diff --git a/apis/menu.go b/apis/menu.go
index 462151c..7cf4807 100644
--- a/apis/menu.go
+++ b/apis/menu.go
@@ -141,6 +141,7 @@ func (e *Menu) GetAuthorize(ctx *gin.Context) {
 		return
 	}
 	canList := make([]*models.Menu, 0)
+	roleID := verify.GetRoleID()
 	// check select menu
 	for i := range list {
 		if list[i].Type == pkg.DirectoryAccessType {
@@ -148,7 +149,7 @@ func (e *Menu) GetAuthorize(ctx *gin.Context) {
 			continue
 		}
 		ok, err := gormdb.Enforcer.Enforce(
-			verify.GetRoleID(), pkg.MenuAccessType.String(), list[i].Path, list[i].Method)
+			roleID, pkg.MenuAccessType.String(), list[i].Path, list[i].Method)
 		if err != nil {
 			api.AddError(err).Log.Error("get menu tree error", "err", err)
 			api.Err(http.StatusInternalServerError)
diff --git a/models/user.go b/models/user.go
index 8025e4a..650ffec 100644
--- a/models/user.go
+++ b/models/user.go
@@ -272,6 +272,7 @@ func (e *UserLogin) Verify(ctx context.Context) (bool, security.Verifier, error)
 				slog.Error("create user error", slog.Any("error", err))
 				return false, nil, err
 			}
+			userOAuth2.User.Role = defaultRole
 		}
 		return true, userOAuth2.User, nil
 	case pkg.LarkLoginProvider:
@@ -302,6 +303,7 @@ func (e *UserLogin) Verify(ctx context.Context) (bool, security.Verifier, error)
 				slog.Error("create user error", slog.Any("error", err))
 				return false, nil, err
 			}
+			userOAuth2.User.Role = defaultRole
 		}
 		return true, userOAuth2.User, nil
 	case pkg.EmailLoginProvider:
@@ -430,7 +432,7 @@ func (e *UserLogin) GetUserLarkOAuth2(c *gin.Context) (*UserOAuth2, error) {
 		if preferredUsername == "" && result.Data.Name != nil {
 			preferredUsername = *result.Data.Name
 		}
-		
+
 		userOAuth2 = &UserOAuth2{
 			UnionID:           *result.Data.UnionId,
 			OpenID:            *result.Data.OpenId,