feat(system): 用户-项目绑定管理 API + 顶栏项目下拉修正

- 新增 UserProjectService/ServiceImpl/Controller：给用户分配项目、给项目分配成员幂等覆盖写入（diff 出增删），参考 PermissionServiceImpl.assignUserRole 模式 - 自踢守卫：禁止用户把自己从当前正在访问的项目中移除 - 超管守卫：assignProjectUsers 拒绝移除持有超管角色的用户（用 RoleService.hasAnySuperAdmin 判别，非 userId==1） - ProjectController.simple-list 改为只返回"当前用户授权且启用"的项目（修 bug：原返回整租户启用项目，会让顶栏下拉看到无权访问的项目） - 新增 /system/project/all-simple-list：管理员分配场景的全量项目下拉，权限复用 system:project:query - ProjectService.deleteProject 加 @Transactional，同事务内级联软删 system_user_project - 新增两条菜单权限种子 SQL，parent_id 子查询动态定位： * system:user:assign-project * system:project:assign-user - 新增错误码 USER_PROJECT_CANNOT_REMOVE_SELF_CURRENT / USER_PROJECT_CANNOT_REMOVE_SUPER_ADMIN 设计文档：docs/design/2026-04-23-user-project-binding.md（在前端仓库） Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 14:48:57 +08:00
parent b91a366f51
commit 88cab42a9c
10 changed files with 463 additions and 2 deletions
--- a/sql/mysql/migrations/2026-04-23_user_project_permissions.sql
+++ b/sql/mysql/migrations/2026-04-23_user_project_permissions.sql
@@ -0,0 +1,59 @@
+-- ==============================================================
+--  用户-项目绑定 菜单权限种子
+--  feat/user-project-api  |  2026-04-23
+-- --------------------------------------------------------------
+--  新增两条按钮权限：
+--   1) system:user:assign-project  —— 用户管理页"分配项目"按钮
+--   2) system:project:assign-user  —— 项目管理页"管理成员"按钮
+--
+--  parent_id 用子查询动态定位，避免不同环境 menu id 不同
+-- ==============================================================
+
+-- 1) 用户分配项目（挂在 用户管理 菜单下）
+INSERT INTO system_menu
+  (name, permission, type, sort, parent_id,
+   path, icon, component, status,
+   creator, create_time, updater, update_time, deleted)
+SELECT
+  '用户分配项目',
+  'system:user:assign-project',
+  3,                                   -- 3 = 按钮
+  10,                                  -- 排序值，靠后
+  m.id,                                -- 父菜单 = 用户管理
+  '', '', '', 0,                       -- 按钮不需要 path/icon/component；status=0 启用
+  '1', NOW(), '1', NOW(), 0
+FROM system_menu m
+WHERE m.permission = 'system:user:list' AND m.deleted = 0
+  AND NOT EXISTS (
+    SELECT 1 FROM system_menu x
+    WHERE x.permission = 'system:user:assign-project' AND x.deleted = 0
+  )
+LIMIT 1;
+
+-- 2) 项目管理成员（挂在 项目管理 菜单下）
+INSERT INTO system_menu
+  (name, permission, type, sort, parent_id,
+   path, icon, component, status,
+   creator, create_time, updater, update_time, deleted)
+SELECT
+  '项目管理成员',
+  'system:project:assign-user',
+  3,
+  10,
+  m.id,
+  '', '', '', 0,
+  '1', NOW(), '1', NOW(), 0
+FROM system_menu m
+WHERE m.permission = 'system:project:query' AND m.deleted = 0
+  AND NOT EXISTS (
+    SELECT 1 FROM system_menu x
+    WHERE x.permission = 'system:project:assign-user' AND x.deleted = 0
+  )
+LIMIT 1;
+
+-- --------------------------------------------------------------
+-- 部署后核对：
+--   SELECT id, name, permission, parent_id FROM system_menu
+--   WHERE permission IN ('system:user:assign-project','system:project:assign-user');
+-- 期望：2 行，parent_id 非 NULL 且分别指向"用户管理"和"项目管理"菜单
+-- --------------------------------------------------------------