diff --git a/middleware/rbac.go b/middleware/rbac.go
index 2a9c877..24eda70 100644
--- a/middleware/rbac.go
+++ b/middleware/rbac.go
@@ -9,30 +9,41 @@ import (
 func RbacAuth(c *gin.Context){
 	roleId, _ :=c.Get("role_id")
 	role:=models.FindRole(roleId)
+	var methodFlag bool
 	if role.Method!="*"{
 		methods:=strings.Split(role.Method,",")
 		for _,m:=range methods{
-			if c.Request.Method!=m{
-				c.JSON(200, gin.H{
-					"code": 403,
-					"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
-				})
-				c.Abort()
-				return
+			if c.Request.Method==m{
+				methodFlag=true
+				break
 			}
 		}
+		if !methodFlag{
+			c.JSON(200, gin.H{
+				"code": 403,
+				"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
+			})
+			c.Abort()
+			return
+		}
 	}
+	var flag bool
 	if role.Path!="*"{
 		paths:=strings.Split(role.Path,",")
 		for _,p:=range paths{
-			if c.Request.RequestURI!=p{
-				c.JSON(200, gin.H{
-					"code": 403,
-					"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
-				})
-				c.Abort()
+			if c.Request.RequestURI==p{
+				flag=true
+				break
 			}
 		}
+		if !flag{
+			c.JSON(200, gin.H{
+				"code": 403,
+				"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
+			})
+			c.Abort()
+			return
+		}
 	}
 }