feat(auth): add DEVELOPER + PARK_OPERATOR roles with owner scoping (B2B accounts)

Two new B2B roles for CĐT (project developers) and KCN operators, provisioned by
admin. Each account owns a subset of ProjectDevelopment / IndustrialPark records
and can CRUD them from the dashboard; admin retains full access.

Phase 1 — Schema
- Extend UserRole enum with DEVELOPER + PARK_OPERATOR (before ADMIN)
- ProjectDevelopment.ownerId FK (User, ON DELETE SET NULL) + index
- IndustrialPark.ownerId FK + index
- Migration 20260420030000

Phase 2a — Backend authorization
- CreateProjectCommand + CreateIndustrialParkCommand accept ownerId; controllers
  auto-set it to the caller's user id when role=DEVELOPER / PARK_OPERATOR
- Update + Delete commands gain (requesterUserId, requesterRole) and enforce
  ADMIN-or-owner via ForbiddenException; reassigning ownerId is admin-only
- Search params gain optional ownerId filter wired through Prisma repos
- New endpoints: GET /projects/mine/list, GET /industrial/parks/mine/list
- user-rate-limit guard: add DEVELOPER + PARK_OPERATOR entries (300/window)

Phase 2b — Admin provision
- ProvisionDeveloperCommand/Handler: create user (role=DEVELOPER), pre-validate
  target projects have no existing owner, batch-assign ownerId
- ProvisionParkOperatorCommand/Handler: same for PARK_OPERATOR + IndustrialPark
- POST /admin/accounts/developers, POST /admin/accounts/park-operators (admin-only)
- DTOs with phone/password/fullName/email + optional {project,park}Ids[]

Phase 2c — Project stats for developer dashboard
- GetProjectStatsQuery + handler: aggregates linkedListingCount, activeListingCount,
  totalInquiries, unreadInquiries, savedByUsers via Property → Listing → Inquiry chain
- GET /projects/:id/stats — admin sees all, DEVELOPER only their own (403 otherwise)

Phase 3 — Frontend
- Dashboard layout role-aware: DEVELOPER sees "Dự án của tôi" + CRM + Profile (hides
  listings/analytics/subscription); PARK_OPERATOR sees "KCN của tôi" equivalent
- /projects dashboard page switches to duAnApi.searchMine() when role=DEVELOPER
- /industrial-parks page switches to industrialApi.searchMine() when role=PARK_OPERATOR
- Admin nav gains "Tài khoản CĐT" + "Tài khoản KCN" entries
- New pages /admin/accounts/developers + /admin/accounts/park-operators with
  checkbox-based multi-select for linking entities
- adminApi.provisionDeveloper + provisionParkOperator + types
- duAnApi.searchMine + getStats; industrialApi.searchMine
- Login demo accounts list includes CĐT Vingroup + KCN VSIP

Phase 4 — Seed (prisma/seed-b2b-accounts.ts)
- DEVELOPER "CĐT Vingroup" (+84912000001) owns 4 projects
- DEVELOPER "CĐT Masterise Homes" (+84912000003) owns 2 projects
- PARK_OPERATOR "Vận hành KCN VSIP" (+84912000002) owns 2 seeded KCN
- Password Velik@2026 for all

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

apps/api/src/modules/projects/application/commands/create-project/create-project.command.ts

@@ -29,5 +29,11 @@ export class CreateProjectCommand {
     public readonly completionDate: Date | null,
     public readonly suitableFor: string[] = [],
     public readonly whyThisLocation: string | null = null,
+    /**
+     * Owner of the new project. Admin can pass any user id (e.g. when
+     * provisioning a project on behalf of a CĐT). DEVELOPER callers are
+     * forced to their own id. Null = unassigned (admin-managed).
+     */
+    public readonly ownerId: string | null = null,
   ) {}
 }

apps/api/src/modules/projects/application/commands/create-project/create-project.handler.ts

@@ -57,6 +57,7 @@ export class CreateProjectHandler implements ICommandHandler<CreateProjectComman
         suitableFor: cmd.suitableFor ?? [],
         whyThisLocation: cmd.whyThisLocation ?? null,
         isVerified: false,
+        ownerId: cmd.ownerId ?? null,
       },
       now,
       now,

apps/api/src/modules/projects/application/commands/delete-project/delete-project.command.ts

@@ -1,3 +1,9 @@
+import type { UserRole } from '@prisma/client';
+
 export class DeleteProjectCommand {
-  constructor(public readonly id: string) {}
+  constructor(
+    public readonly id: string,
+    public readonly requesterUserId: string,
+    public readonly requesterRole: UserRole,
+  ) {}
 }

apps/api/src/modules/projects/application/commands/delete-project/delete-project.handler.ts

@@ -1,4 +1,4 @@
-import { Inject } from '@nestjs/common';
+import { ForbiddenException, Inject } from '@nestjs/common';
 import { type ICommandHandler, CommandHandler } from '@nestjs/cqrs';
 import { NotFoundException } from '@modules/shared';
 import {
@@ -20,6 +20,14 @@ export class DeleteProjectHandler implements ICommandHandler<DeleteProjectComman
       throw new NotFoundException('Dự án', cmd.id);
     }
 
+    // Authorisation: ADMIN may delete anything; DEVELOPER may delete only
+    // projects they own.
+    if (cmd.requesterRole !== 'ADMIN') {
+      if (cmd.requesterRole !== 'DEVELOPER' || entity.ownerId !== cmd.requesterUserId) {
+        throw new ForbiddenException('Bạn không có quyền xoá dự án này');
+      }
+    }
+
     await this.repo.delete(cmd.id);
   }
 }

apps/api/src/modules/projects/application/commands/update-project/update-project.command.ts

@@ -1,8 +1,11 @@
-import type { ProjectDevelopmentStatus } from '@prisma/client';
+import type { ProjectDevelopmentStatus, UserRole } from '@prisma/client';
 
 export class UpdateProjectCommand {
   constructor(
     public readonly id: string,
+    /** User performing the update. Used to enforce ownership for DEVELOPER role. */
+    public readonly requesterUserId: string,
+    public readonly requesterRole: UserRole,
     public readonly name?: string,
     public readonly developer?: string,
     public readonly developerLogo?: string | null,
@@ -27,5 +30,7 @@ export class UpdateProjectCommand {
     public readonly completionDate?: Date | null,
     public readonly suitableFor?: string[],
     public readonly whyThisLocation?: string | null,
+    /** Admin-only: reassign the owning DEVELOPER user. Null to unassign. */
+    public readonly ownerId?: string | null,
   ) {}
 }

apps/api/src/modules/projects/application/commands/update-project/update-project.handler.ts

@@ -1,4 +1,4 @@
-import { Inject } from '@nestjs/common';
+import { ForbiddenException, Inject } from '@nestjs/common';
 import { type ICommandHandler, CommandHandler } from '@nestjs/cqrs';
 import { NotFoundException } from '@modules/shared';
 import {
@@ -20,6 +20,17 @@ export class UpdateProjectHandler implements ICommandHandler<UpdateProjectComman
       throw new NotFoundException('Dự án', cmd.id);
     }
 
+    // Authorisation: ADMIN may edit anything. DEVELOPER may edit only projects
+    // they own. Reassigning `ownerId` is admin-only.
+    if (cmd.requesterRole !== 'ADMIN') {
+      if (cmd.requesterRole !== 'DEVELOPER' || entity.ownerId !== cmd.requesterUserId) {
+        throw new ForbiddenException('Bạn không có quyền chỉnh sửa dự án này');
+      }
+      if (cmd.ownerId !== undefined) {
+        throw new ForbiddenException('Chỉ admin có thể chuyển quyền sở hữu dự án');
+      }
+    }
+
     entity.updateDetails({
       ...(cmd.name !== undefined && { name: cmd.name }),
       ...(cmd.developer !== undefined && { developer: cmd.developer }),
@@ -45,6 +56,7 @@ export class UpdateProjectHandler implements ICommandHandler<UpdateProjectComman
       ...(cmd.isVerified !== undefined && { isVerified: cmd.isVerified }),
       ...(cmd.startDate !== undefined && { startDate: cmd.startDate }),
       ...(cmd.completionDate !== undefined && { completionDate: cmd.completionDate }),
+      ...(cmd.ownerId !== undefined && { ownerId: cmd.ownerId }),
     });
 
     await this.repo.update(entity);