diff --git a/src/main/java/com/greenorange/promotion/aop/AuthInterceptor.java b/src/main/java/com/greenorange/promotion/aop/AuthInterceptor.java
index 0324391..f0023ad 100644
--- a/src/main/java/com/greenorange/promotion/aop/AuthInterceptor.java
+++ b/src/main/java/com/greenorange/promotion/aop/AuthInterceptor.java
@@ -1,75 +1,77 @@
-//package com.greenorange.promotion.aop;
-//
-//
-//import com.greenorange.promotion.annotation.AuthCheck;
-//import com.greenorange.promotion.common.ErrorCode;
-//import com.greenorange.promotion.constant.UserConstant;
-//import com.greenorange.promotion.exception.BusinessException;
-//import com.greenorange.promotion.model.enums.UserRoleEnum;
-//import jakarta.annotation.Resource;
-//import jakarta.servlet.http.HttpServletRequest;
-//import org.apache.commons.lang3.StringUtils;
-//import org.aspectj.lang.ProceedingJoinPoint;
-//import org.aspectj.lang.annotation.Around;
-//import org.aspectj.lang.annotation.Aspect;
-//import org.springframework.stereotype.Component;
-//import org.springframework.web.context.request.RequestAttributes;
-//import org.springframework.web.context.request.RequestContextHolder;
-//import org.springframework.web.context.request.ServletRequestAttributes;
-//
-///**
-// * 权限校验AOP
-// */
-//@Aspect
-//@Component
-//public class AuthInterceptor {
-//
-//    @Resource
-//    private UserService userService;
-//
-//    /**
-//     * 执行拦截
-//     */
-//    @Around("@annotation(authCheck)")
-//    public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
-//        // 接口的权限
-//        String mustRole = authCheck.mustRole();
-//        RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
-//        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
-//        //当前登录用户
-//        User loginUser = userService.getLoginUser(request);
-//        //必须有该权限才通过
-//        if (StringUtils.isNotBlank(mustRole)) {
-//            //mustUserRoleEnum是接口权限
-//            UserRoleEnum mustUserRoleEnum = UserRoleEnum.getEnumByValues(mustRole);
-//            if(mustUserRoleEnum == null) {
-//                throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
-//            }
-//            //用户权限
-//            String userRole = loginUser.getUserRole();
-//            //根据用户角色获取封装后的枚举类对象
-//            UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValues(userRole);
-//
-//            //如果被封号，直接拒绝
-//            if (UserRoleEnum.BAN.equals(userRoleEnum)) {
-//                throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
-//            }
-//
-//            //如果接口需要Boss权限，则需要判断用户是否是boss管理员
-//            if (UserRoleEnum.BOSS.equals(mustUserRoleEnum)) {
-//                if (!mustRole.equals(userRole)) {
-//                    throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
-//                }
-//            }
-//            //如果接口需要管理员权限，则需要判断用户是否是boss或者admin管理员
-//            if (UserRoleEnum.ADMIN.equals(mustUserRoleEnum)) {
-//                if (!mustRole.equals(userRole) && !userRole.equals(UserConstant.BOSS_ROLE)) {
-//                    throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
-//                }
-//            }
-//        }
-//        //通过权限校验，放行
-//        return joinPoint.proceed();
-//    }
-//
-//}
+package com.greenorange.promotion.aop;
+
+
+import com.greenorange.promotion.annotation.AuthCheck;
+import com.greenorange.promotion.common.ErrorCode;
+import com.greenorange.promotion.constant.UserConstant;
+import com.greenorange.promotion.exception.BusinessException;
+import com.greenorange.promotion.model.entity.User;
+import com.greenorange.promotion.model.enums.UserRoleEnum;
+import com.greenorange.promotion.service.user.UserService;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
+import org.apache.commons.lang3.StringUtils;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+/**
+ * 权限校验AOP
+ */
+@Aspect
+@Component
+public class AuthInterceptor {
+
+    @Resource
+    private UserService userService;
+
+    /**
+     * 执行拦截
+     */
+    @Around("@annotation(authCheck)")
+    public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
+        // 接口的权限
+        String mustRole = authCheck.mustRole();
+        RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
+        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
+        //当前登录用户
+        User loginUser = userService.getLoginUser(request);
+        //必须有该权限才通过
+        if (StringUtils.isNotBlank(mustRole)) {
+            //mustUserRoleEnum是接口权限
+            UserRoleEnum mustUserRoleEnum = UserRoleEnum.getEnumByValues(mustRole);
+            if(mustUserRoleEnum == null) {
+                throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
+            }
+            //用户权限
+            String userRole = loginUser.getUserRole();
+            //根据用户角色获取封装后的枚举类对象
+            UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValues(userRole);
+
+            //如果被封号，直接拒绝
+            if (UserRoleEnum.BAN.equals(userRoleEnum)) {
+                throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
+            }
+
+            //如果接口需要Boss权限，则需要判断用户是否是boss管理员
+            if (UserRoleEnum.BOSS.equals(mustUserRoleEnum)) {
+                if (!mustRole.equals(userRole)) {
+                    throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
+                }
+            }
+            //如果接口需要管理员权限，则需要判断用户是否是boss或者admin管理员
+            if (UserRoleEnum.ADMIN.equals(mustUserRoleEnum)) {
+                if (!mustRole.equals(userRole) && !userRole.equals(UserConstant.BOSS_ROLE)) {
+                    throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
+                }
+            }
+        }
+        //通过权限校验，放行
+        return joinPoint.proceed();
+    }
+
+}
diff --git a/src/main/java/com/greenorange/promotion/constant/UserConstant.java b/src/main/java/com/greenorange/promotion/constant/UserConstant.java
index 881ebb0..0cfc258 100644
--- a/src/main/java/com/greenorange/promotion/constant/UserConstant.java
+++ b/src/main/java/com/greenorange/promotion/constant/UserConstant.java
@@ -17,6 +17,12 @@ public interface UserConstant {
     String USER_DEFAULT_AVATAR = "";
 
 
+    /**
+     * 用户登录键
+     */
+    String USER_LOGIN_STATE = "qingcheng";
+
+
     /**
      * 默认角色
      */
diff --git a/src/main/java/com/greenorange/promotion/service/user/UserService.java b/src/main/java/com/greenorange/promotion/service/user/UserService.java
index 6d275fe..737caf6 100644
--- a/src/main/java/com/greenorange/promotion/service/user/UserService.java
+++ b/src/main/java/com/greenorange/promotion/service/user/UserService.java
@@ -10,6 +10,7 @@ import com.greenorange.promotion.model.dto.user.UserUpdateRequest;
 import com.greenorange.promotion.model.entity.User;
 import com.baomidou.mybatisplus.extension.service.IService;
 import com.greenorange.promotion.model.vo.user.UserVO;
+import jakarta.servlet.http.HttpServletRequest;
 
 import java.util.List;
 
@@ -63,6 +64,8 @@ public interface UserService extends IService<User> {
     boolean delBatchUser(CommonBatchRequest commonBatchRequest);
 
 
-
-
+    /**
+     * 校验用户是否登录
+     */
+    User getLoginUser(HttpServletRequest request);
 }
diff --git a/src/main/java/com/greenorange/promotion/service/user/impl/UserServiceImpl.java b/src/main/java/com/greenorange/promotion/service/user/impl/UserServiceImpl.java
index 8998e1d..410e609 100644
--- a/src/main/java/com/greenorange/promotion/service/user/impl/UserServiceImpl.java
+++ b/src/main/java/com/greenorange/promotion/service/user/impl/UserServiceImpl.java
@@ -15,17 +15,22 @@ import com.greenorange.promotion.model.dto.user.UserAddRequest;
 import com.greenorange.promotion.model.dto.user.UserQueryRequest;
 import com.greenorange.promotion.model.dto.user.UserUpdateRequest;
 import com.greenorange.promotion.model.entity.User;
+import com.greenorange.promotion.model.enums.UserRoleEnum;
 import com.greenorange.promotion.model.vo.user.UserVO;
 import com.greenorange.promotion.service.common.CommonService;
 import com.greenorange.promotion.service.user.UserService;
 import com.greenorange.promotion.mapper.UserMapper;
 import com.greenorange.promotion.utils.SqlUtils;
 import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
 
+import static com.greenorange.promotion.constant.UserConstant.USER_LOGIN_STATE;
+
 /**
 * @author 35880
 * @description 针对表【user(用户表)】的数据库操作Service实现
@@ -149,6 +154,32 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
         ThrowUtils.throwIf(!result, ErrorCode.OPERATION_ERROR, "用户批量删除失败");
         return true;
     }
+
+
+    /**
+     * 获取当前登录用户
+     */
+    @Override
+    public User getLoginUser(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        Object userObj = session.getAttribute(USER_LOGIN_STATE);
+        User currentUser = (User) userObj;
+        if (currentUser == null || currentUser.getId() == null) {
+            throw new BusinessException(ErrorCode.NOT_LOGIN_ERROR);
+        }
+        //根据id进行查询
+        Long userId = currentUser.getId();
+        currentUser = this.getById(userId);
+        if (currentUser == null) {
+            throw new BusinessException(ErrorCode.NOT_LOGIN_ERROR);
+        }
+        //被封号
+        if (UserRoleEnum.BAN.getValue().equals(currentUser.getUserRole())) {
+            throw new BusinessException(ErrorCode.FORBIDDEN_ERROR);
+        }
+        return currentUser;
+    }
+
 }