diff --git a/CHANGES.md b/CHANGES.md
index c7d1f82..39c6fea 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,5 +1,10 @@
 ## 版本更新记录
 
+### v0.2.7 2020-01-01
+
+- 添加文件权限控制功能，支持：公开、私密、指定用户可见、访问码可见4中权限模式；
+- 优化部分样式；
+
 ### v0.2.6 2019-12-18
 
 - 优化文档编写页面布局；
diff --git a/MrDoc/settings.py b/MrDoc/settings.py
index de9e6fb..8fb7bf9 100644
--- a/MrDoc/settings.py
+++ b/MrDoc/settings.py
@@ -25,7 +25,7 @@ SECRET_KEY = '5&71mt9@^58zdg*_!t(x6g14q*@84d%ptr%%s6e0l50zs0we3d'
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
 
-VERSIONS = '0.2.6'
+VERSIONS = '0.2.7'
 
 ALLOWED_HOSTS = ['*']
 
diff --git a/README.md b/README.md
index 18e0bf6..1fd2f2b 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,9 @@
 ## 介绍
 基于Python的一个简单文档写作系统。
 
+当前版本为：**v0.2.7**，版本发布时间为**2020-01-01**，更新记录详见：[CHANGES.md](./CHANGES.md)
+
+
 MrDoc拥有以下特点：
 
 - 基于Django自带的用户模型，实现简单高效的用户管理，支持用户注册、用户登录、管理员等控制等功能；
@@ -19,12 +22,11 @@ MrDoc拥有以下特点：
 - 仿GitBook文档阅读页面，支持文档阅读页面的字体缩放，字体类型修改；
 - 支持三级目录层级显示；
 - 支持文集导出为markdown文本格式.md文件；
+- 支持基于文集的权限控制，提供公开、私密、指定用户可见、访问码可见4种权限模式；
 - 使用方便、二次开发修改也方便；
 
 在开发过程中，参考和借鉴了GitBook、ShowDoc、Wordbook等应用的功能和样式。
 
-当前版本为：**v0.2.5**，更多更新记录详见：[CHANGES.md](./CHANGES.md)
-
 ## 软件架构
 
 后端基于Python Web框架Django
diff --git a/app_admin/urls.py b/app_admin/urls.py
index 8bfdf26..ed9f1b9 100644
--- a/app_admin/urls.py
+++ b/app_admin/urls.py
@@ -11,6 +11,7 @@ urlpatterns = [
     path('change_pwd',views.admin_change_pwd,name="change_pwd"), # 管理员修改用户密码
     path('modify_pwd',views.change_pwd,name="modify_pwd"), # 普通用户修改密码
     path('project_manage/',views.admin_project,name='project_manage'), # 文集管理
+    path('project_role_manage/<int:pro_id>/',views.admin_project_role,name="admin_project_role"), # 管理文集权限
     path('doc_manage/',views.admin_doc,name='doc_manage'), # 文档管理
     path('doctemp_manage/',views.admin_doctemp,name='doctemp_manage'), # 文档模板管理
     path('setting/',views.admin_setting,name="sys_setting"), # 应用设置
diff --git a/app_admin/views.py b/app_admin/views.py
index 8b2af08..8d1ea76 100644
--- a/app_admin/views.py
+++ b/app_admin/views.py
@@ -1,5 +1,6 @@
+# coding:utf-8
 from django.shortcuts import render,redirect
-from django.http.response import JsonResponse,HttpResponse
+from django.http.response import JsonResponse,HttpResponse,Http404
 from django.contrib.auth import authenticate,login,logout # 认证相关方法
 from django.contrib.auth.models import User # Django默认用户模型
 from django.contrib.auth.decorators import login_required # 登录需求装饰器
@@ -295,6 +296,39 @@ def admin_project(request):
     else:
         return HttpResponse('方法错误')
 
+# 管理员后台 - 修改文集权限
+@superuser_only
+def admin_project_role(request,pro_id):
+    pro = Project.objects.get(id=pro_id)
+    if request.method == 'GET':
+        return render(request,'app_admin/admin_project_role.html',locals())
+    elif request.method == 'POST':
+        role_type = request.POST.get('role','')
+        if role_type != '':
+            if int(role_type) in [0,1]:# 公开或私密
+                Project.objects.filter(id=int(pro_id)).update(
+                    role = role_type,
+                    modify_time = datetime.datetime.now()
+                )
+            if int(role_type) == 2: # 指定用户可见
+                role_value = request.POST.get('tagsinput','')
+                Project.objects.filter(id=int(pro_id)).update(
+                    role=role_type,
+                    role_value = role_value,
+                    modify_time = datetime.datetime.now()
+                )
+            if int(role_type) == 3: # 访问码可见
+                role_value = request.POST.get('viewcode','')
+                Project.objects.filter(id=int(pro_id)).update(
+                    role=role_type,
+                    role_value=role_value,
+                    modify_time=datetime.datetime.now()
+                )
+            pro = Project.objects.get(id=int(pro_id))
+            return render(request, 'app_admin/admin_project_role.html', locals())
+        else:
+            return Http404
+
 
 # 管理员后台 - 文档管理
 @superuser_only
diff --git a/app_doc/migrations/0007_auto_20191221_1035.py b/app_doc/migrations/0007_auto_20191221_1035.py
new file mode 100644
index 0000000..b6f92d9
--- /dev/null
+++ b/app_doc/migrations/0007_auto_20191221_1035.py
@@ -0,0 +1,37 @@
+# Generated by Django 2.1 on 2019-12-21 10:35
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('app_doc', '0006_auto_20191215_1910'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='ProjectRole',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('role_type', models.IntegerField(choices=[(0, 0), (1, 1)], verbose_name='私密文集类型')),
+                ('role_value', models.TextField(blank=True, null=True, verbose_name='文集受限值')),
+                ('create_time', models.DateField(auto_now_add=True, verbose_name='创建时间')),
+            ],
+            options={
+                'verbose_name': '私密文集权限',
+                'verbose_name_plural': '私密文集权限',
+            },
+        ),
+        migrations.AddField(
+            model_name='project',
+            name='role',
+            field=models.IntegerField(choices=[(0, 0), (1, 1)], default=0, verbose_name='文集权限'),
+        ),
+        migrations.AddField(
+            model_name='projectrole',
+            name='project',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='app_doc.Project', unique=True),
+        ),
+    ]
diff --git a/app_doc/migrations/0008_auto_20191221_1055.py b/app_doc/migrations/0008_auto_20191221_1055.py
new file mode 100644
index 0000000..88d043c
--- /dev/null
+++ b/app_doc/migrations/0008_auto_20191221_1055.py
@@ -0,0 +1,30 @@
+# Generated by Django 2.1 on 2019-12-21 10:55
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('app_doc', '0007_auto_20191221_1035'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='projectrole',
+            name='project',
+        ),
+        migrations.AddField(
+            model_name='project',
+            name='role_value',
+            field=models.TextField(blank=True, null=True, verbose_name='文集权限值'),
+        ),
+        migrations.AlterField(
+            model_name='project',
+            name='role',
+            field=models.IntegerField(choices=[(0, 0), (1, 1), (2, 2), (3, 3)], default=0, verbose_name='文集权限'),
+        ),
+        migrations.DeleteModel(
+            name='ProjectRole',
+        ),
+    ]
diff --git a/app_doc/models.py b/app_doc/models.py
index 2a1a3b9..73d0d06 100644
--- a/app_doc/models.py
+++ b/app_doc/models.py
@@ -5,6 +5,9 @@ from django.contrib.auth.models import User
 class Project(models.Model):
     name = models.CharField(verbose_name="文档名称",max_length=50)
     intro = models.TextField(verbose_name="介绍")
+    # 文集权限说明：0表示公开，1表示私密,2表示指定用户可见,3表示访问码可见 默认公开
+    role = models.IntegerField(choices=((0,0),(1,1),(2,2),(3,3)), default=0,verbose_name="文集权限")
+    role_value = models.TextField(verbose_name="文集权限值",blank=True,null=True)
     create_user = models.ForeignKey(User,on_delete=models.CASCADE)
     create_time = models.DateTimeField(auto_now_add=True)
     modify_time = models.DateTimeField(auto_now=True)
diff --git a/app_doc/urls.py b/app_doc/urls.py
index 03a1e74..3f685f1 100644
--- a/app_doc/urls.py
+++ b/app_doc/urls.py
@@ -11,6 +11,8 @@ urlpatterns = [
     path('manage_project',views.manage_project,name="manage_project"), # 管理文集
     path('del_project/',views.del_project,name='del_project'), # 删除文集
     path('report_project_md/',views.report_md,name='report_md'), # 导出文集MD文件
+    path('modify_pro_role/<int:pro_id>/',views.modify_project_role,name="modify_pro_role"),# 修改文集权限
+    path('check_viewcode/',views.check_viewcode,name='check_viewcode'),# 文集访问码验证
     #################文档相关
     path('project/<int:pro_id>/<int:doc_id>/', views.doc, name='doc'),  # 文档浏览页
     path('create_doc/', views.create_doc, name="create_doc"),  # 新建文档
diff --git a/app_doc/views.py b/app_doc/views.py
index febccfc..e2b7419 100644
--- a/app_doc/views.py
+++ b/app_doc/views.py
@@ -1,7 +1,10 @@
-from django.shortcuts import render
+from django.shortcuts import render,redirect
 from django.http.response import JsonResponse,Http404,HttpResponseNotAllowed,HttpResponse
+from django.http import HttpResponseForbidden
 from django.contrib.auth.decorators import login_required # 登录需求装饰器
+from django.views.decorators.http import require_http_methods,require_GET,require_POST # 视图请求方法装饰器
 from django.core.paginator import Paginator,PageNotAnInteger,EmptyPage,InvalidPage # 后端分页
+from django.core.exceptions import PermissionDenied
 from app_doc.models import Project,Doc,DocTemp
 from django.contrib.auth.models import User
 from django.db.models import Q
@@ -12,7 +15,14 @@ from app_doc.report_utils import *
 
 # 文集列表
 def project_list(request):
-    project_list = Project.objects.all()
+    # 登录用户
+    if request.user.is_authenticated:
+        project_list = Project.objects.filter(
+            Q(role=0) | Q(role=2,role_value__contains=str(request.user.username)) | Q(create_user=request.user)
+        )
+    else:
+        # 非登录用户只显示公开文集
+        project_list = Project.objects.filter(role=0)
     return render(request, 'app_doc/pro_list.html', locals())
 
 
@@ -23,11 +33,13 @@ def create_project(request):
         try:
             name = request.POST.get('pname','')
             desc = request.POST.get('desc','')
+            role = request.POST.get('role','')
             if name != '':
                 project = Project.objects.create(
                     name=name,
                     intro=desc[:100],
-                    create_user=request.user
+                    create_user=request.user,
+                    role = int(role)
                 )
                 project.save()
                 return JsonResponse({'status':True,'data':{'id':project.id,'name':project.name}})
@@ -40,27 +52,46 @@ def create_project(request):
 
 
 # 文集页
+@require_http_methods(['GET'])
 def project_index(request,pro_id):
     # 获取文集
-    if request.method == 'GET':
-        try:
-            # 获取文集信息
-            project = Project.objects.get(id=int(pro_id))
-            # 获取搜索词
-            kw = request.GET.get('kw','')
-            # 获取文集下所有一级文档
-            project_docs = Doc.objects.filter(top_doc=int(pro_id), parent_doc=0, status=1).order_by('sort')
-            if kw != '':
-                search_result = Doc.objects.filter(top_doc=int(pro_id),pre_content__icontains=kw)
-                # if search_result.count() == 0:
-                #     search_result = {'count':0}
-                return render(request,'app_doc/project_doc_search.html',locals())
-            return render(request, 'app_doc/project.html', locals())
-        except Exception as e:
-            print(traceback.print_exc())
-            return HttpResponse('请求出错')
-    else:
-        return HttpResponse('方法不允许')
+    try:
+        # 获取文集信息
+        project = Project.objects.get(id=int(pro_id))
+
+        # 私密文集并且访问者非创建者
+        if project.role == 1 and request.user != project.create_user:
+            return render(request,'404.html')
+        # 指定用户可见文集
+        elif project.role == 2:
+            user_list = project.role_value
+            if request.user.is_authenticated: # 认证用户判断是否在许可用户列表中
+                if request.user.username not in user_list and request.user != project.create_user: # 访问者不在指定用户之中
+                    return render(request, '404.html')
+            else:# 游客直接返回404
+                return render(request, '404.html')
+        # 访问码可见
+        elif project.role == 3:
+            # 浏览用户不为创建者
+            if request.user != project.create_user:
+                viewcode = project.role_value
+                viewcode_name = 'viewcode-{}'.format(project.id)
+                r_viewcode = request.COOKIES[viewcode_name] if viewcode_name in request.COOKIES.keys() else 0 # 从cookie中获取访问码
+                if viewcode != r_viewcode: # cookie中的访问码不等于文集访问码，跳转到访问码认证界面
+                    return redirect('/check_viewcode/?to={}'.format(request.path))
+
+        # 获取搜索词
+        kw = request.GET.get('kw','')
+        # 获取文集下所有一级文档
+        project_docs = Doc.objects.filter(top_doc=int(pro_id), parent_doc=0, status=1).order_by('sort')
+        if kw != '':
+            search_result = Doc.objects.filter(top_doc=int(pro_id),pre_content__icontains=kw)
+            return render(request,'app_doc/project_doc_search.html',locals())
+        return render(request, 'app_doc/project.html', locals())
+    except Exception as e:
+        print(traceback.print_exc())
+        print(repr(e))
+        return HttpResponse('请求出错')
 
 
 # 修改文集
@@ -85,6 +116,68 @@ def modify_project(request):
         return JsonResponse({'status':False,'data':'方法不允许'})
 
 
+# 修改文集权限
+@login_required()
+def modify_project_role(request,pro_id):
+    pro = Project.objects.get(id=pro_id)
+    if (pro.create_user != request.user) and (request.user.is_superuser is False):
+        return render(request,'403.html')
+    else:
+        if request.method == 'GET':
+            return render(request,'app_doc/manage_project_role.html',locals())
+        elif request.method == 'POST':
+            role_type = request.POST.get('role','')
+            if role_type != '':
+                if int(role_type) in [0,1]:# 公开或私密
+                    Project.objects.filter(id=int(pro_id)).update(
+                        role = role_type,
+                        modify_time = datetime.datetime.now()
+                    )
+                if int(role_type) == 2: # 指定用户可见
+                    role_value = request.POST.get('tagsinput','')
+                    Project.objects.filter(id=int(pro_id)).update(
+                        role=role_type,
+                        role_value = role_value,
+                        modify_time = datetime.datetime.now()
+                    )
+                if int(role_type) == 3: # 访问码可见
+                    role_value = request.POST.get('viewcode','')
+                    Project.objects.filter(id=int(pro_id)).update(
+                        role=role_type,
+                        role_value=role_value,
+                        modify_time=datetime.datetime.now()
+                    )
+                pro = Project.objects.get(id=int(pro_id))
+                return render(request, 'app_doc/manage_project_role.html', locals())
+            else:
+                return Http404
+
+
+# 验证文集访问码
+@require_http_methods(['GET',"POST"])
+def check_viewcode(request):
+    try:
+        if request.method == 'GET':
+            project_id = request.GET.get('to','').split("/")[2]
+            project = Project.objects.get(id=int(project_id))
+            return render(request,'app_doc/check_viewcode.html',locals())
+        else:
+            viewcode = request.POST.get('viewcode','')
+            project_id = request.POST.get('project_id','')
+            project = Project.objects.get(id=int(project_id))
+            if project.role == 3 and project.role_value == viewcode:
+                obj = redirect("/project/{}/".format(project_id))
+                obj.set_cookie('viewcode-{}'.format(project_id),viewcode)
+                return obj
+            else:
+                errormsg = "访问码错误"
+                return render(request, 'app_doc/check_viewcode.html', locals())
+
+    except Exception as e:
+        print(repr(e))
+        return render(request,'404.html')
+
+
 # 删除文集
 @login_required()
 def del_project(request):
@@ -142,23 +235,44 @@ def manage_project(request):
 
 
 # 文档浏览页页
+@require_http_methods(['GET'])
 def doc(request,pro_id,doc_id):
-    if request.method == 'GET':
-        try:
-            if pro_id != '' and doc_id != '':
-                # 获取文集信息
-                project = Project.objects.get(id=int(pro_id))
-                # 获取文档内容
-                doc = Doc.objects.get(id=int(doc_id),status=1)
-                # 获取文集下一级文档
-                project_docs = Doc.objects.filter(top_doc=doc.top_doc, parent_doc=0, status=1).order_by('sort')
-                return render(request,'app_doc/doc.html',locals())
-            else:
-                return HttpResponse('参数错误')
-        except Exception as e:
-            return HttpResponse('请求出错')
-    else:
-        return HttpResponse('方法不允许')
+    try:
+        if pro_id != '' and doc_id != '':
+            # 获取文集信息
+            project = Project.objects.get(id=int(pro_id))
+
+            # 私密文集并且访问者非创建者
+            if project.role == 1 and request.user != project.create_user:
+                return render(request, '404.html')
+            # 指定用户可见文集
+            elif project.role == 2:
+                user_list = project.role_value
+                if request.user.is_authenticated:  # 认证用户判断是否在许可用户列表中
+                    if request.user.username not in user_list and request.user != project.create_user:  # 访问者不在指定用户之中
+                        return render(request, '404.html')
+                else:  # 游客直接返回404
+                    return render(request, '404.html')
+            # 访问码可见
+            elif project.role == 3:
+                # 浏览用户不为创建者
+                if request.user != project.create_user:
+                    viewcode = project.role_value
+                    viewcode_name = 'viewcode-{}'.format(project.id)
+                    r_viewcode = request.COOKIES[
+                        viewcode_name] if viewcode_name in request.COOKIES.keys() else 0  # 从cookie中获取访问码
+                    if viewcode != r_viewcode:  # cookie中的访问码不等于文集访问码，跳转到访问码认证界面
+                        return redirect('/check_viewcode/?to={}'.format(request.path))
+
+            # 获取文档内容
+            doc = Doc.objects.get(id=int(doc_id),status=1)
+            # 获取文集下一级文档
+            project_docs = Doc.objects.filter(top_doc=doc.top_doc, parent_doc=0, status=1).order_by('sort')
+            return render(request,'app_doc/doc.html',locals())
+        else:
+            return HttpResponse('参数错误')
+    except Exception as e:
+        return HttpResponse('请求出错')
 
 
 # 创建文档
diff --git a/static/tagsInput/tagsinput.css b/static/tagsInput/tagsinput.css
new file mode 100644
index 0000000..93a056e
--- /dev/null
+++ b/static/tagsInput/tagsinput.css
@@ -0,0 +1,106 @@
+*{margin: 0;padding: 0;list-style-type: none;text-decoration: none;}
+.box{width: 500px;margin: auto;}
+.bootstrap-tagsinput {
+  background-color: white;
+  border: 2px solid #ebedef;
+  border-radius: 6px;
+  margin-bottom: 18px;
+  padding: 6px 1px 1px 6px;
+  text-align: left;
+  font-size: 0;
+}
+
+.bootstrap-tagsinput .badge {
+  border-radius: 4px;
+  background-color: #ebedef;
+  color: #7b8996;
+  font-size: 13px;
+  cursor: pointer;
+  display: inline-block;
+  position: relative;
+  vertical-align: middle;
+  overflow: hidden;
+  margin: 0 5px 5px 0;
+
+
+  padding: 6px 28px 6px 14px;
+  transition: .25s linear;
+}
+
+.bootstrap-tagsinput .badge > span {
+  color: white;
+  padding: 0 10px 0 0;
+  cursor: pointer;
+  font-size: 12px;
+  position: absolute;
+  right: 0;
+  text-align: right;
+  text-decoration: none;
+  top: 0;
+  width: 100%;
+  bottom: 0;
+  z-index: 2;
+}
+
+.bootstrap-tagsinput .badge > span:after {
+  content: "x";
+  font-family: "Flat-UI-Pro-Icons";
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+  line-height: 27px;
+}
+
+@media (hover: hover) {
+  .bootstrap-tagsinput .badge {
+    padding: 6px 21px;
+  }
+  .bootstrap-tagsinput .badge > span {
+    opacity: 0;
+    filter: "alpha(opacity=0)";
+    transition: opacity .25s linear;
+  }
+  .bootstrap-tagsinput .badge:hover {
+    background-color: #16a085;
+    color: white;
+    padding-right: 28px;
+    padding-left: 14px;
+  }
+  .bootstrap-tagsinput .badge:hover > span {
+    padding: 0 10px 0 0;
+    opacity: 1;
+    -webkit-filter: none;
+            filter: none;
+  }
+}
+
+
+.bootstrap-tagsinput input[type="text"] {
+  font-size: 14px;
+  border: none;
+  box-shadow: none;
+  outline: none;
+  background-color: transparent;
+  padding: 0;
+  margin: 0;
+  width: auto !important;
+  max-width: inherit;
+  min-width: 80px;
+  vertical-align: top;
+  height: 29px;
+  color: #34495e;
+}
+
+	.tagsinput-primary {
+  margin-bottom: 18px;
+}
+
+.tagsinput-primary .bootstrap-tagsinput {
+  border-color: #1abc9c;
+  margin-bottom: 0;
+}
+
+.tagsinput-primary .badge {
+  background-color: #1abc9c;
+  color: white;
+}
+.btn{background: #1ABC9C;border: none;color: #fff;padding: 10px;border-radius: 5px;margin-top: 10px;}
\ No newline at end of file
diff --git a/static/tagsInput/tagsinput.js b/static/tagsInput/tagsinput.js
new file mode 100644
index 0000000..4643aff
--- /dev/null
+++ b/static/tagsInput/tagsinput.js
@@ -0,0 +1,687 @@
+ /* bootstrap-tagsinput v0.8.0
+ */
+
+(function ($) {
+  "use strict";
+
+  var defaultOptions = {
+    tagClass: function(item) {
+      return 'badge badge-info';
+    },
+    focusClass: 'focus',
+    itemValue: function(item) {
+      return item ? item.toString() : item;
+    },
+    itemText: function(item) {
+      return this.itemValue(item);
+    },
+    itemTitle: function(item) {
+      return null;
+    },
+    freeInput: true,
+    addOnBlur: true,
+    maxTags: undefined,
+    maxChars: undefined,
+    confirmKeys: [13, 44],
+    delimiter: ',',
+    delimiterRegex: null,
+    cancelConfirmKeysOnEmpty: false,
+    onTagExists: function(item, $tag) {
+      $tag.hide().fadeIn();
+    },
+    trimValue: false,
+    allowDuplicates: false,
+    triggerChange: true
+  };
+
+  /**
+   * Constructor function
+   */
+  function TagsInput(element, options) {
+    this.isInit = true;
+    this.itemsArray = [];
+
+    this.$element = $(element);
+    this.$element.hide();
+
+    this.isSelect = (element.tagName === 'SELECT');
+    this.multiple = (this.isSelect && element.hasAttribute('multiple'));
+    this.objectItems = options && options.itemValue;
+    this.placeholderText = element.hasAttribute('placeholder') ? this.$element.attr('placeholder') : '';
+    this.inputSize = Math.max(1, this.placeholderText.length);
+
+    this.$container = $('<div class="bootstrap-tagsinput"></div>');
+    this.$input = $('<input type="text" placeholder="' + this.placeholderText + '"/>').appendTo(this.$container);
+
+    this.$element.before(this.$container);
+
+    this.build(options);
+    this.isInit = false;
+  }
+
+  TagsInput.prototype = {
+    constructor: TagsInput,
+
+    /**
+     * Adds the given item as a new tag. Pass true to dontPushVal to prevent
+     * updating the elements val()
+     */
+    add: function(item, dontPushVal, options) {
+      var self = this;
+
+      if (self.options.maxTags && self.itemsArray.length >= self.options.maxTags)
+        return;
+
+      // Ignore falsey values, except false
+      if (item !== false && !item)
+        return;
+
+      // Trim value
+      if (typeof item === "string" && self.options.trimValue) {
+        item = $.trim(item);
+      }
+
+      // Throw an error when trying to add an object while the itemValue option was not set
+      if (typeof item === "object" && !self.objectItems)
+        throw("Can't add objects when itemValue option is not set");
+
+      // Ignore strings only containg whitespace
+      if (item.toString().match(/^\s*$/))
+        return;
+
+      // If SELECT but not multiple, remove current tag
+      if (self.isSelect && !self.multiple && self.itemsArray.length > 0)
+        self.remove(self.itemsArray[0]);
+
+      if (typeof item === "string" && this.$element[0].tagName === 'INPUT') {
+        var delimiter = (self.options.delimiterRegex) ? self.options.delimiterRegex : self.options.delimiter;
+        var items = item.split(delimiter);
+        if (items.length > 1) {
+          for (var i = 0; i < items.length; i++) {
+            this.add(items[i], true);
+          }
+
+          if (!dontPushVal)
+            self.pushVal(self.options.triggerChange);
+          return;
+        }
+      }
+
+      var itemValue = self.options.itemValue(item),
+          itemText = self.options.itemText(item),
+          tagClass = self.options.tagClass(item),
+          itemTitle = self.options.itemTitle(item);
+
+      // Ignore items allready added
+      var existing = $.grep(self.itemsArray, function(item) { return self.options.itemValue(item) === itemValue; } )[0];
+      if (existing && !self.options.allowDuplicates) {
+        // Invoke onTagExists
+        if (self.options.onTagExists) {
+          var $existingTag = $(".badge", self.$container).filter(function() { return $(this).data("item") === existing; });
+          self.options.onTagExists(item, $existingTag);
+        }
+        return;
+      }
+
+      // if length greater than limit
+      if (self.items().toString().length + item.length + 1 > self.options.maxInputLength)
+        return;
+
+      // raise beforeItemAdd arg
+      var beforeItemAddEvent = $.Event('beforeItemAdd', { item: item, cancel: false, options: options});
+      self.$element.trigger(beforeItemAddEvent);
+      if (beforeItemAddEvent.cancel)
+        return;
+
+      // register item in internal array and map
+      self.itemsArray.push(item);
+
+      // add a tag element
+
+      var $tag = $('<span class="badge ' + htmlEncode(tagClass) + (itemTitle !== null ? ('" title="' + itemTitle) : '') + '">' + htmlEncode(itemText) + '<span data-role="remove"></span></span>');
+      $tag.data('item', item);
+      self.findInputWrapper().before($tag);
+      $tag.after(' ');
+
+      // Check to see if the tag exists in its raw or uri-encoded form
+      var optionExists = (
+        $('option[value="' + encodeURIComponent(itemValue) + '"]', self.$element).length ||
+        $('option[value="' + htmlEncode(itemValue) + '"]', self.$element).length
+      );
+
+      // add <option /> if item represents a value not present in one of the <select />'s options
+      if (self.isSelect && !optionExists) {
+        var $option = $('<option selected>' + htmlEncode(itemText) + '</option>');
+        $option.data('item', item);
+        $option.attr('value', itemValue);
+        self.$element.append($option);
+      }
+
+      if (!dontPushVal)
+        self.pushVal(self.options.triggerChange);
+
+      // Add class when reached maxTags
+      if (self.options.maxTags === self.itemsArray.length || self.items().toString().length === self.options.maxInputLength)
+        self.$container.addClass('bootstrap-tagsinput-max');
+
+      // If using typeahead, once the tag has been added, clear the typeahead value so it does not stick around in the input.
+      if ($('.typeahead, .twitter-typeahead', self.$container).length) {
+        self.$input.typeahead('val', '');
+      }
+
+      if (this.isInit) {
+        self.$element.trigger($.Event('itemAddedOnInit', { item: item, options: options }));
+      } else {
+        self.$element.trigger($.Event('itemAdded', { item: item, options: options }));
+      }
+    },
+
+    /**
+     * Removes the given item. Pass true to dontPushVal to prevent updating the
+     * elements val()
+     */
+    remove: function(item, dontPushVal, options) {
+      var self = this;
+
+      if (self.objectItems) {
+        if (typeof item === "object")
+          item = $.grep(self.itemsArray, function(other) { return self.options.itemValue(other) ==  self.options.itemValue(item); } );
+        else
+          item = $.grep(self.itemsArray, function(other) { return self.options.itemValue(other) ==  item; } );
+
+        item = item[item.length-1];
+      }
+
+      if (item) {
+        var beforeItemRemoveEvent = $.Event('beforeItemRemove', { item: item, cancel: false, options: options });
+        self.$element.trigger(beforeItemRemoveEvent);
+        if (beforeItemRemoveEvent.cancel)
+          return;
+
+        $('.badge', self.$container).filter(function() { return $(this).data('item') === item; }).remove();
+        $('option', self.$element).filter(function() { return $(this).data('item') === item; }).remove();
+        if($.inArray(item, self.itemsArray) !== -1)
+          self.itemsArray.splice($.inArray(item, self.itemsArray), 1);
+      }
+
+      if (!dontPushVal)
+        self.pushVal(self.options.triggerChange);
+
+      // Remove class when reached maxTags
+      if (self.options.maxTags > self.itemsArray.length)
+        self.$container.removeClass('bootstrap-tagsinput-max');
+
+      self.$element.trigger($.Event('itemRemoved',  { item: item, options: options }));
+    },
+
+    /**
+     * Removes all items
+     */
+    removeAll: function() {
+      var self = this;
+
+      $('.badge', self.$container).remove();
+      $('option', self.$element).remove();
+
+      while(self.itemsArray.length > 0)
+        self.itemsArray.pop();
+
+      self.pushVal(self.options.triggerChange);
+    },
+
+    /**
+     * Refreshes the tags so they match the text/value of their corresponding
+     * item.
+     */
+    refresh: function() {
+      var self = this;
+      $('.badge', self.$container).each(function() {
+        var $tag = $(this),
+            item = $tag.data('item'),
+            itemValue = self.options.itemValue(item),
+            itemText = self.options.itemText(item),
+            tagClass = self.options.tagClass(item);
+
+          // Update tag's class and inner text
+          $tag.attr('class', null);
+          $tag.addClass('badge ' + htmlEncode(tagClass));
+          $tag.contents().filter(function() {
+            return this.nodeType == 3;
+          })[0].nodeValue = htmlEncode(itemText);
+
+          if (self.isSelect) {
+            var option = $('option', self.$element).filter(function() { return $(this).data('item') === item; });
+            option.attr('value', itemValue);
+          }
+      });
+    },
+
+    /**
+     * Returns the items added as tags
+     */
+    items: function() {
+      return this.itemsArray;
+    },
+
+    /**
+     * Assembly value by retrieving the value of each item, and set it on the
+     * element.
+     */
+    pushVal: function() {
+      var self = this,
+          val = $.map(self.items(), function(item) {
+            return self.options.itemValue(item).toString();
+          });
+
+      self.$element.val(val, true);
+
+      if (self.options.triggerChange)
+        self.$element.trigger('change');
+    },
+
+    /**
+     * Initializes the tags input behaviour on the element
+     */
+    build: function(options) {
+      var self = this;
+
+      self.options = $.extend({}, defaultOptions, options);
+      // When itemValue is set, freeInput should always be false
+      if (self.objectItems)
+        self.options.freeInput = false;
+
+      makeOptionItemFunction(self.options, 'itemValue');
+      makeOptionItemFunction(self.options, 'itemText');
+      makeOptionFunction(self.options, 'tagClass');
+
+      // Typeahead Bootstrap version 2.3.2
+      if (self.options.typeahead) {
+        var typeahead = self.options.typeahead || {};
+
+        makeOptionFunction(typeahead, 'source');
+
+        self.$input.typeahead($.extend({}, typeahead, {
+          source: function (query, process) {
+            function processItems(items) {
+              var texts = [];
+
+              for (var i = 0; i < items.length; i++) {
+                var text = self.options.itemText(items[i]);
+                map[text] = items[i];
+                texts.push(text);
+              }
+              process(texts);
+            }
+
+            this.map = {};
+            var map = this.map,
+                data = typeahead.source(query);
+
+            if ($.isFunction(data.success)) {
+              // support for Angular callbacks
+              data.success(processItems);
+            } else if ($.isFunction(data.then)) {
+              // support for Angular promises
+              data.then(processItems);
+            } else {
+              // support for functions and jquery promises
+              $.when(data)
+               .then(processItems);
+            }
+          },
+          updater: function (text) {
+            self.add(this.map[text]);
+            return this.map[text];
+          },
+          matcher: function (text) {
+            return (text.toLowerCase().indexOf(this.query.trim().toLowerCase()) !== -1);
+          },
+          sorter: function (texts) {
+            return texts.sort();
+          },
+          highlighter: function (text) {
+            var regex = new RegExp( '(' + this.query + ')', 'gi' );
+            return text.replace( regex, "<strong>$1</strong>" );
+          }
+        }));
+      }
+
+      // typeahead.js
+      if (self.options.typeaheadjs) {
+        // Determine if main configurations were passed or simply a dataset
+        var typeaheadjs = self.options.typeaheadjs;
+        if (!$.isArray(typeaheadjs)) {
+            typeaheadjs = [null, typeaheadjs];
+        }
+
+        $.fn.typeahead.apply(self.$input, typeaheadjs).on('typeahead:selected', $.proxy(function (obj, datum, name) {
+          var index = 0;
+          typeaheadjs.some(function(dataset, _index) {
+            if (dataset.name === name) {
+              index = _index;
+              return true;
+            }
+            return false;
+          });
+
+          // @TODO Dep: https://github.com/corejavascript/typeahead.js/issues/89
+          if (typeaheadjs[index].valueKey) {
+            self.add(datum[typeaheadjs[index].valueKey]);
+          } else {
+            self.add(datum);
+          }
+
+          self.$input.typeahead('val', '');
+        }, self));
+      }
+
+      self.$container.on('click', $.proxy(function(event) {
+        if (! self.$element.attr('disabled')) {
+          self.$input.removeAttr('disabled');
+        }
+        self.$input.focus();
+      }, self));
+
+        if (self.options.addOnBlur && self.options.freeInput) {
+          self.$input.on('focusout', $.proxy(function(event) {
+              // HACK: only process on focusout when no typeahead opened, to
+              //       avoid adding the typeahead text as tag
+              if ($('.typeahead, .twitter-typeahead', self.$container).length === 0) {
+                self.add(self.$input.val());
+                self.$input.val('');
+              }
+          }, self));
+        }
+
+      // Toggle the 'focus' css class on the container when it has focus
+      self.$container.on({
+        focusin: function() {
+          self.$container.addClass(self.options.focusClass);
+        },
+        focusout: function() {
+          self.$container.removeClass(self.options.focusClass);
+        },
+      });
+
+      self.$container.on('keydown', 'input', $.proxy(function(event) {
+        var $input = $(event.target),
+            $inputWrapper = self.findInputWrapper();
+
+        if (self.$element.attr('disabled')) {
+          self.$input.attr('disabled', 'disabled');
+          return;
+        }
+
+        switch (event.which) {
+          // BACKSPACE
+          case 8:
+            if (doGetCaretPosition($input[0]) === 0) {
+              var prev = $inputWrapper.prev();
+              if (prev.length) {
+                self.remove(prev.data('item'));
+              }
+            }
+            break;
+
+          // DELETE
+          case 46:
+            if (doGetCaretPosition($input[0]) === 0) {
+              var next = $inputWrapper.next();
+              if (next.length) {
+                self.remove(next.data('item'));
+              }
+            }
+            break;
+
+          // LEFT ARROW
+          case 37:
+            // Try to move the input before the previous tag
+            var $prevTag = $inputWrapper.prev();
+            if ($input.val().length === 0 && $prevTag[0]) {
+              $prevTag.before($inputWrapper);
+              $input.focus();
+            }
+            break;
+          // RIGHT ARROW
+          case 39:
+            // Try to move the input after the next tag
+            var $nextTag = $inputWrapper.next();
+            if ($input.val().length === 0 && $nextTag[0]) {
+              $nextTag.after($inputWrapper);
+              $input.focus();
+            }
+            break;
+         default:
+             // ignore
+         }
+
+        // Reset internal input's size
+        var textLength = $input.val().length,
+            wordSpace = Math.ceil(textLength / 5),
+            size = textLength + wordSpace + 1;
+        $input.attr('size', Math.max(this.inputSize, size));
+      }, self));
+
+      self.$container.on('keypress', 'input', $.proxy(function(event) {
+         var $input = $(event.target);
+
+         if (self.$element.attr('disabled')) {
+            self.$input.attr('disabled', 'disabled');
+            return;
+         }
+
+         var text = $input.val(),
+         maxLengthReached = self.options.maxChars && text.length >= self.options.maxChars;
+         if (self.options.freeInput && (keyCombinationInList(event, self.options.confirmKeys) || maxLengthReached)) {
+            // Only attempt to add a tag if there is data in the field
+            if (text.length !== 0) {
+               self.add(maxLengthReached ? text.substr(0, self.options.maxChars) : text);
+               $input.val('');
+            }
+
+            // If the field is empty, let the event triggered fire as usual
+            if (self.options.cancelConfirmKeysOnEmpty === false) {
+                event.preventDefault();
+            }
+         }
+
+         // Reset internal input's size
+         var textLength = $input.val().length,
+            wordSpace = Math.ceil(textLength / 5),
+            size = textLength + wordSpace + 1;
+         $input.attr('size', Math.max(this.inputSize, size));
+      }, self));
+
+      // Remove icon clicked
+      self.$container.on('click', '[data-role=remove]', $.proxy(function(event) {
+        if (self.$element.attr('disabled')) {
+          return;
+        }
+        self.remove($(event.target).closest('.badge').data('item'));
+      }, self));
+
+      // Only add existing value as tags when using strings as tags
+      if (self.options.itemValue === defaultOptions.itemValue) {
+        if (self.$element[0].tagName === 'INPUT') {
+            self.add(self.$element.val());
+        } else {
+          $('option', self.$element).each(function() {
+            self.add($(this).attr('value'), true);
+          });
+        }
+      }
+    },
+
+    /**
+     * Removes all tagsinput behaviour and unregsiter all event handlers
+     */
+    destroy: function() {
+      var self = this;
+
+      // Unbind events
+      self.$container.off('keypress', 'input');
+      self.$container.off('click', '[role=remove]');
+
+      self.$container.remove();
+      self.$element.removeData('tagsinput');
+      self.$element.show();
+    },
+
+    /**
+     * Sets focus on the tagsinput
+     */
+    focus: function() {
+      this.$input.focus();
+    },
+
+    /**
+     * Returns the internal input element
+     */
+    input: function() {
+      return this.$input;
+    },
+
+    /**
+     * Returns the element which is wrapped around the internal input. This
+     * is normally the $container, but typeahead.js moves the $input element.
+     */
+    findInputWrapper: function() {
+      var elt = this.$input[0],
+          container = this.$container[0];
+      while(elt && elt.parentNode !== container)
+        elt = elt.parentNode;
+
+      return $(elt);
+    }
+  };
+
+  /**
+   * Register JQuery plugin
+   */
+  $.fn.tagsinput = function(arg1, arg2, arg3) {
+    var results = [];
+
+    this.each(function() {
+      var tagsinput = $(this).data('tagsinput');
+      // Initialize a new tags input
+      if (!tagsinput) {
+          tagsinput = new TagsInput(this, arg1);
+          $(this).data('tagsinput', tagsinput);
+          results.push(tagsinput);
+
+          if (this.tagName === 'SELECT') {
+              $('option', $(this)).attr('selected', 'selected');
+          }
+
+          // Init tags from $(this).val()
+          $(this).val($(this).val());
+      } else if (!arg1 && !arg2) {
+          // tagsinput already exists
+          // no function, trying to init
+          results.push(tagsinput);
+      } else if(tagsinput[arg1] !== undefined) {
+          // Invoke function on existing tags input
+            if(tagsinput[arg1].length === 3 && arg3 !== undefined){
+               var retVal = tagsinput[arg1](arg2, null, arg3);
+            }else{
+               var retVal = tagsinput[arg1](arg2);
+            }
+          if (retVal !== undefined)
+              results.push(retVal);
+      }
+    });
+
+    if ( typeof arg1 == 'string') {
+      // Return the results from the invoked function calls
+      return results.length > 1 ? results : results[0];
+    } else {
+      return results;
+    }
+  };
+
+  $.fn.tagsinput.Constructor = TagsInput;
+
+  /**
+   * Most options support both a string or number as well as a function as
+   * option value. This function makes sure that the option with the given
+   * key in the given options is wrapped in a function
+   */
+  function makeOptionItemFunction(options, key) {
+    if (typeof options[key] !== 'function') {
+      var propertyName = options[key];
+      options[key] = function(item) { return item[propertyName]; };
+    }
+  }
+  function makeOptionFunction(options, key) {
+    if (typeof options[key] !== 'function') {
+      var value = options[key];
+      options[key] = function() { return value; };
+    }
+  }
+  /**
+   * HtmlEncodes the given value
+   */
+  var htmlEncodeContainer = $('<div />');
+  function htmlEncode(value) {
+    if (value) {
+      return htmlEncodeContainer.text(value).html();
+    } else {
+      return '';
+    }
+  }
+
+  /**
+   * Returns the position of the caret in the given input field
+   * http://flightschool.acylt.com/devnotes/caret-position-woes/
+   */
+  function doGetCaretPosition(oField) {
+    var iCaretPos = 0;
+    if (document.selection) {
+      oField.focus ();
+      var oSel = document.selection.createRange();
+      oSel.moveStart ('character', -oField.value.length);
+      iCaretPos = oSel.text.length;
+    } else if (oField.selectionStart || oField.selectionStart == '0') {
+      iCaretPos = oField.selectionStart;
+    }
+    return (iCaretPos);
+  }
+
+  /**
+    * Returns boolean indicates whether user has pressed an expected key combination.
+    * @param object keyPressEvent: JavaScript event object, refer
+    *     http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
+    * @param object lookupList: expected key combinations, as in:
+    *     [13, {which: 188, shiftKey: true}]
+    */
+  function keyCombinationInList(keyPressEvent, lookupList) {
+      var found = false;
+      $.each(lookupList, function (index, keyCombination) {
+          if (typeof (keyCombination) === 'number' && keyPressEvent.which === keyCombination) {
+              found = true;
+              return false;
+          }
+
+          if (keyPressEvent.which === keyCombination.which) {
+              var alt = !keyCombination.hasOwnProperty('altKey') || keyPressEvent.altKey === keyCombination.altKey,
+                  shift = !keyCombination.hasOwnProperty('shiftKey') || keyPressEvent.shiftKey === keyCombination.shiftKey,
+                  ctrl = !keyCombination.hasOwnProperty('ctrlKey') || keyPressEvent.ctrlKey === keyCombination.ctrlKey;
+              if (alt && shift && ctrl) {
+                  found = true;
+                  return false;
+              }
+          }
+      });
+
+      return found;
+  }
+
+  /**
+   * Initialize tagsinput behaviour on inputs and selects which have
+   * data-role=tagsinput
+   * zmm2113@qq.com 2018.6.24
+   */
+  $(function() {
+    $("input[data-role=tagsinput], select[multiple][data-role=tagsinput]").tagsinput();
+  });
+})(window.jQuery);
diff --git a/template/403.html b/template/403.html
index e4f6aa8..25f27d2 100644
--- a/template/403.html
+++ b/template/403.html
@@ -7,7 +7,7 @@
     <link href="{% static 'layui/css/layui.css' %}" rel="stylesheet">
     <link href="{% static 'mrdoc.css' %}" rel="stylesheet">
 </head>
-<body class="layui-layout-body">
+<body class="layui-container">
 <!-- 页头 -->
 {% include 'app_doc/head_base.html' %}
 <!-- 页头结束 -->
diff --git a/template/404.html b/template/404.html
index a9393b2..68c1619 100644
--- a/template/404.html
+++ b/template/404.html
@@ -7,7 +7,7 @@
     <link href="{% static 'layui/css/layui.css' %}" rel="stylesheet">
     <link href="{% static 'mrdoc.css' %}" rel="stylesheet">
 </head>
-<body class="layui-layout-body">
+<body class="layui-container">
 <!-- 页头 -->
 {% include 'app_doc/head_base.html' %}
 <!-- 页头结束 -->
diff --git a/template/app_admin/admin_project.html b/template/app_admin/admin_project.html
index 76f3127..b9818c9 100644
--- a/template/app_admin/admin_project.html
+++ b/template/app_admin/admin_project.html
@@ -26,6 +26,7 @@
                 <col width="300">
                 <col width="40">
                 <col width="50">
+                <col width="100">
                 <col width="50">
                 <col width="50">
             </colgroup>
@@ -34,6 +35,7 @@
             <th>文集名称</th>
             <th>文集简介</th>
             <th>文档数量</th>
+            <th>权限</th>
             <th>创建时间</th>
             <th>所属用户</th>
             <th>操作</th>
@@ -46,6 +48,19 @@
           <td>{{ pro.intro }}</td>
           {% load project_filter %}
           <td>{{ pro.id | get_doc_count }}</td>
+            <td>
+              <div class="layui-input-inline">
+              {% if pro.role == 0 %}
+                  <i class="layui-icon layui-icon-circle"></i> 公开 <a href="{% url 'admin_project_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% elif pro.role == 1 %}
+                  <i class="layui-icon layui-icon-menu-fill"></i> 私密 <a href="{% url 'admin_project_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% elif pro.role == 2 %}
+                  <i class="layui-icon layui-icon-group"></i> 指定用户可见 <a href="{% url 'admin_project_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% elif pro.role == 3 %}
+                  <i class="layui-icon layui-icon-password"></i> 访问码可见 <a href="{% url 'admin_project_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% endif %}
+              </div>
+          </td>
           <td>{{ pro.create_time }}</td>
           <td>{{ pro.create_user }}</td>
           <td>
diff --git a/template/app_admin/admin_project_role.html b/template/app_admin/admin_project_role.html
new file mode 100644
index 0000000..8bad4f0
--- /dev/null
+++ b/template/app_admin/admin_project_role.html
@@ -0,0 +1,96 @@
+{% extends 'app_admin/admin_base.html' %}
+{% load staticfiles %}
+{% block title %}文集权限管理{% endblock %}
+{% block content %}
+    <link href="{% static 'tagsInput/tagsinput.css' %}" rel="stylesheet" type="text/css"/>
+    <div class="layui-row" style="margin-bottom: 10px;padding-left:15px;">
+        <span class="layui-breadcrumb" lay-separator=">">
+          <a href="{% url 'project_manage' %}">文集管理</a>
+          <a><cite>权限管理</cite></a>
+        </span>
+    </div>
+    <div class="layui-card-header" style="margin-bottom: 10px;">
+
+      <div class="layui-row">
+          <span style="font-size:18px;">修改文集权限
+          </span>
+      </div>
+  </div>
+    <div class="layui-row">
+        <form action="{% url 'admin_project_role' pro.id %}" method="post" class="layui-form">
+            {% csrf_token %}
+            <div class="layui-form-item">
+                <label class="layui-form-label">文集作者</label>
+                <div class="layui-input-block">
+                  <input type="text" name="title" required value="{{pro.create_user.username}}"  disabled class="layui-input">
+                    <!--<span>{{pro.name}}</span>-->
+                </div>
+            </div>
+            <div class="layui-form-item">
+                <label class="layui-form-label">文集名称</label>
+                <div class="layui-input-block">
+                  <input type="text" name="title" required value="{{pro.name}}"  disabled class="layui-input">
+                    <!--<span>{{pro.name}}</span>-->
+                </div>
+            </div>
+
+            <div class="layui-form-item">
+                <label class="layui-form-label">权限选择</label>
+                <div class="layui-input-block">
+                    <input type="radio" name="role" value="0" title="公开" {% if pro.role == 0 %} checked {%endif%} lay-filter="role">
+                    <input type="radio" name="role" value="1" title="私密" {% if pro.role == 1 %} checked {%endif%} lay-filter="role">
+                    <input type="radio" name="role" value="2" title="指定用户可见" {% if pro.role == 2 %} checked {%endif%} lay-filter="role">
+                    <input type="radio" name="role" value="3" title="访问码可见" {% if pro.role == 3 %} checked {%endif%} lay-filter="role">
+                </div>
+            </div>
+
+            <div class="layui-form-item" style="{% if pro.role == 3 %}{% else %}display:none;{% endif %}" id="role-pwd">
+                <label class="layui-form-label">访问码</label>
+                <div class="layui-input-inline">
+                  <input type="text" name="viewcode"  placeholder="请输入访问码" autocomplete="off" class="layui-input" value="{{pro.role_value}}">
+                </div>
+                <div class="layui-form-mid layui-word-aux">不少于4位数</div>
+            </div>
+
+            <div class="layui-form-item" style="{% if pro.role == 2 %}{% else %}display:none;{% endif %}" id="role-user">
+                <label class="layui-form-label">允许用户</label>
+                <div class="layui-input-block">
+                    <div class="tagsinput-primary form-group">
+                        <input name="tagsinput" id="tagsinputval" class="tagsinput" data-role="tagsinput" value="{{pro.role_value}}" placeholder="请输入用户名，回车输入多个用户">
+                        <!--<button class="btn" onClick="getinput()">查询</button>-->
+                    </div>
+                </div>
+            </div>
+
+            <div class="layui-form-item">
+                <div class="layui-input-block">
+                  <button class="layui-btn" lay-submit lay-filter="formDemo">立即修改</button>
+                </div>
+            </div>
+        </form>
+    </div>
+{% endblock %}
+{% block custom_script %}
+<script src="{% static '/tagsInput/tagsinput.js' %}" type="text/javascript" charset="utf-8"></script>
+<script>
+    $.ajaxSetup({
+            data: {csrfmiddlewaretoken: '{{ csrf_token }}' },
+        });
+    var form = layui.form;
+    //监听单选事件
+    form.on('radio(role)', function(data){
+      console.log(data.elem); //得到radio原始DOM对象
+      console.log(data.value); //被点击的radio的value值
+      if(data.value in [0,1]){
+            $("#role-pwd").css("display","none");
+            $("#role-user").css("display","none");
+      }else if(data.value == 2){
+            $("#role-user").css("display","block");
+            $("#role-pwd").css("display","none");
+      }else if(data.value == 3){
+            $("#role-user").css("display","none");
+            $("#role-pwd").css("display","block");
+      }
+    });
+</script>
+{% endblock %}
\ No newline at end of file
diff --git a/template/app_doc/check_viewcode.html b/template/app_doc/check_viewcode.html
new file mode 100644
index 0000000..0205efb
--- /dev/null
+++ b/template/app_doc/check_viewcode.html
@@ -0,0 +1,77 @@
+{% load staticfiles %}
+<!DOCTYPE html>
+<html lang='zh-CN'>
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge，chrome=1">
+    <meta http-equiv="Cache-Control" content="no-transform" />
+    <meta http-equiv="Cache-Control" content="no-siteapp" />
+    <meta http-equiv="Cache-Control" content="max-age=7200" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+	<title>请输入访问码 - MrDoc</title>
+	<meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+	<link rel="stylesheet" href="{% static 'layui/css/layui.css' %}" crossorigin="anonymous">
+    <style>
+        body{
+            background-color: #fafafa;
+            text-align: center;
+        }
+        .container{
+            display: flex;
+            display: -webkit-flex;
+            justify-content: center;
+            align-items: center;
+        }
+        .login-form{
+            margin-top: 15%;
+            {#width: 400px;#}
+            padding: 20px 50px 20px 60px;
+            background-color: #fff;
+            -webkit-box-shadow: #666 0px 0px 10px;
+           -moz-box-shadow: #666 0px 0px 10px;
+           box-shadow: #666 0px 0px 10px;
+        }
+        .register-link{
+            font-size: 12px;
+        }
+        /* 移动端输入框样式 */
+        @media screen and (max-width: 450px){
+            .layui-form-item .layui-input-inline {
+                display: block;
+                float: none;
+                left: -3px;
+                width: auto;
+                margin: 0;
+            }
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div></div>
+        <div></div>
+        <div class="login-form">
+            <form class="layui-form" action=""  method='POST'>
+                {% csrf_token %}
+                <div class="layui-form-item">
+                    <h4>你正在访问：<strong><u>{{ project.name }}</u></strong></h4>
+                    <br><span style='color:red;margin-bottom: 10px;'>{{ errormsg }}</span>
+                </div>
+                <div class="layui-form-item">
+                    <input value="{{project.id}}" name="project_id" hidden>
+                    <div class="layui-input-inline login-input">
+                      <input type="text" name="viewcode" required  lay-verify="required" placeholder="请输入访问码" autocomplete="off" class="layui-input" >
+                    </div>
+                </div>
+                <div class="layui-form-item">
+                    <div class="layui-input-inline login-input">
+                        <button class="layui-btn layui-btn-fluid layui-btn-radius  layui-btn-normal" lay-submit lay-filter="formDemo" type="submit">确认</button>
+                    </div>
+                </div>
+
+            </form>
+        </div>
+    </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/template/app_doc/create_doc.html b/template/app_doc/create_doc.html
index af02913..d7067f1 100644
--- a/template/app_doc/create_doc.html
+++ b/template/app_doc/create_doc.html
@@ -83,13 +83,15 @@
                     title:'新建文集',
                     area:'300px;',
                     id:'createPro',//配置ID
-                    content:'<div style="padding: 20px;"><input class="layui-input" type="text" id="pname" style="margin-bottom:10px;" placeholder="输入文集名" required  lay-verify="required"><textarea name="desc" id="desc" placeholder="输入文集简介，不超过100个字，超出将被截断"  maxlength="100" class="layui-textarea"></textarea></div>',
+                    //content:'<div style="padding: 20px;"><input class="layui-input" type="text" id="pname" style="margin-bottom:10px;" placeholder="输入文集名" required  lay-verify="required"><textarea name="desc" id="desc" placeholder="输入文集简介，不超过100个字，超出将被截断"  maxlength="100" class="layui-textarea"></textarea></div>',
+                    content: $('#create-project-div'),
                     btn:['确定','取消'], //添加按钮
                     btnAlign:'c', //按钮居中
                     yes:function (index,layero) {
                         data = {
                             'pname':$("#pname").val(),
                             'desc':$("#desc").val(),
+                            'role':$("#project-role").val(),
                         }
                         $.post("{% url 'create_project' %}",data,function(r){
                             if(r.status){
@@ -260,6 +262,7 @@
 {% endblock %}
 
 {% block custom_div %}
+<!-- 插入文档模板div块 -->
 <div class="doctemp-list " id="doctemp-list" style="display: none;padding:5px;">
     <div style="margin: 10px 0 0 10px;">
         <a class="layui-btn layui-btn-normal layui-btn-sm" href="{% url 'create_doctemp' %}" target="_blank">新建模板</a>
@@ -293,4 +296,23 @@
       </tbody>
     </table>
 </div>
+<!-- 结束插入文档模板div块 -->
+
+<!-- 新建文集div块 -->
+<div style="padding: 20px;display:none;" id="create-project-div">
+    <input class="layui-input" type="text" id="pname" style="margin-bottom:10px;" placeholder="输入文集名" required  lay-verify="required">
+    <textarea name="desc" id="desc" placeholder="输入文集简介，不超过100个字，超出将被截断"  maxlength="100" class="layui-textarea"></textarea>
+    <div class="layui-form-item" style="margin-top:10px;">
+        <label class="layui-form-label" style="text-align:left;padding:9px 0px;">文集权限</label>
+        <div class="layui-input-block">
+            <select name="project-role" lay-verify="" class="layui-select" id="project-role">
+                <!--<option value="">选择文集权限</option>-->
+                <option value="0">公开</option>
+                <option value="1">私密</option>
+            </select>
+        </div>
+    </div>
+    <div style="color:red;font-size:12px;">*在可后台对文集权限进行进一步控制</div>
+</div>
+<!-- 结束新建文集div块 -->
 {% endblock %}
\ No newline at end of file
diff --git a/template/app_doc/manage_base.html b/template/app_doc/manage_base.html
index 914401b..be622cc 100644
--- a/template/app_doc/manage_base.html
+++ b/template/app_doc/manage_base.html
@@ -35,7 +35,7 @@
             </a>
             <dl class="layui-nav-child">
                 {% if request.user.is_superuser %}
-                <dd><a href="{% url 'doctemp_manage' %}">后台管理</a></dd>
+                <dd><a href="{% url 'project_manage' %}">后台管理</a></dd>
                 {% endif %}
               <dd><a href="{% url 'logout' %}">退出登录</a></dd>
             </dl>
diff --git a/template/app_doc/manage_project.html b/template/app_doc/manage_project.html
index 0f85461..c1a48b2 100644
--- a/template/app_doc/manage_project.html
+++ b/template/app_doc/manage_project.html
@@ -26,6 +26,7 @@
             <col width="400">
             <col width="50">
             <col width="100">
+            <col width="100">
             <col width="150">
             </colgroup>
       <thead>
@@ -34,6 +35,7 @@
           <th>文集简介</th>
           <th>文档数量</th>
           <th>创建时间</th>
+          <th>权限</th>
           <th>操作</th>
         </tr>
       </thead>
@@ -45,6 +47,19 @@
           {% load project_filter %}
           <td>{{ pro.id | get_doc_count }}</td>
           <td>{{ pro.create_time }}</td>
+          <td>
+              <div class="layui-input-inline">
+              {% if pro.role == 0 %}
+                  <i class="layui-icon layui-icon-circle"></i> 公开 <a href="{% url 'modify_pro_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% elif pro.role == 1 %}
+                  <i class="layui-icon layui-icon-menu-fill"></i> 私密 <a href="{% url 'modify_pro_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% elif pro.role == 2 %}
+                  <i class="layui-icon layui-icon-group"></i> 指定用户可见 <a href="{% url 'modify_pro_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% elif pro.role == 3 %}
+                  <i class="layui-icon layui-icon-password"></i> 访问码可见 <a href="{% url 'modify_pro_role' pro.id %}"  title="修改文集权限"><i class="layui-icon layui-icon-edit"></i></a>
+              {% endif %}
+              </div>
+          </td>
           <td>
               <!--<a href="{% url 'pro_index' pro_id=pro.id %}"  target="_blank" class="layui-btn layui-btn-normal layui-btn-xs">查看</a>-->
               <a href="javascript:void(0);" onclick="modifyProject('{{pro.id}}','{{pro.name}}','{{pro.intro}}')" class="layui-btn layui-btn-warm layui-btn-xs">修改</a>
@@ -78,6 +93,7 @@
     $.ajaxSetup({
             data: {csrfmiddlewaretoken: '{{ csrf_token }}' },
         });
+    //创建文集
     createProject = function(){
         layer.open({
             type:1,
@@ -106,6 +122,7 @@
             },
         });
     };
+    //修改文集
     modifyProject = function(pro_id,pro_name,pro_intro){
         layer.open({
             type:1,
@@ -135,6 +152,7 @@
             },
         });
     };
+    //删除文集
     delProject = function(pro_id){
         layer.open({
             type:1,
@@ -205,5 +223,13 @@
             //btnAlign:'c', //按钮居中
         })
     };
+    //修改文集权限
+    modifyProjectRole = function(pro_id){
+        layer.open({
+            type:1,
+            title:"修改文集权限",
+            content:$("#modify-project-role-div"),
+        });
+    };
 </script>
 {% endblock %}
\ No newline at end of file
diff --git a/template/app_doc/manage_project_role.html b/template/app_doc/manage_project_role.html
new file mode 100644
index 0000000..9bc6b83
--- /dev/null
+++ b/template/app_doc/manage_project_role.html
@@ -0,0 +1,89 @@
+{% extends 'app_doc/manage_base.html' %}
+{% load staticfiles %}
+{% block title %}文集权限管理{% endblock %}
+{% block content %}
+    <link href="{% static 'tagsInput/tagsinput.css' %}" rel="stylesheet" type="text/css"/>
+    <div class="layui-row" style="margin-bottom: 10px;padding-left:15px;">
+        <span class="layui-breadcrumb" lay-separator=">">
+          <a href="{% url 'manage_project' %}">文集管理</a>
+          <a><cite>权限管理</cite></a>
+        </span>
+    </div>
+    <div class="layui-card-header" style="margin-bottom: 10px;">
+
+      <div class="layui-row">
+          <span style="font-size:18px;">修改文集权限
+          </span>
+      </div>
+  </div>
+    <div class="layui-row">
+        <form action="{% url 'modify_pro_role' pro.id %}" method="post" class="layui-form">
+            {% csrf_token %}
+            <div class="layui-form-item">
+                <label class="layui-form-label">文集名称</label>
+                <div class="layui-input-block">
+                  <input type="text" name="title" required value="{{pro.name}}"  disabled class="layui-input">
+                    <!--<span>{{pro.name}}</span>-->
+                </div>
+            </div>
+
+            <div class="layui-form-item">
+                <label class="layui-form-label">权限选择</label>
+                <div class="layui-input-block">
+                    <input type="radio" name="role" value="0" title="公开" {% if pro.role == 0 %} checked {%endif%} lay-filter="role">
+                    <input type="radio" name="role" value="1" title="私密" {% if pro.role == 1 %} checked {%endif%} lay-filter="role">
+                    <input type="radio" name="role" value="2" title="指定用户可见" {% if pro.role == 2 %} checked {%endif%} lay-filter="role">
+                    <input type="radio" name="role" value="3" title="访问码可见" {% if pro.role == 3 %} checked {%endif%} lay-filter="role">
+                </div>
+            </div>
+
+            <div class="layui-form-item" style="{% if pro.role == 3 %}{% else %}display:none;{% endif %}" id="role-pwd">
+                <label class="layui-form-label">访问码</label>
+                <div class="layui-input-inline">
+                  <input type="text" name="viewcode"  placeholder="请输入访问码" autocomplete="off" class="layui-input" value="{{pro.role_value}}">
+                </div>
+                <div class="layui-form-mid layui-word-aux">不少于4位数</div>
+            </div>
+
+            <div class="layui-form-item" style="{% if pro.role == 2 %}{% else %}display:none;{% endif %}" id="role-user">
+                <label class="layui-form-label">允许用户</label>
+                <div class="layui-input-block">
+                    <div class="tagsinput-primary form-group">
+                        <input name="tagsinput" id="tagsinputval" class="tagsinput" data-role="tagsinput" value="{{pro.role_value}}" placeholder="请输入用户名，回车输入多个用户">
+                        <!--<button class="btn" onClick="getinput()">查询</button>-->
+                    </div>
+                </div>
+            </div>
+
+            <div class="layui-form-item">
+                <div class="layui-input-block">
+                  <button class="layui-btn" lay-submit lay-filter="formDemo">立即修改</button>
+                </div>
+            </div>
+        </form>
+    </div>
+{% endblock %}
+{% block custom_script %}
+<script src="{% static '/tagsInput/tagsinput.js' %}" type="text/javascript" charset="utf-8"></script>
+<script>
+    $.ajaxSetup({
+            data: {csrfmiddlewaretoken: '{{ csrf_token }}' },
+        });
+    var form = layui.form;
+    //监听单选事件
+    form.on('radio(role)', function(data){
+      console.log(data.elem); //得到radio原始DOM对象
+      console.log(data.value); //被点击的radio的value值
+      if(data.value in [0,1]){
+            $("#role-pwd").css("display","none");
+            $("#role-user").css("display","none");
+      }else if(data.value == 2){
+            $("#role-user").css("display","block");
+            $("#role-pwd").css("display","none");
+      }else if(data.value == 3){
+            $("#role-user").css("display","none");
+            $("#role-pwd").css("display","block");
+      }
+    });
+</script>
+{% endblock %}
\ No newline at end of file