diff --git a/apps/inm/views.py b/apps/inm/views.py
index 3d745cad..6cdfdb5f 100644
--- a/apps/inm/views.py
+++ b/apps/inm/views.py
@@ -13,6 +13,7 @@ from apps.inm.serializers import (
 from apps.utils.viewsets import CustomGenericViewSet, CustomModelViewSet
 from apps.inm.services import InmService
 from apps.utils.mixins import BulkCreateModelMixin, BulkDestroyModelMixin, BulkUpdateModelMixin
+from apps.utils.permission import has_perm
 
 
 # Create your views here.
@@ -112,11 +113,14 @@ class MIOViewSet(ListModelMixin, BulkCreateModelMixin, BulkUpdateModelMixin, Des
 
     出入库记录
     """
+    perms_map = {'get': '*', 'post': 'mio.create',
+                 'put': 'mio.update', 'delete': 'mio.delete'}
     queryset = MIO.objects.all()
     select_related_fields = ['create_by', 'belong_dept', 'do_user',
                              'submit_user', 'supplier', 'order', 'customer', 'pu_order']
     serializer_class = MIOListSerializer
     filterset_fields = ['state', 'type', 'pu_order', 'order']
+    data_filter = True
 
     def get_serializer(self, *args, **kwargs):
         if self.action in ['create', 'update', 'partial_update']:
@@ -172,4 +176,6 @@ class MIOItemViewSet(ListModelMixin, BulkCreateModelMixin, BulkDestroyModelMixin
     def perform_destroy(self, instance):
         if instance.state != MIO.MIO_CREATE:
             raise ParseError('出入库记录非创建中不可删除')
+        if has_perm(self.request.user, ['mio.update']) is False and instance.mio.create_by != self.request.user:
+            raise PermissionDenied('无权限删除')
         return super().perform_destroy(instance)
diff --git a/apps/utils/viewsets.py b/apps/utils/viewsets.py
index 66acb496..981f2ca3 100755
--- a/apps/utils/viewsets.py
+++ b/apps/utils/viewsets.py
@@ -92,6 +92,7 @@ class CustomGenericViewSet(MyLoggingMixin, GenericViewSet):
             queryset = queryset.select_related(*self.select_related_fields)
         if self.prefetch_related_fields:
             queryset = queryset.prefetch_related(*self.prefetch_related_fields)
+        self.filter_customer(queryset)
         if self.data_filter:
             user = self.request.user
             if user.is_superuser:
@@ -128,6 +129,11 @@ class CustomGenericViewSet(MyLoggingMixin, GenericViewSet):
                         return queryset.none()
         return queryset
 
+    def filter_custom(self, queryset):
+        """自定义过滤逻辑需要的时候可重写
+        """
+        pass
+
     def filter_s_a_b(self, queryset, dept):
         """过滤同级及以下, 可重写
         """