diff --git a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/WorkController.java b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/WorkController.java
index 5814790..92a7f1c 100644
--- a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/WorkController.java
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/WorkController.java
@@ -1,22 +1,15 @@
 package com.cfive.pinnacle.controller;
 
-import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.baomidou.mybatisplus.core.toolkit.IdWorker;
-import com.cfive.pinnacle.entity.User;
 import com.cfive.pinnacle.entity.UserWork;
 import com.cfive.pinnacle.entity.Work;
 import com.cfive.pinnacle.entity.common.ResponseCode;
 import com.cfive.pinnacle.entity.common.ResponseResult;
-import com.cfive.pinnacle.service.IUserWorkService;
 import com.cfive.pinnacle.service.IWorkService;
-import com.cfive.pinnacle.service.impl.UserWorkServiceImpl;
-import com.cfive.pinnacle.service.impl.WorkServiceImpl;
 import com.cfive.pinnacle.utils.WebUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
-import java.time.LocalDateTime;
 import java.util.List;
 
 /**
@@ -34,72 +27,87 @@ import java.util.List;
 public class WorkController {
     @Autowired
     private IWorkService workService;
+
     @GetMapping
+    @PreAuthorize("hasAuthority('work:manage:get')")
     public ResponseResult<List<Work>> getAll(String content) {
         if (content != null) {
             List<Work> workList = workService.getWorkByContent(content);
-            return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success",workList);
+            return ResponseResult.databaseSelectSuccess(workList);
         } else {
-            return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", workService.getAll());
+            return ResponseResult.databaseSelectSuccess(workService.getAll());
         }
     }
 
     @GetMapping("/todo")
+    @PreAuthorize("hasAuthority('work:self:get')")
     public ResponseResult<List<Work>> getTodo() {
         Long userId = WebUtil.getLoginUser().getUser().getId();
-        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", workService.getTodo(userId));
+        return ResponseResult.databaseSelectSuccess(workService.getTodo(userId));
     }
 
     @GetMapping("/card")
     public ResponseResult<List<Work>> getCard() {
-        Long userId = WebUtil.getLoginUser().getUser().getId();
-//        long userId = 1;
-        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", workService.getCard(userId));
+        if (WebUtil.hasAuthority("work:self:home")) {
+            Long userId = WebUtil.getLoginUser().getUser().getId();
+            return ResponseResult.databaseSelectSuccess(workService.getCard(userId));
+        }
+        return ResponseResult.databaseSelectSuccess(List.of());
     }
 
     @GetMapping("/complete")
+    @PreAuthorize("hasAuthority('work:self:get')")
     public ResponseResult<List<Work>> getComplete() {
         Long userId = WebUtil.getLoginUser().getUser().getId();
-        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", workService.getComplete(userId));
+        return ResponseResult.databaseSelectSuccess(workService.getComplete(userId));
     }
 
     @GetMapping("/{workId}")
+    @PreAuthorize("hasAuthority('work:self:detail') and hasAuthority('work:self:get')")
     public ResponseResult<Work> getOne(@PathVariable Long workId) {
-        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success",workService.getOne(workId));
+        return ResponseResult.databaseSelectSuccess(workService.getOne(workId));
     }
 
     @PostMapping
-    public ResponseResult<?> addWork(@RequestBody Work work) {
+    @PreAuthorize("hasAuthority('work:manage:add')")
+    public ResponseResult<Work> addWork(@RequestBody Work work) {
         work.setPublisherId(WebUtil.getLoginUser().getUser().getId());
-        if(workService.addWork(work)){
-            return ResponseResult.build(ResponseCode.DATABASE_SAVE_OK, "success", null);
-        }else
-            return ResponseResult.build(ResponseCode.DATABASE_SAVE_ERROR, "error", null);
+        if (workService.addWork(work)) {
+            return ResponseResult.databaseSaveSuccess(work);
+        } else {
+            return ResponseResult.build(ResponseCode.DATABASE_SAVE_ERROR, "Add failed", null);
+        }
     }
 
     @DeleteMapping("/{id}")
+    @PreAuthorize("hasAuthority('work:manage:delete')")
     public ResponseResult<?> deleteById(@PathVariable Long id) {
-        if(workService.deleteByWorkId(id)){
-            return ResponseResult.build(ResponseCode.DATABASE_DELETE_OK, "success", null);
-        }else
-            return ResponseResult.build(ResponseCode.DATABASE_DELETE_ERROR, "error", null);
+        if (workService.deleteByWorkId(id)) {
+            return ResponseResult.databaseDeleteSuccess();
+        } else {
+            return ResponseResult.build(ResponseCode.DATABASE_DELETE_ERROR, "Delete failed", null);
+        }
     }
 
-    @PutMapping("/set_status")
-    public ResponseResult<?> updateStatus(@RequestBody UserWork userWork) {
+    @PutMapping("/setStatus")
+    @PreAuthorize("hasAuthority('work:self:status') and hasAuthority('work:self:get')")
+    public ResponseResult<UserWork> updateStatus(@RequestBody UserWork userWork) {
         userWork.setUserId(WebUtil.getLoginUser().getUser().getId());
-        if(workService.updateStatus(userWork)){
-            return ResponseResult.build(ResponseCode.DATABASE_UPDATE_OK, "success", null);
-        }else
-            return ResponseResult.build(ResponseCode.DATABASE_UPDATE_ERROR, "error", null);
+        if (workService.updateStatus(userWork)) {
+            return ResponseResult.databaseUpdateSuccess(userWork);
+        } else {
+            return ResponseResult.build(ResponseCode.DATABASE_UPDATE_ERROR, "Update failed", null);
+        }
     }
 
     @PutMapping
-    public ResponseResult<?> updateWork(@RequestBody Work work) {
+    @PreAuthorize("hasAuthority('work:manage:modify')")
+    public ResponseResult<Work> updateWork(@RequestBody Work work) {
         work.setPublisherId(WebUtil.getLoginUser().getUser().getId());
-        if(workService.updateWork(work)){
-            return ResponseResult.build(ResponseCode.DATABASE_UPDATE_OK, "success", null);
-        }else
-            return ResponseResult.build(ResponseCode.DATABASE_UPDATE_ERROR, "error", null);
+        if (workService.updateWork(work)) {
+            return ResponseResult.databaseUpdateSuccess(work);
+        } else {
+            return ResponseResult.build(ResponseCode.DATABASE_UPDATE_ERROR, "Update failed", null);
+        }
     }
 }
diff --git a/ui/src/components/work/EditWork.vue b/ui/src/components/work/EditWork.vue
index d7e46d3..9ffa3c5 100644
--- a/ui/src/components/work/EditWork.vue
+++ b/ui/src/components/work/EditWork.vue
@@ -129,6 +129,7 @@ export default {
             this.$refs.ruleForm.resetFields()
         },
         cancel() {
+            this.reset()
             this.$emit('setDialogVisible', false)
         }
     },
diff --git a/ui/src/pages/profile/PersonalProfile.vue b/ui/src/pages/profile/PersonalProfile.vue
index 32be6e2..9ed5272 100644
--- a/ui/src/pages/profile/PersonalProfile.vue
+++ b/ui/src/pages/profile/PersonalProfile.vue
@@ -19,24 +19,44 @@
                     <el-form-item label="用户ID">
                         <el-input v-model="form.userId" />
                     </el-form-item>
+                    <el-link type="default" size="default" style="float: right">修改密码</el-link>
                 </el-col>
                 <el-col :span="12">
-                    <el-form-item label="性别">
-                        <el-select placeholder="Select" size="large">
-                            <el-option />
-                        </el-select>
-                    </el-form-item>
-                    <el-form-item label="生日">
-                        <el-date-picker />
-                    </el-form-item>
+                    <el-row>
+                        <el-col :span="12">
+                            <el-form-item label="性别">
+                                <el-select v-model="form.gender" size="default" style="width: 90%">
+                                    <el-option
+                                        v-for="gender in genders"
+                                        :key="gender.value"
+                                        :label="gender.label"
+                                        :value="gender.value"
+                                    />
+                                </el-select>
+                            </el-form-item>
+                        </el-col>
+                        <el-col :span="12">
+                            <el-form-item label="生日">
+                                <el-date-picker
+                                    v-model="form.birth"
+                                    size="default"
+                                    placeholder="请选择日期"
+                                />
+                            </el-form-item>
+                        </el-col>
+                    </el-row>
                     <el-form-item label="邮箱">
-                        <el-input />
+                        <el-input v-model="form.email" />
                     </el-form-item>
                     <el-form-item label="手机号码">
-                        <el-input />
+                        <el-input v-model="form.tel" />
                     </el-form-item>
                     <el-form-item label="联系地址">
-                        <el-input />
+                        <el-input v-model="form.address" />
+                    </el-form-item>
+                    <el-form-item style="float: right">
+                        <el-button type="info">重置</el-button>
+                        <el-button type="primary">保存</el-button>
                     </el-form-item>
                 </el-col>
             </el-row>
@@ -45,11 +65,14 @@
 </template>
 
 <script lang="ts">
+import request from '@/services'
+
 export default {
     data() {
         return {
             form: {
                 userId: '',
+                passwd: '',
                 firstName: '',
                 lastName: '',
                 gender: '',
@@ -57,8 +80,37 @@ export default {
                 email: '',
                 tel: '',
                 address: ''
-            }
+            },
+            genders: [
+                {
+                    label: '未知',
+                    value: '0'
+                },
+                {
+                    label: '男',
+                    value: '1'
+                },
+                {
+                    label: '女',
+                    value: '2'
+                }
+            ]
         }
+    },
+    methods: {
+        getFormData() {
+            request
+                .get('/user/info')
+                .then((response) => {
+                    this.form = response.data.data.staff
+                })
+                .catch((reportError) => {
+                    console.log(reportError)
+                })
+        }
+    },
+    created() {
+        this.getFormData()
     }
 }
 </script>