diff --git a/OpenAuth.App/LoginApp.cs b/OpenAuth.App/LoginApp.cs
index 38a25a5d..259ad2ae 100644
--- a/OpenAuth.App/LoginApp.cs
+++ b/OpenAuth.App/LoginApp.cs
@@ -50,8 +50,20 @@ namespace OpenAuth.App
                     u =>
                         (u.FirstId == user.Id && u.Key == "UserModule") ||
                         (u.Key == "RoleModule" && userRoleIds.Contains(u.FirstId))).Select(u =>u.SecondId).ToList();
+            //�û���ɫ���Լ����䵽�Ĳ˵�ID
+            var elementIds =
+               _relevanceRepository.Find(
+                   u =>
+                       (u.FirstId == user.Id && u.Key == "UserElement") ||
+                       (u.Key == "RoleElement" && userRoleIds.Contains(u.FirstId))).Select(u => u.SecondId).ToList();
             //�ó������û�ӵ�е�ģ��
             loginVM.Modules = _moduleRepository.Find(u => moduleIds.Contains(u.Id)).MapToList<ModuleView>();
+
+            //ģ��˵�Ȩ��
+            foreach (var module in loginVM.Modules)
+            {
+                module.Elements = _moduleElementRepository.Find(u => u.ModuleId == module.Id && elementIds.Contains( u.Id)).ToList();
+            }
             
            return loginVM;
         }
diff --git a/OpenAuth.App/ModuleElementManagerApp.cs b/OpenAuth.App/ModuleElementManagerApp.cs
index 7875e161..1c4e4820 100644
--- a/OpenAuth.App/ModuleElementManagerApp.cs
+++ b/OpenAuth.App/ModuleElementManagerApp.cs
@@ -106,5 +106,17 @@ namespace OpenAuth.App
         {
             _repository.Delete(u =>u.Id ==id);
         }
+
+        public void AssignForRole(int roleId, int[] menuIds)
+        {
+            _relevanceRepository.DeleteBy("RoleElement", roleId);
+            _relevanceRepository.AddRelevance("RoleElement", menuIds.ToLookup(u => roleId));
+        }
+
+        public void AssignForUser(int userId, int[] ids)
+        {
+            _relevanceRepository.DeleteBy("UserElement", userId);
+            _relevanceRepository.AddRelevance("UserElement", ids.ToLookup(u => userId));
+        }
     }
 }
diff --git a/OpenAuth.App/ModuleManagerApp.cs b/OpenAuth.App/ModuleManagerApp.cs
index 0b877a07..2b127350 100644
--- a/OpenAuth.App/ModuleManagerApp.cs
+++ b/OpenAuth.App/ModuleManagerApp.cs
@@ -107,14 +107,26 @@ namespace OpenAuth.App
 
         /// <summary>
         /// 加载特定用户的模块
+        /// TODO:这里会加载用户及用户角色的所有模块，“为用户分配模块”功能会给人一种混乱的感觉，但可以接受
         /// </summary>
         /// <param name="userId">The user unique identifier.</param>
         public List<Module> LoadForUser(int userId)
         {
+            //用户角色
+            var userRoleIds =
+                _relevanceRepository.Find(u => u.FirstId == userId && u.Key == "UserRole").Select(u => u.SecondId).ToList();
+
+            //用户角色与自己分配到的模块ID
             var moduleIds =
-                _relevanceRepository.Find(u => u.FirstId == userId && u.Key == "UserModule")
-                    .Select(u => u.SecondId)
-                    .ToList();
+                _relevanceRepository.Find(
+                    u =>
+                        (u.FirstId == userId && u.Key == "UserModule") ||
+                        (u.Key == "RoleModule" && userRoleIds.Contains(u.FirstId))).Select(u => u.SecondId).ToList();
+
+            //var moduleIds =
+            //    _relevanceRepository.Find(u => u.FirstId == userId && u.Key == "UserModule")
+            //        .Select(u => u.SecondId)
+            //        .ToList();
             if (!moduleIds.Any()) return new List<Module>();
             return _repository.Find(u => moduleIds.Contains(u.Id)).ToList();
         }
diff --git a/OpenAuth.Mvc/Controllers/BaseController.cs b/OpenAuth.Mvc/Controllers/BaseController.cs
index 2e2c4bc8..7a64b365 100644
--- a/OpenAuth.Mvc/Controllers/BaseController.cs
+++ b/OpenAuth.Mvc/Controllers/BaseController.cs
@@ -32,14 +32,11 @@ namespace OpenAuth.Mvc.Controllers
                 filterContext.Result = new RedirectResult("/Login/Index");
                 return;
             }
+            var controllername = Request.RequestContext.RouteData.Values["controller"].ToString().ToLower();
 
-            string url = Request.Url.LocalPath;
-            if (url != "/"
-                && !url.Contains("Main")
-                && !url.Contains("Error")
-                && !url.Contains("Git"))
+            if (controllername != "home")  //主页控制器无需权限控制
             {
-                var module = loginUser.Modules.FirstOrDefault(u => url.Contains(u.Url));
+                var module = loginUser.Modules.FirstOrDefault(u => u.Url.ToLower().Contains(controllername));
                 if (module == null)
                 {
                     filterContext.Result = new RedirectResult("/Login/Index");
@@ -47,9 +44,10 @@ namespace OpenAuth.Mvc.Controllers
                 }
                 else
                 {
-                    ViewBag.Module = module;
+                    ViewBag.Module = module;  //为View显示服务，主要是为了显示按钮
                 }
             }
+
             base.OnActionExecuting(filterContext);
         }
     }
diff --git a/OpenAuth.Mvc/Controllers/ModuleElementManagerController.cs b/OpenAuth.Mvc/Controllers/ModuleElementManagerController.cs
index 8453879e..e67b1470 100644
--- a/OpenAuth.Mvc/Controllers/ModuleElementManagerController.cs
+++ b/OpenAuth.Mvc/Controllers/ModuleElementManagerController.cs
@@ -15,6 +15,7 @@
 using System;
 using System.Collections.Generic;
 using System.Data.Entity.Validation;
+using System.Linq;
 using System.Web.Mvc;
 using Infrastructure;
 using OpenAuth.App;
@@ -78,11 +79,55 @@ namespace OpenAuth.Mvc.Controllers
             ViewBag.RoleId = roleId;
             return View();
         }
+        [HttpPost]
+        public string AssignForRole(int roleId, string menuIds)
+        {
+            try
+            {
+                var ids = menuIds.Split(',').Select(id => int.Parse(id)).ToArray();
+                _app.AssignForRole(roleId, ids);
+            }
+            catch (Exception e)
+            {
+                _bjuiResponse.statusCode = "300";
+                _bjuiResponse.message = e.Message;
+            }
+            return JsonHelper.Instance.Serialize(_bjuiResponse);
+        }
 
-        public string Load(int roleId, int orgId)
+        public string LoadForRole(int roleId, int orgId)
         {
             return JsonHelper.Instance.Serialize(_app.LoadWithAccess("RoleElement", roleId, orgId));
         }
         #endregion
+
+        #region 为用户分配菜单
+
+        public ActionResult AssignForUser(int userId)
+        {
+            ViewBag.UserId = userId;
+            return View();
+        }
+        [HttpPost]
+        public string AssignForUser(int userId, string menuIds)
+        {
+            try
+            {
+                var ids = menuIds.Split(',').Select(id => int.Parse(id)).ToArray();
+                _app.AssignForUser(userId, ids);
+            }
+            catch (Exception e)
+            {
+                _bjuiResponse.statusCode = "300";
+                _bjuiResponse.message = e.Message;
+            }
+            return JsonHelper.Instance.Serialize(_bjuiResponse);
+        }
+
+        public string LoadForUser(int userId, int orgId)
+        {
+            return JsonHelper.Instance.Serialize(_app.LoadWithAccess("UserElement", userId, orgId));
+        }
+        #endregion
     }
 }
\ No newline at end of file
diff --git a/OpenAuth.Mvc/Controllers/ModuleManagerController.cs b/OpenAuth.Mvc/Controllers/ModuleManagerController.cs
index 090a0709..1def878c 100644
--- a/OpenAuth.Mvc/Controllers/ModuleManagerController.cs
+++ b/OpenAuth.Mvc/Controllers/ModuleManagerController.cs
@@ -4,6 +4,8 @@ using OpenAuth.Domain;
 using System;
 using System.Linq;
 using System.Web.Mvc;
+using Infrastructure.Helper;
+using OpenAuth.App.ViewModel;
 
 namespace OpenAuth.Mvc.Controllers
 {
@@ -50,7 +52,7 @@ namespace OpenAuth.Mvc.Controllers
         /// </summary>
         public string LoadForTree()
         {
-            var orgs = _app.LoadForTree();
+            var orgs = SessionHelper.GetSessionUser<LoginUserVM>().Modules;
             //添加根节点
             orgs.Add(new Module
             {
@@ -70,7 +72,7 @@ namespace OpenAuth.Mvc.Controllers
             {
                 Id = 0,
                 ParentId = -1,
-                Name = "已为用户分配的模块",
+                Name = "用户可访问模块（包括角色所拥有的）",
                 CascadeId = "0"
             });
             return JsonHelper.Instance.Serialize(orgs);
diff --git a/OpenAuth.Mvc/OpenAuth.Mvc.csproj b/OpenAuth.Mvc/OpenAuth.Mvc.csproj
index 2bacc647..25b69ca3 100644
--- a/OpenAuth.Mvc/OpenAuth.Mvc.csproj
+++ b/OpenAuth.Mvc/OpenAuth.Mvc.csproj
@@ -624,6 +624,7 @@
     <Content Include="Views\ModuleManager\LookupMultiForUser.cshtml" />
     <Content Include="Views\ModuleManager\LookupMultiForRole.cshtml" />
     <None Include="Views\Home\MenuHeader.cshtml" />
+    <Content Include="Views\ModuleElementManager\AssignForUser.cshtml" />
     <None Include="Views\ModuleElementManager\Index.cshtml" />
     <Content Include="Views\ModuleElementManager\AssignForRole.cshtml" />
     <None Include="Views\OrgManager\AddOrg.cshtml" />
diff --git a/OpenAuth.Mvc/Views/Home/MenuHeader.cshtml b/OpenAuth.Mvc/Views/Home/MenuHeader.cshtml
index 9c49d592..4f7b2cc9 100644
--- a/OpenAuth.Mvc/Views/Home/MenuHeader.cshtml
+++ b/OpenAuth.Mvc/Views/Home/MenuHeader.cshtml
@@ -28,9 +28,7 @@
 </div>
 
 <script type="text/javascript">
-    //获取勾选的值
-    //column:为从0开始的列标识
-    function getSelected(gridid, column) {
+    function getDatagridRow(gridid) {
         var selected = $(gridid).data('selectedTrs');
         if (selected == null || selected.length == 0) {
             $(this).alertmsg('warn', '至少选择一个对象', {
@@ -39,6 +37,14 @@
             });
             return null;
         }
+        return selected;
+    }
+    //获取勾选的值
+    //column:为从0开始的列标识
+    function getSelected(gridid, column) {
+
+        var selected = getDatagridRow(gridid);
+        if (selected == null) return null;
 
         //todo：下面这段只能chrome有效
         var records = new Array();
@@ -48,4 +54,17 @@
 
         return records[0];
     }
+    //返回选择的多条记录，用逗号隔开
+    function getSelectedMany(gridid, column) {
+        var selected = getDatagridRow(gridid);
+        if (selected == null) return null;
+
+        //todo：下面这段只能chrome有效
+        var results = '';
+        selected.each(function () {
+            results += ',' + this.children[column].innerText;
+        });
+        results = results.substr(1); //去掉第一个逗号
+        return results;
+    }
 </script>
\ No newline at end of file
diff --git a/OpenAuth.Mvc/Views/ModuleElementManager/AssignForRole.cshtml b/OpenAuth.Mvc/Views/ModuleElementManager/AssignForRole.cshtml
index 9eb96c94..573ff9d7 100644
--- a/OpenAuth.Mvc/Views/ModuleElementManager/AssignForRole.cshtml
+++ b/OpenAuth.Mvc/Views/ModuleElementManager/AssignForRole.cshtml
@@ -9,10 +9,10 @@
         <input style="display: none" id="roleId" value="@ViewBag.RoleId" />
         <div class="pull-right">
             <div class="alert alert-info search-inline">
-                <i class="fa fa-info-circle"></i> 可多选统一授权
+                <i class="fa fa-info-circle"></i> 点击行为单选，点击复选框可多选统一授权
             </div>&nbsp;
-            <button type="button" class="btn-green" data-num="1" data-icon="plus" data-toggle="assign">
-                授权选中
+            <button type="button" class="btn-green" data-num="1" data-icon="plus" onclick="assign()">
+                授权选中项目
             </button>&nbsp;
         </div>
     </div>
@@ -70,7 +70,7 @@
                    width: 80
                }
             ],
-            dataUrl: 'ModuleElementManager/Load?orgId=' + selectedId +'&roleId='+$('#roleId').val(),
+            dataUrl: 'ModuleElementManager/LoadForRole?orgId=' + selectedId +'&roleId='+$('#roleId').val(),
             fullGrid: true,
             showLinenumber: true,
             showCheckboxcol: true,
@@ -102,7 +102,9 @@
             },
             callback: { onClick: zTreeOnClick }
         };
-        $.getJSON('ModuleManager/LoadForTree', function (json) {
+        $.getJSON('ModuleManager/LoadForRole',
+            { roleId: $('#roleId').val() },
+            function (json) {
             var zTreeObj = $.fn.zTree.init($('#@_treeId'), setting, json);
             zTreeObj.expandAll(true);
         });
@@ -110,18 +112,17 @@
 
     //授权选中的
     function assign() {
-        var selected = getSelected(gridid, 2);
+        var selected = getSelectedMany(gridid, 2);
         if (selected == null) return;
-
-        $(this).dialog({
-            id: 'assign',
-            url: '/ModuleManager/Add?id=' + selected,
-            title: '编辑',
-            onClose: function () {
-                refreshGrid();
-            }
-        });
-
+      
+        $.post("ModuleElementManager/AssignForRole",
+        {
+            roleId:$('#roleId').val(),
+            menuIds: selected
+        },
+       function (data) {
+           refreshGrid();
+       });
     }
 
     function refreshGrid() {
diff --git a/OpenAuth.Mvc/Views/ModuleManager/Index.cshtml b/OpenAuth.Mvc/Views/ModuleManager/Index.cshtml
index 688c679c..ad8a7c41 100644
--- a/OpenAuth.Mvc/Views/ModuleManager/Index.cshtml
+++ b/OpenAuth.Mvc/Views/ModuleManager/Index.cshtml
@@ -19,7 +19,6 @@
 
 
 <script type="text/javascript">
-    var gridid = '#@_gridId';
     var selectedId = 0;
     $(document).ready(function () {
         initZtree();
@@ -31,7 +30,7 @@
         $('#@_treeDetail').empty()
             .append('<table id="@_gridId" class="table table-bordered table-hover table-striped table-top"></table>');
 
-        $(gridid).datagrid({
+        $('#@_gridId').datagrid({
             showToolbar: false,
             filterThead: false,
             columns: [
@@ -129,7 +128,7 @@
 
     //删除
     function del() {
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId',2);
         if (selected == null) return;
         
         $.get('ModuleManager/Delete?Id=' + selected, function (data) {
@@ -143,7 +142,7 @@
 
     //自定义的编辑按钮
     function editModule() {
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId',2);
         if (selected == null) return;
 
         $(this).dialog({
@@ -159,13 +158,13 @@
 
     //为模块分配按钮
     function assignButton() {
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId',2);
         if (selected == null) return;
 
         $(this).dialog({
             id: 'editDialog',
             width: 1000,
-            height: 700,
+            height: 500,
             mask:true,
             url: '/ModuleElementManager/Index?id=' + selected,
             title: '为模块分配按钮'
diff --git a/OpenAuth.Mvc/Views/OrgManager/Index.cshtml b/OpenAuth.Mvc/Views/OrgManager/Index.cshtml
index 986c9727..ce1f53dd 100644
--- a/OpenAuth.Mvc/Views/OrgManager/Index.cshtml
+++ b/OpenAuth.Mvc/Views/OrgManager/Index.cshtml
@@ -18,7 +18,6 @@
 </div>
 
 <script type="text/javascript">
-    var gridid = '#@_gridId';
     var selectedId = 0;
     var grid;
     $(document).ready(function () {
diff --git a/OpenAuth.Mvc/Views/RoleManager/Index.cshtml b/OpenAuth.Mvc/Views/RoleManager/Index.cshtml
index 3db10d59..52f99f56 100644
--- a/OpenAuth.Mvc/Views/RoleManager/Index.cshtml
+++ b/OpenAuth.Mvc/Views/RoleManager/Index.cshtml
@@ -19,7 +19,6 @@
 
 
 <script type="text/javascript">
-    var gridid = '#@_gridId';
     var selectedId = 0;
     $(document).ready(function () {
         initZtree();
@@ -31,7 +30,7 @@
         $('#@_treeDetail').empty()
             .append('<table id="@_gridId" class="table table-bordered table-hover table-striped table-top"></table>');
 
-        $(gridid).datagrid({
+        $('#@_gridId').datagrid({
             showToolbar:false,
             filterThead: false,
             columns: [
@@ -122,7 +121,7 @@
 
     //删除
     function del() {
-        var selected = getSelected(gridid, 2);
+        var selected = getSelected('#@_gridId', 2);
         if (selected == null) return;
 
         $.getJSON('RoleManager/Delete?Id=' + selected, function (data) {
@@ -136,7 +135,7 @@
 
     //自定义的编辑按钮
     function editRole() {
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId',2);
         if (selected == null) return;
 
         $(this).dialog({
@@ -157,7 +156,7 @@
     //角色模块授权按钮
     function openModuleAccess(obj) {
 
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId',2);
         if (selected == null) return;
 
         $(obj).dialog({
@@ -172,7 +171,7 @@
 
     //为角色分配菜单
     function openAssignElement(obj) {
-        var selected = getSelected(gridid, 2);
+        var selected = getSelected('#@_gridId', 2);
         if (selected == null) return;
 
         $(obj).dialog({
diff --git a/OpenAuth.Mvc/Views/UserManager/Index.cshtml b/OpenAuth.Mvc/Views/UserManager/Index.cshtml
index 15520727..52565d64 100644
--- a/OpenAuth.Mvc/Views/UserManager/Index.cshtml
+++ b/OpenAuth.Mvc/Views/UserManager/Index.cshtml
@@ -20,7 +20,6 @@
 </div>
 
 <script type="text/javascript">
-    var gridid = '#@_gridId';
     var selectedId = 0;
     var grid;
     $(document).ready(function () {
@@ -33,7 +32,7 @@
         $('#@_treeDetail').empty()
             .append('<table id="@_gridId" class="table table-bordered table-hover table-striped table-top"></table>');
 
-        grid = $(gridid).datagrid({
+        $('#@_gridId').datagrid({
             showToolbar: false,
             filterThead: false,
             columns: [
@@ -122,13 +121,13 @@
         });
     }
 
-   
+
 
     //删除
     function del() {
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId', 2);
         if (selected == null) return;
-        
+
         $.getJSON('UserManager/Delete?Id=' + selected, function (data) {
             if (data.statusCode == "200")
                 refreshGrid();
@@ -140,7 +139,7 @@
 
     //自定义的编辑按钮
     function editOrg() {
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId', 2);
         if (selected == null) return;
 
         $(this).dialog({
@@ -161,7 +160,7 @@
     //用户模块授权按钮
     function openModuleAccess(obj) {
 
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId', 2);
         if (selected == null) return;
 
         $(obj).dialog({
@@ -176,7 +175,7 @@
 
     //用户角色授权
     function openRoleAccess(obj) {
-        var selected = getSelected(gridid,2);
+        var selected = getSelected('#@_gridId', 2);
         if (selected == null) return;
 
         $(obj).dialog({
@@ -188,5 +187,19 @@
             }
         });
     }
+
+    //为角色分配菜单
+    function openAssignElement(obj) {
+        var selected = getSelected('#@_gridId', 2);
+        if (selected == null) return;
+
+        $(obj).dialog({
+            id: 'assignElement',
+            url: '/ModuleElementManager/AssignForUser?userId=' + selected,
+            title: '为用户分配菜单',
+            width: 700,
+            height: 380
+        });
+    }
     //@@ sourceURL=userManagerIndex.js
 </script>
\ No newline at end of file
diff --git a/建表&初始化数据.sql b/建表&初始化数据.sql
index d4956881..e5fddc2e 100644
Binary files a/建表&初始化数据.sql and b/建表&初始化数据.sql differ
