diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts
index 2ea6b91..fb2d669 100644
--- a/src/interfaces/permission.ts
+++ b/src/interfaces/permission.ts
@@ -42,12 +42,30 @@ class CheckAuth {
       req.headers["api_key"] &&
       req.headers["api_key"] == process.env.API_KEY
     ) {
-      return null;
+      return {
+        root: null,
+        child1: null,
+        child2: null,
+        child3: null,
+        child4: null,
+      };
     }
     return await new CallAPI()
-      .GetData(req, `/org/permission/org/${action}/${system}`)
+      .GetData(req, `/org/permission/org/${system}/${action}`)
       .then(async (x) => {
+        console.log(x);
         let privilege = x.privilege;
+        // if (action.trim().toLocaleUpperCase() == "CREATE")
+        //   privilege = await this.PermissionCreate(req, system);
+        // if (action.trim().toLocaleUpperCase() == "DELETE")
+        //   privilege = await this.PermissionDelete(req, system);
+        // if (action.trim().toLocaleUpperCase() == "GET")
+        //   privilege = await this.PermissionGet(req, system);
+        // if (action.trim().toLocaleUpperCase() == "LIST")
+        //   privilege = await this.PermissionList(req, system);
+        // if (action.trim().toLocaleUpperCase() == "UPDATE")
+        //   privilege = await this.PermissionUpdate(req, system);
+
         let data: any = {
           root: [null],
           child1: [null],
@@ -124,25 +142,19 @@ class CheckAuth {
       return true;
     }
     return await new CallAPI()
-      .GetData(req, `/org/permission/user/${profileId}`)
+      .GetData(req, `/org/permission/user/${system}/${action}/${profileId}`)
       .then(async (x) => {
-        let org = {
-          root: [null],
-          child1: [null],
-          child2: [null],
-          child3: [null],
-          child4: [null],
-        };
-        if (action.trim().toLocaleUpperCase() == "CREATE")
-          org = await this.PermissionOrgCreate(req, system);
-        if (action.trim().toLocaleUpperCase() == "DELETE")
-          org = await this.PermissionOrgDelete(req, system);
-        if (action.trim().toLocaleUpperCase() == "GET")
-          org = await this.PermissionOrgGet(req, system);
-        if (action.trim().toLocaleUpperCase() == "LIST")
-          org = await this.PermissionOrgList(req, system);
-        if (action.trim().toLocaleUpperCase() == "UPDATE")
-          org = await this.PermissionOrgUpdate(req, system);
+        let org = x.org;
+        // if (action.trim().toLocaleUpperCase() == "CREATE")
+        //   org = await this.PermissionOrgCreate(req, system);
+        // if (action.trim().toLocaleUpperCase() == "DELETE")
+        //   org = await this.PermissionOrgDelete(req, system);
+        // if (action.trim().toLocaleUpperCase() == "GET")
+        //   org = await this.PermissionOrgGet(req, system);
+        // if (action.trim().toLocaleUpperCase() == "LIST")
+        //   org = await this.PermissionOrgList(req, system);
+        // if (action.trim().toLocaleUpperCase() == "UPDATE")
+        //   org = await this.PermissionOrgUpdate(req, system);
 
         if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
         if (org.child1 != null)