diff --git a/src/controllers/07-task-controller.ts b/src/controllers/07-task-controller.ts
index e0fdbf3..ad88eb6 100644
--- a/src/controllers/07-task-controller.ts
+++ b/src/controllers/07-task-controller.ts
@@ -374,20 +374,23 @@ export class TaskActionController extends Controller {
 
     if (!record) throw notFoundError("Task Order");
 
-    return await prisma.$transaction(async (tx) => {
-      await tx.taskOrder.update({
+    return await prisma.$transaction([
+      prisma.taskOrder.update({
         where: { id: taskId },
         data: {
           taskOrderStatus: TaskOrderStatus.InProgress,
-          taskList: {
-            updateMany: {
-              where: { taskOrderId: taskId },
-              data: { taskStatus: TaskStatus.InProgress },
-            },
-          },
         },
-      });
-      await tx.requestData.updateMany({
+      }),
+      prisma.task.updateMany({
+        where: {
+          taskOrderId: taskId,
+          requestWorkStep: { responsibleUserId: req.user.sub },
+        },
+        data: {
+          taskStatus: TaskStatus.InProgress,
+        },
+      }),
+      prisma.requestData.updateMany({
         where: {
           requestWork: {
             some: {
@@ -398,13 +401,34 @@ export class TaskActionController extends Controller {
           },
         },
         data: { requestDataStatus: RequestDataStatus.InProgress },
-      });
-    });
+      }),
+    ]);
   }
 
   @Post("submit")
   @Security("keycloak")
-  async submitTaskOrder(@Request() req: RequestWithUser, @Path() taskId: string) {}
+  async submitTaskOrder(
+    @Request() req: RequestWithUser,
+    @Path() taskId: string,
+    @Query() submitUserId?: string, // for explicit
+  ) {
+    submitUserId = submitUserId ?? req.user.sub;
+
+    const record = await prisma.taskOrder.findFirst({ where: { id: taskId } });
+
+    if (!record) throw notFoundError("Task Order");
+
+    await prisma.task.updateMany({
+      where: {
+        taskOrderId: taskId,
+        taskStatus: TaskStatus.Success,
+        requestWorkStep: { responsibleUserId: submitUserId },
+      },
+      data: {
+        taskStatus: TaskStatus.Validate,
+      },
+    });
+  }
 
   @Post("complete")
   @Security("keycloak")
@@ -422,6 +446,7 @@ export class TaskOrderAttachmentController extends Controller {
     if (!data) throw notFoundError("Task Order");
     await permissionCheck(user, data.registeredBranch);
   }
+
   @Get("attachment")
   @Security("keycloak")
   async listAttachment(@Request() req: RequestWithUser, @Path() taskId: string) {