Permission not worked in 17.2.5

Hello:

I update my project to 17.2.5. but there is a permission problem .

C#
public override void UpdateDatabaseAfterUpdateSchema()  
        {  
            base.UpdateDatabaseAfterUpdateSchema();  

            #region Add System Admin  

            XiTong_YongHu userAdmin = ObjectSpace.FindObject<XiTong_YongHu>(new BinaryOperator("UserName", "Admin"));  
            if (userAdmin == null)  
            {  
                userAdmin = ObjectSpace.CreateObject<XiTong_YongHu>();  
                userAdmin.UserName = "Admin";  
                // Set a password if the standard authentication type is used  
                userAdmin.SetPassword("");  
            }  
            // If a role with the Administrators name doesn't exist in the database, create this role  
            XiTong_JueSe adminRole = ObjectSpace.FindObject<XiTong_JueSe>(new BinaryOperator("Name", "Administrators"));  
            if (adminRole == null)  
            {  
                adminRole = ObjectSpace.CreateObject<XiTong_JueSe>();  
                adminRole.Name = "Administrators";  
            }  
            adminRole.IsAdministrative = true;  
            userAdmin.JueSe.Add(adminRole);  

            #endregion  

            #region 添加全局默认角色  

            string defaultRoleName = "Default Role";  
            //添加系统默认角色  
            XiTong_JueSe defaultRole = ObjectSpace.FindObject<XiTong_JueSe>(new BinaryOperator("Name", defaultRoleName));  
            if (defaultRole == null)  
            {  
                defaultRole = ObjectSpace.CreateObject<XiTong_JueSe>();  
                defaultRole.Name = defaultRoleName;  

                defaultRole.AddObjectPermission<XiTong_YongHu>(SecurityOperations.Read, "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);  
                defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);  
                defaultRole.AddMemberPermission<XiTong_YongHu>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);  
                defaultRole.AddMemberPermission<XiTong_YongHu>(SecurityOperations.Write, "StoredPassword", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);  
                defaultRole.AddTypePermissionsRecursively<XiTong_JueSe>(SecurityOperations.Read, SecurityPermissionState.Deny);  
                defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);  

                //允许查看所有用户  
                defaultRole.AddTypePermissionsRecursively<XiTong_YongHu>(SecurityOperations.Read, SecurityPermissionState.Allow);  

                //允许查看部门  
                defaultRole.AddTypePermissionsRecursively<XiTong_ZuZhiJiaGou>(SecurityOperations.Read, SecurityPermissionState.Allow);  

                //允许使用状态机  
                defaultRole.AddTypePermission<Transition>(SecurityOperations.Read, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermission<XpoStateMachine>(SecurityOperations.Read, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermission<State>(SecurityOperations.Read, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermission<XpoStateAppearance>(SecurityOperations.Read, SecurityPermissionState.Allow);  

                //允许上传下载附件  
                defaultRole.AddTypePermission<FileSystemStoreObject>(SecurityOperations.Read, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermission<FileSystemStoreObject>(SecurityOperations.Create, SecurityPermissionState.Allow);  
                defaultRole.AddObjectPermission<FileSystemStoreObject>(SecurityOperations.FullObjectAccess, "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);  

                //审批流程及审批记录  
                defaultRole.AddTypePermission<ShenPi>(SecurityOperations.FullAccess, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermission<ShenPi_LiuCheng>(SecurityOperations.FullAccess, SecurityPermissionState.Allow);  
                defaultRole.AddTypePermission<ShenPi_JiLu>(SecurityOperations.FullAccess, SecurityPermissionState.Allow);  

                //经办工作  
                defaultRole.AddTypePermission<XiTong_JingBanGongZuo>(SecurityOperations.FullAccess, SecurityPermissionState.Allow);  
            }  

            //查找当前权限下的所有数据  
            CriteriaOperator criteriaOperator = CriteriaOperator.Parse($"Role='{defaultRole.Oid}'");  
            IList<PermissionPolicyTypePermissionObject> permissionPolicyTypePermissionObjects =  
                ObjectSpace.GetObjects<PermissionPolicyTypePermissionObject>(criteriaOperator);  
            //实际的类名及数量  
            var exists =  
                permissionPolicyTypePermissionObjects.Where(c => c.TargetType != null)  
                    .Select(c => c.TargetType.ToString())  
                    .Distinct()  
                    .ToList();  
            //项目中删除的类数据库中也要删除  
            var deleted = permissionPolicyTypePermissionObjects.Where(c => c.TargetType == null).ToList();  
            if (deleted.Count > 0)  
                ObjectSpace.Delete(deleted);  
            //获取继承ZiDian的所有子类  
            var nestedZiDian = XafTypesInfo.Instance.FindTypeInfo(typeof(ZiDian)).Descendants.ToList();  
            //如果数据库中不存在，项目中存在，则添加到数据库  
            foreach (ITypeInfo typeInfo in nestedZiDian)  
            {  
                if (!exists.Contains(typeInfo.FullName))  
                    defaultRole.AddTypePermissionsRecursively(typeInfo.Type, SecurityOperations.Read,  
                        SecurityPermissionState.Allow);  
            }  

            #endregion  


            ObjectSpace.CommitChanges(); //This line persists created object(s).  
        }  

Every other permission works fine except DefaultRole.
If I manually add permissions in the default role to other roles, it works correctly.