diff --git a/system/src/main/java/com/canvas/web/modules/system/controller/RoleController.java b/system/src/main/java/com/canvas/web/modules/system/controller/RoleController.java
index 29fc80a..10db980 100644
--- a/system/src/main/java/com/canvas/web/modules/system/controller/RoleController.java
+++ b/system/src/main/java/com/canvas/web/modules/system/controller/RoleController.java
@@ -5,6 +5,7 @@ import com.canvas.web.annotation.rest.AnonymousPostMapping;
 import com.canvas.web.enums.ResponseEnum;
 import com.canvas.web.exception.BaseException;
 import com.canvas.web.modules.system.domain.Role;
+import com.canvas.web.modules.system.service.OrgService;
 import com.canvas.web.modules.system.service.RoleService;
 import com.canvas.web.modules.system.service.dto.RoleDto;
 import com.canvas.web.modules.system.service.dto.RoleQueryCriteria;
@@ -18,10 +19,7 @@ import lombok.RequiredArgsConstructor;
 import org.springframework.data.domain.Pageable;
 import org.springframework.util.ObjectUtils;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.PutMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.Collections;
 import java.util.List;
@@ -34,6 +32,7 @@ import java.util.stream.Collectors;
 public class RoleController {
 
     private final RoleService roleService;
+    private final OrgService orgService;
 
     private static final String ENTITY_NAME="role";
 
@@ -77,6 +76,13 @@ public class RoleController {
         return Response.success("修改成功");
     }
 
+    @ApiOperation("查询机构所有权限")
+    @GetMapping("menus")
+    public Response<Object> queryRoleMenus(){
+        Long id=SecurityUtils.getCurrentOrgId();
+        return Response.success(orgService.findById(id));
+    }
+
 
 
     //TODO:暂时不需要判断用户等级
diff --git a/system/src/main/java/com/canvas/web/modules/system/domain/Menu.java b/system/src/main/java/com/canvas/web/modules/system/domain/Menu.java
index 197150e..3fd5dcb 100644
--- a/system/src/main/java/com/canvas/web/modules/system/domain/Menu.java
+++ b/system/src/main/java/com/canvas/web/modules/system/domain/Menu.java
@@ -9,6 +9,7 @@ import lombok.Setter;
 import javax.persistence.*;
 import javax.validation.constraints.NotNull;
 import java.io.Serializable;
+import java.util.HashSet;
 import java.util.Objects;
 import java.util.Set;
 
@@ -30,6 +31,11 @@ public class Menu extends BaseEntity implements Serializable {
     @ApiModelProperty(value = "菜单角色")
     private Set<Role> roles;
 
+
+    @ManyToMany(mappedBy = "menus")
+    @ApiModelProperty(value = "组织机构")
+    private Set<Org> org;
+
     @ApiModelProperty(value = "菜单标题")
     private String title;
 
diff --git a/system/src/main/java/com/canvas/web/modules/system/domain/Org.java b/system/src/main/java/com/canvas/web/modules/system/domain/Org.java
index cc74fc7..8538db3 100644
--- a/system/src/main/java/com/canvas/web/modules/system/domain/Org.java
+++ b/system/src/main/java/com/canvas/web/modules/system/domain/Org.java
@@ -10,13 +10,14 @@ import javax.persistence.*;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 import java.io.Serializable;
+import java.util.HashSet;
 import java.util.Objects;
 import java.util.Set;
 
 @Entity
 @Getter
 @Setter
-@Table(name="organization")
+@Table(name = "organization")
 public class Org extends BaseEntity implements Serializable {
     @Id
     @Column(name = "id")
@@ -30,6 +31,14 @@ public class Org extends BaseEntity implements Serializable {
     @ApiModelProperty(value = "角色")
     private Set<Role> roles;
 
+
+    @ManyToMany
+    @JoinTable(name = "sys_orgs_menus",
+            joinColumns = {@JoinColumn(name = "org_id", referencedColumnName = "id")},
+            inverseJoinColumns = {@JoinColumn(name = "menu_id", referencedColumnName = "id")})
+    @ApiModelProperty(value = "权限菜单", hidden = true)
+    private Set<Menu> menus;
+
     @NotBlank
     @ApiModelProperty(value = "机构名称")
     private String name;
diff --git a/system/src/main/java/com/canvas/web/modules/system/repository/RoleRepository.java b/system/src/main/java/com/canvas/web/modules/system/repository/RoleRepository.java
index 49c899b..9987fe9 100644
--- a/system/src/main/java/com/canvas/web/modules/system/repository/RoleRepository.java
+++ b/system/src/main/java/com/canvas/web/modules/system/repository/RoleRepository.java
@@ -34,4 +34,9 @@ public interface RoleRepository extends JpaRepository<Role, Long>, JpaSpecificat
     @Query(value = "SELECT r.* FROM sys_role r, sys_roles_menus m WHERE " +
             "r.id = m.role_id AND m.menu_id in ?1",nativeQuery = true)
     List<Role> findInMenuId(List<Long> menuIds);
+
+
+
+
+
 }
diff --git a/system/src/main/java/com/canvas/web/modules/system/service/OrgService.java b/system/src/main/java/com/canvas/web/modules/system/service/OrgService.java
index c61f42f..4cafcca 100644
--- a/system/src/main/java/com/canvas/web/modules/system/service/OrgService.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/OrgService.java
@@ -1,8 +1,10 @@
 package com.canvas.web.modules.system.service;
 
 import com.canvas.web.modules.system.domain.Org;
+import com.canvas.web.modules.system.service.dto.MenuDto;
 import com.canvas.web.modules.system.service.dto.OrgDto;
 
+import java.util.List;
 import java.util.Set;
 
 public interface OrgService {
@@ -11,7 +13,6 @@ public interface OrgService {
     //根据id查询机构
     OrgDto findById(Long id);
 
-
     //创建机构
     void create(OrgDto orgDto);
 
@@ -28,4 +29,7 @@ public interface OrgService {
     //验证是否被角色或用户关联
     void verification(Set<OrgDto> orgDtos);
 
+    //查询机构权限
+    List<MenuDto> queryOrgMenus(Long id);
+
 }
diff --git a/system/src/main/java/com/canvas/web/modules/system/service/RoleService.java b/system/src/main/java/com/canvas/web/modules/system/service/RoleService.java
index 5c43a52..305e38d 100644
--- a/system/src/main/java/com/canvas/web/modules/system/service/RoleService.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/RoleService.java
@@ -2,10 +2,7 @@ package com.canvas.web.modules.system.service;
 
 import com.canvas.web.modules.system.domain.Org;
 import com.canvas.web.modules.system.domain.Role;
-import com.canvas.web.modules.system.service.dto.RoleDto;
-import com.canvas.web.modules.system.service.dto.RoleQueryCriteria;
-import com.canvas.web.modules.system.service.dto.RoleSmallDto;
-import com.canvas.web.modules.system.service.dto.UserDto;
+import com.canvas.web.modules.system.service.dto.*;
 import org.springframework.data.domain.Pageable;
 import org.springframework.security.core.GrantedAuthority;
 
@@ -49,4 +46,7 @@ public interface RoleService {
 
     //编辑
     void update(RoleDto roleDto);
+
+    //查询机构权限
+    List<RoleDto> queryOrgMenus(Long id);
 }
diff --git a/system/src/main/java/com/canvas/web/modules/system/service/dto/OrgDto.java b/system/src/main/java/com/canvas/web/modules/system/service/dto/OrgDto.java
index d640993..3088950 100644
--- a/system/src/main/java/com/canvas/web/modules/system/service/dto/OrgDto.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/dto/OrgDto.java
@@ -1,6 +1,7 @@
 package com.canvas.web.modules.system.service.dto;
 
 import com.canvas.web.base.BaseDTO;
+import com.canvas.web.modules.system.domain.Menu;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import lombok.Getter;
 import lombok.Setter;
@@ -8,6 +9,7 @@ import lombok.Setter;
 import java.io.Serializable;
 import java.util.List;
 import java.util.Objects;
+import java.util.Set;
 
 @Getter
 @Setter
@@ -21,6 +23,8 @@ public class OrgDto extends BaseDTO implements Serializable {
 
     private Integer orgSort;
 
+    private Set<Menu> menus;
+
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     private List<OrgDto> children;
 
diff --git a/system/src/main/java/com/canvas/web/modules/system/service/impl/OrgServiceImpl.java b/system/src/main/java/com/canvas/web/modules/system/service/impl/OrgServiceImpl.java
index 1249b81..bbfd394 100644
--- a/system/src/main/java/com/canvas/web/modules/system/service/impl/OrgServiceImpl.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/impl/OrgServiceImpl.java
@@ -5,13 +5,16 @@ import com.canvas.web.modules.system.repository.OrgRepository;
 import com.canvas.web.modules.system.repository.RoleRepository;
 import com.canvas.web.modules.system.repository.UserRepository;
 import com.canvas.web.modules.system.service.OrgService;
+import com.canvas.web.modules.system.service.dto.MenuDto;
 import com.canvas.web.modules.system.service.dto.OrgDto;
 import com.canvas.web.modules.system.service.mapstruct.OrgMapper;
 import com.canvas.web.utils.RedisUtils;
+import com.canvas.web.utils.ValidationUtil;
 import lombok.RequiredArgsConstructor;
 import org.springframework.cache.annotation.CacheConfig;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
 import java.util.Set;
 
 @Service
@@ -29,7 +32,9 @@ public class OrgServiceImpl implements OrgService {
 
     @Override
     public OrgDto findById(Long id) {
-        return null;
+        Org org=orgRepository.findById(id).orElseGet(Org::new);
+        ValidationUtil.isNull(org.getId(),"Org","id",id);
+        return orgMapper.toDto(org);
     }
 
     @Override
@@ -57,4 +62,9 @@ public class OrgServiceImpl implements OrgService {
     public void verification(Set<OrgDto> orgDtos) {
 
     }
+
+    @Override
+    public List<MenuDto> queryOrgMenus(Long id) {
+        return null;
+    }
 }
diff --git a/system/src/main/java/com/canvas/web/modules/system/service/impl/RoleServiceImpl.java b/system/src/main/java/com/canvas/web/modules/system/service/impl/RoleServiceImpl.java
index b537d45..94dd267 100644
--- a/system/src/main/java/com/canvas/web/modules/system/service/impl/RoleServiceImpl.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/impl/RoleServiceImpl.java
@@ -139,6 +139,12 @@ public class RoleServiceImpl implements RoleService {
         delCaches(role.getId(), null);
     }
 
+    @Override
+    public List<RoleDto> queryOrgMenus(Long id) {
+        //roleRepository.findByOrgId;
+        return null;
+    }
+
 
     //清理缓存
     public void delCaches(Long id, List<User> users) {
diff --git a/system/src/main/resources/config/application-dev.yml b/system/src/main/resources/config/application-dev.yml
index 8f7efda..7cef909 100644
--- a/system/src/main/resources/config/application-dev.yml
+++ b/system/src/main/resources/config/application-dev.yml
@@ -77,7 +77,8 @@ jwt:
   # 必须使用最少88位的Base64对该令牌进行编码
   base64-secret: ZmQ0ZGI5NjQ0MDQwY2I4MjMxY2Y3ZmI3MjdhN2ZmMjNhODViOTg1ZGE0NTBjMGM4NDA5NzYxMjdjOWMwYWRmZTBlZjlhNGY3ZTg4Y2U3YTE1ODVkZDU5Y2Y3OGYwZWE1NzUzNWQ2YjFjZDc0NGMxZWU2MmQ3MjY1NzJmNTE0MzI=
   # 令牌过期时间 此处单位/毫秒 ，默认4小时，可在此网站生成 https://www.convertworld.com/zh-hans/time/milliseconds.html
-  token-validity-in-seconds: 14400000
+  # 120个小时5天
+  token-validity-in-seconds: 432000000
   # 在线用户key
   online-key: online-token-
   # 验证码
diff --git a/system/src/main/resources/config/application-prod.yml b/system/src/main/resources/config/application-prod.yml
index 282d253..31d559b 100644
--- a/system/src/main/resources/config/application-prod.yml
+++ b/system/src/main/resources/config/application-prod.yml
@@ -77,14 +77,15 @@ jwt:
   # 必须使用最少88位的Base64对该令牌进行编码
   base64-secret: ZmQ0ZGI5NjQ0MDQwY2I4MjMxY2Y3ZmI3MjdhN2ZmMjNhODViOTg1ZGE0NTBjMGM4NDA5NzYxMjdjOWMwYWRmZTBlZjlhNGY3ZTg4Y2U3YTE1ODVkZDU5Y2Y3OGYwZWE1NzUzNWQ2YjFjZDc0NGMxZWU2MmQ3MjY1NzJmNTE0MzI=
   # 令牌过期时间 此处单位/毫秒 ，默认2小时，可在此网站生成 https://www.convertworld.com/zh-hans/time/milliseconds.html
-  token-validity-in-seconds: 7200000
+  # 120小时
+  token-validity-in-seconds: 432000000
   # 在线用户key
   online-key: online-token-
   # 验证码
   code-key: code-key-
   # token 续期检查时间范围（默认30分钟，单位默认毫秒），在token即将过期的一段时间内用户操作了，则给用户的token续期
   detect: 1800000
-  # 续期时间范围，默认 1小时，这里单位毫秒
+  # 续期时间范围，默认1小时，这里单位毫秒
   renew: 3600000
 
 # IP 本地解析