diff --git a/FlyCube/MpApi/Controller/AdminController.class.php b/FlyCube/MpApi/Controller/AdminController.class.php
index b211fa1..6910b97 100644
--- a/FlyCube/MpApi/Controller/AdminController.class.php
+++ b/FlyCube/MpApi/Controller/AdminController.class.php
@@ -162,14 +162,21 @@ class AdminController extends PublicController
 				}
 				$data['photo'] = json_encode(array($_REQUEST['upFile'])); //序列化储存
 			}
+
 			//data数据
 			$data['name'] = $_REQUEST['name'];
 			$data['uname'] = $_REQUEST['uname'];
 			$data['pwd'] = MD5(MD5($_REQUEST['pwd']));
 			$data['shop_id'] = $_REQUEST['shop_id'];
 			$data['addtime'] = time();
-			$data['role'] = $_REQUEST['role'];
-
+			if (isset($_REQUEST['role'])) {
+				$validRoles = [5, 6]; //5:商家管理员 6:商家编辑
+				if (!in_array($_REQUEST['role'], $validRoles)) {
+					echo json_encode(array('status' => 0, 'msg' => '无效的角色'));
+					exit;
+				}
+				$data['role'] = $_REQUEST['role'];
+			}
 			//录入数据库
 			$adminDb = D('adminuser');
 			if ($adminDb->data($data)->add()) {
@@ -210,6 +217,15 @@ class AdminController extends PublicController
 				}
 				$data['photo'] = json_encode(array($_REQUEST['upFile'])); //序列化储存
 			}
+			//如果有角色变更
+			if (isset($_REQUEST['role'])) {
+				$validRoles = [5, 6]; //5:商家管理员 6:商家编辑
+				if (!in_array($_REQUEST['role'], $validRoles)) {
+					echo json_encode(array('status' => 0, 'msg' => '无效的角色'));
+					exit;
+				}
+				$data['role'] = $_REQUEST['role'];
+			}
 			//where条件
 			$where['id'] = $_REQUEST['id'];
 			$where['shop_id'] = $_REQUEST['shop_id'];