diff --git a/code/rest/share_controller.go b/code/rest/share_controller.go
index 44ec89d..1cf49a2 100644
--- a/code/rest/share_controller.go
+++ b/code/rest/share_controller.go
@@ -354,12 +354,16 @@ func (this *ShareController) Browse(writer http.ResponseWriter, request *http.Re
 	//puuid can be "root"
 	puuid := request.FormValue("puuid")
 	rootUuid := request.FormValue("rootUuid")
+	dprt := request.FormValue("dprt") //department id encode by base64
+	bdprt, _ := base64.StdEncoding.DecodeString(dprt)
+	dprt = string(bdprt)
 
 	user := this.findUser(request)
 
 	share := this.shareService.CheckShare(request, shareUuid, code, user)
 	//by han: add permitList verification feature
-	if user.Uuid == "" || (user.Uuid != share.UserUuid && share.PermitList != "" && !strings.Contains(share.PermitList, user.Uuid)) {
+	if user.Uuid == "" || dprt == "" || (user.Uuid != share.UserUuid && share.PermitList != "" &&
+		!strings.Contains(share.PermitList, user.Uuid) && !strings.Contains(share.PermitList, dprt)) {
 		panic(result.UNAUTHORIZED)
 	}
 
@@ -432,10 +436,13 @@ func (this *ShareController) Zip(writer http.ResponseWriter, request *http.Reque
 
 	puuid := request.FormValue("puuid")
 	rootUuid := request.FormValue("rootUuid")
+	dprt := request.FormValue("dprt") //department id encode by base64
+	bdprt, _ := base64.StdEncoding.DecodeString(dprt)
+	dprt = string(bdprt)
 
 	user := this.findUser(request)
 
-	if puuid == MATTER_ROOT {
+	if true { //下载流程
 
 		//download all things.
 		share := this.shareService.CheckShare(request, shareUuid, code, user)
@@ -451,7 +458,8 @@ func (this *ShareController) Zip(writer http.ResponseWriter, request *http.Reque
 		}
 
 		//by han: add verification for downloadAPI
-		if user.Uuid != share.UserUuid && share.PermitList != "" && !strings.Contains(share.PermitList, user.Uuid) {
+		if dprt == "" || (user.Uuid != share.UserUuid && share.PermitList != "" &&
+			!strings.Contains(share.PermitList, user.Uuid) && !strings.Contains(share.PermitList, dprt)) {
 			panic(result.UNAUTHORIZED)
 		}