From 357827a8812b736dd47045977a306cb9b2b18916 Mon Sep 17 00:00:00 2001
From: veypi <i@veypi.com>
Date: Tue, 3 Mar 2026 10:31:39 +0800
Subject: [PATCH] fix(auth): Fix table prefix issue in permission query and
 simplify permission ID format

    - Fix hardcoded table name 'user_roles' to use GORM model for proper table prefix support
    - Simplify permission ID format from 'scope:roleCode:permission:level' to 'scope:permission:level'
    - Update comments to reflect the new ID format
---
 auth/auth.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/auth/auth.go b/auth/auth.go
index 77e54c0..b8849c1 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -398,7 +398,7 @@ func (a *appAuth) init() error {
 		}
 
 		// 2. 同步角色权限 (Diff Sync)
-		// ID格式: scope:roleCode:permissionID:level
+		// ID格式: scoped:permission:level (用于唯一标识和 Diff Sync)
 		var targetIDs []string
 
 		// 获取该角色当前scope下的所有权限ID，用于快速比对
@@ -422,8 +422,8 @@ func (a *appAuth) init() error {
 			var level int
 			fmt.Sscanf(levelStr, "%d", &level)
 
-			// 生成确定性 ID
-			id := fmt.Sprintf("%s:%s:%s:%d", a.scope, role.Code, permID, level)
+			// 生成确定性 ID: scoped:permission:level
+			id := fmt.Sprintf("%s:%s:%d", a.scope, permID, level)
 			targetIDs = append(targetIDs, id)
 
 			// 检查是否存在
@@ -476,7 +476,7 @@ func (a *appAuth) getUserPermissions(userID string) ([]models.Permission, error)
 	// UserRole 关联的是 RoleID
 	// Role 表已经没有 Scope，所以这里查出用户拥有的所有角色ID
 	var roleIDs []string
-	if err := db.Table("user_roles").
+	if err := db.Model(&models.UserRole{}).
 		Where("user_id = ?", userID).
 		Pluck("role_id", &roleIDs).Error; err != nil {
 		return nil, err