From 2ba64227d0e585c8f3ecb3fae13bfbb5a45b7a10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BE=90=E6=B6=9B?= <midnite@outlook.com>
Date: Thu, 22 Sep 2022 21:03:28 +0800
Subject: [PATCH] =?UTF-8?q?enhance(fee):=E6=94=BE=E5=BC=80=E8=B4=B9?=
 =?UTF-8?q?=E7=94=A8=E6=A3=80=E7=B4=A2=E7=9A=84=E6=9D=83=E9=99=90=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controller/maintenance_fee.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/controller/maintenance_fee.go b/controller/maintenance_fee.go
index 7732b0a..c420d0e 100644
--- a/controller/maintenance_fee.go
+++ b/controller/maintenance_fee.go
@@ -15,7 +15,7 @@ import (
 )
 
 func InitializeMaintenanceFeeController(router *gin.Engine) {
-	router.GET("/maintenance/fee", security.EnterpriseAuthorize, listMaintenanceFees)
+	router.GET("/maintenance/fee", security.MustAuthenticated, listMaintenanceFees)
 	router.POST("/maintenance/fee", security.EnterpriseAuthorize, createMaintenanceFeeRecord)
 	router.PUT("/maintenance/fee/:mid", security.EnterpriseAuthorize, modifyMaintenanceFeeRecord)
 	router.PUT("/maintenance/fee/:mid/enabled", security.EnterpriseAuthorize, changeMaintenanceFeeState)
@@ -56,8 +56,11 @@ func listMaintenanceFees(c *gin.Context) {
 		return
 	}
 	if len(requestPark) > 0 {
-		if !ensureParkBelongs(c, result, requestPark) {
-			return
+		if userSession.Type == model.USER_TYPE_ENT {
+			if !ensureParkBelongs(c, result, requestPark) {
+				result.Unauthorized("只能访问属于自己的园区。")
+				return
+			}
 		}
 		fees, total, err := service.MaintenanceFeeService.ListMaintenanceFees([]string{requestPark}, requestPeriod, requestPage)
 		if err != nil {