) {
@@ -56,7 +89,6 @@ public class SystemRoleMenuServiceImpl implements SystemRoleMenuService {
                 throw new BizException("存在不允许分配的菜单");
             }
         }
-
         sysRoleMenuMapper.delete(new LambdaQueryWrapper<SysRoleMenu>()
                 .eq(SysRoleMenu::getRoleId, roleId));
         long now = System.currentTimeMillis() / 1000;
@@ -69,11 +101,15 @@ public class SystemRoleMenuServiceImpl implements SystemRoleMenuService {
         }
     }
  
-    private SysRole requireRole(Long roleId) {
+    private SysRole requireRole(Long roleId, Long cityId) {
         SysRole role = sysRoleMapper.selectById(roleId);
         if (role == null || role.getStatus() == null || role.getStatus() != 1) {
             throw new BizException("角色不存在或已禁用");
         }
+        // cityId != null 时校验归属（分站侧调用）
+        if (cityId != null && !cityId.equals(role.getCityId())) {
+            throw new BizException("无权操作其他租户的角色");
+        }
         return role;
     }
  
@@ -81,6 +117,14 @@ public class SystemRoleMenuServiceImpl implements SystemRoleMenuService {
         return menus.stream().filter(menu -> isScopeAllowed(role, menu)).collect(Collectors.toList());
     }
  
+    /** 分站侧：只允许 SUBSTATION 或 BOTH scope 的菜单 */
+    private List<SysMenu> filterSubstationMenus(List<SysMenu> menus) {
+        return menus.stream().filter(menu ->
+                MenuScopeEnum.SUBSTATION.name().equals(menu.getMenuScope())
+                        || MenuScopeEnum.BOTH.name().equals(menu.getMenuScope())
+        ).collect(Collectors.toList());
+    }
+
     private boolean isScopeAllowed(SysRole role, SysMenu menu) {
         if (MenuScopeEnum.BOTH.name().equals(menu.getMenuScope())) {
             return true;
@@ -27,6 +27,7 @@ import java.util.Set;
 @RequiredArgsConstructor
 public class SystemRoleServiceImpl implements SystemRoleService {
  
+    /** 内置角色编码（city_id=0 且 code 在此集合内，不允许编辑/删除） */
     private static final Set<String> BUILT_IN_CODES = Set.of("platform_admin", "substation_admin");
  
     private final SysRoleMapper sysRoleMapper;
@@ -34,38 +35,33 @@ public class SystemRoleServiceImpl implements SystemRoleService {
     private final AdminUserMapper adminUserMapper;
     private final SubstationMapper substationMapper;
  
+    // ----------------------------------------------------------------
+    // 平台侧：只看/操作 city_id=0 的全局角色
+    // ----------------------------------------------------------------
+
     @Override
     public List<AdminRoleVO> list(boolean includeDisabled) {
         List<SysRole> roles = sysRoleMapper.selectList(new LambdaQueryWrapper<SysRole>()
+                .eq(SysRole::getCityId, 0L)
                 .eq(!includeDisabled, SysRole::getStatus, 1)
                 .orderByAsc(SysRole::getId));
-        List<AdminRoleVO> result = new ArrayList<>();
-        for (SysRole role : roles) {
-            result.add(toVO(role));
-        }
-        return result;
+        return toVOList(roles);
     }
  
     @Override
     public void add(AdminRoleSaveDTO dto) {
         validateScope(dto.getRoleScope());
-        ensureUniqueCode(dto.getCode(), null);
-
-        SysRole role = new SysRole();
-        role.setCode(dto.getCode().trim());
-        role.setName(dto.getName().trim());
-        role.setRoleScope(dto.getRoleScope());
-        role.setStatus(1);
-        role.setCreateTime(System.currentTimeMillis() / 1000);
+        ensureUniqueCode(dto.getCode(), null, 0L);
+        SysRole role = buildRole(dto, 0L);
         sysRoleMapper.insert(role);
     }
  
     @Override
     public void edit(AdminRoleSaveDTO dto) {
-        if (dto.getId() == null || dto.getId() < 1) {
-            throw new BizException("角色ID不能为空");
-        }
         SysRole role = requireRole(dto.getId());
+        if (!role.getCityId().equals(0L)) {
+            throw new BizException("平台侧不允许编辑分站专属角色");
+        }
         if (isBuiltIn(role)) {
             throw new BizException("内置角色不允许编辑");
         }
@@ -73,7 +69,7 @@ public class SystemRoleServiceImpl implements SystemRoleService {
         if (!role.getRoleScope().equals(dto.getRoleScope())) {
             throw new BizException("角色范围不允许修改");
         }
-        ensureUniqueCode(dto.getCode(), role.getId());
+        ensureUniqueCode(dto.getCode(), role.getId(), 0L);
         role.setCode(dto.getCode().trim());
         role.setName(dto.getName().trim());
         sysRoleMapper.updateById(role);
@@ -82,27 +78,34 @@ public class SystemRoleServiceImpl implements SystemRoleService {
     @Override
     public void ban(Long id) {
         SysRole role = requireRole(id);
+        if (!role.getCityId().equals(0L)) {
+            throw new BizException("平台侧不允许操作分站专属角色");
+        }
         if (isBuiltIn(role)) {
             throw new BizException("内置角色不允许禁用");
         }
         ensureNotBound(role.getId(), "当前角色已绑定账号，不能禁用");
         sysRoleMapper.update(null, new LambdaUpdateWrapper<SysRole>()
-                .eq(SysRole::getId, id)
-                .set(SysRole::getStatus, 0));
+                .eq(SysRole::getId, id).set(SysRole::getStatus, 0));
     }
  
     @Override
     public void cancelBan(Long id) {
-        requireRole(id);
+        SysRole role = requireRole(id);
+        if (!role.getCityId().equals(0L)) {
+            throw new BizException("平台侧不允许操作分站专属角色");
+        }
         sysRoleMapper.update(null, new LambdaUpdateWrapper<SysRole>()
-                .eq(SysRole::getId, id)
-                .set(SysRole::getStatus, 1));
+                .eq(SysRole::getId, id).set(SysRole::getStatus, 1));
     }
  
     @Override
     @Transactional
     public void del(Long id) {
         SysRole role = requireRole(id);
+        if (!role.getCityId().equals(0L)) {
+            throw new BizException("平台侧不允许删除分站专属角色");
+        }
         if (isBuiltIn(role)) {
             throw new BizException("内置角色不允许删除");
         }
@@ -112,6 +115,72 @@ public class SystemRoleServiceImpl implements SystemRoleService {
         sysRoleMapper.deleteById(role.getId());
     }
  
+    // ----------------------------------------------------------------
+    // 分站侧：只看/操作本 cityId 的角色
+    // ----------------------------------------------------------------
+
+    @Override
+    public List<AdminRoleVO> listByCityId(Long cityId) {
+        List<SysRole> roles = sysRoleMapper.selectList(new LambdaQueryWrapper<SysRole>()
+                .eq(SysRole::getCityId, cityId)
+                .eq(SysRole::getStatus, 1)
+                .orderByAsc(SysRole::getId));
+        return toVOList(roles);
+    }
+
+    @Override
+    public void addForCity(AdminRoleSaveDTO dto, Long cityId) {
+        // 分站角色只能是 SUBSTATION scope
+        if (!AdminRoleScopeEnum.SUBSTATION.name().equals(dto.getRoleScope())) {
+            throw new BizException("分站角色范围只能是 SUBSTATION");
+        }
+        ensureUniqueCode(dto.getCode(), null, cityId);
+        SysRole role = buildRole(dto, cityId);
+        sysRoleMapper.insert(role);
+    }
+
+    @Override
+    public void editForCity(AdminRoleSaveDTO dto, Long cityId) {
+        SysRole role = requireRole(dto.getId());
+        requireOwnedByCity(role, cityId);
+        ensureUniqueCode(dto.getCode(), role.getId(), cityId);
+        role.setCode(dto.getCode().trim());
+        role.setName(dto.getName().trim());
+        sysRoleMapper.updateById(role);
+    }
+
+    @Override
+    public void banForCity(Long id, Long cityId) {
+        SysRole role = requireRole(id);
+        requireOwnedByCity(role, cityId);
+        ensureNotBoundForCity(role.getId(), cityId, "当前角色已绑定账号，不能禁用");
+        sysRoleMapper.update(null, new LambdaUpdateWrapper<SysRole>()
+                .eq(SysRole::getId, id).set(SysRole::getStatus, 0));
+    }
+
+    @Override
+    public void cancelBanForCity(Long id, Long cityId) {
+        SysRole role = requireRole(id);
+        requireOwnedByCity(role, cityId);
+        sysRoleMapper.update(null, new LambdaUpdateWrapper<SysRole>()
+                .eq(SysRole::getId, id).set(SysRole::getStatus, 1));
+    }
+
+    @Override
+    @Transactional
+    public void delForCity(Long id, Long cityId) {
+        SysRole role = requireRole(id);
+        requireOwnedByCity(role, cityId);
+        ensureNotBoundForCity(role.getId(), cityId, "当前角色已绑定账号，不能删除");
+        sysRoleMenuMapper.delete(new LambdaQueryWrapper<SysRoleMenu>()
+                .eq(SysRoleMenu::getRoleId, role.getId()));
+        sysRoleMapper.deleteById(role.getId());
+    }
+
+    // ----------------------------------------------------------------
+    // 私有工具方法
+    // ----------------------------------------------------------------
+
     private SysRole requireRole(Long id) {
         if (id == null || id < 1) {
             throw new BizException("角色ID不能为空");
@@ -123,6 +192,12 @@ public class SystemRoleServiceImpl implements SystemRoleService {
         return role;
     }
  
+    private void requireOwnedByCity(SysRole role, Long cityId) {
+        if (!cityId.equals(role.getCityId())) {
+            throw new BizException("无权操作其他租户的角色");
+        }
+    }
+
     private void validateScope(String scope) {
         for (AdminRoleScopeEnum value : AdminRoleScopeEnum.values()) {
             if (value.name().equals(scope)) {
@@ -132,9 +207,10 @@ public class SystemRoleServiceImpl implements SystemRoleService {
         throw new BizException("角色范围不合法");
     }
  
-    private void ensureUniqueCode(String code, Long excludeId) {
+    private void ensureUniqueCode(String code, Long excludeId, Long cityId) {
         SysRole duplicate = sysRoleMapper.selectOne(new LambdaQueryWrapper<SysRole>()
                 .eq(SysRole::getCode, code.trim())
+                .eq(SysRole::getCityId, cityId)
                 .ne(excludeId != null, SysRole::getId, excludeId)
                 .last("LIMIT 1"));
         if (duplicate != null) {
@@ -148,6 +224,34 @@ public class SystemRoleServiceImpl implements SystemRoleService {
         }
     }
  
+    private void ensureNotBoundForCity(Long roleId, Long cityId, String message) {
+        Long count = substationMapper.selectCount(new LambdaQueryWrapper<Substation>()
+                .eq(Substation::getRoleId, roleId)
+                .eq(Substation::getCityId, cityId));
+        if (count != null && count > 0) {
+            throw new BizException(message);
+        }
+    }
+
+    private SysRole buildRole(AdminRoleSaveDTO dto, Long cityId) {
+        SysRole role = new SysRole();
+        role.setCode(dto.getCode().trim());
+        role.setName(dto.getName().trim());
+        role.setRoleScope(dto.getRoleScope());
+        role.setCityId(cityId);
+        role.setStatus(1);
+        role.setCreateTime(System.currentTimeMillis() / 1000);
+        return role;
+    }
+
+    private List<AdminRoleVO> toVOList(List<SysRole> roles) {
+        List<AdminRoleVO> result = new ArrayList<>();
+        for (SysRole role : roles) {
+            result.add(toVO(role));
+        }
+        return result;
+    }
+
     private AdminRoleVO toVO(SysRole role) {
         AdminRoleVO vo = new AdminRoleVO();
         vo.setId(role.getId());
@@ -163,7 +267,9 @@ public class SystemRoleServiceImpl implements SystemRoleService {
     }
  
     private boolean isBuiltIn(SysRole role) {
-        return BUILT_IN_CODES.contains(role.getCode());
+        // 只有全局角色（city_id=0）且编码匹配才是内置角色
+        return role.getCityId() != null && role.getCityId() == 0L
+                && BUILT_IN_CODES.contains(role.getCode());
     }
  
     private long countAdminUsers(Long roleId) {
@@ -379,10 +379,12 @@ CREATE TABLE `sys_role` (
   `code`        VARCHAR(64)     NOT NULL DEFAULT '' COMMENT '角色编码',
   `name`        VARCHAR(64)     NOT NULL DEFAULT '' COMMENT '角色名称',
   `role_scope`  VARCHAR(32)     NOT NULL DEFAULT 'PLATFORM' COMMENT '角色归属：PLATFORM/SUBSTATION',
+  `city_id`     BIGINT UNSIGNED NOT NULL DEFAULT 0 COMMENT '所属租户ID：0=平台全局角色，>0=分站租户专属角色',
   `status`      TINYINT         NOT NULL DEFAULT 1 COMMENT '状态：0=禁用 1=正常',
   `create_time` BIGINT UNSIGNED NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
-  UNIQUE KEY `uk_role_code` (`code`)
+  UNIQUE KEY `uk_role_code` (`code`, `city_id`),
+  KEY `idx_city_scope` (`city_id`, `role_scope`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='后台菜单角色表';
  
 CREATE TABLE `sys_menu` (