投资进度权限问题

app/controller/sub_proj_setting_controller.js

@@ -636,7 +636,7 @@ module.exports = app => {
                             t.permission = await ctx.service.tenderTourist.getTouristPermission(t);
                         }
                         responseData.data.tourists = tourists;
-                        responseData.data.scheduleAuditList = ctx.session.sessionProject.page_show.xxjd ? await ctx.service.scheduleAudit.getAllDataByCondition({ where: { tid: tender.id } }) : [];
+                        responseData.data.scheduleAuditList = ctx.subProject.page_show.xxjd ? await ctx.service.scheduleAudit.getAllDataByCondition({ where: { tid: tender.id } }) : [];
                         responseData.data.contractAuditList = ctx.subProject.page_show.openContract ? await ctx.service.contractAudit.getList({ tid: tender.id }) : [];
                         responseData.data.constructionAuditList = ctx.subProject.page_show.openConstruction ? await ctx.service.constructionAudit.getList(tender.id) : [];
                         break;

app/controller/tender_controller.js

@@ -628,7 +628,7 @@ module.exports = app => {
                     renderData.accountList = accountList;
                     renderData.accountGroup = accountGroupList;
                 }
-                if (ctx.session.sessionProject.page_show.xxjd && ctx.session.sessionUser.is_admin) {
+                if (ctx.subProject.page_show.xxjd && ctx.session.sessionUser.is_admin) {
                     // 投资进度内容
                     renderData.scheduleAuditList = await ctx.service.scheduleAudit.getAllDataByCondition({ where: { tid: tender.id } });
                     renderData.scPermission = scheduleConst.permission;

app/middleware/tender_check.js

@@ -87,6 +87,7 @@ module.exports = options => {
             const changePlanAuditorsId = this.helper._.map(changePlanAuditors, 'aid');
             const tenderPermission = this.session.sessionUser.permission ? this.session.sessionUser.permission.tender : null;
             const isTenderTourist = yield this.service.tenderTourist.getDataByCondition({ tid: tender.id, user_id: accountId });
+            const scheduleUser = subProject.page_show.xxjd ? yield this.service.scheduleAudit.getDataByCondition({ tid: tender.id, audit_id: this.session.sessionUser.accountId }) : [];
             // 判断访问人是否具有游客身份
             tender.isTourist = isTenderTourist !== null;
             // 游客权限
@@ -98,7 +99,8 @@ module.exports = options => {
                 reviseAuditorsId.indexOf(accountId) === -1 && materialAuditorsId.indexOf(accountId) === -1 &&
                 changeProjectAuditorsId.indexOf(accountId) === -1 && changeProjectXsAuditorsId.indexOf(accountId) === -1 &&
                 changeApplyAuditorsId.indexOf(accountId) === -1 && changePlanAuditorsId.indexOf(accountId) === -1 &&
-                advanceAuditorsId.indexOf(accountId) === -1 && !this.session.sessionUser.is_admin && !isTenderTourist) {
+                advanceAuditorsId.indexOf(accountId) === -1 && !this.session.sessionUser.is_admin && !isTenderTourist &&
+                (!scheduleUser || scheduleUser.permission === scPermission.no)) {
                 throw '您无权查看该项目';
             }
 
@@ -113,7 +115,6 @@ module.exports = options => {
             if (this.session.sessionUser.accountId === tender.data.user_id) {
                 schedule_permission = scPermission.edit;
             } else {
-                const scheduleUser = yield this.service.scheduleAudit.getDataByCondition({ tid: tender.id, audit_id: this.session.sessionUser.accountId });
                 if (scheduleUser) {
                     if (tender.isTourist && scheduleUser.permission === scPermission.no) {
                         schedule_permission = scPermission.show;

app/service/tender.js

@@ -123,6 +123,7 @@ module.exports = app => {
                     '        t.id IN ( SELECT cpla.`tid` FROM ' + this.ctx.service.changePlanAudit.tableName + ' AS cpla WHERE cpla.`aid` = ' + session.sessionUser.accountId + ' GROUP BY cpla.`tid`))' : '';
                 const changeProjectXsSql = this.ctx.subProject.page_show.openChangeProject ? '    OR (t.`ledger_status` = ' + auditConst.ledger.status.checked + ' AND ' +
                     '        t.id IN ( SELECT cpxa.`tid` FROM ' + this.ctx.service.changeProjectXsAudit.tableName + ' AS cpxa WHERE cpxa.`aid` = ' + session.sessionUser.accountId + ' GROUP BY cpxa.`tid`))' : '';
+                const xxjdSql = this.ctx.subProject.page_show.xxjd ? '    OR (t.id IN ( SELECT xxjd.`tid` FROM ' + this.ctx.service.scheduleAudit.tableName + ' AS xxjd WHERE xxjd.`permission` != 0 AND xxjd.`audit_id` = ' + session.sessionUser.accountId + ' GROUP BY xxjd.`tid`))' : '';
                 sql = 'SELECT t.`id`, t.`project_id`, t.`name`, t.`status`, t.`category`, t.`ledger_times`, t.`ledger_status`, t.`measure_type`, t.`user_id`, t.`create_time`, t.`total_price`, t.`deal_tp`,' +
                     '    pa.`name` As `user_name`, pa.`role` As `user_role`, pa.`company` As `user_company` ' +
                     // '  FROM ?? As t, ?? As pa ' +
@@ -160,7 +161,7 @@ module.exports = app => {
                     // 参与审批 预付款 的标段
                     '    OR (t.id IN ( SELECT ad.`tid` FROM ?? AS ad WHERE ad.`audit_id` = ? GROUP BY ad.`tid`))' +
                     // 参与审批 变更立项书及变更申请 的标段
-                    changeProjectSql + changeApplySql + changePlanSql + changeProjectXsSql +
+                    changeProjectSql + changeApplySql + changePlanSql + changeProjectXsSql + xxjdSql +
                     // 游客权限的标段
                     '    OR (t.id IN ( SELECT tt.`tid` FROM ?? AS tt WHERE tt.`user_id` = ?))' +
                     // 未参与，但可见的标段

app/view/sp_setting/manage.ejs

@@ -1,4 +1,4 @@
-<% include ../setting/sub_menu.ejs %>
+<% include ../sp_setting/sub_menu.ejs %>
 <div class="panel-content">
     <div class="panel-title fluid">
         <div class="title-main d-flex justify-content-between">
@@ -20,7 +20,7 @@
                 <nav class="nav nav-tabs m-3" role="tablist">
                     <a class="nav-item nav-link active" data-toggle="tab" href="#splc" role="tab">审批流程</a>
                     <a class="nav-item nav-link" data-toggle="tab" href="#guest" role="tab">游客账号</a>
-                    <% if (ctx.session.sessionProject.page_show.xxjd) { %>
+                    <% if (ctx.subProject.page_show.xxjd) { %>
                     <a class="nav-item nav-link" data-toggle="tab" href="#tzpro" role="tab">投资进度</a>
                     <% } %>
                     <% if (ctx.subProject.page_show.openContract) { %>
@@ -94,7 +94,7 @@
                             </table>
                         </div>
                     </div>
-                    <% if (ctx.session.sessionProject.page_show.xxjd) { %>
+                    <% if (ctx.subProject.page_show.xxjd) { %>
                     <!--投资进度 -->
                     <div id="tzpro" class="tab-pane">
                         <div class="col-8" style="max-width: 800px">

app/view/sp_setting/user_modal.ejs

@@ -40,10 +40,10 @@
                         <%- pb.name %>
                         <% if (pb.hint) { %>
                         <div class="btn-group">
-                            <a href="" data-toggle="dropdown" title="权限说明" aria-expanded="false"><i class="fa fa-question-circle"></i></a>
+                            <a href="javascript:void(0);" data-toggle="dropdown" title="权限说明" aria-expanded="false"><i class="fa fa-question-circle"></i></a>
                             <div class="dropdown-menu bg-dark" style="will-change: transform;">
                                 <% for (const i of pb.hint) { %>
-                                <a class="dropdown-item text-light" href="javascript: void(0)"><%- i %></a>
+                                <div class="dropdown-item text-light bg-dark"><%- i %></div>
                                 <% } %>
                             </div>
                         </div>
@@ -97,4 +97,4 @@
             </div>
         </div>
     </div>
-</div>
+</div>

app/view/tender/detail.ejs

@@ -64,7 +64,7 @@
                             管理员
                         </a>
                         <div class="dropdown-menu" aria-labelledby="dropdownMenuLink">
-                            <% if (ctx.session.sessionProject.page_show !== null && parseInt(ctx.session.sessionProject.page_show.xxjd) === 1) { %>
+                            <% if (ctx.subProject.page_show !== null && parseInt(ctx.subProject.page_show.xxjd) === 1) { %>
                                 <a href="#xxjd-set" data-toggle="modal" data-target="#xxjd-set" class="dropdown-item">投资进度</a>
                             <% } %>
                             <a href="/tender/<%- tender.id %>/shenpi" class="dropdown-item">审批流程</a>

app/view/tender/detail_modal.ejs

@@ -3016,7 +3016,7 @@
         })
     </script>
 <% } %>
-<% if (ctx.session.sessionProject.page_show.xxjd && ctx.session.sessionUser.is_admin) { %>
+<% if (ctx.subProject.page_show.xxjd && ctx.session.sessionUser.is_admin) { %>
     <!--标段设置-投资进度-->
     <div class="modal fade" id="xxjd-set" data-backdrop="static">
         <div class="modal-dialog" role="document">

app/view/tender/tender_sub_menu.ejs

@@ -61,7 +61,7 @@
             </ul>
         </div>
         <% } %>
-        <% if (ctx.session.sessionProject.page_show.xxjd && (ctx.tender.schedule_permission !== 0 || ctx.tender.isTourist)) { %>
+        <% if (ctx.subProject.page_show.xxjd && (ctx.tender.schedule_permission !== 0 || ctx.tender.isTourist)) { %>
         <div class="nav-box">
             <h3><i class="fa fa-bar-chart fa-fw"></i> 投资进度</h3>
             <ul class="nav-list list-unstyled sub-list">

app/view/tender/tender_sub_mini_menu.ejs

@@ -48,14 +48,14 @@
                 </ul>
             <% } %>
         </div>
-        <% if (ctx.session.sessionProject.page_show.openMaterial) { %>
+        <% if (ctx.subProject.page_show.openMaterial) { %>
         <div class="nav-box">
             <ul class="nav-list list-unstyled">
                 <li <% if (ctx.url === '/tender/' + ctx.tender.id + '/measure/material') { %>class="active"<% } %>><a href="/tender/<%- ctx.tender.id %>/measure/material" class="h3"><i class="fa fa-line-chart fa-fw"></i> <span>材料调差</span></a></li>
             </ul>
         </div>
         <% } %>
-        <% if (ctx.session.sessionProject.page_show.xxjd && (ctx.tender.schedule_permission !== 0 || ctx.tender.isTourist)) { %>
+        <% if (ctx.subProject.page_show.xxjd && (ctx.tender.schedule_permission !== 0 || ctx.tender.isTourist)) { %>
             <div class="nav-box">
                 <h3><i class="fa fa-bar-chart fa-fw"></i> 投资进度</h3>
                 <ul class="nav-list list-unstyled sub-list">