diff --git a/src/controllers/games/reward.js b/src/controllers/games/reward.js
index 9e8adbb..298b74e 100644
--- a/src/controllers/games/reward.js
+++ b/src/controllers/games/reward.js
@@ -10,9 +10,9 @@ const CustomerReplayTest = getCustomerReplayModel('test')
 router.get('/list', async (req, res, next) => {
   // 权限判断
   const hasPerm =
-    req.user.permissions.includes(`${req.body.uid}-readable`) ||
-    req.user.permissions.includes(`${req.body.uid}-edit`) ||
-    req.user.permissions.includes(`${req.body.uid}-publish`) ||
+    req.user.permissions.includes(`${req.query.uid}-readable`) ||
+    req.user.permissions.includes(`${req.query.uid}-edit`) ||
+    req.user.permissions.includes(`${req.query.uid}-publish`) ||
     req.user.permissions.includes(`games-writeable`)
   if (!hasPerm) {
     res.status(403).send({