权限修复

app/service/change.js

@@ -226,20 +226,20 @@ module.exports = app => {
             switch (status) {
                 case 0:// 包含你的所有变更令
                     sql = 'SELECT a.* FROM ?? AS a WHERE a.tid = ? AND ' +
-                        '(a.uid = ? OR (a.status != 1 AND a.cid IN (SELECT b.cid FROM ?? AS b WHERE b.uid = ? AND a.times = b.times GROUP BY b.cid))) ORDER BY a.in_time DESC';
-                    sqlParam = [this.tableName, tenderId, this.ctx.session.sessionUser.accountId,
-                        this.ctx.service.changeAudit.tableName, this.ctx.session.sessionUser.accountId];
+                        '(a.uid = ? OR (a.status != ? AND a.cid IN (SELECT b.cid FROM ?? AS b WHERE b.uid = ? AND a.times = b.times GROUP BY b.cid)) OR a.status = ? ) ORDER BY a.in_time DESC';
+                    sqlParam = [this.tableName, tenderId, this.ctx.session.sessionUser.accountId, audit.flow.status.uncheck,
+                        this.ctx.service.changeAudit.tableName, this.ctx.session.sessionUser.accountId, audit.flow.status.checked];
                     break;
                 case 1:// 待处理(你的)
                     sql = 'SELECT a.* FROM ?? as a WHERE cid in(SELECT b.cid FROM ?? as b WHERE tid = ? AND uid = ? AND status = ?) ORDER BY in_time DESC';
-                    sqlParam = [this.tableName, this.ctx.service.changeAudit.tableName, tenderId, this.ctx.session.sessionUser.accountId, 2];
+                    sqlParam = [this.tableName, this.ctx.service.changeAudit.tableName, tenderId, this.ctx.session.sessionUser.accountId, audit.flow.auditStatus.checking];
                     break;
                 case 5:// 待上报(所有的)PS：取未上报和退回的变更令
                     sql = 'SELECT a.* FROM ?? AS a WHERE ' +
                         'a.cid IN (SELECT b.cid FROM ?? AS b WHERE b.uid = ? GROUP BY b.cid) AND ' +
-                        '(a.status = 1 OR a.status = 5) AND a.tid = ? ORDER BY a.in_time DESC';
+                        '(a.status = ? OR a.status = ?) AND a.tid = ? ORDER BY a.in_time DESC';
                     sqlParam = [this.tableName, this.ctx.service.changeAudit.tableName,
-                        this.ctx.session.sessionUser.accountId, tenderId];
+                        this.ctx.session.sessionUser.accountId, audit.flow.status.uncheck, audit.flow.status.back, tenderId];
                     break;
                 case 2:// 进行中（所有的）
                 case 4:// 终止（所有的）
@@ -290,9 +290,9 @@ module.exports = app => {
                 case 5:// 待上报(所有的)PS：取未上报和退回的变更令
                     const sql2 = 'SELECT count(*) AS count FROM ?? AS a WHERE ' +
                         'a.cid IN (SELECT b.cid FROM ?? AS b WHERE b.uid = ? AND a.times = b.times GROUP BY b.cid) ' +
-                        'AND (a.status = 1 OR a.status = 5) AND a.tid = ?';
+                        'AND (a.status = ? OR a.status = ?) AND a.tid = ?';
                     const sqlParam2 = [this.tableName, this.ctx.service.changeAudit.tableName,
-                        this.ctx.session.sessionUser.accountId, tenderId];
+                        this.ctx.session.sessionUser.accountId, audit.flow.status.uncheck, audit.flow.status.back, tenderId];
                     const result2 = await this.db.query(sql2, sqlParam2);
                     return result2[0].count;
                 case 2:// 进行中（所有的）

app/service/change_audit.js

@@ -99,7 +99,7 @@ module.exports = app => {
             const auditStatusConst = audit.flow.auditStatus;
             const uid = this.ctx.session.sessionUser.accountId;
             const changeAuditInfo = await this.getAllDataByCondition({ where: { cid: change.cid, times: change.times, uid }, orders: [['id', 'desc']], limit: 1, offset: 0 });
-            if (changeAuditInfo === null || changeAuditInfo[0].status === undefined) {
+            if (!change.status === statusConst.checked && (changeAuditInfo === null || changeAuditInfo[0] === undefined)) {
                 // 无权限查看此变更令
                 return 0;
             }