diff --git a/com.actionsoft.apps.kms/lib/com.actionsoft.apps.kms.jar b/com.actionsoft.apps.kms/lib/com.actionsoft.apps.kms.jar
index 39ca8e19..0f83750e 100644
Binary files a/com.actionsoft.apps.kms/lib/com.actionsoft.apps.kms.jar and b/com.actionsoft.apps.kms/lib/com.actionsoft.apps.kms.jar differ
diff --git a/com.actionsoft.apps.kms/src/com/actionsoft/apps/kms/web/KnwlSearchWeb.java b/com.actionsoft.apps.kms/src/com/actionsoft/apps/kms/web/KnwlSearchWeb.java
index 5a9fbcf0..5d1ca1d8 100644
--- a/com.actionsoft.apps.kms/src/com/actionsoft/apps/kms/web/KnwlSearchWeb.java
+++ b/com.actionsoft.apps.kms/src/com/actionsoft/apps/kms/web/KnwlSearchWeb.java
@@ -53,6 +53,7 @@ import com.actionsoft.bpms.server.UserContext;
 import com.actionsoft.bpms.server.fs.DCContext;
 import com.actionsoft.bpms.server.fs.dc.DCProfileManager;
 import com.actionsoft.bpms.util.*;
+import com.actionsoft.exception.APIErrorCode;
 import com.actionsoft.exception.AWSException;
 import com.actionsoft.sdk.local.SDK;
 import com.actionsoft.sdk.local.api.AppAPI;
@@ -683,6 +684,12 @@ public class KnwlSearchWeb extends ActionWeb {
 	 * @return
 	 */
 	public String filePreview(UserContext uc,String fileId) {
+
+		// 判断流程启动权限
+		if (!SDK.getPermAPI().havingStartProcessPermission(getContext().getUID(), KMSConstant.BORROW_PROCESS_DEF_ID)) {
+			throw new AWSException(APIErrorCode.getTitle(APIErrorCode.ERR_401) + "，请检查流程启动权限");
+		}
+
 		FileModel fileModel = FileCache.getCache().get(fileId);
 		CardModel cardModel = CardCache.getCache().get(fileModel.getCardId());
 
@@ -690,7 +697,7 @@ public class KnwlSearchWeb extends ActionWeb {
 
 		String plname=cardName.substring(0,cardName.indexOf("V"));
 		String plver=cardName.substring(cardName.indexOf("V")+1);
-		String firstPlver  =plver.substring(0,plver.indexOf("."));
+		String firstPlver=plver.substring(0,plver.indexOf("."));
 
 		String secondPlver=plver.substring(plver.indexOf(".")+1);
 		DecimalFormat df = new DecimalFormat("000");
@@ -709,15 +716,12 @@ public class KnwlSearchWeb extends ActionWeb {
 
 	public String getLastPublishTaskIdByModelId(String repositoryId) {
 		String sql = "SELECT pl.TASKID FROM APP_ACT_COE_PAL_PUBLISH p, APP_ACT_COE_PAL_PUBLISH_LIST pl WHERE pl.pid = p.id AND pl.palrepositoryid = ? ORDER BY publishdate DESC";
-
-
 		return DBSql.getString(sql,new Object[]{repositoryId});
 	}
 
 	public String outputReportPreview(UserContext _uc, String plname,String version) {
 
 		String returnUrl="";
-
 		String sql = "select ID,ISPUBLISH,PLNAME,PLMETHODID,PLPARENTID from APP_ACT_COE_PAL_REPOSITORY where plname = '" + plname + "' AND  PLVER= '"+version+"'";
 		RowMap map = DBSql.getMap(sql);
 		if (map != null) {