diff --git a/app/Http/Controllers/Api/VerificationController.php b/app/Http/Controllers/Api/VerificationController.php
index af9092a..6ad6919 100644
--- a/app/Http/Controllers/Api/VerificationController.php
+++ b/app/Http/Controllers/Api/VerificationController.php
@@ -17,7 +17,10 @@ class VerificationController extends Controller
 			return $this->error('对不起，你没有核销权限，请联系管理员');
 		}
 
-		$order = Order::query()->find($id);
+		$order = Order::query()->where('agent_id', $this->agent_id)->find($id);
+		if (!$order) {
+			return $this->error('订单不存在或无权限');
+		}
 		if (!in_array($order->status, [2, 3])) {
 			return $this->error('当前订单状态不允许核销');
 		}