针对标段权限和添加标段特殊符号bug修复

app/middleware/tender_check.js

@@ -55,11 +55,18 @@ module.exports = options => {
                     const auditors = yield this.service.ledgerAudit.getAuditors(tender.id, times);
                     const auditorsId = this.helper._.map(auditors, 'audit_id');
                     const stageAuditors = yield this.service.stageAudit.getAllAuditors(tender.id);
-                    const stageAUditorsId = this.helper._.map(stageAuditors, 'aid');
+                    const stageAuditorsId = this.helper._.map(stageAuditors, 'aid');
+                    const changeAuditors = yield this.service.changeAudit.getAllAuditors(tender.id);
+                    const changeAuditorsId = this.helper._.map(changeAuditors, 'uid');
+                    const reviseAuditors = yield this.service.reviseAudit.getAllAuditors(tender.id);
+                    const reviseAuditorsId = this.helper._.map(reviseAuditors, 'audit_id');
+                    const materialAuditors = yield this.service.materialAudit.getAllAuditors(tender.id);
+                    const materialAuditorsId = this.helper._.map(materialAuditors, 'aid');
                     const tenderPermission = this.session.sessionUser.permission ? this.session.sessionUser.permission.tender : null;
                     if (auditorsId.indexOf(accountId) === -1 && tender.data.user_id !== accountId &&
                         (tenderPermission === null || tenderPermission === undefined || tenderPermission.indexOf('2') === -1) &&
-                        stageAUditorsId.indexOf(accountId) === -1) {
+                        stageAuditorsId.indexOf(accountId) === -1 && changeAuditorsId.indexOf(accountId) === -1 &&
+                        reviseAuditorsId.indexOf(accountId) === -1 && materialAuditorsId.indexOf(accountId) === -1) {
                         throw '您无权查看该项目';
                     }
                 }

app/public/js/global.js

@@ -673,6 +673,10 @@ function trimInvalidChar(str) {
     return $.trim(str).replace(/\n/g, '').replace(/\r/g, '').replace(/\t/g, '');
 }
 
+function cleanSymbols(str) {
+    return $.trim(str).replace(/\\/g, '').replace(/\'/g, '').replace(/\"/g, '').replace(/\</g, '').replace(/\|/g, '');
+}
+
 jQuery.bootstrapLoading = {
     isLoading: function () {
         return $('#loadingPage').is(':visible');

app/public/js/tender_list.js

@@ -396,7 +396,7 @@ $(document).ready(() => {
     // 新增标段
     $('#add-bd-ok').click(function () {
         const data = {
-            name: $('[name=name]', '#add-bd').val(),
+            name: cleanSymbols($('[name=name]', '#add-bd').val()),
             valuation: $('[name=valuation]:checked').val(),
             category: [],
         };

app/public/js/tender_list_info.js

@@ -452,7 +452,7 @@ $(document).ready(() => {
     // 新增标段
     $('#add-bd-ok').click(function () {
         const data = {
-            name: $('[name=name]', '#add-bd').val(),
+            name: cleanSymbols($('[name=name]', '#add-bd').val()),
             valuation: $('[name=valuation]:checked').val(),
             category: [],
         };

app/public/js/tender_list_manage.js

@@ -412,7 +412,7 @@ $(document).ready(() => {
     // 新增标段
     $('#add-bd-ok').click(function () {
         const data = {
-            name: $('[name=name]', '#add-bd').val(),
+            name: cleanSymbols($('[name=name]', '#add-bd').val()),
             valuation: $('[name=valuation]:checked').val(),
             category: [],
         };
@@ -448,7 +448,7 @@ $(document).ready(() => {
     $('#edit-bd-ok').click(function () {
         const data = {
             id: parseInt($(this).attr('tid')),
-            name: $('[name=name]', '#edit-bd').val(),
+            name: cleanSymbols($('[name=name]', '#edit-bd').val()),
             category: [],
         };
         if (!data.name || data.name === '') {

app/public/js/tender_list_progress.js

@@ -427,7 +427,7 @@ $(document).ready(() => {
     // 新增标段
     $('#add-bd-ok').click(function () {
         const data = {
-            name: $('[name=name]', '#add-bd').val(),
+            name: cleanSymbols($('[name=name]', '#add-bd').val()),
             valuation: $('[name=valuation]:checked').val(),
             category: [],
         };

app/service/change_audit.js

@@ -308,6 +308,15 @@ module.exports = app => {
             const sqlParam = [this.ctx.service.tender.tableName, uid, this.tableName, uid, this.ctx.service.change.tableName, this.tableName, pid, time];
             return await this.db.query(sql, sqlParam);
         }
+
+        async getAllAuditors(tenderId) {
+            const sql = 'SELECT ca.uid, ca.tid FROM ' + this.tableName + ' ca' +
+                '  LEFT JOIN ' + this.ctx.service.tender.tableName + ' t On ca.tid = t.id' +
+                '  WHERE t.id = ?' +
+                '  GROUP BY ca.uid';
+            const sqlParam = [tenderId];
+            return this.db.query(sql, sqlParam);
+        }
     }
 
     return ChangeAudit;

app/service/material_audit.js

@@ -591,6 +591,15 @@ module.exports = app => {
             }
             return auditor;
         }
+
+        async getAllAuditors(tenderId) {
+            const sql = 'SELECT ma.aid, ma.tid FROM ' + this.tableName + ' ma' +
+                '  LEFT JOIN ' + this.ctx.service.tender.tableName + ' t On ma.tid = t.id' +
+                '  WHERE t.id = ?' +
+                '  GROUP BY  ma.aid';
+            const sqlParam = [tenderId];
+            return this.db.query(sql, sqlParam);
+        }
     }
 
     return MaterialAudit;

app/service/revise_audit.js

@@ -455,6 +455,15 @@ module.exports = app => {
             // const sqlParam = [this.tableName, stageId, times];
             // return await this.db.query(sql, sqlParam);
         }
+
+        async getAllAuditors(tenderId) {
+            const sql = 'SELECT ra.audit_id, ra.tender_id FROM ' + this.tableName + ' ra' +
+                '  LEFT JOIN ' + this.ctx.service.tender.tableName + ' t On ra.tender_id = t.id' +
+                '  WHERE t.id = ?' +
+                '  GROUP BY ra.audit_id';
+            const sqlParam = [tenderId];
+            return this.db.query(sql, sqlParam);
+        }
     }
 
     return ReviseAudit;

app/service/tender.js

@@ -126,6 +126,9 @@ module.exports = app => {
                     // 参与审批 台账修订 的标段
                     '    OR (t.`ledger_status` = ' + auditConst.ledger.status.checked + ' AND ' +
                     '        t.id IN ( SELECT ra.`tender_id` FROM ?? AS ra WHERE ra.`audit_id` = ? GROUP BY ra.`tender_id`))' +
+                    // 参与审批 材料调差 的标段
+                    '    OR (t.`ledger_status` = ' + auditConst.ledger.status.checked + ' AND ' +
+                    '        t.id IN ( SELECT ma.`tid` FROM ?? AS ma WHERE ma.`aid` = ? GROUP BY ma.`tid`))' +
                     // 未参与，但可见的标段
                     ') ORDER BY CONVERT(t.`name` USING GBK) ASC';
                 sqlParam = [this.tableName, this.ctx.service.projectAccount.tableName, session.sessionProject.id, session.sessionUser.accountId,
@@ -133,6 +136,7 @@ module.exports = app => {
                     this.ctx.service.stageAudit.tableName, session.sessionUser.accountId,
                     this.ctx.service.changeAudit.tableName, session.sessionUser.accountId,
                     this.ctx.service.reviseAudit.tableName, session.sessionUser.accountId,
+                    this.ctx.service.materialAudit.tableName, session.sessionUser.accountId,
                 ];
             }
             const list = await this.db.query(sql, sqlParam);