diff --git a/src/admin/controllers/shop_puzzle.controller.ts b/src/admin/controllers/shop_puzzle.controller.ts
index ded203f..ef67978 100644
--- a/src/admin/controllers/shop_puzzle.controller.ts
+++ b/src/admin/controllers/shop_puzzle.controller.ts
@@ -4,6 +4,7 @@ import { ShopPuzzle } from '../../models/shop/ShopPuzzle'
 import { ZError } from '../../common/ZError'
 import { AuditTask } from '../../models/AuditTask'
 import { AuditSvr } from '../../services/AuditSvr'
+import { Shop } from '../../models/shop/Shop'
 
 export default class ShopPuzzleController extends BaseController {
   @permission('shoppuzzle:read')
@@ -59,6 +60,23 @@ export default class ShopPuzzleController extends BaseController {
     }
     return record.toJson()
   }
+
+  /**
+   * 更新审核状态
+   */
+  @permission(['shoppuzzle:review'])
+  @router('post /api/:shop/puzzle/review')
+  async review(req: any) {
+    let { id, status } = req.params
+    let record = await ShopPuzzle.findById(id)
+    if (!record) {
+      throw new ZError(11, 'record not found')
+    }
+    record.status = status
+    await record.save()
+    return record.toJson()
+  }
+
   @permission('shoppuzzle:delete')
   @router('post /api/:shop/puzzle/delete')
   async delete(req: any) {