diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/UserAuthenticationController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/UserAuthenticationController.java
index 1a100ff44..ba0679dec 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/UserAuthenticationController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/UserAuthenticationController.java
@@ -30,14 +30,14 @@ public class UserAuthenticationController extends XktBaseController {
 
     final IUserAuthenticationService userAuthService;
 
-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,seller')")
+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,agent')")
     @ApiOperation(value = "新增代发 ", httpMethod = "POST", response = R.class)
     @PostMapping()
     public R<Integer> create(@Validated @RequestBody UserAuthCreateVO createVO) {
         return R.ok(userAuthService.create(BeanUtil.toBean(createVO, UserAuthCreateDTO.class)));
     }
 
-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,seller')")
+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store,seller,agent')||@ss.hasSupplierSubRole()")
     @ApiOperation(value = "APP 代发列表 ", httpMethod = "POST", response = R.class)
     @PostMapping("/app/page")
     public R<Page<UserAuthAppPageResDTO>> appPage(@Validated @RequestBody UserAuthPageVO pageVO) {