diff --git a/app/Enums/UserRole.php b/app/Enums/UserRole.php
new file mode 100644
index 0000000..fcc8295
--- /dev/null
+++ b/app/Enums/UserRole.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Enums;
+
+/**
+ * 用户身份
+ */
+enum UserRole: string
+{
+    /**
+     * 普通员工
+     */
+    case User = 'user';
+
+    /**
+     * 店长
+     */
+    case Store = 'store';
+
+    /**
+     * 管理员
+     */
+    case Admin = 'admin';
+
+    public static function options()
+    {
+        return [
+            self::User->value => '普通员工',
+            self::Store->value => '店长',
+            self::Admin->value => '管理员',
+        ];
+    }
+}
diff --git a/app/Http/Controllers/Api/Auth/UserController.php b/app/Http/Controllers/Api/Auth/UserController.php
new file mode 100644
index 0000000..1cbffdf
--- /dev/null
+++ b/app/Http/Controllers/Api/Auth/UserController.php
@@ -0,0 +1,69 @@
+<?php
+
+namespace App\Http\Controllers\Api\Auth;
+
+use App\Exceptions\RuntimeException;
+use App\Http\Controllers\Api\Controller;
+use App\Models\{Employee, Store, AdminUser};
+use Illuminate\Http\{Request, Response};
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\ValidationException;
+use App\Enums\UserRole;
+
+/**
+ * 个人中心
+ */
+class UserController extends Controller
+{
+    // 当前账户
+    public function profile()
+    {
+        $user = $this->guard()->user();
+        $admin = $user->adminUser;
+
+        return [
+            'id' => $user->id,
+            'avatar' => $admin->avatar,
+            'name' => $user->name,
+            'name' => $user->name,
+            'phone' => $user->phone,
+            'jobs' => $user->jobs->pluck('name'),
+            'unread_notifications' => 0,
+
+            // 身份: user-普通员工, store-店长, admin-管理员
+            'role' => $user->userRole(),
+        ];
+    }
+    // 修改账户信息
+    public function update(Request $request)
+    {
+        $request->validate([
+            'password' => ['nullable', 'confirmed'],
+        ]);
+
+        $user = $this->guard()->user();
+        $admin = $user->adminUser;
+        $data = $request->only(['avatar', 'name']);
+        if ($request->filled('password')) {
+            $data['password'] = Hash::make($request->input('password'));
+        }
+
+        $admin->update($data);
+        $user->update($data);
+
+        return response('', Response::HTTP_OK);
+    }
+
+    // 门店列表
+    public function storeList(Request $request)
+    {
+        $user = $this->guard()->user();
+        $role = $user->userRole();
+        $query = Store::filter($request->all());
+        if ($role == UserRole::User || $role == UserRole::Store) {
+            $query->whereIn('id', [$user->store_id]);
+        }
+
+        return $query->get();
+    }
+}
diff --git a/app/Http/Controllers/Api/Hr/EmployeeController.php b/app/Http/Controllers/Api/Hr/EmployeeController.php
new file mode 100644
index 0000000..87fb2a7
--- /dev/null
+++ b/app/Http/Controllers/Api/Hr/EmployeeController.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Controllers\Api\Hr;
+
+use App\Http\Controllers\Api\Controller;
+use App\Models\{Employee, Store, AdminUser};
+use Illuminate\Http\{Request, Response};
+use App\Enums\UserRole;
+
+/**
+ * 员工管理
+ */
+class EmployeeController extends Controller
+{
+    public function index(Request $request)
+    {
+        $user = $this->guard()->user();
+        $role = $user->userRole();
+        $query = Employee::filter($request->all());
+
+        if ($role == UserRole::User || $role == UserRole::Store) {
+            $query->whereIn('store_id', [$user->store_id]);
+        }
+
+        return $query->get();
+    }
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 494c050..f6bec14 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -64,5 +64,6 @@ class Kernel extends HttpKernel
         'signed' => \App\Http\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'user_role' => \App\Http\Middleware\CheckUserRole::class,
     ];
 }
diff --git a/app/Http/Middleware/CheckUserRole.php b/app/Http/Middleware/CheckUserRole.php
new file mode 100644
index 0000000..50d535c
--- /dev/null
+++ b/app/Http/Middleware/CheckUserRole.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class CheckUserRole
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next, ...$roles): Response
+    {
+        $user = auth('api')->user();
+        $currentRole = $user->userRole();
+        if (!in_array($currentRole, $roles)) {
+            throw new \App\Exceptions\RuntimeException('没有权限');
+        }
+        return $next($request);
+    }
+}
diff --git a/app/Models/Employee.php b/app/Models/Employee.php
index 7ace7ab..ee06ca9 100644
--- a/app/Models/Employee.php
+++ b/app/Models/Employee.php
@@ -12,6 +12,7 @@ use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Model;
 use Laravel\Sanctum\HasApiTokens;
 use Slowlyo\OwlAdmin\Models\AdminUser;
+use App\Enums\UserRole;
 
 /**
  * 员工
@@ -92,8 +93,22 @@ class Employee extends Model implements AuthenticatableContract
      */
     public function isAdministrator(): bool
     {
-        // @todo
-        return true;
+        return $this->adminUser->isAdministrator();
+    }
+
+    /**
+     * 用户身份
+     * user: 普通员工, store: 店长, admin: 管理员
+     */
+    public function userRole()
+    {
+        $role = UserRole::User;
+        if ($this->isAdministrator()) {
+            $role = UserRole::Admin;
+        } else if ($this->store_id && $this->store->master_id == $this->id) {
+            $role = UserRole::Store;
+        }
+        return $role;
     }
 
     protected function employeeStatusText(): Attribute
diff --git a/app/Models/Store.php b/app/Models/Store.php
index bdad6d6..26c8e22 100644
--- a/app/Models/Store.php
+++ b/app/Models/Store.php
@@ -26,6 +26,11 @@ class Store extends Model
 
     protected $appends = ['business_status_text', 'business_status_color'];
 
+    public function modelFilter()
+    {
+        return \App\Admin\Filters\StoreFilter::class;
+    }
+
     // 店长
     public function master()
     {
diff --git a/routes/api.php b/routes/api.php
index 0e01edd..8db7e55 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -13,6 +13,13 @@ Route::delete('/auth/logout', [AccessTokenController::class, 'destroy']);
 Route::group([
     'middleware' => ['auth:api'],
 ], function () {
+    // 当前账户信息
+    Route::get('auth/profile', [\App\Http\Controllers\Api\Auth\UserController::class, 'profile']);
+    // 修改账户信息
+    Route::post('auth/profile', [\App\Http\Controllers\Api\Auth\UserController::class, 'update']);
+    // 我的门店列表
+    Route::get('auth/stores', [\App\Http\Controllers\Api\Auth\UserController::class, 'storeList']);
+
     Route::get('/stats/dashboard', [StatsController::class, 'dashboard']);
 
     // 彩种类型
@@ -21,4 +28,7 @@ Route::group([
     Route::post('complaints', [ComplaintController::class, 'store']);
     // 意见箱
     Route::post('feedback', [FeedbackController::class, 'store']);
+
+    // 员工管理
+    Route::get('hr/employee', [\App\Http\Controllers\Api\Hr\EmployeeController::class, 'index'])->middleware(['user_role:store,admin']);
 });