diff --git a/handler/cid.go b/handler/cid.go
index 2108c95..7c3ac65 100644
--- a/handler/cid.go
+++ b/handler/cid.go
@@ -50,10 +50,17 @@ func SetUpCIDGroup(router *gin.Engine) {
 }
 func RunCID(c *gin.Context) {
 	var req CIDRunReq
+	id, _ := c.Get("id")
+	authID := int(id.(float64))
+	//获取权限
+	user := dao.FindUserByUserID(authID)
+	if user.Run == false {
+		c.JSON(200, gin.H{"error": "no run Permissions", "code": proto.NoRunPermissions, "message": "no run Permissions"})
+		return
+	}
+
 	if err := c.ShouldBind(&req); err == nil {
 		// 获取用户ID
-		id, _ := c.Get("id")
-		authID := int(id.(float64))
 		username, _ := c.Get("username")
 		cid := dao.FindCIDByID(req.ID, authID)
 		if cid.ID == 0 {
@@ -165,11 +172,18 @@ func CIDCallback(c *gin.Context) {
 	fmt.Println("token:", token, "cid_id:", cid_id)
 	//将cid转换为int
 	cid, _ := strconv.Atoi(cid_id)
+
 	if token == "" || cid == 0 {
 		c.JSON(200, gin.H{"error": "parameter error", "code": proto.ParameterError, "message": "failed"})
 		return
 	}
 	res := dao.FindCIDByIDAndToken(cid, token)
+
+	user := dao.FindUserByUserID(res.Auth_id)
+	if user.Run == false {
+		c.JSON(200, gin.H{"error": "no run Permissions", "code": proto.NoRunPermissions, "message": "the user has no run Permissions"})
+		return
+	}
 	if res.ID != 0 {
 		user := dao.FindUserByID(res.Auth_id)
 		go RunShell(user[0].Name, res.Url, res.Script, int(res.ID), res.Auth_id)
diff --git a/proto/status.go b/proto/status.go
index cc636b1..42268d1 100644
--- a/proto/status.go
+++ b/proto/status.go
@@ -43,5 +43,7 @@ const (
 	UUIDNotFound = 18 // uuid不存在
 
 	//Tool
-	NoRedisPermissions = 51
+	NoRedisPermissions  = 51
+	NoRunPermissions    = 52
+	NoDevicePermissions = 53
 )