diff --git a/app/controllers/admin/object_auths_new_interface_controller.rb b/app/controllers/admin/object_auths_new_interface_controller.rb
index 427ec722..6c33ff71 100644
--- a/app/controllers/admin/object_auths_new_interface_controller.rb
+++ b/app/controllers/admin/object_auths_new_interface_controller.rb
@@ -1,4 +1,4 @@
-class Admin::ObjectAuthsNewInterfaceController < ApplicationController
+class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
   include OrbitCoreLib::PermissionUnility
   layout "new_admin"
   before_filter :force_order
@@ -33,8 +33,9 @@ class Admin::ObjectAuthsNewInterfaceController < ApplicationController
 
   protected
   def update_setting_by_params
+    user_sat = []
     oa = ObjectAuth.find params[:ob_auth][:id]
-    user_sat = User.find params[:users].keys
+    user_sat += User.find params[:users].keys if params.has_key? :users
     users_to_new = user_sat - oa.auth_users
     users_to_remove = oa.auth_users - user_sat
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 494b497e..ae63e824 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -8,6 +8,10 @@ class ApplicationController < ActionController::Base
   helper :all
   before_filter :set_locale, :set_site
 
+  def set_current_user
+    User.current = current_user
+  end
+
   def front_end_available(module_app_title='')
     app_controller = ModuleApp.first(conditions: {:key => module_app_title} )
     unless app_controller.enable_frontend? 
diff --git a/app/controllers/orbit_backend_controller.rb b/app/controllers/orbit_backend_controller.rb
index a03a1f6c..a8d3a2e8 100644
--- a/app/controllers/orbit_backend_controller.rb
+++ b/app/controllers/orbit_backend_controller.rb
@@ -10,6 +10,7 @@ class OrbitBackendController< ApplicationController
   
   def setup_vars
     @app_title = request.fullpath.split('/')[2]
+    @app_title = request.fullpath.split('/')[1] if(@app_title == "back_end") 
     @module_app = ModuleApp.first(conditions: {:key => @app_title} )
   end
 
diff --git a/app/helpers/admin/page_content_helper.rb b/app/helpers/admin/page_content_helper.rb
new file mode 100644
index 00000000..9f2b22e0
--- /dev/null
+++ b/app/helpers/admin/page_content_helper.rb
@@ -0,0 +1,18 @@
+module Admin::PageContentHelper
+include ActionView::Helpers::UrlHelper
+
+  
+  def show_page_context_edit_auth_link(page_context)
+    type = 'Edit'
+# debugger
+#     a=1
+    oa = page_context.get_object_auth_by_title(type)
+    if oa.nil?
+      page_context.object_auths.new(title: type ).save rescue
+      oa = page_context.get_object_auth_by_title(type)
+    end
+#    link_to t('announcement.bulletin.cate_auth'), edit_admin_object_auth_path(oa)
+     link_to t('admin.page_context.ob_auth.edit'),admin_object_auth_ob_auth_path(oa)
+  end
+
+end
\ No newline at end of file
diff --git a/app/models/ad_banner.rb b/app/models/ad_banner.rb
index 39112960..e1013c2f 100644
--- a/app/models/ad_banner.rb
+++ b/app/models/ad_banner.rb
@@ -1,4 +1,5 @@
 class AdBanner
+  include OrbitCoreLib::ObjectAuthable
   include Mongoid::Document
   include Mongoid::Timestamps
   include Mongoid::MultiParameterAttributes
@@ -14,6 +15,15 @@ class AdBanner
   
   FX_TYPES = ["blindX","blindY","blindZ","cover","curtainX","curtainY","fade","fadeZoom","growX","growY","scrollUp","scrollDown","scrollLeft","scrollRight","scrollHorz","scrollVert","shuffle","slideX","slideY","toss","turnUp","turnDown","turnLeft","turnRight","uncover","wipe","zoom"]
 attr_writer :transition_sec
+
+  AfterObjectAuthUrl = '/panel/page_content/back_end/page_contexts'
+  APP_NAME = 'ad_banners'
+  ObjectAuthTitlesOptions = %W{edit}
+  
+  def pp_object
+    title
+  end
+
   def transition_sec
     self.transition_msec/1000 rescue nil
   end
diff --git a/app/models/object_auth.rb b/app/models/object_auth.rb
index ae3fd701..d1c1c673 100644
--- a/app/models/object_auth.rb
+++ b/app/models/object_auth.rb
@@ -2,6 +2,7 @@ class ObjectAuth  < PrototypeAuth
   include OrbitCoreLib::ObjectTokenUnility
   validates_uniqueness_of :title ,:scope => [:obj_authable_type,:obj_authable_id]  #{ |c| }
   belongs_to :obj_authable, polymorphic: true
+  after_save :check_user_has_app_auth
   # > - Something.find_with_auth(query)
   # > - or Something.find(query).auth
   def auth_obj
@@ -9,4 +10,15 @@ class ObjectAuth  < PrototypeAuth
     class_obj.find self.obj_authable_id
   end
 
+  def check_user_has_app_auth
+    sub_managing_users = auth_obj.app_auth.sub_managing_users
+    app_auth =  auth_obj.app_auth
+    self.auth_users.each do |auth_user|
+      if !sub_managing_users.include? auth_user && !auth_user.admin?
+         app_auth.assign_sub_manager(auth_user,User.current)
+         app_auth.save!
+      end
+    end
+  end
+
 end
\ No newline at end of file
diff --git a/app/models/user/user.rb b/app/models/user/user.rb
index d74a543b..2a2dbd86 100644
--- a/app/models/user/user.rb
+++ b/app/models/user/user.rb
@@ -20,6 +20,14 @@ class User
   belongs_to :role
   has_and_belongs_to_many :sub_roles
   accepts_nested_attributes_for :attribute_values, :allow_destroy => true
+
+  def self.current
+    Thread.current[:user]
+  end
+
+  def self.current=(user)
+     Thread.current[:user] = user
+  end
   
   def avb_apps
     sub_role_ids_ary=self.sub_roles.collect{|t| t.id}
diff --git a/app/views/admin/object_auths_new_interface/setting.html.erb b/app/views/admin/object_auths_new_interface/setting.html.erb
index ae5096ba..f5d17370 100644
--- a/app/views/admin/object_auths_new_interface/setting.html.erb
+++ b/app/views/admin/object_auths_new_interface/setting.html.erb
@@ -27,7 +27,7 @@
 <div class="clear">
 <%= content_tag :div do -%>
 	<% form_tag admin_object_auth_ob_auth_path  do %>
-		<%#= render :partial => "privilege_user", :locals => {:users => @users_array} %>
+		<%= render :partial => "privilege_user", :locals => {:users => @users_array} %>
 	<div class="form-actions form-fixed pagination-right">
 	<%= submit_tag "Update", :class => 'btn btn-primary' %>
 	</div>
diff --git a/config/locales/zh_tw.yml b/config/locales/zh_tw.yml
index 29721630..e871de00 100644
--- a/config/locales/zh_tw.yml
+++ b/config/locales/zh_tw.yml
@@ -199,6 +199,10 @@ zh_tw:
     options: 選項
     orig_upload_file: 原上傳檔名
     page: 頁面管理
+    page_context:
+      edit: 編輯
+      ob_auth:
+        edit: 分類授權
     position: 位置
     published?: 發布?
     purchase: 購買
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
index 281654a7..a6c9917f 100644
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@@ -19,6 +19,10 @@ module  OrbitCoreLib
         
     end
     
+    def app_auth
+       ModuleApp.first(conditions: {:title => self.class::APP_NAME} )
+    end
+
     def pp_object
       "Object Auth method 'pp_object' need to be defined for class #{self.class}"
     end
@@ -67,6 +71,7 @@ module  OrbitCoreLib
   module PermissionUnility
   private
     def check_permission(type = :use)
+      setup_vars
       permission_grant =  current_user.admin?? true : false
       module_app = @module_app.nil?? find_module_app_by_token(params[:token]) : @module_app
       unless permission_grant
diff --git a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
index 955d5f18..ff0e0a9c 100644
--- a/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
+++ b/vendor/built_in_modules/announcement/app/models/bulletin_category.rb
@@ -10,7 +10,7 @@ class BulletinCategory
   # include Mongoid::MultiParameterAttributes
   
   PAYMENT_TYPES = [ "List", "Picture" ]
-  
+  APP_NAME = 'Announcement'
   field :key
   field :display
   
diff --git a/vendor/built_in_modules/news/app/models/news_bulletin_category.rb b/vendor/built_in_modules/news/app/models/news_bulletin_category.rb
index b3dd7bc4..a9997b99 100644
--- a/vendor/built_in_modules/news/app/models/news_bulletin_category.rb
+++ b/vendor/built_in_modules/news/app/models/news_bulletin_category.rb
@@ -10,7 +10,8 @@ class NewsBulletinCategory
   # include Mongoid::MultiParameterAttributes
   
   PAYMENT_TYPES = [ "List", "Picture" ]
-  
+  APP_NAME = 'news'
+
   field :key
   field :display
   
diff --git a/vendor/built_in_modules/page_content/app/controllers/panel/page_content/back_end/page_contexts_controller.rb b/vendor/built_in_modules/page_content/app/controllers/panel/page_content/back_end/page_contexts_controller.rb
index 6ae315fb..809bfbb3 100644
--- a/vendor/built_in_modules/page_content/app/controllers/panel/page_content/back_end/page_contexts_controller.rb
+++ b/vendor/built_in_modules/page_content/app/controllers/panel/page_content/back_end/page_contexts_controller.rb
@@ -1,7 +1,8 @@
 class Panel::PageContent::BackEnd::PageContextsController < OrbitBackendController
-  
-  before_filter :authenticate_user!
-  before_filter :is_admin?
+  before_filter :for_app_manager,:except => [:index,:edit,:update,:view,:show] 
+  before_filter :for_app_sub_manager,:only => [:edit,:update,:view,:show]
+   :authenticate_user!
+  #before_filter :is_admin?
 
   def index
 	
diff --git a/vendor/built_in_modules/page_content/app/models/page_context.rb b/vendor/built_in_modules/page_content/app/models/page_context.rb
index 5c096711..dfbfd4a9 100644
--- a/vendor/built_in_modules/page_content/app/models/page_context.rb
+++ b/vendor/built_in_modules/page_content/app/models/page_context.rb
@@ -4,7 +4,9 @@ class PageContext
   include Mongoid::Document
   include Mongoid::Timestamps
   include Mongoid::MultiParameterAttributes
-  
+
+  include OrbitCoreLib::ObjectAuthable
+
   
   has_one :context, :class_name => "I18nVariable", :as => :language_value, :autosave => true, :dependent => :destroy
 
@@ -17,6 +19,14 @@ class PageContext
   
   belongs_to :page
 
+  AfterObjectAuthUrl = '/panel/page_content/back_end/page_contexts'
+  APP_NAME = 'page_content'
+  ObjectAuthTitlesOptions = %W{Edit}
+  
+  def pp_object
+    page.i18n_variable[I18n.locale]
+  end
+
   def is_top?
     self.is_top
   end
diff --git a/vendor/built_in_modules/page_content/app/views/panel/page_content/back_end/page_contexts/_page_context.html.erb b/vendor/built_in_modules/page_content/app/views/panel/page_content/back_end/page_contexts/_page_context.html.erb
index 08db9b2d..564f8ab5 100644
--- a/vendor/built_in_modules/page_content/app/views/panel/page_content/back_end/page_contexts/_page_context.html.erb
+++ b/vendor/built_in_modules/page_content/app/views/panel/page_content/back_end/page_contexts/_page_context.html.erb
@@ -4,11 +4,20 @@
 					<%= page_context.page.i18n_variable[I18n.locale] %>
 					<div class="quick-edit">
 						<ul class="nav nav-pills hide">
-							<li><%= link_to t('page_context.edit'), edit_panel_page_content_back_end_page_context_path(page_context) %></li>
+							<%if is_manager? || is_admin? ||  page_context.authed_users(:edit).include?(current_user)%>
+							<li><%= link_to t('admin.page_context.edit'), edit_panel_page_content_back_end_page_context_path(page_context) %></li>
+							<%if (is_manager? || is_admin?) %>
+								<li><%=show_page_context_edit_auth_link page_context%></li>
+							<% end%>
+							<% end -%>
 						</ul>
 					</div>
 				</td>
-				<td><%= link_to page_context.version, panel_page_content_back_end_view_path(page_context.page_id) %></td>
+				<td>
+					<%if is_manager? || is_admin? ||  page_context.authed_users(:edit).include?(current_user)%>
+						<%= link_to page_context.version, panel_page_content_back_end_view_path(page_context.page_id) %>
+					<%end -%>
+				</td>
 				<td><%= page_context.updated_at.strftime("%Y-%m-%d %H:%I:%S") %></td>
 				<td><%= User.find(page_context.create_user_id).name %></td>
 			</tr>
\ No newline at end of file