fix(auth): prevent AttributeError when querying permissions for users with no role

inventory-backend/app/services/auth_service.py

@@ -345,9 +345,13 @@ class AuthService:
             'elements': ['inbound_buy:unit_price', ...]
         }
         """
+        # 防御性编程：role_code 为空时直接返回空权限，避免后续 SQL 崩溃
+        if not role_code:
+            return {'menus': [], 'elements': []}
+
         # 超级管理员返回所有权限（通配符）
         from app.utils.constants import UserRole
-        if role_code and role_code.upper() == UserRole.SUPER_ADMIN:
+        if role_code.upper() == UserRole.SUPER_ADMIN:
             # 返回通配符，表示拥有所有菜单和元素权限
             return {
                 'menus': ['*'],