diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 0153684..1967ba0 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,7 +4,9 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Support jwks.json according OIDC stranded">
+    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix get user grpc method didn't extend group's permission">
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/grpc/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/grpc/auth.go" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/pkg/internal/grpc/user.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/grpc/user.go" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
@@ -158,7 +160,6 @@
   </component>
   <component name="VcsManagerConfiguration">
     <option name="CHECK_CODE_SMELLS_BEFORE_PROJECT_COMMIT" value="false" />
-    <MESSAGE value=":recycle: Move models.Account to sec.UserInfo" />
     <MESSAGE value=":bug: Fix check perm panic" />
     <MESSAGE value=":bug: Refresh token bug" />
     <MESSAGE value=":truck: Auth kit and parser of nexus userinfo token" />
@@ -183,7 +184,8 @@
     <MESSAGE value=":bug: Fix notifiable is empty when user do not set" />
     <MESSAGE value=":bug: Fix notification push batch emitted twice" />
     <MESSAGE value=":sparkles: Support jwks.json according OIDC stranded" />
-    <option name="LAST_COMMIT_MESSAGE" value=":sparkles: Support jwks.json according OIDC stranded" />
+    <MESSAGE value=":bug: Fix get user grpc method didn't extend group's permission" />
+    <option name="LAST_COMMIT_MESSAGE" value=":bug: Fix get user grpc method didn't extend group's permission" />
     <option name="GROUP_MULTIFILE_MERGE_BY_DIRECTORY" value="true" />
   </component>
   <component name="VgoProject">
diff --git a/pkg/internal/grpc/auth.go b/pkg/internal/grpc/auth.go
index df04636..853908b 100644
--- a/pkg/internal/grpc/auth.go
+++ b/pkg/internal/grpc/auth.go
@@ -19,6 +19,7 @@ func (v *App) Authenticate(_ context.Context, in *proto.AuthRequest) (*proto.Aut
 		}, nil
 	} else {
 		user := ticket.Account
+		user.PermNodes = perms
 		userinfo := &proto.UserInfo{
 			Id:        uint64(user.ID),
 			Name:      user.Name,
diff --git a/pkg/internal/grpc/user.go b/pkg/internal/grpc/user.go
index 86f0d6f..318639e 100644
--- a/pkg/internal/grpc/user.go
+++ b/pkg/internal/grpc/user.go
@@ -6,7 +6,6 @@ import (
 	"git.solsynth.dev/hypernet/nexus/pkg/proto"
 	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
 	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
-	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
 	"github.com/samber/lo"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -25,20 +24,6 @@ func (v *App) GetUser(ctx context.Context, request *proto.GetUserRequest) (*prot
 	if err := tx.First(&account).Error; err != nil {
 		return nil, status.Errorf(codes.NotFound, fmt.Sprintf("requested user with id %d was not found", request.GetUserId()))
 	}
-
-	groups, err := services.GetUserAccountGroup(account)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("unable to get user %d groups: %v", request.GetUserId(), err))
-	}
-
-	for _, group := range groups {
-		for k, v := range group.PermNodes {
-			if _, ok := account.PermNodes[k]; !ok {
-				account.PermNodes[k] = v
-			}
-		}
-	}
-
 	return account.EncodeToUserInfo(), nil
 }