diff --git a/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java b/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java
index c348bdb..b457bff 100644
--- a/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java
+++ b/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java
@@ -112,17 +112,31 @@ public class DirPermissionService {
      */
     public boolean hasReadPermis(SysUser user, DirectoryVo dir) {
         try {
-            return isEveryoneRead(dir)
-                    || isOwnerSelf(user, dir)
-                    || isAllParentRead(user, dir)
-                    || isParentRead(user, dir)
-                    || isAllChildRead(user, dir)
-                    || isChildRead(user, dir)
-                    || isMemberRead(user, dir);
+            if (secretLevelAllow(user, dir)) {
+                return isEveryoneRead(dir)
+                        || isOwnerSelf(user, dir)
+                        || isAllParentRead(user, dir)
+                        || isParentRead(user, dir)
+                        || isAllChildRead(user, dir)
+                        || isChildRead(user, dir)
+                        || isMemberRead(user, dir);
+            }
         } catch (Exception e) {
             log.error("目录权限校验异常：目录ID：{}，用户ID：{}", dir.getId(), user.getUserId());
-            return false;
         }
+        return false;
+    }
+
+    /**
+     * 判断数据密级
+     *
+     * @param user
+     * @param dir
+     * @return
+     */
+    private boolean secretLevelAllow(SysUser user, DirectoryVo dir) {
+
+        return user.getSecretLevel() > dir.getSecretLevel();
     }
 
     /**
@@ -134,17 +148,19 @@ public class DirPermissionService {
      */
     public boolean hasWritePermis(SysUser user, DirectoryVo dir) {
         try {
-            return isEveryoneWrite(dir)
-                    || isOwnerSelf(user, dir)
-                    || isAllParentWrite(user, dir)
-                    || isParentWrite(user, dir)
-                    || isAllChildWrite(user, dir)
-                    || isChildWrite(user, dir)
-                    || isMemberWrite(user, dir);
+            if (secretLevelAllow(user, dir)) {
+                return isEveryoneWrite(dir)
+                        || isOwnerSelf(user, dir)
+                        || isAllParentWrite(user, dir)
+                        || isParentWrite(user, dir)
+                        || isAllChildWrite(user, dir)
+                        || isChildWrite(user, dir)
+                        || isMemberWrite(user, dir);
+            }
         } catch (Exception e) {
             log.error("目录权限校验异常：目录ID：{}，用户ID：{}", dir.getId(), user.getUserId());
-            return false;
         }
+        return false;
     }
 
     private boolean isAllParentRead(SysUser user, DirectoryVo dir) {
@@ -152,7 +168,7 @@ public class DirPermissionService {
     }
 
     private boolean isAllParentWrite(SysUser user, DirectoryVo dir) {
-        return dir.getPermisAllParent() != null &&  dir.getPermisAllParent().contains("write") && isAllParent(user, dir);
+        return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir);
     }
 
     private boolean isAllParent(SysUser user, DirectoryVo dir) {
@@ -174,7 +190,7 @@ public class DirPermissionService {
     }
 
     private boolean isParentRead(SysUser user, DirectoryVo dir) {
-        return dir.getPermisParent()!= null && dir.getPermisParent().contains("read") && isParent(user, dir);
+        return dir.getPermisParent() != null && dir.getPermisParent().contains("read") && isParent(user, dir);
     }
 
     private boolean isParentWrite(SysUser user, DirectoryVo dir) {
@@ -252,7 +268,7 @@ public class DirPermissionService {
      * @return
      */
     private boolean isEveryoneRead(DirectoryVo dir) {
-        return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("read");
+        return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("read");
     }
 
     /**
@@ -262,7 +278,7 @@ public class DirPermissionService {
      * @return
      */
     private boolean isEveryoneWrite(DirectoryVo dir) {
-        return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("write");
+        return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("write");
     }
 
     /**
@@ -506,7 +522,7 @@ public class DirPermissionService {
 
     private List<DirectoryVo> selectDirectoryList() {
         QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>();
-        wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD");
+        wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD", "SECRET_LEVEL");
         wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR);
         return directoryService.list(wrapper);
     }