diff --git a/spug_api/apps/account/models.py b/spug_api/apps/account/models.py
index 2a9fb27..36f6615 100644
--- a/spug_api/apps/account/models.py
+++ b/spug_api/apps/account/models.py
@@ -46,14 +46,14 @@ class User(models.Model, ModelMixin):
 
     @property
     def deploy_perms(self):
-        perms = json.loads(self.role.deploy_perms) if self.role.deploy_perms else {}
+        perms = json.loads(self.role.deploy_perms) if self.role and self.role.deploy_perms else {}
         perms.setdefault('apps', [])
         perms.setdefault('envs', [])
         return perms
 
     @property
     def host_perms(self):
-        return json.loads(self.role.host_perms) if self.role.host_perms else []
+        return json.loads(self.role.host_perms) if self.role and self.role.host_perms else []
 
     def has_host_perm(self, host_id):
         if isinstance(host_id, (list, set, tuple)):
diff --git a/spug_api/apps/host/views.py b/spug_api/apps/host/views.py
index 6936882..389e493 100644
--- a/spug_api/apps/host/views.py
+++ b/spug_api/apps/host/views.py
@@ -19,7 +19,7 @@ class HostView(View):
     def get(self, request):
         host_id = request.GET.get('id')
         if host_id:
-            if int(host_id) not in request.user.host_perms:
+            if not request.user.has_host_perm(host_id):
                 return json_response(error='无权访问该主机，请联系管理员')
             return json_response(Host.objects.get(pk=host_id))
         hosts = Host.objects.filter(deleted_by_id__isnull=True)