diff --git a/app/controllers/installations_controller.rb b/app/controllers/installations_controller.rb
index a87916271..76984ee58 100644
--- a/app/controllers/installations_controller.rb
+++ b/app/controllers/installations_controller.rb
@@ -8,18 +8,17 @@ class InstallationsController < ApplicationController
   end
 
   def index
-    @install_bots = BotInstall.where(:installer_id => current_user.id)
+    @install_bots = BotInstall.where(bot_id: get_bot_id)
   end
 
   def show
-    @install_bot = BotInstall.find params[:id]
+    @install_bot = BotInstall.find_by(bot_id: get_bot_id, installer_id: params[:id]) || BotInstall.find_by(id: params[:id])
+    tip_exception "参数installer_id错误"  if @install_bot.blank?
   end
 
   def repositories
     # 与github差异，所以取安装用户和bot对应所有的仓库
-    install_bot = BotInstall.find params[:id]
-    bot = Bot.find_by(uid: current_user.id)
-    @install_bots = BotInstall.where(bot_id: bot.id).where(:installer_id => install_bot.installer_id)
+    @install_bots = BotInstall.where(bot_id: get_bot_id).where(installer_id: params[:id])
   end
 
   def update_secret
@@ -60,11 +59,13 @@ class InstallationsController < ApplicationController
     @install_bot.update_attributes!(state: 0)
     render_ok
   end
+
   def unsuspended
     @install_bot = BotInstall.find params[:id]
     @install_bot.update_attributes!(state: 1)
     render_ok
   end
+
   def auth_active
     begin
       @bot = Bot.find params[:id]
@@ -89,7 +90,8 @@ class InstallationsController < ApplicationController
   end
 
   def access_tokens
-    @install_bot = BotInstall.find params[:id]
+    @install_bot = BotInstall.find_by(bot_id: get_bot_id, installer_id: params[:id]) || BotInstall.find_by(id: params[:id])
+    tip_exception "参数installer_id错误"  if @install_bot.blank?
     @bot = @install_bot.bot
     @application = Doorkeeper::Application.find_by(uid: @bot.client_id, secret: @bot.client_secret)
     tip_exception("该Bot未激活") if @application.blank?
@@ -104,5 +106,16 @@ class InstallationsController < ApplicationController
     render_ok(token: @access_token.token)
   end
 
+  private
+
+  def get_bot_id
+    header = request.authorization
+    pattern = /^Bearer /i
+    token = header.gsub(pattern, "")
+    decoded_token = JWT.decode token, nil, false
+    # 前面已验证token有效期和正确性
+    decoded_token[0]["iss"]
+  end
+
 end
 
diff --git a/app/views/installations/index.json.jbuilder b/app/views/installations/index.json.jbuilder
index 2163567ed..532f4c91f 100644
--- a/app/views/installations/index.json.jbuilder
+++ b/app/views/installations/index.json.jbuilder
@@ -2,10 +2,7 @@ json.status 0
 json.message "success"
 json.data do
   json.array! @install_bots do |install_bot|
-    json.installation_id install_bot.id
-    json.extract! install_bot.bot, :id, :name
-    json.bot_id install_bot.bot.id
-    json.bot_name install_bot.bot.name
-
+    json.extract! install_bot, :id, :bot_id, :installer_id, :state, :create_time, :update_time
+    json.bot_name install_bot&.bot&.name
   end
 end
\ No newline at end of file
diff --git a/app/views/installations/show.json.jbuilder b/app/views/installations/show.json.jbuilder
index 33c7ba206..ee605b860 100644
--- a/app/views/installations/show.json.jbuilder
+++ b/app/views/installations/show.json.jbuilder
@@ -1,5 +1,5 @@
 json.partial! "commons/success"
 
 json.extract! @install_bot, :id, :bot_id, :installer_id, :state, :create_time, :update_time
-json.bot_name @install_bot.bot.name
+json.bot_name @install_bot&.bot&.name