动态投资、资料归集，检查子项目与项目是否匹配

app/middleware/budget_check.js

@@ -27,6 +27,8 @@ module.exports = options => {
             if (!id) throw '参数错误';
             this.budget = yield this.service.budget.getCurBudget(id);
             if (!this.budget) throw '项目不存在';
+            if (this.budget.pid !== this.session.sessionProject.id) throw '您无权查看该项目';
+
             const subProj = yield this.service.subProject.getDataByCondition({ budget_id: this.budget.id });
             if (subProj) this.budget.name = subProj.name || '';
             if (this.session.sessionUser.is_admin) {

app/middleware/sub_project_check.js

@@ -27,6 +27,8 @@ module.exports = options => {
             if (!id) throw '参数错误';
 
             this.subProject = yield this.service.subProject.getDataById(id);
+            if (this.subProject.project_id !== this.session.sessionProject.id) throw '您无权查看该项目';
+
             if (!this.subProject) throw '项目不存在';
 
             if (this.session.sessionUser.is_admin) {