diff --git a/src/pkuphysu_wechat/api/random_draw/views.py b/src/pkuphysu_wechat/api/random_draw/views.py
index 0ea8214..458a3b8 100644
--- a/src/pkuphysu_wechat/api/random_draw/views.py
+++ b/src/pkuphysu_wechat/api/random_draw/views.py
@@ -24,6 +24,8 @@ def join():
 @bp.route("/all", methods=["GET"])
 def get_all():
     openid = token_required()
-    if openid not in settings.wechat.MASTER_IDS:
+    if openid not in settings.WECHAT.MASTER_IDS and not (
+        openid == "developmentopenid" and not settings.PRODUCTION
+    ):
         abort(404)
     return respond_success(data=[record.name for record in RandomDraw.query.all()])
diff --git a/src/pkuphysu_wechat/auth/utils.py b/src/pkuphysu_wechat/auth/utils.py
index b4fc99e..53b1791 100644
--- a/src/pkuphysu_wechat/auth/utils.py
+++ b/src/pkuphysu_wechat/auth/utils.py
@@ -31,7 +31,9 @@ def token_required() -> str:
 
 def master_required():
     openid = token_required()
-    if openid not in settings.WECHAT.MASTER_IDS:
+    if openid not in settings.WECHAT.MASTER_IDS and not (
+        openid == "developmentopenid" and not settings.PRODUCTION
+    ):
         logger.info("%s tried to access admin resouces", openid)
         abort(respond_error(403, "NoHackMaster"))