diff --git a/internal/db/user.go b/internal/db/user.go
index 9e8ee3fc..8f1c28b9 100644
--- a/internal/db/user.go
+++ b/internal/db/user.go
@@ -9,6 +9,7 @@ import (
 	"github.com/pkg/errors"
 	"gorm.io/gorm"
 	"path"
+	"slices"
 	"strings"
 )
 
@@ -25,6 +26,20 @@ func GetUserByRole(role int) (*model.User, error) {
 	return nil, gorm.ErrRecordNotFound
 }
 
+func GetUsersByRole(roleID int) ([]model.User, error) {
+	var users []model.User
+	if err := db.Find(&users).Error; err != nil {
+		return nil, err
+	}
+	var result []model.User
+	for _, u := range users {
+		if slices.Contains(u.Role, roleID) {
+			result = append(result, u)
+		}
+	}
+	return result, nil
+}
+
 func GetUserByName(username string) (*model.User, error) {
 	user := model.User{Username: username}
 	if err := db.Where(user).First(&user).Error; err != nil {
@@ -109,25 +124,29 @@ func RemoveAuthn(u *model.User, id string) error {
 	return UpdateAuthn(u.ID, string(res))
 }
 
-func UpdateUserBasePathPrefix(oldPath, newPath string) ([]string, error) {
+func UpdateUserBasePathPrefix(oldPath, newPath string, usersOpt ...[]model.User) ([]string, error) {
 	var users []model.User
 	var modifiedUsernames []string
 
-	if err := db.Find(&users).Error; err != nil {
-		return nil, errors.WithMessage(err, "failed to load users")
-	}
-
 	oldPathClean := path.Clean(oldPath)
 
+	if len(usersOpt) > 0 {
+		users = usersOpt[0]
+	} else {
+		if err := db.Find(&users).Error; err != nil {
+			return nil, errors.WithMessage(err, "failed to load users")
+		}
+	}
+
 	for _, user := range users {
 		basePath := path.Clean(user.BasePath)
 		updated := false
 
 		if basePath == oldPathClean {
-			user.BasePath = newPath
+			user.BasePath = path.Clean(newPath)
 			updated = true
 		} else if strings.HasPrefix(basePath, oldPathClean+"/") {
-			user.BasePath = newPath + basePath[len(oldPathClean):]
+			user.BasePath = path.Clean(newPath + basePath[len(oldPathClean):])
 			updated = true
 		}
 
diff --git a/internal/op/role.go b/internal/op/role.go
index b312f8c7..c719c6f4 100644
--- a/internal/op/role.go
+++ b/internal/op/role.go
@@ -100,7 +100,6 @@ func UpdateRole(r *model.Role) error {
 	switch old.Name {
 	case "admin":
 		return errs.ErrChangeDefaultRole
-
 	case "guest":
 		r.Name = "guest"
 	}
@@ -112,7 +111,13 @@ func UpdateRole(r *model.Role) error {
 
 		oldPath := old.PermissionScopes[0].Path
 		newPath := r.PermissionScopes[0].Path
-		modifiedUsernames, err := db.UpdateUserBasePathPrefix(oldPath, newPath)
+
+		users, err := db.GetUsersByRole(int(r.ID))
+		if err != nil {
+			return errors.WithMessage(err, "failed to get users by role")
+		}
+
+		modifiedUsernames, err := db.UpdateUserBasePathPrefix(oldPath, newPath, users)
 		if err != nil {
 			return errors.WithMessage(err, "failed to update user base path when role updated")
 		}
diff --git a/server/middlewares/auth.go b/server/middlewares/auth.go
index 47e7c056..c0743c9c 100644
--- a/server/middlewares/auth.go
+++ b/server/middlewares/auth.go
@@ -41,6 +41,15 @@ func Auth(c *gin.Context) {
 			c.Abort()
 			return
 		}
+		if len(guest.Role) > 0 {
+			roles, err := op.GetRolesByUserID(guest.ID)
+			if err != nil {
+				common.ErrorStrResp(c, fmt.Sprintf("Fail to load guest roles: %v", err), 500)
+				c.Abort()
+				return
+			}
+			guest.RolesDetail = roles
+		}
 		c.Set("user", guest)
 		log.Debugf("use empty token: %+v", guest)
 		c.Next()