diff --git a/app/api/endpoints/download.py b/app/api/endpoints/download.py
index c2dbe9b0..22a01bf0 100644
--- a/app/api/endpoints/download.py
+++ b/app/api/endpoints/download.py
@@ -9,7 +9,7 @@ from app.core.context import MediaInfo, Context, TorrentInfo
 from app.core.metainfo import MetaInfo
 from app.core.security import verify_token
 from app.db.models.user import User
-from app.db.userauth import get_current_active_user
+from app.db.user_oper import get_current_active_user
 
 router = APIRouter()
 
diff --git a/app/api/endpoints/history.py b/app/api/endpoints/history.py
index 7102b1b0..241f8502 100644
--- a/app/api/endpoints/history.py
+++ b/app/api/endpoints/history.py
@@ -12,7 +12,7 @@ from app.db import get_db
 from app.db.models import User
 from app.db.models.downloadhistory import DownloadHistory
 from app.db.models.transferhistory import TransferHistory
-from app.db.userauth import get_current_active_superuser
+from app.db.user_oper import get_current_active_superuser
 from app.schemas.types import EventType
 
 router = APIRouter()
diff --git a/app/api/endpoints/message.py b/app/api/endpoints/message.py
index 1e29ded3..5d600fb0 100644
--- a/app/api/endpoints/message.py
+++ b/app/api/endpoints/message.py
@@ -14,7 +14,7 @@ from app.core.security import verify_token
 from app.db import get_db
 from app.db.models import User
 from app.db.models.message import Message
-from app.db.userauth import get_current_active_superuser
+from app.db.user_oper import get_current_active_superuser
 from app.log import logger
 from app.modules.wechat.WXBizMsgCrypt3 import WXBizMsgCrypt
 from app.schemas.types import MessageChannel
diff --git a/app/api/endpoints/site.py b/app/api/endpoints/site.py
index 0b4e6b21..eabeabf4 100644
--- a/app/api/endpoints/site.py
+++ b/app/api/endpoints/site.py
@@ -15,7 +15,7 @@ from app.db.models.site import Site
 from app.db.models.siteicon import SiteIcon
 from app.db.models.sitestatistic import SiteStatistic
 from app.db.systemconfig_oper import SystemConfigOper
-from app.db.userauth import get_current_active_superuser
+from app.db.user_oper import get_current_active_superuser
 from app.helper.sites import SitesHelper
 from app.scheduler import Scheduler
 from app.schemas.types import SystemConfigKey, EventType
diff --git a/app/api/endpoints/subscribe.py b/app/api/endpoints/subscribe.py
index fc9b59b0..f3001702 100644
--- a/app/api/endpoints/subscribe.py
+++ b/app/api/endpoints/subscribe.py
@@ -15,7 +15,7 @@ from app.db import get_db
 from app.db.models.subscribe import Subscribe
 from app.db.models.subscribehistory import SubscribeHistory
 from app.db.models.user import User
-from app.db.userauth import get_current_active_user
+from app.db.user_oper import get_current_active_user
 from app.helper.subscribe import SubscribeHelper
 from app.scheduler import Scheduler
 from app.schemas.types import MediaType
diff --git a/app/api/endpoints/system.py b/app/api/endpoints/system.py
index 8bf566cf..41ea1199 100644
--- a/app/api/endpoints/system.py
+++ b/app/api/endpoints/system.py
@@ -16,7 +16,7 @@ from app.core.module import ModuleManager
 from app.core.security import verify_token
 from app.db.models import User
 from app.db.systemconfig_oper import SystemConfigOper
-from app.db.userauth import get_current_active_superuser
+from app.db.user_oper import get_current_active_superuser
 from app.helper.message import MessageHelper
 from app.helper.progress import ProgressHelper
 from app.helper.rule import RuleHelper
diff --git a/app/api/endpoints/user.py b/app/api/endpoints/user.py
index 437ddb92..317bc3ca 100644
--- a/app/api/endpoints/user.py
+++ b/app/api/endpoints/user.py
@@ -9,7 +9,7 @@ from app import schemas
 from app.core.security import get_password_hash
 from app.db import get_db
 from app.db.models.user import User
-from app.db.userauth import get_current_active_superuser, get_current_active_user
+from app.db.user_oper import get_current_active_superuser, get_current_active_user
 from app.db.userconfig_oper import UserConfigOper
 from app.utils.otp import OtpUtils
 
diff --git a/app/db/user_oper.py b/app/db/user_oper.py
index 2c2abce2..0007f7e2 100644
--- a/app/db/user_oper.py
+++ b/app/db/user_oper.py
@@ -1,10 +1,72 @@
 import json
 from typing import Optional
 
+from fastapi import Depends, HTTPException
+from sqlalchemy.orm import Session
+
+from app import schemas
+from app.core.security import verify_token
 from app.db import DbOper
+from app.db import get_db
 from app.db.models.user import User
 
 
+def get_current_user(
+        db: Session = Depends(get_db),
+        token_data: schemas.TokenPayload = Depends(verify_token)
+) -> User:
+    """
+    获取当前用户
+    """
+    user = User.get(db, rid=token_data.sub)
+    if not user:
+        raise HTTPException(status_code=403, detail="用户不存在")
+    return user
+
+
+def get_current_active_user(
+        current_user: User = Depends(get_current_user),
+) -> User:
+    """
+    获取当前激活用户
+    """
+    if not current_user.is_active:
+        raise HTTPException(status_code=403, detail="用户未激活")
+    return current_user
+
+
+def get_current_active_superuser(
+        current_user: User = Depends(get_current_user),
+) -> User:
+    """
+    获取当前激活超级管理员
+    """
+    if not current_user.is_superuser:
+        raise HTTPException(
+            status_code=400, detail="用户权限不足"
+        )
+    return current_user
+
+
+def get_current_active_permission_user(
+        permission: str,
+        current_user: User = Depends(get_current_user)
+) -> User:
+    """
+    获取当前激活且有指定权限的用户
+    """
+    if not current_user.is_active:
+        raise HTTPException(status_code=403, detail="用户未激活")
+    if not current_user.permissions:
+        raise HTTPException(status_code=400, detail="用户权限不足")
+    permission_dict = json.loads(current_user.permissions)
+    for key in permission.split("."):
+        if key not in permission_dict or not permission_dict[key]:
+            raise HTTPException(status_code=400, detail="用户权限不足")
+        permission_dict = permission_dict[key]
+    return current_user
+
+
 class UserOper(DbOper):
     """
     用户管理
@@ -13,6 +75,27 @@ class UserOper(DbOper):
     def get_permissions(self, name: str) -> dict:
         """
         获取用户权限
+        {
+            "admin": "管理员",
+            "usermanage": "用户管理",
+            "dashboard": "仪表板",
+            "ranking": "推荐榜单",
+            "resource": {
+                "search": "搜索站点资源",
+                "download": "下载站点资源",
+            },
+            "subscribe": {
+                "request": "提交订阅请求",
+                "autopass": "订阅请求自动批准"
+                "approve": "审批订阅请求",
+                "calendar": "查看订阅日历",
+                "manage": "管理所有订阅"
+            },
+            "downloading": {
+                "view": "查看正在下载任务",
+                "manager": "管理正在下载任务"
+            }
+        }
         """
         user = User.get_by_name(self._db, name)
         if user:
diff --git a/app/db/userauth.py b/app/db/userauth.py
deleted file mode 100644
index abd87226..00000000
--- a/app/db/userauth.py
+++ /dev/null
@@ -1,35 +0,0 @@
-from fastapi import Depends, HTTPException
-from sqlalchemy.orm import Session
-
-from app import schemas
-from app.core.security import verify_token
-from app.db import get_db
-from app.db.models.user import User
-
-
-def get_current_user(
-        db: Session = Depends(get_db),
-        token_data: schemas.TokenPayload = Depends(verify_token)
-) -> User:
-    user = User.get(db, rid=token_data.sub)
-    if not user:
-        raise HTTPException(status_code=403, detail="用户不存在")
-    return user
-
-
-def get_current_active_user(
-        current_user: User = Depends(get_current_user),
-) -> User:
-    if not current_user.is_active:
-        raise HTTPException(status_code=403, detail="用户未激活")
-    return current_user
-
-
-def get_current_active_superuser(
-        current_user: User = Depends(get_current_user),
-) -> User:
-    if not current_user.is_superuser:
-        raise HTTPException(
-            status_code=400, detail="用户权限不足"
-        )
-    return current_user
diff --git a/app/helper/user.py b/app/helper/user.py
new file mode 100644
index 00000000..e69de29b