diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 63155e25a..38f1ad152 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -2473,13 +2473,13 @@ class UsersController < ApplicationController
 
   # 资源库 分为全部  课程资源 项目资源 附件
   def user_resource
-    @order, @b_sort = params[:order] || "created_on", params[:sort] || "asc"
-    @score = @b_sort == "desc" ? "asc" : "desc"
     # 别人的资源库是没有权限去看的
     if User.current.id.to_i != params[:id].to_i
       render_403
       return
     end
+    @order, @b_sort = params[:order] || "created_on", params[:sort] || "asc"
+    @score = @b_sort == "desc" ? "asc" : "desc"
     user_course_ids = User.current.courses.map { |c| c.id}
     user_project_ids = User.current.projects.map {|p| p.id}
     # user_org_ids = User.current.organizations.map {|o| o.id}
@@ -2563,6 +2563,10 @@ class UsersController < ApplicationController
   end
 
   def import_resources_search
+    if User.current.id.to_i != params[:id].to_i
+      render_403
+      return
+    end
     @resource_id = params[:mul_id]
     @resource_type = params[:mul_type]
     @order, @b_sort = params[:order] || "created_on", params[:sort] || "asc"
@@ -2571,11 +2575,6 @@ class UsersController < ApplicationController
     @switch_search = params[:name].nil? ? " " : params[:name]
     search = "%#{@switch_search.strip.downcase}%"
     # 别人的资源库是没有权限去看的
-    if User.current.id.to_i != params[:id].to_i
-      render_403
-      return
-    end
-    @resource_id = params[:mul_id]
     if(params[:type].blank? || params[:type] == "1") # 我的资源
       # 修正：我的资源库的话，那么应该是我上传的所有资源加上，我加入的课程、项目、组织的所有资源
       user_course_ids = User.current.courses.map { |c| c.id}