diff --git a/base/resource.go b/base/resource.go
index 116f93a..d8fe790 100644
--- a/base/resource.go
+++ b/base/resource.go
@@ -13,6 +13,7 @@ import (
 	"git.fsdpf.net/go/contracts"
 	"git.fsdpf.net/go/contracts/helper"
 	"git.fsdpf.net/go/contracts/res_type"
+	"git.fsdpf.net/go/contracts/support"
 	"git.fsdpf.net/go/db"
 )
 
@@ -149,7 +150,7 @@ func (this Resource) GetAuthDBTable(u contracts.User, params ...any) *db.Builder
 	// 数据权限过滤
 	builder.Before(func(b *db.Builder, t string, data ...map[string]any) {
 		if t == db.TYPE_SELECT || t == db.TYPE_UPDATE || t == db.TYPE_DELETE {
-			this.WithRolesCondition(b, t, u.Roles()...)
+			this.WithRolesCondition(b, t, u)
 		}
 	})
 
@@ -209,10 +210,11 @@ func (this Resource) GetDBTable(params ...any) *db.Builder {
 	return builder.Table(string(this.GetTable()), alias)
 }
 
-func (this Resource) WithRolesCondition(b *db.Builder, t string, roles ...string) error {
+func (this Resource) WithRolesCondition(b *db.Builder, t string, u contracts.User) error {
 	isFullRight := false
 	isFullNot := false
 
+	NewOrm := do.MustInvoke[helper.NewOrm](this.container)
 	NewOrmModel := do.MustInvoke[helper.NewOrmModel](this.container)
 	NewOrmJoin := do.MustInvoke[helper.NewOrmJoin](this.container)
 
@@ -221,7 +223,7 @@ func (this Resource) WithRolesCondition(b *db.Builder, t string, roles ...string
 	GetResource := do.MustInvoke[contracts.GetResource](this.container)
 	GetOrmConditionByRes := do.MustInvoke[GetOrmConditionByRes](this.container)
 
-	items := do.MustInvoke[GetResRoles](this.container)(this.GetUuid(), roles...)
+	items := do.MustInvoke[GetResRoles](this.container)(this.GetUuid(), u.Roles()...)
 
 	subTables := lo.Reduce(items, func(carry string, item ResRole, _ int) string {
 		db := this.GetDB().Table(string(this.GetTable()), this.GetCode()).Select(db.Raw("`" + this.GetCode() + "`.*"))
@@ -262,7 +264,10 @@ func (this Resource) WithRolesCondition(b *db.Builder, t string, roles ...string
 			isFullRight = true
 			return db.ToSql()
 		} else if conditions.IsNotEmpty() {
-			db.Where(conditions.ToSql(nil))
+			oOrm := NewOrm(this, nil)
+			oOrm.SetGlobalParams(support.NewGlobalParam("{}", u))
+
+			db.Where(conditions.ToSql(oOrm.GetModel()))
 
 			// 如果前面是无权限的sql查看, 这直接返回本次查询
 			if isFullNot {
diff --git a/resource.go b/resource.go
index ec4c431..4ead747 100644
--- a/resource.go
+++ b/resource.go
@@ -54,7 +54,7 @@ type Resource interface {
 	GetStruct(extends ...reflect.StructField) any
 	GetSliceStruct(extends ...reflect.StructField) any
 
-	WithRolesCondition(b *db.Builder, t string, roles ...string) error
+	WithRolesCondition(b *db.Builder, t string, u User) error
 
 	// 是否虚拟资源
 	IsVirtual() bool