diff --git a/app/Http/Controllers/Admin/ModuleController.php b/app/Http/Controllers/Admin/ModuleController.php
index 28c5a99..963e3d9 100644
--- a/app/Http/Controllers/Admin/ModuleController.php
+++ b/app/Http/Controllers/Admin/ModuleController.php
@@ -5,6 +5,7 @@
 use App\Http\Controllers\Controller;
 use App\Models\Host;
 use App\Models\Module;
+use App\Models\ModuleAllow;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
@@ -158,4 +159,32 @@ private function rules(): array
         ];
     }
 
+    public function allows(Module $module)
+    {
+        $allows = ModuleAllow::where('module_id', $module->id)->with('allowed_module')->paginate(50);
+
+        return view('admin.modules.allows', compact('module', 'allows'));
+    }
+
+    public function allows_store(Request $request, Module $module)
+    {
+        $request->validate([
+            'allowed_module_id' => 'required|string|max:255|exists:modules,id',
+        ]);
+
+        ModuleAllow::where('module_id', $module->id)->where('allowed_module_id', $request->allow_module_id)->firstOrCreate([
+            'module_id' => $module->id,
+            'allowed_module_id' => $request->get('allowed_module_id'),
+        ]);
+
+        return back()->with('success', '已信任该模块。');
+    }
+
+    public function allows_destroy(Module $module, ModuleAllow $allow)
+    {
+        $allow->delete();
+
+        return redirect()->route('admin.modules.allows', $module)->with('success', '取消信任完成。');
+    }
+
 }
diff --git a/app/Http/Controllers/Application/MqttAuthController.php b/app/Http/Controllers/Application/MqttAuthController.php
index da9fcee..4db0de3 100644
--- a/app/Http/Controllers/Application/MqttAuthController.php
+++ b/app/Http/Controllers/Application/MqttAuthController.php
@@ -4,6 +4,7 @@
 
 use App\Http\Controllers\Controller;
 use App\Models\Module;
+use App\Models\ModuleAllow;
 use Illuminate\Http\Request;
 
 class MqttAuthController extends Controller
@@ -98,8 +99,12 @@ public function authorization(Request $request)
         // 设备只能在自己的模块下发布消息
         if ($action == 'publish') {
             if ($topics[0] !== $module_id) {
-                // Log::debug('设备只能在自己的模块下发布消息');
-                return $this->deny();
+                // 但是，在拒绝之前，应该检查一下，是否有允许的模块
+                $allow = ModuleAllow::where('module_id', $topics[0])->where('allowed_module_id', $module_id)->exists();
+
+                if (!$allow) {
+                    return $this->deny();
+                }
             }
         }
 
diff --git a/app/Models/ModuleAllow.php b/app/Models/ModuleAllow.php
new file mode 100644
index 0000000..db4d599
--- /dev/null
+++ b/app/Models/ModuleAllow.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+
+class ModuleAllow extends Model
+{
+    use HasFactory;
+
+    protected $fillable = [
+        'module_id',
+        'allowed_module_id',
+    ];
+
+    public function module(): BelongsTo
+    {
+        return $this->belongsTo(Module::class);
+    }
+
+    public function allowed_module(): BelongsTo
+    {
+        return $this->belongsTo(Module::class, 'allowed_module_id');
+    }
+}
diff --git a/database/migrations/2022_12_03_130419_create_module_allows_table.php b/database/migrations/2022_12_03_130419_create_module_allows_table.php
new file mode 100644
index 0000000..b7eef7d
--- /dev/null
+++ b/database/migrations/2022_12_03_130419_create_module_allows_table.php
@@ -0,0 +1,40 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('module_allows', function (Blueprint $table) {
+            $table->id();
+
+            $table->string('module_id')->index();
+            $table->foreign('module_id')->references('id')->on('modules')->cascadeOnDelete()->cascadeOnUpdate();
+
+
+            $table->string('allowed_module_id')->index();
+            $table->foreign('allowed_module_id')->references('id')->on('modules')->cascadeOnDelete()->cascadeOnUpdate();
+
+
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('module_allows');
+    }
+};
diff --git a/database/migrations/2022_12_03_133136_add_cascade_update_to_workorders_table.php b/database/migrations/2022_12_03_133136_add_cascade_update_to_workorders_table.php
new file mode 100644
index 0000000..8e280d3
--- /dev/null
+++ b/database/migrations/2022_12_03_133136_add_cascade_update_to_workorders_table.php
@@ -0,0 +1,38 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('work_orders', function (Blueprint $table) {
+            //
+
+            // 删除外键
+            $table->dropForeign('work_orders_module_id_foreign');
+
+            $table->foreign('module_id')->references('id')->on('modules')->cascadeOnDelete()->cascadeOnUpdate();
+
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('workorders', function (Blueprint $table) {
+            //
+        });
+    }
+};
diff --git a/resources/views/admin/modules/allows.blade.php b/resources/views/admin/modules/allows.blade.php
new file mode 100644
index 0000000..652d440
--- /dev/null
+++ b/resources/views/admin/modules/allows.blade.php
@@ -0,0 +1,55 @@
+@extends('layouts.admin')
+
+@section('title', '模块订阅授权')
+
+@section('content')
+    <h3>授权</h3>
+    <p>允许多个模块之间互相发布消息。</p>
+    <a href="{{ route('admin.modules.show', $module) }}">查看</a>
+    <a href="{{ route('admin.modules.edit', $module) }}">编辑</a>
+
+    <div class="overflow-auto mt-3">
+        <table class="table table-hover">
+            <thead>
+            <th>模块 ID</th>
+            <th>显示名称</th>
+            <th>操作</th>
+            </thead>
+
+            <tbody>
+            @foreach ($allows as $allow)
+                <tr>
+                    <td>
+                        {{ $allow->allowed_module_id }}
+                    </td>
+
+                    <td>
+                        {{ $allow->allowed_module->name }}
+                    </td>
+                    <td>
+                        <form method="POST" action="{{ route('admin.modules.allows.destroy', [$module, $allow]) }}">
+                            @method('delete')
+                            @csrf
+                            <button type="submit" class="btn btn-danger btn-sm">删除</button>
+                        </form>
+                    </td>
+                </tr>
+            @endforeach
+            </tbody>
+        </table>
+    </div>
+
+    <form action="{{ route('admin.modules.allows.store', $module) }}" method="POST">
+        @csrf
+
+        <div class="form-group">
+            <label for="allowed_module_id">另一个 模块</label>
+            <input type="text" class="form-control" id="allowed_module_id" name="allowed_module_id"/>
+        </div>
+
+
+        <div class="form-group mt-3">
+            <button type="submit" class="btn btn-primary">提交</button>
+        </div>
+    </form>
+@endsection
diff --git a/resources/views/admin/modules/edit.blade.php b/resources/views/admin/modules/edit.blade.php
index 8b7af54..0fb25c9 100644
--- a/resources/views/admin/modules/edit.blade.php
+++ b/resources/views/admin/modules/edit.blade.php
@@ -5,6 +5,7 @@
 @section('content')
 <h3>{{ $module->name }}</h3>
 <a class="mt-3" href="{{ route('admin.modules.show', $module) }}">查看</a>
+<a class="mt-3" href="{{ route('admin.modules.allows', $module) }}">MQTT 授权</a>
 
 <form method="POST" action="{{ route('admin.modules.update', $module)}}">
     @csrf
diff --git a/resources/views/admin/modules/index.blade.php b/resources/views/admin/modules/index.blade.php
index 2ed198f..71bcac8 100644
--- a/resources/views/admin/modules/index.blade.php
+++ b/resources/views/admin/modules/index.blade.php
@@ -28,6 +28,7 @@
                     <td>
                         <a href="{{ route('admin.modules.show', $module) }}" class="btn btn-primary btn-sm">查看</a>
                         <a href="{{ route('admin.modules.edit', $module) }}" class="btn btn-primary btn-sm">编辑</a>
+                        <a href="{{ route('admin.modules.allows', $module) }}" class="btn btn-primary btn-sm">MQTT 授权</a>
                     </td>
                 </tr>
             @endforeach
diff --git a/resources/views/admin/modules/show.blade.php b/resources/views/admin/modules/show.blade.php
index 0c2acee..40a3e59 100644
--- a/resources/views/admin/modules/show.blade.php
+++ b/resources/views/admin/modules/show.blade.php
@@ -6,6 +6,7 @@
 <h3>{{ $module->name }}</h3>
 <p>状态: {{ $module->status }}</p>
 <a class="mt-3" href="{{ route('admin.modules.edit', $module) }}">编辑</a>
+<a class="mt-3" href="{{ route('admin.modules.allows', $module) }}">MQTT 授权</a>
 <h4 class="mt-2">收益</h4>
 <div>
     <x-module-earning :module="$module" />
diff --git a/routes/admin.php b/routes/admin.php
index faf1497..c3a1359 100644
--- a/routes/admin.php
+++ b/routes/admin.php
@@ -24,8 +24,15 @@
     'middleware' => 'auth:admin',
 ], function () {
     Route::resource('admins', AdminController::class)->except('show');
+
     Route::resource('users', UserController::class)->only(['index', 'show', 'edit', 'update']);
+
     Route::resource('modules', ModuleController::class);
+
+    Route::get('modules/{module}/allows', [ModuleController::class, 'allows'])->name('modules.allows');
+    Route::post('modules/{module}/allows', [ModuleController::class, 'allows_store'])->name('modules.allows.store');
+    Route::delete('modules/{module}/allows/{allow}', [ModuleController::class, 'allows_destroy'])->name('modules.allows.destroy');
+
     Route::resource('applications', ApplicationController::class);
     Route::resource('hosts', HostController::class)->only(['index', 'edit', 'update', 'destroy']);
     Route::resource('work-orders', WorkOrderController::class)->only(['index', 'show', 'edit', 'update', 'destroy']);