diff --git a/cmd/serve/serve.go b/cmd/serve/serve.go
index b7dcbff12..3b7916451 100644
--- a/cmd/serve/serve.go
+++ b/cmd/serve/serve.go
@@ -18,6 +18,7 @@ import (
 	"github.com/rocboss/paopao-ce/cmd"
 	"github.com/rocboss/paopao-ce/internal"
 	"github.com/rocboss/paopao-ce/internal/conf"
+	"github.com/rocboss/paopao-ce/internal/dao"
 	"github.com/rocboss/paopao-ce/internal/service"
 	"github.com/rocboss/paopao-ce/pkg/debug"
 	"github.com/rocboss/paopao-ce/pkg/utils"
@@ -47,6 +48,7 @@ func init() {
 }
 
 func deferFn() {
+	dao.CloseDsx()
 	if cfg.If("Sentry") {
 		// Flush buffered events before the program terminates.
 		sentry.Flush(2 * time.Second)
diff --git a/internal/conf/db_gorm.go b/internal/conf/db_gorm.go
index 66095f226..dfa381cfd 100644
--- a/internal/conf/db_gorm.go
+++ b/internal/conf/db_gorm.go
@@ -34,6 +34,14 @@ func MustGormDB() *gorm.DB {
 	return _gormdb
 }
 
+func CloseGormDB() {
+	db, err := _gormdb.DB()
+	if err != nil {
+		log.Fatalf("close gorm db failed: %s", err)
+	}
+	_ = db.Close()
+}
+
 func newGormDB() (db *gorm.DB, err error) {
 	newLogger := logger.New(
 		logrus.StandardLogger(), // io writer（日志输出的目标，前缀和日志包含的内容）
diff --git a/internal/dao/dao.go b/internal/dao/dao.go
index 8b355e364..9cbb7051c 100644
--- a/internal/dao/dao.go
+++ b/internal/dao/dao.go
@@ -88,6 +88,19 @@ func initDsX() {
 	logrus.Infof("use %s as core.ServantA with version %s", dsaVer.Name(), dsaVer.Version())
 }
 
+func CloseDsx() {
+	if cfg.If("Gorm") {
+		jinzhu.CloseDbObject()
+	} else if cfg.If("Sqlx") {
+		sakila.CloseDbObject()
+	} else if cfg.If("Sqlc") && cfg.Any("Postgres", "PostgreSQL") {
+		slonik.CloseDbObject()
+	} else {
+		// default use gorm as orm for sql database
+		jinzhu.CloseDbObject()
+	}
+}
+
 func initOSS() {
 	var v core.VersionInfo
 	if cfg.If("AliOSS") {
diff --git a/internal/dao/jinzhu/jinzhu.go b/internal/dao/jinzhu/jinzhu.go
index 16b6d64a7..ddc9cd2f2 100644
--- a/internal/dao/jinzhu/jinzhu.go
+++ b/internal/dao/jinzhu/jinzhu.go
@@ -87,6 +87,10 @@ func NewDataService() (core.DataService, core.VersionInfo) {
 	return cache.NewCacheDataService(ds), ds
 }
 
+func CloseDbObject() {
+	conf.CloseGormDB()
+}
+
 func NewWebDataServantA() (core.WebDataServantA, core.VersionInfo) {
 	lazyInitial()
 	db := conf.MustGormDB()
diff --git a/internal/dao/sakila/sakila.go b/internal/dao/sakila/sakila.go
index 0a605bf8c..69029e318 100644
--- a/internal/dao/sakila/sakila.go
+++ b/internal/dao/sakila/sakila.go
@@ -26,3 +26,7 @@ func NewAuthorizationManageService() core.AuthorizationManageService {
 	logrus.Fatal("not support now")
 	return nil
 }
+
+func CloseDbObject() {
+	logrus.Fatal("not support now")
+}
diff --git a/internal/dao/slonik/slonik.go b/internal/dao/slonik/slonik.go
index 705c5bbf9..34fd0ae0d 100644
--- a/internal/dao/slonik/slonik.go
+++ b/internal/dao/slonik/slonik.go
@@ -26,3 +26,7 @@ func NewAuthorizationManageService() core.AuthorizationManageService {
 	logrus.Fatal("not support now")
 	return nil
 }
+
+func CloseDbObject() {
+	logrus.Fatal("not support now")
+}
diff --git a/internal/model/web/loose.go b/internal/model/web/loose.go
index 691bfdf00..db701dfe3 100644
--- a/internal/model/web/loose.go
+++ b/internal/model/web/loose.go
@@ -113,6 +113,7 @@ type TopicListResp struct {
 }
 
 type TweetDetailReq struct {
+	BaseInfo   `form:"-"  binding:"-"`
 	SimpleInfo `form:"-"  binding:"-"`
 	TweetId    int64 `form:"id"`
 }
diff --git a/internal/servants/web/loose.go b/internal/servants/web/loose.go
index 67add7297..088178d2c 100644
--- a/internal/servants/web/loose.go
+++ b/internal/servants/web/loose.go
@@ -508,6 +508,11 @@ func (s *looseSrv) TweetDetail(req *web.TweetDetailReq) (*web.TweetDetailResp, m
 	if err != nil {
 		return nil, web.ErrGetPostFailed
 	}
+
+	// check current user permission
+	if xerr := checkPostViewPermission(req.User, post, s.Ds); xerr != nil {
+		return nil, xerr
+	}
 	postContents, err := s.Ds.GetPostContentsByIDs([]int64{post.ID})
 	if err != nil {
 		return nil, web.ErrGetPostFailed
diff --git a/internal/servants/web/utils.go b/internal/servants/web/utils.go
index 0e2696e31..d21916816 100644
--- a/internal/servants/web/utils.go
+++ b/internal/servants/web/utils.go
@@ -207,3 +207,29 @@ func checkPermision(user *ms.User, targetUserId int64) mir.Error {
 	}
 	return nil
 }
+
+// checkPostViewPermission 检查当前用户是否可读指定post
+func checkPostViewPermission(user *ms.User, post *ms.Post, ds core.DataService) mir.Error {
+	if post.Visibility == core.PostVisitPublic {
+		return nil
+	}
+
+	if user == nil {
+		return web.ErrNoPermission
+	}
+
+	if user.IsAdmin || user.ID == post.UserID {
+		return nil
+	}
+
+	if post.Visibility == core.PostVisitPrivate {
+		return web.ErrNoPermission
+	}
+
+	if post.Visibility == core.PostVisitFriend {
+		if !ds.IsFriend(post.UserID, user.ID) && !ds.IsFriend(user.ID, post.UserID) {
+			return web.ErrNoPermission
+		}
+	}
+	return nil
+}
diff --git a/web/src/views/Post.vue b/web/src/views/Post.vue
index 2170f7baa..1811a4fce 100644
--- a/web/src/views/Post.vue
+++ b/web/src/views/Post.vue
@@ -5,7 +5,7 @@
         <n-list class="main-content-wrap" bordered>
             <n-list-item>
                 <n-spin :show="loading">
-                    <div class="detail-wrap" v-if="post.id > 1">
+                    <div class="detail-wrap" v-if="post.id > 0">
                         <post-detail :post="post" @reload="reloadPost" />
                     </div>
                     <div class="empty-wrap" v-else>