diff --git a/app/Http/Controllers/Api/FileController.php b/app/Http/Controllers/Api/FileController.php
index ad4eff52a..384be537c 100755
--- a/app/Http/Controllers/Api/FileController.php
+++ b/app/Http/Controllers/Api/FileController.php
@@ -73,6 +73,8 @@ class FileController extends AbstractController
         $id = Request::input('id');
         //
         $permission = 0;
+        $isGuestAccess = false;
+        
         if (Base::isNumber($id)) {
             $user = User::auth();
             $file = File::permissionFind(intval($id), $user, 0, $permission);
@@ -87,6 +89,40 @@ class FileController extends AbstractController
                 }
                 return Base::retError($msg, $data);
             }
+            
+            // 检查游客访问权限
+            $isGuestAccess = true;
+            
+            // 尝试获取当前用户，如果未登录则为null
+            $user = null;
+            $token = Base::token();
+            if ($token) {
+                try {
+                    $user = User::auth();
+                } catch (\Exception $e) {
+                    $user = null;
+                }
+            }
+            
+            // 如果文件不允许游客访问且用户未登录，抛出登录异常
+            if (!$file->guest_access && !$user) {
+                throw new ApiException('请登录后继续...', [], -1);
+            }
+            
+            // 如果用户已登录，检查用户是否有权限访问该文件
+            if ($user) {
+                try {
+                    File::permissionFind($file->id, $user, 0, $permission);
+                } catch (\Exception $e) {
+                    // 如果用户没有权限且文件不允许游客访问，抛出登录异常
+                    if (!$file->guest_access) {
+                        throw new ApiException('请登录后继续...', [], -1);
+                    }
+                    // 否则作为游客访问
+                    $permission = 0;
+                }
+            }
+            
             $fileLink->increment("num");
         } else {
             return Base::retError('参数错误');
@@ -94,6 +130,7 @@ class FileController extends AbstractController
         //
         $array = $file->toArray();
         $array['permission'] = $permission;
+        $array['is_guest_access'] = $isGuestAccess;
         return Base::retSuccess('success', $array);
     }
 
@@ -627,7 +664,7 @@ class FileController extends AbstractController
     /**
      * @api {get} api/file/office/token          10. 获取token
      *
-     * @apiDescription 需要token身份
+     * @apiDescription 用于生成office在线编辑的token
      * @apiVersion 1.0.0
      * @apiGroup file
      * @apiName office__token
@@ -640,8 +677,6 @@ class FileController extends AbstractController
      */
     public function office__token()
     {
-        User::auth();
-        //
         File::isNeedInstallApp('office');
         //
         $config = Request::input('config');
@@ -981,6 +1016,9 @@ class FileController extends AbstractController
      * @apiParam {String} refresh           刷新链接
      * - no: 只获取（默认）
      * - yes: 刷新链接，之前的将失效
+     * @apiParam {String} guest_access      是否允许游客访问
+     * - no: 不允许（默认）
+     * - yes: 允许游客访问
      *
      * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
      * @apiSuccess {String} msg     返回信息（错误描述）
@@ -992,9 +1030,16 @@ class FileController extends AbstractController
         //
         $id = intval(Request::input('id'));
         $refresh = Request::input('refresh', 'no');
+        $guestAccess = Request::input('guest_access', 'no');
         //
         $file = File::permissionFind($id, $user);
+        
+        // 更新文件的游客访问权限
+        $file->guest_access = $guestAccess === 'yes' ? 1 : 0;
+        $file->save();
+        
         $fileLink = $file->getShareLink($user->userid, $refresh == 'yes');
+        $fileLink['guest_access'] = $file->guest_access;
         //
         return Base::retSuccess('success', $fileLink);
     }
diff --git a/database/migrations/2025_09_19_175724_add_guest_access_to_files_table.php b/database/migrations/2025_09_19_175724_add_guest_access_to_files_table.php
new file mode 100644
index 000000000..6858f7172
--- /dev/null
+++ b/database/migrations/2025_09_19_175724_add_guest_access_to_files_table.php
@@ -0,0 +1,42 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddGuestAccessToFilesTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        $isAdd = false;
+        Schema::table('files', function (Blueprint $table) use (&$isAdd) {
+            if (!Schema::hasColumn('files', 'guest_access')) {
+                $table->tinyInteger('guest_access')->nullable()->default(0)->comment('是否允许游客访问')->after('share');
+                $isAdd = true;
+            }
+        });
+        if ($isAdd) {
+            // 更新现有记录的guest_access字段为0（默认不允许游客访问）
+            \DB::table('files')->whereNull('guest_access')->update(['guest_access' => 0]);
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('files', function (Blueprint $table) {
+            if (Schema::hasColumn('files', 'guest_access')) {
+                $table->dropColumn('guest_access');
+            }
+        });
+    }
+}
diff --git a/resources/assets/js/pages/manage/components/FileContent.vue b/resources/assets/js/pages/manage/components/FileContent.vue
index 668acd0f0..9cd528f13 100644
--- a/resources/assets/js/pages/manage/components/FileContent.vue
+++ b/resources/assets/js/pages/manage/components/FileContent.vue
@@ -99,7 +99,19 @@
             :mask-closable="false">
             <div>
                 <div style="margin:-10px 0 8px">{{$L('文件名称')}}: {{linkData.name}}</div>
-                <Input ref="linkInput" v-model="linkData.url" type="textarea" :rows="3" @on-focus="linkFocus" readonly/>
+                <Input ref="linkInput" v-model="linkData.url" type="textarea" :rows="2" @on-focus="linkFocus" readonly/>
+                
+                <!-- 游客访问权限控制 -->
+                <div style="margin:12px 0">
+                    <Checkbox v-model="linkData.guest_access" @on-change="onGuestAccessChange">
+                        {{$L('允许游客访问此链接')}}
+                    </Checkbox>
+                    <div v-if="linkData.guest_access" style="color: #ff9900; margin-top: 6px;">
+                        <Icon type="ios-warning" />
+                        {{$L('警告：任何人都可通过此链接访问文件')}}
+                    </div>
+                </div>
+                
                 <div class="form-tip" style="padding-top:6px">
                     {{$L('可通过此链接浏览文件。')}}
                     <Poptip
@@ -171,7 +183,9 @@ export default {
             loadPreview: true,
 
             linkShow: false,
-            linkData: {},
+            linkData: {
+                guest_access: false  // 默认不允许游客访问
+            },
             linkLoad: 0,
 
             historyShow: false,
@@ -385,7 +399,8 @@ export default {
                 case "link":
                     this.linkData = {
                         id: this.fileId,
-                        name: this.file.name
+                        name: this.file.name,
+                        guest_access: Boolean(this.file.guest_access)  // 从文件对象获取实际的游客访问权限
                     };
                     this.linkShow = true;
                     this.linkGet()
@@ -471,14 +486,26 @@ export default {
                 url: 'file/link',
                 data: {
                     id: this.linkData.id,
-                    refresh: refresh === true ? 'yes' : 'no'
+                    refresh: refresh === true ? 'yes' : 'no',
+                    guest_access: this.linkData.guest_access ? 'yes' : 'no'
                 },
             }).then(({data}) => {
                 this.linkData = Object.assign(data, {
                     id: this.linkData.id,
                     name: this.linkData.name,
+                    guest_access: Boolean(data.guest_access || this.linkData.guest_access)  // 确保是布尔值
                 });
-                this.linkCopy();
+                // 根据不同情况处理
+                if (refresh === true) {
+                    // 刷新链接时复制
+                    this.linkCopy();
+                } else if (refresh === false) {
+                    // 权限修改时只提示成功
+                    $A.messageSuccess('修改成功');
+                } else {
+                    // 首次获取链接时复制
+                    this.linkCopy();
+                }
             }).catch(({msg}) => {
                 this.linkShow = false
                 $A.modalError(msg);
@@ -487,6 +514,13 @@ export default {
             });
         },
 
+        onGuestAccessChange(value) {
+            // 当游客访问权限改变时，需要重新获取链接
+            if (this.linkData.url) {
+                this.linkGet(false);
+            }
+        },
+
         linkCopy() {
             if (!this.linkData.url) {
                 return;
diff --git a/resources/assets/js/pages/manage/file.vue b/resources/assets/js/pages/manage/file.vue
index 629874f3a..cfca5b086 100644
--- a/resources/assets/js/pages/manage/file.vue
+++ b/resources/assets/js/pages/manage/file.vue
@@ -389,7 +389,19 @@
             :mask-closable="false">
             <div>
                 <div style="margin:-10px 0 8px">{{$L('文件名称')}}: {{linkData.name}}</div>
-                <Input ref="linkInput" v-model="linkData.url" type="textarea" :rows="3" @on-focus="linkFocus" readonly/>
+                <Input ref="linkInput" v-model="linkData.url" type="textarea" :rows="2" @on-focus="linkFocus" readonly/>
+                
+                <!-- 游客访问权限控制 -->
+                <div style="margin:12px 0">
+                    <Checkbox v-model="linkData.guest_access" @on-change="onGuestAccessChange">
+                        {{$L('允许游客访问此链接')}}
+                    </Checkbox>
+                    <div v-if="linkData.guest_access" style="color: #ff9900; margin-top: 6px;">
+                        <Icon type="ios-warning" />
+                        {{$L('警告：任何人都可通过此链接访问文件')}}
+                    </div>
+                </div>
+                
                 <div class="form-tip" style="padding-top:6px">
                     {{$L('可通过此链接浏览文件。')}}
                     <Poptip
@@ -530,7 +542,9 @@ export default {
             sendFileId: 0,
 
             linkShow: false,
-            linkData: {},
+            linkData: {
+                guest_access: false  // 默认不允许游客访问
+            },
             linkLoad: 0,
 
             fileShow: false,
@@ -1324,7 +1338,8 @@ export default {
                 case 'link':
                     this.linkData = {
                         id: item.id,
-                        name: item.name
+                        name: item.name,
+                        guest_access: Boolean(item.guest_access)  // 从文件对象获取实际的游客访问权限
                     };
                     this.linkShow = true;
                     this.linkGet()
@@ -1383,14 +1398,26 @@ export default {
                 url: 'file/link',
                 data: {
                     id: this.linkData.id,
-                    refresh: refresh === true ? 'yes' : 'no'
+                    refresh: refresh === true ? 'yes' : 'no',
+                    guest_access: this.linkData.guest_access ? 'yes' : 'no'
                 },
             }).then(({data}) => {
                 this.linkData = Object.assign(data, {
                     id: this.linkData.id,
-                    name: this.linkData.name
+                    name: this.linkData.name,
+                    guest_access: Boolean(data.guest_access || this.linkData.guest_access)  // 确保是布尔值
                 });
-                this.linkCopy();
+                // 根据不同情况处理
+                if (refresh === true) {
+                    // 刷新链接时复制
+                    this.linkCopy();
+                } else if (refresh === false) {
+                    // 权限修改时只提示成功
+                    $A.messageSuccess('修改成功');
+                } else {
+                    // 首次获取链接时复制
+                    this.linkCopy();
+                }
             }).catch(({msg}) => {
                 this.linkShow = false
                 $A.modalError(msg);
@@ -1399,6 +1426,13 @@ export default {
             });
         },
 
+        onGuestAccessChange(value) {
+            // 当游客访问权限改变时，需要重新获取链接
+            if (this.linkData.url) {
+                this.linkGet(false);
+            }
+        },
+
         linkCopy() {
             if (!this.linkData.url) {
                 return;