feat: 角色权限管理 + 多租户 + 配置文件数据库支持（需求26/27/28）

需求26 - 角色管理 + 菜单权限:
- 新增 RoleEntity / RoleMenuEntity 实体
- RoleController: 角色CRUD + 菜单权限分配（checkbox tree）
- 登录返回 roleCode 和 menuKeys
- Layout.vue 根据 menuKeys 动态过滤侧边栏菜单
- 超级管理员(roleCode=admin)显示所有菜单

需求27 - 系统数据库配置文件支持:
- appsettings.json 增加 Database 配置节
- 支持 sqlite / sqlserver / mysql / postgresql 四种数据库
- 每种数据库可独立配置 Host/Port/UserId/Password 等
- 优先级: 环境变量 > appsettings.json > 默认值
- 保留环境变量 DB_TYPE / DB_CONNECTION_STRING 向后兼容

需求28 - 多租户实现:
- 新增 TenantEntity 实体 + TenantController CRUD
- UserEntity 增加 RoleId / TenantId 外键
- 登录时校验租户状态（禁用租户无法登录）
- ITenantAccessor 中间件从 JWT Claims 提取 TenantId
- 用户管理支持绑定角色和租户

前端新增页面:
- RoleManage.vue: 角色列表 + 新增/编辑弹窗（含菜单权限树）
- TenantManage.vue: 租户列表 + 新增/编辑弹窗（含状态开关）
- UserManage.vue: 增加角色/租户列 + 新增弹窗角色/租户下拉选择
- Login.vue: 登录时保存 roleCode/menuKeys
- router: 增加 /system/role 和 /system/tenant 路由

Author: pythonHuang

Juggle.Api/Controllers/Api/RoleController.cs

@@ -0,0 +1,179 @@
+using Juggle.Domain.Entities;
+using Juggle.Infrastructure.Persistence;
+using Juggle.Application.Models.Request;
+using Juggle.Application.Models.Response;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace Juggle.Api.Controllers.Api;
+
+[ApiController]
+[Route("api/role")]
+public class RoleController : ControllerBase
+{
+    private readonly JuggleDbContext _db;
+
+    public RoleController(JuggleDbContext db) => _db = db;
+
+    /// <summary>角色分页列表</summary>
+    [HttpPost("page"), Authorize]
+    public async Task<ApiResult> Page([FromBody] PageRequest req)
+    {
+        var query = _db.Roles.Where(r => r.Deleted == 0);
+        if (!string.IsNullOrEmpty(req.Keyword))
+            query = query.Where(r => r.RoleName!.Contains(req.Keyword) || (r.RoleCode != null && r.RoleCode.Contains(req.Keyword)));
+
+        var total = await query.CountAsync();
+        var records = await query.OrderByDescending(r => r.Id)
+            .Skip((req.PageNum - 1) * req.PageSize)
+            .Take(req.PageSize)
+            .ToListAsync();
+
+        // 查每个角色的菜单权限数
+        var roleIds = records.Select(r => r.Id).ToList();
+        var menuCounts = await _db.RoleMenus
+            .Where(rm => roleIds.Contains(rm.RoleId) && rm.Deleted == 0)
+            .GroupBy(rm => rm.RoleId)
+            .Select(g => new { RoleId = g.Key, Count = g.Count() })
+            .ToDictionaryAsync(x => x.RoleId, x => x.Count);
+
+        var result = records.Select(r => new
+        {
+            r.Id, r.RoleName, r.RoleCode, r.Remark, r.CreatedAt, r.UpdatedAt,
+            MenuCount = menuCounts.GetValueOrDefault(r.Id, 0)
+        });
+        return ApiResult.Success(new { total, records = result });
+    }
+
+    /// <summary>所有角色（下拉选择用）</summary>
+    [HttpGet("all"), Authorize]
+    public async Task<ApiResult> All()
+    {
+        var list = await _db.Roles
+            .Where(r => r.Deleted == 0)
+            .OrderBy(r => r.Id)
+            .Select(r => new { r.Id, r.RoleName, r.RoleCode })
+            .ToListAsync();
+        return ApiResult.Success(list);
+    }
+
+    /// <summary>角色详情（含菜单权限）</summary>
+    [HttpGet("detail/{id}"), Authorize]
+    public async Task<ApiResult> Detail(long id)
+    {
+        var role = await _db.Roles.FindAsync(id);
+        if (role == null || role.Deleted == 1) return ApiResult.Fail("角色不存在");
+
+        var menuKeys = await _db.RoleMenus
+            .Where(rm => rm.RoleId == id && rm.Deleted == 0)
+            .Select(rm => rm.MenuKey)
+            .ToListAsync();
+
+        return ApiResult.Success(new
+        {
+            role.Id, role.RoleName, role.RoleCode, role.Remark, role.CreatedAt,
+            MenuKeys = menuKeys
+        });
+    }
+
+    /// <summary>新增角色</summary>
+    [HttpPost("add"), Authorize]
+    public async Task<ApiResult> Add([FromBody] RoleAddRequest req)
+    {
+        if (string.IsNullOrWhiteSpace(req.RoleName))
+            return ApiResult.Fail("角色名称不能为空");
+
+        if (!string.IsNullOrWhiteSpace(req.RoleCode))
+        {
+            var exists = await _db.Roles.AnyAsync(r => r.RoleCode == req.RoleCode && r.Deleted == 0);
+            if (exists) return ApiResult.Fail("角色编码已存在");
+        }
+
+        var role = new RoleEntity
+        {
+            RoleName  = req.RoleName,
+            RoleCode  = req.RoleCode,
+            Remark    = req.Remark,
+            Deleted   = 0,
+            CreatedAt = DateTime.Now.ToString("o")
+        };
+        _db.Roles.Add(role);
+        await _db.SaveChangesAsync();
+
+        // 保存菜单权限
+        if (req.MenuKeys.Count > 0)
+        {
+            _db.RoleMenus.AddRange(req.MenuKeys.Select(key => new RoleMenuEntity
+            {
+                RoleId    = role.Id,
+                MenuKey   = key,
+                Deleted   = 0,
+                CreatedAt = DateTime.Now.ToString("o")
+            }));
+            await _db.SaveChangesAsync();
+        }
+
+        return ApiResult.Success(new { id = role.Id });
+    }
+
+    /// <summary>更新角色</summary>
+    [HttpPut("update"), Authorize]
+    public async Task<ApiResult> Update([FromBody] RoleUpdateRequest req)
+    {
+        var role = await _db.Roles.FindAsync(req.Id);
+        if (role == null || role.Deleted == 1) return ApiResult.Fail("角色不存在");
+        if (role.Id == 1) return ApiResult.Fail("不能修改超级管理员角色");
+
+        role.RoleName  = req.RoleName;
+        role.RoleCode  = req.RoleCode;
+        role.Remark    = req.Remark;
+        role.UpdatedAt = DateTime.Now.ToString("o");
+
+        // 先删除旧权限
+        var oldMenus = await _db.RoleMenus
+            .Where(rm => rm.RoleId == req.Id && rm.Deleted == 0)
+            .ToListAsync();
+        foreach (var m in oldMenus) m.Deleted = 1;
+        _db.RoleMenus.UpdateRange(oldMenus);
+
+        // 添加新权限
+        if (req.MenuKeys.Count > 0)
+        {
+            _db.RoleMenus.AddRange(req.MenuKeys.Select(key => new RoleMenuEntity
+            {
+                RoleId    = req.Id,
+                MenuKey   = key,
+                Deleted   = 0,
+                CreatedAt = DateTime.Now.ToString("o")
+            }));
+        }
+
+        await _db.SaveChangesAsync();
+        return ApiResult.Success();
+    }
+
+    /// <summary>删除角色</summary>
+    [HttpDelete("delete/{id}"), Authorize]
+    public async Task<ApiResult> Delete(long id)
+    {
+        if (id == 1) return ApiResult.Fail("不能删除超级管理员角色");
+        var role = await _db.Roles.FindAsync(id);
+        if (role == null || role.Deleted == 1) return ApiResult.Fail("角色不存在");
+
+        // 检查是否有用户使用该角色
+        var hasUsers = await _db.Users.AnyAsync(u => u.RoleId == id && u.Deleted == 0);
+        if (hasUsers) return ApiResult.Fail("该角色下还有用户，不能删除");
+
+        role.Deleted   = 1;
+        role.UpdatedAt = DateTime.Now.ToString("o");
+
+        // 同时删除角色菜单
+        var menus = await _db.RoleMenus.Where(rm => rm.RoleId == id && rm.Deleted == 0).ToListAsync();
+        foreach (var m in menus) m.Deleted = 1;
+        _db.RoleMenus.UpdateRange(menus);
+
+        await _db.SaveChangesAsync();
+        return ApiResult.Success();
+    }
+}

Juggle.Api/Controllers/Api/TenantController.cs

@@ -0,0 +1,114 @@
+using Juggle.Domain.Entities;
+using Juggle.Infrastructure.Persistence;
+using Juggle.Application.Models.Request;
+using Juggle.Application.Models.Response;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace Juggle.Api.Controllers.Api;
+
+[ApiController]
+[Route("api/tenant")]
+public class TenantController : ControllerBase
+{
+    private readonly JuggleDbContext _db;
+
+    public TenantController(JuggleDbContext db) => _db = db;
+
+    /// <summary>租户分页列表</summary>
+    [HttpPost("page"), Authorize]
+    public async Task<ApiResult> Page([FromBody] PageRequest req)
+    {
+        var query = _db.Tenants.Where(t => t.Deleted == 0);
+        if (!string.IsNullOrEmpty(req.Keyword))
+            query = query.Where(t => t.TenantName!.Contains(req.Keyword) || (t.TenantCode != null && t.TenantCode.Contains(req.Keyword)));
+
+        var total = await query.CountAsync();
+        var records = await query.OrderByDescending(t => t.Id)
+            .Skip((req.PageNum - 1) * req.PageSize)
+            .Take(req.PageSize)
+            .Select(t => new
+            {
+                t.Id, t.TenantName, t.TenantCode, t.Status, t.Remark, t.CreatedAt, t.UpdatedAt,
+                UserCount = _db.Users.Count(u => u.TenantId == t.Id && u.Deleted == 0)
+            })
+            .ToListAsync();
+
+        return ApiResult.Success(new { total, records });
+    }
+
+    /// <summary>所有租户（下拉选择用）</summary>
+    [HttpGet("all"), Authorize]
+    public async Task<ApiResult> All()
+    {
+        var list = await _db.Tenants
+            .Where(t => t.Deleted == 0 && t.Status == 1)
+            .OrderBy(t => t.Id)
+            .Select(t => new { t.Id, t.TenantName, t.TenantCode })
+            .ToListAsync();
+        return ApiResult.Success(list);
+    }
+
+    /// <summary>新增租户</summary>
+    [HttpPost("add"), Authorize]
+    public async Task<ApiResult> Add([FromBody] TenantAddRequest req)
+    {
+        if (string.IsNullOrWhiteSpace(req.TenantName))
+            return ApiResult.Fail("租户名称不能为空");
+
+        if (!string.IsNullOrWhiteSpace(req.TenantCode))
+        {
+            var exists = await _db.Tenants.AnyAsync(t => t.TenantCode == req.TenantCode && t.Deleted == 0);
+            if (exists) return ApiResult.Fail("租户编码已存在");
+        }
+
+        var tenant = new TenantEntity
+        {
+            TenantName = req.TenantName,
+            TenantCode = req.TenantCode,
+            Remark      = req.Remark,
+            Status      = 1,
+            Deleted     = 0,
+            CreatedAt   = DateTime.Now.ToString("o")
+        };
+        _db.Tenants.Add(tenant);
+        await _db.SaveChangesAsync();
+        return ApiResult.Success(new { id = tenant.Id });
+    }
+
+    /// <summary>更新租户</summary>
+    [HttpPut("update"), Authorize]
+    public async Task<ApiResult> Update([FromBody] TenantUpdateRequest req)
+    {
+        var tenant = await _db.Tenants.FindAsync(req.Id);
+        if (tenant == null || tenant.Deleted == 1) return ApiResult.Fail("租户不存在");
+        if (tenant.Id == 1) return ApiResult.Fail("不能修改默认租户");
+
+        tenant.TenantName = req.TenantName;
+        tenant.TenantCode = req.TenantCode;
+        tenant.Remark      = req.Remark;
+        tenant.Status      = req.Status;
+        tenant.UpdatedAt   = DateTime.Now.ToString("o");
+
+        await _db.SaveChangesAsync();
+        return ApiResult.Success();
+    }
+
+    /// <summary>删除租户</summary>
+    [HttpDelete("delete/{id}"), Authorize]
+    public async Task<ApiResult> Delete(long id)
+    {
+        if (id == 1) return ApiResult.Fail("不能删除默认租户");
+        var tenant = await _db.Tenants.FindAsync(id);
+        if (tenant == null || tenant.Deleted == 1) return ApiResult.Fail("租户不存在");
+
+        var hasUsers = await _db.Users.AnyAsync(u => u.TenantId == id && u.Deleted == 0);
+        if (hasUsers) return ApiResult.Fail("该租户下还有用户，不能删除");
+
+        tenant.Deleted   = 1;
+        tenant.UpdatedAt = DateTime.Now.ToString("o");
+        await _db.SaveChangesAsync();
+        return ApiResult.Success();
+    }
+}

Juggle.Api/Controllers/Api/UserController.cs

@@ -34,8 +34,35 @@ public async Task<ApiResult> Login([FromBody] LoginRequest req)
         if (user == null)
             return ApiResult.Fail("用户名或密码错误", 401);
 
+        // 检查租户是否禁用
+        if (user.TenantId.HasValue)
+        {
+            var tenant = await _db.Tenants.FindAsync(user.TenantId.Value);
+            if (tenant == null || tenant.Deleted == 1 || tenant.Status == 0)
+                return ApiResult.Fail("租户已被禁用，无法登录", 403);
+        }
+
         var tokenStr = _jwtService.GenerateToken(user);
-        return ApiResult.Success(new { token = tokenStr, userName = user.UserName });
+
+        // 查询菜单权限
+        List<string> menuKeys = new();
+        if (user.RoleId.HasValue && user.RoleId != 1)
+        {
+            // 非超级管理员，查询角色菜单
+            menuKeys = await _db.RoleMenus
+                .Where(rm => rm.RoleId == user.RoleId && rm.Deleted == 0)
+                .Select(rm => rm.MenuKey)
+                .ToListAsync();
+        }
+        // 超级管理员返回空列表，前端根据 roleCode="admin" 显示全部菜单
+
+        return ApiResult.Success(new
+        {
+            token    = tokenStr,
+            userName = user.UserName,
+            roleCode = user.RoleId == 1 ? "admin" : "",
+            menuKeys
+        });
     }
 
     /// <summary>用户分页列表（需登录）</summary>
@@ -49,7 +76,12 @@ public async Task<ApiResult> Page([FromBody] PageRequest req)
         var records = await query.OrderByDescending(u => u.Id)
             .Skip((req.PageNum - 1) * req.PageSize)
             .Take(req.PageSize)
-            .Select(u => new { u.Id, u.UserName, u.CreatedAt, u.UpdatedAt })
+            .Select(u => new
+            {
+                u.Id, u.UserName, u.RoleId, u.TenantId, u.CreatedAt, u.UpdatedAt,
+                RoleName = _db.Roles.Where(r => r.Id == u.RoleId && r.Deleted == 0).Select(r => r.RoleName).FirstOrDefault(),
+                TenantName = _db.Tenants.Where(t => t.Id == u.TenantId && t.Deleted == 0).Select(t => t.TenantName).FirstOrDefault()
+            })
             .ToListAsync();
         return ApiResult.Success(new { total, records });
     }
@@ -69,6 +101,8 @@ public async Task<ApiResult> Add([FromBody] UserAddRequest req)
         {
             UserName  = req.UserName,
             Password  = Md5Helper.Encrypt(req.Password),
+            RoleId    = req.RoleId,
+            TenantId  = req.TenantId,
             Deleted   = 0,
             CreatedAt = DateTime.Now.ToString("o")
         };