大致权限控制完成，新增优化权限控制代码

src/main/java/cn/zyp/stusystem/controller/LoginController.java

@@ -2,9 +2,9 @@ package cn.zyp.stusystem.controller;
 
 import cn.dev33.satoken.stp.StpUtil;
 import cn.zyp.stusystem.common.Result;
-import cn.zyp.stusystem.constant.PermissionConstants;
 import cn.zyp.stusystem.dto.LoginDTO;
 import cn.zyp.stusystem.entity.User;
+import cn.zyp.stusystem.service.RoleService;
 import cn.zyp.stusystem.service.UserService;
 import cn.zyp.stusystem.vo.LoginResult;
 import cn.zyp.stusystem.vo.UserVO;
@@ -23,6 +23,9 @@ public class LoginController {
     @Autowired
     private UserService userService;
 
+    @Autowired
+    private RoleService roleService;
+
     @PostMapping("/login")
     public Result<LoginResult> login(@RequestBody LoginDTO loginDTO) {
         // 1. 根据用户名查询用户信息
@@ -36,16 +39,28 @@ public class LoginController {
         // 3. SaToken登录（自动生成token）
         StpUtil.login(user.getId());
 
-        // 4. 在Session中存储角色和权限
+        // 4. 获取用户权限（从数据库获取，而不是从常量）
+        List<String> permissions = userService.getUserPermissions(user.getId());
+
+        // 5. 获取角色ID（如果user中没有roleId，则根据role查找）
+        Long roleId = user.getRoleId();
+        if (roleId == null && user.getRole() != null) {
+            roleId = roleService.getRoleIdByRoleCode(user.getRole());
+        }
+
+        // 6. 在Session中存储角色和权限
         StpUtil.getSession().set("role", user.getRole());
-        List<String> permissions = PermissionConstants.ROLE_PERMISSIONS.get(user.getRole());
         StpUtil.getSession().set("permissions", permissions);
+        if (roleId != null) {
+            StpUtil.getSession().set("roleId", roleId);
+        }
 
-        // 5. 构建返回数据
+        // 7. 构建返回数据
         UserVO userVO = new UserVO();
         userVO.setId(user.getId());
         userVO.setUsername(user.getUsername());
         userVO.setRole(user.getRole());
+        userVO.setRoleId(roleId != null ? roleId.toString() : null);  // 转换为字符串，前端需要
         userVO.setName(user.getName());
         userVO.setPermissions(permissions);
 

src/main/java/cn/zyp/stusystem/controller/RolePermissionController.java

@@ -15,23 +15,5 @@ public class RolePermissionController {
     @Autowired
     private RolePermissionService rolePermissionService;
 
-    /**
-     * 获取角色的权限列表
-     */
-    @GetMapping("/{roleId}/permissions")
-    public Result<List<String>> getRolePermissions(@PathVariable Long roleId) {
-        List<String> permissionCodes = rolePermissionService.getPermissionCodesByRoleId(roleId);
-        return Result.success(permissionCodes);
-    }
 
-    /**
-     * 保存角色的权限配置
-     */
-    @PostMapping("/{roleId}/permissions")
-    public Result<Boolean> saveRolePermissions(
-            @PathVariable Long roleId,
-            @RequestBody SaveRolePermissionsDTO dto) {
-        rolePermissionService.saveRolePermissions(roleId, dto.getPermissions());
-        return Result.success(true);
-    }
 }

src/main/java/cn/zyp/stusystem/entity/Role.java

@@ -3,6 +3,7 @@ package cn.zyp.stusystem.entity;
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
 
 import java.time.LocalDateTime;
@@ -13,9 +14,15 @@ public class Role {
     @TableId(type = IdType.AUTO)
     private Long id;
 
-    private String roleCode;      // 角色代码，如 admin
-    private String roleName;      // 角色名称，如 管理员
-    private Integer status;       // 状态：1-启用，0-禁用
+    private String roleCode;
+    private String roleName;
+    private Integer status;
+    private String remark;
+
+    // 前端期望字段名是 createTime
+    @JsonProperty("createTime")
     private LocalDateTime createdAt;
+
+    @JsonProperty("updateTime")
     private LocalDateTime updatedAt;
 }

src/main/java/cn/zyp/stusystem/service/impl/RolePermissionServiceImpl.java

@@ -5,6 +5,7 @@ import cn.zyp.stusystem.mapper.RolePermissionMapper;
 import cn.zyp.stusystem.service.RolePermissionService;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -16,6 +17,10 @@ import java.util.stream.Collectors;
 public class RolePermissionServiceImpl extends ServiceImpl<RolePermissionMapper, RolePermission> 
         implements RolePermissionService {
 
+
+    @Autowired
+    private RolePermissionMapper rolePermissionMapper;
+
     @Override
     public List<String> getPermissionCodesByRoleId(Long roleId) {
         if (roleId == null) {
@@ -52,10 +57,10 @@ public class RolePermissionServiceImpl extends ServiceImpl<RolePermissionMapper,
     @Override
     @Transactional(rollbackFor = Exception.class)
     public void saveRolePermissions(Long roleId, List<String> permissionCodes) {
-        // 1. 删除该角色的所有现有权限（使用MyBatis-Plus的remove方法）
-        remove(new LambdaQueryWrapper<RolePermission>()
-                .eq(RolePermission::getRoleId, roleId)
-        );
+        // 1. 删除该角色的所有权限
+        LambdaQueryWrapper<RolePermission> wrapper = new LambdaQueryWrapper<>();
+        wrapper.eq(RolePermission::getRoleId, roleId);
+        rolePermissionMapper.delete(wrapper);
 
         // 2. 批量插入新权限
         if (permissionCodes != null && !permissionCodes.isEmpty()) {
@@ -68,8 +73,7 @@ public class RolePermissionServiceImpl extends ServiceImpl<RolePermissionMapper,
                         return rp;
                     })
                     .collect(Collectors.toList());
-            
-            saveBatch(rolePermissions);
+            this.saveBatch(rolePermissions);
         }
     }
 }

src/main/java/cn/zyp/stusystem/service/impl/UserServiceImpl.java

@@ -2,14 +2,54 @@ package cn.zyp.stusystem.service.impl;
 
 import cn.zyp.stusystem.entity.User;
 import cn.zyp.stusystem.mapper.UserMapper;
+import cn.zyp.stusystem.service.RolePermissionService;
+import cn.zyp.stusystem.service.RoleService;
 import cn.zyp.stusystem.service.UserService;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
+
 @Service
 public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {
+
+    @Autowired
+    private RolePermissionService rolePermissionService;
+
+    @Autowired
+    private RoleService roleService;
+
     @Override
     public User getByUsername(String username) {
         return lambdaQuery().eq(User::getUsername, username).one();
     }
+
+    @Override
+    public List<String> getUserPermissions(Long userId) {
+        // 1. 查询用户信息
+        User user = getById(userId);
+        if (user == null) {
+            return List.of();
+        }
+
+        // 2. 获取角色ID（优先使用roleId，如果没有则根据role查找）
+        Long roleId = user.getRoleId();
+        if (roleId == null && user.getRole() != null) {
+            roleId = roleService.getRoleIdByRoleCode(user.getRole());
+            // 如果找到了roleId，更新到user表（优化后续查询）
+            if (roleId != null) {
+                user.setRoleId(roleId);
+                updateById(user);
+            }
+        }
+
+        // 3. 如果还是没有roleId，返回空列表
+        if (roleId == null) {
+            return List.of();
+        }
+
+        // 4. 查询该角色的所有权限
+        return rolePermissionService.getPermissionCodesByRoleId(roleId);
+    }
 }

src/main/java/cn/zyp/stusystem/vo/UserVO.java

@@ -1,14 +1,14 @@
 package cn.zyp.stusystem.vo;
 
 import lombok.Data;
-
 import java.util.List;
 
 @Data
 public class UserVO {
     private Long id;
     private String username;
-    private String role;
+    private String role;          // 角色代码，如 admin
+    private String roleId;        // 角色ID（字符串类型，前端需要）
     private String name;
-    private List<String> permissions;
+    private List<String> permissions;  // 权限列表
 }