XW-AIOT/aiot-platform-cloud
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feat/multi-tenant
aiot-platform-cloud/sql/mysql/migrations/2026-04-23_user_project_permissions.sql
lzh 88cab42a9c feat(system): 用户-项目绑定管理 API + 顶栏项目下拉修正 
- 新增 UserProjectService/ServiceImpl/Controller:给用户分配项目、给项目分配成员
  幂等覆盖写入(diff 出增删),参考 PermissionServiceImpl.assignUserRole 模式
- 自踢守卫:禁止用户把自己从当前正在访问的项目中移除
- 超管守卫:assignProjectUsers 拒绝移除持有超管角色的用户(用 RoleService.hasAnySuperAdmin 判别,非 userId==1)
- ProjectController.simple-list 改为只返回"当前用户授权且启用"的项目(修 bug:原返回整租户启用项目,会让顶栏下拉看到无权访问的项目)
- 新增 /system/project/all-simple-list:管理员分配场景的全量项目下拉,权限复用 system:project:query
- ProjectService.deleteProject 加 @Transactional,同事务内级联软删 system_user_project
- 新增两条菜单权限种子 SQL,parent_id 子查询动态定位:
  * system:user:assign-project
  * system:project:assign-user
- 新增错误码 USER_PROJECT_CANNOT_REMOVE_SELF_CURRENT / USER_PROJECT_CANNOT_REMOVE_SUPER_ADMIN

设计文档:docs/design/2026-04-23-user-project-binding.md(在前端仓库)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 14:48:57 +08:00

60 lines
2.3 KiB
SQL
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-- ==============================================================
-- 用户-项目绑定 菜单权限种子
-- feat/user-project-api | 2026-04-23
-- --------------------------------------------------------------
-- 新增两条按钮权限:
-- 1) system:user:assign-project —— 用户管理页"分配项目"按钮
-- 2) system:project:assign-user —— 项目管理页"管理成员"按钮
--
-- parent_id 用子查询动态定位,避免不同环境 menu id 不同
-- ==============================================================
-- 1) 用户分配项目(挂在 用户管理 菜单下)
INSERT INTO system_menu
(name, permission, type, sort, parent_id,
path, icon, component, status,
creator, create_time, updater, update_time, deleted)
SELECT
'用户分配项目',
'system:user:assign-project',
3, -- 3 = 按钮
10, -- 排序值,靠后
m.id, -- 父菜单 = 用户管理
'', '', '', 0, -- 按钮不需要 path/icon/componentstatus=0 启用
'1', NOW(), '1', NOW(), 0
FROM system_menu m
WHERE m.permission = 'system:user:list' AND m.deleted = 0
AND NOT EXISTS (
SELECT 1 FROM system_menu x
WHERE x.permission = 'system:user:assign-project' AND x.deleted = 0
)
LIMIT 1;
-- 2) 项目管理成员(挂在 项目管理 菜单下)
INSERT INTO system_menu
(name, permission, type, sort, parent_id,
path, icon, component, status,
creator, create_time, updater, update_time, deleted)
SELECT
'项目管理成员',
'system:project:assign-user',
3,
10,
m.id,
'', '', '', 0,
'1', NOW(), '1', NOW(), 0
FROM system_menu m
WHERE m.permission = 'system:project:query' AND m.deleted = 0
AND NOT EXISTS (
SELECT 1 FROM system_menu x
WHERE x.permission = 'system:project:assign-user' AND x.deleted = 0
)
LIMIT 1;
-- --------------------------------------------------------------
-- 部署后核对:
-- SELECT id, name, permission, parent_id FROM system_menu
-- WHERE permission IN ('system:user:assign-project','system:project:assign-user');
-- 期望2 行parent_id 非 NULL 且分别指向"用户管理"和"项目管理"菜单
-- --------------------------------------------------------------
Reference in New Issue View Git Blame Copy Permalink