diff --git a/safesite/views.py b/safesite/views.py
index 72589564..8b612b66 100644
--- a/safesite/views.py
+++ b/safesite/views.py
@@ -144,18 +144,22 @@ def check_session(req):
 
 # 存储文件
 
-
+@apicheck_login
 def upfile(req):
     username = User.objects.get(userid=req.session['userid']).username
+    try:
+        upfile = req.FILES['upfile']
+    except KeyError:
+        return JsonResponse({"code": 0, "msg": "未获取到文件"})
     file_name = (time.strftime('%Y%m%d%H%M%S') + '_' +
-                 req.FILES['upfile'].name).replace('#', '号')
+                 upfile.name).replace('#', '号')
     user_upload_folder = os.path.join('media', username)
     if not os.path.exists(user_upload_folder):
         os.mkdir(user_upload_folder)
     filepath = os.path.join(user_upload_folder, file_name)
     filepath = filepath.replace('\\', '/')
     with open(filepath, 'wb') as f:
-        f.write(req.FILES['upfile'].read())
+        f.write(upfile.read())
     return JsonResponse({"code": 1, "filename": file_name, "filepath": filepath})
 
 # html页面
@@ -2007,7 +2011,7 @@ def grouphandle(req):
         else:
             return JsonResponse({"code": 0})
 
-
+@apicheck_login
 def troublehandle(req):
     a = req.GET.get('a')
     if a == 'detail':
@@ -4467,9 +4471,9 @@ def apisafecert(req):
         return HttpResponse(transjson(total, a), content_type="application/json")
     elif a == 'listself':
         userid = req.session['userid']
-        cardnum = Userprofile.objects.get(user__userid=userid).cardnum
+        # cardnum = Userprofile.objects.get(user__userid=userid).cardnum
         a = Safecert.objects.filter(
-            cardnum=cardnum).order_by('id')  # 无deletemark
+            user__userid=userid).order_by('id')  # 无deletemark
         total = a.count()
         if req.GET.get('sort'):
             a = a.order_by(req.GET.get('sort'))
@@ -5507,6 +5511,7 @@ def apinotice(req):
 @transaction.atomic
 def apioperation(req):
     a = req.GET.get('a')
+    logger.info(req.get_full_path())
     userid = req.session['userid']
     if a == 'add':
         userid = req.session['userid']
@@ -8618,6 +8623,7 @@ def equipmentfig(req):
 
 
 #责任制
+@apicheck_login
 def getresbilitydata(req):
     a = req.GET.get('a')
     userid = req.session['userid']
@@ -8714,6 +8720,7 @@ def getresbilitydata(req):
 
 
 #操作规程
+@apicheck_login
 def getprodata(req):
     a = req.GET.get('a')
     userid = req.session['userid']
@@ -8804,6 +8811,7 @@ def getprodata(req):
          a = ReaderOperproce.objects.filter(readid=id).values('id','readeruser__name','readertime')
          total = a.count()
          return HttpResponse(transjson(total,a),content_type="application/json")
+
 def checkprojects(req):
     a = req.GET.get('a')
     userid = req.session['userid']