fix(menutenant): 解决租户的菜单授权和角色授权菜单交集问题。

backend/app/api/v1/module_system/menu/model.py

@@ -4,13 +4,13 @@
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
 from app.common.enums import PermissionFilterStrategy
-from app.core.base_model import ModelMixin, TenantMixin
+from app.core.base_model import ModelMixin
 
 if TYPE_CHECKING:
     from app.api.v1.module_system.role.model import RoleModel
 
 
-class MenuModel(ModelMixin, TenantMixin):
+class MenuModel(ModelMixin):
     """
     菜单表 - 用于存储系统菜单信息
 

backend/app/api/v1/module_system/tenant/service.py

@@ -1,6 +1,7 @@
 import json
 import random
 import string
+from datetime import datetime
 
 import sqlalchemy as sa
 from redis.asyncio.client import Redis
@@ -18,16 +19,22 @@
 from app.utils.hash_bcrpy_util import PwdUtil
 
 from .crud import TenantCRUD
-from .model import TenantConfigModel, TenantMenuModel, TenantModel, TenantQuotaModel, TenantUserModel
+from .model import (
+    TenantConfigModel,
+    TenantMenuModel,
+    TenantModel,
+    TenantQuotaModel,
+    TenantUserModel,
+)
 from .schema import (
     TenantConfigItem,
     TenantConfigOutSchema,
     TenantCreateSchema,
     TenantMenuSetSchema,
     TenantOutSchema,
+    TenantQueryParam,
     TenantQuotaOutSchema,
     TenantQuotaUpdateSchema,
-    TenantQueryParam,
     TenantUpdateSchema,
     TenantUserAddSchema,
     TenantUserOutSchema,
@@ -96,6 +103,16 @@ async def create_service(cls, auth: AuthSchema, data: TenantCreateSchema) -> dic
             user_obj = await UserCRUD(auth).create(data=admin_data)
             if not user_obj:
                 raise CustomException(msg="创建租户初始管理员失败")
+            auth.db.add(
+                TenantUserModel(
+                    user_id=user_obj.id,
+                    tenant_id=tenant_obj.id,
+                    role="admin",
+                    is_default=1,
+                    create_time=datetime.now(),
+                )
+            )
+            await auth.db.flush()
         except CustomException:
             raise
         except Exception as e:
@@ -526,9 +543,10 @@ async def init_tenant_config_cache(cls, redis: Redis) -> None:
         返回:
         - None
         """
-        from app.core.database import async_db_session
         from sqlalchemy import select
 
+        from app.core.database import async_db_session
+
         async with async_db_session() as session:
             async with session.begin():
                 stmt = select(TenantModel)

backend/app/api/v1/module_system/user/service.py

@@ -34,6 +34,28 @@
 class UserService:
     """用户模块服务层"""
 
+    @staticmethod
+    async def _is_tenant_admin_user(auth: AuthSchema) -> bool:
+        """判断当前用户是否为租户 admin。"""
+        if not auth.user or not auth.user.id or not auth.user.tenant_id:
+            return False
+
+        from sqlalchemy import select
+
+        from app.api.v1.module_system.tenant.model import TenantUserModel
+
+        member_stmt = (
+            select(TenantUserModel.role)
+            .where(
+                TenantUserModel.user_id == auth.user.id,
+                TenantUserModel.tenant_id == auth.user.tenant_id,
+            )
+            .limit(1)
+        )
+        member_result = await auth.db.execute(member_stmt)
+        member_role = member_result.scalar_one_or_none()
+        return member_role == "admin"
+
     @classmethod
     async def get_detail_by_id_service(cls, auth: AuthSchema, id: int) -> dict:
         """
@@ -325,6 +347,14 @@ async def get_current_user_info_service(cls, auth: AuthSchema) -> dict:
                 if allowed_ids is not None:
                     allowed_set = set(allowed_ids)
                     menu_ids = menu_ids & allowed_set
+            elif auth.user.tenant_id:
+                from app.api.v1.module_system.tenant.service import TenantService
+
+                allowed_ids = await TenantService.get_tenant_menu_ids(
+                    auth, auth.user.tenant_id
+                )
+                if allowed_ids is not None and await cls._is_tenant_admin_user(auth):
+                    menu_ids = set(allowed_ids)
 
             # 使用树形结构查询，预加载children关系
             menus = (