diff --git a/app/Filament/Resources/User/UserResource.php b/app/Filament/Resources/User/UserResource.php
index a6138782..81a39fc7 100644
--- a/app/Filament/Resources/User/UserResource.php
+++ b/app/Filament/Resources/User/UserResource.php
@@ -51,7 +51,7 @@ class UserResource extends Resource
                 Forms\Components\TextInput::make('password')->password()->required()->visibleOn(Pages\CreateUser::class),
                 Forms\Components\TextInput::make('password_confirmation')->password()->required()->same('password')->visibleOn(Pages\CreateUser::class),
                 Forms\Components\TextInput::make('id')->integer(),
-                Forms\Components\Select::make('class')->options(array_column(User::$classes, 'text')),
+                Forms\Components\Select::make('class')->options(User::listClass(User::CLASS_PEASANT, Auth::user()->class - 1)),
             ]);
     }
 
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index 1fb28ac1..28ebbf60 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -103,7 +103,16 @@ class UserRepository extends BaseRepository
         if (mb_strlen($password) < 6 || mb_strlen($password) > 40) {
             throw new \InvalidArgumentException("Invalid password: $password, it should be more than 6 character and less than 40 character");
         }
-        $class = !empty($params['class']) ? intval($params['class']) : User::CLASS_USER;
+        if (!empty($params['class'])) {
+            $class =intval($params['class']);
+            $authUser = Auth::user();
+            if ($authUser && $class >= $authUser->class) {
+                throw new InsufficientPermissionException('No permission');
+            }
+        } else {
+            $class = User::CLASS_USER;
+        }
+
         if (!isset(User::$classes[$class])) {
             throw new \InvalidArgumentException("Invalid user class: $class");
         }
diff --git a/include/constants.php b/include/constants.php
index fe75db17..1fbcd1a1 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
-defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.6');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-08-18');
+defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.7');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-08-22');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");