update

@@ -129,7 +129,7 @@ class AuditProjectsList(ListAPIView):
 	queryset = Project.objects.all()
 	queryset = Project.objects.all()
 	serializer_class = ProjectSerializer
 	serializer_class = ProjectSerializer
 	pagination_class = MyPageNumberPagination
 	pagination_class = MyPageNumberPagination
-	permission_classes = (IsAuthenticated, IsAdminUser)
+	permission_classes = (IsAuthenticated,)
 
 
 	def get_queryset(self):
 	def get_queryset(self):
 		data = Project.objects.filter(auditor__user_id=self.request.user.id).order_by('is_done')
 		data = Project.objects.filter(auditor__user_id=self.request.user.id).order_by('is_done')
@@ -143,7 +143,7 @@ class AuditProjectsList(ListAPIView):
 class CheckAuth(APIView):
 class CheckAuth(APIView):
 	""" 检查是否有权限进行审批 """
 	""" 检查是否有权限进行审批 """
 	allowed_methods = ('GET',)
 	allowed_methods = ('GET',)
-	permission_classes = (IsAuthenticated, IsAdminUser)
+	permission_classes = (IsAuthenticated, )
 
 
 	@staticmethod
 	@staticmethod
 	def get(request, *args, **kwargs):
 	def get(request, *args, **kwargs):
@@ -153,7 +153,7 @@ class CheckAuth(APIView):
 		if not project_auditor:
 		if not project_auditor:
 			return response(False)
 			return response(False)
 		else:
 		else:
-			auditor_res = Result.objects.filter(
-				auditor__user_id=request.user.id,
-				project__id=kwargs['pk']).values_list('is_accept', flat=True).first()
-			return response(False) if auditor_res else response(True)
+			order = Auditor.objects.filter(user_id=request.user.id).values_list('order', flat=True)
+			audit_result = Result.objects.filter(project_id=kwargs['pk'])[order:1]
+			return response(False) if audit_result.is_accept else response(True)
+