feat(用户管理): 添加用户角色功能并实现权限控制

- 在用户表中添加role字段并设置默认值为'USER'
- 前端添加isAdmin getter判断用户角色
- 后端实现角色字段的VO映射和默认值设置
- 为关键接口添加@PreAuthorize权限控制
- 移除图片控制器中冗余的权限检查代码

biji-houdaun/src/main/java/com/test/bijihoudaun/controller/GroupingController.java

@@ -10,6 +10,7 @@ import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -23,6 +24,7 @@ public class GroupingController {
     private GroupingService groupingService;
 
     @Operation(summary = "创建分组")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping
     public R<Grouping> createGrouping(@RequestBody Grouping grouping) {
         if (ObjectUtil.isNull(grouping.getParentId())) {
@@ -47,6 +49,7 @@ public class GroupingController {
     }
 
     @Operation(summary = "更新分组名称")
+    @PreAuthorize("hasRole('ADMIN')")
     @PutMapping("/{id}")
     public R<Grouping> updateGrouping(
             @PathVariable String id,
@@ -59,6 +62,7 @@ public class GroupingController {
     }
 
     @Operation(summary = "删除分组")
+    @PreAuthorize("hasRole('ADMIN')")
     @DeleteMapping("/{id}")
     public R<Void> deleteGrouping(@PathVariable String id) {
         Long idLong = Long.parseLong(id);