diff --git a/crates/erp-auth/src/middleware/jwt_auth.rs b/crates/erp-auth/src/middleware/jwt_auth.rs
index ddd07cd..613e793 100644
--- a/crates/erp-auth/src/middleware/jwt_auth.rs
+++ b/crates/erp-auth/src/middleware/jwt_auth.rs
@@ -47,6 +47,8 @@ pub async fn jwt_auth_middleware_fn(
         return Err(AppError::Unauthorized);
     }
 
+    // TODO: 待 user_positions 关联表建立后，从数据库查询用户所属部门 ID 列表
+    // 当前阶段 department_ids 为空列表，行级数据权限默认为 all
     let ctx = TenantContext {
         tenant_id: claims.tid,
         user_id: claims.sub,