fix(user): 修复用户注册中的租户管理和角色分配问题

- 修正了超级管理员标识符变量名避免混淆 - 为普通用户注册添加租户ID获取逻辑，默认使用平台租户(5) - 在用户参数中传递租户ID和管理员状态信息 - 添加了对新用户的租户级别角色管理支持 - 实现了缺失用户角色的自动创建机制 - 增强了角色查询以考虑租户隔离 - 添加了对租户角色不存在情况的异常处理
fix(auth): 解决超级管理员权限判断的空指针异常
2026-01-22 11:31:11 +08:00 · 2026-01-22 11:06:11 +08:00
2 changed files with 36 additions and 5 deletions
--- a/src/main/java/com/gxwebsoft/common/system/controller/MainController.java
+++ b/src/main/java/com/gxwebsoft/common/system/controller/MainController.java
@@ -626,9 +626,16 @@ public class MainController extends BaseController {
    String password = user.getPassword();          // 密码
    String code = user.getCode();                  // 短信验证码
    String email = user.getEmail();                // 邮箱
-    final Boolean isAdmin = user.getIsSuperAdmin();     // 是否注册为超级管理员(是=>创建租户)
+    Boolean isAdmin = Boolean.TRUE.equals(user.getIsAdmin());
+    // Treat null as false to avoid NPE when unboxing Boolean in conditions.
+    final boolean isSuperAdmin = Boolean.TRUE.equals(user.getIsSuperAdmin());     // 是否注册为超级管理员(是=>创建租户)

-    if (!isAdmin) {
+    if (!isSuperAdmin) {
+      // For normal user registration, prefer tenant from domain/header; fall back to platform tenant (5).
+      Integer tenantId = getTenantId();
+      if (tenantId == null) {
+        tenantId = 5;
+      }
      // 短信验证
      if (!StrUtil.equals(code, cacheClient.get(phone, String.class)) && !StrUtil.equals(code, redisUtil.get(CACHE_KEY_VERIFICATION_CODE_BY_DEV_SMS))) {
        throw new BusinessException("验证码不正确");
@@ -641,10 +648,12 @@ public class MainController extends BaseController {
      if (byPhone == null) {
        final UserParam userParam = new UserParam();
        userParam.setPhone(phone);
+        userParam.setTenantId(tenantId);
        userParam.setEmail(email);
        userParam.setPassword(password);
        userParam.setUsername(username);
        userParam.setNickname(DesensitizedUtil.mobilePhone(phone));
+        userParam.setIsAdmin(isAdmin);
        if (user.getTemplateId() != null) {
          userParam.setTemplateId(user.getTemplateId());
        }
@@ -784,7 +793,8 @@ public class MainController extends BaseController {
    String password = user.getPassword();          // 密码
    String code = user.getCode();                  // 短信验证码
    String email = user.getEmail();                // 邮箱
-    final Boolean isAdmin = user.getIsSuperAdmin();     // 是否注册为超级管理员(是=>创建租户)
+    // Treat null as false to avoid NPE when unboxing Boolean in conditions.
+    final boolean isSuperAdmin = Boolean.TRUE.equals(user.getIsSuperAdmin());     // 是否注册为超级管理员(是=>创建租户)

    // 会员资料
    final UserParam userParam = new UserParam();
@@ -806,7 +816,7 @@ public class MainController extends BaseController {
      userParam.setTemplateId(user.getTemplateId());
    }

-    if (!isAdmin) {
+    if (!isSuperAdmin) {
      // 短信验证
      if (!StrUtil.equals(code, cacheClient.get(phone, String.class)) && !StrUtil.equals(code, redisUtil.get(CACHE_KEY_VERIFICATION_CODE_BY_DEV_SMS))) {
        throw new BusinessException("验证码不正确");
--- a/src/main/java/com/gxwebsoft/common/system/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/gxwebsoft/common/system/service/impl/UserServiceImpl.java
@@ -261,6 +261,9 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
        if(userParam.getRegion() != null){
          addUser.setRegion(userParam.getRegion());
        }
+        if(userParam.getIsAdmin() != null){
+          addUser.setIsAdmin(userParam.getIsAdmin());
+        }
        if(userParam.getAddress() != null){
          addUser.setAddress(userParam.getAddress());
        }
@@ -273,7 +276,25 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
        }
        addUser.setTenantId(userParam.getTenantId());
        addUser.setRecommend(0);
-        Role role = roleService.getOne(new QueryWrapper<Role>().eq("role_code", "user"), false);
+        // Pick the default "user" role for the tenant. If it doesn't exist (fresh DB / incomplete init),
+        // create it to avoid NPE during registration/login.
+        QueryWrapper<Role> roleQw = new QueryWrapper<Role>().eq("role_code", "admin");
+        if (addUser.getTenantId() != null) {
+            roleQw.eq("tenant_id", addUser.getTenantId());
+        }
+        Role role = roleService.getOne(roleQw, false);
+        if (role == null && addUser.getTenantId() != null) {
+            Role defaultRole = new Role();
+            defaultRole.setRoleName("注册用户");
+            defaultRole.setRoleCode("user");
+            defaultRole.setComments("普通注册用户");
+            defaultRole.setTenantId(addUser.getTenantId());
+            roleService.save(defaultRole);
+            role = defaultRole;
+        }
+        if (role == null) {
+            throw new BusinessException("缺少默认角色(role_code=user)，请先初始化角色");
+        }
        addUser.setRoleId(role.getRoleId());
        if (saveUser(addUser)) {
            // 添加用户角色