diff --git a/client/src/views/qualityinspect/mytask.vue b/client/src/views/qualityinspect/mytask.vue
index ba02b51..f5b7d71 100644
--- a/client/src/views/qualityinspect/mytask.vue
+++ b/client/src/views/qualityinspect/mytask.vue
@@ -1,7 +1,7 @@
 <template>
   <div class="app-container">
     
-    <el-card style="margin-top: 10px">
+    <el-card>
       <el-table
         v-loading="listLoading"
         :data="subinspecttasklist"
diff --git a/client/src/views/qualityinspect/mytaskdo.vue b/client/src/views/qualityinspect/mytaskdo.vue
index 9b977ec..3936473 100644
--- a/client/src/views/qualityinspect/mytaskdo.vue
+++ b/client/src/views/qualityinspect/mytaskdo.vue
@@ -7,7 +7,7 @@
           <div slot="header">
         <span>涉及组织</span>
       </div>
-          <el-button type="primary" @click="dialogVisibles = true" size="small"
+          <el-button type="primary" @click="dialogVisibles = true" size="small" v-if="checkPermission(['inspecttask_update'])"
             >增加组织</el-button
           >
           <el-table
@@ -43,7 +43,7 @@
                   type="primary"
                   v-if="scope.row.state == '检查中'"
                   @click="handleCheckup(scope)">组长提交</el-link>
-                <el-link type="danger" @click="handleDelete(scope)"
+                <el-link type="danger" @click="handleDelete(scope)" v-if="checkPermission(['inspecttask_update'])"
                   >删除</el-link
                 >
               </template>
@@ -54,7 +54,7 @@
           <div slot="header">
         <span>检查组成员</span>
       </div>
-          <el-button type="primary" @click="handleCreateMember" size="small"
+          <el-button type="primary" @click="handleCreateMember" size="small" v-if="checkPermission(['inspecttask_update'])"
             >增加成员</el-button
           >
           <el-table
@@ -78,7 +78,7 @@
             </el-table-column>
             <el-table-column label="操作">
               <template slot-scope="scope">
-                <el-link type="danger" @click="handleDeleteMember(scope)"
+                <el-link type="danger" @click="handleDeleteMember(scope)" v-if="checkPermission(['inspecttask_update'])"
                   >删除</el-link
                 >
               </template>
diff --git a/server/apps/system/views.py b/server/apps/system/views.py
index 85f2e5c..5be7896 100644
--- a/server/apps/system/views.py
+++ b/server/apps/system/views.py
@@ -9,7 +9,7 @@ from django.http import request
 from django.http.response import JsonResponse
 from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework import status
-from rest_framework.decorators import (action, authentication_classes,
+from rest_framework.decorators import (action, api_view, authentication_classes,
                                        permission_classes)
 from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.mixins import (CreateModelMixin, DestroyModelMixin,
@@ -408,6 +408,21 @@ class FileViewSet(ModelViewSet):
         instance = serializer.save(create_by = self.request.user, name=name, size=size, type=type, mime=mime)
         instance.path = settings.MEDIA_URL + instance.file.name
         instance.save()
+    
+
+from rest_framework_simplejwt.state import token_backend
+from django.http import HttpResponseForbidden, HttpResponse
+def mediaauth(request):
+    token = request.COOKIES.get('token', None)
+    if token:
+        try:
+            payload = token_backend.decode(token)
+            if payload.get('user_id', None):
+                return HttpResponse()
+        except:
+            return HttpResponseForbidden()
+    return HttpResponseForbidden()
+
 
 
 
diff --git a/server/server/urls.py b/server/server/urls.py
index 8b37a0d..4d6369a 100644
--- a/server/server/urls.py
+++ b/server/server/urls.py
@@ -30,13 +30,14 @@ from django.conf.urls import url
 
 from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
 from rest_framework_simplejwt.views import TokenViewBase
-from apps.system.views import WXMPlogin
+from apps.system.views import WXMPlogin,mediaauth
 
 
 
 urlpatterns = [
     path('', TemplateView.as_view(template_name="index.html")),
     path('api/admin/', admin.site.urls),
+    path('api/mediaauth/',mediaauth),
     path('api/wxmplogin/',WXMPlogin.as_view()),
     path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
     path('api/token2/', Login2View.as_view(), name='token_obtain_2'),