diff --git a/app/Http/Controllers/Admin/UserManagerController.php b/app/Http/Controllers/Admin/UserManagerController.php
index 272d98d..a1f6dad 100644
--- a/app/Http/Controllers/Admin/UserManagerController.php
+++ b/app/Http/Controllers/Admin/UserManagerController.php
@@ -73,9 +73,11 @@ class UserManagerController extends Controller
 
         // 如果传了且没超权，直接赋予
         if (isset($validated['user_level'])) {
-            // 不能把别人提权到超过自己的等级
-            if ($validated['user_level'] > $currentUser->user_level && $currentUser->id !== $targetUser->id) {
-                return response()->json(['status' => 'error', 'message' => '您不能将别人提升至超过您的等级！'], 403);
+            if ($currentUser->id !== $targetUser->id) {
+                // 修改别人：只有真正的创始人 (ID=1) 才能修改别人的等级
+                if ($currentUser->id !== 1) {
+                    return response()->json(['status' => 'error', 'message' => '权限越界：只有星系创始人（站长）才能调整其他用户的行政等级！'], 403);
+                }
             }
             $targetUser->user_level = $validated['user_level'];
         }
diff --git a/app/Http/Middleware/SiteOwnerRequired.php b/app/Http/Middleware/SiteOwnerRequired.php
new file mode 100644
index 0000000..cea02b1
--- /dev/null
+++ b/app/Http/Middleware/SiteOwnerRequired.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+class SiteOwnerRequired
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (Auth::id() !== 1) {
+            if ($request->expectsJson()) {
+                return response()->json(['message' => '特权不足，仅限站长操作', 'status' => 'error'], 403);
+            }
+            abort(403, '特权不足，此功能仅限创始人/站长操作。');
+        }
+
+        return $next($request);
+    }
+}
diff --git a/bootstrap/app.php b/bootstrap/app.php
index af4abb8..cf26ab9 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -15,6 +15,7 @@ return Application::configure(basePath: dirname(__DIR__))
         $middleware->alias([
             'chat.auth' => \App\Http\Middleware\ChatAuthenticate::class,
             'chat.level' => \App\Http\Middleware\LevelRequired::class,
+            'chat.site_owner' => \App\Http\Middleware\SiteOwnerRequired::class,
         ]);
 
         // 这一步是为了防止用户访问需要登录的页面时，默认被跳到原版 Laravel 未定义的 login 路由报错
diff --git a/resources/views/admin/layouts/app.blade.php b/resources/views/admin/layouts/app.blade.php
index 04b07bd..1d61713 100644
--- a/resources/views/admin/layouts/app.blade.php
+++ b/resources/views/admin/layouts/app.blade.php
@@ -21,10 +21,12 @@
                 class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.dashboard') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
                 📊 仪表盘
             </a>
-            <a href="{{ route('admin.system.edit') }}"
-                class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.system.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
-                ⚙️ 系统参数参数
-            </a>
+            @if (Auth::id() === 1)
+                <a href="{{ route('admin.system.edit') }}"
+                    class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.system.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
+                    ⚙️ 系统参数参数
+                </a>
+            @endif
             <a href="{{ route('admin.users.index') }}"
                 class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.users.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
                 👥 用户管理
@@ -41,10 +43,12 @@
                 class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.vip.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
                 👑 VIP 会员等级
             </a>
-            <a href="{{ route('admin.ai-providers.index') }}"
-                class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.ai-providers.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
-                🤖 AI 厂商配置
-            </a>
+            @if (Auth::id() === 1)
+                <a href="{{ route('admin.ai-providers.index') }}"
+                    class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.ai-providers.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
+                    🤖 AI 厂商配置
+                </a>
+            @endif
         </nav>
         <div class="p-4 border-t border-white/10">
             <a href="{{ route('rooms.index') }}"
diff --git a/resources/views/admin/users/index.blade.php b/resources/views/admin/users/index.blade.php
index 217c43b..494c8bb 100644
--- a/resources/views/admin/users/index.blade.php
+++ b/resources/views/admin/users/index.blade.php
@@ -123,12 +123,20 @@
                         <div class="grid grid-cols-2 gap-4">
                             {{-- 等级 --}}
                             <div>
-                                <label class="block text-xs font-bold text-gray-600 mb-1">等级
-                                    <span class="text-gray-400 font-normal">(最高 <span x-text="adminLevel"></span>
-                                        级 / 管理员级别)</span></label>
+                                <label class="block text-xs font-bold text-gray-600 mb-1">
+                                    等级
+                                    <span class="text-gray-400 font-normal">
+                                        (最高 <span x-text="adminLevel"></span> 级)
+                                    </span>
+                                </label>
                                 <input type="number" name="user_level" x-model="editingUser.user_level" required
                                     min="0" :max="adminLevel"
-                                    class="w-full border-gray-300 rounded-md shadow-sm focus:ring-indigo-500 focus:border-indigo-500 p-2 border text-sm">
+                                    :readonly="{{ Auth::id() }} !== 1 && editingUser.id !== {{ Auth::id() }}"
+                                    class="w-full border-gray-300 rounded-md shadow-sm focus:ring-indigo-500 focus:border-indigo-500 p-2 border text-sm"
+                                    :class="{ 'bg-gray-100 cursor-not-allowed': {{ Auth::id() }} !== 1 && editingUser.id !==
+                                            {{ Auth::id() }} }"
+                                    :title="{{ Auth::id() }} !== 1 && editingUser.id !== {{ Auth::id() }} ?
+                                        '仅系统创始人可修改他人等级' : ''">
                             </div>
                             {{-- 经验 --}}
                             <div>
diff --git a/routes/web.php b/routes/web.php
index c3bd44c..337359f 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -106,8 +106,10 @@ Route::middleware(['chat.auth', 'chat.level:super'])->prefix('admin')->name('adm
     Route::get('/', [\App\Http\Controllers\Admin\DashboardController::class, 'index'])->name('dashboard');
 
     // 系统参数配置 (替代 VIEWSYS.ASP / SetSYS.ASP)
-    Route::get('/system', [\App\Http\Controllers\Admin\SystemController::class, 'edit'])->name('system.edit');
-    Route::put('/system', [\App\Http\Controllers\Admin\SystemController::class, 'update'])->name('system.update');
+    Route::middleware(['chat.site_owner'])->group(function () {
+        Route::get('/system', [\App\Http\Controllers\Admin\SystemController::class, 'edit'])->name('system.edit');
+        Route::put('/system', [\App\Http\Controllers\Admin\SystemController::class, 'update'])->name('system.update');
+    });
 
     // 用户大盘管理 (替代 gl/ 目录下的各种用户管理功能)
     Route::get('/users', [\App\Http\Controllers\Admin\UserManagerController::class, 'index'])->name('users.index');
@@ -133,11 +135,13 @@ Route::middleware(['chat.auth', 'chat.level:super'])->prefix('admin')->name('adm
     Route::delete('/vip/{id}', [\App\Http\Controllers\Admin\VipController::class, 'destroy'])->name('vip.destroy');
 
     // AI 厂商配置管理
-    Route::get('/ai-providers', [\App\Http\Controllers\Admin\AiProviderController::class, 'index'])->name('ai-providers.index');
-    Route::post('/ai-providers', [\App\Http\Controllers\Admin\AiProviderController::class, 'store'])->name('ai-providers.store');
-    Route::put('/ai-providers/{id}', [\App\Http\Controllers\Admin\AiProviderController::class, 'update'])->name('ai-providers.update');
-    Route::post('/ai-providers/{id}/toggle', [\App\Http\Controllers\Admin\AiProviderController::class, 'toggleEnabled'])->name('ai-providers.toggle');
-    Route::post('/ai-providers/{id}/default', [\App\Http\Controllers\Admin\AiProviderController::class, 'setDefault'])->name('ai-providers.default');
-    Route::post('/ai-providers/toggle-chatbot', [\App\Http\Controllers\Admin\AiProviderController::class, 'toggleChatBot'])->name('ai-providers.toggle-chatbot');
-    Route::delete('/ai-providers/{id}', [\App\Http\Controllers\Admin\AiProviderController::class, 'destroy'])->name('ai-providers.destroy');
+    Route::middleware(['chat.site_owner'])->group(function () {
+        Route::get('/ai-providers', [\App\Http\Controllers\Admin\AiProviderController::class, 'index'])->name('ai-providers.index');
+        Route::post('/ai-providers', [\App\Http\Controllers\Admin\AiProviderController::class, 'store'])->name('ai-providers.store');
+        Route::put('/ai-providers/{id}', [\App\Http\Controllers\Admin\AiProviderController::class, 'update'])->name('ai-providers.update');
+        Route::post('/ai-providers/{id}/toggle', [\App\Http\Controllers\Admin\AiProviderController::class, 'toggleEnabled'])->name('ai-providers.toggle');
+        Route::post('/ai-providers/{id}/default', [\App\Http\Controllers\Admin\AiProviderController::class, 'setDefault'])->name('ai-providers.default');
+        Route::post('/ai-providers/toggle-chatbot', [\App\Http\Controllers\Admin\AiProviderController::class, 'toggleChatBot'])->name('ai-providers.toggle-chatbot');
+        Route::delete('/ai-providers/{id}', [\App\Http\Controllers\Admin\AiProviderController::class, 'destroy'])->name('ai-providers.destroy');
+    });
 });