diff --git a/ZR.Admin.WebApi/Controllers/CommonController.cs b/ZR.Admin.WebApi/Controllers/CommonController.cs
index 7e3424c..1f3ba07 100644
--- a/ZR.Admin.WebApi/Controllers/CommonController.cs
+++ b/ZR.Admin.WebApi/Controllers/CommonController.cs
@@ -79,7 +79,7 @@ namespace ZR.Admin.WebApi.Controllers
         /// <returns></returns>
         [HttpPost()]
         [Verify]
-        [ActionPermissionFilter(Permission = "system")]
+        [ActionPermissionFilter(Permission = "common")]
         public IActionResult UploadFile([FromForm(Name = "file")] IFormFile formFile)
         {
             if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
@@ -114,7 +114,7 @@ namespace ZR.Admin.WebApi.Controllers
         /// <returns></returns>
         [HttpPost]
         [Verify]
-        [ActionPermissionFilter(Permission = "system")]
+        [ActionPermissionFilter(Permission = "common")]
         public IActionResult UploadFileAliyun([FromForm(Name = "file")] IFormFile formFile, string fileDir = "")
         {
             if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
diff --git a/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs b/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
index 3cf32ca..a677859 100644
--- a/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
+++ b/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
@@ -55,12 +55,12 @@ namespace ZR.Admin.WebApi.Filters
                 bool isDemoMode = ConfigUtils.Instance.GetAppConfig("DemoMode", false);
 
                 //演示公开环境屏蔽权限
-                string[] denyPerms = new string[] { "update", "add", "remove", "add", "edit", "delete", "import", "run", "start", "stop", "clear", "send" ,"export"};
-                if (isDemoMode && (denyPerms.Any(f => Permission.ToLower().Contains(f.ToLower())) || Permission.Equals("system")))
+                string[] denyPerms = new string[] { "update", "add", "remove", "add", "edit", "delete", "import", "run", "start", "stop", "clear", "send" ,"export", "upload", "common"};
+                if (isDemoMode && denyPerms.Any(f => Permission.ToLower().Contains(f)))
                 {
                     context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "演示模式 , 不允许操作" });
                 }
-                if (!HasPermi && !Permission.Equals("system"))
+                if (!HasPermi && !Permission.Equals("common"))
                 {
                     logger.Info($"用户{info.NickName}没有权限访问{context.HttpContext.Request.Path}，当前权限[{Permission}]");
                     context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "你没有权限访问" });