diff --git a/hesabixCore/src/Controller/Plugins/TaxSettingsController.php b/hesabixCore/src/Controller/Plugins/TaxSettingsController.php
index c000d99..e533de7 100644
--- a/hesabixCore/src/Controller/Plugins/TaxSettingsController.php
+++ b/hesabixCore/src/Controller/Plugins/TaxSettingsController.php
@@ -7,6 +7,8 @@
 
 namespace App\Controller\Plugins;
 
+use App\Entity\Business;
+use App\Entity\Permission;
 use App\Service\Access;
 use App\Service\Extractor;
 use App\Service\Log;
@@ -42,16 +44,41 @@ class TaxSettingsController extends AbstractController
 
         $businessId = is_object($acc['bid']) ? $acc['bid']->getId() : $acc['bid'];
         $user = $this->getUser();
-        $userId = $user instanceof \App\Entity\User ? $user->getId() : null;
 
-        $repo = $em->getRepository(PluginTaxsettingsKey::class);
-        $entity = $repo->findOneBy(['business_id' => $businessId, 'user_id' => $userId]);
+        $perm = $em->getRepository(Permission::class)->findOneBy([
+            'bid' => $businessId,
+            'user' => $user
+        ]);
 
-        $settings = [
-            'taxMemoryId' => $entity ? $entity->getTaxMemoryId() : '',
-            'economicCode' => $entity ? $entity->getEconomicCode() : '',
-            'privateKey' => $entity ? $entity->getPrivateKey() : '',
-        ];
+        $business = $em->getRepository(Business::class)->find($businessId);
+
+        if ($business->getOwner() == $user) {
+            $repo = $em->getRepository(PluginTaxsettingsKey::class);
+            $entity = $repo->findOneBy(['business_id' => $businessId]);
+    
+            $settings = [
+                'taxMemoryId' => $entity ? $entity->getTaxMemoryId() : '',
+                'economicCode' => $entity ? $entity->getEconomicCode() : '',
+                'privateKey' => $entity ? $entity->getPrivateKey() : '',
+            ];
+        } else { 
+            if (!$perm || !$perm->isPlugTaxSettings()) {
+                return $this->json([
+                    'success' => false,
+                    'message' => 'شما دسترسی لازم را ندارید.'
+                ]);
+            }
+    
+            $repo = $em->getRepository(PluginTaxsettingsKey::class);
+            $entity = $repo->findOneBy(['business_id' => $businessId]);
+    
+            $settings = [
+                'taxMemoryId' => $entity ? $entity->getTaxMemoryId() : '',
+                'economicCode' => $entity ? $entity->getEconomicCode() : '',
+                'privateKey' => $entity ? $entity->getPrivateKey() : '',
+            ];
+        }
+        
 
         return $this->json($settings);
     }