diff --git a/app/Controller/Test/CompositeController.php b/app/Controller/Test/CompositeController.php
index 6a73851..c64246f 100644
--- a/app/Controller/Test/CompositeController.php
+++ b/app/Controller/Test/CompositeController.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Controller\Test;
 
 use App\Service\Test\Composite\FileService;
+use App\Service\Test\Composite\PermissionService;
 use Hyperf\HttpServer\Annotation\Controller;
 use Hyperf\HttpServer\Annotation\RequestMapping;
 use Hyperf\HttpServer\Contract\RequestInterface;
@@ -14,11 +15,20 @@ use Hyperf\HttpServer\Contract\ResponseInterface;
 class CompositeController
 {
     /**
-     * @return array|null
+     * @return array
      */
     #[RequestMapping(path: 'file', methods: 'GET')]
-    public function file()
+    public function file(): array
     {
         return (new FileService)->handle();
     }
+
+    /**
+     * @return array
+     */
+    #[RequestMapping(path: 'permission', methods: 'GET')]
+    public function permission(): array
+    {
+        return (new PermissionService)->handle();
+    }
 }
diff --git a/app/Interface/Test/Composite/PermissionComponentInterface.php b/app/Interface/Test/Composite/PermissionComponentInterface.php
new file mode 100644
index 0000000..ed2afbf
--- /dev/null
+++ b/app/Interface/Test/Composite/PermissionComponentInterface.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Interface\Test\Composite;
+
+interface PermissionComponentInterface
+{
+    /**
+     * @param string $permission
+     * @return bool
+     */
+    public function check(string $permission): bool;
+
+    /**
+     * @return string
+     */
+    public function getName(): string;
+}
\ No newline at end of file
diff --git a/app/Service/Test/Composite/Permission/BasicPermissionService.php b/app/Service/Test/Composite/Permission/BasicPermissionService.php
new file mode 100644
index 0000000..d1543fc
--- /dev/null
+++ b/app/Service/Test/Composite/Permission/BasicPermissionService.php
@@ -0,0 +1,39 @@
+<?php
+/**
+ * This service file is part of item.
+ *
+ * @author   ctexthuang
+ * @contact  ctexthuang@qq.com
+ * @web_site  https://ctexthuang.com
+ */
+
+declare(strict_types=1);
+
+namespace App\Service\Test\Composite\Permission;
+
+use App\Interface\Test\Composite\PermissionComponentInterface;
+
+class BasicPermissionService
+{
+    /**
+     * @var PermissionComponentInterface
+     */
+    private PermissionComponentInterface $rootPermissionComponent;
+
+    /**
+     * @param PermissionComponentInterface $rootPermissionComponent
+     */
+    public function __construct(PermissionComponentInterface $rootPermissionComponent)
+    {
+        $this->rootPermissionComponent = $rootPermissionComponent;
+    }
+
+    /**
+     * @param string $permission
+     * @return bool
+     */
+    public function hasPermission(string $permission): bool
+    {
+        return $this->rootPermissionComponent->check($permission);
+    }
+}
\ No newline at end of file
diff --git a/app/Service/Test/Composite/Permission/GroupPermission.php b/app/Service/Test/Composite/Permission/GroupPermission.php
new file mode 100644
index 0000000..caaa1a1
--- /dev/null
+++ b/app/Service/Test/Composite/Permission/GroupPermission.php
@@ -0,0 +1,77 @@
+<?php
+/**
+ * This service file is part of item.
+ *
+ * @author   ctexthuang
+ * @contact  ctexthuang@qq.com
+ * @web_site  https://ctexthuang.com
+ */
+
+declare(strict_types=1);
+
+namespace App\Service\Test\Composite\Permission;
+
+use App\Interface\Test\Composite\PermissionComponentInterface;
+
+class GroupPermission implements PermissionComponentInterface
+{
+    /**
+     * @var string
+     */
+    private string $name;
+
+    /**
+     * @var array
+     */
+    private array $children = [];
+
+    /**
+     * 构造函数
+     * @param string $name
+     */
+    public function __construct(string $name)
+    {
+        $this->name = $name;
+    }
+
+    /**
+     * @param string $permission
+     * @return bool
+     */
+    public function check(string $permission): bool
+    {
+        foreach ($this->children as $child) {
+            if ($child->check($permission)) return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->name;
+    }
+
+    /**
+     * @param PermissionComponentInterface $component
+     * @return void
+     */
+    public function add(PermissionComponentInterface $component): void
+    {
+        $this->children[] = $component;
+    }
+
+    /**
+     * @param PermissionComponentInterface $component
+     * @return void
+     */
+    public function remove(PermissionComponentInterface $component): void
+    {
+        $this->children = array_filter($this->children, function ($c) use ($component) {
+            return $c === $component;
+        });
+    }
+}
\ No newline at end of file
diff --git a/app/Service/Test/Composite/Permission/SimplePermission.php b/app/Service/Test/Composite/Permission/SimplePermission.php
new file mode 100644
index 0000000..6685568
--- /dev/null
+++ b/app/Service/Test/Composite/Permission/SimplePermission.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * This service file is part of item.
+ *
+ * @author   ctexthuang
+ * @contact  ctexthuang@qq.com
+ * @web_site  https://ctexthuang.com
+ */
+
+declare(strict_types=1);
+
+namespace App\Service\Test\Composite\Permission;
+
+use App\Interface\Test\Composite\PermissionComponentInterface;
+
+/**
+ * 权限叶子节点
+ */
+class SimplePermission implements PermissionComponentInterface
+{
+    /**
+     * @var string
+     */
+    private string $name;
+
+    /**
+     * 构造函数
+     * @param string $name
+     */
+    public function __construct(string $name)
+    {
+        $this->name = $name;
+    }
+
+    /**
+     * @param string $permission
+     * @return bool
+     */
+    public function check(string $permission): bool
+    {
+        return $this->name === $permission;
+    }
+
+    /**
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->name;
+    }
+}
\ No newline at end of file
diff --git a/app/Service/Test/Composite/PermissionService.php b/app/Service/Test/Composite/PermissionService.php
new file mode 100644
index 0000000..12c6a2a
--- /dev/null
+++ b/app/Service/Test/Composite/PermissionService.php
@@ -0,0 +1,77 @@
+<?php
+/**
+ * This service file is part of item.
+ *
+ * @author   ctexthuang
+ * @contact  ctexthuang@qq.com
+ * @web_site  https://ctexthuang.com
+ */
+
+declare(strict_types=1);
+
+namespace App\Service\Test\Composite;
+
+use App\Service\Test\TestBaseService;
+
+class PermissionService extends TestBaseService
+{
+    /**
+     * @return array
+     */
+    public function handle(): array
+    {
+        return $this->return->success();
+    }
+
+    /**
+     * todo permission
+     * function createPermissionTree(): PermissionComponent {
+     * $root = new PermissionGroup("Root");
+     *
+     * $adminGroup = new PermissionGroup("Admin");
+     * $adminGroup->add(new SimplePermission("user.create"));
+     * $adminGroup->add(new SimplePermission("user.delete"));
+     *
+     * $editorGroup = new PermissionGroup("Editor");
+     * $editorGroup->add(new SimplePermission("content.create"));
+     * $editorGroup->add(new SimplePermission("content.edit"));
+     *
+     * $viewerGroup = new PermissionGroup("Viewer");
+     * $viewerGroup->add(new SimplePermission("content.view"));
+     *
+     * $root->add($adminGroup);
+     * $root->add($editorGroup);
+     * $root->add($viewerGroup);
+     *
+     * return $root;
+     * }
+     * // 配置依赖
+     * // config/autoload/dependencies.php
+     * return [
+     * PermissionService::class => function () {
+     * $permissionTree = createPermissionTree();
+     * return new PermissionService($permissionTree);
+     * },
+     * ];
+     * // 在中间件中使用
+     * class PermissionMiddleware implements MiddlewareInterface
+     * {
+     * /**
+     * Inject
+     * var PermissionService
+     * /
+     * private $permissionService;
+     *
+     * public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+     * {
+     * $permission = $request->getAttribute('permission');
+     *
+     * if (!$this->permissionService->hasPermission($permission)) {
+     * throw new HttpException(403, 'Forbidden');
+     * }
+     *
+     * return $handler->handle($request);
+     * }
+     * }
+     */
+}
\ No newline at end of file