fix(permission): 修复 JPA 查询兼容性问题

- 修改 UserRoleRepository 使用两步查询替代 JOIN...ON
- 修改 RolePermissionRepository 使用两步查询
- 修改 PermissionCheckService 使用新的查询方法
- 修改 RoleRepository 使用 @Query 注解
- 修复测试文件中的实体类访问修饰符

注：PermissionSchemaVerificationTest 有环境问题待修复

src/main/java/com/mosquito/project/permission/PermissionCheckService.java

@@ -3,6 +3,7 @@ package com.mosquito.project.permission;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -46,7 +47,7 @@ public class PermissionCheckService {
      * 检查用户是否拥有指定角色
      */
     public boolean hasRole(Long userId, String roleCode) {
-        List<String> userRoles = userRoleRepository.findRoleCodesByUserId(userId);
+        Set<String> userRoles = getUserRoleCodes(userId);
         return userRoles.contains(roleCode);
     }
 
@@ -88,15 +89,26 @@ public class PermissionCheckService {
      * 获取用户角色代码列表
      */
     private Set<String> getUserRoleCodes(Long userId) {
-        List<String> roleCodes = userRoleRepository.findRoleCodesByUserId(userId);
+        // 1. 获取用户所有角色ID
-        return Set.copyOf(roleCodes);
+        List<Long> roleIds = userRoleRepository.findRoleIdsByUserId(userId);
+        if (roleIds.isEmpty()) {
+            return Set.of();
+        }
+
+        // 2. 根据角色ID获取角色代码
+        return roleIds.stream()
+                .map(roleId -> roleRepository.findById(roleId))
+                .filter(Optional::isPresent)
+                .map(Optional::get)
+                .map(SysRole::getRoleCode)
+                .collect(Collectors.toSet());
     }
 
     /**
      * 检查角色是否拥有指定权限
      */
     private boolean roleHasPermission(String roleCode, String permissionCode) {
-        List<String> permissions = rolePermissionRepository.findPermissionCodesByRoleCode(roleCode);
+        Set<String> permissions = getRolePermissions(roleCode);
         return permissions.contains(permissionCode);
     }
 
@@ -104,7 +116,25 @@ public class PermissionCheckService {
      * 获取角色的所有权限
      */
     private Set<String> getRolePermissions(String roleCode) {
-        List<String> permissions = rolePermissionRepository.findPermissionCodesByRoleCode(roleCode);
+        // 1. 根据角色代码获取角色ID
-        return Set.copyOf(permissions);
+        List<Long> roleIds = rolePermissionRepository.findRoleIdsByRoleCode(roleCode);
+        if (roleIds.isEmpty()) {
+            return Set.of();
+        }
+
+        // 2. 获取角色所有权限ID
+        Long roleId = roleIds.get(0);
+        List<Long> permissionIds = rolePermissionRepository.findPermissionIdsByRoleId(roleId);
+        if (permissionIds.isEmpty()) {
+            return Set.of();
+        }
+
+        // 3. 根据权限ID获取权限代码
+        return permissionIds.stream()
+                .map(permId -> permissionRepository.findById(permId))
+                .filter(Optional::isPresent)
+                .map(Optional::get)
+                .map(SysPermission::getPermissionCode)
+                .collect(Collectors.toSet());
     }
 }

src/main/java/com/mosquito/project/permission/RolePermissionRepository.java

@@ -19,16 +19,16 @@ public interface RolePermissionRepository extends JpaRepository<SysRolePermissio
     List<SysRolePermission> findByRoleId(Long roleId);
 
     /**
-     * 根据角色ID查询所有权限代码
+     * 根据角色ID查询所有权限代码（两步查询）
      */
-    @Query("SELECT p.permissionCode FROM SysRolePermission rp JOIN SysPermission p ON rp.permissionId = p.id WHERE rp.roleId = :roleId")
+    @Query("SELECT rp.permissionId FROM SysRolePermission rp WHERE rp.roleId = :roleId")
-    List<String> findPermissionCodesByRoleId(@Param("roleId") Long roleId);
+    List<Long> findPermissionIdsByRoleId(@Param("roleId") Long roleId);
 
     /**
-     * 根据角色代码查询所有权限代码
+     * 根据角色代码查询所有权限代码（两步查询）
      */
-    @Query("SELECT p.permissionCode FROM SysRolePermission rp JOIN SysPermission p ON rp.permissionId = p.id JOIN SysRole r ON rp.roleId = r.id WHERE r.roleCode = :roleCode")
+    @Query("SELECT r.id FROM SysRole r WHERE r.roleCode = :roleCode")
-    List<String> findPermissionCodesByRoleCode(@Param("roleCode") String roleCode);
+    List<Long> findRoleIdsByRoleCode(@Param("roleCode") String roleCode);
 
     /**
      * 检查角色是否拥有指定权限

src/main/java/com/mosquito/project/permission/RoleRepository.java

@@ -1,6 +1,8 @@
 package com.mosquito.project.permission;
 
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
 import java.util.Optional;
@@ -24,5 +26,6 @@ public interface RoleRepository extends JpaRepository<SysRole, Long> {
     /**
      * 根据角色代码查询（排除已删除）
      */
-    Optional<SysRole> findByRoleCodeAndDeletedFalse(String roleCode);
+    @Query("SELECT r FROM SysRole r WHERE r.roleCode = :roleCode AND r.deleted = 0")
+    Optional<SysRole> findByRoleCodeAndDeletedFalse(@Param("roleCode") String roleCode);
 }

src/main/java/com/mosquito/project/permission/UserRoleRepository.java

@@ -19,10 +19,10 @@ public interface UserRoleRepository extends JpaRepository<SysUserRole, Long> {
     List<SysUserRole> findByUserId(Long userId);
 
     /**
-     * 根据用户ID查询所有角色代码
+     * 根据用户ID查询所有角色代码（两步查询）
      */
-    @Query("SELECT r.roleCode FROM SysUserRole ur JOIN SysRole r ON ur.roleId = r.id WHERE ur.userId = :userId AND r.deleted = false")
+    @Query("SELECT ur.roleId FROM SysUserRole ur WHERE ur.userId = :userId")
-    List<String> findRoleCodesByUserId(@Param("userId") Long userId);
+    List<Long> findRoleIdsByUserId(@Param("userId") Long userId);
 
     /**
      * 根据用户ID和角色ID查询

src/test/java/com/mosquito/project/permission/PermissionSchemaVerificationTest.java

@@ -270,7 +270,7 @@ class PermissionSchemaVerificationTest {
 
 @Entity
 @Table(name = "sys_role")
-public class SysRole {
+class SysRole {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -305,7 +305,7 @@ public class SysRole {
 
 @Entity
 @Table(name = "sys_permission")
-public class SysPermission {
+class SysPermission {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -340,7 +340,7 @@ public class SysPermission {
 
 @Entity
 @Table(name = "sys_user_role")
-public class SysUserRole {
+class SysUserRole {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -363,7 +363,7 @@ public class SysUserRole {
 
 @Entity
 @Table(name = "sys_role_permission")
-public class SysRolePermission {
+class SysRolePermission {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -380,7 +380,7 @@ public class SysRolePermission {
 
 @Entity
 @Table(name = "sys_department")
-public class SysDepartment {
+class SysDepartment {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -409,7 +409,7 @@ public class SysDepartment {
 
 @Entity
 @Table(name = "sys_approval_flow")
-public class SysApprovalFlow {
+class SysApprovalFlow {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -444,7 +444,7 @@ public class SysApprovalFlow {
 
 @Entity
 @Table(name = "sys_approval_record")
-public class SysApprovalRecord {
+class SysApprovalRecord {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -479,7 +479,7 @@ public class SysApprovalRecord {
 
 @Entity
 @Table(name = "sys_approval_history")
-public class SysApprovalHistory {
+class SysApprovalHistory {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -505,7 +505,7 @@ public class SysApprovalHistory {
 
 @Entity
 @Table(name = "sys_permission_audit")
-public class SysPermissionAudit {
+class SysPermissionAudit {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -537,7 +537,7 @@ public class SysPermissionAudit {
 
 @Entity
 @Table(name = "sys_sensitive_field")
-public class SysSensitiveField {
+class SysSensitiveField {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;