diff --git a/src/main/java/com/rymcu/forest/service/impl/TransactionRecordServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/TransactionRecordServiceImpl.java
index 281b56b..ee31eec 100644
--- a/src/main/java/com/rymcu/forest/service/impl/TransactionRecordServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/TransactionRecordServiceImpl.java
@@ -67,12 +67,7 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
 
     private ReentrantLock getUserTransferLocks(String formBankAccount) {
         synchronized (userTransferLocks) {
-            ReentrantLock lock = userTransferLocks.get(formBankAccount);
-            if (lock == null) {
-                lock = new ReentrantLock();
-                userTransferLocks.put(formBankAccount, lock);
-            }
-            return lock;
+            return userTransferLocks.computeIfAbsent(formBankAccount, k -> new ReentrantLock());
         }
     }
 
@@ -83,15 +78,15 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
         return list;
     }
 
-    private TransactionRecordDTO genTransactionRecord(TransactionRecordDTO transactionRecordDTO) {
+    private void genTransactionRecord(TransactionRecordDTO transactionRecordDTO) {
         BankAccountDTO toBankAccount = bankAccountMapper.selectByBankAccount(transactionRecordDTO.getToBankAccount());
         BankAccountDTO formBankAccount = bankAccountMapper.selectByBankAccount(transactionRecordDTO.getFormBankAccount());
         transactionRecordDTO.setFormBankAccountInfo(formBankAccount);
         transactionRecordDTO.setToBankAccountInfo(toBankAccount);
-        return transactionRecordDTO;
     }
 
     @Override
+    @Transactional(rollbackFor = Exception.class)
     public TransactionRecord userTransfer(Long toUserId, Long formUserId, TransactionEnum transactionType) {
         BankAccountDTO toBankAccount = bankAccountMapper.findPersonBankAccountByIdUser(toUserId);
         BankAccountDTO formBankAccount = bankAccountMapper.findPersonBankAccountByIdUser(formUserId);
@@ -107,6 +102,7 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
     }
 
     @Override
+    @Transactional(rollbackFor = Exception.class)
     public TransactionRecord bankTransfer(Long idUser, TransactionEnum transactionType) {
         BankAccountDTO toBankAccount = bankAccountMapper.findPersonBankAccountByIdUser(idUser);
         if (Objects.isNull(toBankAccount)) {
@@ -143,6 +139,7 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
     }
 
     @Override
+    @Transactional(rollbackFor = Exception.class)
     public TransactionRecord newbieRewards(TransactionRecord transactionRecord) {
         // 判断是否重复发放
         Boolean result = transactionRecordMapper.existsWithNewbieRewards(transactionRecord.getToBankAccount());
diff --git a/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java b/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java
index ab5c89e..94da6d2 100644
--- a/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java
@@ -5,6 +5,8 @@ import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.dto.ArticleUpdateStatusDTO;
 import com.rymcu.forest.entity.Article;
 import com.rymcu.forest.service.ArticleService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -20,6 +22,7 @@ import javax.annotation.Resource;
  */
 @RestController
 @RequestMapping("/api/v1/admin/article")
+@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class AdminArticleController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/admin/AdminController.java b/src/main/java/com/rymcu/forest/web/api/admin/AdminController.java
index e96c55d..a9859a6 100644
--- a/src/main/java/com/rymcu/forest/web/api/admin/AdminController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminController.java
@@ -12,6 +12,8 @@ import com.rymcu.forest.dto.admin.UserRoleDTO;
 import com.rymcu.forest.entity.*;
 import com.rymcu.forest.service.*;
 import org.apache.commons.lang.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -23,6 +25,7 @@ import java.util.List;
  */
 @RestController
 @RequestMapping("/api/v1/admin")
+@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class AdminController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/admin/AdminCurrencyRuleController.java b/src/main/java/com/rymcu/forest/web/api/admin/AdminCurrencyRuleController.java
index b59d2d3..7255322 100644
--- a/src/main/java/com/rymcu/forest/web/api/admin/AdminCurrencyRuleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminCurrencyRuleController.java
@@ -7,6 +7,8 @@ import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.dto.TransactionRecordDTO;
 import com.rymcu.forest.entity.CurrencyRule;
 import com.rymcu.forest.service.CurrencyRuleService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -24,6 +26,7 @@ import java.util.List;
  */
 @RestController
 @RequestMapping("/api/v1/admin/rule/currency")
+@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class AdminCurrencyRuleController {
     @Resource
     private CurrencyRuleService currencyRuleService;
diff --git a/src/main/java/com/rymcu/forest/web/api/admin/DashboardController.java b/src/main/java/com/rymcu/forest/web/api/admin/DashboardController.java
index 530aec7..a4e4732 100644
--- a/src/main/java/com/rymcu/forest/web/api/admin/DashboardController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/DashboardController.java
@@ -9,6 +9,8 @@ import com.rymcu.forest.dto.BankAccountDTO;
 import com.rymcu.forest.dto.UserInfoDTO;
 import com.rymcu.forest.dto.admin.Dashboard;
 import com.rymcu.forest.service.DashboardService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -23,6 +25,7 @@ import java.util.Map;
  */
 @RestController
 @RequestMapping("/api/v1/admin/dashboard")
+@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class DashboardController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java b/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java
index 8f7b051..a6ba18d 100644
--- a/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java
@@ -18,6 +18,9 @@ import com.rymcu.forest.service.ArticleThumbsUpService;
 import com.rymcu.forest.service.CommentService;
 import com.rymcu.forest.service.SponsorService;
 import com.rymcu.forest.util.UserUtils;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -48,6 +51,7 @@ public class ArticleController {
     }
 
     @PostMapping("/post")
+    @RequiresPermissions(value = "user")
     public GlobalResult<Long> postArticle(@RequestBody ArticleDTO article) throws UnsupportedEncodingException {
         User user = UserUtils.getCurrentUserByToken();
         return GlobalResultGenerator.genSuccessResult(articleService.postArticle(article, user));
@@ -75,6 +79,7 @@ public class ArticleController {
     }
 
     @GetMapping("/drafts")
+    @RequiresPermissions(value = "user")
     public GlobalResult<PageInfo<ArticleDTO>> drafts(@RequestParam(defaultValue = "0") Integer page, @RequestParam(defaultValue = "10") Integer rows) {
         PageHelper.startPage(page, rows);
         User user = UserUtils.getCurrentUserByToken();
@@ -84,12 +89,14 @@ public class ArticleController {
     }
 
     @GetMapping("/{idArticle}/share")
+    @RequiresPermissions(value = "user")
     public GlobalResult<String> share(@PathVariable Integer idArticle) {
         User user = UserUtils.getCurrentUserByToken();
         return GlobalResultGenerator.genResult(true, articleService.share(idArticle, user.getAccount()), "");
     }
 
     @PostMapping("/update-tags")
+    @RequiresPermissions(value = "user")
     @AuthorshipInterceptor(moduleName = Module.ARTICLE_TAG)
     public GlobalResult<Boolean> updateTags(@RequestBody Article article) throws UnsupportedEncodingException {
         Long idArticle = article.getIdArticle();
@@ -99,6 +106,7 @@ public class ArticleController {
     }
 
     @PostMapping("/thumbs-up")
+    @RequiresPermissions(value = "user")
     public GlobalResult<Integer> thumbsUp(@RequestBody ArticleThumbsUp articleThumbsUp) {
         if (Objects.isNull(articleThumbsUp) || Objects.isNull(articleThumbsUp.getIdArticle())) {
             throw new BusinessException("数据异常,文章不存在!");
@@ -109,6 +117,7 @@ public class ArticleController {
     }
 
     @PostMapping("/sponsor")
+    @RequiresPermissions(value = "user")
     public GlobalResult<Boolean> sponsor(@RequestBody Sponsor sponsor) {
         if (Objects.isNull(sponsor) || Objects.isNull(sponsor.getDataId()) || Objects.isNull(sponsor.getDataType())) {
             throw new IllegalArgumentException("数据异常");
diff --git a/src/main/java/com/rymcu/forest/web/api/bank/BankAccountController.java b/src/main/java/com/rymcu/forest/web/api/bank/BankAccountController.java
index 50062f9..76202e4 100644
--- a/src/main/java/com/rymcu/forest/web/api/bank/BankAccountController.java
+++ b/src/main/java/com/rymcu/forest/web/api/bank/BankAccountController.java
@@ -8,6 +8,8 @@ import com.rymcu.forest.dto.BankAccountDTO;
 import com.rymcu.forest.dto.BankAccountSearchDTO;
 import com.rymcu.forest.dto.TransactionRecordDTO;
 import com.rymcu.forest.service.BankAccountService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -19,6 +21,7 @@ import java.util.List;
  */
 @RestController
 @RequestMapping("/api/v1/admin/bank-account")
+@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class BankAccountController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/bank/TransactionRecordController.java b/src/main/java/com/rymcu/forest/web/api/bank/TransactionRecordController.java
index 123162c..caa3b28 100644
--- a/src/main/java/com/rymcu/forest/web/api/bank/TransactionRecordController.java
+++ b/src/main/java/com/rymcu/forest/web/api/bank/TransactionRecordController.java
@@ -4,6 +4,8 @@ import com.rymcu.forest.core.result.GlobalResult;
 import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.entity.TransactionRecord;
 import com.rymcu.forest.service.TransactionRecordService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -16,19 +18,20 @@ import javax.annotation.Resource;
  */
 @RestController
 @RequestMapping("/api/v1/transaction")
+@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class TransactionRecordController {
 
     @Resource
     private TransactionRecordService transactionRecordService;
 
     @PostMapping("/transfer")
-    public GlobalResult transfer(@RequestBody TransactionRecord transactionRecord) {
+    public GlobalResult<TransactionRecord> transfer(@RequestBody TransactionRecord transactionRecord) {
         transactionRecord = transactionRecordService.transfer(transactionRecord);
         return GlobalResultGenerator.genSuccessResult(transactionRecord);
     }
 
     @PostMapping("/newbie-rewards")
-    public GlobalResult newbieRewards(@RequestBody TransactionRecord transactionRecord) {
+    public GlobalResult<TransactionRecord> newbieRewards(@RequestBody TransactionRecord transactionRecord) {
         transactionRecord = transactionRecordService.newbieRewards(transactionRecord);
         return GlobalResultGenerator.genSuccessResult(transactionRecord);
     }
diff --git a/src/main/java/com/rymcu/forest/web/api/bank/WalletController.java b/src/main/java/com/rymcu/forest/web/api/bank/WalletController.java
index 3d05a26..db36568 100644
--- a/src/main/java/com/rymcu/forest/web/api/bank/WalletController.java
+++ b/src/main/java/com/rymcu/forest/web/api/bank/WalletController.java
@@ -49,7 +49,7 @@ public class WalletController {
         }
         PageHelper.startPage(page, rows);
         List<TransactionRecordDTO> list = bankAccountService.findUserTransactionRecords(bankAccount.getBankAccount(), startDate, endDate);
-        PageInfo<TransactionRecordDTO> pageInfo = new PageInfo(list);
+        PageInfo<TransactionRecordDTO> pageInfo = new PageInfo<>(list);
         return GlobalResultGenerator.genSuccessResult(pageInfo);
     }
 
diff --git a/src/main/java/com/rymcu/forest/web/api/comment/CommentController.java b/src/main/java/com/rymcu/forest/web/api/comment/CommentController.java
index de33cb7..ac0e109 100644
--- a/src/main/java/com/rymcu/forest/web/api/comment/CommentController.java
+++ b/src/main/java/com/rymcu/forest/web/api/comment/CommentController.java
@@ -5,6 +5,7 @@ import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.entity.Comment;
 import com.rymcu.forest.service.CommentService;
 import com.rymcu.forest.util.UserUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -18,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
  */
 @RestController
 @RequestMapping("/api/v1/comment")
+@RequiresPermissions(value = "user")
 public class CommentController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/common/UploadController.java b/src/main/java/com/rymcu/forest/web/api/common/UploadController.java
index 5d5d30d..54d7ec2 100644
--- a/src/main/java/com/rymcu/forest/web/api/common/UploadController.java
+++ b/src/main/java/com/rymcu/forest/web/api/common/UploadController.java
@@ -15,6 +15,9 @@ import com.rymcu.forest.util.Utils;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.env.Environment;
 import org.springframework.transaction.annotation.Transactional;
@@ -40,6 +43,7 @@ import com.rymcu.forest.util.SSRFUtil;
  */
 @RestController
 @RequestMapping("/api/v1/upload")
+@RequiresPermissions(value = "user")
 public class UploadController {
 
     private final static String UPLOAD_SIMPLE_URL = "/api/upload/file";
diff --git a/src/main/java/com/rymcu/forest/web/api/common/WebSocketController.java b/src/main/java/com/rymcu/forest/web/api/common/WebSocketController.java
index 7a3a4b1..cbbd7ab 100644
--- a/src/main/java/com/rymcu/forest/web/api/common/WebSocketController.java
+++ b/src/main/java/com/rymcu/forest/web/api/common/WebSocketController.java
@@ -1,6 +1,7 @@
 package com.rymcu.forest.web.api.common;
 
 import com.alibaba.fastjson.JSONObject;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.messaging.handler.annotation.MessageMapping;
 import org.springframework.messaging.handler.annotation.SendTo;
 import org.springframework.messaging.simp.SimpMessagingTemplate;
@@ -14,6 +15,7 @@ import javax.annotation.Resource;
  * @author ronger
  */
 @Controller
+@RequiresPermissions(value = "user")
 public class WebSocketController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/follow/FollowController.java b/src/main/java/com/rymcu/forest/web/api/follow/FollowController.java
index 210bdaa..a8d4061 100644
--- a/src/main/java/com/rymcu/forest/web/api/follow/FollowController.java
+++ b/src/main/java/com/rymcu/forest/web/api/follow/FollowController.java
@@ -6,6 +6,7 @@ import com.rymcu.forest.entity.Follow;
 import com.rymcu.forest.entity.User;
 import com.rymcu.forest.service.FollowService;
 import com.rymcu.forest.util.UserUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -15,6 +16,7 @@ import javax.annotation.Resource;
  */
 @RestController
 @RequestMapping("/api/v1/follow")
+@RequiresPermissions(value = "user")
 public class FollowController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/notification/NotificationController.java b/src/main/java/com/rymcu/forest/web/api/notification/NotificationController.java
index 016685a..44324b2 100644
--- a/src/main/java/com/rymcu/forest/web/api/notification/NotificationController.java
+++ b/src/main/java/com/rymcu/forest/web/api/notification/NotificationController.java
@@ -9,6 +9,7 @@ import com.rymcu.forest.entity.Notification;
 import com.rymcu.forest.entity.User;
 import com.rymcu.forest.service.NotificationService;
 import com.rymcu.forest.util.UserUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -22,6 +23,7 @@ import java.util.Objects;
  */
 @RestController
 @RequestMapping("/api/v1/notification")
+@RequiresPermissions(value = "user")
 public class NotificationController {
 
     @Resource
diff --git a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
index 42c9bbe..96dee59 100644
--- a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
+++ b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
@@ -13,6 +13,7 @@ import com.rymcu.forest.enumerate.Module;
 import com.rymcu.forest.service.PortfolioService;
 import com.rymcu.forest.service.UserService;
 import com.rymcu.forest.util.UserUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -38,6 +39,7 @@ public class PortfolioController {
     }
 
     @PostMapping("/post")
+    @RequiresPermissions(value = "user")
     public GlobalResult<Portfolio> add(@RequestBody Portfolio portfolio) {
         User user = UserUtils.getCurrentUserByToken();
         portfolio.setPortfolioAuthorId(user.getIdUser());
diff --git a/src/main/java/com/rymcu/forest/web/api/product/ProductController.java b/src/main/java/com/rymcu/forest/web/api/product/ProductController.java
index 7873aea..f54dfa0 100644
--- a/src/main/java/com/rymcu/forest/web/api/product/ProductController.java
+++ b/src/main/java/com/rymcu/forest/web/api/product/ProductController.java
@@ -11,6 +11,8 @@ import com.rymcu.forest.entity.User;
 import com.rymcu.forest.enumerate.Module;
 import com.rymcu.forest.service.ProductService;
 import com.rymcu.forest.util.UserUtils;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -36,12 +38,14 @@ public class ProductController {
     }
 
     @PostMapping("/post")
+    @RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
     public GlobalResult<Product> add(@RequestBody ProductDTO product) {
         Product newProduct = productService.postProduct(product);
         return GlobalResultGenerator.genSuccessResult(newProduct);
     }
 
     @PutMapping("/post")
+    @RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
     public GlobalResult<Product> update(@RequestBody ProductDTO product) {
         if (product.getIdProduct() == null || product.getIdProduct() == 0) {
             throw new IllegalArgumentException("产品主键参数异常!");
@@ -52,6 +56,7 @@ public class ProductController {
 
 
     @PatchMapping("/update-status")
+    @RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
     public GlobalResult<Boolean> updateStatus(@RequestBody Product product) {
         boolean flag = productService.updateStatus(product.getIdProduct(), product.getStatus());
         return GlobalResultGenerator.genSuccessResult(flag);
diff --git a/src/main/java/com/rymcu/forest/web/api/user/UserController.java b/src/main/java/com/rymcu/forest/web/api/user/UserController.java
index c591b9b..1feb544 100644
--- a/src/main/java/com/rymcu/forest/web/api/user/UserController.java
+++ b/src/main/java/com/rymcu/forest/web/api/user/UserController.java
@@ -36,7 +36,7 @@ public class UserController {
 
     @GetMapping("/{account}")
     @VisitLogger
-    public GlobalResult detail(@PathVariable String account) {
+    public GlobalResult<UserDTO> detail(@PathVariable String account) {
         UserDTO userDTO = userService.findUserDTOByAccount(account);
         return GlobalResultGenerator.genSuccessResult(userDTO);
     }
@@ -49,7 +49,7 @@ public class UserController {
         }
         PageHelper.startPage(page, rows);
         List<ArticleDTO> list = articleService.findUserArticlesByIdUser(userDTO.getIdUser());
-        PageInfo<ArticleDTO> pageInfo = new PageInfo(list);
+        PageInfo<ArticleDTO> pageInfo = new PageInfo<>(list);
         return GlobalResultGenerator.genSuccessResult(pageInfo);
     }
 
@@ -61,7 +61,7 @@ public class UserController {
         }
         PageHelper.startPage(page, rows);
         List<PortfolioDTO> list = portfolioService.findUserPortfoliosByUser(userDTO);
-        PageInfo<PortfolioDTO> pageInfo = new PageInfo(list);
+        PageInfo<PortfolioDTO> pageInfo = new PageInfo<>(list);
         return GlobalResultGenerator.genSuccessResult(pageInfo);
     }
 
@@ -73,7 +73,7 @@ public class UserController {
         }
         PageHelper.startPage(page, rows);
         List<UserDTO> list = followService.findUserFollowersByUser(userDTO);
-        PageInfo<UserDTO> pageInfo = new PageInfo(list);
+        PageInfo<UserDTO> pageInfo = new PageInfo<>(list);
         return GlobalResultGenerator.genSuccessResult(pageInfo);
     }
 
@@ -85,7 +85,7 @@ public class UserController {
         }
         PageHelper.startPage(page, rows);
         List<UserDTO> list = followService.findUserFollowingsByUser(userDTO);
-        PageInfo<UserDTO> pageInfo = new PageInfo(list);
+        PageInfo<UserDTO> pageInfo = new PageInfo<>(list);
         return GlobalResultGenerator.genSuccessResult(pageInfo);
     }
 
diff --git a/src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java b/src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java
index 42d8155..e89f757 100644
--- a/src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java
+++ b/src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java
@@ -13,6 +13,9 @@ import com.rymcu.forest.entity.LoginRecord;
 import com.rymcu.forest.entity.UserExtend;
 import com.rymcu.forest.service.LoginRecordService;
 import com.rymcu.forest.service.UserService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -23,6 +26,7 @@ import java.util.List;
  */
 @RestController
 @RequestMapping("/api/v1/user-info")
+@RequiresPermissions(value = "user")
 public class UserInfoController {
 
     @Resource
@@ -45,8 +49,7 @@ public class UserInfoController {
     }
 
     @GetMapping("/check-nickname")
-    @SecurityInterceptor
-    public GlobalResult checkNickname(@RequestParam Long idUser, @RequestParam String nickname) {
+    public GlobalResult<Boolean> checkNickname(@RequestParam Long idUser, @RequestParam String nickname) {
         boolean flag = userService.checkNicknameByIdUser(idUser, nickname);
         return GlobalResultGenerator.genSuccessResult(flag);
     }