diff --git a/src/main/java/com/zsc/edu/bill/modules/system/controller/AuthorityController.java b/src/main/java/com/zsc/edu/bill/modules/system/controller/AuthorityController.java
new file mode 100644
index 0000000..e9b7418
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/controller/AuthorityController.java
@@ -0,0 +1,81 @@
+package com.zsc.edu.bill.modules.system.controller;
+
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.zsc.edu.bill.modules.system.dto.AuthorityDto;
+import com.zsc.edu.bill.modules.system.entity.Authority;
+import com.zsc.edu.bill.modules.system.query.AuthorityQuery;
+import com.zsc.edu.bill.modules.system.service.AuthorityService;
+import lombok.AllArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
+
+/**
+ * 权限Controller
+ *
+ * @author zhuang
+ */
+@AllArgsConstructor
+@RestController
+@RequestMapping("/api/rest/auth")
+public class AuthorityController {
+
+    private AuthorityService service;
+
+    /**
+     * 返回权限列表 hasAuthority('AUTHORITY_QUERY')
+     *
+     * @param query 查询表单
+     * @return 权限列表
+     */
+    @GetMapping
+    @PreAuthorize("hasAuthority('AUTHORITY_QUERY')")
+    public Page<Authority> query(AuthorityQuery query, Page<Authority> page) {
+        return service.page(page, query.wrapper());
+    }
+
+
+    /**
+     * 新建权限 hasAuthority('AUTHORITY_CREATE')
+     *
+     * @param dto 表单数据
+     * @return Authority 新建的权限
+     */
+    @PostMapping
+    @PreAuthorize("hasAuthority('AUTHORITY_CREATE')")
+    public Authority create(@RequestBody AuthorityDto dto) {
+        return service.create(dto);
+    }
+
+    /**
+     * 更新权限 hasAuthority('AUTHORITY_UPDATE')
+     *
+     * @param dto 表单数据
+     * @param id  权限ID
+     * @return Dept 更新后的权限信息
+     */
+    @PatchMapping("/{id}")
+    @PreAuthorize("hasAuthority('AUTHORITY_UPDATE')")
+    public Boolean update(@RequestBody AuthorityDto dto, @PathVariable("id") Long id) {
+        return service.update(dto, id);
+    }
+    /***
+     *  删除权限 hasAuthority('AUTHORITY_DELETE')
+     *  @param id 权限ID
+     *  @return Boolean 是否删除成功
+     */
+    @DeleteMapping("/{id}")
+     @PreAuthorize("hasAuthority('AUTHORITY_DELETE')")
+    public Boolean delete(@PathVariable("id") Long id) {
+        return service.removeById(id);
+    }
+    /**
+     * 更新权限启用状态
+     * */
+    @PatchMapping("/toggle/{id}")
+     @PreAuthorize("hasAuthority('AUTHORITY_TOGGLE')")
+    public Boolean toggle(@PathVariable("id") Long id) {
+        return service.toggle(id);
+    }
+
+
+}
diff --git a/src/main/java/com/zsc/edu/bill/modules/system/dto/AuthorityDto.java b/src/main/java/com/zsc/edu/bill/modules/system/dto/AuthorityDto.java
new file mode 100644
index 0000000..f9abdba
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/dto/AuthorityDto.java
@@ -0,0 +1,39 @@
+package com.zsc.edu.bill.modules.system.dto;
+
+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
+import com.zsc.edu.bill.modules.system.entity.Authority;
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import org.springframework.util.StringUtils;
+
+/**
+ * 权限Dto
+ * @author zhuang
+ */
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthorityDto {
+    /**
+     * 权限名
+     */
+    @NotBlank(message = "名字不能为空")
+    public String name;
+    /**
+     * 启用状态
+     */
+    private Boolean enabled = true;
+    /**
+     * 备注
+     */
+    private String remark;
+
+    public LambdaUpdateWrapper<Authority> updateWrapper(Long id) {
+        LambdaUpdateWrapper<Authority> updateWrapper = new LambdaUpdateWrapper<>();
+        return updateWrapper.eq(Authority::getId, id)
+                .set(Authority::getName, name)
+                .set(StringUtils.hasText(remark), Authority::getRemark, remark);
+    }
+}
diff --git a/src/main/java/com/zsc/edu/bill/modules/system/mapper/AuthorityMapper.java b/src/main/java/com/zsc/edu/bill/modules/system/mapper/AuthorityMapper.java
new file mode 100644
index 0000000..ab063bf
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/mapper/AuthorityMapper.java
@@ -0,0 +1,14 @@
+package com.zsc.edu.bill.modules.system.mapper;
+
+import com.zsc.edu.bill.common.mapstruct.BaseMapper;
+import com.zsc.edu.bill.modules.system.dto.AuthorityDto;
+import com.zsc.edu.bill.modules.system.entity.Authority;
+import org.mapstruct.Mapper;
+import org.mapstruct.ReportingPolicy;
+
+/**
+ * @author zhuang
+ */
+@Mapper(componentModel = "spring", unmappedTargetPolicy = ReportingPolicy.IGNORE)
+public interface AuthorityMapper extends BaseMapper<AuthorityDto,Authority> {
+}
diff --git a/src/main/java/com/zsc/edu/bill/modules/system/query/AuthorityQuery.java b/src/main/java/com/zsc/edu/bill/modules/system/query/AuthorityQuery.java
new file mode 100644
index 0000000..0732c17
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/query/AuthorityQuery.java
@@ -0,0 +1,32 @@
+package com.zsc.edu.bill.modules.system.query;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.zsc.edu.bill.modules.system.entity.Authority;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import org.springframework.util.StringUtils;
+
+/**
+ * @author zhuang
+ */
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthorityQuery {
+    /**
+     * 编码，前缀匹配
+     */
+    public String code;
+
+    /**
+     * 名称，模糊查询
+     */
+    public String name;
+
+    public LambdaQueryWrapper<Authority> wrapper() {
+        LambdaQueryWrapper<Authority> queryWrapper = new LambdaQueryWrapper<>();
+        queryWrapper.like(StringUtils.hasText(this.name), Authority::getName, this.name);
+        return queryWrapper;
+    }
+}
diff --git a/src/main/java/com/zsc/edu/bill/modules/system/repo/AuthorityRepository.java b/src/main/java/com/zsc/edu/bill/modules/system/repo/AuthorityRepository.java
new file mode 100644
index 0000000..60ee92e
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/repo/AuthorityRepository.java
@@ -0,0 +1,15 @@
+package com.zsc.edu.bill.modules.system.repo;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.zsc.edu.bill.modules.system.entity.Authority;
+import org.apache.ibatis.annotations.Param;
+
+import java.util.Set;
+
+/**
+ * @author zhuang
+ */
+public interface AuthorityRepository extends BaseMapper<Authority> {
+
+    Set<Authority> selectAuthoritiesByRoleId (@Param("roleId") Long roleId);
+}
diff --git a/src/main/java/com/zsc/edu/bill/modules/system/service/AuthorityService.java b/src/main/java/com/zsc/edu/bill/modules/system/service/AuthorityService.java
new file mode 100644
index 0000000..fc4e021
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/service/AuthorityService.java
@@ -0,0 +1,21 @@
+package com.zsc.edu.bill.modules.system.service;
+
+import com.baomidou.mybatisplus.extension.service.IService;
+import com.zsc.edu.bill.modules.system.dto.AuthorityDto;
+import com.zsc.edu.bill.modules.system.entity.Authority;
+
+import java.util.Set;
+
+/**
+ * @author zhuang
+ */
+public interface AuthorityService extends IService<Authority> {
+
+    Authority create(AuthorityDto authorityDto);
+
+    Boolean update(AuthorityDto authorityDto,Long id);
+
+    Boolean toggle(Long id);
+
+    Set<Authority> selectAuthoritiesByRoleId(Long roleId);
+}
diff --git a/src/main/java/com/zsc/edu/bill/modules/system/service/impl/AuthorityServiceImpl.java b/src/main/java/com/zsc/edu/bill/modules/system/service/impl/AuthorityServiceImpl.java
new file mode 100644
index 0000000..2316a4a
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/service/impl/AuthorityServiceImpl.java
@@ -0,0 +1,56 @@
+package com.zsc.edu.bill.modules.system.service.impl;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.zsc.edu.bill.exception.ConstraintException;
+import com.zsc.edu.bill.modules.system.dto.AuthorityDto;
+import com.zsc.edu.bill.modules.system.entity.Authority;
+import com.zsc.edu.bill.modules.system.mapper.AuthorityMapper;
+import com.zsc.edu.bill.modules.system.repo.AuthorityRepository;
+import com.zsc.edu.bill.modules.system.service.AuthorityService;
+import lombok.AllArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import java.util.Set;
+
+/**
+ * @author zhuang
+ */
+@AllArgsConstructor
+@Service
+public class AuthorityServiceImpl extends ServiceImpl<AuthorityRepository, Authority> implements AuthorityService {
+    private AuthorityMapper mapper;
+
+    @Override
+    public Authority create(AuthorityDto authorityDto) {
+        boolean existsByName = count(new LambdaQueryWrapper<Authority>().eq(Authority::getName, authorityDto.getName())) > 0;
+        if (existsByName) {
+            throw new ConstraintException("name", authorityDto.name, "权限已存在");
+        }
+        Authority authority = mapper.toEntity(authorityDto);
+        save(authority);
+        return authority;
+    }
+
+    @Override
+    public Boolean update(AuthorityDto authorityDto, Long id) {
+        boolean isExists = count(new LambdaQueryWrapper<Authority>().ne(Authority::getId, id).eq(Authority::getName, authorityDto.getName())) > 0;
+        if (isExists) {
+            throw new ConstraintException("name", authorityDto.name, "同名权限已存在");
+        }
+        return update(authorityDto.updateWrapper(id));
+    }
+
+
+    @Override
+    public Boolean toggle(Long id) {
+        Authority authority = getById(id);
+        authority.setEnabled(!authority.getEnabled());
+        return updateById(authority);
+    }
+
+    @Override
+    public Set<Authority> selectAuthoritiesByRoleId(Long roleId){
+        return baseMapper.selectAuthoritiesByRoleId(roleId);
+    }
+}
diff --git a/src/main/java/com/zsc/edu/bill/modules/system/vo/RoleVo.java b/src/main/java/com/zsc/edu/bill/modules/system/vo/RoleVo.java
new file mode 100644
index 0000000..9f40e19
--- /dev/null
+++ b/src/main/java/com/zsc/edu/bill/modules/system/vo/RoleVo.java
@@ -0,0 +1,60 @@
+package com.zsc.edu.bill.modules.system.vo;
+
+import com.zsc.edu.bill.modules.system.entity.Authority;
+import lombok.Data;
+
+import java.util.Date;
+import java.util.List;
+
+/**
+ * @author lenovo
+ */
+@Data
+public class RoleVo {
+    /**
+     * 自增主键
+     */
+    public Long id;
+    /**
+     * 角色名
+     */
+    private String name;
+    /**
+     *级别
+     */
+    private Integer level;
+    /**
+     * 描述
+     */
+    private String description;
+    /**
+     * 数据权限
+     */
+    private String dataScope;
+    /**
+     * 创建人
+     */
+    private String createBy;
+    /**
+     * 更新人
+     */
+    private String updateBy;
+    /**
+     * 创建时间
+     */
+    private Date createTime;
+    /**
+     * 更新时间
+     */
+    private Date updateTime;
+    /**
+     * 启用状态
+     */
+    private Boolean enabled;
+    /**
+     * 备注
+     */
+    private String remark;
+
+    private List<Authority> authorities;
+}
diff --git a/src/main/resources/mappers/AuthorityMapper.xml b/src/main/resources/mappers/AuthorityMapper.xml
new file mode 100644
index 0000000..01d3a2e
--- /dev/null
+++ b/src/main/resources/mappers/AuthorityMapper.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.zsc.edu.bill.modules.system.repo.AuthorityRepository">
+<!--    <resultMap  id="AuthorityMap" type="com.zsc.edu.bill.modules.system.entity.Authority">-->
+<!--        <id column="id" jdbcType="BIGINT" property="id"/>-->
+<!--        <result column="name" jdbcType="VARCHAR" property="name"/>-->
+<!--        <result column="create_by" jdbcType="VARCHAR" property="createBy"/>-->
+<!--        <result column="update_by" jdbcType="VARCHAR" property="updateBy"/>-->
+<!--        <result column="create_time" jdbcType="TIMESTAMP" property="createTime"/>-->
+<!--        <result column="update_time" jdbcType="TIMESTAMP" property="updateTime"/>-->
+<!--        <result column="enabled" jdbcType="BOOLEAN" property="enabled"/>-->
+<!--        <result column="remark" jdbcType="VARCHAR" property="remark"/>-->
+<!--    </resultMap>-->
+    
+    <select id="selectAuthoritiesByRoleId" resultType="authority">
+        select sa.* from sys_authority sa
+        left join sys_role_authorities ra on sa.id=ra.authority_id
+        where ra.role_id=#{roleId}
+    </select>
+</mapper>
\ No newline at end of file
diff --git a/src/test/java/com/zsc/edu/bill/service/AuthorityServiceTest.java b/src/test/java/com/zsc/edu/bill/service/AuthorityServiceTest.java
new file mode 100644
index 0000000..51ea7b5
--- /dev/null
+++ b/src/test/java/com/zsc/edu/bill/service/AuthorityServiceTest.java
@@ -0,0 +1,9 @@
+package com.zsc.edu.bill.service;
+
+import com.zsc.edu.bill.modules.system.controller.DeptController;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+
+@WebMvcTest(DeptController.class)
+public class AuthorityServiceTest {
+
+}