diff --git a/src/controllers/PermissionOrgController.ts b/src/controllers/PermissionOrgController.ts
index 12fcc815..a1fb62c5 100644
--- a/src/controllers/PermissionOrgController.ts
+++ b/src/controllers/PermissionOrgController.ts
@@ -24,7 +24,7 @@ import { Profile } from "../entities/Profile";
 import HttpStatus from "../interfaces/http-status";
 import { PosMaster } from "../entities/PosMaster";
 import { setLogDataDiff } from "../interfaces/utils";
-import { Brackets } from "typeorm";
+import { Brackets, In } from "typeorm";
 
 @Route("api/v1/org/permission-org")
 @Tags("PermissionOrg")
@@ -474,7 +474,7 @@ export class PermissionOrgController extends Controller {
   @Post()
   async Post(
     @Request() request: RequestWithUser,
-    @Body() requestBody: { nodeId: string; personId: string },
+    @Body() requestBody: { nodeId: string; personId: string[] },
   ) {
     // if (!request.user.role.includes("SUPER_ADMIN")) {
     //   throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์ใช้งานระบบนี้");
@@ -485,17 +485,17 @@ export class PermissionOrgController extends Controller {
     if (!orgRoot) {
       throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลสำนัก");
     }
-    const profile = await this.profileRepository.findOne({
-      where: { id: requestBody.personId },
+    const profile = await this.profileRepository.find({
+      where: { id: In(requestBody.personId) },
     });
-    if (!profile) {
+    if (profile.length == 0) {
       throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลทะเบียนประวัติ");
     }
 
     const checkDup = await this.permissionOrgRepository.findOne({
       where: {
         orgRootTree: { id: requestBody.nodeId },
-        profileTree: { id: requestBody.personId },
+        profileTree: { id: In(requestBody.personId) },
       },
     });
 
@@ -503,15 +503,28 @@ export class PermissionOrgController extends Controller {
       throw new HttpError(HttpStatusCode.NOT_FOUND, "มีสิทธิ์นี้อยู่ในระบบแล้ว");
     }
     const before = null;
-    const _permissionOrg = new PermissionOrg();
-    _permissionOrg.orgRootTree = orgRoot;
-    _permissionOrg.profileTree = profile;
-    _permissionOrg.createdUserId = request.user.sub;
-    _permissionOrg.createdFullName = request.user.name;
-    _permissionOrg.lastUpdateUserId = request.user.sub;
-    _permissionOrg.lastUpdateFullName = request.user.name;
-    _permissionOrg.createdAt = new Date();
-    _permissionOrg.lastUpdatedAt = new Date();
+    // const _permissionOrg = new PermissionOrg();
+    // _permissionOrg.orgRootTree = orgRoot;
+    // _permissionOrg.profileTree = profile;
+    // _permissionOrg.createdUserId = request.user.sub;
+    // _permissionOrg.createdFullName = request.user.name;
+    // _permissionOrg.lastUpdateUserId = request.user.sub;
+    // _permissionOrg.lastUpdateFullName = request.user.name;
+    // _permissionOrg.createdAt = new Date();
+    // _permissionOrg.lastUpdatedAt = new Date();
+    const _permissionOrg = profile.map((profile) => {
+      const permission = new PermissionOrg();
+      permission.orgRootId = requestBody.nodeId;
+      permission.profileId = profile.id;
+      permission.createdUserId = request.user.sub;
+      permission.createdFullName = request.user.name;
+      permission.lastUpdateUserId = request.user.sub;
+      permission.lastUpdateFullName = request.user.name;
+      permission.createdAt = new Date();
+      permission.lastUpdatedAt = new Date();
+      return permission;
+    });
+    
     await this.permissionOrgRepository.save(_permissionOrg, { data: request });
     setLogDataDiff(request, { before, after: _permissionOrg });
     return new HttpSuccess();