test: 修复项目板 API 集成测试中的两个测试失败

修复内容：
1. TestAPIProjectPermissions: 修正测试逻辑，将权限测试用户从 user2（repo 所有者）改为 user1（真正的非协作者）
2. TestAPIAddIssueToProjectColumn: 修正验证逻辑，在加载 ProjectIssue 时同时指定 ProjectID 和 IssueID，避免加载 fixture 中的错误记录

根本原因：
- TestAPIProjectPermissions: 测试使用 repo1 的 owner（user2）进行权限测试，导致预期的 403 错误变成了 200
- TestAPIAddIssueToProjectColumn: 测试验证时只通过 IssueID 查询，导致加载了 fixture 中的旧记录而不是新插入的记录

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: SupenBysz

tests/integration/api_repo_project_test.go

@@ -507,7 +507,10 @@ func TestAPIAddIssueToProjectColumn(t *testing.T) {
 	MakeRequest(t, req, http.StatusCreated)
 
 	// Verify issue is in the column
-	projectIssue := unittest.AssertExistsAndLoadBean(t, &project_model.ProjectIssue{IssueID: issue.ID})
+	projectIssue := unittest.AssertExistsAndLoadBean(t, &project_model.ProjectIssue{
+		ProjectID: project.ID,
+		IssueID:   issue.ID,
+	})
 	assert.Equal(t, column1.ID, projectIssue.ProjectColumnID)
 
 	// Test moving issue to another column
@@ -517,7 +520,10 @@ func TestAPIAddIssueToProjectColumn(t *testing.T) {
 	MakeRequest(t, req, http.StatusCreated)
 
 	// Verify issue moved to new column
-	projectIssue = unittest.AssertExistsAndLoadBean(t, &project_model.ProjectIssue{IssueID: issue.ID})
+	projectIssue = unittest.AssertExistsAndLoadBean(t, &project_model.ProjectIssue{
+		ProjectID: project.ID,
+		IssueID:   issue.ID,
+	})
 	assert.Equal(t, column2.ID, projectIssue.ProjectColumnID)
 
 	// Test adding same issue to same column (should be idempotent)
@@ -544,7 +550,7 @@ func TestAPIProjectPermissions(t *testing.T) {
 
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
+	nonCollaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
 
 	// Create a test project
 	project := &project_model.Project{
@@ -561,7 +567,7 @@ func TestAPIProjectPermissions(t *testing.T) {
 	}()
 
 	ownerToken := getUserToken(t, owner.Name, auth_model.AccessTokenScopeWriteIssue)
-	user2Token := getUserToken(t, user2.Name, auth_model.AccessTokenScopeWriteIssue)
+	nonCollaboratorToken := getUserToken(t, nonCollaborator.Name, auth_model.AccessTokenScopeWriteIssue)
 
 	// Owner should be able to read
 	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/projects/%d", owner.Name, repo.Name, project.ID).
@@ -575,15 +581,15 @@ func TestAPIProjectPermissions(t *testing.T) {
 	}).AddTokenAuth(ownerToken)
 	MakeRequest(t, req, http.StatusOK)
 
-	// User2 (non-collaborator) should not be able to update
-	anotherTitle := "Updated by User2"
+	// Non-collaborator should not be able to update
+	anotherTitle := "Updated by Non-collaborator"
 	req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/repos/%s/%s/projects/%d", owner.Name, repo.Name, project.ID), &api.EditProjectOption{
 		Title: &anotherTitle,
-	}).AddTokenAuth(user2Token)
+	}).AddTokenAuth(nonCollaboratorToken)
 	MakeRequest(t, req, http.StatusForbidden)
 
-	// User2 should not be able to delete
+	// Non-collaborator should not be able to delete
 	req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/projects/%d", owner.Name, repo.Name, project.ID).
-		AddTokenAuth(user2Token)
+		AddTokenAuth(nonCollaboratorToken)
 	MakeRequest(t, req, http.StatusForbidden)
 }