diff --git a/projects/Infrastructure/Extensions/JsonResultExtensions.cs b/projects/Infrastructure/Extensions/JsonResultExtensions.cs
index 484fe221..5c082abc 100644
--- a/projects/Infrastructure/Extensions/JsonResultExtensions.cs
+++ b/projects/Infrastructure/Extensions/JsonResultExtensions.cs
@@ -12,6 +12,16 @@ namespace Infrastructure.Extensions
             return result.Value as SelectList;
         }
 
+        public static MultiSelectList MultiSelectList(this JsonResult result)
+        {
+            return result.Value as MultiSelectList;
+        }
+
+        public static T To<T>(this JsonResult result)where T : class
+        {
+            return result.Value as T;
+        }
+
         public static List<AjaxSelectListItem> AjaxSelectList(this JsonResult result)
         {
             return result.Value as List<AjaxSelectListItem>;
diff --git a/projects/Infrastructure/Views/Shared/EditorTemplates/MultiSelectList.cshtml b/projects/Infrastructure/Views/Shared/EditorTemplates/MultiSelectList.cshtml
index 126d0d10..80ba061b 100644
--- a/projects/Infrastructure/Views/Shared/EditorTemplates/MultiSelectList.cshtml
+++ b/projects/Infrastructure/Views/Shared/EditorTemplates/MultiSelectList.cshtml
@@ -8,7 +8,6 @@
         if (item.Selected)
         {
             <option value="@item.Value" data-section="@item.Group?.Name" data-index="@index" selected="selected">@item.Text</option>
-
         }
         else
         {
diff --git a/projects/Infrastructure/Web/MultiSelectListAttribute.cs b/projects/Infrastructure/Web/MultiSelectListAttribute.cs
new file mode 100644
index 00000000..bf53aca3
--- /dev/null
+++ b/projects/Infrastructure/Web/MultiSelectListAttribute.cs
@@ -0,0 +1,9 @@
+namespace System.ComponentModel.DataAnnotations
+{
+    public class MultiSelectListAttribute : UIHintAttribute
+    {
+        public MultiSelectListAttribute() : base("MultiSelectList")
+        {
+        }
+    }
+}
\ No newline at end of file
diff --git a/projects/Platform/Application/Models/EditOrganUserModel.cs b/projects/Platform/Application/Models/EditOrganUserModel.cs
index fe0ae83b..dcee37fd 100644
--- a/projects/Platform/Application/Models/EditOrganUserModel.cs
+++ b/projects/Platform/Application/Models/EditOrganUserModel.cs
@@ -1,6 +1,7 @@
 using Infrastructure.Application;
 using IoT.Shared.Application.Domain.Entities;
 using System;
+using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using UoN.ExpressiveAnnotations.NetCore.Attributes;
 
@@ -32,5 +33,9 @@ namespace Platform.Application.Models
 
         [Display(Name = "默认机构")]
         public bool? IsDefault { get; set; }
+
+        [Display(Name = "角色")]
+        [MultiSelectList]
+        public List<Guid> Roles { get; set; } = new List<Guid>();
     }
 }
diff --git a/projects/Platform/Application/Models/EditRoleModel.cs b/projects/Platform/Application/Models/EditRoleModel.cs
index ede0402c..26aa09a2 100644
--- a/projects/Platform/Application/Models/EditRoleModel.cs
+++ b/projects/Platform/Application/Models/EditRoleModel.cs
@@ -1,5 +1,6 @@
 using Infrastructure.Application;
 using System;
+using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 
 namespace IoT.Shared.Application.Models
@@ -12,7 +13,11 @@ namespace IoT.Shared.Application.Models
         public string Name { get; set; }
 
         [Display(Name = "机构")]
-        [AjaxSelect("GetOrgan", "Ajax", "IoTCenter")]
+        [SelectList]
         public Guid? OrganId { get; set; }
+
+        [Display(Name = "权限")]
+        [MultiSelectList]
+        public List<Guid> Permissions { get; set; } = new List<Guid>();
     }
-}
+}
\ No newline at end of file
diff --git a/projects/Platform/Areas/IoTCenter/Controllers/AjaxController.cs b/projects/Platform/Areas/IoTCenter/Controllers/AjaxController.cs
index 04ae2370..bd237e95 100644
--- a/projects/Platform/Areas/IoTCenter/Controllers/AjaxController.cs
+++ b/projects/Platform/Areas/IoTCenter/Controllers/AjaxController.cs
@@ -99,23 +99,29 @@ namespace Platform.Areas.IoTCenter.Controllers
             return new JsonResult(new SelectList(list, "Id", "Name", selected));
         }
 
-        public JsonResult GetRole(Guid? parentId, Guid? selected = null, string search = null, ControllerScopeType? range = null)
+        public JsonResult GetRole(Guid parentId, List<Guid> selected = null)
         {
             using var scope = this._services.CreateScope();
             var repo = scope.ServiceProvider.GetRequiredService<IRepository<OrganRole>>();
-            var organId = scope.ServiceProvider.GetRequiredService<IHttpContextAccessor>().HttpContext.User.GetOrganId();
-
             var list = repo.ReadOnlyTable()
-                .WhereIf(range.HasValue && range == ControllerScopeType.Organ && organId.HasValue, o => o.OrganId == organId.Value)
-                .WhereIf(parentId.HasValue, o => o.OrganId == parentId.Value)
-                .WhereIf(!string.IsNullOrEmpty(search), o => o.Name.Contains(search))
-                .WhereIf(selected.HasValue, o => o.Id == selected.Value)
+                .Where(o => o.OrganId == parentId)
                 .Select(o => new { o.Id, Name = $"{o.Name} {o.Number}" })
-                .Take(20)
                 .ToList();
-            return new JsonResult(new SelectList(list, "Id", "Name", selected));
+            return new JsonResult(new MultiSelectList(list, "Id", "Name", selected));
+        }
+
+        public JsonResult GetPermission(Guid parentId, List<Guid> selected = null)
+        {
+            using var scope = this._services.CreateScope();
+            var repo = scope.ServiceProvider.GetRequiredService<IRepository<OrganRolePermission>>();
+            var list = repo.ReadOnlyTable()
+                //.Where(o => o.Permission.OrganId == parentId)
+                .Select(o => new { o.Permission.Id, o.Permission.Name })
+                .ToList();
+            return new JsonResult(new MultiSelectList(list, "Id", "Name", selected));
         }
 
+
         [ApiExplorerSettings(IgnoreApi = true)]
         public JsonResult GetPermissionCategory(Guid? organId,Guid? selected)
         {
diff --git a/projects/Platform/Areas/UserCenter/Controllers/Organ/OrganOrganRoleController.cs b/projects/Platform/Areas/UserCenter/Controllers/Organ/OrganOrganRoleController.cs
index c3ca7558..242ab72e 100644
--- a/projects/Platform/Areas/UserCenter/Controllers/Organ/OrganOrganRoleController.cs
+++ b/projects/Platform/Areas/UserCenter/Controllers/Organ/OrganOrganRoleController.cs
@@ -18,7 +18,7 @@ namespace IoT.Shared.Areas.UserCenter.Controllers
     [ControllerScope(ControllerScopeType.Organ)]
     public class OrganOrganRoleController : OrganRoleController
     {
-        public OrganOrganRoleController(IRepository<OrganRole> repo, AjaxController ajax) : base(repo, ajax)
+        public OrganOrganRoleController(IRepository<OrganRole> repo, AjaxController ajax, IRepository<Organ> organRepo) : base(repo, ajax, organRepo)
         {
         }
 
diff --git a/projects/Platform/Areas/UserCenter/Controllers/OrganRoleController.cs b/projects/Platform/Areas/UserCenter/Controllers/OrganRoleController.cs
index 4a84b92a..4d174ef6 100644
--- a/projects/Platform/Areas/UserCenter/Controllers/OrganRoleController.cs
+++ b/projects/Platform/Areas/UserCenter/Controllers/OrganRoleController.cs
@@ -20,16 +20,19 @@ namespace IoT.Shared.Areas.UserCenter.Controllers
     public class OrganRoleController : CrudController<OrganRole, EditRoleModel>
     {
         private readonly AjaxController _ajax;
+        private readonly IRepository<Organ> _organRepo;
 
-        public OrganRoleController(IRepository<OrganRole> repo, AjaxController ajax) : base(repo)
+        public OrganRoleController(IRepository<OrganRole> repo, AjaxController ajax, IRepository<Organ> organRepo) : base(repo)
         {
             this._ajax = ajax;
+            this._organRepo = organRepo;
         }
 
         public override IQueryable<OrganRole> Include(IQueryable<OrganRole> query)
         {
             return query
-                .Include(o => o.Organ);
+                .Include(o => o.Organ)
+                .Include(o=>o.RolePermissions).ThenInclude(o=>o.Permission);
         }
 
         public override IQueryable<OrganRole> Query(PagedListModel<EditRoleModel> model, IQueryable<OrganRole> query)
@@ -42,13 +45,27 @@ namespace IoT.Shared.Areas.UserCenter.Controllers
 
         public override void ToDisplayModel(OrganRole entity, EditRoleModel model)
         {
-            ViewData.Add(model.OrganId, entity?.Organ?.Name);
+            var name = this._organRepo.ReadOnlyTable()
+                    .Where(o => o.Left <= entity.Organ.Left && o.Left > 1)
+                    .ToList()
+                    .ToTree()
+                    .FirstOrDefault(o => o.Id == entity.OrganId)?.GetDisplayName();
+            ViewData.Add(model.OrganId, name);
+            model.Permissions = entity.RolePermissions.Select(o => o.PermissionId).ToList();
+            entity.RolePermissions.ForEach(o => ViewData.Add(o.PermissionId, o.Permission.Name));
         }
 
         public override void ToEditModel(OrganRole entity, EditRoleModel model)
         {
-            base.ToEditModel(entity, model);
             this.ViewData.SelectList(o => model.OrganId, () => this._ajax.GetOrgan(model.OrganId).SelectList());
+            if (entity != null)
+            {
+                model.Permissions = entity.RolePermissions.Select(o => o.PermissionId).ToList();
+            }
+            if (model.OrganId.HasValue)
+            {
+                ViewData.MultiSelectList(o => model.Permissions, () => this._ajax.GetPermission(model.OrganId.Value, model.Permissions).MultiSelectList());
+            }
         }
     }
 }
diff --git a/projects/Platform/Areas/UserCenter/Controllers/OrganUserController.cs b/projects/Platform/Areas/UserCenter/Controllers/OrganUserController.cs
index 0d3ccdff..d289e5b4 100644
--- a/projects/Platform/Areas/UserCenter/Controllers/OrganUserController.cs
+++ b/projects/Platform/Areas/UserCenter/Controllers/OrganUserController.cs
@@ -32,8 +32,10 @@ namespace Platform.Areas.UserCenter.Controllers
         {
             return query
                 .Include(o => o.Organ)
-                .Include(o => o.User);
+                .Include(o => o.User)
+                .Include(o => o.UserRoles).ThenInclude(o => o.OrganRole);
         }
+
         public override IQueryable<OrganUser> Query(PagedListModel<EditOrganUserModel> model, IQueryable<OrganUser> query)
         {
             return query
@@ -43,9 +45,10 @@ namespace Platform.Areas.UserCenter.Controllers
                 .WhereIf(model.Query.Type.HasValue, o => o.Type == model.Query.Type.Value)
                 .WhereIf(!string.IsNullOrEmpty(model.Query.CustomType), o => o.CustomType.Contains(model.Query.CustomType));
         }
+
         public override void ToDisplayModel(OrganUser entity, EditOrganUserModel model)
         {
-            if(entity!=null)
+            if (entity != null)
             {
                 var name = this._organRepo.ReadOnlyTable()
                     .Where(o => o.Left <= entity.Organ.Left && o.Left > 1)
@@ -54,17 +57,44 @@ namespace Platform.Areas.UserCenter.Controllers
                     .FirstOrDefault(o => o.Id == entity.OrganId)?.GetDisplayName();
                 ViewData.Add(model.OrganId, name);
                 ViewData.Add(model.UserId, $"{entity.User?.UserName} {entity.User?.RealName}");
+                model.Roles = entity.UserRoles.Select(o => o.OrganRoleId).ToList();
+                entity.UserRoles.ForEach(o => ViewData.Add(o.OrganRoleId, o.OrganRole.Name));
             }
         }
 
         public override void ToEditModel(OrganUser entity, EditOrganUserModel model)
         {
-            base.ToEditModel(entity, model);
             this.ViewData.SelectList(o => model.OrganId, () => this._ajax.GetOrgan(model.OrganId).SelectList());
             if (model.OrganId.HasValue)
             {
                 ViewData.SelectList(o => model.UserId, () => this._ajax.GetUser(model.OrganId.Value, model.UserId).SelectList());
             }
+            if (entity != null)
+            {
+                model.Roles = entity.UserRoles.Select(o => o.OrganRoleId).ToList();
+            }
+            if (model.OrganId.HasValue)
+            {
+                ViewData.MultiSelectList(o => model.Roles, () => this._ajax.GetRole(model.OrganId.Value, model.Roles).MultiSelectList());
+            }
+        }
+
+        public override void ToEntity(EditOrganUserModel model, OrganUser entity)
+        {
+            foreach (var id in entity.UserRoles.Select(o => o.OrganRoleId).ToList())
+            {
+                if (!model.Roles.Any(o => o == id))
+                {
+                    entity.UserRoles.RemoveAll(o => !o.IsReadOnly && o.OrganRoleId == id);
+                }
+            }
+            foreach (var id in model.Roles)
+            {
+                if (!entity.UserRoles.Any(o => o.OrganRoleId == id))
+                {
+                    entity.UserRoles.Add(new OrganUserRole { OrganRoleId = id });
+                }
+            }
         }
     }
-}
+}
\ No newline at end of file
diff --git a/projects/Platform/Areas/UserCenter/Views/Shared/_Menu.cshtml b/projects/Platform/Areas/UserCenter/Views/Shared/_Menu.cshtml
index d2200c56..05d2f6c1 100644
--- a/projects/Platform/Areas/UserCenter/Views/Shared/_Menu.cshtml
+++ b/projects/Platform/Areas/UserCenter/Views/Shared/_Menu.cshtml
@@ -32,16 +32,16 @@
     }
     @if (HasPermission("Read-Platform-OrganRole"))
     {
-    <li class="nav-item"><a class="@GetLinkClass("RoleOrganRole")" href="@Url.Action("Index","OrganRole")"><i class="far fa-circle nav-icon"></i><p>角色管理</p></a></li>
+    <li class="nav-item"><a class="@GetLinkClass("OrganRole")" href="@Url.Action("Index","OrganRole")"><i class="far fa-circle nav-icon"></i><p>角色管理</p></a></li>
     }
-    @if (HasPermission("Read-Platform-OrganRolePermission"))
+    @*@if (HasPermission("Read-Platform-OrganRolePermission"))
     {
     <li class="nav-item"><a class="@GetLinkClass("OrganRolePermission")" href="@Url.Action("Index","OrganRolePermission")"><i class="far fa-circle nav-icon"></i><p>角色权限</p></a></li>
-    }
-    @if (HasPermission("Read-Platform-OrganUserRole"))
+    }*@
+    @*@if (HasPermission("Read-Platform-OrganUserRole"))
     {
     <li class="nav-item"><a class="@GetLinkClass("OrganUserRole")" href="@Url.Action("Index","OrganUserRole")"><i class="far fa-circle nav-icon"></i><p>用户角色</p></a></li>
-    }
+    }*@
     @if (HasPermission("Read-Platform-OrganUser"))
     {
     <li class="nav-item"><a class="@GetLinkClass("OrganUser")" href="@Url.Action("Index","OrganUser")"><i class="far fa-circle nav-icon"></i><p>机构用户</p></a></li>
diff --git a/projects/Platform/UserService.cs b/projects/Platform/UserService.cs
index 8390aea5..1ca66aec 100644
--- a/projects/Platform/UserService.cs
+++ b/projects/Platform/UserService.cs
@@ -47,6 +47,10 @@ namespace Platform
                        .Select(o => new Claim(ClaimTypes.Role, o))
                        .ToList();
                 list.Add(new Claim(ClaimTypes.GivenName, organUser.User.NickName));
+                if(!string.IsNullOrEmpty(organUser.User.Avatar))
+                {
+                    list.Add(new Claim("Avatar", organUser.User.Avatar));
+                }
             }
 
             return list;
diff --git a/projects/Platform/Views/Shared/_Layout.cshtml b/projects/Platform/Views/Shared/_Layout.cshtml
index 3f868c6b..9c15e0d6 100644
--- a/projects/Platform/Views/Shared/_Layout.cshtml
+++ b/projects/Platform/Views/Shared/_Layout.cshtml
@@ -43,8 +43,12 @@
                     @if (User.Identity.IsAuthenticated)
                     {
                         var displayName = User.Claims.FirstOrDefault(o => o.Type == System.Security.Claims.ClaimTypes.GivenName)?.Value ?? User.Identity.Name;
+                        var avatar= User.Claims.FirstOrDefault(o => o.Type == "Avatar")?.Value ?? Url.Content2("~/images/empty.svg");
                     <li class="nav-item">
-                        <a href="@Url.Action("Index","Account",new { area=""})" class="@GetLinkClass(area:"",controller:"Account")">@displayName</a>
+                        <a title="avatar" href="@Url.Action("Index","Account",new { area=""})" class=""><img class="img-circle logo" src="@avatar" /></a>
+                    </li>
+                    <li class="nav-item">
+                        <a title="avatar" href="@Url.Action("Index","Account",new { area=""})" class="@GetLinkClass(area:"",controller:"Account")">@displayName</a>
                     </li>
                     <li class="nav-item">
                         <a class="nav-link" href="@Url.Action("Logout","Account",new { area=""})" click="logout">退出</a>