feat(permission): 完成权限核心模块后端

- 添加 UserRoleRepository 实现用户角色关联查询
- 添加 RolePermissionRepository 实现角色权限关联查询
- 完善 PermissionCheckService 实现核心权限验证逻辑
  - hasRole(): 检查用户是否拥有指定角色
  - getUserPermissions(): 获取用户所有权限
  - getUserDataScope(): 获取用户数据权限范围
  - getUserRoleCodes(): 获取用户角色代码列表
  - roleHasPermission(): 检查角色是否拥有权限
  - getRolePermissions(): 获取角色权限列表

.ralph/state.md

@@ -6,29 +6,30 @@
 - **Max Iterations**: 100
 
 ## Current State
-- **Iteration**: 3
+- **Iteration**: 5
 - **Status**: In Progress
-- **Current Phase**: Phase 2 - 权限核心模块
+- **Current Phase**: Phase 2 - 权限核心模块后端完成
 
 ## Progress - Phase 2
 - [x] Phase 1: 数据库表创建（10张表）✅
-- [ ] Phase 2: 权限核心模块
-  - [x] SysRole实体
-  - [x] RoleRepository
-  - [x] RoleService
-  - [ ] RoleController
-  - [ ] 角色管理前端页面
-  - [ ] 权限管理
-  - [ ] 部门管理
-  - [ ] 权限判断服务
+- [x] Phase 2: 权限核心模块后端
+  - [x] 角色管理 (SysRole + RoleRepository/Service/Controller)
+  - [x] 权限管理 (SysPermission + PermissionRepository/Service)
+  - [x] 部门管理 (SysDepartment + DepartmentRepository/Service/Controller)
+  - [x] 权限判断服务 (PermissionCheckService) - 已完善
+  - [x] 用户角色关联 (SysUserRole + UserRoleRepository)
+  - [x] 角色权限关联 (SysRolePermission + RolePermissionRepository)
+- [ ] Phase 2: 前端页面和组件
+- [ ] Phase 3: 审批流引擎
 
 ## Completion Criteria
 - [x] Phase 1: 数据库表创建 - 100%
-- [ ] Phase 2: 权限核心模块 - 15%
+- [x] Phase 2: 后端核心模块 - 100%
+- [ ] Phase 2: 前端页面 - 0%
 - [ ] Phase 3: 审批流引擎 - 0%
 - [ ] Phase 4: 业务模块开发 - 0%
 
-## Next Actions
-1. 完成角色Service单元测试
-2. 创建角色Controller
-3. 继续实施Phase 2其他任务
+## Recent Changes (Iteration 5)
+- 创建 UserRoleRepository 实现用户角色关联查询
+- 创建 RolePermissionRepository 实现角色权限关联查询
+- 完善 PermissionCheckService 实现核心权限验证逻辑

src/main/java/com/mosquito/project/permission/PermissionCheckService.java

@@ -14,10 +14,17 @@ public class PermissionCheckService {
 
     private final RoleRepository roleRepository;
     private final PermissionRepository permissionRepository;
+    private final UserRoleRepository userRoleRepository;
+    private final RolePermissionRepository rolePermissionRepository;
 
-    public PermissionCheckService(RoleRepository roleRepository, PermissionRepository permissionRepository) {
+    public PermissionCheckService(RoleRepository roleRepository,
+                                  PermissionRepository permissionRepository,
+                                  UserRoleRepository userRoleRepository,
+                                  RolePermissionRepository rolePermissionRepository) {
         this.roleRepository = roleRepository;
         this.permissionRepository = permissionRepository;
+        this.userRoleRepository = userRoleRepository;
+        this.rolePermissionRepository = rolePermissionRepository;
     }
 
     /**
@@ -39,9 +46,8 @@ public class PermissionCheckService {
      * 检查用户是否拥有指定角色
      */
     public boolean hasRole(Long userId, String roleCode) {
-        // 这里需要查询用户角色关联表
-        // 暂时返回false，后续实现
-        return false;
+        List<String> userRoles = userRoleRepository.findRoleCodesByUserId(userId);
+        return userRoles.contains(roleCode);
     }
 
     /**
@@ -82,26 +88,23 @@ public class PermissionCheckService {
      * 获取用户角色代码列表
      */
     private Set<String> getUserRoleCodes(Long userId) {
-        // TODO: 从用户角色关联表查询
-        // 暂时返回空set，后续实现
-        return Set.of();
+        List<String> roleCodes = userRoleRepository.findRoleCodesByUserId(userId);
+        return Set.copyOf(roleCodes);
     }
 
     /**
      * 检查角色是否拥有指定权限
      */
     private boolean roleHasPermission(String roleCode, String permissionCode) {
-        // 从角色权限关联表查询
-        // 暂时返回false，后续实现
-        return false;
+        List<String> permissions = rolePermissionRepository.findPermissionCodesByRoleCode(roleCode);
+        return permissions.contains(permissionCode);
     }
 
     /**
      * 获取角色的所有权限
      */
     private Set<String> getRolePermissions(String roleCode) {
-        // 从角色权限关联表查询
-        // 暂时返回空set，后续实现
-        return Set.of();
+        List<String> permissions = rolePermissionRepository.findPermissionCodesByRoleCode(roleCode);
+        return Set.copyOf(permissions);
     }
 }

src/main/java/com/mosquito/project/permission/RolePermissionRepository.java

@@ -0,0 +1,47 @@
+package com.mosquito.project.permission;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+/**
+ * 角色权限关联Repository
+ */
+@Repository
+public interface RolePermissionRepository extends JpaRepository<SysRolePermission, Long> {
+
+    /**
+     * 根据角色ID查询所有权限ID
+     */
+    List<SysRolePermission> findByRoleId(Long roleId);
+
+    /**
+     * 根据角色ID查询所有权限代码
+     */
+    @Query("SELECT p.permissionCode FROM SysRolePermission rp JOIN SysPermission p ON rp.permissionId = p.id WHERE rp.roleId = :roleId")
+    List<String> findPermissionCodesByRoleId(@Param("roleId") Long roleId);
+
+    /**
+     * 根据角色代码查询所有权限代码
+     */
+    @Query("SELECT p.permissionCode FROM SysRolePermission rp JOIN SysPermission p ON rp.permissionId = p.id JOIN SysRole r ON rp.roleId = r.id WHERE r.roleCode = :roleCode")
+    List<String> findPermissionCodesByRoleCode(@Param("roleCode") String roleCode);
+
+    /**
+     * 检查角色是否拥有指定权限
+     */
+    boolean existsByRoleIdAndPermissionId(Long roleId, Long permissionId);
+
+    /**
+     * 删除角色权限关联
+     */
+    void deleteByRoleIdAndPermissionId(Long roleId, Long permissionId);
+
+    /**
+     * 删除角色所有权限关联
+     */
+    void deleteByRoleId(Long roleId);
+}

src/main/java/com/mosquito/project/permission/SysRolePermission.java

@@ -0,0 +1,38 @@
+package com.mosquito.project.permission;
+
+import jakarta.persistence.*;
+import java.time.LocalDateTime;
+
+/**
+ * 角色权限关联实体 - 对应sys_role_permission表
+ */
+@Entity
+@Table(name = "sys_role_permission")
+public class SysRolePermission {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @Column(name = "role_id", nullable = false)
+    private Long roleId;
+
+    @Column(name = "permission_id", nullable = false)
+    private Long permissionId;
+
+    @Column(name = "created_at")
+    private LocalDateTime createdAt;
+
+    // Getters and Setters
+    public Long getId() { return id; }
+    public void setId(Long id) { this.id = id; }
+
+    public Long getRoleId() { return roleId; }
+    public void setRoleId(Long roleId) { this.roleId = roleId; }
+
+    public Long getPermissionId() { return permissionId; }
+    public void setPermissionId(Long permissionId) { this.permissionId = permissionId; }
+
+    public LocalDateTime getCreatedAt() { return createdAt; }
+    public void setCreatedAt(LocalDateTime createdAt) { this.createdAt = createdAt; }
+}

src/main/java/com/mosquito/project/permission/SysUserRole.java

@@ -0,0 +1,50 @@
+package com.mosquito.project.permission;
+
+import jakarta.persistence.*;
+import java.time.LocalDateTime;
+
+/**
+ * 用户角色关联实体 - 对应sys_user_role表
+ */
+@Entity
+@Table(name = "sys_user_role")
+public class SysUserRole {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @Column(name = "user_id", nullable = false)
+    private Long userId;
+
+    @Column(name = "role_id", nullable = false)
+    private Long roleId;
+
+    @Column(name = "department_id")
+    private Long departmentId;
+
+    @Column(name = "created_by")
+    private Long createdBy;
+
+    @Column(name = "created_at")
+    private LocalDateTime createdAt;
+
+    // Getters and Setters
+    public Long getId() { return id; }
+    public void setId(Long id) { this.id = id; }
+
+    public Long getUserId() { return userId; }
+    public void setUserId(Long userId) { this.userId = userId; }
+
+    public Long getRoleId() { return roleId; }
+    public void setRoleId(Long roleId) { this.roleId = roleId; }
+
+    public Long getDepartmentId() { return departmentId; }
+    public void setDepartmentId(Long departmentId) { this.departmentId = departmentId; }
+
+    public Long getCreatedBy() { return createdBy; }
+    public void setCreatedBy(Long createdBy) { this.createdBy = createdBy; }
+
+    public LocalDateTime getCreatedAt() { return createdAt; }
+    public void setCreatedAt(LocalDateTime createdAt) { this.createdAt = createdAt; }
+}

src/main/java/com/mosquito/project/permission/UserRoleRepository.java

@@ -0,0 +1,46 @@
+package com.mosquito.project.permission;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+/**
+ * 用户角色关联Repository
+ */
+@Repository
+public interface UserRoleRepository extends JpaRepository<SysUserRole, Long> {
+
+    /**
+     * 根据用户ID查询所有角色ID
+     */
+    List<SysUserRole> findByUserId(Long userId);
+
+    /**
+     * 根据用户ID查询所有角色代码
+     */
+    @Query("SELECT r.roleCode FROM SysUserRole ur JOIN SysRole r ON ur.roleId = r.id WHERE ur.userId = :userId AND r.deleted = false")
+    List<String> findRoleCodesByUserId(@Param("userId") Long userId);
+
+    /**
+     * 根据用户ID和角色ID查询
+     */
+    List<SysUserRole> findByUserIdAndRoleId(Long userId, Long roleId);
+
+    /**
+     * 检查用户是否拥有指定角色
+     */
+    boolean existsByUserIdAndRoleId(Long userId, Long roleId);
+
+    /**
+     * 删除用户角色关联
+     */
+    void deleteByUserIdAndRoleId(Long userId, Long roleId);
+
+    /**
+     * 删除用户所有角色关联
+     */
+    void deleteByUserId(Long userId);
+}