diff --git a/business/jxstore/cms/permission.go b/business/jxstore/cms/permission.go
index 76e94a31b..fdacd6e66 100644
--- a/business/jxstore/cms/permission.go
+++ b/business/jxstore/cms/permission.go
@@ -133,3 +133,15 @@ func UpdateRole(ctx *jxcontext.Context, roleID int, name string, isDelete bool)
 	dao.Commit(db)
 	return num, err
 }
+
+func GetUserRole(ctx *jxcontext.Context, userID string) (userRoles []*model.UserRole, err error) {
+	return dao.GetUserRole(dao.GetDB(), userID)
+}
+
+func UpdateUserRole(ctx *jxcontext.Context, userIDs []string, roleIDs []int) (err error) {
+	// var (
+	// 	db = dao.GetDB()
+	// )
+
+	return err
+}
diff --git a/business/model/dao/permission.go b/business/model/dao/permission.go
index c52c40dd7..8e9933ff4 100644
--- a/business/model/dao/permission.go
+++ b/business/model/dao/permission.go
@@ -42,3 +42,20 @@ func GetRole(db *DaoDB, name string) (roles []*model.Role, err error) {
 	err = GetRows(db, &roles, sql, sqlParams)
 	return roles, err
 }
+
+func GetUserRole(db *DaoDB, userID string) (userRoles []*model.UserRole, err error) {
+	sql := `
+		SELECT *
+		  FROM user_role
+		 WHERE deleted_at = ? 
+	`
+	sqlParams := []interface{}{
+		utils.DefaultTimeValue,
+	}
+	if userID != "" {
+		sql += " AND user_id = ?"
+		sqlParams = append(sqlParams, userID)
+	}
+	err = GetRows(db, &userRoles, sql, sqlParams)
+	return userRoles, err
+}
diff --git a/controllers/permission.go b/controllers/permission.go
index 4e3bf3f3a..fb12a97c3 100644
--- a/controllers/permission.go
+++ b/controllers/permission.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"git.rosy.net.cn/baseapi/utils"
 	"git.rosy.net.cn/jx-callback/business/jxstore/cms"
+	"git.rosy.net.cn/jx-callback/business/jxutils"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"github.com/astaxie/beego"
 )
@@ -102,3 +103,38 @@ func (c *PowerController) UpdateRole() {
 		return retVal, "", err
 	})
 }
+
+// @Title 查询用户角色
+// @Description查询用户角色
+// @Param	token			header		string	true	"认证token"
+// @Param	userID			formData	string	false	"用户ID"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /GetUserRole [put]
+func (c *PowerController) GetUserRole() {
+	c.callGetUserRole(func(params *tPowerGetUserRoleParams) (retVal interface{}, errCode string, err error) {
+		retVal, err = cms.GetUserRole(params.Ctx, params.UserID)
+		return retVal, "", err
+	})
+}
+
+// @Title 修改用户角色
+// @Description 修改用户角色
+// @Param	token			header		string	true	"认证token"
+// @Param	userIDs			formData	string	true	"用户IDs"
+// @Param	roleIDs			formData	string	true	"角色IDs"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /UpdateUserRole [put]
+func (c *PowerController) UpdateUserRole() {
+	c.callUpdateUserRole(func(params *tPowerUpdateUserRoleParams) (retVal interface{}, errCode string, err error) {
+		var (
+			userIDs []string
+			roleIDs []int
+		)
+		if err = jxutils.Strings2Objs(params.UserIDs, &userIDs, params.RoleIDs, roleIDs); err == nil {
+			err = cms.UpdateUserRole(params.Ctx, userIDs, roleIDs)
+		}
+		return retVal, "", err
+	})
+}