diff --git a/catch/permissions/PermissionsMiddleware.php b/catch/permissions/PermissionsMiddleware.php
index 9364a36..69b6732 100644
--- a/catch/permissions/PermissionsMiddleware.php
+++ b/catch/permissions/PermissionsMiddleware.php
@@ -3,8 +3,10 @@ namespace catchAdmin\permissions;
 
 use app\Request;
 use catchAdmin\permissions\model\Permissions;
+use catcher\CatchCacheKeys;
 use catcher\Code;
 use catcher\exceptions\PermissionForbiddenException;
+use think\facade\Cache;
 use think\helper\Str;
 
 class PermissionsMiddleware
@@ -22,7 +24,7 @@ class PermissionsMiddleware
      */
     public function handle(Request $request, \Closure $next)
     {
-        $rule = $rule = $request->rule()->getName();
+        $rule = $request->rule()->getName();
 
         if (!$rule) {
             return $next($request);
@@ -34,16 +36,23 @@ class PermissionsMiddleware
             return $next($request);
         }
 
-        if (!$request->user()) {
+        $user = $request->user();
+        if (!$user) {
             throw new PermissionForbiddenException('Login is invalid', Code::LOST_LOGIN);
         }
 
-       // toad
-        if (($permission = $this->getPermission($module, $controller, $action, $request))
-            && !in_array($permission->id, $request->user()->getPermissionsBy())) {
-              throw new PermissionForbiddenException();
+        // toad
+        $permission = $this->getPermission($module, $controller, $action);
+        if (!$permission || !in_array($permission->id, Cache::get(CatchCacheKeys::USER_PERMISSIONS . $user->id))) {
+          throw new PermissionForbiddenException();
         }
 
+        // 操作日志
+        event('operateLog', [
+          'request' => $request,
+          'permission' => $permission,
+        ]);
+
         return $next($request);
     }
 
@@ -75,20 +84,12 @@ class PermissionsMiddleware
      * @throws \think\db\exception\ModelNotFoundException
      * @return array|bool|\think\Model|null
      */
-    protected function getPermission($module, $controllerName, $action, $request)
+    protected function getPermission($module, $controllerName, $action)
     {
         $permissionMark = sprintf('%s:%s', $controllerName, $action);
+
         $permission = Permissions::where('module', $module)->where('permission_mark', $permissionMark)->find();
 
-        if (!$permission) {
-            return  false;
-        }
-
-        event('operateLog', [
-            'request' => $request,
-            'permission' => $permission,
-        ]);
-
         return $permission;
     }
 
diff --git a/catch/permissions/model/Permissions.php b/catch/permissions/model/Permissions.php
index 5f41ddd..6e8db6f 100644
--- a/catch/permissions/model/Permissions.php
+++ b/catch/permissions/model/Permissions.php
@@ -54,14 +54,15 @@ class Permissions extends CatchModel
    * 获取当前用户权限
    *
    * @time 2020年01月14日
-   * @throws \think\db\exception\DataNotFoundException
+   * @param array $permissionIds
+   * @return \think\Collection
    * @throws \think\db\exception\DbException
    * @throws \think\db\exception\ModelNotFoundException
-   * @return \think\Collection
+   * @throws \think\db\exception\DataNotFoundException
    */
-    public static function getCurrentUserPermissions(): \think\Collection
+    public static function getCurrentUserPermissions(array $permissionIds): \think\Collection
     {
-        return parent::whereIn('id', request()->user()->getPermissionsBy())
+        return parent::whereIn('id', $permissionIds)
                       ->field(['permission_name as title', 'route', 'icon'])
                       ->select();
     }