public async Task <ActionResult <IEnumerable <OrganizationRoleDto> > > GetRolesByOrgId(string id, bool getAll = false) { // 除了平台的超级管理员,其他管理员只能管理所属 Client 的资源 bool isSuper = User.IsSuperAdmin(); IEnumerable <string> allowedClientIds = null; if (!isSuper) { allowedClientIds = User.FindAll(JwtClaimTypes.ClientId).Select(itm => itm.Value); } return(Ok(await _orgService.GetRolesAsync(id, getAll, allowedClientIds))); }