From e99814461eea4bd0ce4c9287135a02cbe475301e Mon Sep 17 00:00:00 2001
From: liangzai <2440983361@qq.com>
Date: Fri, 25 Apr 2025 11:36:20 +0800
Subject: [PATCH] fix query

---
 .../logic/query/querydetailbyorderidlogic.go        | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/user/cmd/api/internal/logic/query/querydetailbyorderidlogic.go b/app/user/cmd/api/internal/logic/query/querydetailbyorderidlogic.go
index f7e9a44..0f44fbd 100644
--- a/app/user/cmd/api/internal/logic/query/querydetailbyorderidlogic.go
+++ b/app/user/cmd/api/internal/logic/query/querydetailbyorderidlogic.go
@@ -52,10 +52,15 @@ func (l *QueryDetailByOrderIdLogic) QueryDetailByOrderId(req *types.QueryDetailB
 		}
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告查询, 查找报告错误: %v", err)
 	}
-
-	// 安全验证：确保订单属于当前用户
-	if order.UserId != userId {
-		return nil, errors.Wrapf(xerr.NewErrCode(xerr.LOGIC_QUERY_NOT_FOUND), "无权查看此订单报告")
+	user, err := l.svcCtx.UserModel.FindOne(l.ctx, userId)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告查询, 查找用户错误: %v", err)
+	}
+	if user.Inside != 1 {
+		// 安全验证：确保订单属于当前用户
+		if order.UserId != userId {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.LOGIC_QUERY_NOT_FOUND), "无权查看此订单报告")
+		}
 	}
 
 	// 创建渐进式延迟策略实例