diff --git a/app/AdminAgent/Controllers/AgentProductController.php b/app/AdminAgent/Controllers/AgentProductController.php
index e08c504..423fc11 100644
--- a/app/AdminAgent/Controllers/AgentProductController.php
+++ b/app/AdminAgent/Controllers/AgentProductController.php
@@ -100,7 +100,12 @@ class AgentProductController extends AdminController
     protected function detail($id)
     {
         return Show::make($id, new AgentProduct(['agent:id,name', 'product.supplier:id,name']), function (Show $show) {
-            $show->field('id');
+			//不允许查看非自己的数据
+			if ($show->model()->agent_id != Admin::user()->id) {
+				Admin::exit('数据不存在');
+			}
+
+			$show->field('id');
             $show->field('agent_id');
             $show->field('product_id');
             $show->field('price');
@@ -137,7 +142,12 @@ class AgentProductController extends AdminController
         return Form::make(new AgentProduct(['product:id,title']), function (Form $form) {
 			$agent_id = Admin::user()->id;
 
-            $form->display('id');
+			//不允许查看非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
+			$form->display('id');
             $form->hidden('agent_id')->value($agent_id);
 			$form->hidden('status')->value(ProductStatus::UNAUDITED);
 			$form->hidden('product_id');
@@ -167,6 +177,11 @@ class AgentProductController extends AdminController
 				->default(settlement::INSTANT)
 				->required();
         })->saving(function (Form $form) {
+			//不允许修改非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
 			$agent_id = Admin::user()->id;
 
 			//判断供应商产品是否存在或下架
diff --git a/app/AdminAgent/Controllers/CategoryController.php b/app/AdminAgent/Controllers/CategoryController.php
index 25b3126..db1627c 100644
--- a/app/AdminAgent/Controllers/CategoryController.php
+++ b/app/AdminAgent/Controllers/CategoryController.php
@@ -37,6 +37,8 @@ class CategoryController extends AdminController
     protected function grid()
     {
         return Grid::make(new Category(), function (Grid $grid) {
+        	$grid->model()->where('agent_id', Admin::user()->id);
+
             $grid->column('id')->sortable();
             $grid->column('name');
             $grid->column('pid');
@@ -55,7 +57,12 @@ class CategoryController extends AdminController
     protected function detail($id)
     {
         return Show::make($id, new Category(), function (Show $show) {
-            $show->field('id');
+			//不允许查看非自己的数据
+			if ($show->model()->agent_id != Admin::user()->id) {
+				Admin::exit('数据不存在');
+			}
+
+			$show->field('id');
             $show->field('name');
             $show->field('pid');
             $show->field('sort');
@@ -75,27 +82,33 @@ class CategoryController extends AdminController
 			$options = Category::selectOptions(fn($query) => $query->where('agent_id', $agent_id));
 
         	$form->display('id');
-            $form->hidden('agent_id')->value($agent_id)->required();
 			$form->select('pid')->options($options)->required();
             $form->text('name')->required();
             $form->text('sort')->default(255)->help('越小越靠前');
 //            $form->text('template');
         })->saving(function (Form $form) {
+			//不允许修改非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
 			//不允许编辑的字段
 			$form->ignore(['id', 'deleted_at']);
 
 			$form->agent_id = Admin::user()->id;
 			$form->sort = $form->sort ?? 255;
 		})->deleting(function (Form $form) {
-			//获取到要删除分类的ID
-			$category_id = (int)$form->getKey();
+			//不允许修改非自己的数据
+			if ($form->model()[0]['agent_id'] != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
 
 			//获取要删除类目的所有下级ID
 			$agent_id = Admin::user()->id;
 			$category = Category::where('agent_id', $agent_id)->pluck('pid', 'id')->toArray();
-			$ids = getChildCate($category_id, $category);
+			$ids = getChildCate((int)$form->getKey(), $category);
 
-			if (AgentProduct::query()->where('agent_id', $agent_id)->whereIn('category_id', $ids)->exists()) {
+			if (AgentProduct::where('agent_id', $agent_id)->whereIn('category_id', $ids)->exists()) {
 				return $form->response()->error('该分类下已经发布产品，不允许删除');
 			}
 		});
diff --git a/app/AdminAgent/Controllers/OrderController.php b/app/AdminAgent/Controllers/OrderController.php
index d8ccde5..23a6dda 100644
--- a/app/AdminAgent/Controllers/OrderController.php
+++ b/app/AdminAgent/Controllers/OrderController.php
@@ -83,9 +83,12 @@ class OrderController extends AdminController
         return Show::make($id, new Order(['product.supplier:id,name']), function (Show $show) {
 			$show->disableDeleteButton();
 
-			$show->repository()->model()->where('agent_id', Admin::user()->id);
+			//不允许查看非自己的数据
+			if ($show->model()->agent_id != Admin::user()->id) {
+				Admin::exit('数据不存在');
+			}
 
-            $show->field('id');
+			$show->field('id');
             $show->field('user_id');
             $show->field('order_no');
             $show->field('agent_product_id', '代理商产品ID');
@@ -115,11 +118,24 @@ class OrderController extends AdminController
         return Form::make(new Order(), function (Form $form) {
 			$form->disableDeleteButton();
 
-            $form->display('id');
+			//不允许查看非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
+			$form->display('id');
             $form->text('name');
             $form->text('mobile');
             $form->select('status')->options(OrderStatus::array());
         })->saving(function (Form $form) {
+			//不允许修改非自己的数据
+			if ($form->isCreating()) {
+				return $form->response()->error('不允许此操作');
+			}
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
 			//不允许编辑的字段
 			$form->ignore(['id', 'user_id', 'agent_id', 'agent_product_id', 'product_id', 'product_ids', 'order_no',
 				'pay_type', 'paid_money', 'created_at', 'updated_at', 'deleted_at']);
diff --git a/app/AdminAgent/Controllers/UserController.php b/app/AdminAgent/Controllers/UserController.php
index 42cc20c..3bdbe9b 100644
--- a/app/AdminAgent/Controllers/UserController.php
+++ b/app/AdminAgent/Controllers/UserController.php
@@ -56,7 +56,12 @@ class UserController extends AdminController
         return Show::make($id, new User(), function (Show $show) {
 			$show->disableDeleteButton();
 
-            $show->field('id');
+			//不允许查看非自己的数据
+			if ($show->model()->agent_id != Admin::user()->id) {
+				Admin::exit('数据不存在');
+			}
+
+			$show->field('id');
             $show->field('avatar')->image(80, 80);
             $show->field('mobile');
             $show->field('nickname');
@@ -76,15 +81,26 @@ class UserController extends AdminController
         return Form::make(new User(), function (Form $form) {
 			$form->disableDeleteButton();
 
-            $form->display('id');
+			//不允许查看非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
+			$form->display('id');
 			$form->display('nickname');
             $form->text('mobile');
             $form->switch('status');
             $form->switch('verifier');
         })->saving(function (Form $form) {
-        	//不允许编辑的字段
-			$form->ignore(['id', 'nickname', 'deleted_at']);
+			//不允许修改非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
+			//不允许编辑的字段
+			$form->ignore(['id', 'agent_id', 'nickname', 'deleted_at']);
 
+			//处理特殊字段
         	$form->agent_id = Admin::user()->id;
 			$form->status = $form->status ? 1 : 0;
 			$form->verifier = $form->verifier ? 1 : 0;