diff --git a/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java b/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java
index 20827a25..bcdbdb60 100644
--- a/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java
+++ b/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java
@@ -77,7 +77,7 @@ public class ManagerTokenGenerate extends AbstractTokenGenerate {
         //循环权限菜单
         userMenuVOList.forEach(menu -> {
             //循环菜单，赋予用户权限
-            if (menu.getPermission() != null) {
+            if (!menu.getPermission().isEmpty()) {
                 //获取路径集合
                 String[] permissionUrl = menu.getPermission().split(",");
                 //for循环路径集合
diff --git a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
index ad040122..46c12778 100755
--- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
+++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
@@ -84,7 +84,9 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
 
         //如果不是超级管理员， 则鉴权
         if (!authUser.getIsSuper()) {
+            //获取缓存中的权限
             Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId());
+
             //获取数据(GET 请求)权限
             if (request.getMethod().equals(RequestMethod.GET.name())) {
                 //如果用户的超级权限和查阅权限都不包含当前请求的api