权限遗漏

app/middleware/uncheck_tender_check.js

@@ -23,9 +23,10 @@ module.exports = options => {
     return function* uncheckTenderCheck(next) {
         try {
             if (this.tender.data.ledger_status === auditConst.status.uncheck) {
-                if (this.tender.data.user_id !== accountId && this.tender.advanceAuditorsId.indexOf(this.session.sessionUser.accountId) === -1) {
+                if (this.tender.data.user_id !== this.session.sessionUser.accountId
+                    && this.tender.advanceAuditorsId.indexOf(this.session.sessionUser.accountId) === -1) {
                     throw '您无权查看该项目';
-                } else if (this.tender.advanceAuditorsId.indexOf(accountId) !== -1) {
+                } else if (this.tender.advanceAuditorsId.indexOf(this.session.sessionUser.accountId) !== -1) {
                     throw '您无权查看该内容';
                 }
             }