diff --git a/app/Forms/ManagerForm.php b/app/Forms/ManagerForm.php
index 2abb5e8..08ebeed 100755
--- a/app/Forms/ManagerForm.php
+++ b/app/Forms/ManagerForm.php
@@ -14,6 +14,10 @@ class ManagerForm extends Form
             "teacher" => "管理老师",
             "manager" => "项目经理"
         ]]);
+        $this->add("order_status_ability", Field::SELECT, ["label" => "订单恢复权限", "choices" => [
+            "0" => "不开放",
+            "1" => "开放"
+        ]]);
         $this->add("project_id", Field::SELECT, ["label" => "管辖项目/医院", "rules" => "required", "attr" => ["multiple" => true, "data-plugin" => "select2"], "choices" => (new Project())->get()->pluck("name", "id")->toArray()]);
 
         $this->add("name", Field::TEXT, ["label" => "姓名", "rules" => "required"]);
diff --git a/app/Http/Controllers/Admin/CommonController.php b/app/Http/Controllers/Admin/CommonController.php
index b1bc340..f75ec71 100644
--- a/app/Http/Controllers/Admin/CommonController.php
+++ b/app/Http/Controllers/Admin/CommonController.php
@@ -155,7 +155,7 @@ class CommonController extends Controller
     public function update($id = null, Request $request)
     {
         try {
-            $data = $data = (new CommonModel())->setTable($this->model->getTable())->filterRequestColumns($request, ["id"]);
+            $data = (new CommonModel())->setTable($this->model->getTable())->filterRequestColumns($request, ["id"]);
             $model = $this->model->find($id ?: $request->id);
             $model->update($data);
             $this->updated($model);
diff --git a/app/Http/Controllers/Manager/OrdersController.php b/app/Http/Controllers/Manager/OrdersController.php
index 1ad1554..295fbf0 100644
--- a/app/Http/Controllers/Manager/OrdersController.php
+++ b/app/Http/Controllers/Manager/OrdersController.php
@@ -1713,7 +1713,6 @@ class OrdersController extends CommonController
      *     summary="V2-更新订单状态",
      *     description="更新订单状态",
      *     @OA\Parameter(name="token", in="query", @OA\Schema(type="string"), required=true, description="token"),
-     *     @OA\Parameter(name="id", in="query", @OA\Schema(type="integer"), required=true, description="订单ID"),
      *     @OA\Parameter(name="from_status", in="query", @OA\Schema(type="integer"), required=true, description="原状态"),
      *     @OA\Parameter(name="to_status", in="query", @OA\Schema(type="integer"), required=true, description="更新状态"),
      *     @OA\Response(
@@ -1726,6 +1725,14 @@ class OrdersController extends CommonController
     public function changeOrderStatus($id)
     {
         try {
+            $manager = $this->guard()->user();
+            if (!$manager->order_status_ability) {
+                return response()->json([
+                    "errorcode" => "4003",
+                    "errormsg" => "权限不足"
+                ]);
+            }
+
             $order = (new Orders())->find($id);
             if (request()->to_status == Orders::STATUS_ONGOING) {
                 $other_ongoing_order = Orders::where("status", Orders::STATUS_ONGOING)->where("customer_id", $order->customer_id)->count();
diff --git a/app/Manager.php b/app/Manager.php
index a321153..e000fd8 100644
--- a/app/Manager.php
+++ b/app/Manager.php
@@ -121,7 +121,7 @@ class Manager extends Authenticatable implements JWTSubject
      * @var array
      */
     protected $fillable = [
-        'type', 'name', 'sex', 'username', 'password', 'openid', 'unionid', 'mobile', 'birthday', 'avatar'
+        'type', 'name', 'sex', 'username', 'password', 'openid', 'unionid', 'mobile', 'birthday', 'avatar', 'order_status_ability'
     ];
 
     /**