fix: 计量附件-上传权限bug修复

app/controller/stage_controller.js

@@ -159,6 +159,7 @@ module.exports = app => {
                 renderData.jsFiles = this.app.jsFiles.common.concat(this.app.jsFiles.stage.index);
                 renderData.whiteList = this.ctx.app.config.multipart.whitelist;
                 renderData.imType = tenderConst.imType;
+                renderData.curAuditor = ctx.stage.curAuditor;
                 // 获取附件列表
                 const attData = await ctx.service.stageAtt.getDataByTenderIdAndStageId(ctx.tender.id, ctx.params.order);
                 for (const index in attData) {

app/public/js/stage.js

@@ -2609,7 +2609,7 @@ $(document).ready(() => {
                     $('#calc-img').attr('src', updateData.img);
                     $('#view-calc-img').attr('src', updateData.img);
                     $('#show-calc-img').attr('src', updateData.img);
-                    $('#view-calc-remark').text(img_remark);
+                    $('#view-calc-remark').val(img_remark);
 
                     $('#edit-img').modal('hide');
                     // updateImageData = updateData;
@@ -2744,10 +2744,11 @@ $(document).ready(() => {
             $('#view-calc-img').attr('src', calcImgSrc);
 
             const calcImgRemark = data && data.calc_img_remark || '';
-            $('#view-calc-remark').text(calcImgRemark);
+            console.log('calcImgRemark', calcImgRemark, '')
+            $('#view-calc-remark').val(calcImgRemark);
             $("#view-calc-remark").attr('readonly', true);
             // 处理 编辑 -> 添加草图中textarea多余的空格
-            $('#text-edit').text(calcImgRemark)
+            $('#text-edit').val(calcImgRemark)
         }
     }
     class CheckedChange {
@@ -3002,6 +3003,9 @@ $(document).ready(() => {
     });
     // 上传附件
     $('#upload-file-btn').click(function () {
+        if (curAuditor && curAuditor.aid !== parseInt(cur_uid)) {
+            return toastr.error('无法上传图片！');
+        }
         const files = $('#upload-file')[0].files;
         const node = SpreadJsObj.getSelectObject(slSpread.getActiveSheet());
         const formData = new FormData();
@@ -3060,19 +3064,28 @@ $(document).ready(() => {
             // 附件uid等于当前用户id, 附件上传本人
             if (parseInt(cur_uid) === att.uid) {
                 $('#btn-att').show();
-                let showDel = true;
+                let showDel = false;
+                if (!curAuditor) {
+                    stage.status === auditConst.status.checked && parseInt(att.re_upload) && (showDel = true)
+                    stage.status === auditConst.status.checkNo && parseInt(cur_uid) === stage.user_id && (showDel = true)
+                } else {
+                    curAuditor.aid === parseInt(cur_uid) && (showDel = true)
+                }
+                // if (curAuditor && curAuditor.aid !== parseInt(cur_uid)) showDel = false
+                // // 审核完成后再上传的，上传者可删除附件
+                // if (stage.status === auditConst.status.checked && !parseInt(att.re_upload)) showDel = false;
 
-                // 审核完成后再上传的，上传者可删除附件
-                if (stage.status === auditConst.status.checked && !parseInt(att.re_upload)) showDel = false;
+                // // 审核被退回，原报上传的附件可以删除
+                // if (stage.status === auditConst.status.checkNo && parseInt(cur_uid) !== stage.user_id) showDel = false;
 
-                // 审核被退回，原报上传的附件可以删除
-                if (stage.status === auditConst.status.checkNo && parseInt(cur_uid) !== stage.user_id) showDel = false;
+                // // 审核中，原报上传的图片不能删除
+                // if (stage.status === auditConst.status.checking && stage.user_id === parseInt(cur_uid)) showDel = false;
 
-                // 审核中，原报上传的图片不能删除
-                if (stage.status === auditConst.status.checking && stage.user_id === parseInt(cur_uid)) showDel = false;
+                // // 但该阶段不属于该审核人操作的阶段
+                // if (curAuditor.aid !== parseInt(cur_uid)) showDel = false;
 
-                // 台账未上报、当前用户为原报, 可以删除附件
-                if (stage.status === auditConst.status.uncheck && stage.user_id !== parseInt(cur_uid)) showDel = false;
+                // // 台账未上报、当前用户为原报, 可以删除附件
+                // if (stage.status === auditConst.status.uncheck && stage.user_id !== parseInt(cur_uid)) showDel = false;
 
                 if (showDel) $('#btn-att a').eq(3).show();
                 // $('#btn-att a').eq(3).show();

app/service/stage_audit.js

@@ -32,7 +32,7 @@ module.exports = app => {
          * @param {Number} stageId - 期id
          * @param {Number} auditorId - 审核人id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getAuditor(stageId, auditorId, times = 1) {
             const sql = 'SELECT la.`aid`, pa.`name`, pa.`company`, pa.`role`, pa.`mobile`, pa.`telephone`, la.`times`, la.`order`, la.`status`, la.`opinion`, la.`begin_time`, la.`end_time` ' +
@@ -49,7 +49,7 @@ module.exports = app => {
          * @param {Number} stageId - 期id
          * @param {Number} times - 第几次审批
          * @param {Number} order_sort - 列表排序方式
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getAuditors(stageId, times = 1, order_sort = 'asc') {
             const sql = 'SELECT la.`aid`, pa.`name`, pa.`company`, pa.`role`, pa.`mobile`, pa.`telephone`, la.`times`, la.`order`, la.`status`, la.`opinion`, la.`begin_time`, la.`end_time`, g.`sort` ' +
@@ -81,7 +81,7 @@ module.exports = app => {
          * @param {Number} tenderId - 标段id
          * @param {Number} auditorId - 审核人id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getStatusName(stageId) {
             const sql = 'SELECT pa.`name` ' +
@@ -97,7 +97,7 @@ module.exports = app => {
          *
          * @param {Number} stageId - 期id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getCurAuditor(stageId, times = 1) {
             const sql = 'SELECT la.`aid`, pa.`name`, pa.`company`, pa.`role`, pa.`mobile`, pa.`telephone`, la.`times`, la.`order`, la.`status`, la.`opinion`, la.`begin_time`, la.`end_time` ' +
@@ -113,7 +113,7 @@ module.exports = app => {
          *
          * @param {Number} stageId - 期id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<number>}
+         * @return {Promise<number>}
          */
         async getNewOrder(stageId, times = 1) {
             const sql = 'SELECT Max(??) As max_order FROM ?? Where `sid` = ? and `times` = ?';
@@ -128,7 +128,7 @@ module.exports = app => {
          * @param {Number} stageId - 期id
          * @param {Number} auditorId - 审核人id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<number>}
+         * @return {Promise<number>}
          */
         async addAuditor(stageId, auditorId, times = 1) {
             const newOrder = await this.getNewOrder(stageId, times);
@@ -136,7 +136,7 @@ module.exports = app => {
                 tid: this.ctx.tender.id,
                 sid: stageId,
                 aid: auditorId,
-                times: times,
+                times,
                 order: newOrder,
                 status: auditConst.status.uncheck,
             };
@@ -150,14 +150,14 @@ module.exports = app => {
          * @param {Number} stageId - 标段id
          * @param {Number} auditorId - 审核人id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          * @private
          */
         async _syncOrderByDelete(transaction, stageId, order, times) {
             this.initSqlBuilder();
             this.sqlBuilder.setAndWhere('sid', {
                 value: stageId,
-                operate: '='
+                operate: '=',
             });
             this.sqlBuilder.setAndWhere('order', {
                 value: order,
@@ -183,12 +183,12 @@ module.exports = app => {
          * @param {Number} stageId - 期id
          * @param {Number} auditorId - 审核人id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<boolean>}
+         * @return {Promise<boolean>}
          */
         async deleteAuditor(stageId, auditorId, times = 1) {
             const transaction = await this.db.beginTransaction();
             try {
-                const condition = {sid: stageId, aid: auditorId, times: times};
+                const condition = { sid: stageId, aid: auditorId, times };
                 const auditor = await this.getDataByCondition(condition);
                 if (!auditor) {
                     throw '该审核人不存在';
@@ -196,7 +196,7 @@ module.exports = app => {
                 await this._syncOrderByDelete(transaction, stageId, auditor.order, times);
                 await transaction.delete(this.tableName, condition);
                 await transaction.commit();
-            } catch(err) {
+            } catch (err) {
                 await transaction.rollback();
                 throw err;
             }
@@ -208,7 +208,7 @@ module.exports = app => {
          *
          * @param {Number} stageId - 期id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<boolean>}
+         * @return {Promise<boolean>}
          */
         async start(stageId, times = 1) {
             const audit = await this.getDataByCondition({ sid: stageId, times, order: 1 });
@@ -278,20 +278,20 @@ module.exports = app => {
         async _checked(stageId, checkData, times) {
             const time = new Date();
             // 整理当前流程审核人状态更新
-            const audit = await this.getDataByCondition({sid: stageId, times: times, status: auditConst.status.checking});
+            const audit = await this.getDataByCondition({ sid: stageId, times, status: auditConst.status.checking });
             if (!audit) {
                 throw '审核数据错误';
             }
-            const nextAudit = await this.getDataByCondition({sid: stageId, times: times, order: audit.order + 1});
+            const nextAudit = await this.getDataByCondition({ sid: stageId, times, order: audit.order + 1 });
             const tpData = await this.ctx.service.stageBills.getSumTotalPrice(this.ctx.stage);
 
             const transaction = await this.db.beginTransaction();
             try {
-                await transaction.update(this.tableName, {id: audit.id, status: checkData.checkType, opinion: checkData.opinion, end_time: time});
+                await transaction.update(this.tableName, { id: audit.id, status: checkData.checkType, opinion: checkData.opinion, end_time: time });
                 // 计算并合同支付最终数据
                 const [yfPay, sfPay] = await this.ctx.service.stagePay.calcAllStagePays(this.ctx.stage, transaction);
                 this.ctx.stage.tp_history.push({
-                    times: times, order: audit.order,
+                    times, order: audit.order,
                     contract_tp: tpData.contract_tp,
                     qc_tp: tpData.qc_tp,
                     yf_tp: yfPay.tp,
@@ -305,7 +305,7 @@ module.exports = app => {
                     await this.ctx.service.stageBonus.updateHistory(this.ctx.stage, transaction);
                     await this.ctx.service.stageOther.updateHistory(this.ctx.stage, transaction);
                     // 流程至下一审批人
-                    await transaction.update(this.tableName, {id: nextAudit.id, status: auditConst.status.checking, begin_time: time});
+                    await transaction.update(this.tableName, { id: nextAudit.id, status: auditConst.status.checking, begin_time: time });
                     // 同步 期信息
                     await transaction.update(this.ctx.service.stage.tableName, {
                         id: stageId, status: auditConst.status.checking,
@@ -399,7 +399,7 @@ module.exports = app => {
         async _checkNo(stageId, checkData, times) {
             const time = new Date();
             // 整理当前流程审核人状态更新
-            const audit = await this.getDataByCondition({sid: stageId, times: times, status: auditConst.status.checking});
+            const audit = await this.getDataByCondition({ sid: stageId, times, status: auditConst.status.checking });
             if (!audit) {
                 throw '审核数据错误';
             }
@@ -420,13 +420,13 @@ module.exports = app => {
                 // 计算并合同支付最终数据
                 const [yfPay, sfPay] = await this.ctx.service.stagePay.calcAllStagePays(this.ctx.stage, transaction);
                 this.ctx.stage.tp_history.push({
-                    times: times, order: audit.order,
+                    times, order: audit.order,
                     contract_tp: tpData.contract_tp,
                     qc_tp: tpData.qc_tp,
                     yf_tp: yfPay.tp,
                     sf_tp: sfPay.tp,
                 });
-                await transaction.update(this.tableName, {id: audit.id, status: checkData.checkType, opinion: checkData.opinion, end_time: time});
+                await transaction.update(this.tableName, { id: audit.id, status: checkData.checkType, opinion: checkData.opinion, end_time: time });
                 // 同步 期信息
                 await transaction.update(this.ctx.service.stage.tableName, {
                     id: stageId, status: checkData.checkType,
@@ -508,7 +508,7 @@ module.exports = app => {
                 // 计算并合同支付最终数据
                 const [yfPay, sfPay] = await this.ctx.service.stagePay.calcAllStagePays(this.ctx.stage, transaction);
                 this.ctx.stage.tp_history.push({
-                    times: times, order: audit.order,
+                    times, order: audit.order,
                     contract_tp: tpData.contract_tp,
                     qc_tp: tpData.qc_tp,
                     yf_tp: yfPay.tp,
@@ -519,18 +519,18 @@ module.exports = app => {
                     id: stageId,
                     contract_tp: tpData.contract_tp,
                     qc_tp: tpData.qc_tp,
-                    times: times,
+                    times,
                     yf_tp: yfPay.tp,
                     sf_tp: sfPay.tp,
                     tp_history: JSON.stringify(this.ctx.stage.tp_history),
                     cache_time_r: this.ctx.stage.cache_time_l,
                 });
-                await transaction.update(this.tableName, {id: audit.id, status: checkData.checkType, opinion: checkData.opinion, end_time: time});
+                await transaction.update(this.tableName, { id: audit.id, status: checkData.checkType, opinion: checkData.opinion, end_time: time });
                 // 顺移气候审核人流程顺序
                 this.initSqlBuilder();
-                this.sqlBuilder.setAndWhere('sid', { value: this.ctx.stage.id, operate: '=', });
-                this.sqlBuilder.setAndWhere('order', { value: audit.order, operate: '>', });
-                this.sqlBuilder.setUpdateData('order', { value: 2, selfOperate: '+', });
+                this.sqlBuilder.setAndWhere('sid', { value: this.ctx.stage.id, operate: '=' });
+                this.sqlBuilder.setAndWhere('order', { value: audit.order, operate: '>' });
+                this.sqlBuilder.setUpdateData('order', { value: 2, selfOperate: '+' });
                 const [sql, sqlParam] = this.sqlBuilder.build(this.tableName, 'update');
                 const data = await transaction.query(sql, sqlParam);
                 // 上一审批人,当前审批人 再次添加至流程
@@ -593,7 +593,7 @@ module.exports = app => {
          * @param {Number} stageId - 标段id
          * @param {auditConst.status.checked|auditConst.status.checkNo} checkType - 审批结果
          * @param {Number} times - 第几次审批
-         * @returns {Promise<void>}
+         * @return {Promise<void>}
          */
         async check(stageId, checkData, times = 1) {
             if (checkData.checkType !== auditConst.status.checked && checkData.checkType !== auditConst.status.checkNo && checkData.checkType !== auditConst.status.checkNoPre) {
@@ -604,7 +604,7 @@ module.exports = app => {
             // if (!audit) {
             //     throw '审核数据错误';
             // }
-            //const time = new Date();
+            // const time = new Date();
 
             switch (checkData.checkType) {
                 case auditConst.status.checked:
@@ -739,7 +739,7 @@ module.exports = app => {
          * 审批
          * @param {Number} stageId - 标段id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<void>}
+         * @return {Promise<void>}
          */
         async checkAgain(stageId, times = 1) {
             const time = new Date();
@@ -812,7 +812,7 @@ module.exports = app => {
          * 获取审核人需要审核的期列表
          *
          * @param auditorId
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getAuditStage(auditorId) {
             const sql = 'SELECT sa.`aid`, sa.`times`, sa.`order`, sa.`begin_time`, sa.`end_time`, sa.`tid`, sa.`sid`,' +
@@ -830,7 +830,7 @@ module.exports = app => {
          * @param {Number} pid - 查询标段
          * @param {Number} uid - 查询人
          * @param {Date} time - 查询时间
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getNoticeStage(pid, uid, time) {
             const sql = 'SELECT * FROM (SELECT t.`name`, t.`project_id`, t.`type`, t.`user_id`, ' +
@@ -853,7 +853,7 @@ module.exports = app => {
          * 获取审核人流程列表
          *
          * @param auditorId
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getAuditGroupByList(stageId, times) {
             const sql = 'SELECT la.`aid`, pa.`name`, pa.`company`, pa.`role`, la.`times`, la.`sid`, la.`aid`, la.`order` ' +
@@ -870,7 +870,7 @@ module.exports = app => {
          * 获取审核人流程列表
          *
          * @param auditorId
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getAuditGroupByListWithOwner(stageId, times) {
             const result = await this.getAuditGroupByList(stageId, times);
@@ -891,7 +891,7 @@ module.exports = app => {
          * @param transaction - 新增一期的事务
          * @param {Object} preStage - 上一期
          * @param {Object} newStage - 最新一期
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async copyPreStageAuditors(transaction, preStage, newStage) {
             const auditors = await this.getAuditGroupByList(preStage.id, preStage.times);
@@ -903,7 +903,7 @@ module.exports = app => {
                     aid: a.aid,
                     times: newStage.times,
                     order: newAuditors.length + 1,
-                    status: auditConst.status.uncheck
+                    status: auditConst.status.uncheck,
                 };
                 newAuditors.push(na);
             }
@@ -969,7 +969,7 @@ module.exports = app => {
          * 取待审批期列表(wap用)
          *
          * @param auditorId
-         * @returns {Promise<*>}
+         * @return {Promise<*>}
          */
         async getAuditStageByWap(auditorId) {
             const sql = 'SELECT sa.`aid`, sa.`times`, sa.`begin_time`, sa.`end_time`, sa.`tid`, sa.`sid`,' +
@@ -988,7 +988,7 @@ module.exports = app => {
          * 删除本次审批流程
          * @param {Number} stageId - 标段id
          * @param {Number} times - 第几次审批
-         * @returns {Promise<void>}
+         * @return {Promise<void>}
          */
         async timesDelete() {
             const transaction = await this.db.beginTransaction();

app/view/stage/index.ejs

@@ -587,6 +587,7 @@
     const ckColSetting = 'stage-col-visible-1.0.3-<%- tender.id %>';
     const auditConst = JSON.parse('<%- JSON.stringify(auditConst) %>');
     const cur_uid = '<%- ctx.session.sessionUser.accountId %>';
+    const curAuditor = JSON.parse('<%- JSON.stringify(curAuditor) %>');
 </script>
 <% if (ctx.stage.status === auditConst.status.uncheck && ctx.session.sessionUser.accountId === ctx.stage.user_id) {%>
 <script>