diff --git a/code/rest/alien_service.go b/code/rest/alien_service.go
index 2e4c92a..784ae15 100644
--- a/code/rest/alien_service.go
+++ b/code/rest/alien_service.go
@@ -17,6 +17,7 @@ type AlienService struct {
 	userDao           *UserDao
 	uploadTokenDao    *UploadTokenDao
 	downloadTokenDao  *DownloadTokenDao
+	shareService      *ShareService
 	imageCacheDao     *ImageCacheDao
 	imageCacheService *ImageCacheService
 }
@@ -51,6 +52,11 @@ func (this *AlienService) Init() {
 		this.downloadTokenDao = c
 	}
 
+	b = core.CONTEXT.GetBean(this.shareService)
+	if c, ok := b.(*ShareService); ok {
+		this.shareService = c
+	}
+
 	b = core.CONTEXT.GetBean(this.imageCacheDao)
 	if c, ok := b.(*ImageCacheDao); ok {
 		this.imageCacheDao = c
@@ -105,8 +111,15 @@ func (this *AlienService) PreviewOrDownload(
 
 			//判断文件的所属人是否正确
 			operator := this.findUser(writer, request)
-			if operator == nil || (operator.Role != USER_ROLE_ADMINISTRATOR && matter.UserUuid != operator.Uuid) {
+
+			//可以使用分享码的形式授权。
+			shareUuid := request.FormValue("shareUuid")
+			shareCode := request.FormValue("shareCode")
+			shareRootUuid := request.FormValue("shareRootUuid")
+			if shareUuid == "" || shareCode == "" || shareRootUuid == "" {
 				panic(result.UNAUTHORIZED)
+			} else {
+				this.shareService.ValidateMatter(shareUuid, shareCode, operator, shareRootUuid, matter)
 			}
 
 		}
diff --git a/code/rest/matter_controller.go b/code/rest/matter_controller.go
index 8cc413d..c6f408c 100644
--- a/code/rest/matter_controller.go
+++ b/code/rest/matter_controller.go
@@ -149,20 +149,8 @@ func (this *MatterController) Page(writer http.ResponseWriter, request *http.Req
 		}
 
 		user := this.findUser(writer, request)
-		share := this.shareService.CheckShare(shareUuid, shareCode, user)
-
-		//验证 shareRootMatter是否在被分享。
-		shareRootMatter := this.matterDao.CheckByUuid(shareRootUuid)
-		if !shareRootMatter.Dir {
-			panic(result.BadRequest("只有文件夹可以浏览！"))
-		}
-		this.bridgeDao.CheckByShareUuidAndMatterUuid(share.Uuid, shareRootMatter.Uuid)
-
-		//保证 puuid对应的matter是shareRootMatter的子文件夹。
-		child := strings.HasPrefix(dirMatter.Path, shareRootMatter.Path)
-		if !child {
-			panic(result.BadRequest("%s 不是 %s 的子文件夹！", puuid, shareRootUuid))
-		}
+		//根据某个shareUuid和code，某个用户是否有权限获取 shareRootUuid 下面的 matterUuid
+		this.shareService.ValidateMatter(shareUuid, shareCode, user, shareRootUuid, dirMatter)
 
 	} else {
 		//非分享模式要求必须登录
diff --git a/code/rest/share_controller.go b/code/rest/share_controller.go
index f00689d..204de3c 100644
--- a/code/rest/share_controller.go
+++ b/code/rest/share_controller.go
@@ -302,12 +302,10 @@ func (this *ShareController) Browse(writer http.ResponseWriter, request *http.Re
 	share := this.shareService.CheckShare(shareUuid, code, user)
 	bridges := this.bridgeDao.ListByShareUuid(share.Uuid)
 
-	if puuid == "" {
-		puuid = MATTER_ROOT
-	}
-	//分享的跟目录
 	if puuid == MATTER_ROOT {
 
+		//分享的根目录
+
 		//获取对应的 matter.
 		var matters []*Matter
 		if len(bridges) != 0 {
@@ -315,7 +313,6 @@ func (this *ShareController) Browse(writer http.ResponseWriter, request *http.Re
 			for _, bridge := range bridges {
 				uuids = append(uuids, bridge.MatterUuid)
 			}
-
 			sortArray := []builder.OrderPair{
 				{
 					Key:   "dir",
diff --git a/code/rest/share_service.go b/code/rest/share_service.go
index c66c9db..1c8637a 100644
--- a/code/rest/share_service.go
+++ b/code/rest/share_service.go
@@ -3,14 +3,17 @@ package rest
 import (
 	"github.com/eyebluecn/tank/code/core"
 	"github.com/eyebluecn/tank/code/tool/result"
+	"strings"
 	"time"
 )
 
 //@Service
 type ShareService struct {
 	BaseBean
-	shareDao *ShareDao
-	userDao  *UserDao
+	shareDao  *ShareDao
+	matterDao *MatterDao
+	bridgeDao *BridgeDao
+	userDao   *UserDao
 }
 
 //初始化方法
@@ -23,6 +26,16 @@ func (this *ShareService) Init() {
 		this.shareDao = b
 	}
 
+	b = core.CONTEXT.GetBean(this.matterDao)
+	if b, ok := b.(*MatterDao); ok {
+		this.matterDao = b
+	}
+
+	b = core.CONTEXT.GetBean(this.bridgeDao)
+	if b, ok := b.(*BridgeDao); ok {
+		this.bridgeDao = b
+	}
+
 	b = core.CONTEXT.GetBean(this.userDao)
 	if b, ok := b.(*UserDao); ok {
 		this.userDao = b
@@ -60,3 +73,41 @@ func (this *ShareService) CheckShare(shareUuid string, code string, user *User)
 
 	return share
 }
+
+//根据某个shareUuid和code，某个用户是否有权限获取 shareRootUuid 下面的 matterUuid
+//如果是根目录下的文件，那么shareRootUuid传root.
+func (this *ShareService) ValidateMatter(shareUuid string, code string, user *User, shareRootUuid string, matter *Matter) {
+
+	if matter == nil {
+		panic(result.BadRequest("matter cannot be nil"))
+	}
+
+	//如果文件是自己的，那么放行
+	if user != nil && matter.UserUuid == user.Uuid {
+		return
+	}
+
+	if shareRootUuid == "" {
+		panic(result.BadRequest("matterUuid cannot be null"))
+	}
+
+	share := this.CheckShare(shareUuid, code, user)
+
+	//如果shareRootUuid是根，那么matterUuid在bridge中应该有记录
+	if shareRootUuid == MATTER_ROOT {
+
+		this.bridgeDao.CheckByShareUuidAndMatterUuid(share.Uuid, matter.Uuid)
+
+	} else {
+		//验证 shareRootMatter是否在被分享。
+		shareRootMatter := this.matterDao.CheckByUuid(shareRootUuid)
+		this.bridgeDao.CheckByShareUuidAndMatterUuid(share.Uuid, shareRootMatter.Uuid)
+
+		//保证 puuid对应的matter是shareRootMatter的子文件夹。
+		child := strings.HasPrefix(matter.Path, shareRootMatter.Path)
+		if !child {
+			panic(result.BadRequest("%s 不是 %s 的子文件夹！", matter.Uuid, shareRootUuid))
+		}
+	}
+
+}