From 22123c2fd052c3978383bfb3387294fa57e1346e Mon Sep 17 00:00:00 2001
From: air <30444667+sszdot@users.noreply.github.com>
Date: Wed, 24 Sep 2025 14:01:02 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90=E7=B1=BB=20=20=E5=9E=8B=E3=80=91?=
 =?UTF-8?q?=EF=BC=9A=20=E3=80=90=E5=8E=9F=20=20=E5=9B=A0=E3=80=91=EF=BC=9A?=
 =?UTF-8?q?=20=E3=80=90=E8=BF=87=20=20=E7=A8=8B=E3=80=91=EF=BC=9A=20?=
 =?UTF-8?q?=E3=80=90=E5=BD=B1=20=20=E5=93=8D=E3=80=91=EF=BC=9A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 FlyCube/MpApi/Controller/PlaneController.class.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/FlyCube/MpApi/Controller/PlaneController.class.php b/FlyCube/MpApi/Controller/PlaneController.class.php
index b12d836..e532fc9 100644
--- a/FlyCube/MpApi/Controller/PlaneController.class.php
+++ b/FlyCube/MpApi/Controller/PlaneController.class.php
@@ -149,15 +149,14 @@ class PlaneController extends PublicController
 	 */
 	public function getAirList()
 	{
-		$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
-
+		// 权限判断
+		if (!$this->isPower()) {
+			$where['a.shop_id'] = $this->tokenShop_id;
+		}
 		$airDb = D('airplane_register'); // 飞机表
 
 		$prefix = C('DB_PREFIX'); // 获取表前缀
 
-		$where = [];
-
-		$where['a.shop_id'] = $_REQUEST['shop_id'];
 		$where['a.del'] = '0';
 
 		// 需要的字段，带表别名