feat(auth): 角色管理CRUD与角色权限绑定功能

新增角色创建/编辑/删除接口和角色-权限绑定接口，支持管理员自定义角色并灵活配置权限。
前端新增角色CRUD弹窗、按模块分组的权限配置面板，内置角色禁止删除但允许编辑和配置权限。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/shared/domain-common/src/main/resources/mappers/AuthMapper.xml

@@ -73,10 +73,11 @@
 
     <select id="listRoles" resultType="com.datamate.common.auth.domain.model.AuthRoleInfo">
         SELECT id,
-               role_code AS roleCode,
-               role_name AS roleName,
+               role_code    AS roleCode,
+               role_name    AS roleName,
                description,
-               enabled
+               enabled,
+               is_built_in  AS isBuiltIn
         FROM t_auth_roles
         ORDER BY role_code ASC
     </select>
@@ -116,5 +117,80 @@
             (#{userId}, #{roleId})
         </foreach>
     </insert>
+
+    <select id="findRoleById" resultType="com.datamate.common.auth.domain.model.AuthRoleInfo">
+        SELECT id,
+               role_code   AS roleCode,
+               role_name   AS roleName,
+               description,
+               enabled,
+               is_built_in AS isBuiltIn
+        FROM t_auth_roles
+        WHERE id = #{roleId}
+        LIMIT 1
+    </select>
+
+    <select id="findRoleByCode" resultType="com.datamate.common.auth.domain.model.AuthRoleInfo">
+        SELECT id,
+               role_code   AS roleCode,
+               role_name   AS roleName,
+               description,
+               enabled,
+               is_built_in AS isBuiltIn
+        FROM t_auth_roles
+        WHERE role_code = #{roleCode}
+        LIMIT 1
+    </select>
+
+    <insert id="insertRole">
+        INSERT INTO t_auth_roles (id, role_code, role_name, description, is_built_in, enabled)
+        VALUES (#{id}, #{roleCode}, #{roleName}, #{description}, 0, 1)
+    </insert>
+
+    <update id="updateRole">
+        UPDATE t_auth_roles
+        SET role_name   = #{roleName},
+            description = #{description},
+            enabled     = #{enabled}
+        WHERE id = #{roleId}
+    </update>
+
+    <delete id="deleteRoleById">
+        DELETE FROM t_auth_roles
+        WHERE id = #{roleId}
+    </delete>
+
+    <select id="findPermissionIdsByRoleId" resultType="string">
+        SELECT permission_id
+        FROM t_auth_role_permissions
+        WHERE role_id = #{roleId}
+    </select>
+
+    <delete id="deleteRolePermissions">
+        DELETE FROM t_auth_role_permissions
+        WHERE role_id = #{roleId}
+    </delete>
+
+    <insert id="insertRolePermissions">
+        INSERT INTO t_auth_role_permissions (role_id, permission_id)
+        VALUES
+        <foreach collection="permissionIds" item="permissionId" separator=",">
+            (#{roleId}, #{permissionId})
+        </foreach>
+    </insert>
+
+    <select id="countPermissionsByIds" resultType="int">
+        SELECT COUNT(1)
+        FROM t_auth_permissions
+        WHERE id IN
+        <foreach collection="permissionIds" item="permissionId" open="(" separator="," close=")">
+            #{permissionId}
+        </foreach>
+    </select>
+
+    <delete id="deleteUserRolesByRoleId">
+        DELETE FROM t_auth_user_roles
+        WHERE role_id = #{roleId}
+    </delete>
 </mapper>