diff --git a/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs b/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs
index 272ec5d..00f8f1c 100644
--- a/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs
+++ b/src/CellularManagement.Application/Features/Auth/Commands/AuthenticateUser/AuthenticateUserCommandHandler.cs
@@ -19,6 +19,7 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
     private readonly IJwtProvider _jwtProvider;
     private readonly ILogger<AuthenticateUserCommandHandler> _logger;
     private readonly IUserRoleRepository _userRoleRepository;
+    private readonly IRolePermissionRepository _rolePermissionRepository;
 
     /// <summary>
     /// 初始化处理器
@@ -27,12 +28,14 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
         UserManager<AppUser> userManager,
         IJwtProvider jwtProvider,
         ILogger<AuthenticateUserCommandHandler> logger,
-        IUserRoleRepository userRoleRepository)
+        IUserRoleRepository userRoleRepository,
+        IRolePermissionRepository rolePermissionRepository)
     {
         _userManager = userManager;
         _jwtProvider = jwtProvider;
         _logger = logger;
         _userRoleRepository = userRoleRepository;
+        _rolePermissionRepository = rolePermissionRepository;
     }
 
     /// <summary>
@@ -85,6 +88,20 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
             // 添加角色声明
             claims.AddRange(roles.Select(role => new Claim(ClaimTypes.Role, role)));
 
+            // 获取所有角色的权限
+            var permissions = new Dictionary<string, bool>();
+            foreach (var role in roles)
+            {
+                var rolePermissions = await _rolePermissionRepository.GetRolePermissionsWithDetailsAsync(role, cancellationToken);
+                foreach (var rolePermission in rolePermissions)
+                {
+                    if (!permissions.ContainsKey(rolePermission.Permission.Code))
+                    {
+                        permissions[rolePermission.Permission.Code] = true;
+                    }
+                }
+            }
+
             // 生成访问令牌
             var accessToken = _jwtProvider.GenerateAccessToken(claims);
 
@@ -100,7 +117,8 @@ public sealed class AuthenticateUserCommandHandler : IRequestHandler<Authenticat
                 user.UserName!,
                 user.Email!,
                 user.PhoneNumber,
-                roles);
+                roles,
+                permissions);
 
             _logger.LogInformation("用户 {UserName} 认证成功", request.UserName);