完善保险项目和养殖端小程序

insurance_backend/middleware/auth.js

@@ -133,7 +133,7 @@ const checkPermission = (resource, action) => {
       // 如果JWT中没有权限信息，或者JWT权限不足，从数据库查询最新权限
       if (permissions.length === 0 || !hasPermission) {
         console.log('JWT权限不足或为空，从数据库获取最新权限...');
-        const { Role } = require('../models');
+        const { Role, RolePermission, Permission } = require('../models');
         const userRole = await Role.findByPk(user.role_id);
         
         if (!userRole) {
@@ -141,21 +141,21 @@ const checkPermission = (resource, action) => {
           return res.status(403).json(responseFormat.error('用户角色不存在'));
         }
         
-        let rolePermissions = userRole.permissions || [];
+        // 从RolePermission表获取权限
+        const rolePermissions = await RolePermission.findAll({
+          where: { 
+            role_id: user.role_id,
+            granted: true 
+          },
+          include: [{
+            model: Permission,
+            as: 'permission',
+            attributes: ['code']
+          }]
+        });
         
-        // 如果permissions是字符串，尝试解析为JSON
-        if (typeof rolePermissions === 'string') {
-          try {
-            permissions = JSON.parse(rolePermissions);
-          } catch (e) {
-            console.log('数据库权限解析失败:', e.message);
-            permissions = [];
-          }
-        } else if (Array.isArray(rolePermissions)) {
-          permissions = rolePermissions;
-        }
-        
-        console.log('从数据库获取的最新权限:', permissions);
+        permissions = rolePermissions.map(rp => rp.permission.code);
+        console.log('从RolePermission表获取的最新权限:', permissions);
         
         // 重新检查权限
         hasPermission = permissions.includes(requiredPermission) ||