diff --git a/controllers/enforcer.go b/controllers/enforcer.go
index b98e305f..9b9e98a2 100644
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -24,6 +24,7 @@ import (
 func (c *ApiController) Enforce() {
 	permissionId := c.Input().Get("permissionId")
 	modelId := c.Input().Get("modelId")
+	resourceId := c.Input().Get("resourceId")
 
 	var request object.CasbinRequest
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
@@ -35,17 +36,24 @@ func (c *ApiController) Enforce() {
 	if permissionId != "" {
 		c.Data["json"] = object.Enforce(permissionId, &request)
 		c.ServeJSON()
-	} else {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions := object.GetPermissionsByModel(owner, modelName)
-
-		res := []bool{}
-		for _, permission := range permissions {
-			res = append(res, object.Enforce(permission.GetId(), &request))
-		}
-		c.Data["json"] = res
-		c.ServeJSON()
+		return
 	}
+
+	permissions := make([]*object.Permission, 0)
+	res := []bool{}
+
+	if modelId != "" {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions = object.GetPermissionsByModel(owner, modelName)
+	} else {
+		permissions = object.GetPermissionsByResource(resourceId)
+	}
+
+	for _, permission := range permissions {
+		res = append(res, object.Enforce(permission.GetId(), &request))
+	}
+	c.Data["json"] = res
+	c.ServeJSON()
 }
 
 func (c *ApiController) BatchEnforce() {
diff --git a/object/permission.go b/object/permission.go
index 4a4290ad..cf5e268e 100644
--- a/object/permission.go
+++ b/object/permission.go
@@ -235,6 +235,16 @@ func GetPermissionsByRole(roleId string) []*Permission {
 	return permissions
 }
 
+func GetPermissionsByResource(resourceId string) []*Permission {
+	permissions := []*Permission{}
+	err := adapter.Engine.Where("resources like ?", "%"+resourceId+"\"%").Find(&permissions)
+	if err != nil {
+		panic(err)
+	}
+
+	return permissions
+}
+
 func GetPermissionsBySubmitter(owner string, submitter string) []*Permission {
 	permissions := []*Permission{}
 	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Submitter: submitter})