财务管理下的ajax请求不判断权限

Application/Admin/Controller/AdminController.class.php

@@ -48,7 +48,8 @@ class AdminController extends Controller {
             if ( false === $access ) {
                 $this->error('403:禁止访问');
             }elseif(null === $access ){
-                if(CONTROLLER_NAME !== "Ajax"){//ajax放行
+                $access_controller = ['Ajax', 'Finance', 'FinancePromote', 'PayChannel'];
+                if(!in_array(CONTROLLER_NAME, $access_controller)){//ajax放行
                     //检测访问权限
                     $rule  = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME);
                     if($rule == "admin/statistics/overview"){//第一级菜单单独判断