diff --git a/src/main/java/org/cmh/backend/UserManagement/controller/UserManagementController.java b/src/main/java/org/cmh/backend/UserManagement/controller/UserManagementController.java
index 30f6041..c757fce 100644
--- a/src/main/java/org/cmh/backend/UserManagement/controller/UserManagementController.java
+++ b/src/main/java/org/cmh/backend/UserManagement/controller/UserManagementController.java
@@ -1,11 +1,13 @@
 package org.cmh.backend.UserManagement.controller;
 
+import io.jsonwebtoken.JwtParser;
 import jakarta.transaction.Transactional;
 import org.cmh.backend.OrganizationManagement.service.OrganizationService;
 import org.cmh.backend.UserManagement.adpter.User2UserHS;
 import org.cmh.backend.UserManagement.adpter.UserHS2User;
 import org.cmh.backend.UserManagement.service.UserManagementService;
 import org.cmh.backend.UserManagement.model.User;
+import org.cmh.backend.Utils.JwtUtil;
 import org.cmh.backend.Utils.JwtVerify;
 import org.cmh.backend.authentication.dto.UserProfileResponse;
 import org.cmh.backend.authentication.model.UserHS;
@@ -52,10 +54,18 @@ public class UserManagementController {
     @GetMapping("/getAll")
     @JwtVerify
     public List<User> getAll(@RequestParam String token) {
-        // 这里分权限进行不同请求
-        //这里getAll??
+        String username = JwtUtil.extractUsername(token);
+        UserHS userHS = userService.getUserByUsername(username);
         List<UserHS> userHSList = userService.getAllUsers();
-        return UserHS2User.convertList(userHSList);
+        //这里分权限进行不同请求
+        //超级管理员
+        if(userHS.getSuperAdmin()){
+            return UserHS2User.convertList(userHSList);
+        }else{
+            return null
+        }
+
+        return null;
     }