feat(role): 新增平台角色管理功能增强

- 权限表增加 available_for_role_types 字段，支持标记权限可用角色类型
- 权限列表和权限树接口支持按 available_for_role_type 过滤
- 新增角色状态切换接口 PUT /api/admin/roles/:id/status
- 角色分配权限时验证权限的可用角色类型
- 完善数据库迁移脚本和单元测试
- 补充数据库迁移相关开发规范文档

internal/service/permission/service.go

@@ -202,6 +202,9 @@ func (s *Service) List(ctx context.Context, req *model.PermissionListRequest) ([
 	if req.Platform != "" {
 		filters["platform"] = req.Platform
 	}
+	if req.AvailableForRoleType != nil {
+		filters["available_for_role_type"] = *req.AvailableForRoleType
+	}
 	if req.ParentID != nil {
 		filters["parent_id"] = *req.ParentID
 	}
@@ -213,35 +216,32 @@ func (s *Service) List(ctx context.Context, req *model.PermissionListRequest) ([
 }
 
 // GetTree 获取权限树
-func (s *Service) GetTree(ctx context.Context) ([]*model.PermissionTreeNode, error) {
-	// 获取所有权限
-	permissions, err := s.permissionStore.GetAll(ctx)
+func (s *Service) GetTree(ctx context.Context, availableForRoleType *int) ([]*model.PermissionTreeNode, error) {
+	permissions, err := s.permissionStore.GetAll(ctx, availableForRoleType)
 	if err != nil {
 		return nil, fmt.Errorf("获取权限列表失败: %w", err)
 	}
 
-	// 构建树结构
 	return buildPermissionTree(permissions), nil
 }
 
 // buildPermissionTree 构建权限树
 func buildPermissionTree(permissions []*model.Permission) []*model.PermissionTreeNode {
-	// 转换为节点映射
 	nodeMap := make(map[uint]*model.PermissionTreeNode)
 	for _, p := range permissions {
 		nodeMap[p.ID] = &model.PermissionTreeNode{
-			ID:       p.ID,
-			PermName: p.PermName,
-			PermCode: p.PermCode,
-			PermType: p.PermType,
-			Platform: p.Platform,
-			URL:      p.URL,
-			Sort:     p.Sort,
-			Children: make([]*model.PermissionTreeNode, 0),
+			ID:                    p.ID,
+			PermName:              p.PermName,
+			PermCode:              p.PermCode,
+			PermType:              p.PermType,
+			Platform:              p.Platform,
+			AvailableForRoleTypes: p.AvailableForRoleTypes,
+			URL:                   p.URL,
+			Sort:                  p.Sort,
+			Children:              make([]*model.PermissionTreeNode, 0),
 		}
 	}
 
-	// 构建树
 	var roots []*model.PermissionTreeNode
 	for _, p := range permissions {
 		node := nodeMap[p.ID]
@@ -250,7 +250,6 @@ func buildPermissionTree(permissions []*model.Permission) []*model.PermissionTre
 		} else if parent, ok := nodeMap[*p.ParentID]; ok {
 			parent.Children = append(parent.Children, node)
 		} else {
-			// 如果找不到父节点，作为根节点处理
 			roots = append(roots, node)
 		}
 	}

internal/service/role/service.go

@@ -5,6 +5,7 @@ package role
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/break/junhong_cmp_fiber/internal/model"
 	"github.com/break/junhong_cmp_fiber/internal/store"
@@ -151,14 +152,12 @@ func (s *Service) List(ctx context.Context, req *model.RoleListRequest) ([]*mode
 
 // AssignPermissions 为角色分配权限
 func (s *Service) AssignPermissions(ctx context.Context, roleID uint, permIDs []uint) ([]*model.RolePermission, error) {
-	// 获取当前用户 ID
 	currentUserID := middleware.GetUserIDFromContext(ctx)
 	if currentUserID == 0 {
 		return nil, errors.New(errors.CodeUnauthorized, "未授权访问")
 	}
 
-	// 检查角色存在
-	_, err := s.roleStore.GetByID(ctx, roleID)
+	role, err := s.roleStore.GetByID(ctx, roleID)
 	if err != nil {
 		if err == gorm.ErrRecordNotFound {
 			return nil, errors.New(errors.CodeRoleNotFound, "角色不存在")
@@ -166,24 +165,32 @@ func (s *Service) AssignPermissions(ctx context.Context, roleID uint, permIDs []
 		return nil, fmt.Errorf("获取角色失败: %w", err)
 	}
 
-	// 验证所有权限存在
-	for _, permID := range permIDs {
-		_, err := s.permissionStore.GetByID(ctx, permID)
-		if err != nil {
-			if err == gorm.ErrRecordNotFound {
-				return nil, errors.New(errors.CodePermissionNotFound, fmt.Sprintf("权限 %d 不存在", permID))
-			}
-			return nil, fmt.Errorf("获取权限失败: %w", err)
+	permissions, err := s.permissionStore.GetByIDs(ctx, permIDs)
+	if err != nil {
+		return nil, fmt.Errorf("获取权限失败: %w", err)
+	}
+
+	if len(permissions) != len(permIDs) {
+		return nil, errors.New(errors.CodePermissionNotFound, "部分权限不存在")
+	}
+
+	roleTypeStr := fmt.Sprintf("%d", role.RoleType)
+	var invalidPermIDs []uint
+	for _, perm := range permissions {
+		if !contains(perm.AvailableForRoleTypes, roleTypeStr) {
+			invalidPermIDs = append(invalidPermIDs, perm.ID)
 		}
 	}
 
-	// 创建关联
+	if len(invalidPermIDs) > 0 {
+		return nil, errors.New(errors.CodeInvalidParam, fmt.Sprintf("权限 %v 不适用于此角色类型", invalidPermIDs))
+	}
+
 	var rps []*model.RolePermission
 	for _, permID := range permIDs {
-		// 检查是否已分配
 		exists, _ := s.rolePermissionStore.Exists(ctx, roleID, permID)
 		if exists {
-			continue // 跳过已存在的关联
+			continue
 		}
 
 		rp := &model.RolePermission{
@@ -227,7 +234,6 @@ func (s *Service) GetPermissions(ctx context.Context, roleID uint) ([]*model.Per
 
 // RemovePermission 移除角色的权限
 func (s *Service) RemovePermission(ctx context.Context, roleID, permID uint) error {
-	// 检查角色存在
 	_, err := s.roleStore.GetByID(ctx, roleID)
 	if err != nil {
 		if err == gorm.ErrRecordNotFound {
@@ -236,10 +242,44 @@ func (s *Service) RemovePermission(ctx context.Context, roleID, permID uint) err
 		return fmt.Errorf("获取角色失败: %w", err)
 	}
 
-	// 删除关联
 	if err := s.rolePermissionStore.Delete(ctx, roleID, permID); err != nil {
 		return fmt.Errorf("删除角色-权限关联失败: %w", err)
 	}
 
 	return nil
 }
+
+// UpdateStatus 更新角色状态
+func (s *Service) UpdateStatus(ctx context.Context, id uint, status int) error {
+	currentUserID := middleware.GetUserIDFromContext(ctx)
+	if currentUserID == 0 {
+		return errors.New(errors.CodeUnauthorized, "未授权访问")
+	}
+
+	role, err := s.roleStore.GetByID(ctx, id)
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return errors.New(errors.CodeRoleNotFound, "角色不存在")
+		}
+		return fmt.Errorf("获取角色失败: %w", err)
+	}
+
+	role.Status = status
+	role.Updater = currentUserID
+
+	if err := s.roleStore.Update(ctx, role); err != nil {
+		return fmt.Errorf("更新角色状态失败: %w", err)
+	}
+
+	return nil
+}
+
+func contains(availableForRoleTypes, roleTypeStr string) bool {
+	types := strings.Split(availableForRoleTypes, ",")
+	for _, t := range types {
+		if strings.TrimSpace(t) == roleTypeStr {
+			return true
+		}
+	}
+	return false
+}