diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/TestController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/TestController.cs
index a7251a4c..e4084ba3 100644
--- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/TestController.cs
+++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/TestController.cs
@@ -45,7 +45,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
[HttpGet]
// 特点:化繁为简!意框架仓储代理上下文对象,用起来就是爽,但最好按规范来爽!
- // 规范:控制器不建议使用切换仓储方法、控制器严禁使用DB上下文对象,其它怎么爽怎么来!
+ // 规范:控制器严禁使用DB上下文对象,其它怎么爽怎么来!
public async Task DbTest()
{
//非常好,使用UserService的特有方法
@@ -60,7 +60,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
//挺不错,依赖注入其他仓储
await _iRoleService._repository.GetListAsync();
- //不建议操作,直接切换其他仓储
+ //还行,直接切换其他仓储,怎么爽怎么来
await _iUserService._repository.ChangeRepository>().GetListAsync();
//最好不要直接操作Db对象
@@ -74,7 +74,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpGet]
- //简单语句不推荐!
+ //简单语句不推荐使用sql!
public async Task SqlTest()
{
return Result.Success().SetData(await _iUserService._repository.UseSqlAsync("select * from User"));
diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs
index 2e17d62f..fa16fc8f 100644
--- a/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs
+++ b/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs
@@ -41,8 +41,8 @@ namespace Yi.Framework.WebCore.AttributeExtend
var perList = context.HttpContext.User.Claims.Where(u => u.Type == "permission").Select(u=> u.Value.ToString().ToLower()). ToList();
//判断权限是否存在Redis中,或者jwt中
- //进行正则表达式的匹配
- Regex regex = new Regex($"{permission.ToLower()}");
+ //进行正则表达式的匹配,以code开头
+ Regex regex = new Regex($"^{permission.ToLower()}");
foreach (var p in perList)
{
if (regex.IsMatch(p))