diff --git a/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-prod.yml b/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-prod.yml
index 9142d63..9562ad2 100644
--- a/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-prod.yml
+++ b/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-prod.yml
@@ -4,7 +4,7 @@ cpop:
   profile: /root/jambox-union/jambox-oam/uploadPath/upload
   jwt:
     #白名单
-    whiteList: /login,/getCaptcha,/profile/**,/wxOpen/receiveTicket,/wxOpen/*/callback
+    whiteList: /login,/getCaptcha,/profile/**,/wxOpen/receiveTicket,/wxOpen/*/callback,/wxOpen/bindOpenAccount/*
   #拦截
   gateway:
     rsa-keypair:
diff --git a/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-test.yml b/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-test.yml
index b9ae194..c17d295 100644
--- a/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-test.yml
+++ b/Cpop-Oam/Cpop-Oam-Web/src/main/resources/application-test.yml
@@ -4,7 +4,7 @@ cpop:
   profile: /root/jambox-union/jambox-oam/uploadPath/upload
   jwt:
     #白名单
-    whiteList: /login,/getCaptcha,/profile/**,/doc.html,/webjars/**,/favicon.ico,/v2/api-docs/**,/swagger-resources,/wxOpen/receiveTicket,/wxOpen/*/callback
+    whiteList: /login,/getCaptcha,/profile/**,/doc.html,/webjars/**,/favicon.ico,/v2/api-docs/**,/swagger-resources,/wxOpen/receiveTicket,/wxOpen/*/callback,/wxOpen/bindOpenAccount/*
   #拦截
   gateway:
     rsa-keypair:
diff --git a/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/RoleController.java b/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/RoleController.java
index b20904b..2215d23 100644
--- a/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/RoleController.java
+++ b/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/RoleController.java
@@ -77,7 +77,8 @@ public class RoleController {
     @GetMapping("/getMenuTreeList")
     public R<List<MenuVo>> getMenuTreeList(MenuListBo bo) {
         List<MenuVo> list = menuService.getOamMenuTreeList(bo);
-        return R.ok(list);
+        //过滤掉没有权限的数据
+        return R.ok(roleService.filterAuthMenu(list));
     }
 
     /**
diff --git a/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/WxOpenController.java b/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/WxOpenController.java
index ed24f81..8417da8 100644
--- a/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/WxOpenController.java
+++ b/Cpop-Oam/src/main/java/com/cpop/oam/business/controller/WxOpenController.java
@@ -27,6 +27,7 @@ import me.chanjar.weixin.open.bean.result.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -96,6 +97,7 @@ public class WxOpenController {
      * @Author DB
      * @Date: 2023/6/14 21:47
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:insert')")
     @ApiOperation("获取授权链接")
     @GetMapping("/getAuthorizedLink")
     public R<String> getAuthorizedLink() {
@@ -230,6 +232,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/14 0014 17:00
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:list')")
     @ApiOperation("获取授权小程序列表")
     @GetMapping("/getAuthorizerList")
     public R<Page<WxOpenMiniVo>> getAuthorizerList() {
@@ -251,6 +254,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("数据同步")
     @PutMapping("/dataSync/{authorizerAppid}")
     public R<Void> dataSync(@PathVariable("authorizerAppid") String authorizerAppid) {
@@ -270,6 +274,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/15 0015 16:38
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:info')")
     @ApiOperation("获取授权小程序详情")
     @GetMapping("/getAuthorizerInfo/{authorizerAppid}")
     public R<WxOpenAuthorizerInfoResult> getAuthorizerInfo(@PathVariable String authorizerAppid) {
@@ -288,6 +293,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("上传代码并生成体验版")
     @PostMapping("/commit")
     public R<Void> commit(@RequestBody @Validated WxOpenMaCodeCommitBo bo) {
@@ -307,6 +313,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:35
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:info')")
     @ApiOperation("获取体验版二维码")
     @PostMapping("/getTrialQrCode")
     public R<String> getTrialQrCode(@RequestBody WxOpenMaTrialQrCodeBo bo) {
@@ -332,6 +339,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("提交代码审核")
     @PostMapping("/submitAudit/{authorizerAppid}")
     public R<WxOpenMaSubmitAuditResult> submitAudit(@PathVariable String authorizerAppid ,@RequestBody WxOpenMaSubmitAuditMessage message) {
@@ -352,6 +360,7 @@ public class WxOpenController {
      * @param auditId 审核id
      * @return: com.cpop.core.base.R<me.chanjar.weixin.open.bean.result.WxOpenMaQueryAuditResult>
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:info')")
     @ApiOperation("查询审核单状态")
     @GetMapping("/getAuditStatus")
     public R<WxOpenMaQueryAuditResult> getAuditStatus(@RequestParam("authorizerAppid") String authorizerAppid, @RequestParam("auditId") Long auditId) {
@@ -369,6 +378,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("撤回代码审核")
     @PutMapping("/undoAudit/{authorizerAppid}")
     public R<Void> getAuditStatus(@PathVariable String authorizerAppid) {
@@ -386,6 +396,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("发布已通过审核的小程序")
     @PutMapping("/release/{authorizerAppid}")
     public R<Void> release(@PathVariable String authorizerAppid) {
@@ -403,6 +414,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("小程序版本回退")
     @PutMapping("/revertCodeRelease/{authorizerAppid}")
     public R<Void> revertCodeRelease(@PathVariable String authorizerAppid) {
@@ -420,6 +432,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("加急代码审核")
     @PutMapping("/speedupCodeAudit")
     public R<Void> speedupCodeAudit(@RequestParam("authorizerAppid") String authorizerAppid, @RequestParam("auditId") Long auditId) {
@@ -437,6 +450,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:info')")
     @ApiOperation("查询小程序版本信息")
     @GetMapping("/getVersionInfo/{authorizerAppid}")
     public R<WxOpenVersioninfoResult> getVersionInfo(@PathVariable String authorizerAppid) {
@@ -454,6 +468,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:info')")
     @ApiOperation("查询最新一次审核单状态")
     @GetMapping("/getLatestAuditStatus/{authorizerAppid}")
     public R<WxOpenMaQueryAuditResult> getLatestAuditStatus(@PathVariable String authorizerAppid) {
@@ -471,6 +486,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("上传提审素材")
     @PostMapping("/uploadMediaToCodeAudit/{authorizerAppid}")
     public R<WxMaAuditMediaUploadResult> uploadMediaToCodeAudit(@RequestParam("file") File file, @PathVariable("authorizerAppid") String authorizerAppid) {
@@ -489,6 +505,7 @@ public class WxOpenController {
      * @param templateType 模板类型
      * @return: com.cpop.core.base.R<java.util.List<me.chanjar.weixin.open.bean.WxOpenMaCodeTemplate>>
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:info')")
     @ApiOperation("获取模板列表")
     @GetMapping("/getTemplateList")
     public R<List<WxOpenMaCodeTemplate>> getTemplateList(Integer templateType) {
@@ -506,6 +523,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/16 0016 17:34
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:info')")
     @ApiOperation("获取草稿箱列表")
     @GetMapping("/getTemplateDraftList")
     public R<List<WxOpenMaCodeTemplate>> getTemplateDraftList() {
@@ -525,6 +543,7 @@ public class WxOpenController {
      * @param templateType 模板类型
      * @return: com.cpop.core.base.R<java.lang.Void>
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:update')")
     @ApiOperation("将草稿添加到模板库")
     @PostMapping("/addToTemplate")
     public R<Void> addToTemplate(@RequestParam("draftId") Long draftId, @RequestParam("templateType") Integer templateType) {
@@ -543,6 +562,7 @@ public class WxOpenController {
      * @author DB
      * @Date: 2023/6/27 0027 14:28
      */
+    @PreAuthorize("@aps.hasPermission('wxOpen:applet:remove')")
     @ApiOperation("删除代码模板")
     @DeleteMapping("/deleteTemplate/{templateId}")
     public R<Void> deleteTemplate(@PathVariable Integer templateId) {
diff --git a/Cpop-Oam/src/main/java/com/cpop/oam/business/service/RoleService.java b/Cpop-Oam/src/main/java/com/cpop/oam/business/service/RoleService.java
index b1a38c8..a0b0b68 100644
--- a/Cpop-Oam/src/main/java/com/cpop/oam/business/service/RoleService.java
+++ b/Cpop-Oam/src/main/java/com/cpop/oam/business/service/RoleService.java
@@ -1,5 +1,6 @@
 package com.cpop.oam.business.service;
 
+import com.cpop.oam.business.vo.MenuVo;
 import com.mybatisflex.core.paginate.Page;
 import com.mybatisflex.core.service.IService;
 import com.cpop.oam.business.bo.RoleBo;
@@ -8,6 +9,8 @@ import com.cpop.oam.business.bo.RoleStatusBo;
 import com.cpop.oam.business.entity.Role;
 import com.cpop.oam.business.vo.RolePageVo;
 
+import java.util.List;
+
 /**
  * 系统角色表 服务层。
  *
@@ -55,4 +58,13 @@ public interface RoleService extends IService<Role> {
      * @Date: 2023/5/9 14:13
      **/
     void setOamRoleStatus(RoleStatusBo bo);
+
+    /**
+     * @descriptions 过滤掉没有权限的数据
+     * @author DB
+     * @date 2023/10/11 17:26
+     * @param list 原数据
+     * @return: java.util.List<com.cpop.oam.business.vo.MenuVo>
+     */
+    List<MenuVo> filterAuthMenu(List<MenuVo> list);
 }
diff --git a/Cpop-Oam/src/main/java/com/cpop/oam/business/service/impl/RoleServiceImpl.java b/Cpop-Oam/src/main/java/com/cpop/oam/business/service/impl/RoleServiceImpl.java
index 076da45..ffbbd29 100644
--- a/Cpop-Oam/src/main/java/com/cpop/oam/business/service/impl/RoleServiceImpl.java
+++ b/Cpop-Oam/src/main/java/com/cpop/oam/business/service/impl/RoleServiceImpl.java
@@ -1,5 +1,6 @@
 package com.cpop.oam.business.service.impl;
 
+import com.cpop.oam.business.vo.MenuVo;
 import com.mybatisflex.core.paginate.Page;
 import com.mybatisflex.core.query.QueryWrapper;
 import com.mybatisflex.spring.service.impl.ServiceImpl;
@@ -151,4 +152,51 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements Ro
     public void setOamRoleStatus(RoleStatusBo bo) {
         this.updateById(BeanUtils.mapToClass(bo, Role.class));
     }
+
+    /**
+     * @descriptions 过滤掉没有权限的数据
+     * @author DB
+     * @date 2023/10/11 17:27
+     * @param list 原数据
+     * @return: java.util.List<com.cpop.oam.business.vo.MenuVo>
+     */
+    @Override
+    public List<MenuVo> filterAuthMenu(List<MenuVo> list) {
+        if (list.isEmpty()) {
+            return list;
+        }
+        return recursionFilterFn(list);
+    }
+
+    /**
+     * @descriptions 递归过滤
+     * @author DB
+     * @date 2023/10/11 17:36
+     * @param list 递归列表
+     * @return: java.util.List<com.cpop.oam.business.vo.MenuVo>
+     */
+    private List<MenuVo> recursionFilterFn(List<MenuVo> list) {
+        if (!list.isEmpty()){
+            list.forEach(item -> {
+                //判断是否是目录z
+                if (item.getType() == 0){
+                    if (null != item.getChildren()){
+                        recursionFilterFn(item.getChildren());
+                    }
+                }else if (item.getType() == 1){
+                    //是否是菜单 判断是否是目录与是否有子菜单
+                    if (StringUtils.isBlank(item.getPermission()) || null == item.getChildren() ){
+                        //当前是菜单并且没权限或子菜单为空
+                        list.remove(item);
+                    }
+                } else if (item.getType() == 2){
+                    //按钮
+                    if(StringUtils.isBlank(item.getPermission())){
+                        list.remove(item);
+                    }
+                }
+            });
+        }
+        return list;
+    }
 }