diff --git a/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java b/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java
index 94eda67c..c515d813 100644
--- a/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java
@@ -22,7 +22,6 @@ import cn.hutool.core.util.StrUtil;
 import cn.hutool.core.util.URLUtil;
 import jakarta.annotation.Resource;
 import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
 import org.dromara.x.file.storage.core.FileStorageProperties;
 import org.dromara.x.file.storage.core.FileStorageService;
 import org.dromara.x.file.storage.core.FileStorageServiceBuilder;
@@ -58,7 +57,6 @@ import java.util.concurrent.CopyOnWriteArrayList;
  */
 @Service
 @RequiredArgsConstructor
-@Slf4j
 public class StorageServiceImpl extends BaseServiceImpl<StorageMapper, StorageDO, StorageResp, StorageResp, StorageQuery, StorageReq> implements StorageService {
 
     private final FileStorageService fileStorageService;
@@ -67,7 +65,7 @@ public class StorageServiceImpl extends BaseServiceImpl<StorageMapper, StorageDO
 
     @Override
     protected void beforeAdd(StorageReq req) {
-        decodeSecretKey(req, null);
+        this.decodeSecretKey(req, null);
         CheckUtils.throwIf(Boolean.TRUE.equals(req.getIsDefault()) && this.isDefaultExists(null), "请先取消原有默认存储");
         String code = req.getCode();
         CheckUtils.throwIf(this.isCodeExists(code, null), "新增失败，[{}] 已存在", code);
@@ -82,11 +80,13 @@ public class StorageServiceImpl extends BaseServiceImpl<StorageMapper, StorageDO
         StorageDO oldStorage = super.getById(id);
         CheckUtils.throwIf(Boolean.TRUE.equals(oldStorage.getIsDefault()) && DisEnableStatusEnum.DISABLE
             .equals(newStatus), "[{}] 是默认存储，不允许禁用", oldStorage.getName());
-        decodeSecretKey(req, oldStorage);
+        this.decodeSecretKey(req, oldStorage);
         DisEnableStatusEnum oldStatus = oldStorage.getStatus();
-        if (DisEnableStatusEnum.ENABLE.equals(oldStatus) && DisEnableStatusEnum.DISABLE.equals(newStatus)) {
+        // 先卸载
+        if (DisEnableStatusEnum.ENABLE.equals(oldStatus)) {
             this.unload(BeanUtil.copyProperties(oldStorage, StorageReq.class));
         }
+        // 再加载
         if (DisEnableStatusEnum.ENABLE.equals(newStatus)) {
             this.load(req);
         }
@@ -96,23 +96,6 @@ public class StorageServiceImpl extends BaseServiceImpl<StorageMapper, StorageDO
         }
     }
 
-    private void decodeSecretKey(StorageReq req, StorageDO storage) {
-        if (!StorageTypeEnum.S3.equals(req.getType())) {
-            return;
-        }
-
-        // 修改Storage时，如果SecretKey不修改，字段脱敏无法回带手动设置
-        if ((StrUtil.isBlank(req.getSecretKey()) || req.getSecretKey().contains("*")) && StrUtil.isNotBlank(storage
-            .getSecretKey())) {
-            req.setSecretKey(storage.getSecretKey());
-            return;
-        }
-
-        String secretKey = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getSecretKey()));
-        ValidationUtils.throwIfNull(secretKey, "私有密钥解密失败");
-        req.setSecretKey(secretKey);
-    }
-
     @Override
     protected void beforeDelete(List<Long> ids) {
         CheckUtils.throwIf(fileService.countByStorageIds(ids) > 0, "所选存储存在文件关联，请删除文件后重试");
@@ -184,6 +167,29 @@ public class StorageServiceImpl extends BaseServiceImpl<StorageMapper, StorageDO
             .getBucketName()));
     }
 
+    /**
+     * 解密 SecretKey
+     *
+     * @param req     请求参数
+     * @param storage 存储信息
+     */
+    private void decodeSecretKey(StorageReq req, StorageDO storage) {
+        if (!StorageTypeEnum.S3.equals(req.getType())) {
+            return;
+        }
+        // 修改时，如果 SecretKey 不修改，需要手动修正
+        String newSecretKey = req.getSecretKey();
+        boolean isSecretKeyNotUpdate = StrUtil.isBlank(newSecretKey) || newSecretKey.contains(StringConstants.ASTERISK);
+        if (null != storage && isSecretKeyNotUpdate) {
+            req.setSecretKey(storage.getSecretKey());
+            return;
+        }
+        // 新增时或修改了 SecretKey
+        String secretKey = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(newSecretKey));
+        ValidationUtils.throwIfNull(secretKey, "私有密钥解密失败");
+        req.setSecretKey(secretKey);
+    }
+
     /**
      * 默认存储是否存在
      *
diff --git a/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/MenuController.java b/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/MenuController.java
index 92c59211..63036cf6 100644
--- a/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/MenuController.java
+++ b/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/MenuController.java
@@ -70,10 +70,12 @@ public class MenuController extends BaseController<MenuService, MenuResp, MenuRe
     private void checkPath(MenuReq req) {
         Boolean isExternal = ObjectUtil.defaultIfNull(req.getIsExternal(), false);
         String path = req.getPath();
-        ValidationUtils.throwIf(isExternal && !URLUtils.isHttpUrl(path), "路由地址格式错误，请以 http:// 或 https:// 开头");
-        if (!isExternal) {
+        ValidationUtils.throwIf(Boolean.TRUE.equals(isExternal) && !URLUtils
+            .isHttpUrl(path), "路由地址格式错误，请以 http:// 或 https:// 开头");
+        // 非外链菜单参数修正
+        if (Boolean.FALSE.equals(isExternal)) {
             ValidationUtils.throwIf(URLUtils.isHttpUrl(path), "路由地址格式错误");
-            req.setPath(StrUtil.prependIfMissing(req.getPath(), StringConstants.SLASH));
+            req.setPath(StrUtil.prependIfMissing(path, StringConstants.SLASH));
             req.setName(StrUtil.removePrefix(req.getName(), StringConstants.SLASH));
             req.setComponent(StrUtil.removePrefix(req.getComponent(), StringConstants.SLASH));
         }
diff --git a/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/UserController.java b/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/UserController.java
index e5581392..78b8e8bb 100644
--- a/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/UserController.java
+++ b/continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/UserController.java
@@ -70,7 +70,7 @@ public class UserController extends BaseController<UserService, UserResp, UserDe
 
     @Operation(summary = "重置密码", description = "重置用户登录密码")
     @Parameter(name = "id", description = "ID", example = "1", in = ParameterIn.PATH)
-    @SaCheckPermission("system:user:password:reset")
+    @SaCheckPermission("system:user:resetPwd")
     @PatchMapping("/{id}/password")
     public R<Void> resetPassword(@Validated @RequestBody UserPasswordResetReq req, @PathVariable Long id) {
         String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getNewPassword()));
@@ -84,7 +84,7 @@ public class UserController extends BaseController<UserService, UserResp, UserDe
 
     @Operation(summary = "分配角色", description = "为用户新增或移除角色")
     @Parameter(name = "id", description = "ID", example = "1", in = ParameterIn.PATH)
-    @SaCheckPermission("system:user:role:update")
+    @SaCheckPermission("system:user:updateRole")
     @PatchMapping("/{id}/role")
     public R<Void> updateRole(@Validated @RequestBody UserRoleUpdateReq updateReq, @PathVariable Long id) {
         baseService.updateRole(updateReq, id);