diff --git a/app/api/endpoints/user.py b/app/api/endpoints/user.py
index c03080c..4879738 100644
--- a/app/api/endpoints/user.py
+++ b/app/api/endpoints/user.py
@@ -21,6 +21,7 @@ from sqlalchemy import text
 from app.models.community import CommunityDB
 from app.models.user_auth import UserAuthDB, UserAuthCreate, UserAuthInfo
 from app.core.qcloud import qcloud_manager
+from app.models.merchant import MerchantDB
 
 router = APIRouter()
 
@@ -258,7 +259,7 @@ async def password_login(
 ):
     """密码登录"""
     user = db.query(UserDB).filter(UserDB.phone == login_data.phone).first()
-    
+
     if not user:
         return error_response(code=401, message="用户不存在")
     
@@ -267,6 +268,18 @@ async def password_login(
     
     if not verify_password(login_data.password, user.password):
         return error_response(code=401, message="密码错误")
+
+    if user.roles not in [UserRole.DELIVERYMAN, UserRole.MERCHANT]:
+        return error_response(code=401, message="只有配送员和商家可以登录")
+    
+    if user.roles == UserRole.MERCHANT:
+        # 检查是否有商家设置了当前用户 id
+        merchant = db.query(MerchantDB).filter(MerchantDB.user_id == user.userid).first()
+        if not merchant:
+            return error_response(code=401, message="商家账户，请先关联商家")
+    
+    if user.roles == UserRole.DELIVERYMAN and not user.community_id:
+        return error_response(code=401, message="配送员账户，请先设置归属小区")
     
     # 生成访问令牌
     access_token = create_access_token(data={"phone": user.phone,"userid":user.userid})