diff --git a/apps/opm/serializers.py b/apps/opm/serializers.py
index 405f1d5b..ca702300 100644
--- a/apps/opm/serializers.py
+++ b/apps/opm/serializers.py
@@ -173,6 +173,9 @@ class GasCheckSerializer(CustomModelSerializer):
 
 class OplCreateUpdateSerializer(CustomModelSerializer):
     id = serializers.CharField(read_only=True)
+    cate_name = serializers.CharField(source='cate.name', read_only=True)
+    cate_code = serializers.CharField(source='cate.code', read_only=True)
+    operation_name = serializers.CharField(source='operation.name', read_only=True)
 
     class Meta:
         model = Opl
@@ -205,6 +208,7 @@ class OplSerializer(CustomModelSerializer):
 class OplListSerializer(CustomModelSerializer):
     cate_name = serializers.CharField(source='cate.name', read_only=True)
     cate_code = serializers.CharField(source='cate.code', read_only=True)
+    operation_name = serializers.CharField(source='operation.name', read_only=True)
     cate_ = OplCateSimpleSerializer(source='cate', read_only=True)
     dept_do_ = DeptSimpleSerializer(source='dept_do', read_only=True)
     charger_ = UserSimpleSerializer(source='charger', read_only=True)
@@ -220,6 +224,7 @@ class OplListSerializer(CustomModelSerializer):
 class OplDetailSerializer(CustomModelSerializer):
     cate_name = serializers.CharField(source='cate.name', read_only=True)
     cate_code = serializers.CharField(source='cate.code', read_only=True)
+    operation_name = serializers.CharField(source='operation.name', read_only=True)
     operation_ = OperationDetailSerializer(source='operation', read_only=True)
     dept_do_ = DeptSimpleSerializer(source='dept_do', read_only=True)
     charger_ = UserSimpleSerializer(source='charger', read_only=True)
diff --git a/apps/opm/views.py b/apps/opm/views.py
index b236a2f1..4dbe4524 100644
--- a/apps/opm/views.py
+++ b/apps/opm/views.py
@@ -45,12 +45,22 @@ class OperationViewSet(CustomModelViewSet):
         obj = self.get_object()
         if obj.state != Operation.OP_CREATE:
             raise ParseError('非创建状态不可修改')
+        user = request.user
+        if user == obj.create_by or user.is_superuser:
+            pass
+        else:
+            raise ParseError('非创建人不可修改')
         return super().update(request, *args, **kwargs)
 
     def destroy(self, request, *args, **kwargs):
         obj = self.get_object()
         if obj.state != Operation.OP_CREATE:
             raise ParseError('非创建状态不可删除')
+        user = request.user
+        if user == obj.create_by or user.is_superuser:
+            pass
+        else:
+            raise ParseError('非创建人不可删除')
         obj.delete()
         return Response(status=204)
 
@@ -68,12 +78,22 @@ class OplViewSet(CustomModelViewSet):
         obj = self.get_object()
         if obj.ticket and obj.ticket.act_state != Ticket.TICKET_ACT_STATE_DRAFT:
             raise ParseError('许可证已处理不可删除')
+        user = request.user
+        if user == obj.create_by or user.is_superuser:
+            pass
+        else:
+            raise ParseError('非创建人不可删除')
         return super().destroy(request, *args, **kwargs)
 
     def update(self, request, *args, **kwargs):
         obj = self.get_object()
         if obj.ticket and obj.ticket.act_state != Ticket.TICKET_ACT_STATE_DRAFT:
             raise ParseError('许可证已处理不可编辑')
+        user = request.user
+        if user == obj.create_by or user.is_superuser:
+            pass
+        else:
+            raise ParseError('非创建人不可编辑')
         return super().update(request, *args, **kwargs)
 
     @action(methods=['post'], detail=True, perms_map={'post': '*'},