diff --git a/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java b/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java
index 43fbc7a..2f8278c 100644
--- a/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java
+++ b/hz-pm-api/src/main/java/com/hz/pm/api/projectdeclared/manage/PurchaseManage.java
@@ -4,12 +4,10 @@ import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.lang.Assert;
-import cn.hutool.core.util.ReflectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HttpUtil;
 import cn.hutool.json.JSONUtil;
 import com.alibaba.excel.EasyExcel;
-import com.baomidou.mybatisplus.core.conditions.Wrapper;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.core.toolkit.support.SFunction;
@@ -18,8 +16,11 @@ import com.google.common.collect.Lists;
 import com.hz.pm.api.common.helper.UserInfoHelper;
 import com.hz.pm.api.common.statemachine.util.StateMachineUtil;
 import com.hz.pm.api.common.statemachine.util.TenderStateMachineUtil;
+import com.hz.pm.api.common.util.BizUtils;
 import com.hz.pm.api.common.util.ExcelDownUtil;
 import com.hz.pm.api.common.util.ExcelExportStyle;
+import com.hz.pm.api.datascope.model.DataScopeDTO;
+import com.hz.pm.api.datascope.utils.DataScopeUtil;
 import com.hz.pm.api.external.MhApiClient;
 import com.hz.pm.api.external.MhFileClient;
 import com.hz.pm.api.external.model.dto.MhPurchaseNoticeDTO;
@@ -46,6 +47,7 @@ import com.hz.pm.api.projectlib.model.req.ProjectListReq;
 import com.hz.pm.api.projectlib.model.vo.ProjectLibListItemVO;
 import com.hz.pm.api.projectlib.model.vo.TenderListInfoVO;
 import com.hz.pm.api.projectlib.service.IProjectService;
+import com.hz.pm.api.user.helper.MhUnitCache;
 import com.hz.pm.api.user.security.model.UserFullInfoDTO;
 import com.hz.pm.api.user.security.model.UserInfoDetails;
 import com.hz.pm.api.user.util.LoginUserUtil;
@@ -57,7 +59,6 @@ import com.ningdatech.basic.util.NdDateUtils;
 import com.ningdatech.file.entity.File;
 import com.ningdatech.file.entity.vo.result.FileResultVO;
 import com.ningdatech.file.service.FileService;
-import io.swagger.models.auth.In;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeanUtils;
@@ -71,8 +72,6 @@ import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.*;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.util.function.Consumer;
-import java.util.function.Function;
 import java.util.stream.Collectors;
 
 /**
@@ -95,8 +94,43 @@ public class PurchaseManage {
     private final MhApiClient mhApiClient;
     private final MhFileClient mhFileClient;
     private final FileService fileService;
+    private final MhUnitCache mhUnitCache;
 
-
+    private boolean buildPurchaseQueryPermission(LambdaQueryWrapper<Purchase> query, UserFullInfoDTO user) {
+        boolean queryState = true;
+        Optional<DataScopeDTO> datascope = DataScopeUtil.getCurrentUserDataScopeHasUserId(user);
+        if (!datascope.isPresent()) {
+            log.warn("没有取到权限信息 当前查询 没有权限条件");
+            queryState = false;
+        } else {
+            final String existsSql = "select 1 from nd_project np where np.id = nd_purchase.project_id and np.build_org_code";
+            switch (datascope.get().getRole()) {
+                case NORMAL_MEMBER:
+                    //普通用户 只能看到自己单位去申报的
+                    query.exists(String.format("%s = '%s'", existsSql, user.getMhUnitIdStr()));
+                    break;
+                case COMPANY_MANAGER:
+                    List<Long> childUnitIds = mhUnitCache.getChildrenIdsRecursion(user.getMhUnitId());
+                    childUnitIds.add(user.getMhUnitId());
+                    List<String> viewUnitIdList = CollUtils.convert(childUnitIds, String::valueOf);
+                    query.exists(String.format("%s in %s", existsSql, BizUtils.inSqlJoin(viewUnitIdList)));
+                    break;
+                case SUPER_ADMIN:
+                    // 超级管理员 看到全市的 并且也要判断他 同时是不是单位管理员
+                    break;
+                case VISITOR:
+                    //访客可以看全市的
+                    break;
+                case DASHBOARD:
+                    break;
+                default:
+                    //没有权限的话 就让它查不到
+                    queryState = false;
+                    break;
+            }
+        }
+        return queryState;
+    }
 
     /**
      * 待采购的-项目列表
@@ -380,6 +414,10 @@ public class PurchaseManage {
                 .eq(req.getStatus() != null, function, req.getStatus())
                 .isNotNull(function)
                 .orderByDesc(Purchase::getCreateOn);
+        UserFullInfoDTO user = userInfoHelper.getUserFullInfo(LoginUserUtil.getUserId());
+        if (!buildPurchaseQueryPermission(query, user)) {
+            return PageVo.empty();
+        }
         Page<Purchase> page = purchaseService.page(req.page(), query);
         if (page.getTotal() == 0) {
             return PageVo.empty();