diff --git a/apps/jumpserver/middleware.py b/apps/jumpserver/middleware.py
index f93edf73a..64accde21 100644
--- a/apps/jumpserver/middleware.py
+++ b/apps/jumpserver/middleware.py
@@ -4,24 +4,44 @@ import os
 import re
 import pytz
 from django.utils import timezone
-from django.utils.deprecation import MiddlewareMixin
 from django.shortcuts import HttpResponse
 
 
-DEMO_MODE = os.environ.get("DEMO_MODE", "")
-SAFE_URL = r'^/users/login|^/api/terminal/v1/.*|/api/terminal/.*|/api/users/v1/auth/|/api/users/v1/profile/'
+class TimezoneMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
 
-
-class TimezoneMiddleware(MiddlewareMixin):
-    def process_request(self, request):
+    def __call__(self, request):
         tzname = request.META.get('TZ')
         if tzname:
             timezone.activate(pytz.timezone(tzname))
         else:
             timezone.deactivate()
+        response = self.get_response(request)
+        return response
 
 
-class DemoMiddleware(MiddlewareMixin):
-    def process_request(self, request):
-        if DEMO_MODE and request.method not in ["GET", "HEAD"] and not re.match(SAFE_URL, request.path):
-                return HttpResponse("Demo mode, only get request accept", status=403)
+class DemoMiddleware:
+    DEMO_MODE_ENABLED = os.environ.get("DEMO_MODE", "") in ("1", "ok", "True")
+    SAFE_URL_PATTERN = re.compile(
+        r'^/users/login|'
+        r'^/api/terminal/v1/.*|'
+        r'^/api/terminal/.*|'
+        r'^/api/users/v1/auth/|'
+        r'^/api/users/v1/profile/'
+    )
+    SAFE_METHOD = ("GET", "HEAD")
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+        if self.DEMO_MODE_ENABLED:
+            print("Demo mode enabled, reject unsafe method and url")
+
+    def __call__(self, request):
+        if self.DEMO_MODE_ENABLED and request.method not in self.SAFE_METHOD \
+                and not self.SAFE_URL_PATTERN.match(request.path):
+            return HttpResponse("Demo mode, only safe request accepted", status=403)
+        else:
+            response = self.get_response(request)
+            return response
diff --git a/apps/ops/hands.py b/apps/ops/hands.py
index d7175db18..b6e3d3479 100644
--- a/apps/ops/hands.py
+++ b/apps/ops/hands.py
@@ -1,4 +1,4 @@
 # ~*~ coding: utf-8 ~*~
 
 from users.permissions import IsSuperUser
-
+from users.utils import AdminUserRequiredMixin
\ No newline at end of file
diff --git a/apps/ops/views.py b/apps/ops/views.py
index 2c58e496e..4b090a8a3 100644
--- a/apps/ops/views.py
+++ b/apps/ops/views.py
@@ -6,9 +6,10 @@ from django.views.generic import ListView, DetailView
 
 from common.mixins import DatetimeSearchMixin
 from .models import Task, AdHoc, AdHocRunHistory
+from .hands import AdminUserRequiredMixin
 
 
-class TaskListView(DatetimeSearchMixin, ListView):
+class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
     paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
     model = Task
     ordering = ('-date_created',)
@@ -42,7 +43,7 @@ class TaskListView(DatetimeSearchMixin, ListView):
         return super().get_context_data(**kwargs)
 
 
-class TaskDetailView(DetailView):
+class TaskDetailView(AdminUserRequiredMixin, DetailView):
     model = Task
     template_name = 'ops/task_detail.html'
 
@@ -55,7 +56,7 @@ class TaskDetailView(DetailView):
         return super().get_context_data(**kwargs)
 
 
-class TaskAdhocView(DetailView):
+class TaskAdhocView(AdminUserRequiredMixin, DetailView):
     model = Task
     template_name = 'ops/task_adhoc.html'
 
@@ -68,7 +69,7 @@ class TaskAdhocView(DetailView):
         return super().get_context_data(**kwargs)
 
 
-class TaskHistoryView(DetailView):
+class TaskHistoryView(AdminUserRequiredMixin, DetailView):
     model = Task
     template_name = 'ops/task_history.html'
 
@@ -81,7 +82,7 @@ class TaskHistoryView(DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AdHocDetailView(DetailView):
+class AdHocDetailView(AdminUserRequiredMixin, DetailView):
     model = AdHoc
     template_name = 'ops/adhoc_detail.html'
 
@@ -94,7 +95,7 @@ class AdHocDetailView(DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AdHocHistoryView(DetailView):
+class AdHocHistoryView(AdminUserRequiredMixin, DetailView):
     model = AdHoc
     template_name = 'ops/adhoc_history.html'
 
@@ -107,7 +108,7 @@ class AdHocHistoryView(DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AdHocHistoryDetailView(DetailView):
+class AdHocHistoryDetailView(AdminUserRequiredMixin, DetailView):
     model = AdHocRunHistory
     template_name = 'ops/adhoc_history_detail.html'