diff --git a/app/controllers/examination_banks_controller.rb b/app/controllers/examination_banks_controller.rb
index 3df11a432..bd1782dc8 100644
--- a/app/controllers/examination_banks_controller.rb
+++ b/app/controllers/examination_banks_controller.rb
@@ -3,7 +3,7 @@ class ExaminationBanksController < ApplicationController
   before_action :require_login
   before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public, :revoke_item, :cancel_items]
   before_action :find_exam, except: [:index, :create, :cancel_items]
-  before_action :edit_auth, only: [:update, :destroy, :set_public, :revoke_item, :cancel_items]
+  before_action :edit_auth, only: [:update, :set_public, :revoke_item, :cancel_items]
   before_action :identity_auth, only: [:index]
 
   def index
@@ -52,6 +52,7 @@ class ExaminationBanksController < ApplicationController
   end
 
   def destroy
+    tip_exception(403, "无权限") unless current_user.admin? || @item.user == current_user
     ActiveRecord::Base.transaction do
       ApplyAction.where(container_type: "ExaminationBank", container_id: @exam.id).destroy_all
       @exam.destroy!
@@ -92,6 +93,6 @@ class ExaminationBanksController < ApplicationController
   end
 
   def edit_auth
-    current_user.admin_or_business? || @exam.user == current_user
+    tip_exception(403, "无权限") unless current_user.admin_or_business? || @exam.user == current_user
   end
 end
\ No newline at end of file
diff --git a/app/controllers/item_banks_controller.rb b/app/controllers/item_banks_controller.rb
index ea10e865b..d77c57711 100644
--- a/app/controllers/item_banks_controller.rb
+++ b/app/controllers/item_banks_controller.rb
@@ -3,7 +3,7 @@ class ItemBanksController < ApplicationController
   before_action :require_login
   before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public]
   before_action :find_item, except: [:index, :create]
-  before_action :edit_auth, only: [:update, :destroy, :set_public]
+  before_action :edit_auth, only: [:update, :set_public]
   before_action :identity_auth, only: [:index]
 
   def index
@@ -41,6 +41,7 @@ class ItemBanksController < ApplicationController
   end
 
   def destroy
+    tip_exception(403, "无权限") unless current_user.admin? || @item.user == current_user
     ActiveRecord::Base.transaction do
       ApplyAction.where(container_type: "ItemBank", container_id: @item.id).destroy_all
       if @item.item_type == "PROGRAM"
@@ -67,7 +68,7 @@ class ItemBanksController < ApplicationController
   end
 
   def edit_auth
-    current_user.admin_or_business? || @item.user == current_user
+    tip_exception(403, "无权限") unless current_user.admin_or_business? || @item.user == current_user
   end
 
   def form_params