diff --git a/handler/user.go b/handler/user.go
index 3a40bda..407a536 100644
--- a/handler/user.go
+++ b/handler/user.go
@@ -131,11 +131,24 @@ func WatchUserHandler(c *gin.Context) {}
 func UnWatchUserHandler(c *gin.Context) {}
 
 func UpdateUserProfileHandler(c *gin.Context) {
+	userInterface, exists := c.Get(constant.CtxKeyUser)
+	if !exists {
+		c.JSON(http.StatusNotFound, dto.BaseResponse{Message: "用户未登录！"})
+		return
+	}
+	user, _ := userInterface.(*domain.User)
+
 	var request dto.UserProfileDTO
 	if err := c.ShouldBindJSON(&request); err != nil {
 		c.JSON(http.StatusBadRequest, dto.BaseResponse{Message: "参数错误"})
 		return
 	}
+
+	if user.ID != request.UserID {
+		c.JSON(http.StatusForbidden, dto.BaseResponse{Message: "无权更新其他用户信息！"})
+		return
+	}
+
 	err := service.UpdateUserProfileByID(c, &request)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, dto.BaseResponse{Message: "用户信息更新失败。"})
diff --git a/repository/user.go b/repository/user.go
index 708d642..aa9caee 100644
--- a/repository/user.go
+++ b/repository/user.go
@@ -131,7 +131,7 @@ func (q *UserProfileQuery) GetUserProfileCount(ctx context.Context, opts ...DBOp
 }
 
 func (q *UserProfileQuery) UpdateUserProfileByID(ctx context.Context, userProfile *po.UserProfilePO) error {
-	result := q.optionDB(ctx, q.WithUserID(userProfile.UserID)).Save(userProfile).Error
+	result := q.optionDB(ctx, q.WithUserID(userProfile.UserID)).Save(&userProfile).Error
 	return result
 }
 
@@ -223,7 +223,7 @@ func (q *UserQuery) GetUserCount(ctx context.Context, opts ...DBOption) (int64,
 }
 
 func (q *UserQuery) UpdateUserByID(ctx context.Context, user *po.UserPO) error {
-	result := q.optionDB(ctx, q.WithID(int64(user.ID))).Save(user).Error
+	result := q.optionDB(ctx, q.WithID(int64(user.ID))).Save(&user).Error
 	return result
 }