diff --git a/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java b/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java
index 72d599d..670c9a8 100644
--- a/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java
+++ b/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java
@@ -139,8 +139,8 @@ public class PurchaseManage {
         UserInfoDetails user = LoginUserUtil.loginUserDetail();
         Assert.notNull(user, "获取登录用户失败!");
         LambdaQueryWrapper<Project> query = ProjectManageUtil.projectQuery(req);
-        //只能看自己单位的
-        query.eq(Project::getBuildOrgCode, user.getMhUnitIdStr());
+        //数据权限
+        permission(query, user);
         //待采购状态
         query.in(Project::getStatus, Lists.newArrayList(ProjectStatus.TO_BE_PURCHASED.getCode(),
                 ProjectStatus.ON_PURCHASING.getCode()));
@@ -193,6 +193,21 @@ public class PurchaseManage {
         return PageVo.of(records, page.getTotal());
     }
 
+    /**
+     * 根据角色 分配权限
+     * @param query
+     * @param user
+     */
+    private void permission(LambdaQueryWrapper<Project> query, UserInfoDetails user) {
+        //超管看所有
+        if (user.getSuperAdmin()) {
+            log.info("超管查看所有采购信息 :{}", user.getUsername());
+        } else {
+            //其他情况 只能看自己单位
+            query.eq(Project::getBuildOrgCode, user.getMhUnitIdStr());
+        }
+    }
+
     public void exportList(HttpServletResponse response, ProjectListReq param) {
         UserFullInfoDTO user = userInfoHelper.getUserFullInfo(LoginUserUtil.getUserId());
         VUtils.isTrue(Objects.isNull(user)).throwMessage("获取登录用户失败!");