diff --git a/server/apps/supervision/views.py b/server/apps/supervision/views.py
index 0fcc8ba..61d9890 100644
--- a/server/apps/supervision/views.py
+++ b/server/apps/supervision/views.py
@@ -16,7 +16,7 @@ from django.utils import timezone
 from .filters import RecordFilter
 from django.db.models.query import QuerySet
 from django.core.cache import cache
-from apps.system.permission import get_permission_list
+from apps.system.permission import get_permission_list, has_permission
 # Create your views here.
 
 class ContentViewSet(CreateUpdateCustomMixin, ModelViewSet):
@@ -121,11 +121,14 @@ class RecordViewSet(RbacFilterSet, PageOrNot, CreateUpdateCustomMixin, ModelView
 
     @action(methods=['get'], detail=False, perms_map = {'get':'*'})
     def todos(self, request, *args, **kwargs):
-        dept = request.user.belong_dept
+        ret={}
+        dept = request.user.dept
         objs = Record.objects.filter(is_deleted=False, belong_dept=dept)
-        toup = Record.objects.filter(is_deleted=False, belong_dept=dept, state='待上报').count()
-        tozg = Record.objects.filter(is_delete=False,belong_dept=dept,state='待整改').count()
-        return Response({'toup':toup, 'tozg':tozg})
+        ret['toup'] = objs.filter(state='待上报').count()
+        ret['tozg'] = objs.filter(state='待整改').count()
+        if has_permission('record_confirm', request.user):
+            ret['toconfirm'] = Record.objects.filter(is_deleted=False, state='已上报').count()
+        return Response(ret)
 
     def update(self, request, *args, **kwargs):
         instance = self.get_object()
diff --git a/server/apps/system/models.py b/server/apps/system/models.py
index 43db19b..64159e8 100644
--- a/server/apps/system/models.py
+++ b/server/apps/system/models.py
@@ -125,6 +125,7 @@ class User(AbstractUser):
     def __str__(self):
         return self.username
 
+
 class DictType(SoftModel):
     """
     数据字典类型
diff --git a/server/apps/system/permission.py b/server/apps/system/permission.py
index 6e82ca0..8491549 100644
--- a/server/apps/system/permission.py
+++ b/server/apps/system/permission.py
@@ -21,6 +21,20 @@ def get_permission_list(user):
     cache.set(user.username + '__perms', perms_list)
     return perms_list
 
+def has_permission(action, user):
+    """
+    判断有无权限
+    action为操作权限
+    """
+    if user.is_superuser:
+        return True
+    else:
+        perms = cache.get(user.username + '__perms')
+        if not perms:
+            perms = get_permission_list(user)
+        if action in perms:
+            return True
+    return False
 
 class RbacPermission(BasePermission):
     """