diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 4949946c0..cedefd1fe 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -229,6 +229,7 @@ class AttachmentsController < ApplicationController
         end
         tip_exception(403, "您没有权限进入") if project.present? && !candown
       end
+      tip_exception(403, "您没有权限查看") if project.present? && !candown if @file.is_public == 0 &&  author_id != current_user.id
     end
   end
 
diff --git a/app/models/identity_verification.rb b/app/models/identity_verification.rb
index 3c8c88d9b..6ea6e0547 100644
--- a/app/models/identity_verification.rb
+++ b/app/models/identity_verification.rb
@@ -23,7 +23,10 @@
 class IdentityVerification < ApplicationRecord
     belongs_to :user
     enum state: { "待审核": 0, "已通过": 1, "已拒绝": 2}
-
+    after_create do
+        Attachment.where(id:[card_front,card_back,hold_card_front,hold_card_back]).update_all(is_public:0)
+    end
+    
     after_save do
         if state == "已通过"
             user.update(id_card_verify: true, website_permission: true)