diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/AreaController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/AreaController.java
index 6d85547e..5b6d347f 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/AreaController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/AreaController.java
@@ -63,7 +63,7 @@ public class AreaController extends BaseController {
 	 * 查询区域数据
 	 * @param area
 	 */
-	@RequiresPermissions("user")
+	@RequiresPermissions("sys:area:view")
 	@RequestMapping(value = "listData")
 	@ResponseBody
 	public List<Area> listData(Area area) {
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/CompanyController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/CompanyController.java
index 373e01e8..0d0e76d0 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/CompanyController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/CompanyController.java
@@ -70,7 +70,7 @@ public class CompanyController extends BaseController {
 	 * 查询公司数据
 	 * @param company
 	 */
-	@RequiresPermissions("user")
+	@RequiresPermissions("sys:company:view")
 	@RequestMapping(value = "listData")
 	@ResponseBody
 	public List<Company> listData(Company company, String ctrlPermi) {
@@ -209,7 +209,7 @@ public class CompanyController extends BaseController {
 		List<Map<String, Object>> mapList = ListUtils.newArrayList();
 		Company where = new Company();
 		where.setStatus(Company.STATUS_NORMAL);
-		if (!(isAll != null && isAll)){
+		if (!(isAll != null && isAll) || Global.isStrictMode()){
 			companyService.addDataScopeFilter(where, ctrlPermi);
 		}
 		List<Company> list = companyService.findList(where);
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
index de522cc7..c999ba62 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
@@ -24,6 +24,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 
+import com.fasterxml.jackson.annotation.JsonView;
 import com.jeesite.common.codec.DesUtils;
 import com.jeesite.common.config.Global;
 import com.jeesite.common.lang.StringUtils;
@@ -344,6 +345,7 @@ public class LoginController extends BaseController{
 	@RequiresPermissions("user")
 	@RequestMapping(value = "menuTree")
 	@ResponseBody
+	@JsonView(Menu.SimpleView.class)
 	public List<Menu> menuTree(String parentCode) {
 		if (StringUtils.isNotBlank(parentCode)){
 			return UserUtils.getMenuListByParentCode(parentCode);
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/OfficeController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/OfficeController.java
index fc27c445..e6350364 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/OfficeController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/OfficeController.java
@@ -67,7 +67,7 @@ public class OfficeController extends BaseController {
 	 * 查询机构数据
 	 * @param office
 	 */
-	@RequiresPermissions("user")
+	@RequiresPermissions("sys:company:view")
 	@RequestMapping(value = "listData")
 	@ResponseBody
 	public List<Office> listData(Office office, String ctrlPermi) {
@@ -222,7 +222,7 @@ public class OfficeController extends BaseController {
 		Office where = new Office();
 		where.setStatus(Office.STATUS_NORMAL);
 		where.setCompanyCode(companyCode);
-		if (!(isAll != null && isAll)){
+		if (!(isAll != null && isAll) || Global.isStrictMode()){
 			officeService.addDataScopeFilter(where, ctrlPermi);
 		}
 		List<Office> list = officeService.findList(where);
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/PostController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/PostController.java
index 8a5e62e8..2ff6c204 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/PostController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/PostController.java
@@ -131,7 +131,6 @@ public class PostController extends BaseController {
 
 	/**
 	 * 获取岗位树结构数据
-	 * @param isAll			是否显示所有机构（true：不进行权限过滤）
 	 * @param isShowCode	是否显示编码（true or 1：显示在左侧；2：显示在右侧；false or null：不显示）
 	 * @return
 	 */
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/user/EmpUserController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/user/EmpUserController.java
index bd40c532..03fa7aa0 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/user/EmpUserController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/user/EmpUserController.java
@@ -95,7 +95,7 @@ public class EmpUserController extends BaseController {
 	public Page<EmpUser> listData(EmpUser empUser, Boolean isAll, String ctrlPermi, HttpServletRequest request, HttpServletResponse response) {
 		empUser.getEmployee().getOffice().setIsQueryChildren(true);
 		empUser.getEmployee().getCompany().setIsQueryChildren(true);
-		if (!(isAll != null && isAll)){
+		if (!(isAll != null && isAll) || Global.isStrictMode()){
 			empUserService.addDataScopeFilter(empUser, ctrlPermi);
 		}
 		empUser.setPage(new Page<>(request, response));
@@ -175,7 +175,7 @@ public class EmpUserController extends BaseController {
 	public void exportData(EmpUser empUser, Boolean isAll, String ctrlPermi, HttpServletResponse response) {
 		empUser.getEmployee().getOffice().setIsQueryChildren(true);
 		empUser.getEmployee().getCompany().setIsQueryChildren(true);
-		if (!(isAll != null && isAll)){
+		if (!(isAll != null && isAll) || Global.isStrictMode()){
 			empUserService.addDataScopeFilter(empUser, ctrlPermi);
 		}
 		List<EmpUser> list = empUserService.findList(empUser);
@@ -367,7 +367,7 @@ public class EmpUserController extends BaseController {
 		empUser.setRoleCode(roleCode);
 		empUser.setStatus(User.STATUS_NORMAL);
 		empUser.setUserType(User.USER_TYPE_EMPLOYEE);
-		if (!(isAll != null && isAll)) {
+		if (!(isAll != null && isAll) || Global.isStrictMode()) {
 			empUserService.addDataScopeFilter(empUser, ctrlPermi);
 		}
 		List<EmpUser> list = empUserService.findList(empUser);
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/user/SecAdminController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/user/SecAdminController.java
index 60e6dff6..c924bc23 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/user/SecAdminController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/user/SecAdminController.java
@@ -50,7 +50,7 @@ public class SecAdminController extends BaseController {
 		return "modules/sys/user/secAdminList";
 	}
 
-	@RequiresPermissions("user")
+	@RequiresPermissions("sys:secAdmin:view")
 	@RequestMapping(value = "listData")
 	@ResponseBody
 	public Page<User> listData(User user, HttpServletRequest request, HttpServletResponse response) {
diff --git a/modules/core/src/main/resources/config/jeesite-core.yml b/modules/core/src/main/resources/config/jeesite-core.yml
index 5e0e46ad..053a6c50 100644
--- a/modules/core/src/main/resources/config/jeesite-core.yml
+++ b/modules/core/src/main/resources/config/jeesite-core.yml
@@ -414,7 +414,7 @@ mybatis:
   
 # Web 相关
 web:
-  
+
   # MVC 视图相关
   view:
     
@@ -463,7 +463,7 @@ web:
   validator:
     id: '[a-zA-Z0-9_\-/#\u4e00-\u9fa5]{0,64}'
     user.loginCode: '[a-zA-Z0-9_\u4e00-\u9fa5]{4,20}'
-
+  
   # 核心模块的Web功能（仅作为微服务时设为false）
   core: 
     enabled: true
diff --git a/modules/core/src/main/resources/views/themes/default/modules/sys/sysIndex/topMenu.html b/modules/core/src/main/resources/views/themes/default/modules/sys/sysIndex/topMenu.html
index 5de6cd96..53dd7792 100644
--- a/modules/core/src/main/resources/views/themes/default/modules/sys/sysIndex/topMenu.html
+++ b/modules/core/src/main/resources/views/themes/default/modules/sys/sysIndex/topMenu.html
@@ -48,6 +48,8 @@
 								if($('.sidebar-menu').length == 1){
 									$(window).trigger("hashchange");
 								}
+							}else{
+								location = '${ctx}/login';
 							}
 						}, 'html');
 					}
diff --git a/web/src/main/resources/config/application.yml b/web/src/main/resources/config/application.yml
index bf71bb21..0ba962b5 100644
--- a/web/src/main/resources/config/application.yml
+++ b/web/src/main/resources/config/application.yml
@@ -476,6 +476,9 @@ logging:
 #  # 静态资源路径前缀，可做CDN加速优化
 #  staticPrefix: /static
 #  
+#  # 严格模式（更严格的数据安全验证）
+#  strictMode: false
+#  
 #  # 自定义正则表达式验证（主键、登录名）
 #  validator:
 #    id: '[a-zA-Z0-9_\-/#\u4e00-\u9fa5]{0,64}'