refactor: 梳理用户和角色体系，内置角色：超级管理员、租户管理员（系统管理员），且内置用户和角色不允许变更及分配

continew-common/src/main/java/top/continew/admin/common/config/crud/CrudApiPermissionPrefixCache.java

@@ -61,6 +61,15 @@ public class CrudApiPermissionPrefixCache {
         PERMISSION_PREFIX_CACHE.clear();
     }
 
+    /**
+     * 获取所有缓存
+     *
+     * @return 所有缓存
+     */
+    public static Map<Class<?>, String> getAll() {
+        return PERMISSION_PREFIX_CACHE;
+    }
+
     /**
      * 解析权限前缀（解析路径获取模块名和资源名）
      *

continew-common/src/main/java/top/continew/admin/common/config/mybatis/DefaultDataPermissionUserDataProvider.java

@@ -34,7 +34,7 @@ public class DefaultDataPermissionUserDataProvider implements DataPermissionUser
 
     @Override
     public boolean isFilter() {
-        return !UserContextHolder.isAdmin();
+        return !UserContextHolder.isSuperAdminUser() && !UserContextHolder.isTenantAdminUser();
     }
 
     @Override

continew-common/src/main/java/top/continew/admin/common/constant/GlobalConstants.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.common.constant;
+
+/**
+ * 全局常量
+ *
+ * @author Charles7c
+ * @since 2023/2/9 22:11
+ */
+public class GlobalConstants {
+
+    /**
+     * 根父级 ID
+     */
+    public static final Long ROOT_PARENT_ID = 0L;
+
+    /**
+     * 布尔值常量
+     */
+    public static class Boolean {
+
+        /**
+         * 否
+         */
+        public static final Integer NO = 0;
+
+        /**
+         * 是
+         */
+        public static final Integer YES = 1;
+    }
+
+    private GlobalConstants() {
+    }
+}

continew-common/src/main/java/top/continew/admin/common/constant/SysConstants.java

@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package top.continew.admin.common.constant;
-
-/**
- * 系统相关常量
- *
- * @author Charles7c
- * @since 2023/2/9 22:11
- */
-public class SysConstants {
-
-    /**
-     * 否
-     */
-    public static final Integer NO = 0;
-
-    /**
-     * 是
-     */
-    public static final Integer YES = 1;
-
-    /**
-     * 超管用户 ID
-     */
-    public static final Long SUPER_USER_ID = 1L;
-
-    /**
-     * 顶级部门 ID
-     */
-    public static final Long SUPER_DEPT_ID = 1L;
-
-    /**
-     * 顶级父 ID
-     */
-    public static final Long SUPER_PARENT_ID = 0L;
-
-    /**
-     * 超管角色编码
-     */
-    public static final String SUPER_ROLE_CODE = "admin";
-
-    /**
-     * 普通用户角色编码
-     */
-    public static final String GENERAL_ROLE_CODE = "general";
-
-    /**
-     * 超管角色 ID
-     */
-    public static final Long SUPER_ROLE_ID = 1L;
-
-    /**
-     * 普通用户角色 ID
-     */
-    public static final Long GENERAL_ROLE_ID = 2L;
-
-    /**
-     * 全部权限标识
-     */
-    public static final String ALL_PERMISSION = "*:*:*";
-
-    /**
-     * 登录 URI
-     */
-    public static final String LOGIN_URI = "/auth/login";
-
-    /**
-     * 登出 URI
-     */
-    public static final String LOGOUT_URI = "/auth/logout";
-
-    /**
-     * 租户管理员角色编码
-     */
-    public static final String TENANT_ADMIN_ROLE_CODE = "tenant_admin";
-
-    private SysConstants() {
-    }
-}

continew-common/src/main/java/top/continew/admin/common/context/UserContext.java

@@ -17,9 +17,12 @@
 package top.continew.admin.common.context;
 
 import cn.hutool.core.collection.CollUtil;
+import cn.hutool.extra.spring.SpringUtil;
 import lombok.Data;
 import lombok.NoArgsConstructor;
-import top.continew.admin.common.constant.SysConstants;
+import top.continew.admin.common.config.TenantExtensionProperties;
+import top.continew.admin.common.constant.GlobalConstants;
+import top.continew.admin.common.enums.RoleCodeEnum;
 import top.continew.starter.core.util.CollUtils;
 
 import java.io.Serial;
@@ -101,23 +104,16 @@ public class UserContext implements Serializable {
         this.passwordExpirationDays = passwordExpirationDays;
     }
 
+    /**
+     * 设置角色
+     *
+     * @param roles 角色
+     */
     public void setRoles(Set<RoleContext> roles) {
         this.roles = roles;
         this.roleCodes = CollUtils.mapToSet(roles, RoleContext::getCode);
     }
 
-    /**
-     * 是否为管理员
-     *
-     * @return true：是；false：否
-     */
-    public boolean isAdmin() {
-        if (CollUtil.isEmpty(roleCodes)) {
-            return false;
-        }
-        return roleCodes.contains(SysConstants.SUPER_ROLE_CODE);
-    }
-
     /**
      * 密码是否已过期
      *
@@ -125,7 +121,7 @@ public class UserContext implements Serializable {
      */
     public boolean isPasswordExpired() {
         // 永久有效
-        if (this.passwordExpirationDays == null || this.passwordExpirationDays <= SysConstants.NO) {
+        if (this.passwordExpirationDays == null || this.passwordExpirationDays <= GlobalConstants.Boolean.NO) {
             return false;
         }
         // 初始密码（第三方登录用户）暂不提示修改
@@ -134,4 +130,29 @@ public class UserContext implements Serializable {
         }
         return this.pwdResetTime.plusDays(this.passwordExpirationDays).isBefore(LocalDateTime.now());
     }
+
+    /**
+     * 是否为超级管理员用户
+     *
+     * @return true：是；false：否
+     */
+    public boolean isSuperAdminUser() {
+        if (CollUtil.isEmpty(roleCodes)) {
+            return false;
+        }
+        return roleCodes.contains(RoleCodeEnum.SUPER_ADMIN.getCode());
+    }
+
+    /**
+     * 是否为租户管理员用户
+     *
+     * @return true：是；false：否
+     */
+    public boolean isTenantAdminUser() {
+        if (CollUtil.isEmpty(roleCodes)) {
+            return false;
+        }
+        TenantExtensionProperties tenantExtensionProperties = SpringUtil.getBean(TenantExtensionProperties.class);
+        return !tenantExtensionProperties.isDefaultTenant() && roleCodes.contains(RoleCodeEnum.TENANT_ADMIN.getCode());
+    }
 }

continew-common/src/main/java/top/continew/admin/common/context/UserContextHolder.java

@@ -181,12 +181,22 @@ public class UserContextHolder {
     }
 
     /**
-     * 是否为管理员
+     * 是否为超级管理员用户
      *
-     * @return 是否为管理员
+     * @return true：是；false：否
      */
-    public static boolean isAdmin() {
+    public static boolean isSuperAdminUser() {
         StpUtil.checkLogin();
-        return getContext().isAdmin();
+        return getContext().isSuperAdminUser();
+    }
+
+    /**
+     * 是否为租户管理员用户
+     *
+     * @return true：是；false：否
+     */
+    public static boolean isTenantAdminUser() {
+        StpUtil.checkLogin();
+        return getContext().isTenantAdminUser();
     }
 }

continew-common/src/main/java/top/continew/admin/common/enums/RoleCodeEnum.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.common.enums;
+
+import cn.hutool.extra.spring.SpringUtil;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import top.continew.admin.common.config.TenantExtensionProperties;
+import top.continew.starter.extension.tenant.context.TenantContextHolder;
+
+import java.util.List;
+
+/**
+ * 角色编码枚举
+ *
+ * @author Charles7c
+ * @since 2025/7/26 19:18
+ */
+@Getter
+@RequiredArgsConstructor
+public enum RoleCodeEnum {
+
+    /**
+     * 超级管理员（内置且仅有一位超级管理员）
+     */
+    SUPER_ADMIN("super_admin", "超级管理员"),
+
+    /**
+     * 租户管理员
+     */
+    TENANT_ADMIN("admin", "系统管理员"),
+
+    /**
+     * 系统管理员
+     */
+    SYSTEM_ADMIN("sys_admin", "系统管理员"),
+
+    /**
+     * 普通用户
+     */
+    GENERAL_USER("general", "普通用户");
+
+    private final String code;
+    private final String description;
+
+    /**
+     * 获取超级管理员角色编码列表
+     *
+     * @return 超级管理员角色编码列表
+     */
+    public static List<String> getSuperRoleCodes() {
+        if (TenantContextHolder.isTenantDisabled() || SpringUtil.getBean(TenantExtensionProperties.class)
+            .isDefaultTenant()) {
+            return List.of(SUPER_ADMIN.getCode());
+        }
+        return List.of(SUPER_ADMIN.getCode(), TENANT_ADMIN.getCode());
+    }
+
+    /**
+     * 判断是否为超级管理员角色编码
+     *
+     * @param code 角色编码
+     * @return 是否为超级管理员角色编码
+     */
+    public static boolean isSuperRoleCode(String code) {
+        return getSuperRoleCodes().contains(code);
+    }
+}